orange-auth 1.2.0 → 1.3.1

package/dist/lib.js

@@ -1,161 +0,0 @@
-import Cookies from "universal-cookie";
-import { serialize as cookie } from "cookie";
-import { assign, find, isNil, isString, merge } from "lodash-es";
-import { params } from "@universal-middleware/core";
-/**
- * Deserialize a user's session based of the headers
- * @param globalCfg The global auth config
- * @param req An object having a headers field
- * @returns A user's token and session, if found and valid
- */
-const getSession = async (globalCfg, req) => {
-    if (isNil(req.headers))
-        return {
-            session: null,
-            token: null,
-        };
-    // Find the correct cookie header
-    const cookieHeader = req.headers instanceof Headers ? req.headers.get("cookie") : req.headers["cookie"];
-    const cookie = new Cookies(cookieHeader);
-    if (isNil(cookie))
-        return {
-            session: null,
-            token: null,
-        };
-    // Tries to extract the specific cookie.
-    const token = cookie.get(globalCfg.cookieName);
-    if (isNil(token))
-        return {
-            session: null,
-            token: null,
-        };
-    // Tries to deserialize it
-    return {
-        session: (await globalCfg.strategy.deserialize(token, globalCfg)),
-        token: token,
-    };
-};
-/**
- * Initializes the auth. This should be called once per backend.
- * @param req Something that has a `headers` field; either a Headers instance, or just a plain object.
- * @returns A session if found and valid, or `null`.
- */
-export const CreateAuth = ((config) => {
-    const { secret, strategy, cookieName, providers, cookieSettings, basePath, callbacks } = config;
-    if (isNil(secret)) {
-        throw new Error('[ERROR]: Auth secret missing! Make sure to set the "secret" variable in the auth\'s config.');
-    }
-    if (isNil(strategy)) {
-        throw new Error('[ERROR]: No strategy chosen! Make sure to set the "strategy" variable in the auth\'s config.');
-    }
-    // We set the global config on startup, and not on the route handler,
-    // otherwise a session cannot be accessed until someone logs in
-    const globalCfg = {
-        cookieName: cookieName ?? "orange.auth",
-        providers: providers ?? [],
-        secret,
-        strategy,
-        cookieSettings: cookieSettings ?? {
-            path: "/",
-            httpOnly: true,
-            sameSite: "lax",
-            secure: true,
-            maxAge: 3600,
-        },
-        callbacks: merge({}, { login: () => ({}), logout: () => ({}) }, callbacks),
-    };
-    return {
-        /**
-         * Universal handler route. You can use this with the `createHandler()` method
-         * @returns
-         */
-        handler: () => async (req, _, runtime) => {
-            // Tries to get the action and provider info from the url
-            const routeParams = params(req, runtime, basePath);
-            if (isNil(routeParams?.["action"]) || isNil(routeParams["provider"])) {
-                throw new Error('[ERROR]: Base path is missing! Make sure to set the "basePath" variable in the auth\'s config.');
-            }
-            // Finds the requested provider by name
-            const path = routeParams["provider"];
-            const provider = find(providers, (p) => p.ID === path);
-            if (isNil(provider)) {
-                return new Response("Page not found", { status: 404 });
-            }
-            // Handles each action independently
-            switch (routeParams["action"]) {
-                case "login": {
-                    // Use the found provider to login
-                    const token = await provider.logIn(req, globalCfg).catch(() => null);
-                    // If failed, return Bad Request response
-                    if (isNil(token))
-                        return new Response(null, { status: 400 });
-                    const params = await getSession(globalCfg, {
-                        // The cookie header is faked here, since the request does not have any token yet.
-                        headers: { cookie: cookie(globalCfg.cookieName, token) },
-                    });
-                    // If there is no session at this point, something as gone wrong
-                    if (isNil(params.session) || isNil(params.token)) {
-                        console.error("[AUTH ERROR]: Missing session after login");
-                        return new Response("internal server error", { status: 500 });
-                    }
-                    // Run the login callback
-                    const customRes = await globalCfg.callbacks.login({
-                        headers: req.headers,
-                        token: params.token,
-                        session: params.session,
-                    });
-                    // If the result is false, fail the login
-                    if (customRes === false) {
-                        return new Response("Bad Request", { status: 400 });
-                    }
-                    // If the result is a string, assume it is a redirection path
-                    if (isString(customRes)) {
-                        const headers = new Headers();
-                        headers.set("Location", customRes);
-                        return new Response(null, { status: 308, headers });
-                    }
-                    // Creates the set-cookie header
-                    const headers = new Headers();
-                    headers.set("Set-Cookie", cookie(globalCfg.cookieName, token, globalCfg.cookieSettings));
-                    // And return it
-                    return new Response(null, { status: 200, headers });
-                }
-                case "logout": {
-                    const params = await getSession(globalCfg, req);
-                    // If there is no session, no need to call the callback
-                    if (!isNil(params.session) && !isNil(params.token)) {
-                        await globalCfg.callbacks.logout({
-                            headers: req.headers,
-                            token: params.token,
-                            session: params.session,
-                        });
-                    }
-                    // Use the strategy to logout
-                    await globalCfg.strategy.logOut(req, globalCfg);
-                    // Clears the header.
-                    const headers = new Headers();
-                    headers.set("Set-Cookie", cookie(globalCfg.cookieName, "deleted", 
-                    // Use the same cookie config, but make sure it is expired
-                    assign({}, globalCfg.cookieSettings, {
-                        expires: new Date(0),
-                        maxAge: undefined,
-                    })));
-                    // And send them
-                    return new Response(null, { status: 200, headers });
-                }
-                default:
-                    // If a wrong action is requested, return a 404
-                    return new Response("Page not found", { status: 404 });
-            }
-        },
-        /**
-         * Deserialize a user's session.
-         * @param globalCfg The global auth config
-         * @param req An object having a headers field
-         * @returns A user's token and session, if found and valid
-         */
-        getSession: (req) => 
-        // Only returns the session
-        getSession(globalCfg, req).then((doc) => doc.session),
-    };
-});

