@lark-apaas/auth-sdk 0.1.3 → 0.1.4

package/lib/AuthProvider.d.ts

@@ -1,6 +1,6 @@
 import React from 'react';
 import { MongoAbility } from '@casl/ability';
-import type { AuthSdkConfig } from './types';
+import type { AuthSdkConfig, PermissionPointData } from './types';
 /**
  * Ability Context - 用于在组件树中共享 Ability 实例
  */
@@ -11,7 +11,7 @@ export declare const AbilityContext: React.Context<MongoAbility<import("@casl/ab
  */
 interface AuthStateContextValue {
     ability: MongoAbility;
-    permissions: string[];
+    permissions: PermissionPointData[];
     isLoading: boolean;
     error: Error | null;
     fetchPermissions: (userId?: string) => Promise<void>;
@@ -46,13 +46,6 @@ export interface AuthProviderProps {
  * ```
  */
 export declare function AuthProvider({ children, config }: AuthProviderProps): import("react/jsx-runtime").JSX.Element;
-/**
- * 获取 Ability 实例
- *
- * @param permissionApiConfig - 权限 API 配置
- * @returns Ability 实例或错误
- */
-export declare function getAbility(permissionApiConfig: AuthSdkConfig['permissionApi']): Promise<Error | MongoAbility<import("@casl/ability").AbilityTuple, import("@casl/ability").MongoQuery>>;
 /**
  * useAuth Hook - 获取权限数据和加载状态
  *
@@ -74,32 +67,6 @@ export declare function getAbility(permissionApiConfig: AuthSdkConfig['permissio
  * ```
  */
 export declare function useAuth(): AuthStateContextValue;
-/**
- * CASL 原始 Can 组件（内部使用）
- */
-declare const CaslCan: React.FunctionComponent<import("@casl/react").BoundCanProps<MongoAbility<import("@casl/ability").AbilityTuple, import("@casl/ability").MongoQuery>>>;
-/**
- * Can Component - 基于 Ability 实例的条件渲染组件
- *
- * 内置 isLoading 保护：权限加载期间渲染 fallback（默认为 null），
- * 避免因 ability 未就绪而误判为无权限导致内容闪烁。
- *
- * @example
- * ```tsx
- * import { Can } from '@lark-apaas/auth-sdk';
- *
- * function MyComponent() {
- *   return (
- *     <Can I="Admin" a="@role" fallback={<Loading />}>
- *       <TaskList />
- *     </Can>
- *   );
- * }
- * ```
- */
-export declare function Can({ fallback, ...props }: React.ComponentProps<typeof CaslCan> & {
-    fallback?: React.ReactNode;
-}): import("react/jsx-runtime").JSX.Element;
 /**
  * CanRole Component - 基于角色的条件渲染组件
  *
@@ -127,35 +94,46 @@ export declare function CanRole({ children, roles, fallback, }: {
 /**
  * useUserPermissions Hook - 获取当前用户的权限点位列表
  */
-export declare function useUserPermissions(): string[];
+export declare function useUserPermissions(): PermissionPointData[];
 /**
- * useCanPermission Hook - 判断用户是否拥有指定权限点位
+ * useCan Hook - 通过 CASL Ability 判断用户是否拥有指定权限
  *
- * @param permissions - 需要检查的权限点位列表
- * @param match - 匹配模式：'any' 任一匹配即可，'all' 需要全部匹配
+ * @param action - 操作类型，如 'read', 'create'
+ * @param subject - 资源类型，如 'Task', 'Article'；角色检查时传 '@role'
+ *
+ * @example
+ * ```ts
+ * const { allowed: canRead, isLoading } = useCan('read', 'Task');
+ * if (isLoading) return <Loading />;
+ * if (!canRead) return <NoAccess />;
+ * ```
  */
-export declare function useCanPermission(permissions: string[], match?: 'any' | 'all'): boolean;
+export declare function useCan(action: string, subject: string): {
+    allowed: boolean;
+    isLoading: boolean;
+};
 /**
- * CanPermission Component - 基于权限点位的条件渲染组件
+ * Can Component - 基于 CASL Ability 的条件渲染组件
+ * 前后端统一：后端 @Can('read', 'Task')，前端 <Can action="read" subject="Task">
  *
  * @example
  * ```tsx
- * import { CanPermission } from '@lark-apaas/auth-sdk';
+ * import { Can } from '@lark-apaas/auth-sdk';
  *
- * function MyComponent() {
- *   return (
- *     <CanPermission permissions={['task:create', 'task:edit']} match="any">
- *       <TaskEditor />
- *     </CanPermission>
- *   );
- * }
+ * <Can action="read" subject="Task">
+ *   <TaskList />
+ * </Can>
+ *
+ * <Can action="delete" subject="Task" fallback={<Skeleton />}>
+ *   <DeleteButton />
+ * </Can>
  * ```
  */
-export declare function CanPermission({ children, permissions, match, fallback, }: {
+export declare function Can({ children, action, subject, fallback, }: {
     children: React.ReactNode;
-    permissions: string[];
-    match?: 'any' | 'all';
+    action: string;
+    subject: string;
     fallback?: React.ReactNode;
-}): import("react/jsx-runtime").JSX.Element;
+}): import("react/jsx-runtime").JSX.Element | null;
 export {};
 //# sourceMappingURL=AuthProvider.d.ts.map

