* chore: add beta to release flow/GH actions
* feat(ts): expose types from the package (#1665)
* chore(types): move existing types to the repo
* feat(ts): expose types from the main package
* chore(deps): bring back `react-dom` version range
* chore(ts): cleanup deps and comments
* chore(ci): run types tests on a separate workflow
* chore(ci): fix typo on types workflow
* fix(ts): correctly export sub-module types (#1677)
* chore(types): build types script
Adds a script that moves the declaration files we have in `./types` to `./dist` relative to the files they intend to type.
This is the first step, we still need to change what we declare in `package.json`, add the script to the CI pipeline if we're happy with it and figure out how to type `next-auth/jwt`.
* refactor(lint): fix build-types script
* fix(ts): add .d.ts sub-module files to package.json
#1677 seemed to miss this
* fix(built): typo in package.json
* fix(build): fix release
* feat(ts): support module augmentation (#1681)
* chore(ts): remove unused imports
* refactor(ts): clean up CallbackOptions
* docs(ts): explain Module Augmentation
* docs(ts): don't use @ in folder name "types"
* test(ts): make jwt params optional
* docs(ts): fix typo (TypeScript -> NextAuth.js)
* style: replace ts-standard with eslint/prettier (#1724)
* style: move from ts-standard to eslint/prettier
* fix: install remaining eslint-config-standard peer deps
* fix: add remaining missing dependencies/config
Co-authored-by: Balázs Orbán <info@balazsorban.com>
* docs(lint): update contributing.md (#1760)
Regarding ESLint / Prettier use and link to their VSCode extensions
* refactor(ts): de-duplicate types (#1690)
* refactor(ts): deduplicate internal types
* refactor(ts): ease up providers typings
* test(ts): fix failing TS tests
* test(ts): rename TS property to fix test
* docs(ts): mention TS docs in README.md
* feat(ts): move/update client types
* refactor(TS): rename some types
* test(ts): fix client tests
* docs(ts): move function descriptions to .d.ts
* chore: fix lint error
* refactor(ts): separate internal types
* chore: simplify build-types script
* chore: update type import paths in src
* chore(build): create root files at build
* chore: remove unnecessary .npmignore
* chore: run prettier on types
* fix(ts): clean up jwt types
* fix(ts): make getToken return type depend on raw param
* docs(page): explain page errors, add theming note
* docs(ts): add JSDoc to NextAuthOptions props
* chore(ts): remove unused import
* docs(ts): change JSDOC docs notation
* refactor(build): extract module entries into enum
* chore(ts): move ClientSafeProvider
* chore(ts): simplify GetTokenParams generic
* style(lint): fix linting errors
* chore: re-add generic extension to GetTokenParams
* fix(ts): extract EmailConfigServerOptions to interface
* fix(ts): use relative imports
* Merge branch 'main' into beta
* Merge main into beta
* fix(ts): fix typos, add more links to documentation
* test(ts): update JWT getToken test
* fix(build): fix tsconfig.json formatting
* test(ts): use absolute imports in test files
* fix(ts): add missing callbacks JSDoc
* docs: mention TS in FAQ, fix typos
* docs: fix some typos in the docs
Co-authored-by: Lluis Agusti <hi@llu.lu>
Co-authored-by: Nico Domino <yo@ndo.dev>
Working implementation (with limited key length and no exp check) using node-jose from Cisco.
I want to compare it panva/jose which has more features before building it out.
Now that we are going to expose the option to disable encryption on tokens we need to enforce the algorithm is valid (e.g. not 'None' or 'RSA') to prevent vultrabilties being exploited by tampering with the token.
Custom encode/decode routines can be specified if someone needs to use another algorithm.
Includes breaking changes for v3 and updates to documentation.
If using the client, the only required change should be setting the NEXTAUTH_URL environment variable.
* New callbacks implemented
* Some events added (not all wired up)
* Documentation for old callbacks removed, new documentation to be added
* All flows seem to be working with all databases.
* If debug is set to true, debug messages can now be easily logged anywhere in the app
The refactoring has been a success - the code is much more maintainable and the flows are better.
This update need further testing to be sure it's all working as intended
## Database
- [x] Databases are now optional - useful with OAuth + JWT if you only need access control
- [x] Updated documentation and added example code for custom database adapters
## JWT
- [x] JWT option is now an object that groups JWT related options together (was a boolean)
- [X] Refactored JWT lib and add AES encryption / decryption as well as signing / verification
- [x] Allows JWT encode/decode methods to be overridden as options
- [x] Contents of JWT can easily customised - without needing to use custom encode/decode
- [x] Exported JWT methods so they can be called from custom API routes
- [x] Updated documentation for new JWT options
## Sessions
- [x] All session options (eg. `maxAge`, `updateAge`) now grouped under single `session` option
- [x] Using JWT for sessions is now enabled from session object (`session.jwt: true`)
- [x] All options involving time now use seconds (instead of milliseconds) for consistency
- [x] Added option to customise the Session object that is returned from `/api/auth/session`
- [x] Update documentation for new Session options
## Other improvements
- [x] Added `allowSignin()` option to control what users / accounts are allowed to sign in
- [x] Refactored `callbackUrlHandler()` - this option is now called `allowCallbackUrl()`
- [x] Minor improvements to NextAuth.js client API methods
- [x] Minor to NextAuth.js API routes
- [x] Minor improvements to built-in error pages
- [x] Refactored database models
All tables now include a `created` column for each row which contains the `datetime` of when the row (e.g. User / Account / Session) was created.
Additionally, sessions now use the name 'expiry' for the expiry `datetime` value for consistency with other models.
* Run `npm run lint` to find (and where possible, fix) linting issues.
* Includes some minor refactoring, including directory structure for adapters and models, so that code for an adapter and the models for it sit together.
Background:
I've added elint to try and ensure a consistent style and to uncover hidden bugs.
I don't actually care much about what the rules are, it's just helpful to have a baseline.
If it's hard to get code to be compliant, I would rather we just disable a rule in that block of code until we can figure it out and am totally fine with that.
I'd much prefer that than the chore of maintaining a custom set of rules, which is why I just picked Standard JS.
Unfortunately, there is quite a lot that doesn't match the Standard JS format at this point, so this is going to be a big PR.
The file size has gone down in quite a few places, which is nice. I think it may have uncovered potential bugs.
I've run through the flow and everything seems to work as before, though it took some debugging after refactoring.
I have not yet added eslint to a commit hook and am in two minds about that.
This is an open source project and I'd like to make it easy to maintain, but also to have as low a barrier to entry as possible for contributors.
I'm happy to go with encouraging folks to run the linter and try to fix errors they find and to take on the work of wrangling any issues myself.
This error page will be used to handle display all errors to the client.
There will be an option to provide a custom error page URL.
Update includes some tweaks to CSS.
