@orsetra/shared-auth 1.0.0 → 1.0.2

package/SessionProvider.tsx

@@ -0,0 +1,86 @@
+"use client"
+
+import { createContext, useContext, useEffect, useState, ReactNode } from "react"
+
+interface SessionUser {
+  access_token: string
+  id_token?: string
+  expires_at?: number
+  profile: {
+    sub: string
+    email?: string
+    name?: string
+    preferred_username?: string
+    [key: string]: any
+  }
+}
+
+interface SessionContextType {
+  user: SessionUser | null
+  accessToken: string | null
+  isLoading: boolean
+  isAuthenticated: boolean
+}
+
+const SessionContext = createContext<SessionContextType | undefined>(undefined)
+
+interface SessionProviderProps {
+  children: ReactNode
+}
+
+/**
+ * Provider de session pour les micro-apps
+ * À utiliser après validation par le middleware
+ * Lit directement depuis localStorage (pas de configuration requise)
+ */
+export function SessionProvider({ children }: SessionProviderProps) {
+  const [user, setUser] = useState<SessionUser | null>(null)
+  const [isLoading, setIsLoading] = useState(true)
+
+  useEffect(() => {
+    const authority = process.env.NEXT_PUBLIC_ZITADEL_AUTHORITY
+    const clientId = process.env.NEXT_PUBLIC_ZITADEL_CLIENT_ID
+    const storageKey = `oidc.user:${authority}:${clientId}`
+    
+    try {
+      const userDataString = localStorage.getItem(storageKey)
+      
+      if (userDataString) {
+        const userData = JSON.parse(userDataString) as SessionUser
+        const isExpired = userData.expires_at && userData.expires_at * 1000 < Date.now()
+        
+        if (!isExpired && userData.access_token) {
+          setUser(userData)
+        }
+      }
+    } catch (error) {
+      console.error('Error reading session:', error)
+    } finally {
+      setIsLoading(false)
+    }
+  }, [])
+
+  const value: SessionContextType = {
+    user,
+    accessToken: user?.access_token ?? null,
+    isLoading,
+    isAuthenticated: !!user,
+  }
+
+  return (
+    <SessionContext.Provider value={value}>
+      {children}
+    </SessionContext.Provider>
+  )
+}
+
+/**
+ * Hook pour accéder au contexte de session dans les micro-apps
+ */
+export function useSession(): SessionContextType {
+  const context = useContext(SessionContext)
+  if (context === undefined) {
+    throw new Error("useSession must be used within a SessionProvider")
+  }
+  return context
+}

package/hooks/useSession.ts

@@ -0,0 +1,72 @@
+"use client"
+
+import { useEffect, useState } from 'react'
+
+interface SessionUser {
+  access_token: string
+  id_token?: string
+  expires_at?: number
+  profile: {
+    sub: string
+    email?: string
+    name?: string
+    preferred_username?: string
+    [key: string]: any
+  }
+}
+
+interface SessionState {
+  user: SessionUser | null
+  isLoading: boolean
+  isAuthenticated: boolean
+  accessToken: string | null
+}
+
+/**
+ * Hook pour récupérer la session utilisateur dans les micro-apps
+ * Lit depuis localStorage (partagé via même domaine)
+ */
+export function useSession(): SessionState {
+  const [state, setState] = useState<SessionState>({
+    user: null,
+    isLoading: true,
+    isAuthenticated: false,
+    accessToken: null,
+  })
+
+  useEffect(() => {
+    const authority = process.env.NEXT_PUBLIC_ZITADEL_AUTHORITY
+    const clientId = process.env.NEXT_PUBLIC_ZITADEL_CLIENT_ID
+    const storageKey = `oidc.user:${authority}:${clientId}`
+    
+    try {
+      const userDataString = localStorage.getItem(storageKey)
+      
+      if (userDataString) {
+        const userData = JSON.parse(userDataString) as SessionUser
+        const isExpired = userData.expires_at && userData.expires_at * 1000 < Date.now()
+        
+        if (!isExpired) {
+          setState({
+            user: userData,
+            isLoading: false,
+            isAuthenticated: true,
+            accessToken: userData.access_token,
+          })
+          return
+        }
+      }
+    } catch (error) {
+      console.error('Error reading session:', error)
+    }
+
+    setState({
+      user: null,
+      isLoading: false,
+      isAuthenticated: false,
+      accessToken: null,
+    })
+  }, [])
+
+  return state
+}

package/index.ts

@@ -1,7 +1,11 @@
-// Auth exports
+// Auth exports - Main app
 export { ZitadelProvider, useZitadel } from './ZitadelProvider'
 export { ProtectedRoute } from './ProtectedRoute'
 export { ZitadelAuthService } from './services/zitadel.auth.service'
 export { createAuthConfig } from './config/zitadel.config'
 export type { ZitadelConfig } from './config/zitadel.config'
+
+// Auth exports - Micro-apps
+export { SessionProvider, useSession } from './SessionProvider'
+
 export * from './utils'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@orsetra/shared-auth",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Shared authentication utilities for Orsetra platform using Zitadel",
   "main": "./index.ts",
   "types": "./index.ts",
@@ -9,15 +9,17 @@
     "./config": "./config/zitadel.config.ts",
     "./services": "./services/zitadel.auth.service.ts",
     "./components": "./components/index.ts",
-    "./utils": "./utils/redirect-utils.ts"
+    "./utils": "./utils/index.ts"
   },
   "files": [
     "index.ts",
     "ZitadelProvider.tsx",
+    "SessionProvider.tsx",
     "ProtectedRoute.tsx",
     "config",
     "services",
     "components",
+    "hooks",
     "utils",
     "README.md"
   ],

package/services/zitadel.auth.service.ts

@@ -51,6 +51,7 @@ export class ZitadelAuthService {
 
   static async signOut() {
     try {
+      document.cookie = 'auth_session=; path=/; max-age=0';
       await this.getAuth().signout();
     } catch (error) {
       throw this.handleAuthError(error);
@@ -68,7 +69,15 @@ export class ZitadelAuthService {
 
   static async handleCallback(): Promise<User> {
     try {
-      return await this.getAuth().userManager.signinRedirectCallback();
+      const user = await this.getAuth().userManager.signinRedirectCallback();
+      if (user?.access_token) {
+        const maxAge = user.expires_at 
+          ? user.expires_at - Math.floor(Date.now() / 1000)
+          : 3600;
+        document.cookie = `auth_session=1; path=/; max-age=${maxAge}; SameSite=Lax`;
+      }
+      
+      return user;
     } catch (error) {
       throw this.handleAuthError(error);
     }

package/utils/index.ts

@@ -1,2 +1,2 @@
 export * from './token-validator'
-export * from '../redirect-utils'
+export * from './redirect-utils'

package/utils/redirect-utils.ts

@@ -0,0 +1,45 @@
+/**
+ * Utilitaires pour gérer les redirections après authentification
+ */
+
+const REDIRECT_KEY = 'zitadel_redirect_url'
+
+/**
+ * Sauvegarde l'URL actuelle pour redirection après authentification
+ */
+export function saveRedirectUrl(url?: string): void {
+  if (typeof window === 'undefined') return
+  
+  const urlToSave = url || window.location.pathname + window.location.search
+  sessionStorage.setItem(REDIRECT_KEY, urlToSave)
+}
+
+/**
+ * Récupère et supprime l'URL de redirection sauvegardée
+ * @param fallback URL par défaut si aucune redirection n'est sauvegardée
+ * @returns L'URL de redirection
+ */
+export function getAndClearRedirectUrl(fallback: string = ''): string {
+  if (typeof window === 'undefined') return fallback
+  
+  const redirectUrl = sessionStorage.getItem(REDIRECT_KEY)
+  sessionStorage.removeItem(REDIRECT_KEY)
+  
+  return redirectUrl || fallback
+}
+
+/**
+ * Vérifie si une URL de redirection est sauvegardée
+ */
+export function hasRedirectUrl(): boolean {
+  if (typeof window === 'undefined') return false
+  return sessionStorage.getItem(REDIRECT_KEY) !== null
+}
+
+/**
+ * Nettoie l'URL de redirection sauvegardée
+ */
+export function clearRedirectUrl(): void {
+  if (typeof window === 'undefined') return
+  sessionStorage.removeItem(REDIRECT_KEY)
+}