@sanvika/auth 2.9.4 → 2.10.0

package/dist/index.js

@@ -16,11 +16,224 @@ var STORAGE_KEYS = {
   USER: "sanvika_user"
 };
 var DEFAULT_AVATAR_SVG = `data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 40 40'%3E%3Ccircle cx='20' cy='20' r='20' fill='%23e5e7eb'/%3E%3Ccircle cx='20' cy='15' r='7' fill='%23adb5bd'/%3E%3Cellipse cx='20' cy='35' rx='12' ry='8' fill='%23adb5bd'/%3E%3C/svg%3E`;
+var AUTH_API = Object.freeze({
+  CHECK_MOBILE: "/api/auth/check-mobile",
+  LOGIN: "/api/auth/login",
+  LOGOUT: "/api/auth/logout",
+  VERIFY_TOKEN: "/api/auth/verify-token",
+  SEND_OTP: "/api/auth/send-otp",
+  VERIFY_OTP: "/api/auth/verify-otp",
+  AUTHORIZE: "/api/auth/authorize"
+});
+var CLIENT_MOBILE_POLICIES = Object.freeze({
+  freeadpostkaro: {
+    format: "SOUTH_ASIA_E164",
+    defaultCountryCode: "91",
+    allowedDialCodes: ["91", "92", "880"]
+  },
+  venerationlove: {
+    format: "E164",
+    defaultCountryCode: "91"
+  },
+  IN_10: {
+    format: "IN_10",
+    defaultCountryCode: "91",
+    allowedDialCodes: ["91"]
+  }
+});
+
+// mobilePolicy.js
+var MOBILE_FORMAT = Object.freeze({
+  IN_10: "IN_10",
+  SOUTH_ASIA_E164: "SOUTH_ASIA_E164",
+  E164: "E164"
+});
+var DEFAULT_DIAL_CODES_SOUTH_ASIA = Object.freeze(["91", "92", "880"]);
+var DEFAULT_MOBILE_POLICY = Object.freeze({
+  format: MOBILE_FORMAT.IN_10,
+  defaultCountryCode: "91",
+  allowedDialCodes: ["91"]
+});
+var E164_MIN_DIGITS = 7;
+var E164_MAX_DIGITS = 15;
+function digitsOnly(raw) {
+  return String(raw ?? "").replace(/\D/g, "");
+}
+function isValidIndiaNational(n10) {
+  return /^[6-9]\d{9}$/.test(n10);
+}
+function extractIndiaNational(d) {
+  let n = d;
+  if (n.startsWith("91") && n.length >= 12) n = n.slice(2);
+  if (n.length === 11 && n.startsWith("0")) n = n.slice(1);
+  if (n.length > 10) n = n.slice(-10);
+  if (!isValidIndiaNational(n)) return null;
+  return n;
+}
+function extractPakistanNational(d) {
+  let n = d;
+  if (n.startsWith("92") && n.length >= 12) n = n.slice(2);
+  if (n.length === 11 && n.startsWith("0")) n = n.slice(1);
+  if (n.length > 10) n = n.slice(-10);
+  if (n.length !== 10 || n[0] !== "3") return null;
+  return n;
+}
+function extractBangladeshNational(d) {
+  let n = d;
+  if (n.startsWith("880")) n = n.slice(3);
+  if (n.length === 11 && n.startsWith("0")) n = n.slice(1);
+  if (n.length > 10) n = n.slice(-10);
+  if (n.length !== 10 || n[0] !== "1") return null;
+  return n;
+}
+function mergeMobilePolicy(raw) {
+  if (!raw || typeof raw !== "object") {
+    return { ...DEFAULT_MOBILE_POLICY };
+  }
+  const format = Object.values(MOBILE_FORMAT).includes(raw.format) ? raw.format : DEFAULT_MOBILE_POLICY.format;
+  const explicitCodes = Array.isArray(raw.allowedDialCodes) ? raw.allowedDialCodes.map(String).filter(Boolean) : null;
+  const allowedDialCodes = (explicitCodes == null ? void 0 : explicitCodes.length) > 0 ? explicitCodes : format === MOBILE_FORMAT.SOUTH_ASIA_E164 ? [...DEFAULT_DIAL_CODES_SOUTH_ASIA] : format === MOBILE_FORMAT.E164 ? [] : ["91"];
+  const defaultCountryCode = raw.defaultCountryCode != null ? String(raw.defaultCountryCode).replace(/\D/g, "") : allowedDialCodes[0] || "91";
+  return {
+    format,
+    defaultCountryCode,
+    allowedDialCodes
+  };
+}
+function normalizeIn10(raw) {
+  return extractIndiaNational(digitsOnly(raw));
+}
+function normalizeSouthAsiaE164(raw, policy) {
+  var _a;
+  let d = digitsOnly(raw);
+  if (!d) return null;
+  if (d.startsWith("00") && d.length > 4) d = d.slice(2);
+  const allowed = ((_a = policy.allowedDialCodes) == null ? void 0 : _a.length) > 0 ? policy.allowedDialCodes : DEFAULT_DIAL_CODES_SOUTH_ASIA;
+  const byCode = [...allowed].sort((a, b) => b.length - a.length);
+  for (const code of byCode) {
+    if (!d.startsWith(code)) continue;
+    const rest = d.slice(code.length);
+    if (code === "91") {
+      const n = extractIndiaNational(rest.length >= 10 ? rest : d);
+      if (n) return `91${n}`;
+    }
+    if (code === "92") {
+      const n = extractPakistanNational(rest.length >= 10 ? rest : d);
+      if (n) return `92${n}`;
+    }
+    if (code === "880") {
+      const n = extractBangladeshNational(rest.length >= 6 ? rest : d);
+      if (n) return `880${n}`;
+    }
+  }
+  if (allowed.includes("91")) {
