@baasix/sdk 0.1.0

package/dist/modules/auth.js

@@ -0,0 +1,648 @@
+// src/storage/types.ts
+var STORAGE_KEYS = {
+  ACCESS_TOKEN: "baasix_access_token",
+  REFRESH_TOKEN: "baasix_refresh_token",
+  TOKEN_EXPIRY: "baasix_token_expiry",
+  USER: "baasix_user",
+  TENANT: "baasix_tenant"
+};
+
+// src/types.ts
+var BaasixError = class _BaasixError extends Error {
+  status;
+  code;
+  details;
+  isRetryable;
+  constructor(message, status = 500, code, details) {
+    super(message);
+    this.name = "BaasixError";
+    this.status = status;
+    this.code = code;
+    this.details = details;
+    this.isRetryable = status >= 500 || status === 429;
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, _BaasixError);
+    }
+  }
+  toJSON() {
+    return {
+      name: this.name,
+      message: this.message,
+      status: this.status,
+      code: this.code,
+      details: this.details
+    };
+  }
+};
+
+// src/modules/auth.ts
+var AuthModule = class {
+  client;
+  storage;
+  authMode;
+  onAuthStateChange;
+  currentUser = null;
+  constructor(config) {
+    this.client = config.client;
+    this.storage = config.storage;
+    this.authMode = config.authMode;
+    this.onAuthStateChange = config.onAuthStateChange;
+  }
+  /**
+   * Emit an authentication state change event
+   */
+  emitAuthStateChange(event, user) {
+    this.currentUser = user;
+    this.onAuthStateChange?.(event, user);
+  }
+  /**
+   * Store authentication tokens
+   */
+  async storeTokens(response) {
+    if (this.authMode === "jwt") {
+      await this.storage.set(STORAGE_KEYS.ACCESS_TOKEN, response.token);
+      if (response.refreshToken) {
+        await this.storage.set(STORAGE_KEYS.REFRESH_TOKEN, response.refreshToken);
+      }
+      if (response.expiresIn) {
+        const expiresAt = Date.now() + response.expiresIn * 1e3;
+        await this.storage.set(STORAGE_KEYS.TOKEN_EXPIRY, expiresAt.toString());
+      }
+    }
+    if (response.user) {
+      await this.storage.set(STORAGE_KEYS.USER, JSON.stringify(response.user));
+    }
+  }
+  /**
+   * Clear stored authentication data
+   */
+  async clearAuth() {
+    await this.storage.remove(STORAGE_KEYS.ACCESS_TOKEN);
+    await this.storage.remove(STORAGE_KEYS.REFRESH_TOKEN);
+    await this.storage.remove(STORAGE_KEYS.TOKEN_EXPIRY);
+    await this.storage.remove(STORAGE_KEYS.USER);
+    await this.storage.remove(STORAGE_KEYS.TENANT);
+    this.currentUser = null;
+  }
+  /**
+   * Register a new user
+   *
+   * @example
+   * ```typescript
+   * const { user, token } = await baasix.auth.register({
+   *   email: 'newuser@example.com',
+   *   password: 'securepassword',
+   *   firstName: 'John',
+   *   lastName: 'Doe'
+   * });
+   * ```
+   */
+  async register(data) {
+    const response = await this.client.post("/auth/register", data, {
+      skipAuth: true
+    });
+    await this.storeTokens(response);
+    this.emitAuthStateChange("SIGNED_IN", response.user);
+    return response;
+  }
+  /**
+   * Login with email and password
+   *
+   * @example
+   * ```typescript
+   * const { user, token } = await baasix.auth.login({
+   *   email: 'user@example.com',
+   *   password: 'password123'
+   * });
+   *
+   * // Login with tenant (multi-tenant mode)
+   * const result = await baasix.auth.login({
+   *   email: 'user@example.com',
+   *   password: 'password123',
+   *   tenantId: 'tenant-uuid'
+   * });
+   * ```
+   */
+  async login(credentials) {
+    const response = await this.client.post(
+      "/auth/login",
+      {
+        email: credentials.email,
+        password: credentials.password,
+        tenant_Id: credentials.tenantId
+      },
+      { skipAuth: true }
+    );
+    await this.storeTokens(response);
+    this.emitAuthStateChange("SIGNED_IN", response.user);
+    return response;
+  }
+  /**
+   * Logout the current user
+   *
+   * @example
+   * ```typescript
+   * await baasix.auth.logout();
+   * ```
+   */
+  async logout() {
+    try {
+      await this.client.get("/auth/logout");
+    } catch {
+    }
+    await this.clearAuth();
+    this.emitAuthStateChange("SIGNED_OUT", null);
+  }
+  /**
+   * Get the current authenticated user from the server
+   *
+   * @example
+   * ```typescript
+   * const user = await baasix.auth.getUser();
+   * console.log(user?.email);
+   * ```
+   */
+  async getUser() {
+    try {
+      const response = await this.client.get("/auth/me");
+      this.currentUser = response.data;
+      await this.storage.set(STORAGE_KEYS.USER, JSON.stringify(response.data));
+      return response.data;
+    } catch (error) {
+      if (error instanceof BaasixError && error.status === 401) {
+        await this.clearAuth();
+        return null;
+      }
+      throw error;
+    }
+  }
+  /**
+   * Get the cached current user (does not make an API call)
+   *
+   * @example
+   * ```typescript
+   * const user = await baasix.auth.getCachedUser();
+   * ```
+   */
+  async getCachedUser() {
+    if (this.currentUser) {
+      return this.currentUser;
+    }
+    const userJson = await this.storage.get(STORAGE_KEYS.USER);
+    if (userJson) {
+      try {
+        this.currentUser = JSON.parse(userJson);
+        return this.currentUser;
+      } catch {
+        return null;
+      }
+    }
+    return null;
+  }
+  /**
+   * Check if user is authenticated (has valid token)
+   *
+   * @example
+   * ```typescript
+   * if (await baasix.auth.isAuthenticated()) {
+   *   // User is logged in
+   * }
+   * ```
+   */
+  async isAuthenticated() {
+    if (this.authMode === "cookie") {
+      const user = await this.getCachedUser();
+      return user !== null;
+    }
+    const token = await this.storage.get(STORAGE_KEYS.ACCESS_TOKEN);
+    if (!token) return false;
+    const expiry = await this.storage.get(STORAGE_KEYS.TOKEN_EXPIRY);
+    if (expiry && Date.now() >= parseInt(expiry, 10)) {
+      const refreshToken = await this.storage.get(STORAGE_KEYS.REFRESH_TOKEN);
+      return !!refreshToken;
+    }
+    return true;
+  }
+  /**
+   * Get the current access token
+   *
+   * @example
+   * ```typescript
+   * const token = await baasix.auth.getToken();
+   * ```
+   */
+  async getToken() {
+    if (this.authMode === "cookie") {
+      return null;
+    }
+    return await this.storage.get(STORAGE_KEYS.ACCESS_TOKEN);
+  }
+  /**
+   * Set a static token (useful for server-side or service accounts)
+   *
+   * @example
+   * ```typescript
+   * baasix.auth.setToken('your-api-token');
+   * ```
+   */
+  async setToken(token) {
+    await this.storage.set(STORAGE_KEYS.ACCESS_TOKEN, token);
+  }
+  /**
+   * Refresh the current token
+   *
+   * @example
+   * ```typescript
+   * const tokens = await baasix.auth.refreshToken();
+   * ```
+   */
+  async refreshToken() {
+    const refreshToken = await this.storage.get(STORAGE_KEYS.REFRESH_TOKEN);
+    const response = await this.client.post(
+      "/auth/refresh",
+      this.authMode === "jwt" ? { refreshToken } : void 0
+    );
+    await this.storeTokens(response);
+    const tokens = {
+      accessToken: response.token,
+      refreshToken: response.refreshToken,
+      expiresIn: response.expiresIn,
+      expiresAt: response.expiresIn ? Date.now() + response.expiresIn * 1e3 : void 0
+    };
+    this.emitAuthStateChange("TOKEN_REFRESHED", response.user);
+    return tokens;
+  }
+  /**
+   * Request a magic link for passwordless login
+   *
+   * @example
+   * ```typescript
+   * await baasix.auth.sendMagicLink({
+   *   email: 'user@example.com',
+   *   redirectUrl: 'https://myapp.com/auth/callback'
+   * });
+   * ```
+   */
+  async sendMagicLink(options) {
+    await this.client.post(
+      "/auth/magiclink",
+      {
+        email: options.email,
+        link: options.redirectUrl,
+        mode: options.mode || "link"
+      },
+      { skipAuth: true }
+    );
+  }
+  /**
+   * Verify magic link/code and complete login
+   *
+   * @example
+   * ```typescript
+   * const { user, token } = await baasix.auth.verifyMagicLink('verification-token');
+   * ```
+   */
+  async verifyMagicLink(token) {
+    const response = await this.client.get(
+      `/auth/magiclink/${encodeURIComponent(token)}`,
+      { skipAuth: true }
+    );
+    await this.storeTokens(response);
+    this.emitAuthStateChange("SIGNED_IN", response.user);
+    return response;
+  }
+  /**
+   * Request a password reset
+   *
+   * @example
+   * ```typescript
