rename some args

adrienZ · adrienZ · commit a4d28208bd73 · 2024-10-07T14:14:17.000+02:00
diff --git a/README.md b/README.md
@@ -187,15 +187,15 @@ Don't forget to re-login after verifying the email verification code.
 Registers a new user in the database if they don’t already exist. It handles OAuth authentication by registering the OAuth account, creating a session, and linking the user’s details.
 - **Returns**: A tuple containing the user ID and the created session details.
 
-##### `getUser(userId: string)`
+##### `getUser(id: string)`
 
 Fetches a user by its user ID.
 
-##### `getSession(sessionId: string)`
+##### `getSession(id: string)`
 
 Fetches a session by its session ID.
 
-##### `deleteSession(sessionId: string)`
+##### `deleteSession(id: string)`
 
 Deletes a session by its session ID.
 
@@ -262,6 +262,12 @@ Sets custom methods for hashing and verifying passwords.
 
 Sets custom method for reset password token hashing.
 
+##### `setLoginRateLimiter(fn: () => Storage)`
+##### `setAskEmailRateLimiter(fn: () => Storage)`
+##### `setVerifyEmailRateLimiter(fn: () => Storage)`
+##### `setAskResetPasswordRateLimiter(fn: () => Storage)`
+##### `setVerifyResetPasswordRateLimiter(fn: () => Storage)`
+
 ## Database migraions
 
 By default, nuxt-slip-auth will create tables in your database for you !
@@ -323,7 +329,7 @@ You should have your migrations in the migrations folder.
   - [x] rate-limit login
   - [x] rate-limit email verification
   - [x] rate-limit forgot password
-  - [ ] rate-limit reset password
+  - [x] rate-limit reset password
   - [x] ~~rate limit register~~ (rate-limit ask email verification)
 - [ ] error message strategy (email already taken, etc)
 - [ ] oauth accounts linking
diff --git a/playground/server/api/session.get.ts b/playground/server/api/session.get.ts
@@ -2,7 +2,7 @@ export default defineEventHandler(async (event) => {
   const auth = useSlipAuth();
   const { id } = await requireUserSession(event);
 
-  const session = await auth.getSession({ sessionId: id });
+  const session = await auth.getSession({ id: id });
 
   return session;
 });
diff --git a/src/runtime/core/core.ts b/src/runtime/core/core.ts
@@ -131,7 +131,7 @@ export class SlipAuthCore {
     await this.#rateLimiters.login.reset(existingUser.id);
     const sessionToLoginId = this.#createRandomSessionId();
     const sessionToLogin = await this.#repos.sessions.insert({
-      sessionId: sessionToLoginId,
+      id: sessionToLoginId,
       userId: existingUser.id,
       expiresAt: Date.now() + this.#sessionMaxAge,
       ip: values.ip,
@@ -156,14 +156,14 @@ export class SlipAuthCore {
 
     try {
       const user = await this.#repos.users.insert({
-        userId,
+        id: userId,
         email,
         password: passwordHash,
       });
       await this.askEmailVerificationCode(h3Event, { user });
       const sessionToLoginId = this.#createRandomSessionId();
       const sessionToLogin = await this.#repos.sessions.insert({
-        sessionId: sessionToLoginId,
+        id: sessionToLoginId,
         userId: user.id,
         expiresAt: Date.now() + this.#sessionMaxAge,
         ip: values.ip,
@@ -201,7 +201,7 @@ export class SlipAuthCore {
     if (!existingUser) {
       const userId = this.#createRandomUserId();
 
-      await this.#repos.users.insert({ userId: userId, email: params.email });
+      await this.#repos.users.insert({ id: userId, email: params.email });
 
       const _insertedOAuthAccount = await this.#repos.oAuthAccounts.insert({
         email: params.email,
@@ -212,7 +212,7 @@ export class SlipAuthCore {
 
       const sessionFromRegistrationId = this.#createRandomSessionId();
       const sessionFromRegistration = await this.#repos.sessions.insert({
-        sessionId: sessionFromRegistrationId,
+        id: sessionFromRegistrationId,
         userId,
         expiresAt: Date.now() + this.#sessionMaxAge,
         ip: params.ip,
@@ -234,7 +234,7 @@ export class SlipAuthCore {
     if (existingAccount) {
       const sessionFromLoginId = this.#createRandomSessionId();
       const sessionFromLogin = await this.#repos.sessions.insert({
-        sessionId: sessionFromLoginId,
+        id: sessionFromLoginId,
         userId: existingUser.id,
         expiresAt: Date.now() + this.#sessionMaxAge,
         ua: params.ua,
@@ -303,7 +303,7 @@ export class SlipAuthCore {
       throw new EmailVerificationFailedError();
     }
 
