@enterprisestandard/react 0.0.1

package/dist/enterprise-user.d.ts

@@ -0,0 +1,124 @@
+export interface EnterpriseUser {
+    schemas?: string[];
+    id?: string;
+    externalId?: string;
+    meta?: {
+        resourceType?: string;
+        created?: string;
+        lastModified?: string;
+        version?: string;
+        location?: string;
+    };
+    userName: string;
+    name: string;
+    fullName?: {
+        formatted?: string;
+        familyName?: string;
+        givenName?: string;
+        middleName?: string;
+        honorificPrefix?: string;
+        honorificSuffix?: string;
+    };
+    nickName?: string;
+    profileUrl?: string;
+    avatarUrl?: string;
+    title?: string;
+    userType?: string;
+    preferredLanguage?: string;
+    locale?: string;
+    timezone?: string;
+    active?: boolean;
+    password?: string;
+    email: string;
+    emails?: Array<{
+        value: string;
+        type?: string;
+        primary?: boolean;
+        display?: string;
+    }>;
+    phoneNumbers?: Array<{
+        value: string;
+        type?: string;
+        primary?: boolean;
+        display?: string;
+    }>;
+    ims?: Array<{
+        value: string;
+        type?: string;
+        primary?: boolean;
+        display?: string;
+    }>;
+    photos?: Array<{
+        value: string;
+        type?: string;
+        primary?: boolean;
+        display?: string;
+    }>;
+    addresses?: Array<{
+        formatted?: string;
+        streetAddress?: string;
+        locality?: string;
+        region?: string;
+        postalCode?: string;
+        country?: string;
+        type?: string;
+        primary?: boolean;
+    }>;
+    groups?: Array<{
+        value: string;
+        $ref?: string;
+        display?: string;
+        type?: string;
+    }>;
+    entitlements?: Array<{
+        value: string;
+        display?: string;
+        type?: string;
+        primary?: boolean;
+    }>;
+    roles?: Array<{
+        value: string;
+        display?: string;
+        type?: string;
+        primary?: boolean;
+    }>;
+    x509Certificates?: Array<{
+        value: string;
+        display?: string;
+        type?: string;
+        primary?: boolean;
+    }>;
+    employeeNumber?: string;
+    costCenter?: string;
+    organization?: string;
+    division?: string;
+    department?: string;
+    manager?: {
+        value: string;
+        $ref?: string;
+        displayName?: string;
+    };
+    sso?: {
+        profile: IdTokenClaims;
+        tenant: {
+            id: string;
+            name: string;
+        };
+        scope?: string;
+        tokenType: string;
+        sessionState?: string;
+        expires: Date;
+    };
+}
+export type IdTokenClaims = {
+    iss?: string;
+    aud?: string;
+    exp?: number;
+    iat?: number;
+    sub?: string;
+    name?: string;
+    email?: string;
+    preferred_username?: string;
+    picture?: string;
+    [key: string]: unknown;
+};

package/dist/iam.d.ts

@@ -0,0 +1,12 @@
+type IAMConfig = {
+    url: string;
+    userEndpoint: string;
+    groupEndpoint: string;
+};
+export type IAM = {
+    url: string;
+    userEndpoint: string;
+    groupEndpoint: string;
+};
+export declare function iam(config: IAMConfig): Promise<IAM>;
+export {};

package/dist/index.d.ts

@@ -0,0 +1,21 @@
+import { SSOManager } from './sso';
+import { type Vault } from './vault';
+import { type IAM } from './iam';
+export type EnterpriseStandard = {
+    ioniteUrl: string;
+    appId: string;
+    defaultInstance: boolean;
+    vault: Vault;
+    sso?: SSOManager;
+    iam?: IAM;
+};
+type ESConfig = {
+    ioniteUrl?: string;
+    defaultInstance?: boolean;
+    ssoUserUrl?: string;
+};
+export declare function enterpriseStandard(appId: string, appKey?: string, initConfig?: ESConfig): Promise<EnterpriseStandard>;
+export type * from './enterprise-user';
+export { oidcCallbackSchema } from './oidc-schema';
+export * from './server';
+export { useUser } from './useUser';

