@masterteam/gateway-auth 0.0.1

package/fesm2022/masterteam-gateway-auth.mjs

@@ -0,0 +1,148 @@
+const GATEWAY_AUTH_DEVICE_TOKEN = 'web-app';
+const GATEWAY_AUTH_ENDPOINTS = {
+    login: 'auth/login',
+    verifyMfa: 'auth/2fa/verify',
+    resendMfa: 'auth/2fa/resend',
+    refresh: 'auth/refresh',
+    logout: 'auth/logout',
+    ssoProviders: 'auth/sso/providers',
+    ssoExchange: 'auth/sso/exchange',
+    ssoTokenExchange: 'auth/sso/token-exchange',
+    nafathStart: (providerKey) => `auth/sso/nafath/${encodeURIComponent(providerKey)}/start`,
+    nafathStatus: (providerKey) => `auth/sso/nafath/${encodeURIComponent(providerKey)}/status`,
+    ssoStart: (providerKey) => `auth/sso/${encodeURIComponent(providerKey)}/start`,
+};
+function isExpired(expireAt) {
+    if (!expireAt) {
+        return false;
+    }
+    const timestamp = new Date(expireAt).getTime();
+    return !Number.isFinite(timestamp) || timestamp <= Date.now();
+}
+function resolveApiDateValue(value) {
+    return value?.actualValue ?? value?.rawValue ?? null;
+}
+function mapGatewayTokens(tokens) {
+    return {
+        accessToken: tokens.accessToken,
+        refreshToken: tokens.refreshToken,
+        accessTokenExpiresAt: resolveApiDateValue(tokens.accessTokenExpiresAt),
+        refreshTokenExpiresAt: resolveApiDateValue(tokens.refreshTokenExpiresAt),
+    };
+}
+function mapGatewayUser(user, tokenData, delegations) {
+    const photo = typeof user.photo === 'string' ? { fileName: user.photo } : user.photo;
+    const imageFallback = user.image ? { fileName: user.image } : undefined;
+    const resolvedPhoto = photo ?? imageFallback;
+    return {
+        user: {
+            ...user,
+            photo: resolvedPhoto,
+        },
+        token: tokenData.accessToken,
+        accessToken: tokenData.accessToken,
+        refreshToken: tokenData.refreshToken,
+        accessTokenExpiresAt: tokenData.accessTokenExpiresAt ?? undefined,
+        refreshTokenExpiresAt: tokenData.refreshTokenExpiresAt ?? undefined,
+        delegations: delegations ?? [],
+        twoFactorRequired: false,
+    };
+}
+function hasGatewayTokens(tokens) {
+    return Boolean(tokens?.accessToken && tokens?.refreshToken);
+}
+function getGatewayErrorMessage(error, fallback) {
+    const response = error;
+    return (response.error?.message ??
+        response.error?.Message ??
+        response.error?.errors?.message ??
+        response.message ??
