@amaster.ai/auth-client 1.1.0-beta.72 → 1.1.0-beta.74

package/README.md

@@ -96,7 +96,6 @@ interface AuthClientOptions {
 
 ```typescript
 const authClient = createAuthClient({
-  baseURL: "https://api.example.com",
   onTokenExpired: () => (window.location.href = "/login"),
   onUnauthorized: () => alert("Session expired"),
 });
@@ -192,6 +191,11 @@ verification-code login, registration auto-login, and mini-program login. Set
 `autoRedirectAfterLogin: false` to disable this behavior and fully control
 navigation in the application layer.
 
+When the SDK actually consumes a redirect target, successful login results will
+include `result.data.redirectHandled === true` and `result.data.redirectTarget`.
+Applications that still run their own post-login navigation should short-circuit
+on that flag to avoid double redirects.
+
 **Popup window:**
 
 ```typescript
@@ -212,40 +216,56 @@ if (window.opener) {
 }
 ```
 
-### WeChat Mini Program Login
+### Mini Program Login
+
+The SDK exposes a unified Mini Program API for both WeChat and Douyin.
+
+- WeChat runtime: auto-detects `wx` and uses WeChat endpoints
+- Douyin Mini Program: auto-detects the `tt` runtime and uses Douyin endpoints
+- Non-runtime or mixed environments: you can explicitly pass `platform`
+
+The SDK automatically detects the Mini Program storage runtime and uses WeChat `wx.storage` or Douyin `tt.storage`.
+For most app code, prefer the high-level methods:
 
-The SDK automatically detects WeChat Mini Program environment and uses `wx.storage`:
+- `miniLogin()` - automatically calls `Taro.login` / Douyin `tt.login` / WeChat `wx.login`, then completes backend login
+- `miniGetPhone(...)` - accepts a raw code or event object, extracts the phone code, then binds the phone number
 
 ```typescript
 import { createAuthClient } from "@amaster.ai/auth-client";
+import Taro from "@tarojs/taro";
 
-// Zero configuration - auto-detects WeChat environment
-const authClient = createAuthClient({
-  baseURL: "https://api.yourdomain.com",
-});
+// Zero configuration - auto-detects mini-program environment
+const authClient = createAuthClient();
 
-// Login with WeChat code
-wx.login({
-  success: async (res) => {
-    if (res.code) {
-      const result = await authClient.loginWithMiniProgram(res.code);
-
-      if (result.data) {
-        console.log("Logged in:", result.data.user);
-        // Token automatically saved to wx.storage
-        wx.switchTab({ url: "/pages/index/index" });
-      } else if (result.error) {
-        wx.showToast({
-          title: result.error.message || "Login failed",
-          icon: "none",
-        });
-      }
-    }
-  },
-  fail: (err) => {
-    console.error("wx.login failed:", err);
-  },
+const result = await authClient.miniLogin();
+
+if (result.data) {
+  console.log("Logged in:", result.data.user);
+  // Token automatically saved to mini-program storage
+  Taro.switchTab({ url: "/pages/index/index" });
+} else if (result.error) {
+  Taro.showToast({
+    title: result.error.message || "Login failed",
+    icon: "none",
+  });
+}
+```
+
+**Login with Douyin Mini Program:**
+
+```typescript
+const result = await authClient.miniLogin({
+  platform: "douyin",
 });
+
+if (result.data) {
+  console.log("Logged in:", result.data.user);
+} else if (result.error) {
+  Taro.showToast({
+    title: result.error.message || "Login failed",
+    icon: "none",
+  });
+}
 ```
 
 **Get user phone number (optional):**
@@ -263,25 +283,21 @@ wx.login({
 ```typescript
 // JS
 async onGetPhoneNumber(e) {
-  const { code } = e.detail;
+  const result = await authClient.miniGetPhone(e);
 
-  if (code) {
-    const result = await authClient.getMiniProgramPhoneNumber(code);
-
-    if (result.data) {
-      console.log("Phone number:", result.data.phone);
-      console.log("Verified:", result.data.phoneVerified);
+  if (result.data) {
+    console.log("Phone number:", result.data.phone);
+    console.log("Verified:", result.data.phoneVerified);
 
-      // Update UI with phone number
-      this.setData({
-        phone: result.data.phone
-      });
-    } else if (result.error) {
-      wx.showToast({
-        title: result.error.message || 'Failed to get phone number',
-        icon: 'none'
-      });
-    }
+    // Update UI with phone number
+    this.setData({
+      phone: result.data.phone
+    });
+  } else if (result.error) {
+    Taro.showToast({
+      title: result.error.message || 'Failed to get phone number',
+      icon: 'none'
+    });
   } else {
     // User denied authorization
     console.log("User cancelled phone number authorization");
@@ -289,15 +305,29 @@ async onGetPhoneNumber(e) {
 }
 ```
 
+**Get Douyin Mini Program phone number:**
+
+```typescript
+async function onGetPhoneNumber(e) {
+  const result = await authClient.miniGetPhone({
+    ...e,
+    platform: "douyin",
+  });
+
+  if (result.data) {
+    console.log("Phone number:", result.data.phone);
+  }
+}
+```
+
 **Complete Mini Program example:**
 
 ```typescript
 // pages/login/login.js
 import { createAuthClient } from "@amaster.ai/auth-client";
+import Taro from "@tarojs/taro";
 
-const authClient = createAuthClient({
-  baseURL: "https://api.yourdomain.com",
-});
+const authClient = createAuthClient();
 
 Page({
   data: {
@@ -312,38 +342,25 @@ Page({
 
   // WeChat Mini Program login
   async handleLogin() {
-    wx.showLoading({ title: "Logging in..." });
-
-    wx.login({
-      success: async (res) => {
-        if (res.code) {
-          const result = await authClient.loginWithMiniProgram(res.code);
-
-          wx.hideLoading();
-
-          if (result.data) {
-            this.setData({
-              userInfo: result.data.user,
-            });
-
-            // Navigate to home
-            wx.switchTab({ url: "/pages/index/index" });
-          } else {
-            wx.showToast({
-              title: "Login failed",
-              icon: "none",
-            });
-          }
-        }
-      },
-      fail: () => {
-        wx.hideLoading();
-        wx.showToast({
-          title: "Login failed",
-          icon: "none",
-        });
-      },
-    });
+    Taro.showLoading({ title: "Logging in..." });
+
+    const result = await authClient.miniLogin();
+
+    Taro.hideLoading();
+
+    if (result.data) {
+      this.setData({
+        userInfo: result.data.user,
+      });
+
+      // Navigate to home
+      Taro.switchTab({ url: "/pages/index/index" });
+    } else {
+      Taro.showToast({
+        title: "Login failed",
+        icon: "none",
+      });
+    }
   },
 
   // Get phone number with user authorization
@@ -351,30 +368,30 @@ Page({
     const { code } = e.detail;
 
     if (!code) {
-      wx.showToast({
+      Taro.showToast({
         title: "Authorization cancelled",
         icon: "none",
       });
       return;
     }
 
-    wx.showLoading({ title: "Getting phone..." });
+    Taro.showLoading({ title: "Getting phone..." });
 
-    const result = await authClient.getMiniProgramPhoneNumber(code);
+    const result = await authClient.miniGetPhone(e);
 
-    wx.hideLoading();
+    Taro.hideLoading();
 
     if (result.data) {
       this.setData({
         hasPhone: true,
       });
 
-      wx.showToast({
+      Taro.showToast({
         title: "Phone number obtained",
         icon: "success",
       });
     } else {
-      wx.showToast({
+      Taro.showToast({
         title: result.error?.message || "Failed to get phone",
         icon: "none",
       });
@@ -383,6 +400,13 @@ Page({
 });
 ```
 
+**Low-level compatibility APIs (deprecated, advanced use only):**
+
+If your app already has a login `code` or phone `code`, you can still call:
+
+- `loginWithMiniProgram(code | { code, platform })`
+- `getMiniProgramPhoneNumber(code | { code, platform })`
+
 ### Logout
 
 ```typescript

package/dist/auth.d.cts

@@ -14,7 +14,7 @@
  * ============================================================================
  */
 import { HttpClient, ClientResult } from '@amaster.ai/http-client';
-import { q as User, i as RegisterParams, e as LoginResponse, L as LoginParams, c as CodeLoginParams, S as SendCodeParams, p as SuccessResponse, b as CaptchaResponse, g as OAuthProvider, M as MiniProgramPhoneResponse, R as RefreshTokenResponse } from './types-DGF9cpAg.cjs';
+import { w as User, o as RegisterParams, e as LoginResponse, L as LoginParams, c as CodeLoginParams, S as SendCodeParams, v as SuccessResponse, b as CaptchaResponse, m as OAuthProvider, i as MiniProgramLoginParams, h as MiniLoginParams, k as MiniProgramPhoneParams, l as MiniProgramPhoneResponse, g as MiniGetPhoneParams, R as RefreshTokenResponse } from './types-DqwQ2EzH.cjs';
 
 /**
  * Authentication Module
@@ -36,6 +36,7 @@ declare const browserNavigation: {
 interface AuthModuleDeps {
     http: HttpClient;
     onLoginSuccess: (user: User, accessToken: string) => void;
+    onLogout: () => void;
     autoRedirectAfterLogin: boolean;
     storage: {
         getItem: (key: string) => string | null;
@@ -134,50 +135,63 @@ declare function createAuthModule(deps: AuthModuleDeps): {
      */
     handleOAuthCallback(): Promise<ClientResult<LoginResponse>>;
     /**
-     * Login with WeChat Mini Program code
+     * Login with Mini Program code
+     *
+     * Lower-level API for submitting an already acquired mini-program login code.
+     * For most app code, prefer `miniLogin()`.
+     *
+     * @deprecated Prefer `miniLogin()` unless you already have a resolved mini-program login code.
+     *
+     * @category Authentication
+     */
+    loginWithMiniProgram(input: string | MiniProgramLoginParams): Promise<ClientResult<LoginResponse>>;
+    /**
+     * Unified Mini Program login entry.
+     *
+     * Automatically calls Taro / WeChat `wx` / Douyin `tt` login APIs to fetch the temporary login code,
+     * then submits it to the backend using the correct platform endpoint.
      *
      * @category Authentication
      * @example
      * ```typescript
-     * // In WeChat Mini Program
-     * wx.login({
-     *   success: async (res) => {
-     *     if (res.code) {
-     *       const result = await auth.loginWithMiniProgram(res.code);
-     *       if (result.data) {
-     *         console.log("Logged in:", result.data.user);
-     *       }
-     *     }
-     *   }
+     * const result = await auth.miniLogin();
+     *
+     * const douyinResult = await auth.miniLogin({
+     *   platform: "douyin",
      * });
      * ```
      */
-    loginWithMiniProgram(code: string): Promise<ClientResult<LoginResponse>>;
+    miniLogin(params?: MiniLoginParams): Promise<ClientResult<LoginResponse>>;
     /**
-     * Get WeChat Mini Program user phone number
+     * Get Mini Program user phone number
      * Requires user authorization via getPhoneNumber button
      *
+     * Lower-level API for submitting an already acquired phone code.
+     * For most app code, prefer `miniGetPhone(...)`.
+     *
+     * @deprecated Prefer `miniGetPhone(...)` unless you already have a resolved phone authorization code.
+     *
+     * @category Authentication
+     */
+    getMiniProgramPhoneNumber(input: string | MiniProgramPhoneParams): Promise<ClientResult<MiniProgramPhoneResponse>>;
+    /**
+     * Unified Mini Program phone binding entry.
+     *
+     * Accepts a raw code, a `{ code, platform }` object, or a Mini Program event object
+     * such as the payload received from WeChat `wx`, Douyin `tt`, or Taro `getPhoneNumber`.
+     *
      * @category Authentication
      * @example
      * ```typescript
-     * // WXML
-     * <button open-type="getPhoneNumber" bindgetphonenumber="onGetPhoneNumber">
-     *   Get Phone Number
-     * </button>
-     *
-     * // JS
-     * async onGetPhoneNumber(e) {
-     *   const { code } = e.detail;
-     *   if (code) {
-     *     const result = await auth.getMiniProgramPhoneNumber(code);
-     *     if (result.data) {
-     *       console.log("Phone:", result.data.phone);
-     *     }
-     *   }
-     * }
+     * const result = await auth.miniGetPhone(e);
+     *
+     * const douyinResult = await auth.miniGetPhone({
+     *   code,
+     *   platform: "douyin",
+     * });
      * ```
      */
-    getMiniProgramPhoneNumber(code: string): Promise<ClientResult<MiniProgramPhoneResponse>>;
+    miniGetPhone(input: MiniGetPhoneParams): Promise<ClientResult<MiniProgramPhoneResponse>>;
     /**
      * Logout current user
      *

