@acorex/platform 21.0.0-next.1 → 21.0.0-next.2

package/fesm2022/acorex-platform-auth.mjs

@@ -1,8 +1,8 @@
 import * as i0 from '@angular/core';
-import { InjectionToken, Injector, Injectable, signal, inject, Input, Directive, provideAppInitializer, Optional, Inject, NgModule } from '@angular/core';
-import { AXPBroadcastEventService, AXP_MODULE_PROVIDER_LOADER, AXPModuleProviderRegistry, AXP_SESSION_SERVICE } from '@acorex/platform/core';
+import { InjectionToken, Injector, Injectable, signal, inject, Input, Directive, provideAppInitializer, Optional, Inject, NgModule, input, output, Component } from '@angular/core';
+import { of, map, BehaviorSubject, shareReplay, defaultIfEmpty, switchMap, filter, firstValueFrom, first } from 'rxjs';
+import { AXPBroadcastEventService } from '@acorex/platform/core';
 import { isEmpty } from 'lodash-es';
-import { map, BehaviorSubject, shareReplay, defaultIfEmpty, switchMap, filter, from, first } from 'rxjs';
 
 const AXP_APPLICATION_LOADER = new InjectionToken('AXP_APPLICATION_LOADER', {
     providedIn: 'root',
@@ -11,29 +11,25 @@ const AXP_APPLICATION_LOADER = new InjectionToken('AXP_APPLICATION_LOADER', {
     },
 });
 class AXPApplicationDefaultLoader {
-    async getList(context) {
-        return [
+    getList(context) {
+        return of([
             {
                 id: '1',
                 name: 'default-app',
                 title: 'Default Application',
                 version: '1.0.0',
-                edition: {
-                    id: 'default-edition-1',
-                    title: 'Standard',
-                },
+                editionName: 'Standard',
+                features: [],
             },
             {
                 id: '2',
                 name: 'default-app',
                 title: 'Default Application',
                 version: '1.0.0',
-                edition: {
-                    id: 'default-edition-2',
-                    title: 'Standard',
-                },
+                editionName: 'Standard',
+                features: [],
             },
-        ];
+        ]);
     }
 }
 
@@ -44,14 +40,14 @@ const AXP_TENANT_LOADER = new InjectionToken('AXP_TENANT_LOADER', {
     },
 });
 class AXPTenantDefaultLoader {
-    async getList(context) {
-        return [
+    getList(context) {
+        return of([
             {
                 id: '1',
                 name: 'default-tenant',
                 title: 'Default Tenant',
             },
-        ];
+        ]);
     }
 }
 
@@ -89,8 +85,8 @@ const AXP_FEATURE_LOADER = new InjectionToken('AXP_FEATURE_LOADER', {
     },
 });
 class AXPFeatureDefaultLoader {
-    async getList(context) {
-        return [];
+    getList(context) {
+        return of([]);
     }
 }
 
@@ -177,13 +173,6 @@ const AXPFeatureGuard = (route, state) => {
     }));
 };
 
-/**
- * Optional injection token for feature checker.
- * If provided, the checker will be called to potentially override
- * feature enablement results based on custom logic.
- */
-const AXP_FEATURE_CHECKER = new InjectionToken('AXP_FEATURE_CHECKER');
-
 const AXP_PERMISSION_LOADER = new InjectionToken('AXP_PERMISSION_LOADER', {
     providedIn: 'root',
     factory: () => {
@@ -191,18 +180,11 @@ const AXP_PERMISSION_LOADER = new InjectionToken('AXP_PERMISSION_LOADER', {
     }
 });
 class AXPPermissionDefaultLoader {
-    async getList(context) {
-        return [];
+    getList(context) {
+        return of([]);
     }
 }
 
