@bagelink/auth 1.7.72 → 1.7.74

package/dist/index.cjs

@@ -1391,70 +1391,56 @@ const _sfc_main = /* @__PURE__ */ vue.defineComponent({
     };
   }
 });
-function createAuthRoutes(config = {}) {
-  const {
-    basePath = "",
-    namePrefix = "",
-    routeNames = {},
-    layout
-  } = config;
-  const createRouteName = (name) => namePrefix ? `${namePrefix}${name}` : name;
-  const routes = [
-    {
-      path: `${basePath}/login`,
-      name: routeNames.login || createRouteName("Login"),
-      component: () => Promise.resolve().then(() => require("./LoginPage-hv1wc54S.cjs")),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/signup`,
-      name: routeNames.signup || createRouteName("Signup"),
-      component: () => Promise.resolve().then(() => require("./SignupPage-m36w9PLJ.cjs")),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/forgot-password`,
-      name: routeNames.forgotPassword || createRouteName("ForgotPassword"),
-      component: () => Promise.resolve().then(() => require("./ForgotPasswordPage-BV9tyhHl.cjs")),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/reset-password`,
-      name: routeNames.resetPassword || createRouteName("ResetPassword"),
-      component: () => Promise.resolve().then(() => require("./ResetPasswordPage-COPrJmW8.cjs")),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/callback`,
-      name: routeNames.callback || createRouteName("AuthCallback"),
-      component: () => Promise.resolve().then(() => require("./Callback-BHqVaZZm.cjs")),
-      meta: { requiresAuth: false }
-    }
-  ];
-  if (layout) {
-    return [{
-      path: basePath,
-      component: layout,
-      children: routes.map((route) => ({
-        ...route,
-        path: route.path.replace(basePath, "")
-      }))
-    }];
+function getRedirectUrl(router, config) {
+  const redirect2 = router.currentRoute.value.query[config.queryKey];
+  return redirect2 || config.fallback;
+}
+function isValidRedirect(redirectUrl, allowedPaths) {
+  if (!redirectUrl) {
+    return false;
   }
-  return routes;
+  if (redirectUrl.startsWith("http://") || redirectUrl.startsWith("https://")) {
+    return false;
+  }
+  if (redirectUrl.startsWith("//")) {
+    return false;
+  }
+  if (redirectUrl.startsWith("javascript:") || redirectUrl.startsWith("data:")) {
+    return false;
+  }
+  if (!redirectUrl.startsWith("/")) {
+    return false;
+  }
+  if (allowedPaths && allowedPaths.length > 0) {
+    return allowedPaths.some((pattern) => pattern.test(redirectUrl));
+  }
+  return true;
 }
-function createAuthGuard(config = {}) {
-  const { redirectTo = "/" } = config;
-  return async (to, _from, next) => {
-    const { useAuth: useAuth2 } = await Promise.resolve().then(() => useAuth$1);
-    const { user } = useAuth2();
-    if (to.meta.requiresAuth === false && user.value) {
-      next(redirectTo);
-    } else {
-      next();
-    }
-  };
+async function performRedirect(router, config) {
+  const redirect2 = getRedirectUrl(router, config);
+  if (redirect2 !== config.fallback && !isValidRedirect(redirect2, config.allowedPaths)) {
+    console.warn("[Auth] Invalid redirect URL detected, using fallback:", redirect2);
+    await router.push(config.fallback);
+    return;
+  }
+  await router.push(redirect2);
 }
+function buildLoginQuery(currentPath, config) {
+  if (!config.preserveRedirect) {
+    return {};
+  }
+  if (isValidRedirect(currentPath, config.allowedPaths)) {
+    return { [config.queryKey]: currentPath };
+  }
+  return {};
+}
+const redirect = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  buildLoginQuery,
+  getRedirectUrl,
+  isValidRedirect,
+  performRedirect
+}, Symbol.toStringTag, { value: "Module" }));
 let authApiRef = null;
 function setAuthContext(authApi2) {
   authApiRef = authApi2;
@@ -1902,9 +1888,36 @@ function accountToUser(account) {
     lastLogin: account.last_login
   };
 }
+const DEFAULT_REDIRECT_CONFIG = {
+  queryKey: "redirect",
+  fallback: "/",
+  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "Callback"],
+  authenticatedRedirect: "/",
+  loginRoute: "Login",
+  authMetaKey: "auth",
+  autoRedirect: true,
+  preserveRedirect: true
+};
+function normalizeRedirectConfig(config) {
+  return {
+    ...DEFAULT_REDIRECT_CONFIG,
+    ...config
+  };
+}
 let authApi = null;
 let eventEmitter = null;
+let redirectConfig = null;
+let autoRedirectRouter = null;
 const accountInfo = vue.ref(null);
+function setAuthRouter(router) {
+  autoRedirectRouter = router;
+}
+function getRedirectConfig() {
+  if (!redirectConfig) {
+    throw new Error("Redirect config not initialized. Did you call createAuth with redirect config?");
+  }
+  return redirectConfig;
+}
 function createAuth(params) {
   if (authApi === null) {
     authApi = new AuthApi(params.baseURL);
@@ -1912,7 +1925,13 @@ function createAuth(params) {
   if (eventEmitter === null) {
     eventEmitter = new EventEmitter();
   }
-  return {
+  if (params.redirect) {
+    redirectConfig = normalizeRedirectConfig(params.redirect);
+  }
+  if (redirectConfig == null ? void 0 : redirectConfig.autoRedirect) {
+    setupAutoRedirect();
+  }
+  const authInstance = {
     // Event listener methods
     on(event, handler) {
       if (eventEmitter) {
@@ -1933,6 +1952,22 @@ function createAuth(params) {
       app.config.globalProperties.$auth = useAuth();
     }
   };
+  return authInstance;
+}
+function setupAutoRedirect() {
+  if (!eventEmitter || !redirectConfig) return;
+  eventEmitter.on(AuthState.LOGIN, async () => {
+    if (!autoRedirectRouter) {
+      console.warn("[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.");
+      return;
+    }
+    const { performRedirect: performRedirect2 } = await Promise.resolve().then(() => redirect);
+    try {
+      await performRedirect2(autoRedirectRouter, redirectConfig);
+    } catch (error) {
+      console.error("[Auth] Auto-redirect error:", error);
+    }
+  });
 }
 function useAuth() {
   if (authApi === null) {
@@ -2182,12 +2217,114 @@ function useAuth() {
 const useAuth$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
   createAuth,
+  getRedirectConfig,
+  setAuthRouter,
   useAuth
 }, Symbol.toStringTag, { value: "Module" }));
+let authInitialized = false;
+function resetAuthState() {
+  authInitialized = false;
+}
+function authGuard() {
+  return async function guard(to, _from, next) {
+    const auth = useAuth();
+    const config = getRedirectConfig();
+    const requiresAuth = to.meta[config.authMetaKey];
+    const requiresNoAuth = config.noAuthRoutes.includes(to.name);
+    try {
+      if (!authInitialized) {
+        await auth.checkAuth();
+        authInitialized = true;
+      }
+      const isAuthenticated = !!auth.user.value;
+      if (isAuthenticated && requiresNoAuth) {
+        next(config.authenticatedRedirect);
+        return;
+      }
+      if (!isAuthenticated && requiresAuth) {
+        const query = buildLoginQuery(to.fullPath, config);
+        next({
+          name: config.loginRoute,
+          query
+        });
+        return;
+      }
+      next();
+    } catch (error) {
+      console.error("[Auth Guard] Error:", error);
+      next();
+    }
+  };
+}
+function createAuthRoutes(config = {}) {
+  const {
+    basePath = "",
+    namePrefix = "",
+    routeNames = {},
+    layout
+  } = config;
+  const createRouteName = (name) => namePrefix ? `${namePrefix}${name}` : name;
+  const routes = [
+    {
+      path: `${basePath}/login`,
+      name: routeNames.login || createRouteName("Login"),
+      component: () => Promise.resolve().then(() => require("./LoginPage-hv1wc54S.cjs")),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/signup`,
+      name: routeNames.signup || createRouteName("Signup"),
+      component: () => Promise.resolve().then(() => require("./SignupPage-m36w9PLJ.cjs")),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/forgot-password`,
+      name: routeNames.forgotPassword || createRouteName("ForgotPassword"),
+      component: () => Promise.resolve().then(() => require("./ForgotPasswordPage-BV9tyhHl.cjs")),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/reset-password`,
+      name: routeNames.resetPassword || createRouteName("ResetPassword"),
+      component: () => Promise.resolve().then(() => require("./ResetPasswordPage-COPrJmW8.cjs")),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/callback`,
+      name: routeNames.callback || createRouteName("AuthCallback"),
+      component: () => Promise.resolve().then(() => require("./Callback-BHqVaZZm.cjs")),
+      meta: { requiresAuth: false }
+    }
+  ];
+  if (layout) {
+    return [{
+      path: basePath,
+      component: layout,
+      children: routes.map((route) => ({
+        ...route,
+        path: route.path.replace(basePath, "")
+      }))
+    }];
+  }
+  return routes;
+}
+function createAuthGuard(config = {}) {
+  const { redirectTo = "/" } = config;
+  return async (to, _from, next) => {
+    const { useAuth: useAuth2 } = await Promise.resolve().then(() => useAuth$1);
+    const { user } = useAuth2();
+    if (to.meta.requiresAuth === false && user.value) {
+      next(redirectTo);
+    } else {
+      next();
+    }
+  };
+}
 exports.AuthApi = AuthApi;
 exports.AuthState = AuthState;
 exports.Callback = _sfc_main$4;
 exports.DEFAULT_AGENT_ID = DEFAULT_AGENT_ID;
+exports.DEFAULT_REDIRECT_CONFIG = DEFAULT_REDIRECT_CONFIG;
 exports.ForgotPasswordForm = _sfc_main$8;
 exports.ForgotPasswordPage = _sfc_main$3;
 exports.INTAKE_WORKFLOW_ID = INTAKE_WORKFLOW_ID;
@@ -2203,14 +2340,23 @@ exports.SignupForm = _sfc_main$5;
 exports.SignupPage = _sfc_main;
 exports.StateMismatchError = StateMismatchError;
 exports.accountToUser = accountToUser;
+exports.authGuard = authGuard;
+exports.buildLoginQuery = buildLoginQuery;
 exports.createAuth = createAuth;
 exports.createAuthGuard = createAuthGuard;
 exports.createAuthRoutes = createAuthRoutes;
 exports.getAllSSOProviders = getAllSSOProviders;
+exports.getRedirectConfig = getRedirectConfig;
+exports.getRedirectUrl = getRedirectUrl;
 exports.getSSOProvider = getSSOProvider;
 exports.isSupportedProvider = isSupportedProvider;
+exports.isValidRedirect = isValidRedirect;
+exports.normalizeRedirectConfig = normalizeRedirectConfig;
+exports.performRedirect = performRedirect;
 exports.providers = providers;
+exports.resetAuthState = resetAuthState;
 exports.setAuthContext = setAuthContext;
+exports.setAuthRouter = setAuthRouter;
 exports.sso = sso;
 exports.ssoProvidersList = ssoProvidersList;
 exports.useAuth = useAuth;

package/dist/index.d.ts

@@ -9,8 +9,11 @@ export { default as ForgotPasswordPage } from './pages/ForgotPasswordPage.vue';
 export { default as LoginPage } from './pages/LoginPage.vue';
 export { default as ResetPasswordPage } from './pages/ResetPasswordPage.vue';
 export { default as SignupPage } from './pages/SignupPage.vue';
