@rudderjs/auth 6.5.0 → 6.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-manager.d.ts +2 -1
- package/dist/auth-manager.d.ts.map +1 -1
- package/dist/auth-manager.js +4 -2
- package/dist/auth-manager.js.map +1 -1
- package/dist/base-auth-controller.d.ts.map +1 -1
- package/dist/base-auth-controller.js +16 -3
- package/dist/base-auth-controller.js.map +1 -1
- package/dist/contracts.d.ts +12 -0
- package/dist/contracts.d.ts.map +1 -1
- package/dist/gate.d.ts.map +1 -1
- package/dist/gate.js +50 -5
- package/dist/gate.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +70 -5
- package/dist/index.js.map +1 -1
- package/dist/password-reset.d.ts.map +1 -1
- package/dist/password-reset.js +27 -1
- package/dist/password-reset.js.map +1 -1
- package/dist/providers.d.ts +21 -1
- package/dist/providers.d.ts.map +1 -1
- package/dist/providers.js +68 -2
- package/dist/providers.js.map +1 -1
- package/dist/remember.d.ts +48 -0
- package/dist/remember.d.ts.map +1 -0
- package/dist/remember.js +134 -0
- package/dist/remember.js.map +1 -0
- package/dist/session-guard.d.ts +16 -2
- package/dist/session-guard.d.ts.map +1 -1
- package/dist/session-guard.js +46 -4
- package/dist/session-guard.js.map +1 -1
- package/package.json +11 -11
package/dist/auth-manager.d.ts
CHANGED
|
@@ -19,7 +19,8 @@ export declare class AuthManager {
|
|
|
19
19
|
readonly config: AuthConfig;
|
|
20
20
|
private readonly hashCheck;
|
|
21
21
|
private readonly getSession;
|
|
22
|
-
|
|
22
|
+
private readonly hashMake?;
|
|
23
|
+
constructor(config: AuthConfig, hashCheck: (plain: string, hashed: string) => Promise<boolean>, getSession: () => SessionStore, hashMake?: ((plain: string) => Promise<string>) | undefined);
|
|
23
24
|
/**
|
|
24
25
|
* Build a fresh Guard each call. We deliberately do NOT cache guards on
|
|
25
26
|
* the manager: AuthManager is a process-wide DI singleton, and a cached
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC1E,OAAO,EAAgB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAKpE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,CAAA;IAClB,KAAK,EAAE,OAAO,CAAA;CACf;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;IACD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACvC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;CAC9C;AAID,qBAAa,WAAW;aAEJ,MAAM,EAAE,UAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU;
|
|
1
|
+
{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC1E,OAAO,EAAgB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAKpE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,SAAS,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,UAAU,CAAA;IAClB,KAAK,EAAE,OAAO,CAAA;CACf;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE;QACR,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;IACD,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAA;IACvC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;CAC9C;AAID,qBAAa,WAAW;aAEJ,MAAM,EAAE,UAAU;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAHV,MAAM,EAAE,UAAU,EACjB,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAC9D,UAAU,EAAE,MAAM,YAAY,EAC9B,QAAQ,CAAC,GAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,aAAA;IAGhE;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK;IAkB3B,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAInF,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAIvB,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAI5B,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB;;;;;OAKG;IACH,cAAc,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,YAAY;CAqB5C;AAeD,wBAAgB,WAAW,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAEnE;AAiBD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAExE;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,IAAI,eAAe,GAAG,IAAI,CAExD;AAED,wBAAgB,WAAW,IAAI,WAAW,CAWzC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,IAAI,IAAI,WAAW,CAElC;AAID,qBAAa,IAAI;IACf,OAAO,CAAC,MAAM,CAAC,CAAC;IAIhB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,KAAK;IAIjC,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1F,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAItE,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAI9B,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI9C,MAAM,CAAC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAInC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIhC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;CAGjC"}
|
package/dist/auth-manager.js
CHANGED
|
@@ -6,10 +6,12 @@ export class AuthManager {
|
|
|
6
6
|
config;
|
|
7
7
|
hashCheck;
|
|
8
8
|
getSession;
|
|
9
|
-
|
|
9
|
+
hashMake;
|
|
10
|
+
constructor(config, hashCheck, getSession, hashMake) {
|
|
10
11
|
this.config = config;
|
|
11
12
|
this.hashCheck = hashCheck;
|
|
12
13
|
this.getSession = getSession;
|
|
14
|
+
this.hashMake = hashMake;
|
|
13
15
|
}
|
|
14
16
|
/**
|
|
15
17
|
* Build a fresh Guard each call. We deliberately do NOT cache guards on
|
|
@@ -70,7 +72,7 @@ export class AuthManager {
|
|
|
70
72
|
if (!providerConfig)
|
|
71
73
|
throw new Error(`[RudderJS Auth] User provider "${providerName}" is not defined.`);
|
|
72
74
|
if (providerConfig.driver === 'eloquent') {
|
|
73
|
-
return new EloquentUserProvider(providerConfig.model, this.hashCheck);
|
|
75
|
+
return new EloquentUserProvider(providerConfig.model, this.hashCheck, this.hashMake);
|
|
74
76
|
}
|
|
75
77
|
throw new Error(`[RudderJS Auth] Provider driver "${providerConfig.driver}" is not supported.`);
|
|
76
78
|
}
|
package/dist/auth-manager.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,OAAO,EAAE,YAAY,EAAqB,MAAM,oBAAoB,CAAA;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAsBrD,6DAA6D;AAE7D,MAAM,OAAO,WAAW;IAEJ;IACC;IACA;
|
|
1
|
+
{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../src/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,OAAO,EAAE,YAAY,EAAqB,MAAM,oBAAoB,CAAA;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAsBrD,6DAA6D;AAE7D,MAAM,OAAO,WAAW;IAEJ;IACC;IACA;IACA;IAJnB,YACkB,MAAkB,EACjB,SAA8D,EAC9D,UAA8B,EAC9B,QAA6C;QAH9C,WAAM,GAAN,MAAM,CAAY;QACjB,cAAS,GAAT,SAAS,CAAqD;QAC9D,eAAU,GAAV,UAAU,CAAoB;QAC9B,aAAQ,GAAR,QAAQ,CAAqC;IAC7D,CAAC;IAEJ;;;;;;;;OAQG;IACH,KAAK,CAAC,IAAa;QACjB,MAAM,SAAS,GAAG,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAA;QAEpD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACjD,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,SAAS,mBAAmB,CAAC,CAAA;QAEzF,IAAI,WAAW,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAA;YAC1D,OAAO,IAAI,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,iCAAiC,WAAW,CAAC,MAAM,qBAAqB,CAAC,CAAA;IAC3F,CAAC;IAED,yEAAyE;IACzE,uEAAuE;IACvE,wCAAwC;IAExC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QAC9D,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;IACpD,CAAC;IAED,KAAK,CAAC,IAAqB,EAAE,QAAkB;QAC7C,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IAC3C,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,CAAA;IAC9B,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;IAC5B,CAAC;IAED,EAAE;QACA,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE,CAAA;IAC1B,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,CAAA;IAC7B,CAAC;IAED,KAAK;QACH,OAAO,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,CAAA;IAC7B,CAAC;IAED;;;;;OAKG;IACH,cAAc,CAAC,IAAa;QAC1B,MAAM,YAAY,GAAG,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAA;QACrF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,wEAAwE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,sCAAsC,CACzI,CAAA;QACH,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,CAAA;QAC1D,IAAI,CAAC,cAAc;YAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,mBAAmB,CAAC,CAAA;QAEvG,IAAI,cAAc,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACzC,OAAO,IAAI,oBAAoB,CAC7B,cAAc,CAAC,KAA6J,EAC5K,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,QAAQ,CACd,CAAA;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,oCAAoC,cAAc,CAAC,MAAM,qBAAqB,CAAC,CAAA;IACjG,CAAC;CACF;AAED,6DAA6D;AAE7D,6EAA6E;AAC7E,2EAA2E;AAC3E,yEAAyE;AACzE,mEAAmE;AACnE,6EAA6E;AAC7E,gFAAgF;AAChF,MAAM,OAAO,GAAG,uBAAuB,CAAA;AACvC,MAAM,UAAU,GAAG,UAAqC,CAAA;AACxD,MAAM,IAAI,GAAoC,UAAU,CAAC,OAAO,CAAgD;OAC3G,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,IAAI,iBAAiB,EAAe,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA,CAAC,CAAC,CAAC,EAAE,CAAA;AAEpG,MAAM,UAAU,WAAW,CAAI,OAAoB,EAAE,EAAW;IAC9D,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;AAC9B,CAAC;AAED,6DAA6D;AAC7D,EAAE;AACF,yEAAyE;AACzE,6EAA6E;AAC7E,8EAA8E;AAC9E,yEAAyE;AACzE,wEAAwE;AACxE,yBAAyB;AACzB,EAAE;AACF,8EAA8E;AAE9E,MAAM,iBAAiB,GAAG,4BAA4B,CAAA;AACtD,MAAM,YAAY,GAAwC,UAAU,CAAC,iBAAiB,CAAoD;OACrI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,IAAI,iBAAiB,EAAmB,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA,CAAC,CAAC,CAAC,EAAE,CAAA;AAElH;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAI,IAAqB,EAAE,EAAW;IACnE,OAAO,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AACnC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe;IAC7B,OAAO,YAAY,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAA;AACxC,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,MAAM,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;IACzB,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,IAAI,KAAK,CACb,0EAA0E;YAC1E,4EAA4E;YAC5E,2EAA2E;YAC3E,gBAAgB,CACjB,CAAA;IACH,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,IAAI;IAClB,OAAO,WAAW,EAAE,CAAA;AACtB,CAAC;AAED,6DAA6D;AAE7D,MAAM,OAAO,IAAI;IACP,MAAM,CAAC,CAAC,CAAC,IAAa;QAC5B,OAAO,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAY;QACvB,OAAO,WAAW,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,CAAC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QACrE,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,IAAqB,EAAE,QAAkB;QACpD,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,MAAM,EAAE,CAAA;IAC1B,CAAC;IAED,MAAM,CAAC,IAAI;QACT,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CAAA;IACxB,CAAC;IAED,MAAM,CAAC,EAAE;QACP,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAA;IACtB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACzB,CAAC;IAED,MAAM,CAAC,KAAK;QACV,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAA;IACzB,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-auth-controller.d.ts","sourceRoot":"","sources":["../src/base-auth-controller.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAIrF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAMzD,8DAA8D;AAC9D,MAAM,WAAW,iBAAiB;IAChC,KAAK,IAAI;QAAE,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG;YAAE,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;IAChF,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;IACxE,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CAC9E;AAED,sEAAsE;AACtE,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACpC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACvD;AAcD,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAgB,iBAAiB,GAAG,IAAI,CAAA;IAC/C,MAAM,CAAC,EAAgB,iBAAiB,GAAG,IAAI,CAAA;IAC/C,oBAAoB,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAA;CAChD;AAED,eAAO,MAAM,wBAAwB,EAAE,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,
|
|
1
|
+
{"version":3,"file":"base-auth-controller.d.ts","sourceRoot":"","sources":["../src/base-auth-controller.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAIrF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAMzD,8DAA8D;AAC9D,MAAM,WAAW,iBAAiB;IAChC,KAAK,IAAI;QAAE,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG;YAAE,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;IAChF,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;IACxE,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CAC9E;AAED,sEAAsE;AACtE,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACpC,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CACvD;AAcD,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAgB,iBAAiB,GAAG,IAAI,CAAA;IAC/C,MAAM,CAAC,EAAgB,iBAAiB,GAAG,IAAI,CAAA;IAC/C,oBAAoB,CAAC,EAAE,iBAAiB,GAAG,IAAI,CAAA;CAChD;AAED,eAAO,MAAM,wBAAwB,EAAE,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAiBtE,CAAA;AA0BF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,8BACsB,kBAAkB;IACtC,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAA;IAC/C,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAO,YAAY,CAAA;IAE1C,8EAA8E;IAC9E,SAAS,CAAC,cAAc,CAAC,EAAE,cAAc,CAAA;IAEzC;;;;;;;;OAQG;IACH,MAAM,CAAC,UAAU,EAAE,cAAc,CAA2B;;IAwCtD,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAmBxD,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAyBxD,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAM1D,oBAAoB,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IA4BtE,aAAa,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAiCrE;;;OAGG;cACa,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAK5E"}
|
|
@@ -20,7 +20,12 @@ export const DEFAULT_AUTH_RATE_LIMITS = Object.freeze({
|
|
|
20
20
|
requestPasswordReset: RateLimit.perMinute(3)
|
|
21
21
|
.by((req) => {
|
|
22
22
|
const body = req.body;
|
|
23
|
-
|
|
23
|
+
// Normalize (trim + lowercase) before keying. Without this, `Victim@x.com`,
|
|
24
|
+
// `victim@x.com`, and ` victim@x.com ` are three distinct buckets, so an
|
|
25
|
+
// attacker trivially multiplies the per-account budget against one inbox
|
|
26
|
+
// (and one mailer) by varying case/whitespace on the same address.
|
|
27
|
+
const raw = typeof body?.email === 'string' ? body.email : undefined;
|
|
28
|
+
const email = raw ? raw.trim().toLowerCase() : undefined;
|
|
24
29
|
return email ?? req.ip ?? 'unknown';
|
|
25
30
|
})
|
|
26
31
|
.message('Too many password reset requests. Please try again later.'),
|
|
@@ -127,12 +132,14 @@ let BaseAuthController = class BaseAuthController {
|
|
|
127
132
|
Reflect.defineMetadata(ROUTE_DEFINITIONS_KEY, cloned, ctor.prototype);
|
|
128
133
|
}
|
|
129
134
|
async signIn(req, res) {
|
|
130
|
-
const { email, password } = req.body;
|
|
135
|
+
const { email, password, remember } = req.body;
|
|
131
136
|
if (!email || !password) {
|
|
132
137
|
res.status(422).json({ message: 'Email and password are required.' });
|
|
133
138
|
return;
|
|
134
139
|
}
|
|
135
|
-
|
|
140
|
+
// Accept a truthy `remember` flag (checkbox → `true`/`"on"`/`"1"`).
|
|
141
|
+
const rememberMe = remember === true || remember === 'on' || remember === '1' || remember === 1;
|
|
142
|
+
const success = await Auth.attempt({ email, password }, rememberMe);
|
|
136
143
|
if (!success) {
|
|
137
144
|
res.status(401).json({ message: 'Invalid email or password.' });
|
|
138
145
|
return;
|
|
@@ -175,6 +182,12 @@ let BaseAuthController = class BaseAuthController {
|
|
|
175
182
|
res.json({ status: 'sent' });
|
|
176
183
|
return;
|
|
177
184
|
}
|
|
185
|
+
// The broker's status (RESET_LINK_SENT / INVALID_USER / THROTTLED) is
|
|
186
|
+
// intentionally NOT surfaced. We always return `{ status: 'sent' }` to
|
|
187
|
+
// avoid an email-enumeration oracle: THROTTLED is only ever returned for a
|
|
188
|
+
// registered user (sendResetLink returns INVALID_USER first when no user
|
|
189
|
+
// exists), so exposing a distinct 429 on throttle would leak registration
|
|
190
|
+
// exactly the way exposing INVALID_USER would. Keep the response constant.
