chore: fix types (#393)

Author: atinux

.github/workflows/ci.yml

@@ -65,8 +65,8 @@ jobs:
       - name: Run test suite
         run: pnpm test
 
-      # - name: Test types
-      #   run: pnpm test:types
+      - name: Test types
+        run: pnpm test:types
 
       # - name: Test playground types
       #   run: pnpm test:types:playground

package.json

@@ -31,7 +31,7 @@
     "lint:fix": "eslint . --fix",
     "test": "vitest run",
     "test:types": "vue-tsc --noEmit",
-    "test:types:playground": "cd playground && vue-tsc --noEmit",
+    "test:types:playground": "nuxt typecheck playground",
     "test:watch": "vitest watch"
   },
   "dependencies": {

playground/components/AuthLogin.vue

@@ -4,7 +4,7 @@ const isOpen = ref(false)
 const { fetch, user } = useUserSession()
 const toast = useToast()
 
-async function login(event: SubmitEvent) {
+async function login(event: Event) {
   const target = event.target as HTMLFormElement
 
   await $fetch('/api/login', {

playground/components/AuthRegister.vue

@@ -4,7 +4,7 @@ const isOpen = ref(false)
 const { fetch, user } = useUserSession()
 const toast = useToast()
 
-async function register(event: SubmitEvent) {
+async function register(event: Event) {
   const target = event.target as HTMLFormElement
 
   await $fetch('/api/register', {

playground/package.json

@@ -20,8 +20,5 @@
   },
   "devDependencies": {
     "better-sqlite3": "^11.8.1"
-  },
-  "resolutions": {
-    "h3": "^1.14.0"
   }
 }

playground/server/api/webauthn/authenticate.post.ts

@@ -37,7 +37,7 @@ export default defineWebAuthnAuthenticateEventHandler({
   },
   async onSuccess(event, { credential, authenticationInfo }) {
     const db = useDatabase()
-    const { rows } = await db.sql<{ rows: string[] }>`
+    const { rows } = await db.sql<{ rows: { email: string }[] }>`
       SELECT users.email
       FROM credentials
       INNER JOIN users ON users.id = credentials.userId

playground/server/api/webauthn/register.post.ts

@@ -17,6 +17,7 @@ export default defineWebAuthnRegisterEventHandler({
     const db = useDatabase()
     try {
       await db.sql`BEGIN TRANSACTION`
+      // @ts-expect-error - dbUser is not defined in the type
       let { rows: [dbUser] } = await db.sql`SELECT * FROM users WHERE email = ${user.userName}`
       if (!dbUser) {
         await db.sql`INSERT INTO users (email) VALUES (${user.userName})`
@@ -50,7 +51,7 @@ export default defineWebAuthnRegisterEventHandler({
       await db.sql`ROLLBACK`
       throw createError({
         statusCode: 500,
-        message: err.message.includes('UNIQUE constraint failed') ? 'User already registered' : 'Failed to store credential',
+        message: err instanceof Error && err.message.includes('UNIQUE constraint failed') ? 'User already registered' : 'Failed to store credential',
       })
     }
   },

pnpm-lock.yaml

@@ -1,2 +1,3 @@
 packages:
   - "playground"
+  - "./"

pnpm-workspace.yaml

@@ -8,7 +8,7 @@ import type { UserSession, UserSessionComposable } from '#auth-utils'
  */
 export function useUserSession(): UserSessionComposable {
   const serverEvent = import.meta.server ? useRequestEvent() : null
-  const sessionState = useState<UserSession>('nuxt-session', () => ({}))
+  const sessionState = useState<UserSession | null>('nuxt-session', () => null)
   const authReadyState = useState('nuxt-auth-ready', () => false)
 
   const clear = async () => {
@@ -23,16 +23,16 @@ export function useUserSession(): UserSessionComposable {
         }
       },
     })
-    sessionState.value = {}
+    sessionState.value = null
   }
 
   const fetch = async () => {
-    sessionState.value = await useRequestFetch()('/api/_auth/session', {
+    sessionState.value = await useRequestFetch()<UserSession>('/api/_auth/session', {
       headers: {
         accept: 'application/json',
       },
       retry: false,
-    }).catch(() => ({}))
+    }).catch(() => null)
     if (!authReadyState.value) {
       authReadyState.value = true
     }
@@ -68,8 +68,8 @@ export function useUserSession(): UserSessionComposable {
 
   return {
     ready: computed(() => authReadyState.value),
-    loggedIn: computed(() => Boolean(sessionState.value.user)),
-    user: computed(() => sessionState.value.user || null),
+    loggedIn: computed(() => Boolean(sessionState.value?.user)),
+    user: computed(() => sessionState.value?.user || null),
     session: sessionState,
     fetch,
     openInPopup,

src/runtime/app/composables/session.ts

@@ -31,7 +31,7 @@ export interface OAuthBlueskyConfig {
 type BlueSkyUser = AppBskyActorDefs.ProfileViewDetailed | Pick<AppBskyActorDefs.ProfileView, 'did'>
 type BlueSkyTokens = NodeSavedSession['tokenSet']
 
