@stonyx/oauth 0.1.1-beta.5 → 0.1.1-beta.51

package/src/{auth-request.js → auth-request.ts}

@@ -1,14 +1,34 @@
 import { Request } from '@stonyx/rest-server';
 
+interface OAuthInstance {
+  frontendCallbackUrl?: string;
+  getSession(sessionId: string): unknown;
+  getAuthorizationUrl(providerName: string): string;
+  handleCallback(providerName: string, code: string, stateToken: string): Promise<{ sessionId: string; expiresAt: number }>;
+  logout(sessionId: string): void;
+}
+
+interface RouteRequest {
+  headers: Record<string, string | undefined>;
+  params: Record<string, string>;
+  query: Record<string, string>;
+}
+
+interface RouteState {
+  redirect?: string;
+}
+
 export default class AuthRequest extends Request {
-  constructor(oauth) {
+  oauth: OAuthInstance;
+
+  constructor(oauth: OAuthInstance) {
     super();
     this.oauth = oauth;
   }
 
   handlers = {
     get: {
-      '/': ({ headers }) => {
+      '/': ({ headers }: RouteRequest) => {
         const sessionId = headers['session-id'];
         if (!sessionId) return 401;
 
@@ -18,7 +38,7 @@ export default class AuthRequest extends Request {
         return user;
       },
 
-      '/login/:provider': (req, state) => {
+      '/login/:provider': (req: RouteRequest, state: RouteState) => {
         const { provider: providerName } = req.params;
 
         try {
@@ -29,7 +49,7 @@ export default class AuthRequest extends Request {
         }
       },
 
-      '/callback/:provider': async (req, state) => {
+      '/callback/:provider': async (req: RouteRequest, state: RouteState) => {
         const { provider: providerName } = req.params;
         const { code, state: stateToken, error } = req.query;
 
@@ -49,7 +69,7 @@ export default class AuthRequest extends Request {
           if (this.oauth.frontendCallbackUrl) {
             const params = new URLSearchParams({
               sessionId: session.sessionId,
-              expiresAt: session.expiresAt,
+              expiresAt: String(session.expiresAt),
             });
             state.redirect = `${this.oauth.frontendCallbackUrl}?${params}`;
             return;
@@ -65,7 +85,7 @@ export default class AuthRequest extends Request {
         }
       },
 
-      '/logout': ({ headers }) => {
+      '/logout': ({ headers }: RouteRequest) => {
         const sessionId = headers['session-id'];
         if (sessionId) this.oauth.logout(sessionId);
       },

package/src/{main.js → main.ts}

@@ -1,22 +1,41 @@
 import config from 'stonyx/config';
 import log from 'stonyx/log';
 import { waitForModule } from 'stonyx';
+import { setup, emit } from '@stonyx/events';
 import RestServer from '@stonyx/rest-server';
 import TokenManager from './token-manager.js';
 import SessionManager from './session-manager.js';
 import AuthRequest from './auth-request.js';
+import type OAuthFlow from './oauth-flow.js';
+
+setup(['authenticate']);
+
+interface ProviderEntry {
+  flow: OAuthFlow;
+  tokenManager: TokenManager;
+}
+
+interface ProviderConfig {
+  module?: string;
+  [key: string]: unknown;
+}
 
 export default class OAuth {
-  providers = new Map();
-  pendingStates = new Map();
+  static instance: OAuth | null;
+
+  providers = new Map<string, ProviderEntry>();
+  pendingStates = new Map<string, number>();
+  sessionManager!: SessionManager;
+  frontendCallbackUrl?: string;
 
   constructor() {
     if (OAuth.instance) return OAuth.instance;
     OAuth.instance = this;
   }
 
-  async init() {
-    const { providers, sessionDuration, frontendCallbackUrl } = config.oauth;
+  async init(): Promise<void> {
+    const oauthConfig = config.oauth;
+    const { providers, sessionDuration, frontendCallbackUrl } = oauthConfig;
     this.frontendCallbackUrl = frontendCallbackUrl;
 
     for (const [name, providerConfig] of Object.entries(providers)) {
@@ -24,7 +43,7 @@ export default class OAuth {
         ? `${config.rootPath}/${providerConfig.module}`
         : `./providers/${name}.js`;
       const { default: Provider } = await import(modulePath);
-      const flow = new Provider(providerConfig);
+      const flow: OAuthFlow = new Provider(providerConfig);
       this.providers.set(name, { flow, tokenManager: new TokenManager(flow) });
     }
 
@@ -36,25 +55,26 @@ export default class OAuth {
     log.oauth?.('OAuth module initialized');
   }
 
-  getProvider(name) {
+  getProvider(name: string): ProviderEntry {
     const provider = this.providers.get(name);
     if (!provider) throw new Error(`OAuth provider "${name}" is not configured`);
     return provider;
   }
 
-  getAuthorizationUrl(providerName) {
+  getAuthorizationUrl(providerName: string): string {
     const { flow } = this.getProvider(providerName);
     const stateToken = crypto.randomUUID();
     this.pendingStates.set(stateToken, Date.now());
     return flow.buildAuthorizationUrl(stateToken);
   }
 
-  async handleCallback(providerName, code, stateToken) {
+  async handleCallback(providerName: string, code: string, stateToken: string) {
     if (!stateToken || !this.pendingStates.has(stateToken)) {
       throw new Error('Invalid or missing state token');
     }
 
     const stateCreatedAt = this.pendingStates.get(stateToken);
+    if (stateCreatedAt === undefined) throw new Error('State token not found in pending states');
     this.pendingStates.delete(stateToken);
 
     const TEN_MINUTES = 10 * 60 * 1000;
@@ -66,14 +86,15 @@ export default class OAuth {
     const tokens = await tokenManager.getTokens(code);
     const rawUser = await flow.fetchUserInfo(tokens.accessToken);
     const user = flow.normalizeUser(rawUser);
+    await emit('authenticate', user);
     return this.sessionManager.create(user, tokens);
   }
 
-  getSession(sessionId) {
+  getSession(sessionId: string) {
     return this.sessionManager.validate(sessionId);
   }
 
-  logout(sessionId) {
+  logout(sessionId: string): void {
     this.sessionManager.destroy(sessionId);
   }
 }

package/src/{oauth-flow.js → oauth-flow.ts}

@@ -1,5 +1,29 @@
+export interface OAuthConfig {
+  clientId: string;
+  clientSecret: string;
+  redirectUri: string;
+  scopes?: string[];
+  authorizationUrl: string;
+  tokenUrl: string;
+  userInfoUrl: string;
+}
+
+export interface TokenResult {
+  accessToken: string;
+  refreshToken: string | null;
+  expiresIn: number;
+}
+
 export default class OAuthFlow {
-  constructor({ clientId, clientSecret, redirectUri, scopes, authorizationUrl, tokenUrl, userInfoUrl }) {
+  clientId: string;
+  clientSecret: string;
+  redirectUri: string;
+  scopes: string[];
+  authorizationUrl: string;
+  tokenUrl: string;
+  userInfoUrl: string;
+
+  constructor({ clientId, clientSecret, redirectUri, scopes, authorizationUrl, tokenUrl, userInfoUrl }: OAuthConfig) {
     this.clientId = clientId;
     this.clientSecret = clientSecret;
     this.redirectUri = redirectUri;
@@ -9,7 +33,7 @@ export default class OAuthFlow {
     this.userInfoUrl = userInfoUrl;
   }
 
-  buildAuthorizationUrl(stateToken) {
+  buildAuthorizationUrl(stateToken: string): string {
     const params = new URLSearchParams({
       client_id: this.clientId,
       redirect_uri: this.redirectUri,
@@ -21,7 +45,7 @@ export default class OAuthFlow {
     return `${this.authorizationUrl}?${params.toString()}`;
   }
 
-  async exchangeCode(code) {
+  async exchangeCode(code: string): Promise<TokenResult> {
     const response = await fetch(this.tokenUrl, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
@@ -45,7 +69,7 @@ export default class OAuthFlow {
     };
   }
 
