@lobb-js/lobb-ext-auth 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/index.js +2 -1
  2. package/dist/onStartup.d.ts +1 -0
  3. package/dist/onStartup.js +15 -5
  4. package/extensions/auth/collections/collections.ts +1 -5
  5. package/extensions/auth/collections/users.ts +0 -1
  6. package/extensions/auth/index.ts +1 -0
  7. package/extensions/auth/studio/index.ts +2 -1
  8. package/extensions/auth/studio/onStartup.ts +20 -5
  9. package/extensions/auth/tests/configs/auth.ts +11 -0
  10. package/extensions/auth/tests/controllers/me.test.ts +2 -2
  11. package/extensions/auth/tests/middlewares/adminProtection.test.ts +59 -0
  12. package/extensions/auth/workflows/baseWorkflow.ts +15 -2
  13. package/package.json +3 -3
package/dist/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { Auth } from "./auth";
2
- import { onStartup } from "./onStartup";
2
+ import { onStartup, onRouteChange } from "./onStartup";
3
3
  import LoginPage from "./lib/components/pages/loginPage/index.svelte";
4
4
  import UserSettings from "./lib/components/pages/userSettings/index.svelte";
5
5
  import Settings from "./lib/components/pages/settings/index.svelte";
@@ -8,6 +8,7 @@ export default function extension(utils) {
8
8
  return {
9
9
  name: "auth",
10
10
  onStartup: onStartup,
11
+ onRouteChange: onRouteChange,
11
12
  components: {
12
13
  "pages.login_page": LoginPage,
13
14
  "pages.user_settings": UserSettings,
package/dist/onStartup.d.ts CHANGED
@@ -1,2 +1,3 @@
1
1
  import type { ExtensionUtils } from "@lobb-js/studio";
2
2
  export declare function onStartup(utils: ExtensionUtils): Promise<void>;
3
+ export declare function onRouteChange(utils: ExtensionUtils, path: string): void;
package/dist/onStartup.js CHANGED
@@ -1,7 +1,11 @@
1
1
  import { Auth } from "./auth";
2
+ const loginPath = "/studio/extensions/auth/login_page";
3
+ function isPublicPath(path, publicPaths) {
4
+ return path === loginPath || publicPaths.some(p => path.startsWith(p));
5
+ }
2
6
  export async function onStartup(utils) {
3
- // logout if we got an Unauthorized response
4
7
  const auth = new Auth(utils);
8
+ // Logout if we got an Unauthorized response
5
9
  utils.lobb.onResponse(async (response) => {
6
10
  if (response.status === 401) {
7
11
  const body = await response.json();
@@ -12,16 +16,22 @@ export async function onStartup(utils) {
12
16
  }
13
17
  });
14
18
  const session = auth.getSession();
15
- // if user is logged in
16
19
  if (session) {
17
20
  utils.ctx.extensions.auth.session = session;
18
21
  return;
19
22
  }
20
- // Allow public paths without login
21
23
  const publicPaths = utils.ctx.meta?.extensions?.auth?.studio?.publicPaths ?? [];
22
- const currentPath = window.location.pathname;
23
- if (publicPaths.some(p => currentPath.startsWith(p))) {
24
+ if (isPublicPath(window.location.pathname, publicPaths)) {
24
25
  return;
25
26
  }
26
27
  await auth.logout();
27
28
  }
29
+ export function onRouteChange(utils, path) {
30
+ const auth = new Auth(utils);
31
+ if (auth.getSession())
32
+ return;
33
+ const publicPaths = utils.ctx.meta?.extensions?.auth?.studio?.publicPaths ?? [];
34
+ if (!isPublicPath(path, publicPaths)) {
35
+ utils.location.navigate(`${loginPath}?redirect=${encodeURIComponent(path)}`);
36
+ }
37
+ }
package/extensions/auth/collections/collections.ts CHANGED
@@ -15,11 +15,7 @@ export function collections(
15
15
  // Convert the role field to an enum based on configured roles
16
16
  const roleNames = Object.keys(extensionConfig.roles ?? {}).filter(r => r !== "public");
17
17
  if (roleNames.length > 0) {
18
- const usersFields = (collectionsSchemas["auth_users"] as { fields: Record<string, any> }).fields;
19
- usersFields.role = {
20
- ...usersFields.role,
21
- enum: [{ value: "admin" }, ...roleNames.map(r => ({ value: r }))],
22
- };
18
+ (usersCollection.fields.role as any).enum = [{ value: "admin" }, ...roleNames.map(r => ({ value: r }))];
23
19
  }
24
20
 
25
21
  // adding the additional fields and indexes if the extend_users property exists
package/extensions/auth/collections/users.ts CHANGED
@@ -39,7 +39,6 @@ export const usersCollection: NormalCollectionConfig = {
39
39
  type: "string",
40
40
  length: 255,
41
41
  required: true,
42
- enum: []
43
42
  },
44
43
  },
45
44
  };
package/extensions/auth/index.ts CHANGED
@@ -10,6 +10,7 @@ import { getWorkflows } from "./workflows/index.ts";
10
10
  export default function auth(extensionConfig: ExtensionConfig): Extension {
11
11
  return {
12
12
  name: "auth",
13
+ icon: "Key",
13
14
  init: (lobb) => init(lobb, extensionConfig),
14
15
  collections: (lobb) => collections(lobb, extensionConfig),
15
16
  migrations: migrations,
package/extensions/auth/studio/index.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import type { Extension, ExtensionUtils } from "@lobb-js/studio";
2
2
  import { Auth } from "./auth";
3
- import { onStartup } from "./onStartup";
3
+ import { onStartup, onRouteChange } from "./onStartup";
4
4
  import LoginPage from "./lib/components/pages/loginPage/index.svelte";
5
5
  import UserSettings from "./lib/components/pages/userSettings/index.svelte";
6
6
  import Settings from "./lib/components/pages/settings/index.svelte";
@@ -10,6 +10,7 @@ export default function extension(utils: ExtensionUtils): Extension {
10
10
  return {
11
11
  name: "auth",
12
12
  onStartup: onStartup,
13
+ onRouteChange: onRouteChange,
13
14
  components: {
14
15
  "pages.login_page": LoginPage,
15
16
  "pages.user_settings": UserSettings,
package/extensions/auth/studio/onStartup.ts CHANGED
@@ -1,9 +1,16 @@
1
1
  import type { ExtensionUtils } from "@lobb-js/studio";
2
2
  import { Auth } from "./auth";
3
3
 
4
+ const loginPath = "/studio/extensions/auth/login_page";
5
+
6
+ function isPublicPath(path: string, publicPaths: string[]) {
7
+ return path === loginPath || publicPaths.some(p => path.startsWith(p));
8
+ }
9
+
4
10
  export async function onStartup(utils: ExtensionUtils) {
5
- // logout if we got an Unauthorized response
6
11
  const auth = new Auth(utils);
12
+
13
+ // Logout if we got an Unauthorized response
7
14
  utils.lobb.onResponse(async (response) => {
8
15
  if (response.status === 401) {
9
16
  const body = await response.json();
@@ -15,19 +22,27 @@ export async function onStartup(utils: ExtensionUtils) {
15
22
  }
16
23
  }
17
24
  });
25
+
18
26
  const session = auth.getSession();
19
- // if user is logged in
20
27
  if (session) {
21
28
  utils.ctx.extensions.auth.session = session;
22
29
  return;
23
30
  }
24
31
 
25
- // Allow public paths without login
26
32
  const publicPaths: string[] = utils.ctx.meta?.extensions?.auth?.studio?.publicPaths ?? [];
27
- const currentPath = window.location.pathname;
28
- if (publicPaths.some(p => currentPath.startsWith(p))) {
33
+ if (isPublicPath(window.location.pathname, publicPaths)) {
29
34
  return;
30
35
  }
31
36
 
32
37
  await auth.logout()
33
38
  }
39
+
40
+ export function onRouteChange(utils: ExtensionUtils, path: string) {
41
+ const auth = new Auth(utils);
42
+ if (auth.getSession()) return;
43
+
44
+ const publicPaths: string[] = utils.ctx.meta?.extensions?.auth?.studio?.publicPaths ?? [];
45
+ if (!isPublicPath(path, publicPaths)) {
46
+ utils.location.navigate(`${loginPath}?redirect=${encodeURIComponent(path)}`);
47
+ }
48
+ }
package/extensions/auth/tests/configs/auth.ts CHANGED
@@ -41,6 +41,17 @@ export const authConfig: Config = {
41
41
  },
42
42
  },
43
43
  },
44
+ author: {
45
+ permissions: {
46
+ auth_users: {
47
+ read: {
48
+ filter: { id: ({ user }: any) => user?.id ?? null },
49
+ },
50
+ update: true,
51
+ delete: true,
52
+ },
53
+ },
54
+ },
44
55
  },
45
56
  }),
46
57
  ],
package/extensions/auth/tests/controllers/me.test.ts CHANGED
@@ -166,7 +166,7 @@ describe("Login", () => {
166
166
  );
167
167
  await response2.json();
168
168
 
169
- expect(response2.status).toEqual(403);
169
+ expect(response2.status).not.toEqual(200);
170
170
  });
171
171
 
