nextjs-cms 0.5.9 → 0.5.11

package/dist/auth/react.js

@@ -1,347 +1,347 @@
-/**
- * @module react
- */
-'use client';
-import * as React from 'react';
-import { fetchData, now, useOnline } from "./lib/client.js";
-import { useRouter } from 'next/navigation';
-import useAxiosPrivate from "./hooks/useAxiosPrivate.js";
-import useRefreshToken from "./hooks/useRefreshToken.js";
-export const __AUTH = {
-    _lastSync: 0,
-    _session: undefined,
-    _getSession: () => { },
-};
-export async function logout(options) {
-    const { deleteCookies = true } = options ?? {};
-    if (deleteCookies) {
-        /**
-         * Send a request to the server to remove the session.
-         * This will delete the cookies.
-         * It will also delete the session from the database if auth() is not null.
-         */
-        await fetch('/api/auth', {
-            method: 'DELETE',
-            headers: {
-                'Content-Type': 'application/json',
-                'x-csrf-token': await getCsrfToken(),
-            },
-        });
-    }
-    /**
-     * Broadcast a message to all other tabs/windows to tell them the user has logged out.
-     * This is to ensure all tabs/windows trigger a session update.
-     */
-    broadcast().postMessage({ event: 'session', data: { trigger: 'logout' } });
-    /**
-     * Remove the session in the current tab/window.
-     */
-    await __AUTH._getSession({ event: 'logout' });
-}
-export async function login({ username, password }) {
-    const response = await fetch('/api/auth', {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            'x-csrf-token': await getCsrfToken(),
-        },
-        body: JSON.stringify({ username, password }),
-    });
-    if (!response.ok) {
-        const error = await response.json();
-        throw new Error(error.error);
-    }
-    /**
-     * Broadcast a message to all other tabs/windows to tell them the user has logged in.
-     * This is to ensure all tabs/windows trigger a session update.
-     */
-    broadcast().postMessage({ event: 'session', data: { trigger: 'login' } });
-    /**
-     * Update the session in the current tab/window.
-     */
-    await __AUTH._getSession({ event: 'storage' });
-}
-export async function refreshSession() {
-    /**
-     * Broadcast a message to all other tabs/windows to tell them the session has been updated.
-     * This is to ensure all tabs/windows trigger a session update.
-     */
-    broadcast().postMessage({ event: 'session', data: { trigger: 'refresh' } });
-    /**
-     * Update the session in the current tab/window.
-     */
-    await __AUTH._getSession({ event: 'storage' });
-}
-/**
- * Returns the current CSRF token.
- * required to make requests that changes state.
- *
- * [CSRF Prevention: Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie)
- */
-export async function getCsrfToken() {
-    const response = await fetchData('csrf');
-    return response?.csrfToken ?? '';
-}
-let broadcastChannel = null;
-function getNewBroadcastChannel() {
-    return new BroadcastChannel('lzcms-auth');
-}
-function broadcast() {
-    if (typeof BroadcastChannel === 'undefined') {
-        return {
-            postMessage: () => { },
-            addEventListener: () => { },
-            removeEventListener: () => { },
-        };
-    }
-    if (broadcastChannel === null) {
-        broadcastChannel = getNewBroadcastChannel();
-    }
-    return broadcastChannel;
-}
-export async function getSession(params) {
-    const session = await fetchData('session', params);
-    if (params?.broadcast ?? true) {
-        const broadcastChannel = getNewBroadcastChannel();
-        broadcastChannel.postMessage({
-            event: 'session',
-            data: { trigger: 'getSession' },
-        });
-    }
-    return session;
-}
-export const SessionContext = React.createContext?.(undefined);
-export function useSession(options) {
-    const router = useRouter();
-    if (!SessionContext) {
-        throw new Error('React Context is unavailable in Server Components');
-    }
-    // @ts-expect-error Satisfy TS if branch on line below
-    const value = React.useContext(SessionContext);
-    if (!value && process.env.NODE_ENV !== 'production') {
-        throw new Error('[next-auth]: `useSession` must be wrapped in a <SessionProvider />');
-    }
-    const { required, onUnauthenticated } = options ?? {};
-    const requiredAndNotLoading = required && value.status === 'unauthenticated';
-    React.useEffect(() => {
-        if (requiredAndNotLoading) {
-            const url = `/auth/login?${new URLSearchParams({
-                callbackUrl: window.location.href,
-            })}`;
-            if (onUnauthenticated)
-                onUnauthenticated();
-            else
-                router.push(url);
-        }
-    }, [requiredAndNotLoading, onUnauthenticated]);
-    if (requiredAndNotLoading) {
-        return {
-            data: value.data,
-            update: value.update,
-            status: 'loading',
-        };
-    }
-    return value;
-}
-/**
- * [React Context](https://react.dev/learn/passing-data-deeply-with-context) provider to wrap the app (`pages/`) to make session data available anywhere.
