Merge branch 'release/0.19' into feat/advanced-permissions

2026-03-16 04:27:21 +00:00 · 2025-10-24 15:15:56 +02:00
parent f3c6cd7620 347fe0f6ce
commit 0df17221df
32 changed files with 587 additions and 107 deletions
--- a/app/src/auth/api/AuthApi.ts
+++ b/app/src/auth/api/AuthApi.ts
@@ -4,7 +4,7 @@ import type { AuthResponse, SafeUser, AuthStrategy } from "bknd";
 import { type BaseModuleApiOptions, ModuleApi } from "modules/ModuleApi";

 export type AuthApiOptions = BaseModuleApiOptions & {
-   onTokenUpdate?: (token?: string) => void | Promise<void>;
+   onTokenUpdate?: (token?: string, verified?: boolean) => void | Promise<void>;
   credentials?: "include" | "same-origin" | "omit";
 };

@@ -17,23 +17,19 @@ export class AuthApi extends ModuleApi<AuthApiOptions> {
   }

   async login(strategy: string, input: any) {
-      const res = await this.post<AuthResponse>([strategy, "login"], input, {
-         credentials: this.options.credentials,
-      });
+      const res = await this.post<AuthResponse>([strategy, "login"], input);

      if (res.ok && res.body.token) {
-         await this.options.onTokenUpdate?.(res.body.token);
+         await this.options.onTokenUpdate?.(res.body.token, true);
      }
      return res;
   }

   async register(strategy: string, input: any) {
-      const res = await this.post<AuthResponse>([strategy, "register"], input, {
-         credentials: this.options.credentials,
-      });
+      const res = await this.post<AuthResponse>([strategy, "register"], input);

      if (res.ok && res.body.token) {
-         await this.options.onTokenUpdate?.(res.body.token);
+         await this.options.onTokenUpdate?.(res.body.token, true);
      }
      return res;
   }
@@ -71,6 +67,11 @@ export class AuthApi extends ModuleApi<AuthApiOptions> {
   }

   async logout() {
-      await this.options.onTokenUpdate?.(undefined);
+      return this.get(["logout"], undefined, {
+         headers: {
+            // this way bknd detects a json request and doesn't redirect back
+            Accept: "application/json",
+         },
+      }).then(() => this.options.onTokenUpdate?.(undefined, true));
   }
 }
--- a/app/src/auth/authenticate/Authenticator.ts
+++ b/app/src/auth/authenticate/Authenticator.ts
@@ -42,6 +42,7 @@ export interface UserPool {
 const defaultCookieExpires = 60 * 60 * 24 * 7; // 1 week in seconds
 export const cookieConfig = s
   .strictObject({
+      domain: s.string().optional(),
      path: s.string({ default: "/" }),
      sameSite: s.string({ enum: ["strict", "lax", "none"], default: "lax" }),
      secure: s.boolean({ default: true }),
@@ -288,6 +289,7 @@ export class Authenticator<

      return {
         ...cookieConfig,
+         domain: cookieConfig.domain ?? undefined,
         expires: new Date(Date.now() + expires * 1000),
      };
   }
@@ -377,7 +379,10 @@ export class Authenticator<

   // @todo: move this to a server helper
   isJsonRequest(c: Context): boolean {
-      return c.req.header("Content-Type") === "application/json";
+      return (
+         c.req.header("Content-Type") === "application/json" ||
+         c.req.header("Accept") === "application/json"
+      );
   }

   async getBody(c: Context) {