@splyntra/dashboard 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@splyntra/dashboard",
3
- "version": "1.0.0",
3
+ "version": "1.1.0",
4
4
  "description": "Splyntra open dashboard — the composable source the commercial cloud build overlays. Published as source (not a prebuilt library): consumers compose it with their overlays + `next build`.",
5
5
  "license": "AGPL-3.0-only",
6
6
  "repository": {
package/src/auth.ts CHANGED
@@ -11,11 +11,22 @@ import { registeredAuthProviders, registeredSignInHooks } from "@/lib/auth-exten
11
11
 
12
12
  export const { handlers, auth, signIn, signOut } = NextAuth({
13
13
  ...authConfig,
14
- events: {
15
- async signIn({ user, account }) {
14
+ callbacks: {
15
+ ...authConfig.callbacks,
16
+ // Sign-in guards run BEFORE a session is issued and can DENY sign-in. The
17
+ // cloud build registers one that persists/links the OAuth identity (refusing
18
+ // unverified-email linking) and fails closed — so a user never ends up with a
19
+ // session but no backing user row. Open edition registers none (always true).
20
+ async signIn({ user, account, profile }) {
16
21
  for (const hook of registeredSignInHooks()) {
17
- await hook(user as { id?: string; email?: string | null }, account);
22
+ try {
23
+ const ok = await hook(user as { id?: string; email?: string | null }, account, profile);
24
+ if (ok === false) return false;
25
+ } catch {
26
+ return false; // fail closed
27
+ }
18
28
  }
29
+ return true;
19
30
  },
20
31
  },
21
32
  providers: [
@@ -12,7 +12,15 @@ import type { NextAuthConfig } from "next-auth";
12
12
 
13
13
  type Provider = NonNullable<NextAuthConfig["providers"]>[number];
14
14
  type SignInUser = { id?: string; email?: string | null; name?: string | null };
15
- type SignInHook = (user: SignInUser, account: unknown) => Promise<void> | void;
15
+ // A sign-in guard runs in the next-auth `signIn` callback (it can DENY sign-in).
16
+ // Return false (or throw) to reject; void/true allows. Used by the cloud build to
17
+ // link the OAuth identity and refuse unverified-email linking — and to fail
18
+ // closed if persistence fails (so a user never gets a session with no backing row).
19
+ type SignInHook = (
20
+ user: SignInUser,
21
+ account: unknown,
22
+ profile: unknown
23
+ ) => Promise<boolean | void> | boolean | void;
16
24
 
17
25
  const extraProviders: Provider[] = [];
18
26
  const signInHooks: SignInHook[] = [];