npm - @lark-apaas/auth-sdk - Versions diffs - 0.1.0-alpha.0 - Mend

@lark-apaas/auth-sdk 0.1.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/LICENSE +13 -0
package/README.md +351 -0
package/lib/AuthProvider.d.ts +158 -0
package/lib/AuthProvider.d.ts.map +1 -0
package/lib/AuthProvider.js +140 -0
package/lib/CanRoute.d.ts +42 -0
package/lib/CanRoute.d.ts.map +1 -0
package/lib/CanRoute.js +27 -0
package/lib/RouteGuard.d.ts +42 -0
package/lib/RouteGuard.d.ts.map +1 -0
package/lib/RouteGuard.js +27 -0
package/lib/ability-factory.d.ts +22 -0
package/lib/ability-factory.d.ts.map +1 -0
package/lib/ability-factory.js +26 -0
package/lib/index.d.ts +15 -0
package/lib/index.d.ts.map +1 -0
package/lib/index.js +6 -0
package/lib/permission-client.d.ts +22 -0
package/lib/permission-client.d.ts.map +1 -0
package/lib/permission-client.js +58 -0
package/lib/types.d.ts +106 -0
package/lib/types.d.ts.map +1 -0
package/lib/types.js +0 -0
package/package.json +46 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,13 @@
+MIT License
+Copyright (c) 2024 Lark Technologies Pte. Ltd. and/or its affiliates
+Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted,provided that the above copyright notice and this permission notice appear in all copies.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE
+INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO
+EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
+DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,351 @@
+## @lark-apaas/auth-sdk
+基于 CASL 的前端鉴权 SDK，封装了权限数据获取、Ability 初始化与 React 集成，帮助你在应用中便捷地做「功能级/按钮级/菜单级/页面级」的权限控制。
+### 安装
+```bash
+npm i @lark-apaas/auth-sdk
+# 或者
+yarn add @lark-apaas/auth-sdk
+```
+### 快速开始
+```tsx
+import React from 'react';
+import { AuthProvider, Can, useAbility } from '@lark-apaas/auth-sdk';
+export default function App() {
+  return (
+    <AuthProvider
+      config={{
+        permissionApi: {
+          baseUrl: 'http://localhost:3000',
+          endpoint: '/api/users/:userId/permissions',
+          // 可选：apiToken、timeout、headers、withCredentials
+        },
+        autoFetch: true,
+        onError: (e) => console.error(e),
+      }}
+    >
+      <Home />
+    </AuthProvider>
+  );
+}
+function Home() {
+  const ability = useAbility();
+  return (
+    <div>
+      <Can I="read" a="Dashboard">
+        <div>可见的仪表盘</div>
+      </Can>
+      <button disabled={ability.cannot('create', 'Task')}>创建任务</button>
+    </div>
+  );
+}
+```
+---
+## 核心 API
+### AuthProvider
+- **作用**: 提供 `Ability` 与权限状态上下文，自动/手动拉取权限。
+- **Props**:
+  - `config?: AuthSdkConfig`
+    - `noPermissionPath?: string` 无权限时的导航路径
+    - `permissionApi?: PermissionApiConfig` 拉取权限接口配置
+      - `baseUrl?: string`
+      - `endpoint?: string`，支持 `:userId` 占位
+      - `timeout?: number`，默认 5000ms
+      - `headers?: Record<string,string>`
+      - `apiToken?: string` 自动加到 Authorization 头
+      - `withCredentials?: boolean`，默认 true
+    - `autoFetch?: boolean` 是否初始化自动拉取
+    - `onError?: (error: Error) => void`
+    - `onSuccess?: (data: PermissionApiResponse) => void`
+  - `children: React.ReactNode`
+示例：
+```tsx
+<AuthProvider userId="user-123" config={{
+  permissionApi: { endpoint: '/api/permissions' },
+  autoFetch: true,
+}}>
+  <App />
+  {/* Can/Hook 在其子树中生效 */}
+</AuthProvider>
+```
+### useAuth
+- **作用**: 访问权限状态与方法。
+- **返回**:
+  - `permissions: Permission[]`
+  - `roles: string[]`
+  - `userId: string | null`
+  - `setUserId(userId: string): void`
+  - `isLoading: boolean`
+  - `error: Error | null`
+  - `fetchPermissions(userId?: string): Promise<void>` 手动拉取
+  - `refetch(): Promise<void>` 按当前 `userId` 重新拉取
+```tsx
+const { permissions, roles, isLoading, refetch } = useAuth();
+```
+### useAbility
+- **作用**: 获取 CASL `Ability` 实例，使用 `ability.can(action, subject)` 做任意判断。
+```tsx
+const ability = useAbility();
+const canCreate = ability.can('create', 'Task');
+```
+### Can 组件（来自 @casl/react 的 Contextual Can）
+- **作用**: 条件渲染，只有当 `I` 对 `a` 可操作时才渲染子内容；也支持 render prop。
+```tsx
+<Can I="delete" a="Task">
+  <button>删除任务</button>
+</Can>
+<Can I="download" a="Report">{(allowed) => (
+  <button disabled={!allowed}>下载报表</button>
+)}</Can>
+```
+### 批量权限判断：useCanPermission / CanPermission
+- `useCanPermission({ permissions, or })`：一次检查多个权限；`or=true` 表示任一满足即可，否则默认全部需要满足。
+- `CanPermission`：同上但以组件方式使用，支持 children 或 render prop。
+```tsx
+const allowed = useCanPermission({
+  permissions: [
+    { action: 'read', subject: 'Report' },
+    { action: 'download', subject: 'Report' },
+  ],
+  or: false,
+});
+<CanPermission
+  permissions={[{ action: 'manage', subject: 'Task' }, { action: 'delete', subject: 'Task' }]}>
+  <BulkActions />
+</CanPermission>
+```
+### 角色判断：useCanRole / CanRole
+- 角色被映射为特殊 subject `@role` 下的 action。
+- `useCanRole({ roles, and })`：是否拥有指定多个角色；`and=true` 表示需要同时具备。
+- `CanRole`：以组件形式使用。
+```tsx
+const isAdmin = useCanRole({ roles: ['admin_role'] });
+<CanRole roles={[ 'admin_role', 'ops_role' ]} and>
+  <DangerZone />
+</CanRole>
+```
+### 路由守卫：CanRoute
+- **作用**: 路由级别的权限守卫，支持权限和角色双重检查，无权限时可自动重定向。
+- **Props**:
+  - `permissions?: Array<{ action: string; subject: string }>` 需要检查的权限列表
+  - `roles?: string[]` 需要检查的角色列表
+  - `children: React.ReactNode` 受保护的内容
+  - `fallback?: React.ReactNode` 无权限时渲染的内容（优先级最高）
