@forjio/engine-auth 0.1.0

package/src/oauth.ts

@@ -0,0 +1,111 @@
+import passport from 'passport';
+import { Strategy as GoogleStrategy, Profile as GoogleProfile } from 'passport-google-oauth20';
+import { Strategy as GithubStrategy } from 'passport-github2';
+import { AuthConfig } from './types';
+
+export interface OAuthProfile {
+  provider: 'google' | 'github';
+  providerId: string;
+  email: string;
+  name: string | null;
+  avatarUrl: string | null;
+}
+
+export type FindOrCreateUser = (
+  profile: OAuthProfile
+) => Promise<{ id: string; email: string }>;
+
+export function configureGoogleStrategy(
+  config: AuthConfig,
+  findOrCreateUser: FindOrCreateUser
+): void {
+  if (!config.google) return;
+
+  passport.use(
+    new GoogleStrategy(
+      {
+        clientID: config.google.clientId,
+        clientSecret: config.google.clientSecret,
+        callbackURL: config.google.callbackUrl,
+        scope: ['profile', 'email'],
+      },
+      async (_accessToken, _refreshToken, profile: GoogleProfile, done) => {
+        try {
+          const email = profile.emails?.[0]?.value;
+          if (!email) {
+            return done(new Error('No email found in Google profile'));
+          }
+
+          const oauthProfile: OAuthProfile = {
+            provider: 'google',
+            providerId: profile.id,
+            email,
+            name: profile.displayName || null,
+            avatarUrl: profile.photos?.[0]?.value || null,
+          };
+
+          const user = await findOrCreateUser(oauthProfile);
+          return done(null, user);
+        } catch (err) {
+          return done(err as Error);
+        }
+      }
+    )
+  );
+}
+
+export function configureGithubStrategy(
+  config: AuthConfig,
+  findOrCreateUser: FindOrCreateUser
+): void {
+  if (!config.github) return;
+
+  passport.use(
+    new GithubStrategy(
+      {
+        clientID: config.github.clientId,
+        clientSecret: config.github.clientSecret,
+        callbackURL: config.github.callbackUrl,
+        scope: ['user:email'],
+      },
+      async (
+        _accessToken: string,
+        _refreshToken: string,
+        profile: { id: string; displayName?: string; emails?: Array<{ value: string }>; photos?: Array<{ value: string }> },
+        done: (err: Error | null, user?: { id: string; email: string }) => void
+      ) => {
+        try {
+          const email = profile.emails?.[0]?.value;
+          if (!email) {
+            return done(new Error('No email found in GitHub profile'));
+          }
+
+          const oauthProfile: OAuthProfile = {
+            provider: 'github',
+            providerId: profile.id,
+            email,
+            name: profile.displayName || null,
+            avatarUrl: profile.photos?.[0]?.value || null,
+          };
+
+          const user = await findOrCreateUser(oauthProfile);
+          return done(null, user);
+        } catch (err) {
+          return done(err as Error);
+        }
+      }
+    )
+  );
+}
+
+export function setupOAuth(
+  config: AuthConfig,
+  findOrCreateUser: FindOrCreateUser
+): void {
+  if (config.google) {
+    configureGoogleStrategy(config, findOrCreateUser);
+  }
+  if (config.github) {
+    configureGithubStrategy(config, findOrCreateUser);
+  }
+}

package/src/session.ts

@@ -0,0 +1,78 @@
+import Redis from 'ioredis';
+import { v4 as uuidv4 } from 'uuid';
+import { SessionData } from './types';
+
+const KEY_PREFIX = 'engine:session:';
+const USER_SESSIONS_PREFIX = 'engine:user-sessions:';
+const DEFAULT_TTL_SECONDS = 7 * 24 * 60 * 60; // 7 days
+
+export interface SessionStore {
+  create(sessionData: SessionData): Promise<string>;
+  get(sessionId: string): Promise<SessionData | null>;
+  destroy(sessionId: string): Promise<void>;
+  destroyAllForUser(userId: string): Promise<void>;
+}
+
+export function createSessionStore(redisUrl: string): SessionStore {
+  const redis = new Redis(redisUrl);
+
+  return {
+    async create(sessionData: SessionData): Promise<string> {
+      const sessionId = uuidv4();
+      const key = `${KEY_PREFIX}${sessionId}`;
+      const serialized = JSON.stringify(sessionData);
+
+      await redis.setex(key, DEFAULT_TTL_SECONDS, serialized);
+
+      // Track session IDs per user for bulk destruction
+      const userKey = `${USER_SESSIONS_PREFIX}${sessionData.userId}`;
+      await redis.sadd(userKey, sessionId);
+      await redis.expire(userKey, DEFAULT_TTL_SECONDS);
+
+      return sessionId;
+    },
+
+    async get(sessionId: string): Promise<SessionData | null> {
+      const key = `${KEY_PREFIX}${sessionId}`;
+      const data = await redis.get(key);
+
+      if (!data) return null;
+
+      const session = JSON.parse(data) as SessionData;
+
+      // Check logical expiry
+      if (session.expiresAt < Date.now()) {
+        await redis.del(key);
+        return null;
+      }
+
+      return session;
+    },
+
+    async destroy(sessionId: string): Promise<void> {
+      const key = `${KEY_PREFIX}${sessionId}`;
+
+      // Get session to find userId before deleting
+      const data = await redis.get(key);
+      if (data) {
+        const session = JSON.parse(data) as SessionData;
+        const userKey = `${USER_SESSIONS_PREFIX}${session.userId}`;
+        await redis.srem(userKey, sessionId);
+      }
+
+      await redis.del(key);
+    },
+
+    async destroyAllForUser(userId: string): Promise<void> {
+      const userKey = `${USER_SESSIONS_PREFIX}${userId}`;
+      const sessionIds = await redis.smembers(userKey);
+
+      if (sessionIds.length > 0) {
+        const keys = sessionIds.map((id) => `${KEY_PREFIX}${id}`);
+        await redis.del(...keys);
+      }
+
+      await redis.del(userKey);
+    },
+  };
+}

package/src/types.ts

@@ -0,0 +1,45 @@
+export interface EngineUser {
+  id: string;
+  email: string;
+  name: string | null;
+  role: 'user' | 'admin';
+  subscriptionTier: string | null;
+  midtransCustomerId: string | null;
+  emailVerified: boolean;
+}
+
+export interface ApiKey {
+  id: string;
+  key: string;
+  userId: string;
+  productSlug: string;
+  scopes: string[];
+  expiresAt: Date | null;
+  lastUsedAt: Date | null;
+  createdAt: Date;
+}
+
+export interface SessionData {
+  userId: string;
+  email: string;
+  role: string;
+  productSlug: string;
+  expiresAt: number;
+}
+
+export interface JwtPayload {
+  userId: string;
+  email: string;
+  role: string;
+  subscriptionTier: string | null;
+}
+
+export interface AuthConfig {
+  jwtSecret: string;
+  jwtRefreshSecret: string;
+  jwtExpiresIn?: string;
+  jwtRefreshExpiresIn?: string;
+  redisUrl?: string;
+  google?: { clientId: string; clientSecret: string; callbackUrl: string };
+  github?: { clientId: string; clientSecret: string; callbackUrl: string };
+}

package/tsconfig.json

@@ -0,0 +1,19 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "commonjs",
+    "lib": ["ES2022"],
+    "outDir": "dist",
+    "rootDir": "src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src"],
+  "exclude": ["node_modules", "dist"]
+}

package/vitest.config.ts

@@ -0,0 +1,21 @@
+import { defineConfig } from 'vitest/config'
+
+export default defineConfig({
+  test: {
+    globals: true,
+    environment: 'node',
+    include: ['src/**/__tests__/**/*.test.ts'],
+    exclude: ['**/node_modules/**', '**/dist/**', '**/*.d.ts'],
+    testTimeout: 10000,
+    coverage: {
+      provider: 'v8',
+      reporter: ['text', 'json', 'html'],
+      exclude: [
+        'node_modules/',
+        '**/*.d.ts',
+        '**/*.config.*',
+        'src/__tests__/**',
+      ],
+    },
+  },
+})