@opensaas/keystone-nextjs-auth 21.1.1 → 22.0.0
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +6 -0
- package/dist/declarations/src/index.d.ts +3 -3
- package/dist/declarations/src/pages/NextAuthPage.d.ts +7 -1
- package/dist/declarations/src/templates/next-config.d.ts +1 -1
- package/dist/declarations/src/types.d.ts +30 -4
- package/dist/opensaas-keystone-nextjs-auth.cjs.dev.js +25 -35
- package/dist/opensaas-keystone-nextjs-auth.cjs.prod.js +24 -34
- package/dist/opensaas-keystone-nextjs-auth.esm.js +25 -35
- package/package.json +1 -1
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.cjs.dev.js +25 -13
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.cjs.prod.js +25 -13
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.esm.js +25 -12
- package/src/gql/getBaseAuthSchema.ts +1 -4
- package/src/index.ts +70 -76
- package/src/lib/findMatchingIdentity.ts +1 -4
- package/src/pages/NextAuthPage.tsx +25 -33
- package/src/schema.ts +2 -4
- package/src/templates/next-config.ts +1 -5
- package/src/types.ts +29 -10
package/CHANGELOG.md
CHANGED
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import { BaseListTypeInfo, KeystoneConfig } from
|
|
2
|
-
import { AuthConfig, KeystoneOAuthConfig } from
|
|
1
|
+
import { BaseListTypeInfo, KeystoneConfig } from '@keystone-6/core/types';
|
|
2
|
+
import { AuthConfig, KeystoneOAuthConfig } from './types';
|
|
3
3
|
/**
|
|
4
4
|
* createAuth function
|
|
5
5
|
*
|
|
6
6
|
* Generates config for Keystone to implement standard auth features.
|
|
7
7
|
*/
|
|
8
|
-
export type { NextAuthProviders, KeystoneOAuthConfig } from
|
|
8
|
+
export type { NextAuthProviders, KeystoneOAuthConfig } from './types';
|
|
9
9
|
export declare function createAuth<GeneratedListTypes extends BaseListTypeInfo>({ autoCreate, cookies, identityField, listKey, keystonePath, pages, resolver, providers, sessionData, sessionSecret, }: AuthConfig<GeneratedListTypes>): {
|
|
10
10
|
withAuth: (keystoneConfig: KeystoneConfig) => KeystoneOAuthConfig;
|
|
11
11
|
};
|
|
@@ -11,7 +11,13 @@ declare type CoreNextAuthPageProps = {
|
|
|
11
11
|
listKey: string;
|
|
12
12
|
pages?: Partial<PagesOptions>;
|
|
13
13
|
providers?: Provider[];
|
|
14
|
-
resolver?:
|
|
14
|
+
resolver?: (args: {
|
|
15
|
+
user: any;
|
|
16
|
+
profile: any;
|
|
17
|
+
account: any;
|
|
18
|
+
}) => {
|
|
19
|
+
[key: string]: boolean | string | number;
|
|
20
|
+
};
|
|
15
21
|
sessionData: string | undefined;
|
|
16
22
|
sessionSecret: string;
|
|
17
23
|
};
|
|
@@ -1,6 +1,26 @@
|
|
|
1
|
-
|
|
2
|
-
import {
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
import type { ServerResponse, IncomingMessage } from 'http';
|
|
3
|
+
import type { NextRequest } from 'next/server';
|
|
3
4
|
import { Provider } from 'next-auth/providers';
|
|
5
|
+
import { CookiesOptions, PagesOptions } from 'next-auth';
|
|
6
|
+
import { BaseListTypeInfo, KeystoneConfig, CreateContext } from '@keystone-6/core/types';
|
|
7
|
+
declare type NextAuthResponse = IncomingMessage & NextRequest;
|
|
8
|
+
export declare type AuthSessionStrategy<StoredSessionData> = {
|
|
9
|
+
start: (args: {
|
|
10
|
+
res: ServerResponse;
|
|
11
|
+
data: any;
|
|
12
|
+
createContext: CreateContext;
|
|
13
|
+
}) => Promise<string>;
|
|
14
|
+
end: (args: {
|
|
15
|
+
req: IncomingMessage;
|
|
16
|
+
res: ServerResponse;
|
|
17
|
+
createContext: CreateContext;
|
|
18
|
+
}) => Promise<void>;
|
|
19
|
+
get: (args: {
|
|
20
|
+
req: NextAuthResponse;
|
|
21
|
+
createContext: CreateContext;
|
|
22
|
+
}) => Promise<StoredSessionData | undefined>;
|
|
23
|
+
};
|
|
4
24
|
export declare type NextAuthSession = {
|
|
5
25
|
listKey: string;
|
|
6
26
|
itemId: string;
|
|
@@ -27,11 +47,17 @@ export declare type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
|
|
|
27
47
|
identityField: GeneratedListTypes['fields'];
|
|
28
48
|
/** Path for Keystone interface */
|
|
29
49
|
keystonePath?: string;
|
|
30
|
-
pages?:
|
|
50
|
+
pages?: Partial<PagesOptions>;
|
|
31
51
|
/** Providers for Next Auth */
|
|
32
52
|
providers: NextAuthProviders;
|
|
33
53
|
/** Resolver for user to define their profile */
|
|
34
|
-
resolver?:
|
|
54
|
+
resolver?: (args: {
|
|
55
|
+
user: any;
|
|
56
|
+
profile: any;
|
|
57
|
+
account: any;
|
|
58
|
+
}) => Promise<{
|
|
59
|
+
[key: string]: boolean | string | number;
|
|
60
|
+
}>;
|
|
35
61
|
/** Session data population */
|
|
36
62
|
sessionData?: string | undefined;
|
|
37
63
|
/** Next-Auth Session Secret */
|
|
@@ -196,7 +196,7 @@ const authTemplate = ({
|
|
|
196
196
|
return authOut;
|
|
197
197
|
};
|
|
198
198
|
|
|
199
|
-
const _excluded = ["get"
|
|
199
|
+
const _excluded = ["get"];
|
|
200
200
|
/**
|
|
201
201
|
* createAuth function
|
|
202
202
|
*
|
|
@@ -219,7 +219,7 @@ function createAuth({
|
|
|
219
219
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
|
220
220
|
// or whether always being true is what we want, in which case we can refactor our code
|
|
221
221
|
// to match this. -TL
|
|
222
|
-
const customPath = !keystonePath || keystonePath ===
|
|
222
|
+
const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
|
|
223
223
|
/**
|
|
224
224
|
* pageMiddleware
|
|
225
225
|
*
|
|
@@ -244,14 +244,14 @@ function createAuth({
|
|
|
244
244
|
if (isValidSession) {
|
|
245
245
|
if (pathname === `${customPath}/api/auth/signin`) {
|
|
246
246
|
return {
|
|
247
|
-
kind:
|
|
247
|
+
kind: 'redirect',
|
|
248
248
|
to: `${customPath}`
|
|
249
249
|
};
|
|
250
250
|
}
|
|
251
251
|
|
|
252
|
-
if (customPath !==
|
|
252
|
+
if (customPath !== '' && pathname === '/') {
|
|
253
253
|
return {
|
|
254
|
-
kind:
|
|
254
|
+
kind: 'redirect',
|
|
255
255
|
to: `${customPath}`
|
|
256
256
|
};
|
|
257
257
|
}
|
|
@@ -259,13 +259,13 @@ function createAuth({
|
|
|
259
259
|
return;
|
|
260
260
|
}
|
|
261
261
|
|
|
262
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
262
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/') || _includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth/') || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
|
263
263
|
return;
|
|
264
264
|
}
|
|
265
265
|
|
|
266
266
|
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
|
|
267
267
|
return {
|
|
268
|
-
kind:
