npm - @amaster.ai/auth-client - Versions diffs - 1.1.0-beta.3 → 1.1.0-beta.30 - Mend

@amaster.ai/auth-client 1.1.0-beta.3 → 1.1.0-beta.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/README.md +84 -120
package/dist/auth.d.cts +15 -3
package/dist/auth.d.ts +15 -3
package/dist/index.cjs +1 -1
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.js +1 -1
package/dist/index.js.map +1 -1
package/dist/oauth.d.cts +1 -1
package/dist/oauth.d.ts +1 -1
package/dist/permissions.d.cts +1 -1
package/dist/permissions.d.ts +1 -1
package/dist/sessions.d.cts +1 -1
package/dist/sessions.d.ts +1 -1
package/dist/{types-Be3I8qJG.d.cts → types-C56GAJKY.d.cts} +0 -2
package/dist/{types-Be3I8qJG.d.ts → types-C56GAJKY.d.ts} +0 -2
package/dist/user.d.cts +1 -1
package/dist/user.d.ts +1 -1
package/package.json +2 -2

package/README.md CHANGED Viewed

@@ -8,6 +8,7 @@ Authentication SDK for Amaster Platform - Complete client-side authentication so
 - 🔄 **Automatic Token Refresh**: JWT token auto-refresh before expiration
 - 📦 **Token Storage**: localStorage or sessionStorage with SSR support
 - 🎯 **Permission System**: Role-based and permission-based access control
+- 👤 **Anonymous Access**: Automatic support for anonymous users with configurable permissions
 - 🔗 **OAuth Integration**: Google, GitHub, WeChat OAuth, WeChat Mini Program, and custom OAuth providers
 - 📡 **Event System**: Listen to login, logout, and token events
 - 💾 **Session Management**: View and revoke active sessions
@@ -82,10 +83,10 @@ const authClient = createAuthClient();
 ```typescript
 interface AuthClientOptions {
-  baseURL?: string;              // API base URL, defaults to window.location.origin
+  baseURL?: string; // API base URL, defaults to window.location.origin
   headers?: Record<string, string>; // Custom headers for all requests
-  onTokenExpired?: () => void;   // Token expiration callback
-  onUnauthorized?: () => void;   // Unauthorized (401) callback
+  onTokenExpired?: () => void; // Token expiration callback
+  onUnauthorized?: () => void; // Unauthorized (401) callback
 }
 ```
@@ -94,19 +95,18 @@ interface AuthClientOptions {
 ```typescript
 const authClient = createAuthClient({
   baseURL: "https://api.example.com",
-  onTokenExpired: () => window.location.href = "/login",
+  onTokenExpired: () => (window.location.href = "/login"),
   onUnauthorized: () => alert("Session expired"),
 });
 ```
 **Built-in Features (Zero Config):**
-- ✅ **Auto Environment Detection**: Works in browser, WeChat Mini Program, SSR
-- ✅ **Auto Token Refresh**: Refreshes 5 minutes before expiry
-- ✅ **Auto Permission Sync**: Syncs on page load and every token refresh
-- ✅ **Smart Storage**: localStorage (browser), wx.storage (WeChat), no-op (SSR)
-- ✅ **Lightweight Data**: Only permission names cached, not full objects
-- ✅ **On-Demand DataScope**: Loads only when needed
+- ✅ Auto environment detection (browser, WeChat Mini Program, SSR)
+- ✅ Auto token refresh (5 minutes before expiry)
+- ✅ Auto permission sync
+- ✅ Auto anonymous support
+- ✅ Smart storage (localStorage, wx.storage, no-op for SSR)
 ## Authentication
@@ -184,11 +184,7 @@ window.location.href = redirectUrl;
 ```typescript
 // Main page
-const popup = window.open(
-  "/api/auth/oauth/google",
-  "oauth-login",
-  "width=600,height=700"
-);
+const popup = window.open("/api/auth/oauth/google", "oauth-login", "width=600,height=700");
 window.addEventListener("message", (event) => {
   if (event.data.type === "oauth-success") {
@@ -213,7 +209,7 @@ import { createAuthClient } from "@amaster.ai/auth-client";
 // Zero configuration - auto-detects WeChat environment
 const authClient = createAuthClient({
-  baseURL: "https://api.yourdomain.com"
+  baseURL: "https://api.yourdomain.com",
 });
 // Login with WeChat code
@@ -221,22 +217,22 @@ wx.login({
   success: async (res) => {
     if (res.code) {
       const result = await authClient.loginWithMiniProgram(res.code);
       if (result.data) {
         console.log("Logged in:", result.data.user);
         // Token automatically saved to wx.storage
-        wx.switchTab({ url: '/pages/index/index' });
+        wx.switchTab({ url: "/pages/index/index" });
       } else if (result.error) {
         wx.showToast({
-          title: result.error.message || 'Login failed',
-          icon: 'none'
+          title: result.error.message || "Login failed",
+          icon: "none",
         });
       }
     }
   },
   fail: (err) => {
     console.error("wx.login failed:", err);
-  }
+  },
 });
 ```
@@ -244,8 +240,8 @@ wx.login({
 ```xml
 <!-- WXML -->
-<button
-  open-type="getPhoneNumber"
+<button
+  open-type="getPhoneNumber"
   bindgetphonenumber="onGetPhoneNumber"
 >
   Get Phone Number
@@ -256,14 +252,14 @@ wx.login({
 // JS
 async onGetPhoneNumber(e) {
   const { code } = e.detail;
   if (code) {
     const result = await authClient.getMiniProgramPhoneNumber(code);
     if (result.data) {
       console.log("Phone number:", result.data.phone);
       console.log("Verified:", result.data.phoneVerified);
       // Update UI with phone number
       this.setData({
         phone: result.data.phone
@@ -288,13 +284,13 @@ async onGetPhoneNumber(e) {
 import { createAuthClient } from "@amaster.ai/auth-client";
 const authClient = createAuthClient({
-  baseURL: "https://api.yourdomain.com"
+  baseURL: "https://api.yourdomain.com",
 });
 Page({
   data: {
     userInfo: null,
-    hasPhone: false
+    hasPhone: false,
   },
   // Auto-login on page load
@@ -304,26 +300,26 @@ Page({
   // WeChat Mini Program login
   async handleLogin() {
-    wx.showLoading({ title: 'Logging in...' });
+    wx.showLoading({ title: "Logging in..." });
     wx.login({
       success: async (res) => {
         if (res.code) {
           const result = await authClient.loginWithMiniProgram(res.code);
           wx.hideLoading();
           if (result.data) {
             this.setData({
-              userInfo: result.data.user
+              userInfo: result.data.user,
             });
             // Navigate to home
-            wx.switchTab({ url: '/pages/index/index' });
+            wx.switchTab({ url: "/pages/index/index" });
           } else {
             wx.showToast({
-              title: 'Login failed',
-              icon: 'none'
+              title: "Login failed",
+              icon: "none",
             });
           }
         }
@@ -331,47 +327,47 @@ Page({
       fail: () => {
         wx.hideLoading();
         wx.showToast({
-          title: 'Login failed',
-          icon: 'none'
+          title: "Login failed",
+          icon: "none",
         });
-      }
+      },
     });
   },
   // Get phone number with user authorization
   async onGetPhoneNumber(e) {
     const { code } = e.detail;
     if (!code) {
       wx.showToast({
-        title: 'Authorization cancelled',
-        icon: 'none'
+        title: "Authorization cancelled",
+        icon: "none",
       });
       return;
     }
-    wx.showLoading({ title: 'Getting phone...' });
+    wx.showLoading({ title: "Getting phone..." });
     const result = await authClient.getMiniProgramPhoneNumber(code);
     wx.hideLoading();
     if (result.data) {
       this.setData({
-        hasPhone: true
+        hasPhone: true,
       });
       wx.showToast({
-        title: 'Phone number obtained',
-        icon: 'success'
+        title: "Phone number obtained",
+        icon: "success",
       });
     } else {
       wx.showToast({
-        title: result.error?.message || 'Failed to get phone',
-        icon: 'none'
+        title: result.error?.message || "Failed to get phone",
+        icon: "none",
       });
     }
-  }
+  },
 });
 ```
@@ -412,67 +408,50 @@ await authClient.changePassword({
 ## Permission Checks
-### Local Permission Checks (Fast)
+### Anonymous Access Support
-Permissions are cached locally as string arrays for fast UI checks:
+The SDK automatically supports anonymous users with **zero configuration**:
 ```typescript
-// Check single role
-if (authClient.hasRole("admin")) {
-  // Admin only
-}
+// Create client
+const authClient = createAuthClient();
-// Check single permission
-if (authClient.hasPermission("user.read")) {
-  // Can read users
+// Permission checks work for both authenticated and anonymous users
+if (authClient.hasPermission("article", "read")) {
+  showArticleList();
 }
-// Check any permission
-if (authClient.hasAnyPermission(["user.read", "user.manage"])) {
-  // Has at least one permission
+// Check if user is anonymous
+if (authClient.isAnonymous()) {
+  showLoginPrompt();
 }
-// Check all permissions
-if (authClient.hasAllPermissions(["user.read", "user.write"])) {
-  // Has all permissions
-}
+// After login, permissions automatically update
+await authClient.login({ ... });
 ```
-### On-Demand Data Scope Loading
+### Local Permission Checks (Fast)
-Data scopes are loaded only when needed to reduce data transfer:
+Permissions are cached locally for fast UI checks:
 ```typescript
-// Get data scope for a specific permission
-const result = await authClient.getPermissionScope("user.read");
-if (result.data) {
-  const { dataScope } = result.data;
-  if (dataScope.scopeType === "department") {
-    // Filter users by department
-    const users = await api.getUsers({
-      departmentId: dataScope.scopeFilter.departmentId
-    });
-  } else if (dataScope.scopeType === "all") {
-    // Show all users
-    const users = await api.getUsers();
-  }
+// Check role
