feat: add support for auth providers

Author: dziraf

package.json

@@ -23,7 +23,7 @@
     "@hapi/cookie": "^11.0.2 || ^12.0.0",
     "@hapi/hapi": "^20.2.1 || ^21.0.0",
     "@hapi/inert": "^6.0.5 || ^7.0.0",
-    "adminjs": "^7.0.0"
+    "adminjs": "^7.4.0"
   },
   "peerDependenciesMeta": {
     "@hapi/inert": {
@@ -57,7 +57,7 @@
     "@types/node": "^18.15.5",
     "@typescript-eslint/eslint-plugin": "^5.56.0",
     "@typescript-eslint/parser": "^5.56.0",
-    "adminjs": "^7.0.0",
+    "adminjs": "^7.4.0",
     "eslint": "^8.36.0",
     "eslint-config-airbnb-base": "^15.0.0",
     "eslint-config-prettier": "^8.8.0",

src/extensions/session-auth.ts

@@ -9,26 +9,31 @@ interface AuthRequestPayload {
   password: string;
 }
 
+const MISSING_PROVIDER_ERROR = '"provider" has to be configured to use refresh token mechanism';
+
 /**
  * Creates authentication logic for admin users
  */
 const sessionAuth = async (server: Hapi.Server, adminJs: AdminJS) => {
   const options = adminJs.options as ExtendedAdminJSOptionsWithDefault;
-  const { loginPath, logoutPath, rootPath } = options;
+  const { loginPath, logoutPath, refreshTokenPath, rootPath } = options;
   const {
     cookiePassword,
     authenticate,
+    provider,
     isSecure,
     defaultMessage,
     cookieName,
     strategy = 'simple',
     ...other
   } = options.auth;
 
-  if (!authenticate) {
-    throw new Error('"authenticate" function must be provided for authenticated access');
+  if (!authenticate && !provider) {
+    throw new Error('"authenticate" or "provider" must be configured for authenticated access');
   }
 
+  const providerProps = provider ? provider.getUiProps() : {};
+
   // example authentication is based on the cookie store
   await server.register(HapiAuthCookie);
 
@@ -51,23 +56,34 @@ const sessionAuth = async (server: Hapi.Server, adminJs: AdminJS) => {
     },
     handler: async (request, h) => {
       try {
-        let errorMessage = defaultMessage;
+        let errorMessage = defaultMessage as string;
         if (request.method === 'post') {
-          const { email, password } = request.payload as AuthRequestPayload;
-          const admin = await authenticate(email, password);
-          if (admin) {
-            request.cookieAuth.set(admin);
+          const ctx = { request, h };
+          let adminUser;
+          if (provider) {
+            adminUser = await provider.handleLogin(
+              {
+                headers: request.headers,
+                query: request.query,
+                params: request.params,
+                data: (request.payload as Record<string, unknown>) ?? {},
+              },
+              ctx
+            );
+          } else {
+            const { email, password } = request.payload as AuthRequestPayload;
+            adminUser = await authenticate!(email, password, ctx);
+          }
+
+          if (adminUser) {
+            request.cookieAuth.set(adminUser);
             return h.redirect(rootPath);
           }
           errorMessage = 'invalidCredentials';
         }
 
-        // AdminJS exposes function which renders login form for us.
-        // It takes 2 arguments:
-        // - options.action (with login path)
-        // - [errorMessage] optional error message - visible when user
-        //                  gives wrong credentials
-        return adminJs.renderLogin({ action: loginPath, errorMessage });
+        const baseProps = { action: loginPath, errorMessage };
+        return adminJs.renderLogin({ ...baseProps, ...providerProps });
       } catch (e) {
         console.log(e);
         throw e;
@@ -80,10 +96,62 @@ const sessionAuth = async (server: Hapi.Server, adminJs: AdminJS) => {
     path: logoutPath,
     options: { auth: false },
     handler: async (request, h) => {
+      if (provider) {
+        await provider.handleLogout({
+          headers: request.headers,
+          query: request.query,
+          params: request.params,
+          data: (request.payload as Record<string, unknown>) ?? {},
+        });
+      }
       request.cookieAuth.clear();
       return h.redirect(loginPath);
     },
   });
+
+  server.route({
+    method: 'POST',
+    path: refreshTokenPath,
+    options: {
+      auth: { mode: 'try', strategy: 'session' },
+      plugins: { cookie: { redirectTo: false } },
+    },
+    handler: async (request, h) => {
+      if (!provider) {
+        throw new Error(MISSING_PROVIDER_ERROR);
+      }
+
+      const updatedAuthInfo = await provider.handleRefreshToken(
+        {
+          data: (request.payload as Record<string, unknown>) ?? {},
+          query: request.query,
+          params: request.params,
+          headers: request.headers,
+        },
+        { request, h }
+      );
+
+      let adminObject = Array.isArray(request.auth?.credentials)
+        ? request.auth?.credentials?.[0]
+        : request.auth?.credentials;
+
+      if (!adminObject) {
+        adminObject = {};
+      }
+
+      if (!adminObject._auth) {
+        adminObject._auth = {};
+      }
+
+      adminObject._auth = {
+        ...adminObject._auth,
+        ...updatedAuthInfo,
+      };
+
+      request.cookieAuth.set(adminObject);
+      return h.response(adminObject);
+    },
+  });
 };
 
