add psw to email auth requests

prostgles · Dec 19, 2024 · c5079a6 · c5079a6
1 parent 9a3cb58
commit c5079a6
Show file tree

Hide file tree

Showing 9 changed files with 57 additions and 31 deletions.
diff --git a/.npmignore b/.npmignore
@@ -1,3 +1,5 @@
 tests
 documenation
-docs
+docs
+examples
+.vscode
diff --git a/lib/Auth/AuthHandler.ts b/lib/Auth/AuthHandler.ts
@@ -18,6 +18,7 @@ import {
   ExpressRes,
   LoginClientInfo,
   LoginParams,
+  LoginResponse,
 } from "./AuthTypes";
 import { getSafeReturnURL } from "./getSafeReturnURL";
 import { setupAuthRoutes } from "./setupAuthRoutes";
@@ -247,7 +248,7 @@ export class AuthHandler {
     });
   };
 
-  loginThrottled = async (params: LoginParams, client: LoginClientInfo): Promise<BasicSession> => {
+  loginThrottled = async (params: LoginParams, client: LoginClientInfo): Promise<LoginResponse> => {
     if (!this.opts?.login) throw "Auth login config missing";
     const { responseThrottle = 500 } = this.opts;
 
@@ -260,6 +261,7 @@ export class AuthHandler {
       };
 
       if (!result) throw err;
+      if ("success" in result) throw result;
       if (
         (result && (typeof result.sid !== "string" || typeof result.expires !== "number")) ||
         (!result && ![undefined, null].includes(result))
@@ -282,8 +284,12 @@ export class AuthHandler {
     loginParams: LoginParams
   ) => {
     const start = Date.now();
-    const { sid, expires } =
+    const loginResponse =
       (await this.loginThrottled(loginParams, getLoginClientInfo({ httpReq: req }))) || {};
+    if ("success" in loginResponse) {
+      return res.status(HTTPCODES.AUTH_ERROR).json(loginResponse);
+    }
+    const { sid, expires } = loginResponse;
     await this.prostgles.opts.onLog?.({
       type: "auth",
       command: "login",

diff --git a/lib/Auth/AuthTypes.ts b/lib/Auth/AuthTypes.ts
@@ -1,5 +1,12 @@
 import { Express, NextFunction, Request, Response } from "express";
-import { AnyObject, FieldFilter, IdentityProvider, UserLike } from "prostgles-types";
+import {
+  AnyObject,
+  EmailLoginResponse,
+  EmailRegisterResponse,
+  FieldFilter,
+  IdentityProvider,
+  UserLike,
+} from "prostgles-types";
 import { DB } from "../Prostgles";
 import { DBOFullyTyped } from "../DBSchemaBuilder";
 import { PRGLIOSocket } from "../DboBuilder/DboBuilderTypes";
@@ -92,7 +99,7 @@ type EmailWithoutTo = Omit<Email, "to">;
 type EmailProvider =
   | {
       signupType: "withMagicLink";
-      onRegistered: (data: { username: string }) => void | Promise<void>;
+      onRegistered: (data: { username: string }) => Awaitable<EmailRegisterResponse>;
       emailMagicLink: {
         onSend: (data: {
           email: string;
@@ -108,7 +115,7 @@ type EmailProvider =
       onRegistered: (
         data: { username: string; password: string },
         clientInfo: LoginClientInfo
-      ) => void | Promise<void>;
+      ) => Awaitable<EmailRegisterResponse>;
       /**
        * Defaults to 8
        */
@@ -280,7 +287,7 @@ export type Auth<S = void, SUser extends SessionUser = SessionUser> = {
     dbo: DBOFullyTyped<S>,
     db: DB,
     client: LoginClientInfo
-  ) => Awaitable<BasicSession> | BasicSession;
+  ) => Awaitable<LoginResponse>;
   logout?: (sid: string | undefined, dbo: DBOFullyTyped<S>, db: DB) => Awaitable<any>;
 
   /**
@@ -291,6 +298,8 @@ export type Auth<S = void, SUser extends SessionUser = SessionUser> = {
   };
 };
 
+export type LoginResponse = BasicSession | Exclude<EmailLoginResponse, { success: true }>;
+
 export type LoginParams =
   | { type: "username"; username: string; password: string; [key: string]: any }
   | ({ type: "provider" } & AuthProviderUserData);

diff --git a/lib/Auth/setEmailProvider.ts b/lib/Auth/setEmailProvider.ts
@@ -71,7 +71,13 @@ export async function setEmailProvider(this: AuthHandler, app: e.Express) {
 
       if (emailMessage) {
         await sendEmail(emailMessage.smtp, emailMessage.message);
-        res.json({ success: true, message: "Email sent" });
+        res.json({
+          success: true,
+          message:
+            email.signupType === "withPassword" ?
+              `We've sent a confirmation email to ${emailMessage.message.to}. Please check your inbox (and your spam folder) for a message from us.`
+            : "Email sent",
+        });
       }
     } catch {
       res.status(HTTPCODES.AUTH_ERROR).json({ success: false, error: "Failed to send email" });
@@ -82,6 +88,9 @@ export async function setEmailProvider(this: AuthHandler, app: e.Express) {
     app.get(AUTH_ROUTES_AND_PARAMS.confirmEmailExpressRoute, async (req, res) => {
       const { id } = req.params ?? {};
       try {
+        if (!id || typeof id !== "string") {
+          throw new Error("Invalid confirmation code");
+        }
         const { httpReq, ...clientInfo } = getLoginClientInfo({ httpReq: req });
         await email.emailConfirmation?.onConfirmed({
           confirmationCode: id,

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "prostgles-server",
-  "version": "4.2.185",
+  "version": "4.2.186",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -55,7 +55,7 @@
     "pg": "^8.11.5",
     "pg-cursor": "^2.11.0",
     "pg-promise": "^11.9.1",
-    "prostgles-types": "^4.0.122"
+    "prostgles-types": "^4.0.123"
   },
   "devDependencies": {
     "@types/express": "^4.17.21",

diff --git a/tests/client/package-lock.json b/tests/client/package-lock.json
diff --git a/tests/client/package.json b/tests/client/package.json
@@ -13,7 +13,7 @@
   "license": "ISC",
   "dependencies": {
     "@types/node": "^20.9.2",
-    "prostgles-client": "^4.0.194",
+    "prostgles-client": "^4.0.195",
     "prostgles-types": "^4.0.51",
     "socket.io-client": "^4.8.1"
   },

diff --git a/tests/server/package-lock.json b/tests/server/package-lock.json