@opensaas/keystone-nextjs-auth 14.1.0 → 16.0.1

package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.cjs.prod.js

@@ -9,22 +9,17 @@ function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e };
 
 var NextAuth__default = /*#__PURE__*/_interopDefault(NextAuth);
 
-async function findMatchingIdentity(identityField, identity, itemAPI) {
-  const items = await itemAPI.findMany({
+async function findMatchingIdentity(identityField, identity, queryAPI) {
+  const item = await queryAPI.findOne({
     where: {
-      [identityField]: {
-        equals: identity
-      }
-    },
-    resolveFields: false
+      [identityField]: identity
+    }
   }); // Identity failures with helpful errors
 
   let code;
 
-  if (items.length === 0) {
+  if (!item) {
     code = 'IDENTITY_NOT_FOUND';
-  } else if (items.length > 1) {
-    code = 'MULTIPLE_IDENTITY_MATCHES';
   }
 
   if (code) {
@@ -36,7 +31,7 @@ async function findMatchingIdentity(identityField, identity, itemAPI) {
 
   return {
     success: true,
-    item: items[0]
+    item
   };
 }
 
@@ -74,11 +69,18 @@ function NextAuthPage(props) {
   const list = query[listKey];
   const queryAPI = query[listKey];
   const protectIdentities = true;
-  return NextAuth__default['default']({
+  return NextAuth__default["default"]({
     providers,
     callbacks: {
       async signIn(user, account, profile) {
-        const identity = user.id;
+        let identity;
+
+        if (typeof user.id === 'string') {
+          identity = user.id;
+        } else if (typeof user.id === 'number') {
+          identity = user.id;
+        }
+
         const result = await validateNextAuth(list, identityField, identity, protectIdentities, queryAPI);
         const data = {}; // eslint-disable-next-line no-restricted-syntax
 
@@ -124,13 +126,11 @@ function NextAuthPage(props) {
         }
       },
 
-      async redirect(url, baseUrl) {
+      async redirect(url) {
         return url;
       },
 
       async session(session, token) {
-        console.log('session:', session);
-
         const returnSession = _objectSpread(_objectSpread({}, session), {}, {
           data: token.data,
           subject: token.sub,
@@ -141,8 +141,7 @@ function NextAuthPage(props) {
         return returnSession;
       },
 
-      async jwt(token, user, account, profile, isNewUser) {
-        console.log('account:', account);
+      async jwt(token) {
         const identity = token.sub;
 
         if (!token.itemId) {
@@ -177,5 +176,5 @@ function NextAuthPage(props) {
 }
 const getNextAuthPage = props => () => NextAuthPage(_objectSpread({}, props));
 
-exports['default'] = NextAuthPage;
+exports["default"] = NextAuthPage;
 exports.getNextAuthPage = getNextAuthPage;

package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.esm.js

@@ -1,22 +1,17 @@
 import _objectSpread from '@babel/runtime/helpers/esm/objectSpread2';
 import NextAuth from 'next-auth';
 
-async function findMatchingIdentity(identityField, identity, itemAPI) {
-  const items = await itemAPI.findMany({
+async function findMatchingIdentity(identityField, identity, queryAPI) {
+  const item = await queryAPI.findOne({
     where: {
-      [identityField]: {
-        equals: identity
-      }
-    },
-    resolveFields: false
+      [identityField]: identity
+    }
   }); // Identity failures with helpful errors
 
   let code;
 
-  if (items.length === 0) {
+  if (!item) {
     code = 'IDENTITY_NOT_FOUND';
-  } else if (items.length > 1) {
-    code = 'MULTIPLE_IDENTITY_MATCHES';
   }
 
   if (code) {
@@ -28,7 +23,7 @@ async function findMatchingIdentity(identityField, identity, itemAPI) {
 
   return {
     success: true,
-    item: items[0]
+    item
   };
 }
 
@@ -70,7 +65,14 @@ function NextAuthPage(props) {
     providers,
     callbacks: {
       async signIn(user, account, profile) {
-        const identity = user.id;
+        let identity;
+
+        if (typeof user.id === 'string') {
+          identity = user.id;
+        } else if (typeof user.id === 'number') {
+          identity = user.id;
+        }
+
         const result = await validateNextAuth(list, identityField, identity, protectIdentities, queryAPI);
         const data = {}; // eslint-disable-next-line no-restricted-syntax
 
