npm - @buildrbets/react - Versions diffs - 0.1.0 - Mend

@buildrbets/react 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,182 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  BuildrCallback: () => BuildrCallback,
+  LoginWithBuildr: () => LoginWithBuildr
+});
+module.exports = __toCommonJS(index_exports);
+// src/LoginWithBuildr.tsx
+var import_react = require("react");
+// src/pkce.ts
+var STORAGE_PREFIX = "buildr_oauth_";
+function generateCodeVerifier() {
+  const array = new Uint8Array(32);
+  crypto.getRandomValues(array);
+  return base64UrlEncode(array);
+}
+async function generateCodeChallenge(verifier) {
+  const data = new TextEncoder().encode(verifier);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  return base64UrlEncode(new Uint8Array(hash));
+}
+function base64UrlEncode(bytes) {
+  return btoa(String.fromCharCode(...bytes)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function generateState() {
+  const array = new Uint8Array(16);
+  crypto.getRandomValues(array);
+  return base64UrlEncode(array);
+}
+function storeOAuthParams(state, codeVerifier) {
+  sessionStorage.setItem(`${STORAGE_PREFIX}state`, state);
+  sessionStorage.setItem(`${STORAGE_PREFIX}code_verifier`, codeVerifier);
+}
+function getStoredOAuthParams() {
+  return {
+    state: sessionStorage.getItem(`${STORAGE_PREFIX}state`),
+    codeVerifier: sessionStorage.getItem(`${STORAGE_PREFIX}code_verifier`)
+  };
+}
+function clearStoredOAuthParams() {
+  sessionStorage.removeItem(`${STORAGE_PREFIX}state`);
+  sessionStorage.removeItem(`${STORAGE_PREFIX}code_verifier`);
+}
+// src/LoginWithBuildr.tsx
+var import_jsx_runtime = require("react/jsx-runtime");
+var DEFAULT_BASE_URL = "https://buildr.bet";
+var DEFAULT_SCOPES = "openid email profile";
+function LoginWithBuildr({
+  clientId,
+  redirectUri,
+  onError,
+  baseUrl = DEFAULT_BASE_URL,
+  children,
+  ...buttonProps
+}) {
+  const handleClick = (0, import_react.useCallback)(async () => {
+    try {
+      const codeVerifier = generateCodeVerifier();
+      const codeChallenge = await generateCodeChallenge(codeVerifier);
+      const state = generateState();
+      storeOAuthParams(state, codeVerifier);
+      const params = new URLSearchParams({
+        client_id: clientId,
+        redirect_uri: redirectUri,
+        response_type: "code",
+        scope: DEFAULT_SCOPES,
+        code_challenge: codeChallenge,
+        code_challenge_method: "S256",
+        state
+      });
+      window.location.href = `${baseUrl}/api/oidc/auth?${params}`;
+    } catch (err) {
+      onError?.(err instanceof Error ? err : new Error(String(err)));
+    }
+  }, [clientId, redirectUri, baseUrl, onError]);
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)("button", { onClick: handleClick, type: "button", ...buttonProps, children: children ?? "Login with Buildr" });
+}
+// src/BuildrCallback.tsx
+var import_react2 = require("react");
+var import_jsx_runtime2 = require("react/jsx-runtime");
+var DEFAULT_BASE_URL2 = "https://buildr.bet";
+function BuildrCallback({
+  clientId,
+  redirectUri,
+  onSuccess,
+  onError,
+  baseUrl = DEFAULT_BASE_URL2,
+  children
+}) {
+  const processedRef = (0, import_react2.useRef)(false);
+  (0, import_react2.useEffect)(() => {
+    if (processedRef.current) return;
+    processedRef.current = true;
+    const params = new URLSearchParams(window.location.search);
+    const code = params.get("code");
+    const returnedState = params.get("state");
+    const error = params.get("error");
+    if (error) {
+      const description = params.get("error_description") ?? error;
+      onError?.(new Error(description));
+      return;
+    }
+    if (!code) {
+      onError?.(new Error("No authorization code in callback URL"));
+      return;
+    }
+    const stored = getStoredOAuthParams();
+    if (!stored.state || stored.state !== returnedState) {
+      onError?.(new Error("Invalid state parameter \u2014 possible CSRF attack"));
+      return;
+    }
+    if (!stored.codeVerifier) {
