@oxyhq/core 3.4.11 → 3.4.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +34 -3
- package/dist/cjs/.tsbuildinfo +1 -1
- package/dist/cjs/server/auth.js +88 -0
- package/dist/cjs/server/index.js +8 -1
- package/dist/esm/.tsbuildinfo +1 -1
- package/dist/esm/server/auth.js +80 -0
- package/dist/esm/server/index.js +1 -0
- package/dist/types/.tsbuildinfo +1 -1
- package/dist/types/server/auth.d.ts +52 -0
- package/dist/types/server/index.d.ts +2 -0
- package/package.json +1 -1
- package/src/__tests__/httpServiceCsrf.test.ts +7 -7
- package/src/__tests__/userIdentity.test.ts +6 -8
- package/src/server/__tests__/auth.test.ts +78 -0
- package/src/server/auth.ts +155 -0
- package/src/server/index.ts +17 -0
package/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
OxyHQ SDK Foundation. Platform-agnostic core library that works in Node.js, browser, and React Native environments. No React dependency.
|
|
4
4
|
|
|
5
|
-
**Current published version: 3.4.
|
|
5
|
+
**Current published version: 3.4.13**
|
|
6
6
|
|
|
7
7
|
## Installation
|
|
8
8
|
|
|
@@ -22,14 +22,16 @@ bun add @oxyhq/core
|
|
|
22
22
|
- **Device management**
|
|
23
23
|
- **Linked clients** for app backends that need the active Oxy bearer token
|
|
24
24
|
- **User identity normalization** so SDK user payloads always expose `id`
|
|
25
|
+
- **Server middleware** for Express request identity and per-user rate limiting
|
|
25
26
|
|
|
26
27
|
## Exports
|
|
27
28
|
|
|
28
|
-
The package exposes
|
|
29
|
+
The package exposes two public entry points:
|
|
29
30
|
|
|
30
31
|
- `@oxyhq/core` — main entry (API client, auth, crypto, models, shared utilities, i18n, platform, device)
|
|
32
|
+
- `@oxyhq/core/server` — Express-only helpers (`createOxyRateLimit`, `createOxyAuthMiddleware`, `requireOxyAuth`, `getOxyUserId`, `getRequiredOxyUserId`, and request types)
|
|
31
33
|
|
|
32
|
-
All
|
|
34
|
+
All client/runtime symbols (including `KeyManager`, `SignatureService`, `RecoveryPhraseService`, and the shared color / theme / error / network / debug helpers) are re-exported from the package root. Server-only Express helpers live under `@oxyhq/core/server` so React Native and browser bundles never import Express.
|
|
33
35
|
|
|
34
36
|
## Usage
|
|
35
37
|
|
|
@@ -63,6 +65,35 @@ Linked clients send the current Oxy bearer token for authenticated requests.
|
|
|
63
65
|
State-changing bearer requests do not fetch app-local CSRF tokens; cookie-only
|
|
64
66
|
writes still use CSRF.
|
|
65
67
|
|
|
68
|
+
## Backend Auth Middleware
|
|
69
|
+
|
|
70
|
+
Backends should use the SDK server helpers instead of local auth request types
|
|
71
|
+
or `requireAuth` copies.
|
|
72
|
+
|
|
73
|
+
```ts
|
|
74
|
+
import { OxyServices } from '@oxyhq/core';
|
|
75
|
+
import {
|
|
76
|
+
createOxyRateLimit,
|
|
77
|
+
requireOxyAuth,
|
|
78
|
+
getRequiredOxyUserId,
|
|
79
|
+
type OxyAuthRequest,
|
|
80
|
+
} from '@oxyhq/core/server';
|
|
81
|
+
|
|
82
|
+
const oxy = new OxyServices({ baseURL: 'https://api.oxy.so' });
|
|
83
|
+
|
|
84
|
+
app.use(createOxyRateLimit(oxy, { store: redisStore }));
|
|
85
|
+
router.use(requireOxyAuth);
|
|
86
|
+
|
|
87
|
+
router.get('/me', (req: OxyAuthRequest, res) => {
|
|
88
|
+
const userId = getRequiredOxyUserId(req);
|
|
89
|
+
res.json({ userId });
|
|
90
|
+
});
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
For routers that are not mounted after `createOxyRateLimit`, use
|
|
94
|
+
`createOxyAuthMiddleware(oxy)` to resolve the bearer session and require a user
|
|
95
|
+
in one middleware.
|
|
96
|
+
|
|
66
97
|
## User Identity Normalization
|
|
67
98
|
|
|
68
99
|
`@oxyhq/core` normalizes user payloads returned by auth and user APIs so `id` is
|