+export * from './redirect';
+export * from './router';
 export * from './routes';
 export * from './sso';
 export * from './types';
 export type { ForgotPasswordTexts, LoginTexts, ResetPasswordTexts, SignupTexts, } from './types/';
+export * from './types/redirect';
 export * from './useAuth';

package/dist/index.mjs

@@ -1389,70 +1389,56 @@ const _sfc_main = /* @__PURE__ */ defineComponent({
     };
   }
 });
-function createAuthRoutes(config = {}) {
-  const {
-    basePath = "",
-    namePrefix = "",
-    routeNames = {},
-    layout
-  } = config;
-  const createRouteName = (name) => namePrefix ? `${namePrefix}${name}` : name;
-  const routes = [
-    {
-      path: `${basePath}/login`,
-      name: routeNames.login || createRouteName("Login"),
-      component: () => import("./LoginPage-klj1NV4J.js"),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/signup`,
-      name: routeNames.signup || createRouteName("Signup"),
-      component: () => import("./SignupPage-oUFYApYW.js"),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/forgot-password`,
-      name: routeNames.forgotPassword || createRouteName("ForgotPassword"),
-      component: () => import("./ForgotPasswordPage-DvttMGb0.js"),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/reset-password`,
-      name: routeNames.resetPassword || createRouteName("ResetPassword"),
-      component: () => import("./ResetPasswordPage-nvQ4uupb.js"),
-      meta: { requiresAuth: false }
-    },
-    {
-      path: `${basePath}/callback`,
-      name: routeNames.callback || createRouteName("AuthCallback"),
-      component: () => import("./Callback-C-XghN_z.js"),
-      meta: { requiresAuth: false }
-    }
-  ];
-  if (layout) {
-    return [{
-      path: basePath,
-      component: layout,
-      children: routes.map((route) => ({
-        ...route,
-        path: route.path.replace(basePath, "")
-      }))
-    }];
+function getRedirectUrl(router, config) {
+  const redirect2 = router.currentRoute.value.query[config.queryKey];
+  return redirect2 || config.fallback;
+}
+function isValidRedirect(redirectUrl, allowedPaths) {
+  if (!redirectUrl) {
+    return false;
   }
-  return routes;
+  if (redirectUrl.startsWith("http://") || redirectUrl.startsWith("https://")) {
+    return false;
+  }
+  if (redirectUrl.startsWith("//")) {
+    return false;
+  }
+  if (redirectUrl.startsWith("javascript:") || redirectUrl.startsWith("data:")) {
+    return false;
+  }
+  if (!redirectUrl.startsWith("/")) {
+    return false;
+  }
+  if (allowedPaths && allowedPaths.length > 0) {
+    return allowedPaths.some((pattern) => pattern.test(redirectUrl));
+  }
+  return true;
 }
-function createAuthGuard(config = {}) {
-  const { redirectTo = "/" } = config;
-  return async (to, _from, next) => {
-    const { useAuth: useAuth2 } = await Promise.resolve().then(() => useAuth$1);
-    const { user } = useAuth2();
-    if (to.meta.requiresAuth === false && user.value) {
-      next(redirectTo);
-    } else {
-      next();
-    }
-  };
+async function performRedirect(router, config) {
+  const redirect2 = getRedirectUrl(router, config);
+  if (redirect2 !== config.fallback && !isValidRedirect(redirect2, config.allowedPaths)) {
+    console.warn("[Auth] Invalid redirect URL detected, using fallback:", redirect2);
+    await router.push(config.fallback);
+    return;
+  }
+  await router.push(redirect2);
 }
+function buildLoginQuery(currentPath, config) {
+  if (!config.preserveRedirect) {
+    return {};
+  }
+  if (isValidRedirect(currentPath, config.allowedPaths)) {
