prostgles-server 4.2.203 → 4.2.205

package/lib/Auth/endpoints/setLoginRequestHandler.ts

@@ -1,20 +1,18 @@
 import e, { Response } from "express";
+import { AuthRequest, AuthResponse, isDefined, isObject } from "prostgles-types";
 import { AUTH_ROUTES_AND_PARAMS, AuthHandler, HTTP_FAIL_CODES } from "../AuthHandler";
-import { BasicSession, LoginParams } from "../AuthTypes";
-import { AuthFailure, AuthRequest, AuthResponse, isDefined, isObject } from "prostgles-types";
+import { LoginParams } from "../AuthTypes";
 
 export type LoginResponseHandler = Response<
-  | {
-      session: BasicSession;
-      response?: AuthResponse.PasswordLoginSuccess | AuthResponse.MagicLinkAuthSuccess;
-    }
-  | AuthFailure
+  | AuthResponse.OAuthRegisterSuccess
+  | AuthResponse.OAuthRegisterFailure
+  | AuthResponse.PasswordLoginSuccess
   | AuthResponse.PasswordLoginFailure
   | AuthResponse.MagicLinkAuthFailure
+  | AuthResponse.MagicLinkAuthSuccess
 >;
 
 export function setLoginRequestHandler(this: AuthHandler, app: e.Express) {
-  const { registrations } = this.opts.expressConfig ?? {};
   app.post(AUTH_ROUTES_AND_PARAMS.login, async (req, res: LoginResponseHandler) => {
     const loginData = parseLoginData(req.body);
     if ("error" in loginData) {
@@ -25,14 +23,10 @@ export function setLoginRequestHandler(this: AuthHandler, app: e.Express) {
     try {
       const loginParams: LoginParams = {
         ...loginData,
-        magicLinkUrlPath:
-          registrations?.websiteUrl &&
-          `${registrations.websiteUrl}/${AUTH_ROUTES_AND_PARAMS.magicLinksRoute}`,
-        signupType: registrations?.email?.signupType,
         type: "username",
       };
 
-      await this.loginThrottledAndSetCookie(req, res, loginParams);
+      await this.login(req, res, loginParams);
     } catch (_error) {
       res.status(HTTP_FAIL_CODES.BAD_REQUEST).json({ success: false, code: "server-error" });
     }

package/lib/Auth/endpoints/setMagicLinkRequestHandler.ts

@@ -6,15 +6,16 @@ import {
   getClientRequestIPsInfo,
   HTTP_FAIL_CODES,
 } from "../AuthHandler";
-import { ExpressConfig, ExpressReq, SessionUser } from "../AuthTypes";
+import { LoginSignupConfig, ExpressReq, SessionUser } from "../AuthTypes";
 import { LoginResponseHandler } from "./setLoginRequestHandler";
+import { throttledReject } from "../utils/throttledReject";
 
 export function setMagicLinkRequestHandler(
   this: AuthHandler,
-  onMagicLink: Required<ExpressConfig<void, SessionUser>>["onMagicLink"],
+  onMagicLink: Required<LoginSignupConfig<void, SessionUser>>["onMagicLink"],
   app: e.Express
 ) {
-  const result = async (req: ExpressReq, res: LoginResponseHandler) => {
+  const handler = async (req: ExpressReq, res: LoginResponseHandler) => {
     const { id } = req.params;
 
     if (typeof id !== "string" || !id) {
@@ -23,7 +24,7 @@ export function setMagicLinkRequestHandler(
         .json({ success: false, code: "something-went-wrong", message: "Invalid magic link" });
     } else {
       try {
-        const response = await this.throttledFunc(async () => {
+        const response = await throttledReject(async () => {
           return onMagicLink(
             id,
             this.dbo as DBOFullyTyped,
@@ -43,6 +44,5 @@ export function setMagicLinkRequestHandler(
       }
     }
   };
-  app.get(AUTH_ROUTES_AND_PARAMS.magicLinksExpressRoute, result);
-  return result;
+  app.get(AUTH_ROUTES_AND_PARAMS.magicLinksExpressRoute, handler);
 }

package/lib/Auth/{authProviders/setOAuthProviders.ts → endpoints/setOAuthRequestHandlers.ts}

