@lobb-js/lobb-ext-auth 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.js +10 -2
- package/dist/onStartup.js +6 -0
- package/extensions/auth/collections/activityFeed.ts +11 -21
- package/extensions/auth/collections/collections.ts +10 -0
- package/extensions/auth/collections/sessions.ts +3 -10
- package/extensions/auth/collections/users.ts +6 -15
- package/extensions/auth/config/extensionConfigSchema.ts +3 -0
- package/extensions/auth/meta/meta.ts +1 -0
- package/extensions/auth/studio/auth.ts +9 -2
- package/extensions/auth/studio/onStartup.ts +8 -0
- package/extensions/auth/tests/configs/auth_with_extend_users.ts +1 -3
- package/extensions/auth/tests/configs/social_blog.ts +5 -15
- package/extensions/auth/tests/middlewares/publicPreventBasic.test.ts +4 -4
- package/extensions/auth/workflows/utils.ts +6 -0
- package/package.json +3 -3
package/dist/auth.js
CHANGED
|
@@ -31,7 +31,8 @@ export class Auth {
|
|
|
31
31
|
this.utils.lobb.setHeaders({
|
|
32
32
|
Authorization: `Bearer ${session.access_token.token}`,
|
|
33
33
|
});
|
|
34
|
-
|
|
34
|
+
const redirectTo = new URLSearchParams(window.location.search).get("redirect");
|
|
35
|
+
this.utils.location.navigate(redirectTo || "/studio");
|
|
35
36
|
}
|
|
36
37
|
async logout() {
|
|
37
38
|
await this.utils.lobb.request({
|
|
@@ -39,6 +40,13 @@ export class Auth {
|
|
|
39
40
|
route: "/api/extensions/auth/logout",
|
|
40
41
|
});
|
|
41
42
|
localStorage.removeItem("lobb_session");
|
|
42
|
-
|
|
43
|
+
const currentPath = window.location.pathname;
|
|
44
|
+
const loginPath = "/studio/extensions/auth/login_page";
|
|
45
|
+
if (currentPath !== loginPath && currentPath !== "/studio") {
|
|
46
|
+
this.utils.location.navigate(`${loginPath}?redirect=${encodeURIComponent(currentPath)}`);
|
|
47
|
+
}
|
|
48
|
+
else {
|
|
49
|
+
this.utils.location.navigate(loginPath);
|
|
50
|
+
}
|
|
43
51
|
}
|
|
44
52
|
}
|
package/dist/onStartup.js
CHANGED
|
@@ -17,5 +17,11 @@ export async function onStartup(utils) {
|
|
|
17
17
|
utils.ctx.extensions.auth.session = session;
|
|
18
18
|
return;
|
|
19
19
|
}
|
|
20
|
+
// Allow public paths without login
|
|
21
|
+
const publicPaths = utils.ctx.meta?.extensions?.auth?.studio?.publicPaths ?? [];
|
|
22
|
+
const currentPath = window.location.pathname;
|
|
23
|
+
if (publicPaths.some(p => currentPath.startsWith(p))) {
|
|
24
|
+
return;
|
|
25
|
+
}
|
|
20
26
|
await auth.logout();
|
|
21
27
|
}
|
|
@@ -12,42 +12,32 @@ export const activityFeedCollection: CollectionConfig = {
|
|
|
12
12
|
collection: "auth_users",
|
|
13
13
|
field: "id",
|
|
14
14
|
},
|
|
15
|
-
|
|
16
|
-
required: true,
|
|
17
|
-
},
|
|
15
|
+
required: true,
|
|
18
16
|
},
|
|
19
17
|
action: {
|
|
20
18
|
type: "string",
|
|
21
19
|
length: 255,
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
],
|
|
30
|
-
},
|
|
20
|
+
required: true,
|
|
21
|
+
enum: [
|
|
22
|
+
"create",
|
|
23
|
+
"read",
|
|
24
|
+
"update",
|
|
25
|
+
"delete",
|
|
26
|
+
],
