@grasp-labs/ds-microfrontends-integration 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +5 -27
  2. package/dist/dev/express-auth-middleware.d.ts +10 -14
  3. package/dist/dev/express-auth-middleware.js +15 -15
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -220,41 +220,19 @@ npm install
220
220
 
221
221
  ### Dev auth middleware
222
222
 
223
- For local Express work you can protect every route with the provided development
224
- login middleware:
223
+ `devAuthMiddleware` adds a quick login screen to your local Express setup and reuses the returned token for every backend call. Mount it before anything that proxies to your APIs so outbound requests get `Authorization: Bearer <token>` automatically.
225
224
 
226
225
  ```ts
227
226
  import express from "express";
228
- import { devLoginMiddleware } from "@grasp-labs/ds-microfrontends-integration/dev";
227
+ import { devAuthMiddleware } from "@grasp-labs/ds-microfrontends-integration/dev";
229
228
 
230
229
  const app = express();
231
- app.use(devLoginMiddleware());
232
- ```
233
-
234
- To skip the login form entirely, preload `DEV_AUTH_TOKEN` (for example by adding `DEV_AUTH_TOKEN=<value>` to a `.env` file or exporting it in your shell) before starting the server.
235
-
236
- Once you have a token you can forward it to internal services through your dev proxy. For example:
237
230
 
238
- ```ts
239
- import { DEV_AUTH_TOKEN } from "@grasp-labs/ds-microfrontends-integration/dev";
240
- import { createProxyMiddleware } from "http-proxy-middleware";
241
-
242
- expressInstance.use(
243
- `${BASE_PATH}/api/ds-config-api`,
244
- createProxyMiddleware({
245
- target: "https://your-backend-url.com",
246
- on: {
247
- proxyReq: (proxyReq) => {
248
- const token = DEV_AUTH_TOKEN.get();
249
- if (token) {
250
- proxyReq.setHeader("Authorization", `Bearer ${token}`);
251
- }
252
- },
253
- },
254
- }),
255
- );
231
+ app.use(devAuthMiddleware());
256
232
  ```
257
233
 
234
+ Skip the form entirely by setting `DEV_AUTH_TOKEN` (env var or `.env` file) before starting the server. Need a token? Call the dev auth endpoint with your usual credentials and copy the `access_token`.
235
+
258
236
  ### Scripts
259
237
 
260
238
  - `npm run build` - Build the library
package/dist/dev/express-auth-middleware.d.ts CHANGED
@@ -19,29 +19,25 @@ export type DevLoginOptions = {
19
19
  authEndpoint?: string;
20
20
  };
21
21
  /**
22
- * Creates an Express middleware that guards all routes behind a simple dev login.
23
- * Users are redirected to the login page unless a `DEV_AUTH_TOKEN` is present.
24
- * Configuration paths are normalized so callers can pass either "foo" or "/foo".
25
- * The middleware internally parses form submissions via `express.urlencoded({ extended: true })`.
22
+ * Simple Express middleware that forces a one-page dev login and then injects
23
+ * `Authorization: Bearer <token>` for subsequent requests. Mount it ahead of
24
+ * any backend proxy (e.g. `createProxyMiddleware`) so outgoing calls receive
25
+ * the token.
26
26
  *
27
- * To skip the HTML login entirely during local development, preload
28
- * `DEV_AUTH_TOKEN` (for example via a `.env` file or by exporting it before
29
- * starting Express). You can obtain a valid token by calling the dev auth login
30
- * endpoint (defaults to `https://auth-dev.grasp-daas.com/rest-auth/login/`,
31
- * overridable via {@link DevLoginOptions.authEndpoint}) with the same
32
- * credentials you would submit through the form and copying the returned
33
- * `access_token`.
27
+ * Skip the login screen by setting `DEV_AUTH_TOKEN` before starting your app
28
+ * (via `.env` or the shell). Tokens can be created by calling the dev auth
29
+ * endpoint with your normal credentials and copying the `access_token`.
34
30
  *
35
31
  * @example
36
32
  * ```typescript
37
33
  * import express from 'express';
38
- * import { devLoginMiddleware } from '@grasp-labs/ds-microfrontends-integration/dev';
34
+ * import { devAuthMiddleware } from '@grasp-labs/ds-microfrontends-integration/dev';
39
35
  *
40
36
  * const app = express();
41
- * app.use(devLoginMiddleware());
37
+ * app.use(devAuthMiddleware());
42
38
  * ```
43
39
  */
44
- export declare function devLoginMiddleware(options?: DevLoginOptions): (req: Request, res: Response, next: NextFunction) => Promise<any>;
40
+ export declare function devAuthMiddleware(options?: DevLoginOptions): (req: Request, res: Response, next: NextFunction) => Promise<any>;
45
41
  /**
46
42
  * Simple in-memory token store backed by process.env.
47
43
  * Preloading `DEV_AUTH_TOKEN` (e.g. via a `.env` file or shell env var) skips the login flow entirely.
package/dist/dev/express-auth-middleware.js CHANGED
@@ -139,13 +139,13 @@ function E(e = {}) {
139
139
  loginPath: t = "/__login",
140
140
  redirectAfterLoginPathTo: r = "/",
141
141
  authEndpoint: n = "https://auth-dev.grasp-daas.com/rest-auth/login/"
142
- } = e, o = h(t, "loginPath"), c = h(
142
+ } = e, o = g(t, "loginPath"), c = g(
143
143
  r,
144
144
  "redirectAfterLoginPathTo"
145
145
  ), m = k();
146
- return async (s, i, l) => {
147
- if (g.exists())
148
- return s.path === o ? i.redirect(c) : l();
146
+ return async (s, i, p) => {
147
+ if (l.exists())
148
+ return s.path === o ? i.redirect(c) : (s.headers.authorization = `Bearer ${l.get()}`, p());
149
149
  if (s.path !== o)
150
150
  return i.redirect(o);
151
151
  if (s.method === "GET")
@@ -154,18 +154,18 @@ function E(e = {}) {
154
154
  try {
155
155
  await m(s, i);
156
156
  } catch (a) {
157
- return l(a);
157
+ return p(a);
158
158
  }
159
- const { email: p, password: u } = s.body ?? {};
160
- if (!p || !u)
159
+ const { email: u, password: h } = s.body ?? {};
160
+ if (!u || !h)
161
161
  return d(i, o, "Email and password are required.");
162
162
  try {
163
163
  const { access_token: a } = await x({
164
- email: p,
165
- password: u,
164
+ email: u,
165
+ password: h,
166
166
  authEndpoint: n
167
167
  });
168
- return g.set(a), i.redirect(303, c);
168
+ return l.set(a), i.redirect(303, c);
169
169
  } catch (a) {
170
170
  const f = `${a instanceof Error ? a.message : String(a)}`;
171
171
  return d(i, o, f);
@@ -174,11 +174,11 @@ function E(e = {}) {
174
174
  return i.status(405).send("Method Not Allowed");
175
175
  };
176
176
  }
177
- function h(e, t) {
177
+ function g(e, t) {
178
178
  const r = e.trim();
179
179
  if (!r)
180
180
  throw new Error(
181
- `devLoginMiddleware ${t} must be a non-empty string`
181
+ `devAuthMiddleware ${t} must be a non-empty string`
182
182
  );
183
183
  return r.startsWith("/") ? r : `/${r}`;
184
184
  }
@@ -229,7 +229,7 @@ async function x({
229
229
  );
230
230
  return o;
231
231
  }
232
- const g = {
232
+ const l = {
233
233
  get: () => process.env.DEV_AUTH_TOKEN,
234
234
  set: (e) => {
235
235
  process.env.DEV_AUTH_TOKEN = e;
@@ -237,6 +237,6 @@ const g = {
237
237
  exists: () => typeof process.env.DEV_AUTH_TOKEN == "string" && process.env.DEV_AUTH_TOKEN.length > 0
238
238
  };
239
239
  export {
240
- g as DEV_AUTH_TOKEN,
241
- E as devLoginMiddleware
240
+ l as DEV_AUTH_TOKEN,
241
+ E as devAuthMiddleware
242
242
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@grasp-labs/ds-microfrontends-integration",
3
- "version": "0.7.0",
3
+ "version": "0.8.0",
4
4
  "private": false,
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",