@rajeev02/auth 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.d.ts +15 -0
- package/lib/index.d.ts.map +1 -0
- package/lib/index.js +19 -0
- package/lib/index.js.map +1 -0
- package/lib/otp/index.d.ts +52 -0
- package/lib/otp/index.d.ts.map +1 -0
- package/lib/otp/index.js +117 -0
- package/lib/otp/index.js.map +1 -0
- package/lib/providers/index.d.ts +57 -0
- package/lib/providers/index.d.ts.map +1 -0
- package/lib/providers/index.js +65 -0
- package/lib/providers/index.js.map +1 -0
- package/lib/session/index.d.ts +39 -0
- package/lib/session/index.d.ts.map +1 -0
- package/lib/session/index.js +147 -0
- package/lib/session/index.js.map +1 -0
- package/package.json +51 -0
- package/src/index.ts +24 -0
- package/src/otp/index.ts +162 -0
- package/src/providers/index.ts +133 -0
- package/src/session/index.ts +170 -0
package/lib/index.d.ts
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @rajeev02/auth
|
|
3
|
+
* Universal Auth & Identity SDK
|
|
4
|
+
* OTP, biometric, Aadhaar/DigiLocker, session management, social login
|
|
5
|
+
*
|
|
6
|
+
* @author Rajeev Kumar Joshi
|
|
7
|
+
* @license MIT
|
|
8
|
+
*/
|
|
9
|
+
export { SessionManager } from "./session";
|
|
10
|
+
export type { TokenPair, SessionConfig, AuthState } from "./session";
|
|
11
|
+
export { OtpManager } from "./otp";
|
|
12
|
+
export type { OtpConfig, OtpState } from "./otp";
|
|
13
|
+
export { AuthProviderRegistry, getIndianAuthProviders } from "./providers";
|
|
14
|
+
export type { ProviderType, AuthProvider, ProviderResult, UserProfile, AadhaarConfig, DigiLockerConfig, AadhaarStep, } from "./providers";
|
|
15
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAErE,OAAO,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC;AACnC,YAAY,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAEjD,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAC3E,YAAY,EACV,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,WAAW,GACZ,MAAM,aAAa,CAAC"}
|
package/lib/index.js
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getIndianAuthProviders = exports.AuthProviderRegistry = exports.OtpManager = exports.SessionManager = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* @rajeev02/auth
|
|
6
|
+
* Universal Auth & Identity SDK
|
|
7
|
+
* OTP, biometric, Aadhaar/DigiLocker, session management, social login
|
|
8
|
+
*
|
|
9
|
+
* @author Rajeev Kumar Joshi
|
|
10
|
+
* @license MIT
|
|
11
|
+
*/
|
|
12
|
+
var session_1 = require("./session");
|
|
13
|
+
Object.defineProperty(exports, "SessionManager", { enumerable: true, get: function () { return session_1.SessionManager; } });
|
|
14
|
+
var otp_1 = require("./otp");
|
|
15
|
+
Object.defineProperty(exports, "OtpManager", { enumerable: true, get: function () { return otp_1.OtpManager; } });
|
|
16
|
+
var providers_1 = require("./providers");
|
|
17
|
+
Object.defineProperty(exports, "AuthProviderRegistry", { enumerable: true, get: function () { return providers_1.AuthProviderRegistry; } });
|
|
18
|
+
Object.defineProperty(exports, "getIndianAuthProviders", { enumerable: true, get: function () { return providers_1.getIndianAuthProviders; } });
|
|
19
|
+
//# sourceMappingURL=index.js.map
|
package/lib/index.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;;GAOG;AACH,qCAA2C;AAAlC,yGAAA,cAAc,OAAA;AAGvB,6BAAmC;AAA1B,iGAAA,UAAU,OAAA;AAGnB,yCAA2E;AAAlE,iHAAA,oBAAoB,OAAA;AAAE,mHAAA,sBAAsB,OAAA"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @rajeev02/auth — OTP Authentication
|
|
3
|
+
* Phone/email OTP flow with rate limiting, cooldown timer, auto-read
|
|
4
|
+
*/
|
|
5
|
+
export interface OtpConfig {
|
|
6
|
+
onSendOtp: (destination: string, method: "sms" | "email" | "whatsapp") => Promise<{
|
|
7
|
+
requestId: string;
|
|
8
|
+
expiresInSeconds: number;
|
|
9
|
+
}>;
|
|
10
|
+
onVerifyOtp: (requestId: string, otp: string) => Promise<{
|
|
11
|
+
success: boolean;
|
|
12
|
+
tokens?: {
|
|
13
|
+
accessToken: string;
|
|
14
|
+
refreshToken: string;
|
|
15
|
+
accessExpiresAt: number;
|
|
16
|
+
refreshExpiresAt: number;
|
|
17
|
+
};
|
|
18
|
+
}>;
|
|
19
|
+
otpLength?: number;
|
|
20
|
+
resendCooldownSeconds?: number;
|
|
21
|
+
maxAttempts?: number;
|
|
22
|
+
lockoutSeconds?: number;
|
|
23
|
+
}
|
|
24
|
+
export type OtpState = "idle" | "sending" | "waiting_for_otp" | "verifying" | "verified" | "failed" | "locked";
|
|
25
|
+
export declare class OtpManager {
|
|
26
|
+
private config;
|
|
27
|
+
private state;
|
|
28
|
+
private requestId;
|
|
29
|
+
private attempts;
|
|
30
|
+
private resendCooldownEnd;
|
|
31
|
+
private lockoutEnd;
|
|
32
|
+
private expiresAt;
|
|
33
|
+
private listeners;
|
|
34
|
+
constructor(config: OtpConfig);
|
|
35
|
+
sendOtp(destination: string, method?: "sms" | "email" | "whatsapp"): Promise<boolean>;
|
|
36
|
+
verifyOtp(otp: string): Promise<{
|
|
37
|
+
success: boolean;
|
|
38
|
+
tokens?: unknown;
|
|
39
|
+
}>;
|
|
40
|
+
resendOtp(destination: string, method?: "sms" | "email" | "whatsapp"): Promise<boolean>;
|
|
41
|
+
getResendCooldownSeconds(): number;
|
|
42
|
+
getExpirySeconds(): number;
|
|
43
|
+
isLocked(): boolean;
|
|
44
|
+
isExpired(): boolean;
|
|
45
|
+
isInCooldown(): boolean;
|
|
46
|
+
getState(): OtpState;
|
|
47
|
+
getAttempts(): number;
|
|
48
|
+
onStateChange(listener: (state: OtpState) => void): () => void;
|
|
49
|
+
private setState;
|
|
50
|
+
private reset;
|
|
51
|
+
}
|
|
52
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/otp/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,CACT,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,KAAK,GAAG,OAAO,GAAG,UAAU,KACjC,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9D,WAAW,EAAE,CACX,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,KACR,OAAO,CAAC;QACX,OAAO,EAAE,OAAO,CAAC;QACjB,MAAM,CAAC,EAAE;YACP,WAAW,EAAE,MAAM,CAAC;YACpB,YAAY,EAAE,MAAM,CAAC;YACrB,eAAe,EAAE,MAAM,CAAC;YACxB,gBAAgB,EAAE,MAAM,CAAC;SAC1B,CAAC;KACH,CAAC,CAAC;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,MAAM,QAAQ,GAChB,MAAM,GACN,SAAS,GACT,iBAAiB,GACjB,WAAW,GACX,UAAU,GACV,QAAQ,GACR,QAAQ,CAAC;AAEb,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAY;IAC1B,OAAO,CAAC,KAAK,CAAoB;IACjC,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,QAAQ,CAAa;IAC7B,OAAO,CAAC,iBAAiB,CAAa;IACtC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,SAAS,CAA6C;gBAElD,MAAM,EAAE,SAAS;IAIvB,OAAO,CACX,WAAW,EAAE,MAAM,EACnB,MAAM,GAAE,KAAK,GAAG,OAAO,GAAG,UAAkB,GAC3C,OAAO,CAAC,OAAO,CAAC;IAsBb,SAAS,CACb,GAAG,EAAE,MAAM,GACV,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAiC5C,SAAS,CACb,WAAW,EAAE,MAAM,EACnB,MAAM,GAAE,KAAK,GAAG,OAAO,GAAG,UAAkB,GAC3C,OAAO,CAAC,OAAO,CAAC;IAInB,wBAAwB,IAAI,MAAM;IAIlC,gBAAgB,IAAI,MAAM;IAI1B,QAAQ,IAAI,OAAO;IAGnB,SAAS,IAAI,OAAO;IAGpB,YAAY,IAAI,OAAO;IAGvB,QAAQ,IAAI,QAAQ;IAGpB,WAAW,IAAI,MAAM;IAIrB,aAAa,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,IAAI,GAAG,MAAM,IAAI;IAK9D,OAAO,CAAC,QAAQ;IAShB,OAAO,CAAC,KAAK;CAKd"}
