npm - @stackwright-pro/auth - Versions diffs - 0.2.0-alpha.13 → 0.2.0-alpha.15 - Mend

@stackwright-pro/auth 0.2.0-alpha.13 → 0.2.0-alpha.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,8 +1,6 @@
-import { AuthProvider as AuthProvider$1, PKIConfig, AuthContext as AuthContext$1, AuthUser, AuthSession, OIDCConfig, RBACConfig, ComponentAuthConfig, CertRevocationConfig } from '@stackwright-pro/types';
+import { AuthProvider, PKIConfig, AuthContext, AuthUser, AuthSession, OIDCConfig, RBACConfig, ComponentAuthConfig, CertRevocationConfig } from '@stackwright-pro/types';
 export { AuthConfig, AuthSession, AuthUser, CertRevocationConfig, ComponentAuthConfig, OIDCConfig, PKIConfig, RBACConfig, authConfigSchema, authSessionSchema, authUserSchema, componentAuthSchema, oidcConfigSchema, pkiConfigSchema, rbacConfigSchema } from '@stackwright-pro/types';
 import { X509Certificate } from '@peculiar/x509';
-import * as React from 'react';
-import React__default, { ReactNode, ReactElement } from 'react';
 /**
  * Authentication Audit Logging
@@ -107,12 +105,12 @@ declare function createAuditEvent(type: AuditEventType, outcome: 'success' | 'fa
  * - Pluggable audit logging for SIEM integration
  */
-declare class PKIProvider implements AuthProvider$1 {
+declare class PKIProvider implements AuthProvider {
     private config;
     private auditLogger?;
     private revocationChecker;
     constructor(config: PKIConfig, auditLogger?: AuditLogger);
-    authenticate(context: AuthContext$1): Promise<AuthUser | null>;
+    authenticate(context: AuthContext): Promise<AuthUser | null>;
     validate(session: AuthSession): Promise<boolean>;
     /**
      * Extract roles from certificate based on organizational units
@@ -160,7 +158,7 @@ interface AuthorizationRequest {
  * - Session refresh
  * - Provider-specific quirks (Keycloak, Cognito, etc.)
  */
-declare class OIDCProvider implements AuthProvider$1 {
+declare class OIDCProvider implements AuthProvider {
     private config;
     private metadata;
     private auditLogger?;
@@ -190,7 +188,7 @@ declare class OIDCProvider implements AuthProvider$1 {
      * @returns Authenticated user or null if no code present
      * @throws Error if state mismatch (CSRF) or token exchange/validation fails
      */
-    authenticate(context: AuthContext$1): Promise<AuthUser | null>;
+    authenticate(context: AuthContext): Promise<AuthUser | null>;
     /**
      * Validate session (check if token is still valid)
      *
@@ -771,92 +769,6 @@ declare class RBACEngine {
     private matchPath;
 }
-/**
- * Auth context value provided to component tree
- */
-interface AuthContextValue {
-    /**
-     * Currently authenticated user (null if not authenticated)
-     */
-    user: AuthUser | null;
-    /**
-     * Current session (null if not authenticated)
-     */
-    session: AuthSession | null;
-    /**
-     * Whether user is authenticated
-     */
-    isAuthenticated: boolean;
-    /**
-     * Whether auth is still loading
-     */
-    isLoading: boolean;
-    /**
-     * Check if user has a specific role
-     */
-    hasRole: (role: string) => boolean;
-    /**
-     * Check if user has a specific permission
-     */
-    hasPermission: (permission: string) => boolean;
-    /**
-     * Check if user has any of the specified roles
-     */
-    hasAnyRole: (roles: string[]) => boolean;
-    /**
-     * Check if user has all of the specified permissions
-     */
-    hasAllPermissions: (permissions: string[]) => boolean;
-}
-/**
- * Auth context - provides authentication state to components
- */
-declare const AuthContext: React.Context<AuthContextValue | null>;
-/**
- * Hook to access auth context
