@reauth-dev/sdk 0.1.0 → 0.3.0

package/dist/webhooks.js

@@ -43,11 +43,15 @@ function parseSignatureHeader(header) {
   let timestamp = "";
   const signatures = [];
   for (const part of parts) {
-    const [key, value] = part.split("=", 2);
+    const [rawKey, rawValue] = part.trim().split("=", 2);
+    const key = rawKey?.trim();
+    const value = rawValue?.trim();
     if (key === "t") {
-      timestamp = value;
+      timestamp = value ?? "";
     } else if (key === "v1") {
-      signatures.push(value);
+      if (value) {
+        signatures.push(value);
+      }
     }
   }
   return { timestamp, signatures };

package/dist/webhooks.mjs

@@ -15,11 +15,15 @@ function parseSignatureHeader(header) {
   let timestamp = "";
   const signatures = [];
   for (const part of parts) {
-    const [key, value] = part.split("=", 2);
+    const [rawKey, rawValue] = part.trim().split("=", 2);
+    const key = rawKey?.trim();
+    const value = rawValue?.trim();
     if (key === "t") {
-      timestamp = value;
+      timestamp = value ?? "";
     } else if (key === "v1") {
-      signatures.push(value);
+      if (value) {
+        signatures.push(value);
+      }
     }
   }
   return { timestamp, signatures };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@reauth-dev/sdk",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "description": "TypeScript SDK for reauth.dev authentication",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -38,6 +38,8 @@
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
     "typecheck": "tsc --noEmit",
     "format": "prettier --write src"
   },
@@ -58,7 +60,8 @@
     "prettier": "^3.8.1",
     "react": "^18.0.0",
     "tsup": "^8.0.0",
-    "typescript": "^5.0.0"
+    "typescript": "^5.0.0",
+    "vitest": "^4.0.18"
   },
   "keywords": [
     "auth",

