@mole-auth/core 1.0.0

package/dist/index.d.mts

@@ -0,0 +1,556 @@
+/**
+ * AuthSaaS SDK 核心类型定义
+ */
+/**
+ * 用户信息
+ */
+interface User {
+    id: string;
+    email: string;
+    name: string;
+    avatarUrl?: string | null;
+    role: string;
+    isActive: boolean;
+    createdAt: string;
+    lastLoginAt?: string | null;
+}
+/**
+ * 登录响应
+ */
+interface LoginResponse {
+    user: User;
+    token: string;
+}
+/**
+ * 注册参数
+ */
+interface RegisterParams {
+    email: string;
+    password: string;
+    name: string;
+}
+/**
+ * 登录参数
+ */
+interface LoginParams {
+    email: string;
+    password: string;
+}
+/**
+ * OAuth 登录参数
+ */
+interface OAuthLoginParams {
+    provider: "google" | "github" | "qq" | "wechat";
+    redirectUri?: string;
+}
+/**
+ * 密码重置参数
+ */
+interface ForgotPasswordParams {
+    email: string;
+}
+/**
+ * 重置密码参数
+ */
+interface ResetPasswordParams {
+    token: string;
+    newPassword: string;
+}
+/**
+ * 更新用户信息参数
+ */
+interface UpdateUserParams {
+    name?: string;
+    avatarUrl?: string;
+}
+/**
+ * SDK 配置
+ */
+interface AuthSaaSConfig {
+    /**
+     * API 基础 URL
+     */
+    baseURL: string;
+    /**
+     * 存储方式
+     * - 'local': localStorage
+     * - 'session': sessionStorage
+     * - 'cookie': cookie
+     * - 'memory': 内存（不持久化）
+     */
+    storage?: "local" | "session" | "cookie" | "memory";
+    /**
+     * Token 存储的键名
+     */
+    tokenKey?: string;
+    /**
+     * 用户信息存储的键名
+     */
+    userKey?: string;
+    /**
+     * 是否自动刷新 token
+     */
+    autoRefresh?: boolean;
+    /**
+     * 是否在 token 过期时自动登出
+     */
+    autoLogout?: boolean;
+    /**
+     * 请求超时时间（毫秒）
+     */
+    timeout?: number;
+    /**
+     * 请求拦截器
+     */
+    requestInterceptor?: (config: RequestInit) => RequestInit;
+    /**
+     * 响应拦截器
+     */
+    responseInterceptor?: (response: Response, config: RequestInit) => Response;
+    /**
+     * 错误拦截器
+     */
+    errorInterceptor?: (error: Error, config: RequestInit) => void;
+    /**
+     * 认证状态变化回调
+     */
+    onAuthChange?: (user: User | null, token: string | null) => void;
+    /**
+     * 自定义 fetch 实现
+     */
+    fetch?: typeof fetch;
+}
+/**
+ * API 错误
+ */
+interface AuthError extends Error {
+    code?: string;
+    statusCode?: number;
+    details?: Record<string, unknown>;
+}
+/**
+ * 用户统计
+ */
+interface UserStats {
+    total: number;
+    active: number;
+    byRole: Record<string, number>;
+}
+/**
+ * 分页参数
+ */
+interface PaginationParams {
+    skip?: number;
+    limit?: number;
+    search?: string;
+}
+/**
+ * 分页响应
+ */
+interface PaginatedResponse<T> {
+    items: T[];
+    total: number;
+    skip: number;
+    limit: number;
+}
+/**
+ * OAuth2 客户端配置
+ */
+interface OAuth2ClientConfig {
+    /**
+     * OAuth2 客户端 ID
+     */
+    clientId: string;
+    /**
+     * OAuth2 客户端密钥
+     */
+    clientSecret?: string;
+    /**
+     * 授权端点 URL
+     */
+    authorizationEndpoint: string;
+    /**
+     * 令牌端点 URL
+     */
+    tokenEndpoint: string;
+    /**
+     * 重定向 URI
+     */
+    redirectUri: string;
+    /**
+     * 请求的权限范围
+     */
+    scope?: string;
+}
+/**
+ * OAuth2 令牌响应
+ */
+interface OAuth2TokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token?: string;
+    scope?: string;
+}
+/**
+ * OAuth2 授权 URL 参数
+ */
+interface OAuth2AuthorizationParams {
+    responseType?: "code";
+    clientId: string;
+    redirectUri: string;
+    scope?: string;
+    state?: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: "plain" | "S256";
+    nonce?: string;
+}
+/**
+ * 令牌交换参数
+ */
+interface OAuth2TokenParams {
+    grantType: "authorization_code" | "refresh_token";
+    code?: string;
+    redirectUri?: string;
+    refreshToken?: string;
+    clientId: string;
+    clientSecret?: string;
+}
+/**
+ * API 密钥类型
+ */
+type ApiKeyType = "test" | "live";
+/**
+ * API 密钥权限范围
+ */
+type ApiKeyScope = "read:users" | "write:users" | "read:applications" | "write:applications" | "read:api-keys" | "write:api-keys" | "read:audit-logs" | "admin";
+/**
+ * API 密钥
+ */
+interface ApiKey {
+    id: string;
+    applicationId: string;
+    name: string;
+    /** 仅显示前缀，实际密钥只在创建时返回 */
+    prefix: string;
+    type: ApiKeyType;
+    scopes: ApiKeyScope[];
+    lastUsedAt?: string | null;
+    expiresAt?: string | null;
+    isActive: boolean;
+    createdAt: string;
+    updatedAt?: string | null;
+}
+/**
+ * API 密钥（创建时返回，包含完整密钥）
+ */
+interface ApiKeyWithPlainKey extends ApiKey {
+    /** 完整的 API 密钥，仅在创建时返回一次 */
+    key: string;
+}
+/**
+ * 创建 API 密钥参数
+ */
+interface CreateApiKeyParams {
+    /** 密钥名称 */
+    name: string;
+    /** 密钥类型：test/live */
+    type?: ApiKeyType;
+    /** 权限范围 */
+    scopes?: ApiKeyScope[];
+    /** 过期时间 */
+    expiresAt?: string;
+}
+/**
+ * 更新 API 密钥参数
+ */
+interface UpdateApiKeyParams {
+    /** 密钥名称 */
+    name?: string;
+    /** 启用/禁用 */
+    isActive?: boolean;
+    /** 权限范围 */
+    scopes?: ApiKeyScope[];
+    /** 过期时间 */
+    expiresAt?: string;
+}
+/**
+ * API 密钥列表查询参数
+ */
+interface ListApiKeysParams {
+    /** 状态过滤 */
+    status?: "active" | "suspended";
+    /** 类型过滤 */
+    type?: ApiKeyType;
+    /** 跳过数量 */
+    skip?: number;
+    /** 返回数量 */
+    limit?: number;
+}
+
+/**
+ * AuthSaaS SDK - 核心 API 客户端
+ */
+
+declare class AuthSaaSClient {
+    private config;
+    private storage;
+    constructor(config: AuthSaaSConfig);
+    /**
+     * 初始化认证状态
+     */
+    private initializeAuth;
+    /**
+     * 获取请求头
+     */
+    private getHeaders;
+    /**
+     * 执行 HTTP 请求
+     */
+    private request;
+    /**
+     * 注册
+     */
+    register(data: RegisterParams): Promise<LoginResponse>;
+    /**
+     * 登录
+     */
+    login(data: LoginParams): Promise<LoginResponse>;
+    /**
+     * 登出
+     */
+    logout(): Promise<void>;
+    /**
+     * 获取当前用户
+     */
+    getCurrentUser(): Promise<User | null>;
+    /**
+     * 忘记密码
+     */
+    forgotPassword(data: ForgotPasswordParams): Promise<{
+        message: string;
+    }>;
+    /**
+     * 重置密码
+     */
+    resetPassword(data: ResetPasswordParams): Promise<{
+        message: string;
+    }>;
+    /**
+     * 更新用户信息
+     */
+    updateUser(data: UpdateUserParams): Promise<User>;
+    /**
+     * 发送邮箱验证
+     */
+    sendVerification(): Promise<{
+        message: string;
+    }>;
+    /**
+     * 验证邮箱
+     */
+    verifyEmail(token: string): Promise<{
+        message: string;
+    }>;
+    /**
+     * OAuth 登录（对接第三方 OAuth 提供商）
+     */
+    loginWithOAuth(provider: "google" | "github" | "qq" | "wechat"): Promise<void>;
+    /**
+     * 使用标准 OAuth2 授权码流程登录 AuthSaaS 平台
+     *
+     * 此方法用于第三方应用通过 AuthSaaS 的标准 OAuth2 接口进行登录
+     *
+     * @param config - OAuth2 客户端配置
+     */
+    authorizeWithOAuth2(config: {
+        clientId: string;
+        redirectUri: string;
+        scope?: string;
+        state?: string;
+        codeChallenge?: string;
+        codeChallengeMethod?: "plain" | "S256";
+    }): Promise<void>;
+    /**
+     * 使用授权码换取访问令牌
+     *
+     * @param code - 授权码
+     * @param redirectUri - 重定向 URI（必须与授权请求一致）
+     * @param clientId - 客户端 ID
+     * @param clientSecret - 客户端密钥
+     */
+    exchangeCodeForToken(params: {
+        code: string;
+        redirectUri: string;
+        clientId: string;
+        clientSecret?: string;
+    }): Promise<LoginResponse>;
+    /**
+     * 获取用户统计
+     */
+    getUserStats(): Promise<UserStats>;
+    /**
+     * 获取应用的 API 密钥列表
+     *
+     * @param applicationId 应用 ID
+     * @param params 查询参数
+     */
+    listApiKeys(applicationId: string, params?: ListApiKeysParams): Promise<{
+        apiKeys: ApiKey[];
+    }>;
+    /**
+     * 创建 API 密钥
+     *
+     * @param applicationId 应用 ID
+     * @param params 创建参数
+     * @returns 创建的 API 密钥（包含完整密钥，仅此一次返回）
+     */
+    createApiKey(applicationId: string, params: CreateApiKeyParams): Promise<{
+        apiKey: ApiKeyWithPlainKey;
+    }>;
+    /**
+     * 获取单个 API 密钥详情
+     *
+     * @param applicationId 应用 ID
+     * @param keyId 密钥 ID
+     */
+    getApiKey(applicationId: string, keyId: string): Promise<{
+        apiKey: ApiKey;
+    }>;
+    /**
+     * 更新 API 密钥
+     *
+     * @param applicationId 应用 ID
+     * @param keyId 密钥 ID
+     * @param params 更新参数
+     */
+    updateApiKey(applicationId: string, keyId: string, params: UpdateApiKeyParams): Promise<{
+        apiKey: ApiKey;
+    }>;
+    /**
+     * 删除 API 密钥
+     *
+     * @param applicationId 应用 ID
+     * @param keyId 密钥 ID
+     */
+    deleteApiKey(applicationId: string, keyId: string): Promise<{
+        success: boolean;
+    }>;
+    /**
+     * 验证 API 密钥
+     *
+     * @param apiKey API 密钥
+     * @returns 验证结果
+     */
+    verifyApiKey(apiKey: string): Promise<{
+        valid: boolean;
+        apiKey?: ApiKey;
+    }>;
+    /**
+     * 存储认证信息
+     */
+    private setAuth;
+    /**
+     * 清除认证信息
+     */
+    private clearAuth;
+    /**
+     * 获取用户信息
+     */
+    getUser(): Promise<User | null>;
+    /**
+     * 设置用户信息
+     */
+    private setUser;
+    /**
+     * 获取 token
+     */
+    getToken(): Promise<string | null>;
+    /**
+     * 检查是否已认证
+     */
+    isAuthenticated(): Promise<boolean>;
+    /**
+     * 获取认证钩子（用于 React/Vue 等）
+     */
+    getAuthHooks(): {
+        isAuthenticated: () => Promise<boolean>;
+        getToken: () => Promise<string | null>;
+        getUser: () => Promise<User | null>;
+        login: (data: LoginParams) => Promise<LoginResponse>;
+        logout: () => Promise<void>;
+        register: (data: RegisterParams) => Promise<LoginResponse>;
+        getCurrentUser: () => Promise<User | null>;
+        updateUser: (data: UpdateUserParams) => Promise<User>;
+        forgotPassword: (data: ForgotPasswordParams) => Promise<{
+            message: string;
+        }>;
+        resetPassword: (data: ResetPasswordParams) => Promise<{
+            message: string;
+        }>;
+        loginWithOAuth: (provider: "google" | "github" | "qq" | "wechat") => Promise<void>;
+        authorizeWithOAuth2: (config: {
+            clientId: string;
+            redirectUri: string;
+            scope?: string;
+            state?: string;
+            codeChallenge?: string;
+            codeChallengeMethod?: "plain" | "S256";
+        }) => Promise<void>;
+        exchangeCodeForToken: (params: {
+            code: string;
+            redirectUri: string;
+            clientId: string;
+            clientSecret?: string;
+        }) => Promise<LoginResponse>;
+        listApiKeys: (applicationId: string, params?: ListApiKeysParams) => Promise<{
+            apiKeys: ApiKey[];
+        }>;
+        createApiKey: (applicationId: string, params: CreateApiKeyParams) => Promise<{
+            apiKey: ApiKeyWithPlainKey;
+        }>;
+        getApiKey: (applicationId: string, keyId: string) => Promise<{
+            apiKey: ApiKey;
+        }>;
+        updateApiKey: (applicationId: string, keyId: string, params: UpdateApiKeyParams) => Promise<{
+            apiKey: ApiKey;
+        }>;
+        deleteApiKey: (applicationId: string, keyId: string) => Promise<{
+            success: boolean;
+        }>;
+        verifyApiKey: (apiKey: string) => Promise<{
+            valid: boolean;
+            apiKey?: ApiKey;
+        }>;
+    };
+}
+/**
+ * 创建 SDK 实例
+ */
+declare function createAuthSaaS(config: AuthSaaSConfig): AuthSaaSClient;
+
+/**
+ * 存储管理器 - 支持多种存储方式
+ */
+type StorageType = "local" | "session" | "cookie" | "memory";
+/**
+ * 存储管理器
+ */
+declare class StorageManager {
+    private adapter;
+    constructor(type?: StorageType);
+    getItem(key: string): Promise<string | null>;
+    setItem(key: string, value: string): Promise<void>;
+    removeItem(key: string): Promise<void>;
+    clear(): Promise<void>;
+    /**
+     * 获取对象
+     */
+    getObject<T>(key: string): Promise<T | null>;
+    /**
+     * 设置对象
+     */
+    setObject<T>(key: string, value: T): Promise<void>;
+}
+
+export { type ApiKey, type ApiKeyScope, type ApiKeyType, type ApiKeyWithPlainKey, type AuthError, AuthSaaSClient, type AuthSaaSConfig, type CreateApiKeyParams, type ForgotPasswordParams, type ListApiKeysParams, type LoginParams, type LoginResponse, type OAuth2AuthorizationParams, type OAuth2ClientConfig, type OAuth2TokenParams, type OAuth2TokenResponse, type OAuthLoginParams, type PaginatedResponse, type PaginationParams, type RegisterParams, type ResetPasswordParams, StorageManager, type UpdateApiKeyParams, type UpdateUserParams, type User, type UserStats, createAuthSaaS };

package/dist/index.d.ts

@@ -0,0 +1,556 @@
+/**
+ * AuthSaaS SDK 核心类型定义
+ */
+/**
+ * 用户信息
+ */
+interface User {
+    id: string;