|
|
178
191
|
await this.passwordBroker.sendResetLink({ email }, async (_user, token) => {
|
|
179
192
|
await this.sendResetEmail(email, token);
|
|
180
193
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base-auth-controller.js","sourceRoot":"","sources":["../src/base-auth-controller.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AAEnD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAuClD,MAAM,CAAC,MAAM,wBAAwB,GAAuC,MAAM,CAAC,MAAM,CAAC;IACxF,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;SAC5B,OAAO,CAAC,oDAAoD,CAAC;IAChE,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;SAC3B,OAAO,CAAC,oDAAoD,CAAC;IAChE,oBAAoB,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;SACzC,EAAE,CAAC,CAAC,GAAG,EAAE,EAAE;QACV,MAAM,IAAI,GAAG,GAAG,CAAC,IAA8C,CAAA;QAC/D,MAAM,
|
|
1
|
+
{"version":3,"file":"base-auth-controller.js","sourceRoot":"","sources":["../src/base-auth-controller.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AAEnD,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAA;AAChD,OAAO,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAuClD,MAAM,CAAC,MAAM,wBAAwB,GAAuC,MAAM,CAAC,MAAM,CAAC;IACxF,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;SAC5B,OAAO,CAAC,oDAAoD,CAAC;IAChE,MAAM,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;SAC3B,OAAO,CAAC,oDAAoD,CAAC;IAChE,oBAAoB,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;SACzC,EAAE,CAAC,CAAC,GAAG,EAAE,EAAE;QACV,MAAM,IAAI,GAAG,GAAG,CAAC,IAA8C,CAAA;QAC/D,4EAA4E;QAC5E,yEAAyE;QACzE,yEAAyE;QACzE,mEAAmE;QACnE,MAAM,GAAG,GAAG,OAAO,IAAI,EAAE,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;QACpE,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;QACxD,OAAO,KAAK,IAAK,GAAkC,CAAC,EAAE,IAAI,SAAS,CAAA;IACrE,CAAC,CAAC;SACD,OAAO,CAAC,2DAA2D,CAAC;CACxE,CAAC,CAAA;AAEF,+EAA+E;AAC/E,6EAA6E;AAC7E,6EAA6E;AAC7E,6EAA6E;AAC7E,wBAAwB;AACxB,MAAM,mBAAmB,GAAG,IAAI,OAAO,EAAkC,CAAA;AAEzE,6EAA6E;AAC7E,+EAA+E;AAC/E,6EAA6E;AAC7E,0EAA0E;AAC1E,6EAA6E;AAC7E,+BAA+B;AAC/B,MAAM,qBAAqB,GAAG,4BAA4B,CAAA;AAS1D,6DAA6D;AAE7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEI,IAAe,kBAAkB,GAAjC,MAAe,kBAAkB;;IAItC,8EAA8E;IACpE,cAAc,CAAiB;IAEzC;;;;;;;;OAQG;IACH,MAAM,CAAC,UAAU,GAAmB,wBAAwB,CAAA;IAE5D;QACE,MAAM,IAAI,GAAG,IAAI,CAAC,WAAwC,CAAA;QAC1D,IAAI,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAM;QACzC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAE7B,mEAAmE;QACnE,kEAAkE;QAClE,oEAAoE;QACpE,iEAAiE;QACjE,qEAAqE;QACrE,sEAAsE;QACtE,yEAAyE;QACzE,sDAAsD;QACtD,MAAM,UAAU,GAAI,OAAO,CAAC,WAAW,CACrC,qBAAqB,EACrB,oBAAkB,CAAC,SAAS,CACS,IAAI,EAAE,CAAA;QAC7C,MAAM,MAAM,GAA0B,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC;YACJ,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC;SAC9B,CAAC,CAAC,CAAA;QAEH,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAyB,CAAA;YAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;YACpC,IAAI,CAAC,OAAO;gBAAE,SAAQ;YACtB,oEAAoE;YACpE,uEAAuE;YACvE,wEAAwE;YACxE,qEAAqE;YACrE,sEAAsE;YACtE,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,UAAU,CAAC,CAAA;QACnD,CAAC;QAED,OAAO,CAAC,cAAc,CAAC,qBAAqB,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;IACvE,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CAAC,GAAe,EAAE,GAAgB;QAC5C,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAAiE,CAAA;QAC3G,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAA;YACrE,OAAM;QACR,CAAC;QAED,oEAAoE;QACpE,MAAM,UAAU,GAAG,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAA;QAC/F,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,UAAU,CAAC,CAAA;QACnE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC,CAAA;YAC/D,OAAM;QACR,CAAC;QAED,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;IACxB,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CAAC,GAAe,EAAE,GAAgB;QAC5C,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAA4D,CAAA;QAClG,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC,CAAA;YACrE,OAAM;QACR,CAAC;QACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC,CAAA;YAC5E,OAAM;QACR,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,KAAK,EAAE,CAAA;QAC3E,IAAI,QAAQ,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,4CAA4C,EAAE,CAAC,CAAA;YAC/E,OAAM;QACR,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC7C,MAAM,IAAI,GAAK,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAEzF,MAAM,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAA+B,CAAC,CAAC,CAAA;QACpE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;IACxB,CAAC;IAGK,AAAN,KAAK,CAAC,OAAO,CAAC,IAAgB,EAAE,GAAgB;QAC9C,MAAM,IAAI,CAAC,MAAM,EAAE,CAAA;QACnB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;IACxB,CAAC;IAGK,AAAN,KAAK,CAAC,oBAAoB,CAAC,GAAe,EAAE,GAAgB;QAC1D,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAA0B,CAAA;QAChD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAAC,CAAA;YACvD,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,2EAA2E;YAC3E,sEAAsE;YACtE,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;YAC5B,OAAM;QACR,CAAC;QAED,sEAAsE;QACtE,uEAAuE;QACvE,2EAA2E;QAC3E,yEAAyE;QACzE,0EAA0E;QAC1E,2EAA2E;QAC3E,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;YACxE,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QACzC,CAAC,CAAC,CAAA;QAEF,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;IAC9B,CAAC;IAGK,AAAN,KAAK,CAAC,aAAa,CAAC,GAAe,EAAE,GAAgB;QACnD,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAEzC,CAAA;QACD,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC,CAAA;YACjF,OAAM;QACR,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gCAAgC,EAAE,CAAC,CAAA;YACnE,OAAM;QACR,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAC5C,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,EACvC,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;YACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;YAC7C,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAC7E,CAAC,CACF,CAAA;QAED,IAAI,MAAM,KAAK,gBAAgB,EAAE,CAAC;YAChC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;YACtB,OAAM;QACR,CAAC;QACD,IAAI,MAAM,KAAK,eAAe,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC,CAAA;YAC7D,OAAM;QACR,CAAC;QACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC,CAAA;IAChE,CAAC;IAED;;;OAGG;IACO,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,KAAa;QACzD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,uBAAuB,CAAA;QACjE,MAAM,GAAG,GAAO,GAAG,OAAO,yBAAyB,KAAK,UAAU,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAA;QAC7F,OAAO,CAAC,GAAG,CAAC,sCAAsC,KAAK,KAAK,GAAG,EAAE,CAAC,CAAA;IACpE,CAAC;;AAvHK;IADL,IAAI,CAAC,gBAAgB,CAAC;;;;gDAiBtB;AAGK;IADL,IAAI,CAAC,gBAAgB,CAAC;;;;gDAuBtB;AAGK;IADL,IAAI,CAAC,WAAW,CAAC;;;;iDAIjB;AAGK;IADL,IAAI,CAAC,yBAAyB,CAAC;;;;8DA0B/B;AAGK;IADL,IAAI,CAAC,iBAAiB,CAAC;;;;uDAgCvB;AArKmB,kBAAkB;IADvC,UAAU,CAAC,OAAO,CAAC;;GACE,kBAAkB,CAgLvC"}
|
package/dist/contracts.d.ts
CHANGED
|
@@ -22,6 +22,18 @@ export interface UserProvider {
|
|
|
22
22
|
retrieveById(id: string): Promise<Authenticatable | null>;
|
|
23
23
|
retrieveByCredentials(credentials: Record<string, unknown>): Promise<Authenticatable | null>;
|
|
24
24
|
validateCredentials(user: Authenticatable, credentials: Record<string, unknown>): Promise<boolean>;
|
|
25
|
+
/**
|
|
26
|
+
* Optional: perform a constant-cost dummy password verify when no user
|
|
27
|
+
* matched, to keep the failed-login timing independent of whether the
|
|
28
|
+
* account exists (anti-enumeration). Callers should invoke it on the
|
|
29
|
+
* no-user branch when present.
|
|
30
|
+
*/
|
|
31
|
+
fakeValidateCredentials?(credentials: Record<string, unknown>): Promise<void>;
|
|
32
|
+
/** Optional: resolve a user by id and constant-time-validate a "remember me"
|
|
33
|
+
* token. Required for persistent-login support. */
|
|
34
|
+
retrieveByToken?(userId: string, token: string): Promise<Authenticatable | null>;
|
|
35
|
+
/** Optional: persist a new "remember me" token on the user (null clears it). */
|
|
36
|
+
updateRememberToken?(userId: string, token: string | null): Promise<void>;
|
|
25
37
|
}
|
|
26
38
|
export interface Guard {
|
|
27
39
|
user(): Promise<Authenticatable | null>;
|
package/dist/contracts.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contracts.d.ts","sourceRoot":"","sources":["../src/contracts.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,eAAe;IAC9B,iBAAiB,IAAI,MAAM,CAAA;IAC3B,eAAe,IAAI,MAAM,CAAA;IACzB,gBAAgB,IAAI,MAAM,GAAG,IAAI,CAAA;IACjC,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACrC;;;;;;OAMG;IACH,SAAS,CAAC,IAAI,MAAM,EAAE,CAAA;CACvB;AAID,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAID,MAAM,WAAW,YAAY;IAC3B,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACzD,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IAC5F,mBAAmB,CAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"contracts.d.ts","sourceRoot":"","sources":["../src/contracts.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,eAAe;IAC9B,iBAAiB,IAAI,MAAM,CAAA;IAC3B,eAAe,IAAI,MAAM,CAAA;IACzB,gBAAgB,IAAI,MAAM,GAAG,IAAI,CAAA;IACjC,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACrC;;;;;;OAMG;IACH,SAAS,CAAC,IAAI,MAAM,EAAE,CAAA;CACvB;AAID,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAID,MAAM,WAAW,YAAY;IAC3B,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACzD,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IAC5F,mBAAmB,CAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAClG;;;;;OAKG;IACH,uBAAuB,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E;wDACoD;IACpD,eAAe,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IAChF,gFAAgF;IAChF,mBAAmB,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1E;AAID,MAAM,WAAW,KAAK;IACpB,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACvC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAC5B,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IACzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC,CAAA;IACzB,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACnF,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC/D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CACxB"}
|
package/dist/gate.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AA8BrD,KAAK,eAAe,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;AAChG,KAAK,cAAc,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;AAWlI,8BAAsB,MAAM;IAC1B;;;OAGG;IACH,MAAM,CAAC,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC;CAClG;AAED,KAAK,WAAW,GAAG,UAAU,MAAM,CAAA;AAEnC,KAAK,UAAU,GAAG,QAAQ,MAAM,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAA;
|
|
1
|
+
{"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AA8BrD,KAAK,eAAe,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;AAChG,KAAK,cAAc,GAAG,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;AAWlI,8BAAsB,MAAM;IAC1B;;;OAGG;IACH,MAAM,CAAC,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,GAAG,SAAS,CAAC;CAClG;AAED,KAAK,WAAW,GAAG,UAAU,MAAM,CAAA;AAEnC,KAAK,UAAU,GAAG,QAAQ,MAAM,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAA;AAgF1D,qBAAa,IAAI;IAGf;;;;;;;;;;OAUG;IACH,MAAM,CAAC,MAAM,CAAC,KAAK,SAAS,OAAO,EAAE,GAAG,OAAO,EAAE,EAC/C,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAC9E,IAAI;IAIP,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,cAAc,GAAG,IAAI;IAI7C,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,GAAG,IAAI;WAM9C,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;WAa7D,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1E;;OAEG;WACU,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ1E,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,eAAe,GAAG,WAAW;mBAM7B,WAAW;mBASX,MAAM;IAwB3B,OAAO,CAAC,MAAM,CAAC,UAAU;mBAiBJ,UAAU;IAsB/B,4EAA4E;IAC5E,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B,6EAA6E;IAC7E,MAAM,CAAC,KAAK,IAAI,IAAI;CAKrB;AAID,cAAM,WAAW;IAEb,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAHf,IAAI,EAAE,eAAe,EACrB,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,eAAe,CAAC,EACvC,QAAQ,EAAE,GAAG,CAAC,UAAU,EAAE,WAAW,CAAC,EACtC,eAAe,EAAE,cAAc,EAAE;IAG9C,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;YAqBrD,MAAM;IA2Cd,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAI7D,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAKpE;AA2CD,qBAAa,kBAAmB,SAAQ,KAAK;IAC3C,QAAQ,CAAC,MAAM,OAAM;gBAET,OAAO,SAAiC;CAIrD"}
|
package/dist/gate.js
CHANGED
|
@@ -25,6 +25,44 @@ function describeUnauthorized(ability) {
|
|
|
25
25
|
// ─── Policy Base Class ────────────────────────────────────
|
|
26
26
|
export class Policy {
|
|
27
27
|
}
|
|
28
|
+
/**
|
|
29
|
+
* Resolve an ability to a *genuine* policy method.
|
|
30
|
+
*
|
|
31
|
+
* A naive `policy[ability]` lookup is a fail-open authorization hole: every
|
|
32
|
+
* object inherits callable members from `Object.prototype` (`toString`,
|
|
33
|
+
* `valueOf`, `toLocaleString`, `hasOwnProperty`, `isPrototypeOf`,
|
|
34
|
+
* `propertyIsEnumerable`), all of which are functions that return a truthy
|
|
35
|
+
* value. So `Gate.allows('toString', somePoliciedModel)` would call
|
|
36
|
+
* `Object.prototype.toString` and treat its `"[object Object]"` result as
|
|
37
|
+
* "allowed" — granting access for any authenticated user against any model
|
|
38
|
+
* with a registered policy whenever the ability name collides with an inherited
|
|
39
|
+
* member. `constructor` is similar (a function that throws when called).
|
|
40
|
+
*
|
|
41
|
+
* Resolve the method only from the policy instance's own properties and its
|
|
42
|
+
* prototype chain *up to but excluding* `Object.prototype`, where real policy
|
|
43
|
+
* methods actually live. Anything inherited from `Object.prototype` (or the
|
|
44
|
+
* reserved `constructor` / `__proto__`) yields `null` → the caller denies.
|
|
45
|
+
*/
|
|
46
|
+
function resolvePolicyMethod(policy, ability) {
|
|
47
|
+
if (!ability || ability === 'constructor' || ability === '__proto__')
|
|
48
|
+
return null;
|
|
49
|
+
// Own instance property (covers arrow-function fields assigned in the ctor).
|
|
50
|
+
if (Object.prototype.hasOwnProperty.call(policy, ability)) {
|
|
51
|
+
const own = policy[ability];
|
|
52
|
+
return typeof own === 'function' ? own : null;
|
|
53
|
+
}
|
|
54
|
+
// Prototype chain, stopping before Object.prototype so inherited Object
|
|
55
|
+
// methods can never be mistaken for an authorization method.
