firstly 0.2.1 → 0.4.0

package/esm/auth/server/handleGuard.js

@@ -1,34 +0,0 @@
-import {} from '@sveltejs/kit';
-import { remult } from 'remult';
-function pathMatchesPattern(path, pattern) {
-    // Convert the pattern to a regex
-    const regexPattern = pattern.replace(/\//g, '\\/').replace(/\*/g, '.*');
-    const regex = new RegExp(`^${regexPattern}$`);
-    return regex.test(path);
-}
-function pathMatchesAnyPattern(path, patterns) {
-    return patterns.some((pattern) => pathMatchesPattern(path, pattern.path));
-}
-/**
- * Creates a handle function with the provided route guard configuration
- */
-export function handleGuard(config) {
-    return async ({ event, resolve }) => {
-        const pathname = event.url.pathname;
-        const isAuthenticated = !!remult.user;
-        const isAuthenticatedRoute = pathMatchesAnyPattern(pathname, config.guard);
-        // If user is not authenticated and tries to access an authenticated route
-        if (!isAuthenticated && isAuthenticatedRoute) {
-            // Redirect to login with the current URL as the redirect target
-            // Only redirect if we're not already on the login page
-            const isLoginPage = pathname === config.login || pathname === config.login.replace(/\/$/, '');
-            if (!isLoginPage) {
-                const encodedReturnUrl = encodeURIComponent(pathname + event.url.search);
-                const separator = config.login.includes('?') ? '&' : '?';
-                const loginUrl = `${config.login}${separator}redirect=${encodedReturnUrl}`;
-                config.redirect(302, loginUrl);
-            }
-        }
-        return resolve(event);
-    };
-}

package/esm/auth/server/helperDb.d.ts

@@ -1,10 +0,0 @@
-import { type UserInfo } from 'remult';
-export declare function createSession(token: string, userId: string): Promise<import("..").FFAuthUserSession>;
-export declare function validateSessionToken(token: string): Promise<{
-    user: UserInfo | undefined;
-    freshSession: {
-        sessionToken: string;
-        expiresAt: Date;
-    } | undefined;
-}>;
-export declare function invalidateSession(sessionId: string): Promise<void>;

package/esm/auth/server/helperDb.js

@@ -1,56 +0,0 @@
-import { repo } from 'remult';
-import { encodeToken } from './helperOslo';
-import { getSafeOptions } from './module';
-export async function createSession(token, userId) {
-    const sessionId = encodeToken(token);
-    const oSafe = getSafeOptions();
-    const session = await repo(oSafe.Session).insert({
-        id: sessionId,
-        userId,
-        expiresAt: new Date(Date.now() + oSafe.session.expiresInMs),
-    });
-    return session;
-}
-export async function validateSessionToken(token) {
-    const sessionId = encodeToken(token);
-    const oSafe = getSafeOptions();
-    const sessionDb = await repo(oSafe.Session).findId(sessionId);
-    if (!sessionDb) {
-        return { user: undefined, freshSession: undefined };
-    }
-    // TODO TRANSFORM
-    const session = {
-        //
-        id: sessionDb.id,
-        userId: sessionDb.userId,
-        expiresAt: sessionDb.expiresAt,
-    };
-    // TODO: Why I can't do 1 query ?!
-    const userDb = await repo(oSafe.User).findId(sessionDb.userId);
-    if (!userDb) {
-        await invalidateSession(sessionId);
-        return { user: undefined, freshSession: undefined };
-    }
-    const user = oSafe.transformDbUserToClientUser(sessionDb, userDb);
-    const sessionExpired = Date.now() >= session.expiresAt.getTime();
-    if (sessionExpired) {
-        await repo(oSafe.Session).delete(sessionId);
-        return { user: undefined, freshSession: undefined };
-    }
-    // To not renew non stop... Let's wait 10% of the session expires
-    const renewSession = Date.now() >= session.expiresAt.getTime() - oSafe.session.expiresInMs * 0.9;
-    if (renewSession) {
-        session.expiresAt = new Date(Date.now() + oSafe.session.expiresInMs);
-        await repo(oSafe.Session).update(sessionId, { expiresAt: session.expiresAt });
-        return { user, freshSession: { sessionToken: token, expiresAt: session.expiresAt } };
-    }
-    return { user, freshSession: undefined };
-}
-export async function invalidateSession(sessionId) {
-    const oSafe = getSafeOptions();
-    try {
-        // silent error. If the session is already deleted, it will throw an error
-        await repo(oSafe.Session).delete(sessionId);
-    }
-    catch (error) { }
-}

