firstly 0.2.1 → 0.4.0

package/esm/auth/server/module.js

@@ -1,230 +0,0 @@
-import bcrypt from 'bcryptjs';
-import { EntityError, remult } from 'remult';
-import { red, yellow } from '@kitql/helpers';
-import { getRelativePackagePath } from '@kitql/internals';
-import { env } from '$env/dynamic/private';
-import { building } from '$app/environment';
-import { AuthController } from '..';
-import { ModuleFF } from '../../server';
-import { FFAuthAccount, FFAuthUser, FFAuthUserSession } from '../Entities';
-import { AuthControllerServer } from './AuthController.server';
-import { validateSessionToken } from './helperDb';
-import { setSessionTokenCookie } from './helperRemultServer';
-import { linkRoleToUsersFromEnv } from './helperRole';
-export let AUTH_OPTIONS = { ui: {} };
-const buildUrlOrDefault = (base, userSetting, fallback) => {
-    if (userSetting === false) {
-        return false;
-    }
-    if (userSetting === undefined) {
-        return `${base}/${fallback}`;
-    }
-    return `${base}/${userSetting}`;
-};
-export const getSafeOptions = () => {
-    const signUp = AUTH_OPTIONS.signUp ?? true;
-    const base = AUTH_OPTIONS.ui === false ? 'NO_BASE_PATH' : (AUTH_OPTIONS.ui?.paths?.base ?? '/ff/auth');
-    const ui = AUTH_OPTIONS.ui === false
-        ? undefined
-        : {
-            paths: {
-                base,
-                sign_up: signUp ? buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.sign_up, 'sign-up') : false,
-                sign_in: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.sign_in, 'sign-in'),
-                forgot_password: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.forgot_password, 'forgot-password'),
-                reset_password: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.reset_password, 'reset-password'),
-                verify_email: buildUrlOrDefault(base, AUTH_OPTIONS.ui?.paths?.verify_email, 'verify-email'),
-            },
-            strings: {
-                app_name: AUTH_OPTIONS.ui?.strings?.app_name ?? '',
-                email: AUTH_OPTIONS.ui?.strings?.email ?? 'Email',
-                email_placeholder: AUTH_OPTIONS.ui?.strings?.email_placeholder ?? 'Your email address',
-                password: AUTH_OPTIONS.ui?.strings?.password ?? 'Password',
-                password_placeholder: AUTH_OPTIONS.ui?.strings?.password_placeholder ?? 'Your password',
-                confirm: AUTH_OPTIONS.ui?.strings?.confirm ?? 'Confirm',
-                reset: AUTH_OPTIONS.ui?.strings?.reset ?? 'Reset',
-                btn_sign_up: AUTH_OPTIONS.ui?.strings?.btn_sign_up ?? 'Sign up',
-                btn_sign_in: AUTH_OPTIONS.ui?.strings?.btn_sign_in ?? 'Sign in',
-                forgot_password: AUTH_OPTIONS.ui?.strings?.forgot_password ?? 'Forgot your password?',
-                send_password_reset_instructions: AUTH_OPTIONS.ui?.strings?.send_password_reset_instructions ??
-                    'Send password reset instructions',
-                back_to_sign_in: AUTH_OPTIONS.ui?.strings?.back_to_sign_in ?? 'Back to sign in',
-            },
-            images: {
-                main: AUTH_OPTIONS.ui?.images?.main ?? '',
-            },
-            customHtmlHead: AUTH_OPTIONS.ui?.customHtmlHead ??
-                '<title>Auth</title><link rel="icon" href="https://firstly.fun/favicon.svg" />',
-        };
-    if (AUTH_OPTIONS.debug && !building) {
-        authModuleRaw.log.info('ui', ui);
-    }
-    const getProviderIcon = (name) => {
-        switch (name) {
-            case 'github':
-                return `<svg viewBox="0 0 24 24" fill="currentColor"><path d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z"/></svg>`;
-            case 'google':
