@sentroy-co/client-sdk 2.13.8 → 2.13.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/admin/index.d.ts +111 -10
- package/dist/auth/admin/index.d.ts.map +1 -1
- package/dist/auth/admin/index.js +125 -20
- package/dist/auth/admin/index.js.map +1 -1
- package/dist/auth/client.d.ts +127 -1
- package/dist/auth/client.d.ts.map +1 -1
- package/dist/auth/client.js +361 -3
- package/dist/auth/client.js.map +1 -1
- package/dist/auth/index.d.ts +1 -1
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/react/index.d.ts +63 -4
- package/dist/auth/react/index.d.ts.map +1 -1
- package/dist/auth/react/index.js +180 -1
- package/dist/auth/react/index.js.map +1 -1
- package/dist/auth/types.d.ts +55 -0
- package/dist/auth/types.d.ts.map +1 -1
- package/package.json +5 -1
- package/src/auth/admin/index.ts +227 -31
- package/src/auth/client.ts +438 -4
- package/src/auth/index.ts +9 -0
- package/src/auth/react/index.tsx +255 -4
- package/src/auth/types.ts +66 -0
|
@@ -1,24 +1,118 @@
|
|
|
1
|
-
import type { SentroyAuthUser } from "../types";
|
|
1
|
+
import type { SentroyAuthUser, SignupResponse, LoginResponse, LoginOutcome, AuthTokensResponse } from "../types";
|
|
2
2
|
/**
|
|
3
3
|
* Server-side Sentroy Auth admin SDK. **Node only — apiKey browser'a
|
|
4
|
-
* koymayın**; bu sınıf Project'in master `aps_` token'ını taşır
|
|
5
|
-
* Sentroy üzerindeki user pool'a yetki vermez.
|
|
4
|
+
* koymayın**; bu sınıf Project'in master `aps_` token'ını taşır.
|
|
6
5
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
*
|
|
6
|
+
* Tüm public auth endpoint'lerini apiKey'le proxy eder ve JWT'yi local
|
|
7
|
+
* verify edebilir (JWKS cache + RSA Subtle). RP backend tipik akış:
|
|
8
|
+
*
|
|
9
|
+
* const admin = new SentroyAuthAdmin({ projectSlug, apiKey })
|
|
10
|
+
* const out = await admin.users.signIn({ email, password })
|
|
11
|
+
* if (out.kind === "tokens") setCookie(out.data.accessToken, ...)
|
|
12
|
+
* else // MFA flow
|
|
13
|
+
*
|
|
14
|
+
* // Mid-request: verify
|
|
15
|
+
* const claims = await admin.verifyIdToken(req.cookies.accessToken)
|
|
16
|
+
*
|
|
17
|
+
* Token persistence yok — server-side request-scoped; caller cookie /
|
|
18
|
+
* session / DB nereye isterse oraya yazar.
|
|
10
19
|
*/
|
|
11
20
|
export interface SentroyAuthAdminOptions {
|
|
12
21
|
authBaseUrl?: string;
|
|
13
22
|
projectSlug: string;
|
|
14
23
|
apiKey: string;
|
|
24
|
+
/** JWKS cache TTL (saniye). Default 3600 (1 saat) — JWT rotation
|
|
25
|
+
* grace period'una uyumlu; daha agresif rotation yapan project'ler
|
|
26
|
+
* daha düşük set edebilir. */
|
|
27
|
+
jwksCacheTtl?: number;
|
|
15
28
|
}
|
|
16
29
|
export declare class SentroyAuthAdmin {
|
|
17
30
|
private readonly http;
|
|
31
|
+
private readonly jwksCacheTtl;
|
|
18
32
|
private cachedJwks;
|
|
19
33
|
constructor(opts: SentroyAuthAdminOptions);
|
|
34
|
+
get projectSlug(): string;
|
|
35
|
+
get baseUrl(): string;
|
|
20
36
|
users: {
|
|
21
|
-
|
|
37
|
+
/**
|
|
38
|
+
* Server-side signup proxy. apiKey backend'de — browser'a sızmaz.
|
|
39
|
+
* Email verification project config'ine bağlı: required ise
|
|
40
|
+
* `emailVerificationRequired: true` döner, tokens undefined.
|
|
41
|
+
*/
|
|
42
|
+
create: (input: {
|
|
43
|
+
email: string;
|
|
44
|
+
password: string;
|
|
45
|
+
displayName?: string;
|
|
46
|
+
metadata?: Record<string, unknown>;
|
|
47
|
+
}) => Promise<SignupResponse>;
|
|
48
|
+
/**
|
|
49
|
+
* Server-side login proxy. MFA-aware: tokens VEYA MFA challenge.
|
|
50
|
+
* RP backend `out.kind === "mfa"` ise kullanıcıdan code alıp
|
|
51
|
+
* `users.verifyMfa(...)` çağırır.
|
|
52
|
+
*/
|
|
53
|
+
signIn: (input: {
|
|
54
|
+
email: string;
|
|
55
|
+
password: string;
|
|
56
|
+
rememberMe?: boolean;
|
|
57
|
+
}) => Promise<LoginOutcome>;
|
|
58
|
+
/** MFA verify ikinci adımı — `signIn` kind:"mfa" döndüyse. */
|
|
59
|
+
verifyMfa: (input: {
|
|
60
|
+
mfaToken: string;
|
|
61
|
+
code?: string;
|
|
62
|
+
recoveryCode?: string;
|
|
63
|
+
}) => Promise<LoginResponse>;
|
|
64
|
+
/** Refresh access token (rotation). Yeni refresh + access döner. */
|
|
65
|
+
refresh: (refreshToken: string) => Promise<AuthTokensResponse>;
|
|
66
|
+
/** Logout (refresh token revoke). */
|
|
67
|
+
signOut: (refreshToken: string) => Promise<void>;
|
|
68
|
+
/** Verify email — link'ten gelen token. */
|
|
69
|
+
verifyEmail: (token: string) => Promise<{
|
|
70
|
+
user: SentroyAuthUser;
|
|
71
|
+
}>;
|
|
72
|
+
/** Password reset mail tetikle. */
|
|
73
|
+
requestPasswordReset: (email: string) => Promise<void>;
|
|
74
|
+
/** Reset token + yeni şifre ile finalize. */
|
|
75
|
+
confirmPasswordReset: (input: {
|
|
76
|
+
token: string;
|
|
77
|
+
newPassword: string;
|
|
78
|
+
}) => Promise<{
|
|
79
|
+
user: SentroyAuthUser;
|
|
80
|
+
}>;
|
|
81
|
+
/** Magic-link mail tetikle. */
|
|
82
|
+
sendMagicLink: (input: {
|
|
83
|
+
email: string;
|
|
84
|
+
redirectUri?: string;
|
|
85
|
+
}) => Promise<void>;
|
|
86
|
+
/** Magic-link token consume → login. */
|
|
87
|
+
consumeMagicLink: (token: string) => Promise<LoginResponse>;
|
|
88
|
+
/** Davet token'ı ile yeni hesap + login. */
|
|
89
|
+
acceptInvitation: (input: {
|
|
90
|
+
token: string;
|
|
91
|
+
password: string;
|
|
92
|
+
displayName?: string;
|
|
93
|
+
}) => Promise<LoginResponse>;
|
|
94
|
+
/**
|
|
95
|
+
* Access token ile remote /me — JWT'ye bağımlı kalmadan canlı
|
|
96
|
+
* profile çek. Token expire ise SentroyAuthError fırlatır.
