Lines 3-45javascript
3 * Deterministic local auth (EC-150) for the in-memory persistence mode: the
4 * whole sign-in → role-enforcement → sign-out flow works offline, in tests,
5 * and in fixtures with zero backend setup. User ids are the canonical
6 * `DEV_USERS` ids from `@elytracms/core/persistence`, which the seeded
7 * `projectMembers` fixtures reference — so `admin@example.com` is admin,
8 * `editor@…` editor, `viewer@…` viewer on every sample project.
10 * Dev credentials (fixed, documented, local-only):
11 * - admin@example.com / elytra-admin
12 * - editor@example.com / elytra-editor
13 * - viewer@example.com / elytra-viewer
15 * Adminness is the `projectMembers` role, not a global flag — project creation
16 * is config/CLI-owned now (AD-11), so there is no in-studio `create-projects`
17 * capability to grant.
19 * The session survives reloads via injected storage (defaults to
20 * `sessionStorage` in the browser, an in-memory map elsewhere).
22export const LOCAL_DEV_CREDENTIALS = [
23 { user: DEV_USERS.admin, password: 'elytra-admin' },
MediumSecret Pattern
Package contains a possible secret pattern.
dist/lib/auth/local-auth-adapter.jsView on unpkg · L23 24 { user: DEV_USERS.editor, password: 'elytra-editor' },
MediumSecret Pattern
Hardcoded password in dist/lib/auth/local-auth-adapter.js
dist/lib/auth/local-auth-adapter.jsView on unpkg · L24 25 { user: DEV_USERS.viewer, password: 'elytra-viewer' },
MediumSecret Pattern
Hardcoded password in dist/lib/auth/local-auth-adapter.js
dist/lib/auth/local-auth-adapter.jsView on unpkg · L25 27const STORAGE_KEY = 'elytra.local-auth.user-id';
28function defaultStore() {
29 if (typeof window !== 'undefined' && window.sessionStorage)
30 return window.sessionStorage;
31 const memory = new Map();
33 getItem: (key) => memory.get(key) ?? null,
34 setItem: (key, value) => void memory.set(key, value),
35 removeItem: (key) => void memory.delete(key),
38export class LocalAuthAdapter {
40 constructor(store = defaultStore()) {
43 async currentSession() {
44 const userId = this.store.getItem(STORAGE_KEY);