firstly 0.0.12 → 0.0.14

package/esm/auth/server/handleGuard.js

@@ -0,0 +1,67 @@
+import {} from '@sveltejs/kit';
+import { remult } from 'remult';
+/**
+ * Checks if a path matches a pattern that may include wildcards
+ * @param path The actual path to check
+ * @param pattern The pattern that may include wildcards (*)
+ */
+function pathMatchesPattern(path, pattern) {
+    // Convert the pattern to a regex
+    const regexPattern = pattern.replace(/\//g, '\\/').replace(/\*/g, '.*');
+    const regex = new RegExp(`^${regexPattern}$`);
+    return regex.test(path);
+}
+/**
+ * Checks if a path matches any of the patterns in the array
+ */
+function pathMatchesAnyPattern(path, patterns) {
+    return patterns.some((pattern) => pathMatchesPattern(path, pattern));
+}
+/**
+ * Creates a handle function with the provided route guard configuration
+ */
+export function handleGuard(config) {
+    return async ({ event, resolve }) => {
+        const path = event.url.pathname;
+        const fullUrl = event.url.pathname + event.url.search;
+        const isAuthenticated = !!remult.user;
+        // Check if the path is in the anonymous routes
+        const isAnonymousRoute = config.anonymous ? pathMatchesAnyPattern(path, config.anonymous) : false;
+        // Check if the path is in the authenticated routes
+        const isAuthenticatedRoute = pathMatchesAnyPattern(path, config.authenticated);
+        // Check if the current path is the login page
+        const isLoginPage = path === config.redirectToLogin || path === config.redirectToLogin.replace(/\/$/, '');
+        // Create login URL with redirect parameter
+        const createLoginUrl = (returnUrl) => {
+            const encodedReturnUrl = encodeURIComponent(returnUrl);
+            const separator = config.redirectToLogin.includes('?') ? '&' : '?';
+            return `${config.redirectToLogin}${separator}redirect=${encodedReturnUrl}`;
+        };
+        // Handle root path
+        if (path === config.redirectToLogin) {
+            if (isAuthenticated) {
+                config.redirect(302, config.redirectAuthenticated);
+            }
+            else {
+                // Only redirect if we're not already on the login page
+                if (!isLoginPage) {
+                    config.redirect(302, config.redirectToLogin);
+                }
+            }
+        }
+        // If user is not authenticated and tries to access an authenticated route
+        if (!isAuthenticated && isAuthenticatedRoute) {
+            // Redirect to login with the current URL as the redirect target
+            // Only redirect if we're not already on the login page
+            if (!isLoginPage) {
+                config.redirect(302, createLoginUrl(fullUrl));
+            }
+        }
+        // If user is authenticated and tries to access an anonymous-only route
+        // Only check if anonymous routes are defined
+        if (config.anonymous && isAuthenticated && isAnonymousRoute) {
+            config.redirect(302, config.redirectAuthenticated);
+        }
+        return resolve(event);
+    };
+}

package/esm/auth/server/helperFirstly.d.ts

@@ -1 +1 @@
-export declare const ff_createSession: (userId: string) => Promise<void>;
+export declare const ff_createSession: (userId: string) => Promise<import("..").FFAuthUserSession>;

package/esm/auth/server/helperFirstly.js

@@ -5,4 +5,5 @@ export const ff_createSession = async (userId) => {
     const token = generateToken();
     const session = await createSession(token, userId);
     setSessionTokenCookie(token, session.expiresAt);
+    return session;
 };

package/esm/auth/server/index.d.ts

@@ -1,5 +1,7 @@
 import * as arctic from 'arctic';
+import { handleAuth } from './handleAuth.js';
+import { handleGuard } from './handleGuard.js';
 export { auth, authModuleRaw } from './module';
 export { checkOAuthConfig } from './providers/helperProvider';
 export { github } from './providers/github';
-export { arctic };
+export { arctic, handleAuth, handleGuard };

package/esm/auth/server/index.js

@@ -1,5 +1,7 @@
 import * as arctic from 'arctic';
+import { handleAuth } from './handleAuth.js';
+import { handleGuard } from './handleGuard.js';
 export { auth, authModuleRaw } from './module';
 export { checkOAuthConfig } from './providers/helperProvider';
 export { github } from './providers/github';
-export { arctic };
+export { arctic, handleAuth, handleGuard };

