@fastshot/auth 1.0.1 → 1.0.2

package/src/types.ts

@@ -0,0 +1,109 @@
+import type { SupabaseClient, User, Session } from '@supabase/supabase-js';
+
+/**
+ * OAuth provider type
+ */
+export type OAuthProvider = 'google' | 'apple';
+
+/**
+ * Authentication mode
+ * - browser: Opens system browser (recommended for most cases)
+ * - webview: Opens in-app WebView (may have limitations)
+ */
+export type AuthMode = 'browser' | 'webview';
+
+/**
+ * Configuration for OAuth sign-in
+ */
+export interface SignInConfig {
+  /** Supabase client instance for session restoration */
+  supabaseClient: SupabaseClient;
+  /** Custom return URL (defaults to fastshot://auth/callback) */
+  returnTo?: string;
+  /** Auth mode: 'browser' (default) or 'webview' */
+  mode?: AuthMode;
+  /** Email hint for Google sign-in */
+  loginHint?: string;
+}
+
+/**
+ * Response from ticket exchange
+ */
+export interface ExchangeTicketResponse {
+  access_token: string;
+  refresh_token: string;
+  token_type: string;
+  expires_in: number;
+  user: User;
+}
+
+/**
+ * Result from OAuth callback handling
+ */
+export interface AuthCallbackResult {
+  success: boolean;
+  session?: Session;
+  user?: User;
+  error?: string;
+}
+
+/**
+ * Error types for authentication
+ */
+export type AuthErrorType =
+  | 'INVALID_TICKET'
+  | 'EXCHANGE_FAILED'
+  | 'SESSION_RESTORE_FAILED'
+  | 'CALLBACK_ERROR'
+  | 'BROWSER_DISMISSED'
+  | 'NETWORK_ERROR'
+  | 'UNKNOWN_ERROR';
+
+/**
+ * Authentication error with type
+ */
+export interface AuthError {
+  type: AuthErrorType;
+  message: string;
+  originalError?: unknown;
+}
+
+/**
+ * State for auth hooks
+ */
+export interface AuthHookState {
+  isLoading: boolean;
+  error: AuthError | null;
+}
+
+/**
+ * Result from useGoogleSignIn or useAppleSignIn hooks
+ */
+export interface UseSignInResult extends AuthHookState {
+  signIn: () => Promise<void>;
+  reset: () => void;
+}
+
+/**
+ * Configuration for useAuthCallback hook
+ */
+export interface UseAuthCallbackConfig {
+  /** Supabase client instance */
+  supabaseClient: SupabaseClient;
+  /** Callback when authentication succeeds */
+  onSuccess?: (result: { session: Session; user: User }) => void;
+  /** Callback when authentication fails */
+  onError?: (error: AuthError) => void;
+}
+
+/**
+ * Result from useAuthCallback hook
+ */
+export interface UseAuthCallbackResult {
+  /** Whether callback is being processed */
+  isProcessing: boolean;
+  /** Error if callback processing failed */
+  error: AuthError | null;
+  /** Manually handle a callback URL */
+  handleUrl: (url: string) => Promise<AuthCallbackResult>;
+}

package/src/utils/deepLink.ts

@@ -0,0 +1,76 @@
+import { AUTH_CONFIG } from '../constants';
+
+/**
+ * Get the default callback URL for OAuth
+ */
+export function getDefaultCallbackUrl(): string {
+  return `${AUTH_CONFIG.DEEP_LINK_SCHEME}://${AUTH_CONFIG.CALLBACK_PATH}`;
+}
+
+/**
+ * Parse OAuth callback URL and extract parameters
+ */
+export function parseCallbackUrl(url: string): {
+  ticket?: string;
+  error?: string;
+  errorDescription?: string;
+} {
+  try {
+    // Handle both URL formats:
+    // fastshot://auth/callback?ticket=xxx
+    // fastshot://auth/callback?error=xxx&error_description=xxx
+
+    // Extract query string
+    const queryStart = url.indexOf('?');
+    if (queryStart === -1) {
+      return {};
+    }
+
+    const queryString = url.substring(queryStart + 1);
+    const params = new URLSearchParams(queryString);
+
+    return {
+      ticket: params.get('ticket') || undefined,
+      error: params.get('error') || undefined,
+      errorDescription: params.get('error_description') || undefined,
+    };
+  } catch {
+    return {};
+  }
+}
+
+/**
+ * Check if a URL is a valid auth callback URL
+ */
+export function isAuthCallbackUrl(url: string): boolean {
+  if (!url) return false;
+
+  const expectedPrefix = `${AUTH_CONFIG.DEEP_LINK_SCHEME}://${AUTH_CONFIG.CALLBACK_PATH}`;
+  return url.startsWith(expectedPrefix);
+}
+
+/**
+ * Build the OAuth start URL
+ */
+export function buildOAuthStartUrl(
+  provider: 'google' | 'apple',
+  params: {
+    tenant: string;
+    returnTo: string;
+    mode?: 'browser' | 'webview';
+    loginHint?: string;
+  }
+): string {
+  const endpoint = provider === 'google' ? '/v1/auth/google/start' : '/v1/auth/apple/start';
+  const url = new URL(endpoint, AUTH_CONFIG.AUTH_BROKER_URL);
+
+  url.searchParams.set('tenant', params.tenant);
+  url.searchParams.set('return_to', params.returnTo);
+  url.searchParams.set('mode', params.mode || 'browser');
+
+  if (params.loginHint && provider === 'google') {
+    url.searchParams.set('login_hint', params.loginHint);
+  }
+
+  return url.toString();
+}

