Release 0.16 (#196)

* initial refactor * fixes * test secrets extraction * updated lock * fix secret schema * updated schemas, fixed tests, skipping flow tests for now * added validator for rjsf, hook form via standard schema * removed @sinclair/typebox * remove unneeded vite dep * fix jsonv literal on Field.tsx * fix schema import path * fix schema modals * fix schema modals * fix json field form, replaced auth form * initial waku * finalize waku example * fix jsonv-ts version * fix schema updates with falsy values * fix media api to respect options' init, improve types * checking media controller test * checking media controller test * checking media controller test * clean up mediacontroller test * added cookie option `partitioned`, as well as cors `origin` to be array, option to enable `credentials` (#214) * added cookie option `partitioned`, as well as cors `origin` to be array, option to enable `credentials` * fix server test * fix data api (updated jsonv-ts) * enhance cloudflare image optimization plugin with new options and explain endpoint (#215) * feat: add ability to serve static by using dynamic imports (#197) * feat: add ability to serve static by using dynamic imports * serveStaticViaImport: make manifest optional * serveStaticViaImport: add error log * refactor/imports (#217) * refactored core and core/utils imports * refactored core and core/utils imports * refactored media imports * refactored auth imports * refactored data imports * updated package json exports, fixed mm config * fix tests * feat/deno (#219) * update bun version * fix module manager's em reference * add basic deno example * finalize * docs: fumadocs migration (#185) * feat(docs): initialize documentation structure with Fumadocs * feat(docs): remove home route and move /docs route to /route * feat(docs): add redirect to /start page * feat(docs): migrate Getting Started chapters * feat(docs): migrate Usage and Extending chapters * feat(callout): add CalloutCaution, CalloutDanger, CalloutInfo, and CalloutPositive * feat(layout): add Discord and GitHub links to documentation layout * feat(docs): add integration chapters draft * feat(docs): add modules chapters draft * refactor(mdx-components): remove unused Icon import * refactor(StackBlitz): enhance type safety by using unknown instead of any * refactor(layout): update navigation mode to 'top' in layout configuration * feat(docs): add @iconify/react package * docs(mdx-components): add Icon component to MDX components list * feat(docs): update Next.js integration guide * feat(docs): update React Router integration guide * feat(docs): update Astro integration guide * feat(docs): update Vite integration guide * fix(docs): update package manager initialization commands * feat(docs): migrate Modules chapters * chore(docs): update package.json with new devDependencies * feat(docs): migrate Integration Runtimes chapters * feat(docs): update Database usage chapter * feat(docs): restructure documentation paths * chore(docs): clean up unused imports and files in documentation * style(layout): revert navigation mode to previous state * fix(docs): routing for documentation structure * feat(openapi): add API documentation generation from OpenAPI schema * feat(docs): add icons to documentation pages * chore(dependencies): remove unused content-collections packages * fix(types): fix type error for attachFile in source.ts * feat(redirects): update root redirect destination to '/start' * feat(search): add static search functionality * chore(dependencies): update fumadocs-core and fumadocs-ui to latest versions * feat(search): add Powered by Orama link * feat(generate-openapi): add error handling for missing OpenAPI schema * feat(scripts): add OpenAPI generation to build process * feat(config): enable dynamic redirects and rewrites in development mode * feat(layout): add GitHub token support for improved API rate limits * feat(redirects): add 301 redirects for cloudflare pages * feat(docs): add Vercel redirects configuration * feat(config): enable standalone output for development environment * chore(layout): adjust layout settings * refactor(package): clean up ajv dependency versions * feat(docs): add twoslash support * refactor(layout): update DocsLayout import and navigation configuration * chore(layout): clean up layout.tsx by commenting out GithubInfo * fix(Search): add locale to search initialization * chore(package): update fumadocs and orama to latest versions * docs: add menu items descriptions * feat(layout): add GitHub URL to the layout component * feat(docs): add AutoTypeTable component to MDX components * feat(app): implement AutoTypeTable rendering for AppEvents type * docs(layout): switch callouts back to default components * fix(config): use __filename and __dirname for module paths * docs: add note about node.js 22 requirement * feat(styles): add custom color variables for light and dark themes * docs: add S3 setup instructions for media module * docs: fix typos and indentation in media module docs * docs: add local media adapter example for Node.js * docs(media): add S3/R2 URL format examples and fix typo * docs: add cross-links to initial config and seeding sections * indent numbered lists content, clarified media serve locations * fix mediacontroller tests * feat(layout): add AnimatedGridPattern component for dynamic background * style(layout): configure fancy ToC style ('clerk') * fix(AnimatedGridPattern): correct strokeDasharray type * docs: actualize docs * feat: add favicon * style(cloudflare): format code examples * feat(layout): add Github and Discord footer icons * feat(footer): add SVG social media icons for GitHub and Discord * docs: adjusted auto type table, added llm functions * added static deployment to cloudflare workers * docs: change cf redirects to proxy *.mdx instead of redirecting --------- Co-authored-by: dswbx <dennis.senn@gmx.ch> Co-authored-by: cameronapak <cameronandrewpak@gmail.com> * build: improve build script * add missing exports, fix EntityTypescript imports * media: Dropzone: add programmatic upload, additional events, loading state * schema object: disable extended defaults to allow empty config values * Feat/new docs deploy (#224) * test * try fixing pm * try fixing pm * fix docs on imports, export events correctly --------- Co-authored-by: Tim Seriakov <59409712+timseriakov@users.noreply.github.com> Co-authored-by: cameronapak <cameronandrewpak@gmail.com>
2026-03-15 20:17:22 +00:00 · 2025-08-01 15:55:59 +02:00
parent daaaae82b6
commit a298b65abf
430 changed files with 15041 additions and 12375 deletions
--- a/app/src/auth/authenticate/Authenticator.ts
+++ b/app/src/auth/authenticate/Authenticator.ts
@@ -1,46 +1,27 @@
-import { type DB, Exception } from "core";
+import type { DB } from "bknd";
+import { Exception } from "core/errors";
 import { addFlashMessage } from "core/server/flash";
-import {
-   $console,
-   type Static,
-   StringEnum,
-   type TObject,
-   parse,
-   runtimeSupports,
-   truncate,
-} from "core/utils";
-import type { Context, Hono } from "hono";
+import type { Context } from "hono";
 import { deleteCookie, getSignedCookie, setSignedCookie } from "hono/cookie";
 import { sign, verify } from "hono/jwt";
-import type { CookieOptions } from "hono/utils/cookie";
+import { type CookieOptions, serializeSigned } from "hono/utils/cookie";
 import type { ServerEnv } from "modules/Controller";
 import { pick } from "lodash-es";
-import * as tbbox from "@sinclair/typebox";
 import { InvalidConditionsException } from "auth/errors";
-const { Type } = tbbox;
+import { s, parse, secret, runtimeSupports, truncate, $console } from "bknd/utils";
+import type { AuthStrategy } from "./strategies/Strategy";

