@draftlab/auth 0.10.4 → 0.11.0

package/dist/core.d.mts

@@ -3,7 +3,6 @@ import { UnknownStateError } from "./error.mjs";
 import { Prettify } from "./util.mjs";
 import { SubjectPayload, SubjectSchema } from "./subject.mjs";
 import { StorageAdapter } from "./storage/storage.mjs";
-import { Plugin } from "./plugin/types.mjs";
 import { Provider } from "./provider/provider.mjs";
 import { Theme } from "./themes/theme.mjs";
 import { AuthorizationState } from "./types.mjs";
@@ -61,8 +60,6 @@ interface IssuerInput<Providers extends Record<string, Provider<unknown>>, Subje
   error?(error: UnknownStateError, req: Request): Promise<Response>;
   /** Client authorization check function */
   allow?(input: AllowCheckInput, req: Request): Promise<boolean>;
-  /** Plugin configuration */
-  plugins?: Plugin[];
   /**
    * Refresh callback for updating user claims.
    *

package/dist/core.mjs

@@ -5,7 +5,6 @@ import { validatePKCE } from "./pkce.mjs";
 import { generateSecureToken } from "./random.mjs";
 import { Storage } from "./storage/storage.mjs";
 import { encryptionKeys, signingKeys } from "./keys.mjs";
-import { PluginManager } from "./plugin/manager.mjs";
 import { Revocation } from "./revocation.mjs";
 import { setTheme } from "./themes/theme.mjs";
 import { Select } from "./ui/select.mjs";
@@ -188,15 +187,6 @@ const issuer = (input) => {
 			const authorization = await getAuthorization(ctx);
 			const currentProvider = ctx.get("provider") || "unknown";
 			if (!authorization.client_id) throw new Error("client_id is required");
-			if (manager) try {
-				const subjectProperties = properties && typeof properties === "object" ? properties : {};
-				await manager.executeSuccessHooks(authorization.client_id, currentProvider, {
-					type: currentProvider,
-					properties: subjectProperties
-				});
-			} catch (error$1) {
-				console.error("Plugin success hook failed:", error$1);
-			}
 			return await input.success({ async subject(type, properties$1, subjectOpts) {
 				const subject = subjectOpts?.subject ?? await resolveSubject(type, properties$1);
 				await successOpts?.invalidate?.(await resolveSubject(type, properties$1));
@@ -287,22 +277,6 @@ const issuer = (input) => {
 		storage
 	};
 	const app = new Router({ basePath: input.basePath });
-	const manager = input.plugins && input.plugins.length > 0 ? new PluginManager(input.storage) : null;
-	let pluginsInitialized = false;
-	if (manager && input.plugins) {
-		manager.registerAll(input.plugins);
-		manager.setupRoutes(app);
-		app.use(async (c, next) => {
-			if (!pluginsInitialized) try {
-				await manager.initialize();
-				pluginsInitialized = true;
-			} catch (error$1) {
-				console.error("Plugin initialization failed:", error$1);
-				return c.newResponse("Plugin initialization failed", { status: 500 });
-			}
-			return await next();
-		});
-	}
 	for (const [name, value] of Object.entries(input.providers)) {
 		const route = new Router();
 		route.use(async (c, next) => {
@@ -590,10 +564,6 @@ const issuer = (input) => {
 			redirectURI: redirect_uri,
 			audience
 		}, c.request)) throw new UnauthorizedClientError(client_id, redirect_uri);
-		if (manager) {
-			const scopes = scope ? scope.split(" ") : void 0;
-			await manager.executeAuthorizeHooks(client_id, provider, scopes);
-		}
 		await auth.set(c, "authorization", 900, authorization);
 		if (provider) return c.redirect(`${provider}/authorize`);
 		const availableProviders = Object.keys(input.providers);
@@ -601,12 +571,6 @@ const issuer = (input) => {
 		return auth.forward(c, await select()(Object.fromEntries(Object.entries(input.providers).map(([key, value]) => [key, value.type])), c.request));
 	});
 	app.onError(async (err, c) => {
-		if (manager) try {
-			const errorObj = err instanceof Error ? err : new Error(String(err));
-			await manager.executeErrorHooks(errorObj);
-		} catch (hookError) {
-			console.error("Plugin error hook failed:", hookError);
-		}
 		if (err instanceof UnknownStateError) return auth.forward(c, await error(err, c.request));
 		try {
 			const authorization = await getAuthorization(c);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@draftlab/auth",
-  "version": "0.10.4",
+  "version": "0.11.0",
   "type": "module",
   "description": "Core implementation for @draftlab/auth",
   "author": "Matheus Pergoli",
@@ -39,7 +39,7 @@
   "devDependencies": {
     "@types/node": "^25.0.3",
     "@types/qrcode": "^1.5.6",
-    "tsdown": "^0.18.2",
+    "tsdown": "^0.18.3",
     "typescript": "^5.9.3",
     "@draftlab/tsconfig": "0.1.0"
   },
@@ -63,7 +63,7 @@
     "preact": "^10.28.1",
     "preact-render-to-string": "^6.6.4",
     "qrcode": "^1.5.4",
-    "@draftlab/auth-router": "0.4.1"
+    "@draftlab/auth-router": "0.5.0"
   },
   "engines": {
     "node": ">=18"

package/dist/plugin/builder.d.mts

@@ -1,27 +0,0 @@
-import { PluginBuilder } from "./plugin.mjs";
-
-//#region src/plugin/builder.d.ts
-
-/**
- * Create a new plugin builder.
- * Plugins are built using a fluent API that supports routes and lifecycle hooks.
- *
- * @param id - Unique identifier for the plugin
- * @returns Plugin builder with chainable methods
- *
- * @example
- * ```ts
- * const analytics = plugin("analytics")
- *   .onSuccess(async (ctx) => {
- *     await ctx.storage.set(`success:${ctx.clientID}`, ctx.subject)
- *   })
- *   .post("/stats", async (ctx) => {
- *     const stats = await ctx.pluginStorage.get("stats")
- *     return ctx.json(stats)
- *   })
- *   .build()
- * ```
- */
-declare const plugin: (id: string) => PluginBuilder;
-//#endregion
-export { plugin };

package/dist/plugin/builder.mjs

@@ -1,93 +0,0 @@
-//#region src/plugin/builder.ts
-/**
-* Create a new plugin builder.
-* Plugins are built using a fluent API that supports routes and lifecycle hooks.
-*
-* @param id - Unique identifier for the plugin
-* @returns Plugin builder with chainable methods
-*
-* @example
-* ```ts
-* const analytics = plugin("analytics")
-*   .onSuccess(async (ctx) => {
-*     await ctx.storage.set(`success:${ctx.clientID}`, ctx.subject)
-*   })
-*   .post("/stats", async (ctx) => {
-*     const stats = await ctx.pluginStorage.get("stats")
-*     return ctx.json(stats)
-*   })
-*   .build()
-* ```
-*/
-const plugin = (id) => {
-	if (!id || typeof id !== "string") throw new Error("Plugin id must be a non-empty string");
-	const routes = [];
-	const registeredPaths = /* @__PURE__ */ new Set();
-	let initHook;
-	let authorizeHook;
-	let successHook;
-	let errorHook;
-	const validatePath = (path) => {
-		if (!path || typeof path !== "string") throw new Error("Route path must be a non-empty string");
-		if (!path.startsWith("/")) throw new Error("Route path must start with '/'");
-	};
-	return {
-		get(path, handler) {
-			validatePath(path);
-			const routeKey = `GET ${path}`;
-			if (registeredPaths.has(routeKey)) throw new Error(`Route ${routeKey} already registered in plugin '${id}'`);
-			registeredPaths.add(routeKey);
-			routes.push({
-				method: "GET",
-				path,
-				handler
-			});
-			return this;
-		},
-		post(path, handler) {
-			validatePath(path);
-			const routeKey = `POST ${path}`;
-			if (registeredPaths.has(routeKey)) throw new Error(`Route ${routeKey} already registered in plugin '${id}'`);
-			registeredPaths.add(routeKey);
-			routes.push({
-				method: "POST",
-				path,
-				handler
-			});
-			return this;
-		},
-		onInit(handler) {
-			if (initHook) throw new Error(`onInit hook already defined for plugin '${id}'`);
-			initHook = handler;
-			return this;
-		},
-		onAuthorize(handler) {
-			if (authorizeHook) throw new Error(`onAuthorize hook already defined for plugin '${id}'`);
-			authorizeHook = handler;
-			return this;
-		},
-		onSuccess(handler) {
-			if (successHook) throw new Error(`onSuccess hook already defined for plugin '${id}'`);
-			successHook = handler;
-			return this;
-		},
-		onError(handler) {
-			if (errorHook) throw new Error(`onError hook already defined for plugin '${id}'`);
-			errorHook = handler;
-			return this;
-		},
-		build() {
-			return {
-				id,
-				routes: routes.length > 0 ? routes : void 0,
-				onInit: initHook,
-				onAuthorize: authorizeHook,
-				onSuccess: successHook,
-				onError: errorHook
-			};
-		}
-	};
-};
-
-//#endregion
-export { plugin };

