@jasperoosthoek/zustand-auth-registry 0.0.1

package/src/authConfig.ts

@@ -0,0 +1,184 @@
+import { AxiosInstance } from 'axios';
+
+// OAuth 2.0 token data structure
+export type TokenData = {
+  accessToken: string;
+  refreshToken?: string;
+  expiresAt?: number;
+  tokenType: string;
+  scope?: string[];
+};
+
+// Backward compatibility: extract single token vs OAuth token data
+export type TokenExtractor = (data: any) => string | TokenData;
+
+export type AuthConfig<U> = {
+  axios: AxiosInstance;
+  
+  // OAuth 2.0 compliant endpoints (new defaults)
+  tokenUrl?: string;
+  revokeUrl?: string;
+  userInfoUrl?: string;
+  
+  // Backward compatibility: Django-style endpoints
+  loginUrl?: string;
+  logoutUrl?: string;
+  getUserUrl?: string;
+  
+  // OAuth 2.0 compliant token extraction
+  extractTokens?: (data: any) => TokenData;
+  extractAccessToken?: (data: any) => string;
+  extractRefreshToken?: (data: any) => string | undefined;
+  extractExpiresIn?: (data: any) => number | undefined;
+  extractTokenType?: (data: any) => string;
+  extractScope?: (data: any) => string[] | undefined;
+  
+  // Backward compatibility: single token extraction
+  extractToken?: (data: any) => string;
+  
+  formatAuthHeader?: (token: string, tokenType?: string) => string;
+  
+  // OAuth 2.0 features
+  autoRefresh?: boolean;
+  refreshThreshold?: number; // ms before expiry to refresh
+  
+  persistence?: {
+    enabled?: boolean;
+    storage?: Storage;
+    tokenKey?: string;
+    refreshTokenKey?: string;
+    userKey?: string;
+    expiryKey?: string;
+  };
+  
+  onError?: (error: any) => void;
+  onLogin?: (user: U) => void;
+  onLogout?: () => void;
+  onTokenRefresh?: (tokens: TokenData) => void;
+};
+
+export type ValidatedAuthConfig<U> = {
+  axios: AxiosInstance;
+  
+  // Resolved endpoints (OAuth preferred, Django fallback)
+  tokenUrl: string;
+  revokeUrl?: string;
+  userInfoUrl?: string;
+  
+  // Backward compatibility endpoints
+  loginUrl?: string;
+  logoutUrl?: string;
+  getUserUrl?: string;
+  
+  // Token extraction functions
+  extractTokens: (data: any) => TokenData;
+  extractToken?: (data: any) => string;
+  
+  formatAuthHeader: (token: string, tokenType?: string) => string;
+  
+  // OAuth features
+  autoRefresh: boolean;
+  refreshThreshold: number;
+  
+  persistence: {
+    enabled: boolean;
+    storage: Storage;
+    tokenKey: string;
+    refreshTokenKey: string;
+    userKey: string;
+    expiryKey: string;
+  };
+  
+  onError?: (error: any) => void;
+  onLogin?: (user: U) => void;
+  onLogout?: () => void;
+  onTokenRefresh?: (tokens: TokenData) => void;
+};
+
+export const validateAuthConfig = <U>(config: AuthConfig<U>): ValidatedAuthConfig<U> => {
+  if (!config.axios) {
+    throw new Error('AuthConfig: axios instance is required');
+  }
+
+  // Determine token endpoint (OAuth preferred, Django fallback)
+  const tokenUrl = config.tokenUrl || config.loginUrl;
+  if (!tokenUrl) {
+    throw new Error('AuthConfig: tokenUrl or loginUrl is required');
