sveltekit-auth-example 1.0.4 → 1.0.7

package/CHANGELOG.md

@@ -1,3 +1,15 @@
+# 1.0.7
+* Bump dependencies and verify against latest SvelteKit
+* Additional changes for register PostgreSQL function
+
+# 1.0.5
+* Bump dependencies
+* [Fix] Flaw in register allowing user to register over top of an existing account
+* Additional checks of submitted data
+
+# 1.0.4
+* Bump dependencies
+
 # 1.0.4
 * [Fix] If you login with a Google account, you cannot Update the Profile (UI is looking for password and confirm password which don't make sense in this context)
 * Added Content Security Policy

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Nate Stuyvesant
+Copyright (c) 2022 Nate Stuyvesant
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/db_create.sql

@@ -182,15 +182,17 @@ DECLARE
   input_phone varchar(23) := TRIM((input->>'phone')::varchar);
   input_password varchar(80) := (input->>'password')::varchar;
 BEGIN
-  SELECT json_build_object('id', create_session(users.id), 'user', json_build_object('id', users.id, 'role', users.role, 'email', input_email, 'firstName', users.first_name, 'lastName', users.last_name, 'phone', users.phone)) INTO user_session FROM users WHERE email = input_email;
+  PERFORM id FROM users WHERE email = input_email;
   IF NOT FOUND THEN
     INSERT INTO users(role, password, email, first_name, last_name, phone)
-      VALUES('student', crypt(input_password, input_password), input_email, input_first_name, input_last_name, input_phone)
+      VALUES('student', crypt(input_password, gen_salt('bf', 8)), input_email, input_first_name, input_last_name, input_phone)
       RETURNING
         json_build_object(
           'sessionId', create_session(users.id),
-          'user', json_build_object('id', users.id, 'role', 'student', 'email', input_email, 'firstName', input_first_name, 'lastName', input_last_name, 'phone', input_phone)
+          'user', json_build_object('id', users.id, 'role', 'student', 'email', input_email, 'firstName', input_first_name, 'lastName', input_last_name, 'phone', input_phone, 'optOut', false)
         ) INTO user_session;
+  ELSE -- user is registering account that already exists so set sessionId and user to null so client can let them know
+  	SELECT authenticate(input) INTO user_session;
   END IF;
 END;
 $BODY$;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "sveltekit-auth-example",
   "description": "SvelteKit Authentication Example",
-  "version": "1.0.4",
+  "version": "1.0.7",
   "private": false,
   "author": "Nate Stuyvesant",
   "license": "https://github.com/nstuyvesant/sveltekit-auth-example/blob/master/LICENSE",
@@ -32,37 +32,37 @@
     "format": "prettier --ignore-path .gitignore --write --plugin-search-dir=. ."
   },
   "engines": {
-    "node": "~16.14.2",
-    "npm": "^8.6.0"
+    "node": "~16.15.0",
+    "npm": "^8.8.0"
   },
   "type": "module",
   "dependencies": {
-    "cookie": "^0.4.2",
+    "cookie": "^0.5.0",
     "dotenv": "^16.0.0",
-    "google-auth-library": "^7.11.1",
+    "google-auth-library": "^8.0.2",
     "jsonwebtoken": "^8.5.1",
     "pg": "^8.7.3",
     "pg-native": "^3.0.0"
   },
   "devDependencies": {
-    "@sveltejs/adapter-node": "next",
-    "@sveltejs/kit": "next",
+    "@sveltejs/adapter-node": "latest",
+    "@sveltejs/kit": "latest",
     "@types/jsonwebtoken": "^8.5.8",
     "@types/pg": "^8.6.5",
-    "@typescript-eslint/eslint-plugin": "^5.18.0",
-    "@typescript-eslint/parser": "^5.18.0",
+    "@typescript-eslint/eslint-plugin": "^5.22.0",
+    "@typescript-eslint/parser": "^5.22.0",
     "bootstrap": "^5.1.3",
     "bootstrap-icons": "^1.8.1",
-    "eslint": "^8.12.0",
+    "eslint": "^8.14.0",
     "eslint-config-prettier": "^8.5.0",
     "eslint-plugin-svelte3": "^3.4.1",
     "prettier": "^2.6.2",
-    "prettier-plugin-svelte": "^2.6.0",
-    "sass": "^1.49.11",
-    "svelte": "^3.46.6",
-    "svelte-check": "^2.4.6",
-    "svelte-preprocess": "^4.10.5",
-    "tslib": "^2.3.1",
-    "typescript": "^4.6.3"
+    "prettier-plugin-svelte": "^2.7.0",
+    "sass": "^1.51.0",
+    "svelte": "^3.48.0",
+    "svelte-check": "^2.7.0",
+    "svelte-preprocess": "^4.10.6",
+    "tslib": "^2.4.0",
+    "typescript": "^4.6.4"
   }
 }

package/src/routes/auth/[slug].ts

@@ -9,12 +9,6 @@ export const post: RequestHandler = async event => {
 
   try {
     switch (slug) {
-      case 'login': 
-        sql = `SELECT authenticate($1) AS "authenticationResult";`
-        break
-      case 'register':
-        sql = `SELECT register($1) AS "authenticationResult";`
-        break
       case 'logout':
         if (event.locals.user) { // if user is null, they are logged out anyway (session might have ended)
           sql = `CALL delete_session($1);`
@@ -29,6 +23,13 @@ export const post: RequestHandler = async event => {
             message: 'Logout successful.'
           }
         }
+      case 'login': 
+        sql = `SELECT authenticate($1) AS "authenticationResult";`
+        break
+      case 'register':
+        sql = `SELECT register($1) AS "authenticationResult";`
+        break
+
       default:
         return {
           status: 404,
@@ -41,8 +42,18 @@ export const post: RequestHandler = async event => {
 
     // Only /auth/login and /auth/register at this point
     const body = await event.request.json()
-    result = await query(sql, [JSON.stringify(body)])
 
+    // While client checks for these to be non-null, register() in the database does not
+    if (slug == 'register' && (!body.email || !body.password || !body.firstName || !body.lastName))
+    return {
+      status: 400,
+      body: {
+        message: 'Please supply all required fields: email, password, first and last name.',
+        user: null
+      }
+    }
+
+    result = await query(sql, [JSON.stringify(body)])
   } catch (error) {
     return {
       status: 503,