@archbase/security 3.0.0 → 3.0.2

package/dist/src/examples/ContextualAuthenticationExample.d.ts

@@ -0,0 +1,113 @@
+import { ArchbaseAuthenticator, ArchbaseAccessToken, ContextualAuthenticationRequest, ContextualAuthenticationResponse, FlexibleLoginRequest, SocialLoginRequest, RegisterUserRequest } from '@archbase/security';
+/**
+ * Exemplo de implementação de um ArchbaseAuthenticator com métodos contextuais opcionais
+ */
+export declare class ExampleContextualAuthenticator implements ArchbaseAuthenticator {
+    login(username: string, password: string): Promise<ArchbaseAccessToken>;
+    refreshToken(refresh_token: string): Promise<ArchbaseAccessToken>;
+    sendResetPasswordEmail(email: string): Promise<void>;
+    resetPassword(email: string, passwordResetToken: string, newPassword: string): Promise<void>;
+    loginWithContext(request: ContextualAuthenticationRequest): Promise<{
+        access_token: string;
+        refresh_token: string;
+        expires_in: number;
+        id_token: string;
+        token_type: string;
+        user: {
+            id: {
+                identifier: string;
+            };
+            name: string;
+            description: string;
+            userName: string;
+            email: string;
+            createEntityDate: string;
+            version: number;
+            changePasswordOnNextLogin: boolean;
+            allowPasswordChange: boolean;
+            allowMultipleLogins: boolean;
+            passwordNeverExpires: boolean;
+            accountDeactivated: boolean;
+            accountLocked: boolean;
+            unlimitedAccessHours: boolean;
+            isAdministrator: boolean;
+            groups: any[];
+            profile: any;
+            avatar: any;
+            nickname: any;
+        };
+        context: {
+            type: any;
+            adminId: string;
+            name: string;
+            email: string;
+            profilePicture: any;
+            accessLevel: string;
+            availableModules: string[];
+            status: string;
+        };
+    }>;
+    loginFlexible(request: FlexibleLoginRequest): Promise<{
+        access_token: string;
+        refresh_token: string;
+        expires_in: number;
+        id_token: string;
+        token_type: string;
+        user: {
+            id: {
+                identifier: string;
+            };
+            name: string;
+            description: string;
+            userName: string;
+            email: string;
+            createEntityDate: string;
+            version: number;
+            changePasswordOnNextLogin: boolean;
+            allowPasswordChange: boolean;
+            allowMultipleLogins: boolean;
+            passwordNeverExpires: boolean;
+            accountDeactivated: boolean;
+            accountLocked: boolean;
+            unlimitedAccessHours: boolean;
+            isAdministrator: boolean;
+            groups: any[];
+            profile: any;
+            avatar: any;
+            nickname: any;
+        };
+        context: {
+            type: any;
+            adminId: string;
+            name: string;
+            email: string;
+            profilePicture: any;
+            accessLevel: string;
+            availableModules: string[];
+            status: string;
+        };
+    }>;
+    loginSocial(request: SocialLoginRequest): Promise<ContextualAuthenticationResponse>;
+    register(request: RegisterUserRequest): Promise<{
+        email: any;
+        businessId: string;
+        message: string;
+    }>;
+    getSupportedContexts(): Promise<{
+        supportedContexts: string[];
+        defaultContext: string;
+    }>;
+    validateContext(context: string): Promise<{
+        context: string;
+        supported: boolean;
+    }>;
+    private resolveEmailFromIdentifier;
+}
+/**
+ * Exemplo de uso do hook com recursos contextuais
+ */
+export declare function ExampleUsageComponent(): any;
+/**
+ * Exemplo de como verificar capacidades antes de usar
+ */
+export declare function CapabilitiesExample(): any;

package/dist/src/examples/SecurityExample.d.ts

@@ -0,0 +1,2 @@
+import { default as React } from 'react';
+export declare const SecurityExample: React.FC;

package/dist/src/hooks/index.d.ts

@@ -0,0 +1,5 @@
+export * from './useArchbaseSecurityManager';
+export * from './useArchbaseGetLoggedUser';
+export * from './useArchbaseAuthenticationManager';
+export * from './useArchbaseGetCurrentToken';
+export * from './useArchbaseResetPassword';