 type Input = any; // workaround
 export type JWTPayload = Parameters<typeof sign>[0];

 export const strategyActions = ["create", "change"] as const;
 export type StrategyActionName = (typeof strategyActions)[number];
-export type StrategyAction<S extends TObject = TObject> = {
+export type StrategyAction<S extends s.ObjectSchema = s.ObjectSchema> = {
   schema: S;
-   preprocess: (input: Static<S>) => Promise<Omit<DB["users"], "id" | "strategy">>;
+   preprocess: (input: s.Static<S>) => Promise<Omit<DB["users"], "id" | "strategy">>;
 };
 export type StrategyActions = Partial<Record<StrategyActionName, StrategyAction>>;

-// @todo: add schema to interface to ensure proper inference
-// @todo: add tests (e.g. invalid strategy_value)
-export interface Strategy {
-   getController: (auth: Authenticator) => Hono<any>;
-   getType: () => string;
-   getMode: () => "form" | "external";
-   getName: () => string;
-   toJSON: (secrets?: boolean) => any;
-   getActions?: () => StrategyActions;
-}
-
 export type User = DB["users"];

 export type ProfileExchange = {
@@ -60,43 +41,45 @@ export interface UserPool {
 }

 const defaultCookieExpires = 60 * 60 * 24 * 7; // 1 week in seconds
-export const cookieConfig = Type.Partial(
-   Type.Object({
-      path: Type.String({ default: "/" }),
-      sameSite: StringEnum(["strict", "lax", "none"], { default: "lax" }),
-      secure: Type.Boolean({ default: true }),
-      httpOnly: Type.Boolean({ default: true }),
-      expires: Type.Number({ default: defaultCookieExpires }), // seconds
-      renew: Type.Boolean({ default: true }),
-      pathSuccess: Type.String({ default: "/" }),
-      pathLoggedOut: Type.String({ default: "/" }),
-   }),
-   { default: {}, additionalProperties: false },
-);
+export const cookieConfig = s
+   .object({
+      path: s.string({ default: "/" }),
+      sameSite: s.string({ enum: ["strict", "lax", "none"], default: "lax" }),
+      secure: s.boolean({ default: true }),
+      httpOnly: s.boolean({ default: true }),
+      expires: s.number({ default: defaultCookieExpires }), // seconds
+      partitioned: s.boolean({ default: false }),
+      renew: s.boolean({ default: true }),
+      pathSuccess: s.string({ default: "/" }),
+      pathLoggedOut: s.string({ default: "/" }),
+   })
+   .partial()
+   .strict();

