npm - auth-vir - Versions diffs - 2.3.8 → 2.3.9 - Mend

auth-vir 2.3.8 → 2.3.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/auth-client/backend-auth.client.d.ts +22 -4
package/dist/auth-client/backend-auth.client.js +9 -7
package/package.json +1 -1
package/src/auth-client/backend-auth.client.ts +31 -8

package/dist/auth-client/backend-auth.client.d.ts CHANGED Viewed

@@ -144,9 +144,15 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
         headers: IncomingHttpHeaders;
     }): Promise<DatabaseUser | undefined>;
     /** Securely extract a user from their request headers. */
-    getSecureUser({ requestHeaders, isSignUpCookie, }: {
+    getSecureUser({ requestHeaders, isSignUpCookie, allowUserAuthRefresh, }: {
         requestHeaders: IncomingHttpHeaders;
-        isSignUpCookie?: boolean | undefined;
+        isSignUpCookie: boolean;
+        /**
+         * If true, this method will generate headers to refresh the user's auth session. This
+         * should likely only be done with a specific endpoint, like whatever endpoint you trigger
+         * with the frontend auth client's `checkUser.performCheck` callback.
+         */
+        allowUserAuthRefresh: boolean;
     }): Promise<GetUserResult<DatabaseUser> | undefined>;
     /**
      * Get all the JWT params used when creating the auth cookie, in case you need them for
@@ -169,7 +175,13 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
     /** Combines `.getInsecureUser()` and `.getSecureUser()` into one method. */
     getInsecureOrSecureUser(params: {
         requestHeaders: IncomingHttpHeaders;
-        isSignUpCookie?: boolean | undefined;
+        isSignUpCookie: boolean;
+        /**
+         * If true, this method will generate headers to refresh the user's auth session. This
+         * should likely only be done with a specific endpoint, like whatever endpoint you trigger
+         * with the frontend auth client's `checkUser.performCheck` callback.
+         */
+        allowUserAuthRefresh: boolean;
     }): Promise<RequireOneOrNone<{
         secureUser: GetUserResult<DatabaseUser>;
         /**
@@ -185,7 +197,13 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
      *   where JavaScript cannot be used to attach the CSRF token header to the request (like when
      *   opening a PDF file). Use `.getSecureUser()` instead, whenever possible.
      */
-    getInsecureUser({ requestHeaders, }: {
+    getInsecureUser({ requestHeaders, allowUserAuthRefresh, }: {
         requestHeaders: IncomingHttpHeaders;
+        /**
+         * If true, this method will generate headers to refresh the user's auth session. This
+         * should likely only be done with a specific endpoint, like whatever endpoint you trigger
+         * with the frontend auth client's `checkUser.performCheck` callback.
+         */
+        allowUserAuthRefresh: boolean;
     }): Promise<GetUserResult<DatabaseUser> | undefined>;
 }

package/dist/auth-client/backend-auth.client.js CHANGED Viewed

@@ -110,7 +110,7 @@ export class BackendAuthClient {
         return assumedUser;
     }
     /** Securely extract a user from their request headers. */
-    async getSecureUser({ requestHeaders, isSignUpCookie, }) {
+    async getSecureUser({ requestHeaders, isSignUpCookie, allowUserAuthRefresh, }) {
         const userIdResult = await extractUserIdFromRequestHeaders(requestHeaders, await this.getJwtParams(), isSignUpCookie ? AuthCookieName.SignUp : AuthCookieName.Auth, this.config.overrides);
         if (!userIdResult) {
             return undefined;
@@ -118,7 +118,7 @@ export class BackendAuthClient {
         const user = await this.getDatabaseUser({
             userId: userIdResult.userId,
             assumingUser: undefined,
-            isSignUpCookie: !!isSignUpCookie,
+            isSignUpCookie,
         });
         if (!user) {
             return undefined;
@@ -133,7 +133,7 @@ export class BackendAuthClient {
         return {
             user: assumedUser || user,
             isAssumed: !!assumedUser,
-            responseHeaders: cookieRefreshHeaders,
+            responseHeaders: allowUserAuthRefresh ? cookieRefreshHeaders : {},
         };
     }
     /**
@@ -216,7 +216,7 @@ export class BackendAuthClient {
      *   where JavaScript cannot be used to attach the CSRF token header to the request (like when
      *   opening a PDF file). Use `.getSecureUser()` instead, whenever possible.
      */
-    async getInsecureUser({ requestHeaders, }) {
+    async getInsecureUser({ requestHeaders, allowUserAuthRefresh, }) {
         // eslint-disable-next-line @typescript-eslint/no-deprecated
         const userIdResult = await insecureExtractUserIdFromCookieAlone(requestHeaders, await this.getJwtParams(), AuthCookieName.Auth);
         if (!userIdResult) {
@@ -230,12 +230,14 @@ export class BackendAuthClient {
         if (!user) {
             return undefined;
         }
+        const refreshHeaders = allowUserAuthRefresh &&
+            (await this.createCookieRefreshHeaders({
+                userIdResult,
+            }));
         return {
             user,
             isAssumed: false,
-            responseHeaders: (await this.createCookieRefreshHeaders({
-                userIdResult,
-            })) || {},
+            responseHeaders: refreshHeaders || {},
         };
     }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "auth-vir",
-    "version": "2.3.8",
+    "version": "2.3.9",
     "description": "Auth made easy and secure via JWT cookies, CSRF tokens, and password hashing helpers.",
     "keywords": [
         "auth",

