chore: upgrade frontend and backend dependencies

2025-12-14 07:12:19 +00:00 · 2025-01-27 11:01:48 +01:00
parent 5c452ceef0
commit 04c7f180de
5 changed files with 1090 additions and 1327 deletions
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,58 +1,55 @@
 {
-  "name": "pocket-id-frontend",
-  "version": "0.27.1",
-  "private": true,
-  "scripts": {
-    "dev": "vite dev --port 3000",
-    "build": "vite build",
-    "preview": "vite preview --port 3000",
-    "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
-    "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
-    "lint": "prettier --check . && eslint .",
-    "format": "prettier --write ."
-  },
-  "devDependencies": {
-    "@playwright/test": "^1.48.1",
-    "@sveltejs/adapter-auto": "^3.3.0",
-    "@sveltejs/adapter-node": "^5.2.8",
-    "@sveltejs/kit": "^2.7.2",
-    "@sveltejs/vite-plugin-svelte": "^4.0.0",
-    "@types/eslint": "^9.6.1",
-    "@types/jsonwebtoken": "^9.0.7",
-    "@types/node": "^22.7.9",
-    "autoprefixer": "^10.4.20",
-    "cbor-js": "^0.1.0",
-    "eslint": "^9.13.0",
-    "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-svelte": "^2.46.0",
-    "globals": "^15.11.0",
-    "prettier": "^3.3.3",
-    "prettier-plugin-svelte": "^3.2.7",
-    "prettier-plugin-tailwindcss": "^0.6.8",
-    "svelte": "^5.0.5",
-    "svelte-check": "^4.0.5",
-    "tailwindcss": "^4.0.0",
-    "tslib": "^2.8.0",
-    "typescript": "^5.6.3",
-    "typescript-eslint": "^8.11.0",
-    "vite": "^5.4.10"
-  },
-  "type": "module",
-  "dependencies": {
-    "@simplewebauthn/browser": "^10.0.0",
-    "@tailwindcss/vite": "^4.0.0",
-    "axios": "^1.7.7",
-    "bits-ui": "^0.21.16",
-    "clsx": "^2.1.1",
-    "crypto": "^1.0.1",
-    "formsnap": "^1.0.1",
-    "jsonwebtoken": "^9.0.2",
-    "lucide-svelte": "^0.453.0",
-    "mode-watcher": "^0.4.1",
-    "svelte-sonner": "^0.3.28",
-    "sveltekit-superforms": "^2.20.0",
-    "tailwind-merge": "^2.5.4",
-    "tailwind-variants": "^0.2.1",
-    "zod": "^3.23.8"
-  }
+	"name": "pocket-id-frontend",
+	"version": "0.27.1",
+	"private": true,
+	"type": "module",
+	"scripts": {
+		"dev": "vite dev --port 3000",
+		"build": "vite build",
+		"preview": "vite preview --port 3000",
+		"check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json",
+		"check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch",
+		"lint": "prettier --check . && eslint .",
+		"format": "prettier --write ."
+	},
+	"dependencies": {
+		"@simplewebauthn/browser": "^13.1.0",
+		"@tailwindcss/vite": "^4.0.0",
+		"axios": "^1.7.9",
+		"bits-ui": "^0.22.0",
+		"clsx": "^2.1.1",
+		"crypto": "^1.0.1",
+		"formsnap": "^2.0.0",
+		"jose": "^5.9.6",
+		"lucide-svelte": "^0.474.0",
+		"mode-watcher": "^0.5.1",
+		"svelte-sonner": "^0.3.28",
+		"sveltekit-superforms": "^2.23.1",
+		"tailwind-merge": "^2.6.0",
+		"tailwind-variants": "^0.3.1",
+		"zod": "^3.24.1"
+	},
+	"devDependencies": {
+		"@playwright/test": "^1.50.0",
+		"@sveltejs/adapter-auto": "^4.0.0",
+		"@sveltejs/adapter-node": "^5.2.12",
+		"@sveltejs/kit": "^2.16.1",
+		"@sveltejs/vite-plugin-svelte": "^5.0.3",
+		"@types/eslint": "^9.6.1",
+		"@types/node": "^22.10.10",
+		"eslint": "^9.19.0",
+		"eslint-config-prettier": "^10.0.1",
+		"eslint-plugin-svelte": "^2.46.1",
+		"globals": "^15.14.0",
+		"prettier": "^3.4.2",
+		"prettier-plugin-svelte": "^3.3.3",
+		"prettier-plugin-tailwindcss": "^0.6.11",
+		"svelte": "^5.19.3",
+		"svelte-check": "^4.1.4",
+		"tailwindcss": "^4.0.0",
+		"tslib": "^2.8.1",
+		"typescript": "^5.7.3",
+		"typescript-eslint": "^8.21.0",
+		"vite": "^6.0.11"
+	}
 }
--- a/frontend/src/hooks.server.ts
+++ b/frontend/src/hooks.server.ts
@@ -2,7 +2,7 @@ import { env } from '$env/dynamic/private';
 import { ACCESS_TOKEN_COOKIE_NAME } from '$lib/constants';
 import type { Handle, HandleServerError } from '@sveltejs/kit';
 import { AxiosError } from 'axios';
-import jwt from 'jsonwebtoken';
+import { decodeJwt } from 'jose';

 // Workaround so that we can also import this environment variable into client-side code
 // If we would directly import $env/dynamic/private into the api-service.ts file, it would throw an error
@@ -10,18 +10,7 @@ import jwt from 'jsonwebtoken';
 process.env.INTERNAL_BACKEND_URL = env.INTERNAL_BACKEND_URL ?? 'http://localhost:8080';

 export const handle: Handle = async ({ event, resolve }) => {
-	const accessToken = event.cookies.get(ACCESS_TOKEN_COOKIE_NAME);
-
-	let isSignedIn: boolean = false;
-	let isAdmin: boolean = false;
-
-	if (accessToken) {
-		const jwtPayload = jwt.decode(accessToken, { json: true });
-		if (jwtPayload?.exp && jwtPayload.exp * 1000 > Date.now()) {
-			isSignedIn = true;
-			isAdmin = jwtPayload?.isAdmin || false;
-		}
-	}
+	const { isSignedIn, isAdmin } = verifyJwt(event.cookies.get(ACCESS_TOKEN_COOKIE_NAME));

 	if (event.url.pathname.startsWith('/settings') && !event.url.pathname.startsWith('/login')) {
 		if (!isSignedIn) {
@@ -66,3 +55,18 @@ export const handleError: HandleServerError = async ({ error, message, status })
 		status
 	};
 };
+
+function verifyJwt(accessToken: string | undefined) {
+	let isSignedIn = false;
+	let isAdmin = false;
+
+	if (accessToken) {
+		const jwtPayload = decodeJwt<{ isAdmin: boolean }>(accessToken);
+		if (jwtPayload?.exp && jwtPayload.exp * 1000 > Date.now()) {
+			isSignedIn = true;
+			isAdmin = jwtPayload?.isAdmin || false;
+		}
+	}
+
+	return { isSignedIn, isAdmin };
+}