npm - @spidy092/auth-client - Versions diffs - 2.1.7 → 3.0.0 - Mend

@spidy092/auth-client 2.1.7 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/Readme.md +9 -0
package/dist/api.cjs +329 -0
package/dist/api.cjs.map +1 -0
package/dist/api.js +299 -0
package/dist/api.js.map +1 -0
package/dist/index.cjs +1047 -0
package/dist/index.cjs.map +1 -0
package/dist/index.js +1008 -0
package/dist/index.js.map +1 -0
package/dist/react/AuthProvider.cjs +692 -0
package/dist/react/AuthProvider.cjs.map +1 -0
package/dist/react/AuthProvider.js +657 -0
package/dist/react/AuthProvider.js.map +1 -0
package/dist/react/useAuth.cjs +86 -0
package/dist/react/useAuth.cjs.map +1 -0
package/dist/react/useAuth.js +52 -0
package/dist/react/useAuth.js.map +1 -0
package/dist/react/useSessionMonitor.cjs +926 -0
package/dist/react/useSessionMonitor.cjs.map +1 -0
package/dist/react/useSessionMonitor.js +892 -0
package/dist/react/useSessionMonitor.js.map +1 -0
package/dist/utils/jwt.cjs +72 -0
package/dist/utils/jwt.cjs.map +1 -0
package/dist/utils/jwt.js +46 -0
package/dist/utils/jwt.js.map +1 -0
package/package.json +34 -13
package/api.js +0 -95
package/config.js +0 -63
package/core.js +0 -570
package/index.js +0 -106
package/react/AuthProvider.jsx +0 -150
package/react/useAuth.js +0 -10
package/react/useSessionMonitor.js +0 -121
package/token.js +0 -455
package/utils/jwt.js +0 -27

package/core.js DELETED Viewed

@@ -1,570 +0,0 @@
-// auth-client/core.js - MINIMAL WORKING VERSION
-import {
-  setToken,
-  clearToken,
-  getToken,
-  setRefreshToken,
-  getRefreshToken,
-  clearRefreshToken,
-} from './token';
-import { getConfig, isRouterMode } from './config';
-let callbackProcessed = false;
-export function login(clientKeyArg, redirectUriArg) {
-  // ✅ Reset callback state when starting new login
-  resetCallbackState();
-  const {
-    clientKey: defaultClientKey,
-    authBaseUrl,
-    redirectUri: defaultRedirectUri,
-    accountUiUrl
-  } = getConfig();
-  const clientKey = clientKeyArg || defaultClientKey;
-  const redirectUri = redirectUriArg || defaultRedirectUri;
-  console.log('🔄 Smart Login initiated:', {
-    mode: isRouterMode() ? 'ROUTER' : 'CLIENT',
-    clientKey,
-    redirectUri
-  });
-  if (!clientKey || !redirectUri) {
-    throw new Error('Missing clientKey or redirectUri');
-  }
-  sessionStorage.setItem('originalApp', clientKey);
-  sessionStorage.setItem('returnUrl', redirectUri);
-  if (isRouterMode()) {
-    // Router mode: Direct backend authentication
-    return routerLogin(clientKey, redirectUri);
-  } else {
-    // Client mode: Redirect to centralized login
-    return clientLogin(clientKey, redirectUri);
-  }
-}
-// ✅ Router mode: Direct backend call
-function routerLogin(clientKey, redirectUri) {
-  const { authBaseUrl } = getConfig();
-  const params = new URLSearchParams();
-  if (redirectUri) {
-    params.append('redirect_uri', redirectUri);
-  }
-  const query = params.toString();
-  const backendLoginUrl = `${authBaseUrl}/login/${clientKey}${query ? `?${query}` : ''}`;
-  console.log('🏭 Router Login: Direct backend authentication', {
-    clientKey,
-    redirectUri,
-    backendUrl: backendLoginUrl
-  });
-  window.location.href = backendLoginUrl;
-}
-// ✅ Client mode: Centralized login
-function clientLogin(clientKey, redirectUri) {
-  const { accountUiUrl } = getConfig();
-  const params = new URLSearchParams({
-    client: clientKey
-  });
-  if (redirectUri) {
-    params.append('redirect_uri', redirectUri);
-  }
-  const centralizedLoginUrl = `${accountUiUrl}/login?${params.toString()}`;
-  console.log('🔄 Client Login: Redirecting to centralized login', {
-    clientKey,
-    redirectUri,
-    centralizedUrl: centralizedLoginUrl
-  });
-  window.location.href = centralizedLoginUrl;
-}
-export function logout() {
-  resetCallbackState();
-  const { clientKey, authBaseUrl, accountUiUrl } = getConfig();
-  const token = getToken();
-  console.log('🚪 Smart Logout initiated');
-  clearToken();
-  clearRefreshToken();
-  sessionStorage.removeItem('originalApp');
-  sessionStorage.removeItem('returnUrl');
-  if (isRouterMode()) {
-    return routerLogout(clientKey, authBaseUrl, accountUiUrl, token);
-  } else {
-    return clientLogout(clientKey, accountUiUrl);
-  }
-}
-async function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {
-  console.log('🏭 Router Logout');
-  const refreshToken = getRefreshToken();
-  try {
-    const response = await fetch(`${authBaseUrl}/logout/${clientKey}`, {
-      method: 'POST',
-      credentials: 'include',
-      headers: {
