@lobb-js/lobb-ext-auth 0.3.1 → 0.4.1

package/extensions/auth/collections/users.ts

@@ -1,4 +1,5 @@
 import type { CollectionConfig } from "@lobb-js/core";
+import { hash } from "argon2";
 
 export const usersCollection: CollectionConfig = {
   indexes: {
@@ -32,6 +33,15 @@ export const usersCollection: CollectionConfig = {
       validators: {
         required: true,
       },
+      hooks: {
+        beforeCreate: async ({ data }) => await hash(data.password),
+        beforeUpdate: async ({ data }) => data.password ? await hash(data.password) : undefined,
+      },
+      ui: {
+        input: {
+          type: "password",
+        },
+      },
     },
     role: {
       type: "string",

package/extensions/auth/config/extensionConfigSchema.ts

@@ -37,9 +37,10 @@ export type ExtensionConfig = {
   admin: {
     password: string;
     email: string;
+    [key: string]: any;
   };
   dashboard_access_roles?: string[];
-  roles: Record<string, RolesConfig | undefined>;
+  roles?: Record<string, RolesConfig | undefined>;
   extend_users?: {
     indexes?: CollectionConfig["indexes"];
     fields?: Omit<CollectionConfig["fields"], "id">;

package/extensions/auth/database/init.ts

@@ -11,7 +11,7 @@ export async function init(lobb: Lobb, extensionConfig: ExtensionConfig) {
 async function syncincAdminUserInDB(lobb: Lobb, extensionConfig: ExtensionConfig) {
   // syncinc the admin user in users collection
   const config = extensionConfig;
-  const adminUserData = config.admin;
+  const { email, password, ...extraFields } = config.admin;
   const entries = (await lobb.collectionService.findAll({
     collectionName: "auth_users",
     params: {
@@ -26,24 +26,26 @@ async function syncincAdminUserInDB(lobb: Lobb, extensionConfig: ExtensionConfig
     await lobb.collectionService.createOne({
       collectionName: "auth_users",
       data: {
-        email: adminUserData.email,
-        password: adminUserData.password,
+        ...extraFields,
+        email,
+        password,
         role: "admin",
       },
     });
   } else {
     const passwordIdentical = await verify(
       adminUser.password,
-      adminUserData.password,
+      password,
     );
 
-    if (adminUser.email !== adminUserData.email || !passwordIdentical) {
+    if (adminUser.email !== email || !passwordIdentical) {
       await lobb.collectionService.updateOne({
         collectionName: "auth_users",
         id: adminUser.id,
         data: {
-          email: adminUserData.email,
-          password: adminUserData.password,
+          ...extraFields,
+          email,
+          password,
         },
       });
     }

package/extensions/auth/tests/configs/auth_with_admin_extra_fields.ts

@@ -0,0 +1,53 @@
+import type { Config } from "@lobb-js/core";
+import auth from "../../index.ts";
+
+export const authWithAdminExtraFieldsConfig: Config = {
+  project: {
+    name: "Lobb",
+    force_sync: true,
+    support_email: "support@lobb.com",
+  },
+  database: {
+    host: "localhost",
+    port: 5432,
+    username: "test",
+    password: "test",
+    database: "*",
+  },
+  web_server: {
+    host: "0.0.0.0",
+    port: 0,
+  },
+  extensions: [
+    auth({
+      admin: {
+        email: "admin@test.com",
+        password: "admin",
+        name: "Super Admin",
+        username: "superadmin",
+      },
+      extend_users: {
+        fields: {
+          name: {
+            type: "string",
+            length: 255,
+          },
+          username: {
+            type: "string",
+            length: 255,
+          },
+        },
+      },
+      roles: {
+        public: {
+          permissions: {
+            auth_users: {
+              read: true,
+            },
+          },
+        },
+      },
+    }),
+  ],
+  collections: {},
+};

