sveltekit-auth-example 1.0.5 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +5 -0
  2. package/LICENSE +1 -1
  3. package/db_create.sql +3 -1
  4. package/package.json +13 -13
  5. package/src/routes/auth/[slug].ts +18 -7
package/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ # 1.0.5
2
+ * Bump dependencies
3
+ * [Fix] Flaw in register allowing user to register over top of an existing account
4
+ * Additional checks of submitted data
5
+
1
6
  # 1.0.4
2
7
  * Bump dependencies
3
8
 
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2021 Nate Stuyvesant
3
+ Copyright (c) 2022 Nate Stuyvesant
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/db_create.sql CHANGED
@@ -210,7 +210,7 @@ DECLARE
210
210
  input_first_name varchar(20) := TRIM((input->>'firstName')::varchar);
211
211
  input_last_name varchar(20) := TRIM((input->>'lastName')::varchar);
212
212
  BEGIN
213
- SELECT json_build_object('id', create_session(users.id), 'user', json_build_object('id', users.id, 'role', users.role, 'email', input_email, 'firstName', users.first_name, 'lastName', users.last_name, 'phone', users.phone)) INTO user_session FROM users WHERE email = input_email;
213
+ PERFORM id FROM users WHERE email = input_email;
214
214
  IF NOT FOUND THEN
215
215
  INSERT INTO users(role, email, first_name, last_name)
216
216
  VALUES('student', input_email, input_first_name, input_last_name)
@@ -219,6 +219,8 @@ BEGIN
219
219
  'id', create_session(users.id),
220
220
  'user', json_build_object('id', users.id, 'role', 'student', 'email', input_email, 'firstName', input_first_name, 'lastName', input_last_name, 'phone', null)
221
221
  ) INTO user_session;
222
+ ELSE
223
+ SELECT authenticate(input) INTO user_session;
222
224
  END IF;
223
225
  END;
224
226
  $BODY$;
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "sveltekit-auth-example",
3
3
  "description": "SvelteKit Authentication Example",
4
- "version": "1.0.5",
4
+ "version": "1.0.6",
5
5
  "private": false,
6
6
  "author": "Nate Stuyvesant",
7
7
  "license": "https://github.com/nstuyvesant/sveltekit-auth-example/blob/master/LICENSE",
@@ -33,36 +33,36 @@
33
33
  },
34
34
  "engines": {
35
35
  "node": "~16.14.2",
36
- "npm": "^8.6.0"
36
+ "npm": "^8.8.0"
37
37
  },
38
38
  "type": "module",
39
39
  "dependencies": {
40
- "cookie": "^0.4.2",
40
+ "cookie": "^0.5.0",
41
41
  "dotenv": "^16.0.0",
42
- "google-auth-library": "^7.11.1",
42
+ "google-auth-library": "^8.0.1",
43
43
  "jsonwebtoken": "^8.5.1",
44
44
  "pg": "^8.7.3",
45
45
  "pg-native": "^3.0.0"
46
46
  },
47
47
  "devDependencies": {
48
- "@sveltejs/adapter-node": "next",
49
- "@sveltejs/kit": "next",
48
+ "@sveltejs/adapter-node": "latest",
49
+ "@sveltejs/kit": "latest",
50
50
  "@types/jsonwebtoken": "^8.5.8",
51
51
  "@types/pg": "^8.6.5",
52
- "@typescript-eslint/eslint-plugin": "^5.18.0",
53
- "@typescript-eslint/parser": "^5.18.0",
52
+ "@typescript-eslint/eslint-plugin": "^5.21.0",
53
+ "@typescript-eslint/parser": "^5.21.0",
54
54
  "bootstrap": "^5.1.3",
55
55
  "bootstrap-icons": "^1.8.1",
56
- "eslint": "^8.13.0",
56
+ "eslint": "^8.14.0",
57
57
  "eslint-config-prettier": "^8.5.0",
58
58
  "eslint-plugin-svelte3": "^3.4.1",
59
59
  "prettier": "^2.6.2",
60
60
  "prettier-plugin-svelte": "^2.7.0",
61
- "sass": "^1.50.0",
61
+ "sass": "^1.51.0",
62
62
  "svelte": "^3.47.0",
63
- "svelte-check": "^2.6.0",
64
- "svelte-preprocess": "^4.10.5",
65
- "tslib": "^2.3.1",
63
+ "svelte-check": "^2.7.0",
64
+ "svelte-preprocess": "^4.10.6",
65
+ "tslib": "^2.4.0",
66
66
  "typescript": "^4.6.3"
67
67
  }
68
68
  }
package/src/routes/auth/[slug].ts CHANGED
@@ -9,12 +9,6 @@ export const post: RequestHandler = async event => {
9
9
 
10
10
  try {
11
11
  switch (slug) {
12
- case 'login':
13
- sql = `SELECT authenticate($1) AS "authenticationResult";`
14
- break
15
- case 'register':
16
- sql = `SELECT register($1) AS "authenticationResult";`
17
- break
18
12
  case 'logout':
19
13
  if (event.locals.user) { // if user is null, they are logged out anyway (session might have ended)
20
14
  sql = `CALL delete_session($1);`
@@ -29,6 +23,13 @@ export const post: RequestHandler = async event => {
29
23
  message: 'Logout successful.'
30
24
  }
31
25
  }
26
+ case 'login':
27
+ sql = `SELECT authenticate($1) AS "authenticationResult";`
28
+ break
29
+ case 'register':
30
+ sql = `SELECT register($1) AS "authenticationResult";`
31
+ break
32
+
32
33
  default:
33
34
  return {
34
35
  status: 404,
@@ -41,8 +42,18 @@ export const post: RequestHandler = async event => {
41
42
 
42
43
  // Only /auth/login and /auth/register at this point
43
44
  const body = await event.request.json()
44
- result = await query(sql, [JSON.stringify(body)])
45
45
 
46
+ // While client checks for these to be non-null, register() in the database does not
47
+ if (slug == 'register' && (!body.email || !body.password || !body.firstName || !body.lastName))
48
+ return {
49
+ status: 400,
50
+ body: {
51
+ message: 'Please supply all required fields: email, password, first and last name.',
52
+ user: null
53
+ }
54
+ }
55
+
56
+ result = await query(sql, [JSON.stringify(body)])
46
57
  } catch (error) {
47
58
  return {
48
59
  status: 503,