@sanvika/auth 2.7.0 → 2.9.0

package/dist/index.js

@@ -17,10 +17,9 @@ var STORAGE_KEYS = {
 };
 var DEFAULT_AVATAR_SVG = `data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 40 40'%3E%3Ccircle cx='20' cy='20' r='20' fill='%23e5e7eb'/%3E%3Ccircle cx='20' cy='15' r='7' fill='%23adb5bd'/%3E%3Cellipse cx='20' cy='35' rx='12' ry='8' fill='%23adb5bd'/%3E%3C/svg%3E`;
 
-// SanvikaAuthProvider.jsx
-import { jsx } from "react/jsx-runtime";
-var S_AUTH_URL = "https://auth.sanvikaproduction.com";
-var SanvikaAuthContext = createContext(null);
+// authFlow.js
+var DEFAULT_AUTH_URL = "https://auth.sanvikaproduction.com";
+var DEVICE_ID_STORAGE_KEY = "sanvika_deviceId";
 function randomDeviceId() {
   try {
     if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
@@ -30,6 +29,121 @@ function randomDeviceId() {
   }
   return `device-${Date.now()}-${Math.random().toString(36).slice(2, 11)}`;
 }
+function getOrCreateWebDeviceId() {
+  var _a, _b;
+  if (typeof window === "undefined") return randomDeviceId();
+  let deviceId = localStorage.getItem(DEVICE_ID_STORAGE_KEY);
+  if (!deviceId) {
+    const raw = `${navigator.userAgent}|${((_a = window.screen) == null ? void 0 : _a.width) ?? 0}x${((_b = window.screen) == null ? void 0 : _b.height) ?? 0}|${navigator.language}`;
+    let hash = 0;
+    for (let i = 0; i < raw.length; i++) {
+      hash = Math.imul(31, hash) + raw.charCodeAt(i) | 0;
+    }
+    deviceId = `d_${Math.abs(hash).toString(36)}_${Date.now().toString(36)}`;
+    localStorage.setItem(DEVICE_ID_STORAGE_KEY, deviceId);
+  }
+  return deviceId;
+}
+async function checkMobile({
+  authBaseUrl = DEFAULT_AUTH_URL,
+  mobile,
+  deviceId,
+  clientId,
+  callbackUrl
+}) {
+  const res = await fetch(`${authBaseUrl}/api/auth/check-mobile`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      mobile: String(mobile).trim(),
+      deviceId,
+      clientId,
+      ...callbackUrl ? { callbackUrl } : {}
+    })
+  });
+  const data = await res.json();
+  if (!data.success) {
+    const err = new Error(data.message || data.error || "Check mobile failed");
+    err.code = data.error;
+    throw err;
+  }
+  return data;
+}
+async function postLogin({
+  authBaseUrl = DEFAULT_AUTH_URL,
+  mobile,
+  password,
+  deviceId,
+  userAgent,
+  clientId,
+  deviceName
+}) {
+  const body = {
+    mobile: String(mobile).trim(),
+    deviceId,
+    clientId,
+    userAgent: userAgent || deviceName || "Sanvika App"
+  };
+  if (password) {
+    body.password = password;
+  }
+  const res = await fetch(`${authBaseUrl}/api/auth/login`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  const data = await res.json();
+  if (!data.success) {
+    const err = new Error(data.error || data.message || "Login failed");
+    err.code = data.error;
+    throw err;
+  }
+  return data;
+}
+async function deviceAwareLogin({
+  authBaseUrl = DEFAULT_AUTH_URL,
+  mobile,
+  password,
+  deviceId,
+  userAgent,
+  deviceName,
+  clientId,
+  callbackUrl,
+  resolveDeviceId
+}) {
+  const resolvedDeviceId = deviceId || (typeof resolveDeviceId === "function" ? await resolveDeviceId() : getOrCreateWebDeviceId());
+  const check = await checkMobile({
+    authBaseUrl,
+    mobile,
+    deviceId: resolvedDeviceId,
+    clientId,
+    callbackUrl
+  });
+  if (!check.exists) {
+    const err = new Error("Mobile number not registered.");
+    err.code = "USER_NOT_REGISTERED";
+    throw err;
+  }
+  if (!check.isKnownDevice && !password) {
+    const err = new Error("Password is required for this device.");
+    err.code = "MISSING_PASSWORD";
+    err.requiresPassword = true;
+    throw err;
+  }
+  return postLogin({
+    authBaseUrl,
+    mobile,
+    password: check.isKnownDevice ? void 0 : password,
+    deviceId: resolvedDeviceId,
+    userAgent,
+    deviceName,
+    clientId
+  });
+}
+
+// SanvikaAuthProvider.jsx
+import { jsx } from "react/jsx-runtime";
+var SanvikaAuthContext = createContext(null);
 function createDefaultWebPersistence() {
   return {
     getItem: async (key) => typeof localStorage !== "undefined" ? localStorage.getItem(key) : null,
@@ -50,6 +164,7 @@ function SanvikaAuthProvider({
