@hamak/auth 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (116) hide show
  1. package/README.md +366 -0
  2. package/dist/api/api/auth-service.d.ts +111 -0
  3. package/dist/api/api/auth-service.d.ts.map +1 -0
  4. package/dist/api/api/auth-service.js +5 -0
  5. package/dist/api/api/index.d.ts +2 -0
  6. package/dist/api/api/index.d.ts.map +1 -0
  7. package/dist/api/api/index.js +1 -0
  8. package/dist/api/index.d.ts +10 -0
  9. package/dist/api/index.d.ts.map +1 -0
  10. package/dist/api/index.js +12 -0
  11. package/dist/api/tokens/index.d.ts +2 -0
  12. package/dist/api/tokens/index.d.ts.map +1 -0
  13. package/dist/api/tokens/index.js +1 -0
  14. package/dist/api/tokens/service-tokens.d.ts +26 -0
  15. package/dist/api/tokens/service-tokens.d.ts.map +1 -0
  16. package/dist/api/tokens/service-tokens.js +25 -0
  17. package/dist/api/types/auth-result.d.ts +69 -0
  18. package/dist/api/types/auth-result.d.ts.map +1 -0
  19. package/dist/api/types/auth-result.js +5 -0
  20. package/dist/api/types/config.d.ts +130 -0
  21. package/dist/api/types/config.d.ts.map +1 -0
  22. package/dist/api/types/config.js +5 -0
  23. package/dist/api/types/credentials.d.ts +52 -0
  24. package/dist/api/types/credentials.d.ts.map +1 -0
  25. package/dist/api/types/credentials.js +5 -0
  26. package/dist/api/types/index.d.ts +5 -0
  27. package/dist/api/types/index.d.ts.map +1 -0
  28. package/dist/api/types/index.js +4 -0
  29. package/dist/api/types/user.d.ts +39 -0
  30. package/dist/api/types/user.d.ts.map +1 -0
  31. package/dist/api/types/user.js +5 -0
  32. package/dist/impl/index.d.ts +15 -0
  33. package/dist/impl/index.d.ts.map +1 -0
  34. package/dist/impl/index.js +21 -0
  35. package/dist/impl/plugin/auth-plugin-factory.d.ts +20 -0
  36. package/dist/impl/plugin/auth-plugin-factory.d.ts.map +1 -0
  37. package/dist/impl/plugin/auth-plugin-factory.js +226 -0
  38. package/dist/impl/plugin/index.d.ts +2 -0
  39. package/dist/impl/plugin/index.d.ts.map +1 -0
  40. package/dist/impl/plugin/index.js +1 -0
  41. package/dist/impl/services/AuthService.d.ts +44 -0
  42. package/dist/impl/services/AuthService.d.ts.map +1 -0
  43. package/dist/impl/services/AuthService.js +277 -0
  44. package/dist/impl/services/index.d.ts +2 -0
  45. package/dist/impl/services/index.d.ts.map +1 -0
  46. package/dist/impl/services/index.js +1 -0
  47. package/dist/impl/storage/LocalTokenStorage.d.ts +32 -0
  48. package/dist/impl/storage/LocalTokenStorage.d.ts.map +1 -0
  49. package/dist/impl/storage/LocalTokenStorage.js +148 -0
  50. package/dist/impl/storage/MemoryTokenStorage.d.ts +34 -0
  51. package/dist/impl/storage/MemoryTokenStorage.d.ts.map +1 -0
  52. package/dist/impl/storage/MemoryTokenStorage.js +91 -0
  53. package/dist/impl/storage/SessionTokenStorage.d.ts +33 -0
  54. package/dist/impl/storage/SessionTokenStorage.d.ts.map +1 -0
  55. package/dist/impl/storage/SessionTokenStorage.js +147 -0
  56. package/dist/impl/storage/index.d.ts +10 -0
  57. package/dist/impl/storage/index.d.ts.map +1 -0
  58. package/dist/impl/storage/index.js +26 -0
  59. package/dist/impl/store/auth-reducer.d.ts +135 -0
  60. package/dist/impl/store/auth-reducer.d.ts.map +1 -0
  61. package/dist/impl/store/auth-reducer.js +179 -0
  62. package/dist/impl/store/index.d.ts +2 -0
  63. package/dist/impl/store/index.d.ts.map +1 -0
  64. package/dist/impl/store/index.js +1 -0
  65. package/dist/impl/strategies/KeycloakStrategy.d.ts +42 -0
  66. package/dist/impl/strategies/KeycloakStrategy.d.ts.map +1 -0
  67. package/dist/impl/strategies/KeycloakStrategy.js +237 -0
  68. package/dist/impl/strategies/OAuth2Strategy.d.ts +30 -0
  69. package/dist/impl/strategies/OAuth2Strategy.d.ts.map +1 -0
  70. package/dist/impl/strategies/OAuth2Strategy.js +232 -0
  71. package/dist/impl/strategies/PasswordStrategy.d.ts +25 -0
  72. package/dist/impl/strategies/PasswordStrategy.d.ts.map +1 -0
  73. package/dist/impl/strategies/PasswordStrategy.js +159 -0
  74. package/dist/impl/strategies/StrategyRegistry.d.ts +24 -0
  75. package/dist/impl/strategies/StrategyRegistry.d.ts.map +1 -0
