@nhost/nhost-js 3.2.8 → 5.0.0-beta.1

package/dist/src/middlewareAttachToken.js

@@ -0,0 +1,60 @@
+/**
+ * @fileoverview Authorization token attachment middleware for the Nhost SDK.
+ *
+ * This module provides middleware functionality to automatically attach
+ * authorization tokens to outgoing API requests, ensuring the client
+ * is properly authenticated.
+ */
+import {} from "./sessionStorage";
+import {} from "./fetch";
+/**
+ * Creates a fetch middleware that adds the Authorization header with the current access token.
+ *
+ * This middleware:
+ * 1. Gets the current session from storage
+ * 2. Adds the authorization header with the access token to outgoing requests
+ *
+ * This middleware should be used after the refresh middleware in the chain to
+ * ensure the most recent token is used.
+ *
+ * @param storage - Storage implementation for retrieving session data
+ * @returns A middleware function that adds Authorization headers
+ */
+export const createAttachAccessTokenMiddleware = (storage) => {
+    return (next) => {
+        return async (url, options = {}) => {
+            const headers = new Headers(options.headers || {});
+            // Skip if Authorization header is already set
+            if (headers.has("Authorization")) {
+                return next(url, options);
+            }
+            // Get current session from storage
+            const session = storage.get();
+            if (session?.accessToken) {
+                // Add authorization header
+                const newOptions = {
+                    ...options,
+                    headers: addAuthorizationHeader(headers, session),
+                };
+                // Continue with the fetch chain
+                return next(url, newOptions);
+            }
+            // No session or no access token, continue without authorization
+            return next(url, options);
+        };
+    };
+};
+/**
+ * Adds the Authorization header with the access token to the request headers
+ *
+ * @param headers - Original request headers
+ * @param session - Current session containing the access token
+ * @returns Modified headers with Authorization header
+ */
+function addAuthorizationHeader(headers, session) {
+    if (session.accessToken) {
+        headers.set("Authorization", `Bearer ${session.accessToken}`);
+    }
+    return headers;
+}
+//# sourceMappingURL=middlewareAttachToken.js.map

package/dist/src/middlewareAttachToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewareAttachToken.js","sourceRoot":"","sources":["../../src/middlewareAttachToken.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAgC,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAA0C,MAAM,SAAS,CAAC;AAEjE;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,iCAAiC,GAAG,CAC/C,OAAgC,EACjB,EAAE;IACjB,OAAO,CAAC,IAAmB,EAAiB,EAAE;QAC5C,OAAO,KAAK,EACV,GAAW,EACX,UAAuB,EAAE,EACN,EAAE;YACrB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;YAEnD,8CAA8C;YAC9C,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;gBACjC,OAAO,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC5B,CAAC;YAED,mCAAmC;YACnC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;YAE9B,IAAI,OAAO,EAAE,WAAW,EAAE,CAAC;gBACzB,2BAA2B;gBAC3B,MAAM,UAAU,GAAG;oBACjB,GAAG,OAAO;oBACV,OAAO,EAAE,sBAAsB,CAAC,OAAO,EAAE,OAAO,CAAC;iBAClD,CAAC;gBAEF,gCAAgC;gBAChC,OAAO,IAAI,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YAC/B,CAAC;YAED,gEAAgE;YAChE,OAAO,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC5B,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,SAAS,sBAAsB,CAAC,OAAgB,EAAE,OAAgB;IAChE,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/src/middlewareRefreshSession.d.ts

@@ -0,0 +1,43 @@
+/**
+ * @fileoverview Auth token refresh middleware for the Nhost SDK.
+ *
+ * This module provides middleware functionality to automatically refresh
+ * authentication tokens before they expire, ensuring seamless API access
+ * without requiring manual token refresh by the application.
+ */
+import type { Client } from "./auth";
+import { type SessionStorageInterface } from "./sessionStorage";
+import { type ChainFunction } from "./fetch";
+/**
+ * Extracts the expiration time from a JWT token
+ * @param token - JWT token string
+ * @returns Expiration timestamp in milliseconds, or 0 if unable to extract
+ */
+export declare const extractTokenExpiration: (token: string) => number;
+/**
+ * Configuration options for the session refresh middleware
+ */
+export type SessionRefreshOptions = {
+    /**
+     * Number of seconds before token expiration when a refresh should be triggered.
+     * Default is 60 seconds (1 minute).
+     */
+    marginSeconds?: number;
+};
+/**
+ * Creates a fetch middleware that automatically refreshes authentication tokens.
+ *
+ * This middleware:
+ * 1. Checks if the current token is about to expire
+ * 2. If so, uses the refresh token to obtain a new access token
+ *
+ * The middleware handles token refresh transparently, so the application
+ * doesn't need to manually refresh tokens.
+ *
+ * @param authClient - Auth API client for token refresh operations
+ * @param storage - Storage implementation for persisting session data
+ * @param options - Configuration options for token refresh behavior
+ * @returns A middleware function that can be used in the fetch chain
+ */
+export declare const createSessionRefreshMiddleware: (authClient: Client, storage: SessionStorageInterface, options?: SessionRefreshOptions) => ChainFunction;
+//# sourceMappingURL=middlewareRefreshSession.d.ts.map

package/dist/src/middlewareRefreshSession.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewareRefreshSession.d.ts","sourceRoot":"","sources":["../../src/middlewareRefreshSession.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAW,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,KAAK,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,KAAK,aAAa,EAAsB,MAAM,SAAS,CAAC;AAEjE;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,GAAI,OAAO,MAAM,KAAG,MAgCtD,CAAC;AAkCF;;GAEG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,8BAA8B,GACzC,YAAY,MAAM,EAClB,SAAS,uBAAuB,EAChC,UAAU,qBAAqB,KAC9B,aA4DF,CAAC"}