|
|
268
|
+
kind: 'redirect',
|
|
269
269
|
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
|
270
270
|
};
|
|
271
271
|
}
|
|
@@ -282,8 +282,8 @@ function createAuth({
|
|
|
282
282
|
|
|
283
283
|
const getAdditionalFiles = () => {
|
|
284
284
|
const filesToWrite = [{
|
|
285
|
-
mode:
|
|
286
|
-
outputPath:
|
|
285
|
+
mode: 'write',
|
|
286
|
+
outputPath: 'pages/api/auth/[...nextauth].js',
|
|
287
287
|
src: authTemplate({
|
|
288
288
|
autoCreate,
|
|
289
289
|
identityField,
|
|
@@ -292,8 +292,8 @@ function createAuth({
|
|
|
292
292
|
sessionSecret
|
|
293
293
|
})
|
|
294
294
|
}, {
|
|
295
|
-
mode:
|
|
296
|
-
outputPath:
|
|
295
|
+
mode: 'write',
|
|
296
|
+
outputPath: 'next.config.js',
|
|
297
297
|
src: nextConfigTemplate({
|
|
298
298
|
keystonePath: customPath
|
|
299
299
|
})
|
|
@@ -368,34 +368,24 @@ function createAuth({
|
|
|
368
368
|
|
|
369
369
|
|
|
370
370
|
const withItemData = _sessionStrategy => {
|
|
371
|
-
const
|
|
372
|
-
get,
|
|
373
|
-
start
|
|
374
|
-
} = _sessionStrategy,
|
|
375
|
-
sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
|
371
|
+
const sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
|
376
372
|
|
|
377
373
|
return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
|
|
378
|
-
start: async ({
|
|
379
|
-
|
|
380
|
-
}) => {
|
|
381
|
-
console.log("start");
|
|
382
|
-
const session = await start({
|
|
383
|
-
res
|
|
384
|
-
});
|
|
385
|
-
return session;
|
|
374
|
+
start: async () => {
|
|
375
|
+
return 'false';
|
|
386
376
|
},
|
|
387
377
|
get: async ({
|
|
388
378
|
req
|
|
389
379
|
}) => {
|
|
390
|
-
var _req$headers$authoriz;
|
|
380
|
+
var _req$headers, _req$headers$authoriz;
|
|
391
381
|
|
|
392
382
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
|
393
383
|
|
|
394
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
384
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth')) {
|
|
395
385
|
return;
|
|
396
386
|
}
|
|
397
387
|
|
|
398
|
-
if (((_req$headers
|
|
388
|
+
if (((_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : (_req$headers$authoriz = _req$headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
|
|
399
389
|
var _token$data;
|
|
400
390
|
|
|
401
391
|
const token = await jwt.getToken({
|
|
@@ -420,14 +410,14 @@ function createAuth({
|
|
|
420
410
|
res,
|
|
421
411
|
req
|
|
422
412
|
}) => {
|
|
423
|
-
const TOKEN_NAME = process.env.NODE_ENV ===
|
|
424
|
-
res.setHeader(
|
|
413
|
+
const TOKEN_NAME = process.env.NODE_ENV === 'production' ? '__Secure-next-auth.session-token' : 'next-auth.session-token';
|
|
414
|
+
res.setHeader('Set-Cookie', cookie__namespace.serialize(TOKEN_NAME, '', {
|
|
425
415
|
maxAge: 0,
|
|
426
416
|
expires: new Date(),
|
|
427
417
|
httpOnly: true,
|
|
428
|
-
secure: process.env.NODE_ENV ===
|
|
429
|
-
path:
|
|
430
|
-
sameSite:
|
|
418
|
+
secure: process.env.NODE_ENV === 'production',
|
|
419
|
+
path: '/',
|
|
420
|
+
sameSite: 'lax',
|
|
431
421
|
// TODO: Update parse to URL
|
|
432
422
|
domain: url__default["default"].parse(req.url).hostname
|
|
433
423
|
}));
|
|
@@ -472,12 +462,12 @@ function createAuth({
|
|
|
472
462
|
} = context;
|
|
473
463
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
|
474
464
|
|
|
475
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
465
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/')) {
|
|
476
466
|
return true;
|
|
477
467
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
|
478
468
|
|
|
479
469
|
|
|
480
|
-
if (process.env.NODE_ENV !==
|
|
470
|
+
if (process.env.NODE_ENV !== 'production' && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL__default["default"](context.req.url, 'http://example.com').pathname === `${customPath}/api/__keystone_api_build`) {
|
|
481
471
|
return true;
|
|
482
472
|
}
|
|
483
473
|
|
|
@@ -486,7 +476,7 @@ function createAuth({
|
|
|
486
476
|
});
|
|
487
477
|
}
|
|
488
478
|
|
|
489
|
-
if (!keystoneConfig.session) throw new TypeError(
|
|
479
|
+
if (!keystoneConfig.session) throw new TypeError('Missing .session configuration');
|
|
490
480
|
const session = withItemData(keystoneConfig.session);
|
|
491
481
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
|
492
482
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
|
@@ -195,7 +195,7 @@ const authTemplate = ({
|
|
|
195
195
|
return authOut;
|
|
196
196
|
};
|
|
197
197
|
|
|
198
|
-
const _excluded = ["get"
|
|
198
|
+
const _excluded = ["get"];
|
|
199
199
|
/**
|
|
200
200
|
* createAuth function
|
|
201
201
|
*
|
|
@@ -218,7 +218,7 @@ function createAuth({
|
|
|
218
218
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
|
219
219
|
// or whether always being true is what we want, in which case we can refactor our code
|
|
220
220
|
// to match this. -TL
|
|
221
|
-
const customPath = !keystonePath || keystonePath ===
|
|
221
|
+
const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
|
|
222
222
|
/**
|
|
223
223
|
* pageMiddleware
|
|
224
224
|
*
|
|
@@ -243,14 +243,14 @@ function createAuth({
|
|
|
243
243
|
if (isValidSession) {
|
|
244
244
|
if (pathname === `${customPath}/api/auth/signin`) {
|
|
245
245
|
return {
|
|
246
|
-
kind:
|
|
246
|
+
kind: 'redirect',
|
|
247
247
|
to: `${customPath}`
|
|
248
248
|
};
|
|
249
249
|
}
|
|
250
250
|
|
|
251
|
-
if (customPath !==
|
|
251
|
+
if (customPath !== '' && pathname === '/') {
|
|
252
252
|
return {
|
|
253
|
-
kind:
|
|
253
|
+
kind: 'redirect',
|
|
254
254
|
to: `${customPath}`
|
|
255
255
|
};
|
|
256
256
|
}
|
|
@@ -258,13 +258,13 @@ function createAuth({
|
|
|
258
258
|
return;
|
|
259
259
|
}
|
|
260
260
|
|
|
261
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
261
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/') || _includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth/') || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
|
262
262
|
return;
|
|
263
263
|
}
|
|
264
264
|
|
|
265
265
|
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
|
|
266
266
|
return {
|
|
267
|
-
kind:
|
|
267
|
+
kind: 'redirect',
|
|
268
268
|
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
|
269
269
|
};
|
|
270
270
|
}
|
|
@@ -281,8 +281,8 @@ function createAuth({
|
|
|
281
281
|
|
|
282
282
|
const getAdditionalFiles = () => {