|
|
56
|
+
let proto = Object.getPrototypeOf(policy);
|
|
57
|
+
while (proto && proto !== Object.prototype) {
|
|
58
|
+
if (Object.prototype.hasOwnProperty.call(proto, ability)) {
|
|
59
|
+
const m = proto[ability];
|
|
60
|
+
return typeof m === 'function' ? m : null;
|
|
61
|
+
}
|
|
62
|
+
proto = Object.getPrototypeOf(proto);
|
|
63
|
+
}
|
|
64
|
+
return null;
|
|
65
|
+
}
|
|
28
66
|
const _g = globalThis;
|
|
29
67
|
if (!_g['__rudderjs_gate_registry__']) {
|
|
30
68
|
_g['__rudderjs_gate_registry__'] = {
|
|
@@ -145,9 +183,10 @@ export class Gate {
|
|
|
145
183
|
if (result === false)
|
|
146
184
|
return false;
|
|
147
185
|
}
|
|
148
|
-
// Call the specific method
|
|
149
|
-
|
|
150
|
-
|
|
186
|
+
// Call the specific method (own/prototype method only — never an inherited
|
|
187
|
+
// Object.prototype member, which would fail-open to "allowed").
|
|
188
|
+
const method = resolvePolicyMethod(policy, ability);
|
|
189
|
+
if (!method)
|
|
151
190
|
return false;
|
|
152
191
|
return method.call(policy, user, ...args);
|
|
153
192
|
}
|
|
@@ -208,6 +247,12 @@ class GateForUser {
|
|
|
208
247
|
return result.allowed;
|
|
209
248
|
}
|
|
210
249
|
async _check(ability, ...args) {
|
|
250
|
+
// Deny-by-default for a null/undefined principal — mirrors `Gate.allows`,
|
|
251
|
+
// which short-circuits guests before any policy/ability runs. `forUser`'s
|
|
252
|
+
// type forbids null, but a runtime `forUser(null as any)` must not reach a
|
|
253
|
+
// policy method with a null user (where `!post.private` would fail-open).
|
|
254
|
+
if (!this.user)
|
|
255
|
+
return { allowed: false, resolvedVia: 'default' };
|
|
211
256
|
// Before callbacks
|
|
212
257
|
for (const cb of this.beforeCallbacks) {
|
|
213
258
|
const result = await cb(this.user, ability);
|
|
@@ -231,8 +276,8 @@ class GateForUser {
|
|
|
231
276
|
if (result === false)
|
|
232
277
|
return { allowed: false, resolvedVia: 'before' };
|
|
233
278
|
}
|
|
234
|
-
const method = policy
|
|
235
|
-
if (
|
|
279
|
+
const method = resolvePolicyMethod(policy, ability);
|
|
280
|
+
if (!method) {
|
|
236
281
|
return { allowed: false, resolvedVia: 'policy', policy: PolicyCtor.name };
|
|
237
282
|
}
|
|
238
283
|
const allowed = await method.call(policy, this.user, ...args);
|
package/dist/gate.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gate.js","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAG/C,2EAA2E;AAC3E,6EAA6E;AAC7E,yEAAyE;AACzE,yEAAyE;AACzE,uEAAuE;AACvE,SAAS,iBAAiB;IACxB,OAAQ,UAAsC,CAAC,6BAA6B,CAAqC,IAAI,IAAI,CAAA;AAC3H,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,IAAI,GAAG,iCAAiC,OAAO,GAAG,CAAA;IACxD,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY;QAAE,OAAO,IAAI,CAAA;IACzD,OAAO,GAAG,IAAI,sDAAsD,OAAO,iDAAiD,OAAO,qBAAqB,OAAO,eAAe,CAAA;AAChL,CAAC;AAcD,6DAA6D;AAE7D,MAAM,OAAgB,MAAM;CAM3B;AA+BD,MAAM,EAAE,GAAG,UAAqC,CAAA;AAChD,IAAI,CAAC,EAAE,CAAC,4BAA4B,CAAC,EAAE,CAAC;IACtC,EAAE,CAAC,4BAA4B,CAAC,GAAG;QACjC,SAAS,EAAE,IAAI,GAAG,EAA2B;QAC7C,QAAQ,EAAE,IAAI,GAAG,EAA2B;QAC5C,eAAe,EAAE,EAAE;KACQ,CAAA;AAC/B,CAAC;AACD,MAAM,MAAM,GAAG,EAAE,CAAC,4BAA4B,CAAsB,CAAA;AAEpE,MAAM,OAAO,IAAI;IACf,yDAAyD;IAEzD;;;;;;;;;;OAUG;IACH,MAAM,CAAC,MAAM,CACX,OAAe,EACf,QAA+E;QAE/E,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,QAA2B,CAAC,CAAA;IAC5D,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,QAAwB;QACpC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAiB,EAAE,MAAmB;QAClD,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IACpC,CAAC;IAED,yDAAyD;IAEzD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAA;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YACzF,OAAO,KAAK,CAAA;QACd,CAAC;QACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;QACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAA;QACtD,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;QAC5D,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QACrD,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,GAAG,IAAe;QACxD,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,kBAAkB,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC;IAED,yDAAyD;IAEzD,MAAM,CAAC,OAAO,CAAC,IAAqB;QAClC,OAAO,IAAI,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,eAAe,CAAC,CAAA;IACzF,CAAC;IAED,yDAAyD;IAEjD,MAAM,CAAC,KAAK,CAAC,WAAW;QAC9B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,WAAW,EAAE,CAAA;YAC7B,OAAO,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAqB,EAAE,OAAe,EAAE,GAAG,IAAe;QACpF,uBAAuB;QACvB,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YACtC,IAAI,MAAM,KAAK,IAAI;gBAAG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAG,WAAW,EAAE,QAAQ,EAAE,CAAA;YACtE,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAA;QACxE,CAAC;QAED,sEAAsE;QACtE,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;gBAC1E,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,CAAA;YACrE,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC9C,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;QAChE,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;IAC3E,CAAC;IAEO,MAAM,CAAC,UAAU,CAAC,KAAc;QACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAA;QACzD,MAAM,WAAW,GAAI,KAAiD,CAAC,WAAW,CAAA;QAClF,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAA;QAElC,eAAe;QACf,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAC/C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAA;QAEzB,wBAAwB;QACxB,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACxD,IAAI,KAAK,YAAY,UAAU;gBAAE,OAAO,WAAW,CAAA;QACrD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,UAAU,CAC7B,UAAuB,EACvB,IAAqB,EACrB,OAAe,EACf,GAAG,IAAe;QAElB,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAA;QAE/B,gBAAgB;QAChB,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACxC,IAAI,MAAM,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAA;YAChC,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAA;QACpC,CAAC;QAED,2BAA2B;QAC3B,MAAM,MAAM,GAAI,MAAkC,CAAC,OAAO,CAAC,CAAA;QAC3D,IAAI,OAAO,MAAM,KAAK,UAAU;YAAE,OAAO,KAAK,CAAA;QAC9C,OAAQ,MAA0D,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;IAChG,CAAC;IAED,4EAA4E;IACpE,MAAM,CAAC,gBAAgB,CAC7B,OAAe,EACf,IAA4B,EAC5B,MAAmB,EACnB,IAAe,EACf,QAAgB;QAEhB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAA;QAC/B,IAAI,CAAC,GAAG;YAAE,OAAM;QAEhB,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,QAAQ,GAAI,kBAAkB,CAAC,IAAI,CAAC,CAAA;QAE1C,GAAG,CAAC,IAAI,CAAC;YACP,OAAO;YACP,MAAM,EAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,IAAI;YACnD,OAAO,EAAM,MAAM,CAAC,OAAO;YAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAO,MAAM,CAAC,MAAM;YAC1B,KAAK,EAAQ,SAAS;YACtB,IAAI,EAAS,QAAQ;YACrB,QAAQ;SACT,CAAC,CAAA;IACJ,CAAC;IAED,6EAA6E;IAC7E,MAAM,CAAC,KAAK;QACV,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QACxB,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;QACvB,MAAM,CAAC,eAAe,GAAG,EAAE,CAAA;IAC7B,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,WAAW;IAEI;IACA;IACA;IACA;IAJnB,YACmB,IAAqB,EACrB,SAAuC,EACvC,QAAsC,EACtC,eAAiC;QAHjC,SAAI,GAAJ,IAAI,CAAiB;QACrB,cAAS,GAAT,SAAS,CAA8B;QACvC,aAAQ,GAAR,QAAQ,CAA8B;QACtC,oBAAe,GAAf,eAAe,CAAkB;IACjD,CAAC;IAEJ,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;QAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAA;QAEtD,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAA;QAC/B,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,IAAI,CAAC;gBACP,OAAO;gBACP,MAAM,EAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBAC1C,OAAO,EAAM,MAAM,CAAC,OAAO;gBAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,MAAM,EAAO,MAAM,CAAC,MAAM;gBAC1B,KAAK,EAAQ,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChC,IAAI,EAAS,kBAAkB,CAAC,IAAI,CAAC;gBACrC,QAAQ;aACT,CAAC,CAAA;QACJ,CAAC;QACD,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAEO,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QACtD,mBAAmB;QACnB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,IAAI,MAAM,KAAK,IAAI;gBAAG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAG,WAAW,EAAE,QAAQ,EAAE,CAAA;YACtE,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAA;QACxE,CAAC;QAED,eAAe;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,WAAW,GAAI,KAAiD,CAAC,WAAW,CAAA;YAClF,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;gBACjD,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAA;oBAC/B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;wBAClB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;wBAC7C,IAAI,MAAM,KAAK,IAAI;4BAAG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAG,WAAW,EAAE,QAAQ,EAAE,CAAA;wBACtE,IAAI,MAAM,KAAK,KAAK;4BAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAA;oBACxE,CAAC;oBACD,MAAM,MAAM,GAAI,MAAkC,CAAC,OAAO,CAAC,CAAA;oBAC3D,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;wBACjC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,CAAA;oBAC3E,CAAC;oBACD,MAAM,OAAO,GAAG,MAAO,MAA0D,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;oBAClH,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,CAAA;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC5C,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;QAChE,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;IAChF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QAC9C,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,GAAG,IAAe;QACjD,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,kBAAkB,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC;CACF;AAED,6DAA6D;AAE7D;;;;GAIG;AACH,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,aAAa,IAAI,KAAK,CAAC;QAAE,OAAO,SAAS,CAAA;IACtF,MAAM,IAAI,GAAI,KAAK,CAAC,WAAiC,CAAC,IAAI,CAAA;IAC1D,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO;QAAE,OAAO,SAAS,CAAA;IACpE,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,IAAe;IACzC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAClB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,SAAS;YAAE,OAAO,CAAC,CAAA;QAC3C,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,OAAO,EAAE,CAAA;YAC1B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;gBAC5C,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;oBACxC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;wBAAE,OAAO,YAAY,CAAA;oBACpC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;gBACb,CAAC;gBACD,IAAI,OAAO,CAAC,KAAK,UAAU;oBAAE,OAAO,SAAS,CAAA;gBAC7C,OAAO,CAAC,CAAA;YACV,CAAC,CAAC,CAAC,CAAA;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC,CAAC,CAAC,CAAA;QAClB,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,6DAA6D;AAE7D,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,MAAM,GAAG,GAAG,CAAA;IAErB,YAAY,OAAO,GAAG,8BAA8B;QAClD,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAA;IAClC,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"gate.js","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAG/C,2EAA2E;AAC3E,6EAA6E;AAC7E,yEAAyE;AACzE,yEAAyE;AACzE,uEAAuE;AACvE,SAAS,iBAAiB;IACxB,OAAQ,UAAsC,CAAC,6BAA6B,CAAqC,IAAI,IAAI,CAAA;AAC3H,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,IAAI,GAAG,iCAAiC,OAAO,GAAG,CAAA;IACxD,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY;QAAE,OAAO,IAAI,CAAA;IACzD,OAAO,GAAG,IAAI,sDAAsD,OAAO,iDAAiD,OAAO,qBAAqB,OAAO,eAAe,CAAA;AAChL,CAAC;AAcD,6DAA6D;AAE7D,MAAM,OAAgB,MAAM;CAM3B;AAMD;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAS,mBAAmB,CAC1B,MAAc,EACd,OAAe;IAEf,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,aAAa,IAAI,OAAO,KAAK,WAAW;QAAE,OAAO,IAAI,CAAA;IAEjF,6EAA6E;IAC7E,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC;QAC1D,MAAM,GAAG,GAAI,MAAkC,CAAC,OAAO,CAAC,CAAA;QACxD,OAAO,OAAO,GAAG,KAAK,UAAU,CAAC,CAAC,CAAE,GAAuD,CAAC,CAAC,CAAC,IAAI,CAAA;IACpG,CAAC;IAED,wEAAwE;IACxE,6DAA6D;IAC7D,IAAI,KAAK,GAAG,MAAM,CAAC,cAAc,CAAC,MAAM,CAAkB,CAAA;IAC1D,OAAO,KAAK,IAAI,KAAK,KAAK,MAAM,CAAC,SAAS,EAAE,CAAC;QAC3C,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;YACzD,MAAM,CAAC,GAAI,KAAiC,CAAC,OAAO,CAAC,CAAA;YACrD,OAAO,OAAO,CAAC,KAAK,UAAU,CAAC,CAAC,CAAE,CAAqD,CAAC,CAAC,CAAC,IAAI,CAAA;QAChG,CAAC;QACD,KAAK,GAAG,MAAM,CAAC,cAAc,CAAC,KAAK,CAAkB,CAAA;IACvD,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AA2BD,MAAM,EAAE,GAAG,UAAqC,CAAA;AAChD,IAAI,CAAC,EAAE,CAAC,4BAA4B,CAAC,EAAE,CAAC;IACtC,EAAE,CAAC,4BAA4B,CAAC,GAAG;QACjC,SAAS,EAAE,IAAI,GAAG,EAA2B;QAC7C,QAAQ,EAAE,IAAI,GAAG,EAA2B;QAC5C,eAAe,EAAE,EAAE;KACQ,CAAA;AAC/B,CAAC;AACD,MAAM,MAAM,GAAG,EAAE,CAAC,4BAA4B,CAAsB,CAAA;AAEpE,MAAM,OAAO,IAAI;IACf,yDAAyD;IAEzD;;;;;;;;;;OAUG;IACH,MAAM,CAAC,MAAM,CACX,OAAe,EACf,QAA+E;QAE/E,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,EAAE,QAA2B,CAAC,CAAA;IAC5D,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,QAAwB;QACpC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACvC,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAiB,EAAE,MAAmB;QAClD,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IACpC,CAAC;IAED,yDAAyD;IAEzD,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QACrD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAA;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAA;YACzF,OAAO,KAAK,CAAA;QACd,CAAC;QACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;QACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAA;QACtD,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;QAC5D,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QACrD,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,GAAG,IAAe;QACxD,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,kBAAkB,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC;IAED,yDAAyD;IAEzD,MAAM,CAAC,OAAO,CAAC,IAAqB;QAClC,OAAO,IAAI,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,eAAe,CAAC,CAAA;IACzF,CAAC;IAED,yDAAyD;IAEjD,MAAM,CAAC,KAAK,CAAC,WAAW;QAC9B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,WAAW,EAAE,CAAA;YAC7B,OAAO,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAA;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAqB,EAAE,OAAe,EAAE,GAAG,IAAe;QACpF,uBAAuB;QACvB,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YACtC,IAAI,MAAM,KAAK,IAAI;gBAAG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAG,WAAW,EAAE,QAAQ,EAAE,CAAA;