@rudderjs/auth 6.5.0 → 6.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-manager.d.ts +2 -1
- package/dist/auth-manager.d.ts.map +1 -1
- package/dist/auth-manager.js +4 -2
- package/dist/auth-manager.js.map +1 -1
- package/dist/base-auth-controller.d.ts.map +1 -1
- package/dist/base-auth-controller.js +10 -2
- package/dist/base-auth-controller.js.map +1 -1
- package/dist/contracts.d.ts +12 -0
- package/dist/contracts.d.ts.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +70 -5
- package/dist/index.js.map +1 -1
- package/dist/password-reset.d.ts.map +1 -1
- package/dist/password-reset.js +11 -1
- package/dist/password-reset.js.map +1 -1
- package/dist/providers.d.ts +21 -1
- package/dist/providers.d.ts.map +1 -1
- package/dist/providers.js +55 -1
- package/dist/providers.js.map +1 -1
- package/dist/remember.d.ts +48 -0
- package/dist/remember.d.ts.map +1 -0
- package/dist/remember.js +134 -0
- package/dist/remember.js.map +1 -0
- package/dist/session-guard.d.ts +16 -2
- package/dist/session-guard.d.ts.map +1 -1
- package/dist/session-guard.js +46 -4
- package/dist/session-guard.js.map +1 -1
- package/package.json +10 -10
package/dist/auth-manager.d.ts
CHANGED
|
@@ -19,7 +19,8 @@ export declare class AuthManager {
|
|
|
19
19
|
readonly config: AuthConfig;
|
|
20
20
|
private readonly hashCheck;
|
|
21
21
|
private readonly getSession;
|
|
22
|
-
|
|
22
|
+
private readonly hashMake?;
|
|
23
|
+
constructor(config: AuthConfig, hashCheck: (plain: string, hashed: string) => Promise<boolean>, getSession: () => SessionStore, hashMake?: ((plain: string) => Promise<string>) | undefined);
|
|
23
24
|
/**
|
|
24
25
|
* Build a fresh Guard each call. We deliberately do NOT cache guards on
|
|
25
26
|
* the manager: AuthManager is a process-wide DI singleton, and a cached
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC1E,OAAO,EAAgB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAKpE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,CAAA;IAClB,KAAK,EAAE,OAAO,CAAA;CACf;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;IACD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACvC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;CAC9C;AAID,qBAAa,WAAW;aAEJ,MAAM,EAAE,UAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU;
|
|
1
|
+
{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC1E,OAAO,EAAgB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAKpE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,CAAA;IAClB,KAAK,EAAE,OAAO,CAAA;CACf;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;IACD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACvC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;CAC9C;AAID,qBAAa,WAAW;aAEJ,MAAM,EAAE,UAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAHV,MAAM,EAAE,UAAU,EACjB,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAC9D,UAAU,EAAE,MAAM,YAAY,EAC9B,QAAQ,CAAC,GAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,aAAA;IAGhE;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK;IAkB3B,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAInF,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAIvB,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAI5B,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB;;;;;OAKG;IACH,cAAc,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,YAAY;CAqB5C;AAeD,wBAAgB,WAAW,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAEnE;AAiBD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAExE;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,IAAI,eAAe,GAAG,IAAI,CAExD;AAED,wBAAgB,WAAW,IAAI,WAAW,CAWzC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,IAAI,IAAI,WAAW,CAElC;AAID,qBAAa,IAAI;IACf,OAAO,CAAC,MAAM,CAAC,CAAC;IAIhB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,KAAK;IAIjC,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1F,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAItE,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAI9B,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI9C,MAAM,CAAC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAInC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;CAGjC"}
|
package/dist/auth-manager.js
CHANGED
|
@@ -6,10 +6,12 @@ export class AuthManager {
|
|
|
6
6
|
config;
|
|
7
7
|
hashCheck;
|
|
8
8
|
getSession;
|
|
9
|
-
|
|
9
|
+
hashMake;
|
|
10
|
+
constructor(config, hashCheck, getSession, hashMake) {
|
|
10
11
|
this.config = config;
|
|
11
12
|
this.hashCheck = hashCheck;
|
|
12
13
|
this.getSession = getSession;
|
|
14
|
+
this.hashMake = hashMake;
|
|
13
15
|
}
|
|
14
16
|
/**
|
|
15
17
|
* Build a fresh Guard each call. We deliberately do NOT cache guards on
|
|
@@ -70,7 +72,7 @@ export class AuthManager {
|
|
|
70
72
|
if (!providerConfig)
|
|
71
73
|
throw new Error(`[RudderJS Auth] User provider "${providerName}" is not defined.`);
|
|
72
74
|
if (providerConfig.driver === 'eloquent') {
|
|
73
|
-
return new EloquentUserProvider(providerConfig.model, this.hashCheck);
|
|
75
|
+
return new EloquentUserProvider(providerConfig.model, this.hashCheck, this.hashMake);
|
|
74
76
|
}
|
|
75
77
|
throw new Error(`[RudderJS Auth] Provider driver "${providerConfig.driver}" is not supported.`);
|
|
76
78
|
}
|
package/dist/auth-manager.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,OAAO,EAAE,YAAY,EAAqB,MAAM,oBAAoB,CAAA;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAsBrD,6DAA6D;AAE7D,MAAM,OAAO,WAAW;IAEJ;IACC;IACA;
|
|
1
|
+
{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,OAAO,EAAE,YAAY,EAAqB,MAAM,oBAAoB,CAAA;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAsBrD,6DAA6D;AAE7D,MAAM,OAAO,WAAW;IAEJ;IACC;IACA;IACA;IAJnB,YACkB,MAAkB,EACjB,SAA8D,EAC9D,UAA8B,EAC9B,QAA6C;QAH9C,WAAM,GAAN,MAAM,CAAY;QACjB,cAAS,GAAT,SAAS,CAAqD;QAC9D,eAAU,GAAV,UAAU,CAAoB;QAC9B,aAAQ,GAAR,QAAQ,CAAqC;IAC7D,CAAC;IAEJ;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAa;QACjB,MAAM,SAAS,GAAG,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAA;QAEpD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACjD,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,SAAS,mBAAmB,CAAC,CAAA;QAEzF,IAAI,WAAW,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;YAC1D,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iCAAiC,WAAW,CAAC,MAAM,qBAAqB,CAAC,CAAA;IAC3F,CAAC;IAED,yEAAyE;IACzE,uEAAuE;IACvE,wCAAwC;IAExC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QAC9D,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,IAAqB,EAAE,QAAkB;QAC7C,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IAC3C,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,CAAA;IAC9B,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IAC5B,CAAC;IAED,EAAE;QACA,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAA;IAC1B,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,CAAA;IAC7B,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,CAAA;IAC7B,CAAC;IAED;;;;;OAKG;IACH,cAAc,CAAC,IAAa;QAC1B,MAAM,YAAY,GAAG,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAA;QACrF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,wEAAwE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,sCAAsC,CACzI,CAAA;QACH,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;QAC1D,IAAI,CAAC,cAAc;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,mBAAmB,CAAC,CAAA;QAEvG,IAAI,cAAc,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACzC,OAAO,IAAI,oBAAoB,CAC7B,cAAc,CAAC,KAA6J,EAC5K,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,QAAQ,CACd,CAAA;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,oCAAoC,cAAc,CAAC,MAAM,qBAAqB,CAAC,CAAA;IACjG,CAAC;CACF;AAED,6DAA6D;AAE7D,6EAA6E;AAC7E,2EAA2E;AAC3E,yEAAyE;AACzE,mEAAmE;AACnE,6EAA6E;AAC7E,gFAAgF;AAChF,MAAM,OAAO,GAAG,uBAAuB,CAAA;AACvC,MAAM,UAAU,GAAG,UAAqC,CAAA;AACxD,MAAM,IAAI,GAAoC,UAAU,CAAC,OAAO,CAAgD;OAC3G,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,IAAI,iBAAiB,EAAe,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA,CAAC,CAAC,CAAC,EAAE,CAAA;AAEpG,MAAM,UAAU,WAAW,CAAI,OAAoB,EAAE,EAAW;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;AAC9B,CAAC;AAED,6DAA6D;AAC7D,EAAE;AACF,yEAAyE;AACzE,6EAA6E;AAC7E,8EAA8E;AAC9E,yEAAyE;AACzE,wEAAwE;AACxE,yBAAyB;AACzB,EAAE;AACF,8EAA8E;AAE9E,MAAM,iBAAiB,GAAG,4BAA4B,CAAA;AACtD,MAAM,YAAY,GAAwC,UAAU,CAAC,iBAAiB,CAAoD;OACrI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,IAAI,iBAAiB,EAAmB,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA,CAAC,CAAC,CAAC,EAAE,CAAA;AAElH;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAI,IAAqB,EAAE,EAAW;IACnE,OAAO,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,YAAY,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAA;AACxC,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;IACzB,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,IAAI,KAAK,CACb,0EAA0E;YAC1E,4EAA4E;YAC5E,2EAA2E;YAC3E,gBAAgB,CACjB,CAAA;IACH,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,IAAI;IAClB,OAAO,WAAW,EAAE,CAAA;AACtB,CAAC;AAED,6DAA6D;AAE7D,MAAM,OAAO,IAAI;IACP,MAAM,CAAC,CAAC,CAAC,IAAa;QAC5B,OAAO,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAY;QACvB,OAAO,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,CAAC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QACrE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAqB,EAAE,QAAkB;QACpD,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,CAAA;IAC1B,CAAC;IAED,MAAM,CAAC,IAAI;QACT,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;IACxB,CAAC;IAED,MAAM,CAAC,EAAE;QACP,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAA;IACtB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACzB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACzB,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-auth-controller.d.ts","sourceRoot":"","sources":["../src/base-auth-controller.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAIrF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAMzD,8DAA8D;AAC9D,MAAM,WAAW,iBAAiB;IAChC,KAAK,IAAI;QAAE,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG;YAAE,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;IAChF,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;IACxE,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CAC9E;AAED,sEAAsE;AACtE,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACpC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACvD;AAcD,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAgB,iBAAiB,GAAG,IAAI,CAAA;IAC/C,MAAM,CAAC,EAAgB,iBAAiB,GAAG,IAAI,CAAA;IAC/C,oBAAoB,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAA;CAChD;AAED,eAAO,MAAM,wBAAwB,EAAE,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAYtE,CAAA;AA0BF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,8BACsB,kBAAkB;IACtC,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAA;IAC/C,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAO,YAAY,CAAA;IAE1C,8EAA8E;IAC9E,SAAS,CAAC,cAAc,CAAC,EAAE,cAAc,CAAA;IAEzC;;;;;;;;OAQG;IACH,MAAM,CAAC,UAAU,EAAE,cAAc,CAA2B;;IAwCtD,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"base-auth-controller.d.ts","sourceRoot":"","sources":["../src/base-auth-controller.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAIrF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAMzD,8DAA8D;AAC9D,MAAM,WAAW,iBAAiB;IAChC,KAAK,IAAI;QAAE,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG;YAAE,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;IAChF,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;IACxE,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CAC9E;AAED,sEAAsE;AACtE,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACpC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACvD;AAcD,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAgB,iBAAiB,GAAG,IAAI,CAAA;IAC/C,MAAM,CAAC,EAAgB,iBAAiB,GAAG,IAAI,CAAA;IAC/C,oBAAoB,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAA;CAChD;AAED,eAAO,MAAM,wBAAwB,EAAE,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAYtE,CAAA;AA0BF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,8BACsB,kBAAkB;IACtC,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAA;IAC/C,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAO,YAAY,CAAA;IAE1C,8EAA8E;IAC9E,SAAS,CAAC,cAAc,CAAC,EAAE,cAAc,CAAA;IAEzC;;;;;;;;OAQG;IACH,MAAM,CAAC,UAAU,EAAE,cAAc,CAA2B;;IAwCtD,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAmBxD,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAyBxD,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAM1D,oBAAoB,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IA4BtE,aAAa,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAiCrE;;;OAGG;cACa,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAK5E"}
|
|
@@ -127,12 +127,14 @@ let BaseAuthController = class BaseAuthController {
|
|
|
127
127
|
Reflect.defineMetadata(ROUTE_DEFINITIONS_KEY, cloned, ctor.prototype);
|
|
128
128
|
}
|
|
129
129
|
async signIn(req, res) {
|
|
130
|
-
const { email, password } = req.body;
|
|
130
|
+
const { email, password, remember } = req.body;
|
|
131
131
|
if (!email || !password) {
|
|
132
132
|
res.status(422).json({ message: 'Email and password are required.' });
|
|
133
133
|
return;
|
|
134
134
|
}
|
|
135
|
-
|
|
135
|
+
// Accept a truthy `remember` flag (checkbox → `true`/`"on"`/`"1"`).
