@shadowob/oauth 1.1.6 → 1.1.8

package/dist/index.cjs

@@ -20,10 +20,75 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  ShadowOAuth: () => ShadowOAuth
+  SHADOW_OAUTH_AUTHORIZE_PATHS: () => SHADOW_OAUTH_AUTHORIZE_PATHS,
+  SHADOW_OAUTH_SCOPE_GROUPS: () => SHADOW_OAUTH_SCOPE_GROUPS,
+  ShadowOAuth: () => ShadowOAuth,
+  buildShadowOAuthDenyRedirect: () => buildShadowOAuthDenyRedirect,
+  parseShadowOAuthAuthorizeUrl: () => parseShadowOAuthAuthorizeUrl,
+  shadowOAuthAuthorizeApiPath: () => shadowOAuthAuthorizeApiPath
 });
 module.exports = __toCommonJS(index_exports);
 
+// src/authorization.ts
+var SHADOW_OAUTH_AUTHORIZE_PATHS = ["/app/oauth/authorize", "/oauth/authorize"];
+var SHADOW_OAUTH_SCOPE_GROUPS = [
+  { key: "user", scopes: ["user:read", "user:email"] },
+  { key: "servers", scopes: ["servers:read", "servers:write"] },
+  { key: "channels", scopes: ["channels:read", "channels:write"] },
+  { key: "messages", scopes: ["messages:read", "messages:write"] },
+  { key: "attachments", scopes: ["attachments:read", "attachments:write"] },
+  { key: "workspaces", scopes: ["workspaces:read", "workspaces:write"] },
+  { key: "buddies", scopes: ["buddies:create", "buddies:manage"] },
+  { key: "commerce", scopes: ["commerce:read", "commerce:write"] }
+];
+function originFor(value) {
+  try {
+    return new URL(value).origin;
+  } catch {
+    return null;
+  }
+}
+function parseShadowOAuthAuthorizeUrl(input, options = {}) {
+  let url;
+  try {
+    url = new URL(input);
+  } catch {
+    return null;
+  }
+  const allowedOrigins = options.allowedOrigins?.map(originFor).filter((origin) => Boolean(origin));
+  if (allowedOrigins?.length && !allowedOrigins.includes(url.origin)) return null;
+  const authorizePathnames = options.authorizePathnames ?? [...SHADOW_OAUTH_AUTHORIZE_PATHS];
+  if (!authorizePathnames.includes(url.pathname)) return null;
+  const responseType = url.searchParams.get("response_type") ?? "code";
+  const clientId = url.searchParams.get("client_id")?.trim();
+  const redirectUri = url.searchParams.get("redirect_uri")?.trim();
+  if (responseType !== "code" || !clientId || !redirectUri) return null;
+  return {
+    responseType: "code",
+    clientId,
+    redirectUri,
+    scope: url.searchParams.get("scope")?.trim() || "user:read",
+    state: url.searchParams.get("state") ?? void 0,
+    sourceUrl: url.toString()
+  };
+}
+function shadowOAuthAuthorizeApiPath(request) {
+  const params = new URLSearchParams({
+    response_type: request.responseType,
+    client_id: request.clientId,
+    redirect_uri: request.redirectUri,
+    scope: request.scope
+  });
+  if (request.state) params.set("state", request.state);
+  return `/api/oauth/authorize?${params.toString()}`;
+}
+function buildShadowOAuthDenyRedirect(request, error = "access_denied") {
+  const url = new URL(request.redirectUri);
+  url.searchParams.set("error", error);
+  if (request.state) url.searchParams.set("state", request.state);
+  return url.toString();
+}
+
 // src/client.ts
 var DEFAULT_BASE_URL = "https://shadowob.com";
 var ShadowOAuth = class {
@@ -51,7 +116,7 @@ var ShadowOAuth = class {
     if (options?.state) {
       params.set("state", options.state);
     }
-    return `${this.baseUrl}/oauth/authorize?${params.toString()}`;
+    return `${this.baseUrl}/app/oauth/authorize?${params.toString()}`;
   }
   /**
    * Exchange an authorization code for access and refresh tokens.
@@ -263,5 +328,10 @@ var ShadowOAuth = class {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  ShadowOAuth
+  SHADOW_OAUTH_AUTHORIZE_PATHS,
+  SHADOW_OAUTH_SCOPE_GROUPS,
+  ShadowOAuth,
+  buildShadowOAuthDenyRedirect,
+  parseShadowOAuthAuthorizeUrl,
+  shadowOAuthAuthorizeApiPath
 });