+    const n = extractIndiaNational(d);
+    if (n) return `91${n}`;
+  }
+  if (allowed.includes("92")) {
+    const n = extractPakistanNational(d);
+    if (n) return `92${n}`;
+  }
+  if (allowed.includes("880")) {
+    const n = extractBangladeshNational(d);
+    if (n) return `880${n}`;
+  }
+  return null;
+}
+function normalizeE164(raw) {
+  let d = digitsOnly(raw);
+  if (!d) return null;
+  if (d.startsWith("00") && d.length > 4) d = d.slice(2);
+  if (d.length >= E164_MIN_DIGITS && d.length <= E164_MAX_DIGITS) return d;
+  return null;
+}
+function normalizeMobileWithPolicy(raw, policy = DEFAULT_MOBILE_POLICY) {
+  const p = mergeMobilePolicy(policy);
+  switch (p.format) {
+    case MOBILE_FORMAT.SOUTH_ASIA_E164:
+      return normalizeSouthAsiaE164(raw, p);
+    case MOBILE_FORMAT.E164:
+      return normalizeE164(raw);
+    case MOBILE_FORMAT.IN_10:
+    default:
+      return normalizeIn10(raw);
+  }
+}
+function isValidMobileWithPolicy(raw, policy = DEFAULT_MOBILE_POLICY) {
+  return normalizeMobileWithPolicy(raw, policy) != null;
+}
+function getMobileLookupValues(normalized, policy = DEFAULT_MOBILE_POLICY) {
+  if (!normalized) return [];
+  const p = mergeMobilePolicy(policy);
+  const values = /* @__PURE__ */ new Set([normalized]);
+  if (p.format !== MOBILE_FORMAT.IN_10) {
+    if (normalized.startsWith("91") && normalized.length === 12) {
+      values.add(normalized.slice(2));
+    }
+    if (/^\d{10}$/.test(normalized)) {
+      values.add(`91${normalized}`);
+    }
+  }
+  return [...values];
+}
+function formatMobileForDisplay(normalized, policy = DEFAULT_MOBILE_POLICY) {
+  if (!normalized) return "";
+  const p = mergeMobilePolicy(policy);
+  if (p.format === MOBILE_FORMAT.IN_10) {
+    return `+91 ${normalized}`;
+  }
+  return `+${normalized}`;
+}
+function invalidMobileMessage(policy = DEFAULT_MOBILE_POLICY) {
+  const p = mergeMobilePolicy(policy);
+  if (p.format === MOBILE_FORMAT.IN_10) {
+    return "Valid 10-digit mobile number required.";
+  }
+  if (p.format === MOBILE_FORMAT.SOUTH_ASIA_E164) {
+    return "Valid mobile number required (India, Pakistan, or Bangladesh with country code).";
+  }
+  return "Valid mobile number with country code required.";
+}
+function mobilePolicyToClientConfig(policy = DEFAULT_MOBILE_POLICY) {
+  const p = mergeMobilePolicy(policy);
+  return {
+    format: p.format,
+    defaultCountryCode: p.defaultCountryCode,
+    allowedDialCodes: p.allowedDialCodes
+  };
+}
+function isLegacyIndianIn10(mobile) {
+  const d = digitsOnly(mobile);
+  return /^[6-9]\d{9}$/.test(d);
+}
+function toIndiaE164FromLegacyIn10(mobile) {
+  const d = digitsOnly(mobile);
+  if (!isLegacyIndianIn10(d)) return null;
+  if (d.length === 12 && d.startsWith("91")) return d;
+  return `91${d}`;
+}
+function mobilesMatchIdentity(stored, candidate) {
+  const policy = { format: MOBILE_FORMAT.E164 };
+  const a = digitsOnly(stored);
+  const b = digitsOnly(candidate);
+  if (!a || !b) return false;
+  if (a === b) return true;
+  const aliasA = new Set(getMobileLookupValues(a, policy));
+  return getMobileLookupValues(b, policy).some((v) => aliasA.has(v));
+}
 
 // authFlow.js
 var DEFAULT_AUTH_URL = "https://auth.sanvikaproduction.com";
 var DEVICE_ID_STORAGE_KEY = "sanvika_deviceId";
 var MOBILE_DEVICE_ID_STORAGE_KEY = "deviceId";
+function authApiUrl(path, authBaseUrl = DEFAULT_AUTH_URL) {
+  return `${String(authBaseUrl).replace(/\/$/, "")}${path}`;
+}
+function resolveMobileForApi(mobile, mobilePolicy) {
+  const policy = mergeMobilePolicy(mobilePolicy || DEFAULT_MOBILE_POLICY);
+  const raw = String(mobile ?? "").trim();
+  return normalizeMobileWithPolicy(raw, policy) || raw;
+}
 function randomDeviceId() {
   try {
     if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
@@ -66,13 +279,15 @@ async function checkMobile({
   mobile,
   deviceId,
   clientId,
-  callbackUrl
+  callbackUrl,
+  mobilePolicy
 }) {
-  const res = await fetch(`${authBaseUrl}/api/auth/check-mobile`, {
+  const normalized = resolveMobileForApi(mobile, mobilePolicy);
+  const res = await fetch(authApiUrl(AUTH_API.CHECK_MOBILE, authBaseUrl), {
     method: "POST",
     headers: { "Content-Type": "application/json" },
     body: JSON.stringify({
-      mobile: String(mobile).trim(),
+      mobile: normalized,