  76. package/dist/impl/strategies/StrategyRegistry.js +70 -0
  77. package/dist/impl/strategies/index.d.ts +5 -0
  78. package/dist/impl/strategies/index.d.ts.map +1 -0
  79. package/dist/impl/strategies/index.js +4 -0
  80. package/dist/impl/utils/index.d.ts +3 -0
  81. package/dist/impl/utils/index.d.ts.map +1 -0
  82. package/dist/impl/utils/index.js +2 -0
  83. package/dist/impl/utils/jwt.d.ts +81 -0
  84. package/dist/impl/utils/jwt.d.ts.map +1 -0
  85. package/dist/impl/utils/jwt.js +103 -0
  86. package/dist/impl/utils/pkce.d.ts +44 -0
  87. package/dist/impl/utils/pkce.d.ts.map +1 -0
  88. package/dist/impl/utils/pkce.js +93 -0
  89. package/dist/index.d.ts +12 -0
  90. package/dist/index.d.ts.map +1 -0
  91. package/dist/index.js +11 -0
  92. package/dist/spi/guards/AuthGuard.d.ts +108 -0
  93. package/dist/spi/guards/AuthGuard.d.ts.map +1 -0
  94. package/dist/spi/guards/AuthGuard.js +5 -0
  95. package/dist/spi/guards/index.d.ts +2 -0
  96. package/dist/spi/guards/index.d.ts.map +1 -0
  97. package/dist/spi/guards/index.js +1 -0
  98. package/dist/spi/index.d.ts +12 -0
  99. package/dist/spi/index.d.ts.map +1 -0
  100. package/dist/spi/index.js +15 -0
  101. package/dist/spi/storage/ITokenStorage.d.ts +107 -0
  102. package/dist/spi/storage/ITokenStorage.d.ts.map +1 -0
  103. package/dist/spi/storage/ITokenStorage.js +5 -0
  104. package/dist/spi/storage/index.d.ts +2 -0
  105. package/dist/spi/storage/index.d.ts.map +1 -0
  106. package/dist/spi/storage/index.js +1 -0
  107. package/dist/spi/strategies/IAuthStrategy.d.ts +114 -0
  108. package/dist/spi/strategies/IAuthStrategy.d.ts.map +1 -0
  109. package/dist/spi/strategies/IAuthStrategy.js +16 -0
  110. package/dist/spi/strategies/IStrategyRegistry.d.ts +64 -0
  111. package/dist/spi/strategies/IStrategyRegistry.d.ts.map +1 -0
  112. package/dist/spi/strategies/IStrategyRegistry.js +5 -0
  113. package/dist/spi/strategies/index.d.ts +3 -0
  114. package/dist/spi/strategies/index.d.ts.map +1 -0
  115. package/dist/spi/strategies/index.js +2 -0
  116. package/package.json +78 -0
@@ -0,0 +1,130 @@
1
+ /**
2
+ * Auth Configuration Types
3
+ * Configuration options for the auth system
4
+ */
5
+ /**
6
+ * Supported authentication strategy types
7
+ */
8
+ export type AuthStrategyType = 'password' | 'oauth2' | 'keycloak' | 'oidc' | 'custom';
9
+ /**
10
+ * Token storage options
11
+ */
12
+ export type TokenStorageType = 'localStorage' | 'sessionStorage' | 'memory' | 'cookie';
13
+ /**
14
+ * Password strategy configuration
15
+ */
16
+ export interface PasswordStrategyConfig {
17
+ /** Endpoint for login requests */
18
+ loginEndpoint: string;
19
+ /** Endpoint for token refresh */
20
+ refreshEndpoint: string;
21
+ /** Endpoint for logout */
22
+ logoutEndpoint: string;
23
+ /** Endpoint for user info (optional, if not in login response) */
24
+ userInfoEndpoint?: string;
25
+ /** Additional headers for auth requests */
26
+ headers?: Record<string, string>;
27
+ }
28
+ /**
29
+ * OAuth2 strategy configuration
30
+ */
31
+ export interface OAuth2StrategyConfig {
32
+ /** OAuth client ID */
33
+ clientId: string;
34
+ /** Client secret (only for server-side flows, not recommended for SPA) */
35
+ clientSecret?: string;
36
+ /** Authorization endpoint URL */
37
+ authorizationUrl: string;
38
+ /** Token endpoint URL */
39
+ tokenUrl: string;
40
+ /** User info endpoint URL */
41
+ userInfoUrl?: string;
42
+ /** Redirect URI after authorization */
43
+ redirectUri: string;
44
+ /** OAuth scopes to request */
45
+ scope: string[];
46
+ /** Whether to use PKCE (recommended for public clients) */
47
+ usePkce?: boolean;
48
+ /** Response type (default: 'code') */
49
+ responseType?: 'code' | 'token';
50
+ /** Additional authorization params */
51
+ additionalParams?: Record<string, string>;
52
+ }
53
+ /**
54
+ * Keycloak-specific configuration
55
+ */
56
+ export interface KeycloakStrategyConfig {
57
+ /** Keycloak realm name */
58
+ realm: string;
59
+ /** Keycloak server URL */
60
+ serverUrl: string;
61
