firstly 0.0.7 → 0.0.9

package/esm/auth/helper.js

@@ -1,7 +1,14 @@
 import { remult } from 'remult';
 import { lucia } from '.';
-export async function createSession(userId) {
-    const session = await lucia.createSession(userId, {});
-    const sessionCookie = lucia.createSessionCookie(session.id);
-    remult.context.setCookie(sessionCookie.name, sessionCookie.value, { path: '/' });
+/**
+ * Create or extend a session for a user.
+ * If you pass a session, it will extend it.
+ */
+export async function createOrExtendSession(userId, session) {
+    const sessionToUser = session ? session : await lucia.createSession(userId, {});
+    const sessionCookie = lucia.createSessionCookie(sessionToUser.id);
+    remult.context.setCookie(sessionCookie.name, sessionCookie.value, {
+        path: '/',
+        ...sessionCookie.attributes,
+    });
 }

package/esm/auth/index.d.ts

@@ -1,21 +1,18 @@
 import type { OAuth2Provider as ArcticOAuth2Provider, OAuth2ProviderWithPKCE as ArcticOAuth2ProviderWithPKCE } from 'arctic';
 import { Lucia, type SessionCookieOptions } from 'lucia';
 import type { ClassType, UserInfo } from 'remult';
-import { Log } from '@kitql/helpers';
 import type { Module } from '../api';
 import type { RecursivePartial, ResolvedType } from '../utils/types';
-import { FFAuthAccount, FFAuthProvider, FFAuthUser, FFAuthUserSession } from './Entities';
+import { FFAuthAccount, FFAuthUser, FFAuthUserSession } from './client/Entities';
+import { initRoleFromEnv } from './RoleHelpers';
 import type { firstlyData, firstlyDataAuth } from './types';
 export type { firstlyData };
-export { FFAuthUser, FFAuthAccount, FFAuthProvider, FFAuthUserSession };
 export type AuthorizationURLOptions = Record<string, {
     scopes?: string[];
 }>;
 export type DynamicAuthorizationURLOptions<T extends FFOAuth2Provider[] = FFOAuth2Provider[]> = T extends Array<infer O> ? O extends FFOAuth2Provider ? {
     [P in O['name']]: ReturnType<O['authorizationURLOptions']>;
 } : never : never;
-export declare const logAuth: Log;
-export { FF_Auth_Role } from './Entities';
 type OAuth2UserInfo = {
     raw?: any;
     providerUserId: string;
@@ -37,7 +34,9 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
     };
     debug?: boolean;
     ui?: false | RecursivePartial<firstlyDataAuth['ui']>;
-    /** in secondes @default 15 days */
+    /** Usefull to overwrite where the static files are */
+    uiStaticPath?: string;
+    /** in secondes @default 30 days */
     sessionExpiresIn?: number;
     sessionCookie?: SessionCookieOptions;
     defaultRedirect?: string;
@@ -61,6 +60,7 @@ type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity ext
         email: string;
         url: string;
     }) => Promise<void>;
+    transformDbUserToClientUser?: (session: any, user: TUserEntity) => DatabaseUserAttributes;
     providers?: {
         demo?: {
             name: string;
@@ -122,13 +122,16 @@ export declare const getSafeOptions: () => {
     verifiedMethod: "email" | "auto" | "manual";
     redirectUrl: string;
     firstlyData: firstlyData;
+    transformDbUserToClientUser: (session: any, user: FFAuthUser) => DatabaseUserAttributes;
+    uiStaticPath: string;
 };
 /**
  * To enable authentication in your app in a few lines of code.
  * _Info: index: -777_
  */
 export declare const auth: (o: AuthOptions) => Module;
-export declare const lucia: Lucia<Record<any, any>, UserInfo>;
+export { initRoleFromEnv };
+export declare let lucia: Lucia<Record<any, any>, UserInfo>;
 declare module 'lucia' {
     interface Register {
         Lucia: typeof lucia;
@@ -138,10 +141,7 @@ declare module 'lucia' {
     interface DatabaseSessionAttributes {
     }
 }
-interface DatabaseUserAttributes {
-    id: string;
-    name: string;
-    roles: string[];
+interface DatabaseUserAttributes extends UserInfo {
     session: {
         id: string;
         expiresAt: Date;

