@classic-homes/auth 0.1.49 → 0.1.50
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.svelte-JXZ7XEE5.js +3 -0
- package/dist/{chunk-DCGC6CNV.js → chunk-EM7PUNZB.js} +28 -1
- package/dist/{chunk-XSQYERC6.js → chunk-GOKAXJJS.js} +3 -3
- package/dist/{chunk-YTMFXVJR.js → chunk-RKHRCHOI.js} +3 -3
- package/dist/{chunk-DSNTNK6T.js → chunk-TUFSFAAI.js} +2 -2
- package/dist/{chunk-ES4UOD62.js → chunk-U5E4T4NS.js} +37 -22
- package/dist/core/index.d.ts +7 -6
- package/dist/core/index.js +3 -3
- package/dist/index.d.ts +2 -2
- package/dist/index.js +5 -5
- package/dist/svelte/index.d.ts +4 -4
- package/dist/svelte/index.js +5 -5
- package/dist/testing/index.d.ts +1 -1
- package/dist/testing/index.js +1 -1
- package/dist/{types-Ct5g1Nbj.d.ts → types-CKcLRCI_.d.ts} +16 -0
- package/dist/{user-utils-BtLu_jhF.d.ts → user-utils-Bi3-FHxY.d.ts} +1 -1
- package/package.json +2 -1
- package/dist/auth.svelte-DTSHZMJ4.js +0 -3
|
@@ -44,6 +44,33 @@ function getFetch() {
|
|
|
44
44
|
const cfg = getConfig();
|
|
45
45
|
return cfg.fetch ?? fetch;
|
|
46
46
|
}
|
|
47
|
+
function isValidRedirectUrl(url) {
|
|
48
|
+
const cfg = getConfig();
|
|
49
|
+
try {
|
|
50
|
+
const parsed = new URL(url);
|
|
51
|
+
if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
|
|
52
|
+
return false;
|
|
53
|
+
}
|
|
54
|
+
if (cfg.allowedRedirectOrigins && cfg.allowedRedirectOrigins.length > 0) {
|
|
55
|
+
return cfg.allowedRedirectOrigins.some((origin) => {
|
|
56
|
+
try {
|
|
57
|
+
const allowedOrigin = new URL(origin);
|
|
58
|
+
return parsed.origin === allowedOrigin.origin;
|
|
59
|
+
} catch {
|
|
60
|
+
return false;
|
|
61
|
+
}
|
|
62
|
+
});
|
|
63
|
+
}
|
|
64
|
+
try {
|
|
65
|
+
const baseOrigin = new URL(cfg.baseUrl);
|
|
66
|
+
return parsed.origin === baseOrigin.origin;
|
|
67
|
+
} catch {
|
|
68
|
+
return false;
|
|
69
|
+
}
|
|
70
|
+
} catch {
|
|
71
|
+
return !url.includes("://") && !url.startsWith("//");
|
|
72
|
+
}
|
|
73
|
+
}
|
|
47
74
|
|
|
48
75
|
// src/core/jwt.ts
|
|
49
76
|
function decodeJWT(token) {
|
|
@@ -95,4 +122,4 @@ function extractClaims(token, claims) {
|
|
|
95
122
|
return result;
|
|
96
123
|
}
|
|
97
124
|
|
|
98
|
-
export { decodeJWT, extractClaims, getConfig, getDefaultStorage, getFetch, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isInitialized, isTokenExpired, resetConfig };
|
|
125
|
+
export { decodeJWT, extractClaims, getConfig, getDefaultStorage, getFetch, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isInitialized, isTokenExpired, isValidRedirectUrl, resetConfig };
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { authApi } from './chunk-
|
|
1
|
+
import { authApi } from './chunk-U5E4T4NS.js';
|
|
2
2
|
|
|
3
3
|
// src/core/guards.ts
|
|
4
4
|
function isMfaChallengeResponse(response) {
|
|
@@ -60,7 +60,7 @@ var AuthService = class {
|
|
|
60
60
|
}
|
|
61
61
|
if (options?.autoSetAuth !== false && !isMfaChallengeResponse(response)) {
|
|
62
62
|
try {
|
|
63
|
-
const { authStore } = await import('./auth.svelte-
|
|
63
|
+
const { authStore } = await import('./auth.svelte-JXZ7XEE5.js');
|
|
64
64
|
authStore.setAuth(
|
|
65
65
|
response.accessToken,
|
|
66
66
|
response.refreshToken,
|
|
@@ -246,7 +246,7 @@ var AuthService = class {
|
|
|
246
246
|
}
|
|
247
247
|
if (options?.autoSetAuth !== false) {
|
|
248
248
|
try {
|
|
249
|
-
const { authStore } = await import('./auth.svelte-
|
|
249
|
+
const { authStore } = await import('./auth.svelte-JXZ7XEE5.js');
|
|
250
250
|
authStore.setAuth(
|
|
251
251
|
response.accessToken,
|
|
252
252
|
response.refreshToken,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { authService } from './chunk-
|
|
2
|
-
import { authStore, currentUser, isAuthenticated, authActions } from './chunk-
|
|
3
|
-
import { isInitialized, initAuth } from './chunk-
|
|
1
|
+
import { authService } from './chunk-GOKAXJJS.js';
|
|
2
|
+
import { authStore, currentUser, isAuthenticated, authActions } from './chunk-TUFSFAAI.js';
|
|
3
|
+
import { isInitialized, initAuth } from './chunk-EM7PUNZB.js';
|
|
4
4
|
|
|
5
5
|
// src/svelte/guards/auth-guard.ts
|
|
6
6
|
function checkAuth(options = {}) {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { authApi } from './chunk-
|
|
2
|
-
import { decodeJWT, isInitialized, getConfig, getStorage, getDefaultStorage } from './chunk-
|
|
1
|
+
import { authApi } from './chunk-U5E4T4NS.js';
|
|
2
|
+
import { decodeJWT, isInitialized, getConfig, getStorage, getDefaultStorage } from './chunk-EM7PUNZB.js';
|
|
3
3
|
|
|
4
4
|
// src/svelte/stores/auth.svelte.ts
|
|
5
5
|
function getStorageKey() {
|
|
@@ -1,10 +1,14 @@
|
|
|
1
|
-
import { getConfig, getStorage, getFetch } from './chunk-
|
|
1
|
+
import { getConfig, getStorage, getFetch, isValidRedirectUrl } from './chunk-EM7PUNZB.js';
|
|
2
2
|
|
|
3
3
|
// src/core/client.ts
|
|
4
4
|
var isRefreshing = false;
|
|
5
5
|
var refreshSubscribers = [];
|
|
6
6
|
function subscribeTokenRefresh(cb) {
|
|
7
7
|
refreshSubscribers.push(cb);
|
|
8
|
+
return () => {
|
|
9
|
+
const idx = refreshSubscribers.indexOf(cb);
|
|
10
|
+
if (idx > -1) refreshSubscribers.splice(idx, 1);
|
|
11
|
+
};
|
|
8
12
|
}
|
|
9
13
|
function onTokenRefreshed(token) {
|
|
10
14
|
refreshSubscribers.forEach((cb) => cb(token));
|
|
@@ -58,7 +62,7 @@ function updateStoredTokens(accessToken, refreshToken) {
|
|
|
58
62
|
parsed.accessToken = accessToken;
|
|
59
63
|
parsed.refreshToken = refreshToken;
|
|
60
64
|
storage.setItem(storageKey, JSON.stringify(parsed));
|
|
61
|
-
import('./auth.svelte-
|
|
65
|
+
import('./auth.svelte-JXZ7XEE5.js').then(({ authStore }) => {
|
|
62
66
|
authStore.updateTokens(accessToken, refreshToken);
|
|
63
67
|
}).catch(() => {
|
|
64
68
|
});
|
|
@@ -168,13 +172,15 @@ async function apiRequest(endpoint, options = {}) {
|
|
|
168
172
|
const REFRESH_TIMEOUT_MS = 3e4;
|
|
169
173
|
return new Promise((resolve, reject) => {
|
|
170
174
|
let settled = false;
|
|
175
|
+
let unsubscribe = null;
|
|
171
176
|
const timeoutId = setTimeout(() => {
|
|
172
177
|
if (!settled) {
|
|
173
178
|
settled = true;
|
|
179
|
+
unsubscribe?.();
|
|
174
180
|
reject(new Error("Token refresh timed out. Please sign in again."));
|
|
175
181
|
}
|
|
176
182
|
}, REFRESH_TIMEOUT_MS);
|
|
177
|
-
subscribeTokenRefresh(() => {
|
|
183
|
+
unsubscribe = subscribeTokenRefresh(() => {
|
|
178
184
|
if (!settled) {
|
|
179
185
|
settled = true;
|
|
180
186
|
clearTimeout(timeoutId);
|
|
@@ -320,11 +326,18 @@ var authApi = {
|
|
|
320
326
|
* Initiate SSO login by redirecting to the SSO provider.