package/dist/auth.d.ts

@@ -14,7 +14,7 @@
  * ============================================================================
  */
 import { HttpClient, ClientResult } from '@amaster.ai/http-client';
-import { q as User, i as RegisterParams, e as LoginResponse, L as LoginParams, c as CodeLoginParams, S as SendCodeParams, p as SuccessResponse, b as CaptchaResponse, g as OAuthProvider, M as MiniProgramPhoneResponse, R as RefreshTokenResponse } from './types-DGF9cpAg.js';
+import { w as User, o as RegisterParams, e as LoginResponse, L as LoginParams, c as CodeLoginParams, S as SendCodeParams, v as SuccessResponse, b as CaptchaResponse, m as OAuthProvider, i as MiniProgramLoginParams, h as MiniLoginParams, k as MiniProgramPhoneParams, l as MiniProgramPhoneResponse, g as MiniGetPhoneParams, R as RefreshTokenResponse } from './types-DqwQ2EzH.js';
 
 /**
  * Authentication Module
@@ -36,6 +36,7 @@ declare const browserNavigation: {
 interface AuthModuleDeps {
     http: HttpClient;
     onLoginSuccess: (user: User, accessToken: string) => void;
+    onLogout: () => void;
     autoRedirectAfterLogin: boolean;
     storage: {
         getItem: (key: string) => string | null;
@@ -134,50 +135,63 @@ declare function createAuthModule(deps: AuthModuleDeps): {
      */
     handleOAuthCallback(): Promise<ClientResult<LoginResponse>>;
     /**
-     * Login with WeChat Mini Program code
+     * Login with Mini Program code
+     *
+     * Lower-level API for submitting an already acquired mini-program login code.
+     * For most app code, prefer `miniLogin()`.
+     *
+     * @deprecated Prefer `miniLogin()` unless you already have a resolved mini-program login code.
+     *
+     * @category Authentication
+     */
+    loginWithMiniProgram(input: string | MiniProgramLoginParams): Promise<ClientResult<LoginResponse>>;
+    /**
+     * Unified Mini Program login entry.
+     *
+     * Automatically calls Taro / WeChat `wx` / Douyin `tt` login APIs to fetch the temporary login code,
+     * then submits it to the backend using the correct platform endpoint.
      *
      * @category Authentication
      * @example
      * ```typescript
-     * // In WeChat Mini Program
-     * wx.login({
-     *   success: async (res) => {
-     *     if (res.code) {
-     *       const result = await auth.loginWithMiniProgram(res.code);
-     *       if (result.data) {
-     *         console.log("Logged in:", result.data.user);
-     *       }
-     *     }
-     *   }
+     * const result = await auth.miniLogin();
+     *
+     * const douyinResult = await auth.miniLogin({
+     *   platform: "douyin",
      * });
      * ```
      */
-    loginWithMiniProgram(code: string): Promise<ClientResult<LoginResponse>>;
+    miniLogin(params?: MiniLoginParams): Promise<ClientResult<LoginResponse>>;
     /**
-     * Get WeChat Mini Program user phone number
+     * Get Mini Program user phone number
      * Requires user authorization via getPhoneNumber button
      *
+     * Lower-level API for submitting an already acquired phone code.
+     * For most app code, prefer `miniGetPhone(...)`.
+     *
+     * @deprecated Prefer `miniGetPhone(...)` unless you already have a resolved phone authorization code.
+     *
+     * @category Authentication
+     */
+    getMiniProgramPhoneNumber(input: string | MiniProgramPhoneParams): Promise<ClientResult<MiniProgramPhoneResponse>>;
+    /**
+     * Unified Mini Program phone binding entry.
+     *
+     * Accepts a raw code, a `{ code, platform }` object, or a Mini Program event object
+     * such as the payload received from WeChat `wx`, Douyin `tt`, or Taro `getPhoneNumber`.
+     *
      * @category Authentication
      * @example
      * ```typescript
-     * // WXML
-     * <button open-type="getPhoneNumber" bindgetphonenumber="onGetPhoneNumber">
-     *   Get Phone Number
-     * </button>
-     *
-     * // JS
-     * async onGetPhoneNumber(e) {
-     *   const { code } = e.detail;
-     *   if (code) {
-     *     const result = await auth.getMiniProgramPhoneNumber(code);
-     *     if (result.data) {
-     *       console.log("Phone:", result.data.phone);
-     *     }
-     *   }
-     * }
+     * const result = await auth.miniGetPhone(e);
+     *
+     * const douyinResult = await auth.miniGetPhone({
+     *   code,
+     *   platform: "douyin",
+     * });
      * ```
      */
-    getMiniProgramPhoneNumber(code: string): Promise<ClientResult<MiniProgramPhoneResponse>>;
+    miniGetPhone(input: MiniGetPhoneParams): Promise<ClientResult<MiniProgramPhoneResponse>>;
     /**
      * Logout current user
      *

package/dist/index.cjs

@@ -1,2 +1,2 @@
-'use strict';var httpClient=require('@amaster.ai/http-client');var R=class{constructor(){this.events={};}on(e,s){this.events[e]||(this.events[e]=[]),this.events[e].push(s);}off(e,s){this.events[e]&&(this.events[e]=this.events[e].filter(r=>r!==s));}emit(e,...s){this.events[e]&&this.events[e].forEach(r=>{try{r(...s);}catch(a){console.error(`[AuthClient] Error in event handler for "${e}":`,a);}});}removeAllListeners(){this.events={};}};var c={ACCESS_TOKEN:"amaster_access_token",REFRESH_TOKEN:"amaster_refresh_token",USER:"amaster_user"};function q(){return typeof wx<"u"&&wx.getStorageSync?"wechat-miniprogram":typeof window<"u"&&typeof window.localStorage<"u"?"browser":"node"}function k(){switch(q()){case "wechat-miniprogram":return F();case "browser":return B();case "node":return z()}}function B(){let t=window.localStorage;return {getItem(e){try{return t.getItem(e)}catch(s){return console.error("[AuthClient] Failed to get item from localStorage:",s),null}},setItem(e,s){try{t.setItem(e,s);}catch(r){console.error("[AuthClient] Failed to set item in localStorage:",r);}},removeItem(e){try{t.removeItem(e);}catch(s){console.error("[AuthClient] Failed to remove item from localStorage:",s);}},clear(){try{t.removeItem(c.ACCESS_TOKEN),t.removeItem(c.REFRESH_TOKEN),t.removeItem(c.USER);}catch(e){console.error("[AuthClient] Failed to clear localStorage:",e);}}}}function F(){return {getItem(t){try{return wx.getStorageSync(t)||null}catch(e){return console.error("[AuthClient] Failed to get item from WeChat storage:",e),null}},setItem(t,e){try{wx.setStorageSync(t,e);}catch(s){console.error("[AuthClient] Failed to set item in WeChat storage:",s);}},removeItem(t){try{wx.removeStorageSync(t);}catch(e){console.error("[AuthClient] Failed to remove item from WeChat storage:",e);}},clear(){try{wx.removeStorageSync(c.ACCESS_TOKEN),wx.removeStorageSync(c.REFRESH_TOKEN),wx.removeStorageSync(c.USER);}catch(t){console.error("[AuthClient] Failed to clear WeChat storage:",t);}}}}function z(){let t=new Map;return {getItem(e){return t.get(e)??null},setItem(e,s){t.set(e,s);},removeItem(e){t.delete(e);},clear(){t.clear();}}}function K(t){try{let e=t.split(".");if(e.length!==3)return null;let r=(e[1]||"").replace(/-/g,"+").replace(/_/g,"/");if(typeof atob<"u"){let a=decodeURIComponent(atob(r).split("").map(u=>"%"+("00"+u.charCodeAt(0).toString(16)).slice(-2)).join(""));return JSON.parse(a)}if(typeof Buffer<"u"){let a=Buffer.from(r,"base64").toString("utf-8");return JSON.parse(a)}return null}catch(e){return console.error("[AuthClient] Failed to parse JWT token:",e),null}}var S=class{constructor(){this.refreshTimer=null;this.isRefreshing=false;this.refreshCallback=null;}setRefreshCallback(e){this.refreshCallback=e;}scheduleRefresh(e){this.clearSchedule(),!(e<=0)&&(this.refreshTimer=setTimeout(()=>{this.refresh();},e));}scheduleRefreshFromToken(e,s=300){let r=K(e);if(!r||!r.exp){console.warn("[AuthClient] Cannot schedule refresh: invalid token or missing exp claim");return}let a=r.exp*1e3,u=Date.now(),o=a-u-s*1e3;o<=0?(console.warn("[AuthClient] Token already expired or expiring soon, refreshing immediately"),this.refresh()):this.scheduleRefresh(o);}async refresh(){if(!this.isRefreshing){if(!this.refreshCallback){console.error("[AuthClient] No refresh callback set");return}this.isRefreshing=true;try{await this.refreshCallback();}catch(e){console.error("[AuthClient] Token refresh failed:",e);}finally{this.isRefreshing=false;}}}clearSchedule(){this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null);}isCurrentlyRefreshing(){return this.isRefreshing}destroy(){this.clearSchedule(),this.refreshCallback=null,this.isRefreshing=false;}};function T(t){return t&&typeof t=="object"&&("statusCode"in t||"status"in t)&&"data"in t?t.data:t}var v={transformResponse:T,logErrors:true};function j(t){if(t.email)return "email";if(t.username)return "username";if(t.phone)return "phone"}function J(t){if(t.email)return "email";if(t.phone)return "phone"}function D(t){let e=new URLSearchParams(t);return e.get("access_token")||e.get("accessToken")}function W(t){return new URLSearchParams(t).get("user")}function G(){if(typeof window>"u")return null;try{let t=new URLSearchParams(window.location.search).get("redirect");if(!t)return null;let e=new URL(t,window.location.origin);return e.origin!==window.location.origin?(console.warn("[AuthClient] Ignored cross-origin redirect target:",t),null):`${e.pathname}${e.search}${e.hash}`}catch(t){return console.warn("[AuthClient] Failed to resolve redirect target:",t),null}}var Y={replace(t){window.location.replace(t);}};function C(t){if(!t||typeof window>"u"||window.opener)return;let e=G();e&&Y.replace(e);}function P(t){let{http:e,onLoginSuccess:s,autoRedirectAfterLogin:r,storage:a,clearAuth:u}=t;return {async register(n){let o=await e.request({url:"/api/auth/register",method:"post",headers:{"Content-Type":"application/json"},data:n});return o.data?.user&&o.data?.accessToken&&(s(o.data.user,o.data.accessToken),C(r)),o},async login(n){let o=n.loginType||j(n);if(!o)return {data:null,error:{message:"Unable to determine login type. Please provide email, username, or phone.",status:400},status:400};let d={...n,loginType:o},l=await e.request({url:"/api/auth/login",method:"post",headers:{"Content-Type":"application/json"},data:d});return l.data?.user&&l.data?.accessToken&&(s(l.data.user,l.data.accessToken),C(r)),l},async loginWithCode(n){let o=n.loginType||J(n);if(!o)return {data:null,error:{message:"Unable to determine login type. Please provide email or phone.",status:400},status:400};let d={...n,loginType:o},l=await e.request({url:"/api/auth/login-with-code",method:"post",headers:{"Content-Type":"application/json"},data:d});return l.data?.user&&l.data?.accessToken&&(s(l.data.user,l.data.accessToken),C(r)),l},async sendCode(n){return e.request({url:"/api/auth/send-code",method:"post",headers:{"Content-Type":"application/json"},data:n})},async getCaptcha(){return e.request({url:"/api/auth/captcha",method:"get"})},loginWithOAuth(n,o){if(typeof window>"u"){console.error("[AuthClient] OAuth login is only available in browser environment");return}let d=o?`/api/auth/oauth/${n}?redirect_url=${encodeURIComponent(o)}`:`/api/auth/oauth/${n}`;window.location.href=d;},async handleOAuthCallback(){if(typeof window>"u")return {data:null,error:{message:"OAuth callback is only available in browser environment",status:400},status:400};try{let n=window.location.hash.substring(1),o=D(n),d=W(n);if(!o)return {data:null,error:{message:"OAuth callback failed: missing access token",status:400},status:400};let l;if(d)l=JSON.parse(decodeURIComponent(d));else {a.setItem(c.ACCESS_TOKEN,o);let m=await e.request({url:"/api/auth/me",method:"get",headers:{Authorization:`Bearer ${o}`}});if(!m.data)return {data:null,error:{message:"OAuth callback failed: unable to fetch user info",status:m.status||500},status:m.status||500};l=m.data;}if(s(l,o),window.history&&window.history.replaceState){let m=window.location.pathname+window.location.search;window.history.replaceState(null,"",m);}else window.location.hash="";return C(r),{data:{user:l,accessToken:o},error:null,status:200}}catch(n){return {data:null,error:{message:`OAuth callback failed: ${n instanceof Error?n.message:String(n)}`,status:400},status:400}}},async loginWithMiniProgram(n){let o=await e.request({url:"/api/auth/miniprogram/login",method:"post",headers:{"Content-Type":"application/json"},data:{code:n}});return o.data?.user&&o.data?.accessToken&&(s(o.data.user,o.data.accessToken),C(r)),o},async getMiniProgramPhoneNumber(n){let o=a.getItem("amaster_access_token");return o?e.request({url:"/api/auth/miniprogram/phone",method:"post",headers:{"Content-Type":"application/json",Authorization:`Bearer ${o}`},data:{code:n}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async logout(){let n=a.getItem("amaster_access_token"),o=await e.request({url:"/api/auth/logout",method:"post",headers:n?{Authorization:`Bearer ${n}`}:void 0});return u(),o},async refreshToken(){let n=await e.request({url:"/api/auth/refresh",method:"post"});return n.data?.accessToken&&a.setItem("amaster_access_token",n.data.accessToken),n}}}function E(t){let{getCurrentUser:e}=t;return {hasRole(s){let r=e();return !r||!r.roles?false:r.roles.includes(s)},hasPermission(s,r){let a=e();if(!a||!a.permissions)return  false;let u=`${s}.${r}`;return a.permissions.includes(u)},hasAnyPermission(s){return s.some(({resource:r,action:a})=>this.hasPermission(r,a))},hasAllPermissions(s){return s.every(({resource:r,action:a})=>this.hasPermission(r,a))}}}function O(t){let{http:e,storage:s,onUserUpdate:r}=t;return {async getMe(){let a=s.getItem("amaster_access_token");if(!a)return {data:null,error:{message:"Not authenticated",status:401},status:401};let u=await e.request({url:"/api/auth/me",method:"get",headers:{Authorization:`Bearer ${a}`}});return u.data&&r(u.data),u},async updateMe(a){let u=s.getItem("amaster_access_token");if(!u)return {data:null,error:{message:"Not authenticated",status:401},status:401};let n=await e.request({url:"/api/auth/me",method:"put",headers:{Authorization:`Bearer ${u}`,"Content-Type":"application/json"},data:a});return n.data&&r(n.data),n},async changePassword(a){let u=s.getItem("amaster_access_token");return u?e.request({url:"/api/auth/change-password",method:"post",headers:{Authorization:`Bearer ${u}`,"Content-Type":"application/json"},data:a}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function b(t){let{http:e,storage:s}=t;return {async getOAuthBindings(){let r=s.getItem("amaster_access_token");return r?e.request({url:"/api/auth/oauth-bindings",method:"get",headers:{Authorization:`Bearer ${r}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},bindOAuth(r){if(typeof window>"u"){console.error("[AuthClient] OAuth binding is only available in browser environment");return}window.location.href=`/api/auth/oauth/${r}/bind`;},async unbindOAuth(r){let a=s.getItem("amaster_access_token");return a?e.request({url:`/api/auth/oauth/${r}/unbind`,method:"delete",headers:{Authorization:`Bearer ${a}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function M(t){let{http:e,storage:s}=t;return {async getSession(){let r=s.getItem("amaster_access_token");return r?e.request({url:"/api/auth/sessions/current",method:"get",headers:{Authorization:`Bearer ${r}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async getSessions(){let r=s.getItem("amaster_access_token");return r?e.request({url:"/api/auth/sessions",method:"get",headers:{Authorization:`Bearer ${r}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async revokeSession(r){let a=s.getItem("amaster_access_token");return a?r?e.request({url:`/api/auth/sessions/${r}`,method:"delete",headers:{Authorization:`Bearer ${a}`}}):{data:null,error:{message:"Session ID is required",status:400},status:400}:{data:null,error:{message:"Not authenticated",status:401},status:401}},async revokeAllSessions(){let r=s.getItem("amaster_access_token");return r?e.request({url:"/api/auth/sessions",method:"delete",headers:{Authorization:`Bearer ${r}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function V(t={},e){let {baseURL:s,headers:r,onTokenExpired:a,onUnauthorized:u,autoHandleOAuthCallback:n=true,autoRedirectAfterLogin:o=true}=t,d=e||httpClient.createHttpClient({...v,baseURL:s,headers:r}),m=300,h=k(),f=new R,A=new S,y=null;try{let i=h.getItem(c.USER);i&&(y=JSON.parse(i));}catch(i){console.error("[AuthClient] Failed to load user from storage:",i);}let g;A.setRefreshCallback(async()=>{let i=await g.refreshToken();i.data?(await g.getMe(),f.emit("tokenRefreshed",i.data.accessToken)):(f.emit("tokenExpired"),a?.());});function U(i,p){h.setItem(c.ACCESS_TOKEN,p),h.setItem(c.USER,JSON.stringify(i)),y=i,A.scheduleRefreshFromToken(p,m),f.emit("login",i);}function I(i){y=i,h.setItem(c.USER,JSON.stringify(i));}function w(){h.clear(),y=null,A.clearSchedule();}function x(){return y}let _=P({http:d,onLoginSuccess:U,autoRedirectAfterLogin:o,storage:h,clearAuth:w}),L=E({getCurrentUser:x}),H=O({http:d,storage:h,onUserUpdate:I}),N=b({http:d,storage:h}),$=M({http:d,storage:h});if(g={..._,...L,...H,...N,...$,on(i,p){f.on(i,p);},off(i,p){f.off(i,p);},isAuthenticated(){return !!h.getItem(c.ACCESS_TOKEN)},getAccessToken(){return h.getItem(c.ACCESS_TOKEN)},setAccessToken(i){h.setItem(c.ACCESS_TOKEN,i),A.scheduleRefreshFromToken(i,m);},clearAuth:w},g.on("unauthorized",()=>{u?.();}),g.isAuthenticated()&&g.getMe().catch(i=>{console.warn("[AuthClient] Failed to sync user info on init:",i);}),n&&typeof window<"u"){let i=window.location.hash;i&&(i.includes("access_token")||i.includes("accessToken"))&&g.handleOAuthCallback().then(p=>{p.error&&console.error("[AuthClient] Auto OAuth callback failed:",p.error);}).catch(p=>{console.error("[AuthClient] Auto OAuth callback error:",p);});}return g}exports.createAuthClient=V;exports.defaultHttpClientOptions=v;exports.transformAmasterResponse=T;//# sourceMappingURL=index.cjs.map
+'use strict';var httpClient=require('@amaster.ai/http-client');var A=class{constructor(){this.events={};}on(e,r){this.events[e]||(this.events[e]=[]),this.events[e].push(r);}off(e,r){this.events[e]&&(this.events[e]=this.events[e].filter(n=>n!==r));}emit(e,...r){this.events[e]&&this.events[e].forEach(n=>{try{n(...r);}catch(a){console.error(`[AuthClient] Error in event handler for "${e}":`,a);}});}removeAllListeners(){this.events={};}};var g={ACCESS_TOKEN:"amaster_access_token",REFRESH_TOKEN:"amaster_refresh_token",USER:"amaster_user"};function v(t){return globalThis[t]}function J(){let t=v("wx"),e=v("tt");return t?.getStorageSync&&t?.setStorageSync&&t?.removeStorageSync?"wechat-miniprogram":e?.getStorageSync&&e?.setStorageSync&&e?.removeStorageSync?"douyin-miniprogram":typeof window<"u"&&typeof window.localStorage<"u"?"browser":"node"}function O(){switch(J()){case "wechat-miniprogram":return b(v("wx"),"WeChat");case "douyin-miniprogram":return b(v("tt"),"Douyin");case "browser":return W();case "node":return Y()}}function W(){let t=window.localStorage;return {getItem(e){try{return t.getItem(e)}catch(r){return console.error("[AuthClient] Failed to get item from localStorage:",r),null}},setItem(e,r){try{t.setItem(e,r);}catch(n){console.error("[AuthClient] Failed to set item in localStorage:",n);}},removeItem(e){try{t.removeItem(e);}catch(r){console.error("[AuthClient] Failed to remove item from localStorage:",r);}},clear(){try{t.removeItem(g.ACCESS_TOKEN),t.removeItem(g.REFRESH_TOKEN),t.removeItem(g.USER);}catch(e){console.error("[AuthClient] Failed to clear localStorage:",e);}}}}function b(t,e){return {getItem(r){try{return t.getStorageSync(r)||null}catch(n){return console.error(`[AuthClient] Failed to get item from ${e} storage:`,n),null}},setItem(r,n){try{t.setStorageSync(r,n);}catch(a){console.error(`[AuthClient] Failed to set item in ${e} storage:`,a);}},removeItem(r){try{t.removeStorageSync(r);}catch(n){console.error(`[AuthClient] Failed to remove item from ${e} storage:`,n);}},clear(){try{t.removeStorageSync(g.ACCESS_TOKEN),t.removeStorageSync(g.REFRESH_TOKEN),t.removeStorageSync(g.USER);}catch(r){console.error(`[AuthClient] Failed to clear ${e} storage:`,r);}}}}function Y(){let t=new Map;return {getItem(e){return t.get(e)??null},setItem(e,r){t.set(e,r);},removeItem(e){t.delete(e);},clear(){t.clear();}}}function Q(t){try{let e=t.split(".");if(e.length!==3)return null;let n=(e[1]||"").replace(/-/g,"+").replace(/_/g,"/");if(typeof atob<"u"){let a=decodeURIComponent(atob(n).split("").map(l=>"%"+("00"+l.charCodeAt(0).toString(16)).slice(-2)).join(""));return JSON.parse(a)}if(typeof Buffer<"u"){let a=Buffer.from(n,"base64").toString("utf-8");return JSON.parse(a)}return null}catch(e){return console.error("[AuthClient] Failed to parse JWT token:",e),null}}var w=class{constructor(){this.refreshTimer=null;this.isRefreshing=false;this.refreshCallback=null;}setRefreshCallback(e){this.refreshCallback=e;}scheduleRefresh(e){this.clearSchedule(),!(e<=0)&&(this.refreshTimer=setTimeout(()=>{this.refresh();},e));}scheduleRefreshFromToken(e,r=300){let n=Q(e);if(!n||!n.exp){console.warn("[AuthClient] Cannot schedule refresh: invalid token or missing exp claim");return}let a=n.exp*1e3,l=Date.now(),s=a-l-r*1e3;s<=0?(console.warn("[AuthClient] Token already expired or expiring soon, refreshing immediately"),this.refresh()):this.scheduleRefresh(s);}async refresh(){if(!this.isRefreshing){if(!this.refreshCallback){console.error("[AuthClient] No refresh callback set");return}this.isRefreshing=true;try{await this.refreshCallback();}catch(e){console.error("[AuthClient] Token refresh failed:",e);}finally{this.isRefreshing=false;}}}clearSchedule(){this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null);}isCurrentlyRefreshing(){return this.isRefreshing}destroy(){this.clearSchedule(),this.refreshCallback=null,this.isRefreshing=false;}};function U(t){return t&&typeof t=="object"&&("statusCode"in t||"status"in t)&&"data"in t?t.data:t}var M={transformResponse:U,logErrors:true};function Z(t){if(t.email)return "email";if(t.username)return "username";if(t.phone)return "phone"}function ee(t){if(t.email)return "email";if(t.phone)return "phone"}function k(t){return t||(httpClient.detectMiniProgramPlatform()??"wechat")}function T(t){return typeof t=="string"?{code:t,platform:k()}:{code:t.code,platform:k(t.platform)}}function L(t,e){return e==="douyin"?`/api/auth/miniprogram/douyin/${t}`:`/api/auth/miniprogram/${t}`}async function te(t){let e=k(t),r=httpClient.getMiniProgramLogin(e),n=async a=>await new Promise((l,m)=>{let s=false,i=o=>{if(!s){if(s=true,typeof o?.code=="string"&&o.code){l(o.code);return}m(new Error("Mini Program login failed: missing code"));}},c=o=>{s||(s=true,m(new Error(`Mini Program login failed: ${o instanceof Error?o.message:String(o)}`)));};try{let o=a({success:i,fail:c});if(o&&typeof o.then=="function"){o.then(i,c);return}o&&typeof o=="object"&&"code"in o&&i(o);}catch(o){c(o);}});if(typeof r!="function")throw new Error(`Mini Program login API is not available for platform '${e}'`);return {code:await n(r),platform:e}}function re(t){if(typeof t=="string")return T(t);let e="detail"in t&&t.detail&&typeof t.detail=="object"?t.detail:null,r=typeof e?.code=="string"&&e.code?e.code:typeof t.code=="string"&&t.code?t.code:void 0;return r?{code:r,platform:k(t.platform)}:null}function ne(t){let e=new URLSearchParams(t);return e.get("access_token")||e.get("accessToken")}function oe(t){return new URLSearchParams(t).get("user")}function se(){if(typeof window>"u")return null;try{let t=new URLSearchParams(window.location.search).get("redirect");if(!t)return null;let e=new URL(t,window.location.origin);return e.origin!==window.location.origin?(console.warn("[AuthClient] Ignored cross-origin redirect target:",t),null):`${e.pathname}${e.search}${e.hash}`}catch(t){return console.warn("[AuthClient] Failed to resolve redirect target:",t),null}}var ie={replace(t){window.location.replace(t);}};function S(t,e){return e.handled?{...t,redirectHandled:true,redirectTarget:e.target}:t}function R(t){if(!t||typeof window>"u"||window.opener)return {handled:false};let e=se();return e?(ie.replace(e),{handled:true,target:e}):{handled:false}}function I(t){let{http:e,onLoginSuccess:r,onLogout:n,autoRedirectAfterLogin:a,storage:l,clearAuth:m}=t;return {async register(s){let i=await e.request({url:"/api/auth/register",method:"post",headers:{"Content-Type":"application/json"},data:s});if(i.data?.user&&i.data?.accessToken){r(i.data.user,i.data.accessToken);let c=R(a);i.data=S(i.data,c);}return i},async login(s){let i=s.loginType||Z(s);if(!i)return {data:null,error:{message:"Unable to determine login type. Please provide email, username, or phone.",status:400},status:400};let c={...s,loginType:i},o=await e.request({url:"/api/auth/login",method:"post",headers:{"Content-Type":"application/json"},data:c});if(o.data?.user&&o.data?.accessToken){r(o.data.user,o.data.accessToken);let p=R(a);o.data=S(o.data,p);}return o},async loginWithCode(s){let i=s.loginType||ee(s);if(!i)return {data:null,error:{message:"Unable to determine login type. Please provide email or phone.",status:400},status:400};let c={...s,loginType:i},o=await e.request({url:"/api/auth/login-with-code",method:"post",headers:{"Content-Type":"application/json"},data:c});if(o.data?.user&&o.data?.accessToken){r(o.data.user,o.data.accessToken);let p=R(a);o.data=S(o.data,p);}return o},async sendCode(s){return e.request({url:"/api/auth/send-code",method:"post",headers:{"Content-Type":"application/json"},data:s})},async getCaptcha(){return e.request({url:"/api/auth/captcha",method:"get"})},loginWithOAuth(s,i){if(typeof window>"u"){console.error("[AuthClient] OAuth login is only available in browser environment");return}let c=i?`/api/auth/oauth/${s}?redirect_url=${encodeURIComponent(i)}`:`/api/auth/oauth/${s}`;window.location.href=c;},async handleOAuthCallback(){if(typeof window>"u")return {data:null,error:{message:"OAuth callback is only available in browser environment",status:400},status:400};try{let s=window.location.hash.substring(1),i=ne(s),c=oe(s);if(!i)return {data:null,error:{message:"OAuth callback failed: missing access token",status:400},status:400};let o;if(c)o=JSON.parse(decodeURIComponent(c));else {l.setItem(g.ACCESS_TOKEN,i);let d=await e.request({url:"/api/auth/me",method:"get",headers:{Authorization:`Bearer ${i}`}});if(!d.data)return {data:null,error:{message:"OAuth callback failed: unable to fetch user info",status:d.status||500},status:d.status||500};o=d.data;}if(r(o,i),window.history&&window.history.replaceState){let d=window.location.pathname+window.location.search;window.history.replaceState(null,"",d);}else window.location.hash="";let p=R(a);return {data:S({user:o,accessToken:i},p),error:null,status:200}}catch(s){return {data:null,error:{message:`OAuth callback failed: ${s instanceof Error?s.message:String(s)}`,status:400},status:400}}},async loginWithMiniProgram(s){let{code:i,platform:c}=T(s),o=await e.request({url:L("login",c),method:"post",headers:{"Content-Type":"application/json"},data:{code:i}});if(o.data?.user&&o.data?.accessToken){r(o.data.user,o.data.accessToken);let p=R(a);o.data=S(o.data,p);}return o},async miniLogin(s={}){try{let i=await te(s.platform);return await this.loginWithMiniProgram(i)}catch(i){return {data:null,error:{message:i instanceof Error?i.message:String(i),status:400},status:400}}},async getMiniProgramPhoneNumber(s){let{code:i,platform:c}=T(s),o=l.getItem(g.ACCESS_TOKEN);return o?e.request({url:L("phone",c),method:"post",headers:{"Content-Type":"application/json",Authorization:`Bearer ${o}`},data:{code:i}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async miniGetPhone(s){let i=re(s);return i?this.getMiniProgramPhoneNumber(i):{data:null,error:{message:"Unable to resolve mini-program phone code from input",status:400},status:400}},async logout(){let s=l.getItem("amaster_access_token"),i=await e.request({url:"/api/auth/logout",method:"post",headers:s?{Authorization:`Bearer ${s}`}:void 0});return m(),n(),i},async refreshToken(){let s=await e.request({url:"/api/auth/refresh",method:"post"});return s.data?.accessToken&&l.setItem("amaster_access_token",s.data.accessToken),s}}}function _(t){let{getCurrentUser:e}=t;return {hasRole(r){let n=e();return !n||!n.roles?false:n.roles.includes(r)},hasPermission(r,n){let a=e();if(!a||!a.permissions)return  false;let l=`${r}.${n}`;return a.permissions.includes(l)},hasAnyPermission(r){return r.some(({resource:n,action:a})=>this.hasPermission(n,a))},hasAllPermissions(r){return r.every(({resource:n,action:a})=>this.hasPermission(n,a))}}}function x(t){let{http:e,storage:r,onUserUpdate:n}=t;return {async getMe(){let a=r.getItem("amaster_access_token");if(!a)return {data:null,error:{message:"Not authenticated",status:401},status:401};let l=await e.request({url:"/api/auth/me",method:"get",headers:{Authorization:`Bearer ${a}`}});return l.data&&n(l.data),l},async updateMe(a){let l=r.getItem("amaster_access_token");if(!l)return {data:null,error:{message:"Not authenticated",status:401},status:401};let m=await e.request({url:"/api/auth/me",method:"put",headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json"},data:a});return m.data&&n(m.data),m},async changePassword(a){let l=r.getItem("amaster_access_token");return l?e.request({url:"/api/auth/change-password",method:"post",headers:{Authorization:`Bearer ${l}`,"Content-Type":"application/json"},data:a}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function H(t){let{http:e,storage:r}=t;return {async getOAuthBindings(){let n=r.getItem("amaster_access_token");return n?e.request({url:"/api/auth/oauth-bindings",method:"get",headers:{Authorization:`Bearer ${n}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},bindOAuth(n){if(typeof window>"u"){console.error("[AuthClient] OAuth binding is only available in browser environment");return}window.location.href=`/api/auth/oauth/${n}/bind`;},async unbindOAuth(n){let a=r.getItem("amaster_access_token");return a?e.request({url:`/api/auth/oauth/${n}/unbind`,method:"delete",headers:{Authorization:`Bearer ${a}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function $(t){let{http:e,storage:r}=t;return {async getSession(){let n=r.getItem("amaster_access_token");return n?e.request({url:"/api/auth/sessions/current",method:"get",headers:{Authorization:`Bearer ${n}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async getSessions(){let n=r.getItem("amaster_access_token");return n?e.request({url:"/api/auth/sessions",method:"get",headers:{Authorization:`Bearer ${n}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}},async revokeSession(n){let a=r.getItem("amaster_access_token");return a?n?e.request({url:`/api/auth/sessions/${n}`,method:"delete",headers:{Authorization:`Bearer ${a}`}}):{data:null,error:{message:"Session ID is required",status:400},status:400}:{data:null,error:{message:"Not authenticated",status:401},status:401}},async revokeAllSessions(){let n=r.getItem("amaster_access_token");return n?e.request({url:"/api/auth/sessions",method:"delete",headers:{Authorization:`Bearer ${n}`}}):{data:null,error:{message:"Not authenticated",status:401},status:401}}}}function le(t={},e){let{baseURL:r,headers:n,onTokenExpired:a,onUnauthorized:l,autoHandleOAuthCallback:m=true,autoRedirectAfterLogin:s=true,runtime:i}=t;i&&httpClient.setMiniProgramRuntime(i);let c=e||httpClient.createHttpClient({...M,baseURL:r,headers:n,runtime:i}),p=300,d=O(),y=new A,C=new w,P=null;try{let u=d.getItem(g.USER);u&&(P=JSON.parse(u));}catch(u){console.error("[AuthClient] Failed to load user from storage:",u);}let f;C.setRefreshCallback(async()=>{let u=await f.refreshToken();u.data?(await f.getMe(),y.emit("tokenRefreshed",u.data.accessToken)):(y.emit("tokenExpired"),a?.());});function N(u,h){d.setItem(g.ACCESS_TOKEN,h),d.setItem(g.USER,JSON.stringify(u)),P=u,C.scheduleRefreshFromToken(h,p),y.emit("login",u);}function q(u){P=u,d.setItem(g.USER,JSON.stringify(u));}function B(){y.emit("logout");}function E(){d.clear(),P=null,C.clearSchedule();}function F(){return P}let G=I({http:c,onLoginSuccess:N,onLogout:B,autoRedirectAfterLogin:s,storage:d,clearAuth:E}),z=_({getCurrentUser:F}),K=x({http:c,storage:d,onUserUpdate:q}),j=H({http:c,storage:d}),D=$({http:c,storage:d});if(f={...G,...z,...K,...j,...D,on(u,h){y.on(u,h);},off(u,h){y.off(u,h);},isAuthenticated(){return !!d.getItem(g.ACCESS_TOKEN)},getAccessToken(){return d.getItem(g.ACCESS_TOKEN)},setAccessToken(u){d.setItem(g.ACCESS_TOKEN,u),C.scheduleRefreshFromToken(u,p);},clearAuth:E},f.on("unauthorized",()=>{l?.();}),f.isAuthenticated()&&f.getMe().catch(u=>{console.warn("[AuthClient] Failed to sync user info on init:",u);}),m&&typeof window<"u"){let u=window.location.hash;u&&(u.includes("access_token")||u.includes("accessToken"))&&f.handleOAuthCallback().then(h=>{h.error&&console.error("[AuthClient] Auto OAuth callback failed:",h.error);}).catch(h=>{console.error("[AuthClient] Auto OAuth callback error:",h);});}return f}exports.createAuthClient=le;exports.defaultHttpClientOptions=M;exports.transformAmasterResponse=U;//# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map