package/esm/auth/index.js

@@ -2,33 +2,28 @@ import { redirect } from '@sveltejs/kit';
 import { DEV } from 'esm-env';
 import { Lucia, TimeSpan } from 'lucia';
 import { remult } from 'remult';
-import { Log, red } from '@kitql/helpers';
+import { red } from '@kitql/helpers';
 import { getRelativePackagePath, read } from '@kitql/internals';
-import { env } from '$env/dynamic/private';
 import { FF_Role } from '../';
 import { RemultLuciaAdapter } from './Adapter';
 import { AuthControllerServer } from './AuthController.server';
-import { Auth } from './client';
-import { FF_Auth_Role, FFAuthAccount, FFAuthProvider, FFAuthUser, FFAuthUserSession, } from './Entities';
-import { createSession } from './helper';
+import { Auth, logAuth } from './client';
+import { FF_Role_Auth, FFAuthAccount, FFAuthProvider, FFAuthUser, FFAuthUserSession, } from './client/Entities';
+import { createOrExtendSession } from './helper';
 import { initRoleFromEnv } from './RoleHelpers';
-export { FFAuthUser, FFAuthAccount, FFAuthProvider, FFAuthUserSession };
-export const logAuth = new Log('firstly | auth');
-export { FF_Auth_Role } from './Entities';
 export let AUTH_OPTIONS = { ui: {} };
 const buildUrlOrDefault = (base, userSetting, fallback) => {
-    if (userSetting) {
-        return `${base}/${userSetting}`;
+    if (userSetting === false) {
+        return false;
     }
-    return `${base}/${fallback}`;
+    if (userSetting === undefined) {
+        return `${base}/${fallback}`;
+    }
+    return `${base}/${userSetting}`;
 };
 export const getSafeOptions = () => {
     const signUp = AUTH_OPTIONS.signUp ?? true;
-    const base = AUTH_OPTIONS.ui === false ? 'NO_BASE_PATH' : AUTH_OPTIONS.ui?.paths?.base ?? '/ff/auth';
-    // const oAuths =
-    //   AUTH_OPTIONS.providers?.oAuths?.map((o) => {
-    //     return o.name
-    //   }) ?? []
+    const base = AUTH_OPTIONS.ui === false ? 'NO_BASE_PATH' : (AUTH_OPTIONS.ui?.paths?.base ?? '/ff/auth');
     const firstlyData = {
         module: 'auth',
         debug: AUTH_OPTIONS.debug,
@@ -48,6 +43,8 @@ export const getSafeOptions = () => {
                         email: AUTH_OPTIONS.ui?.strings?.email ?? 'Email',
                         email_placeholder: AUTH_OPTIONS.ui?.strings?.email_placeholder ?? 'Your email address',
                         password: AUTH_OPTIONS.ui?.strings?.password ?? 'Password',
+                        confirm: AUTH_OPTIONS.ui?.strings?.confirm ?? 'Confirm',
+                        reset: AUTH_OPTIONS.ui?.strings?.reset ?? 'Reset',
                         btn_sign_up: AUTH_OPTIONS.ui?.strings?.btn_sign_up ?? 'Sign up',
                         btn_sign_in: AUTH_OPTIONS.ui?.strings?.btn_sign_in ?? 'Sign in',
                         forgot_password: AUTH_OPTIONS.ui?.strings?.forgot_password ?? 'Forgot your password?',
@@ -58,11 +55,45 @@ export const getSafeOptions = () => {
                 },
         },
     };
+    let uiStaticPath = AUTH_OPTIONS.uiStaticPath ?? '';
+    if (!AUTH_OPTIONS.uiStaticPath) {
+        const installedFirstlyPath = getRelativePackagePath('firstly');
+        if (installedFirstlyPath) {
+            uiStaticPath = `${installedFirstlyPath}/esm/auth/static/`;
+        }
+    }
     let redirectUrl = AUTH_OPTIONS.defaultRedirect ?? '/';
     if (!redirectUrl.startsWith('/')) {
         logAuth.error(`Invalid redirect url ${red(redirectUrl)} (it should be a local one starting with /)`);
         redirectUrl = '/';
     }
+    let transformDbUserToClientUserToUse;
+    if (AUTH_OPTIONS.transformDbUserToClientUser) {
+        transformDbUserToClientUserToUse = AUTH_OPTIONS.transformDbUserToClientUser;
+    }
+    else {
+        // Need in src/app.d.ts this code to be able to have the correct transformDbUserToClientUser returned type.
+        // In the lib, let's force to this default
+        /**
+         * declare module 'remult' {
+         *   export interface UserInfo {
+         *     specificThing: string
+         *   }
+         * }
+         */
+        // @ts-ignore
+        transformDbUserToClientUserToUse = (session, user) => {
+            return {
+                id: user.id,
+                name: user.identifier,
+                roles: user.roles,
+                session: {
+                    id: session.id,
+                    expiresAt: session.expiresAt,
+                },
+            };
+        };
+    }
     return {
         User: AUTH_OPTIONS.customEntities?.User ?? FFAuthUser,
         Session: AUTH_OPTIONS.customEntities?.Session ?? FFAuthUserSession,
@@ -73,6 +104,8 @@ export const getSafeOptions = () => {
         verifiedMethod: AUTH_OPTIONS.verifiedMethod ?? 'auto',
         redirectUrl,
         firstlyData,
+        transformDbUserToClientUser: transformDbUserToClientUserToUse,
+        uiStaticPath,
     };
 };
 /**
@@ -93,30 +126,51 @@ export const auth = (o) => {
     Auth.signInOTPFn = AuthControllerServer.signInOTP;
     Auth.verifyOtpFn = AuthControllerServer.verifyOtp;
     Auth.signInOAuthGetUrlFn = AuthControllerServer.signInOAuthGetUrl;
+    const adapter = new RemultLuciaAdapter();
+    const defaultExpiresIn = 60 * 60 * 24 * 30; // 30 days
+    const sessionExpiresIn = new TimeSpan(AUTH_OPTIONS.sessionExpiresIn ?? defaultExpiresIn, 's');
+    lucia = new Lucia(adapter, {
+        sessionExpiresIn,
+        sessionCookie: {
+            name: AUTH_OPTIONS.sessionCookie?.name ?? 'firstly_auth_session',
+            expires: AUTH_OPTIONS.sessionCookie?.expires,
+            attributes: {
+                // set to `true` when using HTTPS
+                secure: !DEV,
+                ...AUTH_OPTIONS.sessionCookie?.attributes,
+            },
+        },
+        getSessionAttributes: (attributes) => attributes,
+        getUserAttributes: (attributes) => attributes,
+    });
     return {
         name: 'auth',
         index: -777,
         entities: [oSafe.User, oSafe.Session, oSafe.Account],
         controllers: [Auth],
         initRequest: async (event) => {
-            // std session
-            const sessionId = event.cookies.get(lucia.sessionCookieName);
-            if (sessionId) {
-                const { session, user } = await lucia.validateSession(sessionId);
-                if (session && session.fresh) {
-                    const sessionCookie = lucia.createSessionCookie(session.id);
-                    event.cookies.set(sessionCookie.name, sessionCookie.value, {
-                        path: '/',
-                        ...sessionCookie.attributes,
-                    });
+            // REMULT: storing user in local should probably be done in remult directly
+            if (event?.locals?.user) {
+                // console.log('initRequest OK')
+                remult.user = event.locals.user;
+            }
+            else {
+                // console.log('initRequest WORK...')
+                // std session
+                const sessionId = event.cookies.get(lucia.sessionCookieName);
+                if (sessionId) {
+                    const { session, user } = await lucia.validateSession(sessionId);
+                    if (session && session.fresh) {
+                        await createOrExtendSession(session.id, session);
+                    }
+                    remult.user = user ?? undefined;
+                    if (event.locals) {
+                        event.locals.user = user ?? undefined;
+                    }
                 }
-                remult.user = user ?? undefined;
             }
         },
         earlyReturn: async ({ event, resolve }) => {
-            // if (AUTH_OPTIONS.ui === false) {
-            //   return { early: false }
-            // }
             const oSafe = getSafeOptions();
             if (event.url.pathname === oSafe.firstlyData.props.ui?.paths?.verify_email) {
                 const token = event.url.searchParams.get('token') ?? '';
@@ -138,19 +192,12 @@ export const auth = (o) => {
                 account.expiresAt = undefined;
                 account.lastVerifiedAt = new Date();
                 await remult.repo(oSafe.Account).save(account);
-                await createSession(account.userId);
+                await createOrExtendSession(account.userId);
                 redirect(302, oSafe.redirectUrl);
             }
-            // For lib author (us), it's good to have this local path.
-            let staticPath = './src/lib/auth/static/';
-            // For users, let's serve the static files from the installed package
-            const installedFirstlyPath = getRelativePackagePath('firstly');
-            if (installedFirstlyPath) {
-                staticPath = `${installedFirstlyPath}/esm/auth/static/`;
-            }
             if (oSafe.firstlyData.props.ui?.paths?.base &&
                 event.url.pathname.startsWith(oSafe.firstlyData.props.ui.paths.base)) {
-                const content = read(`${staticPath}index.html`);
+                const content = read(`${oSafe.uiStaticPath}index.html`);
                 return {
                     early: true,
                     resolve: new Response(content + `<script>const firstlyData = ${JSON.stringify(oSafe.firstlyData)}</script>`, {
@@ -159,7 +206,7 @@ export const auth = (o) => {
                 };
             }
             if (event.url.pathname.startsWith('/api/static')) {
-                const content = read(`${staticPath}${event.url.pathname.replaceAll('/api/static/', '')}`);
+                const content = read(`${oSafe.uiStaticPath}${event.url.pathname.replaceAll('/api/static/', '')}`);
                 if (content) {
                     const seg = event.url.pathname.split('.');
                     const map = {
@@ -250,7 +297,7 @@ export const auth = (o) => {
                         account.token = tokens.accessToken;
                         await remult.repo(oSafe.Account).save(account);
                     }
-                    await createSession(account.userId);
+                    await createOrExtendSession(account.userId);
                     event.cookies.delete(`${keyState}_oauth_state`, { path: '/' });
                     event.cookies.delete(`code_verifier`, { path: '/' });
                 }
@@ -259,43 +306,11 @@ export const auth = (o) => {
             return { early: false };
         },
         initApi: async () => {
-            await initRoleFromEnv(logAuth, oSafe.User, env.FF_ADMIN, FF_Role.Admin);
-            await initRoleFromEnv(logAuth, oSafe.User, env.FF_AUTH_ADMIN, FF_Auth_Role.Admin);
+            await initRoleFromEnv(logAuth, oSafe.User, 'FF_ROLE_ADMIN', FF_Role.Admin);
+            await initRoleFromEnv(logAuth, oSafe.User, 'FF_ROLE_AUTH_ADMIN', FF_Role_Auth.Admin);
         },
     };
 };
-const adapter = new RemultLuciaAdapter();
-const defaultExpiresIn = 60 * 60 * 24 * 15; // 15 days
-export const lucia = new Lucia(adapter, {
-    sessionExpiresIn: new TimeSpan(AUTH_OPTIONS.sessionExpiresIn ?? defaultExpiresIn, 's'),
-    sessionCookie: {
-        name: AUTH_OPTIONS.sessionCookie?.name ?? 'remult_auth_session',
-        expires: AUTH_OPTIONS.sessionCookie?.expires,
-        attributes: {
-            // set to `true` when using HTTPS
-            secure: !DEV,
-            ...AUTH_OPTIONS.sessionCookie?.attributes,
-        },
-    },
-    getSessionAttributes: (attributes) => {
-        return {
-            ...attributes,
-        };
-    },
-    getUserAttributes(attributes) {
-        // @ts-expect-error
-        delete attributes['createdAt'];
-        // @ts-expect-error
-        delete attributes['updatedAt'];
-        // to remove relations
-        for (const key in attributes) {
-            if (attributes[key] === undefined) {
-                delete attributes[key];
-            }
-        }
-        return attributes;
-        // return {
-        // 	...attributes,
-        // }
-    },
-});
+export { initRoleFromEnv };
+// Maybe moving this to /auth/server.ts would be better, people will be able to import from firstly all the time
+export let lucia;

