@ghostly-solutions/auth 0.1.0

package/dist/react.js

@@ -0,0 +1,681 @@
+import { createContext, useMemo, useState, useEffect, useCallback, useContext } from 'react';
+import { jsx, Fragment } from 'react/jsx-runtime';
+
+// src/adapters/react/auth-callback-handler.tsx
+
+// src/constants/auth-endpoints.ts
+var authApiPrefix = "/v1/auth";
+var authEndpoints = {
+  loginStart: `${authApiPrefix}/keycloak/login`,
+  validateKeycloakToken: `${authApiPrefix}/keycloak/validate`,
+  session: `${authApiPrefix}/me`,
+  logout: `${authApiPrefix}/logout`
+};
+
+// src/constants/http-status.ts
+var httpStatus = {
+  ok: 200,
+  noContent: 204,
+  badRequest: 400,
+  unauthorized: 401
+};
+
+// src/errors/auth-sdk-error.ts
+var AuthSdkError = class extends Error {
+  code;
+  details;
+  status;
+  constructor(payload) {
+    super(payload.message);
+    this.name = "AuthSdkError";
+    this.code = payload.code;
+    this.details = payload.details;
+    this.status = payload.status;
+  }
+};
+
+// src/types/auth-error-code.ts
+var authErrorCode = {
+  callbackMissingToken: "callback_missing_token",
+  callbackInvalidToken: "callback_invalid_token",
+  callbackValidationFailed: "callback_validation_failed",
+  unauthorized: "unauthorized",
+  networkError: "network_error",
+  apiError: "api_error",
+  broadcastChannelUnsupported: "broadcast_channel_unsupported"};
+
+// src/constants/auth-keys.ts
+var authQueryKeys = {
+  token: "token"
+};
+var authStorageKeys = {
+  returnTo: "ghostly-auth:return-to"
+};
+var authBroadcast = {
+  channelName: "ghostly-auth-channel",
+  sessionUpdatedEvent: "session-updated"
+};
+var authRoutes = {
+  root: "/"};
+
+// src/core/object-guards.ts
+function isObjectRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function isStringValue(value) {
+  return typeof value === "string";
+}
+
+// src/core/session-parser.ts
+function isStringArray(value) {
+  return Array.isArray(value) && value.every((entry) => isStringValue(entry));
+}
+function isGhostlySession(value) {
+  if (!isObjectRecord(value)) {
+    return false;
+  }
+  return isStringValue(value.id) && isStringValue(value.username) && (value.firstName === null || isStringValue(value.firstName)) && (value.lastName === null || isStringValue(value.lastName)) && isStringValue(value.email) && isStringValue(value.role) && isStringArray(value.permissions);
+}
+
+// src/core/broadcast-sync.ts
+function isSessionUpdatedMessage(value) {
+  if (!isObjectRecord(value)) {
+    return false;
+  }
+  if (!isStringValue(value.type)) {
+    return false;
+  }
+  if (value.type !== authBroadcast.sessionUpdatedEvent) {
+    return false;
+  }
+  return value.session === null || isGhostlySession(value.session);
+}
+function createUnsupportedBroadcastChannelError() {
+  return new AuthSdkError({
+    code: authErrorCode.broadcastChannelUnsupported,
+    details: null,
+    message: "BroadcastChannel is unavailable in this runtime.",
+    status: null
+  });
+}
+function createBroadcastSync(options) {
+  if (typeof BroadcastChannel === "undefined") {
+    throw createUnsupportedBroadcastChannelError();
+  }
+  const channel = new BroadcastChannel(authBroadcast.channelName);
+  const onMessage = (event) => {
+    const messageEvent = event;
+    if (!isSessionUpdatedMessage(messageEvent.data)) {
+      return;
+    }
+    options.onSessionUpdated(messageEvent.data.session);
+  };
+  channel.addEventListener("message", onMessage);
+  return {
+    close() {
+      channel.removeEventListener("message", onMessage);
+      channel.close();
+    },
+    publishSession(session) {
+      const payload = {
+        session,
+        type: authBroadcast.sessionUpdatedEvent
+      };
+      channel.postMessage(payload);
+    }
+  };
+}
+
+// src/core/callback-url.ts
+function readCallbackToken(url) {
