@opensaas/keystone-nextjs-auth 21.1.0 → 21.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/declarations/src/index.d.ts +3 -3
- package/dist/opensaas-keystone-nextjs-auth.cjs.dev.js +23 -29
- package/dist/opensaas-keystone-nextjs-auth.cjs.prod.js +22 -28
- package/dist/opensaas-keystone-nextjs-auth.esm.js +23 -27
- package/package.json +1 -1
- package/src/index.ts +47 -42
package/CHANGELOG.md
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import { BaseListTypeInfo, KeystoneConfig } from
|
|
2
|
-
import { AuthConfig, KeystoneOAuthConfig } from
|
|
1
|
+
import { BaseListTypeInfo, KeystoneConfig } from "@keystone-6/core/types";
|
|
2
|
+
import { AuthConfig, KeystoneOAuthConfig } from "./types";
|
|
3
3
|
/**
|
|
4
4
|
* createAuth function
|
|
5
5
|
*
|
|
6
6
|
* Generates config for Keystone to implement standard auth features.
|
|
7
7
|
*/
|
|
8
|
-
export type { NextAuthProviders, KeystoneOAuthConfig } from
|
|
8
|
+
export type { NextAuthProviders, KeystoneOAuthConfig } from "./types";
|
|
9
9
|
export declare function createAuth<GeneratedListTypes extends BaseListTypeInfo>({ autoCreate, cookies, identityField, listKey, keystonePath, pages, resolver, providers, sessionData, sessionSecret, }: AuthConfig<GeneratedListTypes>): {
|
|
10
10
|
withAuth: (keystoneConfig: KeystoneConfig) => KeystoneOAuthConfig;
|
|
11
11
|
};
|
|
@@ -5,8 +5,6 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
|
5
5
|
var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
|
|
6
6
|
var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProperties');
|
|
7
7
|
var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
|
|
8
|
-
var _indexOfInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/index-of');
|
|
9
|
-
var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/values');
|
|
10
8
|
var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
|
|
11
9
|
var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
|
|
12
10
|
var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
|
|
@@ -39,8 +37,6 @@ function _interopNamespace(e) {
|
|
|
39
37
|
}
|
|
40
38
|
|
|
41
39
|
var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
|
|
42
|
-
var _indexOfInstanceProperty__default = /*#__PURE__*/_interopDefault(_indexOfInstanceProperty);
|
|
43
|
-
var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
|
|
44
40
|
var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
|
|
45
41
|
var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
|
|
46
42
|
var _URL__default = /*#__PURE__*/_interopDefault(_URL);
|
|
@@ -223,7 +219,7 @@ function createAuth({
|
|
|
223
219
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
|
224
220
|
// or whether always being true is what we want, in which case we can refactor our code
|
|
225
221
|
// to match this. -TL
|
|
226
|
-
const customPath = !keystonePath || keystonePath ===
|
|
222
|
+
const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
|
|
227
223
|
/**
|
|
228
224
|
* pageMiddleware
|
|
229
225
|
*
|
|
@@ -239,8 +235,6 @@ function createAuth({
|
|
|
239
235
|
context,
|
|
240
236
|
isValidSession
|
|
241
237
|
}) => {
|
|
242
|
-
var _context;
|
|
243
|
-
|
|
244
238
|
const {
|
|
245
239
|
req,
|
|
246
240
|
session
|
|
@@ -250,14 +244,14 @@ function createAuth({
|
|
|
250
244
|
if (isValidSession) {
|
|
251
245
|
if (pathname === `${customPath}/api/auth/signin`) {
|
|
252
246
|
return {
|
|
253
|
-
kind:
|
|
247
|
+
kind: "redirect",
|
|
254
248
|
to: `${customPath}`
|
|
255
249
|
};
|
|
256
250
|
}
|
|
257
251
|
|
|
258
|
-
if (customPath !==
|
|
252
|
+
if (customPath !== "" && pathname === "/") {
|
|
259
253
|
return {
|
|
260
|
-
kind:
|
|
254
|
+
kind: "redirect",
|
|
261
255
|
to: `${customPath}`
|
|
262
256
|
};
|
|
263
257
|
}
|
|
@@ -265,14 +259,14 @@ function createAuth({
|
|
|
265
259
|
return;
|
|
266
260
|
}
|
|
267
261
|
|
|
268
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
262
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/_next/") || _includesInstanceProperty__default["default"](pathname).call(pathname, "/api/auth/") || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
|
269
263
|
return;
|
|
270
264
|
}
|
|
271
265
|
|
|
272
|
-
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)
|
|
266
|
+
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
|
|
273
267
|
return {
|
|
274
|
-
kind:
|
|
275
|
-
to: `${customPath}/api/auth/signin`
|
|
268
|
+
kind: "redirect",
|
|
269
|
+
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
|
276
270
|
};
|
|
277
271
|
}
|
|
278
272
|
};
|
|
@@ -288,8 +282,8 @@ function createAuth({
|
|
|
288
282
|
|
|
289
283
|
const getAdditionalFiles = () => {
|
|
290
284
|
const filesToWrite = [{
|
|
291
|
-
mode:
|
|
292
|
-
outputPath:
|
|
285
|
+
mode: "write",
|
|
286
|
+
outputPath: "pages/api/auth/[...nextauth].js",
|
|
293
287
|
src: authTemplate({
|
|
294
288
|
autoCreate,
|
|
295
289
|
identityField,
|
|
@@ -298,8 +292,8 @@ function createAuth({
|
|
|
298
292
|
sessionSecret
|
|
299
293
|
})
|
|
300
294
|
}, {
|
|
301
|
-
mode:
|
|
302
|
-
outputPath:
|
|
295
|
+
mode: "write",
|
|
296
|
+
outputPath: "next.config.js",
|
|
303
297
|
src: nextConfigTemplate({
|
|
304
298
|
keystonePath: customPath
|
|
305
299
|
})
|
|
@@ -384,7 +378,7 @@ function createAuth({
|
|
|
384
378
|
start: async ({
|
|
385
379
|
res
|
|
386
380
|
}) => {
|
|
387
|
-
console.log(
|
|
381
|
+
console.log("start");
|
|
388
382
|
const session = await start({
|
|
389
383
|
res
|
|
390
384
|
});
|
|
@@ -397,11 +391,11 @@ function createAuth({
|
|
|
397
391
|
|
|
398
392
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
|
399
393
|
|
|
400
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
394
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/api/auth")) {
|
|
401
395
|
return;
|
|
402
396
|
}
|
|
403
397
|
|
|
404
|
-
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(
|
|
398
|
+
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(" ")[0]) === "Bearer") {
|
|
405
399
|
var _token$data;
|
|
406
400
|
|
|
407
401
|
const token = await jwt.getToken({
|
|
@@ -426,14 +420,14 @@ function createAuth({
|
|
|
426
420
|
res,
|
|
427
421
|
req
|
|
428
422
|
}) => {
|
|
429
|
-
const TOKEN_NAME = process.env.NODE_ENV ===
|
|
430
|
-
res.setHeader(
|
|
423
|
+
const TOKEN_NAME = process.env.NODE_ENV === "production" ? "__Secure-next-auth.session-token" : "next-auth.session-token";
|
|
424
|
+
res.setHeader("Set-Cookie", cookie__namespace.serialize(TOKEN_NAME, "", {
|
|
431
425
|
maxAge: 0,
|
|
432
426
|
expires: new Date(),
|
|
433
427
|
httpOnly: true,
|
|
434
|
-
secure: process.env.NODE_ENV ===
|
|
435
|
-
path:
|
|
436
|
-
sameSite:
|
|
428
|
+
secure: process.env.NODE_ENV === "production",
|
|
429
|
+
path: "/",
|
|
430
|
+
sameSite: "lax",
|
|
437
431
|
// TODO: Update parse to URL
|
|
438
432
|
domain: url__default["default"].parse(req.url).hostname
|
|
439
433
|
}));
|
|
@@ -478,12 +472,12 @@ function createAuth({
|
|
|
478
472
|
} = context;
|
|
479
473
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
|
480
474
|
|
|
481
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
475
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/_next/")) {
|
|
482
476
|
return true;
|
|
483
477
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
|
484
478
|
|
|
485
479
|
|
|
486
|
-
if (process.env.NODE_ENV !==
|
|
480
|
+
if (process.env.NODE_ENV !== "production" && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL__default["default"](context.req.url, "http://example.com").pathname === `${customPath}/api/__keystone_api_build`) {
|
|
487
481
|
return true;
|
|
488
482
|
}
|
|
489
483
|
|
|
@@ -492,7 +486,7 @@ function createAuth({
|
|
|
492
486
|
});
|
|
493
487
|
}
|
|
494
488
|
|
|
495
|
-
if (!keystoneConfig.session) throw new TypeError(
|
|
489
|
+
if (!keystoneConfig.session) throw new TypeError("Missing .session configuration");
|
|
496
490
|
const session = withItemData(keystoneConfig.session);
|
|
497
491
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
|
498
492
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
|
@@ -5,8 +5,6 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
|
5
5
|
var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
|
|
6
6
|
var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProperties');
|
|
7
7
|
var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
|
|
8
|
-
var _indexOfInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/index-of');
|
|
9
|
-
var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/values');
|
|
10
8
|
var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
|
|
11
9
|
var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
|
|
12
10
|
require('@babel/runtime-corejs3/core-js-stable/url');
|
|
@@ -39,8 +37,6 @@ function _interopNamespace(e) {
|
|
|
39
37
|
}
|
|
40
38
|
|
|
41
39
|
var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
|
|
42
|
-
var _indexOfInstanceProperty__default = /*#__PURE__*/_interopDefault(_indexOfInstanceProperty);
|
|
43
|
-
var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
|
|
44
40
|
var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
|
|
45
41
|
var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
|
|
46
42
|
var url__default = /*#__PURE__*/_interopDefault(url);
|
|
@@ -222,7 +218,7 @@ function createAuth({
|
|
|
222
218
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
|
223
219
|
// or whether always being true is what we want, in which case we can refactor our code
|
|
224
220
|
// to match this. -TL
|
|
225
|
-
const customPath = !keystonePath || keystonePath ===
|
|
221
|
+
const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
|
|
226
222
|
/**
|
|
227
223
|
* pageMiddleware
|
|
228
224
|
*
|
|
@@ -238,8 +234,6 @@ function createAuth({
|
|
|
238
234
|
context,
|
|
239
235
|
isValidSession
|
|
240
236
|
}) => {
|
|
241
|
-
var _context;
|
|
242
|
-
|
|
243
237
|
const {
|
|
244
238
|
req,
|
|
245
239
|
session
|
|
@@ -249,14 +243,14 @@ function createAuth({
|
|
|
249
243
|
if (isValidSession) {
|
|
250
244
|
if (pathname === `${customPath}/api/auth/signin`) {
|
|
251
245
|
return {
|
|
252
|
-
kind:
|
|
246
|
+
kind: "redirect",
|
|
253
247
|
to: `${customPath}`
|
|
254
248
|
};
|
|
255
249
|
}
|
|
256
250
|
|
|
257
|
-
if (customPath !==
|
|
251
|
+
if (customPath !== "" && pathname === "/") {
|
|
258
252
|
return {
|
|
259
|
-
kind:
|
|
253
|
+
kind: "redirect",
|
|
260
254
|
to: `${customPath}`
|
|
261
255
|
};
|
|
262
256
|
}
|
|
@@ -264,14 +258,14 @@ function createAuth({
|
|
|
264
258
|
return;
|
|
265
259
|
}
|
|
266
260
|
|
|
267
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
261
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/_next/") || _includesInstanceProperty__default["default"](pathname).call(pathname, "/api/auth/") || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
|
268
262
|
return;
|
|
269
263
|
}
|
|
270
264
|
|
|
271
|
-
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)
|
|
265
|
+
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
|
|
272
266
|
return {
|
|
273
|
-
kind:
|
|
274
|
-
to: `${customPath}/api/auth/signin`
|
|
267
|
+
kind: "redirect",
|
|
268
|
+
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
|
275
269
|
};
|
|
276
270
|
}
|
|
277
271
|
};
|
|
@@ -287,8 +281,8 @@ function createAuth({
|
|
|
287
281
|
|
|
288
282
|
const getAdditionalFiles = () => {
|
|
289
283
|
const filesToWrite = [{
|
|
290
|
-
mode:
|
|
291
|
-
outputPath:
|
|
284
|
+
mode: "write",
|
|
285
|
+
outputPath: "pages/api/auth/[...nextauth].js",
|
|
292
286
|
src: authTemplate({
|
|
293
287
|
autoCreate,
|
|
294
288
|
identityField,
|
|
@@ -297,8 +291,8 @@ function createAuth({
|
|
|
297
291
|
sessionSecret
|
|
298
292
|
})
|
|
299
293
|
}, {
|
|
300
|
-
mode:
|
|
301
|
-
outputPath:
|
|
294
|
+
mode: "write",
|
|
295
|
+
outputPath: "next.config.js",
|
|
302
296
|
src: nextConfigTemplate({
|
|
303
297
|
keystonePath: customPath
|
|
304
298
|
})
|
|
@@ -383,7 +377,7 @@ function createAuth({
|
|
|
383
377
|
start: async ({
|
|
384
378
|
res
|
|
385
379
|
}) => {
|
|
386
|
-
console.log(
|
|
380
|
+
console.log("start");
|
|
387
381
|
const session = await start({
|
|
388
382
|
res
|
|
389
383
|
});
|
|
@@ -396,11 +390,11 @@ function createAuth({
|
|
|
396
390
|
|
|
397
391
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
|
398
392
|
|
|
399
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
393
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/api/auth")) {
|
|
400
394
|
return;
|
|
401
395
|
}
|
|
402
396
|
|
|
403
|
-
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(
|
|
397
|
+
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(" ")[0]) === "Bearer") {
|
|
404
398
|
var _token$data;
|
|
405
399
|
|
|
406
400
|
const token = await jwt.getToken({
|
|
@@ -425,14 +419,14 @@ function createAuth({
|
|
|
425
419
|
res,
|
|
426
420
|
req
|
|
427
421
|
}) => {
|
|
428
|
-
const TOKEN_NAME =
|
|
429
|
-
res.setHeader(
|
|
422
|
+
const TOKEN_NAME = "__Secure-next-auth.session-token" ;
|
|
423
|
+
res.setHeader("Set-Cookie", cookie__namespace.serialize(TOKEN_NAME, "", {
|
|
430
424
|
maxAge: 0,
|
|
431
425
|
expires: new Date(),
|
|
432
426
|
httpOnly: true,
|
|
433
|
-
secure: "production" ===
|
|
434
|
-
path:
|
|
435
|
-
sameSite:
|
|
427
|
+
secure: "production" === "production",
|
|
428
|
+
path: "/",
|
|
429
|
+
sameSite: "lax",
|
|
436
430
|
// TODO: Update parse to URL
|
|
437
431
|
domain: url__default["default"].parse(req.url).hostname
|
|
438
432
|
}));
|
|
@@ -477,7 +471,7 @@ function createAuth({
|
|
|
477
471
|
} = context;
|
|
478
472
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
|
479
473
|
|
|
480
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
474
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, "/_next/")) {
|
|
481
475
|
return true;
|
|
482
476
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
|
483
477
|
|
|
@@ -486,7 +480,7 @@ function createAuth({
|
|
|
486
480
|
});
|
|
487
481
|
}
|
|
488
482
|
|
|
489
|
-
if (!keystoneConfig.session) throw new TypeError(
|
|
483
|
+
if (!keystoneConfig.session) throw new TypeError("Missing .session configuration");
|
|
490
484
|
const session = withItemData(keystoneConfig.session);
|
|
491
485
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
|
492
486
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
import _objectSpread from '@babel/runtime/helpers/esm/objectSpread2';
|
|
2
2
|
import _objectWithoutProperties from '@babel/runtime/helpers/esm/objectWithoutProperties';
|
|
3
3
|
import _includesInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/includes';
|
|
4
|
-
import _indexOfInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/index-of';
|
|
5
|
-
import _Object$values from '@babel/runtime-corejs3/core-js-stable/object/values';
|
|
6
4
|
import _mapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/map';
|
|
7
5
|
import _JSON$stringify from '@babel/runtime-corejs3/core-js-stable/json/stringify';
|
|
8
6
|
import _URL from '@babel/runtime-corejs3/core-js-stable/url';
|
|
@@ -188,7 +186,7 @@ function createAuth({
|
|
|
188
186
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
|
189
187
|
// or whether always being true is what we want, in which case we can refactor our code
|
|
190
188
|
// to match this. -TL
|
|
191
|
-
const customPath = !keystonePath || keystonePath ===
|
|
189
|
+
const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
|
|
192
190
|
/**
|
|
193
191
|
* pageMiddleware
|
|
194
192
|
*
|
|
@@ -204,8 +202,6 @@ function createAuth({
|
|
|
204
202
|
context,
|
|
205
203
|
isValidSession
|
|
206
204
|
}) => {
|
|
207
|
-
var _context;
|
|
208
|
-
|
|
209
205
|
const {
|
|
210
206
|
req,
|
|
211
207
|
session
|
|
@@ -215,14 +211,14 @@ function createAuth({
|
|
|
215
211
|
if (isValidSession) {
|
|
216
212
|
if (pathname === `${customPath}/api/auth/signin`) {
|
|
217
213
|
return {
|
|
218
|
-
kind:
|
|
214
|
+
kind: "redirect",
|
|
219
215
|
to: `${customPath}`
|
|
220
216
|
};
|
|
221
217
|
}
|
|
222
218
|
|
|
223
|
-
if (customPath !==
|
|
219
|
+
if (customPath !== "" && pathname === "/") {
|
|
224
220
|
return {
|
|
225
|
-
kind:
|
|
221
|
+
kind: "redirect",
|
|
226
222
|
to: `${customPath}`
|
|
227
223
|
};
|
|
228
224
|
}
|
|
@@ -230,14 +226,14 @@ function createAuth({
|
|
|
230
226
|
return;
|
|
231
227
|
}
|
|
232
228
|
|
|
233
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
|
229
|
+
if (_includesInstanceProperty(pathname).call(pathname, "/_next/") || _includesInstanceProperty(pathname).call(pathname, "/api/auth/") || _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
|
234
230
|
return;
|
|
235
231
|
}
|
|
236
232
|
|
|
237
|
-
if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`)
|
|
233
|
+
if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`)) {
|
|
238
234
|
return {
|
|
239
|
-
kind:
|
|
240
|
-
to: `${customPath}/api/auth/signin`
|
|
235
|
+
kind: "redirect",
|
|
236
|
+
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
|
241
237
|
};
|
|
242
238
|
}
|
|
243
239
|
};
|
|
@@ -253,8 +249,8 @@ function createAuth({
|
|
|
253
249
|
|
|
254
250
|
const getAdditionalFiles = () => {
|
|
255
251
|
const filesToWrite = [{
|
|
256
|
-
mode:
|
|
257
|
-
outputPath:
|
|
252
|
+
mode: "write",
|
|
253
|
+
outputPath: "pages/api/auth/[...nextauth].js",
|
|
258
254
|
src: authTemplate({
|
|
259
255
|
autoCreate,
|
|
260
256
|
identityField,
|
|
@@ -263,8 +259,8 @@ function createAuth({
|
|
|
263
259
|
sessionSecret
|
|
264
260
|
})
|
|
265
261
|
}, {
|
|
266
|
-
mode:
|
|
267
|
-
outputPath:
|
|
262
|
+
mode: "write",
|
|
263
|
+
outputPath: "next.config.js",
|
|
268
264
|
src: nextConfigTemplate({
|
|
269
265
|
keystonePath: customPath
|
|
270
266
|
})
|
|
@@ -349,7 +345,7 @@ function createAuth({
|
|
|
349
345
|
start: async ({
|
|
350
346
|
res
|
|
351
347
|
}) => {
|
|
352
|
-
console.log(
|
|
348
|
+
console.log("start");
|
|
353
349
|
const session = await start({
|
|
354
350
|
res
|
|
355
351
|
});
|
|
@@ -362,11 +358,11 @@ function createAuth({
|
|
|
362
358
|
|
|
363
359
|
const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
|
364
360
|
|
|
365
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
|
361
|
+
if (_includesInstanceProperty(pathname).call(pathname, "/api/auth")) {
|
|
366
362
|
return;
|
|
367
363
|
}
|
|
368
364
|
|
|
369
|
-
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(
|
|
365
|
+
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(" ")[0]) === "Bearer") {
|
|
370
366
|
var _token$data;
|
|
371
367
|
|
|
372
368
|
const token = await getToken({
|
|
@@ -391,14 +387,14 @@ function createAuth({
|
|
|
391
387
|
res,
|
|
392
388
|
req
|
|
393
389
|
}) => {
|
|
394
|
-
const TOKEN_NAME = process.env.NODE_ENV ===
|
|
395
|
-
res.setHeader(
|
|
390
|
+
const TOKEN_NAME = process.env.NODE_ENV === "production" ? "__Secure-next-auth.session-token" : "next-auth.session-token";
|
|
391
|
+
res.setHeader("Set-Cookie", cookie.serialize(TOKEN_NAME, "", {
|
|
396
392
|
maxAge: 0,
|
|
397
393
|
expires: new Date(),
|
|
398
394
|
httpOnly: true,
|
|
399
|
-
secure: process.env.NODE_ENV ===
|
|
400
|
-
path:
|
|
401
|
-
sameSite:
|
|
395
|
+
secure: process.env.NODE_ENV === "production",
|
|
396
|
+
path: "/",
|
|
397
|
+
sameSite: "lax",
|
|
402
398
|
// TODO: Update parse to URL
|
|
403
399
|
domain: url.parse(req.url).hostname
|
|
404
400
|
}));
|
|
@@ -443,12 +439,12 @@ function createAuth({
|
|
|
443
439
|
} = context;
|
|
444
440
|
const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
|
445
441
|
|
|
446
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
|
442
|
+
if (_includesInstanceProperty(pathname).call(pathname, "/_next/")) {
|
|
447
443
|
return true;
|
|
448
444
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
|
449
445
|
|
|
450
446
|
|
|
451
|
-
if (process.env.NODE_ENV !==
|
|
447
|
+
if (process.env.NODE_ENV !== "production" && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL(context.req.url, "http://example.com").pathname === `${customPath}/api/__keystone_api_build`) {
|
|
452
448
|
return true;
|
|
453
449
|
}
|
|
454
450
|
|
|
@@ -457,7 +453,7 @@ function createAuth({
|
|
|
457
453
|
});
|
|
458
454
|
}
|
|
459
455
|
|
|
460
|
-
if (!keystoneConfig.session) throw new TypeError(
|
|
456
|
+
if (!keystoneConfig.session) throw new TypeError("Missing .session configuration");
|
|
461
457
|
const session = withItemData(keystoneConfig.session);
|
|
462
458
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
|
463
459
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import url from
|
|
1
|
+
import url from "url";
|
|
2
2
|
import {
|
|
3
3
|
AdminFileToWrite,
|
|
4
4
|
BaseListTypeInfo,
|
|
@@ -7,19 +7,19 @@ import {
|
|
|
7
7
|
AdminUIConfig,
|
|
8
8
|
SessionStrategy,
|
|
9
9
|
BaseKeystoneTypeInfo,
|
|
10
|
-
} from
|
|
11
|
-
import { getSession } from
|
|
12
|
-
import { getToken } from
|
|
13
|
-
import { Provider } from
|
|
10
|
+
} from "@keystone-6/core/types";
|
|
11
|
+
import { getSession } from "next-auth/react";
|
|
12
|
+
import { getToken } from "next-auth/jwt";
|
|
13
|
+
import { Provider } from "next-auth/providers";
|
|
14
14
|
|
|
15
|
-
import * as cookie from
|
|
15
|
+
import * as cookie from "cookie";
|
|
16
16
|
|
|
17
|
-
import { nextConfigTemplate } from
|
|
17
|
+
import { nextConfigTemplate } from "./templates/next-config";
|
|
18
18
|
// import * as Path from 'path';
|
|
19
19
|
|
|
20
|
-
import { AuthConfig, KeystoneOAuthConfig, NextAuthSession } from
|
|
21
|
-
import { getSchemaExtension } from
|
|
22
|
-
import { authTemplate } from
|
|
20
|
+
import { AuthConfig, KeystoneOAuthConfig, NextAuthSession } from "./types";
|
|
21
|
+
import { getSchemaExtension } from "./schema";
|
|
22
|
+
import { authTemplate } from "./templates/auth";
|
|
23
23
|
|
|
24
24
|
/**
|
|
25
25
|
* createAuth function
|
|
@@ -27,7 +27,7 @@ import { authTemplate } from './templates/auth';
|
|
|
27
27
|
* Generates config for Keystone to implement standard auth features.