package/lib/AuthProvider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../src/AuthProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAMN,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAK7C;;GAEG;AACH,eAAO,MAAM,cAAc,uGAE1B,CAAC;AAOF;;;GAGG;AACH,UAAU,qBAAqB;IAC7B,OAAO,EAAE,YAAY,CAAC;IACtB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,gBAAgB,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD;AAOD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,iBAAiB,2CA+EnE;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,mBAAmB,EAAE,aAAa,CAAC,eAAe,CAAC,2GAmBpD;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,OAAO,IAAI,qBAAqB,CAQ/C;AAED;;GAEG;AACH,QAAA,MAAM,OAAO,sJAA+C,CAAC;AAE7D;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,GAAG,CAAC,EAClB,QAAe,EACf,GAAG,KAAK,EACT,EAAE,KAAK,CAAC,cAAc,CAAC,OAAO,OAAO,CAAC,GAAG;IAAE,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAA;CAAE,2CAKvE;AAoBD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,OAAO,CAAC,EACtB,QAAQ,EACR,KAAK,EACL,QAAe,GAChB,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,kDAKA;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAE7C;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,WAAW,EAAE,MAAM,EAAE,EACrB,KAAK,GAAE,KAAK,GAAG,KAAa,GAC3B,OAAO,CAOT;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,aAAa,CAAC,EAC5B,QAAQ,EACR,WAAW,EACX,KAAa,EACb,QAAe,GAChB,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,KAAK,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC;IACtB,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,2CAGA"}
+{"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../src/AuthProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAMN,MAAM,OAAO,CAAC;AACf,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAIlE;;GAEG;AACH,eAAO,MAAM,cAAc,uGAE1B,CAAC;AAOF;;;GAGG;AACH,UAAU,qBAAqB;IAC7B,OAAO,EAAE,YAAY,CAAC;IACtB,WAAW,EAAE,mBAAmB,EAAE,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,gBAAgB,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACtD;AAOD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,CAAC,EAAE,aAAa,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,YAAY,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,iBAAiB,2CAuFnE;AAGD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,OAAO,IAAI,qBAAqB,CAQ/C;AAqBD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,OAAO,CAAC,EACtB,QAAQ,EACR,KAAK,EACL,QAAe,GAChB,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,kDAKA;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,mBAAmB,EAAE,CAE1D;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,MAAM,CACpB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,GACd;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAM1C;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,GAAG,CAAC,EAClB,QAAQ,EACR,MAAM,EACN,OAAO,EACP,QAAe,GAChB,EAAE;IACD,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC;CAC5B,kDAIA"}

