astro-sessionkit 0.1.17 → 0.1.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/guardMiddleware.d.ts.map +1 -1
- package/dist/core/guardMiddleware.js +11 -3
- package/dist/core/guardMiddleware.js.map +1 -1
- package/dist/core/logger.js +1 -1
- package/dist/core/logger.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +3 -2
- package/dist/index.js.map +1 -1
- package/dist/integration.d.ts.map +1 -1
- package/dist/integration.js +3 -2
- package/dist/integration.js.map +1 -1
- package/package.json +1 -1
- package/src/core/guardMiddleware.ts +31 -19
- package/src/core/logger.ts +1 -1
- package/src/index.ts +3 -2
- package/src/integration.ts +3 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guardMiddleware.d.ts","sourceRoot":"","sources":["../../src/core/guardMiddleware.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAa,iBAAiB,EAAC,MAAM,OAAO,CAAC;AAsEzD,wBAAgB,qBAAqB,IAAI,iBAAiB,
|
|
1
|
+
{"version":3,"file":"guardMiddleware.d.ts","sourceRoot":"","sources":["../../src/core/guardMiddleware.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAa,iBAAiB,EAAC,MAAM,OAAO,CAAC;AAsEzD,wBAAgB,qBAAqB,IAAI,iBAAiB,CAmEzD"}
|
|
@@ -48,9 +48,6 @@ async function checkRule(rule, session) {
|
|
|
48
48
|
function createGuardMiddleware() {
|
|
49
49
|
return async (context, next) => {
|
|
50
50
|
const { protect, loginPath, globalProtect, exclude } = getConfig();
|
|
51
|
-
if (protect.length === 0 && !globalProtect) {
|
|
52
|
-
return next();
|
|
53
|
-
}
|
|
54
51
|
let pathname;
|
|
55
52
|
try {
|
|
56
53
|
pathname = new URL(context.request.url).pathname;
|
|
@@ -58,15 +55,24 @@ function createGuardMiddleware() {
|
|
|
58
55
|
catch {
|
|
59
56
|
pathname = "/";
|
|
60
57
|
}
|
|
58
|
+
debug(`[Guard] Pathname: ${pathname}, GlobalProtect: ${globalProtect}, Rules: ${protect.length}`);
|
|
59
|
+
if (protect.length === 0 && !globalProtect) {
|
|
60
|
+
return next();
|
|
61
|
+
}
|
|
61
62
|
const sessionContext = getContextStore();
|
|
62
63
|
const session = sessionContext?.session ?? null;
|
|
63
64
|
const rule = protect.find((r) => matchesPattern(r.pattern, pathname));
|
|
65
|
+
if (rule) {
|
|
66
|
+
debug(`[Guard] Found matching rule for ${pathname}:`, rule);
|
|
67
|
+
}
|
|
64
68
|
if (!rule) {
|
|
65
69
|
if (globalProtect) {
|
|
66
70
|
if (exclude.some((pattern) => matchesPattern(pattern, pathname))) {
|
|
71
|
+
debug(`[GlobalProtect] Skipping ${pathname} because it matches an exclude pattern`);
|
|
67
72
|
return next();
|
|
68
73
|
}
|
|
69
74
|
if (pathname === loginPath) {
|
|
75
|
+
debug(`[GlobalProtect] Skipping ${pathname} because it is the loginPath`);
|
|
70
76
|
return next();
|
|
71
77
|
}
|
|
72
78
|
if (!session || !isValidSessionStructure(session)) {
|
|
@@ -74,6 +80,7 @@ function createGuardMiddleware() {
|
|
|
74
80
|
return context.redirect(loginPath);
|
|
75
81
|
}
|
|
76
82
|
}
|
|
83
|
+
debug(`[GlobalProtect] Allowing ${pathname} because session is valid or globalProtect is false`);
|
|
77
84
|
return next();
|
|
78
85
|
}
|
|
79
86
|
const allowed = await checkRule(rule, session);
|
|
@@ -82,6 +89,7 @@ function createGuardMiddleware() {
|
|
|
82
89
|
debug(`[Guard] Redirecting to ${redirectTo} because access was denied by rule:`, rule);
|
|
83
90
|
return context.redirect(redirectTo);
|
|
84
91
|
}
|
|
92
|
+
debug(`[Guard] Allowing ${pathname} because access was granted by rule:`, rule);
|
|
85
93
|
return next();
|
|
86
94
|
};
|
|
87
95
