npm - @ghostly-solutions/auth - Versions diffs - 0.1.1 → 0.2.2 - Mend

@ghostly-solutions/auth 0.1.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/LICENSE +13 -0
package/README.md +200 -71
package/dist/{auth-client-CAHMjodm.d.ts → auth-client-Cdkp07ii.d.ts} +14 -6
package/dist/{auth-sdk-error-DKM7PyKC.d.ts → auth-sdk-error-D3gsfK9d.d.ts} +0 -3
package/dist/extension.d.ts +49 -0
package/dist/extension.js +634 -0
package/dist/extension.js.map +1 -0
package/dist/index.d.ts +13 -19
package/dist/index.js +106 -119
package/dist/index.js.map +1 -1
package/dist/next.d.ts +4 -27
package/dist/next.js +125 -383
package/dist/next.js.map +1 -1
package/dist/react.d.ts +4 -20
package/dist/react.js +129 -176
package/dist/react.js.map +1 -1
package/docs/api-reference.md +66 -89
package/docs/architecture.md +28 -46
package/docs/development-and-ci.md +15 -19
package/docs/index.md +1 -15
package/docs/integration-guide.md +54 -80
package/docs/overview.md +27 -28
package/package.json +15 -2

package/dist/extension.js ADDED Viewed

@@ -0,0 +1,634 @@
+// src/constants/auth-endpoints.ts
+var authApiPrefix = "/oauth";
+var authEndpoints = {
+  authorize: `${authApiPrefix}/authorize`,
+  extensionToken: `${authApiPrefix}/extension/token`,
+  session: `${authApiPrefix}/session`,
+  refresh: `${authApiPrefix}/refresh`,
+  logout: `${authApiPrefix}/logout`
+};
+// src/constants/http-status.ts
+var httpStatus = {
+  ok: 200,
+  noContent: 204,
+  unauthorized: 401
+};
+// src/errors/auth-sdk-error.ts
+var AuthSdkError = class extends Error {
+  code;
+  details;
+  status;
+  constructor(payload) {
+    super(payload.message);
+    this.name = "AuthSdkError";
+    this.code = payload.code;
+    this.details = payload.details;
+    this.status = payload.status;
+  }
+};
+// src/types/auth-error-code.ts
+var authErrorCode = {
+  unauthorized: "unauthorized",
+  networkError: "network_error",
+  apiError: "api_error",
+  broadcastChannelUnsupported: "broadcast_channel_unsupported"};
+// src/core/api-origin.ts
+var slash = "/";
+function normalizeApiOrigin(apiOrigin) {
+  const trimmed = apiOrigin.trim();
+  if (!trimmed) {
+    throw new AuthSdkError({
+      code: authErrorCode.apiError,
+      details: null,
+      message: "Auth API origin must be a non-empty absolute URL.",
+      status: null
+    });
+  }
+  let parsed;
+  try {
+    parsed = new URL(trimmed);
+  } catch (error) {
+    throw new AuthSdkError({
+      code: authErrorCode.apiError,
+      details: error,
+      message: "Auth API origin must be a valid absolute URL.",
+      status: null
+    });
+  }
+  if (parsed.pathname !== slash || parsed.search || parsed.hash) {
+    throw new AuthSdkError({
+      code: authErrorCode.apiError,
+      details: null,
+      message: "Auth API origin must not include path, query, or hash.",
+      status: null
+    });
+  }
+  return parsed.origin;
+}
+function resolveApiEndpoint(path, apiOrigin) {
+  if (!apiOrigin) {
+    return path;
+  }
+  return `${normalizeApiOrigin(apiOrigin)}${path}`;
+}
+// src/constants/auth-keys.ts
+var authBroadcast = {
+  channelName: "ghostly-auth-channel",
+  sessionUpdatedEvent: "session-updated"
+};
+var authRoutes = {
+  root: "/"
+};
+// src/core/object-guards.ts
+function isObjectRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function isStringValue(value) {
+  return typeof value === "string";
+}
+// src/core/session-parser.ts
+function isStringArray(value) {
+  return Array.isArray(value) && value.every((entry) => isStringValue(entry));
+}
+function isGhostlySession(value) {
+  if (!isObjectRecord(value)) {
+    return false;
+  }
+  return isStringValue(value.id) && isStringValue(value.username) && (value.firstName === null || isStringValue(value.firstName)) && (value.lastName === null || isStringValue(value.lastName)) && isStringValue(value.email) && isStringValue(value.role) && isStringArray(value.permissions);
+}
+// src/core/broadcast-sync.ts
+function isSessionUpdatedMessage(value) {
+  if (!isObjectRecord(value)) {
+    return false;
+  }
