aaspai-authx 0.0.7 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/express/index.cjs +43 -27
- package/dist/express/index.cjs.map +1 -1
- package/dist/express/index.js +46 -28
- package/dist/express/index.js.map +1 -1
- package/dist/index.cjs +69 -53
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +72 -54
- package/dist/index.js.map +1 -1
- package/dist/nest/index.cjs +43 -27
- package/dist/nest/index.cjs.map +1 -1
- package/dist/nest/index.js +46 -28
- package/dist/nest/index.js.map +1 -1
- package/package.json +2 -2
package/dist/express/index.cjs
CHANGED
|
@@ -44,6 +44,24 @@ var import_crypto = require("crypto");
|
|
|
44
44
|
var import_express = __toESM(require("express"), 1);
|
|
45
45
|
var import_jsonwebtoken4 = __toESM(require("jsonwebtoken"), 1);
|
|
46
46
|
|
|
47
|
+
// src/core/utils.ts
|
|
48
|
+
function baseProjectCookieOptionsFrom(cookie) {
|
|
49
|
+
const base = {
|
|
50
|
+
secure: cookie.secure ?? false,
|
|
51
|
+
sameSite: cookie.sameSite ?? "lax",
|
|
52
|
+
path: cookie.path ?? "/",
|
|
53
|
+
maxAge: cookie.maxAgeMs
|
|
54
|
+
};
|
|
55
|
+
if (cookie.domain) base.domain = cookie.domain;
|
|
56
|
+
return base;
|
|
57
|
+
}
|
|
58
|
+
function hasAnyRole(session, roles) {
|
|
59
|
+
if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
|
|
60
|
+
return false;
|
|
61
|
+
}
|
|
62
|
+
return roles.some((role) => session.roles.includes(role));
|
|
63
|
+
}
|
|
64
|
+
|
|
47
65
|
// src/config/loadConfig.ts
|
|
48
66
|
function loadConfig() {
|
|
49
67
|
return {
|
|
@@ -621,6 +639,16 @@ function createAuthRouter(options = {}) {
|
|
|
621
639
|
const r = (0, import_express.Router)();
|
|
622
640
|
const email = new EmailService();
|
|
623
641
|
const authAdmin = new AuthAdminService();
|
|
642
|
+
const isProdEnv = process.env.NODE_ENV === "production";
|
|
643
|
+
const cookieConfig = {
|
|
644
|
+
sameSite: options.cookie?.sameSite ?? (isProdEnv ? "none" : "lax"),
|
|
645
|
+
// default if not provided
|
|
646
|
+
secure: options.cookie?.secure ?? isProdEnv,
|
|
647
|
+
// default: secure in prod
|
|
648
|
+
domain: options.cookie?.domain ?? void 0,
|
|
649
|
+
path: options.cookie?.path ?? "/",
|
|
650
|
+
maxAgeMs: options.cookie?.maxAgeMs ?? 24 * 60 * 60 * 1e3
|
|
651
|
+
};
|
|
624
652
|
r.use(import_express.default.json());
|
|
625
653
|
r.use(import_express.default.urlencoded({ extended: true }));
|
|
626
654
|
r.get(
|
|
@@ -651,10 +679,10 @@ function createAuthRouter(options = {}) {
|
|
|
651
679
|
});
|
|
652
680
|
}
|
|
653
681
|
const tokens = generateTokens(user);
|
|
654
|
-
setAuthCookies(res, tokens);
|
|
682
|
+
setAuthCookies(res, tokens, cookieConfig);
|
|
655
683
|
if (user.projectId) {
|
|
656
684
|
res.cookie(options.projectCookieName || "projectId", user.projectId, {
|
|
657
|
-
...
|
|
685
|
+
...baseProjectCookieOptionsFrom(cookieConfig),
|
|
658
686
|
httpOnly: true
|
|
659
687
|
});
|
|
660
688
|
}
|
|
@@ -986,26 +1014,22 @@ function createAuthRouter(options = {}) {
|
|
|
986
1014
|
});
|
|
987
1015
|
return r;
|
|
988
1016
|
}
|
|
989
|
-
function setAuthCookies(res, tokens) {
|
|
1017
|
+
function setAuthCookies(res, tokens, cookie) {
|
|
1018
|
+
const base = {
|
|
1019
|
+
httpOnly: true,
|
|
1020
|
+
secure: cookie.secure ?? false,
|
|
1021
|
+
sameSite: cookie.sameSite ?? "lax",
|
|
1022
|
+
path: cookie.path ?? "/",
|
|
1023
|
+
maxAge: cookie.maxAgeMs
|
|
1024
|
+
};
|
|
1025
|
+
if (cookie.domain) {
|
|
1026
|
+
base.domain = cookie.domain;
|
|
1027
|
+
}
|
|
990
1028
|
if (tokens?.access_token) {
|
|
991
|
-
res.cookie("access_token", tokens.access_token,
|
|
992
|
-
httpOnly: true,
|
|
993
|
-
secure: false,
|
|
994
|
-
sameSite: "lax",
|
|
995
|
-
maxAge: 24 * 60 * 60 * 1e3,
|
|
996
|
-
// 24 hours
|
|
997
|
-
path: "/"
|
|
998
|
-
});
|
|
1029
|
+
res.cookie("access_token", tokens.access_token, base);
|
|
999
1030
|
}
|
|
1000
1031
|
if (tokens?.refresh_token) {
|
|
1001
|
-
res.cookie("refresh_token", tokens.refresh_token,
|
|
1002
|
-
httpOnly: true,
|
|
1003
|
-
secure: false,
|
|
1004
|
-
sameSite: "lax",
|
|
1005
|
-
maxAge: 24 * 60 * 60 * 1e3,
|
|
1006
|
-
// 24 hours
|
|
1007
|
-
path: "/"
|
|
1008
|
-
});
|
|
1032
|
+
res.cookie("refresh_token", tokens.refresh_token, base);
|
|
1009
1033
|
}
|
|
1010
1034
|
}
|
|
1011
1035
|
function toUserResponse(user) {
|
|
@@ -1214,14 +1238,6 @@ var import_bcryptjs2 = __toESM(require("bcryptjs"), 1);
|
|
|
1214
1238
|
var import_crypto3 = require("crypto");
|
|
1215
1239
|
var import_express5 = __toESM(require("express"), 1);
|
|
1216
1240
|
|
|
1217
|
-
// src/core/utils.ts
|
|
1218
|
-
function hasAnyRole(session, roles) {
|
|
1219
|
-
if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
|
|
1220
|
-
return false;
|
|
1221
|
-
}
|
|
1222
|
-
return roles.some((role) => session.roles.includes(role));
|
|
1223
|
-
}
|
|
1224
|
-
|
|
1225
1241
|
// src/middlewares/requireRole.ts
|
|
1226
1242
|
function requireRole(...roles) {
|
|
1227
1243
|
return (req, res, next) => {
|