@nexys/user-management-sdk 0.0.2

package/README.md

@@ -0,0 +1,3 @@
+# User Management SDK
+
+[![Test Package](https://github.com/nexys-system/user-management-client/actions/workflows/test.yml/badge.svg)](https://github.com/nexys-system/user-management-client/actions/workflows/test.yml)

package/dist/client.d.ts

@@ -0,0 +1,29 @@
+import { Locale, Profile, SSOService, UserAdmin, Permission } from "./type";
+declare class AuthClient {
+    apiBasename: string;
+    constructor(apiBasename: string);
+    authSSOUrl: (service: SSOService) => Promise<{
+        url: string;
+    }>;
+    authGoogleRedirect: (ssoService: SSOService, code: string, state: string) => Promise<{
+        profile: {
+            id: string;
+        };
+        permissions: number[];
+        locale: {
+            country: string;
+            lang: string;
+        };
+    }>;
+    getProfile: () => Promise<{
+        profile: Profile;
+        permissions: Permission[];
+        locale: Locale;
+    }>;
+    authLogout: () => Promise<any>;
+    adminUserList: () => Promise<UserAdmin[]>;
+    authRefresh: () => Promise<{
+        message: string;
+    }>;
+}
+export default AuthClient;

package/dist/client.js

@@ -0,0 +1,49 @@
+// auth stuff
+const redirectUrl = (ssoService) => [window.location.origin, "auth", "sso", ssoService, "redirect"].join("/");
+class AuthClient {
+    apiBasename;
+    constructor(apiBasename) {
+        this.apiBasename = apiBasename;
+    }
+    authSSOUrl = async (service) => {
+        const response = await fetch(`${this.apiBasename}/auth/${service}/url?redirectUrl=${encodeURIComponent(redirectUrl(service))}`);
+        return response.json();
+    };
+    authGoogleRedirect = async (ssoService, code, state) => {
+        const response = await fetch(this.apiBasename +
+            "/auth/" +
+            ssoService +
+            "/redirect?code=" +
+            encodeURIComponent(code) +
+            "&state=" +
+            encodeURIComponent(state));
+        const j = await response.json();
+        if (response.ok) {
+            return j;
+        }
+        return j;
+    };
+    getProfile = async () => {
+        const response = await fetch(this.apiBasename + "/profile");
+        const j = await response.json();
+        if (!response.ok) {
+            throw j;
+        }
+        return j;
+    };
+    authLogout = async () => {
+        const response = await fetch(this.apiBasename + "/auth/logout");
+        return response.json();
+    };
+    adminUserList = async () => {
+        const response = await fetch(this.apiBasename + "/admin/user/list", {
+            method: "POST",
+        });
+        return response.json();
+    };
+    authRefresh = async () => {
+        const response = await fetch(this.apiBasename + "/auth/refresh");
+        return response.json();
+    };
+}
+export default AuthClient;

package/dist/context.d.ts

@@ -0,0 +1,16 @@
+import React, { ReactNode } from "react";
+import AuthClient from "./client.js";
+import { Profile } from "./type.js";
+export type AuthContextType = {
+    profile: Profile;
+    logout: () => void;
+};
+export declare const AdminContext: React.Context<AuthContextType | undefined>;
+export declare const AuthProvider: ({ authClient, Spinner, loginPath, }: {
+    authClient: AuthClient;
+    Spinner: () => JSX.Element;
+    loginPath: string;
+}) => ({ children }: {
+    children: ReactNode;
+}) => import("react/jsx-runtime").JSX.Element;
+export declare const useAuth: () => AuthContextType;

