@redmix/auth 0.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Redmix
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,148 @@
+# Authentication
+
+## Contributing
+
+If you want to contribute a new auth provider integration we recommend you
+start by implementing it as a custom auth provider in a Redwood App first. When
+that works you can package it up as an npm package and publish it on your own.
+You can then create a PR on this repo with support for your new auth provider
+in our `yarn rw setup auth` cli command. The easiest option is probably to just
+look at one of the existing auth providers in
+`packages/cli/src/commands/setup/auth/providers` and the corresponding
+templates in `../templates`.
+
+If you need help setting up a custom auth provider you can read the auth docs
+on the web.
+
+### Contributing to the base auth implementation
+
+If you want to contribute to our auth implementation, the interface towards
+both auth service providers and RW apps we recommend you start looking in
+`authFactory.ts` and then continue to `AuthProvider.tsx`. `AuthProvider.tsx`
+has most of our implementation together with all the custom hooks it uses.
+Another file to be accustomed with is `AuthContext.ts`. The interface in there
+has pretty good code comments, and is what will be exposed to RW apps.
+
+## getCurrentUser
+
+`getCurrentUser` returns the user information together with
+an optional collection of roles used by requireAuth() to check if the user is authenticated or has role-based access.
+
+Use in conjunction with `requireAuth` in your services to check that a user is logged in, whether or not they are assigned a role, and optionally raise an error if they're not.
+
+```js
+@param decoded - The decoded access token containing user info and JWT claims like `sub`
+@param { token, SupportedAuthTypes type } - The access token itself as well as the auth provider type
+@param { APIGatewayEvent event, Context context } - An object which contains information from the invoker
+such as headers and cookies, and the context information about the invocation such as IP Address
+```
+
+### Examples
+
+#### Checks if currentUser is authenticated
+
+This example is the standard use of `getCurrentUser`.
+
+```js
+export const getCurrentUser = async (
+  decoded,
+  { _token, _type },
+  { _event, _context },
+) => {
+  return { ...decoded, roles: parseJWT({ decoded }).roles }
+}
+```
+
+#### User details fetched via database query
+
+```js
+export const getCurrentUser = async (decoded) => {
+  return await db.user.findUnique({ where: { decoded.email } })
+}
+```
+
+#### User info is decoded from the access token
+
+```js
+export const getCurrentUser = async (decoded) => {
+  return { ...decoded }
+}
+```
+
+#### User info is contained in the decoded token and roles extracted
+
+```js
+export const getCurrentUser = async (decoded) => {
+  return { ...decoded, roles: parseJWT({ decoded }).roles }
+}
+```
+
+#### User record query by email with namespaced app_metadata roles as Auth0 requires custom JWT claims to be namespaced
+
+```js
+export const getCurrentUser = async (decoded) => {
+  const currentUser = await db.user.findUnique({
+    where: { email: decoded.email },
+  })
+
+  return {
+    ...currentUser,
+    roles: parseJWT({ decoded: decoded, namespace: NAMESPACE }).roles,
+  }
+}
+```
+
+#### User record query by an identity with app_metadata roles
+
+```js
+const getCurrentUser = async (decoded) => {
+  const currentUser = await db.user.findUnique({
+    where: { userIdentity: decoded.sub },
+  })
+  return {
+    ...currentUser,
+    roles: parseJWT({ decoded: decoded }).roles,
+  }
+}
+```
+
+#### Cookies and other request information are available in the req parameter, just in case
+
+```js
+const getCurrentUser = async (_decoded, _raw, { event, _context }) => {
+  const cookies = cookie(event.headers.cookies)
+  const session = cookies['my.cookie.name']
+  const currentUser = await db.sessions.findUnique({ where: { id: session } })
+  return currentUser
+}
+```
+
+## requireAuth
+
+Use `requireAuth` in your services to check that a user is logged in, whether or not they are assigned a role, and optionally raise an error if they're not.
+
+```js
+@param {string=} roles - An optional role or list of roles
+@param {string[]=} roles - An optional list of roles
+
+@returns {boolean} - If the currentUser is authenticated (and assigned one of the given roles)
+
+@throws {AuthenticationError} - If the currentUser is not authenticated
+@throws {ForbiddenError} If the currentUser is not allowed due to role permissions
+```
+
+### Examples
+
+#### Checks if currentUser is authenticated
+
+```js
+requireAuth()
+```
+
+#### Checks if currentUser is authenticated and assigned one of the given roles
+
+```js
+requireAuth({ role: 'admin' })
+requireAuth({ role: ['editor', 'author'] })
+requireAuth({ role: ['publisher'] })
+```

