@cloudbase/oauth 2.5.49-beta.0 → 2.5.49-beta.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudbase/oauth",
-  "version": "2.5.49-beta.0",
+  "version": "2.5.49-beta.2",
   "description": "cloudbase javascript sdk auth componets",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -21,5 +21,5 @@
     "encryptlong": "^3.1.4"
   },
   "license": "Apache-2.0",
-  "gitHead": "a4b9835493467e4ab8d35ba0ab3c02dbdc576edf"
+  "gitHead": "0d182ece790ba8a0ef254f63f6a06ab3e878a302"
 }

package/src/auth/apis.ts

@@ -23,11 +23,9 @@ import {
   UserProfileProvider,
   UnbindProviderRequest,
   CheckPasswordrRequest,
-  BindPhoneRequest,
-  BindEmailRequest,
   SetPasswordRequest,
-  ChangeBindedProviderRequest,
-  ChangeBindedProviderResponse,
+  ChangeBoundProviderRequest,
+  ChangeBoundProviderResponse,
   UpdatePasswordRequest,
   SudoResponse,
   SudoRequest,
@@ -49,6 +47,12 @@ import {
   GetMiniProgramQrCodeResponse,
   GetMiniProgramQrCodeStatusResponse,
   ModifyUserBasicInfoRequest,
+  EditContactRequest,
+  AuthorizeInfoRequest,
+  AuthorizeInfoResponse,
+  AuthorizeDeviceRequest,
+  AuthorizeRequest,
+  AuthorizeResponse,
 } from './models'
 import { SimpleStorage, RequestFunction } from '../oauth2client/interface'
 import { OAuth2Client, defaultStorage } from '../oauth2client/oauth2client'
@@ -60,6 +64,10 @@ import { getEncryptInfo } from '../utils/encrypt'
 export interface AuthOptions {
   apiOrigin: string
   clientId: string
+  /**
+   * basic auth
+   */
+  clientSecret?: string
   credentialsClient?: OAuth2Client
   request?: RequestFunction
   baseRequest?: RequestFunction
@@ -100,6 +108,8 @@ export class Auth {
         clientId: opts.clientId,
         storage: opts.storage,
         env: opts.env,
+        baseRequest: opts.baseRequest /* || opts.request */, // opts.request 废弃不用来表示 oauth rquest
+        anonymousSignInFunc: opts.anonymousSignInFunc,
         wxCloud: opts.wxCloud,
       }
       oAuth2Client = new OAuth2Client(initOptions)
@@ -210,6 +220,28 @@ export class Auth {
     return Promise.resolve(data)
   }
 
+  /**
+   * Revoke All Devices
+   * @return {Object} A Promise<void> object.
+   */
+  public async revokeAllDevices(): Promise<void> {
+    await this.config.request<void>(ApiUrls.AUTH_REVOKE_ALL_URL, {
+      method: 'DELETE',
+      withCredentials: true,
+    })
+  }
+
+  /**
+   * Revoke Device
+   * @return {Object} A Promise<void> object.
+   */
+  public async revokeDevice(params: { device_id: string }): Promise<void> {
+    await this.config.request<void>(ApiUrls.AUTHORIZED_DEVICES_DELETE_URL + params.device_id, {
+      method: 'DELETE',
+      withCredentials: true,
+    })
+  }
+
   /**
    * Get the verification.
    * @param {GetVerificationRequest} params A GetVerificationRequest Object.
@@ -493,25 +525,12 @@ export class Auth {
   }
 
