npm - auth-vir - Versions diffs - 2.2.0 → 2.3.0 - Mend

auth-vir 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/auth-client/backend-auth.client.d.ts +17 -3
package/dist/auth-client/backend-auth.client.js +12 -2
package/package.json +1 -1
package/src/auth-client/backend-auth.client.ts +32 -4

package/dist/auth-client/backend-auth.client.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { type AnyObject, type JsonCompatibleObject, type MaybePromise, type PartialWithUndefined, type RequiredAndNotNull } from '@augment-vir/common';
 import { type AnyDuration } from 'date-vir';
 import { type IncomingHttpHeaders, type OutgoingHttpHeaders } from 'node:http';
-import { type EmptyObject, type RequireExactlyOne } from 'type-fest';
+import { type EmptyObject, type RequireExactlyOne, type RequireOneOrNone } from 'type-fest';
 import { type UserIdResult } from '../auth.js';
 import { type CookieParams } from '../cookie.js';
 import { AuthHeaderName } from '../headers.js';
@@ -166,12 +166,26 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
         requestHeaders: IncomingHttpHeaders;
         isSignUpCookie: boolean;
     }): Promise<Pick<RequiredAndNotNull<OutgoingHttpHeaders>, 'set-cookie'> & Record<CsrfHeaderName, string>>;
+    /** Combines `.getInsecureUser()` and `.getSecureUser()` into one method. */
+    getInsecureOrSecureUser(params: {
+        requestHeaders: IncomingHttpHeaders;
+        isSignUpCookie?: boolean | undefined;
+    }): Promise<RequireOneOrNone<{
+        secureUser: GetUserResult<DatabaseUser>;
+        /**
+         * @deprecated This only half authenticates the user. It should only be used in
+         *   circumstances where JavaScript cannot be used to attach the CSRF token header to
+         *   the request (like when opening a PDF file). Use `.getSecureUser()` instead,
+         *   whenever possible.
+         */
+        insecureUser: GetUserResult<DatabaseUser>;
+    }>>;
     /**
      * @deprecated This only half authenticates the user. It should only be used in circumstances
      *   where JavaScript cannot be used to attach the CSRF token header to the request (like when
      *   opening a PDF file). Use `.getSecureUser()` instead, whenever possible.
      */
-    getInsecureUser({ headers, }: {
-        headers: IncomingHttpHeaders;
+    getInsecureUser({ requestHeaders, }: {
+        requestHeaders: IncomingHttpHeaders;
     }): Promise<GetUserResult<DatabaseUser> | undefined>;
 }

package/dist/auth-client/backend-auth.client.js CHANGED Viewed

@@ -200,14 +200,24 @@ export class BackendAuthClient {
                 : {}),
         };
     }
+    /** Combines `.getInsecureUser()` and `.getSecureUser()` into one method. */
+    async getInsecureOrSecureUser(params) {
+        const secureUser = await this.getSecureUser(params);
+        if (secureUser) {
+            return secureUser;
+        }
+        // eslint-disable-next-line @typescript-eslint/no-deprecated
+        const insecureUser = await this.getInsecureUser(params);
+        return insecureUser ? { insecureUser } : {};
+    }
     /**
      * @deprecated This only half authenticates the user. It should only be used in circumstances
      *   where JavaScript cannot be used to attach the CSRF token header to the request (like when
      *   opening a PDF file). Use `.getSecureUser()` instead, whenever possible.
      */
-    async getInsecureUser({ headers, }) {
+    async getInsecureUser({ requestHeaders, }) {
         // eslint-disable-next-line @typescript-eslint/no-deprecated
-        const userIdResult = await insecureExtractUserIdFromCookieAlone(headers, await this.getJwtParams(), AuthCookieName.Auth);
+        const userIdResult = await insecureExtractUserIdFromCookieAlone(requestHeaders, await this.getJwtParams(), AuthCookieName.Auth);
         if (!userIdResult) {
             return undefined;
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "auth-vir",
-    "version": "2.2.0",
+    "version": "2.3.0",
     "description": "Auth made easy and secure via JWT cookies, CSRF tokens, and password hashing helpers.",
     "keywords": [
         "auth",

package/src/auth-client/backend-auth.client.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import {
 } from '@augment-vir/common';
 import {calculateRelativeDate, getNowInUtcTimezone, isDateAfter, type AnyDuration} from 'date-vir';
 import {type IncomingHttpHeaders, type OutgoingHttpHeaders} from 'node:http';
-import {type EmptyObject, type RequireExactlyOne} from 'type-fest';
+import {type EmptyObject, type RequireExactlyOne, type RequireOneOrNone} from 'type-fest';
 import {
     extractUserIdFromRequestHeaders,
     generateLogoutHeaders,
@@ -463,19 +463,47 @@ export class BackendAuthClient<
         };
     }
+    /** Combines `.getInsecureUser()` and `.getSecureUser()` into one method. */
+    public async getInsecureOrSecureUser(params: {
+        requestHeaders: IncomingHttpHeaders;
+        isSignUpCookie?: boolean | undefined;
+    }): Promise<
+        RequireOneOrNone<{
+            secureUser: GetUserResult<DatabaseUser>;
+            /**
+             * @deprecated This only half authenticates the user. It should only be used in
+             *   circumstances where JavaScript cannot be used to attach the CSRF token header to
+             *   the request (like when opening a PDF file). Use `.getSecureUser()` instead,
+             *   whenever possible.
+             */
+            insecureUser: GetUserResult<DatabaseUser>;
+        }>
+    > {
+        const secureUser = await this.getSecureUser(params);
+        if (secureUser) {
+            return secureUser;
+        }
+        // eslint-disable-next-line @typescript-eslint/no-deprecated
+        const insecureUser = await this.getInsecureUser(params);
+        return insecureUser ? {insecureUser} : {};
+    }
     /**
      * @deprecated This only half authenticates the user. It should only be used in circumstances
      *   where JavaScript cannot be used to attach the CSRF token header to the request (like when
      *   opening a PDF file). Use `.getSecureUser()` instead, whenever possible.
      */
     public async getInsecureUser({
-        headers,
+        requestHeaders,
     }: {
-        headers: IncomingHttpHeaders;
+        requestHeaders: IncomingHttpHeaders;
     }): Promise<GetUserResult<DatabaseUser> | undefined> {
         // eslint-disable-next-line @typescript-eslint/no-deprecated
         const userIdResult = await insecureExtractUserIdFromCookieAlone<UserId>(
-            headers,
+            requestHeaders,
             await this.getJwtParams(),
             AuthCookieName.Auth,
         );