npm - @gh-platform/auth-sdk - Versions diffs - 1.0.0 - Mend

@gh-platform/auth-sdk 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/.gitlab-ci.yml ADDED Viewed

@@ -0,0 +1,22 @@
+stages:
+  - build
+  - publish
+build_package:
+  stage: build
+  image: node:20
+  script:
+    - npm ci --include=dev
+    - npm run build
+  artifacts:
+    paths:
+      - dist/
+publish_to_registry:
+  stage: publish
+  image: node:20
+  script:
+    - echo "//gitlab.com/api/v4/projects/${CI_PROJECT_ID}/packages/npm/:_authToken=${NPM_TOKEN}" > .npmrc
+    - npm publish
+  only:
+    - tags

package/README.md ADDED Viewed

@@ -0,0 +1,180 @@
+# 🛡️ GH Platform – JavaScript Auth SDK (Multi‑Tenant Version)
+SDK JavaScript hỗ trợ đăng nhập (**login**), làm mới token (**refresh**), kiểm tra token (**introspect**),
+và tự động xác thực request HTTP trong kiến trúc **multi‑tenant** của GH Platform.
+---
+## 🚀 Tính năng chính
+- ✅ Hỗ trợ **login**, **refresh**, **introspect**
+- ✅ **Tenant‑aware client**: mọi API tự động gắn `{tenant}` vào URL
+- ✅ Middleware **AuthFetch** tự động gắn Bearer token + auto refresh
+- ✅ Hoạt động cả **browser** & **Node.js**
+- ✅ Hỗ trợ nhúng trực tiếp (`auth-sdk.min.js`) hoặc cài qua **npm**
+---
+## 🧱 Kiến trúc Multi‑Tenant
+Mọi API của GH Platform Authenticate đều sử dụng dạng:
+```
+/api/v1/{tenant}/auth/login
+/api/v1/{tenant}/auth/refresh
+/api/v1/{tenant}/auth/introspect
+```
+JavaScript SDK tự động truyền tenant trong mọi request.
+### ✳️ Khởi tạo client theo tenant
+```js
+const tenant = "demo"; // hoặc trích xuất từ email: alice@example.com → example.com
+const client = new AuthClient({
+  baseUrl: "https://auth.example.com",
+  tenant
+});
+const storage = new TokenStorage("auth", tenant);
+const fetcher = new AuthFetch(client, storage);
+```
+### 📌 TokenStorage cũng tách token theo tenant
+```js
+// Lưu token theo từng tenant
+storage.accessToken = res.access_token;
+storage.refreshToken = res.refresh_token;
+// Key lưu trong localStorage sẽ giống:
+// auth.demo.access_token
+// auth.demo.refresh_token
+```
+---
+## 📦 Cài đặt
+### 🔹 Cách 1 – Cài qua NPM
+```bash
+npm install @gh-platform/auth-sdk
+```
+Import:
+```js
+import { AuthClient, AuthFetch, TokenStorage } from "@gh-platform/auth-sdk";
+```
+---
+### 🔹 Cách 2 – Dùng trực tiếp trên Web (HTML thuần)
+```html
+<script src="https://cdn.yourdomain.com/auth-sdk.min.js"></script>
+<script>
+  const { AuthClient, AuthFetch, TokenStorage } = window.AuthSDK;
+</script>
+```
+---
+## 🔐 Ví dụ Multi‑Tenant Login
+```js
+const tenant = "example";
+const client = new AuthClient({
+  baseUrl: "https://auth.example.com",
+  tenant
+});
+async function login() {
+  const res = await client.login(
+    "alice@example.com", // identifier
+    "User@123",          // password
+    "gh-platform-admin"  // client_id
+  );
+  storage.accessToken = res.access_token;
+  storage.refreshToken = res.refresh_token;
+  console.log("Login success!", res);
+}
+```
+---
+## 🌐 Fetch API với AuthFetch (auto refresh + retry)
+```js
+const fetcher = new AuthFetch(client, storage);
+const resp = await fetcher.fetch(
+  client.baseUrl + "/api/v1/" + tenant + "/auth/me"
+);
+const user = await resp.json();
+console.log("User:", user);
+```
+Tự động:
+- Gắn `Authorization: Bearer <access_token>`
+- Nếu token hết hạn → tự refresh → retry request
+- Lưu token đúng tenant
+---
+## 🔧 Build hướng dẫn
+```bash
+npm install vite terser -D
+npm run build
+npx terser dist/auth-sdk.umd.js -o dist/auth-sdk.min.js --compress --mangle
+```
+---
+## 🌐 Demo HTML
+```html
+<!DOCTYPE html>
+<html>
+<head><title>Auth SDK Demo</title></head>
+<body>
+  <button id="login">Login</button>
+  <button id="getUser">Get Profile</button>
+  <script src="./dist/auth-sdk.min.js"></script>
+  <script>
+    const tenant = "demo";
+    const { AuthClient, TokenStorage, AuthFetch } = window.AuthSDK;
+    const client = new AuthClient({ baseUrl: "https://auth.example.com", tenant });
+    const storage = new TokenStorage("auth", tenant);
+    const fetcher = new AuthFetch(client, storage);
+    document.getElementById("login").onclick = async () => {
+      const res = await client.login("alice@example.com", "User@123", "gh-platform-admin");
+      storage.accessToken = res.access_token;
+      storage.refreshToken = res.refresh_token;
+      alert("Login success!");
+    };
+    document.getElementById("getUser").onclick = async () => {
+      const r = await fetcher.fetch(client.baseUrl + "/api/v1/" + tenant + "/auth/me");
+      console.log("User:", await r.json());
+    };
+  </script>
+</body>
+</html>
+```
+---
+## 🧾 License
+Bản quyền © 2025 **GH Platform** – Phát hành theo giấy phép **MIT**

package/dist/auth-sdk.es.js ADDED Viewed

@@ -0,0 +1,239 @@
+class AuthClient {
+  /**
+   * options:
+   *  - baseUrl (required) e.g. "https://auth.example.com"
+   *  - tenant (optional) e.g. "demo" -> will target /api/v1/{tenant}/auth/*
+   *  - loginPath / refreshPath / introspectPath (optional overrides)
+   *  - headers (optional)
+   */
+  constructor({
+    baseUrl,
+    tenant = null,
+    loginPath = null,
+    refreshPath = null,
+    introspectPath = null,
+    headers = {},
+    storage = null
+    // <-- thêm storage vào constructor
+  }) {
+    if (!baseUrl) throw new Error("baseUrl is required");
+    this.baseUrl = baseUrl.replace(/\/$/, "");
+    const prefix = tenant ? `/api/v1/${tenant}/auth` : `/api/v1/auth`;
+    this.loginUrl = this.baseUrl + (loginPath || `${prefix}/login`);
+    this.refreshUrl = this.baseUrl + (refreshPath || `${prefix}/refresh`);
+    this.introspectUrl = this.baseUrl + (introspectPath || `${prefix}/me`);
+    this.tenant = tenant;
+    this.headers = { "Content-Type": "application/json", ...headers };
+    this.storage = storage;
+  }
+  /**
+   * Login payload uses identifier + password  (+ optional totp)
+   * extra is optional object for backward-compat or extra fields
+   */
+  async login(identifier, password, totp = null, extra = {}) {
+    const body = {
+      identifier,
+      password,
+      ...extra
+    };
+    if (totp) body.totp = totp;
+    const res = await fetch(this.loginUrl, {
+      method: "POST",
+      headers: this.headers,
+      body: JSON.stringify(body)
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => res.statusText);
+      throw new Error(`Login failed: ${res.status} ${text}`);
+    }
+    let json;
+    try {
+      json = await res.json();
+    } catch (e) {
+      console.error("❌ JSON parse error:", e);
+      throw new Error("Invalid JSON response from server");
+    }
+    const data = json.data || json;
+    if (this.storage) {
+      if (data.access_token) this.storage.accessToken = data.access_token;
+      if (data.refresh_token) this.storage.refreshToken = data.refresh_token;
+    }
+    return json;
+  }
+  async refresh(refreshToken) {
+    const res = await fetch(this.refreshUrl, {
+      method: "POST",
+      headers: this.headers,
+      body: JSON.stringify({ refresh_token: refreshToken })
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => res.statusText);
+      throw new Error(`Refresh failed: ${res.status} ${text}`);
+    }
+    let json;
+    try {
+      json = await res.json();
+    } catch (e) {
+      console.error("❌ JSON parse error:", e);
+      throw new Error("Invalid JSON response from server");
+    }
+    const data = json.data || json;
+    if (this.storage) {
+      if (data.access_token) this.storage.accessToken = data.access_token;
+      if (data.refresh_token) this.storage.refreshToken = data.refresh_token;
+    }
+    return json;
+  }
+  async introspect(token = null) {
+    let finalToken = token;
+    if (this.storage && !finalToken) {
+      finalToken = this.storage.accessToken;
+    }
+    if (!finalToken) {
+      throw new Error("No access token available for introspection");
+    }
+    const headers = new Headers(this.headers);
+    headers.set("Authorization", `Bearer ${finalToken}`);
+    const res = await fetch(this.introspectUrl, {
+      method: "GET",
+      headers
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => res.statusText);
+      throw new Error(`Introspect failed: ${res.status} ${text}`);
+    }
+    let json;
+    try {
+      json = await res.json();
+    } catch (e) {
+      console.error("❌ JSON parse error:", e);
+      throw new Error("Invalid JSON response from server");
+    }
+    return json;
+  }
+}
+class TokenStorage {
+  /**
+   * prefix: base prefix (default "auth")
+   * tenant: optional tenant string -> final key = `${prefix}:${tenant}_access_token`
+   */
+  constructor(prefix = "auth", tenant = null) {
+    this.prefix = prefix;
+    this.tenant = tenant;
+  }
+  _key(name) {
+    return this.tenant ? `${this.prefix}:${this.tenant}_${name}` : `${this.prefix}_${name}`;
