@classic-homes/auth 0.1.43 → 0.1.44

package/dist/core/index.d.ts

@@ -1,6 +1,6 @@
-export { A as AuthConfig, S as SSOConfig, e as StorageAdapter, g as getConfig, b as getDefaultStorage, d as getFetch, c as getStorage, i as initAuth, a as isInitialized, r as resetConfig } from '../config-C-iBNu07.js';
-import { L as LoginCredentials, a as LoginResponse, b as LogoutResponse, R as RegisterData, c as RegisterResponse, U as User, k as ProfileUpdateData, l as ChangePasswordData, S as Session, d as ApiKey, C as CreateApiKeyRequest, e as CreateApiKeyResponse, f as MFAStatus, M as MFASetupResponse, g as MFAChallengeData, D as Device, h as UserPreferences, i as LinkedAccount, j as SecurityEvent, P as Pagination } from '../types-DGN45Uih.js';
-export { A as AuthState, m as ResetPasswordData } from '../types-DGN45Uih.js';
+import { L as LoginCredentials, h as LoginResponse, j as LogoutResponse, R as RegisterData, k as RegisterResponse, U as User, u as ProfileUpdateData, v as ChangePasswordData, l as Session, m as ApiKey, C as CreateApiKeyRequest, n as CreateApiKeyResponse, o as MFAStatus, M as MFASetupResponse, p as MFAChallengeData, D as Device, q as UserPreferences, s as LinkedAccount, t as SecurityEvent, P as Pagination } from '../types-Ct5g1Nbj.js';
+export { A as AuthConfig, f as AuthState, w as ResetPasswordData, S as SSOConfig, e as StorageAdapter, g as getConfig, b as getDefaultStorage, d as getFetch, c as getStorage, i as initAuth, a as isInitialized, r as resetConfig } from '../types-Ct5g1Nbj.js';
+export { A as AuthService, L as LoginOptions, M as MFAVerifyOptions, R as RoleDeniedError, a as authService, f as formatUserRoles, c as getAvatarFallback, g as getDisplayName, e as getGreeting, d as getUserEmail, b as getUserInitials, i as isRoleDeniedError } from '../user-utils-BtLu_jhF.js';
 
 /**
  * HTTP Client
@@ -85,6 +85,9 @@ declare const authApi: {
     /**
      * Logout the current user.
      * Returns SSO logout URL if applicable for SSO users.
+     *
+     * Note: API errors are logged via onAuthError callback but still return success
+     * so the client can clear local state even if the server call fails.
      */
     logout(): Promise<LogoutResponse>;
     /**
@@ -233,6 +236,8 @@ declare const authApi: {
     }>;
     /**
      * Get user preferences.
+     *
+     * @throws Error if the API returns a malformed response
      */
     getPreferences(customFetch?: typeof fetch): Promise<UserPreferences>;
     /**
@@ -248,7 +253,10 @@ declare const authApi: {
      */
     unlinkSSOAccount(provider: string, password?: string): Promise<void>;
     /**
-     * Link an SSO account (redirects to SSO provider).
+     * Link an SSO account (redirects to SSO provider via form POST).
+     *
+     * Uses form submission to avoid exposing the access token in URL parameters,
+     * which could leak via browser history, referrer headers, or server logs.
      */
     linkSSOAccount(provider?: string): Promise<void>;
     /**
@@ -264,228 +272,6 @@ declare const authApi: {
     }>;
 };
 
-/**
- * Auth Service
- *
- * Business logic layer for authentication operations.
- * Wraps authApi calls and provides a clean interface for components.
- */
-
-interface LoginOptions {
-    /**
-     * Automatically update the auth store after successful login.
-     * Set to false to manually handle auth state.
-     * @default true
-     */
-    autoSetAuth?: boolean;
-}
-interface MFAVerifyOptions {
-    /**
-     * Automatically update the auth store after successful MFA verification.
-     * Set to false to manually handle auth state.
-     * @default true
-     */
-    autoSetAuth?: boolean;
-}
-/**
- * AuthService
- *
- * Provides a clean interface for authentication operations.
- * Can be instantiated for testing or used via the singleton export.
- */
-declare class AuthService {
-    /**
-     * Login with username and password.
-     * By default, automatically sets the auth state on successful login (unless MFA is required).
-     * @param credentials - Username and password
-     * @param options - Optional settings for login behavior
-     */
-    login(credentials: LoginCredentials, options?: LoginOptions): Promise<LoginResponse>;
-    /**
-     * Logout the current user.
-     * Returns SSO logout URL if applicable for SSO users.
-     */
-    logout(): Promise<LogoutResponse>;
-    /**
-     * Register a new user.
-     */
-    register(data: RegisterData): Promise<RegisterResponse>;
-    /**
-     * Request a password reset email.
-     */
-    forgotPassword(email: string): Promise<void>;
-    /**
-     * Reset password with a token.
-     */
-    resetPassword(token: string, newPassword: string): Promise<void>;
-    /**
-     * Change the current user's password.
-     */
-    changePassword(currentPassword: string, newPassword: string): Promise<void>;
-    /**
-     * Refresh the access token.
-     */
-    refreshToken(refreshToken: string): Promise<{
-        accessToken: string;
-        refreshToken: string;
-    }>;
-    /**
-     * Initiate SSO login (redirects to SSO provider).
-     * @param options.callbackUrl - The URL where the SSO provider should redirect after auth
-     * @param options.redirectUrl - The final URL to redirect to after processing the callback
-     */
-    initiateSSOLogin(options?: {
-        callbackUrl?: string;
-        redirectUrl?: string;
-    }): void;
-    /**
-     * Get the current user's profile.
-     */
-    getProfile(customFetch?: typeof fetch): Promise<User>;
-    /**
-     * Update the current user's profile.
-     */
-    updateProfile(data: ProfileUpdateData): Promise<User>;
-    /**
-     * Resend email verification.
-     */
-    resendVerification(): Promise<void>;
-    /**
-     * Verify email with a token.
-     */
-    verifyEmail(token: string): Promise<{
-        message: string;
-        user?: User;
-    }>;
-    /**
-     * Get all active sessions.
-     */
-    getSessions(customFetch?: typeof fetch): Promise<{
-        sessions: Session[];
-        total: number;
-    }>;
-    /**
-     * Revoke a specific session.
-     */
-    revokeSession(sessionId: string): Promise<void>;
-    /**
-     * Revoke all sessions except the current one.
-     */
-    revokeAllSessions(): Promise<void>;
-    /**
-     * Get all API keys.
-     */
-    getApiKeys(customFetch?: typeof fetch): Promise<{
-        apiKeys: ApiKey[];
-    }>;
-    /**
-     * Create a new API key.
-     */
-    createApiKey(data: CreateApiKeyRequest): Promise<CreateApiKeyResponse>;
-    /**
-     * Revoke an API key.
-     */
-    revokeApiKey(keyId: string): Promise<void>;
-    /**
-     * Update an API key's name.
-     */
-    updateApiKey(keyId: string, name: string): Promise<void>;
-    /**
-     * Get MFA status for the current user.
-     */
-    getMFAStatus(): Promise<MFAStatus>;
-    /**
-     * Setup MFA (get QR code and backup codes).
-     */
-    setupMFA(): Promise<MFASetupResponse>;
-    /**
-     * Verify MFA setup with a code.
-     */
-    verifyMFASetup(code: string): Promise<void>;
-    /**
-     * Disable MFA.
-     */
-    disableMFA(password: string): Promise<void>;
-    /**
-     * Regenerate MFA backup codes.
-     */
-    regenerateBackupCodes(password: string): Promise<{
-        backupCodes: string[];
-    }>;
-    /**
-     * Verify MFA challenge during login.
-     * By default, automatically sets the auth state on successful verification.
-     * @param data - MFA challenge data including token and code
-     * @param options - Optional settings for verification behavior
-     */
-    verifyMFAChallenge(data: MFAChallengeData, options?: MFAVerifyOptions): Promise<LoginResponse>;
-    /**
-     * Get all devices.
-     */
-    getDevices(customFetch?: typeof fetch): Promise<{
-        devices: Device[];
-    }>;
-    /**
-     * Trust a device.
-     */
-    trustDevice(deviceId: string): Promise<void>;
-    /**
-     * Revoke device trust.
-     */
-    revokeDevice(deviceId: string): Promise<void>;
-    /**
-     * Remove a device completely.
-     */
-    removeDevice(deviceId: string): Promise<void>;
-    /**
-     * Approve a device with a token.
-     */
-    approveDevice(token: string): Promise<{
-        message: string;
-        device?: Device;
-    }>;
-    /**
-     * Block a device with a token.
-     */
-    blockDevice(token: string): Promise<{
-        message: string;
-        device?: Device;
-    }>;
-    /**
-     * Get user preferences.
-     */
-    getPreferences(customFetch?: typeof fetch): Promise<UserPreferences>;
-    /**
-     * Update user preferences.
-     */
-    updatePreferences(data: Partial<UserPreferences>): Promise<void>;
-    /**
-     * Get SSO linked accounts.
-     */
-    getLinkedAccounts(customFetch?: typeof fetch): Promise<LinkedAccount[]>;
-    /**
-     * Link an SSO account (redirects to SSO provider).
-     */
-    linkAccount(provider?: string): Promise<void>;
-    /**
-     * Unlink an SSO account.
-     */
-    unlinkAccount(provider: string, password?: string): Promise<void>;
-    /**
-     * Get security event history.
-     */
-    getSecurityEvents(params?: {
-        page?: number;
-        limit?: number;
-        type?: string;
-    }, customFetch?: typeof fetch): Promise<{
-        events: SecurityEvent[];
-        pagination: Pagination;
-    }>;
-}
-/** Singleton instance of AuthService */
-declare const authService: AuthService;
-
 /**
  * Auth Guards
  *
@@ -606,4 +392,4 @@ declare function getTokenExpiration(token: string): Date | null;
  */
 declare function extractClaims<T extends string>(token: string, claims: T[]): Pick<JWTPayload, T> | null;
 
