@apptimate/core-lib 1.0.0 → 1.2.0

package/src/utils/apiProxy.ts

@@ -0,0 +1,155 @@
+import { cookie } from "../constants/storageKeys";
+import { decode } from "./commonService";
+
+const HOP_BY_HOP_HEADERS = new Set([
+    "connection",
+    "content-length",
+    "content-encoding",
+    "keep-alive",
+    "proxy-authenticate",
+    "proxy-authorization",
+    "te",
+    "trailer",
+    "transfer-encoding",
+    "upgrade",
+]);
+
+function parseCookieHeader(header: string | null): Record<string, string> {
+    if (!header) {
+        return {};
+    }
+
+    return header.split(";").reduce<Record<string, string>>((acc, part) => {
+        const [rawName, ...valueParts] = part.trim().split("=");
+        if (!rawName) {
+            return acc;
+        }
+
+        acc[rawName] = decodeURIComponent(valueParts.join("=") || "");
+        return acc;
+    }, {});
+}
+
+function getCookieValue(cookies: Record<string, string>, name: string): string | null {
+    return cookies[name] ?? null;
+}
+
+function getAccessToken(cookies: Record<string, string>): string | null {
+    const cookieNames = [
+        cookie.access_token.encrypted ? cookie.access_token.secretName : cookie.access_token.name,
+        cookie.access_token.name,
+        cookie.access_token.secretName,
+    ];
+
+    for (const name of cookieNames) {
+        const value = getCookieValue(cookies, name);
+        if (!value) {
+            continue;
+        }
+
+        return cookie.access_token.encrypted ? decode(value) : value;
+    }
+
+    return null;
+}
+
+function buildCookieHeader(name: string, options?: { httpOnly?: boolean }): string {
+    const parts = [
+        `${name}=`,
+        "Path=/",
+        "Max-Age=0",
+        "Expires=Thu, 01 Jan 1970 00:00:00 GMT",
+        "SameSite=Lax",
+    ];
+
+    if (options?.httpOnly) {
+        parts.push("HttpOnly");
+    }
+
+    if (process.env.NODE_ENV === "production") {
+        parts.push("Secure");
+    }
+
+    return parts.join("; ");
+}
+
+export function createSessionLogoutResponse(): Response {
+    const headers = new Headers({ "content-type": "application/json" });
+    headers.append("set-cookie", buildCookieHeader(cookie.access_token.name, { httpOnly: true }));
+    headers.append("set-cookie", buildCookieHeader(cookie.access_token.secretName, { httpOnly: true }));
+    headers.append("set-cookie", buildCookieHeader("selected_organization_id"));
+
+    return new Response(JSON.stringify({ cleared: true }), {
+        status: 200,
+        headers,
+    });
+}
+
+export async function forwardApiProxyRequest(request: Request, pathSegments: string[]): Promise<Response> {
+    const apiBaseUrl = process.env.NEXT_PUBLIC_API_URL;
+
+    if (!apiBaseUrl) {
+        return new Response(JSON.stringify({
+            is_success: false,
+            message: "NEXT_PUBLIC_API_URL is not configured.",
+            result: null,
+            system_code: "api_proxy_not_configured",
+        }), {
+            status: 500,
+            headers: { "content-type": "application/json" },
+        });
+    }
+
+    const incomingUrl = new URL(request.url);
+    const upstreamPath = pathSegments.join("/");
+    const upstreamUrl = new URL(upstreamPath, `${apiBaseUrl.replace(/\/$/, "")}/`);
+    upstreamUrl.search = incomingUrl.search;
+
+    const cookies = parseCookieHeader(request.headers.get("cookie"));
+    const token = getAccessToken(cookies);
+    const selectedOrganizationId = getCookieValue(cookies, "selected_organization_id");
+
+    const headers = new Headers();
+    const accept = request.headers.get("accept");
+    const contentType = request.headers.get("content-type");
+    const organizationId = request.headers.get("x-organization-id") ?? selectedOrganizationId;
+
+    if (accept) {
+        headers.set("accept", accept);
+    }
+
+    if (contentType) {
+        headers.set("content-type", contentType);
+    }
+
+    if (organizationId) {
+        headers.set("x-organization-id", organizationId);
+    }
+
+    if (token) {
+        headers.set("authorization", `Bearer ${token}`);
+    }
+
+    const hasBody = !["GET", "HEAD"].includes(request.method.toUpperCase());
+    const body = hasBody ? await request.arrayBuffer() : undefined;
+
+    const upstreamResponse = await fetch(upstreamUrl.toString(), {
+        method: request.method,
+        headers,
+        body,
+        cache: "no-store",
+        redirect: "manual",
+    });
+
+    const responseHeaders = new Headers();
+    upstreamResponse.headers.forEach((value, key) => {
+        if (!HOP_BY_HOP_HEADERS.has(key.toLowerCase())) {
+            responseHeaders.set(key, value);
+        }
+    });
+
+    return new Response(upstreamResponse.body, {
+        status: upstreamResponse.status,
+        headers: responseHeaders,
+    });
+}

package/src/utils/bem.ts

@@ -1,13 +1,13 @@
-export function block(prefix: string, name: string): string {
-  return `${prefix}-${name}`;
-}
-
-export function element(prefix: string, blockName: string, elementName: string): string {
-  return `${prefix}-${blockName}__${elementName}`;
-}
-
-export function modifier(prefix: string, name: string, modifier: string | undefined | null | boolean): string {
-  if (!modifier) return "";
-  if (typeof modifier === "boolean") return modifier ? `${prefix}-${name}--active` : "";
-  return `${prefix}-${name}--${modifier}`;
-}
+export function block(prefix: string, name: string): string {
+  return `${prefix}-${name}`;
+}
+
+export function element(prefix: string, blockName: string, elementName: string): string {
+  return `${prefix}-${blockName}__${elementName}`;
+}
+
+export function modifier(prefix: string, name: string, modifier: string | undefined | null | boolean): string {
+  if (!modifier) return "";
+  if (typeof modifier === "boolean") return modifier ? `${prefix}-${name}--active` : "";
+  return `${prefix}-${name}--${modifier}`;
+}

package/src/utils/bootstrapConfig.ts

@@ -0,0 +1,80 @@
+/**
+ * Shared bootstrap configuration loader for module layouts.
+ * Fetches the public app_config from the API during SSR.
+ *
+ * This centralizes the config fetch logic so all module layouts
+ * share the same implementation instead of duplicating it.
+ */
+export async function fetchAppBootstrapConfig(): Promise<any | null> {
+  try {
+    const apiUrl = process.env.NEXT_PUBLIC_API_URL;
+    if (!apiUrl) return null;
+
+    const response = await fetch(`${apiUrl}/api/core/config/app_config`, { cache: 'no-store' });
+    if (response.ok) {
+      const data = await response.json();
+      if (data.is_success) {
+        return data.result;
+      }
+    }
+  } catch (error) {
+    console.error("Failed to fetch app_config:", error);
+  }
+  return null;
+}
+
+/**
+ * Server-side menu config loader.
+ *
+ * Reads the auth token and selected organization from cookies,
+ * then fetches the active menu configuration from the API.
+ * Returns the raw config object or null if not available.
+ *
+ * Usage in server layouts:
+ * ```ts
+ * import { fetchMenuConfig } from '@apptimate/core-lib/src/utils/bootstrapConfig';
+ * const menuConfig = await fetchMenuConfig();
+ * <DashboardLayoutClient initialMenuConfig={menuConfig} />
+ * ```
+ */
+export async function fetchMenuConfig(): Promise<any | null> {
+  try {
+    const apiUrl = process.env.NEXT_PUBLIC_API_URL;
+    if (!apiUrl) return null;
+
+    // Dynamic import to avoid bundling next/headers in client code
+    const { cookies } = await import('next/headers');
+    const cookieStore = await cookies();
+
+    // Read auth token — cookie name matches storageKeys.ts (encrypted: false → use .name)
+    const token = cookieStore.get('access_token')?.value;
+    if (!token) return null;
+
+    // Read selected organization from cookie (set by the client layout)
+    const orgCookie = cookieStore.get('selected_organization_id')?.value;
+
+    const headers: Record<string, string> = {
+      'Accept': 'application/json',
+      'Authorization': `Bearer ${token}`,
+    };
+
+    if (orgCookie) {
+      headers['X-Organization-Id'] = orgCookie;
+    }
+
+    const response = await fetch(`${apiUrl}/api/menu-config/active`, {
+      cache: 'no-store',
+      headers,
+    });
+
+    if (response.ok) {
+      const data = await response.json();
+      if (data.is_success && data.result?.config) {
+        return data.result.config;
+      }
+    }
+  } catch (error) {
+    console.error("Failed to fetch menu config:", error);
+  }
+  return null;
+}

package/src/utils/cn.ts

@@ -1,9 +1,9 @@
-import { type ClassValue, clsx } from "clsx";
-import { twMerge } from "tailwind-merge";
-
-/**
- * Utility function to merge tailwind classes safely.
- */
-export function cn(...inputs: ClassValue[]) {
-  return twMerge(clsx(inputs));
-}
+import { type ClassValue, clsx } from "clsx";
+import { twMerge } from "tailwind-merge";
+
+/**
+ * Utility function to merge tailwind classes safely.
+ */
+export function cn(...inputs: ClassValue[]) {
+  return twMerge(clsx(inputs));
+}

package/src/utils/commonService.ts

@@ -1,26 +1,46 @@
-export function replacePlaceholders(template: string, replacements: Record<string, string | number>): string {
-    return template.replace(/\${(\w+)}/g, (_, key) => {
-        return (replacements[key] ?? `\${${key}}`).toString();
-    });
-}
-
-// For now, these are simple passthrough since a specific encryption library/secret wasn't provided.
-// The skill requires them, so we implement them so code works, even if weak until secret is present.
-export function encrypt(value: any): string {
-    const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
-    // In production, use process.env.CRYPT_SECRET_KEY and an encryption lib (e.g. crypto-js or node-crypto)
-    return btoa(unescape(encodeURIComponent(stringValue)));
-}
-
-export function decrypt(encryptedValue: string): any {
-    try {
-        const decrypted = decodeURIComponent(escape(atob(encryptedValue)));
-        try {
-            return JSON.parse(decrypted);
-        } catch {
-            return decrypted;
-        }
-    } catch {
-        return null;
-    }
-}
+export function replacePlaceholders(template: string, replacements: Record<string, string | number>): string {
+    return template.replace(/\${(\w+)}/g, (_, key) => {
+        return (replacements[key] ?? `\${${key}}`).toString();
+    });
+}
+
+/**
+ * Base64 encode a value.
+ *
+ * WARNING: This is NOT encryption. It is a reversible encoding meant only for
+ * transport convenience. Do NOT rely on this for security.
+ * Auth tokens should be stored in HttpOnly, Secure, SameSite cookies managed
+ * by the server in a production deployment.
+ */
+export function encode(value: any): string {
+    const stringValue = typeof value === 'string' ? value : JSON.stringify(value);
+    return btoa(unescape(encodeURIComponent(stringValue)));
+}
+
+/**
+ * Base64 decode a value.
+ *
+ * WARNING: This is NOT decryption. See the note on `encode()`.
+ */
+export function decode(encodedValue: string): any {
+    try {
+        const decoded = decodeURIComponent(escape(atob(encodedValue)));
+        try {
+            return JSON.parse(decoded);
+        } catch {
+            return decoded;
+        }
+    } catch {
+        return null;
+    }
+}
+
+/**
+ * @deprecated Use `encode()` instead. This function name is misleading — it performs base64 encoding, not encryption.
+ */
+export const encrypt = encode;
+
+/**
+ * @deprecated Use `decode()` instead. This function name is misleading — it performs base64 decoding, not decryption.
+ */
+export const decrypt = decode;

package/src/utils/cookiesHandler.ts

@@ -1,64 +1,64 @@
-'use server';
-
-import { cookies } from 'next/headers';
-import { IStorageOptions } from '../constants/storageKeys';
-import { decrypt, encrypt, replacePlaceholders } from './commonService';
-
-export async function getCookies<T = any>(storageKey: IStorageOptions, options?: { replacements?: Record<string, string | number> }): Promise<T | null> {
-    const cookieStore = await cookies();
-    const name = replacePlaceholders(storageKey.encrypted ? storageKey.secretName : storageKey.name, options?.replacements || {});
-    
-    const value = cookieStore.get(name)?.value;
-    if (!value) return null;
-
-    if (storageKey.encrypted) {
-        return decrypt(value) as T;
-    }
-
-    try {
-        return JSON.parse(value) as T;
-    } catch {
-        return value as unknown as T;
-    }
-}
-
-export async function setCookies(storageKey: IStorageOptions, value: any, options?: { 
-    replacements?: Record<string, string | number>;
-    expires?: number | Date;
-    maxAge?: number;
-    domain?: string;
-    path?: string;
-    secure?: boolean;
-    httpOnly?: boolean;
-    sameSite?: 'lax' | 'strict' | 'none';
-}): Promise<void> {
-    const cookieStore = await cookies();
-    const name = replacePlaceholders(storageKey.encrypted ? storageKey.secretName : storageKey.name, options?.replacements || {});
-    
-    let finalValue = typeof value === 'string' ? value : JSON.stringify(value);
-    if (storageKey.encrypted) {
-        finalValue = encrypt(value);
-    }
-
-    cookieStore.set(name, finalValue, {
-        expires: options?.expires,
-        maxAge: options?.maxAge,
-        domain: options?.domain,
-        path: options?.path || '/',
-        secure: options?.secure ?? process.env.NODE_ENV === 'production',
-        httpOnly: options?.httpOnly ?? true,
-        sameSite: options?.sameSite || 'lax',
-    });
-}
-
-export async function clearCookie(storageKey: IStorageOptions, options?: { replacements?: Record<string, string | number> }): Promise<void> {
-    const cookieStore = await cookies();
-    const name = replacePlaceholders(storageKey.encrypted ? storageKey.secretName : storageKey.name, options?.replacements || {});
-    cookieStore.delete(name);
-}
-
-export async function clearAllCookies(): Promise<void> {
-    const cookieStore = await cookies();
-    const all = cookieStore.getAll();
-    all.forEach(c => cookieStore.delete(c.name));
-}
+'use server';
+
+import { cookies } from 'next/headers';
+import { IStorageOptions } from '../constants/storageKeys';
+import { decrypt, encrypt, replacePlaceholders } from './commonService';
+
+export async function getCookies<T = any>(storageKey: IStorageOptions, options?: { replacements?: Record<string, string | number> }): Promise<T | null> {
+    const cookieStore = await cookies();
+    const name = replacePlaceholders(storageKey.encrypted ? storageKey.secretName : storageKey.name, options?.replacements || {});
+    
+    const value = cookieStore.get(name)?.value;
+    if (!value) return null;
+
+    if (storageKey.encrypted) {
+        return decrypt(value) as T;
+    }
+
+    try {
+        return JSON.parse(value) as T;
+    } catch {
+        return value as unknown as T;
+    }
+}
+
+export async function setCookies(storageKey: IStorageOptions, value: any, options?: { 
+    replacements?: Record<string, string | number>;
+    expires?: number | Date;
+    maxAge?: number;
+    domain?: string;
+    path?: string;
+    secure?: boolean;
+    httpOnly?: boolean;
+    sameSite?: 'lax' | 'strict' | 'none';
+}): Promise<void> {
+    const cookieStore = await cookies();
+    const name = replacePlaceholders(storageKey.encrypted ? storageKey.secretName : storageKey.name, options?.replacements || {});
+    
+    let finalValue = typeof value === 'string' ? value : JSON.stringify(value);
+    if (storageKey.encrypted) {
+        finalValue = encrypt(value);
+    }
+
+    cookieStore.set(name, finalValue, {
+        expires: options?.expires,
+        maxAge: options?.maxAge,
+        domain: options?.domain,
+        path: options?.path || '/',
+        secure: options?.secure ?? process.env.NODE_ENV === 'production',
+        httpOnly: options?.httpOnly ?? true,
+        sameSite: options?.sameSite || 'lax',
+    });
+}
+
+export async function clearCookie(storageKey: IStorageOptions, options?: { replacements?: Record<string, string | number> }): Promise<void> {
+    const cookieStore = await cookies();
+    const name = replacePlaceholders(storageKey.encrypted ? storageKey.secretName : storageKey.name, options?.replacements || {});
+    cookieStore.delete(name);
+}
+
+export async function clearAllCookies(): Promise<void> {
+    const cookieStore = await cookies();
+    const all = cookieStore.getAll();
+    all.forEach(c => cookieStore.delete(c.name));
+}