|
|
28
28
|
*/
|
|
29
29
|
|
|
30
|
-
export type { NextAuthProviders, KeystoneOAuthConfig } from
|
|
30
|
+
export type { NextAuthProviders, KeystoneOAuthConfig } from "./types";
|
|
31
31
|
export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
32
32
|
autoCreate,
|
|
33
33
|
cookies,
|
|
@@ -45,7 +45,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
45
45
|
// or whether always being true is what we want, in which case we can refactor our code
|
|
46
46
|
// to match this. -TL
|
|
47
47
|
|
|
48
|
-
const customPath = !keystonePath || keystonePath ===
|
|
48
|
+
const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
|
|
49
49
|
/**
|
|
50
50
|
* pageMiddleware
|
|
51
51
|
*
|
|
@@ -56,29 +56,34 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
56
56
|
* - to the init page when initFirstItem is configured, and there are no user in the database
|
|
57
57
|
* - to the signin page when no valid session is present
|
|
58
58
|
*/
|
|
59
|
-
const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>[
|
|
59
|
+
const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>["pageMiddleware"] =
|
|
60
60
|
async ({ context, isValidSession }) => {
|
|
61
61
|
const { req, session } = context;
|
|
62
62
|
const pathname = url.parse(req?.url!).pathname!;
|
|
63
63
|
|
|
64
64
|
if (isValidSession) {
|
|
65
65
|
if (pathname === `${customPath}/api/auth/signin`) {
|
|
66
|
-
return { kind:
|
|
66
|
+
return { kind: "redirect", to: `${customPath}` };
|
|
67
67
|
}
|
|
68
|
-
if (customPath !==
|
|
69
|
-
return { kind:
|
|
68
|
+
if (customPath !== "" && pathname === "/") {
|
|
69
|
+
return { kind: "redirect", to: `${customPath}` };
|
|
70
70
|
}
|
|
71
71
|
return;
|
|
72
72
|
}
|
|
73
|
-
if (pathname.includes('/_next/') || pathname.includes('/api/auth/')) {
|
|
74
|
-
return;
|
|
75
|
-
}
|
|
76
73
|
if (
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
74
|
+
pathname.includes("/_next/") ||
|
|
75
|
+
pathname.includes("/api/auth/") ||
|
|
76
|
+
pathname.includes(pages?.signIn) ||
|
|
77
|
+
pathname.includes(pages?.error) ||
|
|
78
|
+
pathname.includes(pages?.signOut)
|
|
80
79
|
) {
|
|
81
|
-
return
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
82
|
+
if (!session && !pathname.includes(`${customPath}/api/auth/`)) {
|
|
83
|
+
return {
|
|
84
|
+
kind: "redirect",
|
|
85
|
+
to: pages?.signIn || `${customPath}/api/auth/signin`,
|
|
86
|
+
};
|
|
82
87
|
}
|
|
83
88
|
};
|
|
84
89
|
|
|
@@ -93,8 +98,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
93
98
|
const getAdditionalFiles = () => {
|
|
94
99
|
const filesToWrite: AdminFileToWrite[] = [
|
|
95
100
|
{
|
|
96
|
-
mode:
|
|
97
|
-
outputPath:
|
|
101
|
+
mode: "write",
|
|
102
|
+
outputPath: "pages/api/auth/[...nextauth].js",
|
|
98
103
|
src: authTemplate({
|
|
99
104
|
autoCreate,
|
|
100
105
|
identityField,
|
|
@@ -104,8 +109,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
104
109
|
}),
|
|
105
110
|
},
|
|
106
111
|
{
|
|
107
|
-
mode:
|
|
108
|
-
outputPath:
|
|
112
|
+
mode: "write",
|
|
113
|
+
outputPath: "next.config.js",
|
|
109
114
|
src: nextConfigTemplate({ keystonePath: customPath }),
|
|
110
115
|
},
|
|
111
116
|
];
|
|
@@ -187,17 +192,17 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
187
192
|
return {
|
|
188
193
|
...sessionStrategy,
|
|
189
194
|
start: async ({ res }) => {
|
|
190
|
-
console.log(
|
|
195
|
+
console.log("start");
|
|
191
196
|
|
|
192
197
|
const session = await start({ res });
|
|
193
198
|
return session;
|
|
194
199
|
},
|
|
195
200
|
get: async ({ req }) => {
|
|
196
201
|
const pathname = url.parse(req?.url!).pathname!;
|
|
197
|
-
if (pathname.includes(
|
|
202
|
+
if (pathname.includes("/api/auth")) {
|
|
198
203
|
return;
|
|
199
204
|
}
|
|
200
|
-
if (req.headers.authorization?.split(
|
|
205
|
+
if (req.headers.authorization?.split(" ")[0] === "Bearer") {
|
|
201
206
|
const token = (await getToken({
|
|
202
207
|
req,
|
|
203
208
|
secret: sessionSecret,
|
|
@@ -215,18 +220,18 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
215
220
|
},
|
|
216
221
|
end: async ({ res, req }) => {
|
|
217
222
|
const TOKEN_NAME =
|
|
218
|
-
process.env.NODE_ENV ===
|
|
219
|
-
?
|
|
220
|
-
:
|
|
223
|
+
process.env.NODE_ENV === "production"
|
|
224
|
+
? "__Secure-next-auth.session-token"
|
|
225
|
+
: "next-auth.session-token";
|
|
221
226
|
res.setHeader(
|
|
222
|
-
|
|
223
|
-
cookie.serialize(TOKEN_NAME,
|
|
227
|
+
"Set-Cookie",
|
|
228
|
+
cookie.serialize(TOKEN_NAME, "", {
|
|
224
229
|
maxAge: 0,
|
|
225
230
|
expires: new Date(),
|
|
226
231
|
httpOnly: true,
|
|
227
|
-
secure: process.env.NODE_ENV ===
|
|
228
|
-
path:
|
|
229
|
-
sameSite:
|
|
232
|
+
secure: process.env.NODE_ENV === "production",
|
|
233
|
+
path: "/",
|
|
234
|
+
sameSite: "lax",
|
|
230
235
|
// TODO: Update parse to URL
|
|
231
236
|
domain: url.parse(req.url as string).hostname as string,
|
|
232
237
|
})
|
|
@@ -265,15 +270,15 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
265
270
|
const pathname = url.parse(req?.url!).pathname!;
|
|
266
271
|
|
|
267
272
|
// Allow nextjs scripts and static files to be accessed without auth
|
|
268
|
-
if (pathname.includes(
|
|
273
|
+
if (pathname.includes("/_next/")) {
|
|
269
274
|
return true;
|
|
270
275
|
}
|
|
271
276
|
|
|
272
277
|
// Allow keystone to access /api/__keystone_api_build for hot reloading
|
|
273
278
|
if (
|
|
274
|
-
process.env.NODE_ENV !==
|
|
279
|
+
process.env.NODE_ENV !== "production" &&
|
|
275
280
|
context.req?.url !== undefined &&
|
|
276
|
-
new URL(context.req.url,
|
|
281
|
+
new URL(context.req.url, "http://example.com").pathname ===
|
|
277
282
|
`${customPath}/api/__keystone_api_build`
|
|
278
283
|
) {
|
|
279
284
|
return true;
|
|
@@ -287,7 +292,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
287
292
|
}
|
|
288
293
|
|
|
289
294
|
if (!keystoneConfig.session)
|
|
290
|
-
throw new TypeError(
|
|
295
|
+
throw new TypeError("Missing .session configuration");
|
|
291
296
|
const session = withItemData(keystoneConfig.session);
|
|
292
297
|
|
|
293
298
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|