@dcimorra/authhub-sdk 1.1.0

package/dist/index.js

@@ -0,0 +1,792 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AuthHubClient: () => AuthHubClient,
+  AuthHubError: () => AuthHubError,
+  LocalStorageTokenStore: () => LocalStorageTokenStore,
+  MemoryTokenStore: () => MemoryTokenStore,
+  RealtimeClient: () => RealtimeClient,
+  TokenManager: () => TokenManager
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/errors.ts
+var AuthHubError = class extends Error {
+  constructor(data) {
+    super(data.message);
+    this.name = "AuthHubError";
+    this.status = data.status;
+    this.code = data.code;
+  }
+};
+
+// src/token-store.ts
+var ACCESS_KEY = "authhub_access_token";
+var REFRESH_KEY = "authhub_refresh_token";
+var EXPIRES_KEY = "authhub_expires_at";
+var MemoryTokenStore = class {
+  constructor() {
+    this.store = /* @__PURE__ */ new Map();
+  }
+  get(key) {
+    return this.store.get(key) ?? null;
+  }
+  set(key, value) {
+    this.store.set(key, value);
+  }
+  remove(key) {
+    this.store.delete(key);
+  }
+};
+var LocalStorageTokenStore = class {
+  get(key) {
+    try {
+      return localStorage.getItem(key);
+    } catch {
+      return null;
+    }
+  }
+  set(key, value) {
+    try {
+      localStorage.setItem(key, value);
+    } catch {
+    }
+  }
+  remove(key) {
+    try {
+      localStorage.removeItem(key);
+    } catch {
+    }
+  }
+};
+var TokenManager = class {
+  constructor(store) {
+    this.store = store;
+  }
+  async getTokens() {
+    const accessToken = await this.store.get(ACCESS_KEY);
+    const refreshToken = await this.store.get(REFRESH_KEY);
+    const expiresAt = await this.store.get(EXPIRES_KEY);
+    if (!accessToken || !refreshToken) return null;
+    return {
+      accessToken,
+      refreshToken,
+      expiresAt: expiresAt ? parseInt(expiresAt, 10) : 0
+    };
+  }
+  async setTokens(tokens) {
+    await this.store.set(ACCESS_KEY, tokens.accessToken);
+    await this.store.set(REFRESH_KEY, tokens.refreshToken);
+    await this.store.set(EXPIRES_KEY, String(tokens.expiresAt));
+  }
+  async clear() {
+    await this.store.remove(ACCESS_KEY);
+    await this.store.remove(REFRESH_KEY);
+    await this.store.remove(EXPIRES_KEY);
+  }
+  async isExpired() {
+    const tokens = await this.getTokens();
+    if (!tokens) return true;
+    return Date.now() >= tokens.expiresAt - 3e4;
+  }
+};
+
+// src/client.ts
+var isBrowser = typeof window !== "undefined" && typeof localStorage !== "undefined";
+function resolveStore(option) {
+  if (!option) return isBrowser ? new LocalStorageTokenStore() : new MemoryTokenStore();
+  if (option === "localStorage") return new LocalStorageTokenStore();
+  if (option === "memory") return new MemoryTokenStore();
+  return option;
+}
+var AuthHubClient = class {
+  constructor(config) {
+    this.refreshPromise = null;
+    this.baseUrl = config.baseUrl.replace(/\/+$/, "");
+    this.projectId = config.projectId;
+    this.apiKey = config.apiKey;
+    this.autoRefresh = config.autoRefresh !== false;
+    this.onSessionExpired = config.onSessionExpired;
+    this.tokens = new TokenManager(resolveStore(config.tokenStore));
+    this.auth = new AuthModule(this);
+    this.session = new SessionModule(this);
+    this.db = new DbModule(this);
+    this.storage = new StorageModule(this);
+    this.oauth = new OAuthModule(this);
+  }
+  /**
+   * Create a Realtime client for subscribing to database changes via WebSocket.
+   *
+   * ```ts
+   * const realtime = hub.realtime("ws://localhost:4000");
+   * await realtime.connect(accessToken);
+   * realtime.on("table:users", (event, data) => console.log(event, data));
+   * ```
+   */
+  realtime(wsUrl) {
+    return new RealtimeClient({ url: wsUrl, projectId: this.projectId });
+  }
+  // ── Internal helpers (used by modules) ───────────────────────────────────
+  /** @internal */
+  _url(path) {
+    return `${this.baseUrl}/api/v1/${this.projectId}${path}`;
+  }
+  /** @internal — API key auth request */
+  async _apiRequest(path, options = {}) {
+    const headers = new Headers(options.headers);
+    headers.set("Authorization", `Bearer ${this.apiKey}`);
+    if (!headers.has("Content-Type") && !(options.body instanceof FormData)) {
+      headers.set("Content-Type", "application/json");
+    }
+    const res = await fetch(this._url(path), { ...options, headers });
+    return this._handleResponse(res);
+  }
+  /** @internal — Bearer JWT auth request (auto-refreshes if needed) */
+  async _authRequest(path, options = {}) {
+    const accessToken = await this._getValidAccessToken();
+    const headers = new Headers(options.headers);
+    headers.set("Authorization", `Bearer ${accessToken}`);
+    if (!headers.has("Content-Type")) {
+      headers.set("Content-Type", "application/json");
+    }
+    const res = await fetch(this._url(path), { ...options, headers });
+    if (res.status === 401 && this.autoRefresh) {
+      try {
+        await this._refreshTokens();
+        const newToken = await this._getValidAccessToken();
+        headers.set("Authorization", `Bearer ${newToken}`);
+        const retryRes = await fetch(this._url(path), { ...options, headers });
+        return this._handleResponse(retryRes);
+      } catch {
+        await this.tokens.clear();
+        this.onSessionExpired?.();
+        throw new AuthHubError({ message: "Session expired", status: 401 });
+      }
+    }
+    return this._handleResponse(res);
+  }
+  /** @internal */
+  async _handleResponse(res) {
+    if (!res.ok) {
+      let body;
+      try {
+        body = await res.json();
+      } catch {
+        throw new AuthHubError({ message: res.statusText, status: res.status });
+      }
+      const error = body.error;
+      const message = typeof error === "object" && error ? error.message : typeof error === "string" ? error : "Request failed";
+      const code = typeof error === "object" && error ? error.code : void 0;
+      throw new AuthHubError({ message, code, status: res.status });
+    }
+    const json = await res.json();
+    return json.data !== void 0 ? json.data : json;
+  }
+  /** @internal — Save tokens from an auth response */
+  async _saveAuthTokens(response) {
+    await this.tokens.setTokens({
+      accessToken: response.access_token,
+      refreshToken: response.refresh_token,
+      expiresAt: Date.now() + response.expires_in * 1e3
+    });
+  }
+  /** @internal — Get valid access token, refreshing if necessary */
+  async _getValidAccessToken() {
+    if (this.autoRefresh && await this.tokens.isExpired()) {
+      const pair2 = await this.tokens.getTokens();
+      if (pair2?.refreshToken) {
+        await this._refreshTokens();
+      }
+    }
+    const pair = await this.tokens.getTokens();
+    if (!pair) throw new AuthHubError({ message: "Not authenticated. Call auth.login() first.", status: 401 });
+    return pair.accessToken;
+  }
+  /** @internal — Refresh with dedup (prevents concurrent refresh calls) */
+  async _refreshTokens() {
+    if (this.refreshPromise) return this.refreshPromise;
+    this.refreshPromise = (async () => {
+      try {
+        const pair = await this.tokens.getTokens();
+        if (!pair?.refreshToken) {
+          throw new AuthHubError({ message: "No refresh token available", status: 401 });
+        }
+        return await this.auth.refreshToken(pair.refreshToken);
+      } finally {
+        this.refreshPromise = null;
+      }
+    })();
+    return this.refreshPromise;
+  }
+  /** Get the token manager (for advanced usage) */
+  getTokenManager() {
+    return this.tokens;
+  }
+};
+var AuthModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /** Register a new user account */
+  async register(email, password, redirectTo) {
+    const body = { email, password };
+    if (redirectTo) body.redirect_to = redirectTo;
+    return this.client._apiRequest("/register", {
+      method: "POST",
+      body: JSON.stringify(body)
+    });
+  }
+  /** Login with email and password. Stores tokens automatically. */
+  async login(email, password) {
+    const response = await this.client._apiRequest("/login", {
+      method: "POST",
+      body: JSON.stringify({ email, password })
+    });
+    await this.client._saveAuthTokens(response);
+    return response;
+  }
+  /** Logout — revokes tokens on server and clears local storage */
+  async logout() {
+    try {
+      const pair = await this.client.getTokenManager().getTokens();
+      await this.client._authRequest("/logout", {
+        method: "POST",
+        body: JSON.stringify(pair?.refreshToken ? { refresh_token: pair.refreshToken } : {})
+      });
+    } catch {
+    }
+    await this.client.getTokenManager().clear();
+  }
+  /** Get current authenticated user profile */
+  async getUser() {
+    return this.client._authRequest("/user");
+  }
+  /** Change password for the authenticated user */
+  async changePassword(currentPassword, newPassword) {
+    return this.client._authRequest("/user", {
+      method: "PATCH",
+      body: JSON.stringify({ currentPassword, newPassword })
+    });
+  }
+  /** Request password recovery email */
+  async recover(email) {
+    return this.client._apiRequest("/recover", {
+      method: "POST",
+      body: JSON.stringify({ email })
+    });
+  }
+  /** Reset password using token from recovery email */
+  async resetPassword(token, newPassword) {
+    return this.client._apiRequest("/reset-password", {
+      method: "POST",
+      body: JSON.stringify({ token, newPassword })
+    });
+  }
+  /**
+   * Refresh tokens using a refresh token.
+   * Normally called automatically — use this for manual refresh.
+   */
+  async refreshToken(refreshToken) {
+    const response = await this.client._apiRequest("/refresh", {
+      method: "POST",
+      body: JSON.stringify({ refresh_token: refreshToken })
+    });
+    await this.client._saveAuthTokens(response);
+    return response;
+  }
+  /** Check if the user has a stored session (tokens exist and access token not expired) */
+  async isAuthenticated() {
+    const pair = await this.client.getTokenManager().getTokens();
+    return pair !== null && !await this.client.getTokenManager().isExpired();
+  }
+  /** Get the current access token (or null if not authenticated) */
+  async getAccessToken() {
+    const pair = await this.client.getTokenManager().getTokens();
+    return pair?.accessToken ?? null;
+  }
+};
+var SessionModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Create a cookie-based session (login).
+   * Returns the user and Set-Cookie headers that must be forwarded to the browser.
+   *
+   * Usage in Next.js API route:
+   * ```ts
+   * const { user, setCookieHeaders } = await hub.session.login(email, password);
+   * const response = NextResponse.json({ success: true });
+   * for (const h of setCookieHeaders) response.headers.append("Set-Cookie", h);
+   * ```
+   */
+  async login(email, password) {
+    const res = await fetch(this.client._url("/session"), {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.client["apiKey"]}`
+      },
+      body: JSON.stringify({ email, password })
+    });
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      const error = body.error;
+      const message = typeof error === "string" ? error : "Login failed";
+      throw new AuthHubError({ message, status: res.status });
+    }
+    const data = await res.json();
+    const setCookieHeaders = res.headers.getSetCookie?.() ?? [];
+    return { user: data.user, setCookieHeaders };
+  }
+  /**
+   * Validate an existing session by forwarding browser cookies.
+   * Returns the user if valid, null if session is expired/invalid.
+   *
+   * Usage in Next.js:
+   * ```ts
+   * const cookieHeader = request.headers.get("cookie") || "";
+   * const user = await hub.session.validate(cookieHeader);
+   * ```
+   */
+  async validate(cookieHeader) {
+    try {
+      const res = await fetch(this.client._url("/session"), {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${this.client["apiKey"]}`,
+          Cookie: cookieHeader
+        }
+      });
+      if (!res.ok) return null;
+      const data = await res.json();
+      return data.user ?? null;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Destroy a cookie-based session (logout).
+   * Returns Set-Cookie headers that clear the session cookies in the browser.
