npm - @spidy092/auth-client - Versions diffs - 1.0.18 → 2.0.0 - Mend

@spidy092/auth-client 1.0.18 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/api.js CHANGED Viewed

@@ -1,50 +1,93 @@
 // auth-client/api.js
 import axios from 'axios';
-import { getToken } from './token';
 import { getConfig } from './config';
+import { getToken, setToken, clearToken } from './token';
+import { refreshToken as performRefresh } from './core';
-// ✅ Fixed: Create instance without baseURL initially
 const api = axios.create({
   withCredentials: true,
 });
-// ✅ Fixed: Set baseURL dynamically in interceptor
 api.interceptors.request.use((config) => {
-  // Set baseURL dynamically each time
+  const runtimeConfig = getConfig();
   if (!config.baseURL) {
-    const authConfig = getConfig();
-    config.baseURL = authConfig?.authBaseUrl || 'http://localhost:4000';
+    config.baseURL = runtimeConfig?.authBaseUrl || 'http://localhost:4000/auth';
+  }
+  if (!config.headers) {
+    config.headers = {};
+  }
+  if (runtimeConfig?.clientKey && !config.headers['X-Client-Key']) {
+    config.headers['X-Client-Key'] = runtimeConfig.clientKey;
   }
   const token = getToken();
   if (token) {
     config.headers.Authorization = `Bearer ${token}`;
   }
   return config;
 });
-// ✅ Added: Response interceptor for token refresh/error handling
+let refreshPromise = null;
 api.interceptors.response.use(
   (response) => response,
-  (error) => {
-    if (error.response?.status === 401) {
-      console.warn('API request failed with 401, token may be expired');
-      // You could trigger token refresh or logout here
+  async (error) => {
+    const { response, config } = error || {};
+    if (!response || !config) {
+      return Promise.reject(error);
     }
+    if (response.status !== 401 || config._retry) {
+      return Promise.reject(error);
+    }
+    config._retry = true;
+    if (!refreshPromise) {
+      refreshPromise = performRefresh()
+        .then((newToken) => {
+          refreshPromise = null;
+          if (newToken) {
+            setToken(newToken);
+          }
+          return newToken;
+        })
+        .catch((refreshError) => {
+          refreshPromise = null;
+          clearToken();
+          throw refreshError;
+        });
+    }
+    try {
+      const refreshedToken = await refreshPromise;
+      if (refreshedToken) {
+        config.headers.Authorization = `Bearer ${refreshedToken}`;
+        return api(config);
+      }
+    } catch (refreshErr) {
+      return Promise.reject(refreshErr);
+    }
     return Promise.reject(error);
   }
 );
 api.validateSession = async () => {
   try {
     const response = await api.get('/account/validate-session');
     return response.data.valid;
-  } catch (error) {
-    if (error.response?.status === 401) {
+  } catch (err) {
+    if (err.response?.status === 401) {
       return false;
     }
-    throw error;
+    throw err;
   }
 };

package/core.js CHANGED Viewed

@@ -1,5 +1,12 @@
 // auth-client/core.js
-import { setToken, clearToken, getToken } from './token';
+import {
+  setToken,
+  clearToken,
+  getToken,
+  setRefreshToken,
+  getRefreshToken,
+  clearRefreshToken,
+} from './token';
 import { getConfig, isRouterMode } from './config';
 // ✅ Track callback state with listeners
@@ -86,7 +93,9 @@ export function logout() {
   // Clear local storage immediately (this will trigger listeners)
   clearToken();
-  sessionStorage.clear();
+  clearRefreshToken();
+  sessionStorage.removeItem('originalApp');
+  sessionStorage.removeItem('returnUrl');
   if (isRouterMode()) {
     return routerLogout(clientKey, authBaseUrl, accountUiUrl, token);
@@ -99,8 +108,8 @@ export function logout() {
 async function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {
   console.log('🏭 Enhanced Router Logout with sessionStorage');
-  const refreshToken = sessionStorage.getItem('refreshToken');
-  console.log('Refresh token from storage:', refreshToken ? 'FOUND' : 'MISSING');
+  const refreshToken = getRefreshToken();
+  console.log('Refresh token available:', refreshToken ? 'FOUND' : 'MISSING');
   try {
     const response = await fetch(`${authBaseUrl}/logout/${clientKey}`, {
@@ -119,7 +128,7 @@ async function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {
     console.log('✅ Logout response:', data);
     // Clear stored tokens
-    sessionStorage.removeItem('refreshToken');
+    clearRefreshToken();
     clearToken();
     // Delay before redirect
@@ -132,7 +141,7 @@ async function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {
   } catch (error) {
     console.warn('⚠️ Logout failed:', error);
-    sessionStorage.removeItem('refreshToken');
+    clearRefreshToken();
     clearToken();
   }
@@ -177,11 +186,11 @@ export function handleCallback() {
   if (accessToken) {
     setToken(accessToken);
-    // STORE REFRESH TOKEN in sessionStorage
+    // Store refresh token for future refresh calls
     if (refreshToken) {
-      sessionStorage.setItem('refreshToken', refreshToken);
-      console.log('✅ Refresh token stored in sessionStorage');
+      setRefreshToken(refreshToken);
+      console.log('✅ Refresh token persisted');
     }
     // Clean URL parameters
@@ -205,37 +214,63 @@ export function resetCallbackState() {
   console.log('🔄 Callback state reset');
 }
+// auth-client/core.js
 export async function refreshToken() {
   const { clientKey, authBaseUrl } = getConfig();
-  console.log('🔄 Refreshing token:', {
-    clientKey,
-    mode: isRouterMode() ? 'ROUTER' : 'CLIENT'
+  const refreshTokenValue = getRefreshToken(); // ✅ Now checks both cookie & localStorage
+  console.log('🔄 Refreshing token:', {
+    clientKey,
+    mode: isRouterMode() ? 'ROUTER' : 'CLIENT',
+    hasRefreshToken: !!refreshTokenValue
   });
+  if (!refreshTokenValue) {
+    console.warn('⚠️ No refresh token available for refresh');
+    clearToken();
+    throw new Error('No refresh token available');
+  }
   try {
     const response = await fetch(`${authBaseUrl}/refresh/${clientKey}`, {
       method: 'POST',
-      credentials: 'include',
+      credentials: 'include', // ✅ Sends cookie if available
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Refresh-Token': refreshTokenValue // ✅ Also send in header as fallback
+      },
+      body: JSON.stringify({
+        refreshToken: refreshTokenValue // ✅ Also send in body
+      })
     });
     if (!response.ok) {
       throw new Error('Refresh failed');
     }
-    const { access_token } = await response.json();
-    // ✅ This will trigger token listeners
+    const { access_token, refresh_token: new_refresh_token } = await response.json();
+    // ✅ Update access token (triggers listeners)
     setToken(access_token);
+    // ✅ Update refresh token in BOTH storages if backend returned new one
+    if (new_refresh_token) {
+      setRefreshToken(new_refresh_token);
+    }
     console.log('✅ Token refresh successful, listeners notified');
     return access_token;
   } catch (err) {
-    // ✅ This will trigger token listeners
+    console.error('❌ Token refresh failed:', err);
+    // ✅ Clear everything on refresh failure
     clearToken();
+    clearRefreshToken();
     throw err;
   }
 }
 export async function validateCurrentSession() {
   try {
     const { authBaseUrl } = getConfig();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@spidy092/auth-client",
-  "version": "1.0.18",
+  "version": "2.0.0",
   "description": "Scalable frontend auth SDK for centralized login using Keycloak + Auth Service.",
   "main": "index.js",
   "module": "index.js",

package/token.js CHANGED Viewed

@@ -1,66 +1,150 @@
 // auth-client/token.js
-let memoryToken = null;
-const listeners = new Set(); // ✅ Add listeners
-export function setToken(token) {
-  const previousToken = memoryToken;
-  memoryToken = token;
+import { jwtDecode } from 'jwt-decode';
+let accessToken = null;
+const listeners = new Set();
+const REFRESH_COOKIE = 'account_refresh_token';
+const REFRESH_STORAGE_KEY = 'refresh_token'; // localStorage key
+const COOKIE_MAX_AGE = 7 * 24 * 60 * 60; // 7 days in seconds
+function secureAttribute() {
   try {
-    localStorage.setItem('authToken', token);
+    return typeof window !== 'undefined' && window.location?.protocol === 'https:'
+      ? '; Secure'
+      : '';
   } catch (err) {
-    console.warn('Could not write token to localStorage:', err);
+    return '';
   }
+}
-  // ✅ Notify listeners when token changes
-  if (previousToken !== token) {