-        'Authorization': token ? `Bearer ${token}` : '',
-        'Content-Type': 'application/json'
-      },
-      body: JSON.stringify({
-        refreshToken: refreshToken
-      })
-    });
-    const data = await response.json();
-    console.log('✅ Logout response:', data);
-    clearRefreshToken();
-    clearToken();
-    await new Promise(resolve => setTimeout(resolve, 5000));
-    if (data.success && data.keycloakLogoutUrl) {
-      window.location.href = data.keycloakLogoutUrl;
-      return;
-    }
-  } catch (error) {
-    console.warn('⚠️ Logout failed:', error);
-    clearRefreshToken();
-    clearToken();
-  }
-  await new Promise(resolve => setTimeout(resolve, 5000));
-  window.location.href = '/login';
-}
-function clientLogout(clientKey, accountUiUrl) {
-  console.log('🔄 Client Logout');
-  const logoutUrl = `${accountUiUrl}/login?client=${clientKey}&logout=true`;
-  window.location.href = logoutUrl;
-}
-export function handleCallback() {
-  const params = new URLSearchParams(window.location.search);
-  const accessToken = params.get('access_token');
-  const error = params.get('error');
-  console.log('🔄 Callback handling:', {
-    hasAccessToken: !!accessToken,
-    error
-  });
-  // ✅ Prevent duplicate callback processing
-  if (callbackProcessed) {
-    const existingToken = getToken();
-    if (existingToken) {
-      console.log('✅ Callback already processed, returning existing token');
-      return existingToken;
-    }
-    // Reset if no token found (might be a retry)
-    callbackProcessed = false;
-  }
-  callbackProcessed = true;
-  sessionStorage.removeItem('originalApp');
-  sessionStorage.removeItem('returnUrl');
-  if (error) {
-    const errorDescription = params.get('error_description') || error;
-    throw new Error(`Authentication failed: ${errorDescription}`);
-  }
-  if (accessToken) {
-    setToken(accessToken);
-    // ✅ For HTTP development, store refresh token from URL
-    // In HTTPS production, refresh token is in httpOnly cookie (more secure)
-    const refreshTokenInUrl = params.get('refresh_token');
-    if (refreshTokenInUrl) {
-      const isHttpDev = typeof window !== 'undefined' && window.location?.protocol === 'http:';
-      if (isHttpDev) {
-        console.log('📦 HTTP dev mode: Storing refresh token from callback URL');
-        setRefreshToken(refreshTokenInUrl);
-      } else {
-        console.log('🔒 HTTPS mode: Refresh token is in httpOnly cookie (ignoring URL param)');
-      }
-    }
-    const url = new URL(window.location);
-    url.searchParams.delete('access_token');
-    url.searchParams.delete('refresh_token');
-    url.searchParams.delete('state');
-    url.searchParams.delete('error');
-    url.searchParams.delete('error_description');
-    window.history.replaceState({}, '', url);
-    console.log('✅ Callback processed successfully, token stored');
-    return accessToken;
-  }
-  throw new Error('No access token found in callback URL');
-}
-export function resetCallbackState() {
-  callbackProcessed = false;
-}
-// ✅ Add refresh lock to prevent concurrent refresh calls
-let refreshInProgress = false;
-let refreshPromise = null;
-export async function refreshToken() {
-  const { clientKey, authBaseUrl } = getConfig();
-  // ✅ Prevent concurrent refresh calls
-  if (refreshInProgress && refreshPromise) {
-    console.log('🔄 Token refresh already in progress, waiting...');
-    return refreshPromise;
-  }
-  refreshInProgress = true;
-  refreshPromise = (async () => {
-    try {
-      // Get stored refresh token (for HTTP development)
-      const storedRefreshToken = getRefreshToken();
-      console.log('🔄 Refreshing token:', {
-        clientKey,
-        mode: isRouterMode() ? 'ROUTER' : 'CLIENT',
-        hasStoredRefreshToken: !!storedRefreshToken
-      });
-      // Build request options - send refresh token in body and header for HTTP dev
-      const requestOptions = {
-        method: 'POST',
-        credentials: 'include', // ✅ Include httpOnly cookies (for HTTPS)
-        headers: {
-          'Content-Type': 'application/json'
-        }
-      };
-      // For HTTP development, send refresh token in body and header
-      if (storedRefreshToken) {
-        requestOptions.headers['X-Refresh-Token'] = storedRefreshToken;
-        requestOptions.body = JSON.stringify({ refreshToken: storedRefreshToken });
-      }
-      const response = await fetch(`${authBaseUrl}/refresh/${clientKey}`, requestOptions);
-      if (!response.ok) {
-        const errorText = await response.text();
-        console.error('❌ Token refresh failed:', response.status, errorText);
-        throw new Error(`Refresh failed: ${response.status}`);
-      }
-      const data = await response.json();
-      const { access_token, refresh_token: new_refresh_token } = data;
-      if (!access_token) {
-        throw new Error('No access token in refresh response');
-      }
-      // ✅ This will trigger token listeners
-      setToken(access_token);
-      // ✅ Store new refresh token if provided (token rotation)
-      if (new_refresh_token) {
-        setRefreshToken(new_refresh_token);
-        console.log('🔄 New refresh token stored from rotation');
-      }
-      console.log('✅ Token refresh successful, listeners notified');
-      return access_token;
-    } catch (err) {
-      console.error('❌ Token refresh error:', err);
-      // ✅ This will trigger token listeners
-      clearToken();
-      clearRefreshToken();
-      throw err;
-    } finally {
-      refreshInProgress = false;
-      refreshPromise = null;
-    }
-  })();
-  return refreshPromise;
-}
-export async function validateCurrentSession() {
-  try {
-    const { authBaseUrl } = getConfig();
-    const token = getToken();
-    if (!token || !authBaseUrl) {
-      return false;
-    }
-    const response = await fetch(`${authBaseUrl}/account/validate-session`, {
-      method: 'GET',
-      headers: {
-        'Authorization': `Bearer ${token}`,
-        'Content-Type': 'application/json'
-      },
-      credentials: 'include'
-    });
-    if (!response.ok) {
-      if (response.status === 401) {
-        return false;
-      }
-      throw new Error(`HTTP ${response.status}: ${response.statusText}`);
-    }
-    const data = await response.json();
-    return data.valid === true;
-  } catch (error) {
-    console.warn('Session validation failed:', error.message);
-    if (error.message.includes('401')) {
-      return false;
-    }
-    throw error;
-  }
-}
-// ========== SESSION SECURITY: PROACTIVE REFRESH & VALIDATION ==========
-// These functions ensure that:
-// 1. Tokens are refreshed before they expire (proactive refresh)
-// 2. Sessions deleted in Keycloak Admin UI are detected quickly (periodic validation)
-let proactiveRefreshTimer = null;
-let sessionValidationTimer = null;
-let visibilityHandler = null;
-let sessionInvalidCallbacks = new Set();
-// Register a callback to be called when session is invalidated
-export function onSessionInvalid(callback) {
-  if (typeof callback === 'function') {
-    sessionInvalidCallbacks.add(callback);
-  }
-  return () => sessionInvalidCallbacks.delete(callback);
-}
-// Notify all registered callbacks that session is invalid
-function notifySessionInvalid(reason = 'session_deleted') {
-  console.log('🚨 Session invalidated:', reason);
-  sessionInvalidCallbacks.forEach(callback => {
-    try {
-      callback(reason);
-    } catch (err) {
-      console.error('Session invalid callback error:', err);
-    }
-  });
-}
-// ========== PROACTIVE TOKEN REFRESH ==========
-// Schedules token refresh before expiry to ensure seamless UX
-export function startProactiveRefresh() {
-  const { enableProactiveRefresh, tokenRefreshBuffer } = getConfig();
-  if (!enableProactiveRefresh) {
-    console.log('⏸️ Proactive refresh disabled by config');
-    return null;
-  }
-  // Clear any existing timer
-  stopProactiveRefresh();
-  const token = getToken();
-  if (!token) {
-    console.log('⏸️ No token, skipping proactive refresh setup');
-    return null;
-  }
-  const { getTimeUntilExpiry } = require('./token');
-  const timeUntilExpiry = getTimeUntilExpiry(token);
-  if (timeUntilExpiry <= 0) {
-    console.log('⚠️ Token already expired, attempting immediate refresh');
-    refreshToken().catch(err => {
-      console.error('❌ Immediate refresh failed:', err);
-      notifySessionInvalid('token_expired');
-    });
-    return null;
-  }
-  // Schedule refresh for (expiry - buffer) seconds from now
-  const refreshIn = Math.max(0, (timeUntilExpiry - tokenRefreshBuffer)) * 1000;
-  console.log(`🔄 Scheduling proactive refresh in ${Math.round(refreshIn / 1000)}s (token expires in ${timeUntilExpiry}s)`);
-  proactiveRefreshTimer = setTimeout(async () => {
-    try {
-      console.log('🔄 Proactive token refresh triggered');
-      await refreshToken();
-      console.log('✅ Proactive refresh successful, scheduling next refresh');
-      // Schedule next refresh after successful refresh
-      startProactiveRefresh();
-    } catch (err) {
-      console.error('❌ Proactive refresh failed:', err);
-      // Check if this is a permanent failure (token revoked, invalid, etc.)