-export function defineOAuthBlueskyEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthBlueskyConfig, BlueSkyUser, BlueSkyTokens>) {
+export function defineOAuthBlueskyEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthBlueskyConfig, { user: BlueSkyUser, tokens: BlueSkyTokens }>) {
   return eventHandler(async (event: H3Event) => {
     const clientMetadata = getAtprotoClientMetadata(event, 'bluesky', config)
     const scopes = clientMetadata.scope?.split(' ') ?? []

src/runtime/server/lib/atproto/bluesky.ts

@@ -92,7 +92,8 @@ export function defineOAuthAppleEventHandler({
   config,
   onSuccess,
   onError,
-}: OAuthConfig<OAuthAppleConfig>) {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+}: OAuthConfig<OAuthAppleConfig, { user: OAuthAppleUser, payload: OAuthAppleTokens, tokens: any }>) {
   return eventHandler(async (event: H3Event) => {
     config = defu(config, useRuntimeConfig(event).oauth?.apple, {
       authorizationURL: config?.authorizationURL || 'https://appleid.apple.com/auth/authorize',
@@ -172,7 +173,7 @@ export function defineOAuthAppleEventHandler({
         return handleAccessTokenErrorResponse(event, 'apple', payload, onError)
       }
 
-      return onSuccess(event, { user, payload, tokens: accessTokenResult })
+      return onSuccess(event, { user: user!, payload, tokens: accessTokenResult })
     }
     catch (error) {
       return handleAccessTokenErrorResponse(event, 'apple', error, onError)

src/runtime/server/lib/oauth/apple.ts

@@ -99,7 +99,7 @@ export function defineOAuthAtlassianEventHandler({
   config,
   onSuccess,
   onError,
-}: OAuthConfig<OAuthAtlassianConfig>) {
+}: OAuthConfig<OAuthAtlassianConfig, { user: AtlassianUser, tokens: AtlassianTokens }>) {
   return eventHandler(async (event: H3Event) => {
     config = defu(config, useRuntimeConfig().oauth?.atlassian, {
       authorizationURL: 'https://auth.atlassian.com/authorize',

src/runtime/server/lib/oauth/atlassian.ts

@@ -69,7 +69,7 @@ export function defineOAuthFacebookEventHandler({
       authorizationParams: {},
     }) as OAuthFacebookConfig
 
-    const query = getQuery<{ code?: string, error?: string }>(event)
+    const query = getQuery<{ code?: string, error?: string, state?: string }>(event)
 
     if (query.error) {
       const error = createError({

src/runtime/server/lib/oauth/facebook.ts

@@ -63,7 +63,49 @@ export interface OAuthGitHubConfig {
   redirectURL?: string
 }
 
-export function defineOAuthGitHubEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthGitHubConfig>) {
+interface GitHubUser {
+  login: string
+  id: number
+  node_id: string
+  avatar_url: string
+  gravatar_id: string
+  url: string
+  html_url: string
+  followers_url: string
+  following_url: string
+  gists_url: string
+  starred_url: string
+  subscriptions_url: string
+  organizations_url: string
+  repos_url: string
+  events_url: string
+  received_events_url: string
+  type: string
+  site_admin: boolean
+  name: string
+  company: string
+  blog: string
+  location: string
+  email: string | null
+  hireable: boolean | null
+  bio: string | null
+  twitter_username: string | null
+  public_repos: number
+  public_gists: number
+  followers: number
+  following: number
+  created_at: string
+  updated_at: string
+  email_verified?: boolean
+}
+
+interface GitHubTokens {
+  access_token: string
+  scope: string
+  token_type: string
+}
+
+export function defineOAuthGitHubEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthGitHubConfig, { user: GitHubUser, tokens: GitHubTokens }>) {
   return eventHandler(async (event: H3Event) => {
     config = defu(config, useRuntimeConfig(event).oauth?.github, {
       authorizationURL: 'https://github.com/login/oauth/authorize',

