@objectstack/plugin-auth 7.2.0 → 7.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +11 -10
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +11 -10
- package/dist/index.mjs.map +1 -1
- package/package.json +5 -4
package/dist/index.mjs
CHANGED
|
@@ -7,6 +7,9 @@ import {
|
|
|
7
7
|
} from "@objectstack/platform-objects/apps";
|
|
8
8
|
import { SysOrganizationDetailPage, SysUserDetailPage } from "@objectstack/platform-objects/pages";
|
|
9
9
|
|
|
10
|
+
// src/auth-manager.ts
|
|
11
|
+
import { readEnvWithDeprecation } from "@objectstack/types";
|
|
12
|
+
|
|
10
13
|
// src/objectql-adapter.ts
|
|
11
14
|
import { createAdapterFactory } from "better-auth/adapters";
|
|
12
15
|
import { SystemObjectName } from "@objectstack/spec/system";
|
|
@@ -719,10 +722,10 @@ var AuthManager = class {
|
|
|
719
722
|
})
|
|
720
723
|
},
|
|
721
724
|
// Trusted origins for CSRF protection (supports wildcards like "https://*.example.com")
|
|
722
|
-
// Auto-includes origins from
|
|
725
|
+
// Auto-includes origins from OS_CORS_ORIGIN env var so CORS and CSRF stay in sync.
|
|
723
726
|
...(() => {
|
|
724
727
|
const origins = [...this.config.trustedOrigins || []];
|
|
725
|
-
const corsOrigin =
|
|
728
|
+
const corsOrigin = readEnvWithDeprecation("OS_CORS_ORIGIN", "CORS_ORIGIN");
|
|
726
729
|
if (corsOrigin && corsOrigin !== "*") {
|
|
727
730
|
corsOrigin.split(",").map((s) => s.trim()).filter(Boolean).forEach((o) => {
|
|
728
731
|
if (!origins.includes(o)) origins.push(o);
|
|
@@ -884,9 +887,8 @@ var AuthManager = class {
|
|
|
884
887
|
beforeCreateOrganization: async () => {
|
|
885
888
|
const env = globalThis?.process?.env ?? {};
|
|
886
889
|
const explicit = env.OS_MULTI_ORG_ENABLED;
|
|
887
|
-
const
|
|
888
|
-
|
|
889
|
-
).toLowerCase();
|
|
890
|
+
const legacy = explicit === void 0 ? readEnvWithDeprecation("OS_MULTI_ORG_ENABLED", "OS_MULTI_TENANT") : explicit;
|
|
891
|
+
const flag = String(legacy ?? "false").toLowerCase();
|
|
890
892
|
if (flag === "false") {
|
|
891
893
|
const { APIError } = await import("better-auth/api");
|
|
892
894
|
throw new APIError("FORBIDDEN", {
|
|
@@ -1123,11 +1125,11 @@ var AuthManager = class {
|
|
|
1123
1125
|
* Generate a secure secret if not provided
|
|
1124
1126
|
*/
|
|
1125
1127
|
generateSecret() {
|
|
1126
|
-
const envSecret =
|
|
1128
|
+
const envSecret = readEnvWithDeprecation("OS_AUTH_SECRET", ["AUTH_SECRET", "BETTER_AUTH_SECRET"]);
|
|
1127
1129
|
if (!envSecret) {
|
|
1128
1130
|
const fallbackSecret = "dev-secret-" + Date.now();
|
|
1129
1131
|
console.warn(
|
|
1130
|
-
"\u26A0\uFE0F WARNING: No
|
|
1132
|
+
"\u26A0\uFE0F WARNING: No OS_AUTH_SECRET environment variable set! Using a temporary development secret. This is NOT secure for production use. Please set OS_AUTH_SECRET in your environment variables."
|
|
1131
1133
|
);
|
|
1132
1134
|
return fallbackSecret;
|
|
1133
1135
|
}
|
|
@@ -1280,9 +1282,8 @@ var AuthManager = class {
|
|
|
1280
1282
|
};
|
|
1281
1283
|
const pluginConfig = this.config.plugins ?? {};
|
|
1282
1284
|
const multiOrgEnv = globalThis?.process?.env ?? {};
|
|
1283
|
-
const
|
|
1284
|
-
|
|
1285
|
-
).toLowerCase() !== "false";
|
|
1285
|
+
const multiOrgRaw = multiOrgEnv.OS_MULTI_ORG_ENABLED !== void 0 ? multiOrgEnv.OS_MULTI_ORG_ENABLED : readEnvWithDeprecation("OS_MULTI_ORG_ENABLED", "OS_MULTI_TENANT") ?? "false";
|
|
1286
|
+
const multiOrgEnabled = String(multiOrgRaw).toLowerCase() !== "false";
|
|
1286
1287
|
const DEFAULT_TERMS_URL = "https://objectstack.ai/terms";
|
|
1287
1288
|
const DEFAULT_PRIVACY_URL = "https://objectstack.ai/privacy";
|
|
1288
1289
|
const rawTermsUrl = globalThis?.process?.env?.OS_TERMS_URL;
|