@classic-homes/auth 0.1.24 → 0.1.26

package/dist/chunk-MI4B4ZRK.js

@@ -0,0 +1,558 @@
+import { getConfig, getStorage, getFetch } from './chunk-DCGC6CNV.js';
+
+// src/core/client.ts
+var isRefreshing = false;
+var refreshSubscribers = [];
+function subscribeTokenRefresh(cb) {
+  refreshSubscribers.push(cb);
+}
+function onTokenRefreshed(token) {
+  refreshSubscribers.forEach((cb) => cb(token));
+  refreshSubscribers = [];
+}
+function getAccessToken() {
+  const config = getConfig();
+  const storage = getStorage();
+  const authData = storage.getItem(config.storageKey ?? "classic_auth");
+  if (!authData) return null;
+  try {
+    const parsed = JSON.parse(authData);
+    return parsed.accessToken ?? null;
+  } catch {
+    return null;
+  }
+}
+function getRefreshToken() {
+  const config = getConfig();
+  const storage = getStorage();
+  const authData = storage.getItem(config.storageKey ?? "classic_auth");
+  if (!authData) return null;
+  try {
+    const parsed = JSON.parse(authData);
+    return parsed.refreshToken ?? null;
+  } catch {
+    return null;
+  }
+}
+function getSessionToken() {
+  const storage = getStorage();
+  return storage.getItem("sessionToken");
+}
+function updateStoredTokens(accessToken, refreshToken) {
+  const config = getConfig();
+  const storage = getStorage();
+  const storageKey = config.storageKey ?? "classic_auth";
+  const authData = storage.getItem(storageKey);
+  let parsed = {};
+  if (authData) {
+    try {
+      parsed = JSON.parse(authData);
+    } catch {
+    }
+  }
+  parsed.accessToken = accessToken;
+  parsed.refreshToken = refreshToken;
+  storage.setItem(storageKey, JSON.stringify(parsed));
+  import('./auth.svelte-PKMR4LYT.js').then(({ authStore }) => {
+    authStore.updateTokens(accessToken, refreshToken);
+  }).catch(() => {
+  });
+  config.onTokenRefresh?.({ accessToken, refreshToken });
+}
+function clearStoredAuth() {
+  const config = getConfig();
+  const storage = getStorage();
+  storage.removeItem(config.storageKey ?? "classic_auth");
+  storage.removeItem("sessionToken");
+}
+async function refreshAccessToken() {
+  const refreshToken = getRefreshToken();
+  const config = getConfig();
+  const fetchFn = getFetch();
+  if (!refreshToken) {
+    return false;
+  }
+  try {
+    const response = await fetchFn(`${config.baseUrl}/auth/refresh`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({ refreshToken })
+    });
+    if (response.ok) {
+      const apiResponse = await response.json();
+      const data = apiResponse.data;
+      const tokens = data && typeof data === "object" && "data" in data ? data.data : data;
+      if (tokens?.accessToken && tokens?.refreshToken) {
+        updateStoredTokens(tokens.accessToken, tokens.refreshToken);
+        onTokenRefreshed(tokens.accessToken);
+        return true;
+      }
+    }
+  } catch (error) {
+    config.onAuthError?.(error instanceof Error ? error : new Error("Token refresh failed"));
+  }
+  return false;
+}
+function extractData(response) {
+  if (response && typeof response === "object" && "data" in response) {
+    const dataField = response.data;
+    if (dataField && typeof dataField === "object" && "data" in dataField) {
+      return dataField.data;
+    }
+    if (dataField !== void 0) {
+      return dataField;
+    }
+  }
+  return response;
+}
+async function apiRequest(endpoint, options = {}) {
+  const { authenticated = false, customFetch, body, ...fetchOptions } = options;
+  const config = getConfig();
+  const fetchFn = customFetch ?? getFetch();
+  const url = endpoint.startsWith("http") ? endpoint : `${config.baseUrl}${endpoint}`;
+  const headers = {
+    "Content-Type": "application/json",
+    ...fetchOptions.headers
+  };
+  if (authenticated) {
+    const accessToken = getAccessToken();
+    const sessionToken = getSessionToken();
+    if (accessToken) {
+      headers["Authorization"] = `Bearer ${accessToken}`;
+    }
+    if (sessionToken) {
+      headers["X-Session-Token"] = sessionToken;
+    }
+  }
+  try {
+    const response = await fetchFn(url, {
+      ...fetchOptions,
+      headers,
+      body: body ? JSON.stringify(body) : void 0
+    });
+    if (response.status === 401 && authenticated && typeof window !== "undefined") {
+      if (!isRefreshing) {
+        isRefreshing = true;
+        const refreshed = await refreshAccessToken();
+        isRefreshing = false;
+        if (refreshed) {
+          return apiRequest(endpoint, options);
+        } else {
+          clearStoredAuth();
+          config.onLogout?.();
+          throw new Error("Authentication failed. Please sign in again.");
+        }
+      } else {
+        return new Promise((resolve, reject) => {
+          subscribeTokenRefresh(() => {
+            apiRequest(endpoint, options).then(resolve).catch(reject);
+          });
+        });
+      }
+    }
+    const data = await response.json();
+    if (!response.ok) {
+      const dataObj = data;
+      const errorMessage = data.error?.message || (typeof dataObj.message === "string" ? dataObj.message : void 0) || data.meta?.message || (typeof dataObj.detail === "string" ? dataObj.detail : void 0) || "Request failed";
+      const error = new Error(errorMessage);
+      config.onAuthError?.(error);
+      throw error;
+    }
+    return data;
+  } catch (error) {
+    if (error instanceof Error) {
+      throw error;
+    }
+    throw new Error("API request failed");
+  }
+}
+var api = {
+  get: (endpoint, authenticated = false, customFetch) => apiRequest(endpoint, { method: "GET", authenticated, customFetch }),
+  post: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
+    method: "POST",
+    body,
+    authenticated,
+    customFetch
+  }),
+  put: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
+    method: "PUT",
+    body,
+    authenticated,
+    customFetch
+  }),
+  patch: (endpoint, body, authenticated = false, customFetch) => apiRequest(endpoint, {
+    method: "PATCH",
+    body,
+    authenticated,
+    customFetch
+  }),
+  delete: (endpoint, authenticated = false, customFetch, body) => apiRequest(endpoint, {
+    method: "DELETE",
+    body,
+    authenticated,
+    customFetch
+  })
+};
+
+// src/core/api.ts
+var authApi = {
+  // ============================================================================
+  // Authentication
+  // ============================================================================
+  /**
+   * Login with username and password.
+   */
+  async login(credentials) {
+    const response = await api.post("/auth/login", credentials);
+    return extractData(response);
+  },
+  /**
+   * Logout the current user.
+   * Returns SSO logout URL if applicable for SSO users.
+   */
+  async logout() {
+    try {
+      const response = await api.post("/auth/logout", {}, true);
+      return extractData(response);
+    } catch {
+      return { success: true };
+    }
+  },
+  /**
+   * Register a new user.
+   */
+  async register(data) {
+    const response = await api.post("/auth/register", data);
+    return extractData(response);
+  },
+  /**
+   * Request a password reset email.
+   */
+  async forgotPassword(email) {
+    await api.post("/auth/forgot-password", { email });
+  },
+  /**
+   * Reset password with a token.
+   */
+  async resetPassword(token, newPassword) {
+    await api.post("/auth/reset-password", { token, newPassword });
+  },
+  /**
+   * Refresh the access token.
+   */
+  async refreshToken(refreshToken) {
+    const response = await api.post("/auth/refresh", { refreshToken });
+    return extractData(response);
+  },
+  /**
+   * Initiate SSO login by redirecting to the SSO provider.