172
172
  it("should prevent the test user to mutate another user", async () => {
@@ -248,7 +248,7 @@ describe("Login", () => {
248
248
  },
249
249
  body: JSON.stringify({
250
250
  data: {
251
- role: "test",
251
+ role: "author",
252
252
  },
253
253
  }),
254
254
  },
package/extensions/auth/tests/middlewares/adminProtection.test.ts ADDED
@@ -0,0 +1,59 @@
1
+ import { Lobb } from "@lobb-js/core";
2
+ import { afterAll, beforeAll, describe, it, expect } from "bun:test";
3
+ import { authNoRolesConfig } from "../configs/auth_no_roles.ts";
4
+
5
+ describe("Admin user protection", () => {
6
+ let lobb: Lobb;
7
+ let baseUrl: string;
8
+ const authHeader = new Headers();
9
+
10
+ beforeAll(async () => {
11
+ lobb = await Lobb.init(authNoRolesConfig);
12
+ baseUrl = `http://127.0.0.1:${lobb.webServer.port}`;
13
+
14
+ const response = await fetch(
15
+ `${baseUrl}/api/collections/auth_sessions`,
16
+ {
17
+ method: "POST",
18
+ headers: { "Content-Type": "application/json" },
19
+ body: JSON.stringify({
20
+ data: { email: "admin@test.com", password: "admin" },
21
+ }),
22
+ },
23
+ );
24
+ const result = await response.json();
25
+ authHeader.append("Authorization", `Bearer ${result.data.access_token.token}`);
26
+ });
27
+
28
+ afterAll(async () => {
29
+ await lobb.close();
30
+ });
31
+
32
+ it("should prevent deleting the admin user", async () => {
33
+ const response = await fetch(
34
+ `${baseUrl}/api/collections/auth_users/1`,
35
+ { method: "DELETE", headers: authHeader },
36
+ );
37
+ const result = await response.json();
38
+
39
+ expect(response.status).toEqual(403);
40
+ expect(result.message).toEqual("The admin user cannot be deleted.");
41
+ });
42
+
43
+ it("should prevent updating the admin user", async () => {
44
+ const response = await fetch(
45
+ `${baseUrl}/api/collections/auth_users/1`,
46
+ {
47
+ method: "PATCH",
48
+ headers: authHeader,
49
+ body: JSON.stringify({
50
+ data: { email: "hacked@example.com" },
51
+ }),
52
+ },
53
+ );
54
+ const result = await response.json();
55
+
56
+ expect(response.status).toEqual(403);
57
+ expect(result.message).toEqual("The admin user cannot be updated.");
58
+ });
59
+ });
package/extensions/auth/workflows/baseWorkflow.ts CHANGED
@@ -8,10 +8,9 @@ export function getBaseWorkflows(_extensionConfig: ExtensionConfig): Workflow[]
8
8
  return [
9
9
  {
10
10
  name: "auth_preventAdminUserDeletion",
11
- eventName: "core.store.preDeleteOne",
11
+ eventName: "core.service.preDeleteOne",
12
12
  handler: async (input, ctx) => {
13
13
  if (input.collectionName !== "auth_users") return;
14
- if (input.triggeredBy !== "API") return;
15
14
 
16
15
  if (Number(input.id) === 1) {
17
16
  throw new ctx.LobbError({
@@ -21,6 +20,20 @@ export function getBaseWorkflows(_extensionConfig: ExtensionConfig): Workflow[]
21
20
  }
22
21
  },
23
22
  },
23
+ {
24
+ name: "auth_preventAdminUserUpdate",
25
+ eventName: "core.service.preUpdateOne",
26
+ handler: async (input, ctx) => {
27
+ if (input.collectionName !== "auth_users") return;
28
+
29
+ if (Number(input.id) === 1) {
30
+ throw new ctx.LobbError({
31
+ code: "FORBIDDEN",
32
+ message: "The admin user cannot be updated.",
33
+ });
34
+ }
35
+ },
36
+ },
24
37
  ...baseWorkflows,
25
38
  ];
26
39
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lobb-js/lobb-ext-auth",
3
- "version": "0.7.0",
3
+ "version": "0.9.0",
4
4
  "license": "UNLICENSED",
5
5
  "type": "module",
6
6
  "publishConfig": {
@@ -33,12 +33,12 @@
33
33
  "package": "svelte-package --input extensions/auth/studio"
34
34
  },
35
35
  "dependencies": {
36
- "@lobb-js/core": "^0.27.0",
36
+ "@lobb-js/core": "^0.29.0",
37
37
  "argon2": "^0.40.3",
38
38
  "hono": "^4.7.0"
39
39
  },
40
40
  "devDependencies": {
41
- "@lobb-js/studio": "^0.24.1",
41
+ "@lobb-js/studio": "^0.26.0",
42
42
  "@lucide/svelte": "^0.563.1",
43
43
  "@playwright/test": "^1.58.2",
44
44
  "@sveltejs/adapter-node": "^5.5.4",