package/lib/AuthProvider.js

@@ -2,10 +2,9 @@ import { Fragment, jsx } from "react/jsx-runtime";
 import { createContext, useCallback, useContext, useEffect, useState } from "react";
 import { ROLE_SUBJECT, createAbility } from "./ability-factory.js";
 import { PermissionClient } from "./permission-client.js";
-import { createContextualCan } from "@casl/react";
 const AbilityContext = /*#__PURE__*/ createContext(createAbility({
-    permissions: [],
-    roles: []
+    roles: [],
+    permissionPoints: []
 }));
 const PermissionsContext = /*#__PURE__*/ createContext([]);
 const AuthStateContext = /*#__PURE__*/ createContext(null);
@@ -16,20 +15,24 @@ function AuthProvider({ children, config }) {
     const [isLoading, setIsLoading] = useState(()=>config?.enable !== false && null !== client);
     const [error, setError] = useState(null);
     const fetchPermissions = useCallback(async ()=>{
-        if (!client) return;
         setIsLoading(true);
         setError(null);
         try {
-            const data = await client.fetchPermissions();
-            const newAbility = createAbility({
-                roles: data.roles
-            });
+            const [rolesResult, permissionPointsResult] = await Promise.allSettled([
+                client ? client.fetchPermissions() : Promise.resolve(null),
+                PermissionClient.fetchPermissionPoints()
+            ]);
+            const data = 'fulfilled' === rolesResult.status ? rolesResult.value : null;
+            const permissionPoints = 'fulfilled' === permissionPointsResult.status ? permissionPointsResult.value : void 0;
+            if (!data && !permissionPoints) throw 'rejected' === rolesResult.status ? rolesResult.reason : new Error('No permission data');
+            if (permissionPoints) setPermissions(permissionPoints);
+            const rawConfig = {
+                roles: data?.roles || [],
+                permissionPoints
+            };
+            const newAbility = createAbility(rawConfig);
             setAbility(newAbility);
-            if (config?.permissionPointsApi) try {
-                const userPermissions = await client.fetchUserPermissions(config.permissionPointsApi);
-                setPermissions(userPermissions);
-            } catch  {}
-            config?.onSuccess?.(data);
+            config?.onSuccess?.(rawConfig);
         } catch (err) {
             const error = err instanceof Error ? err : new Error(String(err));
             setError(error);
@@ -65,35 +68,11 @@ function AuthProvider({ children, config }) {
         })
     });
 }
-async function getAbility(permissionApiConfig) {
-    if (!permissionApiConfig) return new Error('permissionApi config is required');
-    const client = new PermissionClient(permissionApiConfig);
-    try {
-        const data = await client.fetchPermissions();
-        const ability = createAbility({
-            roles: data.roles
-        });
-        return ability;
-    } catch (err) {
-        const error = err instanceof Error ? err : new Error(String(err));
-        return error;
-    }
-}
 function useAuth() {
     const context = useContext(AuthStateContext);
     if (!context) throw new Error('useAuth must be used within an AuthProvider');
     return context;
 }
-const CaslCan = createContextualCan(AbilityContext.Consumer);
-function Can({ fallback = null, ...props }) {
-    const authState = useContext(AuthStateContext);
-    if (authState?.isLoading) return /*#__PURE__*/ jsx(Fragment, {
-        children: fallback
-    });
-    return /*#__PURE__*/ jsx(CaslCan, {
-        ...props
-    });
-}
 function useCanRole({ roles }) {
     const ability = useContext(AbilityContext);
     const authState = useContext(AuthStateContext);
@@ -117,18 +96,23 @@ function CanRole({ children, roles, fallback = null }) {
 function useUserPermissions() {
     return useContext(PermissionsContext);
 }
-function useCanPermission(permissions, match = 'any') {
-    const userPermissions = useContext(PermissionsContext);
-    if (!permissions || 0 === permissions.length) return true;
-    const permSet = new Set(userPermissions);
-    return 'all' === match ? permissions.every((p)=>permSet.has(p)) : permissions.some((p)=>permSet.has(p));
+function useCan(action, subject) {
+    const ability = useContext(AbilityContext);
+    const authState = useContext(AuthStateContext);
+    const isLoading = authState?.isLoading ?? false;
+    const allowed = !isLoading && ability.can(action, subject);
+    return {
+        allowed,
+        isLoading
+    };
 }
-function CanPermission({ children, permissions, match = 'any', fallback = null }) {
-    const allowed = useCanPermission(permissions, match);
-    return allowed ? /*#__PURE__*/ jsx(Fragment, {
-        children: children
-    }) : /*#__PURE__*/ jsx(Fragment, {
+function Can({ children, action, subject, fallback = null }) {
+    const { allowed, isLoading } = useCan(action, subject);
+    if (isLoading) return /*#__PURE__*/ jsx(Fragment, {
         children: fallback
     });
+    return allowed ? /*#__PURE__*/ jsx(Fragment, {
+        children: children
+    }) : null;
 }
-export { AbilityContext, AuthProvider, Can, CanPermission, CanRole, getAbility, useAuth, useCanPermission, useUserPermissions };
+export { AbilityContext, AuthProvider, Can, CanRole, useAuth, useCan, useUserPermissions };