+    email: string;
+    name: string;
+    avatarUrl?: string | null;
+    role: string;
+    isActive: boolean;
+    createdAt: string;
+    lastLoginAt?: string | null;
+}
+/**
+ * 登录响应
+ */
+interface LoginResponse {
+    user: User;
+    token: string;
+}
+/**
+ * 注册参数
+ */
+interface RegisterParams {
+    email: string;
+    password: string;
+    name: string;
+}
+/**
+ * 登录参数
+ */
+interface LoginParams {
+    email: string;
+    password: string;
+}
+/**
+ * OAuth 登录参数
+ */
+interface OAuthLoginParams {
+    provider: "google" | "github" | "qq" | "wechat";
+    redirectUri?: string;
+}
+/**
+ * 密码重置参数
+ */
+interface ForgotPasswordParams {
+    email: string;
+}
+/**
+ * 重置密码参数
+ */
+interface ResetPasswordParams {
+    token: string;
+    newPassword: string;
+}
+/**
+ * 更新用户信息参数
+ */
+interface UpdateUserParams {
+    name?: string;
+    avatarUrl?: string;
+}
+/**
+ * SDK 配置
+ */
+interface AuthSaaSConfig {
+    /**
+     * API 基础 URL
+     */
+    baseURL: string;
+    /**
+     * 存储方式
+     * - 'local': localStorage
+     * - 'session': sessionStorage
+     * - 'cookie': cookie
+     * - 'memory': 内存（不持久化）
+     */
+    storage?: "local" | "session" | "cookie" | "memory";
+    /**
+     * Token 存储的键名
+     */
+    tokenKey?: string;
+    /**
+     * 用户信息存储的键名
+     */
+    userKey?: string;
+    /**
+     * 是否自动刷新 token
+     */
+    autoRefresh?: boolean;
+    /**
+     * 是否在 token 过期时自动登出
+     */
+    autoLogout?: boolean;
+    /**
+     * 请求超时时间（毫秒）
+     */
+    timeout?: number;
+    /**
+     * 请求拦截器
+     */
+    requestInterceptor?: (config: RequestInit) => RequestInit;
+    /**
+     * 响应拦截器
+     */
+    responseInterceptor?: (response: Response, config: RequestInit) => Response;
+    /**
+     * 错误拦截器
+     */
+    errorInterceptor?: (error: Error, config: RequestInit) => void;
+    /**
+     * 认证状态变化回调
+     */
+    onAuthChange?: (user: User | null, token: string | null) => void;
+    /**
+     * 自定义 fetch 实现
+     */
+    fetch?: typeof fetch;
+}
+/**
+ * API 错误
+ */
+interface AuthError extends Error {
+    code?: string;
+    statusCode?: number;
+    details?: Record<string, unknown>;
+}
+/**
+ * 用户统计
+ */
+interface UserStats {
+    total: number;
+    active: number;
+    byRole: Record<string, number>;
+}
+/**
+ * 分页参数
+ */
+interface PaginationParams {
+    skip?: number;
+    limit?: number;
+    search?: string;
+}
+/**
+ * 分页响应
+ */
+interface PaginatedResponse<T> {
+    items: T[];
+    total: number;
+    skip: number;
+    limit: number;
+}
+/**
+ * OAuth2 客户端配置
+ */
+interface OAuth2ClientConfig {
+    /**
+     * OAuth2 客户端 ID
+     */
+    clientId: string;
+    /**
+     * OAuth2 客户端密钥
+     */
+    clientSecret?: string;
+    /**
+     * 授权端点 URL
+     */
+    authorizationEndpoint: string;
+    /**
+     * 令牌端点 URL
+     */
+    tokenEndpoint: string;
+    /**
+     * 重定向 URI
+     */
+    redirectUri: string;
+    /**
+     * 请求的权限范围
+     */
+    scope?: string;
+}
+/**
+ * OAuth2 令牌响应
+ */
+interface OAuth2TokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in: number;
+    refresh_token?: string;
+    scope?: string;
+}
+/**
+ * OAuth2 授权 URL 参数
+ */
+interface OAuth2AuthorizationParams {
+    responseType?: "code";
+    clientId: string;
+    redirectUri: string;
+    scope?: string;
+    state?: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: "plain" | "S256";
+    nonce?: string;
+}
+/**
+ * 令牌交换参数
+ */
+interface OAuth2TokenParams {
+    grantType: "authorization_code" | "refresh_token";
+    code?: string;
+    redirectUri?: string;
+    refreshToken?: string;
+    clientId: string;
+    clientSecret?: string;
+}
+/**
+ * API 密钥类型
+ */
+type ApiKeyType = "test" | "live";
+/**
+ * API 密钥权限范围
+ */
+type ApiKeyScope = "read:users" | "write:users" | "read:applications" | "write:applications" | "read:api-keys" | "write:api-keys" | "read:audit-logs" | "admin";
+/**
+ * API 密钥
+ */
+interface ApiKey {
+    id: string;
+    applicationId: string;
+    name: string;
+    /** 仅显示前缀，实际密钥只在创建时返回 */
+    prefix: string;
+    type: ApiKeyType;
+    scopes: ApiKeyScope[];
+    lastUsedAt?: string | null;
+    expiresAt?: string | null;
+    isActive: boolean;
+    createdAt: string;
+    updatedAt?: string | null;
+}
+/**
+ * API 密钥（创建时返回，包含完整密钥）
+ */
+interface ApiKeyWithPlainKey extends ApiKey {
+    /** 完整的 API 密钥，仅在创建时返回一次 */
+    key: string;
+}
+/**
+ * 创建 API 密钥参数
+ */
+interface CreateApiKeyParams {
+    /** 密钥名称 */
+    name: string;
+    /** 密钥类型：test/live */
+    type?: ApiKeyType;
+    /** 权限范围 */
+    scopes?: ApiKeyScope[];
+    /** 过期时间 */
+    expiresAt?: string;
+}
+/**
+ * 更新 API 密钥参数
+ */
+interface UpdateApiKeyParams {
+    /** 密钥名称 */
+    name?: string;
+    /** 启用/禁用 */
+    isActive?: boolean;
+    /** 权限范围 */
+    scopes?: ApiKeyScope[];
+    /** 过期时间 */
+    expiresAt?: string;
+}
+/**
+ * API 密钥列表查询参数
+ */
+interface ListApiKeysParams {
+    /** 状态过滤 */
+    status?: "active" | "suspended";
+    /** 类型过滤 */
+    type?: ApiKeyType;
+    /** 跳过数量 */
+    skip?: number;
+    /** 返回数量 */
+    limit?: number;
+}
+
+/**
+ * AuthSaaS SDK - 核心 API 客户端
+ */
+
+declare class AuthSaaSClient {
+    private config;
+    private storage;
+    constructor(config: AuthSaaSConfig);
+    /**
+     * 初始化认证状态
+     */
+    private initializeAuth;
+    /**
+     * 获取请求头
+     */
+    private getHeaders;
+    /**
+     * 执行 HTTP 请求
+     */
+    private request;
+    /**
+     * 注册
+     */
+    register(data: RegisterParams): Promise<LoginResponse>;
+    /**
+     * 登录
+     */
+    login(data: LoginParams): Promise<LoginResponse>;
+    /**
+     * 登出
+     */
+    logout(): Promise<void>;
+    /**
+     * 获取当前用户
+     */
+    getCurrentUser(): Promise<User | null>;
+    /**
+     * 忘记密码
+     */
+    forgotPassword(data: ForgotPasswordParams): Promise<{
+        message: string;
+    }>;
+    /**
+     * 重置密码
+     */
+    resetPassword(data: ResetPasswordParams): Promise<{
+        message: string;
+    }>;
+    /**
+     * 更新用户信息
+     */
+    updateUser(data: UpdateUserParams): Promise<User>;
+    /**
+     * 发送邮箱验证
+     */
+    sendVerification(): Promise<{
+        message: string;
+    }>;
+    /**
+     * 验证邮箱
+     */
+    verifyEmail(token: string): Promise<{
+        message: string;
+    }>;
+    /**
+     * OAuth 登录（对接第三方 OAuth 提供商）