|
package/lib/otp/index.js
ADDED
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @rajeev02/auth — OTP Authentication
|
|
4
|
+
* Phone/email OTP flow with rate limiting, cooldown timer, auto-read
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.OtpManager = void 0;
|
|
8
|
+
class OtpManager {
|
|
9
|
+
constructor(config) {
|
|
10
|
+
this.state = "idle";
|
|
11
|
+
this.requestId = null;
|
|
12
|
+
this.attempts = 0;
|
|
13
|
+
this.resendCooldownEnd = 0;
|
|
14
|
+
this.lockoutEnd = 0;
|
|
15
|
+
this.expiresAt = 0;
|
|
16
|
+
this.listeners = new Set();
|
|
17
|
+
this.config = config;
|
|
18
|
+
}
|
|
19
|
+
async sendOtp(destination, method = "sms") {
|
|
20
|
+
if (this.isLocked()) {
|
|
21
|
+
this.setState("locked");
|
|
22
|
+
return false;
|
|
23
|
+
}
|
|
24
|
+
if (this.isInCooldown())
|
|
25
|
+
return false;
|
|
26
|
+
this.setState("sending");
|
|
27
|
+
try {
|
|
28
|
+
const result = await this.config.onSendOtp(destination, method);
|
|
29
|
+
this.requestId = result.requestId;
|
|
30
|
+
this.expiresAt = Date.now() + result.expiresInSeconds * 1000;
|
|
31
|
+
this.resendCooldownEnd =
|
|
32
|
+
Date.now() + (this.config.resendCooldownSeconds ?? 30) * 1000;
|
|
33
|
+
this.setState("waiting_for_otp");
|
|
34
|
+
return true;
|
|
35
|
+
}
|
|
36
|
+
catch {
|
|
37
|
+
this.setState("failed");
|
|
38
|
+
return false;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
async verifyOtp(otp) {
|
|
42
|
+
if (!this.requestId || this.isLocked())
|
|
43
|
+
return { success: false };
|
|
44
|
+
if (this.isExpired()) {
|
|
45
|
+
this.setState("failed");
|
|
46
|
+
return { success: false };
|
|
47
|
+
}
|
|
48
|
+
this.setState("verifying");
|
|
49
|
+
this.attempts++;
|
|
50
|
+
const maxAttempts = this.config.maxAttempts ?? 5;
|
|
51
|
+
if (this.attempts >= maxAttempts) {
|
|
52
|
+
this.lockoutEnd = Date.now() + (this.config.lockoutSeconds ?? 300) * 1000;
|
|
53
|
+
this.setState("locked");
|
|
54
|
+
return { success: false };
|
|
55
|
+
}
|
|
56
|
+
try {
|
|
57
|
+
const result = await this.config.onVerifyOtp(this.requestId, otp);
|
|
58
|
+
if (result.success) {
|
|
59
|
+
this.setState("verified");
|
|
60
|
+
this.reset();
|
|
61
|
+
return { success: true, tokens: result.tokens };
|
|
62
|
+
}
|
|
63
|
+
else {
|
|
64
|
+
this.setState("waiting_for_otp");
|
|
65
|
+
return { success: false };
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
catch {
|
|
69
|
+
this.setState("failed");
|
|
70
|
+
return { success: false };
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
async resendOtp(destination, method = "sms") {
|
|
74
|
+
return this.sendOtp(destination, method);
|
|
75
|
+
}
|
|
76
|
+
getResendCooldownSeconds() {
|
|
77
|
+
return Math.max(0, Math.ceil((this.resendCooldownEnd - Date.now()) / 1000));
|
|
78
|
+
}
|
|
79
|
+
getExpirySeconds() {
|
|
80
|
+
return Math.max(0, Math.ceil((this.expiresAt - Date.now()) / 1000));
|
|
81
|
+
}
|
|
82
|
+
isLocked() {
|
|
83
|
+
return this.lockoutEnd > Date.now();
|
|
84
|
+
}
|
|
85
|
+
isExpired() {
|
|
86
|
+
return this.expiresAt > 0 && this.expiresAt < Date.now();
|
|
87
|
+
}
|
|
88
|
+
isInCooldown() {
|
|
89
|
+
return this.resendCooldownEnd > Date.now();
|
|
90
|
+
}
|
|
91
|
+
getState() {
|
|
92
|
+
return this.state;
|
|
93
|
+
}
|
|
94
|
+
getAttempts() {
|
|
95
|
+
return this.attempts;
|
|
96
|
+
}
|
|
97
|
+
onStateChange(listener) {
|
|
98
|
+
this.listeners.add(listener);
|
|
99
|
+
return () => this.listeners.delete(listener);
|
|
100
|
+
}
|
|
101
|
+
setState(state) {
|
|
102
|
+
this.state = state;
|
|
103
|
+
for (const l of this.listeners) {
|
|
104
|
+
try {
|
|
105
|
+
l(state);
|
|
106
|
+
}
|
|
107
|
+
catch { }
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
reset() {
|
|
111
|
+
this.attempts = 0;
|
|
112
|
+
this.requestId = null;
|
|
113
|
+
this.expiresAt = 0;
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
exports.OtpManager = OtpManager;
|
|
117
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/otp/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAkCH,MAAa,UAAU;IAUrB,YAAY,MAAiB;QARrB,UAAK,GAAa,MAAM,CAAC;QACzB,cAAS,GAAkB,IAAI,CAAC;QAChC,aAAQ,GAAW,CAAC,CAAC;QACrB,sBAAiB,GAAW,CAAC,CAAC;QAC9B,eAAU,GAAW,CAAC,CAAC;QACvB,cAAS,GAAW,CAAC,CAAC;QACtB,cAAS,GAAmC,IAAI,GAAG,EAAE,CAAC;QAG5D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CACX,WAAmB,EACnB,SAAuC,KAAK;QAE5C,IAAI,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;YACpB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,IAAI,CAAC,YAAY,EAAE;YAAE,OAAO,KAAK,CAAC;QAEtC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAChE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;YAClC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,gBAAgB,GAAG,IAAI,CAAC;YAC7D,IAAI,CAAC,iBAAiB;gBACpB,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,qBAAqB,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;YAChE,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CACb,GAAW;QAEX,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,EAAE;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAClE,IAAI,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;YACrB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3B,IAAI,CAAC,QAAQ,EAAE,CAAC;QAEhB,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;QACjD,IAAI,IAAI,CAAC,QAAQ,IAAI,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC;YAC1E,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YAClE,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC1B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;YAClD,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