firstly 0.0.11 → 0.0.12

package/esm/auth/server/module.js

@@ -0,0 +1,184 @@
+import bcrypt from 'bcrypt';
+import { EntityError, remult } from 'remult';
+import { red } from '@kitql/helpers';
+import { getRelativePackagePath } from '@kitql/internals';
+import { AuthController } from '..';
+import { FF_Role } from '../..';
+import { Module } from '../../api';
+import { FF_Role_Auth, FFAuthAccount, FFAuthUser, FFAuthUserSession } from '../Entities';
+import { AuthControllerServer } from './AuthController.server';
+import { validateSessionToken } from './helperDb';
+import { setSessionTokenCookie } from './helperRemultServer';
+import { initRoleFromEnv } from './helperRole';
+export let AUTH_OPTIONS = { ui: {} };
+const buildUrlOrDefault = (base, userSetting, fallback) => {
+    if (userSetting === false) {
+        return false;
+    }
+    if (userSetting === undefined) {
+        return `${base}/${fallback}`;
+    }
+    return `${base}/${userSetting}`;
+};
+export const getSafeOptions = () => {
+    const signUp = AUTH_OPTIONS.signUp ?? true;
+    const base = AUTH_OPTIONS.ui === false ? 'NO_BASE_PATH' : (AUTH_OPTIONS.ui?.paths?.base ?? '/ff/auth');
+    const firstlyData = {
+        module: 'auth',
+        debug: AUTH_OPTIONS.debug,
+        props: {
+            ui: AUTH_OPTIONS.ui === false
+                ? undefined
+                : {
+                    paths: {
+                        base,
+                        sign_up: signUp
+                            ? buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.sign_up, 'sign-up')
+                            : false,
+                        sign_in: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.sign_in, 'sign-in'),
+                        forgot_password: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.forgot_password, 'forgot-password'),
+                        reset_password: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.reset_password, 'reset-password'),
+                        verify_email: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.verify_email, 'verify-email'),
+                    },
+                    strings: {
+                        app_name: AUTH_OPTIONS.ui?.strings?.app_name ?? '',
+                        email: AUTH_OPTIONS.ui?.strings?.email ?? 'Email',
+                        email_placeholder: AUTH_OPTIONS.ui?.strings?.email_placeholder ?? 'Your email address',
+                        password: AUTH_OPTIONS.ui?.strings?.password ?? 'Password',
+                        password_placeholder: AUTH_OPTIONS.ui?.strings?.password_placeholder ?? 'Your password',
+                        confirm: AUTH_OPTIONS.ui?.strings?.confirm ?? 'Confirm',
+                        reset: AUTH_OPTIONS.ui?.strings?.reset ?? 'Reset',
+                        btn_sign_up: AUTH_OPTIONS.ui?.strings?.btn_sign_up ?? 'Sign up',
+                        btn_sign_in: AUTH_OPTIONS.ui?.strings?.btn_sign_in ?? 'Sign in',
+                        forgot_password: AUTH_OPTIONS.ui?.strings?.forgot_password ?? 'Forgot your password?',
+                        send_password_reset_instructions: AUTH_OPTIONS.ui?.strings?.send_password_reset_instructions ??
+                            'Send password reset instructions',
+                        back_to_sign_in: AUTH_OPTIONS.ui?.strings?.back_to_sign_in ?? 'Back to sign in',
+                    },
+                    images: {
+                        main: AUTH_OPTIONS.ui?.images?.main ?? '',
+                    },
+                },
+        },
+    };
+    let uiStaticPath = AUTH_OPTIONS.uiStaticPath ?? '';
+    if (!AUTH_OPTIONS.uiStaticPath) {
+        const installedFirstlyPath = getRelativePackagePath('firstly');
+        if (installedFirstlyPath) {
+            uiStaticPath = `${installedFirstlyPath}/esm/auth/static/`;
+        }
+    }
+    let redirectUrl = AUTH_OPTIONS.defaultRedirect ?? '/';
+    if (!redirectUrl.startsWith('/')) {
+        authModuleRaw.log.error(`Invalid redirect url ${red(redirectUrl)} (it should be a local one starting with /)`);
+        redirectUrl = '/';
+    }
+    let transformDbUserToClientUserToUse;
+    if (AUTH_OPTIONS.transformDbUserToClientUser) {
+        transformDbUserToClientUserToUse = AUTH_OPTIONS.transformDbUserToClientUser;
+    }
+    else {
+        // @ts-ignore (I'm not sure why cadb-my-doc is failing check here if I don't do this!)
