@rool-dev/client 0.3.0 → 0.3.1-dev.351c54f
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -29
- package/dist/auth-browser.d.ts +71 -0
- package/dist/auth-browser.d.ts.map +1 -0
- package/dist/auth-browser.js +346 -0
- package/dist/auth-browser.js.map +1 -0
- package/dist/auth-node.d.ts +33 -0
- package/dist/auth-node.d.ts.map +1 -0
- package/dist/auth-node.js +271 -0
- package/dist/auth-node.js.map +1 -0
- package/dist/auth.d.ts +7 -35
- package/dist/auth.d.ts.map +1 -1
- package/dist/auth.js +34 -326
- package/dist/auth.js.map +1 -1
- package/dist/client.d.ts +2 -2
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +12 -12
- package/dist/client.js.map +1 -1
- package/dist/graph.d.ts +4 -0
- package/dist/graph.d.ts.map +1 -1
- package/dist/graph.js +31 -12
- package/dist/graph.js.map +1 -1
- package/dist/graphql.d.ts +1 -1
- package/dist/graphql.d.ts.map +1 -1
- package/dist/graphql.js +1 -1
- package/dist/graphql.js.map +1 -1
- package/dist/media.d.ts +1 -1
- package/dist/media.d.ts.map +1 -1
- package/dist/media.js +1 -1
- package/dist/media.js.map +1 -1
- package/dist/subscription.d.ts +1 -1
- package/dist/subscription.d.ts.map +1 -1
- package/dist/subscription.js +1 -1
- package/dist/subscription.js.map +1 -1
- package/dist/types.d.ts +18 -10
- package/dist/types.d.ts.map +1 -1
- package/package.json +9 -3
package/README.md
CHANGED
|
@@ -13,11 +13,11 @@ npm install @rool-dev/client
|
|
|
13
13
|
```typescript
|
|
14
14
|
import { RoolClient } from '@rool-dev/client';
|
|
15
15
|
|
|
16
|
-
const client = new RoolClient({ baseUrl: 'https://use.rool.dev
|
|
17
|
-
client.initialize();
|
|
16
|
+
const client = new RoolClient({ baseUrl: 'https://use.rool.dev' });
|
|
17
|
+
client.initialize(); // Process auth callback if returning from login
|
|
18
18
|
|
|
19
19
|
if (!client.isAuthenticated()) {
|
|
20
|
-
client.login();
|
|
20
|
+
client.login(); // Redirects to auth page
|
|
21
21
|
}
|
|
22
22
|
|
|
23
23
|
// Subscribe to real-time events
|
|
@@ -46,18 +46,64 @@ graph.close();
|
|
|
46
46
|
|
|
47
47
|
```typescript
|
|
48
48
|
interface RoolClientConfig {
|
|
49
|
-
baseUrl: string; //
|
|
50
|
-
|
|
51
|
-
|
|
49
|
+
baseUrl: string; // Base URL (e.g., 'https://use.rool.dev')
|
|
50
|
+
graphqlUrl?: string; // Override GraphQL endpoint (default: {baseUrl}/graphql)
|
|
51
|
+
mediaUrl?: string; // Override media endpoint (default: {baseUrl}/media)
|
|
52
|
+
authUrl?: string; // Override auth endpoint (default: {baseUrl}/auth)
|
|
53
|
+
authProvider?: AuthProvider; // Optional, defaults to browser auth
|
|
52
54
|
}
|
|
53
55
|
```
|
|
54
56
|
|
|
55
|
-
###
|
|
57
|
+
### Base URLs
|
|
56
58
|
|
|
57
59
|
| Environment | URL |
|
|
58
60
|
|-------------|-----|
|
|
59
|
-
| Development | `https://use.rool.dev
|
|
60
|
-
| Production | `https://use.rool.app
|
|
61
|
+
| Development | `https://use.rool.dev` |
|
|
62
|
+
| Production | `https://use.rool.app` |
|
|
63
|
+
|
|
64
|
+
### Auth Providers
|
|
65
|
+
|
|
66
|
+
**Browser (default)** — No configuration needed. Uses localStorage for tokens, redirects to login page.
|
|
67
|
+
|
|
68
|
+
```typescript
|
|
69
|
+
const client = new RoolClient({ baseUrl: 'https://use.rool.dev' });
|
|
70
|
+
client.initialize(); // Process auth callbacks if this is a callback from the auth page
|
|
71
|
+
|
|
72
|
+
if (!client.isAuthenticated()) {
|
|
73
|
+
client.login(); // Redirect to the auth page
|
|
74
|
+
}
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
**Node.js** — For CLI tools and scripts. Stores credentials in `~/.config/rool/`, opens browser for login.
|
|
78
|
+
|
|
79
|
+
```typescript
|
|
80
|
+
import { NodeAuthProvider } from '@rool-dev/client/node';
|
|
81
|
+
|
|
82
|
+
const client = new RoolClient({
|
|
83
|
+
baseUrl: 'https://use.rool.dev',
|
|
84
|
+
authProvider: new NodeAuthProvider()
|
|
85
|
+
});
