@ereo/server 0.2.2 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-enforcement.d.ts +25 -0
- package/dist/auth-enforcement.d.ts.map +1 -0
- package/dist/bun-server.d.ts.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +65 -0
- package/package.json +5 -5
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @ereo/server - Auth Config Enforcement
|
|
3
|
+
*
|
|
4
|
+
* Runtime enforcement of route-level AuthConfig.
|
|
5
|
+
* Evaluates static checks (required, roles) and custom check functions
|
|
6
|
+
* before loaders/actions execute.
|
|
7
|
+
*/
|
|
8
|
+
import type { AuthConfig, AuthCheckResult, AppContext } from '@ereo/core';
|
|
9
|
+
/**
|
|
10
|
+
* Resolve an auth denial using the static AuthConfig fallbacks.
|
|
11
|
+
* Checks redirect → unauthorized → default 403.
|
|
12
|
+
*/
|
|
13
|
+
export declare function resolveAuthDenial(auth: AuthConfig, request: Request): Response;
|
|
14
|
+
/**
|
|
15
|
+
* Resolve a rich AuthCheckResult denial into a Response.
|
|
16
|
+
*/
|
|
17
|
+
export declare function resolveCheckResult(result: AuthCheckResult & {
|
|
18
|
+
allowed: false;
|
|
19
|
+
}): Response;
|
|
20
|
+
/**
|
|
21
|
+
* Enforce route-level auth config before running loaders/actions.
|
|
22
|
+
* Returns a Response if access is denied, or null if access is allowed.
|
|
23
|
+
*/
|
|
24
|
+
export declare function enforceAuthConfig(authConfig: AuthConfig, request: Request, context: AppContext, params: Record<string, string | string[] | undefined>): Promise<Response | null>;
|
|
25
|
+
//# sourceMappingURL=auth-enforcement.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-enforcement.d.ts","sourceRoot":"","sources":["../src/auth-enforcement.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE1E;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,GAAG,QAAQ,CAgB9E;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG;IAAE,OAAO,EAAE,KAAK,CAAA;CAAE,GAAG,QAAQ,CAezF;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,OAAO,EAChB,OAAO,EAAE,UAAU,EACnB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,GACpD,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CA4B1B"}
|
package/dist/bun-server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bun-server.d.ts","sourceRoot":"","sources":["../src/bun-server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAClC,OAAO,KAAK,EAAmE,iBAAiB,EAA0C,MAAM,YAAY,CAAC;AAC7J,OAAO,EAAiC,OAAO,EAAiB,MAAM,YAAY,CAAC;AACnF,OAAO,EAAE,UAAU,EAAwD,MAAM,cAAc,CAAC;AAChG,OAAO,EAIL,IAAI,EACJ,eAAe,EAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAe,KAAK,aAAa,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EAA+C,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"bun-server.d.ts","sourceRoot":"","sources":["../src/bun-server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAClC,OAAO,KAAK,EAAmE,iBAAiB,EAA0C,MAAM,YAAY,CAAC;AAC7J,OAAO,EAAiC,OAAO,EAAiB,MAAM,YAAY,CAAC;AACnF,OAAO,EAAE,UAAU,EAAwD,MAAM,cAAc,CAAC;AAChG,OAAO,EAIL,IAAI,EACJ,eAAe,EAChB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAe,KAAK,aAAa,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EAA+C,KAAK,aAAa,EAAE,MAAM,aAAa,CAAC;AAyD9F;;;;;;GAMG;AACH,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,QAAQ,CAAC;AAEtD;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,wBAAwB;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,0BAA0B;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,qBAAqB;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,kBAAkB;IAClB,IAAI,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3D,6BAA6B;IAC7B,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7D,wBAAwB;IACxB,SAAS,CAAC,EAAE,UAAU,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IACzD,kBAAkB;IAClB,GAAG,CAAC,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,wFAAwF;IACxF,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,kCAAkC;IAClC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6BAA6B;IAC7B,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,2FAA2F;IAC3F,KAAK,CAAC,EAAE,OAAO,GAAG;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,UAAU,EAAE,iBAAiB,CAAC;QAAC,aAAa,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,QAAQ,CAAC;QAAC,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,QAAQ,CAAA;KAAE,CAAC;CACjK;AAED;;GAEG