@seamless-auth/express 0.0.2-beta.4 → 0.0.2-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +36 -9
  2. package/package.json +2 -2
package/dist/index.js CHANGED
@@ -4,12 +4,13 @@ import cookieParser from "cookie-parser";
4
4
 
5
5
  // src/internal/cookie.ts
6
6
  import jwt from "jsonwebtoken";
7
- function setSessionCookie(res, payload, ttlSeconds = 300, name = "sa_session") {
7
+ function setSessionCookie(res, payload, domain, ttlSeconds = 300, name = "sa_session") {
8
8
  const COOKIE_SECRET2 = process.env.SEAMLESS_COOKIE_SIGNING_KEY;
9
9
  if (!COOKIE_SECRET2) {
10
10
  console.warn("[SeamlessAuth] Missing SEAMLESS_COOKIE_SIGNING_KEY env var!");
11
11
  throw new Error("Missing required env SEAMLESS_COOKIE_SIGNING_KEY");
12
12
  }
13
+ console.debug("[SeamlessAuth] Domain check... ", domain);
13
14
  const token = jwt.sign(payload, COOKIE_SECRET2, {
14
15
  algorithm: "HS256",
15
16
  expiresIn: `${ttlSeconds}s`
@@ -19,16 +20,18 @@ function setSessionCookie(res, payload, ttlSeconds = 300, name = "sa_session") {
19
20
  secure: process.env.NODE_ENV === "production",
20
21
  sameSite: process.env.NODE_ENV === "production" ? "none" : "lax",
21
22
  path: "/",
23
+ domain,
22
24
  maxAge: ttlSeconds * 1e3
23
25
  });
24
26
  }
25
27
  function clearSessionCookie(res, domain, name = "sa_session") {
26
28
  res.clearCookie(name, { domain, path: "/" });
27
29
  }
28
- function clearAllCookies(res, accesscookieName, registrationCookieName, refreshCookieName) {
29
- res.clearCookie(accesscookieName, { path: "/" });
30
- res.clearCookie(registrationCookieName, { path: "/" });
31
- res.clearCookie(refreshCookieName, { path: "/" });
30
+ function clearAllCookies(res, domain, accesscookieName, registrationCookieName, refreshCookieName) {
31
+ console.debug("[SeamlessAuth] clearing cookies");
32
+ res.clearCookie(accesscookieName, { domain, path: "/" });
33
+ res.clearCookie(registrationCookieName, { domain, path: "/" });
34
+ res.clearCookie(refreshCookieName, { domain, path: "/" });
32
35
  }
33
36
 
34
37
  // src/internal/authFetch.ts
@@ -171,7 +174,8 @@ function createEnsureCookiesMiddleware(opts) {
171
174
  "/logout": { name: opts.accesscookieName, required: true },
172
175
  "/users/me": { name: opts.accesscookieName, required: true }
173
176
  };
174
- return async function ensureCookies(req, res, next, cookieDomain = "") {
177
+ return async function ensureCookies(req, res, next, cookieDomain = opts.cookieDomain || "") {
178
+ console.debug("[SeamlessAuth] Ensuring cookies domain...", cookieDomain);
175
179
  const match = Object.entries(COOKIE_REQUIREMENTS).find(
176
180
  ([path]) => req.path.startsWith(path)
177
181
  );
@@ -191,6 +195,7 @@ function createEnsureCookiesMiddleware(opts) {
191
195
  if (!refreshed?.token) {
192
196
  clearAllCookies(
193
197
  res,
198
+ cookieDomain,
194
199
  name,
195
200
  opts.registrationCookieName,
196
201
  opts.refreshCookieName
@@ -205,12 +210,14 @@ function createEnsureCookiesMiddleware(opts) {
205
210
  token: refreshed.token,
206
211
  roles: refreshed.roles
207
212
  },
213
+ cookieDomain,
208
214
  refreshed.ttl,
209
215
  name
210
216
  );
211
217
  setSessionCookie(
212
218
  res,
213
219
  { sub: refreshed.sub, refreshToken: refreshed.refreshToken },
220
+ cookieDomain,
214
221
  refreshed.refreshTtl,
215
222
  opts.refreshCookieName
216
223
  );
@@ -260,6 +267,7 @@ function createSeamlessAuthServer(opts) {
260
267
  r.use(cookieParser());
261
268
  const {
262
269
  authServerUrl,
270
+ cookieDomain = "",
263
271
  accesscookieName = "seamless-access",
264
272
  registrationCookieName = "seamless-ephemeral",
265
