firstly 0.0.12 → 0.0.13

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # firstly
 
+## 0.0.13
+
+### Patch Changes
+
+- [#66](https://github.com/jycouet/firstly/pull/66)
+  [`7d8b323`](https://github.com/jycouet/firstly/commit/7d8b323b49d7d76b6d59ec887ed2e37a2238f201)
+  Thanks [@jycouet](https://github.com/jycouet)! - prepare JYC 013
+
 ## 0.0.12
 
 ### Patch Changes

package/esm/api/index.d.ts

@@ -31,6 +31,7 @@ type Options = RemultServerOptions<RequestEvent<Partial<Record<string, string>>,
 export declare let entities: ClassType<any>[];
 /**
  * it's basically `remultSveltekit` with the `modules` option
+ * @deprecated will be done directly in remult when modules will be in 😉
  */
 export declare const firstly: (o: Options) => import("remult/remult-sveltekit").RemultSveltekitServer;
 /**

package/esm/api/index.js

@@ -2,6 +2,7 @@ import {} from 'remult';
 import { remultSveltekit } from 'remult/remult-sveltekit';
 import { Log } from '@kitql/helpers';
 import { building } from '$app/environment';
+import { sveltekit } from '../sveltekit/server';
 export class Module {
     name;
     log;
@@ -25,10 +26,11 @@ export class Module {
 export let entities = [];
 /**
  * it's basically `remultSveltekit` with the `modules` option
+ * @deprecated will be done directly in remult when modules will be in 😉
  */
 export const firstly = (o) => {
     const modulesSorted = modulesFlatAndOrdered([
-        ...(o.modules ?? []),
+        ...[...(o.modules ?? []), sveltekit()],
         new Module({
             name: 'default',
             entities: o.entities ?? [],

package/esm/auth/server/AuthController.server.d.ts

@@ -26,7 +26,7 @@ export declare class AuthControllerServer {
     /**
      * Forgot your password ? Send a mail to reset it.
      */
-    static forgotPassword(emailParam: string): Promise<"Mail sent !" | "Demo Mail sent !">;
+    static forgotPassword(emailParam: string): Promise<string>;
     /**
      * Reset your password with a token
      */