+  }
+  get accessToken() {
+    return localStorage.getItem(this._key("access_token"));
+  }
+  set accessToken(val) {
+    if (val === null || val === void 0) {
+      localStorage.removeItem(this._key("access_token"));
+    } else {
+      localStorage.setItem(this._key("access_token"), val);
+    }
+  }
+  get refreshToken() {
+    return localStorage.getItem(this._key("refresh_token"));
+  }
+  set refreshToken(val) {
+    if (val === null || val === void 0) {
+      localStorage.removeItem(this._key("refresh_token"));
+    } else {
+      localStorage.setItem(this._key("refresh_token"), val);
+    }
+  }
+  clear() {
+    localStorage.removeItem(this._key("access_token"));
+    localStorage.removeItem(this._key("refresh_token"));
+  }
+}
+class AuthFetch {
+  constructor(authClient, storage = null) {
+    this.client = authClient;
+    this.storage = storage || new TokenStorage("auth", authClient.tenant || null);
+  }
+  /**
+   * fetchWithProgress:
+   *  - input: URL
+   *  - options: fetch options
+   *  - onProgress: callback(percent, loaded, total)
+   */
+  async fetch(input, options = {}, onProgress = null) {
+    const token = this.storage.accessToken;
+    const headers = new Headers(options.headers || {});
+    if (token) headers.set("Authorization", `Bearer ${token}`);
+    if (options.method && options.method !== "GET" && options.body) {
+      return await this._xhrRequest(input, options, headers, onProgress);
+    }
+    return await this._fetchWithDownloadProgress(input, options, headers, onProgress);
+  }
+  // ------------------ DOWNLOAD PROGRESS ------------------
+  async _fetchWithDownloadProgress(input, options, headers, onProgress) {
+    let response = await fetch(input, { ...options, headers });
+    if (response.status === 401 && this.storage.refreshToken) {
+      try {
+        const newTokens = await this.client.refresh(this.storage.refreshToken);
+        if (newTokens.access_token) this.storage.accessToken = newTokens.access_token;
+        if (newTokens.refresh_token) this.storage.refreshToken = newTokens.refresh_token;
+        headers.set("Authorization", `Bearer ${this.storage.accessToken}`);
+        response = await fetch(input, { ...options, headers });
+      } catch {
+        this.storage.clear();
+        throw new Error("Unauthorized, please login again");
+      }
+    }
+    if (!onProgress || !response.body) return response;
+    const reader = response.body.getReader();
+    const contentLength = +response.headers.get("Content-Length") || 0;
+    let loaded = 0;
+    const chunks = [];
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      chunks.push(value);
+      loaded += value.length;
+      if (contentLength) {
+        const percent = Math.round(loaded / contentLength * 100);
+        onProgress(percent, loaded, contentLength);
+      } else {
+        onProgress(null, loaded, null);
+      }
+    }
+    const blob = new Blob(chunks);
+    return new Response(blob, response);
+  }
+  // ------------------ UPLOAD PROGRESS ------------------
+  _xhrRequest(url, options, headers, onProgress) {
+    return new Promise((resolve, reject) => {
+      const xhr = new XMLHttpRequest();
+      xhr.open(options.method || "POST", url, true);
+      for (const [k, v] of headers.entries()) {
+        xhr.setRequestHeader(k, v);
+      }
+      if (xhr.upload && onProgress) {
+        xhr.upload.onprogress = (e) => {
+          if (e.lengthComputable) {
+            const percent = Math.round(e.loaded / e.total * 100);
+            onProgress(percent, e.loaded, e.total);
+          } else {
+            onProgress(null, e.loaded, null);
+          }
+        };
+      }
+      xhr.onload = () => {
+        resolve(new Response(xhr.response, { status: xhr.status }));
+      };
+      xhr.onerror = () => reject(new Error("Network error"));
+      xhr.send(options.body);
+    });
+  }
+}
+const index = { AuthClient, AuthFetch, TokenStorage };
+export {
+  AuthClient,
+  AuthFetch,
+  TokenStorage,
+  index as default
+};

package/dist/auth-sdk.min.js ADDED Viewed

@@ -0,0 +1 @@

+ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).AuthSDK={})}(this,function(e){"use strict";class t{constructor({baseUrl:e,tenant:t=null,loginPath:s=null,refreshPath:r=null,introspectPath:o=null,headers:a={},storage:n=null}){if(!e)throw new Error("baseUrl is required");this.baseUrl=e.replace(/\/$/,"");const h=t?`/api/v1/${t}/auth`:"/api/v1/auth";this.loginUrl=this.baseUrl+(s||`${h}/login`),this.refreshUrl=this.baseUrl+(r||`${h}/refresh`),this.introspectUrl=this.baseUrl+(o||`${h}/me`),this.tenant=t,this.headers={"Content-Type":"application/json",...a},this.storage=n}async login(e,t,s=null,r={}){const o={identifier:e,password:t,...r};s&&(o.totp=s);const a=await fetch(this.loginUrl,{method:"POST",headers:this.headers,body:JSON.stringify(o)});if(!a.ok){const e=await a.text().catch(()=>a.statusText);throw new Error(`Login failed: ${a.status} ${e}`)}let n;try{n=await a.json()}catch(e){throw console.error("❌ JSON parse error:",e),new Error("Invalid JSON response from server")}const h=n.data||n;return this.storage&&(h.access_token&&(this.storage.accessToken=h.access_token),h.refresh_token&&(this.storage.refreshToken=h.refresh_token)),n}async refresh(e){const t=await fetch(this.refreshUrl,{method:"POST",headers:this.headers,body:JSON.stringify({refresh_token:e})});if(!t.ok){const e=await t.text().catch(()=>t.statusText);throw new Error(`Refresh failed: ${t.status} ${e}`)}let s;try{s=await t.json()}catch(e){throw console.error("❌ JSON parse error:",e),new Error("Invalid JSON response from server")}const r=s.data||s;return this.storage&&(r.access_token&&(this.storage.accessToken=r.access_token),r.refresh_token&&(this.storage.refreshToken=r.refresh_token)),s}async introspect(e=null){let t=e;if(this.storage&&!t&&(t=this.storage.accessToken),!t)throw new Error("No access token available for introspection");const s=new Headers(this.headers);s.set("Authorization",`Bearer ${t}`);const r=await fetch(this.introspectUrl,{method:"GET",headers:s});if(!r.ok){const e=await r.text().catch(()=>r.statusText);throw new Error(`Introspect failed: ${r.status} ${e}`)}let o;try{o=await r.json()}catch(e){throw console.error("❌ JSON parse error:",e),new Error("Invalid JSON response from server")}return o}}class s{constructor(e="auth",t=null){this.prefix=e,this.tenant=t}_key(e){return this.tenant?`${this.prefix}:${this.tenant}_${e}`:`${this.prefix}_${e}`}get accessToken(){return localStorage.getItem(this._key("access_token"))}set accessToken(e){null==e?localStorage.removeItem(this._key("access_token")):localStorage.setItem(this._key("access_token"),e)}get refreshToken(){return localStorage.getItem(this._key("refresh_token"))}set refreshToken(e){null==e?localStorage.removeItem(this._key("refresh_token")):localStorage.setItem(this._key("refresh_token"),e)}clear(){localStorage.removeItem(this._key("access_token")),localStorage.removeItem(this._key("refresh_token"))}}class r{constructor(e,t=null){this.client=e,this.storage=t||new s("auth",e.tenant||null)}async fetch(e,t={},s=null){const r=this.storage.accessToken,o=new Headers(t.headers||{});return r&&o.set("Authorization",`Bearer ${r}`),t.method&&"GET"!==t.method&&t.body?await this._xhrRequest(e,t,o,s):await this._fetchWithDownloadProgress(e,t,o,s)}async _fetchWithDownloadProgress(e,t,s,r){let o=await fetch(e,{...t,headers:s});if(401===o.status&&this.storage.refreshToken)try{const r=await this.client.refresh(this.storage.refreshToken);r.access_token&&(this.storage.accessToken=r.access_token),r.refresh_token&&(this.storage.refreshToken=r.refresh_token),s.set("Authorization",`Bearer ${this.storage.accessToken}`),o=await fetch(e,{...t,headers:s})}catch{throw this.storage.clear(),new Error("Unauthorized, please login again")}if(!r||!o.body)return o;const a=o.body.getReader(),n=+o.headers.get("Content-Length")||0;let h=0;const i=[];for(;;){const{done:e,value:t}=await a.read();if(e)break;i.push(t),h+=t.length,n?r(Math.round(h/n*100),h,n):r(null,h,null)}const c=new Blob(i);return new Response(c,o)}_xhrRequest(e,t,s,r){return new Promise((o,a)=>{const n=new XMLHttpRequest;n.open(t.method||"POST",e,!0);for(const[e,t]of s.entries())n.setRequestHeader(e,t);n.upload&&r&&(n.upload.onprogress=e=>{if(e.lengthComputable){const t=Math.round(e.loaded/e.total*100);r(t,e.loaded,e.total)}else r(null,e.loaded,null)}),n.onload=()=>{o(new Response(n.response,{status:n.status}))},n.onerror=()=>a(new Error("Network error")),n.send(t.body)})}}const o={AuthClient:t,AuthFetch:r,TokenStorage:s};e.AuthClient=t,e.AuthFetch=r,e.TokenStorage=s,e.default=o,Object.defineProperties(e,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}})});

