npm - @bagelink/auth - Versions diffs - 1.4.178 → 1.4.182 - Mend

@bagelink/auth 1.4.178 → 1.4.182

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/README.md CHANGED Viewed

@@ -28,18 +28,14 @@ bun add @bagelink/auth
 ### 1. Initialize Auth
 ```typescript
-import { initAuth } from '@bagelink/auth'
-import axios from 'axios'
+import { initAuth, AuthState } from '@bagelink/auth'
 const auth = initAuth({
-  axios: axios,
   baseURL: 'https://api.example.com'
 })
 // Listen to auth events
-auth.on(AuthState.LOGIN, () => {
-  console.log('User logged in!')
-})
+auth.on(AuthState.LOGIN, () => console.log('User logged in!'))
 ```
 ### 2. Use in Vue Components
@@ -50,17 +46,23 @@ import { useAuth } from '@bagelink/auth'
 const {
   user,           // Primary state - use this!
+  sso,            // SSO providers
   getIsLoggedIn,
   login,
   logout
 } = useAuth()
-const handleLogin = async () => {
+const handlePasswordLogin = async () => {
   await login({
     email: 'user@example.com',
     password: 'password'
   })
 }
+const handleSSOLogin = async () => {
+  // SSO is just this simple!
+  await sso.google.redirect()
+}
 </script>
 <template>
@@ -70,7 +72,8 @@ const handleLogin = async () => {
     <button @click="logout">Logout</button>
   </div>
   <div v-else>
-    <button @click="handleLogin">Login</button>
+    <button @click="handlePasswordLogin">Login with Password</button>
+    <button @click="handleSSOLogin">Login with Google</button>
   </div>
 </template>
 ```

package/dist/index.cjs CHANGED Viewed

@@ -7,12 +7,12 @@ function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'defau
 const axios__default = /*#__PURE__*/_interopDefaultCompat(axios);
-function createAxiosInstance(baseURL = "") {
+function createAxiosInstance(baseURL) {
   return axios__default.create({
-    baseURL: baseURL || "",
+    baseURL,
+    withCredentials: true,
     headers: {
-      "Content-Type": "application/json",
-      "withCredentials": true
+      "Content-Type": "application/json"
     }
   });
 }
@@ -49,16 +49,12 @@ class EventEmitter {
 class AuthApi {
   api;
-  constructor(axiosInstance, baseURL = "") {
-    this.api = axiosInstance || createAxiosInstance(baseURL);
+  constructor(baseURL = "") {
+    this.api = createAxiosInstance(baseURL);
     this.setupInterceptors();
   }
   setupInterceptors() {
     this.api.interceptors.request.use((config) => {
-      const sessionToken = localStorage.getItem("session_token");
-      if (sessionToken !== null && config.headers) {
-        config.headers.Authorization = `Bearer ${sessionToken}`;
-      }
       const urlParams = new URLSearchParams(window.location.search);
       const resetToken = urlParams.get("token");
       if (resetToken !== null && config.headers) {
@@ -80,45 +76,67 @@ class AuthApi {
    * Register a new account
    */
   async register(data) {
-    const response = await this.api.post("/authentication/register", {
+    return this.api.post("/authentication/register", {
       ...data,
       email: data.email.toLowerCase()
     });
-    if (response.data.session_token) {
-      localStorage.setItem("session_token", response.data.session_token);
-    }
-    return response;
   }
   /**
    * Login with password
    */
   async login(email, password) {
-    const response = await this.api.post("/authentication/login/password", {
+    return this.api.post("/authentication/login/password", {
       email: email.toLowerCase(),
       password
     });
-    if (response.data.session_token) {
-      localStorage.setItem("session_token", response.data.session_token);
-    }
-    return response;
   }
   /**
    * Logout and clear session
    */
   async logout() {
-    const response = await this.api.post("/authentication/logout", {});
-    localStorage.removeItem("session_token");
-    return response;
+    return this.api.post("/authentication/logout", {});
   }
   /**
    * Refresh current session
    */
   async refreshSession() {