-                return `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 128 128"><!-- Icon from Devicon by konpa - https://github.com/devicons/devicon/blob/master/LICENSE --><path fill="#fff" d="M44.59 4.21a63.28 63.28 0 0 0 4.33 120.9a67.6 67.6 0 0 0 32.36.35a57.13 57.13 0 0 0 25.9-13.46a57.44 57.44 0 0 0 16-26.26a74.3 74.3 0 0 0 1.61-33.58H65.27v24.69h34.47a29.72 29.72 0 0 1-12.66 19.52a36.2 36.2 0 0 1-13.93 5.5a41.3 41.3 0 0 1-15.1 0A37.2 37.2 0 0 1 44 95.74a39.3 39.3 0 0 1-14.5-19.42a38.3 38.3 0 0 1 0-24.63a39.25 39.25 0 0 1 9.18-14.91A37.17 37.17 0 0 1 76.13 27a34.3 34.3 0 0 1 13.64 8q5.83-5.8 11.64-11.63c2-2.09 4.18-4.08 6.15-6.22A61.2 61.2 0 0 0 87.2 4.59a64 64 0 0 0-42.61-.38"/><path fill="#e33629" d="M44.59 4.21a64 64 0 0 1 42.61.37a61.2 61.2 0 0 1 20.35 12.62c-2 2.14-4.11 4.14-6.15 6.22Q95.58 29.23 89.77 35a34.3 34.3 0 0 0-13.64-8a37.17 37.17 0 0 0-37.46 9.74a39.25 39.25 0 0 0-9.18 14.91L8.76 35.6A63.53 63.53 0 0 1 44.59 4.21"/><path fill="#f8bd00" d="M3.26 51.5a63 63 0 0 1 5.5-15.9l20.73 16.09a38.3 38.3 0 0 0 0 24.63q-10.36 8-20.73 16.08a63.33 63.33 0 0 1-5.5-40.9"/><path fill="#587dbd" d="M65.27 52.15h59.52a74.3 74.3 0 0 1-1.61 33.58a57.44 57.44 0 0 1-16 26.26c-6.69-5.22-13.41-10.4-20.1-15.62a29.72 29.72 0 0 0 12.66-19.54H65.27c-.01-8.22 0-16.45 0-24.68"/><path fill="#319f43" d="M8.75 92.4q10.37-8 20.73-16.08A39.3 39.3 0 0 0 44 95.74a37.2 37.2 0 0 0 14.08 6.08a41.3 41.3 0 0 0 15.1 0a36.2 36.2 0 0 0 13.93-5.5c6.69 5.22 13.41 10.4 20.1 15.62a57.13 57.13 0 0 1-25.9 13.47a67.6 67.6 0 0 1-32.36-.35a63 63 0 0 1-23-11.59A63.7 63.7 0 0 1 8.75 92.4"/></svg>`;
-            default:
-                return '';
-        }
-    };
-    const providers = AUTH_OPTIONS.providers?.oAuths?.map((o) => ({
-        name: o.name,
-        label: o.caption,
-        raw_svg: o.raw_svg ?? getProviderIcon(o.name),
-    })) ?? [];
-    const firstlyData = {
-        module: 'auth',
-        debug: AUTH_OPTIONS.debug,
-        props: {
-            ui,
-            providers,
-        },
-    };
-    let uiStaticPath = AUTH_OPTIONS.uiStaticPath ?? '';
-    if (!AUTH_OPTIONS.uiStaticPath) {
-        const installedFirstlyPath = getRelativePackagePath('firstly');
-        if (installedFirstlyPath) {
-            uiStaticPath = `${installedFirstlyPath}/esm/auth/static/`;
-        }
-    }
-    let redirectUrl = AUTH_OPTIONS.defaultRedirect ?? '/';
-    if (!redirectUrl.startsWith('/')) {
-        authModuleRaw.log.error(`Invalid redirect url ${red(redirectUrl)} (it should be a local one starting with /)`);
-        redirectUrl = '/';
-    }
-    let transformDbUserToClientUserToUse;
-    if (AUTH_OPTIONS.transformDbUserToClientUser) {
-        transformDbUserToClientUserToUse = AUTH_OPTIONS.transformDbUserToClientUser;
-    }
-    else {
-        // @ts-ignore (I'm not sure why cadb-my-doc is failing check here if I don't do this!)
-        transformDbUserToClientUserToUse = (session, user) => {
-            return {
-                id: user.id,
-                name: user.name,
-                roles: user.roles,
-                session: {
-                    id: session.id,
-                    expiresAt: session.expiresAt,
-                },
-            };
-        };
-    }
-    function validateInput({ identifier, password }) {
-        if (typeof identifier !== 'string' || identifier.length === 0) {
-            throw new EntityError({ message: 'Invalid identifier' });
-        }
-        if (typeof password !== 'string') {
-            throw new EntityError({ message: 'Invalid password' });
-        }
-        if (password.length < 6 || password.length > 255) {
-            throw new EntityError({ message: 'Password too short or too long!' });
-        }
-    }
-    function passwordHash(password) {
-        return bcrypt.hashSync(password, AUTH_OPTIONS.providers?.password?.algo?.bcrypt?.saltRounds ?? 10);
-    }
-    function passwordVerify(password, hash) {
-        return bcrypt.compareSync(password, hash);
-    }
-    return {
-        User: (AUTH_OPTIONS.customEntities?.User ?? FFAuthUser),
-        Session: (AUTH_OPTIONS.customEntities?.Session ?? FFAuthUserSession),
-        Account: (AUTH_OPTIONS.customEntities?.Account ?? FFAuthAccount),
-        signUp,
-        password: {
-            enabled: AUTH_OPTIONS.providers?.password ? true : false,
-            validateInput: AUTH_OPTIONS.providers?.password?.algo?.validateInput ?? validateInput,