273
  refreshCookieName = "seamless-refresh",
@@ -279,6 +287,7 @@ function createSeamlessAuthServer(opts) {
279
287
  r.use(
280
288
  createEnsureCookiesMiddleware({
281
289
  authServerUrl,
290
+ cookieDomain,
282
291
  accesscookieName,
283
292
  registrationCookieName,
284
293
  refreshCookieName,
@@ -311,7 +320,13 @@ function createSeamlessAuthServer(opts) {
311
320
  if (verified.sub !== data.sub) {
312
321
  throw new Error("Signature mismatch with data payload");
313
322
  }
314
- setSessionCookie(res, { sub: data.sub }, data.ttl, preAuthCookieName);
323
+ setSessionCookie(
324
+ res,
325
+ { sub: data.sub },
326
+ cookieDomain,
327
+ data.ttl,
328
+ preAuthCookieName
329
+ );
315
330
  res.status(204).end();
316
331
  }
317
332
  async function register(req, res) {
@@ -321,7 +336,13 @@ function createSeamlessAuthServer(opts) {
321
336
  });
322
337
  const data = await up.json();
323
338
  if (!up.ok) return res.status(up.status).json(data);
324
- setSessionCookie(res, { sub: data.sub }, data.ttl, registrationCookieName);
339
+ setSessionCookie(
340
+ res,
341
+ { sub: data.sub },
342
+ cookieDomain,
343
+ data.ttl,
344
+ registrationCookieName
345
+ );
325
346
  res.status(200).json(data).end();
326
347
  }
327
348
  async function finishLogin(req, res) {
@@ -344,12 +365,14 @@ function createSeamlessAuthServer(opts) {
344
365
  setSessionCookie(
345
366
  res,
346
367
  { sub: data.sub, roles: data.roles },
368
+ cookieDomain,
347
369
  data.ttl,
348
370
  accesscookieName
349
371
  );
350
372
  setSessionCookie(
351
373
  res,
352
374
  { sub: data.sub, refreshToken: data.refreshToken },
375
+ cookieDomain,
353
376
  data.refreshTtl,
354
377
  refreshCookieName
355
378
  );
@@ -369,6 +392,7 @@ function createSeamlessAuthServer(opts) {
369
392
  setSessionCookie(
370
393
  res,
371
394
  { sub: data.sub, roles: data.roles },
395
+ cookieDomain,
372
396
  data.ttl,
373
397
  accesscookieName
374
398
  );
@@ -380,6 +404,7 @@ function createSeamlessAuthServer(opts) {
380
404
  });
381
405
  clearAllCookies(
382
406
  res,
407
+ cookieDomain,
383
408
  accesscookieName,
384
409
  registrationCookieName,
385
410
  refreshCookieName
@@ -391,7 +416,7 @@ function createSeamlessAuthServer(opts) {
391
416
  method: "GET"
392
417
  });
393
418
  const data = await up.json();
394
- clearSessionCookie(res, preAuthCookieName);
419
+ clearSessionCookie(res, cookieDomain, preAuthCookieName);
395
420
  if (!data.user) return res.status(401).json({ error: "unauthenticated" });
396
421
  res.json({ user: data.user });
397
422
  }
@@ -452,12 +477,14 @@ function requireAuth(cookieName = "seamless-access", refreshCookieName = "seamle
452
477
  token: refreshed.token,
453
478
  roles: refreshed.roles
454
479
  },
480
+ cookieDomain,
455
481
  refreshed.ttl,
456
482
  cookieName
457
483
  );
458
484
  setSessionCookie(
459
485
  res,
460
486
  { sub: refreshed.sub, refreshToken: refreshed.refreshToken },
487
+ req.hostname,
461
488
  refreshed.refreshTtl,
462
489
  refreshCookieName
463
490
  );
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@seamless-auth/express",
3
- "version": "0.0.2-beta.4",
3
+ "version": "0.0.2-beta.5",
4
4
  "description": "Express adapter for Seamless Auth passwordless authentication",
5
5
  "license": "MIT",
6
6
  "type": "module",
@@ -8,7 +8,7 @@
8
8
  "types": "./dist/index.d.ts",
9
9
  "author": "Fells Code LLC",
10
10
  "scripts": {
11
- "build": "tsup src/index.ts --format esm --out-dir dist --dts --splitting",
11
+ "build": "tsup src/index.ts --format esm --out-dir dist --splitting",
12
12
  "dev": "tsc --watch"
13
13
  },
14
14
  "repository": {