@qyh213/easyauth-client 1.0.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +425 -0
- package/dist/chunk-H65ZLXQJ.mjs +495 -0
- package/dist/client-RPDHpVsj.d.mts +300 -0
- package/dist/client-RPDHpVsj.d.ts +300 -0
- package/dist/index.d.mts +31 -0
- package/dist/index.d.ts +31 -0
- package/dist/index.js +530 -0
- package/dist/index.mjs +18 -0
- package/dist/next.d.mts +106 -0
- package/dist/next.d.ts +106 -0
- package/dist/next.js +638 -0
- package/dist/next.mjs +124 -0
- package/dist/react.d.mts +68 -0
- package/dist/react.d.ts +68 -0
- package/dist/react.js +733 -0
- package/dist/react.mjs +220 -0
- package/package.json +99 -0
package/dist/next.js
ADDED
|
@@ -0,0 +1,638 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __defProp = Object.defineProperty;
|
|
3
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __export = (target, all) => {
|
|
7
|
+
for (var name in all)
|
|
8
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
|
+
};
|
|
10
|
+
var __copyProps = (to, from, except, desc) => {
|
|
11
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
12
|
+
for (let key of __getOwnPropNames(from))
|
|
13
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
14
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
15
|
+
}
|
|
16
|
+
return to;
|
|
17
|
+
};
|
|
18
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
|
+
|
|
20
|
+
// src/next.tsx
|
|
21
|
+
var next_exports = {};
|
|
22
|
+
__export(next_exports, {
|
|
23
|
+
EasyAuthClient: () => EasyAuthClient,
|
|
24
|
+
EasyAuthError: () => EasyAuthError,
|
|
25
|
+
LocalStorageTokenStorage: () => LocalStorageTokenStorage,
|
|
26
|
+
MemoryTokenStorage: () => MemoryTokenStorage,
|
|
27
|
+
ScopeError: () => ScopeError,
|
|
28
|
+
createEasyAuthMiddleware: () => createEasyAuthMiddleware,
|
|
29
|
+
validateScopes: () => validateScopes,
|
|
30
|
+
withScope: () => withScope
|
|
31
|
+
});
|
|
32
|
+
module.exports = __toCommonJS(next_exports);
|
|
33
|
+
var import_server = require("next/server");
|
|
34
|
+
|
|
35
|
+
// src/types.ts
|
|
36
|
+
var EasyAuthError = class extends Error {
|
|
37
|
+
constructor(message, code, statusCode) {
|
|
38
|
+
super(message);
|
|
39
|
+
this.code = code;
|
|
40
|
+
this.statusCode = statusCode;
|
|
41
|
+
this.name = "EasyAuthError";
|
|
42
|
+
}
|
|
43
|
+
};
|
|
44
|
+
var ScopeError = class extends EasyAuthError {
|
|
45
|
+
constructor(message, requiredScopes, providedScopes) {
|
|
46
|
+
super(message, "INSUFFICIENT_SCOPES", 403);
|
|
47
|
+
this.requiredScopes = requiredScopes;
|
|
48
|
+
this.providedScopes = providedScopes;
|
|
49
|
+
this.name = "ScopeError";
|
|
50
|
+
}
|
|
51
|
+
};
|
|
52
|
+
var _LocalStorageTokenStorage = class _LocalStorageTokenStorage {
|
|
53
|
+
getToken() {
|
|
54
|
+
if (typeof window === "undefined") return null;
|
|
55
|
+
return localStorage.getItem(_LocalStorageTokenStorage.KEY);
|
|
56
|
+
}
|
|
57
|
+
setToken(token) {
|
