@hightjs/auth 0.4.0

package/LICENSE

@@ -0,0 +1,13 @@
+Copyright 2025 itsmuzin
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/dist/client.d.ts

@@ -0,0 +1,24 @@
+import type { SignInOptions, SignInResult, Session } from './types';
+export declare function setBasePath(path: string): void;
+/**
+ * Função para obter a sessão atual (similar ao NextAuth getSession)
+ */
+export declare function getSession(): Promise<Session | null>;
+/**
+ * Função para obter token CSRF
+ */
+export declare function getCsrfToken(): Promise<string | null>;
+/**
+ * Função para obter providers disponíveis
+ */
+export declare function getProviders(): Promise<any[] | null>;
+/**
+ * Função para fazer login (similar ao NextAuth signIn)
+ */
+export declare function signIn(provider?: string, options?: SignInOptions): Promise<SignInResult | undefined>;
+/**
+ * Função para fazer logout (similar ao NextAuth signOut)
+ */
+export declare function signOut(options?: {
+    callbackUrl?: string;
+}): Promise<void>;

package/dist/client.js

@@ -0,0 +1,146 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setBasePath = setBasePath;
+exports.getSession = getSession;
+exports.getCsrfToken = getCsrfToken;
+exports.getProviders = getProviders;
+exports.signIn = signIn;
+exports.signOut = signOut;
+// Configuração global do client
+let basePath = '/api/auth';
+function setBasePath(path) {
+    basePath = path;
+}
+/**
+ * Função para obter a sessão atual (similar ao NextAuth getSession)
+ */
+async function getSession() {
+    try {
+        const response = await fetch(`${basePath}/session`, {
+            credentials: 'include'
+        });
+        if (!response.ok) {
+            return null;
+        }
+        const data = await response.json();
+        return data.session || null;
+    }
+    catch (error) {
+        console.error('[hweb-auth] Error fetching session:', error);
+        return null;
+    }
+}
+/**
+ * Função para obter token CSRF
+ */
+async function getCsrfToken() {
+    try {
+        const response = await fetch(`${basePath}/csrf`, {
+            credentials: 'include'
+        });
+        if (!response.ok) {
+            return null;
+        }
+        const data = await response.json();
+        return data.csrfToken || null;
+    }
+    catch (error) {
+        console.error('[hweb-auth] Error fetching CSRF token:', error);
+        return null;
+    }
+}
+/**
+ * Função para obter providers disponíveis
+ */
+async function getProviders() {
+    try {
+        const response = await fetch(`${basePath}/providers`, {
+            credentials: 'include'
+        });
+        if (!response.ok) {
+            return null;
+        }
+        const data = await response.json();
+        return data.providers || [];
+    }
+    catch (error) {
+        console.error('[hweb-auth] Error searching for providers:', error);
+        return null;
+    }
+}
+/**
+ * Função para fazer login (similar ao NextAuth signIn)
+ */
+async function signIn(provider = 'credentials', options = {}) {
+    try {
+        const { redirect = true, callbackUrl, ...credentials } = options;
+        const response = await fetch(`${basePath}/signin`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            credentials: 'include',
+            body: JSON.stringify({
+                provider,
+                ...credentials
+            })
+        });
+        const data = await response.json();
+        if (response.ok && data.success) {
+            // Se é OAuth, redireciona para URL fornecida
+            if (data.type === 'oauth' && data.redirectUrl) {
+                if (redirect && typeof window !== 'undefined') {
+                    window.location.href = data.redirectUrl;
+                }
+                return {
+                    ok: true,
+                    status: 200,
+                    url: data.redirectUrl
+                };
+            }
+            // Se é sessão (credentials), redireciona para callbackUrl
+            if (data.type === 'session') {
+                if (redirect && typeof window !== 'undefined') {
+                    window.location.href = callbackUrl || '/';
+                }
+                return {
+                    ok: true,
+                    status: 200,
+                    url: callbackUrl || '/'
+                };
+            }
+        }
+        else {
+            return {
+                error: data.error || 'Authentication failed',
+                status: response.status,
+                ok: false
+            };
+        }
+    }
+    catch (error) {
+        console.error('[hweb-auth] Error on signIn:', error);
+        return {
+            error: 'Network error',
+            status: 500,
+            ok: false
+        };
+    }
+}
+/**
+ * Função para fazer logout (similar ao NextAuth signOut)
+ */
+async function signOut(options = {}) {
+    try {
+        await fetch(`${basePath}/signout`, {
+            method: 'POST',
+            credentials: 'include'
+        });
+        if (typeof window !== 'undefined') {
+            window.location.href = options.callbackUrl || '/';
+        }
+    }
+    catch (error) {
+        console.error('[hweb-auth] Error on signOut:', error);
+    }
+}

package/dist/components.d.ts

@@ -0,0 +1,29 @@
+import React, { ReactNode } from 'react';
+interface ProtectedRouteProps {
+    children: ReactNode;
+    fallback?: ReactNode;
+    redirectTo?: string;
+    requireAuth?: boolean;
+}
+/**
+ * Componente para proteger rotas que requerem autenticação
+ */
+export declare function ProtectedRoute({ children, fallback, redirectTo, requireAuth }: ProtectedRouteProps): string | number | bigint | true | Iterable<React.ReactNode> | Promise<string | number | bigint | boolean | React.ReactPortal | React.ReactElement<unknown, string | React.JSXElementConstructor<any>> | Iterable<React.ReactNode> | null | undefined> | import("react/jsx-runtime").JSX.Element | null;
+interface GuardProps {
+    children: ReactNode;
+    fallback?: ReactNode;
+    redirectTo?: string;
+}
+/**
+ * Guard simples que só renderiza children se estiver autenticado
+ */
+export declare function AuthGuard({ children, fallback, redirectTo }: GuardProps): string | number | bigint | true | Iterable<React.ReactNode> | Promise<string | number | bigint | boolean | React.ReactPortal | React.ReactElement<unknown, string | React.JSXElementConstructor<any>> | Iterable<React.ReactNode> | null | undefined> | import("react/jsx-runtime").JSX.Element | null;
+/**
+ * Componente para mostrar conteúdo apenas para usuários não autenticados
+ */
+export declare function GuestOnly({ children, fallback, redirectTo }: GuardProps): string | number | bigint | true | Iterable<React.ReactNode> | Promise<string | number | bigint | boolean | React.ReactPortal | React.ReactElement<unknown, string | React.JSXElementConstructor<any>> | Iterable<React.ReactNode> | null | undefined> | import("react/jsx-runtime").JSX.Element;
+/**
+ * Hook para redirecionar baseado no status de autenticação
+ */
+export declare function useAuthRedirect(authenticatedRedirect?: string, unauthenticatedRedirect?: string): void;
+export {};

