@niledatabase/server 4.0.0-alpha.2 → 4.0.0-alpha.21

package/dist/index.mjs

@@ -73,7 +73,7 @@ var X_NILE_SECURECOOKIES = "nile.secure_cookies";
 
 // src/api/utils/request.ts
 async function request(url, _init, config) {
-  const { info, error } = Logger(config, "[REQUEST]");
+  const { debug, info, error } = Logger(config, "[REQUEST]");
   const { request: request2, ...init } = _init;
   const requestUrl = new URL(request2.url);
   const updatedHeaders = new Headers({});
@@ -91,9 +91,17 @@ async function request(url, _init, config) {
   }
   updatedHeaders.set("host", requestUrl.host);
   if (config.api.callbackUrl) {
-    updatedHeaders.set(X_NILE_ORIGIN, config.api.callbackUrl);
+    const cbUrl = new URL(config.api.callbackUrl);
+    debug(
+      `Obtained origin from config.api.callbackUrl ${config.api.callbackUrl}`
+    );
+    updatedHeaders.set(X_NILE_ORIGIN, cbUrl.origin);
+  } else if (config.api.origin) {
+    debug(`Obtained origin from config.api.origin ${config.api.origin}`);
+    updatedHeaders.set(X_NILE_ORIGIN, config.api.origin);
   } else {
     updatedHeaders.set(X_NILE_ORIGIN, requestUrl.origin);
+    debug(`Obtained origin from request ${requestUrl.origin}`);
   }
   const params = { ...init, headers: updatedHeaders };
   if (params.method === "POST" || params.method === "PUT") {
@@ -420,6 +428,7 @@ var ApiConfig = class {
   routes;
   routePrefix;
   secureCookies;
+  origin;
   /**
    * The client side callback url. Defaults to nothing (so nile.origin will be it), but in the cases of x-origin, you want to set this explicitly to be sure nile-auth does the right thing
    * If this is set, any `callbackUrl` from the client will be ignored.
@@ -435,6 +444,7 @@ var ApiConfig = class {
     this.basePath = getBasePath(envVarConfig);
     this.routes = config?.api?.routes;
     this.routePrefix = config?.api?.routePrefix;
+    this.origin = config?.api?.origin;
   }
   get token() {
     return this._token;
@@ -1067,12 +1077,9 @@ async function _fetch(config, path, opts) {
     if (response?.status === 405) {
       return new ResponseError("Method not allowed", { status: 405 });
     }
-    let res;
     const errorHandler = typeof response?.clone === "function" ? response.clone() : null;
     let msg = "";
-    try {
-      res = await response?.json();
-    } catch (e) {
+    const res = await response?.json().catch(async (e) => {
       if (errorHandler) {
         msg = await errorHandler.text();
         if (msg) {
@@ -1085,7 +1092,8 @@ async function _fetch(config, path, opts) {
       if (!msg) {
         error("[fetch][response]", { e });
       }
-    }
+      return e;
+    });
     if (msg) {
       return new ResponseError(msg, { status: errorHandler?.status });
     }
@@ -1104,7 +1112,8 @@ async function _fetch(config, path, opts) {
     error(
       `[fetch][response][status: ${errorHandler?.status}] UNHANDLED ERROR`,
       {
-        res
+        response,
+        message: await response.text()
       }
     );
     return new ResponseError(null, {
@@ -1528,11 +1537,7 @@ function matches12(configRoutes, request2) {
 // src/api/routes/auth/password-reset.ts
 var key10 = "PASSWORD_RESET";
 async function route13(req, config) {
-  let url = proxyRoutes(config)[key10];
-  const { searchParams } = new URL(req.url);
-  if (searchParams.size > 0) {
-    url = `${url}?${searchParams.toString()}`;
-  }
+  const url = proxyRoutes(config)[key10];
   const res = await request(
     url,
     {
@@ -1645,8 +1650,16 @@ function POSTER(configRoutes, config) {
   const { info, warn, error } = Logger(config, "[POST MATCHER]");
   return async function POST5(req) {
     if (matchesLog(configRoutes, req)) {
-      error(req.body && await req.json());
-      return new Response(null, { status: 200 });
+      if (req.body) {
+        try {
+          const text = await req.text();
+          error(text);
+          return new Response(null, {
+            status: 200
+          });
+        } catch (e) {
+        }
+      }
     }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
@@ -1771,7 +1784,7 @@ var appRoutes = (prefix = "/api") => ({
   TENANT_USER: `${prefix}/tenants/{tenantId}/users/{userId}`,
   TENANT_USERS: `${prefix}/tenants/{tenantId}/users`,
   SIGNUP: `${prefix}/signup`,
-  LOG: `${prefix}/auth/_log`
+  LOG: `${prefix}/_log`
 });
 