|
|
283
283
|
const filesToWrite = [{
|
|
284
|
-
mode:
|
|
285
|
-
outputPath:
|
|
284
|
+
mode: 'write',
|
|
285
|
+
outputPath: 'pages/api/auth/[...nextauth].js',
|
|
286
286
|
src: authTemplate({
|
|
287
287
|
autoCreate,
|
|
288
288
|
identityField,
|
|
@@ -291,8 +291,8 @@ function createAuth({
|
|
|
291
291
|
sessionSecret
|
|
292
292
|
})
|
|
293
293
|
}, {
|
|
294
|
-
mode:
|
|
295
|
-
outputPath:
|
|
294
|
+
mode: 'write',
|
|
295
|
+
outputPath: 'next.config.js',
|
|
296
296
|
src: nextConfigTemplate({
|
|
297
297
|
keystonePath: customPath
|
|
298
298
|
})
|
|
@@ -367,34 +367,24 @@ function createAuth({
|
|
|
367
367
|
|
|
368
368
|
|
|
369
369
|
const withItemData = _sessionStrategy => {
|
|
370
|
-
const
|
|
371
|
-
get,
|
|
372
|
-
start
|
|
373
|
-
} = _sessionStrategy,
|
|
374
|
-
sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
|
370
|
+
const sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
|
375
371
|
|
|
376
372
|
return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
|
|
377
|
-
start: async ({
|
|
378
|
-
|
|
379
|
-
}) => {
|
|
380
|
-
console.log("start");
|
|
381
|
-
const session = await start({
|
|
382
|
-
res
|
|
383
|
-
});
|
|
384
|
-
return session;
|
|
373
|
+
start: async () => {
|
|
374
|
+
return 'false';
|
|
385
375
|
},
|
|
386
376
|
get: async ({
|
|
387
377
|
req
|
|
388
378
|
}) => {
|
|
389
|
-
var _req$headers$authoriz;
|
|
379
|
+
var _req$headers, _req$headers$authoriz;
|
|
390
380
|
|
|
391
381
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
|
392
382
|
|
|
393
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
383
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth')) {
|
|
394
384
|
return;
|
|
395
385
|
}
|
|
396
386
|
|
|
397
|
-
if (((_req$headers
|
|
387
|
+
if (((_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : (_req$headers$authoriz = _req$headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
|
|
398
388
|
var _token$data;
|
|
399
389
|
|
|
400
390
|
const token = await jwt.getToken({
|
|
@@ -419,14 +409,14 @@ function createAuth({
|
|
|
419
409
|
res,
|
|
420
410
|
req
|
|
421
411
|
}) => {
|
|
422
|
-
const TOKEN_NAME =
|
|
423
|
-
res.setHeader(
|
|
412
|
+
const TOKEN_NAME = '__Secure-next-auth.session-token' ;
|
|
413
|
+
res.setHeader('Set-Cookie', cookie__namespace.serialize(TOKEN_NAME, '', {
|
|
424
414
|
maxAge: 0,
|
|
425
415
|
expires: new Date(),
|
|
426
416
|
httpOnly: true,
|
|
427
|
-
secure: "production" ===
|
|
428
|
-
path:
|
|
429
|
-
sameSite:
|
|
417
|
+
secure: "production" === 'production',
|
|
418
|
+
path: '/',
|
|
419
|
+
sameSite: 'lax',
|
|
430
420
|
// TODO: Update parse to URL
|
|
431
421
|
domain: url__default["default"].parse(req.url).hostname
|
|
432
422
|
}));
|
|
@@ -471,7 +461,7 @@ function createAuth({
|
|
|
471
461
|
} = context;
|
|
472
462
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
|
473
463
|
|
|
474
|
-
if (_includesInstanceProperty__default["default"](pathname).call(pathname,
|
|
464
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/')) {
|
|
475
465
|
return true;
|
|
476
466
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
|
477
467
|
|
|
@@ -480,7 +470,7 @@ function createAuth({
|
|
|
480
470
|
});
|
|
481
471
|
}
|
|
482
472
|
|
|
483
|
-
if (!keystoneConfig.session) throw new TypeError(
|
|
473
|
+
if (!keystoneConfig.session) throw new TypeError('Missing .session configuration');
|
|
484
474
|
const session = withItemData(keystoneConfig.session);
|
|
485
475
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
|
486
476
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
|
@@ -163,7 +163,7 @@ const authTemplate = ({
|
|
|
163
163
|
return authOut;
|
|
164
164
|
};
|
|
165
165
|
|
|
166
|
-
const _excluded = ["get"
|
|
166
|
+
const _excluded = ["get"];
|
|
167
167
|
/**
|
|
168
168
|
* createAuth function
|
|
169
169
|
*
|
|
@@ -186,7 +186,7 @@ function createAuth({
|
|
|
186
186
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
|
187
187
|
// or whether always being true is what we want, in which case we can refactor our code
|
|
188
188
|
// to match this. -TL
|
|
189
|
-
const customPath = !keystonePath || keystonePath ===
|
|
189
|
+
const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
|
|
190
190
|
/**
|
|
191
191
|
* pageMiddleware
|
|
192
192
|
*
|
|
@@ -211,14 +211,14 @@ function createAuth({
|
|
|
211
211
|
if (isValidSession) {
|
|
212
212
|
if (pathname === `${customPath}/api/auth/signin`) {
|
|
213
213
|
return {
|
|
214
|
-
kind:
|
|
214
|
+
kind: 'redirect',
|
|
215
215
|
to: `${customPath}`
|
|
216
216
|
};
|
|
217
217
|
}
|
|
218
218
|
|
|
219
|
-
if (customPath !==
|
|
219
|
+
if (customPath !== '' && pathname === '/') {
|
|
220
220
|
return {
|
|
221
|
-
kind:
|
|
221
|
+
kind: 'redirect',
|
|
222
222
|
to: `${customPath}`
|
|
223
223
|
};
|
|
224
224
|
}
|
|
@@ -226,13 +226,13 @@ function createAuth({
|
|
|
226
226
|
return;
|
|
227
227
|
}
|
|
228
228
|
|
|
229
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
|
229
|
+
if (_includesInstanceProperty(pathname).call(pathname, '/_next/') || _includesInstanceProperty(pathname).call(pathname, '/api/auth/') || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
|
|
230
230
|
return;
|
|
231
231
|
}
|
|
232
232
|
|
|
233
233
|
if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`)) {
|
|
234
234
|
return {
|
|
235
|
-
kind:
|
|
235
|
+
kind: 'redirect',
|
|
236
236
|
to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
|
|
237
237
|
};
|
|
238
238
|
}
|
|
@@ -249,8 +249,8 @@ function createAuth({
|
|
|
249
249
|
|
|
250
250
|
const getAdditionalFiles = () => {
|
|
251
251
|
const filesToWrite = [{
|
|
252
|
-
mode:
|
|
253
|
-
outputPath:
|
|
252
|
+
mode: 'write',
|
|
253
|
+
outputPath: 'pages/api/auth/[...nextauth].js',
|
|
254
254
|
src: authTemplate({
|
|
255
255
|
autoCreate,
|
|
256
256
|
identityField,
|
|
@@ -259,8 +259,8 @@ function createAuth({
|
|
|
259
259
|
sessionSecret
|
|
260
260
|
})
|
|
261
261
|
}, {
|
|
262
|
-
mode:
|
|
263
|
-
outputPath:
|
|
262
|
+
mode: 'write',
|
|
263
|
+
outputPath: 'next.config.js',
|
|
264
264
|
src: nextConfigTemplate({
|
|
265
265
|
keystonePath: customPath
|
|
266
266
|
})
|
|
@@ -335,34 +335,24 @@ function createAuth({
|
|
|
335
335
|
|
|
336
336
|
|
|
337
337
|
const withItemData = _sessionStrategy => {
|
|
338
|
-
const
|
|
339
|
-
get,
|
|
340
|
-
start
|
|
341
|
-
} = _sessionStrategy,
|
|
342
|
-
sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
|
338
|
+
const sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
|
343
339
|
|
|
344
340
|
return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
|
|
345
|
-
start: async ({
|
|
346
|
-
|
|
347
|
-
}) => {
|
|
348
|
-
console.log("start");
|
|
349
|
-
const session = await start({
|
|
350
|
-
res
|
|
351
|
-
});
|
|
352
|
-
return session;
|
|
341
|
+
start: async () => {
|
|
342
|
+
return 'false';
|
|
353
343
|
},
|
|
354
344
|
get: async ({
|
|
355
345
|
req
|
|
356
346
|
}) => {
|
|
357
|
-
var _req$headers$authoriz;
|
|
347
|
+
var _req$headers, _req$headers$authoriz;
|
|
358
348
|
|
|
359
349
|
const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
|
360
350
|
|
|
361
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
|
351
|
+
if (_includesInstanceProperty(pathname).call(pathname, '/api/auth')) {
|
|
362
352
|
return;
|
|
363
353
|
}
|
|
364
354
|
|
|
365
|
-
if (((_req$headers
|
|
355
|
+
if (((_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : (_req$headers$authoriz = _req$headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
|
|
366
356
|
var _token$data;
|
|
367
357
|
|
|
368
358
|
const token = await getToken({
|
|
@@ -387,14 +377,14 @@ function createAuth({
|
|
|
387
377
|
res,
|
|
388
378
|
req
|
|
389
379
|
}) => {
|
|
390
|
-
const TOKEN_NAME = process.env.NODE_ENV ===
|
|
391
|
-
res.setHeader(
|
|
380
|
+
const TOKEN_NAME = process.env.NODE_ENV === 'production' ? '__Secure-next-auth.session-token' : 'next-auth.session-token';
|
|
381
|
+
res.setHeader('Set-Cookie', cookie.serialize(TOKEN_NAME, '', {
|
|
392
382
|
maxAge: 0,
|
|
393
383
|
expires: new Date(),
|
|
394
384
|
httpOnly: true,
|
|
395
|
-
secure: process.env.NODE_ENV ===
|
|
396
|
-
path:
|
|
397
|
-
sameSite:
|
|
385
|
+
secure: process.env.NODE_ENV === 'production',
|
|
386
|
+
path: '/',
|
|
387
|
+
sameSite: 'lax',
|
|
398
388
|
// TODO: Update parse to URL
|
|
399
389
|
domain: url.parse(req.url).hostname
|
|
400
390
|
}));
|
|
@@ -439,12 +429,12 @@ function createAuth({
|
|
|
439
429
|
} = context;
|
|
440
430
|
const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
|
441
431
|
|
|
442
|
-
if (_includesInstanceProperty(pathname).call(pathname,
|
|
432
|
+
if (_includesInstanceProperty(pathname).call(pathname, '/_next/')) {
|
|
443
433
|
return true;
|
|
444
434
|
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
|
445
435
|
|
|
446
436
|
|
|
447
|
-
if (process.env.NODE_ENV !==
|
|
437
|
+
if (process.env.NODE_ENV !== 'production' && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL(context.req.url, 'http://example.com').pathname === `${customPath}/api/__keystone_api_build`) {
|
|
448
438
|
return true;
|
|
449
439
|
}
|
|
450
440
|
|
|
@@ -453,7 +443,7 @@ function createAuth({
|
|
|
453
443
|
});
|
|
454
444
|
}
|
|
455
445
|
|
|
456
|
-
if (!keystoneConfig.session) throw new TypeError(
|
|
446
|
+
if (!keystoneConfig.session) throw new TypeError('Missing .session configuration');
|
|
457
447
|
const session = withItemData(keystoneConfig.session);
|
|
458
448
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
|
459
449
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
package/package.json
CHANGED
|
@@ -3,12 +3,10 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
|
|
6
|
-
var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
|
|
7
6
|
var NextAuth = require('next-auth');
|
|
8
7
|
|
|
9
8
|
function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
|
|
10
9
|
|
|
11
|
-
var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
|
|
12
10
|
var NextAuth__default = /*#__PURE__*/_interopDefault(NextAuth);
|
|
13
11
|
|
|
14
12
|
async function findMatchingIdentity(identityField, identity, queryAPI) {
|
|
@@ -70,9 +68,7 @@ function NextAuthPage(props) {
|
|
|
70
68
|
resolver,
|
|
71
69
|
sessionData,
|
|
72
70
|
sessionSecret
|
|
73
|
-
} = props;
|
|
74
|
-
|
|
75
|
-
console.log('NextAuthPages... ', pages);
|
|
71
|
+
} = props;
|
|
76
72
|
|
|
77
73
|
if (!query) {
|
|
78
74
|
console.error('NextAuthPage got no query.');
|
|
@@ -123,26 +119,42 @@ function NextAuthPage(props) {
|
|
|
123
119
|
|
|
124
120
|
if (!result.success) {
|
|
125
121
|
if (!autoCreate) {
|
|
126
|
-
console.log('`autoCreate`
|
|
122
|
+
console.log('`autoCreate` is set to `false`, skipping user auto-creation');
|
|
127
123
|
return false;
|
|
128
124
|
}
|
|
129
125
|
|
|
130
|
-
console.log('`autoCreate`
|
|
126
|
+
console.log('`autoCreate` is set to `true`, auto-creating a new user');
|
|
131
127
|
const createUser = await list.createOne({
|
|
132
128
|
data
|
|
133
129
|
}).then(returned => {
|
|
134
|
-
|
|
135
|
-
|
|
130
|
+
return {
|
|
131
|
+
success: true,
|
|
132
|
+
user: returned
|
|
133
|
+
};
|
|
136
134
|
}).catch(error => {
|
|
137
135
|
console.log(error);
|
|
138
136
|
throw new Error(error);
|
|
139
137
|
});
|
|
140
138
|
console.log('Created User', createUser);
|
|
141
|
-
return createUser;
|
|
142
|
-
}
|
|
143
|
-
|
|
139
|
+
return createUser.success;
|
|
140
|
+
}
|
|
144
141
|
|
|
145
|
-
|
|
142
|
+
console.log('Data', data);
|
|
143
|
+
const updateUser = await list.updateOne({
|
|
144
|
+
where: {
|
|
145
|
+
id: result.item.id
|
|
146
|
+
},
|
|
147
|
+
data
|
|
148
|
+
}).then(returned => {
|
|
149
|
+
return {
|
|
150
|
+
success: true,
|
|
151
|
+
user: returned
|
|
152
|
+
};
|
|
153
|
+
}).catch(error => {
|
|
154
|
+
console.log(error);
|
|
155
|
+
throw new Error(error);
|
|
156
|
+
});
|
|
157
|
+
return updateUser.success;
|
|
146
158
|
},
|
|
147
159
|
|
|
148
160
|
async redirect({
|
package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.cjs.prod.js
CHANGED
|
@@ -3,12 +3,10 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
|
|
6
|
-
var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
|
|
7
6
|
var NextAuth = require('next-auth');
|
|
8
7
|
|
|
9
8
|
function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
|
|
10
9
|
|
|
11
|
-
var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
|
|
12
10
|