package/dist/src/middlewareRefreshSession.js

@@ -0,0 +1,190 @@
+/**
+ * @fileoverview Auth token refresh middleware for the Nhost SDK.
+ *
+ * This module provides middleware functionality to automatically refresh
+ * authentication tokens before they expire, ensuring seamless API access
+ * without requiring manual token refresh by the application.
+ */
+import {} from "./sessionStorage";
+import {} from "./fetch";
+/**
+ * Extracts the expiration time from a JWT token
+ * @param token - JWT token string
+ * @returns Expiration timestamp in milliseconds, or 0 if unable to extract
+ */
+export const extractTokenExpiration = (token) => {
+    try {
+        // JWT tokens are in the format header.payload.signature
+        const parts = token.split(".");
+        if (parts.length !== 3) {
+            console.warn("Token does not have three parts");
+            return 0;
+        }
+        // At this point, we know parts has exactly 3 elements
+        // Use a non-null assertion or check explicitly
+        const payloadPart = parts[1];
+        if (!payloadPart) {
+            console.warn("Payload part is empty");
+            return 0;
+        }
+        // Decode the payload (middle part)
+        const base64 = payloadPart.replace(/-/g, "+").replace(/_/g, "/");
+        const payload = decodeTokenPayload(base64);
+        if (payload.exp) {
+            // exp claim is in seconds, convert to milliseconds
+            return payload.exp * 1000;
+        }
+        else {
+            console.warn("No exp claim found in token");
+            return 0;
+        }
+    }
+    catch (error) {
+        console.warn("Failed to extract token expiration:", error);
+        return 0;
+    }
+};
+/**
+ * Decodes a base64-encoded JWT payload
+ * @param base64Payload - Base64-encoded payload
+ * @returns Decoded payload as an object
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function decodeTokenPayload(base64Payload) {
+    try {
+        let jsonPayload;
+        if (typeof window !== "undefined") {
+            // Browser environment
+            jsonPayload = decodeURIComponent(window
+                .atob(base64Payload)
+                .split("")
+                .map((c) => "%" + ("00" + c.charCodeAt(0).toString(16)).slice(-2))
+                .join(""));
+        }
+        else {
+            // Node.js environment
+            const buffer = Buffer.from(base64Payload, "base64");
+            jsonPayload = buffer.toString("utf8");
+        }
+        return JSON.parse(jsonPayload);
+    }
+    catch (e) {
+        console.warn("Error decoding token payload:", e);
+        throw e;
+    }
+}
+/**
+ * Creates a fetch middleware that automatically refreshes authentication tokens.
+ *
+ * This middleware:
+ * 1. Checks if the current token is about to expire
+ * 2. If so, uses the refresh token to obtain a new access token
+ *
+ * The middleware handles token refresh transparently, so the application
+ * doesn't need to manually refresh tokens.
+ *
+ * @param authClient - Auth API client for token refresh operations
+ * @param storage - Storage implementation for persisting session data
+ * @param options - Configuration options for token refresh behavior
+ * @returns A middleware function that can be used in the fetch chain
+ */
+export const createSessionRefreshMiddleware = (authClient, storage, options) => {
+    const { marginSeconds = 60 } = options || {};
+    // Session state
+    let currentSession = null;
+    let tokenExpiresAt = 0;
+    // Create and return the chain function
+    return (next) => {
+        return async (url, options = {}) => {
+            // Skip token handling for certain requests
+            if (shouldSkipTokenHandling(url, options, authClient.baseURL)) {
+                return next(url, options);
+            }
+            try {
+                // Get current session from storage
+                currentSession = storage.get();
+                if (currentSession?.accessToken) {
+                    tokenExpiresAt = extractTokenExpiration(currentSession.accessToken);
+                }
+                // If we don't have a session, proceed without authorization
+                if (!currentSession) {
+                    return next(url, options);
+                }
+                // Check if token needs refresh
+                if (isTokenExpiringSoon(tokenExpiresAt, marginSeconds)) {
+                    if (currentSession.refreshToken) {
+                        // Refresh the token
+                        const refreshedSession = await refreshToken(authClient, storage, currentSession.refreshToken);
+                        if (refreshedSession) {
+                            currentSession = refreshedSession;
+                            tokenExpiresAt = extractTokenExpiration(refreshedSession.accessToken);
+                            storage.set(refreshedSession);
+                        }
+                    }
+                }
+                // Continue with the fetch chain
+                return next(url, options);
+            }
+            catch (error) {
+                console.error("Error in token refresh chain:", error);
+                // Continue with the request even if token refresh fails
+                return next(url, options);
+            }
+        };
+    };
+};
+/**
+ * Performs the actual token refresh operation using the auth client
+ *
+ * @param authClient - Auth API client to use for token refresh
+ * @param storage - Storage implementation for persisting the new session
+ * @param refreshToken - Current refresh token to use
+ * @returns A new session if refresh was successful, null otherwise
+ */
+async function refreshToken(authClient, storage, refreshToken) {
+    try {
+        const refreshResponse = await authClient.refreshToken({ refreshToken });
+        if (refreshResponse.status === 200) {
+            const session = refreshResponse.body;
+            storage.set(session);
+            return session;
+        }
+        return null;
+    }
+    catch (error) {
+        console.error("Error refreshing token:", error);
+        return null;
+    }
+}
+/**
+ * Determines if token handling should be skipped for this request
+ *
+ * @param url - Request URL
+ * @param options - Request options
+ * @param authApiUrl - Base URL for auth API
+ * @returns True if token handling should be skipped, false otherwise
+ */
+function shouldSkipTokenHandling(url, options, authApiUrl) {
+    const headers = new Headers(options.headers || {});
+    // If Authorization header is explicitly set, skip token handling
+    if (headers.has("Authorization")) {
+        return true;
+    }
+    // If calling the token endpoint, skip to avoid infinite loops
+    if (url === `${authApiUrl}/token`) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Checks if a token is expiring soon and needs to be refreshed
+ *
+ * @param expiresAt - Token expiration timestamp in milliseconds
+ * @param marginSeconds - Number of seconds before expiration to trigger refresh
+ * @returns True if token is expiring soon, false otherwise
+ */
+function isTokenExpiringSoon(expiresAt, marginSeconds) {
+    const currentTime = Date.now();
+    return expiresAt - currentTime < marginSeconds * 1000;
+}
+//# sourceMappingURL=middlewareRefreshSession.js.map