package/dist/auth-sdk.umd.js ADDED Viewed

@@ -0,0 +1 @@

+ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).AuthSDK={})}(this,function(e){"use strict";class t{constructor({baseUrl:e,tenant:t=null,loginPath:s=null,refreshPath:r=null,introspectPath:o=null,headers:a={},storage:n=null}){if(!e)throw new Error("baseUrl is required");this.baseUrl=e.replace(/\/$/,"");const h=t?`/api/v1/${t}/auth`:"/api/v1/auth";this.loginUrl=this.baseUrl+(s||`${h}/login`),this.refreshUrl=this.baseUrl+(r||`${h}/refresh`),this.introspectUrl=this.baseUrl+(o||`${h}/me`),this.tenant=t,this.headers={"Content-Type":"application/json",...a},this.storage=n}async login(e,t,s=null,r={}){const o={identifier:e,password:t,...r};s&&(o.totp=s);const a=await fetch(this.loginUrl,{method:"POST",headers:this.headers,body:JSON.stringify(o)});if(!a.ok){const e=await a.text().catch(()=>a.statusText);throw new Error(`Login failed: ${a.status} ${e}`)}let n;try{n=await a.json()}catch(i){throw console.error("❌ JSON parse error:",i),new Error("Invalid JSON response from server")}const h=n.data||n;return this.storage&&(h.access_token&&(this.storage.accessToken=h.access_token),h.refresh_token&&(this.storage.refreshToken=h.refresh_token)),n}async refresh(e){const t=await fetch(this.refreshUrl,{method:"POST",headers:this.headers,body:JSON.stringify({refresh_token:e})});if(!t.ok){const e=await t.text().catch(()=>t.statusText);throw new Error(`Refresh failed: ${t.status} ${e}`)}let s;try{s=await t.json()}catch(o){throw console.error("❌ JSON parse error:",o),new Error("Invalid JSON response from server")}const r=s.data||s;return this.storage&&(r.access_token&&(this.storage.accessToken=r.access_token),r.refresh_token&&(this.storage.refreshToken=r.refresh_token)),s}async introspect(e=null){let t=e;if(this.storage&&!t&&(t=this.storage.accessToken),!t)throw new Error("No access token available for introspection");const s=new Headers(this.headers);s.set("Authorization",`Bearer ${t}`);const r=await fetch(this.introspectUrl,{method:"GET",headers:s});if(!r.ok){const e=await r.text().catch(()=>r.statusText);throw new Error(`Introspect failed: ${r.status} ${e}`)}let o;try{o=await r.json()}catch(a){throw console.error("❌ JSON parse error:",a),new Error("Invalid JSON response from server")}return o}}class s{constructor(e="auth",t=null){this.prefix=e,this.tenant=t}_key(e){return this.tenant?`${this.prefix}:${this.tenant}_${e}`:`${this.prefix}_${e}`}get accessToken(){return localStorage.getItem(this._key("access_token"))}set accessToken(e){null==e?localStorage.removeItem(this._key("access_token")):localStorage.setItem(this._key("access_token"),e)}get refreshToken(){return localStorage.getItem(this._key("refresh_token"))}set refreshToken(e){null==e?localStorage.removeItem(this._key("refresh_token")):localStorage.setItem(this._key("refresh_token"),e)}clear(){localStorage.removeItem(this._key("access_token")),localStorage.removeItem(this._key("refresh_token"))}}class r{constructor(e,t=null){this.client=e,this.storage=t||new s("auth",e.tenant||null)}async fetch(e,t={},s=null){const r=this.storage.accessToken,o=new Headers(t.headers||{});return r&&o.set("Authorization",`Bearer ${r}`),t.method&&"GET"!==t.method&&t.body?await this._xhrRequest(e,t,o,s):await this._fetchWithDownloadProgress(e,t,o,s)}async _fetchWithDownloadProgress(e,t,s,r){let o=await fetch(e,{...t,headers:s});if(401===o.status&&this.storage.refreshToken)try{const r=await this.client.refresh(this.storage.refreshToken);r.access_token&&(this.storage.accessToken=r.access_token),r.refresh_token&&(this.storage.refreshToken=r.refresh_token),s.set("Authorization",`Bearer ${this.storage.accessToken}`),o=await fetch(e,{...t,headers:s})}catch{throw this.storage.clear(),new Error("Unauthorized, please login again")}if(!r||!o.body)return o;const a=o.body.getReader(),n=+o.headers.get("Content-Length")||0;let h=0;const i=[];for(;;){const{done:e,value:t}=await a.read();if(e)break;if(i.push(t),h+=t.length,n){r(Math.round(h/n*100),h,n)}else r(null,h,null)}const c=new Blob(i);return new Response(c,o)}_xhrRequest(e,t,s,r){return new Promise((o,a)=>{const n=new XMLHttpRequest;n.open(t.method||"POST",e,!0);for(const[e,t]of s.entries())n.setRequestHeader(e,t);n.upload&&r&&(n.upload.onprogress=e=>{if(e.lengthComputable){const t=Math.round(e.loaded/e.total*100);r(t,e.loaded,e.total)}else r(null,e.loaded,null)}),n.onload=()=>{o(new Response(n.response,{status:n.status}))},n.onerror=()=>a(new Error("Network error")),n.send(t.body)})}}const o={AuthClient:t,AuthFetch:r,TokenStorage:s};e.AuthClient=t,e.AuthFetch=r,e.TokenStorage=s,e.default=o,Object.defineProperties(e,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}})});

