sentri 1.0.4 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +266 -862
- package/dist/cli.js +79 -26
- package/dist/cli.js.map +1 -1
- package/dist/client.d.ts +13 -7
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +2 -1
- package/dist/client.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/authorize.js +3 -3
- package/dist/middleware/authorize.js.map +1 -1
- package/dist/middleware/permit.d.ts +8 -8
- package/dist/middleware/permit.d.ts.map +1 -1
- package/dist/middleware/permit.js +10 -10
- package/dist/middleware/permit.js.map +1 -1
- package/dist/middleware/protect.js +5 -5
- package/dist/middleware/protect.js.map +1 -1
- package/dist/middleware/router.d.ts.map +1 -1
- package/dist/middleware/router.js +103 -115
- package/dist/middleware/router.js.map +1 -1
- package/dist/services/auth.d.ts +3 -2
- package/dist/services/auth.d.ts.map +1 -1
- package/dist/services/auth.js +15 -5
- package/dist/services/auth.js.map +1 -1
- package/dist/types/auth.d.ts +32 -2
- package/dist/types/auth.d.ts.map +1 -1
- package/dist/types/auth.js +20 -1
- package/dist/types/auth.js.map +1 -1
- package/package.json +1 -1
- package/templates/drizzle/adapter.ts +160 -0
- package/templates/drizzle/auth.ts +27 -0
- package/templates/drizzle/schema.ts +47 -0
- package/templates/prisma/adapter.ts +128 -0
- package/templates/prisma/auth.ts +30 -0
- /package/templates/{schema.prisma → prisma/schema.prisma} +0 -0
package/dist/cli.js
CHANGED
|
@@ -1,44 +1,97 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import { existsSync, copyFileSync, mkdirSync } from 'fs';
|
|
2
|
+
import { existsSync, copyFileSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
|
|
3
3
|
import { join, dirname } from 'path';
|
|
4
4
|
import { fileURLToPath } from 'url';
|
|
5
5
|
const __dirname = dirname(fileURLToPath(import.meta.url));
|
|
6
|
-
const COMMANDS = ['
|
|
6
|
+
const COMMANDS = ['generate'];
|
|
7
|
+
const ORMS = ['prisma', 'drizzle'];
|
|
7
8
|
function help() {
|
|
8
9
|
console.log(`
|
|
9
10
|
sentri — auth/authorization library for Express
|
|
10
11
|
|
|
11
12
|
Usage:
|
|
12
|
-
npx sentri <command>
|
|
13
|
+
npx sentri <command> [options]
|
|
13
14
|
|
|
14
15
|
Commands:
|
|
15
|
-
|
|
16
|
+
generate <prisma|drizzle>
|
|
17
|
+
Generate adapter, auth config, and schema templates
|
|
18
|
+
in src/lib/sentri/ and create a barrel at src/lib/index.ts
|
|
16
19
|
`);
|
|
17
20
|
}
|
|
18
|
-
function
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
function generateSchemaFile(templatePath, destination, firstLinePrefix, label) {
|
|
22
|
+
if (!existsSync(templatePath))
|
|
23
|
+
return;
|
|
24
|
+
mkdirSync(dirname(destination), { recursive: true });
|
|
25
|
+
if (!existsSync(destination)) {
|
|
26
|
+
copyFileSync(templatePath, destination);
|
|
27
|
+
console.log(`Created ${label}`);
|
|
28
|
+
}
|
|
29
|
+
else {
|
|
30
|
+
const templateContent = readFileSync(templatePath, 'utf-8');
|
|
31
|
+
const lines = templateContent.split('\n');
|
|
32
|
+
const firstLine = lines.findIndex((line) => line.startsWith(firstLinePrefix));
|
|
33
|
+
if (firstLine !== -1) {
|
|
34
|
+
const block = lines.slice(firstLine).join('\n').trimEnd();
|
|
35
|
+
const existing = readFileSync(destination, 'utf-8');
|
|
36
|
+
writeFileSync(destination, existing.trimEnd() + '\n\n' + block + '\n');
|
|
37
|
+
console.log(`Updated ${label} (tables appended)`);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
function generate(orm) {
|
|
42
|
+
if (!orm || !ORMS.includes(orm)) {
|
|
43
|
+
console.error(`Error: specify an ORM — usage: sentri generate <${ORMS.join('|')}>`);
|
|
23
44
|
process.exit(1);
|
|
24
45
|
}
|
|
25
|
-
|
|
26
|
-
|
|
46
|
+
const templateDirectory = join(__dirname, '..', 'templates', orm);
|
|
47
|
+
const destinationDirectory = join(process.cwd(), 'src', 'lib', 'sentri');
|