+     */
+    loginWithOAuth(provider: "google" | "github" | "qq" | "wechat"): Promise<void>;
+    /**
+     * 使用标准 OAuth2 授权码流程登录 AuthSaaS 平台
+     *
+     * 此方法用于第三方应用通过 AuthSaaS 的标准 OAuth2 接口进行登录
+     *
+     * @param config - OAuth2 客户端配置
+     */
+    authorizeWithOAuth2(config: {
+        clientId: string;
+        redirectUri: string;
+        scope?: string;
+        state?: string;
+        codeChallenge?: string;
+        codeChallengeMethod?: "plain" | "S256";
+    }): Promise<void>;
+    /**
+     * 使用授权码换取访问令牌
+     *
+     * @param code - 授权码
+     * @param redirectUri - 重定向 URI（必须与授权请求一致）
+     * @param clientId - 客户端 ID
+     * @param clientSecret - 客户端密钥
+     */
+    exchangeCodeForToken(params: {
+        code: string;
+        redirectUri: string;
+        clientId: string;
+        clientSecret?: string;
+    }): Promise<LoginResponse>;
+    /**
+     * 获取用户统计
+     */
+    getUserStats(): Promise<UserStats>;
+    /**
+     * 获取应用的 API 密钥列表
+     *
+     * @param applicationId 应用 ID
+     * @param params 查询参数
+     */
+    listApiKeys(applicationId: string, params?: ListApiKeysParams): Promise<{
+        apiKeys: ApiKey[];
+    }>;
+    /**
+     * 创建 API 密钥
+     *
+     * @param applicationId 应用 ID
+     * @param params 创建参数
+     * @returns 创建的 API 密钥（包含完整密钥，仅此一次返回）
+     */
+    createApiKey(applicationId: string, params: CreateApiKeyParams): Promise<{
+        apiKey: ApiKeyWithPlainKey;
+    }>;
+    /**
+     * 获取单个 API 密钥详情
+     *
+     * @param applicationId 应用 ID
+     * @param keyId 密钥 ID
+     */
+    getApiKey(applicationId: string, keyId: string): Promise<{
+        apiKey: ApiKey;
+    }>;
+    /**
+     * 更新 API 密钥
+     *
+     * @param applicationId 应用 ID
+     * @param keyId 密钥 ID
+     * @param params 更新参数
+     */
+    updateApiKey(applicationId: string, keyId: string, params: UpdateApiKeyParams): Promise<{
+        apiKey: ApiKey;
+    }>;
+    /**
+     * 删除 API 密钥
+     *
+     * @param applicationId 应用 ID
+     * @param keyId 密钥 ID
+     */
+    deleteApiKey(applicationId: string, keyId: string): Promise<{
+        success: boolean;
+    }>;
+    /**
+     * 验证 API 密钥
+     *
+     * @param apiKey API 密钥
+     * @returns 验证结果
+     */
+    verifyApiKey(apiKey: string): Promise<{
+        valid: boolean;
+        apiKey?: ApiKey;
+    }>;
+    /**
+     * 存储认证信息
+     */
+    private setAuth;
+    /**
+     * 清除认证信息
+     */
+    private clearAuth;
+    /**
+     * 获取用户信息
+     */
+    getUser(): Promise<User | null>;
+    /**
+     * 设置用户信息
+     */
+    private setUser;
+    /**
+     * 获取 token
+     */
+    getToken(): Promise<string | null>;
+    /**
+     * 检查是否已认证
+     */
+    isAuthenticated(): Promise<boolean>;
+    /**
+     * 获取认证钩子（用于 React/Vue 等）
+     */
+    getAuthHooks(): {
+        isAuthenticated: () => Promise<boolean>;
+        getToken: () => Promise<string | null>;
+        getUser: () => Promise<User | null>;
+        login: (data: LoginParams) => Promise<LoginResponse>;
+        logout: () => Promise<void>;
+        register: (data: RegisterParams) => Promise<LoginResponse>;
+        getCurrentUser: () => Promise<User | null>;
+        updateUser: (data: UpdateUserParams) => Promise<User>;
+        forgotPassword: (data: ForgotPasswordParams) => Promise<{
+            message: string;
+        }>;
+        resetPassword: (data: ResetPasswordParams) => Promise<{
+            message: string;
+        }>;
+        loginWithOAuth: (provider: "google" | "github" | "qq" | "wechat") => Promise<void>;
+        authorizeWithOAuth2: (config: {
+            clientId: string;
+            redirectUri: string;
+            scope?: string;
+            state?: string;
+            codeChallenge?: string;
+            codeChallengeMethod?: "plain" | "S256";
+        }) => Promise<void>;
+        exchangeCodeForToken: (params: {
+            code: string;
+            redirectUri: string;
+            clientId: string;
+            clientSecret?: string;
+        }) => Promise<LoginResponse>;
+        listApiKeys: (applicationId: string, params?: ListApiKeysParams) => Promise<{
+            apiKeys: ApiKey[];
+        }>;
+        createApiKey: (applicationId: string, params: CreateApiKeyParams) => Promise<{
+            apiKey: ApiKeyWithPlainKey;
+        }>;
+        getApiKey: (applicationId: string, keyId: string) => Promise<{
+            apiKey: ApiKey;
+        }>;
+        updateApiKey: (applicationId: string, keyId: string, params: UpdateApiKeyParams) => Promise<{
+            apiKey: ApiKey;
+        }>;
+        deleteApiKey: (applicationId: string, keyId: string) => Promise<{
+            success: boolean;
+        }>;
+        verifyApiKey: (apiKey: string) => Promise<{
+            valid: boolean;
+            apiKey?: ApiKey;
+        }>;
+    };
+}
+/**
+ * 创建 SDK 实例
+ */
+declare function createAuthSaaS(config: AuthSaaSConfig): AuthSaaSClient;
+
+/**
+ * 存储管理器 - 支持多种存储方式
+ */
+type StorageType = "local" | "session" | "cookie" | "memory";
+/**
+ * 存储管理器
+ */
+declare class StorageManager {
+    private adapter;
+    constructor(type?: StorageType);
+    getItem(key: string): Promise<string | null>;
+    setItem(key: string, value: string): Promise<void>;
+    removeItem(key: string): Promise<void>;
+    clear(): Promise<void>;
+    /**
+     * 获取对象
+     */
+    getObject<T>(key: string): Promise<T | null>;
+    /**
+     * 设置对象
+     */
+    setObject<T>(key: string, value: T): Promise<void>;
+}
+
+export { type ApiKey, type ApiKeyScope, type ApiKeyType, type ApiKeyWithPlainKey, type AuthError, AuthSaaSClient, type AuthSaaSConfig, type CreateApiKeyParams, type ForgotPasswordParams, type ListApiKeysParams, type LoginParams, type LoginResponse, type OAuth2AuthorizationParams, type OAuth2ClientConfig, type OAuth2TokenParams, type OAuth2TokenResponse, type OAuthLoginParams, type PaginatedResponse, type PaginationParams, type RegisterParams, type ResetPasswordParams, StorageManager, type UpdateApiKeyParams, type UpdateUserParams, type User, type UserStats, createAuthSaaS };

package/dist/index.js

@@ -0,0 +1 @@
