feat: Add support for auth callback plugins.

packages/api/src/auth/callbacks/createCallbackPlugins.js

@@ -14,8 +14,13 @@
   limitations under the License.
 */
 
-function SessionCallback({ session, user, token, config }) {
-  return session;
+function createCallbackPlugins({ authConfig, plugins, type }) {
+  return authConfig.callbacks
+    .map((callbackConfig) => ({
+      fn: plugins.callbacks[callbackConfig.type],
+      properties: callbackConfig.properties,
+    }))
+    .filter((callback) => callback.fn.meta.type === type);
 }
 
-export default SessionCallback;
+export default createCallbackPlugins;

packages/api/src/auth/callbacks/createCallbacks.js

@@ -0,0 +1,38 @@
+/*
+  Copyright 2020-2022 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+import createJWTCallback from './createJWTCallback.js';
+import createRedirectCallback from './createRedirectCallback.js';
+import createSessionCallback from './createSessionCallback.js';
+import createSignInCallback from './createSignInCallback.js';
+
+function createCallbacks({ authConfig, plugins }) {
+  const callbacks = {
+    session: createSessionCallback({ authConfig, plugins }),
+  };
+  const jwt = createJWTCallback({ authConfig, plugins });
+  if (jwt) callbacks.jwt = jwt;
+
+  const redirect = createRedirectCallback({ authConfig, plugins });
+  if (redirect) callbacks.redirect = redirect;
+
+  const signIn = createSignInCallback({ authConfig, plugins });
+  if (signIn) callbacks.signIn = signIn;
+
+  return callbacks;
+}
+
+export default createCallbacks;

packages/api/src/auth/callbacks/createJWTCallback.js

@@ -0,0 +1,45 @@
+/*
+  Copyright 2020-2022 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+import createCallbackPlugins from './createCallbackPlugins.js';
+
+function createJWTCallback({ authConfig, plugins }) {
+  const jwtCallbackPlugins = createCallbackPlugins({
+    authConfig,
+    plugins,
+    type: 'jwt',
+  });
+
+  if (jwtCallbackPlugins.length === 0) return undefined;
+
+  async function jwtCallback({ token, user, account, profile, isNewUser }) {
+    for (const plugin of jwtCallbackPlugins) {
+      token = await plugin.fn({
+        properties: plugin.properties ?? {},
+        token,
+        user,
+        account,
+        profile,
+        isNewUser,
+      });
+    }
+
+    return token;
+  }
+  return jwtCallback;
+}
+
+export default createJWTCallback;

packages/api/src/auth/callbacks/createRedirectCallback.js

@@ -0,0 +1,46 @@
+/*
+  Copyright 2020-2022 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+import createCallbackPlugins from './createCallbackPlugins.js';
+
+function createRedirectCallback({ authConfig, plugins }) {
+  const redirectCallbackPlugins = createCallbackPlugins({
+    authConfig,
+    plugins,
+    type: 'redirect',
+  });
+
+  if (redirectCallbackPlugins.length === 0) return undefined;
+
+  async function redirectCallback({ url, baseUrl }) {
+    let callbackUrl;
+
+    // TODO: Is there a point in running all the callbacks if only the last one is used?
+    // Else we can enforce only one.
+    for (const plugin of redirectCallbackPlugins) {
+      callbackUrl = await plugin.fn({
+        properties: plugin.properties ?? {},
+        baseUrl,
+        url,
+      });
+    }
+
+    return callbackUrl;
+  }
+  return redirectCallback;
+}
+
+export default createRedirectCallback;

packages/api/src/auth/callbacks/createSessionCallback.js

@@ -0,0 +1,45 @@
+/*
+  Copyright 2020-2022 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+import createCallbackPlugins from './createCallbackPlugins.js';
+
+function createSessionCallback({ authConfig, plugins }) {
+  const sessionCallbackPlugins = createCallbackPlugins({
+    authConfig,
+    plugins,
+    type: 'session',
+  });
+
+  async function sessionCallback({ session, token, user }) {
+    if (token) {
+      session.user.sub = token.sub;
+    }
+
+    for (const plugin of sessionCallbackPlugins) {
+      session = await plugin.fn({
+        properties: plugin.properties ?? {},
+        session,
+        token,
+        user,
+      });
+    }
+
+    return session;
+  }
+  return sessionCallback;
+}
+
+export default createSessionCallback;

packages/api/src/auth/callbacks/createSignInCallback.js

@@ -0,0 +1,47 @@
+/*
+  Copyright 2020-2022 Lowdefy, Inc
+
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+*/
+
+import createCallbackPlugins from './createCallbackPlugins.js';
+
+function createSignInCallback({ authConfig, plugins }) {
+  const signInCallbackPlugins = createCallbackPlugins({
+    authConfig,
+    plugins,
+    type: 'signIn',
+  });
+
+  if (signInCallbackPlugins.length === 0) return undefined;
+
+  async function signInCallback({ account, credentials, email, profile, user }) {
+    let allowSignIn = true;
+    for (const plugin of signInCallbackPlugins) {
+      allowSignIn = await plugin.fn({
+        properties: plugin.properties ?? {},
+        account,
+        credentials,
+        email,
+        profile,
+        user,
+      });
+      if (allowSignIn === false) break;
+    }
+
+    return allowSignIn;
+  }
+  return signInCallback;
+}
+
+export default createSignInCallback;

packages/api/src/auth/createProviders.js

@@ -19,13 +19,13 @@
 // This depends on providerId, which might cause some issues if users copy an example and change the id.
 // We need to allow users to configure ids, since they might have more than one of the same type.
 
-function getProviders({ authConfig, plugins }) {
-  return authConfig.providers.map((provider) =>
-    plugins.providers[provider.type]({
-      ...provider.properties,
-      id: provider.id,
+function createProviders({ authConfig, plugins }) {
+  return authConfig.providers.map((providerConfig) =>
+    plugins.providers[providerConfig.type]({
+      ...providerConfig.properties,
+      id: providerConfig.id,
     })
   );
 }
 
-export default getProviders;
+export default createProviders;

packages/api/src/auth/getNextAuthConfig.js

@@ -18,40 +18,12 @@ import { NodeParser } from '@lowdefy/operators';
 import { getSecretsFromEnv } from '@lowdefy/node-utils';
 import { _secret } from '@lowdefy/operators-js/operators/server';
 
-import getProviders from './getProviders.js';
+import createCallbacks from './callbacks/createCallbacks.js';
+import createProviders from './createProviders.js';
 
 const nextAuthConfig = {};
 let initialized = false;
 
-const callbacks = {
-  jwt: async ({ token, user, account, profile, isNewUser }) => {
-    console.log('jwt callback');
-    console.log('token', token);
-    console.log('user', user);
-    console.log('account', account);
-    console.log('profile', profile);
-    console.log('isNewUser', isNewUser);
-
-    return token;
-  },
-  session: async ({ session, user, token }) => {
-    console.log('session callback');
-    console.log('session', session);
-    console.log('user', user);
-    console.log('token', token);
-    session.sub = token.sub;
-    return session;
-  },
-  async redirect({ url, baseUrl }) {
-    console.log('redirect callback', url, baseUrl);
-    // Allows relative callback URLs
-    if (url.startsWith('/')) return `${baseUrl}${url}`;
-    // Allows callback URLs on the same origin
-    else if (new URL(url).origin === baseUrl) return url;
-    return baseUrl;
-  },
-};
-
 function getNextAuthConfig({ authJson, plugins }) {
   if (initialized) return nextAuthConfig;
 
@@ -71,7 +43,8 @@ function getNextAuthConfig({ authJson, plugins }) {
     throw new Error(operatorErrors[0]);
   }
 
-  nextAuthConfig.providers = getProviders({ authConfig, plugins });
+  nextAuthConfig.callbacks = createCallbacks({ authConfig, plugins });
+  nextAuthConfig.providers = createProviders({ authConfig, plugins });
 
   // We can either configure this using auth config,
   // then the user configures this using the _secret operator
@@ -80,10 +53,8 @@ function getNextAuthConfig({ authJson, plugins }) {
   // -> authConfig.secret = secrets.LOWDEFY_AUTH_SECRET;
   nextAuthConfig.secret = 'TODO: Configure secret';
 
-  nextAuthConfig.callbacks = callbacks;
   nextAuthConfig.theme = authConfig.theme;
   initialized = true;
-  console.log(JSON.stringify(nextAuthConfig, null, 2));
   return nextAuthConfig;
 }
 

packages/build/src/build/buildAuth/buildAuthPlugins.js

@@ -15,7 +15,30 @@
 */
 import { type } from '@lowdefy/helpers';
 
-function buildAuthPlugins({ components, context }) {
+function buildCallbacks({ components, context }) {
+  if (type.isArray(components.auth.callbacks)) {
+    components.auth.callbacks.forEach((callback) => {
+      if (type.isUndefined(callback.id)) {
+        throw new Error(`Auth callback id missing.`);
+      }
+      if (!type.isString(callback.id)) {
+        throw new Error(
+          `Auth callback id is not a string. Received ${JSON.stringify(callback.id)}.`
+        );
+      }
+      if (!type.isString(callback.type)) {
+        throw new Error(
+          `Auth callback type is not a string at callback "${
+            callback.id
+          }". Received ${JSON.stringify(callback.type)}.`
+        );
+      }
+      context.typeCounters.auth.callbacks.increment(callback.type);
+    });
+  }
+}
+
+function buildProviders({ components, context }) {
   if (type.isArray(components.auth.providers)) {
     components.auth.providers.forEach((provider) => {
       if (type.isUndefined(provider.id)) {
@@ -38,4 +61,9 @@ function buildAuthPlugins({ components, context }) {
   }
 }
 