|
48
|
+
const adapterDestination = join(destinationDirectory, 'adapter.ts');
|
|
49
|
+
const authDestination = join(destinationDirectory, 'auth.ts');
|
|
50
|
+
const barrelDestination = join(process.cwd(), 'src', 'lib', 'index.ts');
|
|
51
|
+
if (!existsSync(templateDirectory)) {
|
|
52
|
+
console.error(`Error: templates for "${orm}" not found. Try reinstalling sentri.`);
|
|
27
53
|
process.exit(1);
|
|
28
54
|
}
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
55
|
+
if (existsSync(adapterDestination) || existsSync(authDestination)) {
|
|
56
|
+
console.error('Error: files already exist in src/lib/sentri/. Remove them first if you want to regenerate.');
|
|
57
|
+
process.exit(1);
|
|
58
|
+
}
|
|
59
|
+
mkdirSync(destinationDirectory, { recursive: true });
|
|
60
|
+
copyFileSync(join(templateDirectory, 'adapter.ts'), adapterDestination);
|
|
61
|
+
copyFileSync(join(templateDirectory, 'auth.ts'), authDestination);
|
|
62
|
+
console.log('Created src/lib/sentri/adapter.ts');
|
|
63
|
+
console.log('Created src/lib/sentri/auth.ts');
|
|
64
|
+
if (orm === 'prisma') {
|
|
65
|
+
generateSchemaFile(join(__dirname, '..', 'templates', 'prisma', 'schema.prisma'), join(process.cwd(), 'prisma', 'schema.prisma'), 'model ', 'prisma/schema.prisma');
|
|
66
|
+
}
|
|
67
|
+
else {
|
|
68
|
+
generateSchemaFile(join(templateDirectory, 'schema.ts'), join(destinationDirectory, 'schema.ts'), 'export ', 'src/lib/sentri/schema.ts');
|
|
69
|
+
}
|
|
70
|
+
if (!existsSync(barrelDestination)) {
|
|
71
|
+
mkdirSync(dirname(barrelDestination), { recursive: true });
|
|
72
|
+
writeFileSync(barrelDestination, "export { createAdapter } from './sentri/adapter.js';\nexport { auth } from './sentri/auth.js';\n");
|
|
73
|
+
console.log('Created src/lib/index.ts');
|
|
74
|
+
}
|
|
75
|
+
else {
|
|
76
|
+
console.log('Skipped src/lib/index.ts (already exists)');
|
|
77
|
+
}
|
|
78
|
+
console.log('');
|
|
79
|
+
console.log('Next steps:');
|
|
80
|
+
if (orm === 'prisma') {
|
|
81
|
+
console.log(' 1. Edit prisma/schema.prisma — change @map("email") to match your column name');
|
|
82
|
+
console.log(' 2. Set DATABASE_URL and JWT_SECRET in your .env file');
|
|
83
|
+
console.log(' 3. Run: npx prisma migrate dev && npx prisma generate');
|
|
84
|
+
console.log(' 4. Edit src/lib/sentri/auth.ts — update validRoles to match your app');
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
console.log(' 1. Edit src/lib/sentri/schema.ts — change text(\'email\') to match your column name');
|
|
88
|
+
console.log(' 2. Edit src/lib/sentri/auth.ts — update validRoles to match your app');
|
|
89
|
+
console.log(' 3. Set JWT_SECRET in your .env file');
|
|
90
|
+
}
|
|
91
|
+
console.log(' Mount the router in your Express app:');
|
|
92
|
+
console.log(" import { auth } from './lib/sentri/auth.js';");
|
|
93
|
+
console.log(" app.use('/auth', auth.router());");
|
|
94
|
+
console.log('');
|
|
42
95
|
}
|
|
43
96
|
const [, , command, ...args] = process.argv;
|
|
44
97
|
if (!command || command === '--help' || command === '-h') {
|
|
@@ -54,6 +107,6 @@ if (args.includes('--help') || args.includes('-h')) {
|
|
|
54
107
|
help();
|
|
55
108
|
process.exit(0);
|
|
56
109
|
}
|
|
57
|
-
if (command === '
|
|
58
|
-
|
|
110
|
+
if (command === 'generate')
|
|
111
|
+
generate(args[0]);
|
|
59
112
|
//# sourceMappingURL=cli.js.map
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AACtF,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AAEpC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAE1D,MAAM,QAAQ,GAAG,CAAC,UAAU,CAAU,CAAC;AAGvC,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAU,CAAC;AAG5C,SAAS,IAAI;IACX,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;CAUb,CAAC,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CACzB,YAAoB,EACpB,WAAmB,EACnB,eAAuB,EACvB,KAAa;IAEb,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC;QAAE,OAAO;IACtC,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC7B,YAAY,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,EAAE,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,MAAM,eAAe,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAC5D,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC;QAC9E,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1D,MAAM,QAAQ,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YACpD,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,OAAO,EAAE,GAAG,MAAM,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;YACvE,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,oBAAoB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,GAAuB;IACvC,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAU,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,mDAAmD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;IAClE,MAAM,oBAAoB,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;IACzE,MAAM,kBAAkB,GAAG,IAAI,CAAC,oBAAoB,EAAE,YAAY,CAAC,CAAC;IACpE,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,EAAE,SAAS,CAAC,CAAC;IAC9D,MAAM,iBAAiB,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IAExE,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,yBAAyB,GAAG,uCAAuC,CAAC,CAAC;QACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,UAAU,CAAC,kBAAkB,CAAC,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,KAAK,CAAC,6FAA6F,CAAC,CAAC;QAC7G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,SAAS,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,YAAY,CAAC,IAAI,CAAC,iBAAiB,EAAE,YAAY,CAAC,EAAE,kBAAkB,CAAC,CAAC;IACxE,YAAY,CAAC,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,EAAE,eAAe,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;IAE9C,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QACrB,kBAAkB,CAChB,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,QAAQ,EAAE,eAAe,CAAC,EAC7D,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,eAAe,CAAC,EAC9C,QAAQ,EACR,sBAAsB,CACvB,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,kBAAkB,CAChB,IAAI,CAAC,iBAAiB,EAAE,WAAW,CAAC,EACpC,IAAI,CAAC,oBAAoB,EAAE,WAAW,CAAC,EACvC,SAAS,EACT,0BAA0B,CAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACnC,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,aAAa,CACX,iBAAiB,EACjB,kGAAkG,CACnG,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC3B,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,iFAAiF,CAAC,CAAC;QAC/F,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;IACxF,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,uFAAuF,CAAC,CAAC;QACrG,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;QACtF,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;IACvD,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,EAAE,AAAD,EAAG,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;AAE5C,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;IACzD,IAAI,EAAE,CAAC;IACP,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAkB,CAAC,EAAE,CAAC;IAC3C,OAAO,CAAC,KAAK,CAAC,oBAAoB,OAAO,EAAE,CAAC,CAAC;IAC7C,IAAI,EAAE,CAAC;IACP,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;IACnD,IAAI,EAAE,CAAC;IACP,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,IAAI,OAAO,KAAK,UAAU;IAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC"}
|
package/dist/client.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { PermitCheck, PermitOptions } from './middleware/permit.js';
|
|
2
|
-
import type { AuthConfig, AuthResult, AuthUser, LoginInput, RefreshResult, SignupInput } from './types/auth.js';
|
|
2
|
+
import type { AssignRolesResult, AuthConfig, AuthResult, AuthUser, LoginInput, RefreshResult, SignupInput, SignupResult } from './types/auth.js';
|
|
3
3
|
import type { RequestHandler, Router } from 'express';
|
|
4
4
|
/**
|
|
5
5
|
* The bound auth client returned by {@link createAuth}.
|
|
@@ -15,10 +15,10 @@ export interface AuthClient<TRole extends string = string> {
|
|
|
15
15
|
* Register a new user.
|
|
16
16
|
*
|
|
17
17
|
* Validates that every requested role is in `validRoles`, rejects duplicate
|
|
18
|
-
*
|
|
19
|
-
*
|
|
18
|
+
* identifiers, hashes the password, creates the user record, and returns the
|
|
19
|
+
* created user. No tokens are issued — call `login` after signup.
|
|
20
20
|
*/
|
|
21
|
-
signup(input: SignupInput<TRole>): Promise<
|
|
21
|
+
signup(input: SignupInput<TRole>): Promise<SignupResult<TRole>>;
|
|
22
22
|
/**
|
|
23
23
|
* Authenticate an existing user by email and password.
|
|
24
24
|
*
|
|
@@ -48,6 +48,12 @@ export interface AuthClient<TRole extends string = string> {
|
|
|
48
48
|
* @param userId - The user's primary key as stored in the database.
|
|
49
49
|
*/
|
|
50
50
|
logoutAll(userId: string): Promise<void>;
|
|
51
|
+
/**
|
|
52
|
+
* Add roles to another user. Merges the given roles with the user's existing
|
|
53
|
+
* roles (no duplicates). The built-in router exposes this as
|
|
54
|
+
* `POST /users/:userId/roles` and restricts it to users with the `admin` role.
|
|
55
|
+
*/
|
|
56
|
+
assignRoles(userId: string, roles: string[]): Promise<AssignRolesResult<TRole>>;
|
|
51
57
|
/**
|
|
52
58
|
* Express middleware factory that enforces authentication.
|
|
53
59
|
*
|
|
@@ -88,9 +94,9 @@ export interface AuthClient<TRole extends string = string> {
|
|
|
88
94
|
/**
|
|
89
95
|
* Returns a pre-built Express Router with all standard auth endpoints mounted:
|
|
90
96
|
*
|
|
91
|
-
* - `POST /signup` — register, returns `{
|
|
92
|
-
* - `POST /login` — authenticate, returns `{ accessToken,
|
|
93
|
-
* - `POST /refresh` —
|
|
97
|
+
* - `POST /signup` — register, returns `{ user }`
|
|
98
|
+
* - `POST /login` — authenticate, sets refresh token cookie, returns `{ accessToken, user }`
|
|
99
|
+
* - `POST /refresh` — reads refresh token from cookie, returns `{ accessToken }`
|
|
94
100
|
* - `POST /logout` — invalidate current session
|
|
95
101
|
* - `POST /logout-all` — invalidate all sessions (requires valid access token)
|
|
96
102
|
*
|
package/dist/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,KAAK,EACV,UAAU,EACV,UAAU,EACV,QAAQ,EACR,UAAU,EACV,aAAa,EACb,WAAW,
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,KAAK,EACV,iBAAiB,EACjB,UAAU,EACV,UAAU,EACV,QAAQ,EACR,UAAU,EACV,aAAa,EACb,WAAW,EACX,YAAY,EACb,MAAM,iBAAiB,CAAC;AACzB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEtD;;;;;;;;GAQG;AACH,MAAM,WAAW,UAAU,CAAC,KAAK,SAAS,MAAM,GAAG,MAAM;IACvD;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;IAEhE;;;;;;OAMG;IACH,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAErD;;;;;;OAMG;IACH,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;IAE7D;;;;;OAKG;IACH,MAAM,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5C;;;;OAIG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzC;;;;OAIG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC;IAEhF;;;;;;;;;;OAUG;IACH,OAAO,IAAI,cAAc,CAAC;IAE1B;;;;;;;;;OASG;IACH,SAAS,CAAC,GAAG,KAAK,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC;IAE7C,oEAAoE;IACpE,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE7C,kEAAkE;IAClE,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAE9D,uDAAuD;IACvD,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC;IAElD,kDAAkD;IAClD,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAE5C,mFAAmF;IACnF,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAElD,mFAAmF;IACnF,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAEzD;;;;;;;;;;;;;;OAcG;IACH,MAAM,IAAI,MAAM,CAAC;IAEjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACH,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,cAAc,CAAC;IAC3C,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,GAAG,cAAc,CAAC;CACvD;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,UAAU,CAAC,KAAK,SAAS,MAAM,GAAG,MAAM,EACtD,MAAM,EAAE,UAAU,CAAC,KAAK,CAAC,GACxB,UAAU,CAAC,KAAK,CAAC,CAsBnB"}