+  }
+
+  // Keep revokeUrl and logoutUrl distinct for proper OAuth/legacy behavior
+  const revokeUrl = config.revokeUrl;
+
+  // Determine user info endpoint
+  const userInfoUrl = config.userInfoUrl || config.getUserUrl;
+
+  // Create OAuth-compliant token extraction function
+  const extractTokens = createTokenExtractor(config);
+
+  const defaultPersistence = {
+    enabled: true,
+    storage: typeof window !== 'undefined' && window.localStorage ? window.localStorage : ({} as Storage),
+    tokenKey: 'token',
+    refreshTokenKey: 'refresh_token',
+    userKey: 'user',
+    expiryKey: 'expires_at',
+  };
+
+  return {
+    axios: config.axios,
+    tokenUrl,
+    revokeUrl,
+    userInfoUrl,
+    // Backward compatibility
+    loginUrl: config.loginUrl,
+    logoutUrl: config.logoutUrl,
+    getUserUrl: config.getUserUrl,
+    extractTokens,
+    extractToken: config.extractToken,
+    formatAuthHeader: config.formatAuthHeader || ((token: string, tokenType: string = 'Bearer') => `${tokenType} ${token}`),
+    autoRefresh: config.autoRefresh ?? true,
+    refreshThreshold: config.refreshThreshold ?? 300000, // 5 minutes
+    persistence: {
+      ...defaultPersistence,
+      ...config.persistence,
+    },
+    onError: config.onError,
+    onLogin: config.onLogin,
+    onLogout: config.onLogout,
+    onTokenRefresh: config.onTokenRefresh,
+  };
+};
+
+// Helper function to create OAuth-compliant token extractor with backward compatibility
+function createTokenExtractor<U>(config: AuthConfig<U>): (data: any) => TokenData {
+  return (data: any): TokenData => {
+    // If custom extractTokens function provided, use it
+    if (config.extractTokens) {
+      return config.extractTokens(data);
+    }
+
+    // OAuth 2.0 compliant extraction (preferred)
+    if (data.access_token) {
+      return {
+        accessToken: config.extractAccessToken ? config.extractAccessToken(data) : data.access_token,
+        refreshToken: config.extractRefreshToken ? config.extractRefreshToken(data) : data.refresh_token,
+        expiresAt: config.extractExpiresIn 
+          ? (config.extractExpiresIn(data) ? Date.now() + (config.extractExpiresIn(data)! * 1000) : undefined)
+          : (data.expires_in ? Date.now() + (data.expires_in * 1000) : undefined),
+        tokenType: config.extractTokenType ? config.extractTokenType(data) : (data.token_type || 'Bearer'),
+        scope: config.extractScope ? config.extractScope(data) : (data.scope ? data.scope.split(' ') : undefined),
+      };
+    }
+
+    // Single token fallback (backward compatibility)
+    if (config.extractToken || data.auth_token || data.token) {
+      const token = config.extractToken ? config.extractToken(data) : (data.auth_token || data.token);
+      return {
+        accessToken: token,
+        tokenType: 'Bearer', // Standard default
+      };
+    }
+
+    throw new Error('No valid token found in response. Provide extractTokens, extractToken, or ensure response contains access_token/auth_token field.');
+  };
+}

package/src/authStore.ts

@@ -0,0 +1,160 @@
+import { create, StoreApi, UseBoundStore } from 'zustand';
+import { ValidatedAuthConfig, TokenData } from './authConfig';
+
+export type AuthState<U> = {
+  isAuthenticated: boolean;
+  user: U | null;
+  tokens: TokenData | null;
+  
+  // OAuth 2.0 methods
+  setTokens: (tokens: TokenData) => void;
+  setUser: (user: U) => void;
+  unsetUser: () => void;
+  isTokenExpired: () => boolean;
+  
+  // Backward compatibility
+  token: string;
+  setToken: (token: string) => void;
+};
+
+export type AuthStore<U> = UseBoundStore<StoreApi<AuthState<U>>> & {
+  config: ValidatedAuthConfig<U>;
+};
+
+export const createAuthStore = <U>(config: ValidatedAuthConfig<U>): AuthStore<U> => {
+  const { persistence } = config;
+  
+  const getStoredTokens = (): TokenData | null => {
+    if (!persistence.enabled) return null;
+    try {
+      const accessToken = persistence.storage.getItem(persistence.tokenKey);
+      if (!accessToken) return null;
+      
+      const refreshToken = persistence.storage.getItem(persistence.refreshTokenKey);
+      const expiryString = persistence.storage.getItem(persistence.expiryKey);
+      const expiresAt = expiryString ? parseInt(expiryString, 10) : undefined;
+      
+      return {
+        accessToken,
+        refreshToken: refreshToken || undefined,
+        expiresAt: expiresAt && !isNaN(expiresAt) ? expiresAt : undefined,
+        tokenType: 'Bearer', // Default, will be updated on setTokens
+      };
+    } catch {
+      return null;
+    }
+  };
+
+  const getStoredUser = (): U | null => {
+    if (!persistence.enabled) return null;
+    try {
+      const userString = persistence.storage.getItem(persistence.userKey);
+      return userString ? (JSON.parse(userString) as U) : null;
+    } catch {
+      return null;
+    }
+  };
+
+  const initialTokens = getStoredTokens();
+  const initialUser = getStoredUser();
+  const initialIsAuthenticated = !!initialTokens?.accessToken;
+
+  const store = create<AuthState<U>>((set, get) => ({
+    tokens: initialTokens,
+    user: initialUser,
+    isAuthenticated: initialIsAuthenticated,
+
+    // OAuth 2.0 methods
+    setTokens: (tokens: TokenData) => {
+      const user = get().user;
+      const isAuthenticated = !!tokens.accessToken;
+      
+      set({ tokens, isAuthenticated, token: tokens.accessToken });
+      
+      if (persistence.enabled) {
+        try {
+          persistence.storage.setItem(persistence.tokenKey, tokens.accessToken);
+          
+          if (tokens.refreshToken) {
+            persistence.storage.setItem(persistence.refreshTokenKey, tokens.refreshToken);
+          } else {
+            persistence.storage.removeItem(persistence.refreshTokenKey);
+          }
+          
+          if (tokens.expiresAt) {
+            persistence.storage.setItem(persistence.expiryKey, tokens.expiresAt.toString());
+          } else {
+            persistence.storage.removeItem(persistence.expiryKey);
+          }
+        } catch (error) {
+          config.onError?.(error);
+        }
+      }
+    },
+
+    setUser: (user: U) => {
+      const tokens = get().tokens;
+      const isAuthenticated = !!tokens?.accessToken;
+      
+      set({ user, isAuthenticated });
+      
+      if (persistence.enabled) {
+        try {
+          persistence.storage.setItem(persistence.userKey, JSON.stringify(user));
+        } catch (error) {
+          config.onError?.(error);
+        }
+      }
+    },
+
+    unsetUser: () => {
+      set({ user: null, tokens: null, isAuthenticated: false, token: '' });
+      
+      if (persistence.enabled) {
+        try {
+          persistence.storage.removeItem(persistence.tokenKey);
+          persistence.storage.removeItem(persistence.refreshTokenKey);
+          persistence.storage.removeItem(persistence.userKey);
+          persistence.storage.removeItem(persistence.expiryKey);
+        } catch (error) {
+          config.onError?.(error);
+        }
+      }
+    },
+
+    isTokenExpired: () => {
+      const tokens = get().tokens;
+      if (!tokens?.expiresAt) return false; // No expiry info means no expiration
+      return Date.now() >= tokens.expiresAt;
+    },
+
+    // Backward compatibility - computed property
+    token: initialTokens?.accessToken || '',
+
+    setToken: (token: string) => {
+      const currentTokens = get().tokens;
+      const user = get().user;
+      const newTokens: TokenData = {
+        accessToken: token,
+        refreshToken: currentTokens?.refreshToken,
+        expiresAt: currentTokens?.expiresAt,
+        tokenType: currentTokens?.tokenType || 'Bearer', // Standard default
+        scope: currentTokens?.scope,
+      };
+      
+      const isAuthenticated = !!token;
+      set({ tokens: newTokens, token, isAuthenticated });
+      
+      // Handle persistence
+      if (persistence.enabled) {
+        try {
+          persistence.storage.setItem(persistence.tokenKey, token);
+        } catch (error) {
+          config.onError?.(error);
+        }
+      }
+    },
+  }));
+
+  return Object.assign(store, { config });
+};

package/src/createAuthRegistry.ts

@@ -0,0 +1,22 @@
+import { AuthConfig, validateAuthConfig } from './authConfig';
+import { createAuthStore, AuthStore } from './authStore';
+
+export function createAuthRegistry<AuthModels extends Record<string, any>>() {
+  const registry: Record<string, AuthStore<any>> = {};
+
+  function getAuthStore<K extends keyof AuthModels>(
+    key: K,
+    config: AuthConfig<AuthModels[K]>
+  ): AuthStore<AuthModels[K]> {
+    const stringKey = String(key);
+    
+    if (!registry[stringKey]) {
+      const validatedConfig = validateAuthConfig(config);
+      registry[stringKey] = createAuthStore(validatedConfig);
+    }
+    
+    return registry[stringKey];
+  }
+
+  return getAuthStore;
+}

package/src/index.ts

@@ -0,0 +1,4 @@
+export * from './authConfig';
+export * from './authStore';
+export * from './createAuthRegistry';
+export * from './useAuth';

package/src/setupTests.ts

@@ -0,0 +1,46 @@
+// Test setup with React Testing Library and jsdom
+import '@testing-library/react';
+
+// Mock console to reduce noise during tests
+global.console = {
+  ...console,
+  error: jest.fn(),
+  warn: jest.fn(),
+};
+
+// Mock localStorage for auth persistence testing
+const createStorageMock = () => ({
+  getItem: jest.fn(),
+  setItem: jest.fn(),
+  removeItem: jest.fn(),
+  clear: jest.fn(),
+});
+
+Object.defineProperty(window, 'localStorage', {
+  value: createStorageMock(),
+});
+
+Object.defineProperty(window, 'sessionStorage', {
+  value: createStorageMock(),
+});
+
+// Mock axios for all tests
+jest.mock('axios', () => ({
+  create: jest.fn(() => ({
+    get: jest.fn(),
+    post: jest.fn(),
+    put: jest.fn(),
+    patch: jest.fn(),
+    delete: jest.fn(),
+    defaults: { 
+      headers: { 
+        common: {} 
+      } 
+    },
+    interceptors: {
+      request: { use: jest.fn(), eject: jest.fn() },
+      response: { use: jest.fn(), eject: jest.fn() }
+    }
+  })),
+  isAxiosError: jest.fn()
+}));

package/src/useAuth.ts

@@ -0,0 +1,157 @@
+import { useEffect, useCallback } from 'react';
+import axios from 'axios';
+import { AuthStore } from './authStore';
+import { TokenData } from './authConfig';
+
+export function useAuth<U>(store: AuthStore<U>) {
+  const { setTokens, setUser, unsetUser, tokens, user, isTokenExpired } = store();
+  const config = store.config;
+
+  // Backward compatibility
+  const { setToken, token } = store();
+
+  // OAuth 2.0 refresh token functionality
+  const refreshTokens = useCallback(async (): Promise<boolean> => {
+    if (!tokens?.refreshToken) {
+      return false;
+    }
+
+    try {
+      const response = await config.axios.post(config.tokenUrl, {
+        grant_type: 'refresh_token',
+        refresh_token: tokens.refreshToken,
+      });
+
+      const newTokens = config.extractTokens(response.data);
+      setTokens(newTokens);
+      setAxiosAuth(newTokens.accessToken, newTokens.tokenType);
+      
+      config.onTokenRefresh?.(newTokens);
+      return true;
+    } catch (error) {
+      // Refresh failed, clear tokens
+      unsetUser();
+      setAxiosAuth();
+      config.onError?.(error);
+      return false;
+    }
+  }, [tokens?.refreshToken, config, setTokens, unsetUser]);
+
+  // Auto-refresh and authentication setup
+  useEffect(() => {
+    // Handle current tokens
+    if (tokens?.accessToken) {
+      // Set axios headers immediately
+      setAxiosAuth(tokens.accessToken, tokens.tokenType);
+
+      // Check if token is expired or about to expire
+      if (isTokenExpired()) {
+        // Token is already expired, try to refresh
+        if (tokens.refreshToken && config.autoRefresh) {
+          refreshTokens();
+        } else {
+          unsetUser();
+        }
+        return;
+      }
+
+      // Set up auto-refresh timer if we have expiry info
+      if (tokens.expiresAt && tokens.refreshToken && config.autoRefresh) {
+        const timeUntilExpiry = tokens.expiresAt - Date.now();
+        const refreshTime = Math.max(timeUntilExpiry - config.refreshThreshold, 0);
+
+        const timer = setTimeout(() => {
+          refreshTokens();
+        }, refreshTime);
+
+        return () => clearTimeout(timer);
+      }
+
+      // Try to get user info if missing
+      try {
+        if (!user && (config.userInfoUrl || config.getUserUrl)) {
+          getCurrentUser();
+        }
+      } catch (error) {
+        if (axios.isAxiosError(error) && error.response?.status === 403) {
+          unsetUser();
+          setAxiosAuth();
+        }
+        config.onError?.(error);
+      }
+    }
+  }, [tokens, user, config.autoRefresh, config.refreshThreshold, config.userInfoUrl, config.getUserUrl, isTokenExpired, refreshTokens, unsetUser]);
+
+  const setAxiosAuth = (token?: string, tokenType?: string) => {
+    if (typeof token !== 'undefined' && token) {
+      config.axios.defaults.headers.common['Authorization'] = config.formatAuthHeader(token, tokenType);
+    } else {
+      delete config.axios.defaults.headers.common['Authorization'];
+    }
+  };
+
+  const login = async (
+    credentials: Record<string, string>,
+    callback?: () => void
+  ) => {
+    try {
+      const res = await config.axios.post(config.tokenUrl, credentials);
+      const tokens = config.extractTokens(res.data);
+      setTokens(tokens);
+      setAxiosAuth(tokens.accessToken, tokens.tokenType);
+      
+      if (config.userInfoUrl || config.getUserUrl) {
+        await getCurrentUser();
+      }
+      
+      if (user) {
+        config.onLogin?.(user);
+      }
+      callback?.();
+    } catch (err) {
+      unsetUser();
+      setAxiosAuth();
+      config.onError?.(err);
+    }
+  };
+
+  const getCurrentUser = async () => {
+    const userUrl = config.userInfoUrl || config.getUserUrl;
+    if (!userUrl) return;
+    try {
+      const res = await config.axios.get<U>(userUrl);
+      setUser(res.data);
+    } catch (err) {
+      unsetUser();
+      setAxiosAuth();
+      config.onError?.(err);
+    }
+  };
+
+  const logout = async () => {
+    try {
+      // If we have a revoke/logout URL, call it
+      const logoutUrl = config.revokeUrl || config.logoutUrl;
+      if (logoutUrl) {
+        if (config.revokeUrl && tokens?.refreshToken) {
+          // OAuth revoke
+          await config.axios.post(logoutUrl, {
+            token: tokens.refreshToken,
+            token_type_hint: 'refresh_token'
+          });
+        } else {
+          // Simple logout
+          await config.axios.post(logoutUrl);
+        }
+      }
+    } catch (err) {
+      config.onError?.(err);
+    } finally {
+      unsetUser();
+      setAxiosAuth();
+      config.onLogout?.();
+    }
+  };
+
+  return { login, getCurrentUser, logout, refreshTokens };
+}