-    await this.#repos.users.updateEmailVerifiedByUserId({ userId: databaseCode.user_id, value: true });
+    await this.#repos.users.updateEmailVerifiedByUserId({ id: databaseCode.user_id, value: true });
     // TODO: All sessions should be invalidated when the email is verified (and create a new one for the current user so they stay signed in).
     return true;
   }
@@ -397,7 +397,7 @@ export class SlipAuthCore {
 
     await this.#repos.sessions.deleteAllByUserId(token.user_id);
     const passwordHash = await this.#passwordHashingMethods.hash(params.newPassword);
-    await this.#repos.users.updatePasswordByUserId({ userId: token.user_id, password: passwordHash });
+    await this.#repos.users.updatePasswordByUserId({ id: token.user_id, password: passwordHash });
 
     // await this.#rateLimiters.verifyResetPassword.reset(token.user_id);
     return true;
@@ -428,7 +428,6 @@ export class SlipAuthCore {
     setLoginRateLimiter: (fn: () => Storage) => {
       this.#rateLimiters.login.storage = fn();
     },
-
     setAskEmailRateLimiter: (fn: () => Storage) => {
       this.#rateLimiters.askEmailVerification.storage = fn();
     },
@@ -443,16 +442,16 @@ export class SlipAuthCore {
     },
   };
 
-  public getUser({ userId }: { userId: string }) {
-    return this.#repos.users.findById({ userId });
+  public getUser({ id }: { id: string }) {
+    return this.#repos.users.findById({ id });
   }
 
-  public getSession({ sessionId }: { sessionId: string }) {
-    return this.#repos.sessions.findById({ sessionId });
+  public getSession({ id }: { id: string }) {
+    return this.#repos.sessions.findById({ id: id });
   }
 
-  public deleteSession({ sessionId }: { sessionId: string }) {
-    return this.#repos.sessions.deleteById({ sessionId });
+  public deleteSession({ id }: { id: string }) {
+    return this.#repos.sessions.deleteById({ id });
   }
 
   public deleteExpiredSessions({ timestamp }: { timestamp: number }) {
diff --git a/src/runtime/core/repositories/SessionsRepository.ts b/src/runtime/core/repositories/SessionsRepository.ts
@@ -3,33 +3,33 @@ import { TableRepository } from "./_repo";
 import type { ICreateSessionsParams } from "../types";
 
 export class SessionsRepository extends TableRepository<"sessions"> {
-  async insert({ sessionId, userId, expiresAt, ip, ua }: ICreateSessionsParams): Promise<typeof this.table.$inferSelect> {
+  async insert({ id, userId, expiresAt, ip, ua }: ICreateSessionsParams): Promise<typeof this.table.$inferSelect> {
     await this._orm
       .insert(this.table)
       .values({
-        id: sessionId,
+        id: id,
         expires_at: expiresAt,
         user_id: userId,
         ip,
         ua,
       }).run();
 
-    const sessionInserted = await this.findById({ sessionId });
+    const sessionInserted = await this.findById({ id: id });
     if (!sessionInserted) {
-      throw new Error(`Session ${sessionId} not found after insert`);
+      throw new Error(`Session ${id} not found after insert`);
     }
 
     this._hooks.callHookParallel("sessions:create", sessionInserted);
 
     return sessionInserted;
   }
 
-  async findById({ sessionId }: { sessionId: string }): Promise<typeof this.table.$inferSelect | undefined> {
+  async findById({ id }: { id: string }): Promise<typeof this.table.$inferSelect | undefined> {
     const rows = await this._orm
       .select()
       .from(this.table)
       .where(
-        eq(this.table.id, sessionId),
+        eq(this.table.id, id),
       );
     const user = this.getRawSQlResults(rows).at(0);
 
