* Run `npm run lint` to find (and where possible, fix) linting issues.
* Includes some minor refactoring, including directory structure for adapters and models, so that code for an adapter and the models for it sit together.
Background:
I've added elint to try and ensure a consistent style and to uncover hidden bugs.
I don't actually care much about what the rules are, it's just helpful to have a baseline.
If it's hard to get code to be compliant, I would rather we just disable a rule in that block of code until we can figure it out and am totally fine with that.
I'd much prefer that than the chore of maintaining a custom set of rules, which is why I just picked Standard JS.
Unfortunately, there is quite a lot that doesn't match the Standard JS format at this point, so this is going to be a big PR.
The file size has gone down in quite a few places, which is nice. I think it may have uncovered potential bugs.
I've run through the flow and everything seems to work as before, though it took some debugging after refactoring.
I have not yet added eslint to a commit hook and am in two minds about that.
This is an open source project and I'd like to make it easy to maintain, but also to have as low a barrier to entry as possible for contributors.
I'm happy to go with encouraging folks to run the linter and try to fix errors they find and to take on the work of wrangling any issues myself.
This error page will be used to handle display all errors to the client.
There will be an option to provide a custom error page URL.
Update includes some tweaks to CSS.
* Should database compatability issues with the model.
* Session expiry dates are still not enforced in client.
* All cookies are still sesison cookies and expire when the browser is closed.
* AccessToken expiry has been removed for now.
These are all know issues and intended behaviour for now, and will be addressed before release.
* Logic now centralized to avoid duplicaiton across multiple routes.
* Improved validation of query params.
* Also checks and cookie values as mitigation against cookie hijacking.
* CSRF token is verified first.
* If token doesn't match, redirect client to signout URL to prompt for confirmation.
* `deleteSessionById()` not yet implemented in default adapter, so does not work.
* Identified area for reafactoring around callbackUrl behaviour.
Improves security and defence against bad actors by adding a hash that uses the secret as a salt and checking it on every request (and overriding the cookie with a new secure one if the check fails.)
* Sets site name + api route now prior to sign in so avalible sooner.
* Improved next-auth/client logic for server side session handling.
* next-auth/client now checks regular and `__Secure-` prefixed cookies.
While it is still somewhere between an alpha and a beta am publishing to NPM to facilitate further testing.
The software is not ready for use yet!
While belived to be functional there are no formal tests and only casual manual testing has been done.
Features such as logout and session expiry checks have not yet been implemented.
* Added React Hook to client.
* NextAuth.session() is now a universal method.
* Improved cookie support, all cookie names and options can be customised (feature request).
* Updated examples in documentation.
While not all signup flows are complete, basic core functionality is now working.
Users can sign in, have their identify verified and session is created for them in a secure manner.
* Added Session model and schema.
* Added createSession and getSessionByID handlers.
* Added getUserByID handler.
* Added /api/auth/session endpoint which displays info about the current session.
* /api/auth/session endpoint is secure as it requires the HTTP only cookie.
* Remove schema relationship data for now (no value currently and may cause problems if not modeled correctly).
We need to be able to return simple server-side rendered pages for authentication (e.g. signin).
Using Preact means we can use JSX in them while keeping depedancy size small.
Ultimately, these pages should be customizable - both by passing in CSS and by specifying custom URL for page.
Additionally, the babel config has been tweaked to reduce bundle size by minifying assets and stripping comments from built assets.