|
|
321
327
|
* @param options.callbackUrl - The URL where the SSO provider should redirect after auth
|
|
322
328
|
* @param options.redirectUrl - The final URL to redirect to after processing the callback
|
|
329
|
+
* @throws Error if redirectUrl or callbackUrl fail validation
|
|
323
330
|
*/
|
|
324
331
|
initiateSSOLogin(options) {
|
|
325
332
|
if (typeof window === "undefined") return;
|
|
326
333
|
const config = getConfig();
|
|
327
334
|
const authorizeUrl = config.sso?.authorizeUrl ?? `${config.baseUrl}/auth/sso/authorize`;
|
|
335
|
+
if (options?.callbackUrl && !isValidRedirectUrl(options.callbackUrl)) {
|
|
336
|
+
throw new Error("Invalid callback URL: URL is not in the list of allowed redirect origins");
|
|
337
|
+
}
|
|
338
|
+
if (options?.redirectUrl && !isValidRedirectUrl(options.redirectUrl)) {
|
|
339
|
+
throw new Error("Invalid redirect URL: URL is not in the list of allowed redirect origins");
|
|
340
|
+
}
|
|
328
341
|
const params = new URLSearchParams();
|
|
329
342
|
if (options?.callbackUrl) {
|
|
330
343
|
params.set("callback", options.callbackUrl);
|
|
@@ -599,10 +612,10 @@ var authApi = {
|
|
|
599
612
|
await api.delete("/auth/sso/unlink", true, void 0, { provider, password });
|
|
600
613
|
},
|
|
601
614
|
/**
|
|
602
|
-
* Link an SSO account
|
|
615
|
+
* Link an SSO account.
|
|
603
616
|
*
|
|
604
|
-
*
|
|
605
|
-
*
|
|
617
|
+
* Initiates the SSO linking flow by making an authenticated API call.
|
|
618
|
+
* The server returns an authorization URL to redirect the user to.
|
|
606
619
|
*/
|
|
607
620
|
async linkSSOAccount(provider = "authentik") {
|
|
608
621
|
if (typeof window === "undefined") return;
|
|
@@ -611,22 +624,24 @@ var authApi = {
|
|
|
611
624
|
throw new Error("Not authenticated");
|
|
612
625
|
}
|
|
613
626
|
const config = getConfig();
|
|
614
|
-
const
|
|
615
|
-
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
627
|
+
const fetchFn = config.fetch ?? fetch;
|
|
628
|
+
const response = await fetchFn(`${config.baseUrl}/auth/sso/link`, {
|
|
629
|
+
method: "POST",
|
|
630
|
+
headers: {
|
|
631
|
+
"Content-Type": "application/json",
|
|
632
|
+
Authorization: `Bearer ${accessToken}`
|
|
633
|
+
},
|
|
634
|
+
body: JSON.stringify({ provider })
|
|
635
|
+
});
|
|
636
|
+
if (!response.ok) {
|
|
637
|
+
const error = await response.json().catch(() => ({ message: "Failed to link SSO account" }));
|
|
638
|
+
throw new Error(error.error?.message || error.message || "Failed to link SSO account");
|
|
639
|
+
}
|
|
640
|
+
const result = await response.json();
|
|
641
|
+
const authorizationUrl = extractData(result).authorizationUrl;
|
|
642
|
+
if (authorizationUrl) {
|
|
643
|
+
window.location.href = authorizationUrl;
|
|
644
|
+
}
|
|
630
645
|
},
|
|
631
646
|
// ============================================================================
|
|
632
647
|
// Security Events
|