package/dist/providers/Credentials.d.ts

@@ -1,33 +0,0 @@
-import { IProvider } from "./IProvider";
-import type { ConfigOptions } from "../@types/internals";
-import type { Session, MaybePromise } from "../@types/globals";
-/**
- * Configuration options of the Credentials provider
- */
-export type CredentialsConfig<TCredentials extends string> = Readonly<{
-    /**
-     * The name of this provider, should not be changed unless you are
-     * using multiple instance of the same provider.
-     */
-    name?: "credentials" | (string & {});
-    /**
-     * The available fields coming from the request containing credentials.
-     */
-    credentials: TCredentials[];
-    /**
-     * Function that gets called when a user tries to login.
-     * This is where you should look inside your database for the user.
-     * @param credentials An object containing the credentials from the request's body.
-     * @returns A session object if a user is found, or `null`.
-     */
-    authorize: (credentials: Record<TCredentials, string>) => MaybePromise<Session | null>;
-}>;
-/**
- * Provider used to login a user using basic credentials.
- */
-export declare class Credentials<TCredentials extends string = string> extends IProvider {
-    private config;
-    constructor(config: CredentialsConfig<TCredentials>);
-    logIn(req: Request, globalCfg: ConfigOptions): Promise<string | null>;
-}
-//# sourceMappingURL=Credentials.d.ts.map

package/dist/providers/Credentials.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"Credentials.d.ts","sourceRoot":"","sources":["../../src/providers/Credentials.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,KAAK,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAE/D;;GAEG;AACH,MAAM,MAAM,iBAAiB,CAAC,YAAY,SAAS,MAAM,IAAI,QAAQ,CAAC;IAClE;;;OAGG;IACH,IAAI,CAAC,EAAE,aAAa,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACrC;;OAEG;IACH,WAAW,EAAE,YAAY,EAAE,CAAC;IAC5B;;;;;OAKG;IACH,SAAS,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,KAAK,YAAY,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;CAC1F,CAAC,CAAC;AAEH;;GAEG;AACH,qBAAa,WAAW,CAAC,YAAY,SAAS,MAAM,GAAG,MAAM,CAAE,SAAQ,SAAS;IAC5E,OAAO,CAAC,MAAM,CAAkC;gBAEpC,MAAM,EAAE,iBAAiB,CAAC,YAAY,CAAC;IAK7B,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CAgC9F"}

package/dist/providers/Credentials.js

@@ -1,42 +0,0 @@
-import { isNil } from "lodash-es";
-import { IProvider } from "./IProvider";
-import { urlencodedToJson } from "../functions";
-/**
- * Provider used to login a user using basic credentials.
- */
-export class Credentials extends IProvider {
-    config;
-    constructor(config) {
-        super(config.name ?? "credentials");
-        this.config = config;
-    }
-    async logIn(req, globalCfg) {
-        const contentType = req.headers.get("Content-Type")?.split(";")[0] ?? "text/plain";
-        let body;
-        switch (contentType) {
-            case "application/json":
-                body = await req.json();
-                break;
-            case "application/x-www-urlencoded":
-                body = await req.text().then((urlencodedToJson));
-                break;
-            case "multipart/form-data":
-                const data = await req.formData();
-                body = Object.fromEntries(data);
-                break;
-            // fields should come from a form, so every un-supported types will be failing.
-            case "text/plain":
-            default:
-                return null;
-        }
-        // Calls the user defined authorize callback
-        const session = await this.config.authorize(body);
-        if (isNil(session))
-            return null;
-        // Create a token
-        return globalCfg.strategy.serialize(session, globalCfg).catch((err) => {
-            console.log(err);
-            return null;
-        });
-    }
-}