+      onError?.(new Error("No code verifier found \u2014 session may have expired"));
+      return;
+    }
+    const exchangeToken = async () => {
+      try {
+        const tokenRes = await fetch(`${baseUrl}/api/oidc/token`, {
+          method: "POST",
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          body: new URLSearchParams({
+            grant_type: "authorization_code",
+            code,
+            redirect_uri: redirectUri,
+            client_id: clientId,
+            code_verifier: stored.codeVerifier
+          })
+        });
+        if (!tokenRes.ok) {
+          const err = await tokenRes.json().catch(() => ({}));
+          throw new Error(
+            err.error_description ?? err.error ?? `Token exchange failed (${tokenRes.status})`
+          );
+        }
+        const tokens = await tokenRes.json();
+        const userinfoRes = await fetch(`${baseUrl}/api/oidc/me`, {
+          headers: { Authorization: `Bearer ${tokens.access_token}` }
+        });
+        if (!userinfoRes.ok) {
+          throw new Error(`Failed to fetch user info (${userinfoRes.status})`);
+        }
+        const user = await userinfoRes.json();
+        clearStoredOAuthParams();
+        onSuccess(user);
+      } catch (err) {
+        clearStoredOAuthParams();
+        onError?.(err instanceof Error ? err : new Error(String(err)));
+      }
+    };
+    exchangeToken();
+  }, [clientId, redirectUri, baseUrl, onSuccess, onError]);
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(import_jsx_runtime2.Fragment, { children: children ?? /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("p", { children: "Completing login..." }) });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BuildrCallback,
+  LoginWithBuildr
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/LoginWithBuildr.tsx","../src/pkce.ts","../src/BuildrCallback.tsx"],"sourcesContent":["export { LoginWithBuildr } from \"./LoginWithBuildr\";\nexport { BuildrCallback } from \"./BuildrCallback\";\nexport type {\n BuildrUser,\n LoginWithBuildrProps,\n BuildrCallbackProps,\n} from \"./types\";\n","import { useCallback } from \"react\";\nimport type { LoginWithBuildrProps } from \"./types\";\nimport {\n generateCodeVerifier,\n generateCodeChallenge,\n generateState,\n storeOAuthParams,\n} from \"./pkce\";\n\nconst DEFAULT_BASE_URL = \"https://buildr.bet\";\nconst DEFAULT_SCOPES = \"openid email profile\";\n\nexport function LoginWithBuildr({\n clientId,\n redirectUri,\n onError,\n baseUrl = DEFAULT_BASE_URL,\n children,\n ...buttonProps\n}: LoginWithBuildrProps) {\n const handleClick = useCallback(async () => {\n try {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = await generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n storeOAuthParams(state, codeVerifier);\n\n const params = new URLSearchParams({\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: \"code\",\n scope: DEFAULT_SCOPES,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n state,\n });\n\n window.location.href = `${baseUrl}/api/oidc/auth?${params}`;\n } catch (err) {\n onError?.(err instanceof Error ? err : new Error(String(err)));\n }\n }, [clientId, redirectUri, baseUrl, onError]);\n\n return (\n <button onClick={handleClick} type=\"button\" {...buttonProps}>\n {children ?? \"Login with Buildr\"}\n </button>\n );\n}\n","const STORAGE_PREFIX = \"buildr_oauth_\";\n\nexport function generateCodeVerifier(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64UrlEncode(array);\n}\n\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n const data = new TextEncoder().encode(verifier);\n const hash = await crypto.subtle.digest(\"SHA-256\", data);\n return base64UrlEncode(new Uint8Array(hash));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n return btoa(String.fromCharCode(...bytes))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport function generateState(): string {\n const array = new Uint8Array(16);\n crypto.getRandomValues(array);\n return base64UrlEncode(array);\n}\n\nexport function storeOAuthParams(state: string, codeVerifier: string): void {\n