+  return url.searchParams.get(authQueryKeys.token);
+}
+function removeCallbackToken(url) {
+  const nextUrl = new URL(url.toString());
+  nextUrl.searchParams.delete(authQueryKeys.token);
+  return nextUrl;
+}
+function replaceBrowserHistory(url) {
+  window.history.replaceState(null, "", url.toString());
+}
+
+// src/core/http-client.ts
+var jsonContentType = "application/json";
+var jsonHeaderName = "content-type";
+var includeCredentials = "include";
+var noStoreCache = "no-store";
+function toTypedValue(value) {
+  return value;
+}
+function mapHttpStatusToAuthErrorCode(status) {
+  if (status === httpStatus.unauthorized) {
+    return authErrorCode.unauthorized;
+  }
+  return authErrorCode.apiError;
+}
+async function parseJsonPayload(response) {
+  try {
+    return await response.json();
+  } catch {
+    return null;
+  }
+}
+async function parseErrorPayload(response) {
+  const payload = await parseJsonPayload(response);
+  if (!isObjectRecord(payload)) {
+    return {
+      code: null,
+      details: null,
+      message: null
+    };
+  }
+  const maybeCode = payload.code;
+  const maybeMessage = payload.message;
+  return {
+    code: isStringValue(maybeCode) ? maybeCode : null,
+    details: "details" in payload ? payload.details : null,
+    message: isStringValue(maybeMessage) ? maybeMessage : null
+  };
+}
+function buildApiErrorMessage(method, path) {
+  return `Auth API request failed: ${method} ${path}`;
+}
+function buildNetworkErrorMessage(method, path) {
+  return `Auth API network failure: ${method} ${path}`;
+}
+async function request(options) {
+  const expectedStatus = options.expectedStatus ?? httpStatus.ok;
+  const headers = new Headers();
+  const hasBody = typeof options.body !== "undefined";
+  if (hasBody) {
+    headers.set(jsonHeaderName, jsonContentType);
+  }
+  const requestInit = {
+    cache: noStoreCache,
+    credentials: includeCredentials,
+    headers,
+    method: options.method
+  };
+  if (hasBody) {
+    requestInit.body = JSON.stringify(options.body);
+  }
+  let response;
+  try {
+    response = await fetch(options.path, requestInit);
+  } catch (error) {
+    throw new AuthSdkError({
+      code: authErrorCode.networkError,
+      details: error,
+      message: buildNetworkErrorMessage(options.method, options.path),
+      status: null
+    });
+  }
+  if (response.status !== expectedStatus) {
+    const parsed = await parseErrorPayload(response);
+    throw new AuthSdkError({
+      code: mapHttpStatusToAuthErrorCode(response.status),
+      details: {
+        apiCode: parsed.code,
+        apiDetails: parsed.details
+      },
+      message: parsed.message ?? buildApiErrorMessage(options.method, options.path),
+      status: response.status
+    });
+  }
+  if (response.status === httpStatus.noContent) {
+    return toTypedValue(null);
+  }
+  const payload = await parseJsonPayload(response);
+  return toTypedValue(payload);
+}
+function getJson(path) {
+  return request({
+    method: "GET",
+    path
+  });
+}
+function postJson(path, body) {
+  return request({
+    body,
+    method: "POST",
+    path
+  });
+}
+function postEmpty(path) {
+  return request({
+    expectedStatus: httpStatus.noContent,
+    method: "POST",
+    path
+  });
+}
+
+// src/core/runtime.ts
+var browserRuntimeErrorMessage = "Browser runtime is required for this auth operation.";
+function isBrowserRuntime() {
+  return typeof window !== "undefined";
+}
+function assertBrowserRuntime() {
+  if (isBrowserRuntime()) {
+    return;
+  }
+  throw new AuthSdkError({
+    code: authErrorCode.apiError,
+    details: null,
+    message: browserRuntimeErrorMessage,
+    status: null
+  });
+}
+
+// src/core/return-to-storage.ts
+function sanitizeReturnTo(value) {
+  if (!value) {
+    return authRoutes.root;
+  }
+  if (!value.startsWith(authRoutes.root)) {
+    return authRoutes.root;
+  }
+  const protocolRelativePrefix = "//";
+  if (value.startsWith(protocolRelativePrefix)) {
+    return authRoutes.root;
+  }
+  return value;
+}
+function getCurrentBrowserPath() {
+  return `${window.location.pathname}${window.location.search}${window.location.hash}`;
+}
+function saveReturnToPath(returnTo) {
+  assertBrowserRuntime();
+  const fallbackPath = getCurrentBrowserPath();
+  const sanitized = sanitizeReturnTo(returnTo ?? fallbackPath);
+  window.sessionStorage.setItem(authStorageKeys.returnTo, sanitized);
+  return sanitized;
+}
+function consumeReturnToPath() {
+  assertBrowserRuntime();
+  const value = window.sessionStorage.getItem(authStorageKeys.returnTo);
+  window.sessionStorage.removeItem(authStorageKeys.returnTo);
+  return sanitizeReturnTo(value);
+}
+
+// src/core/session-store.ts
+var SessionStore = class {
+  listeners = /* @__PURE__ */ new Set();
+  resolvedSession = null;
+  resolveState = "pending";
+  getSessionIfResolved() {
+    if (this.resolveState === "pending") {
+      return null;
+    }
+    return this.resolvedSession;
+  }
+  hasResolvedSession() {
+    return this.resolveState === "resolved";
+  }
+  setSession(session) {
+    this.resolveState = "resolved";
+    this.resolvedSession = session;
+    for (const listener of this.listeners) {
+      listener(session);
+    }
+  }
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+};
+
+// src/core/auth-client.ts
+function createPendingRedirectPromise() {
+  return new Promise(() => {
+  });
+}
+function createInvalidSessionPayloadError(path) {
+  return new AuthSdkError({
+    code: authErrorCode.apiError,
+    details: null,
+    message: `Auth API response has invalid session shape: ${path}`,
+    status: null
+  });
+}
+function toValidatedSession(payload, path) {
+  if (!isGhostlySession(payload)) {
+    throw createInvalidSessionPayloadError(path);
+  }
+  return payload;
+}
+function toCallbackFailure(error) {
+  if (error instanceof AuthSdkError) {
+    if (error.status === httpStatus.unauthorized) {
+      return new AuthSdkError({
+        code: authErrorCode.callbackInvalidToken,
+        details: error.details,
+        message: "Callback JWT is invalid or expired.",
+        status: error.status
+      });
+    }
+    return new AuthSdkError({
+      code: authErrorCode.callbackValidationFailed,
+      details: error.details,
+      message: "Keycloak callback validation failed.",
+      status: error.status
+    });
+  }
+  return new AuthSdkError({
+    code: authErrorCode.callbackValidationFailed,
+    details: error,
+    message: "Keycloak callback validation failed.",
+    status: null
+  });
+}
+function createNoopBroadcastSync() {
+  return {
+    close() {
+    },
+    publishSession() {
+    }
+  };
+}
+function createSafeBroadcastSync(onSessionUpdated) {
+  try {
+    return createBroadcastSync({
+      onSessionUpdated
+    });
+  } catch (error) {
+    if (error instanceof AuthSdkError && error.code === authErrorCode.broadcastChannelUnsupported) {
+      return createNoopBroadcastSync();
+    }
+    throw error;
+  }
+}
+async function fetchCurrentSessionFromApi() {
+  const payload = await getJson(authEndpoints.session);
+  if (payload === null) {
+    return null;
+  }
+  return toValidatedSession(payload, authEndpoints.session);
+}
+function createAuthClient() {
+  assertBrowserRuntime();
+  const sessionStore = new SessionStore();
+  const broadcastSync = createSafeBroadcastSync((session) => {
+    sessionStore.setSession(session);
+  });
+  const getSession = async (options) => {
+    const forceRefresh = options?.forceRefresh ?? false;
+    if (sessionStore.hasResolvedSession() && !forceRefresh) {
+      return sessionStore.getSessionIfResolved();
+    }
