auth-vir 3.0.1 → 3.1.1

package/src/csrf-token.ts

@@ -13,6 +13,7 @@ import {
 } from 'date-vir';
 import {defineShape, parseJsonWithShape} from 'object-shape-tester';
 import {type RequireExactlyOne} from 'type-fest';
+import {getDefaultCsrfTokenStore, type CsrfTokenStore} from './csrf-token-store.js';
 
 /**
  * Shape definition for {@link CsrfToken}.
@@ -38,7 +39,9 @@ export type CsrfToken = typeof csrfTokenShape.runtimeType;
  * @category Internal
  * @default {minutes: 5}
  */
-export const defaultAllowedClockSkew: Readonly<AnyDuration> = {minutes: 5};
+export const defaultAllowedClockSkew: Readonly<AnyDuration> = {
+    minutes: 5,
+};
 
 /**
  * Generates a random, cryptographically secure CSRF token.
@@ -135,24 +138,23 @@ export function extractCsrfTokenHeader(
 }
 
 /**
- * Stores the given CSRF token into local storage.
+ * Stores the given CSRF token into IndexedDB.
  *
  * @category Auth : Client
  */
-export function storeCsrfToken(
+export async function storeCsrfToken(
     csrfToken: Readonly<CsrfToken>,
     options: Readonly<CsrfHeaderNameOption> &
         PartialWithUndefined<{
             /**
-             * Allows mocking or overriding the global `localStorage`.
+             * Allows mocking or overriding the default CSRF token store.
              *
-             * @default globalThis.localStorage
+             * @default getDefaultCsrfTokenStore()
              */
-            localStorage: Pick<Storage, 'setItem' | 'removeItem'>;
+            csrfTokenStore: CsrfTokenStore;
         }>,
-) {
-    (options.localStorage || globalThis.localStorage).setItem(
-        resolveCsrfHeaderName(options),
+): Promise<void> {
+    await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).setCsrfToken(
         JSON.stringify(csrfToken),
     );
 }
@@ -224,15 +226,15 @@ export function parseCsrfToken(
  *
  * @category Auth : Client
  */
-export function getCurrentCsrfToken(
+export async function getCurrentCsrfToken(
     options: Readonly<CsrfHeaderNameOption> &
         PartialWithUndefined<{
             /**
-             * Allows mocking or overriding the global `localStorage`.
+             * Allows mocking or overriding the default CSRF token store.
              *
-             * @default globalThis.localStorage
+             * @default getDefaultCsrfTokenStore()
              */
-            localStorage: Pick<Storage, 'getItem'>;
+            csrfTokenStore: CsrfTokenStore;
             /**
              * Allowed clock skew tolerance for CSRF token expiration checks.
              *
@@ -240,32 +242,30 @@ export function getCurrentCsrfToken(
              */
             allowedClockSkew: Readonly<AnyDuration>;
         }>,
-): Readonly<GetCsrfTokenResult> {
+): Promise<Readonly<GetCsrfTokenResult>> {
     const rawCsrfToken: string | undefined =
-        (options.localStorage || globalThis.localStorage).getItem(resolveCsrfHeaderName(options)) ||
+        (await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).getCsrfToken()) ||
         undefined;
 
     return parseCsrfToken(rawCsrfToken, options);
 }
 
 /**
- * Wipes the current stored CSRF token. This should be used by client (frontend) code to logout a
- * user or react to a session timeout.
+ * Wipes the current stored CSRF token. This should be used by client (frontend) code to react to a
+ * session timeout.
  *
  * @category Auth : Client
  */
-export function wipeCurrentCsrfToken(
+export async function wipeCurrentCsrfToken(
     options: Readonly<CsrfHeaderNameOption> &
         PartialWithUndefined<{
             /**
-             * Allows mocking or overriding the global `localStorage`.
+             * Allows mocking or overriding the default CSRF token store.
              *
-             * @default globalThis.localStorage
+             * @default getDefaultCsrfTokenStore()
              */
-            localStorage: Pick<Storage, 'removeItem'>;
+            csrfTokenStore: CsrfTokenStore;
         }>,
-) {
-    return (options.localStorage || globalThis.localStorage).removeItem(
-        resolveCsrfHeaderName(options),
-    );
+): Promise<void> {
+    await (options.csrfTokenStore || (await getDefaultCsrfTokenStore())).deleteCsrfToken();
 }