package/dist/plugin/manager.d.mts

@@ -1,62 +0,0 @@
-import { StorageAdapter } from "../storage/storage.mjs";
-import { Plugin } from "./types.mjs";
-import { Router } from "@draftlab/auth-router";
-
-//#region src/plugin/manager.d.ts
-
-declare class PluginManager {
-  private readonly plugins;
-  private readonly storage;
-  constructor(storage: StorageAdapter);
-  /**
-   * Register a plugin
-   */
-  register(plugin: Plugin): void;
-  /**
-   * Register multiple plugins at once
-   */
-  registerAll(plugins: Plugin[]): void;
-  /**
-   * Get all registered plugins
-   */
-  getAll(): Plugin[];
-  /**
-   * Get plugin by id
-   */
-  get(id: string): Plugin | undefined;
-  /**
-   * Initialize all plugins.
-   * Called once during issuer setup.
-   * Plugins can set up initial state or validate configuration.
-   *
-   * @throws PluginError if any plugin initialization fails
-   */
-  initialize(): Promise<void>;
-  /**
-   * Execute authorize hooks for all plugins.
-   * Called before processing an authorization request.
-   * Can validate, rate limit, or enhance the request.
-   */
-  executeAuthorizeHooks(clientID: string, provider?: string, scopes?: string[]): Promise<void>;
-  /**
-   * Execute success hooks for all plugins.
-   * Called after successful authentication.
-   * Runs in parallel for better performance.
-   * Plugins cannot modify the response.
-   */
-  executeSuccessHooks(clientID: string, provider: string | undefined, subject: {
-    type: string;
-    properties: Record<string, unknown>;
-  }): Promise<void>;
-  /**
-   * Execute error hooks for all plugins.
-   * Called when an authentication error occurs.
-   */
-  executeErrorHooks(error: Error, clientID?: string, provider?: string): Promise<void>;
-  /**
-   * Setup plugin routes on a router
-   */
-  setupRoutes(router: Router): void;
-}
-//#endregion
-export { PluginManager };

