@explorins/pers-sdk 1.2.5 → 1.2.6

package/dist/core.cjs

@@ -1,5 +1,7 @@
 'use strict';
 
+var persShared = require('@explorins/pers-shared');
+
 /**
  * PERS SDK Configuration interfaces
  */
@@ -38,6 +40,241 @@ function mergeWithDefaults(config) {
     };
 }
 
+/**
+ * Platform-Agnostic Auth Admin API Client
+ *
+ * Handles authentication and authorization admin operations using the PERS backend.
+ * Uses @explorins/pers-shared DTOs for consistency with backend.
+ *
+ * Note: Special header handling (bypass-auth-interceptor) may need to be implemented
+ * at the PersApiClient level or through a specialized auth client.
+ */
+class AuthApi {
+    constructor(apiClient) {
+        this.apiClient = apiClient;
+        this.basePath = '/auth';
+    }
+    // ==========================================
+    // ADMIN AUTHENTICATION OPERATIONS
+    // ==========================================
+    /**
+     * ADMIN: Login tenant admin with JWT
+     * Note: JWT handling and auth bypass headers may need special implementation
+     */
+    async loginTenantAdmin(jwt) {
+        const body = {
+            authToken: jwt,
+            authType: persShared.AccountOwnerType.TENANT
+        };
+        return this.apiClient.post(`${this.basePath}/token`, body);
+    }
+    async loginUser(jwt) {
+        const body = {
+            authToken: jwt,
+            authType: persShared.AccountOwnerType.USER
+        };
+        return this.apiClient.post(`${this.basePath}/token`, body);
+    }
+    /**
+     * ADMIN: Refresh access token
+     * Note: Bypass header handling may need special implementation
+     */
+    async refreshAccessToken(refreshToken) {
+        return this.apiClient.post(`${this.basePath}/refresh`, { refreshToken });
+    }
+}
+
+/**
+ * Platform-Agnostic Auth Admin Service
+ *
+ * Contains auth admin business logic and operations that work across platforms.
+ * No framework dependencies - pure TypeScript business logic.
+ *
+ * Focuses only on actual backend capabilities.
+ */
+class AuthService {
+    constructor(authApi, authProvider) {
+        this.authApi = authApi;
+        this.authProvider = authProvider;
+    }
+    // ==========================================
+    // ADMIN AUTHENTICATION OPERATIONS
+    // ==========================================
+    /**
+     * ADMIN: Login tenant admin with JWT
+     * Automatically stores tokens if auth provider supports token storage
+     */
+    async loginTenantAdmin(jwt) {
+        const response = await this.authApi.loginTenantAdmin(jwt);
+        // Store tokens if auth provider supports it
+        if (this.authProvider && response.accessToken) {
+            await this.storeTokens(response.accessToken, response.refreshToken);
+        }
+        return response;
+    }
+    /**
+     * ADMIN: Login user with JWT
+     * Automatically stores tokens if auth provider supports token storage
+     */
+    async loginUser(jwt) {
+        const response = await this.authApi.loginUser(jwt);
+        // Store tokens if auth provider supports it
+        if (this.authProvider && response.accessToken) {
+            await this.storeTokens(response.accessToken, response.refreshToken);
+        }
+        return response;
+    }
+    /**
+     * ADMIN: Refresh access token
+     * Automatically stores new tokens if auth provider supports token storage
+     */
+    async refreshAccessToken(refreshToken) {
+        // Use provided refresh token or get from auth provider
+        const tokenToUse = refreshToken || (this.authProvider?.getRefreshToken ? await this.authProvider.getRefreshToken() : null);
+        if (!tokenToUse) {
+            throw new Error('No refresh token available for token refresh');
+        }
+        const response = await this.authApi.refreshAccessToken(tokenToUse);
+        // Store new tokens if auth provider supports it
+        if (this.authProvider && response.accessToken) {
+            await this.storeTokens(response.accessToken, response.refreshToken);
+        }
+        return response;
+    }
+    /**
+     * Automatic token refresh using stored refresh token
+     * Convenience method for 401 error handling
+     */
+    async autoRefreshToken() {
+        return this.refreshAccessToken(); // Uses stored refresh token
+    }
+    /**
+     * Clear stored tokens if auth provider supports it
+     */
+    async clearTokens() {