+    const session = await fetchCurrentSessionFromApi();
+    sessionStore.setSession(session);
+    broadcastSync.publishSession(session);
+    return session;
+  };
+  const requireSession = async () => {
+    const session = await getSession();
+    if (session) {
+      return session;
+    }
+    throw new AuthSdkError({
+      code: authErrorCode.unauthorized,
+      details: null,
+      message: "Authenticated session is required.",
+      status: httpStatus.unauthorized
+    });
+  };
+  const login = (options) => {
+    saveReturnToPath(options?.returnTo);
+    window.location.assign(authEndpoints.loginStart);
+  };
+  const processCallback = async () => {
+    const currentUrl = new URL(window.location.href);
+    const token = readCallbackToken(currentUrl);
+    if (!token) {
+      throw new AuthSdkError({
+        code: authErrorCode.callbackMissingToken,
+        details: null,
+        message: "Missing callback token query parameter.",
+        status: httpStatus.badRequest
+      });
+    }
+    const cleanedUrl = removeCallbackToken(currentUrl);
+    replaceBrowserHistory(cleanedUrl);
+    try {
+      const payload = await postJson(
+        authEndpoints.validateKeycloakToken,
+        { token }
+      );
+      const session = toValidatedSession(payload.session, authEndpoints.validateKeycloakToken);
+      sessionStore.setSession(session);
+      broadcastSync.publishSession(session);
+      return {
+        redirectTo: consumeReturnToPath(),
+        session
+      };
+    } catch (error) {
+      throw toCallbackFailure(error);
+    }
+  };
+  const completeCallbackRedirect = async () => {
+    const result = await processCallback();
+    window.location.replace(result.redirectTo);
+    return createPendingRedirectPromise();
+  };
+  const logout = async () => {
+    await postEmpty(authEndpoints.logout);
+    sessionStore.setSession(null);
+    broadcastSync.publishSession(null);
+  };
+  const subscribe = sessionStore.subscribe.bind(sessionStore);
+  return {
+    completeCallbackRedirect,
+    getSession,
+    login,
+    logout,
+    processCallback,
+    requireSession,
+    subscribe
+  };
+}
+function normalizeAuthError(error) {
+  if (error instanceof AuthSdkError) {
+    return error;
+  }
+  return new AuthSdkError({
+    code: "callback_validation_failed",
+    details: error,
+    message: "Auth callback redirect failed.",
+    status: null
+  });
+}
+function useAuthCallbackRedirect(options = {}) {
+  const client = useMemo(() => options.client ?? createAuthClient(), [options.client]);
+  const [error, setError] = useState(null);
+  useEffect(() => {
+    let isActive = true;
+    void client.completeCallbackRedirect().catch((caughtError) => {
+      if (!isActive) {
+        return;
+      }
+      setError(normalizeAuthError(caughtError));
+    });
+    return () => {
+      isActive = false;
+    };
+  }, [client]);
+  if (error) {
+    return {
+      error,
+      status: "failed"
+    };
+  }
+  return {
+    error: null,
+    status: "processing"
+  };
+}
+function AuthCallbackHandler(props) {
+  const state = useAuthCallbackRedirect({
+    client: props.client
+  });
+  if (state.status === "failed" && state.error) {
+    return props.renderError(state.error);
+  }
+  return /* @__PURE__ */ jsx(Fragment, { children: props.processing });
+}
+var AuthContext = createContext(null);
+var initialLoadingState = true;
+function toAuthError(error) {
+  if (error instanceof AuthSdkError) {
+    return error;
+  }
+  return new AuthSdkError({
+    code: "api_error",
+    details: error,
+    message: "Unexpected auth adapter error.",
+    status: null
+  });
+}
+function createDeferredAuthClient() {
+  let authClient = null;
+  const resolveClient = () => {
+    authClient ??= createAuthClient();
+    return authClient;
+  };
+  return {
+    completeCallbackRedirect() {
+      return resolveClient().completeCallbackRedirect();
+    },
+    getSession(options) {
+      return resolveClient().getSession(options);
+    },
+    login(options) {
+      resolveClient().login(options);
+    },
+    logout() {
+      return resolveClient().logout();
+    },
+    processCallback() {
+      return resolveClient().processCallback();
+    },
+    requireSession() {
+      return resolveClient().requireSession();
+    },
+    subscribe(listener) {
+      if (typeof window === "undefined") {
+        return () => {
+        };
+      }
+      return resolveClient().subscribe(listener);
+    }
+  };
+}
+function AuthProvider(props) {
+  const authClient = useMemo(() => props.client ?? createDeferredAuthClient(), [props.client]);
+  const [session, setSession] = useState(null);
+  const [error, setError] = useState(null);
+  const [isLoading, setIsLoading] = useState(initialLoadingState);
+  useEffect(() => {
+    let isActive = true;
+    const unsubscribe = authClient.subscribe((nextSession) => {
+      if (!isActive) {
+        return;
+      }
+      setSession(nextSession);
+      setIsLoading(false);
+    });
+    void authClient.getSession().then((nextSession) => {
+      if (!isActive) {
+        return;
+      }
+      setSession(nextSession);
+    }).catch((caughtError) => {
+      if (!isActive) {
+        return;
+      }
+      setError(toAuthError(caughtError));
+    }).finally(() => {
+      if (!isActive) {
+        return;
+      }
+      setIsLoading(false);
+    });
+    return () => {
+      isActive = false;
+      unsubscribe();
+    };
+  }, [authClient]);
+  const login = useCallback(
+    (options) => {
+      setError(null);
+      authClient.login(options);
+    },
+    [authClient]
+  );
+  const logout = useCallback(async () => {
+    setError(null);
+    try {
+      await authClient.logout();
+      setSession(null);
+    } catch (caughtError) {
+      const normalizedError = toAuthError(caughtError);
+      setError(normalizedError);
+      throw normalizedError;
+    }
+  }, [authClient]);
+  const refresh = useCallback(async () => {
+    setError(null);
+    try {
+      const nextSession = await authClient.getSession({ forceRefresh: true });
+      setSession(nextSession);
+      return nextSession;
+    } catch (caughtError) {
+      const normalizedError = toAuthError(caughtError);
+      setError(normalizedError);
+      throw normalizedError;
+    }
+  }, [authClient]);
+  const contextValue = useMemo(
+    () => ({
+      error,
+      isLoading,
+      login,
+      logout,
+      refresh,
+      session
+    }),
+    [error, isLoading, login, logout, refresh, session]
+  );
+  return /* @__PURE__ */ jsx(AuthContext.Provider, { value: contextValue, children: props.children });
+}
+var missingProviderErrorMessage = "useAuth must be used inside AuthProvider.";
+function useAuth() {
+  const context = useContext(AuthContext);
+  if (context) {
+    return context;
+  }
+  throw new Error(missingProviderErrorMessage);
+}
+function resolveUnauthorizedContent(input, props) {
+  if (typeof input === "function") {
+    return input(props);
+  }
+  return input;
+}
+function AuthSessionGate(props) {
+  const auth = useAuth();
+  if (auth.isLoading) {
+    return /* @__PURE__ */ jsx(Fragment, { children: props.loading ?? null });
+  }
+  if (!auth.session) {
+    return /* @__PURE__ */ jsx(Fragment, { children: resolveUnauthorizedContent(props.unauthorized, {
+      login: auth.login
+    }) });
+  }
+  return /* @__PURE__ */ jsx(Fragment, { children: props.authorized(auth.session) });
+}
+
+export { AuthCallbackHandler, AuthProvider, AuthSessionGate, useAuth, useAuthCallbackRedirect };
+//# sourceMappingURL=react.js.map
+//# sourceMappingURL=react.js.map