npm - @authms/core - Versions diffs - 0.1.0 - Mend

@authms/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/dist/index.d.mts +398 -0
package/dist/index.d.ts +398 -0
package/dist/index.js +1337 -0
package/dist/index.mjs +1294 -0
package/package.json +48 -0
package/src/__tests__/api-client.test.ts +314 -0
package/src/__tests__/auth-client.test.ts +412 -0
package/src/__tests__/discovery.test.ts +129 -0
package/src/__tests__/password-transmission.test.ts +131 -0
package/src/__tests__/sync.test.ts +85 -0
package/src/__tests__/token-manager.test.ts +104 -0
package/src/api-client.ts +203 -0
package/src/auth-client.ts +368 -0
package/src/authms.ts +244 -0
package/src/binding.ts +126 -0
package/src/crypto/index.ts +6 -0
package/src/crypto/password-transmission.ts +198 -0
package/src/crypto/pow-solver.ts +41 -0
package/src/discovery.ts +77 -0
package/src/errors.ts +44 -0
package/src/index.ts +39 -0
package/src/platform/browser.ts +23 -0
package/src/platform/index.ts +3 -0
package/src/platform/memory.ts +19 -0
package/src/platform/types.ts +21 -0
package/src/plugin.ts +8 -0
package/src/sync.ts +51 -0
package/src/token-manager.ts +140 -0
package/src/types.ts +113 -0

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,398 @@
+interface StorageAdapter {
+    getItem(key: string): string | null | Promise<string | null>;
+    setItem(key: string, value: string): void | Promise<void>;
+    removeItem(key: string): void | Promise<void>;
+    keys?(): string[] | Promise<string[]>;
+}
+interface HttpAdapter {
+    request(input: string, init?: RequestInit): Promise<Response>;
+}
+interface CryptoAdapter {
+    generateCodeChallenge(verifier: string): Promise<string>;
+    generateRandomString(length: number): string;
+}
+interface AuthmsPlatform {
+    storage: StorageAdapter;
+    http: HttpAdapter;
+    crypto?: CryptoAdapter;
+}
+interface User {
+    id: string;
+    username?: string;
+    email?: string;
+    phone?: string;
+    status?: string;
+    avatar?: string;
+    [key: string]: unknown;
+}
+interface AuthResult {
+    user: User;
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    tokenType: string;
+}
+interface LoginRequest {
+    email?: string;
+    phone?: string;
+    username?: string;
+    password: string;
+    tenantId?: string;
+    captchaToken?: string;
+    captchaProvider?: string;
+    captchaChallengeId?: string;
+}
+interface RegisterRequest {
+    email?: string;
+    phone?: string;
+    username?: string;
+    password: string;
+    tenantId?: string;
+    name?: string;
+}
+interface OAuthOptions {
+    provider: string;
+    redirectUri?: string;
+}
+interface TokenClaims {
+    sub?: string;
+    user_id?: string;
+    tenant_id?: string;
+    exp?: number;
+    iat?: number;
+    session_id?: string;
+    type?: string;
+    role?: string;
+    [key: string]: unknown;
+}
+type AuthmsEvent = 'READY' | 'USER_CHANGED' | 'TOKEN_CHANGED' | 'NOT_AUTHENTICATED' | 'LOGGED_OUT' | 'SECURITY_ALERT';
+interface SecurityAlert {
+    reason: 'token_reuse' | 'suspicious_activity' | 'session_revoked';
+    message: string;
+}
+interface PasswordPolicyConfig {
+    mode: string;
+    minLength: number;
+    maxLength?: number;
+    requireUpper: boolean;
+    requireLower?: boolean;
+    requireDigit?: boolean;
+    requireSpecial?: boolean;
+    tenantId: string;
+    publicKey: string;
+}
+interface BrandingInfo {
+    logoUrl?: string;
+    primaryColor?: string;
+    companyName?: string;