+if (authClient.hasRole("admin")) {
+  showAdminPanel();
 }
-```
-**Optimized Data Structure:**
+if (authClient.isAnonymous()) {
+  showLoginPrompt();
+}
-```typescript
-// User object (lightweight)
-{
-  uid: "xxx",
-  email: "user@example.com",
-  roles: ["admin", "user"],  // Only role codes
-  permissions: ["user.read", "user.write", "order.read"],  // Only permission names
-  // NO dataScopes - loaded on demand
+// Check permission
+if (authClient.hasPermission("user", "read")) {
+  showUserList();
 }
 ```
+````
 ## OAuth Bindings
 ### Get Bindings
@@ -613,48 +592,32 @@ if (result.error) {
 ### Token Management
-- SDK automatically manages Access Token and Refresh Token
-- Access Token is stored in localStorage/sessionStorage
-- Refresh Token is managed by backend via HttpOnly Cookie
-- Token is automatically refreshed 5 minutes before expiration (configurable)
-### Permission Sync
-- **On Page Load**: User info and permissions automatically sync from backend
-- **On Token Refresh**: Permissions re-sync every 5 minutes when token refreshes
-- **Manual Sync**: Call `await authClient.getMe()` to force sync anytime
-**Behavior:**
-- Permissions always stay fresh without any configuration
-- Page refresh loads latest permissions from backend
-- Background sync happens automatically every 5 minutes
+- Tokens are automatically managed by the SDK
+- Access Token refreshes 5 minutes before expiration
+- No manual token handling required
 ### Permission Checks
-- **Frontend permission checks are for UI control only** (show/hide buttons, menus)
-- **Backend must verify permissions again** - frontend checks are NOT security measures
-- Use permission checks to improve UX, not as security enforcement
+- Use permission checks for UI control (show/hide buttons, menus)
+- Frontend checks are NOT security measures
+- Backend must always verify permissions
 ### SSR Support
-The SDK detects SSR environments and uses a no-op storage adapter:
+The SDK works in both browser and SSR environments:
 ```typescript
-// Safe in both browser and SSR
 const authClient = createAuthClient();
 ```
 ## TypeScript
-Full TypeScript support with comprehensive type definitions:
+Full TypeScript support:
 ```typescript
 import type {
   User,
   LoginResponse,
-  Permission,
-  Role,
-  DataScope,
   Session,
   OAuthBinding,
 } from "@amaster.ai/auth-client";
@@ -667,3 +630,4 @@ MIT
 ## Contributing
 Contributions are welcome! Please read our contributing guidelines before submitting PRs.
+````

package/dist/auth.d.cts CHANGED Viewed

@@ -14,7 +14,7 @@
  * ============================================================================
  */
 import { HttpClient, ClientResult } from '@amaster.ai/http-client';
-import { q as User, i as RegisterParams, e as LoginResponse, L as LoginParams, c as CodeLoginParams, S as SendCodeParams, p as SuccessResponse, b as CaptchaResponse, g as OAuthProvider, M as MiniProgramPhoneResponse, R as RefreshTokenResponse } from './types-Be3I8qJG.cjs';
+import { q as User, i as RegisterParams, e as LoginResponse, L as LoginParams, c as CodeLoginParams, S as SendCodeParams, p as SuccessResponse, b as CaptchaResponse, g as OAuthProvider, M as MiniProgramPhoneResponse, R as RefreshTokenResponse } from './types-C56GAJKY.cjs';
 /**
  * Authentication Module
@@ -59,8 +59,14 @@ declare function createAuthModule(deps: AuthModuleDeps): {
      * @category Authentication
      * @example
      * ```typescript
+     * // Auto-detect loginType from username
+     * await auth.login({
+     *   username: "john_doe",
+     *   password: "Password@123",
+     * });
+     *
+     * // Auto-detect loginType from email
      * await auth.login({
-     *   loginType: "email",
      *   email: "user@example.com",
      *   password: "Password@123",
      * });
@@ -73,11 +79,17 @@ declare function createAuthModule(deps: AuthModuleDeps): {
      * @category Authentication
      * @example
      * ```typescript
+     * // Auto-detect loginType from email
      * await auth.loginWithCode({
-     *   loginType: "email",
      *   email: "user@example.com",
      *   code: "123456",
      * });
+     *
+     * // Auto-detect loginType from phone
+     * await auth.loginWithCode({
+     *   phone: "13800138000",
+     *   code: "123456",
+     * });
      * ```
      */
     loginWithCode(params: CodeLoginParams): Promise<ClientResult<LoginResponse>>;

package/dist/auth.d.ts CHANGED Viewed

@@ -14,7 +14,7 @@
  * ============================================================================
  */
 import { HttpClient, ClientResult } from '@amaster.ai/http-client';
-import { q as User, i as RegisterParams, e as LoginResponse, L as LoginParams, c as CodeLoginParams, S as SendCodeParams, p as SuccessResponse, b as CaptchaResponse, g as OAuthProvider, M as MiniProgramPhoneResponse, R as RefreshTokenResponse } from './types-Be3I8qJG.js';
+import { q as User, i as RegisterParams, e as LoginResponse, L as LoginParams, c as CodeLoginParams, S as SendCodeParams, p as SuccessResponse, b as CaptchaResponse, g as OAuthProvider, M as MiniProgramPhoneResponse, R as RefreshTokenResponse } from './types-C56GAJKY.js';
 /**
  * Authentication Module
@@ -59,8 +59,14 @@ declare function createAuthModule(deps: AuthModuleDeps): {
      * @category Authentication
      * @example
      * ```typescript
+     * // Auto-detect loginType from username
+     * await auth.login({
+     *   username: "john_doe",
+     *   password: "Password@123",
+     * });
+     *
+     * // Auto-detect loginType from email
      * await auth.login({
-     *   loginType: "email",
      *   email: "user@example.com",
      *   password: "Password@123",
      * });
@@ -73,11 +79,17 @@ declare function createAuthModule(deps: AuthModuleDeps): {
      * @category Authentication
      * @example
      * ```typescript
+     * // Auto-detect loginType from email
      * await auth.loginWithCode({
-     *   loginType: "email",
      *   email: "user@example.com",
      *   code: "123456",
      * });
+     *
+     * // Auto-detect loginType from phone
+     * await auth.loginWithCode({
+     *   phone: "13800138000",
+     *   code: "123456",
+     * });
      * ```
      */
     loginWithCode(params: CodeLoginParams): Promise<ClientResult<LoginResponse>>;

package/dist/index.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-'use strict';var httpClient=require('@amaster.ai/http-client');var y=class{constructor(){this.events={};}on(e,r){this.events[e]||(this.events[e]=[]),this.events[e].push(r);}off(e,r){this.events[e]&&(this.events[e]=this.events[e].filter(t=>t!==r));}emit(e,...r){this.events[e]&&this.events[e].forEach(t=>{try{t(...r);}catch(a){console.error(`[AuthClient] Error in event handler for "${e}":`,a);}});}removeAllListeners(){this.events={};}};var l={ACCESS_TOKEN:"amaster_access_token",REFRESH_TOKEN:"amaster_refresh_token",USER:"amaster_user"};function N(){return typeof wx<"u"&&wx.getStorageSync?"wechat-miniprogram":typeof window<"u"&&typeof window.localStorage<"u"?"browser":"node"}function S(){switch(N()){case "wechat-miniprogram":return $();case "browser":return L();case "node":return q()}}function L(){let s=window.localStorage;return {getItem(e){try{return s.getItem(e)}catch(r){return console.error("[AuthClient] Failed to get item from localStorage:",r),null}},setItem(e,r){try{s.setItem(e,r);}catch(t){console.error("[AuthClient] Failed to set item in localStorage:",t);}},removeItem(e){try{s.removeItem(e);}catch(r){console.error("[AuthClient] Failed to remove item from localStorage:",r);}},clear(){try{s.removeItem(l.ACCESS_TOKEN),s.removeItem(l.REFRESH_TOKEN),s.removeItem(l.USER);}catch(e){console.error("[AuthClient] Failed to clear localStorage:",e);}}}}function $(){return {getItem(s){try{return wx.getStorageSync(s)||null}catch(e){return console.error("[AuthClient] Failed to get item from WeChat storage:",e),null}},setItem(s,e){try{wx.setStorageSync(s,e);}catch(r){console.error("[AuthClient] Failed to set item in WeChat storage:",r);}},removeItem(s){try{wx.removeStorageSync(s);}catch(e){console.error("[AuthClient] Failed to remove item from WeChat storage:",e);}},clear(){try{wx.removeStorageSync(l.ACCESS_TOKEN),wx.removeStorageSync(l.REFRESH_TOKEN),wx.removeStorageSync(l.USER);}catch(s){console.error("[AuthClient] Failed to clear WeChat storage:",s);}}}}function q(){let s=new Map;return {getItem(e){return s.get(e)??null},setItem(e,r){s.set(e,r);},removeItem(e){s.delete(e);},clear(){s.clear();}}}function B(s){try{let e=s.split(".");if(e.length!==3)return null;let t=(e[1]||"").replace(/-/g,"+").replace(/_/g,"/");if(typeof atob<"u"){let a=decodeURIComponent(atob(t).split("").map(o=>"%"+("00"+o.charCodeAt(0).toString(16)).slice(-2)).join(""));return JSON.parse(a)}if(typeof Buffer<"u"){let a=Buffer.from(t,"base64").toString("utf-8");return JSON.parse(a)}return null}catch(e){return console.error("[AuthClient] Failed to parse JWT token:",e),null}}var C=class{constructor(){this.refreshTimer=null;this.isRefreshing=false;this.refreshCallback=null;}setRefreshCallback(e){this.refreshCallback=e;}scheduleRefresh(e){this.clearSchedule(),!(e<=0)&&(this.refreshTimer=setTimeout(()=>{this.refresh();},e));}scheduleRefreshFromToken(e,r=300){let t=B(e);if(!t||!t.exp){console.warn("[AuthClient] Cannot schedule refresh: invalid token or missing exp claim");return}let a=t.exp*1e3,o=Date.now(),c=a-o-r*1e3;c<=0?(console.warn("[AuthClient] Token already expired or expiring soon, refreshing immediately"),this.refresh()):this.scheduleRefresh(c);}async refresh(){if(!this.isRefreshing){if(!this.refreshCallback){console.error("[AuthClient] No refresh callback set");return}this.isRefreshing=true;try{await this.refreshCallback();}catch(e){console.error("[AuthClient] Token refresh failed:",e);}finally{this.isRefreshing=false;}}}clearSchedule(){this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null);}isCurrentlyRefreshing(){return this.isRefreshing}destroy(){this.clearSchedule(),this.refreshCallback=null,this.isRefreshing=false;}};function v(s){return s&&typeof s=="object"&&("statusCode"in s||"status"in s)&&"data"in s?s.data:s}var R={transformResponse:v,logErrors:true};function k(s){let{http:e,onLoginSuccess:r,storage:t,clearAuth:a}=s;return {async register(o){let n=await e.request({url:"/api/auth/register",method:"post",headers:{"Content-Type":"application/json"},data:o});return n.data?.user&&n.data?.accessToken&&r(n.data.user,n.data.accessToken),n},async login(o){let n=await e.request({url:"/api/auth/login",method:"post",headers:{"Content-Type":"application/json"},data:o});return n.data?.user&&n.data?.accessToken&&r(n.data.user,n.data.accessToken),n},async loginWithCode(o){let n=await e.request({url:"/api/auth/login-with-code",method:"post",headers:{"Content-Type":"application/json"},data:o});return n.data?.user&&n.data?.accessToken&&r(n.data.user,n.data.accessToken),n},async sendCode(o){return e.request({url:"/api/auth/send-code",method:"post",headers:{"Content-Type":"application/json"},data:o})},async getCaptcha(){return e.request({url:"/api/auth/captcha",method:"get"})},loginWithOAuth(o,n){if(typeof window>"u"){console.error("[AuthClient] OAuth login is only available in browser environment");return}let c=n?`/api/auth/oauth/${o}?redirect_url=${encodeURIComponent(n)}`:`/api/auth/oauth/${o}`;window.location.href=c;},async handleOAuthCallback(){if(typeof window>"u")return {data:null,error:{message:"OAuth callback is only available in browser environment",status:400},status:400};try{let o=window.location.hash.substring(1),n=new URLSearchParams(o),c=n.get("access_token"),h=n.get("user");if(!c||!h)return {data:null,error:{message:"OAuth callback failed: missing token or user data",status:400},status:400};let u=JSON.parse(decodeURIComponent(h));return r(u,c),{data:{user:u,accessToken:c},error:null,status:200}}catch(o){return {data:null,error:{message:`OAuth callback failed: ${o instanceof Error?o.message:String(o)}`,status:400},status:400}}},async loginWithMiniProgram(o){let n=await e.request({url:"/api/auth/miniprogram/login",method:"post",headers:{"Content-Type":"application/json"},data:{code:o}});return n.data?.user&&n.data?.accessToken&&r(n.data.user,n.data.accessToken),n},async getMiniProgramPhoneNumber(o){let n=t.getItem("amaster_access_token");return n?e.request({url:"/api/auth/miniprogram/phone",method:"post",headers:{"Content-Type":"application/json",Authorization:`Bearer ${n}`},data:{code:o}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async logout(){let o=t.getItem("amaster_access_token"),n=await e.request({url:"/api/auth/logout",method:"post",headers:o?{Authorization:`Bearer ${o}`}:void 0});return a(),n},async refreshToken(){return e.request({url:"/api/auth/refresh",method:"post"})}}}function P(s){let{getCurrentUser:e}=s;return {hasRole(r){let t=e();return !t||!t.roles?false:t.roles.includes(r)},hasPermission(r,t){let a=e();if(!a||!a.permissions)return  false;let o=`${r}:${t}`;return a.permissions.includes(o)},hasAnyPermission(r){return r.some(({resource:t,action:a})=>this.hasPermission(t,a))},hasAllPermissions(r){return r.every(({resource:t,action:a})=>this.hasPermission(t,a))}}}function T(s){let{http:e,storage:r,onUserUpdate:t}=s;return {async getMe(){let a=r.getItem("amaster_access_token");if(!a)return {data:null,error:{message:"Not authenticated",status:401},status:401};let o=await e.request({url:"/api/auth/me",method:"get",headers:{Authorization:`Bearer ${a}`}});return o.data&&t(o.data),o},async updateMe(a){let o=r.getItem("amaster_access_token");if(!o)return {data:null,error:{message:"Not authenticated",status:401},status:401};let n=await e.request({url:"/api/auth/me",method:"put",headers:{Authorization:`Bearer ${o}`,"Content-Type":"application/json"},data:a});return n.data&&t(n.data),n},async changePassword(a){let o=r.getItem("amaster_access_token");return o?e.request({url:"/api/auth/change-password",method:"post",headers:{Authorization:`Bearer ${o}`,"Content-Type":"application/json"},data:a}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function w(s){let{http:e,storage:r}=s;return {async getOAuthBindings(){let t=r.getItem("amaster_access_token");return t?e.request({url:"/api/auth/oauth-bindings",method:"get",headers:{Authorization:`Bearer ${t}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},bindOAuth(t){if(typeof window>"u"){console.error("[AuthClient] OAuth binding is only available in browser environment");return}window.location.href=`/api/auth/oauth/${t}/bind`;},async unbindOAuth(t){let a=r.getItem("amaster_access_token");return a?e.request({url:`/api/auth/oauth/${t}/unbind`,method:"delete",headers:{Authorization:`Bearer ${a}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function E(s){let{http:e,storage:r}=s;return {async getSession(){let t=r.getItem("amaster_access_token");return t?e.request({url:"/api/auth/sessions/current",method:"get",headers:{Authorization:`Bearer ${t}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async getSessions(){let t=r.getItem("amaster_access_token");return t?e.request({url:"/api/auth/sessions",method:"get",headers:{Authorization:`Bearer ${t}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async revokeSession(t){let a=r.getItem("amaster_access_token");return a?t?e.request({url:`/api/auth/sessions/${t}`,method:"delete",headers:{Authorization:`Bearer ${a}`}}):{data:null,error:{message:"Session ID is required",status:400},status:400}:{data:null,error:{message:"Not authenticated",status:401},status:401}},async revokeAllSessions(){let t=r.getItem("amaster_access_token");return t?e.request({url:"/api/auth/sessions",method:"delete",headers:{Authorization:`Bearer ${t}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function z(s={},e){let {baseURL:r,headers:t,onTokenExpired:a,onUnauthorized:o}=s,n=e||httpClient.createHttpClient({...R,baseURL:r,headers:t}),h=300,u=S(),m=new y,f=new C,g=null;try{let i=u.getItem(l.USER);i&&(g=JSON.parse(i));}catch(i){console.error("[AuthClient] Failed to load user from storage:",i);}let d;f.setRefreshCallback(async()=>{let i=await d.refreshToken();i.data?(await d.getMe(),m.emit("tokenRefreshed",i.data.accessToken)):(m.emit("tokenExpired"),a?.());});function M(i,p){u.setItem(l.ACCESS_TOKEN,p),u.setItem(l.USER,JSON.stringify(i)),g=i,f.scheduleRefreshFromToken(p,h),m.emit("login",i);}function O(i){g=i,u.setItem(l.USER,JSON.stringify(i));}function A(){u.clear(),g=null,f.clearSchedule();}function U(){return g}let b=k({http:n,onLoginSuccess:M,storage:u,clearAuth:A}),x=P({getCurrentUser:U}),I=T({http:n,storage:u,onUserUpdate:O}),_=w({http:n,storage:u}),H=E({http:n,storage:u});return d={...b,...x,...I,..._,...H,on(i,p){m.on(i,p);},off(i,p){m.off(i,p);},isAuthenticated(){return !!u.getItem(l.ACCESS_TOKEN)},getAccessToken(){return u.getItem(l.ACCESS_TOKEN)},setAccessToken(i){u.setItem(l.ACCESS_TOKEN,i),f.scheduleRefreshFromToken(i,h);},clearAuth:A},d.on("unauthorized",()=>{o?.();}),d.isAuthenticated()&&d.getMe().catch(i=>{console.warn("[AuthClient] Failed to sync user info on init:",i);}),d}exports.createAuthClient=z;exports.defaultHttpClientOptions=R;exports.transformAmasterResponse=v;//# sourceMappingURL=index.cjs.map
+'use strict';var httpClient=require('@amaster.ai/http-client');var y=class{constructor(){this.events={};}on(e,s){this.events[e]||(this.events[e]=[]),this.events[e].push(s);}off(e,s){this.events[e]&&(this.events[e]=this.events[e].filter(r=>r!==s));}emit(e,...s){this.events[e]&&this.events[e].forEach(r=>{try{r(...s);}catch(a){console.error(`[AuthClient] Error in event handler for "${e}":`,a);}});}removeAllListeners(){this.events={};}};var d={ACCESS_TOKEN:"amaster_access_token",REFRESH_TOKEN:"amaster_refresh_token",USER:"amaster_user"};function H(){return typeof wx<"u"&&wx.getStorageSync?"wechat-miniprogram":typeof window<"u"&&typeof window.localStorage<"u"?"browser":"node"}function S(){switch(H()){case "wechat-miniprogram":return q();case "browser":return N();case "node":return $()}}function N(){let t=window.localStorage;return {getItem(e){try{return t.getItem(e)}catch(s){return console.error("[AuthClient] Failed to get item from localStorage:",s),null}},setItem(e,s){try{t.setItem(e,s);}catch(r){console.error("[AuthClient] Failed to set item in localStorage:",r);}},removeItem(e){try{t.removeItem(e);}catch(s){console.error("[AuthClient] Failed to remove item from localStorage:",s);}},clear(){try{t.removeItem(d.ACCESS_TOKEN),t.removeItem(d.REFRESH_TOKEN),t.removeItem(d.USER);}catch(e){console.error("[AuthClient] Failed to clear localStorage:",e);}}}}function q(){return {getItem(t){try{return wx.getStorageSync(t)||null}catch(e){return console.error("[AuthClient] Failed to get item from WeChat storage:",e),null}},setItem(t,e){try{wx.setStorageSync(t,e);}catch(s){console.error("[AuthClient] Failed to set item in WeChat storage:",s);}},removeItem(t){try{wx.removeStorageSync(t);}catch(e){console.error("[AuthClient] Failed to remove item from WeChat storage:",e);}},clear(){try{wx.removeStorageSync(d.ACCESS_TOKEN),wx.removeStorageSync(d.REFRESH_TOKEN),wx.removeStorageSync(d.USER);}catch(t){console.error("[AuthClient] Failed to clear WeChat storage:",t);}}}}function $(){let t=new Map;return {getItem(e){return t.get(e)??null},setItem(e,s){t.set(e,s);},removeItem(e){t.delete(e);},clear(){t.clear();}}}function B(t){try{let e=t.split(".");if(e.length!==3)return null;let r=(e[1]||"").replace(/-/g,"+").replace(/_/g,"/");if(typeof atob<"u"){let a=decodeURIComponent(atob(r).split("").map(n=>"%"+("00"+n.charCodeAt(0).toString(16)).slice(-2)).join(""));return JSON.parse(a)}if(typeof Buffer<"u"){let a=Buffer.from(r,"base64").toString("utf-8");return JSON.parse(a)}return null}catch(e){return console.error("[AuthClient] Failed to parse JWT token:",e),null}}var C=class{constructor(){this.refreshTimer=null;this.isRefreshing=false;this.refreshCallback=null;}setRefreshCallback(e){this.refreshCallback=e;}scheduleRefresh(e){this.clearSchedule(),!(e<=0)&&(this.refreshTimer=setTimeout(()=>{this.refresh();},e));}scheduleRefreshFromToken(e,s=300){let r=B(e);if(!r||!r.exp){console.warn("[AuthClient] Cannot schedule refresh: invalid token or missing exp claim");return}let a=r.exp*1e3,n=Date.now(),c=a-n-s*1e3;c<=0?(console.warn("[AuthClient] Token already expired or expiring soon, refreshing immediately"),this.refresh()):this.scheduleRefresh(c);}async refresh(){if(!this.isRefreshing){if(!this.refreshCallback){console.error("[AuthClient] No refresh callback set");return}this.isRefreshing=true;try{await this.refreshCallback();}catch(e){console.error("[AuthClient] Token refresh failed:",e);}finally{this.isRefreshing=false;}}}clearSchedule(){this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null);}isCurrentlyRefreshing(){return this.isRefreshing}destroy(){this.clearSchedule(),this.refreshCallback=null,this.isRefreshing=false;}};function v(t){return t&&typeof t=="object"&&("statusCode"in t||"status"in t)&&"data"in t?t.data:t}var R={transformResponse:v,logErrors:true};function F(t){if(t.email)return "email";if(t.username)return "username";if(t.phone)return "phone"}function z(t){if(t.email)return "email";if(t.phone)return "phone"}function k(t){let{http:e,onLoginSuccess:s,storage:r,clearAuth:a}=t;return {async register(n){let o=await e.request({url:"/api/auth/register",method:"post",headers:{"Content-Type":"application/json"},data:n});return o.data?.user&&o.data?.accessToken&&s(o.data.user,o.data.accessToken),o},async login(n){let o=n.loginType||F(n);if(!o)return {data:null,error:{message:"Unable to determine login type. Please provide email, username, or phone.",status:400},status:400};let c={...n,loginType:o},u=await e.request({url:"/api/auth/login",method:"post",headers:{"Content-Type":"application/json"},data:c});return u.data?.user&&u.data?.accessToken&&s(u.data.user,u.data.accessToken),u},async loginWithCode(n){let o=n.loginType||z(n);if(!o)return {data:null,error:{message:"Unable to determine login type. Please provide email or phone.",status:400},status:400};let c={...n,loginType:o},u=await e.request({url:"/api/auth/login-with-code",method:"post",headers:{"Content-Type":"application/json"},data:c});return u.data?.user&&u.data?.accessToken&&s(u.data.user,u.data.accessToken),u},async sendCode(n){return e.request({url:"/api/auth/send-code",method:"post",headers:{"Content-Type":"application/json"},data:n})},async getCaptcha(){return e.request({url:"/api/auth/captcha",method:"get"})},loginWithOAuth(n,o){if(typeof window>"u"){console.error("[AuthClient] OAuth login is only available in browser environment");return}let c=o?`/api/auth/oauth/${n}?redirect_url=${encodeURIComponent(o)}`:`/api/auth/oauth/${n}`;window.location.href=c;},async handleOAuthCallback(){if(typeof window>"u")return {data:null,error:{message:"OAuth callback is only available in browser environment",status:400},status:400};try{let n=window.location.hash.substring(1),o=new URLSearchParams(n),c=o.get("access_token"),u=o.get("user");if(!c||!u)return {data:null,error:{message:"OAuth callback failed: missing token or user data",status:400},status:400};let l=JSON.parse(decodeURIComponent(u));return s(l,c),{data:{user:l,accessToken:c},error:null,status:200}}catch(n){return {data:null,error:{message:`OAuth callback failed: ${n instanceof Error?n.message:String(n)}`,status:400},status:400}}},async loginWithMiniProgram(n){let o=await e.request({url:"/api/auth/miniprogram/login",method:"post",headers:{"Content-Type":"application/json"},data:{code:n}});return o.data?.user&&o.data?.accessToken&&s(o.data.user,o.data.accessToken),o},async getMiniProgramPhoneNumber(n){let o=r.getItem("amaster_access_token");return o?e.request({url:"/api/auth/miniprogram/phone",method:"post",headers:{"Content-Type":"application/json",Authorization:`Bearer ${o}`},data:{code:n}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async logout(){let n=r.getItem("amaster_access_token"),o=await e.request({url:"/api/auth/logout",method:"post",headers:n?{Authorization:`Bearer ${n}`}:void 0});return a(),o},async refreshToken(){return e.request({url:"/api/auth/refresh",method:"post"})}}}function T(t){let{getCurrentUser:e}=t;return {hasRole(s){let r=e();return !r||!r.roles?false:r.roles.includes(s)},hasPermission(s,r){let a=e();if(!a||!a.permissions)return  false;let n=`${s}:${r}`;return a.permissions.includes(n)},hasAnyPermission(s){return s.some(({resource:r,action:a})=>this.hasPermission(r,a))},hasAllPermissions(s){return s.every(({resource:r,action:a})=>this.hasPermission(r,a))}}}function P(t){let{http:e,storage:s,onUserUpdate:r}=t;return {async getMe(){let a=s.getItem("amaster_access_token");if(!a)return {data:null,error:{message:"Not authenticated",status:401},status:401};let n=await e.request({url:"/api/auth/me",method:"get",headers:{Authorization:`Bearer ${a}`}});return n.data&&r(n.data),n},async updateMe(a){let n=s.getItem("amaster_access_token");if(!n)return {data:null,error:{message:"Not authenticated",status:401},status:401};let o=await e.request({url:"/api/auth/me",method:"put",headers:{Authorization:`Bearer ${n}`,"Content-Type":"application/json"},data:a});return o.data&&r(o.data),o},async changePassword(a){let n=s.getItem("amaster_access_token");return n?e.request({url:"/api/auth/change-password",method:"post",headers:{Authorization:`Bearer ${n}`,"Content-Type":"application/json"},data:a}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function w(t){let{http:e,storage:s}=t;return {async getOAuthBindings(){let r=s.getItem("amaster_access_token");return r?e.request({url:"/api/auth/oauth-bindings",method:"get",headers:{Authorization:`Bearer ${r}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},bindOAuth(r){if(typeof window>"u"){console.error("[AuthClient] OAuth binding is only available in browser environment");return}window.location.href=`/api/auth/oauth/${r}/bind`;},async unbindOAuth(r){let a=s.getItem("amaster_access_token");return a?e.request({url:`/api/auth/oauth/${r}/unbind`,method:"delete",headers:{Authorization:`Bearer ${a}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function E(t){let{http:e,storage:s}=t;return {async getSession(){let r=s.getItem("amaster_access_token");return r?e.request({url:"/api/auth/sessions/current",method:"get",headers:{Authorization:`Bearer ${r}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async getSessions(){let r=s.getItem("amaster_access_token");return r?e.request({url:"/api/auth/sessions",method:"get",headers:{Authorization:`Bearer ${r}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async revokeSession(r){let a=s.getItem("amaster_access_token");return a?r?e.request({url:`/api/auth/sessions/${r}`,method:"delete",headers:{Authorization:`Bearer ${a}`}}):{data:null,error:{message:"Session ID is required",status:400},status:400}:{data:null,error:{message:"Not authenticated",status:401},status:401}},async revokeAllSessions(){let r=s.getItem("amaster_access_token");return r?e.request({url:"/api/auth/sessions",method:"delete",headers:{Authorization:`Bearer ${r}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function J(t={},e){let {baseURL:s,headers:r,onTokenExpired:a,onUnauthorized:n}=t,o=e||httpClient.createHttpClient({...R,baseURL:s,headers:r}),u=300,l=S(),m=new y,f=new C,g=null;try{let i=l.getItem(d.USER);i&&(g=JSON.parse(i));}catch(i){console.error("[AuthClient] Failed to load user from storage:",i);}let p;f.setRefreshCallback(async()=>{let i=await p.refreshToken();i.data?(await p.getMe(),m.emit("tokenRefreshed",i.data.accessToken)):(m.emit("tokenExpired"),a?.());});function M(i,h){l.setItem(d.ACCESS_TOKEN,h),l.setItem(d.USER,JSON.stringify(i)),g=i,f.scheduleRefreshFromToken(h,u),m.emit("login",i);}function O(i){g=i,l.setItem(d.USER,JSON.stringify(i));}function A(){l.clear(),g=null,f.clearSchedule();}function U(){return g}let b=k({http:o,onLoginSuccess:M,storage:l,clearAuth:A}),x=T({getCurrentUser:U}),I=P({http:o,storage:l,onUserUpdate:O}),_=w({http:o,storage:l}),L=E({http:o,storage:l});return p={...b,...x,...I,..._,...L,on(i,h){m.on(i,h);},off(i,h){m.off(i,h);},isAuthenticated(){return !!l.getItem(d.ACCESS_TOKEN)},getAccessToken(){return l.getItem(d.ACCESS_TOKEN)},setAccessToken(i){l.setItem(d.ACCESS_TOKEN,i),f.scheduleRefreshFromToken(i,u);},clearAuth:A},p.on("unauthorized",()=>{n?.();}),p.isAuthenticated()&&p.getMe().catch(i=>{console.warn("[AuthClient] Failed to sync user info on init:",i);}),p}exports.createAuthClient=J;exports.defaultHttpClientOptions=R;exports.transformAmasterResponse=v;//# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map