YACtE,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAA;QACxE,CAAC;QAED,sEAAsE;QACtE,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YAC1C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;gBAC1E,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,CAAC,IAAI,EAAE,CAAA;YACrE,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,MAAM,QAAQ,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC9C,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;QAChE,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;IAC3E,CAAC;IAEO,MAAM,CAAC,UAAU,CAAC,KAAc;QACtC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAA;QACzD,MAAM,WAAW,GAAI,KAAiD,CAAC,WAAW,CAAA;QAClF,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAA;QAElC,eAAe;QACf,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QAC/C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAA;QAEzB,wBAAwB;QACxB,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACxD,IAAI,KAAK,YAAY,UAAU;gBAAE,OAAO,WAAW,CAAA;QACrD,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,UAAU,CAC7B,UAAuB,EACvB,IAAqB,EACrB,OAAe,EACf,GAAG,IAAe;QAElB,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAA;QAE/B,gBAAgB;QAChB,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACxC,IAAI,MAAM,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAA;YAChC,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,KAAK,CAAA;QACpC,CAAC;QAED,2EAA2E;QAC3E,gEAAgE;QAChE,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;QACnD,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QACzB,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;IAC3C,CAAC;IAED,4EAA4E;IACpE,MAAM,CAAC,gBAAgB,CAC7B,OAAe,EACf,IAA4B,EAC5B,MAAmB,EACnB,IAAe,EACf,QAAgB;QAEhB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAA;QAC/B,IAAI,CAAC,GAAG;YAAE,OAAM;QAEhB,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;QACrC,MAAM,QAAQ,GAAI,kBAAkB,CAAC,IAAI,CAAC,CAAA;QAE1C,GAAG,CAAC,IAAI,CAAC;YACP,OAAO;YACP,MAAM,EAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,IAAI;YACnD,OAAO,EAAM,MAAM,CAAC,OAAO;YAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAO,MAAM,CAAC,MAAM;YAC1B,KAAK,EAAQ,SAAS;YACtB,IAAI,EAAS,QAAQ;YACrB,QAAQ;SACT,CAAC,CAAA;IACJ,CAAC;IAED,6EAA6E;IAC7E,MAAM,CAAC,KAAK;QACV,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,CAAA;QACxB,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAA;QACvB,MAAM,CAAC,eAAe,GAAG,EAAE,CAAA;IAC7B,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,WAAW;IAEI;IACA;IACA;IACA;IAJnB,YACmB,IAAqB,EACrB,SAAuC,EACvC,QAAsC,EACtC,eAAiC;QAHjC,SAAI,GAAJ,IAAI,CAAiB;QACrB,cAAS,GAAT,SAAS,CAA8B;QACvC,aAAQ,GAAR,QAAQ,CAA8B;QACtC,oBAAe,GAAf,eAAe,CAAkB;IACjD,CAAC;IAEJ,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QAC9C,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QAC/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAA;QAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAA;QAEtD,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAA;QAC/B,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,IAAI,CAAC;gBACP,OAAO;gBACP,MAAM,EAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE;gBAC1C,OAAO,EAAM,MAAM,CAAC,OAAO;gBAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,MAAM,EAAO,MAAM,CAAC,MAAM;gBAC1B,KAAK,EAAQ,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAChC,IAAI,EAAS,kBAAkB,CAAC,IAAI,CAAC;gBACrC,QAAQ;aACT,CAAC,CAAA;QACJ,CAAC;QACD,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAEO,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QACtD,0EAA0E;QAC1E,0EAA0E;QAC1E,2EAA2E;QAC3E,0EAA0E;QAC1E,IAAI,CAAC,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;QAEjE,mBAAmB;QACnB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;YAC3C,IAAI,MAAM,KAAK,IAAI;gBAAG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAG,WAAW,EAAE,QAAQ,EAAE,CAAA;YACtE,IAAI,MAAM,KAAK,KAAK;gBAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAA;QACxE,CAAC;QAED,eAAe;QACf,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,WAAW,GAAI,KAAiD,CAAC,WAAW,CAAA;YAClF,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;gBACjD,IAAI,UAAU,EAAE,CAAC;oBACf,MAAM,MAAM,GAAG,IAAI,UAAU,EAAE,CAAA;oBAC/B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;wBAClB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;wBAC7C,IAAI,MAAM,KAAK,IAAI;4BAAG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAG,WAAW,EAAE,QAAQ,EAAE,CAAA;wBACtE,IAAI,MAAM,KAAK,KAAK;4BAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAA;oBACxE,CAAC;oBACD,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;oBACnD,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,CAAA;oBAC3E,CAAC;oBACD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAA;oBAC7D,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,EAAE,CAAA;gBACpE,CAAC;YACH,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC5C,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;QAChE,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,CAAA;IAChF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe,EAAE,GAAG,IAAe;QAC9C,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC,CAAA;IAC/C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,GAAG,IAAe;QACjD,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,kBAAkB,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC;CACF;AAED,6DAA6D;AAE7D;;;;GAIG;AACH,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,aAAa,IAAI,KAAK,CAAC;QAAE,OAAO,SAAS,CAAA;IACtF,MAAM,IAAI,GAAI,KAAK,CAAC,WAAiC,CAAC,IAAI,CAAA;IAC1D,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO;QAAE,OAAO,SAAS,CAAA;IACpE,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,IAAe;IACzC,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;QAClB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,SAAS;YAAE,OAAO,CAAC,CAAA;QAC3C,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO,CAAC,CAAA;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,OAAO,EAAE,CAAA;YAC1B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;gBAC5C,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;oBACxC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;wBAAE,OAAO,YAAY,CAAA;oBACpC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;gBACb,CAAC;gBACD,IAAI,OAAO,CAAC,KAAK,UAAU;oBAAE,OAAO,SAAS,CAAA;gBAC7C,OAAO,CAAC,CAAA;YACV,CAAC,CAAC,CAAC,CAAA;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC,CAAC,CAAC,CAAA;QAClB,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,6DAA6D;AAE7D,MAAM,OAAO,kBAAmB,SAAQ,KAAK;IAClC,MAAM,GAAG,GAAG,CAAA;IAErB,YAAY,OAAO,GAAG,8BAA8B;QAClD,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAA;IAClC,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
|
@@ -15,6 +15,8 @@ export { Gate, Policy, AuthorizationError } from './gate.js';
|
|
|
15
15
|
export { PasswordBroker, MemoryTokenRepository } from './password-reset.js';
|
|
16
16
|
export { EnsureEmailIsVerified, verificationUrl, handleEmailVerification, mustVerifyEmail } from './verification.js';
|
|
17
17
|
export { RequireGuest } from './require-guest.js';
|
|
18
|
+
export { newRememberToken, encodeRememberCookie, decodeRememberCookie, rememberCookieAttrs, } from './remember.js';
|
|
19
|
+
export type { RememberCookieAttrs, RememberDirective } from './remember.js';
|
|
18
20
|
export { BaseAuthController, DEFAULT_AUTH_RATE_LIMITS } from './base-auth-controller.js';
|
|
19
21
|
export type { AuthUserModelLike, AuthHashLike, AuthRateLimits } from './base-auth-controller.js';
|
|
20
22
|
export type { Authenticatable, AuthUser, Guard, UserProvider } from './contracts.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAA8B,MAAM,gBAAgB,CAAA;AAE5E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAG5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAA8B,MAAM,gBAAgB,CAAA;AAE5E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AAG5D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AA4B9C,OAAO,QAAQ,qBAAqB,CAAC;IACnC,UAAU,UAAU;QAClB,IAAI,CAAC,EAAE,QAAQ,CAAA;KAChB;CACF;AAID,OAAO,iBAAiB,CAAA;AAIxB,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAC3G,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAC5D,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAC3E,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACpH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,eAAe,CAAA;AACtB,YAAY,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AAC3E,OAAO,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAA;AACxF,YAAY,EAAE,iBAAiB,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAEhG,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AACpF,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACxD,YAAY,EAAE,eAAe,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AACpG,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AACxF,YAAY,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAetD;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,QAAQ,CAsBnD;AAID;;;GAGG;AACH,wBAAgB,cAAc,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,iBAAiB,CAsIpE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,iBAAiB,CAoBjE;AAID;;;;;;;;;;;GAWG;AACH,qBAAa,YAAa,SAAQ,eAAe;IAC/C,QAAQ,IAAI,IAAI;IAgBV,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAoC5B"}
|
package/dist/index.js
CHANGED
|
@@ -2,6 +2,16 @@ import { fileURLToPath } from 'node:url';
|
|
|
2
2
|
import { ServiceProvider, app, config, appendToGroup } from '@rudderjs/core';
|
|
3
3
|
import { REQUEST_CONTEXT } from '@rudderjs/contracts';
|
|
4
4
|
import { AuthManager, Auth, runWithAuth, runWithTestUser } from './auth-manager.js';
|
|
5
|
+
import { runWithRemember, takeRememberDirective, rememberCookieAttrs, resolveRememberSecret, encodeRememberCookie, decodeRememberCookie, buildRememberCookie, parseCookie, } from './remember.js';
|
|
6
|
+
/** Append a `Set-Cookie` on the response, preserving any cookies earlier
|
|
7
|
+
* middleware wrote (same multi-cookie-safe pattern as @rudderjs/session). */
|
|
8
|
+
function writeResponseCookie(res, cookieStr) {
|
|
9
|
+
const c = res.raw;
|
|
10
|
+
if (c.res)
|
|
11
|
+
c.res.headers.append('Set-Cookie', cookieStr);
|
|
12
|
+
else
|
|
13
|
+
c.header('Set-Cookie', cookieStr);
|
|
14
|
+
}
|
|
5
15
|
// Pulls in the Vike.PageContext.user augmentation so app code can read
|
|
6
16
|
// `pageContext.user` with full typing when this package is installed.
|
|
7
17
|
import './types/vike.js';
|
|
@@ -14,6 +24,7 @@ export { Gate, Policy, AuthorizationError } from './gate.js';
|
|
|
14
24
|
export { PasswordBroker, MemoryTokenRepository } from './password-reset.js';
|
|
15
25
|
export { EnsureEmailIsVerified, verificationUrl, handleEmailVerification, mustVerifyEmail } from './verification.js';
|
|
16
26
|
export { RequireGuest } from './require-guest.js';
|
|
27
|
+
export { newRememberToken, encodeRememberCookie, decodeRememberCookie, rememberCookieAttrs, } from './remember.js';
|
|
17
28
|
export { BaseAuthController, DEFAULT_AUTH_RATE_LIMITS } from './base-auth-controller.js';
|
|
18
29
|
// ─── Helpers ──────────────────────────────────────────────
|
|
19
30
|
/**
|
|
@@ -118,9 +129,51 @@ export function AuthMiddleware(guardName) {
|
|
|
118
129
|
catch { /* read-only */ }
|
|
119
130
|
}
|
|
120
131
|
};
|
|
121
|
-
|
|
132
|
+
// Flush a queued remember directive (set on login(…, true) / logout) to the
|
|
133
|
+
// response cookie. Runs inside the remember ALS scope established below.
|
|
134
|
+
const attrs = rememberCookieAttrs();
|
|
135
|
+
const flushRemember = () => {
|
|
136
|
+
const directive = takeRememberDirective();
|
|
137
|
+
if (!directive)
|
|
138
|
+
return;
|
|
139
|
+
if (directive.action === 'set') {
|
|
140
|
+
// resolveRememberSecret throws in production without AUTH_SECRET — the
|
|
141
|
+
// app explicitly opted into remember-me, so surface that.
|
|
142
|
+
const value = encodeRememberCookie(directive.userId, directive.token, resolveRememberSecret());
|
|
143
|
+
writeResponseCookie(res, buildRememberCookie(value, attrs));
|
|
144
|
+
}
|
|
145
|
+
else {
|
|
146
|
+
writeResponseCookie(res, buildRememberCookie(null, attrs));
|
|
147
|
+
}
|
|
148
|
+
};
|
|
149
|
+
await runWithRemember(() => runWithAuth(manager, async () => {
|
|
150
|
+
// No active session — try to resume one from a remember cookie before the
|
|
151
|
+
// handler runs, so `req.user` / `Auth.user()` resolve as usual.
|
|
152
|
+
let initialUid = session?.get('auth_user_id');
|
|
153
|
+
if (!initialUid) {
|
|
154
|
+
const rememberRaw = parseCookie(req.headers['cookie'] ?? '', attrs.cookie);
|
|
155
|
+
if (rememberRaw) {
|
|
156
|
+
// Resolve the signing secret; if it's unavailable (prod without
|
|
157
|
+
// AUTH_SECRET) we can't verify the cookie, so fail closed.
|
|
158
|
+
let secret;
|
|
159
|
+
try {
|
|
160
|
+
secret = resolveRememberSecret();
|
|
161
|
+
}
|
|
162
|
+
catch {
|
|
163
|
+
secret = null;
|
|
164
|
+
}
|
|
165
|
+
const decoded = secret ? decodeRememberCookie(rememberRaw, secret) : null;
|
|
166
|
+
if (decoded) {
|
|
167
|
+
const guard = Auth.guard(resolvedGuard);
|
|
168
|
+
try {
|
|
169
|
+
await guard.loginViaRememberCookie?.(decoded.userId, decoded.token);
|
|
170
|
+
}
|
|
171
|
+
catch { /* a DB hiccup during auto-login must not 500 the request */ }
|
|
172
|
+
initialUid = session?.get('auth_user_id');
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
}
|
|
122
176
|
// Initial sync so the handler sees req.user (fetches only if session has auth_user_id).
|
|
123
|
-
const initialUid = session?.get('auth_user_id');
|
|
124
177
|
if (initialUid)
|
|
125
178
|
await syncUser();
|
|
126
179
|
// try/finally so a handler that signs the user in (or out) and then
|
|
@@ -156,9 +209,19 @@ export function AuthMiddleware(guardName) {
|
|
|
156
209
|
throw syncErr;
|
|
157
210
|
}
|
|
158
211
|
}
|
|
212
|
+
// Write any queued remember cookie (login/logout during the handler) to
|
|
213
|
+
// the response, even when the handler threw — same posture as session
|
|
214
|
+
// save. A flush error is only surfaced when the handler itself succeeded.
