@dehwyyy/auth 1.0.2

package/README.md

@@ -0,0 +1,50 @@
+## TokenAttacher & TokenRefresher middleware usage
+
+```ts
+import { GetAuthService } from "@dehwyyy/auth";
+import type { Middleware } from "openapi-fetch";
+
+export const AuthorizationHeaderAttacherMiddleware: Middleware = {
+  async onRequest({ request }) {
+    return GetAuthService(APP, BASE_URL).WithAuthorizationToken(request);
+  },
+}
+
+export const TokenRefresherMiddleware: Middleware = {
+  async onResponse({ response, request }) {
+    if (response.status !== 401 || request.url.includes('/auth/refresh')) {
+      return response;
+    }
+
+    return GetAuthService(APP, BASE_URL).RefreshAndRetry(request, response);
+  }
+}
+
+
+```
+
+## Guard usage example
+
+```ts
+import { Guards } from '@dehwyyy/auth/guard';
+import { createRouter, createWebHistory } from 'vue-router';
+
+enum Roles {
+  ADMIN = "Admin",
+  MANAGER = "Manager",
+  USER = "User"
+}
+
+const g = new Guards(APP, BASE_URL, "/login")
+
+export const router = createRouter({
+  history: createWebHistory(import.meta.env.VITE_BASE_URL),
+  routes: [
+    { path: "/login", name: "Login", component: Login },
+    { path: "/dashboard", name: "DashboardIndex", component: View, beforeEnter: g.Auth([Roles.USER]) },
+    { path: "/dashboard/users", name: "DashboardUsers", component: Users, beforeEnter: g.Auth([Roles.ADMIN, Roles.MANAGER]) },
+    { path: "/:pathMatch(.*)*", redirect: "/login" },
+  ],
+});
+
+```

package/dist/client/client.d.ts

@@ -0,0 +1,2 @@
+import type { paths } from './schema';
+export declare const getClient: (app: string, baseUrl: string) => import("openapi-fetch").Client<paths, `${string}/${string}`>;

package/dist/client/client.js

@@ -0,0 +1,14 @@
+import createClient from 'openapi-fetch';
+import { Middleware } from './middleware';
+let client = null;
+export const getClient = (app, baseUrl) => {
+    if (!client) {
+        client = createClient({
+            baseUrl,
+            credentials: 'include',
+        });
+        const middleware = new Middleware(app, baseUrl);
+        client.use(middleware.AuthorizationHeaderAttacher, middleware.TokenRefresher);
+    }
+    return client;
+};

package/dist/client/middleware.d.ts

@@ -0,0 +1,8 @@
+import type { Middleware as OpenAPIMiddleware } from 'openapi-fetch';
+export declare class Middleware {
+    private app;
+    private baseUrl;
+    constructor(app: string, baseUrl: string);
+    get AuthorizationHeaderAttacher(): OpenAPIMiddleware;
+    get TokenRefresher(): OpenAPIMiddleware;
+}

package/dist/client/middleware.js

@@ -0,0 +1,28 @@
+import { GetAuthService } from '../index';
+export class Middleware {
+    app;
+    baseUrl;
+    constructor(app, baseUrl) {
+        this.app = app;
+        this.baseUrl = baseUrl;
+    }
+    get AuthorizationHeaderAttacher() {
+        const t = this;
+        return {
+            async onRequest({ request }) {
+                return GetAuthService(t.app, t.baseUrl).WithAuthorizationToken(request);
+            },
+        };
+    }
+    get TokenRefresher() {
+        const t = this;
+        return {
+            async onResponse({ response, request }) {
+                if (response.status !== 401 || request.url.includes('/auth/refresh')) {
+                    return response;
+                }
+                return GetAuthService(t.app, t.baseUrl).RefreshAndRetry(request, response);
+            },
+        };
+    }
+}

package/dist/client/storage/localStorage.d.ts

@@ -0,0 +1,8 @@
+export declare const enum StorageKey {
+    ACCESS_TOKEN = "accessToken"
+}
+export declare class Storage {
+    static Set(key: StorageKey, value: string): void;
+    static Delete(key: StorageKey): void;
+    static Get(key: StorageKey): string | null;
+}

package/dist/client/storage/localStorage.js

@@ -0,0 +1,15 @@
+export var StorageKey;
+(function (StorageKey) {
+    StorageKey["ACCESS_TOKEN"] = "accessToken";
+})(StorageKey || (StorageKey = {}));
+export class Storage {
+    static Set(key, value) {
+        localStorage.setItem(key, value);
+    }
+    static Delete(key) {
+        localStorage.removeItem(key);
+    }
+    static Get(key) {
+        return localStorage.getItem(key);
+    }
+}

package/dist/guard/index.d.ts

@@ -0,0 +1,14 @@
+interface Route {
+    query: Record<string, unknown>;
+    fullPath: string;
+}
+export declare class Guards {
+    private app;
+    private apiURL;
+    private redirectBaseUrl;
+    private redirectUriPrefix;
+    constructor(app: string, apiURL: string, redirectBaseUrl: string, redirectUriPrefix?: string);
+    private getLoginRedirectPath;
+    Auth: (roles?: string[]) => (to: Route, from: Route) => Promise<string | true>;
+}
+export {};

package/dist/guard/index.js

@@ -0,0 +1,59 @@
+import { Storage, StorageKey } from '../client/storage/localStorage';
+import { GetAuthService } from '../index';
+let meCache = null;
+const ME_CACHE_TTL_MS = 15 * 1000;
+function arrayIntercept(arr1, arr2) {
+    return arr1.filter((item) => arr2.includes(item));
+}
+export class Guards {
+    app;
+    apiURL;
+    redirectBaseUrl;
+    redirectUriPrefix;
+    constructor(app, apiURL, redirectBaseUrl, redirectUriPrefix = "") {
+        this.app = app;
+        this.apiURL = apiURL;
+        this.redirectBaseUrl = redirectBaseUrl;
+        this.redirectUriPrefix = redirectUriPrefix;
+    }
+    getLoginRedirectPath(to, from) {
+        const redirectUri = from.query['redirect_uri'] || encodeURIComponent(to.fullPath);
+        const redirectPath = `${this.redirectBaseUrl}?redirect_uri=${this.redirectUriPrefix}${redirectUri}`;
+        return redirectPath;
+    }
+    Auth = (roles = []) => {
+        return async (to, from) => {
+            const loginRedirect = this.getLoginRedirectPath(to, from);
+            const token = Storage.Get(StorageKey.ACCESS_TOKEN);
+            if (!token) {
+                if (roles.length === 0)
+                    return true;
+                console.warn('Access denied');
+                return loginRedirect;
+            }
+            const now = Date.now();
+            if (meCache && meCache.expiresAt > now) {
+                const data = meCache.data;
+                if (arrayIntercept(data.roles, roles).length === 0) {
+                    return loginRedirect;
+                }
+                return true;
+            }
+            const response = await GetAuthService(this.app, this.apiURL).Validate();
+            if (!response) {
+                console.warn('Access denied');
+                return loginRedirect;
+            }
+            meCache = { data: response, expiresAt: Date.now() + ME_CACHE_TTL_MS };
+            if (response.roles.length === 0) {
+                console.warn('No roles found');
+                return loginRedirect;
+            }
+            if (arrayIntercept(response.roles, roles).length === 0) {
+                console.warn('Access denied');
+                return loginRedirect;
+            }
+            return true;
+        };
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1,22 @@
+interface ValidateResponse {
+    userId: string;
+    roles: string[];
+}
+declare class AuthService {
+    private app;
+    private apiURL;
+    private refreshPromise;
+    constructor(app: string, apiURL: string);
+    withApp(app: string): this;
+    private getClient;
+    /**
+     * @description Refresh access token
+     * @returns  `accessToken` -> refresh ok. `null` -> refresh failed
+     **/
+    private doRefresh;
+    Validate(): Promise<ValidateResponse | null>;
+    WithAuthorizationToken(request: Request, token?: string | null): Request;
+    RefreshAndRetry(request: Request, response: Response): Promise<Response>;
+}
+export declare function GetAuthService(app: string, apiURL: string): AuthService;
+export {};