+   * await baasix.auth.forgotPassword({
+   *   email: 'user@example.com',
+   *   redirectUrl: 'https://myapp.com/reset-password'
+   * });
+   * ```
+   */
+  async forgotPassword(options) {
+    await this.client.post(
+      "/auth/forgot-password",
+      {
+        email: options.email,
+        link: options.redirectUrl
+      },
+      { skipAuth: true }
+    );
+  }
+  /**
+   * Reset password using a reset token
+   *
+   * @example
+   * ```typescript
+   * await baasix.auth.resetPassword('reset-token', 'newpassword123');
+   * ```
+   */
+  async resetPassword(token, newPassword) {
+    await this.client.post(
+      "/auth/reset-password",
+      { token, password: newPassword },
+      { skipAuth: true }
+    );
+  }
+  /**
+   * Change the current user's password
+   *
+   * @example
+   * ```typescript
+   * await baasix.auth.changePassword('currentPassword', 'newPassword');
+   * ```
+   */
+  async changePassword(currentPassword, newPassword) {
+    await this.client.post("/auth/change-password", {
+      currentPassword,
+      newPassword
+    });
+  }
+  /**
+   * Update the current user's profile
+   *
+   * @example
+   * ```typescript
+   * const updatedUser = await baasix.auth.updateProfile({
+   *   firstName: 'Jane',
+   *   lastName: 'Doe'
+   * });
+   * ```
+   */
+  async updateProfile(data) {
+    const response = await this.client.patch("/auth/me", data);
+    await this.storage.set(STORAGE_KEYS.USER, JSON.stringify(response.data));
+    this.emitAuthStateChange("USER_UPDATED", response.data);
+    return response.data;
+  }
+  /**
+   * Get available tenants for the current user (multi-tenant mode)
+   *
+   * @example
+   * ```typescript
+   * const tenants = await baasix.auth.getTenants();
+   * ```
+   */
+  async getTenants() {
+    const response = await this.client.get("/auth/tenants");
+    return response.data;
+  }
+  /**
+   * Switch to a different tenant (multi-tenant mode)
+   *
+   * @example
+   * ```typescript
+   * const { user, token } = await baasix.auth.switchTenant('tenant-uuid');
+   * ```
+   */
+  async switchTenant(tenantId) {
+    const response = await this.client.post("/auth/switch-tenant", {
+      tenant_Id: tenantId
+    });
+    await this.storeTokens(response);
+    await this.storage.set(STORAGE_KEYS.TENANT, tenantId);
+    this.emitAuthStateChange("TENANT_SWITCHED", response.user);
+    return response;
+  }
+  /**
+   * Get the current authentication state
+   *
+   * @example
+   * ```typescript
+   * const state = await baasix.auth.getState();
+   * console.log(state.isAuthenticated, state.user);
+   * ```
+   */
+  async getState() {
+    const isAuthenticated = await this.isAuthenticated();
+    const user = await this.getCachedUser();
+    return {
+      user,
+      isAuthenticated,
+      isLoading: false,
+      error: null
+    };
+  }
+  /**
+   * Initialize authentication state from storage
+   * Call this on app startup to restore previous session
+   *
+   * @example
+   * ```typescript
+   * await baasix.auth.initialize();
+   * ```
+   */
+  async initialize() {
+    const state = await this.getState();
+    if (state.isAuthenticated && state.user) {
+      this.emitAuthStateChange("SIGNED_IN", state.user);
+    }
+    return state;
+  }
+  // ===================
+  // OAuth / Social Login
+  // ===================
+  /**
+   * Get the OAuth authorization URL for a provider
+   * Redirect the user to this URL to start the OAuth flow
+   * 
+   * @example
+   * ```typescript
+   * const url = baasix.auth.getOAuthUrl({
+   *   provider: 'google',
+   *   redirectUrl: 'https://myapp.com/auth/callback'
+   * });
+   * window.location.href = url;
+   * ```
+   */
+  getOAuthUrl(options) {
+    const baseUrl = this.client.getBaseUrl();
+    const params = new URLSearchParams({
+      redirect_url: options.redirectUrl
+    });
+    if (options.scopes?.length) {
+      params.set("scopes", options.scopes.join(","));
+    }
+    if (options.state) {
+      params.set("state", options.state);
+    }
+    return `${baseUrl}/auth/signin/${options.provider}?${params.toString()}`;
+  }
+  /**
+   * Handle OAuth callback and complete login
+   * Call this from your callback page with the token from URL
