@juspay/neurolink 9.32.0 → 9.33.0

package/dist/client/auth/providers/clerk.js

@@ -1,317 +0,0 @@
-// src/lib/auth/providers/clerk.ts
-import { BaseAuthProvider } from "./BaseAuthProvider.js";
-import { AuthError } from "../errors.js";
-import { logger } from "../../utils/logger.js";
-import { createProxyFetch } from "../../proxy/proxyFetch.js";
-import * as jose from "jose";
-/**
- * Clerk Authentication Provider
- *
- * Supports Clerk's session-based and JWT authentication.
- * Can validate both JWT tokens and session tokens via Clerk API.
- *
- * Features:
- * - JWT validation using Clerk's JWKS
- * - Session token validation via Clerk API
- * - User profile fetching
- * - Organization support for multi-tenant apps
- *
- * @example
- * ```typescript
- * const clerk = new ClerkProvider({
- *   type: "clerk",
- *   publishableKey: "pk_test_...",
- *   secretKey: "sk_test_..."
- * });
- *
- * const result = await clerk.authenticateToken(sessionToken);
- * if (result.valid) {
- *   console.log("Authenticated user:", result.user);
- * }
- * ```
- */
-export class ClerkProvider extends BaseAuthProvider {
-    type = "clerk";
-    secretKey;
-    jwtKey;
-    publishableKey;
-    jwks = null;
-    localKey = null;
-    constructor(config) {
-        super(config);
-        if (!config.secretKey) {
-            throw AuthError.create("CONFIGURATION_ERROR", "Clerk secretKey is required", { details: { missingFields: ["secretKey"] } });
-        }
-        this.secretKey = config.secretKey;
-        this.jwtKey = config.jwtKey;
-        this.publishableKey = config.publishableKey;
-    }
-    /**
-     * Initialize Clerk JWKS
-     */
-    async initialize() {
-        // Clerk JWKS endpoint (v1 API)
-        const jwksUrl = new URL("https://api.clerk.com/v1/jwks");
-        this.jwks = jose.createRemoteJWKSet(jwksUrl);
-        logger.debug("Clerk provider initialized");
-    }
-    /**
-     * Validate Clerk session token or JWT
-     */
-    async authenticateToken(token, _context) {
-        // First try JWT validation (tokens with dots)
-        if (token.includes(".") && token.split(".").length === 3) {
-            return this.validateJWT(token);
-        }
-        // Otherwise treat as session token
-        return this.validateSessionToken(token);
-    }
-    /**
-     * Validate JWT using local jwtKey (if configured) or JWKS
-     */
-    async validateJWT(token) {
-        try {
-            let payload;
-            if (this.jwtKey) {
-                // Use locally provided JWT key for verification
-                if (!this.localKey) {
-                    this.localKey = new TextEncoder().encode(this.jwtKey);
-                }
-                ({ payload } = await jose.jwtVerify(token, this.localKey));
-            }
-            else {
-                // Fall back to Clerk JWKS endpoint
-                if (!this.jwks) {
-                    await this.initialize();
-                }
-                if (!this.jwks) {
-                    return {
-                        valid: false,
-                        error: "Clerk JWKS not initialized",
-                    };
-                }
-                ({ payload } = await jose.jwtVerify(token, this.jwks));
-            }
-            // Validate azp (authorized party) claim if publishableKey is configured
-            if (this.publishableKey && payload.azp) {
-                if (payload.azp !== this.publishableKey) {
-                    return {
-                        valid: false,
-                        error: `Invalid authorized party: ${payload.azp}. Expected: ${this.publishableKey}`,
-                    };
-                }
-            }
-            const user = {
-                id: payload.sub,
-                email: payload.email,
-                name: payload.name,
-                picture: payload.picture,
-                emailVerified: payload.email_verified,
-                roles: payload["https://clerk.dev/roles"] || [],
-                permissions: payload["https://clerk.dev/permissions"] || [],
-                organizationId: payload.org_id,
-                metadata: {
-                    azp: payload.azp,
-                    sid: payload.sid,
-                },
-            };
-            return {
-                valid: true,
-                payload: payload,
-                user,
-                expiresAt: payload.exp ? new Date(payload.exp * 1000) : undefined,
-                tokenType: "jwt",
-            };
-        }
-        catch (error) {
-            return {
-                valid: false,
-                error: error instanceof Error ? error.message : String(error),
-            };
-        }
-    }
-    /**
-     * Validate session token via Clerk API
-     */
-    async validateSessionToken(token) {
-        try {
-            const proxyFetch = createProxyFetch();
-            const response = await proxyFetch("https://api.clerk.com/v1/sessions/verify", {
-                method: "POST",
-                headers: {
-                    Authorization: `Bearer ${this.secretKey}`,
-                    "Content-Type": "application/json",
-                },
-                body: JSON.stringify({ token }),
-            });
-            if (!response.ok) {
-                const error = (await response.json());
-                return {
-                    valid: false,
-                    error: error.errors?.[0]?.message || "Session validation failed",
-                };
-            }
-            const session = (await response.json());
-            const userData = session.user;
-            const emailAddresses = userData?.email_addresses;
-            const user = {
-                id: session.user_id,
-                email: emailAddresses?.[0]?.email_address,
-                name: userData?.first_name
-                    ? `${userData.first_name} ${userData.last_name || ""}`.trim()
-                    : undefined,
-                picture: userData?.image_url,
-                roles: userData?.public_metadata
-                    ?.roles || [],
-                permissions: userData?.public_metadata
-                    ?.permissions || [],
-                organizationId: session.active_organization_id,
-            };
-            return {
-                valid: true,
-                payload: session,
-                user,
-                expiresAt: session.expire_at
-                    ? new Date(session.expire_at)
-                    : undefined,
-                tokenType: "session",
-            };
-        }
-        catch (error) {
-            return {
-                valid: false,
-                error: error instanceof Error ? error.message : String(error),
-            };
-        }
-    }
-    /**
-     * Get user by ID from Clerk API
-     */
-    async getUser(userId) {
-        try {
-            const proxyFetch = createProxyFetch();
-            const response = await proxyFetch(`https://api.clerk.com/v1/users/${userId}`, {
-                headers: {
-                    Authorization: `Bearer ${this.secretKey}`,
-                },
-            });
-            if (!response.ok) {
-                if (response.status === 404) {
-                    return null;
-                }
-                throw AuthError.create("PROVIDER_ERROR", `Clerk API returned ${response.status}`, { details: { statusCode: response.status } });
-            }
-            const data = (await response.json());
-            const emailAddresses = data.email_addresses;
-            return {
-                id: data.id,
-                email: emailAddresses?.[0]?.email_address,
-                name: data.first_name
-                    ? `${data.first_name} ${data.last_name || ""}`.trim()
-                    : undefined,
-                picture: data.image_url,
-                emailVerified: emailAddresses?.[0]?.verification?.status === "verified",
-                roles: data.public_metadata
-                    ?.roles || [],
-                permissions: data.public_metadata
-                    ?.permissions || [],
-                createdAt: data.created_at
-                    ? new Date(data.created_at)
-                    : undefined,
-                lastLoginAt: data.last_sign_in_at
-                    ? new Date(data.last_sign_in_at)
-                    : undefined,
-                metadata: data.private_metadata,
-            };
-        }
-        catch (error) {
-            logger.error("Failed to fetch Clerk user:", error);
-            if (error &&
-                typeof error === "object" &&
-                "code" in error &&
-                typeof error.code === "string") {
-                throw error;
-            }
-            return null;
-        }
-    }
-    /**
-     * Get user by email from Clerk API
-     */
-    async getUserByEmail(email) {
-        try {
-            const proxyFetch = createProxyFetch();
-            const response = await proxyFetch(`https://api.clerk.com/v1/users?email_address=${encodeURIComponent(email)}`, {
-                headers: {
-                    Authorization: `Bearer ${this.secretKey}`,
-                },
-            });
-            if (!response.ok) {
-                throw AuthError.create("PROVIDER_ERROR", `Clerk API returned ${response.status}`, { details: { statusCode: response.status } });
-            }
-            const users = (await response.json());
-            if (users.length === 0) {