|
58
|
+
if (typeof window === "undefined") return;
|
|
59
|
+
localStorage.setItem(_LocalStorageTokenStorage.KEY, token);
|
|
60
|
+
}
|
|
61
|
+
removeToken() {
|
|
62
|
+
if (typeof window === "undefined") return;
|
|
63
|
+
localStorage.removeItem(_LocalStorageTokenStorage.KEY);
|
|
64
|
+
}
|
|
65
|
+
};
|
|
66
|
+
_LocalStorageTokenStorage.KEY = "easy_auth_token";
|
|
67
|
+
var LocalStorageTokenStorage = _LocalStorageTokenStorage;
|
|
68
|
+
var MemoryTokenStorage = class {
|
|
69
|
+
constructor() {
|
|
70
|
+
this.token = null;
|
|
71
|
+
}
|
|
72
|
+
getToken() {
|
|
73
|
+
return this.token;
|
|
74
|
+
}
|
|
75
|
+
setToken(token) {
|
|
76
|
+
this.token = token;
|
|
77
|
+
}
|
|
78
|
+
removeToken() {
|
|
79
|
+
this.token = null;
|
|
80
|
+
}
|
|
81
|
+
};
|
|
82
|
+
|
|
83
|
+
// src/client.ts
|
|
84
|
+
var EasyAuthClient = class {
|
|
85
|
+
constructor(config, tokenStorage) {
|
|
86
|
+
this.config = {
|
|
87
|
+
apiKey: "",
|
|
88
|
+
defaultTokenExpiry: 24,
|
|
89
|
+
...config
|
|
90
|
+
};
|
|
91
|
+
this.tokenStorage = tokenStorage || new LocalStorageTokenStorage();
|
|
92
|
+
}
|
|
93
|
+
// ============ HTTP Utilities ============
|
|
94
|
+
async request(endpoint, options = {}, requireAuth = false) {
|
|
95
|
+
const url = `${this.config.baseUrl}${endpoint}`;
|
|
96
|
+
const headers = {
|
|
97
|
+
"Content-Type": "application/json",
|
|
98
|
+
...options.headers || {}
|
|
99
|
+
};
|
|
100
|
+
if (this.config.apiKey && !requireAuth) {
|
|
101
|
+
headers["Authorization"] = `Bearer ${this.config.apiKey}`;
|
|
102
|
+
}
|
|
103
|
+
if (requireAuth) {
|
|
104
|
+
const token = this.getAccessToken();
|
|
105
|
+
if (token) {
|
|
106
|
+
headers["Authorization"] = `Bearer ${token}`;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
try {
|
|
110
|
+
const response = await fetch(url, {
|
|
111
|
+
...options,
|
|
112
|
+
headers
|
|
113
|
+
});
|
|
114
|
+
const data = await response.json();
|
|
115
|
+
if (!response.ok) {
|
|
116
|
+
if (response.status === 403 && data.required && data.provided) {
|
|
117
|
+
throw new ScopeError(
|
|
118
|
+
data.error || "Insufficient scopes",
|
|
119
|
+
data.required,
|
|
120
|
+
data.provided
|
|
121
|
+
);
|
|
122
|
+
}
|
|
123
|
+
throw new EasyAuthError(
|
|
124
|
+
data.error || `HTTP ${response.status}`,
|
|
125
|
+
data.code || "UNKNOWN_ERROR",
|
|
126
|
+
response.status
|
|
127
|
+
);
|
|
128
|
+
}
|
|
129
|
+
return data;
|
|
130
|
+
} catch (error) {
|
|
131
|
+
if (error instanceof EasyAuthError) {
|
|
132
|
+
throw error;
|
|
133
|
+
}
|
|
134
|
+
throw new EasyAuthError(
|
|
135
|
+
error instanceof Error ? error.message : "Network error",
|
|
136
|
+
"NETWORK_ERROR"
|
|
137
|
+
);
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
// ============ Configuration ============
|
|
141
|
+
/**
|
|
142
|
+
* Update the client's service configuration
|
|
143
|
+
*/
|
|
144
|
+
configure(config) {
|
