npm - @artatol-acp/auth-nextjs - Versions diffs - 0.1.0 - Mend

@artatol-acp/auth-nextjs 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,214 @@
+# @artatol-acp/auth-nextjs
+Next.js SDK for Artatol Cloud Platform Authentication with support for App Router, Server Actions, and Middleware.
+## Installation
+```bash
+npm install @artatol-acp/auth-nextjs
+# or
+pnpm add @artatol-acp/auth-nextjs
+```
+## Setup
+### 1. Initialize Server-side
+Create `lib/auth.ts`:
+```typescript
+import { initACPAuth } from '@artatol-acp/auth-nextjs/server';
+import { readFileSync } from 'fs';
+const publicKey = readFileSync('./keys/public.pem', 'utf-8');
+export const auth = initACPAuth({
+  baseUrl: process.env.ACP_AUTH_URL || 'https://sso.artatol.com',
+  jwtPublicKey: publicKey,
+});
+```
+### 2. Add Middleware (Optional)
+Create `middleware.ts`:
+```typescript
+import { createACPAuthMiddleware } from '@artatol-acp/auth-nextjs/middleware';
+import { readFileSync } from 'fs';
+const publicKey = readFileSync('./keys/public.pem', 'utf-8');
+export const middleware = createACPAuthMiddleware({
+  jwtPublicKey: publicKey,
+  publicPaths: ['/login', '/register', '/forgot-password'],
+  loginPath: '/login',
+});
+export const config = {
+  matcher: ['/((?!api|_next/static|_next/image|favicon.ico).*)'],
+};
+```
+### 3. Add Client Provider (Optional)
+In your root layout (`app/layout.tsx`):
+```typescript
+import { ACPAuthProvider } from '@artatol-acp/auth-nextjs/client';
+export default function RootLayout({ children }) {
+  return (
+    <html>
+      <body>
+        <ACPAuthProvider baseUrl={process.env.NEXT_PUBLIC_ACP_AUTH_URL}>
+          {children}
+        </ACPAuthProvider>
+      </body>
+    </html>
+  );
+}
+```
+## Usage
+### Server Components
+```typescript
+import { getUser } from '@artatol-acp/auth-nextjs/server';
+export default async function ProfilePage() {
+  const user = await getUser();
+  if (!user) {
+    return <div>Not logged in</div>;
+  }
+  return (
+    <div>
+      <h1>Welcome {user.email}</h1>
+    </div>
+  );
+}
+```
+### Server Actions
+```typescript
+'use server';
+import { login, register, logout } from '@artatol-acp/auth-nextjs/server';
+import { redirect } from 'next/navigation';
+export async function loginAction(formData: FormData) {
+  const email = formData.get('email') as string;
+  const password = formData.get('password') as string;
+  const result = await login(email, password);
+  if ('requiresTwoFactor' in result) {
+    // Handle 2FA
+    return { requires2FA: true, tempToken: result.tempToken };
+  }
+  redirect('/dashboard');
+}
+export async function registerAction(formData: FormData) {
+  const email = formData.get('email') as string;
+  const password = formData.get('password') as string;
+  await register(email, password);
+  redirect('/login');
+}
+export async function logoutAction() {
+  await logout();
+  redirect('/login');
+}
+```
+### Client Components
+```typescript
+'use client';
+import { useAuth } from '@artatol-acp/auth-nextjs/client';
+export function LoginForm() {
+  const { login, user, isLoading } = useAuth();
+  const handleSubmit = async (e: React.FormEvent<HTMLFormElement>) => {
+    e.preventDefault();
+    const formData = new FormData(e.currentTarget);
+    try {
+      await login(
+        formData.get('email') as string,
+        formData.get('password') as string
+      );
+    } catch (error) {
+      console.error('Login failed:', error);
+    }
+  };
+  if (isLoading) return <div>Loading...</div>;
+  if (user) return <div>Welcome {user.email}</div>;
+  return (
+    <form onSubmit={handleSubmit}>
+      <input name="email" type="email" required />
+      <input name="password" type="password" required />
+      <button type="submit">Login</button>
+    </form>
+  );
+}
+```
+### API Routes
+```typescript
+import { ACPAuthClient } from '@artatol-acp/auth-nextjs/server';
+const client = new ACPAuthClient({
+  baseUrl: process.env.ACP_AUTH_URL!,
+});
+export async function POST(request: Request) {
+  const { email, password } = await request.json();
+  const result = await client.login({ email, password });
+  return Response.json(result);
+}
+```
+## Environment Variables
+```env
+ACP_AUTH_URL=https://sso.artatol.com
+NEXT_PUBLIC_ACP_AUTH_URL=https://sso.artatol.com
+```
+## API Reference
+### Server Functions
+- `initACPAuth(options)` - Initialize the auth client
+- `getUser()` - Get current user from access token
+- `verifyAccessToken(token)` - Verify and decode access token
+- `refreshAccessToken()` - Refresh access token using refresh token cookie
+- `login(email, password)` - Login user
+- `logout()` - Logout user
+- `register(email, password)` - Register new user
+### Client Hooks
+- `useAuth()` - Access auth context (user, isLoading, login, logout, refresh)
+### Middleware
+- `createACPAuthMiddleware(options)` - Create middleware for route protection
+## License
+MIT