+  - `redirectTo?: string` 无权限时重定向的路径（优先级次之）
+  - 如果既没有 `fallback` 也没有 `redirectTo`，会尝试使用 `AuthProvider` 配置的 `noPermissionPath`
+  - 如果都没有配置，则返回 `null`
+```tsx
+import { CanRoute } from '@lark-apaas/auth-sdk';
+import { Routes, Route } from 'react-router-dom';
+// 基础用法：权限检查
+<CanRoute permissions={[{ action: 'read', subject: 'Dashboard' }]}>
+  <Dashboard />
+</CanRoute>
+// 角色检查
+<CanRoute roles={['admin', 'manager']}>
+  <AdminPanel />
+</CanRoute>
+// 自定义重定向
+<CanRoute
+  permissions={[{ action: 'manage', subject: 'User' }]}
+  redirectTo="/unauthorized"
+>
+  <UserManagement />
+</CanRoute>
+// 自定义 fallback 内容
+<CanRoute
+  roles={['admin']}
+  fallback={<div>您没有管理员权限</div>}
+>
+  <AdminSettings />
+</CanRoute>
+// 在路由中使用
+<Routes>
+  <Route path="/admin" element={
+    <CanRoute permissions={[{ action: 'manage', subject: 'Task' }]}>
+      <AdminPage />
+    </CanRoute>
+  } />
+</Routes>
+```
+### PermissionClient
+- **作用**: 独立的权限数据获取客户端，供非 React 场景（或自定义状态管理）使用。
+- **方法**:
+  - `constructor(config?: PermissionApiConfig)`
+  - `fetchPermissions(userId?: string): Promise<PermissionApiResponse>`
+  - `updateConfig(partial: Partial<PermissionApiConfig>): void`
+  - `getConfig(): PermissionApiConfig`
+```ts
+import { PermissionClient } from '@lark-apaas/auth-sdk';
+const client = new PermissionClient({ baseUrl: '/api', endpoint: '/users/:userId/permissions' });
+const data = await client.fetchPermissions('user-123');
+```
+### 能力工厂（与 CASL 交互）
+- `createAbility({ permissions?: Permission[], roles?: string[] }): Ability`
+- `updateAbility(ability: Ability, { permissions?: Permission[], roles?: string[] }): void`
+- `convertPermissionsToRules(permissions: Permission[], roles: string[]): CaslRule[]`
+适用于需要在 React 之外构建/更新 `Ability` 的场景，或做 SSR/单元测试。
+```ts
+import { createAbility, updateAbility } from '@lark-apaas/auth-sdk';
+const ability = createAbility({ permissions: [], roles: ['admin_role'] });
+// 后续有新权限
+updateAbility(ability, { permissions: [{ id: 'p1', name: 'Task Read', sub: 'Task', actions: ['read'] }], roles: [] });
+```
+---
+## 类型与再导出
+- 从本包导出的类型：`Action`、`Subject`、`Permission`、`UserRole`、`PermissionApiResponse`、`PermissionApiConfig`、`AuthSdkConfig`、`CaslRule`。
+- 便捷再导出：`Ability`、`AbilityBuilder`、`AbilityClass`（来自 `@casl/ability`）。
+---
+## 集成建议与最佳实践
+- **权限接口返回**：`{ userId, roles: (string|UserRole)[], permissions: Permission[] }`，其中 `roles` 支持字符串或对象；SDK 会标准化为字符串数组。
+- **错误处理**：实现 `onError` 上报或提示；`onSuccess` 可做埋点。
+- **渲染时机**：根据 `useAuth()` 的 `isLoading`/`error` 渲染 Loading/Error 页，避免闪烁。
+- **与路由结合**：使用 `CanRoute` 组件做页面级访问控制，支持自动重定向和自定义 fallback 内容。
+- **路由守卫最佳实践**：
+  - 优先使用 `fallback` 属性展示友好的无权限提示
+  - 使用 `redirectTo` 重定向到专门的错误页面
+  - 在 `AuthProvider` 中配置全局的 `noPermissionPath` 作为兜底
+---
+## 进阶示例
+### 菜单按权限过滤
+```tsx
+import { useAbility } from '@lark-apaas/auth-sdk';
+const menus = [
+  { name: 'Dashboard', path: '/dashboard', p: { action: 'read', subject: 'Dashboard' } },
+  { name: 'Users', path: '/users', p: { action: 'read', subject: 'User' } },
+  { name: 'Settings', path: '/settings', p: { action: 'manage', subject: 'Settings' } },
+];
+function Nav() {
+  const ability = useAbility();
+  return (
+    <nav>
+      {menus.map(m => ability.can(m.p.action, m.p.subject) && (
+        <a key={m.path} href={m.path}>{m.name}</a>
+      ))}
+    </nav>
+  );
+}
+```
+### 批量操作区
+```tsx
+import { BatchCan } from '@lark-apaas/auth-sdk';
+<BatchCan permissions={[{ action: 'delete', subject: 'Task' }, { action: 'manage', subject: 'Task' }]}>
+  <div className="bulk-actions">
+    <button>批量删除</button>
+    <button>导出全部</button>
+  </div>
+</BatchCan>
+```
+### 路由级权限控制
+```tsx
+import { CanRoute } from '@lark-apaas/auth-sdk';
+import { Routes, Route, Navigate } from 'react-router-dom';
+function App() {
+  return (
+    <Routes>
+      {/* 公开路由 */}
+      <Route path="/" element={<HomePage />} />
+      <Route path="/login" element={<LoginPage />} />
+      {/* 受保护的路由 */}
+      <Route path="/dashboard" element={
+        <CanRoute permissions={[{ action: 'read', subject: 'Dashboard' }]}>
+          <Dashboard />
+        </CanRoute>
+      } />
+      {/* 管理员路由 */}
+      <Route path="/admin" element={
+        <CanRoute
+          roles={['admin']}
+          fallback={<Navigate to="/unauthorized" replace />}
+        >
+          <AdminPanel />
+        </CanRoute>
+      } />
+      {/* 多权限检查 */}
+      <Route path="/reports" element={
+        <CanRoute
+          permissions={[
+            { action: 'read', subject: 'Report' },
+            { action: 'export', subject: 'Report' }
+          ]}
+          redirectTo="/no-access"
+        >
+          <ReportsPage />
+        </CanRoute>
+      } />
+      {/* 错误页面 */}
+      <Route path="/unauthorized" element={<UnauthorizedPage />} />
+      <Route path="/no-access" element={<NoAccessPage />} />
+    </Routes>
+  );
+}
+```
+---
+## 常见问题（FAQ）
+- **如何做角色判断？** 使用 `useCanRole`/`CanRole`；角色被映射为对特殊 subject `@role` 的 action。
+- **如何使用路由守卫？** 使用 `CanRoute` 组件包装需要保护的路由内容，支持权限和角色双重检查。
+- **CanRoute 的重定向优先级？** `fallback` > `redirectTo` > `noPermissionPath`（AuthProvider 配置）> `null`。
+- **CanRoute 需要 react-router-dom 依赖吗？** 是的，因为使用了 `Navigate` 和 `useLocation`，请确保项目中已安装。
+---
+## 许可
+MIT