+ /** Client ID in Keycloak */
62
+ clientId: string;
63
+ /** Redirect URI after login */
64
+ redirectUri: string;
65
+ /** OAuth scopes (defaults to ['openid', 'profile', 'email']) */
66
+ scope?: string[];
67
+ /** Whether to use PKCE (default: true) */
68
+ usePkce?: boolean;
69
+ /** Enable direct grant (password login) if allowed in Keycloak */
70
+ enableDirectGrant?: boolean;
71
+ /** Keycloak realm public key for token validation (optional) */
72
+ realmPublicKey?: string;
73
+ }
74
+ /**
75
+ * Auto-refresh configuration
76
+ */
77
+ export interface AutoRefreshConfig {
78
+ /** Enable auto-refresh of tokens */
79
+ enabled: boolean;
80
+ /** Time before expiry to trigger refresh (in ms, default: 60000) */
81
+ threshold?: number;
82
+ /** Interval to check for token expiry (in ms, default: 30000) */
83
+ checkInterval?: number;
84
+ }
85
+ /**
86
+ * Session configuration
87
+ */
88
+ export interface SessionConfig {
89
+ /** Session timeout in ms (for inactivity) */
90
+ timeout?: number;
91
+ /** Warn user before session expires (in ms before timeout) */
92
+ warnBefore?: number;
93
+ /** Extend session on activity */
94
+ extendOnActivity?: boolean;
95
+ }
96
+ /**
97
+ * Main auth plugin configuration
98
+ */
99
+ export interface AuthPluginConfig {
100
+ /** Primary authentication strategy */
101
+ strategy: AuthStrategyType;
102
+ /** Password strategy config (when strategy is 'password' or as fallback) */
103
+ password?: PasswordStrategyConfig;
104
+ /** OAuth2 strategy config */
105
+ oauth2?: OAuth2StrategyConfig;
106
+ /** Keycloak strategy config */
107
+ keycloak?: KeycloakStrategyConfig;
108
+ /** Token storage type (default: 'localStorage') */
109
+ tokenStorage?: TokenStorageType;
110
+ /** Storage key prefix (default: '@hamak/auth') */
111
+ storageKeyPrefix?: string;
112
+ /** Auto-refresh configuration */
113
+ autoRefresh?: AutoRefreshConfig;
114
+ /** Session configuration */
115
+ session?: SessionConfig;
116
+ /** Routes configuration */
117
+ routes?: {
118
+ /** Path to redirect to after login */
119
+ afterLogin?: string;
120
+ /** Path to redirect to after logout */
121
+ afterLogout?: string;
122
+ /** Login page path */
123
+ login?: string;
124
+ /** Unauthorized page path */
125
+ unauthorized?: string;
126
+ };
127
+ /** Enable debug logging */
128
+ debug?: boolean;
129
+ }
130
+ //# sourceMappingURL=config.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/api/types/config.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;AAEtF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,cAAc,GAAG,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEvF;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,kCAAkC;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IACxB,0BAA0B;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,kEAAkE;IAClE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2CAA2C;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,0EAA0E;IAC1E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,yBAAyB;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,8BAA8B;IAC9B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,2DAA2D;IAC3D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,sCAAsC;IACtC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IAChC,sCAAsC;IACtC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,0BAA0B;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,gEAAgE;IAChE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,kEAAkE;IAClE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,gEAAgE;IAChE,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,oEAAoE;IACpE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iEAAiE;IACjE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iCAAiC;IACjC,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sCAAsC;IACtC,QAAQ,EAAE,gBAAgB,CAAC;IAE3B,4EAA4E;IAC5E,QAAQ,CAAC,EAAE,sBAAsB,CAAC;IAElC,6BAA6B;IAC7B,MAAM,CAAC,EAAE,oBAAoB,CAAC;IAE9B,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,sBAAsB,CAAC;IAElC,mDAAmD;IACnD,YAAY,CAAC,EAAE,gBAAgB,CAAC;IAEhC,kDAAkD;IAClD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,iCAAiC;IACjC,WAAW,CAAC,EAAE,iBAAiB,CAAC;IAEhC,4BAA4B;IAC5B,OAAO,CAAC,EAAE,aAAa,CAAC;IAExB,2BAA2B;IAC3B,MAAM,CAAC,EAAE;QACP,sCAAsC;QACtC,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,uCAAuC;QACvC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,sBAAsB;QACtB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,6BAA6B;QAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;IAEF,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB"}
