wirejs-resources 0.1.10 → 0.1.12

package/README.md

@@ -0,0 +1,3 @@
+Experimental.
+
+If this package interests you, contact the author.

package/dist/adapters/signed-cookie.d.ts

@@ -0,0 +1,14 @@
+import type { Secret } from '../resources/secret.js';
+import { Cookie, CookieJar } from './cookie-jar.js';
+import { Resource } from '../resource.js';
+export declare class SignedCookie<T> {
+    private scope;
+    private name;
+    private signingSecret;
+    private options;
+    constructor(scope: Resource | string, name: string, signingSecret: Secret, options?: Omit<Cookie, 'value' | 'name'>);
+    get cookieName(): string;
+    read(cookies: CookieJar): Promise<T | null>;
+    write(cookies: CookieJar, value: T | null): Promise<void>;
+    clear(cookies: CookieJar): void;
+}

package/dist/adapters/signed-cookie.js

@@ -0,0 +1,66 @@
+import * as jose from 'jose';
+const ONE_HOUR = 60 * 60; // minutes/hour * seconds/minute
+export class SignedCookie {
+    scope;
+    name;
+    signingSecret;
+    options;
+    constructor(scope, name, signingSecret, options = {}) {
+        this.scope = scope;
+        this.name = name;
+        this.signingSecret = signingSecret;
+        this.options = options;
+    }
+    get cookieName() {
+        if (typeof this.scope === 'string') {
+            return `${this.scope.replaceAll('/', '-')}-${this.name}`;
+        }
+        else {
+            return `${this.scope.absoluteId.replaceAll('/', '-')}-${this.name}`;
+        }
+    }
+    async read(cookies) {
+        try {
+            const cookie = cookies.get(this.cookieName)?.value;
+            const result = cookie ? await jose.jwtVerify(cookie, new TextEncoder().encode(await this.signingSecret.read())) : undefined;
+            if (result?.payload) {
+                return result.payload;
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+    async write(cookies, value) {
+        if (!value) {
+            this.clear(cookies);
+        }
+        else {
+            const duration = typeof this.options.maxAge === 'number'
+                ? this.options.maxAge
+                : ONE_HOUR;
+            const httpOnly = typeof this.options.httpOnly === 'boolean'
+                ? this.options.httpOnly
+                : true;
+            const secure = typeof this.options.secure === 'boolean'
+                ? this.options.secure
+                : true;
+            const jwt = await new jose.SignJWT(value)
+                .setProtectedHeader({ alg: 'HS256' })
+                .setIssuedAt()
+                .setExpirationTime(`${duration}s`)
+                .sign(new TextEncoder().encode(await this.signingSecret.read()));
+            cookies.set({
+                name: this.cookieName,
+                value: jwt,
+                httpOnly,
+                secure,
+                maxAge: duration
+            });
+        }
+    }
+    clear(cookies) {
+        cookies.delete(this.cookieName);
+    }
+}

package/dist/index.d.ts

@@ -1,8 +1,10 @@
 export { FileService } from './services/file.js';
 export { AuthenticationService } from './services/authentication.js';
 export { CookieJar } from './adapters/cookie-jar.js';
-export { withContext, requiresContext, Context } from './adapters/context.js';
+export { SignedCookie } from './adapters/signed-cookie.js';
+export { withContext, requiresContext, Context, ContextWrapped } from './adapters/context.js';
 export { Resource } from './resource.js';
 export { overrides } from './overrides.js';
+export { Secret } from './resources/secret.js';
 export * from './types.js';
 export * from './derived-types.js';

package/dist/index.js

@@ -1,8 +1,10 @@
 export { FileService } from './services/file.js';
 export { AuthenticationService } from './services/authentication.js';
 export { CookieJar } from './adapters/cookie-jar.js';
+export { SignedCookie } from './adapters/signed-cookie.js';
 export { withContext, requiresContext, Context } from './adapters/context.js';
 export { Resource } from './resource.js';
 export { overrides } from './overrides.js';
+export { Secret } from './resources/secret.js';
 export * from './types.js';
 export * from './derived-types.js';

package/dist/internal/index.d.ts

@@ -1 +1 @@
-export declare function prebuildApi(): Promise<void>;
+export declare function prebuildApi(apiDir: string): Promise<void>;

package/dist/internal/index.js

@@ -1,12 +1,10 @@
-import process from 'process';
 import fs from 'fs';
 import path from 'path';
-export async function prebuildApi() {
-    const CWD = process.cwd();
+export async function prebuildApi(apiDir) {
     let API_URL = '/api';
-    const indexModule = await import(path.join(CWD, 'index.js'));
+    const indexModule = await import(path.join(apiDir, 'dist', 'index.js'));
     try {
-        const backendConfigModule = await import(path.join(CWD, 'config.js'));
+        const backendConfigModule = await import(path.join(apiDir, 'config.js'));
         const backendConfig = backendConfigModule.default;
         console.log("backend config found", backendConfig);
         if (backendConfig.apiUrl) {
@@ -23,5 +21,5 @@ export async function prebuildApi() {
         `import { apiTree } from "wirejs-resources/client";`,
         `const INTERNAL_API_URL = ${JSON.stringify(API_URL)};`,
     ].join('\n');
-    await fs.promises.writeFile(path.join(CWD, 'index.client.js'), [baseClient, apiCode].join('\n\n'));
+    await fs.promises.writeFile(path.join(apiDir, 'dist', 'index.client.js'), [baseClient, apiCode].join('\n\n'));
 }

package/dist/services/authentication.d.ts

@@ -1,21 +1,20 @@
 import { Resource } from '../resource.js';
+import { ContextWrapped } from '../adapters/context.js';
 import type { CookieJar } from '../adapters/cookie-jar.js';
-import type { User, AuthenticationError, AuthenticationMachineInput, AuthenticationMachineState, AuthenticationServiceOptions, AuthenticationState } from '../types.js';
+import type { User, AuthenticationError, AuthenticationMachineInput, AuthenticationMachineState, AuthenticationServiceOptions } from '../types.js';
 export declare class AuthenticationService extends Resource {
     #private;
     constructor(scope: Resource | string, id: string, { duration, keepalive, cookie }?: AuthenticationServiceOptions);
-    getSigningSecret(): Promise<Uint8Array<ArrayBufferLike>>;
-    get signingSecret(): Promise<Uint8Array<ArrayBufferLike>>;
-    getState(cookies: CookieJar): Promise<AuthenticationState>;
+    private getState;
     getMachineState(cookies: CookieJar): Promise<AuthenticationMachineState>;
-    setState(cookies: CookieJar, user?: User): Promise<void>;
+    private setState;
     missingFieldErrors(input: Record<string, string | number | boolean>, fields: string[]): AuthenticationError[] | undefined;
     setMachineState(cookies: CookieJar, form: AuthenticationMachineInput): Promise<AuthenticationMachineState | {
         errors: AuthenticationError[];
     }>;
-    buildApi(this: AuthenticationService): import("../adapters/context.js").ContextfulApiNamespace<{
+    buildApi(): ContextWrapped<{
         getState: () => Promise<AuthenticationMachineState>;
-        setState: (options: Parameters<(typeof this)["setMachineState"]>[1]) => Promise<AuthenticationMachineState | {
+        setState: (options: AuthenticationMachineInput) => Promise<AuthenticationMachineState | {
             errors: AuthenticationError[];
         }>;
         getCurrentUser: () => Promise<User | null>;

package/dist/services/authentication.js

@@ -1,8 +1,8 @@
 import { scrypt, randomBytes, randomUUID } from 'crypto';
-import * as jose from 'jose';
 import { Resource } from '../resource.js';
 import { FileService } from './file.js';
 import { Secret } from '../resources/secret.js';
+import { SignedCookie } from '../adapters/signed-cookie.js';
 import { withContext } from '../adapters/context.js';
 import { overrides } from '../overrides.js';
 function newId() {
@@ -181,60 +181,23 @@ class UserStore {
     }
 }
 export class AuthenticationService extends Resource {
-    #duration;
-    ;
     #keepalive;
-    #cookieName;
-    #rawSigningSecret;
-    #signingSecret;
     #users;
+    #cookie;
     constructor(scope, id, { duration, keepalive, cookie } = {}) {
         super(scope, id);
-        this.#duration = duration || ONE_WEEK;
         this.#keepalive = !!keepalive;
-        this.#cookieName = cookie ?? 'identity';
-        this.#rawSigningSecret = new (overrides.Secret || Secret)(this, 'jwt-signing-secret');
+        const signingSecret = new (overrides.Secret || Secret)(this, 'jwt-signing-secret');
         const fileService = new (overrides.FileService || FileService)(this, 'files');
+        this.#cookie = new SignedCookie(this, cookie ?? 'identity', signingSecret, { maxAge: ONE_WEEK });
         this.#users = new UserStore(fileService);
     }
-    async getSigningSecret() {
-        const secretAsString = await this.#rawSigningSecret.read();
-        return new TextEncoder().encode(secretAsString);
-    }
-    get signingSecret() {
-        if (!this.#signingSecret) {
-            this.#signingSecret = this.getSigningSecret();
-        }
-        return this.#signingSecret;
-    }
     async getState(cookies) {
-        let idCookie;
-        let user;
-        try {
-            idCookie = cookies.get(this.#cookieName)?.value;
-            const idPayload = idCookie ? (await jose.jwtVerify(idCookie, await this.signingSecret)) : undefined;
-            user = idPayload ? {
-                id: idPayload.payload.sub,
-                username: idPayload.payload.username,
-                displayName: idPayload.payload.username,
-            } : undefined;
-        }
-        catch (err) {
-            // jose doesn't like our cookie.
-            console.error(err);
-        }
-        if (user) {
-            return {
-                state: 'authenticated',
-                user
-            };
-        }
-        else {
-            return {
-                state: 'unauthenticated',
-                user: undefined,
-            };
-        }
+        const cookieState = await this.#cookie.read(cookies);
+        return cookieState ? cookieState : {
+            state: 'unauthenticated',
+            user: undefined
+        };
     }
     async getMachineState(cookies) {
         const state = await this.getState(cookies);
@@ -261,21 +224,12 @@ export class AuthenticationService extends Resource {
     }
     async setState(cookies, user) {
         if (!user) {
-            cookies.delete(this.#cookieName);
+            this.#cookie.clear(cookies);
         }
         else {
-            const jwt = await new jose.SignJWT(user)
-                .setProtectedHeader({ alg: 'HS256' })
-                .setIssuedAt()
-                .setSubject(user.id)
-                .setExpirationTime(`${this.#duration}s`)
-                .sign(await this.signingSecret);
-            cookies.set({
-                name: this.#cookieName,
-                value: jwt,
-                httpOnly: true,
-                secure: true,
-                maxAge: this.#duration
+            return this.#cookie.write(cookies, {
+                state: 'authenticated',
+                user
             });
         }
     }

package/dist/types.d.ts

@@ -27,8 +27,11 @@ export type AuthenticationAction = {
     buttons?: readonly string[];
 };
 export type AuthenticationState = {
-    state: 'authenticated' | 'unauthenticated';
-    user: User | undefined;
+    state: 'authenticated';
+    user: User;
+} | {
+    state: 'unauthenticated';
+    user: undefined;
 };
 export type AuthenticationMachineAction = Readonly<AuthenticationAction & {
     key: string;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "wirejs-resources",
-	"version": "0.1.10",
+	"version": "0.1.12",
 	"description": "Basic services and server-side resources for wirejs apps",
 	"type": "module",
 	"main": "./dist/index.js",
@@ -40,6 +40,7 @@
 	},
 	"files": [
 		"package.json",
+		"README.md",
 		"dist/*"
 	]
-}
+}