-    const response = await this.api.post("/authentication/refresh", {});
-    if (response.data.session_token) {
-      localStorage.setItem("session_token", response.data.session_token);
-    }
-    return response;
+    return this.api.post("/authentication/refresh", {});
+  }
+  // ============================================
+  // SSO Authentication Methods
+  // ============================================
+  /**
+   * Initiate SSO login flow
+   * Returns authorization URL to redirect user to
+   */
+  async initiateSSO(data) {
+    return this.api.post(`/authentication/sso/${data.provider}/initiate`, {
+      redirect_uri: data.redirect_uri,
+      state: data.state
+    });
+  }
+  /**
+   * Complete SSO login after callback from provider
+   */
+  async ssoCallback(data) {
+    return this.api.post(`/authentication/sso/${data.provider}/callback`, {
+      code: data.code,
+      state: data.state
+    });
+  }
+  /**
+   * Link an SSO provider to existing account
+   */
+  async linkSSOProvider(data) {
+    return this.api.post(`/authentication/sso/${data.provider}/link`, {
+      code: data.code
+    });
+  }
+  /**
+   * Unlink an SSO provider from account
+   */
+  async unlinkSSOProvider(provider) {
+    return this.api.delete(`/authentication/sso/${provider}/unlink`);
   }
   // ============================================
   // Current User (Me) Methods
@@ -139,9 +157,7 @@ class AuthApi {
    * Delete current user account
    */
   async deleteCurrentUser() {
-    const response = await this.api.delete("/authentication/me");
-    localStorage.removeItem("session_token");
-    return response;
+    return this.api.delete("/authentication/me");
   }
   // ============================================
   // Account Management (Admin)
@@ -251,6 +267,356 @@ class AuthApi {
   }
 }
+let authApiRef = null;
+function setAuthContext(authApi) {
+  authApiRef = authApi;
+}
+function getAuthApi() {
+  if (!authApiRef) {
+    throw new Error("SSO auth context not initialized. Make sure to call useAuth() before using SSO methods.");
+  }
+  return authApiRef;
+}
+class SSOError extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "SSOError";
+  }
+}
+class PopupBlockedError extends SSOError {
+  constructor() {
+    super("Popup was blocked. Please allow popups for this site.", "POPUP_BLOCKED");
+    this.name = "PopupBlockedError";
+  }
+}
+class PopupClosedError extends SSOError {
+  constructor() {
+    super("Popup was closed by user", "POPUP_CLOSED");
+    this.name = "PopupClosedError";
+  }
+}
+class PopupTimeoutError extends SSOError {
+  constructor() {
+    super("Popup authentication timed out", "POPUP_TIMEOUT");
+    this.name = "PopupTimeoutError";
+  }
+}
+class StateMismatchError extends SSOError {
+  constructor() {
+    super("State mismatch - possible CSRF attack", "STATE_MISMATCH");
+    this.name = "StateMismatchError";
+  }
+}
+function generateState() {
+  const array = new Uint8Array(32);
+  crypto.getRandomValues(array);
+  return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join("");
+}
+function openPopup(url, width = 500, height = 600) {
+  const left = window.screenX + (window.outerWidth - width) / 2;
+  const top = window.screenY + (window.outerHeight - height) / 2;
+  return window.open(
+    url,
+    "oauth-popup",
+    `width=${width},height=${height},left=${left},top=${top},toolbar=no,menubar=no,location=no,status=no`
+  );
+}
+function waitForPopupCallback(popup, provider, timeoutMs = 9e4) {
+  return new Promise((resolve, reject) => {
+    let done = false;
+    const finish = (fn) => {
+      if (!done) {
+        done = true;
+        fn();
+      }
+    };
+    const timer = setTimeout(() => {
+      finish(() => {
+        reject(new PopupTimeoutError());
+      });
+    }, timeoutMs);
+    function onMessage(ev) {
+      try {
+        if (ev.origin !== window.location.origin) return;
+        const data = ev.data || {};
+        if (data.type !== "auth:complete" || data.provider !== provider) return;