sessionStorage.setItem(`${STORAGE_PREFIX}state`, state);\n sessionStorage.setItem(`${STORAGE_PREFIX}code_verifier`, codeVerifier);\n}\n\nexport function getStoredOAuthParams(): {\n state: string | null;\n codeVerifier: string | null;\n} {\n return {\n state: sessionStorage.getItem(`${STORAGE_PREFIX}state`),\n codeVerifier: sessionStorage.getItem(`${STORAGE_PREFIX}code_verifier`),\n };\n}\n\nexport function clearStoredOAuthParams(): void {\n sessionStorage.removeItem(`${STORAGE_PREFIX}state`);\n sessionStorage.removeItem(`${STORAGE_PREFIX}code_verifier`);\n}\n","import { useEffect, useRef } from \"react\";\nimport type { BuildrCallbackProps, BuildrUser } from \"./types\";\nimport { getStoredOAuthParams, clearStoredOAuthParams } from \"./pkce\";\n\nconst DEFAULT_BASE_URL = \"https://buildr.bet\";\n\nexport function BuildrCallback({\n clientId,\n redirectUri,\n onSuccess,\n onError,\n baseUrl = DEFAULT_BASE_URL,\n children,\n}: BuildrCallbackProps) {\n const processedRef = useRef(false);\n\n useEffect(() => {\n if (processedRef.current) return;\n processedRef.current = true;\n\n const params = new URLSearchParams(window.location.search);\n const code = params.get(\"code\");\n const returnedState = params.get(\"state\");\n const error = params.get(\"error\");\n\n if (error) {\n const description = params.get(\"error_description\") ?? error;\n onError?.(new Error(description));\n return;\n }\n\n if (!code) {\n onError?.(new Error(\"No authorization code in callback URL\"));\n return;\n }\n\n const stored = getStoredOAuthParams();\n\n if (!stored.state || stored.state !== returnedState) {\n onError?.(new Error(\"Invalid state parameter — possible CSRF attack\"));\n return;\n }\n\n if (!stored.codeVerifier) {\n onError?.(new Error(\"No code verifier found — session may have expired\"));\n return;\n }\n\n const exchangeToken = async () => {\n try {\n // Exchange code for tokens (public client — no client_secret)\n const tokenRes = await fetch(`${baseUrl}/api/oidc/token`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n code,\n redirect_uri: redirectUri,\n client_id: clientId,\n code_verifier: stored.codeVerifier!,\n }),\n });\n\n if (!tokenRes.ok) {\n const err = await tokenRes.json().catch(() => ({}));\n throw new Error(\n err.error_description ??\n err.error ??\n `Token exchange failed (${tokenRes.status})`,\n );\n }\n\n const tokens = await tokenRes.json();\n\n // Fetch user info\n const userinfoRes = await fetch(`${baseUrl}/api/oidc/me`, {\n headers: { Authorization: `Bearer ${tokens.access_token}` },\n });\n\n if (!userinfoRes.ok) {\n throw new Error(`Failed to fetch user info (${userinfoRes.status})`);\n }\n\n const user: BuildrUser = await userinfoRes.json();\n clearStoredOAuthParams();\n onSuccess(user);\n } catch (err) {\n clearStoredOAuthParams();\n onError?.(err instanceof Error ? err : new Error(String(err)));\n }\n };\n\n exchangeToken();\n }, [clientId, redirectUri, baseUrl, onSuccess, onError]);\n\n return <>{children ?? <p>Completing login...</p>}</>;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,mBAA4B;;;ACA5B,IAAM,iBAAiB;AAEhB,SAAS,uBAA+B;AAC7C,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,gBAAgB,KAAK;AAC9B;AAEA,eAAsB,sBAAsB,UAAmC;AAC7E,QAAM,OAAO,IAAI,YAAY,EAAE,OAAO,QAAQ;AAC9C,QAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI;AACvD,SAAO,gBAAgB,IAAI,WAAW,IAAI,CAAC;AAC7C;AAEA,SAAS,gBAAgB,OAA2B;AAClD,SAAO,KAAK,OAAO,aAAa,GAAG,KAAK,CAAC,EACtC,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,EAAE;AACtB;AAEO,SAAS,gBAAwB;AACtC,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,gBAAgB,KAAK;AAC9B;AAEO,SAAS,iBAAiB,OAAe,cAA4B;AAC1E,iBAAe,QAAQ,GAAG,cAAc,SAAS,KAAK;AACtD,iBAAe,QAAQ,GAAG,cAAc,iBAAiB,YAAY;AACvE;AAEO,SAAS,uBAGd;AACA,SAAO;AAAA,IACL,OAAO,eAAe,QAAQ,GAAG,cAAc,OAAO;AAAA,IACtD,cAAc,eAAe,QAAQ,GAAG,cAAc,eAAe;AAAA,EACvE;AACF;AAEO,SAAS,yBAA+B;AAC7C,iBAAe,WAAW,GAAG,cAAc,OAAO;AAClD,iBAAe,WAAW,GAAG,cAAc,eAAe;AAC5D;;;ADAI;AApCJ,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAEhB,SAAS,gBAAgB;AAAA,EAC9B;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,EACV;AAAA,EACA,GAAG;AACL,GAAyB;AACvB,QAAM,kBAAc,0BAAY,YAAY;AAC1C,QAAI;AACF,YAAM,eAAe,qBAAqB;AAC1C,YAAM,gBAAgB,MAAM,sBAAsB,YAAY;AAC9D,YAAM,QAAQ,cAAc;AAE5B,uBAAiB,OAAO,YAAY;AAEpC,YAAM,SAAS,IAAI,gBAAgB;AAAA,QACjC,WAAW;AAAA,QACX,cAAc;AAAA,QACd,eAAe;AAAA,QACf,OAAO;AAAA,QACP,gBAAgB;AAAA,QAChB,uBAAuB;AAAA,QACvB;AAAA,MACF,CAAC;AAED,aAAO,SAAS,OAAO,GAAG,OAAO,kBAAkB,MAAM;AAAA,IAC3D,SAAS,KAAK;AACZ,gBAAU,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC,CAAC;AAAA,IAC/D;AAAA,EACF,GAAG,CAAC,UAAU,aAAa,SAAS,OAAO,CAAC;AAE5C,SACE,4CAAC,YAAO,SAAS,aAAa,MAAK,UAAU,GAAG,aAC7C,sBAAY,qBACf;AAEJ;;;AEjDA,IAAAA,gBAAkC;AA+FzB,IAAAC,sBAAA;AA3FT,IAAMC,oBAAmB;AAElB,SAAS,eAAe;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAUA;AAAA,EACV;AACF,GAAwB;AACtB,QAAM,mBAAe,sBAAO,KAAK;AAEjC,+BAAU,MAAM;AACd,QAAI,aAAa,QAAS;AAC1B,iBAAa,UAAU;AAEvB,UAAM,SAAS,IAAI,gBAAgB,OAAO,SAAS,MAAM;AACzD,UAAM,OAAO,OAAO,IAAI,MAAM;AAC9B,UAAM,gBAAgB,OAAO,IAAI,OAAO;AACxC,UAAM,QAAQ,OAAO,IAAI,OAAO;AAEhC,QAAI,OAAO;AACT,YAAM,cAAc,OAAO,IAAI,mBAAmB,KAAK;AACvD,gBAAU,IAAI,MAAM,WAAW,CAAC;AAChC;AAAA,IACF;AAEA,QAAI,CAAC,MAAM;AACT,gBAAU,IAAI,MAAM,uCAAuC,CAAC;AAC5D;AAAA,IACF;AAEA,UAAM,SAAS,qBAAqB;AAEpC,QAAI,CAAC,OAAO,SAAS,OAAO,UAAU,eAAe;AACnD,gBAAU,IAAI,MAAM,qDAAgD,CAAC;AACrE;AAAA,IACF;AAEA,QAAI,CAAC,OAAO,cAAc;AACxB,gBAAU,IAAI,MAAM,wDAAmD,CAAC;AACxE;AAAA,IACF;AAEA,UAAM,gBAAgB,YAAY;AAChC,UAAI;AAEF,cAAM,WAAW,MAAM,MAAM,GAAG,OAAO,mBAAmB;AAAA,UACxD,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,UAC/D,MAAM,IAAI,gBAAgB;AAAA,YACxB,YAAY;AAAA,YACZ;AAAA,YACA,cAAc;AAAA,YACd,WAAW;AAAA,YACX,eAAe,OAAO;AAAA,UACxB,CAAC;AAAA,QACH,CAAC;AAED,YAAI,CAAC,SAAS,IAAI;AAChB,gBAAM,MAAM,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AAClD,gBAAM,IAAI;AAAA,YACR,IAAI,qBACF,IAAI,SACJ,0BAA0B,SAAS,MAAM;AAAA,UAC7C;AAAA,QACF;AAEA,cAAM,SAAS,MAAM,SAAS,KAAK;AAGnC,cAAM,cAAc,MAAM,MAAM,GAAG,OAAO,gBAAgB;AAAA,UACxD,SAAS,EAAE,eAAe,UAAU,OAAO,YAAY,GAAG;AAAA,QAC5D,CAAC;AAED,YAAI,CAAC,YAAY,IAAI;AACnB,gBAAM,IAAI,MAAM,8BAA8B,YAAY,MAAM,GAAG;AAAA,QACrE;AAEA,cAAM,OAAmB,MAAM,YAAY,KAAK;AAChD,+BAAuB;AACvB,kBAAU,IAAI;AAAA,MAChB,SAAS,KAAK;AACZ,+BAAuB;AACvB,kBAAU,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC,CAAC;AAAA,MAC/D;AAAA,IACF;AAEA,kBAAc;AAAA,EAChB,GAAG,CAAC,UAAU,aAAa,SAAS,WAAW,OAAO,CAAC;AAEvD,SAAO,6EAAG,sBAAY,6CAAC,OAAE,iCAAmB,GAAK;AACnD;","names":["import_react","import_jsx_runtime","DEFAULT_BASE_URL"]}

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,41 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+interface BuildrUser {
+    sub: string;
+    email?: string;
+    name?: string;
+    picture?: string;
+    organization_id?: string;
+    membership_role?: string;
+    membership_status?: string;
+}
+interface LoginWithBuildrProps extends Omit<React.ButtonHTMLAttributes<HTMLButtonElement>, "onClick" | "onError"> {
+    /** Your OAuth app's client ID */
+    clientId: string;
+    /** The redirect URI registered with your OAuth app */
+    redirectUri: string;
+    /** Called when an error occurs during authentication */
+    onError?: (error: Error) => void;
+    /** @internal Base URL of the Buildr instance (default: "https://buildr.bet") */
+    baseUrl?: string;
+}
+interface BuildrCallbackProps {
+    /** Your OAuth app's client ID */
+    clientId: string;
+    /** The redirect URI (must match what was used in the auth request) */
+    redirectUri: string;
+    /** Called with user claims after successful token exchange */
+    onSuccess: (user: BuildrUser) => void;
+    /** Called when an error occurs */
+    onError?: (error: Error) => void;
+    /** Base URL of the Buildr instance (default: "https://buildr.bet") */
+    baseUrl?: string;
+    /** Content to show while processing the callback */
+    children?: React.ReactNode;
+}
+declare function LoginWithBuildr({ clientId, redirectUri, onError, baseUrl, children, ...buttonProps }: LoginWithBuildrProps): react_jsx_runtime.JSX.Element;
+declare function BuildrCallback({ clientId, redirectUri, onSuccess, onError, baseUrl, children, }: BuildrCallbackProps): react_jsx_runtime.JSX.Element;
+export { BuildrCallback, type BuildrCallbackProps, type BuildrUser, LoginWithBuildr, type LoginWithBuildrProps };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+interface BuildrUser {
+    sub: string;
+    email?: string;
+    name?: string;
+    picture?: string;
+    organization_id?: string;
+    membership_role?: string;
+    membership_status?: string;
+}
+interface LoginWithBuildrProps extends Omit<React.ButtonHTMLAttributes<HTMLButtonElement>, "onClick" | "onError"> {
+    /** Your OAuth app's client ID */
+    clientId: string;
+    /** The redirect URI registered with your OAuth app */
+    redirectUri: string;
+    /** Called when an error occurs during authentication */
+    onError?: (error: Error) => void;
+    /** @internal Base URL of the Buildr instance (default: "https://buildr.bet") */
+    baseUrl?: string;
+}
+interface BuildrCallbackProps {
+    /** Your OAuth app's client ID */
+    clientId: string;
+    /** The redirect URI (must match what was used in the auth request) */
+    redirectUri: string;
+    /** Called with user claims after successful token exchange */
+    onSuccess: (user: BuildrUser) => void;
+    /** Called when an error occurs */
+    onError?: (error: Error) => void;
+    /** Base URL of the Buildr instance (default: "https://buildr.bet") */
+    baseUrl?: string;
+    /** Content to show while processing the callback */
+    children?: React.ReactNode;
+}
+declare function LoginWithBuildr({ clientId, redirectUri, onError, baseUrl, children, ...buttonProps }: LoginWithBuildrProps): react_jsx_runtime.JSX.Element;
+declare function BuildrCallback({ clientId, redirectUri, onSuccess, onError, baseUrl, children, }: BuildrCallbackProps): react_jsx_runtime.JSX.Element;
+export { BuildrCallback, type BuildrCallbackProps, type BuildrUser, LoginWithBuildr, type LoginWithBuildrProps };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,154 @@
+// src/LoginWithBuildr.tsx
+import { useCallback } from "react";
+// src/pkce.ts
+var STORAGE_PREFIX = "buildr_oauth_";
+function generateCodeVerifier() {
+  const array = new Uint8Array(32);
+  crypto.getRandomValues(array);
+  return base64UrlEncode(array);
+}
+async function generateCodeChallenge(verifier) {
+  const data = new TextEncoder().encode(verifier);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  return base64UrlEncode(new Uint8Array(hash));
+}
+function base64UrlEncode(bytes) {
+  return btoa(String.fromCharCode(...bytes)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function generateState() {
+  const array = new Uint8Array(16);
+  crypto.getRandomValues(array);
+  return base64UrlEncode(array);
+}
+function storeOAuthParams(state, codeVerifier) {
+  sessionStorage.setItem(`${STORAGE_PREFIX}state`, state);
+  sessionStorage.setItem(`${STORAGE_PREFIX}code_verifier`, codeVerifier);
+}
+function getStoredOAuthParams() {
+  return {
+    state: sessionStorage.getItem(`${STORAGE_PREFIX}state`),
+    codeVerifier: sessionStorage.getItem(`${STORAGE_PREFIX}code_verifier`)
+  };
+}
+function clearStoredOAuthParams() {
+  sessionStorage.removeItem(`${STORAGE_PREFIX}state`);
+  sessionStorage.removeItem(`${STORAGE_PREFIX}code_verifier`);
+}
+// src/LoginWithBuildr.tsx
+import { jsx } from "react/jsx-runtime";
+var DEFAULT_BASE_URL = "https://buildr.bet";
+var DEFAULT_SCOPES = "openid email profile";
+function LoginWithBuildr({
+  clientId,
+  redirectUri,
+  onError,
+  baseUrl = DEFAULT_BASE_URL,
+  children,
+  ...buttonProps
+}) {
+  const handleClick = useCallback(async () => {
+    try {
+      const codeVerifier = generateCodeVerifier();
+      const codeChallenge = await generateCodeChallenge(codeVerifier);
+      const state = generateState();
+      storeOAuthParams(state, codeVerifier);
+      const params = new URLSearchParams({
+        client_id: clientId,
+        redirect_uri: redirectUri,
+        response_type: "code",
+        scope: DEFAULT_SCOPES,
+        code_challenge: codeChallenge,
+        code_challenge_method: "S256",
+        state
+      });
+      window.location.href = `${baseUrl}/api/oidc/auth?${params}`;
+    } catch (err) {
