@opensaas/keystone-nextjs-auth 20.5.0 → 21.0.0

package/dist/opensaas-keystone-nextjs-auth.cjs.prod.js

@@ -5,16 +5,17 @@ Object.defineProperty(exports, '__esModule', { value: true });
 var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
 var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProperties');
 var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
+var _indexOfInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/index-of');
+var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/values');
 var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
 var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
-var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
+require('@babel/runtime-corejs3/core-js-stable/url');
 var url = require('url');
 var react = require('next-auth/react');
 var jwt = require('next-auth/jwt');
 var cookie = require('cookie');
 var ejs = require('ejs');
 var _filterInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/filter');
-var graphql = require('graphql');
 var core = require('@keystone-6/core');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
@@ -38,9 +39,10 @@ function _interopNamespace(e) {
 }
 
 var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
+var _indexOfInstanceProperty__default = /*#__PURE__*/_interopDefault(_indexOfInstanceProperty);
+var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
 var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
 var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
-var _URL__default = /*#__PURE__*/_interopDefault(_URL);
 var url__default = /*#__PURE__*/_interopDefault(url);
 var cookie__namespace = /*#__PURE__*/_interopNamespace(cookie);
 var ejs__default = /*#__PURE__*/_interopDefault(ejs);
@@ -55,6 +57,9 @@ module.exports = withPreconstruct({
   typescript: {
     ignoreBuildErrors: true,
   },
+  env: {
+    NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/auth',
+  },
   eslint: {
     ignoreDuringBuilds: true,
   },
@@ -110,7 +115,6 @@ const nextConfigTemplate = ({
 
 function getBaseAuthSchema({
   listKey,
-  gqlNames,
   base
 }) {
   const extension = {
@@ -150,22 +154,12 @@ function getBaseAuthSchema({
 }
 
 const getSchemaExtension = ({
-  identityField,
-  listKey,
-  gqlNames
+  listKey
 }) => core.graphql.extend(base => {
   var _context;
 
-  const uniqueWhereInputType = graphql.assertInputObjectType(base.schema.getType(`${listKey}WhereUniqueInput`));
-  const identityFieldOnUniqueWhere = uniqueWhereInputType.getFields()[identityField];
-
-  if ((identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== graphql.GraphQLString && (identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== graphql.GraphQLID) {
-    throw new Error(`createAuth was called with an identityField of ${identityField} on the list ${listKey} ` + `but that field doesn't allow being searched uniquely with a String or ID. ` + `You should likely add \`isIndexed: 'unique'\` ` + `to the field at ${listKey}.${identityField}`);
-  }
-
   const baseSchema = getBaseAuthSchema({
     listKey,
-    gqlNames,
     base
   });
   return _filterInstanceProperty__default["default"](_context = [baseSchema.extension]).call(_context, x => x !== undefined);
@@ -177,38 +171,29 @@ import { query } from '.keystone/api';
 import keystoneConfig from '../../../../../keystone';
 
 export default getNextAuthPage({
+        autoCreate: <%= autoCreate %>,
         identityField: '<%= identityField %>',
-        sessionData: '<%= sessionData %>',
         listKey: '<%= listKey %>',
-        userMap: <%- JSON.stringify(userMap) %>,
-        accountMap: <%- JSON.stringify(accountMap) %>,
-        profileMap: <%- JSON.stringify(profileMap) %>,
-        autoCreate: <%= autoCreate %>,
-        sessionSecret: '<%= sessionSecret %>',
+        pages: keystoneConfig.pages,
         providers: keystoneConfig.providers,
         query,
+        resolver: keystoneConfig.resolver,
+        sessionData: '<%= sessionData %>',
+        sessionSecret: '<%= sessionSecret %>',
     });
   `;
 const authTemplate = ({
-  gqlNames,
+  autoCreate,
   identityField,
-  sessionData,
   listKey,
-  autoCreate,
-  userMap,
-  accountMap,
-  profileMap,
+  sessionData,
   sessionSecret
 }) => {
   const authOut = ejs__default["default"].render(template, {
-    gqlNames,
     identityField,
     sessionData,
     listKey,
     autoCreate,
-    userMap,
-    accountMap,
-    profileMap,
     sessionSecret
   });
   return authOut;
@@ -222,31 +207,21 @@ const _excluded = ["get", "start"];
  */
 