package/dist/core/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { L as LoginCredentials, h as LoginResponse, j as LogoutResponse, R as RegisterData, k as RegisterResponse, U as User, u as ProfileUpdateData, v as ChangePasswordData, l as Session, m as ApiKey, C as CreateApiKeyRequest, n as CreateApiKeyResponse, o as MFAStatus, M as MFASetupResponse, p as MFAChallengeData, D as Device, q as UserPreferences, s as LinkedAccount, t as SecurityEvent, P as Pagination } from '../types-
|
|
2
|
-
export { A as AuthConfig, f as AuthState, w as ResetPasswordData, S as SSOConfig, e as StorageAdapter, g as getConfig, b as getDefaultStorage, d as getFetch, c as getStorage, i as initAuth, a as isInitialized, r as resetConfig } from '../types-
|
|
3
|
-
export { A as AuthService, L as LoginOptions, M as MFAVerifyOptions, R as RoleDeniedError, a as authService, f as formatUserRoles, c as getAvatarFallback, g as getDisplayName, e as getGreeting, d as getUserEmail, b as getUserInitials, i as isRoleDeniedError } from '../user-utils-
|
|
1
|
+
import { L as LoginCredentials, h as LoginResponse, j as LogoutResponse, R as RegisterData, k as RegisterResponse, U as User, u as ProfileUpdateData, v as ChangePasswordData, l as Session, m as ApiKey, C as CreateApiKeyRequest, n as CreateApiKeyResponse, o as MFAStatus, M as MFASetupResponse, p as MFAChallengeData, D as Device, q as UserPreferences, s as LinkedAccount, t as SecurityEvent, P as Pagination } from '../types-CKcLRCI_.js';
|
|
2
|
+
export { A as AuthConfig, f as AuthState, w as ResetPasswordData, S as SSOConfig, e as StorageAdapter, g as getConfig, b as getDefaultStorage, d as getFetch, c as getStorage, i as initAuth, a as isInitialized, r as resetConfig } from '../types-CKcLRCI_.js';
|
|
3
|
+
export { A as AuthService, L as LoginOptions, M as MFAVerifyOptions, R as RoleDeniedError, a as authService, f as formatUserRoles, c as getAvatarFallback, g as getDisplayName, e as getGreeting, d as getUserEmail, b as getUserInitials, i as isRoleDeniedError } from '../user-utils-Bi3-FHxY.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* HTTP Client
|
|
@@ -113,6 +113,7 @@ declare const authApi: {
|
|
|
113
113
|
* Initiate SSO login by redirecting to the SSO provider.
|
|
114
114
|
* @param options.callbackUrl - The URL where the SSO provider should redirect after auth
|
|
115
115
|
* @param options.redirectUrl - The final URL to redirect to after processing the callback
|
|
116
|
+
* @throws Error if redirectUrl or callbackUrl fail validation
|
|
116
117
|
*/
|
|
117
118
|
initiateSSOLogin(options?: {
|
|
118
119
|
callbackUrl?: string;
|
|
@@ -253,10 +254,10 @@ declare const authApi: {
|
|
|
253
254
|
*/
|
|
254
255
|
unlinkSSOAccount(provider: string, password?: string): Promise<void>;
|
|
255
256
|
/**
|
|
256
|
-
* Link an SSO account
|
|
257
|
+
* Link an SSO account.
|
|
257
258
|
*
|
|
258
|
-
*
|
|
259
|
-
*
|
|
259
|
+
* Initiates the SSO linking flow by making an authenticated API call.
|
|
260
|
+
* The server returns an authorization URL to redirect the user to.
|
|
260
261
|
*/
|
|
261
262
|
linkSSOAccount(provider?: string): Promise<void>;
|
|
262
263
|
/**
|
package/dist/core/index.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export { AuthService, RoleDeniedError, authService, formatUserRoles, getAvailableMethods, getAvatarFallback, getDisplayName, getGreeting, getMfaToken, getUserEmail, getUserInitials, isLoginSuccessResponse, isMfaChallengeResponse, isRoleDeniedError } from '../chunk-
|
|
2
|
-
export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens } from '../chunk-
|
|
3
|
-
export { decodeJWT, extractClaims, getConfig, getDefaultStorage, getFetch, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isInitialized, isTokenExpired, resetConfig } from '../chunk-
|
|
1
|
+
export { AuthService, RoleDeniedError, authService, formatUserRoles, getAvailableMethods, getAvatarFallback, getDisplayName, getGreeting, getMfaToken, getUserEmail, getUserInitials, isLoginSuccessResponse, isMfaChallengeResponse, isRoleDeniedError } from '../chunk-GOKAXJJS.js';
|
|
2
|
+
export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens } from '../chunk-U5E4T4NS.js';
|
|
3
|
+
export { decodeJWT, extractClaims, getConfig, getDefaultStorage, getFetch, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isInitialized, isTokenExpired, resetConfig } from '../chunk-EM7PUNZB.js';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export { m as ApiKey, A as AuthConfig, f as AuthState, v as ChangePasswordData, C as CreateApiKeyRequest, n as CreateApiKeyResponse, D as Device, s as LinkedAccount, L as LoginCredentials, h as LoginResponse, j as LogoutResponse, p as MFAChallengeData, M as MFASetupResponse, o as MFAStatus, P as Pagination, u as ProfileUpdateData, R as RegisterData, k as RegisterResponse, w as ResetPasswordData, S as SSOConfig, t as SecurityEvent, l as Session, e as StorageAdapter, U as User, q as UserPreferences, g as getConfig, b as getDefaultStorage, d as getFetch, c as getStorage, i as initAuth, a as isInitialized, r as resetConfig } from './types-
|
|
1
|
+
export { m as ApiKey, A as AuthConfig, f as AuthState, v as ChangePasswordData, C as CreateApiKeyRequest, n as CreateApiKeyResponse, D as Device, s as LinkedAccount, L as LoginCredentials, h as LoginResponse, j as LogoutResponse, p as MFAChallengeData, M as MFASetupResponse, o as MFAStatus, P as Pagination, u as ProfileUpdateData, R as RegisterData, k as RegisterResponse, w as ResetPasswordData, S as SSOConfig, t as SecurityEvent, l as Session, e as StorageAdapter, U as User, q as UserPreferences, g as getConfig, b as getDefaultStorage, d as getFetch, c as getStorage, i as initAuth, a as isInitialized, r as resetConfig } from './types-CKcLRCI_.js';
|
|
2
2
|
export { ApiRequestOptions, ApiResponse, JWTPayload, api, apiRequest, authApi, clearStoredAuth, decodeJWT, extractClaims, extractData, getAccessToken, getAvailableMethods, getMfaToken, getRefreshToken, getSessionToken, getTokenExpiration, getTokenRemainingTime, isLoginSuccessResponse, isMfaChallengeResponse, isTokenExpired, updateStoredTokens } from './core/index.js';
|
|
3
|
-
export { A as AuthService, L as LoginOptions, M as MFAVerifyOptions, R as RoleDeniedError, a as authService, f as formatUserRoles, c as getAvatarFallback, g as getDisplayName, e as getGreeting, d as getUserEmail, b as getUserInitials, i as isRoleDeniedError } from './user-utils-
|
|
3
|
+
export { A as AuthService, L as LoginOptions, M as MFAVerifyOptions, R as RoleDeniedError, a as authService, f as formatUserRoles, c as getAvatarFallback, g as getDisplayName, e as getGreeting, d as getUserEmail, b as getUserInitials, i as isRoleDeniedError } from './user-utils-Bi3-FHxY.js';
|
|
4
4
|