- *
- * When used, the session state is automatically synchronized across all open tabs/windows and they are all updated whenever they gain or lose focus
- * or the state changes (e.g. a user signs in or out) when {@link SessionProviderProps.refetchOnWindowFocus} is `true`.
- *
- * :::info
- * `SessionProvider` is for client-side use only and when using [Next.js App Router (`app/`)](https://nextjs.org/blog/next-13-4#nextjs-app-router) you should prefer the `auth()` export.
- * :::
- */
-export function SessionProvider(props) {
-    if (!SessionContext) {
-        throw new Error('React Context is unavailable in Server Components');
-    }
-    const axiosPrivate = useAxiosPrivate({
-        refreshTokenOn: 404,
-    });
-    const { children, refetchInterval, refetchWhenOffline } = props;
-    /**
-     * If session was `null`, there was an attempt to fetch it,
-     * but it failed, but we still treat it as a valid initial value.
-     */
-    const hasInitialSession = props.session !== undefined;
-    /** If session was passed, initialize as already synced */
-    __AUTH._lastSync = hasInitialSession ? now() : 0;
-    const [session, setSession] = React.useState(() => {
-        if (hasInitialSession)
-            __AUTH._session = props.session;
-        return props.session;
-    });
-    /** If session was passed, initialize as not loading */
-    const [loading, setLoading] = React.useState(!hasInitialSession);
-    React.useEffect(() => {
-        async function generateInitialSession() {
-            /**
-             * Use the `axiosPrivate` instance to make a request to `/api/auth/session` to get the
-             * first session data. The reason for using `axiosPrivate` is to make sure that the client
-             * will initiate a refresh token process (with the refresh token cookie) if the access
-             * token cookie is expired. (TRPC custom refresh link can be used as well)
-             */
-            try {
-                const response = await axiosPrivate.get('/auth/session');
-                return response.data;
-            }
-            catch (error) {
-                return null;
-            }
-        }
-        async function init() {
-            /**
-             * Make sure the session is created at the start of the app.
-             * Is session is not set, this means this is the first time
-             * the app is being loaded.
-             */
-            if (__AUTH._session === undefined) {
-                const session = await generateInitialSession();
-                __AUTH._lastSync = now();
-                return session;
-            }
-            return __AUTH._session;
-        }
-        /**
-         * Initialize the session.
-         */
-        init()
-            .then(async (session) => {
-            if (session) {
-                __AUTH._session = session;
-                setSession(session);
-            }
-            else {
-                /**
-                 * It's not necessary to log out the user and broadcast the logout event,
-                 * because there are no cookies set to delete.
-                 * But it's a good practice to do so.
-                 */
-                // await logout()
-            }
-        })
-            .then(() => {
-            __AUTH._getSession = async ({ event } = {}) => {
-                try {
-                    /**
-                     * If the event is a logout event, we should clear the session and return early.
-                     */
-                    if (event === 'logout') {
-                        __AUTH._lastSync = now();
-                        __AUTH._session = null;
-                        setSession(null);
-                        return;
-                    }
-                    /**
-                     * If the event is a storage event, we should update the session and not broadcast the event.
