ideal-auth 1.3.0 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/auth-instance.js +11 -0
  2. package/dist/auth.js +17 -21
  3. package/package.json +1 -1
package/dist/auth-instance.js CHANGED
@@ -4,7 +4,17 @@ export function createAuthInstance(deps) {
4
4
  let cachedPayload;
5
5
  let cachedUser;
6
6
  let didAutoTouch = false;
7
+ function validateSecret() {
8
+ if (!deps.secret || deps.secret.length < 32) {
9
+ throw new Error('secret must be at least 32 characters');
10
+ }
11
+ }
7
12
  async function readSession() {
13
+ // Fail closed on reads — no secret means no session, not an error
14
+ if (!deps.secret || deps.secret.length < 32) {
15
+ cachedPayload = null;
16
+ return null;
17
+ }
8
18
  if (cachedPayload !== undefined)
9
19
  return cachedPayload;
10
20
  const raw = await deps.cookie.get(deps.cookieName);
@@ -50,6 +60,7 @@ export function createAuthInstance(deps) {
50
60
  return Object.keys(data).length > 0 ? data : undefined;
51
61
  }
52
62
  async function writeSession(user, options) {
63
+ validateSecret();
53
64
  const maxAge = options?.remember ? deps.rememberMaxAge : deps.maxAge;
54
65
  const now = Math.floor(Date.now() / 1000);
55
66
  const payload = {
package/dist/auth.js CHANGED
@@ -15,6 +15,7 @@ const SESSION_DEFAULTS = {
15
15
  * createAuth<SessionUser>({ ... })
16
16
  */
17
17
  export function createAuth(config) {
18
+ // Structural validations — code-level config, always known at definition time
18
19
  if (config.resolveUser && config.sessionFields) {
19
20
  throw new Error('Provide either resolveUser or sessionFields, not both');
20
21
  }
@@ -25,25 +26,20 @@ export function createAuth(config) {
25
26
  throw new Error('sessionFields must contain at least one field besides id');
26
27
  }
27
28
  const configAutoTouch = config.session?.autoTouch ?? false;
28
- return (options) => {
29
- if (!config.secret || config.secret.length < 32) {
30
- throw new Error('secret must be at least 32 characters');
31
- }
32
- return createAuthInstance({
33
- secret: config.secret,
34
- cookie: config.cookie,
35
- cookieName: config.session?.cookieName ?? SESSION_DEFAULTS.cookieName,
36
- maxAge: config.session?.maxAge ?? SESSION_DEFAULTS.maxAge,
37
- rememberMaxAge: config.session?.rememberMaxAge ?? SESSION_DEFAULTS.rememberMaxAge,
38
- cookieOptions: config.session?.cookie ?? {},
39
- autoTouch: options?.autoTouch ?? configAutoTouch,
40
- resolveUser: config.resolveUser,
41
- sessionFields: config.sessionFields,
42
- hash: config.hash,
43
- resolveUserByCredentials: config.resolveUserByCredentials,
44
- credentialKey: config.credentialKey ?? 'password',
45
- passwordField: config.passwordField ?? 'password',
46
- attemptUser: config.attemptUser,
47
- });
48
- };
29
+ return (options) => createAuthInstance({
30
+ secret: config.secret,
31
+ cookie: config.cookie,
32
+ cookieName: config.session?.cookieName ?? SESSION_DEFAULTS.cookieName,
33
+ maxAge: config.session?.maxAge ?? SESSION_DEFAULTS.maxAge,
34
+ rememberMaxAge: config.session?.rememberMaxAge ?? SESSION_DEFAULTS.rememberMaxAge,
35
+ cookieOptions: config.session?.cookie ?? {},
36
+ autoTouch: options?.autoTouch ?? configAutoTouch,
37
+ resolveUser: config.resolveUser,
38
+ sessionFields: config.sessionFields,
39
+ hash: config.hash,
40
+ resolveUserByCredentials: config.resolveUserByCredentials,
41
+ credentialKey: config.credentialKey ?? 'password',
42
+ passwordField: config.passwordField ?? 'password',
43
+ attemptUser: config.attemptUser,
44
+ });
49
45
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "ideal-auth",
3
- "version": "1.3.0",
3
+ "version": "1.3.2",
4
4
  "description": "Auth primitives for the JS ecosystem. Zero framework dependencies.",
5
5
  "scripts": {
6
6
  "build": "tsc",