npm - @rudderjs/auth - Versions diffs - 4.0.1 → 4.0.3 - Mend

@rudderjs/auth 4.0.1 → 4.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +11 -9
package/boost/guidelines.md +5 -2
package/package.json +11 -11
package/views/react/ForgotPassword.tsx +5 -1
package/views/react/Login.tsx +5 -1
package/views/react/Register.tsx +5 -1
package/views/react/ResetPassword.tsx +5 -1

package/README.md CHANGED Viewed

@@ -27,18 +27,18 @@ export default {
 }
 // bootstrap/providers.ts
-import { session } from '@rudderjs/session'
-import { hash } from '@rudderjs/hash'
-import { authProvider } from '@rudderjs/auth'
+import { SessionProvider } from '@rudderjs/session'
+import { HashProvider } from '@rudderjs/hash'
+import { AuthProvider } from '@rudderjs/auth'
 export default [
-  session(configs.session),
-  hash(configs.hash),
-  authProvider(configs.auth),
+  SessionProvider,
+  HashProvider,
+  AuthProvider,
 ]
 ```
-> `authProvider()` is the service-provider factory.
+> `AuthProvider` is the service-provider class — list it directly in the providers array.
 > `auth()` (lowercase) is the per-request helper — see below.
 ## Usage
@@ -65,7 +65,7 @@ Route.get('/profile', async (req) => {
 })
 ```
-**No per-route wiring needed on web routes.** `authProvider()` auto-installs
+**No per-route wiring needed on web routes.** `AuthProvider` auto-installs
 `AuthMiddleware` on the `web` route group during `boot()`, so every request
 matched by `withRouting({ web })` has the auth context populated before your
 handler runs.
@@ -107,7 +107,7 @@ Route.get('/login', showLoginPage, [RequireGuest('/')])
 import { AuthMiddleware } from '@rudderjs/auth'
 ```
-**You don't normally attach this on web routes.** `authProvider()` already
+**You don't normally attach this on web routes.** `AuthProvider` already
 installs `AuthMiddleware()` on the `web` route group, so `req.user` and `auth()`
 work automatically on every web request. Reach for it manually in two cases:
@@ -172,6 +172,8 @@ The `EloquentUserProvider` auto-wraps ORM model records with these methods (mapp
 Ships React views for Login, Register, ForgotPassword, ResetPassword under `views/react/`. `create-rudder-app` vendors them into `app/Views/Auth/` at scaffold time so the app owns the files from day one and can edit them freely.
+The views POST credentials with an `X-CSRF-Token` header read via `getCsrfToken()` from `@rudderjs/middleware`, so they work with `CsrfMiddleware` on the web group out of the box. `@rudderjs/middleware` is already a dep of any standard RudderJS app via the bootstrap pattern.
 To re-vendor manually (e.g. after upgrading this package):
 ```bash