package/esm/auth/server/module.d.ts

@@ -3,11 +3,8 @@ import type { ClassType, UserInfo } from 'remult';
 import { Module } from '../../api';
 import type { RecursivePartial } from '../../utils/types';
 import { FFAuthAccount, FFAuthUser, FFAuthUserSession } from '../Entities';
-import type { firstlyData, firstlyDataAuth } from '../types';
+import type { FirstlyData, FirstlyDataAuth, ProviderAuthorizationURLOptions } from '../types';
 import { initRoleFromEnv } from './helperRole';
-export type { firstlyData };
-export type ProviderConfigured = Record<string, ProviderAuthorizationURLOptions>;
-export type ProviderAuthorizationURLOptions = string[];
 export type OAuth2UserInfo = {
     raw?: any;
     providerUserId: string;
@@ -27,7 +24,12 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
         Account?: ClassType<TAccountEntity>;
     };
     debug?: boolean;
-    ui?: false | RecursivePartial<firstlyDataAuth['ui']>;
+    ui?: false | RecursivePartial<FirstlyDataAuth['ui']>;
+    strings?: {
+        resetPasswordSend?: string;
+        anErrorOccurred?: string;
+        cannotSignUp?: string;
+    };
     /** Usefull to overwrite where the static files are */
     uiStaticPath?: string;
     session?: {
@@ -63,52 +65,55 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
             roles?: string[];
         }[];
         password?: {
-            /**
-             * Reseting the password
-             */
-            resetPasswordSend?: (args: {
-                email: string;
-                url: string;
-            }) => Promise<void>;
-            /** in secondes @default 5 minutes */
-            resetPasswordExpiresIn?: number;
-            /**
-             * Verify the Mail
-             */
-            verifyMailSend?: (args: {
-                email: string;
-                url: string;
-            }) => Promise<void>;
-            /** in secondes @default 5 minutes */
-            verifyMailExpiresIn?: number;
-            settings?: {
+            mail?: {
+                reset?: {
+                    send?: (args: {
+                        email: string;
+                        url: string;
+                    }) => Promise<void>;
+                    /** in secondes @default 5 minutes */
+                    expiresIn?: number;
+                };
+                verify?: {
+                    send?: (args: {
+                        email: string;
+                        url: string;
+                    }) => Promise<void>;
+                    /** in secondes @default 5 minutes */
+                    expiresIn?: number;
+                };
+            };
+            algo?: {
+                /**
+                 * Validate the password or throw an error.
+                 *
+                 * Here is an example (and it's the default implementation):
+                 * ```
+                 * function validatePassword(password: string) {
+                 *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
+                 *     throw new EntityError({ message: 'Invalid password' })
+                 *   }
+                 * }
+                 * ```
+                 */
+                validateInput?: ({ identifier, password }: {
+                    identifier: string;
+                    password: string;
+                }) => void;
+                /**
+                 * If you want to NOT use the default bcrypt, you can pass your own thing!
+                 */
+                hash?: (password: string) => Promise<string>;
+                /**
+                 * If you want to NOT use the default bcrypt, you can pass your own thing!
+                 */
+                verify?: (password: string, hash: string) => Promise<boolean>;
                 bcrypt?: {
-                    /**
-                     * Validate the password or throw an error.
-                     *
-                     * Here is an example (and it's the default implementation):
-                     * ```
-                     * function validatePassword(password: string) {
-                     *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
-                     *     throw new EntityError({ message: 'Invalid password' })
-                     *   }
-                     * }
-                     * ```
-                     */
-                    validatePassword?: (password: string) => void;
-                    /**
-                     * If you want to NOT use the default bcrypt, you can pass your own thing!
-                     */
-                    passwordHash?: (password: string) => string;
                     /**
                      * The number of rounds to use for the bcrypt hash.
                      * @default 10
                      */
                     saltRounds?: number;
-                    /**
-                     * If you want to NOT use the default bcrypt, you can pass your own thing!
-                     */
-                    passwordVerify?: (password: string, hash: string) => boolean;
                 };
             };
         };
@@ -135,16 +140,19 @@ export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUse
     signUp: boolean;
     password: {
         enabled: boolean;
-        validatePassword: (password: string) => void;
-        passwordHash: (password: string) => string;
-        passwordVerify: (password: string, hash: string) => boolean;
+        validateInput: ({ identifier, password }: {
+            identifier: string;
+            password: string;
+        }) => void;
+        hash: ((password: string) => Promise<string>) | ((password: string) => string);
+        verify: ((password: string, hash: string) => Promise<boolean>) | ((password: string, hash: string) => boolean);
     };
     otp: {
         enabled: boolean;
     };
     verifiedMethod: "email" | "auto" | "manual";
     redirectUrl: string;
-    firstlyData: firstlyData;
+    firstlyData: FirstlyData;
     transformDbUserToClientUser: (session: TSessionEntity, user: TUserEntity) => UserInfo;
     uiStaticPath: string;
     session: {
@@ -157,52 +165,55 @@ export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUse
             roles?: string[];
         }[];
         password?: {
-            /**
-             * Reseting the password
-             */
-            resetPasswordSend?: (args: {
-                email: string;
-                url: string;
-            }) => Promise<void>;
-            /** in secondes @default 5 minutes */
-            resetPasswordExpiresIn?: number;
-            /**
-             * Verify the Mail
-             */
-            verifyMailSend?: (args: {
-                email: string;
-                url: string;
-            }) => Promise<void>;
-            /** in secondes @default 5 minutes */
-            verifyMailExpiresIn?: number;
-            settings?: {
+            mail?: {
+                reset?: {
+                    send?: (args: {
+                        email: string;
+                        url: string;
+                    }) => Promise<void>;
+                    /** in secondes @default 5 minutes */
+                    expiresIn?: number;
+                };
+                verify?: {
+                    send?: (args: {
+                        email: string;
+                        url: string;
+                    }) => Promise<void>;
+                    /** in secondes @default 5 minutes */
+                    expiresIn?: number;
+                };
+            };
+            algo?: {
+                /**
+                 * Validate the password or throw an error.
+                 *
+                 * Here is an example (and it's the default implementation):
+                 * ```
+                 * function validatePassword(password: string) {
+                 *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
+                 *     throw new EntityError({ message: 'Invalid password' })
+                 *   }
+                 * }
+                 * ```
+                 */
+                validateInput?: ({ identifier, password }: {
+                    identifier: string;
+                    password: string;
+                }) => void;
+                /**
+                 * If you want to NOT use the default bcrypt, you can pass your own thing!
+                 */
+                hash?: (password: string) => Promise<string>;
+                /**
+                 * If you want to NOT use the default bcrypt, you can pass your own thing!
+                 */
+                verify?: (password: string, hash: string) => Promise<boolean>;
                 bcrypt?: {
-                    /**
-                     * Validate the password or throw an error.
-                     *
-                     * Here is an example (and it's the default implementation):
-                     * ```
-                     * function validatePassword(password: string) {
-                     *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
-                     *     throw new EntityError({ message: 'Invalid password' })
-                     *   }
-                     * }
-                     * ```
-                     */
-                    validatePassword?: (password: string) => void;
-                    /**
-                     * If you want to NOT use the default bcrypt, you can pass your own thing!
-                     */
-                    passwordHash?: (password: string) => string;
                     /**
                      * The number of rounds to use for the bcrypt hash.
                      * @default 10
                      */
                     saltRounds?: number;
-                    /**
-                     * If you want to NOT use the default bcrypt, you can pass your own thing!
-                     */
-                    passwordVerify?: (password: string, hash: string) => boolean;
                 };
             };
         };
@@ -220,6 +231,11 @@ export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUse
         };
         oAuths?: FFOAuth2Provider[];
     } | undefined;
+    strings: {
+        resetPasswordSend: string;
+        anErrorOccurred: string;
+        cannotSignUp: string;
+    };
 };
 export declare const authModuleRaw: Module;
 /**

