sveltekit-auth-example 1.0.23 → 1.0.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/README.md +4 -2
- package/package.json +3 -3
- package/src/app.html +1 -1
- package/src/routes/admin/+page.server.ts +3 -3
package/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
# Backlog
|
|
2
2
|
* Add password complexity checking on /register and /profile pages (only checks for length currently despite what the pages say)
|
|
3
3
|
|
|
4
|
+
# 1.0.24
|
|
5
|
+
* Bump dependencies
|
|
6
|
+
|
|
4
7
|
# 1.0.23
|
|
5
8
|
* Restructured server-side libraries to $lib/server based on https://github.com/sveltejs/kit/pull/6623
|
|
6
9
|
* General cleanup
|
package/README.md
CHANGED
|
@@ -2,10 +2,12 @@
|
|
|
2
2
|
|
|
3
3
|
This is an example of how to register, authenticate, and update users and limit their access to
|
|
4
4
|
areas of the website by role (admin, teacher, student). As almost every recent release of SvelteKit introduced breaking changes, this project attempts to
|
|
5
|
-
maintain compatibility with the latest release.
|
|
5
|
+
maintain compatibility with the latest release and leverage new APIs.
|
|
6
6
|
|
|
7
7
|
It's a Single Page App (SPA) built with SvelteKit and a PostgreSQL database back-end. Code is TypeScript and the website is styled using Bootstrap. PostgreSQL functions handle password hashing and UUID generation for the session ID. Unlike most authentication examples, this SPA does not use callbacks that redirect back to the site (causing the website to be reloaded with a visual flash).
|
|
8
8
|
|
|
9
|
+
The project includes a Content Security Policy (CSP) in svelte.config.js.
|
|
10
|
+
|
|
9
11
|
The website supports two types of authentication:
|
|
10
12
|
1. **Local accounts** via username (email) and password
|
|
11
13
|
- The login form (/src/routes/login/+page.svelte) sends the login info as JSON to endpoint /auth/login
|
|
@@ -25,7 +27,7 @@ The website supports two types of authentication:
|
|
|
25
27
|
|
|
26
28
|
> There is some overhead to checking the user session in a database each time versus using a JWT; however, validating each request avoids problems discussed in [this article](https://redis.com/blog/json-web-tokens-jwt-are-dangerous-for-user-sessions/) and [this one](https://scotch.io/bar-talk/why-jwts-suck-as-session-tokens). For a high-volume website, I would use Redis or the equivalent.
|
|
27
29
|
|
|
28
|
-
The forgot password functionality uses [**SendInBlue**](https://www.sendinblue.com) to send the email. You would need to have a **SendInBlue** account and set three environmental variables. Email sending is in /src/routes/auth/forgot.ts. This code could easily be replaced by nodemailer or something similar. Note: I have no affliation with **SendInBlue** (
|
|
30
|
+
The forgot password / password reset functionality uses a JWT and [**SendInBlue**](https://www.sendinblue.com) to send the email. You would need to have a **SendInBlue** account and set three environmental variables. Email sending is in /src/routes/auth/forgot.ts. This code could easily be replaced by nodemailer or something similar. Note: I have no affliation with **SendInBlue** (used their API because on another project).
|
|
29
31
|
|
|
30
32
|
## Prerequisites
|
|
31
33
|
- PostgreSQL 14.5 or higher
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "sveltekit-auth-example",
|
|
3
3
|
"description": "SvelteKit Authentication Example",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.24",
|
|
5
5
|
"private": false,
|
|
6
6
|
"author": "Nate Stuyvesant",
|
|
7
7
|
"license": "https://github.com/nstuyvesant/sveltekit-auth-example/blob/master/LICENSE",
|
|
@@ -33,7 +33,7 @@
|
|
|
33
33
|
},
|
|
34
34
|
"engines": {
|
|
35
35
|
"node": "~18.9.0",
|
|
36
|
-
"npm": "^8.19.
|
|
36
|
+
"npm": "^8.19.2"
|
|
37
37
|
},
|
|
38
38
|
"type": "module",
|
|
39
39
|
"dependencies": {
|
|
@@ -62,6 +62,6 @@
|
|
|
62
62
|
"svelte-preprocess": "^4.10.7",
|
|
63
63
|
"tslib": "^2.4.0",
|
|
64
64
|
"typescript": "^4.8.3",
|
|
65
|
-
"vite": "^3.1.
|
|
65
|
+
"vite": "^3.1.2"
|
|
66
66
|
}
|
|
67
67
|
}
|
package/src/app.html
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
<html lang="en">
|
|
3
3
|
<head>
|
|
4
4
|
<meta charset="utf-8" />
|
|
5
|
-
<link rel="icon" href="
|
|
5
|
+
<link rel="icon" href="%sveltekit.assets%//favicon.png" sizes="any" />
|
|
6
6
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
7
7
|
<script src="https://accounts.google.com/gsi/client" async defer></script>
|
|
8
8
|
%sveltekit.head%
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { redirect } from '@sveltejs/kit'
|
|
2
2
|
import type { PageServerLoad } from './$types'
|
|
3
3
|
|
|
4
|
-
export const load: PageServerLoad = async ({locals})=> {
|
|
4
|
+
export const load: PageServerLoad = async ({ locals }) => {
|
|
5
5
|
const { user } = locals
|
|
6
6
|
const authorized = ['admin']
|
|
7
7
|
if (!user || !authorized.includes(user.role)) {
|
|
@@ -9,6 +9,6 @@ export const load: PageServerLoad = async ({locals})=> {
|
|
|
9
9
|
}
|
|
10
10
|
|
|
11
11
|
return {
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
message: 'Admin-only content from server.'
|
|
13
|
+
}
|
|
14
14
|
}
|