package/dist/components.js

@@ -0,0 +1,100 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProtectedRoute = ProtectedRoute;
+exports.AuthGuard = AuthGuard;
+exports.GuestOnly = GuestOnly;
+exports.useAuthRedirect = useAuthRedirect;
+const jsx_runtime_1 = require("react/jsx-runtime");
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const react_1 = __importDefault(require("react"));
+const react_2 = require("./react");
+const react_3 = require("hightjs/react");
+/**
+ * Componente para proteger rotas que requerem autenticação
+ */
+function ProtectedRoute({ children, fallback, redirectTo = '/auth/signin', requireAuth = true }) {
+    const { isAuthenticated, isLoading } = (0, react_2.useAuth)();
+    // Ainda carregando
+    if (isLoading) {
+        return fallback || (0, jsx_runtime_1.jsx)("div", { children: "Loading..." });
+    }
+    // Requer auth mas não está autenticado
+    if (requireAuth && !isAuthenticated) {
+        if (typeof window !== 'undefined' && redirectTo) {
+            window.location.href = redirectTo;
+            return null;
+        }
+        return fallback || (0, jsx_runtime_1.jsx)("div", { children: "Unauthorized" });
+    }
+    // Não requer auth mas está autenticado (ex: página de login)
+    if (!requireAuth && isAuthenticated && redirectTo) {
+        if (typeof window !== 'undefined') {
+            window.location.href = redirectTo;
+            return null;
+        }
+    }
+    return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
+}
+/**
+ * Guard simples que só renderiza children se estiver autenticado
+ */
+function AuthGuard({ children, fallback, redirectTo }) {
+    const { isAuthenticated, isLoading } = (0, react_2.useAuth)();
+    if (redirectTo && !isLoading && !isAuthenticated) {
+        react_3.router.push(redirectTo);
+    }
+    if (isLoading) {
+        return fallback || (0, jsx_runtime_1.jsx)("div", {});
+    }
+    if (!isAuthenticated) {
+        return fallback || null;
+    }
+    return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
+}
+/**
+ * Componente para mostrar conteúdo apenas para usuários não autenticados
+ */
+function GuestOnly({ children, fallback, redirectTo }) {
+    const { isAuthenticated, isLoading } = (0, react_2.useAuth)();
+    if (redirectTo && !isLoading && isAuthenticated) {
+        react_3.router.push(redirectTo);
+    }
+    if (isLoading || isAuthenticated) {
+        return fallback || (0, jsx_runtime_1.jsx)("div", {});
+    }
+    return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
+}
+/**
+ * Hook para redirecionar baseado no status de autenticação
+ */
+function useAuthRedirect(authenticatedRedirect, unauthenticatedRedirect) {
+    const { isAuthenticated, isLoading } = (0, react_2.useAuth)();
+    react_1.default.useEffect(() => {
+        if (isLoading)
+            return;
+        if (isAuthenticated && authenticatedRedirect) {
+            window.location.href = authenticatedRedirect;
+        }
+        else if (!isAuthenticated && unauthenticatedRedirect) {
+            window.location.href = unauthenticatedRedirect;
+        }
+    }, [isAuthenticated, isLoading, authenticatedRedirect, unauthenticatedRedirect]);
+}

package/dist/core.d.ts

@@ -0,0 +1,55 @@
+import { HightJSRequest, HightJSResponse } from 'hightjs';
+import type { AuthConfig, AuthProviderClass, Session } from './types';
+export declare class HWebAuth {
+    private config;
+    private sessionManager;
+    constructor(config: AuthConfig);
+    /**
+     * Middleware para adicionar autenticação às rotas
+     */
+    private middleware;
+    /**
+     * Autentica um usuário usando um provider específico
+     */
+    signIn(providerId: string, credentials: Record<string, string>): Promise<{
+        session: Session;
+        token: string;
+    } | {
+        redirectUrl: string;
+    } | null>;
+    /**
+     * Faz logout do usuário
+     */
+    signOut(req: HightJSRequest): Promise<HightJSResponse>;
+    /**
+     * Obtém a sessão atual
+     */
+    getSession(req: HightJSRequest): Promise<Session | null>;
+    /**
+     * Verifica se o usuário está autenticado
+     */
+    isAuthenticated(req: HightJSRequest): Promise<boolean>;
+    /**
+     * Retorna todos os providers disponíveis (dados públicos)
+     */
+    getProviders(): any[];
+    /**
+     * Busca um provider específico
+     */
+    getProvider(id: string): AuthProviderClass | null;
+    /**
+     * Retorna todas as rotas adicionais dos providers
+     */
+    getAllAdditionalRoutes(): Array<{
+        provider: string;
+        route: any;
+    }>;
+    /**
+     * Cria resposta com cookie de autenticação - Secure implementation
+     */
+    createAuthResponse(token: string, data: any): HightJSResponse;
+    /**
+     * Extrai token da requisição (cookie ou header)
+     */
+    private getTokenFromRequest;
+}

package/dist/core.js

@@ -0,0 +1,189 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HWebAuth = void 0;
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const hightjs_1 = require("hightjs");
+const jwt_1 = require("./jwt");
+class HWebAuth {
+    constructor(config) {
+        this.config = {
+            session: { strategy: 'jwt', maxAge: 86400, ...config.session },
+            pages: { signIn: '/auth/signin', signOut: '/auth/signout', ...config.pages },
+            ...config
+        };
+        this.sessionManager = new jwt_1.SessionManager(config.secret, this.config.session?.maxAge || 86400);
+    }
+    /**
+     * Middleware para adicionar autenticação às rotas
+     */
+    async middleware(req) {
+        const token = this.getTokenFromRequest(req);
+        if (!token) {
+            return { session: null, user: null };
+        }
+        const session = this.sessionManager.verifySession(token);
+        return {
+            session,
+            user: session?.user || null
+        };
+    }
+    /**
+     * Autentica um usuário usando um provider específico
+     */
+    async signIn(providerId, credentials) {
+        const provider = this.config.providers.find(p => p.id === providerId);
+        if (!provider) {
+            console.error(`[hweb-auth] Provider not found: ${providerId}`);
+            return null;
+        }
+        try {
+            // Usa o método handleSignIn do provider
+            const result = await provider.handleSignIn(credentials);
+            if (!result)
+                return null;
+            // Se resultado é string, é URL de redirecionamento OAuth
+            if (typeof result === 'string') {
+                return { redirectUrl: result };
+            }
+            // Se resultado é User, cria sessão
+            const user = result;
+            // Callback de signIn se definido
+            if (this.config.callbacks?.signIn) {
+                const allowed = await this.config.callbacks.signIn(user, { provider: providerId }, {});
+                if (!allowed)
+                    return null;
+            }
+            const sessionResult = this.sessionManager.createSession(user);
+            // Callback de sessão se definido
+            if (this.config.callbacks?.session) {
+                sessionResult.session = await this.config.callbacks.session({ session: sessionResult.session, user, provider: providerId });
+            }
+            return sessionResult;
+        }
+        catch (error) {
+            console.error(`[hweb-auth] Error signing in with provider ${providerId}:`, error);
+            return null;
+        }
+    }
+    /**
+     * Faz logout do usuário
+     */
+    async signOut(req) {
+        // Busca a sessão atual para saber qual provider usar
+        const { session } = await this.middleware(req);
+        if (session?.user?.provider) {
+            const provider = this.config.providers.find(p => p.id === session.user.provider);
+            if (provider && provider.handleSignOut) {
+                try {
+                    await provider.handleSignOut();
+                }
+                catch (error) {
+                    console.error(`[hweb-auth] Signout error on provider ${provider.id}:`, error);
+                }
+            }
+        }
+        return hightjs_1.HightJSResponse
+            .json({ success: true })
+            .clearCookie('hweb-auth-token', {
+            path: '/',
+            httpOnly: true,
+            secure: this.config.secureCookies || false,
+            sameSite: 'strict'
+        });
+    }
+    /**
+     * Obtém a sessão atual
+     */
+    async getSession(req) {
+        const { session } = await this.middleware(req);
+        return session;
+    }
+    /**
+     * Verifica se o usuário está autenticado
+     */
+    async isAuthenticated(req) {
+        const session = await this.getSession(req);
+        return session !== null;
+    }
+    /**
+     * Retorna todos os providers disponíveis (dados públicos)
+     */
+    getProviders() {
+        return this.config.providers.map(provider => ({
+            id: provider.id,
+            name: provider.name,
+            type: provider.type,
+            config: provider.getConfig ? provider.getConfig() : {}
+        }));
+    }
+    /**
+     * Busca um provider específico
+     */
+    getProvider(id) {
+        return this.config.providers.find(p => p.id === id) || null;
+    }
+    /**
+     * Retorna todas as rotas adicionais dos providers
+     */
+    getAllAdditionalRoutes() {
+        const routes = [];
+        for (const provider of this.config.providers) {
+            if (provider.additionalRoutes) {
+                for (const route of provider.additionalRoutes) {
+                    routes.push({ provider: provider.id, route });
+                }
+            }
+        }
+        return routes;
+    }
+    /**
+     * Cria resposta com cookie de autenticação - Secure implementation
+     */
+    createAuthResponse(token, data) {
+        return hightjs_1.HightJSResponse
+            .json(data)
+            .cookie('hweb-auth-token', token, {
+            httpOnly: true,
+            secure: this.config.secureCookies || false, // Always secure, even in development
+            sameSite: 'strict', // Prevent CSRF attacks
+            maxAge: (this.config.session?.maxAge || 86400) * 1000,
+            path: '/',
+            domain: undefined // Let browser set automatically for security
+        })
+            .header('X-Content-Type-Options', 'nosniff')
+            .header('X-Frame-Options', 'DENY')
+            .header('X-XSS-Protection', '1; mode=block')
+            .header('Referrer-Policy', 'strict-origin-when-cross-origin');
+    }
+    /**
+     * Extrai token da requisição (cookie ou header)
+     */
+    getTokenFromRequest(req) {
+        // Primeiro tenta pegar do cookie
+        const cookieToken = req.cookie('hweb-auth-token');
+        if (cookieToken)
+            return cookieToken;
+        // Depois tenta do header Authorization
+        const authHeader = req.header('authorization');
+        if (authHeader && typeof authHeader === 'string' && authHeader.startsWith('Bearer ')) {
+            return authHeader.substring(7);
+        }
+        return null;
+    }
+}
+exports.HWebAuth = HWebAuth;

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export * from './types';
+export * from './providers';
+export * from './core';
+export * from './routes';
+export * from './jwt';
+export { CredentialsProvider, DiscordProvider, GoogleProvider } from './providers';
+export { createAuthRoutes } from './routes';

package/dist/index.js

@@ -0,0 +1,45 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthRoutes = exports.GoogleProvider = exports.DiscordProvider = exports.CredentialsProvider = void 0;
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Exportações principais do sistema de autenticação
+__exportStar(require("./types"), exports);
+__exportStar(require("./providers"), exports);
+__exportStar(require("./core"), exports);
+__exportStar(require("./routes"), exports);
+__exportStar(require("./jwt"), exports);
+var providers_1 = require("./providers");
+Object.defineProperty(exports, "CredentialsProvider", { enumerable: true, get: function () { return providers_1.CredentialsProvider; } });
+Object.defineProperty(exports, "DiscordProvider", { enumerable: true, get: function () { return providers_1.DiscordProvider; } });
+Object.defineProperty(exports, "GoogleProvider", { enumerable: true, get: function () { return providers_1.GoogleProvider; } });
+var routes_1 = require("./routes");
+Object.defineProperty(exports, "createAuthRoutes", { enumerable: true, get: function () { return routes_1.createAuthRoutes; } });

package/dist/jwt.d.ts

@@ -0,0 +1,41 @@
+import type { User, Session } from './types';
+export declare class JWTManager {
+    private secret;
+    constructor(secret?: string);
+    /**
+     * Cria um JWT token com validação de algoritmo
+     */
+    sign(payload: any, expiresIn?: number): string;
+    /**
+     * Verifica e decodifica um JWT token com validação rigorosa
+     */
+    verify(token: string): any | null;
+    private sanitizePayload;
+    private constantTimeEqual;
+    private base64UrlEncode;
+    private base64UrlDecode;
+    private createSignature;
+}
+export declare class SessionManager {
+    private jwtManager;
+    private maxAge;
+    constructor(secret?: string, maxAge?: number);
+    /**
+     * Cria uma nova sessão
+     */
+    createSession(user: User): {
+        session: Session;
+        token: string;
+    };
+    /**
+     * Verifica uma sessão a partir do token
+     */
+    verifySession(token: string): Session | null;
+    /**
+     * Atualiza uma sessão existente
+     */
+    updateSession(token: string): {
+        session: Session;
+        token: string;
+    } | null;
+}