@bagelink/auth 1.7.72 → 1.7.74

package/dist/router.d.ts

@@ -0,0 +1,22 @@
+import { NavigationGuardNext, RouteLocationNormalized } from 'vue-router';
+/**
+ * Reset auth initialization state
+ * Useful for testing or app reload scenarios
+ */
+export declare function resetAuthState(): void;
+/**
+ * Auth guard for Vue Router
+ *
+ * Protects routes requiring authentication and handles redirect logic.
+ * Reads configuration from the auth instance created via createAuth().
+ *
+ * @example
+ * ```ts
+ * const auth = createAuth({
+ *   baseURL: 'https://api.example.com',
+ *   redirect: { ... }
+ * })
+ * router.beforeEach(authGuard())
+ * ```
+ */
+export declare function authGuard(): (to: RouteLocationNormalized, _from: RouteLocationNormalized, next: NavigationGuardNext) => Promise<void>;

package/dist/types/redirect.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Redirect configuration types for auth library
+ */
+export interface RedirectConfig {
+    /**
+     * Query parameter key used to store the redirect URL
+     * After login, read this param to redirect users back to their intended destination
+     * @default 'redirect'
+     */
+    queryKey?: string;
+    /**
+     * Default fallback URL when no redirect is specified
+     * @default '/'
+     */
+    fallback?: string;
+    /**
+     * Routes that require NO authentication (login, signup, forgot password, etc)
+     * Authenticated users will be automatically redirected away from these pages
+     * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback']
+     */
+    noAuthRoutes?: string[];
+    /**
+     * Route name to redirect to when authenticated users try to access auth-only pages
+     * @default '/'
+     */
+    authenticatedRedirect?: string;
+    /**
+     * Route name to redirect to when unauthenticated users try to access protected pages
+     * @default 'Login'
+     */
+    loginRoute?: string;
+    /**
+     * Meta key used to check if a route requires authentication
+     * @default 'auth'
+     * @example In your route: `meta: { auth: true }`
+     */
+    authMetaKey?: string;
+    /**
+     * Enable automatic redirect handling after login
+     * When true, the library automatically redirects users after successful login
+     * @default true
+     */
+    autoRedirect?: boolean;
+    /**
+     * Enable redirect preservation for protected routes
+     * When enabled, the original URL is preserved as a query param after redirecting to login
+     * @default true
+     */
+    preserveRedirect?: boolean;
+    /**
+     * Optional allowed redirect path patterns for security validation
+     * If specified, only URLs matching these patterns will be allowed
+     * @default undefined (allows all internal paths)
+     */
+    allowedPaths?: RegExp[];
+}
+/**
+ * Normalized redirect configuration with all defaults applied
+ */
+export interface NormalizedRedirectConfig extends Required<Omit<RedirectConfig, 'allowedPaths'>> {
+    allowedPaths?: RegExp[];
+}
+/**
+ * Default redirect configuration
+ */
+export declare const DEFAULT_REDIRECT_CONFIG: NormalizedRedirectConfig;
+/**
+ * Normalize redirect configuration by applying defaults
+ */
+export declare function normalizeRedirectConfig(config?: RedirectConfig): NormalizedRedirectConfig;

package/dist/useAuth.d.ts

@@ -1,8 +1,31 @@
 import { App } from 'vue';
 import { AccountInfo, User, NewUser, UpdatePasswordForm, UpdateAccountRequest, AuthEventMap, SSOProvider, SSOInitiateRequest, SSOCallbackRequest, SSOLinkRequest, AuthState } from './types';
+import { RedirectConfig, NormalizedRedirectConfig } from './types/redirect';
 interface InitParams {
     baseURL: string;
+    /**
+     * Redirect configuration for authentication flows
+     * @see RedirectConfig
+     */
+    redirect?: RedirectConfig;
 }
+/**
+ * Set the router instance for auto-redirect functionality
+ * Call this in your app setup after creating the router
+ *
+ * @example
+ * ```ts
+ * const auth = createAuth({ ... })
+ * const router = createRouter({ ... })
+ * setAuthRouter(router)
+ * ```
+ */
+export declare function setAuthRouter(router: any): void;
+/**
+ * Get the current redirect configuration
+ * Used internally by router guard
+ */
+export declare function getRedirectConfig(): NormalizedRedirectConfig;
 export declare function createAuth(params: InitParams): {
     on<K extends AuthState>(event: K, handler: AuthEventMap[K]): void;
     off<K extends AuthState>(event: K, handler: AuthEventMap[K]): void;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@bagelink/auth",
   "type": "module",
-  "version": "1.7.72",
+  "version": "1.7.74",
   "description": "Bagelink auth package",
   "author": {
     "name": "Bagel Studio",

