@opensaas/keystone-nextjs-auth 20.4.0 → 21.1.0
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +20 -0
- package/README.md +5 -3
- package/dist/declarations/src/gql/getBaseAuthSchema.d.ts +1 -3
- package/dist/declarations/src/index.d.ts +4 -4
- package/dist/declarations/src/pages/NextAuthPage.d.ts +16 -9
- package/dist/declarations/src/schema.d.ts +1 -3
- package/dist/declarations/src/templates/auth.d.ts +4 -12
- package/dist/declarations/src/types.d.ts +17 -20
- package/dist/opensaas-keystone-nextjs-auth.cjs.dev.js +66 -75
- package/dist/opensaas-keystone-nextjs-auth.cjs.prod.js +64 -75
- package/dist/opensaas-keystone-nextjs-auth.esm.js +64 -75
- package/package.json +10 -9
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.cjs.dev.js +36 -29
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.cjs.prod.js +36 -29
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.esm.js +36 -29
- package/src/gql/getBaseAuthSchema.ts +0 -4
- package/src/index.ts +61 -64
- package/src/pages/NextAuthPage.tsx +58 -37
- package/src/schema.ts +0 -22
- package/src/templates/auth.ts +11 -28
- package/src/templates/next-config.ts +3 -0
- package/src/types.ts +20 -21
- package/src/gql/getInitFirstItemSchema.ts +0 -81
@@ -5,16 +5,17 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
5
5
|
var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
|
6
6
|
var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProperties');
|
7
7
|
var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
|
8
|
+
var _indexOfInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/index-of');
|
9
|
+
var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/values');
|
8
10
|
var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
|
9
11
|
var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
|
10
|
-
|
12
|
+
require('@babel/runtime-corejs3/core-js-stable/url');
|
11
13
|
var url = require('url');
|
12
14
|
var react = require('next-auth/react');
|
13
15
|
var jwt = require('next-auth/jwt');
|
14
16
|
var cookie = require('cookie');
|
15
17
|
var ejs = require('ejs');
|
16
18
|
var _filterInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/filter');
|
17
|
-
var graphql = require('graphql');
|
18
19
|
var core = require('@keystone-6/core');
|
19
20
|
|
20
21
|
function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
|
@@ -38,9 +39,10 @@ function _interopNamespace(e) {
|
|
38
39
|
}
|
39
40
|
|
40
41
|
var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
|
42
|
+
var _indexOfInstanceProperty__default = /*#__PURE__*/_interopDefault(_indexOfInstanceProperty);
|
43
|
+
var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
|
41
44
|
var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
|
42
45
|
var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
|
43
|
-
var _URL__default = /*#__PURE__*/_interopDefault(_URL);
|
44
46
|
var url__default = /*#__PURE__*/_interopDefault(url);
|
45
47
|
var cookie__namespace = /*#__PURE__*/_interopNamespace(cookie);
|
46
48
|
var ejs__default = /*#__PURE__*/_interopDefault(ejs);
|
@@ -55,6 +57,9 @@ module.exports = withPreconstruct({
|
|
55
57
|
typescript: {
|
56
58
|
ignoreBuildErrors: true,
|
57
59
|
},
|
60
|
+
env: {
|
61
|
+
NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/auth',
|
62
|
+
},
|
58
63
|
eslint: {
|
59
64
|
ignoreDuringBuilds: true,
|
60
65
|
},
|
@@ -110,7 +115,6 @@ const nextConfigTemplate = ({
|
|
110
115
|
|
111
116
|
function getBaseAuthSchema({
|
112
117
|
listKey,
|
113
|
-
gqlNames,
|
114
118
|
base
|
115
119
|
}) {
|
116
120
|
const extension = {
|
@@ -150,22 +154,12 @@ function getBaseAuthSchema({
|
|
150
154
|
}
|
151
155
|
|
152
156
|
const getSchemaExtension = ({
|
153
|
-
|
154
|
-
listKey,
|
155
|
-
gqlNames
|
157
|
+
listKey
|
156
158
|
}) => core.graphql.extend(base => {
|
157
159
|
var _context;
|
158
160
|
|
159
|
-
const uniqueWhereInputType = graphql.assertInputObjectType(base.schema.getType(`${listKey}WhereUniqueInput`));
|
160
|
-
const identityFieldOnUniqueWhere = uniqueWhereInputType.getFields()[identityField];
|
161
|
-
|
162
|
-
if ((identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== graphql.GraphQLString && (identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== graphql.GraphQLID) {
|
163
|
-
throw new Error(`createAuth was called with an identityField of ${identityField} on the list ${listKey} ` + `but that field doesn't allow being searched uniquely with a String or ID. ` + `You should likely add \`isIndexed: 'unique'\` ` + `to the field at ${listKey}.${identityField}`);
|
164
|
-
}
|
165
|
-
|
166
161
|
const baseSchema = getBaseAuthSchema({
|
167
162
|
listKey,
|
168
|
-
gqlNames,
|
169
163
|
base
|
170
164
|
});
|
171
165
|
return _filterInstanceProperty__default["default"](_context = [baseSchema.extension]).call(_context, x => x !== undefined);
|
@@ -177,38 +171,29 @@ import { query } from '.keystone/api';
|
|
177
171
|
import keystoneConfig from '../../../../../keystone';
|
178
172
|
|
179
173
|
export default getNextAuthPage({
|
174
|
+
autoCreate: <%= autoCreate %>,
|
180
175
|
identityField: '<%= identityField %>',
|
181
|
-
sessionData: '<%= sessionData %>',
|
182
176
|
listKey: '<%= listKey %>',
|
183
|
-
|
184
|
-
accountMap: <%- JSON.stringify(accountMap) %>,
|
185
|
-
profileMap: <%- JSON.stringify(profileMap) %>,
|
186
|
-
autoCreate: <%= autoCreate %>,
|
187
|
-
sessionSecret: '<%= sessionSecret %>',
|
177
|
+
pages: keystoneConfig.pages,
|
188
178
|
providers: keystoneConfig.providers,
|
189
179
|
query,
|
180
|
+
resolver: keystoneConfig.resolver,
|
181
|
+
sessionData: '<%= sessionData %>',
|
182
|
+
sessionSecret: '<%= sessionSecret %>',
|
190
183
|
});
|
191
184
|
`;
|
192
185
|
const authTemplate = ({
|
193
|
-
|
186
|
+
autoCreate,
|
194
187
|
identityField,
|
195
|
-
sessionData,
|
196
188
|
listKey,
|
197
|
-
|
198
|
-
userMap,
|
199
|
-
accountMap,
|
200
|
-
profileMap,
|
189
|
+
sessionData,
|
201
190
|
sessionSecret
|
202
191
|
}) => {
|
203
192
|
const authOut = ejs__default["default"].render(template, {
|
204
|
-
gqlNames,
|
205
193
|
identityField,
|
206
194
|
sessionData,
|
207
195
|
listKey,
|
208
196
|
autoCreate,
|
209
|
-
userMap,
|
210
|
-
accountMap,
|
211
|
-
profileMap,
|
212
197
|
sessionSecret
|
213
198
|
});
|
214
199
|
return authOut;
|
@@ -222,31 +207,21 @@ const _excluded = ["get", "start"];
|
|
222
207
|
*/
|
223
208
|
|
224
209
|
function createAuth({
|
225
|
-
listKey,
|
226
|
-
identityField,
|
227
|
-
sessionData,
|
228
210
|
autoCreate,
|
229
|
-
|
230
|
-
|
231
|
-
|
211
|
+
cookies,
|
212
|
+
identityField,
|
213
|
+
listKey,
|
232
214
|
keystonePath,
|
215
|
+
pages,
|
216
|
+
resolver,
|
233
217
|
providers,
|
218
|
+
sessionData,
|
234
219
|
sessionSecret
|
235
220
|
}) {
|
236
221
|
// The protectIdentities flag is currently under review to see whether it should be
|
237
222
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
238
223
|
// or whether always being true is what we want, in which case we can refactor our code
