orange-auth 1.0.0 → 1.2.0

package/LICENSE

@@ -1,21 +1,21 @@
-    MIT License
-
-    Copyright (c) Mathieu Dery.
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    MIT License
+
+    Copyright (c) Mathieu Dery.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
     SOFTWARE

package/dist/@types/globals.d.ts

@@ -1,3 +1,6 @@
+import type { SerializeOptions } from "cookie";
+import type { IProvider } from "../providers/IProvider";
+import type { IStrategy } from "../strategies/IStrategy";
 /**
  * This is a Promise, or not...
  */
@@ -8,4 +11,87 @@ export type MaybePromise<T> = T | Promise<T>;
 export interface Session extends Record<string, unknown> {
     id: string;
 }
+/**
+ * Parameters for the custom callbacks
+ */
+type CallbackParams = {
+    /**
+     * The current token
+     */
+    token: string;
+    /**
+     * The current deserialized token
+     */
+    session: Session;
+    /**
+     * TThe request's headers
+     */
+    headers: Headers;
+};
+/**
+ * Auth Configuration props.
+ */
+export type ConfigOptionsProps = Readonly<{
+    /**
+     * All the available providers.
+     * If multiple instance of a single provider are used, the order does matter.
+     */
+    providers: IProvider[];
+    /**
+     * Your secret key.
+     */
+    secret: string | {
+        publicKey: string;
+        privateKey: string;
+    };
+    /**
+     * A custom name for the cookie.
+     * Otherwise, the default name will be `orange.auth`
+     */
+    cookieName?: string;
+    /**
+     * The strategy to be used.
+     */
+    strategy: IStrategy;
+    /**
+     * This should be the url path that your auth is set up on, including the action and provider variables.
+     * @example
+     * ```js
+     * const app = express();
+     *
+     * const { handler } = CreateAuth({
+     *   basePath: "/api/auth/:action/:provider",
+     *   ...
+     * });
+     *
+     * app.all("/api/auth/{*auth}", createHandler(handler)());
+     * ```
+     */
+    basePath: string;
+    /**
+     * Cookie serialization options. see [MDN Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies)
+     */
+    cookieSettings?: SerializeOptions;
+    /**
+     * Custom callbacks
+     */
+    callbacks?: {
+        /**
+         * Custom login callback. This is ran after logging in with the provider.
+         * This can accept 2 return types: a boolean that indicates if the login is valid,
+         * or a url which will redirect the user.
+         * @param params An object containing the token, session and headers of a request.
+         * @returns a boolean that indicates if the login is valid,
+         * or a url which will redirect the user.
+         */
+        login?: (params: CallbackParams) => MaybePromise<boolean | string>;
+        /**
+         * Custom logout callback. This is ran before logging out with the strategy.
+         * @param params An object containing the token, session and headers of a request.
+         * @returns Nothing, or an empty promise.
+         */
+        logout?: (params: CallbackParams) => MaybePromise<void>;
+    };
+}>;
+export {};
 //# sourceMappingURL=globals.d.ts.map

package/dist/@types/globals.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"globals.d.ts","sourceRoot":"","sources":["../../src/@types/globals.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAE7C;;GAEG;AACH,MAAM,WAAW,OAAQ,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACpD,EAAE,EAAE,MAAM,CAAC;CACd"}
+{"version":3,"file":"globals.d.ts","sourceRoot":"","sources":["../../src/@types/globals.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAC/C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAE7C;;GAEG;AACH,MAAM,WAAW,OAAQ,SAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACpD,EAAE,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,KAAK,cAAc,GAAG;IAClB;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IACjB;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACtC;;;OAGG;IACH,SAAS,EAAE,SAAS,EAAE,CAAC;IAEvB;;OAEG;IACH,MAAM,EAAE,MAAM,GAAG;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAE3D;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,EAAE,SAAS,CAAC;IAEpB;;;;;;;;;;;;;OAaG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,cAAc,CAAC,EAAE,gBAAgB,CAAC;IAElC;;OAEG;IACH,SAAS,CAAC,EAAE;QACR;;;;;;;WAOG;QACH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,YAAY,CAAC,OAAO,GAAG,MAAM,CAAC,CAAC;QAEnE;;;;WAIG;QACH,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,YAAY,CAAC,IAAI,CAAC,CAAC;KAC3D,CAAC;CACL,CAAC,CAAC"}