src/runtime/server/lib/oauth/github.ts

@@ -73,10 +73,13 @@ export function defineOAuthLineEventHandler({
     const query = getQuery<{ code?: string, error?: string, state?: string }>(event)
 
     if (query.error) {
-      return onError(
-        event,
-        new Error(`Line login failed: ${query.error || 'Unknown error'}`),
-      )
+      const error = createError({
+        statusCode: 401,
+        message: `Line login failed: ${query.error || 'Unknown error'}`,
+        data: query,
+      })
+      if (!onError) throw error
+      return onError(event, error)
     }
 
     if (!config.clientId || !config.clientSecret) {

src/runtime/server/lib/oauth/line.ts

@@ -65,7 +65,7 @@ export function defineOAuthMicrosoftEventHandler({ config, onSuccess, onError }:
       authorizationParams: {},
     }) as OAuthMicrosoftConfig
 
-    const query = getQuery<{ code?: string }>(event)
+    const query = getQuery<{ code?: string, state?: string }>(event)
 
     if (!config.clientId || !config.clientSecret || !config.tenant) {
       return handleMissingConfiguration(event, 'microsoft', ['clientId', 'clientSecret', 'tenant'], onError)

src/runtime/server/lib/oauth/microsoft.ts

@@ -116,7 +116,7 @@ export interface OAuthSeznamUser {
   gender?: string | null
 }
 
-export function defineOAuthSeznamEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthSeznamConfig, OAuthSeznamUser>) {
+export function defineOAuthSeznamEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthSeznamConfig, { user: OAuthSeznamUser, tokens: unknown }>) {
   return eventHandler(async (event: H3Event) => {
     config = defu(config, useRuntimeConfig(event).oauth?.seznam, {
       authorizationURL: 'https://login.szn.cz/api/v1/oauth/auth',

src/runtime/server/lib/oauth/seznam.ts

@@ -101,7 +101,7 @@ export function defineOAuthSteamEventHandler({ config, onSuccess, onError }: OAu
     const idRegex = /^https?:\/\/steamcommunity\.com\/openid\/id\/(\d+)$/
     const steamIdCheck = idRegex.exec(query['openid.claimed_id'])
 
-    const steamId = steamIdCheck[1]
+    const steamId = steamIdCheck?.[1]
 
     // TODO: improve typing
     // eslint-disable-next-line @typescript-eslint/no-explicit-any

src/runtime/server/lib/oauth/steam.ts

@@ -152,7 +152,7 @@ export function defineOAuthStravaEventHandler({
   config,
   onSuccess,
   onError,
-}: OAuthConfig<OAuthStravaConfig, OAuthStravaUser>) {
+}: OAuthConfig<OAuthStravaConfig, { user: OAuthStravaUser, tokens: OAuthStravaTokens }>) {
   return eventHandler(async (event: H3Event) => {
     config = defu(config, useRuntimeConfig(event).oauth?.strava) as OAuthStravaConfig
 

src/runtime/server/lib/oauth/strava.ts

@@ -72,7 +72,7 @@ export interface OAuthWorkOSTokens {
   refresh_token: string
 }
 
-export function defineOAuthWorkOSEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthWorkOSConfig, OAuthWorkOSUser, OAuthWorkOSTokens>) {
+export function defineOAuthWorkOSEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthWorkOSConfig, { user: OAuthWorkOSUser, tokens: OAuthWorkOSTokens }>) {
   return eventHandler(async (event: H3Event) => {
     config = defu(config, useRuntimeConfig(event).oauth?.workos, { screen_hint: 'sign-in' }) as OAuthWorkOSConfig
 

src/runtime/server/lib/oauth/workos.ts

@@ -4,9 +4,9 @@ import { generateAuthenticationOptions, verifyAuthenticationResponse } from '@si
 import defu from 'defu'
 import { getRandomValues } from 'uncrypto'
 import { base64URLStringToBuffer, bufferToBase64URLString } from '@simplewebauthn/browser'
+import type { AuthenticationBody } from '../../../types/webauthn'
 import { useRuntimeConfig } from '#imports'
 import type { WebAuthnAuthenticateEventHandlerOptions, WebAuthnCredential } from '#auth-utils'
-import type { AuthenticationBody } from '~/src/runtime/types/webauthn'
 
 export function defineWebAuthnAuthenticateEventHandler<T extends WebAuthnCredential>({
   storeChallenge,

