@startsimpli/auth 0.4.3 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/client/functions.ts +13 -0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@startsimpli/auth",
3
- "version": "0.4.3",
3
+ "version": "0.4.5",
4
4
  "description": "Shared authentication package for StartSimpli Next.js apps",
5
5
  "main": "./src/index.ts",
6
6
  "types": "./src/index.ts",
package/src/client/functions.ts CHANGED
@@ -20,6 +20,7 @@ export interface AuthUser {
20
20
  groups?: string[];
21
21
  permissions?: string[];
22
22
  isActive?: boolean;
23
+ isStaff?: boolean;
23
24
  isEmailVerified?: boolean;
24
25
  }
25
26
 
@@ -136,6 +137,9 @@ export function setAccessToken(token: string | null): void {
136
137
  // Also clear from the other storage in case rememberMe was toggled
137
138
  if (_storageAvailable('sessionStorage')) sessionStorage.removeItem(TOKEN_STORAGE_KEY);
138
139
  if (_storageAvailable('localStorage')) localStorage.removeItem(TOKEN_STORAGE_KEY);
140
+ // Clear ALL auth cookies so middleware doesn't redirect back
141
+ // (prevents infinite loop when auth state is corrupted)
142
+ _clearAllAuthCookies();
139
143
  } else {
140
144
  storage.setItem(TOKEN_STORAGE_KEY, token);
141
145
  }
@@ -145,6 +149,14 @@ export function setAccessToken(token: string | null): void {
145
149
  _memToken = token;
146
150
  }
147
151
 
152
+ /** Clear every cookie the middleware checks so it won't redirect back to the app. */
153
+ function _clearAllAuthCookies(): void {
154
+ if (typeof document === 'undefined') return;
155
+ for (const name of ['auth_session', 'access_token', 'refresh_token']) {
156
+ document.cookie = `${name}=; path=/; max-age=0`;
157
+ }
158
+ }
159
+
148
160
  const AUTH_COOKIE_NAME = 'auth_session';
149
161
 
150
162
  /** Derive cookie max-age from JWT exp claim instead of hardcoding. */
@@ -213,6 +225,7 @@ function normalizeUser(raw: unknown): AuthUser | null {
213
225
  groups: Array.isArray(payload.groups) ? (payload.groups as string[]) : [],
214
226
  permissions: Array.isArray(payload.permissions) ? (payload.permissions as string[]) : [],
215
227
  isActive: (payload.isActive ?? payload.is_active) as boolean | undefined,
228
+ isStaff: (payload.isStaff ?? payload.is_staff) as boolean | undefined,
216
229
  isEmailVerified: (payload.isEmailVerified ?? payload.is_email_verified) as boolean | undefined,
217
230
  };
218
231
  }