package/src/index.ts

@@ -14,17 +14,25 @@ export { default as ForgotPasswordPage } from './pages/ForgotPasswordPage.vue'
 export { default as LoginPage } from './pages/LoginPage.vue'
 export { default as ResetPasswordPage } from './pages/ResetPasswordPage.vue'
 export { default as SignupPage } from './pages/SignupPage.vue'
+
+// Redirect utilities
+export * from './redirect'
+
+// Router integration
+export * from './router'
+
 // Routes
 export * from './routes'
 export * from './sso'
 
-// Types (re-export from types file and module)
+// Types (	e-export fro	 types file and modu	e)
 export * from './types'
-
 export type {
 	ForgotPasswordTexts,
 	LoginTexts,
 	ResetPasswordTexts,
 	SignupTexts,
 } from './types/'
+
+export * from './types/redirect'
 export * from './useAuth'

package/src/redirect.ts

@@ -0,0 +1,95 @@
+import type { Router } from 'vue-router'
+import type { NormalizedRedirectConfig } from './types/redirect'
+
+/**
+ * Redirect utilities for handling post-authentication navigation
+ */
+
+/**
+ * Get redirect URL from current route query params
+ */
+export function getRedirectUrl(
+	router: Router,
+	config: NormalizedRedirectConfig,
+): string {
+	const redirect = router.currentRoute.value.query[config.queryKey] as string
+	return redirect || config.fallback
+}
+
+/**
+ * Validate redirect URL is safe (prevents open redirect attacks)
+ */
+export function isValidRedirect(
+	redirectUrl: string,
+	allowedPaths?: RegExp[],
+): boolean {
+	// Null or empty check
+	if (!redirectUrl) {
+		return false
+	}
+
+	// Prevent redirects to external URLs (absolute URLs with protocol)
+	if (redirectUrl.startsWith('http://') || redirectUrl.startsWith('https://')) {
+		return false
+	}
+
+	// Prevent protocol-relative URLs
+	if (redirectUrl.startsWith('//')) {
+		return false
+	}
+
+	// Prevent javascript: and data: URLs
+	if (redirectUrl.startsWith('javascript:') || redirectUrl.startsWith('data:')) {
+		return false
+	}
+
+	// Ensure it starts with /
+	if (!redirectUrl.startsWith('/')) {
+		return false
+	}
+
+	// If allowed paths are specified, check against them
+	if (allowedPaths && allowedPaths.length > 0) {
+		return allowedPaths.some(pattern => pattern.test(redirectUrl))
+	}
+
+	return true
+}
+
+/**
+ * Perform redirect after login with security validation
+ */
+export async function performRedirect(
+	router: Router,
+	config: NormalizedRedirectConfig,
+): Promise<void> {
+	const redirect = getRedirectUrl(router, config)
+
+	// Always validate redirect URL for security
+	if (redirect !== config.fallback && !isValidRedirect(redirect, config.allowedPaths)) {
+		console.warn('[Auth] Invalid redirect URL detected, using fallback:', redirect)
+		await router.push(config.fallback)
+		return
+	}
+
+	await router.push(redirect)
+}
+
+/**
+ * Build query params for redirect to login
+ */
+export function buildLoginQuery(
+	currentPath: string,
+	config: NormalizedRedirectConfig,
+): Record<string, string> {
+	if (!config.preserveRedirect) {
+		return {}
+	}
+
+	// Validate the current path before storing it
+	if (isValidRedirect(currentPath, config.allowedPaths)) {
+		return { [config.queryKey]: currentPath }
+	}
+
+	return {}
+}