package/dist/plugin/manager.mjs

@@ -1,160 +0,0 @@
-import { PluginError } from "./types.mjs";
-
-//#region src/plugin/manager.ts
-var PluginManager = class {
-	plugins = /* @__PURE__ */ new Map();
-	storage;
-	constructor(storage) {
-		this.storage = storage;
-	}
-	/**
-	* Register a plugin
-	*/
-	register(plugin) {
-		if (this.plugins.has(plugin.id)) throw new PluginError(`Plugin already registered`, plugin.id);
-		this.plugins.set(plugin.id, plugin);
-	}
-	/**
-	* Register multiple plugins at once
-	*/
-	registerAll(plugins) {
-		for (const plugin of plugins) this.register(plugin);
-	}
-	/**
-	* Get all registered plugins
-	*/
-	getAll() {
-		return Array.from(this.plugins.values());
-	}
-	/**
-	* Get plugin by id
-	*/
-	get(id) {
-		return this.plugins.get(id);
-	}
-	/**
-	* Initialize all plugins.
-	* Called once during issuer setup.
-	* Plugins can set up initial state or validate configuration.
-	*
-	* @throws PluginError if any plugin initialization fails
-	*/
-	async initialize() {
-		for (const plugin of this.plugins.values()) {
-			if (!plugin.onInit) continue;
-			try {
-				const context = {
-					pluginId: plugin.id,
-					request: new Request("http://internal/init"),
-					now: /* @__PURE__ */ new Date(),
-					storage: this.storage
-				};
-				await plugin.onInit(context);
-			} catch (error) {
-				throw new PluginError(`Initialization failed: ${error instanceof Error ? error.message : String(error)}`, plugin.id);
-			}
-		}
-	}
-	/**
-	* Execute authorize hooks for all plugins.
-	* Called before processing an authorization request.
-	* Can validate, rate limit, or enhance the request.
-	*/
-	async executeAuthorizeHooks(clientID, provider, scopes) {
-		for (const plugin of this.plugins.values()) {
-			if (!plugin.onAuthorize) continue;
-			try {
-				const context = {
-					pluginId: plugin.id,
-					request: new Request("http://internal/authorize"),
-					now: /* @__PURE__ */ new Date(),
-					storage: this.storage,
-					clientID,
-					provider,
-					scopes
-				};
-				await plugin.onAuthorize(context);
-			} catch (error) {
-				throw new PluginError(`Authorization hook failed: ${error instanceof Error ? error.message : String(error)}`, plugin.id);
-			}
-		}
-	}
-	/**
-	* Execute success hooks for all plugins.
-	* Called after successful authentication.
-	* Runs in parallel for better performance.
-	* Plugins cannot modify the response.
-	*/
-	async executeSuccessHooks(clientID, provider, subject) {
-		const hooks = Array.from(this.plugins.values()).filter((p) => p.onSuccess).map(async (plugin) => {
-			const context = {
-				pluginId: plugin.id,
-				request: new Request("http://internal/success"),
-				now: /* @__PURE__ */ new Date(),
-				storage: this.storage,
-				clientID,
-				provider,
-				subject
-			};
-			return plugin.onSuccess?.(context).catch((error) => {
-				console.error(`[Plugin: ${plugin.id}] Success hook failed:`, error instanceof Error ? error.message : String(error));
-			});
-		});
-		await Promise.all(hooks);
-	}
-	/**
-	* Execute error hooks for all plugins.
-	* Called when an authentication error occurs.
-	*/
-	async executeErrorHooks(error, clientID, provider) {
-		for (const plugin of this.plugins.values()) {
-			if (!plugin.onError) continue;
-			try {
-				const context = {
-					pluginId: plugin.id,
-					request: new Request("http://internal/error"),
-					now: /* @__PURE__ */ new Date(),
-					storage: this.storage,
-					error,
-					clientID,
-					provider
-				};
-				await plugin.onError(context);
-			} catch (hookError) {
-				console.error(`[Plugin: ${plugin.id}] Error hook failed:`, hookError instanceof Error ? hookError.message : String(hookError));
-			}
-		}
-	}
-	/**
-	* Setup plugin routes on a router
-	*/
-	setupRoutes(router) {
-		const registeredPaths = /* @__PURE__ */ new Set();
-		for (const plugin of this.plugins.values()) {
-			if (!plugin.routes) continue;
-			for (const route of plugin.routes) {
-				const fullPath = `/plugin/${plugin.id}${route.path}`;
-				if (registeredPaths.has(fullPath)) throw new PluginError(`Route conflict: ${fullPath} already registered`, plugin.id);
-				registeredPaths.add(fullPath);
-				const handler = async (ctx) => {
-					const pluginCtx = {
-						...ctx,
-						storage: this.storage
-					};
-					return await route.handler(pluginCtx);
-				};
-				switch (route.method) {
-					case "GET":
-						router.get(fullPath, handler);
-						break;
-					case "POST":
-						router.post(fullPath, handler);
-						break;
-				}
-			}
-		}
-	}
-};
-
-//#endregion
-export { PluginManager };

package/dist/plugin/plugin.d.mts

@@ -1,42 +0,0 @@
-import { Plugin, PluginAuthorizeHook, PluginErrorHook, PluginInitHook, PluginRouteHandler, PluginSuccessHook } from "./types.mjs";
-
-//#region src/plugin/plugin.d.ts
-
-/**
- * Plugin builder interface for creating plugins with a fluent API.
- *
- * The builder pattern allows for elegant plugin definition:
- * - Chain route definitions with lifecycle hooks
- * - Each method returns this for chaining
- * - Build finalizes the plugin definition
- *
- * @example
- * ```ts
- * const myPlugin = plugin("my-plugin")
- *   .onInit(async (ctx) => {
- *     console.log("Plugin initialized")
- *   })
- *   .post("/action", async (ctx) => {
- *     return ctx.json({ success: true })
- *   })
- *   .build()
- * ```
- */
-interface PluginBuilder {
-  /** Register a GET route */
-  get(path: string, handler: PluginRouteHandler): PluginBuilder;
-  /** Register a POST route */
-  post(path: string, handler: PluginRouteHandler): PluginBuilder;
-  /** Register initialization hook (called once during issuer setup) */
-  onInit(handler: PluginInitHook): PluginBuilder;
-  /** Register authorization hook (called before authorization request) */
-  onAuthorize(handler: PluginAuthorizeHook): PluginBuilder;
-  /** Register success hook (called after successful authentication) */
-  onSuccess(handler: PluginSuccessHook): PluginBuilder;
-  /** Register error hook (called when authentication fails) */
-  onError(handler: PluginErrorHook): PluginBuilder;
-  /** Build the final plugin */
-  build(): Plugin;
-}
-//#endregion
-export { PluginBuilder };