package/esm/auth/server/AuthController.server.js

@@ -44,7 +44,7 @@ export class AuthControllerServer {
         user.roles = r.roles;
         await repo(oSafe.User).save(user);
         await ff_createSession(user.id);
-        return "You're in with demo account!";
+        return `You're in with ${name} demo account!`;
     }
     /**
      * This is for login / password authentication invite
@@ -68,14 +68,13 @@ export class AuthControllerServer {
             // const user = await repo(oSafe.User).insert({
             //   identifier: email,
             // })
-            oSafe.providers?.password?.verifyMailExpiresIn;
             await repo(oSafe.Account).insert({
                 provider: FFAuthProvider.PASSWORD.id,
                 providerUserId: email,
                 // userId: user.id,
                 // hashPassword: await passwordHash(password),
                 token: token,
-                expiresAt: createDate(AUTH_OPTIONS.providers?.password?.verifyMailExpiresIn ?? 5 * 60),
+                expiresAt: createDate(AUTH_OPTIONS.providers?.password?.mail?.verify?.expiresIn ?? 5 * 60),
                 lastVerifiedAt: undefined,
             });
             const url = `${remult.context.request.url.origin}${oSafe.firstlyData.props.ui?.paths.reset_password}?token=${token}`;
@@ -117,14 +116,15 @@ export class AuthControllerServer {
      * _(The first param `email` can be "anything")_
      */
     static async signUpPassword(emailParam, password) {
-        const email = emailParam.toLowerCase();
         const oSafe = getSafeOptions();
         if (!oSafe.signUp) {
-            throw new EntityError({ message: "You can't signup by yourself! Contact the administrator." });
+            throw new EntityError({ message: oSafe.strings.cannotSignUp });
         }
         if (!oSafe.password.enabled) {
             throw new EntityError({ message: 'Password is not enabled!' });
         }
+        const email = emailParam.toLowerCase();
+        oSafe.password.validateInput({ identifier: email, password });
         const existingAccount = await repo(oSafe.Account).findOne({
             where: {
                 providerUserId: email,
@@ -134,7 +134,6 @@ export class AuthControllerServer {
         if (existingAccount) {
             throw new EntityError({ message: "You can't signup twice !" });
         }
-        oSafe.password.validatePassword(password);
         const token = generateAndEncodeToken();
         await remult.dataProvider.transaction(async () => {
             const user = await repo(oSafe.User).insert({
@@ -144,11 +143,11 @@ export class AuthControllerServer {
                 provider: FFAuthProvider.PASSWORD.id,
                 providerUserId: email,
                 userId: user.id,
-                hashPassword: oSafe.password.passwordHash(password),
+                hashPassword: await oSafe.password.hash(password),
                 token: oSafe.verifiedMethod === 'auto' ? undefined : token,
                 expiresAt: oSafe.verifiedMethod === 'auto'
                     ? undefined
-                    : createDate(AUTH_OPTIONS.providers?.password?.verifyMailExpiresIn ?? 5 * 60),
+                    : createDate(AUTH_OPTIONS.providers?.password?.mail?.verify?.expiresIn ?? 5 * 60),
                 lastVerifiedAt: oSafe.verifiedMethod === 'auto' ? new Date() : undefined,
             });
         });
@@ -162,8 +161,8 @@ export class AuthControllerServer {
         }
         else {
             const url = `${remult.context.request.url.origin}${oSafe.firstlyData.props.ui?.paths.verify_email}?token=${token}`;
-            if (AUTH_OPTIONS.providers?.password?.verifyMailSend) {
-                await AUTH_OPTIONS.providers?.password.verifyMailSend({ email, url });
+            if (AUTH_OPTIONS.providers?.password?.mail?.verify?.send) {
+                await AUTH_OPTIONS.providers?.password.mail.verify.send({ email, url });