package/dist/chunk-JX2J36FS.mjs

@@ -1,269 +0,0 @@
-// src/client.ts
-function createReauthClient(config) {
-  const { domain } = config;
-  const baseUrl = `https://reauth.${domain}/api/public`;
-  return {
-    /**
-     * Redirect the user to the reauth.dev login page.
-     * After successful login, they'll be redirected back to your configured redirect URL.
-     */
-    login() {
-      if (typeof window === "undefined") {
-        throw new Error("login() can only be called in browser");
-      }
-      window.location.href = `https://reauth.${domain}/`;
-    },
-    /**
-     * Check if the user is authenticated.
-     * Returns session info including user ID, email, and roles.
-     */
-    async getSession() {
-      const res = await fetch(`${baseUrl}/auth/session`, {
-        credentials: "include"
-      });
-      return res.json();
-    },
-    /**
-     * Refresh the access token using the refresh token.
-     * Call this when getSession() returns valid: false but no error_code.
-     * @returns true if refresh succeeded, false otherwise
-     */
-    async refresh() {
-      const res = await fetch(`${baseUrl}/auth/refresh`, {
-        method: "POST",
-        credentials: "include"
-      });
-      return res.ok;
-    },
-    /**
-     * Get an access token for Bearer authentication.
-     * Use this when calling your own API that uses local token verification.
-     *
-     * @returns TokenResponse with access token, or null if not authenticated
-     *
-     * @example
-     * ```typescript
-     * const tokenResponse = await reauth.getToken();
-     * if (tokenResponse) {
-     *   fetch('/api/data', {
-     *     headers: { Authorization: `Bearer ${tokenResponse.accessToken}` }
-     *   });
-     * }
-     * ```
-     */
-    async getToken() {
-      try {
-        const res = await fetch(`${baseUrl}/auth/token`, {
-          method: "GET",
-          credentials: "include"
-        });
-        if (!res.ok) {
-          if (res.status === 401) return null;
-          throw new Error(`Failed to get token: ${res.status}`);
-        }
-        const data = await res.json();
-        return {
-          accessToken: data.access_token,
-          expiresIn: data.expires_in,
-          tokenType: data.token_type
-        };
-      } catch {
-        return null;
-      }
-    },
-    /**
-     * Log out the user by clearing all session cookies.
-     */
-    async logout() {
-      await fetch(`${baseUrl}/auth/logout`, {
-        method: "POST",
-        credentials: "include"
-      });
-    },
-    /**
-     * Delete the user's own account (self-service).
-     * @returns true if deletion succeeded, false otherwise
-     */
-    async deleteAccount() {
-      const res = await fetch(`${baseUrl}/auth/account`, {
-        method: "DELETE",
-        credentials: "include"
-      });
-      return res.ok;
-    },
-    // ========================================================================
-    // Billing Methods
-    // ========================================================================
-    /**
-     * Get available subscription plans for the domain.
-     * Only returns public plans sorted by display order.
-     */
-    async getPlans() {
-      const res = await fetch(`${baseUrl}/billing/plans`, {
-        credentials: "include"
-      });
-      if (!res.ok) return [];
-      const data = await res.json();
-      return data.map(
-        (p) => ({
-          id: p.id,
-          code: p.code,
-          name: p.name,
-          description: p.description,
-          priceCents: p.price_cents,
-          currency: p.currency,
-          interval: p.interval,
-          intervalCount: p.interval_count,
-          trialDays: p.trial_days,
-          features: p.features,
-          displayOrder: p.display_order
-        })
-      );
-    },
-    /**
-     * Get the current user's subscription status.
-     */
-    async getSubscription() {
-      const res = await fetch(`${baseUrl}/billing/subscription`, {
-        credentials: "include"
-      });
-      const data = await res.json();
-      return {
-        id: data.id,
-        planCode: data.plan_code,
-        planName: data.plan_name,
-        status: data.status,
-        currentPeriodEnd: data.current_period_end,
-        trialEnd: data.trial_end,
-        cancelAtPeriodEnd: data.cancel_at_period_end
-      };
-    },
-    /**