package/esm/auth/server/helperFirstly.d.ts

@@ -1 +0,0 @@
-export declare const ff_createSession: (userId: string) => Promise<import("..").FFAuthUserSession>;

package/esm/auth/server/helperFirstly.js

@@ -1,9 +0,0 @@
-import { createSession } from './helperDb';
-import { generateToken } from './helperOslo';
-import { setSessionTokenCookie } from './helperRemultServer';
-export const ff_createSession = async (userId) => {
-    const token = generateToken();
-    const session = await createSession(token, userId);
-    setSessionTokenCookie(token, session.expiresAt);
-    return session;
-};

package/esm/auth/server/helperOslo.d.ts

@@ -1,7 +0,0 @@
-export declare function generateId(): string;
-export declare function generateToken(): string;
-export declare function encodeToken(token: string): string;
-export declare function generateAndEncodeToken(): string;
-export declare function createDate(timeSpan_seconds: number, options?: {
-    from?: Date;
-}): Date;

package/esm/auth/server/helperOslo.js

@@ -1,24 +0,0 @@
-import { sha256 } from '@oslojs/crypto/sha2';
-import { encodeBase32LowerCase, encodeBase64url, encodeHexLowerCase } from '@oslojs/encoding';
-export function generateId() {
-    // ID with 120 bits of entropy, or about the same as UUID v4.
-    const bytes = crypto.getRandomValues(new Uint8Array(15));
-    const id = encodeBase32LowerCase(bytes);
-    return id;
-}
-export function generateToken() {
-    const bytes = crypto.getRandomValues(new Uint8Array(18));
-    const token = encodeBase64url(bytes);
-    return token;
-}
-export function encodeToken(token) {
-    const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-    return sessionId;
-}
-export function generateAndEncodeToken() {
-    return encodeToken(generateToken());
-}
-export function createDate(timeSpan_seconds, options) {
-    const from = options?.from ?? new Date();
-    return new Date(from.getTime() + timeSpan_seconds * 1000);
-}

package/esm/auth/server/helperRemultServer.d.ts

@@ -1,5 +0,0 @@
-export declare function setSessionTokenCookie(token: string, expiresAt: Date): void;
-export declare function deleteSessionTokenCookie(): void;
-export declare function setCodeVerifierCookie(codeVerifier: string): void;
-export declare function setOAuthStateCookie(provider: string, state: string): void;
-export declare function setRedirectCookie(redirect: string): void;

package/esm/auth/server/helperRemultServer.js

@@ -1,44 +0,0 @@
-import { DEV } from 'esm-env';
-import { remult } from 'remult';
-import { getSafeOptions } from './module';
-export function setSessionTokenCookie(token, expiresAt) {
-    const oSafe = getSafeOptions();
-    if (remult.context.setCookie) {
-        remult.context.setCookie(oSafe.session.cookieName, token, {
-            expires: expiresAt,
-            path: '/',
-        });
-    }
-}
-export function deleteSessionTokenCookie() {
-    const oSafe = getSafeOptions();
-    remult.context.deleteCookie(oSafe.session.cookieName, {
-        path: '/',
-    });
-}
-export function setCodeVerifierCookie(codeVerifier) {
-    remult.context.setCookie('code_verifier', codeVerifier, {
-        secure: !DEV,
-        path: '/',
-        httpOnly: true,
-        maxAge: 60 * 10, // 10 min
-    });
-}
-export function setOAuthStateCookie(provider, state) {
-    remult.context.setCookie(`${provider}_oauth_state`, state, {
-        path: '/',
-        secure: !DEV,
-        httpOnly: true,
-        maxAge: 60 * 10,
-        sameSite: 'lax',
-    });
-}
-export function setRedirectCookie(redirect) {
-    remult.context.setCookie(`remult_redirect`, redirect, {
-        path: '/',
-        secure: !DEV,
-        httpOnly: true,
-        maxAge: 60 * 10,
-        sameSite: 'lax',
-    });
-}

package/esm/auth/server/helperRole.d.ts

@@ -1,19 +0,0 @@
-import { type ClassType } from 'remult';
-import type { Log } from '@kitql/helpers';
-import { type FFAuthAccount, type FFAuthUser } from '../Entities';
-/**
- * will merge the roles and remove duplicates
- * will return a new array & a status if the array was changed
- */
-export declare const mergeRoles: (existing: string[], newOnes: string[] | undefined) => {
-    roles: string[];
-    changed: boolean;
-};
-export declare const linkRoleToUsersFromEnv: (o: {
-    log: Log;
-    accountEntity: ClassType<FFAuthAccount>;
-    userEntity: ClassType<FFAuthUser>;
-    envKey: string;
-    envValue: string;
-    roles: string[];
-}) => Promise<void>;