var NextAuth__default = /*#__PURE__*/_interopDefault(NextAuth);
|
|
13
11
|
|
|
14
12
|
async function findMatchingIdentity(identityField, identity, queryAPI) {
|
|
@@ -70,9 +68,7 @@ function NextAuthPage(props) {
|
|
|
70
68
|
resolver,
|
|
71
69
|
sessionData,
|
|
72
70
|
sessionSecret
|
|
73
|
-
} = props;
|
|
74
|
-
|
|
75
|
-
console.log('NextAuthPages... ', pages);
|
|
71
|
+
} = props;
|
|
76
72
|
|
|
77
73
|
if (!query) {
|
|
78
74
|
console.error('NextAuthPage got no query.');
|
|
@@ -123,26 +119,42 @@ function NextAuthPage(props) {
|
|
|
123
119
|
|
|
124
120
|
if (!result.success) {
|
|
125
121
|
if (!autoCreate) {
|
|
126
|
-
console.log('`autoCreate`
|
|
122
|
+
console.log('`autoCreate` is set to `false`, skipping user auto-creation');
|
|
127
123
|
return false;
|
|
128
124
|
}
|
|
129
125
|
|
|
130
|
-
console.log('`autoCreate`
|
|
126
|
+
console.log('`autoCreate` is set to `true`, auto-creating a new user');
|
|
131
127
|
const createUser = await list.createOne({
|
|
132
128
|
data
|
|
133
129
|
}).then(returned => {
|
|
134
|
-
|
|
135
|
-
|
|
130
|
+
return {
|
|
131
|
+
success: true,
|
|
132
|
+
user: returned
|
|
133
|
+
};
|
|
136
134
|
}).catch(error => {
|
|
137
135
|
console.log(error);
|
|
138
136
|
throw new Error(error);
|
|
139
137
|
});
|
|
140
138
|
console.log('Created User', createUser);
|
|
141
|
-
return createUser;
|
|
142
|
-
}
|
|
143
|
-
|
|
139
|
+
return createUser.success;
|
|
140
|
+
}
|
|
144
141
|
|
|
145
|
-
|
|
142
|
+
console.log('Data', data);
|
|
143
|
+
const updateUser = await list.updateOne({
|
|
144
|
+
where: {
|
|
145
|
+
id: result.item.id
|
|
146
|
+
},
|
|
147
|
+
data
|
|
148
|
+
}).then(returned => {
|
|
149
|
+
return {
|
|
150
|
+
success: true,
|
|
151
|
+
user: returned
|
|
152
|
+
};
|
|
153
|
+
}).catch(error => {
|
|
154
|
+
console.log(error);
|
|
155
|
+
throw new Error(error);
|
|
156
|
+
});
|
|
157
|
+
return updateUser.success;
|
|
146
158
|
},
|
|
147
159
|
|
|
148
160
|
async redirect({
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
import _objectSpread from '@babel/runtime/helpers/esm/objectSpread2';
|
|
2
|
-
import _JSON$stringify from '@babel/runtime-corejs3/core-js-stable/json/stringify';
|
|
3
2
|
import NextAuth from 'next-auth';
|
|
4
3
|
|
|
5
4
|
async function findMatchingIdentity(identityField, identity, queryAPI) {
|
|
@@ -61,9 +60,7 @@ function NextAuthPage(props) {
|
|
|
61
60
|
resolver,
|
|
62
61
|
sessionData,
|
|
63
62
|
sessionSecret
|
|
64
|
-
} = props;
|
|
65
|
-
|
|
66
|
-
console.log('NextAuthPages... ', pages);
|
|
63
|
+
} = props;
|
|
67
64
|
|
|
68
65
|
if (!query) {
|
|
69
66
|
console.error('NextAuthPage got no query.');
|
|
@@ -114,26 +111,42 @@ function NextAuthPage(props) {
|
|
|
114
111
|
|
|
115
112
|
if (!result.success) {
|
|
116
113
|
if (!autoCreate) {
|
|
117
|
-
console.log('`autoCreate`
|
|
114
|
+
console.log('`autoCreate` is set to `false`, skipping user auto-creation');
|
|
118
115
|
return false;
|
|
119
116
|
}
|
|
120
117
|
|
|
121
|
-
console.log('`autoCreate`
|
|
118
|
+
console.log('`autoCreate` is set to `true`, auto-creating a new user');
|
|
122
119
|
const createUser = await list.createOne({
|
|
123
120
|
data
|
|
124
121
|
}).then(returned => {
|
|
125
|
-
|
|
126
|
-
|
|
122
|
+
return {
|
|
123
|
+
success: true,
|
|
124
|
+
user: returned
|
|
125
|
+
};
|
|
127
126
|
}).catch(error => {
|
|
128
127
|
console.log(error);
|
|
129
128
|
throw new Error(error);
|
|
130
129
|
});
|
|
131
130
|
console.log('Created User', createUser);
|
|
132
|
-
return createUser;
|
|
133
|
-
}
|
|
134
|
-
|
|
131
|
+
return createUser.success;
|
|
132
|
+
}
|
|
135
133
|
|
|
136
|
-
|
|
134
|
+
console.log('Data', data);
|
|
135
|
+
const updateUser = await list.updateOne({
|
|
136
|
+
where: {
|
|
137
|
+
id: result.item.id
|
|
138
|
+
},
|
|
139
|
+
data
|
|
140
|
+
}).then(returned => {
|
|
141
|
+
return {
|
|
142
|
+
success: true,
|
|
143
|
+
user: returned
|
|
144
|
+
};
|
|
145
|
+
}).catch(error => {
|
|
146
|
+
console.log(error);
|
|
147
|
+
throw new Error(error);
|
|
148
|
+
});
|
|
149
|
+
return updateUser.success;
|
|
137
150
|
},
|
|
138
151
|
|
|
139
152
|
async redirect({
|
|
@@ -17,10 +17,7 @@ export function getBaseAuthSchema({
|
|
|
17
17
|
resolveType: (root, context) => context.session?.listKey,
|
|
18
18
|
}),
|
|
19
19
|
resolve(root, args, { session, db }) {
|
|
20
|
-
if (
|
|
21
|
-
typeof session?.itemId === 'string' &&
|
|
22
|
-
typeof session.listKey === 'string'
|
|
23
|
-
) {
|
|
20
|
+
if (typeof session?.itemId === 'string' && typeof session.listKey === 'string') {
|
|
24
21
|
return db[session.listKey].findOne({
|
|
25
22
|
where: { id: session.itemId },
|
|
26
23
|
});
|
package/src/index.ts
CHANGED
|
@@ -1,25 +1,25 @@
|
|
|
1
|
-
import url from
|
|
1
|
+
import url from 'url';
|
|
2
2
|
import {
|
|
3
3
|
AdminFileToWrite,
|
|
4
4
|
BaseListTypeInfo,
|
|
5
5
|
KeystoneConfig,
|
|
6
6
|
KeystoneContext,
|
|
7
7
|
AdminUIConfig,
|
|
8
|
-
SessionStrategy,
|
|
9
8
|
BaseKeystoneTypeInfo,
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
import {
|
|
13
|
-
import {
|
|
9
|
+
SessionStrategy,
|
|
10
|
+
} from '@keystone-6/core/types';
|
|
11
|
+
import { getSession } from 'next-auth/react';
|
|
12
|
+
import { getToken } from 'next-auth/jwt';
|
|
13
|
+
import { Provider } from 'next-auth/providers';
|
|
14
14
|
|
|
15
|
-
import * as cookie from
|
|
15
|
+
import * as cookie from 'cookie';
|
|
16
16
|
|
|
17
|
-
import { nextConfigTemplate } from
|
|
17
|
+
import { nextConfigTemplate } from './templates/next-config';
|
|
18
18
|
// import * as Path from 'path';
|
|
19
19
|
|
|
20
|
-
import { AuthConfig, KeystoneOAuthConfig, NextAuthSession } from
|
|
21
|
-
import { getSchemaExtension } from
|
|
22
|
-
import { authTemplate } from
|
|
20
|
+
import { AuthConfig, KeystoneOAuthConfig, NextAuthSession, AuthSessionStrategy } from './types';
|
|
21
|
+
import { getSchemaExtension } from './schema';
|
|
22
|
+
import { authTemplate } from './templates/auth';
|
|
23
23
|
|
|
24
24
|
/**
|
|
25
25
|
* createAuth function
|
|
@@ -27,7 +27,7 @@ import { authTemplate } from "./templates/auth";
|
|
|
27
27
|
* Generates config for Keystone to implement standard auth features.
