npm - @driveflux/auth - Versions diffs - 4.0.49 → 4.0.50 - Mend

@driveflux/auth 4.0.49 → 4.0.50

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/dist/AuthProvider.js +76 -59
package/dist/authorization/constants.js +45 -24
package/dist/authorization/define.js +57 -28
package/dist/authorization/fields/index.js +4 -7
package/dist/authorization/helpers.js +10 -8
package/dist/authorization/index.js +6 -6
package/dist/authorization/permissions-list.js +5 -7
package/dist/authorization/quick.js +1 -1
package/dist/authorization/roles/admin/business-development-executive.js +20 -7
package/dist/authorization/roles/admin/ceo.js +4 -2
package/dist/authorization/roles/admin/common.js +4 -2
package/dist/authorization/roles/admin/concierge.js +35 -10
package/dist/authorization/roles/admin/customer-success-executive.js +40 -10
package/dist/authorization/roles/admin/data-analyst.js +7 -4
package/dist/authorization/roles/admin/designer.js +7 -4
package/dist/authorization/roles/admin/engineer.js +7 -4
package/dist/authorization/roles/admin/finance-executive.js +11 -4
package/dist/authorization/roles/admin/head-of-business-development.js +14 -4
package/dist/authorization/roles/admin/head-of-data-analytics.js +14 -4
package/dist/authorization/roles/admin/head-of-engineering.js +17 -6
package/dist/authorization/roles/admin/head-of-finance.js +8 -3
package/dist/authorization/roles/admin/head-of-human-resources.js +13 -5
package/dist/authorization/roles/admin/head-of-marketing.js +17 -5
package/dist/authorization/roles/admin/head-of-operations.js +8 -3
package/dist/authorization/roles/admin/head-of-product.js +17 -6
package/dist/authorization/roles/admin/head-of-sales.js +17 -5
package/dist/authorization/roles/admin/human-resources-executive.js +12 -5
package/dist/authorization/roles/admin/marketing-executive.js +7 -4
package/dist/authorization/roles/admin/product-manager.js +7 -4
package/dist/authorization/roles/admin/sales-executive.js +24 -8
package/dist/authorization/roles/consumer/business-admin.js +19 -6
package/dist/authorization/roles/consumer/business-user.js +18 -6
package/dist/authorization/roles/consumer/member.js +16 -6
package/dist/authorization/types.js +1 -1
package/dist/authorization/update-user-permissions.js +22 -15
package/dist/authorization/utils.js +26 -11
package/dist/context.js +8 -9
package/dist/default.js +1 -1
package/dist/server/authenticate-user.js +11 -7
package/dist/server/cors.js +23 -12
package/dist/server/credentials-provider.js +2 -2
package/dist/server/next-auth.js +90 -103
package/dist/server/prisma-adapter.js +88 -52
package/dist/server/verfiy-token.js +39 -24
package/dist/translations.js +4 -4
package/dist/use-auth.js +1 -1
package/dist/use-session.js +1 -1
package/package.json +2 -2

package/dist/server/next-auth.js CHANGED Viewed

@@ -8,7 +8,7 @@ import { nanoid } from 'nanoid';
 import CredentialsProvider from 'next-auth/providers/credentials';
 import FacebookProvider from 'next-auth/providers/facebook';
 import GoogleProvider from 'next-auth/providers/google';
-import { AUTH_COOKIE_CALLBACK_URL, AUTH_COOKIE_CSRF_TOKEN, AUTH_COOKIE_NONCE, AUTH_COOKIE_PKCE_CODE_VERIFIER, AUTH_COOKIE_SESSION_TOKEN, AUTH_COOKIE_STATE, } from '../constants.js';
+import { AUTH_COOKIE_CALLBACK_URL, AUTH_COOKIE_CSRF_TOKEN, AUTH_COOKIE_NONCE, AUTH_COOKIE_PKCE_CODE_VERIFIER, AUTH_COOKIE_SESSION_TOKEN, AUTH_COOKIE_STATE } from '../constants.js';
 import { extractDefault } from '../default.js';
 import { translations } from '../translations.js';
 import { authenticateUser } from './authenticate-user.js';
@@ -20,80 +20,79 @@ const nextAuthUrl = process.env.NEXTAUTH_URL;
 if (!nextAuthUrl) {
     throw new Error('NEXTAUTH_URL is not set');
 }
-export const generateSessionToken = async (user) => {
+export const generateSessionToken = async (user)=>{
     const secret = new TextEncoder().encode(config.auth.jwtSecret);
     const alg = 'HS256';
     const token = await new SignJWT({
-        roles: user.groups,
-    })
-        .setProtectedHeader({ alg })
-        .setIssuedAt()
-        .setSubject(user.id)
-        .setIssuer('flux.website')
-        .setAudience('flux.website')
-        .sign(secret);
+        roles: user.groups
+    }).setProtectedHeader({
+        alg
+    }).setIssuedAt().setSubject(user.id).setIssuer('flux.website').setAudience('flux.website').sign(secret);
     return token.toString();
 };
-export const getCredentialsOptions = () => {
+export const getCredentialsOptions = ()=>{
     return {
         name: 'Credentials',
         credentials: {
-            login: { label: translations.email, type: 'text' },
-            password: { label: translations.password, type: 'password' },
