supertokens-website - npm Package Compare versions

Comparing version 19.0.1 to 20.0.0

CHANGELOG.md

		@@ -10,2 +10,33 @@ # Changelog

		## [20.0.0] - 2024-04-03

		### Breaking changes

		The `shouldDoInterceptionBasedOnUrl` function now returns true:
		- If `sessionTokenBackendDomain` is a valid subdomain of the URL's domain. This aligns with the behavior of browsers when sending cookies to subdomains.
		- Even if the ports of the URL you are querying are different compared to the `apiDomain`'s port ot the `sessionTokenBackendDomain` port (as long as the hostname is the same, or a subdomain of the `sessionTokenBackendDomain`): https://github.com/supertokens/supertokens-website/issues/217


		Before:

		```javascript
		shouldDoInterceptionBasedOnUrl("https://sub.api.example.com", "", "api.example.com") // false
		shouldDoInterceptionBasedOnUrl("https://sub.api.example.com", "", ".api.example.com") // true
		shouldDoInterceptionBasedOnUrl("https://sub.api.example.com", "", "example.com") // false
		shouldDoInterceptionBasedOnUrl("https://sub.api.example.com", "", ".example.com") // true
		shouldDoInterceptionBasedOnUrl("https://api.example.com", "", ".example.com:8080") // false
		shouldDoInterceptionBasedOnUrl("https://api.example.com", "https://example.com:8080") // false
		```

		After:

		```javascript
		shouldDoInterceptionBasedOnUrl("https://sub.api.example.com", "", "api.example.com") // true
		shouldDoInterceptionBasedOnUrl("https://sub.api.example.com", "", ".api.example.com") // true
		shouldDoInterceptionBasedOnUrl("https://sub.api.example.com", "", "example.com") // true
		shouldDoInterceptionBasedOnUrl("https://sub.api.example.com", "", ".example.com") // true
		shouldDoInterceptionBasedOnUrl("https://api.example.com", "", ".example.com:8080") // true
		shouldDoInterceptionBasedOnUrl("https://api.example.com", "https://example.com:8080") // true
		```

		## [19.0.1] - 2024-03-18
		@@ -12,0 +43,0 @@ - Fixes test server

lib/build/recipeImplementation.js

		@@ -504,8 +504,2 @@ "use strict";
		);
		function isNumeric(str) {
		if (typeof str != "string") return false; // we only process strings!
		return (
		!isNaN(str) && !isNaN(parseFloat(str)) // use type coercion to parse the _entirety_ of the string (`parseFloat` alone does not do this)...
		); // ...and ensure strings of whitespace fail
		}
		// The safest/best way to add this is the hash as the browser strips it before sending
		@@ -519,24 +513,16 @@ // but we don't have a reason to limit checking to that part.
		var domain = urlObj.hostname;
		if (sessionTokenBackendDomain === undefined) {
		domain = urlObj.port === "" ? domain : domain + ":" + urlObj.port;
		var apiDomainAndInputDomainMatch = false;
		if (apiDomain !== "") {
		// we have the "" check cause in tests, we pass "" in lots of cases.
		apiDomain = (0, utils_1.normaliseURLDomainOrThrowError)(apiDomain);
		var apiUrlObj = new URL(apiDomain);
		return (
		domain === (apiUrlObj.port === "" ? apiUrlObj.hostname : apiUrlObj.hostname + ":" + apiUrlObj.port)
		);
		apiDomainAndInputDomainMatch = domain === apiUrlObj.hostname;
		}
		if (sessionTokenBackendDomain === undefined \|\| apiDomainAndInputDomainMatch) {
		// even if sessionTokenBackendDomain !== undefined, if there is an exact match
		// of api domain, ignoring the port, we return true
		return apiDomainAndInputDomainMatch;
		} else {
		var normalisedsessionDomain = (0, utils_1.normaliseSessionScopeOrThrowError)(sessionTokenBackendDomain);
		if (sessionTokenBackendDomain.split(":").length > 1) {
		// means port may provided
		var portStr = sessionTokenBackendDomain.split(":")[sessionTokenBackendDomain.split(":").length - 1];
		if (isNumeric(portStr)) {
		normalisedsessionDomain += ":" + portStr;
		domain = urlObj.port === "" ? domain : domain + ":" + urlObj.port;
		}
		}
		if (sessionTokenBackendDomain.startsWith(".")) {
		return ("." + domain).endsWith(normalisedsessionDomain);
		} else {
		return domain === normalisedsessionDomain;
		}
		return (0, utils_1.matchesDomainOrSubdomain)(domain, normalisedsessionDomain);
		}
		@@ -543,0 +529,0 @@ },