+      onError?.(err instanceof Error ? err : new Error(String(err)));
+    }
+  }, [clientId, redirectUri, baseUrl, onError]);
+  return /* @__PURE__ */ jsx("button", { onClick: handleClick, type: "button", ...buttonProps, children: children ?? "Login with Buildr" });
+}
+// src/BuildrCallback.tsx
+import { useEffect, useRef } from "react";
+import { Fragment, jsx as jsx2 } from "react/jsx-runtime";
+var DEFAULT_BASE_URL2 = "https://buildr.bet";
+function BuildrCallback({
+  clientId,
+  redirectUri,
+  onSuccess,
+  onError,
+  baseUrl = DEFAULT_BASE_URL2,
+  children
+}) {
+  const processedRef = useRef(false);
+  useEffect(() => {
+    if (processedRef.current) return;
+    processedRef.current = true;
+    const params = new URLSearchParams(window.location.search);
+    const code = params.get("code");
+    const returnedState = params.get("state");
+    const error = params.get("error");
+    if (error) {
+      const description = params.get("error_description") ?? error;
+      onError?.(new Error(description));
+      return;
+    }
+    if (!code) {
+      onError?.(new Error("No authorization code in callback URL"));
+      return;
+    }
+    const stored = getStoredOAuthParams();
+    if (!stored.state || stored.state !== returnedState) {
+      onError?.(new Error("Invalid state parameter \u2014 possible CSRF attack"));
+      return;
+    }
+    if (!stored.codeVerifier) {
+      onError?.(new Error("No code verifier found \u2014 session may have expired"));
+      return;
+    }
+    const exchangeToken = async () => {
+      try {
+        const tokenRes = await fetch(`${baseUrl}/api/oidc/token`, {
+          method: "POST",
+          headers: { "Content-Type": "application/x-www-form-urlencoded" },
+          body: new URLSearchParams({
+            grant_type: "authorization_code",
+            code,
+            redirect_uri: redirectUri,
+            client_id: clientId,
+            code_verifier: stored.codeVerifier
+          })
+        });
+        if (!tokenRes.ok) {
+          const err = await tokenRes.json().catch(() => ({}));
+          throw new Error(
+            err.error_description ?? err.error ?? `Token exchange failed (${tokenRes.status})`
+          );
+        }
+        const tokens = await tokenRes.json();
+        const userinfoRes = await fetch(`${baseUrl}/api/oidc/me`, {
+          headers: { Authorization: `Bearer ${tokens.access_token}` }
+        });
+        if (!userinfoRes.ok) {
+          throw new Error(`Failed to fetch user info (${userinfoRes.status})`);
+        }
+        const user = await userinfoRes.json();
+        clearStoredOAuthParams();
+        onSuccess(user);
+      } catch (err) {
+        clearStoredOAuthParams();
+        onError?.(err instanceof Error ? err : new Error(String(err)));
+      }
+    };
+    exchangeToken();
+  }, [clientId, redirectUri, baseUrl, onSuccess, onError]);
+  return /* @__PURE__ */ jsx2(Fragment, { children: children ?? /* @__PURE__ */ jsx2("p", { children: "Completing login..." }) });
+}
+export {
+  BuildrCallback,
+  LoginWithBuildr
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/LoginWithBuildr.tsx","../src/pkce.ts","../src/BuildrCallback.tsx"],"sourcesContent":["import { useCallback } from \"react\";\nimport type { LoginWithBuildrProps } from \"./types\";\nimport {\n generateCodeVerifier,\n generateCodeChallenge,\n generateState,\n storeOAuthParams,\n} from \"./pkce\";\n\nconst DEFAULT_BASE_URL = \"https://buildr.bet\";\nconst DEFAULT_SCOPES = \"openid email profile\";\n\nexport function LoginWithBuildr({\n clientId,\n redirectUri,\n onError,\n baseUrl = DEFAULT_BASE_URL,\n children,\n ...buttonProps\n}: LoginWithBuildrProps) {\n const handleClick = useCallback(async () => {\n try {\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = await generateCodeChallenge(codeVerifier);\n const state = generateState();\n\n storeOAuthParams(state, codeVerifier);\n\n const params = new URLSearchParams({\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: \"code\",\n scope: DEFAULT_SCOPES,\n code_challenge: codeChallenge,\n code_challenge_method: \"S256\",\n state,\n });\n\n window.location.href = `${baseUrl}/api/oidc/auth?