-                     * Storage events can also be triggered when a broadcast message is sent from another
-                     * tab/window. (see below)
-                     */
-                    if (event === 'storage') {
-                        __AUTH._lastSync = now();
-                        __AUTH._session = await getSession({
-                            broadcast: false,
-                        });
-                        setSession(__AUTH._session);
-                        return;
-                    }
-                    if (
-                    // If there is no time defined for when a session should be considered
-                    // stale, then it's okay to use the value we have until an event is
-                    // triggered which updates it
-                    !event ||
-                        // If the client doesn't have a session then we don't need to call
-                        // the server to check if it does (if they have signed in via another
-                        // tab or window that will come through as a "storage" event anyway)
-                        __AUTH._session === null ||
-                        // Bail out early if the client session is not stale yet
-                        now() < __AUTH._lastSync) {
-                        return;
-                    }
-                    // An event or session staleness occurred, update the client session.
-                    __AUTH._lastSync = now();
-                    __AUTH._session = await getSession();
-                    setSession(__AUTH._session);
-                }
-                catch (error) {
-                    __AUTH._lastSync = now();
-                    __AUTH._session = null;
-                    setSession(null);
-                    // console.error('Error fetching session', error)
-                }
-                finally {
-                    setLoading(false);
-                }
-            };
-        })
-            .finally(() => setLoading(false));
-        return () => {
-            __AUTH._lastSync = 0;
-            __AUTH._session = undefined;
-            __AUTH._getSession = () => { };
-        };
-    }, []);
-    React.useEffect(() => {
-        const handle = () => __AUTH._getSession({ event: 'storage' });
-        // Listen for storage events and update session if event fired from
-        // another window (but suppress firing another event to avoid a loop)
-        // Fetch new session data but tell it not to fire another event to
-        // avoid an infinite loop.
-        // Note: We could pass session data through and do something like
-        // `setData(message.data)` but that can cause problems depending
-        // on how the session object is being used in the client; it is
-        // more robust to have each window/tab fetch it's own copy of the
-        // session object rather than share it across instances.
-        broadcast().addEventListener('message', handle);
-        return () => broadcast().removeEventListener('message', handle);
-    }, []);
-    React.useEffect(() => {
-        const { refetchOnWindowFocus = true } = props;
-        // Listen for when the page is visible, if the user switches tabs
-        // and makes our tab visible again, re-fetch the session, but only if
-        // this feature is not disabled.
-        const visibilityHandler = () => {
-            if (refetchOnWindowFocus && document.visibilityState === 'visible')
-                __AUTH._getSession({ event: 'visibilitychange' });
-        };
-        document.addEventListener('visibilitychange', visibilityHandler, false);
-        return () => document.removeEventListener('visibilitychange', visibilityHandler, false);
-    }, [props.refetchOnWindowFocus]);
-    const isOnline = useOnline();
-    // TODO: Flip this behavior in next major version
-    const shouldRefetch = refetchWhenOffline !== false || isOnline;
-    React.useEffect(() => {
-        if (refetchInterval && shouldRefetch) {
-            const refetchIntervalTimer = setInterval(() => {
-                if (__AUTH._session) {
-                    __AUTH._getSession({ event: 'poll' });
-                }
-            }, refetchInterval * 1000);
-            return () => clearInterval(refetchIntervalTimer);
-        }
-    }, [refetchInterval, shouldRefetch]);
-    const value = React.useMemo(() => ({
-        data: session,
-        status: loading ? 'loading' : session ? 'authenticated' : 'unauthenticated',
-        async update(data) {
-            if (loading)
-                return;
-            setLoading(true);
-            const newSession = await fetchData('session', typeof data === 'undefined' ? undefined : { body: { data } });
-            setLoading(false);
-            if (newSession) {
-                setSession(newSession);
-                broadcast().postMessage({
-                    event: 'session',
-                    data: { trigger: 'getSession' },
-                });
-            }
-            return newSession;
-        },
-    }), [session, loading]);
-    return React.createElement(SessionContext.Provider, { value: value }, children);
-}
-export { useAxiosPrivate, useRefreshToken };
-export { refreshTokenLink } from "./trpc.js";
+/**
+ * @module react
+ */
+'use client';
+import * as React from 'react';
+import { fetchData, now, useOnline } from './lib/client.js';
+import { useRouter } from 'next/navigation';
+import useAxiosPrivate from './hooks/useAxiosPrivate.js';
+import useRefreshToken from './hooks/useRefreshToken.js';
+export const __AUTH = {
+    _lastSync: 0,
+    _session: undefined,
+    _getSession: () => { },
+};
+export async function logout(options) {
+    const { deleteCookies = true } = options ?? {};
+    if (deleteCookies) {
+        /**
+         * Send a request to the server to remove the session.
