@cloudbase/oauth 3.0.0 → 3.0.2

package/src/captcha/captcha.ts

@@ -2,17 +2,20 @@ import { ApiUrls, ErrorType } from '../auth/consts'
 import { SimpleStorage, RequestFunction } from '../oauth2client/interface'
 import { AuthClientRequestOptions } from '../oauth2client/models'
 import { defaultStorage } from '../oauth2client/oauth2client'
-import { isInMpWebView, isMp } from '../utils/mp'
-import MyURLSearchParams from '../utils/urlSearchParams'
+import { isMp } from '../utils/mp'
 import { SDKAdapterInterface } from '@cloudbase/adapter-interface'
+import { openURIWithCallback } from './captcha-dom'
+import { Auth } from '../auth/apis'
 
 export interface CaptchaOptions {
+  env: string;
   clientId: string
   request: RequestFunction
   storage: SimpleStorage
   // 打开网页并通过URL回调获取 CaptchaToken，针对不通的平台，该函数可以自定义实现, 默认集成浏览器端认证
   openURIWithCallback?: OpenURIWithCallbackFuction
   adapter?: SDKAdapterInterface & { isMatch?: () => boolean }
+  oauthInstance?: Auth
 }
 
 type OpenURIWithCallbackFuction = (url: string) => Promise<CaptchaToken>
@@ -50,7 +53,7 @@ export class Captcha {
     }
 
     this.config = opts
-    this.tokenSectionName = `captcha_${opts.clientId}`
+    this.tokenSectionName = `captcha_${opts.clientId || opts.env}`
   }
 
   public isMatch() {
@@ -89,75 +92,9 @@ export class Captcha {
   }
 
   private getDefaultOpenURIWithCallback(): OpenURIWithCallbackFuction {
-    if (!this.isMatch() && !isInMpWebView()) {
-      if (window.location.search.indexOf('__captcha') > 0) {
-        document.body.style.display = 'none'
-      }
-      if (document.getElementById('captcha_panel_wrap') === null) {
-        const elementDiv = document.createElement('div')
-        elementDiv.style.cssText =          'background-color: rgba(0, 0, 0, 0.7);position: fixed;left: 0px;right: 0px;top: 0px;bottom: 0px;padding: 9vw 0 0 0;display: none;z-index:100;'
-        elementDiv.setAttribute('id', 'captcha_panel_wrap')
-        setTimeout(() => {
-          document.body.appendChild(elementDiv)
-        }, 0)
-      }
-    }
-    return this.defaultOpenURIWithCallback
+    return (url: string) => openURIWithCallback(url, this.config.oauthInstance)
   }
 
-  /**
-   * 默认通过浏览器打开网页并获取回调
-   */
-  private async defaultOpenURIWithCallback(
-    url: string,
-    opts?: { width?: string; height?: string },
-  ): Promise<CaptchaToken> {
-    const { width = '355px', height = '355px' } = opts || {}
-
-    const matched = url.match(/^(data:.*)$/)
-    if (matched) {
-      return Promise.reject({
-        error: ErrorType.UNIMPLEMENTED,
-        error_description: 'need to impl captcha data',
-      })
-    }
-
-    const target = document.getElementById('captcha_panel_wrap')
-    const iframe = document.createElement('iframe')
-    target.innerHTML = ''
-
-    iframe.setAttribute('src', url)
-    iframe.setAttribute('id', 'review-panel-iframe')
-    iframe.style.cssText = `min-width:${width};display:block;height:${height};margin:0 auto;background-color: rgb(255, 255, 255);border: none;`
-    target.appendChild(iframe)
-    target.style.display = 'block'
-    return new Promise<CaptchaToken>((resolve, reject) => {
-      iframe.onload = function () {
-        try {
-          const windowLocation = window.location
-          const iframeLocation = iframe.contentWindow.location
-          if (iframeLocation.host + iframeLocation.pathname === windowLocation.host + windowLocation.pathname) {
-            target.style.display = 'none'
-            const iframeUrlParams = new MyURLSearchParams(iframeLocation.search)
-            const captchToken = iframeUrlParams.get('captcha_token')
-            if (captchToken) {
-              return resolve({
-                captcha_token: captchToken,
-                expires_in: Number(iframeUrlParams.get('expires_in')),
-              })
-            }
-            return reject({
-              error: iframeUrlParams.get('error'),
-              error_description: iframeUrlParams.get('error_description'),
-            })
-          }
-          target.style.display = 'block'
-        } catch (error) {
-          target.style.display = 'block'
-        }
-      }
-    })
-  }
   /**
    * getCaptchaToken 获取captchaToken
    */
@@ -169,52 +106,26 @@ export class Captcha {
         return captchaToken
       }
     }
-    let captchaTokenResp: {
-      url?: string
-      captcha_token?: string
-      expires_in?: number
-    }
-    if (!this.isMatch() && !isInMpWebView()) {
-      const redirect_uri = `${window.location.origin + window.location.pathname}?__captcha=on`
-      captchaTokenResp = await this.config.request<GetCaptchaResponse>(ApiUrls.GET_CAPTCHA_URL, {
-        method: 'POST',
-        body: {
-          client_id: this.config.clientId,
-          redirect_uri,
-          state,
-        },
-        withCredentials: false,
-      })
-      if (captchaTokenResp.captcha_token) {
-        const captchaToken = {
-          captcha_token: captchaTokenResp.captcha_token,
-          expires_in: captchaTokenResp.expires_in,
-        }
-        this.saveCaptchaToken(captchaToken)
-        return captchaTokenResp.captcha_token
-      }
-    } else {
-      /**
+
+    /**
        * https://iwiki.woa.com/p/4010699417
        */
-      const captchaDataResp = await this.config.request<{
-        data: string
-        type: 'image'
-        token: string
-        expires_in: number
-      }>(ApiUrls.CAPTCHA_DATA_URL, {
-        method: 'POST',
-        body: {
-          state,
-          redirect_uri: '',
-        },
-        withCredentials: false,
-      })
-      captchaTokenResp = {
-        url: `${captchaDataResp.data}?state=${encodeURIComponent(state)}&token=${encodeURIComponent(captchaDataResp.token,)}`,
-      }
-    }
-    const captchaToken = await this.config.openURIWithCallback(captchaTokenResp.url)
+    const captchaDataResp = await this.config.request<{
+      data: string
+      type: 'image'
+      token: string
+      expires_in: number
+    }>(ApiUrls.CAPTCHA_DATA_URL, {
+      method: 'POST',
+      body: {
+        state,
+        redirect_uri: '',
+      },
+      withCredentials: false,
+    })
+    const captchaTokenUrl = `${captchaDataResp.data}?state=${encodeURIComponent(state)}&token=${encodeURIComponent(captchaDataResp.token,)}`
+
+    const captchaToken = await this.config.openURIWithCallback(captchaTokenUrl)
     this.saveCaptchaToken(captchaToken)
     return captchaToken.captcha_token
   }

package/src/index.ts

@@ -1,19 +1,44 @@
 import { OAuth2Client } from './oauth2client/oauth2client'
 import { AuthOptions, Auth } from './auth/apis'
 import { AUTH_API_PREFIX } from './auth/consts'
+import { Credentials } from './oauth2client/models'
 export { Auth } from './auth/apis'
-export { AUTH_API_PREFIX } from './auth/consts'
+export { AUTH_API_PREFIX, OAUTH_TYPE } from './auth/consts'
+export { AuthError } from './auth/auth-error'
 export * as authModels from './auth/models'
-export type { ProviderProfile } from './auth/models'
+export type { ProviderProfile, UserInfo, ModifyUserBasicInfoRequest } from './auth/models'
 export type { Credentials, OAuth2ClientOptions, ResponseError, AuthClientRequestOptions } from './oauth2client/models'
 export type { AuthOptions } from './auth/apis'
+export { weAppJwtDecodeAll } from './utils/base64'
+export { LOGIN_STATE_CHANGED_TYPE, EVENTS, AUTH_STATE_CHANGED_TYPE } from './auth/consts'
 
 export class CloudbaseOAuth {
   public oauth2client: OAuth2Client
   public authApi: Auth
+  private detectSessionInUrl: boolean
 
   constructor(authOptions: AuthOptions) {
-    const { apiOrigin, apiPath = AUTH_API_PREFIX, clientId, env, storage, request, baseRequest, anonymousSignInFunc, wxCloud, adapter, onCredentialsError, headers, i18n, publishable_key } = authOptions
+    // eslint-disable-next-line max-len
+    const {
+      apiOrigin,
+      apiPath = AUTH_API_PREFIX,
+      clientId,
+      env,
+      storage,
+      request,
+      baseRequest,
+      anonymousSignInFunc,
+      wxCloud,
+      adapter,
+      onCredentialsError,
+      headers,
+      i18n,
+      useWxCloud,
+      eventBus,
+      detectSessionInUrl,
+      debug,
+    } = authOptions
+    this.detectSessionInUrl = detectSessionInUrl ?? false
     this.oauth2client = new OAuth2Client({
       apiOrigin,
       apiPath,
@@ -26,7 +51,9 @@ export class CloudbaseOAuth {
       onCredentialsError,
       headers: headers || {},
       i18n,
-      publishable_key,
+      useWxCloud,
+      eventBus,
+      debug,
     })
 
     this.authApi = new Auth({
@@ -36,5 +63,28 @@ export class CloudbaseOAuth {
       request: request ? this.oauth2client.request.bind(this.oauth2client) : undefined,
       adapter,
     })
+
+    // Set the getInitialSession callback after Auth is created
+    // This allows Auth.getInitialSession to handle URL detection and OAuth verification
+    if (detectSessionInUrl) {
+      this.oauth2client.setGetInitialSession(this.authApi.getInitialSession.bind(this.authApi))
+    }
+    // Note: Do NOT auto-call initialize() here.
+    // Upper layer (packages/auth) should call initializeSession() after setting up onInitialSessionObtained callback
+  }
+
+  /**
+   * Setup the onInitialSessionObtained callback and trigger initialization.
+   * This should be called by upper layer (packages/auth) after creating Auth instance.
+   * @param onUserObtained Callback to handle user info storage after session is obtained
+   */
+  public initializeSession(onUserObtained?: (data: { session: Credentials; user?: any; type?: string }, error?: any) => void | Promise<void>): void {
+    if (!this.detectSessionInUrl) {
+      this.oauth2client.initialize(Promise.resolve({ error: null }))
+      return
+    }
+    this.oauth2client.setOnInitialSessionObtained(onUserObtained)
+    // Pass callback directly to initialize() to ensure it's set before initialization starts
+    this.oauth2client.initialize()
   }
 }

package/src/oauth2client/interface.ts

@@ -15,7 +15,7 @@ export abstract class AuthClient {
   /**
    * Sets the auth credentials.
    */
-  abstract setCredentials(credentials?: Credentials): void;
+  abstract setCredentials(credentials?: Credentials): Promise<void>;
 
   /**
    * get the current accessToken from AuthClient, you can use this to detect login status

package/src/oauth2client/models.ts

@@ -46,6 +46,12 @@ export interface AuthClientRequestOptions extends RequestOptions {
   withBasicAuth?: boolean;
   retry?: number;
   useWxCloud?: boolean;
+  /**
+   * Custom getCredentials function for this request.
+   * When provided, uses this function instead of the default getCredentials() call
+   * to avoid potential deadlocks during initialization.
+   */
+  getCredentials?: () => Credentials | Promise<Credentials | null> | null;
 
   [key: string]: any;
 }
@@ -71,5 +77,27 @@ export interface OAuth2ClientOptions {
   wxCloud?: any;
   onCredentialsError?: AuthOptions['onCredentialsError']
   i18n?: ICloudbaseConfig['i18n']
-  publishable_key?: string;
+  useWxCloud?: boolean
+  eventBus?: any
+  /**
+   * Enable debug logging
+   */
+  debug?: boolean
+  /**
+   * Callback function to get initial session (e.g., from OAuth callback in URL).
+   * Called by OAuth2Client.initialize() if set.
+   * The callback should handle URL detection, OAuth verification, and return credentials.
+   * Returns { data: { session: Credentials, user?: any }, error: null } on success,
+   * or { data: null, error: Error } on failure.
+   */
+  getInitialSession?: () => Promise<{
+    data: { session: Credentials; user?: any } | null
+    error: Error | null
+  }>
+  /**
+   * Callback invoked after initial session is obtained and stored.
+   * Used to let upper layer (e.g., packages/auth) handle user info storage.
+   * Called with session and user data.
+   */
+  onInitialSessionObtained?: (data: { session: Credentials; user?: any }) => void | Promise<void>
 }