|
package/dist/client.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { hashPassword, verifyPassword } from './libs/hash.js';
|
|
2
2
|
import { signAccessToken, signRefreshToken, verifyAccessToken, verifyRefreshToken } from './libs/token.js';
|
|
3
3
|
import { resolveConfig, validateConfig } from './libs/config.js';
|
|
4
|
-
import { signup, login, refresh, logout, logoutAll } from './services/auth.js';
|
|
4
|
+
import { signup, login, refresh, logout, logoutAll, assignRoles } from './services/auth.js';
|
|
5
5
|
import { protect } from './middleware/protect.js';
|
|
6
6
|
import { authorize } from './middleware/authorize.js';
|
|
7
7
|
import { permit } from './middleware/permit.js';
|
|
@@ -34,6 +34,7 @@ export function createAuth(config) {
|
|
|
34
34
|
refresh: (refreshToken) => refresh(refreshToken, config),
|
|
35
35
|
logout: (refreshToken) => logout(refreshToken, config),
|
|
36
36
|
logoutAll: (userId) => logoutAll(userId, config),
|
|
37
|
+
assignRoles: (userId, roles) => assignRoles(userId, roles, config),
|
|
37
38
|
protect: () => protect(config),
|
|
38
39
|
authorize: (...roles) => authorize(...roles),
|
|
39
40
|
hashPassword: (plain) => hashPassword(plain, resolved.saltRounds),
|
package/dist/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC3G,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC3G,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC5F,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAwK1D;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,UAAU,CACxB,MAAyB;IAEzB,cAAc,CAAC,MAAoB,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAoB,CAAC,CAAC;IAErD,OAAO;QACL,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAoB,EAAE,MAAoB,CAAiC;QACrG,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,MAAoB,CAA+B;QAClF,OAAO,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,OAAO,CAAC,YAAY,EAAE,MAAoB,CAAkC;QACvG,MAAM,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,EAAE,MAAoB,CAAC;QACpE,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,MAAoB,CAAC;QAC9D,WAAW,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,MAAoB,CAAsC;QACrH,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAoB,CAAC;QAC5C,SAAS,EAAE,CAAC,GAAG,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC;QAC5C,YAAY,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,KAAK,EAAE,QAAQ,CAAC,UAAU,CAAC;QACjE,cAAc,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC;QAC5D,eAAe,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,eAAe,CAAC,OAAmB,EAAE,MAAoB,CAAC;QACxF,gBAAgB,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,gBAAgB,CAAC,SAAS,EAAE,MAAoB,CAAC;QAClF,iBAAiB,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,KAAK,EAAE,MAAoB,CAAoB;QAC/F,kBAAkB,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,KAAK,EAAE,MAAoB,CAAC;QAC9E,MAAM,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC;QACtC,MAAM,EAAE,CAAC,cAAkD,EAAE,EAAE,CAAC,MAAM,CAAC,cAAc,CAAC;KACvF,CAAC;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -6,7 +6,7 @@ declare global {
|
|
|
6
6
|
}
|
|
7
7
|
}
|
|
8
8
|
}
|