-/**
- * Optional injection token for permission checker.
- * If provided, the checker will be called to potentially override
- * authorization results based on custom logic.
- */
-const AXP_PERMISSION_CHECKER = new InjectionToken('AXP_PERMISSION_CHECKER');
-
 class AXPSessionContext {
     get user() {
         return this._user;
@@ -240,9 +222,6 @@ class AXPSessionService {
         this.featureLoader = inject(AXP_FEATURE_LOADER);
         this.tenantLoader = inject(AXP_TENANT_LOADER);
         this.applicationLoader = inject(AXP_APPLICATION_LOADER);
-        this.moduleProviderLoader = inject(AXP_MODULE_PROVIDER_LOADER);
-        this.permissionChecker = inject(AXP_PERMISSION_CHECKER, { optional: true });
-        this.featureChecker = inject(AXP_FEATURE_CHECKER, { optional: true });
         this.status = new BehaviorSubject(AXPSessionStatus.Unauthenticated);
         this.status$ = this.status.asObservable().pipe(shareReplay(1));
         // Add loading state to prevent premature redirects
@@ -265,10 +244,8 @@ class AXPSessionService {
         // Add a new observable that considers loading state
         this.isAuthenticatedWithLoading$ = this.isLoading$.pipe(switchMap((loading) => {
             if (loading) {
-                // Wait for loading to complete, then return authentication status
                 return this.isLoading$.pipe(filter((isLoading) => !isLoading), switchMap(() => this.isAuthenticated$));
             }
-            // If not loading, return current authentication status
             return this.isAuthenticated$;
         }), shareReplay(1));
         this.isAuthorized$ = this.status$.pipe(map((status) => status === AXPSessionStatus.Authorized), shareReplay(1));
@@ -289,7 +266,7 @@ class AXPSessionService {
         return this.currentTenantSubject.value;
     }
     get tenants$() {
-        return from(this.tenantLoader.getList(this.getContext()));
+        return this.tenantLoader.getList(this.getContext());
     }
     get application() {
         const session = this.getSessionData();
@@ -299,7 +276,7 @@ class AXPSessionService {
         return this.currentApplicationSubject.value;
     }
     get applications$() {
-        return from(this.applicationLoader.getList(this.getContext()));
+        return this.applicationLoader.getList(this.getContext());
     }
     get permissions() {
         return this.permissionsSubject.value ?? [];
@@ -314,18 +291,7 @@ class AXPSessionService {
             if (sessionData) {
                 if (sessionData.user) {
                     this.currentUserSubject.next(sessionData.user);
-                    // Restore tenant and application from session data
-                    if (sessionData.tenant) {
-                        this.currentTenantSubject.next(sessionData.tenant);
-                    }
-                    if (sessionData.application) {
-                        this.currentApplicationSubject.next(sessionData.application);
-                    }
                     this.status.next(AXPSessionStatus.Authenticated);
-                    // Load required modules first to ensure entities are available for loaders
-                    // This is critical because loaders (like application.loader) need entities
-                    // from required modules (ApplicationManagement, TenantManagement, SecurityManagement)
-                    await this.moduleProviderLoader.loadRequiredModules();
                     await this.loadPermissions();
                     await this.loadFeatures();
                     await this.signInComplete();
@@ -443,9 +409,6 @@ class AXPSessionService {
             }
             //
             const userId = this.user?.id;
-            // Clear module provider loader cache before clearing session
-            // This ensures modules and providers from previous user are not cached
-            await this.moduleProviderLoader.clear();
             this.clearSession();
             this.eventService.publish(AXPSessionStatus.SignedOut, { id: userId });
             this.isLoading.next(false);
@@ -494,7 +457,7 @@ class AXPSessionService {
     }
     async loadPermissions() {
         try {
