npm - @spfn/auth - Versions diffs - 0.2.0-beta.62 → 0.2.0-beta.64 - Mend

@spfn/auth 0.2.0-beta.62 → 0.2.0-beta.64

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/{authenticate-DcOkuB7d.d.ts → authenticate-mfVRzeIK.d.ts} +121 -2
package/dist/index.d.ts +33 -3
package/dist/index.js +3 -0
package/dist/index.js.map +1 -1
package/dist/server.d.ts +177 -259
package/dist/server.js +90 -3
package/dist/server.js.map +1 -1
package/package.json +1 -1

package/dist/{authenticate-DcOkuB7d.d.ts → authenticate-mfVRzeIK.d.ts} RENAMED Viewed

@@ -364,6 +364,88 @@ declare function issueOneTimeTokenService(userId: string): Promise<IssueOneTimeT
  */
 declare function verifyOneTimeTokenService(token: string): Promise<string | null>;
+/**
+ * OAuth Provider 추상화
+ *
+ * Provider별로 하드코딩된 분기를 제거하기 위한 공통 인터페이스와 registry.
+ * - 내장 provider(google)는 패키지 로드 시점에 자기 등록(dogfood)
+ * - 외부 패키지(@superself/auth 등)는 registerOAuthProvider()로 런타임 등록
+ *
+ * @spfn/auth는 토큰 issuer가 아니라 소비(client) 측이므로,
+ * 이 추상화는 "authorize URL 생성 → code 교환 → 사용자 정보 정규화"까지만 다룬다.
+ */
+/**
+ * Provider 사용자 정보를 공통 형태로 정규화한 신원
+ *
+ * provider별 응답 형태(snake_case 등)를 service에 노출하지 않기 위한 경계.
+ */
+interface NormalizedIdentity {
+    providerUserId: string;
+    email: string | null;
+    emailVerified: boolean;
+    name?: string;
+    avatar?: string;
+}
+/**
+ * 정규화된 OAuth 토큰 응답
+ *
+ * @property expiresIn - access token 만료까지 남은 초(seconds)
+ */
+interface OAuthTokens {
+    accessToken: string;
+    refreshToken?: string;
+    expiresIn: number;
+}
+/**
+ * OAuth provider 구현 인터페이스
+ *
+ * google, superself 등 모든 provider가 이 형태를 만족해야 registry에 등록된다.
+ */
+interface OAuthProvider {
+    id: SocialProvider;
+    /**
+     * provider가 사용 가능한 상태인지(필수 env 등) 확인
+     */
+    isEnabled(): boolean;
+    /**
+     * provider 로그인 페이지로 보낼 authorization URL 생성
+     *
+     * @param state - CSRF 방지용 암호화 state
+     * @param scopes - 요청할 scope (미지정 시 provider 기본값)
+     */
+    getAuthUrl(state: string, scopes?: string[]): string;
+    /**
+     * authorization code를 토큰으로 교환
+     */
+    exchangeCodeForTokens(code: string): Promise<OAuthTokens>;
+    /**
+     * access token으로 사용자 정보를 조회하고 공통 형태로 정규화
+     */
+    getUserInfo(accessToken: string): Promise<NormalizedIdentity>;
+    /**
+     * refresh token으로 access token 갱신 (provider가 지원하는 경우)
+     *
+     * 저장된 provider 토큰을 이후 API 호출에 재사용할 때 사용한다.
+     * 미구현 provider는 갱신 불가로 간주한다.
+     */
+    refreshTokens?(refreshToken: string): Promise<OAuthTokens>;
+}
+/**
+ * OAuth provider 등록 (public)
+ *
+ * 동일 id로 다시 등록하면 덮어쓴다(외부 패키지의 override 허용).
+ */
+declare function registerOAuthProvider(provider: OAuthProvider): void;
+/**
+ * 등록된 provider 조회. 미등록이면 undefined.
+ */
+declare function getOAuthProvider(id: SocialProvider): OAuthProvider | undefined;
+/**
+ * 등록된 모든 provider 목록
+ */
+declare function getRegisteredProviders(): OAuthProvider[];
 /**
  * @spfn/auth - OAuth Service
  *
@@ -396,6 +478,13 @@ interface OAuthCallbackResult {
     keyId: string;
     isNewUser: boolean;
 }
+/**
+ * registry에서 provider를 찾아 사용 가능한지 검증 후 반환
+ *
+ * 미등록과 비활성을 구분해 디버깅 신호를 남긴다.
+ * 라우트 레이어에서도 재사용한다(중복 조회/non-null 단언 제거).
+ */
+declare function requireEnabledProvider(provider: SocialProvider): OAuthProvider;
 /**
  * OAuth 로그인 시작 - Provider 로그인 페이지로 리다이렉트할 URL 생성
  *
@@ -531,7 +620,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
         userId: number;
         publicId: string;
@@ -588,6 +677,36 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
         keyId: string;
         returnUrl: string;
     }>;
+    oauthProviderStart: _spfn_core_route.RouteDef<{
+        params: _sinclair_typebox.TObject<{
+            provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver" | "superself">[]>;
+        }>;
+        query: _sinclair_typebox.TObject<{
+            state: _sinclair_typebox.TString;
+        }>;
+    }, {}, Response>;
+    oauthProviderCallback: _spfn_core_route.RouteDef<{
+        params: _sinclair_typebox.TObject<{
+            provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver" | "superself">[]>;
+        }>;
+        query: _sinclair_typebox.TObject<{
+            code: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+            state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+            error: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+            error_description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+        }>;
