npm - @hanzo/iam - Versions diffs - 0.1.0 - Mend

@hanzo/iam 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/dist/client.js ADDED Viewed

@@ -0,0 +1,238 @@
+/**
+ * Core HTTP client for Hanzo IAM (Casdoor) API.
+ */
+const DEFAULT_TIMEOUT_MS = 10_000;
+export class IamClient {
+    baseUrl;
+    clientId;
+    clientSecret;
+    orgName;
+    appName;
+    discoveryCache = null;
+    constructor(config) {
+        this.baseUrl = config.serverUrl.replace(/\/+$/, "");
+        this.clientId = config.clientId;
+        this.clientSecret = config.clientSecret;
+        this.orgName = config.orgName;
+        this.appName = config.appName;
+    }
+    // -----------------------------------------------------------------------
+    // Internal HTTP helpers
+    // -----------------------------------------------------------------------
+    async request(path, opts) {
+        const url = new URL(path, this.baseUrl);
+        if (opts?.params) {
+            for (const [k, v] of Object.entries(opts.params)) {
+                url.searchParams.set(k, v);
+            }
+        }
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), opts?.timeoutMs ?? DEFAULT_TIMEOUT_MS);
+        const headers = {
+            Accept: "application/json",
+        };
+        if (opts?.token) {
+            headers.Authorization = `Bearer ${opts.token}`;
+        }
+        if (opts?.body) {
+            headers["Content-Type"] = "application/json";
+        }
+        // Server-side basic auth for confidential client operations
+        if (this.clientSecret && !opts?.token) {
+            const credentials = `${this.clientId}:${this.clientSecret}`;
+            const basic = typeof Buffer !== "undefined"
+                ? Buffer.from(credentials).toString("base64")
+                : btoa(credentials);
+            headers.Authorization = `Basic ${basic}`;
+        }
+        try {
+            const res = await fetch(url.toString(), {
+                method: opts?.method ?? "GET",
+                headers,
+                body: opts?.body ? JSON.stringify(opts.body) : undefined,
+                signal: controller.signal,
+            });
+            if (!res.ok) {
+                const text = await res.text().catch(() => "");
+                throw new IamApiError(res.status, `${res.statusText}: ${text}`.trim());
+            }
+            return (await res.json());
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    // -----------------------------------------------------------------------
+    // OIDC Discovery
+    // -----------------------------------------------------------------------
+    async getDiscovery() {
+        const CACHE_TTL_MS = 5 * 60 * 1000;
+        if (this.discoveryCache && Date.now() - this.discoveryCache.fetchedAt < CACHE_TTL_MS) {
+            return this.discoveryCache.data;
+        }
+        const data = await this.request("/.well-known/openid-configuration");
+        this.discoveryCache = { data, fetchedAt: Date.now() };
+        return data;
+    }
+    /** Get JWKS URI from OIDC discovery (cached). */
+    async getJwksUri() {
+        const discovery = await this.getDiscovery();
+        return discovery.jwks_uri;
+    }
+    // -----------------------------------------------------------------------
+    // OAuth2 / Token
+    // -----------------------------------------------------------------------
+    /** Build the authorization URL for user login redirect. */
+    async getAuthorizationUrl(params) {
+        const discovery = await this.getDiscovery();
+        const url = new URL(discovery.authorization_endpoint);
+        url.searchParams.set("client_id", this.clientId);
+        url.searchParams.set("response_type", "code");
+        url.searchParams.set("redirect_uri", params.redirectUri);
+        url.searchParams.set("state", params.state);
+        url.searchParams.set("scope", params.scope ?? "openid profile email");
+        if (params.codeChallenge) {
+            url.searchParams.set("code_challenge", params.codeChallenge);
+            url.searchParams.set("code_challenge_method", params.codeChallengeMethod ?? "S256");
+        }
+        return url.toString();
+    }
+    /** Exchange authorization code for tokens. */
+    async exchangeCode(params) {
+        const discovery = await this.getDiscovery();
+        const body = new URLSearchParams({
+            grant_type: "authorization_code",
+            client_id: this.clientId,
+            code: params.code,
+            redirect_uri: params.redirectUri,
+        });
+        if (this.clientSecret) {
+            body.set("client_secret", this.clientSecret);
+        }
+        if (params.codeVerifier) {
+            body.set("code_verifier", params.codeVerifier);
+        }
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+        try {
+            const res = await fetch(discovery.token_endpoint, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: body.toString(),
