npm - auth-vir - Versions diffs - 2.0.2 → 2.0.4 - Mend

auth-vir 2.0.2 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/auth-client/backend-auth.client.d.ts +10 -13
package/dist/auth-client/backend-auth.client.js +14 -27
package/dist/auth-client/frontend-auth.client.d.ts +6 -2
package/dist/auth-client/frontend-auth.client.js +12 -2
package/package.json +1 -1
package/src/auth-client/backend-auth.client.ts +22 -37
package/src/auth-client/frontend-auth.client.ts +18 -6

package/dist/auth-client/backend-auth.client.d.ts CHANGED Viewed

@@ -44,7 +44,7 @@ export type BackendAuthClientConfig<DatabaseUser extends AnyObject, UserId exten
          * If this is set, we're attempting to load a database user for the purpose of assuming
          * their user identity. Otherwise, this is `undefined`.
          */
-        assumedUserParams: AssumedUserParams | undefined;
+        assumingUser: AssumedUserParams | undefined;
     }) => MaybePromise<DatabaseUser | undefined | null>;
     /**
      * Get JWT keys produced by {@link generateNewJwtKeys}. Make sure that each time this is
@@ -67,11 +67,11 @@ export type BackendAuthClientConfig<DatabaseUser extends AnyObject, UserId exten
      */
     assumeUser: {
         /**
-         * Handles assumed user header value.
+         * Parse the assumed user header value.
          *
          * @see {@link AuthHeaderName}
          */
-        handleAssumedUserData: (
+        parseAssumedUserHeaderValue: (
         /**
          * The assumed user header value.
          *
@@ -82,15 +82,12 @@ export type BackendAuthClientConfig<DatabaseUser extends AnyObject, UserId exten
             userId: UserId;
         } | undefined>;
         /**
-         * Return `true` to allow the current user (by the given id) to assume identities of
-         * other users. Return `false` to block it. It is recommended to only return `true` for
-         * admin users.
+         * Return `true` to allow the current/original user to assume identities of other users.
+         * Return `false` to block it. It is recommended to only return `true` for admin users.
          *
          * @see {@link AuthHeaderName}
          */
-        canAssumeUser: (params: {
-            userId: UserId;
-        }) => MaybePromise<boolean>;
+        canAssumeUser: (originalUser: DatabaseUser) => MaybePromise<boolean>;
     };
     /**
      * This determines how long a cookie will be valid until it needs to be refreshed.
@@ -132,9 +129,9 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
         isSignUpCookie?: boolean | undefined;
     }): Promise<Readonly<CookieParams>>;
     /** Calls the provided `getUserFromDatabase` config. */
-    protected getDatabaseUser({ isSignUpCookie, userId, assumedUserParams, }: {
+    protected getDatabaseUser({ isSignUpCookie, userId, assumingUser, }: {
         userId: UserId | undefined;
-        assumedUserParams: AssumedUserParams | undefined;
+        assumingUser: AssumedUserParams | undefined;
         isSignUpCookie: boolean;
     }): Promise<undefined | DatabaseUser>;
     /** Creates a `'cookie-set'` header to refresh the user's session cookie. */
@@ -142,8 +139,8 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
         userIdResult: Readonly<UserIdResult<UserId>>;
     }): Promise<OutgoingHttpHeaders | undefined>;
     /** Reads the user's assumed user headers and, if configured, gets the assumed user. */
-    protected getAssumedUser({ headers, originalUserId, }: {
-        originalUserId: UserId | undefined;
+    protected getAssumedUser({ headers, user, }: {
+        user: DatabaseUser;
         headers: IncomingHttpHeaders;
     }): Promise<DatabaseUser | undefined>;
     /** Securely extract a user from their request headers. */

package/dist/auth-client/backend-auth.client.js CHANGED Viewed

@@ -31,12 +31,12 @@ export class BackendAuthClient {
         };
     }
     /** Calls the provided `getUserFromDatabase` config. */
-    async getDatabaseUser({ isSignUpCookie, userId, assumedUserParams, }) {
+    async getDatabaseUser({ isSignUpCookie, userId, assumingUser, }) {
         if (!userId) {
             return undefined;
         }
         const authenticatedUser = await this.config.getUserFromDatabase({
-            assumedUserParams,
+            assumingUser,
             userId,
             isSignUpCookie,
         });
@@ -89,26 +89,22 @@ export class BackendAuthClient {
         }
     }
     /** Reads the user's assumed user headers and, if configured, gets the assumed user. */
-    async getAssumedUser({ headers, originalUserId, }) {
-        if (!originalUserId ||
-            !this.config.assumeUser ||
-            !(await this.config.assumeUser.canAssumeUser({
-                userId: originalUserId,
-            }))) {
+    async getAssumedUser({ headers, user, }) {
+        if (!this.config.assumeUser || !(await this.config.assumeUser.canAssumeUser(user))) {
             return undefined;
         }
         const assumedUserHeader = ensureArray(headers[this.config.overrides?.assumedUserHeaderName || AuthHeaderName.AssumedUser])[0];
         if (!assumedUserHeader) {
             return undefined;
         }
-        const parsedAssumedUserData = await this.config.assumeUser.handleAssumedUserData(assumedUserHeader);
+        const parsedAssumedUserData = await this.config.assumeUser.parseAssumedUserHeaderValue(assumedUserHeader);
         if (!parsedAssumedUserData || !parsedAssumedUserData.userId) {
             return undefined;
         }
         const assumedUser = await this.getDatabaseUser({
             isSignUpCookie: false,
             userId: parsedAssumedUserData.userId,
-            assumedUserParams: parsedAssumedUserData.assumedUserParams,
+            assumingUser: parsedAssumedUserData.assumedUserParams,
         });
         return assumedUser;
     }
@@ -120,7 +116,7 @@ export class BackendAuthClient {
         }
         const user = await this.getDatabaseUser({
             userId: userIdResult.userId,
-            assumedUserParams: undefined,
+            assumingUser: undefined,
             isSignUpCookie: !!isSignUpCookie,
         });
         if (!user) {
@@ -128,25 +124,16 @@ export class BackendAuthClient {
         }
         const assumedUser = await this.getAssumedUser({
             headers: requestHeaders,
-            originalUserId: userIdResult.userId,
+            user,
         });
         const cookieRefreshHeaders = (await this.createCookieRefreshHeaders({
             userIdResult,
         })) || {};
-        if (assumedUser) {
-            return {
-                user: assumedUser,
-                isAssumed: true,
-                responseHeaders: cookieRefreshHeaders,
-            };
-        }
-        else {
-            return {
-                user,
-                isAssumed: false,
-                responseHeaders: cookieRefreshHeaders,
-            };
-        }
+        return {
+            user: assumedUser || user,
+            isAssumed: !!assumedUser,
+            responseHeaders: cookieRefreshHeaders,
+        };
     }
     /**
      * Get all the JWT params used when creating the auth cookie, in case you need them for
@@ -216,7 +203,7 @@ export class BackendAuthClient {
         const user = await this.getDatabaseUser({
             isSignUpCookie: false,
             userId: userIdResult.userId,
-            assumedUserParams: undefined,
+            assumingUser: undefined,
         });
         if (!user) {
             return undefined;

package/dist/auth-client/frontend-auth.client.d.ts CHANGED Viewed

@@ -31,8 +31,12 @@ export declare class FrontendAuthClient<AssumedUserParams extends JsonCompatible
     constructor(config?: FrontendAuthClientConfig);
     /** Wraps {@link getCurrentCsrfToken} to automatically handle wiping an invalid CSRF token. */
     getCurrentCsrfToken(): Promise<string | undefined>;
-    /** @returns Whether the user assuming succeeded or not. */
-    assumeUser(assumedUserParams: Readonly<AssumedUserParams>): Promise<boolean>;
+    /**
+     * Assume the given user. Pass `undefined` to wipe the currently assumed user.
+     *
+     * @returns Whether the assumed user setting or clearing succeeded or not.
+     */
+    assumeUser(assumedUserParams: Readonly<AssumedUserParams> | undefined): Promise<boolean>;
     /** Gets the assumed user params stored in local storage, if any. */
     getAssumedUser(): AssumedUserParams | undefined;
     /**

package/dist/auth-client/frontend-auth.client.js CHANGED Viewed

@@ -25,12 +25,22 @@ export class FrontendAuthClient {
             return csrfTokenResult.csrfToken?.token;
         }
     }
-    /** @returns Whether the user assuming succeeded or not. */
+    /**
+     * Assume the given user. Pass `undefined` to wipe the currently assumed user.
+     *
+     * @returns Whether the assumed user setting or clearing succeeded or not.
+     */
     async assumeUser(assumedUserParams) {
+        const localStorage = this.config.overrides?.localStorage || globalThis.localStorage;
+        const storageKey = this.config.overrides?.assumedUserHeaderName || AuthHeaderName.AssumedUser;
+        if (!assumedUserParams) {
+            localStorage.removeItem(storageKey);
+            return true;
+        }
         if (!(await this.config.canAssumeUser?.())) {
             return false;
         }
-        (this.config.overrides?.localStorage || globalThis.localStorage).setItem(this.config.overrides?.assumedUserHeaderName || AuthHeaderName.AssumedUser, JSON.stringify(assumedUserParams));
+        localStorage.setItem(storageKey, JSON.stringify(assumedUserParams));
         return true;
     }
     /** Gets the assumed user params stored in local storage, if any. */

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "auth-vir",
-    "version": "2.0.2",
+    "version": "2.0.4",
     "description": "Auth made easy and secure via JWT cookies, CSRF tokens, and password hashing helpers.",
     "keywords": [
         "auth",

package/src/auth-client/backend-auth.client.ts CHANGED Viewed

@@ -65,7 +65,7 @@ export type BackendAuthClientConfig<
              * If this is set, we're attempting to load a database user for the purpose of assuming
              * their user identity. Otherwise, this is `undefined`.
              */
-            assumedUserParams: AssumedUserParams | undefined;
+            assumingUser: AssumedUserParams | undefined;
         }) => MaybePromise<DatabaseUser | undefined | null>;
         /**
          * Get JWT keys produced by {@link generateNewJwtKeys}. Make sure that each time this is
@@ -88,11 +88,11 @@ export type BackendAuthClientConfig<
          */
         assumeUser: {
             /**
-             * Handles assumed user header value.
+             * Parse the assumed user header value.
              *
              * @see {@link AuthHeaderName}
              */
-            handleAssumedUserData: (
+            parseAssumedUserHeaderValue: (
                 /**
                  * The assumed user header value.
                  *
@@ -107,13 +107,12 @@ export type BackendAuthClientConfig<
                 | undefined
             >;
             /**
-             * Return `true` to allow the current user (by the given id) to assume identities of
-             * other users. Return `false` to block it. It is recommended to only return `true` for
-             * admin users.
+             * Return `true` to allow the current/original user to assume identities of other users.
+             * Return `false` to block it. It is recommended to only return `true` for admin users.
              *
              * @see {@link AuthHeaderName}
              */
-            canAssumeUser: (params: {userId: UserId}) => MaybePromise<boolean>;
+            canAssumeUser: (originalUser: DatabaseUser) => MaybePromise<boolean>;
         };
         /**
          * This determines how long a cookie will be valid until it needs to be refreshed.
@@ -188,10 +187,10 @@ export class BackendAuthClient<
     protected async getDatabaseUser({
         isSignUpCookie,
         userId,
-        assumedUserParams,
+        assumingUser,
     }: {
         userId: UserId | undefined;
-        assumedUserParams: AssumedUserParams | undefined;
+        assumingUser: AssumedUserParams | undefined;
         isSignUpCookie: boolean;
     }): Promise<undefined | DatabaseUser> {
         if (!userId) {
@@ -199,7 +198,7 @@ export class BackendAuthClient<
         }
         const authenticatedUser = await this.config.getUserFromDatabase({
-            assumedUserParams,
+            assumingUser,
             userId,
             isSignUpCookie,
         });
@@ -268,18 +267,12 @@ export class BackendAuthClient<
     /** Reads the user's assumed user headers and, if configured, gets the assumed user. */
     protected async getAssumedUser({
         headers,
-        originalUserId,
+        user,
     }: {
-        originalUserId: UserId | undefined;
+        user: DatabaseUser;
         headers: IncomingHttpHeaders;
     }): Promise<DatabaseUser | undefined> {
-        if (
-            !originalUserId ||
-            !this.config.assumeUser ||
-            !(await this.config.assumeUser.canAssumeUser({
-                userId: originalUserId,
-            }))
-        ) {
+        if (!this.config.assumeUser || !(await this.config.assumeUser.canAssumeUser(user))) {
             return undefined;
         }
@@ -292,7 +285,7 @@ export class BackendAuthClient<
         }
         const parsedAssumedUserData =
-            await this.config.assumeUser.handleAssumedUserData(assumedUserHeader);
+            await this.config.assumeUser.parseAssumedUserHeaderValue(assumedUserHeader);
         if (!parsedAssumedUserData || !parsedAssumedUserData.userId) {
             return undefined;
@@ -301,7 +294,7 @@ export class BackendAuthClient<
         const assumedUser = await this.getDatabaseUser({
             isSignUpCookie: false,
             userId: parsedAssumedUserData.userId,
-            assumedUserParams: parsedAssumedUserData.assumedUserParams,
+            assumingUser: parsedAssumedUserData.assumedUserParams,
         });
         return assumedUser;
@@ -327,7 +320,7 @@ export class BackendAuthClient<
         const user = await this.getDatabaseUser({
             userId: userIdResult.userId,
-            assumedUserParams: undefined,
+            assumingUser: undefined,
             isSignUpCookie: !!isSignUpCookie,
         });
@@ -337,7 +330,7 @@ export class BackendAuthClient<
         const assumedUser = await this.getAssumedUser({
             headers: requestHeaders,
-            originalUserId: userIdResult.userId,
+            user,
         });
         const cookieRefreshHeaders =
@@ -345,19 +338,11 @@ export class BackendAuthClient<
                 userIdResult,
             })) || {};
-        if (assumedUser) {
-            return {
-                user: assumedUser,
-                isAssumed: true,
-                responseHeaders: cookieRefreshHeaders,
-            };
-        } else {
-            return {
-                user,
-                isAssumed: false,
-                responseHeaders: cookieRefreshHeaders,
-            };
-        }
+        return {
+            user: assumedUser || user,
+            isAssumed: !!assumedUser,
+            responseHeaders: cookieRefreshHeaders,
+        };
     }
     /**
@@ -481,7 +466,7 @@ export class BackendAuthClient<
         const user = await this.getDatabaseUser({
             isSignUpCookie: false,
             userId: userIdResult.userId,
-            assumedUserParams: undefined,
+            assumingUser: undefined,
         });
         if (!user) {

package/src/auth-client/frontend-auth.client.ts CHANGED Viewed

@@ -60,16 +60,28 @@ export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject =
         }
     }
-    /** @returns Whether the user assuming succeeded or not. */
-    public async assumeUser(assumedUserParams: Readonly<AssumedUserParams>): Promise<boolean> {
+    /**
+     * Assume the given user. Pass `undefined` to wipe the currently assumed user.
+     *
+     * @returns Whether the assumed user setting or clearing succeeded or not.
+     */
+    public async assumeUser(
+        assumedUserParams: Readonly<AssumedUserParams> | undefined,
+    ): Promise<boolean> {
+        const localStorage = this.config.overrides?.localStorage || globalThis.localStorage;
+        const storageKey =
+            this.config.overrides?.assumedUserHeaderName || AuthHeaderName.AssumedUser;
+        if (!assumedUserParams) {
+            localStorage.removeItem(storageKey);
+            return true;
+        }
         if (!(await this.config.canAssumeUser?.())) {
             return false;
         }
-        (this.config.overrides?.localStorage || globalThis.localStorage).setItem(
-            this.config.overrides?.assumedUserHeaderName || AuthHeaderName.AssumedUser,
-            JSON.stringify(assumedUserParams),
-        );
+        localStorage.setItem(storageKey, JSON.stringify(assumedUserParams));
         return true;
     }