package/lib/AuthProvider.d.ts ADDED Viewed

@@ -0,0 +1,158 @@
+import React from 'react';
+import { Ability } from '@casl/ability';
+import type { AuthSdkConfig, Permission } from './types';
+/**
+ * Ability Context - 用于在组件树中共享 Ability 实例
+ */
+export declare const AbilityContext: React.Context<Ability<import("@casl/ability").AbilityTuple, import("@casl/ability").MongoQuery>>;
+/** 权限点位鉴权相关的 Hooks 和组件 */
+/**
+ * Can 组件 - 基于 Context 的条件渲染组件
+ * 使用 @casl/react 的 createContextualCan 创建，复用 CASL 的官方实现
+ */
+export declare const Can: React.FunctionComponent<import("@casl/react").BoundCanProps<Ability<import("@casl/ability").AbilityTuple, import("@casl/ability").MongoQuery>>>;
+export interface UseCanPermissionProps {
+    permissions?: Array<{
+        action: string;
+        subject: string;
+    }>;
+    or?: boolean;
+}
+export interface CanPermissionProps extends UseCanPermissionProps {
+    children: React.ReactNode | ((allowed: boolean) => React.ReactNode);
+}
+export declare const useCanPermission: ({ permissions, or }: UseCanPermissionProps) => boolean;
+export declare function CanPermission({ permissions, children, or }: {
+    permissions: Array<{
+        action: string;
+        subject: string;
+    }>;
+    children: React.ReactNode | ((allowed: boolean) => React.ReactNode);
+    or?: boolean;
+}): import("react/jsx-runtime").JSX.Element | null;
+/** 角色鉴权相关的 Hooks 和组件 */
+export interface UseCanRoleProps {
+    roles?: string[];
+    and?: boolean;
+}
+export declare const useCanRole: ({ roles, and }: UseCanRoleProps) => boolean;
+export interface CanRoleProps extends UseCanRoleProps {
+    children: React.ReactNode | ((allowed: boolean) => React.ReactNode);
+}
+export declare const CanRole: ({ roles, and, children }: CanRoleProps) => import("react/jsx-runtime").JSX.Element | null;
+/**
+ * Auth 状态 Context 类型定义
+ * 存储权限数据和加载状态
+ */
+interface AuthStateContextValue {
+    noPermissionPath?: string;
+    permissions: Permission[];
+    roles: string[];
+    userId: string | null;
+    setUserId: (userId: string) => void;
+    isLoading: boolean;
+    error: Error | null;
+    fetchPermissions: (userId?: string) => Promise<void>;
+    refetch: () => Promise<void>;
+}
+/**
+ * Auth Provider Props
+ */
+export interface AuthProviderProps {
+    children: React.ReactNode;
+    config?: AuthSdkConfig;
+    userId?: string;
+}
+/**
+ * Auth Provider 组件
+ *
+ * 提供 Ability 实例和权限数据到组件树
+ *
+ * @example
+ * ```tsx
+ * import { AuthProvider } from '@lark-apaas/auth-sdk';
+ *
+ * function App() {
+ *   return (
+ *     <AuthProvider userId="user-123" config={{
+ *       permissionApi: {
+ *         baseUrl: 'http://localhost:3000',
+ *         endpoint: '/mock-api/users/:userId/permissions'
+ *       }
+ *     }}>
+ *       <YourApp />
+ *     </AuthProvider>
+ *   );
+ * }
+ * ```
+ */
+export declare function AuthProvider({ children, config }: AuthProviderProps): import("react/jsx-runtime").JSX.Element;
+/**
+ * useAuth Hook - 获取权限数据和加载状态
+ *
+ * @example
+ * ```tsx
+ * import { useAuth, useAbility } from '@lark-apaas/auth-sdk';
+ *
+ * function MyComponent() {
+ *   const { permissions, isLoading } = useAuth();
+ *   const ability = useAbility();
+ *
+ *   if (isLoading) return <div>Loading...</div>;
+ *
+ *   return (
+ *     <div>
+ *       {ability.can('read', 'Task') && <TaskList />}
+ *     </div>
+ *   );
+ * }
+ * ```
+ */
+export declare function useAuth(): AuthStateContextValue;
+/**
+ * useAbility Hook - 获取 Ability 实例
+ *
+ * @example
+ * ```tsx
+ * import { useAbility } from '@lark-apaas/auth-sdk';
+ *
+ * function MyComponent() {
+ *   const ability = useAbility();
+ *
+ *   return (
+ *     <button disabled={ability.cannot('create', 'Task')}>
+ *       Create Task
+ *     </button>
+ *   );
+ * }
+ * ```
+ */
+export declare function useAbility(): Ability;
+/**
+ * usePermissions Hook - 获取权限列表
+ *
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const permissions = usePermissions();
+ *   return <div>You have {permissions.length} permissions</div>;
+ * }
+ * ```
+ */
+export declare function usePermissions(): Permission[];
+/**
+ * useRoles Hook - 获取角色列表
+ *
+ * @example
+ * ```tsx
+ * function MyComponent() {
+ *   const roles = useRoles();
+ *   return <div>Your roles: {roles.join(', ')}</div>;
+ * }
+ * ```
+ */
+export declare function useRoles(): string[];
+export declare function useUserId(): [string | null, (userId: string) => void];
+export declare function useNoPermissionPath(): string | undefined;
+export {};
+//# sourceMappingURL=AuthProvider.d.ts.map

