@lobb-js/lobb-ext-auth 0.14.1 → 0.15.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,27 +1,18 @@
1
- <script lang="ts">
2
- import type { ExtensionProps } from "@lobb-js/studio";
3
- import { Auth } from "../../../../auth";
4
-
5
- const { utils }: ExtensionProps = $props();
6
-
7
- let formData = {
8
- email:
9
- window.location.hostname === "demo.lobb.app"
10
- ? "admin@example.com"
11
- : "",
12
- password: window.location.hostname === "demo.lobb.app" ? "admin" : "",
13
- };
14
-
15
- async function handleOnSubmit(e: Event) {
16
- e.preventDefault();
17
- if (!formData.email && !formData.password) {
18
- utils.toast.error("Please complete all fields");
19
- return;
20
- }
21
-
22
- const auth = new Auth(utils);
23
- await auth.login(formData);
24
- }
1
+ <script lang="ts">import { Auth } from "../../../../auth";
2
+ const { utils } = $props();
3
+ let formData = {
4
+ email: window.location.hostname === "demo.lobb.app" ? "admin@example.com" : "",
5
+ password: window.location.hostname === "demo.lobb.app" ? "admin" : ""
6
+ };
7
+ async function handleOnSubmit(e) {
8
+ e.preventDefault();
9
+ if (!formData.email && !formData.password) {
10
+ utils.toast.error("Please complete all fields");
11
+ return;
12
+ }
13
+ const auth = new Auth(utils);
14
+ await auth.login(formData);
15
+ }
25
16
  </script>
26
17
 
27
18
  <div
@@ -1,24 +1,20 @@
1
- <script lang="ts">
2
- import type { ExtensionProps } from "@lobb-js/studio";
3
- import Users from "./pages/users.svelte";
4
- import RolesAndPermissions from "./pages/rolesAndPermissions.svelte";
5
- import ActivityFeed from "./pages/activityFeed.svelte";
6
-
7
- const props: ExtensionProps = $props();
8
- const components = props.utils.components;
9
- const { Sidebar } = components;
10
- const { Icons } = components;
11
- const auth_settings_page = $derived(props.utils.page.url.pathname.split("/")[5]);
12
- const isSmall = $derived(!props.utils.mediaQueries.sm.current);
13
-
14
- // Bare /studio/extensions/auth/settings has no sub-page to render, which
15
- // would leave the page blank. Redirect to the first sub-page (Users) so
16
- // landing on the settings root always shows something useful.
17
- $effect(() => {
18
- if (!auth_settings_page) {
19
- props.utils.goto("/studio/extensions/auth/settings/users");
20
- }
21
- });
1
+ <script lang="ts">import Users from "./pages/users.svelte";
2
+ import RolesAndPermissions from "./pages/rolesAndPermissions.svelte";
3
+ import ActivityFeed from "./pages/activityFeed.svelte";
4
+ const props = $props();
5
+ const components = props.utils.components;
6
+ const { Sidebar } = components;
7
+ const { Icons } = components;
8
+ const auth_settings_page = $derived(props.utils.page.url.pathname.split("/")[5]);
9
+ const isSmall = $derived(!props.utils.mediaQueries.sm.current);
10
+ // Bare /studio/extensions/auth/settings has no sub-page to render, which
11
+ // would leave the page blank. Redirect to the first sub-page (Users) so
12
+ // landing on the settings root always shows something useful.
13
+ $effect(() => {
14
+ if (!auth_settings_page) {
15
+ props.utils.goto("/studio/extensions/auth/settings/users");
16
+ }
17
+ });
22
18
  </script>
23
19
 
24
20
  <!-- TODO: add the sidebar in here to add these pages
@@ -1,8 +1,6 @@
1
- <script lang="ts">
2
- import type { ExtensionProps } from "@lobb-js/studio";
3
-
4
- const { utils }: ExtensionProps = $props();
5
- const components = utils.components;
1
+ <script lang="ts">const { utils } = $props();
2
+ const components = utils.components;
3
+ export {};
6
4
  </script>
7
5
 
8
6
  <div class="flex flex-col gap-4 p-4 h-full">
@@ -1,8 +1,6 @@
1
- <script lang="ts">
2
- import type { ExtensionProps } from "@lobb-js/studio";
3
-
4
- const { utils }: ExtensionProps = $props();
5
- const components = utils.components;
1
+ <script lang="ts">const { utils } = $props();
2
+ const components = utils.components;
3
+ export {};
6
4
  </script>
7
5
 