|
|
28
28
|
*/
|
|
29
29
|
|
|
30
|
-
export type { NextAuthProviders, KeystoneOAuthConfig } from
|
|
30
|
+
export type { NextAuthProviders, KeystoneOAuthConfig } from './types';
|
|
31
31
|
export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
32
32
|
autoCreate,
|
|
33
33
|
cookies,
|
|
@@ -45,7 +45,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
45
45
|
// or whether always being true is what we want, in which case we can refactor our code
|
|
46
46
|
// to match this. -TL
|
|
47
47
|
|
|
48
|
-
const customPath = !keystonePath || keystonePath ===
|
|
48
|
+
const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
|
|
49
49
|
/**
|
|
50
50
|
* pageMiddleware
|
|
51
51
|
*
|
|
@@ -56,36 +56,38 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
56
56
|
* - to the init page when initFirstItem is configured, and there are no user in the database
|
|
57
57
|
* - to the signin page when no valid session is present
|
|
58
58
|
*/
|
|
59
|
-
const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>[
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
59
|
+
const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>['pageMiddleware'] = async ({
|
|
60
|
+
context,
|
|
61
|
+
isValidSession,
|
|
62
|
+
}) => {
|
|
63
|
+
const { req, session } = context;
|
|
64
|
+
const pathname = url.parse(req?.url!).pathname!;
|
|
63
65
|
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
}
|
|
68
|
-
if (customPath !== "" && pathname === "/") {
|
|
69
|
-
return { kind: "redirect", to: `${customPath}` };
|
|
70
|
-
}
|
|
71
|
-
return;
|
|
72
|
-
}
|
|
73
|
-
if (
|
|
74
|
-
pathname.includes("/_next/") ||
|
|
75
|
-
pathname.includes("/api/auth/") ||
|
|
76
|
-
pathname.includes(pages?.signIn) ||
|
|
77
|
-
pathname.includes(pages?.error) ||
|
|
78
|
-
pathname.includes(pages?.signOut)
|
|
79
|
-
) {
|
|
80
|
-
return;
|
|
66
|
+
if (isValidSession) {
|
|
67
|
+
if (pathname === `${customPath}/api/auth/signin`) {
|
|
68
|
+
return { kind: 'redirect', to: `${customPath}` };
|
|
81
69
|
}
|
|
82
|
-
if (
|
|
83
|
-
return {
|
|
84
|
-
kind: "redirect",
|
|
85
|
-
to: pages?.signIn || `${customPath}/api/auth/signin`,
|
|
86
|
-
};
|
|
70
|
+
if (customPath !== '' && pathname === '/') {
|
|
71
|
+
return { kind: 'redirect', to: `${customPath}` };
|
|
87
72
|
}
|
|
88
|
-
|
|
73
|
+
return;
|
|
74
|
+
}
|
|
75
|
+
if (
|
|
76
|
+
pathname.includes('/_next/') ||
|
|
77
|
+
pathname.includes('/api/auth/') ||
|
|
78
|
+
(pages?.signIn && pathname.includes(pages?.signIn)) ||
|
|
79
|
+
(pages?.error && pathname.includes(pages?.error)) ||
|
|
80
|
+
(pages?.signOut && pathname.includes(pages?.signOut))
|
|
81
|
+
) {
|
|
82
|
+
return;
|
|
83
|
+
}
|
|
84
|
+
if (!session && !pathname.includes(`${customPath}/api/auth/`)) {
|
|
85
|
+
return {
|
|
86
|
+
kind: 'redirect',
|
|
87
|
+
to: pages?.signIn || `${customPath}/api/auth/signin`,
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
};
|
|
89
91
|
|
|
90
92
|
/**
|
|
91
93
|
* getAdditionalFiles
|
|
@@ -98,8 +100,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
98
100
|
const getAdditionalFiles = () => {
|
|
99
101
|
const filesToWrite: AdminFileToWrite[] = [
|
|
100
102
|
{
|
|
101
|
-
mode:
|
|
102
|
-
outputPath:
|
|
103
|
+
mode: 'write',
|
|
104
|
+
outputPath: 'pages/api/auth/[...nextauth].js',
|
|
103
105
|
src: authTemplate({
|
|
104
106
|
autoCreate,
|
|
105
107
|
identityField,
|
|
@@ -109,8 +111,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
109
111
|
}),
|
|
110
112
|
},
|
|
111
113
|
{
|
|
112
|
-
mode:
|
|
113
|
-
outputPath:
|
|
114
|
+
mode: 'write',
|
|
115
|
+
outputPath: 'next.config.js',
|
|
114
116
|
src: nextConfigTemplate({ keystonePath: customPath }),
|
|
115
117
|
},
|
|
116
118
|
];
|
|
@@ -186,23 +188,20 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
186
188
|
- [ ] We could support additional where input to validate item sessions (e.g an isEnabled boolean)
|
|
187
189
|
*/
|
|
188
190
|
const withItemData = (
|
|
189
|
-
_sessionStrategy:
|
|
190
|
-
):
|
|
191
|
-
const { get,
|
|
191
|
+
_sessionStrategy: AuthSessionStrategy<Record<string, any>>
|
|
192
|
+
): AuthSessionStrategy<NextAuthSession | never> => {
|
|
193
|
+
const { get, ...sessionStrategy } = _sessionStrategy;
|
|
192
194
|
return {
|
|
193
195
|
...sessionStrategy,
|
|
194
|
-
start: async (
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
const session = await start({ res });
|
|
198
|
-
return session;
|
|
196
|
+
start: async () => {
|
|
197
|
+
return 'false';
|
|
199
198
|
},
|
|
200
199
|
get: async ({ req }) => {
|
|
201
200
|
const pathname = url.parse(req?.url!).pathname!;
|
|
202
|
-
if (pathname.includes(
|
|
201
|
+
if (pathname.includes('/api/auth')) {
|
|
203
202
|
return;
|
|
204
203
|
}
|
|
205
|
-
if (req.headers
|
|
204
|
+
if (req.headers?.authorization?.split(' ')[0] === 'Bearer') {
|
|
206
205
|
const token = (await getToken({
|
|
207
206
|
req,
|
|
208
207
|
secret: sessionSecret,
|
|
@@ -220,18 +219,18 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
220
219
|
},
|
|
221
220
|
end: async ({ res, req }) => {
|
|
222
221
|
const TOKEN_NAME =
|
|
223
|
-
process.env.NODE_ENV ===
|
|
224
|
-
?
|
|
225
|
-
:
|
|
222
|
+
process.env.NODE_ENV === 'production'
|
|
223
|
+
? '__Secure-next-auth.session-token'
|
|
224
|
+
: 'next-auth.session-token';
|
|
226
225
|
res.setHeader(
|
|
227
|
-
|
|
228
|
-
cookie.serialize(TOKEN_NAME,
|
|
226
|
+
'Set-Cookie',
|
|
227
|
+
cookie.serialize(TOKEN_NAME, '', {
|
|
229
228
|
maxAge: 0,
|
|
230
229
|
expires: new Date(),
|
|
231
230
|
httpOnly: true,
|
|
232
|
-
secure: process.env.NODE_ENV ===
|
|
233
|
-
path:
|
|
234
|
-
sameSite:
|
|
231
|
+
secure: process.env.NODE_ENV === 'production',
|
|
232
|
+
path: '/',
|
|
233
|
+
sameSite: 'lax',
|
|
235
234
|
// TODO: Update parse to URL
|
|
236
235
|
domain: url.parse(req.url as string).hostname as string,
|
|
237
236
|
})
|
|
@@ -257,28 +256,24 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
257
256
|
ui = {
|
|
258
257
|
...keystoneConfig.ui,
|
|
259
258
|
publicPages: [...(keystoneConfig.ui.publicPages || []), ...publicPages],
|
|
260
|
-
getAdditionalFiles: [
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
],
|
|
264
|
-
pageMiddleware: async (args) =>
|
|
265
|
-
(await pageMiddleware(args)) ??
|
|
266
|
-
keystoneConfig?.ui?.pageMiddleware?.(args),
|
|
259
|
+
getAdditionalFiles: [...(keystoneConfig.ui?.getAdditionalFiles || []), getAdditionalFiles],
|
|
260
|
+
pageMiddleware: async args =>
|
|
261
|
+
(await pageMiddleware(args)) ?? keystoneConfig?.ui?.pageMiddleware?.(args),
|
|
267
262
|
enableSessionItem: true,
|
|
268
263
|
isAccessAllowed: async (context: KeystoneContext) => {
|
|
269
264
|
const { req } = context;
|
|
270
265
|
const pathname = url.parse(req?.url!).pathname!;
|
|
271
266
|
|
|
272
267
|
// Allow nextjs scripts and static files to be accessed without auth
|
|
273
|
-
if (pathname.includes(
|
|
268
|
+
if (pathname.includes('/_next/')) {
|
|
274
269
|
return true;
|
|
275
270
|
}
|
|
276
271
|
|
|
277
272
|
// Allow keystone to access /api/__keystone_api_build for hot reloading
|
|
278
273
|
if (
|
|
279
|
-
process.env.NODE_ENV !==
|
|
274
|
+
process.env.NODE_ENV !== 'production' &&
|
|
280
275
|
context.req?.url !== undefined &&
|
|
281
|
-
new URL(context.req.url,
|
|
276
|
+
new URL(context.req.url, 'http://example.com').pathname ===
|
|
282
277
|
`${customPath}/api/__keystone_api_build`
|
|
283
278
|
) {
|
|
284
279
|
return true;
|
|
@@ -291,9 +286,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
291
286
|
};
|
|
292
287
|
}
|
|
293
288
|
|
|
294
|
-
if (!keystoneConfig.session)
|
|
295
|
-
|
|
296
|
-
const session = withItemData(keystoneConfig.session);
|
|
289
|
+
if (!keystoneConfig.session) throw new TypeError('Missing .session configuration');
|
|
290
|
+
const session = withItemData(keystoneConfig.session) as SessionStrategy<any>;
|
|
297
291
|
|
|
298
292
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
|
299
293
|
return {
|
|
@@ -312,7 +306,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
|
|
312
306
|
generateNodeAPI: true,
|
|
313
307
|
},
|
|
314
308
|
extendGraphqlSchema: existingExtendGraphQLSchema
|
|
315
|
-
?
|
|
309
|
+
? schema => existingExtendGraphQLSchema(extendGraphqlSchema(schema))
|
|
316
310
|
: extendGraphqlSchema,
|
|
317
311
|
};
|
|
318
312
|
};
|
|
@@ -4,10 +4,7 @@ export async function findMatchingIdentity(
|
|
|
4
4
|
identityField: string,
|
|
5
5
|
identity: string | number,
|
|
6
6
|
queryAPI: any
|
|
7
|
-
): Promise<
|
|
8
|
-
| { success: false; code: AuthTokenRequestErrorCode }
|
|
9
|
-
| { success: true; item: any }
|
|
10
|
-
> {
|
|
7
|
+
): Promise<{ success: false; code: AuthTokenRequestErrorCode } | { success: true; item: any }> {
|
|
11
8
|
const item = await queryAPI.findOne({
|
|
12
9
|
where: { [identityField]: identity },
|
|
13
10
|
});
|
|
@@ -1,14 +1,9 @@
|
|
|
1
|
-
import NextAuth, {
|
|
2
|
-
CookiesOptions,
|
|
3
|
-
EventCallbacks,
|
|
4
|
-
PagesOptions,
|
|
5
|
-
} from 'next-auth';
|
|
1
|
+
import NextAuth, { CookiesOptions, EventCallbacks, PagesOptions } from 'next-auth';
|
|
6
2
|
import type { KeystoneListsAPI } from '@keystone-6/core/types';
|
|
7
3
|
import { Provider } from 'next-auth/providers';
|
|
8
4
|
import { JWTOptions } from 'next-auth/jwt';
|
|
9
5
|
import { validateNextAuth } from '../lib/validateNextAuth';
|
|
10
6
|
|
|
11
|
-
// TODO: See if possible to merge with `type AuthConfig`
|
|
12
7
|
type CoreNextAuthPageProps = {
|
|
13
8
|
autoCreate: boolean;
|
|
14
9
|
cookies?: Partial<CookiesOptions>;
|
|
@@ -18,7 +13,9 @@ type CoreNextAuthPageProps = {
|
|
|
18
13
|
listKey: string;
|
|
19
14
|
pages?: Partial<PagesOptions>;
|
|
20
15
|
providers?: Provider[];
|
|
21
|
-
resolver?:
|
|
16
|
+
resolver?: (args: { user: any; profile: any; account: any }) => {
|
|
17
|
+
[key: string]: boolean | string | number;
|
|
18
|
+
};
|
|
22
19
|
sessionData: string | undefined;
|
|
23
20
|
sessionSecret: string;
|
|
24
21
|
};
|
|
@@ -45,8 +42,6 @@ export default function NextAuthPage(props: NextAuthPageProps) {
|
|
|
45
42
|
sessionData,
|
|
46
43
|
sessionSecret,
|
|
47
44
|
} = props;
|
|
48
|
-
// TODO: (v1.1). https://github.com/ijsto/keystone-6-oauth/projects/1#card-78602004
|
|
49
|
-
console.log('NextAuthPages... ', pages);
|
|
50
45
|
|
|
51
46
|
if (!query) {
|
|
52
47
|
console.error('NextAuthPage got no query.');
|
|
@@ -79,16 +74,9 @@ export default function NextAuthPage(props: NextAuthPageProps) {
|
|
|
79
74
|
} else {
|
|
80
75
|
identity = 0;
|
|
81
76
|
}
|
|
82
|
-
const userInput = resolver
|
|
83
|
-
? await resolver({ user, account, profile })
|
|
84
|
-
: {};
|
|
77
|
+
const userInput = resolver ? await resolver({ user, account, profile }) : {};
|
|
85
78
|
|
|
86
|
-
const result = await validateNextAuth(
|
|
87
|
-
identityField,
|
|
88
|
-
identity,
|
|
89
|
-
protectIdentities,
|
|
90
|
-
queryAPI
|
|
91
|
-
);
|
|
79
|
+
const result = await validateNextAuth(identityField, identity, protectIdentities, queryAPI);
|
|
92
80
|
// ID
|
|
93
81
|
const data: any = {
|
|
94
82
|
[identityField]: identity,
|
|
@@ -97,30 +85,35 @@ export default function NextAuthPage(props: NextAuthPageProps) {
|
|
|
97
85
|
|
|
98
86
|
if (!result.success) {
|
|
99
87
|
if (!autoCreate) {
|
|
100
|
-
console.log(
|
|
101
|
-
'`autoCreate` if set to `false`, skipping user auto-creation'
|
|
102
|
-
);
|
|
88
|
+
console.log('`autoCreate` is set to `false`, skipping user auto-creation');
|
|
103
89
|
return false;
|
|
104
90
|
}
|
|
105
|
-
console.log(
|
|
106
|
-
'`autoCreate` if set to `true`, auto-creating a new user'
|
|
107
|
-
);
|
|
91
|
+