+  if (!isStringValue(value.type)) {
+    return false;
+  }
+  if (value.type !== authBroadcast.sessionUpdatedEvent) {
+    return false;
+  }
+  return value.session === null || isGhostlySession(value.session);
+}
+function createUnsupportedBroadcastChannelError() {
+  return new AuthSdkError({
+    code: authErrorCode.broadcastChannelUnsupported,
+    details: null,
+    message: "BroadcastChannel is unavailable in this runtime.",
+    status: null
+  });
+}
+function createBroadcastSync(options) {
+  if (typeof BroadcastChannel === "undefined") {
+    throw createUnsupportedBroadcastChannelError();
+  }
+  const channel = new BroadcastChannel(authBroadcast.channelName);
+  const onMessage = (event) => {
+    const messageEvent = event;
+    if (!isSessionUpdatedMessage(messageEvent.data)) {
+      return;
+    }
+    options.onSessionUpdated(messageEvent.data.session);
+  };
+  channel.addEventListener("message", onMessage);
+  return {
+    close() {
+      channel.removeEventListener("message", onMessage);
+      channel.close();
+    },
+    publishSession(session) {
+      const payload = {
+        session,
+        type: authBroadcast.sessionUpdatedEvent
+      };
+      channel.postMessage(payload);
+    }
+  };
+}
+// src/core/runtime.ts
+var browserRuntimeErrorMessage = "Browser runtime is required for this auth operation.";
+function isBrowserRuntime() {
+  return typeof window !== "undefined";
+}
+function assertBrowserRuntime() {
+  if (isBrowserRuntime()) {
+    return;
+  }
+  throw new AuthSdkError({
+    code: authErrorCode.apiError,
+    details: null,
+    message: browserRuntimeErrorMessage,
+    status: null
+  });
+}
+// src/core/return-to-storage.ts
+function sanitizeReturnTo(value) {
+  if (!value) {
+    return authRoutes.root;
+  }
+  if (!value.startsWith(authRoutes.root)) {
+    return authRoutes.root;
+  }
+  const protocolRelativePrefix = "//";
+  if (value.startsWith(protocolRelativePrefix)) {
+    return authRoutes.root;
+  }
+  return value;
+}
+function getCurrentBrowserPath() {
+  return `${window.location.pathname}${window.location.search}${window.location.hash}`;
+}
+function resolveReturnToPath(returnTo) {
+  assertBrowserRuntime();
+  const fallbackPath = getCurrentBrowserPath();
+  return sanitizeReturnTo(returnTo ?? fallbackPath);
+}
+// src/core/session-store.ts
+var SessionStore = class {
+  listeners = /* @__PURE__ */ new Set();
+  resolvedSession = null;
+  resolveState = "pending";
+  getSessionIfResolved() {
+    if (this.resolveState === "pending") {
+      return null;
+    }
+    return this.resolvedSession;
+  }
+  hasResolvedSession() {
+    return this.resolveState === "resolved";
+  }
+  setSession(session) {
+    this.resolveState = "resolved";
+    this.resolvedSession = session;
+    for (const listener of this.listeners) {
+      listener(session);
+    }
+  }
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+};
+// src/adapters/extension/auth-client.ts
+var extensionSessionHeader = "X-Ghostly-Session-Id";
+var includeCredentials = "include";
+var noStoreCache = "no-store";
+var tokenFreshnessLeewayMs = 6e4;
+function createNoopBroadcastSync() {
+  return {
+    close() {
+    },
+    publishSession() {
+    }
+  };
+}
+function createSafeBroadcastSync(onSessionUpdated) {
+  try {
+    return createBroadcastSync({
+      onSessionUpdated
+    });
+  } catch (error) {
+    if (error instanceof AuthSdkError && error.code === authErrorCode.broadcastChannelUnsupported) {
+      return createNoopBroadcastSync();
+    }
+    throw error;
+  }
+}
+function buildApiErrorMessage(method, path) {
+  return `Auth API request failed: ${method} ${path}`;
+}
+function buildNetworkErrorMessage(method, path) {
+  return `Auth API network failure: ${method} ${path}`;
+}
+function createInvalidSessionPayloadError(path) {
+  return new AuthSdkError({
+    code: authErrorCode.apiError,
+    details: null,
+    message: `Auth API response has invalid session shape: ${path}`,
+    status: null
+  });
+}
+function toInitResult(session) {
+  return {