package/dist/@types/internals.d.ts

@@ -1,6 +1,13 @@
-import type { ConfigOptionsProps } from "../lib";
+import type { RequiredDeep } from "type-fest";
+import type { ConfigOptionsProps } from "./globals";
 /**
  * Internally used version of the options
  */
-export type ConfigOptions = Required<Omit<ConfigOptionsProps, "basePath">>;
+export type ConfigOptions = Omit<RequiredDeep<Omit<ConfigOptionsProps, "basePath">>, "cookieSettings"> & {
+    cookieSettings: NonNullable<ConfigOptionsProps["cookieSettings"]>;
+};
+/**
+ * Maybe there is a value, maybe not 🤷‍♂️
+ */
+export type Maybe<T> = T | null | undefined;
 //# sourceMappingURL=internals.d.ts.map

package/dist/@types/internals.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"internals.d.ts","sourceRoot":"","sources":["../../src/@types/internals.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,QAAQ,CAAC;AAEjD;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,CAAC,kBAAkB,EAAE,UAAU,CAAC,CAAC,CAAC"}
+{"version":3,"file":"internals.d.ts","sourceRoot":"","sources":["../../src/@types/internals.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAEpD;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,kBAAkB,EAAE,UAAU,CAAC,CAAC,EAAE,gBAAgB,CAAC,GAAG;IAErG,cAAc,EAAE,WAAW,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC,CAAC;CACrE,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC"}

package/dist/functions/index.d.ts

@@ -1,2 +1,3 @@
 export * from "./jwt";
+export * from "./urlencodedToJson";
 //# sourceMappingURL=index.d.ts.map

package/dist/functions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/functions/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/functions/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAC;AACtB,cAAc,oBAAoB,CAAC"}

package/dist/functions/index.js

@@ -1 +1,2 @@
 export * from "./jwt";
+export * from "./urlencodedToJson";

package/dist/functions/urlencodedToJson.d.ts

@@ -0,0 +1,2 @@
+export declare function urlencodedToJson<T extends object = object>(value: string): T;
+//# sourceMappingURL=urlencodedToJson.d.ts.map

package/dist/functions/urlencodedToJson.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"urlencodedToJson.d.ts","sourceRoot":"","sources":["../../src/functions/urlencodedToJson.ts"],"names":[],"mappings":"AAAA,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,CAAC,CAS5E"}

package/dist/functions/urlencodedToJson.js

@@ -0,0 +1,8 @@
+export function urlencodedToJson(value) {
+    return Object.fromEntries(value
+        .trim()
+        .split("&")
+        .map((s) => s.split("="))
+        .filter((pair) => pair.length === 2)
+        .map((pair) => pair.map(decodeURIComponent)));
+}

