@travetto/auth-web 8.0.0-alpha.0 → 8.0.0-alpha.2

package/README.md

@@ -110,7 +110,7 @@ export class AppConfig {
 The symbol `FB_AUTH` is what will be used to reference providers at runtime.  This was chosen, over `class` references due to the fact that most providers will not be defined via a new class, but via an [@InjectableFactory](https://github.com/travetto/travetto/tree/main/module/di/src/decorator.ts#L48) method.
 
 ## Maintaining Auth Context
-The [AuthContextInterceptor](https://github.com/travetto/travetto/tree/main/module/auth-web/src/interceptors/context.ts#L20) acts as the bridge between the [Authentication](https://github.com/travetto/travetto/tree/main/module/auth#readme "Authentication scaffolding for the Travetto framework") and [Web API](https://github.com/travetto/travetto/tree/main/module/web#readme "Declarative support for creating Web Applications") modules.  It serves to take an authenticated principal (via the [WebRequest](https://github.com/travetto/travetto/tree/main/module/web/src/types/request.ts#L11)/[WebResponse](https://github.com/travetto/travetto/tree/main/module/web/src/types/response.ts#L3)) and integrate it into the [AuthContext](https://github.com/travetto/travetto/tree/main/module/auth/src/context.ts#L14). Leveraging [WebAuthConfig](https://github.com/travetto/travetto/tree/main/module/auth-web/src/config.ts#L8)'s configuration allows for basic control of how the principal is encoded and decoded, primarily with the choice between using a header or a cookie, and which header, or cookie value is specifically referenced.  Additionally, the encoding process allows for auto-renewing of the token (on by default). The information is encoded into the [JWT](https://jwt.io/) appropriately, and when encoding using cookies, is also  set as the expiry time for the cookie.  
+The [AuthContextInterceptor](https://github.com/travetto/travetto/tree/main/module/auth-web/src/interceptors/context.ts#L20) acts as the bridge between the [Authentication](https://github.com/travetto/travetto/tree/main/module/auth#readme "Authentication scaffolding for the Travetto framework") and [Web API](https://github.com/travetto/travetto/tree/main/module/web#readme "Declarative support for creating Web Applications") modules.  It serves to take an authenticated principal (via the [WebRequest](https://github.com/travetto/travetto/tree/main/module/web/src/types/request.ts#L11)/[WebResponse](https://github.com/travetto/travetto/tree/main/module/web/src/types/response.ts#L3)) and integrate it into the [AuthContext](https://github.com/travetto/travetto/tree/main/module/auth/src/context.ts#L14). Leveraging [WebAuthConfig](https://github.com/travetto/travetto/tree/main/module/auth-web/src/config.ts#L9)'s configuration allows for basic control of how the principal is encoded and decoded, primarily with the choice between using a header or a cookie, and which header, or cookie value is specifically referenced.  Additionally, the encoding process allows for auto-renewing of the token (on by default). The information is encoded into the [JWT](https://jwt.io/) appropriately, and when encoding using cookies, is also  set as the expiry time for the cookie.  
 
 **Note for Cookie Use:** The automatic renewal, update, seamless receipt and transmission of the [Principal](https://github.com/travetto/travetto/tree/main/module/auth/src/types/principal.ts#L7) cookie act as a light-weight session.  Generally the goal is to keep the token as small as possible, but for small amounts of data, this pattern proves to be fairly sufficient at maintaining a decentralized state. 
 
@@ -121,7 +121,7 @@ The [PrincipalCodec](https://github.com/travetto/travetto/tree/main/module/auth-
 import type { Jwt, Verifier, SupportedAlgorithms } from 'njwt';
 
 import { type AuthContext, AuthenticationError, type AuthToken, type Principal } from '@travetto/auth';
-import { Injectable, Inject } from '@travetto/di';
+import { Injectable, Inject, PostConstruct } from '@travetto/di';
 import { type WebResponse, type WebRequest, type WebAsyncContext, CookieJar } from '@travetto/web';
 import { RuntimeError, castTo, TimeUtil } from '@travetto/runtime';
 
@@ -146,7 +146,8 @@ export class JWTPrincipalCodec implements PrincipalCodec {
   #verifier: Verifier;
   #algorithm: SupportedAlgorithms = 'HS256';
 