|
|
215
|
+
try {
|
|
216
|
+
flushRemember();
|
|
217
|
+
}
|
|
218
|
+
catch (flushErr) {
|
|
219
|
+
if (!handlerThrew)
|
|
220
|
+
throw flushErr;
|
|
221
|
+
}
|
|
159
222
|
if (handlerThrew)
|
|
160
223
|
throw handlerError;
|
|
161
|
-
});
|
|
224
|
+
}));
|
|
162
225
|
};
|
|
163
226
|
fn[REQUEST_CONTEXT] = true;
|
|
164
227
|
return fn;
|
|
@@ -216,11 +279,13 @@ export class AuthProvider extends ServiceProvider {
|
|
|
216
279
|
}
|
|
217
280
|
async boot() {
|
|
218
281
|
const cfg = config('auth');
|
|
219
|
-
// Resolve Hash.check from DI
|
|
282
|
+
// Resolve Hash.check + Hash.make from DI
|
|
220
283
|
let hashCheck;
|
|
284
|
+
let hashMake;
|
|
221
285
|
try {
|
|
222
286
|
const hashDriver = this.app.make('hash');
|
|
223
287
|
hashCheck = (plain, hashed) => hashDriver.check(plain, hashed);
|
|
288
|
+
hashMake = (plain) => hashDriver.make(plain);
|
|
224
289
|
}
|
|
225
290
|
catch {
|
|
226
291
|
throw new Error('[RudderJS Auth] No hash driver found. Register HashProvider before AuthProvider.');
|
|
@@ -229,7 +294,7 @@ export class AuthProvider extends ServiceProvider {
|
|
|
229
294
|
const getSession = () => {
|
|
230
295
|
return this.app.make('session.facade');
|
|
231
296
|
};
|
|
232
|
-
const manager = new AuthManager(cfg, hashCheck, getSession);
|
|
297
|
+
const manager = new AuthManager(cfg, hashCheck, getSession, hashMake);
|
|
233
298
|
this.app.instance('auth.manager', manager);
|
|
234
299
|
this.app.instance('auth', Auth);
|
|
235
300
|
// Install AuthMiddleware on the `web` group only — it needs session
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAC5E,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAErD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAmB,MAAM,mBAAmB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,eAAe,EAAE,GAAG,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAC5E,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAErD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,eAAe,EAAmB,MAAM,mBAAmB,CAAA;AAIpG,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EACrB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,EACnB,WAAW,GACZ,MAAM,eAAe,CAAA;AAOtB;8EAC8E;AAC9E,SAAS,mBAAmB,CAAC,GAAqB,EAAE,SAAiB;IACnE,MAAM,CAAC,GAAG,GAAG,CAAC,GAAsB,CAAA;IACpC,IAAI,CAAC,CAAC,GAAG;QAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;;QACnD,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;AACxC,CAAC;AAUD,uEAAuE;AACvE,sEAAsE;AACtE,OAAO,iBAAiB,CAAA;AAExB,6DAA6D;AAE7D,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAC3G,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAC5D,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAA;AAC3E,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACpH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,eAAe,CAAA;AAEtB,OAAO,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAA;AASxF,6DAA6D;AAE7D;;;;;;;;GAQG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC,CAAA;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,IAAa;IACvC,MAAM,CAAC,GAAG,IAA+B,CAAA;IACzC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAA;IACrC,MAAM,SAAS,GAAI,CAAC,CAAC,WAAW,CAAkC,CAAA;IAClE,IAAI,OAAO,SAAS,KAAK,UAAU,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IAClD,CAAC;IACD,MAAM,KAAK,GAA4B,EAAE,CAAA;IACzC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,KAAK,UAAU;YAAE,SAAQ;QACrC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAQ;QAC3B,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACd,CAAC;IACD,2EAA2E;IAC3E,2EAA2E;IAC3E,0EAA0E;IAC1E,OAAO;QACL,GAAG,KAAK;QACR,EAAE,EAAK,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAChC,IAAI,EAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QAClC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;KACpC,CAAA;AACH,CAAC;AAED,6DAA6D;AAE7D;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,SAAkB;IAC/C,MAAM,EAAE,GAAsB,KAAK,UAAU,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QACxE,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAAc,cAAc,CAAC,CAAA;QACvD,MAAM,aAAa,GAAG,SAAS,IAAK,OAA6C,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAA;QAEvG,MAAM,MAAM,GAAG,GAAG,CAAC,GAA8B,CAAA;QACjD,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,CAA4C,CAAA;QAElF,4EAA4E;QAC5E,2EAA2E;QAC3E,2EAA2E;QAC3E,2EAA2E;QAC3E,uEAAuE;QACvE,0EAA0E;QAC1E,0BAA0B;QAC1B,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;YACjD,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9D,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAA4B,CAAA;oBACjE,oEAAoE;oBACpE,6DAA6D;oBAC7D,MAAM,QAAQ,GAAoB;wBAChC,GAAG,MAAM;wBACT,iBAAiB,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;qBACjC,CAAA;oBACpB,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAA;oBACnC,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;oBAC5B,IAAI,CAAC;wBAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;oBAE7F,OAAO,eAAe,CAAC,QAAQ,EAAE,GAAG,EAAE,CACpC,WAAW,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CACnC,CAAA;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,gEAAgE;gBAClE,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;YAC1B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAA;YACnD,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAA;gBAC/B,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;gBAC5B,IAAI,CAAC;oBAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;YAC/F,CAAC;iBAAM,CAAC;gBACN,OAAO,MAAM,CAAC,YAAY,CAAC,CAAA;gBAC3B,IAAI,CAAC;oBAAC,OAAQ,GAA0C,CAAC,MAAM,CAAC,CAAA;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAA;QAED,4EAA4E;QAC5E,yEAAyE;QACzE,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAA;QACnC,MAAM,aAAa,GAAG,GAAG,EAAE;YACzB,MAAM,SAAS,GAAG,qBAAqB,EAAE,CAAA;YACzC,IAAI,CAAC,SAAS;gBAAE,OAAM;YACtB,IAAI,SAAS,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC/B,uEAAuE;gBACvE,0DAA0D;gBAC1D,MAAM,KAAK,GAAG,oBAAoB,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAA;gBAC9F,mBAAmB,CAAC,GAAG,EAAE,mBAAmB,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;YAC7D,CAAC;iBAAM,CAAC;gBACN,mBAAmB,CAAC,GAAG,EAAE,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAA;YAC5D,CAAC;QACH,CAAC,CAAA;QAED,MAAM,eAAe,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YAC1D,0EAA0E;YAC1E,gEAAgE;YAChE,IAAI,UAAU,GAAG,OAAO,EAAE,GAAG,CAAC,cAAc,CAAuB,CAAA;YACnE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;gBAC1E,IAAI,WAAW,EAAE,CAAC;oBAChB,gEAAgE;oBAChE,2DAA2D;oBAC3D,IAAI,MAAqB,CAAA;oBACzB,IAAI,CAAC;wBAAC,MAAM,GAAG,qBAAqB,EAAE,CAAA;oBAAC,CAAC;oBAAC,MAAM,CAAC;wBAAC,MAAM,GAAG,IAAI,CAAA;oBAAC,CAAC;oBAChE,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;oBACzE,IAAI,OAAO,EAAE,CAAC;wBACZ,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAA4B,CAAA;wBAClE,IAAI,CAAC;4BAAC,MAAM,KAAK,CAAC,sBAAsB,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAA;wBAAC,CAAC;wBAC3E,MAAM,CAAC,CAAC,4DAA4D,CAAC,CAAC;wBACtE,UAAU,GAAG,OAAO,EAAE,GAAG,CAAC,cAAc,CAAuB,CAAA;oBACjE,CAAC;gBACH,CAAC;YACH,CAAC;YAED,wFAAwF;YACxF,IAAI,UAAU;gBAAE,MAAM,QAAQ,EAAE,CAAA;YAEhC,oEAAoE;YACpE,uEAAuE;YACvE,oEAAoE;YACpE,mCAAmC;YACnC,IAAI,YAAqB,CAAA;YACzB,IAAI,YAAY,GAAG,KAAK,CAAA;YACxB,IAAI,CAAC;gBACH,MAAM,IAAI,EAAE,CAAA;YACd,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,YAAY,GAAG,GAAG,CAAA;gBAClB,YAAY,GAAG,IAAI,CAAA;YACrB,CAAC;YAED,MAAM,QAAQ,GAAG,OAAO,EAAE,GAAG,CAAC,cAAc,CAAuB,CAAA;YACnE,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;gBAC5B,IAAI,CAAC;oBACH,IAAI,QAAQ;wBAAE,MAAM,QAAQ,EAAE,CAAA;yBACzB,CAAC;wBACJ,OAAO,MAAM,CAAC,YAAY,CAAC,CAAA;wBAC3B,IAAI,CAAC;4BAAC,OAAQ,GAA0C,CAAC,MAAM,CAAC,CAAA;wBAAC,CAAC;wBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;oBAC9F,CAAC;gBACH,CAAC;gBAAC,OAAO,OAAO,EAAE,CAAC;oBACjB,iEAAiE;oBACjE,4DAA4D;oBAC5D,IAAI,CAAC,YAAY;wBAAE,MAAM,OAAO,CAAA;gBAClC,CAAC;YACH,CAAC;YAED,wEAAwE;YACxE,sEAAsE;YACtE,0EAA0E;YAC1E,IAAI,CAAC;gBAAC,aAAa,EAAE,CAAA;YAAC,CAAC;YAAC,OAAO,QAAQ,EAAE,CAAC;gBAAC,IAAI,CAAC,YAAY;oBAAE,MAAM,QAAQ,CAAA;YAAC,CAAC;YAE9E,IAAI,YAAY;gBAAE,MAAM,YAAY,CAAA;QACtC,CAAC,CAAC,CAAC,CAAA;IACL,CAAC,CAMA;IAAC,EAAyC,CAAC,eAAe,CAAC,GAAG,IAAI,CAAA;IACnE,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,SAAkB;IAC5C,OAAO,KAAK,UAAU,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI;QAC9C,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,CAAc,cAAc,CAAC,CAAA;QAEvD,MAAM,WAAW,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,IAAK,OAA6C,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YAC3G,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAA;YAE/B,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAA;gBAClD,OAAM;YACR,CAAC;YAED,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAC9B;YAAC,GAAG,CAAC,GAA+B,CAAC,YAAY,CAAC,GAAG,KAAK,CAAA;YAC3D,IAAI,CAAC;gBAAE,GAA0C,CAAC,MAAM,CAAC,GAAG,KAAK,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;YAE7F,MAAM,IAAI,EAAE,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC;AAED,6DAA6D;AAE7D;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,YAAa,SAAQ,eAAe;IAC/C,QAAQ;QACN,yEAAyE;QACzE,2FAA2F;QAC3F,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAA;QAC/I,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,kBAAkB,EAAE,CAAC,CAAA;QAErJ,sCAAsC;QACtC,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACzF,IAAI,CAAC,SAAS,CAAC;YACb,EAAE,IAAI,EAAE,GAAG,SAAS,cAAc,EAAa,EAAE,EAAE,eAAe,EAAI,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,QAAiB,EAAE;YAClH,EAAE,IAAI,EAAE,GAAG,SAAS,yBAAyB,EAAE,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,QAAiB,EAAE;YAC9I,EAAE,IAAI,EAAE,GAAG,SAAS,qBAAqB,EAAM,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,YAAqB,EAAE;YAClJ,EAAE,IAAI,EAAE,GAAG,SAAS,wBAAwB,EAAG,EAAE,EAAE,iBAAiB,EAAE,GAAG,EAAE,aAAa,EAAE,GAAG,EAAE,SAAkB,EAAE,MAAM,EAAE,OAAgB,EAAE;SAC9I,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,MAAM,CAAa,MAAM,CAAC,CAAA;QAEtC,yCAAyC;QACzC,IAAI,SAA8D,CAAA;QAClE,IAAI,QAA6C,CAAA;QACjD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAsF,MAAM,CAAC,CAAA;YAC7H,SAAS,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;YAC9D,QAAQ,GAAI,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAA;QACH,CAAC;QAED,0EAA0E;QAC1E,MAAM,UAAU,GAAG,GAAiB,EAAE;YACpC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAe,gBAAgB,CAAC,CAAA;QACtD,CAAC,CAAA;QAED,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAA;QACrE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAA;QAC1C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;QAE/B,oEAAoE;QACpE,oEAAoE;QACpE,iFAAiF;QACjF,oDAAoD;QACpD,aAAa,CAAC,KAAK,EAAE,cAAc,EAAE,CAAC,CAAA;QAEtC,sEAAsE;QACtE,qEAAqE;QACrE,uEAAuE;QACvE,MAAM,wBAAwB,EAAE,CAAA;IAClC,CAAC;CACF;AAED,KAAK,UAAU,wBAAwB;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,uCAAuC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAE1E,CAAA;QACR,IAAI,CAAC,GAAG,EAAE,2BAA2B;YAAE,OAAM;QAE7C,GAAG,CAAC,2BAA2B,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE;YACpD,IAAI,CAAC;gBACH,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAA;gBAC3B,WAAW,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;YAC9C,CAAC;YAAC,MAAM,CAAC;gBACP,WAAW,CAAC,IAAI,GAAG,IAAI,CAAA;YACzB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password-reset.d.ts","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"password-reset.d.ts","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAKnE,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IACvE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACpC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAC/B;AAID,MAAM,MAAM,mBAAmB,GAC3B,iBAAiB,GACjB,gBAAgB,GAChB,cAAc,GACd,eAAe,GACf,eAAe,GACf,WAAW,CAAA;AAIf,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAMD,qBAAa,cAAc;IAMvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAPzB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAQ;IACjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;gBAGZ,MAAM,EAAE,eAAe,EACvB,KAAK,EAAE,YAAY,EACnB,MAAM,GAAE,mBAAwB;IAoBnD;;;;OAIG;IACG,aAAa,CACjB,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,EAC9B,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAChE,OAAO,CAAC,mBAAmB,CAAC;IAqC/B;;;;OAIG;IACG,KAAK,CACT,WAAW,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,EAC/D,QAAQ,EAAE,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GACnE,OAAO,CAAC,mBAAmB,CAAC;IAuC/B,OAAO,CAAC,SAAS;IAIjB,OAAO,CAAC,WAAW;CAMpB;AAID;;;;;;GAMG;AACH,qBAAa,qBAAsB,YAAW,eAAe;IAC3D,OAAO,CAAC,KAAK,CAAyE;IAEhF,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,IAAI,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;IAKvE,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;CAMrC"}
|
package/dist/password-reset.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
|
|
2
2
|
import { bootNotice } from '@rudderjs/core';
|
|
3
|
+
import { newRememberToken } from './remember.js';
|
|
3
4
|
// ─── Password Broker ──────────────────────────────────────
|
|
4
5
|
let _devSecretWarned = false;
|
|
5
6
|
export class PasswordBroker {
|
|
@@ -37,8 +38,18 @@ export class PasswordBroker {
|
|
|
37
38
|
*/
|
|
38
39
|
async sendResetLink(credentials, sendLink) {
|
|
39
40
|
const user = await this.users.retrieveByCredentials({ email: credentials.email });
|
|
40
|
-
if (!user)
|
|
41
|
+
if (!user) {
|
|
42
|
+
// Anti-enumeration: don't return faster than the registered-user path.
|
|
43
|
+
// Run the same early token-store round-trip and token-hash work before
|
|
44
|
+
// returning, so an attacker can't tell "no account" from "throttled /
|
|
45
|
+
// sent" by latency on the otherwise-constant `{ status: 'sent' }`
|
|
46
|
+
// response. The mail send itself can't be faked for a non-existent
|
|
47
|
+
// address — queue it (so the response doesn't block on delivery) to fully
|
|
48
|
+
// flatten the remaining gap.
|
|
49
|
+
await this.tokens.find(credentials.email);
|
|
50
|
+
this.hashToken(randomBytes(32).toString('hex'));
|
|
41
51
|
return 'INVALID_USER';
|
|
52
|
+
}
|
|
42
53
|
// Throttle check
|
|
43
54
|
const existing = await this.tokens.find(credentials.email);
|
|
44
55
|
if (existing) {
|
|
@@ -81,6 +92,21 @@ export class PasswordBroker {
|
|
|
81
92
|
// Reset
|
|
82
93
|
await callback(user, credentials.password);
|
|
83
94
|
await this.tokens.delete(credentials.email);
|
|
95
|
+
// Cycle the "remember me" token (Laravel parity). A password reset is a
|
|
96
|
+
// security event — typically because the account is suspected compromised —
|
|
97
|
+
// so any persistent-login cookie captured before the reset must stop
|
|
98
|
+
// working. Rotating the stored token invalidates every outstanding remember
|
|
99
|
+
// cookie (the cookie auths only if its token still matches the row). Best
|
|
100
|
+
// effort: optional on the provider, and a no-op when the user model has no
|
|
101
|
+
// remember-token column.
|
|
102
|
+
if (this.users.updateRememberToken) {
|
|
103
|
+
try {
|
|
104
|
+
await this.users.updateRememberToken(user.getAuthIdentifier(), newRememberToken());
|
|
105
|
+
}
|
|
106
|
+
catch {
|
|
107
|
+
// Don't fail an otherwise-successful reset if token cycling can't persist.
