@opensaas/keystone-nextjs-auth 21.1.1 → 22.2.0

package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.esm.js

@@ -1,5 +1,4 @@
 import _objectSpread from '@babel/runtime/helpers/esm/objectSpread2';
-import _JSON$stringify from '@babel/runtime-corejs3/core-js-stable/json/stringify';
 import NextAuth from 'next-auth';
 
 async function findMatchingIdentity(identityField, identity, queryAPI) {
@@ -61,9 +60,7 @@ function NextAuthPage(props) {
     resolver,
     sessionData,
     sessionSecret
-  } = props; // TODO: (v1.1). https://github.com/ijsto/keystone-6-oauth/projects/1#card-78602004
-
-  console.log('NextAuthPages... ', pages);
+  } = props;
 
   if (!query) {
     console.error('NextAuthPage got no query.');
@@ -76,7 +73,6 @@ function NextAuthPage(props) {
   }
 
   const list = query[listKey];
-  const queryAPI = query[listKey];
   const protectIdentities = true;
   return NextAuth({
     cookies,
@@ -106,7 +102,7 @@ function NextAuthPage(props) {
           account,
           profile
         }) : {};
-        const result = await validateNextAuth(identityField, identity, protectIdentities, queryAPI); // ID
+        const result = await validateNextAuth(identityField, identity, protectIdentities, list); // ID
 
         const data = _objectSpread({
           [identityField]: identity
@@ -114,26 +110,38 @@ function NextAuthPage(props) {
 
         if (!result.success) {
           if (!autoCreate) {
-            console.log('`autoCreate` if set to `false`, skipping user auto-creation');
             return false;
           }
 
-          console.log('`autoCreate` if set to `true`, auto-creating a new user');
           const createUser = await list.createOne({
             data
           }).then(returned => {
-            console.log('User Created', _JSON$stringify(returned));
-            return true;
+            return {
+              success: true,
+              user: returned
+            };
           }).catch(error => {
-            console.log(error);
+            console.error(error);
             throw new Error(error);
           });
-          console.log('Created User', createUser);
-          return createUser;
-        } // await list.updateOne({where: {id: result.item.id}, data});
-
+          return createUser.success;
+        }
 
-        return result.success;
+        const updateUser = await list.updateOne({
+          where: {
+            id: result.item.id
+          },
+          data
+        }).then(returned => {
+          return {
+            success: true,
+            user: returned
+          };
+        }).catch(error => {
+          console.error(error);
+          throw new Error(error);
+        });
+        return updateUser.success;
       },
 
       async redirect({
@@ -146,12 +154,20 @@ function NextAuthPage(props) {
         session,
         token
       }) {
-        const returnSession = _objectSpread(_objectSpread({}, session), {}, {
-          data: token.data,
-          subject: token.sub,
-          listKey: token.listKey,
-          itemId: token.itemId
-        });
+        let returnSession = session;
+
+        if (!token.itemId) {
+          return {
+            expires: '0'
+          };
+        } else {
+          returnSession = _objectSpread(_objectSpread({}, session), {}, {
+            data: token.data,
+            subject: token.sub,
+            listKey: token.listKey,
+            itemId: token.itemId
+          });
+        }
 
         return returnSession;
       },
@@ -160,26 +176,22 @@ function NextAuthPage(props) {
         token
       }) {
         const identity = token.sub;
+        const result = await validateNextAuth(identityField, identity, protectIdentities, list);
 
-        if (!token.itemId) {
-          const result = await validateNextAuth(identityField, identity, protectIdentities, queryAPI);
-
-          if (!result.success) {
-            return token;
-          }
-
+        if (!result.success) {
+          token.itemId = null;
+        } else {
           token.itemId = result.item.id;
+          const data = await query[listKey].findOne({
+            where: {
+              id: token.itemId
+            },
+            query: sessionData || 'id'
+          });
+          token.data = data;
         }
 
-        const data = await query[listKey].findOne({
-          where: {
-            id: token.itemId
-          },
-          query: sessionData || 'id'
-        });
-
         const returnToken = _objectSpread(_objectSpread({}, token), {}, {
-          data,
           subject: token.sub,
           listKey
         });

package/src/gql/getBaseAuthSchema.ts

@@ -17,10 +17,7 @@ export function getBaseAuthSchema({
           resolveType: (root, context) => context.session?.listKey,
         }),
         resolve(root, args, { session, db }) {
-          if (
-            typeof session?.itemId === 'string' &&
-            typeof session.listKey === 'string'
-          ) {
+          if (typeof session?.itemId === 'string' && typeof session.listKey === 'string') {
             return db[session.listKey].findOne({
               where: { id: session.itemId },
             });

package/src/index.ts

@@ -1,25 +1,26 @@
-import url from "url";
+import url from 'url';
 import {
   AdminFileToWrite,
   BaseListTypeInfo,
   KeystoneConfig,
   KeystoneContext,
   AdminUIConfig,
-  SessionStrategy,
   BaseKeystoneTypeInfo,
-} from "@keystone-6/core/types";
-import { getSession } from "next-auth/react";
-import { getToken } from "next-auth/jwt";
-import { Provider } from "next-auth/providers";
+  SessionStrategy,
+} from '@keystone-6/core/types';
+import { getSession } from 'next-auth/react';
+import { getToken } from 'next-auth/jwt';
+import { Provider } from 'next-auth/providers';
 
-import * as cookie from "cookie";
+import * as cookie from 'cookie';
 
-import { nextConfigTemplate } from "./templates/next-config";
+import { Session } from 'next-auth';
+import { nextConfigTemplate } from './templates/next-config';
 // import * as Path from 'path';
 
-import { AuthConfig, KeystoneOAuthConfig, NextAuthSession } from "./types";
-import { getSchemaExtension } from "./schema";
-import { authTemplate } from "./templates/auth";
+import { AuthConfig, KeystoneOAuthConfig, AuthSessionStrategy } from './types';
+import { getSchemaExtension } from './schema';
+import { authTemplate } from './templates/auth';
 
 /**
  * createAuth function
@@ -27,7 +28,7 @@ import { authTemplate } from "./templates/auth";
  * Generates config for Keystone to implement standard auth features.
  */
 
-export type { NextAuthProviders, KeystoneOAuthConfig } from "./types";
+export type { NextAuthProviders, KeystoneOAuthConfig } from './types';
 export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
   autoCreate,
   cookies,
@@ -45,7 +46,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
   // or whether always being true is what we want, in which case we can refactor our code
   // to match this. -TL
 
-  const customPath = !keystonePath || keystonePath === "/" ? "" : keystonePath;
+  const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
   /**
    * pageMiddleware
    *
@@ -56,36 +57,41 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
    *  - to the init page when initFirstItem is configured, and there are no user in the database
    *  - to the signin page when no valid session is present
    */
-  const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>["pageMiddleware"] =
-    async ({ context, isValidSession }) => {
-      const { req, session } = context;
-      const pathname = url.parse(req?.url!).pathname!;
+  const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>['pageMiddleware'] = async ({
+    context,
+    isValidSession,
+  }) => {
+    const { req, session } = context;
+    const pathname = url.parse(req?.url!).pathname!;
 
-      if (isValidSession) {
-        if (pathname === `${customPath}/api/auth/signin`) {
-          return { kind: "redirect", to: `${customPath}` };
-        }
-        if (customPath !== "" && pathname === "/") {
-          return { kind: "redirect", to: `${customPath}` };
-        }
-        return;
-      }
+    if (isValidSession) {
       if (
-        pathname.includes("/_next/") ||
-        pathname.includes("/api/auth/") ||
-        pathname.includes(pages?.signIn) ||
-        pathname.includes(pages?.error) ||
-        pathname.includes(pages?.signOut)
+        pathname === `${customPath}/api/auth/signin` ||
+        (pages?.signIn && pathname.includes(pages?.signIn))
       ) {
-        return;
+        return { kind: 'redirect', to: `${customPath}` };
       }
-      if (!session && !pathname.includes(`${customPath}/api/auth/`)) {
-        return {
-          kind: "redirect",
-          to: pages?.signIn || `${customPath}/api/auth/signin`,
-        };
+      if (customPath !== '' && pathname === '/') {
+        return { kind: 'redirect', to: `${customPath}` };
       }
-    };
+      return;
+    }
+    if (
+      pathname.includes('/_next/') ||
+      pathname.includes('/api/auth/') ||
+      (pages?.signIn && pathname.includes(pages?.signIn)) ||
+      (pages?.error && pathname.includes(pages?.error)) ||
+      (pages?.signOut && pathname.includes(pages?.signOut))
+    ) {
+      return;
+    }
+    if (!session && !pathname.includes(`${customPath}/api/auth/`)) {
+      return {
+        kind: 'redirect',
+        to: pages?.signIn || `${customPath}/api/auth/signin`,
+      };
+    }
+  };
 
