ideal-auth 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.js +21 -19
- package/dist/token-verifier/index.js +7 -2
- package/package.json +1 -1
package/dist/auth.js
CHANGED
|
@@ -15,9 +15,6 @@ const SESSION_DEFAULTS = {
|
|
|
15
15
|
* createAuth<SessionUser>({ ... })
|
|
16
16
|
*/
|
|
17
17
|
export function createAuth(config) {
|
|
18
|
-
if (!config.secret || config.secret.length < 32) {
|
|
19
|
-
throw new Error('secret must be at least 32 characters');
|
|
20
|
-
}
|
|
21
18
|
if (config.resolveUser && config.sessionFields) {
|
|
22
19
|
throw new Error('Provide either resolveUser or sessionFields, not both');
|
|
23
20
|
}
|
|
@@ -28,20 +25,25 @@ export function createAuth(config) {
|
|
|
28
25
|
throw new Error('sessionFields must contain at least one field besides id');
|
|
29
26
|
}
|
|
30
27
|
const configAutoTouch = config.session?.autoTouch ?? false;
|
|
31
|
-
return (options) =>
|
|
32
|
-
secret
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
28
|
+
return (options) => {
|
|
29
|
+
if (!config.secret || config.secret.length < 32) {
|
|
30
|
+
throw new Error('secret must be at least 32 characters');
|
|
31
|
+
}
|
|
32
|
+
return createAuthInstance({
|
|
33
|
+
secret: config.secret,
|
|
34
|
+
cookie: config.cookie,
|
|
35
|
+
cookieName: config.session?.cookieName ?? SESSION_DEFAULTS.cookieName,
|
|
36
|
+
maxAge: config.session?.maxAge ?? SESSION_DEFAULTS.maxAge,
|
|
37
|
+
rememberMaxAge: config.session?.rememberMaxAge ?? SESSION_DEFAULTS.rememberMaxAge,
|
|
38
|
+
cookieOptions: config.session?.cookie ?? {},
|
|
39
|
+
autoTouch: options?.autoTouch ?? configAutoTouch,
|
|
40
|
+
resolveUser: config.resolveUser,
|
|
41
|
+
sessionFields: config.sessionFields,
|
|
42
|
+
hash: config.hash,
|
|
43
|
+
resolveUserByCredentials: config.resolveUserByCredentials,
|
|
44
|
+
credentialKey: config.credentialKey ?? 'password',
|
|
45
|
+
passwordField: config.passwordField ?? 'password',
|
|
46
|
+
attemptUser: config.attemptUser,
|
|
47
|
+
});
|
|
48
|
+
};
|
|
47
49
|
}
|
|
@@ -1,13 +1,16 @@
|
|
|
1
1
|
import { generateToken } from '../crypto/token';
|
|
2
2
|
import { signData, verifySignature } from '../crypto/hmac';
|
|
3
3
|
const DEFAULT_EXPIRY_MS = 60 * 60 * 1000; // 1 hour
|
|
4
|
-
|
|
5
|
-
if (!
|
|
4
|
+
function validateSecret(secret) {
|
|
5
|
+
if (!secret || secret.length < 32) {
|
|
6
6
|
throw new Error('secret must be at least 32 characters');
|
|
7
7
|
}
|
|
8
|
+
}
|
|
9
|
+
export function createTokenVerifier(config) {
|
|
8
10
|
const expiryMs = config.expiryMs ?? DEFAULT_EXPIRY_MS;
|
|
9
11
|
return {
|
|
10
12
|
createToken(userId) {
|
|
13
|
+
validateSecret(config.secret);
|
|
11
14
|
const encodedUserId = Buffer.from(userId, 'utf8').toString('base64url');
|
|
12
15
|
const id = generateToken(20);
|
|
13
16
|
const iat = Date.now();
|
|
@@ -17,6 +20,8 @@ export function createTokenVerifier(config) {
|
|
|
17
20
|
return `${payload}.${signature}`;
|
|
18
21
|
},
|
|
19
22
|
verifyToken(token) {
|
|
23
|
+
if (!config.secret || config.secret.length < 32)
|
|
24
|
+
return null;
|
|
20
25
|
const parts = token.split('.');
|
|
21
26
|
if (parts.length !== 5)
|
|
22
27
|
return null;
|