@pylonsync/sdk 0.3.29 → 0.3.31
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/index.ts +14 -0
- package/src/studio.ts +16 -0
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -510,6 +510,18 @@ export type AuthConfig = {
|
|
|
510
510
|
expose?: string[];
|
|
511
511
|
/** Additional fields stripped (combined with default `passwordHash` + `_*`). */
|
|
512
512
|
hide?: string[];
|
|
513
|
+
/**
|
|
514
|
+
* Field on the User row that, when truthy, lifts the session's
|
|
515
|
+
* `auth.is_admin = true`. Examples: `"isAdmin"` (bool column),
|
|
516
|
+
* `"role"` (string equal to "admin"), `"roles"` (array containing
|
|
517
|
+
* "admin"). Default unset — only `PYLON_ADMIN_TOKEN` grants admin.
|
|
518
|
+
*
|
|
519
|
+
* Set this when you want platform admins to sign in with their
|
|
520
|
+
* regular account (Studio gates on `is_admin`, dashboards can
|
|
521
|
+
* branch on it, etc.). The env-token path keeps working as the
|
|
522
|
+
* bootstrap / CI escape hatch.
|
|
523
|
+
*/
|
|
524
|
+
adminField?: string;
|
|
513
525
|
};
|
|
514
526
|
session?: {
|
|
515
527
|
/** New session lifetime in seconds. Default 30 days. */
|
|
@@ -532,6 +544,7 @@ export type ManifestAuthConfig = {
|
|
|
532
544
|
entity: string;
|
|
533
545
|
expose: string[];
|
|
534
546
|
hide: string[];
|
|
547
|
+
admin_field?: string;
|
|
535
548
|
};
|
|
536
549
|
session: {
|
|
537
550
|
expires_in: number;
|
|
@@ -557,6 +570,7 @@ export function auth(cfg: AuthConfig = {}): ManifestAuthConfig {
|
|
|
557
570
|
entity: cfg.user?.entity ?? "User",
|
|
558
571
|
expose: cfg.user?.expose ?? [],
|
|
559
572
|
hide: cfg.user?.hide ?? [],
|
|
573
|
+
...(cfg.user?.adminField ? { admin_field: cfg.user.adminField } : {}),
|
|
560
574
|
},
|
|
561
575
|
session: {
|
|
562
576
|
expires_in: cfg.session?.expiresIn ?? 30 * 24 * 60 * 60,
|
package/src/studio.ts
CHANGED
|
@@ -349,6 +349,22 @@ export interface StudioConfig {
|
|
|
349
349
|
* present in the project, so users rarely set it explicitly.
|
|
350
350
|
*/
|
|
351
351
|
hasExtensions?: boolean;
|
|
352
|
+
/**
|
|
353
|
+
* URL to send unauthenticated callers to when they hit `/studio`.
|
|
354
|
+
* Lets a host app (Pylon Cloud, an enterprise dashboard) point the
|
|
355
|
+
* Studio gate at its own email/password login page instead of the
|
|
356
|
+
* built-in `/studio/login` admin-token form.
|
|
357
|
+
*
|
|
358
|
+
* The framework appends `?next=/studio` so the host app can redirect
|
|
359
|
+
* back after sign-in. Authenticated-but-not-admin users still see
|
|
360
|
+
* the framework's "access denied" page (no point sending them back
|
|
361
|
+
* to a login they're already past).
|
|
362
|
+
*
|
|
363
|
+
* Example: `loginUrl: "/login"` — cloud.pylonsync.com handles `/login`
|
|
364
|
+
* at the dashboard, and the user's existing session cookie lifts
|
|
365
|
+
* them to admin via `auth.user.adminField` on the way back.
|
|
366
|
+
*/
|
|
367
|
+
loginUrl?: string;
|
|
352
368
|
}
|
|
353
369
|
|
|
354
370
|
/**
|