supertokens-website - npm Package Compare versions

10

CHANGELOG.md

		@@ -10,2 +10,12 @@ # Changelog

		## [17.0.1] - 2023-07-04

		### Changes

		- Added `shouldDoInterceptionBasedOnUrl` as an overrideable function to the recipe interface

		### Fixes

		- Fixed an issue where the Authorization header was getting removed unnecessarily

		## [17.0.0] - 2023-06-07
		@@ -12,0 +22,0 @@

20

lib/build/axios.js

		@@ -152,3 +152,2 @@ "use strict";
		var processState_1 = require("./processState");
		var utils_1 = require("./utils");
		var windowHandler_1 = require("./utils/windowHandler");
		@@ -182,3 +181,3 @@ var logger_1 = require("./logger");
		typeof url === "string" &&
		!(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		!fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		url,
		@@ -194,3 +193,3 @@ fetch_1.default.config.apiDomain,
		// .origin gives the port as well..
		doNotDoInterception = !(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		doNotDoInterception = !fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		windowHandler_1.default.getReferenceOrThrow().windowHandler.location.getOrigin(),
		@@ -296,3 +295,3 @@ fetch_1.default.config.apiDomain,
		(typeof url === "string" &&
		!(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		!fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		url,
		@@ -310,3 +309,3 @@ fetch_1.default.config.apiDomain,
		doNotDoInterception =
		!(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		!fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		windowHandler_1.default
		@@ -511,3 +510,3 @@ .getReferenceOrThrow()
		typeof url === "string" &&
		!(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		!fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		url,
		@@ -525,3 +524,3 @@ fetch_1.default.config.apiDomain,
		doNotDoInterception =
		!(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		!fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		windowHandler_1.default
		@@ -857,3 +856,3 @@ .getReferenceOrThrow()
		return __awaiter(this, void 0, void 0, function () {
		var accessToken, authHeader, res;
		var accessToken, refreshToken, authHeader, res;
		return __generator(this, function (_b) {
		@@ -865,4 +864,7 @@ switch (_b.label) {
		accessToken = _b.sent();
		return [4 /yield/, (0, fetch_1.getTokenForHeaderAuth)("refresh")];
		case 2:
		refreshToken = _b.sent();
		authHeader = config.headers.Authorization \|\| config.headers.authorization;
		if (accessToken !== undefined) {
		if (accessToken !== undefined && refreshToken !== undefined) {
		if (authHeader === "Bearer ".concat(accessToken) \|\| "__supertokensAddedAuthHeader" in config) {
		@@ -869,0 +871,0 @@ // We are ignoring the Authorization header set by the user in this case, because it would cause issues

48

lib/build/recipeImplementation.js

		@@ -154,2 +154,3 @@ "use strict";
		var xmlhttprequest_1 = require("./xmlhttprequest");
		var utils_1 = require("./utils");
		function RecipeImplementation(recipeImplInput) {
		@@ -491,2 +492,49 @@ return {
		});
		},
		shouldDoInterceptionBasedOnUrl: function (toCheckUrl, apiDomain, sessionTokenBackendDomain) {
		(0, logger_1.logDebugMessage)(
		"shouldDoInterceptionBasedOnUrl: toCheckUrl: " +
		toCheckUrl +
		" apiDomain: " +
		apiDomain +
		" sessionTokenBackendDomain: " +
		sessionTokenBackendDomain
		);
		function isNumeric(str) {
		if (typeof str != "string") return false; // we only process strings!
		return (
		!isNaN(str) && !isNaN(parseFloat(str)) // use type coercion to parse the _entirety_ of the string (`parseFloat` alone does not do this)...
		); // ...and ensure strings of whitespace fail
		}
		// The safest/best way to add this is the hash as the browser strips it before sending
		// but we don't have a reason to limit checking to that part.
		if (toCheckUrl.includes("superTokensDoNotDoInterception")) {
		return false;
		}
		toCheckUrl = (0, utils_1.normaliseURLDomainOrThrowError)(toCheckUrl);
		var urlObj = new URL(toCheckUrl);
		var domain = urlObj.hostname;
		if (sessionTokenBackendDomain === undefined) {
		domain = urlObj.port === "" ? domain : domain + ":" + urlObj.port;
		apiDomain = (0, utils_1.normaliseURLDomainOrThrowError)(apiDomain);
		var apiUrlObj = new URL(apiDomain);
		return (
		domain === (apiUrlObj.port === "" ? apiUrlObj.hostname : apiUrlObj.hostname + ":" + apiUrlObj.port)
		);
		} else {
		var normalisedsessionDomain = (0, utils_1.normaliseSessionScopeOrThrowError)(sessionTokenBackendDomain);
		if (sessionTokenBackendDomain.split(":").length > 1) {
		// means port may provided
		var portStr = sessionTokenBackendDomain.split(":")[sessionTokenBackendDomain.split(":").length - 1];
		if (isNumeric(portStr)) {
		normalisedsessionDomain += ":" + portStr;
		domain = urlObj.port === "" ? domain : domain + ":" + urlObj.port;
		}
		}
		if (sessionTokenBackendDomain.startsWith(".")) {
		return ("." + domain).endsWith(normalisedsessionDomain);
		} else {
		return domain === normalisedsessionDomain;
		}
		}
		}
		@@ -493,0 +541,0 @@ };