   /**
-   * check Password.
-   * @param {CheckPasswordrRequest} params
-   * @return {Promise<any>}
-   */
-  public async bindPhone(params: BindPhoneRequest): Promise<void> {
-    return this.config.request<any>(`${ApiUrls.BIND_CONTACT_URL}`, {
-      method: 'PATCH',
-      withCredentials: true,
-      body: params,
-    })
-  }
-
-  /**
-   * check Password.
-   * @param {CheckPasswordrRequest} params
-   * @return {Promise<any>}
+   * Edit Contact 修改 手机号 或 邮箱
+   * @param {EditContactRequest} params
+   * @return {Promise<void>}
    */
-  public async bindEmail(params: BindEmailRequest): Promise<void> {
-    return this.config.request<any>(`${ApiUrls.BIND_CONTACT_URL}`, {
+  public async editContact(params: EditContactRequest): Promise<void> {
+    return this.config.request<void>(`${ApiUrls.BIND_CONTACT_URL}`, {
       method: 'PATCH',
       withCredentials: true,
       body: params,
@@ -562,7 +581,7 @@ export class Auth {
    * @param {GetVerificationRequest} params A GetVerificationRequest Object.
    * @return {Promise<GetVerificationResponse>} A Promise<GetVerificationResponse> object.
    */
-  public async getCurUserVerification(params: GetVerificationRequest): Promise<GetVerificationResponse> {
+  public async sendVerificationCodeToCurrentUser(params: GetVerificationRequest): Promise<GetVerificationResponse> {
     params.target = 'CUR_USER'
     return this.config.request<GetVerificationResponse>(ApiUrls.VERIFICATION_URL, {
       method: 'POST',
@@ -573,12 +592,12 @@ export class Auth {
   }
 
   /**
-   * change binded provider.
-   * @param {GetVerificationRequest} params A GetVerificationRequest Object.
-   * @return {Promise<GetVerificationResponse>} A Promise<GetVerificationResponse> object.
+   * change Bound provider.
+   * @param {ChangeBoundProviderRequest} params A GetVerificationRequest Object.
+   * @return {Promise<ChangeBoundProviderResponse>} A Promise<GetVerificationResponse> object.
    */
-  public async changeBindedProvider(params: ChangeBindedProviderRequest): Promise<ChangeBindedProviderResponse> {
-    return this.config.request<ChangeBindedProviderResponse>(`${ApiUrls.PROVIDER_LIST}/${params.provider_id}/trans`, {
+  public async changeBoundProvider(params: ChangeBoundProviderRequest): Promise<ChangeBoundProviderResponse> {
+    return this.config.request<ChangeBoundProviderResponse>(`${ApiUrls.PROVIDER_LIST}/${params.provider_id}/trans`, {
       method: 'POST',
       body: {
         provider_trans_token: params.trans_token,
@@ -640,7 +659,14 @@ export class Auth {
    * @constructor
    */
   public async signInWithCustomTicket(params?: { version?: string }): Promise<Credentials> {
-    const customTicket = await this.getCustomSignTicketFn()
+    const customSignTicketFn = this.getCustomSignTicketFn
+    if (!customSignTicketFn) {
+      return Promise.reject({
+        error: 'failed_precondition',
+        error_description: 'please use setCustomSignFunc to set custom sign function',
+      })
+    }
+    const customTicket = await customSignTicketFn()
     return this.signInWithProvider({
       ...params,
       provider_id: 'custom',
@@ -662,6 +688,31 @@ export class Auth {
     })
   }
 
+  /**
+   * Authorize oauth Authorize
+   * @param params
+   * @constructor
+   */
+  public async authorize(params: AuthorizeRequest): Promise<AuthorizeResponse> {
+    return this.config.request<AuthorizeResponse>(ApiUrls.AUTHORIZE_URL, {
+      method: 'POST',
+      withCredentials: true,
+      body: params,
+    })
+  }
+
+  /**
+   * authorize device
+   * @param params
+   */
+  public async authorizeDevice(params: AuthorizeDeviceRequest): Promise<void> {
+    return this.config.request<void>(ApiUrls.AUTHORIZE_DEVICE_URL, {
+      method: 'POST',
+      withCredentials: true,
+      body: params,
+    })
+  }
+
   /**
    * device authorization
    * @param {DeviceAuthorizeRequest} params
@@ -676,6 +727,27 @@ export class Auth {
     })
   }
 
