diff --git a/package.json b/package.json index 43ea474..bc46b96 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "@sveltejs/adapter-auto": "^3.2.5", "@sveltejs/enhanced-img": "^0.3.8", "@sveltejs/kit": "^2.5.28", - "@sveltejs/vite-plugin-svelte": "^3.1.2", + "@sveltejs/vite-plugin-svelte": "4.0.0-next.7", "@types/cookie": "^0.6.0", "@types/node": "^20.16.5", "@types/pg": "^8.11.10", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 3828c27..ee6151a 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -64,10 +64,10 @@ importers: version: 2.2.2 '@sveltejs/adapter-node': specifier: ^5.2.3 - version: 5.2.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))) + version: 5.2.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))) '@sveltejs/adapter-vercel': specifier: ^5.4.4 - version: 5.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))) + version: 5.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))) '@types/feather-icons': specifier: ^4.29.4 version: 4.29.4 @@ -106,7 +106,7 @@ importers: version: 4.29.2 formsnap: specifier: ^1.0.1 - version: 1.0.1(svelte@5.0.0-next.175)(sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)) + version: 1.0.1(svelte@5.0.0-next.175)(sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)) handlebars: specifier: ^4.7.8 version: 4.7.8 @@ -197,16 +197,16 @@ importers: version: 1.47.2 '@sveltejs/adapter-auto': specifier: ^3.2.5 - version: 3.2.5(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))) + version: 3.2.5(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))) '@sveltejs/enhanced-img': specifier: ^0.3.8 version: 0.3.8(rollup@4.21.2)(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) '@sveltejs/kit': specifier: ^2.5.28 - version: 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + version: 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) '@sveltejs/vite-plugin-svelte': - specifier: ^3.1.2 - version: 3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + specifier: 4.0.0-next.7 + version: 4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) '@types/cookie': specifier: ^0.6.0 version: 0.6.0 @@ -296,10 +296,10 @@ importers: version: 2.0.1 sveltekit-flash-message: specifier: ^2.4.4 - version: 2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175) + version: 2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175) sveltekit-superforms: specifier: ^2.18.1 - version: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175) + version: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175) tailwindcss: specifier: ^3.4.12 version: 3.4.12(ts-node@10.9.2(@types/node@20.16.5)(typescript@5.6.2)) @@ -2017,19 +2017,19 @@ packages: svelte: ^4.0.0 || ^5.0.0-next.0 vite: ^5.0.3 - '@sveltejs/vite-plugin-svelte-inspector@2.1.0': - resolution: {integrity: sha512-9QX28IymvBlSCqsCll5t0kQVxipsfhFFL+L2t3nTWfXnddYwxBuAEtTtlaVQpRz9c37BhJjltSeY4AJSC03SSg==} - engines: {node: ^18.0.0 || >=20} + '@sveltejs/vite-plugin-svelte-inspector@3.0.0-next.3': + resolution: {integrity: sha512-kuGJ2CZ5lAw3gKF8Kw0AfKtUJWbwdlDHY14K413B0MCyrzvQvsKTorwmwZcky0+QqY6RnVIZ/5FttB9bQmkLXg==} + engines: {node: ^18.0.0 || ^20.0.0 || >=22} peerDependencies: - '@sveltejs/vite-plugin-svelte': ^3.0.0 - svelte: ^4.0.0 || ^5.0.0-next.0 + '@sveltejs/vite-plugin-svelte': ^4.0.0-next.0||^4.0.0 + svelte: ^5.0.0-next.96 || ^5.0.0 vite: ^5.0.0 - '@sveltejs/vite-plugin-svelte@3.1.2': - resolution: {integrity: sha512-Txsm1tJvtiYeLUVRNqxZGKR/mI+CzuIQuc2gn+YCs9rMTowpNZ2Nqt53JdL8KF9bLhAf2ruR/dr9eZCwdTriRA==} - engines: {node: ^18.0.0 || >=20} + '@sveltejs/vite-plugin-svelte@4.0.0-next.7': + resolution: {integrity: sha512-yMUnAqquoayvBDztk1rWUgdtvjv7YcHgopCAB7sWl9SQht8U/7lqwTlJU0ZTAY09pFFRe6bbakd7YoiyyIvJiA==} + engines: {node: ^18.0.0 || ^20.0.0 || >=22} peerDependencies: - svelte: ^4.0.0 || ^5.0.0-next.0 + svelte: ^5.0.0-next.96 || ^5.0.0 vite: ^5.0.0 '@swc/helpers@0.5.13': @@ -4345,12 +4345,6 @@ packages: peerDependencies: svelte: ^4.0.0 - svelte-hmr@0.16.0: - resolution: {integrity: sha512-Gyc7cOS3VJzLlfj7wKS0ZnzDVdv3Pn2IuVeJPk9m2skfhcu5bq3wtIZyQGggr7/Iim5rH5cncyQft/kRLupcnA==} - engines: {node: ^12.20 || ^14.13.1 || >= 