   /**
    * getAdditionalFiles
@@ -98,8 +104,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
   const getAdditionalFiles = () => {
     const filesToWrite: AdminFileToWrite[] = [
       {
-        mode: "write",
-        outputPath: "pages/api/auth/[...nextauth].js",
+        mode: 'write',
+        outputPath: 'pages/api/auth/[...nextauth].js',
         src: authTemplate({
           autoCreate,
           identityField,
@@ -109,8 +115,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
         }),
       },
       {
-        mode: "write",
-        outputPath: "next.config.js",
+        mode: 'write',
+        outputPath: 'next.config.js',
         src: nextConfigTemplate({ keystonePath: customPath }),
       },
     ];
@@ -186,52 +192,61 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
   - [ ] We could support additional where input to validate item sessions (e.g an isEnabled boolean)
 */
   const withItemData = (
-    _sessionStrategy: SessionStrategy<Record<string, any>>
-  ): SessionStrategy<NextAuthSession | undefined> => {
-    const { get, start, ...sessionStrategy } = _sessionStrategy;
+    _sessionStrategy: AuthSessionStrategy<Record<string, any>>
+  ): AuthSessionStrategy<{ listKey: string; itemId: string; data: any }> => {
+    const { get, end, ...sessionStrategy } = _sessionStrategy;
     return {
       ...sessionStrategy,
-      start: async ({ res }) => {
-        console.log("start");
-
-        const session = await start({ res });
-        return session;
-      },
-      get: async ({ req }) => {
+      get: async ({ req, createContext }) => {
+        const session = await get({ req, createContext });
+        const sudoContext = createContext({ sudo: true });
         const pathname = url.parse(req?.url!).pathname!;
-        if (pathname.includes("/api/auth")) {
+        let nextSession: Session;
+        if (pathname.includes('/api/auth')) {
           return;
         }
-        if (req.headers.authorization?.split(" ")[0] === "Bearer") {
-          const token = (await getToken({
+        if (req.headers?.authorization?.split(' ')[0] === 'Bearer') {
+          nextSession = (await getToken({
             req,
             secret: sessionSecret,
-          })) as NextAuthSession;
-
-          if (token?.data?.id) {
-            return token;
-          }
+          })) as Session;
+        } else {
+          nextSession = (await getSession({ req })) as Session;
         }
-        const nextSession: unknown = await getSession({ req });
 
-        if (nextSession) {
-          return nextSession as NextAuthSession;
+        if (
+          !nextSession ||
+          !nextSession.listKey ||
+          nextSession.listKey !== listKey ||
+          !nextSession.itemId ||
+          !sudoContext.query[listKey] ||
+          !nextSession.itemId
+        ) {
+          return;
         }
+        return {
+          ...nextSession,
+          data: nextSession.data,
+          listKey: nextSession.listKey,
+          itemId: nextSession.itemId,
+          ...session,
+        };
       },
-      end: async ({ res, req }) => {
+      end: async ({ res, req, createContext }) => {
+        await end({ res, req, createContext });
         const TOKEN_NAME =
-          process.env.NODE_ENV === "production"
-            ? "__Secure-next-auth.session-token"
-            : "next-auth.session-token";
+          process.env.NODE_ENV === 'production'
+            ? '__Secure-next-auth.session-token'
+            : 'next-auth.session-token';
         res.setHeader(
-          "Set-Cookie",
-          cookie.serialize(TOKEN_NAME, "", {
+          'Set-Cookie',
+          cookie.serialize(TOKEN_NAME, '', {
             maxAge: 0,
             expires: new Date(),
             httpOnly: true,
-            secure: process.env.NODE_ENV === "production",
-            path: "/",
-            sameSite: "lax",
+            secure: process.env.NODE_ENV === 'production',
+            path: '/',
+            sameSite: 'lax',
             // TODO: Update parse to URL
             domain: url.parse(req.url as string).hostname as string,
           })
@@ -257,28 +272,24 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
       ui = {
         ...keystoneConfig.ui,
         publicPages: [...(keystoneConfig.ui.publicPages || []), ...publicPages],
-        getAdditionalFiles: [
-          ...(keystoneConfig.ui?.getAdditionalFiles || []),
-          getAdditionalFiles,
-        ],
-        pageMiddleware: async (args) =>
-          (await pageMiddleware(args)) ??
-          keystoneConfig?.ui?.pageMiddleware?.(args),
+        getAdditionalFiles: [...(keystoneConfig.ui?.getAdditionalFiles || []), getAdditionalFiles],
+        pageMiddleware: async args =>
+          (await pageMiddleware(args)) ?? keystoneConfig?.ui?.pageMiddleware?.(args),
         enableSessionItem: true,
         isAccessAllowed: async (context: KeystoneContext) => {
           const { req } = context;
           const pathname = url.parse(req?.url!).pathname!;
 