@@ -66,23 +66,23 @@ export class SessionsRepository extends TableRepository<"sessions"> {
     return { success: this.getRawSQlResults(deletedSessions).length === 0, count: this.getRawSQlResults(sessionsToDelete).length };
   }
 
-  async deleteById({ sessionId }: { sessionId: string }) {
-    const sessionToDelete = await this.findById({ sessionId });
+  async deleteById({ id }: { id: string }) {
+    const sessionToDelete = await this.findById({ id: id });
 
     if (!sessionToDelete) {
-      throw new Error(`Unable to delete session with id ${sessionId}`);
+      throw new Error(`Unable to delete session with id ${id}`);
     }
 
     await this._orm
       .delete(this.table)
       .where(
-        eq(this.table.id, sessionId),
+        eq(this.table.id, id),
       )
       .run();
 
     // TODO: fix typings in db0 / drizzle
     // as the delete from drizzle returns any we do an extra query to check if the deletion went fine
-    const expiredSession = await this.findById({ sessionId });
+    const expiredSession = await this.findById({ id: id });
 
     if (expiredSession) {
       return { success: false };
diff --git a/src/runtime/core/repositories/UsersRepository.ts b/src/runtime/core/repositories/UsersRepository.ts
@@ -2,31 +2,31 @@ import { eq } from "drizzle-orm";
 import { TableRepository } from "./_repo";
 
 export class UsersRepository extends TableRepository<"users"> {
-  async insert({ userId, email, password }: { userId: string, email: string, password?: string }): Promise<typeof this.table.$inferSelect> {
+  async insert({ id, email, password }: { id: string, email: string, password?: string }): Promise<typeof this.table.$inferSelect> {
     await this._orm
       .insert(this.table)
       .values({
-        id: userId,
+        id: id,
         email,
         password,
       }).run();
 
-    const user = await this.findById({ userId });
+    const user = await this.findById({ id });
     if (!user) {
-      throw new Error(`User ${userId} not found after insert`);
+      throw new Error(`User ${id} not found after insert`);
     }
 
     this._hooks.callHookParallel("users:create", user);
 
     return user;
   }
 
-  async findById({ userId }: { userId: string }): Promise<typeof this.table.$inferSelect | undefined> {
+  async findById({ id }: { id: string }): Promise<typeof this.table.$inferSelect | undefined> {
     const rows = await this._orm
       .select()
       .from(this.table)
       .where(
-        eq(this.table.id, userId),
+        eq(this.table.id, id),
       );
     const user = this.getRawSQlResults(rows).at(0);
 
@@ -45,23 +45,23 @@ export class UsersRepository extends TableRepository<"users"> {
     return user;
   }
 
-  updatePasswordByUserId = async ({ userId, password }: { userId: string, password: string }): Promise<void> => {
+  updatePasswordByUserId = async ({ id, password }: { id: string, password: string }): Promise<void> => {
     return await this._orm
       .update(this.table)
       .set({
         password,
       })
-      .where(eq(this.table.id, userId))
+      .where(eq(this.table.id, id))
       .run();
   };
 
-  updateEmailVerifiedByUserId = async ({ userId, value }: { userId: string, value: boolean }): Promise<void> => {
+  updateEmailVerifiedByUserId = async ({ id, value }: { id: string, value: boolean }): Promise<void> => {
     return await this._orm
       .update(this.table)
       .set({
         email_verified: value,
       })
-      .where(eq(this.table.id, userId))
+      .where(eq(this.table.id, id))
       .run();
   };
 }
diff --git a/src/runtime/core/types.ts b/src/runtime/core/types.ts
@@ -19,7 +19,7 @@ export interface ICreateSessionsParams extends ISessionCreateMetada {
   expiresAt: number
   ip?: string
   ua?: string
-  sessionId: string
+  id: string
 }
 
 export interface ICreateUserParams extends ISessionCreateMetada {
diff --git a/src/runtime/h3/routes/ask-email-verification.post.ts b/src/runtime/h3/routes/ask-email-verification.post.ts
@@ -8,7 +8,7 @@ export default defineEventHandler(async (event) => {
   const userId = session.user.id;
 
   try {
-    const user = await auth.getUser({ userId });
+    const user = await auth.getUser({ id: userId });
 
