npm - @eaccess/auth - Versions diffs - 0.1.19 → 0.1.21 - Mend

@eaccess/auth 0.1.19 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -67,6 +67,7 @@ __export(index_exports, {
   addRoleForUserBy: () => addRoleForUserBy,
   addRoleToUser: () => addRoleToUser,
   authFunctions: () => auth_functions_exports,
+  authenticateRequest: () => authenticateRequest,
   changePasswordForUserBy: () => changePasswordForUserBy,
   cleanupExpiredTokens: () => cleanupExpiredTokens,
   confirmResetPassword: () => confirmResetPassword,
@@ -785,11 +786,12 @@ var BaseOAuthProvider = class {
     }
     return data.access_token;
   }
-  async fetchUserFromAPI(accessToken, apiUrl) {
+  async fetchUserFromAPI(accessToken, apiUrl, headers = {}) {
     const response = await fetch(apiUrl, {
       headers: {
         Authorization: `Bearer ${accessToken}`,
-        Accept: "application/json"
+        Accept: "application/json",
+        ...headers
       }
     });
     if (!response.ok) {
@@ -820,14 +822,24 @@ var GitHubProvider = class extends BaseOAuthProvider {
       throw new Error("No authorization code provided");
     }
     const accessToken = await this.exchangeCodeForToken(code, "https://github.com/login/oauth/access_token");
-    const [user, emails] = await Promise.all([this.fetchUserFromAPI(accessToken, "https://api.github.com/user"), this.fetchUserFromAPI(accessToken, "https://api.github.com/user/emails")]);
-    const primaryEmail = Array.isArray(emails) ? emails.find((email) => email.primary)?.email : null;
-    if (!primaryEmail) {
-      throw new Error("No primary email found in GitHub account");
+    const apiHeaders = {
+      Accept: "application/vnd.github+json",
+      "User-Agent": this.authConfig.githubUserAgent || "EasyAccess",
+      "X-GitHub-Api-Version": "2022-11-28"
+    };
+    const [user, emails] = await Promise.all([
+      this.fetchUserFromAPI(accessToken, "https://api.github.com/user", apiHeaders),
+      this.fetchUserFromAPI(accessToken, "https://api.github.com/user/emails", apiHeaders)
+    ]);
+    const verifiedEmails = Array.isArray(emails) ? emails.filter((email) => email.verified) : [];
+    const primaryEmail = verifiedEmails.find((email) => email.primary)?.email;
+    const fallbackEmail = primaryEmail || verifiedEmails[0]?.email;
+    if (!fallbackEmail) {
+      throw new Error("No verified email found in GitHub account");
     }
     return {
       id: user.id.toString(),
-      email: primaryEmail,
+      email: fallbackEmail,
       username: user.login,
       name: user.name || user.login,
       avatar: user.avatar_url
@@ -1460,6 +1472,7 @@ var TwoFactorManager = class {
 var auth_functions_exports = {};
 __export(auth_functions_exports, {
   addRoleForUserBy: () => addRoleForUserBy,
+  authenticateRequest: () => authenticateRequest,
   changePasswordForUserBy: () => changePasswordForUserBy,
   confirmResetPassword: () => confirmResetPassword,
   createUser: () => createUser,
@@ -1475,6 +1488,48 @@ __export(auth_functions_exports, {
 });
 var import_hash3 = require("@prsm/hash");
 var import_ms2 = __toESM(require("@prsm/ms"), 1);
+function parseCookies(cookieHeader) {
+  const cookies = {};
+  if (!cookieHeader) return cookies;
+  for (const pair of cookieHeader.split(";")) {
+    const idx = pair.indexOf("=");
+    if (idx === -1) continue;
+    const key = pair.slice(0, idx).trim();
+    const value = pair.slice(idx + 1).trim();
+    if (key) cookies[key] = decodeURIComponent(value);
+  }
+  return cookies;
+}
+async function authenticateRequest(config, req, sessionMiddleware) {
+  const queries = new AuthQueries(config);
+  if (sessionMiddleware) {
+    await new Promise((resolve) => {
+      sessionMiddleware(req, {}, resolve);
+    });
+  }
+  const session = req.session;
+  if (session?.auth?.loggedIn && session.auth.accountId) {
+    const account2 = await queries.findAccountById(session.auth.accountId);
+    if (account2 && account2.status === AuthStatus.Normal) {
+      return { account: account2, source: "session" };
+    }
+  }
+  const cookies = parseCookies(req.headers.cookie || "");
+  const cookieName = config.rememberCookieName || "remember_token";
+  const token = cookies[cookieName];
+  if (!token) {
+    return { account: null, source: null };
+  }
+  const remember = await queries.findRememberToken(token);
+  if (!remember || /* @__PURE__ */ new Date() > remember.expires) {
+    return { account: null, source: null };
+  }
+  const account = await queries.findAccountById(remember.account_id);
+  if (!account || account.status !== AuthStatus.Normal) {
+    return { account: null, source: null };
+  }
+  return { account, source: "remember" };
+}
 function validatePassword(password, config) {
   const minLength = config.minPasswordLength || 8;
   const maxLength = config.maxPasswordLength || 64;
@@ -2794,6 +2849,7 @@ async function getUserRoles(config, identifier) {
   addRoleForUserBy,
   addRoleToUser,
   authFunctions,
+  authenticateRequest,
   changePasswordForUserBy,
   cleanupExpiredTokens,
   confirmResetPassword,