|
|
31
27
|
},
|
|
32
28
|
collection: {
|
|
33
29
|
type: "string",
|
|
34
30
|
length: 255,
|
|
35
|
-
|
|
36
|
-
required: true,
|
|
37
|
-
},
|
|
31
|
+
required: true,
|
|
38
32
|
},
|
|
39
33
|
item_id: {
|
|
40
34
|
type: "string",
|
|
41
35
|
length: 255,
|
|
42
|
-
|
|
43
|
-
required: true,
|
|
44
|
-
},
|
|
36
|
+
required: true,
|
|
45
37
|
},
|
|
46
38
|
created_at: {
|
|
47
39
|
type: "datetime",
|
|
48
|
-
|
|
49
|
-
default: "{{ now }}",
|
|
50
|
-
},
|
|
40
|
+
default: "{{ now }}",
|
|
51
41
|
},
|
|
52
42
|
},
|
|
53
43
|
};
|
|
@@ -12,6 +12,16 @@ export function collections(
|
|
|
12
12
|
collectionsSchemas["auth_users"] = usersCollection;
|
|
13
13
|
collectionsSchemas["auth_sessions"] = sessionsCollection;
|
|
14
14
|
|
|
15
|
+
// Convert the role field to an enum based on configured roles
|
|
16
|
+
const roleNames = Object.keys(extensionConfig.roles ?? {}).filter(r => r !== "public");
|
|
17
|
+
if (roleNames.length > 0) {
|
|
18
|
+
const usersFields = (collectionsSchemas["auth_users"] as { fields: Record<string, any> }).fields;
|
|
19
|
+
usersFields.role = {
|
|
20
|
+
...usersFields.role,
|
|
21
|
+
enum: [{ value: "admin" }, ...roleNames.map(r => ({ value: r }))],
|
|
22
|
+
};
|
|
23
|
+
}
|
|
24
|
+
|
|
15
25
|
// adding the additional fields and indexes if the extend_users property exists
|
|
16
26
|
if (extensionConfig.extend_users) {
|
|
17
27
|
collectionsSchemas["auth_users"].indexes = {
|
|
@@ -12,23 +12,16 @@ export const sessionsCollection: CollectionConfig = {
|
|
|
12
12
|
collection: "auth_users",
|
|
13
13
|
field: "id",
|
|
14
14
|
},
|
|
15
|
-
|
|
16
|
-
required: true,
|
|
17
|
-
},
|
|
15
|
+
required: true,
|
|
18
16
|
},
|
|
19
17
|
token: {
|
|
20
18
|
type: "string",
|
|
21
19
|
length: 255,
|
|
22
|
-
|
|
23
|
-
maxLength: 255,
|
|
24
|
-
required: true,
|
|
25
|
-
},
|
|
20
|
+
required: true,
|
|
26
21
|
},
|
|
27
22
|
expires_at: {
|
|
28
23
|
type: "datetime",
|
|
29
|
-
|
|
30
|
-
required: true,
|
|
31
|
-
},
|
|
24
|
+
required: true,
|
|
32
25
|
},
|
|
33
26
|
},
|
|
34
27
|
};
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { NormalCollectionConfig } from "@lobb-js/core";
|
|
2
2
|
import { hash } from "argon2";
|
|
3
3
|
|
|
4
|
-
export const usersCollection:
|
|
4
|
+
export const usersCollection: NormalCollectionConfig = {
|
|
5
5
|
indexes: {
|
|
6
6
|
auth_users_email_index: {
|
|
7
7
|
unique: true,
|
|
@@ -19,20 +19,12 @@ export const usersCollection: CollectionConfig = {
|
|
|
19
19
|
email: {
|
|
20
20
|
type: "string",
|
|
21
21
|
length: 255,
|
|
22
|
-
|
|
23
|
-
validator: {
|
|
24
|
-
name: "isEmail",
|
|
25
|
-
},
|
|
26
|
-
maxLength: 255,
|
|
27
|
-
required: true,
|
|
28
|
-
},
|
|
22
|
+
required: true,
|
|
29
23
|
},
|
|
30
24
|
password: {
|
|
31
25
|
type: "string",
|
|
32
26
|
length: 255,
|
|
33
|
-
|
|
34
|
-
required: true,
|
|
35
|
-
},
|
|
27
|
+
required: true,
|
|
36
28
|
hooks: {
|
|
37
29
|
beforeCreate: async ({ data }) => await hash(data.password),
