@shopsbuilder/auth-sdk 1.1.0

package/dist/index.js

@@ -0,0 +1,524 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  ExternalProvider: () => ExternalProvider,
+  GraphQLError: () => GraphQLError,
+  SaleorAuthClient: () => SaleorAuthClient,
+  SaleorExternalAuth: () => SaleorExternalAuth,
+  createSaleorAuthClient: () => createSaleorAuthClient
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/SaleorRefreshTokenStorageHandler.ts
+var getStorageAuthEventKey = (prefix) => [prefix, "saleor_storage_auth_change"].filter(Boolean).join("+");
+var getStorageAuthStateKey = (prefix) => [prefix, "saleor_auth_module_auth_state"].filter(Boolean).join("+");
+var getRefreshTokenKey = (prefix) => [prefix, "saleor_auth_module_refresh_token"].filter(Boolean).join("+");
+var SaleorRefreshTokenStorageHandler = class {
+  constructor(storage, prefix) {
+    this.storage = storage;
+    this.prefix = prefix;
+    if (typeof window !== "undefined") {
+      window.addEventListener("storage", this.handleStorageChange);
+    }
+  }
+  handleStorageChange = (event) => {
+    const { oldValue, newValue, type, key } = event;
+    if (oldValue === newValue || type !== "storage" || key !== getStorageAuthStateKey(this.prefix)) {
+      return;
+    }
+    this.sendAuthStateEvent(newValue);
+  };
+  cleanup = () => {
+    if (typeof window !== "undefined") {
+      window.removeEventListener("storage", this.handleStorageChange);
+    }
+  };
+  /* auth state */
+  sendAuthStateEvent = (authState) => {
+    if (typeof window !== "undefined") {
+      const event = new CustomEvent(getStorageAuthEventKey(this.prefix), {
+        detail: { authState }
+      });
+      window.dispatchEvent(event);
+    }
+  };
+  getAuthState = () => this.storage.getItem(getStorageAuthStateKey(this.prefix)) || "signedOut";
+  setAuthState = (authState) => {
+    this.storage.setItem(getStorageAuthStateKey(this.prefix), authState);
+    this.sendAuthStateEvent(authState);
+  };
+  /* refresh token */
+  getRefreshToken = () => this.storage.getItem(getRefreshTokenKey(this.prefix)) || null;
+  setRefreshToken = (token) => {
+    this.storage.setItem(getRefreshTokenKey(this.prefix), token);
+  };
+  /* performed on logout */
+  clearAuthStorage = () => {
+    this.setAuthState("signedOut");
+    this.storage.removeItem(getRefreshTokenKey(this.prefix));
+  };
+};
+
+// src/graphql.ts
+var TypedDocumentString = class extends String {
+  constructor(value, __meta__) {
+    super(value);
+    this.value = value;
+    this.__meta__ = __meta__;
+  }
+  __apiType;
+  toString() {
+    return this.value;
+  }
+};
+
+// src/utils.ts
+var MILLI_MULTIPLYER = 1e3;
+var decodeToken = (token) => {
+  const tokenParts = token.split(".");
+  const decodedTokenData = Buffer.from(tokenParts[1] || "", "base64").toString();
+  const parsedTokenData = JSON.parse(decodedTokenData);
+  return parsedTokenData;
+};
+var getTokenExpiry = (token) => {
+  const parsedTokenData = decodeToken(token);
+  return parsedTokenData.exp * MILLI_MULTIPLYER || 0;
+};
+var getTokenIss = (token) => {
+  const parsedTokenData = decodeToken(token);
+  return parsedTokenData.iss;
+};
+var isExpiredToken = (token, tokenGracePeriod) => {
+  return getTokenExpiry(token) - tokenGracePeriod <= Date.now();
+};
+var getRequestData = (query, variables, requestInit) => ({
+  ...requestInit,
+  method: "POST",
+  headers: {
+    ...Object.fromEntries(new Headers(requestInit?.headers).entries()),
+    "Content-Type": "application/json"
+  },
+  body: JSON.stringify({
+    query,
+    variables
+  })
+});
+var InvariantError = class extends Error {
+  constructor(message) {
+    super(message);
+  }
+};
+function invariant(condition, message) {
+  if (!condition) {
+    throw new InvariantError(`Invariant Violation: ${message || ""}`);
+  }
+}
+
+// src/mutations.ts
+var accountErrorFragment = (
+  /* graphql */
+  `
+  fragment AccountErrorFragment on AccountError {
+    code
+    field
+    message
+  }
+`
+);
+var TOKEN_REFRESH = new TypedDocumentString(
+  /* graphql */
+  `
+  ${accountErrorFragment}
+  mutation refreshToken($refreshToken: String!) {
+    tokenRefresh(refreshToken: $refreshToken) {
+      token
+      errors {
+        ...AccountErrorFragment
+      }
+    }
+  }
+`
+);
+var TOKEN_CREATE = new TypedDocumentString(
+  /* graphql */
+  `
+  mutation tokenCreate($email: String!, $password: String!) {
+    tokenCreate(email: $email, password: $password) {
+      token
+      refreshToken
+      errors {
+        message
+        field
+        code
+      }
+    }
+  }
+`
+);
+var PASSWORD_RESET = new TypedDocumentString(
+  /* graphql */
+  `
+  mutation passwordReset($email: String!, $password: String!, $token: String!) {
+    setPassword(email: $email, password: $password, token: $token) {
+      token
+      refreshToken
+      errors {
+        message
+        field
+        code
+      }
+    }
+  }
+`
+);
+var ExternalAuthenticationURL = new TypedDocumentString(
+  /* graphql */
+  `
+  mutation externalAuthenticationUrl($pluginId: String!, $input: JSONString!) {
+    externalAuthenticationUrl(pluginId: $pluginId, input: $input) {
+      authenticationData
+      errors {
+        code
+        field
+        message
+      }
+    }
+  }
+`
+);
+var ExternalObtainAccessTokens = new TypedDocumentString(
+  /* graphql */
+  `
+  mutation AuthObtainAccessToken($pluginId: String!, $input: JSONString!) {
+    externalObtainAccessTokens(pluginId: $pluginId, input: $input) {
+      token
+      refreshToken
+      user {
+        id
+        email
+      }
+      errors {
+        field
+        code
+        message
+      }
+    }
+  }
+`
+);
+
+// src/SaleorAuthClient.ts
+var import_cookie = __toESM(require("cookie"));
+
+// src/SaleorAccessTokenStorageHandler.ts
+var getAccessTokenKey = (prefix) => [prefix, "saleor_auth_access_token"].filter(Boolean).join("+");
+var SaleorAccessTokenStorageHandler = class {
+  constructor(storage, prefix) {
+    this.storage = storage;
+    this.prefix = prefix;
+  }
+  getAccessToken = () => {
+    const key = getAccessTokenKey(this.prefix);
+    return this.storage.getItem(key);
+  };
+  setAccessToken = (token) => {
+    const key = getAccessTokenKey(this.prefix);
+    return this.storage.setItem(key, token);
+  };
+  clearAuthStorage = () => {
+    const key = getAccessTokenKey(this.prefix);
+    return this.storage.removeItem(key);
+  };
+};
+
+// src/SaleorAuthClient.ts
+var SaleorAuthClient = class {
+  // we'll assume a generous time of 2 seconds for api to
+  // process our request
+  tokenGracePeriod = 2e3;
+  tokenRefreshPromise = null;
+  onAuthRefresh;
+  saleorApiUrl;
+  /**
+   * Persistent storage (for refresh token)
+   */
+  refreshTokenStorage;
+  /**
+   * Non-persistent storage for access token
+   */
+  accessTokenStorage;
+  defaultRequestInit;
+  /**
+   * Use ths method to clear event listeners from storageHandler
+   *  @example
+   *  ```jsx
+   *  useEffect(() => {
+   *    return () => {
+   *      SaleorAuthClient.cleanup();
+   *    }
+   *  }, [])
+   *  ```
+   */
+  constructor({
+    saleorApiUrl,
+    refreshTokenStorage,
+    accessTokenStorage,
+    onAuthRefresh,
+    tokenGracePeriod,
+    defaultRequestInit
+  }) {
+    this.defaultRequestInit = defaultRequestInit;
+    if (tokenGracePeriod) {
+      this.tokenGracePeriod = tokenGracePeriod;
+    }
+    this.onAuthRefresh = onAuthRefresh;
+    this.saleorApiUrl = saleorApiUrl;
+    const refreshTokenRepo = refreshTokenStorage ?? (typeof window !== "undefined" ? window.localStorage : void 0);
+    this.refreshTokenStorage = refreshTokenRepo ? new SaleorRefreshTokenStorageHandler(refreshTokenRepo, saleorApiUrl) : null;
+    const accessTokenRepo = accessTokenStorage ?? getInMemoryAccessTokenStorage();
+    this.accessTokenStorage = new SaleorAccessTokenStorageHandler(accessTokenRepo, saleorApiUrl);
+  }
+  cleanup = () => {
+    this.refreshTokenStorage?.cleanup();
+  };
+  runAuthorizedRequest = (input, init, additionalParams) => {
+    const token = this.accessTokenStorage.getAccessToken();
+    if (!token) {
+      return fetch(input, init);
+    }
+    const headers = new Headers(init?.headers);
+    const getURL = (input2) => {
+      if (typeof input2 === "string") {
+        return input2;
+      } else if ("url" in input2) {
+        return input2.url;
+      } else {
+        return input2.href;
+      }
+    };
+    const iss = getTokenIss(token);
+    const issuerAndDomainMatch = getURL(input) === iss;
+    const shouldAddAuthorizationHeader = issuerAndDomainMatch || additionalParams?.allowPassingTokenToThirdPartyDomains;
+    if (!issuerAndDomainMatch) {
+      if (shouldAddAuthorizationHeader) {
+        console.warn(
+          "Token's `iss` and request URL do not match but `allowPassingTokenToThirdPartyDomains` was specified."
+        );
+      } else {
+        console.warn(
+          "Token's `iss` and request URL do not match. Not adding `Authorization` header to the request."
+        );
+      }
+    }
+    if (shouldAddAuthorizationHeader) {
+      headers.set("Authorization", `Bearer ${token}`);
+    }
+    return fetch(input, { ...init, headers });
+  };
+  handleRequestWithTokenRefresh = async (input, requestInit, additionalParams) => {
+    const refreshToken = this.refreshTokenStorage?.getRefreshToken();
+    invariant(refreshToken, "Missing refresh token in token refresh handler");
+    const accessToken = this.accessTokenStorage.getAccessToken();
+    if (accessToken && !isExpiredToken(accessToken, this.tokenGracePeriod)) {
+      return this.fetchWithAuth(input, requestInit, additionalParams);
+    }
+    this.onAuthRefresh?.(true);
+    if (this.tokenRefreshPromise) {
+      const response = await this.tokenRefreshPromise;
+      const res = await response.clone().json();
+      const {
+        errors: graphqlErrors,
+        data: {
+          tokenRefresh: { errors, token }
+        }
+      } = res;
+      this.onAuthRefresh?.(false);
+      if (errors?.length || graphqlErrors?.length || !token) {
+        this.tokenRefreshPromise = null;
+        this.refreshTokenStorage?.clearAuthStorage();
+        return fetch(input, requestInit);
+      }
+      this.refreshTokenStorage?.setAuthState("signedIn");
+      this.accessTokenStorage.setAccessToken(token);
+      this.tokenRefreshPromise = null;
+      return this.runAuthorizedRequest(input, requestInit, additionalParams);
+    }
+    this.tokenRefreshPromise = fetch(
+      this.saleorApiUrl,
+      getRequestData(TOKEN_REFRESH, { refreshToken }, { ...this.defaultRequestInit, ...requestInit })
+    );
+    return this.fetchWithAuth(input, requestInit, additionalParams);
+  };
+  handleSignIn = async (response) => {
+    const readResponse = await response.json();
+    const responseData = "tokenCreate" in readResponse.data ? readResponse.data.tokenCreate : readResponse.data.setPassword;
+    if (!responseData) {
+      return readResponse;
+    }
+    const { errors, token, refreshToken } = responseData;
+    if (!token || errors.length) {
+      this.refreshTokenStorage?.setAuthState("signedOut");
+      return readResponse;
+    }
+    if (token) {
+      this.accessTokenStorage.setAccessToken(token);
+    }
+    if (refreshToken) {
+      this.refreshTokenStorage?.setRefreshToken(refreshToken);
+    }
+    this.refreshTokenStorage?.setAuthState("signedIn");
+    return readResponse;
+  };
+  /**
+   * @param additionalParams
+   * @param additionalParams.allowPassingTokenToThirdPartyDomains if set to true, the `Authorization` header will be added to the request even if the token's `iss` and request URL do not match
+   */
+  fetchWithAuth = async (input, init, additionalParams) => {
+    const refreshToken = this.refreshTokenStorage?.getRefreshToken();
+    if (!this.accessTokenStorage.getAccessToken() && typeof document !== "undefined") {
+      const tokenFromCookie = import_cookie.default.parse(document.cookie).token ?? null;
+      if (tokenFromCookie) {
+        this.accessTokenStorage.setAccessToken(tokenFromCookie);
+      }
+      document.cookie = import_cookie.default.serialize("token", "", { expires: /* @__PURE__ */ new Date(0), path: "/" });
+    }
+    const accessToken = this.accessTokenStorage.getAccessToken();
+    if (accessToken && !isExpiredToken(accessToken, this.tokenGracePeriod)) {
+      return this.runAuthorizedRequest(input, init, additionalParams);
+    }
+    if (refreshToken) {
+      return this.handleRequestWithTokenRefresh(input, init, additionalParams);
+    }
+    return fetch(input, init);
+  };
+  resetPassword = async (variables, requestInit) => {
+    const response = await fetch(
+      this.saleorApiUrl,
+      getRequestData(PASSWORD_RESET, variables, { ...this.defaultRequestInit, ...requestInit })
+    );
+    return this.handleSignIn(response);
+  };
+  signIn = async (variables, requestInit) => {
+    const response = await fetch(
+      this.saleorApiUrl,
+      getRequestData(TOKEN_CREATE, variables, { ...this.defaultRequestInit, ...requestInit })
+    );
+    return this.handleSignIn(response);
+  };
+  signOut = () => {
+    this.accessTokenStorage.clearAuthStorage();
+    this.refreshTokenStorage?.clearAuthStorage();
+    if (typeof document !== "undefined") {
+      document.cookie = import_cookie.default.serialize("token", "", {
+        expires: /* @__PURE__ */ new Date(0),
+        path: "/"
+      });
+    }
+  };
+};
+var createSaleorAuthClient = (props) => new SaleorAuthClient(props);
+function getInMemoryAccessTokenStorage() {
+  let accessToken = null;
+  return {
+    getItem() {
+      return accessToken;
+    },
+    removeItem() {
+      return accessToken = null;
+    },
+    setItem(_key, value) {
+      return accessToken = value;
+    }
+  };
+}
+
+// src/types.ts
+var ExternalProvider = /* @__PURE__ */ ((ExternalProvider2) => {
+  ExternalProvider2["OpenIDConnect"] = "mirumee.authentication.openidconnect";
+  ExternalProvider2["SaleorCloud"] = "cloud_auth.CloudAuthorizationPlugin";
+  return ExternalProvider2;
+})(ExternalProvider || {});
+
+// src/SaleorExternalAuth.ts
+var GraphQLError = class extends Error {
+  constructor(errorResponse) {
+    const message = errorResponse.errors.map((error) => error.message).join("\n");
+    super(message);
+    this.errorResponse = errorResponse;
+    this.name = this.constructor.name;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var SaleorExternalAuth = class {
+  constructor(saleorURL, provider) {
+    this.saleorURL = saleorURL;
+    this.provider = provider;
+  }
+  async makePOSTRequest(query, variables) {
+    const response = await fetch(this.saleorURL, getRequestData(query, variables));
+    const result = await response.json();
+    if ("errors" in result) {
+      console.error(result.errors);
+      throw new GraphQLError(result);
+    }
+    return result.data;
+  }
+  async initiate({ redirectURL }) {
+    const {
+      externalAuthenticationUrl: { authenticationData: data, errors }
+    } = await this.makePOSTRequest(ExternalAuthenticationURL, {
+      pluginId: this.provider,
+      input: JSON.stringify({ redirectUri: redirectURL })
+    });
+    if (errors.length > 0) {
+      console.error({ errors });
+      throw new GraphQLError({ errors });
+    }
+    const { authorizationUrl } = JSON.parse(data);
+    return authorizationUrl;
+  }
+  async obtainAccessToken({ code, state }) {
+    const { externalObtainAccessTokens: data } = await this.makePOSTRequest(ExternalObtainAccessTokens, {
+      pluginId: this.provider,
+      input: JSON.stringify({ code, state })
+    });
+    return data;
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ExternalProvider,
+  GraphQLError,
+  SaleorAuthClient,
+  SaleorExternalAuth,
+  createSaleorAuthClient
+});

package/dist/index.mjs

@@ -0,0 +1,23 @@
+import {
+  SaleorAuthClient,
+  createSaleorAuthClient
+} from "./chunk-BRRF6LN3.mjs";
+import "./chunk-BZFBMGPG.mjs";
+import "./chunk-263DHBMK.mjs";
+import {
+  GraphQLError,
+  SaleorExternalAuth
+} from "./chunk-T35JF4IS.mjs";
+import {
+  ExternalProvider
+} from "./chunk-KLIEZ4V4.mjs";
+import "./chunk-UDLCOX6B.mjs";
+import "./chunk-7JTFMRQS.mjs";
+import "./chunk-K5MTKW5C.mjs";
+export {
+  ExternalProvider,
+  GraphQLError,
+  SaleorAuthClient,
+  SaleorExternalAuth,
+  createSaleorAuthClient
+};

package/dist/mutations.d.mts

@@ -0,0 +1,12 @@
+import { TypedDocumentString } from './graphql.mjs';
+import { TokenRefreshResponse, TokenRefreshVariables, TokenCreateResponse, TokenCreateVariables, PasswordResetResponse, PasswordResetVariables, ExternalAuthenticationURLResponse, ExternalAuthenticationURLVariables, ExternalObtainAccessTokenResponse, ExternalObtainAccessTokenVariables } from './types.mjs';
+import '@graphql-typed-document-node/core';
+
+declare const accountErrorFragment = "\n  fragment AccountErrorFragment on AccountError {\n    code\n    field\n    message\n  }\n";
+declare const TOKEN_REFRESH: TypedDocumentString<TokenRefreshResponse, TokenRefreshVariables>;
+declare const TOKEN_CREATE: TypedDocumentString<TokenCreateResponse, TokenCreateVariables>;
+declare const PASSWORD_RESET: TypedDocumentString<PasswordResetResponse, PasswordResetVariables>;
+declare const ExternalAuthenticationURL: TypedDocumentString<ExternalAuthenticationURLResponse, ExternalAuthenticationURLVariables>;
+declare const ExternalObtainAccessTokens: TypedDocumentString<ExternalObtainAccessTokenResponse, ExternalObtainAccessTokenVariables>;
+
+export { ExternalAuthenticationURL, ExternalObtainAccessTokens, PASSWORD_RESET, TOKEN_CREATE, TOKEN_REFRESH, accountErrorFragment };

package/dist/mutations.d.ts

@@ -0,0 +1,12 @@
+import { TypedDocumentString } from './graphql.js';
+import { TokenRefreshResponse, TokenRefreshVariables, TokenCreateResponse, TokenCreateVariables, PasswordResetResponse, PasswordResetVariables, ExternalAuthenticationURLResponse, ExternalAuthenticationURLVariables, ExternalObtainAccessTokenResponse, ExternalObtainAccessTokenVariables } from './types.js';
+import '@graphql-typed-document-node/core';
+
+declare const accountErrorFragment = "\n  fragment AccountErrorFragment on AccountError {\n    code\n    field\n    message\n  }\n";
+declare const TOKEN_REFRESH: TypedDocumentString<TokenRefreshResponse, TokenRefreshVariables>;
+declare const TOKEN_CREATE: TypedDocumentString<TokenCreateResponse, TokenCreateVariables>;
+declare const PASSWORD_RESET: TypedDocumentString<PasswordResetResponse, PasswordResetVariables>;
+declare const ExternalAuthenticationURL: TypedDocumentString<ExternalAuthenticationURLResponse, ExternalAuthenticationURLVariables>;
+declare const ExternalObtainAccessTokens: TypedDocumentString<ExternalObtainAccessTokenResponse, ExternalObtainAccessTokenVariables>;
+
+export { ExternalAuthenticationURL, ExternalObtainAccessTokens, PASSWORD_RESET, TOKEN_CREATE, TOKEN_REFRESH, accountErrorFragment };