|
|
108
|
+
}
|
|
109
|
+
}
|
|
84
110
|
return 'PASSWORD_RESET';
|
|
85
111
|
}
|
|
86
112
|
hashToken(token) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"password-reset.js","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"password-reset.js","sourceRoot":"","sources":["../src/password-reset.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAE3C,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAA;AAyChD,6DAA6D;AAE7D,IAAI,gBAAgB,GAAG,KAAK,CAAA;AAE5B,MAAM,OAAO,cAAc;IAMN;IACA;IACA;IAPF,MAAM,CAAQ;IACd,QAAQ,CAAQ;IAChB,MAAM,CAAQ;IAE/B,YACmB,MAAuB,EACvB,KAAmB,EACnB,SAA8B,EAAE;QAFhC,WAAM,GAAN,MAAM,CAAiB;QACvB,UAAK,GAAL,KAAK,CAAc;QACnB,WAAM,GAAN,MAAM,CAA0B;QAEjD,IAAI,CAAC,MAAM,GAAK,MAAM,CAAC,MAAM,IAAM,EAAE,CAAA;QACrC,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAA;QACrC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;QAC7B,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,qEAAqE;gBACrE,gHAAgH,CACjH,CAAA;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,UAAU,CAAC,MAAM,EAAE,sGAAsG,CAAC,CAAA;gBAC1H,gBAAgB,GAAG,IAAI,CAAA;YACzB,CAAC;YACD,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAA;QAChC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CACjB,WAA8B,EAC9B,QAAiE;QAEjE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;QACjF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,uEAAuE;YACvE,uEAAuE;YACvE,sEAAsE;YACtE,kEAAkE;YAClE,mEAAmE;YACnE,0EAA0E;YAC1E,6BAA6B;YAC7B,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YACzC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;YAC/C,OAAO,cAAc,CAAA;QACvB,CAAC;QAED,iBAAiB;QACjB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAC1D,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAA;YAClE,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ;gBAAE,OAAO,WAAW,CAAA;QACjD,CAAC;QAED,iBAAiB;QACjB,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAClD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;QAC9C,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,CAAA;QAE7D,mCAAmC;QACnC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAC3C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,WAAW,EAAE,SAAS,CAAC,CAAA;QAEnE,qCAAqC;QACrC,MAAM,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QAEhC,OAAO,iBAAiB,CAAA;IAC1B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,KAAK,CACT,WAA+D,EAC/D,QAAoE;QAEpE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;QACjF,IAAI,CAAC,IAAI;YAAE,OAAO,cAAc,CAAA;QAEhC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QACxD,IAAI,CAAC,MAAM;YAAE,OAAO,eAAe,CAAA;QAEnC,eAAe;QACf,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC;YAAE,OAAO,eAAe,CAAA;QAE9E,eAAe;QACf,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,GAAG,MAAM,CAAA;QAC9D,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC3C,OAAO,eAAe,CAAA;QACxB,CAAC;QAED,QAAQ;QACR,MAAM,QAAQ,CAAC,IAAI,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAA;QAC1C,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAE3C,wEAAwE;QACxE,4EAA4E;QAC5E,qEAAqE;QACrE,4EAA4E;QAC5E,0EAA0E;QAC1E,2EAA2E;QAC3E,yBAAyB;QACzB,IAAI,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;YACpF,CAAC;YAAC,MAAM,CAAC;gBACP,2EAA2E;YAC7E,CAAC;QACH,CAAC;QAED,OAAO,gBAAgB,CAAA;IACzB,CAAC;IAEO,SAAS,CAAC,KAAa;QAC7B,OAAO,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACtE,CAAC;IAEO,WAAW,CAAC,KAAa,EAAE,MAAc;QAC/C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAK,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAC3C,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;YAAE,OAAO,KAAK,CAAA;QACnD,OAAO,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAC1C,CAAC;CACF;AAED,6DAA6D;AAE7D;;;;;;GAMG;AACH,MAAM,OAAO,qBAAqB;IACxB,KAAK,GAAG,IAAI,GAAG,EAA+D,CAAA;IAEtF,KAAK,CAAC,MAAM,CAAC,KAAa,EAAE,KAAa,EAAE,SAAe;QACxD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE,SAAS,EAAE,CAAC,CAAA;IACpE,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAa;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;QACnC,OAAO,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IAC1E,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAAa;QACxB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IAC1B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACxC,IAAI,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG;gBAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC/D,CAAC;IACH,CAAC;CACF"}
|
package/dist/providers.d.ts
CHANGED
|
@@ -6,14 +6,34 @@ type ModelClass = {
|
|
|
6
6
|
};
|
|
7
7
|
};
|
|
8
8
|
find(id: string | number): Promise<Record<string, unknown> | null>;
|
|
9
|
+
update?(id: string | number, data: Record<string, unknown>): Promise<unknown>;
|
|
9
10
|
};
|
|
10
11
|
export declare class EloquentUserProvider implements UserProvider {
|
|
11
12
|
private readonly model;
|
|
12
13
|
private readonly hashCheck;
|
|
13
|
-
|
|
14
|
+
private readonly hashMake?;
|
|
15
|
+
constructor(model: ModelClass, hashCheck: (plain: string, hashed: string) => Promise<boolean>, hashMake?: ((plain: string) => Promise<string>) | undefined);
|
|
14
16
|
retrieveById(id: string): Promise<Authenticatable | null>;
|
|
15
17
|
retrieveByCredentials(credentials: Record<string, unknown>): Promise<Authenticatable | null>;
|
|
16
18
|
validateCredentials(user: Authenticatable, credentials: Record<string, unknown>): Promise<boolean>;
|
|
19
|
+
/**
|
|
20
|
+
* Run a password verify against a throwaway hash and discard the result.
|
|
21
|
+
* Called when no user matched the credentials, so that the "no such account"
|
|
22
|
+
* path costs the same as the "wrong password" path — otherwise an attacker
|
|
23
|
+
* can distinguish registered from unregistered identifiers by timing (the
|
|
24
|
+
* real path pays the deliberately-expensive bcrypt/argon verify; the missing
|
|
25
|
+
* path used to return instantly).
|
|
26
|
+
*/
|
|
27
|
+
fakeValidateCredentials(credentials: Record<string, unknown>): Promise<void>;
|
|
28
|
+
/**
|
|
29
|
+
* Resolve a user by id and validate a "remember me" token against the stored
|
|
30
|
+
* one in constant time. Returns null when the user is gone, has no stored
|
|
31
|
+
* token (remember-me was never enabled / was cycled by logout), or the token
|
|
32
|
+
* doesn't match — so a stolen-then-revoked cookie stops working immediately.
|
|
33
|
+
*/
|
|
34
|
+
retrieveByToken(userId: string, token: string): Promise<Authenticatable | null>;
|
|
35
|
+
/** Persist a new remember token on the user's row (null clears it). */
|
|
36
|
+
updateRememberToken(userId: string, token: string | null): Promise<void>;
|
|
17
37
|
}
|
|
18
38
|
export declare function toAuthenticatable(record: Record<string, unknown>): Authenticatable & Record<string, unknown>;
|
|
19
39
|
export {};
|
package/dist/providers.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"providers.d.ts","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAKnE,KAAK,UAAU,GAAG;IAChB,KAAK,IAAI;QAAE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,GAAG;YAAE,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA;SAAE,CAAA;KAAE,CAAA;IACnG,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAAA;IAClE,MAAM,CAAC,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CAC9E,CAAA;AAsBD,qBAAa,oBAAqB,YAAW,YAAY;IAErD,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAFT,KAAK,EAAE,UAAU,EACjB,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,EAC9D,QAAQ,CAAC,GAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,aAAA;IAG1D,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAKzD,qBAAqB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAa5F,mBAAmB,CAAC,IAAI,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAkBxG;;;;;;;OAOG;IACG,uBAAuB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAOlF;;;;;OAKG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IASrF,uEAAuE;IACjE,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAG/E;AAID,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAQ5G"}
|
package/dist/providers.js
CHANGED
|
@@ -1,9 +1,29 @@
|
|
|
1
|
+
import { safeStringEqual } from './remember.js';
|
|
2
|
+
// A real bcrypt hash of a throwaway string. Used as the dummy-verify target
|
|
3
|
+
// when no `make` fn was passed (test/stub construction) so the no-user branch
|
|
4
|
+
// still feeds the configured `check` a well-formed digest. In production the
|
|
5
|
+
// manager threads `hashMake`, so the dummy is computed in the app's own
|
|
6
|
+
// algorithm (bcrypt OR argon2) — see `dummyHashFor`.
|
|
7
|
+
const FALLBACK_DUMMY_HASH = '$2a$10$RfVjvydv7Dzo0vs.E/ARheQhK9irIOkOwCo2ygy/8UNo3G9ecRPSK';
|
|
8
|
+
// One dummy hash per hasher, computed lazily and cached for the process. Keyed
|
|
9
|
+
// by the `make` fn so distinct hashers (e.g. across tests) never share a hash.
|
|
10
|
+
const _dummyHashCache = new WeakMap();
|
|
11
|
+
function dummyHashFor(hashMake) {
|
|
12
|
+
let p = _dummyHashCache.get(hashMake);
|
|
13
|
+
if (!p) {
|
|
14
|
+
p = hashMake('rudderjs/auth dummy password for timing equalization');
|
|
15
|
+
_dummyHashCache.set(hashMake, p);
|
|
16
|
+
}
|
|
17
|
+
return p;
|
|
18
|
+
}
|
|
1
19
|
export class EloquentUserProvider {
|
|
2
20
|
model;
|
|
3
21
|
hashCheck;
|
|
4
|
-
|
|
22
|
+
hashMake;
|
|
23
|
+
constructor(model, hashCheck, hashMake) {
|
|
5
24
|
this.model = model;
|
|
6
25
|
this.hashCheck = hashCheck;
|
|
26
|
+
this.hashMake = hashMake;
|
|
7
27
|
}
|
|
8
28
|
async retrieveById(id) {
|
|
9
29
|
const record = await this.model.find(id);
|
|
@@ -25,7 +45,53 @@ export class EloquentUserProvider {
|
|
|
25
45
|
const plain = credentials['password'];
|
|
26
46
|
if (typeof plain !== 'string')
|
|
27
47
|
return false;
|
|
28
|
-
|
|
48
|
+
const hashed = user.getAuthPassword();
|
|
49
|
+
// A row with no usable password hash (OAuth-only / SSO / invited-not-yet-set
|
|
50
|
+
// accounts, where `password` is null/empty) must never authenticate by
|
|
51
|
+
// password. Feeding an empty hash to the verifier is at best a no-op
|
|
52
|
+
// (bcrypt returns false) and at worst a throw (argon2 can't parse it) or a
|
|
53
|
+
// bypass (a lax custom hasher). Reject explicitly — but still run a dummy
|
|
54
|
+
// verify so "account exists but has no password" can't be told apart from
|
|
55
|
+
// "wrong password" by response latency.
|
|
56
|
+
if (!hashed) {
|
|
57
|
+
await this.fakeValidateCredentials(credentials);
|
|
58
|
+
return false;
|
|
59
|
+
}
|
|
60
|
+
return this.hashCheck(plain, hashed);
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Run a password verify against a throwaway hash and discard the result.
|
|
64
|
+
* Called when no user matched the credentials, so that the "no such account"
|
|
65
|
+
* path costs the same as the "wrong password" path — otherwise an attacker
|
|
66
|
+
* can distinguish registered from unregistered identifiers by timing (the
|
|
67
|
+
* real path pays the deliberately-expensive bcrypt/argon verify; the missing
|
|
68
|
+
* path used to return instantly).
|
|
69
|
+
*/
|
|
70
|
+
async fakeValidateCredentials(credentials) {
|
|
71
|
+
const plain = credentials['password'];
|
|
72
|
+
const candidate = typeof plain === 'string' ? plain : '';
|
|
73
|
+
const hashed = this.hashMake ? await dummyHashFor(this.hashMake) : FALLBACK_DUMMY_HASH;
|
|
74
|
+
await this.hashCheck(candidate, hashed);
|
|
75
|
+
}
|
|
76
|
+
/**
|
|
77
|
+
* Resolve a user by id and validate a "remember me" token against the stored
|
|
78
|
+
* one in constant time. Returns null when the user is gone, has no stored
|
|
79
|
+
* token (remember-me was never enabled / was cycled by logout), or the token
|
|
80
|
+
* doesn't match — so a stolen-then-revoked cookie stops working immediately.
|
|
81
|
+
*/
|
|
82
|
+
async retrieveByToken(userId, token) {
|
|
83
|
+
const record = await this.model.find(userId);
|
|
84
|
+
if (!record)
|
|
85
|
+
return null;
|
|
86
|
+
const user = toAuthenticatable(record);
|
|
87
|
+
const stored = user.getRememberToken();
|
|
88
|
+
if (!stored || !safeStringEqual(stored, token))
|
|
89
|
+
return null;
|
|
90
|
+
return user;
|
|
91
|
+
}
|
|
92
|
+
/** Persist a new remember token on the user's row (null clears it). */
|
|
93
|
+
async updateRememberToken(userId, token) {
|
|
94
|
+
await this.model.update?.(userId, { rememberToken: token });
|
|
29
95
|
}
|
|
30
96
|
}
|
|
31
97
|
// ─── Helpers ──────────────────────────────────────────────
|
package/dist/providers.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"providers.js","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"providers.js","sourceRoot":"","sources":["../src/providers.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAU/C,4EAA4E;AAC5E,8EAA8E;AAC9E,6EAA6E;AAC7E,wEAAwE;AACxE,qDAAqD;AACrD,MAAM,mBAAmB,GAAG,8DAA8D,CAAA;AAE1F,+EAA+E;AAC/E,+EAA+E;AAC/E,MAAM,eAAe,GAAG,IAAI,OAAO,EAA2B,CAAA;AAE9D,SAAS,YAAY,CAAC,QAA4C;IAChE,IAAI,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;IACrC,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,CAAC,GAAG,QAAQ,CAAC,sDAAsD,CAAC,CAAA;QACpE,eAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAA;IAClC,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAED,MAAM,OAAO,oBAAoB;IAEZ;IACA;IACA;IAHnB,YACmB,KAAiB,EACjB,SAA8D,EAC9D,QAA6C;QAF7C,UAAK,GAAL,KAAK,CAAY;QACjB,cAAS,GAAT,SAAS,CAAqD;QAC9D,aAAQ,GAAR,QAAQ,CAAqC;IAC7D,CAAC;IAEJ,KAAK,CAAC,YAAY,CAAC,EAAU;QAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QACxC,OAAO,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,WAAoC;QAC9D,MAAM,KAAK,GAAG,EAAE,GAAG,WAAW,EAAE,CAAA;QAChC,OAAO,KAAK,CAAC,UAAU,CAAC,CAAA;QACxB,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAEhD,IAAI,CAAC,GAAY,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAA;QACnC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/C,CAAC,GAAI,CAA+C,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,MAAM,GAAG,MAAO,CAA0D,CAAC,KAAK,EAAE,CAAA;QACxF,OAAO,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAClD,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,IAAqB,EAAE,WAAoC;QACnF,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAA;QACrC,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAA;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA;QACrC,6EAA6E;QAC7E,uEAAuE;QACvE,qEAAqE;QACrE,2EAA2E;QAC3E,0EAA0E;QAC1E,0EAA0E;QAC1E,wCAAwC;QACxC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAA;YAC/C,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;IACtC,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,uBAAuB,CAAC,WAAoC;QAChE,MAAM,KAAK,GAAO,WAAW,CAAC,UAAU,CAAC,CAAA;QACzC,MAAM,SAAS,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAA;QACxD,MAAM,MAAM,GAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAA;QACzF,MAAM,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAA;IACzC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,MAAc,EAAE,KAAa;QACjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC5C,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAA;QACxB,MAAM,IAAI,GAAK,iBAAiB,CAAC,MAAM,CAAC,CAAA;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAA;QACtC,IAAI,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA;QAC3D,OAAO,IAAI,CAAA;IACb,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,KAAoB;QAC5D,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAA;IAC7D,CAAC;CACF;AAED,6DAA6D;AAE7D,MAAM,UAAU,iBAAiB,CAAC,MAA+B;IAC/D,OAAO;QACL,GAAG,MAAM;QACT,iBAAiB,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACnD,eAAe,EAAI,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACzD,gBAAgB,EAAG,GAAG,EAAE,CAAE,MAAM,CAAC,eAAe,CAAmB,IAAI,IAAI;QAC3E,gBAAgB,EAAG,CAAC,KAAa,EAAE,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,GAAG,KAAK,CAAA,CAAC,CAAC;KAC1E,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
export interface RememberCookieAttrs {
|
|
2
|
+
/** Cookie name. */
|
|
3
|
+
cookie: string;
|
|
4
|
+
/** Cookie lifetime in days. */
|
|
5
|
+
lifetime: number;
|
|
6
|
+
secure: boolean;
|
|
7
|
+
sameSite: 'lax' | 'strict' | 'none';
|
|
8
|
+
path: string;
|
|
9
|
+
}
|
|
10
|
+
export type RememberDirective = {
|
|
11
|
+
action: 'set';
|
|
12
|
+
userId: string;
|
|
13
|
+
token: string;
|
|
14
|
+
} | {
|
|
15
|
+
action: 'clear';
|
|
16
|
+
};
|
|
17
|
+
/** Establish a request-scoped channel for the remember directive. */
|
|
18
|
+
export declare function runWithRemember<T>(fn: () => T): T;
|
|
19
|
+
/** Queue a remember directive from the guard (login/logout). No-op outside a
|
|
20
|
+
* request scope (CLI/queue) — there's no response cookie to write there. */
|
|
21
|
+
export declare function setRememberDirective(directive: RememberDirective): void;
|
|
22
|
+
/** Read and clear the queued directive (consumed by AuthMiddleware). */
|
|
23
|
+
export declare function takeRememberDirective(): RememberDirective | null;
|
|
24
|
+
/** A fresh 256-bit remember token (hex). */
|
|
25
|
+
export declare function newRememberToken(): string;
|
|
26
|
+
/** Read a single cookie value out of a `Cookie` request header. */
|
|
27
|
+
export declare function parseCookie(header: string, name: string): string | undefined;
|
|
28
|
+
/** Constant-time string compare, length-safe. */
|
|
29
|
+
export declare function safeStringEqual(a: string, b: string): boolean;
|
|
30
|
+
/** Sign `userId:token` into a self-verifying cookie value. */
|
|
31
|
+
export declare function encodeRememberCookie(userId: string, token: string, secret: string): string;
|
|
32
|
+
/** Verify + parse a remember cookie. Returns null on any tampering. */
|
|
33
|
+
export declare function decodeRememberCookie(value: string, secret: string): {
|
|
34
|
+
userId: string;
|
|
35
|
+
token: string;
|
|
36
|
+
} | null;
|
|
37
|
+
/** Build the `Set-Cookie` value for a remember cookie (or its deletion). */
|
|
38
|
+
export declare function buildRememberCookie(value: string | null, attrs: RememberCookieAttrs): string;
|
|
39
|
+
/** Cookie attributes (name/lifetime/flags). Never throws — safe to call on
|
|
40
|
+
* every request to learn the cookie name without resolving the secret. */
|
|
41
|
+
export declare function rememberCookieAttrs(overrides?: Partial<RememberCookieAttrs>): RememberCookieAttrs;
|
|
42
|
+
/** Resolve the HMAC secret used to sign remember cookies. Mirrors the
|
|
43
|
+
* PasswordBroker posture: throws in production when `AUTH_SECRET` is unset,
|
|
44
|
+
* falls back to a dev placeholder (with a one-time notice) otherwise. Only
|
|
45
|
+
* called when a remember cookie is actually being signed or verified, so an
|
|
46
|
+
* app that never uses remember-me is never forced to set the secret. */
|
|
47
|
+
export declare function resolveRememberSecret(override?: string): string;
|
|
48
|
+
//# sourceMappingURL=remember.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"remember.d.ts","sourceRoot":"","sources":["../src/remember.ts"],"names":[],"mappings":"AAqBA,MAAM,WAAW,mBAAmB;IAClC,mBAAmB;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,OAAO,CAAA;IACf,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAA;IACnC,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,MAAM,iBAAiB,GACzB;IAAE,MAAM,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAChD;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,CAAA;AAUvB,qEAAqE;AACrE,wBAAgB,eAAe,CAAC,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,CAEjD;AAED;6EAC6E;AAC7E,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,iBAAiB,GAAG,IAAI,CAGvE;AAED,wEAAwE;AACxE,wBAAgB,qBAAqB,IAAI,iBAAiB,GAAG,IAAI,CAMhE;AAED,4CAA4C;AAC5C,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,mEAAmE;AACnE,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAO5E;AAED,iDAAiD;AACjD,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAK7D;AAMD,8DAA8D;AAC9D,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAG1F;AAED,uEAAuE;AACvE,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAmB5G;AAED,4EAA4E;AAC5E,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,mBAAmB,GAAG,MAAM,CAa5F;AAED;2EAC2E;AAC3E,wBAAgB,mBAAmB,CAAC,SAAS,GAAE,OAAO,CAAC,mBAAmB,CAAM,GAAG,mBAAmB,CAQrG;AAID;;;;yEAIyE;AACzE,wBAAgB,qBAAqB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAe/D"}
|
package/dist/remember.js
ADDED
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
import { AsyncLocalStorage } from 'node:async_hooks';
|
|
2
|
+
import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
|
|
3
|
+
import { bootNotice } from '@rudderjs/core';
|
|
4
|
+
// globalThis-hoisted ALS, same duplicate-bundle reasoning as the auth ALS.
|
|
5
|
+
const ALS_KEY = '__rudderjs_auth_remember_als__';
|
|
6
|
+
const _alsGlobal = globalThis;
|
|
7
|
+
const _als = _alsGlobal[ALS_KEY]
|
|
8
|
+
?? (() => { const a = new AsyncLocalStorage(); _alsGlobal[ALS_KEY] = a; return a; })();
|
|
9
|
+
/** Establish a request-scoped channel for the remember directive. */
|
|
10
|
+
export function runWithRemember(fn) {
|
|
11
|
+
return _als.run({ directive: null }, fn);
|
|
12
|
+
}
|
|
13
|
+
/** Queue a remember directive from the guard (login/logout). No-op outside a
|
|
14
|
+
* request scope (CLI/queue) — there's no response cookie to write there. */
|
|
15
|
+
export function setRememberDirective(directive) {
|
|
16
|
+
const bag = _als.getStore();
|
|
17
|
+
if (bag)
|
|
18
|
+
bag.directive = directive;
|
|
19
|
+
}
|
|
20
|
+
/** Read and clear the queued directive (consumed by AuthMiddleware). */
|
|
21
|
+
export function takeRememberDirective() {
|
|
22
|
+
const bag = _als.getStore();
|
|
23
|
+
if (!bag)
|
|
24
|
+
return null;
|
|
25
|
+
const directive = bag.directive;
|
|
26
|
+
bag.directive = null;
|
|
27
|
+
return directive;
|
|
28
|
+
}
|
|
29
|
+
/** A fresh 256-bit remember token (hex). */
|
|
30
|
+
export function newRememberToken() {
|
|
31
|
+
return randomBytes(32).toString('hex');
|
|
32
|
+
}
|
|
33
|
+
/** Read a single cookie value out of a `Cookie` request header. */
|
|
34
|
+
export function parseCookie(header, name) {
|
|
35
|
+
for (const part of header.split(';')) {
|
|
36
|
+
const eq = part.indexOf('=');
|
|
37
|
+
if (eq === -1)
|
|
38
|
+
continue;
|
|
39
|
+
if (part.slice(0, eq).trim() === name)
|
|
40
|
+
return part.slice(eq + 1).trim();
|
|
41
|
+
}
|
|
42
|
+
return undefined;
|
|
43
|
+
}
|
|
44
|
+
/** Constant-time string compare, length-safe. */
|
|
45
|
+
export function safeStringEqual(a, b) {
|
|
46
|
+
const ab = Buffer.from(a, 'utf8');
|
|
47
|
+
const bb = Buffer.from(b, 'utf8');
|
|
48
|
+
if (ab.length !== bb.length)
|
|
49
|
+
return false;
|
|
50
|
+
return timingSafeEqual(ab, bb);
|
|
51
|
+
}
|
|
52
|
+
function hmac(value, secret) {
|
|
53
|
+
return createHmac('sha256', secret).update(value).digest('base64url');
|
|
54
|
+
}
|
|
55
|
+
/** Sign `userId:token` into a self-verifying cookie value. */
|
|
56
|
+
export function encodeRememberCookie(userId, token, secret) {
|
|
57
|
+
const body = Buffer.from(JSON.stringify({ id: userId, token })).toString('base64url');
|
|
58
|
+
return `${body}.${hmac(body, secret)}`;
|
|
59
|
+
}
|
|
60
|
+
/** Verify + parse a remember cookie. Returns null on any tampering. */
|
|
61
|
+
export function decodeRememberCookie(value, secret) {
|
|
62
|
+
const dot = value.lastIndexOf('.');
|
|
63
|
+
if (dot <= 0)
|
|
64
|
+
return null;
|
|
65
|
+
const body = value.slice(0, dot);
|
|
66
|
+
const sig = value.slice(dot + 1);
|
|
67
|
+
const expected = hmac(body, secret);
|
|
68
|
+
// Constant-time signature check before touching the payload.
|
|
69
|
+
const sigBuf = Buffer.from(sig, 'base64url');
|
|
70
|
+
const expBuf = Buffer.from(expected, 'base64url');
|
|
71
|
+
if (sigBuf.length !== expBuf.length || !timingSafeEqual(sigBuf, expBuf))
|
|
72
|
+
return null;
|
|
73
|
+
try {
|
|
74
|
+
const parsed = JSON.parse(Buffer.from(body, 'base64url').toString('utf8'));
|
|
75
|
+
const id = parsed['id'];
|
|
76
|
+
const token = parsed['token'];
|
|
77
|
+
if (typeof id !== 'string' || typeof token !== 'string' || !id || !token)
|
|
78
|
+
return null;
|
|
79
|
+
return { userId: id, token };
|
|
80
|
+
}
|
|
81
|
+
catch {
|
|
82
|
+
return null;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
/** Build the `Set-Cookie` value for a remember cookie (or its deletion). */
|
|
86
|
+
export function buildRememberCookie(value, attrs) {
|
|
87
|
+
const maxAge = value === null ? 0 : attrs.lifetime * 24 * 60 * 60;
|
|
88
|
+
const parts = [
|
|
89
|
+
`${attrs.cookie}=${value ?? ''}`,
|
|
90
|
+
`Path=${attrs.path}`,
|
|
91
|
+
`Max-Age=${maxAge}`,
|
|
92
|
+
`SameSite=${attrs.sameSite}`,
|
|
93
|
+
'HttpOnly',
|
|
94
|
+
];
|
|
95
|
+
// SameSite=None requires Secure (browsers drop it otherwise); same rule the
|
|
96
|
+
// session driver follows.
|
|
97
|
+
if (attrs.secure || attrs.sameSite === 'none')
|
|
98
|
+
parts.push('Secure');
|
|
99
|
+
return parts.join('; ');
|
|
100
|
+
}
|
|
101
|
+
/** Cookie attributes (name/lifetime/flags). Never throws — safe to call on
|
|
102
|
+
* every request to learn the cookie name without resolving the secret. */
|
|
103
|
+
export function rememberCookieAttrs(overrides = {}) {
|
|
104
|
+
return {
|
|
105
|
+
cookie: overrides.cookie ?? 'rudderjs_remember',
|
|
106
|
+
lifetime: overrides.lifetime ?? 400, // days; browsers cap persistent cookies at ~400d
|
|
107
|
+
secure: overrides.secure ?? (process.env['NODE_ENV'] === 'production'),
|
|
108
|
+
sameSite: overrides.sameSite ?? 'lax',
|
|
109
|
+
path: overrides.path ?? '/',
|
|
110
|
+
};
|
|
111
|
+
}
|
|
112
|
+
let _devSecretWarned = false;
|
|
113
|
+
/** Resolve the HMAC secret used to sign remember cookies. Mirrors the
|
|
114
|
+
* PasswordBroker posture: throws in production when `AUTH_SECRET` is unset,
|
|
115
|
+
* falls back to a dev placeholder (with a one-time notice) otherwise. Only
|
|
116
|
+
* called when a remember cookie is actually being signed or verified, so an
|
|
117
|
+
* app that never uses remember-me is never forced to set the secret. */
|
|
118
|
+
export function resolveRememberSecret(override) {
|
|
119
|
+
if (override)
|
|
120
|
+
return override;
|
|
121
|
+
const envSecret = process.env['AUTH_SECRET'];
|
|
122
|
+
if (envSecret)
|
|
123
|
+
return envSecret;
|
|
124
|
+
if (process.env['NODE_ENV'] === 'production') {
|
|
125
|
+
throw new Error('[RudderJS Auth] "remember me" requires AUTH_SECRET in production so the ' +
|
|
126
|
+
'remember cookie can be signed. Set AUTH_SECRET (>= 32 chars) in .env.');
|
|
127
|
+
}
|
|
128
|
+
if (!_devSecretWarned) {
|
|
129
|
+
bootNotice('auth', 'using a dev remember-me secret — set AUTH_SECRET (>= 32 chars) for production');
|
|
130
|
+
_devSecretWarned = true;
|
|
131
|
+
}
|
|
132
|
+
return 'rudderjs-dev-remember-secret';
|
|
133
|
+
}
|
|
134
|
+
//# sourceMappingURL=remember.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"remember.js","sourceRoot":"","sources":["../src/remember.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AACpD,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAmC3C,2EAA2E;AAC3E,MAAM,OAAO,GAAG,gCAAgC,CAAA;AAChD,MAAM,UAAU,GAAG,UAAqC,CAAA;AACxD,MAAM,IAAI,GAAoC,UAAU,CAAC,OAAO,CAAgD;OAC3G,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,GAAG,IAAI,iBAAiB,EAAe,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA,CAAC,CAAC,CAAC,EAAE,CAAA;AAEpG,qEAAqE;AACrE,MAAM,UAAU,eAAe,CAAI,EAAW;IAC5C,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAA;AAC1C,CAAC;AAED;6EAC6E;AAC7E,MAAM,UAAU,oBAAoB,CAAC,SAA4B;IAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;IAC3B,IAAI,GAAG;QAAE,GAAG,CAAC,SAAS,GAAG,SAAS,CAAA;AACpC,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,qBAAqB;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAA;IAC3B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,SAAS,GAAG,GAAG,CAAC,SAAS,CAAA;IAC/B,GAAG,CAAC,SAAS,GAAG,IAAI,CAAA;IACpB,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,4CAA4C;AAC5C,MAAM,UAAU,gBAAgB;IAC9B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AACxC,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,WAAW,CAAC,MAAc,EAAE,IAAY;IACtD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC5B,IAAI,EAAE,KAAK,CAAC,CAAC;YAAE,SAAQ;QACvB,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IACzE,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,iDAAiD;AACjD,MAAM,UAAU,eAAe,CAAC,CAAS,EAAE,CAAS;IAClD,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;IACjC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAA;IACjC,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACzC,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;AAChC,CAAC;AAED,SAAS,IAAI,CAAC,KAAa,EAAE,MAAc;IACzC,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;AACvE,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,oBAAoB,CAAC,MAAc,EAAE,KAAa,EAAE,MAAc;IAChF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAA;IACrF,OAAO,GAAG,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAA;AACxC,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,oBAAoB,CAAC,KAAa,EAAE,MAAc;IAChE,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,GAAG,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IACzB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAChC,MAAM,GAAG,GAAI,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAA;IACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACnC,6DAA6D;IAC7D,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAA;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IACjD,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC;QAAE,OAAO,IAAI,CAAA;IACpF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAA4B,CAAA;QACrG,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAA;QACvB,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,CAAA;QAC7B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,EAAE,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QACrF,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,4EAA4E;AAC5E,MAAM,UAAU,mBAAmB,CAAC,KAAoB,EAAE,KAA0B;IAClF,MAAM,MAAM,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;IACjE,MAAM,KAAK,GAAG;QACZ,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,IAAI,EAAE,EAAE;QAChC,QAAQ,KAAK,CAAC,IAAI,EAAE;QACpB,WAAW,MAAM,EAAE;QACnB,YAAY,KAAK,CAAC,QAAQ,EAAE;QAC5B,UAAU;KACX,CAAA;IACD,4EAA4E;IAC5E,0BAA0B;IAC1B,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACnE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC;AAED;2EAC2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,YAA0C,EAAE;IAC9E,OAAO;QACL,MAAM,EAAI,SAAS,CAAC,MAAM,IAAM,mBAAmB;QACnD,QAAQ,EAAE,SAAS,CAAC,QAAQ,IAAI,GAAG,EAAE,iDAAiD;QACtF,MAAM,EAAI,SAAS,CAAC,MAAM,IAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,CAAC;QAC1E,QAAQ,EAAE,SAAS,CAAC,QAAQ,IAAI,KAAK;QACrC,IAAI,EAAM,SAAS,CAAC,IAAI,IAAQ,GAAG;KACpC,CAAA;AACH,CAAC;AAED,IAAI,gBAAgB,GAAG,KAAK,CAAA;AAE5B;;;;yEAIyE;AACzE,MAAM,UAAU,qBAAqB,CAAC,QAAiB;IACrD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAA;IAC7B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAA;IAC5C,IAAI,SAAS;QAAE,OAAO,SAAS,CAAA;IAC/B,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,0EAA0E;YAC1E,uEAAuE,CACxE,CAAA;IACH,CAAC;IACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,UAAU,CAAC,MAAM,EAAE,+EAA+E,CAAC,CAAA;QACnG,gBAAgB,GAAG,IAAI,CAAA;IACzB,CAAC;IACD,OAAO,8BAA8B,CAAA;AACvC,CAAC"}
|
package/dist/session-guard.d.ts
CHANGED
|
@@ -28,8 +28,22 @@ export declare class SessionGuard implements Guard {
|
|
|
28
28
|
id(): Promise<string | null>;
|
|
29
29
|
check(): Promise<boolean>;
|
|
30
30
|
guest(): Promise<boolean>;
|
|
31
|
-
attempt(credentials: Record<string, unknown>,
|
|
32
|
-
|
|
31
|
+
attempt(credentials: Record<string, unknown>, remember?: boolean): Promise<boolean>;
|
|
32
|
+
/**
|
|
33
|
+
* Log a user in. When `remember` is true (and the provider supports
|
|
34
|
+
* persistent tokens), mint a fresh remember token, persist it on the user,
|
|
35
|
+
* and queue a long-lived remember cookie — `AuthMiddleware` writes it to the
|
|
36
|
+
* response. The directive is a no-op outside an HTTP request scope.