package/lib/AuthProvider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../src/AuthProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAsE,MAAM,OAAO,CAAC;AAC3F,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAIzD;;GAEG;AACH,eAAO,MAAM,cAAc,kGAAsE,CAAC;AAElG,0BAA0B;AAC1B;;;GAGG;AACH,eAAO,MAAM,GAAG,iJAA+C,CAAC;AAGhE,MAAM,WAAW,qBAAqB;IACpC,WAAW,CAAC,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzD,EAAE,CAAC,EAAE,OAAO,CAAC;CACd;AAED,MAAM,WAAW,kBAAmB,SAAQ,qBAAqB;IAC/D,QAAQ,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;CACrE;AAED,eAAO,MAAM,gBAAgB,GAAY,qBAAqB,qBAAqB,KAAG,OAYrF,CAAC;AAGF,wBAAgB,aAAa,CAAC,EAAE,WAAW,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE;IAAE,WAAW,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,QAAQ,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAAC,EAAE,CAAC,EAAC,OAAO,CAAA;CAAE,kDASzM;AAED,wBAAwB;AACxB,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED,eAAO,MAAM,UAAU,GAAa,gBAAgB,eAAe,KAAG,OASrE,CAAC;AAEF,MAAM,WAAW,YAAa,SAAQ,eAAe;IACnD,QAAQ,EAAE,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;CACrE;AAED,eAAO,MAAM,OAAO,GAAa,0BAA0B,YAAY,mDAMtE,CAAC;AAEF;;;GAGG;AACH,UAAU,qBAAqB;IAC7B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IACpC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,gBAAgB,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAOD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,iBAAiB,2CAkFnE;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,OAAO,IAAI,qBAAqB,CAQ/C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,UAAU,IAAI,OAAO,CAEpC;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,cAAc,IAAI,UAAU,EAAE,CAG7C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,QAAQ,IAAI,MAAM,EAAE,CAGnC;AAED,wBAAgB,SAAS,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC,CAGrE;AAED,wBAAgB,mBAAmB,IAAI,MAAM,GAAG,SAAS,CAGxD"}