   clientId,
   redirectUri,
   dashboardPath,
+  authBaseUrl = DEFAULT_AUTH_URL,
   persistence: persistenceProp
 }) {
   const persistence = useMemo(() => {
@@ -83,25 +198,62 @@ function SanvikaAuthProvider({
       cancelled = true;
     };
   }, [persistence]);
-  const login = async ({ mobile, password, deviceId, deviceName }) => {
-    const response = await fetch(`${S_AUTH_URL}/api/auth/login`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
+  const persistSession = useCallback(
+    async (token, userData) => {
+      await persistence.setItem(STORAGE_KEYS.ACCESS_TOKEN, token);
+      await persistence.setItem(STORAGE_KEYS.USER, JSON.stringify(userData));
+      setToken(token);
+      setUser(userData);
+    },
+    [persistence]
+  );
+  const checkMobile2 = useCallback(
+    async ({ mobile, deviceId }) => {
+      const resolvedDeviceId = deviceId || getOrCreateWebDeviceId();
+      return checkMobile({
+        authBaseUrl,
+        mobile,
+        deviceId: resolvedDeviceId,
+        clientId,
+        callbackUrl: redirectUri
+      });
+    },
+    [authBaseUrl, clientId, redirectUri]
+  );
+  const login = async ({
+    mobile,
+    password,
+    deviceId,
+    deviceName,
+    userAgent,
+    skipDeviceCheck = false
+  }) => {
+    const resolveDeviceId = async () => deviceId || getOrCreateWebDeviceId();
+    let data;
+    if (skipDeviceCheck) {
+      data = await postLogin({
+        authBaseUrl,
         mobile,
         password,
         deviceId: deviceId || randomDeviceId(),
-        deviceName: deviceName || "Browser"
-      })
-    });
-    const data = await response.json();
-    if (!data.success) {
-      throw new Error(data.error || data.message || "Login failed");
+        userAgent: userAgent || deviceName,
+        clientId,
+        deviceName
+      });
+    } else {
+      data = await deviceAwareLogin({
+        authBaseUrl,
+        mobile,
+        password,
+        deviceId,
+        userAgent: userAgent || (typeof navigator !== "undefined" ? navigator.userAgent : void 0),
+        deviceName,
+        clientId,
+        callbackUrl: redirectUri,
+        resolveDeviceId
+      });
     }
-    await persistence.setItem(STORAGE_KEYS.ACCESS_TOKEN, data.accessToken);
-    await persistence.setItem(STORAGE_KEYS.USER, JSON.stringify(data.user));
-    setToken(data.accessToken);
-    setUser(data.user);
+    await persistSession(data.accessToken, data.user);
     return data;
   };
   const setAuth = useCallback(
@@ -115,7 +267,7 @@ function SanvikaAuthProvider({
   );
   const logout = async () => {
     try {
-      await fetch(`${S_AUTH_URL}/api/auth/logout`, {
+      await fetch(`${authBaseUrl}/api/auth/logout`, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
@@ -153,12 +305,14 @@ function SanvikaAuthProvider({
     isAuthenticated: !!user,
     isLoggedIn: !!user,
     login,
+    checkMobile: checkMobile2,
     logout,
     setAuth,
     authFetch,
     clientId,
     redirectUri,
-    dashboardPath
+    dashboardPath,
+    authBaseUrl
   };
   return /* @__PURE__ */ jsx(SanvikaAuthContext.Provider, { value, children });
 }
@@ -196,7 +350,7 @@ styleInject("@keyframes snvk-shimmer {\n  0% {\n    background-position: 200% 0;
 
 // SanvikaAccountButton.jsx
 import { jsx as jsx2, jsxs } from "react/jsx-runtime";
-var S_AUTH_URL2 = "https://auth.sanvikaproduction.com";
+var S_AUTH_URL = "https://auth.sanvikaproduction.com";
 var SanvikaAccountButtonErrorBoundary = class extends Component {
   constructor(props) {
     super(props);
@@ -329,7 +483,7 @@ function SanvikaAccountButtonContent({
   if (!isAuthenticated || loading) {
     const { clientId } = auth;
     const redirectUri = auth.redirectUri || (typeof window !== "undefined" && window.location ? window.location.origin + "/auth/callback" : "");
-    const authorizeUrl = clientId && redirectUri ? `${S_AUTH_URL2}/authorize?client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectUri)}` : `${S_AUTH_URL2}/authorize`;
+    const authorizeUrl = clientId && redirectUri ? `${S_AUTH_URL}/authorize?client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectUri)}` : `${S_AUTH_URL}/authorize`;