-     * Create a Stripe checkout session to subscribe to a plan.
-     * @param planCode The plan code to subscribe to
-     * @param successUrl URL to redirect to after successful payment
-     * @param cancelUrl URL to redirect to if checkout is canceled
-     * @returns Checkout session with URL to redirect the user to
-     */
-    async createCheckout(planCode, successUrl, cancelUrl) {
-      const res = await fetch(`${baseUrl}/billing/checkout`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        credentials: "include",
-        body: JSON.stringify({
-          plan_code: planCode,
-          success_url: successUrl,
-          cancel_url: cancelUrl
-        })
-      });
-      if (!res.ok) {
-        const err = await res.json().catch(() => ({}));
-        throw new Error(err.message || "Failed to create checkout session");
-      }
-      const data = await res.json();
-      return { checkoutUrl: data.checkout_url };
-    },
-    /**
-     * Redirect user to subscribe to a plan.
-     * Creates a checkout session and redirects to Stripe.
-     * @param planCode The plan code to subscribe to
-     */
-    async subscribe(planCode) {
-      if (typeof window === "undefined") {
-        throw new Error("subscribe() can only be called in browser");
-      }
-      const currentUrl = window.location.href;
-      const { checkoutUrl } = await this.createCheckout(
-        planCode,
-        currentUrl,
-        currentUrl
-      );
-      window.location.href = checkoutUrl;
-    },
-    /**
-     * Open the Stripe customer portal for managing subscription.
-     * @param returnUrl URL to return to after leaving the portal
-     */
-    async openBillingPortal(returnUrl) {
-      if (typeof window === "undefined") {
-        throw new Error("openBillingPortal() can only be called in browser");
-      }
-      const res = await fetch(`${baseUrl}/billing/portal`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        credentials: "include",
-        body: JSON.stringify({
-          return_url: returnUrl || window.location.href
-        })
-      });
-      if (!res.ok) {
-        throw new Error("Failed to open billing portal");
-      }
-      const data = await res.json();
-      window.location.href = data.portal_url;
-    },
-    /**
-     * Cancel the user's subscription at period end.
-     * @returns true if cancellation succeeded
-     */
-    async cancelSubscription() {
-      const res = await fetch(`${baseUrl}/billing/cancel`, {
-        method: "POST",
-        credentials: "include"
-      });
-      return res.ok;
-    },
-    // ========================================================================
-    // Balance Methods
-    // ========================================================================
-    /**
-     * Get the current user's balance.
-     * @returns Object with the current balance
-     */
-    async getBalance() {
-      const res = await fetch(`${baseUrl}/balance`, {
-        credentials: "include"
-      });
-      if (!res.ok) {
-        if (res.status === 401) throw new Error("Not authenticated");
-        throw new Error(`Failed to get balance: ${res.status}`);
-      }
-      return res.json();
-    },
-    /**
-     * Get the current user's balance transaction history.
-     * @param opts - Optional pagination (limit, offset)
-     * @returns Object with array of transactions (newest first)
-     */
-    async getTransactions(opts) {
-      const params = new URLSearchParams();
-      if (opts?.limit !== void 0) params.set("limit", String(opts.limit));
-      if (opts?.offset !== void 0) params.set("offset", String(opts.offset));
-      const qs = params.toString();
-      const res = await fetch(
-        `${baseUrl}/balance/transactions${qs ? `?${qs}` : ""}`,
-        { credentials: "include" }
-      );
-      if (!res.ok) {
-        if (res.status === 401) throw new Error("Not authenticated");
-        throw new Error(`Failed to get transactions: ${res.status}`);
-      }
-      const data = await res.json();
-      return {
-        transactions: data.transactions.map(
-          (t) => ({
-            id: t.id,
-            amountDelta: t.amount_delta,
-            reason: t.reason,
-            balanceAfter: t.balance_after,
-            createdAt: t.created_at
-          })
-        )
-      };
-    }
-  };
-}
-
-export {
-  createReauthClient
-};