 // @todo: maybe add a config to not allow cookie/api tokens to be used interchangably?
 // see auth.integration test for further details

-export const jwtConfig = Type.Object(
-   {
-      // @todo: autogenerate a secret if not present. But it must be persisted from AppAuth
-      secret: Type.String({ default: "" }),
-      alg: Type.Optional(StringEnum(["HS256", "HS384", "HS512"], { default: "HS256" })),
-      expires: Type.Optional(Type.Number()), // seconds
-      issuer: Type.Optional(Type.String()),
-      fields: Type.Array(Type.String(), { default: ["id", "email", "role"] }),
-   },
-   {
-      default: {},
-      additionalProperties: false,
-   },
-);
-export const authenticatorConfig = Type.Object({
+export const jwtConfig = s
+   .object(
+      {
+         // @todo: autogenerate a secret if not present. But it must be persisted from AppAuth
+         secret: secret({ default: "" }),
+         alg: s.string({ enum: ["HS256", "HS384", "HS512"], default: "HS256" }).optional(),
+         expires: s.number().optional(), // seconds
+         issuer: s.string().optional(),
+         fields: s.array(s.string(), { default: ["id", "email", "role"] }),
+      },
+      {
+         default: {},
+      },
+   )
+   .strict();
+export const authenticatorConfig = s.object({
   jwt: jwtConfig,
   cookie: cookieConfig,
 });

-type AuthConfig = Static<typeof authenticatorConfig>;
+type AuthConfig = s.Static<typeof authenticatorConfig>;
 export type AuthAction = "login" | "register";
 export type AuthResolveOptions = {
   identifier?: "email" | string;
@@ -105,7 +88,7 @@ export type AuthResolveOptions = {
 };
 export type AuthUserResolver = (
   action: AuthAction,
-   strategy: Strategy,
+   strategy: AuthStrategy,
   profile: ProfileExchange,
   opts?: AuthResolveOptions,
 ) => Promise<ProfileExchange | undefined>;
@@ -115,7 +98,9 @@ type AuthClaims = SafeUser & {
   exp?: number;
 };

-export class Authenticator<Strategies extends Record<string, Strategy> = Record<string, Strategy>> {
+export class Authenticator<
+   Strategies extends Record<string, AuthStrategy> = Record<string, AuthStrategy>,
+> {
   private readonly config: AuthConfig;

   constructor(
@@ -128,7 +113,7 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<

   async resolveLogin(
      c: Context,
-      strategy: Strategy,
+      strategy: AuthStrategy,
      profile: Partial<SafeUser>,
      verify: (user: User) => Promise<void>,
      opts?: AuthResolveOptions,
@@ -166,7 +151,7 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<

   async resolveRegister(
      c: Context,
-      strategy: Strategy,
+      strategy: AuthStrategy,
      profile: CreateUser,
      verify: (user: User) => Promise<void>,
      opts?: AuthResolveOptions,
@@ -235,7 +220,7 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<

   strategy<
      StrategyName extends keyof Strategies,
-      Strat extends Strategy = Strategies[StrategyName],
+      Strat extends AuthStrategy = Strategies[StrategyName],
   >(strategy: StrategyName): Strat {
      try {
         return this.strategies[strategy] as unknown as Strat;
@@ -342,6 +327,11 @@ export class Authenticator<Strategies extends Record<string, Strategy> = Record<
      await setSignedCookie(c, "auth", token, secret, this.cookieOptions);
   }

+   async unsafeGetAuthCookie(token: string): Promise<string | undefined> {
+      // this works for as long as cookieOptions.prefix is not set
+      return serializeSigned("auth", token, this.config.jwt.secret, this.cookieOptions);
+   }
+
   private deleteAuthCookie(c: Context) {
      $console.debug("deleting auth cookie");
      deleteCookie(c, "auth", this.cookieOptions);