-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.ts
59 lines (50 loc) · 2.34 KB
/
auth.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
// Welcome to some authentication for Keystone
//
// This is using @keystone-6/auth to add the following
// - A sign-in page for your Admin UI
// - A cookie-based stateless session strategy
// - Using a User email as the identifier
// - 30 day cookie expiration
//
// This file does not configure what Users can do, and the default for this starter
// project is to allow anyone - logged-in or not - to do anything.
//
// If you want to prevent random people on the internet from accessing your data,
// you can find out how by reading https://keystonejs.com/docs/guides/auth-and-access-control
//
// If you want to learn more about how our out-of-the-box authentication works, please
// read https://keystonejs.com/docs/apis/auth#authentication-api
import { randomBytes } from 'node:crypto'
import { createAuth } from '@keystone-6/auth'
// see https://keystonejs.com/docs/apis/session for the session docs
import { statelessSessions } from '@keystone-6/core/session'
// withAuth is a function we can use to wrap our base configuration
const { withAuth } = createAuth({
listKey: 'User',
identityField: 'email',
// this is a GraphQL query fragment for fetching what data will be attached to a context.session
// this can be helpful for when you are writing your access control functions
// you can find out more at https://keystonejs.com/docs/guides/auth-and-access-control
sessionData: 'name createdAt',
secretField: 'password',
// WARNING: remove initFirstItem functionality in production
// see https://keystonejs.com/docs/config/auth#init-first-item for more
initFirstItem: {
// if there are no items in the database, by configuring this field
// you are asking the Keystone AdminUI to create a new user
// providing inputs for these fields
fields: ['name', 'email', 'password'],
// it uses context.sudo() to do this, which bypasses any access control you might have
// you shouldn't use this in production
},
})
// statelessSessions uses cookies for session tracking
// these cookies have an expiry, in seconds
// we use an expiry of 30 days for this starter
const sessionMaxAge = 60 * 60 * 24 * 30
// you can find out more at https://keystonejs.com/docs/apis/session#session-api
const session = statelessSessions({
maxAge: sessionMaxAge,
secret: process.env.SESSION_SECRET,
})
export { withAuth, session }