@opensaas/keystone-nextjs-auth 25.0.0 → 27.0.0

package/CHANGELOG.md

@@ -1,5 +1,32 @@
 # @opensaas-keystone/nextjs-auth
 
+## 27.0.0
+
+### Major Changes
+
+- ec29144: Update dependency @keystone-6/core to v5
+
+### Patch Changes
+
+- 0a8ea8e: Update patch dependencies (patch)
+
+## 26.0.0
+
+### Major Changes
+
+- fac7086: Upgrade to `keystone-6/core@4.0.0`
+
+### Minor Changes
+
+- ed67215: Update dependency next-auth to ^4.17.0
+- 9643191: Upgrade next-auth and fix types
+- b9dbb77: Upgrade to keystone `3.1.0`
+
+### Patch Changes
+
+- b9dbb77: Resolve error when `isAccessAllowed` is not defined
+- 5b0af33: Simplify NextJS config of Keystone path and resolve redirect loops
+
 ## 25.0.0
 
 ### Major Changes

package/README.md

@@ -1,4 +1,5 @@
 # Keystone next auth
+
 This package enables the addition of social auth to keystone-6.
 
 ## Contents
@@ -9,6 +10,7 @@ This package enables the addition of social auth to keystone-6.
 - [Contributing](#contributing)
 
 ## About
+
 This uses NextAuth.js (https://next-auth.js.org/) project to add social auth to Keystone-6 (https://keystonejs.com/). Primary testing has been done with Auth0, happy for others to test other providers/give feedback or send through a PR.
 
 ## Adding to your project
@@ -20,7 +22,6 @@ Add import...
 ```javascript
 import { createAuth } from '@opensaas/keystone-nextjs-auth';
 import Auth0 from '@opensaas/keystone-nextjs-auth/providers/auth0';
-
 ```
 
 Add you Auth configuration including providers
@@ -60,7 +61,8 @@ const auth = createAuth({
 ]
 });
 ```
-Wrap your keystone config in `auth.withAuth`. Note that `generateNodeAPI` is required.
+
+Wrap your keystone config in `auth.withAuth`.
 
 ```javascript
 export default auth.withAuth(
@@ -69,32 +71,32 @@ export default auth.withAuth(
     db: {},
     ui: {},
     lists,
-    experimental: {
-      generateNodeAPI: true,
-    },
     ...
   });
 ```
 
 ## Configuration
+
 Provider configuration see https://next-auth.js.org/configuration/providers.
 For Keystone-6 Configuration see https://keystonejs.com/
 for example see the example [backend](./backend)
 
--  listKey - the list for authentication (generally `'User'`). Make sure any required fields are set using the `*Map` fields, see note below. 
--  identityField - The field that stores the identity/subjectId in keystone (generally `'subjectId'`). You will need to add this field to your list schema specified by `listKey`. An example can be found [here](./backend/schemas/User.ts).
--  sessionData - Data to be stored in the session ( something like `'id name email'`),
--  autoCreate - boolean to autocreate a user when they log in
--  userMap: `key:value` pairs that define what is copied from the User object returned from NextAuth in the SignIn callback (https://next-auth.js.org/configuration/callbacks#sign-in-callback) Left side is Keystone side, right is what comes from NextAuth eg: `{ subjectId: 'id', name: 'name' }`
--  accountMap - As Above but for the Account object
--  profileMap - As Above but for the Profile object
--  keystonePath - the path you want to access keystone from your frontend app (if required).
+- listKey - the list for authentication (generally `'User'`). Make sure any required fields are set using the `*Map` fields, see note below.
+- identityField - The field that stores the identity/subjectId in keystone (generally `'subjectId'`). You will need to add this field to your list schema specified by `listKey`. An example can be found [here](./backend/schemas/User.ts).
+- sessionData - Data to be stored in the session ( something like `'id name email'`),
+- autoCreate - boolean to autocreate a user when they log in
+- userMap: `key:value` pairs that define what is copied from the User object returned from NextAuth in the SignIn callback (https://next-auth.js.org/configuration/callbacks#sign-in-callback) Left side is Keystone side, right is what comes from NextAuth eg: `{ subjectId: 'id', name: 'name' }`
+- accountMap - As Above but for the Account object
+- profileMap - As Above but for the Profile object
+- keystonePath - the path you want to access keystone from your frontend app (if required).
 
 Note: The Keystone `create-keystone-app` CLI app (generally run with `yarn create keystone-app`/`npm init keystone-app`) will set a required `password` field on the `User` list. If you've used this to set up your project you will need to modify your list schema to set the field as not required, or remove it entirely if you don't plan to use the default Keystone auth system at all.
 
 ## Contributing
+
 If you want to run this package locally
 After cloning run `yarn install` and either:
+
 - `yarn dev` to run both the frontend and backend or
 - `yarn dev:backend` for just the backend
 

package/dist/declarations/src/pages/NextAuthPage.d.ts

@@ -2,14 +2,14 @@ import { CookiesOptions, EventCallbacks, PagesOptions } from 'next-auth';
 import type { KeystoneListsAPI } from '@keystone-6/core/types';
 import { Provider } from 'next-auth/providers';
 import { JWTOptions } from 'next-auth/jwt';
-export declare type NextAuthTemplateProps = {
+export type NextAuthTemplateProps = {
     autoCreate: boolean;
     identityField: string;
     listKey: string;
     sessionData: string | undefined;
     sessionSecret: string;
 };
-export declare type CoreNextAuthPageProps = {
+export type CoreNextAuthPageProps = {
     cookies?: Partial<CookiesOptions>;
     events?: Partial<EventCallbacks>;
     jwt?: Partial<JWTOptions>;
@@ -23,7 +23,7 @@ export declare type CoreNextAuthPageProps = {
         [key: string]: boolean | string | number;
     }>;
 } & NextAuthTemplateProps;
-export declare type NextAuthPageProps = CoreNextAuthPageProps & {
+export type NextAuthPageProps = CoreNextAuthPageProps & {
     query: KeystoneListsAPI<any>;
 };
 export default function NextAuthPage(props: NextAuthPageProps): any;

package/dist/declarations/src/types/index.d.ts

@@ -1,37 +1,29 @@
-/// <reference types="node" />
-import type { ServerResponse, IncomingMessage } from 'http';
-import type { NextRequest } from 'next/server';
 import { Provider } from 'next-auth/providers';
 import { CookiesOptions, PagesOptions } from 'next-auth';
-import { BaseListTypeInfo, KeystoneConfig, CreateContext } from '@keystone-6/core/types';
-declare type NextAuthResponse = IncomingMessage & NextRequest;
+import { BaseListTypeInfo, KeystoneConfig, KeystoneContext } from '@keystone-6/core/types';
 export declare type AuthSessionStrategy<StoredSessionData> = {
     start: (args: {
-        res: ServerResponse;
         data: any;
-        createContext: CreateContext;
-    }) => Promise<string>;
+        context: KeystoneContext;
+    }) => Promise<unknown>;
     end: (args: {
-        req: IncomingMessage;
-        res: ServerResponse;
-        createContext: CreateContext;
-    }) => Promise<void>;
+        context: KeystoneContext;
+    }) => Promise<unknown>;
     get: (args: {
-        req: NextAuthResponse;
-        createContext: CreateContext;
+        context: KeystoneContext;
     }) => Promise<StoredSessionData | undefined>;
 };
-export declare type NextAuthProviders = Provider[];
-declare type KeytoneOAuthOptions = {
+export type NextAuthProviders = Provider[];
+type KeytoneOAuthOptions = {
     providers: NextAuthProviders;
     pages?: Partial<PagesOptions>;
 };
-declare type NextAuthOptions = {
+type NextAuthOptions = {
     cookies?: Partial<CookiesOptions>;
     resolver: any;
 };
-export declare type KeystoneOAuthConfig = KeystoneConfig & KeytoneOAuthOptions & NextAuthOptions;
-export declare type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
+export type KeystoneOAuthConfig = KeystoneConfig & KeytoneOAuthOptions & NextAuthOptions;
+export type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
     /** Auth Create users in Keystone DB from Auth Provider */
     autoCreate: boolean;
     /** Adds ability to customize cookie options, for example, to facilitate cross-subdomain functionality */
@@ -58,8 +50,8 @@ export declare type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
     /** Next-Auth Session Secret */
     sessionSecret: string;
 };
-export declare type AuthTokenRequestErrorCode = 'IDENTITY_NOT_FOUND' | 'MULTIPLE_IDENTITY_MATCHES';
-export declare type PasswordAuthErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'SECRET_NOT_SET' | 'SECRET_MISMATCH';
-export declare type NextAuthErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'SUBJECT_NOT_FOUND';
-export declare type AuthTokenRedemptionErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'TOKEN_NOT_SET' | 'TOKEN_MISMATCH' | 'TOKEN_EXPIRED' | 'TOKEN_REDEEMED';
+export type AuthTokenRequestErrorCode = 'IDENTITY_NOT_FOUND' | 'MULTIPLE_IDENTITY_MATCHES';
+export type PasswordAuthErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'SECRET_NOT_SET' | 'SECRET_MISMATCH';
+export type NextAuthErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'SUBJECT_NOT_FOUND';
+export type AuthTokenRedemptionErrorCode = AuthTokenRequestErrorCode | 'FAILURE' | 'TOKEN_NOT_SET' | 'TOKEN_MISMATCH' | 'TOKEN_EXPIRED' | 'TOKEN_REDEEMED';
 export {};

package/dist/opensaas-keystone-nextjs-auth.cjs.dev.js

@@ -7,7 +7,7 @@ var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProp
 var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
 var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
 var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
-var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
+var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
 var url = require('url');
 var react = require('next-auth/react');
 var jwt = require('next-auth/jwt');
@@ -39,68 +39,19 @@ function _interopNamespace(e) {
 var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
 var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
 var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
-var _URL__default = /*#__PURE__*/_interopDefault(_URL);
+var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
 var url__default = /*#__PURE__*/_interopDefault(url);
 var cookie__namespace = /*#__PURE__*/_interopNamespace(cookie);
 var ejs__default = /*#__PURE__*/_interopDefault(ejs);
 var _filterInstanceProperty__default = /*#__PURE__*/_interopDefault(_filterInstanceProperty);
 
 const template$1 = `
-const Path = require('path');
-// @ts-ignore
-const withPreconstruct = require('@preconstruct/next');
+const keystoneConfig = require('@keystone-6/core/___internal-do-not-use-will-break-in-patch/admin-ui/next-config').config;
 
-module.exports = withPreconstruct({
-  typescript: {
-    ignoreBuildErrors: true,
-  },
-  env: {
-    NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/auth',
-  },
-  eslint: {
-    ignoreDuringBuilds: true,
-  },
-  webpack(config, { isServer }) {
-    config.resolve.alias = {
-      ...config.resolve.alias,
-      react: Path.dirname(require.resolve('react/package.json')),
-      'react-dom': Path.dirname(require.resolve('react-dom/package.json')),
-      '@keystone-6/core': Path.dirname(
-        require.resolve('@keystone-6/core/package.json')
-      ),
-    };
-    if (isServer) {
-      config.externals = [
-        ...config.externals, 
-        /@keystone-6\\/core(?!\\/___internal-do-not-use-will-break-in-patch\\/admin-ui\\/id-field-view|\\/fields\\/types\\/[^\\/]+\\/views)/,
-        /.prisma\\/client/
-      ];
-    // we need to set these to true so that when __dirname/__filename is used
-    // to resolve the location of field views, we will get a path that we can use
-    // rather than just the __dirname/__filename of the generated file.
-    // https://webpack.js.org/configuration/node/#node__filename
-    (_config$node = config.node) !== null && _config$node !== void 0 ? _config$node : config.node = {};
-    config.node.__dirname = true;
-    config.node.__filename = true;
-    }
-    return config;
-  },
-  <% if (keystonePath) { %>
-    <% if (process.env.NODE_ENV != 'production') { %> 
-  async rewrites() {
-    return [
-      {
-        source: '/api/__keystone_api_build',
-        destination: 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/__keystone_api_build',
-        basePath: false
-      }
-    ];
-  },
-  <% }%>
-  basePath: '<%= keystonePath || '' %>'
-  <% } %>
-});
-`;
+module.exports = {
+    ...keystoneConfig,
+    basePath: '<%= keystonePath || '' %>'
+};`;
 const nextConfigTemplate = _ref => {
   let {
     keystonePath
@@ -124,17 +75,14 @@ function getBaseAuthSchema(_ref) {
           types: [base.object(listKey)],
           resolveType: (root, context) => {
             var _context$session;
-
             return (_context$session = context.session) === null || _context$session === void 0 ? void 0 : _context$session.listKey;
           }
         }),
-
         resolve(root, args, _ref2) {
           let {
             session,
             db
           } = _ref2;
-
           if (typeof (session === null || session === void 0 ? void 0 : session.itemId) === 'string' && typeof session.listKey === 'string') {
             return db[session.listKey].findOne({
               where: {
@@ -142,10 +90,8 @@ function getBaseAuthSchema(_ref) {
               }
             });
           }
-
           return null;
         }
-
       })
     }
   };
@@ -160,7 +106,6 @@ const getSchemaExtension = _ref => {
   } = _ref;
   return core.graphql.extend(base => {
     var _context;
-
     const baseSchema = getBaseAuthSchema({
       listKey,
       base
@@ -210,6 +155,7 @@ const authTemplate = _ref => {
 };
 
 const _excluded = ["get", "end"];
+
 /**
  * createAuth function
  *
@@ -233,6 +179,7 @@ function createAuth(_ref) {
   // part of the createAuth API (in which case its use cases need to be documented and tested)
   // or whether always being true is what we want, in which case we can refactor our code
   // to match this. -TL
+
   const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
   /**
    * pageMiddleware
@@ -244,40 +191,25 @@ function createAuth(_ref) {
    *  - to the init page when initFirstItem is configured, and there are no user in the database
    *  - to the signin page when no valid session is present
    */
-
-  const pageMiddleware = async _ref2 => {
+  const authMiddleware = async _ref2 => {
     let {
       context,
-      isValidSession
+      wasAccessAllowed
     } = _ref2;
     const {
       req,
       session
     } = context;
     const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
-
-    if (isValidSession) {
-      if (pathname === `${customPath}/api/auth/signin` || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn)) {
-        return {
-          kind: 'redirect',
-          to: `${customPath}`
-        };
-      }
-
+    if (wasAccessAllowed) {
       if (customPath !== '' && pathname === '/') {
         return {
           kind: 'redirect',
           to: `${customPath}`
         };
       }
-
       return;
     }
-
-    if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/') || _includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth/') || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
-      return;
-    }
-
     if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
       return {
         kind: 'redirect',
@@ -285,17 +217,16 @@ function createAuth(_ref) {
       };
     }
   };
+
   /**
-   * getAdditionalFiles
+   * authGetAdditionalFiles
    *
    * This function adds files to be generated into the Admin UI build. Must be added to the
    * ui.getAdditionalFiles config.
    *
    * The signin page is always included, and the init page is included when initFirstItem is set
    */
-
-
-  const getAdditionalFiles = () => {
+  const authGetAdditionalFiles = () => {
     const filesToWrite = [{
       mode: 'write',
       outputPath: 'pages/api/auth/[...nextauth].js',
@@ -315,102 +246,91 @@ function createAuth(_ref) {
     }];
     return filesToWrite;
   };
+
   /**
    * publicAuthPages
    *
    * Must be added to the ui.publicPages config
    */
-
-
-  const publicPages = [`${customPath}/api/__keystone_api_build`, `${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
+  const authPublicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`];
+  // TODO: Add Provider Types
   // @ts-ignore
-
   function addPages(provider) {
     const name = provider.id;
-    publicPages.push(`${customPath}/api/auth/signin/${name}`);
-    publicPages.push(`${customPath}/api/auth/callback/${name}`);
+    authPublicPages.push(`${customPath}/api/auth/signin/${name}`);
+    authPublicPages.push(`${customPath}/api/auth/callback/${name}`);
   }
-
   _mapInstanceProperty__default["default"](providers).call(providers, addPages);
+
   /**
    * extendGraphqlSchema
    *
    * Must be added to the extendGraphqlSchema config. Can be composed.
    */
-
-
   const extendGraphqlSchema = getSchemaExtension({
     identityField,
     listKey
   });
+
   /**
    * validateConfig
    *
    * Validates the provided auth config; optional step when integrating auth
    */
-
   const validateConfig = keystoneConfig => {
     const listConfig = keystoneConfig.lists[listKey];
-
     if (listConfig === undefined) {
       const msg = `A createAuth() invocation specifies the list "${listKey}" but no list with that key has been defined.`;
       throw new Error(msg);
-    } // TODO: Check if providers
+    }
+
+    // TODO: Check if providers
     // TODO: Check other required commands/data
+
     // TODO: Check for String-like typing for identityField? How?
     // TODO: Validate that the identifyField is unique.
     // TODO: If this field isn't required, what happens if I try to log in as `null`?
-
-
     const identityFieldConfig = listConfig.fields[identityField];
-
     if (identityFieldConfig === undefined) {
       const identityFieldName = _JSON$stringify__default["default"](identityField);
-
       const msg = `A createAuth() invocation for the "${listKey}" list specifies ${identityFieldName} as its identityField but no field with that key exists on the list.`;
       throw new Error(msg);
     }
   };
+
   /**
    * withItemData
    *
    * Automatically injects a session.data value with the authenticated item
    */
-
   /* TODO:
   - [ ] We could support additional where input to validate item sessions (e.g an isEnabled boolean)
   */
-
-
   const withItemData = _sessionStrategy => {
     const {
-      get,
-      end
-    } = _sessionStrategy,
-          sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
-
+        get,
+        end
+      } = _sessionStrategy,
+      sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
     return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
       get: async _ref3 => {
         var _req$headers, _req$headers$authoriz;
-
         let {
-          req,
-          createContext
+          context
         } = _ref3;
+        const {
+          req
+        } = context;
         const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
         let nextSession;
-
+        if (!req) return;
         if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth')) {
           return;
         }
-
-        const sudoContext = createContext({
-          sudo: true
-        });
-
+        const sudoContext = context.sudo();
         if (((_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : (_req$headers$authoriz = _req$headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
           nextSession = await jwt.getToken({
-            req,
+            req: req,
             secret: sessionSecret
           });
         } else {
@@ -418,11 +338,9 @@ function createAuth(_ref) {
             req
           });
         }
-
         if (!nextSession || !nextSession.listKey || nextSession.listKey !== listKey || !nextSession.itemId || !sudoContext.query[listKey] || !nextSession.itemId) {
           return;
         }
-
         const reqWithUser = req;
         reqWithUser.user = {
           istKey: nextSession.listKey,
@@ -430,8 +348,7 @@ function createAuth(_ref) {
           data: nextSession.data
         };
         const userSession = await get({
-          req: reqWithUser,
-          createContext
+          context
         });
         return _objectSpread(_objectSpread(_objectSpread({}, userSession), nextSession), {}, {
           data: nextSession.data,
@@ -441,16 +358,17 @@ function createAuth(_ref) {
       },
       end: async _ref4 => {
         let {
-          res,
-          req,
-          createContext
+          context
         } = _ref4;
         await end({
-          res,
-          req,
-          createContext
+          context
         });
         const TOKEN_NAME = process.env.NODE_ENV === 'production' ? '__Secure-next-auth.session-token' : 'next-auth.session-token';
+        const {
+          req,
+          res
+        } = context;
+        if (!req || !res) return;
         res.setHeader('Set-Cookie', cookie__namespace.serialize(TOKEN_NAME, '', {
           maxAge: 0,
           expires: new Date(),
@@ -464,6 +382,12 @@ function createAuth(_ref) {
       }
     });
   };
+  function defaultIsAccessAllowed(_ref5) {
+    let {
+      session
+    } = _ref5;
+    return session !== undefined;
+  }
   /**
    * withAuth
    *
@@ -474,47 +398,37 @@ function createAuth(_ref) {
    * It validates the auth config against the provided keystone config, and preserves existing
    * config by composing existing extendGraphqlSchema functions and ui config.
    */
-
-
   const withAuth = keystoneConfig => {
+    var _ui;
     validateConfig(keystoneConfig);
     let {
       ui
     } = keystoneConfig;
-
-    if (keystoneConfig.ui) {
-      var _keystoneConfig$ui;
-
-      ui = _objectSpread(_objectSpread({}, keystoneConfig.ui), {}, {
-        publicPages: [...(keystoneConfig.ui.publicPages || []), ...publicPages],
-        getAdditionalFiles: [...(((_keystoneConfig$ui = keystoneConfig.ui) === null || _keystoneConfig$ui === void 0 ? void 0 : _keystoneConfig$ui.getAdditionalFiles) || []), getAdditionalFiles],
-        pageMiddleware: async args => {
-          var _keystoneConfig$ui2, _keystoneConfig$ui2$p;
-
-          return (await pageMiddleware(args)) ?? (keystoneConfig === null || keystoneConfig === void 0 ? void 0 : (_keystoneConfig$ui2 = keystoneConfig.ui) === null || _keystoneConfig$ui2 === void 0 ? void 0 : (_keystoneConfig$ui2$p = _keystoneConfig$ui2.pageMiddleware) === null || _keystoneConfig$ui2$p === void 0 ? void 0 : _keystoneConfig$ui2$p.call(_keystoneConfig$ui2, args));
-        },
+    if (!((_ui = ui) !== null && _ui !== void 0 && _ui.isDisabled)) {
+      const {
+        getAdditionalFiles = [],
+        isAccessAllowed = defaultIsAccessAllowed,
+        pageMiddleware,
+        publicPages = []
+      } = ui || {};
+      ui = _objectSpread(_objectSpread({}, ui), {}, {
+        publicPages: [...publicPages, ...authPublicPages],
         isAccessAllowed: async context => {
-          var _context$req, _keystoneConfig$ui3;
-
-          const {
-            req
-          } = context;
-          const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
-
-          if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/')) {
-            return true;
-          } // Allow keystone to access /api/__keystone_api_build for hot reloading
-
-
-          if (process.env.NODE_ENV !== 'production' && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL__default["default"](context.req.url, 'http://example.com').pathname === `${customPath}/api/__keystone_api_build`) {
+          var _context$req;
+          const pathname = url__default["default"].parse((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url).pathname;
+          if (_startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/_next`) || _startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/__next`) || _startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`) || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
             return true;
           }
-
-          return (_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined;
+          return await isAccessAllowed(context);
+        },
+        getAdditionalFiles: [...getAdditionalFiles, authGetAdditionalFiles],
+        pageMiddleware: async args => {
+          const shouldRedirect = await authMiddleware(args);
+          if (shouldRedirect) return shouldRedirect;
+          return pageMiddleware === null || pageMiddleware === void 0 ? void 0 : pageMiddleware(args);
         }
       });
     }
-
     if (!keystoneConfig.session) throw new TypeError('Missing .session configuration');
     const session = withItemData(keystoneConfig.session);
     const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
@@ -529,16 +443,15 @@ function createAuth(_ref) {
       extendGraphqlSchema: existingExtendGraphQLSchema ? schema => existingExtendGraphQLSchema(extendGraphqlSchema(schema)) : extendGraphqlSchema
     });
   };
-
   return {
-    withAuth // In the future we may want to return the following so that developers can
+    withAuth
+    // In the future we may want to return the following so that developers can
     // roll their own. This is pending a review of the use cases this might be
     // appropriate for, along with documentation and testing.
     // ui: { enableSessionItem: true, pageMiddleware, getAdditionalFiles, publicPages },
     // fields,
     // extendGraphqlSchema,
     // validateConfig,
-
   };
 }