package/dist/lib.d.ts

@@ -1,63 +1,46 @@
+import type { Maybe } from "./@types/internals";
 import type { Session } from "./@types/globals";
-import type { IStrategy } from "./strategies/IStrategy";
-import type { IProvider } from "./providers/IProvider";
-import { type SerializeOptions } from "cookie";
-type Maybe<T> = T | null | undefined;
 /**
- * Auth Configuration props.
+ * Initializes the auth. This should be called once per backend.
+ * @param req Something that has a `headers` field; either a Headers instance, or just a plain object.
+ * @returns A session if found and valid, or `null`.
  */
-export type ConfigOptionsProps = Readonly<{
-    /**
-     * All the available providers.
-     * If multiple instance of a single provider are used, the order does matter.
-     */
-    providers: IProvider[];
-    /**
-     * Your secret key.
-     */
+export declare const CreateAuth: (config: Readonly<{
+    providers: import("./providers").IProvider[];
     secret: string | {
         publicKey: string;
         privateKey: string;
     };
-    /**
-     * A custom name for the cookie.
-     * Otherwise, the default name will be `orange.auth`
-     */
     cookieName?: string;
-    /**
-     * The strategy to be used.
-     */
-    strategy: IStrategy;
-    /**
-     * This should be the url path that your auth is set up on, including the action and provider variables.
-     * @example
-     * ```js
-     * const app = express();
-     *
-     * const { handler } = CreateAuth({
-     *   basePath: "/api/auth/:action/:provider",
-     *   ...
-     * });
-     *
-     * app.all("/api/auth/{*auth}", createHandler(handler)());
-     * ```
-     */
+    strategy: import("./strategies").IStrategy;
     basePath: string;
+    cookieSettings?: import("cookie").SerializeOptions;
+    callbacks?: {
+        login?: (params: {
+            token: string;
+            session: Session;
+            headers: Headers;
+        }) => import(".").MaybePromise<boolean | string>;
+        logout?: (params: {
+            token: string;
+            session: Session;
+            headers: Headers;
+        }) => import(".").MaybePromise<void>;
+    };
+}>) => {
     /**
-     * Cookie serialization options. see [MDN Cookie](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies)
+     * Universal handler route. You can use this with the `createHandler()` method
+     * @returns
      */
-    cookieSettings?: SerializeOptions;
-}>;
-/**
- * Access a user's session.
- * @param req Something that has a `headers` field; either a Headers instance, or just a plain object.
- * @returns A session if found and valid, or `null`.
- */
-export declare const CreateAuth: (config: ConfigOptionsProps) => {
     handler: () => (req: Request, _: Universal.Context, runtime: import("@universal-middleware/core").RuntimeAdapter) => Promise<Response>;
+    /**
+     * Deserialize a user's session.
+     * @param globalCfg The global auth config
+     * @param req An object having a headers field
+     * @returns A user's token and session, if found and valid
+     */
     getSession: <T extends Session = Session>(req: {
         headers: Maybe<Headers | Record<string, string>>;
     }) => Promise<T | null>;
 };
-export {};
 //# sourceMappingURL=lib.d.ts.map

package/dist/lib.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"lib.d.ts","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,KAAK,EAAW,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAuB,KAAK,gBAAgB,EAAE,MAAM,QAAQ,CAAC;AAGpE,KAAK,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC;AAarC;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,QAAQ,CAAC;IACtC;;;OAGG;IACH,SAAS,EAAE,SAAS,EAAE,CAAC;IAEvB;;OAEG;IACH,MAAM,EAAE,MAAM,GAAG;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAE3D;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,QAAQ,EAAE,SAAS,CAAC;IAEpB;;;;;;;;;;;;;OAaG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,cAAc,CAAC,EAAE,gBAAgB,CAAC;CACrC,CAAC,CAAC;AAEH;;;;GAIG;AACH,eAAO,MAAM,UAAU,WAAa,kBAAkB;;iBA0F3B,CAAC,SAAS,OAAO,iBAAiB;QAAE,OAAO,EAAE,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;KAAE;CA4BhH,CAAC"}
+{"version":3,"file":"lib.d.ts","sourceRoot":"","sources":["../src/lib.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAiB,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE/D,OAAO,KAAK,EAAsB,OAAO,EAAE,MAAM,kBAAkB,CAAC;AA4CpE;;;;GAIG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;aAYuB,CAAA;;;;;cAUvB,CAAC;;;;;;;IAOhB;;;OAGG;;IAwGH;;;;;OAKG;iBACU,CAAC,SAAS,OAAO,iBAAiB;QAAE,OAAO,EAAE,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;KAAE,KAEnC,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;CAUxF,CAAC"}