 function createAuth({
-  listKey,
-  identityField,
-  sessionData,
   autoCreate,
-  userMap,
-  accountMap,
-  profileMap,
+  cookies,
+  identityField,
+  listKey,
   keystonePath,
+  pages,
+  resolver,
   providers,
+  sessionData,
   sessionSecret
 }) {
   // The protectIdentities flag is currently under review to see whether it should be
   // part of the createAuth API (in which case its use cases need to be documented and tested)
   // or whether always being true is what we want, in which case we can refactor our code
   // to match this. -TL
-  const gqlNames = {
-    // Core
-    authenticateItemWithPassword: `authenticate${listKey}WithPassword`,
-    ItemAuthenticationWithPasswordResult: `${listKey}AuthenticationWithPasswordResult`,
-    ItemAuthenticationWithPasswordSuccess: `${listKey}AuthenticationWithPasswordSuccess`,
-    ItemAuthenticationWithPasswordFailure: `${listKey}AuthenticationWithPasswordFailure`,
-    // Initial data
-    CreateInitialInput: `CreateInitial${listKey}Input`,
-    createInitialItem: `createInitial${listKey}`
-  };
   const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
   /**
    * pageMiddleware
@@ -263,16 +238,14 @@ function createAuth({
     context,
     isValidSession
   }) => {
+    var _context;
+
     const {
       req,
       session
     } = context;
     const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
 
-    if (pathname === `${customPath}/api/__keystone_api_build`) {
-      return;
-    }
-
     if (isValidSession) {
       if (pathname === `${customPath}/api/auth/signin`) {
         return {
@@ -291,7 +264,11 @@ function createAuth({
       return;
     }
 
-    if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
+    if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/') || _includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth/')) {
+      return;
+    }
+
+    if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`) && !(_indexOfInstanceProperty__default["default"](_context = _Object$values__default["default"](pages)).call(_context, pathname) > -1)) {
       return {
         kind: 'redirect',
         to: `${customPath}/api/auth/signin`
@@ -313,14 +290,10 @@ function createAuth({
       mode: 'write',
       outputPath: 'pages/api/auth/[...nextauth].js',
       src: authTemplate({
-        gqlNames,
+        autoCreate,
         identityField,
-        sessionData,
         listKey,
-        autoCreate,
-        userMap,
-        accountMap,
-        profileMap,
+        sessionData,
         sessionSecret
       })
     }, {
@@ -339,7 +312,8 @@ function createAuth({
    */
 
 
-  const publicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`];
+  const publicPages = [`${customPath}/api/__keystone_api_build`, `${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
+  // @ts-ignore
 
   function addPages(provider) {
     const name = provider.id;
@@ -357,8 +331,7 @@ function createAuth({
 
   const extendGraphqlSchema = getSchemaExtension({
     identityField,
-    listKey,
-    gqlNames
+    listKey
   });
   /**
    * validateConfig
@@ -372,7 +345,9 @@ function createAuth({
     if (listConfig === undefined) {
       const msg = `A createAuth() invocation specifies the list "${listKey}" but no list with that key has been defined.`;
       throw new Error(msg);
-    } // TODO: Check for String-like typing for identityField? How?
+    } // TODO: Check if providers
+    // TODO: Check other required commands/data
+    // TODO: Check for String-like typing for identityField? How?
     // TODO: Validate that the identifyField is unique.
     // TODO: If this field isn't required, what happens if I try to log in as `null`?
 
@@ -380,9 +355,9 @@ function createAuth({
     const identityFieldConfig = listConfig.fields[identityField];
 
     if (identityFieldConfig === undefined) {
-      const i = _JSON$stringify__default["default"](identityField);
+      const identityFieldName = _JSON$stringify__default["default"](identityField);
 
-      const msg = `A createAuth() invocation for the "${listKey}" list specifies ${i} as its identityField but no field with that key exists on the list.`;
+      const msg = `A createAuth() invocation for the "${listKey}" list specifies ${identityFieldName} as its identityField but no field with that key exists on the list.`;
       throw new Error(msg);
     }
   };
@@ -405,7 +380,15 @@ function createAuth({
           sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
 
     return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
-      start,
+      start: async ({
+        res
+      }) => {
+        console.log('start');
+        const session = await start({
+          res
+        });
+        return session;
+      },
       get: async ({
         req
       }) => {
@@ -420,9 +403,8 @@ function createAuth({
         if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
           var _token$data;
 
-          const request = req;
           const token = await jwt.getToken({
-            req: request,
+            req,
             secret: sessionSecret
           });
 
@@ -451,6 +433,7 @@ function createAuth({
           secure:         "production" === 'production',
           path: '/',
           sameSite: 'lax',
+          // TODO: Update parse to URL
           domain: url__default["default"].parse(req.url).hostname
         }));
       }
@@ -487,15 +470,18 @@ function createAuth({
         },
         enableSessionItem: true,
         isAccessAllowed: async context => {
-          var _context$req2, _keystoneConfig$ui3;
-          // even if the user isn't logged in (which should always be the case if they're seeing /init)
+          var _keystoneConfig$ui3;
+
+          const {
+            req
+          } = context;
+          const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
 
+          if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/')) {
+            return true;
+          } // Allow keystone to access /api/__keystone_api_build for hot reloading
 
-          const headers = (_context$req2 = context.req) === null || _context$req2 === void 0 ? void 0 : _context$req2.headers;
-          const host = headers ? headers['x-forwarded-host'] || headers.host : null;
-          const thisUrl = headers !== null && headers !== void 0 && headers.referer ? new _URL__default["default"](headers.referer) : undefined;
-          const accessingInitPage = (thisUrl === null || thisUrl === void 0 ? void 0 : thisUrl.pathname) === '/init' && (thisUrl === null || thisUrl === void 0 ? void 0 : thisUrl.host) === host && (await context.sudo().query[listKey].count({})) === 0;
-          return accessingInitPage || ((_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined);
+          return (_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined;
         }
       });
     }
@@ -505,8 +491,11 @@ function createAuth({
     const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
     return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
       ui,
-      session,
+      cookies,
       providers,
+      pages,
+      resolver,
+      session,
       lists: _objectSpread({}, keystoneConfig.lists),
       experimental: _objectSpread(_objectSpread({}, keystoneConfig.experimental), {}, {
         generateNodeAPI: true

package/dist/opensaas-keystone-nextjs-auth.esm.js

@@ -1,6 +1,8 @@
 import _objectSpread from '@babel/runtime/helpers/esm/objectSpread2';
 import _objectWithoutProperties from '@babel/runtime/helpers/esm/objectWithoutProperties';
 import _includesInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/includes';
+import _indexOfInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/index-of';
+import _Object$values from '@babel/runtime-corejs3/core-js-stable/object/values';
 import _mapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/map';
 import _JSON$stringify from '@babel/runtime-corejs3/core-js-stable/json/stringify';
 import _URL from '@babel/runtime-corejs3/core-js-stable/url';
@@ -10,7 +12,6 @@ import { getToken } from 'next-auth/jwt';
 import * as cookie from 'cookie';
 import ejs from 'ejs';
 import _filterInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/filter';
-import { assertInputObjectType, GraphQLString, GraphQLID } from 'graphql';
 import { graphql } from '@keystone-6/core';
 
 const template$1 = `
@@ -22,6 +23,9 @@ module.exports = withPreconstruct({
   typescript: {
     ignoreBuildErrors: true,
   },
+  env: {
+    NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/auth',
+  },
   eslint: {
     ignoreDuringBuilds: true,
   },
@@ -77,7 +81,6 @@ const nextConfigTemplate = ({
 
 function getBaseAuthSchema({
   listKey,
-  gqlNames,
   base
 }) {
   const extension = {
@@ -117,22 +120,12 @@ function getBaseAuthSchema({
 }
 
 const getSchemaExtension = ({
-  identityField,
-  listKey,
-  gqlNames
+  listKey
 }) => graphql.extend(base => {
   var _context;
 
-  const uniqueWhereInputType = assertInputObjectType(base.schema.getType(`${listKey}WhereUniqueInput`));
-  const identityFieldOnUniqueWhere = uniqueWhereInputType.getFields()[identityField];
-
-  if ((identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== GraphQLString && (identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== GraphQLID) {
-    throw new Error(`createAuth was called with an identityField of ${identityField} on the list ${listKey} ` + `but that field doesn't allow being searched uniquely with a String or ID. ` + `You should likely add \`isIndexed: 'unique'\` ` + `to the field at ${listKey}.${identityField}`);
-  }
-
   const baseSchema = getBaseAuthSchema({
     listKey,
-    gqlNames,
     base
   });
   return _filterInstanceProperty(_context = [baseSchema.extension]).call(_context, x => x !== undefined);
@@ -144,38 +137,29 @@ import { query } from '.keystone/api';
 import keystoneConfig from '../../../../../keystone';
 
 export default getNextAuthPage({
+        autoCreate: <%= autoCreate %>,
         identityField: '<%= identityField %>',
-        sessionData: '<%= sessionData %>',
         listKey: '<%= listKey %>',
-        userMap: <%- JSON.stringify(userMap) %>,
-        accountMap: <%- JSON.stringify(accountMap) %>,
-        profileMap: <%- JSON.stringify(profileMap) %>,
-        autoCreate: <%= autoCreate %>,
-        sessionSecret: '<%= sessionSecret %>',
+        pages: keystoneConfig.pages,
         providers: keystoneConfig.providers,
         query,
+        resolver: keystoneConfig.resolver,
+        sessionData: '<%= sessionData %>',
+        sessionSecret: '<%= sessionSecret %>',
     });
   `;
 const authTemplate = ({
-  gqlNames,
+  autoCreate,
   identityField,
-  sessionData,
   listKey,
-  autoCreate,
-  userMap,
-  accountMap,
-  profileMap,
+  sessionData,
   sessionSecret
 }) => {
   const authOut = ejs.render(template, {
-    gqlNames,
     identityField,
     sessionData,
     listKey,
     autoCreate,
-    userMap,
-    accountMap,
-    profileMap,
     sessionSecret
   });
   return authOut;
@@ -189,31 +173,21 @@ const _excluded = ["get", "start"];
  */
 
 function createAuth({
-  listKey,
-  identityField,
-  sessionData,
   autoCreate,
-  userMap,
-  accountMap,
-  profileMap,
+  cookies,
+  identityField,
+  listKey,
   keystonePath,
+  pages,
+  resolver,
   providers,
+  sessionData,
   sessionSecret
 }) {
   // The protectIdentities flag is currently under review to see whether it should be
   // part of the createAuth API (in which case its use cases need to be documented and tested)
   // or whether always being true is what we want, in which case we can refactor our code
   // to match this. -TL
-  const gqlNames = {
-    // Core
-    authenticateItemWithPassword: `authenticate${listKey}WithPassword`,
-    ItemAuthenticationWithPasswordResult: `${listKey}AuthenticationWithPasswordResult`,
-    ItemAuthenticationWithPasswordSuccess: `${listKey}AuthenticationWithPasswordSuccess`,
-    ItemAuthenticationWithPasswordFailure: `${listKey}AuthenticationWithPasswordFailure`,
-    // Initial data
-    CreateInitialInput: `CreateInitial${listKey}Input`,
-    createInitialItem: `createInitial${listKey}`
-  };
   const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
   /**
    * pageMiddleware
@@ -230,16 +204,14 @@ function createAuth({
     context,
     isValidSession
   }) => {
+    var _context;
+
     const {
       req,
       session
     } = context;
     const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname;
 
-    if (pathname === `${customPath}/api/__keystone_api_build`) {
-      return;
-    }
-
     if (isValidSession) {
       if (pathname === `${customPath}/api/auth/signin`) {
         return {
@@ -258,7 +230,11 @@ function createAuth({
       return;
     }
 
-    if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`)) {
+    if (_includesInstanceProperty(pathname).call(pathname, '/_next/') || _includesInstanceProperty(pathname).call(pathname, '/api/auth/')) {
+      return;
+    }
+
+    if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`) && !(_indexOfInstanceProperty(_context = _Object$values(pages)).call(_context, pathname) > -1)) {
       return {
         kind: 'redirect',
         to: `${customPath}/api/auth/signin`
@@ -280,14 +256,10 @@ function createAuth({
       mode: 'write',
       outputPath: 'pages/api/auth/[...nextauth].js',
       src: authTemplate({
-        gqlNames,
+        autoCreate,
         identityField,
-        sessionData,
         listKey,
-        autoCreate,
-        userMap,
-        accountMap,
-        profileMap,
+        sessionData,
         sessionSecret
       })
     }, {
@@ -306,7 +278,8 @@ function createAuth({
    */
 