+            login: {
+                label: translations.email,
+                type: 'text'
+            },
+            password: {
+                label: translations.password,
+                type: 'password'
+            }
         },
-        async authorize(credentials) {
+        async authorize (credentials) {
             if (!credentials) {
                 return null;
             }
             const authResult = await authenticateUser(credentials);
             return authResult.ok ? authResult.val : null;
-        },
+        }
     };
 };
 export const authOptions = {
     adapter,
     providers: [
-        ...(config.auth.google
-            ? [
-                extractDefault(GoogleProvider)({
-                    ...config.auth.google,
-                    allowDangerousEmailAccountLinking: true,
-                }),
-            ]
-            : []),
-        ...(config.auth.facebook
-            ? [
-                extractDefault(FacebookProvider)({
-                    ...config.auth.facebook,
-                    allowDangerousEmailAccountLinking: true,
-                }),
-            ]
-            : []),
-        extractDefault(CredentialsProvider)(getCredentialsOptions()),
+        ...config.auth.google ? [
+            extractDefault(GoogleProvider)({
+                ...config.auth.google,
+                allowDangerousEmailAccountLinking: true
+            })
+        ] : [],
+        ...config.auth.facebook ? [
+            extractDefault(FacebookProvider)({
+                ...config.auth.facebook,
+                allowDangerousEmailAccountLinking: true
+            })
+        ] : [],
+        extractDefault(CredentialsProvider)(getCredentialsOptions())
     ],
     callbacks: {
-        async signIn({ account, profile }) {
-            const processName = (profile) => {
+        async signIn ({ account, profile }) {
+            const processName = (profile)=>{
                 if (profile?.given_name || profile?.family_name) {
                     return {
                         firstName: profile?.given_name || '',
-                        lastName: profile?.family_name || '',
+                        lastName: profile?.family_name || ''
                     };
                 }
                 if (!profile?.name) {
                     return {
                         firstName: '',
-                        lastName: '',
+                        lastName: ''
                     };
                 }
-                const r = (str) => str.replace(/\s+/g, ' ').trim();
+                const r = (str)=>str.replace(/\s+/g, ' ').trim();
                 const names = profile?.name.trim();
                 const nameSegments = names.split(' ');
-                const firstName = r(nameSegments
-                    .filter((_s, i) => i !== nameSegments?.length - 1)
-                    .join(' '));
+                const firstName = r(nameSegments.filter((_s, i)=>i !== nameSegments?.length - 1).join(' '));
                 const lastName = r(nameSegments?.[nameSegments?.length - 1]);
-                return { firstName, lastName };
+                return {
+                    firstName,
+                    lastName
+                };
             };
             if (account?.provider === 'google') {
                 if (!profile?.email) {
@@ -104,7 +103,7 @@ export const authOptions = {
                 // const password =  await bcrypt.hash(nanoid(), nanoid())
                 await prisma.user.upsert({
                     where: {
-                        email: profile.email,
+                        email: profile.email
                     },
                     create: {
                         id: generateId('User'),
@@ -114,13 +113,12 @@ export const authOptions = {
                         password,
                         registrationComplete: false,
                         metadata: {
-                            signupProvider: 'google',
-                        },
+                            signupProvider: 'google'
+                        }
                     },
-                    update: {},
+                    update: {}
                 });
-            }
-            else if (account?.provider === 'facebook') {
+            } else if (account?.provider === 'facebook') {
                 if (!profile?.email) {
                     throw new Error('Unauthenticated');
                 }
@@ -128,7 +126,7 @@ export const authOptions = {
                 const password = `${nanoid()}-${nanoid()}`;
                 await prisma.user.upsert({
                     where: {
