@driveflux/auth 4.0.60 → 4.0.61

package/dist/server/next-auth.js

@@ -8,7 +8,7 @@ import { nanoid } from 'nanoid';
 import CredentialsProvider from 'next-auth/providers/credentials';
 import FacebookProvider from 'next-auth/providers/facebook';
 import GoogleProvider from 'next-auth/providers/google';
-import { AUTH_COOKIE_CALLBACK_URL, AUTH_COOKIE_CSRF_TOKEN, AUTH_COOKIE_NONCE, AUTH_COOKIE_PKCE_CODE_VERIFIER, AUTH_COOKIE_SESSION_TOKEN, AUTH_COOKIE_STATE, } from '../constants.js';
+import { AUTH_COOKIE_CALLBACK_URL, AUTH_COOKIE_CSRF_TOKEN, AUTH_COOKIE_NONCE, AUTH_COOKIE_PKCE_CODE_VERIFIER, AUTH_COOKIE_SESSION_TOKEN, AUTH_COOKIE_STATE } from '../constants.js';
 import { extractDefault } from '../default.js';
 import { translations } from '../translations.js';
 import { authenticateUser } from './authenticate-user.js';
@@ -21,80 +21,79 @@ const nextAuthUrl = process.env.NEXTAUTH_URL;
 if (!nextAuthUrl) {
     throw new Error('NEXTAUTH_URL is not set');
 }
-export const generateSessionToken = async (user) => {
+export const generateSessionToken = async (user)=>{
     const secret = new TextEncoder().encode(config.auth.jwtSecret);
     const alg = 'HS256';
     const token = await new SignJWT({
-        roles: user.groups,
-    })
-        .setProtectedHeader({ alg })
-        .setIssuedAt()
-        .setSubject(user.id)
-        .setIssuer('flux.website')
-        .setAudience('flux.website')
-        .sign(secret);
+        roles: user.groups
+    }).setProtectedHeader({
+        alg
+    }).setIssuedAt().setSubject(user.id).setIssuer('flux.website').setAudience('flux.website').sign(secret);
     return token.toString();
 };
-export const getCredentialsOptions = () => {
+export const getCredentialsOptions = ()=>{
     return {
         name: 'Credentials',
         credentials: {
-            login: { label: translations.email, type: 'text' },
-            password: { label: translations.password, type: 'password' },
+            login: {
+                label: translations.email,
+                type: 'text'
+            },
+            password: {
+                label: translations.password,
+                type: 'password'
+            }
         },
-        async authorize(credentials) {
+        async authorize (credentials) {
             if (!credentials) {
                 return null;
             }
             const authResult = await authenticateUser(credentials);
             return authResult.ok ? authResult.val : null;
-        },
+        }
     };
 };
 export const authOptions = {
     adapter,
     providers: [
-        ...(config.auth.google
-            ? [
-                extractDefault(GoogleProvider)({
-                    ...config.auth.google,
-                    allowDangerousEmailAccountLinking: true,
-                }),
-            ]
-            : []),
-        ...(config.auth.facebook
-            ? [
-                extractDefault(FacebookProvider)({
-                    ...config.auth.facebook,
-                    allowDangerousEmailAccountLinking: true,
-                }),
-            ]
-            : []),
-        extractDefault(CredentialsProvider)(getCredentialsOptions()),
+        ...config.auth.google ? [
+            extractDefault(GoogleProvider)({
+                ...config.auth.google,
+                allowDangerousEmailAccountLinking: true
+            })
+        ] : [],
+        ...config.auth.facebook ? [
+            extractDefault(FacebookProvider)({
+                ...config.auth.facebook,
+                allowDangerousEmailAccountLinking: true
+            })
+        ] : [],
+        extractDefault(CredentialsProvider)(getCredentialsOptions())
     ],
     callbacks: {
-        async signIn({ account, profile }) {
-            const processName = (profile) => {
+        async signIn ({ account, profile }) {
+            const processName = (profile)=>{
                 if (profile?.given_name || profile?.family_name) {
                     return {
                         firstName: profile?.given_name || '',
-                        lastName: profile?.family_name || '',
+                        lastName: profile?.family_name || ''
                     };
                 }
                 if (!profile?.name) {
                     return {
                         firstName: '',
-                        lastName: '',
+                        lastName: ''
                     };
                 }
-                const r = (str) => str.replace(/\s+/g, ' ').trim();
+                const r = (str)=>str.replace(/\s+/g, ' ').trim();
                 const names = profile?.name.trim();
                 const nameSegments = names.split(' ');
-                const firstName = r(nameSegments
-                    .filter((_s, i) => i !== nameSegments?.length - 1)
-                    .join(' '));
+                const firstName = r(nameSegments.filter((_s, i)=>i !== nameSegments?.length - 1).join(' '));
                 const lastName = r(nameSegments?.[nameSegments?.length - 1]);
-                return { firstName, lastName };
+                return {
+                    firstName,
+                    lastName
+                };
             };
             if (account?.provider === 'google') {
                 if (!profile?.email) {
@@ -105,7 +104,7 @@ export const authOptions = {
                 // const password =  await bcrypt.hash(nanoid(), nanoid())
                 await prisma.user.upsert({
                     where: {
-                        email: profile.email,
+                        email: profile.email
                     },
                     create: {
                         id: generateId('User'),
@@ -115,13 +114,12 @@ export const authOptions = {
