@jskit-ai/auth-web 0.1.47 → 0.1.49

package/package.descriptor.mjs

@@ -1,7 +1,7 @@
 export default Object.freeze({
   "packageVersion": 1,
   "packageId": "@jskit-ai/auth-web",
-  "version": "0.1.47",
+  "version": "0.1.49",
   "kind": "runtime",
   "description": "Auth web module: Fastify auth routes plus web login/sign-out scaffolds.",
   "dependsOn": [
@@ -220,10 +220,10 @@ export default Object.freeze({
         "@tanstack/vue-query": "5.92.12",
         "@mdi/js": "^7.4.47",
         "@fastify/type-provider-typebox": "^6.1.0",
-        "@jskit-ai/auth-core": "0.1.45",
-        "@jskit-ai/http-runtime": "0.1.45",
-        "@jskit-ai/kernel": "0.1.46",
-        "@jskit-ai/shell-web": "0.1.45",
+        "@jskit-ai/auth-core": "0.1.47",
+        "@jskit-ai/http-runtime": "0.1.47",
+        "@jskit-ai/kernel": "0.1.48",
+        "@jskit-ai/shell-web": "0.1.47",
         "vuetify": "^4.0.0"
       },
       "dev": {}
@@ -282,7 +282,7 @@ export default Object.freeze({
         "file": "src/placement.js",
         "position": "bottom",
         "skipIfContains": "id: \"auth.profile.widget\"",
-        "value": "\naddPlacement({\n  id: \"auth.profile.widget\",\n  target: \"shell-layout:top-right\",\n  surfaces: [\"*\"],\n  order: 1000,\n  componentToken: \"auth.web.profile.widget\"\n});\n\naddPlacement({\n  id: \"auth.profile.menu.sign-in\",\n  target: \"auth-profile-menu:primary-menu\",\n  surfaces: [\"*\"],\n  order: 200,\n  componentToken: \"auth.web.profile.menu.link-item\",\n  props: {\n    label: \"Sign in\",\n    to: \"/auth/login\"\n  },\n  when: ({ auth }) => !Boolean(auth?.authenticated)\n});\n\naddPlacement({\n  id: \"auth.profile.menu.sign-out\",\n  target: \"auth-profile-menu:primary-menu\",\n  surfaces: [\"*\"],\n  order: 1000,\n  componentToken: \"auth.web.profile.menu.link-item\",\n  props: {\n    label: \"Sign out\",\n    to: \"/auth/signout\"\n  },\n  when: ({ auth }) => Boolean(auth?.authenticated)\n});\n",
+        "value": "\naddPlacement({\n  id: \"auth.profile.widget\",\n  target: \"shell-layout:top-right\",\n  surfaces: [\"*\"],\n  order: 1000,\n  componentToken: \"auth.web.profile.widget\"\n});\n\naddPlacement({\n  id: \"auth.profile.menu.sign-in\",\n  target: \"auth-profile-menu:primary-menu\",\n  surfaces: [\"*\"],\n  order: 200,\n  componentToken: \"auth.web.profile.menu.link-item\",\n  props: {\n    label: \"Sign in\",\n    to: \"/auth/login\"\n  },\n  when: ({ auth }) => auth?.authenticated !== true\n});\n\naddPlacement({\n  id: \"auth.profile.menu.sign-out\",\n  target: \"auth-profile-menu:primary-menu\",\n  surfaces: [\"*\"],\n  order: 1000,\n  componentToken: \"auth.web.profile.menu.link-item\",\n  props: {\n    label: \"Sign out\",\n    to: \"/auth/signout\"\n  },\n  when: ({ auth }) => auth?.authenticated === true\n});\n",
         "reason": "Append auth profile placement entries into app-owned placement registry.",
         "category": "auth-web",
         "id": "auth-web-placement-block"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jskit-ai/auth-web",
-  "version": "0.1.47",
+  "version": "0.1.49",
   "type": "module",
   "scripts": {
     "test": "node --test"
@@ -18,13 +18,13 @@
   },
   "dependencies": {
     "@tanstack/vue-query": "^5.90.5",
-    "@jskit-ai/auth-core": "0.1.45",
+    "@jskit-ai/auth-core": "0.1.47",
     "@mdi/js": "^7.4.47",
     "@fastify/type-provider-typebox": "^6.1.0",
-    "@jskit-ai/kernel": "0.1.46",
-    "@jskit-ai/shell-web": "0.1.45",
+    "@jskit-ai/kernel": "0.1.48",
+    "@jskit-ai/shell-web": "0.1.47",
     "pinia": "^3.0.4",
     "vuetify": "^4.0.0",
-    "@jskit-ai/http-runtime": "0.1.45"
+    "@jskit-ai/http-runtime": "0.1.47"
   }
 }

