@hightjs/auth 0.5.0 → 0.5.2

package/README.md

@@ -25,16 +25,6 @@ A complete authentication solution built specifically for HightJS framework:
 - **🚀 Zero Config** - Works out of the box
 - **🔒 Production Ready** - HTTP-only cookies, CSRF protection, and more
 
----
-
-## 📦 Installation
-
-```bash
-npm install hightjs @hightjs/auth
-```
-
----
-
 ## 📚 Documentation
 
 For complete documentation, installation guides, and tutorials, visit:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hightjs/auth",
-  "version": "0.5.0",
+  "version": "0.5.2",
   "description": "Authentication package for HightJS framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,7 +27,8 @@
   ],
   "files": [
     "dist",
-    "README.md"
+    "README.md",
+    "src"
   ],
   "devDependencies": {
     "@types/node": "^20.11.24",
@@ -37,7 +38,7 @@
   "dependencies": {
     "@types/react": "^19.2.2",
     "react": "^19.2.0",
-    "hightjs": "0.5.0"
+    "hightjs": "0.5.2"
   },
   "scripts": {
     "build": "tsc",

package/src/client.ts

@@ -0,0 +1,171 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import type { SignInOptions, SignInResult, Session } from './types';
+// Configuração global do client
+let basePath = '/api/auth';
+
+export function setBasePath(path: string) {
+    basePath = path;
+}
+
+/**
+ * Função para obter a sessão atual (similar ao NextAuth getSession)
+ */
+export async function getSession(): Promise<Session | null> {
+    try {
+        const response = await fetch(`${basePath}/session`, {
+            credentials: 'include'
+        });
+
+        if (!response.ok) {
+            return null;
+        }
+
+        const data = await response.json();
+        return data.session || null;
+    } catch (error) {
+        console.error('[hweb-auth] Error fetching session:', error);
+        return null;
+    }
+}
+
+/**
+ * Função para obter token CSRF
+ */
+export async function getCsrfToken(): Promise<string | null> {
+    try {
+        const response = await fetch(`${basePath}/csrf`, {
+            credentials: 'include'
+        });
+
+        if (!response.ok) {
+            return null;
+        }
+
+        const data = await response.json();
+        return data.csrfToken || null;
+    } catch (error) {
+        console.error('[hweb-auth] Error fetching CSRF token:', error);
+        return null;
+    }
+}
+
+/**
+ * Função para obter providers disponíveis
+ */
+export async function getProviders(): Promise<any[] | null> {
+    try {
+        const response = await fetch(`${basePath}/providers`, {
+            credentials: 'include'
+        });
+
+        if (!response.ok) {
+            return null;
+        }
+
+        const data = await response.json();
+        return data.providers || [];
+    } catch (error) {
+        console.error('[hweb-auth] Error searching for providers:', error);
+        return null;
+    }
+}
+
+/**
+ * Função para fazer login (similar ao NextAuth signIn)
+ */
+export async function signIn(
+    provider: string = 'credentials',
+    options: SignInOptions = {}
+): Promise<SignInResult | undefined> {
+    try {
+        const { redirect = true, callbackUrl, ...credentials } = options;
+
+        const response = await fetch(`${basePath}/signin`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            credentials: 'include',
+            body: JSON.stringify({
+                provider,
+                ...credentials
+            })
+        });
+
+        const data = await response.json();
+
+        if (response.ok && data.success) {
+            // Se é OAuth, redireciona para URL fornecida
+            if (data.type === 'oauth' && data.redirectUrl) {
+                if (redirect && typeof window !== 'undefined') {
+                    window.location.href = data.redirectUrl;
+                }
+
+                return {
+                    ok: true,
+                    status: 200,
+                    url: data.redirectUrl
+                };
+            }
+
+            // Se é sessão (credentials), redireciona para callbackUrl
+            if (data.type === 'session') {
+                if (redirect && typeof window !== 'undefined') {
+                    window.location.href = callbackUrl || '/';
+                }
+
+                return {
+                    ok: true,
+                    status: 200,
+                    url: callbackUrl || '/'
+                };
+            }
+        } else {
+            return {
+                error: data.error || 'Authentication failed',
+                status: response.status,
+                ok: false
+            };
+        }
+    } catch (error) {
+        console.error('[hweb-auth] Error on signIn:', error);
+        return {
+            error: 'Network error',
+            status: 500,
+            ok: false
+        };
+    }
+}
+
+/**
+ * Função para fazer logout (similar ao NextAuth signOut)
+ */
+export async function signOut(options: { callbackUrl?: string } = {}): Promise<void> {
+    try {
+        await fetch(`${basePath}/signout`, {
+            method: 'POST',
+            credentials: 'include'
+        });
+
+        if (typeof window !== 'undefined') {
+            window.location.href = options.callbackUrl || '/';
+        }
+    } catch (error) {
+        console.error('[hweb-auth] Error on signOut:', error);
+    }
+}

package/src/components.tsx

@@ -0,0 +1,84 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import React, { ReactNode } from 'react';
+import { useAuth } from './react';
+import { router } from 'hightjs/react';
+
+
+interface GuardProps {
+    children: ReactNode;
+    fallback?: ReactNode;
+    redirectTo?: string;
+}
+
+/**
+ * Guard simples que só renderiza children se estiver autenticado
+ */
+export function AuthGuard({ children, fallback, redirectTo }: GuardProps) {
+    const { isAuthenticated, isLoading } = useAuth();
+
+    if(redirectTo && !isLoading && !isAuthenticated) {
+        router.push(redirectTo);
+    }
+
+    if (isLoading) {
+        return fallback || <div></div>;
+    }
+
+    if (!isAuthenticated) {
+        return fallback || null;
+    }
+
+    return <>{children}</>;
+}
+
+/**
+ * Componente para mostrar conteúdo apenas para usuários não autenticados
+ */
+export function GuestOnly({ children, fallback, redirectTo }: GuardProps) {
+    const { isAuthenticated, isLoading } = useAuth();
+
+    if(redirectTo && !isLoading && isAuthenticated) {
+        router.push(redirectTo);
+    }
+
+    if (isLoading || isAuthenticated) {
+        return fallback || <div></div>;
+    }
+
+    return <>{children}</>;
+}
+
+/**
+ * Hook para redirecionar baseado no status de autenticação
+ */
+export function useAuthRedirect(
+    authenticatedRedirect?: string,
+    unauthenticatedRedirect?: string
+) {
+    const { isAuthenticated, isLoading } = useAuth();
+
+    React.useEffect(() => {
+        if (isLoading) return;
+
+        if (isAuthenticated && authenticatedRedirect) {
+            window.location.href = authenticatedRedirect;
+        } else if (!isAuthenticated && unauthenticatedRedirect) {
+            window.location.href = unauthenticatedRedirect;
+        }
+    }, [isAuthenticated, isLoading, authenticatedRedirect, unauthenticatedRedirect]);
+}

package/src/core.ts

@@ -0,0 +1,215 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { HightJSRequest, HightJSResponse } from 'hightjs';
+import type { AuthConfig, AuthProviderClass, User, Session } from './types';
+import { SessionManager } from './jwt';
+
+export class HWebAuth {
+    private config: AuthConfig;
+    private sessionManager: SessionManager;
+
+    constructor(config: AuthConfig) {
+        this.config = {
+            session: { strategy: 'jwt', maxAge: 86400, ...config.session },
+            pages: { signIn: '/auth/signin', signOut: '/auth/signout', ...config.pages },
+            ...config
+        };
+
+        this.sessionManager = new SessionManager(
+            config.secret,
+            this.config.session?.maxAge || 86400
+        );
+    }
+
+    /**
+     * Middleware para adicionar autenticação às rotas
+     */
+    private async middleware(req: HightJSRequest): Promise<{ session: Session | null; user: User | null }> {
+        const token = this.getTokenFromRequest(req);
+
+        if (!token) {
+            return { session: null, user: null };
+        }
+
+        const session = this.sessionManager.verifySession(token);
+        return {
+            session,
+            user: session?.user || null
+        };
+    }
+
+    /**
+     * Autentica um usuário usando um provider específico
+     */
+    async signIn(providerId: string, credentials: Record<string, string>): Promise<{ session: Session; token: string } | { redirectUrl: string } | null> {
+        const provider = this.config.providers.find(p => p.id === providerId);
+        if (!provider) {
+            console.error(`[hweb-auth] Provider not found: ${providerId}`);
+            return null;
+        }
+
+        try {
+            // Usa o método handleSignIn do provider
+            const result = await provider.handleSignIn(credentials);
+
+            if (!result) return null;
+
+            // Se resultado é string, é URL de redirecionamento OAuth
+            if (typeof result === 'string') {
+                return { redirectUrl: result };
+            }
+
+            // Se resultado é User, cria sessão
+            const user = result as User;
+
+            // Callback de signIn se definido
+            if (this.config.callbacks?.signIn) {
+                const allowed = await this.config.callbacks.signIn(user, { provider: providerId }, {});
+                if (!allowed) return null;
+            }
+
+            const sessionResult = this.sessionManager.createSession(user);
+
+            // Callback de sessão se definido
+            if (this.config.callbacks?.session) {
+                sessionResult.session = await this.config.callbacks.session({session: sessionResult.session, user, provider: providerId});
+            }
+
+            return sessionResult;
+        } catch (error) {
+            console.error(`[hweb-auth] Error signing in with provider ${providerId}:`, error);
+            return null;
+        }
+    }
+
+    /**
+     * Faz logout do usuário
+     */
+    async signOut(req: HightJSRequest): Promise<HightJSResponse> {
+        // Busca a sessão atual para saber qual provider usar
+        const { session } = await this.middleware(req);
+
+        if (session?.user?.provider) {
+            const provider = this.config.providers.find(p => p.id === session.user.provider);
+            if (provider && provider.handleSignOut) {
+                try {
+                    await provider.handleSignOut();
+                } catch (error) {
+                    console.error(`[hweb-auth] Signout error on provider ${provider.id}:`, error);
+                }
+            }
+        }
+
+        return HightJSResponse
+            .json({ success: true })
+            .clearCookie('hweb-auth-token', {
+                path: '/',
+                httpOnly: true,
+                secure: this.config.secureCookies || false,
+                sameSite: 'strict'
+            });
+    }
+
+    /**
+     * Obtém a sessão atual
+     */
+    async getSession(req: HightJSRequest): Promise<Session | null> {
+        const { session } = await this.middleware(req);
+        return session;
+    }
+
+    /**
+     * Verifica se o usuário está autenticado
+     */
+    async isAuthenticated(req: HightJSRequest): Promise<boolean> {
+        const session = await this.getSession(req);
+        return session !== null;
+    }
+
+    /**
+     * Retorna todos os providers disponíveis (dados públicos)
+     */
+    getProviders(): any[] {
+        return this.config.providers.map(provider => ({
+            id: provider.id,
+            name: provider.name,
+            type: provider.type,
+            config: provider.getConfig ? provider.getConfig() : {}
+        }));
+    }
+
+    /**
+     * Busca um provider específico
+     */
+    getProvider(id: string): AuthProviderClass | null {
+        return this.config.providers.find(p => p.id === id) || null;
+    }
+
+    /**
+     * Retorna todas as rotas adicionais dos providers
+     */
+    getAllAdditionalRoutes(): Array<{ provider: string; route: any }> {
+        const routes: Array<{ provider: string; route: any }> = [];
+
+        for (const provider of this.config.providers) {
+            if (provider.additionalRoutes) {
+                for (const route of provider.additionalRoutes) {
+                    routes.push({ provider: provider.id, route });
+                }
+            }
+        }
+
+        return routes;
+    }
+
+    /**
+     * Cria resposta com cookie de autenticação - Secure implementation
+     */
+    createAuthResponse(token: string, data: any): HightJSResponse {
+        return HightJSResponse
+            .json(data)
+            .cookie('hweb-auth-token', token, {
+                httpOnly: true,
+                secure: this.config.secureCookies || false, // Always secure, even in development
+                sameSite: 'strict', // Prevent CSRF attacks
+                maxAge: (this.config.session?.maxAge || 86400) * 1000,
+                path: '/',
+                domain: undefined // Let browser set automatically for security
+            })
+            .header('X-Content-Type-Options', 'nosniff')
+            .header('X-Frame-Options', 'DENY')
+            .header('X-XSS-Protection', '1; mode=block')
+            .header('Referrer-Policy', 'strict-origin-when-cross-origin');
+    }
+
+    /**
+     * Extrai token da requisição (cookie ou header)
+     */
+    private getTokenFromRequest(req: HightJSRequest): string | null {
+        // Primeiro tenta pegar do cookie
+        const cookieToken = req.cookie('hweb-auth-token');
+        if (cookieToken) return cookieToken;
+
+        // Depois tenta do header Authorization
+        const authHeader = req.header('authorization');
+        if (authHeader && typeof authHeader === 'string' && authHeader.startsWith('Bearer ')) {
+            return authHeader.substring(7);
+        }
+
+        return null;
+    }
+}

package/src/index.ts

@@ -0,0 +1,25 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Exportações principais do sistema de autenticação
+export * from './types';
+export * from './providers';
+export * from './core';
+export * from './routes';
+export * from './jwt';
+
+export { CredentialsProvider, DiscordProvider, GoogleProvider } from './providers';
+export { createAuthRoutes } from './routes';