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAgC;IAC9C,OAAO,CAAC,GAAG,CAAwB;IACnC,OAAO,CAAC,MAAM,CAA2B;IACzC,OAAO,CAAC,UAAU,CAAkB;IACpC,OAAO,CAAC,aAAa,CAAiE;IACtF,OAAO,CAAC,OAAO,CAAgB;gBAEnB,OAAO,GAAE,aAAkB;IAoBvC;;OAEG;IACH,OAAO,CAAC,eAAe;IAwBvB;;OAEG;IACH,MAAM,CAAC,GAAG,EAAE,OAAO,GAAG,IAAI;IAI1B;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,UAAU,GAAG,IAAI;IAOnC;;OAEG;IACH,GAAG,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI;IACrC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,GAAG,IAAI;IASnD;;OAEG;YACW,aAAa;IAqG3B;;OAEG;YACW,sBAAsB;IA2BpC;;OAEG;YACW,WAAW;IAuBzB;;OAEG;YACW,uBAAuB;IAoBrC;;OAEG;YACW,gBAAgB;IAyL9B;;OAEG;YACW,UAAU;IA2FxB;;;;;;;OAOG;YACW,mBAAmB;IA2FjC;;OAEG;YACW,gBAAgB;IAmC9B;;;;;;OAMG;YACW,yBAAyB;IA4EvC;;OAEG;YACW,sBAAsB;IAyCpC;;OAEG;YACW,iBAAiB;IAqC/B;;OAEG;IACH,OAAO,CAAC,eAAe;IA+BvB;;OAEG;IACH,OAAO,CAAC,SAAS;IA0BjB;;OAEG;IACH,OAAO,CAAC,YAAY;IASpB;;OAEG;IACH,OAAO,CAAC,eAAe;IAcvB;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IA8BxB;;;;OAIG;IACH,OAAO,CAAC,iBAAiB;IA4CzB;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAqBzB;;OAEG;IACH,OAAO,CAAC,UAAU;IASlB;;OAEG;IACH,OAAO,CAAC,WAAW;IA0CnB;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAmCvC;;OAEG;IACH,IAAI,IAAI,IAAI;IAOZ;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ7B;;OAEG;IACH,SAAS,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,IAAI;IAInC;;OAEG;IACH,OAAO,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,OAAO,CAAA;KAAE;CAOpE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,SAAS,CAE/D;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,CAIvE"}
|
package/dist/index.d.ts
CHANGED
|
@@ -8,6 +8,7 @@ export type { ServerOptions, ServerRenderMode } from './bun-server';
|
|
|
8
8
|
export { MiddlewareChain, createMiddlewareChain, logger, cors, securityHeaders, compress, rateLimit, } from './middleware';
|
|
9
9
|
export type { MiddlewareDefinition, CorsOptions, SecurityHeadersOptions, RateLimitOptions, } from './middleware';
|
|
10
10
|
export type { MiddlewareHandler, NextFunction, Middleware, AppContext, } from '@ereo/core';
|
|
11
|
+
export { enforceAuthConfig, resolveAuthDenial, resolveCheckResult, } from './auth-enforcement';
|
|
11
12
|
export { serveStatic, staticMiddleware, getMimeType, } from './static';
|
|
12
13
|
export type { StaticOptions } from './static';
|
|
13
14
|
export { createShell, renderToStream, renderToString, createResponse, createSuspenseStream, } from './streaming';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,SAAS,EACT,YAAY,EACZ,KAAK,GACN,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGpE,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,IAAI,EACJ,eAAe,EACf,QAAQ,EACR,SAAS,GACV,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,oBAAoB,EACpB,WAAW,EACX,sBAAsB,EACtB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAItB,YAAY,EACV,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,WAAW,GACZ,MAAM,UAAU,CAAC;AAElB,YAAY,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAG9C,OAAO,EACL,WAAW,EACX,cAAc,EACd,cAAc,EACd,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,aAAa,EACb,aAAa,EACb,YAAY,GACb,MAAM,aAAa,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,SAAS,EACT,YAAY,EACZ,KAAK,GACN,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGpE,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,MAAM,EACN,IAAI,EACJ,eAAe,EACf,QAAQ,EACR,SAAS,GACV,MAAM,cAAc,CAAC;AAEtB,YAAY,EACV,oBAAoB,EACpB,WAAW,EACX,sBAAsB,EACtB,gBAAgB,GACjB,MAAM,cAAc,CAAC;AAItB,YAAY,EACV,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,WAAW,GACZ,MAAM,UAAU,CAAC;AAElB,YAAY,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAG9C,OAAO,EACL,WAAW,EACX,cAAc,EACd,cAAc,EACd,cAAc,EACd,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,YAAY,EACV,aAAa,EACb,aAAa,EACb,YAAY,GACb,MAAM,aAAa,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -585,6 +585,62 @@ function createSuspenseStream() {
|
|
|
585
585
|
import { serializeLoaderData as serializeLoaderData2, hasDeferredData as hasDeferredData2, resolveAllDeferred as resolveAllDeferred2 } from "@ereo/data";
|
|
586
586
|
import { createElement } from "react";
|
|
587
587
|
import { OutletProvider } from "@ereo/client";
|
|
588
|
+
|
|
589
|
+
// src/auth-enforcement.ts
|
|
590
|
+