@@ -1,3 +1,4 @@
+import e from "express";
 import * as passport from "passport";
 import { Strategy as FacebookStrategy } from "passport-facebook";
 import { Strategy as GitHubStrategy } from "passport-github2";
@@ -5,19 +6,21 @@ import { Strategy as GoogleStrategy } from "passport-google-oauth20";
 import { Strategy as MicrosoftStrategy } from "passport-microsoft";
 import { getObjectEntries, isEmpty } from "prostgles-types";
 import { getErrorAsObject } from "../../DboBuilder/dboBuilderUtils";
-import { AUTH_ROUTES_AND_PARAMS, AuthHandler } from "../AuthHandler";
+import { DBOFullyTyped } from "../../DBSchemaBuilder";
+import { AUTH_ROUTES_AND_PARAMS, AuthHandler, HTTP_FAIL_CODES } from "../AuthHandler";
+import { LoginWithOAuthConfig } from "../AuthTypes";
 import { getClientRequestIPsInfo } from "../utils/getClientRequestIPsInfo";
-import { AuthRegistrationConfig } from "../AuthTypes";
-import { upsertNamedExpressMiddleware } from "../setAuthProviders";
-import e from "express";
+import { upsertNamedExpressMiddleware } from "../utils/upsertNamedExpressMiddleware";
+import { LoginResponseHandler } from "./setLoginRequestHandler";
 
-export function setOAuthProviders(
+export function setOAuthRequestHandlers(
   this: AuthHandler,
   app: e.Express,
-  registrations: AuthRegistrationConfig<void>
+  loginWithOAuthConfig: LoginWithOAuthConfig<void>
 ) {
-  const { onProviderLoginFail, onProviderLoginStart, websiteUrl, OAuthProviders } = registrations;
-  if (!OAuthProviders || isEmpty(OAuthProviders)) {
+  const { onProviderLoginFail, onProviderLoginStart, websiteUrl, OAuthProviders } =
+    loginWithOAuthConfig;
+  if (isEmpty(OAuthProviders)) {
     return;
   }
 
@@ -54,15 +57,15 @@ export function setOAuthProviders(
       passport.authenticate(providerName, authOpts ?? {})
     );
 
-    app.get(callbackPath, async (req, res) => {
+    app.get(callbackPath, async (req, res: LoginResponseHandler) => {
       try {
         const clientInfo = getClientRequestIPsInfo({ httpReq: req, res });
         const db = this.db;
-        const dbo = this.dbo as any;
+        const dbo = this.dbo as DBOFullyTyped;
         const args = { provider: providerName, req, res, clientInfo, db, dbo };
         const startCheck = await onProviderLoginStart?.(args);
-        if (startCheck && "error" in startCheck) {
-          res.status(500).json({ error: startCheck.error });
+        if (onProviderLoginStart && !startCheck?.success) {
+          res.status(HTTP_FAIL_CODES.BAD_REQUEST).json(startCheck);
           return;
         }
         passport.authenticate(
@@ -75,22 +78,26 @@ export function setOAuthProviders(
           async (error: any, _profile: any, authInfo: any) => {
             if (error) {
               await onProviderLoginFail?.({ ...args, error });
-              res.status(500).json({
-                error: "Failed to login with provider",
+              res.status(HTTP_FAIL_CODES.BAD_REQUEST).json({
+                success: false,
+                code: "provider-issue",
+                message: "Failed to login with provider",
               });
             } else {
-              this.loginThrottledAndSetCookie(req, res, {
+              this.login(req, res, {
                 ...authInfo,
                 type: "provider",
                 provider: providerName,
               }).catch((e: any) => {
-                res.status(500).json(getErrorAsObject(e));
+                res.status(HTTP_FAIL_CODES.INTERNAL_SERVER_ERROR).json(getErrorAsObject(e));
               });
             }
           }
         )(req, res);
       } catch (_e) {
-        res.status(500).json({ error: "Something went wrong" });
+        res
+          .status(HTTP_FAIL_CODES.INTERNAL_SERVER_ERROR)
+          .json({ code: "server-error", success: false });
       }
     });
   });