package/dist/types-D8oOYbeC.d.mts

@@ -1,169 +0,0 @@
-/** Response from GET /api/public/auth/session */
-type ReauthSession = {
-    valid: boolean;
-    end_user_id: string | null;
-    email: string | null;
-    roles: string[] | null;
-    waitlist_position: number | null;
-    error: string | null;
-    error_code: "ACCOUNT_SUSPENDED" | null;
-    /** Subscription information (if billing is configured) */
-    subscription?: {
-        status: string;
-        plan_code: string | null;
-        plan_name: string | null;
-        current_period_end: number | null;
-        cancel_at_period_end: boolean | null;
-        trial_ends_at: number | null;
-    };
-};
-/** Authenticated user object (basic) */
-type User = {
-    id: string;
-    email: string;
-    roles: string[];
-};
-/** Full user details (from Developer API) */
-type UserDetails = {
-    id: string;
-    email: string;
-    roles: string[];
-    emailVerifiedAt: string | null;
-    lastLoginAt: string | null;
-    isFrozen: boolean;
-    isWhitelisted: boolean;
-    createdAt: string | null;
-};
-/** JWT claims for domain end-user tokens */
-type DomainEndUserClaims = {
-    /** User ID (subject) */
-    sub: string;
-    /** Domain ID */
-    domain_id: string;
-    /** Root domain (e.g., "example.com") */
-    domain: string;
-    /** User roles */
-    roles: string[];
-    /** Subscription information */
-    subscription: {
-        status: string;
-        plan_code: string | null;
-        plan_name: string | null;
-        current_period_end: number | null;
-        cancel_at_period_end: boolean | null;
-        trial_ends_at: number | null;
-    };
-    /** Token expiration (Unix timestamp) */
-    exp: number;
-    /** Token issued at (Unix timestamp) */
-    iat: number;
-};
-/** Configuration for browser-side reauth client */
-type ReauthConfig = {
-    /** Your verified domain (e.g., "yourdomain.com") */
-    domain: string;
-};
-/** Configuration for server-side reauth client */
-type ReauthServerConfig = ReauthConfig & {
-    /** API key for server-to-server authentication (required, e.g., "sk_live_...") */
-    apiKey: string;
-};
-/** Subscription status values */
-type SubscriptionStatus = "active" | "past_due" | "canceled" | "trialing" | "incomplete" | "incomplete_expired" | "unpaid" | "paused" | "none";
-/** Subscription info included in JWT claims */
-type SubscriptionInfo = {
-    /** Current subscription status */
-    status: SubscriptionStatus;
-    /** Machine-readable plan identifier (e.g., "pro") */
-    planCode: string | null;
-    /** Human-readable plan name (e.g., "Pro Plan") */
-    planName: string | null;
-    /** Unix timestamp when current period ends */
-    currentPeriodEnd: number | null;
-    /** Whether subscription will cancel at period end */
-    cancelAtPeriodEnd: boolean | null;
-    /** Unix timestamp when trial ends (if applicable) */
-    trialEndsAt: number | null;
-};
-/** Authentication result from verifyToken/authenticate */
-type AuthResult = {
-    valid: boolean;
-    user: {
-        id: string;
-        roles: string[];
-        subscription: SubscriptionInfo;
-    } | null;
-    claims: DomainEndUserClaims | null;
-    error?: string;
-};
-/** Request-like object for extractToken/authenticate */
-type RequestLike = {
-    headers?: {
-        authorization?: string;
-        cookie?: string;
-    };
-};
-/** Response from GET /auth/token endpoint */
-type TokenResponse = {
-    /** The JWT access token */
-    accessToken: string;
-    /** Token expiration time in seconds */
-    expiresIn: number;
-    /** Token type (always "Bearer") */
-    tokenType: string;
-};
-/** Subscription plan available for purchase */
-type SubscriptionPlan = {
-    id: string;
-    code: string;
-    name: string;
-    description: string | null;
-    priceCents: number;
-    currency: string;
-    interval: "monthly" | "yearly" | "custom";
-    intervalCount: number;
-    trialDays: number;
-    features: string[];
-    displayOrder: number;
-};
-/** User's current subscription details */
-type UserSubscription = {
-    id: string | null;
-    planCode: string | null;
-    planName: string | null;
-    status: SubscriptionStatus;
-    currentPeriodEnd: number | null;
-    trialEnd: number | null;
-    cancelAtPeriodEnd: boolean | null;
-};
-/** Checkout session response */
-type CheckoutSession = {
-    checkoutUrl: string;
-};
-/** A single balance transaction record */
-type BalanceTransaction = {
-    id: string;
-    amountDelta: number;
-    reason: Record<string, unknown>;
-    balanceAfter: number;
-    createdAt: string;
-};
-/** Options for charging a user's balance */
-type ChargeOptions = {
-    amount: number;
-    requestUuid: string;
-    note?: string;
-};
-/** Options for depositing to a user's balance */
-type DepositOptions = {
-    amount: number;
-    requestUuid: string;
-    note?: string;
-};
-/** Pagination options for transaction queries */
-type TransactionsPaginationOptions = {
-    limit?: number;
-    offset?: number;
-};
-
-export type { AuthResult as A, BalanceTransaction as B, CheckoutSession as C, DomainEndUserClaims as D, ReauthConfig as R, SubscriptionPlan as S, TokenResponse as T, UserSubscription as U, ReauthSession as a, TransactionsPaginationOptions as b, User as c, UserDetails as d, ReauthServerConfig as e, RequestLike as f, SubscriptionInfo as g, ChargeOptions as h, DepositOptions as i };

