@driveflux/auth 4.0.56 → 4.0.57

package/dist/server/next-auth.js

@@ -8,7 +8,7 @@ import { nanoid } from 'nanoid';
 import CredentialsProvider from 'next-auth/providers/credentials';
 import FacebookProvider from 'next-auth/providers/facebook';
 import GoogleProvider from 'next-auth/providers/google';
-import { AUTH_COOKIE_CALLBACK_URL, AUTH_COOKIE_CSRF_TOKEN, AUTH_COOKIE_NONCE, AUTH_COOKIE_PKCE_CODE_VERIFIER, AUTH_COOKIE_SESSION_TOKEN, AUTH_COOKIE_STATE } from '../constants.js';
+import { AUTH_COOKIE_CALLBACK_URL, AUTH_COOKIE_CSRF_TOKEN, AUTH_COOKIE_NONCE, AUTH_COOKIE_PKCE_CODE_VERIFIER, AUTH_COOKIE_SESSION_TOKEN, AUTH_COOKIE_STATE, } from '../constants.js';
 import { extractDefault } from '../default.js';
 import { translations } from '../translations.js';
 import { authenticateUser } from './authenticate-user.js';
@@ -21,79 +21,80 @@ const nextAuthUrl = process.env.NEXTAUTH_URL;
 if (!nextAuthUrl) {
     throw new Error('NEXTAUTH_URL is not set');
 }
-export const generateSessionToken = async (user)=>{
+export const generateSessionToken = async (user) => {
     const secret = new TextEncoder().encode(config.auth.jwtSecret);
     const alg = 'HS256';
     const token = await new SignJWT({
-        roles: user.groups
-    }).setProtectedHeader({
-        alg
-    }).setIssuedAt().setSubject(user.id).setIssuer('flux.website').setAudience('flux.website').sign(secret);
+        roles: user.groups,
+    })
+        .setProtectedHeader({ alg })
+        .setIssuedAt()
+        .setSubject(user.id)
+        .setIssuer('flux.website')
+        .setAudience('flux.website')
+        .sign(secret);
     return token.toString();
 };
-export const getCredentialsOptions = ()=>{
+export const getCredentialsOptions = () => {
     return {
         name: 'Credentials',
         credentials: {
-            login: {
-                label: translations.email,
-                type: 'text'
-            },
-            password: {
-                label: translations.password,
-                type: 'password'
-            }
+            login: { label: translations.email, type: 'text' },
+            password: { label: translations.password, type: 'password' },
         },
-        async authorize (credentials) {
+        async authorize(credentials) {
             if (!credentials) {
                 return null;
             }
             const authResult = await authenticateUser(credentials);
             return authResult.ok ? authResult.val : null;
-        }
+        },
     };
 };
 export const authOptions = {
     adapter,
     providers: [
-        ...config.auth.google ? [
-            extractDefault(GoogleProvider)({
-                ...config.auth.google,
-                allowDangerousEmailAccountLinking: true
-            })
-        ] : [],
-        ...config.auth.facebook ? [
-            extractDefault(FacebookProvider)({
-                ...config.auth.facebook,
-                allowDangerousEmailAccountLinking: true
-            })
-        ] : [],
-        extractDefault(CredentialsProvider)(getCredentialsOptions())
+        ...(config.auth.google
+            ? [
+                extractDefault(GoogleProvider)({
+                    ...config.auth.google,
+                    allowDangerousEmailAccountLinking: true,
+                }),
+            ]
+            : []),
+        ...(config.auth.facebook
+            ? [
+                extractDefault(FacebookProvider)({
+                    ...config.auth.facebook,
+                    allowDangerousEmailAccountLinking: true,
+                }),
+            ]
+            : []),
+        extractDefault(CredentialsProvider)(getCredentialsOptions()),
     ],
     callbacks: {
-        async signIn ({ account, profile }) {
-            const processName = (profile)=>{
+        async signIn({ account, profile }) {
+            const processName = (profile) => {
                 if (profile?.given_name || profile?.family_name) {
                     return {
                         firstName: profile?.given_name || '',
-                        lastName: profile?.family_name || ''
+                        lastName: profile?.family_name || '',
                     };
                 }
                 if (!profile?.name) {
                     return {
                         firstName: '',
-                        lastName: ''
+                        lastName: '',
                     };
                 }
-                const r = (str)=>str.replace(/\s+/g, ' ').trim();
+                const r = (str) => str.replace(/\s+/g, ' ').trim();
                 const names = profile?.name.trim();
                 const nameSegments = names.split(' ');
-                const firstName = r(nameSegments.filter((_s, i)=>i !== nameSegments?.length - 1).join(' '));
+                const firstName = r(nameSegments
+                    .filter((_s, i) => i !== nameSegments?.length - 1)
+                    .join(' '));
                 const lastName = r(nameSegments?.[nameSegments?.length - 1]);
-                return {
-                    firstName,
-                    lastName
-                };
+                return { firstName, lastName };
             };
             if (account?.provider === 'google') {
                 if (!profile?.email) {
@@ -104,7 +105,7 @@ export const authOptions = {
                 // const password =  await bcrypt.hash(nanoid(), nanoid())
                 await prisma.user.upsert({
                     where: {
-                        email: profile.email
+                        email: profile.email,
                     },
                     create: {
                         id: generateId('User'),
