npm - @alepha/react - Versions diffs - 0.5.1 → 0.6.0 - Mend

@alepha/react 0.5.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/dist/index.browser.cjs +23 -19
package/dist/index.browser.js +18 -0
package/dist/index.cjs +419 -340
package/dist/{index.d.cts → index.d.ts} +591 -420
package/dist/index.js +554 -0
package/dist/{useRouterState-BlKHWZwk.cjs → useAuth-DOVx2kqa.cjs} +243 -102
package/dist/{useRouterState-CvFCmaq7.mjs → useAuth-i7wbKVrt.js} +214 -77
package/package.json +21 -23
package/src/components/Link.tsx +22 -0
package/src/components/NestedView.tsx +2 -2
package/src/constants/SSID.ts +1 -0
package/src/contexts/RouterContext.ts +2 -2
package/src/descriptors/$auth.ts +28 -0
package/src/descriptors/$page.ts +57 -3
package/src/errors/RedirectionError.ts +7 -0
package/src/hooks/useAuth.ts +29 -0
package/src/hooks/useInject.ts +3 -3
package/src/index.browser.ts +3 -1
package/src/index.shared.ts +14 -3
package/src/index.ts +23 -6
package/src/providers/ReactAuthProvider.ts +410 -0
package/src/providers/ReactBrowserProvider.ts +41 -19
package/src/providers/ReactServerProvider.ts +106 -49
package/src/services/Auth.ts +45 -0
package/src/services/Router.ts +154 -41
package/dist/index.browser.mjs +0 -17
package/dist/index.d.mts +0 -872
package/dist/index.mjs +0 -477
package/src/providers/ReactSessionProvider.ts +0 -363

package/src/providers/ReactSessionProvider.ts DELETED Viewed

@@ -1,363 +0,0 @@
-import crypto from "node:crypto";
-import { $cache } from "@alepha/cache";
-import { $hook, $inject, $logger, type Static, t } from "@alepha/core";
-import { SecurityProvider } from "@alepha/security";
-import { $route, BadRequestError, ServerProvider } from "@alepha/server";
-import {
-	type Configuration,
-	allowInsecureRequests,
-	authorizationCodeGrant,
-	buildAuthorizationUrl,
-	buildEndSessionUrl,
-	calculatePKCECodeChallenge,
-	discovery,
-	randomPKCECodeVerifier,
-	refreshTokenGrant,
-} from "openid-client";
-export const sessionUserSchema = t.object({
-	id: t.string(),
-	name: t.optional(t.string()),
-});
-export const sessionSchema = t.object({
-	user: t.optional(sessionUserSchema),
-});
-export type Session = Static<typeof sessionSchema>;
-const envSchema = t.object({
-	REACT_OIDC_ISSUER: t.optional(t.string()),
-	REACT_OIDC_CLIENT_ID: t.optional(t.string()),
-	REACT_OIDC_CLIENT_SECRET: t.optional(t.string()),
-	REACT_OIDC_REDIRECT_URI: t.optional(t.string()),
-});
-declare module "fastify" {
-	interface FastifyRequest {
-		session?: ReactServerSession;
-	}
-}
-declare module "@alepha/core" {
-	interface Env extends Partial<Static<typeof envSchema>> {}
-}
-export class ReactSessionProvider {
-	protected readonly SSID = "ssid";
-	protected readonly log = $logger();
-	protected readonly env = $inject(envSchema);
-	protected readonly serverProvider = $inject(ServerProvider);
-	protected readonly securityProvider = $inject(SecurityProvider);
-	protected readonly sessions = $cache<ReactServerSession>();
-	protected clients: Configuration[] = [];
-	public get redirectUri() {
-		return (
-			this.env.REACT_OIDC_REDIRECT_URI ??
-			`${this.serverProvider.hostname}/api/callback`
-		);
-	}
-	protected readonly configure = $hook({
-		name: "configure",
-		priority: 100,
-		handler: async () => {
-			const issuer = this.env.REACT_OIDC_ISSUER;
-			const clientId = this.env.REACT_OIDC_CLIENT_ID;
-			if (!issuer || !clientId) {
-				return;
-			}
-			const client = await discovery(
-				new URL(issuer),
-				clientId,
-				{
-					client_secret: this.env.REACT_OIDC_CLIENT_SECRET,
-				},
-				undefined,
-				{
-					execute: [allowInsecureRequests],
-				},
-			);
-			this.clients = [client];
-		},
-	});
-	/**
-	 *
-	 * @param sessionId
-	 * @param session
-	 * @protected
-	 */
-	protected async setSession(sessionId: string, session: ReactServerSession) {
-		await this.sessions.set(sessionId, session, {
-			days: 1,
-		});
-	}
-	/**
-	 *
-	 * @param sessionId
-	 * @protected
-	 */
-	protected async getSession(
-		sessionId: string,
-	): Promise<ReactServerSession | undefined> {
-		const session = await this.sessions.get(sessionId);
-		if (!session) {
-			return;
-		}
-		const now = Date.now();
-		if (session.expires_in && session.issued_at) {
-			const expiresAt = session.issued_at + (session.expires_in - 10) * 1000;
-			if (expiresAt < now) {
-				if (session.refresh_token) {
-					try {
-						const newTokens = await refreshTokenGrant(
-							this.clients[0],
-							session.refresh_token,
-						);
-						await this.setSession(sessionId, {
-							...newTokens,
-							issued_at: Date.now(),
-						});
-						return newTokens;
-					} catch (e) {
-						this.log.error(e, "Failed to refresh token");
-					}
-				}
-				await this.sessions.invalidate(sessionId);
-				return;
-			}
-		}
-		if (!session.issued_at && session.access_token) {
-			await this.sessions.invalidate(sessionId);
-			return;
-		}
-		return session;
-	}
-	/**
-	 *
-	 * @protected
-	 */
-	protected readonly beforeRequest = $hook({
-		name: "configure:fastify",
-		priority: 100,
-		handler: async (app) => {
-			app.decorateRequest("session");
-			app.addHook("onRequest", async (req) => {
-				const sessionId = (req as any).cookies[this.SSID];
-				if (sessionId && !isViteFile(req.url)) {
-					const session = await this.getSession(sessionId);
-					if (session) {
-						req.session = session;
-						if (session.access_token) {
-							req.headers.authorization = `Bearer ${session.access_token}`;
-						}
-					}
-				}
-			});
-		},
-	});
-	/**
-	 *
-	 */
-	public readonly login = $route({
-		security: false,
-		url: "/login",
-		method: "GET",
-		schema: {
-			query: t.object({
-				redirect: t.optional(t.string()),
-			}),
-		},
-		handler: async ({ query }) => {
-			const client = this.clients[0];
-			const codeVerifier = randomPKCECodeVerifier();
-			const codeChallenge = await calculatePKCECodeChallenge(codeVerifier);
-			const scope = "openid profile email";
-			const parameters: Record<string, string> = {
-				redirect_uri: this.redirectUri,
-				scope,
-				code_challenge: codeChallenge,
-				code_challenge_method: "S256",
-			};
-			const sessionId = crypto.randomUUID();
-			await this.setSession(sessionId, {
-				authorizationCodeGrant: {
-					codeVerifier,
-					redirectUri: query.redirect ?? "/",
-					// TODO: add nonce, max_age, state
-				},
-			});
-			return new Response("", {
-				status: 302,
-				headers: {
-					"Set-Cookie": `${this.SSID}=${sessionId}; HttpOnly; Path=/; SameSite=Lax;`,
-					Location: buildAuthorizationUrl(client, parameters).toString(),
-				},
-			});
-		},
-	});
-	/**
-	 *
-	 */
-	public readonly callback = $route({
-		security: false,
-		url: "/callback",
-		method: "GET",
-		schema: {
-			headers: t.record(t.string(), t.string()),
-			cookies: t.object({
-				ssid: t.string(),
-			}),
-		},
-		handler: async ({ cookies, url }) => {
-			const sessionId = cookies.ssid;
-			const session = await this.getSession(sessionId);
-			if (!session) {
-				throw new BadRequestError("Missing session");
-			}
-			if (!session.authorizationCodeGrant) {
-				throw new BadRequestError("Invalid session - missing code verifier");
-			}
-			const [, search] = url.split("?");
-			const tokens = await authorizationCodeGrant(
-				this.clients[0],
-				new URL(`${this.redirectUri}?${search}`),
-				{
-					pkceCodeVerifier: session.authorizationCodeGrant.codeVerifier,
-					expectedNonce: session.authorizationCodeGrant.nonce,
-					expectedState: session.authorizationCodeGrant.state,
-					maxAge: session.authorizationCodeGrant.max_age,
-				},
-			);
-			await this.setSession(sessionId, {
-				...tokens,
-				issued_at: Date.now(),
-			});
-			return new Response("", {
-				status: 302,
-				headers: {
-					Location: session.authorizationCodeGrant.redirectUri ?? "/",
-				},
-			});
-		},
-	});
-	public readonly logout = $route({
-		security: false,
-		url: "/logout",
-		method: "GET",
-		schema: {
-			query: t.object({
-				redirect: t.optional(t.string()),
-			}),
-			cookies: t.object({
-				ssid: t.string(),
-			}),
-		},
-		handler: async ({ query, cookies }, { fastify }: any) => {
-			const session = fastify?.req.session;
-			await this.sessions.invalidate(cookies.ssid);
-			const redirect = query.redirect ?? "/";
-			const params = new URLSearchParams();
-			params.set("post_logout_redirect_uri", redirect);
-			if (session?.id_token) {
-				params.set("id_token_hint", session.id_token);
-			}
-			return new Response("", {
-				status: 302,
-				headers: {
-					"Set-Cookie": `${this.SSID}=; HttpOnly; Path=/; SameSite=Lax;`,
-					Location: buildEndSessionUrl(this.clients[0], params).toString(),
-				},
-			});
-		},
-	});
-	public readonly session = $route({
-		security: false,
-		url: "/_session",
-		method: "GET",
-		schema: {
-			headers: t.object({
-				authorization: t.string(),
-			}),
-			response: sessionSchema,
-		},
-		handler: async ({ headers }) => {
-			try {
-				return {
-					user: await this.securityProvider.createUserFromToken(
-						headers.authorization,
-					),
-				};
-			} catch (e) {
-				return {};
-			}
-		},
-	});
-}
-export interface ReactServerSession {
-	access_token?: string;
-	expires_in?: number;
-	refresh_token?: string;
-	id_token?: string;
-	scope?: string;
-	issued_at?: number;
-	authorizationCodeGrant?: {
-		codeVerifier: string;
-		redirectUri: string;
-		nonce?: string;
-		max_age?: number;
-		state?: string;
-	};
-}
-const isViteFile = (file: string) => {
-	const [pathname] = file.split("?");
-	// swagger
-	if (pathname.startsWith("/docs")) {
-		return false;
-	}
-	// static assets
-	if (pathname.match(/\.\w{2,5}$/)) {
-		return true;
-	}
-	// vite internal files
-	if (pathname.startsWith("/@")) {
-		return true;
-	}
-	// our backend files
-	return false;
-};