npm - auth-vir - Versions diffs - 2.0.4 → 2.1.0 - Mend

auth-vir 2.0.4 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/auth-client/frontend-auth.client.d.ts +26 -3
package/dist/auth-client/frontend-auth.client.js +23 -1
package/package.json +1 -1
package/src/auth-client/frontend-auth.client.ts +61 -8

package/dist/auth-client/frontend-auth.client.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
-import { type JsonCompatibleObject, type MaybePromise, type PartialWithUndefined, type SelectFrom } from '@augment-vir/common';
+import { type JsonCompatibleObject, type MaybePromise, type PartialWithUndefined, type SelectFrom, type SetOptionalWithUndefined } from '@augment-vir/common';
+import { type AnyDuration } from 'date-vir';
 import { type EmptyObject } from 'type-fest';
 /**
  * Config for {@link FrontendAuthClient}.
@@ -13,6 +14,22 @@ export type FrontendAuthClientConfig = PartialWithUndefined<{
     canAssumeUser: () => MaybePromise<boolean>;
     /** Called whenever the current user becomes unauthorized and their CSRF token is wiped. */
     authClearedCallback: () => MaybePromise<void>;
+    /**
+     * Performs automatic checks on an interval to see if the user is still authenticated. Omit this
+     * to turn off automatic checks.
+     */
+    checkUser: {
+        /**
+         * Get a response from the backend to see if the user is still authenticated. If the
+         * response returns a non-authorized status, the user is wiped. Any other status is
+         * ignored.
+         */
+        performCheck: () => MaybePromise<SelectFrom<Response, {
+            status: true;
+        }>>;
+        /** @default {minutes: 1} */
+        interval?: AnyDuration | undefined;
+    };
     overrides: PartialWithUndefined<{
         localStorage: Pick<Storage, 'setItem' | 'removeItem' | 'getItem'>;
         csrfHeaderName: string;
@@ -28,7 +45,13 @@ export type FrontendAuthClientConfig = PartialWithUndefined<{
  */
 export declare class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject = EmptyObject> {
     protected readonly config: FrontendAuthClientConfig;
+    protected userCheckInterval: undefined | ReturnType<typeof globalThis.setInterval>;
     constructor(config?: FrontendAuthClientConfig);
+    /**
+     * Destroys the client and performs all necessary cleanup (like clearing the user check
+     * interval).
+     */
+    destroy(): void;
     /** Wraps {@link getCurrentCsrfToken} to automatically handle wiping an invalid CSRF token. */
     getCurrentCsrfToken(): Promise<string | undefined>;
     /**
@@ -62,8 +85,8 @@ export declare class FrontendAuthClient<AssumedUserParams extends JsonCompatible
      * Use to verify _all_ responses received from the backend. Immediately logs the user out once
      * an unauthorized response is detected.
      */
-    verifyResponseAuth(response: Readonly<SelectFrom<Response, {
+    verifyResponseAuth(response: Readonly<SetOptionalWithUndefined<SelectFrom<Response, {
         status: true;
         headers: true;
-    }>>): Promise<void>;
+    }>, 'headers'>>): Promise<void>;
 }

package/dist/auth-client/frontend-auth.client.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { HttpStatus, } from '@augment-vir/common';
+import { convertDuration } from 'date-vir';
 import { CsrfTokenFailureReason, extractCsrfTokenHeader, getCurrentCsrfToken, storeCsrfToken, wipeCurrentCsrfToken, } from '../csrf-token.js';
 import { AuthHeaderName } from '../headers.js';
 /**
@@ -10,8 +11,29 @@ import { AuthHeaderName } from '../headers.js';
  */
 export class FrontendAuthClient {
     config;
+    userCheckInterval;
     constructor(config = {}) {
         this.config = config;
+        if (config.checkUser) {
+            const intervalDuration = convertDuration(config.checkUser.interval || { minutes: 1 }, {
+                milliseconds: true,
+            }).milliseconds;
+            this.userCheckInterval = globalThis.setInterval(async () => {
+                const response = await config.checkUser?.performCheck();
+                if (response) {
+                    await this.verifyResponseAuth({
+                        status: response.status,
+                    });
+                }
+            }, intervalDuration);
+        }
+    }
+    /**
+     * Destroys the client and performs all necessary cleanup (like clearing the user check
+     * interval).
+     */
+    destroy() {
+        globalThis.clearInterval(this.userCheckInterval);
     }
     /** Wraps {@link getCurrentCsrfToken} to automatically handle wiping an invalid CSRF token. */
     async getCurrentCsrfToken() {
@@ -111,7 +133,7 @@ export class FrontendAuthClient {
      */
     async verifyResponseAuth(response) {
         if (response.status === HttpStatus.Unauthorized &&
-            !response.headers.get(AuthHeaderName.IsSignUpAuth)) {
+            !response.headers?.get(AuthHeaderName.IsSignUpAuth)) {
             await this.logout();
         }
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "auth-vir",
-    "version": "2.0.4",
+    "version": "2.1.0",
     "description": "Auth made easy and secure via JWT cookies, CSRF tokens, and password hashing helpers.",
     "keywords": [
         "auth",

