@mspkapps/auth-client 0.1.0

package/README.md

@@ -0,0 +1,88 @@
+# Auth Client SDK
+
+Lightweight JavaScript client for Your Auth Service.
+
+## Install
+```bash
+npm install @your-scope/auth-client
+```
+
+## Quick Start (Browser / React)
+```javascript
+import { AuthClient } from '@mspk-apps/auth-client';
+const auth = new AuthClient({ baseUrl: 'https://api.mspkapps.in/api/v1', apiKey: 'PUBLIC_KEY' });
+
+async function doLogin() {
+  try {
+    const res = await auth.login({ email: 'user@example.com', password: 'Pass123!' });
+    console.log('Logged in user:', res.data.user);
+  } catch (e) {
+    console.error(e);
+  }
+}
+```
+
+Store `auth.token` (access token) in memory or secure cookie. Avoid localStorage for high-security apps.
+
+## Node (Server-side proxy)
+```javascript
+import { AuthClient } from '@mspk-apps/auth-client';
+const auth = new AuthClient({
+  baseUrl: process.env.AUTH_BASE_URL,
+  apiKey: process.env.AUTH_API_KEY,
+  apiSecret: process.env.AUTH_API_SECRET // keep secret server-side only
+});
+```
+
+## Methods
+- `register({ email, password, name?, username? })`
+- `login({ email, password })`
+- `getProfile()`
+- `verifyEmail(token)`
+- `authed('/custom-endpoint', { method:'POST', body:{...} })`
+
+## Error Handling
+Errors throw `AuthError`:
+```javascript
+try {
+  await auth.login({ email, password });
+} catch (err) {
+  if (err.status === 401) { /* invalid credentials */ }
+  console.log(err.code, err.message);
+}
+```
+
+## React Native
+Use same API. For token persistence use `expo-secure-store`:
+```javascript
+import * as SecureStore from 'expo-secure-store';
+const auth = new AuthClient({ baseUrl: 'https://api.mspkapps.in/api/v1', apiKey: 'PUBLIC_KEY' });
+await auth.login({ email, password });
+await SecureStore.setItemAsync('auth_token', auth.token);
+```
+
+## Security
+- Never bundle apiSecret in client apps.
+- Use HTTPS.
+- Rotate keys via dashboard.
+- Implement refresh token endpoint (future) for long sessions.
+
+## Publish
+1. Set fields in package.json (name, version, author).
+2. Login to npm: `npm login`
+3. Publish: `npm publish --access public`
+
+## Local Development Test
+From `SDK` folder:
+```bash
+npm link
+```
+In app project:
+```bash
+npm link @mspk-apps/auth-client
+```
+
+## Future Expansion
+- Add `refreshToken()` when backend supports it.
+- Add TypeScript definitions.
+- Add revoke & password reset helpers.

package/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "@mspkapps/auth-client",
+  "version": "0.1.0",
+  "description": "Lightweight client for Your Auth Service",
+  "type": "module",
+  "main": "src/index.js",
+  "exports": {
+    ".": "./src/index.js"
+  },
+  "files": [
+    "src",
+    "README.md",
+    "LICENSE"
+  ],
+  "keywords": ["auth","sdk","jwt","client"],
+  "author": "MSPK Apps",
+  "license": "MIT",
+  "publishConfig": { "access": "public" },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/mspk5196/authServiceNpm.git"
+  },
+  "bugs": { "url": "https://github.com/mspk5196/authServiceNpm/issues" },
+  "homepage": "https://github.com/mspk5196/authServiceNpm#readme",
+  "engines": { "node": ">=18" }
+}

package/src/AuthClient.js

@@ -0,0 +1,73 @@
+import { AuthError } from './errors.js';
+
+export class AuthClient {
+  constructor(opts = {}) {
+    this.baseUrl = opts.baseUrl?.replace(/\/+$/,'') || 'http://localhost:5001/api/v1';
+    this.apiKey = opts.apiKey || null;        // Public key (optional)
+    this.apiSecret = opts.apiSecret || null;  // NEVER use secret in browser
+    this.token = null;
+    this.fetchFn = opts.fetch || fetch;
+  }
+
+  setToken(token) {
+    this.token = token;
+  }
+
+  clearToken() {
+    this.token = null;
+  }
+
+  async register({ email, password, name, username }) {
+    return this._request('POST', '/register', { email, password, name, username });
+  }
+
+  async login({ email, password }) {
+    const res = await this._request('POST', '/login', { email, password });
+    if (res?.data?.access_token) this.token = res.data.access_token;
+    return res;
+  }
+
+  async getProfile() {
+    return this._request('GET', '/user/profile');
+  }
+
+  async verifyEmail(token) {
+    return this._request('GET', `/verify-email?token=${encodeURIComponent(token)}`);
+  }
+
+  // Generic authed request to your protected API (public layer)
+  async authed(path, options = {}) {
+    return this._request(options.method || 'GET', path, options.body, options);
+  }
+
+  async _request(method, path, body, extra = {}) {
+    const headers = { 'Content-Type': 'application/json' };
+
+    // Optional API key/secret (only server-side for secret)
+    if (this.apiKey) headers['X-API-Key'] = this.apiKey;
+    if (this.apiSecret) headers['X-API-Secret'] = this.apiSecret;
+
+    if (this.token) headers['Authorization'] = `Bearer ${this.token}`;
+
+    const url = path.startsWith('http') ? path : this.baseUrl + path;
+
+    const resp = await this.fetchFn(url, {
+      method,
+      headers,
+      body: body && method !== 'GET' ? JSON.stringify(body) : undefined
+    });
+
+    const json = await resp.json().catch(() => ({}));
+
+    if (!resp.ok || json.success === false) {
+      throw new AuthError(
+        json.message || 'Request failed',
+        resp.status,
+        json.error || 'REQUEST_FAILED',
+        json
+      );
+    }
+
+    return json;
+  }
+}

package/src/errors.js

@@ -0,0 +1,9 @@
+export class AuthError extends Error {
+  constructor(message, status, code, details) {
+    super(message);
+    this.name = 'AuthError';
+    this.status = status;
+    this.code = code;
+    this.details = details;
+  }
+}

package/src/index.js

@@ -0,0 +1,2 @@
+export { AuthClient } from './AuthClient.js';
+export { AuthError } from './errors.js';