@reauth-dev/sdk 0.1.0

package/dist/server.d.mts

@@ -0,0 +1,188 @@
+import { e as ReauthServerConfig, A as AuthResult, f as RequestLike, d as UserDetails, h as ChargeOptions, i as DepositOptions, b as TransactionsPaginationOptions, B as BalanceTransaction } from './types-D8oOYbeC.mjs';
+
+/**
+ * Create a reauth client for server-side authentication.
+ * Uses local JWT verification for fast, reliable auth checks.
+ *
+ * @example
+ * ```typescript
+ * import { createServerClient } from '@reauth-dev/sdk/server';
+ *
+ * const reauth = createServerClient({
+ *   domain: 'yourdomain.com',
+ *   apiKey: 'sk_live_...',
+ * });
+ *
+ * // In your API route handler
+ * export async function GET(request: Request) {
+ *   const result = await reauth.authenticate({
+ *     headers: {
+ *       authorization: request.headers.get('authorization') ?? undefined,
+ *       cookie: request.headers.get('cookie') ?? undefined,
+ *     },
+ *   });
+ *
+ *   if (!result.valid || !result.user) {
+ *     return Response.json({ error: result.error || 'Unauthorized' }, { status: 401 });
+ *   }
+ *
+ *   // Access user info from JWT claims (no network call needed!)
+ *   console.log('User ID:', result.user.id);
+ *   console.log('Roles:', result.user.roles);
+ *   console.log('Subscription:', result.user.subscription);
+ *
+ *   return Response.json({ user: result.user });
+ * }
+ * ```
+ */
+declare function createServerClient(config: ReauthServerConfig): {
+    /**
+     * Verify a JWT token locally using HKDF-derived secret.
+     * No network call required - fast and reliable.
+     *
+     * The domain_id is extracted from the token claims automatically.
+     *
+     * @param token - The JWT token to verify
+     * @returns AuthResult with user info from claims
+     *
+     * @example
+     * ```typescript
+     * const result = await reauth.verifyToken(token);
+     * if (result.valid && result.user) {
+     *   console.log('User ID:', result.user.id);
+     *   console.log('Roles:', result.user.roles);
+     *   console.log('Subscription:', result.user.subscription);
+     * }
+     * ```
+     */
+    verifyToken(token: string): Promise<AuthResult>;
+    /**
+     * Extract a token from a request object.
+     * Tries Authorization: Bearer header first, then falls back to cookies.
+     *
+     * @param request - Object with headers (authorization and/or cookie)
+     * @returns The token string or null if not found
+     *
+     * @example
+     * ```typescript
+     * const token = reauth.extractToken({
+     *   headers: {
+     *     authorization: req.headers.authorization,
+     *     cookie: req.headers.cookie,
+     *   },
+     * });
+     * ```
+     */
+    extractToken(request: RequestLike): string | null;
+    /**
+     * Authenticate a request by extracting and verifying the token.
+     * This is a convenience method combining extractToken and verifyToken.
+     *
+     * @param request - Object with headers (authorization and/or cookie)
+     * @returns AuthResult with user info from claims
+     *
+     * @example
+     * ```typescript
+     * // Express/Node.js
+     * async function authMiddleware(req, res, next) {
+     *   const result = await reauth.authenticate({
+     *     headers: {
+     *       authorization: req.headers.authorization,
+     *       cookie: req.headers.cookie,
+     *     },
+     *   });
+     *
+     *   if (!result.valid || !result.user) {
+     *     res.status(401).json({ error: result.error || 'Unauthorized' });
+     *     return;
+     *   }
+     *
+     *   req.user = result.user;
+     *   next();
+     * }
+     *
+     * // Next.js App Router
+     * export async function GET(request: NextRequest) {
+     *   const result = await reauth.authenticate({
+     *     headers: {
+     *       authorization: request.headers.get('authorization') ?? undefined,
+     *       cookie: request.headers.get('cookie') ?? undefined,
+     *     },
+     *   });
+     *
+     *   if (!result.valid) {
+     *     return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+     *   }
+     *
+     *   return NextResponse.json({ user: result.user });
+     * }
+     * ```
+     */
+    authenticate(request: RequestLike): Promise<AuthResult>;
+    /**
+     * Get user details by ID from the backend.
+     * Use this when you need full user info like email, frozen status, etc.
+     * that isn't available in the JWT claims.
+     *
+     * @param userId - The user ID to fetch
+     * @returns UserDetails or null if not found
+     *
+     * @example
+     * ```typescript
+     * // After verifying token, fetch full user details if needed
+     * const result = await reauth.authenticate(request);
+     * if (result.valid && result.user) {
+     *   // If you need email or other details not in JWT
+     *   const details = await reauth.getUserById(result.user.id);
+     *   if (details) {
+     *     console.log('Email:', details.email);
+     *     console.log('Frozen:', details.isFrozen);
+     *   }
+     * }
+     * ```
+     */
+    getUserById(userId: string): Promise<UserDetails | null>;
+    /**
+     * Get a user's current balance.
+     *
+     * @param userId - The user ID to check
+     * @returns Object with the current balance
+     */
+    getBalance(userId: string): Promise<{
+        balance: number;
+    }>;
+    /**
+     * Charge (deduct) credits from a user's balance.
+     *
+     * @param userId - The user ID to charge
+     * @param opts - Charge options (amount, requestUuid for idempotency, optional note)
+     * @returns Object with the new balance after charge
+     * @throws Error with status 402 if insufficient balance, 400 if invalid amount
+     */
+    charge(userId: string, opts: ChargeOptions): Promise<{
+        newBalance: number;
+    }>;
+    /**
+     * Deposit (add) credits to a user's balance.
+     *
+     * @param userId - The user ID to deposit to
+     * @param opts - Deposit options (amount, requestUuid for idempotency, optional note)
+     * @returns Object with the new balance after deposit
+     */
+    deposit(userId: string, opts: DepositOptions): Promise<{
+        newBalance: number;
+    }>;
+    /**
+     * Get a user's balance transaction history.
+     *
+     * @param userId - The user ID to get transactions for
+     * @param opts - Optional pagination (limit, offset)
+     * @returns Object with array of transactions (newest first)
+     */
+    getTransactions(userId: string, opts?: TransactionsPaginationOptions): Promise<{
+        transactions: BalanceTransaction[];
+    }>;
+};
+type ServerClient = ReturnType<typeof createServerClient>;
+
+export { type ServerClient, createServerClient };

package/dist/server.d.ts

@@ -0,0 +1,188 @@
+import { e as ReauthServerConfig, A as AuthResult, f as RequestLike, d as UserDetails, h as ChargeOptions, i as DepositOptions, b as TransactionsPaginationOptions, B as BalanceTransaction } from './types-D8oOYbeC.js';
+
+/**
+ * Create a reauth client for server-side authentication.
+ * Uses local JWT verification for fast, reliable auth checks.
+ *
+ * @example
+ * ```typescript
+ * import { createServerClient } from '@reauth-dev/sdk/server';
+ *
+ * const reauth = createServerClient({
+ *   domain: 'yourdomain.com',
+ *   apiKey: 'sk_live_...',
+ * });
+ *
+ * // In your API route handler
+ * export async function GET(request: Request) {
+ *   const result = await reauth.authenticate({
+ *     headers: {
+ *       authorization: request.headers.get('authorization') ?? undefined,
+ *       cookie: request.headers.get('cookie') ?? undefined,
+ *     },
+ *   });
+ *
+ *   if (!result.valid || !result.user) {
+ *     return Response.json({ error: result.error || 'Unauthorized' }, { status: 401 });
+ *   }
+ *
+ *   // Access user info from JWT claims (no network call needed!)
+ *   console.log('User ID:', result.user.id);
+ *   console.log('Roles:', result.user.roles);
+ *   console.log('Subscription:', result.user.subscription);
+ *
+ *   return Response.json({ user: result.user });
+ * }
+ * ```
+ */
+declare function createServerClient(config: ReauthServerConfig): {
+    /**
+     * Verify a JWT token locally using HKDF-derived secret.
+     * No network call required - fast and reliable.
+     *
+     * The domain_id is extracted from the token claims automatically.
+     *
+     * @param token - The JWT token to verify
+     * @returns AuthResult with user info from claims
+     *
+     * @example
+     * ```typescript
+     * const result = await reauth.verifyToken(token);
+     * if (result.valid && result.user) {
+     *   console.log('User ID:', result.user.id);
+     *   console.log('Roles:', result.user.roles);
+     *   console.log('Subscription:', result.user.subscription);
+     * }
+     * ```
+     */
+    verifyToken(token: string): Promise<AuthResult>;
+    /**
+     * Extract a token from a request object.
+     * Tries Authorization: Bearer header first, then falls back to cookies.
+     *
+     * @param request - Object with headers (authorization and/or cookie)
+     * @returns The token string or null if not found
+     *
+     * @example
+     * ```typescript
+     * const token = reauth.extractToken({
+     *   headers: {
+     *     authorization: req.headers.authorization,
+     *     cookie: req.headers.cookie,
+     *   },
+     * });
+     * ```
+     */
+    extractToken(request: RequestLike): string | null;
+    /**
+     * Authenticate a request by extracting and verifying the token.
+     * This is a convenience method combining extractToken and verifyToken.
+     *
+     * @param request - Object with headers (authorization and/or cookie)
+     * @returns AuthResult with user info from claims
+     *
+     * @example
+     * ```typescript
+     * // Express/Node.js
+     * async function authMiddleware(req, res, next) {
+     *   const result = await reauth.authenticate({
+     *     headers: {
+     *       authorization: req.headers.authorization,
+     *       cookie: req.headers.cookie,
+     *     },
+     *   });
+     *
+     *   if (!result.valid || !result.user) {
+     *     res.status(401).json({ error: result.error || 'Unauthorized' });
+     *     return;
+     *   }
+     *
+     *   req.user = result.user;
+     *   next();
+     * }
+     *
+     * // Next.js App Router
+     * export async function GET(request: NextRequest) {
+     *   const result = await reauth.authenticate({
+     *     headers: {
+     *       authorization: request.headers.get('authorization') ?? undefined,
+     *       cookie: request.headers.get('cookie') ?? undefined,
+     *     },
+     *   });
+     *
+     *   if (!result.valid) {
+     *     return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+     *   }
+     *
+     *   return NextResponse.json({ user: result.user });
+     * }
+     * ```
+     */
+    authenticate(request: RequestLike): Promise<AuthResult>;
+    /**
+     * Get user details by ID from the backend.
+     * Use this when you need full user info like email, frozen status, etc.
+     * that isn't available in the JWT claims.
+     *
+     * @param userId - The user ID to fetch
+     * @returns UserDetails or null if not found
+     *
+     * @example
+     * ```typescript
+     * // After verifying token, fetch full user details if needed
+     * const result = await reauth.authenticate(request);
+     * if (result.valid && result.user) {
+     *   // If you need email or other details not in JWT
+     *   const details = await reauth.getUserById(result.user.id);
+     *   if (details) {
+     *     console.log('Email:', details.email);
+     *     console.log('Frozen:', details.isFrozen);
+     *   }
+     * }
+     * ```
+     */
+    getUserById(userId: string): Promise<UserDetails | null>;
+    /**
+     * Get a user's current balance.
+     *
+     * @param userId - The user ID to check
+     * @returns Object with the current balance
+     */
+    getBalance(userId: string): Promise<{
+        balance: number;
+    }>;
+    /**
+     * Charge (deduct) credits from a user's balance.
+     *
+     * @param userId - The user ID to charge
+     * @param opts - Charge options (amount, requestUuid for idempotency, optional note)
+     * @returns Object with the new balance after charge
+     * @throws Error with status 402 if insufficient balance, 400 if invalid amount
+     */
+    charge(userId: string, opts: ChargeOptions): Promise<{
+        newBalance: number;
+    }>;
+    /**
+     * Deposit (add) credits to a user's balance.
+     *
+     * @param userId - The user ID to deposit to
+     * @param opts - Deposit options (amount, requestUuid for idempotency, optional note)
+     * @returns Object with the new balance after deposit
+     */
+    deposit(userId: string, opts: DepositOptions): Promise<{
+        newBalance: number;
+    }>;
+    /**
+     * Get a user's balance transaction history.
+     *
+     * @param userId - The user ID to get transactions for
+     * @param opts - Optional pagination (limit, offset)
+     * @returns Object with array of transactions (newest first)
+     */
+    getTransactions(userId: string, opts?: TransactionsPaginationOptions): Promise<{
+        transactions: BalanceTransaction[];
+    }>;
+};
+type ServerClient = ReturnType<typeof createServerClient>;
+
+export { type ServerClient, createServerClient };