package/dist/lib.js

@@ -1,24 +1,47 @@
 import Cookies from "universal-cookie";
-import { assign, find, isNil } from "lodash-es";
 import { serialize as cookie } from "cookie";
+import { assign, find, isNil, isString, merge } from "lodash-es";
 import { params } from "@universal-middleware/core";
-if (!globalThis.crypto) {
-    /**
-     * Polyfill needed if this code runs on node18
-     */
-    Object.defineProperty(globalThis, "crypto", {
-        value: await import("node:crypto").then((crypto) => crypto.webcrypto),
-        writable: false,
-        configurable: true,
-    });
-}
 /**
- * Access a user's session.
+ * Deserialize a user's session based of the headers
+ * @param globalCfg The global auth config
+ * @param req An object having a headers field
+ * @returns A user's token and session, if found and valid
+ */
+const getSession = async (globalCfg, req) => {
+    if (isNil(req.headers))
+        return {
+            session: null,
+            token: null,
+        };
+    // Find the correct cookie header
+    const cookieHeader = req.headers instanceof Headers ? req.headers.get("cookie") : req.headers["cookie"];
+    const cookie = new Cookies(cookieHeader);
+    if (isNil(cookie))
+        return {
+            session: null,
+            token: null,
+        };
+    // Tries to extract the specific cookie.
+    const token = cookie.get(globalCfg.cookieName);
+    if (isNil(token))
+        return {
+            session: null,
+            token: null,
+        };
+    // Tries to deserialize it
+    return {
+        session: (await globalCfg.strategy.deserialize(token, globalCfg)),
+        token: token,
+    };
+};
+/**
+ * Initializes the auth. This should be called once per backend.
  * @param req Something that has a `headers` field; either a Headers instance, or just a plain object.
  * @returns A session if found and valid, or `null`.
  */
 export const CreateAuth = ((config) => {
-    const { secret, strategy, cookieName, providers, cookieSettings, basePath } = config;
+    const { secret, strategy, cookieName, providers, cookieSettings, basePath, callbacks } = config;
     if (isNil(secret)) {
         throw new Error('[ERROR]: Auth secret missing! Make sure to set the "secret" variable in the auth\'s config.');
     }
@@ -39,8 +62,13 @@ export const CreateAuth = ((config) => {
             secure: true,
             maxAge: 3600,
         },
+        callbacks: merge({}, { login: () => ({}), logout: () => ({}) }, callbacks),
     };
     return {
+        /**
+         * Universal handler route. You can use this with the `createHandler()` method
+         * @returns
+         */
         handler: () => async (req, _, runtime) => {
             // Tries to get the action and provider info from the url
             const routeParams = params(req, runtime, basePath);
@@ -61,14 +89,48 @@ export const CreateAuth = ((config) => {
                     // If failed, return Bad Request response
                     if (isNil(token))
                         return new Response(null, { status: 400 });
+                    const params = await getSession(globalCfg, {
+                        // The cookie header is faked here, since the request does not have any token yet.
+                        headers: { cookie: cookie(globalCfg.cookieName, token) },
+                    });
+                    // If there is no session at this point, something as gone wrong
+                    if (isNil(params.session) || isNil(params.token)) {
+                        console.error("[AUTH ERROR]: Missing session after login");
+                        return new Response("internal server error", { status: 500 });
+                    }
+                    // Run the login callback
+                    const customRes = await globalCfg.callbacks.login({
+                        headers: req.headers,
+                        token: params.token,
+                        session: params.session,
+                    });
+                    // If the result is false, fail the login
+                    if (customRes === false) {
+                        return new Response("Bad Request", { status: 400 });
+                    }
+                    // If the result is a string, assume it is a redirection path
+                    if (isString(customRes)) {
+                        const headers = new Headers();
+                        headers.set("Location", customRes);
+                        return new Response(null, { status: 308, headers });
+                    }
                     // Creates the set-cookie header
                     const headers = new Headers();
                     headers.set("Set-Cookie", cookie(globalCfg.cookieName, token, globalCfg.cookieSettings));
-                    // And returns it
+                    // And return it
                     return new Response(null, { status: 200, headers });
                 }
                 case "logout": {
-                    // Use the strategy  to logout
+                    const params = await getSession(globalCfg, req);
+                    // If there is no session, no need to call the callback
+                    if (!isNil(params.session) && !isNil(params.token)) {
+                        await globalCfg.callbacks.logout({
+                            headers: req.headers,
+                            token: params.token,
+                            session: params.session,
+                        });
+                    }
+                    // Use the strategy to logout
                     await globalCfg.strategy.logOut(req, globalCfg);
                     // Clears the header.
                     const headers = new Headers();
@@ -86,22 +148,14 @@ export const CreateAuth = ((config) => {
                     return new Response("Page not found", { status: 404 });
             }
         },
-        getSession: async (req) => {
-            if (isNil(req.headers))
-                return null;
-            // Here, it always outputs the original state
-            // console.log(ConfigManager.get());
-            // Find the correct cookie header
-            const cookieHeader = req.headers instanceof Headers ? req.headers.get("cookie") : req.headers["cookie"];
-            const cookie = new Cookies(cookieHeader);
-            if (isNil(cookie))
-                return null;
-            // Tries to extract the specific cookie.
-            const token = cookie.get(globalCfg.cookieName);
-            if (isNil(token))
-                return null;
-            // Tries to deserialize it
-            return globalCfg.strategy.deserialize(token, globalCfg);
-        },
+        /**
+         * Deserialize a user's session.
+         * @param globalCfg The global auth config
+         * @param req An object having a headers field
+         * @returns A user's token and session, if found and valid
+         */
+        getSession: (req) => 
+        // Only returns the session
+        getSession(globalCfg, req).then((doc) => doc.session),
     };
 });