package/dist/index.js

@@ -0,0 +1,620 @@
+// src/utils.ts
+var defaultInstance;
+function must(value, message = "Assertion failed. Required value is null or undefined.") {
+  if (value === undefined || value === null) {
+    throw new Error(message);
+  }
+  return value;
+}
+function setDefaultInstance(es) {
+  defaultInstance = es;
+}
+function getDefaultInstance() {
+  return defaultInstance;
+}
+function getES(es) {
+  if (es)
+    return es;
+  if (defaultInstance)
+    return defaultInstance;
+  throw new Error(`TODO standardize the error message when there isn't a default EntepriseStandard`);
+}
+
+// src/sso.ts
+var jwksCache = new Map;
+
+class SSOManager {
+  config;
+  constructor(config) {
+    this.config = {
+      ...config,
+      secure: config.secure === undefined || config.secure === true ? true : false,
+      sameSite: config.sameSite === undefined || config.sameSite === "Strict" ? "Strict" : "Lax",
+      cookiePrefix: config.cookiePrefix ?? `es.sso.${config.client_id}`,
+      cookiePath: config.cookiePath ?? "/"
+    };
+  }
+  async getUser(request) {
+    if (!this.config) {
+      console.error("SSO Manager not initialized");
+      return;
+    }
+    try {
+      const token = await this.getJwt(request);
+      if (!token)
+        return;
+      return await this.parseUser(token);
+    } catch (error) {
+      console.error("Error parsing user from cookies:", error);
+      return;
+    }
+  }
+  async getRequiredUser(request) {
+    const user = await this.getUser(request);
+    if (user)
+      return user;
+    throw new Response("Unauthorized", {
+      status: 401,
+      statusText: "Unauthorized"
+    });
+  }
+  async initiateLogin(landingPage, errorPage) {
+    if (!this.config) {
+      console.error("SSO Manager not initialized");
+      return Promise.resolve(new Response("SSO Manager not initialized", { status: 503 }));
+    }
+    const state = this.generateRandomString();
+    const codeVerifier = this.generateRandomString(64);
+    const url = new URL(this.config.authorization_url);
+    url.searchParams.append("client_id", this.config.client_id);
+    url.searchParams.append("redirect_uri", this.config.redirect_uri);
+    url.searchParams.append("response_type", "code");
+    url.searchParams.append("scope", this.config.scope);
+    url.searchParams.append("state", state);
+    const codeChallenge = await this.pkceChallengeFromVerifier(codeVerifier);
+    url.searchParams.append("code_challenge", codeChallenge);
+    url.searchParams.append("code_challenge_method", "S256");
+    const val = {
+      state,
+      codeVerifier,
+      landingPage,
+      errorPage
+    };
+    return new Response("Redirecting to SSO Provider", {
+      status: 302,
+      headers: {
+        Location: url.toString(),
+        "Set-Cookie": this.createCookie("state", val, 86400)
+      }
+    });
+  }
+  async callbackHandler(request) {
+    if (!this.config) {
+      console.error("SSO Manager not initialized");
+      return Promise.resolve(new Response("SSO Manager not initialized", { status: 503 }));
+    }
+    const url = new URL(request.url);
+    const params = new URLSearchParams(url.search);
+    try {
+      const codeFromUrl = must(params.get("code"), 'OIDC "code" was not passed as a search param, ensure that the SSO login completed successfully');
+      const stateFromUrl = must(params.get("state"), 'OIDC "state" was not passed as a search param, ensure that the SSO login completed successfully');
+      const cookie = this.getCookie("state", request, true);
+      const { codeVerifier, state, landingPage } = cookie ?? {};
+      must(codeVerifier, 'OIDC "codeVerifier" was not present in cookies, ensure that the SSO login was initiated correctly');
+      must(state, 'OIDC "stateVerifier" was not present in cookies, ensure that the SSO login was initiated correctly');
+      must(landingPage, 'OIDC "landingPage" was not present in cookies');
+      if (stateFromUrl !== state) {
+        throw new Error('SSO State Verifier failed, the "state" request parameter does not equal the "state" in the SSO cookie');
+      }
+      const tokenResponse = await this.exchangeCodeForToken(codeFromUrl, codeVerifier);
+      const user = await this.parseUser(tokenResponse);
+      return new Response("Authentication successful, redirecting", {