package/src/server/constants/authActionIds.js

@@ -6,6 +6,7 @@ const AUTH_ACTION_IDS = Object.freeze({
   LOGIN_OTP_VERIFY: "auth.login.otp.verify",
   LOGIN_OAUTH_START: "auth.login.oauth.start",
   LOGIN_OAUTH_COMPLETE: "auth.login.oauth.complete",
+  DEV_LOGIN_AS: "auth.dev.loginAs",
   LOGOUT: "auth.logout",
   SESSION_READ: "auth.session.read",
   PASSWORD_RESET_REQUEST: "auth.password.reset.request",

package/src/server/controllers/AuthController.js

@@ -91,6 +91,18 @@ class AuthController {
     });
   }
 
+  async devLoginAs(request, reply) {
+    const payload = request.body || {};
+    const result = await this.service.devLoginAs(request, payload);
+    this.service.writeSessionCookies(reply, result.session);
+    reply.code(200).send({
+      ok: true,
+      userId: result.profile.id,
+      username: result.profile.displayName,
+      email: result.profile.email
+    });
+  }
+
   async logout(request, reply) {
     let clearSession = true;
     try {

package/src/server/providers/AuthRouteServiceProvider.js

@@ -20,7 +20,10 @@ class AuthRouteServiceProvider {
     const router = app.make("jskit.http.router");
     const authWebService = app.make("auth.web.service");
     const controller = new AuthController({ service: authWebService });
-    const routes = buildRoutes(controller);
+    const routes = buildRoutes(controller, {
+      includeDevLoginAs:
+        typeof authWebService?.isDevLoginAsAvailable === "function" ? authWebService.isDevLoginAsAvailable() : false
+    });
     for (const route of routes) {
       router.register(route.method, route.path, route, route.handler);
     }

package/src/server/routes/authRoutes.js

@@ -7,6 +7,7 @@ import {
   authLoginOtpVerifyCommand,
   authLoginOAuthStartCommand,
   authLoginOAuthCompleteCommand,
+  authDevLoginAsCommand,
   authPasswordResetRequestCommand,
   authPasswordRecoveryCompleteCommand,
   authPasswordResetCommand,
@@ -15,7 +16,7 @@ import {
 } from "@jskit-ai/auth-core/shared/commands";
 import { AUTH_PATHS } from "@jskit-ai/auth-core/shared/authPaths";
 
-function buildRoutes(controller) {
+function buildRoutes(controller, { includeDevLoginAs = false } = {}) {
   if (!controller) {
     throw new Error("Auth routes require a controller instance.");
   }
@@ -172,6 +173,27 @@ function buildRoutes(controller) {
       },
       handler: handler("oauthComplete")
     },
+    ...(includeDevLoginAs ? [{
+      path: AUTH_PATHS.DEV_LOGIN_AS,
+      method: "POST",
+      auth: "public",
+      meta: {
+        tags: ["auth"],
+        summary: "Dev-only: create a local session for an existing user"
+      },
+      bodyValidator: authDevLoginAsCommand.operation.bodyValidator,
+      responseValidators: withStandardErrorResponses(
+        {
+          200: authDevLoginAsCommand.operation.responseValidator
+        },
+        { includeValidation400: true }
+      ),
+      rateLimit: {
+        max: 30,
+        timeWindow: "1 minute"
+      },
+      handler: handler("devLoginAs")
+    }] : []),
     {
       path: AUTH_PATHS.PASSWORD_FORGOT,
       method: "POST",