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guardMiddleware.js","sources":["../../src/core/guardMiddleware.ts"],"sourcesContent":["// ============================================================================\n// Route Guard Middleware - Enforces protection rules\n// ============================================================================\n\nimport type {APIContext, MiddlewareHandler} from \"astro\";\nimport { getContextStore } from \"./context\";\nimport { getConfig } from \"./config\";\nimport { matchesPattern } from \"./matcher\";\nimport type { ProtectionRule, Session } from \"./types\";\nimport { isValidSessionStructure } from \"./validation\";\nimport * as logger from \"./logger\";\n\n/**\n * Check if session satisfies a protection rule\n */\nasync function checkRule(rule: ProtectionRule, session: Session | null): Promise<boolean> {\n const { access } = getConfig();\n\n // Custom check overrides everything\n if (access.check) {\n try {\n return await access.check(rule, session);\n } catch (error) {\n logger.error('Error in custom access check hook:', error);\n return false;\n }\n }\n\n // Custom allow function\n if (\"allow\" in rule) {\n try {\n return await rule.allow(session);\n } catch (error) {\n logger.error('Error in custom rule allow function:', error);\n return false;\n }\n }\n\n // Must be authenticated and have a valid session structure for all other checks\n if (!session || !isValidSessionStructure(session)) {\n return false;\n }\n\n // Single role check\n if (\"role\" in rule) {\n const userRole = access.getRole(session);\n return userRole === rule.role;\n }\n\n // Multiple roles check (user must have ONE of these)\n if (\"roles\" in rule) {\n const userRole = access.getRole(session);\n return userRole !== null && rule.roles.includes(userRole);\n }\n\n // Single permission check\n if (\"permission\" in rule) {\n const userPermissions = access.getPermissions(session);\n return userPermissions.includes(rule.permission);\n }\n\n // Multiple permissions check (user must have ALL of these)\n if (\"permissions\" in rule) {\n const userPermissions = access.getPermissions(session);\n return rule.permissions.every((p) => userPermissions.includes(p));\n }\n\n // No specific rule matched - allow by default\n return true;\n}\n\n/**\n * Create route guard middleware\n */\nexport function createGuardMiddleware(): MiddlewareHandler {\n return async (context : APIContext, next) => {\n const { protect, loginPath, globalProtect, exclude } = getConfig();\n \n
|
|
1
|
+
{"version":3,"file":"guardMiddleware.js","sources":["../../src/core/guardMiddleware.ts"],"sourcesContent":["// ============================================================================\n// Route Guard Middleware - Enforces protection rules\n// ============================================================================\n\nimport type {APIContext, MiddlewareHandler} from \"astro\";\nimport { getContextStore } from \"./context\";\nimport { getConfig } from \"./config\";\nimport { matchesPattern } from \"./matcher\";\nimport type { ProtectionRule, Session } from \"./types\";\nimport { isValidSessionStructure } from \"./validation\";\nimport * as logger from \"./logger\";\n\n/**\n * Check if session satisfies a protection rule\n */\nasync function checkRule(rule: ProtectionRule, session: Session | null): Promise<boolean> {\n const { access } = getConfig();\n\n // Custom check overrides everything\n if (access.check) {\n try {\n return await access.check(rule, session);\n } catch (error) {\n logger.error('Error in custom access check hook:', error);\n return false;\n }\n }\n\n // Custom allow function\n if (\"allow\" in rule) {\n try {\n return await rule.allow(session);\n } catch (error) {\n logger.error('Error in custom rule allow function:', error);\n return false;\n }\n }\n\n // Must be authenticated and have a valid session structure for all other checks\n if (!session || !isValidSessionStructure(session)) {\n return false;\n }\n\n // Single role check\n if (\"role\" in rule) {\n const userRole = access.getRole(session);\n return userRole === rule.role;\n }\n\n // Multiple roles check (user must have ONE of these)\n if (\"roles\" in rule) {\n const userRole = access.getRole(session);\n return userRole !