|
|
136
|
+
const rememberMe = remember === true || remember === 'on' || remember === '1' || remember === 1;
|
|
137
|
+
const success = await Auth.attempt({ email, password }, rememberMe);
|
|
136
138
|
if (!success) {
|
|
137
139
|
res.status(401).json({ message: 'Invalid email or password.' });
|
|
138
140
|
return;
|
|
@@ -175,6 +177,12 @@ let BaseAuthController = class BaseAuthController {
|
|
|
175
177
|
res.json({ status: 'sent' });
|
|
176
178
|
return;
|
|
177
179
|
}
|
|
180
|
+
// The broker's status (RESET_LINK_SENT / INVALID_USER / THROTTLED) is
|
|
181
|
+
// intentionally NOT surfaced. We always return `{ status: 'sent' }` to
|
|
182
|
+
// avoid an email-enumeration oracle: THROTTLED is only ever returned for a
|
|
183
|
+
// registered user (sendResetLink returns INVALID_USER first when no user
|
|
184
|
+
// exists), so exposing a distinct 429 on throttle would leak registration
|
|
185
|
+
// exactly the way exposing INVALID_USER would. Keep the response constant.
|
|
178
186
|
await this.passwordBroker.sendResetLink({ email }, async (_user, token) => {
|
|
179
187
|
await this.sendResetEmail(email, token);
|
|
180
188
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-auth-controller.js","sourceRoot":"","sources":["../src/base-auth-controller.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AAEnD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAuClD,MAAM,CAAC,MAAM,wBAAwB,GAAuC,MAAM,CAAC,MAAM,CAAC;IACxF,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;SAC5B,OAAO,CAAC,oDAAoD,CAAC;IAChE,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;SAC3B,OAAO,CAAC,oDAAoD,CAAC;IAChE,oBAAoB,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;SACzC,EAAE,CAAC,CAAC,GAAG,EAAE,EAAE;QACV,MAAM,IAAI,GAAG,GAAG,CAAC,IAA8C,CAAA;QAC/D,MAAM,KAAK,GAAG,OAAO,IAAI,EAAE,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;QACtE,OAAO,KAAK,IAAK,GAAkC,CAAC,EAAE,IAAI,SAAS,CAAA;IACrE,CAAC,CAAC;SACD,OAAO,CAAC,2DAA2D,CAAC;CACxE,CAAC,CAAA;AAEF,+EAA+E;AAC/E,6EAA6E;AAC7E,6EAA6E;AAC7E,6EAA6E;AAC7E,wBAAwB;AACxB,MAAM,mBAAmB,GAAG,IAAI,OAAO,EAAkC,CAAA;AAEzE,6EAA6E;AAC7E,+EAA+E;AAC/E,6EAA6E;AAC7E,0EAA0E;AAC1E,6EAA6E;AAC7E,+BAA+B;AAC/B,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;AAS1D,6DAA6D;AAE7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEI,IAAe,kBAAkB,GAAjC,MAAe,kBAAkB;;IAItC,8EAA8E;IACpE,cAAc,CAAiB;IAEzC;;;;;;;;OAQG;IACH,MAAM,CAAC,UAAU,GAAmB,wBAAwB,CAAA;IAE5D;QACE,MAAM,IAAI,GAAG,IAAI,CAAC,WAAwC,CAAA;QAC1D,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAM;QACzC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAE7B,mEAAmE;QACnE,kEAAkE;QAClE,oEAAoE;QACpE,iEAAiE;QACjE,qEAAqE;QACrE,sEAAsE;QACtE,yEAAyE;QACzE,sDAAsD;QACtD,MAAM,UAAU,GAAI,OAAO,CAAC,WAAW,CACrC,qBAAqB,EACrB,oBAAkB,CAAC,SAAS,CACS,IAAI,EAAE,CAAA;QAC7C,MAAM,MAAM,GAA0B,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC;YACJ,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC;SAC9B,CAAC,CAAC,CAAA;QAEH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAyB,CAAA;YAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;YACpC,IAAI,CAAC,OAAO;gBAAE,SAAQ;YACtB,oEAAoE;YACpE,uEAAuE;YACvE,wEAAwE;YACxE,qEAAqE;YACrE,sEAAsE;YACtE,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC,CAAA;QACnD,CAAC;QAED,OAAO,CAAC,cAAc,CAAC,qBAAqB,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;IACvE,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CAAC,GAAe,EAAE,GAAgB;QAC5C,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"base-auth-controller.js","sourceRoot":"","sources":["../src/base-auth-controller.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AAEnD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAuClD,MAAM,CAAC,MAAM,wBAAwB,GAAuC,MAAM,CAAC,MAAM,CAAC;IACxF,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;SAC5B,OAAO,CAAC,oDAAoD,CAAC;IAChE,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;SAC3B,OAAO,CAAC,oDAAoD,CAAC;IAChE,oBAAoB,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;SACzC,EAAE,CAAC,CAAC,GAAG,EAAE,EAAE;QACV,MAAM,IAAI,GAAG,GAAG,CAAC,IAA8C,CAAA;QAC/D,MAAM,KAAK,GAAG,OAAO,IAAI,EAAE,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;QACtE,OAAO,KAAK,IAAK,GAAkC,CAAC,EAAE,IAAI,SAAS,CAAA;IACrE,CAAC,CAAC;SACD,OAAO,CAAC,2DAA2D,CAAC;CACxE,CAAC,CAAA;AAEF,+EAA+E;AAC/E,6EAA6E;AAC7E,6EAA6E;AAC7E,6EAA6E;AAC7E,wBAAwB;AACxB,MAAM,mBAAmB,GAAG,IAAI,OAAO,EAAkC,CAAA;AAEzE,6EAA6E;AAC7E,+EAA+E;AAC/E,6EAA6E;AAC7E,0EAA0E;AAC1E,6EAA6E;AAC7E,+BAA+B;AAC/B,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;AAS1D,6DAA6D;AAE7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEI,IAAe,kBAAkB,GAAjC,MAAe,kBAAkB;;IAItC,8EAA8E;IACpE,cAAc,CAAiB;IAEzC;;;;;;;;OAQG;IACH,MAAM,CAAC,UAAU,GAAmB,wBAAwB,CAAA;IAE5D;QACE,MAAM,IAAI,GAAG,IAAI,CAAC,WAAwC,CAAA;QAC1D,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAM;QACzC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAE7B,mEAAmE;QACnE,kEAAkE;QAClE,oEAAoE;QACpE,iEAAiE;QACjE,qEAAqE;QACrE,sEAAsE;QACtE,yEAAyE;QACzE,sDAAsD;QACtD,MAAM,UAAU,GAAI,OAAO,CAAC,WAAW,CACrC,qBAAqB,EACrB,oBAAkB,CAAC,SAAS,CACS,IAAI,EAAE,CAAA;QAC7C,MAAM,MAAM,GAA0B,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC;YACJ,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC;SAC9B,CAAC,CAAC,CAAA;QAEH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAyB,CAAA;YAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;YACpC,IAAI,CAAC,OAAO;gBAAE,SAAQ;YACtB,oEAAoE;YACpE,uEAAuE;YACvE,wEAAwE;YACxE,qEAAqE;YACrE,sEAAsE;YACtE,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC,CAAA;QACnD,CAAC;QAED,OAAO,CAAC,cAAc,CAAC,qBAAqB,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;IACvE,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CAAC,GAAe,EAAE,GAAgB;QAC5C,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAAiE,CAAA;QAC3G,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAA;YACrE,OAAM;QACR,CAAC;QAED,oEAAoE;QACpE,MAAM,UAAU,GAAG,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAA;QAC/F,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,UAAU,CAAC,CAAA;QACnE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC,CAAA;YAC/D,OAAM;QACR,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;IACxB,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CAAC,GAAe,EAAE,GAAgB;QAC5C,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAA4D,CAAA;QAClG,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAA;YACrE,OAAM;QACR,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC,CAAA;YAC5E,OAAM;QACR,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAA;QAC3E,IAAI,QAAQ,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAA;YAC/E,OAAM;QACR,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC7C,MAAM,IAAI,GAAK,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAEzF,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAA+B,CAAC,CAAC,CAAA;QACpE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;IACxB,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAAC,IAAgB,EAAE,GAAgB;QAC9C,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;QACnB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;IACxB,CAAC;IAGK,AAAN,KAAK,CAAC,oBAAoB,CAAC,GAAe,EAAE,GAAgB;QAC1D,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAA0B,CAAA;QAChD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAAC,CAAA;YACvD,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,2EAA2E;YAC3E,sEAAsE;YACtE,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;YAC5B,OAAM;QACR,CAAC;QAED,sEAAsE;QACtE,uEAAuE;QACvE,2EAA2E;QAC3E,yEAAyE;QACzE,0EAA0E;QAC1E,2EAA2E;QAC3E,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;YACxE,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QACzC,CAAC,CAAC,CAAA;QAEF,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;IAC9B,CAAC;IAGK,AAAN,KAAK,CAAC,aAAa,CAAC,GAAe,EAAE,GAAgB;QACnD,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAEzC,CAAA;QACD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC,CAAA;YACjF,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC,CAAA;YACnE,OAAM;QACR,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAC5C,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,EACvC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YAC7C,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAC7E,CAAC,CACF,CAAA;QAED,IAAI,MAAM,KAAK,gBAAgB,EAAE,CAAC;YAChC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;YACtB,OAAM;QACR,CAAC;QACD,IAAI,MAAM,KAAK,eAAe,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAA;YAC7D,OAAM;QACR,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC,CAAA;IAChE,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,KAAa;QACzD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,uBAAuB,CAAA;QACjE,MAAM,GAAG,GAAO,GAAG,OAAO,yBAAyB,KAAK,UAAU,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAA;QAC7F,OAAO,CAAC,GAAG,CAAC,sCAAsC,KAAK,KAAK,GAAG,EAAE,CAAC,CAAA;IACpE,CAAC;;AAvHK;IADL,IAAI,CAAC,gBAAgB,CAAC;;;;gDAiBtB;AAGK;IADL,IAAI,CAAC,gBAAgB,CAAC;;;;gDAuBtB;AAGK;IADL,IAAI,CAAC,WAAW,CAAC;;;;iDAIjB;AAGK;IADL,IAAI,CAAC,yBAAyB,CAAC;;;;8DA0B/B;AAGK;IADL,IAAI,CAAC,iBAAiB,CAAC;;;;uDAgCvB;AArKmB,kBAAkB;IADvC,UAAU,CAAC,OAAO,CAAC;;GACE,kBAAkB,CAgLvC"}
|
package/dist/contracts.d.ts
CHANGED
|
@@ -22,6 +22,18 @@ export interface UserProvider {
|
|
|
22
22
|
retrieveById(id: string): Promise<Authenticatable | null>;
|
|
23
23
|
retrieveByCredentials(credentials: Record<string, unknown>): Promise<Authenticatable | null>;
|
|
24
24
|
validateCredentials(user: Authenticatable, credentials: Record<string, unknown>): Promise<boolean>;
|
|
25
|
+
/**
|
|
26
|
+
* Optional: perform a constant-cost dummy password verify when no user
|
|
27
|
+
* matched, to keep the failed-login timing independent of whether the
|
|
28
|
+
* account exists (anti-enumeration). Callers should invoke it on the
|
|
29
|
+
* no-user branch when present.