|
145
|
+
this.config = { ...this.config, ...config };
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* Get current configuration (without sensitive data)
|
|
149
|
+
*/
|
|
150
|
+
getConfig() {
|
|
151
|
+
const { apiKey: _, ...rest } = this.config;
|
|
152
|
+
return rest;
|
|
153
|
+
}
|
|
154
|
+
// ============ Token Management ============
|
|
155
|
+
/**
|
|
156
|
+
* Get the stored access token
|
|
157
|
+
*/
|
|
158
|
+
getAccessToken() {
|
|
159
|
+
return this.tokenStorage.getToken();
|
|
160
|
+
}
|
|
161
|
+
/**
|
|
162
|
+
* Store an access token
|
|
163
|
+
*/
|
|
164
|
+
setAccessToken(token) {
|
|
165
|
+
this.tokenStorage.setToken(token);
|
|
166
|
+
}
|
|
167
|
+
/**
|
|
168
|
+
* Remove the stored access token (logout)
|
|
169
|
+
*/
|
|
170
|
+
clearAccessToken() {
|
|
171
|
+
this.tokenStorage.removeToken();
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Check if user is logged in
|
|
175
|
+
*/
|
|
176
|
+
isLoggedIn() {
|
|
177
|
+
return !!this.getAccessToken();
|
|
178
|
+
}
|
|
179
|
+
// ============ Scope Validation ============
|
|
180
|
+
/**
|
|
181
|
+
* Introspect a token or API key and validate required scopes
|
|
182
|
+
*/
|
|
183
|
+
async introspect(request) {
|
|
184
|
+
return this.request("/api/v1/introspect", {
|
|
185
|
+
method: "POST",
|
|
186
|
+
body: JSON.stringify(request)
|
|
187
|
+
});
|
|
188
|
+
}
|
|
189
|
+
/**
|
|
190
|
+
* Validate the current token with optional scope checking
|
|
191
|
+
*/
|
|
192
|
+
async validateWithScopes(requiredScopes) {
|
|
193
|
+
const token = this.getAccessToken();
|
|
194
|
+
if (!token) {
|
|
195
|
+
return { valid: false, error: "No token provided" };
|
|
196
|
+
}
|
|
197
|
+
if (!this.config.apiKey) {
|
|
198
|
+
return { valid: false, error: "Service API key not configured" };
|
|
199
|
+
}
|
|
200
|
+
try {
|
|
201
|
+
const serviceId = this.config.apiKey.split(".")[0];
|
|
202
|
+
const result = await this.introspect({
|
|
203
|
+
serviceId,
|
|
204
|
+
token,
|
|
205
|
+
requiredScopes
|
|
206
|
+
});
|
|
207
|
+
return {
|
|
208
|
+
valid: result.valid,
|
|
209
|
+
type: result.type === "bearer" ? "token" : "api_key",
|
|
210
|
+
scopes: result.scopes,
|
|
211
|
+
userId: result.userId,
|
|
212
|
+
email: result.email,
|
|
213
|
+
error: result.error
|
|
214
|
+
};
|
|
215
|
+
} catch (error) {
|
|
216
|
+
if (error instanceof ScopeError) {
|
|
217
|
+
return {
|
|
218
|
+
valid: false,
|
|
219
|
+
error: error.message,
|
|
220
|
+
scopes: error.providedScopes
|
|
221
|
+
};
|
|
222
|
+
}
|
|
223
|
+
if (error instanceof EasyAuthError && error.statusCode === 401) {
|
|
224
|
+
return { valid: false, error: "Invalid or expired token" };
|
|
225
|
+
}
|
|
226
|
+
throw error;
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
/**
|
|
230
|
+
* Check if the current user has all the required scopes
|
|
231
|
+
* Throws ScopeError if scopes are insufficient
|
|
232