package/lib/AuthProvider.js ADDED Viewed

@@ -0,0 +1,140 @@
+import { Fragment, jsx } from "react/jsx-runtime";
+import { createContext, useCallback, useContext, useEffect, useState } from "react";
+import { createContextualCan } from "@casl/react";
+import { ROLE_SUBJECT, createAbility, updateAbility } from "./ability-factory.js";
+import { PermissionClient } from "./permission-client.js";
+const AbilityContext = /*#__PURE__*/ createContext(createAbility({
+    permissions: [],
+    roles: []
+}));
+const Can = createContextualCan(AbilityContext.Consumer);
+const useCanPermission = function({ permissions, or }) {
+    const ability = useAbility();
+    let allowed = false;
+    allowed = or ? !permissions || !permissions.length || permissions.length > 0 && permissions.some(({ action, subject })=>ability.can(action, subject)) : !permissions || !permissions.length || permissions.length > 0 && permissions.every(({ action, subject })=>ability.can(action, subject));
+    return !!allowed;
+};
+function CanPermission({ permissions, children, or }) {
+    const allowed = useCanPermission({
+        permissions,
+        or
+    });
+    if ('function' == typeof children) return /*#__PURE__*/ jsx(Fragment, {
+        children: children(allowed)
+    });
+    return allowed ? /*#__PURE__*/ jsx(Fragment, {
+        children: children
+    }) : null;
+}
+const useCanRole = function({ roles, and }) {
+    const ability = useAbility();
+    let allowed = false;
+    allowed = and ? !roles || 0 === roles.length || roles.length > 0 && roles.every((role)=>ability.can(role, ROLE_SUBJECT)) : !roles || 0 === roles.length || roles.length > 0 && roles.some((role)=>ability.can(role, ROLE_SUBJECT));
+    return !!allowed;
+};
+const CanRole = function({ roles, and, children }) {
+    const allowed = useCanRole({
+        roles,
+        and
+    });
+    if ('function' == typeof children) return /*#__PURE__*/ jsx(Fragment, {
+        children: children(allowed)
+    });
+    return allowed ? /*#__PURE__*/ jsx(Fragment, {
+        children: children
+    }) : null;
+};
+const AuthStateContext = /*#__PURE__*/ createContext(null);
+function AuthProvider({ children, config }) {
+    const [ability] = useState(()=>createAbility({}));
+    const [permissions, setPermissions] = useState([]);
+    const [roles, setRoles] = useState([]);
+    const [userId, setUserId] = useState(null);
+    const [isLoading, setIsLoading] = useState(false);
+    const [error, setError] = useState(null);
+    const [client] = useState(()=>new PermissionClient(config?.permissionApi));
+    const fetchPermissions = useCallback(async (uid)=>{
+        setIsLoading(true);
+        setError(null);
+        try {
+            const data = await client.fetchPermissions(uid);
+            const normalizedRoles = data.roles.map((role)=>'string' == typeof role ? role : role.name);
+            setPermissions(data.permissions);
+            setRoles(normalizedRoles);
+            setUserId(data.userId);
+            updateAbility(ability, {
+                permissions: data.permissions,
+                roles: normalizedRoles
+            });
+            config?.onSuccess?.(data);
+        } catch (err) {
+            const error = err instanceof Error ? err : new Error(String(err));
+            setError(error);
+            config?.onError?.(error);
+        } finally{
+            setIsLoading(false);
+        }
+    }, [
+        ability,
+        client,
+        config
+    ]);
+    const refetch = useCallback(async ()=>{
+        await fetchPermissions(userId);
+    }, [
+        userId,
+        fetchPermissions
+    ]);
+    useEffect(()=>{
+        if (config?.autoFetch !== false) fetchPermissions();
+    }, [
+        config?.autoFetch,
+        fetchPermissions
+    ]);
+    const stateContextValue = {
+        permissions,
+        roles,
+        userId,
+        setUserId,
+        noPermissionPath: config?.noPermissionPath,
+        isLoading,
+        error,
+        fetchPermissions,
+        refetch
+    };
+    return /*#__PURE__*/ jsx(AbilityContext.Provider, {
+        value: ability,
+        children: /*#__PURE__*/ jsx(AuthStateContext.Provider, {
+            value: stateContextValue,
+            children: children
+        })
+    });
+}
+function useAuth() {
+    const context = useContext(AuthStateContext);
+    if (!context) throw new Error('useAuth must be used within an AuthProvider');
+    return context;
+}
+function useAbility() {
+    return useContext(AbilityContext);
+}
+function usePermissions() {
+    const { permissions } = useAuth();
+    return permissions;
+}
+function useRoles() {
+    const { roles } = useAuth();
+    return roles;
+}
+function useUserId() {
+    const { userId, setUserId } = useAuth();
+    return [
+        userId,
+        setUserId
+    ];
+}
+function useNoPermissionPath() {
+    const { noPermissionPath } = useAuth();
+    return noPermissionPath;
+}
+export { AbilityContext, AuthProvider, Can, CanPermission, CanRole, useAbility, useAuth, useCanPermission, useCanRole, useNoPermissionPath, usePermissions, useRoles, useUserId };

package/lib/CanRoute.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import { type ReactNode } from 'react';
+/**
+ * CanRoute 组件 Props
+ */
+export interface CanRouteProps {
+    permissions?: Array<{
+        action: string;
+        subject: string;
+    }>;
+    roles?: string[];
+    children: ReactNode;
+    redirectTo?: string;
+    fallback?: ReactNode;
+}
+/**
+ * CanRoute 组件 - 路由级别的权限守卫
+ *
+ * 基于权限和角色进行路由级别的访问控制
+ * 当权限或角色检查失败时，会渲染 fallback 内容或返回 null
+ *
+ * @example
+ * ```tsx
+ * import { CanRoute } from '@lark-apaas/auth-sdk';
+ * import { Navigate, useLocation } from 'react-router-dom';
+ *
+ * function ProtectedRoute() {
+ *   const location = useLocation();
+ *
+ *   return (
+ *     <CanRoute
+ *       permissions={[{ action: 'read', subject: 'Task' }]}
+ *       roles={['admin']}
+ *       fallback={<Navigate to="/forbidden" replace state={{ from: location }} />}
+ *     >
+ *       <TaskList />
+ *     </CanRoute>
+ *   );
+ * }
+ * ```
+ */
+export declare function CanRoute({ permissions, roles, children, fallback, redirectTo }: CanRouteProps): import("react/jsx-runtime").JSX.Element | null;
+//# sourceMappingURL=CanRoute.d.ts.map

