@splyntra/dashboard 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/auth.ts +14 -3
- package/src/lib/auth-extensions.ts +9 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@splyntra/dashboard",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.1.0",
|
|
4
4
|
"description": "Splyntra open dashboard — the composable source the commercial cloud build overlays. Published as source (not a prebuilt library): consumers compose it with their overlays + `next build`.",
|
|
5
5
|
"license": "AGPL-3.0-only",
|
|
6
6
|
"repository": {
|
package/src/auth.ts
CHANGED
|
@@ -11,11 +11,22 @@ import { registeredAuthProviders, registeredSignInHooks } from "@/lib/auth-exten
|
|
|
11
11
|
|
|
12
12
|
export const { handlers, auth, signIn, signOut } = NextAuth({
|
|
13
13
|
...authConfig,
|
|
14
|
-
|
|
15
|
-
|
|
14
|
+
callbacks: {
|
|
15
|
+
...authConfig.callbacks,
|
|
16
|
+
// Sign-in guards run BEFORE a session is issued and can DENY sign-in. The
|
|
17
|
+
// cloud build registers one that persists/links the OAuth identity (refusing
|
|
18
|
+
// unverified-email linking) and fails closed — so a user never ends up with a
|
|
19
|
+
// session but no backing user row. Open edition registers none (always true).
|
|
20
|
+
async signIn({ user, account, profile }) {
|
|
16
21
|
for (const hook of registeredSignInHooks()) {
|
|
17
|
-
|
|
22
|
+
try {
|
|
23
|
+
const ok = await hook(user as { id?: string; email?: string | null }, account, profile);
|
|
24
|
+
if (ok === false) return false;
|
|
25
|
+
} catch {
|
|
26
|
+
return false; // fail closed
|
|
27
|
+
}
|
|
18
28
|
}
|
|
29
|
+
return true;
|
|
19
30
|
},
|
|
20
31
|
},
|
|
21
32
|
providers: [
|
|
@@ -12,7 +12,15 @@ import type { NextAuthConfig } from "next-auth";
|
|
|
12
12
|
|
|
13
13
|
type Provider = NonNullable<NextAuthConfig["providers"]>[number];
|
|
14
14
|
type SignInUser = { id?: string; email?: string | null; name?: string | null };
|
|
15
|
-
|
|
15
|
+
// A sign-in guard runs in the next-auth `signIn` callback (it can DENY sign-in).
|
|
16
|
+
// Return false (or throw) to reject; void/true allows. Used by the cloud build to
|
|
17
|
+
// link the OAuth identity and refuse unverified-email linking — and to fail
|
|
18
|
+
// closed if persistence fails (so a user never gets a session with no backing row).
|
|
19
|
+
type SignInHook = (
|
|
20
|
+
user: SignInUser,
|
|
21
|
+
account: unknown,
|
|
22
|
+
profile: unknown
|
|
23
|
+
) => Promise<boolean | void> | boolean | void;
|
|
16
24
|
|
|
17
25
|
const extraProviders: Provider[] = [];
|
|
18
26
|
const signInHooks: SignInHook[] = [];
|