package/dist/index.d.cts

@@ -1,3 +1,45 @@
+interface ShadowOAuthAuthorizationRequest {
+    responseType: 'code';
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    state?: string;
+    sourceUrl: string;
+}
+interface ShadowOAuthAuthorizeUrlOptions {
+    allowedOrigins?: string[];
+    authorizePathnames?: string[];
+}
+declare const SHADOW_OAUTH_AUTHORIZE_PATHS: readonly ["/app/oauth/authorize", "/oauth/authorize"];
+declare const SHADOW_OAUTH_SCOPE_GROUPS: readonly [{
+    readonly key: "user";
+    readonly scopes: readonly ["user:read", "user:email"];
+}, {
+    readonly key: "servers";
+    readonly scopes: readonly ["servers:read", "servers:write"];
+}, {
+    readonly key: "channels";
+    readonly scopes: readonly ["channels:read", "channels:write"];
+}, {
+    readonly key: "messages";
+    readonly scopes: readonly ["messages:read", "messages:write"];
+}, {
+    readonly key: "attachments";
+    readonly scopes: readonly ["attachments:read", "attachments:write"];
+}, {
+    readonly key: "workspaces";
+    readonly scopes: readonly ["workspaces:read", "workspaces:write"];
+}, {
+    readonly key: "buddies";
+    readonly scopes: readonly ["buddies:create", "buddies:manage"];
+}, {
+    readonly key: "commerce";
+    readonly scopes: readonly ["commerce:read", "commerce:write"];
+}];
+declare function parseShadowOAuthAuthorizeUrl(input: string, options?: ShadowOAuthAuthorizeUrlOptions): ShadowOAuthAuthorizationRequest | null;
+declare function shadowOAuthAuthorizeApiPath(request: ShadowOAuthAuthorizationRequest): string;
+declare function buildShadowOAuthDenyRedirect(request: Pick<ShadowOAuthAuthorizationRequest, 'redirectUri' | 'state'>, error?: string): string;
+
 interface ShadowOAuthConfig {
     /** Your app's client_id from Shadow Developer Portal */
     clientId: string;
@@ -238,4 +280,4 @@ declare class ShadowOAuth {
     private oauthPost;
 }
 
-export { ShadowOAuth, type ShadowOAuthBuddy, type ShadowOAuthChannel, type ShadowOAuthCommerceEntitlementAccess, type ShadowOAuthCommerceEntitlementRedeemInput, type ShadowOAuthCommerceEntitlementRedeemResult, type ShadowOAuthCommerceEntitlementRedemption, type ShadowOAuthCommerceEntitlementSummary, type ShadowOAuthConfig, type ShadowOAuthMessage, type ShadowOAuthScope, type ShadowOAuthServer, type ShadowOAuthTokens, type ShadowOAuthUser, type ShadowOAuthWorkspace };
+export { SHADOW_OAUTH_AUTHORIZE_PATHS, SHADOW_OAUTH_SCOPE_GROUPS, ShadowOAuth, type ShadowOAuthAuthorizationRequest, type ShadowOAuthAuthorizeUrlOptions, type ShadowOAuthBuddy, type ShadowOAuthChannel, type ShadowOAuthCommerceEntitlementAccess, type ShadowOAuthCommerceEntitlementRedeemInput, type ShadowOAuthCommerceEntitlementRedeemResult, type ShadowOAuthCommerceEntitlementRedemption, type ShadowOAuthCommerceEntitlementSummary, type ShadowOAuthConfig, type ShadowOAuthMessage, type ShadowOAuthScope, type ShadowOAuthServer, type ShadowOAuthTokens, type ShadowOAuthUser, type ShadowOAuthWorkspace, buildShadowOAuthDenyRedirect, parseShadowOAuthAuthorizeUrl, shadowOAuthAuthorizeApiPath };