== null && rule.roles.includes(userRole);\n }\n\n // Single permission check\n if (\"permission\" in rule) {\n const userPermissions = access.getPermissions(session);\n return userPermissions.includes(rule.permission);\n }\n\n // Multiple permissions check (user must have ALL of these)\n if (\"permissions\" in rule) {\n const userPermissions = access.getPermissions(session);\n return rule.permissions.every((p) => userPermissions.includes(p));\n }\n\n // No specific rule matched - allow by default\n return true;\n}\n\n/**\n * Create route guard middleware\n */\nexport function createGuardMiddleware(): MiddlewareHandler {\n return async (context : APIContext, next) => {\n const { protect, loginPath, globalProtect, exclude } = getConfig();\n \n let pathname: string;\n try {\n pathname = new URL(context.request.url).pathname;\n } catch {\n // Fallback if URL is invalid (unlikely in Astro)\n pathname = \"/\";\n }\n\n logger.debug(`[Guard] Pathname: ${pathname}, GlobalProtect: ${globalProtect}, Rules: ${protect.length}`);\n\n // No rules configured and no global protect - skip\n if (protect.length === 0 && !globalProtect) {\n return next();\n }\n\n const sessionContext = getContextStore();\n const session = sessionContext?.session ?? null;\n\n // Find matching rule\n const rule = protect.find((r) => matchesPattern(r.pattern, pathname));\n \n if (rule) {\n logger.debug(`[Guard] Found matching rule for ${pathname}:`, rule);\n }\n\n // No matching rule - check global protection\n if (!rule) {\n if (globalProtect) {\n // Skip if path is in exclude list\n if (exclude.some((pattern) => matchesPattern(pattern, pathname))) {\n logger.debug(`[GlobalProtect] Skipping ${pathname} because it matches an exclude pattern`);\n return next();\n }\n \n // Skip if it's the login page itself (to avoid redirect loops)\n if (pathname === loginPath) {\n logger.debug(`[GlobalProtect] Skipping ${pathname} because it is the loginPath`);\n return next();\n }\n\n // Require valid session\n if (!session || !isValidSessionStructure(session)) {\n logger.debug(`[GlobalProtect] Redirecting to ${loginPath} because session is ${session ? 'invalid' : 'missing'}`);\n return context.redirect(loginPath);\n }\n }\n \n logger.debug(`[GlobalProtect] Allowing ${pathname} because session is valid or globalProtect is false`);\n return next();\n }\n\n // Check if access is allowed\n const allowed = await checkRule(rule, session);\n\n if (!allowed) {\n const redirectTo = rule.redirectTo ?? loginPath;\n logger.debug(`[Guard] Redirecting to ${redirectTo} because access was denied by rule:`, rule);\n return context.redirect(redirectTo);\n }\n\n logger.debug(`[Guard] Allowing ${pathname} because access was granted by rule:`, rule);\n return next();\n };\n}\n"],"names":["error","logger.error","logger.debug"],"mappings":";;;;;;AAeA,eAAe,SAAS,CAAC,IAAoB,EAAE,OAAuB,EAAA;AACpE,IAAA,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,EAAE;AAG9B,IAAA,IAAI,MAAM,CAAC,KAAK,EAAE;AAChB,QAAA,IAAI;YACF,OAAO,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC;QAC1C;QAAE,OAAOA,OAAK,EAAE;AACd,YAAAC,KAAY,CAAC,oCAAoC,EAAED,OAAK,CAAC;AACzD,YAAA,OAAO,KAAK;QACd;IACF;AAGA,IAAA,IAAI,OAAO,IAAI,IAAI,EAAE;AACnB,QAAA,IAAI;AACF,YAAA,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;QAClC;QAAE,OAAOA,OAAK,EAAE;AACd,YAAAC,KAAY,CAAC,sCAAsC,EAAED,OAAK,CAAC;AAC3D,YAAA,OAAO,KAAK;QACd;IACF;IAGA,IAAI,CAAC,OAAO,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE;AACjD,QAAA,OAAO,KAAK;IACd;AAGA,IAAA,IAAI,MAAM,IAAI,IAAI,EAAE;QAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;AACxC,QAAA,OAAO,QAAQ,KAAK,IAAI,CAAC,IAAI;IAC/B;AAGA,IAAA,IAAI,OAAO,IAAI,IAAI,EAAE;QACnB,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;AACxC,QAAA,OAAO,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;IAC3D;AAGA,IAAA,IAAI,YAAY,IAAI,IAAI,EAAE;QACxB,MAAM,eAAe,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC;QACtD,OAAO,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC;IAClD;AAGA,IAAA,IAAI,aAAa,IAAI,IAAI,EAAE;QACzB,MAAM,eAAe,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC;AACtD,QAAA,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACnE;AAGA,IAAA,OAAO,IAAI;AACb;SAKgB,qBAAqB,GAAA;AACnC,IAAA,OAAO,OAAO,OAAoB,EAAE,IAAI,KAAI;AAC1C,QAAA,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,OAAO,EAAE,GAAG,SAAS,EAAE;AAElE,QAAA,IAAI,QAAgB;AACpB,QAAA,IAAI;AACF,YAAA,QAAQ,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ;QAClD;AAAE,QAAA,MAAM;YAEN,QAAQ,GAAG,GAAG;QAChB;AAEA,QAAAE,KAAY,CAAC,CAAA,kBAAA,EAAqB,QAAQ,CAAA,iBAAA,EAAoB,aAAa,CAAA,SAAA,EAAY,OAAO,CAAC,MAAM,CAAA,CAAE,CAAC;QAGxG,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE;YAC1C,OAAO,IAAI,EAAE;QACf;AAEA,QAAA,MAAM,cAAc,GAAG,eAAe,EAAE;AACxC,QAAA,MAAM,OAAO,GAAG,cAAc,EAAE,OAAO,IAAI,IAAI;QAG/C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAErE,IAAI,IAAI,EAAE;YACRA,KAAY,CAAC,CAAA,gCAAA,EAAmC,QAAQ,CAAA,CAAA,CAAG,EAAE,IAAI,CAAC;QACpE;QAGA,IAAI,CAAC,IAAI,EAAE;YACT,IAAI,aAAa,EAAE;AAEjB,gBAAA,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,KAAK,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE;AAChE,oBAAAA,KAAY,CAAC,4BAA4B,QAAQ,CAAA,sCAAA,CAAwC,CAAC;oBAC1F,OAAO,IAAI,EAAE;gBACf;AAGA,gBAAA,IAAI,QAAQ,KAAK,SAAS,EAAE;AAC1B,oBAAAA,KAAY,CAAC,4BAA4B,QAAQ,CAAA,4BAAA,CAA8B,CAAC;oBAChF,OAAO,IAAI,EAAE;gBACf;gBAGA,IAAI,CAAC,OAAO,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE;AACjD,oBAAAA,KAAY,CAAC,CAAA,+BAAA,EAAkC,SAAS,uBAAuB,OAAO,GAAG,SAAS,GAAG,SAAS,CAAA,CAAE,CAAC;AACjH,oBAAA,OAAO,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACpC;YACF;AAEA,YAAAA,KAAY,CAAC,4BAA4B,QAAQ,CAAA,mDAAA,CAAqD,CAAC;YACvG,OAAO,IAAI,EAAE;QACf;QAGA,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC;QAE9C,IAAI,CAAC,OAAO,EAAE;AACZ,YAAA,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,SAAS;YAC/CA,KAAY,CAAC,CAAA,uBAAA,EAA0B,UAAU,CAAA,mCAAA,CAAqC,EAAE,IAAI,CAAC;AAC7F,YAAA,OAAO,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;QACrC;QAEAA,KAAY,CAAC,CAAA,iBAAA,EAAoB,QAAQ,CAAA,oCAAA,CAAsC,EAAE,IAAI,CAAC;QACtF,OAAO,IAAI,EAAE;AACf,IAAA,CAAC;AACH;;;;"}
|
package/dist/core/logger.js
CHANGED
|
@@ -3,7 +3,7 @@ import { getConfig } from './config.js';
|
|
|
3
3
|
function debug(message, ...args) {
|
|
4
4
|
const { debug } = getConfig();
|
|
5
5
|
if (debug) {
|
|
6
|
-
console.
|
|
6
|
+
console.log(`[SessionKit] ${message}`, ...args);
|
|
7
7
|
}
|
|
8
8
|
}
|
|
9
9
|
function error(message, ...args) {
|
package/dist/core/logger.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logger.js","sources":["../../src/core/logger.ts"],"sourcesContent":["import { getConfig } from \"./config\";\n\n/**\n * Log message if debug mode is enabled\n */\nexport function debug(message: string, ...args: any[]): void {\n const { debug } = getConfig();\n if (debug) {\n console.
|
|
1
|
+
{"version":3,"file":"logger.js","sources":["../../src/core/logger.ts"],"sourcesContent":["import { getConfig } from \"./config\";\n\n/**\n * Log message if debug mode is enabled\n */\nexport function debug(message: string, ...args: any[]): void {\n const { debug } = getConfig();\n if (debug) {\n console.log(`[SessionKit] ${message}`, ...args);\n }\n}\n\n/**\n * Log error message. Always logs unless in production, but can be forced via debug flag.\n */\nexport function error(message: string, ...args: any[]): void {\n const { debug } = getConfig();\n if (debug || process.env.NODE_ENV !== 'production') {\n console.error(`[SessionKit] ${message}`, ...args);\n }\n}\n\n/**\n * Log warning message. Always logs unless in production, but can be forced via debug flag.\n */\nexport function warn(message: string, ...args: any[]): void {\n const { debug } = getConfig();\n if (debug || process.env.NODE_ENV !== 'production') {\n console.warn(`[SessionKit] ${message}`, ...args);\n }\n}\n\n/**\n * Log info message. Always logs unless in production, but can be forced via debug flag.\n */\nexport function info(message: string, ...args: any[]): void {\n const { debug } = getConfig();\n if (debug || process.env.NODE_ENV !== 'production') {\n console.log(`[SessionKit] ${message}`, ...args);\n }\n}\n"],"names":[],"mappings":";;SAKgB,KAAK,CAAC,OAAe,EAAE,GAAG,IAAW,EAAA;AACnD,IAAA,MAAM,EAAE,KAAK,EAAE,GAAG,SAAS,EAAE;IAC7B,IAAI,KAAK,EAAE;QACT,OAAO,CAAC,GAAG,CAAC,CAAA,aAAA,EAAgB,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC;IACjD;AACF;SAKgB,KAAK,CAAC,OAAe,EAAE,GAAG,IAAW,EAAA;AACnD,IAAA,MAAM,EAAE,KAAK,EAAE,GAAG,SAAS,EAAE;IAC7B,IAAI,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE;QAClD,OAAO,CAAC,KAAK,CAAC,CAAA,aAAA,EAAgB,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC;IACnD;AACF;SAKgB,IAAI,CAAC,OAAe,EAAE,GAAG,IAAW,EAAA;AAClD,IAAA,MAAM,EAAE,KAAK,EAAE,GAAG,SAAS,EAAE;IAC7B,IAAI,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE;QAClD,OAAO,CAAC,IAAI,CAAC,CAAA,aAAA,EAAgB,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC;IAClD;AACF;;;;"}
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAC,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAE7C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAwBrD,MAAM,CAAC,OAAO,UAAU,UAAU,CAAC,MAAM,GAAE,gBAAqB,GAAG,gBAAgB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAC,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAE7C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAwBrD,MAAM,CAAC,OAAO,UAAU,UAAU,CAAC,MAAM,GAAE,gBAAqB,GAAG,gBAAgB,CAyBlF;AAMD,YAAY,EACR,OAAO,EACP,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,EACX,cAAc,EACjB,MAAM,cAAc,CAAC;AAMtB,eAAO,MAAM,OAAO,UAAU,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
import { setConfig } from './core/config.js';
|
|
1
|
+
import { setConfig, getConfig } from './core/config.js';
|
|
2
2
|
|
|
3
3
|
function sessionkit(config = {}) {
|
|
4
4
|
setConfig(config);
|
|
5
|
+
const resolvedConfig = getConfig();
|
|
5
6
|
return {
|
|
6
7
|
name: "astro-sessionkit",
|
|
7
8
|
hooks: {
|
|
@@ -10,7 +11,7 @@ function sessionkit(config = {}) {
|
|
|
10
11
|
entrypoint: "astro-sessionkit/middleware",
|
|
11
12
|
order: "pre",
|
|
12
13
|
});
|
|
13
|
-
if ((
|
|
14
|
+
if ((resolvedConfig.protect && resolvedConfig.protect.length > 0) || resolvedConfig.globalProtect) {
|
|
14
15
|
addMiddleware({
|
|
15
16
|
entrypoint: "astro-sessionkit/guard",
|
|
16
17
|
order: "pre",
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sources":["../src/index.ts"],"sourcesContent":["// ============================================================================\n// Astro SessionKit - Main Integration Entry Point\n// ============================================================================\n\nimport type {AstroIntegration } from \"astro\";\nimport { setConfig
|
|
1
|
+
{"version":3,"file":"index.js","sources":["../src/index.ts"],"sourcesContent":["// ============================================================================\n// Astro SessionKit - Main Integration Entry Point\n// ============================================================================\n\nimport type {AstroIntegration } from \"astro\";\nimport {getConfig, setConfig} from \"./core/config\";\nimport type { SessionKitConfig } from \"./core/types\";\n\n/**\n * SessionKit - Simple session access and route protection for Astro\n *\n * @example\n * ```ts\n * // astro.config.mjs\n * import sessionkit from 'astro-sessionkit';\n *\n * export default defineConfig({\n * integrations: [\n * sessionkit({\n * loginPath: '/login',\n * protect: [\n * { pattern: '/admin/**', role: 'admin' },\n * { pattern: '/dashboard', roles: ['user', 'admin'] },\n * { pattern: '/settings', permissions: ['settings:write'] }\n * ]\n * })\n * ]\n * });\n * ```\n */\nexport default function sessionkit(config: SessionKitConfig = {}): AstroIntegration {\n // Store configuration\n setConfig(config);\n const resolvedConfig = getConfig();\n\n return {\n name: \"astro-sessionkit\",\n hooks: {\n \"astro:config:setup\": ({ addMiddleware }) => {\n // 1. Always add session context middleware first\n addMiddleware({\n entrypoint: \"astro-sessionkit/middleware\",\n order: \"pre\",\n });\n\n // 2. Add route guard if there are protection rules or global protection is