aaspai-authx 0.0.8 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/express/index.cjs +43 -27
- package/dist/express/index.cjs.map +1 -1
- package/dist/express/index.js +46 -28
- package/dist/express/index.js.map +1 -1
- package/dist/index.cjs +69 -53
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +72 -54
- package/dist/index.js.map +1 -1
- package/dist/nest/index.cjs +43 -27
- package/dist/nest/index.cjs.map +1 -1
- package/dist/nest/index.js +46 -28
- package/dist/nest/index.js.map +1 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -26,9 +26,55 @@ __export(express_exports, {
|
|
|
26
26
|
// src/express/auth.routes.ts
|
|
27
27
|
import bcrypt2 from "bcryptjs";
|
|
28
28
|
import { randomUUID } from "crypto";
|
|
29
|
-
import express, {
|
|
29
|
+
import express, {
|
|
30
|
+
Router
|
|
31
|
+
} from "express";
|
|
30
32
|
import jwt4 from "jsonwebtoken";
|
|
31
33
|
|
|
34
|
+
// src/core/utils.ts
|
|
35
|
+
function hasRole(session, role) {
|
|
36
|
+
if (!session || !session.roles) return false;
|
|
37
|
+
return session.roles.includes(role);
|
|
38
|
+
}
|
|
39
|
+
function baseProjectCookieOptionsFrom(cookie) {
|
|
40
|
+
const base = {
|
|
41
|
+
secure: cookie.secure ?? false,
|
|
42
|
+
sameSite: cookie.sameSite ?? "lax",
|
|
43
|
+
path: cookie.path ?? "/",
|
|
44
|
+
maxAge: cookie.maxAgeMs
|
|
45
|
+
};
|
|
46
|
+
if (cookie.domain) base.domain = cookie.domain;
|
|
47
|
+
return base;
|
|
48
|
+
}
|
|
49
|
+
function hasAnyRole(session, roles) {
|
|
50
|
+
if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
|
|
51
|
+
return false;
|
|
52
|
+
}
|
|
53
|
+
return roles.some((role) => session.roles.includes(role));
|
|
54
|
+
}
|
|
55
|
+
function hasAllRoles(session, roles) {
|
|
56
|
+
if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
|
|
57
|
+
return false;
|
|
58
|
+
}
|
|
59
|
+
return roles.every((role) => session.roles.includes(role));
|
|
60
|
+
}
|
|
61
|
+
function hasPermission(session, permission) {
|
|
62
|
+
if (!session || !session.permissions) return false;
|
|
63
|
+
return session.permissions.includes(permission);
|
|
64
|
+
}
|
|
65
|
+
function hasAnyPermission(session, permissions) {
|
|
66
|
+
if (!session || !session.permissions || !Array.isArray(permissions) || permissions.length === 0) {
|
|
67
|
+
return false;
|
|
68
|
+
}
|
|
69
|
+
return permissions.some((perm) => session.permissions.includes(perm));
|
|
70
|
+
}
|
|
71
|
+
function hasAllPermissions(session, permissions) {
|
|
72
|
+
if (!session || !session.permissions || !Array.isArray(permissions) || permissions.length === 0) {
|
|
73
|
+
return false;
|
|
74
|
+
}
|
|
75
|
+
return permissions.every((perm) => session.permissions.includes(perm));
|
|
76
|
+
}
|
|
77
|
+
|
|
32
78
|
// src/config/loadConfig.ts
|
|
33
79
|
function loadConfig() {
|
|
34
80
|
return {
|
|
@@ -621,6 +667,16 @@ function createAuthRouter(options = {}) {
|
|
|
621
667
|
const r = Router();
|
|
622
668
|
const email = new EmailService();
|
|
623
669
|
const authAdmin = new AuthAdminService();
|
|
670
|
+
const isProdEnv = process.env.NODE_ENV === "production";
|
|
671
|
+
const cookieConfig = {
|
|
672
|
+
sameSite: options.cookie?.sameSite ?? (isProdEnv ? "none" : "lax"),
|
|
673
|
+
// default if not provided
|
|
674
|
+
secure: options.cookie?.secure ?? isProdEnv,
|
|
675
|
+
// default: secure in prod
|
|
676
|
+
domain: options.cookie?.domain ?? void 0,
|
|
677
|
+
path: options.cookie?.path ?? "/",
|
|
678
|
+
maxAgeMs: options.cookie?.maxAgeMs ?? 24 * 60 * 60 * 1e3
|
|
679
|
+
};
|
|
624
680
|
r.use(express.json());
|
|
625
681
|
r.use(express.urlencoded({ extended: true }));
|
|
626
682
|
r.get(
|
|
@@ -651,10 +707,10 @@ function createAuthRouter(options = {}) {
|
|
|
651
707
|
});
|
|
652
708
|
}
|
|
653
709
|
const tokens = generateTokens(user);
|
|
654
|
-
setAuthCookies(res, tokens);
|
|
710
|
+
setAuthCookies(res, tokens, cookieConfig);
|
|
655
711
|
if (user.projectId) {
|
|
656
712
|
res.cookie(options.projectCookieName || "projectId", user.projectId, {
|
|
657
|
-
...