+  /**
+   * OAuth get authorize info
+   * @param params
+   * @constructor
+   */
+  public async authorizeInfo(params: AuthorizeInfoRequest): Promise<AuthorizeInfoResponse> {
+    const url = `${ApiUrls.AUTHORIZE_INFO_URL}?${Auth.parseParamsToSearch(params)}`
+    let withBasicAuth = true
+    let withCredentials = false
+    const hasLogin = await this.hasLoginState()
+    if (hasLogin) {
+      withCredentials = true
+      withBasicAuth = false
+    }
+    return this.config.request<AuthorizeInfoResponse>(url, {
+      method: 'GET',
+      withBasicAuth,
+      withCredentials,
+    })
+  }
+
   public async checkUsername(params: CheckUsernameRequest): Promise<void> {
     return this.config.request(ApiUrls.CHECK_USERNAME, {
       method: 'GET',
@@ -804,7 +876,7 @@ export class Auth {
    * mini-program scan code status
    * @returns
    */
-  public async checkMiniProgramCode(params: GetMiniProgramQrCodeStatusRequest,): Promise<GetMiniProgramQrCodeStatusResponse> {
+  public async getMiniProgramQrCodeStatus(params: GetMiniProgramQrCodeStatusRequest,): Promise<GetMiniProgramQrCodeStatusResponse> {
     return this.config.request<GetMiniProgramQrCodeStatusResponse>(ApiUrls.GET_MINIPROGRAM_QRCODE_STATUS, {
       method: 'POST',
       body: params,

package/src/auth/consts.ts

@@ -31,6 +31,11 @@ export enum ApiUrls {
   AUTH_GET_DEVICE_CODE = '/auth/v1/device/code',
   CHECK_USERNAME = '/auth/v1/checkUsername',
   CHECK_IF_USER_EXIST = '/auth/v1/checkIfUserExist',
+  AUTHORIZE_URL = '/auth/v1/user/authorize',
+  AUTHORIZE_DEVICE_URL = '/auth/v1/user/device/authorize',
+  AUTHORIZE_INFO_URL = '/auth/v1/user/authorize/info',
+  AUTHORIZED_DEVICES_DELETE_URL = '/auth/v1/user/authorized/devices/',
+  AUTH_REVOKE_ALL_URL = '/auth/v1/user/revoke/all',
   GET_PROVIDER_TYPE = '/auth/v1/mgr/provider/providerSubType',
 
   GET_MINIPROGRAM_QRCODE = '/auth/v1/qrcode/generate',

package/src/auth/models.ts

@@ -4,12 +4,12 @@ interface BaseRequest {
 
 export type GetCustomSignTicketFn = () => Promise<string>;
 
-export interface SignInRequest extends BaseRequest, EncryptParams  {
+export interface SignInRequest extends BaseRequest, EncryptParams {
   username?: string;
   password?: string;
   verification_token?: string;
   version?: string;
-  query?: { with_department?: boolean, with_role?: boolean }
+  query?: { with_department?: boolean; with_role?: boolean };
 }
 
 export interface SignInWithProviderRequest extends BaseRequest {
@@ -132,20 +132,20 @@ export interface UserProfile {
   zoneinfo?: string;
   locale?: string;
   created_from?: string;
-  sub?: string
-  uid?: string
+  sub?: string;
+  uid?: string;
   address?: {
-    formatted?: string,
-    street_address?: string,
-    locality?: string,
-    region?: string,
-    postal_code?: string,
-    country?: string
-  }
-  nickName?: string // TODO:
-  province?: string // TODO:
-  country?: string // TODO:
-  city?: string // TODO:
+    formatted?: string;
+    street_address?: string;
+    locality?: string;
+    region?: string;
+    postal_code?: string;
+    country?: string;
+  };
+  nickName?: string; // TODO:
+  province?: string; // TODO:
+  country?: string; // TODO:
+  city?: string; // TODO:
 }
 
 export type UserInfo = UserProfile;
@@ -153,6 +153,9 @@ export type UserInfo = UserProfile;
 export interface ProviderProfile {
   provider_id: string;
   phone_number?: string;
+  name?: string;
+  picture?: string;
+  email?: string;
 }
 
 export interface TransByProviderRequest {
@@ -188,13 +191,11 @@ export interface SetPasswordRequest extends BaseRequest {
   sudo_token: string;
 }
 