+    session,
+    status: session ? "authenticated" : "unauthenticated"
+  };
+}
+function parseSessionPayload(payload, path) {
+  if (payload === null) {
+    return null;
+  }
+  if (!isGhostlySession(payload)) {
+    throw createInvalidSessionPayloadError(path);
+  }
+  return payload;
+}
+function isExtensionAccessToken(value) {
+  if (!isObjectRecord(value)) {
+    return false;
+  }
+  return isStringValue(value.accessToken) && isStringValue(value.application) && (value.expiresAt === null || isStringValue(value.expiresAt)) && (value.session === null || isGhostlySession(value.session)) && isStringValue(value.tokenType);
+}
+function isStoredTokenFresh(token) {
+  if (!token || !token.accessToken.trim()) {
+    return false;
+  }
+  if (!token.expiresAt) {
+    return true;
+  }
+  const expiresAt = Date.parse(token.expiresAt);
+  if (Number.isNaN(expiresAt)) {
+    return false;
+  }
+  return expiresAt - Date.now() > tokenFreshnessLeewayMs;
+}
+function buildAuthorizeUrl(apiOrigin, returnTo, application) {
+  const authorizeEndpoint = resolveApiEndpoint(authEndpoints.authorize, apiOrigin);
+  const authorizeUrl = new URL(authorizeEndpoint, window.location.origin);
+  authorizeUrl.searchParams.set("return_to", returnTo);
+  if (application?.trim()) {
+    authorizeUrl.searchParams.set("app", application.trim());
+  }
+  return authorizeUrl.toString();
+}
+function parseErrorPayload(payload) {
+  if (!isObjectRecord(payload)) {
+    return {
+      details: null,
+      message: null
+    };
+  }
+  return {
+    details: "details" in payload ? payload.details : null,
+    message: isStringValue(payload.message) ? payload.message : isStringValue(payload.error) ? payload.error : null
+  };
+}
+function createRequest(options) {
+  const resolveEndpoint = (path) => resolveApiEndpoint(path, options.apiOrigin);
+  return async function request(requestOptions) {
+    const expectedStatus = requestOptions.expectedStatus ?? httpStatus.ok;
+    const headers = new Headers();
+    const sessionId = (await options.resolveSessionId?.())?.trim() || "";
+    if (sessionId) {
+      headers.set(extensionSessionHeader, sessionId);
+    }
+    let response;
+    try {
+      response = await fetch(resolveEndpoint(requestOptions.path), {
+        cache: noStoreCache,
+        credentials: includeCredentials,
+        headers,
+        method: requestOptions.method
+      });
+    } catch (error) {
+      throw new AuthSdkError({
+        code: authErrorCode.networkError,
+        details: error,
+        message: buildNetworkErrorMessage(requestOptions.method, requestOptions.path),
+        status: null
+      });
+    }
+    if (response.status !== expectedStatus) {
+      let parsedPayload = null;
+      try {
+        parsedPayload = await response.json();
+      } catch {
+        parsedPayload = null;
+      }
+      const parsed = parseErrorPayload(parsedPayload);
+      throw new AuthSdkError({
+        code: response.status === httpStatus.unauthorized ? authErrorCode.unauthorized : authErrorCode.apiError,
+        details: parsed.details,
+        message: parsed.message ?? buildApiErrorMessage(requestOptions.method, requestOptions.path),
+        status: response.status
+      });
+    }
+    if (response.status === httpStatus.noContent) {
+      return null;
+    }
+    return await response.json();
+  };
+}
+function createLoadSession(request) {
+  return async () => {
+    const payload = await request({
+      method: "GET",
+      path: authEndpoints.session
+    });
+    return parseSessionPayload(payload, authEndpoints.session);
+  };
+}
+function createInit(sessionStore, loadSession, publishSession) {
+  let initPromise = null;
+  return async (initOptions) => {
+    const forceRefresh = initOptions?.forceRefresh ?? false;
+    if (sessionStore.hasResolvedSession() && !forceRefresh) {
+      return toInitResult(sessionStore.getSessionIfResolved());
+    }
+    if (initPromise) {
+      return initPromise;
+    }
+    initPromise = (async () => {
+      const session = await loadSession();