package/dist/providers/Credentials.d.ts

@@ -1,6 +1,6 @@
 import { IProvider } from "./IProvider";
-import type { Session, MaybePromise } from "../@types/globals";
 import type { ConfigOptions } from "../@types/internals";
+import type { Session, MaybePromise } from "../@types/globals";
 /**
  * Configuration options of the Credentials provider
  */
@@ -28,7 +28,6 @@ export type CredentialsConfig<TCredentials extends string> = Readonly<{
 export declare class Credentials<TCredentials extends string = string> extends IProvider {
     private config;
     constructor(config: CredentialsConfig<TCredentials>);
-    getSession(): Promise<Session | null>;
     logIn(req: Request, globalCfg: ConfigOptions): Promise<string | null>;
 }
 //# sourceMappingURL=Credentials.d.ts.map

package/dist/providers/Credentials.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Credentials.d.ts","sourceRoot":"","sources":["../../src/providers/Credentials.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,YAAY,SAAS,MAAM,IAAI,QAAQ,CAAC;IAClE;;;OAGG;IACH,IAAI,CAAC,EAAE,aAAa,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACrC;;OAEG;IACH,WAAW,EAAE,YAAY,EAAE,CAAC;IAC5B;;;;;OAKG;IACH,SAAS,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,KAAK,YAAY,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;CAC1F,CAAC,CAAC;AAEH;;GAEG;AACH,qBAAa,WAAW,CAAC,YAAY,SAAS,MAAM,GAAG,MAAM,CAAE,SAAQ,SAAS;IAC5E,OAAO,CAAC,MAAM,CAAkC;gBAEpC,MAAM,EAAE,iBAAiB,CAAC,YAAY,CAAC;IAK7B,UAAU,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAIrC,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAW9F"}
+{"version":3,"file":"Credentials.d.ts","sourceRoot":"","sources":["../../src/providers/Credentials.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAE/D;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,YAAY,SAAS,MAAM,IAAI,QAAQ,CAAC;IAClE;;;OAGG;IACH,IAAI,CAAC,EAAE,aAAa,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACrC;;OAEG;IACH,WAAW,EAAE,YAAY,EAAE,CAAC;IAC5B;;;;;OAKG;IACH,SAAS,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,KAAK,YAAY,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;CAC1F,CAAC,CAAC;AAEH;;GAEG;AACH,qBAAa,WAAW,CAAC,YAAY,SAAS,MAAM,GAAG,MAAM,CAAE,SAAQ,SAAS;IAC5E,OAAO,CAAC,MAAM,CAAkC;gBAEpC,MAAM,EAAE,iBAAiB,CAAC,YAAY,CAAC;IAK7B,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAgC9F"}