enabled\n if ((resolvedConfig.protect && resolvedConfig.protect.length > 0) || resolvedConfig.globalProtect) {\n addMiddleware({\n entrypoint: \"astro-sessionkit/guard\",\n order: \"pre\",\n });\n }\n },\n },\n };\n}\n\n// ============================================================================\n// Re-export types for convenience\n// ============================================================================\n\nexport type {\n Session,\n ProtectionRule,\n RoleProtectionRule,\n RolesProtectionRule,\n PermissionProtectionRule,\n PermissionsProtectionRule,\n CustomProtectionRule,\n SessionKitConfig,\n AccessHooks,\n SessionContext\n} from \"./core/types\";\n\n// ============================================================================\n// Version export\n// ============================================================================\n\nexport const version = \"0.1.0\";"],"names":[],"mappings":";;AA8Bc,SAAU,UAAU,CAAC,SAA2B,EAAE,EAAA;IAE5D,SAAS,CAAC,MAAM,CAAC;AACjB,IAAA,MAAM,cAAc,GAAG,SAAS,EAAE;IAElC,OAAO;AACH,QAAA,IAAI,EAAE,kBAAkB;AACxB,QAAA,KAAK,EAAE;AACH,YAAA,oBAAoB,EAAE,CAAC,EAAE,aAAa,EAAE,KAAI;AAExC,gBAAA,aAAa,CAAC;AACV,oBAAA,UAAU,EAAE,6BAA6B;AACzC,oBAAA,KAAK,EAAE,KAAK;AACf,iBAAA,CAAC;AAGF,gBAAA,IAAI,CAAC,cAAc,CAAC,OAAO,IAAI,cAAc,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,KAAK,cAAc,CAAC,aAAa,EAAE;AAC/F,oBAAA,aAAa,CAAC;AACV,wBAAA,UAAU,EAAE,wBAAwB;AACpC,wBAAA,KAAK,EAAE,KAAK;AACf,qBAAA,CAAC;gBACN;YACJ,CAAC;AACJ,SAAA;KACJ;AACL;AAuBO,MAAM,OAAO,GAAG;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"integration.d.ts","sourceRoot":"","sources":["../src/integration.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAE9C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAwBrD,MAAM,CAAC,OAAO,UAAU,UAAU,CAAC,MAAM,GAAE,gBAAqB,GAAG,gBAAgB,
|
|
1
|
+
{"version":3,"file":"integration.d.ts","sourceRoot":"","sources":["../src/integration.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,OAAO,CAAC;AAE9C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAwBrD,MAAM,CAAC,OAAO,UAAU,UAAU,CAAC,MAAM,GAAE,gBAAqB,GAAG,gBAAgB,CAyBlF;AAGD,YAAY,EAAE,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC"}
|
package/dist/integration.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
import { setConfig } from "./core/config";
|
|
1
|
+
import { getConfig, setConfig } from "./core/config";
|
|
2
2
|
export default function sessionKit(config = {}) {
|
|
3
3
|
setConfig(config);
|
|
4
|
+
const resolvedConfig = getConfig();
|
|
4
5
|
return {
|
|
5
6
|
name: "astro-sessionkit",
|
|
6
7
|
hooks: {
|
|
@@ -9,7 +10,7 @@ export default function sessionKit(config = {}) {
|
|
|
9
10
|
entrypoint: "astro-sessionkit/middleware",
|
|
10
11
|
order: "pre",
|
|
11
12
|
});
|
|
12
|
-
if ((
|
|
13
|
+
if ((resolvedConfig.protect && resolvedConfig.protect.length > 0) || resolvedConfig.globalProtect) {
|
|
13
14
|
addMiddleware({
|
|
14
15
|
entrypoint: "astro-sessionkit/guard",
|
|
15
16
|
order: "pre",
|
package/dist/integration.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"integration.js","sourceRoot":"","sources":["../src/integration.ts"],"names":[],"mappings":"AAKA,OAAO,
|
|
1
|
+
{"version":3,"file":"integration.js","sourceRoot":"","sources":["../src/integration.ts"],"names":[],"mappings":"AAKA,OAAO,EAAC,SAAS,EAAE,SAAS,EAAC,MAAM,eAAe,CAAC;AAyBnD,MAAM,CAAC,OAAO,UAAU,UAAU,CAAC,SAA2B,EAAE;IAE9D,SAAS,CAAC,MAAM,CAAC,CAAC;IAClB,MAAM,cAAc,GAAG,SAAS,EAAE,CAAC;IAEnC,OAAO;QACL,IAAI,EAAE,kBAAkB;QACxB,KAAK,EAAE;YACL,oBAAoB,EAAE,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE;gBAE1C,aAAa,CAAC;oBACZ,UAAU,EAAE,6BAA6B;oBACzC,KAAK,EAAE,KAAK;iBACb,CAAC,CAAC;gBAGH,IAAI,CAAC,cAAc,CAAC,OAAO,IAAI,cAAc,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,cAAc,CAAC,aAAa,EAAE,CAAC;oBAClG,aAAa,CAAC;wBACZ,UAAU,EAAE,wBAAwB;wBACpC,KAAK,EAAE,KAAK;qBACb,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;SACF;KACF,CAAC;AACJ,CAAC","sourcesContent":["// ============================================================================\n// Astro