|
|
86
|
+
|
|
87
|
+
if (!client.isAuthenticated()) {
|
|
88
|
+
await client.login(); // Open auth page in system browser, await callback
|
|
89
|
+
}
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
**Custom** — Implement the `AuthProvider` interface for full control.
|
|
93
|
+
|
|
94
|
+
```typescript
|
|
95
|
+
const client = new RoolClient({
|
|
96
|
+
baseUrl: 'https://use.rool.dev',
|
|
97
|
+
authProvider: {
|
|
98
|
+
initialize: () => false,
|
|
99
|
+
getToken: async () => myStore.getAccessToken(),
|
|
100
|
+
getUser: () => ({ email: 'user@example.com', name: 'User' }),
|
|
101
|
+
isAuthenticated: () => myStore.hasValidToken(),
|
|
102
|
+
login: async () => { /* your login flow */ },
|
|
103
|
+
logout: () => myStore.clear(),
|
|
104
|
+
}
|
|
105
|
+
});
|
|
106
|
+
```
|
|
61
107
|
|
|
62
108
|
|
|
63
109
|
---
|
|
@@ -68,7 +114,7 @@ interface RoolClientConfig {
|
|
|
68
114
|
|
|
69
115
|
| Method | Description |
|
|
70
116
|
|--------|-------------|
|
|
71
|
-
| `initialize(): boolean` | **Call on app startup.** Processes auth callback from URL, sets up token refresh. |
|
|
117
|
+
| `initialize(): boolean` | **Call on app startup if running in browser.** Processes auth callback from URL, sets up token refresh. |
|
|
72
118
|
| `login(): void` | Redirect to login page |
|
|
73
119
|
| `logout(): void` | Clear tokens and state |
|
|
74
120
|
| `isAuthenticated(): boolean` | Check auth status |
|
|
@@ -293,25 +339,6 @@ interface PromptOptions {
|
|
|
293
339
|
|
|
294
340
|
---
|
|
295
341
|
|
|
296
|
-
## Custom Auth Provider
|
|
297
|
-
|
|
298
|
-
For Electron or custom auth flows:
|
|
299
|
-
|
|
300
|
-
```typescript
|
|
301
|
-
const client = new RoolClient({
|
|
302
|
-
baseUrl: 'https://use.rool.dev',
|
|
303
|
-
authProvider: {
|
|
304
|
-
getToken: async () => myTokenStore.getAccessToken(),
|
|
305
|
-
getUser: () => ({ email: 'user@example.com', name: 'User' }),
|
|
306
|
-
isAuthenticated: () => myTokenStore.hasValidToken(),
|
|
307
|
-
login: () => myAuthFlow.startLogin(),
|
|
308
|
-
logout: () => myTokenStore.clear(),
|
|
309
|
-
}
|
|
310
|
-
});
|
|
311
|
-
```
|
|
312
|
-
|
|
313
|
-
---
|
|
314
|
-
|
|
315
342
|
## License
|
|
316
343
|
|
|
317
344
|
Proprietary - © Lightpost One. All rights reserved.
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
import type { AuthProvider, UserInfo } from './types.js';
|
|
2
|
+
export interface BrowserAuthConfig {
|
|
3
|
+
/** Auth service URL (e.g. https://use.rool.dev/auth) */
|
|
4
|
+
authUrl: string;
|
|
5
|
+
storagePrefix?: string;
|
|
6
|
+
onAuthStateChanged: (authenticated: boolean) => void;
|
|
7
|
+
}
|
|
8
|
+
export declare class BrowserAuthProvider implements AuthProvider {
|
|
9
|
+
private config;
|
|
10
|
+
private apiKey;
|
|
11
|
+
private apiKeyFetchPromise;
|
|
12
|
+
private refreshPromise;
|
|
13
|
+
private refreshTimeoutId;
|
|
14
|
+
private get storageKeys();
|
|
15
|
+
/** Auth URL without trailing slash */
|
|
16
|
+
private get authBaseUrl();
|
|
17
|
+
constructor(config: BrowserAuthConfig);
|
|
18
|
+
/**
|
|
19
|
+
* Initialize auth manager - should be called on app startup.
|
|
20
|
+
* Processes any auth callback in the URL and sets up auto-refresh.
|
|
21
|
+
*/
|
|
22
|
+
initialize(): boolean;
|
|
23
|
+
/**
|
|
24
|
+
* Check if user is currently authenticated (has valid token).
|
|
25
|
+
*/
|
|
26
|
+
isAuthenticated(): boolean;
|
|
27
|
+
/**
|
|
28
|
+
* Get current access token, refreshing if expired.
|
|
29
|
+
* Returns undefined if not authenticated.
|
|
30
|
+
*/
|
|
31
|
+
getToken(): Promise<string | undefined>;
|
|
32
|
+
/**
|
|
33
|
+
* Get user info decoded from JWT token.
|
|
34
|
+
*/
|
|
35
|
+
getUser(): UserInfo;
|
|
36
|
+
/**
|
|
37
|
+
* Initiate login by redirecting to auth page.
|
|
38
|
+
*/
|
|
39
|
+
login(): void;
|
|
40
|
+
/**
|
|
41
|
+
* Logout - clear all tokens and state.
|
|
42
|
+
*/
|
|
43
|
+
logout(): void;
|
|
44
|
+
/**
|
|
45
|
+
* Process auth callback from URL fragment.
|
|
46
|
+
* Should be called on page load.
|
|
47
|
+
* @returns true if callback was processed
|
|
48
|
+
*/
|
|
49
|
+
processCallback(): boolean;
|
|
50
|
+
/**
|
|
51
|
+
* Destroy auth manager - clear refresh timers.
|
|
52
|
+
*/
|
|
53
|
+
destroy(): void;
|
|
54
|
+
/**
|
|
55
|
+
* Get the API key, fetching from server if not provided in config.
|
|
56
|
+
*/
|
|
57
|
+
private getApiKey;
|
|
58
|
+
private tryRefreshToken;
|
|
59
|
+
private scheduleTokenRefresh;
|
|
60
|
+
private cancelScheduledRefresh;
|
|
61
|
+
private readAccessToken;
|
|
62
|
+
private readExpiresAt;
|
|
63
|
+
private writeTokens;
|
|
64
|
+
private clearTokens;
|
|
65
|
+
private storeState;
|
|
66
|
+
private readState;
|
|
67
|
+
private clearState;
|
|
68
|
+
private generateState;
|
|
69
|
+
private decodeUserInfo;
|
|
70
|
+
}
|
|
71
|
+
//# sourceMappingURL=auth-browser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-browser.d.ts","sourceRoot":"","sources":["../src/auth-browser.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAOzD,MAAM,WAAW,iBAAiB;IAC9B,wDAAwD;IACxD,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,CAAC,aAAa,EAAE,OAAO,KAAK,IAAI,CAAC;CACxD;AAED,qBAAa,mBAAoB,YAAW,YAAY;IACpD,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,kBAAkB,CAAuC;IACjE,OAAO,CAAC,cAAc,CAAiC;IACvD,OAAO,CAAC,gBAAgB,CAA8C;IAEtE,OAAO,KAAK,WAAW,GAQtB;IAED,sCAAsC;IACtC,OAAO,KAAK,WAAW,GAEtB;gBAEW,MAAM,EAAE,iBAAiB;IAIrC;;;OAGG;IACH,UAAU,IAAI,OAAO;IAMrB;;OAEG;IACH,eAAe,IAAI,OAAO;IAO1B;;;OAGG;IACG,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAgB7C;;OAEG;IACH,OAAO,IAAI,QAAQ;IAMnB;;OAEG;IACH,KAAK,IAAI,IAAI;IAYb;;OAEG;IACH,MAAM,IAAI,IAAI;IAOd;;;;OAIG;IACH,eAAe,IAAI,OAAO;IAyC1B;;OAEG;IACH,OAAO,IAAI,IAAI;IAQf;;OAEG;YACW,SAAS;YAgCT,eAAe;IA4E7B,OAAO,CAAC,oBAAoB;IAmB5B,OAAO,CAAC,sBAAsB;IAO9B,OAAO,CAAC,eAAe;IAIvB,OAAO,CAAC,aAAa;IAOrB,OAAO,CAAC,WAAW;IAwBnB,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,SAAS;IAQjB,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,aAAa;IAUrB,OAAO,CAAC,cAAc;CAYzB"}
|
|
@@ -0,0 +1,346 @@
|
|
|
1
|
+
const GCIP_REFRESH_ENDPOINT = 'https://securetoken.googleapis.com/v1/token';
|
|
2
|
+
const REFRESH_BUFFER_MS = 5 * 60 * 1000; // Refresh 5 minutes before expiry
|
|
3
|
+
const DEFAULT_STORAGE_PREFIX = 'rool_';
|
|
4
|
+
export class BrowserAuthProvider {
|
|
5
|
+
config;
|
|
6
|
+
apiKey = null;
|
|
7
|
+
apiKeyFetchPromise = null;
|
|
8
|
+
refreshPromise = null;
|
|
9
|
+
refreshTimeoutId = null;
|
|
10
|
+
get storageKeys() {
|
|
11
|
+
const prefix = this.config.storagePrefix ?? DEFAULT_STORAGE_PREFIX;
|
|
12
|
+
return {
|
|
13
|
+
access: `${prefix}access_token`,
|
|
14
|
+
refresh: `${prefix}refresh_token`,
|
|
15
|
+
expiresAt: `${prefix}token_expires_at`,
|
|
16
|
+
state: `${prefix}auth_state`,
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
/** Auth URL without trailing slash */
|
|
20
|
+
get authBaseUrl() {
|
|
21
|
+
return this.config.authUrl.replace(/\/+$/, '');
|
|
22
|
+
}
|
|
23
|
+
constructor(config) {
|
|
24
|
+
this.config = config;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Initialize auth manager - should be called on app startup.
|
|
28
|
+
* Processes any auth callback in the URL and sets up auto-refresh.
|
|
29
|
+
*/
|
|
30
|
+
initialize() {
|
|
31
|
+
const wasCallback = this.processCallback();
|
|
32
|
+
this.scheduleTokenRefresh();
|
|
33
|
+
return wasCallback;
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Check if user is currently authenticated (has valid token).
|
|
37
|
+
*/
|
|
38
|
+
isAuthenticated() {
|
|
39
|
+
const accessToken = this.readAccessToken();
|
|
40
|
+
const expiresAt = this.readExpiresAt();
|
|
41
|
+
if (!accessToken || !expiresAt)
|
|
42
|
+
return false;
|
|
43
|
+
return Date.now() < expiresAt;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Get current access token, refreshing if expired.
|
|
47
|
+
* Returns undefined if not authenticated.
|
|
48
|
+
*/
|
|
49
|
+
async getToken() {
|
|
50
|
+
const accessToken = this.readAccessToken();
|
|
51
|
+
const expiresAt = this.readExpiresAt();
|
|
52
|
+
if (!accessToken)
|
|
53
|
+
return undefined;
|
|
54
|
+
// Token expired or about to expire - try refresh
|
|
55
|
+
if (expiresAt && Date.now() >= expiresAt - REFRESH_BUFFER_MS) {
|
|
56
|
+
const refreshed = await this.tryRefreshToken();
|
|
57
|
+
if (!refreshed)
|
|
58
|
+
return undefined;
|
|
59
|
+
return this.readAccessToken() ?? undefined;
|
|
60
|
+
}
|
|
61
|
+
return accessToken;
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Get user info decoded from JWT token.
|
|
65
|
+
*/
|
|
66
|
+
getUser() {
|
|
67
|
+
const accessToken = this.readAccessToken();
|
|
68
|
+
if (!accessToken)
|
|
69
|
+
return { email: null, name: null };
|
|
70
|
+
return this.decodeUserInfo(accessToken);
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Initiate login by redirecting to auth page.
|
|
74
|
+
*/
|
|
75
|
+
login() {
|
|
76
|
+
const loginUrl = new URL(`${this.authBaseUrl}/`);
|
|
77
|
+
const redirectTarget = window.location.origin + window.location.pathname + window.location.search;
|
|
78
|
+
loginUrl.searchParams.set('redirect_uri', redirectTarget);
|
|
79
|
+
const state = this.generateState();
|
|
80
|
+
this.storeState(state);
|
|
81
|
+
loginUrl.searchParams.set('state', state);
|
|
82
|
+
window.location.href = loginUrl.toString();
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Logout - clear all tokens and state.
|
|
86
|
+
*/
|
|
87
|
+
logout() {
|
|
88
|
+
this.clearTokens();
|
|
89
|
+
this.clearState();
|
|
90
|
+
this.cancelScheduledRefresh();
|
|
91
|
+
this.config.onAuthStateChanged(false);
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Process auth callback from URL fragment.
|
|
95
|
+
* Should be called on page load.
|
|
96
|
+
* @returns true if callback was processed
|
|
97
|
+
*/
|
|
98
|
+
processCallback() {
|
|
99
|
+
const hash = window.location.hash ?? '';
|
|
100
|
+
const trimmed = hash.startsWith('#') ? hash.slice(1) : hash;
|
|
101
|
+
if (!trimmed)
|
|
102
|
+
return false;
|
|
103
|
+
const params = new URLSearchParams(trimmed);
|
|
104
|
+
const idToken = params.get('id_token');
|
|
105
|
+
if (!idToken)
|
|
106
|
+
return false;
|
|
107
|
+
const refreshToken = params.get('refresh_token');
|
|
108
|
+
const expiresIn = params.get('expires_in');
|
|
109
|
+
const expiresAt = expiresIn ? Date.now() + Number(expiresIn) * 1000 : NaN;
|
|
110
|
+
const incomingState = params.get('state');
|
|
111
|
+
const storedState = this.readState();
|
|
112
|
+
// Validate state - if we stored one, require it back
|
|
113
|
+
if (storedState && incomingState !== storedState) {
|
|
114
|
+
console.error('[RoolClient] Auth state mismatch. Token fragment ignored.');
|
|
115
|
+
return false;
|
|
116
|
+
}
|
|
117
|
+
if (!Number.isFinite(expiresAt)) {
|
|
118
|
+
console.error('[RoolClient] Auth response missing expires_in. Token ignored.');
|
|
119
|
+
return false;
|
|
120
|
+
}
|
|
121
|
+
// Clear state and store tokens
|
|
122
|
+
this.clearState();
|
|
123
|
+
this.writeTokens(idToken, refreshToken, expiresAt);
|
|
124
|
+
// Clean URL
|
|
125
|
+
const cleanUrl = window.location.origin + window.location.pathname + window.location.search;
|
|
126
|
+
window.history.replaceState({}, document.title, cleanUrl);
|
|
127
|
+
// Schedule refresh and notify
|
|
128
|
+
this.scheduleTokenRefresh();
|
|
129
|
+
this.config.onAuthStateChanged(true);
|
|
130
|
+
return true;
|
|
131
|
+
}
|
|
132
|
+
/**
|
|
133
|
+
* Destroy auth manager - clear refresh timers.
|
|
134
|
+
*/
|
|
135
|
+
destroy() {
|
|
136
|
+
this.cancelScheduledRefresh();
|
|
137
|
+
}
|
|
138
|
+
// ===========================================================================
|
|
139
|
+
// Private methods
|
|
140
|
+
// ===========================================================================
|
|
141
|
+
/**
|
|
142
|
+
* Get the API key, fetching from server if not provided in config.