                         password,
                         registrationComplete: false,
                         metadata: {
-                            signupProvider: 'google',
-                        },
+                            signupProvider: 'google'
+                        }
                     },
-                    update: {},
+                    update: {}
                 });
-            }
-            else if (account?.provider === 'facebook') {
+            } else if (account?.provider === 'facebook') {
                 if (!profile?.email) {
                     throw new Error('Unauthenticated');
                 }
@@ -129,7 +127,7 @@ export const authOptions = {
                 const password = `${nanoid()}-${nanoid()}`;
                 await prisma.user.upsert({
                     where: {
-                        email: profile.email,
+                        email: profile.email
                     },
                     create: {
                         id: generateId('User'),
@@ -139,46 +137,43 @@ export const authOptions = {
                         password,
                         registrationComplete: false,
                         metadata: {
-                            signupProvider: 'facebook',
-                        },
+                            signupProvider: 'facebook'
+                        }
                     },
-                    update: {},
+                    update: {}
                 });
             }
             return true;
         },
-        async session({ session, user, trigger }) {
-            const { password, permissions, stripeCustomerId, ...newUser } = { ...user };
+        async session ({ session, user, trigger }) {
+            const { password, permissions, stripeCustomerId, ...newUser } = {
+                ...user
+            };
             const finalSession = {
                 user: newUser,
                 expires: new Date(session.expires).toISOString(),
                 id: session.id,
-                sessionToken: session.sessionToken,
+                sessionToken: session.sessionToken
             };
-            const decodedToken = session.sessionToken
-                ? decodeJwt(session.sessionToken)
-                : null;
+            const decodedToken = session.sessionToken ? decodeJwt(session.sessionToken) : null;
             const tokenRoles = decodedToken?.roles;
             if (session.sessionToken) {
-                if (trigger === 'update' ||
-                    !tokenRoles ||
-                    !areArraysSimilar(tokenRoles, user.groups)) {
+                if (trigger === 'update' || !tokenRoles || !areArraysSimilar(tokenRoles, user.groups)) {
                     const newSessionToken = await generateSessionToken(user);
                     // We can't call the update session from the patch because it searches by sessionToken and not by ID
                     try {
                         await prisma.session.update({
                             where: {
-                                sessionToken: session.sessionToken,
+                                sessionToken: session.sessionToken
                             },
                             data: {
-                                sessionToken: newSessionToken,
-                            },
+                                sessionToken: newSessionToken
+                            }
                         });
-                    }
-                    catch (_e) {
-                        // Sometimes, concurrent requests can happen and one would update
-                        // before the other, so prisma won't find it based on sessionToken and throw
-                        // Nothing to do in this case
+                    } catch (_e) {
+                    // Sometimes, concurrent requests can happen and one would update
+                    // before the other, so prisma won't find it based on sessionToken and throw
+                    // Nothing to do in this case
                     }
                     // @ts-expect-error dirty property to be removed in the patch
                     finalSession.newSessionToken = newSessionToken;
@@ -193,18 +188,26 @@ export const authOptions = {
                 await prisma.session.update({
                     where: {
                         id: session.id,
-                        OR: [{ lastActiveAt: null }, { lastActiveAt: { lt: threshold } }],
+                        OR: [
+                            {
+                                lastActiveAt: null
+                            },
+                            {
+                                lastActiveAt: {
+                                    lt: threshold
+                                }
+                            }
+                        ]
                     },
                     data: {
-                        lastActiveAt: new Date(),
-                    },
+                        lastActiveAt: new Date()
+                    }
                 });
-            }
-            catch (_e) {
-                // Silently fail
+            } catch (_e) {
+            // Silently fail
             }
             return finalSession;
-        },
+        }
     },
     cookies: {
         sessionToken: {
@@ -214,12 +217,8 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                domain: process.env.NO_COOKIE_DOMAIN === 'true'
-                    ? undefined
-                    : nextAuthUrl === 'localhost'
-                        ? `.${nextAuthUrl}`
-                        : `.${new URL(nextAuthUrl).hostname}`,
-            },