package/dist/src/hooks/useArchbaseAuthenticationManager.d.ts

@@ -0,0 +1,36 @@
+import { ContextualAuthenticationRequest, FlexibleLoginRequest, SocialLoginRequest, RegisterUserRequest, SupportedContextsResponse, ContextValidationResponse, ContextObject } from '../types/ContextualAuthentication';
+export interface AuthenticationManagerReturnType {
+    login: (username: string, password: string, rememberMe: boolean) => void;
+    logout: (clearRememberMe?: boolean) => void;
+    username: string;
+    isAuthenticating: boolean;
+    isInitializing: boolean;
+    isAuthenticated: boolean;
+    isError: boolean;
+    error: any;
+    clearError: () => void;
+    accessToken?: string | null;
+    loginWithContext?: (request: ContextualAuthenticationRequest, rememberMe?: boolean) => Promise<void>;
+    loginFlexible?: (request: FlexibleLoginRequest, rememberMe?: boolean) => Promise<void>;
+    loginSocial?: (request: SocialLoginRequest) => Promise<void>;
+    register?: (request: RegisterUserRequest) => Promise<{
+        email: string;
+        businessId?: string;
+        message: string;
+    }>;
+    getSupportedContexts?: () => Promise<SupportedContextsResponse>;
+    validateContext?: (context: string) => Promise<ContextValidationResponse>;
+    context?: ContextObject | null;
+    capabilities: {
+        hasContextualLogin: boolean;
+        hasFlexibleLogin: boolean;
+        hasSocialLogin: boolean;
+        hasRegistration: boolean;
+        hasContextSupport: boolean;
+    };
+}
+export interface ArchbaseAuthenticationManagerProps {
+    checkIntervalTokenHasExpired?: number;
+    expirationThresholdOfToken?: number;
+}
+export declare const useArchbaseAuthenticationManager: ({ checkIntervalTokenHasExpired, expirationThresholdOfToken }: ArchbaseAuthenticationManagerProps) => AuthenticationManagerReturnType;

package/dist/src/hooks/useArchbaseGetCurrentToken.d.ts

@@ -0,0 +1,4 @@
+export interface GetCurrentTokenReturnType {
+    token: string | null;
+}
+export declare const useArchbaseGetCurrentToken: () => GetCurrentTokenReturnType;

package/dist/src/hooks/useArchbaseGetLoggedUser.d.ts

@@ -0,0 +1,2 @@
+import { ArchbaseUser } from '../ArchbaseUser';
+export declare const useArchbaseGetLoggedUser: () => ArchbaseUser | null;

package/dist/src/hooks/useArchbaseResetPassword.d.ts

@@ -0,0 +1,8 @@
+export interface ResetPasswordReturnType {
+    sendResetPasswordEmail: (email: string) => Promise<void>;
+    resetPassword: (email: string, passwordResetToken: string, newPassword: string) => Promise<void>;
+    isError: boolean;
+    error: any;
+    clearError: () => void;
+}
+export declare const useArchbaseResetPassword: () => ResetPasswordReturnType;

package/dist/src/hooks/useArchbaseSecurityManager.d.ts

@@ -0,0 +1,11 @@
+import { ArchbaseSecurityManager } from '../ArchbaseSecurityManager';
+export declare const ARCHBASE_SECURITY_MANAGER_STORE = "archbaseSecurityManagerStore";
+export type UseArchbaseSecurityManagerProps = {
+    resourceName: string;
+    resourceDescription: string;
+    enableSecurity?: boolean;
+};
+export type UseArchbaseSecurityManagerReturnType = {
+    securityManager: ArchbaseSecurityManager;
+};
+export declare const useArchbaseSecurityManager: ({ resourceName, resourceDescription, enableSecurity }: UseArchbaseSecurityManagerProps) => UseArchbaseSecurityManagerReturnType;

