UNPKG

wcz-layout

Version:

156 lines (155 loc) 4.78 kB
import { t as serverEnv$1 } from "./env-CGwonXSv.mjs"; import { manifest, permissions, scopes } from "virtual:wcz-layout"; import { redirect } from "@tanstack/react-router"; import { createServerFn, createServerOnlyFn } from "@tanstack/react-start"; //#region src/lib/auth/session.ts const getAppSession = async () => { const { useSession: getSession } = await import("@tanstack/react-start/server"); return getSession({ name: "wcz-auth", password: serverEnv$1.SESSION_SECRET, cookie: { httpOnly: true, sameSite: "lax", secure: true, path: "/" } }); }; //#endregion //#region src/lib/auth/user.ts /** * Reads the signed-in user from the session cookie, or null. As a server function * it runs in-process when called on the server (SSR, middleware) and as an RPC * when called from the client — so it doubles as the client `queryFn`. */ const getSessionUser = createServerFn({ method: "GET" }).handler(async () => { return (await getAppSession()).data.user ?? null; }); const getUser = ({ queryClient }) => { if (import.meta.env.SSR) return getSessionUser(); return queryClient.ensureQueryData({ queryKey: ["auth", "user"], queryFn: () => getSessionUser(), staleTime: Infinity }); }; /** * Server-only token acquisition: a delegated access token for the given API * scope, minted from the user's session refresh token. Entra rotates the refresh * token on each use, so the rotated token is persisted back to the session. Use * inside server functions and middleware — it is stripped from the client bundle * and throws if called there. */ const getAccessToken = createServerOnlyFn(async (scopeKey) => { const session = await getAppSession(); if (!session.data.refreshToken) throw new Error("No active session. User not signed in."); const { acquireDelegatedToken } = await import("./entra-BeuDCOcL.mjs"); const { accessToken, refreshToken } = await acquireDelegatedToken({ refreshToken: session.data.refreshToken, scopes: scopes[scopeKey] }); if (refreshToken !== session.data.refreshToken) await session.update({ refreshToken }); return accessToken; }); //#endregion //#region src/lib/utils.ts const WISTRON_PRIMARY_COLOR = "#00506E"; const WISTRON_SECONDARY_COLOR = "#64DC00"; var Platform = class { static get isAndroid() { return /android/i.test(this.userAgent); } static get isIOS() { return /iPad|iPhone|iPod/.test(this.userAgent); } static get isWindows() { return /windows/i.test(this.userAgent); } static get isMacOS() { return /Macintosh|MacIntel|MacPPC|Mac68K/.test(this.userAgent); } static get userAgent() { return typeof navigator === "undefined" ? "" : navigator.userAgent; } }; const rootRouteHead = (options) => ({ meta: [ { charSet: "utf-8" }, { name: "viewport", content: "width=device-width, initial-scale=1" }, { title: manifest.name }, { name: "og:type", content: "website" }, { name: "og:title", content: manifest.name }, { name: "og:image", content: "/favicon-32x32.png" } ], links: [ { rel: "apple-touch-icon", sizes: "180x180", href: "/apple-touch-icon.png" }, { rel: "icon", type: "image/png", sizes: "32x32", href: "/favicon-32x32.png" }, { rel: "icon", type: "image/png", sizes: "16x16", href: "/favicon-16x16.png" }, { rel: "manifest", href: options?.manifest || "/manifest.json" }, { rel: "icon", href: "/favicon.ico" } ] }); const requirePermission = (permissionKey) => { return async ({ location, context }) => { const user = await getUser({ queryClient: context.queryClient }); if (!user) throw redirect({ href: `/auth/login?returnTo=${encodeURIComponent(location.href)}`, reloadDocument: true }); if (!hasPermission(user, permissionKey)) throw new Error("You do not have permission to access this page."); return { user }; }; }; const getFieldStatus = (field) => { const { meta } = field.state; return { isTouched: meta.isTouched, hasError: !!meta.errors.length, helperText: meta.errors[0]?.message }; }; const buildUser = (payload) => ({ name: payload.name?.split("/")[0], email: payload.preferred_username?.toLowerCase(), department: payload.department?.toUpperCase() || "", employeeId: payload.employeeId?.toUpperCase() || "", companyName: payload.companyName || "", groups: payload.groups ?? [] }); const hasPermission = (user, key) => user ? permissions[key].some((group) => user.groups.includes(group)) : false; //#endregion export { getFieldStatus as a, rootRouteHead as c, getUser as d, getAppSession as f, buildUser as i, getAccessToken as l, WISTRON_PRIMARY_COLOR as n, hasPermission as o, WISTRON_SECONDARY_COLOR as r, requirePermission as s, Platform as t, getSessionUser as u }; //# sourceMappingURL=utils-CnwPC4sC.mjs.map