+    loginPageTitle?: string;
+}
+interface TenantAuthConfig {
+    tenantId: string;
+    tenantName: string;
+    displayName: string;
+    membershipApproval: string;
+    loginMethods: string[];
+    oauthProviders: string[];
+    passwordPolicy: PasswordPolicyConfig;
+    captchaEnabled: boolean;
+    captchaProvider: string;
+    silentChallengeEnabled: boolean;
+    transmissionPublicKey: string;
+    oauthClientId: string;
+    passkeyEnabled: boolean;
+    magicLinkEnabled: boolean;
+    branding: BrandingInfo | null;
+}
+declare const ERROR_CODES: {
+    readonly CAPTCHA_REQUIRED: "CAPTCHA_REQUIRED";
+    readonly INVALID_CAPTCHA: "INVALID_CAPTCHA";
+    readonly TOKEN_REUSE: "TOKEN_REUSE";
+    readonly SESSION_EXPIRED: "SESSION_EXPIRED";
+    readonly REFRESH_FAILED: "REFRESH_FAILED";
+    readonly NOT_AUTHENTICATED: "NOT_AUTHENTICATED";
+};
+declare class TokenManager {
+    private storage;
+    private prefix;
+    private store;
+    private changeListeners;
+    constructor(storage: StorageAdapter, prefix?: string);
+    private initialStore;
+    private storageKey;
+    load(): Promise<void>;
+    persist(): Promise<void>;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    getUser(): Record<string, unknown> | null;
+    getTenantId(): string | null;
+    getExpiresAt(): number | null;
+    isAuthenticated(): boolean;
+    setTokens(accessToken: string, refreshToken: string, expiresIn: number): void;
+    setUser(user: Record<string, unknown>): void;
+    setTenantId(tenantId: string | null): void;
+    clear(): void;
+    onTokenChange(listener: (token: string | null) => void): () => void;
+    private notifyListeners;
+    decodeToken(token: string): TokenClaims | null;
+    isTokenExpired(token: string): boolean;
+    getTokenRemainingTime(token: string): number;
+}
+interface ApiClientConfig {
+    baseUrl: string;
+    tokenManager: TokenManager;
+    http: HttpAdapter;
+    refreshTokenFn: () => Promise<void>;
+    onForceLogout?: () => void;
+}
+declare class ApiClient {
+    private baseUrl;
+    private tokenManager;
+    private http;
+    private refreshTokenFn;
+    private onForceLogout?;
+    private refreshPromise;
+    private redirectingToLogin;
+    constructor(config: ApiClientConfig);
+    get<T>(path: string, params?: Record<string, unknown>): Promise<T>;
+    post<T>(path: string, data?: unknown): Promise<T>;
+    put<T>(path: string, data?: unknown): Promise<T>;
+    delete<T>(path: string, params?: Record<string, unknown>): Promise<T>;
+    private buildUrl;
+    private request;
+    private handle401;
+    private handleResponse;
+    private handleErrorResponse;
+}
+interface AuthmsPlugin {
+    name: string;
+    version: string;
+    install(core: AuthMS): void | Promise<void>;
+    uninstall?(): void | Promise<void>;
+}
+interface AuthmsConfig {
+    appId: string;
+    issuer: string;
+    apiUrl?: string;
+    /** @deprecated 使用 issuer + apiUrl */
+    authUrl?: string;
+    platform: AuthmsPlatform;
+    storagePrefix?: string;
+    syncTabs?: boolean;
+}
+type EventHandler = (...args: unknown[]) => void;
+declare class AuthMS {
+    private config;
+    tokenManager: TokenManager;
+    api: ApiClient;
+    private authClient;
+    private discovery;
+    private tabSync;
+    private eventHandlers;
+    private _ready;
+    private _userCache;
+    private _authConfig;
+    constructor(config: AuthmsConfig);
+    initialize(): Promise<void>;
