npm - @55387.ai/uniauth-server - Versions diffs - 1.0.0 - Mend

@55387.ai/uniauth-server 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,341 @@
+// src/index.ts
+import * as jose from "jose";
+var ServerErrorCode = {
+  INVALID_TOKEN: "INVALID_TOKEN",
+  TOKEN_EXPIRED: "TOKEN_EXPIRED",
+  VERIFICATION_FAILED: "VERIFICATION_FAILED",
+  USER_NOT_FOUND: "USER_NOT_FOUND",
+  UNAUTHORIZED: "UNAUTHORIZED",
+  NO_PUBLIC_KEY: "NO_PUBLIC_KEY",
+  NETWORK_ERROR: "NETWORK_ERROR",
+  INTERNAL_ERROR: "INTERNAL_ERROR"
+};
+var ServerAuthError = class _ServerAuthError extends Error {
+  code;
+  statusCode;
+  constructor(code, message, statusCode = 401) {
+    super(message);
+    this.name = "ServerAuthError";
+    this.code = code;
+    this.statusCode = statusCode;
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, _ServerAuthError);
+    }
+  }
+};
+var UniAuthServer = class {
+  config;
+  tokenCache = /* @__PURE__ */ new Map();
+  constructor(config) {
+    this.config = {
+      ...config,
+      clientId: config.clientId || config.appKey || "",
+      clientSecret: config.clientSecret || config.appSecret || ""
+    };
+  }
+  // ============================================
+  // Token Verification
+  // ============================================
+  /**
+   * Verify access token
+   * 验证访问令牌
+   *
+   * @param token - JWT access token
+   * @returns Token payload if valid
+   * @throws ServerAuthError if token is invalid
+   */
+  async verifyToken(token) {
+    const cached = this.tokenCache.get(token);
+    if (cached && cached.expiresAt > Date.now()) {
+      return cached.payload;
+    }
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/v1/auth/verify`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "X-App-Key": this.config.clientId,
+          "X-App-Secret": this.config.clientSecret
+        },
+        body: JSON.stringify({ token })
+      });
+      if (!response.ok) {
+        const errorResponse = await response.json();
+        throw new ServerAuthError(
+          errorResponse.error?.code || ServerErrorCode.INVALID_TOKEN,
+          errorResponse.error?.message || "Invalid token",
+          401
+        );
+      }
+      const data = await response.json();
+      const payload = data.data;
+      const cacheExpiry = Math.min(payload.exp * 1e3, Date.now() + 60 * 1e3);
+      this.tokenCache.set(token, { payload, expiresAt: cacheExpiry });
+      return payload;
+    } catch (error) {
+      if (error instanceof ServerAuthError) {
+        throw error;
+      }
+      if (this.config.jwtPublicKey) {
+        return this.verifyTokenLocally(token);
+      }
+      throw new ServerAuthError(
+        ServerErrorCode.VERIFICATION_FAILED,
+        error instanceof Error ? error.message : "Token verification failed",
+        401
+      );
+    }
+  }
+  /**
+   * Verify token locally using JWT public key
+   * 使用 JWT 公钥本地验证令牌
+   */
+  async verifyTokenLocally(token) {
+    if (!this.config.jwtPublicKey) {
+      throw new ServerAuthError(ServerErrorCode.NO_PUBLIC_KEY, "JWT public key not configured", 500);
+    }
+    try {
+      const publicKey = await jose.importSPKI(this.config.jwtPublicKey, "RS256");
+      const { payload } = await jose.jwtVerify(token, publicKey);
+      return {
+        sub: payload.sub,
+        iss: payload.iss,
+        aud: payload.aud,
+        iat: payload.iat,
+        exp: payload.exp,
+        scope: payload.scope,
+        azp: payload.azp,
+        phone: payload.phone,
+        email: payload.email
+      };
+    } catch (error) {
+      throw new ServerAuthError(
+        ServerErrorCode.INVALID_TOKEN,
+        error instanceof Error ? error.message : "Invalid token",
+        401
+      );
+    }
+  }
+  // ============================================
+  // OAuth2 Token Introspection (RFC 7662)
+  // ============================================
+  /**
+   * Introspect a token (RFC 7662)
+   * 内省令牌（RFC 7662 标准）
+   *
+   * This is the standard way for resource servers to validate tokens.
+   *
+   * @param token - The token to introspect
+   * @param tokenTypeHint - Optional hint about the token type ('access_token' or 'refresh_token')
+   * @returns Introspection result
+   *
+   * @example
+   * ```typescript
+   * const result = await auth.introspectToken(accessToken);
+   * if (result.active) {
+   *   console.log('Token is valid, user:', result.sub);
+   * }
+   * ```
+   */
+  async introspectToken(token, tokenTypeHint) {
+    try {
+      const credentials = Buffer.from(`${this.config.clientId}:${this.config.clientSecret}`).toString("base64");
+      const body = { token };
+      if (tokenTypeHint) {
+        body.token_type_hint = tokenTypeHint;
+      }
+      const response = await fetch(`${this.config.baseUrl}/api/v1/oauth2/introspect`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Authorization": `Basic ${credentials}`
+        },
+        body: JSON.stringify(body)
+      });
+      const result = await response.json();
+      return result;
+    } catch (error) {
+      return { active: false };
+    }
+  }
+  /**
+   * Check if a token is active
+   * 检查令牌是否有效
+   *
+   * @param token - The token to check
+   * @returns true if token is active
+   */
+  async isTokenActive(token) {
+    const result = await this.introspectToken(token);
+    return result.active;
+  }
+  // ============================================
+  // User Management
+  // ============================================
+  /**
+   * Get user info by ID
+   * 根据 ID 获取用户信息
+   */
+  async getUser(userId) {
+    const response = await fetch(`${this.config.baseUrl}/api/v1/admin/users/${userId}`, {
+      method: "GET",
+      headers: {
+        "Content-Type": "application/json",
+        "X-App-Key": this.config.clientId,
+        "X-App-Secret": this.config.clientSecret
+      }
+    });
+    if (!response.ok) {
+      const errorResponse = await response.json();
+      throw new ServerAuthError(
+        errorResponse.error?.code || ServerErrorCode.USER_NOT_FOUND,
+        errorResponse.error?.message || "User not found",
+        response.status
+      );
+    }
+    const data = await response.json();
+    return data.data;
+  }
+  // ============================================
+  // Express/Connect Middleware
+  // ============================================
+  /**
+   * Express/Connect middleware for authentication
+   * Express/Connect 认证中间件
+   *
+   * @example
+   * ```typescript
+   * import express from 'express';
+   *
+   * const app = express();
+   * app.use('/api/*', auth.middleware());
+   *
+   * app.get('/api/profile', (req, res) => {
+   *   res.json({ user: req.user });
+   * });
+   * ```
+   */
+  middleware() {
+    return async (req, res, next) => {
+      const authHeader = req.headers["authorization"];
+      if (!authHeader || typeof authHeader !== "string" || !authHeader.startsWith("Bearer ")) {
+        res.status(401).json({
+          success: false,
+          error: {
+            code: ServerErrorCode.UNAUTHORIZED,
+            message: "Authorization header is required / \u9700\u8981\u6388\u6743\u5934"
+          }
+        });
+        return;
+      }
+      const token = authHeader.substring(7);
+      try {
+        const payload = await this.verifyToken(token);
+        req.authPayload = payload;
+        try {
+          req.user = await this.getUser(payload.sub);
+        } catch {
+        }
+        next();
+      } catch (error) {
+        const authError = error instanceof ServerAuthError ? error : new ServerAuthError(
+          ServerErrorCode.UNAUTHORIZED,
+          "Authentication failed",
+          401
+        );
+        res.status(authError.statusCode).json({
+          success: false,
+          error: {
+            code: authError.code,
+            message: authError.message
+          }
+        });
+      }
+    };
+  }
+  // ============================================
+  // Hono Middleware
+  // ============================================
+  /**
+   * Hono middleware for authentication
+   * Hono 认证中间件
+   *
+   * @example
+   * ```typescript
+   * import { Hono } from 'hono';
+   *
+   * const app = new Hono();
+   * app.use('/api/*', auth.honoMiddleware());
+   *
+   * app.get('/api/profile', (c) => {
+   *   const user = c.get('user');
+   *   return c.json({ user });
+   * });
+   * ```
+   */
+  honoMiddleware() {
+    return async (c, next) => {
+      const authHeader = c.req.header("authorization") || c.req.header("Authorization");
+      if (!authHeader || !authHeader.startsWith("Bearer ")) {
+        return c.json({
+          success: false,
+          error: {
+            code: ServerErrorCode.UNAUTHORIZED,
+            message: "Authorization header is required / \u9700\u8981\u6388\u6743\u5934"
+          }
+        }, 401);
+      }
+      const token = authHeader.substring(7);
+      try {
+        const payload = await this.verifyToken(token);
+        c.set("authPayload", payload);
+        try {
+          const user = await this.getUser(payload.sub);
+          c.set("user", user);
+        } catch {
+        }
+        await next();
+      } catch (error) {
+        const authError = error instanceof ServerAuthError ? error : new ServerAuthError(
+          ServerErrorCode.UNAUTHORIZED,
+          "Authentication failed",
+          401
+        );
+        return c.json({
+          success: false,
+          error: {
+            code: authError.code,
+            message: authError.message
+          }
+        }, authError.statusCode);
+      }
+    };
+  }
+  // ============================================
+  // Utility Methods
+  // ============================================
+  /**
+   * Clear token cache
+   * 清除令牌缓存
+   */
+  clearCache() {
+    this.tokenCache.clear();
+  }
+  /**
+   * Get cache statistics
+   * 获取缓存统计
+   */
+  getCacheStats() {
+    return {
+      size: this.tokenCache.size,
+      entries: this.tokenCache.size
+    };
+  }
+};
+var index_default = UniAuthServer;
+export {
+  ServerAuthError,
+  ServerErrorCode,
+  UniAuthServer,
+  index_default as default
+};

package/package.json ADDED Viewed

@@ -0,0 +1,43 @@
+{
+    "name": "@55387.ai/uniauth-server",
+    "version": "1.0.0",
+    "description": "UniAuth Server SDK - Token verification for Node.js backends",
+    "type": "module",
+    "main": "./dist/index.js",
+    "module": "./dist/index.mjs",
+    "types": "./dist/index.d.ts",
+    "exports": {
+        ".": {
+            "import": "./dist/index.mjs",
+            "require": "./dist/index.js",
+            "types": "./dist/index.d.ts"
+        }
+    },
+    "publishConfig": {
+        "access": "public"
+    },
+    "scripts": {
+        "build": "tsup src/index.ts --format cjs,esm --dts --clean",
+        "dev": "tsup src/index.ts --format cjs,esm --dts --watch",
+        "test": "vitest run",
+        "test:watch": "vitest",
+        "lint": "eslint src --ext .ts",
+        "clean": "rm -rf dist"
+    },
+    "dependencies": {
+        "jose": "^5.9.6"
+    },
+    "devDependencies": {
+        "@types/node": "^22.10.2",
+        "tsup": "^8.3.5",
+        "typescript": "^5.7.2",
+        "vitest": "^2.1.8"
+    },
+    "keywords": [
+        "auth",
+        "authentication",
+        "middleware",
+        "jwt",
+        "sdk"
+    ]
+}