@authms/core 0.1.0

package/src/__tests__/sync.test.ts

@@ -0,0 +1,85 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { TabSync } from '../sync';
+
+class MockBroadcastChannel {
+  name: string;
+  onmessage: ((event: any) => void) | null = null;
+  private static channels: Map<string, MockBroadcastChannel> = new Map();
+  constructor(name: string) { this.name = name; MockBroadcastChannel.channels.set(name, this); }
+  postMessage(data: any) {
+    MockBroadcastChannel.channels.forEach((ch, key) => {
+      if (key === this.name && ch.onmessage) ch.onmessage({ data });
+    });
+  }
+  close() { MockBroadcastChannel.channels.delete(this.name); }
+}
+
+(globalThis as any).BroadcastChannel = MockBroadcastChannel;
+
+describe('TabSync', () => {
+  beforeEach(() => {
+    MockBroadcastChannel['channels'].clear();
+  });
+
+  afterEach(() => {
+    MockBroadcastChannel['channels'].clear();
+  });
+
+  it('listen — creates BroadcastChannel and listens for LOGOUT', () => {
+    const onLogout = vi.fn();
+    const onTokenChange = vi.fn();
+    const sync = new TabSync(onLogout, onTokenChange);
+
+    sync.listen();
+
+    const channel = MockBroadcastChannel['channels'].get('authms:sync');
+    expect(channel).toBeDefined();
+    expect(channel!.name).toBe('authms:sync');
+    expect(channel!.onmessage).toBeDefined();
+
+    channel!.onmessage!({ data: { type: 'LOGOUT', timestamp: Date.now() } });
+    expect(onLogout).toHaveBeenCalledOnce();
+    expect(onTokenChange).not.toHaveBeenCalled();
+  });
+
+  it('broadcast LOGOUT — calls onLogout callback on other listeners', () => {
+    const onLogoutA = vi.fn();
+    const syncA = new TabSync(onLogoutA, vi.fn());
+    syncA.listen();
+
+    const onLogoutB = vi.fn();
+    const onTokenChangeB = vi.fn();
+    const syncB = new TabSync(onLogoutB, onTokenChangeB);
+    syncB.listen();
+
+    syncA.broadcast('LOGOUT');
+
+    expect(onLogoutA).not.toHaveBeenCalled();
+    expect(onLogoutB).toHaveBeenCalledOnce();
+    expect(onTokenChangeB).not.toHaveBeenCalled();
+  });
+
+  it('close — cleans up the channel', () => {
+    const sync = new TabSync(vi.fn(), vi.fn());
+    sync.listen();
+
+    expect(MockBroadcastChannel['channels'].has('authms:sync')).toBe(true);
+
+    sync.close();
+
+    expect(MockBroadcastChannel['channels'].has('authms:sync')).toBe(false);
+  });
+
+  it('non-browser environment — handles missing BroadcastChannel gracefully', () => {
+    const origBC = (globalThis as any).BroadcastChannel;
+    (globalThis as any).BroadcastChannel = undefined;
+
+    const onLogout = vi.fn();
+    const sync = new TabSync(onLogout, vi.fn());
+
+    expect(() => sync.listen()).not.toThrow();
+    expect(onLogout).not.toHaveBeenCalled();
+
+    (globalThis as any).BroadcastChannel = origBC;
+  });
+});