+        status: 302,
+        headers: [
+          ["Location", landingPage],
+          ["Set-Cookie", this.clearCookie("state")],
+          ...this.createJwtCookies(tokenResponse, user.sso.expires)
+        ]
+      });
+    } catch (error) {
+      console.error("Error during sign-in callback:", error);
+      try {
+        const cookie = this.getCookie("state", request, true);
+        const { errorPage } = cookie ?? {};
+        if (errorPage) {
+          return new Response("Redirecting to error page", {
+            status: 302,
+            headers: [
+              ["Location", errorPage]
+            ]
+          });
+        }
+      } catch (err) {
+        console.warn("Error parsing the errorPage from the OIDC cookie");
+      }
+      console.warn("No error page was found in the cookies. The user will be shown a default error page.");
+      return new Response("An error occurred during authentication, please return to the application homepage and try again.", {
+        status: 500
+      });
+    }
+  }
+  async parseUser(token) {
+    if (!this.config)
+      throw new Error("SSO Manager not initialized");
+    const idToken = await this.parseJwt(token.id_token);
+    const expiresIn = Number(token.refresh_expires_in ?? token.expires_in ?? 3600);
+    const expires = token.expires ? new Date(token.expires) : new Date(Date.now() + expiresIn * 1000);
+    return {
+      userName: idToken.preferred_username || "",
+      name: idToken.name || "",
+      email: idToken.email || "",
+      emails: [{
+        value: idToken.email || "",
+        primary: true
+      }],
+      avatarUrl: idToken.picture,
+      sso: {
+        profile: {
+          ...idToken,
+          iss: idToken.iss || this.config.authority,
+          aud: idToken.aud || this.config.client_id
+        },
+        tenant: {
+          id: idToken.idp || idToken.iss || this.config.authority,
+          name: idToken.iss || this.config.authority
+        },
+        scope: token.scope,
+        tokenType: token.token_type,
+        sessionState: token.session_state,
+        expires
+      }
+    };
+  }
+  async exchangeCodeForToken(code, codeVerifier) {
+    if (!this.config)
+      throw new Error("SSO Manager not initialized");
+    const tokenUrl = this.config.token_url;
+    const body = new URLSearchParams;
+    body.append("grant_type", "authorization_code");
+    body.append("code", code);
+    body.append("redirect_uri", this.config.redirect_uri);
+    body.append("client_id", this.config.client_id);
+    body.append("code_verifier", codeVerifier);
+    try {
+      const response = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          Accept: "application/json"
+        },
+        body: body.toString()
+      });
+      const data = await response.json();
+      if (!response.ok) {
+        console.error("Token exchange error:", data);
+        throw new Error(`Token exchange failed: ${data.error || response.statusText} - ${data.error_description || ""}`.trim());
+      }
+      return data;
+    } catch (error) {
+      console.error("Error during token exchange:", error);
+      throw new Error("Error during token exchange");
+    }
+  }
+  async refreshToken(refreshToken) {
+    return this.retryWithBackoff(async () => {
+      if (!this.config)
+        throw new Error("SSO Manager not initialized");
+      const tokenUrl = this.config.token_url;
+      const body = new URLSearchParams;
+      body.append("grant_type", "refresh_token");
+      body.append("refresh_token", refreshToken);
+      body.append("client_id", this.config.client_id);
+      const response = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          Accept: "application/json"
+        },
+        body: body.toString()
+      });
+      const data = await response.json();
+      if (!response.ok) {
+        console.error("Token refresh error:", data);
+        throw new Error(`Token refresh failed: ${data.error || response.statusText} - ${data.error_description || ""}`.trim());
+      }
+      return data;
+    });
+  }
+  async fetchJwks() {
+    const url = this.config.jwks_uri || `${this.config.authority}/protocol/openid-connect/certs`;
+    if (jwksCache.has(url))
+      return jwksCache.get(url);