src/runtime/server/lib/webauthn/authenticate.ts

@@ -5,9 +5,9 @@ import { generateRegistrationOptions, verifyRegistrationResponse } from '@simple
 import defu from 'defu'
 import { bufferToBase64URLString } from '@simplewebauthn/browser'
 import { getRandomValues } from 'uncrypto'
+import type { RegistrationBody, ValidateUserFunction } from '../../../types/webauthn'
 import { useRuntimeConfig } from '#imports'
 import type { WebAuthnUser, WebAuthnRegisterEventHandlerOptions } from '#auth-utils'
-import type { RegistrationBody, ValidateUserFunction } from '~/src/runtime/types/webauthn'
 
 export function defineWebAuthnRegisterEventHandler<T extends WebAuthnUser>({
   storeChallenge,

src/runtime/server/lib/webauthn/register.ts

@@ -1,11 +1,12 @@
 import type { H3Event } from 'h3'
 import type { OAuthClientMetadataInput, OAuthGrantType } from '@atproto/oauth-client-node'
+import { getRequestURL } from 'h3'
 import type { AtprotoProviderClientMetadata } from '../../types/atproto'
 import type { OAuthBlueskyConfig } from '../lib/atproto/bluesky'
 import { getOAuthRedirectURL } from '../lib/utils'
 import { getClientMetadataFilename } from '../../utils/atproto'
 import type { ATProtoProvider, OAuthConfig } from '#auth-utils'
-import { getRequestURL, useRuntimeConfig } from '#imports'
+import { useRuntimeConfig } from '#imports'
 
 export function getAtprotoClientMetadata(
   event: H3Event,

src/runtime/server/utils/atproto.ts

@@ -30,8 +30,8 @@ export const sessionHooks = createHooks<SessionHooks>()
 export async function getUserSession(event: UseSessionEvent): Promise<UserSession> {
   const session = await _useSession(event)
   return {
-    id: session.id,
     ...session.data,
+    id: session.id,
   }
 }
 /**
@@ -40,7 +40,7 @@ export async function getUserSession(event: UseSessionEvent): Promise<UserSessio
  * @param data User session data, please only store public information since it can be decoded with API calls
  * @see https://github.com/atinux/nuxt-auth-utils
  */
-export async function setUserSession(event: H3Event, data: UserSession, config?: Partial<SessionConfig>): Promise<UserSession> {
+export async function setUserSession(event: H3Event, data: Omit<UserSession, 'id'>, config?: Partial<SessionConfig>): Promise<UserSession> {
   const session = await _useSession(event, config)
 
   await session.update(defu(data, session.data))
@@ -53,7 +53,7 @@ export async function setUserSession(event: H3Event, data: UserSession, config?:
  * @param event The Request (h3) event
  * @param data User session data, please only store public information since it can be decoded with API calls
  */
-export async function replaceUserSession(event: H3Event, data: UserSession, config?: Partial<SessionConfig>): Promise<UserSession> {
+export async function replaceUserSession(event: H3Event, data: Omit<UserSession, 'id'>, config?: Partial<SessionConfig>): Promise<UserSession> {
   const session = await _useSession(event, config)
 
   await session.clear()

src/runtime/server/utils/session.ts

@@ -7,11 +7,11 @@ export type OAuthProvider = ATProtoProvider | 'atlassian' | 'auth0' | 'authentik
 export type OnError = (event: H3Event, error: H3Error) => Promise<void> | void
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
-export interface OAuthConfig<TConfig, TUser = any, TTokens = any> {
+export interface OAuthConfig<TConfig, TResult = { user: any, tokens: any }> {
   config?: TConfig
   onSuccess: (
     event: H3Event,
-    result: { user: TUser, tokens: TTokens }
+    result: TResult
   ) => Promise<void> | void
   onError?: OnError
 }

src/runtime/types/oauth-config.ts

@@ -10,7 +10,7 @@ export interface UserSession {
   /**
    * Session ID
    */
-  id?: string
+  id: string
   /**
    * User session data, available on client and server
    */
@@ -26,7 +26,6 @@ export interface UserSession {
 }
 
 export interface UserSessionRequired extends UserSession {
-  id: string
   user: User
 }
 
@@ -46,7 +45,7 @@ export interface UserSessionComposable {
   /**
    * The session object.
    */
-  session: Ref<UserSession>
+  session: Ref<UserSession | null>
   /**
    * Fetch the user session from the server.
    */