+'use strict';var k=Object.defineProperty,I=Object.defineProperties;var K=Object.getOwnPropertyDescriptors;var S=Object.getOwnPropertySymbols;var b=Object.prototype.hasOwnProperty,T=Object.prototype.propertyIsEnumerable;var v=(o,e,t)=>e in o?k(o,e,{enumerable:true,configurable:true,writable:true,value:t}):o[e]=t,d=(o,e)=>{for(var t in e||(e={}))b.call(e,t)&&v(o,t,e[t]);if(S)for(var t of S(e))T.call(e,t)&&v(o,t,e[t]);return o},y=(o,e)=>I(o,K(e));var r=(o,e,t)=>new Promise((s,i)=>{var n=a=>{try{h(t.next(a));}catch(c){i(c);}},g=a=>{try{h(t.throw(a));}catch(c){i(c);}},h=a=>a.done?s(a.value):Promise.resolve(a.value).then(n,g);h((t=t.apply(o,e)).next());});var w=class{getItem(e){return r(this,null,function*(){if(typeof window=="undefined")return null;try{return localStorage.getItem(e)}catch(t){return null}})}setItem(e,t){return r(this,null,function*(){if(typeof window!="undefined")try{localStorage.setItem(e,t);}catch(s){console.error("LocalStorage set error:",s);}})}removeItem(e){return r(this,null,function*(){if(typeof window!="undefined")try{localStorage.removeItem(e);}catch(t){console.error("LocalStorage remove error:",t);}})}clear(){return r(this,null,function*(){if(typeof window!="undefined")try{localStorage.clear();}catch(e){console.error("LocalStorage clear error:",e);}})}},f=class{getItem(e){return r(this,null,function*(){if(typeof window=="undefined")return null;try{return sessionStorage.getItem(e)}catch(t){return null}})}setItem(e,t){return r(this,null,function*(){if(typeof window!="undefined")try{sessionStorage.setItem(e,t);}catch(s){console.error("SessionStorage set error:",s);}})}removeItem(e){return r(this,null,function*(){if(typeof window!="undefined")try{sessionStorage.removeItem(e);}catch(t){console.error("SessionStorage remove error:",t);}})}clear(){return r(this,null,function*(){if(typeof window!="undefined")try{sessionStorage.clear();}catch(e){console.error("SessionStorage clear error:",e);}})}},P=class{constructor(e,t=false,s="lax"){this.domain=e,this.secure=t,this.sameSite=s;}getItem(e){return r(this,null,function*(){if(typeof document=="undefined")return null;try{let s=document.cookie.split("; ").find(i=>i.startsWith(`${e}=`));return s?decodeURIComponent(s.split("=")[1]):null}catch(t){return null}})}setItem(e,t){return r(this,null,function*(){if(typeof document!="undefined")try{let s=`${e}=${encodeURIComponent(t)}`;this.domain&&(s+=`; domain=${this.domain}`),this.secure&&(s+="; secure"),s+=`; samesite=${this.sameSite}`,document.cookie=s;}catch(s){console.error("Cookie set error:",s);}})}removeItem(e){return r(this,null,function*(){if(typeof document!="undefined")try{let t=`${e}=; expires=Thu, 01 Jan 1970 00:00:00 GMT`;this.domain&&(t+=`; domain=${this.domain}`),document.cookie=t;}catch(t){console.error("Cookie remove error:",t);}})}clear(){return r(this,null,function*(){if(typeof document!="undefined")try{document.cookie.split("; ").forEach(t=>{let s=t.split("=")[0];this.removeItem(s);});}catch(e){console.error("Cookie clear error:",e);}})}},A=class{constructor(){this.store=new Map;}getItem(e){return r(this,null,function*(){return this.store.get(e)||null})}setItem(e,t){return r(this,null,function*(){this.store.set(e,t);})}removeItem(e){return r(this,null,function*(){this.store.delete(e);})}clear(){return r(this,null,function*(){this.store.clear();})}},p=class{constructor(e="local"){switch(e){case "session":this.adapter=new f;break;case "cookie":this.adapter=new P;break;case "memory":this.adapter=new A;break;default:this.adapter=new w;break}}getItem(e){return r(this,null,function*(){return yield this.adapter.getItem(e)})}setItem(e,t){return r(this,null,function*(){return yield this.adapter.setItem(e,t)})}removeItem(e){return r(this,null,function*(){return yield this.adapter.removeItem(e)})}clear(){return r(this,null,function*(){return yield this.adapter.clear()})}getObject(e){return r(this,null,function*(){let t=yield this.getItem(e);if(!t)return null;try{return JSON.parse(t)}catch(s){return null}})}setObject(e,t){return r(this,null,function*(){let s=JSON.stringify(t);yield this.setItem(e,s);})}};function C(o){let e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",t=new Uint8Array(o);if(typeof crypto!="undefined"&&crypto.getRandomValues)crypto.getRandomValues(t);else for(let i=0;i<o;i++)t[i]=Math.floor(Math.random()*256);let s="";for(let i=0;i<o;i++)s+=e[t[i]%e.length];return s}var m=class{constructor(e){var t,s;this.config={baseURL:e.baseURL,storage:e.storage||"local",tokenKey:e.tokenKey||"authsaas_token",userKey:e.userKey||"authsaas_user",autoRefresh:(t=e.autoRefresh)!=null?t:true,autoLogout:(s=e.autoLogout)!=null?s:true,timeout:e.timeout||3e4,requestInterceptor:e.requestInterceptor||(i=>i),responseInterceptor:e.responseInterceptor||(i=>i),errorInterceptor:e.errorInterceptor||(()=>{}),onAuthChange:e.onAuthChange||(()=>{}),fetch:e.fetch?e.fetch.bind(globalThis):fetch.bind(globalThis)},this.storage=new p(this.config.storage),this.initializeAuth();}initializeAuth(){return r(this,null,function*(){let e=yield this.getToken(),t=yield this.getUser();e&&t&&this.config.onAuthChange(t,e);})}getHeaders(){return r(this,arguments,function*(e={}){let t=yield this.getToken(),s=d({"Content-Type":"application/json"},t&&{Authorization:`Bearer ${t}`});return new Headers(d(d({},s),e))})}request(s){return r(this,arguments,function*(e,t={}){let i=`${this.config.baseURL}${e}`,n=y(d({},t),{headers:yield this.getHeaders(t.headers)});n=this.config.requestInterceptor(n);let g=new AbortController,h=setTimeout(()=>g.abort(),this.config.timeout);try{let a=yield this.config.fetch(i,y(d({},n),{signal:g.signal}));clearTimeout(h);let c=this.config.responseInterceptor(a,n);if(!c.ok){let u=yield c.json().catch(()=>({})),l=new Error(u.error||c.statusText||"Request failed");throw l.code=u.code||"UNKNOWN",l.statusCode=c.status,l.details=u.details,l}return yield c.json()}catch(a){clearTimeout(h);let c=a;if(c.name==="AbortError"){let u=new Error("Request timeout");throw u.code="TIMEOUT",this.config.errorInterceptor(u,n),u}throw this.config.errorInterceptor(c,n),c}})}register(e){return r(this,null,function*(){let t=yield this.request("/api/auth/register",{method:"POST",body:JSON.stringify(e)});return yield this.setAuth(t.user,t.token),t})}login(e){return r(this,null,function*(){let t=yield this.request("/api/auth/login",{method:"POST",body:JSON.stringify(e)});return yield this.setAuth(t.user,t.token),t})}logout(){return r(this,null,function*(){if(yield this.getToken())try{yield this.request("/api/auth/logout",{method:"POST"});}catch(t){console.error("Logout