|
9
|
-
export type { AuthConfig, CookieConfig, AuthUser, AuthResult, RefreshResult, SignupInput, LoginInput, AuthAdapter, UserRecord, SessionRecord, CreateUserData, } from './types/auth.js';
|
|
9
|
+
export type { AuthConfig, CookieConfig, AuthUser, AuthResult, SignupResult, AssignRolesResult, RefreshResult, ApiResponse, SignupInput, LoginInput, AuthAdapter, UserRecord, SessionRecord, CreateUserData, } from './types/auth.js';
|
|
10
10
|
export type { AuthErrorCode } from './errors/AuthError.js';
|
|
11
11
|
export type { AuthClient } from './client.js';
|
|
12
12
|
export { AuthError } from './errors/AuthError.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAIhD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,IAAI,CAAC,EAAE,QAAQ,CAAC;SACjB;KACF;CACF;AAED,YAAY,EACV,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,aAAa,EACb,WAAW,EACX,UAAU,EACV,WAAW,EACX,UAAU,EACV,aAAa,EACb,cAAc,GACf,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC3D,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAIhD,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,OAAO;YACf,IAAI,CAAC,EAAE,QAAQ,CAAC;SACjB;KACF;CACF;AAED,YAAY,EACV,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,aAAa,EACb,WAAW,EACX,WAAW,EACX,UAAU,EACV,WAAW,EACX,UAAU,EACV,aAAa,EACb,cAAc,GACf,MAAM,iBAAiB,CAAC;AACzB,YAAY,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC3D,YAAY,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC"}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AA+BA,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC"}
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { AuthError } from '../errors/AuthError.js';
|
|
2
2
|
export function authorize(...allowedRoles) {
|
|
3
|
-
return (
|
|
4
|
-
if (!
|
|
3
|
+
return (request, _response, next) => {
|
|
4
|
+
if (!request.user) {
|
|
5
5
|
return next(new AuthError('UNAUTHORIZED', 'Not authenticated'));
|
|
6
6
|
}
|
|
7
|
-
const userRoles =
|
|
7
|
+
const userRoles = request.user.roles;
|
|
8
8
|
const hasRole = allowedRoles.some((role) => userRoles.includes(role));
|
|
9
9
|
if (!hasRole) {
|
|
10
10
|
return next(new AuthError('FORBIDDEN', `Requires one of roles: ${allowedRoles.join(', ')}`));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorize.js","sourceRoot":"","sources":["../../src/middleware/authorize.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD,MAAM,UAAU,SAAS,CAAuB,GAAG,YAAqB;IACtE,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"authorize.js","sourceRoot":"","sources":["../../src/middleware/authorize.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD,MAAM,UAAU,SAAS,CAAuB,GAAG,YAAqB;IACtE,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE;QAClC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC,IAAI,SAAS,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,SAAS,GAAsB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;QACxD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACtE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CACT,IAAI,SAAS,CAAC,WAAW,EAAE,0BAA0B,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAChF,CAAC;QACJ,CAAC;QACD,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import type { Request, RequestHandler } from 'express';
|
|
2
2
|
/** A function that determines whether the current request is permitted. */
|
|
3
|
-
export type PermitCheck = (
|
|
3
|
+
export type PermitCheck = (request: Request) => boolean | Promise<boolean>;
|
|
4
4
|
/**
|
|
5
5
|
* Options for {@link permit} when you need role-bypass alongside a resource check.
