From f943075fd1c1c90a806505d8b7c960b00fef8ff1 Mon Sep 17 00:00:00 2001 From: Adrien Zaganelli Date: Tue, 1 Oct 2024 17:15:42 +0200 Subject: [PATCH] feat(deps): bump nuxt-auth-utils and use his password hasing by default --- package.json | 4 +- playground/server/routes/auth/github.get.ts | 2 +- pnpm-lock.yaml | 129 ++++++++++++++++-- ...ns.plugin.ts => nuxt-auth-utils.bridge.ts} | 11 +- 4 files changed, 132 insertions(+), 14 deletions(-) rename src/runtime/server/plugins/{sessions.plugin.ts => nuxt-auth-utils.bridge.ts} (69%) diff --git a/package.json b/package.json index f87bde1..9b1c63f 100644 --- a/package.json +++ b/package.json @@ -62,8 +62,8 @@ "eslint": "^9.10.0", "hookable": "^5.5.3", "nuxt": "^3.13.2", - "nuxt-auth-utils": "^0.3.8", - "pkg-pr-new": "^0.0.24", + "nuxt-auth-utils": "^0.4.0", + "pkg-pr-new": "^0.0.28", "typescript": "latest", "vitest": "^2.1.1", "vue-tsc": "^2.1.6" diff --git a/playground/server/routes/auth/github.get.ts b/playground/server/routes/auth/github.get.ts index 3ffcd6b..efe1990 100644 --- a/playground/server/routes/auth/github.get.ts +++ b/playground/server/routes/auth/github.get.ts @@ -1,4 +1,4 @@ -export default oauthGitHubEventHandler({ +export default defineOAuthGitHubEventHandler({ config: { emailRequired: true, }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index fafb87e..62cdf1c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -76,11 +76,11 @@ importers: specifier: ^3.13.2 version: 3.13.2(@libsql/client@0.11.0)(@parcel/watcher@2.4.1)(@types/node@20.16.6)(better-sqlite3@11.3.0)(drizzle-orm@0.33.0(@libsql/client@0.11.0)(better-sqlite3@11.3.0))(eslint@9.11.1(jiti@1.21.6))(ioredis@5.4.1)(magicast@0.3.5)(optionator@0.9.4)(rollup@4.22.4)(terser@5.33.0)(typescript@5.6.2)(vite@5.4.7(@types/node@20.16.6)(terser@5.33.0))(vue-tsc@2.1.6(typescript@5.6.2)) nuxt-auth-utils: - specifier: ^0.3.8 - version: 0.3.9(magicast@0.3.5)(rollup@4.22.4) + specifier: ^0.4.0 + version: 0.4.0(magicast@0.3.5)(rollup@4.22.4) pkg-pr-new: - specifier: ^0.0.24 - version: 0.0.24 + specifier: ^0.0.28 + version: 0.0.28 typescript: specifier: latest version: 5.6.2 @@ -93,6 +93,18 @@ importers: packages: + '@adonisjs/hash@9.0.5': + resolution: {integrity: sha512-oY8PafBrdGsr5UY8cAzzxPCtehZDW7KsPcI47dZpjydOdL/PQrT4liX+cGujL6mSbi3JEgQLBgBs/+SlPFvCrg==} + engines: {node: '>=20.6.0'} + peerDependencies: + argon2: ^0.31.2 || ^0.41.0 + bcrypt: ^5.1.1 + peerDependenciesMeta: + argon2: + optional: true + bcrypt: + optional: true + '@ampproject/remapping@2.3.0': resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==} engines: {node: '>=6.0.0'} @@ -975,6 +987,10 @@ packages: cpu: [x64] os: [win32] + '@lukeed/ms@2.0.2': + resolution: {integrity: sha512-9I2Zn6+NJLfaGoz9jN3lpwDgAYvfGeNYdbAIjJOqzs4Tpc+VU3Jqq4IofSUBKajiDS8k9fZIg18/z13mpk1bsA==} + engines: {node: '>=8'} + '@mapbox/node-pre-gyp@1.0.11': resolution: {integrity: sha512-Yhlar6v9WQgUp/He7BdgzOz8lqMQ8sU+jkCq7Wx8Myc5YFJLbEe7lgui/V7G1qB1DJykHSGwreceSaD60Y0PUQ==} hasBin: true @@ -1502,6 +1518,10 @@ packages: resolution: {integrity: sha512-HNjmfLQEVRZmHRET336f20H/8kOozUGwk7yajvsonjNxbj2wBTK1WsQuHkD5yYh9RxFGL2EyDHryOihOwUoKDA==} engines: {node: '>= 10.0.0'} + '@phc/format@1.0.0': + resolution: {integrity: sha512-m7X9U6BG2+J+R1lSOdCiITLLrxm+cWlNI3HUFA92oLO77ObGNzaKdh8pMLqdZcshtkKuV84olNNXDfMc4FezBQ==} + engines: {node: '>=10'} + '@pkgjs/parseargs@0.11.0': resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==} engines: {node: '>=14'} @@ -1513,6 +1533,10 @@ packages: '@polka/url@1.0.0-next.28': resolution: {integrity: sha512-8LduaNlMZGwdZ6qWrKlfa+2M4gahzFkprZiAt2TF8uS0qQgBizKXpXURqvTJ4WtmupWxaLqjRb2UCTe72mu+Aw==} + '@poppinss/utils@6.8.3': + resolution: {integrity: sha512-YGeH7pIUm9ExONURNH3xN61dBZ0SXgVuPA9E76t7EHeZHXPNrmR8TlbXQaka6kd5n+cpBNcHG4VsVfYf59bZ7g==} + engines: {node: '>=18.16.0'} + '@rollup/plugin-alias@5.1.1': resolution: {integrity: sha512-PR9zDb+rOzkRb2VD+EuKB7UC41vU5DIwZ5qqCpk0KJudcWAyi8rvYOhS7+L5aZCspw1stTViLgN5v6FF1p5cgQ==} engines: {node: '>=14.0.0'} @@ -1689,6 +1713,9 @@ packages: '@tybys/wasm-util@0.9.0': resolution: {integrity: sha512-6+7nlbMVX/PVDCwaIQ8nTOPveOcFLSt8GcXdx8hD0bt39uWxYT88uXzqTd4fTvqta7oeUJqudepapKNt2DYJFw==} + '@types/bytes@3.1.4': + resolution: {integrity: sha512-A0uYgOj3zNc4hNjHc5lYUfJQ/HVyBXiUMKdXd7ysclaE6k9oJdavQzODHuwjpUu2/boCP8afjQYi8z/GtvNCWA==} + '@types/estree@1.0.5': resolution: {integrity: sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==} @@ -1707,6 +1734,9 @@ packages: '@types/normalize-package-data@2.4.4': resolution: {integrity: sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==} + '@types/pluralize@0.0.33': + resolution: {integrity: sha512-JOqsl+ZoCpP4e8TDke9W79FDcSgPAR0l6pixx2JHkhnRjvShyYiAYw2LVsnA7K08Y6DeOnaU6ujmENO4os/cYg==} + '@types/resolve@1.20.2': resolution: {integrity: sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==} @@ -2112,6 +2142,10 @@ packages: resolution: {integrity: sha512-tjwM5exMg6BGRI+kNmTntNsvdZS1X8BFYS6tnJ2hdH0kVxM6/eVZ2xy+FqStSWvYmtfFMDLIxurorHwDKfDz5Q==} engines: {node: '>=18'} + bytes@3.1.2: + resolution: {integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==} + engines: {node: '>= 0.8'} + c12@1.11.2: resolution: {integrity: sha512-oBs8a4uvSDO9dm8b7OCFW7+dgtVrwmwnrVXYzLm43ta7ep2jCn/0MhoUFygIWtxhyy6+/MG7/agvpY0U1Iemew==} peerDependencies: @@ -2137,6 +2171,10 @@ packages: caniuse-lite@1.0.30001663: resolution: {integrity: sha512-o9C3X27GLKbLeTYZ6HBOLU1tsAcBZsLis28wrVzddShCS16RujjHp9GDHKZqrB3meE0YjhawvMFsGb/igqiPzA==} + case-anything@3.1.0: + resolution: {integrity: sha512-rRYnn5Elur8RuNHKoJ2b0tgn+pjYxL7BzWom+JZ7NKKn1lt/yGV/tUNwOovxYa9l9VL5hnXQdMc+mENbhJzosQ==} + engines: {node: '>=18'} + chai@5.1.1: resolution: {integrity: sha512-pT1ZgP8rPNqUgieVaEY+ryQr6Q4HXNg8Ei9UnLUrjN4IA7dvQC5JB+/kxVcPNDHyBcc/26CXPkbNzq3qwrOEKA==} engines: {node: '>=12'} @@ -2898,6 +2936,10 @@ packages: flatted@3.3.1: resolution: {integrity: sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==} + flattie@1.1.1: + resolution: {integrity: sha512-9UbaD6XdAL97+k/n+N7JwX46K/M6Zc6KcFYskrYL8wbBV/Uyk0CTAMY0VT+qiK5PM7AIc9aTWYtq65U7T+aCNQ==} + engines: {node: '>=8'} + foreground-child@3.3.0: resolution: {integrity: sha512-Ld2g8rrAyMYFXBhEqMz8ZAHBi4J4uS1i/CxGMDnjyFWddMXLVcDp051DZfu+t7+ab7Wv6SMqpWmyFIj5UbfFvg==} engines: {node: '>=14'} @@ -3667,8 +3709,16 @@ packages: engines: {node: ^16.10.0 || >=18.0.0} hasBin: true - nuxt-auth-utils@0.3.9: - resolution: {integrity: sha512-uYA0iij0Oo/YyevM+plMVOWruS3STbbHJUfGNOwS/BPN9/QM+nJAeQxn2KECNGugJ8dEjh2+5jzC/hr37+6dPw==} + nuxt-auth-utils@0.4.0: + resolution: {integrity: sha512-Tn5TtFIazDlteWq3Kt8csZLdgB8JGqmfL1QW/pgI+rZ89dR0OUD3f8SFZLO3pSoYhm5dFrOC1HR43dGPjc/81g==} + peerDependencies: + '@simplewebauthn/browser': ^10.0.0 + '@simplewebauthn/server': ^10.0.1 + peerDependenciesMeta: + '@simplewebauthn/browser': + optional: true + '@simplewebauthn/server': + optional: true nuxt@3.13.2: resolution: {integrity: sha512-Bjc2qRsipfBhjXsBEJCN+EUAukhdgFv/KoIR5HFB2hZOYRSqXBod3oWQs78k3ja1nlIhAEdBG533898KJxUtJw==} @@ -3838,8 +3888,8 @@ packages: resolution: {integrity: sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==} engines: {node: '>=12'} - pkg-pr-new@0.0.24: - resolution: {integrity: sha512-jzHuU0HLHEh3jNHQD7yZhxXM8CV8W+qdR0Ii5cxwm+t73kAvyZ9DkcDP4X1ZarX6DGnoibuuSOgWKYtQbjWsRQ==} + pkg-pr-new@0.0.28: + resolution: {integrity: sha512-aPY6VAz60fIqee1i1kyMdI1ap+3xpVZBvnzMZ+1E1Lqz22XJEy9sgJTx62tzVpAWysDeVtfLAyX3JILDrp0TWg==} hasBin: true pkg-types@1.2.0: @@ -4221,6 +4271,10 @@ packages: safe-buffer@5.2.1: resolution: {integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==} + safe-stable-stringify@2.5.0: + resolution: {integrity: sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA==} + engines: {node: '>=10'} + scslre@0.3.0: resolution: {integrity: sha512-3A6sD0WYP7+QrjbfNA2FN3FsOaGGFoekCVgTyypy53gPxhbkCIjtO6YWgdrfM+n/8sI8JeXZOIxsHjMTNxQ4nQ==} engines: {node: ^14.0.0 || >=16.0.0} @@ -4228,6 +4282,9 @@ packages: scule@1.3.0: resolution: {integrity: sha512-6FtHJEvt+pVMIB9IBY+IcCJ6Z5f1iQnytgyfKMhDKgmzYG+TeH/wx1y3l27rshSbLiSanrR9ffZDrEsmjlQF2g==} + secure-json-parse@2.7.0: + resolution: {integrity: sha512-6aU+Rwsezw7VR8/nyvKTx8QpWH9FrcYiXXlqC4z5d5XQBDRqtbfsRjnwGyqbi3gddNtWHuEk9OANUotL26qKUw==} + semver@5.7.2: resolution: {integrity: sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==} hasBin: true @@ -4309,6 +4366,10 @@ packages: slashes@3.0.12: resolution: {integrity: sha512-Q9VME8WyGkc7pJf6QEkj3wE+2CnvZMI+XJhwdTPR8Z/kWQRXi7boAWLDibRPyHRTUTPx5FaU7MsyrjI3yLB4HA==} + slugify@1.6.6: + resolution: {integrity: sha512-h+z7HKHYXj6wJU+AnS/+IH8Uh9fdcX1Lrhg1/VMdf9PwoBQXFcXiAdsy2tSK0P6gKwJLXp02r90ahUCqHk9rrw==} + engines: {node: '>=8.0.0'} + smob@1.5.0: resolution: {integrity: sha512-g6T+p7QO8npa+/hNx9ohv1E5pVCmWrVCUzUXJyLdMmftX6ER0oiWY/w9knEonLpnOp6b6FenKnMfR8gqwWdwig==} @@ -4537,6 +4598,9 @@ packages: tr46@0.0.3: resolution: {integrity: sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==} + truncatise@0.0.8: + resolution: {integrity: sha512-cXzueh9pzBCsLzhToB4X4gZCb3KYkrsAcBAX97JnazE74HOl3cpBJYEV7nabHeG/6/WXCU5Yujlde/WPBUwnsg==} + ts-api-utils@1.3.0: resolution: {integrity: sha512-UQMIo7pb8WRomKR1/+MFVLTroIvDVtMX3K6OUir8ynLyzB8Jeriont2bTAtmNPa1ekAgN7YPDyf6V+ygrdU+eQ==} engines: {node: '>=16'} @@ -5026,6 +5090,11 @@ packages: snapshots: + '@adonisjs/hash@9.0.5': + dependencies: + '@phc/format': 1.0.0 + '@poppinss/utils': 6.8.3 + '@ampproject/remapping@2.3.0': dependencies: '@jridgewell/gen-mapping': 0.3.5 @@ -5708,6 +5777,8 @@ snapshots: '@libsql/win32-x64-msvc@0.4.5': optional: true + '@lukeed/ms@2.0.2': {} + '@mapbox/node-pre-gyp@1.0.11': dependencies: detect-libc: 2.0.3 @@ -6375,6 +6446,8 @@ snapshots: '@parcel/watcher-win32-ia32': 2.4.1 '@parcel/watcher-win32-x64': 2.4.1 + '@phc/format@1.0.0': {} + '@pkgjs/parseargs@0.11.0': optional: true @@ -6382,6 +6455,21 @@ snapshots: '@polka/url@1.0.0-next.28': {} + '@poppinss/utils@6.8.3': + dependencies: + '@lukeed/ms': 2.0.2 + '@types/bytes': 3.1.4 + '@types/pluralize': 0.0.33 + bytes: 3.1.2 + case-anything: 3.1.0 + flattie: 1.1.1 + pluralize: 8.0.0 + safe-stable-stringify: 2.5.0 + secure-json-parse: 2.7.0 + slash: 5.1.0 + slugify: 1.6.6 + truncatise: 0.0.8 + '@rollup/plugin-alias@5.1.1(rollup@3.29.5)': optionalDependencies: rollup: 3.29.5 @@ -6569,6 +6657,8 @@ snapshots: tslib: 2.7.0 optional: true + '@types/bytes@3.1.4': {} + '@types/estree@1.0.5': {} '@types/estree@1.0.6': {} @@ -6585,6 +6675,8 @@ snapshots: '@types/normalize-package-data@2.4.4': {} + '@types/pluralize@0.0.33': {} + '@types/resolve@1.20.2': {} '@types/ws@8.5.12': @@ -7129,6 +7221,8 @@ snapshots: dependencies: run-applescript: 7.0.0 + bytes@3.1.2: {} + c12@1.11.2(magicast@0.3.5): dependencies: chokidar: 3.6.0 @@ -7161,6 +7255,8 @@ snapshots: caniuse-lite@1.0.30001663: {} + case-anything@3.1.0: {} + chai@5.1.1: dependencies: assertion-error: 2.0.1 @@ -7993,6 +8089,8 @@ snapshots: flatted@3.3.1: {} + flattie@1.1.1: {} + foreground-child@3.3.0: dependencies: cross-spawn: 7.0.3 @@ -8814,8 +8912,9 @@ snapshots: optionalDependencies: fsevents: 2.3.3 - nuxt-auth-utils@0.3.9(magicast@0.3.5)(rollup@4.22.4): + nuxt-auth-utils@0.4.0(magicast@0.3.5)(rollup@4.22.4): dependencies: + '@adonisjs/hash': 9.0.5 '@nuxt/kit': 3.13.2(magicast@0.3.5)(rollup@4.22.4) defu: 6.1.4 hookable: 5.5.3 @@ -8825,6 +8924,8 @@ snapshots: scule: 1.3.0 uncrypto: 0.1.3 transitivePeerDependencies: + - argon2 + - bcrypt - magicast - rollup - supports-color @@ -9098,7 +9199,7 @@ snapshots: picomatch@4.0.2: {} - pkg-pr-new@0.0.24: + pkg-pr-new@0.0.28: dependencies: '@jsdevtools/ez-spawn': 3.0.4 '@octokit/action': 6.1.0 @@ -9505,6 +9606,8 @@ snapshots: safe-buffer@5.2.1: {} + safe-stable-stringify@2.5.0: {} + scslre@0.3.0: dependencies: '@eslint-community/regexpp': 4.11.1 @@ -9513,6 +9616,8 @@ snapshots: scule@1.3.0: {} + secure-json-parse@2.7.0: {} + semver@5.7.2: {} semver@6.3.1: {} @@ -9602,6 +9707,8 @@ snapshots: slashes@3.0.12: {} + slugify@1.6.6: {} + smob@1.5.0: {} source-map-js@1.2.1: {} @@ -9823,6 +9930,8 @@ snapshots: tr46@0.0.3: {} + truncatise@0.0.8: {} + ts-api-utils@1.3.0(typescript@5.6.2): dependencies: typescript: 5.6.2 diff --git a/src/runtime/server/plugins/sessions.plugin.ts b/src/runtime/server/plugins/nuxt-auth-utils.bridge.ts similarity index 69% rename from src/runtime/server/plugins/sessions.plugin.ts rename to src/runtime/server/plugins/nuxt-auth-utils.bridge.ts index 85b757f..9f10c0a 100644 --- a/src/runtime/server/plugins/sessions.plugin.ts +++ b/src/runtime/server/plugins/nuxt-auth-utils.bridge.ts @@ -2,11 +2,20 @@ import { useSlipAuth } from "../utils/useSlipAuth"; import type { SlipAuthPublicSession } from "../../types"; // eslint-disable-next-line @typescript-eslint/ban-ts-comment // @ts-ignore yolo the DX is not great -import { defineNitroPlugin, createError, sessionHooks } from "#imports"; +import { defineNitroPlugin, createError, sessionHooks, hashPassword, verifyPassword } from "#imports"; export default defineNitroPlugin(() => { const auth = useSlipAuth(); + if (typeof hashPassword !== "undefined" && typeof verifyPassword !== "undefined") { + auth.setPasswordHashingMethods(() => { + return { + hash: hashPassword, + verify: verifyPassword, + }; + }); + } + if (typeof sessionHooks !== "undefined") { sessionHooks.hook("fetch", async (session: SlipAuthPublicSession) => { // invalid session if not in database