package/dist/AuthContext.d.ts

@@ -0,0 +1,69 @@
+import React from 'react';
+export interface CurrentUser {
+    [key: string]: unknown;
+}
+export interface AuthContextInterface<TUser, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient> {
+    /** Determining your current authentication state */
+    loading: boolean;
+    isAuthenticated: boolean;
+    /** The current user's data from the `getCurrentUser` function on the api side */
+    currentUser: null | CurrentUser;
+    /**
+     * The user's metadata from the auth service provider
+     *
+     * Exactly what this looks like will depend on the auth service provider,
+     * but one example is this
+     * ```json
+     * {
+     *   "id": "11111111-2222-3333-4444-5555555555555",
+     *   "aud": "authenticated",
+     *   "role": "authenticated",
+     *   "email": "email@example.com",
+     *   "app_metadata": {
+     *     "provider": "email"
+     *   },
+     *   "user_metadata": null,
+     *   "created_at": "2016-05-15T19:53:12.368652374-07:00",
+     *   "updated_at": "2016-05-15T19:53:12.368652374-07:00"
+     * }
+     * ```
+     */
+    userMetadata: null | TUser;
+    logIn(options?: TLogInOptions): Promise<TLogIn>;
+    logOut(options?: TLogOutOptions): Promise<TLogOut>;
+    signUp(options?: TSignUpOptions): Promise<TSignUp>;
+    /**
+     * Clients should always return null or string
+     * It is expected that they catch any errors internally
+     */
+    getToken(): Promise<null | string>;
+    /**
+     * Fetches the "currentUser" from the api side,
+     * but does not update the current user state.
+     */
+    getCurrentUser(): Promise<null | CurrentUser>;
+    /**
+     * Checks if the "currentUser" from the api side
+     * is assigned a role or one of a list of roles.
+     * If the user is assigned any of the provided list of roles,
+     * the hasRole is considered to be true.
+     **/
+    hasRole(rolesToCheck: string | string[]): boolean;
+    /**
+     * Redetermine authentication state and update the state.
+     */
+    reauthenticate(): Promise<void>;
+    forgotPassword(username: string): Promise<TForgotPassword>;
+    resetPassword(options?: TResetPasswordOptions): Promise<TResetPassword>;
+    validateResetToken(resetToken: string | null): Promise<TValidateResetToken>;
+    /**
+     * A reference to auth service provider sdk "client", which is useful if we
+     * do not support some specific functionality.
+     */
+    client?: TClient;
+    type: string;
+    hasError: boolean;
+    error?: Error;
+}
+export declare function createAuthContext<TUser, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient>(): React.Context<AuthContextInterface<TUser, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient> | undefined>;
+//# sourceMappingURL=AuthContext.d.ts.map

package/dist/AuthContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../src/AuthContext.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAA;AAEzB,MAAM,WAAW,WAAW;IAC1B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,oBAAoB,CACnC,KAAK,EACL,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO;IAEP,oDAAoD;IACpD,OAAO,EAAE,OAAO,CAAA;IAChB,eAAe,EAAE,OAAO,CAAA;IACxB,iFAAiF;IACjF,WAAW,EAAE,IAAI,GAAG,WAAW,CAAA;IAC/B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,YAAY,EAAE,IAAI,GAAG,KAAK,CAAA;IAC1B,KAAK,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAC/C,MAAM,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAClD,MAAM,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAClD;;;OAGG;IACH,QAAQ,IAAI,OAAO,CAAC,IAAI,GAAG,MAAM,CAAC,CAAA;IAClC;;;OAGG;IACH,cAAc,IAAI,OAAO,CAAC,IAAI,GAAG,WAAW,CAAC,CAAA;IAC7C;;;;;QAKI;IACJ,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAA;IACjD;;OAEG;IACH,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAAA;IAC/B,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAA;IAC1D,aAAa,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAA;IACvE,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAA;IAC3E;;;OAGG;IACH,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,OAAO,CAAA;IACjB,KAAK,CAAC,EAAE,KAAK,CAAA;CACd;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EACL,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO,2NAmBR"}

package/dist/AuthContext.js

@@ -0,0 +1,7 @@
+import React from "react";
+function createAuthContext() {
+  return React.createContext(void 0);
+}
+export {
+  createAuthContext
+};