|
|
30
|
+
*/
|
|
31
|
+
fakeValidateCredentials?(credentials: Record<string, unknown>): Promise<void>;
|
|
32
|
+
/** Optional: resolve a user by id and constant-time-validate a "remember me"
|
|
33
|
+
* token. Required for persistent-login support. */
|
|
34
|
+
retrieveByToken?(userId: string, token: string): Promise<Authenticatable | null>;
|
|
35
|
+
/** Optional: persist a new "remember me" token on the user (null clears it). */
|
|
36
|
+
updateRememberToken?(userId: string, token: string | null): Promise<void>;
|
|
25
37
|
}
|
|
26
38
|
export interface Guard {
|
|
27
39
|
user(): Promise<Authenticatable | null>;
|
package/dist/contracts.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contracts.d.ts","sourceRoot":"","sources":["../src/contracts.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,eAAe;IAC9B,iBAAiB,IAAI,MAAM,CAAA;IAC3B,eAAe,IAAI,MAAM,CAAA;IACzB,gBAAgB,IAAI,MAAM,GAAG,IAAI,CAAA;IACjC,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACrC;;;;;;OAMG;IACH,SAAS,CAAC,IAAI,MAAM,EAAE,CAAA;CACvB;AAID,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAID,MAAM,WAAW,YAAY;IAC3B,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACzD,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IAC5F,mBAAmB,CAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"contracts.d.ts","sourceRoot":"","sources":["../src/contracts.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,eAAe;IAC9B,iBAAiB,IAAI,MAAM,CAAA;IAC3B,eAAe,IAAI,MAAM,CAAA;IACzB,gBAAgB,IAAI,MAAM,GAAG,IAAI,CAAA;IACjC,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACrC;;;;;;OAMG;IACH,SAAS,CAAC,IAAI,MAAM,EAAE,CAAA;CACvB;AAID,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAID,MAAM,WAAW,YAAY;IAC3B,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACzD,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IAC5F,mBAAmB,CAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAClG;;;;;OAKG;IACH,uBAAuB,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E;wDACoD;IACpD,eAAe,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IAChF,gFAAgF;IAChF,mBAAmB,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1E;AAID,MAAM,WAAW,KAAK;IACpB,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACvC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAC5B,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IACzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IACzB,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACnF,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC/D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACxB"}
|
package/dist/index.d.ts
CHANGED
|
@@ -15,6 +15,8 @@ export { Gate, Policy, AuthorizationError } from './gate.js';
|
|
|
15
15
|
export { PasswordBroker, MemoryTokenRepository } from './password-reset.js';
|
|
16
16
|
export { EnsureEmailIsVerified, verificationUrl, handleEmailVerification, mustVerifyEmail } from './verification.js';
|
|
17
17
|
export { RequireGuest } from './require-guest.js';
|
|
18
|
+
export { newRememberToken, encodeRememberCookie, decodeRememberCookie, rememberCookieAttrs, } from './remember.js';
|
|
19
|
+
export type { RememberCookieAttrs, RememberDirective } from './remember.js';
|
|
18
20
|
export { BaseAuthController, DEFAULT_AUTH_RATE_LIMITS } from './base-auth-controller.js';
|
|
19
21
|
export type { AuthUserModelLike, AuthHashLike, AuthRateLimits } from './base-auth-controller.js';
|
|
20
22
|
export type { Authenticatable, AuthUser, Guard, UserProvider } from './contracts.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAA8B,MAAM,gBAAgB,CAAA;AAE5E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAG5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAA8B,MAAM,gBAAgB,CAAA;AAE5E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAG5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AA4B9C,OAAO,QAAQ,qBAAqB,CAAC;IACnC,UAAU,UAAU;QAClB,IAAI,CAAC,EAAE,QAAQ,CAAA;KAChB;CACF;AAID,OAAO,iBAAiB,CAAA;AAIxB,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAC3G,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAC5D,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAC3E,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACpH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,eAAe,CAAA;AACtB,YAAY,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AAC3E,OAAO,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,iBAAiB,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAEhG,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AACpF,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACxD,YAAY,EAAE,eAAe,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AACpG,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AACxF,YAAY,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAetD;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,CAsBnD;AAID;;;GAGG;AACH,wBAAgB,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,iBAAiB,CAsIpE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,iBAAiB,CAoBjE;AAID;;;;;;;;;;;GAWG;AACH,qBAAa,YAAa,SAAQ,eAAe;IAC/C,QAAQ,IAAI,IAAI;IAgBV,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAoC5B"}
|
package/dist/index.js
CHANGED
|
@@ -2,6 +2,16 @@ import { fileURLToPath } from 'node:url';
|
|
|
2
2
|
import { ServiceProvider, app, config, appendToGroup } from '@rudderjs/core';
|
|
3
3
|
import { REQUEST_CONTEXT } from '@rudderjs/contracts';
|
|
4
4
|
import { AuthManager, Auth, runWithAuth, runWithTestUser } from './auth-manager.js';
|
|
5
|
+
import { runWithRemember, takeRememberDirective, rememberCookieAttrs, resolveRememberSecret, encodeRememberCookie, decodeRememberCookie, buildRememberCookie, parseCookie, } from './remember.js';
|
|
6
|
+
/** Append a `Set-Cookie` on the response, preserving any cookies earlier
|
|
7
|
+
* middleware wrote (same multi-cookie-safe pattern as @rudderjs/session). */
|
|
8
|
+
function writeResponseCookie(res, cookieStr) {
|
|
9
|
+
const c = res.raw;
|
|
10
|
+
if (c.res)
|
|
11
|
+
c.res.headers.append('Set-Cookie', cookieStr);
|
|
12
|
+
else
|
|
13
|
+
c.header('Set-Cookie', cookieStr);
|
|
14
|
+
}
|
|
5
15
|
// Pulls in the Vike.PageContext.user augmentation so app code can read
|
|
6
16
|
// `pageContext.user` with full typing when this package is installed.
|
|
7
17
|
import './types/vike.js';
|
|
@@ -14,6 +24,7 @@ export { Gate, Policy, AuthorizationError } from './gate.js';
|
|
|
14
24
|
export { PasswordBroker, MemoryTokenRepository } from './password-reset.js';
|
|
15
25
|
export { EnsureEmailIsVerified, verificationUrl, handleEmailVerification, mustVerifyEmail } from './verification.js';
|
|
16
26
|
export { RequireGuest } from './require-guest.js';
|
|
27
|
+
export { newRememberToken, encodeRememberCookie, decodeRememberCookie, rememberCookieAttrs, } from './remember.js';
|
|
17
28
|
export { BaseAuthController, DEFAULT_AUTH_RATE_LIMITS } from './base-auth-controller.js';
|
|
18
29
|
// ─── Helpers ──────────────────────────────────────────────
|
|
19
30
|
/**
|
|
@@ -118,9 +129,51 @@ export function AuthMiddleware(guardName) {
|
|
|
118
129
|
catch { /* read-only */ }
|
|
119
130
|
}
|
|
120
131
|
};
|
|
121
|
-
|
|
132
|
+
// Flush a queued remember directive (set on login(…, true) / logout) to the
|
|
133
|
+
// response cookie. Runs inside the remember ALS scope established below.
|
|
134
|
+
const attrs = rememberCookieAttrs();
|
|
135
|
+
const flushRemember = () => {
|
|
136
|
+
const directive = takeRememberDirective();
|
|
137
|
+
if (!directive)
|
|
138
|
+
return;
|
|
139
|
+
if (directive.action === 'set') {
|
|
140
|
+
// resolveRememberSecret throws in production without AUTH_SECRET — the
|
|
141
|
+
// app explicitly opted into remember-me, so surface that.
|
|
142
|
+
const value = encodeRememberCookie(directive.userId, directive.token, resolveRememberSecret());
|
|
143
|
+
writeResponseCookie(res, buildRememberCookie(value, attrs));
|
|
144
|
+
}
|
|
145
|
+
else {
|
|
146
|
+
writeResponseCookie(res, buildRememberCookie(null, attrs));
|
|
147
|
+
}
|
|
148
|
+
};
|
|
149
|
+
await runWithRemember(() => runWithAuth(manager, async () => {
|
|
150
|
+
// No active session — try to resume one from a remember cookie before the
|
|
151
|
+
// handler runs, so `req.user` / `Auth.user()` resolve as usual.
|
|
152
|
+
let initialUid = session?.get('auth_user_id');
|
|
153
|
+
if (!initialUid) {
|
|
154
|
+
const rememberRaw = parseCookie(req.headers['cookie'] ?? '', attrs.cookie);
|
|
155
|
+
if (rememberRaw) {
|
|
156
|
+
// Resolve the signing secret; if it's unavailable (prod without
|
|
157
|
+
// AUTH_SECRET) we can't verify the cookie, so fail closed.
|
|
158
|
+
let secret;
|
|
159
|
+
try {
|
|
160
|
+
secret = resolveRememberSecret();
|
|
161
|
+
}
|
|
162
|
+
catch {
|
|
163
|
+
secret = null;
|
|
164
|
+
}
|
|
165
|
+
const decoded = secret ? decodeRememberCookie(rememberRaw, secret) : null;
|
|
166
|
+
if (decoded) {
|
|
167
|
+
const guard = Auth.guard(resolvedGuard);
|
|
168
|
+
try {
|
|
169
|
+
await guard.loginViaRememberCookie?.(decoded.userId, decoded.token);
|
|
170
|
+
}
|
|
171
|
+
catch { /* a DB hiccup during auto-login must not 500 the request */ }
|
|
172
|
+
initialUid = session?.get('auth_user_id');
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
}
|
|
122
176
|
// Initial sync so the handler sees req.user (fetches only if session has auth_user_id).
|
|
123
|
-
const initialUid = session?.get('auth_user_id');
|
|
124
177
|
if (initialUid)
|
|
125
178
|
await syncUser();
|
|
126
179
|
// try/finally so a handler that signs the user in (or out) and then
|
|
@@ -156,9 +209,19 @@ export function AuthMiddleware(guardName) {
|
|
|
156
209
|
throw syncErr;
|
|
157
210
|
}
|
|
158
211
|
}
|
|
212
|
+
// Write any queued remember cookie (login/logout during the handler) to
|
|
213
|
+
// the response, even when the handler threw — same posture as session
|
|
214
|
+
// save. A flush error is only surfaced when the handler itself succeeded.