+        if (this.authProvider?.clearTokens) {
+            await this.authProvider.clearTokens();
+        }
+    }
+    /**
+     * Check if we have valid tokens for authentication
+     */
+    hasValidAuth() {
+        return this.authProvider?.hasValidToken?.() ?? false;
+    }
+    // ==========================================
+    // PRIVATE HELPERS
+    // ==========================================
+    /**
+     * Store tokens using auth provider if it supports token storage
+     */
+    async storeTokens(accessToken, refreshToken) {
+        if (!this.authProvider)
+            return;
+        try {
+            // Store access token
+            if (this.authProvider.setAccessToken) {
+                await this.authProvider.setAccessToken(accessToken);
+            }
+            // Store refresh token if provided and supported
+            if (refreshToken && this.authProvider.setRefreshToken) {
+                await this.authProvider.setRefreshToken(refreshToken);
+            }
+        }
+        catch (error) {
+            console.error('Failed to store tokens in auth provider:', error);
+            // Don't throw - token storage failure shouldn't break authentication
+        }
+    }
+}
+
+/**
+ * Simple, self-contained authentication provider for SDK
+ *
+ * Manages tokens internally without external dependencies.
+ * Perfect for platform-agnostic usage.
+ */
+class SimpleSdkAuthProvider {
+    constructor(projectKey) {
+        this.accessToken = null;
+        this.refreshToken = null;
+        this.projectKey = null;
+        this.authType = 'admin';
+        this.projectKey = projectKey || null;
+        // Try to load tokens from localStorage if available
+        this.loadTokensFromStorage();
+    }
+    async getToken() {
+        // Return stored access token
+        return this.accessToken;
+    }
+    async getProjectKey() {
+        return this.projectKey;
+    }
+    async onTokenExpired() {
+        console.log('SimpleSdkAuthProvider: Token expired, attempting refresh...');
+        if (!this.refreshToken) {
+            console.warn('SimpleSdkAuthProvider: No refresh token available');
+            throw new Error('No refresh token available for refresh');
+        }
+        // Note: Actual refresh logic would be handled by the SDK's AuthService
+        // This provider just manages token storage
+        console.warn('SimpleSdkAuthProvider: Token refresh should be handled by SDK AuthService');
+    }
+    // Token storage methods
+    async setAccessToken(token) {
+        this.accessToken = token;
+        this.saveTokenToStorage('pers_access_token', token);
+    }
+    async setRefreshToken(token) {
+        this.refreshToken = token;
+        this.saveTokenToStorage('pers_refresh_token', token);
+    }
+    async getRefreshToken() {
+        return this.refreshToken;
+    }
+    async clearTokens() {
+        this.accessToken = null;
+        this.refreshToken = null;
+        // Clear from storage
+        this.removeTokenFromStorage('pers_access_token');
+        this.removeTokenFromStorage('pers_refresh_token');
+    }
+    // Internal methods for token persistence
+    loadTokensFromStorage() {
+        if (typeof localStorage !== 'undefined') {
+            try {
+                this.accessToken = localStorage.getItem('pers_access_token');
+                this.refreshToken = localStorage.getItem('pers_refresh_token');
+            }
+            catch (error) {
+                console.error('Failed to load tokens from localStorage:', error);
+            }
+        }
+        else {
+            console.warn('localStorage is not available for token persistence');
+        }
+    }
+    saveTokenToStorage(key, value) {
+        if (typeof localStorage !== 'undefined') {
+            localStorage.setItem(key, value);
+        }
+    }
+    removeTokenFromStorage(key) {
+        if (typeof localStorage !== 'undefined') {
+            localStorage.removeItem(key);
+        }
+    }
+    // Utility methods for external integration
+    hasValidToken() {
+        const hasToken = !!this.accessToken;
+        return hasToken;
+    }
+    hasRefreshToken() {
+        return !!this.refreshToken;
+    }
+}
+
 // packages/pers-sdk/src/core/pers-api-client.ts
 /**
  * PERS API Client - Core platform-agnostic client for PERS backend
@@ -48,8 +285,15 @@ class PersApiClient {