request failed:",t);}yield this.clearAuth();})}getCurrentUser(){return r(this,null,function*(){let e=yield this.request("/api/auth/me");return "user"in e?e.user:e})}forgotPassword(e){return r(this,null,function*(){return yield this.request("/api/auth/forgot-password",{method:"POST",body:JSON.stringify(e)})})}resetPassword(e){return r(this,null,function*(){return yield this.request("/api/auth/reset-password",{method:"POST",body:JSON.stringify(e)})})}updateUser(e){return r(this,null,function*(){let t=yield this.getUser();if(!t)throw new Error("No authenticated user");let s=yield this.request(`/api/users/${t.id}`,{method:"PATCH",body:JSON.stringify(e)});return yield this.setUser(s),s})}sendVerification(){return r(this,null,function*(){var e;return yield this.request("/api/auth/send-verification",{method:"POST",body:JSON.stringify({email:(e=yield this.getUser())==null?void 0:e.email})})})}verifyEmail(e){return r(this,null,function*(){return yield this.request("/api/auth/verify-email",{method:"POST",body:JSON.stringify({token:e})})})}loginWithOAuth(e){return r(this,null,function*(){let t=window.location.href;window.location.href=`${this.config.baseURL}/api/auth/oauth/${e}?redirect_uri=${encodeURIComponent(t)}`;})}authorizeWithOAuth2(e){return r(this,null,function*(){let s=`${this.config.baseURL.replace("/api","")}/api/auth/oauth/authorize`,i=new URLSearchParams(d(d(d(d({response_type:"code",client_id:e.clientId,redirect_uri:e.redirectUri},e.scope&&{scope:e.scope}),e.state&&{state:e.state}),e.codeChallenge&&{code_challenge:e.codeChallenge}),e.codeChallengeMethod&&{code_challenge_method:e.codeChallengeMethod})),n=e.state||C(32);yield this.storage.setItem("oauth2_state",n),yield this.storage.setItem("oauth2_redirect_uri",e.redirectUri),window.location.href=`${s}?${i.toString()}`;})}exchangeCodeForToken(e){return r(this,null,function*(){let t=this.config.baseURL.replace("/api",""),s=`${t}/api/auth/oauth/token`;yield this.storage.getItem("oauth2_state");let n=yield this.storage.getItem("oauth2_redirect_uri");yield this.storage.removeItem("oauth2_state"),yield this.storage.removeItem("oauth2_redirect_uri");let g={grant_type:"authorization_code",code:e.code,redirect_uri:e.redirectUri||n||"",client_id:e.clientId};e.clientSecret&&(g.client_secret=e.clientSecret);let h=yield this.config.fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams(g).toString()});if(!h.ok){let U=yield h.json().catch(()=>({}));throw new Error(U.error_description||"\u4EE4\u724C\u4EA4\u6362\u5931\u8D25")}let a=yield h.json(),c=yield this.config.fetch(`${t}/api/auth/me`,{headers:{Authorization:`Bearer ${a.access_token}`,"Content-Type":"application/json"}});if(!c.ok)throw new Error("\u83B7\u53D6\u7528\u6237\u4FE1\u606F\u5931\u8D25");let u=yield c.json(),l="user"in u?u.user:u;return yield this.setAuth(l,a.access_token),{user:l,token:a.access_token}})}getUserStats(){return r(this,null,function*(){return (yield this.request("/api/users",{method:"POST",body:JSON.stringify({action:"stats"})})).stats})}listApiKeys(s){return r(this,arguments,function*(e,t={}){let{status:i,type:n,skip:g=0,limit:h=100}=t,a=new URLSearchParams;return i&&a.set("status",i),n&&a.set("type",n),a.set("skip",g.toString()),a.set("limit",h.toString()),yield this.request(`/api/applications/${e}/api-keys?${a.toString()}`)})}createApiKey(e,t){return r(this,null,function*(){let{name:s,type:i="test",scopes:n,expiresAt:g}=t;return yield this.request(`/api/applications/${e}/api-keys`,{method:"POST",body:JSON.stringify({name:s,type:i,scopes:n,expiresAt:g})})})}getApiKey(e,t){return r(this,null,function*(){return yield this.request(`/api/applications/${e}/api-keys/${t}`)})}updateApiKey(e,t,s){return r(this,null,function*(){return yield this.request(`/api/applications/${e}/api-keys/${t}`,{method:"PATCH",body:JSON.stringify(s)})})}deleteApiKey(e,t){return r(this,null,function*(){return yield this.request(`/api/applications/${e}/api-keys/${t}`,{method:"DELETE"})})}verifyApiKey(e){return r(this,null,function*(){try{let t=yield this.config.fetch(`${this.config.baseURL}/api/auth/verify-api-key`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${e}`}});return t.ok?{valid:!0,apiKey:(yield t.json()).apiKey}:{valid:!1}}catch(t){return {valid:false}}})}setAuth(e,t){return r(this,null,function*(){yield this.storage.setObject(this.config.userKey,e),yield this.storage.setItem(this.config.tokenKey,t),this.config.onAuthChange(e,t);})}clearAuth(){return r(this,null,function*(){yield this.storage.removeItem(this.config.userKey),yield this.storage.removeItem(this.config.tokenKey),this.config.onAuthChange(null,null);})}getUser(){return r(this,null,function*(){return yield this.storage.getObject(this.config.userKey)})}setUser(e){return r(this,null,function*(){yield this.storage.setObject(this.config.userKey,e),this.config.onAuthChange(e,yield this.getToken());})}getToken(){return r(this,null,function*(){return yield this.storage.getItem(this.config.tokenKey)})}isAuthenticated(){return r(this,null,function*(){let e=yield this.getToken(),t=yield this.getUser();return !!(e&&t)})}getAuthHooks(){return {isAuthenticated:()=>this.isAuthenticated(),getToken:()=>this.getToken(),getUser:()=>this.getUser(),login:e=>this.login(e),logout:()=>this.logout(),register:e=>this.register(e),getCurrentUser:()=>this.getCurrentUser(),updateUser:e=>this.updateUser(e),forgotPassword:e=>this.forgotPassword(e),resetPassword:e=>this.resetPassword(e),loginWithOAuth:e=>this.loginWithOAuth(e),authorizeWithOAuth2:e=>this.authorizeWithOAuth2(e),exchangeCodeForToken:e=>this.exchangeCodeForToken(e),listApiKeys:(e,t)=>this.listApiKeys(e,t),createApiKey:(e,t)=>this.createApiKey(e,t),getApiKey:(e,t)=>this.getApiKey(e,t),updateApiKey:(e,t,s)=>this.updateApiKey(e,t,s),deleteApiKey:(e,t)=>this.deleteApiKey(e,t),verifyApiKey:e=>this.verifyApiKey(e)}}};function R(o){return new m(o)}exports.AuthSaaSClient=m;exports.StorageManager=p;exports.createAuthSaaS=R;

package/dist/index.mjs

@@ -0,0 +1 @@
+var k=Object.defineProperty,I=Object.defineProperties;var K=Object.getOwnPropertyDescriptors;var S=Object.getOwnPropertySymbols;var b=Object.prototype.hasOwnProperty,T=Object.prototype.propertyIsEnumerable;var v=(o,e,t)=>e in o?k(o,e,{enumerable:true,configurable:true,writable:true,value:t}):o[e]=t,d=(o,e)=>{for(var t in e||(e={}))b.call(e,t)&&v(o,t,e[t]);if(S)for(var t of S(e))T.call(e,t)&&v(o,t,e[t]);return o},y=(o,e)=>I(o,K(e));var r=(o,e,t)=>new Promise((s,i)=>{var n=a=>{try{h(t.next(a));}catch(c){i(c);}},g=a=>{try{h(t.throw(a));}catch(c){i(c);}},h=a=>a.done?s(a.value):Promise.resolve(a.value).then(n,g);h((t=t.apply(o,e)).next());});var w=class{getItem(e){return r(this,null,function*(){if(typeof window=="undefined")return null;try{return localStorage.getItem(e)}catch(t){return null}})}setItem(e,t){return r(this,null,function*(){if(typeof window!="undefined")try{localStorage.setItem(e,t);}catch(s){console.error("LocalStorage set error:",s);}})}removeItem(e){return r(this,null,function*(){if(typeof window!="undefined")try{localStorage.removeItem(e);}catch(t){console.error("LocalStorage remove error:",t);}})}clear(){return r(this,null,function*(){if(typeof window!="undefined")try{localStorage.clear();}catch(e){console.error("LocalStorage clear error:",e);}})}},f=class{getItem(e){return r(this,null,function*(){if(typeof window=="undefined")return null;try{return sessionStorage.getItem(e)}catch(t){return null}})}setItem(e,t){return r(this,null,function*(){if(typeof window!="undefined")try{sessionStorage.setItem(e,t);}catch(s){console.error("SessionStorage set error:",s);}})}removeItem(e){return r(this,null,function*(){if(typeof window!="undefined")try{sessionStorage.removeItem(e);}catch(t){console.error("SessionStorage remove error:",t);}})}clear(){return r(this,null,function*(){if(typeof window!="undefined")try{sessionStorage.clear();}catch(e){console.error("SessionStorage clear error:",e);}})}},P=class{constructor(e,t=false,s="lax"){this.domain=e,this.secure=t,this.sameSite=s;}getItem(e){return r(this,null,function*(){if(typeof document=="undefined")return null;try{let s=document.cookie.split("; ").find(i=>i.startsWith(`${e}=`));return s?decodeURIComponent(s.split("=")[1]):null}catch(t){return null}})}setItem(e,t){return r(this,null,function*(){if(typeof document!="undefined")try{let s=`${e}=${encodeURIComponent(t)}`;this.domain&&(s+=`; domain=${this.domain}`),this.secure&&(s+="; secure"),s+=`; samesite=${this.sameSite}`,document.cookie=s;}catch(s){console.error("Cookie set error:",s);}})}removeItem(e){return r(this,null,function*(){if(typeof document!="undefined")try{let t=`${e}=; expires=Thu, 01 Jan 1970 00:00:00 GMT`;this.domain&&(t+=`; domain=${this.domain}`),document.cookie=t;}catch(t){console.error("Cookie remove error:",t);}})}clear(){return r(this,null,function*(){if(typeof document!="undefined")try{document.cookie.split("; ").forEach(t=>{let s=t.split("=")[0];this.removeItem(s);});}catch(e){console.error("Cookie clear error:",e);}})}},A=class{constructor(){this.store=new Map;}getItem(e){return r(this,null,function*(){return this.store.get(e)||null})}setItem(e,t){return r(this,null,function*(){this.store.set(e,t);})}removeItem(e){return r(this,null,function*(){this.store.delete(e);})}clear(){return r(this,null,function*(){this.store.clear();})}},p=class{constructor(e="local"){switch(e){case "session":this.adapter=new f;break;case "cookie":this.adapter=new P;break;case "memory":this.adapter=new A;break;default:this.adapter=new w;break}}getItem(e){return r(this,null,function*(){return yield this.adapter.getItem(e)})}setItem(e,t){return r(this,null,function*(){return yield this.adapter.setItem(e,t)})}removeItem(e){return r(this,null,function*(){return yield this.adapter.removeItem(e)})}clear(){return r(this,null,function*(){return yield this.adapter.clear()})}getObject(e){return r(this,null,function*(){let t=yield this.getItem(e);if(!t)return null;try{return JSON.parse(t)}catch(s){return null}})}setObject(e,t){return r(this,null,function*(){let s=JSON.stringify(t);yield this.setItem(e,s);})}};function C(o){let e="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",t=new Uint8Array(o);if(typeof crypto!="undefined"&&crypto.getRandomValues)crypto.getRandomValues(t);else for(let i=0;i<o;i++)t[i]=Math.floor(Math.random()*256);let s="";for(let i=0;i<o;i++)s+=e[t[i]%e.length];return s}var m=class{constructor(e){var t,s;this.config={baseURL:e.baseURL,storage:e.storage||"local",tokenKey:e.tokenKey||"authsaas_token",userKey:e.userKey||"authsaas_user",autoRefresh:(t=e.autoRefresh)!=null?t:true,autoLogout:(s=e.autoLogout)!=null?s:true,timeout:e.timeout||3e4,requestInterceptor:e.requestInterceptor||(i=>i),responseInterceptor:e.responseInterceptor||(i=>i),errorInterceptor:e.errorInterceptor||(()=>{}),onAuthChange:e.onAuthChange||(()=>{}),fetch:e.fetch?e.fetch.bind(globalThis):fetch.bind(globalThis)},this.storage=new p(this.config.storage),this.initializeAuth();}initializeAuth(){return r(this,null,function*(){let e=yield this.getToken(),t=yield this.getUser();e&&t&&this.config.onAuthChange(t,e);})}getHeaders(){return r(this,arguments,function*(e={}){let t=yield this.getToken(),s=d({"Content-Type":"application/json"},t&&{Authorization:`Bearer ${t}`});return new Headers(d(d({},s),e))})}request(s){return r(this,arguments,function*(e,t={}){let i=`${this.config.baseURL}${e}`,n=y(d({},t),{headers:yield this.getHeaders(t.headers)});n=this.config.requestInterceptor(n);let g=new AbortController,h=setTimeout(()=>g.abort(),this.config.timeout);try{let a=yield this.config.fetch(i,y(d({},n),{signal:g.signal}));clearTimeout(h);let c=this.config.responseInterceptor(a,n);if(!c.ok){let u=yield c.json().catch(()=>({})),l=new Error(u.error||c.statusText||"Request failed");throw l.code=u.code||"UNKNOWN",l.statusCode=c.status,l.details=u.details,l}return yield c.json()}catch(a){clearTimeout(h);let c=a;if(c.name==="AbortError"){let u=new Error("Request timeout");throw u.code="TIMEOUT",this.config.errorInterceptor(u,n),u}throw this.config.errorInterceptor(c,n),c}})}register(e){return r(this,null,function*(){let t=yield this.request("/api/auth/register",{method:"POST",body:JSON.stringify(e)});return yield this.setAuth(t.user,t.token),t})}login(e){return r(this,null,function*(){let t=yield this.request("/api/auth/login",{method:"POST",body:JSON.stringify(e)});return yield this.setAuth(t.user,t.token),t})}logout(){return r(this,null,function*(){if(yield this.getToken())try{yield this.request("/api/auth/logout",{method:"POST"});}catch(t){console.error("Logout request failed:",t);}yield this.clearAuth();})}getCurrentUser(){return r(this,null,function*(){let