+   * @param options.callbackUrl - The URL where the SSO provider should redirect after auth
+   * @param options.redirectUrl - The final URL to redirect to after processing the callback
+   */
+  initiateSSOLogin(options) {
+    if (typeof window === "undefined") return;
+    const config = getConfig();
+    const authorizeUrl = config.sso?.authorizeUrl ?? `${config.baseUrl}/auth/sso/authorize`;
+    const params = new URLSearchParams();
+    if (options?.callbackUrl) {
+      params.set("callback", options.callbackUrl);
+    }
+    if (options?.redirectUrl) {
+      params.set("redirect", options.redirectUrl);
+    }
+    const url = params.toString() ? `${authorizeUrl}?${params}` : authorizeUrl;
+    window.location.href = url;
+  },
+  // ============================================================================
+  // Profile
+  // ============================================================================
+  /**
+   * Get the current user's profile.
+   */
+  async getProfile(customFetch) {
+    const response = await api.get("/auth/profile", true, customFetch);
+    return response;
+  },
+  /**
+   * Update the current user's profile.
+   */
+  async updateProfile(data) {
+    const response = await api.put("/auth/profile", data, true);
+    return extractData(response);
+  },
+  /**
+   * Change the current user's password.
+   */
+  async changePassword(data) {
+    await api.put("/auth/change-password", data, true);
+  },
+  // ============================================================================
+  // Email Verification
+  // ============================================================================
+  /**
+   * Resend email verification.
+   */
+  async resendVerification() {
+    await api.post("/auth/resend-verification", {}, true);
+  },
+  /**
+   * Verify email with a token.
+   */
+  async verifyEmail(token) {
+    const response = await api.post("/auth/verify-email", {
+      token
+    });
+    return extractData(response);
+  },
+  // ============================================================================
+  // Session Management
+  // ============================================================================
+  /**
+   * Get all active sessions.
+   */
+  async getSessions(customFetch) {
+    const response = await api.get(
+      "/auth/sessions",
+      true,
+      customFetch
+    );
+    return response;
+  },
+  /**
+   * Revoke a specific session.
+   */
+  async revokeSession(sessionId) {
+    await api.delete(`/auth/sessions/${sessionId}`, true);
+  },
+  /**
+   * Revoke all sessions except the current one.
+   */
+  async revokeAllSessions() {
+    await api.delete("/auth/sessions", true);
+  },
+  // ============================================================================
+  // API Key Management
+  // ============================================================================
+  /**
+   * Get all API keys.
+   */
+  async getApiKeys(customFetch) {
+    const response = await api.get("/auth/api-keys", true, customFetch);
+    return response;
+  },
+  /**
+   * Create a new API key.
+   */
+  async createApiKey(data) {
+    const response = await api.post("/auth/api-keys", data, true);
+    return extractData(response);
+  },
+  /**
+   * Revoke an API key.
+   */
+  async revokeApiKey(keyId) {
+    await api.delete(`/auth/api-keys/${keyId}`, true);
+  },
+  /**
+   * Update an API key's name.
+   */
+  async updateApiKey(keyId, data) {
+    await api.put(`/auth/api-keys/${keyId}`, data, true);
+  },
+  // ============================================================================
+  // MFA Management
+  // ============================================================================
+  /**
+   * Get MFA status for the current user.
+   */
+  async getMFAStatus() {
+    const response = await api.get("/auth/mfa/status", true);
+    return response;
+  },
+  /**
+   * Setup MFA (get QR code and backup codes).
+   */
+  async setupMFA() {
+    const response = await api.post("/auth/mfa-setup", {}, true);
+    return extractData(response);
+  },
+  /**
+   * Verify MFA setup with a code.
+   */
+  async verifyMFASetup(code) {
+    await api.post("/auth/mfa/verify", { code }, true);
+  },
+  /**
+   * Disable MFA.
+   */
+  async disableMFA(password) {
+    await api.delete("/auth/mfa", true, void 0, { password });
+  },
+  /**
+   * Regenerate MFA backup codes.
+   */
+  async regenerateBackupCodes(password) {
+    const response = await api.post(
+      "/auth/mfa/regenerate-backup-codes",
+      { password },
+      true
+    );
+    return extractData(response);
+  },
+  /**
+   * Verify MFA challenge during login.