+        fallback);
+}
+function normalizeGatewayBase(baseUrl) {
+    if (!baseUrl) {
+        return '';
+    }
+    return baseUrl.replace(/\/+$/, '');
+}
+function buildGatewayUrl(gatewayApiBaseUrl, path) {
+    if (/^https?:\/\//i.test(path)) {
+        return path;
+    }
+    const normalizedBase = normalizeGatewayBase(gatewayApiBaseUrl);
+    if (!normalizedBase) {
+        return path;
+    }
+    const normalizedPath = path.replace(/^\/+/, '');
+    if (normalizedPath.startsWith('api/')) {
+        try {
+            const base = new URL(normalizedBase);
+            return `${base.origin}/${normalizedPath}`;
+        }
+        catch {
+            return `${normalizedBase}/${normalizedPath}`;
+        }
+    }
+    return `${normalizedBase}/${normalizedPath}`;
+}
+function buildSsoStartUrl({ gatewayApiBaseUrl, provider, returnUrl, clientState, platform = 'web', }) {
+    const startPath = provider.startUrl || GATEWAY_AUTH_ENDPOINTS.ssoStart(provider.key);
+    const url = new URL(buildGatewayUrl(gatewayApiBaseUrl, startPath));
+    url.searchParams.set('platform', platform);
+    url.searchParams.set('returnUrl', returnUrl);
+    url.searchParams.set('clientState', clientState);
+    return url.toString();
+}
+function createSecureClientState() {
+    if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+        return crypto.randomUUID();
+    }
+    const bytes = new Uint8Array(16);
+    if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+        crypto.getRandomValues(bytes);
+        return Array.from(bytes, (value) => value.toString(16).padStart(2, '0')).join('');
+    }
+    return `${Date.now().toString(36)}${Math.random().toString(36).slice(2)}`;
+}
+
+const PENDING_SSO_STATE_KEY = 'gatewayAuth.pendingSsoState';
+class GatewaySsoSession {
+    createAndStoreState() {
+        const state = createSecureClientState();
+        this.storage?.setItem(PENDING_SSO_STATE_KEY, state);
+        return state;
+    }
+    getPendingState() {
+        return this.storage?.getItem(PENDING_SSO_STATE_KEY) ?? null;
+    }
+    clearPendingState() {
+        this.storage?.removeItem(PENDING_SSO_STATE_KEY);
+    }
+    consumeExpectedState(state) {
+        const expectedState = this.getPendingState();
+        this.clearPendingState();
+        return Boolean(state && expectedState && state === expectedState);
+    }
+    clearCallbackQuery(path = '/auth/sso/callback') {
+        if (typeof window === 'undefined' || !window.history?.replaceState) {
+            return;
+        }
+        window.history.replaceState({}, document.title, path);
+    }
+    clearAll() {
+        this.clearPendingState();
+    }
+    get storage() {
+        if (typeof sessionStorage === 'undefined') {
+            return null;
+        }
+        return sessionStorage;
+    }
+}
+
+/**
+ * Generated bundle index. Do not edit.
+ */
+
+export { GATEWAY_AUTH_DEVICE_TOKEN, GATEWAY_AUTH_ENDPOINTS, GatewaySsoSession, buildGatewayUrl, buildSsoStartUrl, createSecureClientState, getGatewayErrorMessage, hasGatewayTokens, isExpired, mapGatewayTokens, mapGatewayUser, normalizeGatewayBase, resolveApiDateValue };
+//# sourceMappingURL=masterteam-gateway-auth.mjs.map