|
|
38
30
|
beforeUpdate: async ({ data }) => data.password ? await hash(data.password) : undefined,
|
|
@@ -46,9 +38,8 @@ export const usersCollection: CollectionConfig = {
|
|
|
46
38
|
role: {
|
|
47
39
|
type: "string",
|
|
48
40
|
length: 255,
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
},
|
|
41
|
+
required: true,
|
|
42
|
+
enum: []
|
|
52
43
|
},
|
|
53
44
|
},
|
|
54
45
|
};
|
|
@@ -6,6 +6,7 @@ export async function meta(lobb: Lobb, extensionConfig: ExtensionConfig) {
|
|
|
6
6
|
const meta: any = {};
|
|
7
7
|
|
|
8
8
|
meta["dashboard_access_roles"] = config.dashboard_access_roles ?? ["admin"];
|
|
9
|
+
meta["studio"] = { publicPaths: config.studio?.publicPaths ?? [] };
|
|
9
10
|
|
|
10
11
|
return meta;
|
|
11
12
|
}
|
|
@@ -43,7 +43,8 @@ export class Auth {
|
|
|
43
43
|
this.utils.lobb.setHeaders({
|
|
44
44
|
Authorization: `Bearer ${session.access_token.token}`,
|
|
45
45
|
});
|
|
46
|
-
|
|
46
|
+
const redirectTo = new URLSearchParams(window.location.search).get("redirect");
|
|
47
|
+
this.utils.location.navigate(redirectTo || "/studio");
|
|
47
48
|
}
|
|
48
49
|
|
|
49
50
|
public async logout() {
|
|
@@ -52,6 +53,12 @@ export class Auth {
|
|
|
52
53
|
route: "/api/extensions/auth/logout",
|
|
53
54
|
});
|
|
54
55
|
localStorage.removeItem("lobb_session");
|
|
55
|
-
|
|
56
|
+
const currentPath = window.location.pathname;
|
|
57
|
+
const loginPath = "/studio/extensions/auth/login_page";
|
|
58
|
+
if (currentPath !== loginPath && currentPath !== "/studio") {
|
|
59
|
+
this.utils.location.navigate(`${loginPath}?redirect=${encodeURIComponent(currentPath)}`);
|
|
60
|
+
} else {
|
|
61
|
+
this.utils.location.navigate(loginPath);
|
|
62
|
+
}
|
|
56
63
|
}
|
|
57
64
|
}
|
|
@@ -21,5 +21,13 @@ export async function onStartup(utils: ExtensionUtils) {
|
|
|
21
21
|
utils.ctx.extensions.auth.session = session;
|
|
22
22
|
return;
|
|
23
23
|
}
|
|
24
|
+
|
|
25
|
+
// Allow public paths without login
|
|
26
|
+
const publicPaths: string[] = utils.ctx.meta?.extensions?.auth?.studio?.publicPaths ?? [];
|
|
27
|
+
const currentPath = window.location.pathname;
|
|
28
|
+
if (publicPaths.some(p => currentPath.startsWith(p))) {
|
|
29
|
+
return;
|
|
30
|
+
}
|
|
31
|
+
|
|
24
32
|
await auth.logout()
|
|
25
33
|
}
|
|
@@ -120,9 +120,7 @@ export const socialBlogConfig: Config = {
|
|
|
120
120
|
title: {
|
|
121
121
|
type: "string",
|
|
122
122
|
length: 255,
|
|
123
|
-
|
|
124
|
-
required: true,
|
|
125
|
-
},
|
|
123
|
+
required: true,
|
|
126
124
|
},
|
|
127
125
|
description: {
|
|
128
126
|
type: "string",
|
|
@@ -130,25 +128,17 @@ export const socialBlogConfig: Config = {
|
|
|
130
128
|
},
|
|
131
129
|
body: {
|
|
132
130
|
type: "text",
|
|
133
|
-
|
|
134
|
-
required: true,
|
|
135
|
-
},
|
|
131
|
+
required: true,
|
|
136
132
|
},
|
|
137
133
|
status: {
|
|
138
134
|
type: "string",
|
|
139
135
|
length: 255,
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