${params}`;\n } catch (err) {\n onError?.(err instanceof Error ? err : new Error(String(err)));\n }\n }, [clientId, redirectUri, baseUrl, onError]);\n\n return (\n <button onClick={handleClick} type=\"button\" {...buttonProps}>\n {children ?? \"Login with Buildr\"}\n </button>\n );\n}\n","const STORAGE_PREFIX = \"buildr_oauth_\";\n\nexport function generateCodeVerifier(): string {\n const array = new Uint8Array(32);\n crypto.getRandomValues(array);\n return base64UrlEncode(array);\n}\n\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n const data = new TextEncoder().encode(verifier);\n const hash = await crypto.subtle.digest(\"SHA-256\", data);\n return base64UrlEncode(new Uint8Array(hash));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n return btoa(String.fromCharCode(...bytes))\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/, \"\");\n}\n\nexport function generateState(): string {\n const array = new Uint8Array(16);\n crypto.getRandomValues(array);\n return base64UrlEncode(array);\n}\n\nexport function storeOAuthParams(state: string, codeVerifier: string): void {\n sessionStorage.setItem(`${STORAGE_PREFIX}state`, state);\n sessionStorage.setItem(`${STORAGE_PREFIX}code_verifier`, codeVerifier);\n}\n\nexport function getStoredOAuthParams(): {\n state: string | null;\n codeVerifier: string | null;\n} {\n return {\n state: sessionStorage.getItem(`${STORAGE_PREFIX}state`),\n codeVerifier: sessionStorage.getItem(`${STORAGE_PREFIX}code_verifier`),\n };\n}\n\nexport function clearStoredOAuthParams(): void {\n sessionStorage.removeItem(`${STORAGE_PREFIX}state`);\n sessionStorage.removeItem(`${STORAGE_PREFIX}code_verifier`);\n}\n","import { useEffect, useRef } from \"react\";\nimport type { BuildrCallbackProps, BuildrUser } from \"./types\";\nimport { getStoredOAuthParams, clearStoredOAuthParams } from \"./pkce\";\n\nconst DEFAULT_BASE_URL = \"https://buildr.bet\";\n\nexport function BuildrCallback({\n clientId,\n redirectUri,\n onSuccess,\n onError,\n baseUrl = DEFAULT_BASE_URL,\n children,\n}: BuildrCallbackProps) {\n const processedRef = useRef(false);\n\n useEffect(() => {\n if (processedRef.current) return;\n processedRef.current = true;\n\n const params = new URLSearchParams(window.location.search);\n const code = params.get(\"code\");\n const returnedState = params.get(\"state\");\n const error = params.get(\"error\");\n\n if (error) {\n const description = params.get(\"error_description\") ?? error;\n onError?.(new Error(description));\n return;\n }\n\n if (!code) {\n onError?.(new Error(\"No authorization code in callback URL\"));\n return;\n }\n\n const stored = getStoredOAuthParams();\n\n if (!stored.state || stored.state !== returnedState) {\n onError?.(new Error(\"Invalid state parameter — possible CSRF attack\"));\n return;\n }\n\n if (!stored.codeVerifier) {\n onError?.(new Error(\"No code verifier found — session may have expired\"));\n return;\n }\n\n const exchangeToken = async () => {\n try {\n // Exchange code for tokens (public client — no client_secret)\n const tokenRes = await fetch(`${baseUrl}/api/oidc/token`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n code,\n redirect_uri: redirectUri,\n client_id: clientId,\n code_verifier: stored.codeVerifier!,\n }),\n });\n\n if (!tokenRes.ok) {\n const err = await tokenRes.json().catch(() => ({}));\n throw new Error(\n err.error_description ??\n err.error ??\n `Token exchange failed (${tokenRes.status})`,\n );\n }\n\n const tokens = await tokenRes.json();\n\n // Fetch user info\n const userinfoRes = await fetch(`${baseUrl}/api/oidc/me`, {\n headers: { Authorization: `Bearer ${tokens.access_token}` },\n });\n\n if (!userinfoRes.ok) {\n throw new Error(`Failed to fetch user info (${userinfoRes.status})`);\n }\n\n const user: BuildrUser = await userinfoRes.json();\n clearStoredOAuthParams();\n onSuccess(user);\n } catch (err) {\n clearStoredOAuthParams();\n onError?.