package/dist/providers/IProvider.d.ts

@@ -1,29 +0,0 @@
-import type { ConfigOptions } from "../@types/internals";
-/**
- * Available url callback actions.
- */
-export type Actions = "login" | "logout";
-/**
- * Providers are used to implement certain services (E.g. facebook, github, credentials) as login methods.
- * Every provider should inherit from this.
- */
-declare abstract class IProvider {
-    /**
-     * This is used to map a callback to a provider.
-     */
-    private readonly __ID;
-    constructor(ID: string);
-    /**
-     * The provider ID.
-     */
-    get ID(): string;
-    /**
-     * Login function. This is used to call all the login flows of each provider.
-     * For now, the request's body **MUST** be JSON.
-     * @param req The request object.
-     * @param globalCfg The global auth config.
-     */
-    abstract logIn(req: Request, globalCfg: ConfigOptions): Promise<string | null>;
-}
-export { IProvider };
-//# sourceMappingURL=IProvider.d.ts.map

package/dist/providers/IProvider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"IProvider.d.ts","sourceRoot":"","sources":["../../src/providers/IProvider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,GAAG,QAAQ,CAAC;AAEzC;;;GAGG;AACH,uBAAe,SAAS;IACpB;;OAEG;IACH,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;gBAElB,EAAE,EAAE,MAAM;IAItB;;OAEG;IACH,IAAW,EAAE,IAAI,MAAM,CAEtB;IAED;;;;;OAKG;aACa,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;CACxF;AAED,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/providers/IProvider.js

@@ -1,20 +0,0 @@
-/**
- * Providers are used to implement certain services (E.g. facebook, github, credentials) as login methods.
- * Every provider should inherit from this.
- */
-class IProvider {
-    /**
-     * This is used to map a callback to a provider.
-     */
-    __ID;
-    constructor(ID) {
-        this.__ID = ID;
-    }
-    /**
-     * The provider ID.
-     */
-    get ID() {
-        return this.__ID;
-    }
-}
-export { IProvider };

package/dist/providers/index.d.ts

@@ -1,3 +0,0 @@
-export * from "./IProvider";
-export * from "./Credentials";
-//# sourceMappingURL=index.d.ts.map

package/dist/providers/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC"}

package/dist/providers/index.js

@@ -1,2 +0,0 @@
-export * from "./IProvider";
-export * from "./Credentials";

package/dist/strategies/IStrategy.d.ts

@@ -1,48 +0,0 @@
-import { type MaybePromise, type Session } from "../@types/globals";
-import type { ConfigOptions } from "../@types/internals";
-/**
- * Strategies callbacks
- */
-export type Callbacks = Partial<{
-    /**
-     * Pre-serialization callback. This can be used to add some steps to this process.
-     * @param session The session to be serialized.
-     * @returns A boolean representing if the serialization should occur.
-     */
-    serialize: (session: Session) => MaybePromise<boolean>;
-    /**
-     * Post-deserialization callback. This can be used to add some validation to this process.
-     * @param session The token that was deserialized.
-     * @returns A boolean representing if the deserialization is valid.
-     */
-    deserialize: (token: string, session: Session) => MaybePromise<boolean>;
-}>;
-/**
- * A strategy is used to handle the creation, validation and accessing a user's session.
- */
-declare abstract class IStrategy {
-    protected callbacks: Callbacks;
-    constructor(callbacks: Callbacks);
-    /**
-     * Handles how a session token is generated.
-     * @param session The validated session object.
-     * @param globalCfg The global auth config.
-     * @returns A newly generated token that will be sent as a cookie.
-     */
-    abstract serialize(session: Session, globalCfg: ConfigOptions): Promise<string>;
-    /**
-     * Handles how a token is validated and deserialized into a session object.
-     * @param token A user's token.
-     * @param globalCfg The global auth config.
-     * @returns A user's session if validated and found, else `null`.
-     */
-    abstract deserialize(token: string, globalCfg: ConfigOptions): Promise<Session | null>;
-    /**
-     * Handles how a session is destroyed when a user is logging out.
-     * @param req The request object.
-     * @param globalCfg The global auth config.
-     */
-    abstract logOut(req: Request, globalCfg: ConfigOptions): Promise<void>;
-}
-export { IStrategy };
-//# sourceMappingURL=IStrategy.d.ts.map