package/lib/CanRoute.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"CanRoute.d.ts","sourceRoot":"","sources":["../src/CanRoute.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAItC;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,CAAC,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,SAAS,CAAC;CACtB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,QAAQ,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAe,EAAE,UAAe,EAAE,EAAE,aAAa,kDAezG"}

package/lib/CanRoute.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { Fragment, jsx } from "react/jsx-runtime";
+import { Navigate, useLocation } from "react-router-dom";
+import { useCanPermission, useCanRole, useNoPermissionPath } from "./AuthProvider.js";
+function CanRoute({ permissions, roles, children, fallback = null, redirectTo = '' }) {
+    const noPermissionPath = useNoPermissionPath();
+    const location = useLocation();
+    let allPass = true;
+    if (!useCanPermission({
+        permissions
+    })) allPass = false;
+    if (!useCanRole({
+        roles
+    })) allPass = false;
+    if (!allPass) return fallback ? /*#__PURE__*/ jsx(Fragment, {
+        children: fallback
+    }) : redirectTo || noPermissionPath ? /*#__PURE__*/ jsx(Navigate, {
+        to: redirectTo || noPermissionPath,
+        replace: true,
+        state: {
+            from: location
+        }
+    }) : null;
+    return /*#__PURE__*/ jsx(Fragment, {
+        children: children
+    });
+}
+export { CanRoute };

package/lib/RouteGuard.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+import { type ReactNode } from 'react';
+/**
+ * RouteGuard 组件 Props
+ */
+export interface RouteGuardProps {
+    permissions?: Array<{
+        action: string;
+        subject: string;
+    }>;
+    roles?: string[];
+    children: ReactNode;
+    redirectTo?: string;
+    fallback?: ReactNode;
+}
+/**
+ * RouteGuard 组件 - 路由级别的权限守卫
+ *
+ * 基于权限和角色进行路由级别的访问控制
+ * 当权限或角色检查失败时，会渲染 fallback 内容或返回 null
+ *
+ * @example
+ * ```tsx
+ * import { RouteGuard } from '@lark-apaas/auth-sdk';
+ * import { Navigate, useLocation } from 'react-router-dom';
+ *
+ * function ProtectedRoute() {
+ *   const location = useLocation();
+ *
+ *   return (
+ *     <RouteGuard
+ *       permissions={[{ action: 'read', subject: 'Task' }]}
+ *       roles={['admin']}
+ *       fallback={<Navigate to="/forbidden" replace state={{ from: location }} />}
+ *     >
+ *       <TaskList />
+ *     </RouteGuard>
+ *   );
+ * }
+ * ```
+ */
+export declare function RouteGuard({ permissions, roles, children, fallback, redirectTo }: RouteGuardProps): import("react/jsx-runtime").JSX.Element | null;
+//# sourceMappingURL=RouteGuard.d.ts.map

package/lib/RouteGuard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"RouteGuard.d.ts","sourceRoot":"","sources":["../src/RouteGuard.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAGtC;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,WAAW,CAAC,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,SAAS,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,SAAS,CAAC;CACtB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,UAAU,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAe,EAAE,UAAe,EAAE,EAAE,eAAe,kDAe7G"}

package/lib/RouteGuard.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { Fragment, jsx } from "react/jsx-runtime";
+import { Navigate, useLocation } from "react-router-dom";
+import { useCanPermission, useCanRole, useNoPermissionPath } from "./AuthProvider.js";
+function RouteGuard({ permissions, roles, children, fallback = null, redirectTo = '' }) {
+    const noPermissionPath = useNoPermissionPath();
+    const location = useLocation();
+    let allPass = true;
+    if (!useCanPermission({
+        permissions
+    })) allPass = false;
+    if (!useCanRole({
+        roles
+    })) allPass = false;
+    if (!allPass) return fallback ? /*#__PURE__*/ jsx(Fragment, {
+        children: fallback
+    }) : redirectTo || noPermissionPath ? /*#__PURE__*/ jsx(Navigate, {
+        to: redirectTo || noPermissionPath,
+        replace: true,
+        state: {
+            from: location
+        }
+    }) : null;
+    return /*#__PURE__*/ jsx(Fragment, {
+        children: children
+    });
+}
+export { RouteGuard };

package/lib/ability-factory.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { Ability } from '@casl/ability';
+import type { Permission, CaslRule } from './types';
+export declare const ROLE_SUBJECT = "@role";
+/**
+ * 将权限数据转换为 CASL 规则
+ */
+export declare function convertPermissionsToRules(permissions: Permission[], roles: string[]): CaslRule[];
+/**
+ * 创建 Ability 实例
+ */
+export declare function createAbility({ permissions, roles }: {
+    permissions?: Permission[];
+    roles?: string[];
+}): Ability;
+/**
+ * 更新已存在的 Ability 实例
+ */
+export declare function updateAbility(ability: Ability, { permissions, roles }: {
+    permissions?: Permission[];
+    roles?: string[];
+}): void;
+//# sourceMappingURL=ability-factory.d.ts.map

package/lib/ability-factory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ability-factory.d.ts","sourceRoot":"","sources":["../src/ability-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAgC,MAAM,eAAe,CAAC;AACtE,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEpD,eAAO,MAAM,YAAY,UAAU,CAAC;AACpC;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,CAoBhG;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAAC,WAAW,EAAE,KAAK,EAAC,EAAE;IAAC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CAAC,GAAG,OAAO,CAkB3G;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,EAAC,WAAW,EAAE,KAAK,EAAC,EAAE;IAAC,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CAAC,GAAG,IAAI,CAG1H"}