|
|
37
|
+
*/
|
|
38
|
+
login(user: Authenticatable, remember?: boolean): Promise<void>;
|
|
39
|
+
/**
|
|
40
|
+
* Resolve a user from a remember cookie's `userId`/`token` and, on a valid
|
|
41
|
+
* constant-time token match, re-establish the session WITHOUT minting a new
|
|
42
|
+
* token (the existing cookie stays valid — the token rotates only on a fresh
|
|
43
|
+
* remember-login or logout). Returns whether auto-login succeeded. Used by
|
|
44
|
+
* AuthMiddleware when there's no active session.
|
|
45
|
+
*/
|
|
46
|
+
loginViaRememberCookie(userId: string, token: string): Promise<boolean>;
|
|
33
47
|
logout(): Promise<void>;
|
|
34
48
|
}
|
|
35
49
|
//# sourceMappingURL=session-guard.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-guard.d.ts","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"session-guard.d.ts","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAO1E,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,SAAS,CAAA;IAChD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,GAAG,IAAI,CAAA;IACtC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;CAC5B;AAED,qBAAa,YAAa,YAAW,KAAK;IAItC,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAJ1B,OAAO,CAAC,KAAK,CAAgD;gBAG1C,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,YAAY;IAGxC;;;;;;;;;;;;;OAaG;IACG,IAAI,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IA8BvC,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAK5B,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBzF;;;;;OAKG;IACG,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC;IAYrE;;;;;;OAMG;IACG,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAUvE,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAa9B"}
|
package/dist/session-guard.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { currentTestUser } from './auth-manager.js';
|
|
2
|
+
import { newRememberToken, setRememberDirective } from './remember.js';
|
|
2
3
|
export class SessionGuard {
|
|
3
4
|
provider;
|
|
4
5
|
session;
|
|
@@ -60,22 +61,63 @@ export class SessionGuard {
|
|
|
60
61
|
async guest() {
|
|
61
62
|
return (await this.user()) === null;
|
|
62
63
|
}
|
|
63
|
-
async attempt(credentials,
|
|
64
|
+
async attempt(credentials, remember) {
|
|
64
65
|
const user = await this.provider.retrieveByCredentials(credentials);
|
|
65
|
-
if (!user)
|
|
66
|
+
if (!user) {
|
|
67
|
+
// Equalize timing with the wrong-password path so an attacker can't
|
|
68
|
+
// enumerate accounts by latency (no user = instant; wrong password =
|
|
69
|
+
// slow bcrypt/argon verify).
|
|
70
|
+
await this.provider.fakeValidateCredentials?.(credentials);
|
|
66
71
|
return false;
|
|
72
|
+
}
|
|
67
73
|
const valid = await this.provider.validateCredentials(user, credentials);
|
|
68
74
|
if (!valid)
|
|
69
75
|
return false;
|
|
70
|
-
await this.login(user);
|
|
76
|
+
await this.login(user, remember);
|
|
71
77
|
return true;
|
|
72
78
|
}
|
|
73
|
-
|
|
79
|
+
/**
|
|
80
|
+
* Log a user in. When `remember` is true (and the provider supports
|
|
81
|
+
* persistent tokens), mint a fresh remember token, persist it on the user,
|
|
82
|
+
* and queue a long-lived remember cookie — `AuthMiddleware` writes it to the
|
|
83
|
+
* response. The directive is a no-op outside an HTTP request scope.
|
|
84
|
+
*/
|
|
85
|
+
async login(user, remember) {
|
|
86
|
+
await this.session.regenerate();
|
|
87
|
+
this.session.put('auth_user_id', user.getAuthIdentifier());
|
|
88
|
+
this._user = user;
|
|
89
|
+
if (remember && this.provider.updateRememberToken) {
|
|
90
|
+
const token = newRememberToken();
|
|
91
|
+
await this.provider.updateRememberToken(user.getAuthIdentifier(), token);
|
|
92
|
+
setRememberDirective({ action: 'set', userId: user.getAuthIdentifier(), token });
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Resolve a user from a remember cookie's `userId`/`token` and, on a valid
|
|
97
|
+
* constant-time token match, re-establish the session WITHOUT minting a new
|
|
98
|
+
* token (the existing cookie stays valid — the token rotates only on a fresh
|
|
99
|
+
* remember-login or logout). Returns whether auto-login succeeded. Used by
|
|
100
|
+
* AuthMiddleware when there's no active session.
|
|
101
|
+
*/
|
|
102
|
+
async loginViaRememberCookie(userId, token) {
|
|
103
|
+
if (!this.provider.retrieveByToken)
|
|
104
|
+
return false;
|
|
105
|
+
const user = await this.provider.retrieveByToken(userId, token);
|
|
106
|
+
if (!user)
|
|
107
|
+
return false;
|
|
74
108
|
await this.session.regenerate();
|
|
75
109
|
this.session.put('auth_user_id', user.getAuthIdentifier());
|
|
76
110
|
this._user = user;
|
|
111
|
+
return true;
|
|
77
112
|
}
|
|
78
113
|
async logout() {
|
|
114
|
+
// Cycle the remember token so every outstanding remember cookie for this
|
|
115
|
+
// user stops working, then queue the cookie's deletion.
|
|
116
|
+
const user = this._user ?? await this.user().catch(() => null);
|
|
117
|
+
if (user && this.provider.updateRememberToken) {
|
|
118
|
+
await this.provider.updateRememberToken(user.getAuthIdentifier(), newRememberToken());
|
|
119
|
+
}
|
|
120
|
+
setRememberDirective({ action: 'clear' });
|
|
79
121
|
this.session.forget('auth_user_id');
|
|
80
122
|
await this.session.regenerate();
|
|
81
123
|
this._user = null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-guard.js","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;
|
|
1
|
+
{"version":3,"file":"session-guard.js","sourceRoot":"","sources":["../src/session-guard.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAA;AAYtE,MAAM,OAAO,YAAY;IAIJ;IACA;IAJX,KAAK,GAAuC,SAAS,CAAA,CAAC,6BAA6B;IAE3F,YACmB,QAAsB,EACtB,OAAqB;QADrB,aAAQ,GAAR,QAAQ,CAAc;QACtB,YAAO,GAAP,OAAO,CAAc;IACrC,CAAC;IAEJ;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC,KAAK,CAAA;QAE/C,0EAA0E;QAC1E,mEAAmE;QACnE,qEAAqE;QACrE,qEAAqE;QACrE,kDAAkD;QAClD,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAA;QAClC,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,KAAK,GAAG,QAAQ,CAAA;YACrB,OAAO,IAAI,CAAC,KAAK,CAAA;QACnB,CAAC;QAED,IAAI,EAAsB,CAAA;QAC1B,IAAI,CAAC;YACH,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAS,cAAc,CAAC,CAAA;QAC/C,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;YACjB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,IAAI,EAAE,EAAE,CAAC;YACP,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,CAAA;QACnD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACnB,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAA;IACnB,CAAC;IAED,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAA;QAC3B,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IACzC,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,CAAA;IACrC,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,CAAA;IACrC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,WAAoC,EAAE,QAAkB;QACpE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAA;QACnE,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,oEAAoE;YACpE,qEAAqE;YACrE,6BAA6B;YAC7B,MAAM,IAAI,CAAC,QAAQ,CAAC,uBAAuB,EAAE,CAAC,WAAW,CAAC,CAAA;YAC1D,OAAO,KAAK,CAAA;QACd,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;QACxE,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAA;QAExB,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAA;QAChC,OAAO,IAAI,CAAA;IACb,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,KAAK,CAAC,IAAqB,EAAE,QAAkB;QACnD,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAA;QAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAA;QAC1D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QAEjB,IAAI,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAClD,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAA;YAChC,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,KAAK,CAAC,CAAA;YACxE,oBAAoB,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;QAClF,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,sBAAsB,CAAC,MAAc,EAAE,KAAa;QACxD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe;YAAE,OAAO,KAAK,CAAA;QAChD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAC/D,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAA;QACvB,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAA;QAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAA;QAC1D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;QACjB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,KAAK,CAAC,MAAM;QACV,yEAAyE;QACzE,wDAAwD;QACxD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,IAAI,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;QAC9D,IAAI,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC9C,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACvF,CAAC;QACD,oBAAoB,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAA;QAEzC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAA;QACnC,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAA;QAC/B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAA;IACnB,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rudderjs/auth",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.6.1",
|
|
4
4
|
"rudderjs": {
|
|
5
5
|
"provider": "AuthProvider",
|
|
6
6
|
"stage": "infrastructure",
|
|
@@ -51,15 +51,15 @@
|
|
|
51
51
|
"./package.json": "./package.json"
|
|
52
52
|
},
|
|
53
53
|
"dependencies": {
|
|
54
|
-
"@rudderjs/console": "^1.4.
|
|
55
|
-
"@rudderjs/contracts": "^1.
|
|
56
|
-
"@rudderjs/core": "^1.
|
|
54
|
+
"@rudderjs/console": "^1.4.2",
|
|
55
|
+
"@rudderjs/contracts": "^1.17.1",
|
|
56
|
+
"@rudderjs/core": "^1.13.0"
|
|
57
57
|
},
|
|
58
58
|
"peerDependencies": {
|
|
59
59
|
"@rudderjs/hash": "^1.2.0",
|
|
60
|
-
"@rudderjs/middleware": "^1.2.
|
|
61
|
-
"@rudderjs/router": "^1.9.
|
|
62
|
-
"@rudderjs/session": "^2.
|
|
60
|
+
"@rudderjs/middleware": "^1.2.2",
|
|
61
|
+
"@rudderjs/router": "^1.9.1",
|
|
62
|
+
"@rudderjs/session": "^2.4.1",
|
|
63
63
|
"@rudderjs/view": "^1.3.0",
|
|
64
64
|
"@rudderjs/vite": "^2.11.0"
|
|
65
65
|
},
|
|
@@ -88,9 +88,9 @@
|
|
|
88
88
|
"reflect-metadata": "^0.2.2",
|
|
89
89
|
"typescript": "^5.4.0",
|
|
90
90
|
"@rudderjs/hash": "^1.2.0",
|
|
91
|
-
"@rudderjs/middleware": "^1.2.
|
|
92
|
-
"@rudderjs/router": "^1.9.
|
|
93
|
-
"@rudderjs/session": "^2.
|
|
91
|
+
"@rudderjs/middleware": "^1.2.2",
|
|
92
|
+
"@rudderjs/router": "^1.9.1",
|
|
93
|
+
"@rudderjs/session": "^2.4.1",
|
|
94
94
|
"@rudderjs/view": "^1.3.0",
|
|
95
95
|
"@rudderjs/vite": "^2.11.0",
|
|
96
96
|
"@rudderjs/cache": "^1.5.0"
|
|
@@ -101,7 +101,7 @@
|
|
|
101
101
|
"dev": "tsc -p tsconfig.build.json --watch",
|
|
102
102
|
"typecheck": "tsc --noEmit",
|
|
103
103
|
"lint": "eslint src",
|
|
104
|
-
"test": "tsc -p tsconfig.test.json && node --test dist-test/index.test.js dist-test/middleware-and-verification-fixes.test.js dist-test/base-auth-controller-rate-limits.test.js dist-test/ws-context-runner.test.js",
|
|
104
|
+
"test": "tsc -p tsconfig.test.json && node --test dist-test/index.test.js dist-test/middleware-and-verification-fixes.test.js dist-test/base-auth-controller-rate-limits.test.js dist-test/ws-context-runner.test.js dist-test/remember.test.js dist-test/security-hardening-fixes.test.js",
|
|
105
105
|
"clean": "rm -rf dist"
|
|
106
106
|
}
|
|
107
107
|
}
|