@markwharton/pwa-core 3.4.0 → 3.4.2

package/dist/server.d.ts

@@ -458,6 +458,8 @@ export interface SessionAuthConfig {
     allowedDomain?: string;
     /** Emails that get isAdmin=true */
     adminEmails?: string[];
+    /** Custom email validation callback (overrides default allowedEmails/allowedDomain check). Supports async for database lookups. */
+    isEmailAllowed?: (email: string) => boolean | Promise<boolean>;
     /** Base URL for magic links and SWA preview URL validation */
     appBaseUrl?: string;
     /** Required callback to send magic link emails */
@@ -479,14 +481,15 @@ export declare function initSessionAuth(config: SessionAuthConfig): void;
  * Initializes session auth from environment variables.
  * Reads: SESSION_COOKIE_NAME, APP_BASE_URL, ALLOWED_EMAILS, ALLOWED_DOMAIN, ADMIN_EMAILS.
  * @param sendEmail - Required callback to send magic link emails
+ * @param overrides - Optional config overrides (e.g., isEmailAllowed callback)
  * @throws Error if sendEmail is not provided
  * @example
  * initSessionAuthFromEnv(async (to, magicLink) => {
  *   await resend.emails.send({ to, html: `<a href="${magicLink}">Sign In</a>` });
  *   return true;
- * });
+ * }, { isEmailAllowed: async (email) => lookupInDatabase(email) });
  */
-export declare function initSessionAuthFromEnv(sendEmail: (to: string, magicLink: string) => Promise<boolean>): void;
+export declare function initSessionAuthFromEnv(sendEmail: (to: string, magicLink: string) => Promise<boolean>, overrides?: Partial<Omit<SessionAuthConfig, 'sendEmail'>>): void;
 /**
  * Parses cookies from a request's Cookie header.
  * @param request - Request object with headers.get() method

package/dist/server.js

@@ -754,14 +754,15 @@ function initSessionAuth(config) {
  * Initializes session auth from environment variables.
  * Reads: SESSION_COOKIE_NAME, APP_BASE_URL, ALLOWED_EMAILS, ALLOWED_DOMAIN, ADMIN_EMAILS.
  * @param sendEmail - Required callback to send magic link emails
+ * @param overrides - Optional config overrides (e.g., isEmailAllowed callback)
  * @throws Error if sendEmail is not provided
  * @example
  * initSessionAuthFromEnv(async (to, magicLink) => {
  *   await resend.emails.send({ to, html: `<a href="${magicLink}">Sign In</a>` });
  *   return true;
- * });
+ * }, { isEmailAllowed: async (email) => lookupInDatabase(email) });
  */
-function initSessionAuthFromEnv(sendEmail) {
+function initSessionAuthFromEnv(sendEmail, overrides) {
     const allowedEmailsStr = process.env.ALLOWED_EMAILS;
     const adminEmailsStr = process.env.ADMIN_EMAILS;
     initSessionAuth({
@@ -774,6 +775,7 @@ function initSessionAuthFromEnv(sendEmail) {
         adminEmails: adminEmailsStr
             ? adminEmailsStr.split(',').map(e => e.trim().toLowerCase())
             : undefined,
+        ...overrides,
         sendEmail
     });
 }
@@ -970,8 +972,11 @@ async function createMagicLink(email, request) {
     if (!isValidEmail(normalizedEmail)) {
         return (0, shared_1.err)('Valid email required', shared_1.HTTP_STATUS.BAD_REQUEST);
     }
-    // Check allowlist
-    if (!isEmailAllowed(normalizedEmail)) {
+    // Check allowlist (custom callback overrides default)
+    const emailAllowed = config.isEmailAllowed
+        ? await config.isEmailAllowed(normalizedEmail)
+        : isEmailAllowed(normalizedEmail);
+    if (!emailAllowed) {
         return (0, shared_1.err)('Email not allowed', shared_1.HTTP_STATUS.FORBIDDEN);
     }
     // Check rate limit

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@markwharton/pwa-core",
-  "version": "3.4.0",
+  "version": "3.4.2",
   "description": "Shared patterns for Azure PWA projects",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",