package/extensions/auth/tests/database/adminExtraFields.test.ts

@@ -0,0 +1,50 @@
+import { Lobb } from "@lobb-js/core";
+import { afterAll, beforeAll, describe, it, expect } from "bun:test";
+import { authWithAdminExtraFieldsConfig } from "../configs/auth_with_admin_extra_fields.ts";
+
+describe("AUTH admin extra fields", () => {
+  let lobb: Lobb;
+
+  beforeAll(async () => {
+    lobb = await Lobb.init(authWithAdminExtraFieldsConfig);
+  });
+
+  afterAll(async () => {
+    await lobb.close();
+  });
+
+  it("should create the admin user with extra fields on first init", async () => {
+    const result = await lobb.collectionService.findAll({
+      collectionName: "auth_users",
+      params: { filter: { role: "admin" } },
+    });
+
+    const admin = result.data[0];
+    expect(admin).toBeDefined();
+    expect(admin.email).toEqual("admin@test.com");
+    expect(admin.role).toEqual("admin");
+    expect(admin.name).toEqual("Super Admin");
+    expect(admin.username).toEqual("superadmin");
+  });
+
+  it("should always set role to admin regardless of extra fields", async () => {
+    const result = await lobb.collectionService.findAll({
+      collectionName: "auth_users",
+      params: { filter: { role: "admin" } },
+    });
+
+    expect(result.data[0].role).toEqual("admin");
+  });
+
+  it("should not create a second admin user on re-init", async () => {
+    const lobb2 = await Lobb.init(authWithAdminExtraFieldsConfig);
+
+    const result = await lobb2.collectionService.findAll({
+      collectionName: "auth_users",
+      params: { filter: { role: "admin" } },
+    });
+
+    expect(result.data.length).toEqual(1);
+    await lobb2.close();
+  });
+});

package/extensions/auth/workflows/index.ts

@@ -3,12 +3,9 @@ import type { ExtensionConfig } from "../config/extensionConfigSchema.ts";
 import { getPoliciesWorkflows } from "./policiesWorkflows.ts";
 import { meAliasWorkflows } from "./meAliasWorkflows.ts";
 import { baseWorkflows } from "./baseWorkflow.ts";
-import { hashHandlerWorkflows } from "./hashHandlerWorkflows.ts";
-
 export function getWorkflows(extensionConfig: ExtensionConfig): Workflow[] {
   return [
     ...baseWorkflows,
-    ...hashHandlerWorkflows,
 
     // TODO: think about putting the below workflows above at the beggining
     // this will give us the ability to specify which roles have the ability to login, register etc

package/extensions/auth/workflows/utils.ts

@@ -37,7 +37,7 @@ export function handlePolicy({
   }
 
   const config = extensionConfig;
-  const currentRole = config.roles[role];
+  const currentRole = config.roles?.[role];
 
   if (typeof currentRole === "undefined") {
     throw new ctx.LobbError({

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@lobb-js/lobb-ext-auth",
-  "version": "0.3.1",
-  "license": "AGPL-3.0-only",
+  "version": "0.4.1",
+  "license": "UNLICENSED",
   "type": "module",
   "publishConfig": {
     "access": "public"
@@ -33,12 +33,12 @@
     "package": "svelte-package --input extensions/auth/studio"
   },
   "dependencies": {
-    "@lobb-js/core": "^0.14.0",
+    "@lobb-js/core": "^0.21.0",
     "argon2": "^0.40.3",
     "hono": "^4.7.0"
   },
   "devDependencies": {
-    "@lobb-js/studio": "^0.8.1",
+    "@lobb-js/studio": "^0.15.0",
     "@lucide/svelte": "^0.563.1",
     "@playwright/test": "^1.58.2",
     "@sveltejs/adapter-node": "^5.5.4",

package/extensions/auth/workflows/hashHandlerWorkflows.ts

@@ -1,29 +0,0 @@
-import type { Workflow } from "@lobb-js/core";
-import { hash } from "argon2";
-
-export const hashHandlerWorkflows: Workflow[] = [
-  // hash passwords on user create
-  {
-    name: "auth_hashPasswordWorkflow",
-    eventName: "core.store.preCreateOne",
-    handler: async (input) => {
-      if (input.collectionName === "auth_users") {
-        input.data.password = await hash(input.data.password);
-      }
-      return input;
-    },
-  },
-  // hash passwords on user update
-  {
-    name: "auth_hashPasswordWorkflowForUpdate",
-    eventName: "core.store.preUpdateOne",
-    handler: async (input) => {
-      if (input.collectionName === "auth_users") {
-        if (input.data.password) {
-          input.data.password = await hash(input.data.password);
-        }
-      }
-      return input;
-    },
-  },
-];