@carlonicora/nextjs-jsonapi 1.24.3 → 1.25.1

package/dist/oauth.interface-vL7za9Bz.d.ts

@@ -0,0 +1,119 @@
+import { A as ApiDataInterface } from './ApiDataInterface-DPP8s46n.js';
+
+/**
+ * OAuth client application interface
+ * Represents a registered OAuth application that can request access tokens
+ */
+interface OAuthClientInterface extends ApiDataInterface {
+    /** The public client identifier (UUID format) */
+    get clientId(): string;
+    /** Human-readable application name */
+    get name(): string;
+    /** Optional description of the application */
+    get description(): string | undefined;
+    /** Array of allowed redirect URIs (exact match validation) */
+    get redirectUris(): string[];
+    /** Array of scopes this client can request */
+    get allowedScopes(): string[];
+    /** Supported grant types (authorization_code, client_credentials, refresh_token) */
+    get allowedGrantTypes(): string[];
+    /** True for server-side apps (can keep secret secure), false for mobile/desktop apps */
+    get isConfidential(): boolean;
+    /** Whether the client is currently active */
+    get isActive(): boolean;
+    /** When the client was created */
+    get createdAt(): Date;
+    /** When the client was last updated */
+    get updatedAt(): Date;
+}
+/**
+ * Input type for OAuth client CRUD operations
+ */
+type OAuthClientInput = {
+    id?: string;
+    name?: string;
+    description?: string;
+    redirectUris?: string[];
+    allowedScopes?: string[];
+    allowedGrantTypes?: string[];
+    isConfidential?: boolean;
+    isActive?: boolean;
+};
+/**
+ * Request body for creating a new OAuth client
+ */
+interface OAuthClientCreateRequest {
+    /** Required: Human-readable application name */
+    name: string;
+    /** Optional: Description of the application */
+    description?: string;
+    /** Required: At least one redirect URI */
+    redirectUris: string[];
+    /** Required: Array of scopes the client needs */
+    allowedScopes: string[];
+    /** Optional: Grant types (defaults to authorization_code + refresh_token) */
+    allowedGrantTypes?: string[];
+    /** Required: Whether this is a confidential client */
+    isConfidential: boolean;
+}
+/**
+ * Response when creating a client (includes one-time secret)
+ */
+interface OAuthClientCreateResponse {
+    client: OAuthClientInterface;
+    /** Only returned on creation - must be saved immediately */
+    clientSecret?: string;
+}
+/**
+ * Parameters for the OAuth authorization consent flow
+ * Passed via URL query parameters to the consent page
+ */
+interface OAuthConsentRequest {
+    /** The client_id requesting authorization */
+    clientId: string;
+    /** Where to redirect after authorization */
+    redirectUri: string;
+    /** Space-separated list of requested scopes */
+    scope: string;
+    /** CSRF protection token (passed back on redirect) */
+    state?: string;
+    /** PKCE code challenge (required for public clients) */
+    codeChallenge?: string;
+    /** PKCE method: 'S256' (recommended) or 'plain' */
+    codeChallengeMethod?: string;
+}
+/**
+ * Scope information for display in consent screen
+ */
+interface OAuthScopeInfo {
+    /** The scope identifier (e.g., 'photographs:read') */
+    scope: string;
+    /** Human-readable scope name */
+    name: string;
+    /** Description of what this scope allows */
+    description: string;
+    /** Optional icon identifier */
+    icon?: string;
+}
+/**
+ * Client info returned for consent screen display
+ */
+interface OAuthConsentInfo {
+    client: OAuthClientInterface;
+    scopes: OAuthScopeInfo[];
+}
+/**
+ * Default scope display configuration
+ * Maps scope identifiers to human-readable info
+ */
+declare const OAUTH_SCOPE_DISPLAY: Record<string, OAuthScopeInfo>;
+/**
+ * Available scopes list for the scope selector
+ */
+declare const AVAILABLE_OAUTH_SCOPES: OAuthScopeInfo[];
+/**
+ * Default grant types for new clients
+ */
+declare const DEFAULT_GRANT_TYPES: string[];
+
+export { AVAILABLE_OAUTH_SCOPES as A, DEFAULT_GRANT_TYPES as D, type OAuthClientInterface as O, type OAuthClientInput as a, type OAuthClientCreateRequest as b, type OAuthClientCreateResponse as c, type OAuthConsentRequest as d, type OAuthScopeInfo as e, type OAuthConsentInfo as f, OAUTH_SCOPE_DISPLAY as g };

package/dist/server/index.js

@@ -15,7 +15,7 @@ var _chunk3ZPK4QOBjs = require('../chunk-3ZPK4QOB.js');
 
 
 
-var _chunkNQVPCNRSjs = require('../chunk-NQVPCNRS.js');
+var _chunkO3LLMGP7js = require('../chunk-O3LLMGP7.js');
 require('../chunk-LXKSUWAV.js');
 require('../chunk-IBS6NI7D.js');
 
@@ -93,7 +93,7 @@ var ServerSession = class {
     if (!rawModules) return false;
     const modules = JSON.parse(_pako2.default.ungzip(Buffer.from(rawModules, "base64"), { to: "string" }));
     const selectedModule = modules.find((module) => module.id === params.module.moduleId);
-    return _chunkNQVPCNRSjs.checkPermissionsFromServer.call(void 0, {
+    return _chunkO3LLMGP7js.checkPermissionsFromServer.call(void 0, {
       module: params.module,
       action: params.action,
       data: params.data,
@@ -303,5 +303,5 @@ _chunk7QVYU63Ejs.__name.call(void 0, ServerJsonApiDelete, "ServerJsonApiDelete")
 
 
 
-exports.ServerAuthService = _chunkNQVPCNRSjs.AuthService; exports.ServerCompanyService = _chunkNQVPCNRSjs.CompanyService; exports.ServerContentService = _chunkNQVPCNRSjs.ContentService; exports.ServerFeatureService = _chunkNQVPCNRSjs.FeatureService; exports.ServerJsonApiDelete = ServerJsonApiDelete; exports.ServerJsonApiGet = ServerJsonApiGet; exports.ServerJsonApiPatch = ServerJsonApiPatch; exports.ServerJsonApiPost = ServerJsonApiPost; exports.ServerJsonApiPut = ServerJsonApiPut; exports.ServerNotificationService = _chunkNQVPCNRSjs.NotificationService; exports.ServerPushService = _chunkNQVPCNRSjs.PushService; exports.ServerRoleService = _chunkNQVPCNRSjs.RoleService; exports.ServerS3Service = _chunkNQVPCNRSjs.S3Service; exports.ServerSession = ServerSession; exports.ServerUserService = _chunkNQVPCNRSjs.UserService; exports.configureServerJsonApi = configureServerJsonApi; exports.getServerApiUrl = getServerApiUrl; exports.getServerAppUrl = getServerAppUrl; exports.getServerToken = _chunkYUO55Q5Ajs.getServerToken; exports.getServerTrackablePages = getServerTrackablePages; exports.invalidateCacheTag = invalidateCacheTag; exports.invalidateCacheTags = invalidateCacheTags; exports.serverRequest = _chunk3ZPK4QOBjs.serverRequest;
+exports.ServerAuthService = _chunkO3LLMGP7js.AuthService; exports.ServerCompanyService = _chunkO3LLMGP7js.CompanyService; exports.ServerContentService = _chunkO3LLMGP7js.ContentService; exports.ServerFeatureService = _chunkO3LLMGP7js.FeatureService; exports.ServerJsonApiDelete = ServerJsonApiDelete; exports.ServerJsonApiGet = ServerJsonApiGet; exports.ServerJsonApiPatch = ServerJsonApiPatch; exports.ServerJsonApiPost = ServerJsonApiPost; exports.ServerJsonApiPut = ServerJsonApiPut; exports.ServerNotificationService = _chunkO3LLMGP7js.NotificationService; exports.ServerPushService = _chunkO3LLMGP7js.PushService; exports.ServerRoleService = _chunkO3LLMGP7js.RoleService; exports.ServerS3Service = _chunkO3LLMGP7js.S3Service; exports.ServerSession = ServerSession; exports.ServerUserService = _chunkO3LLMGP7js.UserService; exports.configureServerJsonApi = configureServerJsonApi; exports.getServerApiUrl = getServerApiUrl; exports.getServerAppUrl = getServerAppUrl; exports.getServerToken = _chunkYUO55Q5Ajs.getServerToken; exports.getServerTrackablePages = getServerTrackablePages; exports.invalidateCacheTag = invalidateCacheTag; exports.invalidateCacheTags = invalidateCacheTags; exports.serverRequest = _chunk3ZPK4QOBjs.serverRequest;
 //# sourceMappingURL=index.js.map