package/src/utils/index.ts

@@ -0,0 +1,14 @@
+export {
+  getDefaultCallbackUrl,
+  parseCallbackUrl,
+  isAuthCallbackUrl,
+  buildOAuthStartUrl,
+} from './deepLink';
+
+export {
+  exchangeTicket,
+  createAuthError,
+  isAuthError,
+} from './ticketExchange';
+
+export { restoreSession } from './session';

package/src/utils/session.ts

@@ -0,0 +1,45 @@
+import type { SupabaseClient, Session } from '@supabase/supabase-js';
+import type { ExchangeTicketResponse, AuthError } from '../types';
+import { createAuthError } from './ticketExchange';
+
+/**
+ * Restore a Supabase session from exchange response
+ */
+export async function restoreSession(
+  supabaseClient: SupabaseClient,
+  exchangeResponse: ExchangeTicketResponse
+): Promise<Session> {
+  try {
+    const { data, error } = await supabaseClient.auth.setSession({
+      access_token: exchangeResponse.access_token,
+      refresh_token: exchangeResponse.refresh_token,
+    });
+
+    if (error) {
+      throw createAuthError(
+        'SESSION_RESTORE_FAILED',
+        `Failed to restore session: ${error.message}`,
+        error
+      );
+    }
+
+    if (!data.session) {
+      throw createAuthError(
+        'SESSION_RESTORE_FAILED',
+        'Session restore succeeded but no session returned'
+      );
+    }
+
+    return data.session;
+  } catch (error) {
+    if ((error as AuthError).type) {
+      throw error;
+    }
+
+    throw createAuthError(
+      'SESSION_RESTORE_FAILED',
+      error instanceof Error ? error.message : 'Unknown error during session restore',
+      error
+    );
+  }
+}

package/src/utils/ticketExchange.ts

@@ -0,0 +1,84 @@
+import { AUTH_CONFIG, AUTH_ENDPOINTS, DEFAULT_AUTH_CONFIG } from '../constants';
+import type { ExchangeTicketResponse, AuthError } from '../types';
+
+/**
+ * Exchange a one-time ticket for Supabase session tokens
+ */
+export async function exchangeTicket(ticket: string): Promise<ExchangeTicketResponse> {
+  const url = `${AUTH_CONFIG.AUTH_BROKER_URL}${AUTH_ENDPOINTS.EXCHANGE_TICKET}`;
+
+  try {
+    const response = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ ticket }),
+    });
+
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+
+      if (response.status === 401) {
+        throw createAuthError(
+          'INVALID_TICKET',
+          errorData.detail || 'Invalid or expired ticket'
+        );
+      }
+
+      throw createAuthError(
+        'EXCHANGE_FAILED',
+        errorData.detail || `Ticket exchange failed: ${response.status}`
+      );
+    }
+
+    const data: ExchangeTicketResponse = await response.json();
+    return data;
+  } catch (error) {
+    if (isAuthError(error)) {
+      throw error;
+    }
+
+    // Network or other errors
+    if (error instanceof TypeError && error.message.includes('fetch')) {
+      throw createAuthError(
+        'NETWORK_ERROR',
+        'Network error during ticket exchange. Please check your connection.',
+        error
+      );
+    }
+
+    throw createAuthError(
+      'EXCHANGE_FAILED',
+      error instanceof Error ? error.message : 'Unknown error during ticket exchange',
+      error
+    );
+  }
+}
+
+/**
+ * Create a typed auth error
+ */
+export function createAuthError(
+  type: AuthError['type'],
+  message: string,
+  originalError?: unknown
+): AuthError {
+  return {
+    type,
+    message,
+    originalError,
+  };
+}
+
+/**
+ * Type guard for AuthError
+ */
+export function isAuthError(error: unknown): error is AuthError {
+  return (
+    typeof error === 'object' &&
+    error !== null &&
+    'type' in error &&
+    'message' in error
+  );
+}

package/dist/auth.d.ts

@@ -1,82 +0,0 @@
-/**
- * Core authentication functions for OAuth with auth-broker
- */
-import type { SupabaseClient } from '@supabase/supabase-js';
-import type { AuthMode, AuthCallbackResult } from './types';
-/**
- * Configuration for sign-in function
- */
-export interface SignInOptions {
-    /** Supabase client for session restoration */
-    supabaseClient: SupabaseClient;
-    /** Custom return URL (defaults to fastshot://auth/callback) */
-    returnTo?: string;
-    /** Auth mode: 'browser' (default) or 'webview' */
-    mode?: AuthMode;
-    /** Email hint for Google sign-in */
-    loginHint?: string;
-}
-/**
- * Sign in with Google OAuth
- *
- * Opens the system browser to initiate Google OAuth flow via auth-broker.
- * After successful authentication, the browser redirects back to the app.
- *
- * @example
- * ```typescript
- * import { signInWithGoogle } from '@fastshot/auth';
- * import { supabase } from './lib/supabase';
- *
- * await signInWithGoogle({ supabaseClient: supabase });
- * ```
- */
-export declare function signInWithGoogle(options: SignInOptions): Promise<void>;
-/**
- * Sign in with Apple OAuth
- *
- * Opens the system browser to initiate Apple OAuth flow via auth-broker.
- * After successful authentication, the browser redirects back to the app.
- *
- * @example
- * ```typescript
- * import { signInWithApple } from '@fastshot/auth';
- * import { supabase } from './lib/supabase';
- *
- * await signInWithApple({ supabaseClient: supabase });
- * ```
- */
-export declare function signInWithApple(options: SignInOptions): Promise<void>;
-/**
- * Handle OAuth callback URL and restore session
- *
- * Call this when your app receives a deep link callback from OAuth.
- * This function exchanges the ticket for tokens and restores the Supabase session.
- *
- * @example
- * ```typescript
- * import { handleAuthCallback } from '@fastshot/auth';
- * import { supabase } from './lib/supabase';
- * import * as Linking from 'expo-linking';
- *
- * Linking.addEventListener('url', async ({ url }) => {
- *   const result = await handleAuthCallback(url, supabase);
- *   if (result.success) {
- *     console.log('Logged in as:', result.user?.email);
- *   }
- * });
- * ```
- */
-export declare function handleAuthCallback(url: string, supabaseClient: SupabaseClient): Promise<AuthCallbackResult>;
-/**
- * Sign out from Supabase
- *
- * @example
- * ```typescript
- * import { signOut } from '@fastshot/auth';
- * import { supabase } from './lib/supabase';
- *
- * await signOut(supabase);
- * ```
- */
-export declare function signOut(supabaseClient: SupabaseClient): Promise<void>;
-//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAW,MAAM,uBAAuB,CAAC;AAErE,OAAO,KAAK,EAEV,QAAQ,EACR,kBAAkB,EAEnB,MAAM,SAAS,CAAC;AA2BjB;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,8CAA8C;IAC9C,cAAc,EAAE,cAAc,CAAC;IAC/B,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kDAAkD;IAClD,IAAI,CAAC,EAAE,QAAQ,CAAC;IAChB,oCAAoC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAE5E;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAE3E;AAmCD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,cAAc,GAC7B,OAAO,CAAC,kBAAkB,CAAC,CA8C7B;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,OAAO,CAAC,cAAc,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAK3E"}

package/dist/auth.js

@@ -1,149 +0,0 @@
-/**
- * Core authentication functions for OAuth with auth-broker
- */
-import * as WebBrowser from 'expo-web-browser';
-import { AUTH_CONFIG } from './constants';
-import { getDefaultCallbackUrl, parseCallbackUrl, isAuthCallbackUrl, buildOAuthStartUrl, exchangeTicket, restoreSession, createAuthError, } from './utils';
-/**
- * Get the project ID from environment variables
- */
-function getProjectId() {
-    const projectId = AUTH_CONFIG.PROJECT_ID;
-    if (!projectId) {
-        throw createAuthError('UNKNOWN_ERROR', 'Project ID not found. Ensure EXPO_PUBLIC_PROJECT_ID is set in your .env file.');
-    }
-    return projectId;
-}
-/**
- * Sign in with Google OAuth
- *
- * Opens the system browser to initiate Google OAuth flow via auth-broker.
- * After successful authentication, the browser redirects back to the app.
- *
- * @example
- * ```typescript
- * import { signInWithGoogle } from '@fastshot/auth';
- * import { supabase } from './lib/supabase';
- *
- * await signInWithGoogle({ supabaseClient: supabase });
- * ```
- */
-export async function signInWithGoogle(options) {
-    return signInWithProvider('google', options);
-}
-/**
- * Sign in with Apple OAuth
- *
- * Opens the system browser to initiate Apple OAuth flow via auth-broker.
- * After successful authentication, the browser redirects back to the app.
- *
- * @example
- * ```typescript
- * import { signInWithApple } from '@fastshot/auth';
- * import { supabase } from './lib/supabase';
- *
- * await signInWithApple({ supabaseClient: supabase });
- * ```
- */
-export async function signInWithApple(options) {
-    return signInWithProvider('apple', options);
-}
-/**
- * Generic sign-in with OAuth provider
- */
-async function signInWithProvider(provider, options) {
-    const { returnTo = getDefaultCallbackUrl(), mode = 'browser', loginHint, } = options;
-    const projectId = getProjectId();
-    const authUrl = buildOAuthStartUrl(provider, {
-        tenant: projectId,
-        returnTo,
-        mode,
-        loginHint,
-    });
-    // Open browser for OAuth flow
-    const result = await WebBrowser.openAuthSessionAsync(authUrl, returnTo);
-    if (result.type === 'cancel' || result.type === 'dismiss') {
-        throw createAuthError('BROWSER_DISMISSED', 'Authentication was cancelled');
-    }
-    // Note: The actual session restoration happens in handleAuthCallback
-    // which should be called when the deep link is received
-}
-/**
- * Handle OAuth callback URL and restore session
- *
- * Call this when your app receives a deep link callback from OAuth.
- * This function exchanges the ticket for tokens and restores the Supabase session.
- *
- * @example
- * ```typescript
- * import { handleAuthCallback } from '@fastshot/auth';
- * import { supabase } from './lib/supabase';
- * import * as Linking from 'expo-linking';
- *
- * Linking.addEventListener('url', async ({ url }) => {
- *   const result = await handleAuthCallback(url, supabase);
- *   if (result.success) {
- *     console.log('Logged in as:', result.user?.email);
- *   }
- * });
- * ```
- */
-export async function handleAuthCallback(url, supabaseClient) {
-    // Check if this is an auth callback URL
-    if (!isAuthCallbackUrl(url)) {
-        return {
-            success: false,
-            error: 'Not an auth callback URL',
-        };
-    }
-    const { ticket, error, errorDescription } = parseCallbackUrl(url);
-    // Handle OAuth error from auth-broker
-    if (error) {
-        return {
-            success: false,
-            error: errorDescription || error,
-        };
-    }
-    // No ticket means something went wrong
-    if (!ticket) {
-        return {
-            success: false,
-            error: 'No ticket in callback URL',
-        };
-    }
-    try {
-        // Exchange ticket for session tokens
-        const exchangeResponse = await exchangeTicket(ticket);
-        // Restore session to Supabase client
-        const session = await restoreSession(supabaseClient, exchangeResponse);
-        return {
-            success: true,
-            session,
-            user: session.user,
-        };
-    }
-    catch (err) {
-        const authError = err;
-        return {
-            success: false,
-            error: authError.message || 'Failed to complete authentication',
-        };
-    }
-}
-/**
- * Sign out from Supabase
- *
- * @example
- * ```typescript
- * import { signOut } from '@fastshot/auth';
- * import { supabase } from './lib/supabase';
- *
- * await signOut(supabase);
- * ```
- */
-export async function signOut(supabaseClient) {
-    const { error } = await supabaseClient.auth.signOut();
-    if (error) {
-        throw createAuthError('UNKNOWN_ERROR', `Sign out failed: ${error.message}`, error);
-    }
-}