Integration\n// ============================================================================\n\nimport type { AstroIntegration } from \"astro\";\nimport {getConfig, setConfig} from \"./core/config\";\nimport type { SessionKitConfig } from \"./core/types\";\n\n/**\n * SessionKit - Simple session access and route protection for Astro\n * \n * @example\n * ```ts\n * // astro.config.mjs\n * import sessionkit from 'astro-sessionkit';\n * \n * export default defineConfig({\n * integrations: [\n * sessionkit({\n * loginPath: '/login',\n * protect: [\n * { pattern: '/admin/**', role: 'admin' },\n * { pattern: '/dashboard', roles: ['user', 'admin'] },\n * { pattern: '/settings', permissions: ['settings:write'] }\n * ]\n * })\n * ]\n * });\n * ```\n */\nexport default function sessionKit(config: SessionKitConfig = {}): AstroIntegration {\n // Store configuration\n setConfig(config);\n const resolvedConfig = getConfig();\n\n return {\n name: \"astro-sessionkit\",\n hooks: {\n \"astro:config:setup\": ({ addMiddleware }) => {\n // 1. Always add session context middleware first\n addMiddleware({\n entrypoint: \"astro-sessionkit/middleware\",\n order: \"pre\",\n });\n\n // 2. Add route guard if there are protection rules or global protection is enabled\n if ((resolvedConfig.protect && resolvedConfig.protect.length > 0) || resolvedConfig.globalProtect) {\n addMiddleware({\n entrypoint: \"astro-sessionkit/guard\",\n order: \"pre\",\n });\n }\n },\n },\n };\n}\n\n// Re-export types for convenience\nexport type { Session, ProtectionRule, SessionKitConfig } from \"./core/types\";\n"]}
|
package/package.json
CHANGED
|
@@ -76,11 +76,6 @@ export function createGuardMiddleware(): MiddlewareHandler {
|
|
|
76
76
|
return async (context : APIContext, next) => {
|
|
77
77
|
const { protect, loginPath, globalProtect, exclude } = getConfig();
|
|
78
78
|
|
|
79
|
-
// No rules configured and no global protect - skip
|
|
80
|
-
if (protect.length === 0 && !globalProtect) {
|
|
81
|
-
return next();
|
|
82
|
-
}
|
|
83
|
-
|
|
84
79
|
let pathname: string;
|
|
85
80
|
try {
|
|
86
81
|
pathname = new URL(context.request.url).pathname;
|
|
@@ -88,43 +83,60 @@ export function createGuardMiddleware(): MiddlewareHandler {
|
|
|
88
83
|
// Fallback if URL is invalid (unlikely in Astro)
|
|
89
84
|
pathname = "/";
|
|
90
85
|
}
|
|
86
|
+
|
|
87
|
+
logger.debug(`[Guard] Pathname: ${pathname}, GlobalProtect: ${globalProtect}, Rules: ${protect.length}`);
|
|
88
|
+
|
|
89
|
+
// No rules configured and no global protect - skip
|
|
90
|
+
if (protect.length === 0 && !globalProtect) {
|
|
91
|
+
return next();
|
|
92
|
+
}
|
|
93
|
+
|
|
91
94
|
const sessionContext = getContextStore();
|
|
92
95
|
const session = sessionContext?.session ?? null;
|
|
93
96
|
|
|
94
97
|
// Find matching rule
|
|
95
98
|
const rule = protect.find((r) => matchesPattern(r.pattern, pathname));
|
|
96
99
|
|
|
100
|
+
if (rule) {
|
|
101
|
+
logger.debug(`[Guard] Found matching rule for ${pathname}:`, rule);
|
|
102
|
+
}
|
|
103
|
+
|
|
97
104
|
// No matching rule - check global protection
|
|
98
105
|
if (!rule) {
|
|
99
106
|
if (globalProtect) {
|
|
100
107
|
// Skip if path is in exclude list
|
|
101
108
|
if (exclude.some((pattern) => matchesPattern(pattern, pathname))) {
|
|
109
|
+
logger.debug(`[GlobalProtect] Skipping ${pathname} because it matches an exclude pattern`);
|
|
102
110
|
return next();
|
|
103
111
|
}
|
|
104
112
|
|
|
105
113
|
// Skip if it's the login page itself (to avoid redirect loops)
|
|
106
114
|
if (pathname === loginPath) {
|
|
115
|
+
logger.debug(`[GlobalProtect] Skipping ${pathname} because it is the loginPath`);
|
|
107
116
|
return next();
|
|
108
117
|
}
|
|
109
118
|
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
119
|
+
// Require valid session
|
|
120
|
+
if (!session || !isValidSessionStructure(session)) {
|
|
121
|
+
logger.debug(`[GlobalProtect] Redirecting to ${loginPath} because session is ${session ? 'invalid' : 'missing'}`);
|
|
122
|
+
return context.redirect(loginPath);
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
logger.debug(`[GlobalProtect] Allowing ${pathname} because session is valid or globalProtect is false`);
|
|
127
|
+
return next();
|
|
114
128
|
}
|
|
115
|
-
}
|
|
116
|
-
return next();
|
|
117
|
-
}
|
|
118
129
|
|
|
119
|
-
// Check if access is allowed
|
|
120
|
-
const allowed = await checkRule(rule, session);
|
|
130
|
+
// Check if access is allowed
|
|
131
|
+
const allowed = await checkRule(rule, session);
|
|
121
132
|
|
|
122
|
-
if (!allowed) {
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
}
|
|
133
|
+
if (!allowed) {
|
|
134
|
+
const redirectTo = rule.redirectTo ?? loginPath;
|
|
135
|
+
logger.debug(`[Guard] Redirecting to ${redirectTo} because access was denied by rule:`, rule);
|
|
136
|
+
return context.redirect(redirectTo);
|
|
137
|
+
}
|
|
127
138
|
|
|
139
|
+
logger.debug(`[Guard] Allowing ${pathname} because access was granted by rule:`, rule);
|
|
128
140
|
return next();
|
|
129
141
|
};
|
|
130
142
|
}
|
package/src/core/logger.ts
CHANGED
|
@@ -6,7 +6,7 @@ import { getConfig } from "./config";
|
|
|
6
6
|
export function debug(message: string, ...args: any[]): void {
|
|
7
7
|
const { debug } = getConfig();
|
|
8
8
|
if (debug) {
|
|
9
|
-
console.
|
|
9
|
+
console.log(`[SessionKit] ${message}`, ...args);
|
|
10
10
|
}
|
|
11
11
|
}
|
|
12
12
|
|
package/src/index.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
// ============================================================================
|
|
4
4
|
|
|
5
5
|
import type {AstroIntegration } from "astro";
|
|
6
|
-
import { setConfig
|
|
6
|
+
import {getConfig, setConfig} from "./core/config";
|
|
7
7
|
import type { SessionKitConfig } from "./core/types";
|
|
8
8
|
|
|
9
9
|
/**
|
|
@@ -31,6 +31,7 @@ import type { SessionKitConfig } from "./core/types";
|
|
|
31
31
|
export default function sessionkit(config: SessionKitConfig = {}): AstroIntegration {
|
|
32
32
|
// Store configuration
|
|
33
33
|
setConfig(config);
|
|
34
|
+
const resolvedConfig = getConfig();
|
|
34
35
|
|
|
35
36
|
return {
|
|
36
37
|
name: "astro-sessionkit",
|
|
@@ -43,7 +44,7 @@ export default function sessionkit(config: SessionKitConfig = {}): AstroIntegrat
|
|
|
43
44
|
});
|
|
44
45
|
|
|
45
46
|
// 2. Add route guard if there are protection rules or global protection is enabled
|
|
46
|
-
if ((
|
|
47
|
+
if ((resolvedConfig.protect && resolvedConfig.protect.length > 0) || resolvedConfig.globalProtect) {
|
|
47
48
|
addMiddleware({
|
|
48
49
|
entrypoint: "astro-sessionkit/guard",
|
|
49
50
|
order: "pre",
|
package/src/integration.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
// ============================================================================
|
|
4
4
|
|
|
5
5
|
import type { AstroIntegration } from "astro";
|
|
6
|
-
import { setConfig
|
|
6
|
+
import {getConfig, setConfig} from "./core/config";
|
|
7
7
|
import type { SessionKitConfig } from "./core/types";
|
|
8
8
|
|
|
9
9
|
/**
|
|
@@ -31,6 +31,7 @@ import type { SessionKitConfig } from "./core/types";
|
|
|
31
31
|
export default function sessionKit(config: SessionKitConfig = {}): AstroIntegration {
|
|
32
32
|
// Store configuration
|
|
33
33
|
setConfig(config);
|
|
34
|
+
const resolvedConfig = getConfig();
|
|
34
35
|
|
|
35
36
|
return {
|
|
36
37
|
name: "astro-sessionkit",
|
|
@@ -43,7 +44,7 @@ export default function sessionKit(config: SessionKitConfig = {}): AstroIntegrat
|
|
|
43
44
|
});
|
|
44
45
|
|
|
45
46
|
// 2. Add route guard if there are protection rules or global protection is enabled
|
|
46
|
-
if ((
|
|
47
|
+
if ((resolvedConfig.protect && resolvedConfig.protect.length > 0) || resolvedConfig.globalProtect) {
|
|
47
48
|
addMiddleware({
|
|
48
49
|
entrypoint: "astro-sessionkit/guard",
|
|
49
50
|
order: "pre",
|