npm - @brightweblabs/core-auth - Versions diffs - 0.1.0 - Mend

@brightweblabs/core-auth 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "name": "@brightweblabs/core-auth",
+  "private": false,
+  "version": "0.1.0",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
+  "files": [
+    "src"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/BWLeoRibeiro/brightweb-platform.git"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "exports": {
+    ".": "./src/index.ts",
+    "./client": "./src/client.ts",
+    "./server": "./src/server.ts"
+  },
+  "dependencies": {
+    "@brightweblabs/infra": "workspace:*",
+    "@supabase/supabase-js": "^2.89.0"
+  },
+  "peerDependencies": {
+    "react": "^19.0.0"
+  }
+}

package/src/client.ts ADDED Viewed

@@ -0,0 +1,109 @@
+"use client";
+import { useCallback, useEffect, useRef, useState } from "react";
+export const AUTH_RESEND_COOLDOWN_SECONDS = 60;
+export interface PasswordValidationResult {
+  isValid: boolean;
+  errors: string[];
+}
+interface CooldownTimerResult {
+  remaining: number;
+  isCoolingDown: boolean;
+  start: () => void;
+  reset: () => void;
+}
+export function getAuthBaseUrl(): string {
+  const configuredUrl = process.env.NEXT_PUBLIC_APP_URL?.trim();
+  if (!configuredUrl) {
+    throw new Error("Falta NEXT_PUBLIC_APP_URL para redirecionamentos de email de autenticação.");
+  }
+  try {
+    return new URL(configuredUrl).toString().replace(/\/$/, "");
+  } catch {
+    throw new Error("NEXT_PUBLIC_APP_URL inválido. Esperado URL absoluto (ex.: https://exemplo.com).");
+  }
+}
+export function buildSignupCallbackUrl(): string {
+  return new URL("auth/callback", `${getAuthBaseUrl()}/`).toString();
+}
+export function buildResetPasswordRedirectUrl(): string {
+  return `${getAuthBaseUrl()}/reset-password`;
+}
+export function validatePassword(password: string): PasswordValidationResult {
+  const errors: string[] = [];
+  if (password.length < 8) {
+    errors.push("A palavra-passe deve ter pelo menos 8 caracteres");
+  }
+  if (!/[A-Z]/.test(password)) {
+    errors.push("A palavra-passe deve conter pelo menos uma letra maiúscula");
+  }
+  if (!/[a-z]/.test(password)) {
+    errors.push("A palavra-passe deve conter pelo menos uma letra minúscula");
+  }
+  if (!/[0-9]/.test(password)) {
+    errors.push("A palavra-passe deve conter pelo menos um número");
+  }
+  return {
+    isValid: errors.length === 0,
+    errors,
+  };
+}
+export function validateEmail(email: string): boolean {
+  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+  return emailRegex.test(email.trim().toLowerCase());
+}
+export function useCooldownTimer(durationSeconds: number): CooldownTimerResult {
+  const [remaining, setRemaining] = useState(0);
+  const intervalRef = useRef<ReturnType<typeof setInterval> | null>(null);
+  const clearTimer = useCallback(() => {
+    if (intervalRef.current) {
+      clearInterval(intervalRef.current);
+      intervalRef.current = null;
+    }
+  }, []);
+  const reset = useCallback(() => {
+    clearTimer();
+    setRemaining(0);
+  }, [clearTimer]);
+  const start = useCallback(() => {
+    setRemaining(durationSeconds);
+    clearTimer();
+    intervalRef.current = setInterval(() => {
+      setRemaining((current) => {
+        if (current <= 1) {
+          clearTimer();
+          return 0;
+        }
+        return current - 1;
+      });
+    }, 1000);
+  }, [clearTimer, durationSeconds]);
+  useEffect(() => reset, [reset]);
+  return {
+    remaining,
+    isCoolingDown: remaining > 0,
+    start,
+    reset,
+  };
+}

package/src/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./client";