package/dist/plugin/plugin.mjs

@@ -1 +0,0 @@
-export {  };

package/dist/plugin/types.d.mts

@@ -1,99 +0,0 @@
-import { StorageAdapter } from "../storage/storage.mjs";
-import { RouterContext } from "@draftlab/auth-router/types";
-
-//#region src/plugin/types.d.ts
-
-interface PluginContext extends RouterContext {
-  storage: StorageAdapter;
-}
-/**
- * Plugin route handler function
- */
-type PluginRouteHandler = (context: PluginContext) => Promise<Response>;
-/**
- * Plugin route definition
- */
-interface PluginRoute {
-  /** Route path (e.g., "/admin", "/stats") */
-  readonly path: string;
-  /** HTTP method */
-  readonly method: "GET" | "POST";
-  /** Route handler function */
-  readonly handler: PluginRouteHandler;
-}
-/**
- * Lifecycle hook context provided to plugin hooks.
- * Contains information about the current operation and access to isolated storage.
- */
-interface PluginHookContext {
-  /** Unique identifier for the plugin */
-  pluginId: string;
-  /** Raw request object */
-  request: Request;
-  /** Current time for consistency across hook execution */
-  now: Date;
-  /** Storage adapter for data persistence */
-  storage: StorageAdapter;
-}
-/**
- * Hook called when the issuer is being initialized.
- * Useful for plugins that need to set up initial state or validate configuration.
- * Should complete quickly - takes place during server startup.
- */
-type PluginInitHook = (context: PluginHookContext) => Promise<void>;
-/**
- * Hook called before an authorization request is processed.
- * Use for validation, rate limiting, or request enhancement.
- */
-type PluginAuthorizeHook = (context: PluginHookContext & {
-  clientID: string;
-  provider?: string;
-  scopes?: string[];
-}) => Promise<void>;
-/**
- * Hook called after successful authentication.
- * Use for logging, analytics, webhooks, or side effects.
- * Cannot modify the response - hooks run in parallel.
- */
-type PluginSuccessHook = (context: PluginHookContext & {
-  clientID: string;
-  provider?: string;
-  subject: {
-    type: string;
-    properties: Record<string, unknown>;
-  };
-}) => Promise<void>;
-/**
- * Hook called when an authentication error occurs.
- * Use for error logging, custom error pages, or error transformation.
- */
-type PluginErrorHook = (context: PluginHookContext & {
-  error: Error;
-  clientID?: string;
-  provider?: string;
-}) => Promise<void>;
-/**
- * Main plugin interface with lifecycle hooks and storage isolation
- */
-interface Plugin {
-  /** Unique plugin identifier */
-  readonly id: string;
-  /** Custom routes added by this plugin */
-  readonly routes?: readonly PluginRoute[];
-  /** Called once when the issuer initializes */
-  readonly onInit?: PluginInitHook;
-  /** Called before authorization request is processed */
-  readonly onAuthorize?: PluginAuthorizeHook;
-  /** Called after successful authentication */
-  readonly onSuccess?: PluginSuccessHook;
-  /** Called when an error occurs during authentication */
-  readonly onError?: PluginErrorHook;
-}
-/**
- * Plugin error types
- */
-declare class PluginError extends Error {
-  constructor(message: string, pluginId: string);
-}
-//#endregion
-export { Plugin, PluginAuthorizeHook, PluginContext, PluginError, PluginErrorHook, PluginHookContext, PluginInitHook, PluginRoute, PluginRouteHandler, PluginSuccessHook };

package/dist/plugin/types.mjs

@@ -1,13 +0,0 @@
-//#region src/plugin/types.ts
-/**
-* Plugin error types
-*/
-var PluginError = class extends Error {
-	constructor(message, pluginId) {
-		super(`[Plugin: ${pluginId}] ${message}`);
-		this.name = "PluginError";
-	}
-};
-
-//#endregion
-export { PluginError };