- * Throws error if used outside AuthProvider
- */
-declare function useAuth(): AuthContextValue;
-/**
- * Hook to require authentication
- * Returns null and logs warning if not authenticated
- */
-declare function useRequireAuth(): AuthContextValue | null;
-interface AuthProviderProps {
-    /**
-     * Current authenticated user (null if not authenticated)
-     */
-    user: AuthUser | null;
-    /**
-     * Current session (null if not authenticated)
-     */
-    session: AuthSession | null;
-    /**
-     * RBAC configuration for role/permission checking
-     */
-    rbacConfig: RBACConfig;
-    /**
-     * Whether auth is still loading
-     */
-    isLoading?: boolean;
-    /**
-     * Child components
-     */
-    children: ReactNode;
-}
-/**
- * AuthProvider - Provides authentication state to component tree
- *
- * @example
- * ```tsx
- * <AuthProvider user={user} session={session} rbacConfig={config}>
- *   <App />
- * </AuthProvider>
- * ```
- */
-declare function AuthProvider({ user, session, rbacConfig, isLoading, children, }: AuthProviderProps): ReactElement;
 /**
  * HMAC Header Signing for PKI Gateway Authentication
  *
@@ -1072,110 +984,4 @@ declare function createDoDCACConfig(overrides?: Partial<PKIConfig>): PKIConfig;
  */
 declare function createDoDCACDevConfig(): PKIConfig;
-/**
- * Props that any component wrapped with withAuth will receive
- */
-interface ComponentProps {
-    id?: string;
-    [key: string]: any;
-}
-/**
- * Higher-order component that wraps a component with authentication checks
- *
- * @example
- * ```tsx
- * const ProtectedButton = withAuth(Button, {
- *   required_roles: ['ADMIN'],
- *   fallback: 'message',
- *   fallback_message: 'Only admins can see this button'
- * });
- * ```
- *
- * @param Component - The component to wrap
- * @param authConfig - Authentication requirements from YAML
- * @returns Wrapped component with auth enforcement
- */
-declare function withAuth<P extends ComponentProps>(Component: React__default.ComponentType<P>, authConfig?: ComponentAuthConfig): React__default.ComponentType<P>;
-/**
- * Custom fallback component (for advanced use cases)
- */
-declare function withAuthFallback<P extends ComponentProps>(Component: React__default.ComponentType<P>, authConfig: ComponentAuthConfig, FallbackComponent: React__default.ComponentType<any>): React__default.ComponentType<P>;
-/**
- * Register the auth decorator for use by content renderers
- *
- * This should be called once in your app's initialization (e.g., _app.tsx)
- * to enable auth-aware component rendering.
- *
- * @example
- * ```tsx
- * // In pages/_app.tsx
- * import { registerAuthDecorator } from '@stackwright-pro/auth';
- *
- * registerAuthDecorator();
- *
- * function MyApp({ Component, pageProps }: AppProps) {
- *   return (
- *     <AuthProvider {...authProps}>
- *       <Component {...pageProps} />
- *     </AuthProvider>
- *   );
- * }
- * ```
- */
-declare function registerAuthDecorator(): void;
-/**
- * Get the registered auth decorator (for use by content renderers)
- *
- * Returns null if auth is not registered, allowing graceful degradation.
- * This is the function that OSS core would call to check if auth is available.
- *
- * @returns The withAuth decorator function, or null if not registered
- */
-declare function getAuthDecorator(): typeof withAuth | null;
-/**
- * Wrap a component with auth if decorator is registered and config exists
- *
- * This is a safe wrapper that OSS packages can use without depending on auth.
- * If auth is not registered, returns the original component unchanged.
- * If auth config is missing/undefined, returns the original component unchanged.