-export interface ChangeBindedProviderRequest extends BaseRequest {
+export interface ChangeBoundProviderRequest extends BaseRequest {
   trans_token: string;
   provider_id: string;
 }
 
-export type ChangeBindedProviderResponse = BaseRequest
-
 export interface QueryUserProfileReq extends BaseRequest {
   appended_params: string;
 }
@@ -256,7 +257,7 @@ export interface GrantProviderTokenRequest {
   provider_params?: {
     provider_code_type?: string;
     appid?: string;
-  }
+  };
 }
 
 export interface GrantProviderTokenResponse {
@@ -287,7 +288,7 @@ export interface GenProviderRedirectUriRequest {
   provider_redirect_uri: string;
   state: string;
   other_params?: {
-    [key: string]: string
+    [key: string]: string;
   };
 }
 
@@ -352,11 +353,23 @@ export interface CheckPasswordrRequest {
   password: string;
 }
 
+export interface EditContactRequest {
+  phone_number?: string;
+  email?: string;
+  sudo_token: string;
+  verification_token: string;
+  // 冲突解决方案
+  // 可选：DEFAULT， 默认解决方案：提示用户该手机号已被其他人绑定
+  //      DELETE_ACCOUNT_TRANSFER，标记原来的账号为已注销，并将手机换绑给自己
+  //     TRANSFER 仅换绑手机号，不注销原有账号。（原有账号无法登录情况下，则自动标记为注销）
+  conflict_resolution?: string;
+}
+
 export interface BindPhoneRequest {
   phone_number: string;
   sudo_token: string;
   verification_token: string;
-  conflict_resolution: string
+  conflict_resolution: string;
   // 1. DEFAULT 0, 默认提示用户手机号已被绑定
   // 2. DELETE_ACCOUNT_TRANSFER 1, 标记原账号已被注销，并将手机换绑给自己
   // 3. TRANSFER 2, 仅换绑手机号，不注销原有账号（换绑后原账号无法登录时，则自动注销原账号）
@@ -373,7 +386,6 @@ export interface SetPasswordRequest {
   sudo_token: string;
 }
 
-
 export interface SetPasswordRequest {
   new_password: string;
   sudo_token: string;
@@ -387,11 +399,11 @@ export interface UpdatePasswordRequest {
 // password 和 verification_token 而选一，如果绑定了手机号，则必须使用verification_token 进行sudo
 export interface SudoRequest {
   password?: string;
-  verification_token?: string
+  verification_token?: string;
 }
 
 export interface SudoResponse {
-  sudo_token?: string
+  sudo_token?: string;
 }
 
 export interface WithSudoRequest {
@@ -399,7 +411,6 @@ export interface WithSudoRequest {
   version?: string;
 }
 
-
 export interface ChangeBoundProviderRequest {
   trans_token: string;
   provider_id: string;
@@ -418,27 +429,81 @@ export interface QueryUserProfileRequest {
 
 export interface QueryUserProfileResponse {
   total: string;
-  data: SimpleUserProfile[]
+  data: SimpleUserProfile[];
 }
 
 export interface ResetPasswordRequest extends BaseRequest {
-  email: string
-  phone_number: string
-  new_password: string
-  verification_token: string
+  email: string;
+  phone_number: string;
+  new_password: string;
+  verification_token: string;
 }
 
 export interface DeviceAuthorizeRequest extends BaseRequest {
-  scope?: string
+  scope?: string;
+}
+
+export interface AuthorizeRequest extends BaseRequest {
+  response_type?: string;
+  redirect_uri?: string;
+  state?: string;
+  scope?: string;
+  code_challenge?: string;
+  code_challenge_method?: string;
+  sign_out_uri?: string;
+}
+
+export interface AuthorizeResponse {
+  code?: string;
+  access_token?: string;
+  id_token?: string;
+  token_type?: string;
+  scope?: string;
+  state?: string;
+  expires_in?: number;
+}
+
+export interface AuthorizeInfoRequest extends BaseRequest {
+  response_type?: string;
+  redirect_uri?: string;
+  state?: string;
+  scope?: string;
+  sign_out_uri?: string;
+  locale?: string;
+}
+
+interface Scope {
+  id: string;
+  name: string;
+  description?: string;
+  picture?: string;
+  url?: string;
+  children?: Scope[];
+}
+export interface AuthorizeInfoResponse {
+  client: {
+    id: string;
+    name: string;
+    description?: string;
+    picture?: string;
+    url?: string;
+  };
+  scopes?: Scope[];
+}
+
+export interface AuthorizeDeviceRequest extends BaseRequest {
+  user_code: string;
+  scope?: string;
+  state?: string;
 }
 
 export interface DeviceAuthorizeResponse {
-  device_code: string
-  user_code: string
-  expires_in: number
-  interval: number
-  verification_url: string
-  verification_uri_complete: string
+  device_code: string;
+  user_code: string;
+  expires_in: number;
+  interval: number;
+  verification_url: string;
+  verification_uri_complete: string;
 }
 
 // 简化版用户信息
@@ -453,7 +518,7 @@ export interface SimpleUserProfile {
 }
 
 export interface CheckUsernameRequest {
-  username: string
+  username: string;
 }
 
 export interface CheckIfUserExistRequest {

package/src/index.ts

@@ -17,17 +17,12 @@ export {
 
 export { AuthClient, SimpleStorage } from './oauth2client/interface'
 
-export {
-  Credentials,
-  ResponseError,
-  OAuth2ClientOptions,
-  AuthClientRequestOptions,
-} from './oauth2client/models'
+export { Credentials, ResponseError, OAuth2ClientOptions, AuthClientRequestOptions } from './oauth2client/models'
 
 export { AuthOptions, Auth } from './auth/apis'
 export { authModels }
-export {  ApiUrls } from './auth/consts'
-
+export { ApiUrls } from './auth/consts'
+export type { ProviderProfile } from './auth/models'
 
 export class CloudbaseOAuth {
   public oauth2client: OAuth2Client
@@ -53,4 +48,3 @@ export class CloudbaseOAuth {
     })
   }
 }
-

package/src/oauth2client/models.ts

@@ -41,6 +41,7 @@ export interface AuthClientRequestOptions extends RequestOptions {
     [key: string]: any;
   } | null;
   withCredentials?: boolean;
+  withBasicAuth?: boolean;
   retry?: number;
   useWxCloud?: boolean;
 

package/src/oauth2client/oauth2client.ts

@@ -17,6 +17,7 @@ import { uuidv4 } from '../utils/uuid'
 import { getPathName } from '../utils/index'
 
 import { SinglePromise } from '../utils/function/single-promise'
+import { weBtoa } from '../utils/base64'
 
 const RequestIdHeaderName = 'x-request-id'
 const DeviceIdHeaderName = 'x-device-id'
@@ -99,12 +100,17 @@ export function generateRequestId(): string {
  * Default Storage.
  */
 class DefaultStorage implements SimpleStorage {
+  private readonly _env: string
+
+  constructor(opts?: { env: string }) {
+    this._env = opts?.env || ''
+  }
   /**
    * Get item.
    * @param {string} key
    */
   async getItem(key: string): Promise<string | null> {
-    return window.localStorage.getItem(key)
+    return window.localStorage.getItem(`${key}${this._env}`)
   }
 
   /**
@@ -112,7 +118,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} key
    */
   async removeItem(key: string): Promise<void> {
-    window.localStorage.removeItem(key)
+    window.localStorage.removeItem(`${key}${this._env}`)
   }
 