-                        email: profile.email,
+                        email: profile.email
                     },
                     create: {
                         id: generateId('User'),
@@ -138,53 +136,50 @@ export const authOptions = {
                         password,
                         registrationComplete: false,
                         metadata: {
-                            signupProvider: 'facebook',
-                        },
+                            signupProvider: 'facebook'
+                        }
                     },
-                    update: {},
+                    update: {}
                 });
             }
             return true;
         },
-        async session({ session, user, trigger, token, ...others }) {
-            const { password, permissions, stripeCustomerId, ...newUser } = { ...user };
+        async session ({ session, user, trigger, token, ...others }) {
+            const { password, permissions, stripeCustomerId, ...newUser } = {
+                ...user
+            };
             const finalSession = {
                 user: newUser,
                 expires: new Date(session.expires).toISOString(),
                 id: session.id,
-                sessionToken: session.sessionToken,
+                sessionToken: session.sessionToken
             };
-            const decodedToken = session.sessionToken
-                ? decodeJwt(session.sessionToken)
-                : null;
+            const decodedToken = session.sessionToken ? decodeJwt(session.sessionToken) : null;
             const tokenRoles = decodedToken?.roles;
             if (session.sessionToken) {
-                if (trigger === 'update' ||
-                    !tokenRoles ||
-                    !areArraysSimilar(tokenRoles, user.groups)) {
+                if (trigger === 'update' || !tokenRoles || !areArraysSimilar(tokenRoles, user.groups)) {
                     const newSessionToken = await generateSessionToken(user);
                     // We can't call the update session from the patch because it searches by sessionToken and not by ID
                     try {
                         await prisma.session.update({
                             where: {
-                                sessionToken: session.sessionToken,
+                                sessionToken: session.sessionToken
                             },
                             data: {
-                                sessionToken: newSessionToken,
-                            },
+                                sessionToken: newSessionToken
+                            }
                         });
-                    }
-                    catch (_e) {
-                        // Sometimes, concurrent requests can happen and one would update
-                        // before the other, so prisma won't find it based on sessionToken and throw
-                        // Nothing to do in this case
+                    } catch (_e) {
+                    // Sometimes, concurrent requests can happen and one would update
+                    // before the other, so prisma won't find it based on sessionToken and throw
+                    // Nothing to do in this case
                     }
                     // @ts-expect-error dirty property to be removed in the patch
                     finalSession.newSessionToken = newSessionToken;
                 }
             }
             return finalSession;
-        },
+        }
     },
     cookies: {
         sessionToken: {
@@ -194,12 +189,8 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                domain: process.env.NO_COOKIE_DOMAIN === 'true'
-                    ? undefined
-                    : nextAuthUrl === 'localhost'
-                        ? `.${nextAuthUrl}`
-                        : `.${new URL(nextAuthUrl).hostname}`,
-            },
+                domain: process.env.NO_COOKIE_DOMAIN === 'true' ? undefined : nextAuthUrl === 'localhost' ? `.${nextAuthUrl}` : `.${new URL(nextAuthUrl).hostname}`
+            }
         },
         callbackUrl: {
             name: AUTH_COOKIE_CALLBACK_URL,
@@ -207,8 +198,8 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies,
-            },
+                secure: useSecureCookies
+            }
         },
         csrfToken: {
             name: `${useSecureCookies ? '__Host-' : ''}${AUTH_COOKIE_CSRF_TOKEN}`,
@@ -216,8 +207,8 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies,
-            },
+                secure: useSecureCookies
+            }
         },
         pkceCodeVerifier: {
             name: AUTH_COOKIE_PKCE_CODE_VERIFIER,