+    }, {}, Response>;
+    getProviderOAuthUrl: _spfn_core_route.RouteDef<{
+        params: _sinclair_typebox.TObject<{
+            provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver" | "superself">[]>;
+        }>;
+        body: _sinclair_typebox.TObject<{
+            returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+            state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+        }>;
+    }, {}, {
+        authUrl: string;
+    }>;
     getInvitation: _spfn_core_route.RouteDef<{
         params: _sinclair_typebox.TObject<{
             token: _sinclair_typebox.TString;
@@ -896,4 +1015,4 @@ declare const authenticate: _spfn_core_route.NamedMiddleware<"auth">;
  */
 declare const optionalAuth: _spfn_core_route.NamedMiddleware<"optionalAuth">;
-export { authenticate as $, type AuthSession as A, registerPublicKeyService as B, type CheckAccountExistsResult as C, rotateKeyService as D, revokeKeyService as E, type RegisterPublicKeyParams as F, type RotateKeyParams as G, type RevokeKeyParams as H, type IssueOneTimeTokenResult as I, issueOneTimeTokenService as J, verifyOneTimeTokenService as K, type LoginResult as L, oauthStartService as M, oauthCallbackService as N, type OAuthStartResult as O, type PermissionConfig as P, buildOAuthErrorUrl as Q, type RoleConfig as R, type SendVerificationCodeResult as S, isOAuthProviderEnabled as T, type UserProfile as U, type VerificationTargetType as V, getEnabledOAuthProviders as W, getGoogleAccessToken as X, type OAuthStartParams as Y, type OAuthCallbackParams as Z, type OAuthCallbackResult as _, type RegisterResult as a, optionalAuth as a0, EmailSchema as a1, PhoneSchema as a2, PasswordSchema as a3, TargetTypeSchema as a4, VerificationPurposeSchema as a5, type RotateKeyResult as b, type ProfileInfo as c, type VerificationPurpose as d, VERIFICATION_TARGET_TYPES as e, VERIFICATION_PURPOSES as f, PERMISSION_CATEGORIES as g, type PermissionCategory as h, type AuthInitOptions as i, type AuthContext as j, checkAccountExistsService as k, loginService as l, mainAuthRouter as m, logoutService as n, changePasswordService as o, type CheckAccountExistsParams as p, type RegisterParams as q, registerService as r, type LoginParams as s, type LogoutParams as t, type ChangePasswordParams as u, sendVerificationCodeService as v, verifyCodeService as w, type SendVerificationCodeParams as x, type VerifyCodeParams as y, type VerifyCodeResult as z };
+export { type OAuthCallbackParams as $, type AuthSession as A, type VerifyCodeResult as B, type CheckAccountExistsResult as C, registerPublicKeyService as D, rotateKeyService as E, revokeKeyService as F, type RegisterPublicKeyParams as G, type RotateKeyParams as H, type IssueOneTimeTokenResult as I, type RevokeKeyParams as J, issueOneTimeTokenService as K, type LoginResult as L, verifyOneTimeTokenService as M, oauthStartService as N, type OAuthStartResult as O, type PermissionConfig as P, oauthCallbackService as Q, type RoleConfig as R, type SendVerificationCodeResult as S, buildOAuthErrorUrl as T, type UserProfile as U, type VerificationTargetType as V, isOAuthProviderEnabled as W, requireEnabledProvider as X, getEnabledOAuthProviders as Y, getGoogleAccessToken as Z, type OAuthStartParams as _, type RegisterResult as a, type OAuthCallbackResult as a0, authenticate as a1, optionalAuth as a2, EmailSchema as a3, PhoneSchema as a4, PasswordSchema as a5, TargetTypeSchema as a6, VerificationPurposeSchema as a7, type NormalizedIdentity as a8, type OAuthTokens as a9, registerOAuthProvider as aa, getOAuthProvider as ab, getRegisteredProviders as ac, type RotateKeyResult as b, type ProfileInfo as c, type VerificationPurpose as d, VERIFICATION_TARGET_TYPES as e, VERIFICATION_PURPOSES as f, PERMISSION_CATEGORIES as g, type PermissionCategory as h, type AuthInitOptions as i, type OAuthProvider as j, type AuthContext as k, checkAccountExistsService as l, mainAuthRouter as m, loginService as n, logoutService as o, changePasswordService as p, type CheckAccountExistsParams as q, registerService as r, type RegisterParams as s, type LoginParams as t, type LogoutParams as u, type ChangePasswordParams as v, sendVerificationCodeService as w, verifyCodeService as x, type SendVerificationCodeParams as y, type VerifyCodeParams as z };

package/dist/index.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as _spfn_core_nextjs from '@spfn/core/nextjs';
-import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, I as IssueOneTimeTokenResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-DcOkuB7d.js';
-export { i as AuthInitOptions, A as AuthSession, g as PERMISSION_CATEGORIES, h as PermissionCategory, f as VERIFICATION_PURPOSES, e as VERIFICATION_TARGET_TYPES, d as VerificationPurpose, V as VerificationTargetType } from './authenticate-DcOkuB7d.js';
+import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, I as IssueOneTimeTokenResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-mfVRzeIK.js';
+export { i as AuthInitOptions, A as AuthSession, g as PERMISSION_CATEGORIES, h as PermissionCategory, f as VERIFICATION_PURPOSES, e as VERIFICATION_TARGET_TYPES, d as VerificationPurpose, V as VerificationTargetType } from './authenticate-mfVRzeIK.js';
 import * as _spfn_core_route from '@spfn/core/route';
 import { HttpMethod } from '@spfn/core/route';
 export { I as INVITATION_STATUSES, b as InvitationStatus, a as KEY_ALGORITHM, K as KeyAlgorithmType, S as SOCIAL_PROVIDERS, d as SocialProvider, U as USER_STATUSES, c as UserStatus } from './types-B4auHIax.js';
@@ -170,7 +170,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
         userId: number;
         publicId: string;
@@ -227,6 +227,36 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
         keyId: string;
         returnUrl: string;
     }>;
+    oauthProviderStart: _spfn_core_route.RouteDef<{
+        params: _sinclair_typebox.TObject<{
+            provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver" | "superself">[]>;
+        }>;
+        query: _sinclair_typebox.TObject<{
+            state: _sinclair_typebox.TString;
+        }>;
+    }, {}, Response>;
+    oauthProviderCallback: _spfn_core_route.RouteDef<{
+        params: _sinclair_typebox.TObject<{
+            provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver" | "superself">[]>;
+        }>;
+        query: _sinclair_typebox.TObject<{
+            code: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+            state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+            error: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+            error_description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+        }>;
+    }, {}, Response>;
+    getProviderOAuthUrl: _spfn_core_route.RouteDef<{
+        params: _sinclair_typebox.TObject<{
+            provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver" | "superself">[]>;
+        }>;
+        body: _sinclair_typebox.TObject<{
+            returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+            state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
+        }>;
+    }, {}, {
+        authUrl: string;
+    }>;
     getInvitation: _spfn_core_route.RouteDef<{
         params: _sinclair_typebox.TObject<{
             token: _sinclair_typebox.TString;

package/dist/index.js CHANGED Viewed

@@ -191,6 +191,9 @@ var routeMap = {
   oauthProviders: { method: "GET", path: "/_auth/oauth/providers" },
   getGoogleOAuthUrl: { method: "POST", path: "/_auth/oauth/google/url" },
   oauthFinalize: { method: "POST", path: "/_auth/oauth/finalize" },
+  oauthProviderStart: { method: "GET", path: "/_auth/oauth/:provider" },
+  oauthProviderCallback: { method: "GET", path: "/_auth/oauth/:provider/callback" },
+  getProviderOAuthUrl: { method: "POST", path: "/_auth/oauth/:provider/url" },
   listRoles: { method: "GET", path: "/_auth/admin/roles" },
   createAdminRole: { method: "POST", path: "/_auth/admin/roles" },
   updateAdminRole: { method: "PATCH", path: "/_auth/admin/roles/:id" },