+                signal: controller.signal,
+            });
+            if (!res.ok) {
+                const text = await res.text().catch(() => "");
+                throw new IamApiError(res.status, `Token exchange failed: ${text}`);
+            }
+            return (await res.json());
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    /** Refresh an access token. */
+    async refreshToken(refreshToken) {
+        const discovery = await this.getDiscovery();
+        const body = new URLSearchParams({
+            grant_type: "refresh_token",
+            client_id: this.clientId,
+            refresh_token: refreshToken,
+        });
+        if (this.clientSecret) {
+            body.set("client_secret", this.clientSecret);
+        }
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+        try {
+            const res = await fetch(discovery.token_endpoint, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: body.toString(),
+                signal: controller.signal,
+            });
+            if (!res.ok) {
+                const text = await res.text().catch(() => "");
+                throw new IamApiError(res.status, `Token refresh failed: ${text}`);
+            }
+            return (await res.json());
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    // -----------------------------------------------------------------------
+    // User
+    // -----------------------------------------------------------------------
+    /** Get user info from access token (OIDC userinfo endpoint). */
+    async getUserInfo(accessToken) {
+        const discovery = await this.getDiscovery();
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+        try {
+            const res = await fetch(discovery.userinfo_endpoint, {
+                headers: { Authorization: `Bearer ${accessToken}` },
+                signal: controller.signal,
+            });
+            if (!res.ok) {
+                throw new IamApiError(res.status, "Failed to fetch userinfo");
+            }
+            return (await res.json());
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+    /** Get a user by ID ("org/username" format). */
+    async getUser(userId, token) {
+        const resp = await this.request("/api/get-user", {
+            params: { id: userId },
+            token,
+        });
+        return resp.data ?? null;
+    }
+    // -----------------------------------------------------------------------
+    // Organization
+    // -----------------------------------------------------------------------
+    /** List organizations (for the configured owner). */
+    async getOrganizations(token) {
+        const owner = this.orgName ?? "admin";
+        const resp = await this.request("/api/get-organizations", { params: { owner }, token });
+        return resp.data ?? [];
+    }
+    /** Get a specific organization. */
+    async getOrganization(id, token) {
+        const resp = await this.request("/api/get-organization", { params: { id }, token });
+        return resp.data ?? null;
+    }
+    /** Get organizations a user belongs to. */
+    async getUserOrganizations(userId, token) {
+        // Casdoor returns orgs the user is a member of via the user's properties.
+        // We can also query via get-user and read their signupApplication/org.
+        const user = await this.getUser(userId, token);
+        if (!user)
+            return [];
+        // The owner field on a user is their org
+        const org = await this.getOrganization(`admin/${user.owner}`, token);
+        return org ? [org] : [];
+    }
+    // -----------------------------------------------------------------------
+    // Raw request (for extending)
+    // -----------------------------------------------------------------------
+    /** Make an arbitrary authenticated request to the IAM API. */
+    async apiRequest(path, opts) {
+        return this.request(path, opts);
+    }
+}
+// ---------------------------------------------------------------------------
+// Error
+// ---------------------------------------------------------------------------
+export class IamApiError extends Error {
+    status;
+    constructor(status, message) {
+        super(message);
+        this.name = "IamApiError";
+        this.status = status;
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAWH,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC,MAAM,OAAO,SAAS;IACH,OAAO,CAAS;IAChB,QAAQ,CAAS;IACjB,YAAY,CAAqB;IACjC,OAAO,CAAqB;IAC5B,OAAO,CAAqB;IACrC,cAAc,GAAsD,IAAI,CAAC;IAEjF,YAAY,MAAiB;QAC3B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACxC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAChC,CAAC;IAED,0EAA0E;IAC1E,wBAAwB;IACxB,0EAA0E;IAElE,KAAK,CAAC,OAAO,CACnB,IAAY,EACZ,IAMC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,IAAI,EAAE,MAAM,EAAE,CAAC;YACjB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CACtB,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EACxB,IAAI,EAAE,SAAS,IAAI,kBAAkB,CACtC,CAAC;QAEF,MAAM,OAAO,GAA2B;YACtC,MAAM,EAAE,kBAAkB;SAC3B,CAAC;QACF,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,aAAa,GAAG,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;QACjD,CAAC;QACD,IAAI,IAAI,EAAE,IAAI,EAAE,CAAC;YACf,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QAC/C,CAAC;QAED,4DAA4D;QAC5D,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC5D,MAAM,KAAK,GACT,OAAO,MAAM,KAAK,WAAW;gBAC3B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAC7C,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACxB,OAAO,CAAC,aAAa,GAAG,SAAS,KAAK,EAAE,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE;gBACtC,MAAM,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK;gBAC7B,OAAO;gBACP,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gBACxD,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;QACjC,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,iBAAiB;IACjB,0EAA0E;IAE1E,KAAK,CAAC,YAAY;QAChB,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;QACnC,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,GAAG,YAAY,EAAE,CAAC;YACrF,OAAO,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC;QAClC,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,mCAAmC,CACpC,CAAC;QACF,IAAI,CAAC,cAAc,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iDAAiD;IACjD,KAAK,CAAC,UAAU;QACd,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,OAAO,SAAS,CAAC,QAAQ,CAAC;IAC5B,CAAC;IAED,0EAA0E;IAC1E,iBAAiB;IACjB,0EAA0E;IAE1E,2DAA2D;IAC3D,KAAK,CAAC,mBAAmB,CAAC,MAMzB;QACC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;QACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QACzD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,IAAI,sBAAsB,CAAC,CAAC;QACtE,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;YAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,mBAAmB,IAAI,MAAM,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAED,8CAA8C;IAC9C,KAAK,CAAC,YAAY,CAAC,MAIlB;QACC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;YAC/B,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,YAAY,EAAE,MAAM,CAAC,WAAW;SACjC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;QACvE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACrB,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,0BAA0B,IAAI,EAAE,CAAC,CAAC;YACtE,CAAC;YACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkB,CAAC;QAC7C,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,KAAK,CAAC,YAAY,CAAC,YAAoB;QACrC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;YAC/B,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;QACvE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE;gBAChD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;gBACrB,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,yBAAyB,IAAI,EAAE,CAAC,CAAC;YACrE,CAAC;YACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAkB,CAAC;QAC7C,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,OAAO;IACP,0EAA0E;IAE1E,gEAAgE;IAChE,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;QACvE,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC,iBAAiB,EAAE;gBACnD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;gBACnD,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,IAAI,WAAW,CAAC,GAAG,CAAC,MAAM,EAAE,0BAA0B,CAAC,CAAC;YAChE,CAAC;YACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAY,CAAC;QACvC,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,OAAO,CAAC,MAAc,EAAE,KAAc;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAA0B,eAAe,EAAE;YACxE,MAAM,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YACtB,KAAK;SACN,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC3B,CAAC;IAED,0EAA0E;IAC1E,eAAe;IACf,0EAA0E;IAE1E,qDAAqD;IACrD,KAAK,CAAC,gBAAgB,CAAC,KAAc;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC;QACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,wBAAwB,EACxB,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAC7B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,mCAAmC;IACnC,KAAK,CAAC,eAAe,CACnB,EAAU,EACV,KAAc;QAEd,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,uBAAuB,EACvB,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAC1B,CAAC;QACF,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;IAC3B,CAAC;IAED,2CAA2C;IAC3C,KAAK,CAAC,oBAAoB,CACxB,MAAc,EACd,KAAc;QAEd,0EAA0E;QAC1E,uEAAuE;QACvE,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,CAAC;QACrB,yCAAyC;QACzC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,eAAe,CACpC,SAAS,IAAI,CAAC,KAAK,EAAE,EACrB,KAAK,CACN,CAAC;QACF,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1B,CAAC;IAED,0EAA0E;IAC1E,8BAA8B;IAC9B,0EAA0E;IAE1E,8DAA8D;IAC9D,KAAK,CAAC,UAAU,CACd,IAAY,EACZ,IAA2F;QAE3F,OAAO,IAAI,CAAC,OAAO,CAAI,IAAI,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;CACF;AAED,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,MAAM,OAAO,WAAY,SAAQ,KAAK;IAC3B,MAAM,CAAS;IAExB,YAAY,MAAc,EAAE,OAAe;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * @hanzo/iam — TypeScript SDK for Hanzo IAM (Casdoor-based identity & access management).
+ *
+ * @example
+ * ```ts
+ * import { IamClient, IamBillingClient, validateToken } from "@hanzo/iam";
+ *
+ * const client = new IamClient({
+ *   serverUrl: "https://iam.hanzo.ai",
+ *   clientId: "my-app",
+ * });
+ *
+ * // Validate a JWT
+ * const result = await validateToken(accessToken, {
+ *   serverUrl: "https://iam.hanzo.ai",
+ *   clientId: "my-app",
+ * });
+ * ```
+ */
+export { IamClient, IamApiError } from "./client.js";
+export { validateToken, clearJwksCache } from "./auth.js";
+export { IamBillingClient } from "./billing.js";
+export { BrowserIamSdk, type BrowserIamConfig } from "./browser.js";
+export { generatePkceChallenge, generateState } from "./pkce.js";
+export type { IamConfig, OidcDiscovery, TokenResponse, IamJwtClaims, IamUser, IamOrganization, IamSubscription, IamPlan, IamPricing, IamPayment, IamOrder, IamAuthResult, IamApiResponse, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAGrD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAG1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGhD,OAAO,EAAE,aAAa,EAAE,KAAK,gBAAgB,EAAE,MAAM,cAAc,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAMjE,YAAY,EACV,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,OAAO,EACP,eAAe,EACf,eAAe,EACf,OAAO,EACP,UAAU,EACV,UAAU,EACV,QAAQ,EACR,aAAa,EACb,cAAc,GACf,MAAM,YAAY,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * @hanzo/iam — TypeScript SDK for Hanzo IAM (Casdoor-based identity & access management).
+ *
+ * @example
+ * ```ts
+ * import { IamClient, IamBillingClient, validateToken } from "@hanzo/iam";
+ *
+ * const client = new IamClient({
+ *   serverUrl: "https://iam.hanzo.ai",
+ *   clientId: "my-app",
+ * });
+ *
+ * // Validate a JWT
+ * const result = await validateToken(accessToken, {
+ *   serverUrl: "https://iam.hanzo.ai",
+ *   clientId: "my-app",
+ * });
+ * ```
+ */
+// Core client
+export { IamClient, IamApiError } from "./client.js";
+// JWT validation
+export { validateToken, clearJwksCache } from "./auth.js";
+// Billing client
+export { IamBillingClient } from "./billing.js";
+// Browser PKCE auth (re-exported from separate entry point too)
+export { BrowserIamSdk } from "./browser.js";
+export { generatePkceChallenge, generateState } from "./pkce.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,cAAc;AACd,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAErD,iBAAiB;AACjB,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAE1D,iBAAiB;AACjB,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,gEAAgE;AAChE,OAAO,EAAE,aAAa,EAAyB,MAAM,cAAc,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}

package/dist/pkce.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities for browser-side OAuth2 flows.
+ *
+ * Adapted from casdoor-js-sdk, modernized for native Web Crypto API.
+ */
+/** Generate a PKCE code verifier + challenge pair. */
+export declare function generatePkceChallenge(): Promise<{
+    codeVerifier: string;
+    codeChallenge: string;
+}>;
+/** Generate a random state parameter for CSRF protection. */
+export declare function generateState(): string;
+//# sourceMappingURL=pkce.d.ts.map

package/dist/pkce.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAwBH,sDAAsD;AACtD,wBAAsB,qBAAqB,IAAI,OAAO,CAAC;IACrD,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC,CAKD;AAED,6DAA6D;AAC7D,wBAAgB,aAAa,IAAI,MAAM,CAEtC"}

package/dist/pkce.js ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * PKCE (Proof Key for Code Exchange) utilities for browser-side OAuth2 flows.
+ *
+ * Adapted from casdoor-js-sdk, modernized for native Web Crypto API.
+ */
+function generateRandomString(length) {
+    const array = new Uint8Array(length);
+    crypto.getRandomValues(array);
+    return Array.from(array, (b) => b.toString(36).padStart(2, "0"))
+        .join("")
+        .slice(0, length);
+}
+async function sha256(plain) {
+    const encoder = new TextEncoder();
+    return crypto.subtle.digest("SHA-256", encoder.encode(plain));
+}
+function base64UrlEncode(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let binary = "";
+    for (const byte of bytes) {
+        binary += String.fromCharCode(byte);
+    }
+    return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+/** Generate a PKCE code verifier + challenge pair. */
+export async function generatePkceChallenge() {
+    const codeVerifier = generateRandomString(64);
+    const hash = await sha256(codeVerifier);
+    const codeChallenge = base64UrlEncode(hash);
+    return { codeVerifier, codeChallenge };
+}
+/** Generate a random state parameter for CSRF protection. */
+export function generateState() {
+    return generateRandomString(32);
+}
+//# sourceMappingURL=pkce.js.map

package/dist/pkce.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pkce.js","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC7D,IAAI,CAAC,EAAE,CAAC;SACR,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AACtB,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,KAAa;IACjC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CAAC,MAAmB;IAC1C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,sDAAsD;AACtD,MAAM,CAAC,KAAK,UAAU,qBAAqB;IAIzC,MAAM,YAAY,GAAG,oBAAoB,CAAC,EAAE,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IACxC,MAAM,aAAa,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAC5C,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;AACzC,CAAC;AAED,6DAA6D;AAC7D,MAAM,UAAU,aAAa;IAC3B,OAAO,oBAAoB,CAAC,EAAE,CAAC,CAAC;AAClC,CAAC"}

package/dist/react.d.ts ADDED Viewed

@@ -0,0 +1,123 @@
+/**
+ * React bindings for @hanzo/iam.
+ *
+ * Provides a context provider, auth hooks, and org/project switching
+ * that can be dropped into any React application.
+ *
+ * @example
+ * ```tsx
+ * import { IamProvider, useIam, useOrganizations } from '@hanzo/iam/react'
+ *
+ * function App() {
+ *   return (
+ *     <IamProvider config={{
+ *       serverUrl: 'https://iam.hanzo.ai',
+ *       clientId: 'my-app',
+ *       redirectUri: `${window.location.origin}/auth/callback`,
+ *     }}>
+ *       <MyApp />
+ *     </IamProvider>
+ *   )
+ * }
+ *
+ * function MyApp() {
+ *   const { user, isAuthenticated, login, logout } = useIam()
+ *   const { organizations, currentOrg, switchOrg } = useOrganizations()
+ *
+ *   if (!isAuthenticated) return <button onClick={() => login()}>Log in</button>
+ *   return <div>Welcome, {user?.displayName}</div>
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+import type { ReactNode } from "react";
+import { BrowserIamSdk } from "./browser.js";
+import type { BrowserIamConfig } from "./browser.js";
+import type { IamUser, IamOrganization, TokenResponse } from "./types.js";
+export interface IamProviderProps {
+    /** Browser IAM SDK configuration. */
+    config: BrowserIamConfig;
+    /** Auto-initialize on mount (check stored tokens). Default: true. */
+    autoInit?: boolean;
+    /** Called when authentication state changes. */
+    onAuthChange?: (authenticated: boolean) => void;
+    children: ReactNode;
+}
+export interface IamContextValue {
+    /** The underlying BrowserIamSdk instance for advanced use. */
+    sdk: BrowserIamSdk;
+    /** The IAM configuration. */
+    config: BrowserIamConfig;
+    /** Authenticated user (null if not logged in). */
+    user: IamUser | null;
+    /** Whether the user is currently authenticated. */
+    isAuthenticated: boolean;
+    /** Whether initial auth check is in progress. */
+    isLoading: boolean;
+    /** Current access token (null if not authenticated). */
+    accessToken: string | null;
+    /** Redirect to IAM login page. */
+    login: (params?: {
+        additionalParams?: Record<string, string>;
+    }) => Promise<void>;
+    /** Open IAM login in a popup. */
+    loginPopup: (params?: {
+        width?: number;
+        height?: number;
+    }) => Promise<void>;
+    /** Handle OAuth callback — call on your /auth/callback route. */
+    handleCallback: (callbackUrl?: string) => Promise<TokenResponse>;
+    /** Log out and clear all tokens. */
+    logout: () => void;
+    /** Last auth error, if any. */
+    error: Error | null;
+}
+export interface OrgState {
+    /** All organizations the user belongs to. */
+    organizations: IamOrganization[];
+    /** Currently selected organization. */
+    currentOrg: IamOrganization | null;
+    /** Currently selected org ID. */
+    currentOrgId: string | null;
+    /** Switch to a different organization. */
+    switchOrg: (orgId: string) => void;
+    /** Currently selected project ID within the org. */
+    currentProjectId: string | null;
+    /** Switch to a different project (null to clear). */
+    switchProject: (projectId: string | null) => void;
+    /** Whether organizations are loading. */
+    isLoading: boolean;
+}
+declare const IamContext: import("react").Context<IamContextValue | null>;
+/**
+ * Root provider for Hanzo IAM in React applications.
