@opensaas/keystone-nextjs-auth 25.0.0 → 26.0.0

package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.esm.js

@@ -160,9 +160,7 @@ function NextAuthPage(props) {
         let returnSession = session;
 
         if (!token.itemId) {
-          return {
-            expires: '0'
-          };
+          return session;
         } else {
           returnSession = _objectSpread(_objectSpread({}, session), {}, {
             data: token.data,
@@ -180,10 +178,15 @@ function NextAuthPage(props) {
           token
         } = _ref4;
         const identity = token.sub;
+
+        if (!identity) {
+          return token;
+        }
+
         const result = await validateNextAuth(identityField, identity, protectIdentities, list);
 
         if (!result.success) {
-          token.itemId = null;
+          token.itemId = undefined;
         } else {
           token.itemId = result.item.id;
           const data = await query[listKey].findOne({

package/src/index.ts

@@ -3,18 +3,20 @@ import {
   AdminFileToWrite,
   BaseListTypeInfo,
   KeystoneConfig,
-  KeystoneContext,
   AdminUIConfig,
   BaseKeystoneTypeInfo,
   SessionStrategy,
+  KeystoneContext,
 } from '@keystone-6/core/types';
+import type { NextApiRequest } from 'next';
+
 import { getSession } from 'next-auth/react';
 import { getToken } from 'next-auth/jwt';
 import { Provider } from 'next-auth/providers';
 
 import * as cookie from 'cookie';
-
-import { JWT, Session } from 'next-auth';
+import { JWT } from 'next-auth/jwt';
+import { Session } from 'next-auth';
 import { nextConfigTemplate } from './templates/next-config';
 // import * as Path from 'path';
 
@@ -57,7 +59,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
    *  - to the init page when initFirstItem is configured, and there are no user in the database
    *  - to the signin page when no valid session is present
    */
-  const pageMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>['pageMiddleware'] = async ({
+  const authMiddleware: AdminUIConfig<BaseKeystoneTypeInfo>['pageMiddleware'] = async ({
     context,
     isValidSession,
   }) => {
@@ -65,26 +67,11 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
     const pathname = url.parse(req?.url!).pathname!;
 
     if (isValidSession) {
-      if (
-        pathname === `${customPath}/api/auth/signin` ||
-        (pages?.signIn && pathname.includes(pages?.signIn))
-      ) {
-        return { kind: 'redirect', to: `${customPath}` };
-      }
       if (customPath !== '' && pathname === '/') {
         return { kind: 'redirect', to: `${customPath}` };
       }
       return;
     }
-    if (
-      pathname.includes('/_next/') ||
-      pathname.includes('/api/auth/') ||
-      (pages?.signIn && pathname.includes(pages?.signIn)) ||
-      (pages?.error && pathname.includes(pages?.error)) ||
-      (pages?.signOut && pathname.includes(pages?.signOut))
-    ) {
-      return;
-    }
     if (!session && !pathname.includes(`${customPath}/api/auth/`)) {
       return {
         kind: 'redirect',
@@ -94,14 +81,14 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
   };
 
   /**
-   * getAdditionalFiles
+   * authGetAdditionalFiles
    *
    * This function adds files to be generated into the Admin UI build. Must be added to the
    * ui.getAdditionalFiles config.
    *
    * The signin page is always included, and the init page is included when initFirstItem is set
    */
-  const getAdditionalFiles = () => {
+  const authGetAdditionalFiles = () => {
     const filesToWrite: AdminFileToWrite[] = [
       {
         mode: 'write',
@@ -128,8 +115,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
    *
    * Must be added to the ui.publicPages config
    */
-  const publicPages = [
-    `${customPath}/api/__keystone_api_build`,
+  const authPublicPages = [
     `${customPath}/api/auth/csrf`,
     `${customPath}/api/auth/signin`,
     `${customPath}/api/auth/callback`,
@@ -142,8 +128,8 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
   // @ts-ignore
   function addPages(provider: Provider) {
     const name = provider.id;
-    publicPages.push(`${customPath}/api/auth/signin/${name}`);
-    publicPages.push(`${customPath}/api/auth/callback/${name}`);
+    authPublicPages.push(`${customPath}/api/auth/signin/${name}`);
+    authPublicPages.push(`${customPath}/api/auth/callback/${name}`);
   }
   providers.map(addPages);
 
@@ -197,17 +183,19 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
     const { get, end, ...sessionStrategy } = _sessionStrategy;
     return {
       ...sessionStrategy,
-      get: async ({ req, createContext }) => {
+      get: async ({ context }) => {
+        const { req } = context;
         const pathname = url.parse(req?.url!).pathname!;
         let nextSession: Session | JWT | null;
+        if (!req) return;
         if (pathname.includes('/api/auth')) {
           return;
         }
-        const sudoContext = createContext({ sudo: true });
+        const sudoContext = context.sudo();
 
         if (req.headers?.authorization?.split(' ')[0] === 'Bearer') {
           nextSession = await getToken({
-            req,
+            req: req as NextApiRequest,
             secret: sessionSecret,
           });
         } else {
@@ -231,7 +219,7 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
           data: nextSession.data,
         };
 
-        const userSession = await get({ req: reqWithUser, createContext });
+        const userSession = await get({ context });
 
         return {
           ...userSession,
@@ -241,12 +229,14 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
           itemId: nextSession.itemId,
         };
       },
-      end: async ({ res, req, createContext }) => {
-        await end({ res, req, createContext });
+      end: async ({ context }) => {
+        await end({ context });
         const TOKEN_NAME =
           process.env.NODE_ENV === 'production'
             ? '__Secure-next-auth.session-token'
             : 'next-auth.session-token';
+        const { req, res } = context;
+        if (!req || !res) return;
         res.setHeader(
           'Set-Cookie',
           cookie.serialize(TOKEN_NAME, '', {
@@ -264,6 +254,9 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
     };
   };
 
+  function defaultIsAccessAllowed({ session }: KeystoneContext) {
+    return session !== undefined;
+  }
   /**
    * withAuth
    *
@@ -277,35 +270,35 @@ export function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
   const withAuth = (keystoneConfig: KeystoneConfig): KeystoneOAuthConfig => {
     validateConfig(keystoneConfig);
     let { ui } = keystoneConfig;
-    if (keystoneConfig.ui) {
+    if (!ui?.isDisabled) {
+      const {
+        getAdditionalFiles = [],
+        isAccessAllowed = defaultIsAccessAllowed,
+        pageMiddleware,
+        publicPages = [],
+      } = ui || {};
       ui = {
-        ...keystoneConfig.ui,
-        publicPages: [...(keystoneConfig.ui.publicPages || []), ...publicPages],
-        getAdditionalFiles: [...(keystoneConfig.ui?.getAdditionalFiles || []), getAdditionalFiles],
-        pageMiddleware: async args =>
-          (await pageMiddleware(args)) ?? keystoneConfig?.ui?.pageMiddleware?.(args),
+        ...ui,
+        publicPages: [...publicPages, ...authPublicPages],
         isAccessAllowed: async (context: KeystoneContext) => {
-          const { req } = context;
-          const pathname = url.parse(req?.url!).pathname!;
-
-          // Allow nextjs scripts and static files to be accessed without auth
-          if (pathname.includes('/_next/')) {
-            return true;
-          }
-
-          // Allow keystone to access /api/__keystone_api_build for hot reloading
+          const pathname = url.parse(context.req?.url!).pathname!;
           if (
-            process.env.NODE_ENV !== 'production' &&
-            context.req?.url !== undefined &&
-            new URL(context.req.url, 'http://example.com').pathname ===
-              `${customPath}/api/__keystone_api_build`
+            pathname.startsWith(`${customPath}/_next`) ||
+            pathname.startsWith(`${customPath}/__next`) ||
+            pathname.startsWith(`${customPath}/api/auth/`) ||
+            (pages?.signIn && pathname.includes(pages?.signIn)) ||
+            (pages?.error && pathname.includes(pages?.error)) ||
+            (pages?.signOut && pathname.includes(pages?.signOut))
           ) {
             return true;
           }
-
-          return keystoneConfig.ui?.isAccessAllowed
-            ? keystoneConfig.ui.isAccessAllowed(context)
-            : context.session !== undefined;
+          return await isAccessAllowed(context);
+        },
+        getAdditionalFiles: [...getAdditionalFiles, authGetAdditionalFiles],
+        pageMiddleware: async args => {
+          const shouldRedirect = await authMiddleware(args);
+          if (shouldRedirect) return shouldRedirect;
+          return pageMiddleware?.(args);
         },
       };
     }

package/src/pages/NextAuthPage.tsx

@@ -116,25 +116,28 @@ export default function NextAuthPage(props: NextAuthPageProps) {
       async session({ session, token }) {
         let returnSession = session;
         if (!token.itemId) {
-          return { expires: '0' };
+          return session;
         } else {
           returnSession = {
             ...session,
             data: token.data,
             subject: token.sub,
-            listKey: token.listKey as string,
-            itemId: token.itemId as string,
+            listKey: token.listKey,
+            itemId: token.itemId,
           };
         }
 
         return returnSession;
       },
       async jwt({ token }) {
-        const identity = token.sub as number | string;
+        const identity = token.sub;
+        if (!identity) {
+          return token;
+        }
         const result = await validateNextAuth(identityField, identity, protectIdentities, list);
 
         if (!result.success) {
-          token.itemId = null;
+          token.itemId = undefined;
         } else {
           token.itemId = result.item.id;
           const data = await query[listKey].findOne({

package/src/templates/next-config.ts

@@ -1,61 +1,12 @@
 import ejs from 'ejs';
 
 const template = `
-const Path = require('path');
-// @ts-ignore
-const withPreconstruct = require('@preconstruct/next');
+const keystoneConfig = require('@keystone-6/core/___internal-do-not-use-will-break-in-patch/admin-ui/next-config').config;
 
-module.exports = withPreconstruct({
-  typescript: {
-    ignoreBuildErrors: true,
-  },
-  env: {
-    NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/auth',
-  },
-  eslint: {
-    ignoreDuringBuilds: true,
-  },
-  webpack(config, { isServer }) {
-    config.resolve.alias = {
-      ...config.resolve.alias,
-      react: Path.dirname(require.resolve('react/package.json')),
-      'react-dom': Path.dirname(require.resolve('react-dom/package.json')),
-      '@keystone-6/core': Path.dirname(
-        require.resolve('@keystone-6/core/package.json')
-      ),
-    };
-    if (isServer) {
-      config.externals = [
-        ...config.externals, 
-        /@keystone-6\\/core(?!\\/___internal-do-not-use-will-break-in-patch\\/admin-ui\\/id-field-view|\\/fields\\/types\\/[^\\/]+\\/views)/,
-        /.prisma\\/client/
-      ];
-    // we need to set these to true so that when __dirname/__filename is used
-    // to resolve the location of field views, we will get a path that we can use
-    // rather than just the __dirname/__filename of the generated file.
-    // https://webpack.js.org/configuration/node/#node__filename
-    (_config$node = config.node) !== null && _config$node !== void 0 ? _config$node : config.node = {};
-    config.node.__dirname = true;
-    config.node.__filename = true;
-    }
-    return config;
-  },
-  <% if (keystonePath) { %>
-    <% if (process.env.NODE_ENV != 'production') { %> 
-  async rewrites() {
-    return [
-      {
-        source: '/api/__keystone_api_build',
-        destination: 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/__keystone_api_build',
-        basePath: false
-      }
-    ];
-  },
-  <% }%>
-  basePath: '<%= keystonePath || '' %>'
-  <% } %>
-});
-`;
+module.exports = {
+    ...keystoneConfig,
+    basePath: '<%= keystonePath || '' %>'
+};`;
 export const nextConfigTemplate = ({ keystonePath }: { keystonePath: string }) => {
   const nextConfigOut = ejs.render(template, { keystonePath });
 

package/src/types/index.ts

@@ -1,26 +1,11 @@
-import type { ServerResponse, IncomingMessage } from 'http';
-import type { NextRequest } from 'next/server';
 import { Provider } from 'next-auth/providers';
 import { CookiesOptions, PagesOptions } from 'next-auth';
-import { BaseListTypeInfo, KeystoneConfig, CreateContext } from '@keystone-6/core/types';
-
-type NextAuthResponse = IncomingMessage & NextRequest;
+import { BaseListTypeInfo, KeystoneConfig, KeystoneContext } from '@keystone-6/core/types';
 
 export declare type AuthSessionStrategy<StoredSessionData> = {
-  start: (args: {
-    res: ServerResponse;
-    data: any;
-    createContext: CreateContext;
-  }) => Promise<string>;
-  end: (args: {
-    req: IncomingMessage;
-    res: ServerResponse;
-    createContext: CreateContext;
-  }) => Promise<void>;
-  get: (args: {
-    req: NextAuthResponse;
-    createContext: CreateContext;
-  }) => Promise<StoredSessionData | undefined>;
+  start: (args: { data: any; context: KeystoneContext }) => Promise<unknown>;
+  end: (args: { context: KeystoneContext }) => Promise<unknown>;
+  get: (args: { context: KeystoneContext }) => Promise<StoredSessionData | undefined>;
 };
 
 export type NextAuthProviders = Provider[];

package/src/types/next-auth.d.ts

@@ -2,18 +2,25 @@ import NextAuth from 'next-auth';
 import { JWT } from 'next-auth/jwt';
 
 declare module 'next-auth' {
+  interface Session extends JWT {
+    user?: any;
+    listKey?: string;
+    itemId?: string;
+    subject?: string | number | null | undefined;
+    expires?: string;
+  }
+}
+
+declare module 'next-auth/jwt' {
   interface JWT {
     data?: any | undefined;
-    subject?: string | undefined;
+    subject?: string | number | null | undefined;
     listKey?: string;
-    itemId?: string | undefined;
+    itemId?: string;
     name?: string | null | undefined;
     email?: string | null | undefined;
     picture?: string | null | undefined;
-    sub?: string | null | undefined;
+    sub?: string | number | null | undefined;
     expires?: string | null | undefined;
   }
-  interface Session extends JWT {
-    user?: any;
-  }
 }