astro-sessionkit 0.1.21 → 0.1.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guardMiddleware.d.ts","sourceRoot":"","sources":["../../src/core/guardMiddleware.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,OAAO,CAAC;AAsE7C,wBAAgB,qBAAqB,IAAI,iBAAiB,
|
|
1
|
+
{"version":3,"file":"guardMiddleware.d.ts","sourceRoot":"","sources":["../../src/core/guardMiddleware.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,OAAO,CAAC;AAsE7C,wBAAgB,qBAAqB,IAAI,iBAAiB,CAgGzD"}
|
|
@@ -76,15 +76,21 @@ function createGuardMiddleware() {
|
|
|
76
76
|
}
|
|
77
77
|
if (!rule) {
|
|
78
78
|
if (globalProtect) {
|
|
79
|
-
if (
|
|
79
|
+
if (pathname === loginPath) {
|
|
80
|
+
if (session && isValidSessionStructure(session)) {
|
|
81
|
+
if (debug$1) {
|
|
82
|
+
debug(`[GlobalProtect] Redirecting ${pathname} to / because session is already present`);
|
|
83
|
+
}
|
|
84
|
+
return context.redirect('/');
|
|
85
|
+
}
|
|
80
86
|
if (debug$1) {
|
|
81
|
-
debug(`[GlobalProtect] Skipping ${pathname} because it
|
|
87
|
+
debug(`[GlobalProtect] Skipping ${pathname} because it is the loginPath`);
|
|
82
88
|
}
|
|
83
89
|
return next();
|
|
84
90
|
}
|
|
85
|
-
if (
|
|
91
|
+
if (exclude.some((pattern) => matchesPattern(pattern, pathname))) {
|
|
86
92
|
if (debug$1) {
|
|
87
|
-
debug(`[GlobalProtect] Skipping ${pathname} because it
|
|
93
|
+
debug(`[GlobalProtect] Skipping ${pathname} because it matches an exclude pattern`);
|
|
88
94
|
}
|
|
89
95
|
return next();
|
|
90
96
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"guardMiddleware.js","sources":["../../src/core/guardMiddleware.ts"],"sourcesContent":["// ============================================================================\n// Route Guard Middleware - Enforces protection rules\n// ============================================================================\n\nimport type {MiddlewareHandler} from \"astro\";\nimport { getContextStore } from \"./context\";\nimport { getConfig } from \"./config\";\nimport { matchesPattern } from \"./matcher\";\nimport type { ProtectionRule, Session } from \"./types\";\nimport { isValidSessionStructure } from \"./validation\";\nimport * as logger from \"./logger\";\n\n/**\n * Check if session satisfies a protection rule\n */\nasync function checkRule(rule: ProtectionRule, session: Session | null): Promise<boolean> {\n const { access } = getConfig();\n\n // Custom check overrides everything\n if (access.check) {\n try {\n return await access.check(rule, session);\n } catch (error) {\n logger.error('Error in custom access check hook:', error);\n return false;\n }\n }\n\n // Custom allow function\n if (\"allow\" in rule) {\n try {\n return await rule.allow(session);\n } catch (error) {\n logger.error('Error in custom rule allow function:', error);\n return false;\n }\n }\n\n // Must be authenticated and have a valid session structure for all other checks\n if (!session || !isValidSessionStructure(session)) {\n return false;\n }\n\n // Single role check\n if (\"role\" in rule) {\n const userRole = access.getRole(session);\n return userRole === rule.role;\n }\n\n // Multiple roles check (user must have ONE of these)\n if (\"roles\" in rule) {\n const userRole = access.getRole(session);\n return userRole !== null && rule.roles.includes(userRole);\n }\n\n // Single permission check\n if (\"permission\" in rule) {\n const userPermissions = access.getPermissions(session);\n return userPermissions.includes(rule.permission);\n }\n\n // Multiple permissions check (user must have ALL of these)\n if (\"permissions\" in rule) {\n const userPermissions = access.getPermissions(session);\n return rule.permissions.every((p) => userPermissions.includes(p));\n }\n\n // No specific rule matched - allow by default\n return true;\n}\n\n/**\n * Create route guard middleware\n */\nexport function createGuardMiddleware(): MiddlewareHandler {\n return async (context, next) => {\n let pathname: string;\n try {\n pathname = new URL(context.request.url).pathname;\n } catch {\n pathname = \"/\";\n }\n\n const config = getConfig();\n const {protect, loginPath, globalProtect, exclude, debug} = config;\n\n if (debug) {\n logger.debug(`[Guard] Pathname: ${pathname}, GlobalProtect: ${globalProtect}, Rules: ${protect.length}`);\n }\n\n // No rules configured and no global protect - skip\n if (protect.length === 0 && !globalProtect) {\n if (debug) {\n logger.debug(`[Guard] Skipping ${pathname} because no rules are configured and globalProtect is false`);\n }\n return next();\n }\n\n const sessionContext = getContextStore();\n const session = sessionContext?.session ?? null;\n\n if (debug) {\n logger.debug(`[Guard] Session retrieved from store: ${session ? 'exists' : 'null'}`);\n }\n\n // Find matching rule\n const rule = protect.find((r) => matchesPattern(r.pattern, pathname));\n\n if (rule && debug) {\n logger.debug(`[Guard] Found matching rule for ${pathname}:`, rule);\n }\n\n // No matching rule - check global protection\n if (!rule) {\n if (globalProtect) {\n // Skip if
|
|
1
|
+
{"version":3,"file":"guardMiddleware.js","sources":["../../src/core/guardMiddleware.ts"],"sourcesContent":["// ============================================================================\n// Route Guard Middleware - Enforces protection rules\n// ============================================================================\n\nimport type {MiddlewareHandler} from \"astro\";\nimport { getContextStore } from \"./context\";\nimport { getConfig } from \"./config\";\nimport { matchesPattern } from \"./matcher\";\nimport type { ProtectionRule, Session } from \"./types\";\nimport { isValidSessionStructure } from \"./validation\";\nimport * as logger from \"./logger\";\n\n/**\n * Check if session satisfies a protection rule\n */\nasync function checkRule(rule: ProtectionRule, session: Session | null): Promise<boolean> {\n const { access } = getConfig();\n\n // Custom check overrides everything\n if (access.check) {\n try {\n return await access.check(rule, session);\n } catch (error) {\n logger.error('Error in custom access check hook:', error);\n return false;\n }\n }\n\n // Custom allow function\n if (\"allow\" in rule) {\n try {\n return await rule.allow(session);\n } catch (error) {\n logger.error('Error in custom rule allow function:', error);\n return false;\n }\n }\n\n // Must be authenticated and have a valid session structure for all other checks\n if (!session || !isValidSessionStructure(session)) {\n return false;\n }\n\n // Single role check\n if (\"role\" in rule) {\n const userRole = access.getRole(session);\n return userRole === rule.role;\n }\n\n // Multiple roles check (user must have ONE of these)\n if (\"roles\" in rule) {\n const userRole = access.getRole(session);\n return userRole !== null && rule.roles.includes(userRole);\n }\n\n // Single permission check\n if (\"permission\" in rule) {\n const userPermissions = access.getPermissions(session);\n return userPermissions.includes(rule.permission);\n }\n\n // Multiple permissions check (user must have ALL of these)\n if (\"permissions\" in rule) {\n const userPermissions = access.getPermissions(session);\n return rule.permissions.every((p) => userPermissions.includes(p));\n }\n\n // No specific rule matched - allow by default\n return true;\n}\n\n/**\n * Create route guard middleware\n */\nexport function createGuardMiddleware(): MiddlewareHandler {\n return async (context, next) => {\n let pathname: string;\n try {\n pathname = new URL(context.request.url).pathname;\n } catch {\n pathname = \"/\";\n }\n\n const config = getConfig();\n const {protect, loginPath, globalProtect, exclude, debug} = config;\n\n if (debug) {\n logger.debug(`[Guard] Pathname: ${pathname}, GlobalProtect: ${globalProtect}, Rules: ${protect.length}`);\n }\n\n // No rules configured and no global protect - skip\n if (protect.length === 0 && !globalProtect) {\n if (debug) {\n logger.debug(`[Guard] Skipping ${pathname} because no rules are configured and globalProtect is false`);\n }\n return next();\n }\n\n const sessionContext = getContextStore();\n const session = sessionContext?.session ?? null;\n\n if (debug) {\n logger.debug(`[Guard] Session retrieved from store: ${session ? 'exists' : 'null'}`);\n }\n\n // Find matching rule\n const rule = protect.find((r) => matchesPattern(r.pattern, pathname));\n\n if (rule && debug) {\n logger.debug(`[Guard] Found matching rule for ${pathname}:`, rule);\n }\n\n // No matching rule - check global protection\n if (!rule) {\n if (globalProtect) {\n // Skip if it's the login page itself (to avoid redirect loops)\n if (pathname === loginPath) {\n // NEW: If session is already present, redirect to home (/)\n if (session && isValidSessionStructure(session)) {\n if (debug) {\n logger.debug(`[GlobalProtect] Redirecting ${pathname} to / because session is already present`);\n }\n return context.redirect('/');\n }\n\n if (debug) {\n logger.debug(`[GlobalProtect] Skipping ${pathname} because it is the loginPath`);\n }\n return next();\n }\n\n // Skip if path is in exclude list\n if (exclude.some((pattern) => matchesPattern(pattern, pathname))) {\n if (debug) {\n logger.debug(`[GlobalProtect] Skipping ${pathname} because it matches an exclude pattern`);\n }\n return next();\n }\n\n // Require valid session\n if (!session || !isValidSessionStructure(session)) {\n if (debug) {\n logger.debug(`[GlobalProtect] Redirecting to ${loginPath} because session is ${session ? 'invalid' : 'missing'}`);\n }\n return context.redirect(loginPath);\n }\n }\n\n if (debug) {\n logger.debug(`[GlobalProtect] Allowing ${pathname} because session is valid or globalProtect is false`);\n }\n return next();\n }\n\n // Check if access is allowed\n const allowed = await checkRule(rule, session);\n\n if (!allowed) {\n const redirectTo = rule.redirectTo ?? loginPath;\n if (debug) {\n logger.debug(`[Guard] Redirecting to ${redirectTo} because access was denied by rule:`, rule);\n }\n return context.redirect(redirectTo);\n }\n\n if (debug) {\n logger.debug(`[Guard] Allowing ${pathname} because access was granted by rule:`, rule);\n }\n return next();\n };\n}\n"],"names":["error","logger.error","debug","logger.debug"],"mappings":";;;;;;AAeA,eAAe,SAAS,CAAC,IAAoB,EAAE,OAAuB,EAAA;AACpE,IAAA,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,EAAE;AAG9B,IAAA,IAAI,MAAM,CAAC,KAAK,EAAE;AAChB,QAAA,IAAI;YACF,OAAO,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC;QAC1C;QAAE,OAAOA,OAAK,EAAE;AACd,YAAAC,KAAY,CAAC,oCAAoC,EAAED,OAAK,CAAC;AACzD,YAAA,OAAO,KAAK;QACd;IACF;AAGA,IAAA,IAAI,OAAO,IAAI,IAAI,EAAE;AACnB,QAAA,IAAI;AACF,YAAA,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;QAClC;QAAE,OAAOA,OAAK,EAAE;AACd,YAAAC,KAAY,CAAC,sCAAsC,EAAED,OAAK,CAAC;AAC3D,YAAA,OAAO,KAAK;QACd;IACF;IAGA,IAAI,CAAC,OAAO,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE;AACjD,QAAA,OAAO,KAAK;IACd;AAGA,IAAA,IAAI,MAAM,IAAI,IAAI,EAAE;QAClB,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;AACxC,QAAA,OAAO,QAAQ,KAAK,IAAI,CAAC,IAAI;IAC/B;AAGA,IAAA,IAAI,OAAO,IAAI,IAAI,EAAE;QACnB,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;AACxC,QAAA,OAAO,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC;IAC3D;AAGA,IAAA,IAAI,YAAY,IAAI,IAAI,EAAE;QACxB,MAAM,eAAe,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC;QACtD,OAAO,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC;IAClD;AAGA,IAAA,IAAI,aAAa,IAAI,IAAI,EAAE;QACzB,MAAM,eAAe,GAAG,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC;AACtD,QAAA,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACnE;AAGA,IAAA,OAAO,IAAI;AACb;SAKgB,qBAAqB,GAAA;AACnC,IAAA,OAAO,OAAO,OAAO,EAAE,IAAI,KAAI;AAC7B,QAAA,IAAI,QAAgB;AACpB,QAAA,IAAI;AACA,YAAA,QAAQ,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ;QACpD;AAAE,QAAA,MAAM;YACJ,QAAQ,GAAG,GAAG;QAClB;AAEA,QAAA,MAAM,MAAM,GAAG,SAAS,EAAE;AAC1B,QAAA,MAAM,EAAC,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,OAAO,SAAEE,OAAK,EAAC,GAAG,MAAM;QAElE,IAAIA,OAAK,EAAE;AACP,YAAAC,KAAY,CAAC,CAAA,kBAAA,EAAqB,QAAQ,CAAA,iBAAA,EAAoB,aAAa,CAAA,SAAA,EAAY,OAAO,CAAC,MAAM,CAAA,CAAE,CAAC;QAC5G;QAGA,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE;YACxC,IAAID,OAAK,EAAE;AACP,gBAAAC,KAAY,CAAC,oBAAoB,QAAQ,CAAA,2DAAA,CAA6D,CAAC;YAC3G;YACA,OAAO,IAAI,EAAE;QACjB;AAEA,QAAA,MAAM,cAAc,GAAG,eAAe,EAAE;AACxC,QAAA,MAAM,OAAO,GAAG,cAAc,EAAE,OAAO,IAAI,IAAI;QAE/C,IAAID,OAAK,EAAE;AACP,YAAAC,KAAY,CAAC,CAAA,sCAAA,EAAyC,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAA,CAAE,CAAC;QACxF;QAGA,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,cAAc,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AAErE,QAAA,IAAI,IAAI,IAAID,OAAK,EAAE;YACfC,KAAY,CAAC,CAAA,gCAAA,EAAmC,QAAQ,CAAA,CAAA,CAAG,EAAE,IAAI,CAAC;QACtE;QAGA,IAAI,CAAC,IAAI,EAAE;YACP,IAAI,aAAa,EAAE;AAEf,gBAAA,IAAI,QAAQ,KAAK,SAAS,EAAE;AAExB,oBAAA,IAAI,OAAO,IAAI,uBAAuB,CAAC,OAAO,CAAC,EAAE;wBAC7C,IAAID,OAAK,EAAE;AACP,4BAAAC,KAAY,CAAC,+BAA+B,QAAQ,CAAA,wCAAA,CAA0C,CAAC;wBACnG;AACA,wBAAA,OAAO,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;oBAChC;oBAEA,IAAID,OAAK,EAAE;AACP,wBAAAC,KAAY,CAAC,4BAA4B,QAAQ,CAAA,4BAAA,CAA8B,CAAC;oBACpF;oBACA,OAAO,IAAI,EAAE;gBACjB;AAGA,gBAAA,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,KAAK,cAAc,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,EAAE;oBAC9D,IAAID,OAAK,EAAE;AACP,wBAAAC,KAAY,CAAC,4BAA4B,QAAQ,CAAA,sCAAA,CAAwC,CAAC;oBAC9F;oBACA,OAAO,IAAI,EAAE;gBACjB;gBAGA,IAAI,CAAC,OAAO,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE;oBAC/C,IAAID,OAAK,EAAE;AACP,wBAAAC,KAAY,CAAC,CAAA,+BAAA,EAAkC,SAAS,uBAAuB,OAAO,GAAG,SAAS,GAAG,SAAS,CAAA,CAAE,CAAC;oBACrH;AACA,oBAAA,OAAO,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;gBACtC;YACJ;YAEA,IAAID,OAAK,EAAE;AACP,gBAAAC,KAAY,CAAC,4BAA4B,QAAQ,CAAA,mDAAA,CAAqD,CAAC;YAC3G;YACA,OAAO,IAAI,EAAE;QACjB;QAGA,MAAM,OAAO,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC;QAE9C,IAAI,CAAC,OAAO,EAAE;AACV,YAAA,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,SAAS;YAC/C,IAAID,OAAK,EAAE;gBACPC,KAAY,CAAC,CAAA,uBAAA,EAA0B,UAAU,CAAA,mCAAA,CAAqC,EAAE,IAAI,CAAC;YACjG;AACA,YAAA,OAAO,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;QACvC;QAEA,IAAID,OAAK,EAAE;YACPC,KAAY,CAAC,CAAA,iBAAA,EAAoB,QAAQ,CAAA,oCAAA,CAAsC,EAAE,IAAI,CAAC;QAC1F;QACA,OAAO,IAAI,EAAE;AACf,IAAA,CAAC;AACH;;;;"}
|
package/package.json
CHANGED
|
@@ -113,18 +113,26 @@ export function createGuardMiddleware(): MiddlewareHandler {
|
|
|
113
113
|
// No matching rule - check global protection
|
|
114
114
|
if (!rule) {
|
|
115
115
|
if (globalProtect) {
|
|
116
|
-
// Skip if
|
|
117
|
-
if (
|
|
116
|
+
// Skip if it's the login page itself (to avoid redirect loops)
|
|
117
|
+
if (pathname === loginPath) {
|
|
118
|
+
// NEW: If session is already present, redirect to home (/)
|
|
119
|
+
if (session && isValidSessionStructure(session)) {
|
|
120
|
+
if (debug) {
|
|
121
|
+
logger.debug(`[GlobalProtect] Redirecting ${pathname} to / because session is already present`);
|
|
122
|
+
}
|
|
123
|
+
return context.redirect('/');
|
|
124
|
+
}
|
|
125
|
+
|
|
118
126
|
if (debug) {
|
|
119
|
-
logger.debug(`[GlobalProtect] Skipping ${pathname} because it
|
|
127
|
+
logger.debug(`[GlobalProtect] Skipping ${pathname} because it is the loginPath`);
|
|
120
128
|
}
|
|
121
129
|
return next();
|
|
122
130
|
}
|
|
123
131
|
|
|
124
|
-
// Skip if
|
|
125
|
-
if (
|
|
132
|
+
// Skip if path is in exclude list
|
|
133
|
+
if (exclude.some((pattern) => matchesPattern(pattern, pathname))) {
|
|
126
134
|
if (debug) {
|
|
127
|
-
logger.debug(`[GlobalProtect] Skipping ${pathname} because it
|
|
135
|
+
logger.debug(`[GlobalProtect] Skipping ${pathname} because it matches an exclude pattern`);
|
|
128
136
|
}
|
|
129
137
|
return next();
|
|
130
138
|
}
|