+   */
+  async verifyMFAChallenge(data) {
+    const config = getConfig();
+    const fetchFn = config.fetch ?? fetch;
+    const requestBody = {
+      code: data.code,
+      type: data.method === "backup" ? "backup" : "totp",
+      trustDevice: data.trustDevice
+    };
+    const response = await fetchFn(`${config.baseUrl}/auth/mfa/challenge`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${data.mfaToken}`
+      },
+      body: JSON.stringify(requestBody)
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ message: "Verification failed" }));
+      throw new Error(error.error?.message || error.message || "Invalid verification code");
+    }
+    const result = await response.json();
+    return extractData(result);
+  },
+  // ============================================================================
+  // Device Management
+  // ============================================================================
+  /**
+   * Get all devices.
+   */
+  async getDevices(customFetch) {
+    const response = await api.get(
+      "/auth/devices",
+      true,
+      customFetch
+    );
+    return response;
+  },
+  /**
+   * Trust a device.
+   */
+  async trustDevice(deviceId) {
+    await api.put(`/auth/devices/${deviceId}/trust`, {}, true);
+  },
+  /**
+   * Revoke device trust.
+   */
+  async revokeDevice(deviceId) {
+    await api.delete(`/auth/devices/${deviceId}/revoke`, true);
+  },
+  /**
+   * Remove a device completely.
+   */
+  async removeDevice(deviceId) {
+    await api.delete(`/auth/devices/${deviceId}`, true);
+  },
+  /**
+   * Approve a device with a token.
+   */
+  async approveDevice(token) {
+    const response = await api.post("/auth/device/approve", {
+      token
+    });
+    return extractData(response);
+  },
+  /**
+   * Block a device with a token.
+   */
+  async blockDevice(token) {
+    const response = await api.post("/auth/device/block", {
+      token
+    });
+    return extractData(response);
+  },
+  // ============================================================================
+  // Preferences
+  // ============================================================================
+  /**
+   * Get user preferences.
+   */
+  async getPreferences(customFetch) {
+    const response = await api.get(
+      "/auth/preferences",
+      true,
+      customFetch
+    );
+    if (response && typeof response === "object" && "preferences" in response) {
+      return response.preferences;
+    }
+    return response ?? {};
+  },
+  /**
+   * Update user preferences.
+   */
+  async updatePreferences(data) {
+    await api.put("/auth/preferences", data, true);
+  },
+  // ============================================================================
+  // SSO / Linked Accounts
+  // ============================================================================
+  /**
+   * Get SSO linked accounts.
+   */
+  async getSSOAccounts(customFetch) {
+    const response = await api.get(
+      "/auth/sso/accounts",
+      true,
+      customFetch
+    );
+    if (response && typeof response === "object" && "accounts" in response) {
+      return response.accounts;
+    }
+    return Array.isArray(response) ? response : [];
+  },
+  /**
+   * Unlink an SSO account.
+   */
+  async unlinkSSOAccount(provider, password) {
+    await api.delete("/auth/sso/unlink", true, void 0, { provider, password });
+  },
+  /**
+   * Link an SSO account (redirects to SSO provider).
+   */
+  async linkSSOAccount(provider = "authentik") {
+    if (typeof window === "undefined") return;
+    const accessToken = getAccessToken();
+    if (!accessToken) {
+      throw new Error("Not authenticated");
+    }
+    const config = getConfig();
+    const params = new URLSearchParams({
+      token: accessToken,
+      provider
+    });
+    window.location.href = `${config.baseUrl}/auth/sso/link?${params.toString()}`;
+  },
+  // ============================================================================
+  // Security Events
+  // ============================================================================
+  /**
+   * Get security event history.
+   */
+  async getSecurityEvents(params, customFetch) {
+    const queryParams = new URLSearchParams();
+    if (params?.page) queryParams.append("page", params.page.toString());
+    if (params?.limit) queryParams.append("limit", params.limit.toString());
+    if (params?.type) queryParams.append("type", params.type);
+    const response = await api.get(`/auth/security/events?${queryParams.toString()}`, true, customFetch);
+    return extractData(response);
+  }
+};
+
+export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens };