@geins/crm 0.1.1-canary

package/src/auth/authService.ts

@@ -0,0 +1,175 @@
+/*
+  SERVER OR/AND CLIENT
+*/
+import { AUTH_COOKIES, CookieService, logWrite } from '@geins/core';
+import type { AuthResponse, AuthCredentials, AuthTokens } from '@geins/types';
+import { AuthServiceClient } from './authServiceClient';
+import { authClaimsTokenSerializeToObject } from './authHelpers';
+
+const EXPIRES_SOON_THRESHOLD = 90;
+
+export class AuthService {
+  private signEndpoint: string;
+  private authEndpoint: string;
+  private client: AuthServiceClient | undefined;
+  private cookieService: CookieService;
+
+  constructor(signEndpoint: string, authEndpoint: string) {
+    this.signEndpoint = signEndpoint;
+    this.authEndpoint = authEndpoint;
+    this.cookieService = new CookieService();
+    this.initClient();
+  }
+  // initialize client
+  private initClient(): void {
+    this.client = new AuthServiceClient(this.authEndpoint, this.signEndpoint);
+  }
+  // helper to make sure client is initialized
+  private ensureClientInitialized(): void {
+    if (!this.client) {
+      this.initClient();
+    }
+    if (!this.client) {
+      throw new Error('AuthServiceClient is not initialized');
+    }
+  }
+
+  // login in user
+  public async login(credentials: AuthCredentials): Promise<AuthResponse> {
+    try {
+      this.ensureClientInitialized();
+
+      const result = await this.client!.login(
+        credentials.username,
+        credentials.password,
+        credentials.rememberUser,
+      );
+
+      return AuthService.getUserObjectFromToken(result.token, result.refreshToken);
+    } catch (error) {
+      return this.handleError('Login failed', error);
+    }
+  }
+
+  // get user if userToken is provided parse from token if not use refresh token to get user
+  public async getUser(refreshToken: string, userToken?: string): Promise<AuthResponse> {
+    try {
+      if (userToken) {
+        const authResponse = AuthService.getUserObjectFromToken(userToken, refreshToken);
+        if (!authResponse) {
+          return { succeeded: false };
+        }
+        if (authResponse.tokens?.expiresSoon) {
+          return await this.refresh(refreshToken);
+        }
+
+        return authResponse;
+      } else {
+        return await this.refresh(refreshToken);
+      }
+    } catch (error) {
+      return this.handleError('Get user failed', error);
+    }
+  }
+
+  // change password
+  public async changePassword(credentials: AuthCredentials, refreshToken: string): Promise<AuthResponse> {
+    if (!credentials.newPassword || !refreshToken) {
+      return { succeeded: false };
+    }
+    try {
+      this.ensureClientInitialized();
+      const result = await this.client!.changePassword(credentials, refreshToken);
+      if (!result.token) {
+        return { succeeded: false };
+      }
+      const authResponse = AuthService.getUserObjectFromToken(result.token, result.refreshToken);
+      if (!authResponse) {
+        return { succeeded: false };
+      }
+      return authResponse;
+    } catch (error) {
+      return this.handleError('Token refresh failed', error);
+    }
+  }
+
+  // get new refresh token and token
+  public async refresh(refreshToken: string): Promise<AuthResponse> {
+    if (!refreshToken) {
+      return { succeeded: false };
+    }
+
+    try {
+      this.ensureClientInitialized();
+      const result = await this.client!.renewRefreshtoken(refreshToken);
+      if (!result.token) {
+        return { succeeded: false };
+      }
+      const authResponse = AuthService.getUserObjectFromToken(result.token, result.refreshToken);
+      if (!authResponse) {
+        return { succeeded: false };
+      }
+      return authResponse;
+    } catch (error) {
+      return this.handleError('Token refresh failed', error);
+    }
+  }
+
+  // register new user
+  public async register(credentials: AuthCredentials): Promise<AuthResponse> {
+    try {
+      this.ensureClientInitialized();
+      const result = await this.client!.register(credentials.username, credentials.password);
+
+      if (!result) {
+        return { succeeded: false };
+      }
+
+      return AuthService.getUserObjectFromToken(result.token, result.refreshToken);
+    } catch (error) {
+      return this.handleError('Register new user failed', error);
+    }
+  }
+
+  // serialize user from jwt token
+  static getUserObjectFromToken(userToken: string, refreshToken?: string): AuthResponse {
+    try {
+      const userFromToken = authClaimsTokenSerializeToObject(userToken);
+      if (!userFromToken) {
+        throw new Error('Failed to parse user token');
+      }
+
+      const now = Math.floor(Date.now() / 1000);
+      const expiresIn = parseInt(userFromToken.exp || '0') - now;
+      const expiresSoon = expiresIn < EXPIRES_SOON_THRESHOLD;
+
+      return {
+        succeeded: true,
+        user: {
+          authenticated: !userFromToken.expired,
+          userId: userFromToken.sid || '',
+          username: userFromToken.name || 'unknown',
+          customerType: (userFromToken.customerType || 'unknown').toUpperCase(),
+          memberDiscount: userFromToken.memberDiscount || '0',
+          memberType: userFromToken.memberType || 'unknown',
+          memberId: userFromToken.memberId || '0',
+        },
+        tokens: {
+          token: userToken,
+          expires: parseInt(userFromToken.exp || '0'),
+          expired: now >= parseInt(userFromToken.exp || '0'),
+          expiresSoon,
+          expiresIn,
+          refreshToken: refreshToken,
+        },
+      };
+    } catch (error) {
+      throw new Error('Failed to parse user token');
+    }
+  }
+
+  // error handler
+  private handleError(message: string, error: unknown): any {
+    return { succeeded: false, error: { message, details: error } };
+  }
+}

package/src/auth/authServiceClient.ts

@@ -0,0 +1,267 @@
+import {
+  logWrite,
+  AUTH_HEADERS,
+  type AuthCredentials,
+  type AuthUserToken,
+  type AuthSignature,
+} from '@geins/core';
+import { digest } from './authHelpers';
+
+export class AuthServiceClient {
+  private authEndpoint: string;
+  private signEndpoint: string;
+
+  constructor(authEndpoint: string, signEndpoint: string) {
+    if (!authEndpoint || !signEndpoint) {
+      throw new Error('Both authEndpoint and signEndpoint are required');
+    }
+    this.authEndpoint = authEndpoint;
+    this.signEndpoint = signEndpoint;
+  }
+
+  private getAuthEndpointUrl(endpoint: string): string {
+    return `${this.authEndpoint}/${endpoint}`;
+  }
+
+  private getSignEndpointUrl(signature: string): string {
+    return `${this.signEndpoint}${encodeURIComponent(signature)}`;
+  }
+
+  private extractRefreshTokenFromResponse(response: Response): string {
+    const refreshTokenHeader = response.headers.get(AUTH_HEADERS.REFRESH_TOKEN);
+    if (!refreshTokenHeader) {
+      throw new Error('Error');
+    }
+    return refreshTokenHeader;
+  }
+
+  private async requestAuthChallenge(username: string): Promise<string> {
+    const url = this.getAuthEndpointUrl('login');
+    const options: RequestInit = {
+      method: 'POST',
+      cache: 'no-cache',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ username }),
+    };
+    const response = await fetch(url, options);
+    const text = await response.text();
+    const retval = JSON.parse(text);
+    if (!retval?.sign) {
+      throw new Error('Failed to fetch sign');
+    }
+    return retval.sign;
+  }
+
+  private async verifyAuthChallenge(signatureToken: string): Promise<AuthSignature> {
+    const url = this.getSignEndpointUrl(signatureToken);
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+    });
+    if (!response.ok) {
+      throw new Error('Failed to verify challenge');
+    }
+    const text = await response.text();
+    if (!text) {
+      throw new Error('Failed to verify challenge: Empty response');
+    }
+    return JSON.parse(text);
+  }
+
+  private async fetchUserToken(
+    username: string,
+    password: string,
+    rememberUser: boolean,
+  ): Promise<AuthUserToken> {
+    const url = this.getAuthEndpointUrl('login');
+
+    const challangeToken = await this.requestAuthChallenge(username);
+    const authenticationSignature = await this.verifyAuthChallenge(challangeToken);
+    const requestBody: Record<string, any> = {
+      username,
+      signature: authenticationSignature,
+      password: await digest(password),
+      ...(rememberUser ? {} : { sessionLifetime: 30 }),
+    };
+
+    const requestOptions: RequestInit = {
+      method: 'POST',
+      cache: 'no-cache',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(requestBody),
+    };
+
+    const response = await fetch(url, requestOptions);
+    if (!response.ok) {
+      throw new Error(`Failed to fetch user token: ${response.statusText}`);
+    }
+
+    const refreshToken = this.extractRefreshTokenFromResponse(response);
+
+    const userToken = await response.text();
+    if (!userToken) {
+      throw new Error('Failed to fetch user token: Empty response');
+    }
+
+    const retval = JSON.parse(userToken);
+    return {
+      maxAge: retval.maxAge,
+      token: retval.token,
+      refreshToken,
+    };
+  }
+
+  private async fetchRefreshToken(refreshToken: string): Promise<AuthUserToken> {
+    const url = this.getAuthEndpointUrl('login');
+    const requestOptions: RequestInit = {
+      method: 'GET',
+      cache: 'no-cache',
+      headers: {
+        'Content-Type': 'application/json',
+        [`${AUTH_HEADERS.REFRESH_TOKEN}`]: refreshToken,
+      },
+    };
+    const response = await fetch(url, requestOptions);
+    if (!response.ok) {
+      throw new Error(`Failed to renew refresh token: ${response.statusText}`);
+    }
+
+    const newRefreshToken = this.extractRefreshTokenFromResponse(response);
+
+    const userToken = await response.text();
+    if (!userToken) {
+      throw new Error('Failed to fetch user token: Empty response');
+    }
+
+    const retval = JSON.parse(userToken);
+    return {
+      maxAge: retval.maxAge,
+      token: retval.token,
+      refreshToken: newRefreshToken,
+    };
+  }
+
+  private async performChangePassword(
+    username: string,
+    currentPassword: string,
+    newPassword: string,
+    refreshToken: string,
+  ): Promise<AuthUserToken> {
+    const url = this.getAuthEndpointUrl('password');
+
+    const challangeToken = await this.requestAuthChallenge(username);
+    const authenticationSignature = await this.verifyAuthChallenge(challangeToken);
+
+    const requestBody: Record<string, any> = {
+      username,
+      signature: authenticationSignature,
+      password: await digest(currentPassword),
+      newPassword: await digest(newPassword),
+    };
+
+    const requestOptions: RequestInit = {
+      method: 'POST',
+      cache: 'no-cache',
+      headers: {
+        'Content-Type': 'application/json',
+        [`${AUTH_HEADERS.REFRESH_TOKEN}`]: refreshToken,
+      },
+      body: JSON.stringify(requestBody),
+    };
+
+    const response = await fetch(url, requestOptions);
+    if (!response.ok) {
+      throw new Error(`Failed to change password: ${response.statusText}`);
+    }
+
+    refreshToken = this.extractRefreshTokenFromResponse(response);
+
+    const userToken = await response.text();
+    if (!userToken) {
+      throw new Error('Failed to change password: Empty response');
+    }
+
+    const retval = JSON.parse(userToken);
+    return {
+      maxAge: retval.maxAge,
+      token: retval.token,
+      refreshToken,
+    };
+  }
+
+  private async performUserRegister(username: string, password: string): Promise<AuthUserToken> {
+    const url = this.getAuthEndpointUrl('register');
+
+    const challangeToken = await this.requestAuthChallenge(username);
+    const authenticationSignature = await this.verifyAuthChallenge(challangeToken);
+
+    const requestBody: Record<string, any> = {
+      username,
+      signature: authenticationSignature,
+      password: await digest(password),
+    };
+
+    const requestOptions: RequestInit = {
+      method: 'POST',
+      cache: 'no-cache',
+      headers: {
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(requestBody),
+    };
+
+    const response = await fetch(url, requestOptions);
+    if (!response.ok) {
+      throw new Error(`Failed to register user: ${response.statusText}`);
+    }
+
+    const refreshToken = this.extractRefreshTokenFromResponse(response);
+
+    const userToken = await response.text();
+    if (!userToken) {
+      throw new Error('Failed to register user: Empty response');
+    }
+
+    const retval = JSON.parse(userToken);
+    return {
+      maxAge: retval.maxAge,
+      token: retval.token,
+      refreshToken,
+    };
+  }
+
+  public async register(username: string, password: string): Promise<AuthUserToken> {
+    return this.performUserRegister(username, password);
+  }
+
+  public async login(username: string, password: string, rememberUser?: boolean): Promise<AuthUserToken> {
+    return this.fetchUserToken(username, password, rememberUser!);
+  }
+
+  public async renewRefreshtoken(refreshToken: string): Promise<AuthUserToken> {
+    return this.fetchRefreshToken(refreshToken);
+  }
+
+  public async changePassword(credentials: AuthCredentials, refreshToken: string): Promise<AuthUserToken> {
+    if (!credentials.newPassword) {
+      throw new Error('New password is required');
+    }
+    return this.performChangePassword(
+      credentials.username,
+      credentials.password,
+      credentials.newPassword,
+      refreshToken,
+    );
+  }
+
+  public async logout(refreshToken: string): Promise<boolean> {
+    // Implementation if needed, currently just returning true
+    return true;
+  }
+}

package/src/auth/index.ts

@@ -0,0 +1,6 @@
+export * from './authHelpers';
+export * from './authClient';
+export * from './authClientDirect';
+export * from './authClientProxy';
+export * from './authService';
+export * from './authServiceClient';