export { AuthClient, AuthGuardOptions, AuthGuardResult, AuthHookOptions, CreateAuthClientOptions, NavFilterOptions, RoleRestrictedItem, authActions, authStore, canAccess, checkAuth, createAuthClient, createAuthGuard, createAuthHook, createNavFilter, currentUser, filterByAccess, filterNavSections, isAuthenticated, matchesRoute, protectedLoad, requireAuth, requirePermission, requireRole, routePatterns } from './svelte/index.js';
|
|
5
5
|
import '@sveltejs/kit';
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export { canAccess, checkAuth, createAuthClient, createAuthGuard, createAuthHook, createNavFilter, filterByAccess, filterNavSections, matchesRoute, protectedLoad, requireAuth, requirePermission, requireRole, routePatterns } from './chunk-
|
|
2
|
-
export { AuthService, RoleDeniedError, authService, formatUserRoles, getAvailableMethods, getAvatarFallback, getDisplayName, getGreeting, getMfaToken, getUserEmail, getUserInitials, isLoginSuccessResponse, isMfaChallengeResponse, isRoleDeniedError } from './chunk-
|
|
3
|
-
export { authActions, authStore, currentUser, isAuthenticated } from './chunk-
|
|
4
|
-
export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens } from './chunk-
|
|
5
|
-
export { decodeJWT, extractClaims, getConfig, getDefaultStorage, getFetch, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isInitialized, isTokenExpired, resetConfig } from './chunk-
|
|
1
|
+
export { canAccess, checkAuth, createAuthClient, createAuthGuard, createAuthHook, createNavFilter, filterByAccess, filterNavSections, matchesRoute, protectedLoad, requireAuth, requirePermission, requireRole, routePatterns } from './chunk-RKHRCHOI.js';
|
|
2
|
+
export { AuthService, RoleDeniedError, authService, formatUserRoles, getAvailableMethods, getAvatarFallback, getDisplayName, getGreeting, getMfaToken, getUserEmail, getUserInitials, isLoginSuccessResponse, isMfaChallengeResponse, isRoleDeniedError } from './chunk-GOKAXJJS.js';
|
|
3
|
+
export { authActions, authStore, currentUser, isAuthenticated } from './chunk-TUFSFAAI.js';
|
|
4
|
+
export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens } from './chunk-U5E4T4NS.js';
|
|
5
|
+
export { decodeJWT, extractClaims, getConfig, getDefaultStorage, getFetch, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isInitialized, isTokenExpired, resetConfig } from './chunk-EM7PUNZB.js';
|
package/dist/svelte/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { f as AuthState, U as User, A as AuthConfig } from '../types-
|
|
2
|
-
export { i as initAuth, a as isInitialized } from '../types-
|
|
3
|
-
import { a as authService } from '../user-utils-
|
|
4
|
-
export { R as RoleDeniedError, f as formatUserRoles, c as getAvatarFallback, g as getDisplayName, e as getGreeting, d as getUserEmail, b as getUserInitials, i as isRoleDeniedError } from '../user-utils-
|
|
1
|
+
import { f as AuthState, U as User, A as AuthConfig } from '../types-CKcLRCI_.js';
|
|
2
|
+
export { i as initAuth, a as isInitialized } from '../types-CKcLRCI_.js';
|
|
3
|
+
import { a as authService } from '../user-utils-Bi3-FHxY.js';
|
|
4
|
+
export { R as RoleDeniedError, f as formatUserRoles, c as getAvatarFallback, g as getDisplayName, e as getGreeting, d as getUserEmail, b as getUserInitials, i as isRoleDeniedError } from '../user-utils-Bi3-FHxY.js';
|
|
5
5
|
import { RequestEvent, Handle } from '@sveltejs/kit';
|
|
6
6
|
|
|
7
7
|
/**
|
package/dist/svelte/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export { canAccess, checkAuth, createAuthClient, createAuthGuard, createAuthHook, createNavFilter, filterByAccess, filterNavSections, matchesRoute, protectedLoad, requireAuth, requirePermission, requireRole, routePatterns } from '../chunk-
|
|
2
|
-
export { RoleDeniedError, formatUserRoles, getAvatarFallback, getDisplayName, getGreeting, getUserEmail, getUserInitials, isRoleDeniedError } from '../chunk-
|
|
3
|
-
export { authActions, authStore, currentUser, isAuthenticated } from '../chunk-
|
|
4
|
-
import '../chunk-
|
|
5
|
-
export { initAuth, isInitialized } from '../chunk-
|
|
1
|
+
export { canAccess, checkAuth, createAuthClient, createAuthGuard, createAuthHook, createNavFilter, filterByAccess, filterNavSections, matchesRoute, protectedLoad, requireAuth, requirePermission, requireRole, routePatterns } from '../chunk-RKHRCHOI.js';
|
|
2
|
+
export { RoleDeniedError, formatUserRoles, getAvatarFallback, getDisplayName, getGreeting, getUserEmail, getUserInitials, isRoleDeniedError } from '../chunk-GOKAXJJS.js';
|
|
3
|
+
export { authActions, authStore, currentUser, isAuthenticated } from '../chunk-TUFSFAAI.js';
|
|
4
|
+
import '../chunk-U5E4T4NS.js';
|
|
5
|
+
export { initAuth, isInitialized } from '../chunk-EM7PUNZB.js';
|
package/dist/testing/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { U as User, h as LoginResponse, j as LogoutResponse, k as RegisterResponse, M as MFASetupResponse, o as MFAStatus, l as Session, D as Device, m as ApiKey, s as LinkedAccount, t as SecurityEvent, q as UserPreferences, e as StorageAdapter, f as AuthState, A as AuthConfig } from '../types-
|
|
1
|
+
import { U as User, h as LoginResponse, j as LogoutResponse, k as RegisterResponse, M as MFASetupResponse, o as MFAStatus, l as Session, D as Device, m as ApiKey, s as LinkedAccount, t as SecurityEvent, q as UserPreferences, e as StorageAdapter, f as AuthState, A as AuthConfig } from '../types-CKcLRCI_.js';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* User Fixtures
|
package/dist/testing/index.js
CHANGED
|
@@ -52,6 +52,22 @@ interface AuthConfig {
|
|
|
52
52
|
onSessionExpired?: (currentPath: string) => void;
|
|
53
53
|
/** SSO configuration */
|
|
54
54
|
sso?: SSOConfig;
|
|
55
|
+
/**
|
|
56
|
+
* Allowed origins for SSO redirect URLs.
|
|
57
|
+
* If not specified, only same-origin redirects are allowed.
|
|
58
|
+
*
|
|
59
|
+
* @example
|
|
60
|
+
* ```typescript
|
|
61
|
+
* initAuth({
|
|
62
|
+
* baseUrl: 'https://api.example.com',
|
|
63
|
+
* allowedRedirectOrigins: [
|
|
64
|
+
* 'https://app.example.com',
|
|
65
|
+
* 'https://admin.example.com',
|
|
66
|
+
* ],
|
|
67
|
+
* });
|
|
68
|
+
* ```
|
|
69
|
+
*/
|
|
70
|
+
allowedRedirectOrigins?: string[];
|
|
55
71
|
}
|
|
56
72
|
/**
|
|
57
73
|
* Initialize the auth package with configuration.
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { L as LoginCredentials, h as LoginResponse, j as LogoutResponse, R as RegisterData, k as RegisterResponse, U as User, u as ProfileUpdateData, l as Session, m as ApiKey, C as CreateApiKeyRequest, n as CreateApiKeyResponse, o as MFAStatus, M as MFASetupResponse, p as MFAChallengeData, D as Device, q as UserPreferences, s as LinkedAccount, t as SecurityEvent, P as Pagination } from './types-
|
|
1
|
+
import { L as LoginCredentials, h as LoginResponse, j as LogoutResponse, R as RegisterData, k as RegisterResponse, U as User, u as ProfileUpdateData, l as Session, m as ApiKey, C as CreateApiKeyRequest, n as CreateApiKeyResponse, o as MFAStatus, M as MFASetupResponse, p as MFAChallengeData, D as Device, q as UserPreferences, s as LinkedAccount, t as SecurityEvent, P as Pagination } from './types-CKcLRCI_.js';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* Auth Service
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@classic-homes/auth",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.50",
|
|
4
4
|
"description": "Authentication services and Svelte bindings for Classic Theme apps",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -24,6 +24,7 @@
|
|
|
24
24
|
"import": "./dist/testing/index.js"
|
|
25
25
|
}
|
|
26
26
|
},
|
|
27
|
+
"sideEffects": false,
|
|
27
28
|
"files": [
|
|
28
29
|
"dist"
|
|
29
30
|
],
|