+         * This will delete the cookies.
+         * It will also delete the session from the database if auth() is not null.
+         */
+        await fetch('/api/auth', {
+            method: 'DELETE',
+            headers: {
+                'Content-Type': 'application/json',
+                'x-csrf-token': await getCsrfToken(),
+            },
+        });
+    }
+    /**
+     * Broadcast a message to all other tabs/windows to tell them the user has logged out.
+     * This is to ensure all tabs/windows trigger a session update.
+     */
+    broadcast().postMessage({ event: 'session', data: { trigger: 'logout' } });
+    /**
+     * Remove the session in the current tab/window.
+     */
+    await __AUTH._getSession({ event: 'logout' });
+}
+export async function login({ username, password }) {
+    const response = await fetch('/api/auth', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'x-csrf-token': await getCsrfToken(),
+        },
+        body: JSON.stringify({ username, password }),
+    });
+    if (!response.ok) {
+        const error = await response.json();
+        throw new Error(error.error);
+    }
+    /**
+     * Broadcast a message to all other tabs/windows to tell them the user has logged in.
+     * This is to ensure all tabs/windows trigger a session update.
+     */
+    broadcast().postMessage({ event: 'session', data: { trigger: 'login' } });
+    /**
+     * Update the session in the current tab/window.
+     */
+    await __AUTH._getSession({ event: 'storage' });
+}
+export async function refreshSession() {
+    /**
+     * Broadcast a message to all other tabs/windows to tell them the session has been updated.
+     * This is to ensure all tabs/windows trigger a session update.
+     */
+    broadcast().postMessage({ event: 'session', data: { trigger: 'refresh' } });
+    /**
+     * Update the session in the current tab/window.
+     */
+    await __AUTH._getSession({ event: 'storage' });
+}
+/**
+ * Returns the current CSRF token.
+ * required to make requests that changes state.
+ *
+ * [CSRF Prevention: Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie)
+ */
+export async function getCsrfToken() {
+    const response = await fetchData('csrf');
+    return response?.csrfToken ?? '';
+}
+let broadcastChannel = null;
+function getNewBroadcastChannel() {
+    return new BroadcastChannel('lzcms-auth');
+}
+function broadcast() {
+    if (typeof BroadcastChannel === 'undefined') {
+        return {
+            postMessage: () => { },
+            addEventListener: () => { },
+            removeEventListener: () => { },
+        };
+    }
+    if (broadcastChannel === null) {
+        broadcastChannel = getNewBroadcastChannel();
+    }
+    return broadcastChannel;
+}
+export async function getSession(params) {
+    const session = await fetchData('session', params);
+    if (params?.broadcast ?? true) {
+        const broadcastChannel = getNewBroadcastChannel();
+        broadcastChannel.postMessage({
+            event: 'session',
+            data: { trigger: 'getSession' },
+        });
+    }
+    return session;
+}
+export const SessionContext = React.createContext?.(undefined);
+export function useSession(options) {
+    const router = useRouter();
+    if (!SessionContext) {
+        throw new Error('React Context is unavailable in Server Components');
+    }
+    // @ts-expect-error Satisfy TS if branch on line below
+    const value = React.useContext(SessionContext);
+    if (!value && process.env.NODE_ENV !== 'production') {
+        throw new Error('[next-auth]: `useSession` must be wrapped in a <SessionProvider />');
+    }
+    const { required, onUnauthenticated } = options ?? {};
+    const requiredAndNotLoading = required && value.status === 'unauthenticated';
+    React.useEffect(() => {
+        if (requiredAndNotLoading) {
+            const url = `/auth/login?${new URLSearchParams({
+                callbackUrl: window.location.href,
+            })}`;
+            if (onUnauthenticated)
+                onUnauthenticated();
+            else
+                router.push(url);
+        }
+    }, [requiredAndNotLoading, onUnauthenticated]);
+    if (requiredAndNotLoading) {
+        return {
+            data: value.data,
+            update: value.update,
+            status: 'loading',
+        };
+    }
+    return value;
+}
+/**
+ * [React Context](https://react.dev/learn/passing-data-deeply-with-context) provider to wrap the app (`pages/`) to make session data available anywhere.