package/dist/providers/Credentials.js

@@ -1,5 +1,6 @@
 import { isNil } from "lodash-es";
 import { IProvider } from "./IProvider";
+import { urlencodedToJson } from "../functions";
 /**
  * Provider used to login a user using basic credentials.
  */
@@ -9,17 +10,33 @@ export class Credentials extends IProvider {
         super(config.name ?? "credentials");
         this.config = config;
     }
-    async getSession() {
-        throw new Error("This should never be used");
-    }
     async logIn(req, globalCfg) {
-        // We assume the  body is json here, might change that later to be more flexible
-        const body = (await req.json());
+        const contentType = req.headers.get("Content-Type")?.split(";")[0] ?? "text/plain";
+        let body;
+        switch (contentType) {
+            case "application/json":
+                body = await req.json();
+                break;
+            case "application/x-www-urlencoded":
+                body = await req.text().then((urlencodedToJson));
+                break;
+            case "multipart/form-data":
+                const data = await req.formData();
+                body = Object.fromEntries(data);
+                break;
+            // fields should come from a form, so every un-supported types will be failing.
+            case "text/plain":
+            default:
+                return null;
+        }
         // Calls the user defined authorize callback
         const session = await this.config.authorize(body);
         if (isNil(session))
             return null;
         // Create a token
-        return globalCfg.strategy.serialize(session, globalCfg);
+        return globalCfg.strategy.serialize(session, globalCfg).catch((err) => {
+            console.log(err);
+            return null;
+        });
     }
 }

package/dist/providers/IProvider.d.ts

@@ -1,4 +1,3 @@
-import type { Session } from "../@types/globals";
 import type { ConfigOptions } from "../@types/internals";
 /**
  * Available url callback actions.
@@ -18,8 +17,6 @@ declare abstract class IProvider {
      * The provider ID.
      */
     get ID(): string;
-    /** @deprecated You can use the top level `getSession` instead. */
-    abstract getSession(req: Request, globalCfg: ConfigOptions): Promise<Session | null>;
     /**
      * Login function. This is used to call all the login flows of each provider.
      * For now, the request's body **MUST** be JSON.

package/dist/providers/IProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"IProvider.d.ts","sourceRoot":"","sources":["../../src/providers/IProvider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,QAAQ,CAAC;AAEzC;;;GAGG;AACH,uBAAe,SAAS;IACpB;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;gBAElB,EAAE,EAAE,MAAM;IAItB;;OAEG;IACH,IAAW,EAAE,IAAI,MAAM,CAEtB;IAED,kEAAkE;aAClD,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAE3F;;;;;OAKG;aACa,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CACxF;AAED,OAAO,EAAE,SAAS,EAAE,CAAC"}
+{"version":3,"file":"IProvider.d.ts","sourceRoot":"","sources":["../../src/providers/IProvider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,QAAQ,CAAC;AAEzC;;;GAGG;AACH,uBAAe,SAAS;IACpB;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;gBAElB,EAAE,EAAE,MAAM;IAItB;;OAEG;IACH,IAAW,EAAE,IAAI,MAAM,CAEtB;IAED;;;;;OAKG;aACa,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CACxF;AAED,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/strategies/IStrategy.d.ts

@@ -1,9 +1,28 @@
-import { type Session } from "../@types/globals";
+import { type MaybePromise, type Session } from "../@types/globals";
 import type { ConfigOptions } from "../@types/internals";
+/**
+ * Strategies callbacks
+ */
+export type Callbacks = Partial<{
+    /**
+     * Pre-serialization callback. This can be used to add some steps to this process.
+     * @param session The session to be serialized.
+     * @returns A boolean representing if the serialization should occur.
+     */
+    serialize: (session: Session) => MaybePromise<boolean>;
+    /**
+     * Post-deserialization callback. This can be used to add some validation to this process.
+     * @param session The token that was deserialized.
+     * @returns A boolean representing if the deserialization is valid.
+     */
+    deserialize: (token: string, session: Session) => MaybePromise<boolean>;
+}>;
 /**
  * A strategy is used to handle the creation, validation and accessing a user's session.
  */
 declare abstract class IStrategy {
+    protected callbacks: Callbacks;
+    constructor(callbacks: Callbacks);
     /**
      * Handles how a session token is generated.
      * @param session The validated session object.

package/dist/strategies/IStrategy.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"IStrategy.d.ts","sourceRoot":"","sources":["../../src/strategies/IStrategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;GAEG;AACH,uBAAe,SAAS;IACpB;;;;;OAKG;aACa,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtF;;;;;OAKG;aACa,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAE7F;;;;OAIG;aACa,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAChF;AAED,OAAO,EAAE,SAAS,EAAE,CAAC"}
+{"version":3,"file":"IStrategy.d.ts","sourceRoot":"","sources":["../../src/strategies/IStrategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,OAAO,CAAC;IAC5B;;;;OAIG;IACH,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,YAAY,CAAC,OAAO,CAAC,CAAC;IACvD;;;;OAIG;IACH,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,KAAK,YAAY,CAAC,OAAO,CAAC,CAAC;CAC3E,CAAC,CAAC;AAEH;;GAEG;AACH,uBAAe,SAAS;IACpB,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC;gBAEnB,SAAS,EAAE,SAAS;IAIhC;;;;;OAKG;aACa,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtF;;;;;OAKG;aACa,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAE7F;;;;OAIG;aACa,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAChF;AAED,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/strategies/IStrategy.js

@@ -3,5 +3,9 @@ import {} from "../@types/globals";
  * A strategy is used to handle the creation, validation and accessing a user's session.
  */
 class IStrategy {
+    callbacks;
+    constructor(callbacks) {
+        this.callbacks = callbacks;
+    }
 }
 export { IStrategy };

package/dist/strategies/jwt.d.ts

@@ -1,6 +1,6 @@
-import { IStrategy } from "./IStrategy";
 import type { SignOptions } from "jsonwebtoken";
 import type { Session } from "../@types/globals";
+import { IStrategy, type Callbacks } from "./IStrategy";
 import type { ConfigOptions } from "../@types/internals";
 /**
  * Basic JWT strategy
@@ -10,7 +10,7 @@ declare class JWT extends IStrategy {
      * Forwarded standard JWT options
      */
     private signOptions;
-    constructor(options?: SignOptions);
+    constructor(options?: SignOptions, callbacks?: Callbacks);
     serialize(session: Session, globalCfg: ConfigOptions): Promise<string>;
     deserialize(token: string, globalCfg: ConfigOptions): Promise<Session | null>;
     logOut(): Promise<void>;