package/lib/Auth/endpoints/setRegisterRequestHandler.ts

@@ -1,8 +1,7 @@
 import e, { Request, Response } from "express";
 import { AuthResponse } from "prostgles-types";
 import { AUTH_ROUTES_AND_PARAMS, HTTP_FAIL_CODES } from "../AuthHandler";
-import type { AuthRegistrationConfig } from "../AuthTypes";
-import { sendEmail } from "../sendEmail";
+import type { SignupWithEmailAndPassword } from "../AuthTypes";
 import { getClientRequestIPsInfo } from "../utils/getClientRequestIPsInfo";
 import { parseLoginData } from "./setLoginRequestHandler";
 
@@ -12,14 +11,13 @@ type ReturnType =
   | AuthResponse.PasswordRegisterFailure
   | AuthResponse.PasswordRegisterSuccess;
 
-export const setRegisterRequestHandler = (
-  {
-    email: emailAuthConfig,
-    websiteUrl,
-  }: Required<Pick<AuthRegistrationConfig<void>, "email" | "websiteUrl">>,
+type RegisterResponseHandler = Response<ReturnType>;
+
+export const setRegisterRequestHandler = async (
+  { onRegister, minPasswordLength = 8 }: SignupWithEmailAndPassword,
   app: e.Express
 ) => {
-  const registerRequestHandler = async (req: Request, res: Response<ReturnType>) => {
+  const registerRequestHandler = async (req: Request, res: RegisterResponseHandler) => {
     const dataOrError = parseLoginData(req.body);
     if ("error" in dataOrError) {
       return res
@@ -37,55 +35,25 @@ export const setRegisterRequestHandler = (
     if (!username) {
       return sendResponse({ success: false, code: "username-missing" });
     }
-    if (emailAuthConfig.signupType === "withPassword") {
-      const { minPasswordLength = 8 } = emailAuthConfig;
-      if (!password) {
-        return sendResponse({ success: false, code: "password-missing" });
-      } else if (password.length < minPasswordLength) {
-        return sendResponse({
-          success: false,
-          code: "weak-password",
-          message: `Password must be at least ${minPasswordLength} characters long`,
-        });
-      }
+    if (!password) {
+      return sendResponse({ success: false, code: "password-missing" });
+    } else if (password.length < minPasswordLength) {
+      return sendResponse({
+        success: false,
+        code: "weak-password",
+        message: `Password must be at least ${minPasswordLength} characters long`,
+      });
     }
     try {
-      const { httpReq, ...clientInfo } = getClientRequestIPsInfo({ httpReq: req, res });
-      const { smtp } = emailAuthConfig;
-      const errCodeOrResult =
-        emailAuthConfig.signupType === "withPassword" ?
-          !password ? "weak-password"
-          : await emailAuthConfig.onRegister({
-              email: username,
-              password,
-              confirmationUrlPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.confirmEmail}`,
-              clientInfo,
-              req: httpReq,
-            })
-        : await emailAuthConfig.onRegister({
-            email: username,
-            magicLinkUrlPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.magicLinksRoute}`,
-            clientInfo,
-            req: httpReq,
-          });
-
-      const registrationResult =
-        typeof errCodeOrResult === "string" ?
-          { email: undefined, response: { success: false as const, code: errCodeOrResult } }
-        : errCodeOrResult;
-      if (!registrationResult.email) {
-        return sendResponse(registrationResult.response);
-      }
-
-      const emailMessage = { ...registrationResult.email, to: username };
-      await sendEmail(smtp, emailMessage);
-      return sendResponse({
-        ...registrationResult.response,
-        message:
-          emailAuthConfig.signupType === "withPassword" ?
-            `We've sent a confirmation email to ${emailMessage.to}. Please check your inbox (and your spam folder) for a message from us.`
-          : "Email sent",
+      const { httpReq, ...clientInfo } = getClientRequestIPsInfo({ httpReq: req });
+      const result = await onRegister({
+        email: username,
+        password,
+        confirmationUrlPath: AUTH_ROUTES_AND_PARAMS.confirmEmail,
+        clientInfo,
+        req: httpReq,
       });
+      return sendResponse(result);
     } catch {
       return sendResponse({
         success: false,