|
|
97
|
+
*/
|
|
98
|
+
getUser: (accessToken: string) => Promise<SentroyAuthUser>;
|
|
99
|
+
/**
|
|
100
|
+
* Token bazlı userinfo (OIDC tarzı). `/userinfo` claims response —
|
|
101
|
+
* SentroyAuthUser shape'inden daha minimal olabilir.
|
|
102
|
+
*/
|
|
103
|
+
getUserinfo: (accessToken: string) => Promise<{
|
|
104
|
+
sub: string;
|
|
105
|
+
email?: string;
|
|
106
|
+
email_verified?: boolean;
|
|
107
|
+
name?: string;
|
|
108
|
+
picture?: string;
|
|
109
|
+
}>;
|
|
110
|
+
/**
|
|
111
|
+
* Admin list (paginated). **Şu an public API yok** — dashboard
|
|
112
|
+
* cookie-auth `/api/companies/[slug]/auth-projects/[id]/users`
|
|
113
|
+
* kullan. v2'de stk_ token'lı admin endpoint açılacak.
|
|
114
|
+
*/
|
|
115
|
+
list: (_opts?: {
|
|
22
116
|
limit?: number;
|
|
23
117
|
skip?: number;
|
|
24
118
|
emailVerified?: boolean;
|
|
@@ -32,9 +126,13 @@ export declare class SentroyAuthAdmin {
|
|
|
32
126
|
}>;
|
|
33
127
|
};
|
|
34
128
|
/**
|
|
35
|
-
* Local verify — JWKS cache'lenir (
|
|
36
|
-
* RS256 ile
|
|
37
|
-
* eşleşmesi de kontrol edilir.
|
|
129
|
+
* Local verify — JWKS cache'lenir (default 1h TTL, opts ile değişir),
|
|
130
|
+
* JWT signature RS256 ile WebCrypto Subtle üzerinden verify edilir.
|
|
131
|
+
* `iss`/`aud` claim eşleşmesi de kontrol edilir.
|
|
132
|
+
*
|
|
133
|
+
* Throw'lar: malformed JWT, expired, iss/aud mismatch, key not found,
|
|
134
|
+
* signature mismatch. Tipik kullanım `try/catch` içinde — fail ise
|
|
135
|
+
* 401 dön.
|
|
38
136
|
*/
|
|
39
137
|
verifyIdToken(token: string): Promise<{
|
|
40
138
|
sub: string;
|
|
@@ -46,7 +144,10 @@ export declare class SentroyAuthAdmin {
|
|
|
46
144
|
aud: string;
|
|
47
145
|
iat: number;
|
|
48
146
|
exp: number;
|
|
147
|
+
[claim: string]: unknown;
|
|
49
148
|
}>;
|
|
149
|
+
/** JWKS cache'ini elle temizle (key rotation sonrası). */
|
|
150
|
+
invalidateJwksCache(): void;
|
|
50
151
|
private fetchJwks;
|
|
51
152
|
}
|
|
52
153
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/admin/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/admin/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,eAAe,EACf,cAAc,EACd,aAAa,EACb,YAAY,EACZ,kBAAkB,EAEnB,MAAM,UAAU,CAAA;AAEjB;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,uBAAuB;IACtC,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd;;mCAE+B;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAOD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAU;IAC/B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAQ;IACrC,OAAO,CAAC,UAAU,CAA0B;gBAEhC,IAAI,EAAE,uBAAuB;IAKzC,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,IAAI,OAAO,IAAI,MAAM,CAEpB;IAID,KAAK;QACH;;;;WAIG;wBACa;YACd,KAAK,EAAE,MAAM,CAAA;YACb,QAAQ,EAAE,MAAM,CAAA;YAChB,WAAW,CAAC,EAAE,MAAM,CAAA;YACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;SACnC,KAAG,OAAO,CAAC,cAAc,CAAC;QAM3B;;;;WAIG;wBACmB;YACpB,KAAK,EAAE,MAAM,CAAA;YACb,QAAQ,EAAE,MAAM,CAAA;YAChB,UAAU,CAAC,EAAE,OAAO,CAAA;SACrB,KAAG,OAAO,CAAC,YAAY,CAAC;QAUzB,8DAA8D;2BAC3C;YACjB,QAAQ,EAAE,MAAM,CAAA;YAChB,IAAI,CAAC,EAAE,MAAM,CAAA;YACb,YAAY,CAAC,EAAE,MAAM,CAAA;SACtB,KAAG,OAAO,CAAC,aAAa,CAAC;QAM1B,oEAAoE;gCAC5C,MAAM,KAAG,OAAO,CAAC,kBAAkB,CAAC;QAM5D,qCAAqC;gCACb,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;QAQ9C,2CAA2C;6BACtB,MAAM,KAAG,OAAO,CAAC;YAAE,IAAI,EAAE,eAAe,CAAA;SAAE,CAAC;QAMhE,mCAAmC;sCACL,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;QAQpD,6CAA6C;sCACf;YAC5B,KAAK,EAAE,MAAM,CAAA;YACb,WAAW,EAAE,MAAM,CAAA;SACpB,KAAG,OAAO,CAAC;YAAE,IAAI,EAAE,eAAe,CAAA;SAAE,CAAC;QAMtC,+BAA+B;+BACR;YACrB,KAAK,EAAE,MAAM,CAAA;YACb,WAAW,CAAC,EAAE,MAAM,CAAA;SACrB,KAAG,OAAO,CAAC,IAAI,CAAC;QAQjB,wCAAwC;kCACd,MAAM,KAAG,OAAO,CAAC,aAAa,CAAC;QAMzD,4CAA4C;kCAClB;YACxB,KAAK,EAAE,MAAM,CAAA;YACb,QAAQ,EAAE,MAAM,CAAA;YAChB,WAAW,CAAC,EAAE,MAAM,CAAA;SACrB,KAAG,OAAO,CAAC,aAAa,CAAC;QAM1B;;;WAGG;+BACoB,MAAM,KAAG,OAAO,CAAC,eAAe,CAAC;QAMxD;;;WAGG;mCAEY,MAAM,KAClB,OAAO,CAAC;YACT,GAAG,EAAE,MAAM,CAAA;YACX,KAAK,CAAC,EAAE,MAAM,CAAA;YACd,cAAc,CAAC,EAAE,OAAO,CAAA;YACxB,IAAI,CAAC,EAAE,MAAM,CAAA;YACb,OAAO,CAAC,EAAE,MAAM,CAAA;SACjB,CAAC;QAMF;;;;WAIG;uBACW;YACZ,KAAK,CAAC,EAAE,MAAM,CAAA;YACd,IAAI,CAAC,EAAE,MAAM,CAAA;YACb,aAAa,CAAC,EAAE,OAAO,CAAA;SACxB,KAAQ,OAAO,CAAC;YACf,KAAK,EAAE,eAAe,EAAE,CAAA;YACxB,UAAU,EAAE;gBAAE,KAAK,EAAE,MAAM,CAAC;gBAAC,KAAK,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAA;aAAE,CAAA;SAC3D,CAAC;MAKH;IAID;;;;;;;;OAQG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QAC1C,GAAG,EAAE,MAAM,CAAA;QACX,KAAK,CAAC,EAAE,MAAM,CAAA;QACd,cAAc,CAAC,EAAE,OAAO,CAAA;QACxB,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,GAAG,EAAE,MAAM,CAAA;QACX,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAA;KACzB,CAAC;IAmDF,0DAA0D;IAC1D,mBAAmB,IAAI,IAAI;YAIb,SAAS;CAaxB"}
|
package/dist/auth/admin/index.js
CHANGED
|
@@ -4,24 +4,126 @@ exports.SentroyAuthAdmin = void 0;
|
|
|
4
4
|
const http_1 = require("../http");
|
|
5
5
|
class SentroyAuthAdmin {
|
|
6
6
|
http;
|
|
7
|
+
jwksCacheTtl;
|
|
7
8
|
cachedJwks = null;
|
|
8
9
|
constructor(opts) {
|
|
9
10
|
this.http = new http_1.AuthHttp(opts);
|
|
11
|
+
this.jwksCacheTtl = opts.jwksCacheTtl ?? 3600;
|
|
12
|
+
}
|
|
13
|
+
get projectSlug() {
|
|
14
|
+
return this.http.projectSlug;
|
|
15
|
+
}
|
|
16
|
+
get baseUrl() {
|
|
17
|
+
return this.http.baseUrl;
|
|
10
18
|
}
|
|
11
19
|
// ─── User pool admin ──────────────────────────────────────────────────
|
|
12
20
|
users = {
|
|
13
|
-
|
|
21
|
+
/**
|
|
22
|
+
* Server-side signup proxy. apiKey backend'de — browser'a sızmaz.
|
|
23
|
+
* Email verification project config'ine bağlı: required ise
|
|
24
|
+
* `emailVerificationRequired: true` döner, tokens undefined.
|
|
25
|
+
*/
|
|
26
|
+
create: (input) => this.http.request("/signup", {
|
|
27
|
+
method: "POST",
|
|
28
|
+
json: input,
|
|
29
|
+
}),
|
|
30
|
+
/**
|
|
31
|
+
* Server-side login proxy. MFA-aware: tokens VEYA MFA challenge.
|
|
32
|
+
* RP backend `out.kind === "mfa"` ise kullanıcıdan code alıp
|
|
33
|
+
* `users.verifyMfa(...)` çağırır.
|
|
34
|
+
*/
|
|
35
|
+
signIn: async (input) => {
|
|
36
|
+
const res = await this.http.request("/login", { method: "POST", json: input });
|
|
37
|
+
if ("mfaRequired" in res && res.mfaRequired) {
|
|
38
|
+
return { kind: "mfa", data: res };
|
|
39
|
+
}
|
|
40
|
+
return { kind: "tokens", data: res };
|
|
41
|
+
},
|
|
42
|
+
/** MFA verify ikinci adımı — `signIn` kind:"mfa" döndüyse. */
|
|
43
|
+
verifyMfa: (input) => this.http.request("/login/mfa/verify", {
|
|
44
|
+
method: "POST",
|
|
45
|
+
json: input,
|
|
46
|
+
}),
|
|
47
|
+
/** Refresh access token (rotation). Yeni refresh + access döner. */
|
|
48
|
+
refresh: (refreshToken) => this.http.request("/refresh", {
|
|
49
|
+
method: "POST",
|
|
50
|
+
json: { refreshToken },
|
|
51
|
+
}),
|
|
52
|
+
/** Logout (refresh token revoke). */
|
|
53
|
+
signOut: (refreshToken) => this.http
|
|
54
|
+
.request("/logout", {
|
|
55
|
+
method: "POST",
|
|
56
|
+
json: { refreshToken },
|
|
57
|
+
})
|
|
58
|
+
.then(() => undefined),
|
|
59
|
+
/** Verify email — link'ten gelen token. */
|
|
60
|
+
verifyEmail: (token) => this.http.request("/verify-email", {
|
|
61
|
+
method: "POST",
|
|
62
|
+
json: { token },
|
|
63
|
+
}),
|
|
64
|
+
/** Password reset mail tetikle. */
|
|
65
|
+
requestPasswordReset: (email) => this.http
|
|
66
|
+
.request("/password-reset/request", {
|
|
67
|
+
method: "POST",
|
|
68
|
+
json: { email },
|
|
69
|
+
})
|
|
70
|
+
.then(() => undefined),
|
|
71
|
+
/** Reset token + yeni şifre ile finalize. */
|
|
72
|
+
confirmPasswordReset: (input) => this.http.request("/password-reset/confirm", {
|
|
73
|
+
method: "POST",
|
|
74
|
+
json: input,
|
|
75
|
+
}),
|
|
76
|
+
/** Magic-link mail tetikle. */
|
|
77
|
+
sendMagicLink: (input) => this.http
|
|
78
|
+
.request("/magic-link/request", {
|
|
79
|
+
method: "POST",
|
|
80
|
+
json: input,
|
|
81
|
+
})
|
|
82
|
+
.then(() => undefined),
|
|
83
|
+
/** Magic-link token consume → login. */
|
|
84
|
+
consumeMagicLink: (token) => this.http.request("/magic-link/consume", {
|
|
85
|
+
method: "POST",
|
|
86
|
+
json: { token },
|
|
87
|
+
}),
|
|
88
|
+
/** Davet token'ı ile yeni hesap + login. */
|
|
89
|
+
acceptInvitation: (input) => this.http.request("/invitation/accept", {
|
|
90
|
+
method: "POST",
|
|
91
|
+
json: input,
|
|
92
|
+
}),
|
|
93
|
+
/**
|
|
94
|
+
* Access token ile remote /me — JWT'ye bağımlı kalmadan canlı
|
|
95
|
+
* profile çek. Token expire ise SentroyAuthError fırlatır.
|
|
96
|
+
*/
|
|
97
|
+
getUser: (accessToken) => this.http.request("/me", {
|
|
98
|
+
method: "GET",
|
|
99
|
+
bearer: accessToken,
|
|
100
|
+
}),
|
|
101
|
+
/**
|
|
102
|
+
* Token bazlı userinfo (OIDC tarzı). `/userinfo` claims response —
|
|
103
|
+
* SentroyAuthUser shape'inden daha minimal olabilir.
|
|
104
|
+
*/
|
|
105
|
+
getUserinfo: (accessToken) => this.http.request("/userinfo", {
|
|
106
|
+
method: "GET",
|
|
107
|
+
bearer: accessToken,
|
|
108
|
+
}),
|
|
109
|
+
/**
|
|
110
|
+
* Admin list (paginated). **Şu an public API yok** — dashboard
|
|
111
|
+
* cookie-auth `/api/companies/[slug]/auth-projects/[id]/users`
|
|
112
|
+
* kullan. v2'de stk_ token'lı admin endpoint açılacak.
|
|
113
|
+
*/
|
|
114
|
+
list: (_opts = {}) => {
|
|
14
115
|
throw new Error("admin.users.list requires session-authenticated admin API; use dashboard /api/companies/[slug]/auth-projects/[id]/users instead. (v2 admin SDK will proxy this with stk_ tokens.)");
|
|
15
|
-
// NOTE Phase 5+: SDK admin endpoint'leri public path'lere taşınmadı;
|
|
16
|
-
// şu an `/api/companies/...` cookie-auth ile. v2'de `/api/v1/admin/...`
|
|
17
|
-
// RP token'ı ile authenticate eden ayrı public admin layer eklenir.
|
|
18
116
|
},
|
|
19
117
|
};
|
|
20
118
|
// ─── ID token verification ─────────────────────────────────────────────
|
|
21
119
|
/**
|
|
22
|
-
* Local verify — JWKS cache'lenir (
|
|
23
|
-
* RS256 ile
|
|
24
|
-
* eşleşmesi de kontrol edilir.
|
|
120
|
+
* Local verify — JWKS cache'lenir (default 1h TTL, opts ile değişir),
|
|
121
|
+
* JWT signature RS256 ile WebCrypto Subtle üzerinden verify edilir.
|
|
122
|
+
* `iss`/`aud` claim eşleşmesi de kontrol edilir.
|
|
123
|
+
*
|
|
124
|
+
* Throw'lar: malformed JWT, expired, iss/aud mismatch, key not found,
|
|
125
|
+
* signature mismatch. Tipik kullanım `try/catch` içinde — fail ise
|
|
126
|
+
* 401 dön.
|
|
25
127
|
*/
|
|
26
128
|
async verifyIdToken(token) {
|
|
27
129
|
const parts = token.split(".");
|
|
@@ -37,12 +139,12 @@ class SentroyAuthAdmin {
|
|
|
37
139
|
if (typeof claims.exp !== "number" || claims.exp * 1000 < Date.now()) {
|
|
38
140
|
throw new Error("Token expired.");
|
|
39
141
|
}
|
|
40
|
-
// iss + aud check
|
|
41
142
|
const expectedIssSuffix = `/p/${this.http.projectSlug}`;
|
|
42
|
-
if (typeof claims.iss !== "string" ||
|
|
143
|
+
if (typeof claims.iss !== "string" ||
|
|
144
|
+
!claims.iss.endsWith(expectedIssSuffix)) {
|
|
43
145
|
throw new Error("Issuer mismatch.");
|
|
44
146
|
}
|
|
45
|
-
// aud == project apiKeyPrefix (12 chars
|
|
147
|
+
// aud == project apiKeyPrefix (first 12 chars of api key)
|
|
46
148
|
if (typeof claims.aud !== "string" ||
|
|
47
149
|
!this.http.apiKey?.startsWith(claims.aud)) {
|
|
48
150
|
throw new Error("Audience mismatch.");
|
|
@@ -58,15 +160,19 @@ class SentroyAuthAdmin {
|
|
|
58
160
|
});
|
|
59
161
|
return claims;
|
|
60
162
|
}
|
|
163
|
+
/** JWKS cache'ini elle temizle (key rotation sonrası). */
|
|
164
|
+
invalidateJwksCache() {
|
|
165
|
+
this.cachedJwks = null;
|
|
166
|
+
}
|
|
61
167
|
async fetchJwks() {
|
|
62
|
-
if (this.cachedJwks)
|
|
63
|
-
return this.cachedJwks;
|
|
168
|
+
if (this.cachedJwks && this.cachedJwks.expiresAt > Date.now()) {
|
|
169
|
+
return { keys: this.cachedJwks.keys };
|
|
170
|
+
}
|
|
64
171
|
const jwks = await this.http.request("/jwks.json", { method: "GET" });
|
|
65
|
-
this.cachedJwks =
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
}, 5 * 60 * 1000);
|
|
172
|
+
this.cachedJwks = {
|
|
173
|
+
keys: jwks.keys,
|
|
174
|
+
expiresAt: Date.now() + this.jwksCacheTtl * 1000,
|
|
175
|
+
};
|
|
70
176
|
return jwks;
|
|
71
177
|
}
|
|
72
178
|
}
|
|
@@ -111,9 +217,8 @@ async function verifyRsaSignature(input) {
|
|
|
111
217
|
throw new Error("Web Crypto unavailable — upgrade Node >= 18 or run in a browser.");
|
|
112
218
|
}
|
|
113
219
|
const key = await subtle.importKey("jwk", input.jwk, { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256" }, false, ["verify"]);
|
|
114
|
-
// Web Crypto types want ArrayBuffer-backed BufferSource.
|
|
115
|
-
//
|
|
116
|
-
// bytes are created fresh from base64 decode so ArrayBuffer-safe — cast.
|
|
220
|
+
// Web Crypto types want ArrayBuffer-backed BufferSource. Bytes are
|
|
221
|
+
// created fresh from base64 decode so they are ArrayBuffer-safe.
|
|
117
222
|
const sigBytes = base64UrlToBytes(input.sigB64);
|
|
118
223
|
const dataBytes = new TextEncoder().encode(input.data);
|
|
119
224
|
const ok = await subtle.verify({ name: "RSASSA-PKCS1-v1_5" }, key, sigBytes, dataBytes);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/admin/index.ts"],"names":[],"mappings":";;;AAAA,kCAAkC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/admin/index.ts"],"names":[],"mappings":";;;AAAA,kCAAkC;AA4ClC,MAAa,gBAAgB;IACV,IAAI,CAAU;IACd,YAAY,CAAQ;IAC7B,UAAU,GAAsB,IAAI,CAAA;IAE5C,YAAY,IAA6B;QACvC,IAAI,CAAC,IAAI,GAAG,IAAI,eAAQ,CAAC,IAAI,CAAC,CAAA;QAC9B,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAA;IAC/C,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAA;IAC9B,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAA;IAC1B,CAAC;IAED,yEAAyE;IAEzE,KAAK,GAAG;QACN;;;;WAIG;QACH,MAAM,EAAE,CAAC,KAKR,EAA2B,EAAE,CAC5B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAiB,SAAS,EAAE;YAC3C,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,KAAK;SACZ,CAAC;QAEJ;;;;WAIG;QACH,MAAM,EAAE,KAAK,EAAE,KAId,EAAyB,EAAE;YAC1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAEjC,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;YAC5C,IAAI,aAAa,IAAI,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBAC5C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,CAAA;YACnC,CAAC;YACD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAoB,EAAE,CAAA;QACvD,CAAC;QAED,8DAA8D;QAC9D,SAAS,EAAE,CAAC,KAIX,EAA0B,EAAE,CAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAgB,mBAAmB,EAAE;YACpD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,KAAK;SACZ,CAAC;QAEJ,oEAAoE;QACpE,OAAO,EAAE,CAAC,YAAoB,EAA+B,EAAE,CAC7D,IAAI,CAAC,IAAI,CAAC,OAAO,CAAqB,UAAU,EAAE;YAChD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,YAAY,EAAE;SACvB,CAAC;QAEJ,qCAAqC;QACrC,OAAO,EAAE,CAAC,YAAoB,EAAiB,EAAE,CAC/C,IAAI,CAAC,IAAI;aACN,OAAO,CAAO,SAAS,EAAE;YACxB,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,YAAY,EAAE;SACvB,CAAC;aACD,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC;QAE1B,2CAA2C;QAC3C,WAAW,EAAE,CAAC,KAAa,EAAsC,EAAE,CACjE,IAAI,CAAC,IAAI,CAAC,OAAO,CAA4B,eAAe,EAAE;YAC5D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,KAAK,EAAE;SAChB,CAAC;QAEJ,mCAAmC;QACnC,oBAAoB,EAAE,CAAC,KAAa,EAAiB,EAAE,CACrD,IAAI,CAAC,IAAI;aACN,OAAO,CAAO,yBAAyB,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,KAAK,EAAE;SAChB,CAAC;aACD,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC;QAE1B,6CAA6C;QAC7C,oBAAoB,EAAE,CAAC,KAGtB,EAAsC,EAAE,CACvC,IAAI,CAAC,IAAI,CAAC,OAAO,CAA4B,yBAAyB,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,KAAK;SACZ,CAAC;QAEJ,+BAA+B;QAC/B,aAAa,EAAE,CAAC,KAGf,EAAiB,EAAE,CAClB,IAAI,CAAC,IAAI;aACN,OAAO,CAAO,qBAAqB,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,KAAK;SACZ,CAAC;aACD,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC;QAE1B,wCAAwC;QACxC,gBAAgB,EAAE,CAAC,KAAa,EAA0B,EAAE,CAC1D,IAAI,CAAC,IAAI,CAAC,OAAO,CAAgB,qBAAqB,EAAE;YACtD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,KAAK,EAAE;SAChB,CAAC;QAEJ,4CAA4C;QAC5C,gBAAgB,EAAE,CAAC,KAIlB,EAA0B,EAAE,CAC3B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAgB,oBAAoB,EAAE;YACrD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,KAAK;SACZ,CAAC;QAEJ;;;WAGG;QACH,OAAO,EAAE,CAAC,WAAmB,EAA4B,EAAE,CACzD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAkB,KAAK,EAAE;YACxC,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,WAAW;SACpB,CAAC;QAEJ;;;WAGG;QACH,WAAW,EAAE,CACX,WAAmB,EAOlB,EAAE,CACH,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE;YAC7B,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,WAAW;SACpB,CAAC;QAEJ;;;;WAIG;QACH,IAAI,EAAE,CAAC,QAIH,EAAE,EAGH,EAAE;YACH,MAAM,IAAI,KAAK,CACb,mLAAmL,CACpL,CAAA;QACH,CAAC;KACF,CAAA;IAED,0EAA0E;IAE1E;;;;;;;;OAQG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa;QAY/B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;QAC7D,CAAC;QACD,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,GAAG,KAAK,CAAA;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,CAGnD,CAAA;QACD,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAA;QAC1C,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAIpD,CAAA;QACD,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACrE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAA;QACnC,CAAC;QACD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAA;QACvD,IACE,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAC9B,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EACvC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;QACrC,CAAC;QACD,0DAA0D;QAC1D,IACE,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAC9B,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,EACzC,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;QACvC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAA;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAE,CAAsB,CAAC,GAAG,KAAK,MAAM,CAAC,GAAG,CAClD,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,IAAI,CAAC,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAA;QAEnD,MAAM,kBAAkB,CAAC;YACvB,IAAI,EAAE,GAAG,SAAS,IAAI,UAAU,EAAE;YAClC,MAAM;YACN,GAAG,EAAE,GAAiB;SACvB,CAAC,CAAA;QAEF,OAAO,MAAe,CAAA;IACxB,CAAC;IAED,0DAA0D;IAC1D,mBAAmB;QACjB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAA;IACxB,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC9D,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAA;QACvC,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAEjC,YAAY,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAA;QACnC,IAAI,CAAC,UAAU,GAAG;YAChB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,YAAY,GAAG,IAAI;SACjD,CAAA;QACD,OAAO,IAAI,CAAA;IACb,CAAC;CACF;AArRD,4CAqRC;AAED,4EAA4E;AAE5E,SAAS,eAAe,CAAC,CAAS;IAChC,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IACtD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAA;IAC9E,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAA;QACjC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;QACvE,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;IACxC,CAAC;IACD,8DAA8D;IAC9D,MAAM,CAAC,GAAI,UAAkB,CAAC,MAAM,CAAA;IACpC,IAAI,CAAC;QAAE,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;IAC7D,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;AAChD,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAS;IACjC,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IACtD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAA;IAC9E,IAAI,OAAO,IAAI,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAA;QACjC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;YAAE,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;QACvE,OAAO,KAAK,CAAA;IACd,CAAC;IACD,8DAA8D;IAC9D,MAAM,CAAC,GAAI,UAAkB,CAAC,MAAM,CAAA;IACpC,IAAI,CAAC;QAAE,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC5D,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;AAChD,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,KAIjC;IACC,iEAAiE;IACjE,MAAM,MAAM,GACV,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAA;IACvE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAA;IACH,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAChC,KAAK,EACL,KAAK,CAAC,GAAG,EACT,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9C,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAA;IACD,mEAAmE;IACnE,iEAAiE;IACjE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAe,CAAA;IAC7D,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAe,CAAA;IACpE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAC5B,EAAE,IAAI,EAAE,mBAAmB,EAAE,EAC7B,GAAG,EACH,QAAkC,EAClC,SAAmC,CACpC,CAAA;IACD,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAA;AACjD,CAAC"}
|
package/dist/auth/client.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { type SentroyAuthUser, type SignupResponse, type LoginResponse } from "./types";
|
|
1
|
+
import { type SentroyAuthUser, type SignupResponse, type LoginResponse, type LoginOutcome, type SessionSummary, type ActivityEntry, type MfaStatus, type MfaEnrollResponse, type MfaVerifyEnrollmentResponse, type PasskeySummary, type SocialProvider } from "./types";
|
|
2
2
|
import { type AuthHttpOptions } from "./http";
|
|
3
3
|
/**
|
|
4
4
|
* Browser-facing Sentroy Auth SDK — Firebase Auth tarzı session API.
|
|
@@ -56,13 +56,139 @@ export declare class SentroyAuth {
|
|
|
56
56
|
displayName?: string;
|
|
57
57
|
metadata?: Record<string, unknown>;
|
|
58
58
|
}): Promise<SignupResponse>;
|
|
59
|
+
/**
|
|
60
|
+
* Sign in with email/password. MFA enrolled user'lar için response
|
|
61
|
+
* discriminated union: `kind: "mfa"` → caller `verifyMfa()` çağırır.
|
|
62
|
+
* `kind: "tokens"` → session kuruldu.
|
|
63
|
+
*/
|
|
59
64
|
signIn(input: {
|
|
60
65
|
email: string;
|
|
61
66
|
password: string;
|
|
67
|
+
rememberMe?: boolean;
|
|
68
|
+
}): Promise<LoginOutcome>;
|
|
69
|
+
/**
|
|
70
|
+
* MFA verify — `signIn` ile `kind: "mfa"` döndüyse, kullanıcıdan code
|
|
71
|
+
* (veya recovery code) alıp bu method'u çağır. Başarılıysa session
|
|
72
|
+
* kurulur ve login tamamlanır.
|
|
73
|
+
*/
|
|
74
|
+
verifyMfa(input: {
|
|
75
|
+
mfaToken: string;
|
|
76
|
+
code?: string;
|
|
77
|
+
recoveryCode?: string;
|
|
62
78
|
}): Promise<LoginResponse>;
|
|
63
79
|
signOut(): Promise<void>;
|
|
64
80
|
sendPasswordReset(email: string): Promise<void>;
|
|
81
|
+
/**
|
|
82
|
+
* Reset password using token from email. `newPassword` policy +
|
|
83
|
+
* HaveIBeenPwned breach check yapılır.
|
|
84
|
+
*/
|
|
85
|
+
confirmPasswordReset(input: {
|
|
86
|
+
token: string;
|
|
87
|
+
newPassword: string;
|
|
88
|
+
}): Promise<SentroyAuthUser>;
|
|
65
89
|
verifyEmail(token: string): Promise<SentroyAuthUser>;
|
|
90
|
+
/**
|
|
91
|
+
* Email magic-link request. Project'in `magicLinkEnabled` true
|
|
92
|
+
* olması gerekir. Uniform 200 response — email yoksa da hata vermez.
|
|
93
|
+
*/
|
|
94
|
+
sendMagicLink(input: {
|
|
95
|
+
email: string;
|
|
96
|
+
redirectUri?: string;
|
|
97
|
+
}): Promise<void>;
|
|
98
|
+
/**
|
|
99
|
+
* Magic link mail'inden gelen token ile login. Session kurulur.
|
|
100
|
+
*/
|
|
101
|
+
consumeMagicLink(token: string): Promise<LoginResponse>;
|
|
102
|
+
/**
|
|
103
|
+
* Accept admin invitation. Token mail'den gelir, kullanıcı password
|
|
104
|
+
* + optional displayName girer; hesap create + session kurulur.
|
|
105
|
+
*/
|
|
106
|
+
acceptInvitation(input: {
|
|
107
|
+
token: string;
|
|
108
|
+
password: string;
|
|
109
|
+
displayName?: string;
|
|
110
|
+
}): Promise<LoginResponse>;
|
|
111
|
+
/**
|
|
112
|
+
* Provider authorize URL üret. `window.location.assign(url)` ile
|
|
113
|
+
* RP'nin sayfasından redirect — callback'te Sentroy session kurulur,
|
|
114
|
+
* redirectUri fragment'ında token'lar döner.
|
|
115
|
+
*/
|
|
116
|
+
socialAuthorizeUrl(provider: SocialProvider, opts?: {
|
|
117
|
+
redirectUri?: string;
|
|
118
|
+
rememberMe?: boolean;
|
|
119
|
+
}): string;
|
|
120
|
+
/**
|
|
121
|
+
* `window.location.hash`tan social login redirect sonrası gelen
|
|
122
|
+
* `#access_token=...&refresh_token=...&token_type=Bearer` parse +
|
|
123
|
+
* session kur. RP sayfasına redirectUri varsayılan akış kullanıldıysa
|
|
124
|
+
* çağırın. Başarılıysa user döner, fail'da null.
|
|
125
|
+
*/
|
|
126
|
+
consumeRedirectFragment(): Promise<SentroyAuthUser | null>;
|
|
127
|
+
getCurrentUser(): Promise<SentroyAuthUser | null>;
|
|
128
|
+
private fetchMe;
|
|
129
|
+
listSessions(): Promise<SessionSummary[]>;
|
|
130
|
+
revokeSession(id: string): Promise<void>;
|
|
131
|
+
/**
|
|
132
|
+
* Change password. Backend tüm session'ları revoke eder; SDK local
|
|
133
|
+
* session'ı temizler — caller `signIn` ile tekrar oturum açar.
|
|
134
|
+
*/
|
|
135
|
+
changePassword(input: {
|
|
136
|
+
currentPassword: string;
|
|
137
|
+
newPassword: string;
|
|
138
|
+
}): Promise<void>;
|
|
139
|
+
/**
|
|
140
|
+
* Request email change — confirmation mail yeni adrese gönderilir.
|
|
141
|
+
* Kullanıcı `confirmEmailChange(token)` ile finalize eder.
|
|
142
|
+
*/
|
|
143
|
+
requestEmailChange(input: {
|
|
144
|
+
newEmail: string;
|
|
145
|
+
currentPassword: string;
|
|
146
|
+
}): Promise<void>;
|
|
147
|
+
/** Token-based confirm (mail link'inden gelir). */
|
|
148
|
+
confirmEmailChange(token: string): Promise<SentroyAuthUser>;
|
|
149
|
+
requestAccountDeletion(currentPassword: string): Promise<void>;
|
|
150
|
+
confirmAccountDeletion(token: string): Promise<void>;
|
|
151
|
+
getActivity(): Promise<ActivityEntry[]>;
|
|
152
|
+
readonly mfa: {
|
|
153
|
+
getStatus: () => Promise<MfaStatus>;
|
|
154
|
+
enrollTotp: () => Promise<MfaEnrollResponse>;
|
|
155
|
+
verifyTotpEnrollment: (code: string) => Promise<MfaVerifyEnrollmentResponse>;
|
|
156
|
+
disableTotp: (currentPassword: string) => Promise<void>;
|
|
157
|
+
};
|
|
158
|
+
readonly passkey: {
|
|
159
|
+
list: () => Promise<PasskeySummary[]>;
|
|
160
|
+
delete: (id: string) => Promise<void>;
|
|
161
|
+
/**
|
|
162
|
+
* Register a new passkey on this device.
|
|
163
|
+
*
|
|
164
|
+
* Browser-only: dynamically imports `@simplewebauthn/browser`. RP
|
|
165
|
+
* SDK kullanıyor ama webauthn/browser bağımlılığı yoksa caller
|
|
166
|
+
* `peerDependencies` aracılığıyla manuel ekler.
|
|
167
|
+
*/
|
|
168
|
+
register: (deviceName?: string) => Promise<void>;
|
|
169
|
+
/**
|
|
170
|
+
* Sign in with passkey. Email opsiyonel — verilirse server o
|
|
171
|
+
* user'ın passkey'lerini allowList yapar, yoksa "usernameless".
|
|
172
|
+
* Session kurulur.
|
|
173
|
+
*/
|
|
174
|
+
authenticate: (opts?: {
|
|
175
|
+
email?: string;
|
|
176
|
+
rememberMe?: boolean;
|
|
177
|
+
}) => Promise<LoginResponse>;
|
|
178
|
+
};
|
|
179
|
+
/**
|
|
180
|
+
* Force refresh now — caller'ın sürdüğü access token süresi dolmuş
|
|
181
|
+
* olabilir; bu method yeni token'ları persist eder.
|
|
182
|
+
*/
|
|
183
|
+
refreshNow(): Promise<void>;
|
|
184
|
+
/** Manual session injection — fragment / cookie redirect dışında tokens
|
|
185
|
+
* başka bir kanaldan elde edildiyse (örn. RP custom auth callback). */
|
|
186
|
+
setSession(input: {
|
|
187
|
+
accessToken: string;
|
|
188
|
+
refreshToken: string;
|
|
189
|
+
user: SentroyAuthUser;
|
|
190
|
+
}): void;
|
|
191
|
+
private requireToken;
|
|
66
192
|
/**
|
|
67
193
|
* Subscription pattern — Firebase Auth uyumlu. Caller'ın hemen mevcut
|
|
68
194
|
* state'i alabilmesi için constructor'da restore edilen user
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/auth/client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,aAAa,
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/auth/client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,aAAa,EAElB,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,2BAA2B,EAChC,KAAK,cAAc,EACnB,KAAK,cAAc,EACpB,MAAM,SAAS,CAAA;AAChB,OAAO,EAAY,KAAK,eAAe,EAAE,MAAM,QAAQ,CAAA;AAEvD;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,MAAM,uBAAuB,GAAG,CAAC,IAAI,EAAE,eAAe,GAAG,IAAI,KAAK,IAAI,CAAA;AAE5E,MAAM,WAAW,kBAAkB;IACjC,IAAI,IAAI;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,eAAe,CAAA;KAAE,GAAG,IAAI,CAAA;IACnF,KAAK,CAAC,KAAK,EAAE;QACX,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,IAAI,EAAE,eAAe,CAAA;KACtB,GAAG,IAAI,CAAA;IACR,KAAK,IAAI,IAAI,CAAA;CACd;AA8GD,MAAM,WAAW,kBAAmB,SAAQ,eAAe;IACzD;wEACoE;IACpE,OAAO,CAAC,EAAE,cAAc,GAAG,QAAQ,GAAG,kBAAkB,CAAA;IACxD;6BACyB;IACzB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAU;IAC/B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAoB;IAC5C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAqC;IAC/D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAQ;IACpC,OAAO,CAAC,YAAY,CAA6C;IACjE,OAAO,CAAC,WAAW,CAA+B;gBAEtC,IAAI,EAAE,kBAAkB;IA2BpC,IAAI,IAAI,IAAI,eAAe,GAAG,IAAI,CAEjC;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAEK,MAAM,CAAC,KAAK,EAAE;QAClB,KAAK,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,MAAM,CAAA;QAChB,WAAW,CAAC,EAAE,MAAM,CAAA;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KACnC,GAAG,OAAO,CAAC,cAAc,CAAC;IAe3B;;;;OAIG;IACG,MAAM,CAAC,KAAK,EAAE;QAClB,KAAK,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,MAAM,CAAA;QAChB,UAAU,CAAC,EAAE,OAAO,CAAA;KACrB,GAAG,OAAO,CAAC,YAAY,CAAC;IAgBzB;;;;OAIG;IACG,SAAS,CAAC,KAAK,EAAE;QACrB,QAAQ,EAAE,MAAM,CAAA;QAChB,IAAI,CAAC,EAAE,MAAM,CAAA;QACb,YAAY,CAAC,EAAE,MAAM,CAAA;KACtB,GAAG,OAAO,CAAC,aAAa,CAAC;IAapB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAexB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOrD;;;OAGG;IACG,oBAAoB,CAAC,KAAK,EAAE;QAChC,KAAK,EAAE,MAAM,CAAA;QACb,WAAW,EAAE,MAAM,CAAA;KACpB,GAAG,OAAO,CAAC,eAAe,CAAC;IAQtB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAmB1D;;;OAGG;IACG,aAAa,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAOlF;;OAEG;IACG,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAe7D;;;OAGG;IACG,gBAAgB,CAAC,KAAK,EAAE;QAC5B,KAAK,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,MAAM,CAAA;QAChB,WAAW,CAAC,EAAE,MAAM,CAAA;KACrB,GAAG,OAAO,CAAC,aAAa,CAAC;IAe1B;;;;OAIG;IACH,kBAAkB,CAChB,QAAQ,EAAE,cAAc,EACxB,IAAI,GAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,OAAO,CAAA;KAAO,GACxD,MAAM;IAQT;;;;;OAKG;IACG,uBAAuB,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAsB1D,cAAc,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;YAUzC,OAAO;IAaf,YAAY,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;IAOzC,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAS9C;;;OAGG;IACG,cAAc,CAAC,KAAK,EAAE;QAC1B,eAAe,EAAE,MAAM,CAAA;QACvB,WAAW,EAAE,MAAM,CAAA;KACpB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWjB;;;OAGG;IACG,kBAAkB,CAAC,KAAK,EAAE;QAC9B,QAAQ,EAAE,MAAM,CAAA;QAChB,eAAe,EAAE,MAAM,CAAA;KACxB,GAAG,OAAO,CAAC,IAAI,CAAC;IAQjB,mDAAmD;IAC7C,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAY3D,sBAAsB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ9D,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUpD,WAAW,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAS7C,QAAQ,CAAC,GAAG;yBACW,OAAO,CAAC,SAAS,CAAC;0BAKjB,OAAO,CAAC,iBAAiB,CAAC;qCAMxC,MAAM,KACX,OAAO,CAAC,2BAA2B,CAAC;uCAKF,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;MAO5D;IAID,QAAQ,CAAC,OAAO;oBACE,OAAO,CAAC,cAAc,EAAE,CAAC;qBAKtB,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;QAMzC;;;;;;WAMG;gCAC2B,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;QA0BpD;;;;WAIG;8BAEK;YAAE,KAAK,CAAC,EAAE,MAAM,CAAC;YAAC,UAAU,CAAC,EAAE,OAAO,CAAA;SAAE,KAC7C,OAAO,CAAC,aAAa,CAAC;MA8B1B;IAED;;;OAGG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAIjC;4EACwE;IACxE,UAAU,CAAC,KAAK,EAAE;QAChB,WAAW,EAAE,MAAM,CAAA;QACnB,YAAY,EAAE,MAAM,CAAA;QACpB,IAAI,EAAE,eAAe,CAAA;KACtB,GAAG,IAAI;IAIR,OAAO,CAAC,YAAY;IAQpB;;;;OAIG;IACH,kBAAkB,CAAC,QAAQ,EAAE,uBAAuB,GAAG,MAAM,IAAI;IAYjE,OAAO,CAAC,OAAO;IAWf,OAAO,CAAC,YAAY;IAUpB,OAAO,CAAC,MAAM;IAUd;;;;;;OAMG;IACH,OAAO,CAAC,cAAc;IAetB,OAAO,CAAC,eAAe;YAaT,OAAO;CAiBtB"}
|