 // src/utils/Requester/index.ts
@@ -1781,9 +1794,9 @@ var Requester = class extends Config {
   }
   async rawRequest(method, url, init, body) {
     const _init = {
-      ...init,
       body,
-      method
+      method,
+      ...init
     };
     const res = await _fetch(this, url, _init);
     if (res instanceof ResponseError) {
@@ -1852,8 +1865,11 @@ var Requester = class extends Config {
     }
     return response;
   }
-  async get(req, url, init) {
+  async get(req, url, init, raw = false) {
     const response = await this.request("GET", url, req, init);
+    if (raw) {
+      return response;
+    }
     if (response && response.status >= 200 && response.status < 300) {
       const cloned = response.clone();
       try {
@@ -1881,8 +1897,8 @@ var Requester = class extends Config {
 };
 
 // src/auth/index.ts
-var ORIGIN = "https://us-west-2.api.dev.thenile.dev";
 function serverLogin(config, handlers) {
+  const ORIGIN = config.api.origin ?? "http://localhost:3000";
   const { info, error, debug } = Logger(config, "[server side login]");
   const routes = appRoutes(config.api.routePrefix);
   return async function login({
@@ -1973,17 +1989,31 @@ function serverLogin(config, handlers) {
       ...baseHeaders,
       cookie: [token, csrfCookie].join("; ")
     });
-    return headers;
+    return [headers, loginRes];
   };
 }
 var Auth = class extends Config {
   headers;
-  constructor(config, headers) {
+  resetHeaders;
+  constructor(config, headers, params) {
     super(config);
+    this.logger = Logger(config, "[auth]");
     this.headers = headers;
+    this.logger = Logger(config, "[auth]");
+    this.resetHeaders = params?.resetHeaders;
   }
   handleHeaders(init) {
     if (this.headers) {
+      const cburl = getCallbackUrl2(this.headers);
+      if (cburl) {
+        try {
+          this.headers.set(X_NILE_ORIGIN, new URL(cburl).origin);
+        } catch (e) {
+          if (this.logger?.debug) {
+            this.logger.debug("Invalid URL supplied by cookie header");
+          }
+        }
+      }
       if (init) {
         init.headers = new Headers({ ...this.headers, ...init?.headers });
         return init;
@@ -2008,6 +2038,113 @@ var Auth = class extends Config {
     }
     return session;
   };
+  get getCsrfUrl() {
+    return "/auth/csrf";
+  }
+  async getCsrf(req, init, raw = false) {
+    const _requester = new Requester(this);
+    const _init = this.handleHeaders(init);
+    return await _requester.get(req, this.getCsrfUrl, _init, raw);
+  }
+  get listProvidersUrl() {
+    return "/auth/providers";
+  }
+  listProviders = async (req, init) => {
+    const _requester = new Requester(this);
+    const _init = this.handleHeaders(init);
+    return await _requester.get(req, this.listProvidersUrl, _init);
+  };
+  get signOutUrl() {
+    return "/auth/signout";
+  }
+  signOut = async (req, init) => {
+    const _requester = new Requester(this);
+    const _init = this.handleHeaders(init);
+    const csrf = await this.getCsrf(
+      req,
+      void 0,
+      true
+    );
+    const csrfHeader = getCsrfToken(csrf.headers, this.headers);
+    const callbackUrl = req && "callbackUrl" in req ? String(req.callbackUrl) : "/";
+    if (!csrfHeader) {
+      this.logger?.debug && this.logger.debug("Request blocked from invalid csrf header");
+      return new Response("Request blocked", { status: 400 });
+    }
+    const headers = new Headers(_init?.headers);
+    const { csrfToken } = await csrf.json() ?? {};
+    const cooks = getCookies(headers);
+    if (csrfHeader) {
+      if (cooks["__Secure-nile.csrf-token"]) {
+        cooks["__Secure-nile.csrf-token"] = encodeURIComponent(csrfHeader);
+      }
+      if (cooks["nile.csrf-token"]) {
+        cooks["nile.csrf-token"] = encodeURIComponent(csrfHeader);
+      }
+    }
+    headers.set(
+      "cookie",
+      Object.keys(cooks).map((key12) => `${key12}=${cooks[key12]}`).join("; ")
+    );
+    const res = await _requester.post(req, this.signOutUrl, {
+      method: "post",
+      body: JSON.stringify({
+        csrfToken,
+        callbackUrl,
+        json: String(true)
+      }),
+      ..._init,
+      headers
+    });
+    this.resetHeaders && this.resetHeaders();
+    return res;
+  };
+};
+function getCallbackUrl2(headers) {
+  if (headers) {
+    const cookies = getCookies(headers);
+    if (cookies) {
+      return cookies["__Secure-nile.callback-url"] || cookies["nile.callback-url"];
+    }
+  }
+}
+function getCsrfToken(headers, initHeaders) {
+  if (headers) {
+    const cookies = getCookies(headers);
+    let validCookie = "";
+    if (cookies) {
+      validCookie = cookies["__Secure-nile.csrf-token"] || cookies["nile.csrf-token"];
+    }
+    if (validCookie) {
+      return validCookie;
+    }
+  }
+  if (initHeaders) {
+    const cookies = getCookies(initHeaders);
+    if (cookies) {
+      return cookies["__Secure-nile.csrf-token"] || cookies["nile.csrf-token"];
+    }
+  }
+}
+var getCookies = (headers) => {
+  if (!headers) return {};
+  const cookieHeader = headers.get("cookie") || "";
+  const setCookieHeaders = headers.get("set-cookie") || "";
+  const allCookies = [
+    ...cookieHeader.split("; "),
+    // Regular 'cookie' header (semicolon-separated)
+    ...setCookieHeaders.split(/,\s*(?=[^;, ]+=)/)
+    // Smart split for 'set-cookie'
+  ].filter(Boolean);
+  return Object.fromEntries(
+    allCookies.map((cookie) => {
+      const [key12, ...val] = cookie.split("=");
+      return [
+        decodeURIComponent(key12.trim()),
+        decodeURIComponent(val.join("=").trim())
+      ];
+    })
+  );
 };
 