|
|
215
|
+
try {
|
|
216
|
+
flushRemember();
|
|
217
|
+
}
|
|
218
|
+
catch (flushErr) {
|
|
219
|
+
if (!handlerThrew)
|
|
220
|
+
throw flushErr;
|
|
221
|
+
}
|
|
159
222
|
if (handlerThrew)
|
|
160
223
|
throw handlerError;
|
|
161
|
-
});
|
|
224
|
+
}));
|
|
162
225
|
};
|
|
163
226
|
fn[REQUEST_CONTEXT] = true;
|
|
164
227
|
return fn;
|
|
@@ -216,11 +279,13 @@ export class AuthProvider extends ServiceProvider {
|
|
|
216
279
|
}
|
|
217
280
|
async boot() {
|
|
218
281
|
const cfg = config('auth');
|
|
219
|
-
// Resolve Hash.check from DI
|
|
282
|
+
// Resolve Hash.check + Hash.make from DI
|
|
220
283
|
let hashCheck;
|
|
284
|
+
let hashMake;
|
|
221
285
|
try {
|
|
222
286
|
const hashDriver = this.app.make('hash');
|
|
223
287
|
hashCheck = (plain, hashed) => hashDriver.check(plain, hashed);
|
|
288
|
+
hashMake = (plain) => hashDriver.make(plain);
|
|
224
289
|
}
|
|
225
290
|
catch {
|
|
226
291
|
throw new Error('[RudderJS Auth] No hash driver found. Register HashProvider before AuthProvider.');
|
|
@@ -229,7 +294,7 @@ export class AuthProvider extends ServiceProvider {
|
|
|
229
294
|
const getSession = () => {
|
|
230
295
|
return this.app.make('session.facade');
|
|
231
296
|
};
|
|
232
|
-
const manager = new AuthManager(cfg, hashCheck, getSession);
|
|
297
|
+
const manager = new AuthManager(cfg, hashCheck, getSession, hashMake);
|
|
233
298
|
this.app.instance('auth.manager', manager);
|
|
234
299
|
this.app.instance('auth', Auth);
|
|
235
300
|
// Install AuthMiddleware on the `web` group only — it needs session
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAC5E,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAErD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAmB,MAAM,mBAAmB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAC5E,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAErD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAmB,MAAM,mBAAmB,CAAA;AAIpG,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,WAAW,GACZ,MAAM,eAAe,CAAA;AAOtB;8EAC8E;AAC9E,SAAS,mBAAmB,CAAC,GAAqB,EAAE,SAAiB;IACnE,MAAM,CAAC,GAAG,GAAG,CAAC,GAAsB,CAAA;IACpC,IAAI,CAAC,CAAC,GAAG;QAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;;QACnD,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;AACxC,CAAC;AAUD,uEAAuE;AACvE,sEAAsE;AACtE,OAAO,iBAAiB,CAAA;AAExB,6DAA6D;AAE7D,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAC3G,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAC5D,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAC3E,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACpH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,eAAe,CAAA;AAEtB,OAAO,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAA;AASxF,6DAA6D;AAE7D;;;;;;;;GAQG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC,CAAA;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,MAAM,CAAC,GAAG,IAA+B,CAAA;IACzC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAA;IACrC,MAAM,SAAS,GAAI,CAAC,CAAC,WAAW,CAAkC,CAAA;IAClE,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClD,CAAC;IACD,MAAM,KAAK,GAA4B,EAAE,CAAA;IACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,KAAK,UAAU;YAAE,SAAQ;QACrC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAQ;QAC3B,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IACD,2EAA2E;IAC3E,2EAA2E;IAC3E,0EAA0E;IAC1E,OAAO;QACL,GAAG,KAAK;QACR,EAAE,EAAK,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAChC,IAAI,EAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAClC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;KACpC,CAAA;AACH,CAAC;AAED,6DAA6D;AAE7D;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,SAAkB;IAC/C,MAAM,EAAE,GAAsB,KAAK,UAAU,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QACxE,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAAc,cAAc,CAAC,CAAA;QACvD,MAAM,aAAa,GAAG,SAAS,IAAK,OAA6C,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAA;QAEvG,MAAM,MAAM,GAAG,GAAG,CAAC,GAA8B,CAAA;QACjD,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,CAA4C,CAAA;QAElF,4EAA4E;QAC5E,2EAA2E;QAC3E,2EAA2E;QAC3E,2EAA2E;QAC3E,uEAAuE;QACvE,0EAA0E;QAC1E,0BAA0B;QAC1B,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;YACjD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9D,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAA4B,CAAA;oBACjE,oEAAoE;oBACpE,6DAA6D;oBAC7D,MAAM,QAAQ,GAAoB;wBAChC,GAAG,MAAM;wBACT,iBAAiB,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;qBACjC,CAAA;oBACpB,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAA;oBACnC,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;oBAC5B,IAAI,CAAC;wBAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;oBAE7F,OAAO,eAAe,CAAC,QAAQ,EAAE,GAAG,EAAE,CACpC,WAAW,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CACnC,CAAA;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,gEAAgE;gBAClE,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;YAC1B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAA;YACnD,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;gBAC/B,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;gBAC5B,IAAI,CAAC;oBAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;YAC/F,CAAC;iBAAM,CAAC;gBACN,OAAO,MAAM,CAAC,YAAY,CAAC,CAAA;gBAC3B,IAAI,CAAC;oBAAC,OAAQ,GAA0C,CAAC,MAAM,CAAC,CAAA;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAA;QAED,4EAA4E;QAC5E,yEAAyE;QACzE,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAA;QACnC,MAAM,aAAa,GAAG,GAAG,EAAE;YACzB,MAAM,SAAS,GAAG,qBAAqB,EAAE,CAAA;YACzC,IAAI,CAAC,SAAS;gBAAE,OAAM;YACtB,IAAI,SAAS,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC/B,uEAAuE;gBACvE,0DAA0D;gBAC1D,MAAM,KAAK,GAAG,oBAAoB,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAA;gBAC9F,mBAAmB,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;YAC7D,CAAC;iBAAM,CAAC;gBACN,mBAAmB,CAAC,GAAG,EAAE,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAA;YAC5D,CAAC;QACH,CAAC,CAAA;QAED,MAAM,eAAe,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YAC1D,0EAA0E;YAC1E,gEAAgE;YAChE,IAAI,UAAU,GAAG,OAAO,EAAE,GAAG,CAAC,cAAc,CAAuB,CAAA;YACnE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;gBAC1E,IAAI,WAAW,EAAE,CAAC;oBAChB,gEAAgE;oBAChE,2DAA2D;oBAC3D,IAAI,MAAqB,CAAA;oBACzB,IAAI,CAAC;wBAAC,MAAM,GAAG,qBAAqB,EAAE,CAAA;oBAAC,CAAC;oBAAC,MAAM,CAAC;wBAAC,MAAM,GAAG,IAAI,CAAA;oBAAC,CAAC;oBAChE,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzE,IAAI,OAAO,EAAE,CAAC;wBACZ,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAA4B,CAAA;wBAClE,IAAI,CAAC;4BAAC,MAAM,KAAK,CAAC,sBAAsB,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;wBAAC,CAAC;wBAC3E,MAAM,CAAC,CAAC,4DAA4D,CAAC,CAAC;wBACtE,UAAU,GAAG,OAAO,EAAE,GAAG,CAAC,cAAc,CAAuB,CAAA;oBACjE,CAAC;gBACH,CAAC;YACH,CAAC;YAED,wFAAwF;YACxF,IAAI,UAAU;gBAAE,MAAM,QAAQ,EAAE,CAAA;YAEhC,oEAAoE;YACpE,uEAAuE;YACvE,oEAAoE;YACpE,mCAAmC;YACnC,IAAI,YAAqB,CAAA;YACzB,IAAI,YAAY,GAAG,KAAK,CAAA;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,EAAE,CAAA;YACd,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,YAAY,GAAG,GAAG,CAAA;gBAClB,YAAY,GAAG,IAAI,CAAA;YACrB,CAAC;YAED,MAAM,QAAQ,GAAG,OAAO,EAAE,GAAG,CAAC,cAAc,CAAuB,CAAA;YACnE,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAC5B,IAAI,CAAC;oBACH,IAAI,QAAQ;wBAAE,MAAM,QAAQ,EAAE,CAAA;yBACzB,CAAC;wBACJ,OAAO,MAAM,CAAC,YAAY,CAAC,CAAA;wBAC3B,IAAI,CAAC;4BAAC,OAAQ,GAA0C,CAAC,MAAM,CAAC,CAAA;wBAAC,CAAC;wBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;oBAC9F,CAAC;gBACH,CAAC;gBAAC,OAAO,OAAO,EAAE,CAAC;oBACjB,iEAAiE;oBACjE,4DAA4D;oBAC5D,IAAI,CAAC,YAAY;wBAAE,MAAM,OAAO,CAAA;gBAClC,CAAC;YACH,CAAC;YAED,wEAAwE;YACxE,sEAAsE;YACtE,0EAA0E;YAC1E,IAAI,CAAC;gBAAC,aAAa,EAAE,CAAA;YAAC,CAAC;YAAC,OAAO,QAAQ,EAAE,CAAC;gBAAC,IAAI,CAAC,YAAY;oBAAE,MAAM,QAAQ,CAAA;YAAC,CAAC;YAE9E,IAAI,YAAY;gBAAE,MAAM,YAAY,CAAA;QACtC,CAAC,CAAC,CAAC,CAAA;IACL,CAAC,CAMA;IAAC,EAAyC,CAAC,eAAe,CAAC,GAAG,IAAI,CAAA;IACnE,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,SAAkB;IAC5C,OAAO,KAAK,UAAU,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QAC9C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAAc,cAAc,CAAC,CAAA;QAEvD,MAAM,WAAW,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,IAAK,OAA6C,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YAC3G,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAA;YAE/B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAA;gBAClD,OAAM;YACR,CAAC;YAED,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAC9B;YAAC,GAAG,CAAC,GAA+B,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;YAC3D,IAAI,CAAC;gBAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;YAE7F,MAAM,IAAI,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC;AAED,6DAA6D;AAE7D;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,YAAa,SAAQ,eAAe;IAC/C,QAAQ;QACN,yEAAyE;QACzE,2FAA2F;QAC3F,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAA;QAC/I,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,CAAC,CAAA;QAErJ,sCAAsC;QACtC,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACzF,IAAI,CAAC,SAAS,CAAC;YACb,EAAE,IAAI,EAAE,GAAG,SAAS,cAAc,EAAa,EAAE,EAAE,eAAe,EAAI,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,QAAiB,EAAE;YAClH,EAAE,IAAI,EAAE,GAAG,SAAS,yBAAyB,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,QAAiB,EAAE;YAC9I,EAAE,IAAI,EAAE,GAAG,SAAS,qBAAqB,EAAM,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,YAAqB,EAAE;YAClJ,EAAE,IAAI,EAAE,GAAG,SAAS,wBAAwB,EAAG,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,OAAgB,EAAE;SAC9I,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,MAAM,CAAa,MAAM,CAAC,CAAA;QAEtC,yCAAyC;QACzC,IAAI,SAA8D,CAAA;QAClE,IAAI,QAA6C,CAAA;QACjD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAsF,MAAM,CAAC,CAAA;YAC7H,SAAS,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;YAC9D,QAAQ,GAAI,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAA;QACH,CAAC;QAED,0EAA0E;QAC1E,MAAM,UAAU,GAAG,GAAiB,EAAE;YACpC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAe,gBAAgB,CAAC,CAAA;QACtD,CAAC,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;QACrE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAA;QAC1C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;QAE/B,oEAAoE;QACpE,oEAAoE;QACpE,iFAAiF;QACjF,oDAAoD;QACpD,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,CAAC,CAAA;QAEtC,sEAAsE;QACtE,qEAAqE;QACrE,uEAAuE;QACvE,MAAM,wBAAwB,EAAE,CAAA;IAClC,CAAC;CACF;AAED,KAAK,UAAU,wBAAwB;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,uCAAuC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAE1E,CAAA;QACR,IAAI,CAAC,GAAG,EAAE,2BAA2B;YAAE,OAAM;QAE7C,GAAG,CAAC,2BAA2B,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE;YACpD,IAAI,CAAC;gBACH,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAA;gBAC3B,WAAW,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAC9C,CAAC;YAAC,MAAM,CAAC;gBACP,WAAW,CAAC,IAAI,GAAG,IAAI,CAAA;YACzB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password-reset.d.ts","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAInE,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IACvE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAC/B;AAID,MAAM,MAAM,mBAAmB,GAC3B,iBAAiB,GACjB,gBAAgB,GAChB,cAAc,GACd,eAAe,GACf,eAAe,GACf,WAAW,CAAA;AAIf,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAMD,qBAAa,cAAc;IAMvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAPzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAQ;IACjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;gBAGZ,MAAM,EAAE,eAAe,EACvB,KAAK,EAAE,YAAY,EACnB,MAAM,GAAE,mBAAwB;IAoBnD;;;;OAIG;IACG,aAAa,CACjB,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,EAC9B,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAChE,OAAO,CAAC,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"password-reset.d.ts","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAInE,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IACvE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAC/B;AAID,MAAM,MAAM,mBAAmB,GAC3B,iBAAiB,GACjB,gBAAgB,GAChB,cAAc,GACd,eAAe,GACf,eAAe,GACf,WAAW,CAAA;AAIf,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAMD,qBAAa,cAAc;IAMvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAPzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAQ;IACjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;gBAGZ,MAAM,EAAE,eAAe,EACvB,KAAK,EAAE,YAAY,EACnB,MAAM,GAAE,mBAAwB;IAoBnD;;;;OAIG;IACG,aAAa,CACjB,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,EAC9B,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAChE,OAAO,CAAC,mBAAmB,CAAC;IAqC/B;;;;OAIG;IACG,KAAK,CACT,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,EAC/D,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GACnE,OAAO,CAAC,mBAAmB,CAAC;IAwB/B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;CAMpB;AAID;;;;;;GAMG;AACH,qBAAa,qBAAsB,YAAW,eAAe;IAC3D,OAAO,CAAC,KAAK,CAAyE;IAEhF,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;IAKvE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;CAMrC"}
|
package/dist/password-reset.js
CHANGED
|
@@ -37,8 +37,18 @@ export class PasswordBroker {
|
|
|
37
37
|
*/
|
|
38
38
|
async sendResetLink(credentials, sendLink) {
|
|
39
39
|
const user = await this.users.retrieveByCredentials({ email: credentials.email });
|
|
40
|
-
if (!user)
|
|
40
|
+
if (!user) {
|
|
41
|
+
// Anti-enumeration: don't return faster than the registered-user path.
|
|
42
|
+
// Run the same early token-store round-trip and token-hash work before
|
|
43
|
+
// returning, so an attacker can't tell "no account" from "throttled /
|
|
44
|
+
// sent" by latency on the otherwise-constant `{ status: 'sent' }`
|
|
45
|
+
// response. The mail send itself can't be faked for a non-existent
|
|
46
|
+
// address — queue it (so the response doesn't block on delivery) to fully
|
|
47
|
+
// flatten the remaining gap.
|
|
48
|
+
await this.tokens.find(credentials.email);
|
|
49
|
+
this.hashToken(randomBytes(32).toString('hex'));
|
|
41
50
|
return 'INVALID_USER';
|
|
51
|
+
}
|
|
42
52
|
// Throttle check
|
|
43
53
|
const existing = await this.tokens.find(credentials.email);
|
|
44
54
|
if (existing) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password-reset.js","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AA0C3C,6DAA6D;AAE7D,IAAI,gBAAgB,GAAG,KAAK,CAAA;AAE5B,MAAM,OAAO,cAAc;IAMN;IACA;IACA;IAPF,MAAM,CAAQ;IACd,QAAQ,CAAQ;IAChB,MAAM,CAAQ;IAE/B,YACmB,MAAuB,EACvB,KAAmB,EACnB,SAA8B,EAAE;QAFhC,WAAM,GAAN,MAAM,CAAiB;QACvB,UAAK,GAAL,KAAK,CAAc;QACnB,WAAM,GAAN,MAAM,CAA0B;QAEjD,IAAI,CAAC,MAAM,GAAK,MAAM,CAAC,MAAM,IAAM,EAAE,CAAA;QACrC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAA;QACrC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;QAC7B,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,qEAAqE;gBACrE,gHAAgH,CACjH,CAAA;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,UAAU,CAAC,MAAM,EAAE,sGAAsG,CAAC,CAAA;gBAC1H,gBAAgB,GAAG,IAAI,CAAA;YACzB,CAAC;YACD,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAA;QAChC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CACjB,WAA8B,EAC9B,QAAiE;QAEjE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;QACjF,IAAI,CAAC,IAAI;
|
|
1
|
+
{"version":3,"file":"password-reset.js","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AA0C3C,6DAA6D;AAE7D,IAAI,gBAAgB,GAAG,KAAK,CAAA;AAE5B,MAAM,OAAO,cAAc;IAMN;IACA;IACA;IAPF,MAAM,CAAQ;IACd,QAAQ,CAAQ;IAChB,MAAM,CAAQ;IAE/B,YACmB,MAAuB,EACvB,KAAmB,EACnB,SAA8B,EAAE;QAFhC,WAAM,GAAN,MAAM,CAAiB;QACvB,UAAK,GAAL,KAAK,CAAc;QACnB,WAAM,GAAN,MAAM,CAA0B;QAEjD,IAAI,CAAC,MAAM,GAAK,MAAM,CAAC,MAAM,IAAM,EAAE,CAAA;QACrC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAA;QACrC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;QAC7B,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,qEAAqE;gBACrE,gHAAgH,CACjH,CAAA;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,UAAU,CAAC,MAAM,EAAE,sGAAsG,CAAC,CAAA;gBAC1H,gBAAgB,GAAG,IAAI,CAAA;YACzB,CAAC;YACD,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAA;QAChC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CACjB,WAA8B,EAC9B,QAAiE;QAEjE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;QACjF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,uEAAuE;YACvE,uEAAuE;YACvE,sEAAsE;YACtE,kEAAkE;YAClE,mEAAmE;YACnE,0EAA0E;YAC1E,6BAA6B;YAC7B,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YACzC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;YAC/C,OAAO,cAAc,CAAA;QACvB,CAAC;QAED,iBAAiB;QACjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAC1D,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAA;YAClE,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ;gBAAE,OAAO,WAAW,CAAA;QACjD,CAAC;QAED,iBAAiB;QACjB,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAC9C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAA;QAE7D,mCAAmC;QACnC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAC3C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,SAAS,CAAC,CAAA;QAEnE,qCAAqC;QACrC,MAAM,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QAEhC,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CACT,WAA+D,EAC/D,QAAoE;QAEpE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;QACjF,IAAI,CAAC,IAAI;YAAE,OAAO,cAAc,CAAA;QAEhC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM;YAAE,OAAO,eAAe,CAAA;QAEnC,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;YAAE,OAAO,eAAe,CAAA;QAE9E,eAAe;QACf,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,MAAM,CAAA;QAC9D,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC3C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,QAAQ;QACR,MAAM,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAA;QAC1C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAE3C,OAAO,gBAAgB,CAAA;IACzB,CAAC;IAEO,SAAS,CAAC,KAAa;QAC7B,OAAO,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACtE,CAAC;IAEO,WAAW,CAAC,KAAa,EAAE,MAAc;QAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAK,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAC3C,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QACnD,OAAO,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAC1C,CAAC;CACF;AAED,6DAA6D;AAE7D;;;;;;GAMG;AACH,MAAM,OAAO,qBAAqB;IACxB,KAAK,GAAG,IAAI,GAAG,EAA+D,CAAA;IAEtF,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,KAAa,EAAE,SAAe;QACxD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACnC,OAAO,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,IAAI,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC/D,CAAC;IACH,CAAC;CACF"}
|
package/dist/providers.d.ts
CHANGED
|
@@ -6,14 +6,34 @@ type ModelClass = {
|
|
|
6
6
|
};
|
|
7
7
|
};
|
|
8
8
|
find(id: string | number): Promise<Record<string, unknown> | null>;
|
|
9
|
+
update?(id: string | number, data: Record<string, unknown>): Promise<unknown>;
|
|
9
10
|
};
|
|
10
11
|
export declare class EloquentUserProvider implements UserProvider {
|
|
11
12
|
private readonly model;
|
|
12
13
|
private readonly hashCheck;
|
|
13
|
-
|
|
14
|
+
private readonly hashMake?;
|
|
15
|
+
constructor(model: ModelClass, hashCheck: (plain: string, hashed: string) => Promise<boolean>, hashMake?: ((plain: string) => Promise<string>) | undefined);
|
|
14
16
|
retrieveById(id: string): Promise<Authenticatable | null>;
|
|
15
17
|
retrieveByCredentials(credentials: Record<string, unknown>): Promise<Authenticatable | null>;
|
|
16
18
|
validateCredentials(user: Authenticatable, credentials: Record<string, unknown>): Promise<boolean>;
|
|
19
|
+
/**
|
|
20
|
+
* Run a password verify against a throwaway hash and discard the result.
|
|
21
|
+
* Called when no user matched the credentials, so that the "no such account"
|
|
22
|
+
* path costs the same as the "wrong password" path — otherwise an attacker
|
|
23
|
+
* can distinguish registered from unregistered identifiers by timing (the
|
|
24
|
+
* real path pays the deliberately-expensive bcrypt/argon verify; the missing
|
|
25
|
+
* path used to return instantly).
|
|
26
|
+
*/
|
|
27
|
+
fakeValidateCredentials(credentials: Record<string, unknown>): Promise<void>;
|
|
28
|
+
/**
|
|
29
|
+
* Resolve a user by id and validate a "remember me" token against the stored
|
|
30
|
+
* one in constant time. Returns null when the user is gone, has no stored
|
|
31
|
+
* token (remember-me was never enabled / was cycled by logout), or the token
|
|
32
|
+
* doesn't match — so a stolen-then-revoked cookie stops working immediately.
|
|
33
|
+
*/
|
|
34
|
+
retrieveByToken(userId: string, token: string): Promise<Authenticatable | null>;
|
|
35
|
+
/** Persist a new remember token on the user's row (null clears it). */
|
|
36
|
+
updateRememberToken(userId: string, token: string | null): Promise<void>;
|
|
17
37
|
}
|
|
18
38
|
export declare function toAuthenticatable(record: Record<string, unknown>): Authenticatable & Record<string, unknown>;
|
|
19
39
|
export {};
|
package/dist/providers.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAKnE,KAAK,UAAU,GAAG;IAChB,KAAK,IAAI;QAAE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,GAAG;YAAE,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;IACnG,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA;IAClE,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CAC9E,CAAA;AAsBD,qBAAa,oBAAqB,YAAW,YAAY;IAErD,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAFT,KAAK,EAAE,UAAU,EACjB,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAC9D,QAAQ,CAAC,GAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,aAAA;IAG1D,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAKzD,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAa5F,mBAAmB,CAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAMxG;;;;;;;OAOG;IACG,uBAAuB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAOlF;;;;;OAKG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IASrF,uEAAuE;IACjE,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/E;AAID,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAQ5G"}
|
package/dist/providers.js
CHANGED
|
@@ -1,9 +1,29 @@
|
|
|
1
|
+
import { safeStringEqual } from './remember.js';
|
|
2
|
+
// A real bcrypt hash of a throwaway string. Used as the dummy-verify target
|
|
3
|
+
// when no `make` fn was passed (test/stub construction) so the no-user branch
|
|
4
|
+
// still feeds the configured `check` a well-formed digest. In production the
|
|
5
|
+
// manager threads `hashMake`, so the dummy is computed in the app's own
|
|
6
|
+
// algorithm (bcrypt OR argon2) — see `dummyHashFor`.
|
|
7
|
+
const FALLBACK_DUMMY_HASH = '$2a$10$RfVjvydv7Dzo0vs.E/ARheQhK9irIOkOwCo2ygy/8UNo3G9ecRPSK';
|
|
8
|
+
// One dummy hash per hasher, computed lazily and cached for the process. Keyed
|
|
9
|
+
// by the `make` fn so distinct hashers (e.g. across tests) never share a hash.
