npm - @crossauth/sveltekit - Versions diffs - 1.1.0 → 1.1.1 - Mend

@crossauth/sveltekit 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/dist/index.d.ts +1 -1
package/dist/index.js +16 -6181
package/dist/sveltekitadminclientendpoints.d.ts +13 -12
package/dist/sveltekitadminclientendpoints.js +187 -0
package/dist/sveltekitadminendpoints.d.ts +5 -4
package/dist/sveltekitadminendpoints.js +766 -0
package/dist/sveltekitapikey.d.ts +4 -4
package/dist/sveltekitapikey.js +81 -0
package/dist/sveltekitoauthclient.d.ts +6 -5
package/dist/sveltekitoauthclient.js +2309 -0
package/dist/sveltekitoauthserver.d.ts +4 -4
package/dist/sveltekitoauthserver.js +1350 -0
package/dist/sveltekitresserver.d.ts +6 -5
package/dist/sveltekitresserver.js +286 -0
package/dist/sveltekitserver.d.ts +11 -10
package/dist/sveltekitserver.js +393 -0
package/dist/sveltekitsession.d.ts +5 -5
package/dist/sveltekitsession.js +1112 -0
package/dist/sveltekitsessionadapter.d.ts +2 -3
package/dist/sveltekitsessionadapter.js +2 -0
package/dist/sveltekitsharedclientendpoints.d.ts +7 -6
package/dist/sveltekitsharedclientendpoints.js +630 -0
package/dist/sveltekituserclientendpoints.d.ts +13 -12
package/dist/sveltekituserclientendpoints.js +270 -0
package/dist/sveltekituserendpoints.d.ts +6 -5
package/dist/sveltekituserendpoints.js +1813 -0
package/dist/tests/sveltekitadminclientendpoints.test.js +330 -0
package/dist/tests/sveltekitadminendpoints.test.js +242 -0
package/dist/tests/sveltekitapikeyserver.test.js +44 -0
package/dist/tests/sveltekitoauthclient.test.d.ts +5 -5
package/dist/tests/sveltekitoauthclient.test.js +1016 -0
package/dist/tests/sveltekitoauthresserver.test.d.ts +4 -4
package/dist/tests/sveltekitoauthresserver.test.js +185 -0
package/dist/tests/sveltekitoauthserver.test.js +673 -0
package/dist/tests/sveltekituserclientendpoints.test.js +244 -0
package/dist/tests/sveltekituserendpoints.test.js +152 -0
package/dist/tests/sveltemock.test.js +36 -0
package/dist/tests/sveltemocks.d.ts +2 -3
package/dist/tests/sveltemocks.js +114 -0
package/dist/tests/sveltesessionhooks.test.js +224 -0
package/dist/tests/testshared.d.ts +8 -8
package/dist/tests/testshared.js +344 -0
package/dist/utils.d.ts +1 -2
package/dist/utils.js +123 -0
package/package.json +6 -4
package/dist/index.cjs +0 -1

package/dist/sveltekitapikey.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
-import { UserStorage, KeyStorage, ApiKeyManagerOptions } from '@crossauth/backend';
-import { RequestEvent } from '@sveltejs/kit';
-import { MaybePromise } from './tests/sveltemocks';
+import { UserStorage, KeyStorage } from '@crossauth/backend';
+import type { ApiKeyManagerOptions } from '@crossauth/backend';
+import type { RequestEvent } from '@sveltejs/kit';
+import { type MaybePromise } from './tests/sveltemocks';
 /**
  * Options for {@link SvelteKitApiKeyServer }.
  *