                 authModuleRaw.log.success(`${green('[custom]')}${magenta('[verifyMailSend]')} (${yellow(url)})`);
             }
             else {
@@ -196,6 +195,7 @@ export class AuthControllerServer {
     static async signInPassword(emailParam, password) {
         const email = emailParam.toLowerCase();
         const oSafe = getSafeOptions();
+        oSafe.password.validateInput({ identifier: email, password });
         if (!oSafe.password.enabled) {
             throw new EntityError({ message: 'Password is not enabled!' });
         }
@@ -206,7 +206,7 @@ export class AuthControllerServer {
             },
         });
         if (existingAccount) {
-            const validPassword = oSafe.password.passwordVerify(password ?? '', existingAccount?.hashPassword ?? '');
+            const validPassword = oSafe.password.verify(password ?? '', existingAccount?.hashPassword ?? '');
             if (validPassword) {
                 await ff_createSession(existingAccount.userId);
                 return 'ok';
@@ -235,13 +235,13 @@ export class AuthControllerServer {
         if (existingAccount) {
             const token = generateAndEncodeToken();
             existingAccount.token = token;
-            existingAccount.expiresAt = createDate(AUTH_OPTIONS.providers?.password?.resetPasswordExpiresIn ?? 5 * 60);
+            existingAccount.expiresAt = createDate(AUTH_OPTIONS.providers?.password?.mail?.reset?.expiresIn ?? 5 * 60);
             await repo(oSafe.Account).save(existingAccount);
             const url = `${remult.context.request.url.origin}${oSafe.firstlyData.props.ui?.paths.reset_password}?token=${token}`;
-            if (AUTH_OPTIONS.providers?.password?.resetPasswordSend) {
-                await AUTH_OPTIONS.providers?.password.resetPasswordSend({ email, url });
+            if (AUTH_OPTIONS.providers?.password?.mail?.reset?.send) {
+                await AUTH_OPTIONS.providers?.password.mail.reset.send({ email, url });
                 authModuleRaw.log.success(`${green('[custom]')}${magenta('[resetPasswordSend]')} (${yellow(url)})`);
-                return 'Mail sent !';
+                return oSafe.strings.resetPasswordSend;
             }
             else {
                 await sendMail('resetPasswordSend', {
@@ -266,10 +266,10 @@ export class AuthControllerServer {
                     },
                 });
                 authModuleRaw.log.success(`${magenta('[resetPasswordSend]')} (${yellow(url)})`);
-                return 'Demo Mail sent !';
+                return `Demo | ${oSafe.strings.resetPasswordSend}`;
             }
         }
-        throw new EntityError({ message: "Une erreur est survenue, contacte l'administrateur!" });
+        throw new EntityError({ message: oSafe.strings.anErrorOccurred });
     }
     /**
      * Reset your password with a token
@@ -279,6 +279,7 @@ export class AuthControllerServer {
         if (!oSafe.password.enabled) {
             throw new EntityError({ message: 'Password is not enabled!' });
         }
+        oSafe.password.validateInput({ identifier: 'resetPassword', password });
         const account = await remult
             .repo(oSafe.Account)
             .findFirst({ token, provider: FFAuthProvider.PASSWORD.id });
@@ -288,14 +289,13 @@ export class AuthControllerServer {
         if (account.expiresAt && account.expiresAt < new Date()) {
             throw new EntityError({ message: 'token expired' });
         }
-        oSafe.password.validatePassword(password);
         if (account.userId === undefined) {
             const user = await repo(oSafe.User).insert({ identifier: account.providerUserId });
             account.userId = user.id;
         }
         await invalidateSession(account.userId);
         // update elements
-        account.hashPassword = oSafe.password.passwordHash(password);
+        account.hashPassword = await oSafe.password.hash(password);
         account.token = undefined;
         account.expiresAt = undefined;
         account.lastVerifiedAt = new Date();