package/lib/ability-factory.d.ts

@@ -1,22 +1,22 @@
 import { MongoAbility as Ability } from '@casl/ability';
-import type { Permission, CaslRule } from './types';
+import type { CaslRule, PermissionPointData } from './types';
 export declare const ROLE_SUBJECT = "@role";
 /**
- * 将权限数据转换为 CASL 规则
+ * 将角色和权限点位转换为 CASL 规则
  */
-export declare function convertPermissionsToRules(permissions: Permission[], roles: string[]): CaslRule[];
+export declare function convertPermissionsToRules(roles: string[], permissionPoints?: PermissionPointData[]): CaslRule[];
 /**
  * 创建 MongoAbility 实例
  */
-export declare function createAbility({ permissions, roles, }: {
-    permissions?: Permission[];
+export declare function createAbility({ roles, permissionPoints, }: {
     roles?: string[];
+    permissionPoints?: PermissionPointData[];
 }): Ability;
 /**
  * 更新已存在的 Ability 实例
  */
-export declare function updateAbility(ability: Ability, { permissions, roles }: {
-    permissions?: Permission[];
+export declare function updateAbility(ability: Ability, { roles, permissionPoints }: {
     roles?: string[];
+    permissionPoints?: PermissionPointData[];
 }): void;
 //# sourceMappingURL=ability-factory.d.ts.map

package/lib/ability-factory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ability-factory.d.ts","sourceRoot":"","sources":["../src/ability-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,IAAI,OAAO,EAGxB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAEpD,eAAO,MAAM,YAAY,UAAU,CAAC;AACpC;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,WAAW,EAAE,UAAU,EAAE,EACzB,KAAK,EAAE,MAAM,EAAE,GACd,QAAQ,EAAE,CAmBZ;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAC5B,WAAW,EACX,KAAK,GACN,EAAE;IACD,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB,GAAG,OAAO,CAkBV;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,OAAO,EAChB,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE;IAAE,WAAW,CAAC,EAAE,UAAU,EAAE,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,GACvE,IAAI,CAGN"}
+{"version":3,"file":"ability-factory.d.ts","sourceRoot":"","sources":["../src/ability-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,IAAI,OAAO,EAGxB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE7D,eAAO,MAAM,YAAY,UAAU,CAAC;AACpC;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,MAAM,EAAE,EACf,gBAAgB,CAAC,EAAE,mBAAmB,EAAE,GACvC,QAAQ,EAAE,CAkBZ;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,EAC5B,KAAK,EACL,gBAAgB,GACjB,EAAE;IACD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,gBAAgB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC1C,GAAG,OAAO,CAiBV;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,OAAO,EAChB,EAAE,KAAK,EAAE,gBAAgB,EAAE,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IAAC,gBAAgB,CAAC,EAAE,mBAAmB,EAAE,CAAA;CAAE,GAC1F,IAAI,CAGN"}

package/lib/ability-factory.js

@@ -1,26 +1,26 @@
 import { AbilityBuilder, createMongoAbility } from "@casl/ability";
 const ROLE_SUBJECT = '@role';
-function convertPermissionsToRules(permissions, roles) {
+function convertPermissionsToRules(roles, permissionPoints) {
     const rules = [];
-    for (const permission of permissions)for (const action of permission.actions)rules.push({
-        action,
-        subject: permission.sub
-    });
     for (const role of roles)rules.push({
         action: role,
         subject: ROLE_SUBJECT
     });
+    if (permissionPoints) for (const { action, subject } of permissionPoints)rules.push({
+        action,
+        subject
+    });
     return rules;
 }
-function createAbility({ permissions, roles }) {
+function createAbility({ roles, permissionPoints }) {
     const { build, can } = new AbilityBuilder(createMongoAbility);
-    const rules = convertPermissionsToRules(permissions || [], roles || []);
+    const rules = convertPermissionsToRules(roles || [], permissionPoints);
     for (const rule of rules)if (Array.isArray(rule.action)) for (const action of rule.action)can(action, rule.subject, rule.fields);
     else can(rule.action, rule.subject, rule.fields);
     return build();
 }
-function updateAbility(ability, { permissions, roles }) {
-    const rules = convertPermissionsToRules(permissions || [], roles || []);
+function updateAbility(ability, { roles, permissionPoints }) {
+    const rules = convertPermissionsToRules(roles || [], permissionPoints);
     ability.update(rules);
 }
 export { ROLE_SUBJECT, convertPermissionsToRules, createAbility, updateAbility };