-                return null;
-            }
-            const data = users[0];
-            const emailAddresses = data.email_addresses;
-            return {
-                id: data.id,
-                email: emailAddresses?.[0]?.email_address,
-                name: data.first_name
-                    ? `${data.first_name} ${data.last_name || ""}`.trim()
-                    : undefined,
-                picture: data.image_url,
-                emailVerified: emailAddresses?.[0]?.verification?.status === "verified",
-                roles: data.public_metadata
-                    ?.roles || [],
-                permissions: data.public_metadata
-                    ?.permissions || [],
-                createdAt: data.created_at
-                    ? new Date(data.created_at)
-                    : undefined,
-                lastLoginAt: data.last_sign_in_at
-                    ? new Date(data.last_sign_in_at)
-                    : undefined,
-                metadata: data.private_metadata,
-            };
-        }
-        catch (error) {
-            logger.error("Failed to fetch Clerk user by email:", error);
-            if (error &&
-                typeof error === "object" &&
-                "code" in error &&
-                typeof error.code === "string") {
-                throw error;
-            }
-            return null;
-        }
-    }
-    /**
-     * Health check
-     */
-    async healthCheck() {
-        try {
-            const proxyFetch = createProxyFetch();
-            // Use a lightweight endpoint to check connectivity
-            const response = await proxyFetch("https://api.clerk.com/v1/organizations?limit=1", {
-                headers: {
-                    Authorization: `Bearer ${this.secretKey}`,
-                },
-            });
-            return {
-                healthy: response.ok,
-                providerConnected: response.ok,
-                sessionStorageHealthy: true,
-            };
-        }
-        catch (error) {
-            return {
-                healthy: false,
-                providerConnected: false,
-                sessionStorageHealthy: true,
-                error: error instanceof Error ? error.message : String(error),
-            };
-        }
-    }
-}

package/dist/client/auth/providers/custom.js

@@ -1,112 +0,0 @@
-// src/lib/auth/providers/custom.ts
-import { logger } from "../../utils/logger.js";
-import { AuthError } from "../errors.js";
-import { BaseAuthProvider } from "./BaseAuthProvider.js";
-/**
- * Custom Authentication Provider
- *
- * Allows users to provide their own authentication logic through callback functions.
- * Useful for integrating with custom auth systems or implementing unique auth flows.
- *
- * Features:
- * - Custom token validation via callback
- * - Custom user fetching (optional)
- * - Custom session creation (optional, delegates to base when not provided)
- * - Session management (inherited from BaseAuthProvider)
- *
- * @example
- * ```typescript
- * const custom = new CustomAuthProvider({
- *   type: "custom",
- *   validateToken: async (token, context) => {
- *     // Your custom token validation logic
- *     const decoded = await myAuthService.verify(token);
- *     return {
- *       valid: !!decoded,
- *       user: decoded ? {
- *         id: decoded.sub,
- *         email: decoded.email,
- *         roles: decoded.roles || [],
- *         permissions: decoded.permissions || [],
- *       } : undefined,
- *     };
- *   },
- *   getUser: async (userId) => {
- *     // Your custom user fetching logic
- *     return myUserService.getById(userId);
- *   },
- * });
- *
- * const result = await custom.authenticateToken(token);
- * ```
- */
-export class CustomAuthProvider extends BaseAuthProvider {
-    type = "custom";
-    validateTokenFn;
-    getUserFn;
-    createSessionFn;
-    constructor(config) {
-        super(config);
-        if (!config.validateToken) {
-            throw AuthError.create("CONFIGURATION_ERROR", "Custom validateToken function is required", { details: { provider: "custom", missingFields: ["validateToken"] } });
-        }
-        this.validateTokenFn = config.validateToken;
-        this.getUserFn = config.getUser;
-        this.createSessionFn = config.createSession;
-    }
-    /**
-     * Validate token using custom function
-     */
-    async authenticateToken(token, context) {
-        try {
-            return await this.validateTokenFn(token, context);
-        }
-        catch (error) {
-            return {
-                valid: false,
-                error: error instanceof Error ? error.message : String(error),
-            };
-        }
-    }
-    /**
-     * Create a new session.
-     * Uses custom function if provided, otherwise delegates to BaseAuthProvider.
-     */
-    async createSession(user, context) {
-        if (this.createSessionFn) {
-            const session = await this.createSessionFn(user, context);
-            await this.sessionStorage.save(session);
-            this.emit("auth:login", session.user);
-            return session;
-        }
-        // Delegate to base class session creation
-        return super.createSession(user, context);
-    }
-    /**
-     * Get user by ID using custom function
-     */
-    async getUser(userId) {
-        if (this.getUserFn) {
-            try {
-                return await this.getUserFn(userId);
-            }
-            catch (error) {
-                logger.error("Custom getUser failed:", error);
-                return null;
-            }
-        }
-        // No custom user fetching, return null
-        logger.warn("Custom getUser function not provided");
-        return null;
-    }
-    /**
-     * Health check - always healthy for custom provider
-     */
-    async healthCheck() {
-        return {
-            healthy: true,
-            providerConnected: true,
-            sessionStorageHealthy: true,
-        };
-    }
-}

package/dist/client/auth/providers/firebase.js

@@ -1,226 +0,0 @@
-// src/lib/auth/providers/firebase.ts
-import { BaseAuthProvider } from "./BaseAuthProvider.js";
-import { AuthError } from "../errors.js";
-import { logger } from "../../utils/logger.js";
-import { createProxyFetch } from "../../proxy/proxyFetch.js";
-import * as jose from "jose";
-/**
- * Firebase Authentication Provider
- *
- * Supports Firebase ID token validation using Google's public keys.
- * Can validate tokens locally or via Firebase REST API.
- *
- * Features:
- * - JWT validation using Google's public keys
- * - Token verification via Firebase REST API
- * - Custom claims extraction for roles/permissions
- *
- * @example
- * ```typescript
- * const firebase = new FirebaseAuthProvider({
- *   type: "firebase",
- *   projectId: "your-project-id"
- * });
- *
- * const result = await firebase.authenticateToken(idToken);
- * if (result.valid) {
- *   console.log("Authenticated user:", result.user);
- * }
- * ```
- */
-export class FirebaseAuthProvider extends BaseAuthProvider {
-    type = "firebase";
-    projectId;
-    apiKey;
-    serviceAccount;
-    jwks = null;
-    constructor(config) {
-        super(config);
-        if (!config.projectId) {
-            throw AuthError.create("CONFIGURATION_ERROR", "Firebase projectId is required", { details: { missingFields: ["projectId"] } });
-        }
-        this.projectId = config.projectId;
-        this.apiKey = config.apiKey;
-        this.serviceAccount = config.serviceAccount;
-    }
-    /**
-     * Initialize JWKS for Firebase token verification
-     */
-    async initialize() {
-        // Firebase uses Google's secure token service public keys
-        const jwksUrl = new URL("https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com");
-        this.jwks = jose.createRemoteJWKSet(jwksUrl);
-        logger.debug(`Firebase provider initialized for project: ${this.projectId}`);
-    }
-    /**
-     * Validate Firebase ID token
-     */
-    async authenticateToken(token, _context) {
-        if (!this.jwks) {
-            await this.initialize();
-        }
-        try {
-            // Verify the token using Google's public keys
-            const { payload } = await jose.jwtVerify(token, this.jwks, {
-                issuer: `https://securetoken.google.com/${this.projectId}`,
-                audience: this.projectId,
-            });
-            // Extract user info from Firebase token claims
-            const user = this.payloadToUser(payload);
-            return {
-                valid: true,
-                payload: payload,
-                user,
-                expiresAt: payload.exp ? new Date(payload.exp * 1000) : undefined,
-                tokenType: "jwt",
-            };
-        }
-        catch (error) {
-            // If local validation fails and API key is available, try REST API
-            if (this.apiKey) {
-                return this.validateViaApi(token);
-            }
-            return {
-                valid: false,
-                error: error instanceof Error ? error.message : String(error),
-            };
-        }
-    }
-    /**
-     * Validate token via Firebase REST API
-     */
-    async validateViaApi(token) {
-        try {
-            const proxyFetch = createProxyFetch();
-            const response = await proxyFetch(`https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${this.apiKey}`, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/json",
-                },
-                body: JSON.stringify({ idToken: token }),
-                signal: AbortSignal.timeout(5000),
-            });
-            if (!response.ok) {
-                const error = (await response.json());
-                return {
-                    valid: false,
-                    error: error.error?.message || `Firebase API returned ${response.status}`,
-                };
-            }
-            const data = (await response.json());
-            const users = data.users || [];
-            if (users.length === 0) {
-                return {
-                    valid: false,
-                    error: "User not found",
-                };
-            }
-            const userData = users[0];
-            const user = this.firebaseUserToAuthUser(userData);
-            return {
-                valid: true,
-                payload: userData,
-                user,
-                tokenType: "jwt",
-            };
-        }
-        catch (error) {
-            return {
-                valid: false,
-                error: error instanceof Error ? error.message : String(error),
-            };
-        }
-    }
-    /**
-     * Convert JWT payload to AuthUser
-     */
-    payloadToUser(payload) {
-        // Extract custom claims
-        const customClaims = payload;
-        return {
-            id: payload.sub,
-            email: payload.email,
-            name: payload.name,
-            picture: payload.picture,
-            emailVerified: payload.email_verified,
-            roles: customClaims.roles || [],
-            permissions: customClaims.permissions || [],
-            metadata: {
-                firebase: {
-                    sign_in_provider: payload.firebase?.sign_in_provider ||
-                        "unknown",
-                    identities: payload.firebase?.identities,
-                },
-            },
-        };
-    }
-    /**
-     * Convert Firebase user data to AuthUser
-     */
-    firebaseUserToAuthUser(userData) {
-        let customAttributes = {};
-        if (userData.customAttributes) {
-            try {
-                customAttributes = JSON.parse(userData.customAttributes);
-            }
-            catch {
-                logger.warn("Failed to parse Firebase customAttributes, treating as empty");
-            }
-        }
-        return {
-            id: userData.localId,
-            email: userData.email,
-            name: userData.displayName,
-            picture: userData.photoUrl,
-            emailVerified: userData.emailVerified,
-            roles: customAttributes.roles || [],
-            permissions: customAttributes.permissions || [],
-            createdAt: userData.createdAt
-                ? new Date(parseInt(userData.createdAt))
-                : undefined,
-            lastLoginAt: userData.lastLoginAt
-                ? new Date(parseInt(userData.lastLoginAt))
-                : undefined,
-            metadata: {
-                providerUserInfo: userData.providerUserInfo,
-            },
-        };
-    }
-    /**
-     * Get user by ID via Firebase REST API
-     * Requires API key
-     */
-    async getUser(_userId) {
-        if (!this.apiKey) {
-            logger.warn("Firebase API key required for user lookup");
-            return null;
-        }
-        // Firebase REST API doesn't support direct user lookup by UID
-        // This would require Admin SDK or custom backend
-        logger.warn("Direct user lookup by ID requires Firebase Admin SDK which is not supported in browser/edge environments");
-        return null;
-    }
-    /**
-     * Health check
-     */
-    async healthCheck() {
-        try {
-            // Check if we can fetch the JWKS
-            const proxyFetch = createProxyFetch();
-            const response = await proxyFetch("https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com", { signal: AbortSignal.timeout(5000) });
-            return {
-                healthy: response.ok,
-                providerConnected: response.ok,
-                sessionStorageHealthy: true,
-            };
-        }
-        catch (error) {
-            return {
-                healthy: false,
-                providerConnected: false,
-                sessionStorageHealthy: true,
-                error: error instanceof Error ? error.message : String(error),
-            };
-        }
-    }
-}