@karbonjs/auth 0.1.0 → 0.2.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@karbonjs/auth",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "description": "Authentication helpers for Karbon — token management, user cache, hooks",
   "type": "module",
   "main": "dist/index.js",
@@ -15,7 +15,7 @@
     "dist"
   ],
   "dependencies": {
-    "@karbonjs/types": "0.1.0"
+    "@karbonjs/types": "0.2.1"
   },
   "publishConfig": {
     "access": "public"

package/dist/roles.d.ts

@@ -1,33 +0,0 @@
-/**
- * Role hierarchy definition.
- * Higher roles inherit permissions from lower roles.
- *
- * ```ts
- * const hierarchy: RoleHierarchy = {
- *   'ROLE_SUPER_ADMIN': ['ROLE_ADMIN'],
- *   'ROLE_ADMIN': ['ROLE_EDITOR'],
- *   'ROLE_EDITOR': ['ROLE_USER'],
- *   'ROLE_USER': [],
- * }
- * ```
- */
-export type RoleHierarchy = Record<string, string[]>;
-/**
- * Check if a user's roles satisfy a required role, considering hierarchy.
- *
- * ```ts
- * hasRole(['ROLE_ADMIN'], 'ROLE_USER', hierarchy) // true (admin inherits user)
- * hasRole(['ROLE_USER'], 'ROLE_ADMIN', hierarchy)  // false
- * ```
- */
-export declare function hasRole(userRoles: string[], requiredRole: string, hierarchy?: RoleHierarchy): boolean;
-/**
- * Get the highest priority role from a list.
- * Priority is determined by hierarchy depth (deeper = higher).
- */
-export declare function highestRole(userRoles: string[], hierarchy: RoleHierarchy): string | null;
-/**
- * Shorthand: check if user has admin-level access.
- */
-export declare function isAdmin(userRoles: string[], hierarchy?: RoleHierarchy): boolean;
-//# sourceMappingURL=roles.d.ts.map

package/dist/roles.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"roles.d.ts","sourceRoot":"","sources":["../src/roles.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;AAEpD;;;;;;;GAOG;AACH,wBAAgB,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,GAAE,aAAkB,GAAG,OAAO,CAQzG;AAiBD;;;GAGG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,aAAa,GAAG,MAAM,GAAG,IAAI,CAexF;AAED;;GAEG;AACH,wBAAgB,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,SAAS,GAAE,aAAkB,GAAG,OAAO,CAEnF"}

package/dist/roles.js

@@ -1,57 +0,0 @@
-/**
- * Check if a user's roles satisfy a required role, considering hierarchy.
- *
- * ```ts
- * hasRole(['ROLE_ADMIN'], 'ROLE_USER', hierarchy) // true (admin inherits user)
- * hasRole(['ROLE_USER'], 'ROLE_ADMIN', hierarchy)  // false
- * ```
- */
-export function hasRole(userRoles, requiredRole, hierarchy = {}) {
-    if (userRoles.includes(requiredRole))
-        return true;
-    // Check hierarchy: does any user role inherit the required role?
-    for (const role of userRoles) {
-        if (resolveRoles(role, hierarchy).includes(requiredRole))
-            return true;
-    }
-    return false;
-}
-/**
- * Resolve all inherited roles for a given role.
- */
-function resolveRoles(role, hierarchy, visited = new Set()) {
-    if (visited.has(role))
-        return [];
-    visited.add(role);
-    const children = hierarchy[role] ?? [];
-    const all = [role];
-    for (const child of children) {
-        all.push(...resolveRoles(child, hierarchy, visited));
-    }
-    return all;
-}
-/**
- * Get the highest priority role from a list.
- * Priority is determined by hierarchy depth (deeper = higher).
- */
-export function highestRole(userRoles, hierarchy) {
-    if (userRoles.length === 0)
-        return null;
-    let best = userRoles[0];
-    let bestDepth = 0;
-    for (const role of userRoles) {
-        const depth = resolveRoles(role, hierarchy).length;
-        if (depth > bestDepth) {
-            bestDepth = depth;
-            best = role;
-        }
-    }
-    return best;
-}
-/**
- * Shorthand: check if user has admin-level access.
- */
-export function isAdmin(userRoles, hierarchy = {}) {
-    return hasRole(userRoles, 'ROLE_ADMIN', hierarchy);
-}
-//# sourceMappingURL=roles.js.map

package/dist/roles.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"roles.js","sourceRoot":"","sources":["../src/roles.ts"],"names":[],"mappings":"AAeA;;;;;;;GAOG;AACH,MAAM,UAAU,OAAO,CAAC,SAAmB,EAAE,YAAoB,EAAE,YAA2B,EAAE;IAC9F,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAA;IAEjD,iEAAiE;IACjE,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;YAAE,OAAO,IAAI,CAAA;IACvE,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,IAAY,EAAE,SAAwB,EAAE,UAAU,IAAI,GAAG,EAAU;IACvF,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAA;IAChC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IAEjB,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,CAAA;IACtC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,CAAA;IAClB,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,GAAG,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAA;IACtD,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,SAAmB,EAAE,SAAwB;IACvE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAEvC,IAAI,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAA;IACvB,IAAI,SAAS,GAAG,CAAC,CAAA;IAEjB,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,MAAM,CAAA;QAClD,IAAI,KAAK,GAAG,SAAS,EAAE,CAAC;YACtB,SAAS,GAAG,KAAK,CAAA;YACjB,IAAI,GAAG,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,SAAmB,EAAE,YAA2B,EAAE;IACxE,OAAO,OAAO,CAAC,SAAS,EAAE,YAAY,EAAE,SAAS,CAAC,CAAA;AACpD,CAAC"}

package/dist/token-manager.d.ts

@@ -1,35 +0,0 @@
-export interface TokenPair {
-    token: string;
-    refreshToken: string;
-    sessionId?: number;
-}
-export interface TokenManagerConfig {
-    /** API endpoint for token refresh (e.g. "/auth/refresh") */
-    refreshEndpoint: string;
-    /** Base API URL */
-    apiUrl: string;
-    /** Called with new tokens after successful refresh */
-    onRefresh?: (tokens: TokenPair) => void;
-    /** Called when refresh fails */
-    onExpired?: () => void;
-}
-/**
- * Server-side token refresh manager.
- * Handles refresh token exchange and deduplication.
- *
- * ```ts
- * const tokenManager = createTokenManager({
- *   refreshEndpoint: '/auth/refresh',
- *   apiUrl: 'http://localhost:3005/api/v1',
- *   onRefresh: (tokens) => setCookies(tokens),
- *   onExpired: () => clearSession(),
- * })
- *
- * const newTokens = await tokenManager.refresh(refreshToken, sessionId)
- * ```
- */
-export declare function createTokenManager(config: TokenManagerConfig): {
-    /** Refresh tokens. Deduplicates concurrent calls. */
-    refresh(refreshToken: string, sessionId?: number): Promise<TokenPair | null>;
-};
-//# sourceMappingURL=token-manager.d.ts.map

package/dist/token-manager.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"token-manager.d.ts","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAA;IACb,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,4DAA4D;IAC5D,eAAe,EAAE,MAAM,CAAA;IACvB,mBAAmB;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,sDAAsD;IACtD,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,IAAI,CAAA;IACvC,gCAAgC;IAChC,SAAS,CAAC,EAAE,MAAM,IAAI,CAAA;CACvB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB;IAmCzD,qDAAqD;0BACzB,MAAM,cAAc,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;EAOrF"}

package/dist/token-manager.js

@@ -1,56 +0,0 @@
-/**
- * Server-side token refresh manager.
- * Handles refresh token exchange and deduplication.
- *
- * ```ts
- * const tokenManager = createTokenManager({
- *   refreshEndpoint: '/auth/refresh',
- *   apiUrl: 'http://localhost:3005/api/v1',
- *   onRefresh: (tokens) => setCookies(tokens),
- *   onExpired: () => clearSession(),
- * })
- *
- * const newTokens = await tokenManager.refresh(refreshToken, sessionId)
- * ```
- */
-export function createTokenManager(config) {
-    let pending = null;
-    async function doRefresh(refreshToken, sessionId) {
-        try {
-            const res = await fetch(`${config.apiUrl}${config.refreshEndpoint}`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({
-                    refresh_token: refreshToken,
-                    session_id: sessionId,
-                }),
-            });
-            if (!res.ok) {
-                config.onExpired?.();
-                return null;
-            }
-            const data = await res.json();
-            const tokens = {
-                token: data.token,
-                refreshToken: data.refresh_token,
-                sessionId: data.session_id,
-            };
-            config.onRefresh?.(tokens);
-            return tokens;
-        }
-        catch {
-            config.onExpired?.();
-            return null;
-        }
-    }
-    return {
-        /** Refresh tokens. Deduplicates concurrent calls. */
-        async refresh(refreshToken, sessionId) {
-            if (!pending) {
-                pending = doRefresh(refreshToken, sessionId).finally(() => { pending = null; });
-            }
-            return pending;
-        },
-    };
-}
-//# sourceMappingURL=token-manager.js.map

package/dist/token-manager.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"token-manager.js","sourceRoot":"","sources":["../src/token-manager.ts"],"names":[],"mappings":"AAiBA;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA0B;IAC3D,IAAI,OAAO,GAAqC,IAAI,CAAA;IAEpD,KAAK,UAAU,SAAS,CAAC,YAAoB,EAAE,SAAkB;QAC/D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,eAAe,EAAE,EAAE;gBACnE,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,aAAa,EAAE,YAAY;oBAC3B,UAAU,EAAE,SAAS;iBACtB,CAAC;aACH,CAAC,CAAA;YAEF,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;gBACZ,MAAM,CAAC,SAAS,EAAE,EAAE,CAAA;gBACpB,OAAO,IAAI,CAAA;YACb,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;YAC7B,MAAM,MAAM,GAAc;gBACxB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,YAAY,EAAE,IAAI,CAAC,aAAa;gBAChC,SAAS,EAAE,IAAI,CAAC,UAAU;aAC3B,CAAA;YAED,MAAM,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,CAAA;YAC1B,OAAO,MAAM,CAAA;QACf,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,SAAS,EAAE,EAAE,CAAA;YACpB,OAAO,IAAI,CAAA;QACb,CAAC;IACH,CAAC;IAED,OAAO;QACL,qDAAqD;QACrD,KAAK,CAAC,OAAO,CAAC,YAAoB,EAAE,SAAkB;YACpD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,SAAS,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,OAAO,GAAG,IAAI,CAAA,CAAC,CAAC,CAAC,CAAA;YAChF,CAAC;YACD,OAAO,OAAO,CAAA;QAChB,CAAC;KACF,CAAA;AACH,CAAC"}

