From ae777d555870aabb6ccff5fa43608bac0fd94d11 Mon Sep 17 00:00:00 2001 From: Andrew Smith Date: Mon, 8 Jan 2024 01:35:15 +1100 Subject: [PATCH 1/5] Fix SvelteKit docs line of text in a cell (#1325) --- docs/pages/tutorials/username-and-password/sveltekit.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/pages/tutorials/username-and-password/sveltekit.md b/docs/pages/tutorials/username-and-password/sveltekit.md index 132fd83b3..523b7e7f6 100644 --- a/docs/pages/tutorials/username-and-password/sveltekit.md +++ b/docs/pages/tutorials/username-and-password/sveltekit.md @@ -17,9 +17,11 @@ npx degit https://github.com/lucia-auth/examples/tree/v3/sveltekit/username-and- Add a `username` and `password` column to your user table. | column | type | attributes | -| ---------- | -------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| ---------- | -------- | ---------- | | `username` | `string` | unique | -| `password` | `string` | | Create a `DatabaseUserAttributes` interface in the module declaration and add your database columns. By default, Lucia will not expose any database columns to the `User` type. To add a `username` field to it, use the `getUserAttributes()` option. | +| `password` | `string` | | + +Create a `DatabaseUserAttributes` interface in the module declaration and add your database columns. By default, Lucia will not expose any database columns to the `User` type. To add a `username` field to it, use the `getUserAttributes()` option. ```ts import { Lucia } from "lucia"; From 4dd0e25e31e44686c3270389cce62f5e05da3229 Mon Sep 17 00:00:00 2001 From: Matt Lehrer Date: Wed, 10 Jan 2024 16:20:36 +0100 Subject: [PATCH 2/5] fix more V3 docs typos (#1329) --- docs/pages/upgrade-v3/sqlite.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/upgrade-v3/sqlite.md b/docs/pages/upgrade-v3/sqlite.md index be1e3596e..2ba9c1b58 100644 --- a/docs/pages/upgrade-v3/sqlite.md +++ b/docs/pages/upgrade-v3/sqlite.md @@ -19,7 +19,7 @@ import { BetterSqlite3Adapter, CloudflareD1Adapter, LibSQLAdapter -} from "@lucia-auth/adapter-mysql"; +} from "@lucia-auth/adapter-sqlite"; new BetterSqlite3Adapter(db, { // table names From 51a84b3c3034c330cb52036c8ccbaadd8ca4562d Mon Sep 17 00:00:00 2001 From: Aayush <21987529+aayushbtw@users.noreply.github.com> Date: Wed, 10 Jan 2024 20:52:22 +0530 Subject: [PATCH 3/5] fix docs errors (#1324) --- docs/pages/basics/sessions.md | 7 +++---- docs/pages/guides/email-and-password/password-reset.md | 9 +++++---- docs/pages/tutorials/username-and-password/sveltekit.md | 4 +++- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/docs/pages/basics/sessions.md b/docs/pages/basics/sessions.md index 1ac75f128..4684a6d8a 100644 --- a/docs/pages/basics/sessions.md +++ b/docs/pages/basics/sessions.md @@ -39,10 +39,9 @@ declare module "lucia" { Lucia: typeof lucia; DatabaseSessionAttributes: DatabaseSessionAttributes; } -} - -interface DatabaseSessionAttributes { - country: string; + interface DatabaseSessionAttributes { + ip_country: string; + } } ``` diff --git a/docs/pages/guides/email-and-password/password-reset.md b/docs/pages/guides/email-and-password/password-reset.md index 19d6782f0..e0ecd24d3 100644 --- a/docs/pages/guides/email-and-password/password-reset.md +++ b/docs/pages/guides/email-and-password/password-reset.md @@ -22,6 +22,7 @@ The token should be valid for at most few hours. ```ts import { TimeSpan, createDate } from "oslo"; +import { generateId } from "lucia"; async function createPasswordResetToken(userId: string): Promise { // optionally invalidate all existing tokens @@ -40,7 +41,6 @@ When a user requests a password reset email, check if the email is valid and cre ```ts import { generateId } from "lucia"; -import { encodeHex } from "oslo/encoding"; app.post("/reset-password", async () => { let email: string; @@ -71,7 +71,8 @@ Make sure to implement rate limiting based on IP addresses. Extract the verification token from the URL and validate by checking the expiration date. If the token is valid, invalidate all existing user sessions, update the database, and create a new session. ```ts -import { isWithinExpiration } from "oslo"; +import { isWithinExpirationDate } from "oslo"; +import { Argon2id } from "oslo/password"; app.post("/reset-password/:token", async () => { let password = formData.get("password"); @@ -95,7 +96,7 @@ app.post("/reset-password/:token", async () => { status: 400 }); } - if (!isWithinExpiration(token.expires_at)) { + if (!isWithinExpirationDate(token.expires_at)) { await db.table("password_reset_token").where("id", "=", token.id).delete(); return new Response(null, { status: 400 @@ -103,7 +104,7 @@ app.post("/reset-password/:token", async () => { } await lucia.invalidateUserSessions(user.id); - const hashedPassword = new Argon2id().hash(password); + const hashedPassword = await new Argon2id().hash(password); await db.table("user").where("id", "=", user.id).update({ hashed_password: hashedPassword }); diff --git a/docs/pages/tutorials/username-and-password/sveltekit.md b/docs/pages/tutorials/username-and-password/sveltekit.md index 523b7e7f6..6e87a5553 100644 --- a/docs/pages/tutorials/username-and-password/sveltekit.md +++ b/docs/pages/tutorials/username-and-password/sveltekit.md @@ -79,6 +79,7 @@ Create a form action in `routes/signup/+page.server.ts`. First do a very basic i // routes/signup/+page.server.ts import { lucia } from "$lib/server/auth"; import { fail, redirect } from "@sveltejs/kit"; +import { Argon2id } from "oslo/password"; import type { Actions } from "./$types"; @@ -166,6 +167,7 @@ Create an API route as `pages/api/signup.ts`. First do a very basic input valida ```ts import { lucia } from "$lib/server/auth"; import { fail, redirect } from "@sveltejs/kit"; +import { Argon2id } from "oslo/password"; import type { Actions } from "./$types"; @@ -258,7 +260,7 @@ export const actions: Actions = { } await auth.invalidateSession(event.locals.session.id); const sessionCookie = lucia.createBlankSessionCookie(); - context.cookies.set(sessionCookie.name, sessionCookie.value, { + event.cookies.set(sessionCookie.name, sessionCookie.value, { path: ".", ...sessionCookie.attributes }); From 087f63ed39ca5707037a7ef73033b18bd9ecf3ae Mon Sep 17 00:00:00 2001 From: Matt Lehrer Date: Fri, 12 Jan 2024 13:38:05 +0100 Subject: [PATCH 4/5] fix oauth basics: githubAuth -> github consistency (#1332) --- docs/pages/guides/oauth/basics.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/pages/guides/oauth/basics.md b/docs/pages/guides/oauth/basics.md index 944f222d5..ba3cdc239 100644 --- a/docs/pages/guides/oauth/basics.md +++ b/docs/pages/guides/oauth/basics.md @@ -62,7 +62,7 @@ Import `GitHub` from Arctic and initialize it with the client ID and secret. // auth.ts import { GitHub } from "arctic"; -export const githubAuth = new GitHub(clientId, clientSecret); +export const github = new GitHub(clientId, clientSecret); ``` ## Creating authorization URL @@ -70,7 +70,7 @@ export const githubAuth = new GitHub(clientId, clientSecret); Create a route to handle authorization. Generate a new state, create a new authorization URL with `createAuthorizationURL()`, store the state, and redirect the user to the authorization URL. The user will be prompted to sign in with GitHub. ```ts -import { githubAuth } from "./auth.js"; +import { github } from "./auth.js"; import { generateState } from "arctic"; import { serializeCookie } from "oslo/cookie"; @@ -103,7 +103,7 @@ You can now create a sign in button with just an anchor tag. In the callback route, first get the state from the cookie and the search params and compare them. Validate the authorization code in the search params with `validateAuthorizationCode()`. This will throw a [`OAuth2RequestError`](https://oslo.js.org/reference/oauth2/OAuth2RequestError) if the code or credentials are invalid. After validating the code, get the user's profile using the access token. Check if the user is already registered with the GitHub ID and create a new user if not. Finally, create a new session and set the session cookie. ```ts -import { githubAuth, lucia } from "./auth.js"; +import { github, lucia } from "./auth.js"; import { OAuth2RequestError } from "arctic"; import { generateId } from "lucia"; import { parseCookies } from "oslo/cookie"; @@ -124,7 +124,7 @@ app.get("/login/github/callback", async (request: Request): Promise => } try { - const tokens = await githubAuth.validateAuthorizationCode(code); + const tokens = await github.validateAuthorizationCode(code); const githubUserResponse = await fetch("https://api.github.com/user", { headers: { Authorization: `Bearer ${tokens.accessToken}` @@ -132,7 +132,7 @@ app.get("/login/github/callback", async (request: Request): Promise => }); const githubUserResult: GitHubUserResult = await githubUserResponse.json(); - const existingUser = await db.table("user").where("github_id", "=", githubUser.id).get(); + const existingUser = await db.table("user").where("github_id", "=", githubUserResult.id).get(); if (existingUser) { const session = await lucia.createSession(existingUser.id, {}); @@ -149,8 +149,8 @@ app.get("/login/github/callback", async (request: Request): Promise => const userId = generateId(15); await db.table("user").insert({ id: userId, - username: github.login, - github_id: github.id + username: githubUserResult.login, + github_id: githubUserResult.id }); const session = await lucia.createSession(userId, {}); From bc7b9a6c1bce5861a97572eed0c1c5bc8651b7f7 Mon Sep 17 00:00:00 2001 From: Bogdan Mardale <80361889+bmardale@users.noreply.github.com> Date: Mon, 15 Jan 2024 03:12:42 +0200 Subject: [PATCH 5/5] fix: typo (#1333) --- docs/pages/database/drizzle.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/database/drizzle.md b/docs/pages/database/drizzle.md index d1177b3ed..035841cb3 100644 --- a/docs/pages/database/drizzle.md +++ b/docs/pages/database/drizzle.md @@ -7,7 +7,7 @@ title: "Drizzle ORM" Adapters for Drizzle ORM are provided by `@lucia-auth/adapter-drizzle`. Supports MySQL, PostgreSQL, and SQLite. You're free to rename the underlying table and column names as long as the field names are the same (e.g. `expiresAt`). ``` -npm install @lucia-auth/adapter-sqlite@beta +npm install @lucia-auth/adapter-drizzle@beta ``` ## MySQL