+ *
+ * Wrap your app (or a subtree) with this provider to enable IAM auth.
+ * Manages the BrowserIamSdk instance, token lifecycle, and auth state.
+ */
+export declare function IamProvider(props: IamProviderProps): import("react").FunctionComponentElement<import("react").ProviderProps<IamContextValue | null>>;
+/**
+ * Access Hanzo IAM auth state and methods.
+ * Must be used within an `<IamProvider>`.
+ */
+export declare function useIam(): IamContextValue;
+/**
+ * Manage organization and project switching.
+ *
+ * Fetches the user's organizations from IAM and provides
+ * `switchOrg` / `switchProject` to change the active tenant.
+ * Selection is persisted to localStorage.
+ */
+export declare function useOrganizations(): OrgState;
+/**
+ * Hook that provides a valid access token with auto-refresh capability.
+ * Returns null while loading or if not authenticated.
+ */
+export declare function useIamToken(): {
+    token: string | null;
+    isValid: boolean;
+    refresh: () => Promise<string | null>;
+};
+export { IamContext };
+//# sourceMappingURL=react.d.ts.map

package/dist/react.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"react.d.ts","sourceRoot":"","sources":["../src/react.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAYH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAErD,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAM1E,MAAM,WAAW,gBAAgB;IAC/B,qCAAqC;IACrC,MAAM,EAAE,gBAAgB,CAAC;IACzB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gDAAgD;IAChD,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,OAAO,KAAK,IAAI,CAAC;IAChD,QAAQ,EAAE,SAAS,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,8DAA8D;IAC9D,GAAG,EAAE,aAAa,CAAC;IACnB,6BAA6B;IAC7B,MAAM,EAAE,gBAAgB,CAAC;IACzB,kDAAkD;IAClD,IAAI,EAAE,OAAO,GAAG,IAAI,CAAC;IACrB,mDAAmD;IACnD,eAAe,EAAE,OAAO,CAAC;IACzB,iDAAiD;IACjD,SAAS,EAAE,OAAO,CAAC;IACnB,wDAAwD;IACxD,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,kCAAkC;IAClC,KAAK,EAAE,CAAC,MAAM,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjF,iCAAiC;IACjC,UAAU,EAAE,CAAC,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5E,iEAAiE;IACjE,cAAc,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,aAAa,CAAC,CAAC;IACjE,oCAAoC;IACpC,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,+BAA+B;IAC/B,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,QAAQ;IACvB,6CAA6C;IAC7C,aAAa,EAAE,eAAe,EAAE,CAAC;IACjC,uCAAuC;IACvC,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;IACnC,iCAAiC;IACjC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,0CAA0C;IAC1C,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IACnC,oDAAoD;IACpD,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,qDAAqD;IACrD,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IAClD,yCAAyC;IACzC,SAAS,EAAE,OAAO,CAAC;CACpB;AAMD,QAAA,MAAM,UAAU,iDAA8C,CAAC;AAY/D;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,gBAAgB,mGAiNlD;AAMD;;;GAGG;AACH,wBAAgB,MAAM,IAAI,eAAe,CAMxC;AAMD;;;;;;GAMG;AACH,wBAAgB,gBAAgB,IAAI,QAAQ,CAqI3C;AAMD;;;GAGG;AACH,wBAAgB,WAAW,IAAI;IAC7B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACvC,CAgBA;AAGD,OAAO,EAAE,UAAU,EAAE,CAAC"}