package/fesm2022/masterteam-gateway-auth.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"masterteam-gateway-auth.mjs","sources":["../../../../packages/masterteam/gateway-auth/src/gateway-auth.utils.ts","../../../../packages/masterteam/gateway-auth/src/gateway-sso-session.service.ts","../../../../packages/masterteam/gateway-auth/src/masterteam-gateway-auth.ts"],"sourcesContent":["import {\n  GatewayApiDateValue,\n  GatewayAuthTokens,\n  GatewayMappedTokens,\n  GatewayMappedUser,\n  GatewayRefreshData,\n  GatewaySsoProvider,\n  GatewayUserDetails,\n} from './gateway-auth.models';\n\nexport const GATEWAY_AUTH_DEVICE_TOKEN = 'web-app';\n\nexport const GATEWAY_AUTH_ENDPOINTS = {\n  login: 'auth/login',\n  verifyMfa: 'auth/2fa/verify',\n  resendMfa: 'auth/2fa/resend',\n  refresh: 'auth/refresh',\n  logout: 'auth/logout',\n  ssoProviders: 'auth/sso/providers',\n  ssoExchange: 'auth/sso/exchange',\n  ssoTokenExchange: 'auth/sso/token-exchange',\n  nafathStart: (providerKey: string) =>\n    `auth/sso/nafath/${encodeURIComponent(providerKey)}/start`,\n  nafathStatus: (providerKey: string) =>\n    `auth/sso/nafath/${encodeURIComponent(providerKey)}/status`,\n  ssoStart: (providerKey: string) =>\n    `auth/sso/${encodeURIComponent(providerKey)}/start`,\n} as const;\n\nexport function isExpired(expireAt?: string | null): boolean {\n  if (!expireAt) {\n    return false;\n  }\n\n  const timestamp = new Date(expireAt).getTime();\n  return !Number.isFinite(timestamp) || timestamp <= Date.now();\n}\n\nexport function resolveApiDateValue(\n  value?: GatewayApiDateValue | null,\n): string | null {\n  return value?.actualValue ?? value?.rawValue ?? null;\n}\n\nexport function mapGatewayTokens(\n  tokens: GatewayAuthTokens | GatewayRefreshData,\n): GatewayMappedTokens {\n  return {\n    accessToken: tokens.accessToken,\n    refreshToken: tokens.refreshToken,\n    accessTokenExpiresAt: resolveApiDateValue(tokens.accessTokenExpiresAt),\n    refreshTokenExpiresAt: resolveApiDateValue(tokens.refreshTokenExpiresAt),\n  };\n}\n\nexport function mapGatewayUser(\n  user: GatewayUserDetails,\n  tokenData: GatewayMappedTokens,\n  delegations?: unknown[],\n): GatewayMappedUser {\n  const photo =\n    typeof user.photo === 'string' ? { fileName: user.photo } : user.photo;\n  const imageFallback = user.image ? { fileName: user.image } : undefined;\n  const resolvedPhoto = photo ?? imageFallback;\n\n  return {\n    user: {\n      ...user,\n      photo: resolvedPhoto,\n    },\n    token: tokenData.accessToken,\n    accessToken: tokenData.accessToken,\n    refreshToken: tokenData.refreshToken,\n    accessTokenExpiresAt: tokenData.accessTokenExpiresAt ?? undefined,\n    refreshTokenExpiresAt: tokenData.refreshTokenExpiresAt ?? undefined,\n    delegations: delegations ?? [],\n    twoFactorRequired: false,\n  };\n}\n\nexport function hasGatewayTokens(\n  tokens?: Partial<GatewayAuthTokens | GatewayRefreshData> | null,\n): boolean {\n  return Boolean(tokens?.accessToken && tokens?.refreshToken);\n}\n\nexport function getGatewayErrorMessage(\n  error: unknown,\n  fallback: string,\n): string {\n  const response = error as {\n    error?: { message?: string; Message?: string; errors?: { message?: string } };\n    message?: string;\n  };\n\n  return (\n    response.error?.message ??\n    response.error?.Message ??\n    response.error?.errors?.message ??\n    response.message ??