|
|
10
|
+
const _dummyHashCache = new WeakMap();
|
|
11
|
+
function dummyHashFor(hashMake) {
|
|
12
|
+
let p = _dummyHashCache.get(hashMake);
|
|
13
|
+
if (!p) {
|
|
14
|
+
p = hashMake('rudderjs/auth dummy password for timing equalization');
|
|
15
|
+
_dummyHashCache.set(hashMake, p);
|
|
16
|
+
}
|
|
17
|
+
return p;
|
|
18
|
+
}
|
|
1
19
|
export class EloquentUserProvider {
|
|
2
20
|
model;
|
|
3
21
|
hashCheck;
|
|
4
|
-
|
|
22
|
+
hashMake;
|
|
23
|
+
constructor(model, hashCheck, hashMake) {
|
|
5
24
|
this.model = model;
|
|
6
25
|
this.hashCheck = hashCheck;
|
|
26
|
+
this.hashMake = hashMake;
|
|
7
27
|
}
|
|
8
28
|
async retrieveById(id) {
|
|
9
29
|
const record = await this.model.find(id);
|
|
@@ -27,6 +47,40 @@ export class EloquentUserProvider {
|
|
|
27
47
|
return false;
|
|
28
48
|
return this.hashCheck(plain, user.getAuthPassword());
|
|
29
49
|
}
|
|
50
|
+
/**
|
|
51
|
+
* Run a password verify against a throwaway hash and discard the result.
|
|
52
|
+
* Called when no user matched the credentials, so that the "no such account"
|
|
53
|
+
* path costs the same as the "wrong password" path — otherwise an attacker
|
|
54
|
+
* can distinguish registered from unregistered identifiers by timing (the
|
|
55
|
+
* real path pays the deliberately-expensive bcrypt/argon verify; the missing
|
|
56
|
+
* path used to return instantly).
|
|
57
|
+
*/
|
|
58
|
+
async fakeValidateCredentials(credentials) {
|
|
59
|
+
const plain = credentials['password'];
|
|
60
|
+
const candidate = typeof plain === 'string' ? plain : '';
|
|
61
|
+
const hashed = this.hashMake ? await dummyHashFor(this.hashMake) : FALLBACK_DUMMY_HASH;
|
|
62
|
+
await this.hashCheck(candidate, hashed);
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Resolve a user by id and validate a "remember me" token against the stored
|
|
66
|
+
* one in constant time. Returns null when the user is gone, has no stored
|
|
67
|
+
* token (remember-me was never enabled / was cycled by logout), or the token
|
|
68
|
+
* doesn't match — so a stolen-then-revoked cookie stops working immediately.
|
|
69
|
+
*/
|
|
70
|
+
async retrieveByToken(userId, token) {
|
|
71
|
+
const record = await this.model.find(userId);
|
|
72
|
+
if (!record)
|
|
73
|
+
return null;
|
|
74
|
+
const user = toAuthenticatable(record);
|
|
75
|
+
const stored = user.getRememberToken();
|
|
76
|
+
if (!stored || !safeStringEqual(stored, token))
|
|
77
|
+
return null;
|
|
78
|
+
return user;
|
|
79
|
+
}
|
|
80
|
+
/** Persist a new remember token on the user's row (null clears it). */
|
|
81
|
+
async updateRememberToken(userId, token) {
|
|
82
|
+
await this.model.update?.(userId, { rememberToken: token });
|
|
83
|
+
}
|
|
30
84
|
}
|
|
31
85
|
// ─── Helpers ──────────────────────────────────────────────
|
|
32
86
|
export function toAuthenticatable(record) {
|
package/dist/providers.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"providers.js","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"providers.js","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAU/C,4EAA4E;AAC5E,8EAA8E;AAC9E,6EAA6E;AAC7E,wEAAwE;AACxE,qDAAqD;AACrD,MAAM,mBAAmB,GAAG,8DAA8D,CAAA;AAE1F,+EAA+E;AAC/E,+EAA+E;AAC/E,MAAM,eAAe,GAAG,IAAI,OAAO,EAA2B,CAAA;AAE9D,SAAS,YAAY,CAAC,QAA4C;IAChE,IAAI,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrC,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,CAAC,GAAG,QAAQ,CAAC,sDAAsD,CAAC,CAAA;QACpE,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAA;IAClC,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAED,MAAM,OAAO,oBAAoB;IAEZ;IACA;IACA;IAHnB,YACmB,KAAiB,EACjB,SAA8D,EAC9D,QAA6C;QAF7C,UAAK,GAAL,KAAK,CAAY;QACjB,cAAS,GAAT,SAAS,CAAqD;QAC9D,aAAQ,GAAR,QAAQ,CAAqC;IAC7D,CAAC;IAEJ,KAAK,CAAC,YAAY,CAAC,EAAU;QAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACxC,OAAO,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,WAAoC;QAC9D,MAAM,KAAK,GAAG,EAAE,GAAG,WAAW,EAAE,CAAA;QAChC,OAAO,KAAK,CAAC,UAAU,CAAC,CAAA;QACxB,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAEhD,IAAI,CAAC,GAAY,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAA;QACnC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/C,CAAC,GAAI,CAA+C,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,MAAM,GAAG,MAAO,CAA0D,CAAC,KAAK,EAAE,CAAA;QACxF,OAAO,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,IAAqB,EAAE,WAAoC;QACnF,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAA;QACrC,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAA;QAC3C,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC,CAAA;IACtD,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,uBAAuB,CAAC,WAAoC;QAChE,MAAM,KAAK,GAAO,WAAW,CAAC,UAAU,CAAC,CAAA;QACzC,MAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;QACxD,MAAM,MAAM,GAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAA;QACzF,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;IACzC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,KAAa;QACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC5C,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,MAAM,IAAI,GAAK,iBAAiB,CAAC,MAAM,CAAC,CAAA;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;QACtC,IAAI,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAC3D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,KAAoB;QAC5D,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAA;IAC7D,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,UAAU,iBAAiB,CAAC,MAA+B;IAC/D,OAAO;QACL,GAAG,MAAM;QACT,iBAAiB,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACnD,eAAe,EAAI,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACzD,gBAAgB,EAAG,GAAG,EAAE,CAAE,MAAM,CAAC,eAAe,CAAmB,IAAI,IAAI;QAC3E,gBAAgB,EAAG,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,GAAG,KAAK,CAAA,CAAC,CAAC;KAC1E,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
export interface RememberCookieAttrs {
|
|
2
|
+
/** Cookie name. */
|
|
3
|
+
cookie: string;
|
|
4
|
+
/** Cookie lifetime in days. */
|
|
5
|
+
lifetime: number;
|
|
6
|
+
secure: boolean;
|
|
7
|
+
sameSite: 'lax' | 'strict' | 'none';
|
|
8
|
+
path: string;
|
|
9
|
+
}
|
|
10
|
+
export type RememberDirective = {
|
|
11
|
+
action: 'set';
|
|
12
|
+
userId: string;
|
|
13
|
+
token: string;
|
|
14
|
+
} | {
|
|
15
|
+
action: 'clear';
|
|
16
|
+
};
|
|
17
|
+
/** Establish a request-scoped channel for the remember directive. */
|
|
18
|
+
export declare function runWithRemember<T>(fn: () => T): T;
|
|
19
|
+
/** Queue a remember directive from the guard (login/logout). No-op outside a
|
|
20
|
+
* request scope (CLI/queue) — there's no response cookie to write there. */
|
|
21
|
+
export declare function setRememberDirective(directive: RememberDirective): void;
|
|
22
|
+
/** Read and clear the queued directive (consumed by AuthMiddleware). */
|
|
23
|
+
export declare function takeRememberDirective(): RememberDirective | null;
|
|
24
|
+
/** A fresh 256-bit remember token (hex). */
|
|
25
|
+
export declare function newRememberToken(): string;
|
|
26
|
+
/** Read a single cookie value out of a `Cookie` request header. */
|
|
27
|
+
export declare function parseCookie(header: string, name: string): string | undefined;
|
|
28
|
+
/** Constant-time string compare, length-safe. */
|
|
29
|
+
export declare function safeStringEqual(a: string, b: string): boolean;
|
|
30
|
+
/** Sign `userId:token` into a self-verifying cookie value. */
|
|
31
|
+
export declare function encodeRememberCookie(userId: string, token: string, secret: string): string;
|
|
32
|
+
/** Verify + parse a remember cookie. Returns null on any tampering. */
|
|
33
|
+
export declare function decodeRememberCookie(value: string, secret: string): {
|
|
34
|
+
userId: string;
|
|
35
|
+
token: string;
|
|
36
|
+
} | null;
|
|
37
|
+
/** Build the `Set-Cookie` value for a remember cookie (or its deletion). */
|
|
38
|
+
export declare function buildRememberCookie(value: string | null, attrs: RememberCookieAttrs): string;
|
|
39
|
+
/** Cookie attributes (name/lifetime/flags). Never throws — safe to call on
|
|
40
|
+
* every request to learn the cookie name without resolving the secret. */
|
|
41
|
+
export declare function rememberCookieAttrs(overrides?: Partial<RememberCookieAttrs>): RememberCookieAttrs;
|
|
42
|
+
/** Resolve the HMAC secret used to sign remember cookies. Mirrors the
|
|
43
|
+
* PasswordBroker posture: throws in production when `AUTH_SECRET` is unset,
|
|
44
|
+
* falls back to a dev placeholder (with a one-time notice) otherwise. Only
|
|
45
|
+
* called when a remember cookie is actually being signed or verified, so an
|
|
46
|
+
* app that never uses remember-me is never forced to set the secret. */
|
|
47
|
+
export declare function resolveRememberSecret(override?: string): string;
|
|
48
|
+
//# sourceMappingURL=remember.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"remember.d.ts","sourceRoot":"","sources":["../src/remember.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,mBAAmB;IAClC,mBAAmB;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAA;IACnC,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,MAAM,iBAAiB,GACzB;IAAE,MAAM,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAChD;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,CAAA;AAUvB,qEAAqE;AACrE,wBAAgB,eAAe,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAEjD;AAED;6EAC6E;AAC7E,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,iBAAiB,GAAG,IAAI,CAGvE;AAED,wEAAwE;AACxE,wBAAgB,qBAAqB,IAAI,iBAAiB,GAAG,IAAI,CAMhE;AAED,4CAA4C;AAC5C,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,mEAAmE;AACnE,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAO5E;AAED,iDAAiD;AACjD,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAK7D;AAMD,8DAA8D;AAC9D,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAG1F;AAED,uEAAuE;AACvE,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAmB5G;AAED,4EAA4E;AAC5E,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,mBAAmB,GAAG,MAAM,CAa5F;AAED;2EAC2E;AAC3E,wBAAgB,mBAAmB,CAAC,SAAS,GAAE,OAAO,CAAC,mBAAmB,CAAM,GAAG,mBAAmB,CAQrG;AAID;;;;yEAIyE;AACzE,wBAAgB,qBAAqB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAe/D"}
|
package/dist/remember.js
ADDED
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
import { AsyncLocalStorage } from 'node:async_hooks';
|
|
2
|
+
import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
|
|
3
|
+
import { bootNotice } from '@rudderjs/core';
|
|
4
|
+
// globalThis-hoisted ALS, same duplicate-bundle reasoning as the auth ALS.
|
|
5
|
+
const ALS_KEY = '__rudderjs_auth_remember_als__';
|
|
6
|
+
const _alsGlobal = globalThis;
|
|
7
|
+
const _als = _alsGlobal[ALS_KEY]
|
|
8
|
+
?? (() => { const a = new AsyncLocalStorage(); _alsGlobal[ALS_KEY] = a; return a; })();
|
|
9
|
+
/** Establish a request-scoped channel for the remember directive. */
|
|
10
|
+
export function runWithRemember(fn) {
|
|
11
|
+
return _als.run({ directive: null }, fn);
|
|
12
|
+
}
|
|
13
|
+
/** Queue a remember directive from the guard (login/logout). No-op outside a
|
|
14
|
+
* request scope (CLI/queue) — there's no response cookie to write there. */
|
|
15
|
+
export function setRememberDirective(directive) {
|
|
16
|
+
const bag = _als.getStore();
|
|
17
|
+
if (bag)
|
|
18
|
+
bag.directive = directive;
|
|
19
|
+
}
|
|
20
|
+
/** Read and clear the queued directive (consumed by AuthMiddleware). */
|
|
21
|
+
export function takeRememberDirective() {
|
|
22
|
+
const bag = _als.getStore();
|
|
23
|
+
if (!bag)
|
|
24
|
+
return null;
|
|
25
|
+
const directive = bag.directive;
|
|
26
|
+
bag.directive = null;
|
|
27
|
+
return directive;
|
|
28
|
+
}
|
|
29
|
+
/** A fresh 256-bit remember token (hex). */
|
|
30
|
+
export function newRememberToken() {
|
|
31
|
+
return randomBytes(32).toString('hex');
|
|
32
|
+
}
|
|
33
|
+
/** Read a single cookie value out of a `Cookie` request header. */
|
|
34
|
+
export function parseCookie(header, name) {
|
|
35
|
+
for (const part of header.split(';')) {
|
|
36
|
+
const eq = part.indexOf('=');
|
|
37
|
+
if (eq === -1)
|
|
38
|
+
continue;
|
|
39
|
+
if (part.slice(0, eq).trim() === name)
|
|
40
|
+
return part.slice(eq + 1).trim();
|
|
41
|
+
}
|
|
42
|
+
return undefined;
|
|
43
|
+
}
|
|
44
|
+
/** Constant-time string compare, length-safe. */
|
|
45
|
+
export function safeStringEqual(a, b) {
|
|
46
|
+
const ab = Buffer.from(a, 'utf8');
|
|
47
|
+
const bb = Buffer.from(b, 'utf8');
|
|
48
|
+
if (ab.length !== bb.length)
|
|
49
|
+
return false;
|
|
50
|
+
return timingSafeEqual(ab, bb);
|
|
51
|
+
}
|
|
52
|
+
function hmac(value, secret) {
|
|
53
|
+
return createHmac('sha256', secret).update(value).digest('base64url');
|
|
54
|
+
}
|
|
55
|
+
/** Sign `userId:token` into a self-verifying cookie value. */
|
|
56
|
+
export function encodeRememberCookie(userId, token, secret) {
|
|
57
|
+
const body = Buffer.from(JSON.stringify({ id: userId, token })).toString('base64url');
|
|
58
|
+
return `${body}.${hmac(body, secret)}`;
|
|
59
|
+
}
|
|
60
|
+
/** Verify + parse a remember cookie. Returns null on any tampering. */
|
|
61
|
+
export function decodeRememberCookie(value, secret) {
|
|
62
|
+
const dot = value.lastIndexOf('.');
|
|
63
|
+
if (dot <= 0)
|
|
64
|
+
return null;
|
|
65
|
+
const body = value.slice(0, dot);
|
|
66
|
+
const sig = value.slice(dot + 1);
|
|
67
|
+
const expected = hmac(body, secret);
|
|
68
|
+
// Constant-time signature check before touching the payload.
|
|
69
|
+
const sigBuf = Buffer.from(sig, 'base64url');
|
|
70
|
+
const expBuf = Buffer.from(expected, 'base64url');
|
|
71
|
+
if (sigBuf.length !== expBuf.length || !timingSafeEqual(sigBuf, expBuf))
|
|
72
|
+
return null;
|
|
73
|
+
try {
|
|
74
|
+
const parsed = JSON.parse(Buffer.from(body, 'base64url').toString('utf8'));
|
|
75
|
+
const id = parsed['id'];
|
|
76
|
+
const token = parsed['token'];
|
|
77
|
+
if (typeof id !== 'string' || typeof token !== 'string' || !id || !token)
|
|
78
|
+
return null;
|
|
79
|
+
return { userId: id, token };
|
|
80
|
+
}
|
|
81
|
+
catch {
|
|
82
|
+
return null;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
/** Build the `Set-Cookie` value for a remember cookie (or its deletion). */
|
|
86
|
+
export function buildRememberCookie(value, attrs) {
|
|
87
|
+
const maxAge = value === null ? 0 : attrs.lifetime * 24 * 60 * 60;
|
|
88
|
+
const parts = [
|
|
89
|
+
`${attrs.cookie}=${value ?? ''}`,
|
|
90
|
+
`Path=${attrs.path}`,
|
|
91
|
+
`Max-Age=${maxAge}`,
|
|
92
|
+
`SameSite=${attrs.sameSite}`,
|
|
93
|
+
'HttpOnly',
|
|
94
|
+
];
|
|
95
|
+
// SameSite=None requires Secure (browsers drop it otherwise); same rule the
|
|
96
|
+
// session driver follows.
|
|
97
|
+
if (attrs.secure || attrs.sameSite === 'none')
|
|
98
|
+
parts.push('Secure');
|
|
99
|
+
return parts.join('; ');
|
|
100
|
+
}
|
|
101
|
+
/** Cookie attributes (name/lifetime/flags). Never throws — safe to call on
|
|
102
|
+
* every request to learn the cookie name without resolving the secret. */
|
|
103
|
+
export function rememberCookieAttrs(overrides = {}) {
|
|
104
|
+
return {
|
|
105
|
+
cookie: overrides.cookie ?? 'rudderjs_remember',
|
|
106
|
+
lifetime: overrides.lifetime ?? 400, // days; browsers cap persistent cookies at ~400d
|
|
107
|
+
secure: overrides.secure ?? (process.env['NODE_ENV'] === 'production'),
|
|
108
|
+
sameSite: overrides.sameSite ?? 'lax',
|
|
109
|
+
path: overrides.path ?? '/',
|
|
110
|
+
};
|
|
111
|
+
}
|
|
112
|
+
let _devSecretWarned = false;
|
|
113
|
+
/** Resolve the HMAC secret used to sign remember cookies. Mirrors the
|
|
114
|
+
* PasswordBroker posture: throws in production when `AUTH_SECRET` is unset,
|
|
115
|
+
* falls back to a dev placeholder (with a one-time notice) otherwise. Only
|
|
116
|
+
* called when a remember cookie is actually being signed or verified, so an
|
|
117
|
+
* app that never uses remember-me is never forced to set the secret. */
|
|
118
|
+
export function resolveRememberSecret(override) {
|
|
119
|
+
if (override)
|
|
120
|
+
return override;
|
|
121
|
+
const envSecret = process.env['AUTH_SECRET'];
|
|
122
|
+
if (envSecret)
|
|
123
|
+
return envSecret;
|
|
124
|
+
if (process.env['NODE_ENV'] === 'production') {
|
|
125
|
+
throw new Error('[RudderJS Auth] "remember me" requires AUTH_SECRET in production so the ' +
|
|
126
|
+
'remember cookie can be signed. Set AUTH_SECRET (>= 32 chars) in .env.');
|
|
127
|
+
}
|
|
128
|
+
if (!_devSecretWarned) {
|
|
129
|
+
bootNotice('auth', 'using a dev remember-me secret — set AUTH_SECRET (>= 32 chars) for production');
|
|
130
|
+
_devSecretWarned = true;
|
|
131
|
+
}
|
|
132
|
+
return 'rudderjs-dev-remember-secret';
|
|
133
|
+
}
|
|
134
|
+
//# sourceMappingURL=remember.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"remember.js","sourceRoot":"","sources":["../src/remember.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAmC3C,2EAA2E;AAC3E,MAAM,OAAO,GAAG,gCAAgC,CAAA;AAChD,MAAM,UAAU,GAAG,UAAqC,CAAA;AACxD,MAAM,IAAI,GAAoC,UAAU,CAAC,OAAO,CAAgD;OAC3G,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,IAAI,iBAAiB,EAAe,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA,CAAC,CAAC,CAAC,EAAE,CAAA;AAEpG,qEAAqE;AACrE,MAAM,UAAU,eAAe,CAAI,EAAW;IAC5C,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAA;AAC1C,CAAC;AAED;6EAC6E;AAC7E,MAAM,UAAU,oBAAoB,CAAC,SAA4B;IAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;IAC3B,IAAI,GAAG;QAAE,GAAG,CAAC,SAAS,GAAG,SAAS,CAAA;AACpC,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,qBAAqB;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;IAC3B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,CAAA;IAC/B,GAAG,CAAC,SAAS,GAAG,IAAI,CAAA;IACpB,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,gBAAgB;IAC9B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AACxC,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,WAAW,CAAC,MAAc,EAAE,IAAY;IACtD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC5B,IAAI,EAAE,KAAK,CAAC,CAAC;YAAE,SAAQ;QACvB,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IACzE,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,iDAAiD;AACjD,MAAM,UAAU,eAAe,CAAC,CAAS,EAAE,CAAS;IAClD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;IACjC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;IACjC,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACzC,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;AAChC,CAAC;AAED,SAAS,IAAI,CAAC,KAAa,EAAE,MAAc;IACzC,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;AACvE,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,oBAAoB,CAAC,MAAc,EAAE,KAAa,EAAE,MAAc;IAChF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;IACrF,OAAO,GAAG,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAA;AACxC,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,oBAAoB,CAAC,KAAa,EAAE,MAAc;IAChE,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IACzB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAChC,MAAM,GAAG,GAAI,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACnC,6DAA6D;IAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IACjD,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC;QAAE,OAAO,IAAI,CAAA;IACpF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAA4B,CAAA;QACrG,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAA;QACvB,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAA;QAC7B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,EAAE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACrF,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,4EAA4E;AAC5E,MAAM,UAAU,mBAAmB,CAAC,KAAoB,EAAE,KAA0B;IAClF,MAAM,MAAM,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;IACjE,MAAM,KAAK,GAAG;QACZ,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,IAAI,EAAE,EAAE;QAChC,QAAQ,KAAK,CAAC,IAAI,EAAE;QACpB,WAAW,MAAM,EAAE;QACnB,YAAY,KAAK,CAAC,QAAQ,EAAE;QAC5B,UAAU;KACX,CAAA;IACD,4EAA4E;IAC5E,0BAA0B;IAC1B,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACnE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED;2EAC2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,YAA0C,EAAE;IAC9E,OAAO;QACL,MAAM,EAAI,SAAS,CAAC,MAAM,IAAM,mBAAmB;QACnD,QAAQ,EAAE,SAAS,CAAC,QAAQ,IAAI,GAAG,EAAE,iDAAiD;QACtF,MAAM,EAAI,SAAS,CAAC,MAAM,IAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,CAAC;QAC1E,QAAQ,EAAE,SAAS,CAAC,QAAQ,IAAI,KAAK;QACrC,IAAI,EAAM,SAAS,CAAC,IAAI,IAAQ,GAAG;KACpC,CAAA;AACH,CAAC;AAED,IAAI,gBAAgB,GAAG,KAAK,CAAA;AAE5B;;;;yEAIyE;AACzE,MAAM,UAAU,qBAAqB,CAAC,QAAiB;IACrD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAC7B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAC5C,IAAI,SAAS;QAAE,OAAO,SAAS,CAAA;IAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,0EAA0E;YAC1E,uEAAuE,CACxE,CAAA;IACH,CAAC;IACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,UAAU,CAAC,MAAM,EAAE,+EAA+E,CAAC,CAAA;QACnG,gBAAgB,GAAG,IAAI,CAAA;IACzB,CAAC;IACD,OAAO,8BAA8B,CAAA;AACvC,CAAC"}
|
package/dist/session-guard.d.ts
CHANGED
|
@@ -28,8 +28,22 @@ export declare class SessionGuard implements Guard {
|
|
|
28
28
|
id(): Promise<string | null>;
|
|
29
29
|
check(): Promise<boolean>;
|
|
30
30
|
guest(): Promise<boolean>;
|
|
31
|
-
attempt(credentials: Record<string, unknown>,
|
|
32
|
-
|
|
31
|
+
attempt(credentials: Record<string, unknown>, remember?: boolean): Promise<boolean>;
|
|
32
|
+
/**
|
|
33
|
+
* Log a user in. When `remember` is true (and the provider supports
|
|
34
|
+
* persistent tokens), mint a fresh remember token, persist it on the user,
|
|
35
|
+
* and queue a long-lived remember cookie — `AuthMiddleware` writes it to the
|
|
36
|
+
* response. The directive is a no-op outside an HTTP request scope.
