npm - @hightjs/auth - Versions diffs - 0.5.0 → 0.5.1 - Mend

@hightjs/auth 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +0 -10
package/package.json +4 -3
package/src/client.ts +171 -0
package/src/components.tsx +84 -0
package/src/core.ts +215 -0
package/src/index.ts +25 -0
package/src/jwt.ts +210 -0
package/src/providers/credentials.ts +138 -0
package/src/providers/discord.ts +239 -0
package/src/providers/google.ts +234 -0
package/src/providers/index.ts +20 -0
package/src/providers.ts +20 -0
package/src/react/index.ts +25 -0
package/src/react.tsx +234 -0
package/src/routes.ts +182 -0
package/src/types.ts +108 -0

package/src/providers/google.ts ADDED Viewed

@@ -0,0 +1,234 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import type {AuthProviderClass, AuthRoute, User} from '../types';
+import {HightJSRequest, HightJSResponse} from 'hightjs';
+export interface GoogleConfig {
+    id?: string;
+    name?: string;
+    clientId: string;
+    clientSecret: string;
+    callbackUrl?: string;
+    successUrl?: string;
+    // Escopos OAuth do Google, padrão: ['openid', 'email', 'profile']
+    scope?: string[];
+}
+/**
+ * Provider para autenticação com Google OAuth2
+ *
+ * Este provider permite autenticação usando Google OAuth2.
+ * Automaticamente gerencia o fluxo OAuth completo e rotas necessárias.
+ *
+ * Exemplo de uso:
+ * ```typescript
+ * new GoogleProvider({
+ * clientId: process.env.GOOGLE_CLIENT_ID!,
+ * clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
+ * callbackUrl: "http://localhost:3000/api/auth/callback/google"
+ * })
+ * ```
+ *
+ * Fluxo de autenticação:
+ * 1. GET /api/auth/signin/google - Gera URL e redireciona para Google
+ * 2. Google redireciona para /api/auth/callback/google com código
+ * 3. Provider troca código por token e busca dados do usuário
+ * 4. Retorna objeto User com dados do Google
+ */
+export class GoogleProvider implements AuthProviderClass {
+    public readonly id: string;
+    public readonly name: string;
+    public readonly type: string = 'google';
+    private config: GoogleConfig;
+    private readonly defaultScope = [
+        'openid',
+        'https://www.googleapis.com/auth/userinfo.email',
+        'https://www.googleapis.com/auth/userinfo.profile'
+    ];
+    constructor(config: GoogleConfig) {
+        this.config = config;
+        this.id = config.id || 'google';
+        this.name = config.name || 'Google';
+    }
+    /**
+     * Método para gerar URL OAuth (usado pelo handleSignIn)
+     */
+    handleOauth(credentials: Record<string, string> = {}): string {
+        return this.getAuthorizationUrl();
+    }
+    /**
+     * Método principal - redireciona para OAuth ou processa o callback
+     */
+    async handleSignIn(credentials: Record<string, string>): Promise<User | string | null> {
+        // Se tem código, é o callback - processa a autenticação
+        if (credentials.code) {
+            return await this.processOAuthCallback(credentials);
+        }
+        // Se não tem código, é o início do OAuth - retorna a URL
+        return this.handleOauth(credentials);
+    }
+    /**
+     * Processa o callback do OAuth (troca o código pelo usuário)
+     */
+    private async processOAuthCallback(credentials: Record<string, string>): Promise<User | null> {
+        try {
+            const { code } = credentials;
+            if (!code) {
+                throw new Error('Authorization code not provided');
+            }
+            // Troca o código por um access token
+            const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: new URLSearchParams({
+                    client_id: this.config.clientId,
+                    client_secret: this.config.clientSecret,
+                    grant_type: 'authorization_code',
+                    code,
+                    redirect_uri: this.config.callbackUrl || '',
+                }),
+            });
+            if (!tokenResponse.ok) {
+                const error = await tokenResponse.text();
+                throw new Error(`Failed to exchange code for token: ${error}`);
+            }
+            const tokens = await tokenResponse.json();
+            // Busca os dados do usuário com o access token
+            const userResponse = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
+                headers: {
+                    'Authorization': `Bearer ${tokens.access_token}`,
+                },
+            });
+            if (!userResponse.ok) {
+                throw new Error('Failed to fetch user data');
+            }
+            const googleUser = await userResponse.json();
+            // Retorna o objeto User padronizado
+            return {
+                id: googleUser.id,
+                name: googleUser.name,
+                email: googleUser.email,
+                image: googleUser.picture || null,
+                provider: this.id,
+                providerId: googleUser.id,
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token
+            };
+        } catch (error) {
+            console.error(`[${this.id} Provider] Error during OAuth callback:`, error);
+            return null;
+        }
+    }
+    /**
+     * Rotas adicionais específicas do Google OAuth
+     */
+    public additionalRoutes: AuthRoute[] = [
+        // Rota de callback do Google
+        {
+            method: 'GET',
+            path: '/api/auth/callback/google',
+            handler: async (req: HightJSRequest, params: any) => {
+                const url = new URL(req.url || '', 'http://localhost');
+                const code = url.searchParams.get('code');
+                if (!code) {
+                    return HightJSResponse.json({ error: 'Authorization code not provided' }, { status: 400 });
+                }
+                try {
+                    // Delega o 'code' para o endpoint de signin principal
+                    const authResponse = await fetch(`${req.headers.origin || 'http://localhost:3000'}/api/auth/signin`, {
+                        method: 'POST',
+                        headers: {
+                            'Content-Type': 'application/json',
+                        },
+                        body: JSON.stringify({
+                            provider: this.id,
+                            code,
+                        })
+                    });
+                    if (authResponse.ok) {
+                        // Propaga o cookie de sessão e redireciona para a URL de sucesso
+                        const setCookieHeader = authResponse.headers.get('set-cookie');
+                        if(this.config.successUrl) {
+                            return HightJSResponse
+                                .redirect(this.config.successUrl)
+                                .header('Set-Cookie', setCookieHeader || '');
+                        }
+                        return HightJSResponse.json({ success: true })
+                            .header('Set-Cookie', setCookieHeader || '');
+                    } else {
+                        const errorText = await authResponse.text();
+                        console.error(`[${this.id} Provider] Session creation failed during callback. Status: ${authResponse.status}, Body: ${errorText}`);
+                        return HightJSResponse.json({ error: 'Session creation failed' }, { status: 500 });
+                    }
+                } catch (error) {
+                    console.error(`[${this.id} Provider] Callback handler fetch error:`, error);
+                    return HightJSResponse.json({ error: 'Internal server error' }, { status: 500 });
+                }
+            }
+        }
+    ];
+    /**
+     * Gera a URL de autorização do Google
+     */
+    getAuthorizationUrl(): string {
+        const params = new URLSearchParams({
+            client_id: this.config.clientId,
+            redirect_uri: this.config.callbackUrl || '',
+            response_type: 'code',
+            scope: (this.config.scope || this.defaultScope).join(' ')
+        });
+        return `https://accounts.google.com/o/oauth2/v2/auth?${params.toString()}`;
+    }
+    /**
+     * Retorna a configuração pública do provider
+     */
+    getConfig(): any {
+        return {
+            id: this.id,
+            name: this.name,
+            type: this.type,
+            clientId: this.config.clientId, // Público
+            scope: this.config.scope || this.defaultScope,
+            callbackUrl: this.config.callbackUrl
+        };
+    }
+}

package/src/providers/index.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Exportações dos providers
+export * from './credentials';
+export * from './discord';

package/src/providers.ts ADDED Viewed

@@ -0,0 +1,20 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Exportações dos providers
+export { CredentialsProvider } from './providers/credentials';
+export { DiscordProvider } from './providers/discord';
+export { GoogleProvider } from './providers/google';

package/src/react/index.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Exportações do frontend
+export * from '../react';
+export * from '../client';
+export * from '../components';
+// Re-exports das funções mais usadas para conveniência
+export { getSession } from '../client';
+export { useSession, useAuth, SessionProvider } from '../react';
+export { AuthGuard, GuestOnly } from '../components';

package/src/react.tsx ADDED Viewed

@@ -0,0 +1,234 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import React, { createContext, useContext, useEffect, useState, useCallback, ReactNode } from 'react';
+import type { Session, SessionContextType, SignInOptions, SignInResult, User } from './types';
+import { router } from "hightjs/react";
+const SessionContext = createContext<SessionContextType | undefined>(undefined);
+interface SessionProviderProps {
+    children: ReactNode;
+    basePath?: string;
+    refetchInterval?: number;
+    refetchOnWindowFocus?: boolean;
+}
+export function SessionProvider({
+    children,
+    basePath = '/api/auth',
+    refetchInterval = 0,
+    refetchOnWindowFocus = true
+}: SessionProviderProps) {
+    const [session, setSession] = useState<Session | null>(null);
+    const [status, setStatus] = useState<'loading' | 'authenticated' | 'unauthenticated'>('loading');
+    // Fetch da sessão atual
+    const fetchSession = useCallback(async (): Promise<Session | null> => {
+        try {
+            const response = await fetch(`${basePath}/session`, {
+                credentials: 'include'
+            });
+            if (!response.ok) {
+                setStatus('unauthenticated');
+                return null;
+            }
+            const data = await response.json();
+            const sessionData = data.session;
+            if (sessionData) {
+                setSession(sessionData);
+                setStatus('authenticated');
+                return sessionData;
+            } else {
+                setSession(null);
+                setStatus('unauthenticated');
+                return null;
+            }
+        } catch (error) {
+            console.error('[hweb-auth] Error fetching session:', error);
+            setSession(null);
+            setStatus('unauthenticated');
+            return null;
+        }
+    }, [basePath]);
+    // SignIn function
+    const signIn = useCallback(async (
+        provider: string = 'credentials',
+        options: SignInOptions = {}
+    ): Promise<SignInResult | undefined> => {
+        try {
+            const { redirect = true, callbackUrl, ...credentials } = options;
+            const response = await fetch(`${basePath}/signin`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                credentials: 'include',
+                body: JSON.stringify({
+                    provider,
+                    ...credentials
+                })
+            });
+            const data = await response.json();
+            if (response.ok && data.success) {
+                await fetchSession();
+                // Se é OAuth, redireciona para URL fornecida
+                if (data.type === 'oauth' && data.redirectUrl) {
+                    if (redirect && typeof window !== 'undefined') {
+                        window.location.href = data.redirectUrl;
+                    }
+                    return {
+                        ok: true,
+                        status: 200,
+                        url: data.redirectUrl
+                    };
+                }
+                // Se é sessão (credentials), redireciona para callbackUrl
+                if (data.type === 'session') {
+                    if (redirect && typeof window !== 'undefined') {
+                        window.location.href = callbackUrl || '/';
+                    }
+                    return {
+                        ok: true,
+                        status: 200,
+                        url: callbackUrl || '/'
+                    };
+                }
+            } else {
+                return {
+                    error: data.error || 'Authentication failed',
+                    status: response.status,
+                    ok: false
+                };
+            }
+        } catch (error) {
+            console.error('[hweb-auth] Error on signIn:', error);
+            return {
+                error: 'Network error',
+                status: 500,
+                ok: false
+            };
+        }
+    }, [basePath, fetchSession]);
+    // SignOut function
+    const signOut = useCallback(async (options: { callbackUrl?: string } = {}): Promise<void> => {
+        try {
+            await fetch(`${basePath}/signout`, {
+                method: 'POST',
+                credentials: 'include'
+            });
+            setSession(null);
+            setStatus('unauthenticated');
+            if (typeof window !== 'undefined') {
+                try {
+                    router.push(options.callbackUrl || '/');
+                } catch (e) {
+                    window.location.href = options.callbackUrl || '/';
+                }
+            }
+        } catch (error) {
+            console.error('[hweb-auth] Error on signOut:', error);
+        }
+    }, [basePath]);
+    // Update session
+    const update = useCallback(async (): Promise<Session | null> => {
+        return await fetchSession();
+    }, [fetchSession]);
+    // Initial session fetch
+    useEffect(() => {
+        fetchSession();
+    }, [fetchSession]);
+    // Refetch interval
+    useEffect(() => {
+        if (refetchInterval > 0) {
+            const interval = setInterval(() => {
+                if (status === 'authenticated') {
+                    fetchSession();
+                }
+            }, refetchInterval * 1000);
+            return () => clearInterval(interval);
+        }
+    }, [refetchInterval, status, fetchSession]);
+    // Refetch on window focus
+    useEffect(() => {
+        if (refetchOnWindowFocus) {
+            const handleFocus = () => {
+                if (status === 'authenticated') {
+                    fetchSession();
+                }
+            };
+            window.addEventListener('focus', handleFocus);
+            return () => window.removeEventListener('focus', handleFocus);
+        }
+    }, [refetchOnWindowFocus, status, fetchSession]);
+    const value: SessionContextType = {
+        data: session,
+        status,
+        signIn,
+        signOut,
+        update
+    };
+    return (
+        <SessionContext.Provider value={value}>
+            {children}
+        </SessionContext.Provider>
+    );
+}
+/**
+ * Hook para acessar a sessão atual
+ */
+export function useSession(): SessionContextType {
+    const context = useContext(SessionContext);
+    if (context === undefined) {
+        throw new Error('useSession must be used inside a SessionProvider');
+    }
+    return context;
+}
+/**
+ * Hook para verificar se o usuário está autenticado
+ */
+export function useAuth(): { user: User | null; isAuthenticated: boolean; isLoading: boolean } {
+    const { data: session, status } = useSession();
+    return {
+        user: session?.user || null,
+        isAuthenticated: status === 'authenticated',
+        isLoading: status === 'loading'
+    };
+}