-      const errorMessage = err.message?.toLowerCase() || '';
-      const isPermanentFailure =
-        errorMessage.includes('401') ||
-        errorMessage.includes('revoked') ||
-        errorMessage.includes('invalid') ||
-        errorMessage.includes('expired') ||
-        errorMessage.includes('unauthorized');
-      if (isPermanentFailure) {
-        console.log('🚨 Token permanently invalid, triggering session expiry');
-        notifySessionInvalid('refresh_token_revoked');
-      } else {
-        // Temporary failure (network issue), try again in 30 seconds
-        proactiveRefreshTimer = setTimeout(() => startProactiveRefresh(), 30000);
-      }
-    }
-  }, refreshIn);
-  return proactiveRefreshTimer;
-}
-export function stopProactiveRefresh() {
-  if (proactiveRefreshTimer) {
-    clearTimeout(proactiveRefreshTimer);
-    proactiveRefreshTimer = null;
-    console.log('⏹️ Proactive refresh stopped');
-  }
-}
-// ========== PERIODIC SESSION VALIDATION ==========
-// Validates with server that session still exists in Keycloak
-// Catches session deletions from Keycloak Admin UI
-export function startSessionMonitor(onInvalid) {
-  const { enableSessionValidation, sessionValidationInterval, validateOnVisibility } = getConfig();
-  if (!enableSessionValidation) {
-    console.log('⏸️ Session validation disabled by config');
-    return null;
-  }
-  // Register callback if provided
-  if (onInvalid && typeof onInvalid === 'function') {
-    sessionInvalidCallbacks.add(onInvalid);
-  }
-  // Clear any existing timer
-  stopSessionMonitor();
-  const token = getToken();
-  if (!token) {
-    console.log('⏸️ No token, skipping session monitor setup');
-    return null;
-  }
-  console.log(`👁️ Starting session monitor (interval: ${sessionValidationInterval / 1000}s)`);
-  // Periodic validation
-  sessionValidationTimer = setInterval(async () => {
-    try {
-      const currentToken = getToken();
-      if (!currentToken) {
-        console.log('⏸️ No token, stopping session validation');
-        stopSessionMonitor();
-        return;
-      }
-      console.log('🔍 Validating session...');
-      const isValid = await validateCurrentSession();
-      if (!isValid) {
-        console.log('❌ Session no longer valid on server');
-        stopSessionMonitor();
-        stopProactiveRefresh();
-        clearToken();
-        clearRefreshToken();
-        notifySessionInvalid('session_deleted');
-      } else {
-        console.log('✅ Session still valid');
-      }
-    } catch (error) {
-      console.warn('⚠️ Session validation check failed:', error.message);
-      // Don't invalidate on network errors - wait for next check
-    }
-  }, sessionValidationInterval);
-  // Visibility-based validation (when tab becomes visible again)
-  if (validateOnVisibility && typeof document !== 'undefined') {
-    visibilityHandler = async () => {
-      if (document.visibilityState === 'visible') {
-        const currentToken = getToken();
-        if (!currentToken) return;
-        console.log('👁️ Tab visible - validating session');
-        try {
-          const isValid = await validateCurrentSession();
-          if (!isValid) {
-            console.log('❌ Session expired while tab was hidden');
-            stopSessionMonitor();
-            stopProactiveRefresh();
-            clearToken();
-            clearRefreshToken();
-            notifySessionInvalid('session_deleted_while_hidden');
-          }
-        } catch (error) {
-          console.warn('⚠️ Visibility check failed:', error.message);
-        }
-      }
-    };
-    document.addEventListener('visibilitychange', visibilityHandler);
-  }
-  return sessionValidationTimer;
-}
-export function stopSessionMonitor() {
-  if (sessionValidationTimer) {
-    clearInterval(sessionValidationTimer);
-    sessionValidationTimer = null;