@@ -0,0 +1,5 @@
1
+ /**
2
+ * Auth Configuration Types
3
+ * Configuration options for the auth system
4
+ */
5
+ export {};
@@ -0,0 +1,52 @@
1
+ /**
2
+ * Credentials Types
3
+ * Types for various authentication credentials
4
+ */
5
+ /**
6
+ * Password-based login credentials
7
+ */
8
+ export interface PasswordCredentials {
9
+ type: 'password';
10
+ username: string;
11
+ password: string;
12
+ /** Optional remember me flag for persistent sessions */
13
+ rememberMe?: boolean;
14
+ }
15
+ /**
16
+ * OAuth authorization code credentials
17
+ */
18
+ export interface OAuthCredentials {
19
+ type: 'oauth';
20
+ /** The authorization code received from OAuth provider */
21
+ code: string;
22
+ /** The state parameter for CSRF protection */
23
+ state?: string;
24
+ /** The OAuth provider name */
25
+ provider?: string;
26
+ }
27
+ /**
28
+ * Token-based credentials (for refresh or API key auth)
29
+ */
30
+ export interface TokenCredentials {
31
+ type: 'token';
32
+ token: string;
33
+ tokenType?: 'bearer' | 'api-key' | 'refresh';
34
+ }
35
+ /**
36
+ * Union type for all credential types
37
+ */
38
+ export type LoginCredentials = PasswordCredentials | OAuthCredentials | TokenCredentials;
39
+ /**
40
+ * OAuth callback parameters received from the provider
41
+ */
42
+ export interface OAuthCallbackParams {
43
+ /** Authorization code */
44
+ code: string;
45
+ /** State parameter for CSRF validation */
46
+ state?: string;
47
+ /** Error code if authorization failed */
48
+ error?: string;
49
+ /** Error description */
50
+ errorDescription?: string;
51
+ }
52
+ //# sourceMappingURL=credentials.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../../src/api/types/credentials.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,UAAU,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,wDAAwD;IACxD,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,CAAC;IACd,0DAA0D;IAC1D,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;CAC9C;AAED;;GAEG;AACH,MAAM,MAAM,gBAAgB,GACxB,mBAAmB,GACnB,gBAAgB,GAChB,gBAAgB,CAAC;AAErB;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wBAAwB;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B"}
@@ -0,0 +1,5 @@
1
+ /**
2
+ * Credentials Types
3
+ * Types for various authentication credentials
4
+ */
5
+ export {};
@@ -0,0 +1,5 @@
1
+ export * from './user';
2
+ export * from './credentials';
3
+ export * from './auth-result';
4
+ export * from './config';
5
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC;AACvB,cAAc,eAAe,CAAC;AAC9B,cAAc,eAAe,CAAC;AAC9B,cAAc,UAAU,CAAC"}
@@ -0,0 +1,4 @@
1
+ export * from './user';
2
+ export * from './credentials';
3
+ export * from './auth-result';
4
+ export * from './config';
@@ -0,0 +1,39 @@
1
+ /**
2
+ * User Types
3
+ * Core user-related type definitions
4
+ */
5
+ /**
6
+ * Represents an authenticated user
7
+ */
8
+ export interface User {
9
+ /** Unique user identifier */
10
+ id: string;
11
+ /** User's email address */
12
+ email: string;
13
+ /** User's display name */
14
+ name?: string;
15
+ /** User's username (for login) */
16
+ username?: string;
17
+ /** URL to user's avatar image */
18
+ avatar?: string;
19
+ /** User's assigned roles */
20
+ roles: string[];
21
+ /** User's specific permissions */
22
+ permissions: string[];
23
+ /** Additional user metadata */
24
+ metadata?: Record<string, unknown>;
25
+ /** When the user was created */
26
+ createdAt?: string;
27
+ /** When the user was last updated */
28
+ updatedAt?: string;
29
+ }
30
+ /**
31
+ * Minimal user info for display purposes
32
+ */
33
+ export interface UserInfo {
34
+ id: string;
35
+ name?: string;
36
+ email: string;
37
+ avatar?: string;
38
+ }
39
+ //# sourceMappingURL=user.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../../src/api/types/user.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;GAEG;AACH,MAAM,WAAW,IAAI;IACnB,6BAA6B;IAC7B,EAAE,EAAE,MAAM,CAAC;IAEX,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IAEd,0BAA0B;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,iCAAiC;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,4BAA4B;IAC5B,KAAK,EAAE,MAAM,EAAE,CAAC;IAEhB,kCAAkC;IAClC,WAAW,EAAE,MAAM,EAAE,CAAC;IAEtB,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEnC,gCAAgC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,qCAAqC;IACrC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}
@@ -0,0 +1,5 @@
1
+ /**
2
+ * User Types
3
+ * Core user-related type definitions
4
+ */
5
+ export {};
@@ -0,0 +1,15 @@
1
+ /**
2
+ * @hamak/auth (impl)
3
+ *
4
+ * Core implementation of the authentication system.
5
+ * Provides strategies, services, and plugin integration.
6
+ */
7
+ export * from '../api';
8
+ export * from '../spi';
9
+ export * from './plugin';
10
+ export * from './services';
11
+ export * from './strategies';
12
+ export * from './storage';
13
+ export * from './store';
14
+ export * from './utils';
15
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/impl/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,cAAc,QAAQ,CAAC;AACvB,cAAc,QAAQ,CAAC;AAGvB,cAAc,UAAU,CAAC;AAGzB,cAAc,YAAY,CAAC;AAG3B,cAAc,cAAc,CAAC;AAG7B,cAAc,WAAW,CAAC;AAG1B,cAAc,SAAS,CAAC;AAGxB,cAAc,SAAS,CAAC"}
@@ -0,0 +1,21 @@
1
+ /**
2
+ * @hamak/auth (impl)
3
+ *
4
+ * Core implementation of the authentication system.
5
+ * Provides strategies, services, and plugin integration.
6
+ */
7
+ // Re-export API and SPI types for convenience
8
+ export * from '../api';
9
+ export * from '../spi';
10
+ // Plugin factory
11
+ export * from './plugin';
12
+ // Services
13
+ export * from './services';
14
+ // Strategies
15
+ export * from './strategies';
16
+ // Storage
17
+ export * from './storage';
18
+ // Store
19
+ export * from './store';
20
+ // Utilities
21
+ export * from './utils';
@@ -0,0 +1,20 @@
1
+ /**
2
+ * Auth Plugin Factory
3
+ * Creates the authentication plugin for the microkernel
4
+ */
5
+ import type { PluginModule } from '@hamak/microkernel-spi';
6
+ import type { AuthPluginConfig, IAuthService } from '../../api';
7
+ /**
8
+ * Create the auth plugin
9
+ *
10
+ * @param config The auth plugin configuration
11
+ * @param axiosModule The axios module (optional, for custom HTTP client)
12
+ */
13
+ export declare function createAuthPlugin(config: AuthPluginConfig, axiosModule?: typeof import('axios').default): PluginModule;
14
+ /**
15
+ * Get the auth service from the plugin context
16
+ */
17
+ export declare function getAuthService(ctx: {
18
+ resolve: (token: symbol) => unknown;
19
+ }): IAuthService;
20
+ //# sourceMappingURL=auth-plugin-factory.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"auth-plugin-factory.d.ts","sourceRoot":"","sources":["../../../src/impl/plugin/auth-plugin-factory.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAC3D,OAAO,KAAK,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAsFhE;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,gBAAgB,EACxB,WAAW,CAAC,EAAE,cAAc,OAAO,EAAE,OAAO,GAC3C,YAAY,CAuLd;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE;IAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAA;CAAE,GAAG,YAAY,CAEzF"}
@@ -0,0 +1,226 @@
1
+ /**
2
+ * Auth Plugin Factory
3
+ * Creates the authentication plugin for the microkernel
4
+ */
5
+ import { AUTH_SERVICE_TOKEN, AUTH_STRATEGY_REGISTRY_TOKEN, TOKEN_STORAGE_TOKEN } from '../../api';
6
+ import { AuthService } from '../services/AuthService';
7
+ import { StrategyRegistry } from '../strategies/StrategyRegistry';
8
+ import { PasswordStrategy } from '../strategies/PasswordStrategy';
9
+ import { OAuth2Strategy } from '../strategies/OAuth2Strategy';
10
+ import { KeycloakStrategy } from '../strategies/KeycloakStrategy';
11
