@hightjs/auth 0.4.0 → 0.5.1

package/README.md

@@ -0,0 +1,55 @@
+<div align="center">
+  <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="https://repository-images.githubusercontent.com/1069175740/e5c59d3a-e1fd-446c-a89f-785ed08f6a16">
+      <img alt="HightJS logo" src="https://repository-images.githubusercontent.com/1069175740/e5c59d3a-e1fd-446c-a89f-785ed08f6a16" height="128">
+    </picture>
+  <h1>@hightjs/auth</h1>
+
+[![NPM](https://img.shields.io/npm/v/@hightjs/auth.svg?style=for-the-badge&labelColor=000000)](https://www.npmjs.com/package/@hightjs/auth)
+[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg?style=for-the-badge&labelColor=000000)](../../LICENSE)
+
+</div>
+
+> Official authentication package for **[HightJS](https://www.npmjs.com/package/hightjs)** - Powerful, secure, and flexible authentication system with JWT, OAuth providers, and session management.
+
+---
+
+## ✨ Why @hightjs/auth?
+
+A complete authentication solution built specifically for HightJS framework:
+
+- **🔐 Secure by Default** - Industry-standard JWT implementation
+- **🎯 Multiple Providers** - OAuth, credentials, and custom providers
+- **⚛️ React Ready** - Built-in hooks and components
+- **🛡️ Type-Safe** - Full TypeScript support
+- **🚀 Zero Config** - Works out of the box
+- **🔒 Production Ready** - HTTP-only cookies, CSRF protection, and more
+
+## 📚 Documentation
+
+For complete documentation, installation guides, and tutorials, visit:
+
+**[https://docs.hgo.me](https://docs.hgo.me)**
+
+---
+
+## 💬 Need Help?
+
+If you have questions or need support, feel free to reach out:
+
+[![Discord](https://img.shields.io/badge/Discord-mulinfrc-5865F2?style=for-the-badge&logo=discord&logoColor=white)](https://discord.com/users/1264710048786026588)
+[![Gmail](https://img.shields.io/badge/Gmail-D14836?style=for-the-badge&logo=gmail&logoColor=white)](mailto:murillofrazaocunha@gmail.com)
+[![Instagram](https://img.shields.io/badge/Instagram-E4405F?style=for-the-badge&logo=instagram&logoColor=white)](https://instagram.com/itsmuh_)
+[![GitHub](https://img.shields.io/badge/GitHub-100000?style=for-the-badge&logo=github&logoColor=white)](https://github.com/murillo-frazao-cunha)
+
+---
+
+## 🪪 License
+
+Copyright 2025 itsmuzin
+
+This project is licensed under the [Apache License 2.0](../../LICENSE).
+
+---
+
+

package/dist/components.d.ts

@@ -1,14 +1,4 @@
 import React, { ReactNode } from 'react';
-interface ProtectedRouteProps {
-    children: ReactNode;
-    fallback?: ReactNode;
-    redirectTo?: string;
-    requireAuth?: boolean;
-}
-/**
- * Componente para proteger rotas que requerem autenticação
- */
-export declare function ProtectedRoute({ children, fallback, redirectTo, requireAuth }: ProtectedRouteProps): string | number | bigint | true | Iterable<React.ReactNode> | Promise<string | number | bigint | boolean | React.ReactPortal | React.ReactElement<unknown, string | React.JSXElementConstructor<any>> | Iterable<React.ReactNode> | null | undefined> | import("react/jsx-runtime").JSX.Element | null;
 interface GuardProps {
     children: ReactNode;
     fallback?: ReactNode;

package/dist/components.js

@@ -3,7 +3,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ProtectedRoute = ProtectedRoute;
 exports.AuthGuard = AuthGuard;
 exports.GuestOnly = GuestOnly;
 exports.useAuthRedirect = useAuthRedirect;
@@ -27,32 +26,6 @@ const jsx_runtime_1 = require("react/jsx-runtime");
 const react_1 = __importDefault(require("react"));
 const react_2 = require("./react");
 const react_3 = require("hightjs/react");
-/**
- * Componente para proteger rotas que requerem autenticação
- */
-function ProtectedRoute({ children, fallback, redirectTo = '/auth/signin', requireAuth = true }) {
-    const { isAuthenticated, isLoading } = (0, react_2.useAuth)();
-    // Ainda carregando
-    if (isLoading) {
-        return fallback || (0, jsx_runtime_1.jsx)("div", { children: "Loading..." });
-    }
-    // Requer auth mas não está autenticado
-    if (requireAuth && !isAuthenticated) {
-        if (typeof window !== 'undefined' && redirectTo) {
-            window.location.href = redirectTo;
-            return null;
-        }
-        return fallback || (0, jsx_runtime_1.jsx)("div", { children: "Unauthorized" });
-    }
-    // Não requer auth mas está autenticado (ex: página de login)
-    if (!requireAuth && isAuthenticated && redirectTo) {
-        if (typeof window !== 'undefined') {
-            window.location.href = redirectTo;
-            return null;
-        }
-    }
-    return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
-}
 /**
  * Guard simples que só renderiza children se estiver autenticado
  */

package/dist/react/index.d.ts

@@ -3,4 +3,4 @@ export * from '../client';
 export * from '../components';
 export { getSession } from '../client';
 export { useSession, useAuth, SessionProvider } from '../react';
-export { ProtectedRoute, AuthGuard, GuestOnly } from '../components';
+export { AuthGuard, GuestOnly } from '../components';

package/dist/react/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.GuestOnly = exports.AuthGuard = exports.ProtectedRoute = exports.SessionProvider = exports.useAuth = exports.useSession = exports.getSession = void 0;
+exports.GuestOnly = exports.AuthGuard = exports.SessionProvider = exports.useAuth = exports.useSession = exports.getSession = void 0;
 /*
  * This file is part of the HightJS Project.
  * Copyright (c) 2025 itsmuzin
@@ -43,6 +43,5 @@ Object.defineProperty(exports, "useSession", { enumerable: true, get: function (
 Object.defineProperty(exports, "useAuth", { enumerable: true, get: function () { return react_1.useAuth; } });
 Object.defineProperty(exports, "SessionProvider", { enumerable: true, get: function () { return react_1.SessionProvider; } });
 var components_1 = require("../components");
-Object.defineProperty(exports, "ProtectedRoute", { enumerable: true, get: function () { return components_1.ProtectedRoute; } });
 Object.defineProperty(exports, "AuthGuard", { enumerable: true, get: function () { return components_1.AuthGuard; } });
 Object.defineProperty(exports, "GuestOnly", { enumerable: true, get: function () { return components_1.GuestOnly; } });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hightjs/auth",
-  "version": "0.4.0",
+  "version": "0.5.1",
   "description": "Authentication package for HightJS framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,7 +27,8 @@
   ],
   "files": [
     "dist",
-    "README.md"
+    "README.md",
+    "src"
   ],
   "devDependencies": {
     "@types/node": "^20.11.24",
@@ -37,7 +38,7 @@
   "dependencies": {
     "@types/react": "^19.2.2",
     "react": "^19.2.0",
-    "hightjs": "0.4.0"
+    "hightjs": "0.5.1"
   },
   "scripts": {
     "build": "tsc",

package/src/client.ts

@@ -0,0 +1,171 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import type { SignInOptions, SignInResult, Session } from './types';
+// Configuração global do client
+let basePath = '/api/auth';
+
+export function setBasePath(path: string) {
+    basePath = path;
+}
+
+/**
+ * Função para obter a sessão atual (similar ao NextAuth getSession)
+ */
+export async function getSession(): Promise<Session | null> {
+    try {
+        const response = await fetch(`${basePath}/session`, {
+            credentials: 'include'
+        });
+
+        if (!response.ok) {
+            return null;
+        }
+
+        const data = await response.json();
+        return data.session || null;
+    } catch (error) {
+        console.error('[hweb-auth] Error fetching session:', error);
+        return null;
+    }
+}
+
+/**
+ * Função para obter token CSRF
+ */
+export async function getCsrfToken(): Promise<string | null> {
+    try {
+        const response = await fetch(`${basePath}/csrf`, {
+            credentials: 'include'
+        });
+
+        if (!response.ok) {
+            return null;
+        }
+
+        const data = await response.json();
+        return data.csrfToken || null;
+    } catch (error) {
+        console.error('[hweb-auth] Error fetching CSRF token:', error);
+        return null;
+    }
+}
+
+/**
+ * Função para obter providers disponíveis
+ */
+export async function getProviders(): Promise<any[] | null> {
+    try {
+        const response = await fetch(`${basePath}/providers`, {
+            credentials: 'include'
+        });
+
+        if (!response.ok) {
+            return null;
+        }
+
+        const data = await response.json();
+        return data.providers || [];
+    } catch (error) {
+        console.error('[hweb-auth] Error searching for providers:', error);
+        return null;
+    }
+}
+
+/**
+ * Função para fazer login (similar ao NextAuth signIn)
+ */
+export async function signIn(
+    provider: string = 'credentials',
+    options: SignInOptions = {}
+): Promise<SignInResult | undefined> {
+    try {
+        const { redirect = true, callbackUrl, ...credentials } = options;
+
+        const response = await fetch(`${basePath}/signin`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            credentials: 'include',
+            body: JSON.stringify({
+                provider,
+                ...credentials
+            })
+        });
+
+        const data = await response.json();
+
+        if (response.ok && data.success) {
+            // Se é OAuth, redireciona para URL fornecida
+            if (data.type === 'oauth' && data.redirectUrl) {
+                if (redirect && typeof window !== 'undefined') {
+                    window.location.href = data.redirectUrl;
+                }
+
+                return {
+                    ok: true,
+                    status: 200,
+                    url: data.redirectUrl
+                };
+            }
+
+            // Se é sessão (credentials), redireciona para callbackUrl
+            if (data.type === 'session') {
+                if (redirect && typeof window !== 'undefined') {
+                    window.location.href = callbackUrl || '/';
+                }
+
+                return {
+                    ok: true,
+                    status: 200,
+                    url: callbackUrl || '/'
+                };
+            }
+        } else {
+            return {
+                error: data.error || 'Authentication failed',
+                status: response.status,
+                ok: false
+            };
+        }
+    } catch (error) {
+        console.error('[hweb-auth] Error on signIn:', error);
+        return {
+            error: 'Network error',
+            status: 500,
+            ok: false
+        };
+    }
+}
+
+/**
+ * Função para fazer logout (similar ao NextAuth signOut)
+ */
+export async function signOut(options: { callbackUrl?: string } = {}): Promise<void> {
+    try {
+        await fetch(`${basePath}/signout`, {
+            method: 'POST',
+            credentials: 'include'
+        });
+
+        if (typeof window !== 'undefined') {
+            window.location.href = options.callbackUrl || '/';
+        }
+    } catch (error) {
+        console.error('[hweb-auth] Error on signOut:', error);
+    }
+}

package/src/components.tsx

@@ -0,0 +1,84 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import React, { ReactNode } from 'react';
+import { useAuth } from './react';
+import { router } from 'hightjs/react';
+
+
+interface GuardProps {
+    children: ReactNode;
+    fallback?: ReactNode;
+    redirectTo?: string;
+}
+
+/**
+ * Guard simples que só renderiza children se estiver autenticado
+ */
+export function AuthGuard({ children, fallback, redirectTo }: GuardProps) {
+    const { isAuthenticated, isLoading } = useAuth();
+
+    if(redirectTo && !isLoading && !isAuthenticated) {
+        router.push(redirectTo);
+    }
+
+    if (isLoading) {
+        return fallback || <div></div>;
+    }
+
+    if (!isAuthenticated) {
+        return fallback || null;
+    }
+
+    return <>{children}</>;
+}
+
+/**
+ * Componente para mostrar conteúdo apenas para usuários não autenticados
+ */
+export function GuestOnly({ children, fallback, redirectTo }: GuardProps) {
+    const { isAuthenticated, isLoading } = useAuth();
+
+    if(redirectTo && !isLoading && isAuthenticated) {
+        router.push(redirectTo);
+    }
+
+    if (isLoading || isAuthenticated) {
+        return fallback || <div></div>;
+    }
+
+    return <>{children}</>;
+}
+
+/**
+ * Hook para redirecionar baseado no status de autenticação
+ */
+export function useAuthRedirect(
+    authenticatedRedirect?: string,
+    unauthenticatedRedirect?: string
+) {
+    const { isAuthenticated, isLoading } = useAuth();
+
+    React.useEffect(() => {
+        if (isLoading) return;
+
+        if (isAuthenticated && authenticatedRedirect) {
+            window.location.href = authenticatedRedirect;
+        } else if (!isAuthenticated && unauthenticatedRedirect) {
+            window.location.href = unauthenticatedRedirect;
+        }
+    }, [isAuthenticated, isLoading, authenticatedRedirect, unauthenticatedRedirect]);
+}

package/src/core.ts

@@ -0,0 +1,215 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { HightJSRequest, HightJSResponse } from 'hightjs';
+import type { AuthConfig, AuthProviderClass, User, Session } from './types';
+import { SessionManager } from './jwt';
+
+export class HWebAuth {
+    private config: AuthConfig;
+    private sessionManager: SessionManager;
+
+    constructor(config: AuthConfig) {
+        this.config = {
+            session: { strategy: 'jwt', maxAge: 86400, ...config.session },
+            pages: { signIn: '/auth/signin', signOut: '/auth/signout', ...config.pages },
+            ...config
+        };
+
+        this.sessionManager = new SessionManager(
+            config.secret,
+            this.config.session?.maxAge || 86400
+        );
+    }
+
+    /**
+     * Middleware para adicionar autenticação às rotas
+     */
+    private async middleware(req: HightJSRequest): Promise<{ session: Session | null; user: User | null }> {
+        const token = this.getTokenFromRequest(req);
+
+        if (!token) {
+            return { session: null, user: null };
+        }
+
+        const session = this.sessionManager.verifySession(token);
+        return {
+            session,
+            user: session?.user || null
+        };
+    }
+
+    /**
+     * Autentica um usuário usando um provider específico
+     */
+    async signIn(providerId: string, credentials: Record<string, string>): Promise<{ session: Session; token: string } | { redirectUrl: string } | null> {
+        const provider = this.config.providers.find(p => p.id === providerId);
+        if (!provider) {
+            console.error(`[hweb-auth] Provider not found: ${providerId}`);
+            return null;
+        }
+
+        try {
+            // Usa o método handleSignIn do provider
+            const result = await provider.handleSignIn(credentials);
+
+            if (!result) return null;
+
+            // Se resultado é string, é URL de redirecionamento OAuth
+            if (typeof result === 'string') {
+                return { redirectUrl: result };
+            }
+
+            // Se resultado é User, cria sessão
+            const user = result as User;
+
+            // Callback de signIn se definido
+            if (this.config.callbacks?.signIn) {
+                const allowed = await this.config.callbacks.signIn(user, { provider: providerId }, {});
+                if (!allowed) return null;
+            }
+
+            const sessionResult = this.sessionManager.createSession(user);
+
+            // Callback de sessão se definido
+            if (this.config.callbacks?.session) {
+                sessionResult.session = await this.config.callbacks.session({session: sessionResult.session, user, provider: providerId});
+            }
+
+            return sessionResult;
+        } catch (error) {
+            console.error(`[hweb-auth] Error signing in with provider ${providerId}:`, error);
+            return null;
+        }
+    }
+
+    /**
+     * Faz logout do usuário
+     */
+    async signOut(req: HightJSRequest): Promise<HightJSResponse> {
+        // Busca a sessão atual para saber qual provider usar
+        const { session } = await this.middleware(req);
+
+        if (session?.user?.provider) {
+            const provider = this.config.providers.find(p => p.id === session.user.provider);
+            if (provider && provider.handleSignOut) {
+                try {
+                    await provider.handleSignOut();
+                } catch (error) {
+                    console.error(`[hweb-auth] Signout error on provider ${provider.id}:`, error);
+                }
+            }
+        }
+
+        return HightJSResponse
+            .json({ success: true })
+            .clearCookie('hweb-auth-token', {
+                path: '/',
+                httpOnly: true,
+                secure: this.config.secureCookies || false,
+                sameSite: 'strict'
+            });
+    }
+
+    /**
+     * Obtém a sessão atual
+     */
+    async getSession(req: HightJSRequest): Promise<Session | null> {
+        const { session } = await this.middleware(req);
+        return session;
+    }
+
+    /**
+     * Verifica se o usuário está autenticado
+     */
+    async isAuthenticated(req: HightJSRequest): Promise<boolean> {
+        const session = await this.getSession(req);
+        return session !== null;
+    }
+
+    /**
+     * Retorna todos os providers disponíveis (dados públicos)
+     */
+    getProviders(): any[] {
+        return this.config.providers.map(provider => ({
+            id: provider.id,
+            name: provider.name,
+            type: provider.type,
+            config: provider.getConfig ? provider.getConfig() : {}
+        }));
+    }
+
+    /**
+     * Busca um provider específico
+     */
+    getProvider(id: string): AuthProviderClass | null {
+        return this.config.providers.find(p => p.id === id) || null;
+    }
+
+    /**
+     * Retorna todas as rotas adicionais dos providers
+     */
+    getAllAdditionalRoutes(): Array<{ provider: string; route: any }> {
+        const routes: Array<{ provider: string; route: any }> = [];
+
+        for (const provider of this.config.providers) {
+            if (provider.additionalRoutes) {
+                for (const route of provider.additionalRoutes) {
+                    routes.push({ provider: provider.id, route });
+                }
+            }
+        }
+
+        return routes;
+    }
+
+    /**
+     * Cria resposta com cookie de autenticação - Secure implementation
+     */
+    createAuthResponse(token: string, data: any): HightJSResponse {
+        return HightJSResponse
+            .json(data)
+            .cookie('hweb-auth-token', token, {
+                httpOnly: true,
+                secure: this.config.secureCookies || false, // Always secure, even in development
+                sameSite: 'strict', // Prevent CSRF attacks
+                maxAge: (this.config.session?.maxAge || 86400) * 1000,
+                path: '/',
+                domain: undefined // Let browser set automatically for security
+            })
+            .header('X-Content-Type-Options', 'nosniff')
+            .header('X-Frame-Options', 'DENY')
+            .header('X-XSS-Protection', '1; mode=block')
+            .header('Referrer-Policy', 'strict-origin-when-cross-origin');
+    }
+
+    /**
+     * Extrai token da requisição (cookie ou header)
+     */
+    private getTokenFromRequest(req: HightJSRequest): string | null {
+        // Primeiro tenta pegar do cookie
+        const cookieToken = req.cookie('hweb-auth-token');
+        if (cookieToken) return cookieToken;
+
+        // Depois tenta do header Authorization
+        const authHeader = req.header('authorization');
+        if (authHeader && typeof authHeader === 'string' && authHeader.startsWith('Bearer ')) {
+            return authHeader.substring(7);
+        }
+
+        return null;
+    }
+}

package/src/index.ts

@@ -0,0 +1,25 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Exportações principais do sistema de autenticação
+export * from './types';
+export * from './providers';
+export * from './core';
+export * from './routes';
+export * from './jwt';
+
+export { CredentialsProvider, DiscordProvider, GoogleProvider } from './providers';
+export { createAuthRoutes } from './routes';