|
+
*/
|
|
233
|
+
async requireScopes(...requiredScopes) {
|
|
234
|
+
const result = await this.validateWithScopes(requiredScopes);
|
|
235
|
+
if (!result.valid) {
|
|
236
|
+
throw new EasyAuthError(
|
|
237
|
+
result.error || "Authentication required",
|
|
238
|
+
"UNAUTHORIZED",
|
|
239
|
+
401
|
|
240
|
+
);
|
|
241
|
+
}
|
|
242
|
+
const hasScopes = requiredScopes.every(
|
|
243
|
+
(scope) => result.scopes?.includes(scope)
|
|
244
|
+
);
|
|
245
|
+
if (!hasScopes) {
|
|
246
|
+
throw new ScopeError(
|
|
247
|
+
`Required scopes: ${requiredScopes.join(", ")}`,
|
|
248
|
+
requiredScopes,
|
|
249
|
+
result.scopes || []
|
|
250
|
+
);
|
|
251
|
+
}
|
|
252
|
+
return result;
|
|
253
|
+
}
|
|
254
|
+
/**
|
|
255
|
+
* Execute a function only if the user has the required scopes
|
|
256
|
+
*/
|
|
257
|
+
async withScope(scopes, fn) {
|
|
258
|
+
await this.requireScopes(...scopes);
|
|
259
|
+
return fn();
|
|
260
|
+
}
|
|
261
|
+
// ============ Authentication ============
|
|
262
|
+
/**
|
|
263
|
+
* Login a user and store the access token
|
|
264
|
+
*/
|
|
265
|
+
async login(credentials) {
|
|
266
|
+
if (!this.config.apiKey) {
|
|
267
|
+
throw new EasyAuthError(
|
|
268
|
+
"API key required for login. Configure the client first.",
|
|
269
|
+
"MISSING_API_KEY"
|
|
270
|
+
);
|
|
271
|
+
}
|
|
272
|
+
const response = await this.request("/api/v1/auth/login", {
|
|
273
|
+
method: "POST",
|
|
274
|
+
body: JSON.stringify({
|
|
275
|
+
email: credentials.email,
|
|
276
|
+
password: credentials.password,
|
|
277
|
+
expires_in_hours: credentials.expiresInHours || this.config.defaultTokenExpiry,
|
|
278
|
+
scopes: credentials.scopes
|
|
279
|
+
})
|
|
280
|
+
});
|
|
281
|
+
const token = {
|
|
282
|
+
accessToken: response.access_token,
|
|
283
|
+
tokenType: response.token_type,
|
|
284
|
+
expiresIn: response.expires_in,
|
|
285
|
+
expiresAt: response.expires_at,
|
|
286
|
+
userId: response.user_id,
|
|
287
|
+
email: response.email,
|
|
288
|
+
scopes: response.scopes
|
|
289
|
+
};
|
|
290
|
+
this.setAccessToken(token.accessToken);
|
|
291
|
+
return token;
|
|
292
|
+
}
|
|
293
|
+
/**
|
|
294
|
+
* Logout the current user
|
|
295
|
+
*/
|
|
296
|
+
async logout() {
|
|
297
|
+
const token = this.getAccessToken();
|
|
298
|
+
if (token) {
|
|
299
|
+
try {
|
|
300
|
+
await this.request("/api/v1/auth/logout", {
|
|
301
|
+
method: "POST"
|
|
302
|
+
});
|
|
303
|
+
} catch (error) {
|
|
304
|
+
}
|
|
305
|
+
}
|
|
306
|
+
this.clearAccessToken();
|
|
307
|
+
}
|
|
308
|
+
/**
|
|
309
|
+
* Validate the current token or an API key
|
|
310
|
+
* @deprecated Use validateWithScopes instead
|
|
311
|
+
*/
|
|
312
|
+
async validate(_credential) {
|
|
313
|
+
return this.validateWithScopes();
|
|
314
|
+
}
|
|
315
|
+
/**
|
|
316
|
+
* Refresh the current token
|
|
317
|
+
*/
|
|
318
|
+
async refreshToken() {
|
|
319
|
+