package/dist/src/middlewareRefreshSession.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewareRefreshSession.js","sourceRoot":"","sources":["../../src/middlewareRefreshSession.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAgC,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAA0C,MAAM,SAAS,CAAC;AAEjE;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,KAAa,EAAU,EAAE;IAC9D,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;YAChD,OAAO,CAAC,CAAC;QACX,CAAC;QAED,sDAAsD;QACtD,+CAA+C;QAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACtC,OAAO,CAAC,CAAC;QACX,CAAC;QAED,mCAAmC;QACnC,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACjE,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAE3C,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,mDAAmD;YACnD,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;YAC5C,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAC;QAC3D,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC,CAAC;AAEF;;;;GAIG;AACH,8DAA8D;AAC9D,SAAS,kBAAkB,CAAC,aAAqB;IAC/C,IAAI,CAAC;QACH,IAAI,WAAmB,CAAC;QAExB,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,sBAAsB;YACtB,WAAW,GAAG,kBAAkB,CAC9B,MAAM;iBACH,IAAI,CAAC,aAAa,CAAC;iBACnB,KAAK,CAAC,EAAE,CAAC;iBACT,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;iBACjE,IAAI,CAAC,EAAE,CAAC,CACZ,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,sBAAsB;YACtB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;YACpD,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,+BAA+B,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC;AAaD;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAC5C,UAAkB,EAClB,OAAgC,EAChC,OAA+B,EAChB,EAAE;IACjB,MAAM,EAAE,aAAa,GAAG,EAAE,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;IAE7C,gBAAgB;IAChB,IAAI,cAAc,GAAmB,IAAI,CAAC;IAC1C,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,uCAAuC;IACvC,OAAO,CAAC,IAAmB,EAAiB,EAAE;QAC5C,OAAO,KAAK,EACV,GAAW,EACX,UAAuB,EAAE,EACN,EAAE;YACrB,2CAA2C;YAC3C,IAAI,uBAAuB,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9D,OAAO,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC5B,CAAC;YAED,IAAI,CAAC;gBACH,mCAAmC;gBACnC,cAAc,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;gBAE/B,IAAI,cAAc,EAAE,WAAW,EAAE,CAAC;oBAChC,cAAc,GAAG,sBAAsB,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;gBACtE,CAAC;gBAED,4DAA4D;gBAC5D,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpB,OAAO,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBAC5B,CAAC;gBAED,+BAA+B;gBAC/B,IAAI,mBAAmB,CAAC,cAAc,EAAE,aAAa,CAAC,EAAE,CAAC;oBACvD,IAAI,cAAc,CAAC,YAAY,EAAE,CAAC;wBAChC,oBAAoB;wBACpB,MAAM,gBAAgB,GAAG,MAAM,YAAY,CACzC,UAAU,EACV,OAAO,EACP,cAAc,CAAC,YAAY,CAC5B,CAAC;wBAEF,IAAI,gBAAgB,EAAE,CAAC;4BACrB,cAAc,GAAG,gBAAgB,CAAC;4BAClC,cAAc,GAAG,sBAAsB,CACrC,gBAAgB,CAAC,WAAW,CAC7B,CAAC;4BACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;wBAChC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,gCAAgC;gBAChC,OAAO,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;gBACtD,wDAAwD;gBACxD,OAAO,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC;AAEF;;;;;;;GAOG;AACH,KAAK,UAAU,YAAY,CACzB,UAAkB,EAClB,OAAgC,EAChC,YAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC,YAAY,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC;QAExE,IAAI,eAAe,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACrB,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAC9B,GAAW,EACX,OAAoB,EACpB,UAAkB;IAElB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;IAEnD,iEAAiE;IACjE,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8DAA8D;IAC9D,IAAI,GAAG,KAAK,GAAG,UAAU,QAAQ,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAC1B,SAAiB,EACjB,aAAqB;IAErB,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,OAAO,SAAS,GAAG,WAAW,GAAG,aAAa,GAAG,IAAI,CAAC;AACxD,CAAC"}

package/dist/src/middlewareResponseSession.d.ts

@@ -0,0 +1,26 @@
+/**
+ * @fileoverview Session response middleware for the Nhost SDK.
+ *
+ * This module provides middleware functionality to automatically extract
+ * and persist session information from authentication responses, ensuring
+ * that new sessions are properly stored after sign-in operations.
+ */
+import { type SessionStorageInterface } from "./sessionStorage";
+import { type ChainFunction } from "./fetch";
+/**
+ * Creates a fetch middleware that automatically extracts and stores session data from API responses.
+ *
+ * This middleware:
+ * 1. Monitors responses from authentication-related endpoints
+ * 2. Extracts session information when present
+ * 3. Stores the session in the provided storage implementation
+ * 4. Handles session removal on sign-out
+ *
+ * This ensures that session data is always up-to-date in storage after operations
+ * that create or invalidate sessions.
+ *
+ * @param storage - Storage implementation for persisting session data
+ * @returns A middleware function that can be used in the fetch chain
+ */
+export declare const createSessionResponseMiddleware: (storage: SessionStorageInterface) => ChainFunction;
+//# sourceMappingURL=middlewareResponseSession.d.ts.map

package/dist/src/middlewareResponseSession.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewareResponseSession.d.ts","sourceRoot":"","sources":["../../src/middlewareResponseSession.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,KAAK,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,+BAA+B,GAC1C,SAAS,uBAAuB,KAC/B,aAiEF,CAAC"}

package/dist/src/middlewareResponseSession.js

@@ -0,0 +1,83 @@
+/**
+ * @fileoverview Session response middleware for the Nhost SDK.
+ *
+ * This module provides middleware functionality to automatically extract
+ * and persist session information from authentication responses, ensuring
+ * that new sessions are properly stored after sign-in operations.
+ */
+import {} from "./auth";
+import {} from "./sessionStorage";
+import {} from "./fetch";
+/**
+ * Creates a fetch middleware that automatically extracts and stores session data from API responses.
+ *
+ * This middleware:
+ * 1. Monitors responses from authentication-related endpoints
+ * 2. Extracts session information when present
+ * 3. Stores the session in the provided storage implementation
+ * 4. Handles session removal on sign-out
+ *
+ * This ensures that session data is always up-to-date in storage after operations
+ * that create or invalidate sessions.
+ *
+ * @param storage - Storage implementation for persisting session data
+ * @returns A middleware function that can be used in the fetch chain
+ */
+export const createSessionResponseMiddleware = (storage) => {
+    /**
+     * Helper function to extract session data from various response formats
+     *
+     * @param data - Response data to extract session from
+     * @returns Session object if found, null otherwise
+     */
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const sessionExtractor = function (body) {
+        // Look for session in common response patterns
+        const session = 
+        // Pattern: { session: {...} }
+        body?.session ||
+            // Pattern: { data: { session: {...} } }
+            body?.data?.session ||
+            // Pattern: { accessToken, refreshToken, ... } where data itself is the session
+            (body?.accessToken && body?.refreshToken && body) ||
+            null;
+        return session;
+    };
+    return (next) => {
+        return async (url, options) => {
+            // Call the next middleware in the chain
+            const response = await next(url, options);
+            try {
+                // Check if this is a logout request
+                if (url.endsWith("/signout")) {
+                    // Remove session on sign-out
+                    storage.remove();
+                    return response;
+                }
+                // Check if this is an auth-related endpoint that might return session data
+                if (url.endsWith("/token") ||
+                    url.includes("/signin/") ||
+                    url.includes("/signup/")) {
+                    // Clone the response to avoid consuming it
+                    const clonedResponse = response.clone();
+                    // Parse the JSON data
+                    const body = await clonedResponse.json().catch(() => null);
+                    if (body) {
+                        // Extract session data from response using provided extractor
+                        const session = sessionExtractor(body);
+                        // If session data is found, store it
+                        if (session && session.accessToken && session.refreshToken) {
+                            storage.set(session);
+                        }
+                    }
+                }
+            }
+            catch (error) {
+                console.warn("Error in session response middleware:", error);
+            }
+            // Return the original response
+            return response;
+        };
+    };
+};
+//# sourceMappingURL=middlewareResponseSession.js.map

package/dist/src/middlewareResponseSession.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middlewareResponseSession.js","sourceRoot":"","sources":["../../src/middlewareResponseSession.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAgB,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAgC,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAsB,MAAM,SAAS,CAAC;AAE7C;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAC7C,OAAgC,EACjB,EAAE;IACjB;;;;;OAKG;IACH,8DAA8D;IAC9D,MAAM,gBAAgB,GAAG,UAAU,IAAS;QAC1C,+CAA+C;QAC/C,MAAM,OAAO;QACX,8BAA8B;QAC7B,IAAI,EAAE,OAAmB;YAC1B,wCAAwC;YACvC,IAAI,EAAE,IAAI,EAAE,OAAmB;YAChC,+EAA+E;YAC/E,CAAC,IAAI,EAAE,WAAW,IAAI,IAAI,EAAE,YAAY,IAAK,IAAgB,CAAC;YAC9D,IAAI,CAAC;QAEP,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC;IAEF,OAAO,CAAC,IAA+D,EAAE,EAAE;QACzE,OAAO,KAAK,EAAE,GAAW,EAAE,OAAqB,EAAE,EAAE;YAClD,wCAAwC;YACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YAE1C,IAAI,CAAC;gBACH,oCAAoC;gBACpC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC7B,6BAA6B;oBAC7B,OAAO,CAAC,MAAM,EAAE,CAAC;oBACjB,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAED,2EAA2E;gBAC3E,IACE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACtB,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;oBACxB,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,EACxB,CAAC;oBACD,2CAA2C;oBAC3C,MAAM,cAAc,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC;oBAExC,sBAAsB;oBACtB,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;oBAE3D,IAAI,IAAI,EAAE,CAAC;wBACT,8DAA8D;wBAC9D,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;wBAEvC,qCAAqC;wBACrC,IAAI,OAAO,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;4BAC3D,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBACvB,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC/D,CAAC;YAED,+BAA+B;YAC/B,OAAO,QAAQ,CAAC;QAClB,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/src/sessionStorage.d.ts

@@ -0,0 +1,123 @@
+/**
+ * @fileoverview Storage implementations for session persistence in different environments.
+ *
+ * This module provides different storage adapters for persisting authentication sessions
+ * across page reloads and browser sessions.
+ */
+import { type Session } from "./auth";
+/**
+ * Session storage interface for session persistence.
+ * This interface can be implemented to provide custom storage solutions.
+ */
+export interface SessionStorageInterface {
+    /**
+     * Get the current session from storage
+     * @returns The stored session or null if not found
+     */
+    get(): Session | null;
+    /**
+     * Set the session in storage
+     * @param value - The session to store
+     */
+    set(value: Session): void;
+    /**
+     * Remove the session from storage
+     */
+    remove(): void;
+}
+/**
+ * Default storage key used for storing the Nhost session
+ */
+export declare const DEFAULT_SESSION_KEY = "nhostSession";
+/**
+ * Browser localStorage implementation of StorageInterface.
+ * Persists the session across page reloads and browser restarts.
+ */
+export declare class LocalStorage implements SessionStorageInterface {
+    private readonly storageKey;
+    /**
+     * Creates a new LocalStorage instance
+     * @param storageKey - The key to use in localStorage (defaults to "nhostSession")
+     */
+    constructor(storageKey?: string);
+    /**
+     * Gets the session from localStorage
+     * @returns The stored session or null if not found
+     */
+    get(): Session | null;
+    /**
+     * Sets the session in localStorage
+     * @param value - The session to store
+     */
+    set(value: Session): void;
+    /**
+     * Removes the session from localStorage
+     */
+    remove(): void;
+}
+/**
+ * In-memory storage implementation for non-browser environments or when
+ * persistent storage is not available or desirable.
+ */
+export declare class MemoryStorage implements SessionStorageInterface {
+    private session;
+    /**
+     * Gets the session from memory
+     * @returns The stored session or null if not set
+     */
+    get(): Session | null;
+    /**
+     * Sets the session in memory
+     * @param value - The session to store
+     */
+    set(value: Session): void;
+    /**
+     * Clears the session from memory
+     */
+    remove(): void;
+}
+/**
+ * Cookie-based storage implementation.
+ * This storage uses web browser cookies to store the session so it's not
+ * available in server-side environments. It is useful though for sinchronizing
+ * sessions between client and server environments.
+ */
+export declare class CookieStorage implements SessionStorageInterface {
+    private readonly cookieName;
+    private readonly expirationDays;
+    private readonly secure;
+    private readonly sameSite;
+    /**
+     * Creates a new CookieStorage instance
+     * @param cookieName - Name of the cookie to use (defaults to "nhostSession")
+     * @param expirationDays - Number of days until the cookie expires (defaults to 30)
+     * @param secure - Whether to set the Secure flag on the cookie (defaults to true)
+     * @param sameSite - SameSite policy for the cookie (defaults to "lax")
+     */
+    constructor(cookieName?: string, expirationDays?: number, secure?: boolean, sameSite?: "strict" | "lax" | "none");
+    /**
+     * Gets the session from cookies
+     * @returns The stored session or null if not found
+     */
+    get(): Session | null;
+    /**
+     * Sets the session in a cookie
+     * @param value - The session to store
+     */
+    set(value: Session): void;
+    /**
+     * Removes the session cookie
+     */
+    remove(): void;
+}
+/**
+ * Detects the best available storage implementation for the current environment.
+ *
+ * The detection process follows this order:
+ * 1. Try to use localStorage if we're in a browser environment
+ * 2. Fall back to in-memory storage if localStorage isn't available
+ *
+ * @returns The best available storage implementation for the current environment
+ */
+export declare const detectStorage: () => SessionStorageInterface;
+//# sourceMappingURL=sessionStorage.d.ts.map

package/dist/src/sessionStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessionStorage.d.ts","sourceRoot":"","sources":["../../src/sessionStorage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,KAAK,OAAO,EAAE,MAAM,QAAQ,CAAC;AAEtC;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;OAGG;IACH,GAAG,IAAI,OAAO,GAAG,IAAI,CAAC;IAEtB;;;OAGG;IACH,GAAG,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IAE1B;;OAEG;IACH,MAAM,IAAI,IAAI,CAAC;CAChB;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,iBAAiB,CAAC;AAElD;;;GAGG;AACH,qBAAa,YAAa,YAAW,uBAAuB;IAC1D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IAEpC;;;OAGG;gBACS,UAAU,SAAsB;IAI5C;;;OAGG;IACH,GAAG,IAAI,OAAO,GAAG,IAAI;IAUrB;;;OAGG;IACH,GAAG,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI;IAIzB;;OAEG;IACH,MAAM,IAAI,IAAI;CAGf;AAED;;;GAGG;AACH,qBAAa,aAAc,YAAW,uBAAuB;IAC3D,OAAO,CAAC,OAAO,CAAwB;IAEvC;;;OAGG;IACH,GAAG,IAAI,OAAO,GAAG,IAAI;IAIrB;;;OAGG;IACH,GAAG,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI;IAIzB;;OAEG;IACH,MAAM,IAAI,IAAI;CAGf;AAED;;;;;GAKG;AACH,qBAAa,aAAc,YAAW,uBAAuB;IAC3D,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAS;IACxC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAU;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4B;IAErD;;;;;;OAMG;gBAED,UAAU,SAAsB,EAChC,cAAc,SAAK,EACnB,MAAM,UAAO,EACb,QAAQ,GAAE,QAAQ,GAAG,KAAK,GAAG,MAAc;IAQ7C;;;OAGG;IACH,GAAG,IAAI,OAAO,GAAG,IAAI;IAgBrB;;;OAGG;IACH,GAAG,CAAC,KAAK,EAAE,OAAO,GAAG,IAAI;IAYzB;;OAEG;IACH,MAAM,IAAI,IAAI;CAGf;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,aAAa,QAAO,uBAchC,CAAC"}