package/lib/Auth/getClientAuth.ts

@@ -0,0 +1,100 @@
+import {
+  AuthGuardLocation,
+  AuthGuardLocationResponse,
+  AuthSocketSchema,
+  CHANNELS,
+  getObjectEntries,
+  isEmpty,
+} from "prostgles-types";
+import { AuthClientRequest, LoginWithOAuthConfig, AuthResultWithSID } from "./AuthTypes";
+import { AUTH_ROUTES_AND_PARAMS, AuthHandler } from "./AuthHandler";
+
+export async function getClientAuth(
+  this: AuthHandler,
+  clientReq: AuthClientRequest
+): Promise<{ auth: AuthSocketSchema; userData: AuthResultWithSID }> {
+  let pathGuard = false;
+  if (
+    this.opts.loginSignupConfig?.publicRoutes &&
+    !this.opts.loginSignupConfig.disableSocketAuthGuard
+  ) {
+    pathGuard = true;
+
+    /**
+     * Due to SPA nature of some clients, we need to check if the connected client ends up on a protected route
+     */
+    if (clientReq.socket) {
+      const { socket } = clientReq;
+      socket.removeAllListeners(CHANNELS.AUTHGUARD);
+      socket.on(
+        CHANNELS.AUTHGUARD,
+        async (
+          params: AuthGuardLocation,
+          cb = (_err: any, _res?: AuthGuardLocationResponse) => {
+            /** EMPTY */
+          }
+        ) => {
+          try {
+            const { pathname, origin } =
+              typeof params === "string" ? (JSON.parse(params) as AuthGuardLocation) : params;
+            if (pathname && typeof pathname !== "string") {
+              console.warn("Invalid pathname provided for AuthGuardLocation: ", pathname);
+            }
+
+            /** These origins  */
+            const IGNORED_API_ORIGINS = ["file://"];
+            if (
+              !IGNORED_API_ORIGINS.includes(origin) &&
+              pathname &&
+              typeof pathname === "string" &&
+              this.isUserRoute(pathname) &&
+              !(await this.getUserFromRequest({ socket }))
+            ) {
+              cb(null, { shouldReload: true });
+            } else {
+              cb(null, { shouldReload: false });
+            }
+          } catch (err) {
+            console.error("AUTHGUARD err: ", err);
+            cb(err);
+          }
+        }
+      );
+    }
+  }
+
+  const userData = await this.getSidAndUserFromRequest(clientReq);
+  const { loginWithOAuth, signupWithEmailAndPassword, localLoginMode, login } =
+    this.opts.loginSignupConfig ?? {};
+
+  const auth: AuthSocketSchema = {
+    providers: getOAuthProviders(loginWithOAuth),
+    signupWithEmailAndPassword: signupWithEmailAndPassword && {
+      minPasswordLength: signupWithEmailAndPassword.minPasswordLength ?? 8,
+      url: AUTH_ROUTES_AND_PARAMS.emailRegistration,
+    },
+    user: userData.clientUser,
+    loginType: localLoginMode ?? (login ? "email+password" : undefined),
+    pathGuard,
+  };
+  return { auth, userData };
+}
+
+const getOAuthProviders = (
+  loginWithOAuth: LoginWithOAuthConfig<any> | undefined
+): AuthSocketSchema["providers"] | undefined => {
+  if (!loginWithOAuth) return undefined;
+  const { OAuthProviders } = loginWithOAuth;
+  if (isEmpty(OAuthProviders)) return undefined;
+
+  const result: AuthSocketSchema["providers"] = {};
+  getObjectEntries(OAuthProviders).forEach(([providerName, config]) => {
+    if (config?.clientID) {
+      result[providerName] = {
+        url: `${AUTH_ROUTES_AND_PARAMS.loginWithProvider}/${providerName}`,
+      };
+    }
+  });
+
+  return result;
+};

package/lib/Auth/login.ts

@@ -0,0 +1,139 @@
+import { AuthHandler, getClientRequestIPsInfo, HTTP_FAIL_CODES } from "./AuthHandler";
+import { DBOFullyTyped } from "../DBSchemaBuilder";
+import { ExpressReq, LoginParams } from "./AuthTypes";
+import { LoginResponseHandler } from "./endpoints/setLoginRequestHandler";
+import { throttledReject } from "./utils/throttledReject";
+
+export async function login(
+  this: AuthHandler,
+  req: ExpressReq,
+  res: LoginResponseHandler,
+  loginParams: LoginParams
+) {
+  const start = Date.now();
+  const { responseThrottle = 500 } = this.opts;
+
+  const errCodeOrSession = await throttledReject(async () => {
+    const { login } = this.opts.loginSignupConfig ?? {};
+    if (!login) {
+      console.error("Auth login config missing");
+      return "server-error";
+    }
+    const result = await login(
+      loginParams,
+      this.dbo as DBOFullyTyped,
+      this.db,
+      getClientRequestIPsInfo({ httpReq: req })
+    );
+
+    if (typeof result === "string" || !result.session) {
+      return result;
+    }
+
+    const { sid, expires } = result.session;
+    if (!sid) {
+      console.error("Invalid sid");
+      return "server-error";
+    }
+    if (sid && (typeof sid !== "string" || typeof expires !== "number")) {
+      console.error(
+        "Bad login result type. \nExpecting: undefined | null | { sid: string; expires: number }"
+      );
+      return "server-error";
+    }
+    if (expires < Date.now()) {
+      console.error(
+        "auth.login() is returning an expired session. Can only login with a session.expires greater than Date.now()"
+      );
+      return "server-error";
+    }
+
+    return result;
+  }, responseThrottle);
+
+  const loginResponse =
+    typeof errCodeOrSession === "string" ?
+      {
+        session: undefined,
+        response: { success: false, code: errCodeOrSession } as const,
+      }
+    : errCodeOrSession;
+
+  await this.prostgles.opts.onLog?.({
+    type: "auth",
+    command: "login",
+    success: !!loginResponse.session,
+    duration: Date.now() - start,
+    sid: loginResponse.session?.sid,
+    socketId: undefined,
+  });
+
+  if (!loginResponse.session) {
+    if (!loginResponse.response.success) {
+      return res.status(HTTP_FAIL_CODES.BAD_REQUEST).json(loginResponse.response);
+    }
+    return res.json(loginResponse.response);
+  }
+  this.setCookieAndGoToReturnURLIFSet(loginResponse.session, { req, res });
+}
+
+// async function loginThrottledAndValidate(
+//   this: AuthHandler,
+//   params: LoginParams,
+//   client: LoginClientInfo
+// ): Promise<Exclude<LoginResponse, { loginWithMagicLink: true }>> {
+//   const { responseThrottle = 500 } = this.opts;
+//   return throttledFunc(async () => {
+//     const { login } = this.opts.expressConfig ?? {};
+//     if (!login) {
+//       console.error("Auth login config missing");
+//       return "server-error";
+//     }
+//     const result = await login(params, this.dbo as DBOFullyTyped, this.db, client);
+
+//     if (typeof result === "string") return result;
+
+//     // if ("loginWithMagicLink" in result) {
+//     //   if (params.type !== "username") {
+//     //     console.error("loginWithMagicLink is only supported for username login");
+//     //     return "something-went-wrong";
+//     //   }
+//     //   const emailRegistrations = this.opts.expressConfig?.registrations?.email;
+//     //   if (!emailRegistrations || emailRegistrations.signupType !== "withMagicLink") {
+//     //     console.error("loginWithMagicLink is not supported");
+//     //     return "server-error";
+//     //   }
+
+//     //   const res = await emailRegistrations.onRegister({
+//     //     email: params.username,
+//     //     clientInfo: client,
+//     //     magicLinkUrlPath: `${emailRegistrations.websiteUrl}${AUTH_ROUTES_AND_PARAMS.magicLinksRoute}`,
+//     //     req,
+//     //   });
+
+//     //   if (typeof res === "string") {
+//     //     return { response: { success: false, code: res } as const };
+//     //   }
+//     // }
+
+//     const { sid, expires } = result.session;
+//     if (!sid) {
+//       console.error("Invalid sid");
+//       return "server-error";
+//     }
+//     if (sid && (typeof sid !== "string" || typeof expires !== "number")) {
+//       console.error(
+//         "Bad login result type. \nExpecting: undefined | null | { sid: string; expires: number }"
+//       );
+//       return "server-error";
+//     }
+//     if (expires < Date.now()) {
+//       console.error(
+//         "auth.login() is returning an expired session. Can only login with a session.expires greater than Date.now()"
+//       );
+//       return "server-error";
+//     }
+
+//     return result;
+//   }, responseThrottle);
+// }

package/lib/Auth/sendEmail.ts

@@ -2,11 +2,9 @@ import { Email, SMTPConfig } from "./AuthTypes";
 import * as nodemailer from "nodemailer";
 import * as aws from "@aws-sdk/client-ses";
 import SESTransport from "nodemailer/lib/ses-transport";
+import { checkDmarc } from "./utils/checkDmarc";
 
-type SESTransporter = nodemailer.Transporter<
-  SESTransport.SentMessageInfo,
-  SESTransport.Options
->;
+type SESTransporter = nodemailer.Transporter<SESTransport.SentMessageInfo, SESTransport.Options>;
 type SMTPTransporter = nodemailer.Transporter<
   nodemailer.SentMessageInfo,
   nodemailer.TransportOptions
@@ -19,18 +17,44 @@ const transporterCache: Map<string, Transporter> = new Map();
  * Allows sending emails using nodemailer default config or AWS SES
  * https://www.nodemailer.com/transports/ses/
  */
-export const sendEmail = (smptConfig: SMTPConfig, email: Email) => {
+const sendEmail = (smptConfig: SMTPConfig, email: Email) => {
   const transporter = getOrSetTransporter(smptConfig);
   return send(transporter, email);
 };
 
+/**
+ * Verifies DMARC and that the website has a valid DMARC records
+ */
+const emailSenderCache: Map<string, boolean> = new Map();
+export const getEmailSender = async (smptConfig: SMTPConfig, websiteUrl: string) => {
+  const result = {
+    sendEmail: (email: Email) => sendEmail(smptConfig, email),
+  };
+  const configStr = JSON.stringify({ smptConfig, websiteUrl });
+  if (emailSenderCache.has(configStr)) {
+    return result;
+  }
+  if (!websiteUrl) {
+    throw new Error("websiteUrl is required for email registrations");
+  }
+  await checkDmarc(websiteUrl);
+
+  await verifySMTPConfig(smptConfig);
+
+  /**
+   * Setup nodemailer transporters
+   */
+  getOrSetTransporter(smptConfig);
+  emailSenderCache.set(configStr, true);
+  return result;
+};
+
 /**
  * Returns a transporter from cache or creates a new one
  */
 export const getOrSetTransporter = (smptConfig: SMTPConfig) => {
   const configStr = JSON.stringify(smptConfig);
-  const transporter =
-    transporterCache.get(configStr) ?? getTransporter(smptConfig);
+  const transporter = transporterCache.get(configStr) ?? getTransporter(smptConfig);
   if (!transporterCache.has(configStr)) {
     transporterCache.set(configStr, transporter);
   }

package/lib/Auth/setupAuthRoutes.ts

@@ -2,30 +2,43 @@ import { RequestHandler } from "express";
 import { DBOFullyTyped } from "../DBSchemaBuilder";
 import { AuthHandler } from "./AuthHandler";
 import { setCatchAllRequestHandler } from "./endpoints/setCatchAllRequestHandler";
+import { setConfirmEmailRequestHandler } from "./endpoints/setConfirmEmailRequestHandler";
 import { setLoginRequestHandler } from "./endpoints/setLoginRequestHandler";
 import { setMagicLinkRequestHandler } from "./endpoints/setMagicLinkRequestHandler";
-import { setAuthProviders, upsertNamedExpressMiddleware } from "./setAuthProviders";
+import { setOAuthRequestHandlers } from "./endpoints/setOAuthRequestHandlers";
+import { setRegisterRequestHandler } from "./endpoints/setRegisterRequestHandler";
+import { upsertNamedExpressMiddleware } from "./utils/upsertNamedExpressMiddleware";
 
 export async function setupAuthRoutes(this: AuthHandler) {
-  const { login, expressConfig } = this.opts;
-
-  if (!login) {
-    throw "Invalid auth: Provide { sidKeyName: string } ";
-  }
+  const { loginSignupConfig } = this.opts;
 
   if (this.sidKeyName === "sid") {
     throw "sidKeyName cannot be 'sid' due to collision with socket.io";
   }
 
-  if (!expressConfig) {
+  if (!loginSignupConfig) {
     return;
   }
-  const { app, publicRoutes = [], onMagicLink, use } = expressConfig;
+  const {
+    app,
+    publicRoutes = [],
+    onMagicLink,
+    use,
+    loginWithOAuth,
+    signupWithEmailAndPassword,
+  } = loginSignupConfig;
   if (publicRoutes.find((r) => typeof r !== "string" || !r)) {
     throw "Invalid or empty string provided within publicRoutes ";
   }
 
-  await setAuthProviders.bind(this)(expressConfig);
+  if (signupWithEmailAndPassword) {
+    setRegisterRequestHandler(signupWithEmailAndPassword, app);
+    setConfirmEmailRequestHandler.bind(this)(signupWithEmailAndPassword, app);
+  }
+
+  if (loginWithOAuth) {
+    await setOAuthRequestHandlers.bind(this)(app, loginWithOAuth);
+  }
 
   if (use) {
     const prostglesUseMiddleware: RequestHandler = (req, res, next) => {

package/lib/Auth/utils/getSidAndUserFromRequest.ts

@@ -1,6 +1,7 @@
 import { DBOFullyTyped } from "../../DBSchemaBuilder";
 import { AuthHandler, getClientRequestIPsInfo } from "../AuthHandler";
 import { AuthClientRequest, AuthResultWithSID } from "../AuthTypes";
+import { throttledReject } from "./throttledReject";
 
 /**
  * For a given sid return the user data if available using the auth handler's getUser method.
@@ -32,7 +33,7 @@ export async function getSidAndUserFromRequest(
    * Get sid from request and fetch user data
    */
   const authStart = Date.now();
-  const result = await this.throttledFunc(async () => {
+  const result = await throttledReject(async () => {
     const { getUser } = this.opts;
 
     const sid = this.getSID(clientReq);

package/lib/Auth/utils/throttledReject.ts

@@ -0,0 +1,33 @@
+/**
+ * Given an async function, this function will throttle the response time if errored to prevent timing attacks
+ */
+export const throttledReject = <T>(func: () => Promise<T>, throttle = 500): Promise<T> => {
+  return new Promise(async (resolve, reject) => {
+    let result: T,
+      error: any,
+      finished = false;
+
+    /**
+     * Throttle reject response times to prevent timing attacks
+     */
+    const interval = setInterval(() => {
+      if (finished) {
+        clearInterval(interval);
+        if (error) {
+          reject(error);
+        }
+      }
+    }, throttle);
+
+    try {
+      result = await func();
+      resolve(result);
+      clearInterval(interval);
+    } catch (err) {
+      console.log(err);
+      error = err;
+    }
+
+    finished = true;
+  });
+};