package/esm/auth/server/module.js

@@ -1,7 +1,8 @@
-import bcrypt from 'bcrypt';
+import bcrypt from 'bcryptjs';
 import { EntityError, remult } from 'remult';
 import { red } from '@kitql/helpers';
 import { getRelativePackagePath } from '@kitql/internals';
+import { building } from '$app/environment';
 import { AuthController } from '..';
 import { FF_Role } from '../..';
 import { Module } from '../../api';
@@ -23,42 +24,44 @@ const buildUrlOrDefault = (base, userSetting, fallback) => {
 export const getSafeOptions = () => {
     const signUp = AUTH_OPTIONS.signUp ?? true;
     const base = AUTH_OPTIONS.ui === false ? 'NO_BASE_PATH' : (AUTH_OPTIONS.ui?.paths?.base ?? '/ff/auth');
+    const ui = AUTH_OPTIONS.ui === false
+        ? undefined
+        : {
+            paths: {
+                base,
+                sign_up: signUp ? buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.sign_up, 'sign-up') : false,
+                sign_in: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.sign_in, 'sign-in'),
+                forgot_password: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.forgot_password, 'forgot-password'),
+                reset_password: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.reset_password, 'reset-password'),
+                verify_email: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.verify_email, 'verify-email'),
+            },
+            strings: {
+                app_name: AUTH_OPTIONS.ui?.strings?.app_name ?? '',
+                email: AUTH_OPTIONS.ui?.strings?.email ?? 'Email',
+                email_placeholder: AUTH_OPTIONS.ui?.strings?.email_placeholder ?? 'Your email address',
+                password: AUTH_OPTIONS.ui?.strings?.password ?? 'Password',
+                password_placeholder: AUTH_OPTIONS.ui?.strings?.password_placeholder ?? 'Your password',
+                confirm: AUTH_OPTIONS.ui?.strings?.confirm ?? 'Confirm',
+                reset: AUTH_OPTIONS.ui?.strings?.reset ?? 'Reset',
+                btn_sign_up: AUTH_OPTIONS.ui?.strings?.btn_sign_up ?? 'Sign up',
+                btn_sign_in: AUTH_OPTIONS.ui?.strings?.btn_sign_in ?? 'Sign in',
+                forgot_password: AUTH_OPTIONS.ui?.strings?.forgot_password ?? 'Forgot your password?',
+                send_password_reset_instructions: AUTH_OPTIONS.ui?.strings?.send_password_reset_instructions ??
+                    'Send password reset instructions',
+                back_to_sign_in: AUTH_OPTIONS.ui?.strings?.back_to_sign_in ?? 'Back to sign in',
+            },
+            images: {
+                main: AUTH_OPTIONS.ui?.images?.main ?? '',
+            },
+        };
+    if (AUTH_OPTIONS.debug && !building) {
+        authModuleRaw.log.info('ui', ui);
+    }
     const firstlyData = {
         module: 'auth',
         debug: AUTH_OPTIONS.debug,
         props: {
-            ui: AUTH_OPTIONS.ui === false
-                ? undefined
-                : {
-                    paths: {
-                        base,
-                        sign_up: signUp
-                            ? buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.sign_up, 'sign-up')
-                            : false,
-                        sign_in: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.sign_in, 'sign-in'),
-                        forgot_password: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.forgot_password, 'forgot-password'),
-                        reset_password: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.reset_password, 'reset-password'),
-                        verify_email: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.verify_email, 'verify-email'),
-                    },
-                    strings: {
-                        app_name: AUTH_OPTIONS.ui?.strings?.app_name ?? '',
-                        email: AUTH_OPTIONS.ui?.strings?.email ?? 'Email',
-                        email_placeholder: AUTH_OPTIONS.ui?.strings?.email_placeholder ?? 'Your email address',
-                        password: AUTH_OPTIONS.ui?.strings?.password ?? 'Password',