const response = await this.request("/api/v1/auth/refresh", {
|
|
320
|
+
method: "POST"
|
|
321
|
+
}, true);
|
|
322
|
+
const token = {
|
|
323
|
+
accessToken: response.access_token,
|
|
324
|
+
tokenType: response.token_type,
|
|
325
|
+
expiresIn: response.expires_in,
|
|
326
|
+
expiresAt: response.expires_at,
|
|
327
|
+
userId: "",
|
|
328
|
+
// Refresh doesn't return user info
|
|
329
|
+
email: ""
|
|
330
|
+
};
|
|
331
|
+
this.setAccessToken(token.accessToken);
|
|
332
|
+
return token;
|
|
333
|
+
}
|
|
334
|
+
// ============ User Management ============
|
|
335
|
+
/**
|
|
336
|
+
* Create a new user (requires admin API key)
|
|
337
|
+
*/
|
|
338
|
+
async createUser(request) {
|
|
339
|
+
const response = await this.request("/api/v1/users/create", {
|
|
340
|
+
method: "POST",
|
|
341
|
+
body: JSON.stringify(request)
|
|
342
|
+
});
|
|
343
|
+
return {
|
|
344
|
+
userId: response.user_id,
|
|
345
|
+
email: response.email,
|
|
346
|
+
createdAt: response.created_at
|
|
347
|
+
};
|
|
348
|
+
}
|
|
349
|
+
/**
|
|
350
|
+
* List all users for the service
|
|
351
|
+
*/
|
|
352
|
+
async listUsers() {
|
|
353
|
+
const response = await this.request("/api/v1/users/list");
|
|
354
|
+
return response.users;
|
|
355
|
+
}
|
|
356
|
+
/**
|
|
357
|
+
* Delete a user
|
|
358
|
+
*/
|
|
359
|
+
async deleteUser(userId) {
|
|
360
|
+
await this.request("/api/v1/users/delete", {
|
|
361
|
+
method: "POST",
|
|
362
|
+
body: JSON.stringify({ user_id: userId })
|
|
363
|
+
});
|
|
364
|
+
}
|
|
365
|
+
/**
|
|
366
|
+
* Update user password
|
|
367
|
+
*/
|
|
368
|
+
async updatePassword(userId, oldPassword, newPassword) {
|
|
369
|
+
await this.request("/api/v1/users/password", {
|
|
370
|
+
method: "POST",
|
|
371
|
+
body: JSON.stringify({
|
|
372
|
+
user_id: userId,
|
|
373
|
+
old_password: oldPassword,
|
|
374
|
+
new_password: newPassword
|
|
375
|
+
})
|
|
376
|
+
});
|
|
377
|
+
}
|
|
378
|
+
// ============ Scope Management ============
|
|
379
|
+
/**
|
|
380
|
+
* List custom scopes for the service
|
|
381
|
+
*/
|
|
382
|
+
async listScopes() {
|
|
383
|
+
const response = await this.request("/api/v1/scopes/list");
|
|
384
|
+
return response.scopes;
|
|
385
|
+
}
|
|
386
|
+
/**
|
|
387
|
+
* Create a custom scope
|
|
388
|
+
*/
|
|
389
|
+
async createScope(request) {
|
|
390
|
+
const response = await this.request("/api/v1/scopes/create", {
|
|
391
|
+
method: "POST",
|
|
392
|
+
body: JSON.stringify(request)
|
|
393
|
+
});
|
|
394
|
+
return {
|
|
395
|
+
scopeId: response.scope_id,
|
|
396
|
+
name: response.name,
|
|
397
|
+
key: response.key,
|
|
398
|
+
description: response.description,
|
|
399
|
+
createdAt: response.created_at
|
|
400
|
+
};
|
|
401
|
+
}
|
|
402
|
+
/**
|
|
403
|
+
* Delete a custom scope
|
|
404
|
+
*/
|
|
405
|
+
async deleteScope(scopeId) {
|
|
406
|
+
await this.request("/api/v1/scopes/delete", {
|
|
407
|
+
method: "POST",
|
|
408
|
+
body: JSON.stringify({ scope_id: scopeId })
|
|
409
|
+
});
|
|
410
|
+
}
|
|
411
|
+
// ============ API Key Management ============
|
|
412
|
+
/**
|
|
413
|
+
* List all API keys for the service
|
|
414
|
+
*/
|
|
415
|
+
async listApiKeys() {
|
|
416
|
+
const response = await this.request("/api/v1/keys/list");
|
|
417
|
+
return response.apiKeys;
|
|
418
|
+
}
|
|
419
|
+
/**
|
|
420
|
+
* Create a new API key with optional custom scopes
|
|
421
|
+
*/
|
|
422
|
+
async createApiKey(request) {
|
|
423
|
+
const response = await this.request("/api/v1/keys/create", {
|
|
424
|
+
method: "POST",
|
|
425
|
+
body: JSON.stringify({
|
|
426
|
+
name: request.name,
|
|
427
|
+
scope: request.scope || "service",
|
|
428
|
+
scopes: request.scopes,
|
|
429
|
+
key_type: request.keyType || "service",
|
|
430
|
+
tps_limit: request.tpsLimit || 100
|
|
431
|
+
})
|
|
432
|
+
});
|
|
433
|
+
return {
|
|
434
|
+
keyId: response.key_id,
|
|
435
|
+
apiKey: response.api_key,
|
|
436
|
+
name: response.name,
|
|
437
|
+
scope: response.scope,
|
|
438
|
+
scopes: response.scopes
|
|
439
|
+
};
|
|
440
|
+
}
|
|
441
|
+
/**
|
|
442
|
+
* Revoke an API key
|
|
443
|
+
*/
|
|
444
|
+
async revokeApiKey(keyId) {
|
|
445
|
+
await this.request("/api/v1/keys/revoke", {
|
|
446
|
+
method: "POST",
|
|
447
|
+
body: JSON.stringify({ key_id: keyId })
|
|
448
|
+
});
|
|
449
|
+
}
|
|
450
|
+
// ============ Service Management ============
|
|
451
|
+
/**
|
|
452
|
+
* Onboard a new service (requires master admin key)
|
|
453
|
+
*/
|
|
454
|
+
async onboardService(request, masterAdminKey) {
|
|
455
|
+
const response = await this.request("/api/v1/services/onboard", {
|
|
456
|
+
method: "POST",
|
|
457
|
+
headers: {
|
|
458
|
+
"x-onboarding-admin-key": masterAdminKey
|
|
459
|
+
},
|
|
460
|
+
body: JSON.stringify({
|
|
461
|
+
service_name: request.serviceName,
|
|
462
|
+
owner_email: request.ownerEmail
|
|
463
|
+
})
|
|
464
|
+
});
|
|
465
|
+
return {
|
|
466
|
+
serviceId: response.service_id,
|
|
467
|
+
serviceName: response.service_name,
|
|
468
|
+
ownerEmail: response.owner_email,
|
|
469
|
+
adminKeyId: response.admin_key_id,
|
|
470
|
+
serviceAdminApiKey: response.service_admin_api_key,
|
|
471
|
+
createdAt: response.created_at
|
|
472
|
+
};
|
|
473
|
+
}
|
|
474
|
+
/**
|
|
475
|
+
* Delete a service (requires master admin key)
|
|
476
|
+
*/
|
|
477
|
+
async deleteService(serviceId, masterAdminKey) {
|
|
478
|
+
await this.request("/api/v1/services/deboard", {
|
|
479
|
+
method: "POST",
|
|
480
|
+
headers: {
|
|
481
|
+
"x-onboarding-admin-key": masterAdminKey
|
|
482
|
+
},
|
|
483
|
+
body: JSON.stringify({ service_id: serviceId })
|
|
484
|
+
});
|
|
485
|
+
}
|
|
486
|
+
// ============ Webhook Management ============
|
|
487
|
+
/**
|
|
488
|
+
* List webhooks
|
|
489
|
+
*/
|
|
490
|
+
async listWebhooks() {
|
|
491
|
+
const response = await this.request(
|
|
492
|
+
