@classic-homes/auth 0.1.24 → 0.1.26

package/dist/chunk-MY664247.js

@@ -0,0 +1,306 @@
+import { authApi } from './chunk-MI4B4ZRK.js';
+
+// src/core/guards.ts
+function isMfaChallengeResponse(response) {
+  return "requiresMFA" in response && response.requiresMFA === true || "mfaRequired" in response && response.mfaRequired === true;
+}
+function isLoginSuccessResponse(response) {
+  return "accessToken" in response && "user" in response && !isMfaChallengeResponse(response);
+}
+function getMfaToken(response) {
+  return response.mfaToken ?? response.mfaChallengeToken;
+}
+function getAvailableMethods(response) {
+  return response.availableMethods ?? ["totp"];
+}
+
+// src/core/service.ts
+var AuthService = class {
+  // ============================================================================
+  // Authentication
+  // ============================================================================
+  /**
+   * Login with username and password.
+   * By default, automatically sets the auth state on successful login (unless MFA is required).
+   * @param credentials - Username and password
+   * @param options - Optional settings for login behavior
+   */
+  async login(credentials, options) {
+    const response = await authApi.login(credentials);
+    if (options?.autoSetAuth !== false && !isMfaChallengeResponse(response)) {
+      try {
+        const { authStore } = await import('./auth.svelte-PKMR4LYT.js');
+        authStore.setAuth(
+          response.accessToken,
+          response.refreshToken,
+          response.user,
+          response.sessionToken
+        );
+      } catch {
+      }
+    }
+    return response;
+  }
+  /**
+   * Logout the current user.
+   * Returns SSO logout URL if applicable for SSO users.
+   */
+  async logout() {
+    return await authApi.logout();
+  }
+  /**
+   * Register a new user.
+   */
+  async register(data) {
+    return await authApi.register(data);
+  }
+  /**
+   * Request a password reset email.
+   */
+  async forgotPassword(email) {
+    await authApi.forgotPassword(email);
+  }
+  /**
+   * Reset password with a token.
+   */
+  async resetPassword(token, newPassword) {
+    await authApi.resetPassword(token, newPassword);
+  }
+  /**
+   * Change the current user's password.
+   */
+  async changePassword(currentPassword, newPassword) {
+    await authApi.changePassword({ currentPassword, newPassword });
+  }
+  /**
+   * Refresh the access token.
+   */
+  async refreshToken(refreshToken) {
+    return await authApi.refreshToken(refreshToken);
+  }
+  /**
+   * Initiate SSO login (redirects to SSO provider).
+   * @param options.callbackUrl - The URL where the SSO provider should redirect after auth
+   * @param options.redirectUrl - The final URL to redirect to after processing the callback
+   */
+  initiateSSOLogin(options) {
+    authApi.initiateSSOLogin(options);
+  }
+  // ============================================================================
+  // Profile
+  // ============================================================================
+  /**
+   * Get the current user's profile.
+   */
+  async getProfile(customFetch) {
+    return await authApi.getProfile(customFetch);
+  }
+  /**
+   * Update the current user's profile.
+   */
+  async updateProfile(data) {
+    return await authApi.updateProfile(data);
+  }
+  /**
+   * Resend email verification.
+   */
+  async resendVerification() {
+    await authApi.resendVerification();
+  }
+  /**
+   * Verify email with a token.
+   */
+  async verifyEmail(token) {
+    return await authApi.verifyEmail(token);
+  }
+  // ============================================================================
+  // Session Management
+  // ============================================================================
+  /**
+   * Get all active sessions.
+   */
+  async getSessions(customFetch) {
+    return await authApi.getSessions(customFetch);
+  }
+  /**
+   * Revoke a specific session.
+   */
+  async revokeSession(sessionId) {
+    await authApi.revokeSession(sessionId);
+  }
+  /**
+   * Revoke all sessions except the current one.
+   */
+  async revokeAllSessions() {
+    await authApi.revokeAllSessions();
+  }
+  // ============================================================================
+  // API Key Management
+  // ============================================================================
+  /**
+   * Get all API keys.
+   */
+  async getApiKeys(customFetch) {
+    return await authApi.getApiKeys(customFetch);
+  }
+  /**
+   * Create a new API key.
+   */
+  async createApiKey(data) {
+    return await authApi.createApiKey(data);
+  }
+  /**
+   * Revoke an API key.