package/src/generated/internal/class.ts

@@ -27,8 +27,8 @@ const config: runtime.GetPrismaClientConfig = {
       "fromEnvVar": null
     },
     "config": {
-      "engineType": "client",
-      "moduleFormat": "esm"
+      "moduleFormat": "esm",
+      "engineType": "client"
     },
     "binaryTargets": [
       {

package/src/index.ts

@@ -3,10 +3,11 @@ export * from './auth-client/frontend-auth.client.js';
 export * from './auth-client/is-session-refresh-ready.js';
 export * from './auth.js';
 export * from './cookie.js';
+export * from './csrf-token-store.js';
 export * from './csrf-token.js';
 export * from './hash.js';
 export * from './headers.js';
 export * from './jwt/jwt-keys.js';
 export * from './jwt/jwt.js';
 export * from './jwt/user-jwt.js';
-export * from './mock-local-storage.js';
+export * from './mock-csrf-token-store.js';

package/src/jwt/jwt.ts

@@ -16,8 +16,13 @@ import {EncryptJWT, jwtDecrypt, jwtVerify, SignJWT} from 'jose';
 import {defaultAllowedClockSkew} from '../csrf-token.js';
 import {type JwtKeys} from './jwt-keys.js';
 
-const encryptionProtectedHeader = {alg: 'dir', enc: 'A256GCM'};
-const signingProtectedHeader = {alg: 'HS512'};
+const encryptionProtectedHeader = {
+    alg: 'dir',
+    enc: 'A256GCM',
+};
+const signingProtectedHeader = {
+    alg: 'HS512',
+};
 
 /**
  * Params for {@link createJwt}.
@@ -110,7 +115,9 @@ export async function createJwt<JwtData extends AnyObject = AnyObject>(
     data: JwtData,
     params: Readonly<CreateJwtParams>,
 ): Promise<string> {
-    const rawJwt = new SignJWT({data})
+    const rawJwt = new SignJWT({
+        data,
+    })
         .setProtectedHeader(signingProtectedHeader)
         .setIssuedAt(
             params.issuedAt
@@ -129,7 +136,9 @@ export async function createJwt<JwtData extends AnyObject = AnyObject>(
 
     const signedJwt = await rawJwt.sign(params.jwtKeys.signingKey);
 
-    return await new EncryptJWT({jwt: signedJwt})
+    return await new EncryptJWT({
+        jwt: signedJwt,
+    })
         .setProtectedHeader(encryptionProtectedHeader)
         .encrypt(params.jwtKeys.encryptionKey);
 }
@@ -182,7 +191,9 @@ export async function parseJwt<JwtData extends AnyObject = AnyObject>(
 
     const clockToleranceSeconds = convertDuration(
         params.allowedClockSkew || defaultAllowedClockSkew,
-        {seconds: true},
+        {
+            seconds: true,
+        },
     ).seconds;
 
     const verifiedJwt = await jwtVerify(decryptedJwt.payload.jwt, params.jwtKeys.signingKey, {

package/src/jwt/user-jwt.ts

@@ -27,7 +27,9 @@ export const userJwtDataShape = defineShape({
      * enforce the max session duration. If not present, the session is considered to have started
      * when the JWT was issued.
      */
-    sessionStartedAt: optionalShape(0, {alsoUndefined: true}),
+    sessionStartedAt: optionalShape(0, {
+        alsoUndefined: true,
+    }),
 });
 