-            hash: AUTH_OPTIONS.providers?.password?.algo?.hash ?? passwordHash,
-            verify: AUTH_OPTIONS.providers?.password?.algo?.verify ?? passwordVerify,
-        },
-        otp: { enabled: AUTH_OPTIONS.providers?.otp ? true : false },
-        verifiedMethod: AUTH_OPTIONS.verifiedMethod ?? 'auto',
-        redirectUrl,
-        firstlyData,
-        transformDbUserToClientUser: transformDbUserToClientUserToUse,
-        uiStaticPath,
-        session: {
-            expiresInMs: AUTH_OPTIONS.session?.expiresIn ?? 1000 * 60 * 60 * 24 * 30, // 30 days,
-            cookieName: AUTH_OPTIONS.session?.COOKIE_NAME ?? 'firstly_auth_session',
-        },
-        providers: AUTH_OPTIONS.providers,
-        strings: {
-            resetPasswordSend: AUTH_OPTIONS.strings?.resetPasswordSend ?? 'Mail sent ! You can now close this window.',
-            resetPasswordUnknownUser: AUTH_OPTIONS.strings?.resetPasswordUnknownUser ??
-                'If your email is registered, you will receive an email with a link to reset your password.',
-            anErrorOccurred: AUTH_OPTIONS.strings?.anErrorOccurred ?? 'An error occurred, contact the administrator.',
-            cannotSignUp: AUTH_OPTIONS.strings?.cannotSignUp ??
-                "You can't signup by yourself! Contact the administrator.",
-        },
-        ui,
-        envRoles_AssignUsers: AUTH_OPTIONS.envRoles_AssignUsers ?? {},
-    };
-};
-export const authModuleRaw = new ModuleFF({
-    name: 'auth',
-    priority: -777,
-});
-/**
- * To enable authentication in your app in a few lines of code.
- * _Info: index: -777_
- */
-export const auth = (o) => {
-    // TODO should work ?
-    // @ts-ignore
-    AUTH_OPTIONS = o;
-    const oSafe = getSafeOptions();
-    // Replace the direct assignments with the new _setImplementation method
-    AuthController._setAbstraction({
-        signOut: AuthControllerServer.signOut,
-        signInDemo: AuthControllerServer.signInDemo,
-        invite: AuthControllerServer.invite,
-        signUpPassword: AuthControllerServer.signUpPassword,
-        signInPassword: AuthControllerServer.signInPassword,
-        forgotPassword: AuthControllerServer.forgotPassword,
-        resetPassword: AuthControllerServer.resetPassword,
-        signInOTP: AuthControllerServer.signInOTP,
-        verifyOtp: AuthControllerServer.verifyOtp,
-        signInOAuthGetUrl: AuthControllerServer.signInOAuthGetUrl,
-    });
-    authModuleRaw.entities = [oSafe.User, oSafe.Session, oSafe.Account];
-    authModuleRaw.controllers = [AuthController];
-    authModuleRaw.initRequest = async (event) => {
-        // REMULT: storing user in local should probably be done in remult directly
-        if (event?.locals?.user) {
-            remult.user = event.locals.user;
-        }
-        else {
-            const sessionId = event.cookies.get(oSafe.session.cookieName);
-            if (sessionId) {
-                const { user, freshSession } = await validateSessionToken(sessionId);
-                if (freshSession) {
-                    setSessionTokenCookie(freshSession.sessionToken, freshSession.expiresAt);
-                }
-                remult.user = user;
-                if (event.locals) {
-                    event.locals.user = user;
-                }
-            }
-        }
-    };
-    authModuleRaw.initApi = async () => {
-        const oSafe = getSafeOptions();
-        for (const [key, value] of Object.entries(oSafe.envRoles_AssignUsers)) {
-            await linkRoleToUsersFromEnv({
-                log: authModuleRaw.log,
-                accountEntity: oSafe.Account,
-                userEntity: oSafe.User,
-                envKey: key.toUpperCase(),
-                envValue: env[key.toUpperCase()] ?? '',
-                roles: [value],
-            });
-        }
-        if (Object.entries(oSafe.envRoles_AssignUsers).length === 0 && AUTH_OPTIONS.debug) {
-            authModuleRaw.log.info(`set ${yellow('auth: { linkRoleToUsersFromEnv: ... }')} to assign roles to users via ${yellow('.env')}.`);
-        }
-    };
-    return authModuleRaw;
-};