console.log('`autoCreate` is set to `true`, auto-creating a new user');
|
|
108
92
|
|
|
109
93
|
const createUser = await list
|
|
110
94
|
.createOne({ data })
|
|
111
|
-
.then(
|
|
112
|
-
|
|
113
|
-
return true;
|
|
95
|
+
.then(returned => {
|
|
96
|
+
return { success: true, user: returned };
|
|
114
97
|
})
|
|
115
|
-
.catch(
|
|
98
|
+
.catch(error => {
|
|
116
99
|
console.log(error);
|
|
117
100
|
throw new Error(error);
|
|
118
101
|
});
|
|
119
102
|
console.log('Created User', createUser);
|
|
120
|
-
return createUser;
|
|
103
|
+
return createUser.success;
|
|
121
104
|
}
|
|
122
|
-
|
|
123
|
-
|
|
105
|
+
console.log('Data', data);
|
|
106
|
+
|
|
107
|
+
const updateUser = await list
|
|
108
|
+
.updateOne({ where: { id: result.item.id }, data })
|
|
109
|
+
.then(returned => {
|
|
110
|
+
return { success: true, user: returned };
|
|
111
|
+
})
|
|
112
|
+
.catch(error => {
|
|
113
|
+
console.log(error);
|
|
114
|
+
throw new Error(error);
|
|
115
|
+
});
|
|
116
|
+
return updateUser.success;
|
|
124
117
|
},
|
|
125
118
|
async redirect({ url }) {
|
|
126
119
|
return url;
|
|
@@ -167,5 +160,4 @@ export default function NextAuthPage(props: NextAuthPageProps) {
|
|
|
167
160
|
});
|
|
168
161
|
}
|
|
169
162
|
|
|
170
|
-
export const getNextAuthPage = (props: NextAuthPageProps) => () =>
|
|
171
|
-
NextAuthPage({ ...props });
|
|
163
|
+
export const getNextAuthPage = (props: NextAuthPageProps) => () => NextAuthPage({ ...props });
|
package/src/schema.ts
CHANGED
|
@@ -9,13 +9,11 @@ export const getSchemaExtension = ({
|
|
|
9
9
|
identityField: string;
|
|
10
10
|
listKey: string;
|
|
11
11
|
}): ExtendGraphqlSchema =>
|
|
12
|
-
graphql.extend(
|
|
12
|
+
graphql.extend(base => {
|
|
13
13
|
const baseSchema = getBaseAuthSchema({
|
|
14
14
|
listKey,
|
|
15
15
|
base,
|
|
16
16
|
});
|
|
17
17
|
|
|
18
|
-
return [baseSchema.extension].filter(
|
|
19
|
-
(x): x is Exclude<typeof x, undefined> => x !== undefined
|
|
20
|
-
);
|
|
18
|
+
return [baseSchema.extension].filter((x): x is Exclude<typeof x, undefined> => x !== undefined);
|
|
21
19
|
});
|
|
@@ -56,11 +56,7 @@ module.exports = withPreconstruct({
|
|
|
56
56
|
<% } %>
|
|
57
57
|
});
|
|
58
58
|
`;
|
|
59
|
-
export const nextConfigTemplate = ({
|
|
60
|
-
keystonePath,
|
|
61
|
-
}: {
|
|
62
|
-
keystonePath: string;
|
|
63
|
-
}) => {
|
|
59
|
+
export const nextConfigTemplate = ({ keystonePath }: { keystonePath: string }) => {
|
|
64
60
|
const nextConfigOut = ejs.render(template, { keystonePath });
|
|
65
61
|
|
|
66
62
|
return nextConfigOut;
|
package/src/types.ts
CHANGED
|
@@ -1,6 +1,27 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
1
|
+
import type { ServerResponse, IncomingMessage } from 'http';
|
|
2
|
+
import type { NextRequest } from 'next/server';
|
|
3
3
|
import { Provider } from 'next-auth/providers';
|
|
4
|
+
import { CookiesOptions, PagesOptions } from 'next-auth';
|
|
5
|
+
import { BaseListTypeInfo, KeystoneConfig, CreateContext } from '@keystone-6/core/types';
|
|
6
|
+
|
|
7
|
+
type NextAuthResponse = IncomingMessage & NextRequest;
|
|
8
|
+
|
|
9
|
+
export declare type AuthSessionStrategy<StoredSessionData> = {
|
|
10
|
+
start: (args: {
|
|
11
|
+
res: ServerResponse;
|
|
12
|
+
data: any;
|
|
13
|
+
createContext: CreateContext;
|
|
14
|
+
}) => Promise<string>;
|
|
15
|
+
end: (args: {
|
|
16
|
+
req: IncomingMessage;
|
|
17
|
+
res: ServerResponse;
|
|
18
|
+
createContext: CreateContext;
|
|
19
|
+
}) => Promise<void>;
|
|
20
|
+
get: (args: {
|
|
21
|
+
req: NextAuthResponse;
|
|
22
|
+
createContext: CreateContext;
|
|
23
|
+
}) => Promise<StoredSessionData | undefined>;
|
|
24
|
+
};
|
|
4
25
|
|
|
5
26
|
export type NextAuthSession = { listKey: string; itemId: string; data: any };
|
|
6
27
|
|
|
@@ -15,9 +36,7 @@ type NextAuthOptions = {
|
|
|
15
36
|
resolver: any;
|
|
16
37
|
};
|
|
17
38
|
|
|
18
|
-
export type KeystoneOAuthConfig = KeystoneConfig &
|
|
19
|
-
KeytoneOAuthOptions &
|
|
20
|
-
NextAuthOptions;
|
|
39
|
+
export type KeystoneOAuthConfig = KeystoneConfig & KeytoneOAuthOptions & NextAuthOptions;
|
|
21
40
|
|
|
22
41
|
export type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
|
|
23
42
|
/** Auth Create users in Keystone DB from Auth Provider */
|
|
@@ -31,20 +50,20 @@ export type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
|
|
|
31
50
|
/** Path for Keystone interface */
|
|
32
51
|
keystonePath?: string;
|
|
33
52
|
// Custom pages for different NextAuth events
|
|
34
|
-
pages?:
|
|
53
|
+
pages?: Partial<PagesOptions>;
|
|
35
54
|
/** Providers for Next Auth */
|
|
36
55
|
providers: NextAuthProviders;
|
|
37
56
|
/** Resolver for user to define their profile */
|
|
38
|
-
resolver?:
|
|
57
|
+
resolver?: (args: { user: any; profile: any; account: any }) => Promise<{
|
|
58
|
+
[key: string]: boolean | string | number;
|
|
59
|
+
}>;
|
|
39
60
|
/** Session data population */
|
|
40
61
|
sessionData?: string | undefined;
|
|
41
62
|
/** Next-Auth Session Secret */
|
|
42
63
|
sessionSecret: string;
|
|
43
64
|
};
|
|
44
65
|
|
|
45
|
-
export type AuthTokenRequestErrorCode =
|
|
46
|
-
| 'IDENTITY_NOT_FOUND'
|
|
47
|
-
| 'MULTIPLE_IDENTITY_MATCHES';
|
|
66
|
+
export type AuthTokenRequestErrorCode = 'IDENTITY_NOT_FOUND' | 'MULTIPLE_IDENTITY_MATCHES';
|
|
48
67
|
|
|
49
68
|
export type PasswordAuthErrorCode =
|
|
50
69
|
| AuthTokenRequestErrorCode
|