(err instanceof Error ? err : new Error(String(err)));\n }\n };\n\n exchangeToken();\n }, [clientId, redirectUri, baseUrl, onSuccess, onError]);\n\n return <>{children ?? <p>Completing login...</p>}</>;\n}\n"],"mappings":";AAAA,SAAS,mBAAmB;;;ACA5B,IAAM,iBAAiB;AAEhB,SAAS,uBAA+B;AAC7C,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,gBAAgB,KAAK;AAC9B;AAEA,eAAsB,sBAAsB,UAAmC;AAC7E,QAAM,OAAO,IAAI,YAAY,EAAE,OAAO,QAAQ;AAC9C,QAAM,OAAO,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI;AACvD,SAAO,gBAAgB,IAAI,WAAW,IAAI,CAAC;AAC7C;AAEA,SAAS,gBAAgB,OAA2B;AAClD,SAAO,KAAK,OAAO,aAAa,GAAG,KAAK,CAAC,EACtC,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,EAAE;AACtB;AAEO,SAAS,gBAAwB;AACtC,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,SAAO,gBAAgB,KAAK;AAC9B;AAEO,SAAS,iBAAiB,OAAe,cAA4B;AAC1E,iBAAe,QAAQ,GAAG,cAAc,SAAS,KAAK;AACtD,iBAAe,QAAQ,GAAG,cAAc,iBAAiB,YAAY;AACvE;AAEO,SAAS,uBAGd;AACA,SAAO;AAAA,IACL,OAAO,eAAe,QAAQ,GAAG,cAAc,OAAO;AAAA,IACtD,cAAc,eAAe,QAAQ,GAAG,cAAc,eAAe;AAAA,EACvE;AACF;AAEO,SAAS,yBAA+B;AAC7C,iBAAe,WAAW,GAAG,cAAc,OAAO;AAClD,iBAAe,WAAW,GAAG,cAAc,eAAe;AAC5D;;;ADAI;AApCJ,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAEhB,SAAS,gBAAgB;AAAA,EAC9B;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAU;AAAA,EACV;AAAA,EACA,GAAG;AACL,GAAyB;AACvB,QAAM,cAAc,YAAY,YAAY;AAC1C,QAAI;AACF,YAAM,eAAe,qBAAqB;AAC1C,YAAM,gBAAgB,MAAM,sBAAsB,YAAY;AAC9D,YAAM,QAAQ,cAAc;AAE5B,uBAAiB,OAAO,YAAY;AAEpC,YAAM,SAAS,IAAI,gBAAgB;AAAA,QACjC,WAAW;AAAA,QACX,cAAc;AAAA,QACd,eAAe;AAAA,QACf,OAAO;AAAA,QACP,gBAAgB;AAAA,QAChB,uBAAuB;AAAA,QACvB;AAAA,MACF,CAAC;AAED,aAAO,SAAS,OAAO,GAAG,OAAO,kBAAkB,MAAM;AAAA,IAC3D,SAAS,KAAK;AACZ,gBAAU,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC,CAAC;AAAA,IAC/D;AAAA,EACF,GAAG,CAAC,UAAU,aAAa,SAAS,OAAO,CAAC;AAE5C,SACE,oBAAC,YAAO,SAAS,aAAa,MAAK,UAAU,GAAG,aAC7C,sBAAY,qBACf;AAEJ;;;AEjDA,SAAS,WAAW,cAAc;AA+FzB,mBAAe,OAAAA,YAAf;AA3FT,IAAMC,oBAAmB;AAElB,SAAS,eAAe;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAAUA;AAAA,EACV;AACF,GAAwB;AACtB,QAAM,eAAe,OAAO,KAAK;AAEjC,YAAU,MAAM;AACd,QAAI,aAAa,QAAS;AAC1B,iBAAa,UAAU;AAEvB,UAAM,SAAS,IAAI,gBAAgB,OAAO,SAAS,MAAM;AACzD,UAAM,OAAO,OAAO,IAAI,MAAM;AAC9B,UAAM,gBAAgB,OAAO,IAAI,OAAO;AACxC,UAAM,QAAQ,OAAO,IAAI,OAAO;AAEhC,QAAI,OAAO;AACT,YAAM,cAAc,OAAO,IAAI,mBAAmB,KAAK;AACvD,gBAAU,IAAI,MAAM,WAAW,CAAC;AAChC;AAAA,IACF;AAEA,QAAI,CAAC,MAAM;AACT,gBAAU,IAAI,MAAM,uCAAuC,CAAC;AAC5D;AAAA,IACF;AAEA,UAAM,SAAS,qBAAqB;AAEpC,QAAI,CAAC,OAAO,SAAS,OAAO,UAAU,eAAe;AACnD,gBAAU,IAAI,MAAM,qDAAgD,CAAC;AACrE;AAAA,IACF;AAEA,QAAI,CAAC,OAAO,cAAc;AACxB,gBAAU,IAAI,MAAM,wDAAmD,CAAC;AACxE;AAAA,IACF;AAEA,UAAM,gBAAgB,YAAY;AAChC,UAAI;AAEF,cAAM,WAAW,MAAM,MAAM,GAAG,OAAO,mBAAmB;AAAA,UACxD,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,UAC/D,MAAM,IAAI,gBAAgB;AAAA,YACxB,YAAY;AAAA,YACZ;AAAA,YACA,cAAc;AAAA,YACd,WAAW;AAAA,YACX,eAAe,OAAO;AAAA,UACxB,CAAC;AAAA,QACH,CAAC;AAED,YAAI,CAAC,SAAS,IAAI;AAChB,gBAAM,MAAM,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,CAAC,EAAE;AAClD,gBAAM,IAAI;AAAA,YACR,IAAI,qBACF,IAAI,SACJ,0BAA0B,SAAS,MAAM;AAAA,UAC7C;AAAA,QACF;AAEA,cAAM,SAAS,MAAM,SAAS,KAAK;AAGnC,cAAM,cAAc,MAAM,MAAM,GAAG,OAAO,gBAAgB;AAAA,UACxD,SAAS,EAAE,eAAe,UAAU,OAAO,YAAY,GAAG;AAAA,QAC5D,CAAC;AAED,YAAI,CAAC,YAAY,IAAI;AACnB,gBAAM,IAAI,MAAM,8BAA8B,YAAY,MAAM,GAAG;AAAA,QACrE;AAEA,cAAM,OAAmB,MAAM,YAAY,KAAK;AAChD,+BAAuB;AACvB,kBAAU,IAAI;AAAA,MAChB,SAAS,KAAK;AACZ,+BAAuB;AACvB,kBAAU,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO,GAAG,CAAC,CAAC;AAAA,MAC/D;AAAA,IACF;AAEA,kBAAc;AAAA,EAChB,GAAG,CAAC,UAAU,aAAa,SAAS,WAAW,OAAO,CAAC;AAEvD,SAAO,gBAAAD,KAAA,YAAG,sBAAY,gBAAAA,KAAC,OAAE,iCAAmB,GAAK;AACnD;","names":["jsx","DEFAULT_BASE_URL"]}

package/package.json ADDED Viewed

@@ -0,0 +1,38 @@
+{
+  "name": "@buildrbets/react",
+  "version": "0.1.0",
+  "description": "Login with Buildr — React SDK for OAuth 2.0 + PKCE",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "publish-pkg": "pnpm build && npm publish"
+  },
+  "peerDependencies": {
+    "react": ">=18.0.0",
+    "react-dom": ">=18.0.0"
+  },
+  "devDependencies": {
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.0.0",
+    "@types/react": "^19.0.0"
+  }
+}