1

lib/build/types.d.ts

		@@ -125,2 +125,3 @@ import OverrideableBuilder from "supertokens-js-override";
		}): SessionClaimValidator[];
		shouldDoInterceptionBasedOnUrl(toCheckUrl: string, apiDomain: string, sessionTokenBackendDomain: string \| undefined): boolean;
		};
		@@ -127,0 +128,0 @@ export declare type ClaimValidationResult = {

1

lib/build/utils/index.d.ts

		@@ -6,3 +6,2 @@ import { InputType, NormalisedInputType } from "../types";
		export declare function validateAndNormaliseInputOrThrowError(options: InputType): NormalisedInputType;
		export declare function shouldDoInterceptionBasedOnUrl(toCheckUrl: string, apiDomain: string, sessionTokenBackendDomain: string \| undefined): boolean;
		export declare function getNormalisedUserContext(userContext?: any): any;

47

lib/build/utils/index.js

		@@ -163,3 +163,2 @@ "use strict";
		exports.getNormalisedUserContext =
		exports.shouldDoInterceptionBasedOnUrl =
		exports.validateAndNormaliseInputOrThrowError =
		@@ -304,48 +303,2 @@ exports.normaliseSessionScopeOrThrowError =
		exports.validateAndNormaliseInputOrThrowError = validateAndNormaliseInputOrThrowError;
		function shouldDoInterceptionBasedOnUrl(toCheckUrl, apiDomain, sessionTokenBackendDomain) {
		(0, logger_1.logDebugMessage)(
		"shouldDoInterceptionBasedOnUrl: toCheckUrl: " +
		toCheckUrl +
		" apiDomain: " +
		apiDomain +
		" sessionTokenBackendDomain: " +
		sessionTokenBackendDomain
		);
		function isNumeric(str) {
		if (typeof str != "string") return false; // we only process strings!
		return (
		!isNaN(str) && !isNaN(parseFloat(str)) // use type coercion to parse the _entirety_ of the string (`parseFloat` alone does not do this)...
		); // ...and ensure strings of whitespace fail
		}
		// The safest/best way to add this is the hash as the browser strips it before sending
		// but we don't have a reason to limit checking to that part.
		if (toCheckUrl.includes("superTokensDoNotDoInterception")) {
		return false;
		}
		toCheckUrl = normaliseURLDomainOrThrowError(toCheckUrl);
		var urlObj = new URL(toCheckUrl);
		var domain = urlObj.hostname;
		if (sessionTokenBackendDomain === undefined) {
		domain = urlObj.port === "" ? domain : domain + ":" + urlObj.port;
		apiDomain = normaliseURLDomainOrThrowError(apiDomain);
		var apiUrlObj = new URL(apiDomain);
		return domain === (apiUrlObj.port === "" ? apiUrlObj.hostname : apiUrlObj.hostname + ":" + apiUrlObj.port);
		} else {
		var normalisedsessionDomain = normaliseSessionScopeOrThrowError(sessionTokenBackendDomain);
		if (sessionTokenBackendDomain.split(":").length > 1) {
		// means port may provided
		var portStr = sessionTokenBackendDomain.split(":")[sessionTokenBackendDomain.split(":").length - 1];
		if (isNumeric(portStr)) {
		normalisedsessionDomain += ":" + portStr;
		domain = urlObj.port === "" ? domain : domain + ":" + urlObj.port;
		}
		}
		if (sessionTokenBackendDomain.startsWith(".")) {
		return ("." + domain).endsWith(normalisedsessionDomain);
		} else {
		return domain === normalisedsessionDomain;
		}
		}
		}
		exports.shouldDoInterceptionBasedOnUrl = shouldDoInterceptionBasedOnUrl;
		function getNormalisedUserContext(userContext) {
		@@ -352,0 +305,0 @@ if (userContext === undefined) {