8
6
  <div class="flex flex-col gap-4 p-4 h-full">
@@ -1,8 +1,6 @@
1
- <script lang="ts">
2
- import type { ExtensionProps } from "@lobb-js/studio";
3
-
4
- const { utils }: ExtensionProps = $props();
5
- const components = utils.components;
1
+ <script lang="ts">const { utils } = $props();
2
+ const components = utils.components;
3
+ export {};
6
4
  </script>
7
5
 
8
6
  <div class="flex flex-col gap-4 p-4 h-full">
@@ -1,32 +1,26 @@
1
- <script lang="ts">
2
- import type { ExtensionProps } from "@lobb-js/studio";
3
- import { DetailView } from "@lobb-js/studio";
4
- import { onMount } from "svelte";
5
-
6
- const { utils }: ExtensionProps = $props();
7
- const { Button, Separator, Skeleton, Icons } = utils.components;
8
-
9
- let entry = $state<Record<string, any>>({});
10
- let loading = $state(true);
11
-
12
- onMount(async () => {
13
- // /me is the only auth_users path a role without explicit auth_users
14
- // read perms can reach (self-bypass at the policy layer).
15
- const response = await utils.lobb.findOne("auth_users", "me");
1
+ <script lang="ts">import { DetailView } from "@lobb-js/studio";
2
+ import { onMount } from "svelte";
3
+ const { utils } = $props();
4
+ const { Button, Separator, Skeleton, Icons } = utils.components;
5
+ let entry = $state({});
6
+ let loading = $state(true);
7
+ onMount(async () => {
8
+ // /me is the only auth_users path a role without explicit auth_users
9
+ // read perms can reach (self-bypass at the policy layer).
10
+ const response = await utils.lobb.findOne("auth_users", "me");
11
+ const result = await response.json();
12
+ entry = result.data;
13
+ loading = false;
14
+ });
15
+ async function handleSave() {
16
+ const response = await utils.lobb.updateOne("auth_users", "me", { data: entry });
17
+ if (response.status >= 400) {
16
18
  const result = await response.json();
17
- entry = result.data;
18
- loading = false;
19
- });
20
-
21
- async function handleSave() {
22
- const response = await utils.lobb.updateOne("auth_users", "me", { data: entry });
23
- if (response.status >= 400) {
24
- const result = await response.json();
25
- utils.toast.error(result.message);
26
- return;
27
- }
28
- utils.toast.success("Profile updated successfully.");
19
+ utils.toast.error(result.message);
20
+ return;
29
21
  }
22
+ utils.toast.success("Profile updated successfully.");
23
+ }
30
24
  </script>
31
25
 
32
26
  <div class="flex flex-col gap-4 p-4">
@@ -30,10 +30,20 @@ export function getBaseWorkflows(_extensionConfig: ExtensionConfig): Workflow[]
30
30
  input.triggeredBy === "API" &&
31
31
  Number(input.id) === 1
32
32
  ) {
33
- throw new ctx.LobbError({
34
- code: "FORBIDDEN",
35
- message: "The admin user cannot be updated.",
36
- });
33
+ // Only the security-sensitive core fields are locked on the admin —
34
+ // changing them could lock out or hijack the account. Other fields
35
+ // (e.g. extension-added ones) are fine to update.
36
+ const protectedFields = ["email", "password", "role"];
37
+ const touched = Object.keys(input.data ?? {}).filter((field) =>
38
+ protectedFields.includes(field)
39
+ );
40
+ if (touched.length) {
41
+ throw new ctx.LobbError({
42
+ code: "FORBIDDEN",
43
+ message:
44
+ `The admin user's ${touched.join(", ")} cannot be updated.`,
45
+ });
46
+ }
37
47
  }
38
48
  },
39
49
  },
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lobb-js/lobb-ext-auth",
3
- "version": "0.14.1",
3
+ "version": "0.15.1",
4
4
  "license": "UNLICENSED",
5
5
  "type": "module",
6
6
  "publishConfig": {
@@ -32,12 +32,13 @@
32
32
  "package": "svelte-package --input extensions/auth/studio"
33
33
  },
34
34
  "dependencies": {
35
- "@lobb-js/core": "^0.42.0",
35
+ "@lobb-js/core": "^0.44.0",
36
36
  "argon2": "^0.40.3",
37
37
  "hono": "^4.7.0"
38
38
  },
39
39
  "devDependencies": {
40
- "@lobb-js/studio": "^0.50.0",
40
+ "@sveltejs/vite-plugin-svelte": "^7.1.2",
41
+ "@lobb-js/studio": "^0.53.1",
41
42
  "@lucide/svelte": "^0.563.1",
42
43
  "@sveltejs/adapter-node": "^5.5.4",
43
44
  "@sveltejs/kit": "^2.60.1",