+                domain: process.env.NO_COOKIE_DOMAIN === 'true' ? undefined : nextAuthUrl === 'localhost' ? `.${nextAuthUrl}` : `.${new URL(nextAuthUrl).hostname}`
+            }
         },
         callbackUrl: {
             name: AUTH_COOKIE_CALLBACK_URL,
@@ -227,8 +226,8 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies,
-            },
+                secure: useSecureCookies
+            }
         },
         csrfToken: {
             name: `${useSecureCookies ? '__Host-' : ''}${AUTH_COOKIE_CSRF_TOKEN}`,
@@ -236,8 +235,8 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies,
-            },
+                secure: useSecureCookies
+            }
         },
         pkceCodeVerifier: {
             name: AUTH_COOKIE_PKCE_CODE_VERIFIER,
@@ -246,8 +245,8 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                maxAge: 900,
-            },
+                maxAge: 900
+            }
         },
         state: {
             name: AUTH_COOKIE_STATE,
@@ -256,8 +255,8 @@ export const authOptions = {
                 sameSite: 'lax',
                 path: '/',
                 secure: useSecureCookies,
-                maxAge: 900,
-            },
+                maxAge: 900
+            }
         },
         nonce: {
             name: AUTH_COOKIE_NONCE,
@@ -265,13 +264,13 @@ export const authOptions = {
                 httpOnly: true,
                 sameSite: 'lax',
                 path: '/',
-                secure: useSecureCookies,
-            },
-        },
+                secure: useSecureCookies
+            }
+        }
     },
     useSecureCookies,
     jwt: {
-        async encode(params) {
+        async encode (params) {
             const secret = new TextEncoder().encode(config.auth.jwtSecret);
             const alg = 'HS256';
             const tokenId = params.token?.sub;
@@ -280,40 +279,36 @@ export const authOptions = {
             }
             const user = await prisma.user.findUnique({
                 where: {
-                    id: tokenId,
-                },
+                    id: tokenId
+                }
             });
             if (!user) {
                 throw new Error('No user found');
             }
             const token = await new SignJWT({
                 ...params.token,
-                roles: user.groups,
-            })
-                .setProtectedHeader({ alg })
-                .setIssuedAt()
-                .setSubject(user.id)
-                .setIssuer('flux.website')
-                .setAudience('flux.website')
-                .sign(secret);
+                roles: user.groups
+            }).setProtectedHeader({
+                alg
+            }).setIssuedAt().setSubject(user.id).setIssuer('flux.website').setAudience('flux.website').sign(secret);
             if (adapter.createSession) {
                 await adapter.createSession({
                     sessionToken: token,
                     userId: user.id,
-                    expires: new Date(Date.now() + (params.maxAge ?? MAX_AGE) * 1000),
+                    expires: new Date(Date.now() + (params.maxAge ?? MAX_AGE) * 1000)
                 });
             }
             return token;
-        },
+        }
     },
     session: {
         strategy: 'database',
         maxAge: MAX_AGE,
-        generateSessionToken: async (user) => {
+        generateSessionToken: async (user)=>{
             return await generateSessionToken(user);
-        },
+        }
     },
     pages: {
-        signIn: '/signin',
-    },
+        signIn: '/signin'
+    }
 };

package/dist/server/prisma-adapter.js

@@ -4,136 +4,172 @@ export function PrismaAdapter() {
     return {
         // TODO
         // @ts-expect-error TypeScript is not working here
-        createUser: async ({ id, groups, permissions, emailVerified, ...data }) => {
+        createUser: async ({ id, groups, permissions, emailVerified, ...data })=>{
             // @ts-expect-error
             const userData = {
                 id: id || generateId('User'),
-                groups: groups || ['member'],
+                groups: groups || [
+                    'member'
+                ],
                 permissions: permissions || {},
                 emailVerified: Boolean(emailVerified),
                 email: data.email.toLowerCase().trim(),
-                ...data,
+                ...data
             };
             const user = await prisma.user.create({
                 data: {
-                    ...userData,
-                },
+                    ...userData
+                }
             });
             return user;
         },
         // TODO
         // @ts-expect-error
-        getUser: (id) => prisma.user.findUnique({ where: { id } }),
+        getUser: (id)=>prisma.user.findUnique({
+                where: {
+                    id
+                }
+            }),
         // TODO
         // @ts-expect-error
-        getUserByEmail: (email) => prisma.user.findUnique({ where: { email: email.toLowerCase().trim() } }),
+        getUserByEmail: (email)=>prisma.user.findUnique({
+                where: {
+                    email: email.toLowerCase().trim()
+                }
+            }),
         // TODO
         // @ts-expect-error
-        async getUserByAccount(provider_providerAccountId) {
+        async getUserByAccount (provider_providerAccountId) {
             const account = await prisma.account.findUnique({
-                where: { provider_providerAccountId },
-                select: { user: true },
+                where: {
+                    provider_providerAccountId
+                },
+                select: {
+                    user: true
+                }
             });
