@nauth-toolkit/client-angular 0.1.58 → 0.1.59

package/fesm2022/nauth-toolkit-client-angular.mjs

@@ -1,13 +1,14 @@
 import { NAuthErrorCode, NAuthClientError, NAuthClient } from '@nauth-toolkit/client';
 export * from '@nauth-toolkit/client';
 import * as i0 from '@angular/core';
-import { InjectionToken, Injectable, Inject, NgModule, inject, PLATFORM_ID } from '@angular/core';
+import { InjectionToken, Injectable, Inject, inject, Optional, NgModule, PLATFORM_ID } from '@angular/core';
 import { firstValueFrom, BehaviorSubject, Subject, catchError, from, switchMap, throwError, filter as filter$1, take } from 'rxjs';
 import { filter } from 'rxjs/operators';
 import * as i1 from '@angular/common/http';
 import { HttpErrorResponse, HTTP_INTERCEPTORS, HttpClientModule, HttpClient } from '@angular/common/http';
 import * as i3 from '@angular/router';
 import { Router } from '@angular/router';
+import { __decorate, __param } from 'tslib';
 import { isPlatformBrowser } from '@angular/common';
 
 /**
@@ -266,6 +267,21 @@ class AuthService {
     getCurrentChallenge() {
         return this.challengeSubject.value;
     }
+    /**
+     * Get challenge router for manual navigation control.
+     * Useful for guards that need to handle errors or build custom URLs.
+     *
+     * @returns ChallengeRouter instance
+     *
+     * @example
+     * ```typescript
+     * const router = this.auth.getChallengeRouter();
+     * await router.navigateToError('oauth');
+     * ```
+     */
+    getChallengeRouter() {
+        return this.client.getChallengeRouter();
+    }
     // ============================================================================
     // Core Auth Methods
     // ============================================================================
@@ -1008,6 +1024,118 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "17.3.12", ngImpo
                     args: [NAUTH_CLIENT_CONFIG]
                 }] }, { type: i1.HttpClient }, { type: AuthService }, { type: i3.Router }] });
 
+/**
+ * Functional route guard for authentication (Angular 17+).
+ *
+ * Protects routes by checking if user is authenticated.
+ * Redirects to configured session expired route (or login) if not authenticated.
+ *
+ * @param redirectTo - Optional path to redirect to if not authenticated. If not provided, uses `redirects.sessionExpired` from config (defaults to '/login')
+ * @returns CanActivateFn guard function
+ *
+ * @example
+ * ```typescript
+ * // In route configuration - uses config.redirects.sessionExpired
+ * const routes: Routes = [
+ *   {
+ *     path: 'home',
+ *     component: HomeComponent,
+ *     canActivate: [authGuard()]
+ *   }
+ * ];
+ *
+ * // Override with custom route
+ * const routes: Routes = [
+ *   {
+ *     path: 'admin',
+ *     component: AdminComponent,
+ *     canActivate: [authGuard('/admin/login')]
+ *   }
+ * ];
+ * ```
+ */
+function authGuard(redirectTo) {
+    return () => {
+        const auth = inject(AuthService);
+        const router = inject(Router);
+        const config = inject(NAUTH_CLIENT_CONFIG, { optional: true });
+        if (auth.isAuthenticated()) {
+            return true;
+        }
+        // Use provided redirectTo, or config.redirects.sessionExpired, or default to '/login'
+        const redirectPath = redirectTo ?? config?.redirects?.sessionExpired ?? '/login';
+        return router.createUrlTree([redirectPath]);
+    };
+}
+/**
+ * Class-based authentication guard for NgModule compatibility.
+ *
+ * **Note:** When using `NAuthModule.forRoot()`, `AuthGuard` is automatically provided
+ * and has access to the configuration. You don't need to add it to your module's providers.
+ *
+ * @example
+ * ```typescript
+ * // app.module.ts - AuthGuard is automatically provided by NAuthModule.forRoot()
+ * @NgModule({
+ *   imports: [
+ *     NAuthModule.forRoot({
+ *       baseUrl: 'https://api.example.com/auth',
+ *       tokenDelivery: 'cookies',
+ *       redirects: {
+ *         sessionExpired: '/login?expired=true',
+ *       },
+ *     }),
+ *     RouterModule.forRoot([
+ *       {
+ *         path: 'home',
+ *         component: HomeComponent,
+ *         canActivate: [AuthGuard], // Uses config.redirects.sessionExpired
+ *       },
+ *     ]),
+ *   ],
+ * })
+ * export class AppModule {}
+ *
+ * // Or provide manually in a feature module (still has access to root config)
+ * @NgModule({
+ *   providers: [AuthGuard],
+ * })
+ * export class FeatureModule {}
+ * ```
+ */
+let AuthGuard = class AuthGuard {
+    auth;
+    router;
+    config;
+    /**
+     * @param auth - Authentication service
+     * @param router - Angular router
+     * @param config - Optional client configuration (injected automatically)
+     */
+    constructor(auth, router, config) {
+        this.auth = auth;
+        this.router = router;
+        this.config = config;
+    }
+    /**
+     * Check if route can be activated.
+     *
+     * @returns True if authenticated, otherwise redirects to configured session expired route (or '/login')
+     */
+    canActivate() {
+        if (this.auth.isAuthenticated()) {
+            return true;
+        }
+        // Use config.redirects.sessionExpired or default to '/login'
+        const redirectPath = this.config?.redirects?.sessionExpired ?? '/login';
+        return this.router.createUrlTree([redirectPath]);
+    }
+};
+AuthGuard = __decorate([
+    __param(2, Optional()),
+    __param(2, Inject(NAUTH_CLIENT_CONFIG))
+], AuthGuard);
+
 /**
  * NgModule for nauth-toolkit Angular integration.
  *
@@ -1051,6 +1179,8 @@ class NAuthModule {
                     useClass: AuthInterceptorClass,
                     multi: true,
                 },
+                // Provide AuthGuard so it has access to NAUTH_CLIENT_CONFIG
+                AuthGuard,
             ],
         };
     }
@@ -1217,86 +1347,6 @@ class AuthInterceptor {
     }
 }
 