package/lib/ability-factory.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { Ability, AbilityBuilder } from "@casl/ability";
+const ROLE_SUBJECT = '@role';
+function convertPermissionsToRules(permissions, roles) {
+    const rules = [];
+    for (const permission of permissions)for (const action of permission.actions)rules.push({
+        action,
+        subject: permission.sub
+    });
+    for (const role of roles)rules.push({
+        action: role,
+        subject: ROLE_SUBJECT
+    });
+    return rules;
+}
+function createAbility({ permissions, roles }) {
+    const { build, can } = new AbilityBuilder(Ability);
+    const rules = convertPermissionsToRules(permissions || [], roles || []);
+    for (const rule of rules)if (Array.isArray(rule.action)) for (const action of rule.action)can(action, rule.subject, rule.fields);
+    else can(rule.action, rule.subject, rule.fields);
+    return build();
+}
+function updateAbility(ability, { permissions, roles }) {
+    const rules = convertPermissionsToRules(permissions || [], roles || []);
+    ability.update(rules);
+}
+export { ROLE_SUBJECT, convertPermissionsToRules, createAbility, updateAbility };

package/lib/index.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * @lark-apaas/auth-sdk
+ *
+ * 基于 CASL 的前端鉴权 SDK
+ * 封装了权限数据获取和 Ability 初始化逻辑
+ */
+export type { Action, Subject, Permission, UserRole, PermissionApiResponse, PermissionApiConfig, AuthSdkConfig, CaslRule, } from './types';
+export { createAbility, updateAbility, convertPermissionsToRules, } from './ability-factory';
+export { PermissionClient } from './permission-client';
+export { AuthProvider, Can, useCanPermission, CanPermission, useCanRole, CanRole, useAuth, useAbility, usePermissions, useRoles, AbilityContext, useUserId, useNoPermissionPath, } from './AuthProvider';
+export { CanRoute } from './CanRoute';
+export type { AuthProviderProps, UseCanPermissionProps, UseCanRoleProps, CanPermissionProps, CanRoleProps, } from './AuthProvider';
+export type { CanRouteProps } from './CanRoute';
+export { Ability, AbilityBuilder, type AbilityClass } from '@casl/ability';
+//# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EACV,MAAM,EACN,OAAO,EACP,UAAU,EACV,QAAQ,EACR,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,QAAQ,GACT,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,aAAa,EACb,aAAa,EACb,yBAAyB,GAC1B,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,YAAY,EACZ,GAAG,EACH,gBAAgB,EAChB,aAAa,EACb,UAAU,EACV,OAAO,EACP,OAAO,EACP,UAAU,EACV,cAAc,EACd,QAAQ,EACR,cAAc,EACd,SAAS,EACT,mBAAmB,GACpB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,YAAY,EACV,iBAAiB,EACjB,qBAAqB,EACrB,eAAe,EACf,kBAAkB,EAClB,YAAY,GACb,MAAM,gBAAgB,CAAC;AAExB,YAAY,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,YAAY,EAAE,MAAM,eAAe,CAAC"}

package/lib/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+import { convertPermissionsToRules, createAbility, updateAbility } from "./ability-factory.js";
+import { PermissionClient } from "./permission-client.js";
+import { AbilityContext, AuthProvider, Can, CanPermission, CanRole, useAbility, useAuth, useCanPermission, useCanRole, useNoPermissionPath, usePermissions, useRoles, useUserId } from "./AuthProvider.js";
+import { CanRoute } from "./CanRoute.js";
+import { Ability, AbilityBuilder } from "@casl/ability";
+export { Ability, AbilityBuilder, AbilityContext, AuthProvider, Can, CanPermission, CanRole, CanRoute, PermissionClient, convertPermissionsToRules, createAbility, updateAbility, useAbility, useAuth, useCanPermission, useCanRole, useNoPermissionPath, usePermissions, useRoles, useUserId };

package/lib/permission-client.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { PermissionApiConfig, PermissionApiResponse } from './types';
+/**
+ * 权限数据获取客户端
+ */
+export declare class PermissionClient {
+    private config;
+    constructor(config?: PermissionApiConfig);
+    /**
+     * 获取用户权限数据
+     * @param userId - 用户ID（可选，用于向后兼容。如果端点包含 :userId，则会替换）
+     */
+    fetchPermissions(userId?: string): Promise<PermissionApiResponse>;
+    /**
+     * 更新配置
+     */
+    updateConfig(config: Partial<PermissionApiConfig>): void;
+    /**
+     * 获取当前配置
+     */
+    getConfig(): PermissionApiConfig;
+}
+//# sourceMappingURL=permission-client.d.ts.map

package/lib/permission-client.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permission-client.d.ts","sourceRoot":"","sources":["../src/permission-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAY1E;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,CAAC,EAAE,mBAAmB;IAOxC;;;OAGG;IACG,gBAAgB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAsEvE;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI;IAOxD;;OAEG;IACH,SAAS,IAAI,mBAAmB;CAGjC"}

