@sanity/preview-kit - npm Package Compare versions

Comparing version 1.0.0 to 1.1.0

dist/index.d.ts

@@ -7,2 +7,14 @@ import type { Config } from '@sanity/groq-store'
 /**
+ * Checks if the current token, or cookies, result in a valid session
+ * @internal
+ */
+export declare const _checkAuth: ({
+  projectId,
+  token,
+}: {
+  projectId: string
+  token: string | null
+}) => Promise<boolean>
+
+/**
  * @public
@@ -23,2 +35,4 @@ */
   preload,
+  onPublicAccessOnly,
+  checkAuth,
 }: _PreviewConfig) => UsePreview
@@ -133,4 +147,3 @@
   /**
-   * Lazy load `event-source-polyfille` either using Suspense or `React.use` and `React.cache`.
-   * This happens if `token` is specified.
+   * Suspend render until the dataset is done loading. Either using Suspense or `React.use` and `React.cache`
    */
@@ -140,4 +153,11 @@ preload: <R = any, P extends Params = Params, Q extends string = string>(
     query: Q,
+    /**
+     * Must wrap in `useMemo` to avoid infinite loop
+     */
     params?: P
   ) => R | null
+  /**
+   * If `onPublicAccessOnly` is defined this wrapper implements either Suspense or `React.use` and `React.cache` to suspend render until the auth check is complete
+   */
+  checkAuth: (options: { projectId: string; token: string | null }) => boolean
 }
@@ -144,0 +164,0 @@

dist/index.js

@@ -7,2 +7,17 @@ function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
 import { jsx } from 'react/jsx-runtime';
+const _checkAuth = async _ref => {
+  let {
+    projectId,
+    token
+  } = _ref;
+  const headers = token ? {
+    Authorization: "Bearer ".concat(token)
+  } : void 0;
+  const res = await fetch("https://".concat(projectId, ".api.sanity.io/v1/users/me"), {
+    credentials: "include",
+    headers
+  });
+  const json = await res.json();
+  return Boolean(json == null ? void 0 : json.id);
+};
 const _lazyGroqStore = async () => {
@@ -18,3 +33,3 @@ const {
 };
-const _definePreview = _ref => {
+const _definePreview = _ref2 => {
   let {
@@ -27,4 +42,6 @@ projectId,
     importGroqStore,
-    preload
-  } = _ref;
+    preload,
+    onPublicAccessOnly,
+    checkAuth
+  } = _ref2;
   if (!projectId) {
@@ -44,2 +61,11 @@ console.warn("No projectId set for createPreviewHook, returning dummy hook");
     if (!store) {
+      if (onPublicAccessOnly) {
+        const hasAuth = checkAuth({
+          projectId,
+          token
+        });
+        if (!hasAuth) {
+          onPublicAccessOnly();
+        }
+      }
       const groqStore = importGroqStore();
@@ -82,9 +108,19 @@ store = groqStore({
   importGroqStore: () => suspend(() => _lazyGroqStore(), ["@sanity/preview-kit", "@sanity/groq-store"]),
-  preload: (store, query, params) => suspend(() => store.query(query, params), ["@sanity/preview-kit", "preload", query, params])
+  preload: (store, query, params) => suspend(() => store.query(query, params), ["@sanity/preview-kit", "preload", query, params]),
+  checkAuth: _ref3 => {
+    let {
+      projectId,
+      token
+    } = _ref3;
+    return suspend(() => _checkAuth({
+      projectId,
+      token
+    }), ["@sanity/preview-kit", "checkAuth", projectId, token]);
+  }
 }));
-function PreviewSuspense(_ref2) {
+function PreviewSuspense(_ref4) {
   let {
     children,
     fallback
-  } = _ref2;
+  } = _ref4;
   const [mounted, mount] = useReducer(() => true, false);
@@ -97,3 +133,3 @@ useEffect(mount, [mount]);
 }
-export { PreviewSuspense, _definePreview, _lazyEventSourcePolyfill, _lazyGroqStore, definePreview };
+export { PreviewSuspense, _checkAuth, _definePreview, _lazyEventSourcePolyfill, _lazyGroqStore, definePreview };
 //# sourceMappingURL=index.js.map

package.json

 {
   "name": "@sanity/preview-kit",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "General purpose live previews, like next-sanity",
@@ -81,3 +81,3 @@ "keywords": [
     "eslint": "^8.27.0",
-    "eslint-config-next": "13.0.3-canary.3",
+    "eslint-config-next": "13.0.3-canary.4",
     "eslint-config-prettier": "^8.5.0",
@@ -88,4 +88,5 @@ "eslint-config-sanity": "^6.0.0",
     "eslint-plugin-simple-import-sort": "^8.0.0",
+    "groq": "^2.33.2",
     "groqd": "^0.0.4",
-    "next": "13.0.3-canary.3",
+    "next": "13.0.3-canary.4",
     "prettier": "^2.7.1",
@@ -92,0 +93,0 @@ "prettier-plugin-packagejson": "^2.3.0",

src/definePreview.ts

@@ -6,2 +6,3 @@ import type { Config, GroqStore } from '@sanity/groq-store'
 
+import { _checkAuth } from './auth'
 import { _lazyEventSourcePolyfill, _lazyGroqStore } from './lazy'
@@ -48,4 +49,3 @@
   /**
-   * Lazy load `event-source-polyfille` either using Suspense or `React.use` and `React.cache`.
-   * This happens if `token` is specified.
+   * Suspend render until the dataset is done loading. Either using Suspense or `React.use` and `React.cache`
    */
@@ -55,4 +55,11 @@ preload: <R = any, P extends Params = Params, Q extends string = string>(
     query: Q,
+    /**
+     * Must wrap in `useMemo` to avoid infinite loop
+     */
     params?: P
   ) => R | null
+  /**
+   * If `onPublicAccessOnly` is defined this wrapper implements either Suspense or `React.use` and `React.cache` to suspend render until the auth check is complete
+   */
+  checkAuth: (options: { projectId: string; token: string | null }) => boolean
 }
@@ -71,2 +78,4 @@
   preload,
+  onPublicAccessOnly,
+  checkAuth,
 }: _PreviewConfig): UsePreview => {
@@ -105,2 +114,8 @@ if (!projectId) {
     if (!store) {
+      if (onPublicAccessOnly) {
+        const hasAuth = checkAuth({ projectId, token })
+        if (!hasAuth) {
+          onPublicAccessOnly()
+        }
+      }
       /*
@@ -232,2 +247,7 @@ const EventSourcePolyfill = suspend(
       ),
+    checkAuth: ({ projectId, token }) =>
+      suspend(
+        () => _checkAuth({ projectId, token }),
+        ['@sanity/preview-kit', 'checkAuth', projectId, token]
+      ),
   })

src/index.ts

@@ -0,3 +1,4 @@
+export * from './auth'
 export * from './definePreview'
 export * from './lazy'
 export * from './PreviewSuspense'

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Non-existent author

Supply chain risk

The package was published by an npm account that no longer exists.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

70373

increased by12.2%

Number of package files

13

increased by8.33%

Lines of code

803

increased by19.67%

Number of high supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dev dependency count

22

increased by4.76%

Number of medium supply chain risk alerts

3

increased byInfinity%

No dependency changes