     return /* @__PURE__ */ jsxs(
       "button",
       {
@@ -463,11 +617,242 @@ function SanvikaAccountButtonContent({
 function SanvikaAccountButton(props) {
   return /* @__PURE__ */ jsx2(SanvikaAccountButtonErrorBoundary, { children: /* @__PURE__ */ jsx2(SanvikaAccountButtonContent, { ...props }) });
 }
+
+// SanvikaAdminLogin.jsx
+import { useState as useState3, useEffect as useEffect3 } from "react";
+import { useRouter } from "next/navigation";
+import { jsx as jsx3, jsxs as jsxs2 } from "react/jsx-runtime";
+var AUTH_BASE_URL = "https://auth.sanvikaproduction.com";
+var DEVICE_ID_KEY = "sanvika_admin_device_id";
+function getDeviceId() {
+  var _a;
+  if (typeof window === "undefined") return "";
+  try {
+    let id = window.localStorage.getItem(DEVICE_ID_KEY);
+    if (!id) {
+      id = ((_a = crypto == null ? void 0 : crypto.randomUUID) == null ? void 0 : _a.call(crypto)) || `dev-${Date.now()}-${Math.random()}`;
+      window.localStorage.setItem(DEVICE_ID_KEY, id);
+    }
+    return id;
+  } catch {
+    return `dev-${Date.now()}`;
+  }
+}
+function friendlyError(code) {
+  switch (code) {
+    case "INVALID_MOBILE":
+      return "Mobile number is not valid.";
+    case "MISSING_DEVICE_ID":
+      return "Device could not be identified. Reload and retry.";
+    case "USER_NOT_FOUND":
+      return "No account found for this mobile.";
+    case "MISSING_PASSWORD":
+      return "Please enter your password.";
+    case "INVALID_PASSWORD":
+      return "Incorrect password.";
+    case "RATE_LIMIT_EXCEEDED":
+      return "Too many attempts. Please try again in 15 minutes.";
+    case "SERVER_ERROR":
+      return "Auth service error. Please try again.";
+    default:
+      return "Login failed. Please try again.";
+  }
+}
+function SanvikaAdminLogin({
+  serviceName = "Sanvika",
+  dashboardPath = "/dashboard/admin",
+  homePath = "/"
+}) {
+  const router = useRouter();
+  const { isAuthenticated, loading, user, setAuth } = useSanvikaAuth();
+  const [mobile, setMobile] = useState3("");
+  const [password, setPassword] = useState3("");
+  const [error, setError] = useState3("");
+  const [submitting, setSubmitting] = useState3(false);
+  const [ready, setReady] = useState3(false);
+  useEffect3(() => {
+    if (loading) return;
+    if (isAuthenticated && (user == null ? void 0 : user.role) === "superadmin") {
+      router.replace(dashboardPath);
+      return;
+    }
+    setReady(true);
+  }, [loading, isAuthenticated, user, router, dashboardPath]);
+  async function handleLogin(e) {
+    var _a;
+    e.preventDefault();
+    setError("");
+    setSubmitting(true);
+    try {
+      const res = await fetch(`${AUTH_BASE_URL}/api/auth/login`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          mobile,
+          password,
+          deviceId: getDeviceId(),
+          deviceName: "Browser"
+        })
+      });
+      const data = await res.json().catch(() => ({}));
+      if (!data.success) {
+        setError(friendlyError(data.error));
+        setPassword("");
+        return;
+      }
+      if (((_a = data.user) == null ? void 0 : _a.role) !== "superadmin") {
+        setError("This account does not have admin access.");
+        setPassword("");
+        return;
+      }
+      setAuth(data.accessToken, data.user);
+      router.replace(dashboardPath);
+    } catch {
+      setError("Could not reach the auth service. Please try again.");
+    } finally {
+      setSubmitting(false);
+    }
+  }
+  const S = {
+    page: {
+      minHeight: "100vh",
+      display: "flex",
+      alignItems: "center",
+      justifyContent: "center",
+      padding: "20px",
+      background: "linear-gradient(135deg,#0f172a 0%,#1e1b4b 100%)",
+      fontFamily: "system-ui,-apple-system,'Segoe UI',Roboto,sans-serif"
+    },
+    card: {
+      position: "relative",
+      width: "100%",
+      maxWidth: "380px",
+      background: "#1e293b",
+      borderRadius: "16px",
+      padding: "36px 32px",
+      boxShadow: "0 20px 50px rgba(0,0,0,.4)",
+      border: "1px solid #334155"
+    },
+    closeBtn: {
+      position: "absolute",
+      top: "14px",
+      right: "16px",
+      background: "none",
+      border: "none",
+      color: "#64748b",
+      fontSize: "20px",
+      cursor: "pointer",
+      lineHeight: 1
+    },
+    logo: { fontSize: "40px", textAlign: "center", marginBottom: "8px" },
+    title: {
+      margin: "0 0 4px",
+      textAlign: "center",
+      color: "#f1f5f9",
+      fontSize: "22px",
+      fontWeight: 700
+    },
+    subtitle: {
+      margin: "0 0 24px",
+      textAlign: "center",
+      color: "#94a3b8",
+      fontSize: "13px"
+    },
+    form: { display: "flex", flexDirection: "column", gap: "6px" },
+    label: { color: "#cbd5e1", fontSize: "13px", marginTop: "10px" },
+    input: {
+      padding: "11px 13px",
+      borderRadius: "9px",
+      border: "1px solid #475569",
+      background: "#0f172a",
+      color: "#f1f5f9",
+      fontSize: "15px",
+      outline: "none"
+    },
+    button: {
+      marginTop: "18px",
+      padding: "12px",
+      borderRadius: "9px",
+      border: "none",
+      background: submitting ? "#4338ca" : "#6366f1",
+      color: "#fff",
+      fontSize: "15px",
+      fontWeight: 600,
+      cursor: submitting ? "default" : "pointer"
+    },
+    error: {
+      marginTop: "14px",
+      textAlign: "center",
+      color: "#f87171",
+      fontSize: "13px"
+    }
+  };
+  if (loading || !ready) {
+    return /* @__PURE__ */ jsx3("div", { style: S.page, children: /* @__PURE__ */ jsx3("div", { style: S.card, children: /* @__PURE__ */ jsx3("p", { style: S.subtitle, children: "Loading\u2026" }) }) });
+  }
+  return /* @__PURE__ */ jsx3("div", { style: S.page, children: /* @__PURE__ */ jsxs2("div", { style: S.card, children: [
+    /* @__PURE__ */ jsx3("button", { style: S.closeBtn, onClick: () => router.push(homePath), "aria-label": "Close", children: "\u2715" }),
+    /* @__PURE__ */ jsx3("div", { style: S.logo, children: "\u{1F6E1}\uFE0F" }),
+    /* @__PURE__ */ jsxs2("h1", { style: S.title, children: [
+      serviceName,
+      " Admin"
+    ] }),
+    /* @__PURE__ */ jsx3("p", { style: S.subtitle, children: "SuperAdmin access \u2014 Sanvika Accounts SSO" }),
+    /* @__PURE__ */ jsxs2("form", { onSubmit: handleLogin, style: S.form, autoComplete: "off", children: [
+      /* @__PURE__ */ jsx3("label", { style: S.label, children: "Mobile Number" }),
+      /* @__PURE__ */ jsx3(
+        "input",
+        {
+          type: "tel",
+          value: mobile,
+          onChange: (e) => setMobile(e.target.value.replace(/\D/g, "").slice(0, 10)),
+          placeholder: "10-digit mobile",
+          style: S.input,
+          maxLength: 10,
+          required: true,
+          autoFocus: true,
+          autoComplete: "off"
+        }
+      ),
+      /* @__PURE__ */ jsx3("label", { style: S.label, children: "Password" }),
+      /* @__PURE__ */ jsx3(
+        "input",
+        {
+          type: "password",
+          value: password,
+          onChange: (e) => setPassword(e.target.value),
+          placeholder: "Password",
+          style: S.input,
+          required: true,
+          autoComplete: "new-password"
+        }
+      ),
+      /* @__PURE__ */ jsx3(
+        "button",
+        {
+          type: "submit",
+          style: S.button,
+          disabled: submitting || mobile.length !== 10 || !password,
+          children: submitting ? "Signing in\u2026" : "Sign in"
+        }
+      )
+    ] }),
+    error && /* @__PURE__ */ jsx3("p", { style: S.error, children: error })
+  ] }) });
+}
 export {
+  DEFAULT_AUTH_URL,
   DEFAULT_AVATAR_SVG,
+  DEVICE_ID_STORAGE_KEY,
   STORAGE_KEYS,
   SanvikaAccountButton,
+  SanvikaAdminLogin,
   SanvikaAuthContext,
   SanvikaAuthProvider,
+  checkMobile,
+  deviceAwareLogin,
+  getOrCreateWebDeviceId,
+  postLogin,
+  randomDeviceId,
   useSanvikaAuth
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sanvika/auth",
-  "version": "2.7.0",
+  "version": "2.9.0",
   "description": "Sanvika Auth SDK — React components/hooks + server-side token verification and user proxy",
   "type": "module",
   "main": "dist/index.js",