+        cleanup();
+        if (data.error) {
+          reject(new SSOError(data.error, "OAUTH_ERROR"));
+        } else if (data.code) {
+          resolve({ code: data.code, state: data.state });
+        }
+      } catch {
+      }
+    }
+    const pollInterval = setInterval(() => {
+      try {
+        if (popup.closed) {
+          cleanup();
+          reject(new PopupClosedError());
+          return;
+        }
+        const url = new URL(popup.location.href);
+        if (url.origin === window.location.origin) {
+          const code = url.searchParams.get("code");
+          const state = url.searchParams.get("state") ?? void 0;
+          const error = url.searchParams.get("error");
+          if (code || error) {
+            cleanup();
+            try {
+              popup.close();
+            } catch {
+            }
+            if (error) {
+              reject(new SSOError(error, "OAUTH_ERROR"));
+            } else if (code) {
+              resolve({ code, state });
+            }
+          }
+        }
+      } catch {
+      }
+    }, 150);
+    function cleanup() {
+      finish(() => {
+        clearInterval(pollInterval);
+        clearTimeout(timer);
+        window.removeEventListener("message", onMessage);
+        try {
+          popup.close();
+        } catch {
+        }
+      });
+    }
+    window.addEventListener("message", onMessage);
+  });
+}
+function createSSOProvider(config) {
+  const getDefaultRedirectUri = () => {
+    if (typeof window !== "undefined") {
+      return `${window.location.origin}/auth/callback`;
+    }
+    return `/auth/callback`;
+  };
+  const getStateKey = () => `oauth_state:${config.id}`;
+  return {
+    ...config,
+    async redirect(options = {}) {
+      const auth = getAuthApi();
+      const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
+      const state = options.state ?? generateState();
+      if (typeof sessionStorage !== "undefined") {
+        sessionStorage.setItem(getStateKey(), state);
+        sessionStorage.setItem(`oauth_provider:${state}`, config.id);
+      }
+      const authUrl = await auth.initiateSSO({
+        provider: config.id,
+        redirect_uri: redirectUri,
+        state,
+        scopes: options.scopes ?? config.defaultScopes,
+        params: options.params
+      });
+      window.location.href = authUrl;
+    },
+    async popup(options = {}) {
+      const auth = getAuthApi();
+      const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
+      const state = options.state ?? generateState();
+      const timeout = options.popupTimeout ?? 9e4;
+      if (typeof sessionStorage !== "undefined") {
+        sessionStorage.setItem(getStateKey(), state);
+        sessionStorage.setItem(`oauth_provider:${state}`, config.id);
+      }
+      const authUrl = await auth.initiateSSO({
+        provider: config.id,
+        redirect_uri: redirectUri,
+        state,
+        scopes: options.scopes ?? config.defaultScopes,
+        params: options.params
+      });
+      const { width = 500, height = 600 } = options.popupDimensions ?? {};
+      const popupWindow = openPopup(authUrl, width, height);
+      if (!popupWindow) {
+        throw new PopupBlockedError();
+      }
+      const result = await waitForPopupCallback(popupWindow, config.id, timeout);
+      return auth.loginWithSSO({
+        provider: config.id,
+        code: result.code,
+        state: result.state
+      });
+    },
+    async callback(code, state) {
+      const auth = getAuthApi();
+      if (typeof sessionStorage !== "undefined" && state) {
+        const storedState = sessionStorage.getItem(getStateKey());
+        sessionStorage.removeItem(getStateKey());
+        sessionStorage.removeItem(`oauth_provider:${state}`);
+        if (storedState && storedState !== state) {
+          throw new StateMismatchError();
+        }
+      }
+      return auth.loginWithSSO({
+        provider: config.id,
