sveltekit-auth-example 1.0.24 → 1.0.26

package/CHANGELOG.md

@@ -1,6 +1,14 @@
 # Backlog
 * Add password complexity checking on /register and /profile pages (only checks for length currently despite what the pages say)
 
+# 1.0.26
+* On the client, track whether the login session has expired and if so, clear $loginSession
+* Update dependencies
+
+# 1.0.25
+* Bump dependencies
+* Simplify Sign In With Google
+
 # 1.0.24
 * Bump dependencies
 

package/README.md

@@ -31,8 +31,8 @@ The forgot password / password reset functionality uses a JWT and [**SendInBlue*
 
 ## Prerequisites
 - PostgreSQL 14.5 or higher
-- Node.js 18.9.0 or higher
-- npm 8.19.1 or higher
+- Node.js 18.10.0 or higher
+- npm 8.19.2 or higher
 - Google API client
 - SendInBlue account (only used for emailing password reset link - the sample can run without it but forgot password will not work)
 

package/db_create.sql

@@ -158,7 +158,8 @@ SELECT json_build_object(
   'email', users.email,
   'firstName', users.first_name,
   'lastName', users.last_name,
-  'phone', users.phone
+  'phone', users.phone,
+  'expires', sessions.expires
 ) AS user
 FROM sessions
   INNER JOIN users ON sessions.user_id = users.id

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sveltekit-auth-example",
   "description": "SvelteKit Authentication Example",
-  "version": "1.0.24",
+  "version": "1.0.26",
   "private": false,
   "author": "Nate Stuyvesant",
   "license": "https://github.com/nstuyvesant/sveltekit-auth-example/blob/master/LICENSE",
@@ -32,7 +32,7 @@
 		"format": "prettier --write ."
   },
   "engines": {
-    "node": "~18.9.0",
+    "node": "~18.10.0",
     "npm": "^8.19.2"
   },
   "type": "module",
@@ -46,22 +46,22 @@
     "@types/google.accounts": "0.0.2",
     "@types/jsonwebtoken": "^8.5.9",
     "@types/pg": "^8.6.5",
-    "@typescript-eslint/eslint-plugin": "^5.37.0",
-    "@typescript-eslint/parser": "^5.37.0",
+    "@typescript-eslint/eslint-plugin": "^5.38.1",
+    "@typescript-eslint/parser": "^5.38.1",
     "bootstrap": "^5.2.1",
-    "eslint": "^8.23.1",
+    "eslint": "^8.24.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-svelte3": "^4.0.0",
-    "google-auth-library": "^8.5.1",
+    "google-auth-library": "^8.5.2",
     "jsonwebtoken": "^8.5.1",
     "prettier": "^2.7.1",
-    "prettier-plugin-svelte": "^2.7.0",
-    "sass": "^1.54.9",
+    "prettier-plugin-svelte": "^2.7.1",
+    "sass": "^1.55.0",
     "svelte": "^3.50.1",
-    "svelte-check": "^2.9.0",
+    "svelte-check": "^2.9.1",
     "svelte-preprocess": "^4.10.7",
     "tslib": "^2.4.0",
-    "typescript": "^4.8.3",
-    "vite": "^3.1.2"
+    "typescript": "^4.8.4",
+    "vite": "^3.1.4"
   }
 }

package/src/app.d.ts

@@ -91,6 +91,7 @@ interface SendInBlueRequest extends RequestInit {
 
 interface UserProperties {
   id: number
+  expires?: string // ISO-8601 datetime
   role: 'student' | 'teacher' | 'admin'
   password?: string
   firstName?: string
@@ -99,7 +100,7 @@ interface UserProperties {
   phone?: string
 }
 
-type User = UserProperties | undefined
+type User = UserProperties | undefined | null
 
 interface UserSession {
   id: string,

package/src/app.html

@@ -4,7 +4,7 @@
 		<meta charset="utf-8" />
 		<link rel="icon" href="%sveltekit.assets%//favicon.png" sizes="any" />
 		<meta name="viewport" content="width=device-width, initial-scale=1" />
-		<script src="https://accounts.google.com/gsi/client" async defer></script>
+		<script nonce="%sveltekit.nonce%" src="https://accounts.google.com/gsi/client" async defer></script>
 		%sveltekit.head%
 	</head>
 	<body>

package/src/routes/+layout.svelte

@@ -1,10 +1,10 @@
 <script lang="ts">
   import { onMount } from 'svelte'
   import type { LayoutServerData } from './$types'
-  import { goto } from '$app/navigation'
+  import { goto, beforeNavigate } from '$app/navigation'
   import { page } from '$app/stores'
   import { loginSession, toast } from '../stores'
-  import useAuth from '$lib/auth'
+  import { PUBLIC_GOOGLE_CLIENT_ID } from '$env/static/public'
   import 'bootstrap/scss/bootstrap.scss' // preferred way to load Bootstrap SCSS for hot module reloading
 
 	export let data: LayoutServerData
@@ -13,18 +13,62 @@
   const { user } = data
   $loginSession = user
 
-  // Vue.js Composition API style
-	const { initializeSignInWithGoogle, logout } = useAuth(page, loginSession, goto)
-
   let Toast: any
 
+  beforeNavigate( () => {
+		let expirationDate = $loginSession?.expires ? new Date($loginSession.expires) : undefined
+
+		if (expirationDate && expirationDate < new Date()) {
+			console.log('Login session expired.')
+			$loginSession = null
+		}
+	})
+
   onMount(async () => {
     await import('bootstrap/js/dist/collapse') // lots of ways to load Bootstrap but prefer this approach to avoid SSR issues
     await import('bootstrap/js/dist/dropdown')
     Toast = (await import('bootstrap/js/dist/toast')).default
-		initializeSignInWithGoogle()
+		window.google.accounts.id.initialize({
+      client_id: PUBLIC_GOOGLE_CLIENT_ID,
+      callback: googleCallback
+    })
+
+    if (!$loginSession) window.google.accounts.id.prompt()
 	})
 
+  async function logout() {
+		// Request server delete httpOnly cookie called loginSession
+		const url = '/auth/logout'
+		const res = await fetch(url, {
+			method: 'POST'
+		})
+		if (res.ok) {
+			loginSession.set(undefined) // delete loginSession.user from
+			goto('/login')
+		} else console.error(`Logout not successful: ${res.statusText} (${res.status})`)
+	}
+
+  async function googleCallback(response: GoogleCredentialResponse) {
+		const res = await fetch('/auth/google', {
+			method: 'POST',
+			headers: {
+				'Content-Type': 'application/json'
+			},
+			body: JSON.stringify({ token: response.credential })
+		})
+
+		if (res.ok) {
+			const fromEndpoint = await res.json()
+			loginSession.set(fromEndpoint.user) // update loginSession store
+			const { role } = fromEndpoint.user
+      const referrer = $page.url.searchParams.get('referrer')
+			if (referrer) return goto(referrer)
+			if (role === 'teacher') return goto('/teachers')
+			if (role === 'admin') return goto('/admin')
+			if (location.pathname === '/login') goto('/') // logged in so go home
+		}
+	}
+
   const openToast = (open: boolean) => {
     if (open) {
       const toastDiv = <HTMLDivElement> document.getElementById('authToast')

package/src/routes/login/+page.svelte

@@ -3,11 +3,8 @@
   import { goto } from '$app/navigation'
   import { page } from '$app/stores'
   import { loginSession } from '../../stores'
-  import useAuth from '$lib/auth'
   import { focusOnFirstError } from '$lib/focus'
 
-  const { initializeSignInWithGoogle, loginLocal } = useAuth(page, loginSession, goto)
-
   let focusedField: HTMLInputElement
   let message: string
   const credentials: Credentials = {
@@ -35,9 +32,42 @@
   }
 
   onMount(async() => {
-    initializeSignInWithGoogle('googleButton')
+    window.google.accounts.id.renderButton(document.getElementById('googleButton'), {
+				theme: 'filled_blue',
+				size: 'large',
+				width: '367'
+    })
     focusedField.focus()
 	})
+
+  async function loginLocal(credentials: Credentials) {
+		try {
+			const res = await fetch('/auth/login', {
+				method: 'POST',
+				body: JSON.stringify(credentials),
+				headers: {
+					'Content-Type': 'application/json'
+				}
+			})
+			const fromEndpoint = await res.json()
+			if (res.ok) {
+				loginSession.set(fromEndpoint.user)
+				const { role } = fromEndpoint.user
+        const referrer = $page.url.searchParams.get('referrer')
+				if (referrer) return goto(referrer)
+				if (role === 'teacher') return goto('/teachers')
+				if (role === 'admin') return goto('/admin')
+				return goto('/')
+			} else {
+				throw new Error(fromEndpoint.message)
+			}
+		} catch (err) {
+			if (err instanceof Error) {
+				console.error('Login error', err)
+				throw new Error(err.message)
+			}
+		}
+	}
 </script>
 
 <svelte:head>

package/src/routes/register/+page.svelte

@@ -1,13 +1,9 @@
 <script lang="ts">
   import { onMount } from 'svelte'
   import { goto } from '$app/navigation'
-  import { page } from '$app/stores'
   import { loginSession } from '../../stores'
-  import useAuth from '$lib/auth'
   import { focusOnFirstError } from '$lib/focus'
 
-  const { initializeSignInWithGoogle, registerLocal } = useAuth(page, loginSession, goto)
-
   let focusedField: HTMLInputElement
 
   let user: User = {
@@ -49,9 +45,41 @@
 
   onMount(() => {
     focusedField.focus()
-    initializeSignInWithGoogle('googleButton')
+    window.google.accounts.id.renderButton(document.getElementById('googleButton'), {
+				theme: 'filled_blue',
+				size: 'large',
+				width: '367'
+    })
   })
 