@@ -116,13 +118,11 @@ function NextAuthPage(props) {
         }
       },
 
-      async redirect(url, baseUrl) {
+      async redirect(url) {
         return url;
       },
 
       async session(session, token) {
-        console.log('session:', session);
-
         const returnSession = _objectSpread(_objectSpread({}, session), {}, {
           data: token.data,
           subject: token.sub,
@@ -133,8 +133,7 @@ function NextAuthPage(props) {
         return returnSession;
       },
 
-      async jwt(token, user, account, profile, isNewUser) {
-        console.log('account:', account);
+      async jwt(token) {
         const identity = token.sub;
 
         if (!token.itemId) {

package/src/gql/getBaseAuthSchema.ts

@@ -1,57 +1,38 @@
-import type {
-  GraphQLSchemaExtension,
-  KeystoneContext,
-} from '@keystone-next/keystone/types';
+import type { ItemRootValue } from '@keystone-next/keystone/types';
+import { graphql } from '@keystone-next/keystone';
 
 import { AuthGqlNames } from '../types';
 
-export function getBaseAuthSchema<I extends string, S extends string>({
+export function getBaseAuthSchema({
   listKey,
   gqlNames,
+  base,
 }: {
   listKey: string;
   gqlNames: AuthGqlNames;
-}): GraphQLSchemaExtension {
-  return {
-    typeDefs: `
-      # Auth
-      union AuthenticatedItem = ${listKey}
-      type Query {
-        authenticatedItem: AuthenticatedItem
-      }
-    `,
-    resolvers: {
-      Query: {
-        async authenticatedItem(root, args, { session, lists }) {
+  base: graphql.BaseSchemaMeta;
+}) {
+  const extension = {
+    query: {
+      authenticatedItem: graphql.field({
+        type: graphql.union({
+          name: 'AuthenticatedItem',
+          types: [base.object(listKey) as graphql.ObjectType<ItemRootValue>],
+          resolveType: (root, context) => context.session?.listKey,
+        }),
+        resolve(root, args, { session, db }) {
           if (
             typeof session?.itemId === 'string' &&
             typeof session.listKey === 'string'
           ) {
-            try {
-              return lists[session.listKey].findOne({
-                where: { id: session.itemId },
-                resolveFields: false,
-              });
-            } catch (e) {
-              return null;
-            }
+            return db[session.listKey].findOne({
+              where: { id: session.itemId },
+            });
           }
           return null;
         },
-      },
-      AuthenticatedItem: {
-        __resolveType(rootVal: any, { session }: KeystoneContext) {
-          return session?.listKey;
-        },
-      },
-      // TODO: Is this the preferred approach for this?
-      [gqlNames.ItemAuthenticationWithPasswordResult]: {
-        __resolveType(rootVal: any) {
-          return rootVal.sessionToken
-            ? gqlNames.ItemAuthenticationWithPasswordSuccess
-            : gqlNames.ItemAuthenticationWithPasswordFailure;
-        },
-      },
+      }),
     },
   };
+  return { extension };
 }

package/src/gql/getInitFirstItemSchema.ts

@@ -1,4 +1,7 @@
-import type { GraphQLSchemaExtension } from '@keystone-next/keystone/types';
+import type {
+  GraphQLSchemaExtension,
+  KeystoneContext,
+} from '@keystone-next/keystone/types';
 import {
   assertInputObjectType,
   GraphQLInputObjectType,
@@ -24,7 +27,7 @@ export function getInitFirstItemSchema({
   const createInputConfig = assertInputObjectType(
     graphQLSchema.getType(`${listKey}CreateInput`)
   ).toConfig();
-  const fieldsSet = new Set(fields);
+  const fieldsSet = new Set<any>(fields);
   const initialCreateInput = printType(
     new GraphQLInputObjectType({
       ...createInputConfig,
@@ -48,13 +51,13 @@ export function getInitFirstItemSchema({
         async [gqlNames.createInitialItem](
           root: any,
           { data }: { data: Record<string, any> },
-          context
+          context: KeystoneContext
         ) {
           if (!context.startSession) {
             throw new Error('No session implementation available on context');
           }
 