package/esm/auth/server/helperRole.js

@@ -1,57 +0,0 @@
-import { repo } from 'remult';
-import { nameify } from '../../formats';
-import { cyan, green, yellow } from '@kitql/helpers';
-import { FFAuthProvider } from '../Entities';
-/**
- * will merge the roles and remove duplicates
- * will return a new array & a status if the array was changed
- */
-export const mergeRoles = (existing, newOnes) => {
-    const result = new Set(existing);
-    let changed = false;
-    for (const role of newOnes ?? []) {
-        if (!result.has(role)) {
-            result.add(role);
-            changed = true;
-        }
-    }
-    return { roles: Array.from(result), changed };
-};
-export const linkRoleToUsersFromEnv = async (o) => {
-    const { log, accountEntity, userEntity, envKey, envValue, roles } = o;
-    const providersInfo = envValue === undefined
-        ? []
-        : (envValue ?? '')
-            .split(',')
-            .map((c) => c.trim())
-            .filter(Boolean);
-    for (let i = 0; i < providersInfo.length; i++) {
-        const [providerUserId, provider] = providersInfo[i].split('|');
-        let a = await repo(accountEntity).findFirst({ providerUserId });
-        if (!a) {
-            const user = await repo(userEntity).upsert({ where: { roles, name: nameify(providerUserId) } });
-            a = await repo(accountEntity).insert({
-                providerUserId,
-                provider: provider ?? FFAuthProvider.PASSWORD.id,
-                userId: user.id,
-            });
-        }
-        else {
-            let user = await repo(userEntity).findFirst({ id: a.userId });
-            if (!user) {
-                user = repo(userEntity).create({ id: a.userId, name: nameify(providerUserId) });
-            }
-            const newRoles = [...new Set([...user.roles, ...roles].sort())];
-            if ((newRoles ?? []).join(',') !== (user.roles ?? []).join(',')) {
-                user.roles = newRoles;
-                await repo(userEntity).save(user);
-            }
-        }
-    }
-    if (providersInfo.length > 0) {
-        log.info(`${cyan(envKey)}: ${providersInfo.map((c) => green(c.trim())).join(', ')} added via ${yellow(`.env`)}.`);
-    }
-    else {
-        log.info(`${cyan(envKey)}: No users added via ${yellow(`.env`)}.`);
-    }
-};

package/esm/auth/server/index.d.ts

@@ -1,8 +0,0 @@
-import * as arctic from 'arctic';
-import { handleAuth } from './handleAuth.js';
-import { handleGuard } from './handleGuard.js';
-export { auth, authModuleRaw } from './module';
-export { linkRoleToUsersFromEnv as initRoleFromEnv } from './helperRole';
-export { checkOAuthConfig } from './providers/helperProvider';
-export { github } from './providers/github';
-export { arctic, handleAuth, handleGuard };

package/esm/auth/server/index.js

@@ -1,8 +0,0 @@
-import * as arctic from 'arctic';
-import { handleAuth } from './handleAuth.js';
-import { handleGuard } from './handleGuard.js';
-export { auth, authModuleRaw } from './module';
-export { linkRoleToUsersFromEnv as initRoleFromEnv } from './helperRole';
-export { checkOAuthConfig } from './providers/helperProvider';
-export { github } from './providers/github';
-export { arctic, handleAuth, handleGuard };

package/esm/auth/server/module.d.ts

@@ -1,300 +0,0 @@
-import type { OAuth2Tokens } from 'arctic';
-import type { ClassType, UserInfo } from 'remult';
-import { ModuleFF } from '../../server';
-import type { RecursivePartial } from '../../utils/types';
-import { FFAuthAccount, FFAuthUser, FFAuthUserSession } from '../Entities';
-import type { FirstlyData, FirstlyDataAuth, OAuth2UserInfo, ProviderAuthorizationURLOptions } from '../types';
-export type FFOAuth2Provider<T = any, LitName extends string = string> = {
-    name: LitName;
-    caption: string;
-    raw_svg?: string;
-    getArcticProvider: () => T;
-    authorizationURLOptions: () => ProviderAuthorizationURLOptions;
-    getUserInfo(tokens: OAuth2Tokens): Promise<OAuth2UserInfo>;
-};
-type AuthOptions<TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity extends FFAuthUserSession = FFAuthUserSession, TAccountEntity extends FFAuthAccount = FFAuthAccount> = {
-    customEntities?: {
-        User?: ClassType<TUserEntity>;
-        Session?: ClassType<TSessionEntity>;
-        Account?: ClassType<TAccountEntity>;
-    };
-    debug?: boolean;
-    ui?: false | RecursivePartial<FirstlyDataAuth['ui']>;
-    strings?: {
-        resetPasswordSend?: string;
-        resetPasswordUnknownUser?: string;
-        anErrorOccurred?: string;
-        cannotSignUp?: string;
-    };
-    /** Usefull to overwrite where the static files are */
-    uiStaticPath?: string;
-    session?: {
-        /** in milliseconds @default 30 days (1000 * 60 * 60 * 24 * 30) */
-        expiresIn?: number;
-        COOKIE_NAME?: string;
-    };
-    defaultRedirect?: string;
-    /**
-     * Can a user sign up by itself? Or we can join only by invitation ?
-     * If false, no one can sign up alone.
-     * @default true
-     **/
-    signUp?: boolean;
-    /**
-     * To be able to sign in user needs to be verified or not?
-     * ```
-     *  `Auto` => noting will be checked
-     *  `Email` => users needs to click a link in an email
-     *  `Manual` => an admin needs to verify the user and set verifiedAt in the database
-     * ```
-     * @default auto
-     **/
-    verifiedMethod?: 'auto' | 'email' | 'manual';
-    invitationSend?: (args: {
-        email: string;
-        url: string;
-    }) => Promise<void>;
-    /**
-     * When defining this, you need to return a "manually constructed object" that will be used to send to the client.
-     * This is useful if you want to add some extra properties to the user object.
-     *
-     * @example
-     * ```ts
-     * transformDbUserToClientUser(session, user) {
-     * 	return {
-     * 		id: user.id,
-     * 		name: user.name,
-     * 		image: user.image ?? undefined,
-     * 		session: {
-     * 			id: session.id,
-     * 			expiresAt: session.expiresAt,
-     * 		},
-     * 	}
-     * }
-     * ```
-     */
-    transformDbUserToClientUser?: (session: TSessionEntity, user: TUserEntity) => UserInfo;
-    providers?: {
-        demo?: {
-            name: string;
-            roles?: string[];
-        }[];
-        password?: {
-            mail?: {
-                reset?: {
-                    send?: (args: {
-                        email: string;
-                        url: string;
-                    }) => Promise<void>;
-                    /** in secondes @default 5 minutes */
-                    expiresIn?: number;
-                };
-                verify?: {
-                    send?: (args: {
-                        email: string;
-                        url: string;
-                    }) => Promise<void>;
-                    /** in secondes @default 5 minutes */
-                    expiresIn?: number;
-                };
-            };
-            algo?: {
-                /**
-                 * Validate the password or throw an error.
-                 *
-                 * Here is an example (and it's the default implementation):
-                 * ```
-                 * function validatePassword(password: string) {
-                 *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
-                 *     throw new EntityError({ message: 'Invalid password' })
-                 *   }
-                 * }
-                 * ```
-                 */
-                validateInput?: ({ identifier, password }: {
-                    identifier: string;
-                    password: string;
-                }) => void;
-                /**
-                 * If you want to NOT use the default bcrypt, you can pass your own thing!
-                 */
-                hash?: (password: string) => Promise<string>;
-                /**
-                 * If you want to NOT use the default bcrypt, you can pass your own thing!
-                 */
-                verify?: (password: string, hash: string) => Promise<boolean>;
-                bcrypt?: {
-                    /**
-                     * The number of rounds to use for the bcrypt hash.
-                     * @default 10
-                     */
-                    saltRounds?: number;
-                };
-            };
-        };
-        otp?: {
-            issuer?: string;
-            /** in secondes @default 30 seconds */
-            expiresIn?: number;
-            /** Number of digits @default 6 */
-            digits?: number;
-            send?: (data: {
-                name: string;
-                otp: string;
-                uri: string;
-            }) => Promise<void>;
-        };
-        oAuths?: FFOAuth2Provider[];
-    };
-    envRoles_AssignUsers?: Record<string, string>;
-};
-export declare let AUTH_OPTIONS: AuthOptions;
-export declare const getSafeOptions: <TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity extends FFAuthUserSession = FFAuthUserSession, TAccountEntity extends FFAuthAccount = FFAuthAccount>() => {
-    User: ClassType<TUserEntity>;
-    Session: ClassType<TSessionEntity>;
-    Account: ClassType<TAccountEntity>;
-    signUp: boolean;
-    password: {
-        enabled: boolean;
-        validateInput: ({ identifier, password }: {
-            identifier: string;
-            password: string;
-        }) => void;
-        hash: ((password: string) => Promise<string>) | ((password: string) => string);
-        verify: ((password: string, hash: string) => Promise<boolean>) | ((password: string, hash: string) => boolean);
-    };
-    otp: {
-        enabled: boolean;
-    };
-    verifiedMethod: "email" | "auto" | "manual";
-    redirectUrl: string;
-    firstlyData: FirstlyData;
-    transformDbUserToClientUser: (session: TSessionEntity, user: TUserEntity) => UserInfo;
-    uiStaticPath: string;
-    session: {
-        expiresInMs: number;
-        cookieName: string;
-    };
-    providers: {
-        demo?: {
-            name: string;
-            roles?: string[];
-        }[];
-        password?: {
-            mail?: {
-                reset?: {
-                    send?: (args: {
-                        email: string;
-                        url: string;
-                    }) => Promise<void>;
-                    /** in secondes @default 5 minutes */
-                    expiresIn?: number;
-                };
-                verify?: {
-                    send?: (args: {
-                        email: string;
-                        url: string;
-                    }) => Promise<void>;
-                    /** in secondes @default 5 minutes */
-                    expiresIn?: number;
-                };
-            };
-            algo?: {
-                /**
-                 * Validate the password or throw an error.
-                 *
-                 * Here is an example (and it's the default implementation):
-                 * ```
-                 * function validatePassword(password: string) {
-                 *   if (typeof password !== 'string' || password.length < 6 || password.length > 255) {
-                 *     throw new EntityError({ message: 'Invalid password' })
-                 *   }
-                 * }
-                 * ```
-                 */
-                validateInput?: ({ identifier, password }: {
-                    identifier: string;
-                    password: string;
-                }) => void;
-                /**
-                 * If you want to NOT use the default bcrypt, you can pass your own thing!
-                 */
-                hash?: (password: string) => Promise<string>;
-                /**
-                 * If you want to NOT use the default bcrypt, you can pass your own thing!
-                 */
-                verify?: (password: string, hash: string) => Promise<boolean>;
-                bcrypt?: {
-                    /**
-                     * The number of rounds to use for the bcrypt hash.
-                     * @default 10
-                     */
-                    saltRounds?: number;
-                };
-            };
-        };
-        otp?: {
-            issuer?: string;
-            /** in secondes @default 30 seconds */
-            expiresIn?: number;
-            /** Number of digits @default 6 */
-            digits?: number;
-            send?: (data: {
-                name: string;
-                otp: string;
-                uri: string;
-            }) => Promise<void>;
-        };
-        oAuths?: FFOAuth2Provider[];
-    } | undefined;
-    strings: {
-        resetPasswordSend: string;
-        resetPasswordUnknownUser: string;
-        anErrorOccurred: string;
-        cannotSignUp: string;
-    };
-    ui: {
-        readonly paths: {
-            readonly base: string;
-            readonly sign_up: string | false;
-            readonly sign_in: string | false;
-            readonly forgot_password: string | false;
-            readonly reset_password: string | false;
-            readonly verify_email: string | false;
-        };
-        readonly strings: {
-            readonly app_name: string;
-            readonly email: string;
-            readonly email_placeholder: string;
-            readonly password: string;
-            readonly password_placeholder: string;
-            readonly confirm: string;
-            readonly reset: string;
-            readonly btn_sign_up: string;
-            readonly btn_sign_in: string;
-            readonly forgot_password: string;
-            readonly send_password_reset_instructions: string;
-            readonly back_to_sign_in: string;
-        };
-        readonly images: {
-            readonly main: string;
-        };
-        readonly customHtmlHead: string;
-    } | undefined;
-    envRoles_AssignUsers: Record<string, string>;
-};
-export declare const authModuleRaw: ModuleFF;
-/**
- * To enable authentication in your app in a few lines of code.
- * _Info: index: -777_
- */
-export declare const auth: <TUserEntity extends FFAuthUser = FFAuthUser, TSessionEntity extends FFAuthUserSession = FFAuthUserSession, TAccountEntity extends FFAuthAccount = FFAuthAccount>(o: AuthOptions<TUserEntity, TSessionEntity, TAccountEntity>) => ModuleFF;
-declare module 'remult' {
-    interface UserInfo {
-        session: {
-            id: string;
-            expiresAt: Date;
-        };
-    }
-}
-export {};