- *
- * @example
- * ```tsx
- * // In content renderer (can live in OSS core!)\n * function renderContentItem(item: ContentItem) {
- *   const Component = getComponentFromRegistry(item.type);
- *
- *   // Apply auth if available
- *   const WrappedComponent = maybeWrapWithAuth(Component, item.auth);
- *
- *   return <WrappedComponent {...item} />;
- * }
- * ```
- *
- * @param Component - Component to wrap
- * @param authConfig - Auth configuration from YAML (optional)
- * @returns Wrapped component if auth is registered, original component otherwise
- */
-declare function maybeWrapWithAuth<P extends {
-    id?: string;
-    [key: string]: any;
-}>(Component: React__default.ComponentType<P>, authConfig?: ComponentAuthConfig): React__default.ComponentType<P>;
-/**
- * Type guard to check if content item has auth config
- *
- * Useful for conditionally applying auth in renderers without
- * needing to import auth types.
- *
- * @example
- * ```tsx
- * if (hasAuthConfig(item)) {
- *   // TypeScript knows item.auth exists
- *   WrappedComponent = maybeWrapWithAuth(Component, item.auth);
- * }
- * ```
- */
-declare function hasAuthConfig(item: any): item is {
-    auth: ComponentAuthConfig;
-};
-export { type AuditEvent, AuditEventType, type AuditLogger, AuthContext, type AuthContextValue, AuthProvider, type AuthProviderProps, type AuthorizationRequest, type BuildAuthorizationUrlOptions, CRLRevocationChecker, type CertRevocationChecker, type ComponentProps, CompositeAuditLogger, CompositeRevocationChecker, ConsoleAuditLogger, type CookieOptions, DOD_CAC_PROFILE, type HeaderSigningConfig, InMemoryRevocationStore, KeycloakAdapter, NoopAuditLogger, OCSPRevocationChecker, type OIDCMetadata, OIDCProvider, PKIProvider, type ParsedCertificate, RBACEngine, RevocationCache, type RevocationInput, type RevocationStatus, type RevocationStore, SessionManager, type SessionManagerConfig, SkipRevocationChecker, type TokenSet, buildAuthorizationUrl, clearCookie, createAuditEvent, createDoDCACConfig, createDoDCACDevConfig, createRevocationChecker, decryptToken, deriveEncryptionKey, discoverOIDC, encryptToken, exchangeCodeForTokens, extractEDIPI, generateCodeChallenge, generateCodeVerifier, generateJti, generateNonce, generateState, getAuthDecorator, hasAuthConfig, maybeWrapWithAuth, normalizeSerial, parseCertFromHeaders, parseCertificate, parseCookies, refreshAccessToken, registerAuthDecorator, serializeCookie, signCertHeaders, useAuth, useRequireAuth, validateDoDCAC, validateIdToken, verifyCertHeaders, verifyState, withAuth, withAuthFallback };
+export { type AuditEvent, AuditEventType, type AuditLogger, type AuthorizationRequest, type BuildAuthorizationUrlOptions, CRLRevocationChecker, type CertRevocationChecker, CompositeAuditLogger, CompositeRevocationChecker, ConsoleAuditLogger, type CookieOptions, DOD_CAC_PROFILE, type HeaderSigningConfig, InMemoryRevocationStore, KeycloakAdapter, NoopAuditLogger, OCSPRevocationChecker, type OIDCMetadata, OIDCProvider, PKIProvider, type ParsedCertificate, RBACEngine, RevocationCache, type RevocationInput, type RevocationStatus, type RevocationStore, SessionManager, type SessionManagerConfig, SkipRevocationChecker, type TokenSet, buildAuthorizationUrl, clearCookie, createAuditEvent, createDoDCACConfig, createDoDCACDevConfig, createRevocationChecker, decryptToken, deriveEncryptionKey, discoverOIDC, encryptToken, exchangeCodeForTokens, extractEDIPI, generateCodeChallenge, generateCodeVerifier, generateJti, generateNonce, generateState, normalizeSerial, parseCertFromHeaders, parseCertificate, parseCookies, refreshAccessToken, serializeCookie, signCertHeaders, validateDoDCAC, validateIdToken, verifyCertHeaders, verifyState };

package/dist/index.js CHANGED Viewed

