@choiceform/shared-auth 0.1.6 → 0.1.8

package/README.md

@@ -36,6 +36,7 @@ VITE_AUTH_API_URL=http://localhost:4320
 ### 伴生团队功能
 
 `AuthSync` 组件会在用户登录成功后自动：
+
 1. 从 OneAuth API 获取用户的组织信息
 2. 设置活动组织
 3. 设置活动团队（如果存在）
@@ -170,6 +171,7 @@ function LoginPage() {
 Better Auth 认证状态同步组件。
 
 **功能：**
+
 - 同步 better-auth 的 session 状态到应用 store
 - 在用户登录成功后自动设置伴生团队（活动组织和团队）
 - 使用响应式状态监听，确保状态同步的实时性
@@ -475,6 +477,7 @@ A: 可以使用 `createAuth` 替代 `initAuth`，它提供更多配置选项，
 ### Q: 伴生团队功能是什么？
 
 A: 在用户登录成功后，`AuthSync` 组件会自动：
+
 - 从 OneAuth API (`/v1/organizations/me`) 获取用户的组织信息
 - 调用 better-auth API 设置活动组织 (`/v1/auth/organization/set-active`)
 - 调用 better-auth API 设置活动团队 (`/v1/auth/organization/set-active-team`)
@@ -485,8 +488,32 @@ A: 在用户登录成功后，`AuthSync` 组件会自动：
 
 A: 不配置 `VITE_AUTH_API_URL` 环境变量即可。功能会静默跳过。
 
+## Token 存储机制
+
+### Token 编码
+
+为了确保 token 在 localStorage 中安全存储，系统会在存储时自动使用 `encodeURIComponent` 进行编码：
+
+- **存储时**：token 会自动编码后存储到 localStorage
+- **读取时**：token 从 localStorage 读取后直接使用（编码后的值）
+- **发送请求时**：在构建 Authorization header 时会再次使用 `encodeURIComponent` 编码
+
+这种双重编码机制确保了：
+
+1. localStorage 中存储的是编码后的安全值
+2. API 请求时 token 会被正确编码传输
+
+### Token 存储位置
+
+Token 默认存储在 localStorage 中，key 为 `auth-token`（可通过 `tokenStorageKey` 配置项自定义）。
+
 ## 更新日志
 
+### v0.1.6
+
+- 🔧 改进：Token 存储时使用 `encodeURIComponent` 编码，确保 localStorage 中安全存储
+- 📝 改进：完善 Token 存储机制文档说明
+
 ### v0.1.2
 
 - ✨ 新增：登录时自动获取并设置伴生团队功能

package/dist/components/auth-sync.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-sync.d.ts","sourceRoot":"","sources":["../../src/components/auth-sync.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAuS3C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,QAAQ,CAAC,EAAE,IAAI,EAAE,EAAE;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,QA0FxD"}
+{"version":3,"file":"auth-sync.d.ts","sourceRoot":"","sources":["../../src/components/auth-sync.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAoS3C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,QAAQ,CAAC,EAAE,IAAI,EAAE,EAAE;IAAE,IAAI,EAAE,YAAY,CAAA;CAAE,QA0FxD"}

package/dist/components/auth-sync.js

@@ -114,8 +114,6 @@ async function setupCompanionTeam(auth, token, refetchSession) {
             }
             return;
         }
-        // 4. Token 编码（与 fetchSessionWithToken 保持一致）
-        const encodedToken = encodeURIComponent(oneAuthToken);
         // 5. 获取组织信息
         const myOrganizationUrl = `${oneAuthBaseUrl}/v1/organizations/me`;
         if (isDev) {
@@ -123,7 +121,7 @@ async function setupCompanionTeam(auth, token, refetchSession) {
         }
         const orgResponse = await fetch(myOrganizationUrl, {
             headers: {
-                Authorization: `Bearer ${encodedToken}`,
+                Authorization: `Bearer ${oneAuthToken}`,
                 "Content-Type": "application/json",
             },
         });
@@ -158,7 +156,7 @@ async function setupCompanionTeam(auth, token, refetchSession) {
         const setActiveOrgResponse = await fetch(setActiveOrgUrl, {
             method: "POST",
             headers: {
-                Authorization: `Bearer ${encodedToken}`,
+                Authorization: `Bearer ${oneAuthToken}`,
                 "Content-Type": "application/json",
             },
             body: JSON.stringify({ organizationId: organization.id }),
@@ -178,7 +176,7 @@ async function setupCompanionTeam(auth, token, refetchSession) {
                 const setActiveTeamResponse = await fetch(setActiveTeamUrl, {
                     method: "POST",
                     headers: {
-                        Authorization: `Bearer ${encodedToken}`,
+                        Authorization: `Bearer ${oneAuthToken}`,
                         "Content-Type": "application/json",
                     },
                     body: JSON.stringify({ teamId: firstTeam.id }),
@@ -199,7 +197,7 @@ async function setupCompanionTeam(auth, token, refetchSession) {
                     const getSessionUrl = `${authBaseURL}/v1/auth/get-session`;
                     const sessionResponse = await fetch(getSessionUrl, {
                         headers: {
-                            Authorization: `Bearer ${encodedToken}`,
+                            Authorization: `Bearer ${oneAuthToken}`,
                             "Content-Type": "application/json",
                         },
                     });

package/dist/components/sign-in-page.d.ts

@@ -1,49 +1,20 @@
 import React from "react";
 import type { AuthInstance } from "../core";
 interface SignInPageProps {
+    afterElement?: React.ReactNode;
     auth: AuthInstance;
-    /**
-     * 自定义样式类名
-     */
+    beforeElement?: React.ReactNode;
     className?: string;
-    /**
-     * 描述
-     */
     description?: string;
-    /**
-     * 自定义 Logo 组件
-     */
-    logo?: React.ReactNode;
-    /**
-     * OAuth 提供商
-     * @default 'github'
-     */
+    footerText?: React.ReactNode;
+    githubButton?: (isSigningIn: boolean) => React.ReactNode;
     provider?: string;
-    /**
-     * 登录成功后的重定向路径
-     * @default '/explore'
-     */
     redirectAfterLogin?: string;
-    /**
-     * 登录按钮图标
-     */
-    signInButtonIcon?: React.ReactNode;
-    /**
-     * 登录按钮文本
-     */
-    signInButtonText?: string;
-    /**
-     * 登录中按钮文本
-     */
-    signingInButtonText?: string;
-    /**
-     * 标题
-     */
     title?: string;
 }
 /**
  * 登录页面组件
  */
-export declare function SignInPage({ auth, redirectAfterLogin, provider, logo, title, description, signInButtonText, signingInButtonText, signInButtonIcon, className, }: SignInPageProps): import("react/jsx-runtime").JSX.Element;
+export declare function SignInPage({ afterElement, auth, beforeElement, redirectAfterLogin, provider, title, description, githubButton, className, footerText, }: SignInPageProps): import("react/jsx-runtime").JSX.Element;
 export {};
 //# sourceMappingURL=sign-in-page.d.ts.map

package/dist/components/sign-in-page.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sign-in-page.d.ts","sourceRoot":"","sources":["../../src/components/sign-in-page.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA8B,MAAM,OAAO,CAAA;AAIlD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C,UAAU,eAAe;IACvB,IAAI,EAAE,YAAY,CAAA;IAClB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB;;OAEG;IACH,IAAI,CAAC,EAAE,KAAK,CAAC,SAAS,CAAA;IACtB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B;;OAEG;IACH,gBAAgB,CAAC,EAAE,KAAK,CAAC,SAAS,CAAA;IAClC;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,EACzB,IAAI,EACJ,kBAA+B,EAC/B,QAAmB,EACnB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,gBAAwC,EACxC,mBAAgD,EAChD,gBAAgB,EAChB,SAAS,GACV,EAAE,eAAe,2CAyDjB"}
+{"version":3,"file":"sign-in-page.d.ts","sourceRoot":"","sources":["../../src/components/sign-in-page.tsx"],"names":[],"mappings":"AAEA,OAAO,KAA8B,MAAM,OAAO,CAAA;AAElD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C,UAAU,eAAe;IACvB,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;IAC/B,IAAI,EAAE,YAAY,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;IAC7B,YAAY,CAAC,EAAE,CAAC,WAAW,EAAE,OAAO,KAAK,KAAK,CAAC,SAAS,CAAC;IACzD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,EACzB,YAAY,EACZ,IAAI,EACJ,aAAa,EACb,kBAA+B,EAC/B,QAAmB,EACnB,KAAK,EACL,WAAW,EACX,YAAY,EACZ,SAAS,EACT,UAAU,GACX,EAAE,eAAe,2CAgDjB"}

package/dist/components/sign-in-page.js

@@ -1,12 +1,12 @@
 import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { Slot } from "@choiceform/design-system";
+import { use$ } from "@legendapp/state/react";
 import { useEffect, useState } from "react";
 import { useNavigate } from "react-router";
-import { use$ } from "@legendapp/state/react";
-import { Button } from "@choiceform/design-system";
 /**
  * 登录页面组件
  */
-export function SignInPage({ auth, redirectAfterLogin = "/explore", provider = "github", logo, title, description, signInButtonText = "Sign in with GitHub", signingInButtonText = "Redirecting to GitHub...", signInButtonIcon, className, }) {
+export function SignInPage({ afterElement, auth, beforeElement, redirectAfterLogin = "/explore", provider = "github", title, description, githubButton, className, footerText, }) {
     const navigate = useNavigate();
     const { authStore, authActions } = auth;
     const { isAuthenticated, error } = use$(authStore);
@@ -29,5 +29,5 @@ export function SignInPage({ auth, redirectAfterLogin = "/explore", provider = "
             setIsSigningIn(false);
         }
     };
-    return (_jsx("div", { className: className || "flex min-h-screen items-center justify-center bg-gray-50 dark:bg-gray-900", children: _jsxs("div", { className: "w-full max-w-md space-y-8", children: [logo && (_jsxs("div", { className: "mb-8", children: [_jsx("div", { className: "flex items-center gap-2", children: logo }), title && (_jsxs("div", { className: "p-4", children: [title && _jsx("p", { className: "text-heading-large mt-2", children: title }), description && (_jsx("p", { className: "text-secondary-foreground text-body-large mt-2", children: description }))] }))] })), _jsxs("div", { className: "flex flex-col items-start justify-start gap-2 p-4", children: [_jsxs(Button, { onClick: handleSignIn, disabled: isSigningIn, loading: isSigningIn, size: "large", children: [signInButtonIcon && _jsx("span", { className: "flex items-center", children: signInButtonIcon }), _jsx("span", { children: isSigningIn ? signingInButtonText : signInButtonText })] }), error && _jsx("p", { className: "text-danger-foreground", children: error })] })] }) }));
+    return (_jsxs("div", { className: className, children: [beforeElement, title && (_jsxs("div", { className: "flex flex-col gap-2", children: [title && _jsx("p", { className: "text-heading-large", children: title }), description && (_jsx("p", { className: "text-secondary-foreground text-body-large", children: description }))] })), provider === "github" && (_jsx(Slot, { onClick: handleSignIn, children: githubButton?.(isSigningIn) })), error && _jsx("p", { className: "text-danger-foreground mt-2", children: error }), footerText, afterElement] }));
 }

package/dist/hooks/use-auth-init.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"use-auth-init.d.ts","sourceRoot":"","sources":["../../src/hooks/use-auth-init.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,YAAY,QAqC7C"}
+{"version":3,"file":"use-auth-init.d.ts","sourceRoot":"","sources":["../../src/hooks/use-auth-init.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3C;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,YAAY,QAyC7C"}

package/dist/hooks/use-auth-init.js

@@ -9,8 +9,11 @@ export function useAuthInit(auth) {
             const { authActions, tokenStorage } = auth;
             // 检查 URL 中的 token
             const urlParams = new URLSearchParams(window.location.search);
-            const tokenFromUrl = urlParams.get("token");
+            let tokenFromUrl = urlParams.get("token");
             if (tokenFromUrl) {
+                if (decodeURIComponent(tokenFromUrl) === tokenFromUrl) {
+                    tokenFromUrl = encodeURIComponent(tokenFromUrl);
+                }
                 // 立即清理 URL 中的 token 参数（避免暴露）
                 urlParams.delete("token");
                 const newUrl = urlParams.toString()

package/dist/store/actions.js

@@ -104,7 +104,7 @@ export function createAuthActions(authStore, tokenStorage, config, authClient) {
                 const response = await fetch(endpoint, {
                     method: "GET",
                     headers: {
-                        Authorization: `Bearer ${encodeURIComponent(token)}`,
+                        Authorization: `Bearer ${token}`,
                         "Content-Type": "application/json",
                     },
                 });

package/dist/store/state.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/store/state.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAEzC;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE;IAAE,eAAe,EAAE,MAAM,CAAA;CAAE;;;oBAyBnD,MAAM,GAAG,IAAI;eAelB,MAAM,GAAG,IAAI;;;EAavB;AAED,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC,cAAc,CAAC,CAAA"}
+{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/store/state.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAEzC;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE;IAAE,eAAe,EAAE,MAAM,CAAA;CAAE;;;oBAyBnD,MAAM,GAAG,IAAI;eAclB,MAAM,GAAG,IAAI;;;EAavB;AAED,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC,cAAc,CAAC,CAAA"}

package/dist/store/state.js

@@ -29,8 +29,7 @@ export function createAuthStore(config) {
         save(token) {
             try {
                 if (token) {
-                    const encodedToken = encodeURIComponent(token);
-                    localStorage.setItem(tokenStorageKey, encodedToken);
+                    localStorage.setItem(tokenStorageKey, token);
                     authStore.token.set(token);
                 }
                 else {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@choiceform/shared-auth",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "Shared authentication package for Choiceform projects",
   "type": "module",
   "main": "./dist/index.js",
@@ -20,7 +20,8 @@
     "build": "tsc",
     "dev": "tsc --watch",
     "clean": "rimraf dist",
-    "prepublishOnly": "pnpm run build"
+    "prepublishOnly": "pnpm run build",
+    "publish": "npm publish"
   },
   "repository": {
     "type": "git",