package/esm/auth/server/providers/github.d.ts

@@ -1,33 +0,0 @@
-import type { OAuth2Tokens } from 'arctic';
-import { GitHub } from 'arctic';
-import type { OAuth2UserInfo, ProviderAuthorizationURLOptions } from '../../types';
-import { type FFOAuth2Provider } from '../module';
-/**
- * ## GitHub OAuth2 provider
- *
- * 1. Get your **id** & **secret** from [GitHub (direct link)](https://github.com/settings/developers).
- * 2. In GitHub, set your callback url to
- * - [ ] dev: `http://_YOUR_LOCAL_URL:PORT_/api/auth_callback`
- * - [ ] prod: `https://MY_SUPER_SITE/api/auth_callback`
- * 3. In your project add a `.env` file with the following:
- * ```bash
- * GITHUB_CLIENT_ID = 'your-client-id'
- * GITHUB_CLIENT_SECRET = 'your-client-secret'
- * # GITHUB_REDIRECT_URI = '' # optional, will default to "${origin}/api/auth_callback"
- * ```
- * 4. In your frontend, under a button click call something like:
- * ```ts
- * async function oauth() {
- *   window.location.href = await Auth.signInOAuthGetUrl({ provider: 'github', redirect: window.location.pathname })
- * }
- * ```
- * 5. Enjoy 🥳
- */
-export declare function github(options?: {
-    GITHUB_CLIENT_ID?: string;
-    GITHUB_CLIENT_SECRET?: string;
-    GITHUB_REDIRECT_URI?: string;
-    authorizationURLOptions?: ProviderAuthorizationURLOptions;
-    getUserInfo?: (tokens: OAuth2Tokens) => Promise<OAuth2UserInfo>;
-    log?: boolean;
-}): FFOAuth2Provider<GitHub, 'github'>;

