@shopsbuilder/auth-sdk 1.1.0

package/dist/chunk-BRRF6LN3.mjs

@@ -0,0 +1,224 @@
+import {
+  SaleorAccessTokenStorageHandler
+} from "./chunk-BZFBMGPG.mjs";
+import {
+  SaleorRefreshTokenStorageHandler
+} from "./chunk-263DHBMK.mjs";
+import {
+  getRequestData,
+  getTokenIss,
+  invariant,
+  isExpiredToken
+} from "./chunk-UDLCOX6B.mjs";
+import {
+  PASSWORD_RESET,
+  TOKEN_CREATE,
+  TOKEN_REFRESH
+} from "./chunk-7JTFMRQS.mjs";
+
+// src/SaleorAuthClient.ts
+import cookie from "cookie";
+var SaleorAuthClient = class {
+  // we'll assume a generous time of 2 seconds for api to
+  // process our request
+  tokenGracePeriod = 2e3;
+  tokenRefreshPromise = null;
+  onAuthRefresh;
+  saleorApiUrl;
+  /**
+   * Persistent storage (for refresh token)
+   */
+  refreshTokenStorage;
+  /**
+   * Non-persistent storage for access token
+   */
+  accessTokenStorage;
+  defaultRequestInit;
+  /**
+   * Use ths method to clear event listeners from storageHandler
+   *  @example
+   *  ```jsx
+   *  useEffect(() => {
+   *    return () => {
+   *      SaleorAuthClient.cleanup();
+   *    }
+   *  }, [])
+   *  ```
+   */
+  constructor({
+    saleorApiUrl,
+    refreshTokenStorage,
+    accessTokenStorage,
+    onAuthRefresh,
+    tokenGracePeriod,
+    defaultRequestInit
+  }) {
+    this.defaultRequestInit = defaultRequestInit;
+    if (tokenGracePeriod) {
+      this.tokenGracePeriod = tokenGracePeriod;
+    }
+    this.onAuthRefresh = onAuthRefresh;
+    this.saleorApiUrl = saleorApiUrl;
+    const refreshTokenRepo = refreshTokenStorage ?? (typeof window !== "undefined" ? window.localStorage : void 0);
+    this.refreshTokenStorage = refreshTokenRepo ? new SaleorRefreshTokenStorageHandler(refreshTokenRepo, saleorApiUrl) : null;
+    const accessTokenRepo = accessTokenStorage ?? getInMemoryAccessTokenStorage();
+    this.accessTokenStorage = new SaleorAccessTokenStorageHandler(accessTokenRepo, saleorApiUrl);
+  }
+  cleanup = () => {
+    this.refreshTokenStorage?.cleanup();
+  };
+  runAuthorizedRequest = (input, init, additionalParams) => {
+    const token = this.accessTokenStorage.getAccessToken();
+    if (!token) {
+      return fetch(input, init);
+    }
+    const headers = new Headers(init?.headers);
+    const getURL = (input2) => {
+      if (typeof input2 === "string") {
+        return input2;
+      } else if ("url" in input2) {
+        return input2.url;
+      } else {
+        return input2.href;
+      }
+    };
+    const iss = getTokenIss(token);
+    const issuerAndDomainMatch = getURL(input) === iss;
+    const shouldAddAuthorizationHeader = issuerAndDomainMatch || additionalParams?.allowPassingTokenToThirdPartyDomains;
+    if (!issuerAndDomainMatch) {
+      if (shouldAddAuthorizationHeader) {
+        console.warn(
+          "Token's `iss` and request URL do not match but `allowPassingTokenToThirdPartyDomains` was specified."
+        );
+      } else {
+        console.warn(
+          "Token's `iss` and request URL do not match. Not adding `Authorization` header to the request."
+        );
+      }
+    }
+    if (shouldAddAuthorizationHeader) {
+      headers.set("Authorization", `Bearer ${token}`);
+    }
+    return fetch(input, { ...init, headers });
+  };
+  handleRequestWithTokenRefresh = async (input, requestInit, additionalParams) => {
+    const refreshToken = this.refreshTokenStorage?.getRefreshToken();
+    invariant(refreshToken, "Missing refresh token in token refresh handler");
+    const accessToken = this.accessTokenStorage.getAccessToken();
+    if (accessToken && !isExpiredToken(accessToken, this.tokenGracePeriod)) {
+      return this.fetchWithAuth(input, requestInit, additionalParams);
+    }
+    this.onAuthRefresh?.(true);
+    if (this.tokenRefreshPromise) {
+      const response = await this.tokenRefreshPromise;
+      const res = await response.clone().json();
+      const {
+        errors: graphqlErrors,
+        data: {
+          tokenRefresh: { errors, token }
+        }
+      } = res;
+      this.onAuthRefresh?.(false);
+      if (errors?.length || graphqlErrors?.length || !token) {
+        this.tokenRefreshPromise = null;
+        this.refreshTokenStorage?.clearAuthStorage();
+        return fetch(input, requestInit);
+      }
+      this.refreshTokenStorage?.setAuthState("signedIn");
+      this.accessTokenStorage.setAccessToken(token);
+      this.tokenRefreshPromise = null;
+      return this.runAuthorizedRequest(input, requestInit, additionalParams);
+    }
+    this.tokenRefreshPromise = fetch(
+      this.saleorApiUrl,
+      getRequestData(TOKEN_REFRESH, { refreshToken }, { ...this.defaultRequestInit, ...requestInit })
+    );
+    return this.fetchWithAuth(input, requestInit, additionalParams);
+  };
+  handleSignIn = async (response) => {
+    const readResponse = await response.json();
+    const responseData = "tokenCreate" in readResponse.data ? readResponse.data.tokenCreate : readResponse.data.setPassword;
+    if (!responseData) {
+      return readResponse;
+    }
+    const { errors, token, refreshToken } = responseData;
+    if (!token || errors.length) {
+      this.refreshTokenStorage?.setAuthState("signedOut");
+      return readResponse;
+    }
+    if (token) {
+      this.accessTokenStorage.setAccessToken(token);
+    }
+    if (refreshToken) {
+      this.refreshTokenStorage?.setRefreshToken(refreshToken);
+    }
+    this.refreshTokenStorage?.setAuthState("signedIn");
+    return readResponse;
+  };
+  /**
+   * @param additionalParams
+   * @param additionalParams.allowPassingTokenToThirdPartyDomains if set to true, the `Authorization` header will be added to the request even if the token's `iss` and request URL do not match
+   */
+  fetchWithAuth = async (input, init, additionalParams) => {
+    const refreshToken = this.refreshTokenStorage?.getRefreshToken();
+    if (!this.accessTokenStorage.getAccessToken() && typeof document !== "undefined") {
+      const tokenFromCookie = cookie.parse(document.cookie).token ?? null;
+      if (tokenFromCookie) {
+        this.accessTokenStorage.setAccessToken(tokenFromCookie);
+      }
+      document.cookie = cookie.serialize("token", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
+    }
+    const accessToken = this.accessTokenStorage.getAccessToken();
+    if (accessToken && !isExpiredToken(accessToken, this.tokenGracePeriod)) {
+      return this.runAuthorizedRequest(input, init, additionalParams);
+    }
+    if (refreshToken) {
+      return this.handleRequestWithTokenRefresh(input, init, additionalParams);
+    }
+    return fetch(input, init);
+  };
+  resetPassword = async (variables, requestInit) => {
+    const response = await fetch(
+      this.saleorApiUrl,
+      getRequestData(PASSWORD_RESET, variables, { ...this.defaultRequestInit, ...requestInit })
+    );
+    return this.handleSignIn(response);
+  };
+  signIn = async (variables, requestInit) => {
+    const response = await fetch(
+      this.saleorApiUrl,
+      getRequestData(TOKEN_CREATE, variables, { ...this.defaultRequestInit, ...requestInit })
+    );
+    return this.handleSignIn(response);
+  };
+  signOut = () => {
+    this.accessTokenStorage.clearAuthStorage();
+    this.refreshTokenStorage?.clearAuthStorage();
+    if (typeof document !== "undefined") {
+      document.cookie = cookie.serialize("token", "", {
+        expires: /* @__PURE__ */ new Date(0),
+        path: "/"
+      });
+    }
+  };
+};
+var createSaleorAuthClient = (props) => new SaleorAuthClient(props);
+function getInMemoryAccessTokenStorage() {
+  let accessToken = null;
+  return {
+    getItem() {
+      return accessToken;
+    },
+    removeItem() {
+      return accessToken = null;
+    },
+    setItem(_key, value) {
+      return accessToken = value;
+    }
+  };
+}
+
+export {
+  SaleorAuthClient,
+  createSaleorAuthClient
+};