package/dist/index.d.ts

@@ -1,3 +1,45 @@
+interface ShadowOAuthAuthorizationRequest {
+    responseType: 'code';
+    clientId: string;
+    redirectUri: string;
+    scope: string;
+    state?: string;
+    sourceUrl: string;
+}
+interface ShadowOAuthAuthorizeUrlOptions {
+    allowedOrigins?: string[];
+    authorizePathnames?: string[];
+}
+declare const SHADOW_OAUTH_AUTHORIZE_PATHS: readonly ["/app/oauth/authorize", "/oauth/authorize"];
+declare const SHADOW_OAUTH_SCOPE_GROUPS: readonly [{
+    readonly key: "user";
+    readonly scopes: readonly ["user:read", "user:email"];
+}, {
+    readonly key: "servers";
+    readonly scopes: readonly ["servers:read", "servers:write"];
+}, {
+    readonly key: "channels";
+    readonly scopes: readonly ["channels:read", "channels:write"];
+}, {
+    readonly key: "messages";
+    readonly scopes: readonly ["messages:read", "messages:write"];
+}, {
+    readonly key: "attachments";
+    readonly scopes: readonly ["attachments:read", "attachments:write"];
+}, {
+    readonly key: "workspaces";
+    readonly scopes: readonly ["workspaces:read", "workspaces:write"];
+}, {
+    readonly key: "buddies";
+    readonly scopes: readonly ["buddies:create", "buddies:manage"];
+}, {
+    readonly key: "commerce";
+    readonly scopes: readonly ["commerce:read", "commerce:write"];
+}];
+declare function parseShadowOAuthAuthorizeUrl(input: string, options?: ShadowOAuthAuthorizeUrlOptions): ShadowOAuthAuthorizationRequest | null;
+declare function shadowOAuthAuthorizeApiPath(request: ShadowOAuthAuthorizationRequest): string;
+declare function buildShadowOAuthDenyRedirect(request: Pick<ShadowOAuthAuthorizationRequest, 'redirectUri' | 'state'>, error?: string): string;
+
 interface ShadowOAuthConfig {
     /** Your app's client_id from Shadow Developer Portal */
     clientId: string;
@@ -238,4 +280,4 @@ declare class ShadowOAuth {
     private oauthPost;
 }
 
-export { ShadowOAuth, type ShadowOAuthBuddy, type ShadowOAuthChannel, type ShadowOAuthCommerceEntitlementAccess, type ShadowOAuthCommerceEntitlementRedeemInput, type ShadowOAuthCommerceEntitlementRedeemResult, type ShadowOAuthCommerceEntitlementRedemption, type ShadowOAuthCommerceEntitlementSummary, type ShadowOAuthConfig, type ShadowOAuthMessage, type ShadowOAuthScope, type ShadowOAuthServer, type ShadowOAuthTokens, type ShadowOAuthUser, type ShadowOAuthWorkspace };
+export { SHADOW_OAUTH_AUTHORIZE_PATHS, SHADOW_OAUTH_SCOPE_GROUPS, ShadowOAuth, type ShadowOAuthAuthorizationRequest, type ShadowOAuthAuthorizeUrlOptions, type ShadowOAuthBuddy, type ShadowOAuthChannel, type ShadowOAuthCommerceEntitlementAccess, type ShadowOAuthCommerceEntitlementRedeemInput, type ShadowOAuthCommerceEntitlementRedeemResult, type ShadowOAuthCommerceEntitlementRedemption, type ShadowOAuthCommerceEntitlementSummary, type ShadowOAuthConfig, type ShadowOAuthMessage, type ShadowOAuthScope, type ShadowOAuthServer, type ShadowOAuthTokens, type ShadowOAuthUser, type ShadowOAuthWorkspace, buildShadowOAuthDenyRedirect, parseShadowOAuthAuthorizeUrl, shadowOAuthAuthorizeApiPath };

package/dist/index.js

@@ -1,3 +1,63 @@
+// src/authorization.ts
+var SHADOW_OAUTH_AUTHORIZE_PATHS = ["/app/oauth/authorize", "/oauth/authorize"];
+var SHADOW_OAUTH_SCOPE_GROUPS = [
+  { key: "user", scopes: ["user:read", "user:email"] },
+  { key: "servers", scopes: ["servers:read", "servers:write"] },
+  { key: "channels", scopes: ["channels:read", "channels:write"] },
+  { key: "messages", scopes: ["messages:read", "messages:write"] },
+  { key: "attachments", scopes: ["attachments:read", "attachments:write"] },
+  { key: "workspaces", scopes: ["workspaces:read", "workspaces:write"] },
+  { key: "buddies", scopes: ["buddies:create", "buddies:manage"] },
+  { key: "commerce", scopes: ["commerce:read", "commerce:write"] }
+];
+function originFor(value) {
+  try {
+    return new URL(value).origin;
+  } catch {
+    return null;
+  }
+}
+function parseShadowOAuthAuthorizeUrl(input, options = {}) {
+  let url;
+  try {
+    url = new URL(input);
+  } catch {
+    return null;
+  }
+  const allowedOrigins = options.allowedOrigins?.map(originFor).filter((origin) => Boolean(origin));
+  if (allowedOrigins?.length && !allowedOrigins.includes(url.origin)) return null;
+  const authorizePathnames = options.authorizePathnames ?? [...SHADOW_OAUTH_AUTHORIZE_PATHS];
+  if (!authorizePathnames.includes(url.pathname)) return null;
+  const responseType = url.searchParams.get("response_type") ?? "code";
+  const clientId = url.searchParams.get("client_id")?.trim();
+  const redirectUri = url.searchParams.get("redirect_uri")?.trim();
+  if (responseType !== "code" || !clientId || !redirectUri) return null;
+  return {
+    responseType: "code",
+    clientId,
+    redirectUri,
+    scope: url.searchParams.get("scope")?.trim() || "user:read",
+    state: url.searchParams.get("state") ?? void 0,
+    sourceUrl: url.toString()
+  };
+}
+function shadowOAuthAuthorizeApiPath(request) {
+  const params = new URLSearchParams({
+    response_type: request.responseType,
+    client_id: request.clientId,
+    redirect_uri: request.redirectUri,
+    scope: request.scope
+  });
+  if (request.state) params.set("state", request.state);
+  return `/api/oauth/authorize?${params.toString()}`;
+}
+function buildShadowOAuthDenyRedirect(request, error = "access_denied") {
+  const url = new URL(request.redirectUri);
+  url.searchParams.set("error", error);
+  if (request.state) url.searchParams.set("state", request.state);
+  return url.toString();
+}
+
 // src/client.ts
 var DEFAULT_BASE_URL = "https://shadowob.com";
 var ShadowOAuth = class {
@@ -25,7 +85,7 @@ var ShadowOAuth = class {
     if (options?.state) {
       params.set("state", options.state);
     }
-    return `${this.baseUrl}/oauth/authorize?${params.toString()}`;
+    return `${this.baseUrl}/app/oauth/authorize?${params.toString()}`;
   }
   /**
    * Exchange an authorization code for access and refresh tokens.
@@ -236,5 +296,10 @@ var ShadowOAuth = class {
   }
 };
 export {
-  ShadowOAuth
+  SHADOW_OAUTH_AUTHORIZE_PATHS,
+  SHADOW_OAUTH_SCOPE_GROUPS,
+  ShadowOAuth,
+  buildShadowOAuthDenyRedirect,
+  parseShadowOAuthAuthorizeUrl,
+  shadowOAuthAuthorizeApiPath
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shadowob/oauth",
-  "version": "1.1.6",
+  "version": "1.1.8",
   "description": "Shadow OAuth SDK — typed client for integrating Shadow OAuth login into third-party applications",
   "license": "MIT",
   "type": "module",
@@ -12,6 +12,7 @@
     ".": {
       "types": "./dist/index.d.ts",
       "development": "./src/index.ts",
+      "react-native": "./src/index.ts",
       "import": "./dist/index.js",
       "require": "./dist/index.cjs",
       "default": "./dist/index.js"