+    return this.retryWithBackoff(async () => {
+      if (!this.config)
+        throw new Error("SSO Manager not initialized");
+      const response = await fetch(url);
+      if (!response.ok)
+        throw new Error("Failed to fetch JWKS");
+      const jwks = await response.json();
+      jwksCache.set(url, jwks);
+      return jwks;
+    });
+  }
+  async retryWithBackoff(operation, maxRetries = 3, baseDelay = 1000, maxDelay = 30000) {
+    let lastError = new Error("Placeholder Error");
+    for (let attempt = 0;attempt <= maxRetries; attempt++) {
+      try {
+        return await operation();
+      } catch (error) {
+        lastError = error instanceof Error ? error : new Error(String(error));
+        if (error instanceof Error && error.message.includes("400")) {
+          throw error;
+        }
+        if (attempt === maxRetries) {
+          throw lastError;
+        }
+        const delay = Math.min(baseDelay * 2 ** attempt, maxDelay);
+        const jitter = Math.random() * 0.1 * delay;
+        await new Promise((resolve) => setTimeout(resolve, delay + jitter));
+        console.warn(`Retry attempt ${attempt + 1} after ${delay + jitter}ms delay`);
+      }
+    }
+    throw lastError;
+  }
+  async parseJwt(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 3)
+        throw new Error("Invalid JWT");
+      const header = JSON.parse(atob(parts[0].replace(/-/g, "+").replace(/_/g, "/")));
+      const payload = JSON.parse(atob(parts[1].replace(/-/g, "+").replace(/_/g, "/")));
+      const signature = parts[2].replace(/-/g, "+").replace(/_/g, "/");
+      const publicKey = await this.getPublicKey(header.kid);
+      const encoder = new TextEncoder;
+      const data = encoder.encode(`${parts[0]}.${parts[1]}`);
+      const isValid = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", publicKey, Uint8Array.from(atob(signature), (c) => c.charCodeAt(0)), data);
+      if (!isValid)
+        throw new Error("Invalid JWT signature");
+      return payload;
+    } catch (e) {
+      console.error("Error verifying JWT:", e);
+      throw e;
+    }
+  }
+  generateRandomString(length = 32) {
+    const array = new Uint8Array(length);
+    crypto.getRandomValues(array);
+    return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join("").substring(0, length);
+  }
+  async pkceChallengeFromVerifier(verifier) {
+    const encoder = new TextEncoder;
+    const data = encoder.encode(verifier);
+    const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+    const hashArray = Array.from(new Uint8Array(hashBuffer));
+    const hashBase64 = btoa(String.fromCharCode(...hashArray)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+    return hashBase64;
+  }
+  async getPublicKey(kid) {
+    const jwks = await this.fetchJwks();
+    const key = jwks.keys.find((k) => k.kid === kid);
+    if (!key)
+      throw new Error("Public key not found");
+    const publicKey = await crypto.subtle.importKey("jwk", {
+      kty: key.kty,
+      n: key.n,
+      e: key.e
+    }, { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, false, ["verify"]);
+    return publicKey;
+  }
+  createJwtCookies(token, expires) {
+    const control = {
+      expires_in: token.expires_in,
+      refresh_expires_in: token.refresh_expires_in,
+      scope: token.scope,
+      session_state: token.session_state,
+      token_type: token.token_type,
+      expires: expires.toISOString()
+    };
+    return [
+      ["Set-Cookie", this.createCookie("access", token.access_token, expires)],
+      ["Set-Cookie", this.createCookie("id", token.id_token, expires)],
+      ["Set-Cookie", this.createCookie("refresh", token.refresh_token ?? "", expires)],
+      ["Set-Cookie", this.createCookie("control", control, expires)]
+    ];
+  }
+  async getJwt(req) {
+    const access_token = this.getCookie("access", req);
+    const id_token = this.getCookie("id", req);
+    const refresh_token = this.getCookie("refresh", req);
+    const control = this.getCookie("control", req, true);
+    if (!access_token || !id_token || !refresh_token || !control) {
+      return;
+    }
+    let tokenResponse = {
+      access_token,
+      id_token,
+      refresh_token,
+      ...control
+    };
+    if (control.expires && refresh_token && Date.now() > new Date(control.expires).getTime()) {
+      tokenResponse = await this.refreshToken(refresh_token);
+    }
+    return tokenResponse;
+  }
+  createCookie(name, value, expires) {
+    name = `${this.config.cookiePrefix}.${name}`;
+    if (typeof value !== "string") {
+      value = btoa(JSON.stringify(value));
+    }
+    let exp;
+    if (expires instanceof Date) {
+      exp = `Expires=${expires.toUTCString()}`;
+    } else if (typeof expires === "number") {
+      exp = `Max-Age=${expires}`;
+    } else {
+      throw new Error("Invalid expires type", expires);
+    }
+    if (value.length > 4000) {
+      throw new Error(`Error setting cookie: ${name}. Cookie length is: ${value.length}`);
+    }
+    return `${name}=${value}; ${exp}; Path=${this.config.cookiePath}; HttpOnly;${this.config.secure ? " Secure;" : ""} SameSite=${this.config.sameSite};`;
+  }
+  clearCookie(name) {
+    return `${this.config.cookiePrefix}.${name}=; Max-Age=0; Path=${this.config.cookiePath}; HttpOnly;${this.config.secure ? " Secure;" : ""} SameSite=${this.config.sameSite};`;
+  }
+  getCookie(name, req, parse = false) {
+    const header = req.headers.get("cookie");
+    if (!header)
+      return null;
+    const cookie = header.split(";").find((row) => row.trim().startsWith(`${this.config.cookiePrefix}.${name}=`));
+    if (!cookie)
+      return null;
+    const val = cookie.split("=")[1].trim();
+    if (!parse)
+      return val;
+    const str = atob(val);
+    return JSON.parse(str);
+  }
+}
+
+// src/vault.ts
+async function vault(url, token) {
+  async function getFullSecret(path) {
+    const resp = await fetch(`${url}/${path}`, { headers: { "X-Vault-Token": token } });
+    if (resp.status !== 200) {
+      throw new Error(`Vault returned invalid status, ${resp.status}: '${resp.statusText}' from URL: ${url}`);
+    }
+    const secret = await resp.json();
+    return secret.data;
+  }
+  return {
+    url,
+    getFullSecret,
+    getSecret: async (path) => {
+      return (await getFullSecret(path)).data;
+    }
+  };
+}
+
+// src/iam.ts
+async function iam(config) {
+  return {
+    url: config.url,
+    userEndpoint: config.userEndpoint,
+    groupEndpoint: config.groupEndpoint
+  };
+}
+
+// src/oidc-schema.ts
+function oidcCallbackSchema(vendor) {
+  return {
+    "~standard": {
+      version: 1,
+      vendor,
+      validate: (value) => {
+        if (typeof value !== "object" || value === null) {
+          return {
+            issues: [
+              {
+                message: "Expected an object"
+              }
+            ]
+          };
+        }
+        const params = value;
+        const issues = [];
+        const result = {};
+        if ("code" in params) {
+          if (typeof params.code === "string") {
+            result.code = params.code;
+          } else {
+            issues.push({
+              message: "code must be a string",
+              path: ["code"]
+            });
+          }
+        } else if (!("error" in params)) {
+          issues.push({
+            message: "code is required",
+            path: ["code"]
+          });
+        }
+        if ("state" in params) {
+          if (typeof params.state === "string" || params.state === undefined) {
+            result.state = params.state;
+          } else {
+            issues.push({
+              message: "state must be a string",
+              path: ["state"]
+            });
+          }
+        }
+        if ("session_state" in params) {
+          if (typeof params.session_state === "string" || params.session_state === undefined) {
+            result.session_state = params.session_state;
+          } else {
+            issues.push({
+              message: "session_state must be a string",
+              path: ["session_state"]
+            });
+          }
+        }
+        if ("error" in params) {
+          if (typeof params.error === "string") {
+            result.error = params.error;
+          } else {
+            issues.push({
+              message: "error must be a string",
+              path: ["error"]
+            });
+          }
+          if ("error_description" in params) {
+            if (typeof params.error_description === "string" || params.error_description === undefined) {
+              result.error_description = params.error_description;