+   */
+  async revokeApiKey(keyId) {
+    await authApi.revokeApiKey(keyId);
+  }
+  /**
+   * Update an API key's name.
+   */
+  async updateApiKey(keyId, name) {
+    await authApi.updateApiKey(keyId, { name });
+  }
+  // ============================================================================
+  // MFA Management
+  // ============================================================================
+  /**
+   * Get MFA status for the current user.
+   */
+  async getMFAStatus() {
+    return await authApi.getMFAStatus();
+  }
+  /**
+   * Setup MFA (get QR code and backup codes).
+   */
+  async setupMFA() {
+    return await authApi.setupMFA();
+  }
+  /**
+   * Verify MFA setup with a code.
+   */
+  async verifyMFASetup(code) {
+    await authApi.verifyMFASetup(code);
+  }
+  /**
+   * Disable MFA.
+   */
+  async disableMFA(password) {
+    await authApi.disableMFA(password);
+  }
+  /**
+   * Regenerate MFA backup codes.
+   */
+  async regenerateBackupCodes(password) {
+    return await authApi.regenerateBackupCodes(password);
+  }
+  /**
+   * Verify MFA challenge during login.
+   * By default, automatically sets the auth state on successful verification.
+   * @param data - MFA challenge data including token and code
+   * @param options - Optional settings for verification behavior
+   */
+  async verifyMFAChallenge(data, options) {
+    const response = await authApi.verifyMFAChallenge(data);
+    if (options?.autoSetAuth !== false) {
+      try {
+        const { authStore } = await import('./auth.svelte-PKMR4LYT.js');
+        authStore.setAuth(
+          response.accessToken,
+          response.refreshToken,
+          response.user,
+          response.sessionToken
+        );
+      } catch {
+      }
+    }
+    return response;
+  }
+  // ============================================================================
+  // Device Management
+  // ============================================================================
+  /**
+   * Get all devices.
+   */
+  async getDevices(customFetch) {
+    return await authApi.getDevices(customFetch);
+  }
+  /**
+   * Trust a device.
+   */
+  async trustDevice(deviceId) {
+    await authApi.trustDevice(deviceId);
+  }
+  /**
+   * Revoke device trust.
+   */
+  async revokeDevice(deviceId) {
+    await authApi.revokeDevice(deviceId);
+  }
+  /**
+   * Remove a device completely.
+   */
+  async removeDevice(deviceId) {
+    await authApi.removeDevice(deviceId);
+  }
+  /**
+   * Approve a device with a token.
+   */
+  async approveDevice(token) {
+    return await authApi.approveDevice(token);
+  }
+  /**
+   * Block a device with a token.
+   */
+  async blockDevice(token) {
+    return await authApi.blockDevice(token);
+  }
+  // ============================================================================
+  // Preferences
+  // ============================================================================
+  /**
+   * Get user preferences.
+   */
+  async getPreferences(customFetch) {
+    return await authApi.getPreferences(customFetch);
+  }
+  /**
+   * Update user preferences.
+   */
+  async updatePreferences(data) {
+    await authApi.updatePreferences(data);
+  }
+  // ============================================================================
+  // SSO / Linked Accounts
+  // ============================================================================
+  /**
+   * Get SSO linked accounts.
+   */
+  async getLinkedAccounts(customFetch) {
+    return await authApi.getSSOAccounts(customFetch);
+  }
+  /**
+   * Link an SSO account (redirects to SSO provider).
+   */
+  async linkAccount(provider = "authentik") {
+    await authApi.linkSSOAccount(provider);
+  }
+  /**
+   * Unlink an SSO account.
+   */
+  async unlinkAccount(provider, password) {
+    await authApi.unlinkSSOAccount(provider, password);
+  }
+  // ============================================================================
+  // Security Events
+  // ============================================================================
+  /**
+   * Get security event history.
+   */
+  async getSecurityEvents(params, customFetch) {
+    return await authApi.getSecurityEvents(params, customFetch);
+  }
+};
+var authService = new AuthService();
+
+export { AuthService, authService, getAvailableMethods, getMfaToken, isLoginSuccessResponse, isMfaChallengeResponse };

package/dist/chunk-U2YM3E3Q.js

@@ -0,0 +1,269 @@
+import { authApi } from './chunk-MI4B4ZRK.js';
+import { decodeJWT, isInitialized, getConfig, getStorage, getDefaultStorage } from './chunk-DCGC6CNV.js';
+
+// src/svelte/stores/auth.svelte.ts
+function getStorageKey() {
+  return isInitialized() ? getConfig().storageKey ?? "classic_auth" : "classic_auth";
+}
+function getStorageAdapter() {
+  return isInitialized() ? getStorage() : getDefaultStorage();
+}
+function loadAuthFromStorage() {
+  try {
+    const storage = getStorageAdapter();
+    const data = storage.getItem(getStorageKey());
+    if (!data) {
+      return {
+        accessToken: null,
+        refreshToken: null,
+        user: null,
+        isAuthenticated: false
+      };
+    }
+    const parsed = JSON.parse(data);
+    return {
+      accessToken: parsed.accessToken ?? null,
+      refreshToken: parsed.refreshToken ?? null,
+      user: parsed.user ?? null,
+      isAuthenticated: !!parsed.accessToken && !!parsed.user
+    };
+  } catch {
+    return {
+      accessToken: null,
+      refreshToken: null,
+      user: null,
+      isAuthenticated: false
+    };
+  }
+}
+function saveAuthToStorage(state) {
+  try {
+    const storage = getStorageAdapter();
+    const key = getStorageKey();
+    if (!state.accessToken) {
+      storage.removeItem(key);
+    } else {
+      storage.setItem(key, JSON.stringify(state));
+    }
+  } catch {
+  }
+}
+var AuthStore = class {
+  constructor() {
+    this.subscribers = /* @__PURE__ */ new Set();
+    this.state = loadAuthFromStorage();
+  }
+  /**
+   * Subscribe to state changes (Svelte store contract).
+   */
+  subscribe(subscriber) {
+    this.subscribers.add(subscriber);
+    subscriber(this.state);
+    return () => this.subscribers.delete(subscriber);
+  }
+  notify() {
+    this.subscribers.forEach((sub) => sub(this.state));
+  }
+  // Getters for direct access
+  get accessToken() {
+    return this.state.accessToken;
+  }
+  get refreshToken() {
+    return this.state.refreshToken;
+  }
+  get user() {
+    return this.state.user;
+  }
+  get isAuthenticated() {
+    return this.state.isAuthenticated;
+  }
+  /**
+   * Get the current auth state snapshot.
+   */
+  getState() {
+    return { ...this.state };
+  }
+  /**
+   * Set auth data after successful login.
+   */
+  setAuth(accessToken, refreshToken, user, sessionToken) {
+    const jwtPayload = decodeJWT(accessToken);
+    const userWithPermissions = {
+      ...user,
+      permissions: user.permissions || jwtPayload?.permissions || [],
+      roles: user.roles || jwtPayload?.roles || (user.role ? [user.role] : [])
+    };
+    this.state = {
+      accessToken,
+      refreshToken,
+      user: userWithPermissions,
+      isAuthenticated: true
+    };
+    saveAuthToStorage(this.state);
+    if (sessionToken && typeof window !== "undefined") {
+      getStorageAdapter().setItem("sessionToken", sessionToken);
+    }
+    if (typeof window !== "undefined") {
+      window.dispatchEvent(
+        new CustomEvent("auth:login", {
+          detail: { user: userWithPermissions }
+        })
+      );
+    }
+    this.notify();
+  }
+  /**
+   * Update tokens (e.g., after refresh).
+   */
+  updateTokens(accessToken, refreshToken) {
+    const jwtPayload = decodeJWT(accessToken);
+    const updatedUser = this.state.user ? {
+      ...this.state.user,
+      permissions: jwtPayload?.permissions || this.state.user.permissions || [],
+      roles: jwtPayload?.roles || this.state.user.roles || (this.state.user.role ? [this.state.user.role] : [])
+    } : null;
+    this.state = {
+      ...this.state,
+      accessToken,
+      refreshToken,
+      user: updatedUser
+    };
+    saveAuthToStorage(this.state);
+    if (typeof window !== "undefined") {
+      window.dispatchEvent(new CustomEvent("auth:token-refresh"));
+    }
+    this.notify();
+  }
+  /**
+   * Update user data (e.g., after profile update).
+   */
+  updateUser(user) {
+    const jwtPayload = this.state.accessToken ? decodeJWT(this.state.accessToken) : null;
+    const updatedUser = {
+      ...user,
+      permissions: user.permissions || jwtPayload?.permissions || [],
+      roles: user.roles || jwtPayload?.roles || (user.role ? [user.role] : [])
+    };
+    this.state = {
+      ...this.state,
+      user: updatedUser
+    };
+    saveAuthToStorage(this.state);
+    if (typeof window !== "undefined") {
+      window.dispatchEvent(
+        new CustomEvent("auth:profile-update", {
+          detail: { user: updatedUser }
+        })
+      );
+    }
+    this.notify();
+  }
+  /**
+   * Clear auth state (logout).
+   */
+  logout() {
+    this.state = {
+      accessToken: null,
+      refreshToken: null,
+      user: null,
+      isAuthenticated: false
+    };
+    const storage = getStorageAdapter();
+    storage.removeItem(getStorageKey());
+    storage.removeItem("sessionToken");
+    if (typeof window !== "undefined") {
+      window.dispatchEvent(new CustomEvent("auth:logout"));
+    }
+    if (isInitialized()) {
+      getConfig().onLogout?.();
+    }
+    this.notify();
+  }
+  /**
+   * Logout with SSO support.
+   * Calls the logout API and returns the SSO logout URL if applicable.
+   * Clears local state regardless of API response.
+   */
+  async logoutWithSSO() {
+    try {
+      const response = await authApi.logout();
+      this.logout();
+      if (response?.ssoLogout && response?.logoutUrl) {
+        return { ssoLogoutUrl: response.logoutUrl };
+      }
+    } catch {
+      this.logout();
+    }
+    return {};
+  }
+  /**
+   * Check if user has a specific permission.
+   */
+  hasPermission(permission) {
+    return this.state.user?.permissions?.includes(permission) ?? false;
+  }
+  /**
+   * Check if user has a specific role.
+   */
+  hasRole(role) {
+    return this.state.user?.roles?.includes(role) ?? false;
+  }
+  /**
+   * Check if user has any of the specified roles.
+   */
+  hasAnyRole(roles) {
+    return roles.some((role) => this.state.user?.roles?.includes(role)) ?? false;
+  }
+  /**
+   * Check if user has all of the specified roles.
+   */
+  hasAllRoles(roles) {
+    return roles.every((role) => this.state.user?.roles?.includes(role)) ?? false;
+  }
+  /**
+   * Check if user has any of the specified permissions.
+   */
+  hasAnyPermission(permissions) {
+    return permissions.some((perm) => this.state.user?.permissions?.includes(perm)) ?? false;
+  }
+  /**
+   * Check if user has all of the specified permissions.
+   */
+  hasAllPermissions(permissions) {
+    return permissions.every((perm) => this.state.user?.permissions?.includes(perm)) ?? false;
+  }
+  /**
+   * Re-hydrate state from storage (useful after config changes).
+   */
+  rehydrate() {
+    this.state = loadAuthFromStorage();
+    this.notify();
+  }
+};
+var authStore = new AuthStore();
+var authActions = {
+  setAuth: (accessToken, refreshToken, user, sessionToken) => authStore.setAuth(accessToken, refreshToken, user, sessionToken),
+  updateTokens: (accessToken, refreshToken) => authStore.updateTokens(accessToken, refreshToken),
+  updateUser: (user) => authStore.updateUser(user),
+  logout: () => authStore.logout(),
+  logoutWithSSO: () => authStore.logoutWithSSO(),
+  hasPermission: (permission) => authStore.hasPermission(permission),
+  hasRole: (role) => authStore.hasRole(role),
+  hasAnyRole: (roles) => authStore.hasAnyRole(roles),
+  hasAllRoles: (roles) => authStore.hasAllRoles(roles),
+  hasAnyPermission: (permissions) => authStore.hasAnyPermission(permissions),
+  hasAllPermissions: (permissions) => authStore.hasAllPermissions(permissions),
+  rehydrate: () => authStore.rehydrate()
+};
+var isAuthenticated = {
+  subscribe: (subscriber) => {
+    return authStore.subscribe((state) => subscriber(state.isAuthenticated));
+  }
+};
+var currentUser = {
+  subscribe: (subscriber) => {
+    return authStore.subscribe((state) => subscriber(state.user));
+  }
+};
+
+export { authActions, authStore, currentUser, isAuthenticated };