@opensaas/keystone-nextjs-auth 21.1.0 → 21.1.1
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +6 -0
- package/dist/declarations/src/index.d.ts +3 -3
- package/dist/opensaas-keystone-nextjs-auth.cjs.dev.js +23 -29
- package/dist/opensaas-keystone-nextjs-auth.cjs.prod.js +22 -28
- package/dist/opensaas-keystone-nextjs-auth.esm.js +23 -27
- package/package.json +1 -1
- package/src/index.ts +47 -42
package/CHANGELOG.md
CHANGED
@@ -1,11 +1,11 @@
|
|
1
|
-
import { BaseListTypeInfo, KeystoneConfig } from
|
2
|
-
import { AuthConfig, KeystoneOAuthConfig } from
|
1
|
+
import { BaseListTypeInfo, KeystoneConfig } from "@keystone-6/core/types";
|
2
|
+
import { AuthConfig, KeystoneOAuthConfig } from "./types";
|
3
3
|
/**
|
4
4
|
* createAuth function
|
5
5
|
*
|
6
6
|
* Generates config for Keystone to implement standard auth features.
|
7
7
|
*/
|
8
|
-
export type { NextAuthProviders, KeystoneOAuthConfig } from
|
8
|
+
export type { NextAuthProviders, KeystoneOAuthConfig } from "./types";
|
9
9
|
export declare function createAuth<GeneratedListTypes extends BaseListTypeInfo>({ autoCreate, cookies, identityField, listKey, keystonePath, pages, resolver, providers, sessionData, sessionSecret, }: AuthConfig<GeneratedListTypes>): {
|
10
10
|
withAuth: (keystoneConfig: KeystoneConfig) => KeystoneOAuthConfig;
|
11
11
|
};
|
@@ -5,8 +5,6 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
5
5
|
var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
|
6
6
|
var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProperties');
|
7
7
|
var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
|
8
|
-
var _indexOfInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/index-of');
|
9
|
-
var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/values');
|
10
8
|
var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
|
11
9
|
var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
|
12
10
|
var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
|
@@ -39,8 +37,6 @@ function _interopNamespace(e) {
|
|
39
37
|
}
|
40
38
|
|
41
39
|
var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
|
42
|
-
var _indexOfInstanceProperty__default = /*#__PURE__*/_interopDefault(_indexOfInstanceProperty);
|
43
|
-
var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
|
44
40
|
var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
|
45
41
|
var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
|
46
42
|
var _URL__default = /*#__PURE__*/_interopDefault(_URL);
|
@@ -223,7 +219,7 @@ function createAuth({
|
|
223
219
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
224
220
|
// or whether always being true is what we want, in which case we can refactor our code
|
225
221
|
// to match this. -TL
|
226
|
-
const customPath = !keystonePath || keystonePath ===
|
222
|
+
const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
|
227
223
|
/**
|
228
224
|
* pageMiddleware
|
229
225
|
*
|
@@ -239,8 +235,6 @@ function createAuth({
|
|
239
235
|
context,
|
240
236
|
isValidSession
|
241
237
|
}) => {
|
242
|
-
var _context;
|
243
|
-
|
244
238
|
const {
|
245
239
|
req,
|
246
240
|
session
|
@@ -250,14 +244,14 @@ function createAuth({
|
|
250
244
|
if (isValidSession) {
|
251
245
|
if (pathname === `${customPath}/api/auth/signin`) {
|
252
246
|
return {
|
253
|
-
kind:
|
247
|
+
kind: "redirect",
|
254
248
|
to: `${customPath}`
|
255
249
|
};
|
256
250
|
}
|
257
251
|
|
258
|
-
if (customPath !==
|
252
|
+
if (customPath !== "" && pathname === "/") {
|
259
253
|
return {
|
260
|
-
kind:
|
254
|
+
kind: "redirect",
|
261
255
|
to: `${customPath}`
|
262
256
|
};
|
263
257
|
}
|
@@ -265,14 +259,14 @@ function createAuth({
|
|
265
259
|
return;
|
266
260
|
}
|
267
261
|
|
268
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
262
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/_next/") || _includesInstanceProperty__default["default"](pathname).call(pathname, "/api/auth/") || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
269
263
|
return;
|
270
264
|
}
|
271
265
|
|
272
|
-
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)
|
266
|
+
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
|
273
267
|
return {
|
274
|
-
kind:
|
275
|
-
to: `${customPath}/api/auth/signin`
|
268
|
+
kind: "redirect",
|
269
|
+
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
276
270
|
};
|
277
271
|
}
|
278
272
|
};
|
@@ -288,8 +282,8 @@ function createAuth({
|
|
288
282
|
|
289
283
|
const getAdditionalFiles = () => {
|
290
284
|
const filesToWrite = [{
|
291
|
-
mode:
|
292
|
-
outputPath:
|
285
|
+
mode: "write",
|
286
|
+
outputPath: "pages/api/auth/[...nextauth].js",
|
293
287
|
src: authTemplate({
|
294
288
|
autoCreate,
|
295
289
|
identityField,
|
@@ -298,8 +292,8 @@ function createAuth({
|
|
298
292
|
sessionSecret
|
299
293
|
})
|
300
294
|
}, {
|
301
|
-
mode:
|
302
|
-
outputPath:
|
295
|
+
mode: "write",
|
296
|
+
outputPath: "next.config.js",
|
303
297
|
src: nextConfigTemplate({
|
304
298
|
keystonePath: customPath
|
305
299
|
})
|
@@ -384,7 +378,7 @@ function createAuth({
|
|
384
378
|
start: async ({
|
385
379
|
res
|
386
380
|
}) => {
|
387
|
-
console.log(
|
381
|
+
console.log("start");
|
388
382
|
const session = await start({
|
389
383
|
res
|
390
384
|
});
|
@@ -397,11 +391,11 @@ function createAuth({
|
|
397
391
|
|
398
392
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
399
393
|
|
400
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
394
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/api/auth")) {
|
401
395
|
return;
|
402
396
|
}
|
403
397
|
|
404
|
-
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(
|
398
|
+
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(" ")[0]) === "Bearer") {
|
405
399
|
var _token$data;
|
406
400
|
|
407
401
|
const token = await jwt.getToken({
|
@@ -426,14 +420,14 @@ function createAuth({
|
|
426
420
|
res,
|
427
421
|
req
|
428
422
|
}) => {
|
429
|
-
const TOKEN_NAME = process.env.NODE_ENV ===
|
430
|
-
res.setHeader(
|
423
|
+
const TOKEN_NAME = process.env.NODE_ENV === "production" ? "__Secure-next-auth.session-token" : "next-auth.session-token";
|
424
|
+
res.setHeader("Set-Cookie", cookie__namespace.serialize(TOKEN_NAME, "", {
|
431
425
|
maxAge: 0,
|
432
426
|
expires: new Date(),
|
433
427
|
httpOnly: true,
|
434
|
-
secure: process.env.NODE_ENV ===
|
435
|
-
path:
|
436
|
-
sameSite:
|
428
|
+
secure: process.env.NODE_ENV === "production",
|
429
|
+
path: "/",
|
430
|
+
sameSite: "lax",
|
437
431
|
// TODO: Update parse to URL
|
438
432
|
domain: url__default["default"].parse(req.url).hostname
|
439
433
|
}));
|
@@ -478,12 +472,12 @@ function createAuth({
|
|
478
472
|
} = context;
|
479
473
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
480
474
|
|
481
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
475
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/_next/")) {
|
482
476
|
return true;
|
483
477
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
484
478
|
|
485
479
|
|
486
|
-
if (process.env.NODE_ENV !==
|
480
|
+
if (process.env.NODE_ENV !== "production" && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL__default["default"](context.req.url, "http://example.com").pathname === `${customPath}/api/__keystone_api_build`) {
|
487
481
|
return true;
|
488
482
|
}
|
489
483
|
|
@@ -492,7 +486,7 @@ function createAuth({
|
|
492
486
|
});
|
493
487
|
}
|
494
488
|
|
495
|
-
if (!keystoneConfig.session) throw new TypeError(
|
489
|
+
if (!keystoneConfig.session) throw new TypeError("Missing .session configuration");
|
496
490
|
const session = withItemData(keystoneConfig.session);
|
497
491
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