       deviceId,
       clientId,
       ...callbackUrl ? { callbackUrl } : {}
@@ -93,10 +308,11 @@ async function postLogin({
   deviceId,
   userAgent,
   clientId,
-  deviceName
+  deviceName,
+  mobilePolicy
 }) {
   const body = {
-    mobile: String(mobile).trim(),
+    mobile: resolveMobileForApi(mobile, mobilePolicy),
     deviceId,
     clientId,
     userAgent: userAgent || deviceName || "Sanvika App"
@@ -104,7 +320,7 @@ async function postLogin({
   if (password) {
     body.password = password;
   }
-  const res = await fetch(`${authBaseUrl}/api/auth/login`, {
+  const res = await fetch(authApiUrl(AUTH_API.LOGIN, authBaseUrl), {
     method: "POST",
     headers: { "Content-Type": "application/json" },
     body: JSON.stringify(body)
@@ -126,6 +342,7 @@ async function deviceAwareLogin({
   deviceName,
   clientId,
   callbackUrl,
+  mobilePolicy,
   resolveDeviceId
 }) {
   const resolvedDeviceId = deviceId || (typeof resolveDeviceId === "function" ? await resolveDeviceId() : getOrCreateWebDeviceId());
@@ -134,7 +351,8 @@ async function deviceAwareLogin({
     mobile,
     deviceId: resolvedDeviceId,
     clientId,
-    callbackUrl
+    callbackUrl,
+    mobilePolicy
   });
   if (!check.exists) {
     const err = new Error("Mobile number not registered.");
@@ -154,7 +372,8 @@ async function deviceAwareLogin({
     deviceId: resolvedDeviceId,
     userAgent,
     deviceName,
-    clientId
+    clientId,
+    mobilePolicy
   });
 }
 
@@ -184,7 +403,9 @@ function SanvikaAuthProvider({
   embeddedLogin = false,
   dashboardPath,
   authBaseUrl = DEFAULT_AUTH_URL,
-  persistence: persistenceProp
+  persistence: persistenceProp,
+  /** Client mobilePolicy — E164 / SOUTH_ASIA_E164 / IN_10 (see CLIENT_MOBILE_POLICIES). */
+  mobileConfig
 }) {
   const apiCallbackUrl = embeddedLogin ? void 0 : redirectUri;
   const persistence = useMemo(() => {
@@ -235,10 +456,11 @@ function SanvikaAuthProvider({
         mobile,
         deviceId: resolvedDeviceId,
         clientId,
-        callbackUrl: apiCallbackUrl
+        callbackUrl: apiCallbackUrl,
+        mobilePolicy: mobileConfig
       });
     },
-    [authBaseUrl, clientId, apiCallbackUrl]
+    [authBaseUrl, clientId, apiCallbackUrl, mobileConfig]
   );
   const login = async ({
     mobile,
@@ -258,7 +480,8 @@ function SanvikaAuthProvider({
         deviceId: deviceId || randomDeviceId(),
         userAgent: userAgent || deviceName,
         clientId,
-        deviceName
+        deviceName,
+        mobilePolicy: mobileConfig
       });
     } else {
       data = await deviceAwareLogin({
@@ -270,6 +493,7 @@ function SanvikaAuthProvider({
         deviceName,
         clientId,
         callbackUrl: apiCallbackUrl,
+        mobilePolicy: mobileConfig,
         resolveDeviceId
       });
     }
@@ -288,7 +512,7 @@ function SanvikaAuthProvider({
   const logout = async () => {
     try {
       const deviceId = await resolveLogoutDeviceId(persistence);
-      await fetch(`${authBaseUrl}/api/auth/logout`, {
+      await fetch(`${authBaseUrl}${AUTH_API.LOGOUT}`, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
@@ -314,8 +538,22 @@ function SanvikaAuthProvider({
         ...opts.headers
       };
       const res = await fetch(url, { ...opts, headers });
-      const data = await res.json();
-      return { data, success: data.success };
+      let data;
+      try {
+        data = await res.json();
+      } catch {
+        data = {
+          success: false,
+          message: `Invalid JSON response (HTTP ${res.status})`
+        };
+      }
+      const bodySuccess = (data == null ? void 0 : data.success) === true;
+      return {
+        data,
+        success: bodySuccess,
+        ok: res.ok && (data == null ? void 0 : data.success) !== false,
+        status: res.status
+      };
     },
     [persistence]
   );
@@ -334,7 +572,8 @@ function SanvikaAuthProvider({
     clientId,
     redirectUri,
     dashboardPath,
-    authBaseUrl
+    authBaseUrl,
+    mobileConfig
   };
   return /* @__PURE__ */ jsx(SanvikaAuthContext.Provider, { value, children });
 }
@@ -372,7 +611,6 @@ styleInject("@keyframes snvk-shimmer {\n  0% {\n    background-position: 200% 0;
 
 // SanvikaAccountButton.jsx
 import { jsx as jsx2, jsxs } from "react/jsx-runtime";