           // Allow nextjs scripts and static files to be accessed without auth
-          if (pathname.includes("/_next/")) {
+          if (pathname.includes('/_next/')) {
             return true;
           }
 
           // Allow keystone to access /api/__keystone_api_build for hot reloading
           if (
-            process.env.NODE_ENV !== "production" &&
+            process.env.NODE_ENV !== 'production' &&
             context.req?.url !== undefined &&
-            new URL(context.req.url, "http://example.com").pathname ===
+            new URL(context.req.url, 'http://example.com').pathname ===
               `${customPath}/api/__keystone_api_build`
           ) {
             return true;
@@ -291,9 +302,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
       };
     }
 
-    if (!keystoneConfig.session)
-      throw new TypeError("Missing .session configuration");
-    const session = withItemData(keystoneConfig.session);
+    if (!keystoneConfig.session) throw new TypeError('Missing .session configuration');
+    const session = withItemData(keystoneConfig.session) as SessionStrategy<any>;
 
     const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
     return {
@@ -312,7 +322,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
         generateNodeAPI: true,
       },
       extendGraphqlSchema: existingExtendGraphQLSchema
-        ? (schema) => existingExtendGraphQLSchema(extendGraphqlSchema(schema))
+        ? schema => existingExtendGraphQLSchema(extendGraphqlSchema(schema))
         : extendGraphqlSchema,
     };
   };

package/src/lib/findMatchingIdentity.ts

@@ -4,10 +4,7 @@ export async function findMatchingIdentity(
   identityField: string,
   identity: string | number,
   queryAPI: any
-): Promise<
-  | { success: false; code: AuthTokenRequestErrorCode }
-  | { success: true; item: any }
-> {
+): Promise<{ success: false; code: AuthTokenRequestErrorCode } | { success: true; item: any }> {
   const item = await queryAPI.findOne({
     where: { [identityField]: identity },
   });

package/src/pages/NextAuthPage.tsx

@@ -1,34 +1,31 @@
-import NextAuth, {
-  CookiesOptions,
-  EventCallbacks,
-  PagesOptions,
-} from 'next-auth';
+import NextAuth, { CookiesOptions, EventCallbacks, PagesOptions } from 'next-auth';
 import type { KeystoneListsAPI } from '@keystone-6/core/types';
 import { Provider } from 'next-auth/providers';
 import { JWTOptions } from 'next-auth/jwt';
 import { validateNextAuth } from '../lib/validateNextAuth';
 
-// TODO: See if possible to merge with `type AuthConfig`
-type CoreNextAuthPageProps = {
+export type NextAuthTemplateProps = {
   autoCreate: boolean;
-  cookies?: Partial<CookiesOptions>;
-  events?: Partial<EventCallbacks>;
   identityField: string;
-  jwt?: Partial<JWTOptions>;
   listKey: string;
-  pages?: Partial<PagesOptions>;
-  providers?: Provider[];
-  resolver?: Function | undefined;
   sessionData: string | undefined;
   sessionSecret: string;
 };
 
-type NextAuthGglProps = {
-  mutationName?: string;
-  query?: KeystoneListsAPI<any>;
-};
+export type CoreNextAuthPageProps = {
+  cookies?: Partial<CookiesOptions>;
+  events?: Partial<EventCallbacks>;
+  jwt?: Partial<JWTOptions>;
+  pages?: Partial<PagesOptions>;
+  providers: Provider[];
+  resolver?: (args: { user: any; profile: any; account: any }) => Promise<{
+    [key: string]: boolean | string | number;
+  }>;
+} & NextAuthTemplateProps;
 
