auth-vir 2.4.0 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/auth-client/backend-auth.client.d.ts +14 -5
  2. package/dist/auth-client/backend-auth.client.js +6 -3
  3. package/package.json +1 -1
  4. package/src/auth-client/backend-auth.client.ts +24 -7
package/dist/auth-client/backend-auth.client.d.ts CHANGED
@@ -128,7 +128,7 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
128
128
  */
129
129
  isSignUpCookie: boolean;
130
130
  /** Overrides the client's already established `serviceOrigin`. */
131
- serviceOrigin: string | undefined;
131
+ serviceOrigin?: string | undefined;
132
132
  }): Promise<Readonly<CookieParams>>;
133
133
  /** Calls the provided `getUserFromDatabase` config. */
134
134
  protected getDatabaseUser({ isSignUpCookie, userId, assumingUser, }: {
@@ -137,8 +137,10 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
137
137
  isSignUpCookie: boolean;
138
138
  }): Promise<undefined | DatabaseUser>;
139
139
  /** Creates a `'cookie-set'` header to refresh the user's session cookie. */
140
- protected createCookieRefreshHeaders({ userIdResult, }: {
140
+ protected createCookieRefreshHeaders({ userIdResult, serviceOrigin, }: {
141
141
  userIdResult: Readonly<UserIdResult<UserId>>;
142
+ /** Overrides the client's already established `serviceOrigin`. */
143
+ serviceOrigin?: string | undefined;
142
144
  }): Promise<OutgoingHttpHeaders | undefined>;
143
145
  /** Reads the user's assumed user headers and, if configured, gets the assumed user. */
144
146
  protected getAssumedUser({ headers, user, }: {
@@ -146,7 +148,7 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
146
148
  headers: IncomingHttpHeaders;
147
149
  }): Promise<DatabaseUser | undefined>;
148
150
  /** Securely extract a user from their request headers. */
149
- getSecureUser({ requestHeaders, isSignUpCookie, allowUserAuthRefresh, }: {
151
+ getSecureUser({ requestHeaders, isSignUpCookie, allowUserAuthRefresh, serviceOrigin, }: {
150
152
  requestHeaders: IncomingHttpHeaders;
151
153
  isSignUpCookie: boolean;
152
154
  /**
@@ -155,6 +157,8 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
155
157
  * with the frontend auth client's `checkUser.performCheck` callback.
156
158
  */
157
159
  allowUserAuthRefresh: boolean;
160
+ /** Overrides the client's already established `serviceOrigin`. */
161
+ serviceOrigin?: string | undefined;
158
162
  }): Promise<GetUserResult<DatabaseUser> | undefined>;
159
163
  /**
160
164
  * Get all the JWT params used when creating the auth cookie, in case you need them for
@@ -162,9 +166,10 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
162
166
  */
163
167
  getJwtParams(): Promise<Readonly<CreateJwtParams>>;
164
168
  /** Use these headers to log out the user. */
165
- createLogoutHeaders(params: RequireExactlyOne<{
169
+ createLogoutHeaders(params: Readonly<RequireExactlyOne<{
166
170
  allCookies: true;
167
171
  isSignUpCookie: boolean;
172
+ }> & {
168
173
  /** Overrides the client's already established `serviceOrigin`. */
169
174
  serviceOrigin?: string | undefined;
170
175
  }>): Promise<Partial<Record<CsrfHeaderName, string>> & {
@@ -188,6 +193,8 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
188
193
  * with the frontend auth client's `checkUser.performCheck` callback.
189
194
  */
190
195
  allowUserAuthRefresh: boolean;
196
+ /** Overrides the client's already established `serviceOrigin`. */
197
+ serviceOrigin?: string | undefined;
191
198
  }): Promise<RequireOneOrNone<{
192
199
  secureUser: GetUserResult<DatabaseUser>;
193
200
  /**
@@ -203,7 +210,7 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
203
210
  * where JavaScript cannot be used to attach the CSRF token header to the request (like when
204
211
  * opening a PDF file). Use `.getSecureUser()` instead, whenever possible.
205
212
  */
206
- getInsecureUser({ requestHeaders, allowUserAuthRefresh, }: {
213
+ getInsecureUser({ requestHeaders, allowUserAuthRefresh, serviceOrigin, }: {
207
214
  requestHeaders: IncomingHttpHeaders;
208
215
  /**
209
216
  * If true, this method will generate headers to refresh the user's auth session. This
@@ -211,5 +218,7 @@ export declare class BackendAuthClient<DatabaseUser extends AnyObject, UserId ex
211
218
  * with the frontend auth client's `checkUser.performCheck` callback.