 export default sessionAuth;

src/plugin.ts

@@ -1,23 +1,35 @@
 import Boom from '@hapi/boom';
 import Hapi, { Plugin, RouteOptions } from '@hapi/hapi';
 import inert from '@hapi/inert';
-import AdminJS, { AdminJSOptions, AdminJSOptionsWithDefault, Router as AdminRouter } from 'adminjs';
+import AdminJS, { AdminJSOptions, AdminJSOptionsWithDefault, Router as AdminRouter, BaseAuthProvider } from 'adminjs';
 import path from 'path';
 import sessionAuth from './extensions/session-auth.js';
 import info from './info.js';
 
+const MISSING_AUTH_CONFIG_ERROR = 'You must configure either "authenticate" method or assign an auth "provider"';
+const INVALID_AUTH_CONFIG_ERROR =
+  'You cannot configure both "authenticate" and "provider". "authenticate" will be removed in next major release.';
+
 /**
  * Plugin definition for Hapi.js framework.
  * @private
  */
 
 export type AuthenticateResult = Promise<Record<string, unknown> | null | false> | null | false;
+export type AuthenticationContext = {
+  request: Hapi.Request;
+  h: Hapi.ResponseToolkit;
+};
 export type AuthOptions = {
   /**
    * Function takes email and password as argument. Should return a logged-in user object or null/false.
    * If provided, the strategy is set to 'session'.
    */
-  authenticate?: (email: string, password: string) => AuthenticateResult;
+  authenticate?: (email: string, password: string, context?: AuthenticationContext) => AuthenticateResult;
+  /**
+   * Auth Provider
+   */
+  provider?: BaseAuthProvider;
   /**
    * Auth strategy for Hapi routes.
    */
@@ -104,23 +116,40 @@ const register = async (server: Hapi.Server, options: ExtendedAdminJSOptions) =>
   const { registerInert = true } = options;
   const { routes, assets } = AdminRouter;
 
-  if (options.auth?.authenticate) {
-    if (options.auth.strategy && options.auth.strategy !== 'session') {
-      throw new Error(`When you give auth.authenticate as a parameter, auth strategy is set to 'session'.
-                       Please remove auth.strategy from authentication parameters.
-                      `);
+  if (options.auth) {
+    if (!options.auth.authenticate && !options.auth.provider) {
+      throw new Error(MISSING_AUTH_CONFIG_ERROR);
+    }
+
+    if (options.auth.authenticate && options.auth.provider) {
+      throw new Error(INVALID_AUTH_CONFIG_ERROR);
+    }
+
+    if (options.auth.authenticate || options.auth.provider) {
+      if (options.auth.strategy && options.auth.strategy !== 'session') {
+        throw new Error(`When you give auth.authenticate as a parameter, auth strategy is set to 'session'.
+                         Please remove auth.strategy from authentication parameters.
+                        `);
+      }
+      options.auth.strategy = 'session';
+
+      if (!options.auth.cookiePassword) {
+        throw new Error('You have to give auth.cookiePassword parameter if you want to use authenticate function.');
+      }
     }
-    options.auth.strategy = 'session';
 
-    if (!options.auth.cookiePassword) {
-      throw new Error('You have to give auth.cookiePassword parameter if you want to use authenticate function.');
+    if (options.auth.provider) {
+      options.env = {
+        ...options.env,
+        ...options.auth.provider.getUiProps(),
+      };
     }
   }
 
   const admin = new AdminJS(options);
   await admin.initialize();
 