+function buildAuthPlugins({ components, context }) {
+  buildCallbacks({ components, context });
+  buildProviders({ components, context });
+}
+
 export default buildAuthPlugins;

packages/build/src/build/buildAuth/validateAuthConfig.js

@@ -33,6 +33,9 @@ async function validateAuthConfig({ components }) {
   if (type.isNone(components.auth.pages.roles)) {
     components.auth.pages.roles = {};
   }
+  if (type.isNone(components.auth.callbacks)) {
+    components.auth.callbacks = [];
+  }
   if (type.isNone(components.auth.providers)) {
     components.auth.providers = [];
   }

packages/build/src/build/buildTypes.js

@@ -54,6 +54,7 @@ function buildTypes({ components, context }) {
   components.types = {
     actions: {},
     auth: {
+      callbacks: {},
       providers: {},
     },
     blocks: {},
@@ -79,6 +80,13 @@ function buildTypes({ components, context }) {
     typeClass: 'Auth provider',
   });
 
+  buildTypeClass(context, {
+    counter: typeCounters.auth.callbacks,
+    definitions: context.typesMap.auth.callbacks,
+    store: components.types.auth.callbacks,
+    typeClass: 'Auth callback',
+  });
+
   buildTypeClass(context, {
     counter: typeCounters.blocks,
     definitions: context.typesMap.blocks,

packages/build/src/build/updateServerPackageJson.js

@@ -29,6 +29,7 @@ async function updateServerPackageJson({ components, context }) {
     });
   }
   getPackages(components.types.actions);
+  getPackages(components.types.auth.callbacks);
   getPackages(components.types.auth.providers);
   getPackages(components.types.blocks);
   getPackages(components.types.connections);

packages/build/src/build/writePluginImports/writeAuthImports.js

@@ -17,6 +17,13 @@
 import generateImportFile from './generateImportFile.js';
 
 async function writeAuthImports({ components, context }) {
+  await context.writeBuildArtifact(
+    'plugins/auth/callbacks.js',
+    generateImportFile({
+      types: components.types.auth.callbacks,
+      importPath: 'auth/callbacks',
+    })
+  );
   await context.writeBuildArtifact(
     'plugins/auth/providers.js',
     generateImportFile({

packages/build/src/index.js

@@ -63,6 +63,7 @@ async function createContext({ customTypesMap, directories, logger, refResolver
     typeCounters: {
       actions: createCounter(),
       auth: {
+        callbacks: createCounter(),
         providers: createCounter(),
       },
       blocks: createCounter(),

packages/build/src/lowdefySchema.js

@@ -72,6 +72,7 @@ export default {
         type: 'App "config.auth" should be an object.',
       },
       properties: {
+        // TODO: fix
         openId: {
           type: 'object',
           additionalProperties: false,
@@ -185,6 +186,37 @@ export default {
             },
           },
         },
+        callbacks: {
+          type: 'array',
+          items: {
+            type: 'object',
+            required: ['id', 'type'],
+            properties: {
+              id: {
+                type: 'string',
+                errorMessage: {
+                  type: 'Auth callback "id" should be a string.',
+                },
+              },
+              type: {
+                type: 'string',
+                errorMessage: {
+                  type: 'Auth callback "type" should be a string.',
+                },
+              },
+              properties: {
+                type: 'object',
+              },
+            },
+            errorMessage: {
+              type: 'Auth callback should be an object.',
+              required: {
+                id: 'Auth callback should have required property "id".',
+                type: 'Auth callback should have required property "type".',
+              },
+            },
+          },
+        },
         providers: {
           type: 'array',
           items: {

packages/build/src/scripts/generateDefaultTypes.js

@@ -51,8 +51,8 @@ async function generateDefaultTypesMap() {
   const defaultTypesMap = {
     actions: {},
     auth: {
-      providers: {},
       callbacks: {},
+      providers: {},
     },
     blocks: {},
     connections: {},

packages/server-dev/manager/utils/createCustomPluginTypesMap.mjs

@@ -34,8 +34,8 @@ async function createCustomPluginTypesMap({ directories }) {
   const customTypesMap = {
     actions: {},
     auth: {
-      providers: {},
       callbacks: {},
+      providers: {},
     },
     blocks: {},
     connections: {},

packages/server/lowdefy/createCustomPluginTypesMap.mjs

@@ -34,8 +34,8 @@ async function createCustomPluginTypesMap({ directories }) {
   const customTypesMap = {
     actions: {},
     auth: {
-      providers: {},
       callbacks: {},
+      providers: {},
     },
     blocks: {},
     connections: {},

packages/server/pages/api/auth/[...nextauth].js

@@ -18,6 +18,7 @@ import NextAuth from 'next-auth';
 import { getNextAuthConfig } from '@lowdefy/api';
 
 import authJson from '../../../build/auth.json';
+import callbacks from '../../../build/plugins/auth/callbacks.js';
 import providers from '../../../build/plugins/auth/providers.js';
 
 // If getNextAuthConfig needs to be async:
@@ -28,4 +29,4 @@ import providers from '../../../build/plugins/auth/providers.js';
 
 // export default auth;
 
-export default NextAuth(getNextAuthConfig({ authJson, plugins: { providers } }));
+export default NextAuth(getNextAuthConfig({ authJson, plugins: { callbacks, providers } }));