npm - @mostajs/auth - Versions diffs - 2.3.3 → 2.4.0 - Mend

@mostajs/auth 2.3.3 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/lib/credentials-provider.d.ts +57 -0
package/dist/lib/credentials-provider.js +84 -0
package/dist/server.d.ts +2 -0
package/dist/server.js +1 -0
package/package.json +7 -2

package/dist/lib/credentials-provider.d.ts ADDED Viewed

@@ -0,0 +1,57 @@
+export interface CredentialsProviderConfig {
+    /** Lookup the user row by email (case-insensitive). Return null if not found.
+     *  Conseillé : passer une fonction qui utilise UserRepository de @mostajs/rbac
+     *  pour bénéficier de findByEmail (qui lowercase l'email côté repo). */
+    findUserByEmail: (email: string) => Promise<any | null>;
+    /** Default role assigned when the user has no role relations (default: 'user'). */
+    defaultRole?: string;
+    /** Custom check before allowing login (e.g. email verified, 2FA).
+     *  Return false to block. Default: status !== 'disabled' && status !== 'locked'. */
+    checkUserAllowed?: (user: any) => boolean | Promise<boolean>;
+    /** Custom role resolution. Default: first user.roles[].name or fallback. */
+    resolveRole?: (user: any) => string | Promise<string>;
+    /** Custom display name. Default: "<firstName> <lastName>" trimmed → email. */
+    resolveName?: (user: any) => string;
+    /** Provider id (default: 'credentials'). Useful if multiple providers coexist. */
+    id?: string;
+    /** Provider display name (default: 'Email + Password'). */
+    name?: string;
+}
+/**
+ * Build a NextAuth Credentials provider config (returned as plain object,
+ * directly passable to `NextAuth({ providers: [provider], ... })` without
+ * any next-auth imports côté consumer).
+ *
+ * Usage :
+ *   import { createCredentialsProvider } from '@mostajs/auth/server'
+ *
+ *   NextAuth({
+ *     providers: [
+ *       createCredentialsProvider({
+ *         findUserByEmail: async (email) => userRepo.findByEmail(email),
+ *         defaultRole: 'user',
+ *       }),
+ *     ],
+ *   })
+ */
+export declare function createCredentialsProvider(config: CredentialsProviderConfig): {
+    id: string;
+    name: string;
+    type: "credentials";
+    credentials: {
+        email: {
+            label: string;
+            type: string;
+        };
+        password: {
+            label: string;
+            type: string;
+        };
+    };
+    authorize(credentials: any): Promise<{
+        id: any;
+        email: any;
+        name: string;
+        role: string;
+    } | null>;
+};

package/dist/lib/credentials-provider.js ADDED Viewed

@@ -0,0 +1,84 @@
+// @mostajs/auth — Email + password credentials provider for NextAuth
+//
+// Factorise le boilerplate NextAuth Credentials que chaque app refait. Le
+// consumer obtient un provider PRÊT À L'EMPLOI à passer à NextAuth({providers}) :
+// il n'importe ni `next-auth/providers/credentials`, ni bcrypt, ni le
+// UserRepository — tout est encapsulé.
+//
+// Pendant naturel de createApiKeyProvider (même style de retour : objet
+// provider config plat). Différence : authentication via email/password
+// (UI register/signin) vs API key (programmatic).
+//
+// Le caller fournit `findUserByEmail` (ou laisse passer pour un default
+// fail-closed). Pour leverager directement @mostajs/rbac, il suffit de
+// passer `(email) => new UserRepository(dialect).findByEmail(email)`.
+//
+// Author: Dr Hamid MADANI <drmdh@msn.com>
+import { comparePassword } from './password.js';
+function defaultStatusCheck(user) {
+    return user.status !== 'disabled' && user.status !== 'locked';
+}
+function defaultRoleResolver(user, fallback) {
+    if (user.roles?.length > 0) {
+        const r = user.roles[0];
+        return typeof r === 'string' ? r : (r?.name ?? fallback);
+    }
+    return user.role ?? fallback;
+}
+function defaultNameResolver(user) {
+    return `${user.firstName ?? ''} ${user.lastName ?? ''}`.trim() || (user.email ?? '');
+}
+/**
+ * Build a NextAuth Credentials provider config (returned as plain object,
+ * directly passable to `NextAuth({ providers: [provider], ... })` without
+ * any next-auth imports côté consumer).
+ *
+ * Usage :
+ *   import { createCredentialsProvider } from '@mostajs/auth/server'
+ *
+ *   NextAuth({
+ *     providers: [
+ *       createCredentialsProvider({
+ *         findUserByEmail: async (email) => userRepo.findByEmail(email),
+ *         defaultRole: 'user',
+ *       }),
+ *     ],
+ *   })
+ */
+export function createCredentialsProvider(config) {
+    const defaultRole = config.defaultRole ?? 'user';
+    const checkUserAllowed = config.checkUserAllowed ?? defaultStatusCheck;
+    const resolveRole = config.resolveRole ?? ((u) => defaultRoleResolver(u, defaultRole));
+    const resolveName = config.resolveName ?? defaultNameResolver;
+    return {
+        id: config.id ?? 'credentials',
+        name: config.name ?? 'Email + Password',
+        type: 'credentials',
+        credentials: {
+            email: { label: 'Email', type: 'email' },
+            password: { label: 'Password', type: 'password' },
+        },
+        async authorize(credentials) {
+            if (!credentials?.email || !credentials?.password)
+                return null;
+            const email = String(credentials.email).toLowerCase().trim();
+            const user = await config.findUserByEmail(email);
+            if (!user)
+                return null;
+            const allowed = await checkUserAllowed(user);
+            if (!allowed)
+                return null;
+            const valid = await comparePassword(String(credentials.password), user.password);
+            if (!valid)
+                return null;
+            const role = await resolveRole(user);
+            const name = resolveName(user);
+            return {
+                id: user.id,
+                email: user.email,
+                name,
+                role,
+            };
+        },
+    };
+}