package/dist/strategies/IStrategy.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"IStrategy.d.ts","sourceRoot":"","sources":["../../src/strategies/IStrategy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEzD;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,OAAO,CAAC;IAC5B;;;;OAIG;IACH,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,YAAY,CAAC,OAAO,CAAC,CAAC;IACvD;;;;OAIG;IACH,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,KAAK,YAAY,CAAC,OAAO,CAAC,CAAC;CAC3E,CAAC,CAAC;AAEH;;GAEG;AACH,uBAAe,SAAS;IACpB,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC;gBAEnB,SAAS,EAAE,SAAS;IAIhC;;;;;OAKG;aACa,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtF;;;;;OAKG;aACa,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAE7F;;;;OAIG;aACa,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAChF;AAED,OAAO,EAAE,SAAS,EAAE,CAAC"}

package/dist/strategies/IStrategy.js

@@ -1,11 +0,0 @@
-import {} from "../@types/globals";
-/**
- * A strategy is used to handle the creation, validation and accessing a user's session.
- */
-class IStrategy {
-    callbacks;
-    constructor(callbacks) {
-        this.callbacks = callbacks;
-    }
-}
-export { IStrategy };

package/dist/strategies/index.d.ts

@@ -1,3 +0,0 @@
-export * from "./jwt";
-export * from "./IStrategy";
-//# sourceMappingURL=index.d.ts.map

package/dist/strategies/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/strategies/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAC;AACtB,cAAc,aAAa,CAAC"}

package/dist/strategies/index.js

@@ -1,2 +0,0 @@
-export * from "./jwt";
-export * from "./IStrategy";

package/dist/strategies/jwt.d.ts

@@ -1,19 +0,0 @@
-import type { SignOptions } from "jsonwebtoken";
-import type { Session } from "../@types/globals";
-import { IStrategy, type Callbacks } from "./IStrategy";
-import type { ConfigOptions } from "../@types/internals";
-/**
- * Basic JWT strategy
- */
-declare class JWT extends IStrategy {
-    /**
-     * Forwarded standard JWT options
-     */
-    private signOptions;
-    constructor(options?: SignOptions, callbacks?: Callbacks);
-    serialize(session: Session, globalCfg: ConfigOptions): Promise<string>;
-    deserialize(token: string, globalCfg: ConfigOptions): Promise<Session | null>;
-    logOut(): Promise<void>;
-}
-export { JWT };
-//# sourceMappingURL=jwt.d.ts.map

package/dist/strategies/jwt.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/strategies/jwt.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAgBzD;;GAEG;AACH,cAAM,GAAI,SAAQ,SAAS;IACvB;;OAEG;IACH,OAAO,CAAC,WAAW,CAAc;gBAErB,OAAO,GAAE,WAAiC,EAAE,SAAS,GAAE,SAAc;IAM3D,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC;IAY5E,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAS7E,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;CAI1C;AAED,OAAO,EAAE,GAAG,EAAE,CAAC"}

package/dist/strategies/jwt.js

@@ -1,51 +0,0 @@
-import { isNil, isString } from "lodash-es";
-import { verify, sign } from "../functions/jwt";
-import { IStrategy } from "./IStrategy";
-/**
- * Retrieves either the secret or a private key, depending on the used JWT algorithm
- * @param secret Secret key, or key pair
- * @returns The secret or private key
- */
-const secretOrPrivateKey = (secret) => (isString(secret) ? secret : secret.privateKey);
-/**
- * Retrieves either the secret or a public key, depending on the used JWT algorithm
- * @param secret Secret key, or key pair
- * @returns The secret or public key
- */
-const secretOrPublicKey = (secret) => (isString(secret) ? secret : secret.publicKey);
-/**
- * Basic JWT strategy
- */
-class JWT extends IStrategy {
-    /**
-     * Forwarded standard JWT options
-     */
-    signOptions;
-    constructor(options = { expiresIn: "1h" }, callbacks = {}) {
-        super(callbacks);
-        this.signOptions = options;
-    }
-    async serialize(session, globalCfg) {
-        // If there is no callback set, we can just run normally, so fallback to true.
-        const shouldRun = await Promise.resolve(this.callbacks.serialize?.(session) ?? true);
-        if (!shouldRun) {
-            return Promise.reject("Serialize callback rejection");
-        }
-        // Directly call the sign function, but make it async.
-        return Promise.resolve(sign(session, secretOrPrivateKey(globalCfg.secret), this.signOptions));
-    }
-    deserialize(token, globalCfg) {
-        // The verify function does everything for us, in this case.
-        return verify(token, secretOrPublicKey(globalCfg.secret)).then(async (session) => {
-            if (isNil(session))
-                return null;
-            const isValid = await Promise.resolve(this.callbacks.deserialize?.(token, session) ?? true);
-            return isValid ? session : null;
-        });
-    }
-    logOut() {
-        // Since a JWT does not have any data in a DB, there is nothing to do here.
-        return Promise.resolve();
-    }
-}
-export { JWT };