package/esm/auth/server/handleGuard.d.ts

@@ -0,0 +1,16 @@
+import { type Handle } from '@sveltejs/kit';
+export type RouteGuardConfig = {
+    anonymous?: string[];
+    authenticated: string[];
+    redirectToLogin: string;
+    redirectAuthenticated: string;
+    /**
+     * We need this import
+     *
+     * `import { redirect } from '@sveltejs/kit'` */
+    redirect: (status: number, url: string) => void;
+};
+/**
+ * Creates a handle function with the provided route guard configuration
+ */
+export declare function handleGuard(config: RouteGuardConfig): Handle;

package/esm/auth/server/handleGuard.js

@@ -0,0 +1,67 @@
+import {} from '@sveltejs/kit';
+import { remult } from 'remult';
+/**
+ * Checks if a path matches a pattern that may include wildcards
+ * @param path The actual path to check
+ * @param pattern The pattern that may include wildcards (*)
+ */
+function pathMatchesPattern(path, pattern) {
+    // Convert the pattern to a regex
+    const regexPattern = pattern.replace(/\//g, '\\/').replace(/\*/g, '.*');
+    const regex = new RegExp(`^${regexPattern}$`);
+    return regex.test(path);
+}
+/**
+ * Checks if a path matches any of the patterns in the array
+ */
+function pathMatchesAnyPattern(path, patterns) {
+    return patterns.some((pattern) => pathMatchesPattern(path, pattern));
+}
+/**
+ * Creates a handle function with the provided route guard configuration
+ */
+export function handleGuard(config) {
+    return async ({ event, resolve }) => {
+        const path = event.url.pathname;
+        const fullUrl = event.url.pathname + event.url.search;
+        const isAuthenticated = !!remult.user;
+        // Check if the path is in the anonymous routes
+        const isAnonymousRoute = config.anonymous ? pathMatchesAnyPattern(path, config.anonymous) : false;
+        // Check if the path is in the authenticated routes
+        const isAuthenticatedRoute = pathMatchesAnyPattern(path, config.authenticated);
+        // Check if the current path is the login page
+        const isLoginPage = path === config.redirectToLogin || path === config.redirectToLogin.replace(/\/$/, '');
+        // Create login URL with redirect parameter
+        const createLoginUrl = (returnUrl) => {
+            const encodedReturnUrl = encodeURIComponent(returnUrl);
+            const separator = config.redirectToLogin.includes('?') ? '&' : '?';
+            return `${config.redirectToLogin}${separator}redirect=${encodedReturnUrl}`;
+        };
+        // Handle root path
+        if (path === config.redirectToLogin) {
+            if (isAuthenticated) {
+                config.redirect(302, config.redirectAuthenticated);
+            }
+            else {
+                // Only redirect if we're not already on the login page
+                if (!isLoginPage) {
+                    config.redirect(302, config.redirectToLogin);
+                }
+            }
+        }
+        // If user is not authenticated and tries to access an authenticated route
+        if (!isAuthenticated && isAuthenticatedRoute) {
+            // Redirect to login with the current URL as the redirect target
+            // Only redirect if we're not already on the login page
+            if (!isLoginPage) {
+                config.redirect(302, createLoginUrl(fullUrl));
+            }
+        }
+        // If user is authenticated and tries to access an anonymous-only route
+        // Only check if anonymous routes are defined
+        if (config.anonymous && isAuthenticated && isAnonymousRoute) {
+            config.redirect(302, config.redirectAuthenticated);
+        }
+        return resolve(event);
+    };
+}

package/esm/auth/server/index.d.ts

@@ -1,5 +1,7 @@
 import * as arctic from 'arctic';
+import { handleAuth } from './handleAuth.js';
+import { handleGuard } from './handleGuard.js';
 export { auth, authModuleRaw } from './module';
 export { checkOAuthConfig } from './providers/helperProvider';
 export { github } from './providers/github';
-export { arctic };
+export { arctic, handleAuth, handleGuard };

package/esm/auth/server/index.js

@@ -1,5 +1,7 @@
 import * as arctic from 'arctic';
+import { handleAuth } from './handleAuth.js';
+import { handleGuard } from './handleGuard.js';
 export { auth, authModuleRaw } from './module';
 export { checkOAuthConfig } from './providers/helperProvider';
 export { github } from './providers/github';
-export { arctic };
+export { arctic, handleAuth, handleGuard };

package/esm/auth/server/module.d.ts

@@ -28,6 +28,11 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
     };
     debug?: boolean;
     ui?: false | RecursivePartial<firstlyDataAuth['ui']>;
+    strings?: {
+        resetPasswordSend?: string;
+        anErrorOccurred?: string;
+        cannotSignUp?: string;
+    };
     /** Usefull to overwrite where the static files are */
     uiStaticPath?: string;
     session?: {
@@ -63,52 +68,55 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
             roles?: string[];
         }[];
         password?: {
-            /**
-             * Reseting the password
-             */
-            resetPasswordSend?: (args: {
-                email: string;
-                url: string;
-            }) => Promise<void>;
-            /** in secondes @default 5 minutes */
-            resetPasswordExpiresIn?: number;
-            /**
-             * Verify the Mail
-             */
-            verifyMailSend?: (args: {
-                email: string;
-                url: string;
-            }) => Promise<void>;
-            /** in secondes @default 5 minutes */
-            verifyMailExpiresIn?: number;
-            settings?: {
+            mail?: {
+                reset?: {
+                    send?: (args: {
+                        email: string;
+                        url: string;
+                    }) => Promise<void>;
+                    /** in secondes @default 5 minutes */
+                    expiresIn?: number;
+                };
+                verify?: {
+                    send?: (args: {
+                        email: string;
+                        url: string;
+                    }) => Promise<void>;
+                    /** in secondes @default 5 minutes */
+                    expiresIn?: number;
+                };
+            };
+            algo?: {
+                /**
+                 * Validate the password or throw an error.
+                 *
+                 * Here is an example (and it's the default implementation):
+                 * ```
+                 * function validatePassword(password: string) {
+                 *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
+                 *     throw new EntityError({ message: 'Invalid password' })
+                 *   }
+                 * }
+                 * ```
+                 */
+                validateInput?: ({ identifier, password }: {
+                    identifier: string;
+                    password: string;
+                }) => void;
+                /**
+                 * If you want to NOT use the default bcrypt, you can pass your own thing!
+                 */
+                hash?: (password: string) => Promise<string>;
+                /**
+                 * If you want to NOT use the default bcrypt, you can pass your own thing!
+                 */
+                verify?: (password: string, hash: string) => Promise<boolean>;
                 bcrypt?: {
-                    /**
-                     * Validate the password or throw an error.
-                     *
-                     * Here is an example (and it's the default implementation):
-                     * ```
-                     * function validatePassword(password: string) {
-                     *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
-                     *     throw new EntityError({ message: 'Invalid password' })
-                     *   }
-                     * }
-                     * ```
-                     */
-                    validatePassword?: (password: string) => void;
-                    /**
-                     * If you want to NOT use the default bcrypt, you can pass your own thing!
-                     */
-                    passwordHash?: (password: string) => string;
                     /**
                      * The number of rounds to use for the bcrypt hash.
                      * @default 10
                      */
                     saltRounds?: number;
-                    /**
-                     * If you want to NOT use the default bcrypt, you can pass your own thing!
-                     */
-                    passwordVerify?: (password: string, hash: string) => boolean;
                 };
             };
         };
@@ -135,9 +143,12 @@ export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUse
     signUp: boolean;
     password: {
         enabled: boolean;
-        validatePassword: (password: string) => void;
-        passwordHash: (password: string) => string;
-        passwordVerify: (password: string, hash: string) => boolean;
+        validateInput: ({ identifier, password }: {
+            identifier: string;
+            password: string;
+        }) => void;
+        hash: ((password: string) => Promise<string>) | ((password: string) => string);
+        verify: ((password: string, hash: string) => Promise<boolean>) | ((password: string, hash: string) => boolean);
     };
     otp: {
         enabled: boolean;
@@ -157,52 +168,55 @@ export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUse
             roles?: string[];
         }[];
         password?: {
-            /**
-             * Reseting the password
-             */
-            resetPasswordSend?: (args: {
-                email: string;
-                url: string;
-            }) => Promise<void>;
-            /** in secondes @default 5 minutes */
-            resetPasswordExpiresIn?: number;
-            /**
-             * Verify the Mail
-             */
-            verifyMailSend?: (args: {
-                email: string;
-                url: string;
-            }) => Promise<void>;
-            /** in secondes @default 5 minutes */
-            verifyMailExpiresIn?: number;
-            settings?: {
+            mail?: {
+                reset?: {
+                    send?: (args: {
+                        email: string;
+                        url: string;
+                    }) => Promise<void>;
+                    /** in secondes @default 5 minutes */
+                    expiresIn?: number;
+                };
+                verify?: {
+                    send?: (args: {
+                        email: string;
+                        url: string;
+                    }) => Promise<void>;
+                    /** in secondes @default 5 minutes */
+                    expiresIn?: number;
+                };
+            };
+            algo?: {
+                /**
+                 * Validate the password or throw an error.
+                 *
+                 * Here is an example (and it's the default implementation):
+                 * ```
+                 * function validatePassword(password: string) {
+                 *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
+                 *     throw new EntityError({ message: 'Invalid password' })
+                 *   }
+                 * }
+                 * ```
+                 */
+                validateInput?: ({ identifier, password }: {
+                    identifier: string;
+                    password: string;
+                }) => void;
+                /**
+                 * If you want to NOT use the default bcrypt, you can pass your own thing!
+                 */
+                hash?: (password: string) => Promise<string>;
+                /**
+                 * If you want to NOT use the default bcrypt, you can pass your own thing!
+                 */
+                verify?: (password: string, hash: string) => Promise<boolean>;
                 bcrypt?: {
-                    /**
-                     * Validate the password or throw an error.
-                     *
-                     * Here is an example (and it's the default implementation):
-                     * ```
-                     * function validatePassword(password: string) {
-                     *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
-                     *     throw new EntityError({ message: 'Invalid password' })
-                     *   }
-                     * }
-                     * ```
-                     */
-                    validatePassword?: (password: string) => void;
-                    /**
-                     * If you want to NOT use the default bcrypt, you can pass your own thing!
-                     */
-                    passwordHash?: (password: string) => string;
                     /**
                      * The number of rounds to use for the bcrypt hash.
                      * @default 10
                      */
                     saltRounds?: number;
-                    /**
-                     * If you want to NOT use the default bcrypt, you can pass your own thing!
-                     */
-                    passwordVerify?: (password: string, hash: string) => boolean;
                 };
             };
         };
@@ -220,6 +234,11 @@ export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUse
         };
         oAuths?: FFOAuth2Provider[];
     } | undefined;
+    strings: {
+        resetPasswordSend: string;
+        anErrorOccurred: string;
+        cannotSignUp: string;
+    };
 };
 export declare const authModuleRaw: Module;
 /**