@artatol-acp/auth-nextjs 0.1.1 → 0.2.0

package/README.md

@@ -10,6 +10,19 @@ npm install @artatol-acp/auth-nextjs
 pnpm add @artatol-acp/auth-nextjs
 ```
 
+## Prerequisites
+
+Before using this SDK, you need to obtain from the ACP AUTH service:
+
+1. **API Key** (required) - Contact your system administrator
+2. **Base URL** (required) - The auth service URL (e.g., `https://sso.artatol.net`)
+3. **JWT Public Key** (optional) - Only needed for local JWT verification with `getUser()`. Download it from:
+   ```bash
+   curl https://sso.artatol.net/public-key > public.pem
+   ```
+
+   **Note:** Without the public key, you can still use all auth operations (login, register, logout, 2FA, password reset, etc.), but you must use the `me()` function instead of `getUser()` for user verification, which makes an API call to the auth service.
+
 ## Setup
 
 ### 1. Initialize Server-side
@@ -24,6 +37,7 @@ const publicKey = readFileSync('./keys/public.pem', 'utf-8');
 
 export const auth = initACPAuth({
   baseUrl: process.env.ACP_AUTH_URL || 'https://sso.artatol.com',
+  apiKey: process.env.ACP_AUTH_API_KEY!,
   jwtPublicKey: publicKey,
 });
 ```
@@ -118,7 +132,8 @@ export async function registerAction(formData: FormData) {
   const password = formData.get('password') as string;
 
   await register(email, password);
-  redirect('/login');
+  // User will receive verification email
+  redirect('/check-email');
 }
 
 export async function logoutAction() {
@@ -171,6 +186,7 @@ import { ACPAuthClient } from '@artatol-acp/auth-nextjs/server';
 
 const client = new ACPAuthClient({
   baseUrl: process.env.ACP_AUTH_URL!,
+  apiKey: process.env.ACP_AUTH_API_KEY!,
 });
 
 export async function POST(request: Request) {
@@ -182,10 +198,125 @@ export async function POST(request: Request) {
 }
 ```
 
+## Password Requirements
+
+Passwords must meet the following requirements:
+- Minimum 10 characters
+- At least one lowercase letter (a-z)
+- At least one uppercase letter (A-Z)
+- At least one number (0-9)
+
+```typescript
+// Example validation on the client side
+function validatePassword(password: string): string[] {
+  const errors: string[] = [];
+
+  if (password.length < 10) {
+    errors.push('Password must be at least 10 characters');
+  }
+  if (!/[a-z]/.test(password)) {
+    errors.push('Password must contain at least one lowercase letter');
+  }
+  if (!/[A-Z]/.test(password)) {
+    errors.push('Password must contain at least one uppercase letter');
+  }
+  if (!/[0-9]/.test(password)) {
+    errors.push('Password must contain at least one number');
+  }
+
+  return errors;
+}
+```
+
+## Email Verification
+
+After registration, users must verify their email address before they can log in. The auth service automatically sends a verification email upon registration.
+
+### Verification Flow
+
+1. User registers → receives verification email
+2. User clicks link in email → email is verified
+3. User can now log in
+
+### Server Actions
+
+```typescript
+'use server';
+
+import { verifyEmail, resendVerificationEmail } from '@artatol-acp/auth-nextjs/server';
+import { redirect } from 'next/navigation';
+
+export async function verifyEmailAction(token: string) {
+  try {
+    await verifyEmail(token);
+    redirect('/login?verified=true');
+  } catch (error) {
+    redirect('/verification-error');
+  }
+}
+
+export async function resendVerificationAction(email: string) {
+  await resendVerificationEmail(email);
+  // Always succeeds to prevent email enumeration
+  return { message: 'If the email exists, a verification link has been sent' };
+}
+```
+
+### Client Component Example
+
+```typescript
+'use client';
+
+import { useAuth } from '@artatol-acp/auth-nextjs/client';
+
+export function ResendVerificationButton({ email }: { email: string }) {
+  const { resendVerification } = useAuth();
+  const [sent, setSent] = useState(false);
+
+  const handleResend = async () => {
+    await resendVerification(email);
+    setSent(true);
+  };
+
+  return (
+    <button onClick={handleResend} disabled={sent}>
+      {sent ? 'Email Sent' : 'Resend Verification Email'}
+    </button>
+  );
+}
+```
+
+### Handling Unverified Users
+
+When an unverified user tries to log in, they will receive an error:
+
+```typescript
+export async function loginAction(formData: FormData) {
+  const email = formData.get('email') as string;
+  const password = formData.get('password') as string;
+
+  try {
+    const result = await login(email, password);
+
+    if ('requiresTwoFactor' in result) {
+      return { requires2FA: true, tempToken: result.tempToken };
+    }
+
+    redirect('/dashboard');
+  } catch (error: any) {
+    if (error.message?.includes('Email not verified')) {
+      return { error: 'Please verify your email before logging in' };
+    }
+    throw error;
+  }
+}
+```
+
 ## Environment Variables
 
 ```env
 ACP_AUTH_URL=https://sso.artatol.com
+ACP_AUTH_API_KEY=your-api-key-here
 NEXT_PUBLIC_ACP_AUTH_URL=https://sso.artatol.com
 ```
 
@@ -200,7 +331,9 @@ NEXT_PUBLIC_ACP_AUTH_URL=https://sso.artatol.com
 - `refreshAccessToken()` - Refresh access token using refresh token cookie
 - `login(email, password)` - Login user
 - `logout()` - Logout user
-- `register(email, password)` - Register new user
+- `register(email, password)` - Register new user (sends verification email)
+- `verifyEmail(token)` - Verify user's email address
+- `resendVerificationEmail(email)` - Resend verification email
 
 ### Client Hooks
 

package/dist/client/index.jsx

@@ -6,7 +6,7 @@ const ACPAuthContext = createContext(null);
 export function ACPAuthProvider({ children, baseUrl }) {
     const [user, setUser] = useState(null);
     const [isLoading, setIsLoading] = useState(true);
-    const [client] = useState(() => new ACPAuthClient({ baseUrl }));
+    const [client] = useState(() => new ACPAuthClient({ baseUrl, apiKey: '' }));
     const refresh = async () => {
         try {
             await client.refresh();

package/dist/server/index.d.ts

@@ -1,6 +1,7 @@
 import { ACPAuthClient, type User, type LoginResult } from '@artatol-acp/auth-js';
 export type ACPAuthServerOptions = {
     baseUrl: string;
+    apiKey: string;
     jwtPublicKey: string;
 };
 export declare function initACPAuth(options: ACPAuthServerOptions): ACPAuthClient;

package/dist/server/index.js

@@ -6,7 +6,10 @@ let publicKey = null;
 let config = null;
 export function initACPAuth(options) {
     config = options;
-    authClient = new ACPAuthClient({ baseUrl: options.baseUrl });
+    authClient = new ACPAuthClient({
+        baseUrl: options.baseUrl,
+        apiKey: options.apiKey,
+    });
     return authClient;
 }
 async function getPublicKey() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@artatol-acp/auth-nextjs",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Next.js SDK for Artatol Cloud Platform Authentication",
   "type": "module",
   "main": "./dist/index.js",
@@ -27,11 +27,6 @@
   "files": [
     "dist"
   ],
-  "scripts": {
-    "build": "tsc",
-    "dev": "tsc --watch",
-    "typecheck": "tsc --noEmit"
-  },
   "keywords": [
     "acp",
     "auth",
@@ -45,8 +40,8 @@
   "author": "Artatol",
   "license": "MIT",
   "dependencies": {
-    "@artatol-acp/auth-js": "workspace:*",
-    "jose": "^6.1.3"
+    "jose": "^6.1.3",
+    "@artatol-acp/auth-js": "0.2.0"
   },
   "peerDependencies": {
     "next": ">=15.0.0",
@@ -61,5 +56,10 @@
   },
   "publishConfig": {
     "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "typecheck": "tsc --noEmit"
   }
-}
+}