e=yield this.request("/api/auth/me");return "user"in e?e.user:e})}forgotPassword(e){return r(this,null,function*(){return yield this.request("/api/auth/forgot-password",{method:"POST",body:JSON.stringify(e)})})}resetPassword(e){return r(this,null,function*(){return yield this.request("/api/auth/reset-password",{method:"POST",body:JSON.stringify(e)})})}updateUser(e){return r(this,null,function*(){let t=yield this.getUser();if(!t)throw new Error("No authenticated user");let s=yield this.request(`/api/users/${t.id}`,{method:"PATCH",body:JSON.stringify(e)});return yield this.setUser(s),s})}sendVerification(){return r(this,null,function*(){var e;return yield this.request("/api/auth/send-verification",{method:"POST",body:JSON.stringify({email:(e=yield this.getUser())==null?void 0:e.email})})})}verifyEmail(e){return r(this,null,function*(){return yield this.request("/api/auth/verify-email",{method:"POST",body:JSON.stringify({token:e})})})}loginWithOAuth(e){return r(this,null,function*(){let t=window.location.href;window.location.href=`${this.config.baseURL}/api/auth/oauth/${e}?redirect_uri=${encodeURIComponent(t)}`;})}authorizeWithOAuth2(e){return r(this,null,function*(){let s=`${this.config.baseURL.replace("/api","")}/api/auth/oauth/authorize`,i=new URLSearchParams(d(d(d(d({response_type:"code",client_id:e.clientId,redirect_uri:e.redirectUri},e.scope&&{scope:e.scope}),e.state&&{state:e.state}),e.codeChallenge&&{code_challenge:e.codeChallenge}),e.codeChallengeMethod&&{code_challenge_method:e.codeChallengeMethod})),n=e.state||C(32);yield this.storage.setItem("oauth2_state",n),yield this.storage.setItem("oauth2_redirect_uri",e.redirectUri),window.location.href=`${s}?${i.toString()}`;})}exchangeCodeForToken(e){return r(this,null,function*(){let t=this.config.baseURL.replace("/api",""),s=`${t}/api/auth/oauth/token`;yield this.storage.getItem("oauth2_state");let n=yield this.storage.getItem("oauth2_redirect_uri");yield this.storage.removeItem("oauth2_state"),yield this.storage.removeItem("oauth2_redirect_uri");let g={grant_type:"authorization_code",code:e.code,redirect_uri:e.redirectUri||n||"",client_id:e.clientId};e.clientSecret&&(g.client_secret=e.clientSecret);let h=yield this.config.fetch(s,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams(g).toString()});if(!h.ok){let U=yield h.json().catch(()=>({}));throw new Error(U.error_description||"\u4EE4\u724C\u4EA4\u6362\u5931\u8D25")}let a=yield h.json(),c=yield this.config.fetch(`${t}/api/auth/me`,{headers:{Authorization:`Bearer ${a.access_token}`,"Content-Type":"application/json"}});if(!c.ok)throw new Error("\u83B7\u53D6\u7528\u6237\u4FE1\u606F\u5931\u8D25");let u=yield c.json(),l="user"in u?u.user:u;return yield this.setAuth(l,a.access_token),{user:l,token:a.access_token}})}getUserStats(){return r(this,null,function*(){return (yield this.request("/api/users",{method:"POST",body:JSON.stringify({action:"stats"})})).stats})}listApiKeys(s){return r(this,arguments,function*(e,t={}){let{status:i,type:n,skip:g=0,limit:h=100}=t,a=new URLSearchParams;return i&&a.set("status",i),n&&a.set("type",n),a.set("skip",g.toString()),a.set("limit",h.toString()),yield this.request(`/api/applications/${e}/api-keys?${a.toString()}`)})}createApiKey(e,t){return r(this,null,function*(){let{name:s,type:i="test",scopes:n,expiresAt:g}=t;return yield this.request(`/api/applications/${e}/api-keys`,{method:"POST",body:JSON.stringify({name:s,type:i,scopes:n,expiresAt:g})})})}getApiKey(e,t){return r(this,null,function*(){return yield this.request(`/api/applications/${e}/api-keys/${t}`)})}updateApiKey(e,t,s){return r(this,null,function*(){return yield this.request(`/api/applications/${e}/api-keys/${t}`,{method:"PATCH",body:JSON.stringify(s)})})}deleteApiKey(e,t){return r(this,null,function*(){return yield this.request(`/api/applications/${e}/api-keys/${t}`,{method:"DELETE"})})}verifyApiKey(e){return r(this,null,function*(){try{let t=yield this.config.fetch(`${this.config.baseURL}/api/auth/verify-api-key`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${e}`}});return t.ok?{valid:!0,apiKey:(yield t.json()).apiKey}:{valid:!1}}catch(t){return {valid:false}}})}setAuth(e,t){return r(this,null,function*(){yield this.storage.setObject(this.config.userKey,e),yield this.storage.setItem(this.config.tokenKey,t),this.config.onAuthChange(e,t);})}clearAuth(){return r(this,null,function*(){yield this.storage.removeItem(this.config.userKey),yield this.storage.removeItem(this.config.tokenKey),this.config.onAuthChange(null,null);})}getUser(){return r(this,null,function*(){return yield this.storage.getObject(this.config.userKey)})}setUser(e){return r(this,null,function*(){yield this.storage.setObject(this.config.userKey,e),this.config.onAuthChange(e,yield this.getToken());})}getToken(){return r(this,null,function*(){return yield this.storage.getItem(this.config.tokenKey)})}isAuthenticated(){return r(this,null,function*(){let e=yield this.getToken(),t=yield this.getUser();return !!(e&&t)})}getAuthHooks(){return {isAuthenticated:()=>this.isAuthenticated(),getToken:()=>this.getToken(),getUser:()=>this.getUser(),login:e=>this.login(e),logout:()=>this.logout(),register:e=>this.register(e),getCurrentUser:()=>this.getCurrentUser(),updateUser:e=>this.updateUser(e),forgotPassword:e=>this.forgotPassword(e),resetPassword:e=>this.resetPassword(e),loginWithOAuth:e=>this.loginWithOAuth(e),authorizeWithOAuth2:e=>this.authorizeWithOAuth2(e),exchangeCodeForToken:e=>this.exchangeCodeForToken(e),listApiKeys:(e,t)=>this.listApiKeys(e,t),createApiKey:(e,t)=>this.createApiKey(e,t),getApiKey:(e,t)=>this.getApiKey(e,t),updateApiKey:(e,t,s)=>this.updateApiKey(e,t,s),deleteApiKey:(e,t)=>this.deleteApiKey(e,t),verifyApiKey:e=>this.verifyApiKey(e)}}};function R(o){return new m(o)}export{m as AuthSaaSClient,p as StorageManager,R as createAuthSaaS};

package/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "@mole-auth/core",
+  "version": "1.0.0",
+  "description": "",
+  "private": false,
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist/**/*"
+  ],
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "build": "tsup",
+    "build:watch": "tsup --watch",
+    "clean": "rimraf dist"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": [],
+  "author": "",
+  "devDependencies": {
+    "rimraf": "^6.1.2"
+  }
+}