16} - peerDependencies: - svelte: ^3.19.0 || ^4.0.0 - svelte-keyed@2.0.0: resolution: {integrity: sha512-7TeEn+QbJC2OJrHiuM0T8vMBkms3DNpTE+Ir+NtnVBnBMA78aL4f1ft9t0Hn/pBbD/TnIXi4YfjFRAgtN+DZ5g==} peerDependencies: @@ -4724,8 +4718,8 @@ packages: terser: optional: true - vitefu@0.2.5: - resolution: {integrity: sha512-SgHtMLoqaeeGnd2evZ849ZbACbnwQCIwRH57t18FxcXoZop0uQu0uzlIhJBlF/eWVzuce0sHeqPcDo+evVcg8Q==} + vitefu@1.0.2: + resolution: {integrity: sha512-0/iAvbXyM3RiPPJ4lyD4w6Mjgtf4ejTK6TPvTNG3H32PLwuT0N/ZjJLiXug7ETE/LWtTeHw9WRv7uX/tIKYyKg==} peerDependencies: vite: ^3.0.0 || ^4.0.0 || ^5.0.0 peerDependenciesMeta: @@ -6137,22 +6131,22 @@ snapshots: '@sodaru/yup-to-json-schema@2.0.1': optional: true - '@sveltejs/adapter-auto@3.2.5(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))': + '@sveltejs/adapter-auto@3.2.5(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))': dependencies: - '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) import-meta-resolve: 4.1.0 - '@sveltejs/adapter-node@5.2.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))': + '@sveltejs/adapter-node@5.2.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))': dependencies: '@rollup/plugin-commonjs': 26.0.1(rollup@4.21.2) '@rollup/plugin-json': 6.1.0(rollup@4.21.2) '@rollup/plugin-node-resolve': 15.2.3(rollup@4.21.2) - '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) rollup: 4.21.2 - '@sveltejs/adapter-vercel@5.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))': + '@sveltejs/adapter-vercel@5.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))': dependencies: - '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) '@vercel/nft': 0.27.4 esbuild: 0.21.5 transitivePeerDependencies: @@ -6169,9 +6163,9 @@ snapshots: transitivePeerDependencies: - rollup - '@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))': + '@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))': dependencies: - '@sveltejs/vite-plugin-svelte': 3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + '@sveltejs/vite-plugin-svelte': 4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) '@types/cookie': 0.6.0 cookie: 0.6.0 devalue: 5.0.0 @@ -6187,26 +6181,25 @@ snapshots: tiny-glob: 0.2.9 vite: 5.4.7(@types/node@20.16.5)(sass@1.79.1) - '@sveltejs/vite-plugin-svelte-inspector@2.1.0(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))': + '@sveltejs/vite-plugin-svelte-inspector@3.0.0-next.3(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))': dependencies: - '@sveltejs/vite-plugin-svelte': 3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + '@sveltejs/vite-plugin-svelte': 4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) debug: 4.3.6 svelte: 5.0.0-next.175 vite: 5.4.7(@types/node@20.16.5)(sass@1.79.1) transitivePeerDependencies: - supports-color - '@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))': + '@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1))': dependencies: - '@sveltejs/vite-plugin-svelte-inspector': 2.1.0(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + '@sveltejs/vite-plugin-svelte-inspector': 3.0.0-next.3(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) debug: 4.3.6 deepmerge: 4.3.1 kleur: 4.1.5 magic-string: 0.30.11 svelte: 5.0.0-next.175 - svelte-hmr: 0.16.0(svelte@5.0.0-next.175) vite: 5.4.7(@types/node@20.16.5)(sass@1.79.1) - vitefu: 0.2.5(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + vitefu: 1.0.2(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) transitivePeerDependencies: - supports-color @@ -7253,11 +7246,11 @@ snapshots: cross-spawn: 7.0.3 signal-exit: 4.1.0 - formsnap@1.0.1(svelte@5.0.0-next.175)(sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)): + formsnap@1.0.1(svelte@5.0.0-next.175)(sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175)): dependencies: nanoid: 5.0.7 svelte: 5.0.0-next.175 - sveltekit-superforms: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175) + sveltekit-superforms: 2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175) forwarded@0.2.0: {} @@ -8667,10 +8660,6 @@ snapshots: svelte-render: 2.0.1(svelte@5.0.0-next.175) svelte-subscribe: 