-  if (options.auth?.authenticate) {
+  if (options.auth?.authenticate || options.auth?.provider) {
     await sessionAuth(server, admin);
   }
 

yarn.lock

@@ -2868,51 +2868,6 @@
   resolved "https://registry.yarnpkg.com/@tsconfig/node16/-/node16-1.0.3.tgz#472eaab5f15c1ffdd7f8628bd4c4f753995ec79e"
   integrity sha512-yOlFc+7UtL/89t2ZhjPvvB/DeAr3r+Dq58IgzsFkOAvVC6NMJXmCGjbptdXdR9qsX7pKcTL+s87FtYREi2dEEQ==
 
-"@types/babel-core@^6.25.7":
-  version "6.25.7"
-  resolved "https://registry.yarnpkg.com/@types/babel-core/-/babel-core-6.25.7.tgz#f9c22d5c085686da2f6ffbdae778edb3e6017671"
-  integrity sha512-WPnyzNFVRo6bxpr7bcL27qXtNKNQ3iToziNBpibaXHyKGWQA0+tTLt73QQxC/5zzbM544ih6Ni5L5xrck6rGwg==
-  dependencies:
-    "@types/babel-generator" "*"
-    "@types/babel-template" "*"
-    "@types/babel-traverse" "*"
-    "@types/babel-types" "*"
-    "@types/babylon" "*"
-
-"@types/babel-generator@*":
-  version "6.25.5"
-  resolved "https://registry.yarnpkg.com/@types/babel-generator/-/babel-generator-6.25.5.tgz#b02723fd589349b05524376e5530228d3675d878"
-  integrity sha512-lhbwMlAy5rfWG+R6l8aPtJdEFX/kcv6LMFIuvUb0i89ehqgD24je9YcB+0fRspQhgJGlEsUImxpw4pQeKS/+8Q==
-  dependencies:
-    "@types/babel-types" "*"
-
-"@types/babel-template@*":
-  version "6.25.2"
-  resolved "https://registry.yarnpkg.com/@types/babel-template/-/babel-template-6.25.2.tgz#3c4cde02dbcbbf461a58d095a9f69f35eabd5f06"
-  integrity sha512-QKtDQRJmAz3Y1HSxfMl0syIHebMc/NnOeH/8qeD0zjgU2juD0uyC922biMxCy5xjTNvHinigML2l8kxE8eEBmw==
-  dependencies:
-    "@types/babel-types" "*"
-    "@types/babylon" "*"
-
-"@types/babel-traverse@*":
-  version "6.25.7"
-  resolved "https://registry.yarnpkg.com/@types/babel-traverse/-/babel-traverse-6.25.7.tgz#bc75fce23d8394534562a36a32dec94a54d11835"
-  integrity sha512-BeQiEGLnVzypzBdsexEpZAHUx+WucOMXW6srEWDkl4SegBlaCy+iBvRO+4vz6EZ+BNQg22G4MCdDdvZxf+jW5A==
-  dependencies:
-    "@types/babel-types" "*"
-
-"@types/babel-types@*":
-  version "7.0.11"
-  resolved "https://registry.yarnpkg.com/@types/babel-types/-/babel-types-7.0.11.tgz#263b113fa396fac4373188d73225297fb86f19a9"
-  integrity sha512-pkPtJUUY+Vwv6B1inAz55rQvivClHJxc9aVEPPmaq2cbyeMLCiDpbKpcKyX4LAwpNGi+SHBv0tHv6+0gXv0P2A==
-
-"@types/babylon@*":
-  version "6.16.6"
-  resolved "https://registry.yarnpkg.com/@types/babylon/-/babylon-6.16.6.tgz#a1e7e01567b26a5ebad321a74d10299189d8d932"
-  integrity sha512-G4yqdVlhr6YhzLXFKy5F7HtRBU8Y23+iWy7UKthMq/OSQnL1hbsoeXESQ2LY8zEDlknipDG3nRGhUC9tkwvy/w==
-  dependencies:
-    "@types/babel-types" "*"
-
 "@types/estree@*":
   version "0.0.51"
   resolved "https://registry.yarnpkg.com/@types/estree/-/estree-0.0.51.tgz#cfd70924a25a3fd32b218e5e420e6897e1ac4f40"
@@ -3020,15 +2975,6 @@
     "@types/scheduler" "*"
     csstype "^3.0.2"
 