 /**

package/src/mock-csrf-token-store.ts

@@ -0,0 +1,141 @@
+import {type CsrfTokenStore} from './csrf-token-store.js';
+
+/**
+ * `accessRecord` type for {@link createMockLocalStorage}'s output.
+ *
+ * @category Internal
+ */
+export type MockLocalStorageAccessRecord = {
+    getItem: string[];
+    removeItem: string[];
+    setItem: {key: string; value: string}[];
+    key: number[];
+};
+
+/**
+ * Create an empty `accessRecord` object, this is to be used in conjunction with
+ * {@link createMockLocalStorage}.
+ *
+ * @category Mock
+ */
+export function createEmptyMockLocalStorageAccessRecord(): MockLocalStorageAccessRecord {
+    return {
+        getItem: [],
+        removeItem: [],
+        setItem: [],
+        key: [],
+    };
+}
+
+/**
+ * Create a LocalStorage mock.
+ *
+ * @category Mock
+ */
+export function createMockLocalStorage(
+    /** Set values in here to initialize the mocked localStorage data store contents. */
+    init: Record<string, string> = {},
+) {
+    const store: Record<string, string> = init;
+    const accessRecord = createEmptyMockLocalStorageAccessRecord();
+
+    const mockLocalStorage: Storage = {
+        clear() {
+            Object.keys(store).forEach((key) => {
+                delete store[key];
+            });
+        },
+        getItem(key) {
+            accessRecord.getItem.push(key);
+            return store[key] ?? null;
+        },
+        get length() {
+            return Object.keys(store).length;
+        },
+        key(index) {
+            accessRecord.key.push(index);
+            return Object.keys(store)[index] ?? null;
+        },
+        removeItem(key) {
+            accessRecord.removeItem.push(key);
+            delete store[key];
+        },
+        setItem(key, value) {
+            accessRecord.setItem.push({
+                key,
+                value,
+            });
+            store[key] = value;
+        },
+    };
+
+    return {
+        localStorage: mockLocalStorage,
+        store,
+        accessRecord,
+    };
+}
+
+/**
+ * `accessRecord` type for {@link createMockCsrfTokenStore}'s output.
+ *
+ * @category Internal
+ */
+export type MockCsrfTokenStoreAccessRecord = {
+    getCsrfToken: number;
+    setCsrfToken: string[];
+    deleteCsrfToken: number;
+};
+
+/**
+ * Create an empty `accessRecord` object, this is to be used in conjunction with
+ * {@link createMockCsrfTokenStore}.
+ *
+ * @category Mock
+ */
+export function createEmptyMockCsrfTokenStoreAccessRecord(): MockCsrfTokenStoreAccessRecord {
+    return {
+        getCsrfToken: 0,
+        setCsrfToken: [],
+        deleteCsrfToken: 0,
+    };
+}
+
+/**
+ * Create a mock {@link CsrfTokenStore} backed by a simple in-memory object, for use in tests.
+ *
+ * @category Mock
+ */
+export function createMockCsrfTokenStore(
+    /** Set an initial value to initialize the mocked store contents. */
+    init?: string | undefined,
+) {
+    let storedValue: string | undefined = init;
+    const accessRecord = createEmptyMockCsrfTokenStoreAccessRecord();
+
+    const csrfTokenStore: CsrfTokenStore = {
+        getCsrfToken() {
+            accessRecord.getCsrfToken++;
+            return Promise.resolve(storedValue);
+        },
+        setCsrfToken(value: string) {
+            accessRecord.setCsrfToken.push(value);
+            storedValue = value;
+            return Promise.resolve();
+        },
+        deleteCsrfToken() {
+            accessRecord.deleteCsrfToken++;
+            storedValue = undefined;
+            return Promise.resolve();
+        },
+    };
+
+    return {
+        csrfTokenStore,
+        /** The current value held in the mock store. */
+        get storedValue() {
+            return storedValue;
+        },
+        accessRecord,
+    };
+}