   /**
@@ -121,7 +127,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} value
    */
   async setItem(key: string, value: string): Promise<void> {
-    window.localStorage.setItem(key, value)
+    window.localStorage.setItem(`${key}${this._env}`, value)
   }
 
   /**
@@ -129,7 +135,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} key
    */
   getItemSync(key: string): string | null {
-    return window.localStorage.getItem(key)
+    return window.localStorage.getItem(`${key}${this._env}`)
   }
 
   /**
@@ -137,7 +143,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} key
    */
   removeItemSync(key: string): void {
-    window.localStorage.removeItem(key)
+    window.localStorage.removeItem(`${key}${this._env}`)
   }
 
   /**
@@ -146,7 +152,7 @@ class DefaultStorage implements SimpleStorage {
    * @param {string} value
    */
   setItemSync(key: string, value: string): void {
-    window.localStorage.setItem(key, value)
+    window.localStorage.setItem(`${key}${this._env}`, value)
   }
 }
 
@@ -289,6 +295,7 @@ export class OAuth2Client implements AuthClient {
   private singlePromise: SinglePromise = new SinglePromise()
   private anonymousSignInFunc: (Credentials) => Promise<Credentials | void>
   private wxCloud: any
+  private basicAuth: string
 
   /**
    * constructor
@@ -306,12 +313,15 @@ export class OAuth2Client implements AuthClient {
     this.tokenInURL = options.tokenInURL
     this.headers = options.headers
     // @ts-ignore
-    this.storage = options.storage || defaultStorage
+    this.storage = options.storage || new DefaultStorage({ env: options.env })
     this.localCredentials = new LocalCredentials({
       tokenSectionName: `credentials_${options.clientId}`,
       storage: this.storage,
     })
     this.clientSecret = options.clientSecret
+    if (options.clientId !== '') {
+      this.basicAuth = `Basic ${weBtoa(`${options.clientId}:${options.clientSecret}`)}`
+    }
     this.wxCloud = options.wxCloud
     try {
       if (adapterForWxMp.isMatch() && this.wxCloud === undefined && options.env) {
@@ -370,6 +380,9 @@ export class OAuth2Client implements AuthClient {
       const deviceId = await this.getDeviceId()
       options.headers[DeviceIdHeaderName] = deviceId
     }
+    if (options?.withBasicAuth && this.basicAuth) {
+      options.headers.Authorization = this.basicAuth
+    }
     if (options?.withCredentials) {
       const credentials = await this.getCredentials()
       if (credentials) {
@@ -416,10 +429,7 @@ export class OAuth2Client implements AuthClient {
     return response
   }
 
-  public async wxCloudCallFunction<T>(
-    url: string,
-    options?: RequestOptions,
-  ): Promise<T> {
+  public async wxCloudCallFunction<T>(url: string, options?: RequestOptions): Promise<T> {
     let result: T | null = null
     let responseError: ResponseError | null = null
     try {
@@ -462,6 +472,9 @@ export class OAuth2Client implements AuthClient {
    */
   public async getCredentials(): Promise<Credentials | null> {
     let credentials: Credentials = await this.localCredentials.getCredentials()
+    if (!credentials) {
+      return this.unAuthenticatedError('credentials not found')
+    }
     if (isCredentialsExpired(credentials)) {
       if (credentials && credentials.scope === 'anonymous') {
         if (this.anonymousSignInFunc) {
@@ -585,12 +598,10 @@ export class OAuth2Client implements AuthClient {
         return this.unAuthenticatedError('no anonymous in credentials')
       }
       try {
-        const newCredentials: Credentials = await this.request('/auth/v1/signin/anonymously', {
+        const newCredentials: Credentials = await this.request(ApiUrls.AUTH_SIGN_IN_ANONYMOUSLY_URL, {
           method: 'POST',
-          body: {
-            client_id: this.clientId,
-            client_secret: this.clientSecret,
-          },
+          withBasicAuth: true,
+          body: {},
         })
         await this.localCredentials.setCredentials(newCredentials)
         return newCredentials