|
|
6
6
|
*
|
|
@@ -8,9 +8,9 @@ export type PermitCheck = (req: Request) => boolean | Promise<boolean>;
|
|
|
8
8
|
* // Admins can edit any post; others only their own
|
|
9
9
|
* auth.permit({
|
|
10
10
|
* roles: ['admin'],
|
|
11
|
-
* check: async (
|
|
12
|
-
* const post = await db.findPost(
|
|
13
|
-
* return post?.authorId ===
|
|
11
|
+
* check: async (request) => {
|
|
12
|
+
* const post = await db.findPost(request.params['id']);
|
|
13
|
+
* return post?.authorId === request.user!.id;
|
|
14
14
|
* },
|
|
15
15
|
* })
|
|
16
16
|
*/
|
|
@@ -40,7 +40,7 @@ export interface PermitOptions<TRole extends string> {
|
|
|
40
40
|
* // Simple ownership check
|
|
41
41
|
* router.put('/users/:id',
|
|
42
42
|
* auth.protect(),
|
|
43
|
-
* auth.permit((
|
|
43
|
+
* auth.permit((request) => request.user!.id === request.params['id']),
|
|
44
44
|
* updateUserHandler,
|
|
45
45
|
* );
|
|
46
46
|
*
|
|
@@ -50,9 +50,9 @@ export interface PermitOptions<TRole extends string> {
|
|
|
50
50
|
* auth.protect(),
|
|
51
51
|
* auth.permit({
|
|
52
52
|
* roles: ['admin'],
|
|
53
|
-
* check: async (
|
|
54
|
-
* const post = await db.post.findUnique({ where: { id:
|
|
55
|
-
* return post?.authorId ===
|
|
53
|
+
* check: async (request) => {
|
|
54
|
+
* const post = await db.post.findUnique({ where: { id: request.params['id'] } });
|
|
55
|
+
* return post?.authorId === request.user!.id;
|
|
56
56
|
* },
|
|
57
57
|
* }),
|
|
58
58
|
* deletePostHandler,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permit.d.ts","sourceRoot":"","sources":["../../src/middleware/permit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGvD,2EAA2E;AAC3E,MAAM,MAAM,WAAW,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"permit.d.ts","sourceRoot":"","sources":["../../src/middleware/permit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAGvD,2EAA2E;AAC3E,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;AAE3E;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,aAAa,CAAC,KAAK,SAAS,MAAM;IACjD;;;OAGG;IACH,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC;IAChB;;;;OAIG;IACH,KAAK,EAAE,WAAW,CAAC;CACpB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,MAAM,CAAC,KAAK,SAAS,MAAM,EACzC,cAAc,EAAE,aAAa,CAAC,KAAK,CAAC,GAAG,WAAW,GACjD,cAAc,CA4BhB"}
|
|
@@ -12,7 +12,7 @@ import { AuthError } from '../errors/AuthError.js';
|
|
|
12
12
|
* // Simple ownership check
|
|
13
13
|
* router.put('/users/:id',
|
|
14
14
|
* auth.protect(),
|
|
15
|
-
* auth.permit((
|
|
15
|
+
* auth.permit((request) => request.user!.id === request.params['id']),
|
|
16
16
|
* updateUserHandler,
|
|
17
17
|
* );
|
|
18
18
|
*
|
|
@@ -22,9 +22,9 @@ import { AuthError } from '../errors/AuthError.js';
|
|
|
22
22
|
* auth.protect(),
|
|
23
23
|
* auth.permit({
|
|
24
24
|
* roles: ['admin'],
|
|
25
|
-
* check: async (
|
|
26
|
-
* const post = await db.post.findUnique({ where: { id:
|
|
27
|
-
* return post?.authorId ===
|
|
25
|
+
* check: async (request) => {
|
|
26
|
+
* const post = await db.post.findUnique({ where: { id: request.params['id'] } });
|
|
27
|
+
* return post?.authorId === request.user!.id;
|
|
28
28
|
* },
|
|
29
29
|
* }),
|
|
30
30
|
* deletePostHandler,
|
|
@@ -34,18 +34,18 @@ export function permit(optionsOrCheck) {
|
|
|
34
34
|
const options = typeof optionsOrCheck === 'function'
|
|
35
35
|
? { check: optionsOrCheck }
|
|
36
36
|
: optionsOrCheck;
|
|
37
|
-
return async (
|
|
38
|
-
if (!