-"@types/react@^18.0.28":
-  version "18.0.28"
-  resolved "https://registry.yarnpkg.com/@types/react/-/react-18.0.28.tgz#accaeb8b86f4908057ad629a26635fe641480065"
-  integrity sha512-RD0ivG1kEztNBdoAK7lekI9M+azSnitIn85h4iOiaLjaTrMjzslhaqCGaI4IyCJ1RljWiLCEu4jyrLLgqxBTew==
-  dependencies:
-    "@types/prop-types" "*"
-    "@types/scheduler" "*"
-    csstype "^3.0.2"
-
 "@types/resolve@1.20.2":
   version "1.20.2"
   resolved "https://registry.yarnpkg.com/@types/resolve/-/resolve-1.20.2.tgz#97d26e00cd4a0423b4af620abecf3e6f442b7975"
@@ -3176,10 +3122,10 @@ acorn@^8.4.1, acorn@^8.5.0, acorn@^8.8.0:
   resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.2.tgz#1b2f25db02af965399b9776b0c2c391276d37c4a"
   integrity sha512-xjIYgE8HBrkpd/sJqOGNspf8uHG+NOHGOw6a/Urj8taM2EXfdNAH2oFcPeIFfsv3+kz/mJrS5VuMqbNLjCa2vw==
 
-adminjs@^7.0.0:
-  version "7.0.0"
-  resolved "https://registry.yarnpkg.com/adminjs/-/adminjs-7.0.0.tgz#5dad16fcdd91dfe9fd84402b3e109f9fdbb74534"
-  integrity sha512-6cvr04yhPpoqpK9lfy5ohxHMUI+J9lDZbRScyqzmpPTZ4P8E68unZekixx7nAGXFBmhixP5+CumLNpCNzcUeGA==
+adminjs@^7.4.0:
+  version "7.4.0"
+  resolved "https://registry.yarnpkg.com/adminjs/-/adminjs-7.4.0.tgz#9551c79ac1b6047f1cc86ac1525e01660fea954a"
+  integrity sha512-GKot4WNEe5aQN2MLkSR216N0oE9KrpJ+COwPrYhRlF42wUMiQucwQbq36VfMb/ZsiEpF3SfBdSa9Qi6EApR0WQ==
   dependencies:
     "@adminjs/design-system" "^4.0.0"
     "@babel/core" "^7.21.0"
@@ -3198,8 +3144,6 @@ adminjs@^7.0.0:
     "@rollup/plugin-node-resolve" "^15.0.1"
     "@rollup/plugin-replace" "^5.0.2"
     "@rollup/plugin-terser" "^0.4.0"
-    "@types/babel-core" "^6.25.7"
-    "@types/react" "^18.0.28"
     axios "^1.3.4"
     commander "^10.0.0"
     flat "^5.0.2"
@@ -3210,6 +3154,7 @@ adminjs@^7.0.0:
     ora "^6.2.0"
     prop-types "^15.8.1"
     punycode "^2.3.0"
+    qs "^6.11.1"
     react "^18.2.0"
     react-dom "^18.2.0"
     react-feather "^2.0.10"
@@ -7699,6 +7644,13 @@ qrcode-terminal@^0.12.0:
   resolved "https://registry.yarnpkg.com/qrcode-terminal/-/qrcode-terminal-0.12.0.tgz#bb5b699ef7f9f0505092a3748be4464fe71b5819"
   integrity sha512-EXtzRZmC+YGmGlDFbXKxQiMZNwCLEO6BANKXG4iCtSIM0yqc/pappSx3RIKr4r0uh5JsBckOXeKrB3Iz7mdQpQ==
 
+qs@^6.11.1:
+  version "6.11.2"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.2.tgz#64bea51f12c1f5da1bc01496f48ffcff7c69d7d9"
+  integrity sha512-tDNIz22aBzCDxLtVH++VnTfzxlfeK5CbqohpSqpJgj1Wg/cQbStNAz3NuqCs5vV+pjBsK4x4pN9HlVh7rcYRiA==
+  dependencies:
+    side-channel "^1.0.4"
+
 queue-microtask@^1.2.2:
   version "1.2.3"
   resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243"