         this.config = config;
         // Merge user config with defaults (production + v2)
         this.mergedConfig = mergeWithDefaults(config);
+        // Auto-create auth provider if none provided
+        if (!this.mergedConfig.authProvider) {
+            this.mergedConfig.authProvider = new SimpleSdkAuthProvider(this.mergedConfig.apiProjectKey);
+        }
         // Build API root from merged environment and version
         this.apiRoot = buildApiRoot(this.mergedConfig.environment, this.mergedConfig.apiVersion);
+        // Initialize auth services for direct authentication
+        this.authApi = new AuthApi(this);
+        this.authService = new AuthService(this.authApi, this.mergedConfig.authProvider);
     }
     /**
      * Get request headers including auth token and project key
@@ -154,6 +398,45 @@ class PersApiClient {
     async delete(endpoint) {
         return this.request('DELETE', endpoint);
     }
+    // ==========================================
+    // AUTHENTICATION METHODS
+    // ==========================================
+    /**
+     * Login admin user with external JWT (e.g., Firebase)
+     * Automatically stores tokens in auth provider if available
+     */
+    async loginAdmin(externalJwt) {
+        return this.authService.loginTenantAdmin(externalJwt);
+    }
+    /**
+     * Login regular user with external JWT
+     * Automatically stores tokens in auth provider if available
+     */
+    async loginUser(externalJwt) {
+        return this.authService.loginUser(externalJwt);
+    }
+    /**
+     * Refresh access token using stored refresh token
+     */
+    async refreshToken() {
+        const refreshToken = await this.mergedConfig.authProvider?.getRefreshToken?.();
+        if (!refreshToken) {
+            throw new Error('No refresh token available');
+        }
+        return this.authService.refreshAccessToken(refreshToken);
+    }
+    /**
+     * Clear all stored authentication tokens
+     */
+    async clearAuth() {
+        return this.authService.clearTokens();
+    }
+    /**
+     * Check if user has valid authentication token
+     */
+    hasValidAuth() {
+        return this.mergedConfig.authProvider?.hasValidToken?.() || false;
+    }
     /**
      * Get current configuration (returns merged config)
      */
@@ -176,168 +459,48 @@ class PersApiError extends Error {
         this.name = 'PersApiError';
     }
 }
-/**
- * PERS API Client - Core platform-agnostic client for PERS backend
- */
-/*import { HttpClient, RequestOptions } from './abstractions/http-client';
-import { PersConfig, buildApiRoot, mergeWithDefaults } from './pers-config';
-
-export class PersApiClient {
-  private readonly apiRoot: string;
-  private readonly mergedConfig: ReturnType<typeof mergeWithDefaults>;
-
-  constructor(
-    private httpClient: HttpClient,
-    private config: PersConfig
-  ) {
-    // Merge user config with defaults (production + v2)
-    this.mergedConfig = mergeWithDefaults(config);
-    
-    // Build API root from merged environment and version
-    this.apiRoot = buildApiRoot(this.mergedConfig.environment, this.mergedConfig.apiVersion);
-  }
-
-  /**
-   * Get request headers including auth token and project key
-   */
-/*private async getHeaders(): Promise<Record<string, string>> {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-  };
-
-  // Add authentication token
-  if (this.mergedConfig.authProvider) {
-    const token = await this.mergedConfig.authProvider.getToken();
-    if (token) {
-      headers['Authorization'] = `Bearer ${token}`;
-    }
-  }
-
-  // Add project key
-  if (this.mergedConfig.authProvider) {
-    const projectKey = await this.mergedConfig.authProvider.getProjectKey();
-    if (projectKey) {
-      headers['x-project-key'] = projectKey;
-    }
-  } else if(this.mergedConfig.apiProjectKey) {
-    // Fallback to config project key if no auth provider
-    headers['x-project-key'] = this.mergedConfig.apiProjectKey;
-  }
-
-  return headers;
-}
 
 /**
- * Make a request with proper headers, auth, and error handling
+ * Memory-based token storage (default)
  */
-/*private async request<T>(
-  method: 'GET' | 'POST' | 'PUT' | 'DELETE',
-  endpoint: string,
-  body?: any,
-  options?: { retryCount?: number }
-): Promise<T> {
-  const { retryCount = 0 } = options || {};
-  const url = `${this.apiRoot}${endpoint}`;
-  
-  const requestOptions: RequestOptions = {
-    headers: await this.getHeaders(),
-    timeout: this.mergedConfig.timeout,
-  };
-
-  try {
-    switch (method) {
-      case 'GET':
-        return await this.httpClient.get<T>(url, requestOptions);
-      case 'POST':
-        return await this.httpClient.post<T>(url, body, requestOptions);
-      case 'PUT':
-        return await this.httpClient.put<T>(url, body, requestOptions);
-      case 'DELETE':
-        return await this.httpClient.delete<T>(url, requestOptions);
-      default:
-        throw new Error(`Unsupported HTTP method: ${method}`);
-    }
-  } catch (error: any) {
-    // Handle 401 errors with automatic token refresh
-    if (error.status === 401 && retryCount === 0 && this.mergedConfig.authProvider?.onTokenExpired) {
-      try {
-        await this.mergedConfig.authProvider.onTokenExpired();
-        // Retry once with refreshed token
-        return this.request<T>(method, endpoint, body, { ...options, retryCount: 1 });
-      } catch (refreshError) {
-        throw new PersApiError(
-          `Authentication refresh failed: ${refreshError}`,
-          endpoint,
-          method,
-          401
-        );
-      }
+class MemoryTokenStorage {
+    constructor() {
+        this.storage = new Map();
+    }
+    async setItem(key, value) {
+        this.storage.set(key, value);
+    }
+    async getItem(key) {
+        return this.storage.get(key) || null;
+    }
+    async removeItem(key) {
+        this.storage.delete(key);
     }
-
-    throw new PersApiError(
-      `PERS API request failed: ${error.message || error}`,
-      endpoint,
-      method,
-      error.status
-    );
-  }
-}
-
-/**
- * Generic GET request
- */
-/*async get<T>(endpoint: string): Promise<T> {
-  return this.request<T>('GET', endpoint);
-}
-
-/**
- * Generic POST request
- */
-/*async post<T>(endpoint: string, body?: any): Promise<T> {
-  return this.request<T>('POST', endpoint, body);
-}
-
-/**
- * Generic PUT request
- */
-/*async put<T>(endpoint: string, body?: any): Promise<T> {
-  return this.request<T>('PUT', endpoint, body);
-}
-
-/**
- * Generic DELETE request
- */
-/*async delete<T>(endpoint: string): Promise<T> {
-  return this.request<T>('DELETE', endpoint);
-}
-
-/**
- * Get current configuration (returns merged config)
- */
-/*getConfig(): ReturnType<typeof mergeWithDefaults> {
-  return this.mergedConfig;
 }
-
 /**
- * Get original user configuration
+ * localStorage-based token storage (browser only)
  */
-/*getOriginalConfig(): PersConfig {
-  return this.config;
-}
-}
-
-export class PersApiError extends Error {
-constructor(
-  message: string,
-  public endpoint: string,
-  public method: string,
-  public statusCode?: number
-) {
-  super(message);
-  this.name = 'PersApiError';
+class LocalStorageTokenStorage {
+    async setItem(key, value) {
+        if (typeof localStorage !== 'undefined') {
+            localStorage.setItem(key, value);
+        }
+        else {
+            throw new Error('localStorage is not available in this environment');
+        }
+    }
+    async getItem(key) {
+        if (typeof localStorage !== 'undefined') {
+            return localStorage.getItem(key);
+        }
+        return null;
+    }
+    async removeItem(key) {
+        if (typeof localStorage !== 'undefined') {
+            localStorage.removeItem(key);
+        }
+    }
 }
-}*/
-
 /**
  * Creates a platform-agnostic AuthProvider from simple configuration
  *
@@ -348,12 +511,33 @@ constructor(
  * - Token caching with refresh support
  * - Automatic token refresh on expiration
  * - Configurable token providers
- * - Platform-independent (no localStorage assumptions)
+ * - Token storage (memory, localStorage, custom)
+ * - Platform-independent
  *
  * @param config - Simple auth configuration
  * @returns AuthProvider implementation
  */
 function createAuthProvider(config) {
+    // Initialize token storage
+    let tokenStorage;
+    switch (config.tokenStorage) {
+        case 'localStorage':
+            tokenStorage = new LocalStorageTokenStorage();
+            break;
+        case 'custom':
+            if (!config.customTokenStorage) {
+                throw new Error('Custom token storage configuration is required when tokenStorage is "custom"');
+            }
+            tokenStorage = config.customTokenStorage;
+            break;
+        case 'memory':
+        default:
+            tokenStorage = new MemoryTokenStorage();
+            break;
+    }
+    // Token storage keys
+    const ACCESS_TOKEN_KEY = `pers_access_token_${config.authType || 'user'}`;
+    const REFRESH_TOKEN_KEY = `pers_refresh_token_${config.authType || 'user'}`;
     // Store current token for refresh scenarios and caching
     let currentToken = config.token || null;
     let isRefreshing = false; // Prevent concurrent refresh attempts
@@ -370,6 +554,17 @@ function createAuthProvider(config) {
             if (currentToken) {
                 return currentToken;
             }
+            // Try to get token from storage
+            try {
+                const storedToken = await tokenStorage.getItem(ACCESS_TOKEN_KEY);
+                if (storedToken) {
+                    currentToken = storedToken;
+                    return storedToken;
+                }
+            }
+            catch (error) {
+                console.warn('Failed to retrieve token from storage:', error);
+            }
             // Custom token provider function (always fresh)
             if (config.tokenProvider) {
                 const token = await config.tokenProvider();
@@ -382,6 +577,48 @@ function createAuthProvider(config) {
         async getProjectKey() {
             return config.projectKey || null;
         },
+        // Token storage methods
+        async setAccessToken(token) {
+            currentToken = token;
+            try {
+                await tokenStorage.setItem(ACCESS_TOKEN_KEY, token);
+            }
+            catch (error) {
+                console.error('Failed to store access token:', error);
+                throw error;
+            }
+        },
+        async setRefreshToken(token) {
+            try {
+                await tokenStorage.setItem(REFRESH_TOKEN_KEY, token);
+            }
+            catch (error) {
+                console.error('Failed to store refresh token:', error);
+                throw error;
+            }
+        },
+        async getRefreshToken() {
+            try {
+                return await tokenStorage.getItem(REFRESH_TOKEN_KEY);
+            }
+            catch (error) {
+                console.warn('Failed to retrieve refresh token from storage:', error);
+                return null;
+            }
+        },
+        async clearTokens() {
+            currentToken = null;
+            try {
+                await Promise.all([
+                    tokenStorage.removeItem(ACCESS_TOKEN_KEY),
+                    tokenStorage.removeItem(REFRESH_TOKEN_KEY)
+                ]);
+            }
+            catch (error) {
+                console.error('Failed to clear tokens from storage:', error);
+                throw error;
+            }
+        },
         async onTokenExpired() {
             // Prevent concurrent refresh attempts
             if (isRefreshing) {
@@ -393,7 +630,13 @@ function createAuthProvider(config) {
             // No refresh logic provided
             if (!config.onTokenExpired) {
                 console.warn('Token expired but no refresh logic provided');
-                currentToken = null; // Clear expired token
+                currentToken = null;
+                try {
+                    await tokenStorage.removeItem(ACCESS_TOKEN_KEY);
+                }
+                catch (error) {
+                    console.warn('Failed to clear expired token from storage:', error);
+                }
                 return;
             }
             // Start refresh process
@@ -407,6 +650,13 @@ function createAuthProvider(config) {
                         const newToken = await config.tokenProvider();
                         if (newToken && newToken !== currentToken) {
                             currentToken = newToken;
+                            // Store the new token
+                            try {
+                                await tokenStorage.setItem(ACCESS_TOKEN_KEY, newToken);
+                            }
+                            catch (error) {
+                                console.warn('Failed to store refreshed token:', error);
+                            }
                             // Notify about successful token refresh
                             if (config.onTokenRefreshed) {
                                 config.onTokenRefreshed(newToken);
@@ -415,17 +665,35 @@ function createAuthProvider(config) {
                         else {
                             console.warn('Token refresh completed but no new token received');
                             currentToken = null;
+                            try {
+                                await tokenStorage.removeItem(ACCESS_TOKEN_KEY);
+                            }
+                            catch (error) {
+                                console.warn('Failed to clear token after failed refresh:', error);
+                            }
                         }
                     }
                     else {
                         // For static token configs, clear the token since we can't refresh
                         console.warn('Token expired for static token config - clearing token');
                         currentToken = null;
+                        try {
+                            await tokenStorage.removeItem(ACCESS_TOKEN_KEY);
+                        }
+                        catch (error) {
+                            console.warn('Failed to clear expired static token:', error);
+                        }
                     }
                 }
                 catch (error) {
                     console.error('Token refresh failed:', error);
                     currentToken = null; // Clear token on refresh failure
+                    try {
+                        await tokenStorage.removeItem(ACCESS_TOKEN_KEY);
+                    }
+                    catch (storageError) {
+                        console.warn('Failed to clear token after refresh failure:', storageError);
+                    }
                     throw error; // Re-throw to let SDK handle the error
                 }
                 finally {
@@ -462,6 +730,44 @@ function createAuthProvider(config) {
   };
 } */
 
+/**
+ * @explorins/pers-sdk/core/auth - Consolidated Auth Module
+ *
+ * All authentication functionality in one place:
+ * - Auth provider interfaces and implementations
+ * - Auth API and service logic
+ * - Token management
+ */
+// Auth provider interfaces and implementations
+/**
+ * Create a complete Auth SDK instance (for backward compatibility)
+ * Note: This is now handled directly by PersApiClient
+ *
+ * @param apiClient - Configured PERS API client
+ * @param authProvider - Optional auth provider. If not provided, uses SimpleSdkAuthProvider
+ * @returns Auth SDK with flattened structure for better DX
+ */
+function createAuthSDK(apiClient, authProvider) {
+    // Use simple internal auth provider if none provided
+    const provider = authProvider || new SimpleSdkAuthProvider();
+    const authApi = new AuthApi(apiClient);
+    const authService = new AuthService(authApi, provider);
+    return {
+        // Direct access to service methods (primary interface)
+        // Admin authentication methods
+        loginTenantAdmin: (jwt) => authService.loginTenantAdmin(jwt),
+        loginUser: (jwt) => authService.loginUser(jwt),
+        refreshAccessToken: (refreshToken) => authService.refreshAccessToken(refreshToken),
+        clearTokens: () => authService.clearTokens(),
+        // Auth provider access for external integration
+        getAuthProvider: () => provider,
+        hasValidToken: () => provider.hasValidToken?.() || false,
+        // Advanced access for edge cases
+        api: authApi,
+        service: authService
+    };
+}
+
 /**
  * PERS SDK - Minimal platform-agnostic client with built-in authentication
  * Authentication is now handled at the SDK core level for better scalability
@@ -495,12 +801,20 @@ function createPersSDK(httpClient, config) {
     return new PersSDK(httpClient, config);
 }
 
+Object.defineProperty(exports, "AccountOwnerType", {
+    enumerable: true,
+    get: function () { return persShared.AccountOwnerType; }
+});
+exports.AuthApi = AuthApi;
+exports.AuthService = AuthService;
 exports.DEFAULT_PERS_CONFIG = DEFAULT_PERS_CONFIG;
 exports.PersApiClient = PersApiClient;
 exports.PersApiError = PersApiError;
 exports.PersSDK = PersSDK;
+exports.SimpleSdkAuthProvider = SimpleSdkAuthProvider;
 exports.buildApiRoot = buildApiRoot;
 exports.createAuthProvider = createAuthProvider;
+exports.createAuthSDK = createAuthSDK;
 exports.createPersSDK = createPersSDK;
 exports.mergeWithDefaults = mergeWithDefaults;
 //# sourceMappingURL=core.cjs.map