-/**
- * Functional route guard for authentication (Angular 17+).
- *
- * Protects routes by checking if user is authenticated.
- * Redirects to login page if not authenticated.
- *
- * @param redirectTo - Path to redirect to if not authenticated (default: '/login')
- * @returns CanActivateFn guard function
- *
- * @example
- * ```typescript
- * // In route configuration
- * const routes: Routes = [
- *   {
- *     path: 'home',
- *     component: HomeComponent,
- *     canActivate: [authGuard()]
- *   },
- *   {
- *     path: 'admin',
- *     component: AdminComponent,
- *     canActivate: [authGuard('/admin/login')]
- *   }
- * ];
- * ```
- */
-function authGuard(redirectTo = '/login') {
-    return () => {
-        const auth = inject(AuthService);
-        const router = inject(Router);
-        if (auth.isAuthenticated()) {
-            return true;
-        }
-        return router.createUrlTree([redirectTo]);
-    };
-}
-/**
- * Class-based authentication guard for NgModule compatibility.
- *
- * @example
- * ```typescript
- * // In route configuration (NgModule)
- * const routes: Routes = [
- *   {
- *     path: 'home',
- *     component: HomeComponent,
- *     canActivate: [AuthGuard]
- *   }
- * ];
- *
- * // In module providers
- * @NgModule({
- *   providers: [AuthGuard]
- * })
- * ```
- */
-class AuthGuard {
-    auth;
-    router;
-    /**
-     * @param auth - Authentication service
-     * @param router - Angular router
-     */
-    constructor(auth, router) {
-        this.auth = auth;
-        this.router = router;
-    }
-    /**
-     * Check if route can be activated.
-     *
-     * @returns True if authenticated, otherwise redirects to login
-     */
-    canActivate() {
-        if (this.auth.isAuthenticated()) {
-            return true;
-        }
-        return this.router.createUrlTree(['/login']);
-    }
-}
-
 /**
  * Social redirect callback route guard.
  *
@@ -1307,8 +1357,8 @@ class AuthGuard {
  * - `error` / `error_description` (provider errors)
  *
  * Behavior:
- * - If `exchangeToken` exists: exchanges it via backend and redirects to success or challenge routes.
- * - If no `exchangeToken`: treat as cookie-success path and redirect to success route.
+ * - If `exchangeToken` exists: exchanges it via backend (SDK handles navigation automatically).
+ * - If no `exchangeToken`: treat as cookie-success path (SDK handles navigation automatically).
  * - If `error` exists: redirects to oauthError route.
  *
  * @example
@@ -1322,7 +1372,6 @@ class AuthGuard {
  */
 const socialRedirectCallbackGuard = async () => {
     const auth = inject(AuthService);
-    const config = inject(NAUTH_CLIENT_CONFIG);
     const platformId = inject(PLATFORM_ID);
     const isBrowser = isPlatformBrowser(platformId);
     if (!isBrowser) {
@@ -1331,13 +1380,13 @@ const socialRedirectCallbackGuard = async () => {
     const params = new URLSearchParams(window.location.search);
     const error = params.get('error');
     const exchangeToken = params.get('exchangeToken');
+    const router = auth.getChallengeRouter();
     // Provider error: redirect to oauthError
     if (error) {
-        const errorUrl = config.redirects?.oauthError || '/login';
-        window.location.replace(errorUrl);
+        await router.navigateToError('oauth');
         return false;
     }
-    // No exchangeToken: cookie success path; redirect to success.
+    // No exchangeToken: cookie success path; hydrate then navigate to success.
     //
     // Note: we do not "activate" the callback route to avoid consumers needing to render a page.
     if (!exchangeToken) {
@@ -1351,26 +1400,31 @@ const socialRedirectCallbackGuard = async () => {
         // `currentUser` is still null even though cookies were set successfully.
         try {
             await auth.getProfile();
+            await router.navigateToSuccess();
         }
-        catch {
-            const errorUrl = config.redirects?.oauthError || '/login';
-            window.location.replace(errorUrl);
-            return false;
+        catch (err) {
+            // Only treat auth failures (401/403) as OAuth errors
+            // Network errors or other issues might be temporary - still try success route
+            const isAuthError = err instanceof NAuthClientError &&
+                (err.statusCode === 401 ||
+                    err.statusCode === 403 ||
+                    err.code === NAuthErrorCode.AUTH_TOKEN_INVALID ||
+                    err.code === NAuthErrorCode.AUTH_SESSION_EXPIRED ||
+                    err.code === NAuthErrorCode.AUTH_SESSION_NOT_FOUND);
+            if (isAuthError) {
+                // Cookies weren't set properly - OAuth failed
+                await router.navigateToError('oauth');
+            }
+            else {
+                // For network errors or other issues, proceed to success route
+                // The auth guard will handle authentication state on the next route
+                await router.navigateToSuccess();
+            }
         }
-        const successUrl = config.redirects?.success || '/';
-        window.location.replace(successUrl);
-        return false;
-    }
-    // Exchange token and route accordingly
-    const response = await auth.exchangeSocialRedirect(exchangeToken);
-    if (response.challengeName) {
-        const challengeBase = config.redirects?.challengeBase || '/auth/challenge';
-        const challengeRoute = response.challengeName.toLowerCase().replace(/_/g, '-');
-        window.location.replace(`${challengeBase}/${challengeRoute}`);
         return false;
     }
-    const successUrl = config.redirects?.success || '/';
-    window.location.replace(successUrl);
+    // Exchange token - SDK handles navigation automatically
+    await auth.exchangeSocialRedirect(exchangeToken);
     return false;
 };