+   * 
+   * @example
+   * ```typescript
+   * // In your callback page
+   * const params = new URLSearchParams(window.location.search);
+   * const token = params.get('token');
+   * 
+   * if (token) {
+   *   await baasix.auth.handleOAuthCallback(token);
+   * }
+   * ```
+   */
+  async handleOAuthCallback(token) {
+    await this.storage.set(STORAGE_KEYS.ACCESS_TOKEN, token);
+    const user = await this.getUser();
+    const response = {
+      token,
+      user
+    };
+    this.emitAuthStateChange("SIGNED_IN", user);
+    return response;
+  }
+  // ===================
+  // Email Verification
+  // ===================
+  /**
+   * Request email verification
+   * Sends a verification email to the current user
+   * 
+   * @example
+   * ```typescript
+   * await baasix.auth.requestEmailVerification('https://myapp.com/verify-email');
+   * ```
+   */
+  async requestEmailVerification(redirectUrl) {
+    await this.client.post("/auth/request-verify-email", {
+      link: redirectUrl
+    });
+  }
+  /**
+   * Verify email with token
+   * 
+   * @example
+   * ```typescript
+   * const params = new URLSearchParams(window.location.search);
+   * const token = params.get('token');
+   * 
+   * await baasix.auth.verifyEmail(token);
+   * ```
+   */
+  async verifyEmail(token) {
+    await this.client.get("/auth/verify-email", {
+      params: { token },
+      skipAuth: true
+    });
+  }
+  /**
+   * Check if current session/token is valid
+   * 
+   * @example
+   * ```typescript
+   * const isValid = await baasix.auth.checkSession();
+   * ```
+   */
+  async checkSession() {
+    try {
+      const response = await this.client.get("/auth/check");
+      return response.data.valid;
+    } catch {
+      return false;
+    }
+  }
+  // ===================
+  // Invitation System
+  // ===================
+  /**
+   * Send an invitation to a user (multi-tenant mode)
+   * 
+   * @example
+   * ```typescript
+   * await baasix.auth.sendInvite({
+   *   email: 'newuser@example.com',
+   *   roleId: 'role-uuid',
+   *   tenantId: 'tenant-uuid',
+   *   redirectUrl: 'https://myapp.com/accept-invite'
+   * });
+   * ```
+   */
+  async sendInvite(options) {
+    await this.client.post("/auth/invite", {
+      email: options.email,
+      role_Id: options.roleId,
+      tenant_Id: options.tenantId,
+      link: options.redirectUrl
+    });
+  }
+  /**
+   * Verify an invitation token
+   * 
+   * @example
+   * ```typescript
+   * const params = new URLSearchParams(window.location.search);
+   * const token = params.get('token');
+   * 
+   * const result = await baasix.auth.verifyInvite(token);
+   * if (result.valid) {
+   *   // Show registration form with pre-filled email
+   * }
+   * ```
+   */
+  async verifyInvite(token, redirectUrl) {
+    const response = await this.client.get(
+      "/auth/verify-invite",
+      {
+        params: {
+          token,
+          link: redirectUrl
+        },
+        skipAuth: true
+      }
+    );
+    return response.data;
+  }
+  /**
+   * Accept an invitation (for existing users)
+   * 
+   * @example
+   * ```typescript
+   * await baasix.auth.acceptInvite(token);
+   * ```
+   */
+  async acceptInvite(token) {
+    const response = await this.client.post(
+      "/auth/accept-invite",
+      { token }
+    );
+    await this.storeTokens(response);
+    this.emitAuthStateChange("SIGNED_IN", response.user);
+    return response;
+  }
+  /**
+   * Register with an invitation token
+   * 
+   * @example
+   * ```typescript
+   * const { user, token } = await baasix.auth.registerWithInvite({
+   *   email: 'user@example.com',
+   *   password: 'password',
+   *   firstName: 'John',
+   *   lastName: 'Doe',
+   *   inviteToken: 'invite-token'
+   * });
+   * ```
+   */
+  async registerWithInvite(data) {
+    const response = await this.client.post(
+      "/auth/register",
+      {
+        ...data,
+        inviteToken: data.inviteToken
+      },
+      { skipAuth: true }
+    );
+    await this.storeTokens(response);
+    this.emitAuthStateChange("SIGNED_IN", response.user);
+    return response;
+  }
+};
+
+export { AuthModule };
+//# sourceMappingURL=auth.js.map
+//# sourceMappingURL=auth.js.map