@@ -5,8 +5,6 @@ var types = require('@stackwright-pro/types');
 var x509 = require('@peculiar/x509');
 var crypto3 = require('crypto');
 var jose3 = require('jose');
-var react = require('react');
-var jsxRuntime = require('react/jsx-runtime');
 function _interopNamespace(e) {
   if (e && e.__esModule) return e;
@@ -1716,57 +1714,6 @@ var RBACEngine = class {
     return regex.test(path);
   }
 };
-var AuthContext = react.createContext(null);
-function useAuth() {
-  const context = react.useContext(AuthContext);
-  if (!context) {
-    throw new Error("useAuth must be used within AuthProvider");
-  }
-  return context;
-}
-function useRequireAuth() {
-  const auth = useAuth();
-  if (!auth.isAuthenticated) {
-    console.warn("useRequireAuth: User is not authenticated");
-    return null;
-  }
-  return auth;
-}
-function AuthProvider({
-  user,
-  session,
-  rbacConfig,
-  isLoading = false,
-  children
-}) {
-  const rbac = react.useMemo(() => new RBACEngine(rbacConfig), [rbacConfig]);
-  const value = react.useMemo(
-    () => ({
-      user,
-      session,
-      isAuthenticated: user !== null,
-      isLoading,
-      hasRole: (role) => {
-        if (!user) return false;
-        return rbac.hasRole(user, role);
-      },
-      hasPermission: (permission) => {
-        if (!user) return false;
-        return rbac.hasPermission(user, permission);
-      },
-      hasAnyRole: (roles) => {
-        if (!user) return false;
-        return rbac.hasAnyRole(user, roles);
-      },
-      hasAllPermissions: (permissions) => {
-        if (!user) return false;
-        return rbac.hasAllPermissions(user, permissions);
-      }
-    }),
-    [user, session, isLoading, rbac]
-  );
-  return /* @__PURE__ */ jsxRuntime.jsx(AuthContext.Provider, { value, children });
-}
 // src/profiles/dod-cac.ts
 var DOD_CAC_PROFILE = {
@@ -1840,137 +1787,6 @@ function createDoDCACDevConfig() {
     allowedIssuers: void 0
   };
 }
-var FallbackComponents = {
-  /**
-   * Hide component (render nothing)
-   */
-  hide: () => null,
-  /**
-   * Show placeholder message
-   */
-  placeholder: ({ className }) => /* @__PURE__ */ jsxRuntime.jsx(
-    "div",
-    {
-      className: className || "auth-placeholder",
-      style: {
-        padding: "1rem",
-        border: "1px dashed #ccc",
-        borderRadius: "4px",
-        color: "#666",
-        fontStyle: "italic",
-        textAlign: "center"
-      },
-      children: "Content requires authorization"
-    }
-  ),
-  /**
-   * Show custom message
-   */
-  message: ({ message, className }) => /* @__PURE__ */ jsxRuntime.jsx(
-    "div",
-    {
-      className: className || "auth-message",
-      style: {
-        padding: "1rem",
-        border: "1px solid #f0ad4e",
-        borderRadius: "4px",
-        backgroundColor: "#fcf8e3",
-        color: "#8a6d3b"
-      },
-      children: message || "Unauthorized"
-    }
-  )
-};
-function withAuth(Component, authConfig) {
-  if (!authConfig) {
-    return Component;
-  }
-  const WrappedComponent = (props) => {
-    const auth = useAuth();
-    if (authConfig.required_roles && authConfig.required_roles.length > 0) {
-      if (!auth.hasAnyRole(authConfig.required_roles)) {
-        return renderFallback(authConfig);
-      }
-    }
-    if (authConfig.required_permissions && authConfig.required_permissions.length > 0) {
-      if (!auth.hasAllPermissions(authConfig.required_permissions)) {
-        return renderFallback(authConfig);
-      }
-    }
-    return /* @__PURE__ */ jsxRuntime.jsx(Component, { ...props });
-  };
-  const componentName = Component.displayName || Component.name || "Component";
-  WrappedComponent.displayName = `withAuth(${componentName})`;