 // src/tenants/index.ts
@@ -2214,7 +2351,9 @@ var Api = class {
   paths;
   constructor(config) {
     this.config = config;
-    this.auth = new Auth(config);
+    this.auth = new Auth(config, void 0, {
+      resetHeaders: this.resetHeaders
+    });
     this.users = new Users(config);
     this.tenants = new Tenants(config);
     this.routes = {
@@ -2244,7 +2383,7 @@ var Api = class {
         this.routes.USERS,
         this.routes.TENANTS,
         this.routes.SESSION,
-        this.routes.SIGNIN,
+        `${this.routes.SIGNIN}/{provider}`,
         this.routes.PASSWORD_RESET,
         this.routes.PROVIDERS,
         this.routes.CSRF,
@@ -2260,27 +2399,47 @@ var Api = class {
       delete: [this.routes.TENANT_USER, this.routes.TENANT]
     };
   }
-  updateConfig(config) {
+  reset = () => {
+    this.users = new Users(this.config, this._headers);
+    this.tenants = new Tenants(this.config, this._headers);
+    this.auth = new Auth(this.config, this._headers, {
+      resetHeaders: this.resetHeaders
+    });
+  };
+  updateConfig = (config) => {
     this.config = config;
     this.handlers = Handlers(this.routes, config);
-  }
+  };
+  resetHeaders = (headers) => {
+    this._headers = new Headers(headers ?? {});
+    this.reset();
+  };
   set headers(headers) {
-    this.users = new Users(this.config, headers);
-    this.tenants = new Tenants(this.config, headers);
-    this.auth = new Auth(this.config, headers);
     this._headers = headers;
+    this.reset();
   }
-  async login(payload) {
-    this.headers = await serverLogin(this.config, this.handlers)(payload);
+  get headers() {
+    return this._headers;
   }
-  async session(req) {
+  login = async (payload, config) => {
+    const [headers, loginRes] = await serverLogin(
+      this.config,
+      this.handlers
+    )(payload);
+    this.headers = headers;
+    if (config?.returnResponse) {
+      return loginRes;
+    }
+    return void 0;
+  };
+  session = async (req) => {
     if (req instanceof Headers) {
       return this.auth.getSession(req);
     } else if (req instanceof Request) {
       return auth(req, this.config);
     }
     return this.auth.getSession(this._headers);
-  }
+  };
 };
 
 // src/Server.ts