package/src/auth-client/frontend-auth.client.ts CHANGED Viewed

@@ -4,7 +4,9 @@ import {
     type MaybePromise,
     type PartialWithUndefined,
     type SelectFrom,
+    type SetOptionalWithUndefined,
 } from '@augment-vir/common';
+import {convertDuration, type AnyDuration} from 'date-vir';
 import {type EmptyObject} from 'type-fest';
 import {
     CsrfTokenFailureReason,
@@ -28,6 +30,29 @@ export type FrontendAuthClientConfig = PartialWithUndefined<{
     canAssumeUser: () => MaybePromise<boolean>;
     /** Called whenever the current user becomes unauthorized and their CSRF token is wiped. */
     authClearedCallback: () => MaybePromise<void>;
+    /**
+     * Performs automatic checks on an interval to see if the user is still authenticated. Omit this
+     * to turn off automatic checks.
+     */
+    checkUser: {
+        /**
+         * Get a response from the backend to see if the user is still authenticated. If the
+         * response returns a non-authorized status, the user is wiped. Any other status is
+         * ignored.
+         */
+        performCheck: () => MaybePromise<
+            SelectFrom<
+                Response,
+                {
+                    status: true;
+                }
+            >
+        >;
+        /** @default {minutes: 1} */
+        interval?: AnyDuration | undefined;
+    };
     overrides: PartialWithUndefined<{
         localStorage: Pick<Storage, 'setItem' | 'removeItem' | 'getItem'>;
         csrfHeaderName: string;
@@ -43,7 +68,32 @@ export type FrontendAuthClientConfig = PartialWithUndefined<{
  * @category Client
  */
 export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject = EmptyObject> {
-    constructor(protected readonly config: FrontendAuthClientConfig = {}) {}
+    protected userCheckInterval: undefined | ReturnType<typeof globalThis.setInterval>;
+    constructor(protected readonly config: FrontendAuthClientConfig = {}) {
+        if (config.checkUser) {
+            const intervalDuration = convertDuration(config.checkUser.interval || {minutes: 1}, {
+                milliseconds: true,
+            }).milliseconds;
+            this.userCheckInterval = globalThis.setInterval(async () => {
+                const response = await config.checkUser?.performCheck();
+                if (response) {
+                    await this.verifyResponseAuth({
+                        status: response.status,
+                    });
+                }
+            }, intervalDuration);
+        }
+    }
+    /**
+     * Destroys the client and performs all necessary cleanup (like clearing the user check
+     * interval).
+     */
+    public destroy() {
+        globalThis.clearInterval(this.userCheckInterval);
+    }
     /** Wraps {@link getCurrentCsrfToken} to automatically handle wiping an invalid CSRF token. */
     public async getCurrentCsrfToken(): Promise<string | undefined> {
@@ -176,18 +226,21 @@ export class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject =
      */
     public async verifyResponseAuth(
         response: Readonly<
-            SelectFrom<
-                Response,
-                {
-                    status: true;
-                    headers: true;
-                }
+            SetOptionalWithUndefined<
+                SelectFrom<
+                    Response,
+                    {
+                        status: true;
+                        headers: true;
+                    }
+                >,
+                'headers'
             >
         >,
     ): Promise<void> {
         if (
             response.status === HttpStatus.Unauthorized &&
-            !response.headers.get(AuthHeaderName.IsSignUpAuth)
+            !response.headers?.get(AuthHeaderName.IsSignUpAuth)
         ) {
             await this.logout();
         }