package/dist/server.d.ts CHANGED Viewed

@@ -20,5 +20,7 @@ export { createPasswordResetHandlers, generateResetToken } from './lib/password-
 export type { PasswordResetConfig } from './lib/password-reset';
 export { createApiKeyProvider } from './lib/apikey-provider';
 export type { ApiKeyProviderConfig } from './lib/apikey-provider';
+export { createCredentialsProvider } from './lib/credentials-provider';
+export type { CredentialsProviderConfig } from './lib/credentials-provider';
 export { enrichTokenWithPlan, enrichSessionWithPlan } from './lib/session-enrichment';
 export type { SessionEnrichmentConfig } from './lib/session-enrichment';

package/dist/server.js CHANGED Viewed

@@ -27,5 +27,6 @@ export { createVerificationHandlers, generateVerifyToken } from './lib/email-ver
 export { createPasswordResetHandlers, generateResetToken } from './lib/password-reset.js';
 // API key provider
 export { createApiKeyProvider } from './lib/apikey-provider.js';
+export { createCredentialsProvider } from './lib/credentials-provider.js';
 // Session enrichment
 export { enrichTokenWithPlan, enrichSessionWithPlan } from './lib/session-enrichment.js';

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@mostajs/auth",
-  "version": "2.3.3",
+  "version": "2.4.0",
   "description": "Authentication — NextAuth, password hashing, session management",
   "author": "Dr Hamid MADANI <drmdh@msn.com>",
   "license": "AGPL-3.0-or-later",
@@ -83,6 +83,11 @@
       "import": "./dist/lib/apikey-provider.js",
       "default": "./dist/lib/apikey-provider.js"
     },
+    "./lib/credentials-provider": {
+      "types": "./dist/lib/credentials-provider.d.ts",
+      "import": "./dist/lib/credentials-provider.js",
+      "default": "./dist/lib/credentials-provider.js"
+    },
     "./lib/check-request": {
       "types": "./dist/lib/check-request.d.ts",
       "import": "./dist/lib/check-request.js",
@@ -120,7 +125,7 @@
   },
   "scripts": {
     "build": "tsc && npm run fix-esm",
-    "fix-esm": "find dist -name '*.js' -exec sed -i -E \"s|from '(\\\\.{1,2}/[^']+)'(;?)|from '\\\\1.js'\\\\2|g; s|from \\\"(\\\\.{1,2}/[^\\\"]+)\\\"(;?)|from \\\"\\\\1.js\\\"\\\\2|g\" {} \\; && find dist -name '*.js' -exec sed -i -E \"s|\\\\.js\\\\.js|.js|g\" {} \\;",
+    "fix-esm": "find dist -name '*.js' -exec sed -i -E \"s|from '(\\\\.{1,2}/[^']+)'(;?)|from '\\\\1.js'\\\\2|g; s|from \\\"(\\\\.{1,2}/[^\\\"]+)\\\"(;?)|from \\\"\\\\1.js\\\"\\\\2|g\" {} \\; && find dist -name '*.js' -exec sed -i -E \"s|\\\\.js\\\\.js|.js|g; s|\\\\.json\\\\.js|.json|g; s|\\\\.css\\\\.js|.css|g\" {} \\;",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {