@markwharton/pwa-core 3.4.0 → 3.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.d.ts +2 -0
- package/dist/server.js +5 -2
- package/package.json +1 -1
package/dist/server.d.ts
CHANGED
|
@@ -458,6 +458,8 @@ export interface SessionAuthConfig {
|
|
|
458
458
|
allowedDomain?: string;
|
|
459
459
|
/** Emails that get isAdmin=true */
|
|
460
460
|
adminEmails?: string[];
|
|
461
|
+
/** Custom email validation callback (overrides default allowedEmails/allowedDomain check). Supports async for database lookups. */
|
|
462
|
+
isEmailAllowed?: (email: string) => boolean | Promise<boolean>;
|
|
461
463
|
/** Base URL for magic links and SWA preview URL validation */
|
|
462
464
|
appBaseUrl?: string;
|
|
463
465
|
/** Required callback to send magic link emails */
|
package/dist/server.js
CHANGED
|
@@ -970,8 +970,11 @@ async function createMagicLink(email, request) {
|
|
|
970
970
|
if (!isValidEmail(normalizedEmail)) {
|
|
971
971
|
return (0, shared_1.err)('Valid email required', shared_1.HTTP_STATUS.BAD_REQUEST);
|
|
972
972
|
}
|
|
973
|
-
// Check allowlist
|
|
974
|
-
|
|
973
|
+
// Check allowlist (custom callback overrides default)
|
|
974
|
+
const emailAllowed = config.isEmailAllowed
|
|
975
|
+
? await config.isEmailAllowed(normalizedEmail)
|
|
976
|
+
: isEmailAllowed(normalizedEmail);
|
|
977
|
+
if (!emailAllowed) {
|
|
975
978
|
return (0, shared_1.err)('Email not allowed', shared_1.HTTP_STATUS.FORBIDDEN);
|
|
976
979
|
}
|
|
977
980
|
// Check rate limit
|