package/dist/user-cache.d.ts

@@ -1,30 +0,0 @@
-import type { AuthUser } from '@karbonjs/types';
-export interface UserCacheOptions {
-    /** Max entries in cache (default: 500) */
-    maxSize?: number;
-    /** TTL in milliseconds (default: 2 minutes) */
-    ttl?: number;
-}
-/**
- * In-memory user cache for SSR hooks.
- * Prevents hammering the /profile endpoint on every request.
- *
- * ```ts
- * const cache = createUserCache({ ttl: 120_000, maxSize: 500 })
- *
- * // In your SSR hook:
- * let user = cache.get(token)
- * if (!user) {
- *   user = await fetchProfile(token)
- *   if (user) cache.set(token, user)
- * }
- * ```
- */
-export declare function createUserCache(opts?: UserCacheOptions): {
-    get(token: string): AuthUser | null;
-    set(token: string, user: AuthUser): void;
-    invalidate(token: string): void;
-    clear(): void;
-    readonly size: number;
-};
-//# sourceMappingURL=user-cache.d.ts.map

package/dist/user-cache.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"user-cache.d.ts","sourceRoot":"","sources":["../src/user-cache.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAA;AAE/C,MAAM,WAAW,gBAAgB;IAC/B,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,+CAA+C;IAC/C,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAOD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,eAAe,CAAC,IAAI,GAAE,gBAAqB;eAM5C,MAAM,GAAG,QAAQ,GAAG,IAAI;eAUxB,MAAM,QAAQ,QAAQ,GAAG,IAAI;sBAStB,MAAM,GAAG,IAAI;aAItB,IAAI;mBAID,MAAM;EAIrB"}

package/dist/user-cache.js

@@ -1,51 +0,0 @@
-/**
- * In-memory user cache for SSR hooks.
- * Prevents hammering the /profile endpoint on every request.
- *
- * ```ts
- * const cache = createUserCache({ ttl: 120_000, maxSize: 500 })
- *
- * // In your SSR hook:
- * let user = cache.get(token)
- * if (!user) {
- *   user = await fetchProfile(token)
- *   if (user) cache.set(token, user)
- * }
- * ```
- */
-export function createUserCache(opts = {}) {
-    const maxSize = opts.maxSize ?? 500;
-    const ttl = opts.ttl ?? 120_000;
-    const store = new Map();
-    return {
-        get(token) {
-            const entry = store.get(token);
-            if (!entry)
-                return null;
-            if (Date.now() - entry.timestamp > ttl) {
-                store.delete(token);
-                return null;
-            }
-            return entry.user;
-        },
-        set(token, user) {
-            // Evict oldest if full
-            if (store.size >= maxSize) {
-                const oldest = store.keys().next().value;
-                if (oldest)
-                    store.delete(oldest);
-            }
-            store.set(token, { user, timestamp: Date.now() });
-        },
-        invalidate(token) {
-            store.delete(token);
-        },
-        clear() {
-            store.clear();
-        },
-        get size() {
-            return store.size;
-        },
-    };
-}
-//# sourceMappingURL=user-cache.js.map

package/dist/user-cache.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"user-cache.js","sourceRoot":"","sources":["../src/user-cache.ts"],"names":[],"mappings":"AAcA;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,eAAe,CAAC,OAAyB,EAAE;IACzD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,GAAG,CAAA;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAA;IAC/B,MAAM,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAA;IAE3C,OAAO;QACL,GAAG,CAAC,KAAa;YACf,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;YAC9B,IAAI,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAA;YACvB,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;gBACvC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;gBACnB,OAAO,IAAI,CAAA;YACb,CAAC;YACD,OAAO,KAAK,CAAC,IAAI,CAAA;QACnB,CAAC;QAED,GAAG,CAAC,KAAa,EAAE,IAAc;YAC/B,uBAAuB;YACvB,IAAI,KAAK,CAAC,IAAI,IAAI,OAAO,EAAE,CAAC;gBAC1B,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAA;gBACxC,IAAI,MAAM;oBAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAClC,CAAC;YACD,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;QACnD,CAAC;QAED,UAAU,CAAC,KAAa;YACtB,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QACrB,CAAC;QAED,KAAK;YACH,KAAK,CAAC,KAAK,EAAE,CAAA;QACf,CAAC;QAED,IAAI,IAAI;YACN,OAAO,KAAK,CAAC,IAAI,CAAA;QACnB,CAAC;KACF,CAAA;AACH,CAAC"}