212
219
  */
213
220
  allowUserAuthRefresh: boolean;
221
+ /** Overrides the client's already established `serviceOrigin`. */
222
+ serviceOrigin?: string | undefined;
214
223
  }): Promise<GetUserResult<DatabaseUser> | undefined>;
215
224
  }
package/dist/auth-client/backend-auth.client.js CHANGED
@@ -49,7 +49,7 @@ export class BackendAuthClient {
49
49
  return authenticatedUser;
50
50
  }
51
51
  /** Creates a `'cookie-set'` header to refresh the user's session cookie. */
52
- async createCookieRefreshHeaders({ userIdResult, }) {
52
+ async createCookieRefreshHeaders({ userIdResult, serviceOrigin, }) {
53
53
  const now = getNowInUtcTimezone();
54
54
  /** Double check that the JWT hasn't already expired. */
55
55
  const isExpiredAlready = isDateAfter({
@@ -83,6 +83,7 @@ export class BackendAuthClient {
83
83
  requestHeaders: {},
84
84
  userId: userIdResult.userId,
85
85
  isSignUpCookie: userIdResult.cookieName === AuthCookieName.SignUp,
86
+ serviceOrigin,
86
87
  });
87
88
  }
88
89
  else {
@@ -110,7 +111,7 @@ export class BackendAuthClient {
110
111
  return assumedUser;
111
112
  }
112
113
  /** Securely extract a user from their request headers. */
113
- async getSecureUser({ requestHeaders, isSignUpCookie, allowUserAuthRefresh, }) {
114
+ async getSecureUser({ requestHeaders, isSignUpCookie, allowUserAuthRefresh, serviceOrigin, }) {
114
115
  const userIdResult = await extractUserIdFromRequestHeaders(requestHeaders, await this.getJwtParams(), isSignUpCookie ? AuthCookieName.SignUp : AuthCookieName.Auth, this.config.overrides);
115
116
  if (!userIdResult) {
116
117
  return undefined;
@@ -129,6 +130,7 @@ export class BackendAuthClient {
129
130
  });
130
131
  const cookieRefreshHeaders = (await this.createCookieRefreshHeaders({
131
132
  userIdResult,
133
+ serviceOrigin,
132
134
  })) || {};
133
135
  return {
134
136
  user: assumedUser || user,
@@ -220,7 +222,7 @@ export class BackendAuthClient {
220
222
  * where JavaScript cannot be used to attach the CSRF token header to the request (like when
221
223
  * opening a PDF file). Use `.getSecureUser()` instead, whenever possible.
222
224
  */
223
- async getInsecureUser({ requestHeaders, allowUserAuthRefresh, }) {
225
+ async getInsecureUser({ requestHeaders, allowUserAuthRefresh, serviceOrigin, }) {
224
226
  // eslint-disable-next-line @typescript-eslint/no-deprecated
225
227
  const userIdResult = await insecureExtractUserIdFromCookieAlone(requestHeaders, await this.getJwtParams(), AuthCookieName.Auth);
226
228
  if (!userIdResult) {
@@ -237,6 +239,7 @@ export class BackendAuthClient {
237
239
  const refreshHeaders = allowUserAuthRefresh &&
238
240
  (await this.createCookieRefreshHeaders({
239
241
  userIdResult,
242
+ serviceOrigin,
240
243
  }));
241
244
  return {
242
245
  user,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "auth-vir",
3
- "version": "2.4.0",
3
+ "version": "2.4.2",
4
4
  "description": "Auth made easy and secure via JWT cookies, CSRF tokens, and password hashing helpers.",
5
5
  "keywords": [
6
6
  "auth",
package/src/auth-client/backend-auth.client.ts CHANGED
@@ -178,7 +178,7 @@ export class BackendAuthClient<
178
178
  */
179
179
  isSignUpCookie: boolean;
180
180
  /** Overrides the client's already established `serviceOrigin`. */
181
- serviceOrigin: string | undefined;
181
+ serviceOrigin?: string | undefined;
182
182
  }): Promise<Readonly<CookieParams>> {
183
183
  return {
184
184
  cookieDuration: this.config.userSessionIdleTimeout || defaultSessionIdleTimeout,
@@ -219,8 +219,11 @@ export class BackendAuthClient<
219
219
  /** Creates a `'cookie-set'` header to refresh the user's session cookie. */
220
220
  protected async createCookieRefreshHeaders({
221
221
  userIdResult,
222
+ serviceOrigin,
222
223
  }: {
223
224
  userIdResult: Readonly<UserIdResult<UserId>>;
225
+ /** Overrides the client's already established `serviceOrigin`. */
226
+ serviceOrigin?: string | undefined;
224
227
  }): Promise<OutgoingHttpHeaders | undefined> {
225
228
  const now = getNowInUtcTimezone();
226
229
 
@@ -262,6 +265,7 @@ export class BackendAuthClient<
262
265
  requestHeaders: {},
263
266
  userId: userIdResult.userId,
264
267
  isSignUpCookie: userIdResult.cookieName === AuthCookieName.SignUp,
268
+ serviceOrigin,
265
269
  });
266
270
  } else {
267
271
  return undefined;
@@ -309,6 +313,7 @@ export class BackendAuthClient<
309
313
  requestHeaders,
310
314
  isSignUpCookie,
311
315
  allowUserAuthRefresh,
316
+ serviceOrigin,
312
317
  }: {
313
318
  requestHeaders: IncomingHttpHeaders;
314
319
  isSignUpCookie: boolean;
@@ -318,6 +323,8 @@ export class BackendAuthClient<
318
323
  * with the frontend auth client's `checkUser.performCheck` callback.