package/dist/types-D8oOYbeC.d.ts

@@ -1,169 +0,0 @@
-/** Response from GET /api/public/auth/session */
-type ReauthSession = {
-    valid: boolean;
-    end_user_id: string | null;
-    email: string | null;
-    roles: string[] | null;
-    waitlist_position: number | null;
-    error: string | null;
-    error_code: "ACCOUNT_SUSPENDED" | null;
-    /** Subscription information (if billing is configured) */
-    subscription?: {
-        status: string;
-        plan_code: string | null;
-        plan_name: string | null;
-        current_period_end: number | null;
-        cancel_at_period_end: boolean | null;
-        trial_ends_at: number | null;
-    };
-};
-/** Authenticated user object (basic) */
-type User = {
-    id: string;
-    email: string;
-    roles: string[];
-};
-/** Full user details (from Developer API) */
-type UserDetails = {
-    id: string;
-    email: string;
-    roles: string[];
-    emailVerifiedAt: string | null;
-    lastLoginAt: string | null;
-    isFrozen: boolean;
-    isWhitelisted: boolean;
-    createdAt: string | null;
-};
-/** JWT claims for domain end-user tokens */
-type DomainEndUserClaims = {
-    /** User ID (subject) */
-    sub: string;
-    /** Domain ID */
-    domain_id: string;
-    /** Root domain (e.g., "example.com") */
-    domain: string;
-    /** User roles */
-    roles: string[];
-    /** Subscription information */
-    subscription: {
-        status: string;
-        plan_code: string | null;
-        plan_name: string | null;
-        current_period_end: number | null;
-        cancel_at_period_end: boolean | null;
-        trial_ends_at: number | null;
-    };
-    /** Token expiration (Unix timestamp) */
-    exp: number;
-    /** Token issued at (Unix timestamp) */
-    iat: number;
-};
-/** Configuration for browser-side reauth client */
-type ReauthConfig = {
-    /** Your verified domain (e.g., "yourdomain.com") */
-    domain: string;
-};
-/** Configuration for server-side reauth client */
-type ReauthServerConfig = ReauthConfig & {
-    /** API key for server-to-server authentication (required, e.g., "sk_live_...") */
-    apiKey: string;
-};
-/** Subscription status values */
-type SubscriptionStatus = "active" | "past_due" | "canceled" | "trialing" | "incomplete" | "incomplete_expired" | "unpaid" | "paused" | "none";
-/** Subscription info included in JWT claims */
-type SubscriptionInfo = {
-    /** Current subscription status */
-    status: SubscriptionStatus;
-    /** Machine-readable plan identifier (e.g., "pro") */
-    planCode: string | null;
-    /** Human-readable plan name (e.g., "Pro Plan") */
-    planName: string | null;
-    /** Unix timestamp when current period ends */
-    currentPeriodEnd: number | null;
-    /** Whether subscription will cancel at period end */
-    cancelAtPeriodEnd: boolean | null;
-    /** Unix timestamp when trial ends (if applicable) */
-    trialEndsAt: number | null;
-};
-/** Authentication result from verifyToken/authenticate */
-type AuthResult = {
-    valid: boolean;
-    user: {
-        id: string;
-        roles: string[];
-        subscription: SubscriptionInfo;
-    } | null;
-    claims: DomainEndUserClaims | null;
-    error?: string;
-};
-/** Request-like object for extractToken/authenticate */
-type RequestLike = {
-    headers?: {
-        authorization?: string;
-        cookie?: string;
-    };
-};
-/** Response from GET /auth/token endpoint */
-type TokenResponse = {
-    /** The JWT access token */
-    accessToken: string;
-    /** Token expiration time in seconds */
-    expiresIn: number;
-    /** Token type (always "Bearer") */
-    tokenType: string;
-};
-/** Subscription plan available for purchase */
-type SubscriptionPlan = {
-    id: string;
-    code: string;
-    name: string;
-    description: string | null;
-    priceCents: number;
-    currency: string;
-    interval: "monthly" | "yearly" | "custom";
-    intervalCount: number;
-    trialDays: number;
-    features: string[];
-    displayOrder: number;
-};
-/** User's current subscription details */
-type UserSubscription = {
-    id: string | null;
-    planCode: string | null;
-    planName: string | null;
-    status: SubscriptionStatus;
-    currentPeriodEnd: number | null;
-    trialEnd: number | null;
-    cancelAtPeriodEnd: boolean | null;
-};
-/** Checkout session response */
-type CheckoutSession = {
-    checkoutUrl: string;
-};
-/** A single balance transaction record */
-type BalanceTransaction = {
-    id: string;
-    amountDelta: number;
-    reason: Record<string, unknown>;
-    balanceAfter: number;
-    createdAt: string;
-};
-/** Options for charging a user's balance */
-type ChargeOptions = {
-    amount: number;
-    requestUuid: string;
-    note?: string;
-};
-/** Options for depositing to a user's balance */
-type DepositOptions = {
-    amount: number;
-    requestUuid: string;
-    note?: string;
-};
-/** Pagination options for transaction queries */
-type TransactionsPaginationOptions = {
-    limit?: number;
-    offset?: number;
-};
-
-export type { AuthResult as A, BalanceTransaction as B, CheckoutSession as C, DomainEndUserClaims as D, ReauthConfig as R, SubscriptionPlan as S, TokenResponse as T, UserSubscription as U, ReauthSession as a, TransactionsPaginationOptions as b, User as c, UserDetails as d, ReauthServerConfig as e, RequestLike as f, SubscriptionInfo as g, ChargeOptions as h, DepositOptions as i };