@elevasis/ui 1.0.0

package/dist/chunk-OEYU5O27.js

@@ -0,0 +1,235 @@
+import { AuthProvider } from './chunk-7PLEQFHO.js';
+import { useAuth } from '@workos-inc/authkit-react';
+import { createContext, useMemo, useState, useCallback, useEffect, useContext } from 'react';
+import { jsx } from 'react/jsx-runtime';
+
+function WorkOSAuthBridge({ children }) {
+  const { user, isLoading, getAccessToken, organizationId } = useAuth();
+  const adaptedUser = useMemo(() => user ? { id: user.id } : null, [user?.id]);
+  const value = useMemo(
+    () => ({
+      user: adaptedUser,
+      isLoading,
+      getAccessToken,
+      organizationId: organizationId ?? null
+    }),
+    [adaptedUser, isLoading, getAccessToken, organizationId]
+  );
+  return /* @__PURE__ */ jsx(AuthProvider, { value, children });
+}
+function generateRandomString(length) {
+  const array = new Uint8Array(length);
+  crypto.getRandomValues(array);
+  return Array.from(array, (b) => b.toString(16).padStart(2, "0")).join("").slice(0, length);
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  return btoa(String.fromCharCode(...new Uint8Array(digest))).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function generateState() {
+  return generateRandomString(32);
+}
+var STORAGE_KEYS = {
+  tokens: "elevasis_oauth_tokens",
+  codeVerifier: "elevasis_oauth_code_verifier",
+  state: "elevasis_oauth_state"
+};
+function saveToStorage(key, value) {
+  try {
+    sessionStorage.setItem(key, value);
+  } catch {
+  }
+}
+function loadFromStorage(key) {
+  try {
+    return sessionStorage.getItem(key);
+  } catch {
+    return null;
+  }
+}
+function clearStorageKeys() {
+  try {
+    sessionStorage.removeItem(STORAGE_KEYS.tokens);
+    sessionStorage.removeItem(STORAGE_KEYS.codeVerifier);
+    sessionStorage.removeItem(STORAGE_KEYS.state);
+  } catch {
+  }
+}
+function loadStoredTokens() {
+  const raw = loadFromStorage(STORAGE_KEYS.tokens);
+  if (!raw) return null;
+  try {
+    const parsed = JSON.parse(raw);
+    if (parsed.accessToken) return parsed;
+  } catch {
+  }
+  return null;
+}
+function saveTokens(tokens) {
+  saveToStorage(STORAGE_KEYS.tokens, JSON.stringify(tokens));
+}
+function decodeJwtPayload(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const payload = parts[1];
+    const padded = payload.replace(/-/g, "+").replace(/_/g, "/") + "=".repeat((4 - payload.length % 4) % 4);
+    return JSON.parse(atob(padded));
+  } catch {
+    return null;
+  }
+}
+function decodeUserFromJwt(token) {
+  const payload = decodeJwtPayload(token);
+  if (!payload) return null;
+  const sub = payload.sub;
+  if (sub) return { id: sub };
+  return null;
+}
+function decodeOrgIdFromJwt(token) {
+  const payload = decodeJwtPayload(token);
+  if (!payload) return null;
+  return payload.org_id ?? null;
+}
+var OAuthContext = createContext(null);
+function useOAuthContext() {
+  const ctx = useContext(OAuthContext);
+  if (!ctx) {
+    throw new Error("useOAuthContext must be used within an OAuthProvider.");
+  }
+  return ctx;
+}
+function OAuthProvider({ config, children }) {
+  const useStorage = config.tokenStorage === "session";
+  const [state, setState] = useState(() => {
+    const storedTokens = useStorage ? loadStoredTokens() : null;
+    return {
+      tokens: storedTokens,
+      user: storedTokens ? decodeUserFromJwt(storedTokens.accessToken) : null,
+      organizationId: storedTokens ? decodeOrgIdFromJwt(storedTokens.accessToken) : config.organizationId ?? null,
+      isLoading: false,
+      error: null
+    };
+  });
+  const exchangeCodeForTokens = useCallback(
+    async (code, codeVerifier) => {
+      setState((prev) => ({ ...prev, isLoading: true, error: null }));
+      try {
+        const response = await fetch(
+          "https://api.workos.com/user_management/authenticate",
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+              client_id: config.clientId,