+ import { createTokenStorage } from '../storage';
12
+ import { authReducer } from '../store/auth-reducer';
13
+ /**
14
+ * Store extensions registry token (from ui-store)
15
+ */
16
+ const STORE_EXTENSIONS_TOKEN = Symbol.for('@hamak/ui-store:StoreExtensionsRegistry');
17
+ /**
18
+ * Axios-based HTTP client adapter
19
+ */
20
+ function createAxiosHttpClient(axios) {
21
+ const instance = axios.create();
22
+ return {
23
+ async get(url, config) {
24
+ const response = await instance.get(url, {
25
+ headers: config?.headers,
26
+ params: config?.params,
27
+ timeout: config?.timeout
28
+ });
29
+ return {
30
+ data: response.data,
31
+ status: response.status,
32
+ headers: response.headers
33
+ };
34
+ },
35
+ async post(url, data, config) {
36
+ const response = await instance.post(url, data, {
37
+ headers: config?.headers,
38
+ params: config?.params,
39
+ timeout: config?.timeout
40
+ });
41
+ return {
42
+ data: response.data,
43
+ status: response.status,
44
+ headers: response.headers
45
+ };
46
+ },
47
+ async put(url, data, config) {
48
+ const response = await instance.put(url, data, {
49
+ headers: config?.headers,
50
+ params: config?.params,
51
+ timeout: config?.timeout
52
+ });
53
+ return {
54
+ data: response.data,
55
+ status: response.status,
56
+ headers: response.headers
57
+ };
58
+ },
59
+ async delete(url, config) {
60
+ const response = await instance.delete(url, {
61
+ headers: config?.headers,
62
+ params: config?.params,
63
+ timeout: config?.timeout
64
+ });
65
+ return {
66
+ data: response.data,
67
+ status: response.status,
68
+ headers: response.headers
69
+ };
70
+ }
71
+ };
72
+ }
73
+ /**
74
+ * Create the auth plugin
75
+ *
76
+ * @param config The auth plugin configuration
77
+ * @param axiosModule The axios module (optional, for custom HTTP client)
78
+ */
79
+ export function createAuthPlugin(config, axiosModule) {
80
+ let authService;
81
+ let strategyRegistry;
82
+ let tokenStorage;
83
+ let refreshInterval = null;
84
+ return {
85
+ async initialize(ctx) {
86
+ // Create HTTP client
87
+ const axios = axiosModule || (await import('axios')).default;
88
+ const httpClient = createAxiosHttpClient(axios);
89
+ // Create token storage
90
+ tokenStorage = createTokenStorage(config.tokenStorage || 'localStorage', { keyPrefix: config.storageKeyPrefix });
91
+ // Create strategy registry
92
+ strategyRegistry = new StrategyRegistry();
93
+ // Register strategies based on config
94
+ if (config.strategy === 'password' && config.password) {
95
+ const passwordStrategy = new PasswordStrategy(config.password, httpClient, 'password');
96
+ strategyRegistry.register(passwordStrategy);
97
+ }
98
+ if (config.strategy === 'oauth2' && config.oauth2) {
99
+ const oauth2Strategy = new OAuth2Strategy(config.oauth2, httpClient, 'oauth2');
100
+ strategyRegistry.register(oauth2Strategy);
101
+ }
102
+ if (config.strategy === 'keycloak' && config.keycloak) {
103
+ const keycloakStrategy = new KeycloakStrategy(config.keycloak, httpClient, 'keycloak');
104
+ strategyRegistry.register(keycloakStrategy);
105
+ }
106
+ // Create auth service
107
+ authService = new AuthService(strategyRegistry, tokenStorage);
108
+ // Provide services via DI container
109
+ ctx.provide({ provide: AUTH_SERVICE_TOKEN, useValue: authService });
110
+ ctx.provide({ provide: AUTH_STRATEGY_REGISTRY_TOKEN, useValue: strategyRegistry });
111
+ ctx.provide({ provide: TOKEN_STORAGE_TOKEN, useValue: tokenStorage });
112
+ // Register auth reducer with store if available
113
+ try {
114
+ const storeExtensions = ctx.resolve(STORE_EXTENSIONS_TOKEN);
115
+ if (storeExtensions) {
116
+ storeExtensions.register('auth', {
117
+ reducers: { auth: authReducer }
118
+ });
119
+ }
120
+ }
121
+ catch {
122
+ // Store not available, that's fine
123
+ if (config.debug) {
124
+ console.log('[Auth] Store extensions not available, skipping reducer registration');
125
+ }
126
+ }
127
+ // Register commands
128
+ ctx.commands.register('auth.login', async (credentials) => {
129
+ return authService.login(credentials);
130
+ });
131
+ ctx.commands.register('auth.logout', async () => {
132
+ return authService.logout();
133
+ });
134
+ ctx.commands.register('auth.refresh', async () => {
135
+ return authService.refreshToken();
136
+ });
137
+ ctx.commands.register('auth.isAuthenticated', () => {
138
+ return authService.isAuthenticated();
139
+ });
140
+ ctx.commands.register('auth.getCurrentUser', () => {
141
+ return authService.getCurrentUser();
142
+ });
143
+ ctx.commands.register('auth.getAccessToken', () => {
144
+ return authService.getAccessToken();
145
+ });
146
+ ctx.commands.register('auth.hasRole', (role) => {
147
+ return authService.hasRole(role);
148
+ });
149
+ ctx.commands.register('auth.hasPermission', (permission) => {
150
+ return authService.hasPermission(permission);
151
+ });
152
+ ctx.commands.register('auth.initiateOAuth', (provider) => {
153
+ authService.initiateOAuth(provider);
154
+ });
155
+ ctx.commands.register('auth.handleOAuthCallback', async (params) => {
156
+ return authService.handleOAuthCallback(params);
157
+ });
158
+ if (config.debug) {
159
+ console.log('[Auth] Plugin initialized with strategy:', config.strategy);
160
+ }
161
+ },
162
+ async activate(ctx) {
163
+ // Initialize auth service (restore session)
164
+ await authService.initialize();
165
+ // Setup auto-refresh if enabled
166
+ if (config.autoRefresh?.enabled) {
167
+ const threshold = config.autoRefresh.threshold || 60000;
168
+ const checkInterval = config.autoRefresh.checkInterval || 30000;
169
+ refreshInterval = setInterval(async () => {
170
+ if (authService.isAuthenticated() && tokenStorage.isTokenExpiringSoon(threshold)) {
171
+ if (config.debug) {
172
+ console.log('[Auth] Token expiring soon, refreshing...');
173
+ }
174
+ const result = await authService.refreshToken();
175
+ if (result.success) {
176
+ ctx.hooks.emit('auth:token-refresh', { success: true });
177
+ }
178
+ else {
179
+ ctx.hooks.emit('auth:token-refresh-failed', { error: result.error });
180
+ }
181
+ }
182
+ }, checkInterval);
183
+ }
184
+ // Subscribe to auth state changes and emit hooks
185
+ authService.onAuthStateChange((isAuthenticated, user, changeType) => {
186
+ switch (changeType) {
187
+ case 'login':
188
+ ctx.hooks.emit('auth:login-success', { user });
189
+ break;
190
+ case 'logout':
191
+ ctx.hooks.emit('auth:logout', {});
192
+ break;
193
+ case 'session_expired':
194
+ ctx.hooks.emit('auth:session-expired', {});
195
+ break;
196
+ case 'token_refresh':
197
+ ctx.hooks.emit('auth:token-refresh', { user });
198
+ break;
199
+ }
200
+ // Always emit state change
201
+ ctx.hooks.emit('auth:state-change', { isAuthenticated, user, changeType });
202
+ });
203
+ // Emit ready event
204
+ ctx.hooks.emit('auth:ready', {
205
+ authenticated: authService.isAuthenticated(),
206
+ user: authService.getCurrentUser()
207
+ });
208
+ if (config.debug) {
209
+ console.log('[Auth] Plugin activated, authenticated:', authService.isAuthenticated());
210
+ }
211
+ },
212
+ deactivate() {
213
+ if (refreshInterval) {
214
+ clearInterval(refreshInterval);
215
+ refreshInterval = null;
216
+ }
217
+ authService.destroy();
218
+ }
219
+ };
220
+ }
221
+ /**
222
+ * Get the auth service from the plugin context
223
+ */
224
+ export function getAuthService(ctx) {
225
+ return ctx.resolve(AUTH_SERVICE_TOKEN);
226
+ }
@@ -0,0 +1,2 @@
1
+ export * from './auth-plugin-factory';
2
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/impl/plugin/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC"}
@@ -0,0 +1 @@
1
+ export * from './auth-plugin-factory';
@@ -0,0 +1,44 @@
1
+ /**
2
+ * Auth Service Implementation
3
+ * Core authentication service that orchestrates strategies and storage
4
+ */
5
+ import type { AuthResult, AuthStateCallback, IAuthService, LoginCredentials, OAuthCallbackParams, User } from '../../api';
6
+ import type { IStrategyRegistry, ITokenStorage } from '../../spi';
7
+ /**
8
+ * Auth service implementation
9
+ *
10
+ * Provides a unified authentication API that delegates to registered
11
+ * strategies and manages token storage and state.
12
+ */
13
+ export declare class AuthService implements IAuthService {
14
+ private readonly strategyRegistry;
15
+ private readonly tokenStorage;
16
+ private user;
17
+ private listeners;
18
+ private initialized;
19
+ constructor(strategyRegistry: IStrategyRegistry, tokenStorage: ITokenStorage);
20
+ initialize(): Promise<void>;
21
+ destroy(): void;
22
+ isAuthenticated(): boolean;
23
+ getCurrentUser(): User | null;
24
+ getAccessToken(): string | null;
25
+ getPermissions(): string[];
26
+ getRoles(): string[];
27
+ hasPermission(permission: string): boolean;
28
+ hasRole(role: string): boolean;
29
+ hasAnyRole(roles: string[]): boolean;
30
+ hasAllRoles(roles: string[]): boolean;
31
+ login(credentials: LoginCredentials): Promise<AuthResult>;
32
+ logout(): Promise<void>;
33
+ refreshToken(): Promise<AuthResult>;
34
+ initiateOAuth(provider?: string): void;
35
+ handleOAuthCallback(params: OAuthCallbackParams): Promise<AuthResult>;
36
+ getAuthorizationUrl(provider?: string): string | null;
37
+ onAuthStateChange(callback: AuthStateCallback): () => void;
38
+ private handleAuthSuccess;
39
+ private notifyListeners;
40
+ private getStrategyForCredentials;
41
+ private getOAuthStrategy;
42
+ private isOAuthStrategy;
43
+ }
44
+ //# sourceMappingURL=AuthService.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"AuthService.d.ts","sourceRoot":"","sources":["../../../src/impl/services/AuthService.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,UAAU,EACV,iBAAiB,EAEjB,YAAY,EACZ,gBAAgB,EAChB,mBAAmB,EACnB,IAAI,EACL,MAAM,WAAW,CAAC;AACnB,OAAO,KAAK,EAGV,iBAAiB,EACjB,aAAa,EACd,MAAM,WAAW,CAAC;AAEnB;;;;;GAKG;AACH,qBAAa,WAAY,YAAW,YAAY;IAM5C,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAN/B,OAAO,CAAC,IAAI,CAAqB;IACjC,OAAO,CAAC,SAAS,CAAgC;IACjD,OAAO,CAAC,WAAW,CAAS;gBAGT,gBAAgB,EAAE,iBAAiB,EACnC,YAAY,EAAE,aAAa;IAOxC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IA6BjC,OAAO,IAAI,IAAI;IASf,eAAe,IAAI,OAAO;IAI1B,cAAc,IAAI,IAAI,GAAG,IAAI;IAI7B,cAAc,IAAI,MAAM,GAAG,IAAI;IAI/B,cAAc,IAAI,MAAM,EAAE;IAI1B,QAAQ,IAAI,MAAM,EAAE;IAIpB,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAI1C,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI9B,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO;IAKpC,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO;IAS/B,KAAK,CAAC,WAAW,EAAE,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC;IAqBzD,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAiBvB,YAAY,IAAI,OAAO,CAAC,UAAU,CAAC;IAyCzC,aAAa,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI;IAahC,mBAAmB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,UAAU,CAAC;IAsC3E,mBAAmB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAoBrD,iBAAiB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,MAAM,IAAI;IAS1D,OAAO,CAAC,iBAAiB;IAezB,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,yBAAyB;IAqBjC,OAAO,CAAC,gBAAgB;IAexB,OAAO,CAAC,eAAe;CAGxB"}