@wrelik/auth 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,5 @@
1
1
 
2
- > @wrelik/auth@0.2.1 build /home/runner/work/wrelik-kit/wrelik-kit/packages/auth
2
+ > @wrelik/auth@0.2.2 build /home/runner/work/wrelik-kit/wrelik-kit/packages/auth
3
3
  > tsup src/index.ts src/next.ts src/react-native.ts --format cjs,esm --dts --clean
4
4
 
5
5
  CLI Building entry: src/index.ts, src/next.ts, src/react-native.ts
@@ -9,18 +9,18 @@
9
9
  CLI Cleaning output folder
10
10
  CJS Build start
11
11
  ESM Build start
12
- CJS dist/index.js 2.23 KB
13
- CJS dist/react-native.js 2.31 KB
12
+ CJS dist/index.js 2.28 KB
14
13
  CJS dist/next.js 1.61 KB
15
- CJS ⚡️ Build success in 54ms
14
+ CJS dist/react-native.js 2.36 KB
15
+ CJS ⚡️ Build success in 60ms
16
16
  ESM dist/index.mjs 239.00 B
17
17
  ESM dist/next.mjs 255.00 B
18
18
  ESM dist/chunk-HWIZ2Q5U.mjs 391.00 B
19
19
  ESM dist/react-native.mjs 593.00 B
20
- ESM dist/chunk-5WLTDLEP.mjs 748.00 B
21
- ESM ⚡️ Build success in 55ms
20
+ ESM dist/chunk-TF32HGN2.mjs 799.00 B
21
+ ESM ⚡️ Build success in 60ms
22
22
  DTS Build start
23
- DTS ⚡️ Build success in 4418ms
23
+ DTS ⚡️ Build success in 4598ms
24
24
  DTS dist/index.d.ts 393.00 B
25
25
  DTS dist/next.d.ts 134.00 B
26
26
  DTS dist/react-native.d.ts 430.00 B
package/CHANGELOG.md CHANGED
@@ -1,5 +1,20 @@
1
1
  # @wrelik/auth
2
2
 
3
+ ## 0.2.2
4
+
5
+ ### Patch Changes
6
+
7
+ - 2b9cbf7: Fix auth role checks to reject malformed runtime role payloads and remove a duplicate TypeScript compiler option in errors to eliminate build warnings.
8
+ - Updated dependencies [2b9cbf7]
9
+ - @wrelik/errors@0.2.1
10
+
11
+ ## Unreleased
12
+
13
+ ### Patch Changes
14
+
15
+ - Fix role authorization checks to deny malformed runtime `roles` payloads.
16
+ - Add regression coverage to ensure malformed `roles` values cannot grant access.
17
+
3
18
  ## 0.2.1
4
19
 
5
20
  ### Patch Changes
@@ -15,6 +15,7 @@ function requireTenant(session) {
15
15
  }
16
16
  function hasRole(session, role) {
17
17
  if (!session || !session.userId) return false;
18
+ if (!Array.isArray(session.roles)) return false;
18
19
  return session.roles.includes(role);
19
20
  }
20
21
  function requireRole(session, role) {
package/dist/index.js CHANGED
@@ -45,6 +45,7 @@ function requireTenant(session) {
45
45
  }
46
46
  function hasRole(session, role) {
47
47
  if (!session || !session.userId) return false;
48
+ if (!Array.isArray(session.roles)) return false;
48
49
  return session.roles.includes(role);
49
50
  }
50
51
  function requireRole(session, role) {
package/dist/index.mjs CHANGED
@@ -6,7 +6,7 @@ import {
6
6
  requireRole,
7
7
  requireTenant,
8
8
  requireUser
9
- } from "./chunk-5WLTDLEP.mjs";
9
+ } from "./chunk-TF32HGN2.mjs";
10
10
  export {
11
11
  fromClerkAuth,
12
12
  hasRole,
package/dist/next.mjs CHANGED
@@ -1,7 +1,7 @@
1
1
  import {
2
2
  fromClerkAuth
3
3
  } from "./chunk-HWIZ2Q5U.mjs";
4
- import "./chunk-5WLTDLEP.mjs";
4
+ import "./chunk-TF32HGN2.mjs";
5
5
 
6
6
  // src/next.ts
7
7
  import { auth } from "@clerk/nextjs";
@@ -45,6 +45,7 @@ function requireTenant(session) {
45
45
  }
46
46
  function hasRole(session, role) {
47
47
  if (!session || !session.userId) return false;
48
+ if (!Array.isArray(session.roles)) return false;
48
49
  return session.roles.includes(role);
49
50
  }
50
51
  function requireRole(session, role) {
@@ -3,7 +3,7 @@ import {
3
3
  requireRole,
4
4
  requireTenant,
5
5
  requireUser
6
- } from "./chunk-5WLTDLEP.mjs";
6
+ } from "./chunk-TF32HGN2.mjs";
7
7
 
8
8
  // src/react-native.ts
9
9
  function mapClerkToSession(auth) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@wrelik/auth",
3
- "version": "0.2.1",
3
+ "version": "0.2.2",
4
4
  "publishConfig": {
5
5
  "access": "public"
6
6
  },
@@ -18,7 +18,7 @@
18
18
  },
19
19
  "dependencies": {
20
20
  "@clerk/backend": "^0.38.0",
21
- "@wrelik/errors": "0.2.0"
21
+ "@wrelik/errors": "0.2.1"
22
22
  },
23
23
  "peerDependencies": {
24
24
  "@clerk/nextjs": "^4.29.0"
@@ -24,4 +24,17 @@ describe('Auth Shared', () => {
24
24
  expect(hasRole(session, 'admin')).toBe(true);
25
25
  expect(hasRole(session, 'user')).toBe(false);
26
26
  });
27
+
28
+ it('does not grant role access when roles has invalid runtime shape', () => {
29
+ const malformedSession = {
30
+ userId: 'u1',
31
+ tenantId: 't1',
32
+ // Simulates untrusted runtime payload, despite the TypeScript type.
33
+ roles: 'admin',
34
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
35
+ } as any;
36
+
37
+ expect(hasRole(malformedSession, 'admin')).toBe(false);
38
+ expect(hasRole(malformedSession, 'min')).toBe(false);
39
+ });
27
40
  });
package/src/shared.ts CHANGED
@@ -23,6 +23,7 @@ export function requireTenant(session: WorkflowSession | null): string {
23
23
 
24
24
  export function hasRole(session: WorkflowSession | null, role: string): boolean {
25
25
  if (!session || !session.userId) return false;
26
+ if (!Array.isArray(session.roles)) return false;
26
27
  return session.roles.includes(role);
27
28
  }
28
29