package/dist/chunk-BZFBMGPG.mjs

@@ -0,0 +1,25 @@
+// src/SaleorAccessTokenStorageHandler.ts
+var getAccessTokenKey = (prefix) => [prefix, "saleor_auth_access_token"].filter(Boolean).join("+");
+var SaleorAccessTokenStorageHandler = class {
+  constructor(storage, prefix) {
+    this.storage = storage;
+    this.prefix = prefix;
+  }
+  getAccessToken = () => {
+    const key = getAccessTokenKey(this.prefix);
+    return this.storage.getItem(key);
+  };
+  setAccessToken = (token) => {
+    const key = getAccessTokenKey(this.prefix);
+    return this.storage.setItem(key, token);
+  };
+  clearAuthStorage = () => {
+    const key = getAccessTokenKey(this.prefix);
+    return this.storage.removeItem(key);
+  };
+};
+
+export {
+  getAccessTokenKey,
+  SaleorAccessTokenStorageHandler
+};

package/dist/chunk-K5MTKW5C.mjs

@@ -0,0 +1,16 @@
+// src/graphql.ts
+var TypedDocumentString = class extends String {
+  constructor(value, __meta__) {
+    super(value);
+    this.value = value;
+    this.__meta__ = __meta__;
+  }
+  __apiType;
+  toString() {
+    return this.value;
+  }
+};
+
+export {
+  TypedDocumentString
+};

package/dist/chunk-KLIEZ4V4.mjs

@@ -0,0 +1,10 @@
+// src/types.ts
+var ExternalProvider = /* @__PURE__ */ ((ExternalProvider2) => {
+  ExternalProvider2["OpenIDConnect"] = "mirumee.authentication.openidconnect";
+  ExternalProvider2["SaleorCloud"] = "cloud_auth.CloudAuthorizationPlugin";
+  return ExternalProvider2;
+})(ExternalProvider || {});
+
+export {
+  ExternalProvider
+};

package/dist/chunk-NAQNA6DI.mjs

@@ -0,0 +1,20 @@
+// src/react/context.ts
+import { createContext, useContext } from "react";
+var createSafeContext = () => {
+  const context = createContext(void 0);
+  function useSafeContext() {
+    const value = useContext(context);
+    if (value === void 0) {
+      throw new Error("useContext must be inside a Provider with a value");
+    }
+    return value;
+  }
+  return [useSafeContext, context.Provider];
+};
+var [useSaleorAuthContext, Provider] = createSafeContext();
+
+export {
+  createSafeContext,
+  useSaleorAuthContext,
+  Provider
+};

package/dist/chunk-Q3UFWDCC.mjs

@@ -0,0 +1,38 @@
+import {
+  SaleorExternalAuth
+} from "./chunk-T35JF4IS.mjs";
+
+// src/react/useSaleorExternalAuth.ts
+import { useState, useEffect } from "react";
+var useSaleorExternalAuth = ({
+  saleorURL,
+  provider,
+  redirectURL
+}) => {
+  const [state, setState] = useState({
+    authURL: void 0,
+    error: void 0,
+    loading: true
+  });
+  useEffect(() => {
+    const triggerExternalAuth = async () => {
+      try {
+        const auth = new SaleorExternalAuth(saleorURL, provider);
+        const result = await auth.initiate({ redirectURL });
+        setState({ authURL: result, loading: false });
+      } catch (error) {
+        if (error instanceof Error) {
+          setState({ loading: false, error: error.message });
+        } else {
+          setState({ loading: false, error: "Unknown error" });
+        }
+      }
+    };
+    void triggerExternalAuth();
+  }, [saleorURL]);
+  return state;
+};
+
+export {
+  useSaleorExternalAuth
+};

package/dist/chunk-T35JF4IS.mjs

@@ -0,0 +1,59 @@
+import {
+  getRequestData
+} from "./chunk-UDLCOX6B.mjs";
+import {
+  ExternalAuthenticationURL,
+  ExternalObtainAccessTokens
+} from "./chunk-7JTFMRQS.mjs";
+
+// src/SaleorExternalAuth.ts
+var GraphQLError = class extends Error {
+  constructor(errorResponse) {
+    const message = errorResponse.errors.map((error) => error.message).join("\n");
+    super(message);
+    this.errorResponse = errorResponse;
+    this.name = this.constructor.name;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var SaleorExternalAuth = class {
+  constructor(saleorURL, provider) {
+    this.saleorURL = saleorURL;
+    this.provider = provider;
+  }
+  async makePOSTRequest(query, variables) {
+    const response = await fetch(this.saleorURL, getRequestData(query, variables));
+    const result = await response.json();
+    if ("errors" in result) {
+      console.error(result.errors);
+      throw new GraphQLError(result);
+    }
+    return result.data;
+  }
+  async initiate({ redirectURL }) {
+    const {
+      externalAuthenticationUrl: { authenticationData: data, errors }
+    } = await this.makePOSTRequest(ExternalAuthenticationURL, {
+      pluginId: this.provider,
+      input: JSON.stringify({ redirectUri: redirectURL })
+    });
+    if (errors.length > 0) {
+      console.error({ errors });
+      throw new GraphQLError({ errors });
+    }
+    const { authorizationUrl } = JSON.parse(data);
+    return authorizationUrl;
+  }
+  async obtainAccessToken({ code, state }) {
+    const { externalObtainAccessTokens: data } = await this.makePOSTRequest(ExternalObtainAccessTokens, {
+      pluginId: this.provider,
+      input: JSON.stringify({ code, state })
+    });
+    return data;
+  }
+};
+
+export {
+  GraphQLError,
+  SaleorExternalAuth
+};

package/dist/chunk-UDLCOX6B.mjs

@@ -0,0 +1,49 @@
+// src/utils.ts
+var MILLI_MULTIPLYER = 1e3;
+var decodeToken = (token) => {
+  const tokenParts = token.split(".");
+  const decodedTokenData = Buffer.from(tokenParts[1] || "", "base64").toString();
+  const parsedTokenData = JSON.parse(decodedTokenData);
+  return parsedTokenData;
+};
+var getTokenExpiry = (token) => {
+  const parsedTokenData = decodeToken(token);
+  return parsedTokenData.exp * MILLI_MULTIPLYER || 0;
+};
+var getTokenIss = (token) => {
+  const parsedTokenData = decodeToken(token);
+  return parsedTokenData.iss;
+};
+var isExpiredToken = (token, tokenGracePeriod) => {
+  return getTokenExpiry(token) - tokenGracePeriod <= Date.now();
+};
+var getRequestData = (query, variables, requestInit) => ({
+  ...requestInit,
+  method: "POST",
+  headers: {
+    ...Object.fromEntries(new Headers(requestInit?.headers).entries()),
+    "Content-Type": "application/json"
+  },
+  body: JSON.stringify({
+    query,
+    variables
+  })
+});
+var InvariantError = class extends Error {
+  constructor(message) {
+    super(message);
+  }
+};
+function invariant(condition, message) {
+  if (!condition) {
+    throw new InvariantError(`Invariant Violation: ${message || ""}`);
+  }
+}
+
+export {
+  getTokenIss,
+  isExpiredToken,
+  getRequestData,
+  InvariantError,
+  invariant
+};

package/dist/chunk-WJVMUY3P.mjs

@@ -0,0 +1,33 @@
+import {
+  getStorageAuthEventKey
+} from "./chunk-263DHBMK.mjs";
+
+// src/react/useAuthChange.ts
+import { useEffect } from "react";
+var useAuthChange = ({ saleorApiUrl, onSignedOut, onSignedIn }) => {
+  const handleAuthChange = (event) => {
+    const isCustomAuthEvent = event?.type === getStorageAuthEventKey(saleorApiUrl);
+    if (!isCustomAuthEvent) {
+      return;
+    }
+    const { authState } = event.detail;
+    if (authState === "signedIn") {
+      onSignedIn?.();
+    } else if (authState === "signedOut") {
+      onSignedOut?.();
+    }
+  };
+  useEffect(() => {
+    if (typeof window === "undefined") {
+      return;
+    }
+    window.addEventListener(getStorageAuthEventKey(saleorApiUrl), handleAuthChange);
+    return () => {
+      window.removeEventListener(getStorageAuthEventKey(saleorApiUrl), handleAuthChange);
+    };
+  }, []);
+};
+
+export {
+  useAuthChange
+};

package/dist/graphql.d.mts

@@ -0,0 +1,11 @@
+import { DocumentTypeDecoration } from '@graphql-typed-document-node/core';
+
+declare class TypedDocumentString<TResult, TVariables> extends String implements DocumentTypeDecoration<TResult, TVariables> {
+    private value;
+    __meta__?: Record<string, any> | undefined;
+    __apiType?: DocumentTypeDecoration<TResult, TVariables>["__apiType"];
+    constructor(value: string, __meta__?: Record<string, any> | undefined);
+    toString(): string & DocumentTypeDecoration<TResult, TVariables>;
+}
+
+export { TypedDocumentString };

package/dist/graphql.d.ts

@@ -0,0 +1,11 @@
+import { DocumentTypeDecoration } from '@graphql-typed-document-node/core';
+
+declare class TypedDocumentString<TResult, TVariables> extends String implements DocumentTypeDecoration<TResult, TVariables> {
+    private value;
+    __meta__?: Record<string, any> | undefined;
+    __apiType?: DocumentTypeDecoration<TResult, TVariables>["__apiType"];
+    constructor(value: string, __meta__?: Record<string, any> | undefined);
+    toString(): string & DocumentTypeDecoration<TResult, TVariables>;
+}
+
+export { TypedDocumentString };

package/dist/graphql.js

@@ -0,0 +1,40 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/graphql.ts
+var graphql_exports = {};
+__export(graphql_exports, {
+  TypedDocumentString: () => TypedDocumentString
+});
+module.exports = __toCommonJS(graphql_exports);
+var TypedDocumentString = class extends String {
+  constructor(value, __meta__) {
+    super(value);
+    this.value = value;
+    this.__meta__ = __meta__;
+  }
+  __apiType;
+  toString() {
+    return this.value;
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TypedDocumentString
+});

package/dist/graphql.mjs

@@ -0,0 +1,6 @@
+import {
+  TypedDocumentString
+} from "./chunk-K5MTKW5C.mjs";
+export {
+  TypedDocumentString
+};

package/dist/index.d.mts

@@ -0,0 +1,5 @@
+export { SaleorAuthClient, SaleorAuthClientProps, createSaleorAuthClient } from './SaleorAuthClient.mjs';
+export { GraphQLError, SaleorExternalAuth } from './SaleorExternalAuth.mjs';
+export { ExternalAuthenticationURLResponse, ExternalAuthenticationURLVariables, ExternalObtainAccessToken, ExternalObtainAccessTokenResponse, ExternalObtainAccessTokenVariables, ExternalProvider, Fetch, FetchRequestInfo, FetchRequestInit, FetchWithAdditionalParams, PasswordResetResponse, PasswordResetVariables, StorageRepository, TokenCreateResponse, TokenCreateVariables, TokenRefreshResponse, TokenRefreshVariables } from './types.mjs';
+import './graphql.mjs';
+import '@graphql-typed-document-node/core';

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export { SaleorAuthClient, SaleorAuthClientProps, createSaleorAuthClient } from './SaleorAuthClient.js';
+export { GraphQLError, SaleorExternalAuth } from './SaleorExternalAuth.js';
+export { ExternalAuthenticationURLResponse, ExternalAuthenticationURLVariables, ExternalObtainAccessToken, ExternalObtainAccessTokenResponse, ExternalObtainAccessTokenVariables, ExternalProvider, Fetch, FetchRequestInfo, FetchRequestInit, FetchWithAdditionalParams, PasswordResetResponse, PasswordResetVariables, StorageRepository, TokenCreateResponse, TokenCreateVariables, TokenRefreshResponse, TokenRefreshVariables } from './types.js';
+import './graphql.js';
+import '@graphql-typed-document-node/core';