-                        password_placeholder: AUTH_OPTIONS.ui?.strings?.password_placeholder ?? 'Your password',
-                        confirm: AUTH_OPTIONS.ui?.strings?.confirm ?? 'Confirm',
-                        reset: AUTH_OPTIONS.ui?.strings?.reset ?? 'Reset',
-                        btn_sign_up: AUTH_OPTIONS.ui?.strings?.btn_sign_up ?? 'Sign up',
-                        btn_sign_in: AUTH_OPTIONS.ui?.strings?.btn_sign_in ?? 'Sign in',
-                        forgot_password: AUTH_OPTIONS.ui?.strings?.forgot_password ?? 'Forgot your password?',
-                        send_password_reset_instructions: AUTH_OPTIONS.ui?.strings?.send_password_reset_instructions ??
-                            'Send password reset instructions',
-                        back_to_sign_in: AUTH_OPTIONS.ui?.strings?.back_to_sign_in ?? 'Back to sign in',
-                    },
-                    images: {
-                        main: AUTH_OPTIONS.ui?.images?.main ?? '',
-                    },
-                },
+            ui,
         },
     };
     let uiStaticPath = AUTH_OPTIONS.uiStaticPath ?? '';
@@ -91,29 +94,33 @@ export const getSafeOptions = () => {
             };
         };
     }
-    function validatePassword(password) {
-        if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
+    function validateInput({ identifier, password }) {
+        if (typeof identifier !== 'string' || identifier.length === 0) {
+            throw new EntityError({ message: 'Invalid identifier' });
+        }
+        if (typeof password !== 'string') {
             throw new EntityError({ message: 'Invalid password' });
         }
+        if (password.length < 6 || password.length > 255) {
+            throw new EntityError({ message: 'Password too short or too long!' });
+        }
     }
     function passwordHash(password) {
-        validatePassword(password);
-        return bcrypt.hashSync(password, AUTH_OPTIONS.providers?.password?.settings?.bcrypt?.saltRounds ?? 10);
+        return bcrypt.hashSync(password, AUTH_OPTIONS.providers?.password?.algo?.bcrypt?.saltRounds ?? 10);
     }
     function passwordVerify(password, hash) {
         return bcrypt.compareSync(password, hash);
     }
     return {
         User: (AUTH_OPTIONS.customEntities?.User ?? FFAuthUser),
-        Session: (AUTH_OPTIONS.customEntities?.Session ??
-            FFAuthUserSession),
+        Session: (AUTH_OPTIONS.customEntities?.Session ?? FFAuthUserSession),
         Account: (AUTH_OPTIONS.customEntities?.Account ?? FFAuthAccount),
         signUp,
         password: {
             enabled: AUTH_OPTIONS.providers?.password ? true : false,
-            validatePassword: AUTH_OPTIONS.providers?.password?.settings?.bcrypt?.validatePassword ?? validatePassword,
-            passwordHash: AUTH_OPTIONS.providers?.password?.settings?.bcrypt?.passwordHash ?? passwordHash,
-            passwordVerify: AUTH_OPTIONS.providers?.password?.settings?.bcrypt?.passwordVerify ?? passwordVerify,
+            validateInput: AUTH_OPTIONS.providers?.password?.algo?.validateInput ?? validateInput,
+            hash: AUTH_OPTIONS.providers?.password?.algo?.hash ?? passwordHash,
+            verify: AUTH_OPTIONS.providers?.password?.algo?.verify ?? passwordVerify,
         },
         otp: { enabled: AUTH_OPTIONS.providers?.otp ? true : false },
         verifiedMethod: AUTH_OPTIONS.verifiedMethod ?? 'auto',
@@ -126,6 +133,12 @@ export const getSafeOptions = () => {
             cookieName: AUTH_OPTIONS.session?.COOKIE_NAME ?? 'firstly_auth_session',
         },
         providers: AUTH_OPTIONS.providers,
+        strings: {
+            resetPasswordSend: AUTH_OPTIONS.strings?.resetPasswordSend ?? 'Mail sent ! You can now close this window.',
+            anErrorOccurred: AUTH_OPTIONS.strings?.anErrorOccurred ?? 'An error occurred, contact the administrator.',
+            cannotSignUp: AUTH_OPTIONS.strings?.cannotSignUp ??
+                "You can't signup by yourself! Contact the administrator.",
+        },
     };
 };
 export const authModuleRaw = new Module({