package/lib/index.d.ts

@@ -4,10 +4,9 @@
  * 基于 CASL 的前端鉴权 SDK
  * 封装了权限数据获取和 Ability 初始化逻辑
  */
-export type { PermissionApiResponse, PermissionApiConfig, AuthSdkConfig, } from './types';
+export type { PermissionApiResponse, PermissionApiConfig, PermissionPointData, AuthSdkConfig, } from './types';
 export { ROLE_SUBJECT } from './ability-factory';
 export { PermissionClient } from './permission-client';
-export { AuthProvider, useAuth, CanRole, AbilityContext, useUserPermissions, useCanPermission, CanPermission, } from './AuthProvider';
-export { CanPermission as CanPerm } from './AuthProvider';
+export { AuthProvider, useAuth, Can, CanRole, useCan, AbilityContext, useUserPermissions, } from './AuthProvider';
 export type { AuthProviderProps } from './AuthProvider';
 //# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EACV,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,GACd,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,YAAY,EACZ,OAAO,EACP,OAAO,EACP,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,aAAa,IAAI,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAE1D,YAAY,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EACV,qBAAqB,EACrB,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,GACd,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,YAAY,EACZ,OAAO,EACP,GAAG,EACH,OAAO,EACP,MAAM,EACN,cAAc,EACd,kBAAkB,GACnB,MAAM,gBAAgB,CAAC;AAExB,YAAY,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC"}

package/lib/index.js

@@ -1,4 +1,4 @@
 import { ROLE_SUBJECT } from "./ability-factory.js";
 import { PermissionClient } from "./permission-client.js";
-import { AbilityContext, AuthProvider, CanPermission, CanRole, useAuth, useCanPermission, useUserPermissions } from "./AuthProvider.js";
-export { AbilityContext, AuthProvider, CanPermission as CanPerm, CanPermission, CanRole, PermissionClient, ROLE_SUBJECT, useAuth, useCanPermission, useUserPermissions };
+import { AbilityContext, AuthProvider, Can, CanRole, useAuth, useCan, useUserPermissions } from "./AuthProvider.js";
+export { AbilityContext, AuthProvider, Can, CanRole, PermissionClient, ROLE_SUBJECT, useAuth, useCan, useUserPermissions };

package/lib/permission-client.d.ts

@@ -1,4 +1,4 @@
-import type { PermissionApiConfig, PermissionApiResponse } from './types';
+import type { PermissionApiConfig, PermissionApiResponse, PermissionPointData } from './types';
 /**
  * 权限数据获取客户端
  */
@@ -10,9 +10,10 @@ export declare class PermissionClient {
      */
     fetchPermissions(): Promise<PermissionApiResponse>;
     /**
-     * 获取用户权限点位列表
+     * 获取用户权限点位
+     * 请求内置的权限点位查询端点
      */
-    fetchUserPermissions(config: PermissionApiConfig): Promise<string[]>;
+    static fetchPermissionPoints(): Promise<PermissionPointData[]>;
     /**
      * 更新配置
      */

package/lib/permission-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"permission-client.d.ts","sourceRoot":"","sources":["../src/permission-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAG1E;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIvC;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,qBAAqB,CAAC;IAoDxD;;OAEG;IACG,oBAAoB,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA4C1E;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI;IAOxD;;OAEG;IACH,SAAS,IAAI,mBAAmB;CAGjC"}
+{"version":3,"file":"permission-client.d.ts","sourceRoot":"","sources":["../src/permission-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAG/F;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIvC;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,qBAAqB,CAAC;IAqDxD;;;OAGG;WACU,qBAAqB,IAAI,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAwCpE;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI;IAOxD;;OAEG;IACH,SAAS,IAAI,mBAAmB;CAGjC"}