package/dist/constants.d.ts

@@ -1,38 +0,0 @@
-/**
- * Auth Broker configuration
- * URLs are read from environment variables at runtime
- *
- * Required env vars:
- * - EXPO_PUBLIC_AUTH_BROKER_URL: Auth broker service URL
- * - EXPO_PUBLIC_PROJECT_ID: Fastshot project ID
- */
-export declare const AUTH_CONFIG: {
-    /** Auth broker URL - must be set via EXPO_PUBLIC_AUTH_BROKER_URL */
-    readonly AUTH_BROKER_URL: string;
-    /** Project ID for authentication */
-    readonly PROJECT_ID: string | undefined;
-    /** Deep link scheme for OAuth callback */
-    readonly DEEP_LINK_SCHEME: "fastshot";
-    /** Callback path for OAuth */
-    readonly CALLBACK_PATH: "auth/callback";
-};
-/**
- * OAuth endpoints on the auth broker
- */
-export declare const AUTH_ENDPOINTS: {
-    readonly GOOGLE_START: "/v1/auth/google/start";
-    readonly APPLE_START: "/v1/auth/apple/start";
-    readonly EXCHANGE_TICKET: "/v1/auth/exchange";
-};
-/**
- * Supported OAuth providers
- */
-export type OAuthProvider = 'google' | 'apple';
-/**
- * Default configuration values
- */
-export declare const DEFAULT_AUTH_CONFIG: {
-    readonly TIMEOUT: 30000;
-    readonly MODE: "browser";
-};
-//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAYA;;;;;;;GAOG;AACH,eAAO,MAAM,WAAW;IACtB,oEAAoE;8BAC7C,MAAM;IAG7B,oCAAoC;yBAClB,MAAM,GAAG,SAAS;IAGpC,0CAA0C;;IAE1C,8BAA8B;;CAEtB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,cAAc;;;;CAIjB,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,OAAO,CAAC;AAE/C;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;CAGtB,CAAC"}

package/dist/constants.js

@@ -1,48 +0,0 @@
-/**
- * Get environment variable with fallback
- * Works in both React Native (process.env.EXPO_PUBLIC_*) and Node.js environments
- */
-function getEnvVar(key, fallback) {
-    // React Native / Expo environment
-    if (typeof process !== 'undefined' && process.env) {
-        return process.env[key] || fallback;
-    }
-    return fallback;
-}
-/**
- * Auth Broker configuration
- * URLs are read from environment variables at runtime
- *
- * Required env vars:
- * - EXPO_PUBLIC_AUTH_BROKER_URL: Auth broker service URL
- * - EXPO_PUBLIC_PROJECT_ID: Fastshot project ID
- */
-export const AUTH_CONFIG = {
-    /** Auth broker URL - must be set via EXPO_PUBLIC_AUTH_BROKER_URL */
-    get AUTH_BROKER_URL() {
-        return getEnvVar('EXPO_PUBLIC_AUTH_BROKER_URL', '');
-    },
-    /** Project ID for authentication */
-    get PROJECT_ID() {
-        return getEnvVar('EXPO_PUBLIC_PROJECT_ID', '');
-    },
-    /** Deep link scheme for OAuth callback */
-    DEEP_LINK_SCHEME: 'fastshot',
-    /** Callback path for OAuth */
-    CALLBACK_PATH: 'auth/callback',
-};
-/**
- * OAuth endpoints on the auth broker
- */
-export const AUTH_ENDPOINTS = {
-    GOOGLE_START: '/v1/auth/google/start',
-    APPLE_START: '/v1/auth/apple/start',
-    EXCHANGE_TICKET: '/v1/auth/exchange',
-};
-/**
- * Default configuration values
- */
-export const DEFAULT_AUTH_CONFIG = {
-    TIMEOUT: 30000, // 30 seconds
-    MODE: 'browser',
-};

package/dist/hooks/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,YAAY,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAEtF,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,YAAY,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAEnF,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,YAAY,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/hooks/index.js

@@ -1,3 +0,0 @@
-export { useGoogleSignIn } from './useGoogleSignIn';
-export { useAppleSignIn } from './useAppleSignIn';
-export { useAuthCallback } from './useAuthCallback';