package/dist/context.js

@@ -0,0 +1,65 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+import React, { createContext, useContext, useState } from "react";
+import { useNavigate } from "react-router-dom";
+export const AdminContext = createContext(undefined);
+export const AuthProvider = ({ authClient, Spinner, loginPath, }) => ({ children }) => {
+    const navigate = useNavigate();
+    const [profile, setProfile] = useState(null);
+    React.useEffect(() => {
+        try {
+            authClient
+                .getProfile()
+                .then(({ profile }) => setProfile(profile))
+                .catch(async () => {
+                try {
+                    await authClient.authRefresh();
+                    const { profile } = await authClient.getProfile();
+                    setProfile(profile);
+                }
+                catch (e) {
+                    console.log("e1", e);
+                    const navigationMessage = {
+                        message: "Your session is no longer active, you were redirected",
+                        contextClass: "warning",
+                    };
+                    navigate("/login", { state: navigationMessage });
+                }
+            });
+        }
+        catch (err) {
+            console.log("err2", err);
+            const navigationMessage = {
+                message: "Your session is no longer active, you were redirected",
+                contextClass: "warning",
+            };
+            return navigate(loginPath, { state: navigationMessage });
+        }
+    }, []);
+    if (profile === null) {
+        return _jsx(Spinner, {});
+    }
+    const logout = () => {
+        setProfile(null);
+        authClient.authLogout();
+        const navigationMessage = {
+            message: "You were successfully logged out",
+            contextClass: "info",
+        };
+        const q = btoa([profile.id, profile.instance.uuid].join(":"));
+        return navigate(loginPath + "?q=" + q, {
+            state: navigationMessage,
+        });
+    };
+    const value = {
+        profile,
+        logout,
+    };
+    return (_jsx(AdminContext.Provider, { value: value, children: children }));
+};
+export const useAuth = () => {
+    const context = useContext(AdminContext);
+    if (context === undefined) {
+        throw new Error("useAdminUseCase must be used within an AuthProvider");
+    }
+    return context;
+};

package/dist/login-utils.d.ts

@@ -0,0 +1,4 @@
+export declare const getLoginInfoFromQuery: (lSearch: string) => {
+    userId: string;
+    instanceId: string;
+} | null;

package/dist/login-utils.js

@@ -0,0 +1,9 @@
+export const getLoginInfoFromQuery = (lSearch) => {
+    const queryParams = new URLSearchParams(lSearch);
+    const paramValue = queryParams.get("q");
+    if (!paramValue) {
+        return null;
+    }
+    const [userId, instanceId] = atob(paramValue).split(":");
+    return { userId, instanceId };
+};

package/dist/sso-response.d.ts

@@ -0,0 +1,13 @@
+import AuthClient from "./client.js";
+declare const SsoResponse: ({ authClient, links, Banner, Spinner, }: {
+    authClient: AuthClient;
+    links: {
+        home: string;
+        login: string;
+    };
+    Banner: (props: {
+        label: string;
+    }) => JSX.Element;
+    Spinner: () => JSX.Element;
+}) => () => JSX.Element;
+export default SsoResponse;

package/dist/sso-response.js

@@ -0,0 +1,36 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+import { useNavigate, useParams } from "react-router-dom";
+const SsoResponse = ({ authClient, links, Banner, Spinner, }) => () => {
+    const navigate = useNavigate();
+    const params = useParams();
+    const queryParams = new URLSearchParams(window.location.search);
+    const code = queryParams.get("code");
+    const state = queryParams.get("state");
+    const ssoService = params.ssoService;
+    if (!ssoService) {
+        return _jsx(Banner, { label: "Could not find associated sso service" });
+    }
+    if (code === null) {
+        return _jsx(Banner, { label: "Code must be given" });
+    }
+    if (state === null) {
+        return _jsx(Banner, { label: "State must be given" });
+    }
+    authClient
+        .authGoogleRedirect(ssoService, code, state)
+        .then(() => {
+        navigate(links.home);
+    })
+        .catch((err) => {
+        console.log("err", err);
+        const navigationMessage = {
+            message: "Could not log you in",
+            contextClass: "error",
+        };
+        navigate(links.login, {
+            state: navigationMessage,
+        });
+    });
+    return _jsx(Spinner, {});
+};
+export default SsoResponse;

package/dist/type.d.ts

@@ -0,0 +1,36 @@
+export interface Profile {
+    id: string;
+    firstName: string;
+    lastName: string;
+    email: string;
+    instance: {
+        uuid: string;
+        name: string;
+    };
+}
+export interface Locale {
+    country: string;
+    lang: string;
+}
+export declare enum UserStatus {
+    active = 1,
+    inactive = 2,
+    pending = 3
+}
+export interface UserAdmin extends Omit<Profile, "id"> {
+    uuid: string;
+    locale: Locale;
+    status: UserStatus;
+}
+export type SSOService = "microsoft" | "apple" | "github" | "google";
+export declare const ssoAvailable: SSOService[];
+export type ContextClass = "success" | "error" | "warning" | "info" | "default";
+export interface NavigationMessage {
+    message: string;
+    contextClass: ContextClass;
+}
+export declare enum Permission {
+    app = 1,
+    admin = 2,
+    superadmin = 3
+}

package/dist/type.js

@@ -0,0 +1,12 @@
+export var UserStatus;
+(function (UserStatus) {
+    UserStatus[UserStatus["active"] = 1] = "active";
+    UserStatus[UserStatus["inactive"] = 2] = "inactive";
+    UserStatus[UserStatus["pending"] = 3] = "pending";
+})(UserStatus || (UserStatus = {}));
+export const ssoAvailable = [
+    "microsoft",
+    "apple",
+    "github",
+    "google",
+];

package/dist/utils.d.ts

@@ -0,0 +1,6 @@
+export declare const getLoginInfoFromQuery: (lSearch: string) => {
+    userId: string;
+    instanceId: string;
+} | null;
+export declare const base64UrlToUint8Array: (base64Url: string) => Uint8Array;
+export declare const arrayBufferToBase64: (buffer: ArrayBuffer) => string;

package/dist/utils.js

@@ -0,0 +1,34 @@
+export const getLoginInfoFromQuery = (lSearch) => {
+    const queryParams = new URLSearchParams(lSearch);
+    const paramValue = queryParams.get("q");
+    if (!paramValue) {
+        return null;
+    }
+    const [userId, instanceId] = atob(paramValue).split(":");
+    return { userId, instanceId };
+};
+export const base64UrlToUint8Array = (base64Url) => {
+    // Replace Base64URL characters with Base64 characters
+    const base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
+    // Decode Base64 string to binary string
+    const binaryString = atob(base64);
+    // Create a Uint8Array from the binary string
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+        bytes[i] = binaryString.charCodeAt(i);
+    }
+    return bytes;
+};
+export const arrayBufferToBase64 = (buffer) => {
+    let binary = "";
+    const bytes = new Uint8Array(buffer);
+    const len = bytes.byteLength;
+    for (let i = 0; i < len; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    // Convert binary data to a base64 string
+    const base64 = btoa(binary);
+    // Optionally, you might want to make the base64 string URL-safe
+    // by replacing "+" with "-", "/" with "_", and stripping "=" padding
+    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+};

package/dist/utils.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils.test.js

@@ -0,0 +1,78 @@
+// Import necessary modules
+import { strict as assert } from "node:assert";
+import { describe, it } from "node:test";
+import { getLoginInfoFromQuery, base64UrlToUint8Array, arrayBufferToBase64, } from "./utils.js";
+// Mock browser's atob and btoa for Node.js
+global.atob = (base64) => Buffer.from(base64, "base64").toString("binary");
+global.btoa = (binary) => Buffer.from(binary, "binary").toString("base64");
+// Describe the test suite
+describe("getLoginInfoFromQuery", () => {
+    it('should return null if the query does not contain the "q" parameter', () => {
+        const result = getLoginInfoFromQuery("?someOtherParam=abc");
+        assert.strictEqual(result, null);
+    });
+    it('should return null if the "q" parameter is missing', () => {
+        const result = getLoginInfoFromQuery("");
+        assert.strictEqual(result, null);
+    });
+    it('should decode the "q" parameter and return the correct userId and instanceId', () => {
+        const encodedParam = Buffer.from("user123:instance456").toString("base64");
+        const query = `?q=${encodedParam}`;
+        const result = getLoginInfoFromQuery(query);
+        assert.deepStrictEqual(result, {
+            userId: "user123",
+            instanceId: "instance456",
+        });
+    });
+    it('should handle missing ":" in decoded string and return undefined values', () => {
+        const encodedParam = Buffer.from("user123").toString("base64");
+        const query = `?q=${encodedParam}`;
+        const result = getLoginInfoFromQuery(query);
+        assert.deepStrictEqual(result, {
+            userId: "user123",
+            instanceId: undefined,
+        });
+    });
+});
+// Tests for base64UrlToUint8Array
+describe("base64UrlToUint8Array", () => {
+    it("should correctly convert Base64URL string to Uint8Array", () => {
+        const base64Url = "SGVsbG8td29ybGQ_"; // Base64URL for "Hello-world?"
+        const expectedArray = new Uint8Array([
+            72, 101, 108, 108, 111, 45, 119, 111, 114, 108, 100, 63,
+        ]);
+        const result = base64UrlToUint8Array(base64Url);
+        assert.deepStrictEqual(result, expectedArray);
+    });
+    it("should handle padding correctly", () => {
+        const base64Url = "SGVsbG8gd29ybGQ"; // Base64URL for "Hello world" without padding
+        const expectedArray = new Uint8Array([
+            72, 101, 108, 108, 111, 32, 119, 111, 114, 108, 100,
+        ]);
+        const result = base64UrlToUint8Array(base64Url);
+        assert.deepStrictEqual(result, expectedArray);
+    });
+});
+// Tests for arrayBufferToBase64
+describe("arrayBufferToBase64", () => {
+    it("should correctly convert ArrayBuffer to Base64URL string", () => {
+        const buffer = new Uint8Array([
+            72, 101, 108, 108, 111, 45, 119, 111, 114, 108, 100, 63,
+        ]).buffer;
+        const expectedBase64Url = "SGVsbG8td29ybGQ_";
+        const result = arrayBufferToBase64(buffer);
+        assert.strictEqual(result, expectedBase64Url);
+    });
+    it("should handle empty ArrayBuffer", () => {
+        const buffer = new ArrayBuffer(0);
+        const expectedBase64Url = "";
+        const result = arrayBufferToBase64(buffer);
+        assert.strictEqual(result, expectedBase64Url);
+    });
+    it("should handle large ArrayBuffer", () => {
+        const buffer = new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7, 8, 9]).buffer;
+        const expectedBase64Url = "AAECAwQFBgcICQ";
+        const result = arrayBufferToBase64(buffer);
+        assert.strictEqual(result, expectedBase64Url);
+    });
+});

package/dist/webauthn.d.ts

@@ -0,0 +1,9 @@
+export declare const login: (user: {
+    uuid: string;
+}, instance: {
+    uuid: string;
+}) => Promise<any>;
+export declare const register: () => Promise<{
+    isValidSignature: boolean;
+    uuid: string;
+}>;

package/dist/webauthn.js

@@ -0,0 +1,150 @@
+import * as U from "./utils";
+// webauthn  client
+const getPreLogin = async (user, instance) => {
+    const r = await fetch("/napi/auth/webauthn/prelogin", {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ uuid: user.uuid, instance }), // send user id
+    });
+    const j = await r.json();
+    if (!r.ok && "error" in j) {
+        throw Error(j.error);
+    }
+    return j;
+};
+const loginRequest = async (jwt, { credentialId, authenticatorData, clientDataJSON, signature, }) => {
+    const respose = await fetch("/napi/auth/webauthn/login", {
+        method: "POST",
+        body: JSON.stringify({
+            jwt,
+            credentialId,
+            authenticatorData,
+            clientDataJSON,
+            signature,
+        }),
+        headers: { "content-type": "application/json" },
+    });
+    return respose.json();
+};
+function uuidToUint8Array(uuid) {
+    // Remove all hyphens from the UUID
+    const hexNoDashes = uuid.replace(/-/g, "");
+    // Make sure the cleaned hex string is of length 32
+    if (hexNoDashes.length !== 32) {
+        throw new Error("Invalid UUID format");
+    }
+    const arrayBuffer = new Uint8Array(16);
+    for (let i = 0, j = 0; i < 32; i += 2, j++) {
+        // Convert each pair of hexadecimal characters to a byte
+        arrayBuffer[j] = parseInt(hexNoDashes.substr(i, 2), 16);
+    }
+    return arrayBuffer;
+}
+export const login = async (user, instance) => {
+    const { challenge, authenticators } = await getPreLogin(user, instance);
+    // console.log({ challenge });
+    const transports = [
+        // "usb",
+        // "nfc",
+        //  "ble",
+        "internal",
+    ]; // Specify acceptable transports if known
+    const allowCredentials = authenticators.map((cred) => ({
+        id: U.base64UrlToUint8Array(cred.credentialId), // Convert from Base64 URL to Uint8Array
+        type: "public-key",
+        transports,
+    }));
+    const newCredentialInfo = await navigator.credentials.get({
+        publicKey: {
+            challenge: U.base64UrlToUint8Array(challenge),
+            allowCredentials,
+            userVerification: "required", // "preferred", // or 'required' or 'discouraged'
+            timeout: 60000, // Optional: adjust according to your needs
+        },
+    });
+    if (!newCredentialInfo) {
+        throw Error("failing to retrieve credentials");
+    }
+    // Find which credential was used
+    const matchedCredential = authenticators.find((cred) => U.base64UrlToUint8Array(cred.credentialId).toString() ===
+        new Uint8Array(newCredentialInfo.rawId).toString());
+    //  console.log(matchedCredential, "!");
+    if (!matchedCredential) {
+        throw Error("could not match credentials");
+    }
+    const { response } = newCredentialInfo;
+    const authenticatorData = U.arrayBufferToBase64(response.authenticatorData);
+    const clientDataJSON = U.arrayBufferToBase64(response.clientDataJSON);
+    const signature = U.arrayBufferToBase64(response.signature);
+    return loginRequest(matchedCredential.jwt, {
+        credentialId: matchedCredential.credentialId,
+        authenticatorData,
+        clientDataJSON,
+        signature,
