npm - @opensaas/keystone-nextjs-auth - Versions diffs - 26.0.0 → 27.1.0 - Mend

@opensaas/keystone-nextjs-auth 26.0.0 → 27.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/opensaas-keystone-nextjs-auth.cjs.prod.js CHANGED Viewed

@@ -9,6 +9,7 @@ var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instan
 var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
 var _startsWithInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/starts-with');
 var url = require('url');
+var path = require('path');
 var react = require('next-auth/react');
 var jwt = require('next-auth/jwt');
 var cookie = require('cookie');
@@ -41,6 +42,7 @@ var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstancePro
 var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
 var _startsWithInstanceProperty__default = /*#__PURE__*/_interopDefault(_startsWithInstanceProperty);
 var url__default = /*#__PURE__*/_interopDefault(url);
+var path__default = /*#__PURE__*/_interopDefault(path);
 var cookie__namespace = /*#__PURE__*/_interopNamespace(cookie);
 var ejs__default = /*#__PURE__*/_interopDefault(ejs);
 var _filterInstanceProperty__default = /*#__PURE__*/_interopDefault(_filterInstanceProperty);
@@ -75,17 +77,14 @@ function getBaseAuthSchema(_ref) {
           types: [base.object(listKey)],
           resolveType: (root, context) => {
             var _context$session;
             return (_context$session = context.session) === null || _context$session === void 0 ? void 0 : _context$session.listKey;
           }
         }),
         resolve(root, args, _ref2) {
           let {
             session,
             db
           } = _ref2;
           if (typeof (session === null || session === void 0 ? void 0 : session.itemId) === 'string' && typeof session.listKey === 'string') {
             return db[session.listKey].findOne({
               where: {
@@ -93,10 +92,8 @@ function getBaseAuthSchema(_ref) {
               }
             });
           }
           return null;
         }
       })
     }
   };
@@ -111,7 +108,6 @@ const getSchemaExtension = _ref => {
   } = _ref;
   return core.graphql.extend(base => {
     var _context;
     const baseSchema = getBaseAuthSchema({
       listKey,
       base
@@ -124,7 +120,7 @@ const template = `
 import { getContext } from '@keystone-6/core/context';
 import getNextAuthPage from '@opensaas/keystone-nextjs-auth/pages/NextAuthPage';
 import keystoneConfig from '../../../../../keystone';
-import * as PrismaModule from '.prisma/client';
+import * as PrismaModule from '<%= prismaClientPath %>';
 const keystoneQueryAPI = global.keystoneQueryAPI || getContext(keystoneConfig, PrismaModule).sudo().query;
@@ -148,19 +144,22 @@ const authTemplate = _ref => {
     identityField,
     listKey,
     sessionData,
-    sessionSecret
+    sessionSecret,
+    prismaClientPath
   } = _ref;
   const authOut = ejs__default["default"].render(template, {
     identityField,
     sessionData,
     listKey,
     autoCreate,
-    sessionSecret
+    sessionSecret,
+    prismaClientPath
   });
   return authOut;
 };
 const _excluded = ["get", "end"];
 /**
  * createAuth function
  *
@@ -184,6 +183,7 @@ function createAuth(_ref) {
   // part of the createAuth API (in which case its use cases need to be documented and tested)
   // or whether always being true is what we want, in which case we can refactor our code
   // to match this. -TL
   const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
   /**
    * pageMiddleware
@@ -195,36 +195,32 @@ function createAuth(_ref) {
    *  - to the init page when initFirstItem is configured, and there are no user in the database
    *  - to the signin page when no valid session is present
    */
   const authMiddleware = async _ref2 => {
     let {
       context,
-      isValidSession
+      wasAccessAllowed
     } = _ref2;
     const {
-      req,
-      session
+      req
     } = context;
     const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
-    if (isValidSession) {
+    if (wasAccessAllowed) {
       if (customPath !== '' && pathname === '/') {
         return {
           kind: 'redirect',
           to: `${customPath}`
         };
       }
       return;
     }
-    if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
+    if (!wasAccessAllowed && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`)) {
       return {
         kind: 'redirect',
         to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
       };
     }
   };
   /**
    * authGetAdditionalFiles
    *
@@ -233,9 +229,8 @@ function createAuth(_ref) {
    *
    * The signin page is always included, and the init page is included when initFirstItem is set