-var S_AUTH_URL = "https://auth.sanvikaproduction.com";
 var SanvikaAccountButtonErrorBoundary = class extends Component {
   constructor(props) {
     super(props);
@@ -456,7 +694,7 @@ function SanvikaAccountButtonContent({
   className,
   layout = "default"
 }) {
-  var _a, _b;
+  var _a;
   const isNavbarChip = layout === "navbarChip";
   const guestBtnClass = `snvk-guestBtn${isNavbarChip ? " snvk-layout-navbarChip" : ""}${className ? ` ${className}` : ""}`;
   const wrapperClass = `snvk-wrapper${isNavbarChip ? " snvk-layout-navbarChip" : ""}${className ? ` ${className}` : ""}`;
@@ -509,7 +747,7 @@ function SanvikaAccountButtonContent({
   if (!isAuthenticated || loading) {
     const { clientId } = auth;
     const redirectUri = auth.redirectUri || (typeof window !== "undefined" && window.location ? window.location.origin + "/auth/callback" : "");
-    const authorizeUrl = clientId && redirectUri ? `${S_AUTH_URL}/authorize?client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectUri)}` : `${S_AUTH_URL}/authorize`;
+    const authorizeUrl = clientId && redirectUri ? `${DEFAULT_AUTH_URL}/authorize?client_id=${encodeURIComponent(clientId)}&redirect_uri=${encodeURIComponent(redirectUri)}` : `${DEFAULT_AUTH_URL}/authorize`;
     return /* @__PURE__ */ jsxs(
       "button",
       {
@@ -535,7 +773,9 @@ function SanvikaAccountButtonContent({
       }
     );
   }
-  const displayName = user.firstName || ((_b = user.mobile) == null ? void 0 : _b.slice(-4)) || "Me";
+  const mobileDigits = String(user.mobile || "").replace(/\D/g, "");
+  const displayName = user.firstName || mobileDigits.slice(-4) || "Me";
+  const mobileLabel = user.mobile ? formatMobileForDisplay(user.mobile, { format: MOBILE_FORMAT.E164 }) : "";
   const imageSrc = !imgError && user.image ? user.image : DEFAULT_AVATAR_SVG;
   const handleProfileClick = () => {
     if (onProfileClick) return onProfileClick();
@@ -588,10 +828,7 @@ function SanvikaAccountButtonContent({
         ),
         /* @__PURE__ */ jsxs("div", { children: [
           /* @__PURE__ */ jsx2("div", { className: "snvk-dropdownName", children: [user.firstName, user.lastName].filter(Boolean).join(" ") }),
-          /* @__PURE__ */ jsxs("div", { className: "snvk-dropdownMobile", children: [
-            "+91 ",
-            user.mobile
-          ] })
+          /* @__PURE__ */ jsx2("div", { className: "snvk-dropdownMobile", children: mobileLabel })
         ] })
       ] }),
       /* @__PURE__ */ jsx2("div", { className: "snvk-divider" }),
@@ -647,9 +884,196 @@ function SanvikaAccountButton(props) {
 // SanvikaAdminLogin.jsx
 import { useState as useState3, useEffect as useEffect3 } from "react";
 import { useRouter } from "next/navigation";
-import { jsx as jsx3, jsxs as jsxs2 } from "react/jsx-runtime";
-var AUTH_BASE_URL = "https://auth.sanvikaproduction.com";
+
+// MobilePolicyPhoneInput.jsx
+import PhoneInput, { formatPhoneNumberIntl } from "react-phone-number-input";
+import flags from "react-phone-number-input/flags";
+import en from "react-phone-number-input/locale/en.json";
+import { parsePhoneNumber } from "libphonenumber-js/min";
+
+// phoneInputPolicy.js
+var DIAL_CODE_TO_COUNTRY = Object.freeze({
+  "1": "US",
+  "44": "GB",
+  "91": "IN",
+  "92": "PK",
+  "880": "BD",
+  "971": "AE",
+  "61": "AU",
+  "49": "DE",
+  "33": "FR"
+});
+var SOUTH_ASIA_DEFAULTS = Object.freeze(["IN", "PK", "BD"]);
+function countriesForPolicy(config) {
+  var _a;
+  const p = mergeMobilePolicy(config);
+  if (p.format === MOBILE_FORMAT.IN_10) return ["IN"];
+  if (p.format === MOBILE_FORMAT.SOUTH_ASIA_E164) {
+    const codes = ((_a = p.allowedDialCodes) == null ? void 0 : _a.length) > 0 ? p.allowedDialCodes : ["91", "92", "880"];
+    const iso = codes.map((c) => DIAL_CODE_TO_COUNTRY[String(c).replace(/\D/g, "")]).filter(Boolean);
+    return iso.length ? iso : [...SOUTH_ASIA_DEFAULTS];
+  }
+  return void 0;
+}
+function defaultCountryForPolicy(config) {
+  const p = mergeMobilePolicy(config);
+  const dc = String(p.defaultCountryCode || "91").replace(/\D/g, "");
+  return DIAL_CODE_TO_COUNTRY[dc] || "IN";
+}
+function isCountryLocked(config) {
+  const list = countriesForPolicy(config);
+  return Array.isArray(list) && list.length === 1;
+}
+function toPhoneInputValue(raw, config) {