function resolveAuthDenial(auth, request) {
|
|
591
|
+
if (auth.redirect) {
|
|
592
|
+
const pathname = new URL(request.url).pathname;
|
|
593
|
+
const url = auth.redirect.replace("{pathname}", encodeURIComponent(pathname));
|
|
594
|
+
return new Response(null, {
|
|
595
|
+
status: 302,
|
|
596
|
+
headers: { Location: url }
|
|
597
|
+
});
|
|
598
|
+
}
|
|
599
|
+
if (auth.unauthorized) {
|
|
600
|
+
return new Response(JSON.stringify(auth.unauthorized.body), {
|
|
601
|
+
status: auth.unauthorized.status,
|
|
602
|
+
headers: { "Content-Type": "application/json" }
|
|
603
|
+
});
|
|
604
|
+
}
|
|
605
|
+
return new Response("Forbidden", { status: 403 });
|
|
606
|
+
}
|
|
607
|
+
function resolveCheckResult(result) {
|
|
608
|
+
if ("response" in result)
|
|
609
|
+
return result.response;
|
|
610
|
+
if ("redirect" in result) {
|
|
611
|
+
return new Response(null, {
|
|
612
|
+
status: 302,
|
|
613
|
+
headers: { Location: result.redirect }
|
|
614
|
+
});
|
|
615
|
+
}
|
|
616
|
+
return new Response(result.body !== undefined ? JSON.stringify(result.body) : "Forbidden", {
|
|
617
|
+
status: result.status,
|
|
618
|
+
headers: result.body !== undefined ? { "Content-Type": "application/json" } : {}
|
|
619
|
+
});
|
|
620
|
+
}
|
|
621
|
+
async function enforceAuthConfig(authConfig, request, context, params) {
|
|
622
|
+
const authCtx = context.get("auth");
|
|
623
|
+
if (authConfig.required && !authCtx?.isAuthenticated()) {
|
|
624
|
+
return resolveAuthDenial(authConfig, request);
|
|
625
|
+
}
|
|
626
|
+
if (authConfig.roles?.length) {
|
|
627
|
+
if (!authCtx?.isAuthenticated() || !authCtx.hasAnyRole(authConfig.roles)) {
|
|
628
|
+
return resolveAuthDenial(authConfig, request);
|
|
629
|
+
}
|
|
630
|
+
}
|
|
631
|
+
if (authConfig.check) {
|
|
632
|
+
const result = await authConfig.check({ request, context, params });
|
|
633
|
+
if (result === false) {
|
|
634
|
+
return resolveAuthDenial(authConfig, request);
|
|
635
|
+
}
|
|
636
|
+
if (result !== true && typeof result === "object" && "allowed" in result && !result.allowed) {
|
|
637
|
+
return resolveCheckResult(result);
|
|
638
|
+
}
|
|
639
|
+
}
|
|
640
|
+
return null;
|
|
641
|
+
}
|
|
642
|
+
|
|
643
|
+
// src/bun-server.ts
|
|
588
644
|
async function getStreamingRenderer() {
|
|
589
645
|
try {
|
|
590
646
|
const browserServer = await import("react-dom/server.browser");
|
|
@@ -766,6 +822,12 @@ class BunServer {
|
|
|
766
822
|
}
|
|
767
823
|
async handleRouteInner(request, match, context) {
|
|
768
824
|
const module = match.route.module;
|
|
825
|
+
const routeAuthConfig = match.route.config?.auth || module.config?.auth;
|
|
826
|
+
if (routeAuthConfig) {
|
|
827
|
+
const denied = await enforceAuthConfig(routeAuthConfig, request, context, match.params);
|
|
828
|
+
if (denied)
|
|
829
|
+
return denied;
|
|
830
|
+
}
|
|
769
831
|
const httpMethod = request.method.toUpperCase();
|
|
770
832
|
const HTTP_METHODS = ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS", "HEAD"];
|
|
771
833
|
if (HTTP_METHODS.includes(httpMethod)) {
|
|
@@ -1373,11 +1435,14 @@ export {
|
|
|
1373
1435
|
serveStatic,
|
|
1374
1436
|
serve,
|
|
1375
1437
|
securityHeaders,
|
|
1438
|
+
resolveCheckResult,
|
|
1439
|
+
resolveAuthDenial,
|
|
1376
1440
|
renderToString,
|
|
1377
1441
|
renderToStream,
|
|
1378
1442
|
rateLimit,
|
|
1379
1443
|
logger,
|
|
1380
1444
|
getMimeType,
|
|
1445
|
+
enforceAuthConfig,
|
|
1381
1446
|
createSuspenseStream,
|
|
1382
1447
|
createShell,
|
|
1383
1448
|
createServer,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ereo/server",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.4",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"author": "Ereo Team",
|
|
6
6
|
"homepage": "https://ereojs.github.io/ereoJS",
|
|
@@ -32,10 +32,10 @@
|
|
|
32
32
|
"typecheck": "tsc --noEmit"
|
|
33
33
|
},
|
|
34
34
|
"dependencies": {
|
|
35
|
-
"@ereo/core": "^0.2.
|
|
36
|
-
"@ereo/client": "^0.2.
|
|
37
|
-
"@ereo/router": "^0.2.
|
|
38
|
-
"@ereo/data": "^0.2.
|
|
35
|
+
"@ereo/core": "^0.2.4",
|
|
36
|
+
"@ereo/client": "^0.2.4",
|
|
37
|
+
"@ereo/router": "^0.2.4",
|
|
38
|
+
"@ereo/data": "^0.2.4"
|
|
39
39
|
},
|
|
40
40
|
"devDependencies": {
|
|
41
41
|
"@types/bun": "^1.1.0",
|