firstly 0.0.16-next.2 → 0.1.0-next.3

package/esm/auth/server/handleAuth.js

@@ -1,10 +1,10 @@
-import { redirect } from '@sveltejs/kit';
+import { redirect as redirectKit } from '@sveltejs/kit';
 import { repo } from 'remult';
 import { read } from '@kitql/internals';
 import { FFAuthProvider } from '../Entities';
 import { ff_createSession } from './helperFirstly';
 import { getSafeOptions } from './module';
-export const handleAuth = async ({ event, resolve }) => {
+export const handleAuth = ({ redirect }) => async ({ event, resolve }) => {
     const oSafe = getSafeOptions();
     if (event.url.pathname === oSafe.firstlyData.props.ui?.paths?.verify_email) {
         const token = event.url.searchParams.get('token') ?? '';
@@ -71,6 +71,8 @@ export const handleAuth = async ({ event, resolve }) => {
         const redirectUrl = redirectUrlCookie ?? oSafe.redirectUrl;
         if (!code || !state || !storedState || state !== storedState || !keyState) {
             redirect(302, redirectUrl);
+            // We have to do this because "lib redirect" is not working, so I pass the handle... :(
+            throw 'we cannot arrive here!';
         }
         const selectedOAuth = oSafe.providers?.oAuths?.find((c) => c.name === keyState);
         if (selectedOAuth && code) {
@@ -84,6 +86,7 @@ export const handleAuth = async ({ event, resolve }) => {
             catch (error) {
                 console.error(error);
                 redirect(302, redirectUrl);
+                throw 'we cannot arrive here!';
             }
             if (!info.providerUserId) {
                 redirect(302, redirectUrl);
@@ -103,7 +106,7 @@ export const handleAuth = async ({ event, resolve }) => {
                 let nameToUse = '';
                 for (let i = 0; i < info.nameOptions.length; i++) {
                     const existingUser = await repo(oSafe.User).findOne({
-                        where: { identifier: info.nameOptions[i] },
+                        where: { name: info.nameOptions[i] },
                     });
                     if (existingUser) {
                         // Don't do anything
@@ -117,7 +120,7 @@ export const handleAuth = async ({ event, resolve }) => {
                     nameToUse = `${info.nameOptions[0]}-${info.providerUserId}`;
                 }
                 const user = repo(oSafe.User).create();
-                user.identifier = nameToUse;
+                user.name = nameToUse;
                 await repo(oSafe.User).save(user);
                 account = repo(oSafe.Account).create();
                 account.provider = keyState;
@@ -127,6 +130,7 @@ export const handleAuth = async ({ event, resolve }) => {
             account.lastVerifiedAt = new Date();
             account.token = tokens.accessToken();
             account.metadata = { ...info, tokens_data: tokens.data };
+            account.email = info.emailOptions.length > 0 ? info.emailOptions[0] : undefined;
             await repo(oSafe.Account).save(account);
             await ff_createSession(account.userId);
             event.cookies.delete(`${keyState}_oauth_state`, { path: '/' });

package/esm/auth/server/helperRole.d.ts

@@ -1,6 +1,6 @@
-import type { ClassType } from 'remult';
-import { Log } from '@kitql/helpers';
-import { FFAuthUser } from '../Entities';
+import { type ClassType } from 'remult';
+import type { Log } from '@kitql/helpers';
+import { type FFAuthAccount, type FFAuthUser } from '../Entities';
 /**
  * will merge the roles and remove duplicates
  * will return a new array & a status if the array was changed
@@ -9,4 +9,11 @@ export declare const mergeRoles: (existing: string[], newOnes: string[] | undefi
     roles: string[];
     changed: boolean;
 };
-export declare const initRoleFromEnv: (log: Log, userEntity: ClassType<FFAuthUser>, envKey: string, role: string) => Promise<void>;
+export declare const linkRoleToUsersFromEnv: (o: {
+    log: Log;
+    accountEntity: ClassType<FFAuthAccount>;
+    userEntity: ClassType<FFAuthUser>;
+    envKey: string;
+    envValue: string;
+    roles: string[];
+}) => Promise<void>;

