@instroc/auth 1.0.0 → 1.0.1

package/dist/index.d.ts

@@ -1,107 +1,159 @@
 interface AuthUser {
-    id: string;
-    email: string;
-    email_verified: boolean;
-    display_name: string | null;
-    avatar_url: string | null;
-    metadata: Record<string, unknown>;
-    created_at: string;
+  id: string;
+  email: string;
+  email_verified: boolean;
+  display_name: string | null;
+  avatar_url: string | null;
+  metadata: Record<string, unknown>;
+  created_at: string;
 }
 interface AuthSession {
-    access_token: string;
-    refresh_token: string;
-    expires_at: string;
+  access_token: string;
+  refresh_token: string;
+  expires_at: string;
 }
 interface AuthState {
-    user: AuthUser | null;
-    session: AuthSession | null;
-    loading: boolean;
-    error: string | null;
+  user: AuthUser | null;
+  session: AuthSession | null;
+  loading: boolean;
+  error: string | null;
 }
 interface LoginCredentials {
-    email: string;
-    password: string;
+  email: string;
+  password: string;
 }
 interface SignupCredentials {
-    email: string;
-    password: string;
-    displayName?: string;
-    metadata?: Record<string, unknown>;
+  email: string;
+  password: string;
+  displayName?: string;
+  metadata?: Record<string, unknown>;
 }
 type OAuthProvider = "google" | "github" | "microsoft" | "facebook";
 interface AuthConfig {
-    emailAuthEnabled: boolean;
-    googleAuthEnabled: boolean;
-    githubAuthEnabled: boolean;
-    microsoftAuthEnabled: boolean;
-    facebookAuthEnabled: boolean;
-    allowSignup: boolean;
-    requireEmailVerification: boolean;
+  emailAuthEnabled: boolean;
+  googleAuthEnabled: boolean;
+  githubAuthEnabled: boolean;
+  microsoftAuthEnabled: boolean;
+  facebookAuthEnabled: boolean;
+  allowSignup: boolean;
+  requireEmailVerification: boolean;
 }
 interface VisibilityConfig {
-    projectName: string;
-    visibility: "public" | "private";
-    requireLogin: boolean;
-    logoUrl: string | null;
-    welcomeMessage: string | null;
+  projectName: string;
+  visibility: "public" | "private";
+  requireLogin: boolean;
+  logoUrl: string | null;
+  welcomeMessage: string | null;
 }
+/**
+ * Result of signup() — indicates what post-signup flow the caller should show.
+ *
+ * - `status: "authenticated"` — user is logged in, session is active. Redirect to app.
+ * - `status: "needs_verification"` — email verification OTP was sent. Show OTP screen.
+ * - `status: "needs_approval"` — account pending admin approval. Show waiting screen.
+ */
+type SignupResult =
+  | {
+      status: "authenticated";
+      user: AuthUser;
+    }
+  | {
+      status: "needs_verification";
+      email: string;
+    }
+  | {
+      status: "needs_approval";
+      user: AuthUser;
+    };
 interface AuthContextValue extends AuthState {
-    login: (credentials: LoginCredentials) => Promise<void>;
-    signup: (credentials: SignupCredentials) => Promise<void>;
-    logout: () => Promise<void>;
-    signInWithOAuth: (provider: OAuthProvider) => void;
-    verifyOTP: (email: string, code: string) => Promise<void>;
-    resendOTP: (email: string) => Promise<void>;
-    updateProfile: (data: UpdateProfileData) => Promise<void>;
-    refreshSession: () => Promise<void>;
-    forgotPassword: (email: string) => Promise<void>;
-    resetPassword: (token: string, newPassword: string) => Promise<void>;
-    setProjectId: (projectId: string) => void;
-    projectId: string | null;
-    authConfig: AuthConfig | null;
-    visibilityConfig: VisibilityConfig | null;
+  login: (credentials: LoginCredentials) => Promise<void>;
+  signup: (credentials: SignupCredentials) => Promise<SignupResult>;
+  logout: () => Promise<void>;
+  signInWithOAuth: (provider: OAuthProvider) => void;
+  verifyOTP: (email: string, code: string) => Promise<void>;
+  resendOTP: (email: string) => Promise<void>;
+  updateProfile: (data: UpdateProfileData) => Promise<void>;
+  refreshSession: () => Promise<void>;
+  forgotPassword: (email: string) => Promise<void>;
+  resetPassword: (token: string, newPassword: string) => Promise<void>;
+  setProjectId: (projectId: string) => void;
+  projectId: string | null;
+  authConfig: AuthConfig | null;
+  visibilityConfig: VisibilityConfig | null;
 }
 interface UpdateProfileData {
-    displayName?: string;
-    avatarUrl?: string;
-    metadata?: Record<string, unknown>;
+  displayName?: string;
+  avatarUrl?: string;
+  metadata?: Record<string, unknown>;
 }
 interface AuthProviderProps {
-    children: React.ReactNode;
-    projectId?: string;
-    baseUrl?: string;
-    persistSession?: boolean;
-    onAuthStateChange?: (user: AuthUser | null) => void;
+  children: React.ReactNode;
+  projectId?: string;
+  baseUrl?: string;
+  persistSession?: boolean;
+  onAuthStateChange?: (user: AuthUser | null) => void;
 }
 interface AuthResponse {
-    user: AuthUser;
-    session: AuthSession;
+  user: AuthUser;
+  session: AuthSession;
+  /** Set when signup requires email verification — session is a placeholder with empty tokens. */
+  needsVerification?: boolean;
+  /** Set when signup succeeded but account is pending admin approval (private apps). */
+  needsApproval?: boolean;
 }
 interface RefreshResponse {
-    access_token: string;
-    expires_at: string;
+  access_token: string;
+  expires_at: string;
 }
 
-declare function AuthProvider({ children, projectId: initialProjectId, baseUrl, persistSession, onAuthStateChange, }: AuthProviderProps): JSX.Element;
+declare function AuthProvider({
+  children,
+  projectId: initialProjectId,
+  baseUrl,
+  persistSession,
+  onAuthStateChange,
+}: AuthProviderProps): JSX.Element;
 declare function useAuthContext(): AuthContextValue;
 
 declare function useAuth(): AuthContextValue;
 declare function useUser(): {
-    user: AuthUser | null;
-    loading: boolean;
+  user: AuthUser | null;
+  loading: boolean;
 };
 declare function useSession(): {
-    session: AuthSession | null;
-    loading: boolean;
-};
-declare function useAuthRequired(): {
-    user: null;
-    session: null;
-    loading: boolean;
-} | {
-    user: AuthUser;
-    session: AuthSession | null;
-    loading: boolean;
+  session: AuthSession | null;
+  loading: boolean;
 };
+declare function useAuthRequired():
+  | {
+      user: null;
+      session: null;
+      loading: boolean;
+    }
+  | {
+      user: AuthUser;
+      session: AuthSession | null;
+      loading: boolean;
+    };
 
-export { type AuthConfig, type AuthContextValue, AuthProvider, type AuthProviderProps, type AuthResponse, type AuthSession, type AuthState, type AuthUser, type LoginCredentials, type OAuthProvider, type RefreshResponse, type SignupCredentials, type UpdateProfileData, type VisibilityConfig, useAuth, useAuthContext, useAuthRequired, useSession, useUser };
+export {
+  type AuthConfig,
+  type AuthContextValue,
+  AuthProvider,
+  type AuthProviderProps,
+  type AuthResponse,
+  type AuthSession,
+  type AuthState,
+  type AuthUser,
+  type LoginCredentials,
+  type OAuthProvider,
+  type RefreshResponse,
+  type SignupCredentials,
+  type UpdateProfileData,
+  type VisibilityConfig,
+  useAuth,
+  useAuthContext,
+  useAuthRequired,
+  useSession,
+  useUser,
+};

package/dist/index.js

@@ -36,6 +36,10 @@ function AuthProvider({
     },
     [projectId, baseUrl]
   );
+  const authFetch = useCallback(
+    (url, init) => fetch(url, { ...init, credentials: "include" }),
+    []
+  );
   const saveSession = useCallback(
     (sessionData) => {
       if (persistSession && typeof window !== "undefined") {
@@ -74,7 +78,7 @@ function AuthProvider({
           try {
             await refreshSession();
           } catch (err) {
-            console.error("Token refresh failed:", err);
+            console.warn("Token refresh failed:", err);
             setUser(null);
             setSession(null);
             saveSession(null);
@@ -105,7 +109,7 @@ function AuthProvider({
       return;
     }
     try {
-      const response = await fetch(buildUrl("me"), {
+      const response = await authFetch(buildUrl("me"), {
         headers: {
           Authorization: `Bearer ${storedSession.access_token}`
         }
@@ -115,7 +119,7 @@ function AuthProvider({
         updateAuthState(data.user, storedSession);
       } else if (response.status === 401) {
         try {
-          const refreshResponse = await fetch(buildUrl("refresh"), {
+          const refreshResponse = await authFetch(buildUrl("refresh"), {
             method: "POST",
             headers: { "Content-Type": "application/json" },
             body: JSON.stringify({ refreshToken: storedSession.refresh_token })
@@ -127,7 +131,7 @@ function AuthProvider({
               access_token: refreshData.access_token,
               expires_at: refreshData.expires_at
             };
-            const userResponse = await fetch(buildUrl("me"), {
+            const userResponse = await authFetch(buildUrl("me"), {
               headers: {
                 Authorization: `Bearer ${newSession.access_token}`
               }
@@ -171,7 +175,7 @@ function AuthProvider({
       setError(null);
       setLoading(true);
       try {
-        const response = await fetch(buildUrl("login"), {
+        const response = await authFetch(buildUrl("login"), {
           method: "POST",
           headers: { "Content-Type": "application/json" },
           body: JSON.stringify(credentials)
@@ -197,7 +201,7 @@ function AuthProvider({
       setError(null);
       setLoading(true);
       try {
-        const response = await fetch(buildUrl("signup"), {
+        const response = await authFetch(buildUrl("signup"), {
           method: "POST",
           headers: { "Content-Type": "application/json" },
           body: JSON.stringify(credentials)
@@ -207,11 +211,24 @@ function AuthProvider({
           throw new Error(data.error || "Signup failed");
         }
         const authResponse = data;
+        if (authResponse.needsVerification) {
+          return {
+            status: "needs_verification",
+            email: credentials.email
+          };
+        }
+        if (authResponse.needsApproval) {
+          updateAuthState(authResponse.user, authResponse.session);
+          return { status: "needs_approval", user: authResponse.user };
+        }
         if (authResponse.session.access_token) {
           updateAuthState(authResponse.user, authResponse.session);
-        } else {
-          setUser(authResponse.user);
+          return { status: "authenticated", user: authResponse.user };
         }
+        return {
+          status: "needs_verification",
+          email: credentials.email
+        };
       } catch (err) {
         const message = err instanceof Error ? err.message : "Signup failed";
         setError(message);
@@ -225,7 +242,7 @@ function AuthProvider({
   const logout = useCallback(async () => {
     try {
       if (session) {
-        await fetch(buildUrl("logout"), {
+        await authFetch(buildUrl("logout"), {
           method: "POST",
           headers: {
             Authorization: `Bearer ${session.access_token}`
@@ -248,7 +265,7 @@ function AuthProvider({
       }
       setError(null);
       try {
-        const response = await fetch(buildUrl("me"), {
+        const response = await authFetch(buildUrl("me"), {
           method: "PATCH",
           headers: {
             "Content-Type": "application/json",
@@ -270,10 +287,9 @@ function AuthProvider({
     [session, buildUrl]
   );
   const refreshSession = useCallback(async () => {
-    if (!session) {
-      throw new Error("No session to refresh");
-    }
-    const response = await fetch(buildUrl("refresh"), {
+    if (!session)
+      return;
+    const response = await authFetch(buildUrl("refresh"), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({ refreshToken: session.refresh_token })
@@ -294,7 +310,7 @@ function AuthProvider({
     async (email) => {
       setError(null);
       try {
-        const response = await fetch(buildUrl("forgot-password"), {
+        const response = await authFetch(buildUrl("forgot-password"), {
           method: "POST",
           headers: { "Content-Type": "application/json" },
           body: JSON.stringify({ email })
@@ -315,7 +331,7 @@ function AuthProvider({
     async (token, newPassword) => {
       setError(null);
       try {
-        const response = await fetch(buildUrl("reset-password"), {
+        const response = await authFetch(buildUrl("reset-password"), {
           method: "POST",
           headers: { "Content-Type": "application/json" },
           body: JSON.stringify({ token, password: newPassword })
@@ -349,7 +365,7 @@ function AuthProvider({
       setError(null);
       setLoading(true);
       try {
-        const response = await fetch(buildUrl("verify-email"), {
+        const response = await authFetch(buildUrl("verify-email"), {
           method: "POST",
           headers: { "Content-Type": "application/json" },
           body: JSON.stringify({ email, otp: code })
@@ -375,7 +391,7 @@ function AuthProvider({
     async (email) => {
       setError(null);
       try {
-        const response = await fetch(buildUrl("resend-verification"), {
+        const response = await authFetch(buildUrl("resend-verification"), {
           method: "POST",
           headers: { "Content-Type": "application/json" },
           body: JSON.stringify({ email })
@@ -396,9 +412,7 @@ function AuthProvider({
     if (!projectId)
       return;
     try {
-      const response = await fetch(
-        `${baseUrl}/${projectId}/auth/config`
-      );
+      const response = await fetch(`${baseUrl}/${projectId}/auth/config`);
       if (response.ok) {
         const data = await response.json();
         setAuthConfig(data.config || null);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@instroc/auth",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Authentication hooks for Instroc Cloud — useAuth, useUser, AuthProvider",
   "type": "module",
   "main": "dist/index.js",
@@ -11,7 +11,9 @@
       "types": "./dist/index.d.ts"
     }
   },
-  "files": ["dist"],
+  "files": [
+    "dist"
+  ],
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch"