npm - @k3-universe/react-kit - Versions diffs - 0.0.29 → 0.0.31 - Mend

@k3-universe/react-kit 0.0.29 → 0.0.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

package/src/kit/builder/auth/types/state.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { AuthStatus } from './core';
+export type AuthAdapterState<TSession, TUser, TRole, TPermission> = {
+  status: AuthStatus;
+  session: TSession | null;
+  user: TUser | null;
+  roles: TRole[];
+  permissions: TPermission[];
+  error?: unknown;
+  lastRefresh?: number;
+  tokenExpiresIn?: number;
+};
+export type AuthAdapterSubscriber<TSession, TUser, TRole, TPermission> = (
+  state: AuthAdapterState<TSession, TUser, TRole, TPermission>,
+) => void;

package/src/kit/builder/auth/types/storage.ts ADDED Viewed

@@ -0,0 +1,21 @@
+export type AuthStorage<TSession> = {
+  get: () => Promise<TSession | null> | TSession | null;
+  set: (value: TSession | null) => Promise<void> | void;
+  clear: () => Promise<void> | void;
+};
+export type StorageType = 'local' | 'session' | 'cookie' | 'memory';
+export type StorageOptions = {
+  key?: string;
+  encrypt?: boolean;
+  encryptionKey?: string;
+  storage?: StorageType;
+  cookieOptions?: {
+    domain?: string;
+    path?: string;
+    secure?: boolean;
+    sameSite?: 'strict' | 'lax' | 'none';
+    maxAge?: number;
+  };
+};

package/src/kit/builder/auth/types/token-manager.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export type TokenManager = {
+  isExpired: (expiresAt?: number | null) => boolean;
+  shouldRefresh: (expiresAt?: number | null, threshold?: number) => boolean;
+  getTimeUntilExpiry: (expiresAt?: number | null) => number;
+  scheduleRefresh?: (
+    callback: () => void,
+    expiresAt?: number | null,
+  ) => () => void;
+};

package/src/kit/builder/auth/types/utils.ts ADDED Viewed

@@ -0,0 +1,55 @@
+// ============================================================================
+// Utility Types
+// ============================================================================
+import type { AuthAdapter } from "./adapter";
+export type InferSession<T> = T extends AuthAdapter<
+  infer _User,
+  infer _Role extends string,
+  infer _Permission extends string,
+  infer TSession,
+  infer _Credentials
+>
+  ? TSession
+  : never;
+export type InferUser<T> = T extends AuthAdapter<
+  infer TUser,
+  infer _Role extends string,
+  infer _Permission extends string,
+  infer _Session,
+  infer _Credentials
+>
+  ? TUser
+  : never;
+export type InferRole<T> = T extends AuthAdapter<
+  infer _User,
+  infer TRole extends string,
+  infer _Permission extends string,
+  infer _Session,
+  infer _Credentials
+>
+  ? TRole
+  : never;
+export type InferPermission<T> = T extends AuthAdapter<
+  infer _User,
+  infer _Role extends string,
+  infer TPermission extends string,
+  infer _Session,
+  infer _Credentials
+>
+  ? TPermission
+  : never;
+export type InferCredentials<T> = T extends AuthAdapter<
+  infer _User,
+  infer _Role extends string,
+  infer _Permission extends string,
+  infer _Session,
+  infer TCredentials
+>
+  ? TCredentials
+  : never;

package/src/kit/builder/auth/{adapter.ts → utils/auth-adapter.ts} RENAMED Viewed

@@ -16,7 +16,7 @@ import type {
   AuthStatus,
   PermissionPolicy,
   PermissionRule,
-} from './types';
+} from '../types';
 const unique = <T>(values: T[]): T[] => {
   return Array.from(new Set(values));
@@ -334,7 +334,8 @@ export function createAuthAdapter<
       return nextState;
     } catch (error) {
       await executeMiddleware('onError', error);
-      return await setSession(null, 'error', error);
+      await setSession(null, 'error', error);
+      throw error;
     }
   };

package/src/kit/builder/auth/utils/client-adapters/apollo-link.ts ADDED Viewed

@@ -0,0 +1,30 @@
+export function createApolloAuthLink(
+  getToken: () => string | null,
+  options?: {
+    tokenType?: string
+  },
+) {
+  const tokenType = options?.tokenType ?? 'Bearer'
+  // This requires @apollo/client to be installed
+  // We'll return a function that creates the link to avoid direct dependency
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  return (ApolloLink: any) => {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    return new ApolloLink((operation: any, forward: any) => {
+      const token = getToken()
+      if (token) {
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        operation.setContext(({ headers = {} }: any) => ({
+          headers: {
+            ...headers,
+            authorization: `${tokenType} ${token}`,
+          },
+        }))
+      }
+      return forward(operation)
+    })
+  }
+}

package/src/kit/builder/auth/utils/client-adapters/axios.ts ADDED Viewed

@@ -0,0 +1,61 @@
+export function createAxiosAuthInterceptor(
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  axiosInstance: any,
+  getToken: () => string | null,
+  options?: {
+    tokenType?: string
+    onTokenExpired?: () => void
+    refreshToken?: () => Promise<void>
+  },
+) {
+  const tokenType = options?.tokenType ?? 'Bearer'
+  // Request interceptor
+  axiosInstance.interceptors.request.use(
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    async (config: any) => {
+      const token = getToken()
+      if (token) {
+        config.headers.Authorization = `${tokenType} ${token}`
+      }
+      return config
+    },
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    (error: any) => Promise.reject(error),
+  )
+  // Response interceptor for token refresh
+  if (options?.refreshToken) {
+    axiosInstance.interceptors.response.use(
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      (response: any) => response,
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      async (error: any) => {
+        const originalRequest = error.config
+        // If token expired and we haven't retried yet
+        if (
+          error.response?.status === 401 &&
+          !originalRequest._retry &&
+          options.refreshToken
+        ) {
+          originalRequest._retry = true
+          try {
+            await options.refreshToken()
+            const token = getToken()
+            if (token) {
+              originalRequest.headers.Authorization = `${tokenType} ${token}`
+            }
+            return axiosInstance(originalRequest)
+          } catch (refreshError) {
+            options.onTokenExpired?.()
+            return Promise.reject(refreshError)
+          }
+        }
+        return Promise.reject(error)
+      },
+    )
+  }
+}

package/src/kit/builder/auth/utils/client-adapters/fetch.ts ADDED Viewed

@@ -0,0 +1,48 @@
+export function createAuthFetch(
+  getToken: () => string | null,
+  options?: {
+    tokenType?: string
+    onTokenExpired?: () => void
+    refreshToken?: () => Promise<void>
+  },
+): typeof fetch {
+  const tokenType = options?.tokenType ?? 'Bearer'
+  return async (
+    input: RequestInfo | URL,
+    init?: RequestInit,
+  ): Promise<Response> => {
+    const token = getToken()
+    const headers = new Headers(init?.headers)
+    if (token) {
+      headers.set('Authorization', `${tokenType} ${token}`)
+    }
+    const response = await fetch(input, {
+      ...init,
+      headers,
+    })
+    // Handle token expiration
+    if (response.status === 401 && options?.refreshToken) {
+      try {
+        await options.refreshToken()
+        const newToken = getToken()
+        if (newToken) {
+          headers.set('Authorization', `${tokenType} ${newToken}`)
+          return await fetch(input, {
+            ...init,
+            headers,
+          })
+        }
+      } catch (error) {
+        options.onTokenExpired?.()
+        throw error
+      }
+    }
+    return response
+  }
+}

package/src/kit/builder/auth/utils/client-adapters/graphql.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import type { AuthAdapterConfig, AuthSession, GraphQLAuthClient } from '../../types'
+export type GraphQLClientAdapterOptions<
+  TUser = unknown,
+  TRole extends string = string,
+  TPermission extends string = string,
+  TSession extends AuthSession<TUser, TRole, TPermission> = AuthSession<
+    TUser,
+    TRole,
+    TPermission
+  >,
+  TCredentials = unknown,
+> = {
+  client: GraphQLAuthClient<TSession, TCredentials>
+  resolveUser?: (session: TSession | null) => TUser | null
+  resolveRoles?: (session: TSession | null) => TRole[]
+  resolvePermissions?: (session: TSession | null) => TPermission[]
+}
+export function createGraphQLAuthAdapter<
+  TUser = unknown,
+  TRole extends string = string,
+  TPermission extends string = string,
+  TSession extends AuthSession<TUser, TRole, TPermission> = AuthSession<
+    TUser,
+    TRole,
+    TPermission
+  >,
+  TCredentials = unknown,
+>(
+  options: GraphQLClientAdapterOptions<
+    TUser,
+    TRole,
+    TPermission,
+    TSession,
+    TCredentials
+  >,
+): Partial<
+  AuthAdapterConfig<TUser, TRole, TPermission, TSession, TCredentials>
+> {
+  return {
+    login: options.client.login,
+    logout: options.client.logout,
+    refresh: options.client.refresh
+      ? async (session: TSession) => {
+          if (!session.refreshToken) {
+            throw new Error('No refresh token available')
+          }
+          if (!options.client.refresh) {
+            throw new Error('Refresh function not provided')
+          }
+          return await options.client.refresh(session.refreshToken)
+        }
+      : undefined,
+    loadSession: options.client.getCurrentUser,
+    resolveUser: options.resolveUser,
+    resolveRoles: options.resolveRoles,
+    resolvePermissions: options.resolvePermissions,
+  }
+}

package/src/kit/builder/auth/utils/client-adapters/index.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export * from './graphql'
+export * from './rest'
+export * from './axios'
+export * from './fetch'
+export * from './apollo-link'
+export * from './urql-exchange'

package/src/kit/builder/auth/utils/client-adapters/rest.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import type { AuthAdapterConfig, AuthSession, RESTAuthClient } from '../../types'
+export type RESTClientAdapterOptions<
+  TUser = unknown,
+  TRole extends string = string,
+  TPermission extends string = string,
+  TSession extends AuthSession<TUser, TRole, TPermission> = AuthSession<
+    TUser,
+    TRole,
+    TPermission
+  >,
+  TCredentials = unknown,
+> = {
+  client: RESTAuthClient<TSession, TCredentials>
+  resolveUser?: (session: TSession | null) => TUser | null
+  resolveRoles?: (session: TSession | null) => TRole[]
+  resolvePermissions?: (session: TSession | null) => TPermission[]
+}
+export function createRESTAuthAdapter<
+  TUser = unknown,
+  TRole extends string = string,
+  TPermission extends string = string,
+  TSession extends AuthSession<TUser, TRole, TPermission> = AuthSession<
+    TUser,
+    TRole,
+    TPermission
+  >,
+  TCredentials = unknown,
+>(
+  options: RESTClientAdapterOptions<
+    TUser,
+    TRole,
+    TPermission,
+    TSession,
+    TCredentials
+  >,
+): Partial<
+  AuthAdapterConfig<TUser, TRole, TPermission, TSession, TCredentials>
+> {
+  return {
+    login: options.client.login,
+    logout: options.client.logout,
+    refresh: options.client.refresh
+      ? async (session: TSession) => {
+          if (!session.refreshToken) {
+            throw new Error('No refresh token available')
+          }
+          if (!options.client.refresh) {
+            throw new Error('Refresh function not provided')
+          }
+          return await options.client.refresh(session.refreshToken)
+        }
+      : undefined,
+    loadSession: options.client.getCurrentUser,
+    resolveUser: options.resolveUser,
+    resolveRoles: options.resolveRoles,
+    resolvePermissions: options.resolvePermissions,
+  }
+}

package/src/kit/builder/auth/utils/client-adapters/urql-exchange.ts ADDED Viewed

@@ -0,0 +1,76 @@
+export function createUrqlAuthExchange(
+  getToken: () => string | null,
+  options?: {
+    tokenType?: string
+    refreshToken?: () => Promise<void>
+    onTokenExpired?: () => void
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    willAuthError?: (params: { authState: any; operation: any }) => boolean
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    didAuthError?: (params: { error: any; operation: any }) => boolean
+  },
+) {
+  const tokenType = options?.tokenType ?? 'Bearer'
+  // Avoid direct dependency on @urql/exchange-auth. Return a factory that accepts it.
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  return (authExchange: any) =>
+    authExchange({
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      addAuthToOperation: ({ authState, operation }: any) => {
+        const token = authState?.token ?? getToken()
+        if (!token) return operation
+        const fetchOptions =
+          typeof operation.context.fetchOptions === 'function'
+            ? operation.context.fetchOptions()
+            : operation.context.fetchOptions || {}
+        return {
+          ...operation,
+          context: {
+            ...operation.context,
+            fetchOptions: {
+              ...fetchOptions,
+              headers: {
+                ...fetchOptions.headers,
+                Authorization: `${tokenType} ${token}`,
+              },
+            },
+          },
+        }
+      },
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      getAuth: async ({ authState }: any) => {
+        if (!authState) {
+          const token = getToken()
+          if (token) return { token }
+          return null
+        }
+        if (options?.refreshToken) {
+          try {
+            await options.refreshToken()
+            const token = getToken()
+            if (token) return { token }
+          } catch (_e) {
+            options.onTokenExpired?.()
+            return null
+          }
+        }
+        return null
+      },
+      willAuthError: options?.willAuthError,
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      didAuthError: (params: { error: any; operation: any }) => {
+        if (options?.didAuthError) return options.didAuthError(params)
+        const { error } = params
+        return (
+          error?.graphQLErrors?.some(
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            (e: any) => e.extensions?.code === 'UNAUTHENTICATED',
+          ) || error?.response?.status === 401
+        )
+      },
+    })
+}

package/src/kit/builder/auth/{permission-checker.ts → utils/permission-checker.ts} RENAMED Viewed

@@ -3,7 +3,7 @@ import type {
   PermissionPolicy,
   PermissionRule,
   RoleHierarchy,
-} from './types';
+} from '../types';
 /**
  * Expands permissions based on hierarchy

package/src/kit/builder/auth/utils/storage/browser.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import type { AuthStorage } from '../../types'
+import { isBrowser } from './env'
+import { createMemoryStorage } from './memory'
+import { SimpleEncryption } from './encryption'
+export type BrowserStorageOptions<T> = {
+  key: string
+  serialize?: (value: T | null) => Promise<string | null> | string | null
+  deserialize?: (value: string | null) => Promise<T | null> | T | null
+  storage?: Storage
+  encrypt?: boolean
+  encryptionKey?: string
+}
+export const createBrowserStorage = <T>(
+  options: BrowserStorageOptions<T>,
+): AuthStorage<T> => {
+  const fallback = createMemoryStorage<T>()
+  const targetStorage =
+    options.storage ?? (isBrowser ? window.localStorage : undefined)
+  const encryption =
+    options.encrypt && options.encryptionKey
+      ? new SimpleEncryption(options.encryptionKey)
+      : null
+  const defaultSerialize = async (value: T | null): Promise<string | null> => {
+    if (value === null) return null
+    const json = JSON.stringify(value)
+    return encryption ? await encryption.encrypt(json) : json
+  }
+  const defaultDeserialize = async (
+    value: string | null,
+  ): Promise<T | null> => {
+    if (!value) return null
+    try {
+      const decrypted = encryption ? await encryption.decrypt(value) : value
+      return JSON.parse(decrypted) as T
+    } catch {
+      return null
+    }
+  }
+  const serialize = options.serialize
+    ? async (value: T | null) => {
+        const result = await options.serialize?.(value)
+        return result ?? null
+      }
+    : defaultSerialize
+  const deserialize = options.deserialize
+    ? async (value: string | null) => {
+        const result = await options.deserialize?.(value)
+        return result ?? null
+      }
+    : defaultDeserialize
+  if (!targetStorage) {
+    return fallback
+  }
+  return {
+    get: async () => {
+      try {
+        const raw = targetStorage.getItem(options.key)
+        const value = await deserialize(raw)
+        fallback.set(value)
+        return value
+      } catch (error) {
+        console.warn('[auth2][storage] Failed to read from storage', error)
+        return fallback.get()
+      }
+    },
+    set: async (value) => {
+      try {
+        const serialized = await serialize(value)
+        if (serialized === null) {
+          targetStorage.removeItem(options.key)
+        } else {
+          targetStorage.setItem(options.key, serialized)
+        }
+        fallback.set(value)
+      } catch (error) {
+        console.warn('[auth2][storage] Failed to write to storage', error)
+        fallback.set(value)
+      }
+    },
+    clear: () => {
+      try {
+        targetStorage.removeItem(options.key)
+      } catch (error) {
+        console.warn('[auth2][storage] Failed to clear storage', error)
+      } finally {
+        fallback.clear()
+      }
+    },
+  }
+}

package/src/kit/builder/auth/utils/storage/cookie.ts ADDED Viewed

@@ -0,0 +1,116 @@
+import type { AuthStorage, StorageOptions } from '../../types'
+import { isBrowser } from './env'
+import { createMemoryStorage } from './memory'
+import { SimpleEncryption } from './encryption'
+export const createCookieStorage = <T>(
+  options: StorageOptions,
+): AuthStorage<T> => {
+  const key = options.key ?? 'auth2_session'
+  const cookieOpts = options.cookieOptions ?? {}
+  const fallback = createMemoryStorage<T>()
+  const encryption =
+    options.encrypt && options.encryptionKey
+      ? new SimpleEncryption(options.encryptionKey)
+      : null
+  const cookieSetter =
+    typeof Document !== 'undefined'
+      ? Object.getOwnPropertyDescriptor(Document.prototype, 'cookie')?.set
+      : undefined
+  const assignCookie = (value: string) => {
+    if (!isBrowser || typeof document === 'undefined') return
+    if (cookieSetter) {
+      cookieSetter.call(document, value)
+      return
+    }
+    Reflect.set(document, 'cookie', value)
+  }
+  const serialize = async (value: T | null): Promise<string | null> => {
+    if (value === null) return null
+    const json = JSON.stringify(value)
+    return encryption ? await encryption.encrypt(json) : json
+  }
+  const deserialize = async (value: string | null): Promise<T | null> => {
+    if (!value) return null
+    try {
+      const decrypted = encryption ? await encryption.decrypt(value) : value
+      return JSON.parse(decrypted) as T
+    } catch {
+      return null
+    }
+  }
+  const getCookie = (name: string): string | null => {
+    if (!isBrowser) return null
+    const matches = document.cookie.match(
+      new RegExp(
+        `(?:^|; )${name.replace(/([.$?*|{}()\[\]\\/+^])/g, '\\$1')}=([^;]*)`,
+      ),
+    )
+    return matches ? decodeURIComponent(matches[1]) : null
+  }
+  const setCookie = (
+    name: string,
+    value: string,
+    opts: typeof cookieOpts = {},
+  ) => {
+    if (!isBrowser) return
+    let cookie = `${encodeURIComponent(name)}=${encodeURIComponent(value)}`
+    if (opts.maxAge) cookie += `; max-age=${opts.maxAge}`
+    if (opts.domain) cookie += `; domain=${opts.domain}`
+    if (opts.path !== undefined) cookie += `; path=${opts.path}`
+    else cookie += '; path=/'
+    if (opts.secure) cookie += '; secure'
+    if (opts.sameSite) cookie += `; samesite=${opts.sameSite}`
+    assignCookie(cookie)
+  }
+  const deleteCookie = (name: string) => {
+    if (!isBrowser) return
+    assignCookie(`${name}=; max-age=0; path=/`)
+  }
+  return {
+    get: async () => {
+      try {
+        const raw = getCookie(key)
+        const value = await deserialize(raw)
+        fallback.set(value)
+        return value
+      } catch (error) {
+        console.warn('[auth2][storage] Failed to read from cookie', error)
+        return fallback.get()
+      }
+    },
+    set: async (value) => {
+      try {
+        const serialized = await serialize(value)
+        if (serialized === null) {
+          deleteCookie(key)
+        } else {
+          setCookie(key, serialized, cookieOpts)
+        }
+        fallback.set(value)
+      } catch (error) {
+        console.warn('[auth2][storage] Failed to write to cookie', error)
+        fallback.set(value)
+      }
+    },
+    clear: () => {
+      try {
+        deleteCookie(key)
+      } catch (error) {
+        console.warn('[auth2][storage] Failed to clear cookie', error)
+      } finally {
+        fallback.clear()
+      }
+    },
+  }
+}