|
|
143
|
+
*/
|
|
144
|
+
async getApiKey() {
|
|
145
|
+
// Already have it
|
|
146
|
+
if (this.apiKey)
|
|
147
|
+
return this.apiKey;
|
|
148
|
+
// Already fetching
|
|
149
|
+
if (this.apiKeyFetchPromise)
|
|
150
|
+
return this.apiKeyFetchPromise;
|
|
151
|
+
// Fetch from server
|
|
152
|
+
this.apiKeyFetchPromise = fetch(`${this.authBaseUrl}/config.json`)
|
|
153
|
+
.then(async (response) => {
|
|
154
|
+
if (!response.ok) {
|
|
155
|
+
console.warn('[RoolClient] Failed to fetch API key from server');
|
|
156
|
+
return null;
|
|
157
|
+
}
|
|
158
|
+
const data = await response.json();
|
|
159
|
+
if (data.apiKey && typeof data.apiKey === 'string') {
|
|
160
|
+
this.apiKey = data.apiKey;
|
|
161
|
+
return this.apiKey;
|
|
162
|
+
}
|
|
163
|
+
return null;
|
|
164
|
+
})
|
|
165
|
+
.catch((error) => {
|
|
166
|
+
console.warn('[RoolClient] Failed to fetch API key:', error);
|
|
167
|
+
return null;
|
|
168
|
+
})
|
|
169
|
+
.finally(() => {
|
|
170
|
+
this.apiKeyFetchPromise = null;
|
|
171
|
+
});
|
|
172
|
+
return this.apiKeyFetchPromise;
|
|
173
|
+
}
|
|
174
|
+
async tryRefreshToken() {
|
|
175
|
+
// Deduplicate concurrent refresh attempts
|
|
176
|
+
if (this.refreshPromise) {
|
|
177
|
+
return this.refreshPromise;
|
|
178
|
+
}
|
|
179
|
+
const refreshToken = localStorage.getItem(this.storageKeys.refresh);
|
|
180
|
+
if (!refreshToken)
|
|
181
|
+
return false;
|
|
182
|
+
// Get API key (from config or server)
|
|
183
|
+
const apiKey = await this.getApiKey();
|
|
184
|
+
if (!apiKey) {
|
|
185
|
+
console.warn('[RoolClient] Cannot refresh token: no API key available');
|
|
186
|
+
return false;
|
|
187
|
+
}
|
|
188
|
+
const refreshUrl = new URL(GCIP_REFRESH_ENDPOINT);
|
|
189
|
+
refreshUrl.searchParams.set('key', apiKey);
|
|
190
|
+
this.refreshPromise = (async () => {
|
|
191
|
+
let response;
|
|
192
|
+
try {
|
|
193
|
+
response = await fetch(refreshUrl.toString(), {
|
|
194
|
+
method: 'POST',
|
|
195
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
196
|
+
body: new URLSearchParams({
|
|
197
|
+
grant_type: 'refresh_token',
|
|
198
|
+
refresh_token: refreshToken,
|
|
199
|
+
}),
|
|
200
|
+
});
|
|
201
|
+
}
|
|
202
|
+
catch (error) {
|
|
203
|
+
// Network error - don't clear tokens, might work next time
|
|
204
|
+
console.warn('[RoolClient] Token refresh network error:', error);
|
|
205
|
+
return false;
|
|
206
|
+
}
|
|
207
|
+
// 400/401 = refresh token is invalid, clear everything
|
|
208
|
+
if (response.status === 400 || response.status === 401) {
|
|
209
|
+
console.warn('[RoolClient] Refresh token invalid, clearing credentials');
|
|
210
|
+
this.clearTokens();
|
|
211
|
+
this.config.onAuthStateChanged(false);
|
|
212
|
+
return false;
|
|
213
|
+
}
|
|
214
|
+
// Other HTTP errors - don't clear tokens, might be transient
|
|
215
|
+
if (!response.ok) {
|
|
216
|
+
console.warn(`[RoolClient] Token refresh failed: ${response.status} ${response.statusText}`);
|
|
217
|
+
return false;
|
|
218
|
+
}
|
|
219
|
+
// Success - parse and store new tokens
|
|
220
|
+
try {
|
|
221
|
+
const data = await response.json();
|
|
222
|
+
const accessToken = data.id_token ?? data.access_token ?? null;
|
|
223
|
+
const nextRefreshToken = data.refresh_token ?? refreshToken;
|
|
224
|
+
const expiresAt = data.expires_in ? Date.now() + data.expires_in * 1000 : NaN;
|
|
225
|
+
if (!accessToken || !Number.isFinite(expiresAt)) {
|
|
226
|
+
console.error('[RoolClient] Refresh response missing access token or expires_in');
|
|
227
|
+
return false;
|
|
228
|
+
}
|
|
229
|
+
this.writeTokens(accessToken, nextRefreshToken, expiresAt);
|
|
230
|
+
this.scheduleTokenRefresh();
|
|
231
|
+
return true;
|
|
232
|
+
}
|
|
233
|
+
catch (error) {
|
|
234
|
+
console.error('[RoolClient] Failed to parse refresh response:', error);
|
|
235
|
+
return false;
|
|
236
|
+
}
|
|
237
|
+
})().finally(() => {
|
|
238
|
+
this.refreshPromise = null;
|
|
239
|
+
});
|
|
240
|
+
return this.refreshPromise;
|
|
241
|
+
}
|
|
242
|
+
scheduleTokenRefresh() {
|
|
243
|
+
this.cancelScheduledRefresh();
|
|
244
|
+
const expiresAt = this.readExpiresAt();
|
|
245
|
+
if (!expiresAt)
|
|
246
|
+
return;
|
|
247
|
+
const refreshAt = expiresAt - REFRESH_BUFFER_MS;
|
|
248
|
+
const delay = refreshAt - Date.now();
|
|
249
|
+
if (delay <= 0) {
|
|
250
|
+
// Already needs refresh
|
|
251
|
+
void this.tryRefreshToken();
|
|
252
|
+
}
|
|
253
|
+
else {
|
|
254
|
+
this.refreshTimeoutId = setTimeout(() => {
|
|
255
|
+
void this.tryRefreshToken();
|
|
256
|
+
}, delay);
|
|
257
|
+
}
|
|
258
|
+
}
|
|
259
|
+
cancelScheduledRefresh() {
|
|
260
|
+
if (this.refreshTimeoutId !== null) {
|
|
261
|
+
clearTimeout(this.refreshTimeoutId);
|
|
262
|
+
this.refreshTimeoutId = null;
|
|
263
|
+
}
|
|
264
|
+
}
|
|
265
|
+
readAccessToken() {
|
|
266
|
+
return localStorage.getItem(this.storageKeys.access);
|
|
267
|
+
}
|
|
268
|
+
readExpiresAt() {
|
|
269
|
+
const raw = localStorage.getItem(this.storageKeys.expiresAt);
|
|
270
|
+
if (!raw)
|
|
271
|
+
return null;
|
|
272
|
+
const parsed = Number.parseInt(raw, 10);
|
|
273
|
+
return Number.isFinite(parsed) ? parsed : null;
|
|
274
|
+
}
|
|
275
|
+
writeTokens(accessToken, refreshToken, expiresAt) {
|
|
276
|
+
if (accessToken) {
|
|
277
|
+
localStorage.setItem(this.storageKeys.access, accessToken);
|
|
278
|
+
}
|
|
279
|
+
else {
|
|
280
|
+
localStorage.removeItem(this.storageKeys.access);
|
|
281
|
+
}
|
|
282
|
+
if (refreshToken) {
|
|
283
|
+
localStorage.setItem(this.storageKeys.refresh, refreshToken);
|
|
284
|
+
}
|
|
285
|
+
else {
|
|
286
|
+
localStorage.removeItem(this.storageKeys.refresh);
|
|
287
|
+
}
|
|
288
|
+
if (expiresAt !== null && Number.isFinite(expiresAt)) {
|
|
289
|
+
localStorage.setItem(this.storageKeys.expiresAt, Math.floor(expiresAt).toString());
|
|
290
|
+
}
|
|
291
|
+
else {
|
|
292
|
+
localStorage.removeItem(this.storageKeys.expiresAt);
|
|
293
|
+
}
|
|
294
|
+
}
|
|
295
|
+
clearTokens() {
|
|
296
|
+
this.writeTokens(null, null, null);
|
|
297
|
+
}
|
|
298
|
+
storeState(value) {
|
|
299
|
+
try {
|
|
300
|
+
sessionStorage.setItem(this.storageKeys.state, value);
|
|
301
|
+
}
|
|
302
|
+
catch {
|
|
303
|
+
// Ignore storage restrictions
|
|
304
|
+
}
|
|
305
|
+
}
|
|
306
|
+
readState() {
|
|
307
|
+
try {
|
|
308
|
+
return sessionStorage.getItem(this.storageKeys.state);
|
|
309
|
+
}
|
|
310
|
+
catch {
|
|
311
|
+
return null;
|
|
312
|
+
}
|
|
313
|
+
}
|
|
314
|
+
clearState() {
|
|
315
|
+
try {
|
|
316
|
+
sessionStorage.removeItem(this.storageKeys.state);
|
|
317
|
+
}
|
|
318
|
+
catch {
|
|
319
|
+
// Ignore storage restrictions
|
|
320
|
+
}
|
|
321
|
+
}
|
|
322
|
+
generateState() {
|
|
323
|
+
try {
|
|
324
|
+
const buffer = new Uint8Array(16);
|
|
325
|
+
window.crypto.getRandomValues(buffer);
|
|
326
|
+
return Array.from(buffer, (value) => value.toString(16).padStart(2, '0')).join('');
|
|
327
|
+
}
|
|
328
|
+
catch {
|
|
329
|
+
return Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
decodeUserInfo(accessToken) {
|
|
333
|
+
try {
|
|
334
|
+
const payload = JSON.parse(atob(accessToken.split('.')[1]));
|
|
335
|
+
return {
|
|
336
|
+
email: payload.email || null,
|
|
337
|
+
name: payload.name || null,
|
|
338
|
+
};
|
|
339
|
+
}
|
|
340
|
+
catch (error) {
|
|
341
|
+
console.error('[RoolClient] Failed to decode token:', error);
|
|
342
|
+
return { email: null, name: null };
|
|
343
|
+
}
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
//# sourceMappingURL=auth-browser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-browser.js","sourceRoot":"","sources":["../src/auth-browser.ts"],"names":[],"mappings":"AAGA,MAAM,qBAAqB,GAAG,6CAA6C,CAAC;AAC5E,MAAM,iBAAiB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,kCAAkC;AAE3E,MAAM,sBAAsB,GAAG,OAAO,CAAC;AASvC,MAAM,OAAO,mBAAmB;IACpB,MAAM,CAAoB;IAC1B,MAAM,GAAkB,IAAI,CAAC;IAC7B,kBAAkB,GAAkC,IAAI,CAAC;IACzD,cAAc,GAA4B,IAAI,CAAC;IAC/C,gBAAgB,GAAyC,IAAI,CAAC;IAEtE,IAAY,WAAW;QACnB,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,sBAAsB,CAAC;QACnE,OAAO;YACH,MAAM,EAAE,GAAG,MAAM,cAAc;YAC/B,OAAO,EAAE,GAAG,MAAM,eAAe;YACjC,SAAS,EAAE,GAAG,MAAM,kBAAkB;YACtC,KAAK,EAAE,GAAG,MAAM,YAAY;SACtB,CAAC;IACf,CAAC;IAED,sCAAsC;IACtC,IAAY,WAAW;QACnB,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACnD,CAAC;IAED,YAAY,MAAyB;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACzB,CAAC;IAED;;;OAGG;IACH,UAAU;QACN,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,OAAO,WAAW,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,eAAe;QACX,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,IAAI,CAAC,WAAW,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QAC7C,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAClC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ;QACV,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAEvC,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QAEnC,iDAAiD;QACjD,IAAI,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,GAAG,iBAAiB,EAAE,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/C,IAAI,CAAC,SAAS;gBAAE,OAAO,SAAS,CAAC;YACjC,OAAO,IAAI,CAAC,eAAe,EAAE,IAAI,SAAS,CAAC;QAC/C,CAAC;QAED,OAAO,WAAW,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,OAAO;QACH,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC3C,IAAI,CAAC,WAAW;YAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACrD,OAAO,