sveltekit-auth-example 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +4 -3
  2. package/package.json +10 -1
  3. package/src/routes/profile.svelte +1 -1
  4. package/svelte.config.js +31 -1
package/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ # 1.0.4
2
+ * [Fix] If you login with a Google account, you cannot Update the Profile (UI is looking for password and confirm password which don't make sense in this context)
3
+ * Added Content Security Policy
4
+
1
5
  # 1.0.3
2
6
  * [Fix] user created or updated when password mismatches (@lxy-yz)
3
7
  * Updated project dependencies
@@ -5,18 +9,15 @@
5
9
  * Added declarations for Session and Locals for type safety
6
10
 
7
11
  # 1.0.2
8
-
9
12
  * [Fix] Updated endpoints and hooks to conform to SvelteKit's API changes.
10
13
  * Updated project dependencies
11
14
 
12
15
  # 1.0.1
13
-
14
16
  * Switched to dotenv vs. VITE_ env values for better security
15
17
  * Load Sign in with Google via code instead of static template
16
18
  * Fix logout (didn't work if session expired)
17
19
  * Fix login button rendering if that's the starting page
18
20
 
19
21
  # Backlog
20
-
21
22
  * [Low] Add password complexity check
22
23
  * [Low] Add Google reCaptcha 3
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "sveltekit-auth-example",
3
3
  "description": "SvelteKit Authentication Example",
4
- "version": "1.0.3",
4
+ "version": "1.0.4",
5
5
  "private": false,
6
6
  "author": "Nate Stuyvesant",
7
7
  "license": "https://github.com/nstuyvesant/sveltekit-auth-example/blob/master/LICENSE",
@@ -12,6 +12,15 @@
12
12
  "bugs": {
13
13
  "url": "https://github.com/nstuyvesant/sveltekit-auth-example/issues"
14
14
  },
15
+ "keywords": [
16
+ "svelte",
17
+ "sveltekit",
18
+ "authentication",
19
+ "example",
20
+ "google",
21
+ "postgresql",
22
+ "example"
23
+ ],
15
24
  "scripts": {
16
25
  "dev": "svelte-kit dev",
17
26
  "serve": "npm run dev -- --open",
package/src/routes/profile.svelte CHANGED
@@ -32,7 +32,7 @@
32
32
  message = ''
33
33
  const form = document.forms['profile']
34
34
 
35
- if (!passwordMatch()) {
35
+ if (!user.email.includes('gmail.com') && !passwordMatch()) {
36
36
  confirmPassword.classList.add('is-invalid')
37
37
  return
38
38
  }
package/svelte.config.js CHANGED
@@ -1,6 +1,19 @@
1
1
  import adapter from '@sveltejs/adapter-node'
2
2
  import preprocess from 'svelte-preprocess'
3
3
 
4
+ const production = process.env.NODE_ENV === 'production'
5
+
6
+ const baseCsp = [
7
+ 'self',
8
+ // 'strict-dynamic', // issues with datepicker on classes, add to calendar scripts
9
+ 'https://www.gstatic.com/recaptcha/', // recaptcha
10
+ 'https://accounts.google.com/gsi/', // sign-in w/google
11
+ 'https://www.google.com/recaptcha/', // recapatcha
12
+ 'https://fonts.gstatic.com/' // recaptcha fonts
13
+ ]
14
+
15
+ if (!production) baseCsp.push('ws://localhost:3000')
16
+
4
17
  /** @type {import('@sveltejs/kit').Config} */
5
18
  const config = {
6
19
  preprocess: preprocess(),
@@ -8,7 +21,24 @@ const config = {
8
21
  kit: {
9
22
  adapter: adapter({
10
23
  out: 'build'
11
- })
24
+ }),
25
+ csp: {
26
+ mode: 'auto',
27
+ directives: {
28
+ 'default-src': [...baseCsp],
29
+ 'script-src': ['unsafe-inline', ...baseCsp],
30
+ 'img-src': ['data:', 'blob:', ...baseCsp],
31
+ 'style-src': ['unsafe-inline', ...baseCsp],
32
+ 'object-src': ['none'],
33
+ 'base-uri': ['self'],
34
+ // 'require-trusted-types-for': ["'script'"] // will require effort to get this working
35
+ }
36
+ },
37
+ vite: {
38
+ serviceWorker: {
39
+ files: (filepath) => !/\.DS_Store/.test(filepath)
40
+ }
41
+ }
12
42
  }
13
43
  }
14
44