@enterprisestandard/react 0.0.5-beta.20260115.1 → 0.0.5-beta.20260115.2

package/dist/session-store.js

@@ -0,0 +1,105 @@
+/**
+ * Session management for tracking user sessions and enabling backchannel logout.
+ *
+ * Session stores are optional - the package works with JWT cookies alone.
+ * Sessions are only required for backchannel logout functionality.
+ *
+ * ## Session Validation Strategies
+ *
+ * When using a session store, you can configure when sessions are validated:
+ *
+ * ### 'always' (default)
+ * Validates session on every authenticated request.
+ * - **Security**: Maximum - immediate session revocation
+ * - **Performance**: InMemory ~0.00005ms, Redis ~1-2ms per request
+ * - **Backchannel Logout**: Takes effect immediately
+ * - **Use when**: Security is paramount, using InMemory or Redis backend
+ *
+ * ### 'refresh-only'
+ * Validates session only during token refresh (typically every 5-15 minutes).
+ * - **Security**: Good - 5-15 minute revocation window
+ * - **Performance**: 99% reduction in session lookups
+ * - **Backchannel Logout**: Takes effect within token TTL (5-15 min)
+ * - **Use when**: Performance is critical AND delayed revocation is acceptable
+ * - **WARNING**: Compromised sessions remain valid until next refresh
+ *
+ * ### 'disabled'
+ * Never validates sessions against the store.
+ * - **Security**: None - backchannel logout doesn't work
+ * - **Performance**: No overhead
+ * - **Use when**: Cookie-only mode without session store
+ * - **WARNING**: Do not use with session_store configured
+ *
+ * ## Performance Characteristics
+ *
+ * | Backend      | Lookup Time | Impact on Request | Recommendation         |
+ * |--------------|-------------|-------------------|------------------------|
+ * | InMemory     | <0.00005ms  | Negligible        | Use 'always'           |
+ * | Redis        | 1-2ms       | 2-4% increase     | Use 'always' or test   |
+ * | Database     | 5-20ms      | 10-40% increase   | Use Redis cache layer  |
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import { sso, InMemorySessionStore } from '@enterprisestandard/react/server';
+ *
+ * // Maximum security (default)
+ * const secure = sso({
+ *   // ... other config
+ *   session_store: new InMemorySessionStore(),
+ *   session_validation: 'always', // Immediate revocation
+ * });
+ *
+ * // High performance
+ * const fast = sso({
+ *   // ... other config
+ *   session_store: new InMemorySessionStore(),
+ *   session_validation: {
+ *     strategy: 'refresh-only' // 5-15 min revocation delay
+ *   }
+ * });
+ * ```
+ */
+/**
+ * In-memory session store implementation using Maps.
+ *
+ * Suitable for:
+ * - Development and testing
+ * - Single-server deployments
+ * - Applications without high availability requirements
+ *
+ * NOT suitable for:
+ * - Multi-server deployments (sessions not shared)
+ * - High availability scenarios (sessions lost on restart)
+ * - Production applications with distributed architecture
+ *
+ * For production, implement SessionStore with Redis or a database.
+ *
+ * @template TExtended - Type-safe custom data that consumers can add to sessions
+ */
+export class InMemorySessionStore {
+    constructor() {
+        this.sessions = new Map();
+    }
+    async create(session) {
+        if (this.sessions.has(session.sid)) {
+            throw new Error(`Session with sid ${session.sid} already exists`);
+        }
+        this.sessions.set(session.sid, session);
+    }
+    async get(sid) {
+        return this.sessions.get(sid) ?? null;
+    }
+    async update(sid, data) {
+        const session = this.sessions.get(sid);
+        if (!session) {
+            throw new Error(`Session with sid ${sid} not found`);
+        }
+        // Merge the update data
+        const updated = { ...session, ...data };
+        this.sessions.set(sid, updated);
+    }
+    async delete(sid) {
+        this.sessions.delete(sid);
+    }
+}

package/dist/sso-server.d.ts

@@ -1,4 +1,4 @@
-import { EnterpriseStandard } from '.';
+import type { EnterpriseStandard } from '.';
 import type { LoginConfig } from './sso';
 /**
  * Helper gets the user from the Request using the supplied EnterpriseStandard or the default instance

package/dist/sso-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sso-server.d.ts","sourceRoot":"","sources":["../src/sso-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAsB,MAAM,GAAG,CAAC;AAC3D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAezC;;GAEG;AACH,wBAAsB,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,yCAEtE;AAED,wBAAsB,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,6BAI9E;AAED,wBAAsB,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAI/E;AAED,wBAAsB,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAIvE;AAED,wBAAsB,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAItE;AAGD,cAAc,iBAAiB,CAAC;AAEhC,cAAc,mBAAmB,CAAC"}
+{"version":3,"file":"sso-server.d.ts","sourceRoot":"","sources":["../src/sso-server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,GAAG,CAAC;AAC5C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AAezC;;GAEG;AACH,wBAAsB,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,yCAEtE;AAED,wBAAsB,eAAe,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,6BAI9E;AAED,wBAAsB,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAI/E;AAED,wBAAsB,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAIvE;AAED,wBAAsB,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC,EAAE,kBAAkB,qBAItE;AAGD,cAAc,iBAAiB,CAAC;AAEhC,cAAc,mBAAmB,CAAC"}

package/dist/sso-server.js

@@ -0,0 +1,46 @@
+import { getES } from './utils';
+/**
+ * Returns a 503 response indicating that the SSO is unavailable
+ */
+function unavailable(error) {
+    error = error ?? 'SSO Unavailable';
+    new Response(JSON.stringify({ error }), {
+        status: 503,
+        statusText: error,
+        headers: { 'Content-Type': 'application/json' },
+    });
+}
+/**
+ * Helper gets the user from the Request using the supplied EnterpriseStandard or the default instance
+ */
+export async function getUser(request, es) {
+    return getES(es)?.sso.getUser(request);
+}
+export async function getRequiredUser(request, es) {
+    const sso = getES(es)?.sso;
+    if (!sso)
+        throw unavailable();
+    return sso.getRequiredUser(request);
+}
+export async function initiateLogin(config, es) {
+    const sso = getES(es)?.sso;
+    if (!sso)
+        throw unavailable();
+    return sso.initiateLogin(config);
+}
+export async function callback(request, es) {
+    const sso = getES(es)?.sso;
+    if (!sso)
+        throw unavailable();
+    return sso.callbackHandler(request);
+}
+export async function handler(request, es) {
+    es = getES(es);
+    if (!es)
+        throw unavailable();
+    return es.sso.handler(request, es);
+}
+// Tenant server helpers
+export * from './tenant-server';
+// Workload server helpers
+export * from './workload-server';