package/src/router.ts

@@ -0,0 +1,86 @@
+import type { NavigationGuardNext, RouteLocationNormalized } from 'vue-router'
+import { buildLoginQuery } from './redirect'
+import { useAuth, getRedirectConfig } from './useAuth'
+
+/**
+ * Auth router integration for Vue Router
+ */
+
+// Track if auth has been initialized (for performance)
+let authInitialized = false
+
+/**
+ * Reset auth initialization state
+ * Useful for testing or app reload scenarios
+ */
+export function resetAuthState() {
+	authInitialized = false
+}
+
+/**
+ * Auth guard for Vue Router
+ *
+ * Protects routes requiring authentication and handles redirect logic.
+ * Reads configuration from the auth instance created via createAuth().
+ *
+ * @example
+ * ```ts
+ * const auth = createAuth({
+ *   baseURL: 'https://api.example.com',
+ *   redirect: { ... }
+ * })
+ * router.beforeEach(authGuard())
+ * ```
+ */
+export function authGuard() {
+	return async function guard(
+
+		to: RouteLocationNormalized,
+		_from: RouteLocationNormalized,
+		next: NavigationGuardNext,
+	): Promise<void> {
+		const auth = useAuth()
+		const config = getRedirectConfig()
+
+		// Check if route requires authentication
+		const requiresAuth = to.meta[config.authMetaKey]
+
+		// Check if route is an auth-only page (login, signup, etc)
+		const requiresNoAuth = config.noAuthRoutes.includes(to.name as string)
+
+		try {
+			// Only check auth once on first navigation for performance
+			if (!authInitialized) {
+				await auth.checkAuth()
+				authInitialized = true
+			}
+
+			// Use cached auth state from reactive user ref
+			const isAuthenticated = !!auth.user.value
+
+			// Redirect authenticated users away from auth pages
+			if (isAuthenticated && requiresNoAuth) {
+				next(config.authenticatedRedirect)
+				return
+			}
+
+			// Redirect unauthenticated users to login for protected pages
+			if (!isAuthenticated && requiresAuth) {
+				const query = buildLoginQuery(to.fullPath, config)
+
+				next({
+					name: config.loginRoute,
+					query,
+				})
+				return
+			}
+
+			// Allow navigation
+			next()
+		} catch (error) {
+			console.error('[Auth Guard] Error:', error)
+			// On error, allow navigation but log the issue
+			next()
+		}
+	}
+}

package/src/types/redirect.ts

@@ -0,0 +1,96 @@
+/**
+ * Redirect configuration types for auth library
+ */
+
+export interface RedirectConfig {
+	/**
+	 * Query parameter key used to store the redirect URL
+	 * After login, read this param to redirect users back to their intended destination
+	 * @default 'redirect'
+	 */
+	queryKey?: string
+
+	/**
+	 * Default fallback URL when no redirect is specified
+	 * @default '/'
+	 */
+	fallback?: string
+
+	/**
+	 * Routes that require NO authentication (login, signup, forgot password, etc)
+	 * Authenticated users will be automatically redirected away from these pages
+	 * @default ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback']
+	 */
+	noAuthRoutes?: string[]
+
+	/**
+	 * Route name to redirect to when authenticated users try to access auth-only pages
+	 * @default '/'
+	 */
+	authenticatedRedirect?: string
+
+	/**
+	 * Route name to redirect to when unauthenticated users try to access protected pages
+	 * @default 'Login'
+	 */
+	loginRoute?: string
+
+	/**
+	 * Meta key used to check if a route requires authentication
+	 * @default 'auth'
+	 * @example In your route: `meta: { auth: true }`
+	 */
+	authMetaKey?: string
+
+	/**
+	 * Enable automatic redirect handling after login
+	 * When true, the library automatically redirects users after successful login
+	 * @default true
+	 */
+	autoRedirect?: boolean
+
+	/**
+	 * Enable redirect preservation for protected routes
+	 * When enabled, the original URL is preserved as a query param after redirecting to login
+	 * @default true
+	 */
+	preserveRedirect?: boolean
+
+	/**
+	 * Optional allowed redirect path patterns for security validation
+	 * If specified, only URLs matching these patterns will be allowed
+	 * @default undefined (allows all internal paths)
+	 */
+	allowedPaths?: RegExp[]
+}
+
+/**
+ * Normalized redirect configuration with all defaults applied
+ */
+export interface NormalizedRedirectConfig extends Required<Omit<RedirectConfig, 'allowedPaths'>> {
+	allowedPaths?: RegExp[]
+}
+
+/**
+ * Default redirect configuration
+ */
+export const DEFAULT_REDIRECT_CONFIG: NormalizedRedirectConfig = {
+	queryKey: 'redirect',
+	fallback: '/',
+	noAuthRoutes: ['Login', 'Signup', 'ForgotPassword', 'ResetPassword', 'Callback'],
+	authenticatedRedirect: '/',
+	loginRoute: 'Login',
+	authMetaKey: 'auth',
+	autoRedirect: true,
+	preserveRedirect: true,
+}
+
+/**
+ * Normalize redirect configuration by applying defaults
+ */
+export function normalizeRedirectConfig(config?: RedirectConfig): NormalizedRedirectConfig {
+	return {
+		...DEFAULT_REDIRECT_CONFIG,
+		...config,
+	}
+}

