@augmenting-integrations/auth 4.1.2 → 4.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +73 -0
- package/dist/index.d.ts.map +1 -0
- package/package.json +1 -1
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
import { type DefaultSession, type Session } from "next-auth";
|
|
2
|
+
declare module "next-auth" {
|
|
3
|
+
interface Session {
|
|
4
|
+
user: {
|
|
5
|
+
groups: string[];
|
|
6
|
+
role: string;
|
|
7
|
+
} & DefaultSession["user"];
|
|
8
|
+
}
|
|
9
|
+
interface User {
|
|
10
|
+
role?: string;
|
|
11
|
+
groups?: string[];
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
export type CreateAuthOptions = {
|
|
15
|
+
/** Path prefixes that require an authenticated session. */
|
|
16
|
+
authedRoutePrefixes: string[];
|
|
17
|
+
/**
|
|
18
|
+
* Page to redirect to when an unauthed user hits a gated route.
|
|
19
|
+
* If omitted, derived automatically from appDomain + allowedParentDomain:
|
|
20
|
+
* apex app gets `/login`; subdomain apps get `https://<apex>/login`.
|
|
21
|
+
*/
|
|
22
|
+
signInPage?: string;
|
|
23
|
+
/**
|
|
24
|
+
* Cookie Domain attribute. In subdomain ecosystems, set to the parent
|
|
25
|
+
* (e.g. `.agency.aillc.link`). Default: process.env.AUTH_COOKIE_DOMAIN.
|
|
26
|
+
* In dev (NODE_ENV !== "production") this is ignored — cookies stay
|
|
27
|
+
* host-only so per-port localhost apps don't collide.
|
|
28
|
+
*/
|
|
29
|
+
cookieDomain?: string;
|
|
30
|
+
/**
|
|
31
|
+
* The parent domain that all subdomain apps share (e.g.
|
|
32
|
+
* `.agency.aillc.link`). The redirect callback uses this to allow
|
|
33
|
+
* post-login redirects back to any subdomain of the parent (apex or
|
|
34
|
+
* `<sub>.agency.aillc.link`). Default: process.env.AUTH_ALLOWED_PARENT_DOMAIN.
|
|
35
|
+
*/
|
|
36
|
+
allowedParentDomain?: string;
|
|
37
|
+
/**
|
|
38
|
+
* This app's full FQDN (e.g. `agency.aillc.link` for the apex app, or
|
|
39
|
+
* `leads.agency.aillc.link` for a subdomain app). Used to derive the
|
|
40
|
+
* default signInPage. Default: process.env.APP_DOMAIN.
|
|
41
|
+
*/
|
|
42
|
+
appDomain?: string;
|
|
43
|
+
/** Override prod/dev detection. Default reads NODE_ENV. */
|
|
44
|
+
isProd?: boolean;
|
|
45
|
+
/**
|
|
46
|
+
* The JWT signing secret. Default: process.env.AUTH_SECRET.
|
|
47
|
+
* In prod, pass this from a runtime fetch (Secrets Manager) to keep the
|
|
48
|
+
* secret out of Lambda env vars and to support rotation without redeploy.
|
|
49
|
+
*/
|
|
50
|
+
secret?: string;
|
|
51
|
+
cognito?: {
|
|
52
|
+
clientId?: string;
|
|
53
|
+
clientSecret?: string;
|
|
54
|
+
issuer?: string;
|
|
55
|
+
};
|
|
56
|
+
};
|
|
57
|
+
export declare class AuthError extends Error {
|
|
58
|
+
code: "unauthenticated" | "forbidden";
|
|
59
|
+
constructor(code: "unauthenticated" | "forbidden");
|
|
60
|
+
}
|
|
61
|
+
/** Returns the user's Cognito groups (always an array, possibly empty). */
|
|
62
|
+
export declare function getUserGroups(session: Session | null | undefined): string[];
|
|
63
|
+
/** Case-insensitive group membership check. */
|
|
64
|
+
export declare function hasGroup(session: Session | null | undefined, name: string): boolean;
|
|
65
|
+
/**
|
|
66
|
+
* Throws AuthError if no session (`unauthenticated`) or if the user is in
|
|
67
|
+
* none of the provided groups (`forbidden`). Pass multiple names to allow
|
|
68
|
+
* any-of.
|
|
69
|
+
*/
|
|
70
|
+
export declare function requireGroup(session: Session | null | undefined, ...names: string[]): void;
|
|
71
|
+
export declare function createAuth(opts: CreateAuthOptions): import("next-auth").NextAuthResult;
|
|
72
|
+
export type { NextAuthConfig } from "next-auth";
|
|
73
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAkBA,OAAiB,EACf,KAAK,cAAc,EAEnB,KAAK,OAAO,EACb,MAAM,WAAW,CAAC;AAInB,OAAO,QAAQ,WAAW,CAAC;IACzB,UAAU,OAAO;QACf,IAAI,EAAE;YACJ,MAAM,EAAE,MAAM,EAAE,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;SACd,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;KAC5B;IACD,UAAU,IAAI;QACZ,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB;CACF;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,2DAA2D;IAC3D,mBAAmB,EAAE,MAAM,EAAE,CAAC;IAC9B;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;OAKG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2DAA2D;IAC3D,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAIF,qBAAa,SAAU,SAAQ,KAAK;IACf,IAAI,EAAE,iBAAiB,GAAG,WAAW;gBAArC,IAAI,EAAE,iBAAiB,GAAG,WAAW;CAIzD;AAID,2EAA2E;AAC3E,wBAAgB,aAAa,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,EAAE,CAE3E;AAED,+CAA+C;AAC/C,wBAAgB,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAInF;AAED;;;;GAIG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,EACnC,GAAG,KAAK,EAAE,MAAM,EAAE,GACjB,IAAI,CAKN;AAyFD,wBAAgB,UAAU,CAAC,IAAI,EAAE,iBAAiB,sCAkIjD;AAED,YAAY,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@augmenting-integrations/auth",
|
|
3
|
-
"version": "4.1.
|
|
3
|
+
"version": "4.1.3",
|
|
4
4
|
"description": "Auth.js v5 factory: Cognito in prod, Credentials role-picker in dev. Same JWT shape (sub, email, cognito:groups) regardless of provider.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"publishConfig": {
|