|
|
37
|
+
return async (request, _response, next) => {
|
|
38
|
+
if (!request.user) {
|
|
39
39
|
return next(new AuthError('UNAUTHORIZED', 'Not authenticated'));
|
|
40
40
|
}
|
|
41
41
|
if (options.roles && options.roles.length > 0) {
|
|
42
|
-
const userRoles =
|
|
42
|
+
const userRoles = request.user.roles;
|
|
43
43
|
const hasBypassRole = options.roles.some((role) => userRoles.includes(role));
|
|
44
44
|
if (hasBypassRole)
|
|
45
45
|
return next();
|
|
46
46
|
}
|
|
47
47
|
try {
|
|
48
|
-
const allowed = await options.check(
|
|
48
|
+
const allowed = await options.check(request);
|
|
49
49
|
if (allowed) {
|
|
50
50
|
next();
|
|
51
51
|
}
|
|
@@ -53,8 +53,8 @@ export function permit(optionsOrCheck) {
|
|
|
53
53
|
next(new AuthError('FORBIDDEN', 'You do not have permission to perform this action'));
|
|
54
54
|
}
|
|
55
55
|
}
|
|
56
|
-
catch (
|
|
57
|
-
next(
|
|
56
|
+
catch (error) {
|
|
57
|
+
next(error);
|
|
58
58
|
}
|
|
59
59
|
};
|
|
60
60
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permit.js","sourceRoot":"","sources":["../../src/middleware/permit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAgCnD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,UAAU,MAAM,CACpB,cAAkD;IAElD,MAAM,OAAO,GACX,OAAO,cAAc,KAAK,UAAU;QAClC,CAAC,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE;QAC3B,CAAC,CAAC,cAAc,CAAC;IAErB,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"permit.js","sourceRoot":"","sources":["../../src/middleware/permit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAgCnD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,UAAU,MAAM,CACpB,cAAkD;IAElD,MAAM,OAAO,GACX,OAAO,cAAc,KAAK,UAAU;QAClC,CAAC,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE;QAC3B,CAAC,CAAC,cAAc,CAAC;IAErB,OAAO,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE;QACxC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC,IAAI,SAAS,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,SAAS,GAAsB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;YACxD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7E,IAAI,aAAa;gBAAE,OAAO,IAAI,EAAE,CAAC;QACnC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC7C,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,EAAE,CAAC;YACT,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,IAAI,SAAS,CAAC,WAAW,EAAE,mDAAmD,CAAC,CAAC,CAAC;YACxF,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
import { AuthError } from '../errors/AuthError.js';
|
|
2
2
|
import { verifyAccessToken } from '../libs/token.js';
|
|
3
3
|
export function protect(config) {
|
|
4
|
-
return (
|
|
5
|
-
const authHeader =
|
|
4
|
+
return (request, _response, next) => {
|
|
5
|
+
const authHeader = request.headers['authorization'];
|
|
6
6
|
if (!authHeader?.startsWith('Bearer ')) {
|
|
7
7
|
return next(new AuthError('UNAUTHORIZED', 'Missing or malformed Authorization header'));
|
|
8
8
|
}
|
|
9
9
|
const token = authHeader.slice(7);
|
|
10
10
|
try {
|
|
11
|
-
|
|
11
|
+
request.user = verifyAccessToken(token, config);
|
|
12
12
|
next();
|
|
13
13
|
}
|
|
14
|
-
catch (
|
|
15
|
-
next(
|
|
14
|
+
catch (error) {
|
|
15
|
+
next(error);
|
|
16
16
|
}
|
|
17
17
|
};
|
|
18
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"protect.js","sourceRoot":"","sources":["../../src/middleware/protect.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,MAAM,UAAU,OAAO,CAAC,MAAkB;IACxC,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"protect.js","sourceRoot":"","sources":["../../src/middleware/protect.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,MAAM,UAAU,OAAO,CAAC,MAAkB;IACxC,OAAO,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC,IAAI,SAAS,CAAC,cAAc,EAAE,2CAA2C,CAAC,CAAC,CAAC;QAC1F,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,IAAI,CAAC;YACH,OAAO,CAAC,IAAI,GAAG,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YAChD,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../src/middleware/router.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../src/middleware/router.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAkD,MAAM,SAAS,CAAC;AAEjF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAkEnD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,SAAS,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,KAAK,CAAC,GAAG,MAAM,CAsKxF"}
|