498
492
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
@@ -5,8 +5,6 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
5
5
|
var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
|
6
6
|
var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProperties');
|
7
7
|
var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
|
8
|
-
var _indexOfInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/index-of');
|
9
|
-
var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/values');
|
10
8
|
var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
|
11
9
|
var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
|
12
10
|
require('@babel/runtime-corejs3/core-js-stable/url');
|
@@ -39,8 +37,6 @@ function _interopNamespace(e) {
|
|
39
37
|
}
|
40
38
|
|
41
39
|
var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
|
42
|
-
var _indexOfInstanceProperty__default = /*#__PURE__*/_interopDefault(_indexOfInstanceProperty);
|
43
|
-
var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
|
44
40
|
var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
|
45
41
|
var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
|
46
42
|
var url__default = /*#__PURE__*/_interopDefault(url);
|
@@ -222,7 +218,7 @@ function createAuth({
|
|
222
218
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
223
219
|
// or whether always being true is what we want, in which case we can refactor our code
|
224
220
|
// to match this. -TL
|
225
|
-
const customPath = !keystonePath || keystonePath ===
|
221
|
+
const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
|
226
222
|
/**
|
227
223
|
* pageMiddleware
|
228
224
|
*
|
@@ -238,8 +234,6 @@ function createAuth({
|
|
238
234
|
context,
|
239
235
|
isValidSession
|
240
236
|
}) => {
|
241
|
-
var _context;
|
242
|
-
|
243
237
|
const {
|
244
238
|
req,
|
245
239
|
session
|
@@ -249,14 +243,14 @@ function createAuth({
|
|
249
243
|
if (isValidSession) {
|
250
244
|
if (pathname === `${customPath}/api/auth/signin`) {
|
251
245
|
return {
|
252
|
-
kind:
|
246
|
+
kind: "redirect",
|
253
247
|
to: `${customPath}`
|
254
248
|
};
|
255
249
|
}
|
256
250
|
|
257
|
-
if (customPath !==
|
251
|
+
if (customPath !== "" && pathname === "/") {
|
258
252
|
return {
|
259
|
-
kind:
|
253
|
+
kind: "redirect",
|
260
254
|
to: `${customPath}`
|
261
255
|
};
|
262
256
|
}
|
@@ -264,14 +258,14 @@ function createAuth({
|
|
264
258
|
return;
|
265
259
|
}
|
266
260
|
|
267
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
261
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/_next/") || _includesInstanceProperty__default["default"](pathname).call(pathname, "/api/auth/") || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
268
262
|
return;
|
269
263
|
}
|
270
264
|
|
271
|
-
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)
|
265
|
+
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
|
272
266
|
return {
|
273
|
-
kind:
|
274
|
-
to: `${customPath}/api/auth/signin`
|
267
|
+
kind: "redirect",
|
268
|
+
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
275
269
|
};
|
276
270
|
}
|
277
271
|
};
|
@@ -287,8 +281,8 @@ function createAuth({
|
|
287
281
|
|
288
282
|
const getAdditionalFiles = () => {
|
289
283
|
const filesToWrite = [{
|
290
|
-
mode:
|
291
|
-
outputPath:
|
284
|
+
mode: "write",
|
285
|
+
outputPath: "pages/api/auth/[...nextauth].js",
|
292
286
|
src: authTemplate({
|
293
287
|
autoCreate,
|
294
288
|
identityField,
|
@@ -297,8 +291,8 @@ function createAuth({
|
|
297
291
|
sessionSecret
|
298
292
|
})
|
299
293
|
}, {
|
300
|
-
mode:
|
301
|
-
outputPath:
|
294
|
+
mode: "write",
|
295
|
+
outputPath: "next.config.js",
|
302
296
|
src: nextConfigTemplate({
|
303
297
|
keystonePath: customPath
|
304
298
|
})
|
@@ -383,7 +377,7 @@ function createAuth({
|
|
383
377
|
start: async ({
|
384
378
|
res
|
385
379
|
}) => {
|
386
|
-
console.log(
|
380
|
+
console.log("start");
|
387
381
|
const session = await start({
|
388
382
|
res
|
389
383
|
});
|
@@ -396,11 +390,11 @@ function createAuth({
|
|
396
390
|
|
397
391
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
398
392
|
|
399
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
393
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/api/auth")) {
|
400
394
|
return;
|
401
395
|
}
|
402
396
|
|
403
|
-
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(
|
397
|
+
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(" ")[0]) === "Bearer") {
|
404
398
|
var _token$data;
|
405
399
|
|
406
400
|
const token = await jwt.getToken({
|
@@ -425,14 +419,14 @@ function createAuth({
|
|
425
419
|
res,
|
426
420
|
req
|
427
421
|
}) => {
|
428
|
-
const TOKEN_NAME =
|
429
|
-
res.setHeader(
|
422
|
+
const TOKEN_NAME = "__Secure-next-auth.session-token" ;
|
423
|
+
res.setHeader("Set-Cookie", cookie__namespace.serialize(TOKEN_NAME, "", {
|
430
424
|
maxAge: 0,
|
431
425
|
expires: new Date(),
|
432
426
|
httpOnly: true,
|
433
|
-
secure: "production" ===
|
434
|
-
path:
|
435
|
-
sameSite:
|
427
|
+
secure: "production" === "production",
|
428
|
+
path: "/",
|
429
|
+
sameSite: "lax",
|
436
430
|
// TODO: Update parse to URL
|
437
431
|
domain: url__default["default"].parse(req.url).hostname
|
438
432
|
}));
|
@@ -477,7 +471,7 @@ function createAuth({
|
|
477
471
|
} = context;
|
478
472
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
479
473
|
|
480
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
474
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/_next/")) {
|
481
475
|
return true;
|
482
476
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
483
477
|
|
@@ -486,7 +480,7 @@ function createAuth({
|
|
486
480
|
});
|
487
481
|
}
|
488
482
|
|
489
|
-
if (!keystoneConfig.session) throw new TypeError(
|
483
|
+
if (!keystoneConfig.session) throw new TypeError("Missing .session configuration");
|
490
484
|
const session = withItemData(keystoneConfig.session);
|
491
485
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
492
486
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
@@ -1,8 +1,6 @@
|
|
1
1
|
import _objectSpread from '@babel/runtime/helpers/esm/objectSpread2';
|
2
2
|
import _objectWithoutProperties from '@babel/runtime/helpers/esm/objectWithoutProperties';
|
3
3
|
import _includesInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/includes';
|
4
|
-
import _indexOfInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/index-of';
|
5
|
-
import _Object$values from '@babel/runtime-corejs3/core-js-stable/object/values';
|
6
4
|
import _mapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/map';
|
7
5
|
import _JSON$stringify from '@babel/runtime-corejs3/core-js-stable/json/stringify';
|
8
6
|
import _URL from '@babel/runtime-corejs3/core-js-stable/url';
|
@@ -188,7 +186,7 @@ function createAuth({
|
|
188
186
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
189
187
|
// or whether always being true is what we want, in which case we can refactor our code
|
190
188
|
// to match this. -TL
|
191
|
-
const customPath = !keystonePath || keystonePath ===
|
189
|
+
const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
|
192
190
|
/**
|
193
191
|
* pageMiddleware
|
194
192
|
*
|
@@ -204,8 +202,6 @@ function createAuth({
|
|
204
202
|
context,
|
205
203
|
isValidSession
|
206
204
|
}) => {
|
207
|
-
var _context;
|
208
|
-
|
209
205
|
const {
|
210
206
|
req,
|
211
207
|
session
|
@@ -215,14 +211,14 @@ function createAuth({
|
|
215
211
|
if (isValidSession) {
|
216
212
|
if (pathname === `${customPath}/api/auth/signin`) {
|
217
213
|
return {
|
218
|
-
kind:
|
214
|
+
kind: "redirect",
|
219
215
|
to: `${customPath}`
|
220
216
|
};
|
221
217
|
}
|