+    isReady(): boolean;
+    get user(): User | null;
+    get authConfig(): Record<string, unknown> | null;
+    fetchAuthConfig(tenantId?: string): Promise<Record<string, unknown>>;
+    getAccessToken(): Promise<string | null>;
+    getRefreshToken(): string | null;
+    isAuthenticated(): boolean;
+    login(credentials: LoginRequest): Promise<AuthResult>;
+    loginWithOAuth(options: OAuthOptions): Promise<void>;
+    handleOAuthCallback(url: string): Promise<AuthResult>;
+    register(data: RegisterRequest): Promise<AuthResult>;
+    logout(): Promise<void>;
+    getProfile(): Promise<Record<string, unknown> | null>;
+    setTenantId(tenantId: string | null): void;
+    getTenantId(): string | null;
+    use(plugin: AuthmsPlugin): void;
+    on(event: AuthmsEvent, handler: EventHandler): () => void;
+    emit(event: AuthmsEvent, ...args: unknown[]): void;
+    dispose(): void;
+}
+/**
+ * createPlatformBinding — 共享的 Core 绑定逻辑
+ *
+ * 用于各框架适配器，消除重复的 AuthMS 初始化/状态管理/事件订阅代码。
+ * 适配器只需将此 binding 包装成框架特定的组件/hook。
+ */
+interface BindingConfig {
+    appId: string;
+    issuer: string;
+    apiUrl?: string;
+    platform?: AuthmsPlatform;
+    storagePrefix?: string;
+    syncTabs?: boolean;
+}
+interface PlatformBinding {
+    authms: AuthMS;
+    /** 获取当前用户（由适配器调用） */
+    getUser(): Record<string, unknown> | null;
+    /** 获取 auth config（由适配器调用） */
+    getAuthConfig(): Record<string, unknown> | null;
+    /** 是否已就绪 */
+    isReady(): boolean;
+    /** 是否已认证 */
+    isAuthenticated(): boolean;
+    /** 注册状态变更回调，返回取消订阅函数 */
+    onChange(handler: () => void): () => void;
+    /** 登录 */
+    login(credentials: LoginRequest): Promise<AuthResult>;
+    /** OAuth 登录 */
+    loginWithOAuth(options: OAuthOptions): Promise<void>;
+    /** 注册 */
+    register(data: LoginRequest): Promise<AuthResult>;
+    /** 登出 */
+    logout(): Promise<void>;
+    /** 获取 access token */
+    getAccessToken(): Promise<string | null>;
+    /** 切换租户 */
+    setTenantId(tenantId: string | null): void;
+    /** 获取当前租户 */
+    getTenantId(): string | null;
+    /** 销毁 */
+    dispose(): void;
+}
+declare function createPlatformBinding(config: BindingConfig): PlatformBinding;
+/**
+ * 密码传输安全模块
+ *
+ * 移植自 web/packages/shared/src/utils/password-transmission.ts
+ * 根据租户 password_transmission 策略在前端对密码进行预处理：
+ *   plain      — 不做处理，原始密码传输
+ *   hash       — SHA-256(password + tenantId)
+ *   symmetric  — ECDH 密钥交换 + AES-256-GCM
+ *   asymmetric — RSA-OAEP 公钥加密
+ */
+interface TransmissionResult {
+    password: string;
+    passwordTransmission: string;
+    clientNonce?: string;
+    keyExchangeId?: string;
+    clientPubKey?: string;
+}
+interface KeyExchangeResult {
+    serverPubKey: string;
+    keyExchangeId: string;
+}
+type KeyExchangeFn = () => Promise<KeyExchangeResult>;
+/**
+ * 根据传输模式预处理密码。
+ */
+declare function processPasswordForTransmission(rawPassword: string, policy: PasswordPolicyConfig, keyExchangeFn?: KeyExchangeFn): Promise<TransmissionResult>;
+interface AuthClientConfig {
+    tokenManager: TokenManager;
+    http: AuthmsPlatform['http'];
+    baseUrl: string;
+    keyExchangeFn?: KeyExchangeFn;
+}
+declare class AuthClient {
+    private tokenManager;
+    private http;
+    private baseUrl;
+    private keyExchangeFn?;
+    private configCache;
+    constructor(config: AuthClientConfig);
+    fetchAuthConfig(tenantId?: string): Promise<TenantAuthConfig>;
+    clearConfigCache(): void;
+    login(credentials: LoginRequest): Promise<AuthResult>;
+    register(data: RegisterRequest): Promise<AuthResult>;
+    changePassword(currentPassword: string, newPassword: string): Promise<void>;
+    loginWithOAuth(options: OAuthOptions): Promise<void>;
+    handleOAuthCallback(url: string): Promise<AuthResult>;
+    refreshToken(): Promise<void>;
+    logout(): Promise<void>;
+    getProfile(): Promise<Record<string, unknown> | null>;
+    private buildLoginBody;
+    private solveCaptchaChallenge;
+    private handleAuthResponse;
+}
+interface OIDCDiscoveryMetadata {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    userinfo_endpoint?: string;
+    jwks_uri: string;
+    end_session_endpoint?: string;
+    scopes_supported?: string[];
+    response_types_supported: string[];
+    grant_types_supported?: string[];
+    token_endpoint_auth_methods_supported?: string[];
+    [key: string]: unknown;
+}
+declare class Discovery {
+    private http;
+    private metadata;
+    private discoveryBaseUrl;
+    /**
+     * @param http HTTP adapter
+     * @param discoveryBaseUrl discovery 请求使用的基础 URL（proxy 模式用 apiUrl，否则留空用 issuer）
+     */
+    constructor(http: HttpAdapter, discoveryBaseUrl?: string);
+    discover(issuer: string): Promise<OIDCDiscoveryMetadata>;
+    getAuthorizationEndpoint(): string | null;
+    getTokenEndpoint(): string | null;
+    getEndSessionEndpoint(): string | null;
+    getJWKSUri(): string | null;
+    getMetadata(): OIDCDiscoveryMetadata | null;
+}
+type MessageType = 'LOGOUT' | 'TOKEN_REFRESHED' | 'LOGIN';
+declare class TabSync {
+    private channel;
+    private onLogout;
+    private onTokenChange;
+    constructor(onLogout: () => void, onTokenChange: () => void);
+    listen(): void;
+    broadcast(type: MessageType): void;
+    close(): void;
+}
+declare const browserPlatform: AuthmsPlatform;
+declare function memoryPlatform(): AuthmsPlatform;
+declare function solveProofOfWork(challenge: string, difficulty?: number, timeoutMs?: number): Promise<string>;
+declare class AuthmsError extends Error {
+    code: string;
+    status: number;
+    detail?: string;
+    constructor(code: string, message: string, status: number, detail?: string);
+}
+declare class AuthmsAuthError extends AuthmsError {
+    constructor(code: string, message: string, status: number);
+}
+declare class AuthmsNetworkError extends AuthmsError {
+    constructor(message: string);
+}
+declare class AuthmsApiError extends AuthmsError {
+    violations?: Array<{
+        field: string;
+        message: string;
+    }>;
+    constructor(code: string, message: string, status: number, violations?: Array<{
+        field: string;
+        message: string;
+    }>);
+}
+declare class AuthmsConfigError extends AuthmsError {
+    constructor(message: string);
+}
+export { ApiClient, AuthClient, AuthMS, type AuthResult, AuthmsApiError, AuthmsAuthError, type AuthmsConfig, AuthmsConfigError, AuthmsError, type AuthmsEvent, AuthmsNetworkError, type AuthmsPlatform, type AuthmsPlugin, type BindingConfig, type BrandingInfo, type CryptoAdapter, Discovery, ERROR_CODES, type HttpAdapter, type KeyExchangeFn, type LoginRequest, type OAuthOptions, type PasswordPolicyConfig, type PlatformBinding, type RegisterRequest, type SecurityAlert, type StorageAdapter, TabSync, type TenantAuthConfig, type TokenClaims, TokenManager, type TransmissionResult, type User, browserPlatform, createPlatformBinding, memoryPlatform, processPasswordForTransmission, solveProofOfWork };