"/api/v1/webhooks/list"
|
|
493
|
+
);
|
|
494
|
+
return response.webhooks;
|
|
495
|
+
}
|
|
496
|
+
/**
|
|
497
|
+
* Register a webhook
|
|
498
|
+
*/
|
|
499
|
+
async registerWebhook(request) {
|
|
500
|
+
const response = await this.request("/api/v1/webhooks/register", {
|
|
501
|
+
method: "POST",
|
|
502
|
+
body: JSON.stringify(request)
|
|
503
|
+
});
|
|
504
|
+
return {
|
|
505
|
+
webhookId: response.webhook_id,
|
|
506
|
+
url: response.url,
|
|
507
|
+
events: response.events,
|
|
508
|
+
active: response.active,
|
|
509
|
+
createdAt: response.created_at
|
|
510
|
+
};
|
|
511
|
+
}
|
|
512
|
+
/**
|
|
513
|
+
* Delete a webhook
|
|
514
|
+
*/
|
|
515
|
+
async deleteWebhook(webhookId) {
|
|
516
|
+
await this.request("/api/v1/webhooks/delete", {
|
|
517
|
+
method: "POST",
|
|
518
|
+
body: JSON.stringify({ webhook_id: webhookId })
|
|
519
|
+
});
|
|
520
|
+
}
|
|
521
|
+
};
|
|
522
|
+
|
|
523
|
+
// src/next.tsx
|
|
524
|
+
var import_jsx_runtime = require("react/jsx-runtime");
|
|
525
|
+
function createEasyAuthMiddleware(options) {
|
|
526
|
+
return async function middleware(request) {
|
|
527
|
+
const {
|
|
528
|
+
baseUrl,
|
|
529
|
+
apiKey,
|
|
530
|
+
protectedPaths = [],
|
|
531
|
+
scopedPaths = {},
|
|
532
|
+
publicPaths = [],
|
|
533
|
+
loginPath = "/login",
|
|
534
|
+
forbiddenPath = "/forbidden"
|
|
535
|
+
} = options;
|
|
536
|
+
const pathname = request.nextUrl.pathname;
|
|
537
|
+
if (publicPaths.some((p) => pathname.startsWith(p))) {
|
|
538
|
+
return import_server.NextResponse.next();
|
|
539
|
+
}
|
|
540
|
+
const token = request.cookies.get("easy_auth_token")?.value || request.headers.get("Authorization")?.replace("Bearer ", "");
|
|
541
|
+
if (!token) {
|
|
542
|
+
if (protectedPaths.some((p) => pathname.startsWith(p))) {
|
|
543
|
+
return import_server.NextResponse.redirect(new URL(loginPath, request.url));
|
|
544
|
+
}
|
|
545
|
+
if (Object.keys(scopedPaths).some((p) => pathname.startsWith(p))) {
|
|
546
|
+
return import_server.NextResponse.redirect(new URL(loginPath, request.url));
|
|
547
|
+
}
|
|
548
|
+
return import_server.NextResponse.next();
|
|
549
|
+
}
|
|
550
|
+
const client = new EasyAuthClient({ baseUrl, apiKey });
|
|
551
|
+
const serviceId = apiKey.split(".")[0];
|
|
552
|
+
try {
|
|
553
|
+
const introspectResult = await client.introspect({
|
|
554
|
+
serviceId,
|
|
555
|
+
token
|
|
556
|
+
});
|
|
557
|
+
if (!introspectResult.valid) {
|
|
558
|
+
if (protectedPaths.some((p) => pathname.startsWith(p)) || Object.keys(scopedPaths).some((p) => pathname.startsWith(p))) {
|
|
559
|
+
return import_server.NextResponse.redirect(new URL(loginPath, request.url));
|
|
560
|
+
}
|
|
561
|
+
return import_server.NextResponse.next();
|
|
562
|
+
}
|
|
563
|
+
for (const [pathPattern, requiredScopes] of Object.entries(scopedPaths)) {
|
|
564
|
+
if (pathname.startsWith(pathPattern)) {
|
|
565
|
+
