npm - @cosmicdrift/kumiko-dev-server - Versions diffs - 0.38.0 → 0.39.0 - Mend

@cosmicdrift/kumiko-dev-server 0.38.0 → 0.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cosmicdrift/kumiko-dev-server",
-  "version": "0.38.0",
+  "version": "0.39.0",
   "description": "Development server bootstrap for Kumiko apps. Bundles the client, mints dev-JWTs, injects the resolved AppSchema, and seeds an admin. Not for production.",
   "license": "BUSL-1.1",
   "author": "Marc Frost <marc@cosmicdriftgamestudio.com>",
@@ -46,8 +46,8 @@
     "kumiko-schema-check": "./bin/kumiko-schema-check.ts"
   },
   "dependencies": {
-    "@cosmicdrift/kumiko-bundled-features": "0.37.0",
-    "@cosmicdrift/kumiko-framework": "0.37.0",
+    "@cosmicdrift/kumiko-bundled-features": "0.38.0",
+    "@cosmicdrift/kumiko-framework": "0.38.0",
     "ts-morph": "^28.0.0"
   },
   "publishConfig": {

package/src/run-dev-app.ts CHANGED Viewed

@@ -90,6 +90,9 @@ export type RunDevAppAuthOptions = {
   readonly signup?: SignupSetup;
   /** Tenant-Invite flow (Magic-Link). Symmetric. */
   readonly invite?: InviteSetup;
+  /** Domain attribute for both auth cookies (see
+   *  AuthRoutesConfig.cookieDomain). Symmetric zu RunProdAppAuthOptions. */
+  readonly cookieDomain?: string;
 };
 /** Hook for app-specific seeding (demo data, fixtures). Runs after the
@@ -268,6 +271,9 @@ export async function runDevApp(options: RunDevAppOptions): Promise<KumikoServer
           [AuthErrors.invalidCredentials]: 401,
           [AuthErrors.noMembership]: 403,
         },
+        ...(options.auth.cookieDomain !== undefined && {
+          cookieDomain: options.auth.cookieDomain,
+        }),
         ...sessionAuthFragment,
         ...(options.auth.passwordReset && {
           passwordReset: {

package/src/run-prod-app.ts CHANGED Viewed

@@ -276,6 +276,10 @@ export type RunProdAppAuthOptions = {
    *  /api/auth/invite-accept-with-login, /api/auth/invite-signup-complete
    *  are mounted. */
   readonly invite?: InviteSetup;
+  /** Domain attribute for both auth cookies (see
+   *  AuthRoutesConfig.cookieDomain). Set to the registrable parent
+   *  domain when login and app live on different subdomains. */
+  readonly cookieDomain?: string;
 };
 /** Hook for app-specific seeding — runs after the admin (when auth is
@@ -334,6 +338,10 @@ export type HostDispatchResult =
 export type HostDispatchFn = (req: {
   readonly host: string;
   readonly path: string;
+  /** Query-String inkl. führendem `?`, `""` wenn keiner. Redirects die
+   *  den Pfad auf einen anderen Host umbiegen (z.B. Auth-Routen mit
+   *  `?token=` aus alten Mail-Links) MÜSSEN ihn an `to` anhängen. */
+  readonly search: string;
 }) => HostDispatchResult;
 export type RunProdAppOptions = {
@@ -714,6 +722,9 @@ export async function runProdApp(options: RunProdAppOptions): Promise<ProdAppHan
           [AuthErrors.invalidCredentials]: 401,
           [AuthErrors.noMembership]: 403,
         },
+        ...(options.auth.cookieDomain !== undefined && {
+          cookieDomain: options.auth.cookieDomain,
+        }),
         ...sessionAuthFragment,
         ...(options.auth.passwordReset && {
           passwordReset: {
@@ -1027,7 +1038,7 @@ function buildStaticFallback(
     if (!hostDispatch) return null;
     const url = new URL(req.url);
     const host = req.headers.get("host") ?? url.host;
-    const result = hostDispatch({ host, path: url.pathname });
+    const result = hostDispatch({ host, path: url.pathname, search: url.search });
     if (result.kind === "not-found") {
       return new Response("Not Found", { status: 404 });
     }