package/esm/auth/server/helperRole.js

@@ -1,7 +1,7 @@
 import { repo } from 'remult';
-import { cyan, green, Log, yellow } from '@kitql/helpers';
-import { env } from '$env/dynamic/private';
-import { FFAuthUser } from '../Entities';
+import { nameify } from '../../formats';
+import { cyan, green, yellow } from '@kitql/helpers';
+import { FFAuthProvider } from '../Entities';
 /**
  * will merge the roles and remove duplicates
  * will return a new array & a status if the array was changed
@@ -17,27 +17,36 @@ export const mergeRoles = (existing, newOnes) => {
     }
     return { roles: Array.from(result), changed };
 };
-export const initRoleFromEnv = async (log, userEntity, envKey, role) => {
-    const envValue = envKey ? env[envKey] : '';
-    const identifiers = envValue === undefined ? [] : (envValue ?? '').split(',').map((c) => c.trim());
-    for (let i = 0; i < identifiers.length; i++) {
-        const identifier = identifiers[i].trim();
-        if (identifier !== '') {
-            let user = await repo(userEntity).findFirst({ identifier });
+export const linkRoleToUsersFromEnv = async (o) => {
+    const { log, accountEntity, userEntity, envKey, envValue, roles } = o;
+    const providersInfo = envValue === undefined
+        ? []
+        : (envValue ?? '')
+            .split(',')
+            .map((c) => c.trim())
+            .filter(Boolean);
+    for (let i = 0; i < providersInfo.length; i++) {
+        const [providerUserId, provider] = providersInfo[i].split('|');
+        let a = await repo(accountEntity).findFirst({ providerUserId });
+        if (!a) {
+            const user = await repo(userEntity).upsert({ where: { roles, name: nameify(providerUserId) } });
+            a = await repo(accountEntity).insert({
+                providerUserId,
+                provider: provider ?? FFAuthProvider.PASSWORD.id,
+                userId: user.id,
+            });
+        }
+        else {
+            let user = await repo(userEntity).findFirst({ id: a.userId });
             if (!user) {
-                user = repo(userEntity).create({ identifier, roles: [role] });
-                await repo(userEntity).save(user);
-            }
-            else {
-                if (!user.roles.includes(role)) {
-                    user.roles.push(role);
-                    await repo(userEntity).save(user);
-                }
+                user = repo(userEntity).create({ id: a.userId, name: nameify(providerUserId) });
             }
+            user.roles = [...new Set([...user.roles, ...roles].sort())];
+            await repo(userEntity).save(user);
         }
     }
-    if (identifiers.length > 0) {
-        log.info(`${cyan(envKey)}: ${identifiers.map((c) => green(c.trim())).join(', ')} added via ${yellow(`.env`)}.`);
+    if (providersInfo.length > 0) {
+        log.info(`${cyan(envKey)}: ${providersInfo.map((c) => green(c.trim())).join(', ')} added via ${yellow(`.env`)}.`);
     }
     else {
         log.info(`${cyan(envKey)}: No users added via ${yellow(`.env`)}.`);

package/esm/auth/server/index.d.ts

@@ -2,6 +2,7 @@ import * as arctic from 'arctic';
 import { handleAuth } from './handleAuth.js';
 import { handleGuard } from './handleGuard.js';
 export { auth, authModuleRaw } from './module';
+export { linkRoleToUsersFromEnv as initRoleFromEnv } from './helperRole';
 export { checkOAuthConfig } from './providers/helperProvider';
 export { github } from './providers/github';
 export { arctic, handleAuth, handleGuard };

package/esm/auth/server/index.js

@@ -2,6 +2,7 @@ import * as arctic from 'arctic';
 import { handleAuth } from './handleAuth.js';
 import { handleGuard } from './handleGuard.js';
 export { auth, authModuleRaw } from './module';
+export { linkRoleToUsersFromEnv as initRoleFromEnv } from './helperRole';
 export { checkOAuthConfig } from './providers/helperProvider';
 export { github } from './providers/github';
 export { arctic, handleAuth, handleGuard };

package/esm/auth/server/module.d.ts

@@ -1,10 +1,9 @@
 import type { OAuth2Tokens } from 'arctic';
 import type { ClassType, UserInfo } from 'remult';
-import { Module } from '../../server';
+import { ModuleFF } from '../../server';
 import type { RecursivePartial } from '../../utils/types';
 import { FFAuthAccount, FFAuthUser, FFAuthUserSession } from '../Entities';
 import type { FirstlyData, FirstlyDataAuth, OAuth2UserInfo, ProviderAuthorizationURLOptions } from '../types';
-import { initRoleFromEnv } from './helperRole';
 export type FFOAuth2Provider<T = any, LitName extends string = string> = {
     name: LitName;
     caption: string;
@@ -23,6 +22,7 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
     ui?: false | RecursivePartial<FirstlyDataAuth['ui']>;
     strings?: {
         resetPasswordSend?: string;
+        resetPasswordUnknownUser?: string;
         anErrorOccurred?: string;
         cannotSignUp?: string;
     };
@@ -54,6 +54,25 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
         email: string;
         url: string;
     }) => Promise<void>;
+    /**
+     * When defining this, you need to return a "manually constructed object" that will be used to send to the client.
+     * This is useful if you want to add some extra properties to the user object.
+     *
+     * @example
+     * ```ts
+     * transformDbUserToClientUser(session, user) {
+     * 	return {
+     * 		id: user.id,
+     * 		name: user.name,
+     * 		image: user.image ?? undefined,
+     * 		session: {
+     * 			id: session.id,
+     * 			expiresAt: session.expiresAt,
+     * 		},
+     * 	}
+     * }
+     * ```
+     */
     transformDbUserToClientUser?: (session: TSessionEntity, user: TUserEntity) => UserInfo;
     providers?: {
         demo?: {
@@ -127,6 +146,7 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
         };
         oAuths?: FFOAuth2Provider[];
     };
+    envRoles_AssignUsers?: Record<string, string>;
 };
 export declare let AUTH_OPTIONS: AuthOptions;
 export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity extends FFAuthUserSession = FFAuthUserSession, TAccountEntity extends FFAuthAccount = FFAuthAccount>() => {
@@ -229,6 +249,7 @@ export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUse
     } | undefined;
     strings: {
         resetPasswordSend: string;
+        resetPasswordUnknownUser: string;
         anErrorOccurred: string;
         cannotSignUp: string;
     };
@@ -260,14 +281,14 @@ export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUse
         };
         readonly customHtmlHead: string;
     } | undefined;
+    envRoles_AssignUsers: Record<string, string>;
 };
-export declare const authModuleRaw: Module;
+export declare const authModuleRaw: ModuleFF;
 /**
  * To enable authentication in your app in a few lines of code.
  * _Info: index: -777_
  */
-export declare const auth: <TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity extends FFAuthUserSession = FFAuthUserSession, TAccountEntity extends FFAuthAccount = FFAuthAccount>(o: AuthOptions<TUserEntity, TSessionEntity, TAccountEntity>) => Module;
-export { initRoleFromEnv };
+export declare const auth: <TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity extends FFAuthUserSession = FFAuthUserSession, TAccountEntity extends FFAuthAccount = FFAuthAccount>(o: AuthOptions<TUserEntity, TSessionEntity, TAccountEntity>) => ModuleFF;
 declare module 'remult' {
     interface UserInfo {
         session: {
@@ -276,3 +297,4 @@ declare module 'remult' {
         };
     }
 }
+export {};