222
218
|
|
223
|
-
if (customPath !==
|
219
|
+
if (customPath !== "" && pathname === "/") {
|
224
220
|
return {
|
225
|
-
kind:
|
221
|
+
kind: "redirect",
|
226
222
|
to: `${customPath}`
|
227
223
|
};
|
228
224
|
}
|
@@ -230,14 +226,14 @@ function createAuth({
|
|
230
226
|
return;
|
231
227
|
}
|
232
228
|
|
233
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
229
|
+
if (_includesInstanceProperty(pathname).call(pathname, "/_next/") || _includesInstanceProperty(pathname).call(pathname, "/api/auth/") || _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
234
230
|
return;
|
235
231
|
}
|
236
232
|
|
237
|
-
if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`)
|
233
|
+
if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`)) {
|
238
234
|
return {
|
239
|
-
kind:
|
240
|
-
to: `${customPath}/api/auth/signin`
|
235
|
+
kind: "redirect",
|
236
|
+
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
241
237
|
};
|
242
238
|
}
|
243
239
|
};
|
@@ -253,8 +249,8 @@ function createAuth({
|
|
253
249
|
|
254
250
|
const getAdditionalFiles = () => {
|
255
251
|
const filesToWrite = [{
|
256
|
-
mode:
|
257
|
-
outputPath:
|
252
|
+
mode: "write",
|
253
|
+
outputPath: "pages/api/auth/[...nextauth].js",
|
258
254
|
src: authTemplate({
|
259
255
|
autoCreate,
|
260
256
|
identityField,
|
@@ -263,8 +259,8 @@ function createAuth({
|
|
263
259
|
sessionSecret
|
264
260
|
})
|
265
261
|
}, {
|
266
|
-
mode:
|
267
|
-
outputPath:
|
262
|
+
mode: "write",
|
263
|
+
outputPath: "next.config.js",
|
268
264
|
src: nextConfigTemplate({
|
269
265
|
keystonePath: customPath
|
270
266
|
})
|
@@ -349,7 +345,7 @@ function createAuth({
|
|
349
345
|
start: async ({
|
350
346
|
res
|
351
347
|
}) => {
|
352
|
-
console.log(
|
348
|
+
console.log("start");
|
353
349
|
const session = await start({
|
354
350
|
res
|
355
351
|
});
|
@@ -362,11 +358,11 @@ function createAuth({
|
|
362
358
|
|
363
359
|
const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
364
360
|
|
365
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
361
|
+
if (_includesInstanceProperty(pathname).call(pathname, "/api/auth")) {
|
366
362
|
return;
|
367
363
|
}
|
368
364
|
|
369
|
-
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(
|
365
|
+
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(" ")[0]) === "Bearer") {
|
370
366
|
var _token$data;
|
371
367
|
|
372
368
|
const token = await getToken({
|
@@ -391,14 +387,14 @@ function createAuth({
|
|
391
387
|
res,
|
392
388
|
req
|
393
389
|
}) => {
|
394
|
-
const TOKEN_NAME = process.env.NODE_ENV ===
|
395
|
-
res.setHeader(
|
390
|
+
const TOKEN_NAME = process.env.NODE_ENV === "production" ? "__Secure-next-auth.session-token" : "next-auth.session-token";
|
391
|
+
res.setHeader("Set-Cookie", cookie.serialize(TOKEN_NAME, "", {
|
396
392
|
maxAge: 0,
|
397
393
|
expires: new Date(),
|
398
394
|
httpOnly: true,
|
399
|
-
secure: process.env.NODE_ENV ===
|
400
|
-
path:
|
401
|
-
sameSite:
|
395
|
+
secure: process.env.NODE_ENV === "production",
|
396
|
+
path: "/",
|
397
|
+
sameSite: "lax",
|
402
398
|
// TODO: Update parse to URL
|
403
399
|
domain: url.parse(req.url).hostname
|
404
400
|
}));
|
@@ -443,12 +439,12 @@ function createAuth({
|
|
443
439
|
} = context;
|
444
440
|
const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
445
441
|
|
446
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
442
|
+
if (_includesInstanceProperty(pathname).call(pathname, "/_next/")) {
|
447
443
|
return true;
|
448
444
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
449
445
|
|
450
446
|
|
451
|
-
if (process.env.NODE_ENV !==
|
447
|
+
if (process.env.NODE_ENV !== "production" && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL(context.req.url, "http://example.com").pathname === `${customPath}/api/__keystone_api_build`) {
|
452
448
|
return true;
|
453
449
|
}
|
454
450
|
|
@@ -457,7 +453,7 @@ function createAuth({
|
|
457
453
|
});
|
458
454
|
}
|
459
455
|
|
460
|
-
if (!keystoneConfig.session) throw new TypeError(
|
456
|
+
if (!keystoneConfig.session) throw new TypeError("Missing .session configuration");
|
461
457
|
const session = withItemData(keystoneConfig.session);
|
462
458
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
463
459
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
import url from
|
1
|
+
import url from "url";
|
2
2
|
import {
|
3
3
|
AdminFileToWrite,
|
4
4
|
BaseListTypeInfo,
|
@@ -7,19 +7,19 @@ import {
|
|
7
7
|
AdminUIConfig,
|
8
8
|
SessionStrategy,
|
9
9
|
BaseKeystoneTypeInfo,
|
10
|
-
} from
|
11
|
-
import { getSession } from
|
12
|
-
import { getToken } from
|
13
|
-
import { Provider } from
|
10
|
+
} from "@keystone-6/core/types";
|
11
|
+
import { getSession } from "next-auth/react";
|
12
|
+
import { getToken } from "next-auth/jwt";
|
13
|
+
import { Provider } from "next-auth/providers";
|
14
14
|
|
15
|
-
import * as cookie from
|
15
|
+
import * as cookie from "cookie";
|
16
16
|
|
17
|
-
import { nextConfigTemplate } from
|
17
|
+
import { nextConfigTemplate } from "./templates/next-config";
|
18
18
|
// import * as Path from 'path';
|
19
19
|
|
20
|
-
import { AuthConfig, KeystoneOAuthConfig, NextAuthSession } from
|
21
|
-
import { getSchemaExtension } from
|
22
|
-
import { authTemplate } from
|
20
|
+
import { AuthConfig, KeystoneOAuthConfig, NextAuthSession } from "./types";
|
21
|
+
import { getSchemaExtension } from "./schema";
|
22
|
+
import { authTemplate } from "./templates/auth";
|
23
23
|
|
24
24
|
/**
|
25
25
|
* createAuth function
|
@@ -27,7 +27,7 @@ import { authTemplate } from './templates/auth';
|
|
27
27
|
* Generates config for Keystone to implement standard auth features.
|
28
28
|
*/
|
29
29
|
|
30
|
-
export type { NextAuthProviders, KeystoneOAuthConfig } from
|
30
|
+
export type { NextAuthProviders, KeystoneOAuthConfig } from "./types";
|
31
31
|
export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
32
32
|
autoCreate,
|
33
33
|
cookies,
|
@@ -45,7 +45,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
45
45
|
// or whether always being true is what we want, in which case we can refactor our code
|
46
46
|
// to match this. -TL
|
47
47
|
|
48
|
-
const customPath = !keystonePath || keystonePath ===
|
48
|
+
const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
|
49
49
|
/**
|
50
50
|
* pageMiddleware
|
51
51
|
*
|
@@ -56,29 +56,34 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
56
56
|
* - to the init page when initFirstItem is configured, and there are no user in the database
|
57
57
|
* - to the signin page when no valid session is present
|
58
58
|
*/
|
59
|
-
const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>[
|
59
|
+
const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>["pageMiddleware"] =
|
60
60
|
async ({ context, isValidSession }) => {
|
61
61
|
const { req, session } = context;
|
62
62
|
const pathname = url.parse(req?.url!).pathname!;
|
63
63
|
|
64
64
|
if (isValidSession) {
|
65
65
|
if (pathname === `${customPath}/api/auth/signin`) {
|
66
|
-
return { kind:
|
66
|
+
return { kind: "redirect", to: `${customPath}` };
|
67
67
|
}
|
68
|
-
if (customPath !==
|
69
|
-
return { kind:
|
68
|
+
if (customPath !== "" && pathname === "/") {
|
69
|
+
return { kind: "redirect", to: `${customPath}` };
|
70
70
|
}
|
71
71
|
return;
|
72
72
|
}
|
73
|
-
if (pathname.includes('/_next/') || pathname.includes('/api/auth/')) {
|
74
|
-
return;
|
75
|
-
}
|
76
73
|
if (
|
77
|
-
|
78
|
-
|
79
|
-
|
74
|
+
pathname.includes("/_next/") ||
|
75
|
+
pathname.includes("/api/auth/") ||
|
76
|
+
pathname.includes(pages?.signIn) ||
|
77
|
+
pathname.includes(pages?.error) ||
|
78