@@ -114,12 +115,13 @@ export const authOptions = {
                         password,
                         registrationComplete: false,
                         metadata: {
-                            signupProvider: 'google'
-                        }
+                            signupProvider: 'google',
+                        },
                     },
-                    update: {}
+                    update: {},
                 });
-            } else if (account?.provider === 'facebook') {
+            }
+            else if (account?.provider === 'facebook') {
                 if (!profile?.email) {
                     throw new Error('Unauthenticated');
                 }
@@ -127,7 +129,7 @@ export const authOptions = {
                 const password = `${nanoid()}-${nanoid()}`;
                 await prisma.user.upsert({
                     where: {
-                        email: profile.email
+                        email: profile.email,
                     },
                     create: {
                         id: generateId('User'),
@@ -137,43 +139,46 @@ export const authOptions = {
                         password,
                         registrationComplete: false,
                         metadata: {
-                            signupProvider: 'facebook'
-                        }
+                            signupProvider: 'facebook',
+                        },
                     },
-                    update: {}
+                    update: {},
                 });
             }
             return true;
         },
-        async session ({ session, user, trigger }) {
-            const { password, permissions, stripeCustomerId, ...newUser } = {
-                ...user
-            };
+        async session({ session, user, trigger }) {
+            const { password, permissions, stripeCustomerId, ...newUser } = { ...user };
             const finalSession = {
                 user: newUser,
                 expires: new Date(session.expires).toISOString(),
                 id: session.id,
-                sessionToken: session.sessionToken
+                sessionToken: session.sessionToken,
             };
-            const decodedToken = session.sessionToken ? decodeJwt(session.sessionToken) : null;
+            const decodedToken = session.sessionToken
+                ? decodeJwt(session.sessionToken)
+                : null;
             const tokenRoles = decodedToken?.roles;
             if (session.sessionToken) {
-                if (trigger === 'update' || !tokenRoles || !areArraysSimilar(tokenRoles, user.groups)) {
+                if (trigger === 'update' ||
+                    !tokenRoles ||
+                    !areArraysSimilar(tokenRoles, user.groups)) {
                     const newSessionToken = await generateSessionToken(user);
                     // We can't call the update session from the patch because it searches by sessionToken and not by ID
                     try {
                         await prisma.session.update({
                             where: {
-                                sessionToken: session.sessionToken
+                                sessionToken: session.sessionToken,
                             },
                             data: {
-                                sessionToken: newSessionToken
-                            }
+                                sessionToken: newSessionToken,
+                            },
                         });
-                    } catch (_e) {
-                    // Sometimes, concurrent requests can happen and one would update
-                    // before the other, so prisma won't find it based on sessionToken and throw
-                    // Nothing to do in this case
+                    }
+                    catch (_e) {
+                        // Sometimes, concurrent requests can happen and one would update
+                        // before the other, so prisma won't find it based on sessionToken and throw
+                        // Nothing to do in this case
                     }
                     // @ts-expect-error dirty property to be removed in the patch
                     finalSession.newSessionToken = newSessionToken;
@@ -188,26 +193,18 @@ export const authOptions = {
                 await prisma.session.update({
                     where: {
                         id: session.id,
-                        OR: [
-                            {
-                                lastActiveAt: null
-                            },
-                            {
-                                lastActiveAt: {
-                                    lt: threshold
-                                }
-                            }
-                        ]
+                        OR: [{ lastActiveAt: null }, { lastActiveAt: { lt: threshold } }],
                     },
                     data: {
-                        lastActiveAt: new Date()
-                    }
+                        lastActiveAt: new Date(),
+                    },
                 });
-            } catch (_e) {
-            // Silently fail
+            }
+            catch (_e) {
+                // Silently fail
             }
             return finalSession;
-        }
+        },
     },
     cookies: {
         sessionToken: {
@@ -217,8 +214,12 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                domain: process.env.NO_COOKIE_DOMAIN === 'true' ? undefined : nextAuthUrl === 'localhost' ? `.${nextAuthUrl}` : `.${new URL(nextAuthUrl).hostname}`
-            }
+                domain: process.env.NO_COOKIE_DOMAIN === 'true'
+                    ? undefined
+                    : nextAuthUrl === 'localhost'
+                        ? `.${nextAuthUrl}`
+                        : `.${new URL(nextAuthUrl).hostname}`,
+            },
         },
         callbackUrl: {
             name: AUTH_COOKIE_CALLBACK_URL,
@@ -226,8 +227,8 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies
-            }
+                secure: useSecureCookies,
+            },
         },
         csrfToken: {
             name: `${useSecureCookies ? '__Host-' : ''}${AUTH_COOKIE_CSRF_TOKEN}`,
@@ -235,8 +236,8 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies
-            }
+                secure: useSecureCookies,
+            },
         },
         pkceCodeVerifier: {
             name: AUTH_COOKIE_PKCE_CODE_VERIFIER,
@@ -245,8 +246,8 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                maxAge: 900
-            }
+                maxAge: 900,
+            },
         },
         state: {
             name: AUTH_COOKIE_STATE,
@@ -255,8 +256,8 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                maxAge: 900
-            }
+                maxAge: 900,
+            },
         },
         nonce: {
             name: AUTH_COOKIE_NONCE,
@@ -264,13 +265,13 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies
-            }
-        }
+                secure: useSecureCookies,
+            },
+        },
     },
     useSecureCookies,
     jwt: {
-        async encode (params) {
+        async encode(params) {
             const secret = new TextEncoder().encode(config.auth.jwtSecret);
             const alg = 'HS256';
             const tokenId = params.token?.sub;
@@ -279,36 +280,40 @@ export const authOptions = {
             }
             const user = await prisma.user.findUnique({
                 where: {
-                    id: tokenId
-                }
+                    id: tokenId,
+                },
             });
             if (!user) {
                 throw new Error('No user found');
             }
             const token = await new SignJWT({
                 ...params.token,
-                roles: user.groups
-            }).setProtectedHeader({
-                alg
-            }).setIssuedAt().setSubject(user.id).setIssuer('flux.website').setAudience('flux.website').sign(secret);
+                roles: user.groups,
+            })
+                .setProtectedHeader({ alg })
+                .setIssuedAt()
+                .setSubject(user.id)
+                .setIssuer('flux.website')
+                .setAudience('flux.website')
+                .sign(secret);
             if (adapter.createSession) {
                 await adapter.createSession({
                     sessionToken: token,
                     userId: user.id,
-                    expires: new Date(Date.now() + (params.maxAge ?? MAX_AGE) * 1000)
+                    expires: new Date(Date.now() + (params.maxAge ?? MAX_AGE) * 1000),
                 });
             }
             return token;
-        }
+        },
     },
     session: {
         strategy: 'database',
         maxAge: MAX_AGE,
-        generateSessionToken: async (user)=>{
+        generateSessionToken: async (user) => {
             return await generateSessionToken(user);
-        }
+        },
     },
     pages: {
-        signIn: '/signin'
-    }
+        signIn: '/signin',
+    },
 };

package/dist/server/prisma-adapter.js

@@ -4,172 +4,136 @@ export function PrismaAdapter() {
     return {
         // TODO
         // @ts-expect-error TypeScript is not working here
-        createUser: async ({ id, groups, permissions, emailVerified, ...data })=>{
+        createUser: async ({ id, groups, permissions, emailVerified, ...data }) => {
             // @ts-expect-error
             const userData = {
                 id: id || generateId('User'),
-                groups: groups || [
-                    'member'
-                ],
+                groups: groups || ['member'],
                 permissions: permissions || {},
                 emailVerified: Boolean(emailVerified),
                 email: data.email.toLowerCase().trim(),
-                ...data
+                ...data,
             };
             const user = await prisma.user.create({
                 data: {
-                    ...userData
-                }
+                    ...userData,
+                },
             });
             return user;
         },
         // TODO
         // @ts-expect-error
-        getUser: (id)=>prisma.user.findUnique({
-                where: {
-                    id
-                }
-            }),
+        getUser: (id) => prisma.user.findUnique({ where: { id } }),
         // TODO
         // @ts-expect-error
-        getUserByEmail: (email)=>prisma.user.findUnique({
-                where: {
-                    email: email.toLowerCase().trim()
-                }
-            }),
+        getUserByEmail: (email) => prisma.user.findUnique({ where: { email: email.toLowerCase().trim() } }),
         // TODO
         // @ts-expect-error
-        async getUserByAccount (provider_providerAccountId) {
+        async getUserByAccount(provider_providerAccountId) {
             const account = await prisma.account.findUnique({
-                where: {
-                    provider_providerAccountId
-                },
-                select: {
-                    user: true
-                }
+                where: { provider_providerAccountId },
+                select: { user: true },
             });
             return account?.user ?? null;
         },
         // TODO
         // @ts-expect-error
-        updateUser: ({ id, ...data })=>{
+        updateUser: ({ id, ...data }) => {
             // @ts-expect-error
             const userData = {
                 email: data.email?.toLowerCase().trim(),
-                ...data
+                ...data,
             };
-            return prisma.user.update({
-                where: {
-                    id
-                },
-                data: {
-                    ...userData
-                }
-            });
+            return prisma.user.update({ where: { id }, data: { ...userData } });
         },
         // TODO
         // @ts-expect-error
-        deleteUser: (id)=>prisma.user.delete({
-                where: {
-                    id
-                }
-            }),
+        deleteUser: (id) => prisma.user.delete({ where: { id } }),
         // @ts-expect-error
-        linkAccount: ({ id, ...data })=>{
+        linkAccount: ({ id, ...data }) => {
             return prisma.account.create({
                 // @ts-expect-error
                 data: {
                     id: id || generateId('Account'),
-                    ...data
-                }
+                    ...data,
+                },
             });
         },
         // @ts-expect-error
-        unlinkAccount: (provider_providerAccountId)=>prisma.account.delete({
-                where: {
-                    provider_providerAccountId
-                }
-            }),
+        unlinkAccount: (provider_providerAccountId) => prisma.account.delete({
+            where: { provider_providerAccountId },
+        }),
         // TODO
         // @ts-expect-error
-        async getSessionAndUser (sessionToken) {
+        async getSessionAndUser(sessionToken) {
             const userAndSession = await prisma.session.findUnique({
-                where: {
-                    sessionToken
-                },
-                include: {
-                    user: true
-                }
+                where: { sessionToken },
+                include: { user: true },
             });
-            if (!userAndSession) return null;
+            if (!userAndSession)
+                return null;
             const { user, ...session } = userAndSession;
-            return {
-                user,
-                session
-            };
+            return { user, session };
         },
         // TODO
         // @ts-expect-error
-        async createSession ({ id, ...data }) {
+        async createSession({ id, ...data }) {
             const session = await prisma.session.create({
                 data: {
                     id: id || generateId('Session'),
-                    ...data
-                }
+                    ...data,
+                },
             });
             return session;
         },
-        updateSession: (data)=>{
+        updateSession: (data) => {
             return prisma.session.update({
-                where: {
-                    sessionToken: data.sessionToken
-                },
-                data
+                where: { sessionToken: data.sessionToken },
+                data,
             });
         },
-        deleteSession: async (sessionToken)=>{
+        deleteSession: async (sessionToken) => {
             try {
-                await prisma.session.delete({
-                    where: {
-                        sessionToken
-                    }
-                });
-            } catch (_e) {
-            // TODO
-            // DO nothing for now
+                await prisma.session.delete({ where: { sessionToken } });
+            }
+            catch (_e) {
+                // TODO
+                // DO nothing for now
             }
         },
         // TODO
         // @ts-expect-error
-        async createVerificationToken ({ id, ...data }) {
+        async createVerificationToken({ id, ...data }) {
             const verificationToken = await prisma.verificationToken.create({
                 data: {
                     id: id || generateId('VerificationToken'),
-                    ...data
-                }
+                    ...data,
+                },
             });
             // TODO
             // @ts-expect-errors // MongoDB needs an ID, but we don't
-            if (verificationToken.id) verificationToken.id = undefined;
+            if (verificationToken.id)
+                verificationToken.id = undefined;
             return verificationToken;
         },
-        async useVerificationToken (identifier_token) {
+        async useVerificationToken(identifier_token) {
             try {
                 const verificationToken = await prisma.verificationToken.delete({
-                    where: {
-                        identifier_token
-                    }
+                    where: { identifier_token },
                 });
                 // TODO
                 // @ts-expect-errors // MongoDB needs an ID, but we don't
-                if (verificationToken.id) verificationToken.id = undefined;
+                if (verificationToken.id)
+                    verificationToken.id = undefined;
                 return verificationToken;
-            } catch (error) {
+            }
+            catch (error) {
                 // If token already used/deleted, just return null
                 // https://www.prisma.io/docs/reference/api-reference/error-reference#p2025
-                if (error.code === 'P2025') return null;
+                if (error.code === 'P2025')
+                    return null;
                 throw error;
             }
-        }
+        },
     };
 }