319
324
  */
320
325
  allowUserAuthRefresh: boolean;
326
+ /** Overrides the client's already established `serviceOrigin`. */
327
+ serviceOrigin?: string | undefined;
321
328
  }): Promise<GetUserResult<DatabaseUser> | undefined> {
322
329
  const userIdResult = await extractUserIdFromRequestHeaders<UserId>(
323
330
  requestHeaders,
@@ -347,6 +354,7 @@ export class BackendAuthClient<
347
354
  const cookieRefreshHeaders =
348
355
  (await this.createCookieRefreshHeaders({
349
356
  userIdResult,
357
+ serviceOrigin,
350
358
  })) || {};
351
359
 
352
360
  return {
@@ -381,12 +389,15 @@ export class BackendAuthClient<
381
389
 
382
390
  /** Use these headers to log out the user. */
383
391
  public async createLogoutHeaders(
384
- params: RequireExactlyOne<{
385
- allCookies: true;
386
- isSignUpCookie: boolean;
387
- /** Overrides the client's already established `serviceOrigin`. */
388
- serviceOrigin?: string | undefined;
389
- }>,
392
+ params: Readonly<
393
+ RequireExactlyOne<{
394
+ allCookies: true;
395
+ isSignUpCookie: boolean;
396
+ }> & {
397
+ /** Overrides the client's already established `serviceOrigin`. */
398
+ serviceOrigin?: string | undefined;
399
+ }
400
+ >,
390
401
  ): Promise<
391
402
  Partial<Record<CsrfHeaderName, string>> & {
392
403
  'set-cookie': string[];
@@ -491,6 +502,8 @@ export class BackendAuthClient<
491
502
  * with the frontend auth client's `checkUser.performCheck` callback.
492
503
  */
493
504
  allowUserAuthRefresh: boolean;
505
+ /** Overrides the client's already established `serviceOrigin`. */
506
+ serviceOrigin?: string | undefined;
494
507
  }): Promise<
495
508
  RequireOneOrNone<{
496
509
  secureUser: GetUserResult<DatabaseUser>;
@@ -523,6 +536,7 @@ export class BackendAuthClient<
523
536
  public async getInsecureUser({
524
537
  requestHeaders,
525
538
  allowUserAuthRefresh,
539
+ serviceOrigin,
526
540
  }: {
527
541
  requestHeaders: IncomingHttpHeaders;
528
542
  /**
@@ -531,6 +545,8 @@ export class BackendAuthClient<
531
545
  * with the frontend auth client's `checkUser.performCheck` callback.
532
546
  */
533
547
  allowUserAuthRefresh: boolean;
548
+ /** Overrides the client's already established `serviceOrigin`. */
549
+ serviceOrigin?: string | undefined;
534
550
  }): Promise<GetUserResult<DatabaseUser> | undefined> {
535
551
  // eslint-disable-next-line @typescript-eslint/no-deprecated
536
552
  const userIdResult = await insecureExtractUserIdFromCookieAlone<UserId>(
@@ -557,6 +573,7 @@ export class BackendAuthClient<
557
573
  allowUserAuthRefresh &&
558
574
  (await this.createCookieRefreshHeaders({
559
575
  userIdResult,
576
+ serviceOrigin,
560
577
  }));
561
578
 
562
579
  return {