|
239
224
|
// to match this. -TL
|
240
|
-
const gqlNames = {
|
241
|
-
// Core
|
242
|
-
authenticateItemWithPassword: `authenticate${listKey}WithPassword`,
|
243
|
-
ItemAuthenticationWithPasswordResult: `${listKey}AuthenticationWithPasswordResult`,
|
244
|
-
ItemAuthenticationWithPasswordSuccess: `${listKey}AuthenticationWithPasswordSuccess`,
|
245
|
-
ItemAuthenticationWithPasswordFailure: `${listKey}AuthenticationWithPasswordFailure`,
|
246
|
-
// Initial data
|
247
|
-
CreateInitialInput: `CreateInitial${listKey}Input`,
|
248
|
-
createInitialItem: `createInitial${listKey}`
|
249
|
-
};
|
250
225
|
const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
|
251
226
|
/**
|
252
227
|
* pageMiddleware
|
@@ -263,16 +238,14 @@ function createAuth({
|
|
263
238
|
context,
|
264
239
|
isValidSession
|
265
240
|
}) => {
|
241
|
+
var _context;
|
242
|
+
|
266
243
|
const {
|
267
244
|
req,
|
268
245
|
session
|
269
246
|
} = context;
|
270
247
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
271
248
|
|
272
|
-
if (pathname === `${customPath}/api/__keystone_api_build`) {
|
273
|
-
return;
|
274
|
-
}
|
275
|
-
|
276
249
|
if (isValidSession) {
|
277
250
|
if (pathname === `${customPath}/api/auth/signin`) {
|
278
251
|
return {
|
@@ -291,7 +264,11 @@ function createAuth({
|
|
291
264
|
return;
|
292
265
|
}
|
293
266
|
|
294
|
-
if (
|
267
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/') || _includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth/')) {
|
268
|
+
return;
|
269
|
+
}
|
270
|
+
|
271
|
+
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`) && !(_indexOfInstanceProperty__default["default"](_context = _Object$values__default["default"](pages)).call(_context, pathname) > -1)) {
|
295
272
|
return {
|
296
273
|
kind: 'redirect',
|
297
274
|
to: `${customPath}/api/auth/signin`
|
@@ -313,14 +290,10 @@ function createAuth({
|
|
313
290
|
mode: 'write',
|
314
291
|
outputPath: 'pages/api/auth/[...nextauth].js',
|
315
292
|
src: authTemplate({
|
316
|
-
|
293
|
+
autoCreate,
|
317
294
|
identityField,
|
318
|
-
sessionData,
|
319
295
|
listKey,
|
320
|
-
|
321
|
-
userMap,
|
322
|
-
accountMap,
|
323
|
-
profileMap,
|
296
|
+
sessionData,
|
324
297
|
sessionSecret
|
325
298
|
})
|
326
299
|
}, {
|
@@ -339,7 +312,8 @@ function createAuth({
|
|
339
312
|
*/
|
340
313
|
|
341
314
|
|
342
|
-
const publicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`];
|
315
|
+
const publicPages = [`${customPath}/api/__keystone_api_build`, `${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
|
316
|
+
// @ts-ignore
|
343
317
|
|
344
318
|
function addPages(provider) {
|
345
319
|
const name = provider.id;
|
@@ -357,8 +331,7 @@ function createAuth({
|
|
357
331
|
|
358
332
|
const extendGraphqlSchema = getSchemaExtension({
|
359
333
|
identityField,
|
360
|
-
listKey
|
361
|
-
gqlNames
|
334
|
+
listKey
|
362
335
|
});
|
363
336
|
/**
|
364
337
|
* validateConfig
|
@@ -372,7 +345,9 @@ function createAuth({
|
|
372
345
|
if (listConfig === undefined) {
|
373
346
|
const msg = `A createAuth() invocation specifies the list "${listKey}" but no list with that key has been defined.`;
|
374
347
|
throw new Error(msg);
|
375
|
-
} // TODO: Check
|
348
|
+
} // TODO: Check if providers
|
349
|
+
// TODO: Check other required commands/data
|
350
|
+
// TODO: Check for String-like typing for identityField? How?
|
376
351
|
// TODO: Validate that the identifyField is unique.
|
377
352
|
// TODO: If this field isn't required, what happens if I try to log in as `null`?
|
378
353
|
|
@@ -380,9 +355,9 @@ function createAuth({
|
|
380
355
|
const identityFieldConfig = listConfig.fields[identityField];
|
381
356
|
|
382
357
|
if (identityFieldConfig === undefined) {
|
383
|
-
const
|
358
|
+
const identityFieldName = _JSON$stringify__default["default"](identityField);
|
384
359
|
|
385
|
-
const msg = `A createAuth() invocation for the "${listKey}" list specifies ${
|
360
|
+
const msg = `A createAuth() invocation for the "${listKey}" list specifies ${identityFieldName} as its identityField but no field with that key exists on the list.`;
|
386
361
|
throw new Error(msg);
|
387
362
|
}
|
388
363
|
};
|
@@ -405,7 +380,15 @@ function createAuth({
|
|
405
380
|
sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
406
381
|
|
407
382
|
return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
|
408
|
-
start
|
383
|
+
start: async ({
|
384
|
+
res
|
385
|
+
}) => {
|
386
|
+
console.log('start');
|
387
|
+
const session = await start({
|
388
|
+
res
|
389
|
+
});
|
390
|
+
return session;
|
391
|
+
},
|
409
392
|
get: async ({
|
410
393
|
req
|
411
394
|
}) => {
|
@@ -420,9 +403,8 @@ function createAuth({
|
|
420
403
|
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
|
421
404
|
var _token$data;
|
422
405
|
|
423
|
-
const request = req;
|
424
406
|
const token = await jwt.getToken({
|
425
|
-
req
|
407
|
+
req,
|
426
408
|
secret: sessionSecret
|
427
409
|
});
|
428
410
|
|
@@ -451,6 +433,7 @@ function createAuth({
|
|
451
433
|
secure: "production" === 'production',
|
452
434
|
path: '/',
|
453
435
|
sameSite: 'lax',
|
436
|
+
// TODO: Update parse to URL
|
454
437
|
domain: url__default["default"].parse(req.url).hostname
|
455
438
|
}));
|
456
439
|
}
|
@@ -487,15 +470,18 @@ function createAuth({
|
|
487
470
|
},
|
488
471
|
enableSessionItem: true,
|
489
472
|
isAccessAllowed: async context => {
|
490
|
-
var
|
491
|
-
|
473
|
+
var _keystoneConfig$ui3;
|
474
|
+
|
475
|
+
const {
|
476
|
+
req
|
477
|
+
} = context;
|
478
|
+
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
492
479
|
|
480
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/')) {
|
481
|
+
return true;
|
482
|
+
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
493
483
|
|
494
|
-
|
495
|
-
const host = headers ? headers['x-forwarded-host'] || headers.host : null;
|
496
|
-
const thisUrl = headers !== null && headers !== void 0 && headers.referer ? new _URL__default["default"](headers.referer) : undefined;
|
497
|
-
const accessingInitPage = (thisUrl === null || thisUrl === void 0 ? void 0 : thisUrl.pathname) === '/init' && (thisUrl === null || thisUrl === void 0 ? void 0 : thisUrl.host) === host && (await context.sudo().query[listKey].count({})) === 0;
|
498
|
-
return accessingInitPage || ((_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined);
|
484
|
+
return (_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined;
|
499
485
|
}
|
500
486
|
});
|
501
487
|
}
|
@@ -505,8 +491,11 @@ function createAuth({
|
|
505
491
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
506
492
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
507
493
|
ui,
|
508
|
-
|
494
|
+
cookies,
|
509
495
|
providers,
|
496
|
+
pages,
|
497
|
+
resolver,
|
498
|
+
session,
|
510
499
|
lists: _objectSpread({}, keystoneConfig.lists),
|
511
500
|
experimental: _objectSpread(_objectSpread({}, keystoneConfig.experimental), {}, {
|
512
501
|
generateNodeAPI: true
|
@@ -1,6 +1,8 @@
|
|
1
1
|
import _objectSpread from '@babel/runtime/helpers/esm/objectSpread2';
|
2
2
|
import _objectWithoutProperties from '@babel/runtime/helpers/esm/objectWithoutProperties';
|
3
3
|
import _includesInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/includes';
|
4
|
+
import _indexOfInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/index-of';
|
5
|
+
import _Object$values from '@babel/runtime-corejs3/core-js-stable/object/values';
|
4
6
|
import _mapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/map';
|
5
7
|
import _JSON$stringify from '@babel/runtime-corejs3/core-js-stable/json/stringify';
|
6
8
|
import _URL from '@babel/runtime-corejs3/core-js-stable/url';
|
@@ -10,7 +12,6 @@ import { getToken } from 'next-auth/jwt';
|
|
10
12
|
import * as cookie from 'cookie';
|
11
13
|
import ejs from 'ejs';
|
12
14
|
import _filterInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/filter';
|
13
|
-
import { assertInputObjectType, GraphQLString, GraphQLID } from 'graphql';
|
14
15
|
import { graphql } from '@keystone-6/core';
|
15
16
|
|
16
17
|
const template$1 = `
|
@@ -22,6 +23,9 @@ module.exports = withPreconstruct({
|
|
22
23
|
typescript: {
|
23
24
|
ignoreBuildErrors: true,
|
24
25
|
},
|
26
|
+
env: {
|
27
|
+
NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/auth',
|
28
|
+
},
|
25
29
|
eslint: {
|
26
30
|
ignoreDuringBuilds: true,
|
27
31
|
},
|
@@ -77,7 +81,6 @@ const nextConfigTemplate = ({
|
|
77
81
|
|
78
82
|
function getBaseAuthSchema({
|
79
83
|
listKey,
|
80
|
-
gqlNames,
|
81
84
|
base
|
82
85
|
}) {
|
83
86
|
const extension = {
|
@@ -117,22 +120,12 @@ function getBaseAuthSchema({
|
|
117
120
|
}
|
118
121
|
|
119
122
|
const getSchemaExtension = ({
|
120
|
-
|
121
|
-
listKey,
|
122
|
-
gqlNames
|
123
|
+
listKey
|
123
124
|
}) => graphql.extend(base => {
|
124
125
|
var _context;
|
125
126
|
|
126
|
-
const uniqueWhereInputType = assertInputObjectType(base.schema.getType(`${listKey}WhereUniqueInput`));
|
127
|
-
const identityFieldOnUniqueWhere = uniqueWhereInputType.getFields()[identityField];
|
128
|
-
|
129
|
-
if ((identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== GraphQLString && (identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== GraphQLID) {
|
130
|
-
throw new Error(`createAuth was called with an identityField of ${identityField} on the list ${listKey} ` + `but that field doesn't allow being searched uniquely with a String or ID. ` + `You should likely add \`isIndexed: 'unique'\` ` + `to the field at ${listKey}.${identityField}`);
|
131
|
-
}
|
132
|
-
|
133
127
|
const baseSchema = getBaseAuthSchema({
|
134
128
|
listKey,
|
135
|
-
gqlNames,
|
136
129
|
base
|
137
130
|
});
|
138
131
|
return _filterInstanceProperty(_context = [baseSchema.extension]).call(_context, x => x !== undefined);
|
@@ -144,38 +137,29 @@ import { query } from '.keystone/api';
|
|
144
137
|
import keystoneConfig from '../../../../../keystone';
|
145
138
|
|
146
139
|
export default getNextAuthPage({
|
140
|
+
autoCreate: <%= autoCreate %>,
|
147
141
|
identityField: '<%= identityField %>',
|
148
|
-
sessionData: '<%= sessionData %>',
|
149
142
|
listKey: '<%= listKey %>',
|
150
|
-
|
151
|
-
accountMap: <%- JSON.stringify(accountMap) %>,
|
152
|
-
profileMap: <%- JSON.stringify(profileMap) %>,
|
153
|
-
autoCreate: <%= autoCreate %>,
|
154
|
-
sessionSecret: '<%= sessionSecret %>',
|
143
|
+
pages: keystoneConfig.pages,
|
155
144
|
providers: keystoneConfig.providers,
|
156
145
|
query,
|
146
|
+
resolver: keystoneConfig.resolver,
|
147
|
+
sessionData: '<%= sessionData %>',
|
148
|
+
sessionSecret: '<%= sessionSecret %>',
|
157
149
|
});
|
158
150
|
`;
|
159
151
|
const authTemplate = ({
|
160
|
-
|
152
|
+
autoCreate,
|
161
153
|
identityField,
|
162
|
-
sessionData,
|
163
154
|
listKey,
|
164
|
-
|
165
|
-
userMap,
|
166
|
-
accountMap,
|
167
|
-
profileMap,
|
155
|
+
sessionData,
|
168
156
|
sessionSecret
|
169
157
|
}) => {
|
170
158
|
const authOut = ejs.render(template, {
|
171
|
-
gqlNames,
|
172
159
|
identityField,
|
173
160
|
sessionData,
|
174
161
|
listKey,
|
175
162
|
autoCreate,
|
176
|
-
userMap,
|
177
|
-
accountMap,
|
178
|
-
profileMap,
|
179
163
|
sessionSecret
|
180
164
|
});
|
181
165
|
return authOut;
|
@@ -189,31 +173,21 @@ const _excluded = ["get", "start"];
|
|
189
173
|
*/
|
190
174
|
|
191
175
|
function createAuth({
|
192
|
-
listKey,
|
193
|
-
identityField,
|
194
|
-
sessionData,
|
195
176
|
autoCreate,
|
196
|
-
|
197
|
-
|
198
|
-
|
177
|
+
cookies,
|
178
|
+
identityField,
|
179
|
+
listKey,
|
199
180
|
keystonePath,
|
181
|
+
pages,
|
182
|
+
resolver,
|
200
183
|
providers,
|
184
|
+
sessionData,
|
201
185
|
sessionSecret
|
202
186
|
}) {
|
203
187
|
// The protectIdentities flag is currently under review to see whether it should be
|
204
188
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
205
189
|
// or whether always being true is what we want, in which case we can refactor our code
|
206
190
|
// to match this. -TL
|
207
|
-
const gqlNames = {
|
208
|
-
// Core
|
209
|
-
authenticateItemWithPassword: `authenticate${listKey}WithPassword`,
|
210
|
-
ItemAuthenticationWithPasswordResult: `${listKey}AuthenticationWithPasswordResult`,
|
211
|
-
ItemAuthenticationWithPasswordSuccess: `${listKey}AuthenticationWithPasswordSuccess`,
|
212
|
-
ItemAuthenticationWithPasswordFailure: `${listKey}AuthenticationWithPasswordFailure`,
|
213
|
-
// Initial data
|
214
|
-
CreateInitialInput: `CreateInitial${listKey}Input`,
|
215
|
-
createInitialItem: `createInitial${listKey}`
|
216
|
-
};
|
217
191
|
const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
|
218
192
|
/**
|
219
193
|
* pageMiddleware
|
@@ -230,16 +204,14 @@ function createAuth({
|
|
230
204
|
context,
|
231
205
|
isValidSession
|
232
206
|
}) => {
|
207
|
+
var _context;
|
208
|
+
|
233
209
|
const {
|
234
210
|
req,
|
235
211
|
session
|
236
212
|
} = context;
|
237
213
|
const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
238
214
|
|
239
|
-
if (pathname === `${customPath}/api/__keystone_api_build`) {
|
240
|
-
return;
|
241
|
-
}
|
242
|
-
|
243
215
|
if (isValidSession) {
|
244
216
|
if (pathname === `${customPath}/api/auth/signin`) {
|
245
217
|
return {
|
@@ -258,7 +230,11 @@ function createAuth({
|
|
258
230
|
return;
|
259
231
|
}
|
260
232
|
|
261
|
-
if (
|
233
|
+
if (_includesInstanceProperty(pathname).call(pathname, '/_next/') || _includesInstanceProperty(pathname).call(pathname, '/api/auth/')) {
|
234
|
+
return;
|
235
|
+
}
|
236
|
+
|
237
|
+
if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`) && !(_indexOfInstanceProperty(_context = _Object$values(pages)).call(_context, pathname) > -1)) {
|
262
238
|
return {
|
263
239
|
kind: 'redirect',
|
264
240
|
to: `${customPath}/api/auth/signin`
|
@@ -280,14 +256,10 @@ function createAuth({
|
|
280
256
|
mode: 'write',
|
281
257
|
outputPath: 'pages/api/auth/[...nextauth].js',
|
282
258
|
src: authTemplate({
|
283
|
-
|
259
|
+
autoCreate,
|
284
260
|
identityField,
|
285
|
-
sessionData,
|
286
261
|
listKey,
|
287
|
-
|
288
|
-
userMap,
|
289
|
-
accountMap,
|
290
|
-
profileMap,
|
262
|
+
sessionData,
|
291
263
|
sessionSecret
|
292
264
|
})
|
293
265
|
}, {
|
@@ -306,7 +278,8 @@ function createAuth({
|
|
306
278
|
*/
|
307
279
|
|
308
280
|
|
309
|
-
const publicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`];
|
281
|
+
const publicPages = [`${customPath}/api/__keystone_api_build`, `${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
|
282
|
+
// @ts-ignore
|
310
283
|
|
311
284
|
function addPages(provider) {
|
312
285
|
const name = provider.id;
|
@@ -324,8 +297,7 @@ function createAuth({
|
|
324
297
|
|
325
298
|
const extendGraphqlSchema = getSchemaExtension({
|
326
299
|
identityField,
|
327
|
-
listKey
|
328
|
-
gqlNames
|
300
|
+
listKey
|
329
301
|
});
|
330
302
|
/**
|
331
303
|
* validateConfig
|
@@ -339,7 +311,9 @@ function createAuth({
|
|
339
311
|
if (listConfig === undefined) {
|
340
312
|
const msg = `A createAuth() invocation specifies the list "${listKey}" but no list with that key has been defined.`;
|
341
313
|
throw new Error(msg);
|
342
|
-
} // TODO: Check
|
314
|
+
} // TODO: Check if providers
|
315
|
+
// TODO: Check other required commands/data
|
316
|
+
// TODO: Check for String-like typing for identityField? How?
|
343
317
|
// TODO: Validate that the identifyField is unique.
|
344
318
|
// TODO: If this field isn't required, what happens if I try to log in as `null`?
|
345
319
|
|
@@ -347,9 +321,9 @@ function createAuth({
|
|
347
321
|
const identityFieldConfig = listConfig.fields[identityField];
|
348
322
|
|
349
323
|
if (identityFieldConfig === undefined) {
|
350
|
-
const
|
324
|
+
const identityFieldName = _JSON$stringify(identityField);
|
351
325
|
|
352
|
-
const msg = `A createAuth() invocation for the "${listKey}" list specifies ${
|
326
|
+
const msg = `A createAuth() invocation for the "${listKey}" list specifies ${identityFieldName} as its identityField but no field with that key exists on the list.`;
|
353
327
|
throw new Error(msg);
|
354
328
|
}
|
355
329
|
};
|
@@ -372,7 +346,15 @@ function createAuth({
|
|
372
346
|
sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
373
347
|
|
374
348
|
return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
|
375
|
-
start
|
349
|
+
start: async ({
|
350
|
+
res
|
351
|
+
}) => {
|
352
|
+
console.log('start');
|
353
|
+
const session = await start({
|
354
|
+
res
|
355
|
+
});
|
356
|
+
return session;
|
357
|
+
},
|
376
358
|
get: async ({
|
377
359
|
req
|
378
360
|
}) => {
|
@@ -387,9 +369,8 @@ function createAuth({
|
|
387
369
|
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
|
388
370
|
var _token$data;
|
389
371
|
|
390
|
-
const request = req;
|
391
372
|
const token = await getToken({
|
392
|
-
req
|
373
|
+
req,
|
393
374
|
secret: sessionSecret
|
394
375
|
});
|
395
376
|
|
@@ -418,6 +399,7 @@ function createAuth({
|
|
418
399
|
secure: process.env.NODE_ENV === 'production',
|
419
400
|
path: '/',
|
420
401
|
sameSite: 'lax',
|
402
|
+
// TODO: Update parse to URL
|
421
403
|
domain: url.parse(req.url).hostname
|
422
404
|
}));
|
423
405
|
}
|
@@ -454,19 +436,23 @@ function createAuth({
|
|
454
436
|
},
|
455
437
|
enableSessionItem: true,
|
456
438
|
isAccessAllowed: async context => {
|
457
|
-
var _context$req,
|
439
|
+
var _context$req, _keystoneConfig$ui3;
|
458
440
|
|
459
|
-
|
441
|
+
const {
|
442
|
+
req
|
443
|
+
} = context;
|
444
|
+
const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
445
|
+
|
446
|
+
if (_includesInstanceProperty(pathname).call(pathname, '/_next/')) {
|
460
447
|
return true;
|
461
|
-
} // Allow
|
462
|
-
// even if the user isn't logged in (which should always be the case if they're seeing /init)
|
448
|
+
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
463
449
|
|
464
450
|
|
465
|
-
|
466
|
-
|
467
|
-
|
468
|
-
|
469
|
-
return
|
451
|
+
if (process.env.NODE_ENV !== 'production' && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL(context.req.url, 'http://example.com').pathname === `${customPath}/api/__keystone_api_build`) {
|
452
|
+
return true;
|
453
|
+
}
|
454
|
+
|
455
|
+
return (_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined;
|
470
456
|
}
|
471
457
|
});
|
472
458
|
}
|
@@ -476,8 +462,11 @@ function createAuth({
|
|
476
462
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
477
463
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
478
464
|
ui,
|
479
|
-
|
465
|
+
cookies,
|
480
466
|
providers,
|
467
|
+
pages,
|
468
|
+
resolver,
|
469
|
+
session,
|
481
470
|
lists: _objectSpread({}, keystoneConfig.lists),
|
482
471
|
experimental: _objectSpread(_objectSpread({}, keystoneConfig.experimental), {}, {
|
483
472
|
generateNodeAPI: true
|
package/package.json
CHANGED
@@ -1,27 +1,28 @@
|
|
1
1
|
{
|
2
2
|
"name": "@opensaas/keystone-nextjs-auth",
|
3
|
-
"version": "
|
3
|
+
"version": "21.1.0",
|
4
4
|
"repository": "https://github.com/opensaasau/keystone-nextjs-auth",
|
5
5
|
"license": "MIT",
|
6
6
|
"main": "dist/opensaas-keystone-nextjs-auth.cjs.js",
|
7
7
|
"module": "dist/opensaas-keystone-nextjs-auth.esm.js",
|
8
8
|
"dependencies": {
|
9
|
-
"@babel/runtime": "^7.
|
10
|
-
"@babel/runtime-corejs3": "^7.
|
9
|
+
"@babel/runtime": "^7.17.9",
|
10
|
+
"@babel/runtime-corejs3": "^7.17.9",
|
11
11
|
"@types/ejs": "^3.1.0",
|
12
|
-
"cookie": "^0.
|
12
|
+
"cookie": "^0.5.0",
|
13
13
|
"cross-fetch": "^3.1.5",
|
14
|
-
"ejs": "^3.1.
|
14
|
+
"ejs": "^3.1.7",
|
15
15
|
"fast-deep-equal": "^3.1.3",
|
16
|
-
"
|
17
|
-
"next-auth": "^4.1.2"
|
16
|
+
"next-auth": "^4.3.4"
|
18
17
|
},
|
19
18
|
"devDependencies": {
|
20
|
-
"@keystone-6/core": "^1.0
|
19
|
+
"@keystone-6/core": "^1.1.0",
|
20
|
+
"next": "12.1.0",
|
21
21
|
"react": "^17.0.2"
|
22
22
|
},
|
23
23
|
"peerDependencies": {
|
24
|
-
"@keystone-6/core": "^1.0
|
24
|
+
"@keystone-6/core": "^1.1.0",
|
25
|
+
"next": "12.1.0",
|
25
26
|
"react": "^17.0.2"
|
26
27
|
},
|
27
28
|
"engines": {
|