2

lib/build/version.d.ts

		@@ -1,2 +0,2 @@
		export declare const package_version = "17.0.0";
		export declare const package_version = "17.0.1";
		export declare const supported_fdi: string[];

2

lib/build/version.js

		@@ -18,3 +18,3 @@ "use strict";
		*/
		exports.package_version = "17.0.0";
		exports.package_version = "17.0.1";
		exports.supported_fdi = ["1.16"];

24

lib/build/xmlhttprequest.js

		@@ -149,3 +149,2 @@ "use strict";
		exports.addInterceptorsToXMLHttpRequest = void 0;
		var utils_1 = require("./utils");
		var fetch_1 = require("./fetch");
		@@ -375,3 +374,3 @@ var logger_1 = require("./logger");
		(typeof url === "string" &&
		!(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		!fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		url,
		@@ -382,3 +381,3 @@ fetch_1.default.config.apiDomain,
		(typeof url !== "string" &&
		!(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		!fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		url.toString(),
		@@ -394,3 +393,3 @@ fetch_1.default.config.apiDomain,
		// .origin gives the port as well..
		doNotDoInterception = !(0, utils_1.shouldDoInterceptionBasedOnUrl)(
		doNotDoInterception = !fetch_1.default.recipeImpl.shouldDoInterceptionBasedOnUrl(
		windowHandler_1.default.getReferenceOrThrow().windowHandler.location.getOrigin(),
		@@ -433,7 +432,7 @@ fetch_1.default.config.apiDomain,
		return __awaiter(_this, void 0, void 0, function () {
		var accessToken;
		var accessToken, refreshToken;
		return __generator(this, function (_a) {
		switch (_a.label) {
		case 0:
		if (!(name.toLowerCase() === "authorization")) return [3 /break/, 2];
		if (!(name.toLowerCase() === "authorization")) return [3 /break/, 3];
		(0,
		@@ -444,3 +443,10 @@ logger_1.logDebugMessage)("XHRInterceptor.setRequestHeader: checking if user provided auth header matches local token");
		accessToken = _a.sent();
		if (value === "Bearer ".concat(accessToken)) {
		return [4 /yield/, (0, fetch_1.getTokenForHeaderAuth)("refresh")];
		case 2:
		refreshToken = _a.sent();
		if (
		accessToken !== undefined &&
		refreshToken !== undefined &&
		value === "Bearer ".concat(accessToken)
		) {
		// We are ignoring the Authorization header set by the user in this case, because it would cause issues
		@@ -454,4 +460,4 @@ // If we do not ignore this, then this header would be used even if the request is being retried after a refresh, even though it contains an outdated access token.
		}
		_a.label = 2;
		case 2:
		_a.label = 3;
		case 3:
		listOfFunctionCallsInProxy.push(function (xhr) {
		@@ -458,0 +464,0 @@ xhr.setRequestHeader(name, value);

2

package.json

		{
		"name": "supertokens-website",
		"version": "17.0.0",
		"version": "17.0.1",
		"description": "frontend sdk for website to be used for auth solution.",
		@@ -5,0 +5,0 @@ "main": "index.js",

lib/build/fetch.js

Sorry, the diff of this file is too big to display

supertokens-website - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics