npm - @sentroy-co/client-sdk - Versions diffs - 2.13.8 → 2.14.0 - Mend

@sentroy-co/client-sdk 2.13.8 → 2.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/README.md +24 -5
package/dist/auth/admin/index.d.ts +111 -10
package/dist/auth/admin/index.d.ts.map +1 -1
package/dist/auth/admin/index.js +125 -20
package/dist/auth/admin/index.js.map +1 -1
package/dist/auth/client.d.ts +127 -1
package/dist/auth/client.d.ts.map +1 -1
package/dist/auth/client.js +361 -3
package/dist/auth/client.js.map +1 -1
package/dist/auth/index.d.ts +1 -1
package/dist/auth/index.d.ts.map +1 -1
package/dist/auth/index.js.map +1 -1
package/dist/auth/react/index.d.ts +63 -4
package/dist/auth/react/index.d.ts.map +1 -1
package/dist/auth/react/index.js +180 -1
package/dist/auth/react/index.js.map +1 -1
package/dist/auth/types.d.ts +55 -0
package/dist/auth/types.d.ts.map +1 -1
package/dist/cli/ai.d.ts +35 -0
package/dist/cli/ai.d.ts.map +1 -0
package/dist/cli/ai.js +399 -0
package/dist/cli/ai.js.map +1 -0
package/dist/cli/args.d.ts +62 -0
package/dist/cli/args.d.ts.map +1 -0
package/dist/cli/args.js +199 -0
package/dist/cli/args.js.map +1 -0
package/dist/cli/env.d.ts.map +1 -1
package/dist/cli/env.js +8 -2
package/dist/cli/env.js.map +1 -1
package/dist/cli/format.d.ts +37 -0
package/dist/cli/format.d.ts.map +1 -0
package/dist/cli/format.js +129 -0
package/dist/cli/format.js.map +1 -0
package/dist/cli/index.d.ts +8 -2
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +128 -25
package/dist/cli/index.js.map +1 -1
package/dist/cli/mail.d.ts +25 -0
package/dist/cli/mail.d.ts.map +1 -0
package/dist/cli/mail.js +253 -0
package/dist/cli/mail.js.map +1 -0
package/dist/cli/storage.d.ts +28 -0
package/dist/cli/storage.d.ts.map +1 -0
package/dist/cli/storage.js +189 -0
package/dist/cli/storage.js.map +1 -0
package/package.json +8 -2
package/skill/SKILL.md +542 -0
package/src/auth/admin/index.ts +227 -31
package/src/auth/client.ts +438 -4
package/src/auth/index.ts +9 -0
package/src/auth/react/index.tsx +255 -4
package/src/auth/types.ts +66 -0
package/src/cli/ai.ts +440 -0
package/src/cli/args.ts +225 -0
package/src/cli/env.ts +10 -2
package/src/cli/format.ts +147 -0
package/src/cli/index.ts +147 -25
package/src/cli/mail.ts +363 -0
package/src/cli/storage.ts +307 -0

package/src/auth/client.ts CHANGED Viewed

@@ -3,6 +3,14 @@ import {
   type SignupResponse,
   type LoginResponse,
   type AuthTokensResponse,
+  type LoginOutcome,
+  type SessionSummary,
+  type ActivityEntry,
+  type MfaStatus,
+  type MfaEnrollResponse,
+  type MfaVerifyEnrollmentResponse,
+  type PasskeySummary,
+  type SocialProvider,
 } from "./types"
 import { AuthHttp, type AuthHttpOptions } from "./http"
@@ -61,6 +69,37 @@ function decodeBase64Url(s: string): string {
   throw new Error("No base64 decoder available")
 }
+/**
+ * Optional `@simplewebauthn/browser` import — RP webauthn flow kullanmak
+ * isterse kendi devDependencies'ine ekler; lazy import ile bundle'a
+ * sızmaz.
+ */
+async function loadSimpleWebAuthnBrowser(): Promise<{
+  startRegistration: (opts: {
+    optionsJSON: Record<string, unknown>
+  }) => Promise<unknown>
+  startAuthentication: (opts: {
+    optionsJSON: Record<string, unknown>
+  }) => Promise<unknown>
+}> {
+  try {
+    // String-concat hides the specifier from TS resolver — `@simplewebauthn/browser`
+    // is an optional peer; SDK ships without it bundled. RP'nin npm install'unda
+    // varsa runtime'da çözülür, yoksa catch'e düşüp kullanıcıya net hata verir.
+    const specifier = "@simplewebauthn/" + "browser"
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const mod: any = await import(/* @vite-ignore */ specifier)
+    return {
+      startRegistration: mod.startRegistration,
+      startAuthentication: mod.startAuthentication,
+    }
+  } catch {
+    throw new Error(
+      "Passkey support requires `@simplewebauthn/browser` — install it as a peer dependency.",
+    )
+  }
+}
 function localStorageAdapter(projectSlug: string): AuthStorageAdapter {
   if (typeof window === "undefined" || !window.localStorage) {
     return memoryStorageAdapter()
@@ -186,14 +225,45 @@ export class SentroyAuth {
     return res
   }
+  /**
+   * Sign in with email/password. MFA enrolled user'lar için response
+   * discriminated union: `kind: "mfa"` → caller `verifyMfa()` çağırır.
+   * `kind: "tokens"` → session kuruldu.
+   */
   async signIn(input: {
     email: string
     password: string
-  }): Promise<LoginResponse> {
-    const res = await this.http.request<LoginResponse>("/login", {
-      method: "POST",
-      json: input,
+    rememberMe?: boolean
+  }): Promise<LoginOutcome> {
+    const res = await this.http.request<
+      LoginResponse | { mfaRequired: true; mfaToken: string; factorType: "totp" }
+    >("/login", { method: "POST", json: input })
+    if ("mfaRequired" in res && res.mfaRequired) {
+      return { kind: "mfa", data: res }
+    }
+    const tokens = res as LoginResponse
+    this.persist({
+      accessToken: tokens.accessToken,
+      refreshToken: tokens.refreshToken,
+      user: tokens.user,
     })
+    return { kind: "tokens", data: tokens }
+  }
+  /**
+   * MFA verify — `signIn` ile `kind: "mfa"` döndüyse, kullanıcıdan code
+   * (veya recovery code) alıp bu method'u çağır. Başarılıysa session
+   * kurulur ve login tamamlanır.
+   */
+  async verifyMfa(input: {
+    mfaToken: string
+    code?: string
+    recoveryCode?: string
+  }): Promise<LoginResponse> {
+    const res = await this.http.request<LoginResponse>(
+      "/login/mfa/verify",
+      { method: "POST", json: input },
+    )
     this.persist({
       accessToken: res.accessToken,
       refreshToken: res.refreshToken,
@@ -224,6 +294,21 @@ export class SentroyAuth {
     })
   }
+  /**
+   * Reset password using token from email. `newPassword` policy +
+   * HaveIBeenPwned breach check yapılır.
+   */
+  async confirmPasswordReset(input: {
+    token: string
+    newPassword: string
+  }): Promise<SentroyAuthUser> {
+    const res = await this.http.request<{ user: SentroyAuthUser }>(
+      "/password-reset/confirm",
+      { method: "POST", json: input },
+    )
+    return res.user
+  }
   async verifyEmail(token: string): Promise<SentroyAuthUser> {
     const res = await this.http.request<{ user: SentroyAuthUser }>(
       "/verify-email",
@@ -241,6 +326,355 @@ export class SentroyAuth {
     return res.user
   }
+  // ─── Magic link ──────────────────────────────────────────────────────────
+  /**
+   * Email magic-link request. Project'in `magicLinkEnabled` true
+   * olması gerekir. Uniform 200 response — email yoksa da hata vermez.
+   */
+  async sendMagicLink(input: { email: string; redirectUri?: string }): Promise<void> {
+    await this.http.request("/magic-link/request", {
+      method: "POST",
+      json: input,
+    })
+  }
+  /**
+   * Magic link mail'inden gelen token ile login. Session kurulur.
+   */
+  async consumeMagicLink(token: string): Promise<LoginResponse> {
+    const res = await this.http.request<LoginResponse & { redirectUri?: string | null }>(
+      "/magic-link/consume",
+      { method: "POST", json: { token } },
+    )
+    this.persist({
+      accessToken: res.accessToken,
+      refreshToken: res.refreshToken,
+      user: res.user,
+    })
+    return res
+  }
+  // ─── Invitation ──────────────────────────────────────────────────────────
+  /**
+   * Accept admin invitation. Token mail'den gelir, kullanıcı password
+   * + optional displayName girer; hesap create + session kurulur.
+   */
+  async acceptInvitation(input: {
+    token: string
+    password: string
+    displayName?: string
+  }): Promise<LoginResponse> {
+    const res = await this.http.request<LoginResponse>(
+      "/invitation/accept",
+      { method: "POST", json: input },
+    )
+    this.persist({
+      accessToken: res.accessToken,
+      refreshToken: res.refreshToken,
+      user: res.user,
+    })
+    return res
+  }
+  // ─── Social federation ───────────────────────────────────────────────────
+  /**
+   * Provider authorize URL üret. `window.location.assign(url)` ile
+   * RP'nin sayfasından redirect — callback'te Sentroy session kurulur,
+   * redirectUri fragment'ında token'lar döner.
+   */
+  socialAuthorizeUrl(
+    provider: SocialProvider,
+    opts: { redirectUri?: string; rememberMe?: boolean } = {},
+  ): string {
+    const params = new URLSearchParams()
+    if (opts.redirectUri) params.set("redirectUri", opts.redirectUri)
+    if (opts.rememberMe) params.set("rememberMe", "1")
+    const qs = params.toString()
+    return `${this.http.baseUrl}/api/v1/auth/${this.http.projectSlug}/social/${provider}/authorize${qs ? `?${qs}` : ""}`
+  }
+  /**
+   * `window.location.hash`tan social login redirect sonrası gelen
+   * `#access_token=...&refresh_token=...&token_type=Bearer` parse +
+   * session kur. RP sayfasına redirectUri varsayılan akış kullanıldıysa
+   * çağırın. Başarılıysa user döner, fail'da null.
+   */
+  async consumeRedirectFragment(): Promise<SentroyAuthUser | null> {
+    if (typeof window === "undefined") return null
+    const hash = window.location.hash.replace(/^#/, "")
+    if (!hash) return null
+    const params = new URLSearchParams(hash)
+    const accessToken = params.get("access_token")
+    const refreshToken = params.get("refresh_token")
+    if (!accessToken || !refreshToken) return null
+    // Fragment'ı URL'den temizle (history clean)
+    window.history.replaceState(
+      null,
+      "",
+      window.location.pathname + window.location.search,
+    )
+    const user = await this.fetchMe(accessToken)
+    if (!user) return null
+    this.persist({ accessToken, refreshToken, user })
+    return user
+  }
+  // ─── /me (current user info) ─────────────────────────────────────────────
+  async getCurrentUser(): Promise<SentroyAuthUser | null> {
+    const restored = this.storage.read()
+    if (!restored) return null
+    const user = await this.fetchMe(restored.accessToken)
+    if (user) {
+      this.persist({ ...restored, user })
+    }
+    return user
+  }
+  private async fetchMe(accessToken: string): Promise<SentroyAuthUser | null> {
+    try {
+      return await this.http.request<SentroyAuthUser>("/me", {
+        method: "GET",
+        bearer: accessToken,
+      })
+    } catch {
+      return null
+    }
+  }
+  // ─── /me/sessions ────────────────────────────────────────────────────────
+  async listSessions(): Promise<SessionSummary[]> {
+    return this.http.request<SessionSummary[]>("/me/sessions", {
+      method: "GET",
+      bearer: this.requireToken(),
+    })
+  }
+  async revokeSession(id: string): Promise<void> {
+    await this.http.request(`/me/sessions/${encodeURIComponent(id)}`, {
+      method: "DELETE",
+      bearer: this.requireToken(),
+    })
+  }
+  // ─── /me/password ────────────────────────────────────────────────────────
+  /**
+   * Change password. Backend tüm session'ları revoke eder; SDK local
+   * session'ı temizler — caller `signIn` ile tekrar oturum açar.
+   */
+  async changePassword(input: {
+    currentPassword: string
+    newPassword: string
+  }): Promise<void> {
+    await this.http.request("/me/password", {
+      method: "POST",
+      json: input,
+      bearer: this.requireToken(),
+    })
+    this.clearSession()
+  }
+  // ─── /me/email/change ────────────────────────────────────────────────────
+  /**
+   * Request email change — confirmation mail yeni adrese gönderilir.
+   * Kullanıcı `confirmEmailChange(token)` ile finalize eder.
+   */
+  async requestEmailChange(input: {
+    newEmail: string
+    currentPassword: string
+  }): Promise<void> {
+    await this.http.request("/me/email/change-request", {
+      method: "POST",
+      json: input,
+      bearer: this.requireToken(),
+    })
+  }
+  /** Token-based confirm (mail link'inden gelir). */
+  async confirmEmailChange(token: string): Promise<SentroyAuthUser> {
+    const user = await this.http.request<SentroyAuthUser>(
+      "/me/email/change-confirm",
+      { method: "POST", json: { token } },
+    )
+    // Email changed — tüm sessions revoke edildi, local clear
+    this.clearSession()
+    return user
+  }
+  // ─── /me/account (delete) ────────────────────────────────────────────────
+  async requestAccountDeletion(currentPassword: string): Promise<void> {
+    await this.http.request("/me/account/delete-request", {
+      method: "POST",
+      json: { currentPassword },
+      bearer: this.requireToken(),
+    })
+  }
+  async confirmAccountDeletion(token: string): Promise<void> {
+    await this.http.request("/me/account/delete-confirm", {
+      method: "POST",
+      json: { token },
+    })
+    this.clearSession()
+  }
+  // ─── /me/activity ────────────────────────────────────────────────────────
+  async getActivity(): Promise<ActivityEntry[]> {
+    return this.http.request<ActivityEntry[]>("/me/activity", {
+      method: "GET",
+      bearer: this.requireToken(),
+    })
+  }
+  // ─── /me/mfa ─────────────────────────────────────────────────────────────
+  readonly mfa = {
+    getStatus: async (): Promise<MfaStatus> =>
+      this.http.request<MfaStatus>("/me/mfa", {
+        method: "GET",
+        bearer: this.requireToken(),
+      }),
+    enrollTotp: async (): Promise<MfaEnrollResponse> =>
+      this.http.request<MfaEnrollResponse>("/me/mfa/totp/enroll", {
+        method: "POST",
+        bearer: this.requireToken(),
+      }),
+    verifyTotpEnrollment: async (
+      code: string,
+    ): Promise<MfaVerifyEnrollmentResponse> =>
+      this.http.request<MfaVerifyEnrollmentResponse>(
+        "/me/mfa/totp/verify-enrollment",
+        { method: "POST", json: { code }, bearer: this.requireToken() },
+      ),
+    disableTotp: async (currentPassword: string): Promise<void> => {
+      await this.http.request("/me/mfa/totp/disable", {
+        method: "POST",
+        json: { currentPassword },
+        bearer: this.requireToken(),
+      })
+    },
+  }
+  // ─── /me/passkey + /passkey/auth ─────────────────────────────────────────
+  readonly passkey = {
+    list: async (): Promise<PasskeySummary[]> =>
+      this.http.request<PasskeySummary[]>("/me/passkey", {
+        method: "GET",
+        bearer: this.requireToken(),
+      }),
+    delete: async (id: string): Promise<void> => {
+      await this.http.request(`/me/passkey/${encodeURIComponent(id)}`, {
+        method: "DELETE",
+        bearer: this.requireToken(),
+      })
+    },
+    /**
+     * Register a new passkey on this device.
+     *
+     * Browser-only: dynamically imports `@simplewebauthn/browser`. RP
+     * SDK kullanıyor ama webauthn/browser bağımlılığı yoksa caller
+     * `peerDependencies` aracılığıyla manuel ekler.
+     */
+    register: async (deviceName?: string): Promise<void> => {
+      const begin = await this.http.request<{
+        options: unknown
+        challengeToken: string
+      }>("/me/passkey/register/begin", {
+        method: "POST",
+        bearer: this.requireToken(),
+      })
+      const sw = await loadSimpleWebAuthnBrowser()
+      const attestation = await sw.startRegistration({
+        optionsJSON: begin.options as Parameters<typeof sw.startRegistration>[0]["optionsJSON"],
+      })
+      await this.http.request("/me/passkey/register/complete", {
+        method: "POST",
+        json: {
+          challengeToken: begin.challengeToken,
+          response: attestation,
+          deviceName:
+            deviceName ??
+            (typeof navigator !== "undefined"
+              ? navigator.userAgent.slice(0, 80)
+              : null),
+        },
+        bearer: this.requireToken(),
+      })
+    },
+    /**
+     * Sign in with passkey. Email opsiyonel — verilirse server o
+     * user'ın passkey'lerini allowList yapar, yoksa "usernameless".
+     * Session kurulur.
+     */
+    authenticate: async (
+      opts: { email?: string; rememberMe?: boolean } = {},
+    ): Promise<LoginResponse> => {
+      const begin = await this.http.request<{
+        options: unknown
+        challengeToken: string
+      }>("/passkey/authenticate/begin", {
+        method: "POST",
+        json: { email: opts.email },
+      })
+      const sw = await loadSimpleWebAuthnBrowser()
+      const assertion = await sw.startAuthentication({
+        optionsJSON: begin.options as Parameters<typeof sw.startAuthentication>[0]["optionsJSON"],
+      })
+      const res = await this.http.request<LoginResponse>(
+        "/passkey/authenticate/complete",
+        {
+          method: "POST",
+          json: {
+            challengeToken: begin.challengeToken,
+            response: assertion,
+            rememberMe: opts.rememberMe,
+          },
+        },
+      )
+      this.persist({
+        accessToken: res.accessToken,
+        refreshToken: res.refreshToken,
+        user: res.user,
+      })
+      return res
+    },
+  }
+  /**
+   * Force refresh now — caller'ın sürdüğü access token süresi dolmuş
+   * olabilir; bu method yeni token'ları persist eder.
+   */
+  async refreshNow(): Promise<void> {
+    await this.refresh()
+  }
+  /** Manual session injection — fragment / cookie redirect dışında tokens
+   *  başka bir kanaldan elde edildiyse (örn. RP custom auth callback). */
+  setSession(input: {
+    accessToken: string
+    refreshToken: string
+    user: SentroyAuthUser
+  }): void {
+    this.persist(input)
+  }
+  private requireToken(): string {
+    const restored = this.storage.read()
+    if (!restored?.accessToken) {
+      throw new Error("Not signed in — accessToken missing.")
+    }
+    return restored.accessToken
+  }
   /**
    * Subscription pattern — Firebase Auth uyumlu. Caller'ın hemen mevcut
    * state'i alabilmesi için constructor'da restore edilen user

package/src/auth/index.ts CHANGED Viewed

@@ -23,4 +23,13 @@ export {
   type SignupResponse,
   type LoginResponse,
   type AuthTokensResponse,
+  type LoginOutcome,
+  type MfaChallengeResponse,
+  type SessionSummary,
+  type ActivityEntry,
+  type MfaStatus,
+  type MfaEnrollResponse,
+  type MfaVerifyEnrollmentResponse,
+  type PasskeySummary,
+  type SocialProvider,
 } from "./types"