aaspai-authx 0.0.8 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/express/index.cjs +43 -27
- package/dist/express/index.cjs.map +1 -1
- package/dist/express/index.js +46 -28
- package/dist/express/index.js.map +1 -1
- package/dist/index.cjs +69 -53
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +72 -54
- package/dist/index.js.map +1 -1
- package/dist/nest/index.cjs +43 -27
- package/dist/nest/index.cjs.map +1 -1
- package/dist/nest/index.js +46 -28
- package/dist/nest/index.js.map +1 -1
- package/package.json +2 -2
package/dist/express/index.js
CHANGED
|
@@ -1,9 +1,29 @@
|
|
|
1
1
|
// src/express/auth.routes.ts
|
|
2
2
|
import bcrypt2 from "bcryptjs";
|
|
3
3
|
import { randomUUID } from "crypto";
|
|
4
|
-
import express, {
|
|
4
|
+
import express, {
|
|
5
|
+
Router
|
|
6
|
+
} from "express";
|
|
5
7
|
import jwt4 from "jsonwebtoken";
|
|
6
8
|
|
|
9
|
+
// src/core/utils.ts
|
|
10
|
+
function baseProjectCookieOptionsFrom(cookie) {
|
|
11
|
+
const base = {
|
|
12
|
+
secure: cookie.secure ?? false,
|
|
13
|
+
sameSite: cookie.sameSite ?? "lax",
|
|
14
|
+
path: cookie.path ?? "/",
|
|
15
|
+
maxAge: cookie.maxAgeMs
|
|
16
|
+
};
|
|
17
|
+
if (cookie.domain) base.domain = cookie.domain;
|
|
18
|
+
return base;
|
|
19
|
+
}
|
|
20
|
+
function hasAnyRole(session, roles) {
|
|
21
|
+
if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
|
|
22
|
+
return false;
|
|
23
|
+
}
|
|
24
|
+
return roles.some((role) => session.roles.includes(role));
|
|
25
|
+
}
|
|
26
|
+
|
|
7
27
|
// src/config/loadConfig.ts
|
|
8
28
|
function loadConfig() {
|
|
9
29
|
return {
|
|
@@ -581,6 +601,16 @@ function createAuthRouter(options = {}) {
|
|
|
581
601
|
const r = Router();
|
|
582
602
|
const email = new EmailService();
|
|
583
603
|
const authAdmin = new AuthAdminService();
|
|
604
|
+
const isProdEnv = process.env.NODE_ENV === "production";
|
|
605
|
+
const cookieConfig = {
|
|
606
|
+
sameSite: options.cookie?.sameSite ?? (isProdEnv ? "none" : "lax"),
|
|
607
|
+
// default if not provided
|
|
608
|
+
secure: options.cookie?.secure ?? isProdEnv,
|
|
609
|
+
// default: secure in prod
|
|
610
|
+
domain: options.cookie?.domain ?? void 0,
|
|
611
|
+
path: options.cookie?.path ?? "/",
|
|
612
|
+
maxAgeMs: options.cookie?.maxAgeMs ?? 24 * 60 * 60 * 1e3
|
|
613
|
+
};
|
|
584
614
|
r.use(express.json());
|
|
585
615
|
r.use(express.urlencoded({ extended: true }));
|
|
586
616
|
r.get(
|
|
@@ -611,10 +641,10 @@ function createAuthRouter(options = {}) {
|
|
|
611
641
|
});
|
|
612
642
|
}
|
|
613
643
|
const tokens = generateTokens(user);
|
|
614
|
-
setAuthCookies(res, tokens);
|
|
644
|
+
setAuthCookies(res, tokens, cookieConfig);
|
|
615
645
|
if (user.projectId) {
|
|
616
646
|
res.cookie(options.projectCookieName || "projectId", user.projectId, {
|
|
617
|
-
...
|
|
647
|
+
...baseProjectCookieOptionsFrom(cookieConfig),
|
|
618
648
|
httpOnly: true
|
|
619
649
|
});
|
|
620
650
|
}
|
|
@@ -946,26 +976,22 @@ function createAuthRouter(options = {}) {
|
|
|
946
976
|
});
|
|
947
977
|
return r;
|
|
948
978
|
}
|
|
949
|
-
function setAuthCookies(res, tokens) {
|
|
979
|
+
function setAuthCookies(res, tokens, cookie) {
|
|
980
|
+
const base = {
|
|
981
|
+
httpOnly: true,
|
|
982
|
+
secure: cookie.secure ?? false,
|
|
983
|
+
sameSite: cookie.sameSite ?? "lax",
|
|
984
|
+
path: cookie.path ?? "/",
|
|
985
|
+
maxAge: cookie.maxAgeMs
|
|
986
|
+
};
|
|
987
|
+
if (cookie.domain) {
|
|
988
|
+
base.domain = cookie.domain;
|
|
989
|
+
}
|
|
950
990
|
if (tokens?.access_token) {
|
|
951
|
-
res.cookie("access_token", tokens.access_token,
|
|
952
|
-
httpOnly: true,
|
|
953
|
-
secure: false,
|
|
954
|
-
sameSite: "lax",
|
|
955
|
-
maxAge: 24 * 60 * 60 * 1e3,
|
|
956
|
-
// 24 hours
|
|
957
|
-
path: "/"
|
|
958
|
-
});
|
|
991
|
+
res.cookie("access_token", tokens.access_token, base);
|
|
959
992
|
}
|
|
960
993
|
if (tokens?.refresh_token) {
|
|
961
|
-
res.cookie("refresh_token", tokens.refresh_token,
|
|
962
|
-
httpOnly: true,
|
|
963
|
-
secure: false,
|
|
964
|
-
sameSite: "lax",
|
|
965
|
-
maxAge: 24 * 60 * 60 * 1e3,
|
|
966
|
-
// 24 hours
|
|
967
|
-
path: "/"
|
|
968
|
-
});
|
|
994
|
+
res.cookie("refresh_token", tokens.refresh_token, base);
|
|
969
995
|
}
|
|
970
996
|
}
|
|
971
997
|
function toUserResponse(user) {
|
|
@@ -1174,14 +1200,6 @@ import bcrypt3 from "bcryptjs";
|
|
|
1174
1200
|
import { randomUUID as randomUUID3 } from "crypto";
|
|
1175
1201
|
import express3, { Router as Router5 } from "express";
|
|
1176
1202
|
|
|
1177
|
-
// src/core/utils.ts
|
|
1178
|
-
function hasAnyRole(session, roles) {
|
|
1179
|
-
if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
|
|
1180
|
-
return false;
|
|
1181
|
-
}
|
|
1182
|
-
return roles.some((role) => session.roles.includes(role));
|
|
1183
|
-
}
|
|
1184
|
-
|
|
1185
1203
|
// src/middlewares/requireRole.ts
|
|
1186
1204
|
function requireRole(...roles) {
|
|
1187
1205
|
return (req, res, next) => {
|