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK;QACD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC;QACjD,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAClG,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QAE1D,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACnC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QACvB,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE1C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,QAAQ,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,MAAM;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;QACnB,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAED;;;;OAIG;IACH,eAAe;QACX,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5D,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAE3B,MAAM,YAAY,GAAG,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAC1E,MAAM,aAAa,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAErC,qDAAqD;QACrD,IAAI,WAAW,IAAI,aAAa,KAAK,WAAW,EAAE,CAAC;YAC/C,OAAO,CAAC,KAAK,CAAC,2DAA2D,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,KAAK,CAAC,+DAA+D,CAAC,CAAC;YAC/E,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,+BAA+B;QAC/B,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QAEnD,YAAY;QACZ,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QAC5F,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAE1D,8BAA8B;QAC9B,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAErC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO;QACH,IAAI,CAAC,sBAAsB,EAAE,CAAC;IAClC,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E;;OAEG;IACK,KAAK,CAAC,SAAS;QACnB,kBAAkB;QAClB,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC,MAAM,CAAC;QAEpC,mBAAmB;QACnB,IAAI,IAAI,CAAC,kBAAkB;YAAE,OAAO,IAAI,CAAC,kBAAkB,CAAC;QAE5D,oBAAoB;QACpB,IAAI,CAAC,kBAAkB,GAAG,KAAK,CAAC,GAAG,IAAI,CAAC,WAAW,cAAc,CAAC;aAC7D,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;YACrB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;gBACjE,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACjD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;gBAC1B,OAAO,IAAI,CAAC,MAAM,CAAC;YACvB,CAAC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC;aACD,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACb,OAAO,CAAC,IAAI,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC7D,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC;aACD,OAAO,CAAC,GAAG,EAAE;YACV,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;QACnC,CAAC,CAAC,CAAC;QAEP,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,eAAe;QACzB,0CAA0C;QAC1C,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,cAAc,CAAC;QAC/B,CAAC;QAED,MAAM,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY;YAAE,OAAO,KAAK,CAAC;QAEhC,sCAAsC;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;YACxE,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;QAClD,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAE3C,IAAI,CAAC,cAAc,GAAG,CAAC,KAAK,IAAI,EAAE;YAC9B,IAAI,QAAkB,CAAC;YACvB,IAAI,CAAC;gBACD,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE;oBAC1C,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;oBAChE,IAAI,EAAE,IAAI,eAAe,CAAC;wBACtB,UAAU,EAAE,eAAe;wBAC3B,aAAa,EAAE,YAAY;qBAC9B,CAAC;iBACL,CAAC,CAAC;YACP,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,2DAA2D;gBAC3D,OAAO,CAAC,IAAI,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;gBACjE,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,uDAAuD;YACvD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACrD,OAAO,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBACzE,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnB,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;gBACtC,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,6DAA6D;YAC7D,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACf,OAAO,CAAC,IAAI,CAAC,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;gBAC7F,OAAO,KAAK,CAAC;YACjB,CAAC;YAED,uCAAuC;YACvC,IAAI,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,MAAM,WAAW,GAAkB,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC;gBAC9E,MAAM,gBAAgB,GAAkB,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC;gBAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;gBAE9E,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9C,OAAO,CAAC,KAAK,CAAC,kEAAkE,CAAC,CAAC;oBAClF,OAAO,KAAK,CAAC;gBACjB,CAAC;gBAED,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,gBAAgB,EAAE,SAAS,CAAC,CAAC;gBAC3D,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAC5B,OAAO,IAAI,CAAC;YAChB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,gDAAgD,EAAE,KAAK,CAAC,CAAC;gBACvE,OAAO,KAAK,CAAC;YACjB,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,cAAc,CAAC;IAC/B,CAAC;IAEO,oBAAoB;QACxB,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