package/src/useAuth.ts

@@ -11,19 +11,54 @@ import type {
 	SSOCallbackRequest,
 	SSOLinkRequest,
 } from './types'
+import type { RedirectConfig, NormalizedRedirectConfig } from './types/redirect'
 import { ref, computed } from 'vue'
 import { AuthApi } from './api'
 import { setAuthContext, sso } from './sso'
 import { AuthState, accountToUser } from './types'
+import { normalizeRedirectConfig } from './types/redirect'
 import { EventEmitter } from './utils'
 
 // Global state
 let authApi: AuthApi | null = null
 let eventEmitter: EventEmitter | null = null
+let redirectConfig: NormalizedRedirectConfig | null = null
+let autoRedirectRouter: any = null // Router instance for auto-redirect
 const accountInfo = ref<AccountInfo | null>(null)
 
 interface InitParams {
 	baseURL: string
+	/**
+	 * Redirect configuration for authentication flows
+	 * @see RedirectConfig
+	 */
+	redirect?: RedirectConfig
+}
+
+/**
+ * Set the router instance for auto-redirect functionality
+ * Call this in your app setup after creating the router
+ *
+ * @example
+ * ```ts
+ * const auth = createAuth({ ... })
+ * const router = createRouter({ ... })
+ * setAuthRouter(router)
+ * ```
+ */
+export function setAuthRouter(router: any) {
+	autoRedirectRouter = router
+}
+
+/**
+ * Get the current redirect configuration
+ * Used internally by router guard
+ */
+export function getRedirectConfig(): NormalizedRedirectConfig {
+	if (!redirectConfig) {
+		throw new Error('Redirect config not initialized. Did you call createAuth with redirect config?')
+	}
+	return redirectConfig
 }
 
 // Initialize auth
@@ -36,7 +71,17 @@ export function createAuth(params: InitParams) {
 		eventEmitter = new EventEmitter()
 	}
 
-	return {
+	// Store redirect configuration
+	if (params.redirect) {
+		redirectConfig = normalizeRedirectConfig(params.redirect)
+	}
+
+	// Setup auto-redirect on login if enabled
+	if (redirectConfig?.autoRedirect) {
+		setupAutoRedirect()
+	}
+
+	const authInstance = {
 		// Event listener methods
 		on<K extends AuthState>(event: K, handler: AuthEventMap[K]): void {
 			if (eventEmitter) {
@@ -61,6 +106,32 @@ export function createAuth(params: InitParams) {
 			app.config.globalProperties.$auth = useAuth()
 		},
 	}
+
+	return authInstance
+}
+
+/**
+ * Setup automatic redirect after successful login
+ */
+function setupAutoRedirect() {
+	if (!eventEmitter || !redirectConfig) return
+
+	eventEmitter.on(AuthState.LOGIN, async () => {
+		// Only auto-redirect if router is available
+		if (!autoRedirectRouter) {
+			console.warn('[Auth] Auto-redirect enabled but router not set. Call setAuthRouter(router) in your app setup.')
+			return
+		}
+
+		// Dynamic import to avoid circular dependency
+		const { performRedirect } = await import('./redirect')
+
+		try {
+			await performRedirect(autoRedirectRouter, redirectConfig!)
+		} catch (error) {
+			console.error('[Auth] Auto-redirect error:', error)
+		}
+	})
 }
 
 // Composable