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,93 @@
+export interface AuthClientOptions {
+    baseUrl: string;
+    tenant?: string | null;
+    loginPath?: string;
+    refreshPath?: string;
+    introspectPath?: string;
+    headers?: Record<string, string>;
+    storage?: TokenStorage | null;
+}
+/** Callback báo tiến trình (upload hoặc download) */
+export type ProgressCallback = (
+    percent: number | null,  // % (nếu biết), null nếu không xác định total
+    loaded: number,          // số bytes đã tải
+    total: number | null     // tổng bytes (nếu biết)
+) => void;
+export interface TokenData {
+    access_token: string;
+    refresh_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_expires_at: string;
+    message?: string;
+    [key: string]: any;
+}
+export interface AuthResponse {
+    status: string;      // "success" | "error"
+    code: number;        // HTTP-like status code
+    message: string;
+    data: TokenData;
+}
+export class TokenStorage {
+    constructor(prefix?: string, tenant?: string | null);
+    readonly prefix: string;
+    readonly tenant: string | null;
+    get accessToken(): string | null;
+    set accessToken(value: string | null);
+    get refreshToken(): string | null;
+    set refreshToken(value: string | null);
+    clear(): void;
+}
+export class AuthClient {
+    constructor(options: AuthClientOptions);
+    baseUrl: string;
+    tenant: string | null;
+    headers: Record<string, string>;
+    storage: TokenStorage | null;
+    login(
+        identifier: string,
+        password: string,
+        clientId?: string | null,
+        extra?: Record<string, any>
+    ): Promise<AuthResponse>;
+    refresh(refreshToken: string): Promise<AuthResponse>;
+    introspect(token?: string | null): Promise<AuthResponse>;
+}
+export class AuthFetch {
+    constructor(authClient: AuthClient, storage?: TokenStorage);
+    /**
+     * fetch wrapper — hỗ trợ:
+     *  - auto attach Bearer token
+     *  - auto refresh token on 401
+     *  - upload progress (XHR)
+     *  - download progress (Fetch streaming)
+     */
+    fetch(
+        input: RequestInfo | URL,
+        init?: RequestInit,
+        onProgress?: ProgressCallback
+    ): Promise<Response>;
+}
+declare const _default: {
+    AuthClient: typeof AuthClient;
+    AuthFetch: typeof AuthFetch;
+    TokenStorage: typeof TokenStorage;
+};
+export default _default;

package/package.json ADDED Viewed

@@ -0,0 +1,23 @@
+{
+    "name": "@gh-platform/auth-sdk",
+    "version": "1.0.0",
+    "description": "VanillaJS Auth SDK for GH Platform",
+    "type": "module",
+    "main": "dist/auth-sdk.umd.js",
+    "module": "dist/auth-sdk.es.js",
+    "types": "dist/index.d.ts",
+    "exports": {
+        ".": {
+            "types": "./dist/index.d.ts",
+            "import": "./dist/auth-sdk.es.js",
+            "require": "./dist/auth-sdk.umd.js"
+        }
+    },
+    "scripts": {
+        "build": "vite build && cp src/index.d.ts dist/index.d.ts && terser dist/auth-sdk.umd.js -o dist/auth-sdk.min.js --compress --mangle"
+    },
+    "devDependencies": {
+        "vite": "^5.0.0",
+        "terser": "^5.20.0"
+    }
+}

package/src/client.js ADDED Viewed

@@ -0,0 +1,140 @@
+// src/client.js
+export default class AuthClient {
+    /**
+     * options:
+     *  - baseUrl (required) e.g. "https://auth.example.com"
+     *  - tenant (optional) e.g. "demo" -> will target /api/v1/{tenant}/auth/*
+     *  - loginPath / refreshPath / introspectPath (optional overrides)
+     *  - headers (optional)
+     */
+    constructor({
+        baseUrl,
+        tenant = null,
+        loginPath = null,
+        refreshPath = null,
+        introspectPath = null,
+        headers = {},
+        storage = null, // <-- thêm storage vào constructor
+    }) {
+        if (!baseUrl) throw new Error("baseUrl is required");
+        this.baseUrl = baseUrl.replace(/\/$/, "");
+        // default path builder: tenant-aware
+        const prefix = tenant ? `/api/v1/${tenant}/auth` : `/api/v1/auth`;
+        this.loginUrl = this.baseUrl + (loginPath || `${prefix}/login`);
+        this.refreshUrl = this.baseUrl + (refreshPath || `${prefix}/refresh`);
+        this.introspectUrl = this.baseUrl + (introspectPath || `${prefix}/me`);
+        this.tenant = tenant; // keep for storage prefix
+        this.headers = { "Content-Type": "application/json", ...headers };
+        this.storage = storage;  // <-- store storage instance
+    }
+    /**
+     * Login payload uses identifier + password  (+ optional totp)
+     * extra is optional object for backward-compat or extra fields
+     */
+    async login(identifier, password, totp = null, extra = {}) {
+        const body = {
+            identifier,
+            password,
+            ...extra,
+        };
+        if (totp) body.totp = totp;
+        const res = await fetch(this.loginUrl, {
+            method: "POST",
+            headers: this.headers,
+            body: JSON.stringify(body),
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => res.statusText);
+            throw new Error(`Login failed: ${res.status} ${text}`);
+        }
+        let json; // 👈 MUST DECLARE
+        try {
+            json = await res.json();
+        } catch (e) {
+            console.error("❌ JSON parse error:", e);
+            throw new Error("Invalid JSON response from server");
+        }
+        // -----------------------------
+        // 🔥 Auto-save tokens
+        // -----------------------------
+        const data = json.data || json;
+        if (this.storage) {
+            if (data.access_token) this.storage.accessToken = data.access_token;
+            if (data.refresh_token) this.storage.refreshToken = data.refresh_token;
+        }
+        return json;
+    }
+    async refresh(refreshToken) {
+        const res = await fetch(this.refreshUrl, {
+            method: "POST",
+            headers: this.headers,
+            body: JSON.stringify({ refresh_token: refreshToken }),
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => res.statusText);
+            throw new Error(`Refresh failed: ${res.status} ${text}`);
+        }
+        let json; // 👈 MUST DECLARE
+        try {
+            json = await res.json();
+        } catch (e) {
+            console.error("❌ JSON parse error:", e);
+            throw new Error("Invalid JSON response from server");
+        }
+        const data = json.data || json;
+        // -----------------------------
+        // 🔥 Auto-save refreshed tokens
+        // -----------------------------
+        if (this.storage) {
+            if (data.access_token) this.storage.accessToken = data.access_token;
+            if (data.refresh_token) this.storage.refreshToken = data.refresh_token;
+        }
+        return json;
+    }
+    async introspect(token = null) {
+        // -----------------------------
+        // 🔥 Auto-get token from storage
+        // -----------------------------
+        let finalToken = token;
+        if (this.storage && !finalToken) {
+            finalToken = this.storage.accessToken;
+        }
+        if (!finalToken) {
+            throw new Error("No access token available for introspection");
+        }
+        const headers = new Headers(this.headers);
+        headers.set("Authorization", `Bearer ${finalToken}`);
+        const res = await fetch(this.introspectUrl, {
+            method: "GET",
+            headers: headers,
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => res.statusText);
+            throw new Error(`Introspect failed: ${res.status} ${text}`);
+        }
+        let json; // 👈 MUST DECLARE
+        try {
+            json = await res.json();
+        } catch (e) {
+            console.error("❌ JSON parse error:", e);
+            throw new Error("Invalid JSON response from server");
+        }
+        return json;
+    }
+}