package/lib/permission-client.js

@@ -42,29 +42,37 @@ class PermissionClient {
             throw error;
         }
     }
-    async fetchUserPermissions(config) {
-        const { url, timeout = 5000, headers = {} } = config;
-        const requestHeaders = {
-            ...headers,
-            'Content-Type': 'application/json',
-            'X-Suda-Csrf-Token': window.csrfToken || ''
-        };
+    static async fetchPermissionPoints() {
+        const appId = window.appId || '';
+        const url = `/app/${appId}/api/sdk_innerapi/permission/user-points`;
         const controller = new AbortController();
-        const timeoutId = setTimeout(()=>controller.abort(), timeout);
+        const timeoutId = setTimeout(()=>controller.abort(), 5000);
         try {
             const response = await fetch(url, {
-                method: 'POST',
-                headers: requestHeaders,
+                method: 'GET',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'X-Suda-Csrf-Token': window.csrfToken || ''
+                },
                 signal: controller.signal,
                 credentials: 'include'
             });
             clearTimeout(timeoutId);
-            if (!response.ok) throw new Error(`Permissions API returned ${response.status}: ${response.statusText}`);
-            const data = await response.json();
-            return data.data?.permissions || [];
+            if (!response.ok) throw new Error(`Permission Points API returned ${response.status}: ${response.statusText}`);
+            return await response.json();
         } catch (error) {
             clearTimeout(timeoutId);
-            if (error instanceof Error && 'AbortError' === error.name) throw new Error(`Permissions API request timeout after ${timeout}ms`);
+            if (error instanceof Error && 'AbortError' === error.name) {
+                slardar.captureException(error, {
+                    source: 'auth-sdk',
+                    type: 'timeout'
+                });
+                throw new Error('Permission Points API request timeout');
+            }
+            slardar.captureException(error, {
+                source: 'auth-sdk',
+                type: 'fetch'
+            });
             throw error;
         }
     }

package/lib/types.d.ts

@@ -14,13 +14,14 @@ export type Action = 'create' | 'read' | 'update' | 'delete' | 'manage' | string
  */
 export type Subject = string;
 /**
- * 单个权限定义
+ * 权限点位数据（action + subject 分离模式）
+ * 由内置 user-points 端点返回，注册到 CASL Ability
  */
-export interface Permission {
-    id: string;
-    name: string;
-    sub: Subject;
-    actions: Action[];
+export interface PermissionPointData {
+    id?: string;
+    action: string;
+    subject: string;
+    description?: string;
 }
 /**
  * 用户角色定义
@@ -65,11 +66,6 @@ export interface AuthSdkConfig {
      * 权限 API 配置
      */
     permissionApi?: PermissionApiConfig;
-    /**
-     * 权限点位 API 配置（可选）
-     * 配置后 AuthProvider 会额外请求用户的有效权限点位
-     */
-    permissionPointsApi?: PermissionApiConfig;
     /**
      * 是否在初始化时使用获取权限
      * @default false

package/lib/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;CACF;AAED;;GAEG;AACH,MAAM,MAAM,MAAM,GACd,QAAQ,GACR,MAAM,GACN,QAAQ,GACR,QAAQ,GACR,QAAQ,GACR,MAAM,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC;AAE7B;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,kBAAkB;IAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAE1C;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,qBAAqB,KAAK,IAAI,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,OAAO,GAAG,OAAO,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;CACF;AAED;;GAEG;AACH,MAAM,MAAM,MAAM,GACd,QAAQ,GACR,MAAM,GACN,QAAQ,GACR,QAAQ,GACR,QAAQ,GACR,MAAM,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAC;AAE7B;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,kBAAkB;IAClB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,aAAa,CAAC,EAAE,mBAAmB,CAAC;IAEpC;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC;;OAEG;IACH,SAAS,CAAC,EAAE,CAAC,IAAI,EAAE,qBAAqB,KAAK,IAAI,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,OAAO,GAAG,OAAO,EAAE,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lark-apaas/auth-sdk",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "基于 CASL 的前端鉴权 SDK",
   "types": "./lib/index.d.ts",
   "main": "./lib/index.js",