+ *
+ * When used, the session state is automatically synchronized across all open tabs/windows and they are all updated whenever they gain or lose focus
+ * or the state changes (e.g. a user signs in or out) when {@link SessionProviderProps.refetchOnWindowFocus} is `true`.
+ *
+ * :::info
+ * `SessionProvider` is for client-side use only and when using [Next.js App Router (`app/`)](https://nextjs.org/blog/next-13-4#nextjs-app-router) you should prefer the `auth()` export.
+ * :::
+ */
+export function SessionProvider(props) {
+    if (!SessionContext) {
+        throw new Error('React Context is unavailable in Server Components');
+    }
+    const axiosPrivate = useAxiosPrivate({
+        refreshTokenOn: 404,
+    });
+    const { children, refetchInterval, refetchWhenOffline } = props;
+    /**
+     * If session was `null`, there was an attempt to fetch it,
+     * but it failed, but we still treat it as a valid initial value.
+     */
+    const hasInitialSession = props.session !== undefined;
+    /** If session was passed, initialize as already synced */
+    __AUTH._lastSync = hasInitialSession ? now() : 0;
+    const [session, setSession] = React.useState(() => {
+        if (hasInitialSession)
+            __AUTH._session = props.session;
+        return props.session;
+    });
+    /** If session was passed, initialize as not loading */
+    const [loading, setLoading] = React.useState(!hasInitialSession);
+    React.useEffect(() => {
+        async function generateInitialSession() {
+            /**
+             * Use the `axiosPrivate` instance to make a request to `/api/auth/session` to get the
+             * first session data. The reason for using `axiosPrivate` is to make sure that the client
+             * will initiate a refresh token process (with the refresh token cookie) if the access
+             * token cookie is expired. (TRPC custom refresh link can be used as well)
+             */
+            try {
+                const response = await axiosPrivate.get('/auth/session');
+                return response.data;
+            }
+            catch (error) {
+                return null;
+            }
+        }
+        async function init() {
+            /**
+             * Make sure the session is created at the start of the app.
+             * Is session is not set, this means this is the first time
+             * the app is being loaded.
+             */
+            if (__AUTH._session === undefined) {
+                const session = await generateInitialSession();
+                __AUTH._lastSync = now();
+                return session;
+            }
+            return __AUTH._session;
+        }
+        /**
+         * Initialize the session.
+         */
+        init()
+            .then(async (session) => {
+            if (session) {
+                __AUTH._session = session;
+                setSession(session);
+            }
+            else {
+                /**
+                 * It's not necessary to log out the user and broadcast the logout event,
+                 * because there are no cookies set to delete.
+                 * But it's a good practice to do so.
+                 */
+                // await logout()
+            }
+        })
+            .then(() => {
+            __AUTH._getSession = async ({ event } = {}) => {
+                try {
+                    /**
+                     * If the event is a logout event, we should clear the session and return early.
+                     */
+                    if (event === 'logout') {
+                        __AUTH._lastSync = now();
+                        __AUTH._session = null;
+                        setSession(null);
+                        return;
+                    }
+                    /**
+                     * If the event is a storage event, we should update the session and not broadcast the event.
+                     * Storage events can also be triggered when a broadcast message is sent from another
+                     * tab/window. (see below)
+                     */
+                    if (event === 'storage') {
+                        __AUTH._lastSync = now();
+                        __AUTH._session = await getSession({
+                            broadcast: false,
+                        });
+                        setSession(__AUTH._session);
+                        return;
+                    }
+                    if (
+                    // If there is no time defined for when a session should be considered
+                    // stale, then it's okay to use the value we have until an event is
+                    // triggered which updates it
+                    !event ||
+                        // If the client doesn't have a session then we don't need to call
+                        // the server to check if it does (if they have signed in via another
+                        // tab or window that will come through as a "storage" event anyway)
+                        __AUTH._session === null ||
+                        // Bail out early if the client session is not stale yet
+                        now() < __AUTH._lastSync) {
+                        return;
+                    }
+                    // An event or session staleness occurred, update the client session.
+                    __AUTH._lastSync = now();
+                    __AUTH._session = await getSession();
+                    setSession(__AUTH._session);
+                }
+                catch (error) {
+                    __AUTH._lastSync = now();
+                    __AUTH._session = null;
+                    setSession(null);
+                    // console.error('Error fetching session', error)
+                }
+                finally {
+                    setLoading(false);
+                }
+            };
+        })
+            .finally(() => setLoading(false));
+        return () => {
+            __AUTH._lastSync = 0;
+            __AUTH._session = undefined;
+            __AUTH._getSession = () => { };
+        };
+    }, []);
+    React.useEffect(() => {
+        const handle = () => __AUTH._getSession({ event: 'storage' });
+        // Listen for storage events and update session if event fired from
+        // another window (but suppress firing another event to avoid a loop)
+        // Fetch new session data but tell it not to fire another event to
+        // avoid an infinite loop.
+        // Note: We could pass session data through and do something like
+        // `setData(message.data)` but that can cause problems depending
+        // on how the session object is being used in the client; it is
+        // more robust to have each window/tab fetch it's own copy of the
+        // session object rather than share it across instances.
+        broadcast().addEventListener('message', handle);
+        return () => broadcast().removeEventListener('message', handle);
+    }, []);
+    React.useEffect(() => {
+        const { refetchOnWindowFocus = true } = props;
+        // Listen for when the page is visible, if the user switches tabs
+        // and makes our tab visible again, re-fetch the session, but only if
+        // this feature is not disabled.
+        const visibilityHandler = () => {
+            if (refetchOnWindowFocus && document.visibilityState === 'visible')
+                __AUTH._getSession({ event: 'visibilitychange' });
+        };
+        document.addEventListener('visibilitychange', visibilityHandler, false);
+        return () => document.removeEventListener('visibilitychange', visibilityHandler, false);
+    }, [props.refetchOnWindowFocus]);
+    const isOnline = useOnline();
+    // TODO: Flip this behavior in next major version
+    const shouldRefetch = refetchWhenOffline !== false || isOnline;
+    React.useEffect(() => {
+        if (refetchInterval && shouldRefetch) {
+            const refetchIntervalTimer = setInterval(() => {
+                if (__AUTH._session) {
+                    __AUTH._getSession({ event: 'poll' });
+                }
+            }, refetchInterval * 1000);
+            return () => clearInterval(refetchIntervalTimer);
+        }
+    }, [refetchInterval, shouldRefetch]);
+    const value = React.useMemo(() => ({
+        data: session,
+        status: loading ? 'loading' : session ? 'authenticated' : 'unauthenticated',
+        async update(data) {
+            if (loading)
+                return;
+            setLoading(true);
+            const newSession = await fetchData('session', typeof data === 'undefined' ? undefined : { body: { data } });
+            setLoading(false);
+            if (newSession) {
+                setSession(newSession);
+                broadcast().postMessage({
+                    event: 'session',
+                    data: { trigger: 'getSession' },
+                });
+            }
+            return newSession;
+        },
+    }), [session, loading]);
+    return React.createElement(SessionContext.Provider, { value: value }, children);
+}
+export { useAxiosPrivate, useRefreshToken };
+export { refreshTokenLink } from './trpc';