-    console.log('🔔 Token changed, notifying listeners:', {
-      listenerCount: listeners.size,
-      hadToken: !!previousToken,
-      hasToken: !!token
-    });
-    listeners.forEach(listener => {
-      try {
-        listener(token, previousToken);
-      } catch (err) {
-        console.warn('Token listener error:', err);
-      }
-    });
+// ========== ACCESS TOKEN (localStorage only) ==========
+function writeAccessToken(token) {
+  if (!token) {
+    try {
+      localStorage.removeItem('authToken');
+    } catch (err) {
+      console.warn('Could not clear token from localStorage:', err);
+    }
+    return;
+  }
+  try {
+    localStorage.setItem('authToken', token);
+  } catch (err) {
+    console.warn('Could not persist token to localStorage:', err);
   }
 }
-export function getToken() {
-  if (memoryToken) return memoryToken;
+function readAccessToken() {
   try {
-    const stored = localStorage.getItem('authToken');
-    memoryToken = stored;
-    return stored;
+    return localStorage.getItem('authToken');
   } catch (err) {
     console.warn('Could not read token from localStorage:', err);
     return null;
   }
 }
-export function clearToken() {
-  const previousToken = memoryToken;
-  memoryToken = null;
+// ========== REFRESH TOKEN (localStorage + Cookie dual storage) ==========
+/**
+ * Store refresh token in BOTH localStorage AND cookie
+ * Whichever survives (cross-domain, privacy settings) will work
+ */
+export function setRefreshToken(token) {
+  if (!token) {
+    clearRefreshToken();
+    return;
+  }
+  const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);
+  // 1. Try to set cookie (works for same-domain, cross-subdomain)
   try {
-    localStorage.removeItem('authToken');
+    document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Lax${secureAttribute()}; Expires=${expires.toUTCString()}`;
+    console.log('✅ Refresh token stored in cookie');
   } catch (err) {
-    console.warn('Could not clear token from localStorage:', err);
+    console.warn('⚠️ Could not persist refresh token cookie:', err);
   }
-  // ✅ Notify listeners when token is cleared
-  if (previousToken) {
-    console.log('🔔 Token cleared, notifying listeners:', {
-      listenerCount: listeners.size
-    });
-    listeners.forEach(listener => {
+  // 2. Also store in localStorage as backup (survives browser privacy settings)
+  try {
+    localStorage.setItem(REFRESH_STORAGE_KEY, token);
+    console.log('✅ Refresh token stored in localStorage');
+  } catch (err) {
+    console.warn('⚠️ Could not persist refresh token to localStorage:', err);
+  }
+}
+/**
+ * Get refresh token from cookie OR localStorage (whichever works)
+ * Priority: Cookie > localStorage
+ */
+export function getRefreshToken() {
+  // 1. Try cookie first (preferred for httpOnly scenario)
+  let cookieMatch = null;
+  try {
+    cookieMatch = document.cookie
+      ?.split('; ')
+      ?.find((row) => row.startsWith(`${REFRESH_COOKIE}=`));
+  } catch (err) {
+    cookieMatch = null;
+  }
+  if (cookieMatch) {
+    const token = decodeURIComponent(cookieMatch.split('=')[1]);
+    console.log('✅ Retrieved refresh token from cookie');
+    return token;
+  }
+  // 2. Fallback to localStorage
+  try {
+    const token = localStorage.getItem(REFRESH_STORAGE_KEY);
+    if (token) {
+      console.log('✅ Retrieved refresh token from localStorage (fallback)');
+      return token;
+    }
+  } catch (err) {
+    console.warn('⚠️ Could not read refresh token from localStorage:', err);
+  }
+  console.warn('⚠️ No refresh token found in cookie or localStorage');
+  return null;
+}
+/**
+ * Clear refresh token from BOTH cookie AND localStorage
+ */
+export function clearRefreshToken() {
+  // Clear cookie
+  try {
+    document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Lax${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+    console.log('✅ Cleared refresh token cookie');
+  } catch (err) {
+    console.warn('⚠️ Could not clear refresh token cookie:', err);
+  }
+  // Clear localStorage
+  try {
+    localStorage.removeItem(REFRESH_STORAGE_KEY);
+    console.log('✅ Cleared refresh token from localStorage');
+  } catch (err) {
+    console.warn('⚠️ Could not clear refresh token from localStorage:', err);
+  }
+}
+// ========== ACCESS TOKEN MANAGEMENT ==========
+export function setToken(token) {
+  const previousToken = accessToken;
+  accessToken = token || null;
+  writeAccessToken(accessToken);
+  if (previousToken !== accessToken) {
+    listeners.forEach((listener) => {
       try {
-        listener(null, previousToken);
+        listener(accessToken, previousToken);
       } catch (err) {
         console.warn('Token listener error:', err);
       }
@@ -68,82 +152,256 @@ export function clearToken() {
   }
 }
-// ✅ Add listener management
+export function getToken() {
+  if (accessToken) return accessToken;
+  accessToken = readAccessToken();
+  return accessToken;
+}
+export function clearToken() {
+  if (!accessToken) {
+    writeAccessToken(null);
+    clearRefreshToken();
+    return;
+  }
+  const previousToken = accessToken;
+  accessToken = null;
+  writeAccessToken(null);
+  clearRefreshToken();
+  listeners.forEach((listener) => {
+    try {
+      listener(null, previousToken);
+    } catch (err) {
+      console.warn('Token listener error:', err);
+    }
+  });
+}
+// ========== HELPER FUNCTIONS ==========
+function decode(token) {
+  try {
+    return jwtDecode(token);
+  } catch (err) {
+    return null;
+  }
+}
+function isExpired(token, bufferSeconds = 60) {
+  if (!token) return true;
+  const decoded = decode(token);
+  if (!decoded?.exp) return true;
+  const now = Date.now() / 1000;
+  return decoded.exp < now + bufferSeconds;
+}
 export function addTokenListener(listener) {
   if (typeof listener !== 'function') {
     throw new Error('Token listener must be a function');
   }
   listeners.add(listener);
-  console.log('📎 Token listener added, total listeners:', listeners.size);
-  // Return cleanup function
   return () => {
-    const removed = listeners.delete(listener);
-    if (removed) {
-      console.log('📎 Token listener removed, remaining listeners:', listeners.size);
-    }
-    return removed;
+    listeners.delete(listener);
   };
 }
 export function removeTokenListener(listener) {
-  const removed = listeners.delete(listener);
-  if (removed) {
-    console.log('📎 Token listener removed, remaining listeners:', listeners.size);
-  }
-  return removed;
+  listeners.delete(listener);
 }
 export function getListenerCount() {
-  return listeners.size;
+  return listeners.size;
 }
+export function isAuthenticated() {
+  const token = getToken();
+  return !!token && !isExpired(token, 15);
+}
+// // auth-client/token.js
+// import { jwtDecode } from 'jwt-decode';
+// let accessToken = null;
+// const listeners = new Set();
+// const REFRESH_COOKIE = 'account_refresh_token';
+// const COOKIE_MAX_AGE = 7 * 24 * 60 * 60; // 7 days in seconds
+// function secureAttribute() {
+//   try {
+//     return typeof window !== 'undefined' && window.location?.protocol === 'https:'
+//       ? '; Secure'
+//       : '';
+//   } catch (err) {
+//     return '';
+//   }
+// }
+// function writeAccessToken(token) {
+//   if (!token) {
+//     try {
+//       localStorage.removeItem('authToken');
+//     } catch (err) {
+//       console.warn('Could not clear token from localStorage:', err);
+//     }
+//     return;
+//   }
+//   try {
+//     localStorage.setItem('authToken', token);
+//   } catch (err) {
+//     console.warn('Could not persist token to localStorage:', err);
+//   }
+// }
-// ✅ Debug function to see current listeners
-// ✅ Decode JWT payload safely
-// export function decodeToken(token) {
-//   if (!token) return null;
+// function readAccessToken() {
+//   try {
+//     return localStorage.getItem('authToken');
+//   } catch (err) {
+//     console.warn('Could not read token from localStorage:', err);
+//     return null;
+//   }
+// }
+// function decode(token) {
 //   try {
-//     const base64Url = token.split('.')[1]; // JWT payload is 2nd part
-//     if (!base64Url) return null;
-//     const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
-//     const jsonPayload = decodeURIComponent(
-//       atob(base64)
-//         .split('')
-//         .map((c) => `%${('00' + c.charCodeAt(0).toString(16)).slice(-2)}`)
-//         .join('')
-//     );
-//     return JSON.parse(jsonPayload);
+//     return jwtDecode(token);
 //   } catch (err) {