 
-  const publicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`];
+  const publicPages = [`${customPath}/api/__keystone_api_build`, `${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
+  // @ts-ignore
 
   function addPages(provider) {
     const name = provider.id;
@@ -324,8 +297,7 @@ function createAuth({
 
   const extendGraphqlSchema = getSchemaExtension({
     identityField,
-    listKey,
-    gqlNames
+    listKey
   });
   /**
    * validateConfig
@@ -339,7 +311,9 @@ function createAuth({
     if (listConfig === undefined) {
       const msg = `A createAuth() invocation specifies the list "${listKey}" but no list with that key has been defined.`;
       throw new Error(msg);
-    } // TODO: Check for String-like typing for identityField? How?
+    } // TODO: Check if providers
+    // TODO: Check other required commands/data
+    // TODO: Check for String-like typing for identityField? How?
     // TODO: Validate that the identifyField is unique.
     // TODO: If this field isn't required, what happens if I try to log in as `null`?
 
@@ -347,9 +321,9 @@ function createAuth({
     const identityFieldConfig = listConfig.fields[identityField];
 
     if (identityFieldConfig === undefined) {
-      const i = _JSON$stringify(identityField);
+      const identityFieldName = _JSON$stringify(identityField);
 
-      const msg = `A createAuth() invocation for the "${listKey}" list specifies ${i} as its identityField but no field with that key exists on the list.`;
+      const msg = `A createAuth() invocation for the "${listKey}" list specifies ${identityFieldName} as its identityField but no field with that key exists on the list.`;
       throw new Error(msg);
     }
   };
@@ -372,7 +346,15 @@ function createAuth({
           sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
 
     return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
-      start,
+      start: async ({
+        res
+      }) => {
+        console.log('start');
+        const session = await start({
+          res
+        });
+        return session;
+      },
       get: async ({
         req
       }) => {
@@ -387,9 +369,8 @@ function createAuth({
         if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
           var _token$data;
 
-          const request = req;
           const token = await getToken({
-            req: request,
+            req,
             secret: sessionSecret
           });
 
@@ -418,6 +399,7 @@ function createAuth({
           secure: process.env.NODE_ENV === 'production',
           path: '/',
           sameSite: 'lax',
+          // TODO: Update parse to URL
           domain: url.parse(req.url).hostname
         }));
       }
@@ -454,19 +436,23 @@ function createAuth({
         },
         enableSessionItem: true,
         isAccessAllowed: async context => {
-          var _context$req, _context$req2, _keystoneConfig$ui3;
+          var _context$req, _keystoneConfig$ui3;
 
-          if (process.env.NODE_ENV !== 'production' && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL(context.req.url, 'http://example.com').pathname === `${customPath}/api/__keystone_api_build`) {
+          const {
+            req
+          } = context;
+          const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
+
+          if (_includesInstanceProperty(pathname).call(pathname, '/_next/')) {
             return true;
-          } // Allow access to the adminMeta data from the /init path to correctly render that page
-          // even if the user isn't logged in (which should always be the case if they're seeing /init)
+          } // Allow keystone to access /api/__keystone_api_build for hot reloading
 
 
-          const headers = (_context$req2 = context.req) === null || _context$req2 === void 0 ? void 0 : _context$req2.headers;
-          const host = headers ? headers['x-forwarded-host'] || headers.host : null;
-          const thisUrl = headers !== null && headers !== void 0 && headers.referer ? new _URL(headers.referer) : undefined;
-          const accessingInitPage = (thisUrl === null || thisUrl === void 0 ? void 0 : thisUrl.pathname) === '/init' && (thisUrl === null || thisUrl === void 0 ? void 0 : thisUrl.host) === host && (await context.sudo().query[listKey].count({})) === 0;
-          return accessingInitPage || ((_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined);
+          if (process.env.NODE_ENV !== 'production' && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL(context.req.url, 'http://example.com').pathname === `${customPath}/api/__keystone_api_build`) {
+            return true;
+          }
+
+          return (_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined;
         }
       });
     }
@@ -476,8 +462,11 @@ function createAuth({
     const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
     return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
       ui,
-      session,
+      cookies,
       providers,
+      pages,
+      resolver,
+      session,
       lists: _objectSpread({}, keystoneConfig.lists),
       experimental: _objectSpread(_objectSpread({}, keystoneConfig.experimental), {}, {
         generateNodeAPI: true

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opensaas/keystone-nextjs-auth",
-  "version": "20.5.0",
+  "version": "21.0.0",
   "repository": "https://github.com/opensaasau/keystone-nextjs-auth",
   "license": "MIT",
   "main": "dist/opensaas-keystone-nextjs-auth.cjs.js",