ideal-auth 1.2.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth-instance.js +7 -0
- package/dist/auth.js +1 -3
- package/dist/token-verifier/index.js +7 -2
- package/package.json +1 -1
package/dist/auth-instance.js
CHANGED
|
@@ -4,7 +4,13 @@ export function createAuthInstance(deps) {
|
|
|
4
4
|
let cachedPayload;
|
|
5
5
|
let cachedUser;
|
|
6
6
|
let didAutoTouch = false;
|
|
7
|
+
function validateSecret() {
|
|
8
|
+
if (!deps.secret || deps.secret.length < 32) {
|
|
9
|
+
throw new Error('secret must be at least 32 characters');
|
|
10
|
+
}
|
|
11
|
+
}
|
|
7
12
|
async function readSession() {
|
|
13
|
+
validateSecret();
|
|
8
14
|
if (cachedPayload !== undefined)
|
|
9
15
|
return cachedPayload;
|
|
10
16
|
const raw = await deps.cookie.get(deps.cookieName);
|
|
@@ -50,6 +56,7 @@ export function createAuthInstance(deps) {
|
|
|
50
56
|
return Object.keys(data).length > 0 ? data : undefined;
|
|
51
57
|
}
|
|
52
58
|
async function writeSession(user, options) {
|
|
59
|
+
validateSecret();
|
|
53
60
|
const maxAge = options?.remember ? deps.rememberMaxAge : deps.maxAge;
|
|
54
61
|
const now = Math.floor(Date.now() / 1000);
|
|
55
62
|
const payload = {
|
package/dist/auth.js
CHANGED
|
@@ -15,9 +15,7 @@ const SESSION_DEFAULTS = {
|
|
|
15
15
|
* createAuth<SessionUser>({ ... })
|
|
16
16
|
*/
|
|
17
17
|
export function createAuth(config) {
|
|
18
|
-
|
|
19
|
-
throw new Error('secret must be at least 32 characters');
|
|
20
|
-
}
|
|
18
|
+
// Structural validations — code-level config, always known at definition time
|
|
21
19
|
if (config.resolveUser && config.sessionFields) {
|
|
22
20
|
throw new Error('Provide either resolveUser or sessionFields, not both');
|
|
23
21
|
}
|
|
@@ -1,13 +1,16 @@
|
|
|
1
1
|
import { generateToken } from '../crypto/token';
|
|
2
2
|
import { signData, verifySignature } from '../crypto/hmac';
|
|
3
3
|
const DEFAULT_EXPIRY_MS = 60 * 60 * 1000; // 1 hour
|
|
4
|
-
|
|
5
|
-
if (!
|
|
4
|
+
function validateSecret(secret) {
|
|
5
|
+
if (!secret || secret.length < 32) {
|
|
6
6
|
throw new Error('secret must be at least 32 characters');
|
|
7
7
|
}
|
|
8
|
+
}
|
|
9
|
+
export function createTokenVerifier(config) {
|
|
8
10
|
const expiryMs = config.expiryMs ?? DEFAULT_EXPIRY_MS;
|
|
9
11
|
return {
|
|
10
12
|
createToken(userId) {
|
|
13
|
+
validateSecret(config.secret);
|
|
11
14
|
const encodedUserId = Buffer.from(userId, 'utf8').toString('base64url');
|
|
12
15
|
const id = generateToken(20);
|
|
13
16
|
const iat = Date.now();
|
|
@@ -17,6 +20,8 @@ export function createTokenVerifier(config) {
|
|
|
17
20
|
return `${payload}.${signature}`;
|
|
18
21
|
},
|
|
19
22
|
verifyToken(token) {
|
|
23
|
+
if (!config.secret || config.secret.length < 32)
|
|
24
|
+
return null;
|
|
20
25
|
const parts = token.split('.');
|
|
21
26
|
if (parts.length !== 5)
|
|
22
27
|
return null;
|