     if (!user) {
       throw new Error("no user");
diff --git a/src/runtime/h3/routes/ask-password-reset.post.ts b/src/runtime/h3/routes/ask-password-reset.post.ts
@@ -7,7 +7,7 @@ export default defineEventHandler(async (event) => {
   const userId = session.user.id;
 
   try {
-    const user = await auth.getUser({ userId });
+    const user = await auth.getUser({ id: userId });
 
     if (!user) {
       throw new Error("no user");
diff --git a/src/runtime/h3/routes/login.post.ts b/src/runtime/h3/routes/login.post.ts
@@ -12,7 +12,7 @@ export default defineEventHandler(async (event) => {
       ...body,
       ua: getHeader(event, "User-Agent"),
     });
-    const user = await auth.getUser({ userId });
+    const user = await auth.getUser({ id: userId });
 
     if (!user) {
       return false;
diff --git a/src/runtime/h3/routes/register.post.ts b/src/runtime/h3/routes/register.post.ts
@@ -13,7 +13,7 @@ export default defineEventHandler(async (event) => {
       ua: getHeader(event, "User-Agent"),
     });
 
-    const user = await auth.getUser({ userId });
+    const user = await auth.getUser({ id: userId });
 
     if (!user) {
       return false;
diff --git a/src/runtime/h3/routes/verify-email-verification.post.ts b/src/runtime/h3/routes/verify-email-verification.post.ts
@@ -9,7 +9,7 @@ export default defineEventHandler(async (event) => {
   const body = await readBody(event);
 
   try {
-    const user = await auth.getUser({ userId });
+    const user = await auth.getUser({ id: userId });
 
     if (!user) {
       throw new Error("no user");
diff --git a/src/runtime/server/plugins/nuxt-auth-utils.bridge.ts b/src/runtime/server/plugins/nuxt-auth-utils.bridge.ts
@@ -19,14 +19,14 @@ export default defineNitroPlugin(() => {
   if (typeof sessionHooks !== "undefined") {
     sessionHooks.hook("fetch", async (session: SlipAuthPublicSession) => {
       // invalid session if not in database
-      const databaseSession = await auth.getSession({ sessionId: session.id });
+      const databaseSession = await auth.getSession({ id: session.id });
       if (!databaseSession) {
         throw createError("invalidate session");
       }
     });
 
     sessionHooks.hook("clear", async (session: SlipAuthPublicSession) => {
-      auth.deleteSession({ sessionId: session.id });
+      auth.deleteSession({ id: session.id });
     });
   }
 });
diff --git a/tests/core-email-password.test.ts b/tests/core-email-password.test.ts
@@ -164,7 +164,7 @@ describe("SlipAuthCore", () => {
       // register
       const [_, registerSession] = await auth.register(createH3Event(), defaultInsert);
       // logout
-      auth.deleteSession({ sessionId: registerSession.id });
+      auth.deleteSession({ id: registerSession.id });
 
       const userCreatedHookPromise = new Promise((resolve, reject) => {
         setTimeout(() => reject("TIMEOUT"), 2000);
@@ -198,7 +198,7 @@ describe("SlipAuthCore", () => {
       // register
       const [_, registerSession] = await auth.register(createH3Event(), defaultInsert);
       // logout
-      auth.deleteSession({ sessionId: registerSession.id });
+      auth.deleteSession({ id: registerSession.id });
 
       expect(sessionDeletedHookPromise).resolves.toStrictEqual(registerSession);
     });
@@ -254,7 +254,7 @@ describe("SlipAuthCore", () => {
 
       expect(verification).toBe(true);
 
-      const dbUser = await auth.getUser({ userId });
+      const dbUser = await auth.getUser({ id: userId });
       expect(dbUser?.email_verified).toBe(1);
     });
   });
diff --git a/tests/core.test.ts b/tests/core.test.ts
diff --git a/tests/rate-limit.test.ts b/tests/rate-limit.test.ts

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ export interface ICreateSessionsParams extends ISessionCreateMetada {`
`19`	`19`	`expiresAt: number`
`20`	`20`	`ip?: string`
`21`	`21`	`ua?: string`
`22`		`- sessionId: string`
	`22`	`+ id: string`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`export interface ICreateUserParams extends ISessionCreateMetada {`