package/boost/guidelines.md CHANGED Viewed

@@ -46,7 +46,10 @@ Auth delegates hashing to `@rudderjs/hash`. The hash provider **must** be regist
 ```ts
 // bootstrap/providers.ts
-export default [hash(configs.hash), auth(configs.auth), ...]
+import { HashProvider } from '@rudderjs/hash'
+import { AuthProvider } from '@rudderjs/auth'
+export default [HashProvider, AuthProvider]
 ```
 The `EloquentUserProvider` calls `hashCheck(plain, hashed)` internally during `validateCredentials()`.
@@ -115,7 +118,7 @@ class PostPolicy extends Policy {
 ```ts
 // Provider factory
-import { auth } from '@rudderjs/auth'
+import { AuthProvider } from '@rudderjs/auth'
 // Middleware
 import { AuthMiddleware, RequireAuth, EnsureEmailIsVerified } from '@rudderjs/auth'

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rudderjs/auth",
-  "version": "4.0.1",
+  "version": "4.0.3",
   "rudderjs": {
     "provider": "AuthProvider",
     "stage": "infrastructure",
@@ -44,14 +44,14 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@rudderjs/contracts": "^1.1.0",
-    "@rudderjs/core": "^1.0.0"
+    "@rudderjs/contracts": "^1.2.0",
+    "@rudderjs/core": "^1.1.2"
   },
   "peerDependencies": {
-    "@rudderjs/session": "^1.0.1",
-    "@rudderjs/router": "^1.0.0",
-    "@rudderjs/view": "^1.0.0",
-    "@rudderjs/hash": "^1.0.0"
+    "@rudderjs/hash": "^1.0.1",
+    "@rudderjs/router": "^1.1.2",
+    "@rudderjs/session": "^1.0.3",
+    "@rudderjs/view": "^1.0.1"
   },
   "peerDependenciesMeta": {
     "@rudderjs/hash": {
@@ -71,10 +71,10 @@
     "@types/node": "^20.0.0",
     "reflect-metadata": "^0.2.2",
     "typescript": "^5.4.0",
-    "@rudderjs/hash": "^1.0.0",
-    "@rudderjs/router": "^1.0.0",
-    "@rudderjs/session": "^1.0.1",
-    "@rudderjs/view": "^1.0.0"
+    "@rudderjs/hash": "^1.0.1",
+    "@rudderjs/router": "^1.1.2",
+    "@rudderjs/session": "^1.0.3",
+    "@rudderjs/view": "^1.0.1"
   },
   "author": "Suleiman Shahbari",
   "scripts": {

package/views/react/ForgotPassword.tsx CHANGED Viewed

@@ -1,5 +1,6 @@
 import '@/index.css'
 import { useState } from 'react'
+import { getCsrfToken } from '@rudderjs/middleware'
 // URL this view is served at — see Login.tsx for rationale.
 export const route = '/forgot-password'
@@ -28,7 +29,10 @@ export default function ForgotPassword(props: ForgotPasswordProps) {
     try {
       const res = await fetch(submitUrl, {
         method:  'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: {
+          'Content-Type': 'application/json',
+          'X-CSRF-Token': getCsrfToken(),
+        },
         body:    JSON.stringify({ email, redirectTo: resetPasswordUrl }),
       })
       if (res.ok) {

package/views/react/Login.tsx CHANGED Viewed

@@ -1,6 +1,7 @@
 import '@/index.css'
 import { useState } from 'react'
 import { navigate } from 'vike/client/router'
+import { getCsrfToken } from '@rudderjs/middleware'
 // URL this view is served at — MUST match the controller route registered
 // by registerAuthRoutes() in the consumer project. If you override
@@ -32,7 +33,10 @@ export default function Login(props: LoginProps) {
     setLoading(true)
     const res = await fetch(submitUrl, {
       method:  'POST',
-      headers: { 'Content-Type': 'application/json' },
+      headers: {
+        'Content-Type': 'application/json',
+        'X-CSRF-Token': getCsrfToken(),
+      },
       body:    JSON.stringify({ email, password }),
     })
     if (res.ok) {

package/views/react/Register.tsx CHANGED Viewed

@@ -1,6 +1,7 @@
 import '@/index.css'
 import { useState } from 'react'
 import { navigate } from 'vike/client/router'
+import { getCsrfToken } from '@rudderjs/middleware'
 // URL this view is served at — see Login.tsx for rationale.
 export const route = '/register'
@@ -28,7 +29,10 @@ export default function Register(props: RegisterProps) {
     setLoading(true)
     const res = await fetch(submitUrl, {
       method:  'POST',
-      headers: { 'Content-Type': 'application/json' },
+      headers: {
+        'Content-Type': 'application/json',
+        'X-CSRF-Token': getCsrfToken(),
+      },
       body:    JSON.stringify({ name, email, password }),
     })
     if (res.ok) {

package/views/react/ResetPassword.tsx CHANGED Viewed

@@ -1,5 +1,6 @@
 import '@/index.css'
 import { useState, useEffect } from 'react'
+import { getCsrfToken } from '@rudderjs/middleware'
 // URL this view is served at — see Login.tsx for rationale.
 export const route = '/reset-password'
@@ -45,7 +46,10 @@ export default function ResetPassword(props: ResetPasswordProps) {
     try {
       const res = await fetch(submitUrl, {
         method:  'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: {
+          'Content-Type': 'application/json',
+          'X-CSRF-Token': getCsrfToken(),
+        },
         body:    JSON.stringify({ token, email, newPassword: password }),
       })
       if (res.ok) {