-    console.log('⏹️ Session monitor stopped');
-  }
-  if (visibilityHandler && typeof document !== 'undefined') {
-    document.removeEventListener('visibilitychange', visibilityHandler);
-    visibilityHandler = null;
-  }
-}
-// ========== COMBINED SESSION SECURITY ==========
-// Start both proactive refresh and session monitoring
-export function startSessionSecurity(onSessionInvalidCallback) {
-  console.log('🔐 Starting session security (proactive refresh + session monitoring)');
-  startProactiveRefresh();
-  startSessionMonitor(onSessionInvalidCallback);
-  return {
-    stopAll: () => {
-      stopProactiveRefresh();
-      stopSessionMonitor();
-    }
-  };
-}
-export function stopSessionSecurity() {
-  stopProactiveRefresh();
-  stopSessionMonitor();
-  sessionInvalidCallbacks.clear();
-  console.log('🔐 Session security stopped');
-}

package/index.js DELETED Viewed

@@ -1,106 +0,0 @@
-// auth-client/index.js
-import { setConfig, getConfig, isRouterMode } from './config';
-import {
-  login,
-  logout,
-  handleCallback,
-  refreshToken,
-  resetCallbackState,
-  validateCurrentSession,
-  // Session Security Functions
-  startProactiveRefresh,
-  stopProactiveRefresh,
-  startSessionMonitor,
-  stopSessionMonitor,
-  startSessionSecurity,
-  stopSessionSecurity,
-  onSessionInvalid
-} from './core';
-import {
-  getToken,
-  setToken,
-  clearToken,
-  setRefreshToken,
-  getRefreshToken,
-  clearRefreshToken,
-  addTokenListener,
-  removeTokenListener,
-  getListenerCount,
-  // Token Expiry Utilities
-  getTokenExpiryTime,
-  getTimeUntilExpiry,
-  willExpireSoon
-} from './token';
-import api from './api';
-import { decodeToken, isTokenExpired, isAuthenticated } from './utils/jwt';
-export const auth = {
-  // 🔧 Config
-  setConfig,
-  getConfig,
-  isRouterMode,
-  // 🔐 Core flows
-  login,
-  logout,
-  handleCallback,
-  refreshToken,
-  resetCallbackState,
-  validateCurrentSession,
-  // 🔑 Token management
-  getToken,
-  setToken,
-  clearToken,
-  setRefreshToken,     // ✅ Refresh token for HTTP dev
-  getRefreshToken,
-  clearRefreshToken,
-  addTokenListener,    // ✅ Export new functions
-  removeTokenListener,
-  getListenerCount,    // ✅ Debug function
-  // 🌐 Authenticated API client
-  api,
-  // 🧪 Utilities
-  decodeToken,
-  isTokenExpired,
-  isAuthenticated,
-  // ⏱️ Token Expiry Utilities (NEW)
-  getTokenExpiryTime,    // Get token expiry as Date object
-  getTimeUntilExpiry,    // Get seconds until token expires
-  willExpireSoon,        // Check if token expires within N seconds
-  // 🔐 Session Security (NEW - Short-lived tokens + Periodic validation)
-  startProactiveRefresh,   // Start proactive token refresh before expiry
-  stopProactiveRefresh,    // Stop proactive refresh
-  startSessionMonitor,     // Start periodic session validation
-  stopSessionMonitor,      // Stop session validation
-  startSessionSecurity,    // Start both proactive refresh AND session monitoring
-  stopSessionSecurity,     // Stop all session security
-  onSessionInvalid,        // Register callback for session invalidation
-  // 🔄 Legacy auto-refresh (DEPRECATED - use startSessionSecurity instead)
-  startTokenRefresh: () => {
-    console.warn('⚠️ startTokenRefresh is deprecated. Use startSessionSecurity() instead for better session management.');
-    const interval = setInterval(async () => {
-      const token = getToken();
-      if (token && isTokenExpired(token, 300)) {
-        try {
-          await refreshToken();
-          console.log('🔄 Auto-refresh successful');
-        } catch (err) {
-          console.error('Auto-refresh failed:', err);
-          clearInterval(interval);
-        }
-      }
-    }, 60000);
-    return interval;
-  }
-};
-export { AuthProvider } from './react/AuthProvider';
-export { useAuth } from './react/useAuth';
-export { useSessionMonitor } from './react/useSessionMonitor';