},
|
|
143
|
-
validators: {
|
|
144
|
-
enum: ["public", "private"],
|
|
145
|
-
},
|
|
136
|
+
default: "private",
|
|
137
|
+
enum: ["public", "private"],
|
|
146
138
|
},
|
|
147
139
|
author_id: {
|
|
148
140
|
type: "integer",
|
|
149
|
-
|
|
150
|
-
required: true,
|
|
151
|
-
},
|
|
141
|
+
required: true,
|
|
152
142
|
},
|
|
153
143
|
},
|
|
154
144
|
},
|
|
@@ -38,7 +38,7 @@ describe("Prevent Guard For Public Users", () => {
|
|
|
38
38
|
|
|
39
39
|
expect(
|
|
40
40
|
result.message,
|
|
41
|
-
).toEqual("
|
|
41
|
+
).toEqual("You do not have permission to perform this action.");
|
|
42
42
|
expect(response.status).toEqual(403);
|
|
43
43
|
});
|
|
44
44
|
|
|
@@ -54,7 +54,7 @@ describe("Prevent Guard For Public Users", () => {
|
|
|
54
54
|
|
|
55
55
|
expect(
|
|
56
56
|
result.message,
|
|
57
|
-
).toEqual("
|
|
57
|
+
).toEqual("You do not have permission to perform this action.");
|
|
58
58
|
expect(response.status).toEqual(403);
|
|
59
59
|
});
|
|
60
60
|
|
|
@@ -81,7 +81,7 @@ describe("Prevent Guard For Public Users", () => {
|
|
|
81
81
|
).toEqual({
|
|
82
82
|
status: 403,
|
|
83
83
|
code: "FORBIDDEN",
|
|
84
|
-
message: "
|
|
84
|
+
message: "You do not have permission to perform this action.",
|
|
85
85
|
});
|
|
86
86
|
expect(response.status).toEqual(403);
|
|
87
87
|
});
|
|
@@ -100,7 +100,7 @@ describe("Prevent Guard For Public Users", () => {
|
|
|
100
100
|
result,
|
|
101
101
|
).toEqual({
|
|
102
102
|
code: "FORBIDDEN",
|
|
103
|
-
message: "
|
|
103
|
+
message: "You do not have permission to perform this action.",
|
|
104
104
|
status: 403,
|
|
105
105
|
});
|
|
106
106
|
expect(response.status).toEqual(403);
|
|
@@ -40,6 +40,12 @@ export function handlePolicy({
|
|
|
40
40
|
const currentRole = config.roles?.[role];
|
|
41
41
|
|
|
42
42
|
if (typeof currentRole === "undefined") {
|
|
43
|
+
if (role === "public") {
|
|
44
|
+
throw new ctx.LobbError({
|
|
45
|
+
code: "FORBIDDEN",
|
|
46
|
+
message: "You do not have permission to perform this action.",
|
|
47
|
+
});
|
|
48
|
+
}
|
|
43
49
|
throw new ctx.LobbError({
|
|
44
50
|
code: "FORBIDDEN",
|
|
45
51
|
message: "Your role is not recognized by the system.",
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@lobb-js/lobb-ext-auth",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.0",
|
|
4
4
|
"license": "UNLICENSED",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"publishConfig": {
|
|
@@ -33,12 +33,12 @@
|
|
|
33
33
|
"package": "svelte-package --input extensions/auth/studio"
|
|
34
34
|
},
|
|
35
35
|
"dependencies": {
|
|
36
|
-
"@lobb-js/core": "^0.
|
|
36
|
+
"@lobb-js/core": "^0.27.0",
|
|
37
37
|
"argon2": "^0.40.3",
|
|
38
38
|
"hono": "^4.7.0"
|
|
39
39
|
},
|
|
40
40
|
"devDependencies": {
|
|
41
|
-
"@lobb-js/studio": "^0.
|
|
41
|
+
"@lobb-js/studio": "^0.24.1",
|
|
42
42
|
"@lucide/svelte": "^0.563.1",
|
|
43
43
|
"@playwright/test": "^1.58.2",
|
|
44
44
|
"@sveltejs/adapter-node": "^5.5.4",
|