|
|
37
|
+
*/
|
|
38
|
+
login(user: Authenticatable, remember?: boolean): Promise<void>;
|
|
39
|
+
/**
|
|
40
|
+
* Resolve a user from a remember cookie's `userId`/`token` and, on a valid
|
|
41
|
+
* constant-time token match, re-establish the session WITHOUT minting a new
|
|
42
|
+
* token (the existing cookie stays valid — the token rotates only on a fresh
|
|
43
|
+
* remember-login or logout). Returns whether auto-login succeeded. Used by
|
|
44
|
+
* AuthMiddleware when there's no active session.
|
|
45
|
+
*/
|
|
46
|
+
loginViaRememberCookie(userId: string, token: string): Promise<boolean>;
|
|
33
47
|
logout(): Promise<void>;
|
|
34
48
|
}
|
|
35
49
|
//# sourceMappingURL=session-guard.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-guard.d.ts","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"session-guard.d.ts","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAO1E,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,SAAS,CAAA;IAChD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAA;IACtC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAC5B;AAED,qBAAa,YAAa,YAAW,KAAK;IAItC,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAJ1B,OAAO,CAAC,KAAK,CAAgD;gBAG1C,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,YAAY;IAGxC;;;;;;;;;;;;;OAaG;IACG,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IA8BvC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAK5B,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBzF;;;;;OAKG;IACG,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAYrE;;;;;;OAMG;IACG,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAUvE,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAa9B"}
|
package/dist/session-guard.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { currentTestUser } from './auth-manager.js';
|
|
2
|
+
import { newRememberToken, setRememberDirective } from './remember.js';
|
|
2
3
|
export class SessionGuard {
|
|
3
4
|
provider;
|
|
4
5
|
session;
|
|
@@ -60,22 +61,63 @@ export class SessionGuard {
|
|
|
60
61
|
async guest() {
|
|
61
62
|
return (await this.user()) === null;
|
|
62
63
|
}
|
|
63
|
-
async attempt(credentials,
|
|
64
|
+
async attempt(credentials, remember) {
|
|
64
65
|
const user = await this.provider.retrieveByCredentials(credentials);
|
|
65
|
-
if (!user)
|
|
66
|
+
if (!user) {
|
|
67
|
+
// Equalize timing with the wrong-password path so an attacker can't
|
|
68
|
+
// enumerate accounts by latency (no user = instant; wrong password =
|
|
69
|
+
// slow bcrypt/argon verify).
|
|
70
|
+
await this.provider.fakeValidateCredentials?.(credentials);
|
|
66
71
|
return false;
|
|
72
|
+
}
|
|
67
73
|
const valid = await this.provider.validateCredentials(user, credentials);
|
|
68
74
|
if (!valid)
|
|
69
75
|
return false;
|
|
70
|
-
await this.login(user);
|
|
76
|
+
await this.login(user, remember);
|
|
71
77
|
return true;
|
|
72
78
|
}
|
|
73
|
-
|
|
79
|
+
/**
|
|
80
|
+
* Log a user in. When `remember` is true (and the provider supports
|
|
81
|
+
* persistent tokens), mint a fresh remember token, persist it on the user,
|
|
82
|
+
* and queue a long-lived remember cookie — `AuthMiddleware` writes it to the
|
|
83
|
+
* response. The directive is a no-op outside an HTTP request scope.
|
|
84
|
+
*/
|
|
85
|
+
async login(user, remember) {
|
|
86
|
+
await this.session.regenerate();
|
|
87
|
+
this.session.put('auth_user_id', user.getAuthIdentifier());
|
|
88
|
+
this._user = user;
|
|
89
|
+
if (remember && this.provider.updateRememberToken) {
|
|
90
|
+
const token = newRememberToken();
|
|
91
|
+
await this.provider.updateRememberToken(user.getAuthIdentifier(), token);
|
|
92
|
+
setRememberDirective({ action: 'set', userId: user.getAuthIdentifier(), token });
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Resolve a user from a remember cookie's `userId`/`token` and, on a valid
|
|
97
|
+
* constant-time token match, re-establish the session WITHOUT minting a new
|
|
98
|
+
* token (the existing cookie stays valid — the token rotates only on a fresh
|
|
99
|
+
* remember-login or logout). Returns whether auto-login succeeded. Used by
|
|
100
|
+
* AuthMiddleware when there's no active session.
|
|
101
|
+
*/
|
|
102
|
+
async loginViaRememberCookie(userId, token) {
|
|
103
|
+
if (!this.provider.retrieveByToken)
|
|
104
|
+
return false;
|
|
105
|
+
const user = await this.provider.retrieveByToken(userId, token);
|
|
106
|
+
if (!user)
|
|
107
|
+
return false;
|
|
74
108
|
await this.session.regenerate();
|
|
75
109
|
this.session.put('auth_user_id', user.getAuthIdentifier());
|
|
76
110
|
this._user = user;
|
|
111
|
+
return true;
|
|
77
112
|
}
|
|
78
113
|
async logout() {
|
|
114
|
+
// Cycle the remember token so every outstanding remember cookie for this
|
|
115
|
+
// user stops working, then queue the cookie's deletion.
|
|
116
|
+
const user = this._user ?? await this.user().catch(() => null);
|
|
117
|
+
if (user && this.provider.updateRememberToken) {
|
|
118
|
+
await this.provider.updateRememberToken(user.getAuthIdentifier(), newRememberToken());
|
|
119
|
+
}
|
|
120
|
+
setRememberDirective({ action: 'clear' });
|
|
79
121
|
this.session.forget('auth_user_id');
|
|
80
122
|
await this.session.regenerate();
|
|
81
123
|
this._user = null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-guard.js","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;
|
|
1
|
+
{"version":3,"file":"session-guard.js","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAA;AAYtE,MAAM,OAAO,YAAY;IAIJ;IACA;IAJX,KAAK,GAAuC,SAAS,CAAA,CAAC,6BAA6B;IAE3F,YACmB,QAAsB,EACtB,OAAqB;QADrB,aAAQ,GAAR,QAAQ,CAAc;QACtB,YAAO,GAAP,OAAO,CAAc;IACrC,CAAC;IAEJ;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC,KAAK,CAAA;QAE/C,0EAA0E;QAC1E,mEAAmE;QACnE,qEAAqE;QACrE,qEAAqE;QACrE,kDAAkD;QAClD,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAA;QAClC,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAA;YACrB,OAAO,IAAI,CAAC,KAAK,CAAA;QACnB,CAAC;QAED,IAAI,EAAsB,CAAA;QAC1B,IAAI,CAAC;YACH,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAS,cAAc,CAAC,CAAA;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;YACjB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,IAAI,EAAE,EAAE,CAAC;YACP,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;QACnD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACnB,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAA;QAC3B,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IACzC,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,CAAA;IACrC,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,CAAA;IACrC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QACpE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAA;QACnE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,oEAAoE;YACpE,qEAAqE;YACrE,6BAA6B;YAC7B,MAAM,IAAI,CAAC,QAAQ,CAAC,uBAAuB,EAAE,CAAC,WAAW,CAAC,CAAA;YAC1D,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACxE,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAA;QAExB,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;QAChC,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK,CAAC,IAAqB,EAAE,QAAkB;QACnD,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAA;QAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAA;QAC1D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QAEjB,IAAI,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAA;YAChC,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,KAAK,CAAC,CAAA;YACxE,oBAAoB,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAClF,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,sBAAsB,CAAC,MAAc,EAAE,KAAa;QACxD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe;YAAE,OAAO,KAAK,CAAA;QAChD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAA;QACvB,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAA;QAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAA;QAC1D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACjB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,CAAC,MAAM;QACV,yEAAyE;QACzE,wDAAwD;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,IAAI,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;QAC9D,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC9C,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACvF,CAAC;QACD,oBAAoB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAA;QAEzC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;QACnC,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAA;QAC/B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;IACnB,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rudderjs/auth",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.6.0",
|
|
4
4
|
"rudderjs": {
|
|
5
5
|
"provider": "AuthProvider",
|
|
6
6
|
"stage": "infrastructure",
|
|
@@ -52,14 +52,14 @@
|
|
|
52
52
|
},
|
|
53
53
|
"dependencies": {
|
|
54
54
|
"@rudderjs/console": "^1.4.0",
|
|
55
|
-
"@rudderjs/contracts": "^1.
|
|
56
|
-
"@rudderjs/core": "^1.12.
|
|
55
|
+
"@rudderjs/contracts": "^1.17.1",
|
|
56
|
+
"@rudderjs/core": "^1.12.4"
|
|
57
57
|
},
|
|
58
58
|
"peerDependencies": {
|
|
59
59
|
"@rudderjs/hash": "^1.2.0",
|
|
60
|
-
"@rudderjs/middleware": "^1.2.
|
|
61
|
-
"@rudderjs/router": "^1.9.
|
|
62
|
-
"@rudderjs/session": "^2.
|
|
60
|
+
"@rudderjs/middleware": "^1.2.2",
|
|
61
|
+
"@rudderjs/router": "^1.9.1",
|
|
62
|
+
"@rudderjs/session": "^2.4.1",
|
|
63
63
|
"@rudderjs/view": "^1.3.0",
|
|
64
64
|
"@rudderjs/vite": "^2.11.0"
|
|
65
65
|
},
|
|
@@ -88,9 +88,9 @@
|
|
|
88
88
|
"reflect-metadata": "^0.2.2",
|
|
89
89
|
"typescript": "^5.4.0",
|
|
90
90
|
"@rudderjs/hash": "^1.2.0",
|
|
91
|
-
"@rudderjs/middleware": "^1.2.
|
|
92
|
-
"@rudderjs/router": "^1.9.
|
|
93
|
-
"@rudderjs/session": "^2.
|
|
91
|
+
"@rudderjs/middleware": "^1.2.2",
|
|
92
|
+
"@rudderjs/router": "^1.9.1",
|
|
93
|
+
"@rudderjs/session": "^2.4.1",
|
|
94
94
|
"@rudderjs/view": "^1.3.0",
|
|
95
95
|
"@rudderjs/vite": "^2.11.0",
|
|
96
96
|
"@rudderjs/cache": "^1.5.0"
|
|
@@ -101,7 +101,7 @@
|
|
|
101
101
|
"dev": "tsc -p tsconfig.build.json --watch",
|
|
102
102
|
"typecheck": "tsc --noEmit",
|
|
103
103
|
"lint": "eslint src",
|
|
104
|
-
"test": "tsc -p tsconfig.test.json && node --test dist-test/index.test.js dist-test/middleware-and-verification-fixes.test.js dist-test/base-auth-controller-rate-limits.test.js dist-test/ws-context-runner.test.js",
|
|
104
|
+
"test": "tsc -p tsconfig.test.json && node --test dist-test/index.test.js dist-test/middleware-and-verification-fixes.test.js dist-test/base-auth-controller-rate-limits.test.js dist-test/ws-context-runner.test.js dist-test/remember.test.js",
|
|
105
105
|
"clean": "rm -rf dist"
|
|
106
106
|
}
|
|
107
107
|
}
|