+  async function registerLocal(user: User) {
+		try {
+			const res = await fetch('/auth/register', {
+				method: 'POST',
+				body: JSON.stringify(user), // server ignores user.role - always set it to 'student' (lowest priv)
+				headers: {
+					'Content-Type': 'application/json'
+				}
+			})
+			if (!res.ok) {
+				if (res.status == 401)
+					// user already existed and passwords didn't match (otherwise, we login the user)
+					throw new Error('Sorry, that username is already in use.')
+				throw new Error(res.statusText) // should only occur if there's a database error
+			}
+
+			// res.ok
+			const fromEndpoint = await res.json()
+			loginSession.set(fromEndpoint.user) // update store so user is logged in
+			goto('/')
+		} catch (err) {
+			console.error('Register error', err)
+			if (err instanceof Error) {
+				throw new Error(err.message)
+			}
+		}
+	}
+
   const passwordMatch = () => {
     if (!user) return false // placate TypeScript
     if (!user.password) user.password = ''

package/src/lib/auth.ts

@@ -1,130 +0,0 @@
-/* eslint-disable @typescript-eslint/no-explicit-any */
-
-import type { Page } from '@sveltejs/kit'
-import type { Readable, Writable } from 'svelte/store'
-import { PUBLIC_GOOGLE_CLIENT_ID } from '$env/static/public'
-
-export default function useAuth(
-	page: Readable<Page>,
-	loginSession: Writable<User>,
-	goto: (
-		url: string | URL,
-		opts?: { replaceState?: boolean; noscroll?: boolean; keepfocus?: boolean; state?: any }
-	) => Promise<any>
-) {
-	let user: User
-	loginSession.subscribe((value) => {
-		user = value
-	})
-
-	let referrer: string | null
-	page.subscribe((value) => {
-		referrer = value.url.searchParams.get('referrer')
-	})
-
-	async function googleCallback(response: GoogleCredentialResponse) {
-		const res = await fetch('/auth/google', {
-			method: 'POST',
-			headers: {
-				'Content-Type': 'application/json'
-			},
-			body: JSON.stringify({ token: response.credential })
-		})
-
-		if (res.ok) {
-			const fromEndpoint = await res.json()
-			loginSession.set(fromEndpoint.user) // update loginSession store
-			const { role } = fromEndpoint.user
-			if (referrer) return goto(referrer)
-			if (role === 'teacher') return goto('/teachers')
-			if (role === 'admin') return goto('/admin')
-			if (location.pathname === '/login') goto('/') // logged in so go home
-		}
-	}
-
-	function initializeSignInWithGoogle(htmlId?: string) {
-		const { id } = window.google.accounts // assumes <script src="https://accounts.google.com/gsi/client" async defer></script> is in app.html
-		id.initialize({ client_id: PUBLIC_GOOGLE_CLIENT_ID, callback: googleCallback })
-
-		if (htmlId) {
-			// render button instead of prompt
-			return id.renderButton(document.getElementById(htmlId), {
-				theme: 'filled_blue',
-				size: 'large',
-				width: '367'
-			})
-		}
-
-		if (!user) id.prompt()
-	}
-
-	async function registerLocal(user: User) {
-		try {
-			const res = await fetch('/auth/register', {
-				method: 'POST',
-				body: JSON.stringify(user), // server ignores user.role - always set it to 'student' (lowest priv)
-				headers: {
-					'Content-Type': 'application/json'
-				}
-			})
-			if (!res.ok) {
-				if (res.status == 401)
-					// user already existed and passwords didn't match (otherwise, we login the user)
-					throw new Error('Sorry, that username is already in use.')
-				throw new Error(res.statusText) // should only occur if there's a database error
-			}
-
-			// res.ok
-			const fromEndpoint = await res.json()
-			loginSession.set(fromEndpoint.user) // update store so user is logged in
-			goto('/')
-		} catch (err) {
-			console.error('Register error', err)
-			if (err instanceof Error) {
-				throw new Error(err.message)
-			}
-		}
-	}
-
-	async function loginLocal(credentials: Credentials) {
-		try {
-			const res = await fetch('/auth/login', {
-				method: 'POST',
-				body: JSON.stringify(credentials),
-				headers: {
-					'Content-Type': 'application/json'
-				}
-			})
-			const fromEndpoint = await res.json()
-			if (res.ok) {
-				loginSession.set(fromEndpoint.user)
-				const { role } = fromEndpoint.user
-				if (referrer) return goto(referrer)
-				if (role === 'teacher') return goto('/teachers')
-				if (role === 'admin') return goto('/admin')
-				return goto('/')
-			} else {
-				throw new Error(fromEndpoint.message)
-			}
-		} catch (err) {
-			if (err instanceof Error) {
-				console.error('Login error', err)
-				throw new Error(err.message)
-			}
-		}
-	}
-
-	async function logout() {
-		// Request server delete httpOnly cookie called loginSession
-		const url = '/auth/logout'
-		const res = await fetch(url, {
-			method: 'POST'
-		})
-		if (res.ok) {
-			loginSession.set(undefined) // delete loginSession.user from
-			goto('/login')
-		} else console.error(`Logout not successful: ${res.statusText} (${res.status})`)
-	}
-
-	return { initializeSignInWithGoogle, registerLocal, loginLocal, logout }
-}