    */
-  const authGetAdditionalFiles = () => {
+  const authGetAdditionalFiles = config => {
+    const prismaClientPath = config.db.prismaClientPath ? path__default["default"].join('../../../../../', config.db.prismaClientPath) : '@prisma/client';
     const filesToWrite = [{
       mode: 'write',
       outputPath: 'pages/api/auth/[...nextauth].js',
@@ -244,7 +239,8 @@ function createAuth(_ref) {
         identityField,
         listKey,
         sessionData,
-        sessionSecret
+        sessionSecret,
+        prismaClientPath
       })
     }, {
       mode: 'write',
@@ -255,84 +251,75 @@ function createAuth(_ref) {
     }];
     return filesToWrite;
   };
   /**
    * publicAuthPages
    *
    * Must be added to the ui.publicPages config
    */
-  const authPublicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
+  const authPublicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`];
+  // TODO: Add Provider Types
   // @ts-ignore
   function addPages(provider) {
     const name = provider.id;
     authPublicPages.push(`${customPath}/api/auth/signin/${name}`);
     authPublicPages.push(`${customPath}/api/auth/callback/${name}`);
   }
   _mapInstanceProperty__default["default"](providers).call(providers, addPages);
   /**
    * extendGraphqlSchema
    *
    * Must be added to the extendGraphqlSchema config. Can be composed.
    */
   const extendGraphqlSchema = getSchemaExtension({
     identityField,
     listKey
   });
   /**
    * validateConfig
    *
    * Validates the provided auth config; optional step when integrating auth
    */
   const validateConfig = keystoneConfig => {
     const listConfig = keystoneConfig.lists[listKey];
     if (listConfig === undefined) {
       const msg = `A createAuth() invocation specifies the list "${listKey}" but no list with that key has been defined.`;
       throw new Error(msg);
-    } // TODO: Check if providers
+    }
+    // TODO: Check if providers
     // TODO: Check other required commands/data
     // TODO: Check for String-like typing for identityField? How?
     // TODO: Validate that the identifyField is unique.
     // TODO: If this field isn't required, what happens if I try to log in as `null`?
     const identityFieldConfig = listConfig.fields[identityField];
     if (identityFieldConfig === undefined) {
       const identityFieldName = _JSON$stringify__default["default"](identityField);
       const msg = `A createAuth() invocation for the "${listKey}" list specifies ${identityFieldName} as its identityField but no field with that key exists on the list.`;
       throw new Error(msg);
     }
   };
   /**
    * withItemData
    *
    * Automatically injects a session.data value with the authenticated item
    */
   /* TODO:
   - [ ] We could support additional where input to validate item sessions (e.g an isEnabled boolean)
   */
   const withItemData = _sessionStrategy => {
     const {
-      get,
-      end
-    } = _sessionStrategy,
-          sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
+        get,
+        end
+      } = _sessionStrategy,
+      sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
     return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
       get: async _ref3 => {
         var _req$headers, _req$headers$authoriz;
         let {
           context
         } = _ref3;
@@ -342,13 +329,10 @@ function createAuth(_ref) {
         const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
         let nextSession;
         if (!req) return;
         if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth')) {
           return;
         }
         const sudoContext = context.sudo();
         if (((_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : (_req$headers$authoriz = _req$headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
           nextSession = await jwt.getToken({
             req: req,
@@ -359,11 +343,9 @@ function createAuth(_ref) {
             req
           });
         }
         if (!nextSession || !nextSession.listKey || nextSession.listKey !== listKey || !nextSession.itemId || !sudoContext.query[listKey] || !nextSession.itemId) {
           return;
         }
         const reqWithUser = req;
         reqWithUser.user = {
           istKey: nextSession.listKey,
@@ -405,7 +387,6 @@ function createAuth(_ref) {
       }
     });
   };
   function defaultIsAccessAllowed(_ref5) {
     let {
       session
@@ -422,16 +403,12 @@ function createAuth(_ref) {
    * It validates the auth config against the provided keystone config, and preserves existing
    * config by composing existing extendGraphqlSchema functions and ui config.
    */
   const withAuth = keystoneConfig => {
     var _ui;
     validateConfig(keystoneConfig);
     let {
       ui
     } = keystoneConfig;
     if (!((_ui = ui) !== null && _ui !== void 0 && _ui.isDisabled)) {
       const {
         getAdditionalFiles = [],
@@ -443,13 +420,10 @@ function createAuth(_ref) {
         publicPages: [...publicPages, ...authPublicPages],
         isAccessAllowed: async context => {
           var _context$req;
           const pathname = url__default["default"].parse((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url).pathname;
           if (_startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/_next`) || _startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/__next`) || _startsWithInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`) || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty__default["default"](pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
             return true;
           }
           return await isAccessAllowed(context);
         },
         getAdditionalFiles: [...getAdditionalFiles, authGetAdditionalFiles],
@@ -460,7 +434,6 @@ function createAuth(_ref) {
         }
       });
     }
     if (!keystoneConfig.session) throw new TypeError('Missing .session configuration');
     const session = withItemData(keystoneConfig.session);
     const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
@@ -475,16 +448,15 @@ function createAuth(_ref) {
       extendGraphqlSchema: existingExtendGraphQLSchema ? schema => existingExtendGraphQLSchema(extendGraphqlSchema(schema)) : extendGraphqlSchema
     });
   };
   return {
-    withAuth // In the future we may want to return the following so that developers can
+    withAuth
+    // In the future we may want to return the following so that developers can
     // roll their own. This is pending a review of the use cases this might be
     // appropriate for, along with documentation and testing.
     // ui: { enableSessionItem: true, pageMiddleware, getAdditionalFiles, publicPages },
     // fields,
     // extendGraphqlSchema,
     // validateConfig,
   };
 }

package/dist/opensaas-keystone-nextjs-auth.esm.js CHANGED Viewed

@@ -5,6 +5,7 @@ import _mapInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance
 import _JSON$stringify from '@babel/runtime-corejs3/core-js-stable/json/stringify';
 import _startsWithInstanceProperty from '@babel/runtime-corejs3/core-js-stable/instance/starts-with';
 import url from 'url';
+import path from 'path';
 import { getSession } from 'next-auth/react';
 import { getToken } from 'next-auth/jwt';
 import * as cookie from 'cookie';
@@ -42,17 +43,14 @@ function getBaseAuthSchema(_ref) {
           types: [base.object(listKey)],
           resolveType: (root, context) => {
             var _context$session;
             return (_context$session = context.session) === null || _context$session === void 0 ? void 0 : _context$session.listKey;
           }
         }),
         resolve(root, args, _ref2) {
           let {
             session,
             db
           } = _ref2;
           if (typeof (session === null || session === void 0 ? void 0 : session.itemId) === 'string' && typeof session.listKey === 'string') {
             return db[session.listKey].findOne({
               where: {
@@ -60,10 +58,8 @@ function getBaseAuthSchema(_ref) {
               }
             });
           }
           return null;
         }
       })
     }
   };
@@ -78,7 +74,6 @@ const getSchemaExtension = _ref => {
   } = _ref;
   return graphql.extend(base => {
     var _context;
     const baseSchema = getBaseAuthSchema({
       listKey,
       base
@@ -91,7 +86,7 @@ const template = `
 import { getContext } from '@keystone-6/core/context';
 import getNextAuthPage from '@opensaas/keystone-nextjs-auth/pages/NextAuthPage';
 import keystoneConfig from '../../../../../keystone';
-import * as PrismaModule from '.prisma/client';
+import * as PrismaModule from '<%= prismaClientPath %>';
 const keystoneQueryAPI = global.keystoneQueryAPI || getContext(keystoneConfig, PrismaModule).sudo().query;
@@ -115,19 +110,22 @@ const authTemplate = _ref => {
     identityField,
     listKey,
     sessionData,
-    sessionSecret
+    sessionSecret,
+    prismaClientPath
   } = _ref;
   const authOut = ejs.render(template, {
     identityField,
     sessionData,
     listKey,
     autoCreate,
-    sessionSecret
+    sessionSecret,
+    prismaClientPath
   });
   return authOut;
 };
 const _excluded = ["get", "end"];
 /**
  * createAuth function
  *
@@ -151,6 +149,7 @@ function createAuth(_ref) {
   // part of the createAuth API (in which case its use cases need to be documented and tested)
   // or whether always being true is what we want, in which case we can refactor our code
   // to match this. -TL
   const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
   /**
    * pageMiddleware
@@ -162,36 +161,32 @@ function createAuth(_ref) {
    *  - to the init page when initFirstItem is configured, and there are no user in the database
    *  - to the signin page when no valid session is present
    */
   const authMiddleware = async _ref2 => {
     let {
       context,
-      isValidSession
+      wasAccessAllowed
     } = _ref2;
     const {
-      req,
-      session
+      req
     } = context;
     const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname;
-    if (isValidSession) {
+    if (wasAccessAllowed) {
       if (customPath !== '' && pathname === '/') {
         return {
           kind: 'redirect',
           to: `${customPath}`
         };
       }
       return;
     }
-    if (!session && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`)) {
+    if (!wasAccessAllowed && !_includesInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`)) {
       return {
         kind: 'redirect',
         to: (pages === null || pages === void 0 ? void 0 : pages.signIn) || `${customPath}/api/auth/signin`
       };
     }
   };
   /**
    * authGetAdditionalFiles
    *
@@ -200,9 +195,8 @@ function createAuth(_ref) {
    *
    * The signin page is always included, and the init page is included when initFirstItem is set
    */
-  const authGetAdditionalFiles = () => {
+  const authGetAdditionalFiles = config => {
+    const prismaClientPath = config.db.prismaClientPath ? path.join('../../../../../', config.db.prismaClientPath) : '@prisma/client';
     const filesToWrite = [{
       mode: 'write',
       outputPath: 'pages/api/auth/[...nextauth].js',
@@ -211,7 +205,8 @@ function createAuth(_ref) {
         identityField,
         listKey,
         sessionData,
-        sessionSecret
+        sessionSecret,
+        prismaClientPath
       })
     }, {
       mode: 'write',
@@ -222,84 +217,75 @@ function createAuth(_ref) {
     }];
     return filesToWrite;
   };
   /**
    * publicAuthPages
    *
    * Must be added to the ui.publicPages config
    */
-  const authPublicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
+  const authPublicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`];
+  // TODO: Add Provider Types
   // @ts-ignore
   function addPages(provider) {
     const name = provider.id;
     authPublicPages.push(`${customPath}/api/auth/signin/${name}`);
     authPublicPages.push(`${customPath}/api/auth/callback/${name}`);
   }
   _mapInstanceProperty(providers).call(providers, addPages);
   /**
    * extendGraphqlSchema
    *
    * Must be added to the extendGraphqlSchema config. Can be composed.
    */
   const extendGraphqlSchema = getSchemaExtension({
     identityField,
     listKey
   });
   /**
    * validateConfig
    *
    * Validates the provided auth config; optional step when integrating auth
    */
   const validateConfig = keystoneConfig => {
     const listConfig = keystoneConfig.lists[listKey];
     if (listConfig === undefined) {
       const msg = `A createAuth() invocation specifies the list "${listKey}" but no list with that key has been defined.`;
       throw new Error(msg);
-    } // TODO: Check if providers
+    }
+    // TODO: Check if providers
     // TODO: Check other required commands/data
     // TODO: Check for String-like typing for identityField? How?
     // TODO: Validate that the identifyField is unique.
     // TODO: If this field isn't required, what happens if I try to log in as `null`?
     const identityFieldConfig = listConfig.fields[identityField];
     if (identityFieldConfig === undefined) {
       const identityFieldName = _JSON$stringify(identityField);
       const msg = `A createAuth() invocation for the "${listKey}" list specifies ${identityFieldName} as its identityField but no field with that key exists on the list.`;
       throw new Error(msg);
     }
   };
   /**
    * withItemData
    *
    * Automatically injects a session.data value with the authenticated item
    */
   /* TODO:
   - [ ] We could support additional where input to validate item sessions (e.g an isEnabled boolean)
   */
   const withItemData = _sessionStrategy => {
     const {
-      get,
-      end
-    } = _sessionStrategy,
-          sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
+        get,
+        end
+      } = _sessionStrategy,
+      sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
     return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
       get: async _ref3 => {
         var _req$headers, _req$headers$authoriz;
         let {
           context
         } = _ref3;
@@ -309,13 +295,10 @@ function createAuth(_ref) {
         const pathname = url.parse(req === null || req === void 0 ? void 0 : req.url).pathname;
         let nextSession;
         if (!req) return;
         if (_includesInstanceProperty(pathname).call(pathname, '/api/auth')) {
           return;
         }
         const sudoContext = context.sudo();
         if (((_req$headers = req.headers) === null || _req$headers === void 0 ? void 0 : (_req$headers$authoriz = _req$headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
           nextSession = await getToken({
             req: req,
@@ -326,11 +309,9 @@ function createAuth(_ref) {
             req
           });
         }
         if (!nextSession || !nextSession.listKey || nextSession.listKey !== listKey || !nextSession.itemId || !sudoContext.query[listKey] || !nextSession.itemId) {
           return;
         }
         const reqWithUser = req;
         reqWithUser.user = {
           istKey: nextSession.listKey,
@@ -372,7 +353,6 @@ function createAuth(_ref) {
       }
     });
   };
   function defaultIsAccessAllowed(_ref5) {
     let {
       session
@@ -389,16 +369,12 @@ function createAuth(_ref) {
    * It validates the auth config against the provided keystone config, and preserves existing
    * config by composing existing extendGraphqlSchema functions and ui config.
    */
   const withAuth = keystoneConfig => {
     var _ui;
     validateConfig(keystoneConfig);
     let {
       ui
     } = keystoneConfig;
     if (!((_ui = ui) !== null && _ui !== void 0 && _ui.isDisabled)) {
       const {
         getAdditionalFiles = [],
@@ -410,13 +386,10 @@ function createAuth(_ref) {
         publicPages: [...publicPages, ...authPublicPages],
         isAccessAllowed: async context => {
           var _context$req;
           const pathname = url.parse((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url).pathname;
           if (_startsWithInstanceProperty(pathname).call(pathname, `${customPath}/_next`) || _startsWithInstanceProperty(pathname).call(pathname, `${customPath}/__next`) || _startsWithInstanceProperty(pathname).call(pathname, `${customPath}/api/auth/`) || pages !== null && pages !== void 0 && pages.signIn && _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signIn) || pages !== null && pages !== void 0 && pages.error && _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.error) || pages !== null && pages !== void 0 && pages.signOut && _includesInstanceProperty(pathname).call(pathname, pages === null || pages === void 0 ? void 0 : pages.signOut)) {
             return true;
           }
           return await isAccessAllowed(context);
         },
         getAdditionalFiles: [...getAdditionalFiles, authGetAdditionalFiles],
@@ -427,7 +400,6 @@ function createAuth(_ref) {
         }
       });
     }
     if (!keystoneConfig.session) throw new TypeError('Missing .session configuration');
     const session = withItemData(keystoneConfig.session);
     const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
@@ -442,16 +414,15 @@ function createAuth(_ref) {
       extendGraphqlSchema: existingExtendGraphQLSchema ? schema => existingExtendGraphQLSchema(extendGraphqlSchema(schema)) : extendGraphqlSchema
     });
   };
   return {
-    withAuth // In the future we may want to return the following so that developers can
+    withAuth
+    // In the future we may want to return the following so that developers can
     // roll their own. This is pending a review of the use cases this might be
     // appropriate for, along with documentation and testing.
     // ui: { enableSessionItem: true, pageMiddleware, getAdditionalFiles, publicPages },
     // fields,
     // extendGraphqlSchema,
     // validateConfig,
   };
 }