@choiceform/shared-auth 0.1.17 → 0.1.19

package/dist/services/referral-service.js

@@ -0,0 +1,54 @@
+/**
+ * 邀请码服务
+ *
+ * 提供邀请码相关的业务逻辑：
+ * - 提交邀请码
+ * - 检查用户是否需要填写邀请码
+ * - 提取用户邀请码字段
+ */
+/**
+ * 创建邀请码服务
+ */
+export function createReferralService(apiClient) {
+    async function submitReferralCode(referralCode) {
+        const response = await apiClient.post("/v1/auth/referral", { referralCode });
+        if (response.ok) {
+            return { success: true, error: undefined };
+        }
+        let error = "unknown";
+        if (response.status === 400) {
+            error = "already_referred";
+        }
+        else if (response.status === 404) {
+            error = "not_found";
+        }
+        return { success: false, error };
+    }
+    return { submitReferralCode };
+}
+// ===== Utilities =====
+/**
+ * 检查用户是否需要完成邀请码步骤
+ *
+ * 仅检查用户状态，不包含 feature flag 判断（由应用层控制）
+ */
+export function needsReferral(user, options) {
+    if (!user)
+        return false;
+    if (user.emailVerified !== true)
+        return false;
+    const skipRoles = options?.skipRoles ?? ["admin"];
+    if (user.role && skipRoles.includes(user.role))
+        return false;
+    const { referredBy } = user;
+    return !referredBy || referredBy.trim() === "";
+}
+/**
+ * 提取用户的邀请码相关字段
+ */
+export function getReferralFields(user) {
+    return {
+        referralCode: user?.referralCode,
+        referredBy: user?.referredBy,
+    };
+}

package/dist/store/actions.d.ts

@@ -1,85 +1,88 @@
 /**
- * 认证 Actions
+ * 认证状态 Actions
+ *
+ * 只负责状态管理，不包含业务逻辑
+ * 业务逻辑在 services/auth-service.ts 中
  */
 import type { Observable } from "@legendapp/state";
-import type { AuthClientMethods, AuthConfig, AuthState, SessionUser } from "../types";
+import type { AuthState, SessionUser } from "../types";
 import type { TokenStorage } from "../api";
 /**
- * 创建认证 Actions
+ * 创建状态管理 Actions
+ *
+ * 这些是纯粹的状态操作，不涉及 API 调用或业务逻辑
  */
-export declare function createAuthActions(authStore: Observable<AuthState>, tokenStorage: TokenStorage, config: AuthConfig, authClient: AuthClientMethods): {
+export declare function createStoreActions(authStore: Observable<AuthState>, tokenStorage: TokenStorage): {
     /**
-     * 初始化认证状态
+     * 获取当前用户
      */
-    initialize(user: SessionUser | null, isLoaded: boolean): Promise<void>;
+    getUser(): SessionUser | null;
     /**
-     * 使用 Bearer Token 获取 session
+     * 获取当前用户 ID
      */
-    fetchSessionWithToken(token: string): Promise<void>;
+    getUserId(): string | null;
     /**
-     * 处理未授权
+     * 检查是否已认证
      */
-    handleUnauthorized(): void;
+    isAuthenticated(): boolean;
+    /**
+     * 检查是否正在加载
+     */
+    isLoading(): boolean;
+    /**
+     * 检查是否已加载完成
+     */
+    isLoaded(): boolean;
+    /**
+     * 设置用户
+     */
+    setUser(user: SessionUser | null): void;
+    /**
+     * 更新用户（合并）
+     */
+    updateUser(updates: Partial<SessionUser>): void;
     /**
      * 设置加载状态
      */
     setLoading(loading: boolean): void;
     /**
-     * 设置错误信息
+     * 设置已加载状态
      */
-    setError(error: string | null): void;
+    setLoaded(loaded: boolean): void;
     /**
-     * OAuth 登录
-     *
-     * 直接调用 better-auth 的 signIn.social，传入完整的回调 URL
-     *
-     * @param provider - OAuth 提供商（如 github）
-     * @param callbackURL - 登录成功后的完整回调 URL
-     * @param newUserCallbackURL - 新用户的回调 URL（可选）
-     * @param errorCallbackURL - 登录失败后的完整回调 URL（可选）
+     * 设置错误
      */
-    signIn(provider: string, callbackURL: string, newUserCallbackURL?: string, errorCallbackURL?: string): Promise<void>;
+    setError(error: string | null): void;
     /**
-     * Magic Link 登录
-     *
-     * 发送 Magic Link 到用户邮箱
-     *
-     * @param email - 用户邮箱
-     * @param callbackURL - 登录成功后的完整回调 URL
-     * @param name - 用户名称（可选，用于新用户）
-     * @param newUserCallbackURL - 新用户的回调 URL（可选）
-     * @returns 是否发送成功
+     * 设置认证成功状态
      */
-    signInWithMagicLink(email: string, callbackURL: string, name?: string, newUserCallbackURL?: string): Promise<boolean>;
+    setAuthenticated(user: SessionUser): void;
     /**
-     * Email/Password 登录
-     *
-     * @param email - 邮箱
-     * @param password - 密码
-     * @returns 是否登录成功
+     * 清除认证状态
      */
-    signInWithEmail(email: string, password: string): Promise<boolean>;
+    clearAuth(): void;
     /**
-     * Email/Password 注册
-     *
-     * @param email - 邮箱
-     * @param password - 密码
-     * @param name - 用户名
-     * @returns 是否注册成功
+     * 处理未授权
      */
-    signUpWithEmail(email: string, password: string, name: string): Promise<boolean>;
+    handleUnauthorized(): void;
     /**
-     * 登出
+     * 更新活跃组织 ID
      */
-    signOut(redirectTo?: string): Promise<void>;
+    setActiveOrganizationId(organizationId: string | null | undefined): void;
     /**
-     * 更新用户信息
+     * 更新活跃团队 ID
      */
-    updateUser(user: SessionUser | null): void;
+    setActiveTeamId(teamId: string | null | undefined): void;
     /**
-     * 获取当前用户
+     * 初始化认证状态
      */
-    getUser(): SessionUser | null;
+    initialize(user: SessionUser | null, isLoaded: boolean): void;
 };
-export type AuthActions = ReturnType<typeof createAuthActions>;
+export type StoreActions = ReturnType<typeof createStoreActions>;
+/**
+ * @deprecated 使用 createStoreActions 代替
+ * 保留此函数以保持向后兼容性
+ */
+export { createStoreActions as createAuthActions };
+export type { StoreActions as AuthActions };
 //# sourceMappingURL=actions.d.ts.map

package/dist/store/actions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../src/store/actions.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AACrF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAG1C;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,EAChC,YAAY,EAAE,YAAY,EAC1B,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,iBAAiB;IAS3B;;OAEG;qBACoB,WAAW,GAAG,IAAI,YAAY,OAAO;IAe5D;;OAEG;iCACgC,MAAM;IAgDzC;;OAEG;;IAcH;;OAEG;wBACiB,OAAO;IAI3B;;OAEG;oBACa,MAAM,GAAG,IAAI;IAI7B;;;;;;;;;OASG;qBACoB,MAAM,eAAe,MAAM,uBAAuB,MAAM,qBAAqB,MAAM;IAsB1G;;;;;;;;;;OAUG;+BAEM,MAAM,eACA,MAAM,SACZ,MAAM,uBACQ,MAAM,GAC1B,OAAO,CAAC,OAAO,CAAC;IA+BnB;;;;;;OAMG;2BAC0B,MAAM,YAAY,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAuCxE;;;;;;;OAOG;2BAEM,MAAM,YACH,MAAM,QACV,MAAM,GACX,OAAO,CAAC,OAAO,CAAC;IAuCnB;;OAEG;yBACwB,MAAM;IA6BjC;;OAEG;qBACc,WAAW,GAAG,IAAI;IAUnC;;OAEG;eACQ,WAAW,GAAG,IAAI;EAIhC;AAED,MAAM,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,iBAAiB,CAAC,CAAA"}
+{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../src/store/actions.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AACtD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,EAChC,YAAY,EAAE,YAAY;IAOxB;;OAEG;eACQ,WAAW,GAAG,IAAI;IAI7B;;OAEG;iBACU,MAAM,GAAG,IAAI;IAI1B;;OAEG;uBACgB,OAAO;IAI1B;;OAEG;iBACU,OAAO;IAIpB;;OAEG;gBACS,OAAO;IAQnB;;OAEG;kBACW,WAAW,GAAG,IAAI;IAKhC;;OAEG;wBACiB,OAAO,CAAC,WAAW,CAAC;IAOxC;;OAEG;wBACiB,OAAO;IAI3B;;OAEG;sBACe,OAAO;IAOzB;;OAEG;oBACa,MAAM,GAAG,IAAI;IAI7B;;OAEG;2BACoB,WAAW;IAQlC;;OAEG;;IASH;;OAEG;;IASH;;OAEG;4CACqC,MAAM,GAAG,IAAI,GAAG,SAAS;IAUjE;;OAEG;4BACqB,MAAM,GAAG,IAAI,GAAG,SAAS;IAcjD;;OAEG;qBACc,WAAW,GAAG,IAAI,YAAY,OAAO;EAWzD;AAED,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAA;AAMhE;;;GAGG;AACH,OAAO,EAAE,kBAAkB,IAAI,iBAAiB,EAAE,CAAA;AAClD,YAAY,EAAE,YAAY,IAAI,WAAW,EAAE,CAAA"}

package/dist/store/actions.js

@@ -1,91 +1,67 @@
 /**
- * 认证 Actions
+ * 认证状态 Actions
+ *
+ * 只负责状态管理，不包含业务逻辑
+ * 业务逻辑在 services/auth-service.ts 中
  */
-import { extractSessionUser } from "../utils";
 /**
- * 创建认证 Actions
+ * 创建状态管理 Actions
+ *
+ * 这些是纯粹的状态操作，不涉及 API 调用或业务逻辑
  */
-export function createAuthActions(authStore, tokenStorage, config, authClient) {
-    const { baseURL, getSessionEndpoint = "/v1/auth/get-session", skipTokenCleanupOnError = false, } = config;
+export function createStoreActions(authStore, tokenStorage) {
     return {
+        // ============================================================
+        // 状态读取
+        // ============================================================
         /**
-         * 初始化认证状态
+         * 获取当前用户
          */
-        async initialize(user, isLoaded) {
-            const storedToken = tokenStorage.get();
-            if (!user && storedToken) {
-                await this.fetchSessionWithToken(storedToken);
-            }
-            else if (user) {
-                authStore.user.set(user);
-                authStore.isAuthenticated.set(true);
-            }
-            else {
-                authStore.user.set(null);
-                authStore.isAuthenticated.set(false);
-            }
-            authStore.isLoaded.set(isLoaded);
-            authStore.loading.set(!isLoaded);
+        getUser() {
+            return authStore.user.get();
         },
         /**
-         * 使用 Bearer Token 获取 session
+         * 获取当前用户 ID
          */
-        async fetchSessionWithToken(token) {
-            try {
-                if (!token) {
-                    throw new Error("Token is required");
-                }
-                tokenStorage.save(token);
-                const endpoint = `${baseURL}${getSessionEndpoint}`;
-                const response = await fetch(endpoint, {
-                    method: "GET",
-                    headers: {
-                        Authorization: `Bearer ${token}`,
-                        "Content-Type": "application/json",
-                    },
-                });
-                if (!response.ok) {
-                    throw new Error(`Failed to fetch session: ${response.status}`);
-                }
-                const responseText = await response.text();
-                let sessionData = null;
-                try {
-                    if (responseText && responseText !== "null" && responseText !== "") {
-                        sessionData = JSON.parse(responseText);
-                    }
-                }
-                catch {
-                    this.handleUnauthorized();
-                    return;
-                }
-                const userData = extractSessionUser(sessionData);
-                if (userData) {
-                    authStore.user.set(userData);
-                    authStore.isAuthenticated.set(true);
-                    authStore.isLoaded.set(true);
-                    authStore.loading.set(false);
-                }
-                else {
-                    this.handleUnauthorized();
-                }
-            }
-            catch {
-                this.handleUnauthorized();
-            }
+        getUserId() {
+            return authStore.user.get()?.id ?? null;
         },
         /**
-         * 处理未授权
+         * 检查是否已认证
          */
-        handleUnauthorized() {
-            authStore.user.set(null);
-            authStore.isAuthenticated.set(false);
-            authStore.isLoaded.set(true);
-            authStore.loading.set(false);
-            if (skipTokenCleanupOnError) {
-                console.warn("[Auth] Token cleanup skipped (skipTokenCleanupOnError is enabled)");
-                return;
+        isAuthenticated() {
+            return authStore.isAuthenticated.get();
+        },
+        /**
+         * 检查是否正在加载
+         */
+        isLoading() {
+            return authStore.loading.get();
+        },
+        /**
+         * 检查是否已加载完成
+         */
+        isLoaded() {
+            return authStore.isLoaded.get();
+        },
+        // ============================================================
+        // 状态更新
+        // ============================================================
+        /**
+         * 设置用户
+         */
+        setUser(user) {
+            authStore.user.set(user);
+            authStore.isAuthenticated.set(user !== null);
+        },
+        /**
+         * 更新用户（合并）
+         */
+        updateUser(updates) {
+            const currentUser = authStore.user.get();
+            if (currentUser) {
+                authStore.user.set({ ...currentUser, ...updates });
             }
-            tokenStorage.clear();
         },
         /**
          * 设置加载状态
@@ -94,205 +70,97 @@ export function createAuthActions(authStore, tokenStorage, config, authClient) {
             authStore.loading.set(loading);
         },
         /**
-         * 设置错误信息
+         * 设置已加载状态
+         */
+        setLoaded(loaded) {
+            authStore.isLoaded.set(loaded);
+            if (loaded) {
+                authStore.loading.set(false);
+            }
+        },
+        /**
+         * 设置错误
          */
         setError(error) {
             authStore.error.set(error);
         },
         /**
-         * OAuth 登录
-         *
-         * 直接调用 better-auth 的 signIn.social，传入完整的回调 URL
-         *
-         * @param provider - OAuth 提供商（如 github）
-         * @param callbackURL - 登录成功后的完整回调 URL
-         * @param newUserCallbackURL - 新用户的回调 URL（可选）
-         * @param errorCallbackURL - 登录失败后的完整回调 URL（可选）
+         * 设置认证成功状态
          */
-        async signIn(provider, callbackURL, newUserCallbackURL, errorCallbackURL) {
-            if (authStore.loading.get()) {
-                return;
-            }
-            try {
-                authStore.loading.set(true);
-                authStore.error.set(null);
-                await authClient.signIn.social({
-                    provider,
-                    callbackURL,
-                    newUserCallbackURL,
-                    errorCallbackURL,
-                });
-            }
-            catch (error) {
-                const message = error instanceof Error ? error.message : "Sign in failed";
-                authStore.error.set(message);
-                authStore.loading.set(false);
-            }
+        setAuthenticated(user) {
+            authStore.user.set(user);
+            authStore.isAuthenticated.set(true);
+            authStore.isLoaded.set(true);
+            authStore.loading.set(false);
+            authStore.error.set(null);
         },
         /**
-         * Magic Link 登录
-         *
-         * 发送 Magic Link 到用户邮箱
-         *
-         * @param email - 用户邮箱
-         * @param callbackURL - 登录成功后的完整回调 URL
-         * @param name - 用户名称（可选，用于新用户）
-         * @param newUserCallbackURL - 新用户的回调 URL（可选）
-         * @returns 是否发送成功
+         * 清除认证状态
          */
-        async signInWithMagicLink(email, callbackURL, name, newUserCallbackURL) {
-            if (authStore.loading.get()) {
-                return false;
-            }
-            if (!authClient.signIn.magicLink) {
-                authStore.error.set("Magic link is not available. Please add magicLinkClient() plugin.");
-                return false;
-            }
-            try {
-                authStore.loading.set(true);
-                authStore.error.set(null);
-                await authClient.signIn.magicLink({
-                    email,
-                    name,
-                    callbackURL,
-                    newUserCallbackURL,
-                });
-                authStore.loading.set(false);
-                return true;
-            }
-            catch (error) {
-                const message = error instanceof Error ? error.message : "Failed to send magic link";
-                authStore.error.set(message);
-                authStore.loading.set(false);
-                return false;
-            }
+        clearAuth() {
+            authStore.user.set(null);
+            authStore.isAuthenticated.set(false);
+            authStore.isLoaded.set(true);
+            authStore.loading.set(false);
+            tokenStorage.clear();
         },
         /**
-         * Email/Password 登录
-         *
-         * @param email - 邮箱
-         * @param password - 密码
-         * @returns 是否登录成功
+         * 处理未授权
          */
-        async signInWithEmail(email, password) {
-            if (authStore.loading.get()) {
-                return false;
-            }
-            if (!authClient.signIn.email) {
-                authStore.error.set("Email sign in is not available.");
-                return false;
-            }
-            try {
-                authStore.loading.set(true);
-                authStore.error.set(null);
-                await authClient.signIn.email({ email, password }, {
-                    onSuccess: (context) => {
-                        const token = context.response.headers.get("set-auth-token");
-                        if (token) {
-                            tokenStorage.save(token);
-                        }
-                    },
-                    onError: (context) => {
-                        authStore.error.set(context.error.message || "Login failed");
-                    },
-                });
-                authStore.loading.set(false);
-                return true;
-            }
-            catch (error) {
-                const message = error instanceof Error ? error.message : "Login failed";
-                authStore.error.set(message);
-                authStore.loading.set(false);
-                return false;
-            }
+        handleUnauthorized() {
+            this.clearAuth();
         },
+        // ============================================================
+        // Active 状态更新
+        // ============================================================
         /**
-         * Email/Password 注册
-         *
-         * @param email - 邮箱
-         * @param password - 密码
-         * @param name - 用户名
-         * @returns 是否注册成功
+         * 更新活跃组织 ID
          */
-        async signUpWithEmail(email, password, name) {
-            if (authStore.loading.get()) {
-                return false;
-            }
-            if (!authClient.signUp?.email) {
-                authStore.error.set("Email sign up is not available.");
-                return false;
-            }
-            try {
-                authStore.loading.set(true);
-                authStore.error.set(null);
-                await authClient.signUp.email({ email, password, name }, {
-                    onSuccess: (context) => {
-                        const token = context.response.headers.get("set-auth-token");
-                        if (token) {
-                            tokenStorage.save(token);
-                        }
-                    },
-                    onError: (context) => {
-                        authStore.error.set(context.error.message || "Sign up failed");
-                    },
+        setActiveOrganizationId(organizationId) {
+            const currentUser = authStore.user.get();
+            if (currentUser) {
+                authStore.user.set({
+                    ...currentUser,
+                    activeOrganizationId: organizationId ?? undefined,
                 });
-                authStore.loading.set(false);
-                return true;
-            }
-            catch (error) {
-                const message = error instanceof Error ? error.message : "Sign up failed";
-                authStore.error.set(message);
-                authStore.loading.set(false);
-                return false;
             }
         },
         /**
-         * 登出
+         * 更新活跃团队 ID
          */
-        async signOut(redirectTo) {
-            if (authStore.loading.get()) {
-                return;
-            }
-            try {
-                authStore.loading.set(true);
-                authStore.error.set(null);
-                await authClient.signOut();
-                authStore.user.set(null);
-                authStore.isAuthenticated.set(false);
-                tokenStorage.clear();
-                if (redirectTo) {
-                    window.location.href = redirectTo;
-                }
-            }
-            catch (error) {
-                const message = error instanceof Error ? error.message : "Sign out failed";
-                authStore.error.set(message);
-                authStore.user.set(null);
-                authStore.isAuthenticated.set(false);
-                tokenStorage.clear();
-            }
-            finally {
-                authStore.loading.set(false);
+        setActiveTeamId(teamId) {
+            const currentUser = authStore.user.get();
+            if (currentUser) {
+                authStore.user.set({
+                    ...currentUser,
+                    activeTeamId: teamId ?? undefined,
+                });
             }
         },
+        // ============================================================
+        // 初始化
+        // ============================================================
         /**
-         * 更新用户信息
+         * 初始化认证状态
          */
-        updateUser(user) {
+        initialize(user, isLoaded) {
             if (user) {
-                authStore.user.set(user);
-                authStore.isAuthenticated.set(true);
+                this.setAuthenticated(user);
             }
             else {
                 authStore.user.set(null);
                 authStore.isAuthenticated.set(false);
             }
-        },
-        /**
-         * 获取当前用户
-         */
-        getUser() {
-            return authStore.user.get();
+            authStore.isLoaded.set(isLoaded);
+            authStore.loading.set(!isLoaded);
         },
     };
 }
+// ============================================================
+// 兼容性导出（保持向后兼容）
+// ============================================================
+/**
+ * @deprecated 使用 createStoreActions 代替
+ * 保留此函数以保持向后兼容性
+ */
+export { createStoreActions as createAuthActions };