;gBACjC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CACb,WAAmB,EACnB,SAAuC,KAAK;QAE5C,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC3C,CAAC;IAED,wBAAwB;QACtB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACtC,CAAC;IACD,SAAS;QACP,OAAO,IAAI,CAAC,SAAS,GAAG,CAAC,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC3D,CAAC;IACD,YAAY;QACV,OAAO,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7C,CAAC;IACD,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IACD,WAAW;QACT,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,aAAa,CAAC,QAAmC;QAC/C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAEO,QAAQ,CAAC,KAAe;QAC9B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,CAAC,CAAC,KAAK,CAAC,CAAC;YACX,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,KAAK;QACX,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;QAClB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;IACrB,CAAC;CACF;AA5HD,gCA4HC"}
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @rajeev02/auth — Identity Providers
|
|
3
|
+
* Abstraction layer for Aadhaar eKYC, DigiLocker, Google, Apple, Facebook login
|
|
4
|
+
*/
|
|
5
|
+
export type ProviderType = "phone_otp" | "google" | "apple" | "facebook" | "aadhaar" | "digilocker" | "custom";
|
|
6
|
+
export interface AuthProvider {
|
|
7
|
+
type: ProviderType;
|
|
8
|
+
name: string;
|
|
9
|
+
icon?: string;
|
|
10
|
+
enabled: boolean;
|
|
11
|
+
}
|
|
12
|
+
export interface ProviderResult {
|
|
13
|
+
success: boolean;
|
|
14
|
+
provider: ProviderType;
|
|
15
|
+
providerToken?: string;
|
|
16
|
+
profile?: UserProfile;
|
|
17
|
+
error?: string;
|
|
18
|
+
}
|
|
19
|
+
export interface UserProfile {
|
|
20
|
+
id?: string;
|
|
21
|
+
name?: string;
|
|
22
|
+
email?: string;
|
|
23
|
+
phone?: string;
|
|
24
|
+
photoUrl?: string;
|
|
25
|
+
aadhaarMasked?: string;
|
|
26
|
+
digilockerDocs?: string[];
|
|
27
|
+
emailVerified?: boolean;
|
|
28
|
+
phoneVerified?: boolean;
|
|
29
|
+
raw?: Record<string, unknown>;
|
|
30
|
+
}
|
|
31
|
+
export type AadhaarStep = "enter_aadhaar" | "consent" | "otp_sent" | "otp_verify" | "kyc_complete" | "failed";
|
|
32
|
+
export interface AadhaarConfig {
|
|
33
|
+
initiateOtpUrl: string;
|
|
34
|
+
verifyOtpUrl: string;
|
|
35
|
+
apiKey: string;
|
|
36
|
+
sandbox?: boolean;
|
|
37
|
+
}
|
|
38
|
+
export interface DigiLockerConfig {
|
|
39
|
+
clientId: string;
|
|
40
|
+
clientSecret: string;
|
|
41
|
+
redirectUri: string;
|
|
42
|
+
requestedDocTypes?: ("aadhaar" | "pan" | "driving_license" | "voter_id" | "passport")[];
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Auth Provider Registry — manages available login methods
|
|
46
|
+
*/
|
|
47
|
+
export declare class AuthProviderRegistry {
|
|
48
|
+
private providers;
|
|
49
|
+
private callbacks;
|
|
50
|
+
register(provider: AuthProvider, handler: (config?: unknown) => Promise<ProviderResult>): void;
|
|
51
|
+
getAvailable(): AuthProvider[];
|
|
52
|
+
login(type: ProviderType, config?: unknown): Promise<ProviderResult>;
|
|
53
|
+
isAvailable(type: ProviderType): boolean;
|
|
54
|
+
setEnabled(type: ProviderType, enabled: boolean): void;
|
|
55
|
+
}
|
|
56
|
+
export declare function getIndianAuthProviders(): AuthProvider[];
|
|
57
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,YAAY,GACpB,WAAW,GACX,QAAQ,GACR,OAAO,GACP,UAAU,GACV,SAAS,GACT,YAAY,GACZ,QAAQ,CAAC;AAEb,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,YAAY,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,YAAY,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,SAAS,GACT,UAAU,GACV,YAAY,GACZ,cAAc,GACd,QAAQ,CAAC;AAEb,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,CAChB,SAAS,GACT,KAAK,GACL,iBAAiB,GACjB,UAAU,GACV,UAAU,CACb,EAAE,CAAC;CACL;AAED;;GAEG;AACH,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,SAAS,CAA8C;IAC/D,OAAO,CAAC,SAAS,CAGH;IAEd,QAAQ,CACN,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,CAAC,MAAM,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC,cAAc,CAAC,GACrD,IAAI;IAKP,YAAY,IAAI,YAAY,EAAE;IAIxB,KAAK,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,cAAc,CAAC;IAgB1E,WAAW,CAAC,IAAI,EAAE,YAAY,GAAG,OAAO;IAKxC,UAAU,CAAC,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,GAAG,IAAI;CAIvD;AAED,wBAAgB,sBAAsB,IAAI,YAAY,EAAE,CAavD"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @rajeev02/auth — Identity Providers
|
|
4
|
+
* Abstraction layer for Aadhaar eKYC, DigiLocker, Google, Apple, Facebook login
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.AuthProviderRegistry = void 0;
|
|
8
|
+
exports.getIndianAuthProviders = getIndianAuthProviders;
|
|
9
|
+
/**
|
|
10
|
+
* Auth Provider Registry — manages available login methods
|
|
11
|
+
*/
|
|
12
|
+
class AuthProviderRegistry {
|
|
13
|
+
constructor() {
|
|
14
|
+
this.providers = new Map();
|
|
15
|
+
this.callbacks = new Map();
|
|
16
|
+
}
|
|
17
|
+
register(provider, handler) {
|
|
18
|
+
this.providers.set(provider.type, provider);
|
|
19
|
+
this.callbacks.set(provider.type, handler);
|
|
20
|
+
}
|
|
21
|
+
getAvailable() {
|
|
22
|
+
return Array.from(this.providers.values()).filter((p) => p.enabled);
|
|
23
|
+
}
|
|
24
|
+
async login(type, config) {
|
|
25
|
+
const handler = this.callbacks.get(type);
|
|
26
|
+
if (!handler) {
|
|
27
|
+
return {
|
|
28
|
+
success: false,
|
|
29
|
+
provider: type,
|
|
30
|
+
error: `Provider ${type} not registered`,
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
try {
|
|
34
|
+
return await handler(config);
|
|
35
|
+
}
|
|
36
|
+
catch (e) {
|
|
37
|
+
return { success: false, provider: type, error: String(e) };
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
isAvailable(type) {
|
|
41
|
+
const p = this.providers.get(type);
|
|
42
|
+
return p?.enabled ?? false;
|
|
43
|
+
}
|
|
44
|
+
setEnabled(type, enabled) {
|
|
45
|
+
const p = this.providers.get(type);
|
|
46
|
+
if (p)
|
|
47
|
+
p.enabled = enabled;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
exports.AuthProviderRegistry = AuthProviderRegistry;
|
|
51
|
+
function getIndianAuthProviders() {
|
|
52
|
+
return [
|
|
53
|
+
{ type: "phone_otp", name: "Phone OTP", enabled: true },
|
|
54
|
+
{ type: "google", name: "Google", icon: "google", enabled: true },
|
|
55
|
+
