@revealui/auth 0.3.6 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +5 -3
- package/package.json +11 -6
package/README.md
CHANGED
|
@@ -106,7 +106,7 @@ pnpm test
|
|
|
106
106
|
|
|
107
107
|
## Related
|
|
108
108
|
|
|
109
|
-
- [Core Package](../core/README.md) —
|
|
109
|
+
- [Core Package](../core/README.md) — Runtime engine (uses auth for access control)
|
|
110
110
|
- [DB Package](../db/README.md) — Database schema (sessions, users, rate_limits tables)
|
|
111
111
|
- [Auth Guide](../../docs/AUTH.md) — Architecture, usage patterns, and security design
|
|
112
112
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAQ,MAAM,aAAa,CAAC;AASpE;;;;;;;GAOG;AACH,wBAAsB,MAAM,CAC1B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IACR,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACA,OAAO,CAAC,YAAY,CAAC,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAQ,MAAM,aAAa,CAAC;AASpE;;;;;;;GAOG;AACH,wBAAsB,MAAM,CAC1B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IACR,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GACA,OAAO,CAAC,YAAY,CAAC,CAuKvB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAiBtD;AAED;;;;;;;;GAQG;AACH,wBAAsB,MAAM,CAC1B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;IACR,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,IAAI,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GACA,OAAO,CAAC,YAAY,CAAC,CAsLvB"}
|
package/dist/server/auth.js
CHANGED
|
@@ -12,7 +12,7 @@ import { and, eq, isNull } from 'drizzle-orm';
|
|
|
12
12
|
import { clearFailedAttempts, isAccountLocked, recordFailedAttempt } from './brute-force.js';
|
|
13
13
|
import { validatePasswordStrength } from './password-validation.js';
|
|
14
14
|
import { checkRateLimit } from './rate-limit.js';
|
|
15
|
-
import { createSession } from './session.js';
|
|
15
|
+
import { createSession, rotateSession } from './session.js';
|
|
16
16
|
/** Grace period after signup during which unverified users can still sign in (24 hours) */
|
|
17
17
|
const EMAIL_VERIFICATION_GRACE_PERIOD_MS = 24 * 60 * 60 * 1000;
|
|
18
18
|
/**
|
|
@@ -145,10 +145,12 @@ export async function signIn(email, password, options) {
|
|
|
145
145
|
mfaUserId: user.id,
|
|
146
146
|
};
|
|
147
147
|
}
|
|
148
|
-
//
|
|
148
|
+
// Rotate session: delete all existing sessions for this user, then create
|
|
149
|
+
// a fresh one. This prevents session fixation attacks where an attacker
|
|
150
|
+
// plants a session token that the victim later authenticates.
|
|
149
151
|
let token;
|
|
150
152
|
try {
|
|
151
|
-
const sessionResult = await
|
|
153
|
+
const sessionResult = await rotateSession(user.id, {
|
|
152
154
|
userAgent: options?.userAgent || 'Unknown',
|
|
153
155
|
ipAddress: options?.ipAddress || 'Unknown',
|
|
154
156
|
});
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@revealui/auth",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.7",
|
|
4
4
|
"description": "Authentication system for RevealUI - database-backed sessions with Better Auth patterns",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"auth",
|
|
@@ -14,11 +14,11 @@
|
|
|
14
14
|
"bcryptjs": "^3.0.3",
|
|
15
15
|
"drizzle-orm": "^0.45.2",
|
|
16
16
|
"zod": "^4.3.6",
|
|
17
|
-
"@revealui/config": "0.3.
|
|
18
|
-
"@revealui/contracts": "1.3.
|
|
19
|
-
"@revealui/core": "0.5.
|
|
20
|
-
"@revealui/db": "0.3.
|
|
21
|
-
"@revealui/security": "0.2.
|
|
17
|
+
"@revealui/config": "0.3.3",
|
|
18
|
+
"@revealui/contracts": "1.3.6",
|
|
19
|
+
"@revealui/core": "0.5.5",
|
|
20
|
+
"@revealui/db": "0.3.6",
|
|
21
|
+
"@revealui/security": "0.2.6"
|
|
22
22
|
},
|
|
23
23
|
"devDependencies": {
|
|
24
24
|
"@simplewebauthn/browser": "^13.3.0",
|
|
@@ -72,6 +72,11 @@
|
|
|
72
72
|
},
|
|
73
73
|
"type": "module",
|
|
74
74
|
"types": "./dist/index.d.ts",
|
|
75
|
+
"repository": {
|
|
76
|
+
"type": "git",
|
|
77
|
+
"url": "https://github.com/RevealUIStudio/revealui.git",
|
|
78
|
+
"directory": "packages/auth"
|
|
79
|
+
},
|
|
75
80
|
"scripts": {
|
|
76
81
|
"build": "tsc",
|
|
77
82
|
"clean": "rm -rf dist",
|