,IAAI,CAAC,SAAS;YAAE,OAAO;QAEvB,MAAM,SAAS,GAAG,SAAS,GAAG,iBAAiB,CAAC;QAChD,MAAM,KAAK,GAAG,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAErC,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;YACb,wBAAwB;YACxB,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACJ,IAAI,CAAC,gBAAgB,GAAG,UAAU,CAAC,GAAG,EAAE;gBACpC,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;YAChC,CAAC,EAAE,KAAK,CAAC,CAAC;QACd,CAAC;IACL,CAAC;IAEO,sBAAsB;QAC1B,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;YACjC,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACpC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QACjC,CAAC;IACL,CAAC;IAEO,eAAe;QACnB,OAAO,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAEO,aAAa;QACjB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxC,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACnD,CAAC;IAEO,WAAW,CACf,WAA0B,EAC1B,YAA2B,EAC3B,SAAwB;QAExB,IAAI,WAAW,EAAE,CAAC;YACd,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,YAAY,EAAE,CAAC;YACf,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACjE,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,SAAS,KAAK,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACnD,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvF,CAAC;aAAM,CAAC;YACJ,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACxD,CAAC;IACL,CAAC;IAEO,WAAW;QACf,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC;IAEO,UAAU,CAAC,KAAa;QAC5B,IAAI,CAAC;YACD,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACL,8BAA8B;QAClC,CAAC;IACL,CAAC;IAEO,SAAS;QACb,IAAI,CAAC;YACD,OAAO,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEO,UAAU;QACd,IAAI,CAAC;YACD,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACL,8BAA8B;QAClC,CAAC;IACL,CAAC;IAEO,aAAa;QACjB,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACtC,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvF,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACrF,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,WAAmB;QACtC,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5D,OAAO;gBACH,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;gBAC5B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;aAC7B,CAAC;QACN,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YAC7D,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACvC,CAAC;IACL,CAAC;CACJ"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import type { AuthProvider, UserInfo } from './types.js';
|
|
2
|
+
export interface NodeAuthConfig {
|
|
3
|
+
/** Path to store credentials (default: ~/.config/rool/credentials.json) */
|
|
4
|
+
credentialsPath?: string;
|
|
5
|
+
/** Timeout for login flow in ms (default: 5 minutes) */
|
|
6
|
+
loginTimeoutMs?: number;
|
|
7
|
+
onAuthStateChanged?: (authenticated: boolean) => void;
|
|
8
|
+
}
|
|
9
|
+
export declare class NodeAuthProvider implements AuthProvider {
|
|
10
|
+
private config;
|
|
11
|
+
private apiKey;
|
|
12
|
+
private _authUrl;
|
|
13
|
+
constructor(config?: NodeAuthConfig);
|
|
14
|
+
/** Called by AuthManager to inject the auth URL */
|
|
15
|
+
setAuthUrl(url: string): void;
|
|
16
|
+
private get credentialsPath();
|
|
17
|
+
/**
|
|
18
|
+
* Get the auth endpoint URL (without trailing slash).
|
|
19
|
+
*/
|
|
20
|
+
private get authEndpoint();
|
|
21
|
+
initialize(): boolean;
|
|
22
|
+
getToken(): Promise<string | undefined>;
|
|
23
|
+
getUser(): UserInfo;
|
|
24
|
+
isAuthenticated(): boolean;
|
|
25
|
+
login(): Promise<void>;
|
|
26
|
+
logout(): void;
|
|
27
|
+
private readCredentials;
|
|
28
|
+
private writeCredentials;
|
|
29
|
+
private getApiKey;
|
|
30
|
+
private refreshToken;
|
|
31
|
+
private startLoopbackServer;
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=auth-node.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-node.d.ts","sourceRoot":"","sources":["../src/auth-node.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAIzD,MAAM,WAAW,cAAc;IAC3B,2EAA2E;IAC3E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,wDAAwD;IACxD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kBAAkB,CAAC,EAAE,CAAC,aAAa,EAAE,OAAO,KAAK,IAAI,CAAC;CACzD;AAQD,qBAAa,gBAAiB,YAAW,YAAY;IACjD,OAAO,CAAC,MAAM,CAAiB;IAC/B,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,QAAQ,CAAuB;gBAE3B,MAAM,GAAE,cAAmB;IAIvC,mDAAmD;IACnD,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAI7B,OAAO,KAAK,eAAe,GAO1B;IAED;;OAEG;IACH,OAAO,KAAK,YAAY,GAKvB;IAED,UAAU,IAAI,OAAO;IAIf,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAY7C,OAAO,IAAI,QAAQ;IAenB,eAAe,IAAI,OAAO;IAQpB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IA6C5B,MAAM,IAAI,IAAI;IAYd,OAAO,CAAC,eAAe;IAWvB,OAAO,CAAC,gBAAgB;YAYV,SAAS;YAcT,YAAY;IAoD1B,OAAO,CAAC,mBAAmB;CAuE9B"}
|