@lobb-js/lobb-ext-auth 0.15.1 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -4,10 +4,10 @@ export const activityFeedCollection: CollectionConfig = {
4
4
  indexes: {},
5
5
  fields: {
6
6
  id: {
7
- type: "integer",
7
+ type: "id",
8
8
  },
9
9
  user_id: {
10
- type: "integer",
10
+ type: "id",
11
11
  references: {
12
12
  collection: "auth_users",
13
13
  field: "id",
@@ -31,8 +31,7 @@ export const activityFeedCollection: CollectionConfig = {
31
31
  required: true,
32
32
  },
33
33
  item_id: {
34
- type: "string",
35
- length: 255,
34
+ type: "id",
36
35
  required: true,
37
36
  },
38
37
  created_at: {
@@ -4,10 +4,10 @@ export const sessionsCollection: CollectionConfig = {
4
4
  indexes: {},
5
5
  fields: {
6
6
  id: {
7
- type: "integer",
7
+ type: "id",
8
8
  },
9
9
  user_id: {
10
- type: "integer",
10
+ type: "id",
11
11
  references: {
12
12
  collection: "auth_users",
13
13
  field: "id",
@@ -10,7 +10,7 @@ export const sharesCollection: CollectionConfig = {
10
10
  indexes: {},
11
11
  fields: {
12
12
  id: {
13
- type: "integer",
13
+ type: "id",
14
14
  },
15
15
  // Auto-generated server-side by the auth_generateShareToken workflow on
16
16
  // create — clients should not supply this; the generated token comes
@@ -49,7 +49,7 @@ export const sharesCollection: CollectionConfig = {
49
49
  ui: { hidden: true },
50
50
  },
51
51
  created_by: {
52
- type: "integer",
52
+ type: "id",
53
53
  references: {
54
54
  collection: "auth_users",
55
55
  field: "id",
@@ -14,7 +14,7 @@ export const usersCollection: NormalCollectionConfig = {
14
14
  },
15
15
  fields: {
16
16
  id: {
17
- type: "integer",
17
+ type: "id",
18
18
  },
19
19
  email: {
20
20
  type: "string",
@@ -37,7 +37,7 @@ export const usersCollection: NormalCollectionConfig = {
37
37
  },
38
38
  role: {
39
39
  type: "string",
40
- length: 255,
40
+ length: 100,
41
41
  required: true,
42
42
  },
43
43
  },
@@ -1,4 +1,4 @@
1
- import type { CollectionConfig } from "@lobb-js/core";
1
+ import type { CollectionConfig, CollectionField } from "@lobb-js/core";
2
2
  import type { CreatePermissionAction } from "./permissionsAction/create.ts";
3
3
  import type { ReadPermissionAction } from "./permissionsAction/read.ts";
4
4
  import type { UpdatePermissionAction } from "./permissionsAction/update.ts";
@@ -33,7 +33,7 @@ export type ExtensionConfig = {
33
33
  roles?: Record<string, RolesConfig | undefined>;
34
34
  extend_users?: {
35
35
  indexes?: CollectionConfig["indexes"];
36
- fields?: Omit<CollectionConfig["fields"], "id">;
36
+ fields?: Record<string, CollectionField>;
37
37
  };
38
38
  studio?: {
39
39
  publicPaths?: string[];
@@ -1,4 +1,4 @@
1
- import type { CollectionConfig } from "@lobb-js/core";
1
+ import type { CollectionConfig, CollectionField } from "@lobb-js/core";
2
2
  import type { CreatePermissionAction } from "./permissionsAction/create.ts";
3
3
  import type { ReadPermissionAction } from "./permissionsAction/read.ts";
4
4
  import type { UpdatePermissionAction } from "./permissionsAction/update.ts";
@@ -43,7 +43,7 @@ export type ExtensionConfig = {
43
43
  roles?: Record<string, RolesConfig | undefined>;
44
44
  extend_users?: {
45
45
  indexes?: CollectionConfig["indexes"];
46
- fields?: Omit<CollectionConfig["fields"], "id">;
46
+ fields?: Record<string, CollectionField>;
47
47
  };
48
48
  studio?: {
49
49
  publicPaths?: string[];
@@ -3,7 +3,23 @@ import type { Context } from "hono";
3
3
  import type { ExtensionConfig } from "../config/extensionConfigSchema.ts";
4
4
  import { getBearerToken } from "../utils.ts";
5
5
 
6
- export function getBaseWorkflows(_extensionConfig: ExtensionConfig): Workflow[] {
6
+ // The admin user is identified by the configured admin email — its id is a uuid
7
+ // now, no longer a predictable "1". Looks the target user up and compares.
8
+ async function isAdminUser(id: any, ctx: any, adminEmail?: string): Promise<boolean> {
9
+ if (!adminEmail || id == null) return false;
10
+ try {
11
+ const user = (await ctx.lobb.collectionStore.findOne({
12
+ collectionName: "auth_users",
13
+ id: String(id),
14
+ params: { fields: "id,email" },
15
+ })).data;
16
+ return user?.email === adminEmail;
17
+ } catch {
18
+ return false;
19
+ }
20
+ }
21
+
22
+ export function getBaseWorkflows(extensionConfig: ExtensionConfig): Workflow[] {
7
23
  return [
8
24
  {
9
25
  name: "auth_preventAdminUserDeletion",
@@ -12,7 +28,7 @@ export function getBaseWorkflows(_extensionConfig: ExtensionConfig): Workflow[]
12
28
  if (
13
29
  input.collectionName === "auth_users" &&
14
30
  input.triggeredBy === "API" &&
15
- Number(input.id) === 1
31
+ await isAdminUser(input.id, ctx, extensionConfig.admin?.email)
16
32
  ) {
17
33
  throw new ctx.LobbError({
18
34
  code: "FORBIDDEN",
@@ -28,7 +44,7 @@ export function getBaseWorkflows(_extensionConfig: ExtensionConfig): Workflow[]
28
44
  if (
29
45
  input.collectionName === "auth_users" &&
30
46
  input.triggeredBy === "API" &&
31
- Number(input.id) === 1
47
+ await isAdminUser(input.id, ctx, extensionConfig.admin?.email)
32
48
  ) {
33
49
  // Only the security-sensitive core fields are locked on the admin —
34
50
  // changing them could lock out or hijack the account. Other fields
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lobb-js/lobb-ext-auth",
3
- "version": "0.15.1",
3
+ "version": "0.16.0",
4
4
  "license": "UNLICENSED",
5
5
  "type": "module",
6
6
  "publishConfig": {
@@ -32,13 +32,13 @@
32
32
  "package": "svelte-package --input extensions/auth/studio"
33
33
  },
34
34
  "dependencies": {
35
- "@lobb-js/core": "^0.44.0",
35
+ "@lobb-js/core": "^0.50.0",
36
36
  "argon2": "^0.40.3",
37
37
  "hono": "^4.7.0"
38
38
  },
39
39
  "devDependencies": {
40
40
  "@sveltejs/vite-plugin-svelte": "^7.1.2",
41
- "@lobb-js/studio": "^0.53.1",
41
+ "@lobb-js/studio": "^0.60.0",
42
42
  "@lucide/svelte": "^0.563.1",
43
43
  "@sveltejs/adapter-node": "^5.5.4",
44
44
  "@sveltejs/kit": "^2.60.1",