+   *
+   * Usage in Next.js API route:
+   * ```ts
+   * const cookieHeader = request.headers.get("cookie") || "";
+   * const setCookieHeaders = await hub.session.logout(cookieHeader);
+   * const response = NextResponse.json({ success: true });
+   * for (const h of setCookieHeaders) response.headers.append("Set-Cookie", h);
+   * ```
+   */
+  async logout(cookieHeader) {
+    try {
+      const res = await fetch(this.client._url("/session"), {
+        method: "DELETE",
+        headers: {
+          Authorization: `Bearer ${this.client["apiKey"]}`,
+          Cookie: cookieHeader
+        }
+      });
+      return res.headers.getSetCookie?.() ?? [];
+    } catch {
+      return [];
+    }
+  }
+  /**
+   * Change password for a user identified by their session cookies.
+   * Extracts the access token from the cookie header and uses it for JWT auth.
+   */
+  async changePassword(cookieHeader, currentPassword, newPassword) {
+    const accessToken = cookieHeader.split(";").map((c) => c.trim()).find((c) => c.startsWith("ah_access_token="))?.split("=").slice(1).join("=");
+    if (!accessToken) {
+      throw new AuthHubError({ message: "No access token found in cookies", status: 401 });
+    }
+    const res = await fetch(this.client._url("/user"), {
+      method: "PATCH",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${accessToken}`
+      },
+      body: JSON.stringify({ currentPassword, newPassword })
+    });
+    return this.client._handleResponse(res);
+  }
+};
+var DbModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /** Insert a row into a table */
+  async create(options) {
+    return this.client._apiRequest("/db/create", {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+  }
+  /** Query rows from a table with filtering, selection, ordering, pagination */
+  async read(options) {
+    return this.client._apiRequest("/db/read", {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+  }
+  /** Update rows matching a where clause */
+  async update(options) {
+    return this.client._apiRequest("/db/update", {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+  }
+  /** Delete rows matching a where clause */
+  async delete(options) {
+    return this.client._apiRequest("/db/delete", {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+  }
+  // ── Convenience shortcuts ──────────────────────────────────────────────
+  /** Find one row by column value */
+  async findOne(table, where) {
+    const result = await this.read({ table, where, limit: 1 });
+    return result.rows[0] ?? null;
+  }
+  /** Find one row by id */
+  async findById(table, id) {
+    return this.findOne(table, { id });
+  }
+  /** Count rows matching a where clause */
+  async count(table, where) {
+    const result = await this.read({ table, where, select: ["id"], limit: 0 });
+    return result.count;
+  }
+};
+var StorageModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /** Create a storage bucket */
+  async createBucket(options) {
+    return this.client._apiRequest("/storage/buckets", {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+  }
+  /** List all buckets */
+  async listBuckets() {
+    return this.client._apiRequest("/storage/buckets");
+  }
+  /** Delete a bucket and all its contents */
+  async deleteBucket(name) {
+    await this.client._apiRequest("/storage/buckets", {
+      method: "DELETE",
+      body: JSON.stringify({ name })
+    });
+  }
+  /** Upload a file to a bucket */
+  async upload(options) {
+    const formData = new FormData();
+    if (typeof Buffer !== "undefined" && Buffer.isBuffer(options.file)) {
+      const blob = new Blob([new Uint8Array(options.file)], { type: options.contentType || "application/octet-stream" });
+      formData.append("file", blob, options.key.split("/").pop() || "file");
+    } else {
+      formData.append("file", options.file);
+    }
+    formData.append("bucket", options.bucket);
+    formData.append("key", options.key);
+    const headers = new Headers();
+    headers.set("Authorization", `Bearer ${this.client["apiKey"]}`);
+    const res = await fetch(this.client._url("/storage/upload"), {
+      method: "POST",
+      headers,
+      body: formData
+    });
+    return this.client._handleResponse(res);
+  }
+  /** Download a file. Returns the raw Response for streaming support. */
+  async download(bucket, key) {
+    const headers = new Headers();
+    headers.set("Authorization", `Bearer ${this.client["apiKey"]}`);
+    const res = await fetch(this.client._url(`/storage/object/${bucket}/${key}`), { headers });
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({}));
+      const error = body.error;
+      const message = typeof error === "object" && error ? error.message : "Download failed";
+      throw new AuthHubError({ message, status: res.status });
+    }
+    return res;
+  }
+  /** Download a file and return it as a Buffer (Node) or ArrayBuffer (browser) */
+  async downloadBuffer(bucket, key) {
+    const res = await this.download(bucket, key);
+    return res.arrayBuffer();
+  }
+  /** Get the public URL for a file (only works for public buckets) */
+  getPublicUrl(bucket, key) {
+    return this.client._url(`/storage/object/${bucket}/${key}`);
+  }
+  /** Delete a file from a bucket */
+  async deleteObject(bucket, key) {
+    await this.client._apiRequest(`/storage/object/${bucket}/${key}`, {
+      method: "DELETE"
+    });
+  }
+  /** List objects in a bucket */
+  async list(options) {
+    return this.client._apiRequest("/storage/list", {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+  }
+};
+var OAuthModule = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Get the URL to redirect the user to for OAuth login.
+   *
+   * ```ts
+   * const url = hub.oauth.getAuthUrl("google", "/dashboard");
+   * window.location.href = url;
+   * ```
+   */
+  getAuthUrl(provider, redirectTo) {
+    const url = new URL(this.client._url(`/auth/${provider}`));
+    if (redirectTo) url.searchParams.set("redirect_to", redirectTo);
+    return url.toString();
+  }
+  /**
+   * Parse OAuth tokens from the URL hash fragment after a redirect callback.
+   * Returns null if no tokens are found in the hash.
+   *
+   * ```ts
+   * const result = hub.oauth.handleCallback();
+   * if (result) {
+   *   console.log("Logged in via", result.provider, result.access_token);
+   *   // Tokens are automatically stored
+   * }
+   * ```
+   */
+  async handleCallback(hash) {
+    const fragment = hash ?? (typeof window !== "undefined" ? window.location.hash : "");
+    if (!fragment || fragment.length < 2) return null;
+    const params = new URLSearchParams(fragment.slice(1));
+    const accessToken = params.get("access_token");
+    const refreshToken = params.get("refresh_token");
+    const expiresIn = params.get("expires_in");
+    const provider = params.get("provider");
+    const tokenType = params.get("token_type");
+    if (!accessToken || !refreshToken) return null;
+    const result = {
+      access_token: accessToken,
+      refresh_token: refreshToken,
+      token_type: tokenType || "bearer",
+      expires_in: expiresIn ? parseInt(expiresIn, 10) : 900,
+      provider: provider || "unknown"
+    };
+    await this.client._saveAuthTokens({
+      access_token: result.access_token,
+      refresh_token: result.refresh_token,
+      token_type: "bearer",
+      expires_in: result.expires_in,
+      user: {}
+      // user can be fetched separately via auth.getUser()
+    });
+    if (typeof window !== "undefined" && window.history?.replaceState) {
+      window.history.replaceState(null, "", window.location.pathname + window.location.search);
+    }
+    return result;
+  }
+  /**
+   * Convenience: redirect to OAuth provider login page.
+   * Only works in browser environments.
+   */
+  signInWithProvider(provider, redirectTo) {
+    if (typeof window === "undefined") {
+      throw new Error("signInWithProvider() is only available in browser environments");
+    }
+    window.location.href = this.getAuthUrl(provider, redirectTo);
+  }
+};
+var RealtimeClient = class {
+  constructor(config) {
+    this.ws = null;
+    this.listeners = /* @__PURE__ */ new Map();
+    this.connected = false;
+    this.authenticated = false;
+    this.config = config;
+  }
+  /**
+   * Connect to the realtime server and authenticate.
+   *
+   * ```ts
+   * const realtime = hub.realtime("ws://localhost:4000");
+   * await realtime.connect(accessToken);
+   * ```
+   */
+  connect(accessToken) {
+    return new Promise((resolve, reject) => {
+      const url = `${this.config.url}/realtime/v1/${this.config.projectId}`;
+      try {
+        this.ws = new WebSocket(url);
+      } catch (err) {
+        reject(err);
+        return;
+      }
+      const timeout = setTimeout(() => {
+        reject(new Error("Connection timeout"));
+        this.close();
+      }, 15e3);
+      this.ws.onopen = () => {
+        this.connected = true;
+        this.ws.send(JSON.stringify({ type: "auth", access_token: accessToken }));
+      };
+      this.ws.onmessage = (event) => {
+        let msg;
+        try {
+          msg = JSON.parse(typeof event.data === "string" ? event.data : String(event.data));
+        } catch {
+          return;
+        }
+        if (msg.type === "auth") {
+          if (msg.status === "ok") {
+            this.authenticated = true;
+            clearTimeout(timeout);
+            resolve();
+          } else {
+            clearTimeout(timeout);
+            reject(new Error(msg.message || "Authentication failed"));
+          }
+          return;
+        }
+        if (msg.type === "mutation" && msg.channel) {
+          const handlers = this.listeners.get(msg.channel);
+          if (handlers) {
+            for (const handler of handlers) {
+              try {
+                handler(msg.event || "unknown", msg.data || {});
+              } catch {
+              }
+            }
+          }
+        }
+      };
+      this.ws.onerror = (err) => {
+        clearTimeout(timeout);
+        if (!this.authenticated) {
+          reject(err);
+        }
+      };
+      this.ws.onclose = () => {
+        this.connected = false;
+        this.authenticated = false;
+      };
+    });
+  }
+  /**
+   * Subscribe to changes on a table.
+   *
+   * ```ts
+   * realtime.on("table:users", (event, data) => {
+   *   console.log(event); // "INSERT", "UPDATE", "DELETE"
+   *   console.log(data);  // { table, operation, id, timestamp }
+   * });
+   * ```
+   */
+  on(channel, handler) {
+    if (!this.listeners.has(channel)) {
+      this.listeners.set(channel, /* @__PURE__ */ new Set());
+    }
+    this.listeners.get(channel).add(handler);
+    if (this.ws && this.authenticated) {
+      this.ws.send(JSON.stringify({ type: "subscribe", channel }));
+    }
+    return this;
+  }
+  /** Remove a specific handler from a channel */
+  off(channel, handler) {
+    const handlers = this.listeners.get(channel);
+    if (handlers) {
+      handlers.delete(handler);
+      if (handlers.size === 0) {
+        this.listeners.delete(channel);
+        if (this.ws && this.authenticated) {
+          this.ws.send(JSON.stringify({ type: "unsubscribe", channel }));
+        }
+      }
+    }
+    return this;
+  }
+  /**
+   * Subscribe to a table and send the subscribe message.
+   * Alias for `on()` that returns a Promise resolving when the server confirms.
+   */
+  subscribe(channel, handler) {
+    return new Promise((resolve, reject) => {
+      if (!this.ws || !this.authenticated) {
+        reject(new Error("Not connected. Call connect() first."));
+        return;
+      }
+      const onMessage = (event) => {
+        try {
+          const msg = JSON.parse(typeof event.data === "string" ? event.data : String(event.data));
+          if (msg.type === "subscribed" && msg.channel === channel) {
+            this.ws.removeEventListener("message", onMessage);
+            resolve();
+          }
+        } catch {
+        }
+      };
+      this.ws.addEventListener("message", onMessage);
+      this.on(channel, handler);
+    });
+  }
+  /** Unsubscribe from a channel (removes all handlers) */
+  unsubscribe(channel) {
+    this.listeners.delete(channel);
+    if (this.ws && this.authenticated) {
+      this.ws.send(JSON.stringify({ type: "unsubscribe", channel }));
+    }
+  }
+  /** Close the WebSocket connection */
+  close() {
+    if (this.ws) {
+      this.ws.close();
+      this.ws = null;
+    }
+    this.connected = false;
+    this.authenticated = false;
+    this.listeners.clear();
+  }
+  /** Check if connected and authenticated */
+  isConnected() {
+    return this.connected && this.authenticated;
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthHubClient,
+  AuthHubError,
+  LocalStorageTokenStore,
+  MemoryTokenStore,
+  RealtimeClient,
+  TokenManager
+});