package/dist/index.js

@@ -0,0 +1,106 @@
+import { getClient } from './client/client';
+import { Storage, StorageKey } from './client/storage/localStorage';
+class AuthService {
+    app;
+    apiURL;
+    // теперь обещание возвращает сам новый токен или null
+    refreshPromise = null;
+    constructor(app, apiURL) {
+        this.app = app;
+        this.apiURL = apiURL;
+    }
+    withApp(app) {
+        this.app = app;
+        return this;
+    }
+    getClient() {
+        return getClient(this.app, this.apiURL);
+    }
+    /**
+     * @description Refresh access token
+     * @returns  `accessToken` -> refresh ok. `null` -> refresh failed
+     **/
+    async doRefresh() {
+        const { data, error } = await this.getClient().POST('/auth/refresh');
+        if (error) {
+            console.error('Refresh error:', error);
+            Storage.Delete(StorageKey.ACCESS_TOKEN);
+            return null;
+        }
+        if (data?.accessToken) {
+            Storage.Set(StorageKey.ACCESS_TOKEN, data.accessToken);
+            return data.accessToken;
+        }
+        Storage.Delete(StorageKey.ACCESS_TOKEN);
+        return null;
+    }
+    // Validate token
+    async Validate() {
+        const token = Storage.Get(StorageKey.ACCESS_TOKEN);
+        if (!token) {
+            return null;
+        }
+        const { response, data, error } = await this.getClient().GET('/auth/me', {
+            params: {
+                query: {
+                    app: this.app,
+                },
+                header: {
+                    Authorization: `Bearer ${token}`,
+                },
+            },
+        });
+        if (error) {
+            console.error(error);
+            return null;
+        }
+        if (!data || !data.user_id) {
+            console.warn('Failed to get user info: ', data);
+            return null;
+        }
+        return {
+            userId: data.user_id,
+            roles: data.roles || [],
+        };
+    }
+    WithAuthorizationToken(request, token = null) {
+        token ??= Storage.Get(StorageKey.ACCESS_TOKEN);
+        if (token) {
+            request.headers.set('Authorization', `Bearer ${token}`);
+        }
+        return request;
+    }
+    async RefreshAndRetry(request, response) {
+        if (!this.refreshPromise) {
+            this.refreshPromise = this.doRefresh();
+        }
+        let token = null;
+        try {
+            token = await this.refreshPromise;
+        }
+        catch (e) {
+            console.error(e);
+        }
+        finally {
+            this.refreshPromise = null;
+        }
+        if (!token) {
+            return response;
+        }
+        try {
+            const originalRequest = request instanceof Request ? request : new Request(request);
+            const retriedResponse = await fetch(this.WithAuthorizationToken(originalRequest.clone(), token));
+            return retriedResponse;
+        }
+        catch (e) {
+            return response;
+        }
+    }
+}
+let auth = null;
+export function GetAuthService(app, apiURL) {
+    if (!auth) {
+        auth = new AuthService(app, apiURL);
+    }
+    return auth.withApp(app);
+}

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "@dehwyyy/auth",
+  "version": "1.0.2",
+  "private": false,
+  "description": "dehwyyy auth utilities",
+  "type": "module",
+  "module": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js"
+    },
+    "./guard": {
+      "import": "./dist/guard/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepack": "npm run build",
+    "lint": "prettier --check .",
+    "ts": "tsc",
+    "format": "prettier --write ."
+  },
+  "engines": {
+    "bun": ">=0.5.0"
+  },
+  "keywords": [
+    "auth",
+    "dehwyyy",
+    "dehwyyyauth"
+  ],
+  "author": "",
+  "license": "MIT",
+  "devDependencies": {
+    "prettier": "^3.0.0",
+    "typescript": "5.8.2"
+  },
+  "dependencies": {
+    "openapi-fetch": "^0.14.0"
+  }
+}