\n    fallback\n  );\n}\n\nexport function normalizeGatewayBase(baseUrl?: string | null): string {\n  if (!baseUrl) {\n    return '';\n  }\n\n  return baseUrl.replace(/\\/+$/, '');\n}\n\nexport function buildGatewayUrl(\n  gatewayApiBaseUrl: string | undefined | null,\n  path: string,\n): string {\n  if (/^https?:\\/\\//i.test(path)) {\n    return path;\n  }\n\n  const normalizedBase = normalizeGatewayBase(gatewayApiBaseUrl);\n  if (!normalizedBase) {\n    return path;\n  }\n\n  const normalizedPath = path.replace(/^\\/+/, '');\n  if (normalizedPath.startsWith('api/')) {\n    try {\n      const base = new URL(normalizedBase);\n      return `${base.origin}/${normalizedPath}`;\n    } catch {\n      return `${normalizedBase}/${normalizedPath}`;\n    }\n  }\n\n  return `${normalizedBase}/${normalizedPath}`;\n}\n\nexport interface BuildSsoStartUrlOptions {\n  gatewayApiBaseUrl: string;\n  provider: GatewaySsoProvider;\n  returnUrl: string;\n  clientState: string;\n  platform?: 'web' | 'mobile';\n}\n\nexport function buildSsoStartUrl({\n  gatewayApiBaseUrl,\n  provider,\n  returnUrl,\n  clientState,\n  platform = 'web',\n}: BuildSsoStartUrlOptions): string {\n  const startPath = provider.startUrl || GATEWAY_AUTH_ENDPOINTS.ssoStart(provider.key);\n  const url = new URL(buildGatewayUrl(gatewayApiBaseUrl, startPath));\n  url.searchParams.set('platform', platform);\n  url.searchParams.set('returnUrl', returnUrl);\n  url.searchParams.set('clientState', clientState);\n  return url.toString();\n}\n\nexport function createSecureClientState(): string {\n  if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n    return crypto.randomUUID();\n  }\n\n  const bytes = new Uint8Array(16);\n  if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n    crypto.getRandomValues(bytes);\n    return Array.from(bytes, (value) => value.toString(16).padStart(2, '0')).join(\n      '',\n    );\n  }\n\n  return `${Date.now().toString(36)}${Math.random().toString(36).slice(2)}`;\n}\n\n","import { createSecureClientState } from './gateway-auth.utils';\n\nconst PENDING_SSO_STATE_KEY = 'gatewayAuth.pendingSsoState';\n\nexport class GatewaySsoSession {\n  createAndStoreState(): string {\n    const state = createSecureClientState();\n    this.storage?.setItem(PENDING_SSO_STATE_KEY, state);\n    return state;\n  }\n\n  getPendingState(): string | null {\n    return this.storage?.getItem(PENDING_SSO_STATE_KEY) ?? null;\n  }\n\n  clearPendingState(): void {\n    this.storage?.removeItem(PENDING_SSO_STATE_KEY);\n  }\n\n  consumeExpectedState(state: string | null): boolean {\n    const expectedState = this.getPendingState();\n    this.clearPendingState();\n    return Boolean(state && expectedState && state === expectedState);\n  }\n\n  clearCallbackQuery(path = '/auth/sso/callback'): void {\n    if (typeof window === 'undefined' || !window.history?.replaceState) {\n      return;\n    }\n\n    window.history.replaceState({}, document.title, path);\n  }\n\n  clearAll(): void {\n    this.clearPendingState();\n  }\n\n  private get storage(): Storage | null {\n    if (typeof sessionStorage === 'undefined') {\n      return null;\n    }\n\n    return sessionStorage;\n  }\n}\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './public-api';\n"],"names":[],"mappings":"AAUO,MAAM,yBAAyB,GAAG;AAElC,MAAM,sBAAsB,GAAG;AACpC,IAAA,KAAK,EAAE,YAAY;AACnB,IAAA,SAAS,EAAE,iBAAiB;AAC5B,IAAA,SAAS,EAAE,iBAAiB;AAC5B,IAAA,OAAO,EAAE,cAAc;AACvB,IAAA,MAAM,EAAE,aAAa;AACrB,IAAA,YAAY,EAAE,oBAAoB;AAClC,IAAA,WAAW,EAAE,mBAAmB;AAChC,IAAA,gBAAgB,EAAE,yBAAyB;IAC3C,WAAW,EAAE,CAAC,WAAmB,KAC/B,CAAA,gBAAA,EAAmB,kBAAkB,CAAC,WAAW,CAAC,CAAA,MAAA,CAAQ;IAC5D,YAAY,EAAE,CAAC,WAAmB,KAChC,CAAA,gBAAA,EAAmB,kBAAkB,CAAC,WAAW,CAAC,CAAA,OAAA,CAAS;IAC7D,QAAQ,EAAE,CAAC,WAAmB,KAC5B,CAAA,SAAA,EAAY,kBAAkB,CAAC,WAAW,CAAC,CAAA,MAAA,CAAQ;;AAGjD,SAAU,SAAS,CAAC,QAAwB,EAAA;IAChD,IAAI,CAAC,QAAQ,EAAE;AACb,QAAA,OAAO,KAAK;IACd;IAEA,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE;AAC9C,IAAA,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE;AAC/D;AAEM,SAAU,mBAAmB,CACjC,KAAkC,EAAA;IAElC,OAAO,KAAK,EAAE,WAAW,IAAI,KAAK,EAAE,QAAQ,IAAI,IAAI;AACtD;AAEM,SAAU,gBAAgB,CAC9B,MAA8C,EAAA;IAE9C,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;AACjC,QAAA,oBAAoB,EAAE,mBAAmB,CAAC,MAAM,CAAC,oBAAoB,CAAC;AACtE,QAAA,qBAAqB,EAAE,mBAAmB,CAAC,MAAM,CAAC,qBAAqB,CAAC;KACzE;AACH;SAEgB,cAAc,CAC5B,IAAwB,EACxB,SAA8B,EAC9B,WAAuB,EAAA;IAEvB,MAAM,KAAK,GACT,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK;AACxE,IAAA,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,SAAS;AACvE,IAAA,MAAM,aAAa,GAAG,KAAK,IAAI,aAAa;IAE5C,OAAO;AACL,QAAA,IAAI,EAAE;AACJ,YAAA,GAAG,IAAI;AACP,YAAA,KAAK,EAAE,aAAa;AACrB,SAAA;QACD,KAAK,EAAE,SAAS,CAAC,WAAW;QAC5B,WAAW,EAAE,SAAS,CAAC,WAAW;QAClC,YAAY,EAAE,SAAS,CAAC,YAAY;AACpC,QAAA,oBAAoB,EAAE,SAAS,CAAC,oBAAoB,IAAI,SAAS;AACjE,QAAA,qBAAqB,EAAE,SAAS,CAAC,qBAAqB,IAAI,SAAS;QACnE,WAAW,EAAE,WAAW,IAAI,EAAE;AAC9B,QAAA,iBAAiB,EAAE,KAAK;KACzB;AACH;AAEM,SAAU,gBAAgB,CAC9B,MAA+D,EAAA;IAE/D,OAAO,OAAO,CAAC,MAAM,EAAE,WAAW,IAAI,MAAM,EAAE,YAAY,CAAC;AAC7D;AAEM,SAAU,sBAAsB,CACpC,KAAc,EACd,QAAgB,EAAA;IAEhB,MAAM,QAAQ,GAAG,KAGhB;AAED,IAAA,QACE,QAAQ,CAAC,KAAK,EAAE,OAAO;QACvB,QAAQ,CAAC,KAAK,EAAE,OAAO;AACvB,QAAA,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO;AAC/B,QAAA,QAAQ,CAAC,OAAO;AAChB,QAAA,QAAQ;AAEZ;AAEM,SAAU,oBAAoB,CAAC,OAAuB,EAAA;IAC1D,IAAI,CAAC,OAAO,EAAE;AACZ,QAAA,OAAO,EAAE;IACX;IAEA,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;AACpC;AAEM,SAAU,eAAe,CAC7B,iBAA4C,EAC5C,IAAY,EAAA;AAEZ,IAAA,IAAI,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;AAC9B,QAAA,OAAO,IAAI;IACb;AAEA,IAAA,MAAM,cAAc,GAAG,oBAAoB,CAAC,iBAAiB,CAAC;IAC9D,IAAI,CAAC,cAAc,EAAE;AACnB,QAAA,OAAO,IAAI;IACb;IAEA,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;AAC/C,IAAA,IAAI,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE;AACrC,QAAA,IAAI;AACF,YAAA,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC;AACpC,YAAA,OAAO,GAAG,IAAI,CAAC,MAAM,CAAA,CAAA,EAAI,cAAc,EAAE;QAC3C;AAAE,QAAA,MAAM;AACN,YAAA,OAAO,CAAA,EAAG,cAAc,CAAA,CAAA,EAAI,cAAc,EAAE;QAC9C;IACF;AAEA,IAAA,OAAO,CAAA,EAAG,cAAc,CAAA,CAAA,EAAI,cAAc,EAAE;AAC9C;AAUM,SAAU,gBAAgB,CAAC,EAC/B,iBAAiB,EACjB,QAAQ,EACR,SAAS,EACT,WAAW,EACX,QAAQ,GAAG,KAAK,GACQ,EAAA;AACxB,IAAA,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,IAAI,sBAAsB,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;AACpF,IAAA,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IAClE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;IAC1C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC;IAC5C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,CAAC;AAChD,IAAA,OAAO,GAAG,CAAC,QAAQ,EAAE;AACvB;SAEgB,uBAAuB,GAAA;IACrC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,UAAU,EAAE;AACtD,QAAA,OAAO,MAAM,CAAC,UAAU,EAAE;IAC5B;AAEA,IAAA,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC;IAChC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,eAAe,EAAE;AAC3D,QAAA,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC;AAC7B,QAAA,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,KAAK,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAC3E,EAAE,CACH;IACH;IAEA,OAAO,CAAA,EAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA,EAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA,CAAE;AAC3E;;AC7KA,MAAM,qBAAqB,GAAG,6BAA6B;MAE9C,iBAAiB,CAAA;IAC5B,mBAAmB,GAAA;AACjB,QAAA,MAAM,KAAK,GAAG,uBAAuB,EAAE;QACvC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,qBAAqB,EAAE,KAAK,CAAC;AACnD,QAAA,OAAO,KAAK;IACd;IAEA,eAAe,GAAA;QACb,OAAO,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,qBAAqB,CAAC,IAAI,IAAI;IAC7D;IAEA,iBAAiB,GAAA;AACf,QAAA,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,qBAAqB,CAAC;IACjD;AAEA,IAAA,oBAAoB,CAAC,KAAoB,EAAA;AACvC,QAAA,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,EAAE;QAC5C,IAAI,CAAC,iBAAiB,EAAE;QACxB,OAAO,OAAO,CAAC,KAAK,IAAI,aAAa,IAAI,KAAK,KAAK,aAAa,CAAC;IACnE;IAEA,kBAAkB,CAAC,IAAI,GAAG,oBAAoB,EAAA;AAC5C,QAAA,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,YAAY,EAAE;YAClE;QACF;AAEA,QAAA,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC;IACvD;IAEA,QAAQ,GAAA;QACN,IAAI,CAAC,iBAAiB,EAAE;IAC1B;AAEA,IAAA,IAAY,OAAO,GAAA;AACjB,QAAA,IAAI,OAAO,cAAc,KAAK,WAAW,EAAE;AACzC,YAAA,OAAO,IAAI;QACb;AAEA,QAAA,OAAO,cAAc;IACvB;AACD;;AC5CD;;AAEG;;;;"}

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@masterteam/gateway-auth",
+  "version": "0.0.1",
+  "publishConfig": {
+    "directory": "../../../dist/masterteam/gateway-auth",
+    "linkDirectory": true,
+    "access": "public"
+  },
+  "peerDependencies": {},
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/MasterteamSA/components.git"
+  },
+  "sideEffects": false,
+  "module": "fesm2022/masterteam-gateway-auth.mjs",
+  "typings": "types/masterteam-gateway-auth.d.ts",
+  "exports": {
+    "./package.json": {
+      "default": "./package.json"
+    },
+    ".": {
+      "types": "./types/masterteam-gateway-auth.d.ts",
+      "default": "./fesm2022/masterteam-gateway-auth.mjs"
+    }
+  },
+  "type": "module",
+  "dependencies": {
+    "tslib": "^2.8.1"
+  }
+}

package/types/masterteam-gateway-auth.d.ts

@@ -0,0 +1,222 @@
+interface GatewayResponse<T> {
+    endpoint: string;
+    status: number;
+    code: number;
+    locale: string;
+    message?: string | null;
+    errors?: unknown | null;
+    data: T;
+    cacheSession?: string;
+}
+interface GatewayApiDateValue {
+    displayValue?: string;
+    actualValue?: string;
+    rawValue?: string;
+}
+interface GatewayUserDetails {
+    id: string;
+    userName?: string;
+    displayName?: string;
+    email?: string;
+    mobile?: string;
+    ext?: string;
+    isExternal?: boolean;
+    passwordChangeRequired?: boolean;
+    image?: string;
+    photo?: {
+        fileName?: string;
+    } | string;
+    extraInfo?: Array<{
+        key: string;
+        value: string;
+    }>;
+    providerExtraInfo?: Array<{
+        key: string;
+        value: string;
+    }>;
+    stars?: number;
+    createdAt?: GatewayApiDateValue;
+    lastLoginTime?: GatewayApiDateValue;
+    department?: string;
+    cn?: string;
+    name?: string;
+    groups?: unknown;