package/dist/AuthImplementation.d.ts

@@ -0,0 +1,49 @@
+export interface AuthImplementation<TUser = unknown, TRestoreAuth = unknown, TLogInOptions = unknown, TLogIn = unknown, TLogOutOptions = unknown, TLogOut = unknown, TSignUpOptions = unknown, TSignUp = unknown, TForgotPassword = unknown, TResetPasswordOptions = unknown, TResetPassword = unknown, TValidateResetToken = unknown, TClient = unknown> {
+    type: string;
+    client?: TClient;
+    restoreAuthState?(): Promise<TRestoreAuth>;
+    login(options?: TLogInOptions): Promise<TLogIn>;
+    logout(options?: TLogOutOptions): Promise<TLogOut>;
+    signup(options?: TSignUpOptions): Promise<TSignUp>;
+    getToken(): Promise<string | null>;
+    forgotPassword?(username: string): Promise<TForgotPassword>;
+    resetPassword?(options?: TResetPasswordOptions): Promise<TResetPassword>;
+    validateResetToken?(token: string | null): Promise<TValidateResetToken>;
+    clientHasLoaded?(): boolean;
+    /**
+     * The user's data from the AuthProvider
+     *
+     * Exactly what this looks like will depend on the auth service provider,
+     * but one example is this
+     * ```json
+     * {
+     *   "id": "11111111-2222-3333-4444-5555555555555",
+     *   "aud": "authenticated",
+     *   "role": "authenticated",
+     *   "email": "email@example.com",
+     *   "app_metadata": {
+     *     "provider": "email"
+     *   },
+     *   "user_metadata": null,
+     *   "created_at": "2016-05-15T19:53:12.368652374-07:00",
+     *   "updated_at": "2016-05-15T19:53:12.368652374-07:00"
+     * }
+     * ```
+     */
+    getUserMetadata(): Promise<TUser | null>;
+    /**
+     * Set "loading" to true while the auth provider is reauthenticating.
+     */
+    loadWhileReauthenticating?: boolean;
+    /**
+     * This property is either manually set by the user, or inferred from the
+     * experimental.streamingSsr setting in TOML
+     */
+    middlewareAuthEnabled?: boolean;
+    /**
+     * This is the endpoint on the middleware we are going to hit for POST
+     * requests
+     */
+    getAuthUrl?: () => string;
+}
+//# sourceMappingURL=AuthImplementation.d.ts.map

package/dist/AuthImplementation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthImplementation.d.ts","sourceRoot":"","sources":["../src/AuthImplementation.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,kBAAkB,CACjC,KAAK,GAAG,OAAO,EACf,YAAY,GAAG,OAAO,EACtB,aAAa,GAAG,OAAO,EACvB,MAAM,GAAG,OAAO,EAChB,cAAc,GAAG,OAAO,EACxB,OAAO,GAAG,OAAO,EACjB,cAAc,GAAG,OAAO,EACxB,OAAO,GAAG,OAAO,EACjB,eAAe,GAAG,OAAO,EACzB,qBAAqB,GAAG,OAAO,EAC/B,cAAc,GAAG,OAAO,EACxB,mBAAmB,GAAG,OAAO,EAC7B,OAAO,GAAG,OAAO;IAEjB,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,CAAC,EAAE,OAAO,CAAA;IAEhB,gBAAgB,CAAC,IAAI,OAAO,CAAC,YAAY,CAAC,CAAA;IAC1C,KAAK,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAC/C,MAAM,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAClD,MAAM,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAClD,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAA;IAClC,cAAc,CAAC,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAA;IAC3D,aAAa,CAAC,CAAC,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,cAAc,CAAC,CAAA;IACxE,kBAAkB,CAAC,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAA;IACvE,eAAe,CAAC,IAAI,OAAO,CAAA;IAE3B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,eAAe,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAAA;IAExC;;OAEG;IACH,yBAAyB,CAAC,EAAE,OAAO,CAAA;IAEnC;;;OAGG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAC/B;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,MAAM,CAAA;CAC1B"}

package/dist/AuthProvider/AuthProvider.d.ts

@@ -0,0 +1,12 @@
+import type { ReactNode } from 'react';
+import React from 'react';
+import type { AuthContextInterface, CurrentUser } from '../AuthContext.js';
+import type { AuthImplementation } from '../AuthImplementation.js';
+export interface AuthProviderProps {
+    children: ReactNode;
+}
+export declare function createAuthProvider<TUser, TRestoreAuth, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient>(AuthContext: React.Context<AuthContextInterface<TUser, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient> | undefined>, authImplementation: AuthImplementation<TUser, TRestoreAuth, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient>, customProviderHooks?: {
+    useCurrentUser?: () => Promise<CurrentUser>;
+    useHasRole?: (currentUser: CurrentUser | null) => (rolesToCheck: string | string[]) => boolean;
+}): ({ children }: AuthProviderProps) => React.JSX.Element;
+//# sourceMappingURL=AuthProvider.d.ts.map

package/dist/AuthProvider/AuthProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthProvider.d.ts","sourceRoot":"","sources":["../../src/AuthProvider/AuthProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAA;AACtC,OAAO,KAA0C,MAAM,OAAO,CAAA;AAE9D,OAAO,KAAK,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC1E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAgBlE,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,SAAS,CAAA;CACpB;AAED,wBAAgB,kBAAkB,CAChC,KAAK,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO,EAEP,WAAW,EAAE,KAAK,CAAC,OAAO,CACtB,oBAAoB,CAClB,KAAK,EACL,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO,CACR,GACD,SAAS,CACZ,EACD,kBAAkB,EAAE,kBAAkB,CACpC,KAAK,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO,CACR,EACD,mBAAmB,CAAC,EAAE;IACpB,cAAc,CAAC,EAAE,MAAM,OAAO,CAAC,WAAW,CAAC,CAAA;IAC3C,UAAU,CAAC,EAAE,CACX,WAAW,EAAE,WAAW,GAAG,IAAI,KAC5B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,KAAK,OAAO,CAAA;CAClD,kBAEmC,iBAAiB,uBA4FtD"}

package/dist/AuthProvider/AuthProvider.js

@@ -0,0 +1,83 @@
+import React, { useContext, useEffect, useState } from "react";
+import { spaDefaultAuthProviderState } from "./AuthProviderState.js";
+import { ServerAuthContext } from "./ServerAuthProvider.js";
+import { useCurrentUser } from "./useCurrentUser.js";
+import { useForgotPassword } from "./useForgotPassword.js";
+import { useHasRole } from "./useHasRole.js";
+import { useLogIn } from "./useLogIn.js";
+import { useLogOut } from "./useLogOut.js";
+import { useReauthenticate } from "./useReauthenticate.js";
+import { useResetPassword } from "./useResetPassword.js";
+import { useSignUp } from "./useSignUp.js";
+import { useToken } from "./useToken.js";
+import { useValidateResetToken } from "./useValidateResetToken.js";
+function createAuthProvider(AuthContext, authImplementation, customProviderHooks) {
+  const AuthProvider = ({ children }) => {
+    const serverAuthState = useContext(ServerAuthContext);
+    const [authProviderState, setAuthProviderState] = useState(serverAuthState || spaDefaultAuthProviderState);
+    const getToken = useToken(authImplementation);
+    const getCurrentUser = customProviderHooks?.useCurrentUser ? customProviderHooks.useCurrentUser : (
+      // eslint-disable-next-line react-hooks/rules-of-hooks
+      useCurrentUser(authImplementation)
+    );
+    const reauthenticate = useReauthenticate(
+      authImplementation,
+      setAuthProviderState,
+      getCurrentUser
+    );
+    const hasRole = customProviderHooks?.useHasRole ? customProviderHooks.useHasRole(authProviderState.currentUser) : (
+      // eslint-disable-next-line react-hooks/rules-of-hooks
+      useHasRole(authProviderState.currentUser)
+    );
+    const signUp = useSignUp(
+      authImplementation,
+      setAuthProviderState,
+      getCurrentUser
+    );
+    const logIn = useLogIn(
+      authImplementation,
+      setAuthProviderState,
+      getCurrentUser
+    );
+    const logOut = useLogOut(authImplementation, setAuthProviderState);
+    const forgotPassword = useForgotPassword(authImplementation);
+    const resetPassword = useResetPassword(authImplementation);
+    const validateResetToken = useValidateResetToken(authImplementation);
+    const type = authImplementation.type;
+    const client = authImplementation.client;
+    useEffect(() => {
+      async function doRestoreState() {
+        await authImplementation.restoreAuthState?.();
+        if (!serverAuthState) {
+          reauthenticate();
+        }
+      }
+      doRestoreState();
+    }, [reauthenticate, serverAuthState]);
+    return /* @__PURE__ */ React.createElement(
+      AuthContext.Provider,
+      {
+        value: {
+          ...authProviderState,
+          signUp,
+          logIn,
+          logOut,
+          getToken,
+          getCurrentUser,
+          hasRole,
+          reauthenticate,
+          forgotPassword,
+          resetPassword,
+          validateResetToken,
+          client,
+          type
+        }
+      },
+      children
+    );
+  };
+  return AuthProvider;
+}
+export {
+  createAuthProvider
+};

package/dist/AuthProvider/AuthProviderState.d.ts

@@ -0,0 +1,13 @@
+import type { CurrentUser } from '../AuthContext.js';
+export type AuthProviderState<TUser, TClient = unknown> = {
+    loading: boolean;
+    isAuthenticated: boolean;
+    userMetadata: null | TUser;
+    currentUser: null | CurrentUser;
+    hasError: boolean;
+    error?: Error;
+    client?: TClient;
+};
+export declare const spaDefaultAuthProviderState: AuthProviderState<never>;
+export declare const middlewareDefaultAuthProviderState: AuthProviderState<never>;
+//# sourceMappingURL=AuthProviderState.d.ts.map

package/dist/AuthProvider/AuthProviderState.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AuthProviderState.d.ts","sourceRoot":"","sources":["../../src/AuthProvider/AuthProviderState.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAEpD,MAAM,MAAM,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,IAAI;IACxD,OAAO,EAAE,OAAO,CAAA;IAChB,eAAe,EAAE,OAAO,CAAA;IACxB,YAAY,EAAE,IAAI,GAAG,KAAK,CAAA;IAC1B,WAAW,EAAE,IAAI,GAAG,WAAW,CAAA;IAC/B,QAAQ,EAAE,OAAO,CAAA;IACjB,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,MAAM,CAAC,EAAE,OAAO,CAAA;CACjB,CAAA;AAED,eAAO,MAAM,2BAA2B,EAAE,iBAAiB,CAAC,KAAK,CAMhE,CAAA;AAED,eAAO,MAAM,kCAAkC,EAAE,iBAAiB,CAAC,KAAK,CAMvE,CAAA"}

package/dist/AuthProvider/AuthProviderState.js

@@ -0,0 +1,18 @@
+const spaDefaultAuthProviderState = {
+  loading: true,
+  isAuthenticated: false,
+  userMetadata: null,
+  currentUser: null,
+  hasError: false
+};
+const middlewareDefaultAuthProviderState = {
+  loading: false,
+  isAuthenticated: false,
+  userMetadata: null,
+  currentUser: null,
+  hasError: false
+};
+export {
+  middlewareDefaultAuthProviderState,
+  spaDefaultAuthProviderState
+};

package/dist/AuthProvider/ServerAuthProvider.d.ts

@@ -0,0 +1,23 @@
+import type { ReactNode } from 'react';
+import React from 'react';
+import type { AuthProviderState } from './AuthProviderState.js';
+export type ServerAuthState = AuthProviderState<any> & {
+    cookieHeader: string | null | undefined;
+    roles: string[];
+};
+/**
+ * On the server, it resolves to the middlewareDefaultAuthProviderState first.
+ *
+ * On the client it restores from the initial server state injected in the ServerAuthProvider
+ */
+export declare const ServerAuthContext: React.Context<ServerAuthState>;
+/**
+ * Note: This only gets rendered on the server and serves two purposes:
+ * 1) On the server, it sets the auth state
+ * 2) On the client, it restores the auth state from the initial server render
+ */
+export declare const ServerAuthProvider: ({ value, children, }: {
+    value: ServerAuthState;
+    children?: ReactNode[];
+}) => React.JSX.Element;
+//# sourceMappingURL=ServerAuthProvider.d.ts.map

package/dist/AuthProvider/ServerAuthProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ServerAuthProvider.d.ts","sourceRoot":"","sources":["../../src/AuthProvider/ServerAuthProvider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAA;AACtC,OAAO,KAAK,MAAM,OAAO,CAAA;AAEzB,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAG/D,MAAM,MAAM,eAAe,GAAG,iBAAiB,CAAC,GAAG,CAAC,GAAG;IAGrD,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAAA;IACvC,KAAK,EAAE,MAAM,EAAE,CAAA;CAChB,CAAA;AAkBD;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,gCAE7B,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,yBAG5B;IACD,KAAK,EAAE,eAAe,CAAA;IACtB,QAAQ,CAAC,EAAE,SAAS,EAAE,CAAA;CACvB,sBAmBA,CAAA"}

package/dist/AuthProvider/ServerAuthProvider.js

@@ -0,0 +1,43 @@
+import React from "react";
+import { middlewareDefaultAuthProviderState } from "./AuthProviderState.js";
+const getAuthInitialStateFromServer = () => {
+  if (globalThis?.__REDWOOD__SERVER__AUTH_STATE__) {
+    const initialState = {
+      ...middlewareDefaultAuthProviderState,
+      encryptedSession: null,
+      ...globalThis?.__REDWOOD__SERVER__AUTH_STATE__ || {}
+    };
+    globalThis.__REDWOOD__SERVER__AUTH_STATE__ = null;
+    return initialState;
+  }
+  return null;
+};
+const ServerAuthContext = React.createContext(
+  getAuthInitialStateFromServer()
+);
+const ServerAuthProvider = ({
+  value,
+  children
+}) => {
+  const stringifiedAuthState = `__REDWOOD__SERVER__AUTH_STATE__ = ${JSON.stringify(
+    sanitizeServerAuthState(value)
+  )};`;
+  return /* @__PURE__ */ React.createElement(React.Fragment, null, /* @__PURE__ */ React.createElement(
+    "script",
+    {
+      id: "__REDWOOD__SERVER_AUTH_STATE__",
+      dangerouslySetInnerHTML: {
+        __html: stringifiedAuthState
+      }
+    }
+  ), /* @__PURE__ */ React.createElement(ServerAuthContext.Provider, { value }, children));
+};
+function sanitizeServerAuthState(value) {
+  const sanitizedState = { ...value };
+  delete sanitizedState.cookieHeader;
+  return sanitizedState;
+}
+export {
+  ServerAuthContext,
+  ServerAuthProvider
+};

package/dist/AuthProvider/useCurrentUser.d.ts

@@ -0,0 +1,3 @@
+import type { AuthImplementation } from '../AuthImplementation.js';
+export declare const useCurrentUser: (authImplementation: AuthImplementation) => () => Promise<Record<string, unknown>>;
+//# sourceMappingURL=useCurrentUser.d.ts.map

package/dist/AuthProvider/useCurrentUser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCurrentUser.d.ts","sourceRoot":"","sources":["../../src/AuthProvider/useCurrentUser.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAIlE,eAAO,MAAM,cAAc,uBAAwB,kBAAkB,WAGtC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CA0B7D,CAAA"}

package/dist/AuthProvider/useCurrentUser.js

@@ -0,0 +1,31 @@
+import { useCallback } from "react";
+import { useToken } from "./useToken.js";
+const useCurrentUser = (authImplementation) => {
+  const getToken = useToken(authImplementation);
+  return useCallback(async () => {
+    const token = await getToken();
+    const response = await globalThis.fetch(globalThis.RWJS_API_GRAPHQL_URL, {
+      method: "POST",
+      credentials: "include",
+      headers: {
+        "content-type": "application/json",
+        "auth-provider": authImplementation.type,
+        authorization: `Bearer ${token}`
+      },
+      body: JSON.stringify({
+        query: "query __REDWOOD__AUTH_GET_CURRENT_USER { redwood { currentUser } }"
+      })
+    });
+    if (response.ok) {
+      const { data } = await response.json();
+      return data?.redwood?.currentUser;
+    } else {
+      throw new Error(
+        `Could not fetch current user: ${response.statusText} (${response.status})`
+      );
+    }
+  }, [authImplementation, getToken]);
+};
+export {
+  useCurrentUser
+};

package/dist/AuthProvider/useForgotPassword.d.ts

@@ -0,0 +1,3 @@
+import type { AuthImplementation } from '../AuthImplementation.js';
+export declare const useForgotPassword: <TUser, TRestoreAuth, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient>(authImplementation: AuthImplementation<TUser, TRestoreAuth, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient>) => (username: string) => Promise<TForgotPassword>;
+//# sourceMappingURL=useForgotPassword.d.ts.map

package/dist/AuthProvider/useForgotPassword.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useForgotPassword.d.ts","sourceRoot":"","sources":["../../src/AuthProvider/useForgotPassword.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAElE,eAAO,MAAM,iBAAiB,GAC5B,KAAK,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO,sBAEa,kBAAkB,CACpC,KAAK,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO,CACR,gBAGkB,MAAM,6BAW1B,CAAA"}

package/dist/AuthProvider/useForgotPassword.js

@@ -0,0 +1,18 @@
+import { useCallback } from "react";
+const useForgotPassword = (authImplementation) => {
+  return useCallback(
+    async (username) => {
+      if (authImplementation.forgotPassword) {
+        return await authImplementation.forgotPassword(username);
+      } else {
+        throw new Error(
+          `Auth client ${authImplementation.type} does not implement this function`
+        );
+      }
+    },
+    [authImplementation]
+  );
+};
+export {
+  useForgotPassword
+};

package/dist/AuthProvider/useHasRole.d.ts

@@ -0,0 +1,3 @@
+import type { CurrentUser } from '../AuthContext.js';
+export declare const useHasRole: (currentUser: CurrentUser | null) => (rolesToCheck: string | string[]) => boolean;
+//# sourceMappingURL=useHasRole.d.ts.map

package/dist/AuthProvider/useHasRole.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useHasRole.d.ts","sourceRoot":"","sources":["../../src/AuthProvider/useHasRole.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAEpD,eAAO,MAAM,UAAU,gBAAiB,WAAW,GAAG,IAAI,oBAevC,MAAM,GAAG,MAAM,EAAE,KAAG,OAiCtC,CAAA"}

package/dist/AuthProvider/useHasRole.js

@@ -0,0 +1,34 @@
+import { useCallback } from "react";
+const useHasRole = (currentUser) => {
+  return useCallback(
+    (rolesToCheck) => {
+      if (currentUser?.roles) {
+        if (typeof rolesToCheck === "string") {
+          if (typeof currentUser.roles === "string") {
+            return currentUser.roles === rolesToCheck;
+          } else if (Array.isArray(currentUser.roles)) {
+            return currentUser.roles?.some(
+              (allowedRole) => rolesToCheck === allowedRole
+            );
+          }
+        }
+        if (Array.isArray(rolesToCheck)) {
+          if (Array.isArray(currentUser.roles)) {
+            return currentUser.roles?.some(
+              (allowedRole) => rolesToCheck.includes(allowedRole)
+            );
+          } else if (typeof currentUser.roles === "string") {
+            return rolesToCheck.some(
+              (allowedRole) => currentUser?.roles === allowedRole
+            );
+          }
+        }
+      }
+      return false;
+    },
+    [currentUser]
+  );
+};
+export {
+  useHasRole
+};

package/dist/AuthProvider/useLogIn.d.ts

@@ -0,0 +1,5 @@
+import type { AuthImplementation } from '../AuthImplementation.js';
+import type { AuthProviderState } from './AuthProviderState.js';
+import type { useCurrentUser } from './useCurrentUser.js';
+export declare const useLogIn: <TUser, TRestoreAuth, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient>(authImplementation: AuthImplementation<TUser, TRestoreAuth, TLogInOptions, TLogIn, TLogOutOptions, TLogOut, TSignUpOptions, TSignUp, TForgotPassword, TResetPasswordOptions, TResetPassword, TValidateResetToken, TClient>, setAuthProviderState: React.Dispatch<React.SetStateAction<AuthProviderState<TUser>>>, getCurrentUser: ReturnType<typeof useCurrentUser>) => (options?: TLogInOptions) => Promise<TLogIn>;
+//# sourceMappingURL=useLogIn.d.ts.map

package/dist/AuthProvider/useLogIn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useLogIn.d.ts","sourceRoot":"","sources":["../../src/AuthProvider/useLogIn.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAElE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAE/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAGzD,eAAO,MAAM,QAAQ,GACnB,KAAK,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO,sBAEa,kBAAkB,CACpC,KAAK,EACL,YAAY,EACZ,aAAa,EACb,MAAM,EACN,cAAc,EACd,OAAO,EACP,cAAc,EACd,OAAO,EACP,eAAe,EACf,qBAAqB,EACrB,cAAc,EACd,mBAAmB,EACnB,OAAO,CACR,wBACqB,KAAK,CAAC,QAAQ,CAClC,KAAK,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAC/C,kBACe,UAAU,CAAC,OAAO,cAAc,CAAC,gBAS9B,aAAa,oBASjC,CAAA"}