             return account?.user ?? null;
         },
         // TODO
         // @ts-expect-error
-        updateUser: ({ id, ...data }) => {
+        updateUser: ({ id, ...data })=>{
             // @ts-expect-error
             const userData = {
                 email: data.email?.toLowerCase().trim(),
-                ...data,
+                ...data
             };
-            return prisma.user.update({ where: { id }, data: { ...userData } });
+            return prisma.user.update({
+                where: {
+                    id
+                },
+                data: {
+                    ...userData
+                }
+            });
         },
         // TODO
         // @ts-expect-error
-        deleteUser: (id) => prisma.user.delete({ where: { id } }),
+        deleteUser: (id)=>prisma.user.delete({
+                where: {
+                    id
+                }
+            }),
         // @ts-expect-error
-        linkAccount: ({ id, ...data }) => {
+        linkAccount: ({ id, ...data })=>{
             return prisma.account.create({
                 // @ts-expect-error
                 data: {
                     id: id || generateId('Account'),
-                    ...data,
-                },
+                    ...data
+                }
             });
         },
         // @ts-expect-error
-        unlinkAccount: (provider_providerAccountId) => prisma.account.delete({
-            where: { provider_providerAccountId },
-        }),
+        unlinkAccount: (provider_providerAccountId)=>prisma.account.delete({
+                where: {
+                    provider_providerAccountId
+                }
+            }),
         // TODO
         // @ts-expect-error
-        async getSessionAndUser(sessionToken) {
+        async getSessionAndUser (sessionToken) {
             const userAndSession = await prisma.session.findUnique({
-                where: { sessionToken },
-                include: { user: true },
+                where: {
+                    sessionToken
+                },
+                include: {
+                    user: true
+                }
             });
-            if (!userAndSession)
-                return null;
+            if (!userAndSession) return null;
             const { user, ...session } = userAndSession;
-            return { user, session };
+            return {
+                user,
+                session
+            };
         },
         // TODO
         // @ts-expect-error
-        async createSession({ id, ...data }) {
+        async createSession ({ id, ...data }) {
             const session = await prisma.session.create({
                 data: {
                     id: id || generateId('Session'),
-                    ...data,
-                },
+                    ...data
+                }
             });
             return session;
         },
-        updateSession: (data) => {
+        updateSession: (data)=>{
             return prisma.session.update({
-                where: { sessionToken: data.sessionToken },
-                data,
+                where: {
+                    sessionToken: data.sessionToken
+                },
+                data
             });
         },
-        deleteSession: async (sessionToken) => {
+        deleteSession: async (sessionToken)=>{
             try {
-                await prisma.session.delete({ where: { sessionToken } });
-            }
-            catch (_e) {
-                // TODO
-                // DO nothing for now
+                await prisma.session.delete({
+                    where: {
+                        sessionToken
+                    }
+                });
+            } catch (_e) {
+            // TODO
+            // DO nothing for now
             }
         },
         // TODO
         // @ts-expect-error
-        async createVerificationToken({ id, ...data }) {
+        async createVerificationToken ({ id, ...data }) {
             const verificationToken = await prisma.verificationToken.create({
                 data: {
                     id: id || generateId('VerificationToken'),
-                    ...data,
-                },
+                    ...data
+                }
             });
             // TODO
             // @ts-expect-errors // MongoDB needs an ID, but we don't
-            if (verificationToken.id)
-                verificationToken.id = undefined;
+            if (verificationToken.id) verificationToken.id = undefined;
             return verificationToken;
         },
-        async useVerificationToken(identifier_token) {
+        async useVerificationToken (identifier_token) {
             try {
                 const verificationToken = await prisma.verificationToken.delete({
-                    where: { identifier_token },
+                    where: {
+                        identifier_token
+                    }
                 });
                 // TODO
                 // @ts-expect-errors // MongoDB needs an ID, but we don't
-                if (verificationToken.id)
-                    verificationToken.id = undefined;
+                if (verificationToken.id) verificationToken.id = undefined;
                 return verificationToken;
-            }
-            catch (error) {
+            } catch (error) {
                 // If token already used/deleted, just return null
                 // https://www.prisma.io/docs/reference/api-reference/error-reference#p2025
-                if (error.code === 'P2025')
-                    return null;
+                if (error.code === 'P2025') return null;
                 throw error;
             }
-        },
+        }
     };
 }