package/dist/mock-local-storage.d.ts

@@ -1,33 +0,0 @@
-/**
- * `accessRecord` type for {@link createMockLocalStorage}'s output.
- *
- * @category Internal
- */
-export type MockLocalStorageAccessRecord = {
-    getItem: string[];
-    removeItem: string[];
-    setItem: {
-        key: string;
-        value: string;
-    }[];
-    key: number[];
-};
-/**
- * Create an empty `accessRecord` object, this is to be used in conjunction with
- * {@link createMockLocalStorage}.
- *
- * @category Mock
- */
-export declare function createEmptyMockLocalStorageAccessRecord(): MockLocalStorageAccessRecord;
-/**
- * Create a LocalStorage mock.
- *
- * @category Mock
- */
-export declare function createMockLocalStorage(
-/** Set values in here to initialize the mocked localStorage data store contents. */
-init?: Record<string, string>): {
-    localStorage: Storage;
-    store: Record<string, string>;
-    accessRecord: MockLocalStorageAccessRecord;
-};

package/dist/mock-local-storage.js

@@ -1,56 +0,0 @@
-/**
- * Create an empty `accessRecord` object, this is to be used in conjunction with
- * {@link createMockLocalStorage}.
- *
- * @category Mock
- */
-export function createEmptyMockLocalStorageAccessRecord() {
-    return {
-        getItem: [],
-        removeItem: [],
-        setItem: [],
-        key: [],
-    };
-}
-/**
- * Create a LocalStorage mock.
- *
- * @category Mock
- */
-export function createMockLocalStorage(
-/** Set values in here to initialize the mocked localStorage data store contents. */
-init = {}) {
-    const store = init;
-    const accessRecord = createEmptyMockLocalStorageAccessRecord();
-    const mockLocalStorage = {
-        clear() {
-            Object.keys(store).forEach((key) => {
-                delete store[key];
-            });
-        },
-        getItem(key) {
-            accessRecord.getItem.push(key);
-            return store[key] ?? null;
-        },
-        get length() {
-            return Object.keys(store).length;
-        },
-        key(index) {
-            accessRecord.key.push(index);
-            return Object.keys(store)[index] ?? null;
-        },
-        removeItem(key) {
-            accessRecord.removeItem.push(key);
-            delete store[key];
-        },
-        setItem(key, value) {
-            accessRecord.setItem.push({ key, value });
-            store[key] = value;
-        },
-    };
-    return {
-        localStorage: mockLocalStorage,
-        store,
-        accessRecord,
-    };
-}

package/src/mock-local-storage.ts

@@ -1,72 +0,0 @@
-/**
- * `accessRecord` type for {@link createMockLocalStorage}'s output.
- *
- * @category Internal
- */
-export type MockLocalStorageAccessRecord = {
-    getItem: string[];
-    removeItem: string[];
-    setItem: {key: string; value: string}[];
-    key: number[];
-};
-
-/**
- * Create an empty `accessRecord` object, this is to be used in conjunction with
- * {@link createMockLocalStorage}.
- *
- * @category Mock
- */
-export function createEmptyMockLocalStorageAccessRecord(): MockLocalStorageAccessRecord {
-    return {
-        getItem: [],
-        removeItem: [],
-        setItem: [],
-        key: [],
-    };
-}
-
-/**
- * Create a LocalStorage mock.
- *
- * @category Mock
- */
-export function createMockLocalStorage(
-    /** Set values in here to initialize the mocked localStorage data store contents. */
-    init: Record<string, string> = {},
-) {
-    const store: Record<string, string> = init;
-    const accessRecord = createEmptyMockLocalStorageAccessRecord();
-
-    const mockLocalStorage: Storage = {
-        clear() {
-            Object.keys(store).forEach((key) => {
-                delete store[key];
-            });
-        },
-        getItem(key) {
-            accessRecord.getItem.push(key);
-            return store[key] ?? null;
-        },
-        get length() {
-            return Object.keys(store).length;
-        },
-        key(index) {
-            accessRecord.key.push(index);
-            return Object.keys(store)[index] ?? null;
-        },
-        removeItem(key) {
-            accessRecord.removeItem.push(key);
-            delete store[key];
-        },
-        setItem(key, value) {
-            accessRecord.setItem.push({key, value});
-            store[key] = value;
-        },
-    };
-
-    return {
-        localStorage: mockLocalStorage,
-        store,
-        accessRecord,
-    };
-}