lib/build/utils/index.d.ts

		import { InputType, NormalisedInputType } from "../types";
		export declare function normaliseURLDomainOrThrowError(input: string): string;
		export declare function normaliseURLPathOrThrowError(input: string): string;
		export declare function normaliseSessionScopeOrThrowError(sessionTokenFrontendDomain: string): string;
		export declare function normaliseSessionScopeOrThrowError(sessionScope: string): string;
		export declare function validateAndNormaliseInputOrThrowError(options: InputType): NormalisedInputType;
		export declare function getNormalisedUserContext(userContext?: any): any;
		/**
		* Checks if a given string matches any subdomain or the main domain of a specified hostname.
		*
		* @param {string} hostname - The hostname to derive subdomains from.
		* @param {string} str - The string to compare against the subdomains.
		* @returns {boolean} True if the string matches any subdomain or the main domain, otherwise false.
		*/
		export declare function matchesDomainOrSubdomain(hostname: string, str: string): boolean;

lib/build/utils/index.js

		@@ -162,3 +162,4 @@ "use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.getNormalisedUserContext =
		exports.matchesDomainOrSubdomain =
		exports.getNormalisedUserContext =
		exports.validateAndNormaliseInputOrThrowError =
		@@ -181,29 +182,25 @@ exports.normaliseSessionScopeOrThrowError =
		exports.normaliseURLPathOrThrowError = normaliseURLPathOrThrowError;
		function normaliseSessionScopeOrThrowError(sessionTokenFrontendDomain) {
		function helper(sessionTokenFrontendDomain) {
		sessionTokenFrontendDomain = sessionTokenFrontendDomain.trim().toLowerCase();
		function normaliseSessionScopeOrThrowError(sessionScope) {
		function helper(sessionScope) {
		sessionScope = sessionScope.trim().toLowerCase();
		// first we convert it to a URL so that we can use the URL class
		if (sessionTokenFrontendDomain.startsWith(".")) {
		sessionTokenFrontendDomain = sessionTokenFrontendDomain.substr(1);
		if (sessionScope.startsWith(".")) {
		sessionScope = sessionScope.substr(1);
		}
		if (!sessionTokenFrontendDomain.startsWith("http://") && !sessionTokenFrontendDomain.startsWith("https://")) {
		sessionTokenFrontendDomain = "http://" + sessionTokenFrontendDomain;
		if (!sessionScope.startsWith("http://") && !sessionScope.startsWith("https://")) {
		sessionScope = "http://" + sessionScope;
		}
		try {
		var urlObj = new URL(sessionTokenFrontendDomain);
		sessionTokenFrontendDomain = urlObj.hostname;
		// remove leading dot
		if (sessionTokenFrontendDomain.startsWith(".")) {
		sessionTokenFrontendDomain = sessionTokenFrontendDomain.substr(1);
		}
		return sessionTokenFrontendDomain;
		var urlObj = new URL(sessionScope);
		sessionScope = urlObj.hostname;
		return sessionScope;
		} catch (err) {
		throw new Error("Please provide a valid sessionTokenFrontendDomain");
		throw new Error("Please provide a valid sessionScope");
		}
		}
		var noDotNormalised = helper(sessionTokenFrontendDomain);
		var noDotNormalised = helper(sessionScope);
		if (noDotNormalised === "localhost" \|\| (0, normalisedURLDomain_1.isAnIpAddress)(noDotNormalised)) {
		return noDotNormalised;
		}
		if (sessionTokenFrontendDomain.startsWith(".")) {
		if (sessionScope.startsWith(".")) {
		return "." + noDotNormalised;
		@@ -307,1 +304,19 @@ }
		exports.getNormalisedUserContext = getNormalisedUserContext;
		/**
		* Checks if a given string matches any subdomain or the main domain of a specified hostname.
		*
		* @param {string} hostname - The hostname to derive subdomains from.
		* @param {string} str - The string to compare against the subdomains.
		* @returns {boolean} True if the string matches any subdomain or the main domain, otherwise false.
		*/
		function matchesDomainOrSubdomain(hostname, str) {
		var parts = hostname.split(".");
		for (var i = 0; i < parts.length; i++) {
		var subdomainCandidate = parts.slice(i).join(".");
		if (subdomainCandidate === str \|\| ".".concat(subdomainCandidate) === str) {
		return true;
		}
		}
		return false;
		}
		exports.matchesDomainOrSubdomain = matchesDomainOrSubdomain;

lib/build/version.d.ts

		@@ -1,2 +0,2 @@
		export declare const package_version = "19.0.1";
		export declare const package_version = "20.0.0";
		export declare const supported_fdi: string[];

lib/build/version.js

		@@ -18,3 +18,3 @@ "use strict";
		*/
		exports.package_version = "19.0.1";
		exports.package_version = "20.0.0";
		exports.supported_fdi = ["1.16", "1.17", "1.18", "1.19"];

package.json

		{
		"name": "supertokens-website",
		"version": "19.0.1",
		"version": "20.0.0",
		"description": "frontend sdk for website to be used for auth solution.",
		@@ -5,0 +5,0 @@ "main": "index.js",

supertokens-website - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics