@55387.ai/uniauth-client 1.1.0 → 1.1.2

package/dist/index.cjs

@@ -270,11 +270,71 @@ var UniAuthClient = class {
    * Send verification code to phone number
    * 发送验证码到手机号
    * 
-   * @param phone - Phone number
+   * @param phone - Phone number in E.164 format (e.g., +8613800138000)
    * @param type - Purpose of the verification code
    * @param captchaToken - Captcha verification token from slider captcha
    */
   async sendCode(phone, type = "login", captchaToken) {
+    if (!phone || typeof phone !== "string") {
+      throw this.createError("INVALID_PHONE", "Phone number is required / \u8BF7\u8F93\u5165\u624B\u673A\u53F7");
+    }
+    const countryValidation = {
+      // China: +86 followed by 11 digits starting with 1
+      "+86": {
+        regex: /^\+861[3-9]\d{9}$/,
+        example: "+8613800138000",
+        name: "\u4E2D\u56FD"
+      },
+      // USA/Canada: +1 followed by 10 digits (NPA-NXX-XXXX)
+      "+1": {
+        regex: /^\+1[2-9]\d{2}[2-9]\d{6}$/,
+        example: "+14155552671",
+        name: "USA/Canada"
+      },
+      // Australia: +61 followed by 9 digits starting with 4 (mobile)
+      "+61": {
+        regex: /^\+614\d{8}$/,
+        example: "+61412345678",
+        name: "Australia"
+      },
+      // UK: +44 followed by 10 digits starting with 7 (mobile)
+      "+44": {
+        regex: /^\+447\d{9}$/,
+        example: "+447911123456",
+        name: "UK"
+      },
+      // Japan: +81 followed by 10-11 digits
+      "+81": {
+        regex: /^\+81[789]0\d{8}$/,
+        example: "+818012345678",
+        name: "Japan"
+      }
+    };
+    let countryCode = "";
+    let validation = null;
+    for (const code of Object.keys(countryValidation).sort((a, b) => b.length - a.length)) {
+      if (phone.startsWith(code)) {
+        countryCode = code;
+        validation = countryValidation[code];
+        break;
+      }
+    }
+    if (validation) {
+      if (!validation.regex.test(phone)) {
+        throw this.createError(
+          "INVALID_PHONE_FORMAT",
+          `Invalid ${validation.name} phone number format. Example: ${validation.example} / ${validation.name}\u624B\u673A\u53F7\u683C\u5F0F\u9519\u8BEF\uFF0C\u793A\u4F8B\uFF1A${validation.example}`
+        );
+      }
+    } else {
+      const e164Regex = /^\+[1-9]\d{6,14}$/;
+      if (!e164Regex.test(phone)) {
+        throw this.createError(
+          "INVALID_PHONE_FORMAT",
+          "Phone number must be in E.164 format (e.g., +8613800138000) / \u624B\u673A\u53F7\u683C\u5F0F\u9519\u8BEF\uFF0C\u8BF7\u4F7F\u7528\u56FD\u9645\u683C\u5F0F\uFF08\u5982 +8613800138000\uFF09"
+        );
+      }
+    }
     const response = await this.request("/api/v1/auth/phone/send-code", {
       method: "POST",
       body: JSON.stringify({
@@ -367,10 +427,10 @@ var UniAuthClient = class {
    * Handle OAuth callback (for social login)
    * 处理 OAuth 回调（社交登录）
    */
-  async handleOAuthCallback(provider, code) {
-    const response = await this.request("/api/v1/auth/oauth/callback", {
+  async handleOAuthCallback(provider, code, redirectUri) {
+    const response = await this.request(`/api/v1/auth/oauth/${provider}/callback`, {
       method: "POST",
-      body: JSON.stringify({ provider, code })
+      body: JSON.stringify({ code, redirect_uri: redirectUri })
     });
     if (!response.success || !response.data) {
       throw this.createError(response.error?.code || "OAUTH_FAILED", response.error?.message || "OAuth callback failed");
@@ -963,6 +1023,7 @@ var UniAuthClient = class {
       this.storage.setAccessToken(response.data.access_token);
       this.storage.setRefreshToken(response.data.refresh_token);
       this.config.onTokenRefresh?.(response.data);
+      this.notifyAuthStateChange(this.currentUser);
       return true;
     } catch (error) {
       this.storage.clear();

package/dist/index.d.cts

@@ -88,6 +88,8 @@ interface UniAuthConfig {
     appKey?: string;
     /** OAuth2 Client ID (for OAuth flows) */
     clientId?: string;
+    /** OAuth2 Client Secret (for trusted SPA clients like internal admin consoles) */
+    clientSecret?: string;
     /** Storage type for tokens */
     storage?: 'localStorage' | 'sessionStorage' | 'memory';
     /** Callback when tokens are refreshed */
@@ -238,7 +240,7 @@ declare class UniAuthClient {
      * Send verification code to phone number
      * 发送验证码到手机号
      *
-     * @param phone - Phone number
+     * @param phone - Phone number in E.164 format (e.g., +8613800138000)
      * @param type - Purpose of the verification code
      * @param captchaToken - Captcha verification token from slider captcha
      */
@@ -271,7 +273,7 @@ declare class UniAuthClient {
      * Handle OAuth callback (for social login)
      * 处理 OAuth 回调（社交登录）
      */
-    handleOAuthCallback(provider: string, code: string): Promise<LoginResult>;
+    handleOAuthCallback(provider: string, code: string, redirectUri?: string): Promise<LoginResult>;
     /**
      * Register with email and password
      * 使用邮箱密码注册

package/dist/index.d.ts

@@ -88,6 +88,8 @@ interface UniAuthConfig {
     appKey?: string;
     /** OAuth2 Client ID (for OAuth flows) */
     clientId?: string;
+    /** OAuth2 Client Secret (for trusted SPA clients like internal admin consoles) */
+    clientSecret?: string;
     /** Storage type for tokens */
     storage?: 'localStorage' | 'sessionStorage' | 'memory';
     /** Callback when tokens are refreshed */
@@ -238,7 +240,7 @@ declare class UniAuthClient {
      * Send verification code to phone number
      * 发送验证码到手机号
      *
-     * @param phone - Phone number
+     * @param phone - Phone number in E.164 format (e.g., +8613800138000)
      * @param type - Purpose of the verification code
      * @param captchaToken - Captcha verification token from slider captcha
      */
@@ -271,7 +273,7 @@ declare class UniAuthClient {
      * Handle OAuth callback (for social login)
      * 处理 OAuth 回调（社交登录）
      */
-    handleOAuthCallback(provider: string, code: string): Promise<LoginResult>;
+    handleOAuthCallback(provider: string, code: string, redirectUri?: string): Promise<LoginResult>;
     /**
      * Register with email and password
      * 使用邮箱密码注册

package/dist/index.js

@@ -236,11 +236,71 @@ var UniAuthClient = class {
    * Send verification code to phone number
    * 发送验证码到手机号
    * 
-   * @param phone - Phone number
+   * @param phone - Phone number in E.164 format (e.g., +8613800138000)
    * @param type - Purpose of the verification code
    * @param captchaToken - Captcha verification token from slider captcha
    */
   async sendCode(phone, type = "login", captchaToken) {
+    if (!phone || typeof phone !== "string") {
+      throw this.createError("INVALID_PHONE", "Phone number is required / \u8BF7\u8F93\u5165\u624B\u673A\u53F7");
+    }
+    const countryValidation = {
+      // China: +86 followed by 11 digits starting with 1
+      "+86": {
+        regex: /^\+861[3-9]\d{9}$/,
+        example: "+8613800138000",
+        name: "\u4E2D\u56FD"
+      },
+      // USA/Canada: +1 followed by 10 digits (NPA-NXX-XXXX)
+      "+1": {
+        regex: /^\+1[2-9]\d{2}[2-9]\d{6}$/,
+        example: "+14155552671",
+        name: "USA/Canada"
+      },
+      // Australia: +61 followed by 9 digits starting with 4 (mobile)
+      "+61": {
+        regex: /^\+614\d{8}$/,
+        example: "+61412345678",
+        name: "Australia"
+      },
+      // UK: +44 followed by 10 digits starting with 7 (mobile)
+      "+44": {
+        regex: /^\+447\d{9}$/,
+        example: "+447911123456",
+        name: "UK"
+      },
+      // Japan: +81 followed by 10-11 digits
+      "+81": {
+        regex: /^\+81[789]0\d{8}$/,
+        example: "+818012345678",
+        name: "Japan"
+      }
+    };
+    let countryCode = "";
+    let validation = null;
+    for (const code of Object.keys(countryValidation).sort((a, b) => b.length - a.length)) {
+      if (phone.startsWith(code)) {
+        countryCode = code;
+        validation = countryValidation[code];
+        break;
+      }
+    }
+    if (validation) {
+      if (!validation.regex.test(phone)) {
+        throw this.createError(
+          "INVALID_PHONE_FORMAT",
+          `Invalid ${validation.name} phone number format. Example: ${validation.example} / ${validation.name}\u624B\u673A\u53F7\u683C\u5F0F\u9519\u8BEF\uFF0C\u793A\u4F8B\uFF1A${validation.example}`
+        );
+      }
+    } else {
+      const e164Regex = /^\+[1-9]\d{6,14}$/;
+      if (!e164Regex.test(phone)) {
+        throw this.createError(
+          "INVALID_PHONE_FORMAT",
+          "Phone number must be in E.164 format (e.g., +8613800138000) / \u624B\u673A\u53F7\u683C\u5F0F\u9519\u8BEF\uFF0C\u8BF7\u4F7F\u7528\u56FD\u9645\u683C\u5F0F\uFF08\u5982 +8613800138000\uFF09"
+        );
+      }
+    }
     const response = await this.request("/api/v1/auth/phone/send-code", {
       method: "POST",
       body: JSON.stringify({
@@ -333,10 +393,10 @@ var UniAuthClient = class {
    * Handle OAuth callback (for social login)
    * 处理 OAuth 回调（社交登录）
    */
-  async handleOAuthCallback(provider, code) {
-    const response = await this.request("/api/v1/auth/oauth/callback", {
+  async handleOAuthCallback(provider, code, redirectUri) {
+    const response = await this.request(`/api/v1/auth/oauth/${provider}/callback`, {
       method: "POST",
-      body: JSON.stringify({ provider, code })
+      body: JSON.stringify({ code, redirect_uri: redirectUri })
     });
     if (!response.success || !response.data) {
       throw this.createError(response.error?.code || "OAUTH_FAILED", response.error?.message || "OAuth callback failed");
@@ -929,6 +989,7 @@ var UniAuthClient = class {
       this.storage.setAccessToken(response.data.access_token);
       this.storage.setRefreshToken(response.data.refresh_token);
       this.config.onTokenRefresh?.(response.data);
+      this.notifyAuthStateChange(this.currentUser);
       return true;
     } catch (error) {
       this.storage.clear();

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@55387.ai/uniauth-client",
-    "version": "1.1.0",
+    "version": "1.1.2",
     "description": "UniAuth Frontend SDK - Phone, Email, SSO login for browser",
     "type": "module",
     "main": "./dist/index.js",

package/src/index.ts

@@ -42,6 +42,8 @@ export interface UniAuthConfig {
     appKey?: string;
     /** OAuth2 Client ID (for OAuth flows) */
     clientId?: string;
+    /** OAuth2 Client Secret (for trusted SPA clients like internal admin consoles) */
+    clientSecret?: string;
     /** Storage type for tokens */
     storage?: 'localStorage' | 'sessionStorage' | 'memory';
     /** Callback when tokens are refreshed */
@@ -345,7 +347,7 @@ export class UniAuthClient {
      * Send verification code to phone number
      * 发送验证码到手机号
      * 
-     * @param phone - Phone number
+     * @param phone - Phone number in E.164 format (e.g., +8613800138000)
      * @param type - Purpose of the verification code
      * @param captchaToken - Captcha verification token from slider captcha
      */
@@ -354,6 +356,76 @@ export class UniAuthClient {
         type: 'login' | 'register' | 'reset' = 'login',
         captchaToken?: string
     ): Promise<SendCodeResult> {
+        // Validate phone number format (E.164: +countrycode + number)
+        if (!phone || typeof phone !== 'string') {
+            throw this.createError('INVALID_PHONE', 'Phone number is required / 请输入手机号');
+        }
+
+        // Country-specific validation rules
+        const countryValidation: Record<string, { regex: RegExp; example: string; name: string }> = {
+            // China: +86 followed by 11 digits starting with 1
+            '+86': {
+                regex: /^\+861[3-9]\d{9}$/,
+                example: '+8613800138000',
+                name: '中国'
+            },
+            // USA/Canada: +1 followed by 10 digits (NPA-NXX-XXXX)
+            '+1': {
+                regex: /^\+1[2-9]\d{2}[2-9]\d{6}$/,
+                example: '+14155552671',
+                name: 'USA/Canada'
+            },
+            // Australia: +61 followed by 9 digits starting with 4 (mobile)
+            '+61': {
+                regex: /^\+614\d{8}$/,
+                example: '+61412345678',
+                name: 'Australia'
+            },
+            // UK: +44 followed by 10 digits starting with 7 (mobile)
+            '+44': {
+                regex: /^\+447\d{9}$/,
+                example: '+447911123456',
+                name: 'UK'
+            },
+            // Japan: +81 followed by 10-11 digits
+            '+81': {
+                regex: /^\+81[789]0\d{8}$/,
+                example: '+818012345678',
+                name: 'Japan'
+            },
+        };
+
+        // Extract country code (try +1, +86, +61, etc.)
+        let countryCode = '';
+        let validation = null;
+
+        for (const code of Object.keys(countryValidation).sort((a, b) => b.length - a.length)) {
+            if (phone.startsWith(code)) {
+                countryCode = code;
+                validation = countryValidation[code];
+                break;
+            }
+        }
+
+        if (validation) {
+            // Country-specific validation
+            if (!validation.regex.test(phone)) {
+                throw this.createError(
+                    'INVALID_PHONE_FORMAT',
+                    `Invalid ${validation.name} phone number format. Example: ${validation.example} / ${validation.name}手机号格式错误，示例：${validation.example}`
+                );
+            }
+        } else {
+            // Fallback: Generic E.164 validation for other countries
+            const e164Regex = /^\+[1-9]\d{6,14}$/;
+            if (!e164Regex.test(phone)) {
+                throw this.createError(
+                    'INVALID_PHONE_FORMAT',
+                    'Phone number must be in E.164 format (e.g., +8613800138000) / 手机号格式错误，请使用国际格式（如 +8613800138000）'
+                );
+            }
+        }
+
         const response = await this.request<SendCodeResult>('/api/v1/auth/phone/send-code', {
             method: 'POST',
             body: JSON.stringify({
@@ -471,10 +543,10 @@ export class UniAuthClient {
      * Handle OAuth callback (for social login)
      * 处理 OAuth 回调（社交登录）
      */
-    async handleOAuthCallback(provider: string, code: string): Promise<LoginResult> {
-        const response = await this.request<LoginResult>('/api/v1/auth/oauth/callback', {
+    async handleOAuthCallback(provider: string, code: string, redirectUri?: string): Promise<LoginResult> {
+        const response = await this.request<LoginResult>(`/api/v1/auth/oauth/${provider}/callback`, {
             method: 'POST',
-            body: JSON.stringify({ provider, code }),
+            body: JSON.stringify({ code, redirect_uri: redirectUri }),
         });
 
         if (!response.success || !response.data) {
@@ -1207,6 +1279,7 @@ export class UniAuthClient {
             this.storage.setRefreshToken(response.data.refresh_token);
 
             this.config.onTokenRefresh?.(response.data);
+            this.notifyAuthStateChange(this.currentUser);
 
             return true;
         } catch (error) {

package/tests/client.test.ts

@@ -0,0 +1,228 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { UniAuthClient, UniAuthError } from '../src/index';
+
+describe('UniAuthClient - Phone Validation', () => {
+    let client: UniAuthClient;
+
+    beforeEach(() => {
+        client = new UniAuthClient({
+            baseUrl: 'https://test.example.com',
+            clientId: 'test-client',
+        });
+    });
+
+    describe('sendCode phone validation', () => {
+        it('should reject empty phone number', async () => {
+            await expect(client.sendCode('')).rejects.toThrow(UniAuthError);
+            await expect(client.sendCode('')).rejects.toMatchObject({
+                code: 'INVALID_PHONE',
+            });
+        });
+
+        it('should reject phone number without country code', async () => {
+            await expect(client.sendCode('13800138000')).rejects.toMatchObject({
+                code: 'INVALID_PHONE_FORMAT',
+            });
+        });
+
+        it('should reject phone number without + prefix', async () => {
+            await expect(client.sendCode('8613800138000')).rejects.toMatchObject({
+                code: 'INVALID_PHONE_FORMAT',
+            });
+        });
+
+        // China-specific validation
+        it('should reject invalid China phone number (wrong length)', async () => {
+            await expect(client.sendCode('+861380013800')).rejects.toMatchObject({
+                code: 'INVALID_PHONE_FORMAT',
+            });
+        });
+
+        it('should reject invalid China phone number (wrong prefix)', async () => {
+            await expect(client.sendCode('+8612800138000')).rejects.toMatchObject({
+                code: 'INVALID_PHONE_FORMAT',
+            });
+        });
+
+        // USA-specific validation
+        it('should reject invalid USA phone number (wrong format)', async () => {
+            await expect(client.sendCode('+11234567890')).rejects.toMatchObject({
+                code: 'INVALID_PHONE_FORMAT',
+            });
+        });
+
+        // Australia-specific validation
+        it('should reject invalid Australia phone number (wrong prefix)', async () => {
+            await expect(client.sendCode('+61312345678')).rejects.toMatchObject({
+                code: 'INVALID_PHONE_FORMAT',
+            });
+        });
+
+        it('should accept valid country-specific phone numbers', async () => {
+            // Mock the fetch to avoid actual API calls
+            const mockFetch = vi.fn().mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    success: true,
+                    data: { expires_in: 300, retry_after: 60 },
+                }),
+            });
+            global.fetch = mockFetch;
+
+            // Valid phone numbers for each country
+            const validNumbers = [
+                '+8613800138000',      // China
+                '+8619912345678',      // China (new prefix)
+                '+14155552671',        // USA
+                '+12025551234',        // USA
+                '+61412345678',        // Australia
+                '+447911123456',       // UK
+                '+818012345678',       // Japan
+            ];
+
+            for (const phone of validNumbers) {
+                mockFetch.mockClear();
+                await expect(client.sendCode(phone)).resolves.toBeDefined();
+                expect(mockFetch).toHaveBeenCalledWith(
+                    expect.stringContaining('/api/v1/auth/phone/send-code'),
+                    expect.objectContaining({
+                        method: 'POST',
+                        body: expect.stringContaining(phone),
+                    })
+                );
+            }
+        });
+    });
+});
+
+describe('UniAuthClient - Email Validation', () => {
+    let client: UniAuthClient;
+
+    beforeEach(() => {
+        client = new UniAuthClient({
+            baseUrl: 'https://test.example.com',
+            clientId: 'test-client',
+        });
+    });
+
+    describe('sendEmailCode', () => {
+        it('should accept valid email and make API call', async () => {
+            const mockFetch = vi.fn().mockResolvedValue({
+                ok: true,
+                json: () => Promise.resolve({
+                    success: true,
+                    data: { expires_in: 300, retry_after: 60 },
+                }),
+            });
+            global.fetch = mockFetch;
+
+            await expect(client.sendEmailCode('test@example.com')).resolves.toBeDefined();
+            expect(mockFetch).toHaveBeenCalledWith(
+                expect.stringContaining('/api/v1/auth/email/send-code'),
+                expect.objectContaining({
+                    method: 'POST',
+                    body: expect.stringContaining('test@example.com'),
+                })
+            );
+        });
+    });
+});
+
+describe('UniAuthClient - OAuth Callback', () => {
+    let client: UniAuthClient;
+
+    beforeEach(() => {
+        // Mock localStorage
+        const localStorageMock = {
+            getItem: vi.fn(),
+            setItem: vi.fn(),
+            removeItem: vi.fn(),
+            clear: vi.fn(),
+        };
+        Object.defineProperty(global, 'localStorage', {
+            value: localStorageMock,
+            writable: true
+        });
+
+        client = new UniAuthClient({
+            baseUrl: 'https://test.example.com',
+            clientId: 'test-client',
+        });
+    });
+
+    it('should handle OAuth callback with correct URL and parameters', async () => {
+        const mockFetch = vi.fn().mockResolvedValue({
+            ok: true,
+            json: () => Promise.resolve({
+                success: true,
+                data: {
+                    user: { id: '123' },
+                    access_token: 'access_token',
+                    refresh_token: 'refresh_token',
+                },
+            }),
+        });
+        global.fetch = mockFetch;
+
+        const provider = 'google';
+        const code = 'auth_code';
+        const redirectUri = 'https://app.com/callback';
+
+        await client.handleOAuthCallback(provider, code, redirectUri);
+
+        expect(mockFetch).toHaveBeenCalledWith(
+            expect.stringContaining(`/api/v1/auth/oauth/${provider}/callback`),
+            expect.objectContaining({
+                method: 'POST',
+                body: expect.stringContaining('"redirect_uri":"https://app.com/callback"'),
+            })
+        );
+
+        // Also verify code is present
+        expect(mockFetch).toHaveBeenCalledWith(
+            expect.anything(),
+            expect.objectContaining({
+                body: expect.stringContaining('"code":"auth_code"'),
+            })
+        );
+    });
+});
+
+describe('UniAuthClient - Error Handling', () => {
+    let client: UniAuthClient;
+
+    beforeEach(() => {
+        client = new UniAuthClient({
+            baseUrl: 'https://test.example.com',
+            clientId: 'test-client',
+        });
+    });
+
+    it('should create UniAuthError with correct properties', async () => {
+        try {
+            await client.sendCode('');
+        } catch (error) {
+            expect(error).toBeInstanceOf(UniAuthError);
+            expect((error as UniAuthError).code).toBe('INVALID_PHONE');
+            expect((error as UniAuthError).message).toContain('请输入手机号');
+        }
+    });
+
+    it('should handle API errors correctly', async () => {
+        const mockFetch = vi.fn().mockResolvedValue({
+            ok: true,
+            json: () => Promise.resolve({
+                success: false,
+                error: {
+                    code: 'DAILY_LIMIT_EXCEEDED',
+                    message: '今日发送次数已达上限',
+                },
+            }),
+        });
+        global.fetch = mockFetch;
+
+        await expect(client.sendCode('+8613800138000')).rejects.toMatchObject({
+            code: 'DAILY_LIMIT_EXCEEDED',
+        });
+    });
+});

package/vitest.config.ts

@@ -0,0 +1,14 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+    test: {
+        globals: true,
+        environment: 'node',
+        include: ['tests/**/*.test.ts'],
+        coverage: {
+            provider: 'v8',
+            reporter: ['text', 'json', 'html'],
+            include: ['src/**/*.ts'],
+        },
+    },
+});