package/src/server.ts ADDED Viewed

@@ -0,0 +1,124 @@
+import type { User } from "@supabase/supabase-js";
+import { createServerSupabase } from "@brightweblabs/infra/server";
+export type GlobalRole = "client" | "staff" | "admin";
+type Profile = {
+  id: string;
+};
+type ServerAccess = {
+  user: User | null;
+  profile: Profile | null;
+  role: GlobalRole | null;
+  isStaff: boolean;
+  isAdmin: boolean;
+  canAccessInsightsCms: boolean;
+};
+type ServerRoleAccess =
+  | {
+    ok: true;
+    supabase: Awaited<ReturnType<typeof createServerSupabase>>;
+    user: User;
+    role: GlobalRole;
+  }
+  | {
+    ok: false;
+    status: number;
+    error: string;
+  };
+const INSIGHTS_CMS_ALLOWED_ROLES: GlobalRole[] = ["admin"];
+const DASHBOARD_LANDING_ROLES: GlobalRole[] = ["staff", "admin"];
+export function normalizeGlobalRole(value: string | null | undefined): GlobalRole | null {
+  const normalizedValue = (value ?? "").trim().toLowerCase();
+  if (normalizedValue === "client" || normalizedValue === "staff" || normalizedValue === "admin") {
+    return normalizedValue;
+  }
+  return null;
+}
+export function canAccessInsightsCms(role: string | null | undefined): boolean {
+  const normalizedRole = normalizeGlobalRole(role);
+  return normalizedRole !== null && INSIGHTS_CMS_ALLOWED_ROLES.some((allowedRole) => allowedRole === normalizedRole);
+}
+export function resolvePostLoginPath(role: string | null | undefined): "/dashboard" | "/account" {
+  const normalizedRole = normalizeGlobalRole(role);
+  const shouldLandOnDashboard = normalizedRole !== null
+    && DASHBOARD_LANDING_ROLES.some((allowedRole) => allowedRole === normalizedRole);
+  return shouldLandOnDashboard ? "/dashboard" : "/account";
+}
+export async function requireServerRoleAccess(allowedRoles: GlobalRole | GlobalRole[]): Promise<ServerRoleAccess> {
+  const supabase = await createServerSupabase();
+  const {
+    data: { user },
+    error: authError,
+  } = await supabase.auth.getUser();
+  if (authError || !user) {
+    return { ok: false, status: 401, error: "Não autorizado." };
+  }
+  const { data: roleRaw } = await supabase.rpc("current_global_role");
+  const role = normalizeGlobalRole(typeof roleRaw === "string" ? roleRaw : null);
+  if (!role) {
+    return { ok: false, status: 403, error: "Acesso proibido." };
+  }
+  const allowed = Array.isArray(allowedRoles) ? allowedRoles : [allowedRoles];
+  if (!allowed.includes(role)) {
+    return { ok: false, status: 403, error: "Acesso proibido." };
+  }
+  return { ok: true, supabase, user, role };
+}
+export async function getProfileIdForUser(
+  supabase: Awaited<ReturnType<typeof createServerSupabase>>,
+  userId: string,
+): Promise<{ profileId: string | null; error: string | null }> {
+  const { data: profile, error } = await supabase
+    .from("profiles")
+    .select("id")
+    .eq("user_id", userId)
+    .maybeSingle<{ id: string }>();
+  return {
+    profileId: profile?.id ?? null,
+    error: error?.message ?? null,
+  };
+}
+export async function getServerAccess(): Promise<ServerAccess> {
+  const supabase = await createServerSupabase();
+  const {
+    data: { user },
+    error: authError,
+  } = await supabase.auth.getUser();
+  if (authError || !user) {
+    return { user: null, profile: null, role: null, isStaff: false, isAdmin: false, canAccessInsightsCms: false };
+  }
+  const { profileId } = await getProfileIdForUser(supabase, user.id);
+  const { data: roleValue } = await supabase.rpc("current_global_role");
+  const role = normalizeGlobalRole(typeof roleValue === "string" ? roleValue : null);
+  const isStaff = resolvePostLoginPath(role) === "/dashboard";
+  const isAdmin = role === "admin";
+  return {
+    user,
+    profile: profileId ? { id: profileId } : null,
+    role,
+    isStaff,
+    isAdmin,
+    canAccessInsightsCms: canAccessInsightsCms(role),
+  };
+}