@opensaas/keystone-nextjs-auth 25.0.0-rc-1 → 26.0.0

package/CHANGELOG.md

@@ -1,5 +1,32 @@
 # @opensaas-keystone/nextjs-auth
 
+## 26.0.0
+
+### Major Changes
+
+- fac7086: Upgrade to `keystone-6/core@4.0.0`
+
+### Minor Changes
+
+- ed67215: Update dependency next-auth to ^4.17.0
+- 9643191: Upgrade next-auth and fix types
+- b9dbb77: Upgrade to keystone `3.1.0`
+
+### Patch Changes
+
+- b9dbb77: Resolve error when `isAccessAllowed` is not defined
+- 5b0af33: Simplify NextJS config of Keystone path and resolve redirect loops
+
+## 25.0.0
+
+### Major Changes
+
+- a759195: Upgrade to keystone-6@3.0.0
+
+### Minor Changes
+
+- 44031fa: Update `next-auth` to `4.14`
+
 ## 24.1.0
 
 ### Minor Changes

package/README.md

@@ -1,4 +1,5 @@
 # Keystone next auth
+
 This package enables the addition of social auth to keystone-6.
 
 ## Contents
@@ -9,6 +10,7 @@ This package enables the addition of social auth to keystone-6.
 - [Contributing](#contributing)
 
 ## About
+
 This uses NextAuth.js (https://next-auth.js.org/) project to add social auth to Keystone-6 (https://keystonejs.com/). Primary testing has been done with Auth0, happy for others to test other providers/give feedback or send through a PR.
 
 ## Adding to your project
@@ -20,7 +22,6 @@ Add import...
 ```javascript
 import { createAuth } from '@opensaas/keystone-nextjs-auth';
 import Auth0 from '@opensaas/keystone-nextjs-auth/providers/auth0';
-
 ```
 
 Add you Auth configuration including providers
@@ -60,7 +61,8 @@ const auth = createAuth({
 ]
 });
 ```
-Wrap your keystone config in `auth.withAuth`. Note that `generateNodeAPI` is required.
+
+Wrap your keystone config in `auth.withAuth`.
 
 ```javascript
 export default auth.withAuth(
@@ -69,32 +71,32 @@ export default auth.withAuth(
     db: {},
     ui: {},
     lists,
-    experimental: {
-      generateNodeAPI: true,
-    },
     ...
   });
 ```
 
 ## Configuration
+
 Provider configuration see https://next-auth.js.org/configuration/providers.
 For Keystone-6 Configuration see https://keystonejs.com/
 for example see the example [backend](./backend)
 
--  listKey - the list for authentication (generally `'User'`). Make sure any required fields are set using the `*Map` fields, see note below. 
--  identityField - The field that stores the identity/subjectId in keystone (generally `'subjectId'`). You will need to add this field to your list schema specified by `listKey`. An example can be found [here](./backend/schemas/User.ts).
--  sessionData - Data to be stored in the session ( something like `'id name email'`),
--  autoCreate - boolean to autocreate a user when they log in
--  userMap: `key:value` pairs that define what is copied from the User object returned from NextAuth in the SignIn callback (https://next-auth.js.org/configuration/callbacks#sign-in-callback) Left side is Keystone side, right is what comes from NextAuth eg: `{ subjectId: 'id', name: 'name' }`
--  accountMap - As Above but for the Account object
--  profileMap - As Above but for the Profile object
--  keystonePath - the path you want to access keystone from your frontend app (if required).
+- listKey - the list for authentication (generally `'User'`). Make sure any required fields are set using the `*Map` fields, see note below.
+- identityField - The field that stores the identity/subjectId in keystone (generally `'subjectId'`). You will need to add this field to your list schema specified by `listKey`. An example can be found [here](./backend/schemas/User.ts).
+- sessionData - Data to be stored in the session ( something like `'id name email'`),
+- autoCreate - boolean to autocreate a user when they log in
+- userMap: `key:value` pairs that define what is copied from the User object returned from NextAuth in the SignIn callback (https://next-auth.js.org/configuration/callbacks#sign-in-callback) Left side is Keystone side, right is what comes from NextAuth eg: `{ subjectId: 'id', name: 'name' }`
+- accountMap - As Above but for the Account object
+- profileMap - As Above but for the Profile object
+- keystonePath - the path you want to access keystone from your frontend app (if required).
 
 Note: The Keystone `create-keystone-app` CLI app (generally run with `yarn create keystone-app`/`npm init keystone-app`) will set a required `password` field on the `User` list. If you've used this to set up your project you will need to modify your list schema to set the field as not required, or remove it entirely if you don't plan to use the default Keystone auth system at all.
 
 ## Contributing
+
 If you want to run this package locally
 After cloning run `yarn install` and either:
+
 - `yarn dev` to run both the frontend and backend or
 - `yarn dev:backend` for just the backend
 

package/dist/declarations/src/pages/NextAuthPage.d.ts

@@ -2,14 +2,14 @@ import { CookiesOptions, EventCallbacks, PagesOptions } from 'next-auth';
 import type { KeystoneListsAPI } from '@keystone-6/core/types';
 import { Provider } from 'next-auth/providers';
 import { JWTOptions } from 'next-auth/jwt';
-export declare type NextAuthTemplateProps = {
+export type NextAuthTemplateProps = {
     autoCreate: boolean;
     identityField: string;
     listKey: string;
     sessionData: string | undefined;
     sessionSecret: string;
 };
-export declare type CoreNextAuthPageProps = {
+export type CoreNextAuthPageProps = {
     cookies?: Partial<CookiesOptions>;
     events?: Partial<EventCallbacks>;
     jwt?: Partial<JWTOptions>;
@@ -23,7 +23,7 @@ export declare type CoreNextAuthPageProps = {
         [key: string]: boolean | string | number;
     }>;
 } & NextAuthTemplateProps;
-export declare type NextAuthPageProps = CoreNextAuthPageProps & {
+export type NextAuthPageProps = CoreNextAuthPageProps & {
     query: KeystoneListsAPI<any>;
 };
 export default function NextAuthPage(props: NextAuthPageProps): any;

package/dist/declarations/src/types/index.d.ts

@@ -1,37 +1,29 @@
-/// <reference types="node" />
-import type { ServerResponse, IncomingMessage } from 'http';
-import type { NextRequest } from 'next/server';
 import { Provider } from 'next-auth/providers';
 import { CookiesOptions, PagesOptions } from 'next-auth';
-import { BaseListTypeInfo, KeystoneConfig, CreateContext } from '@keystone-6/core/types';
-declare type NextAuthResponse = IncomingMessage & NextRequest;
+import { BaseListTypeInfo, KeystoneConfig, KeystoneContext } from '@keystone-6/core/types';
 export declare type AuthSessionStrategy<StoredSessionData> = {
     start: (args: {
-        res: ServerResponse;
         data: any;
-        createContext: CreateContext;
-    }) => Promise<string>;
+        context: KeystoneContext;
+    }) => Promise<unknown>;
     end: (args: {
-        req: IncomingMessage;
-        res: ServerResponse;
-        createContext: CreateContext;
-    }) => Promise<void>;
+        context: KeystoneContext;
+    }) => Promise<unknown>;
     get: (args: {
-        req: NextAuthResponse;
-        createContext: CreateContext;
+        context: KeystoneContext;
     }) => Promise<StoredSessionData | undefined>;
 };
-export declare type NextAuthProviders = Provider[];
-declare type KeytoneOAuthOptions = {
+export type NextAuthProviders = Provider[];
+type KeytoneOAuthOptions = {
     providers: NextAuthProviders;
     pages?: Partial<PagesOptions>;
 };
-declare type NextAuthOptions = {
+type NextAuthOptions = {
     cookies?: Partial<CookiesOptions>;
     resolver: any;
 };
-export declare type KeystoneOAuthConfig = KeystoneConfig & KeytoneOAuthOptions & NextAuthOptions;
-export declare type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
+export type KeystoneOAuthConfig = KeystoneConfig & KeytoneOAuthOptions & NextAuthOptions;
+export type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
     /** Auth Create users in Keystone DB from Auth Provider */
     autoCreate: boolean;
     /** Adds ability to customize cookie options, for example, to facilitate cross-subdomain functionality */
@@ -58,8 +50,8 @@ export declare type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
     /** Next-Auth Session Secret */
     sessionSecret: string;
 };
-export declare type AuthTokenRequestErrorCode = 'IDENTITY_NOT_FOUND' | 'MULTIPLE_IDENTITY_MATCHES';
-export declare type PasswordAuthErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'SECRET_NOT_SET' | 'SECRET_MISMATCH';
-export declare type NextAuthErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'SUBJECT_NOT_FOUND';
-export declare type AuthTokenRedemptionErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'TOKEN_NOT_SET' | 'TOKEN_MISMATCH' | 'TOKEN_EXPIRED' | 'TOKEN_REDEEMED';
+export type AuthTokenRequestErrorCode = 'IDENTITY_NOT_FOUND' | 'MULTIPLE_IDENTITY_MATCHES';
+export type PasswordAuthErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'SECRET_NOT_SET' | 'SECRET_MISMATCH';
+export type NextAuthErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'SUBJECT_NOT_FOUND';
+export type AuthTokenRedemptionErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'TOKEN_NOT_SET' | 'TOKEN_MISMATCH' | 'TOKEN_EXPIRED' | 'TOKEN_REDEEMED';
 export {};

package/dist/opensaas-keystone-nextjs-auth.cjs.dev.js

@@ -7,7 +7,7 @@ var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProp
 var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
 var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
 var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
-var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
+var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
 var url = require('url');
 var react = require('next-auth/react');
 var jwt = require('next-auth/jwt');
@@ -39,68 +39,19 @@ function _interopNamespace(e) {
 var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
 var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
 var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
-var _URL__default = /*#__PURE__*/_interopDefault(_URL);
+var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
 var url__default = /*#__PURE__*/_interopDefault(url);
 var cookie__namespace = /*#__PURE__*/_interopNamespace(cookie);
 var ejs__default = /*#__PURE__*/_interopDefault(ejs);
 var _filterInstanceProperty__default = /*#__PURE__*/_interopDefault(_filterInstanceProperty);
 
 const template$1 = `
-const Path = require('path');
-// @ts-ignore
-const withPreconstruct = require('@preconstruct/next');
-
-module.exports = withPreconstruct({
-  typescript: {
-    ignoreBuildErrors: true,
-  },
-  env: {
-    NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/auth',
-  },
-  eslint: {
-    ignoreDuringBuilds: true,
-  },
-  webpack(config, { isServer }) {
-    config.resolve.alias = {
-      ...config.resolve.alias,
-      react: Path.dirname(require.resolve('react/package.json')),
-      'react-dom': Path.dirname(require.resolve('react-dom/package.json')),