+            } else {
+              issues.push({
+                message: "error_description must be a string",
+                path: ["error_description"]
+              });
+            }
+          }
+          if ("error_uri" in params) {
+            if (typeof params.error_uri === "string" || params.error_uri === undefined) {
+              result.error_uri = params.error_uri;
+            } else {
+              issues.push({
+                message: "error_uri must be a string",
+                path: ["error_uri"]
+              });
+            }
+          }
+        }
+        if ("iss" in params) {
+          if (typeof params.iss === "string" || params.iss === undefined) {
+            result.iss = params.iss;
+          } else {
+            issues.push({
+              message: "iss must be a string",
+              path: ["iss"]
+            });
+          }
+        }
+        if (issues.length > 0) {
+          return { issues };
+        }
+        return { value: result };
+      }
+    }
+  };
+}
+// src/server.ts
+function getSSO(es) {
+  es = getES(es);
+  if (!es.sso) {
+    console.error("TODO tell them how to connect SSO");
+    return;
+  }
+  return es.sso;
+}
+function unavailable() {
+  new Response(JSON.stringify({ error: "SSO Unavailable" }), {
+    status: 503,
+    statusText: "SSO Unavailable",
+    headers: { "Content-Type": "application/json" }
+  });
+}
+async function getUser(request, es) {
+  return getSSO(es)?.getUser(request);
+}
+async function getRequiredUser(request, es) {
+  const sso = getSSO(es);
+  if (!sso)
+    throw unavailable();
+  return sso.getRequiredUser(request);
+}
+async function initiateLogin(landingPage, errorPage, es) {
+  const sso = getSSO(es);
+  if (!sso)
+    throw unavailable();
+  return sso.initiateLogin(landingPage, errorPage);
+}
+async function callback(request, es) {
+  const sso = getSSO(es);
+  if (!sso)
+    throw unavailable();
+  return sso.callbackHandler(request);
+}
+// src/useUser.ts
+import { useState, useEffect } from "react";
+function useUser(apiUrl) {
+  const [isLoading, setIsLoading] = useState(true);
+  const [user, setUser] = useState(undefined);
+  const [status, setStatus] = useState(undefined);
+  const resolvedApiUrl = apiUrl || "/api/user";
+  useEffect(() => {
+    const fetchUser = async () => {
+      try {
+        const response = await fetch(resolvedApiUrl);
+        setStatus(response.status);
+        if (response.ok) {
+          const userData = await response.json();
+          setUser(userData);
+        } else {
+          setUser(undefined);
+        }
+      } catch (error) {
+        console.error("Error fetching user:", error);
+        setUser(undefined);
+      }
+      setIsLoading(false);
+    };
+    fetchUser();
+  }, [resolvedApiUrl]);
+  return { isLoading, user, status };
+}
+
+// src/index.ts
+async function enterpriseStandard(appId, appKey, initConfig) {
+  let vaultUrl;
+  let vaultToken;
+  let paths;
+  const ioniteUrl = initConfig?.ioniteUrl ?? "https://ionite.com";
+  if (appId === "IONITE_PUBLIC_DEMO") {
+    vaultUrl = "https://vault.ionite.dev/v1/secret/data";
+    vaultToken = "hvs.qIM9R0hmdnVCQmdvWdDGPSZ4";
+    paths = { sso: "ionite/DEV01K2JRP1DWXFCZN9FRDT37J1Y0" };
+  } else if (appKey) {
+    if (!vaultUrl || !vaultToken) {
+      throw new Error("TODO something is wrong with the ionite config, handle this error");
+    }
+    paths = {};
+  } else {
+    throw new Error("TODO tell them how to connect to ionite");
+  }
+  const defaultInstance2 = getDefaultInstance();
+  const vaultClient = await vault(vaultUrl, vaultToken);
+  const result = {
+    appId,
+    ioniteUrl,
+    defaultInstance: initConfig?.defaultInstance || initConfig?.defaultInstance !== false && !defaultInstance2,
+    vault: vaultClient,
+    sso: paths.sso ? new SSOManager(await vaultClient.getSecret(paths.sso)) : undefined,
+    iam: paths.iam ? await iam(await vaultClient.getSecret(paths.iam)) : undefined
+  };
+  if (result.defaultInstance) {
+    if (defaultInstance2) {
+      defaultInstance2.defaultInstance = false;
+    }
+    setDefaultInstance(result);
+  }
+  return result;
+}
+export {
+  useUser,
+  oidcCallbackSchema,
+  initiateLogin,
+  getUser,
+  getRequiredUser,
+  enterpriseStandard,
+  callback
+};

package/dist/oidc-schema.d.ts

@@ -0,0 +1,43 @@
+import type { StandardSchemaV1 } from './standard-schema';
+/**
+ * OIDC Code Flow Callback URL Parameters
+ * @see https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth
+ */
+export interface OidcCallbackParams {
+    /**
+     * REQUIRED. The authorization code returned from the authorization server.
+     */
+    code: string;
+    /**
+     * REQUIRED if the "state" parameter was present in the client authorization request.
+     * The exact value received from the client.
+     */
+    state?: string;
+    /**
+     * RECOMMENDED. The session state value. Clients should use this to verify the session state.
+     */
+    session_state?: string;
+    /**
+     * OAuth 2.0 error code if the authorization request failed.
+     */
+    error?: string;
+    /**
+     * Human-readable ASCII text providing additional information for the error.
+     */
+    error_description?: string;
+    /**
+     * A URI identifying a human-readable web page with information about the error.
+     */
+    error_uri?: string;
+    /**
+     * The "iss" (issuer) parameter identifies the principal that issued the response.
+     * This is typically used in the implicit flow.
+     */
+    iss?: string;
+}
+/**
+ * Creates a StandardSchemaV1 for validating OIDC callback URL parameters.
+ * @param vendor - The name of the vendor creating this schema
+ * @returns A StandardSchemaV1 instance for OIDC callback parameters
+ */
+export declare function oidcCallbackSchema(vendor: string): StandardSchemaV1<Record<string, unknown>, OidcCallbackParams>;

package/dist/server.d.ts

@@ -0,0 +1,5 @@
+import { EnterpriseStandard, EnterpriseUser } from ".";
+export declare function getUser(request: Request, es?: EnterpriseStandard): Promise<EnterpriseUser | undefined>;
+export declare function getRequiredUser(request: Request, es?: EnterpriseStandard): Promise<EnterpriseUser>;
+export declare function initiateLogin(landingPage: string, errorPage?: string, es?: EnterpriseStandard): Promise<Response>;
+export declare function callback(request: Request, es?: EnterpriseStandard): Promise<Response>;

package/dist/sso.d.ts

@@ -0,0 +1,46 @@
+import type { EnterpriseUser } from '.';
+export type SSOConfig = {
+    authority: string;
+    token_url: string;
+    authorization_url: string;
+    client_id: string;
+    redirect_uri: string;
+    response_type: string;
+    scope: string;
+    post_logout_redirect_uri?: string;
+    silent_redirect_uri?: string;
+    jwks_uri?: string;
+    cookiePrefix?: string;
+    cookiePath?: string;
+    sameSite?: 'Strict' | 'Lax';
+    secure?: boolean;
+};
+type SSOConfigWithDefaults = SSOConfig & {
+    secure: boolean;
+    sameSite: string;
+    cookiePrefix: string;
+    cookiePath: string;
+};
+export declare class SSOManager {
+    config: SSOConfigWithDefaults;
+    constructor(config: SSOConfig);
+    getUser(request: Request): Promise<EnterpriseUser | undefined>;
+    getRequiredUser(request: Request): Promise<EnterpriseUser>;
+    initiateLogin(landingPage: string, errorPage?: string): Promise<Response>;
+    callbackHandler(request: Request): Promise<Response>;
+    private parseUser;
+    private exchangeCodeForToken;
+    private refreshToken;
+    private fetchJwks;
+    private retryWithBackoff;
+    private parseJwt;
+    private generateRandomString;
+    private pkceChallengeFromVerifier;
+    private getPublicKey;
+    private createJwtCookies;
+    private getJwt;
+    private createCookie;
+    private clearCookie;
+    private getCookie;
+}
+export {};

package/dist/standard-schema.d.ts

@@ -0,0 +1,55 @@
+/** The Standard Schema interface. @see https://standardschema.dev/ */
+export interface StandardSchemaV1<Input = unknown, Output = Input> {
+    /** The Standard Schema properties. */
+    readonly '~standard': StandardSchemaV1.Props<Input, Output>;
+}
+export declare namespace StandardSchemaV1 {
+    /** The Standard Schema properties interface. */
+    interface Props<Input = unknown, Output = Input> {
+        /** The version number of the standard. */
+        readonly version: 1;
+        /** The vendor name of the schema library. */
+        readonly vendor: string;
+        /** Validates unknown input values. */
+        readonly validate: (value: unknown) => Result<Output> | Promise<Result<Output>>;
+        /** Inferred types associated with the schema. */
+        readonly types?: Types<Input, Output> | undefined;
+    }
+    /** The result interface of the validate function. */
+    type Result<Output> = SuccessResult<Output> | FailureResult;
+    /** The result interface if validation succeeds. */
+    interface SuccessResult<Output> {
+        /** The typed output value. */
+        readonly value: Output;
+        /** The non-existent issues. */
+        readonly issues?: undefined;
+    }
+    /** The result interface if validation fails. */
+    interface FailureResult {
+        /** The issues of failed validation. */
+        readonly issues: ReadonlyArray<Issue>;
+    }
+    /** The issue interface of the failure output. */
+    interface Issue {
+        /** The error message of the issue. */
+        readonly message: string;
+        /** The path of the issue, if any. */
+        readonly path?: ReadonlyArray<PropertyKey | PathSegment> | undefined;
+    }
+    /** The path segment interface of the issue. */
+    interface PathSegment {
+        /** The key representing a path segment. */
+        readonly key: PropertyKey;
+    }
+    /** The Standard Schema types interface. */
+    interface Types<Input = unknown, Output = Input> {
+        /** The input type of the schema. */
+        readonly input: Input;
+        /** The output type of the schema. */
+        readonly output: Output;
+    }
+    /** Infers the input type of a Standard Schema. */
+    type InferInput<Schema extends StandardSchemaV1> = NonNullable<Schema['~standard']['types']>['input'];
+    /** Infers the output type of a Standard Schema. */
+    type InferOutput<Schema extends StandardSchemaV1> = NonNullable<Schema['~standard']['types']>['output'];
+}

package/dist/ui/signed-in.d.ts

@@ -0,0 +1,6 @@
+import { PropsWithChildren } from "react";
+import { EnterpriseStandard } from "..";
+export type Props = {
+    es?: EnterpriseStandard;
+} & PropsWithChildren;
+export declare function SignedIn({ es, children }: Props): import("react/jsx-runtime").JSX.Element;

package/dist/useUser.d.ts

@@ -0,0 +1,8 @@
+import { EnterpriseUser } from '.';
+type UseUser = {
+    isLoading: boolean;
+    user?: EnterpriseUser;
+    status?: number;
+};
+export declare function useUser(apiUrl?: string): UseUser;
+export {};

package/dist/utils.d.ts

@@ -0,0 +1,8 @@
+import { type EnterpriseStandard } from ".";
+export declare function must<T>(value: T | undefined | null, message?: string): T;
+export declare function setDefaultInstance(es: EnterpriseStandard): void;
+export declare function getDefaultInstance(): EnterpriseStandard | undefined;
+/**
+ * If an es is defined, then return it, otherwise return the defaultEnterpriseStandard
+ */
+export declare function getES(es?: EnterpriseStandard): EnterpriseStandard;

package/dist/vault.d.ts

@@ -0,0 +1,18 @@
+type Secret<T> = {
+    data: T;
+    metadata: MetaData;
+};
+type MetaData = {
+    created_time: string;
+    custom_metadata: any;
+    deletion_time: string;
+    destroyed: boolean;
+    version: number;
+};
+export type Vault = {
+    url: string;
+    getFullSecret: <T>(path: string) => Promise<Secret<T>>;
+    getSecret: <T>(path: string) => Promise<T>;
+};
+export declare function vault(url: string, token: string): Promise<Vault>;
+export {};

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@enterprisestandard/react",
+  "version": "0.0.1",
+  "description": "Enterprise Standard React Components",
+  "private": false,
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "bun run build.ts",
+    "prepublishOnly": "bun run build"
+  },
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "typesVersions": {
+    "*": {
+      "*": [
+        "./dist/*",
+        "./dist/types/*"
+      ]
+    }
+  },
+  "files": [
+    "dist/*"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "devDependencies": {
+    "typescript": "^5.0.0"
+  },
+  "author": "enterprisestandard",
+  "license": "proprietary",
+  "peerDependencies": {
+    "react": "^18.0.0 || ^19.0.0"
+  },
+  "dependencies": {
+    "minimatch": "^10.0.3"
+  }
+}