-          const dbItemAPI = context.sudo().db.lists[listKey];
+          const dbItemAPI = context.sudo().db[listKey];
           const count = await dbItemAPI.count({});
           if (count !== 0) {
             throw new Error(

package/src/index.ts

@@ -236,7 +236,7 @@ export function createAuth<GeneratedListTypes extends BaseGeneratedListTypes>({
         ...keystoneConfig.ui,
         publicPages: [...(keystoneConfig.ui.publicPages || []), ...publicPages],
         getAdditionalFiles: [
-          ...(keystoneConfig.ui.getAdditionalFiles || []),
+          ...(keystoneConfig.ui?.getAdditionalFiles || []),
           getAdditionalFiles,
         ],
         pageMiddleware: async (args) =>
@@ -266,10 +266,11 @@ export function createAuth<GeneratedListTypes extends BaseGeneratedListTypes>({
         },
       };
     }
-    let { session } = keystoneConfig;
-    if (session && sessionData) {
-      session = withItemData(session);
-    }
+
+    if (!keystoneConfig.session)
+      throw new TypeError('Missing .session configuration');
+    const session = withItemData(keystoneConfig.session);
+
     const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
     return {
       ...keystoneConfig,

package/src/lib/findMatchingIdentity.ts

@@ -1,29 +1,23 @@
-import type { KeystoneListsAPI } from '@keystone-next/keystone/types';
-
 import { AuthTokenRequestErrorCode } from '../types';
 
 export async function findMatchingIdentity(
   identityField: string,
-  identity: string,
-  itemAPI: KeystoneListsAPI<any>[string]
+  identity: string | number,
+  queryAPI: any
 ): Promise<
   | { success: false; code: AuthTokenRequestErrorCode }
   | { success: true; item: any }
 > {
-  const items = await itemAPI.findMany({
-    where: { [identityField]: { equals: identity } },
-    resolveFields: false,
+  const item = await queryAPI.findOne({
+    where: { [identityField]: identity },
   });
-
   // Identity failures with helpful errors
   let code: AuthTokenRequestErrorCode | undefined;
-  if (items.length === 0) {
+  if (!item) {
     code = 'IDENTITY_NOT_FOUND';
-  } else if (items.length > 1) {
-    code = 'MULTIPLE_IDENTITY_MATCHES';
   }
   if (code) {
     return { success: false, code };
   }
-  return { success: true, item: items[0] };
+  return { success: true, item };
 }

package/src/lib/validateNextAuth.ts

@@ -5,18 +5,18 @@ import { findMatchingIdentity } from './findMatchingIdentity';
 export async function validateNextAuth(
   list: any,
   identityField: string,
-  identity: string,
+  identity: string | number,
   protectIdentities: boolean,
   itemAPI: KeystoneListsAPI<any>[string]
 ): Promise<
   | { success: false; code: NextAuthErrorCode }
-  | { success: true; item: { id: any; [prop: string]: any } }
+  | { success: true; item: { id: any;[prop: string]: any } }
 > {
   const match = await findMatchingIdentity(identityField, identity, itemAPI);
 
   const { item } = match as {
     success: true;
-    item: { id: any; [prop: string]: any };
+    item: { id: any;[prop: string]: any };
   };
 
   if (item) {

package/src/pages/NextAuthPage.tsx

@@ -37,7 +37,12 @@ export default function NextAuthPage(props: NextAuthPageProps) {
     providers,
     callbacks: {
       async signIn(user, account, profile) {
-        const identity = user.id as string;
+        let identity;
+        if (typeof user.id === 'string') {
+          identity = user.id;
+        } else if (typeof user.id === 'number') {
+          identity = user.id;
+        }
         const result = await validateNextAuth(
           list,
           identityField,
@@ -89,11 +94,10 @@ export default function NextAuthPage(props: NextAuthPageProps) {
           return result.success;
         }
       },
-      async redirect(url, baseUrl) {
+      async redirect(url) {
         return url;
       },
       async session(session: any, token: any) {
-        console.log('session:', session);
         const returnSession = {
           ...session,
           data: token.data,
@@ -103,9 +107,7 @@ export default function NextAuthPage(props: NextAuthPageProps) {
         };
         return returnSession;
       },
-      async jwt(token, user, account, profile, isNewUser) {
-        console.log('account:', account);
-
+      async jwt(token) {
         const identity = token.sub;
         if (!token.itemId) {
           const result = await validateNextAuth(

package/src/schema.ts

@@ -1,28 +1,43 @@
-import { mergeSchemas } from '@graphql-tools/merge';
 import { ExtendGraphqlSchema } from '@keystone-next/keystone/types';
 
+import { assertInputObjectType, GraphQLString, GraphQLID } from 'graphql';
+import { graphql } from '@keystone-next/keystone';
 import { AuthGqlNames } from './types';
 import { getBaseAuthSchema } from './gql/getBaseAuthSchema';
 
-export const getSchemaExtension =
-  ({
-    identityField,
-    listKey,
-    gqlNames,
-  }: {
-    identityField: string;
-    listKey: string;
-    gqlNames: AuthGqlNames;
-  }): ExtendGraphqlSchema =>
-  (schema) =>
-    [
-      getBaseAuthSchema({
-        listKey,
-        gqlNames,
-      }),
-    ]
-      .filter((x) => x)
-      .reduce(
-        (s, extension) => mergeSchemas({ schemas: [s], ...extension }),
-        schema
+export const getSchemaExtension = ({
+  identityField,
+  listKey,
+  gqlNames,
+}: {
+  identityField: string;
+  listKey: string;
+  gqlNames: AuthGqlNames;
+}): ExtendGraphqlSchema =>
+  graphql.extend((base) => {
+    const uniqueWhereInputType = assertInputObjectType(
+      base.schema.getType(`${listKey}WhereUniqueInput`)
+    );
+    const identityFieldOnUniqueWhere =
+      uniqueWhereInputType.getFields()[identityField];
+    if (
+      identityFieldOnUniqueWhere?.type !== GraphQLString &&
+      identityFieldOnUniqueWhere?.type !== GraphQLID
+    ) {
+      throw new Error(
+        `createAuth was called with an identityField of ${identityField} on the list ${listKey} ` +
+        `but that field doesn't allow being searched uniquely with a String or ID. ` +
+        `You should likely add \`isIndexed: 'unique'\` ` +
+        `to the field at ${listKey}.${identityField}`
       );
+    }
+    const baseSchema = getBaseAuthSchema({
+      listKey,
+      gqlNames,
+      base,
+    });
+
+    return [baseSchema.extension].filter(
+      (x): x is Exclude<typeof x, undefined> => x !== undefined
+    );
+  });

package/src/templates/auth.ts

@@ -3,13 +3,11 @@ import { AuthGqlNames } from '../types';
 
 const template = `
 import getNextAuthPage from '@opensaas/keystone-nextjs-auth/pages/NextAuthPage';
-import { nextAuthProviders as Providers } from '@opensaas/keystone-nextjs-auth';
 import { query } from '.keystone/api';
 import keystoneConfig from '../../../../../keystone';
 
 export default getNextAuthPage({
         identityField: '<%= identityField %>',
-        mutationName: '<%= gqlNames.authenticateItemWithPassword %>',
         sessionData: '<%= sessionData %>',
         listKey: '<%= listKey %>',
         userMap: <%- JSON.stringify(userMap) %>,

package/src/templates/next-config.ts

@@ -27,10 +27,30 @@ module.exports = withPreconstruct({
         /@keystone-next\\/keystone(?!\\/___internal-do-not-use-will-break-in-patch\\/admin-ui\\/id-field-view|\\/fields\\/types\\/[^\\/]+\\/views)/,
         /.prisma\\/client/
       ];
+    // we need to set these to true so that when __dirname/__filename is used
+    // to resolve the location of field views, we will get a path that we can use
+    // rather than just the __dirname/__filename of the generated file.
+    // https://webpack.js.org/configuration/node/#node__filename
+    (_config$node = config.node) !== null && _config$node !== void 0 ? _config$node : config.node = {};
+    config.node.__dirname = true;
+    config.node.__filename = true;
     }
     return config;
   },
+  <% if (keystonePath) { %>
+    <% if (process.env.NODE_ENV != 'production') { %> 
+  async rewrites() {
+    return [
+      {
+        source: '/api/__keystone_api_build',
+        destination: 'http://localhost:3000<%= keystonePath || '' %>/api/__keystone_api_build',
+        basePath: false
+      }
+    ];
+  },
+  <% }%>
   basePath: '<%= keystonePath || '' %>'
+  <% } %>
 });
 `;
 export const nextConfigTemplate = ({

package/src/types.ts

@@ -44,17 +44,6 @@ export type AuthConfig<GeneratedListTypes extends BaseGeneratedListTypes> = {
   providers: NextAuthProviders;
 };
 
-export type InitFirstItemConfig<
-  GeneratedListTypes extends BaseGeneratedListTypes
-  > = {
-    /** Array of fields to collect, e.g ['name', 'email', 'password'] */
-    fields: GeneratedListTypes['fields'][];
-    /** Suppresses the second screen where we ask people to subscribe and follow Keystone */
-    skipKeystoneWelcome?: boolean;
-    /** Extra input to add for the create mutation */
-    itemData?: Partial<GeneratedListTypes['inputs']['create']>;
-  };
-
 export type AuthTokenRequestErrorCode =
   | 'IDENTITY_NOT_FOUND'
   | 'MULTIPLE_IDENTITY_MATCHES';