@insforge/sdk 1.0.1-refresh.4 → 1.0.1-refresh.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +14 -8
- package/dist/index.d.ts +14 -8
- package/dist/index.js +33 -15
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +33 -15
- package/dist/index.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -146,8 +146,9 @@ interface SessionStorageStrategy {
|
|
|
146
146
|
* Secure Session Storage Strategy
|
|
147
147
|
*
|
|
148
148
|
* Stores access token in memory only (cleared on page refresh).
|
|
149
|
-
* Refresh token is stored in httpOnly cookie by the backend.
|
|
150
|
-
* The `isAuthenticated` cookie is set by the
|
|
149
|
+
* Refresh token is stored in httpOnly cookie by the backend (on backend domain).
|
|
150
|
+
* The `isAuthenticated` cookie is set by the SDK on the frontend domain to signal
|
|
151
|
+
* that a secure session exists and token refresh should be attempted on page reload.
|
|
151
152
|
*
|
|
152
153
|
* Security benefits:
|
|
153
154
|
* - Access token not accessible to XSS attacks (in memory only)
|
|
@@ -281,12 +282,17 @@ declare class Auth {
|
|
|
281
282
|
private database;
|
|
282
283
|
constructor(http: HttpClient, tokenManager: TokenManager);
|
|
283
284
|
/**
|
|
284
|
-
*
|
|
285
|
+
* Set the isAuthenticated cookie flag on the frontend domain
|
|
286
|
+
* This is managed by SDK, not backend, to work in cross-origin scenarios
|
|
285
287
|
*/
|
|
286
|
-
private
|
|
288
|
+
private setAuthenticatedCookie;
|
|
289
|
+
/**
|
|
290
|
+
* Clear the isAuthenticated cookie flag from the frontend domain
|
|
291
|
+
*/
|
|
292
|
+
private clearAuthenticatedCookie;
|
|
287
293
|
/**
|
|
288
294
|
* Switch to SecureSessionStorage (cookie-based auth)
|
|
289
|
-
* Called when
|
|
295
|
+
* Called when backend returns sessionMode: 'secure'
|
|
290
296
|
* @internal
|
|
291
297
|
*/
|
|
292
298
|
_switchToSecureStorage(): void;
|
|
@@ -297,11 +303,11 @@ declare class Auth {
|
|
|
297
303
|
*/
|
|
298
304
|
_switchToLocalStorage(): void;
|
|
299
305
|
/**
|
|
300
|
-
* Detect storage strategy
|
|
301
|
-
*
|
|
306
|
+
* Detect storage strategy based on backend response
|
|
307
|
+
* @param sessionMode - The sessionMode returned by backend ('secure' or undefined)
|
|
302
308
|
* @internal
|
|
303
309
|
*/
|
|
304
|
-
private
|
|
310
|
+
private _detectStorageFromResponse;
|
|
305
311
|
/**
|
|
306
312
|
* Automatically detect and handle OAuth callback parameters in the URL
|
|
307
313
|
* This runs on initialization to seamlessly complete the OAuth flow
|
package/dist/index.d.ts
CHANGED
|
@@ -146,8 +146,9 @@ interface SessionStorageStrategy {
|
|
|
146
146
|
* Secure Session Storage Strategy
|
|
147
147
|
*
|
|
148
148
|
* Stores access token in memory only (cleared on page refresh).
|
|
149
|
-
* Refresh token is stored in httpOnly cookie by the backend.
|
|
150
|
-
* The `isAuthenticated` cookie is set by the
|
|
149
|
+
* Refresh token is stored in httpOnly cookie by the backend (on backend domain).
|
|
150
|
+
* The `isAuthenticated` cookie is set by the SDK on the frontend domain to signal
|
|
151
|
+
* that a secure session exists and token refresh should be attempted on page reload.
|
|
151
152
|
*
|
|
152
153
|
* Security benefits:
|
|
153
154
|
* - Access token not accessible to XSS attacks (in memory only)
|
|
@@ -281,12 +282,17 @@ declare class Auth {
|
|
|
281
282
|
private database;
|
|
282
283
|
constructor(http: HttpClient, tokenManager: TokenManager);
|
|
283
284
|
/**
|
|
284
|
-
*
|
|
285
|
+
* Set the isAuthenticated cookie flag on the frontend domain
|
|
286
|
+
* This is managed by SDK, not backend, to work in cross-origin scenarios
|
|
285
287
|
*/
|
|
286
|
-
private
|
|
288
|
+
private setAuthenticatedCookie;
|
|
289
|
+
/**
|
|
290
|
+
* Clear the isAuthenticated cookie flag from the frontend domain
|
|
291
|
+
*/
|
|
292
|
+
private clearAuthenticatedCookie;
|
|
287
293
|
/**
|
|
288
294
|
* Switch to SecureSessionStorage (cookie-based auth)
|
|
289
|
-
* Called when
|
|
295
|
+
* Called when backend returns sessionMode: 'secure'
|
|
290
296
|
* @internal
|
|
291
297
|
*/
|
|
292
298
|
_switchToSecureStorage(): void;
|
|
@@ -297,11 +303,11 @@ declare class Auth {
|
|
|
297
303
|
*/
|
|
298
304
|
_switchToLocalStorage(): void;
|
|
299
305
|
/**
|
|
300
|
-
* Detect storage strategy
|
|
301
|
-
*
|
|
306
|
+
* Detect storage strategy based on backend response
|
|
307
|
+
* @param sessionMode - The sessionMode returned by backend ('secure' or undefined)
|
|
302
308
|
* @internal
|
|
303
309
|
*/
|
|
304
|
-
private
|
|
310
|
+
private _detectStorageFromResponse;
|
|
305
311
|
/**
|
|
306
312
|
* Automatically detect and handle OAuth callback parameters in the URL
|
|
307
313
|
* This runs on initialization to seamlessly complete the OAuth flow
|
package/dist/index.js
CHANGED
|
@@ -267,7 +267,7 @@ var SecureSessionStorage = class {
|
|
|
267
267
|
if (this.accessToken) return false;
|
|
268
268
|
return this.hasAuthFlag();
|
|
269
269
|
}
|
|
270
|
-
// --- Private: Auth Flag Cookie Detection (
|
|
270
|
+
// --- Private: Auth Flag Cookie Detection (SDK-managed on frontend domain) ---
|
|
271
271
|
hasAuthFlag() {
|
|
272
272
|
if (typeof document === "undefined") return false;
|
|
273
273
|
return document.cookie.split(";").some(
|
|
@@ -531,17 +531,24 @@ var Auth = class {
|
|
|
531
531
|
this.detectAuthCallback();
|
|
532
532
|
}
|
|
533
533
|
/**
|
|
534
|
-
*
|
|
534
|
+
* Set the isAuthenticated cookie flag on the frontend domain
|
|
535
|
+
* This is managed by SDK, not backend, to work in cross-origin scenarios
|
|
535
536
|
*/
|
|
536
|
-
|
|
537
|
-
if (typeof document === "undefined") return
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
537
|
+
setAuthenticatedCookie() {
|
|
538
|
+
if (typeof document === "undefined") return;
|
|
539
|
+
const maxAge = 7 * 24 * 60 * 60;
|
|
540
|
+
document.cookie = `${AUTH_FLAG_COOKIE}=true; path=/; max-age=${maxAge}; SameSite=Lax`;
|
|
541
|
+
}
|
|
542
|
+
/**
|
|
543
|
+
* Clear the isAuthenticated cookie flag from the frontend domain
|
|
544
|
+
*/
|
|
545
|
+
clearAuthenticatedCookie() {
|
|
546
|
+
if (typeof document === "undefined") return;
|
|
547
|
+
document.cookie = `${AUTH_FLAG_COOKIE}=; path=/; max-age=0; SameSite=Lax`;
|
|
541
548
|
}
|
|
542
549
|
/**
|
|
543
550
|
* Switch to SecureSessionStorage (cookie-based auth)
|
|
544
|
-
* Called when
|
|
551
|
+
* Called when backend returns sessionMode: 'secure'
|
|
545
552
|
* @internal
|
|
546
553
|
*/
|
|
547
554
|
_switchToSecureStorage() {
|
|
@@ -552,6 +559,7 @@ var Auth = class {
|
|
|
552
559
|
localStorage.removeItem(TOKEN_KEY);
|
|
553
560
|
localStorage.removeItem(USER_KEY);
|
|
554
561
|
}
|
|
562
|
+
this.setAuthenticatedCookie();
|
|
555
563
|
if (currentSession) {
|
|
556
564
|
this.tokenManager.saveSession(currentSession);
|
|
557
565
|
}
|
|
@@ -565,17 +573,18 @@ var Auth = class {
|
|
|
565
573
|
if (this.tokenManager.getStrategyId() === "local") return;
|
|
566
574
|
const currentSession = this.tokenManager.getSession();
|
|
567
575
|
this.tokenManager.setStrategy(new LocalSessionStorage());
|
|
576
|
+
this.clearAuthenticatedCookie();
|
|
568
577
|
if (currentSession) {
|
|
569
578
|
this.tokenManager.saveSession(currentSession);
|
|
570
579
|
}
|
|
571
580
|
}
|
|
572
581
|
/**
|
|
573
|
-
* Detect storage strategy
|
|
574
|
-
*
|
|
582
|
+
* Detect storage strategy based on backend response
|
|
583
|
+
* @param sessionMode - The sessionMode returned by backend ('secure' or undefined)
|
|
575
584
|
* @internal
|
|
576
585
|
*/
|
|
577
|
-
|
|
578
|
-
if (
|
|
586
|
+
_detectStorageFromResponse(sessionMode) {
|
|
587
|
+
if (sessionMode === "secure") {
|
|
579
588
|
this._switchToSecureStorage();
|
|
580
589
|
}
|
|
581
590
|
}
|
|
@@ -592,8 +601,9 @@ var Auth = class {
|
|
|
592
601
|
const userId = params.get("user_id");
|
|
593
602
|
const email = params.get("email");
|
|
594
603
|
const name = params.get("name");
|
|
604
|
+
const sessionMode = params.get("session_mode");
|
|
595
605
|
if (accessToken && userId && email) {
|
|
596
|
-
this.
|
|
606
|
+
this._detectStorageFromResponse(sessionMode || void 0);
|
|
597
607
|
const session = {
|
|
598
608
|
accessToken,
|
|
599
609
|
user: {
|
|
@@ -614,6 +624,7 @@ var Auth = class {
|
|
|
614
624
|
url.searchParams.delete("user_id");
|
|
615
625
|
url.searchParams.delete("email");
|
|
616
626
|
url.searchParams.delete("name");
|
|
627
|
+
url.searchParams.delete("session_mode");
|
|
617
628
|
if (params.has("error")) {
|
|
618
629
|
url.searchParams.delete("error");
|
|
619
630
|
}
|
|
@@ -629,6 +640,8 @@ var Auth = class {
|
|
|
629
640
|
async signUp(request) {
|
|
630
641
|
try {
|
|
631
642
|
const response = await this.http.post("/api/auth/users", request);
|
|
643
|
+
const sessionMode = response.sessionMode;
|
|
644
|
+
this._detectStorageFromResponse(sessionMode);
|
|
632
645
|
if (response.accessToken && response.user) {
|
|
633
646
|
const session = {
|
|
634
647
|
accessToken: response.accessToken,
|
|
@@ -638,7 +651,6 @@ var Auth = class {
|
|
|
638
651
|
this.tokenManager.saveSession(session);
|
|
639
652
|
}
|
|
640
653
|
this.http.setAuthToken(response.accessToken);
|
|
641
|
-
this._detectStorageAfterAuth();
|
|
642
654
|
}
|
|
643
655
|
return {
|
|
644
656
|
data: response,
|
|
@@ -664,6 +676,8 @@ var Auth = class {
|
|
|
664
676
|
async signInWithPassword(request) {
|
|
665
677
|
try {
|
|
666
678
|
const response = await this.http.post("/api/auth/sessions", request);
|
|
679
|
+
const sessionMode = response.sessionMode;
|
|
680
|
+
this._detectStorageFromResponse(sessionMode);
|
|
667
681
|
const session = {
|
|
668
682
|
accessToken: response.accessToken || "",
|
|
669
683
|
user: response.user || {
|
|
@@ -679,7 +693,6 @@ var Auth = class {
|
|
|
679
693
|
this.tokenManager.saveSession(session);
|
|
680
694
|
}
|
|
681
695
|
this.http.setAuthToken(response.accessToken || "");
|
|
682
|
-
this._detectStorageAfterAuth();
|
|
683
696
|
return {
|
|
684
697
|
data: response,
|
|
685
698
|
error: null
|
|
@@ -746,6 +759,7 @@ var Auth = class {
|
|
|
746
759
|
}
|
|
747
760
|
this.tokenManager.clearSession();
|
|
748
761
|
this.http.setAuthToken(null);
|
|
762
|
+
this.clearAuthenticatedCookie();
|
|
749
763
|
return { error: null };
|
|
750
764
|
} catch (error) {
|
|
751
765
|
return {
|
|
@@ -769,6 +783,7 @@ var Auth = class {
|
|
|
769
783
|
"/api/auth/refresh"
|
|
770
784
|
);
|
|
771
785
|
if (response.accessToken) {
|
|
786
|
+
this._detectStorageFromResponse(response.sessionMode);
|
|
772
787
|
this.tokenManager.setAccessToken(response.accessToken);
|
|
773
788
|
this.http.setAuthToken(response.accessToken);
|
|
774
789
|
if (response.user) {
|
|
@@ -786,6 +801,7 @@ var Auth = class {
|
|
|
786
801
|
if (error.statusCode === 401 || error.statusCode === 403) {
|
|
787
802
|
this.tokenManager.clearSession();
|
|
788
803
|
this.http.setAuthToken(null);
|
|
804
|
+
this.clearAuthenticatedCookie();
|
|
789
805
|
}
|
|
790
806
|
throw error;
|
|
791
807
|
}
|
|
@@ -1119,6 +1135,8 @@ var Auth = class {
|
|
|
1119
1135
|
"/api/auth/email/verify",
|
|
1120
1136
|
request
|
|
1121
1137
|
);
|
|
1138
|
+
const sessionMode = response.sessionMode;
|
|
1139
|
+
this._detectStorageFromResponse(sessionMode);
|
|
1122
1140
|
if (response.accessToken) {
|
|
1123
1141
|
const session = {
|
|
1124
1142
|
accessToken: response.accessToken,
|