@nauth-toolkit/client-angular 0.1.57 → 0.1.59

package/fesm2022/nauth-toolkit-client-angular.mjs

@@ -1,13 +1,14 @@
 import { NAuthErrorCode, NAuthClientError, NAuthClient } from '@nauth-toolkit/client';
 export * from '@nauth-toolkit/client';
 import * as i0 from '@angular/core';
-import { InjectionToken, Injectable, Inject, NgModule, inject, PLATFORM_ID } from '@angular/core';
+import { InjectionToken, Injectable, Inject, inject, Optional, NgModule, PLATFORM_ID } from '@angular/core';
 import { firstValueFrom, BehaviorSubject, Subject, catchError, from, switchMap, throwError, filter as filter$1, take } from 'rxjs';
 import { filter } from 'rxjs/operators';
 import * as i1 from '@angular/common/http';
 import { HttpErrorResponse, HTTP_INTERCEPTORS, HttpClientModule, HttpClient } from '@angular/common/http';
 import * as i3 from '@angular/router';
 import { Router } from '@angular/router';
+import { __decorate, __param } from 'tslib';
 import { isPlatformBrowser } from '@angular/common';
 
 /**
@@ -40,6 +41,37 @@ class AngularHttpAdapter {
     constructor(http) {
         this.http = http;
     }
+    /**
+     * Safely parse a JSON response body.
+     *
+     * Angular's fetch backend (`withFetch()`) will throw a raw `SyntaxError` if
+     * `responseType: 'json'` is used and the backend returns HTML (common for
+     * proxies, 502 pages, SSR fallbacks, or misrouted requests).
+     *
+     * To avoid crashing consumer apps, we always request as text and then parse
+     * JSON only when the response actually looks like JSON.
+     *
+     * @param bodyText - Raw response body as text
+     * @param contentType - Content-Type header value (if available)
+     * @returns Parsed JSON value (unknown)
+     * @throws {SyntaxError} When body is non-empty but not valid JSON
+     */
+    parseJsonBody(bodyText, contentType) {
+        const trimmed = bodyText.trim();
+        if (!trimmed)
+            return null;
+        // If it's clearly HTML, never attempt JSON.parse (some proxies mislabel Content-Type).
+        if (trimmed.startsWith('<')) {
+            return bodyText;
+        }
+        const looksLikeJson = trimmed.startsWith('{') || trimmed.startsWith('[');
+        const isJsonContentType = typeof contentType === 'string' && contentType.toLowerCase().includes('application/json');
+        if (!looksLikeJson && !isJsonContentType) {
+            // Return raw text when it doesn't look like JSON (e.g., HTML error pages).
+            return bodyText;
+        }
+        return JSON.parse(trimmed);
+    }
     /**
      * Execute HTTP request using Angular's HttpClient.
      *
@@ -49,29 +81,40 @@ class AngularHttpAdapter {
      */
     async request(config) {
         try {
-            // Use Angular's HttpClient - goes through ALL interceptors
-            const data = await firstValueFrom(this.http.request(config.method, config.url, {
+            // Use Angular's HttpClient - goes through ALL interceptors.
+            // IMPORTANT: Use responseType 'text' to avoid raw JSON.parse crashes when
+            // the backend returns HTML (seen in some proxy/SSR/misroute setups).
+            const res = await firstValueFrom(this.http.request(config.method, config.url, {
                 body: config.body,
                 headers: config.headers,
                 withCredentials: config.credentials === 'include',
-                observe: 'body', // Only return body data
+                observe: 'response',
+                responseType: 'text',
             }));
+            const contentType = res.headers?.get('content-type');
+            const parsed = this.parseJsonBody(res.body ?? '', contentType);
             return {
-                data,
-                status: 200, // HttpClient only returns data on success
-                headers: {}, // Can extract from observe: 'response' if needed
+                data: parsed,
+                status: res.status,
+                headers: {}, // Reserved for future header passthrough if needed
             };
         }
         catch (error) {
             if (error instanceof HttpErrorResponse) {
-                // Convert Angular's HttpErrorResponse to NAuthClientError
-                const errorData = error.error || {};
-                const code = typeof errorData['code'] === 'string' ? errorData.code : NAuthErrorCode.INTERNAL_ERROR;
+                // Convert Angular's HttpErrorResponse to NAuthClientError.
+                // When using responseType 'text', `error.error` is typically a string.
+                const contentType = error.headers?.get('content-type') ?? null;
+                const rawBody = typeof error.error === 'string' ? error.error : '';
+                const parsedError = this.parseJsonBody(rawBody, contentType);
+                const errorData = typeof parsedError === 'object' && parsedError !== null ? parsedError : {};
+                const code = typeof errorData['code'] === 'string' ? errorData['code'] : NAuthErrorCode.INTERNAL_ERROR;
                 const message = typeof errorData['message'] === 'string'
-                    ? errorData.message
-                    : error.message || `Request failed with status ${error.status}`;
-                const timestamp = typeof errorData['timestamp'] === 'string' ? errorData.timestamp : undefined;
-                const details = errorData['details'];
+                    ? errorData['message']
+                    : typeof parsedError === 'string' && parsedError.trim()
+                        ? parsedError
+                        : error.message || `Request failed with status ${error.status}`;
+                const timestamp = typeof errorData['timestamp'] === 'string' ? errorData['timestamp'] : undefined;
+                const details = typeof errorData['details'] === 'object' ? errorData['details'] : undefined;
                 throw new NAuthClientError(code, message, {
                     statusCode: error.status,
                     timestamp,
@@ -79,8 +122,12 @@ class AngularHttpAdapter {
                     isNetworkError: error.status === 0, // Network error (no response from server)
                 });
             }
-            // Re-throw non-HTTP errors
-            throw error;
+            // Re-throw non-HTTP errors as an SDK error so consumers don't see raw parser crashes.
+            const message = error instanceof Error ? error.message : 'Unknown error';
+            throw new NAuthClientError(NAuthErrorCode.INTERNAL_ERROR, message, {
+                statusCode: 0,
+                isNetworkError: true,
+            });
         }
     }
     static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "17.3.12", ngImport: i0, type: AngularHttpAdapter, deps: [{ token: i1.HttpClient }], target: i0.ɵɵFactoryTarget.Injectable });
@@ -220,6 +267,21 @@ class AuthService {
     getCurrentChallenge() {
         return this.challengeSubject.value;
     }
+    /**
+     * Get challenge router for manual navigation control.
+     * Useful for guards that need to handle errors or build custom URLs.
+     *
+     * @returns ChallengeRouter instance
+     *
+     * @example
+     * ```typescript
+     * const router = this.auth.getChallengeRouter();
+     * await router.navigateToError('oauth');
+     * ```
+     */
+    getChallengeRouter() {
+        return this.client.getChallengeRouter();
+    }
     // ============================================================================
     // Core Auth Methods
     // ============================================================================
@@ -962,6 +1024,118 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "17.3.12", ngImpo
                     args: [NAUTH_CLIENT_CONFIG]
                 }] }, { type: i1.HttpClient }, { type: AuthService }, { type: i3.Router }] });
 
+/**
+ * Functional route guard for authentication (Angular 17+).
+ *
+ * Protects routes by checking if user is authenticated.
+ * Redirects to configured session expired route (or login) if not authenticated.
+ *
+ * @param redirectTo - Optional path to redirect to if not authenticated. If not provided, uses `redirects.sessionExpired` from config (defaults to '/login')
+ * @returns CanActivateFn guard function
+ *
+ * @example
+ * ```typescript
+ * // In route configuration - uses config.redirects.sessionExpired
+ * const routes: Routes = [
+ *   {
+ *     path: 'home',
+ *     component: HomeComponent,
+ *     canActivate: [authGuard()]
+ *   }
+ * ];
+ *
+ * // Override with custom route
+ * const routes: Routes = [
+ *   {
+ *     path: 'admin',
+ *     component: AdminComponent,
+ *     canActivate: [authGuard('/admin/login')]
+ *   }
+ * ];
+ * ```
+ */
+function authGuard(redirectTo) {
+    return () => {
+        const auth = inject(AuthService);
+        const router = inject(Router);
+        const config = inject(NAUTH_CLIENT_CONFIG, { optional: true });
+        if (auth.isAuthenticated()) {
+            return true;
+        }
+        // Use provided redirectTo, or config.redirects.sessionExpired, or default to '/login'
+        const redirectPath = redirectTo ?? config?.redirects?.sessionExpired ?? '/login';
+        return router.createUrlTree([redirectPath]);
+    };
+}
+/**
+ * Class-based authentication guard for NgModule compatibility.
+ *
+ * **Note:** When using `NAuthModule.forRoot()`, `AuthGuard` is automatically provided
+ * and has access to the configuration. You don't need to add it to your module's providers.
+ *
+ * @example
+ * ```typescript
+ * // app.module.ts - AuthGuard is automatically provided by NAuthModule.forRoot()
+ * @NgModule({
+ *   imports: [
+ *     NAuthModule.forRoot({
+ *       baseUrl: 'https://api.example.com/auth',
+ *       tokenDelivery: 'cookies',
+ *       redirects: {
+ *         sessionExpired: '/login?expired=true',
+ *       },
+ *     }),
+ *     RouterModule.forRoot([
+ *       {
+ *         path: 'home',
+ *         component: HomeComponent,
+ *         canActivate: [AuthGuard], // Uses config.redirects.sessionExpired
+ *       },
+ *     ]),
+ *   ],
+ * })
+ * export class AppModule {}
+ *
+ * // Or provide manually in a feature module (still has access to root config)
+ * @NgModule({
+ *   providers: [AuthGuard],
+ * })
+ * export class FeatureModule {}
+ * ```
+ */
+let AuthGuard = class AuthGuard {
+    auth;
+    router;
+    config;
+    /**
+     * @param auth - Authentication service
+     * @param router - Angular router
+     * @param config - Optional client configuration (injected automatically)
+     */
+    constructor(auth, router, config) {
+        this.auth = auth;
+        this.router = router;
+        this.config = config;
+    }
+    /**
+     * Check if route can be activated.
+     *
+     * @returns True if authenticated, otherwise redirects to configured session expired route (or '/login')
+     */
+    canActivate() {
+        if (this.auth.isAuthenticated()) {
+            return true;
+        }
+        // Use config.redirects.sessionExpired or default to '/login'
+        const redirectPath = this.config?.redirects?.sessionExpired ?? '/login';
+        return this.router.createUrlTree([redirectPath]);
+    }
+};
+AuthGuard = __decorate([
+    __param(2, Optional()),
+    __param(2, Inject(NAUTH_CLIENT_CONFIG))
+], AuthGuard);
+
 /**
  * NgModule for nauth-toolkit Angular integration.
  *
@@ -1005,6 +1179,8 @@ class NAuthModule {
                     useClass: AuthInterceptorClass,
                     multi: true,
                 },
+                // Provide AuthGuard so it has access to NAUTH_CLIENT_CONFIG
+                AuthGuard,
             ],
         };
     }
@@ -1171,86 +1347,6 @@ class AuthInterceptor {
     }
 }
 
-/**
- * Functional route guard for authentication (Angular 17+).
- *
- * Protects routes by checking if user is authenticated.
- * Redirects to login page if not authenticated.
- *
- * @param redirectTo - Path to redirect to if not authenticated (default: '/login')
- * @returns CanActivateFn guard function
- *
- * @example
- * ```typescript
- * // In route configuration
- * const routes: Routes = [
- *   {
- *     path: 'home',
- *     component: HomeComponent,
- *     canActivate: [authGuard()]
- *   },
- *   {
- *     path: 'admin',
- *     component: AdminComponent,
- *     canActivate: [authGuard('/admin/login')]
- *   }
- * ];
- * ```
- */
-function authGuard(redirectTo = '/login') {
-    return () => {
-        const auth = inject(AuthService);
-        const router = inject(Router);
-        if (auth.isAuthenticated()) {
-            return true;
-        }
-        return router.createUrlTree([redirectTo]);
-    };
-}
-/**
- * Class-based authentication guard for NgModule compatibility.
- *
- * @example
- * ```typescript
- * // In route configuration (NgModule)
- * const routes: Routes = [
- *   {
- *     path: 'home',
- *     component: HomeComponent,
- *     canActivate: [AuthGuard]
- *   }
- * ];
- *
- * // In module providers
- * @NgModule({
- *   providers: [AuthGuard]
- * })
- * ```
- */
-class AuthGuard {
-    auth;
-    router;
-    /**
-     * @param auth - Authentication service
-     * @param router - Angular router
-     */
-    constructor(auth, router) {
-        this.auth = auth;
-        this.router = router;
-    }
-    /**
-     * Check if route can be activated.
-     *
-     * @returns True if authenticated, otherwise redirects to login
-     */
-    canActivate() {
-        if (this.auth.isAuthenticated()) {
-            return true;
-        }
-        return this.router.createUrlTree(['/login']);
-    }
-}
-
 /**
  * Social redirect callback route guard.
  *
@@ -1261,8 +1357,8 @@ class AuthGuard {
  * - `error` / `error_description` (provider errors)
  *
  * Behavior:
- * - If `exchangeToken` exists: exchanges it via backend and redirects to success or challenge routes.
- * - If no `exchangeToken`: treat as cookie-success path and redirect to success route.
+ * - If `exchangeToken` exists: exchanges it via backend (SDK handles navigation automatically).
+ * - If no `exchangeToken`: treat as cookie-success path (SDK handles navigation automatically).
  * - If `error` exists: redirects to oauthError route.
  *
  * @example
@@ -1276,7 +1372,6 @@ class AuthGuard {
  */
 const socialRedirectCallbackGuard = async () => {
     const auth = inject(AuthService);
-    const config = inject(NAUTH_CLIENT_CONFIG);
     const platformId = inject(PLATFORM_ID);
     const isBrowser = isPlatformBrowser(platformId);
     if (!isBrowser) {
@@ -1285,13 +1380,13 @@ const socialRedirectCallbackGuard = async () => {
     const params = new URLSearchParams(window.location.search);
     const error = params.get('error');
     const exchangeToken = params.get('exchangeToken');
+    const router = auth.getChallengeRouter();
     // Provider error: redirect to oauthError
     if (error) {
-        const errorUrl = config.redirects?.oauthError || '/login';
-        window.location.replace(errorUrl);
+        await router.navigateToError('oauth');
         return false;
     }
-    // No exchangeToken: cookie success path; redirect to success.
+    // No exchangeToken: cookie success path; hydrate then navigate to success.
     //
     // Note: we do not "activate" the callback route to avoid consumers needing to render a page.
     if (!exchangeToken) {
@@ -1305,26 +1400,31 @@ const socialRedirectCallbackGuard = async () => {
         // `currentUser` is still null even though cookies were set successfully.
         try {
             await auth.getProfile();
+            await router.navigateToSuccess();
         }
-        catch {
-            const errorUrl = config.redirects?.oauthError || '/login';
-            window.location.replace(errorUrl);
-            return false;
+        catch (err) {
+            // Only treat auth failures (401/403) as OAuth errors
+            // Network errors or other issues might be temporary - still try success route
+            const isAuthError = err instanceof NAuthClientError &&
+                (err.statusCode === 401 ||
+                    err.statusCode === 403 ||
+                    err.code === NAuthErrorCode.AUTH_TOKEN_INVALID ||
+                    err.code === NAuthErrorCode.AUTH_SESSION_EXPIRED ||
+                    err.code === NAuthErrorCode.AUTH_SESSION_NOT_FOUND);
+            if (isAuthError) {
+                // Cookies weren't set properly - OAuth failed
+                await router.navigateToError('oauth');
+            }
+            else {
+                // For network errors or other issues, proceed to success route
+                // The auth guard will handle authentication state on the next route
+                await router.navigateToSuccess();
+            }
         }
-        const successUrl = config.redirects?.success || '/';
-        window.location.replace(successUrl);
-        return false;
-    }
-    // Exchange token and route accordingly
-    const response = await auth.exchangeSocialRedirect(exchangeToken);
-    if (response.challengeName) {
-        const challengeBase = config.redirects?.challengeBase || '/auth/challenge';
-        const challengeRoute = response.challengeName.toLowerCase().replace(/_/g, '-');
-        window.location.replace(`${challengeBase}/${challengeRoute}`);
         return false;
     }
-    const successUrl = config.redirects?.success || '/';
-    window.location.replace(successUrl);
+    // Exchange token - SDK handles navigation automatically
+    await auth.exchangeSocialRedirect(exchangeToken);
     return false;
 };