@serialsubscriptions/platform-integration 0.0.79

package/lib/lib/session/index.js

@@ -0,0 +1,3 @@
+export * from './types';
+export * from './SessionClient';
+export * from './stores';

package/lib/lib/session/stores/MemoryStore.d.ts

@@ -0,0 +1,7 @@
+import type { SessionStore } from '../types';
+export declare class MemoryStore implements SessionStore {
+    private map;
+    get<T = unknown>(key: string): Promise<T | null>;
+    set<T = unknown>(key: string, value: T, ttlSec?: number): Promise<void>;
+    del(key: string): Promise<void>;
+}

package/lib/lib/session/stores/MemoryStore.js

@@ -0,0 +1,23 @@
+export class MemoryStore {
+    constructor() {
+        this.map = new Map();
+    }
+    async get(key) {
+        const now = Date.now();
+        const hit = this.map.get(key);
+        if (!hit)
+            return null;
+        if (hit.expiresAt !== undefined && hit.expiresAt <= now) {
+            this.map.delete(key);
+            return null;
+        }
+        return hit.value;
+    }
+    async set(key, value, ttlSec) {
+        const expiresAt = ttlSec !== undefined && ttlSec > 0 ? Date.now() + ttlSec * 1000 : undefined;
+        this.map.set(key, { value, expiresAt });
+    }
+    async del(key) {
+        this.map.delete(key);
+    }
+}

package/lib/lib/session/stores/index.d.ts

@@ -0,0 +1 @@
+export { MemoryStore } from './MemoryStore';

package/lib/lib/session/stores/index.js

@@ -0,0 +1 @@
+export { MemoryStore } from './MemoryStore';

package/lib/lib/session/types.d.ts

@@ -0,0 +1,37 @@
+export interface SessionStore {
+    get<T = unknown>(key: string): Promise<T | null>;
+    set<T = unknown>(key: string, value: T, ttlSec?: number): Promise<void>;
+    del(key: string): Promise<void>;
+}
+export type SameSite = 'lax' | 'strict' | 'none';
+export interface JWKSOptions {
+    issuer: string;
+    jwksUri: string;
+    cacheTtlSec?: number;
+}
+export interface RequiredClaims {
+    sub: string;
+    organization_id?: number | string;
+    role?: string;
+    [k: string]: unknown;
+}
+export interface SessionClientInit {
+    store: SessionStore;
+    refresh?: {
+        endpoint: string;
+        graceSec?: number;
+        defaultTtlSec?: number;
+    };
+}
+export interface TokenBundle {
+    id_token: string;
+    access_token: string;
+    refresh_token?: string;
+    ttlSec?: number;
+}
+export interface SessionSnapshot {
+    claims: unknown | null;
+    access_token: string | null;
+    id_token: string | null;
+    refresh_token: string | null;
+}

package/lib/lib/session/types.js

@@ -0,0 +1 @@
+export {};

package/lib/session/SessionClient.d.ts

@@ -0,0 +1,19 @@
+export declare class SessionClient {
+    private readonly cookieHeader?;
+    private static readonly instances;
+    private readonly baseUrl;
+    private claims;
+    private ttl;
+    private initPromise;
+    private static normalizeBaseUrl;
+    constructor(baseUrl?: string, cookieHeader?: string | null | undefined);
+    static getSessionManager(baseUrl?: string): SessionClient;
+    isLoggedIn(): Promise<boolean>;
+    warmup(): void;
+    getTtl(): Promise<number | null>;
+    get(claimName: string): Promise<unknown>;
+    getAll(): Promise<unknown | null>;
+    private withSession;
+    private loadClaims;
+}
+export default SessionClient;

package/lib/session/SessionClient.js

@@ -0,0 +1,132 @@
+export class SessionClient {
+    static normalizeBaseUrl(baseUrl) {
+        if (!baseUrl) {
+            return "";
+        }
+        try {
+            const url = new URL(baseUrl);
+            // Remove trailing slash and default ports
+            url.pathname = url.pathname.replace(/\/$/, "");
+            if ((url.protocol === "https:" && url.port === "443") || (url.protocol === "http:" && url.port === "80")) {
+                url.port = "";
+            }
+            return url.toString().replace(/\/$/, "");
+        }
+        catch {
+            return baseUrl;
+        }
+    }
+    constructor(baseUrl, cookieHeader) {
+        this.cookieHeader = cookieHeader;
+        this.claims = null;
+        this.ttl = null;
+        const resolvedBaseUrl = baseUrl ?? process.env.NEXT_PUBLIC_BASE_URL ?? "";
+        this.baseUrl = SessionClient.normalizeBaseUrl(resolvedBaseUrl);
+        if (!this.baseUrl || !this.baseUrl.startsWith("http://") && !this.baseUrl.startsWith("https://")) {
+            console.error(`You must set baseUrl to SessionClient or you must set env variable NEXT_PUBLIC_BASE_URL. Incorrect value \`${resolvedBaseUrl}\``);
+        }
+        this.initPromise = this.loadClaims();
+    }
+    static getSessionManager(baseUrl) {
+        const resolvedBaseUrl = baseUrl ?? process.env.NEXT_PUBLIC_BASE_URL ?? "";
+        const normalizedBaseUrl = SessionClient.normalizeBaseUrl(resolvedBaseUrl);
+        if (!normalizedBaseUrl || !normalizedBaseUrl.startsWith("http://") && !normalizedBaseUrl.startsWith("https://")) {
+            console.error(`You must set baseUrl to SessionClient or you must set env variable NEXT_PUBLIC_BASE_URL. Incorrect value \`${resolvedBaseUrl}\``);
+        }
+        if (!SessionClient.instances.has(normalizedBaseUrl)) {
+            SessionClient.instances.set(normalizedBaseUrl, new SessionClient(baseUrl));
+        }
+        return SessionClient.instances.get(normalizedBaseUrl);
+    }
+    async isLoggedIn() {
+        await this.initPromise;
+        return this.claims != null;
+    }
+    // Non-awaiting stub to ensure initialization happens without blocking
+    warmup() {
+        void this.initPromise;
+    }
+    async getTtl() {
+        await this.initPromise;
+        return this.ttl;
+    }
+    async get(claimName) {
+        await this.initPromise;
+        if (this.claims && typeof this.claims === "object") {
+            const record = this.claims;
+            return record[claimName];
+        }
+        return undefined;
+    }
+    async getAll() {
+        await this.initPromise;
+        return this.claims;
+    }
+    async withSession(init = {}) {
+        if (this.cookieHeader) {
+            const headers = new Headers(init.headers ?? {});
+            if (!headers.has("Cookie")) {
+                headers.set("Cookie", this.cookieHeader);
+            }
+            return {
+                ...init,
+                headers,
+            };
+        }
+        if (typeof window !== "undefined") {
+            return init;
+        }
+        try {
+            const { cookies } = await import("next/headers");
+            const cookieStore = await cookies();
+            const serializedCookies = cookieStore
+                .getAll()
+                .map(({ name, value }) => `${name}=${value}`)
+                .join("; ");
+            if (!serializedCookies) {
+                return init;
+            }
+            const headers = new Headers(init.headers ?? {});
+            if (!headers.has("Cookie")) {
+                headers.set("Cookie", serializedCookies);
+            }
+            return {
+                ...init,
+                headers,
+            };
+        }
+        catch {
+            return init;
+        }
+    }
+    async loadClaims() {
+        try {
+            const url = new URL("/api/v1/auth/session", this.baseUrl).toString();
+            const response = await fetch(url, await this.withSession({
+                method: "GET",
+                headers: { accept: "application/json" },
+                credentials: "include",
+            }));
+            if (!response.ok) {
+                this.claims = null;
+                this.ttl = null;
+                return;
+            }
+            const data = (await response.json());
+            if (data.ok) {
+                this.claims = data.claims ?? null;
+                this.ttl = typeof data.ttl_seconds === "number" ? data.ttl_seconds : null;
+            }
+            else {
+                this.claims = null;
+                this.ttl = null;
+            }
+        }
+        catch (_err) {
+            this.claims = null;
+            this.ttl = null;
+        }
+    }
+}
+SessionClient.instances = new Map();
+export default SessionClient;

package/lib/session/SessionManager.d.ts

@@ -0,0 +1,139 @@
+import { SSIStorage } from '../storage/SSIStorage';
+import type { KVValue } from '../storage/types';
+import { AuthServer, type TokenResponse, type AuthConfig } from '../auth.server';
+export declare const sessionRoles: {
+    allRoles: string[];
+    adminRoles: string[];
+    userRoles: string[];
+    userAdminRoles: string[];
+};
+export type SessionDataKey = 'claims' | 'id_token' | 'access_token' | 'refresh_token';
+export interface SetSessionInput {
+    sessionId?: string;
+    id_token: string;
+    access_token: string;
+    refresh_token: string;
+    /**
+     * TTL for the refresh token (seconds). Defaults to 7 days.
+     * id_token/access_token inherit the same TTL unless you pass token-specific values.
+     */
+    refreshTtlSeconds?: number;
+    idTokenTtlSeconds?: number;
+    accessTokenTtlSeconds?: number;
+    /**
+     * Cookie overrides. If omitted, sensible defaults are used.
+     */
+    cookie?: Partial<CookieOptions>;
+}
+export interface CookieOptions {
+    name: string;
+    domain?: string;
+    path: string;
+    sameSite: 'Lax' | 'Strict' | 'None';
+    secure: boolean;
+    httpOnly: boolean;
+    /** seconds */
+    maxAge: number;
+}
+export declare class SessionManager {
+    private storage;
+    private auth?;
+    private _sessionId?;
+    private authConfig?;
+    private static inFlightRefresh;
+    private freshnessOnce;
+    constructor(storage: SSIStorage, authConfig?: AuthConfig);
+    static fromEnv(): SessionManager;
+    static fromEnv(cookieHeader: string | null, authConfig?: AuthConfig): SessionManager;
+    static fromEnv(request: Request, authConfig?: AuthConfig): SessionManager;
+    static fromEnv(authConfig: AuthConfig): SessionManager;
+    /**
+     * Async version that attempts to auto-detect the cookie header from Next.js context
+     * when called with no arguments. Falls back gracefully if not in a Next.js context.
+     *
+     * @example
+     * // In Next.js server components or route handlers without Request object
+     * const session = await SessionManager.fromEnvAsync();
+     *
+     * // Still supports explicit cookie header or Request object
+     * const session = await SessionManager.fromEnvAsync(request);
+     * const session = await SessionManager.fromEnvAsync(cookieHeader);
+     *
+     * // With AuthConfig
+     * const session = await SessionManager.fromEnvAsync({ clientId: 'my-client-id' });
+     * const session = await SessionManager.fromEnvAsync(request, { clientId: 'my-client-id' });
+     */
+    static fromEnvAsync(): Promise<SessionManager>;
+    static fromEnvAsync(cookieHeader: string | null, authConfig?: AuthConfig): Promise<SessionManager>;
+    static fromEnvAsync(request: Request, authConfig?: AuthConfig): Promise<SessionManager>;
+    static fromEnvAsync(authConfig: AuthConfig): Promise<SessionManager>;
+    private parseCookies;
+    get sessionId(): string | undefined;
+    /** Cryptographically strong, URL-safe session id */
+    generateSessionId(): string;
+    /**
+     * Store tokens from AuthServer TokenResponse and return { sessionId, setCookieHeader }.
+     * Keys: id_token, access_token, refresh_token
+     */
+    setSession(auth: AuthServer, tokenResponse: TokenResponse, options?: {
+        sessionId?: string;
+        refreshTtlSeconds?: number;
+        idTokenTtlSeconds?: number;
+        accessTokenTtlSeconds?: number;
+        cookie?: Partial<CookieOptions>;
+    }): Promise<{
+        sessionId: string;
+        setCookieHeader: string;
+    }>;
+    /** Convenience overload that reads the last TokenResponse from AuthServer */
+    setSession(auth: AuthServer, options?: {
+        sessionId?: string;
+        refreshTtlSeconds?: number;
+        idTokenTtlSeconds?: number;
+        accessTokenTtlSeconds?: number;
+        cookie?: Partial<CookieOptions>;
+    }): Promise<{
+        sessionId: string;
+        setCookieHeader: string;
+    }>;
+    /**
+     * Store tokens and return { sessionId, setCookieHeader }.
+     * Keys: id_token, access_token, refresh_token
+     */
+    setSession(input: SetSessionInput): Promise<{
+        sessionId: string;
+        setCookieHeader: string;
+    }>;
+    /** Build a single Set-Cookie header string for the session id */
+    buildSessionCookie(sessionId: string, overrides?: Partial<CookieOptions>): string;
+    /**
+     * Get session data by key. For 'claims', decodes the id_token payload
+     * WITHOUT verification (use your verifier upstream for security).
+     */
+    getSessionData(sessionId: string, dataKey: SessionDataKey): Promise<KVValue | null>;
+    private ensureFreshOnce;
+    /**
+     * Delete all keys under this session object (id/access/refresh).
+     */
+    clearSession(sessionId: string): Promise<string>;
+    /**
+     * Refresh session (stub): you’ll likely:
+     * 1) read refresh_token
+     * 2) call your token endpoint
+     * 3) update stored tokens + extend TTL
+     * 4) optionally rotate session id & cookie
+     */
+    refreshSession(_sessionId: string): Promise<never>;
+    /** Returns remaining TTL in seconds for this session's id_token, or null if none */
+    getSessionTtlSeconds(sessionId: string): Promise<number | null>;
+    private getVerifiedClaims;
+    private getRoles;
+    hasRole(roleName: string): Promise<boolean>;
+    hasRoleOneOf(roleNames: string[]): Promise<boolean>;
+    /**
+     * Get a specific claim from the session's ID token.
+     * Requires `sessionId` to be set (via `fromEnv()` with cookies).
+     */
+    getClaim(claimName: string): Promise<unknown>;
+    private getAuth;
+}