-export { ApiKey, type ApiRequestOptions, type ApiResponse, AuthService, ChangePasswordData, CreateApiKeyRequest, CreateApiKeyResponse, Device, type JWTPayload, LinkedAccount, LoginCredentials, type LoginOptions, LoginResponse, LogoutResponse, MFAChallengeData, MFASetupResponse, MFAStatus, type MFAVerifyOptions, Pagination, ProfileUpdateData, RegisterData, RegisterResponse, SecurityEvent, Session, User, UserPreferences, api, apiRequest, authApi, authService, clearStoredAuth, decodeJWT, extractClaims, extractData, getAccessToken, getAvailableMethods, getMfaToken, getRefreshToken, getSessionToken, getTokenExpiration, getTokenRemainingTime, isLoginSuccessResponse, isMfaChallengeResponse, isTokenExpired, updateStoredTokens };
+export { ApiKey, type ApiRequestOptions, type ApiResponse, ChangePasswordData, CreateApiKeyRequest, CreateApiKeyResponse, Device, type JWTPayload, LinkedAccount, LoginCredentials, LoginResponse, LogoutResponse, MFAChallengeData, MFASetupResponse, MFAStatus, Pagination, ProfileUpdateData, RegisterData, RegisterResponse, SecurityEvent, Session, User, UserPreferences, api, apiRequest, authApi, clearStoredAuth, decodeJWT, extractClaims, extractData, getAccessToken, getAvailableMethods, getMfaToken, getRefreshToken, getSessionToken, getTokenExpiration, getTokenRemainingTime, isLoginSuccessResponse, isMfaChallengeResponse, isTokenExpired, updateStoredTokens };

package/dist/core/index.js

@@ -1,3 +1,3 @@
-export { AuthService, authService, getAvailableMethods, getMfaToken, isLoginSuccessResponse, isMfaChallengeResponse } from '../chunk-EVKXT3NR.js';
-export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens } from '../chunk-BDIQSTES.js';
+export { AuthService, RoleDeniedError, authService, formatUserRoles, getAvailableMethods, getAvatarFallback, getDisplayName, getGreeting, getMfaToken, getUserEmail, getUserInitials, isLoginSuccessResponse, isMfaChallengeResponse, isRoleDeniedError } from '../chunk-XSQYERC6.js';
+export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens } from '../chunk-ES4UOD62.js';
 export { decodeJWT, extractClaims, getConfig, getDefaultStorage, getFetch, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isInitialized, isTokenExpired, resetConfig } from '../chunk-DCGC6CNV.js';

package/dist/index.d.ts

@@ -1,4 +1,5 @@
-export { A as AuthConfig, S as SSOConfig, e as StorageAdapter, g as getConfig, b as getDefaultStorage, d as getFetch, c as getStorage, i as initAuth, a as isInitialized, r as resetConfig } from './config-C-iBNu07.js';
-export { ApiRequestOptions, ApiResponse, AuthService, JWTPayload, LoginOptions, MFAVerifyOptions, api, apiRequest, authApi, authService, clearStoredAuth, decodeJWT, extractClaims, extractData, getAccessToken, getAvailableMethods, getMfaToken, getRefreshToken, getSessionToken, getTokenExpiration, getTokenRemainingTime, isLoginSuccessResponse, isMfaChallengeResponse, isTokenExpired, updateStoredTokens } from './core/index.js';
-export { d as ApiKey, A as AuthState, l as ChangePasswordData, C as CreateApiKeyRequest, e as CreateApiKeyResponse, D as Device, i as LinkedAccount, L as LoginCredentials, a as LoginResponse, b as LogoutResponse, g as MFAChallengeData, M as MFASetupResponse, f as MFAStatus, P as Pagination, k as ProfileUpdateData, R as RegisterData, c as RegisterResponse, m as ResetPasswordData, j as SecurityEvent, S as Session, U as User, h as UserPreferences } from './types-DGN45Uih.js';
-export { AuthGuardOptions, AuthGuardResult, authActions, authStore, checkAuth, createAuthGuard, currentUser, isAuthenticated, protectedLoad, requireAuth, requirePermission, requireRole } from './svelte/index.js';
+export { m as ApiKey, A as AuthConfig, f as AuthState, v as ChangePasswordData, C as CreateApiKeyRequest, n as CreateApiKeyResponse, D as Device, s as LinkedAccount, L as LoginCredentials, h as LoginResponse, j as LogoutResponse, p as MFAChallengeData, M as MFASetupResponse, o as MFAStatus, P as Pagination, u as ProfileUpdateData, R as RegisterData, k as RegisterResponse, w as ResetPasswordData, S as SSOConfig, t as SecurityEvent, l as Session, e as StorageAdapter, U as User, q as UserPreferences, g as getConfig, b as getDefaultStorage, d as getFetch, c as getStorage, i as initAuth, a as isInitialized, r as resetConfig } from './types-Ct5g1Nbj.js';
+export { ApiRequestOptions, ApiResponse, JWTPayload, api, apiRequest, authApi, clearStoredAuth, decodeJWT, extractClaims, extractData, getAccessToken, getAvailableMethods, getMfaToken, getRefreshToken, getSessionToken, getTokenExpiration, getTokenRemainingTime, isLoginSuccessResponse, isMfaChallengeResponse, isTokenExpired, updateStoredTokens } from './core/index.js';
+export { A as AuthService, L as LoginOptions, M as MFAVerifyOptions, R as RoleDeniedError, a as authService, f as formatUserRoles, c as getAvatarFallback, g as getDisplayName, e as getGreeting, d as getUserEmail, b as getUserInitials, i as isRoleDeniedError } from './user-utils-BtLu_jhF.js';
+export { AuthClient, AuthGuardOptions, AuthGuardResult, AuthHookOptions, CreateAuthClientOptions, NavFilterOptions, RoleRestrictedItem, authActions, authStore, canAccess, checkAuth, createAuthClient, createAuthGuard, createAuthHook, createNavFilter, currentUser, filterByAccess, filterNavSections, isAuthenticated, matchesRoute, protectedLoad, requireAuth, requirePermission, requireRole, routePatterns } from './svelte/index.js';
+import '@sveltejs/kit';

package/dist/index.js

@@ -1,5 +1,5 @@
-export { AuthService, authService, getAvailableMethods, getMfaToken, isLoginSuccessResponse, isMfaChallengeResponse } from './chunk-EVKXT3NR.js';
-export { checkAuth, createAuthGuard, protectedLoad, requireAuth, requirePermission, requireRole } from './chunk-IAPPE4US.js';
-export { authActions, authStore, currentUser, isAuthenticated } from './chunk-7M4DUK45.js';
-export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens } from './chunk-BDIQSTES.js';
+export { canAccess, checkAuth, createAuthClient, createAuthGuard, createAuthHook, createNavFilter, filterByAccess, filterNavSections, matchesRoute, protectedLoad, requireAuth, requirePermission, requireRole, routePatterns } from './chunk-YTMFXVJR.js';
+export { AuthService, RoleDeniedError, authService, formatUserRoles, getAvailableMethods, getAvatarFallback, getDisplayName, getGreeting, getMfaToken, getUserEmail, getUserInitials, isLoginSuccessResponse, isMfaChallengeResponse, isRoleDeniedError } from './chunk-XSQYERC6.js';
+export { authActions, authStore, currentUser, isAuthenticated } from './chunk-DSNTNK6T.js';
+export { api, apiRequest, authApi, clearStoredAuth, extractData, getAccessToken, getRefreshToken, getSessionToken, updateStoredTokens } from './chunk-ES4UOD62.js';
 export { decodeJWT, extractClaims, getConfig, getDefaultStorage, getFetch, getStorage, getTokenExpiration, getTokenRemainingTime, initAuth, isInitialized, isTokenExpired, resetConfig } from './chunk-DCGC6CNV.js';