+    return { [config.queryKey]: currentPath };
+  }
+  return {};
+}
+const redirect = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+  __proto__: null,
+  buildLoginQuery,
+  getRedirectUrl,
+  isValidRedirect,
+  performRedirect
+}, Symbol.toStringTag, { value: "Module" }));
 let authApiRef = null;
 function setAuthContext(authApi2) {
   authApiRef = authApi2;
@@ -1900,9 +1886,36 @@ function accountToUser(account) {
     lastLogin: account.last_login
   };
 }
+const DEFAULT_REDIRECT_CONFIG = {
+  queryKey: "redirect",
+  fallback: "/",
+  noAuthRoutes: ["Login", "Signup", "ForgotPassword", "ResetPassword", "Callback"],
+  authenticatedRedirect: "/",
+  loginRoute: "Login",
+  authMetaKey: "auth",
+  autoRedirect: true,
+  preserveRedirect: true
+};
+function normalizeRedirectConfig(config) {
+  return {
+    ...DEFAULT_REDIRECT_CONFIG,
+    ...config
+  };
+}
 let authApi = null;
 let eventEmitter = null;
+let redirectConfig = null;
+let autoRedirectRouter = null;
 const accountInfo = ref(null);
+function setAuthRouter(router) {
+  autoRedirectRouter = router;
+}
+function getRedirectConfig() {
+  if (!redirectConfig) {
+    throw new Error("Redirect config not initialized. Did you call createAuth with redirect config?");
+  }
+  return redirectConfig;
+}
 function createAuth(params) {
   if (authApi === null) {
     authApi = new AuthApi(params.baseURL);
@@ -1910,7 +1923,13 @@ function createAuth(params) {
   if (eventEmitter === null) {
     eventEmitter = new EventEmitter();
   }
-  return {
+  if (params.redirect) {
+    redirectConfig = normalizeRedirectConfig(params.redirect);
+  }
+  if (redirectConfig == null ? void 0 : redirectConfig.autoRedirect) {
+    setupAutoRedirect();
+  }
+  const authInstance = {
     // Event listener methods
     on(event, handler) {
       if (eventEmitter) {
@@ -1931,6 +1950,22 @@ function createAuth(params) {
       app.config.globalProperties.$auth = useAuth();
     }
   };
+  return authInstance;
+}
+function setupAutoRedirect() {
+  if (!eventEmitter || !redirectConfig) return;
+  eventEmitter.on(AuthState.LOGIN, async () => {
+    if (!autoRedirectRouter) {
+      console.warn("[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.");
+      return;
+    }
+    const { performRedirect: performRedirect2 } = await Promise.resolve().then(() => redirect);
+    try {
+      await performRedirect2(autoRedirectRouter, redirectConfig);
+    } catch (error) {
+      console.error("[Auth] Auto-redirect error:", error);
+    }
+  });
 }
 function useAuth() {
   if (authApi === null) {
@@ -2180,13 +2215,115 @@ function useAuth() {
 const useAuth$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
   createAuth,
+  getRedirectConfig,
+  setAuthRouter,
   useAuth
 }, Symbol.toStringTag, { value: "Module" }));
+let authInitialized = false;
+function resetAuthState() {
+  authInitialized = false;
+}
+function authGuard() {
+  return async function guard(to, _from, next) {
+    const auth = useAuth();
+    const config = getRedirectConfig();
+    const requiresAuth = to.meta[config.authMetaKey];
+    const requiresNoAuth = config.noAuthRoutes.includes(to.name);
+    try {
+      if (!authInitialized) {
+        await auth.checkAuth();
+        authInitialized = true;
+      }
+      const isAuthenticated = !!auth.user.value;
+      if (isAuthenticated && requiresNoAuth) {
+        next(config.authenticatedRedirect);
+        return;
+      }
+      if (!isAuthenticated && requiresAuth) {
+        const query = buildLoginQuery(to.fullPath, config);
+        next({
+          name: config.loginRoute,
+          query
+        });
