@objectstack/plugin-auth 7.2.0 → 7.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +11 -10
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +11 -10
- package/dist/index.mjs.map +1 -1
- package/package.json +5 -4
package/dist/index.js
CHANGED
|
@@ -71,6 +71,9 @@ module.exports = __toCommonJS(index_exports);
|
|
|
71
71
|
var import_apps = require("@objectstack/platform-objects/apps");
|
|
72
72
|
var import_pages = require("@objectstack/platform-objects/pages");
|
|
73
73
|
|
|
74
|
+
// src/auth-manager.ts
|
|
75
|
+
var import_types = require("@objectstack/types");
|
|
76
|
+
|
|
74
77
|
// src/objectql-adapter.ts
|
|
75
78
|
var import_adapters = require("better-auth/adapters");
|
|
76
79
|
var import_system = require("@objectstack/spec/system");
|
|
@@ -783,10 +786,10 @@ var AuthManager = class {
|
|
|
783
786
|
})
|
|
784
787
|
},
|
|
785
788
|
// Trusted origins for CSRF protection (supports wildcards like "https://*.example.com")
|
|
786
|
-
// Auto-includes origins from
|
|
789
|
+
// Auto-includes origins from OS_CORS_ORIGIN env var so CORS and CSRF stay in sync.
|
|
787
790
|
...(() => {
|
|
788
791
|
const origins = [...this.config.trustedOrigins || []];
|
|
789
|
-
const corsOrigin =
|
|
792
|
+
const corsOrigin = (0, import_types.readEnvWithDeprecation)("OS_CORS_ORIGIN", "CORS_ORIGIN");
|
|
790
793
|
if (corsOrigin && corsOrigin !== "*") {
|
|
791
794
|
corsOrigin.split(",").map((s) => s.trim()).filter(Boolean).forEach((o) => {
|
|
792
795
|
if (!origins.includes(o)) origins.push(o);
|
|
@@ -948,9 +951,8 @@ var AuthManager = class {
|
|
|
948
951
|
beforeCreateOrganization: async () => {
|
|
949
952
|
const env = globalThis?.process?.env ?? {};
|
|
950
953
|
const explicit = env.OS_MULTI_ORG_ENABLED;
|
|
951
|
-
const
|
|
952
|
-
|
|
953
|
-
).toLowerCase();
|
|
954
|
+
const legacy = explicit === void 0 ? (0, import_types.readEnvWithDeprecation)("OS_MULTI_ORG_ENABLED", "OS_MULTI_TENANT") : explicit;
|
|
955
|
+
const flag = String(legacy ?? "false").toLowerCase();
|
|
954
956
|
if (flag === "false") {
|
|
955
957
|
const { APIError } = await import("better-auth/api");
|
|
956
958
|
throw new APIError("FORBIDDEN", {
|
|
@@ -1187,11 +1189,11 @@ var AuthManager = class {
|
|
|
1187
1189
|
* Generate a secure secret if not provided
|
|
1188
1190
|
*/
|
|
1189
1191
|
generateSecret() {
|
|
1190
|
-
const envSecret =
|
|
1192
|
+
const envSecret = (0, import_types.readEnvWithDeprecation)("OS_AUTH_SECRET", ["AUTH_SECRET", "BETTER_AUTH_SECRET"]);
|
|
1191
1193
|
if (!envSecret) {
|
|
1192
1194
|
const fallbackSecret = "dev-secret-" + Date.now();
|
|
1193
1195
|
console.warn(
|
|
1194
|
-
"\u26A0\uFE0F WARNING: No
|
|
1196
|
+
"\u26A0\uFE0F WARNING: No OS_AUTH_SECRET environment variable set! Using a temporary development secret. This is NOT secure for production use. Please set OS_AUTH_SECRET in your environment variables."
|
|
1195
1197
|
);
|
|
1196
1198
|
return fallbackSecret;
|
|
1197
1199
|
}
|
|
@@ -1344,9 +1346,8 @@ var AuthManager = class {
|
|
|
1344
1346
|
};
|
|
1345
1347
|
const pluginConfig = this.config.plugins ?? {};
|
|
1346
1348
|
const multiOrgEnv = globalThis?.process?.env ?? {};
|
|
1347
|
-
const
|
|
1348
|
-
|
|
1349
|
-
).toLowerCase() !== "false";
|
|
1349
|
+
const multiOrgRaw = multiOrgEnv.OS_MULTI_ORG_ENABLED !== void 0 ? multiOrgEnv.OS_MULTI_ORG_ENABLED : (0, import_types.readEnvWithDeprecation)("OS_MULTI_ORG_ENABLED", "OS_MULTI_TENANT") ?? "false";
|
|
1350
|
+
const multiOrgEnabled = String(multiOrgRaw).toLowerCase() !== "false";
|
|
1350
1351
|
const DEFAULT_TERMS_URL = "https://objectstack.ai/terms";
|
|
1351
1352
|
const DEFAULT_PRIVACY_URL = "https://objectstack.ai/privacy";
|
|
1352
1353
|
const rawTermsUrl = globalThis?.process?.env?.OS_TERMS_URL;
|