@intelicity/gates-sdk 0.1.4 → 0.1.6

package/README.md

@@ -14,8 +14,9 @@ npm install @intelicity/gates-sdk
 - 👥 User management service with backend integration
 - 🎯 TypeScript support with full type definitions
 - 💾 Built-in JWKS caching for better performance
-- 🎨 Custom error classes for better error handling
+- 🎨 Comprehensive error hierarchy with specific error types
 - 🔐 Group-based access control
+- ⚡ Detailed error messages with status codes and error codes
 
 ## Usage
 
@@ -79,7 +80,15 @@ try {
 ### Complete Integration Example
 
 ```typescript
-import { AuthService, UserService } from "@intelicity/gates-sdk";
+import {
+  AuthService,
+  UserService,
+  TokenExpiredError,
+  UnauthorizedGroupError,
+  ApiRequestError,
+  MissingParameterError,
+  GatesError,
+} from "@intelicity/gates-sdk";
 
 class MyApplication {
   private authService: AuthService;
@@ -114,7 +123,41 @@ class MyApplication {
         total: users.total,
       };
     } catch (error) {
-      throw new Error(`Operation failed: ${error.message}`);
+      // Handle specific error types
+      if (error instanceof TokenExpiredError) {
+        return { error: "Session expired", code: 401 };
+      }
+
+      if (error instanceof UnauthorizedGroupError) {
+        return {
+          error: "Access denied",
+          code: 403,
+          requiredGroups: error.requiredGroups,
+        };
+      }
+
+      if (error instanceof ApiRequestError) {
+        return {
+          error: "Service unavailable",
+          code: error.statusCode || 500,
+          details: error.message,
+        };
+      }
+
+      if (error instanceof MissingParameterError) {
+        return { error: "Invalid request", code: 400 };
+      }
+
+      if (error instanceof GatesError) {
+        return {
+          error: "Operation failed",
+          code: 500,
+          errorCode: error.code,
+        };
+      }
+
+      // Unknown error
+      throw error;
     }
   }
 }
@@ -122,44 +165,98 @@ class MyApplication {
 
 ### Error Handling
 
-The SDK provides custom error classes for better error handling:
+The SDK provides a comprehensive error hierarchy for better error handling:
 
 ```typescript
 import {
   AuthService,
   UserService,
+  // Base errors
+  GatesError,
+  // Authentication errors
   AuthenticationError,
   TokenExpiredError,
   InvalidTokenError,
   MissingAuthorizationError,
+  UnauthorizedGroupError,
+  // API errors
+  ApiError,
+  ApiRequestError,
+  InvalidResponseError,
+  // Parameter errors
+  MissingParameterError,
+  InvalidParameterError,
 } from "@intelicity/gates-sdk";
 
-const authService = new AuthService(region, userPoolId, audience);
+const authService = new AuthService(region, userPoolId, audience, ["admin"]);
 
+// Authentication Error Handling
 try {
   const user = await authService.verifyToken(token);
+  console.log("User authenticated:", user);
 } catch (error) {
   if (error instanceof TokenExpiredError) {
     console.error("Token expired, please login again");
+    // error.code === "TOKEN_EXPIRED"
   } else if (error instanceof InvalidTokenError) {
-    console.error("Invalid token provided");
-  } else if (error instanceof MissingAuthorizationError) {
-    console.error("No authorization token provided");
-  } else {
+    console.error("Invalid token:", error.message);
+    // error.code === "INVALID_TOKEN"
+  } else if (error instanceof UnauthorizedGroupError) {
+    console.error("Access denied:", error.message);
+    console.error("Required groups:", error.requiredGroups);
+    // error.code === "UNAUTHORIZED_GROUP"
+  } else if (error instanceof MissingParameterError) {
+    console.error("Missing parameter:", error.message);
+    // error.code === "MISSING_PARAMETER"
+  } else if (error instanceof AuthenticationError) {
     console.error("Authentication failed:", error.message);
   }
 }
 
-// Error handling with User Service
+// User Service Error Handling
+const userService = new UserService(backendUrl, systemName);
+
 try {
   const users = await userService.getAllUsers(token);
+  console.log("Users fetched:", users.profiles.length);
 } catch (error) {
-  if (error.message.includes("HTTP 401")) {
-    console.error("Unauthorized - check your token");
-  } else if (error.message.includes("HTTP 403")) {
-    console.error("Forbidden - insufficient permissions");
-  } else {
-    console.error("Failed to fetch users:", error.message);
+  if (error instanceof ApiRequestError) {
+    console.error(`API request failed [${error.statusCode}]:`, error.message);
+    // error.code === "API_REQUEST_ERROR"
+    // error.statusCode contains HTTP status code
+
+    if (error.statusCode === 401) {
+      console.error("Unauthorized - check your token");
+    } else if (error.statusCode === 403) {
+      console.error("Forbidden - insufficient permissions");
+    } else if (error.statusCode === 404) {
+      console.error("Resource not found");
+    }
+  } else if (error instanceof InvalidResponseError) {
+    console.error("Invalid API response:", error.message);
+    // error.code === "INVALID_RESPONSE"
+  } else if (error instanceof MissingParameterError) {
+    console.error("Missing required parameter:", error.message);
+  } else if (error instanceof GatesError) {
+    console.error("Gates SDK error:", error.message, error.code);
+  }
+}
+
+// Catch all Gates errors
+try {
+  const profile = await userService.getProfile(token);
+} catch (error) {
+  if (error instanceof GatesError) {
+    // All SDK errors inherit from GatesError
+    console.error(`Error [${error.code}]:`, error.message);
+
+    // You can check specific properties based on error type
+    if (error instanceof ApiRequestError && error.statusCode) {
+      console.error(`HTTP Status: ${error.statusCode}`);
+    }
+    if (error instanceof UnauthorizedGroupError) {
+      console.error(`Required groups: ${error.requiredGroups.join(", ")}`);
+    }
   }
 }
 ```
@@ -275,10 +372,82 @@ type VerifyOptions = {
 
 #### Custom Errors
 
-- `AuthenticationError`: Base authentication error class
+All errors inherit from `GatesError` and include a `code` property for easy error identification.
+
+**Base Errors:**
+
+- `GatesError`: Base error class for all SDK errors
+  - Properties: `message`, `code`
+
+**Authentication Errors:**
+
+- `AuthenticationError`: Base authentication error (extends `GatesError`)
 - `TokenExpiredError`: Token has expired
+  - Code: `TOKEN_EXPIRED`
 - `InvalidTokenError`: Token is invalid or malformed
+  - Code: `INVALID_TOKEN`
 - `MissingAuthorizationError`: Authorization header is missing
+  - Code: `MISSING_AUTHORIZATION`
+- `UnauthorizedGroupError`: User is not a member of required group
+  - Code: `UNAUTHORIZED_GROUP`
+  - Properties: `message`, `code`, `requiredGroups: string[]`
+
+**API Errors:**
+
+- `ApiError`: Base API error (extends `GatesError`)
+  - Properties: `message`, `code`, `statusCode?: number`
+- `ApiRequestError`: API request failed
+  - Code: `API_REQUEST_ERROR`
+  - Properties: `message`, `code`, `statusCode?: number`
+- `InvalidResponseError`: API response format is invalid
+  - Code: `INVALID_RESPONSE`
+
+**Parameter Errors:**
+
+- `MissingParameterError`: Required parameter is missing
+  - Code: `MISSING_PARAMETER`
+- `InvalidParameterError`: Parameter has an invalid value
+  - Code: `INVALID_PARAMETER`
+
+### Error Codes Reference
+
+All SDK errors include a `code` property for programmatic error handling:
+
+| Error Code              | Error Class                 | Description                          |
+| ----------------------- | --------------------------- | ------------------------------------ |
+| `TOKEN_EXPIRED`         | `TokenExpiredError`         | JWT token has expired                |
+| `INVALID_TOKEN`         | `InvalidTokenError`         | Token is invalid or malformed        |
+| `MISSING_AUTHORIZATION` | `MissingAuthorizationError` | Authorization header is missing      |
+| `UNAUTHORIZED_GROUP`    | `UnauthorizedGroupError`    | User lacks required group membership |
+| `API_REQUEST_ERROR`     | `ApiRequestError`           | API request failed                   |
+| `INVALID_RESPONSE`      | `InvalidResponseError`      | API response format is invalid       |
+| `MISSING_PARAMETER`     | `MissingParameterError`     | Required parameter is missing        |
+| `INVALID_PARAMETER`     | `InvalidParameterError`     | Parameter has invalid value          |
+
+**Usage Example:**
+
+```typescript
+try {
+  const user = await authService.verifyToken(token);
+} catch (error) {
+  if (error instanceof GatesError) {
+    switch (error.code) {
+      case "TOKEN_EXPIRED":
+        // Redirect to login
+        break;
+      case "UNAUTHORIZED_GROUP":
+        // Show access denied page
+        break;
+      case "API_REQUEST_ERROR":
+        // Show error message with retry option
+        break;
+      default:
+        // Generic error handling
+        console.error(error.message);
+    }
+  }
+}
+```
 
 ## Environment Variables
 
@@ -334,14 +503,30 @@ const userService = new UserService(
 - Use strong, unique audience values (client IDs)
 
 ```typescript
+import {
+  GatesError,
+  TokenExpiredError,
+  UnauthorizedGroupError,
+} from "@intelicity/gates-sdk";
+
 // Good: Secure error handling
 try {
   const user = await authService.verifyToken(token);
 } catch (error) {
   // Log for monitoring (server-side only)
-  console.error('Auth failed:', error.constructor.name);
+  if (error instanceof GatesError) {
+    console.error('Auth failed:', error.code, error.constructor.name);
+  }
 
-  // Return generic error to client
+  // Return appropriate error to client based on type
+  if (error instanceof TokenExpiredError) {
+    throw new Error('Session expired');
+  }
+  if (error instanceof UnauthorizedGroupError) {
+    throw new Error('Access denied');
+  }
+
+  // Generic error for other cases
   throw new Error('Authentication failed');
 }
 
@@ -349,6 +534,20 @@ try {
 catch (error) {
   throw new Error(`Auth failed: ${error.message}`); // May expose internal details
 }
+
+// Good: Check error codes for routing logic
+try {
+  const users = await userService.getAllUsers(token);
+} catch (error) {
+  if (error instanceof GatesError) {
+    // Safe to use error codes for client-side logic
+    if (error.code === 'TOKEN_EXPIRED') {
+      redirectToLogin();
+    } else if (error.code === 'UNAUTHORIZED_GROUP') {
+      showAccessDenied();
+    }
+  }
+}
 ```
 
 ## Development

package/dist/errors/error.d.ts

@@ -1,10 +1,16 @@
 /**
- * Base error class for authentication-related errors
+ * Base error class for all Gates SDK errors
  */
-export declare class AuthenticationError extends Error {
+export declare class GatesError extends Error {
     readonly code?: string | undefined;
     constructor(message: string, code?: string | undefined);
 }
+/**
+ * Base error class for authentication-related errors
+ */
+export declare class AuthenticationError extends GatesError {
+    constructor(message: string, code?: string);
+}
 /**
  * Error thrown when a token has expired
  */
@@ -23,4 +29,42 @@ export declare class InvalidTokenError extends AuthenticationError {
 export declare class MissingAuthorizationError extends AuthenticationError {
     constructor(message?: string);
 }
+/**
+ * Error thrown when user is not a member of required group
+ */
+export declare class UnauthorizedGroupError extends AuthenticationError {
+    readonly requiredGroups: string[];
+    constructor(message: string, requiredGroups: string[]);
+}
+/**
+ * Base error class for API-related errors
+ */
+export declare class ApiError extends GatesError {
+    readonly statusCode?: number | undefined;
+    constructor(message: string, statusCode?: number | undefined, code?: string);
+}
+/**
+ * Error thrown when API request fails
+ */
+export declare class ApiRequestError extends ApiError {
+    constructor(message: string, statusCode?: number);
+}
+/**
+ * Error thrown when API response is invalid
+ */
+export declare class InvalidResponseError extends ApiError {
+    constructor(message?: string);
+}
+/**
+ * Error thrown when a required parameter is missing
+ */
+export declare class MissingParameterError extends GatesError {
+    constructor(parameterName: string);
+}
+/**
+ * Error thrown when a parameter has an invalid value
+ */
+export declare class InvalidParameterError extends GatesError {
+    constructor(parameterName: string, reason?: string);
+}
 //# sourceMappingURL=error.d.ts.map

package/dist/errors/error.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/errors/error.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;aACC,IAAI,CAAC,EAAE,MAAM;gBAA9C,OAAO,EAAE,MAAM,EAAkB,IAAI,CAAC,EAAE,MAAM,YAAA;CAK3D;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,mBAAmB;gBAC5C,OAAO,SAAsB;CAK1C;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,mBAAmB;gBAC5C,OAAO,SAAkB;CAKtC;AAED;;GAEG;AACH,qBAAa,yBAA0B,SAAQ,mBAAmB;gBACpD,OAAO,SAAiC;CAKrD"}
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../src/errors/error.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,qBAAa,UAAW,SAAQ,KAAK;aACU,IAAI,CAAC,EAAE,MAAM;gBAA9C,OAAO,EAAE,MAAM,EAAkB,IAAI,CAAC,EAAE,MAAM,YAAA;CAK3D;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,UAAU;gBACrC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM;CAK3C;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,mBAAmB;gBAC5C,OAAO,SAAmB;CAKvC;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,mBAAmB;gBAC5C,OAAO,SAAmB;CAKvC;AAED;;GAEG;AACH,qBAAa,yBAA0B,SAAQ,mBAAmB;gBACpD,OAAO,SAAwC;CAK5D;AAED;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,mBAAmB;aAChB,cAAc,EAAE,MAAM,EAAE;gBAAzD,OAAO,EAAE,MAAM,EAAkB,cAAc,EAAE,MAAM,EAAE;CAKtE;AAED;;GAEG;AACH,qBAAa,QAAS,SAAQ,UAAU;aAGpB,UAAU,CAAC,EAAE,MAAM;gBADnC,OAAO,EAAE,MAAM,EACC,UAAU,CAAC,EAAE,MAAM,YAAA,EACnC,IAAI,CAAC,EAAE,MAAM;CAMhB;AAED;;GAEG;AACH,qBAAa,eAAgB,SAAQ,QAAQ;gBAC/B,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM;CAKjD;AAED;;GAEG;AACH,qBAAa,oBAAqB,SAAQ,QAAQ;gBACpC,OAAO,SAAwC;CAK5D;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,UAAU;gBACvC,aAAa,EAAE,MAAM;CAQlC;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,UAAU;gBACvC,aAAa,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM;CAQnD"}

package/dist/errors/error.js

@@ -1,12 +1,22 @@
 // src/errors/error.ts
 /**
- * Base error class for authentication-related errors
+ * Base error class for all Gates SDK errors
  */
-export class AuthenticationError extends Error {
+export class GatesError extends Error {
     code;
     constructor(message, code) {
         super(message);
         this.code = code;
+        this.name = "GatesError";
+        Object.setPrototypeOf(this, GatesError.prototype);
+    }
+}
+/**
+ * Base error class for authentication-related errors
+ */
+export class AuthenticationError extends GatesError {
+    constructor(message, code) {
+        super(message, code);
         this.name = "AuthenticationError";
         Object.setPrototypeOf(this, AuthenticationError.prototype);
     }
@@ -15,7 +25,7 @@ export class AuthenticationError extends Error {
  * Error thrown when a token has expired
  */
 export class TokenExpiredError extends AuthenticationError {
-    constructor(message = "Token has expired") {
+    constructor(message = "Token expirado") {
         super(message, "TOKEN_EXPIRED");
         this.name = "TokenExpiredError";
         Object.setPrototypeOf(this, TokenExpiredError.prototype);
@@ -25,7 +35,7 @@ export class TokenExpiredError extends AuthenticationError {
  * Error thrown when a token is invalid
  */
 export class InvalidTokenError extends AuthenticationError {
-    constructor(message = "Invalid token") {
+    constructor(message = "Token inválido") {
         super(message, "INVALID_TOKEN");
         this.name = "InvalidTokenError";
         Object.setPrototypeOf(this, InvalidTokenError.prototype);
@@ -35,9 +45,76 @@ export class InvalidTokenError extends AuthenticationError {
  * Error thrown when authorization header is missing
  */
 export class MissingAuthorizationError extends AuthenticationError {
-    constructor(message = "Missing Authorization header") {
+    constructor(message = "Header de autorização não fornecido") {
         super(message, "MISSING_AUTHORIZATION");
         this.name = "MissingAuthorizationError";
         Object.setPrototypeOf(this, MissingAuthorizationError.prototype);
     }
 }
+/**
+ * Error thrown when user is not a member of required group
+ */
+export class UnauthorizedGroupError extends AuthenticationError {
+    requiredGroups;
+    constructor(message, requiredGroups) {
+        super(message, "UNAUTHORIZED_GROUP");
+        this.requiredGroups = requiredGroups;
+        this.name = "UnauthorizedGroupError";
+        Object.setPrototypeOf(this, UnauthorizedGroupError.prototype);
+    }
+}
+/**
+ * Base error class for API-related errors
+ */
+export class ApiError extends GatesError {
+    statusCode;
+    constructor(message, statusCode, code) {
+        super(message, code);
+        this.statusCode = statusCode;
+        this.name = "ApiError";
+        Object.setPrototypeOf(this, ApiError.prototype);
+    }
+}
+/**
+ * Error thrown when API request fails
+ */
+export class ApiRequestError extends ApiError {
+    constructor(message, statusCode) {
+        super(message, statusCode, "API_REQUEST_ERROR");
+        this.name = "ApiRequestError";
+        Object.setPrototypeOf(this, ApiRequestError.prototype);
+    }
+}
+/**
+ * Error thrown when API response is invalid
+ */
+export class InvalidResponseError extends ApiError {
+    constructor(message = "Formato de resposta da API inválido") {
+        super(message, undefined, "INVALID_RESPONSE");
+        this.name = "InvalidResponseError";
+        Object.setPrototypeOf(this, InvalidResponseError.prototype);
+    }
+}
+/**
+ * Error thrown when a required parameter is missing
+ */
+export class MissingParameterError extends GatesError {
+    constructor(parameterName) {
+        super(`Parâmetro obrigatório ausente: ${parameterName}`, "MISSING_PARAMETER");
+        this.name = "MissingParameterError";
+        Object.setPrototypeOf(this, MissingParameterError.prototype);
+    }
+}
+/**
+ * Error thrown when a parameter has an invalid value
+ */
+export class InvalidParameterError extends GatesError {
+    constructor(parameterName, reason) {
+        const message = reason
+            ? `Parâmetro '${parameterName}' inválido: ${reason}`
+            : `Parâmetro inválido: ${parameterName}`;
+        super(message, "INVALID_PARAMETER");
+        this.name = "InvalidParameterError";
+        Object.setPrototypeOf(this, InvalidParameterError.prototype);
+    }
+}

package/dist/index.d.ts

@@ -2,5 +2,5 @@ export type { GatesUser as GatesUser } from "./models/user.js";
 export type { UserProfile as Profile, ProfileAttribute, } from "./models/profile.js";
 export { GatesUserService as UserService, type UserListResponse, type GetAllUsersOptions, } from "./services/user-service.js";
 export { GatesAuthService as AuthService, type VerifyOptions, } from "./services/auth-service.js";
-export { AuthenticationError, TokenExpiredError, InvalidTokenError, MissingAuthorizationError, } from "./errors/error.js";
+export { GatesError, AuthenticationError, TokenExpiredError, InvalidTokenError, MissingAuthorizationError, UnauthorizedGroupError, ApiError, ApiRequestError, InvalidResponseError, MissingParameterError, InvalidParameterError, } from "./errors/error.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EAAE,SAAS,IAAI,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/D,YAAY,EACV,WAAW,IAAI,OAAO,EACtB,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,gBAAgB,IAAI,WAAW,EAC/B,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,gBAAgB,IAAI,WAAW,EAC/B,KAAK,aAAa,GACnB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,YAAY,EAAE,SAAS,IAAI,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/D,YAAY,EACV,WAAW,IAAI,OAAO,EACtB,gBAAgB,GACjB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,gBAAgB,IAAI,WAAW,EAC/B,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,gBAAgB,IAAI,WAAW,EAC/B,KAAK,aAAa,GACnB,MAAM,4BAA4B,CAAC;AAGpC,OAAO,EAEL,UAAU,EAGV,mBAAmB,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,yBAAyB,EACzB,sBAAsB,EAGtB,QAAQ,EACR,eAAe,EACf,oBAAoB,EAGpB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,mBAAmB,CAAC"}

package/dist/index.js

@@ -1,3 +1,14 @@
+// Main exports for Gates SDK
+// Services
 export { GatesUserService as UserService, } from "./services/user-service.js";
 export { GatesAuthService as AuthService, } from "./services/auth-service.js";
-export { AuthenticationError, TokenExpiredError, InvalidTokenError, MissingAuthorizationError, } from "./errors/error.js";
+// Errors
+export { 
+// Base errors
+GatesError, 
+// Authentication errors
+AuthenticationError, TokenExpiredError, InvalidTokenError, MissingAuthorizationError, UnauthorizedGroupError, 
+// API errors
+ApiError, ApiRequestError, InvalidResponseError, 
+// Parameter errors
+MissingParameterError, InvalidParameterError, } from "./errors/error.js";

package/dist/services/auth-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-service.d.ts","sourceRoot":"","sources":["../../src/services/auth-service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACnC,CAAC;AAEF,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAoB;gBAGjD,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE;IAiCnC,OAAO,KAAK,MAAM,GAEjB;IAED,UAAU,CAAC,MAAM,GAAE,MAAM,EAAO,GAAG,OAAO;IAgBpC,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;CAiDrD"}
+{"version":3,"file":"auth-service.d.ts","sourceRoot":"","sources":["../../src/services/auth-service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAS9C,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACnC,CAAC;AAEF,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAoB;gBAGjD,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE;IAoCnC,OAAO,KAAK,MAAM,GAEjB;IAED,UAAU,CAAC,MAAM,GAAE,MAAM,EAAO,GAAG,OAAO;IAgBpC,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;CA0FrD"}

package/dist/services/auth-service.js

@@ -1,5 +1,6 @@
-import { jwtVerify } from "jose";
+import { jwtVerify, errors as joseErrors } from "jose";
 import { getJwks } from "../cache/jwks-cache.js";
+import { InvalidParameterError, MissingParameterError, TokenExpiredError, InvalidTokenError, UnauthorizedGroupError, } from "../errors/error.js";
 export class GatesAuthService {
     region;
     userPoolId;
@@ -7,21 +8,21 @@ export class GatesAuthService {
     requiredGroup;
     constructor(region, userPoolId, audience, requiredGroup) {
         if (!region || typeof region !== "string" || region.trim().length === 0) {
-            throw new Error("Region é obrigatória e deve ser uma string válida");
+            throw new MissingParameterError("region");
         }
         if (!userPoolId ||
             typeof userPoolId !== "string" ||
             userPoolId.trim().length === 0) {
-            throw new Error("UserPoolId é obrigatório e deve ser uma string válida");
+            throw new MissingParameterError("userPoolId");
         }
         if (!audience ||
             typeof audience !== "string" ||
             audience.trim().length === 0) {
-            throw new Error("Audience é obrigatória e deve ser uma string válida");
+            throw new MissingParameterError("audience");
         }
         // Validar formato do userPoolId (deve seguir padrão AWS)
         if (!/^[a-zA-Z0-9_-]+$/.test(userPoolId)) {
-            throw new Error("UserPoolId possui formato inválido");
+            throw new InvalidParameterError("userPoolId", "deve seguir o formato AWS (apenas alfanuméricos, hífens e underscores)");
         }
         this.region = region;
         this.userPoolId = userPoolId;
@@ -45,36 +46,64 @@ export class GatesAuthService {
     }
     async verifyToken(token) {
         if (!token) {
-            throw new Error("Token não fornecido");
+            throw new MissingParameterError("token");
         }
-        const jwks = getJwks(this.region, this.userPoolId);
-        const { payload } = await jwtVerify(token, jwks, {
-            issuer: this.issuer,
-            audience: this.audience,
-        });
-        if (this.requiredGroup) {
-            const userGroups = payload["cognito:groups"];
-            if (!userGroups || !Array.isArray(userGroups)) {
-                throw new Error("Usuário não pertence ao sistema");
+        try {
+            const jwks = getJwks(this.region, this.userPoolId);
+            const { payload } = await jwtVerify(token, jwks, {
+                issuer: this.issuer,
+                audience: this.audience,
+            });
+            if (this.requiredGroup) {
+                const userGroups = payload["cognito:groups"];
+                const requiredGroups = Array.isArray(this.requiredGroup)
+                    ? this.requiredGroup
+                    : [this.requiredGroup];
+                if (!userGroups || !Array.isArray(userGroups)) {
+                    throw new UnauthorizedGroupError("Usuário não pertence a nenhum grupo obrigatório", requiredGroups);
+                }
+                // Verifica se o usuário tem pelo menos um dos grupos obrigatórios
+                const hasRequiredGroup = requiredGroups.some((group) => userGroups.includes(group));
+                if (!hasRequiredGroup) {
+                    throw new UnauthorizedGroupError(`Usuário deve ser membro de um dos seguintes grupos: ${requiredGroups.join(", ")}`, requiredGroups);
+                }
             }
-            const requiredGroups = Array.isArray(this.requiredGroup)
-                ? this.requiredGroup
-                : [this.requiredGroup];
-            // Verifica se o usuário tem pelo menos um dos grupos obrigatórios
-            const hasRequiredGroup = requiredGroups.some((group) => userGroups.includes(group));
-            if (!hasRequiredGroup) {
-                throw new Error(`Usuário deve ser membro de um dos seguintes sistemas: ${requiredGroups.join(", ")}`);
+            // Mapear o payload do Cognito para o formato do GatesUser
+            const user = {
+                user_id: payload.sub,
+                email: payload.email,
+                name: payload.name,
+                role: payload["custom:general_role"],
+                exp: payload.exp,
+                iat: payload.iat,
+            };
+            return user;
+        }
+        catch (error) {
+            // Re-throw known errors
+            if (error instanceof UnauthorizedGroupError ||
+                error instanceof MissingParameterError) {
+                throw error;
+            }
+            // Handle jose-specific errors
+            if (error instanceof joseErrors.JWTExpired) {
+                throw new TokenExpiredError("Token expirado");
+            }
+            if (error instanceof joseErrors.JWTInvalid) {
+                throw new InvalidTokenError("Token inválido ou malformado");
+            }
+            // Handle other jose errors
+            if (error instanceof Error) {
+                if (error.message.includes("expired")) {
+                    throw new TokenExpiredError(error.message);
+                }
+                if (error.message.includes("signature") ||
+                    error.message.includes("invalid")) {
+                    throw new InvalidTokenError(error.message);
+                }
+                throw new InvalidTokenError(`Falha na verificação do token: ${error.message}`);
             }
+            throw new InvalidTokenError("Falha na verificação do token");
         }
-        // Mapear o payload do Cognito para o formato do GatesUser
-        const user = {
-            user_id: payload.sub,
-            email: payload.email,
-            name: payload.name,
-            role: payload["custom:general_role"],
-            exp: payload.exp,
-            iat: payload.iat,
-        };
-        return user;
     }
 }

package/dist/services/user-service.d.ts

@@ -27,9 +27,9 @@ export declare class GatesUserService {
     getAllUsers(idToken: string): Promise<UserListResponse>;
     /**
      * Busca um usuário específico por ID
-     * @param accessToken Token de autenticação
+     * @param idToken Token de autenticação
      * @returns Dados do usuário
      */
-    login(accessToken: string): Promise<UserProfile>;
+    getProfile(idToken: string): Promise<UserProfile>;
 }
 //# sourceMappingURL=user-service.d.ts.map

package/dist/services/user-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"user-service.d.ts","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAoB,MAAM,sBAAsB,CAAC;AAErE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAgBD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAyB;gBAE5C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAQ3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAExB;IAEF;;;;;OAKG;IACG,WAAW,CACf,OAAO,EAAE,MAAM,GAEd,OAAO,CAAC,gBAAgB,CAAC;IAiD5B;;;;OAIG;IACG,KAAK,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;CA2CvD"}
+{"version":3,"file":"user-service.d.ts","sourceRoot":"","sources":["../../src/services/user-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAoB,MAAM,sBAAsB,CAAC;AAOrE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAeD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAyB;gBAE5C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAQ3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAExB;IAEF;;;;;OAKG;IACG,WAAW,CACf,OAAO,EAAE,MAAM,GAEd,OAAO,CAAC,gBAAgB,CAAC;IAqE5B;;;;OAIG;IACG,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;CAuExD"}

package/dist/services/user-service.js

@@ -1,3 +1,4 @@
+import { MissingParameterError, ApiRequestError, InvalidResponseError, } from "../errors/error.js";
 export class GatesUserService {
     baseUrl;
     system;
@@ -10,7 +11,7 @@ export class GatesUserService {
         };
     }
     endpoints = {
-        all: "/get-all-profiles-from-system",
+        all: "get-all-profiles-from-system",
     };
     /**
      * Busca todos os usuários do Cognito através do backend
@@ -22,7 +23,7 @@ export class GatesUserService {
     // options: GetAllUsersOptions = {}
     ) {
         if (!idToken) {
-            throw new Error("ID Token is required");
+            throw new MissingParameterError("idToken");
         }
         try {
             const queryParams = new URLSearchParams();
@@ -35,7 +36,7 @@ export class GatesUserService {
                 method: "POST",
                 headers: {
                     ...this.defaultHeaders,
-                    Authorization: `Bearer ${idToken}`,
+                    Authorization: `${idToken}`,
                 },
                 body: JSON.stringify({
                     system_name: this.system,
@@ -43,9 +44,12 @@ export class GatesUserService {
             });
             if (!response.ok) {
                 const errorText = await response.text();
-                throw new Error(`HTTP ${response.status}: ${errorText}`);
+                throw new ApiRequestError(`Falha ao buscar usuários: ${errorText}`, response.status);
             }
             const data = (await response.json());
+            if (!data.profiles || !Array.isArray(data.profiles)) {
+                throw new InvalidResponseError("Resposta da API não contém o array 'profiles'");
+            }
             // Adicionar total baseado no length se não vier da API
             if (!data.total && data.profiles) {
                 data.total = data.profiles.length;
@@ -53,53 +57,69 @@ export class GatesUserService {
             return data;
         }
         catch (error) {
+            // Re-throw known errors
+            if (error instanceof MissingParameterError ||
+                error instanceof ApiRequestError ||
+                error instanceof InvalidResponseError) {
+                throw error;
+            }
+            // Handle fetch errors
             if (error instanceof Error) {
-                throw new Error(`Failed to fetch users: ${error.message}`);
+                throw new ApiRequestError(`Falha ao buscar usuários: ${error.message}`);
             }
-            throw new Error("Failed to fetch users: Unknown error");
+            throw new ApiRequestError("Falha ao buscar usuários: Erro desconhecido");
         }
     }
     /**
      * Busca um usuário específico por ID
-     * @param accessToken Token de autenticação
+     * @param idToken Token de autenticação
      * @returns Dados do usuário
      */
-    async login(accessToken) {
-        if (!accessToken) {
-            throw new Error("Access Token is required");
+    async getProfile(idToken) {
+        if (!idToken) {
+            throw new MissingParameterError("idToken");
         }
         try {
-            const response = await fetch(`${this.baseUrl}/login`, {
-                method: "POST",
+            const response = await fetch(`${this.baseUrl}/get-profile?system_name=${this.system}`, {
+                method: "GET",
                 headers: {
                     ...this.defaultHeaders,
-                    Authorization: `${accessToken}`,
+                    Authorization: `${idToken}`,
                 },
-                body: JSON.stringify({ system_name: this.system }),
             });
             if (!response.ok) {
                 const errorText = await response.text();
-                throw new Error(`HTTP ${response.status}: ${errorText}`);
+                throw new ApiRequestError(`Falha ao buscar perfil do usuário: ${errorText}`, response.status);
             }
             const data = (await response.json());
-            // A API retorna { user: {...}, message: "..." }
-            if (!data.user) {
-                throw new Error("Invalid response format: missing user data");
+            // A API retorna { profile: {...}, email: ..., name: ..., message: "..." }
+            if (!data.profile) {
+                throw new InvalidResponseError("Resposta da API não contém os dados do 'profile'");
+            }
+            if (!data.email || !data.name) {
+                throw new InvalidResponseError("Resposta da API não contém os campos obrigatórios do usuário (email ou name)");
             }
             const userProfile = {
-                user_id: data.user.user_id,
-                email: data.user.email,
-                name: data.user.name,
-                enabled: data.user.enabled,
-                profile_attributes: data.user.profile_attributes || [],
+                user_id: data.profile.user_id,
+                email: data.email,
+                name: data.name,
+                enabled: data.profile.enabled,
+                profile_attributes: data.profile.profile_attributes || [],
             };
             return userProfile;
         }
         catch (error) {
+            // Re-throw known errors
+            if (error instanceof MissingParameterError ||
+                error instanceof ApiRequestError ||
+                error instanceof InvalidResponseError) {
+                throw error;
+            }
+            // Handle fetch errors
             if (error instanceof Error) {
-                throw new Error(`Failed to fetch user: ${error.message}`);
+                throw new ApiRequestError(`Falha ao buscar perfil do usuário: ${error.message}`);
             }
-            throw new Error("Failed to fetch user: Unknown error");
+            throw new ApiRequestError("Falha ao buscar perfil do usuário: Erro desconhecido");
         }
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@intelicity/gates-sdk",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "Simple SDK for authenticating users with AWS Cognito JWT tokens",
   "type": "module",
   "exports": "./dist/index.js",