+    });
+};
+const preRegister = async () => {
+    const response = await fetch("/napi/profile/webauthn/register");
+    return response.json();
+};
+const registerRequest = async ({ credentialId, attestationObject, clientDataJSON, jwt, }) => {
+    const respose = await fetch("/napi/profile/webauthn/register", {
+        method: "POST",
+        body: JSON.stringify({
+            jwt,
+            credentialId,
+            attestationObject,
+            clientDataJSON,
+        }),
+        headers: { "content-type": "application/json" },
+    });
+    return respose.json();
+};
+export const register = async () => {
+    //getChallenge();
+    const { challenge, rp, user, jwt } = await preRegister();
+    const publicKey = {
+        // Relying Party (your service)
+        rp,
+        // User Information
+        user: {
+            id: uuidToUint8Array(user.uuid),
+            name: user.name,
+            displayName: user.displayName,
+        },
+        // Cryptographic challenge from the server
+        challenge: U.base64UrlToUint8Array(challenge),
+        // Public key parameters
+        pubKeyCredParams: [
+            { alg: -7, type: "public-key" }, // ES256
+            { alg: -257, type: "public-key" }, // RS256
+        ], // Registration timeout
+        timeout: 60000, // 60 seconds
+        // Attestation preference
+        attestation: "direct",
+        // Exclude existing credentials to prevent re-registration
+        excludeCredentials: [], // Use this to exclude already registered credentials
+        authenticatorSelection: {
+            authenticatorAttachment: ["platform", "cross-platform"], // for now platform, in a second step add phones and external keys
+            requireResidentKey: false,
+            userVerification: "preferred",
+        },
+    };
+    // Request the creation of new credentials
+    const newCredentialInfo = (await navigator.credentials.create({
+        publicKey,
+    }));
+    const credentialId = newCredentialInfo.id;
+    // const publicKey = new TextDecoder().decode(
+    //  newCredentialInfo.response.clientDataJSON
+    //); // For demonstration; actual extraction differs
+    const attestationObject = U.arrayBufferToBase64(newCredentialInfo.response.attestationObject);
+    const clientDataJSON = U.arrayBufferToBase64(newCredentialInfo.response.clientDataJSON);
+    console.log({ credentialId, attestationObject, clientDataJSON });
+    return registerRequest({
+        jwt,
+        credentialId,
+        attestationObject,
+        clientDataJSON,
+    });
+};

package/package.json

@@ -0,0 +1,33 @@
+{
+  "name": "@nexys/user-management-sdk",
+  "version": "0.0.2",
+  "private": false,
+  "description": "react client/sdk that faciliates connecting to the user management",
+  "main": "dist/index.js",
+  "devDependencies": {
+    "@types/node": "^22.5.4",
+    "@types/react": "^18.3.5",
+    "react": "^18.3.1",
+    "react-router-dom": "^6.26.2",
+    "typescript": "^5.6.2"
+  },
+  "type": "module",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "node dist/*.test.js",
+    "buildPackage": "yarn build; rm dist/*.test.js; rm dist/*.test.d.ts"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+ssh://git@github.com/nexys-system/user-management-client.git"
+  },
+  "author": "Nexys",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/nexys-system/user-management-client/issues"
+  },
+  "homepage": "https://github.com/nexys-system/user-management-client#readme"
+}