package/lib/permission-client.js ADDED Viewed

@@ -0,0 +1,58 @@
+const DEFAULT_CONFIG = {
+    baseUrl: '',
+    endpoint: '/api/permissions',
+    timeout: 5000,
+    withCredentials: true
+};
+class PermissionClient {
+    constructor(config){
+        this.config = {
+            ...DEFAULT_CONFIG,
+            ...config
+        };
+    }
+    async fetchPermissions(userId) {
+        const { baseUrl = DEFAULT_CONFIG.baseUrl, endpoint = DEFAULT_CONFIG.endpoint, timeout = DEFAULT_CONFIG.timeout, headers = {}, apiToken, withCredentials = DEFAULT_CONFIG.withCredentials } = this.config;
+        let finalEndpoint = endpoint;
+        if (userId) finalEndpoint = endpoint.includes(':userId') ? endpoint.replace(':userId', userId) : `${endpoint}?mockUserId=${userId}`;
+        const url = `${baseUrl}${finalEndpoint}`;
+        const requestHeaders = {
+            'Content-Type': 'application/json',
+            ...headers
+        };
+        if (apiToken) requestHeaders['Authorization'] = `Bearer ${apiToken}`;
+        const controller = new AbortController();
+        const timeoutId = setTimeout(()=>controller.abort(), timeout);
+        try {
+            const response = await fetch(url, {
+                method: 'GET',
+                headers: requestHeaders,
+                signal: controller.signal,
+                credentials: withCredentials ? 'include' : 'same-origin'
+            });
+            clearTimeout(timeoutId);
+            if (!response.ok) throw new Error(`Permission API returned ${response.status}: ${response.statusText}`);
+            const data = await response.json();
+            return {
+                ...data,
+                fetchedAt: data.fetchedAt || new Date().toISOString()
+            };
+        } catch (error) {
+            clearTimeout(timeoutId);
+            if ('AbortError' === error.name) throw new Error(`Permission API request timeout after ${timeout}ms`);
+            throw error;
+        }
+    }
+    updateConfig(config) {
+        this.config = {
+            ...this.config,
+            ...config
+        };
+    }
+    getConfig() {
+        return {
+            ...this.config
+        };
+    }
+}
+export { PermissionClient };

package/lib/types.d.ts ADDED Viewed

@@ -0,0 +1,106 @@
+/**
+ * 权限操作类型
+ */
+export type Action = 'create' | 'read' | 'update' | 'delete' | 'manage' | string;
+/**
+ * 权限主体（资源）类型
+ */
+export type Subject = string;
+/**
+ * 单个权限定义
+ */
+export interface Permission {
+    id: string;
+    name: string;
+    sub: Subject;
+    actions: Action[];
+}
+/**
+ * 用户角色定义
+ */
+export interface UserRole {
+    id: string;
+    name: string;
+    description?: string;
+}
+/**
+ * 权限 API 响应数据
+ */
+export interface PermissionApiResponse {
+    userId: string;
+    roles: (string | UserRole)[];
+    permissions: Permission[];
+    fetchedAt?: string | Date;
+}
+/**
+ * 权限 API 配置
+ */
+export interface PermissionApiConfig {
+    /**
+     * API 基础 URL
+     * @default ''
+     */
+    baseUrl?: string;
+    /**
+     * API 端点路径
+     * @default '/api/permissions'
+     */
+    endpoint?: string;
+    /**
+     * 请求超时时间（毫秒）
+     * @default 5000
+     */
+    timeout?: number;
+    /**
+     * 自定义请求头
+     */
+    headers?: Record<string, string>;
+    /**
+     * API Token，会自动添加到 Authorization header
+     */
+    apiToken?: string;
+    /**
+     * 是否携带凭证（cookies）
+     * @default true
+     */
+    withCredentials?: boolean;
+}
+/**
+ * Auth SDK 配置选项
+ */
+export interface AuthSdkConfig {
+    /**
+     * 无权限路径
+     * @default '/no-access'
+     */
+    noPermissionPath?: string;
+    /**
+     * 权限 API 配置
+     */
+    permissionApi?: PermissionApiConfig;
+    /**
+     * 是否在初始化时自动获取权限
+     * @default false
+     */
+    autoFetch?: boolean;
+    /**
+     * 获取权限失败时的错误处理
+     */
+    onError?: (error: Error) => void;
+    /**
+     * 权限获取成功的回调
+     */
+    onSuccess?: (data: PermissionApiResponse) => void;
+}
+/**
+ * CASL 规则定义
+ */
+export interface CaslRule {
+    action: Action | Action[];
+    subject: Subject | Subject[];
+    conditions?: Record<string, unknown>;
+    fields?: string[];
+    inverted?: boolean;
+    reason?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/lib/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,MAAM,GAAG,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEjF;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC;AAE7B;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,CAAC,MAAM,GAAG,QAAQ,CAAC,EAAE,CAAC;IAC7B,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;OAEG;IACH,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC;;;OAGG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,qBAAqB,KAAK,IAAI,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,OAAO,GAAG,OAAO,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}

package/lib/types.js ADDED Viewed

File without changes

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+  "name": "@lark-apaas/auth-sdk",
+  "version": "0.1.0-alpha.0",
+  "description": "基于 CASL 的前端鉴权 SDK",
+  "types": "./lib/index.d.ts",
+  "main": "./lib/index.js",
+  "module": "./lib/index.js",
+  "files": [
+    "lib",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "rslib build",
+    "dev": "rslib build --watch",
+    "type-check": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@casl/ability": "^6.7.1",
+    "@casl/react": "^4.0.0"
+  },
+  "devDependencies": {
+    "@rsbuild/core": "~1.4.13",
+    "@rsbuild/plugin-react": "^1.3.4",
+    "@rslib/core": "^0.15.0",
+    "@types/node": "^22.10.2",
+    "@types/react": "^18.3.23",
+    "typescript": "^5.9.2"
+  },
+  "peerDependencies": {
+    "react": ">=16.14.0",
+    "react-dom": ">=16.14.0",
+    "react-router": ">=6.0.0",
+    "react-router-dom": ">=6.0.0"
+  },
+  "keywords": [
+    "casl",
+    "authorization",
+    "permission",
+    "auth",
+    "react"
+  ],
+  "license": "MIT"
+}