@eaccess/auth 0.1.18 → 0.1.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +30 -7
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +10 -1
- package/dist/index.d.ts +10 -1
- package/dist/index.js +30 -7
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.cts
CHANGED
|
@@ -55,6 +55,7 @@ interface AuthConfig {
|
|
|
55
55
|
google?: GoogleProviderConfig;
|
|
56
56
|
azure?: AzureProviderConfig;
|
|
57
57
|
};
|
|
58
|
+
githubUserAgent?: string;
|
|
58
59
|
twoFactor?: {
|
|
59
60
|
enabled?: boolean;
|
|
60
61
|
requireForOAuth?: boolean;
|
|
@@ -149,6 +150,7 @@ interface AuthSession {
|
|
|
149
150
|
lastRememberCheck: Date;
|
|
150
151
|
forceLogout: number;
|
|
151
152
|
verified: boolean;
|
|
153
|
+
hasPassword: boolean;
|
|
152
154
|
shouldForceLogout?: boolean;
|
|
153
155
|
awaitingTwoFactor?: {
|
|
154
156
|
accountId: number;
|
|
@@ -285,6 +287,7 @@ interface AuthManager$1 {
|
|
|
285
287
|
getEmail(): string | null;
|
|
286
288
|
getStatus(): number | null;
|
|
287
289
|
getVerified(): boolean | null;
|
|
290
|
+
hasPassword(): boolean | null;
|
|
288
291
|
getRoleNames(rolemask?: number): string[];
|
|
289
292
|
getStatusName(): string | null;
|
|
290
293
|
hasRole(role: number): Promise<boolean>;
|
|
@@ -977,6 +980,12 @@ declare class AuthManager implements AuthManager$1 {
|
|
|
977
980
|
* @returns true if verified, false if unverified, null if not logged in
|
|
978
981
|
*/
|
|
979
982
|
getVerified(): boolean | null;
|
|
983
|
+
/**
|
|
984
|
+
* Check if the current user has a password set.
|
|
985
|
+
* OAuth-only users will return false.
|
|
986
|
+
* @returns true if user has a password, false if OAuth-only, null if not logged in
|
|
987
|
+
*/
|
|
988
|
+
hasPassword(): boolean | null;
|
|
980
989
|
/**
|
|
981
990
|
* Get human-readable role names for the current user or a specific rolemask.
|
|
982
991
|
* @param rolemask - Optional specific rolemask to check. If omitted, uses current user's roles
|
|
@@ -1159,7 +1168,7 @@ declare abstract class BaseOAuthProvider implements OAuthProvider {
|
|
|
1159
1168
|
protected processOAuthLogin(userData: OAuthUserData, req: Request): Promise<OAuthCallbackResult>;
|
|
1160
1169
|
protected abstract getProviderName(): string;
|
|
1161
1170
|
protected exchangeCodeForToken(code: string, tokenUrl: string): Promise<string>;
|
|
1162
|
-
protected fetchUserFromAPI(accessToken: string, apiUrl: string): Promise<any>;
|
|
1171
|
+
protected fetchUserFromAPI(accessToken: string, apiUrl: string, headers?: Record<string, string>): Promise<any>;
|
|
1163
1172
|
}
|
|
1164
1173
|
|
|
1165
1174
|
declare class GitHubProvider extends BaseOAuthProvider {
|
package/dist/index.d.ts
CHANGED
|
@@ -55,6 +55,7 @@ interface AuthConfig {
|
|
|
55
55
|
google?: GoogleProviderConfig;
|
|
56
56
|
azure?: AzureProviderConfig;
|
|
57
57
|
};
|
|
58
|
+
githubUserAgent?: string;
|
|
58
59
|
twoFactor?: {
|
|
59
60
|
enabled?: boolean;
|
|
60
61
|
requireForOAuth?: boolean;
|
|
@@ -149,6 +150,7 @@ interface AuthSession {
|
|
|
149
150
|
lastRememberCheck: Date;
|
|
150
151
|
forceLogout: number;
|
|
151
152
|
verified: boolean;
|
|
153
|
+
hasPassword: boolean;
|
|
152
154
|
shouldForceLogout?: boolean;
|
|
153
155
|
awaitingTwoFactor?: {
|
|
154
156
|
accountId: number;
|
|
@@ -285,6 +287,7 @@ interface AuthManager$1 {
|
|
|
285
287
|
getEmail(): string | null;
|
|
286
288
|
getStatus(): number | null;
|
|
287
289
|
getVerified(): boolean | null;
|
|
290
|
+
hasPassword(): boolean | null;
|
|
288
291
|
getRoleNames(rolemask?: number): string[];
|
|
289
292
|
getStatusName(): string | null;
|
|
290
293
|
hasRole(role: number): Promise<boolean>;
|
|
@@ -977,6 +980,12 @@ declare class AuthManager implements AuthManager$1 {
|
|
|
977
980
|
* @returns true if verified, false if unverified, null if not logged in
|
|
978
981
|
*/
|
|
979
982
|
getVerified(): boolean | null;
|
|
983
|
+
/**
|
|
984
|
+
* Check if the current user has a password set.
|
|
985
|
+
* OAuth-only users will return false.
|
|
986
|
+
* @returns true if user has a password, false if OAuth-only, null if not logged in
|
|
987
|
+
*/
|
|
988
|
+
hasPassword(): boolean | null;
|
|
980
989
|
/**
|
|
981
990
|
* Get human-readable role names for the current user or a specific rolemask.
|
|
982
991
|
* @param rolemask - Optional specific rolemask to check. If omitted, uses current user's roles
|
|
@@ -1159,7 +1168,7 @@ declare abstract class BaseOAuthProvider implements OAuthProvider {
|
|
|
1159
1168
|
protected processOAuthLogin(userData: OAuthUserData, req: Request): Promise<OAuthCallbackResult>;
|
|
1160
1169
|
protected abstract getProviderName(): string;
|
|
1161
1170
|
protected exchangeCodeForToken(code: string, tokenUrl: string): Promise<string>;
|
|
1162
|
-
protected fetchUserFromAPI(accessToken: string, apiUrl: string): Promise<any>;
|
|
1171
|
+
protected fetchUserFromAPI(accessToken: string, apiUrl: string, headers?: Record<string, string>): Promise<any>;
|
|
1163
1172
|
}
|
|
1164
1173
|
|
|
1165
1174
|
declare class GitHubProvider extends BaseOAuthProvider {
|
package/dist/index.js
CHANGED
|
@@ -696,11 +696,12 @@ var BaseOAuthProvider = class {
|
|
|
696
696
|
}
|
|
697
697
|
return data.access_token;
|
|
698
698
|
}
|
|
699
|
-
async fetchUserFromAPI(accessToken, apiUrl) {
|
|
699
|
+
async fetchUserFromAPI(accessToken, apiUrl, headers = {}) {
|
|
700
700
|
const response = await fetch(apiUrl, {
|
|
701
701
|
headers: {
|
|
702
702
|
Authorization: `Bearer ${accessToken}`,
|
|
703
|
-
Accept: "application/json"
|
|
703
|
+
Accept: "application/json",
|
|
704
|
+
...headers
|
|
704
705
|
}
|
|
705
706
|
});
|
|
706
707
|
if (!response.ok) {
|
|
@@ -731,14 +732,24 @@ var GitHubProvider = class extends BaseOAuthProvider {
|
|
|
731
732
|
throw new Error("No authorization code provided");
|
|
732
733
|
}
|
|
733
734
|
const accessToken = await this.exchangeCodeForToken(code, "https://github.com/login/oauth/access_token");
|
|
734
|
-
const
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
735
|
+
const apiHeaders = {
|
|
736
|
+
Accept: "application/vnd.github+json",
|
|
737
|
+
"User-Agent": this.authConfig.githubUserAgent || "EasyAccess",
|
|
738
|
+
"X-GitHub-Api-Version": "2022-11-28"
|
|
739
|
+
};
|
|
740
|
+
const [user, emails] = await Promise.all([
|
|
741
|
+
this.fetchUserFromAPI(accessToken, "https://api.github.com/user", apiHeaders),
|
|
742
|
+
this.fetchUserFromAPI(accessToken, "https://api.github.com/user/emails", apiHeaders)
|
|
743
|
+
]);
|
|
744
|
+
const verifiedEmails = Array.isArray(emails) ? emails.filter((email) => email.verified) : [];
|
|
745
|
+
const primaryEmail = verifiedEmails.find((email) => email.primary)?.email;
|
|
746
|
+
const fallbackEmail = primaryEmail || verifiedEmails[0]?.email;
|
|
747
|
+
if (!fallbackEmail) {
|
|
748
|
+
throw new Error("No verified email found in GitHub account");
|
|
738
749
|
}
|
|
739
750
|
return {
|
|
740
751
|
id: user.id.toString(),
|
|
741
|
-
email:
|
|
752
|
+
email: fallbackEmail,
|
|
742
753
|
username: user.login,
|
|
743
754
|
name: user.name || user.login,
|
|
744
755
|
avatar: user.avatar_url
|
|
@@ -1744,6 +1755,7 @@ var AuthManager = class {
|
|
|
1744
1755
|
this.req.session.auth.status = account.status;
|
|
1745
1756
|
this.req.session.auth.rolemask = account.rolemask;
|
|
1746
1757
|
this.req.session.auth.verified = account.verified;
|
|
1758
|
+
this.req.session.auth.hasPassword = account.password !== null;
|
|
1747
1759
|
this.req.session.auth.lastResync = /* @__PURE__ */ new Date();
|
|
1748
1760
|
}
|
|
1749
1761
|
async processRememberDirective() {
|
|
@@ -1797,6 +1809,7 @@ var AuthManager = class {
|
|
|
1797
1809
|
lastRememberCheck: /* @__PURE__ */ new Date(),
|
|
1798
1810
|
forceLogout: account.force_logout,
|
|
1799
1811
|
verified: account.verified,
|
|
1812
|
+
hasPassword: account.password !== null,
|
|
1800
1813
|
shouldForceLogout: false
|
|
1801
1814
|
};
|
|
1802
1815
|
this.req.session.auth = session;
|
|
@@ -1883,6 +1896,7 @@ var AuthManager = class {
|
|
|
1883
1896
|
lastRememberCheck: /* @__PURE__ */ new Date(),
|
|
1884
1897
|
forceLogout: 0,
|
|
1885
1898
|
verified: false,
|
|
1899
|
+
hasPassword: false,
|
|
1886
1900
|
awaitingTwoFactor: {
|
|
1887
1901
|
accountId: account.id,
|
|
1888
1902
|
expiresAt,
|
|
@@ -2021,6 +2035,14 @@ var AuthManager = class {
|
|
|
2021
2035
|
getVerified() {
|
|
2022
2036
|
return this.req.session?.auth?.verified ?? null;
|
|
2023
2037
|
}
|
|
2038
|
+
/**
|
|
2039
|
+
* Check if the current user has a password set.
|
|
2040
|
+
* OAuth-only users will return false.
|
|
2041
|
+
* @returns true if user has a password, false if OAuth-only, null if not logged in
|
|
2042
|
+
*/
|
|
2043
|
+
hasPassword() {
|
|
2044
|
+
return this.req.session?.auth?.hasPassword ?? null;
|
|
2045
|
+
}
|
|
2024
2046
|
/**
|
|
2025
2047
|
* Get human-readable role names for the current user or a specific rolemask.
|
|
2026
2048
|
* @param rolemask - Optional specific rolemask to check. If omitted, uses current user's roles
|
|
@@ -2169,6 +2191,7 @@ var AuthManager = class {
|
|
|
2169
2191
|
lastRememberCheck: /* @__PURE__ */ new Date(),
|
|
2170
2192
|
forceLogout: 0,
|
|
2171
2193
|
verified: false,
|
|
2194
|
+
hasPassword: false,
|
|
2172
2195
|
awaitingTwoFactor: {
|
|
2173
2196
|
accountId: account.id,
|
|
2174
2197
|
expiresAt,
|