+        code,
+        state
+      });
+    },
+    async link(code) {
+      const auth = getAuthApi();
+      await auth.linkSSOProvider({
+        provider: config.id,
+        code
+      });
+    },
+    async unlink() {
+      const auth = getAuthApi();
+      await auth.unlinkSSOProvider(config.id);
+    },
+    async getAuthUrl(options = {}) {
+      const auth = getAuthApi();
+      const redirectUri = options.redirectUri ?? getDefaultRedirectUri();
+      const state = options.state ?? generateState();
+      return auth.initiateSSO({
+        provider: config.id,
+        redirect_uri: redirectUri,
+        state,
+        scopes: options.scopes ?? config.defaultScopes,
+        params: options.params
+      });
+    },
+    supportsPopup: true
+    // Default, can be overridden per provider
+  };
+}
+const sso = {
+  /**
+   * Google OAuth Provider
+   * https://developers.google.com/identity/protocols/oauth2
+   */
+  google: createSSOProvider({
+    id: "google",
+    name: "Google",
+    color: "#4285F4",
+    icon: "google",
+    defaultScopes: ["openid", "email", "profile"],
+    metadata: {
+      authDomain: "accounts.google.com",
+      buttonText: "Continue with Google"
+    }
+  }),
+  /**
+   * Microsoft OAuth Provider (Azure AD / Microsoft Entra ID)
+   * https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
+   */
+  microsoft: createSSOProvider({
+    id: "microsoft",
+    name: "Microsoft",
+    color: "#00A4EF",
+    icon: "microsoft",
+    defaultScopes: ["openid", "email", "profile", "User.Read"],
+    metadata: {
+      authDomain: "login.microsoftonline.com",
+      buttonText: "Continue with Microsoft"
+    }
+  }),
+  /**
+   * GitHub OAuth Provider
+   * https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
+   */
+  github: createSSOProvider({
+    id: "github",
+    name: "GitHub",
+    color: "#24292E",
+    icon: "github",
+    defaultScopes: ["read:user", "user:email"],
+    metadata: {
+      authDomain: "github.com",
+      buttonText: "Continue with GitHub"
+    }
+  }),
+  /**
+   * Okta OAuth Provider
+   * https://developer.okta.com/docs/guides/implement-grant-type/authcode/main/
+   */
+  okta: createSSOProvider({
+    id: "okta",
+    name: "Okta",
+    color: "#007DC1",
+    icon: "okta",
+    defaultScopes: ["openid", "email", "profile"],
+    metadata: {
+      buttonText: "Continue with Okta"
+    }
+  }),
+  /**
+   * Apple Sign In Provider
+   * https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api
+   * Note: Apple works best with redirect flow on web
+   */
+  apple: {
+    ...createSSOProvider({
+      id: "apple",
+      name: "Apple",
+      color: "#000000",
+      icon: "apple",
+      defaultScopes: ["name", "email"],
+      metadata: {
+        authDomain: "appleid.apple.com",
+        buttonText: "Continue with Apple"
+      }
+    }),
+    supportsPopup: false,
+    // Apple prefers redirect on web
+    // Override popup to use redirect for better UX
+    async popup(options) {
+      return this.redirect(options);
+    }
+  },
+  /**
+   * Facebook OAuth Provider
+   * https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow
+   */
+  facebook: createSSOProvider({
+    id: "facebook",
+    name: "Facebook",
+    color: "#1877F2",
+    icon: "facebook",
+    defaultScopes: ["email", "public_profile"],
+    metadata: {
+      authDomain: "www.facebook.com",
+      buttonText: "Continue with Facebook"
+    }
+  })
+};
+const ssoProviders = Object.values(sso);
+function getSSOProvider(provider) {
+  return sso[provider];
+}
+function getAllSSOProviders() {
+  return ssoProviders;
+}
+function isSupportedProvider(provider) {
+  return provider in sso;
+}
+async function handleOAuthCallback() {
+  if (typeof window === "undefined") {
+    return null;
+  }
+  const urlParams = new URLSearchParams(window.location.search);
+  const code = urlParams.get("code");
+  const state = urlParams.get("state");
+  if (!code || !state) {
+    return null;
+  }
+  const provider = sessionStorage.getItem(`oauth_provider:${state}`);
+  if (!provider || !isSupportedProvider(provider)) {
+    throw new Error("Unable to determine OAuth provider. State may have expired.");
+  }
+  return sso[provider].callback(code, state);
+}
 var AuthState = /* @__PURE__ */ ((AuthState2) => {
   AuthState2["LOGIN"] = "login";
   AuthState2["LOGOUT"] = "logout";
@@ -291,7 +657,7 @@ function accountToUser(account) {
       metadata: account.entity.metadata
     };
   }
-  const emailMethod = account.authentication_methods?.find(
+  const emailMethod = account.authentication_methods.find(
     (m) => m.type === "password" || m.type === "email_token"
   );
   return {
@@ -310,11 +676,10 @@ let authApi = null;
 let eventEmitter = null;
 const accountInfo = vue.ref(null);
 function initAuth({
-  axios,
   baseURL
 }) {
   if (authApi === null) {
-    authApi = new AuthApi(axios, baseURL);
+    authApi = new AuthApi(baseURL);
   }
   if (eventEmitter === null) {
     eventEmitter = new EventEmitter();
@@ -350,6 +715,29 @@ function useAuth() {
   }
   const api = authApi;
   const emitter = eventEmitter;
+  const authMethods = {
+    initiateSSO: async (params) => {
+      const { data } = await api.initiateSSO(params);
+      return data.authorization_url;
+    },
+    loginWithSSO: async (params) => {
+      const { data } = await api.ssoCallback(params);
+      if (data.success === true && data.requires_verification !== true) {
+        await checkAuth();
+      }
+      emitter.emit(AuthState.LOGIN);
+      return data;
+    },
+    linkSSOProvider: async (params) => {
+      await api.linkSSOProvider(params);
+      await checkAuth();
+    },
+    unlinkSSOProvider: async (provider) => {
+      await api.unlinkSSOProvider(provider);
+      await checkAuth();
+    }
+  };
+  setAuthContext(authMethods);
   const user = vue.computed(() => accountToUser(accountInfo.value));
   const getFullName = () => {
     return user.value?.name ?? "";
@@ -488,11 +876,33 @@ function useAuth() {
     }
     await api.revokeAllSessions(id);
   }
+  async function initiateSSO(params) {
+    const { data } = await api.initiateSSO(params);
+    return data.authorization_url;
+  }
+  async function loginWithSSO(params) {
+    const { data } = await api.ssoCallback(params);
+    if (data.success === true && data.requires_verification !== true) {
+      await checkAuth();
+    }
+    emitter.emit(AuthState.LOGIN);
+    return data;
+  }
+  async function linkSSOProvider(params) {
+    await api.linkSSOProvider(params);
+    await checkAuth();
+  }
+  async function unlinkSSOProvider(provider) {
+    await api.unlinkSSOProvider(provider);
+    await checkAuth();
+  }
   return {
     // Primary State (use this!)
     user,
     // Full account info (for advanced use cases)
     accountInfo,
+    // SSO Providers (ready to use!)
+    sso,
     // Getters
     getFullName,
     getIsLoggedIn,
@@ -507,6 +917,11 @@ function useAuth() {
     signup,
     checkAuth,
     refreshSession,
+    // SSO Authentication (lower-level - prefer using sso.google.redirect())
+    initiateSSO,
+    loginWithSSO,
+    linkSSOProvider,
+    unlinkSSOProvider,
     // Profile Actions
     updateProfile,
     deleteCurrentUser,
@@ -531,6 +946,18 @@ function useAuth() {
 exports.AuthApi = AuthApi;
 exports.AuthState = AuthState;
+exports.PopupBlockedError = PopupBlockedError;
+exports.PopupClosedError = PopupClosedError;
+exports.PopupTimeoutError = PopupTimeoutError;
+exports.SSOError = SSOError;
+exports.StateMismatchError = StateMismatchError;
 exports.accountToUser = accountToUser;
+exports.getAllSSOProviders = getAllSSOProviders;
+exports.getSSOProvider = getSSOProvider;
+exports.handleOAuthCallback = handleOAuthCallback;
 exports.initAuth = initAuth;
+exports.isSupportedProvider = isSupportedProvider;
+exports.setAuthContext = setAuthContext;
+exports.sso = sso;
+exports.ssoProviders = ssoProviders;
 exports.useAuth = useAuth;