package/dist/src/index.d.ts

@@ -0,0 +1,27 @@
+export * from './ArchbaseAccessToken';
+export * from './ArchbaseAuthenticator';
+export * from './ArchbaseTokenManager';
+export * from './ArchbaseUser';
+export * from './DefaultArchbaseTokenManager';
+export * from './types/ContextualAuthentication';
+export * from './oauth2';
+export * from './ArchbaseSecurityManager';
+export * from './ArchbaseTenantManager';
+export * from './ArchbaseUserService';
+export * from './ArchbaseGroupService';
+export * from './ArchbaseProfileService';
+export * from './ArchbaseApiTokenService';
+export * from './ArchbaseAccessTokenService';
+export * from './ArchbaseResourceService';
+export * from './ArchbaseLogin';
+export * from './ArchbaseResetPassword';
+export * from './SecurityType';
+export * from './SecurityDomain';
+export * from './hooks';
+export { ArchbaseSecurityProvider, ArchbaseViewSecurityProvider } from './ArchbaseSecurityContext';
+export { useArchbaseSecurity, useArchbaseViewSecurity, useArchbaseSecureForm, useArchbasePermissionCheck } from './ArchbaseSecurityHooks';
+export { ArchbaseProtectedComponent, ArchbaseSecureActionButton, ArchbaseSecureFormField, withArchbaseSecurity } from './ArchbaseSecurityComponents';
+export type { ArchbaseSecurityContextType, ArchbaseViewSecurityContextType, ArchbaseSecurityProviderProps, ArchbaseViewSecurityProviderProps } from './ArchbaseSecurityContext';
+export type { ArchbaseProtectedComponentProps, ArchbaseSecureActionButtonProps, ArchbaseSecureFormFieldProps } from './ArchbaseSecurityComponents';
+export type { UseArchbaseSecureFormReturn } from './ArchbaseSecurityHooks';
+export type * from './types/ArchbaseSecurityTypes';

package/dist/src/oauth2/AuthContext.d.ts

@@ -0,0 +1,4 @@
+import { default as React } from 'react';
+import { IArchbaseAuthContext, IArchbaseAuthProvider } from './Types';
+export declare const ArchbaseAuthContext: React.Context<IArchbaseAuthContext>;
+export declare const ArchbaseAuthProvider: ({ authConfig, children }: IArchbaseAuthProvider) => import("react/jsx-runtime").JSX.Element;

package/dist/src/oauth2/Types.d.ts

@@ -0,0 +1,108 @@
+import { ReactNode } from 'react';
+interface TTokenRqBase {
+    grant_type: string;
+    scope?: string;
+    client_id: string;
+    redirect_uri: string;
+}
+export interface TTokenRequestWithCodeAndVerifier extends TTokenRqBase {
+    code: string;
+    code_verifier: string;
+}
+export interface TTokenRequestForRefresh extends TTokenRqBase {
+    refresh_token: string;
+}
+export type TTokenRequest = TTokenRequestWithCodeAndVerifier | TTokenRequestForRefresh;
+export type TTokenData = {
+    [x: string]: any;
+};
+export type TTokenResponse = {
+    access_token: string;
+    scope: string;
+    token_type: string;
+    expires_in?: number;
+    refresh_token?: string;
+    refresh_token_expires_in?: number;
+    refresh_expires_in?: number;
+    id_token?: string;
+};
+export interface IArchbaseAuthProvider {
+    authConfig: TArchbaseAuthConfig;
+    children: ReactNode;
+}
+export interface IArchbaseAuthContext {
+    token: string;
+    logOut: (state?: string, logoutHint?: string) => void;
+    login: (state?: string) => void;
+    error: string | null;
+    tokenData?: TTokenData;
+    idToken?: string;
+    idTokenData?: TTokenData;
+    loginInProgress: boolean;
+}
+export type TArchbaseAuthConfig = {
+    clientId: string;
+    authorizationEndpoint: string;
+    tokenEndpoint: string;
+    redirectUri: string;
+    scope?: string;
+    state?: string;
+    logoutEndpoint?: string;
+    logoutRedirect?: string;
+    preLogin?: () => void;
+    postLogin?: () => void;
+    onRefreshTokenExpire?: (event: TArchbaseRefreshTokenExpiredEvent) => void;
+    decodeToken?: boolean;
+    autoLogin?: boolean;
+    clearURL?: boolean;
+    extraAuthParams?: {
+        [key: string]: string | boolean | number;
+    };
+    extraAuthParameters?: {
+        [key: string]: string | boolean | number;
+    };
+    extraTokenParameters?: {
+        [key: string]: string | boolean | number;
+    };
+    extraLogoutParameters?: {
+        [key: string]: string | boolean | number;
+    };
+    tokenExpiresIn?: number;
+    refreshTokenExpiresIn?: number;
+    storage?: 'session' | 'local';
+};
+export type TArchbaseRefreshTokenExpiredEvent = {
+    login: () => void;
+};
+export type TInternalConfig = {
+    clientId: string;
+    authorizationEndpoint: string;
+    tokenEndpoint: string;
+    redirectUri: string;
+    scope?: string;
+    state?: string;
+    logoutEndpoint?: string;
+    logoutRedirect?: string;
+    preLogin?: () => void;
+    postLogin?: () => void;
+    onRefreshTokenExpire?: (event: TArchbaseRefreshTokenExpiredEvent) => void;
+    decodeToken: boolean;
+    autoLogin: boolean;
+    clearURL: boolean;
+    extraAuthParams?: {
+        [key: string]: string | boolean | number;
+    };
+    extraAuthParameters?: {
+        [key: string]: string | boolean | number;
+    };
+    extraTokenParameters?: {
+        [key: string]: string | boolean | number;
+    };
+    extraLogoutParameters?: {
+        [key: string]: string | boolean | number;
+    };
+    tokenExpiresIn?: number;
+    refreshTokenExpiresIn?: number;
+    storage: 'session' | 'local';
+};
+export {};

package/dist/src/oauth2/authConfig.d.ts

@@ -0,0 +1,3 @@
+import { TArchbaseAuthConfig, TInternalConfig } from './Types';
+export declare function createInternalConfig(passedConfig: TArchbaseAuthConfig): TInternalConfig;
+export declare function validateConfig(config: TInternalConfig): void;

package/dist/src/oauth2/authentication.d.ts

@@ -0,0 +1,9 @@
+import { TInternalConfig, TTokenResponse } from './Types';
+export declare function redirectToLogin(config: TInternalConfig, customState?: string): Promise<void>;
+export declare const fetchTokens: (config: TInternalConfig) => Promise<TTokenResponse>;
+export declare const fetchWithRefreshToken: (props: {
+    config: TInternalConfig;
+    refreshToken: string;
+}) => Promise<TTokenResponse>;
+export declare function redirectToLogout(config: TInternalConfig, token: string, refresh_token?: string, idToken?: string, state?: string, logoutHint?: string): void;
+export declare function validateState(urlParams: URLSearchParams): void;

package/dist/src/oauth2/decodeJWT.d.ts

@@ -0,0 +1,5 @@
+import { TTokenData } from './Types';
+/**
+ * Decodifica o JWT codificado em base64. Retorna um TToken.
+ */
+export declare const decodeJWT: (token: string) => TTokenData;

package/dist/src/oauth2/errors.d.ts

@@ -0,0 +1,5 @@
+export declare class FetchError extends Error {
+    status: number;
+    statusText: string;
+    constructor(status: number, statusText: string, message: string);
+}

package/dist/src/oauth2/hooks.d.ts

@@ -0,0 +1,2 @@
+declare function useBrowserStorage<T>(key: string, initialValue: T, type: 'session' | 'local'): [T, (v: T) => void];
+export default useBrowserStorage;

package/dist/src/oauth2/httpUtils.d.ts

@@ -0,0 +1,2 @@
+import { TTokenRequest } from './Types';
+export declare function postWithXForm(url: string, request: TTokenRequest): Promise<Response>;

package/dist/src/oauth2/index.d.ts

@@ -0,0 +1,10 @@
+export { ArchbaseAuthProvider, ArchbaseAuthContext } from './AuthContext';
+export type { TArchbaseAuthConfig, IArchbaseAuthProvider, IArchbaseAuthContext, TArchbaseRefreshTokenExpiredEvent, TTokenRequestWithCodeAndVerifier, TTokenRequestForRefresh, TTokenRequest, TTokenData, TTokenResponse, TInternalConfig, } from './Types';
+export { epochAtSecondsFromNow, epochTimeIsPast, getRefreshExpiresIn } from './timeUtils';
+export { getRandomInteger, generateRandomString, generateCodeChallenge } from './pkceUtils';
+export { postWithXForm } from './httpUtils';
+export * as useBrowserStorage from './hooks';
+export { FetchError } from './errors';
+export { decodeJWT } from './decodeJWT';
+export { redirectToLogin, fetchTokens, fetchWithRefreshToken, redirectToLogout, validateState } from './authentication';
+export { createInternalConfig, validateConfig } from './authConfig';

package/dist/src/oauth2/pkceUtils.d.ts

@@ -0,0 +1,6 @@
+export declare function getRandomInteger(range: number): number;
+export declare function generateRandomString(length: number): string;
+/**
+ *  PKCE Code Challenge = base64url(hash(codeVerifier))
+ */
+export declare function generateCodeChallenge(codeVerifier: string): Promise<string>;

package/dist/src/oauth2/timeUtils.d.ts

@@ -0,0 +1,9 @@
+import { TTokenResponse } from './Types';
+export declare const FALLBACK_EXPIRE_TIME = 600;
+export declare const epochAtSecondsFromNow: (secondsFromNow: number) => number;
+/**
+ * Verifique se o token de acesso expirou.
+ * Retornará True se o token expirou OU falta menos de 30 segundos para expirar.
+ */
+export declare function epochTimeIsPast(timestamp: number): boolean;
+export declare function getRefreshExpiresIn(tokenExpiresIn: number, response: TTokenResponse): number;

package/dist/src/types/ArchbaseSecurityTypes.d.ts

@@ -0,0 +1,50 @@
+import { ReactNode } from 'react';
+import { ArchbaseSecurityManager } from '../ArchbaseSecurityManager';
+import { UserDto } from '../SecurityDomain';
+export interface ArchbaseSecurityError {
+    code: string;
+    message: string;
+    details?: any;
+}
+export type ArchbasePermissionAction = string;
+export type ArchbasePermissionList = ArchbasePermissionAction[];
+export interface ArchbaseGlobalSecurityState {
+    user: UserDto | null;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    error: ArchbaseSecurityError | null;
+}
+export interface ArchbaseViewSecurityConfig {
+    resourceName: string;
+    resourceDescription: string;
+    requiredPermissions?: ArchbasePermissionList;
+    autoRegisterActions?: boolean;
+    strictMode?: boolean;
+}
+export interface ArchbaseProtectionConfig {
+    actionName?: ArchbasePermissionAction;
+    requiredPermissions?: ArchbasePermissionList;
+    requireAll?: boolean;
+    fallback?: ReactNode;
+    autoRegister?: boolean;
+}
+export type ArchbaseSecurityCallback = (manager: ArchbaseSecurityManager) => void;
+export type ArchbaseErrorCallback = (error: string) => void;
+export interface ArchbasePermissionCheckResult {
+    hasAccess: boolean;
+    missingPermissions?: ArchbasePermissionList;
+    reason?: string;
+}
+export declare enum ArchbaseFallbackType {
+    HIDDEN = "hidden",
+    DISABLED = "disabled",
+    MESSAGE = "message",
+    CUSTOM = "custom"
+}
+export interface ArchbaseAdvancedSecurityConfig extends ArchbaseViewSecurityConfig {
+    fallbackType?: ArchbaseFallbackType;
+    customFallback?: ReactNode;
+    onAccessDenied?: (missingPermissions: ArchbasePermissionList) => void;
+    onError?: ArchbaseErrorCallback;
+    debugMode?: boolean;
+}

package/dist/src/types/ContextualAuthentication.d.ts

@@ -0,0 +1,160 @@
+import { ArchbaseAccessToken } from '@archbase/core';
+/**
+ * Objeto de contexto com informações específicas da aplicação
+ */
+export interface ContextObject {
+    /** Tipo do contexto (WEB_ADMIN, STORE_APP, CUSTOMER_APP, etc.) */
+    type: string;
+    /** ID do admin/usuário no contexto específico */
+    adminId?: string;
+    /** ID da loja (para contexto STORE_APP) */
+    storeId?: string;
+    /** ID do cliente (para contexto CUSTOMER_APP) */
+    customerId?: string;
+    /** ID do motorista (para contexto DRIVER_APP) */
+    driverId?: string;
+    /** Nome do usuário no contexto */
+    name?: string;
+    /** Email do usuário no contexto */
+    email?: string;
+    /** Foto de perfil */
+    profilePicture?: string;
+    /** Nível de acesso (PLATFORM_ADMIN, STORE_ADMIN, etc.) */
+    accessLevel?: string;
+    /** Módulos disponíveis para o usuário */
+    availableModules?: string[];
+    /** Status do usuário no contexto */
+    status?: string;
+    /** Dados adicionais específicos do contexto */
+    [key: string]: any;
+}
+/**
+ * Usuário completo retornado pela autenticação contextual
+ */
+export interface ContextualUser {
+    id: {
+        identifier: string;
+    };
+    code?: string;
+    version?: number;
+    updateEntityDate?: string;
+    createEntityDate?: string;
+    createdByUser?: string;
+    lastModifiedByUser?: string;
+    name: string;
+    description?: string;
+    accessSchedule?: any;
+    userName: string;
+    password?: string;
+    changePasswordOnNextLogin?: boolean;
+    allowPasswordChange?: boolean;
+    allowMultipleLogins?: boolean;
+    passwordNeverExpires?: boolean;
+    accountDeactivated?: boolean;
+    accountLocked?: boolean;
+    unlimitedAccessHours?: boolean;
+    isAdministrator?: boolean;
+    groups?: any[];
+    profile?: any;
+    avatar?: string | null;
+    email: string;
+    nickname?: string;
+}
+/**
+ * Response de autenticação contextual que inclui dados específicos do contexto
+ */
+export interface ContextualAuthenticationResponse {
+    /** Token de acesso JWT */
+    access_token: string;
+    /** Token de refresh JWT */
+    refresh_token: string;
+    /** Timestamp absoluto de expiração */
+    expires_in: number;
+    /** ID token (UUID) */
+    id_token: string;
+    /** Tipo do token (BEARER) */
+    token_type: string;
+    /** Informações do usuário completas */
+    user: ContextualUser;
+    /** Contexto da aplicação com dados específicos */
+    context: ContextObject;
+}
+/**
+ * Request para login contextual
+ */
+export interface ContextualAuthenticationRequest {
+    /** Email do usuário */
+    email: string;
+    /** Senha do usuário */
+    password: string;
+    /** Tipo do contexto da aplicação (WEB_ADMIN, STORE_APP, CUSTOMER_APP, etc.) */
+    context?: string;
+    /** Dados adicionais do contexto em formato JSON string */
+    contextData?: string;
+}
+/**
+ * Request para login flexível (email ou telefone)
+ */
+export interface FlexibleLoginRequest {
+    /** Identificador (email ou telefone) */
+    identifier: string;
+    /** Senha do usuário */
+    password: string;
+    /** Tipo do contexto da aplicação */
+    context?: string;
+}
+/**
+ * Request para login social
+ */
+export interface SocialLoginRequest {
+    /** Provedor social (google, facebook, apple) */
+    provider: string;
+    /** Token do provedor */
+    token: string;
+    /** Tipo do contexto da aplicação */
+    context?: string;
+    /** Dados adicionais do usuário */
+    additionalData?: string;
+}
+/**
+ * Request para registro de usuário
+ */
+export interface RegisterUserRequest {
+    /** Nome do usuário */
+    name: string;
+    /** Email do usuário */
+    email: string;
+    /** Senha do usuário */
+    password: string;
+    /** Role do usuário */
+    role?: string;
+    /** Avatar do usuário */
+    avatar?: string;
+    /** Dados adicionais para lógica de negócio */
+    additionalData?: Record<string, any>;
+}
+/**
+ * Response para listar contextos suportados
+ */
+export interface SupportedContextsResponse {
+    /** Lista de contextos suportados */
+    supportedContexts: string[];
+    /** Contexto padrão */
+    defaultContext: string;
+}
+/**
+ * Response para validação de contexto
+ */
+export interface ContextValidationResponse {
+    /** Contexto validado */
+    context: string;
+    /** Se o contexto é suportado */
+    supported: boolean;
+}
+/**
+ * Token de acesso contextual que estende o token padrão
+ */
+export interface ContextualAccessToken extends ArchbaseAccessToken {
+    /** Contexto da aplicação */
+    context?: ContextObject;
+}