package/src/server/services/AuthWebService.js

@@ -61,6 +61,19 @@ class AuthWebService {
     });
   }
 
+  async devLoginAs(request, payload) {
+    return request.executeAction({
+      actionId: AUTH_ACTION_IDS.DEV_LOGIN_AS,
+      input: payload
+    });
+  }
+
+  isDevLoginAsAvailable() {
+    return typeof this.authService?.isDevAuthBootstrapEnabled === "function"
+      ? this.authService.isDevAuthBootstrapEnabled()
+      : false;
+  }
+
   async logout(request) {
     return request.executeAction({
       actionId: AUTH_ACTION_IDS.LOGOUT

package/test/providerRuntime.test.js

@@ -68,6 +68,12 @@ test("auth route provider registers routes and executes login/logout handlers",
           profile: { displayName: "Ada" }
         };
       }
+      if (actionId === "auth.dev.loginAs") {
+        return {
+          session: { access_token: "dev-a", refresh_token: "dev-r" },
+          profile: { id: "7", displayName: "Dev Ada", email: "ada@example.com" }
+        };
+      }
       if (actionId === "auth.logout") {
         return {
           ok: true,
@@ -103,6 +109,9 @@ test("auth route provider registers routes and executes login/logout handlers",
   assert.equal(resendConfirmationReply.statusCode, 200);
   assert.equal(resendConfirmationReply.payload.ok, true);
 
+  const devLoginRoute = fastify.routes.find((route) => route.method === "POST" && route.url === "/api/dev-auth/login-as");
+  assert.equal(devLoginRoute, undefined);
+
   const logoutRoute = fastify.routes.find((route) => route.method === "POST" && route.url === "/api/logout");
   assert.ok(logoutRoute);
   const logoutReply = createReplyStub();
@@ -113,3 +122,50 @@ test("auth route provider registers routes and executes login/logout handlers",
   assert.equal(events.some((entry) => entry.type === "writeSession"), true);
   assert.equal(events.some((entry) => entry.type === "clearSession"), true);
 });
+
+test("auth route provider registers dev login route only when auth service enables it", async () => {
+  const fastify = createFastifyStub();
+  const app = createApplication();
+  const httpRuntime = createHttpRuntime({ app, fastify });
+
+  const authService = {
+    isDevAuthBootstrapEnabled() {
+      return true;
+    },
+    writeSessionCookies() {},
+    clearSessionCookies() {},
+    getOAuthProviderCatalog() {
+      return { providers: [], defaultProvider: "" };
+    }
+  };
+
+  app.instance("authService", authService);
+  app.instance("actionExecutor", {
+    async execute({ actionId }) {
+      if (actionId === "auth.dev.loginAs") {
+        return {
+          session: { access_token: "dev-a", refresh_token: "dev-r" },
+          profile: { id: "7", displayName: "Dev Ada", email: "ada@example.com" }
+        };
+      }
+      return {};
+    }
+  });
+
+  class MockAuthProvider {
+    static id = "auth.provider";
+  }
+
+  await app.start({ providers: [MockAuthProvider, AuthWebServiceProvider, AuthRouteServiceProvider] });
+
+  const registration = httpRuntime.registerRoutes();
+  assert.equal(registration.routeCount > 0, true);
+
+  const devLoginRoute = fastify.routes.find((route) => route.method === "POST" && route.url === "/api/dev-auth/login-as");
+  assert.ok(devLoginRoute);
+  const devLoginReply = createReplyStub();
+  await devLoginRoute.handler({ body: { userId: "7" } }, devLoginReply);
+  assert.equal(devLoginReply.statusCode, 200);
+  assert.equal(devLoginReply.payload.userId, "7");
+  assert.equal(devLoginReply.payload.username, "Dev Ada");
+});