package/esm/auth/server/module.js

@@ -1,16 +1,16 @@
 import bcrypt from 'bcryptjs';
 import { EntityError, remult } from 'remult';
-import { red } from '@kitql/helpers';
+import { red, yellow } from '@kitql/helpers';
 import { getRelativePackagePath } from '@kitql/internals';
+import { env } from '$env/dynamic/private';
 import { building } from '$app/environment';
 import { AuthController } from '..';
-import { FF_Role } from '../..';
-import { Module } from '../../server';
-import { FF_Role_Auth, FFAuthAccount, FFAuthUser, FFAuthUserSession } from '../Entities';
+import { ModuleFF } from '../../server';
+import { FFAuthAccount, FFAuthUser, FFAuthUserSession } from '../Entities';
 import { AuthControllerServer } from './AuthController.server';
 import { validateSessionToken } from './helperDb';
 import { setSessionTokenCookie } from './helperRemultServer';
-import { initRoleFromEnv } from './helperRole';
+import { linkRoleToUsersFromEnv } from './helperRole';
 export let AUTH_OPTIONS = { ui: {} };
 const buildUrlOrDefault = (base, userSetting, fallback) => {
     if (userSetting === false) {
@@ -103,7 +103,7 @@ export const getSafeOptions = () => {
         transformDbUserToClientUserToUse = (session, user) => {
             return {
                 id: user.id,
-                name: user.identifier,
+                name: user.name,
                 roles: user.roles,
                 session: {
                     id: session.id,
@@ -153,14 +153,17 @@ export const getSafeOptions = () => {
         providers: AUTH_OPTIONS.providers,
         strings: {
             resetPasswordSend: AUTH_OPTIONS.strings?.resetPasswordSend ?? 'Mail sent ! You can now close this window.',
+            resetPasswordUnknownUser: AUTH_OPTIONS.strings?.resetPasswordUnknownUser ??
+                'If your email is registered, you will receive an email with a link to reset your password.',
             anErrorOccurred: AUTH_OPTIONS.strings?.anErrorOccurred ?? 'An error occurred, contact the administrator.',
             cannotSignUp: AUTH_OPTIONS.strings?.cannotSignUp ??
                 "You can't signup by yourself! Contact the administrator.",
         },
         ui,
+        envRoles_AssignUsers: AUTH_OPTIONS.envRoles_AssignUsers ?? {},
     };
 };
-export const authModuleRaw = new Module({
+export const authModuleRaw = new ModuleFF({
     name: 'auth',
     priority: -777,
 });
@@ -208,9 +211,20 @@ export const auth = (o) => {
         }
     };
     authModuleRaw.initApi = async () => {
-        await initRoleFromEnv(authModuleRaw.log, oSafe.User, 'FF_ROLE_ADMIN', FF_Role.FF_Role_Admin);
-        await initRoleFromEnv(authModuleRaw.log, oSafe.User, 'FF_ROLE_AUTH_ADMIN', FF_Role_Auth.FF_Role_Auth_Admin);
+        const oSafe = getSafeOptions();
+        for (const [key, value] of Object.entries(oSafe.envRoles_AssignUsers)) {
+            await linkRoleToUsersFromEnv({
+                log: authModuleRaw.log,
+                accountEntity: oSafe.Account,
+                userEntity: oSafe.User,
+                envKey: key.toUpperCase(),
+                envValue: env[key.toUpperCase()] ?? '',
+                roles: [value],
+            });
+        }
+        if (Object.entries(oSafe.envRoles_AssignUsers).length === 0 && AUTH_OPTIONS.debug) {
+            authModuleRaw.log.info(`set ${yellow('auth: { linkRoleToUsersFromEnv: ... }')} to assign roles to users via ${yellow('.env')}.`);
+        }
     };
     return authModuleRaw;
 };
-export { initRoleFromEnv };

package/esm/auth/server/providers/github.js

@@ -59,18 +59,29 @@ export function github(options) {
                     },
                 });
                 const user = await res.json();
-                if ((options?.authorizationURLOptions ?? []).includes('user:email')) {
+                const nameOptions = [user.login];
+                const emailOptions = [];
+                if ((options?.authorizationURLOptions ?? ['user:email']).includes('user:email')) {
                     const res = await fetch('https://api.github.com/user/emails', {
                         headers: {
                             Authorization: `Bearer ${tokens.accessToken()}`,
                         },
                     });
                     user.emails = await res.json();
+                    if (Array.isArray(user.emails)) {
+                        const primaryEmails = user.emails.filter((email) => email.primary === true);
+                        primaryEmails.forEach((email) => {
+                            if (email.email) {
+                                nameOptions.unshift(email.email);
+                                emailOptions.unshift(email.email);
+                            }
+                        });
+                    }
                 }
                 if (options?.log) {
                     authModuleRaw.log.info(`user`, user);
                 }
-                return { raw: user, providerUserId: String(user.id), nameOptions: [user.login] };
+                return { raw: user, providerUserId: String(user.id), nameOptions, emailOptions };
             },
     };
 }

package/esm/auth/static/assets/Page-BHW08QWz.css

@@ -0,0 +1 @@
+.oauth-container.svelte-1dwkktf{display:flex;flex-direction:column;gap:.5rem}.oauth-button-icon.svelte-1dwkktf{width:1.25rem;height:1.25rem}.oauth-button.svelte-1dwkktf{display:flex;align-items:center;justify-content:center;gap:.5rem;padding:.5rem 1rem;font-size:.875rem;font-weight:500}form.svelte-skcj83{display:flex;flex-direction:column}h1.svelte-1jjivcr{text-align:center;margin-bottom:2rem}.wrapper.svelte-1jjivcr{min-height:100vh;display:flex;justify-content:center;align-items:center;margin:0 auto}.centered-layout.svelte-1jjivcr{display:flex;justify-content:center;align-items:center;width:100%}.split-layout.svelte-1jjivcr{display:flex;width:100%;min-height:100vh}.form-side.svelte-1jjivcr{width:50%;display:flex;justify-content:center;align-items:center}.image-side.svelte-1jjivcr{width:50%;height:100vh;overflow:hidden}.image-side.svelte-1jjivcr img:where(.svelte-1jjivcr){width:100%;height:100%;object-fit:cover}.form.svelte-1jjivcr{max-width:360px;width:100%;padding:1rem;display:flex;flex-direction:column}.form-footer.svelte-1jjivcr{margin-top:1rem;display:flex;flex-direction:column;justify-content:center;align-items:center}.fallback.svelte-1jjivcr{display:flex;justify-content:center;align-items:center}@media (max-width: 768px){.split-layout.svelte-1jjivcr{flex-direction:column}.form-side.svelte-1jjivcr{width:100%;order:2}.image-side.svelte-1jjivcr{width:100%;height:50vh;order:1}.form.svelte-1jjivcr{max-width:100%}}

package/esm/auth/static/assets/{Page-BorYIfy9.d.ts → Page-CTZPxniP.d.ts}

@@ -1,6 +1,6 @@
 export { a as default };
 declare function a(e: any, s: any): any;
 declare namespace a {
-    let ____A_17224: string;
-    export { ____A_17224 as __@A@17224 };
+    let ____A_17405: string;
+    export { ____A_17405 as __@A@17405 };
 }

package/esm/auth/static/assets/Page-CTZPxniP.js

@@ -0,0 +1 @@
+import{D as r,E as l,ak as m,S as o,T as d,U as n,V as p,W as u,Y as i}from"./index-LRDptjak.js";p();a[u]="src/lib/modules/admin/Page.svelte";function a(e,s){r(new.target),l(s,!1,a);var t=m("Hello from admin");return o(e,t),d({...n()})}i(a);export{a as default};

package/esm/auth/static/assets/{Page-CqsLm8yQ.d.ts → Page-D0d9iZO-.d.ts}

@@ -1,6 +1,6 @@
 export { a as default };
 declare function a(e: any, s: any): any;
 declare namespace a {
-    let ____A_17224: string;
-    export { ____A_17224 as __@A@17224 };
+    let ____A_17405: string;
+    export { ____A_17405 as __@A@17405 };
 }

package/esm/auth/static/assets/{Page-CqsLm8yQ.js → Page-D0d9iZO-.js}

@@ -1 +1 @@
-import{D as r,E as l,am as o,S as m,T as p,U as u,V as d,W as f,Y as g}from"./index-Borxa2ns.js";d();a[f]="src/lib/modules/storage/Page.svelte";function a(e,s){r(new.target),l(s,!1,a);var t=o("Hello from files");return m(e,t),p({...u()})}g(a);export{a as default};
+import{D as r,E as l,ak as o,S as m,T as p,U as u,V as d,W as f,Y as g}from"./index-LRDptjak.js";d();a[f]="src/lib/modules/storage/Page.svelte";function a(e,s){r(new.target),l(s,!1,a);var t=o("Hello from files");return m(e,t),p({...u()})}g(a);export{a as default};

package/esm/auth/static/assets/{Page-Cm4MsdIa.d.ts → Page-DXshwJi7.d.ts}

@@ -1,6 +1,6 @@
 export { re as default };
 declare function re(n: any, e: any): any;
 declare namespace re {
-    let ____A_17224: string;
-    export { ____A_17224 as __@A@17224 };
+    let ____A_17405: string;
+    export { ____A_17405 as __@A@17405 };
 }