-  return WrappedComponent;
-}
-function renderFallback(authConfig) {
-  const fallbackType = authConfig.fallback || "hide";
-  switch (fallbackType) {
-    case "hide":
-      return FallbackComponents.hide();
-    case "placeholder":
-      return FallbackComponents.placeholder({});
-    case "message":
-      return FallbackComponents.message({
-        message: authConfig.fallback_message
-      });
-    default:
-      return null;
-  }
-}
-function withAuthFallback(Component, authConfig, FallbackComponent) {
-  const WrappedComponent = (props) => {
-    const auth = useAuth();
-    const isAuthorized = checkAuthorization(auth, authConfig);
-    if (!isAuthorized) {
-      return /* @__PURE__ */ jsxRuntime.jsx(FallbackComponent, {});
-    }
-    return /* @__PURE__ */ jsxRuntime.jsx(Component, { ...props });
-  };
-  const componentName = Component.displayName || Component.name || "Component";
-  WrappedComponent.displayName = `withAuthFallback(${componentName})`;
-  return WrappedComponent;
-}
-function checkAuthorization(auth, authConfig) {
-  if (authConfig.required_roles && authConfig.required_roles.length > 0) {
-    if (!auth.hasAnyRole(authConfig.required_roles)) {
-      return false;
-    }
-  }
-  if (authConfig.required_permissions && authConfig.required_permissions.length > 0) {
-    if (!auth.hasAllPermissions(authConfig.required_permissions)) {
-      return false;
-    }
-  }
-  return true;
-}
-// src/registration.ts
-var authDecoratorRegistry = {
-  decorator: null
-};
-function registerAuthDecorator() {
-  authDecoratorRegistry.decorator = withAuth;
-  if (typeof window !== "undefined" && window.__STACKWRIGHT_DEBUG__) {
-    console.log("\u{1F510} Auth decorator registered");
-  }
-}
-function getAuthDecorator() {
-  return authDecoratorRegistry.decorator;
-}
-function maybeWrapWithAuth(Component, authConfig) {
-  const decorator = getAuthDecorator();
-  if (!decorator || !authConfig) {
-    return Component;
-  }
-  return decorator(Component, authConfig);
-}
-function hasAuthConfig(item) {
-  if (!item || typeof item !== "object") {
-    return false;
-  }
-  return "auth" in item;
-}
 Object.defineProperty(exports, "authConfigSchema", {
   enumerable: true,
@@ -2001,8 +1817,6 @@ Object.defineProperty(exports, "rbacConfigSchema", {
   get: function () { return types.rbacConfigSchema; }
 });
 exports.AuditEventType = AuditEventType;
-exports.AuthContext = AuthContext;
-exports.AuthProvider = AuthProvider;
 exports.CRLRevocationChecker = CRLRevocationChecker;
 exports.CompositeAuditLogger = CompositeAuditLogger;
 exports.CompositeRevocationChecker = CompositeRevocationChecker;
@@ -2035,24 +1849,16 @@ exports.generateCodeVerifier = generateCodeVerifier;
 exports.generateJti = generateJti;
 exports.generateNonce = generateNonce;
 exports.generateState = generateState;
-exports.getAuthDecorator = getAuthDecorator;
-exports.hasAuthConfig = hasAuthConfig;
-exports.maybeWrapWithAuth = maybeWrapWithAuth;
 exports.normalizeSerial = normalizeSerial;
 exports.parseCertFromHeaders = parseCertFromHeaders;
 exports.parseCertificate = parseCertificate;
 exports.parseCookies = parseCookies;
 exports.refreshAccessToken = refreshAccessToken;
-exports.registerAuthDecorator = registerAuthDecorator;
 exports.serializeCookie = serializeCookie;
 exports.signCertHeaders = signCertHeaders;
-exports.useAuth = useAuth;
-exports.useRequireAuth = useRequireAuth;
 exports.validateDoDCAC = validateDoDCAC;
 exports.validateIdToken = validateIdToken;
 exports.verifyCertHeaders = verifyCertHeaders;
 exports.verifyState = verifyState;
-exports.withAuth = withAuth;
-exports.withAuthFallback = withAuthFallback;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map