+        transformDbUserToClientUserToUse = (session, user) => {
+            return {
+                id: user.id,
+                name: user.identifier,
+                roles: user.roles,
+                session: {
+                    id: session.id,
+                    expiresAt: session.expiresAt,
+                },
+            };
+        };
+    }
+    function validatePassword(password) {
+        if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
+            throw new EntityError({ message: 'Invalid password' });
+        }
+    }
+    function passwordHash(password) {
+        validatePassword(password);
+        return bcrypt.hashSync(password, AUTH_OPTIONS.providers?.password?.settings?.bcrypt?.saltRounds ?? 10);
+    }
+    function passwordVerify(password, hash) {
+        return bcrypt.compareSync(password, hash);
+    }
+    return {
+        User: (AUTH_OPTIONS.customEntities?.User ?? FFAuthUser),
+        Session: (AUTH_OPTIONS.customEntities?.Session ??
+            FFAuthUserSession),
+        Account: (AUTH_OPTIONS.customEntities?.Account ?? FFAuthAccount),
+        signUp,
+        password: {
+            enabled: AUTH_OPTIONS.providers?.password ? true : false,
+            validatePassword: AUTH_OPTIONS.providers?.password?.settings?.bcrypt?.validatePassword ?? validatePassword,
+            passwordHash: AUTH_OPTIONS.providers?.password?.settings?.bcrypt?.passwordHash ?? passwordHash,
+            passwordVerify: AUTH_OPTIONS.providers?.password?.settings?.bcrypt?.passwordVerify ?? passwordVerify,
+        },
+        otp: { enabled: AUTH_OPTIONS.providers?.otp ? true : false },
+        verifiedMethod: AUTH_OPTIONS.verifiedMethod ?? 'auto',
+        redirectUrl,
+        firstlyData,
+        transformDbUserToClientUser: transformDbUserToClientUserToUse,
+        uiStaticPath,
+        session: {
+            expiresInMs: AUTH_OPTIONS.session?.expiresIn ?? 1000 * 60 * 60 * 24 * 30, // 30 days,
+            cookieName: AUTH_OPTIONS.session?.COOKIE_NAME ?? 'firstly_auth_session',
+        },
+        providers: AUTH_OPTIONS.providers,
+    };
+};
+export const authModuleRaw = new Module({
+    name: 'auth',
+    priority: -777,
+});
+/**
+ * To enable authentication in your app in a few lines of code.
+ * _Info: index: -777_
+ */
+export const auth = (o) => {
+    // TODO should work ?
+    // @ts-ignore
+    AUTH_OPTIONS = o;
+    const oSafe = getSafeOptions();
+    // Replace the direct assignments with the new _setImplementation method
+    AuthController._setAbstraction({
+        signOut: AuthControllerServer.signOut,
+        signInDemo: AuthControllerServer.signInDemo,
+        invite: AuthControllerServer.invite,
+        signUpPassword: AuthControllerServer.signUpPassword,
+        signInPassword: AuthControllerServer.signInPassword,
+        forgotPassword: AuthControllerServer.forgotPassword,
+        resetPassword: AuthControllerServer.resetPassword,
+        signInOTP: AuthControllerServer.signInOTP,
+        verifyOtp: AuthControllerServer.verifyOtp,
+        signInOAuthGetUrl: AuthControllerServer.signInOAuthGetUrl,
+    });
+    authModuleRaw.entities = [oSafe.User, oSafe.Session, oSafe.Account];
+    authModuleRaw.controllers = [AuthController];
+    authModuleRaw.initRequest = async (event) => {
+        // REMULT: storing user in local should probably be done in remult directly
+        if (event?.locals?.user) {
+            remult.user = event.locals.user;
+        }
+        else {
+            const sessionId = event.cookies.get(oSafe.session.cookieName);
+            if (sessionId) {
+                const { user, freshSession } = await validateSessionToken(sessionId);
+                if (freshSession) {
+                    setSessionTokenCookie(freshSession.sessionToken, freshSession.expiresAt);
+                }
+                remult.user = user;
+                if (event.locals) {
+                    event.locals.user = user;
+                }
+            }
+        }
+    };
+    authModuleRaw.initApi = async () => {
+        await initRoleFromEnv(authModuleRaw.log, oSafe.User, 'FF_ROLE_ADMIN', FF_Role.FF_Role_Admin);
+        await initRoleFromEnv(authModuleRaw.log, oSafe.User, 'FF_ROLE_AUTH_ADMIN', FF_Role_Auth.FF_Role_Auth_Admin);
+    };
+    return authModuleRaw;
+};
+export { initRoleFromEnv };