+  if (!raw) return void 0;
+  const s = String(raw).trim();
+  if (s.startsWith("+")) return s;
+  const dc = defaultCountryForPolicy(config);
+  const digits = s.replace(/\D/g, "");
+  if (!digits) return void 0;
+  return `+${digits}`;
+}
+
+// MobilePolicyPhoneInput.jsx
+import "react-phone-number-input/style.css";
+
+// MobilePolicyPhoneInput.css
+styleInject(".sa-phone-field {\n  margin-bottom: 16px;\n}\n.sa-phone-input {\n  display: block;\n}\n.sa-phone-input .PhoneInput {\n  display: flex;\n  align-items: stretch;\n  border-radius: 8px;\n  overflow: hidden;\n  border: 1px solid #dddddd;\n  background: #ffffff;\n}\n.sa-phone-input--dark .PhoneInput {\n  border-color: #333333;\n  background: #222222;\n}\n.sa-phone-input .PhoneInputCountry {\n  align-self: stretch;\n  display: flex;\n  align-items: center;\n  padding: 0 10px;\n  margin: 0;\n  border-right: 1px solid #dddddd;\n  background: #f5f5f5;\n}\n.sa-phone-input--dark .PhoneInputCountry {\n  border-right-color: #333333;\n  background: #2a2a2a;\n}\n.sa-phone-input .PhoneInputCountrySelect {\n  font-size: 14px;\n  cursor: pointer;\n  color: #222222;\n  max-width: 120px;\n}\n.sa-phone-input--dark .PhoneInputCountrySelect {\n  color: #eeeeee;\n  background: #2a2a2a;\n}\n.sa-phone-input .PhoneInputCountrySelect:disabled {\n  cursor: default;\n  opacity: 0.85;\n}\n.sa-phone-input .PhoneInputCountryIcon {\n  width: 1.5em;\n  height: 1em;\n  box-shadow: none;\n  border: none;\n}\n.sa-phone-input .PhoneInputCountryIcon--border {\n  box-shadow: 0 0 0 1px rgba(0, 0, 0, 0.08);\n}\n.sa-phone-input .PhoneInputInput {\n  flex: 1;\n  min-width: 0;\n  border: none;\n  outline: none;\n  padding: 10px 12px;\n  font-size: 15px;\n  background: transparent;\n  color: #222222;\n}\n.sa-phone-input--dark .PhoneInputInput {\n  color: #ffffff;\n}\n.sa-phone-input .PhoneInputInput::placeholder {\n  color: #999999;\n}\n.sa-phone-input--dark .PhoneInputInput::placeholder {\n  color: #666666;\n}\n.sa-phone-preview {\n  display: flex;\n  flex-wrap: wrap;\n  align-items: center;\n  gap: 6px 10px;\n  margin-top: 8px;\n  padding: 8px 10px;\n  border-radius: 6px;\n  font-size: 12px;\n  background: #f0f7ff;\n  border: 1px solid #cce4ff;\n}\n.sa-phone-preview--dark {\n  background: #1a2433;\n  border-color: #2a3f5f;\n}\n.sa-phone-preview__label {\n  font-weight: 600;\n  color: #555555;\n  text-transform: uppercase;\n  letter-spacing: 0.04em;\n  font-size: 10px;\n}\n.sa-phone-preview--dark .sa-phone-preview__label {\n  color: #8899aa;\n}\n.sa-phone-preview__value {\n  color: #0984e3;\n  font-weight: 500;\n}\n.sa-phone-preview--dark .sa-phone-preview__value {\n  color: #88c5ff;\n}\n.sa-phone-preview__e164 {\n  font-family:\n    ui-monospace,\n    SFMono-Regular,\n    Menlo,\n    monospace;\n  color: #333333;\n  background: rgba(0, 0, 0, 0.05);\n  padding: 2px 6px;\n  border-radius: 4px;\n}\n.sa-phone-preview--dark .sa-phone-preview__e164 {\n  color: #cccccc;\n  background: rgba(255, 255, 255, 0.06);\n}\n.sa-phone-input--modal .PhoneInputCountrySelect {\n  max-width: 100px;\n}\n");
+
+// MobilePolicyPhoneInput.jsx
+import { Fragment, jsx as jsx3, jsxs as jsxs2 } from "react/jsx-runtime";
+function MobilePolicyPhoneInput({
+  config,
+  value,
+  onChange,
+  theme = "dark",
+  inputRef,
+  id = "mobile-phone-input",
+  placeholder = "Enter phone number"
+}) {
+  const policy = mergeMobilePolicy(config);
+  const countries = countriesForPolicy(config);
+  const defaultCountry = defaultCountryForPolicy(config);
+  const countryLocked = isCountryLocked(config);
+  let intlFormatted = "";
+  let e164Digits = "";
+  if (value) {
+    try {
+      intlFormatted = formatPhoneNumberIntl(value) || value;
+      const parsed = parsePhoneNumber(value);
+      if (parsed == null ? void 0 : parsed.isValid()) {
+        e164Digits = parsed.number.replace("+", "");
+      } else {
+        e164Digits = normalizeMobileWithPolicy(value, policy) || String(value).replace(/\D/g, "");
+      }
+    } catch {
+      intlFormatted = value;
+    }
+  }
+  return /* @__PURE__ */ jsxs2("div", { className: "sa-phone-field", children: [
+    /* @__PURE__ */ jsx3(
+      "div",
+      {
+        className: `sa-phone-input sa-phone-input--${theme}`,
+        "data-theme": theme,
+        children: /* @__PURE__ */ jsx3(
+          PhoneInput,
+          {
+            id,
+            international: true,
+            countryCallingCodeEditable: false,
+            defaultCountry,
+            countries,
+            flags,
+            labels: en,
+            value,
+            onChange,
+            placeholder,
+            smartCaret: true,
+            countrySelectProps: {
+              unicodeFlags: true,
+              ...countryLocked ? { disabled: true } : {}
+            },
+            numberInputProps: {
+              ref: inputRef,
+              autoComplete: "tel",
+              inputMode: "tel",
+              "aria-label": "Phone number"
+            }
+          }
+        )
+      }
+    ),
+    value && /* @__PURE__ */ jsxs2("div", { className: `sa-phone-preview sa-phone-preview--${theme}`, children: [
+      /* @__PURE__ */ jsx3("span", { className: "sa-phone-preview__label", children: "Formatted" }),
+      /* @__PURE__ */ jsx3("span", { className: "sa-phone-preview__value", children: intlFormatted }),
+      e164Digits ? /* @__PURE__ */ jsxs2(Fragment, { children: [
+        /* @__PURE__ */ jsx3("span", { className: "sa-phone-preview__label", children: "E.164" }),
+        /* @__PURE__ */ jsx3("span", { className: "sa-phone-preview__e164", children: e164Digits })
+      ] }) : null
+    ] })
+  ] });
+}
+
+// mobileInput.js
+var DIAL_CODE_LABELS = Object.freeze({
+  "91": "+91 India",
+  "92": "+92 Pakistan",
+  "880": "+880 Bangladesh"
+});
+function dialCodeOptions(config) {
+  const p = mergeMobilePolicy(config);
+  return (p.allowedDialCodes || ["91"]).map((code) => ({
+    code,
+    label: DIAL_CODE_LABELS[code] || `+${code}`
+  }));
+}
+function buildRawMobile({ config, national, dialCode, e164Input }) {
+  const p = mergeMobilePolicy(config);
+  if (p.format === MOBILE_FORMAT.E164) {
+    return String(e164Input ?? national ?? "").trim();
+  }
+  if (p.format === MOBILE_FORMAT.SOUTH_ASIA_E164) {
+    const n = String(national ?? "").replace(/\D/g, "");
+    const dc = String(dialCode || p.defaultCountryCode || "91").replace(/\D/g, "");
+    return `${dc}${n}`;
+  }
+  return String(national ?? "").replace(/\D/g, "");
+}
+function validateMobileInput(config, raw) {
+  return isValidMobileWithPolicy(raw, config);
+}
+function normalizeForSubmit(config, raw) {
+  return normalizeMobileWithPolicy(raw, config);
+}
+function displayMobileLabel(config, rawOrNational) {
+  const p = mergeMobilePolicy(config);
+  if (p.format === MOBILE_FORMAT.IN_10) {
+    return formatMobileForDisplay(rawOrNational, config);
+  }
+  const normalized = normalizeMobileWithPolicy(
+    buildRawMobile({ config, national: rawOrNational, dialCode: p.defaultCountryCode }),
+    config
+  );
+  return formatMobileForDisplay(normalized || rawOrNational, config);
+}
+function nationalMaxLength(config) {
+  const p = mergeMobilePolicy(config);
+  if (p.format === MOBILE_FORMAT.IN_10) return 10;
+  if (p.format === MOBILE_FORMAT.SOUTH_ASIA_E164) return 11;
+  return 15;
+}
+function mobilePlaceholder(config) {
+  const p = mergeMobilePolicy(config);
+  if (p.format === MOBILE_FORMAT.IN_10) return "Enter mobile number";
+  if (p.format === MOBILE_FORMAT.SOUTH_ASIA_E164) return "National number";
+  return "Include country code, e.g. +1 415 555 0100";
+}
+
+// SanvikaAdminLogin.jsx
+import { jsx as jsx4, jsxs as jsxs3 } from "react/jsx-runtime";
 var DEVICE_ID_KEY = "sanvika_admin_device_id";
+var ADMIN_MOBILE_POLICY = CLIENT_MOBILE_POLICIES.IN_10;
 function getDeviceId() {
   var _a;
   if (typeof window === "undefined") return "";
@@ -687,11 +1111,12 @@ function friendlyError(code) {
 function SanvikaAdminLogin({
   serviceName = "Sanvika",
   dashboardPath = "/dashboard/admin",
-  homePath = "/"
+  homePath = "/",
+  authBaseUrl = DEFAULT_AUTH_URL
 }) {
   const router = useRouter();
-  const { isAuthenticated, loading, user, setAuth } = useSanvikaAuth();
-  const [mobile, setMobile] = useState3("");
+  const { isAuthenticated, loading, user, setAuth, clientId } = useSanvikaAuth();
+  const [phoneValue, setPhoneValue] = useState3(void 0);
   const [password, setPassword] = useState3("");
   const [error, setError] = useState3("");
   const [submitting, setSubmitting] = useState3(false);
@@ -708,24 +1133,26 @@ function SanvikaAdminLogin({