-  async postConstruct(): Promise<void> {
+  @PostConstruct()
+  async finalizeVerifier(): Promise<void> {
     // Weird issue with their ES module support
     const { default: { createVerifier } } = await import('njwt');
     this.#verifier = createVerifier()

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@travetto/auth-web",
-  "version": "8.0.0-alpha.0",
+  "version": "8.0.0-alpha.2",
   "type": "module",
   "description": "Web authentication integration support for the Travetto framework",
   "keywords": [
@@ -27,13 +27,13 @@
     "directory": "module/auth-web"
   },
   "dependencies": {
-    "@travetto/auth": "^8.0.0-alpha.0",
-    "@travetto/config": "^8.0.0-alpha.0",
-    "@travetto/web": "^8.0.0-alpha.0",
+    "@travetto/auth": "^8.0.0-alpha.2",
+    "@travetto/config": "^8.0.0-alpha.2",
+    "@travetto/web": "^8.0.0-alpha.2",
     "njwt": "^2.0.1"
   },
   "peerDependencies": {
-    "@travetto/test": "^8.0.0-alpha.0"
+    "@travetto/test": "^8.0.0-alpha.2"
   },
   "peerDependenciesMeta": {
     "@travetto/test": {

package/src/codec.ts

@@ -1,7 +1,7 @@
 import type { Jwt, Verifier, SupportedAlgorithms } from 'njwt';
 
 import { type AuthContext, AuthenticationError, type AuthToken, type Principal } from '@travetto/auth';
-import { Injectable, Inject } from '@travetto/di';
+import { Injectable, Inject, PostConstruct } from '@travetto/di';
 import { type WebResponse, type WebRequest, type WebAsyncContext, CookieJar } from '@travetto/web';
 import { RuntimeError, castTo, TimeUtil } from '@travetto/runtime';
 
@@ -26,7 +26,8 @@ export class JWTPrincipalCodec implements PrincipalCodec {
   #verifier: Verifier;
   #algorithm: SupportedAlgorithms = 'HS256';
 
-  async postConstruct(): Promise<void> {
+  @PostConstruct()
+  async finalizeVerifier(): Promise<void> {
     // Weird issue with their ES module support
     const { default: { createVerifier } } = await import('njwt');
     this.#verifier = createVerifier()

package/src/config.ts

@@ -1,4 +1,5 @@
 import { Config } from '@travetto/config';
+import { PostConstruct } from '@travetto/di';
 import { Runtime, RuntimeError, BinaryMetadataUtil } from '@travetto/runtime';
 import { Ignore, Secret } from '@travetto/schema';
 
@@ -17,7 +18,8 @@ export class WebAuthConfig {
   @Ignore()
   keyMap: Record<string, KeyEntry> & { default?: KeyEntry } = {};
 
-  postConstruct(): void {
+  @PostConstruct()
+  finalize(): void {
     if (!this.signingKey && Runtime.production) {
       throw new RuntimeError('The default signing key is only valid for development use, please specify a config value at web.auth.signingKey');
     }

package/src/interceptors/context.ts

@@ -1,6 +1,6 @@
 import { toConcrete } from '@travetto/runtime';
 import type { WebInterceptor, WebAsyncContext, WebInterceptorCategory, WebChainedContext, WebResponse } from '@travetto/web';
-import { Injectable, Inject, DependencyRegistryIndex } from '@travetto/di';
+import { Injectable, Inject, DependencyRegistryIndex, PostConstruct } from '@travetto/di';
 import type { AuthContext, AuthService, AuthToken, Principal } from '@travetto/auth';
 import { Required } from '@travetto/schema';
 
@@ -37,7 +37,8 @@ export class AuthContextInterceptor implements WebInterceptor {
   @Inject()
   webAsyncContext: WebAsyncContext;
 
-  async postConstruct(): Promise<void> {
+  @PostConstruct()
+  async registerContextHandlers(): Promise<void> {
     this.codec ??= await DependencyRegistryIndex.getInstance(toConcrete<PrincipalCodec>(), CommonPrincipalCodecSymbol);
     this.webAsyncContext.registerSource(toConcrete<Principal>(), () => this.authContext.principal);
     this.webAsyncContext.registerSource(toConcrete<AuthToken>(), () => this.authContext.authToken);