package/esm/auth/{providers → server/providers}/github.d.ts

@@ -1,11 +1,11 @@
-import { GitHub } from 'arctic';
-import { type FFOAuth2Provider } from '../';
+import { GitHub, OAuth2Tokens } from 'arctic';
+import { type FFOAuth2Provider, type OAuth2UserInfo, type ProviderAuthorizationURLOptions } from '../module';
 /**
  * ## GitHub OAuth2 provider
  *
  * 1. Get your **id** & **secret** from [GitHub (direct link)](https://github.com/settings/developers).
  * 2. In GitHub, set your callback url to
- * - [ ] dev: `http://localhost:5173/api/auth_callback`
+ * - [ ] dev: `http://_YOUR_LOCAL_URL:PORT_/api/auth_callback`
  * - [ ] prod: `https://MY_SUPER_SITE/api/auth_callback`
  * 3. In your project add a `.env` file with the following:
  * ```bash
@@ -25,6 +25,7 @@ export declare function github(options?: {
     GITHUB_CLIENT_ID?: string;
     GITHUB_CLIENT_SECRET?: string;
     GITHUB_REDIRECT_URI?: string;
-    authorizationURLOptions?: ReturnType<FFOAuth2Provider<'github', GitHub>['authorizationURLOptions']>;
+    authorizationURLOptions?: ProviderAuthorizationURLOptions;
+    getUserInfo?: (tokens: OAuth2Tokens) => Promise<OAuth2UserInfo>;
     log?: boolean;
-}): FFOAuth2Provider<'github', GitHub>;
+}): FFOAuth2Provider<GitHub, 'github'>;

package/esm/auth/{providers → server/providers}/github.js

@@ -1,9 +1,8 @@
-import { GitHub } from 'arctic';
+import { GitHub, OAuth2Tokens } from 'arctic';
 import { remult } from 'remult';
 import { env } from '$env/dynamic/private';
-import { checkOAuthConfig } from '.';
-import {} from '../';
-import { logAuth } from '../client';
+import { authModuleRaw, } from '../module';
+import { checkOAuthConfig } from './helperProvider';
 //------------------------------
 // For developers (future me ?), To do another OAuth2 provider:
 // Replace GITHUB / Github / github
@@ -15,7 +14,7 @@ import { logAuth } from '../client';
  *
  * 1. Get your **id** & **secret** from [GitHub (direct link)](https://github.com/settings/developers).
  * 2. In GitHub, set your callback url to
- * - [ ] dev: `http://localhost:5173/api/auth_callback`
+ * - [ ] dev: `http://_YOUR_LOCAL_URL:PORT_/api/auth_callback`
  * - [ ] prod: `https://MY_SUPER_SITE/api/auth_callback`
  * 3. In your project add a `.env` file with the following:
  * ```bash
@@ -39,28 +38,38 @@ export function github(options) {
     checkOAuthConfig(name, clientID, secret, urlForKeys, false);
     return {
         name,
-        isPKCE: false,
         getArcticProvider: () => {
             const redirectURI = options?.GITHUB_REDIRECT_URI ??
                 env.GITHUB_REDIRECT_URI ??
-                `${remult.context.url.origin}/api/auth_callback`;
+                `${remult.context.request.url.origin}/api/auth_callback`;
             checkOAuthConfig(name, clientID, secret, urlForKeys, true);
-            return new GitHub(clientID, secret, { redirectURI });
+            const o = new GitHub(clientID, secret, redirectURI);
+            return o;
         },
         authorizationURLOptions: () => {
-            return options?.authorizationURLOptions ?? { scopes: [] };
-        },
-        getUserInfo: async (tokens) => {
-            const res = await fetch('https://api.github.com/user', {
-                headers: {
-                    Authorization: `Bearer ${tokens.accessToken}`,
-                },
-            });
-            const user = await res.json();
-            if (options?.log) {
-                logAuth.info(`user`, user);
-            }
-            return { raw: user, providerUserId: String(user.id), nameOptions: [user.login] };
+            return options?.authorizationURLOptions ?? [];
         },
+        getUserInfo: options?.getUserInfo
+            ? options.getUserInfo
+            : async (tokens) => {
+                const res = await fetch('https://api.github.com/user', {
+                    headers: {
+                        Authorization: `Bearer ${tokens.accessToken()}`,
+                    },
+                });
+                const user = await res.json();
+                if ((options?.authorizationURLOptions ?? []).includes('user:email')) {
+                    const res = await fetch('https://api.github.com/user/emails', {
+                        headers: {
+                            Authorization: `Bearer ${tokens.accessToken()}`,
+                        },
+                    });
+                    user.emails = await res.json();
+                }
+                if (options?.log) {
+                    authModuleRaw.log.info(`user`, user);
+                }
+                return { raw: user, providerUserId: String(user.id), nameOptions: [user.login] };
+            },
     };
 }

package/esm/auth/{providers/index.d.ts → server/providers/helperProvider.d.ts}

@@ -1,3 +1 @@
 export declare const checkOAuthConfig: (name: string, clientId: string, secret: string, urlForKeys: string, withThrow: boolean) => void;
-export { github } from './github';
-export { strava } from './strava';

package/esm/auth/{providers/index.js → server/providers/helperProvider.js}

@@ -1,6 +1,7 @@
+import { EntityError } from 'remult';
 import { cyan, gray, green, italic, yellow } from '@kitql/helpers';
-import { mask } from '../../formats/strings';
-import { logAuth } from '../client';
+import { mask } from '../../../formats/strings';
+import { authModuleRaw } from '../module';
 export const checkOAuthConfig = (name, clientId, secret, urlForKeys, withThrow) => {
     if (!clientId || !secret) {
         const msg = `Wrong configuration for ${green(name)} provider.
@@ -15,12 +16,10 @@ export const checkOAuthConfig = (name, clientId, secret, urlForKeys, withThrow)
   Check ${cyan(urlForKeys)} to generate your keys.
 `;
         if (withThrow) {
-            throw new Error(msg);
+            throw new EntityError({ message: msg });
         }
         else {
-            logAuth.error(msg);
+            authModuleRaw.log.error(msg);
         }
     }
 };
-export { github } from './github';
-export { strava } from './strava';

package/esm/auth/static/assets/{Page-BEFYPjis.d.ts → Page-Bb8bFlrP.d.ts}

@@ -1,4 +1,4 @@
 export { v as default };
 declare class v extends l {
 }
-import { S as l } from "./index-QypqCYwC.js";
+import { S as l } from "./index-Bl0Bk5u0.js";