package/dist/strategies/jwt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/strategies/jwt.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAgBzD;;GAEG;AACH,cAAM,GAAI,SAAQ,SAAS;IACvB;;OAEG;IACH,OAAO,CAAC,WAAW,CAAc;gBAErB,OAAO,GAAE,WAAiC;IAMtC,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAKtE,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAK7E,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAI1C;AAED,OAAO,EAAE,GAAG,EAAE,CAAC"}
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/strategies/jwt.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAgBzD;;GAEG;AACH,cAAM,GAAI,SAAQ,SAAS;IACvB;;OAEG;IACH,OAAO,CAAC,WAAW,CAAc;gBAErB,OAAO,GAAE,WAAiC,EAAE,SAAS,GAAE,SAAc;IAM3D,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAY5E,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAS7E,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAI1C;AAED,OAAO,EAAE,GAAG,EAAE,CAAC"}

package/dist/strategies/jwt.js

@@ -1,18 +1,18 @@
-import { isString } from "lodash-es";
-import { IStrategy } from "./IStrategy";
+import { isNil, isString } from "lodash-es";
 import { verify, sign } from "../functions/jwt";
+import { IStrategy } from "./IStrategy";
 /**
  * Retrieves either the secret or a private key, depending on the used JWT algorithm
  * @param secret Secret key, or key pair
  * @returns The secret or private key
  */
-const secretOrPrivateKey = (secret) => isString(secret) ? secret : secret.privateKey;
+const secretOrPrivateKey = (secret) => (isString(secret) ? secret : secret.privateKey);
 /**
  * Retrieves either the secret or a public key, depending on the used JWT algorithm
  * @param secret Secret key, or key pair
  * @returns The secret or public key
  */
-const secretOrPublicKey = (secret) => isString(secret) ? secret : secret.publicKey;
+const secretOrPublicKey = (secret) => (isString(secret) ? secret : secret.publicKey);
 /**
  * Basic JWT strategy
  */
@@ -21,17 +21,27 @@ class JWT extends IStrategy {
      * Forwarded standard JWT options
      */
     signOptions;
-    constructor(options = { expiresIn: "1h" }) {
-        super();
+    constructor(options = { expiresIn: "1h" }, callbacks = {}) {
+        super(callbacks);
         this.signOptions = options;
     }
-    serialize(session, globalCfg) {
+    async serialize(session, globalCfg) {
+        // If there is no callback set, we can just run normally, so fallback to true.
+        const shouldRun = await Promise.resolve(this.callbacks.serialize?.(session) ?? true);
+        if (!shouldRun) {
+            return Promise.reject("Serialize callback rejection");
+        }
         // Directly call the sign function, but make it async.
         return Promise.resolve(sign(session, secretOrPrivateKey(globalCfg.secret), this.signOptions));
     }
     deserialize(token, globalCfg) {
         // The verify function does everything for us, in this case.
-        return verify(token, secretOrPublicKey(globalCfg.secret));
+        return verify(token, secretOrPublicKey(globalCfg.secret)).then(async (session) => {
+            if (isNil(session))
+                return null;
+            const isValid = await Promise.resolve(this.callbacks.deserialize?.(token, session) ?? true);
+            return isValid ? session : null;
+        });
     }
     logOut() {
         // Since a JWT does not have any data in a DB, there is nothing to do here.

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "orange-auth",
-    "version": "1.0.0",
+    "version": "1.2.0",
     "type": "module",
     "description": "Simple modular auth library",
     "main": "dist/index.js",
@@ -19,7 +19,8 @@
         "./functions": "./dist/functions/index.js"
     },
     "scripts": {
-        "build": "tsc"
+        "build": "tsc",
+        "test": "vitest"
     },
     "author": "Mathieu Dery mathieu.dery@bananastreaming.ca",
     "license": "MIT",
@@ -33,8 +34,10 @@
         "@types/node": "^24.0.15",
         "eslint-plugin-prettier": "^5.5.3",
         "tslib": "^2.8.1",
+        "type-fest": "^4.41.0",
         "typescript": "^5.8.3",
-        "typescript-eslint": "^8.37.0"
+        "typescript-eslint": "^8.37.0",
+        "vitest": "^3.2.4"
     },
     "dependencies": {
         "@universal-middleware/core": "^0.4.8",