     var _a;
     e.preventDefault();
     setError("");
+    if (!phoneValue || !validateMobileInput(ADMIN_MOBILE_POLICY, phoneValue)) {
+      setError(invalidMobileMessage(ADMIN_MOBILE_POLICY));
+      return;
+    }
+    if (!password) {
+      setError("Please enter your password.");
+      return;
+    }
     setSubmitting(true);
     try {
-      const res = await fetch(`${AUTH_BASE_URL}/api/auth/login`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          mobile,
-          password,
-          deviceId: getDeviceId(),
-          deviceName: "Browser"
-        })
+      const mobile = normalizeForSubmit(ADMIN_MOBILE_POLICY, phoneValue);
+      const data = await postLogin({
+        authBaseUrl,
+        mobile,
+        password,
+        deviceId: getDeviceId(),
+        deviceName: "Browser",
+        clientId,
+        mobilePolicy: ADMIN_MOBILE_POLICY
       });
-      const data = await res.json().catch(() => ({}));
-      if (!data.success) {
-        setError(friendlyError(data.error));
-        setPassword("");
-        return;
-      }
       if (((_a = data.user) == null ? void 0 : _a.role) !== "superadmin") {
         setError("This account does not have admin access.");
         setPassword("");
@@ -733,8 +1160,9 @@ function SanvikaAdminLogin({
       }
       setAuth(data.accessToken, data.user);
       router.replace(dashboardPath);
-    } catch {
-      setError("Could not reach the auth service. Please try again.");
+    } catch (err) {
+      setError(friendlyError(err == null ? void 0 : err.code) || (err == null ? void 0 : err.message) || "Login failed.");
+      setPassword("");
     } finally {
       setSubmitting(false);
     }
@@ -752,7 +1180,7 @@ function SanvikaAdminLogin({
     card: {
       position: "relative",
       width: "100%",
-      maxWidth: "380px",
+      maxWidth: "420px",
       background: "#1e293b",
       borderRadius: "16px",
       padding: "36px 32px",
@@ -814,34 +1242,39 @@ function SanvikaAdminLogin({
     }
   };
   if (loading || !ready) {
-    return /* @__PURE__ */ jsx3("div", { style: S.page, children: /* @__PURE__ */ jsx3("div", { style: S.card, children: /* @__PURE__ */ jsx3("p", { style: S.subtitle, children: "Loading\u2026" }) }) });
+    return /* @__PURE__ */ jsx4("div", { style: S.page, children: /* @__PURE__ */ jsx4("div", { style: S.card, children: /* @__PURE__ */ jsx4("p", { style: S.subtitle, children: "Loading\u2026" }) }) });
   }
-  return /* @__PURE__ */ jsx3("div", { style: S.page, children: /* @__PURE__ */ jsxs2("div", { style: S.card, children: [
-    /* @__PURE__ */ jsx3("button", { style: S.closeBtn, onClick: () => router.push(homePath), "aria-label": "Close", children: "\u2715" }),
-    /* @__PURE__ */ jsx3("div", { style: S.logo, children: "\u{1F6E1}\uFE0F" }),
-    /* @__PURE__ */ jsxs2("h1", { style: S.title, children: [
+  return /* @__PURE__ */ jsx4("div", { style: S.page, children: /* @__PURE__ */ jsxs3("div", { style: S.card, children: [
+    /* @__PURE__ */ jsx4(
+      "button",
+      {
+        style: S.closeBtn,
+        onClick: () => router.push(homePath),
+        "aria-label": "Close",
+        children: "\u2715"
+      }
+    ),
+    /* @__PURE__ */ jsx4("div", { style: S.logo, children: "\u{1F6E1}\uFE0F" }),
+    /* @__PURE__ */ jsxs3("h1", { style: S.title, children: [
       serviceName,
       " Admin"
     ] }),
-    /* @__PURE__ */ jsx3("p", { style: S.subtitle, children: "SuperAdmin access \u2014 Sanvika Accounts SSO" }),
-    /* @__PURE__ */ jsxs2("form", { onSubmit: handleLogin, style: S.form, autoComplete: "off", children: [
-      /* @__PURE__ */ jsx3("label", { style: S.label, children: "Mobile Number" }),
-      /* @__PURE__ */ jsx3(
-        "input",
+    /* @__PURE__ */ jsx4("p", { style: S.subtitle, children: "SuperAdmin access \u2014 Sanvika Accounts SSO" }),
+    /* @__PURE__ */ jsxs3("form", { onSubmit: handleLogin, style: S.form, autoComplete: "off", children: [
+      /* @__PURE__ */ jsx4("label", { style: S.label, htmlFor: "admin-mobile-phone", children: "Mobile Number" }),
+      /* @__PURE__ */ jsx4(
+        MobilePolicyPhoneInput,
         {
-          type: "tel",
-          value: mobile,
-          onChange: (e) => setMobile(e.target.value.replace(/\D/g, "").slice(0, 10)),