+              code_verifier: codeVerifier,
+              grant_type: "authorization_code",
+              code
+            })
+          }
+        );
+        if (!response.ok) {
+          const text = await response.text();
+          throw new Error(`Token exchange failed (${response.status}): ${text}`);
+        }
+        const data = await response.json();
+        const tokens = {
+          accessToken: data.access_token,
+          refreshToken: data.refresh_token
+        };
+        if (useStorage) saveTokens(tokens);
+        setState({
+          tokens,
+          user: decodeUserFromJwt(tokens.accessToken),
+          organizationId: decodeOrgIdFromJwt(tokens.accessToken) ?? (config.organizationId ?? null),
+          isLoading: false,
+          error: null
+        });
+      } catch (err) {
+        setState((prev) => ({
+          ...prev,
+          isLoading: false,
+          error: err instanceof Error ? err.message : "Token exchange failed"
+        }));
+      }
+    },
+    [config.clientId, config.organizationId, useStorage]
+  );
+  const initiateOAuthFlow = useCallback(() => {
+    const start = async () => {
+      const verifier = generateRandomString(64);
+      const challenge = await generateCodeChallenge(verifier);
+      const oauthState = generateState();
+      saveToStorage(STORAGE_KEYS.codeVerifier, verifier);
+      saveToStorage(STORAGE_KEYS.state, oauthState);
+      const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: config.redirectUri,
+        response_type: "code",
+        code_challenge: challenge,
+        code_challenge_method: "S256",
+        state: oauthState
+      });
+      if (config.organizationId) {
+        params.set("organization_id", config.organizationId);
+      }
+      window.location.href = `https://api.workos.com/user_management/authorize?${params.toString()}`;
+    };
+    void start();
+  }, [config.clientId, config.redirectUri, config.organizationId]);
+  useEffect(() => {
+    const url = new URL(window.location.href);
+    const code = url.searchParams.get("code");
+    const returnedState = url.searchParams.get("state");
+    if (!code) return;
+    const storedState = loadFromStorage(STORAGE_KEYS.state);
+    if (storedState && returnedState !== storedState) {
+      setState((prev) => ({ ...prev, error: "OAuth state mismatch" }));
+      return;
+    }
+    const codeVerifier = loadFromStorage(STORAGE_KEYS.codeVerifier);
+    if (!codeVerifier) {
+      setState((prev) => ({ ...prev, error: "Missing code verifier" }));
+      return;
+    }
+    url.searchParams.delete("code");
+    url.searchParams.delete("state");
+    window.history.replaceState({}, "", url.pathname + url.search);
+    clearStorageKeys();
+    void exchangeCodeForTokens(code, codeVerifier);
+  }, [exchangeCodeForTokens]);
+  const getAccessToken = useCallback(async () => {
+    if (state.tokens?.accessToken) return state.tokens.accessToken;
+    initiateOAuthFlow();
+    throw new Error("No access token available. Redirecting to login.");
+  }, [state.tokens, initiateOAuthFlow]);
+  const value = useMemo(
+    () => ({
+      user: state.user,
+      isLoading: state.isLoading,
+      organizationId: state.organizationId,
+      getAccessToken,
+      error: state.error,
+      initiateOAuthFlow
+    }),
+    [state.user, state.isLoading, state.organizationId, state.error, getAccessToken, initiateOAuthFlow]
+  );
+  return /* @__PURE__ */ jsx(OAuthContext.Provider, { value, children });
+}
+function OAuthAuthBridge({ children }) {
+  const { user, isLoading, getAccessToken, organizationId } = useOAuthContext();
+  const value = useMemo(
+    () => ({
+      user,
+      isLoading,
+      getAccessToken,
+      organizationId
+    }),
+    [user, isLoading, getAccessToken, organizationId]
+  );
+  return /* @__PURE__ */ jsx(AuthProvider, { value, children });
+}
+
+export { OAuthAuthBridge, OAuthProvider, WorkOSAuthBridge };