-//     console.warn('Could not decode token:', err);
 //     return null;
 //   }
 // }
-// // ✅ Check if JWT is expired (with optional buffer)
-// export function isTokenExpired(token, bufferSeconds = 0) {
+// function isExpired(token, bufferSeconds = 60) {
 //   if (!token) return true;
+//   const decoded = decode(token);
+//   if (!decoded?.exp) return true;
+//   const now = Date.now() / 1000;
+//   return decoded.exp < now + bufferSeconds;
+// }
-//   const decoded = decodeToken(token);
-//   if (!decoded || !decoded.exp) return true; // no exp claim → treat as expired
+// export function setToken(token) {
+//   const previousToken = accessToken;
+//   accessToken = token || null;
+//   writeAccessToken(accessToken);
-//   const expiryTime = decoded.exp * 1000; // exp is in seconds → convert to ms
-//   const currentTime = Date.now();
+//   if (previousToken !== accessToken) {
+//     listeners.forEach((listener) => {
+//       try {
+//         listener(accessToken, previousToken);
+//       } catch (err) {
+//         console.warn('Token listener error:', err);
+//       }
+//     });
+//   }
+// }
-//   // Add buffer (e.g., 60s) to expire slightly earlier
-//   return currentTime >= expiryTime - bufferSeconds * 1000;
+// export function getToken() {
+//   if (accessToken) return accessToken;
+//   accessToken = readAccessToken();
+//   return accessToken;
 // }
-// ✅ Check if user is authenticated
-export function isAuthenticated() {
-  const token = getToken();
-  return !!token && !isTokenExpired(token);
-}
+// export function clearToken() {
+//   if (!accessToken) {
+//     writeAccessToken(null);
+//     clearRefreshToken();
+//     return;
+//   }
+//   const previousToken = accessToken;
+//   accessToken = null;
+//   writeAccessToken(null);
+//   clearRefreshToken();
+//   listeners.forEach((listener) => {
+//     try {
+//       listener(null, previousToken);
+//     } catch (err) {
+//       console.warn('Token listener error:', err);
+//     }
+//   });
+// }
+// export function setRefreshToken(token) {
+//   if (!token) {
+//     clearRefreshToken();
+//     return;
+//   }
+//   const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);
+//   try {
+//     document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Strict${secureAttribute()}; Expires=${expires.toUTCString()}`;
+//   } catch (err) {
+//     console.warn('Could not persist refresh token cookie:', err);
+//   }
+//   try {
+//     sessionStorage.setItem(REFRESH_COOKIE, token);
+//   } catch (err) {
+//     console.warn('Could not persist refresh token to sessionStorage:', err);
+//   }
+// }
+// export function getRefreshToken() {
+//   // Prefer cookie to align with server expectations
+//   let cookieMatch = null;
+//   try {
+//     cookieMatch = document.cookie
+//       ?.split('; ')
+//       ?.find((row) => row.startsWith(`${REFRESH_COOKIE}=`));
+//   } catch (err) {
+//     cookieMatch = null;
+//   }
+//   if (cookieMatch) {
+//     return decodeURIComponent(cookieMatch.split('=')[1]);
+//   }
+//   try {
+//     return sessionStorage.getItem(REFRESH_COOKIE);
+//   } catch (err) {
+//     console.warn('Could not read refresh token from sessionStorage:', err);
+//     return null;
+//   }
+// }
+// export function clearRefreshToken() {
+//   try {
+//     document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Strict${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+//   } catch (err) {
+//     console.warn('Could not clear refresh token cookie:', err);
+//   }
+//   try {
+//     sessionStorage.removeItem(REFRESH_COOKIE);
+//   } catch (err) {
+//     console.warn('Could not clear refresh token from sessionStorage:', err);
+//   }
+// }
+// export function addTokenListener(listener) {
+//   if (typeof listener !== 'function') {
+//     throw new Error('Token listener must be a function');
+//   }
+//   listeners.add(listener);
+//   return () => {
+//     listeners.delete(listener);
+//   };
+// }
+// export function removeTokenListener(listener) {
+//   listeners.delete(listener);
+// }
+// export function getListenerCount() {
+//   return listeners.size;
+// }
+// export function isAuthenticated() {
+//   const token = getToken();
+//   return !!token && !isExpired(token, 15);
+// }