package/src/__tests__/token-manager.test.ts

@@ -0,0 +1,104 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { TokenManager } from '../token-manager';
+import type { StorageAdapter } from '../platform/types';
+
+class MemoryStorage implements StorageAdapter {
+  private store = new Map<string, string>();
+  getItem(key: string) { return this.store.get(key) ?? null; }
+  setItem(key: string, value: string) { this.store.set(key, value); }
+  removeItem(key: string) { this.store.delete(key); }
+  keys() { return Array.from(this.store.keys()); }
+}
+
+function createToken(overrides: Record<string, unknown> = {}): string {
+  const header = btoa(JSON.stringify({ alg: 'HS256', typ: 'JWT' }));
+  const payload = btoa(JSON.stringify({
+    sub: 'user-1',
+    user_id: 'user-1',
+    tenant_id: 'tenant-1',
+    exp: Math.floor(Date.now() / 1000) + 900,
+    iat: Math.floor(Date.now() / 1000),
+    ...overrides,
+  }));
+  return `${header}.${payload}.signature`;
+}
+
+describe('TokenManager', () => {
+  let storage: MemoryStorage;
+  let tm: TokenManager;
+
+  beforeEach(() => {
+    storage = new MemoryStorage();
+    tm = new TokenManager(storage);
+  });
+
+  it('should start with no tokens', () => {
+    expect(tm.getAccessToken()).toBeNull();
+    expect(tm.getRefreshToken()).toBeNull();
+    expect(tm.isAuthenticated()).toBe(false);
+  });
+
+  it('should store and retrieve tokens', async () => {
+    const accessToken = createToken();
+    tm.setTokens(accessToken, 'refresh-1', 900);
+    await tm.persist();
+
+    expect(tm.getAccessToken()).toBe(accessToken);
+    expect(tm.getRefreshToken()).toBe('refresh-1');
+    expect(tm.isAuthenticated()).toBe(true);
+  });
+
+  it('should detect expired tokens', () => {
+    const expiredToken = createToken({ exp: Math.floor(Date.now() / 1000) - 60 });
+    tm.setTokens(expiredToken, 'refresh-1', 900);
+    expect(tm.getAccessToken()).toBeNull();
+    expect(tm.isAuthenticated()).toBe(false);
+  });
+
+  it('should clear all tokens', () => {
+    tm.setTokens(createToken(), 'refresh-1', 900);
+    tm.clear();
+    expect(tm.getAccessToken()).toBeNull();
+    expect(tm.getRefreshToken()).toBeNull();
+    expect(tm.isAuthenticated()).toBe(false);
+  });
+
+  it('should persist and load tokens', async () => {
+    const accessToken = createToken();
+    tm.setTokens(accessToken, 'refresh-1', 900);
+    tm.setUser({ id: 'user-1', name: 'Test' });
+    await tm.persist();
+
+    const tm2 = new TokenManager(storage);
+    await tm2.load();
+    expect(tm2.getAccessToken()).toBe(accessToken);
+    expect(tm2.getRefreshToken()).toBe('refresh-1');
+    expect(tm2.getUser()).toEqual({ id: 'user-1', name: 'Test' });
+  });
+
+  it('should notify listeners on token change', () => {
+    const calls: (string | null)[] = [];
+    const unsub = tm.onTokenChange((t) => calls.push(t));
+    tm.setTokens(createToken(), 'r1', 900);
+    tm.clear();
+    unsub();
+    tm.setTokens(createToken(), 'r2', 900);
+    expect(calls.length).toBe(2);
+    expect(calls[0]).toBeTruthy();
+    expect(calls[1]).toBeNull();
+  });
+
+  it('should decode JWT claims', () => {
+    const token = createToken({ sub: 'user-1', tenant_id: 'tenant-1' });
+    const claims = tm.decodeToken(token);
+    expect(claims?.sub).toBe('user-1');
+    expect(claims?.tenant_id).toBe('tenant-1');
+  });
+
+  it('should manage tenant id', () => {
+    tm.setTenantId('tenant-1');
+    expect(tm.getTenantId()).toBe('tenant-1');
+    tm.setTenantId(null);
+    expect(tm.getTenantId()).toBeNull();
+  });
+});

