feathers-ucan 0.1.38 → 0.1.40

package/lib/env/version.d.ts

@@ -1 +1 @@
-export declare const VERSION = "0.1.38";
+export declare const VERSION = "0.1.40";

package/lib/index.cjs

@@ -94,7 +94,10 @@ class UcanStrategy extends authentication.AuthenticationBaseStrategy {
     }
   }
   verifyConfiguration() {
-    const allowedKeys = ['entity', 'entityId', 'service', 'header', 'schemes', 'audience'];
+    // Allow strategy configuration keys that this package supports. We recently
+    // started propagating `core_path` from the app's authentication config, so
+    // it must be considered valid here to avoid startup errors.
+    const allowedKeys = ['entity', 'entityId', 'service', 'header', 'schemes', 'audience', 'core_path'];
     for (const key of Object.keys(this.configuration)) {
       if (!allowedKeys.includes(key)) {
         throw new Error(`Invalid ucanStrategy option 'authentication.${this.name}.${key}'. Did you mean to set it in 'authentication.jwtOptions'?`);
@@ -173,7 +176,18 @@ class UcanStrategy extends authentication.AuthenticationBaseStrategy {
         skip_hooks: true,
         admin_pass: true
       }));
-      if (entities.total) return entities.data[0]._id;else throw new NotAuthError$1('Could not find login associated with this ucan');
+      // Support both paginated and non-paginated service responses
+      // - Paginated: { total, limit, skip, data: [...] }
+      // - Non-paginated: Array
+      let first = undefined;
+      if (entities && typeof entities === 'object' && 'data' in entities) {
+        var _entities$data;
+        first = (_entities$data = entities.data) == null ? void 0 : _entities$data[0];
+      } else if (Array.isArray(entities)) {
+        first = entities[0];
+      }
+      if (first && first._id) return first._id;
+      throw new NotAuthError$1('Could not find login associated with this ucan');
     }
   }
   async authenticate(authentication, params) {
@@ -657,6 +671,7 @@ const noThrowAuth = async context => {
     context = symbolUcan._set(context, [config.core_path, config.entity], entity);
   }
   try {
+    // Must pass explicit strategy per app requirements
     context = await authentication.authenticate('jwt')(context).catch(() => {
       return context;
     });
@@ -669,6 +684,7 @@ const bareAuth = async context => {
   const config = context.app.get('authentication');
   const entity = symbolUcan._get(context, ['auth', config.entity]);
   if (entity) context = symbolUcan._set(context, [config.core_path, config.entity], entity);
+  // Must pass explicit strategy per app requirements
   return authentication.authenticate('jwt')(context);
 };
 const verifyOne = async (ucan, options, log) => {
@@ -766,29 +782,15 @@ const verifyAgainstReqs = (reqs, config, options) => {
   return async context => {
     var _v3;
     const log = options == null ? void 0 : options.log;
-    // Per latest requirement: UCAN is always at context.params[entityKey].ucan
-    const authCfg = context.app.get('authentication');
-    const entityKey = (authCfg == null ? void 0 : authCfg.entity) || 'login';
-    if (log) {
-      try {
-        logUcanParams('verifyAgainstReqs:start', context);
-      } catch {}
-    }
-    const rawUcanPrimary = symbolUcan._get(context.params, [entityKey, 'ucan']);
-    // Fallback: legacy path if primary missing
-    const rawUcanFallback = rawUcanPrimary || symbolUcan._get(context.params, config == null ? void 0 : config.client_ucan);
-    // Normalize the client UCAN the same way the caps path does
-    // This brings the first check up to speed with the working cap_subjects flow.
-    let ucan = rawUcanFallback;
-    if (rawUcanFallback) {
-      try {
-        // ucanToken will stringify a UCAN object or return the compact form for strings
-        const maybe = symbolUcan.ucanToken(rawUcanFallback);
-        if (maybe && typeof maybe === 'string') ucan = maybe;
-        if (log && rawUcanFallback !== ucan) console.log('Normalized client UCAN via ucanToken()');
-      } catch (e) {
-        if (log) console.log('UCAN normalization skipped (ucanToken threw):', e == null ? void 0 : e.message);
-      }
+    const rawUcan = symbolUcan._get(context.params, config.client_ucan);
+    let ucan = rawUcan;
+    try {
+      // ucanToken will stringify a UCAN object or return the compact form for strings
+      const maybe = symbolUcan.ucanToken(rawUcan);
+      if (maybe && typeof maybe === 'string') ucan = maybe;
+      if (log && rawUcan !== ucan) console.log('Normalized client UCAN via ucanToken()');
+    } catch (e) {
+      if (log) console.log('UCAN normalization skipped (ucanToken threw):', e == null ? void 0 : e.message);
     }
     const audience = (options == null ? void 0 : options.audience) || symbolUcan._get(context.params, config.ucan_aud);
     if (log) console.log('verify against reqs', reqs);
@@ -1106,7 +1108,7 @@ const ucanAuth = (requiredCapabilities, options) => {
     const loginId = typeof existingLogin === 'string' ? existingLogin : existingLogin == null ? void 0 : existingLogin._id;
     const hasLogin = !!(existingLogin && (typeof existingLogin === 'string' || !!loginId));
     // Per requirement: UCAN is always at context.params[entity].ucan
-    const existingUcan = symbolUcan._get(context.params, [entity, 'ucan']);
+    const existingUcan = symbolUcan._get(context.params, configuration.client_ucan || 'client_ucan');
     if (options != null && options.log) console.log('ucan auth', 'hasLogin', hasLogin, 'loginId', loginId, 'existingUcan', !!existingUcan, 'core_path', core_path, 'entity', entity, 'core', context.params[core_path], 'params login', context.params.login, 'required capabilities', requiredCapabilities);
     if (options != null && options.log && !hasLogin) {
       try {