package/dist/sveltekitapikey.js ADDED Viewed

@@ -0,0 +1,81 @@
+// Copyright (c) 2026 Matthew Baker.  All rights reserved.  Licenced under the Apache Licence 2.0.  See LICENSE file
+import { ApiKeyManager, UserStorage, KeyStorage } from '@crossauth/backend';
+import { CrossauthLogger, j } from '@crossauth/common';
+import {} from './tests/sveltemocks';
+/**
+ * This class adds API key functionality to the Fatify server.
+ *
+ * You shouldn't have to instantiate this directly.  It is created
+ * when instantiating {@link SvelteKitServer} if enabling API key support-
+ *
+ * API keys are bearer tokens than have to be manually created for a user.
+ * They can be used in place of username/password login and session cookies.
+ *
+ * This class adds a `preHandler` hook that sets the `user` field in the
+ * SvelteKit request.  It also sets `scopes` in the request object if there
+ * is a `scope` field in the JSON object in the `data` field in in the API
+ * record in key storage.
+ */
+export class SvelteKitApiKeyServer {
+    userStorage;
+    apiKeyManager;
+    /**
+     * Hook to check if the user is logged in and set data in `locals`
+     * accordingly.
+     */
+    hook;
+    /**
+     * Constructor
+     *
+     * @param userStorage the user storage with user accounts
+     * @param keyStorage the storage for finding API keys
+     * @param options See {@link SvelteKitApiKeyServerOptions}
+     */
+    constructor(userStorage, keyStorage, options = {}) {
+        this.userStorage = userStorage;
+        this.apiKeyManager = new ApiKeyManager(keyStorage, options);
+        this.hook = async ({ event } /*, response*/) => {
+            CrossauthLogger.logger.debug("APIKey hook");
+            const authzHeader = event.request.headers.get("authorization");
+            if (authzHeader) {
+                try {
+                    CrossauthLogger.logger.debug(j({
+                        msg: "Received authorization header"
+                    }));
+                    const key = await this.apiKeyManager.validateToken(authzHeader);
+                    CrossauthLogger.logger.debug(j({
+                        msg: "Valid API key",
+                        hahedApiKey: ApiKeyManager.hashSignedApiKeyValue(key.value)
+                    }));
+                    const data = KeyStorage.decodeData(key.data);
+                    event.locals.apiKey = { ...key, ...data };
+                    if ("scope" in data && Array.isArray(data.scope)) {
+                        let scopes = [];
+                        for (let scope of data.scope) {
+                            if (typeof scope == "string")
+                                scopes.push(scope);
+                        }
+                        event.locals.scope = scopes;
+                    }
+                    if (key.userid) {
+                        try {
+                            const { user } = await this.userStorage.getUserById(key.userid);
+                            event.locals.user = user;
+                            event.locals.authType = "apiKey";
+                            CrossauthLogger.logger.debug(j({ msg: "API key is for user", userid: user.id, user: user.username, hahedApiKey: ApiKeyManager.hashSignedApiKeyValue(key.value) }));
+                        }
+                        catch (e2) {
+                            CrossauthLogger.logger.error(j({ msg: "API key has invalid user", userid: key.userid, hashedApiKey: ApiKeyManager.hashSignedApiKeyValue(key.value) }));
+                            CrossauthLogger.logger.debug(j({ err: e2 }));
+                        }
+                    }
+                }
+                catch (e) {
+                    CrossauthLogger.logger.error(j({ msg: "Invalid authorization header received", header: authzHeader }));
+                    CrossauthLogger.logger.debug(j({ err: e }));
+                }
+            }
+            ;
+        };
+    }
+}

package/dist/sveltekitoauthclient.d.ts CHANGED Viewed

@@ -1,9 +1,10 @@
-import { CrossauthError, ErrorCode, OAuthTokenResponse, OAuthDeviceAuthorizationResponse, User } from '@crossauth/common';
-import { OAuthClientBackend, OAuthClientOptions } from '@crossauth/backend';
+import { CrossauthError, ErrorCode } from '@crossauth/common';
+import type { OAuthTokenResponse, OAuthDeviceAuthorizationResponse, User } from '@crossauth/common';
+import { OAuthClientBackend } from '@crossauth/backend';
+import type { OAuthClientOptions } from '@crossauth/backend';
 import { SvelteKitServer } from './sveltekitserver';
-import { RequestEvent } from '@sveltejs/kit';
-import { MaybePromise } from './tests/sveltemocks';
+import type { RequestEvent } from '@sveltejs/kit';
+import { type MaybePromise } from './tests/sveltemocks';
 export type SvelteKitErrorFn = (server: SvelteKitServer, event: RequestEvent, ce: CrossauthError) => Promise<Response>;
 /**
  * Options for {@link SvelteKitOAuthClient}.