package/src/auth-client/backend-auth.client.ts CHANGED Viewed

@@ -305,9 +305,16 @@ export class BackendAuthClient<
     public async getSecureUser({
         requestHeaders,
         isSignUpCookie,
+        allowUserAuthRefresh,
     }: {
         requestHeaders: IncomingHttpHeaders;
-        isSignUpCookie?: boolean | undefined;
+        isSignUpCookie: boolean;
+        /**
+         * If true, this method will generate headers to refresh the user's auth session. This
+         * should likely only be done with a specific endpoint, like whatever endpoint you trigger
+         * with the frontend auth client's `checkUser.performCheck` callback.
+         */
+        allowUserAuthRefresh: boolean;
     }): Promise<GetUserResult<DatabaseUser> | undefined> {
         const userIdResult = await extractUserIdFromRequestHeaders<UserId>(
             requestHeaders,
@@ -322,7 +329,7 @@ export class BackendAuthClient<
         const user = await this.getDatabaseUser({
             userId: userIdResult.userId,
             assumingUser: undefined,
-            isSignUpCookie: !!isSignUpCookie,
+            isSignUpCookie,
         });
         if (!user) {
@@ -342,7 +349,7 @@ export class BackendAuthClient<
         return {
             user: assumedUser || user,
             isAssumed: !!assumedUser,
-            responseHeaders: cookieRefreshHeaders,
+            responseHeaders: allowUserAuthRefresh ? cookieRefreshHeaders : {},
         };
     }
@@ -465,7 +472,13 @@ export class BackendAuthClient<
     /** Combines `.getInsecureUser()` and `.getSecureUser()` into one method. */
     public async getInsecureOrSecureUser(params: {
         requestHeaders: IncomingHttpHeaders;
-        isSignUpCookie?: boolean | undefined;
+        isSignUpCookie: boolean;
+        /**
+         * If true, this method will generate headers to refresh the user's auth session. This
+         * should likely only be done with a specific endpoint, like whatever endpoint you trigger
+         * with the frontend auth client's `checkUser.performCheck` callback.
+         */
+        allowUserAuthRefresh: boolean;
     }): Promise<
         RequireOneOrNone<{
             secureUser: GetUserResult<DatabaseUser>;
@@ -497,8 +510,15 @@ export class BackendAuthClient<
      */
     public async getInsecureUser({
         requestHeaders,
+        allowUserAuthRefresh,
     }: {
         requestHeaders: IncomingHttpHeaders;
+        /**
+         * If true, this method will generate headers to refresh the user's auth session. This
+         * should likely only be done with a specific endpoint, like whatever endpoint you trigger
+         * with the frontend auth client's `checkUser.performCheck` callback.
+         */
+        allowUserAuthRefresh: boolean;
     }): Promise<GetUserResult<DatabaseUser> | undefined> {
         // eslint-disable-next-line @typescript-eslint/no-deprecated
         const userIdResult = await insecureExtractUserIdFromCookieAlone<UserId>(
@@ -521,13 +541,16 @@ export class BackendAuthClient<
             return undefined;
         }
+        const refreshHeaders =
+            allowUserAuthRefresh &&
+            (await this.createCookieRefreshHeaders({
+                userIdResult,
+            }));
         return {
             user,
             isAssumed: false,
-            responseHeaders:
-                (await this.createCookieRefreshHeaders({
-                    userIdResult,
-                })) || {},
+            responseHeaders: refreshHeaders || {},
         };
     }
 }