package/dist/server/index.mjs

@@ -15,7 +15,7 @@ import {
   S3Service,
   UserService,
   checkPermissionsFromServer
-} from "../chunk-5U4NJJOF.mjs";
+} from "../chunk-LNBT2YPZ.mjs";
 import "../chunk-AUXK7QSA.mjs";
 import "../chunk-C7C7VY4F.mjs";
 import {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@carlonicora/nextjs-jsonapi",
-  "version": "1.24.3",
+  "version": "1.25.1",
   "description": "Next.js JSON:API client with server/client support and caching",
   "author": "Carlo Nicora",
   "license": "GPL-3.0-or-later",
@@ -101,7 +101,6 @@
   },
   "dependencies": {
     "@base-ui/react": "^1.0.0",
-    "class-variance-authority": "^0.7.1",
     "@blocknote/core": "^0.45.0",
     "@blocknote/react": "^0.45.0",
     "@blocknote/shadcn": "^0.45.0",
@@ -111,6 +110,7 @@
     "@hookform/resolvers": "^5.2.2",
     "@radix-ui/react-label": "^2.1.8",
     "@radix-ui/react-slot": "^1.2.4",
+    "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "cmdk": "^1.1.1",
     "commander": "^14.0.2",
@@ -120,6 +120,7 @@
     "embla-carousel-react": "^8.6.0",
     "input-otp": "^1.4.2",
     "jotai": "^2.16.1",
+    "jotai-family": "^1.0.1",
     "lucide-react": "^0.562.0",
     "next-themes": "^0.4.6",
     "pako": "^2.1.0",

package/src/client/index.ts

@@ -24,6 +24,7 @@ import { registerTableGenerator } from "../hooks";
 export * from "../features/content/hooks";
 export * from "../features/role/hooks";
 export * from "../features/user/hooks";
+export * from "../features/oauth/hooks";
 
 registerTableGenerator("roles", useRoleTableStructure);
 registerTableGenerator("users", useUserTableStructure);

package/src/components/index.ts

@@ -17,6 +17,7 @@ export * from "../features/feature/components";
 export * from "../features/notification/components";
 export * from "../features/role/components";
 export * from "../features/user/components";
+export * from "../features/oauth/components";
 
 // shadcn/ui components (merged from /shadcnui entry point)
 export * from "../shadcnui";

package/src/core/index.ts

@@ -58,3 +58,6 @@ export * from "../features/search";
 export * from "../features/user/author.module";
 export * from "../features/user/data";
 export * from "../features/user/user.module";
+export * from "../features/oauth/oauth.module";
+export * from "../features/oauth/data";
+export * from "../features/oauth/interfaces";

package/src/core/registry/ModuleRegistry.ts

@@ -26,6 +26,8 @@ export interface FoundationModuleDefinitions {
   StripeProduct: ModuleWithPermissions;
   StripePrice: ModuleWithPermissions;
   StripeUsage: ModuleWithPermissions;
+  // OAuth modules
+  OAuth: ModuleWithPermissions;
 }
 
 // App-specific modules - apps will augment this interface ONLY

package/src/features/index.ts

@@ -17,3 +17,4 @@ export * from "./role";
 export * from "./s3";
 export * from "./search";
 export * from "./user";
+export * from "./oauth";

package/src/features/oauth/atoms/index.ts

@@ -0,0 +1 @@
+export * from "./oauth.atoms";

package/src/features/oauth/atoms/oauth.atoms.ts

@@ -0,0 +1,131 @@
+import { atom } from "jotai";
+import { atomFamily } from "jotai-family";
+import { OAuthClientInterface } from "../interfaces/oauth.interface";
+
+// ==========================================
+// OAUTH CLIENTS STATE
+// ==========================================
+
+/**
+ * Primary store for OAuth clients
+ * Populated by useOAuthClients hook
+ */
+export const oauthClientsAtom = atom<OAuthClientInterface[]>([]);
+
+/**
+ * Loading state for OAuth clients list
+ */
+export const oauthClientsLoadingAtom = atom<boolean>(false);
+
+/**
+ * Error state for OAuth client operations
+ */
+export const oauthClientsErrorAtom = atom<Error | null>(null);
+
+/**
+ * Derived atom family for getting a single client by ID
+ * Usage: const client = useAtomValue(oauthClientByIdAtom(clientId))
+ *
+ * @param clientId - The client ID (not the internal id, but the clientId field)
+ * @returns The client if found, undefined otherwise
+ */
+export const oauthClientByIdAtom = atomFamily((clientId: string) =>
+  atom((get) => {
+    const clients = get(oauthClientsAtom);
+    return clients.find((c) => c.clientId === clientId || c.id === clientId);
+  }),
+);
+
+// ==========================================
+// ONE-TIME SECRET DISPLAY STATE
+// ==========================================
+
+/**
+ * Stores the client secret for one-time display
+ * Set after createClient or regenerateSecret, cleared after user acknowledges
+ */
+export const oauthNewClientSecretAtom = atom<string | null>(null);
+
+/**
+ * The client ID associated with the new secret
+ * Used to know which client the secret belongs to
+ */
+export const oauthNewClientIdAtom = atom<string | null>(null);
+
+// ==========================================
+// CONSENT FLOW STATE
+// ==========================================
+
+/**
+ * Loading state for consent screen data fetch
+ */
+export const oauthConsentLoadingAtom = atom<boolean>(false);
+
+/**
+ * Error state for consent flow
+ */
+export const oauthConsentErrorAtom = atom<Error | null>(null);
+
+// ==========================================
+// WRITE ATOMS (for actions)
+// ==========================================
+
+/**
+ * Write atom to set a new client secret and associated client ID
+ */
+export const setNewClientSecretAtom = atom(null, (get, set, value: { clientId: string; secret: string } | null) => {
+  if (value === null) {
+    set(oauthNewClientSecretAtom, null);
+    set(oauthNewClientIdAtom, null);
+  } else {
+    set(oauthNewClientSecretAtom, value.secret);
+    set(oauthNewClientIdAtom, value.clientId);
+  }
+});
+
+/**
+ * Write atom to clear the new client secret (after user acknowledges)
+ */
+export const clearNewClientSecretAtom = atom(null, (get, set) => {
+  set(oauthNewClientSecretAtom, null);
+  set(oauthNewClientIdAtom, null);
+});
+
+/**
+ * Write atom to update the clients list
+ */
+export const setOAuthClientsAtom = atom(null, (get, set, clients: OAuthClientInterface[]) => {
+  set(oauthClientsAtom, clients);
+});
+
+/**
+ * Write atom to add a client to the list
+ */
+export const addOAuthClientAtom = atom(null, (get, set, client: OAuthClientInterface) => {
+  const clients = get(oauthClientsAtom);
+  set(oauthClientsAtom, [...clients, client]);
+});
+
+/**
+ * Write atom to update a client in the list
+ */
+export const updateOAuthClientAtom = atom(null, (get, set, updatedClient: OAuthClientInterface) => {
+  const clients = get(oauthClientsAtom);
+  const index = clients.findIndex((c) => c.id === updatedClient.id || c.clientId === updatedClient.clientId);
+  if (index !== -1) {
+    const newClients = [...clients];
+    newClients[index] = updatedClient;
+    set(oauthClientsAtom, newClients);
+  }
+});
+
+/**
+ * Write atom to remove a client from the list
+ */
+export const removeOAuthClientAtom = atom(null, (get, set, clientId: string) => {
+  const clients = get(oauthClientsAtom);
+  set(
+    oauthClientsAtom,
+    clients.filter((c) => c.id !== clientId && c.clientId !== clientId),
+  );
+});

package/src/features/oauth/components/OAuthClientCard.tsx

@@ -0,0 +1,105 @@
+"use client";
+
+import { formatDistanceToNow } from "date-fns";
+import { Key, MoreVertical, Pencil, Trash2 } from "lucide-react";
+import {
+  Badge,
+  Button,
+  Card,
+  CardContent,
+  CardDescription,
+  CardHeader,
+  CardTitle,
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from "../../../shadcnui";
+import { OAuthClientInterface } from "../interfaces/oauth.interface";
+
+export interface OAuthClientCardProps {
+  /** The OAuth client to display */
+  client: OAuthClientInterface;
+  /** Called when card is clicked */
+  onClick?: () => void;
+  /** Called when edit is clicked */
+  onEdit?: () => void;
+  /** Called when delete is clicked */
+  onDelete?: () => void;
+}
+
+/**
+ * Card component for displaying an OAuth client in a list
+ */
+export function OAuthClientCard({
+  client,
+  onClick,
+  onEdit,
+  onDelete,
+}: OAuthClientCardProps) {
+  // Truncate client ID for display
+  const truncatedId = client.clientId.length > 12
+    ? `${client.clientId.slice(0, 8)}...${client.clientId.slice(-4)}`
+    : client.clientId;
+
+  const createdAgo = client.createdAt
+    ? formatDistanceToNow(new Date(client.createdAt), { addSuffix: true })
+    : "Unknown";
+
+  return (
+    <Card
+      className={`cursor-pointer transition-colors hover:bg-accent/50 ${!client.isActive ? "opacity-60" : ""}`}
+      onClick={onClick}
+    >
+      <CardHeader className="pb-2">
+        <div className="flex items-start justify-between">
+          <div className="flex items-center gap-2">
+            <Key className="h-5 w-5 text-muted-foreground" />
+            <CardTitle className="text-lg">{client.name}</CardTitle>
+          </div>
+          <div className="flex items-center gap-2">
+            <Badge variant={client.isActive ? "default" : "secondary"}>
+              {client.isActive ? "Active" : "Inactive"}
+            </Badge>
+            {(onEdit || onDelete) && (
+              <DropdownMenu>
+                <DropdownMenuTrigger onClick={(e) => e.stopPropagation()}>
+                  <Button render={<div />} nativeButton={false} variant="ghost" size="icon" className="h-8 w-8">
+                    <MoreVertical className="h-4 w-4" />
+                  </Button>
+                </DropdownMenuTrigger>
+                <DropdownMenuContent align="end">
+                  {onEdit && (
+                    <DropdownMenuItem onClick={(e) => { e.stopPropagation(); onEdit(); }}>
+                      <Pencil className="h-4 w-4 mr-2" />
+                      Edit
+                    </DropdownMenuItem>
+                  )}
+                  {onDelete && (
+                    <DropdownMenuItem
+                      onClick={(e) => { e.stopPropagation(); onDelete(); }}
+                      className="text-destructive"
+                    >
+                      <Trash2 className="h-4 w-4 mr-2" />
+                      Delete
+                    </DropdownMenuItem>
+                  )}
+                </DropdownMenuContent>
+              </DropdownMenu>
+            )}
+          </div>
+        </div>
+        {client.description && (
+          <CardDescription className="line-clamp-2">{client.description}</CardDescription>
+        )}
+      </CardHeader>
+      <CardContent>
+        <div className="flex flex-wrap gap-x-4 gap-y-1 text-sm text-muted-foreground">
+          <span className="font-mono">{truncatedId}</span>
+          <span>Created {createdAgo}</span>
+          <span>{client.isConfidential ? "Confidential" : "Public"}</span>
+        </div>
+      </CardContent>
+    </Card>
+  );
+}