package/esm/auth/static/assets/{Page-DtgkOCJs.js → Page-Bb8bFlrP.js}

@@ -1 +1 @@
-import{S as l,b as d,a as f,d as i,h as m,M as p,t as u,n as r,z as h}from"./index-QypqCYwC.js";function c(a){let e;const n={c:function(){e=p("Hello from files")},l:function(t){throw new Error("options.hydrate only works if the component was compiled with the `hydratable: true` option")},m:function(t,o){u(t,e,o)},p:r,i:r,o:r,d:function(t){t&&h(e)}};return i("SvelteRegisterBlock",{block:n,id:c.name,type:"component",source:"",ctx:a}),n}function w(a,e){let{$$slots:n={},$$scope:s}=e;m("Page",n,[]);const t=[];return Object.keys(e).forEach(o=>{!~t.indexOf(o)&&o.slice(0,2)!=="$$"&&o!=="slot"&&console.warn(`<Page> was created with unknown prop '${o}'`)}),[]}class v extends l{constructor(e){super(e),d(this,e,w,c,f,{}),i("SvelteRegisterComponent",{component:this,tagName:"Page",options:e,id:c.name})}}export{v as default};
+import{S as l,b as d,a as f,d as i,h as m,M as p,t as u,n as r,z as h}from"./index-Bl0Bk5u0.js";function c(a){let e;const n={c:function(){e=p("Hello from files")},l:function(t){throw new Error("options.hydrate only works if the component was compiled with the `hydratable: true` option")},m:function(t,o){u(t,e,o)},p:r,i:r,o:r,d:function(t){t&&h(e)}};return i("SvelteRegisterBlock",{block:n,id:c.name,type:"component",source:"",ctx:a}),n}function w(a,e){let{$$slots:n={},$$scope:s}=e;m("Page",n,[]);const t=[];return Object.keys(e).forEach(o=>{!~t.indexOf(o)&&o.slice(0,2)!=="$$"&&o!=="slot"&&console.warn(`<Page> was created with unknown prop '${o}'`)}),[]}class v extends l{constructor(e){super(e),d(this,e,w,c,f,{}),i("SvelteRegisterComponent",{component:this,tagName:"Page",options:e,id:c.name})}}export{v as default};

package/esm/auth/static/assets/{Page-DtgkOCJs.d.ts → Page-BxomFlZ8.d.ts}

@@ -1,4 +1,4 @@
 export { v as default };
 declare class v extends l {
 }
-import { S as l } from "./index-QypqCYwC.js";
+import { S as l } from "./index-Bl0Bk5u0.js";

package/esm/auth/static/assets/{Page-BEFYPjis.js → Page-BxomFlZ8.js}

@@ -1 +1 @@
-import{S as l,b as d,a as f,d as i,h as m,M as p,t as u,n as r,z as h}from"./index-QypqCYwC.js";function c(s){let e;const n={c:function(){e=p("Hello from admin")},l:function(t){throw new Error("options.hydrate only works if the component was compiled with the `hydratable: true` option")},m:function(t,o){u(t,e,o)},p:r,i:r,o:r,d:function(t){t&&h(e)}};return i("SvelteRegisterBlock",{block:n,id:c.name,type:"component",source:"",ctx:s}),n}function w(s,e){let{$$slots:n={},$$scope:a}=e;m("Page",n,[]);const t=[];return Object.keys(e).forEach(o=>{!~t.indexOf(o)&&o.slice(0,2)!=="$$"&&o!=="slot"&&console.warn(`<Page> was created with unknown prop '${o}'`)}),[]}class v extends l{constructor(e){super(e),d(this,e,w,c,f,{}),i("SvelteRegisterComponent",{component:this,tagName:"Page",options:e,id:c.name})}}export{v as default};
+import{S as l,b as d,a as f,d as i,h as m,M as p,t as u,n as r,z as h}from"./index-Bl0Bk5u0.js";function c(s){let e;const n={c:function(){e=p("Hello from admin")},l:function(t){throw new Error("options.hydrate only works if the component was compiled with the `hydratable: true` option")},m:function(t,o){u(t,e,o)},p:r,i:r,o:r,d:function(t){t&&h(e)}};return i("SvelteRegisterBlock",{block:n,id:c.name,type:"component",source:"",ctx:s}),n}function w(s,e){let{$$slots:n={},$$scope:a}=e;m("Page",n,[]);const t=[];return Object.keys(e).forEach(o=>{!~t.indexOf(o)&&o.slice(0,2)!=="$$"&&o!=="slot"&&console.warn(`<Page> was created with unknown prop '${o}'`)}),[]}class v extends l{constructor(e){super(e),d(this,e,w,c,f,{}),i("SvelteRegisterComponent",{component:this,tagName:"Page",options:e,id:c.name})}}export{v as default};

package/esm/auth/static/assets/Page-CaIYu0-y.d.ts

@@ -0,0 +1,6 @@
+export { Xl as default };
+declare class Xl extends yt {
+    set firstlyData(e: void);
+    get firstlyData(): void;
+}
+import { S as yt } from "./index-Bl0Bk5u0.js";