package/esm/auth/providers/github.js

@@ -2,7 +2,8 @@ import { GitHub } from 'arctic';
 import { remult } from 'remult';
 import { env } from '$env/dynamic/private';
 import { checkOAuthConfig } from '.';
-import { logAuth } from '../';
+import {} from '../';
+import { logAuth } from '../client';
 //------------------------------
 // For developers (future me ?), To do another OAuth2 provider:
 // Replace GITHUB / Github / github

package/esm/auth/providers/index.js

@@ -1,6 +1,6 @@
 import { cyan, gray, green, italic, yellow } from '@kitql/helpers';
-import { logAuth } from '..';
 import { mask } from '../../formats/strings';
+import { logAuth } from '../client';
 export const checkOAuthConfig = (name, clientId, secret, urlForKeys, withThrow) => {
     if (!clientId || !secret) {
         const msg = `Wrong configuration for ${green(name)} provider.

package/esm/auth/providers/strava.js

@@ -2,7 +2,8 @@ import { Strava } from 'arctic';
 import { remult } from 'remult';
 import { env } from '$env/dynamic/private';
 import { checkOAuthConfig } from '.';
-import { logAuth } from '../';
+import {} from '../';
+import { logAuth } from '../client';
 /**
  * ## Strava OAuth2 provider
  *

package/esm/auth/static/assets/{Page-RIbXHuZG.d.ts → Page-BEFYPjis.d.ts}

@@ -1,4 +1,4 @@
 export { v as default };
 declare class v extends l {
 }
-import { S as l } from "./index-qfq98Nyd.js";
+import { S as l } from "./index-QypqCYwC.js";

package/esm/auth/static/assets/{Page-RIbXHuZG.js → Page-BEFYPjis.js}

@@ -1 +1 @@
-import{S as l,b as d,a as f,d as i,h as m,M as p,t as u,n as r,z as h}from"./index-qfq98Nyd.js";function c(s){let e;const n={c:function(){e=p("Hello from admin")},l:function(t){throw new Error("options.hydrate only works if the component was compiled with the `hydratable: true` option")},m:function(t,o){u(t,e,o)},p:r,i:r,o:r,d:function(t){t&&h(e)}};return i("SvelteRegisterBlock",{block:n,id:c.name,type:"component",source:"",ctx:s}),n}function w(s,e){let{$$slots:n={},$$scope:a}=e;m("Page",n,[]);const t=[];return Object.keys(e).forEach(o=>{!~t.indexOf(o)&&o.slice(0,2)!=="$$"&&o!=="slot"&&console.warn(`<Page> was created with unknown prop '${o}'`)}),[]}class v extends l{constructor(e){super(e),d(this,e,w,c,f,{}),i("SvelteRegisterComponent",{component:this,tagName:"Page",options:e,id:c.name})}}export{v as default};
+import{S as l,b as d,a as f,d as i,h as m,M as p,t as u,n as r,z as h}from"./index-QypqCYwC.js";function c(s){let e;const n={c:function(){e=p("Hello from admin")},l:function(t){throw new Error("options.hydrate only works if the component was compiled with the `hydratable: true` option")},m:function(t,o){u(t,e,o)},p:r,i:r,o:r,d:function(t){t&&h(e)}};return i("SvelteRegisterBlock",{block:n,id:c.name,type:"component",source:"",ctx:s}),n}function w(s,e){let{$$slots:n={},$$scope:a}=e;m("Page",n,[]);const t=[];return Object.keys(e).forEach(o=>{!~t.indexOf(o)&&o.slice(0,2)!=="$$"&&o!=="slot"&&console.warn(`<Page> was created with unknown prop '${o}'`)}),[]}class v extends l{constructor(e){super(e),d(this,e,w,c,f,{}),i("SvelteRegisterComponent",{component:this,tagName:"Page",options:e,id:c.name})}}export{v as default};

package/esm/auth/static/assets/Page-Cfysx_UV.d.ts

@@ -0,0 +1,6 @@
+export { Ca as default };
+declare class Ca extends Ye {
+    set firstlyData(e: void);
+    get firstlyData(): void;
+}
+import { S as Ye } from "./index-QypqCYwC.js";