-          placeholder: "10-digit mobile",
-          style: S.input,
-          maxLength: 10,
-          required: true,
-          autoFocus: true,
-          autoComplete: "off"
+          config: ADMIN_MOBILE_POLICY,
+          value: phoneValue,
+          onChange: setPhoneValue,
+          theme: "dark",
+          id: "admin-mobile-phone",
+          placeholder: "Enter phone number"
         }
       ),
-      /* @__PURE__ */ jsx3("label", { style: S.label, children: "Password" }),
-      /* @__PURE__ */ jsx3(
+      /* @__PURE__ */ jsx4("label", { style: S.label, children: "Password" }),
+      /* @__PURE__ */ jsx4(
         "input",
         {
           type: "password",
@@ -853,34 +1286,90 @@ function SanvikaAdminLogin({
           autoComplete: "new-password"
         }
       ),
-      /* @__PURE__ */ jsx3(
+      /* @__PURE__ */ jsx4(
         "button",
         {
           type: "submit",
           style: S.button,
-          disabled: submitting || mobile.length !== 10 || !password,
+          disabled: submitting || !phoneValue || !password,
           children: submitting ? "Signing in\u2026" : "Sign in"
         }
       )
     ] }),
-    error && /* @__PURE__ */ jsx3("p", { style: S.error, children: error })
+    error && /* @__PURE__ */ jsx4("p", { style: S.error, children: error })
   ] }) });
 }
+var ADMIN_LOGIN_API_URL = authApiUrl(AUTH_API.LOGIN, DEFAULT_AUTH_URL);
+
+// authFetchResult.js
+function isAuthFetchOk(response) {
+  var _a;
+  if (!response || typeof response !== "object") return false;
+  if (response.ok === true) return true;
+  return Boolean(response.success) || ((_a = response == null ? void 0 : response.data) == null ? void 0 : _a.success) === true;
+}
+function getAuthFetchMessage(response, fallback = "Request failed") {
+  var _a;
+  const msg = (_a = response == null ? void 0 : response.data) == null ? void 0 : _a.message;
+  return typeof msg === "string" && msg.trim() ? msg.trim() : fallback;
+}
+function getAuthFetchPayload(response) {
+  return (response == null ? void 0 : response.data) ?? null;
+}
+function getAuthFetchData(response) {
+  const payload = getAuthFetchPayload(response);
+  if (payload && typeof payload === "object" && payload.data !== void 0) {
+    return payload.data;
+  }
+  return payload;
+}
 export {
+  AUTH_API,
+  CLIENT_MOBILE_POLICIES,
   DEFAULT_AUTH_URL,
   DEFAULT_AVATAR_SVG,
+  DEFAULT_MOBILE_POLICY,
   DEVICE_ID_STORAGE_KEY,
+  DIAL_CODE_TO_COUNTRY,
   MOBILE_DEVICE_ID_STORAGE_KEY,
+  MOBILE_FORMAT,
+  MobilePolicyPhoneInput,
   STORAGE_KEYS,
   SanvikaAccountButton,
   SanvikaAdminLogin,
   SanvikaAuthContext,
   SanvikaAuthProvider,
+  authApiUrl,
+  buildRawMobile,
   checkMobile,
+  countriesForPolicy,
+  defaultCountryForPolicy,
   deviceAwareLogin,
+  dialCodeOptions,
+  displayMobileLabel,
+  formatMobileForDisplay,
+  getAuthFetchData,
+  getAuthFetchMessage,
+  getAuthFetchPayload,
   getOrCreateWebDeviceId,
+  invalidMobileMessage,
+  isAuthFetchOk,
+  isCountryLocked,
+  isLegacyIndianIn10,
+  isValidMobileWithPolicy,
+  mergeMobilePolicy,
+  mobilePlaceholder,
+  mobilePolicyToClientConfig,
+  mobilesMatchIdentity,
+  nationalMaxLength,
+  normalizeForSubmit,
+  normalizeMobileWithPolicy,
   postLogin,
   randomDeviceId,
   resolveLogoutDeviceId,
-  useSanvikaAuth
+  resolveMobileForApi,
+  toIndiaE164FromLegacyIn10,
+  toPhoneInputValue,
+  useSanvikaAuth,
+  validateMobileInput
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sanvika/auth",
-  "version": "2.9.4",
+  "version": "2.10.0",
   "description": "Sanvika Auth SDK — React components/hooks + server-side token verification and user proxy",
   "type": "module",
   "main": "dist/index.js",
@@ -14,7 +14,9 @@
   ],
   "scripts": {
     "build": "tsup",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run build",
+    "test:curl:local": "bash ../../scripts/sdk-curl-auth-test.sh local",
+    "test:curl:production": "bash ../../scripts/sdk-curl-auth-test.sh production"
   },
   "publishConfig": {
     "access": "public"
@@ -28,6 +30,10 @@
       "optional": true
     }
   },
+  "dependencies": {
+    "libphonenumber-js": "^1.13.6",
+    "react-phone-number-input": "^3.4.17"
+  },
   "devDependencies": {
     "tsup": "^8.5.1"
   },