package/esm/auth/server/providers/github.d.ts

@@ -1,5 +1,7 @@
-import { GitHub, OAuth2Tokens } from 'arctic';
-import { type FFOAuth2Provider, type OAuth2UserInfo, type ProviderAuthorizationURLOptions } from '../module';
+import type { OAuth2Tokens } from 'arctic';
+import { GitHub } from 'arctic';
+import type { ProviderAuthorizationURLOptions } from '../../types';
+import { type FFOAuth2Provider, type OAuth2UserInfo } from '../module';
 /**
  * ## GitHub OAuth2 provider
  *

package/esm/auth/server/providers/github.js

@@ -1,7 +1,7 @@
-import { GitHub, OAuth2Tokens } from 'arctic';
+import { GitHub } from 'arctic';
 import { remult } from 'remult';
 import { env } from '$env/dynamic/private';
-import { authModuleRaw, } from '../module';
+import { authModuleRaw } from '../module';
 import { checkOAuthConfig } from './helperProvider';
 //------------------------------
 // For developers (future me ?), To do another OAuth2 provider:

package/esm/auth/static/assets/Page-B0XXxe0N.d.ts

@@ -0,0 +1,6 @@
+export { a as default };
+declare function a(e: any, s: any): any;
+declare namespace a {
+    let ______13017: string;
+    export { ______13017 as __@$@13017 };
+}

package/esm/auth/static/assets/Page-B0XXxe0N.js

@@ -0,0 +1 @@
+import{v as r,x as l,aa as m,J as o,K as d,M as n,O as p,P as u,R as i}from"./index-C9jzxOBu.js";p();a[u]="src/lib/modules/admin/Page.svelte";function a(e,s){r(new.target),l(s,!1,a);var t=m("Hello from admin");return o(e,t),d({...n()})}i(a);export{a as default};

package/esm/auth/static/assets/Page-DdKMiUZn.d.ts

@@ -0,0 +1,6 @@
+export { Q as default };
+declare function Q(n: any, e: any): any;
+declare namespace Q {
+    let ______13017: string;
+    export { ______13017 as __@$@13017 };
+}