package/dist/client/index.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import type { User } from '@artatol-acp/auth-js';
+import { type ReactNode } from 'react';
+export type ACPAuthContextValue = {
+    user: User | null;
+    isLoading: boolean;
+    login: (email: string, password: string) => Promise<void>;
+    logout: () => Promise<void>;
+    refresh: () => Promise<void>;
+};
+export type ACPAuthProviderProps = {
+    children: ReactNode;
+    baseUrl: string;
+};
+export declare function ACPAuthProvider({ children, baseUrl }: ACPAuthProviderProps): import("react/jsx-runtime").JSX.Element;
+export declare function useAuth(): ACPAuthContextValue;
+export { ACPAuthClient } from '@artatol-acp/auth-js';
+export type * from '@artatol-acp/auth-js';

package/dist/client/index.jsx ADDED Viewed

@@ -0,0 +1,49 @@
+/** @jsxImportSource react */
+'use client';
+import { ACPAuthClient } from '@artatol-acp/auth-js';
+import { createContext, useContext, useState, useEffect } from 'react';
+const ACPAuthContext = createContext(null);
+export function ACPAuthProvider({ children, baseUrl }) {
+    const [user, setUser] = useState(null);
+    const [isLoading, setIsLoading] = useState(true);
+    const [client] = useState(() => new ACPAuthClient({ baseUrl }));
+    const refresh = async () => {
+        try {
+            await client.refresh();
+            // After refresh, we need to verify the new token
+            // This would require a server action or API route
+            // For now, we'll just mark as authenticated
+        }
+        catch (error) {
+            setUser(null);
+        }
+    };
+    const login = async (email, password) => {
+        const result = await client.login({ email, password });
+        if ('requiresTwoFactor' in result) {
+            throw new Error('2FA_REQUIRED');
+        }
+        // User logged in successfully
+        setUser(result.user);
+    };
+    const logout = async () => {
+        await client.logout();
+        setUser(null);
+    };
+    useEffect(() => {
+        // Try to restore session on mount
+        refresh().finally(() => setIsLoading(false));
+    }, []);
+    return (<ACPAuthContext.Provider value={{ user, isLoading, login, logout, refresh }}>
+      {children}
+    </ACPAuthContext.Provider>);
+}
+export function useAuth() {
+    const context = useContext(ACPAuthContext);
+    if (!context) {
+        throw new Error('useAuth must be used within ACPAuthProvider');
+    }
+    return context;
+}
+// Re-export client for direct use
+export { ACPAuthClient } from '@artatol-acp/auth-js';

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './server/index.js';
+export * from './client/index.js';
+export * from './middleware.js';

package/dist/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './server/index.js';
+export * from './client/index.js';
+export * from './middleware.js';

package/dist/middleware.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { NextRequest, NextResponse } from 'next/server';
+export type ACPAuthMiddlewareOptions = {
+    jwtPublicKey: string;
+    publicPaths?: string[];
+    loginPath?: string;
+};
+export declare function createACPAuthMiddleware(options: ACPAuthMiddlewareOptions): (request: NextRequest) => Promise<NextResponse<unknown>>;

package/dist/middleware.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { NextResponse } from 'next/server';
+import { jwtVerify, importSPKI } from 'jose';
+let publicKey = null;
+export function createACPAuthMiddleware(options) {
+    const { jwtPublicKey, publicPaths = ['/login', '/register', '/forgot-password', '/reset-password'], loginPath = '/login', } = options;
+    return async function acpAuthMiddleware(request) {
+        const { pathname } = request.nextUrl;
+        // Allow public paths
+        if (publicPaths.some(path => pathname.startsWith(path))) {
+            return NextResponse.next();
+        }
+        // Check for access token
+        const accessToken = request.cookies.get('access_token')?.value;
+        if (!accessToken) {
+            // Redirect to login
+            const url = request.nextUrl.clone();
+            url.pathname = loginPath;
+            url.searchParams.set('from', pathname);
+            return NextResponse.redirect(url);
+        }
+        // Verify access token
+        try {
+            if (!publicKey) {
+                publicKey = await importSPKI(jwtPublicKey, 'EdDSA');
+            }
+            await jwtVerify(accessToken, publicKey, {
+                algorithms: ['EdDSA'],
+            });
+            return NextResponse.next();
+        }
+        catch (error) {
+            // Token invalid, try to refresh
+            // For now, redirect to login
+            const url = request.nextUrl.clone();
+            url.pathname = loginPath;
+            url.searchParams.set('from', pathname);
+            return NextResponse.redirect(url);
+        }
+    };
+}

package/dist/server/index.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { ACPAuthClient, type User, type LoginResult } from '@artatol-acp/auth-js';
+export type ACPAuthServerOptions = {
+    baseUrl: string;
+    jwtPublicKey: string;
+};
+export declare function initACPAuth(options: ACPAuthServerOptions): ACPAuthClient;
+export declare function verifyAccessToken(token: string): Promise<User>;
+export declare function getUser(): Promise<User | null>;
+export declare function refreshAccessToken(): Promise<string | null>;
+export declare function login(email: string, password: string): Promise<LoginResult>;
+export declare function logout(): Promise<void>;
+export declare function register(email: string, password: string): Promise<User>;
+export { ACPAuthClient } from '@artatol-acp/auth-js';
+export type * from '@artatol-acp/auth-js';

package/dist/server/index.js ADDED Viewed

@@ -0,0 +1,107 @@
+import { cookies } from 'next/headers';
+import { ACPAuthClient } from '@artatol-acp/auth-js';
+import { jwtVerify, importSPKI } from 'jose';
+let authClient = null;
+let publicKey = null;
+let config = null;
+export function initACPAuth(options) {
+    config = options;
+    authClient = new ACPAuthClient({ baseUrl: options.baseUrl });
+    return authClient;
+}
+async function getPublicKey() {
+    if (!config) {
+        throw new Error('ACP Auth not initialized. Call initACPAuth() first.');
+    }
+    if (!publicKey) {
+        publicKey = await importSPKI(config.jwtPublicKey, 'EdDSA');
+    }
+    return publicKey;
+}
+function getClient() {
+    if (!authClient) {
+        throw new Error('ACP Auth not initialized. Call initACPAuth() first.');
+    }
+    return authClient;
+}
+export async function verifyAccessToken(token) {
+    const key = await getPublicKey();
+    try {
+        const { payload } = await jwtVerify(token, key, {
+            algorithms: ['EdDSA'],
+        });
+        return {
+            id: payload.authUserId,
+            email: payload.email,
+        };
+    }
+    catch (error) {
+        throw new Error('Invalid access token');
+    }
+}
+export async function getUser() {
+    const cookieStore = await cookies();
+    const accessToken = cookieStore.get('access_token')?.value;
+    if (!accessToken) {
+        return null;
+    }
+    try {
+        return await verifyAccessToken(accessToken);
+    }
+    catch {
+        return null;
+    }
+}
+export async function refreshAccessToken() {
+    const client = getClient();
+    try {
+        const { accessToken } = await client.refresh();
+        // Set new access token cookie
+        const cookieStore = await cookies();
+        cookieStore.set('access_token', accessToken, {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            sameSite: 'lax',
+            maxAge: 60 * 5, // 5 minutes
+            path: '/',
+        });
+        return accessToken;
+    }
+    catch {
+        return null;
+    }
+}
+export async function login(email, password) {
+    const client = getClient();
+    const result = await client.login({ email, password });
+    if ('accessToken' in result) {
+        // Set access token cookie
+        const cookieStore = await cookies();
+        cookieStore.set('access_token', result.accessToken, {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            sameSite: 'lax',
+            maxAge: 60 * 5, // 5 minutes
+            path: '/',
+        });
+    }
+    return result;
+}
+export async function logout() {
+    const client = getClient();
+    try {
+        await client.logout();
+    }
+    finally {
+        // Clear cookies
+        const cookieStore = await cookies();
+        cookieStore.delete('access_token');
+        cookieStore.delete('refresh_token');
+    }
+}
+export async function register(email, password) {
+    const client = getClient();
+    return await client.register({ email, password });
+}
+// Re-export client for direct use if needed
+export { ACPAuthClient } from '@artatol-acp/auth-js';

package/package.json ADDED Viewed

@@ -0,0 +1,65 @@
+{
+  "name": "@artatol-acp/auth-nextjs",
+  "version": "0.1.0",
+  "description": "Next.js SDK for Artatol Cloud Platform Authentication",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./server": {
+      "import": "./dist/server/index.js",
+      "types": "./dist/server/index.d.ts"
+    },
+    "./client": {
+      "import": "./dist/client/index.js",
+      "types": "./dist/client/index.d.ts"
+    },
+    "./middleware": {
+      "import": "./dist/middleware.js",
+      "types": "./dist/middleware.d.ts"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "typecheck": "tsc --noEmit"
+  },
+  "keywords": [
+    "acp",
+    "auth",
+    "authentication",
+    "artatol",
+    "jwt",
+    "2fa",
+    "nextjs",
+    "next.js"
+  ],
+  "author": "Artatol",
+  "license": "MIT",
+  "dependencies": {
+    "@artatol-acp/auth-js": "workspace:*",
+    "jose": "^6.1.3"
+  },
+  "peerDependencies": {
+    "next": ">=15.0.0",
+    "react": ">=18.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^24.10.1",
+    "@types/react": "^18.3.18",
+    "next": "^15.1.6",
+    "react": "^18.3.1",
+    "typescript": "^5.7.2"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}