const hasScopes = requiredScopes.every(
|
|
566
|
+
(scope) => introspectResult.scopes?.includes(scope)
|
|
567
|
+
);
|
|
568
|
+
if (!hasScopes) {
|
|
569
|
+
return import_server.NextResponse.redirect(new URL(forbiddenPath, request.url));
|
|
570
|
+
}
|
|
571
|
+
}
|
|
572
|
+
}
|
|
573
|
+
const requestHeaders = new Headers(request.headers);
|
|
574
|
+
requestHeaders.set("x-user-id", introspectResult.userId || "");
|
|
575
|
+
requestHeaders.set("x-user-email", introspectResult.email || "");
|
|
576
|
+
requestHeaders.set("x-user-scopes", JSON.stringify(introspectResult.scopes || []));
|
|
577
|
+
return import_server.NextResponse.next({
|
|
578
|
+
request: {
|
|
579
|
+
headers: requestHeaders
|
|
580
|
+
}
|
|
581
|
+
});
|
|
582
|
+
} catch (error) {
|
|
583
|
+
console.error("Auth middleware error:", error);
|
|
584
|
+
if (protectedPaths.some((p) => pathname.startsWith(p)) || Object.keys(scopedPaths).some((p) => pathname.startsWith(p))) {
|
|
585
|
+
return import_server.NextResponse.redirect(new URL(loginPath, request.url));
|
|
586
|
+
}
|
|
587
|
+
return import_server.NextResponse.next();
|
|
588
|
+
}
|
|
589
|
+
};
|
|
590
|
+
}
|
|
591
|
+
function withScope(Component, _requiredScopes, _config) {
|
|
592
|
+
return function WithScopeWrapper(props) {
|
|
593
|
+
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(Component, { ...props });
|
|
594
|
+
};
|
|
595
|
+
}
|
|
596
|
+
async function validateScopes(request, options) {
|
|
597
|
+
const { baseUrl, apiKey, requiredScopes } = options;
|
|
598
|
+
const authHeader = request.headers.get("Authorization");
|
|
599
|
+
const token = authHeader?.replace("Bearer ", "");
|
|
600
|
+
if (!token) {
|
|
601
|
+
return { valid: false, error: "No token provided", status: 401 };
|
|
602
|
+
}
|
|
603
|
+
const client = new EasyAuthClient({ baseUrl, apiKey });
|
|
604
|
+
const serviceId = apiKey.split(".")[0];
|
|
605
|
+
try {
|
|
606
|
+
const result = await client.introspect({
|
|
607
|
+
serviceId,
|
|
608
|
+
token,
|
|
609
|
+
requiredScopes
|
|
610
|
+
});
|
|
611
|
+
if (!result.valid) {
|
|
612
|
+
return {
|
|
613
|
+
valid: false,
|
|
614
|
+
error: result.error || "Invalid token",
|
|
615
|
+
status: result.error?.includes("scope") ? 403 : 401
|
|
616
|
+
};
|
|
617
|
+
}
|
|
618
|
+
return {
|
|
619
|
+
valid: true,
|
|
620
|
+
userId: result.userId,
|
|
621
|
+
email: result.email,
|
|
622
|
+
scopes: result.scopes
|
|
623
|
+
};
|
|
624
|
+
} catch (error) {
|
|
625
|
+
return { valid: false, error: "Validation failed", status: 500 };
|
|
626
|
+
}
|
|
627
|
+
}
|
|
628
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
629
|
+
0 && (module.exports = {
|
|
630
|
+
EasyAuthClient,
|
|
631
|
+
EasyAuthError,
|
|
632
|
+
LocalStorageTokenStorage,
|
|
633
|
+
MemoryTokenStorage,
|
|
634
|
+
ScopeError,
|
|
635
|
+
createEasyAuthMiddleware,
|
|
636
|
+
validateScopes,
|
|
637
|
+
withScope
|
|
638
|
+
});
|