package/esm/auth/server/providers/github.js

@@ -1,87 +0,0 @@
-import { GitHub } from 'arctic';
-import { remult } from 'remult';
-import { env } from '$env/dynamic/private';
-import { authModuleRaw } from '../module';
-import { checkOAuthConfig } from './helperProvider';
-//------------------------------
-// For developers (future me ?), To do another OAuth2 provider:
-// Replace GITHUB / Github / github
-// update "https://github.com/settings/developers" to the correct URL (2 places)
-// update "https://api.github.com/user" the fetch user info
-//------------------------------
-/**
- * ## GitHub OAuth2 provider
- *
- * 1. Get your **id** & **secret** from [GitHub (direct link)](https://github.com/settings/developers).
- * 2. In GitHub, set your callback url to
- * - [ ] dev: `http://_YOUR_LOCAL_URL:PORT_/api/auth_callback`
- * - [ ] prod: `https://MY_SUPER_SITE/api/auth_callback`
- * 3. In your project add a `.env` file with the following:
- * ```bash
- * GITHUB_CLIENT_ID = 'your-client-id'
- * GITHUB_CLIENT_SECRET = 'your-client-secret'
- * # GITHUB_REDIRECT_URI = '' # optional, will default to "${origin}/api/auth_callback"
- * ```
- * 4. In your frontend, under a button click call something like:
- * ```ts
- * async function oauth() {
- *   window.location.href = await Auth.signInOAuthGetUrl({ provider: 'github', redirect: window.location.pathname })
- * }
- * ```
- * 5. Enjoy 🥳
- */
-export function github(options) {
-    const name = 'github';
-    const clientID = options?.GITHUB_CLIENT_ID ?? env.GITHUB_CLIENT_ID ?? '';
-    const secret = options?.GITHUB_CLIENT_SECRET ?? env.GITHUB_CLIENT_SECRET ?? '';
-    const urlForKeys = 'https://github.com/settings/developers';
-    checkOAuthConfig(name, clientID, secret, urlForKeys, false);
-    return {
-        name,
-        caption: 'GitHub',
-        getArcticProvider: () => {
-            const redirectURI = options?.GITHUB_REDIRECT_URI ??
-                env.GITHUB_REDIRECT_URI ??
-                `${remult.context.request.url.origin}/api/auth_callback`;
-            checkOAuthConfig(name, clientID, secret, urlForKeys, true);
-            const o = new GitHub(clientID, secret, redirectURI);
-            return o;
-        },
-        authorizationURLOptions: () => {
-            return options?.authorizationURLOptions ?? [];
-        },
-        getUserInfo: options?.getUserInfo
-            ? options.getUserInfo
-            : async (tokens) => {
-                const res = await fetch('https://api.github.com/user', {
-                    headers: {
-                        Authorization: `Bearer ${tokens.accessToken()}`,
-                    },
-                });
-                const user = await res.json();
-                const nameOptions = [user.login];
-                const emailOptions = [];
-                if ((options?.authorizationURLOptions ?? ['user:email']).includes('user:email')) {
-                    const res = await fetch('https://api.github.com/user/emails', {
-                        headers: {
-                            Authorization: `Bearer ${tokens.accessToken()}`,
-                        },
-                    });
-                    user.emails = await res.json();
-                    if (Array.isArray(user.emails)) {
-                        const primaryEmails = user.emails.filter((email) => email.primary === true);
-                        primaryEmails.forEach((email) => {
-                            if (email.email) {
-                                nameOptions.unshift(email.email);
-                                emailOptions.unshift(email.email);
-                            }
-                        });
-                    }
-                }
-                if (options?.log) {
-                    authModuleRaw.log.info(`user`, user);
-                }
-                return { raw: user, providerUserId: String(user.id), nameOptions, emailOptions };
-            },
-    };
-}

package/esm/auth/server/providers/helperProvider.d.ts

@@ -1 +0,0 @@
-export declare const checkOAuthConfig: (name: string, clientId: string, secret: string, urlForKeys: string, withThrow: boolean) => void;

package/esm/auth/server/providers/helperProvider.js

@@ -1,25 +0,0 @@
-import { EntityError } from 'remult';
-import { cyan, gray, green, italic, yellow } from '@kitql/helpers';
-import { mask } from '../../../formats/strings';
-import { authModuleRaw } from '../module';
-export const checkOAuthConfig = (name, clientId, secret, urlForKeys, withThrow) => {
-    if (!clientId || !secret) {
-        const msg = `Wrong configuration for ${green(name)} provider.
-  ${italic(`Config used ${gray(`(${'.env'} & ${'inferred'}):`)}`)}
-  ${yellow('--------------- .env ---------------')}
-  ${name.toUpperCase()}_CLIENT_ID = '${mask(clientId)}'
-  ${name.toUpperCase()}_CLIENT_SECRET = '${mask(secret)}'
-  ${yellow('------------------------------------')}
-  Update your configuration to fix this error. 
-  ${gray(`By default, we check ${name.toUpperCase()}_CLIENT_ID and ${name.toUpperCase()}_CLIENT_SECRET. 
-  But you can also pass your keys as parameters.`)}
-  Check ${cyan(urlForKeys)} to generate your keys.
-`;
-        if (withThrow) {
-            throw new EntityError({ message: msg });
-        }
-        else {
-            authModuleRaw.log.error(msg);
-        }
-    }
-};

package/esm/auth/static/assets/Page-BHW08QWz.css

@@ -1 +0,0 @@
-.oauth-container.svelte-1dwkktf{display:flex;flex-direction:column;gap:.5rem}.oauth-button-icon.svelte-1dwkktf{width:1.25rem;height:1.25rem}.oauth-button.svelte-1dwkktf{display:flex;align-items:center;justify-content:center;gap:.5rem;padding:.5rem 1rem;font-size:.875rem;font-weight:500}form.svelte-skcj83{display:flex;flex-direction:column}h1.svelte-1jjivcr{text-align:center;margin-bottom:2rem}.wrapper.svelte-1jjivcr{min-height:100vh;display:flex;justify-content:center;align-items:center;margin:0 auto}.centered-layout.svelte-1jjivcr{display:flex;justify-content:center;align-items:center;width:100%}.split-layout.svelte-1jjivcr{display:flex;width:100%;min-height:100vh}.form-side.svelte-1jjivcr{width:50%;display:flex;justify-content:center;align-items:center}.image-side.svelte-1jjivcr{width:50%;height:100vh;overflow:hidden}.image-side.svelte-1jjivcr img:where(.svelte-1jjivcr){width:100%;height:100%;object-fit:cover}.form.svelte-1jjivcr{max-width:360px;width:100%;padding:1rem;display:flex;flex-direction:column}.form-footer.svelte-1jjivcr{margin-top:1rem;display:flex;flex-direction:column;justify-content:center;align-items:center}.fallback.svelte-1jjivcr{display:flex;justify-content:center;align-items:center}@media (max-width: 768px){.split-layout.svelte-1jjivcr{flex-direction:column}.form-side.svelte-1jjivcr{width:100%;order:2}.image-side.svelte-1jjivcr{width:100%;height:50vh;order:1}.form.svelte-1jjivcr{max-width:100%}}

package/esm/auth/static/assets/Page-BRNWcY5Z.d.ts

@@ -1,2 +0,0 @@
-export { r as default };
-declare function r(a: any): void;

package/esm/auth/static/assets/Page-BRNWcY5Z.js

@@ -1 +0,0 @@
-import{a9 as t,T as o}from"./index-D38rqu4x.js";function r(a){var e=t("Hello from files");o(a,e)}export{r as default};

package/esm/auth/static/assets/Page-CFcEsGK8.d.ts

@@ -1,2 +0,0 @@
-export { Oa as default };
-declare function Oa(s: any, e: any): void;