{ type: "aadhaar", name: "Aadhaar eKYC", icon: "aadhaar", enabled: false },
|
|
56
|
+
{
|
|
57
|
+
type: "digilocker",
|
|
58
|
+
name: "DigiLocker",
|
|
59
|
+
icon: "digilocker",
|
|
60
|
+
enabled: false,
|
|
61
|
+
},
|
|
62
|
+
{ type: "apple", name: "Apple", icon: "apple", enabled: false },
|
|
63
|
+
];
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/providers/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAoHH,wDAaC;AA9DD;;GAEG;AACH,MAAa,oBAAoB;IAAjC;QACU,cAAS,GAAoC,IAAI,GAAG,EAAE,CAAC;QACvD,cAAS,GAGb,IAAI,GAAG,EAAE,CAAC;IAuChB,CAAC;IArCC,QAAQ,CACN,QAAsB,EACtB,OAAsD;QAEtD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IAED,YAAY;QACV,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,IAAkB,EAAE,MAAgB;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,IAAI;gBACd,KAAK,EAAE,YAAY,IAAI,iBAAiB;aACzC,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,WAAW,CAAC,IAAkB;QAC5B,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnC,OAAO,CAAC,EAAE,OAAO,IAAI,KAAK,CAAC;IAC7B,CAAC;IAED,UAAU,CAAC,IAAkB,EAAE,OAAgB;QAC7C,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC;YAAE,CAAC,CAAC,OAAO,GAAG,OAAO,CAAC;IAC7B,CAAC;CACF;AA5CD,oDA4CC;AAED,SAAgB,sBAAsB;IACpC,OAAO;QACL,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE;QACvD,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE;QACjE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;QAC1E;YACE,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,YAAY;YAClB,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,KAAK;SACf;QACD,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE;KAChE,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @rajeev02/auth — Session Manager
|
|
3
|
+
* Handles JWT access/refresh tokens, auto-refresh, secure persistence, session expiry
|
|
4
|
+
*/
|
|
5
|
+
export interface TokenPair {
|
|
6
|
+
accessToken: string;
|
|
7
|
+
refreshToken: string;
|
|
8
|
+
accessExpiresAt: number;
|
|
9
|
+
refreshExpiresAt: number;
|
|
10
|
+
}
|
|
11
|
+
export interface SessionConfig {
|
|
12
|
+
onRefreshToken: (refreshToken: string) => Promise<TokenPair | null>;
|
|
13
|
+
onSessionExpired: () => void;
|
|
14
|
+
onPersistTokens?: (tokens: TokenPair) => Promise<void>;
|
|
15
|
+
onLoadTokens?: () => Promise<TokenPair | null>;
|
|
16
|
+
refreshBufferMs?: number;
|
|
17
|
+
}
|
|
18
|
+
export type AuthState = "initializing" | "authenticated" | "unauthenticated" | "refreshing";
|
|
19
|
+
export declare class SessionManager {
|
|
20
|
+
private tokens;
|
|
21
|
+
private config;
|
|
22
|
+
private refreshTimer;
|
|
23
|
+
private state;
|
|
24
|
+
private listeners;
|
|
25
|
+
constructor(config: SessionConfig);
|
|
26
|
+
initialize(): Promise<AuthState>;
|
|
27
|
+
setTokens(tokens: TokenPair): Promise<void>;
|
|
28
|
+
getAccessToken(): Promise<string | null>;
|
|
29
|
+
getState(): AuthState;
|
|
30
|
+
isAuthenticated(): boolean;
|
|
31
|
+
logout(): Promise<void>;
|
|
32
|
+
onStateChange(listener: (state: AuthState) => void): () => void;
|
|
33
|
+
static decodeToken(token: string): Record<string, unknown> | null;
|
|
34
|
+
getUserFromToken(): Record<string, unknown> | null;
|
|
35
|
+
private refresh;
|
|
36
|
+
private scheduleRefresh;
|
|
37
|
+
private setState;
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/session/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IACpE,gBAAgB,EAAE,MAAM,IAAI,CAAC;IAC7B,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE,SAAS,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,YAAY,CAAC,EAAE,MAAM,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IAC/C,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,MAAM,SAAS,GACjB,cAAc,GACd,eAAe,GACf,iBAAiB,GACjB,YAAY,CAAC;AAEjB,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,YAAY,CAA8C;IAClE,OAAO,CAAC,KAAK,CAA6B;IAC1C,OAAO,CAAC,SAAS,CAA8C;gBAEnD,MAAM,EAAE,aAAa;IAI3B,UAAU,IAAI,OAAO,CAAC,SAAS,CAAC;IAsBhC,SAAS,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAS3C,cAAc,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAS9C,QAAQ,IAAI,SAAS;IAGrB,eAAe,IAAI,OAAO;IAIpB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAe7B,aAAa,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,GAAG,MAAM,IAAI;IAK/D,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;IAWjE,gBAAgB,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI;YAKpC,OAAO;IA8BrB,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,QAAQ;CAQjB"}
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @rajeev02/auth — Session Manager
|
|
4
|
+
* Handles JWT access/refresh tokens, auto-refresh, secure persistence, session expiry
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.SessionManager = void 0;
|
|
8
|
+
class SessionManager {
|
|
9
|
+
constructor(config) {
|
|
10
|
+
this.tokens = null;
|
|
11
|
+
this.refreshTimer = null;
|
|
12
|
+
this.state = "initializing";
|
|
13
|
+
this.listeners = new Set();
|
|
14
|
+
this.config = config;
|
|
15
|
+
}
|
|
16
|
+
async initialize() {
|
|
17
|
+
if (this.config.onLoadTokens) {
|
|
18
|
+
try {
|
|
19
|
+
const tokens = await this.config.onLoadTokens();
|
|
20
|
+
if (tokens && tokens.refreshExpiresAt > Date.now()) {
|
|
21
|
+
this.tokens = tokens;
|
|
22
|
+
if (tokens.accessExpiresAt > Date.now()) {
|
|
23
|
+
this.setState("authenticated");
|
|
24
|
+
this.scheduleRefresh();
|
|
25
|
+
}
|
|
26
|
+
else {
|
|
27
|
+
await this.refresh();
|
|
28
|
+
}
|
|
29
|
+
return this.state;
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
catch (_) {
|
|
33
|
+
/* persisted tokens invalid */
|
|
34
|
+
}
|
|
35
|
+
}
|
|
36
|
+
this.setState("unauthenticated");
|
|
37
|
+
return this.state;
|
|
38
|
+
}
|
|
39
|
+
async setTokens(tokens) {
|
|
40
|
+
this.tokens = tokens;
|
|
41
|
+
this.setState("authenticated");
|
|
42
|
+
this.scheduleRefresh();
|
|
43
|
+
if (this.config.onPersistTokens) {
|
|
44
|
+
await this.config.onPersistTokens(tokens);
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
async getAccessToken() {
|
|
48
|
+
if (!this.tokens)
|
|
49
|
+
return null;
|
|
50
|
+
const buffer = this.config.refreshBufferMs ?? 60000;
|
|
51
|
+
if (this.tokens.accessExpiresAt - Date.now() < buffer) {
|
|
52
|
+
await this.refresh();
|
|
53
|
+
}
|
|
54
|
+
return this.tokens?.accessToken ?? null;
|
|
55
|
+
}
|
|
56
|
+
getState() {
|
|
57
|
+
return this.state;
|
|
58
|
+
}
|
|
59
|
+
isAuthenticated() {
|
|
60
|
+
return this.state === "authenticated" && this.tokens !== null;
|
|
61
|
+
}
|
|
62
|
+
async logout() {
|
|
63
|
+
this.tokens = null;
|
|
64
|
+
if (this.refreshTimer)
|
|
65
|
+
clearTimeout(this.refreshTimer);
|
|
66
|
+
this.refreshTimer = null;
|
|
67
|
+
this.setState("unauthenticated");
|
|
68
|
+
if (this.config.onPersistTokens) {
|
|
69
|
+
await this.config.onPersistTokens({
|
|
70
|
+
accessToken: "",
|
|
71
|
+
refreshToken: "",
|
|
72
|
+
accessExpiresAt: 0,
|
|
73
|
+
refreshExpiresAt: 0,
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
onStateChange(listener) {
|
|
78
|
+
this.listeners.add(listener);
|
|
79
|
+
return () => this.listeners.delete(listener);
|
|
80
|
+
}
|
|
81
|
+
static decodeToken(token) {
|
|
82
|
+
try {
|
|
83
|
+
const parts = token.split(".");
|
|
84
|
+
if (parts.length !== 3)
|
|
85
|
+
return null;
|
|
86
|
+
const payload = parts[1].replace(/-/g, "+").replace(/_/g, "/");
|
|
87
|
+
return JSON.parse(atob(payload));
|
|
88
|
+
}
|
|
89
|
+
catch {
|
|
90
|
+
return null;
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
getUserFromToken() {
|
|
94
|
+
if (!this.tokens)
|
|
95
|
+
return null;
|
|
96
|
+
return SessionManager.decodeToken(this.tokens.accessToken);
|
|
97
|
+
}
|
|
98
|
+
async refresh() {
|
|
99
|
+
if (!this.tokens?.refreshToken) {
|
|
100
|
+
this.setState("unauthenticated");
|
|
101
|
+
this.config.onSessionExpired();
|
|
102
|
+
return;
|
|
103
|
+
}
|
|
104
|
+
this.setState("refreshing");
|
|
105
|
+
try {
|
|
106
|
+
const newTokens = await this.config.onRefreshToken(this.tokens.refreshToken);
|
|
107
|
+
if (newTokens) {
|
|
108
|
+
this.tokens = newTokens;
|
|
109
|
+
this.setState("authenticated");
|
|
110
|
+
this.scheduleRefresh();
|
|
111
|
+
if (this.config.onPersistTokens) {
|
|
112
|
+
await this.config.onPersistTokens(newTokens);
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
else {
|
|
116
|
+
this.tokens = null;
|
|
117
|
+
this.setState("unauthenticated");
|
|
118
|
+
this.config.onSessionExpired();
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
catch {
|
|
122
|
+
this.tokens = null;
|
|
123
|
+
this.setState("unauthenticated");
|
|
124
|
+
this.config.onSessionExpired();
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
scheduleRefresh() {
|
|
128
|
+
if (this.refreshTimer)
|
|
129
|
+
clearTimeout(this.refreshTimer);
|
|
130
|
+
if (!this.tokens)
|
|
131
|
+
return;
|
|
132
|
+
const buffer = this.config.refreshBufferMs ?? 60000;
|
|
133
|
+
const delay = Math.max(0, this.tokens.accessExpiresAt - Date.now() - buffer);
|
|
134
|
+
this.refreshTimer = setTimeout(() => this.refresh(), delay);
|
|
135
|
+
}
|
|
136
|
+
setState(state) {
|
|
137
|
+
this.state = state;
|
|
138
|
+
for (const l of this.listeners) {
|
|
139
|
+
try {
|
|
140
|
+
l(state);
|
|
141
|
+
}
|
|
142
|
+
catch { }
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
exports.SessionManager = SessionManager;
|
|
147
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/session/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAuBH,MAAa,cAAc;IAOzB,YAAY,MAAqB;QANzB,WAAM,GAAqB,IAAI,CAAC;QAEhC,iBAAY,GAAyC,IAAI,CAAC;QAC1D,UAAK,GAAc,cAAc,CAAC;QAClC,cAAS,GAAoC,IAAI,GAAG,EAAE,CAAC;QAG7D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBAChD,IAAI,MAAM,IAAI,MAAM,CAAC,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;oBACrB,IAAI,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;wBACxC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;wBAC/B,IAAI,CAAC,eAAe,EAAE,CAAC;oBACzB,CAAC;yBAAM,CAAC;wBACN,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;oBACvB,CAAC;oBACD,OAAO,IAAI,CAAC,KAAK,CAAC;gBACpB,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,8BAA8B;YAChC,CAAC;QACH,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,MAAiB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAC/B,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAChC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,KAAK,CAAC;QACpD,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;YACtD,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACvB,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,EAAE,WAAW,IAAI,IAAI,CAAC;IAC1C,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IACD,eAAe;QACb,OAAO,IAAI,CAAC,KAAK,KAAK,eAAe,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,MAAM;QACV,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,IAAI,CAAC,YAAY;YAAE,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YAChC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC;gBAChC,WAAW,EAAE,EAAE;gBACf,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,CAAC;gBAClB,gBAAgB,EAAE,CAAC;aACpB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,aAAa,CAAC,QAAoC;QAChD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,KAAa;QAC9B,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YACpC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,gBAAgB;QACd,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAC9B,OAAO,cAAc,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC7D,CAAC;IAEO,KAAK,CAAC,OAAO;QACnB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,EAAE,CAAC;YAC/B,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,cAAc,CAChD,IAAI,CAAC,MAAM,CAAC,YAAY,CACzB,CAAC;YACF,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;gBACxB,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;gBAC/B,IAAI,CAAC,eAAe,EAAE,CAAC;gBACvB,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;oBAChC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;gBACnB,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;gBACjC,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACjC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACnB,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;YACjC,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAEO,eAAe;QACrB,IAAI,IAAI,CAAC,YAAY;YAAE,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,MAAM;YAAE,OAAO;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,KAAK,CAAC;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CACpB,CAAC,EACD,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAClD,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,KAAK,CAAC,CAAC;IAC9D,CAAC;IAEO,QAAQ,CAAC,KAAgB;QAC/B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,CAAC,CAAC,KAAK,CAAC,CAAC;YACX,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AA/ID,wCA+IC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@rajeev02/auth",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "Universal Auth & Identity SDK — OTP, biometric, Aadhaar/DigiLocker, session management, social login",