|
+
pathname.includes(pages?.signOut)
|
80
79
|
) {
|
81
|
-
return
|
80
|
+
return;
|
81
|
+
}
|
82
|
+
if (!session && !pathname.includes(`${customPath}/api/auth/`)) {
|
83
|
+
return {
|
84
|
+
kind: "redirect",
|
85
|
+
to: pages?.signIn || `${customPath}/api/auth/signin`,
|
86
|
+
};
|
82
87
|
}
|
83
88
|
};
|
84
89
|
|
@@ -93,8 +98,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
93
98
|
const getAdditionalFiles = () => {
|
94
99
|
const filesToWrite: AdminFileToWrite[] = [
|
95
100
|
{
|
96
|
-
mode:
|
97
|
-
outputPath:
|
101
|
+
mode: "write",
|
102
|
+
outputPath: "pages/api/auth/[...nextauth].js",
|
98
103
|
src: authTemplate({
|
99
104
|
autoCreate,
|
100
105
|
identityField,
|
@@ -104,8 +109,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
104
109
|
}),
|
105
110
|
},
|
106
111
|
{
|
107
|
-
mode:
|
108
|
-
outputPath:
|
112
|
+
mode: "write",
|
113
|
+
outputPath: "next.config.js",
|
109
114
|
src: nextConfigTemplate({ keystonePath: customPath }),
|
110
115
|
},
|
111
116
|
];
|
@@ -187,17 +192,17 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
187
192
|
return {
|
188
193
|
...sessionStrategy,
|
189
194
|
start: async ({ res }) => {
|
190
|
-
console.log(
|
195
|
+
console.log("start");
|
191
196
|
|
192
197
|
const session = await start({ res });
|
193
198
|
return session;
|
194
199
|
},
|
195
200
|
get: async ({ req }) => {
|
196
201
|
const pathname = url.parse(req?.url!).pathname!;
|
197
|
-
if (pathname.includes(
|
202
|
+
if (pathname.includes("/api/auth")) {
|
198
203
|
return;
|
199
204
|
}
|
200
|
-
if (req.headers.authorization?.split(
|
205
|
+
if (req.headers.authorization?.split(" ")[0] === "Bearer") {
|
201
206
|
const token = (await getToken({
|
202
207
|
req,
|
203
208
|
secret: sessionSecret,
|
@@ -215,18 +220,18 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
215
220
|
},
|
216
221
|
end: async ({ res, req }) => {
|
217
222
|
const TOKEN_NAME =
|
218
|
-
process.env.NODE_ENV ===
|
219
|
-
?
|
220
|
-
:
|
223
|
+
process.env.NODE_ENV === "production"
|
224
|
+
? "__Secure-next-auth.session-token"
|
225
|
+
: "next-auth.session-token";
|
221
226
|
res.setHeader(
|
222
|
-
|
223
|
-
cookie.serialize(TOKEN_NAME,
|
227
|
+
"Set-Cookie",
|
228
|
+
cookie.serialize(TOKEN_NAME, "", {
|
224
229
|
maxAge: 0,
|
225
230
|
expires: new Date(),
|
226
231
|
httpOnly: true,
|
227
|
-
secure: process.env.NODE_ENV ===
|
228
|
-
path:
|
229
|
-
sameSite:
|
232
|
+
secure: process.env.NODE_ENV === "production",
|
233
|
+
path: "/",
|
234
|
+
sameSite: "lax",
|
230
235
|
// TODO: Update parse to URL
|
231
236
|
domain: url.parse(req.url as string).hostname as string,
|
232
237
|
})
|
@@ -265,15 +270,15 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
265
270
|
const pathname = url.parse(req?.url!).pathname!;
|
266
271
|
|
267
272
|
// Allow nextjs scripts and static files to be accessed without auth
|
268
|
-
if (pathname.includes(
|
273
|
+
if (pathname.includes("/_next/")) {
|
269
274
|
return true;
|
270
275
|
}
|
271
276
|
|
272
277
|
// Allow keystone to access /api/__keystone_api_build for hot reloading
|
273
278
|
if (
|
274
|
-
process.env.NODE_ENV !==
|
279
|
+
process.env.NODE_ENV !== "production" &&
|
275
280
|
context.req?.url !== undefined &&
|
276
|
-
new URL(context.req.url,
|
281
|
+
new URL(context.req.url, "http://example.com").pathname ===
|
277
282
|
`${customPath}/api/__keystone_api_build`
|
278
283
|
) {
|
279
284
|
return true;
|
@@ -287,7 +292,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
287
292
|
}
|
288
293
|
|
289
294
|
if (!keystoneConfig.session)
|
290
|
-
throw new TypeError(
|
295
|
+
throw new TypeError("Missing .session configuration");
|
291
296
|
const session = withItemData(keystoneConfig.session);
|
292
297
|
|
293
298
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|