2.0.1(svelte@5.0.0-next.175) - svelte-hmr@0.16.0(svelte@5.0.0-next.175): - dependencies: - svelte: 5.0.0-next.175 - svelte-keyed@2.0.0(svelte@5.0.0-next.175): dependencies: svelte: 5.0.0-next.175 @@ -8762,14 +8751,14 @@ snapshots: magic-string: 0.30.11 zimmerframe: 1.1.2 - sveltekit-flash-message@2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175): + sveltekit-flash-message@2.4.4(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175): dependencies: - '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) svelte: 5.0.0-next.175 - sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175): + sveltekit-superforms@2.19.0(@sveltejs/kit@2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(@types/json-schema@7.0.15)(svelte@5.0.0-next.175): dependencies: - '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@3.1.2(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) + '@sveltejs/kit': 2.5.28(@sveltejs/vite-plugin-svelte@4.0.0-next.7(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)))(svelte@5.0.0-next.175)(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)) devalue: 5.0.0 just-clone: 6.2.0 memoize-weak: 1.0.2 @@ -9023,7 +9012,7 @@ snapshots: fsevents: 2.3.3 sass: 1.79.1 - vitefu@0.2.5(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)): + vitefu@1.0.2(vite@5.4.7(@types/node@20.16.5)(sass@1.79.1)): optionalDependencies: vite: 5.4.7(@types/node@20.16.5)(sass@1.79.1) diff --git a/src/lib/server/api/databases/seeds/users.ts b/src/lib/server/api/databases/seeds/users.ts index a4d22c8..49f2942 100644 --- a/src/lib/server/api/databases/seeds/users.ts +++ b/src/lib/server/api/databases/seeds/users.ts @@ -1,9 +1,8 @@ import * as schema from '$lib/server/api/databases/tables' import type { db } from '$lib/server/api/packages/drizzle' import { eq } from 'drizzle-orm' -import { Argon2id } from 'oslo/password' -import { config } from '../../common/config' import users from './data/users.json' +import { HashingService } from '../../services/hashing.service' type JsonRole = { name: string @@ -11,6 +10,7 @@ type JsonRole = { } export default async function seed(db: db) { + const hashingService = new HashingService() const adminRole = await db.select().from(schema.rolesTable).where(eq(schema.rolesTable.name, 'admin')) const userRole = await db.select().from(schema.rolesTable).where(eq(schema.rolesTable.name, 'user')) @@ -32,7 +32,7 @@ export default async function seed(db: db) { await db.insert(schema.credentialsTable).values({ user_id: adminUser[0].id, type: schema.CredentialsType.PASSWORD, - secret_data: await new Argon2id().hash(`${process.env.ADMIN_PASSWORD}`), + secret_data: await hashingService.hash(`${process.env.ADMIN_PASSWORD}`), }) await db.insert(schema.collections).values({ user_id: adminUser[0].id }).onConflictDoNothing() @@ -60,6 +60,7 @@ export default async function seed(db: db) { .onConflictDoNothing() console.log('Admin user given user role.') + const hasingService = new HashingService() await Promise.all( users.map(async (user) => { const [insertedUser] = await db @@ -71,7 +72,7 @@ export default async function seed(db: db) { await db.insert(schema.credentialsTable).values({ user_id: insertedUser?.id, type: schema.CredentialsType.PASSWORD, - secret_data: await new Argon2id().hash(user.password), + secret_data: await hasingService.hash(user.password), }) await db.insert(schema.collections).values({ user_id: insertedUser?.id }) await db.insert(schema.wishlistsTable).values({ user_id: insertedUser?.id }) diff --git a/src/lib/server/api/mockTest.ts b/src/lib/server/api/mockTest.ts deleted file mode 100644 index a475662..0000000 --- a/src/lib/server/api/mockTest.ts +++ /dev/null @@ -1,10 +0,0 @@ -import { Argon2id } from "oslo/password"; - -export async function hash(value: string) { - const argon2 = new Argon2id() - return argon2.hash(value); -} - -export function verify(hashedValue: string, value: string) { - return new Argon2id().verify(hashedValue, value); -} diff --git a/src/lib/server/api/services/drizzle.service.ts b/src/lib/server/api/services/drizzle.service.ts index 8e7a098..bbcb008 100644 --- a/src/lib/server/api/services/drizzle.service.ts +++ b/src/lib/server/api/services/drizzle.service.ts @@ -7,7 +7,7 @@ import { type Disposable, injectable } from 'tsyringe' @injectable() export class DrizzleService implements Disposable { protected readonly pool: pg.Pool - readonly db: NodePgDatabase + db: NodePgDatabase readonly schema: typeof schema = schema constructor() { diff --git a/src/lib/server/api/services/hashing.service.ts b/src/lib/server/api/services/hashing.service.ts index 5a03f4e..5cd526d 100644 --- a/src/lib/server/api/services/hashing.service.ts +++ b/src/lib/server/api/services/hashing.service.ts @@ -1,34 +1,51 @@ -import { injectable } from "tsyringe"; -import { Argon2id } from "oslo/password"; +import { scrypt } from 'node:crypto' +import { decodeHex, encodeHexLowerCase } from '@oslojs/encoding' +import { constantTimeEqual } from '@oslojs/crypto/subtle' +import { injectable } from 'tsyringe' -/* ---------------------------------- Note ---------------------------------- */ -/* -Reference: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#argon2id - -I use Scrpt as the hashing algorithm due to its higher compatability -with vite's build system and it uses less memory than Argon2id. - -You can use Argon2id or any other hashing algorithm you prefer. -*/ -/* -------------------------------------------------------------------------- */ -/* -With Argon2id, you get the following error at times when vite optimizes its dependencies at times, - -Error: Build failed with 2 errors: -node_modules/.pnpm/@node-rs+argon2@1.7.0/node_modules/@node-rs/argon2/index.js:159:36: ERROR: No loader is configured for ".node" files: node_module -*/ -/* -------------------------------------------------------------------------- */ -// If you don't use a hasher from oslo, which are preconfigured with recommended parameters from OWASP, -// ensure that you configure them properly. @injectable() export class HashingService { - private readonly hasher = new Argon2id(); + private N: number + private r: number + private p: number + private dkLen: number - async hash(data: string) { - return this.hasher.hash(data); - } + constructor() { + this.N = 16384 + this.r = 16 + this.p = 1 + this.dkLen = 64 + } + async hash(password: string) { + const salt = encodeHexLowerCase(crypto.getRandomValues(new Uint8Array(16))) + const key = await this.generateKey(password, salt) + return `${salt}:${encodeHexLowerCase(key)}` + } - async verify(hash: string, data: string) { - return this.hasher.verify(hash, data) - } -} \ No newline at end of file + async verify(hash: string, password: string) { + const [salt, key] = hash.split(':') + const targetKey = await this.generateKey(password, salt) + return constantTimeEqual(targetKey, decodeHex(key)) + } + + async generateKey(password: string, salt: string): Promise { + return await new Promise((resolve, reject) => { + scrypt( + password.normalize('NFKC'), + salt, + this.dkLen, + { + N: this.N, + p: this.p, + r: this.r, + // errors when 128 * N * r > `maxmem` (approximately) + maxmem: 128 * this.N * this.r * 2, + }, + (err, buff) => { + if (err) return reject(err) + return resolve(buff) + }, + ) + }) + } +} diff --git a/src/lib/server/api/services/recovery-codes.service.ts b/src/lib/server/api/services/recovery-codes.service.ts index e96f7dc..75d6d6b 100644 --- a/src/lib/server/api/services/recovery-codes.service.ts +++ b/src/lib/server/api/services/recovery-codes.service.ts @@ -1,12 +1,15 @@ import 'reflect-metadata' import { RecoveryCodesRepository } from '$lib/server/api/repositories/recovery-codes.repository' import { alphabet, generateRandomString } from 'oslo/crypto' -import { Argon2id } from 'oslo/password' import { inject, injectable } from 'tsyringe' +import { HashingService } from './hashing.service' @injectable() export class RecoveryCodesService { - constructor(@inject(RecoveryCodesRepository) private readonly recoveryCodesRepository: RecoveryCodesRepository) {} + constructor( + @inject(HashingService) private readonly hashingService: HashingService, + @inject(RecoveryCodesRepository) private readonly recoveryCodesRepository: RecoveryCodesRepository + ) {} async findAllRecoveryCodesByUserId(userId: string) { return this.recoveryCodesRepository.findAllByUserId(userId) @@ -16,7 +19,7 @@ export class RecoveryCodesService { const createdRecoveryCodes = Array.from({ length: 5 }, () => generateRandomString(10, alphabet('A-Z', '0-9'))) if (createdRecoveryCodes && userId) { for (const code of createdRecoveryCodes) { - const hashedCode = await new Argon2id().hash(code) + const hashedCode = await this.hashingService.hash(code) console.log('Inserting recovery code', code, hashedCode) await this.recoveryCodesRepository.create({ userId, code: hashedCode }) } diff --git a/src/lib/server/api/tests/tokens.service.test.ts b/src/lib/server/api/tests/tokens.service.test.ts index cff2574..7ecdddf 100644 --- a/src/lib/server/api/tests/tokens.service.test.ts +++ b/src/lib/server/api/tests/tokens.service.test.ts @@ -1,5 +1,4 @@ import 'reflect-metadata' -import { Argon2id } from 'oslo/password' import { container } from 'tsyringe' import { afterAll, beforeAll, describe, expect, expectTypeOf, it, vi } from 'vitest' import { HashingService } from '../services/hashing.service' @@ -19,7 +18,7 @@ describe('TokensService', () => { describe('Generate Token', () => { it('should resolve', async () => { - const hashedPassword = await new Argon2id().hash('111') + const hashedPassword = 'testhash' hashingService.hash = vi.fn().mockResolvedValue(hashedPassword) const spy_hashingService_hash = vi.spyOn(hashingService, 'hash') const spy_hashingService_verify = vi.spyOn(hashingService, 'verify') @@ -28,7 +27,7 @@ describe('TokensService', () => { expect(spy_hashingService_verify).toBeCalledTimes(0) }) it('should generate a token that is verifiable', async () => { - hashingService.hash = vi.fn().mockResolvedValue(await new Argon2id().hash('111')) + hashingService.hash = vi.fn().mockResolvedValue('testhash') hashingService.verify = vi.fn().mockResolvedValue(true) const spy_hashingService_hash = vi.spyOn(hashingService, 'hash') const spy_hashingService_verify = vi.spyOn(hashingService, 'verify') diff --git a/src/lib/server/api/tests/users.service.test.ts b/src/lib/server/api/tests/users.service.test.ts index ca916e2..8757df8 100644 --- a/src/lib/server/api/tests/users.service.test.ts +++ b/src/lib/server/api/tests/users.service.test.ts @@ -1,12 +1,12 @@ import 'reflect-metadata' import { CredentialsType } from '$lib/server/api/databases/tables' import { faker } from '@faker-js/faker' -import { Argon2id } from 'oslo/password' import { container } from 'tsyringe' import { afterAll, beforeAll, describe, expect, it, vi } from 'vitest' import { CredentialsRepository } from '../repositories/credentials.repository' import { UsersRepository } from '../repositories/users.repository' import { CollectionsService } from '../services/collections.service' +import { DrizzleService } from '../services/drizzle.service' import { TokensService } from '../services/tokens.service' import { UserRolesService } from '../services/user_roles.service' import { UsersService } from '../services/users.service' @@ -15,21 +15,44 @@ import { WishlistsService } from '../services/wishlists.service' describe('UsersService', () => { let service: UsersService const credentialsRepository = vi.mocked(CredentialsRepository.prototype) + const drizzleService = vi.mocked(DrizzleService.prototype, { deep: true }) const tokensService = vi.mocked(TokensService.prototype) const usersRepository = vi.mocked(UsersRepository.prototype) const userRolesService = vi.mocked(UserRolesService.prototype) const wishlistsService = vi.mocked(WishlistsService.prototype) const collectionsService = vi.mocked(CollectionsService.prototype) + // Mocking the dependencies + vi.mock('pg', () => ({ + Pool: vi.fn().mockImplementation(() => ({ + connect: vi.fn(), + end: vi.fn(), + })), + })) + + vi.mock('drizzle-orm/node-postgres', () => ({ + drizzle: vi.fn().mockImplementation(() => ({ + transaction: vi.fn().mockImplementation((callback) => callback()), + // Add other methods you need to mock + })), + })) + beforeAll(() => { service = container .register(CredentialsRepository, { useValue: credentialsRepository }) + .register(DrizzleService, { useValue: drizzleService }) .register(TokensService, { useValue: tokensService }) .register(UsersRepository, { useValue: usersRepository }) .register(UserRolesService, { useValue: userRolesService }) .register(WishlistsService, { useValue: wishlistsService }) .register(CollectionsService, { useValue: collectionsService }) .resolve(UsersService) + + drizzleService.db = { + transaction: vi.fn().mockImplementation(async (callback) => { + return await callback() + }), + } as any }) afterAll(() => { @@ -62,8 +85,11 @@ describe('UsersService', () => { describe('Create User', () => { it('should resolve', async () => { - const hashedPassword = new Argon2id().hash('111') + const hashedPassword = 'testhash' tokensService.createHashedToken = vi.fn().mockResolvedValue(hashedPassword) + // drizzleService.db = { + // transaction: vi.fn().mockResolvedValue(dbUser satisfies Awaited>), + // } usersRepository.create = vi.fn().mockResolvedValue(dbUser satisfies Awaited>) credentialsRepository.create = vi.fn().mockResolvedValue(dbCredentials satisfies Awaited>) userRolesService.addRoleToUser = vi.fn().mockResolvedValue(undefined) @@ -96,7 +122,7 @@ describe('UsersService', () => { }) describe('Update User', () => { it('should resolve Password Exiting Credentials', async () => { - const hashedPassword = new Argon2id().hash('111') + const hashedPassword = 'testhash' tokensService.createHashedToken = vi.fn().mockResolvedValue(hashedPassword) credentialsRepository.update = vi.fn().mockResolvedValue(dbCredentials satisfies Awaited>) credentialsRepository.findPasswordCredentialsByUserId = vi @@ -112,7 +138,7 @@ describe('UsersService', () => { expect(spy_credentialsRepository_update).toBeCalledTimes(1) }) it('Should Create User Password No Existing Credentials', async () => { - const hashedPassword = new Argon2id().hash('111') + const hashedPassword = 'testhash' tokensService.createHashedToken = vi.fn().mockResolvedValue(hashedPassword) credentialsRepository.findPasswordCredentialsByUserId = vi.fn().mockResolvedValue(null) credentialsRepository.create = vi.fn().mockResolvedValue(dbCredentials satisfies Awaited>) diff --git a/src/routes/(auth)/totp/+page.server.ts b/src/routes/(auth)/totp/+page.server.ts index a4f79dd..cfba820 100644 --- a/src/routes/(auth)/totp/+page.server.ts +++ b/src/routes/(auth)/totp/+page.server.ts @@ -4,8 +4,7 @@ import { twoFactorTable, usersTable } from '$lib/server/api/databases/tables' import { db } from '$lib/server/api/packages/drizzle' import { recoveryCodeSchema, totpSchema } from '$lib/validations/auth' import { type Actions, fail } from '@sveltejs/kit' -import { and, eq } from 'drizzle-orm' -import { Argon2id } from 'oslo/password' +import { eq } from 'drizzle-orm' import { redirect } from 'sveltekit-flash-message/server' import { zod } from 'sveltekit-superforms/adapters' import { superValidate } from 'sveltekit-superforms/server' @@ -268,21 +267,21 @@ function totpTimeElapsed(initiatedTime: Date) { return false } -async function checkRecoveryCode(recoveryCode: string, userId: string) { - const userRecoveryCodes = await db.query.recoveryCodesTable.findMany({ - where: and(eq(recoveryCodesTable.used, false), eq(recoveryCodesTable.userId, userId)), - }) - for (const code of userRecoveryCodes) { - const validRecoveryCode = await new Argon2id().verify(code.code, recoveryCode) - if (validRecoveryCode) { - await db - .update(recoveryCodesTable) - .set({ - used: true, - }) - .where(eq(recoveryCodesTable.id, code.id)) - return true - } - } - return false -} +// async function checkRecoveryCode(recoveryCode: string, userId: string) { +// const userRecoveryCodes = await db.query.recoveryCodesTable.findMany({ +// where: and(eq(recoveryCodesTable.used, false), eq(recoveryCodesTable.userId, userId)), +// }) +// for (const code of userRecoveryCodes) { +// const validRecoveryCode = await new Argon2id().verify(code.code, recoveryCode) +// if (validRecoveryCode) { +// await db +// .update(recoveryCodesTable) +// .set({ +// used: true, +// }) +// .where(eq(recoveryCodesTable.id, code.id)) +// return true +// } +// } +// return false +// }