|
|
5
|
+
"main": "lib/index.js",
|
|
6
|
+
"author": "Rajeev Kumar Joshi <rajeevjoshi91@gmail.com> (https://rajeev02.github.io)",
|
|
7
|
+
"license": "MIT",
|
|
8
|
+
"types": "lib/index.d.ts",
|
|
9
|
+
"scripts": {
|
|
10
|
+
"build": "tsc",
|
|
11
|
+
"clean": "rm -rf lib",
|
|
12
|
+
"prepublishOnly": "npm run build"
|
|
13
|
+
},
|
|
14
|
+
"keywords": [
|
|
15
|
+
"react-native",
|
|
16
|
+
"auth",
|
|
17
|
+
"oauth",
|
|
18
|
+
"biometric",
|
|
19
|
+
"session"
|
|
20
|
+
],
|
|
21
|
+
"repository": {
|
|
22
|
+
"type": "git",
|
|
23
|
+
"url": "https://github.com/Rajeev02/rajeev-sdk",
|
|
24
|
+
"directory": "packages/auth"
|
|
25
|
+
},
|
|
26
|
+
"homepage": "https://github.com/Rajeev02/rajeev-sdk#readme",
|
|
27
|
+
"bugs": {
|
|
28
|
+
"url": "https://github.com/Rajeev02/rajeev-sdk/issues"
|
|
29
|
+
},
|
|
30
|
+
"files": [
|
|
31
|
+
"lib/",
|
|
32
|
+
"src/",
|
|
33
|
+
"README.md"
|
|
34
|
+
],
|
|
35
|
+
"publishConfig": {
|
|
36
|
+
"access": "public"
|
|
37
|
+
},
|
|
38
|
+
"peerDependencies": {
|
|
39
|
+
"react": ">=18.3.0",
|
|
40
|
+
"react-native": ">=0.84.0"
|
|
41
|
+
},
|
|
42
|
+
"peerDependenciesMeta": {
|
|
43
|
+
"react-native": {
|
|
44
|
+
"optional": true
|
|
45
|
+
}
|
|
46
|
+
},
|
|
47
|
+
"devDependencies": {
|
|
48
|
+
"@types/react": "^19.0.0",
|
|
49
|
+
"typescript": "^5.4.0"
|
|
50
|
+
}
|
|
51
|
+
}
|
package/src/index.ts
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @rajeev02/auth
|
|
3
|
+
* Universal Auth & Identity SDK
|
|
4
|
+
* OTP, biometric, Aadhaar/DigiLocker, session management, social login
|
|
5
|
+
*
|
|
6
|
+
* @author Rajeev Kumar Joshi
|
|
7
|
+
* @license MIT
|
|
8
|
+
*/
|
|
9
|
+
export { SessionManager } from "./session";
|
|
10
|
+
export type { TokenPair, SessionConfig, AuthState } from "./session";
|
|
11
|
+
|
|
12
|
+
export { OtpManager } from "./otp";
|
|
13
|
+
export type { OtpConfig, OtpState } from "./otp";
|
|
14
|
+
|
|
15
|
+
export { AuthProviderRegistry, getIndianAuthProviders } from "./providers";
|
|
16
|
+
export type {
|
|
17
|
+
ProviderType,
|
|
18
|
+
AuthProvider,
|
|
19
|
+
ProviderResult,
|
|
20
|
+
UserProfile,
|
|
21
|
+
AadhaarConfig,
|
|
22
|
+
DigiLockerConfig,
|
|
23
|
+
AadhaarStep,
|
|
24
|
+
} from "./providers";
|
package/src/otp/index.ts
ADDED
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @rajeev02/auth — OTP Authentication
|
|
3
|
+
* Phone/email OTP flow with rate limiting, cooldown timer, auto-read
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
export interface OtpConfig {
|
|
7
|
+
onSendOtp: (
|
|
8
|
+
destination: string,
|
|
9
|
+
method: "sms" | "email" | "whatsapp",
|
|
10
|
+
) => Promise<{ requestId: string; expiresInSeconds: number }>;
|
|
11
|
+
onVerifyOtp: (
|
|
12
|
+
requestId: string,
|
|
13
|
+
otp: string,
|
|
14
|
+
) => Promise<{
|
|
15
|
+
success: boolean;
|
|
16
|
+
tokens?: {
|
|
17
|
+
accessToken: string;
|
|
18
|
+
refreshToken: string;
|
|
19
|
+
accessExpiresAt: number;
|
|
20
|
+
refreshExpiresAt: number;
|
|
21
|
+
};
|
|
22
|
+
}>;
|
|
23
|
+
otpLength?: number;
|
|
24
|
+
resendCooldownSeconds?: number;
|
|
25
|
+
maxAttempts?: number;
|
|
26
|
+
lockoutSeconds?: number;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
export type OtpState =
|
|
30
|
+
| "idle"
|
|
31
|
+
| "sending"
|
|
32
|
+
| "waiting_for_otp"
|
|
33
|
+
| "verifying"
|
|
34
|
+
| "verified"
|
|
35
|
+
| "failed"
|
|
36
|
+
| "locked";
|
|
37
|
+
|
|
38
|
+
export class OtpManager {
|
|
39
|
+
private config: OtpConfig;
|
|
40
|
+
private state: OtpState = "idle";
|
|
41
|
+
private requestId: string | null = null;
|
|
42
|
+
private attempts: number = 0;
|
|
43
|
+
private resendCooldownEnd: number = 0;
|
|
44
|
+
private lockoutEnd: number = 0;
|
|
45
|
+
private expiresAt: number = 0;
|
|
46
|
+
private listeners: Set<(state: OtpState) => void> = new Set();
|
|
47
|
+
|
|
48
|
+
constructor(config: OtpConfig) {
|
|
49
|
+
this.config = config;
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
async sendOtp(
|
|
53
|
+
destination: string,
|
|
54
|
+
method: "sms" | "email" | "whatsapp" = "sms",
|
|
55
|
+
): Promise<boolean> {
|
|
56
|
+
if (this.isLocked()) {
|
|
57
|
+
this.setState("locked");
|
|
58
|
+
return false;
|
|
59
|
+
}
|
|
60
|
+
if (this.isInCooldown()) return false;
|
|
61
|
+
|
|
62
|
+
this.setState("sending");
|
|
63
|
+
try {
|
|
64
|
+
const result = await this.config.onSendOtp(destination, method);
|
|
65
|
+
this.requestId = result.requestId;
|
|
66
|
+
this.expiresAt = Date.now() + result.expiresInSeconds * 1000;
|
|
67
|
+
this.resendCooldownEnd =
|
|
68
|
+
Date.now() + (this.config.resendCooldownSeconds ?? 30) * 1000;
|
|
69
|
+
this.setState("waiting_for_otp");
|
|
70
|
+
return true;
|
|
71
|
+
} catch {
|
|
72
|
+
this.setState("failed");
|
|
73
|
+
return false;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
|
|
77
|
+
async verifyOtp(
|
|
78
|
+
otp: string,
|
|
79
|
+
): Promise<{ success: boolean; tokens?: unknown }> {
|
|
80
|
+
if (!this.requestId || this.isLocked()) return { success: false };
|
|
81
|
+
if (this.isExpired()) {
|
|
82
|
+
this.setState("failed");
|
|
83
|
+
return { success: false };
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
this.setState("verifying");
|
|
87
|
+
this.attempts++;
|
|
88
|
+
|
|
89
|
+
const maxAttempts = this.config.maxAttempts ?? 5;
|
|
90
|
+
if (this.attempts >= maxAttempts) {
|
|
91
|
+
this.lockoutEnd = Date.now() + (this.config.lockoutSeconds ?? 300) * 1000;
|
|
92
|
+
this.setState("locked");
|
|
93
|
+
return { success: false };
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
try {
|
|
97
|
+
const result = await this.config.onVerifyOtp(this.requestId, otp);
|
|
98
|
+
if (result.success) {
|
|
99
|
+
this.setState("verified");
|
|
100
|
+
this.reset();
|
|
101
|
+
return { success: true, tokens: result.tokens };
|
|
102
|
+
} else {
|
|
103
|
+
this.setState("waiting_for_otp");
|
|
104
|
+
return { success: false };
|
|
105
|
+
}
|
|
106
|
+
} catch {
|
|
107
|
+
this.setState("failed");
|
|
108
|
+
return { success: false };
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
async resendOtp(
|
|
113
|
+
destination: string,
|
|
114
|
+
method: "sms" | "email" | "whatsapp" = "sms",
|
|
115
|
+
): Promise<boolean> {
|
|
116
|
+
return this.sendOtp(destination, method);
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
getResendCooldownSeconds(): number {
|
|
120
|
+
return Math.max(0, Math.ceil((this.resendCooldownEnd - Date.now()) / 1000));
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
getExpirySeconds(): number {
|
|
124
|
+
return Math.max(0, Math.ceil((this.expiresAt - Date.now()) / 1000));
|
|
125
|
+
}
|
|
126
|
+
|
|
127
|
+
isLocked(): boolean {
|
|
128
|
+
return this.lockoutEnd > Date.now();
|
|
129
|
+
}
|
|
130
|
+
isExpired(): boolean {
|
|
131
|
+
return this.expiresAt > 0 && this.expiresAt < Date.now();
|
|
132
|
+
}
|
|
133
|
+
isInCooldown(): boolean {
|
|
134
|
+
return this.resendCooldownEnd > Date.now();
|
|
135
|
+
}
|
|
136
|
+
getState(): OtpState {
|
|
137
|
+
return this.state;
|
|
138
|
+
}
|
|
139
|
+
getAttempts(): number {
|
|
140
|
+
return this.attempts;
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
onStateChange(listener: (state: OtpState) => void): () => void {
|
|
144
|
+
this.listeners.add(listener);
|
|
145
|
+
return () => this.listeners.delete(listener);
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
private setState(state: OtpState): void {
|
|
149
|
+
this.state = state;
|
|
150
|
+
for (const l of this.listeners) {
|
|
151
|
+
try {
|
|
152
|
+
l(state);
|
|
153
|
+
} catch {}
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
|
|
157
|
+
private reset(): void {
|
|
158
|
+
this.attempts = 0;
|
|
159
|
+
this.requestId = null;
|
|
160
|
+
this.expiresAt = 0;
|
|
161
|
+
}
|
|
162
|
+
}
|
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @rajeev02/auth — Identity Providers
|
|
3
|
+
* Abstraction layer for Aadhaar eKYC, DigiLocker, Google, Apple, Facebook login
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
export type ProviderType =
|
|
7
|
+
| "phone_otp"
|
|
8
|
+
| "google"
|
|
9
|
+
| "apple"
|
|
10
|
+
| "facebook"
|
|
11
|
+
| "aadhaar"
|
|
12
|
+
| "digilocker"
|
|
13
|
+
| "custom";
|
|
14
|
+
|
|
15
|
+
export interface AuthProvider {
|
|
16
|
+
type: ProviderType;
|
|
17
|
+
name: string;
|
|
18
|
+
icon?: string;
|
|
19
|
+
enabled: boolean;
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
export interface ProviderResult {
|
|
23
|
+
success: boolean;
|
|
24
|
+
provider: ProviderType;
|
|
25
|
+
providerToken?: string;
|
|
26
|
+
profile?: UserProfile;
|
|
27
|
+
error?: string;
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
export interface UserProfile {
|
|
31
|
+
id?: string;
|
|
32
|
+
name?: string;
|
|
33
|
+
email?: string;
|
|
34
|
+
phone?: string;
|
|
35
|
+
photoUrl?: string;
|
|
36
|
+
aadhaarMasked?: string;
|
|
37
|
+
digilockerDocs?: string[];
|
|
38
|
+
emailVerified?: boolean;
|
|
39
|
+
phoneVerified?: boolean;
|
|
40
|
+
raw?: Record<string, unknown>;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
export type AadhaarStep =
|
|
44
|
+
| "enter_aadhaar"
|
|
45
|
+
| "consent"
|
|
46
|
+
| "otp_sent"
|
|
47
|
+
| "otp_verify"
|
|
48
|
+
| "kyc_complete"
|
|
49
|
+
| "failed";
|
|
50
|
+
|
|
51
|
+
export interface AadhaarConfig {
|
|
52
|
+
initiateOtpUrl: string;
|
|
53
|
+
verifyOtpUrl: string;
|
|
54
|
+
apiKey: string;
|
|
55
|
+
sandbox?: boolean;
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
export interface DigiLockerConfig {
|
|
59
|
+
clientId: string;
|
|
60
|
+
clientSecret: string;
|
|
61
|
+
redirectUri: string;
|
|
62
|
+
requestedDocTypes?: (
|
|
63
|
+
| "aadhaar"
|
|
64
|
+
| "pan"
|
|
65
|
+
| "driving_license"
|
|
66
|
+
| "voter_id"
|
|
67
|
+
| "passport"
|
|
68
|
+
)[];
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
/**
|
|
72
|
+
* Auth Provider Registry — manages available login methods
|
|
73
|
+
*/
|
|
74
|
+
export class AuthProviderRegistry {
|
|
75
|
+
private providers: Map<ProviderType, AuthProvider> = new Map();
|
|
76
|
+
private callbacks: Map<
|
|
77
|
+
ProviderType,
|
|
78
|
+
(config?: unknown) => Promise<ProviderResult>
|
|
79
|
+
> = new Map();
|
|
80
|
+
|
|
81
|
+
register(
|
|
82
|
+
provider: AuthProvider,
|
|
83
|
+
handler: (config?: unknown) => Promise<ProviderResult>,
|
|
84
|
+
): void {
|
|
85
|
+
this.providers.set(provider.type, provider);
|
|
86
|
+
this.callbacks.set(provider.type, handler);
|
|
87
|
+
}
|
|
88
|
+
|
|
89
|
+
getAvailable(): AuthProvider[] {
|
|
90
|
+
return Array.from(this.providers.values()).filter((p) => p.enabled);
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
async login(type: ProviderType, config?: unknown): Promise<ProviderResult> {
|
|
94
|
+
const handler = this.callbacks.get(type);
|
|
95
|
+
if (!handler) {
|
|
96
|
+
return {
|
|
97
|
+
success: false,
|
|
98
|
+
provider: type,
|
|
99
|
+
error: `Provider ${type} not registered`,
|
|
100
|
+
};
|
|
101
|
+
}
|
|
102
|
+
try {
|
|
103
|
+
return await handler(config);
|
|
104
|
+
} catch (e) {
|
|
105
|
+
return { success: false, provider: type, error: String(e) };
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
isAvailable(type: ProviderType): boolean {
|
|
110
|
+
const p = this.providers.get(type);
|
|
111
|
+
return p?.enabled ?? false;
|
|
112
|
+
}
|
|
113
|
+
|
|
114
|
+
setEnabled(type: ProviderType, enabled: boolean): void {
|
|
115
|
+
const p = this.providers.get(type);
|
|
116
|
+
if (p) p.enabled = enabled;
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
export function getIndianAuthProviders(): AuthProvider[] {
|
|
121
|
+
return [
|
|
122
|
+
{ type: "phone_otp", name: "Phone OTP", enabled: true },
|
|
123
|
+
{ type: "google", name: "Google", icon: "google", enabled: true },
|
|
124
|
+
{ type: "aadhaar", name: "Aadhaar eKYC", icon: "aadhaar", enabled: false },
|
|
125
|
+
{
|
|
126
|
+
type: "digilocker",
|
|
127
|
+
name: "DigiLocker",
|
|
128
|
+
icon: "digilocker",
|
|
129
|
+
enabled: false,
|
|
130
|
+
},
|
|
131
|
+
{ type: "apple", name: "Apple", icon: "apple", enabled: false },
|
|
132
|
+
];
|
|
133
|
+
}
|
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* @rajeev02/auth — Session Manager
|
|
3
|
+
* Handles JWT access/refresh tokens, auto-refresh, secure persistence, session expiry
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
export interface TokenPair {
|
|
7
|
+
accessToken: string;
|
|
8
|
+
refreshToken: string;
|
|
9
|
+
accessExpiresAt: number;
|
|
10
|
+
refreshExpiresAt: number;
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
export interface SessionConfig {
|
|
14
|
+
onRefreshToken: (refreshToken: string) => Promise<TokenPair | null>;
|
|
15
|
+
onSessionExpired: () => void;
|
|
16
|
+
onPersistTokens?: (tokens: TokenPair) => Promise<void>;
|
|
17
|
+
onLoadTokens?: () => Promise<TokenPair | null>;
|
|
18
|
+
refreshBufferMs?: number;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
export type AuthState =
|
|
22
|
+
| "initializing"
|
|
23
|
+
| "authenticated"
|
|
24
|
+
| "unauthenticated"
|
|
25
|
+
| "refreshing";
|
|
26
|
+
|
|
27
|
+
export class SessionManager {
|
|
28
|
+
private tokens: TokenPair | null = null;
|
|
29
|
+
private config: SessionConfig;
|
|
30
|
+
private refreshTimer: ReturnType<typeof setTimeout> | null = null;
|
|
31
|
+
private state: AuthState = "initializing";
|
|
32
|
+
private listeners: Set<(state: AuthState) => void> = new Set();
|
|
33
|
+
|
|
34
|
+
constructor(config: SessionConfig) {
|
|
35
|
+
this.config = config;
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
async initialize(): Promise<AuthState> {
|
|
39
|
+
if (this.config.onLoadTokens) {
|
|
40
|
+
try {
|
|
41
|
+
const tokens = await this.config.onLoadTokens();
|
|
42
|
+
if (tokens && tokens.refreshExpiresAt > Date.now()) {
|
|
43
|
+
this.tokens = tokens;
|
|
44
|
+
if (tokens.accessExpiresAt > Date.now()) {
|
|
45
|
+
this.setState("authenticated");
|
|
46
|
+
this.scheduleRefresh();
|
|
47
|
+
} else {
|
|
48
|
+
await this.refresh();
|
|
49
|
+
}
|
|
50
|
+
return this.state;
|
|
51
|
+
}
|
|
52
|
+
} catch (_) {
|
|
53
|
+
/* persisted tokens invalid */
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
this.setState("unauthenticated");
|
|
57
|
+
return this.state;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
async setTokens(tokens: TokenPair): Promise<void> {
|
|
61
|
+
this.tokens = tokens;
|
|
62
|
+
this.setState("authenticated");
|
|
63
|
+
this.scheduleRefresh();
|
|
64
|
+
if (this.config.onPersistTokens) {
|
|
65
|
+
await this.config.onPersistTokens(tokens);
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
async getAccessToken(): Promise<string | null> {
|
|
70
|
+
if (!this.tokens) return null;
|
|
71
|
+
const buffer = this.config.refreshBufferMs ?? 60000;
|
|
72
|
+
if (this.tokens.accessExpiresAt - Date.now() < buffer) {
|
|
73
|
+
await this.refresh();
|
|
74
|
+
}
|
|
75
|
+
return this.tokens?.accessToken ?? null;
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
getState(): AuthState {
|
|
79
|
+
return this.state;
|
|
80
|
+
}
|
|
81
|
+
isAuthenticated(): boolean {
|
|
82
|
+
return this.state === "authenticated" && this.tokens !== null;
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
async logout(): Promise<void> {
|
|
86
|
+
this.tokens = null;
|
|
87
|
+
if (this.refreshTimer) clearTimeout(this.refreshTimer);
|
|
88
|
+
this.refreshTimer = null;
|
|
89
|
+
this.setState("unauthenticated");
|
|
90
|
+
if (this.config.onPersistTokens) {
|
|
91
|
+
await this.config.onPersistTokens({
|
|
92
|
+
accessToken: "",
|
|
93
|
+
refreshToken: "",
|
|
94
|
+
accessExpiresAt: 0,
|
|
95
|
+
refreshExpiresAt: 0,
|
|
96
|
+
});
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
onStateChange(listener: (state: AuthState) => void): () => void {
|
|
101
|
+
this.listeners.add(listener);
|
|
102
|
+
return () => this.listeners.delete(listener);
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
static decodeToken(token: string): Record<string, unknown> | null {
|
|
106
|
+
try {
|
|
107
|
+
const parts = token.split(".");
|
|
108
|
+
if (parts.length !== 3) return null;
|
|
109
|
+
const payload = parts[1].replace(/-/g, "+").replace(/_/g, "/");
|
|
110
|
+
return JSON.parse(atob(payload));
|
|
111
|
+
} catch {
|
|
112
|
+
return null;
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
getUserFromToken(): Record<string, unknown> | null {
|
|
117
|
+
if (!this.tokens) return null;
|
|
118
|
+
return SessionManager.decodeToken(this.tokens.accessToken);
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
private async refresh(): Promise<void> {
|
|
122
|
+
if (!this.tokens?.refreshToken) {
|
|
123
|
+
this.setState("unauthenticated");
|
|
124
|
+
this.config.onSessionExpired();
|
|
125
|
+
return;
|
|
126
|
+
}
|
|
127
|
+
this.setState("refreshing");
|
|
128
|
+
try {
|
|
129
|
+
const newTokens = await this.config.onRefreshToken(
|
|
130
|
+
this.tokens.refreshToken,
|
|
131
|
+
);
|
|
132
|
+
if (newTokens) {
|
|
133
|
+
this.tokens = newTokens;
|
|
134
|
+
this.setState("authenticated");
|
|
135
|
+
this.scheduleRefresh();
|
|
136
|
+
if (this.config.onPersistTokens) {
|
|
137
|
+
await this.config.onPersistTokens(newTokens);
|
|
138
|
+
}
|
|
139
|
+
} else {
|
|
140
|
+
this.tokens = null;
|
|
141
|
+
this.setState("unauthenticated");
|
|
142
|
+
this.config.onSessionExpired();
|
|
143
|
+
}
|
|
144
|
+
} catch {
|
|
145
|
+
this.tokens = null;
|
|
146
|
+
this.setState("unauthenticated");
|
|
147
|
+
this.config.onSessionExpired();
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
private scheduleRefresh(): void {
|
|
152
|
+
if (this.refreshTimer) clearTimeout(this.refreshTimer);
|
|
153
|
+
if (!this.tokens) return;
|
|
154
|
+
const buffer = this.config.refreshBufferMs ?? 60000;
|
|
155
|
+
const delay = Math.max(
|
|
156
|
+
0,
|
|
157
|
+
this.tokens.accessExpiresAt - Date.now() - buffer,
|
|
158
|
+
);
|
|
159
|
+
this.refreshTimer = setTimeout(() => this.refresh(), delay);
|
|
160
|
+
}
|
|
161
|
+
|
|
162
|
+
private setState(state: AuthState): void {
|
|
163
|
+
this.state = state;
|
|
164
|
+
for (const l of this.listeners) {
|
|
165
|
+
try {
|
|
166
|
+
l(state);
|
|
167
|
+
} catch {}
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
}
|