package/src/api-client.ts

@@ -0,0 +1,203 @@
+import type { HttpAdapter } from './platform/types';
+import type { TokenManager } from './token-manager';
+import { AuthmsError, AuthmsApiError, AuthmsAuthError, AuthmsNetworkError } from './errors';
+
+interface ApiClientConfig {
+  baseUrl: string;
+  tokenManager: TokenManager;
+  http: HttpAdapter;
+  refreshTokenFn: () => Promise<void>;
+  onForceLogout?: () => void;
+}
+
+function snakeToCamel(str: string): string {
+  return str.replace(/_([a-z])/g, (_, c) => c.toUpperCase());
+}
+
+function camelToSnake(str: string): string {
+  return str.replace(/[A-Z]/g, c => '_' + c.toLowerCase());
+}
+
+function transformKeys(obj: unknown, transform: (k: string) => string): unknown {
+  if (obj === null || typeof obj !== 'object') return obj;
+  if (Array.isArray(obj)) return obj.map(v => transformKeys(v, transform));
+  const result: Record<string, unknown> = {};
+  for (const [k, v] of Object.entries(obj as Record<string, unknown>)) {
+    result[transform(k)] = transformKeys(v, transform);
+  }
+  return result;
+}
+
+function unwrapResponse(data: Record<string, unknown>): unknown {
+  if ('data' in data && data.data !== undefined) {
+    return data.data;
+  }
+  if ('items' in data) {
+    return { items: data.items, total: data.total, pagination: data.pagination };
+  }
+  return data;
+}
+
+export class ApiClient {
+  private baseUrl: string;
+  private tokenManager: TokenManager;
+  private http: HttpAdapter;
+  private refreshTokenFn: () => Promise<void>;
+  private onForceLogout?: () => void;
+  private refreshPromise: Promise<void> | null = null;
+  private redirectingToLogin = false;
+
+  constructor(config: ApiClientConfig) {
+    this.baseUrl = config.baseUrl.replace(/\/$/, '');
+    this.tokenManager = config.tokenManager;
+    this.http = config.http;
+    this.refreshTokenFn = config.refreshTokenFn;
+    this.onForceLogout = config.onForceLogout;
+  }
+
+  async get<T>(path: string, params?: Record<string, unknown>): Promise<T> {
+    const url = this.buildUrl(path, params);
+    return this.request<T>(url, { method: 'GET' });
+  }
+
+  async post<T>(path: string, data?: unknown): Promise<T> {
+    const url = `${this.baseUrl}${path}`;
+    return this.request<T>(url, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: data ? JSON.stringify(transformKeys(data, camelToSnake)) : undefined,
+    });
+  }
+
+  async put<T>(path: string, data?: unknown): Promise<T> {
+    const url = `${this.baseUrl}${path}`;
+    return this.request<T>(url, {
+      method: 'PUT',
+      headers: { 'Content-Type': 'application/json' },
+      body: data ? JSON.stringify(transformKeys(data, camelToSnake)) : undefined,
+    });
+  }
+
+  async delete<T>(path: string, params?: Record<string, unknown>): Promise<T> {
+    const url = this.buildUrl(path, params);
+    return this.request<T>(url, { method: 'DELETE' });
+  }
+
+  private buildUrl(path: string, params?: Record<string, unknown>): string {
+    let url = `${this.baseUrl}${path}`;
+    if (params && Object.keys(params).length > 0) {
+      const query = new URLSearchParams();
+      for (const [k, v] of Object.entries(params)) {
+        if (v !== undefined && v !== null) {
+          query.append(camelToSnake(k), String(v));
+        }
+      }
+      url += '?' + query.toString();
+    }
+    return url;
+  }
+
+  private async request<T>(url: string, init: RequestInit): Promise<T> {
+    const headers: Record<string, string> = {
+      ...(init.headers as Record<string, string> || {}),
+    };
+
+    const token = this.tokenManager.getAccessToken();
+    if (token) {
+      headers['Authorization'] = `Bearer ${token}`;
+    }
+
+    const tenantId = this.tokenManager.getTenantId();
+    if (tenantId) {
+      headers['X-Tenant-ID'] = tenantId;
+    }
+
+    const requestInit: RequestInit = {
+      ...init,
+      headers,
+    };
+
+    let response: Response;
+    try {
+      response = await this.http.request(url, requestInit);
+    } catch (err) {
+      throw new AuthmsNetworkError(err instanceof Error ? err.message : 'Network request failed');
+    }
+
+    if (response.status === 401 && !url.includes('/api/v1/auth/login') && !url.includes('/api/v1/auth/refresh')) {
+      return this.handle401<T>(url, requestInit);
+    }
+
+    return this.handleResponse<T>(response);
+  }
+
+  private async handle401<T>(url: string, requestInit: RequestInit): Promise<T> {
+    if (!this.refreshPromise) {
+      this.refreshPromise = (async () => {
+        try {
+          await this.refreshTokenFn();
+        } catch {
+          this.tokenManager.clear();
+          if (!this.redirectingToLogin) {
+            this.redirectingToLogin = true;
+            this.onForceLogout?.();
+            throw new AuthmsAuthError('SESSION_EXPIRED', 'Session expired, please login again', 401);
+          }
+          throw new AuthmsAuthError('REFRESH_FAILED', 'Token refresh failed', 401);
+        } finally {
+          this.refreshPromise = null;
+        }
+      })();
+    }
+
+    await this.refreshPromise;
+
+    const newToken = this.tokenManager.getAccessToken();
+    if (newToken) {
+      const headers = { ...(requestInit.headers as Record<string, string>) };
+      headers['Authorization'] = `Bearer ${newToken}`;
+      const response = await this.http.request(url, { ...requestInit, headers });
+      return this.handleResponse<T>(response);
+    }
+
+    throw new AuthmsAuthError('NOT_AUTHENTICATED', 'Not authenticated', 401);
+  }
+
+  private async handleResponse<T>(response: Response): Promise<T> {
+    if (!response.ok) {
+      await this.handleErrorResponse(response);
+    }
+
+    if (response.status === 204 || response.headers.get('content-length') === '0') {
+      return undefined as unknown as T;
+    }
+
+    const json: Record<string, unknown> = await response.json();
+
+    if (json && typeof json === 'object' && 'code' in json) {
+      const code = String(json.code);
+      if (json.code !== 0) {
+        throw new AuthmsApiError(
+          code,
+          (json.message as string) || 'API error',
+          response.status,
+        );
+      }
+      return transformKeys(unwrapResponse(json), snakeToCamel) as T;
+    }
+
+    return json as T;
+  }
+
+  private async handleErrorResponse(response: Response): Promise<never> {
+    try {
+      const json = await response.json() as Record<string, unknown>;
+      const code = String(json.code ?? response.status);
+      const message = (json.message as string) || `HTTP ${response.status}`;
+      throw new AuthmsApiError(code, message, response.status);
+    } catch (e) {
+      if (e instanceof AuthmsError) throw e;
+      throw new AuthmsNetworkError(`HTTP ${response.status}: ${response.statusText}`);
+    }
+  }
+}