@progalaxyelabs/ngx-stonescriptphp-client 1.23.5 → 1.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/fesm2022/progalaxyelabs-ngx-stonescriptphp-client.mjs +68 -8
  2. package/fesm2022/progalaxyelabs-ngx-stonescriptphp-client.mjs.map +1 -1
  3. package/index.d.ts +14 -0
  4. package/package.json +1 -1
package/fesm2022/progalaxyelabs-ngx-stonescriptphp-client.mjs CHANGED
@@ -175,6 +175,10 @@ class StoneScriptPHPAuth {
175
175
  else if (raw.id) {
176
176
  user.user_id = this.hashUUID(raw.id);
177
177
  }
178
+ // Populate role from raw data if available
179
+ if (raw.role) {
180
+ user.role = raw.role;
181
+ }
178
182
  return user;
179
183
  }
180
184
  hashUUID(uuid) {
@@ -722,7 +726,7 @@ class ProgalaxyElabsAuth {
722
726
  success: true,
723
727
  accessToken: data.access_token,
724
728
  refreshToken: data.refresh_token,
725
- user: this.toUser(data.identity),
729
+ user: this.toUser(data.identity, data.membership?.role),
726
730
  membership: this.toMembership(data.membership),
727
731
  };
728
732
  }
@@ -971,20 +975,25 @@ class ProgalaxyElabsAuth {
971
975
  success: true,
972
976
  accessToken: data.access_token,
973
977
  refreshToken: data.refresh_token,
974
- user: this.toUser(data.identity),
978
+ user: this.toUser(data.identity, data.membership?.role),
975
979
  membership: this.toMembership(data.membership),
976
980
  };
977
981
  }
978
- toUser(raw) {
982
+ toUser(raw, role) {
979
983
  if (!raw)
980
984
  return undefined;
981
- return {
985
+ const user = {
982
986
  email: raw.email ?? '',
983
987
  phone: raw.phone,
984
988
  display_name: raw.display_name ?? raw.email?.split('@')[0] ?? '',
985
989
  photo_url: raw.photo_url ?? raw.picture,
986
990
  is_email_verified: raw.is_email_verified ?? false
987
991
  };
992
+ // Populate role: prefer explicit param, then raw.role, then raw.membership?.role
993
+ const resolvedRole = role ?? raw.role ?? raw.membership?.role;
994
+ if (resolvedRole)
995
+ user.role = resolvedRole;
996
+ return user;
988
997
  }
989
998
  toMembership(raw) {
990
999
  return {
@@ -1108,6 +1117,31 @@ class TokenService {
1108
1117
  const token = this.getAccessToken();
1109
1118
  return token !== null && token !== '';
1110
1119
  }
1120
+ /**
1121
+ * Decode the payload of a JWT without verifying the signature.
1122
+ * Returns the parsed claims object, or null if the token is invalid/missing.
1123
+ *
1124
+ * Usage: const claims = tokenService.decodeJwtPayload(token);
1125
+ * const role = claims?.role;
1126
+ */
1127
+ decodeJwtPayload(token) {
1128
+ const jwt = token ?? this.getAccessToken();
1129
+ if (!jwt)
1130
+ return null;
1131
+ try {
1132
+ const parts = jwt.split('.');
1133
+ if (parts.length !== 3)
1134
+ return null;
1135
+ // Base64url → Base64 → JSON
1136
+ const base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
1137
+ const padded = base64 + '='.repeat((4 - (base64.length % 4)) % 4);
1138
+ const json = atob(padded);
1139
+ return JSON.parse(json);
1140
+ }
1141
+ catch {
1142
+ return null;
1143
+ }
1144
+ }
1111
1145
  static ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: TokenService, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
1112
1146
  static ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: TokenService, providedIn: 'root' });
1113
1147
  }
@@ -1213,10 +1247,28 @@ class AuthService {
1213
1247
  this.tokens.setAccessToken(result.accessToken);
1214
1248
  if (result.refreshToken)
1215
1249
  this.tokens.setRefreshToken(result.refreshToken);
1216
- if (result.user)
1217
- this.updateUser(result.user);
1250
+ if (result.user) {
1251
+ // Enrich user with role from JWT claims if not already set
1252
+ const user = result.user.role
1253
+ ? result.user
1254
+ : this.enrichUserWithJwtRole(result.user, result.accessToken);
1255
+ this.updateUser(user);
1256
+ }
1218
1257
  this.signinStatus.setSigninStatus(true);
1219
1258
  }
1259
+ /**
1260
+ * Decode the access token and attach the `role` claim to the user object.
1261
+ * Falls back to role from the membership field in the AuthResult if no JWT role found.
1262
+ */
1263
+ enrichUserWithJwtRole(user, accessToken) {
1264
+ if (accessToken) {
1265
+ const claims = this.tokens.decodeJwtPayload(accessToken);
1266
+ if (claims?.role) {
1267
+ return { ...user, role: claims.role };
1268
+ }
1269
+ }
1270
+ return user;
1271
+ }
1220
1272
  // ── Core auth operations ──────────────────────────────────────────────────
1221
1273
  async loginWithEmail(email, password) {
1222
1274
  const result = await this.plugin.login(email, password);
@@ -1269,14 +1321,22 @@ class AuthService {
1269
1321
  }
1270
1322
  async checkSession(serverName) {
1271
1323
  if (this.tokens.hasValidAccessToken()) {
1324
+ // If we already have a stored user, update their role from the current JWT
1325
+ const storedUser = this.getCurrentUser();
1326
+ if (storedUser && !storedUser.role) {
1327
+ const enriched = this.enrichUserWithJwtRole(storedUser);
1328
+ if (enriched.role)
1329
+ this.updateUser(enriched);
1330
+ }
1272
1331
  this.signinStatus.setSigninStatus(true);
1273
1332
  return true;
1274
1333
  }
1275
1334
  const result = await this.plugin.checkSession();
1276
1335
  if (result.success && result.accessToken) {
1277
1336
  this.tokens.setAccessToken(result.accessToken);
1278
- if (result.user)
1279
- this.updateUser(result.user);
1337
+ if (result.user) {
1338
+ this.updateUser(this.enrichUserWithJwtRole(result.user, result.accessToken));
1339
+ }
1280
1340
  this.signinStatus.setSigninStatus(true);
1281
1341
  return true;
1282
1342
  }