package/src/index.d.ts ADDED Viewed

@@ -0,0 +1,93 @@
+export interface AuthClientOptions {
+    baseUrl: string;
+    tenant?: string | null;
+    loginPath?: string;
+    refreshPath?: string;
+    introspectPath?: string;
+    headers?: Record<string, string>;
+    storage?: TokenStorage | null;
+}
+/** Callback báo tiến trình (upload hoặc download) */
+export type ProgressCallback = (
+    percent: number | null,  // % (nếu biết), null nếu không xác định total
+    loaded: number,          // số bytes đã tải
+    total: number | null     // tổng bytes (nếu biết)
+) => void;
+export interface TokenData {
+    access_token: string;
+    refresh_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_expires_at: string;
+    message?: string;
+    [key: string]: any;
+}
+export interface AuthResponse {
+    status: string;      // "success" | "error"
+    code: number;        // HTTP-like status code
+    message: string;
+    data: TokenData;
+}
+export class TokenStorage {
+    constructor(prefix?: string, tenant?: string | null);
+    readonly prefix: string;
+    readonly tenant: string | null;
+    get accessToken(): string | null;
+    set accessToken(value: string | null);
+    get refreshToken(): string | null;
+    set refreshToken(value: string | null);
+    clear(): void;
+}
+export class AuthClient {
+    constructor(options: AuthClientOptions);
+    baseUrl: string;
+    tenant: string | null;
+    headers: Record<string, string>;
+    storage: TokenStorage | null;
+    login(
+        identifier: string,
+        password: string,
+        clientId?: string | null,
+        extra?: Record<string, any>
+    ): Promise<AuthResponse>;
+    refresh(refreshToken: string): Promise<AuthResponse>;
+    introspect(token?: string | null): Promise<AuthResponse>;
+}
+export class AuthFetch {
+    constructor(authClient: AuthClient, storage?: TokenStorage);
+    /**
+     * fetch wrapper — hỗ trợ:
+     *  - auto attach Bearer token
+     *  - auto refresh token on 401
+     *  - upload progress (XHR)
+     *  - download progress (Fetch streaming)
+     */
+    fetch(
+        input: RequestInfo | URL,
+        init?: RequestInit,
+        onProgress?: ProgressCallback
+    ): Promise<Response>;
+}
+declare const _default: {
+    AuthClient: typeof AuthClient;
+    AuthFetch: typeof AuthFetch;
+    TokenStorage: typeof TokenStorage;
+};
+export default _default;

package/src/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+// src/index.js
+import AuthClient from "./client.js";
+import { AuthFetch } from "./middleware.js";
+import { TokenStorage } from "./storage.js";
+export { AuthClient, AuthFetch, TokenStorage };
+export default { AuthClient, AuthFetch, TokenStorage };