@@ -226,8 +217,8 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                maxAge: 900,
-            },
+                maxAge: 900
+            }
         },
         state: {
             name: AUTH_COOKIE_STATE,
@@ -236,8 +227,8 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                maxAge: 900,
-            },
+                maxAge: 900
+            }
         },
         nonce: {
             name: AUTH_COOKIE_NONCE,
@@ -245,13 +236,13 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies,
-            },
-        },
+                secure: useSecureCookies
+            }
+        }
     },
     useSecureCookies,
     jwt: {
-        async encode(params) {
+        async encode (params) {
             const secret = new TextEncoder().encode(config.auth.jwtSecret);
             const alg = 'HS256';
             const tokenId = params.token?.sub;
@@ -260,40 +251,36 @@ export const authOptions = {
             }
             const user = await prisma.user.findUnique({
                 where: {
-                    id: tokenId,
-                },
+                    id: tokenId
+                }
             });
             if (!user) {
                 throw new Error('No user found');
             }
             const token = await new SignJWT({
                 ...params.token,
-                roles: user.groups,
-            })
-                .setProtectedHeader({ alg })
-                .setIssuedAt()
-                .setSubject(user.id)
-                .setIssuer('flux.website')
-                .setAudience('flux.website')
-                .sign(secret);
+                roles: user.groups
+            }).setProtectedHeader({
+                alg
+            }).setIssuedAt().setSubject(user.id).setIssuer('flux.website').setAudience('flux.website').sign(secret);
             if (adapter.createSession) {
                 await adapter.createSession({
                     sessionToken: token,
                     userId: user.id,
-                    expires: new Date(Date.now() + (params.maxAge ?? MAX_AGE) * 1000),
+                    expires: new Date(Date.now() + (params.maxAge ?? MAX_AGE) * 1000)
                 });
             }
             return token;
-        },
+        }
     },
     session: {
         strategy: 'database',
         maxAge: MAX_AGE,
-        generateSessionToken: async (user) => {
+        generateSessionToken: async (user)=>{
             return await generateSessionToken(user);
-        },
+        }
     },
     pages: {
-        signIn: '/signin',
-    },
+        signIn: '/signin'
+    }
 };

package/dist/server/prisma-adapter.js CHANGED Viewed

@@ -4,136 +4,172 @@ export function PrismaAdapter() {
     return {
         // TODO
         // @ts-expect-error TypeScript is not working here
-        createUser: async ({ id, groups, permissions, emailVerified, ...data }) => {
+        createUser: async ({ id, groups, permissions, emailVerified, ...data })=>{
             // @ts-expect-error
             const userData = {
                 id: id || generateId('User'),
-                groups: groups || ['member'],
+                groups: groups || [
+                    'member'
+                ],
                 permissions: permissions || {},
                 emailVerified: Boolean(emailVerified),
                 email: data.email.toLowerCase().trim(),
-                ...data,
+                ...data
             };
             const user = await prisma.user.create({
                 data: {
-                    ...userData,
-                },
+                    ...userData
+                }
             });
             return user;
         },
         // TODO
         // @ts-expect-error
-        getUser: (id) => prisma.user.findUnique({ where: { id } }),
+        getUser: (id)=>prisma.user.findUnique({
+                where: {
+                    id
+                }
+            }),
         // TODO
         // @ts-expect-error
-        getUserByEmail: (email) => prisma.user.findUnique({ where: { email: email.toLowerCase().trim() } }),
+        getUserByEmail: (email)=>prisma.user.findUnique({
+                where: {
+                    email: email.toLowerCase().trim()
+                }
+            }),
         // TODO
         // @ts-expect-error
-        async getUserByAccount(provider_providerAccountId) {
+        async getUserByAccount (provider_providerAccountId) {
             const account = await prisma.account.findUnique({
-                where: { provider_providerAccountId },
-                select: { user: true },
+                where: {
+                    provider_providerAccountId
+                },
+                select: {
+                    user: true
+                }
             });
             return account?.user ?? null;
         },
         // TODO
         // @ts-expect-error
-        updateUser: ({ id, ...data }) => {
+        updateUser: ({ id, ...data })=>{
             // @ts-expect-error
             const userData = {
                 email: data.email?.toLowerCase().trim(),
-                ...data,
+                ...data
             };
-            return prisma.user.update({ where: { id }, data: { ...userData } });
+            return prisma.user.update({
+                where: {
+                    id
+                },
+                data: {
+                    ...userData
+                }
+            });
         },
         // TODO
         // @ts-expect-error
-        deleteUser: (id) => prisma.user.delete({ where: { id } }),
+        deleteUser: (id)=>prisma.user.delete({
+                where: {
+                    id
+                }
+            }),
         // @ts-expect-error
-        linkAccount: ({ id, ...data }) => {
+        linkAccount: ({ id, ...data })=>{
             return prisma.account.create({
                 // @ts-expect-error
                 data: {
                     id: id || generateId('Account'),
-                    ...data,
-                },
+                    ...data
+                }
             });
         },
         // @ts-expect-error
-        unlinkAccount: (provider_providerAccountId) => prisma.account.delete({
-            where: { provider_providerAccountId },
-        }),
+        unlinkAccount: (provider_providerAccountId)=>prisma.account.delete({
+                where: {
+                    provider_providerAccountId
+                }
+            }),
         // TODO
         // @ts-expect-error
-        async getSessionAndUser(sessionToken) {
+        async getSessionAndUser (sessionToken) {
             const userAndSession = await prisma.session.findUnique({
-                where: { sessionToken },
-                include: { user: true },
+                where: {
+                    sessionToken
+                },
+                include: {
+                    user: true
+                }
             });
-            if (!userAndSession)
-                return null;
+            if (!userAndSession) return null;
             const { user, ...session } = userAndSession;
-            return { user, session };
+            return {
+                user,
+                session
+            };
         },
         // TODO
         // @ts-expect-error
-        async createSession({ id, ...data }) {
+        async createSession ({ id, ...data }) {
             const session = await prisma.session.create({
                 data: {
                     id: id || generateId('Session'),
-                    ...data,
-                },
+                    ...data
+                }
             });
             return session;
         },
-        updateSession: (data) => {
+        updateSession: (data)=>{
             return prisma.session.update({
-                where: { sessionToken: data.sessionToken },
-                data,
+                where: {
+                    sessionToken: data.sessionToken
+                },
+                data
             });
         },
-        deleteSession: async (sessionToken) => {
+        deleteSession: async (sessionToken)=>{
             try {
-                await prisma.session.delete({ where: { sessionToken } });
-            }
-            catch (_e) {
-                // TODO
-                // DO nothing for now
+                await prisma.session.delete({
+                    where: {
+                        sessionToken
+                    }
+                });
+            } catch (_e) {
+            // TODO
+            // DO nothing for now
             }
         },
         // TODO
         // @ts-expect-error
-        async createVerificationToken({ id, ...data }) {
+        async createVerificationToken ({ id, ...data }) {
             const verificationToken = await prisma.verificationToken.create({
                 data: {
                     id: id || generateId('VerificationToken'),
-                    ...data,
-                },
+                    ...data
+                }
             });
             // TODO
             // @ts-expect-errors // MongoDB needs an ID, but we don't
-            if (verificationToken.id)
-                verificationToken.id = undefined;
+            if (verificationToken.id) verificationToken.id = undefined;
             return verificationToken;
         },
-        async useVerificationToken(identifier_token) {
+        async useVerificationToken (identifier_token) {
             try {
                 const verificationToken = await prisma.verificationToken.delete({
-                    where: { identifier_token },
+                    where: {
+                        identifier_token
+                    }
                 });
                 // TODO
                 // @ts-expect-errors // MongoDB needs an ID, but we don't
-                if (verificationToken.id)
-                    verificationToken.id = undefined;
+                if (verificationToken.id) verificationToken.id = undefined;
                 return verificationToken;
-            }
-            catch (error) {
+            } catch (error) {
                 // If token already used/deleted, just return null
                 // https://www.prisma.io/docs/reference/api-reference/error-reference#p2025
-                if (error.code === 'P2025')
-                    return null;
+                if (error.code === 'P2025') return null;
                 throw error;
             }
-        },
+        }
     };
 }

package/dist/server/verfiy-token.js CHANGED Viewed

@@ -1,29 +1,36 @@
 import { prisma } from '@driveflux/db';
-import { makeProblem, PROBLEM_CORRUPT, PROBLEM_EXPIRED, PROBLEM_INVALID_DATA, } from '@driveflux/problem';
+import { makeProblem, PROBLEM_CORRUPT, PROBLEM_EXPIRED, PROBLEM_INVALID_DATA } from '@driveflux/problem';
 import { Err, Ok } from '@driveflux/result';
-export const verifyToken = async (tokenIdOrValue, verifications, option) => {
-    const token = typeof tokenIdOrValue === 'object'
-        ? tokenIdOrValue
-        : (await prisma.token.findFirst({
-            where: {
-                OR: [{ id: tokenIdOrValue }, { value: tokenIdOrValue }],
-            },
-            ...(option?.includeUser ? { include: { user: true } } : {}),
-        }));
+export const verifyToken = async (tokenIdOrValue, verifications, option)=>{
+    const token = typeof tokenIdOrValue === 'object' ? tokenIdOrValue : await prisma.token.findFirst({
+        where: {
+            OR: [
+                {
+                    id: tokenIdOrValue
+                },
+                {
+                    value: tokenIdOrValue
+                }
+            ]
+        },
+        ...option?.includeUser ? {
+            include: {
+                user: true
+            }
+        } : {}
+    });
     if (!token) {
         return new Err(makeProblem(PROBLEM_INVALID_DATA, 'Invalid token'));
     }
     if (token.expiresAt && token.expiresAt.getTime() < Date.now()) {
         return new Err(makeProblem(PROBLEM_EXPIRED, 'This token has expired'));
     }
-    if (typeof verifications?.scope !== 'undefined' &&
-        token.scope !== verifications.scope) {
+    if (typeof verifications?.scope !== 'undefined' && token.scope !== verifications.scope) {
         return new Err(makeProblem(PROBLEM_INVALID_DATA, 'Invalid token scope'));
     }
     if (typeof verifications?.metadata !== 'undefined') {
-        for (const key of Object.keys(verifications.metadata)) {
-            if (typeof verifications.metadata[key] !== 'undefined' &&
-                verifications.metadata[key] !== token.metadata?.[key]) {
+        for (const key of Object.keys(verifications.metadata)){
+            if (typeof verifications.metadata[key] !== 'undefined' && verifications.metadata[key] !== token.metadata?.[key]) {
                 return new Err(makeProblem(PROBLEM_INVALID_DATA, 'Invalid token data'));
             }
         }
@@ -33,22 +40,30 @@ export const verifyToken = async (tokenIdOrValue, verifications, option) => {
     }
     return new Ok(token);
 };
-export const clearToken = async (tokenId) => {
+export const clearToken = async (tokenId)=>{
     try {
         await prisma.token.delete({
             where: {
-                id: tokenId,
-            },
+                id: tokenId
+            }
         });
-    }
-    catch (_e) {
-        // Nothing to for now
+    } catch (_e) {
+    // Nothing to for now
     }
 };
-export const clearExpiredTokens = async () => {
+export const clearExpiredTokens = async ()=>{
     await prisma.token.deleteMany({
         where: {
-            OR: [{ expiresAt: { lte: new Date() } }, { invalid: true }],
-        },
+            OR: [
+                {
+                    expiresAt: {
+                        lte: new Date()
+                    }
+                },
+                {
+                    invalid: true
+                }
+            ]
+        }
     });
 };