+      sessionStore.setSession(session);
+      publishSession(session);
+      return toInitResult(session);
+    })();
+    try {
+      return await initPromise;
+    } finally {
+      initPromise = null;
+    }
+  };
+}
+function createRefresh(request, sessionStore, publishSession) {
+  return async () => {
+    const payload = await request({
+      method: "POST",
+      path: authEndpoints.refresh
+    });
+    const session = parseSessionPayload(payload, authEndpoints.refresh);
+    sessionStore.setSession(session);
+    publishSession(session);
+    return session;
+  };
+}
+function createGetAccessToken(request, sessionStore, publishSession, persistAccessToken, restoreAccessToken) {
+  return async (requestOptions) => {
+    const forceRefresh = requestOptions?.forceRefresh ?? false;
+    const stored = await restoreAccessToken?.() ?? null;
+    if (!forceRefresh && isStoredTokenFresh(stored)) {
+      if (stored.session) {
+        sessionStore.setSession(stored.session);
+      }
+      return stored;
+    }
+    const payload = await request({
+      method: "GET",
+      path: authEndpoints.extensionToken
+    });
+    if (!isExtensionAccessToken(payload)) {
+      throw new AuthSdkError({
+        code: authErrorCode.apiError,
+        details: null,
+        message: `Auth API response has invalid extension token shape: ${authEndpoints.extensionToken}`,
+        status: null
+      });
+    }
+    const nextToken = {
+      accessToken: payload.accessToken,
+      application: payload.application,
+      expiresAt: payload.expiresAt,
+      session: payload.session,
+      tokenType: payload.tokenType
+    };
+    sessionStore.setSession(nextToken.session);
+    publishSession(nextToken.session);
+    await persistAccessToken?.(nextToken);
+    return nextToken;
+  };
+}
+function createLogout(request, sessionStore, publishSession, options) {
+  return async () => {
+    await request({
+      expectedStatus: httpStatus.noContent,
+      method: "POST",
+      path: authEndpoints.logout
+    });
+    await options.clearSessionId?.();
+    sessionStore.setSession(null);
+    publishSession(null);
+    await options.persistAccessToken?.(null);
+  };
+}
+function createExtensionAuthClient(options) {
+  const sessionStore = new SessionStore();
+  const broadcastSync = createSafeBroadcastSync((session) => {
+    sessionStore.setSession(session);
+  });
+  const publishSession = broadcastSync.publishSession.bind(broadcastSync);
+  const request = createRequest(options);
+  const loadSession = createLoadSession(request);
+  const init = createInit(sessionStore, loadSession, publishSession);
+  const refresh = createRefresh(request, sessionStore, publishSession);
+  const getAccessToken = createGetAccessToken(
+    request,
+    sessionStore,
+    publishSession,
+    options.persistAccessToken,
+    options.restoreAccessToken
+  );
+  const logout = createLogout(request, sessionStore, publishSession, options);
+  const getSession = async (requestOptions) => {
+    const result = await init({
+      forceRefresh: requestOptions?.forceRefresh ?? false
+    });
+    return result.session;
+  };
+  const requireSession = async () => {
+    const session = await getSession();
+    if (session) {
+      return session;
+    }
+    throw new AuthSdkError({
+      code: authErrorCode.unauthorized,
+      details: null,
+      message: "Authenticated session is required.",
+      status: httpStatus.unauthorized
+    });
+  };
+  const loginWithTabFlow = async (loginOptions) => {
+    if (!options.openAuthorizePage) {
+      throw new Error("Extension auth client requires openAuthorizePage for tab login flow.");
+    }
+    const returnTo = resolveReturnToPath(loginOptions?.returnTo);
+    const authorizeUrl = buildAuthorizeUrl(
+      options.apiOrigin,
+      returnTo,
+      loginOptions?.application ?? options.application
+    );
+    await options.openAuthorizePage({
+      authorizeUrl
+    });
+  };
+  const loginWithWebAuthFlow = async (loginOptions) => {
+    if (!options.launchWebAuthFlow) {
+      throw new Error("Extension auth client requires launchWebAuthFlow for web auth flow.");
+    }
+    const returnTo = resolveReturnToPath(loginOptions?.returnTo);
+    const authorizeUrl = buildAuthorizeUrl(
+      options.apiOrigin,
+      returnTo,
+      loginOptions?.application ?? options.application
+    );
+    await options.launchWebAuthFlow({
+      authorizeUrl
+    });
+    await refresh();
+  };
+  return {
+    init,
+    getSession,
+    login(loginOptions) {
+      if (options.openAuthorizePage) {
+        void loginWithTabFlow(loginOptions);
+        return;
+      }
+      void loginWithWebAuthFlow(loginOptions);
+    },
+    logout,
+    refresh,
+    requireSession,
+    subscribe(listener) {
+      return sessionStore.subscribe(listener);
+    },
+    getAccessToken,
+    loginWithTabFlow,
+    loginWithWebAuthFlow
+  };
+}
+// src/adapters/extension/chrome-auth-client.ts
+var defaultSessionCookieName = "gs_auth_session";
+var defaultAccessTokenStorageKey = "authToken";
+var defaultTokenExpiresAtStorageKey = "authTokenExpiresAt";
+var defaultSessionStorageKey = "authSession";
+function getChromeRuntime() {
+  return globalThis.chrome ?? {};
+}
+function createChromeExtensionAuthClient(options) {
+  const sessionCookieName = options.sessionCookieName?.trim() || defaultSessionCookieName;
+  const accessTokenStorageKey = options.accessTokenStorageKey?.trim() || defaultAccessTokenStorageKey;
+  const tokenExpiresAtStorageKey = options.tokenExpiresAtStorageKey?.trim() || defaultTokenExpiresAtStorageKey;
+  const sessionStorageKey = options.sessionStorageKey?.trim() || defaultSessionStorageKey;
+  const resolveSessionId = async () => {
+    const cookies = getChromeRuntime().cookies;
+    if (!cookies) {
+      return null;
+    }
+    const cookie = await cookies.get({
+      name: sessionCookieName,
+      url: `${options.apiOrigin}/`
+    });
+    return cookie?.value?.trim() || null;
+  };
+  const clearSessionId = async () => {
+    const cookies = getChromeRuntime().cookies;
+    if (!cookies) {
+      return;
+    }
+    await cookies.remove({
+      name: sessionCookieName,
+      url: `${options.apiOrigin}/`
+    });
+  };
+  const persistAccessToken = async (token) => {
+    const storage = getChromeRuntime().storage?.local;
+    if (!storage) {
+      return;
+    }
+    if (!token) {
+      await storage.remove([accessTokenStorageKey, tokenExpiresAtStorageKey, sessionStorageKey]);
+      return;
+    }
+    await storage.set({
+      [accessTokenStorageKey]: token.accessToken,
+      [tokenExpiresAtStorageKey]: token.expiresAt || null,
+      [sessionStorageKey]: token.session || null
+    });
+  };
+  const restoreAccessToken = async () => {
+    const storage = getChromeRuntime().storage?.local;
+    if (!storage) {
+      return null;
+    }
+    const stored = await storage.get([
+      accessTokenStorageKey,
+      tokenExpiresAtStorageKey,
+      sessionStorageKey
+    ]);
+    const rawAccessToken = stored[accessTokenStorageKey];
+    if (typeof rawAccessToken !== "string" || rawAccessToken.trim() === "") {
+      return null;
+    }
+    return {
+      accessToken: rawAccessToken,
+      application: options.application?.trim() || "",
+      expiresAt: typeof stored[tokenExpiresAtStorageKey] === "string" ? stored[tokenExpiresAtStorageKey] : null,
+      session: stored[sessionStorageKey] ?? null,
+      tokenType: "Bearer"
+    };
+  };
+  const openAuthorizePage = async ({ authorizeUrl }) => {
+    const tabs = getChromeRuntime().tabs;
+    if (!tabs) {
+      throw new Error("Chrome tabs API is unavailable.");
+    }
+    await tabs.create({ active: true, url: authorizeUrl });
+  };
+  return createExtensionAuthClient({
+    ...options,
+    clearSessionId,
+    openAuthorizePage,
+    persistAccessToken,
+    resolveSessionId,
+    restoreAccessToken
+  });
+}
+export { createChromeExtensionAuthClient, createExtensionAuthClient };
+//# sourceMappingURL=extension.js.map
+//# sourceMappingURL=extension.js.map