|
|
713
|
+
...baseProjectCookieOptionsFrom(cookieConfig),
|
|
658
714
|
httpOnly: true
|
|
659
715
|
});
|
|
660
716
|
}
|
|
@@ -986,26 +1042,22 @@ function createAuthRouter(options = {}) {
|
|
|
986
1042
|
});
|
|
987
1043
|
return r;
|
|
988
1044
|
}
|
|
989
|
-
function setAuthCookies(res, tokens) {
|
|
1045
|
+
function setAuthCookies(res, tokens, cookie) {
|
|
1046
|
+
const base = {
|
|
1047
|
+
httpOnly: true,
|
|
1048
|
+
secure: cookie.secure ?? false,
|
|
1049
|
+
sameSite: cookie.sameSite ?? "lax",
|
|
1050
|
+
path: cookie.path ?? "/",
|
|
1051
|
+
maxAge: cookie.maxAgeMs
|
|
1052
|
+
};
|
|
1053
|
+
if (cookie.domain) {
|
|
1054
|
+
base.domain = cookie.domain;
|
|
1055
|
+
}
|
|
990
1056
|
if (tokens?.access_token) {
|
|
991
|
-
res.cookie("access_token", tokens.access_token,
|
|
992
|
-
httpOnly: true,
|
|
993
|
-
secure: false,
|
|
994
|
-
sameSite: "lax",
|
|
995
|
-
maxAge: 24 * 60 * 60 * 1e3,
|
|
996
|
-
// 24 hours
|
|
997
|
-
path: "/"
|
|
998
|
-
});
|
|
1057
|
+
res.cookie("access_token", tokens.access_token, base);
|
|
999
1058
|
}
|
|
1000
1059
|
if (tokens?.refresh_token) {
|
|
1001
|
-
res.cookie("refresh_token", tokens.refresh_token,
|
|
1002
|
-
httpOnly: true,
|
|
1003
|
-
secure: false,
|
|
1004
|
-
sameSite: "lax",
|
|
1005
|
-
maxAge: 24 * 60 * 60 * 1e3,
|
|
1006
|
-
// 24 hours
|
|
1007
|
-
path: "/"
|
|
1008
|
-
});
|
|
1060
|
+
res.cookie("refresh_token", tokens.refresh_token, base);
|
|
1009
1061
|
}
|
|
1010
1062
|
}
|
|
1011
1063
|
function toUserResponse(user) {
|
|
@@ -1214,40 +1266,6 @@ import bcrypt3 from "bcryptjs";
|
|
|
1214
1266
|
import { randomUUID as randomUUID3 } from "crypto";
|
|
1215
1267
|
import express3, { Router as Router5 } from "express";
|
|
1216
1268
|
|
|
1217
|
-
// src/core/utils.ts
|
|
1218
|
-
function hasRole(session, role) {
|
|
1219
|
-
if (!session || !session.roles) return false;
|
|
1220
|
-
return session.roles.includes(role);
|
|
1221
|
-
}
|
|
1222
|
-
function hasAnyRole(session, roles) {
|
|
1223
|
-
if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
|
|
1224
|
-
return false;
|
|
1225
|
-
}
|
|
1226
|
-
return roles.some((role) => session.roles.includes(role));
|
|
1227
|
-
}
|
|
1228
|
-
function hasAllRoles(session, roles) {
|
|
1229
|
-
if (!session || !session.roles || !Array.isArray(roles) || roles.length === 0) {
|
|
1230
|
-
return false;
|
|
1231
|
-
}
|
|
1232
|
-
return roles.every((role) => session.roles.includes(role));
|
|
1233
|
-
}
|
|
1234
|
-
function hasPermission(session, permission) {
|
|
1235
|
-
if (!session || !session.permissions) return false;
|
|
1236
|
-
return session.permissions.includes(permission);
|
|
1237
|
-
}
|
|
1238
|
-
function hasAnyPermission(session, permissions) {
|
|
1239
|
-
if (!session || !session.permissions || !Array.isArray(permissions) || permissions.length === 0) {
|
|
1240
|
-
return false;
|
|
1241
|
-
}
|
|
1242
|
-
return permissions.some((perm) => session.permissions.includes(perm));
|
|
1243
|
-
}
|
|
1244
|
-
function hasAllPermissions(session, permissions) {
|
|
1245
|
-
if (!session || !session.permissions || !Array.isArray(permissions) || permissions.length === 0) {
|
|
1246
|
-
return false;
|
|
1247
|
-
}
|
|
1248
|
-
return permissions.every((perm) => session.permissions.includes(perm));
|
|
1249
|
-
}
|
|
1250
|
-
|
|
1251
1269
|
// src/middlewares/requireRole.ts
|
|
1252
1270
|
function requireRole(...roles) {
|
|
1253
1271
|
return (req, res, next) => {
|