+        return;
+      }
+      next();
+    } catch (error) {
+      console.error("[Auth Guard] Error:", error);
+      next();
+    }
+  };
+}
+function createAuthRoutes(config = {}) {
+  const {
+    basePath = "",
+    namePrefix = "",
+    routeNames = {},
+    layout
+  } = config;
+  const createRouteName = (name) => namePrefix ? `${namePrefix}${name}` : name;
+  const routes = [
+    {
+      path: `${basePath}/login`,
+      name: routeNames.login || createRouteName("Login"),
+      component: () => import("./LoginPage-klj1NV4J.js"),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/signup`,
+      name: routeNames.signup || createRouteName("Signup"),
+      component: () => import("./SignupPage-oUFYApYW.js"),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/forgot-password`,
+      name: routeNames.forgotPassword || createRouteName("ForgotPassword"),
+      component: () => import("./ForgotPasswordPage-DvttMGb0.js"),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/reset-password`,
+      name: routeNames.resetPassword || createRouteName("ResetPassword"),
+      component: () => import("./ResetPasswordPage-nvQ4uupb.js"),
+      meta: { requiresAuth: false }
+    },
+    {
+      path: `${basePath}/callback`,
+      name: routeNames.callback || createRouteName("AuthCallback"),
+      component: () => import("./Callback-C-XghN_z.js"),
+      meta: { requiresAuth: false }
+    }
+  ];
+  if (layout) {
+    return [{
+      path: basePath,
+      component: layout,
+      children: routes.map((route) => ({
+        ...route,
+        path: route.path.replace(basePath, "")
+      }))
+    }];
+  }
+  return routes;
+}
+function createAuthGuard(config = {}) {
+  const { redirectTo = "/" } = config;
+  return async (to, _from, next) => {
+    const { useAuth: useAuth2 } = await Promise.resolve().then(() => useAuth$1);
+    const { user } = useAuth2();
+    if (to.meta.requiresAuth === false && user.value) {
+      next(redirectTo);
+    } else {
+      next();
+    }
+  };
+}
 export {
   AuthApi,
   AuthState,
   _sfc_main$4 as Callback,
   DEFAULT_AGENT_ID,
+  DEFAULT_REDIRECT_CONFIG,
   _sfc_main$8 as ForgotPasswordForm,
   _sfc_main$3 as ForgotPasswordPage,
   INTAKE_WORKFLOW_ID,
@@ -2202,14 +2339,23 @@ export {
   _sfc_main as SignupPage,
   StateMismatchError,
   accountToUser,
+  authGuard,
+  buildLoginQuery,
   createAuth,
   createAuthGuard,
   createAuthRoutes,
   getAllSSOProviders,
+  getRedirectConfig,
+  getRedirectUrl,
   getSSOProvider,
   isSupportedProvider,
+  isValidRedirect,
+  normalizeRedirectConfig,
+  performRedirect,
   providers,
+  resetAuthState,
   setAuthContext,
+  setAuthRouter,
   sso,
   ssoProvidersList,
   useAuth

package/dist/redirect.d.ts

@@ -0,0 +1,21 @@
+import { Router } from 'vue-router';
+import { NormalizedRedirectConfig } from './types/redirect';
+/**
+ * Redirect utilities for handling post-authentication navigation
+ */
+/**
+ * Get redirect URL from current route query params
+ */
+export declare function getRedirectUrl(router: Router, config: NormalizedRedirectConfig): string;
+/**
+ * Validate redirect URL is safe (prevents open redirect attacks)
+ */
+export declare function isValidRedirect(redirectUrl: string, allowedPaths?: RegExp[]): boolean;
+/**
+ * Perform redirect after login with security validation
+ */
+export declare function performRedirect(router: Router, config: NormalizedRedirectConfig): Promise<void>;
+/**
+ * Build query params for redirect to login
+ */
+export declare function buildLoginQuery(currentPath: string, config: NormalizedRedirectConfig): Record<string, string>;