wcz-layout
Version:
156 lines (155 loc) • 4.78 kB
JavaScript
import { t as serverEnv$1 } from "./env-CGwonXSv.mjs";
import { manifest, permissions, scopes } from "virtual:wcz-layout";
import { redirect } from "@tanstack/react-router";
import { createServerFn, createServerOnlyFn } from "@tanstack/react-start";
//#region src/lib/auth/session.ts
const getAppSession = async () => {
const { useSession: getSession } = await import("@tanstack/react-start/server");
return getSession({
name: "wcz-auth",
password: serverEnv$1.SESSION_SECRET,
cookie: {
httpOnly: true,
sameSite: "lax",
secure: true,
path: "/"
}
});
};
//#endregion
//#region src/lib/auth/user.ts
/**
* Reads the signed-in user from the session cookie, or null. As a server function
* it runs in-process when called on the server (SSR, middleware) and as an RPC
* when called from the client — so it doubles as the client `queryFn`.
*/
const getSessionUser = createServerFn({ method: "GET" }).handler(async () => {
return (await getAppSession()).data.user ?? null;
});
const getUser = ({ queryClient }) => {
if (import.meta.env.SSR) return getSessionUser();
return queryClient.ensureQueryData({
queryKey: ["auth", "user"],
queryFn: () => getSessionUser(),
staleTime: Infinity
});
};
/**
* Server-only token acquisition: a delegated access token for the given API
* scope, minted from the user's session refresh token. Entra rotates the refresh
* token on each use, so the rotated token is persisted back to the session. Use
* inside server functions and middleware — it is stripped from the client bundle
* and throws if called there.
*/
const getAccessToken = createServerOnlyFn(async (scopeKey) => {
const session = await getAppSession();
if (!session.data.refreshToken) throw new Error("No active session. User not signed in.");
const { acquireDelegatedToken } = await import("./entra-BeuDCOcL.mjs");
const { accessToken, refreshToken } = await acquireDelegatedToken({
refreshToken: session.data.refreshToken,
scopes: scopes[scopeKey]
});
if (refreshToken !== session.data.refreshToken) await session.update({ refreshToken });
return accessToken;
});
//#endregion
//#region src/lib/utils.ts
const WISTRON_PRIMARY_COLOR = "#00506E";
const WISTRON_SECONDARY_COLOR = "#64DC00";
var Platform = class {
static get isAndroid() {
return /android/i.test(this.userAgent);
}
static get isIOS() {
return /iPad|iPhone|iPod/.test(this.userAgent);
}
static get isWindows() {
return /windows/i.test(this.userAgent);
}
static get isMacOS() {
return /Macintosh|MacIntel|MacPPC|Mac68K/.test(this.userAgent);
}
static get userAgent() {
return typeof navigator === "undefined" ? "" : navigator.userAgent;
}
};
const rootRouteHead = (options) => ({
meta: [
{ charSet: "utf-8" },
{
name: "viewport",
content: "width=device-width, initial-scale=1"
},
{ title: manifest.name },
{
name: "og:type",
content: "website"
},
{
name: "og:title",
content: manifest.name
},
{
name: "og:image",
content: "/favicon-32x32.png"
}
],
links: [
{
rel: "apple-touch-icon",
sizes: "180x180",
href: "/apple-touch-icon.png"
},
{
rel: "icon",
type: "image/png",
sizes: "32x32",
href: "/favicon-32x32.png"
},
{
rel: "icon",
type: "image/png",
sizes: "16x16",
href: "/favicon-16x16.png"
},
{
rel: "manifest",
href: options?.manifest || "/manifest.json"
},
{
rel: "icon",
href: "/favicon.ico"
}
]
});
const requirePermission = (permissionKey) => {
return async ({ location, context }) => {
const user = await getUser({ queryClient: context.queryClient });
if (!user) throw redirect({
href: `/auth/login?returnTo=${encodeURIComponent(location.href)}`,
reloadDocument: true
});
if (!hasPermission(user, permissionKey)) throw new Error("You do not have permission to access this page.");
return { user };
};
};
const getFieldStatus = (field) => {
const { meta } = field.state;
return {
isTouched: meta.isTouched,
hasError: !!meta.errors.length,
helperText: meta.errors[0]?.message
};
};
const buildUser = (payload) => ({
name: payload.name?.split("/")[0],
email: payload.preferred_username?.toLowerCase(),
department: payload.department?.toUpperCase() || "",
employeeId: payload.employeeId?.toUpperCase() || "",
companyName: payload.companyName || "",
groups: payload.groups ?? []
});
const hasPermission = (user, key) => user ? permissions[key].some((group) => user.groups.includes(group)) : false;
//#endregion
export { getFieldStatus as a, rootRouteHead as c, getUser as d, getAppSession as f, buildUser as i, getAccessToken as l, WISTRON_PRIMARY_COLOR as n, hasPermission as o, WISTRON_SECONDARY_COLOR as r, requirePermission as s, Platform as t, getSessionUser as u };
//# sourceMappingURL=utils-CnwPC4sC.mjs.map