+    roles?: unknown;
+}
+interface GatewayAuthTokens {
+    accessToken: string;
+    accessTokenExpiresAt: GatewayApiDateValue;
+    refreshToken: string;
+    refreshTokenExpiresAt: GatewayApiDateValue;
+}
+interface GatewayRefreshData {
+    accessToken: string;
+    accessTokenExpiresAt: GatewayApiDateValue;
+    refreshToken: string;
+    refreshTokenExpiresAt: GatewayApiDateValue;
+}
+interface GatewayTwoFactorChallenge {
+    userId: string;
+    tempSessionId: string;
+    expiresAtUtc: string;
+    deliveryChannel?: string;
+    developmentCode?: string | null;
+}
+interface GatewayLoginResponse {
+    requiresTwoFactor: boolean;
+    twoFactor: GatewayTwoFactorChallenge | null;
+    tokens: GatewayAuthTokens;
+    user: GatewayUserDetails;
+    delegations?: unknown[];
+}
+interface GatewayLoginRequest {
+    userName: string;
+    password: string;
+    isEncrypted?: boolean;
+    deviceToken?: string;
+    recaptchaToken?: string;
+    recaptchaAction?: string;
+}
+interface GatewayVerifyMfaRequest {
+    userId: string;
+    tempSessionId: string;
+    code: string;
+    deviceToken?: string;
+}
+interface GatewayResendMfaRequest {
+    userId: string;
+    tempSessionId: string;
+}
+interface GatewayRefreshRequest {
+    refreshToken: string;
+    deviceToken?: string;
+}
+interface GatewayLogoutRequest {
+    refreshToken?: string | null;
+    deviceToken?: string;
+}
+type GatewayPlatform = 'web' | 'mobile';
+type GatewaySsoProtocol = 'oidc' | 'saml2' | 'nafath' | string;
+type GatewaySsoFlow = 'browser_redirect' | 'push' | string;
+interface GatewaySsoProvider {
+    key: string;
+    displayName: string;
+    protocol: GatewaySsoProtocol;
+    flow: GatewaySsoFlow;
+    startUrl: string;
+    startMethod: 'GET' | 'POST' | string;
+    tokenExchangeUrl: string;
+    requiresIdentifier: boolean;
+    identifierType: '' | 'national_or_resident_id' | string;
+    enabled: boolean;
+    supportsMobile: boolean;
+    allowTokenExchange: boolean;
+}
+interface GatewaySsoProvidersData {
+    providers: GatewaySsoProvider[];
+}
+interface GatewaySsoExchangeRequest {
+    code: string;
+    state: string;
+    deviceToken?: string;
+}
+interface GatewayExternalTokenExchangeRequest {
+    providerKey: string;
+    subjectToken: string;
+    subjectTokenType: 'urn:ietf:params:oauth:token-type:access_token';
+    deviceToken?: string;
+}
+interface GatewayNafathStartRequest {
+    nationalId: string;
+    platform: GatewayPlatform;
+    returnUrl: string;
+    clientState: string;
+}
+interface GatewayNafathStartData {
+    requestId: string;
+    statusToken: string;
+    random: string;
+    expiresAtUtc: string;
+    pollIntervalSeconds: number;
+    statusUrl: string;
+}
+interface GatewayNafathStatusRequest {
+    requestId: string;
+    statusToken: string;
+}
+interface GatewayNafathStatusData {
+    status: 'WAITING' | 'COMPLETED' | 'REJECTED' | 'EXPIRED' | 'FAILED' | string;
+    code?: string;
+    state?: string;
+    expiresAtUtc?: string;
+    pollIntervalSeconds?: number;
+    errorCode?: string;
+    message?: string;
+}
+interface GatewayMappedTokens {
+    accessToken: string;
+    refreshToken: string;
+    accessTokenExpiresAt: string | null;
+    refreshTokenExpiresAt: string | null;
+}
+interface GatewayMappedUser {
+    expireAt?: string;
+    user: GatewayUserDetails;
+    mainUser?: GatewayUserDetails;
+    token?: string;
+    refreshToken?: string;
+    accessToken?: string;
+    accessTokenExpiresAt?: string;
+    refreshTokenExpiresAt?: string;
+    delegatedToken?: string;
+    delegations?: unknown[];
+    isAdmin?: boolean;
+    twoFactorRequired?: boolean;
+    tempSessionId?: string;
+    id?: string;
+}
+
+declare const GATEWAY_AUTH_DEVICE_TOKEN = "web-app";
+declare const GATEWAY_AUTH_ENDPOINTS: {
+    readonly login: "auth/login";
+    readonly verifyMfa: "auth/2fa/verify";
+    readonly resendMfa: "auth/2fa/resend";
+    readonly refresh: "auth/refresh";
+    readonly logout: "auth/logout";
+    readonly ssoProviders: "auth/sso/providers";
+    readonly ssoExchange: "auth/sso/exchange";
+    readonly ssoTokenExchange: "auth/sso/token-exchange";
+    readonly nafathStart: (providerKey: string) => string;
+    readonly nafathStatus: (providerKey: string) => string;
+    readonly ssoStart: (providerKey: string) => string;
+};
+declare function isExpired(expireAt?: string | null): boolean;
+declare function resolveApiDateValue(value?: GatewayApiDateValue | null): string | null;
+declare function mapGatewayTokens(tokens: GatewayAuthTokens | GatewayRefreshData): GatewayMappedTokens;
+declare function mapGatewayUser(user: GatewayUserDetails, tokenData: GatewayMappedTokens, delegations?: unknown[]): GatewayMappedUser;
+declare function hasGatewayTokens(tokens?: Partial<GatewayAuthTokens | GatewayRefreshData> | null): boolean;
+declare function getGatewayErrorMessage(error: unknown, fallback: string): string;
+declare function normalizeGatewayBase(baseUrl?: string | null): string;
+declare function buildGatewayUrl(gatewayApiBaseUrl: string | undefined | null, path: string): string;
+interface BuildSsoStartUrlOptions {
+    gatewayApiBaseUrl: string;
+    provider: GatewaySsoProvider;
+    returnUrl: string;
+    clientState: string;
+    platform?: 'web' | 'mobile';
+}
+declare function buildSsoStartUrl({ gatewayApiBaseUrl, provider, returnUrl, clientState, platform, }: BuildSsoStartUrlOptions): string;
+declare function createSecureClientState(): string;
+
+declare class GatewaySsoSession {
+    createAndStoreState(): string;
+    getPendingState(): string | null;
+    clearPendingState(): void;
+    consumeExpectedState(state: string | null): boolean;
+    clearCallbackQuery(path?: string): void;
+    clearAll(): void;
+    private get storage();
+}
+
+export { GATEWAY_AUTH_DEVICE_TOKEN, GATEWAY_AUTH_ENDPOINTS, GatewaySsoSession, buildGatewayUrl, buildSsoStartUrl, createSecureClientState, getGatewayErrorMessage, hasGatewayTokens, isExpired, mapGatewayTokens, mapGatewayUser, normalizeGatewayBase, resolveApiDateValue };
+export type { BuildSsoStartUrlOptions, GatewayApiDateValue, GatewayAuthTokens, GatewayExternalTokenExchangeRequest, GatewayLoginRequest, GatewayLoginResponse, GatewayLogoutRequest, GatewayMappedTokens, GatewayMappedUser, GatewayNafathStartData, GatewayNafathStartRequest, GatewayNafathStatusData, GatewayNafathStatusRequest, GatewayPlatform, GatewayRefreshData, GatewayRefreshRequest, GatewayResendMfaRequest, GatewayResponse, GatewaySsoExchangeRequest, GatewaySsoFlow, GatewaySsoProtocol, GatewaySsoProvider, GatewaySsoProvidersData, GatewayTwoFactorChallenge, GatewayUserDetails, GatewayVerifyMfaRequest };