-export type NextAuthPageProps = CoreNextAuthPageProps & NextAuthGglProps;
+export type NextAuthPageProps = CoreNextAuthPageProps & {
+  query: KeystoneListsAPI<any>;
+};
 
 export default function NextAuthPage(props: NextAuthPageProps) {
   const {
@@ -45,8 +42,6 @@ export default function NextAuthPage(props: NextAuthPageProps) {
     sessionData,
     sessionSecret,
   } = props;
-  // TODO: (v1.1). https://github.com/ijsto/keystone-6-oauth/projects/1#card-78602004
-  console.log('NextAuthPages... ', pages);
 
   if (!query) {
     console.error('NextAuthPage got no query.');
@@ -59,7 +54,6 @@ export default function NextAuthPage(props: NextAuthPageProps) {
   }
 
   const list = query[listKey];
-  const queryAPI = query[listKey];
   const protectIdentities = true;
 
   return NextAuth({
@@ -79,16 +73,9 @@ export default function NextAuthPage(props: NextAuthPageProps) {
         } else {
           identity = 0;
         }
-        const userInput = resolver
-          ? await resolver({ user, account, profile })
-          : {};
-
-        const result = await validateNextAuth(
-          identityField,
-          identity,
-          protectIdentities,
-          queryAPI
-        );
+        const userInput = resolver ? await resolver({ user, account, profile }) : {};
+
+        const result = await validateNextAuth(identityField, identity, protectIdentities, list);
         // ID
         const data: any = {
           [identityField]: identity,
@@ -97,66 +84,67 @@ export default function NextAuthPage(props: NextAuthPageProps) {
 
         if (!result.success) {
           if (!autoCreate) {
-            console.log(
-              '`autoCreate` if set to `false`, skipping user auto-creation'
-            );
             return false;
           }
-          console.log(
-            '`autoCreate` if set to `true`, auto-creating a new user'
-          );
 
           const createUser = await list
             .createOne({ data })
-            .then((returned) => {
-              console.log('User Created', JSON.stringify(returned));
-              return true;
+            .then(returned => {
+              return { success: true, user: returned };
             })
-            .catch((error) => {
-              console.log(error);
+            .catch(error => {
+              console.error(error);
               throw new Error(error);
             });
-          console.log('Created User', createUser);
-          return createUser;
+          return createUser.success;
         }
-        // await list.updateOne({where: {id: result.item.id}, data});
-        return result.success;
+
+        const updateUser = await list
+          .updateOne({ where: { id: result.item.id }, data })
+          .then(returned => {
+            return { success: true, user: returned };
+          })
+          .catch(error => {
+            console.error(error);
+            throw new Error(error);
+          });
+        return updateUser.success;
       },
       async redirect({ url }) {
         return url;
       },
       async session({ session, token }) {
-        const returnSession = {
-          ...session,
-          data: token.data,
-          subject: token.sub,
-          listKey: token.listKey,
-          itemId: token.itemId,
-        };
+        let returnSession = session;
+        if (!token.itemId) {
+          return { expires: '0' };
+        } else {
+          returnSession = {
+            ...session,
+            data: token.data,
+            subject: token.sub,
+            listKey: token.listKey as string,
+            itemId: token.itemId as string,
+          };
+        }
+
         return returnSession;
       },
       async jwt({ token }) {
         const identity = token.sub as number | string;
-        if (!token.itemId) {
-          const result = await validateNextAuth(
-            identityField,
-            identity,
-            protectIdentities,
-            queryAPI
-          );
-
-          if (!result.success) {
-            return token;
-          }
+        const result = await validateNextAuth(identityField, identity, protectIdentities, list);
+
+        if (!result.success) {
+          token.itemId = null;
+        } else {
           token.itemId = result.item.id;
+          const data = await query[listKey].findOne({
+            where: { id: token.itemId },
+            query: sessionData || 'id',
+          });
+          token.data = data;
         }
-        const data = await query[listKey].findOne({
-          where: { id: token.itemId },
-          query: sessionData || 'id',
-        });
         const returnToken = {
           ...token,
-          data,
           subject: token.sub,
           listKey,
         };
@@ -167,5 +155,4 @@ export default function NextAuthPage(props: NextAuthPageProps) {
   });
 }
 
-export const getNextAuthPage = (props: NextAuthPageProps) => () =>
-  NextAuthPage({ ...props });
+export const getNextAuthPage = (props: NextAuthPageProps) => () => NextAuthPage({ ...props });

package/src/schema.ts

@@ -9,13 +9,11 @@ export const getSchemaExtension = ({
   identityField: string;
   listKey: string;
 }): ExtendGraphqlSchema =>
-  graphql.extend((base) => {
+  graphql.extend(base => {
     const baseSchema = getBaseAuthSchema({
       listKey,
       base,
     });
 
-    return [baseSchema.extension].filter(
-      (x): x is Exclude<typeof x, undefined> => x !== undefined
-    );
+    return [baseSchema.extension].filter((x): x is Exclude<typeof x, undefined> => x !== undefined);
   });