-      '@keystone-6/core': Path.dirname(
-        require.resolve('@keystone-6/core/package.json')
-      ),
-    };
-    if (isServer) {
-      config.externals = [
-        ...config.externals, 
-        /@keystone-6\\/core(?!\\/___internal-do-not-use-will-break-in-patch\\/admin-ui\\/id-field-view|\\/fields\\/types\\/[^\\/]+\\/views)/,
-        /.prisma\\/client/
-      ];
-    // we need to set these to true so that when __dirname/__filename is used
-    // to resolve the location of field views, we will get a path that we can use
-    // rather than just the __dirname/__filename of the generated file.
-    // https://webpack.js.org/configuration/node/#node__filename
-    (_config$node = config.node) !== null && _config$node !== void 0 ? _config$node : config.node = {};
-    config.node.__dirname = true;
-    config.node.__filename = true;
-    }
-    return config;
-  },
-  <% if (keystonePath) { %>
-    <% if (process.env.NODE_ENV != 'production') { %> 
-  async rewrites() {
-    return [
-      {
-        source: '/api/__keystone_api_build',
-        destination: 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/__keystone_api_build',
-        basePath: false
-      }
-    ];
-  },
-  <% }%>
-  basePath: '<%= keystonePath || '' %>'
-  <% } %>
-});
-`;
+const keystoneConfig = require('@keystone-6/core/___internal-do-not-use-will-break-in-patch/admin-ui/next-config').config;
+
+module.exports = {
+    ...keystoneConfig,
+    basePath: '<%= keystonePath || '' %>'
+};`;
 const nextConfigTemplate = _ref => {
   let {
     keystonePath
@@ -245,7 +196,7 @@ function createAuth(_ref) {
    *  - to the signin page when no valid session is present
    */
 
-  const pageMiddleware = async _ref2 => {
+  const authMiddleware = async _ref2 => {
     let {
       context,
       isValidSession
@@ -257,13 +208,6 @@ function createAuth(_ref) {
     const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
 
     if (isValidSession) {
-      if (pathname === `${customPath}/api/auth/signin` || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn)) {
-        return {
-          kind: 'redirect',
-          to: `${customPath}`
-        };
-      }
-
       if (customPath !== '' && pathname === '/') {
         return {
           kind: 'redirect',
@@ -274,10 +218,6 @@ function createAuth(_ref) {
       return;
     }
 
-    if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/') || _includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth/') || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
-      return;
-    }
-
     if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
       return {
         kind: 'redirect',
@@ -286,7 +226,7 @@ function createAuth(_ref) {
     }
   };
   /**
-   * getAdditionalFiles
+   * authGetAdditionalFiles
    *
    * This function adds files to be generated into the Admin UI build. Must be added to the
    * ui.getAdditionalFiles config.
@@ -295,7 +235,7 @@ function createAuth(_ref) {
    */
 
 
-  const getAdditionalFiles = () => {
+  const authGetAdditionalFiles = () => {
     const filesToWrite = [{
       mode: 'write',
       outputPath: 'pages/api/auth/[...nextauth].js',
@@ -322,13 +262,13 @@ function createAuth(_ref) {
    */
 
 
-  const publicPages = [`${customPath}/api/__keystone_api_build`, `${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
+  const authPublicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
   // @ts-ignore
 
   function addPages(provider) {
     const name = provider.id;
-    publicPages.push(`${customPath}/api/auth/signin/${name}`);
-    publicPages.push(`${customPath}/api/auth/callback/${name}`);
+    authPublicPages.push(`${customPath}/api/auth/signin/${name}`);
+    authPublicPages.push(`${customPath}/api/auth/callback/${name}`);
   }
 
   _mapInstanceProperty__default["default"](providers).call(providers, addPages);
@@ -394,23 +334,24 @@ function createAuth(_ref) {
         var _req$headers, _req$headers$authoriz;
 
         let {
-          req,
-          createContext
+          context
         } = _ref3;
+        const {
+          req
+        } = context;
         const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
         let nextSession;
+        if (!req) return;
 
         if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth')) {
           return;
         }
 
-        const sudoContext = createContext({
-          sudo: true
-        });
+        const sudoContext = context.sudo();
 
         if (((_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : (_req$headers$authoriz = _req$headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
           nextSession = await jwt.getToken({
-            req,
+            req: req,
             secret: sessionSecret
           });
         } else {
@@ -430,8 +371,7 @@ function createAuth(_ref) {
           data: nextSession.data
         };
         const userSession = await get({
-          req: reqWithUser,
-          createContext
+          context
         });
         return _objectSpread(_objectSpread(_objectSpread({}, userSession), nextSession), {}, {
           data: nextSession.data,
@@ -441,16 +381,17 @@ function createAuth(_ref) {
       },
       end: async _ref4 => {
         let {
-          res,
-          req,
-          createContext
+          context
         } = _ref4;
         await end({
-          res,
-          req,
-          createContext
+          context
         });
         const TOKEN_NAME = process.env.NODE_ENV === 'production' ? '__Secure-next-auth.session-token' : 'next-auth.session-token';
+        const {
+          req,
+          res
+        } = context;
+        if (!req || !res) return;
         res.setHeader('Set-Cookie', cookie__namespace.serialize(TOKEN_NAME, '', {
           maxAge: 0,
           expires: new Date(),
@@ -464,6 +405,13 @@ function createAuth(_ref) {
       }
     });
   };
+
+  function defaultIsAccessAllowed(_ref5) {
+    let {
+      session
+    } = _ref5;
+    return session !== undefined;
+  }
   /**
    * withAuth
    *
@@ -477,40 +425,38 @@ function createAuth(_ref) {
 
 
   const withAuth = keystoneConfig => {
+    var _ui;
+
     validateConfig(keystoneConfig);
     let {
       ui
     } = keystoneConfig;
 
-    if (keystoneConfig.ui) {
-      var _keystoneConfig$ui;
-
-      ui = _objectSpread(_objectSpread({}, keystoneConfig.ui), {}, {
-        publicPages: [...(keystoneConfig.ui.publicPages || []), ...publicPages],
-        getAdditionalFiles: [...(((_keystoneConfig$ui = keystoneConfig.ui) === null || _keystoneConfig$ui === void 0 ? void 0 : _keystoneConfig$ui.getAdditionalFiles) || []), getAdditionalFiles],
-        pageMiddleware: async args => {
-          var _keystoneConfig$ui2, _keystoneConfig$ui2$p;
-
-          return (await pageMiddleware(args)) ?? (keystoneConfig === null || keystoneConfig === void 0 ? void 0 : (_keystoneConfig$ui2 = keystoneConfig.ui) === null || _keystoneConfig$ui2 === void 0 ? void 0 : (_keystoneConfig$ui2$p = _keystoneConfig$ui2.pageMiddleware) === null || _keystoneConfig$ui2$p === void 0 ? void 0 : _keystoneConfig$ui2$p.call(_keystoneConfig$ui2, args));
-        },
+    if (!((_ui = ui) !== null && _ui !== void 0 && _ui.isDisabled)) {
+      const {
+        getAdditionalFiles = [],
+        isAccessAllowed = defaultIsAccessAllowed,
+        pageMiddleware,
+        publicPages = []
+      } = ui || {};
+      ui = _objectSpread(_objectSpread({}, ui), {}, {
+        publicPages: [...publicPages, ...authPublicPages],
         isAccessAllowed: async context => {
-          var _context$req, _keystoneConfig$ui3;
-
-          const {
-            req
-          } = context;
-          const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
-
-          if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/')) {
-            return true;
-          } // Allow keystone to access /api/__keystone_api_build for hot reloading
+          var _context$req;
 
+          const pathname = url__default["default"].parse((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url).pathname;
 
-          if (process.env.NODE_ENV !== 'production' && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL__default["default"](context.req.url, 'http://example.com').pathname === `${customPath}/api/__keystone_api_build`) {
+          if (_startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/_next`) || _startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/__next`) || _startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`) || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
             return true;
           }
 
-          return (_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined;
+          return await isAccessAllowed(context);
+        },
+        getAdditionalFiles: [...getAdditionalFiles, authGetAdditionalFiles],
+        pageMiddleware: async args => {
+          const shouldRedirect = await authMiddleware(args);
+          if (shouldRedirect) return shouldRedirect;
+          return pageMiddleware === null || pageMiddleware === void 0 ? void 0 : pageMiddleware(args);
         }
       });
     }