package/src/middleware.js ADDED Viewed

@@ -0,0 +1,110 @@
+// src/middleware.js
+import { TokenStorage } from "./storage.js";
+export class AuthFetch {
+    constructor(authClient, storage = null) {
+        this.client = authClient;
+        this.storage = storage || new TokenStorage("auth", authClient.tenant || null);
+    }
+    /**
+     * fetchWithProgress:
+     *  - input: URL
+     *  - options: fetch options
+     *  - onProgress: callback(percent, loaded, total)
+     */
+    async fetch(input, options = {}, onProgress = null) {
+        const token = this.storage.accessToken;
+        const headers = new Headers(options.headers || {});
+        if (token) headers.set("Authorization", `Bearer ${token}`);
+        // Nếu có body → dùng XHR để GET progress upload
+        if (options.method && options.method !== "GET" && options.body) {
+            return await this._xhrRequest(input, options, headers, onProgress);
+        }
+        // GET/STREAM → dùng fetch
+        return await this._fetchWithDownloadProgress(input, options, headers, onProgress);
+    }
+    // ------------------ DOWNLOAD PROGRESS ------------------
+    async _fetchWithDownloadProgress(input, options, headers, onProgress) {
+        let response = await fetch(input, { ...options, headers });
+        // Handle 401 refresh
+        if (response.status === 401 && this.storage.refreshToken) {
+            try {
+                const newTokens = await this.client.refresh(this.storage.refreshToken);
+                if (newTokens.access_token) this.storage.accessToken = newTokens.access_token;
+                if (newTokens.refresh_token) this.storage.refreshToken = newTokens.refresh_token;
+                headers.set("Authorization", `Bearer ${this.storage.accessToken}`);
+                response = await fetch(input, { ...options, headers });
+            } catch {
+                this.storage.clear();
+                throw new Error("Unauthorized, please login again");
+            }
+        }
+        // Nếu không cần track progress
+        if (!onProgress || !response.body) return response;
+        // Stream reader
+        const reader = response.body.getReader();
+        const contentLength = +response.headers.get("Content-Length") || 0;
+        let loaded = 0;
+        const chunks = [];
+        while (true) {
+            const { done, value } = await reader.read();
+            if (done) break;
+            chunks.push(value);
+            loaded += value.length;
+            if (contentLength) {
+                const percent = Math.round((loaded / contentLength) * 100);
+                onProgress(percent, loaded, contentLength);
+            } else {
+                onProgress(null, loaded, null); // không biết tổng → chỉ báo loaded
+            }
+        }
+        const blob = new Blob(chunks);
+        return new Response(blob, response);
+    }
+    // ------------------ UPLOAD PROGRESS ------------------
+    _xhrRequest(url, options, headers, onProgress) {
+        return new Promise((resolve, reject) => {
+            const xhr = new XMLHttpRequest();
+            xhr.open(options.method || "POST", url, true);
+            // set headers
+            for (const [k, v] of headers.entries()) {
+                xhr.setRequestHeader(k, v);
+            }
+            // Upload progress
+            if (xhr.upload && onProgress) {
+                xhr.upload.onprogress = (e) => {
+                    if (e.lengthComputable) {
+                        const percent = Math.round((e.loaded / e.total) * 100);
+                        onProgress(percent, e.loaded, e.total);
+                    } else {
+                        onProgress(null, e.loaded, null);
+                    }
+                };
+            }
+            xhr.onload = () => {
+                resolve(new Response(xhr.response, { status: xhr.status }));
+            };
+            xhr.onerror = () => reject(new Error("Network error"));
+            xhr.send(options.body);
+        });
+    }
+}
+export default AuthFetch;

package/src/storage.js ADDED Viewed

@@ -0,0 +1,43 @@
+// src/storage.js
+export class TokenStorage {
+    /**
+     * prefix: base prefix (default "auth")
+     * tenant: optional tenant string -> final key = `${prefix}:${tenant}_access_token`
+     */
+    constructor(prefix = "auth", tenant = null) {
+        this.prefix = prefix;
+        this.tenant = tenant;
+    }
+    _key(name) {
+        // include tenant to isolate tokens between tenants if provided
+        return this.tenant ? `${this.prefix}:${this.tenant}_${name}` : `${this.prefix}_${name}`;
+    }
+    get accessToken() {
+        return localStorage.getItem(this._key("access_token"));
+    }
+    set accessToken(val) {
+        if (val === null || val === undefined) {
+            localStorage.removeItem(this._key("access_token"));
+        } else {
+            localStorage.setItem(this._key("access_token"), val);
+        }
+    }
+    get refreshToken() {
+        return localStorage.getItem(this._key("refresh_token"));
+    }
+    set refreshToken(val) {
+        if (val === null || val === undefined) {
+            localStorage.removeItem(this._key("refresh_token"));
+        } else {
+            localStorage.setItem(this._key("refresh_token"), val);
+        }
+    }
+    clear() {
+        localStorage.removeItem(this._key("access_token"));
+        localStorage.removeItem(this._key("refresh_token"));
+    }
+}

package/vite.config.js ADDED Viewed

@@ -0,0 +1,19 @@
+import { defineConfig } from "vite";
+export default defineConfig({
+    build: {
+        lib: {
+            entry: "src/index.js",
+            name: "AuthSDK",                // window.AuthSDK.*
+            fileName: (format) => `auth-sdk.${format}.js`,
+            formats: ["es", "umd"],
+        },
+        rollupOptions: {
+            output: {
+                exports: "named",
+            },
+        },
+        minify: "terser",
+        outDir: "dist",
+    },
+});