-            const permissions = await this.permissionLoader.getList(this.getContext());
+            const permissions = await firstValueFrom(this.permissionLoader.getList(this.getContext()));
             this.permissionsSubject.next(permissions ?? []);
         }
         catch (error) {
@@ -504,7 +467,7 @@ class AXPSessionService {
     }
     async loadFeatures() {
         try {
-            const features = await this.featureLoader.getList(this.getContext());
+            const features = await firstValueFrom(this.featureLoader.getList(this.getContext()));
             this.featuresSubject.next(features ?? []);
         }
         catch (error) {
@@ -584,39 +547,26 @@ class AXPSessionService {
         localStorage.removeItem(AXPSessionService.SESSION_KEY);
     }
     authorize(...keys) {
-        // Calculate base result
-        const baseResult = keys.every((k) => {
-            if (isEmpty(k))
-                return true;
-            // Check if user has the permission
-            const hasPermission = this.permissions.indexOf(k) > -1;
-            if (!hasPermission)
-                return false;
-            // Check if permission has required features (if permission definition service is available)
-            // Note: This is a lightweight check. Full feature validation happens in permission definition service.
-            return true;
-        });
-        // If permission checker is provided, use it to potentially override the result
-        if (this.permissionChecker) {
-            const context = this.getContext();
-            return this.permissionChecker.check(keys, context, baseResult);
-        }
-        return baseResult;
+        return keys.every((k) => isEmpty(k) || this.permissions.indexOf(k) > -1 || this.user?.name == 'root');
     }
     isFeatureEnabled(...keys) {
-        // Calculate base result
-        const baseResult = keys.every((k) => isEmpty(k) || this.features.some((c) => c.name == k && c.value == true));
-        // If feature checker is provided, use it to potentially override the result
-        if (this.featureChecker) {
-            const context = this.getContext();
-            return this.featureChecker.check(keys, context, baseResult);
-        }
-        return baseResult;
+        return keys.every((k) => isEmpty(k) || this.features.some((c) => c.name == k && c.value == true));
     }
     getToken() {
         const sessionData = this.getSessionData();
         return sessionData?.accessToken;
     }
+    checkTokenValidation() {
+        let sessionData = this.getSessionData();
+        if (sessionData && sessionData?.accessToken && sessionData.expiresIn) {
+            const expiresInDate = new Date(sessionData.expiresIn);
+            if (expiresInDate > new Date()) {
+                // Token is still valid
+                return true;
+            }
+        }
+        return false;
+    }
     getContext() {
         return new AXPSessionContext({
             user: this.user,
@@ -737,13 +687,12 @@ class AXPPermissionDefinitionGroupBuilder {
         this.context = context;
         this._group = group;
     }
-    addPermission(name, title, description, requiredFeatures) {
+    addPermission(name, title, description) {
         const permission = {
             name,
             title,
             description,
-            children: [],
-            requiredFeatures
+            children: []
         };
         this._group.permissions.push(permission);
         return new AXPPermissionDefinitionBuilder(this, permission);
@@ -763,25 +712,16 @@ class AXPPermissionDefinitionBuilder {
         this.groupBuilder = groupBuilder;
         this.permission = permission;
     }
-    addChild(name, title, description, requiredFeatures) {
+    addChild(name, title, description) {
         const permission = {
             name,
             title,
             description,
-            children: [],
-            requiredFeatures
+            children: []
         };
         this.permission.children.push(permission);
         return this;
     }
-    /**
-     * Set required features for this permission.
-     * @param features - Array of feature names (e.g., ['PlatformManagement.menu-customization'])
-     */
-    requireFeatures(...features) {
-        this.permission.requiredFeatures = features;
-        return this;
-    }
     endPermission() {
         return this.groupBuilder;
     }
@@ -796,8 +736,6 @@ const AXP_PERMISSION_DEFINITION_PROVIDER = new InjectionToken('AXP_PERMISSION_DE
 class AXPPermissionDefinitionService {
     constructor() {
         this.providers = inject(AXP_PERMISSION_DEFINITION_PROVIDER, { optional: true });
-        this.providerRegistry = inject(AXPModuleProviderRegistry);
-        this.sessionService = inject(AXPSessionService);
         this.cache = null;
     }
     async load() {
@@ -805,7 +743,6 @@ class AXPPermissionDefinitionService {
             return;
         }
         const context = new AXPPermissionDefinitionProviderContext();
-        // Load providers from DI tokens (backward compatibility)
         if (Array.isArray(this.providers)) {
             for (const provider of this.providers) {
                 if (provider instanceof Promise) {
@@ -819,49 +756,7 @@ class AXPPermissionDefinitionService {
                 }
             }
         }
-        // Load providers from registry (manifest-based, conditionally loaded)
-        const registryProviders = this.providerRegistry.getPermissionProviders();
-        for (const provider of registryProviders) {
-            await provider.define(context);
-        }
-        // Filter permissions based on required features
-        const allGroups = context.getGroupDefinitions();
-        this.cache = this.filterByFeatures(allGroups);
-    }
-    /**
-     * Filter permissions based on required features.
-     * Removes permissions that have required features that are not enabled.
-     */
-    filterByFeatures(groups) {
-        return groups.map(group => ({
-            ...group,
-            permissions: this.filterPermissions(group.permissions)
-        })).filter(group => group.permissions.length > 0);
-    }
-    /**
-     * Recursively filter permissions and their children based on required features.
-     */
-    filterPermissions(permissions) {
-        return permissions
-            .filter(permission => {
-            // Check if required features are enabled
-            if (permission.requiredFeatures && permission.requiredFeatures.length > 0) {
-                const allFeaturesEnabled = permission.requiredFeatures.every(featureName => this.sessionService.isFeatureEnabled(featureName));
-                if (!allFeaturesEnabled) {
-                    return false; // Filter out this permission
-                }
-            }
-            return true;
-        })
-            .map(permission => ({
-            ...permission,
-            children: this.filterPermissions(permission.children)
-        }))
-            .filter(permission => {
-            // Remove permissions that have no children if they were only containers
-            // (This is optional - you might want to keep parent permissions even without children)
-            return true;
-        });
+        this.cache = context.getGroupDefinitions();
     }
     async reload() {
         this.cache = null;
@@ -987,10 +882,6 @@ class AXPAuthModule {
                 const initializerFn = initializeAppState(inject(AXPSessionService));
                 return initializerFn();
             }),
-            {
-                provide: AXP_SESSION_SERVICE,
-                useExisting: AXPSessionService,
-            },
         ] }); }
 }
 i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPAuthModule, decorators: [{
@@ -1004,10 +895,6 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImpo
                             const initializerFn = initializeAppState(inject(AXPSessionService));
                             return initializerFn();
                         }),
-                        {
-                            provide: AXP_SESSION_SERVICE,
-                            useExisting: AXPSessionService,
-                        },
                     ],
                 }]
         }], ctorParameters: () => [{ type: undefined, decorators: [{
@@ -1097,9 +984,169 @@ class TimeUtil {
 }
 //#endregion
 
+//#region ----   Challenge Data Types   ----
+//#endregion
+
+//#region ----   Abstract Challenge Provider   ----
+/**
+ * Abstract base class for login challenge providers
+ *
+ * Implement this class to create custom challenge mechanisms like:
+ * - Image CAPTCHA
+ * - reCAPTCHA
+ * - SMS verification
+ * - Email verification
+ *
+ * @example
+ * ```typescript
+ * @Injectable()
+ * export class MyImageCaptchaProvider extends AXPLoginChallengeProvider {
+ *   readonly name = 'image-captcha';
+ *
+ *   checkResponse(error: unknown): AXPChallengeCheckResult | null {
+ *     if (error instanceof HttpErrorResponse) {
+ *       if (error.error?.requiresCaptcha) {
+ *         return { required: true };
+ *       }
+ *     }
+ *     return null;
+ *   }
+ *
+ *   async getChallenge(): Promise<AXPLoginChallengeData> {
+ *     const response = await this.http.get('/api/captcha').toPromise();
+ *     return {
+ *       id: response.id,
+ *       content: response.image,
+ *       contentType: 'image-base64'
+ *     };
+ *   }
+ *
+ *   async refreshChallenge(): Promise<AXPLoginChallengeData> {
+ *     return this.getChallenge();
+ *   }
+ *
+ *   getChallengeComponent(): Type<AXPLoginChallengeComponentBase> {
+ *     return MyCaptchaChallengeComponent;
+ *   }
+ * }
+ * ```
+ */
+class AXPLoginChallengeProvider {
+    /**
+     * Returns the component type for rendering the challenge UI
+     *
+     * Override this method to provide a custom challenge UI component.
+     * If not overridden (returns null), the login component will use
+     * a default built-in UI.
+     *
+     * @returns Component type extending AXPLoginChallengeComponentBase, or null for default UI
+     */
+    getChallengeComponent() {
+        return null;
+    }
+}
+//#endregion
+
+//#region ----   Injection Token   ----
+/**
+ * Injection token for the login challenge provider
+ *
+ * This token is optional - if not provided, no challenge mechanism will be used.
+ *
+ * @example
+ * ```typescript
+ * // In your app module or provider configuration:
+ * providers: [
+ *   {
+ *     provide: AXP_LOGIN_CHALLENGE_PROVIDER,
+ *     useClass: MyImageCaptchaProvider
+ *   }
+ * ]
+ *
+ * // In a component:
+ * private challengeProvider = inject(AXP_LOGIN_CHALLENGE_PROVIDER, { optional: true });
+ * ```
+ */
+const AXP_LOGIN_CHALLENGE_PROVIDER = new InjectionToken('AXP_LOGIN_CHALLENGE_PROVIDER');
+//#endregion
+
+//#region ----   Base Challenge Component   ----
+/**
+ * Base class for login challenge UI components
+ *
+ * Providers can extend this class to create custom challenge UIs.
+ * The login component will render this component and listen to its outputs.
+ *
+ * @example
+ * ```typescript
+ * @Component({
+ *   selector: 'my-captcha-challenge',
+ *   template: `
+ *     <div class="captcha-container">
+ *       <img [src]="'data:image/png;base64,' + challengeData().content" />
+ *       <input
+ *         type="text"
+ *         [value]="response()"
+ *         (input)="onResponseChange($event)"
+ *       />
+ *       <button (click)="onRefreshClick()">Refresh</button>
+ *     </div>
+ *   `
+ * })
+ * export class MyCaptchaChallengeComponent extends AXPLoginChallengeComponentBase {
+ *   response = signal('');
+ *
+ *   onResponseChange(event: Event) {
+ *     const value = (event.target as HTMLInputElement).value;
+ *     this.response.set(value);
+ *     this.responseChange.emit(value);
+ *   }
+ *
+ *   onRefreshClick() {
+ *     this.refreshRequest.emit();
+ *   }
+ * }
+ * ```
+ */
+class AXPLoginChallengeComponentBase {
+    constructor() {
+        //#region ----   Inputs   ----
+        /**
+         * Challenge data to display
+         * Contains the image/content and metadata from the server
+         */
+        this.challengeData = input.required(...(ngDevMode ? [{ debugName: "challengeData" }] : []));
+        /**
+         * Whether the challenge is currently loading (e.g., refreshing)
+         */
+        this.isLoading = input(false, ...(ngDevMode ? [{ debugName: "isLoading" }] : []));
+        //#endregion
+        //#region ----   Outputs   ----
+        /**
+         * Emits when the user enters or changes their response
+         * The login component will capture this value and include it in credentials
+         */
+        this.responseChange = output();
+        /**
+         * Emits when the user requests a new challenge (e.g., clicks refresh button)
+         * The login component will call provider.refreshChallenge()
+         */
+        this.refreshRequest = output();
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPLoginChallengeComponentBase, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
+    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "17.1.0", version: "20.3.12", type: AXPLoginChallengeComponentBase, isStandalone: true, selector: "ng-component", inputs: { challengeData: { classPropertyName: "challengeData", publicName: "challengeData", isSignal: true, isRequired: true, transformFunction: null }, isLoading: { classPropertyName: "isLoading", publicName: "isLoading", isSignal: true, isRequired: false, transformFunction: null } }, outputs: { responseChange: "responseChange", refreshRequest: "refreshRequest" }, ngImport: i0, template: '', isInline: true }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPLoginChallengeComponentBase, decorators: [{
+            type: Component,
+            args: [{
+                    template: '',
+                    standalone: true,
+                }]
+        }], propDecorators: { challengeData: [{ type: i0.Input, args: [{ isSignal: true, alias: "challengeData", required: true }] }], isLoading: [{ type: i0.Input, args: [{ isSignal: true, alias: "isLoading", required: false }] }], responseChange: [{ type: i0.Output, args: ["responseChange"] }], refreshRequest: [{ type: i0.Output, args: ["refreshRequest"] }] } });
+
 /**
  * Generated bundle index. Do not edit.
  */
 
-export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_CHECKER, AXP_FEATURE_LOADER, AXP_PERMISSION_CHECKER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
+export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPLoginChallengeComponentBase, AXPLoginChallengeProvider, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_LOADER, AXP_LOGIN_CHALLENGE_PROVIDER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
 //# sourceMappingURL=acorex-platform-auth.mjs.map