-  async refreshAccessToken(refreshToken) {
+  async refreshAccessToken(refreshToken: string): Promise<TokenResult> {
     const response = await fetch(this.tokenUrl, {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
@@ -68,7 +92,7 @@ export default class OAuthFlow {
     };
   }
 
-  async fetchUserInfo(accessToken) {
+  async fetchUserInfo(accessToken: string): Promise<unknown> {
     const response = await fetch(this.userInfoUrl, {
       headers: { Authorization: `Bearer ${accessToken}` },
     });
@@ -78,11 +102,11 @@ export default class OAuthFlow {
     return response.json();
   }
 
-  normalizeUser(rawUser) {
+  normalizeUser(rawUser: unknown): unknown {
     return { raw: rawUser };
   }
 
-  async revokeToken(_accessToken) {
+  async revokeToken(_accessToken: string): Promise<void> {
     // Optional — providers override if supported
   }
 }

package/src/providers/{discord.js → discord.ts}

@@ -1,7 +1,33 @@
 import OAuthFlow from '../oauth-flow.js';
+import type { TokenResult } from '../oauth-flow.js';
+
+interface DiscordProviderConfig {
+  clientId: string;
+  clientSecret: string;
+  redirectUri: string;
+  scopes?: string[];
+  [key: string]: unknown;
+}
+
+interface DiscordUser {
+  id: string;
+  username: string;
+  global_name?: string;
+  avatar: string | null;
+  email?: string | null;
+}
+
+interface NormalizedDiscordUser {
+  id: string;
+  username: string;
+  displayName: string;
+  avatar: string | null;
+  email: string | null;
+  raw: DiscordUser;
+}
 
 export default class DiscordProvider extends OAuthFlow {
-  constructor(config) {
+  constructor(config: DiscordProviderConfig) {
     super({
       ...config,
       authorizationUrl: 'https://discord.com/oauth2/authorize',
@@ -10,7 +36,7 @@ export default class DiscordProvider extends OAuthFlow {
     });
   }
 
-  async exchangeCode(code) {
+  async exchangeCode(code: string): Promise<TokenResult> {
     const response = await fetch(this.tokenUrl, {
       method: 'POST',
       headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
@@ -34,7 +60,7 @@ export default class DiscordProvider extends OAuthFlow {
     };
   }
 
-  normalizeUser(rawUser) {
+  override normalizeUser(rawUser: DiscordUser): NormalizedDiscordUser {
     const { id, username, global_name, avatar, email } = rawUser;
 
     return {

package/src/{session-manager.js → session-manager.ts}

@@ -1,13 +1,26 @@
 import { randomUUID } from 'node:crypto';
 
+interface SessionData {
+  user: unknown;
+  tokens: unknown;
+  expiresAt: number;
+}
+
+export interface SessionResult {
+  sessionId: string;
+  user: unknown;
+  expiresAt: number;
+}
+
 export default class SessionManager {
-  sessions = new Map();
+  sessions = new Map<string, SessionData>();
+  duration: number;
 
-  constructor(duration) {
+  constructor(duration: number) {
     this.duration = duration;
   }
 
-  create(user, tokens) {
+  create(user: unknown, tokens: unknown): SessionResult {
     const sessionId = randomUUID();
     const expiresAt = Date.now() + (this.duration * 1000);
 
@@ -16,15 +29,15 @@ export default class SessionManager {
     return { sessionId, user, expiresAt };
   }
 
-  get(sessionId) {
+  get(sessionId: string): SessionData | null {
     return this.sessions.get(sessionId) || null;
   }
 
-  destroy(sessionId) {
+  destroy(sessionId: string): void {
     this.sessions.delete(sessionId);
   }
 
-  validate(sessionId) {
+  validate(sessionId: string): unknown {
     const session = this.get(sessionId);
     if (!session) return null;
 

package/src/token-manager.ts

@@ -0,0 +1,35 @@
+import type OAuthFlow from './oauth-flow.js';
+import type { TokenResult } from './oauth-flow.js';
+
+export interface TokenData extends TokenResult {
+  expiresAt: number;
+}
+
+export default class TokenManager {
+  flow: OAuthFlow;
+
+  constructor(flow: OAuthFlow) {
+    this.flow = flow;
+  }
+
+  async getTokens(code: string): Promise<TokenData> {
+    const tokens = await this.flow.exchangeCode(code) as TokenData;
+    tokens.expiresAt = Date.now() + (tokens.expiresIn * 1000);
+    return tokens;
+  }
+
+  async refresh(refreshToken: string): Promise<TokenData> {
+    const tokens = await this.flow.refreshAccessToken(refreshToken) as TokenData;
+    tokens.expiresAt = Date.now() + (tokens.expiresIn * 1000);
+    return tokens;
+  }
+
+  async revoke(accessToken: string): Promise<void> {
+    return this.flow.revokeToken(accessToken);
+  }
+
+  isExpired(tokenData: { expiresAt?: number } | null | undefined): boolean {
+    if (!tokenData?.expiresAt) return true;
+    return Date.now() >= tokenData.expiresAt;
+  }
+}

package/src/types/node.d.ts

@@ -0,0 +1,3 @@
+declare module 'node:crypto' {
+  export function randomUUID(): string;
+}

package/src/types/stonyx-events.d.ts

@@ -0,0 +1,4 @@
+declare module '@stonyx/events' {
+  export function setup(events: string[]): void;
+  export function emit(event: string, ...args: unknown[]): Promise<void>;
+}

package/src/types/stonyx-rest-server.d.ts

@@ -0,0 +1,11 @@
+declare module '@stonyx/rest-server' {
+  export class Request {
+    constructor();
+  }
+
+  export default class RestServer {
+    static instance: RestServer;
+    static close(): void;
+    mountRoute(RequestClass: unknown, options: { name: string; options?: unknown }): void;
+  }
+}

package/src/types/stonyx.d.ts

@@ -0,0 +1,30 @@
+declare module 'stonyx/config' {
+  interface OAuthConfig {
+    providers: Record<string, { module?: string; [key: string]: unknown }>;
+    sessionDuration: number;
+    frontendCallbackUrl?: string;
+  }
+  interface Config {
+    oauth: OAuthConfig;
+    rootPath: string;
+    [key: string]: unknown;
+  }
+  const config: Config;
+  export default config;
+}
+
+declare module 'stonyx/log' {
+  const log: Record<string, ((...args: unknown[]) => void) | undefined>;
+  export default log;
+}
+
+declare module 'stonyx' {
+  export function waitForModule(name: string): Promise<void>;
+}
+
+declare module 'stonyx/test-helpers' {
+  export function setupIntegrationTests(hooks: {
+    before(fn: () => void | Promise<void>): void;
+    after(fn: () => void | Promise<void>): void;
+  }): void;
+}

package/.github/workflows/ci.yml

@@ -1,16 +0,0 @@
-name: CI
-
-on:
-  pull_request:
-    branches: [dev, main]
-
-concurrency:
-  group: ci-${{ github.head_ref || github.ref }}
-  cancel-in-progress: true
-
-permissions:
-  contents: read
-
-jobs:
-  test:
-    uses: abofs/stonyx-workflows/.github/workflows/ci.yml@main

package/.github/workflows/publish.yml

@@ -1,51 +0,0 @@
-name: Publish to NPM
-
-on:
-  repository_dispatch:
-    types: [cascade-publish]
-  workflow_dispatch:
-    inputs:
-      version-type:
-        description: 'Version type'
-        required: true
-        type: choice
-        options:
-          - patch
-          - minor
-          - major
-      custom-version:
-        description: 'Custom version (optional, overrides version-type)'
-        required: false
-        type: string
-  pull_request:
-    types: [opened, synchronize, reopened]
-    branches: [main]
-  push:
-    branches: [main]
-
-concurrency:
-  group: ${{ github.event_name == 'repository_dispatch' && 'cascade-update' || format('publish-{0}', github.ref) }}
-  cancel-in-progress: false
-
-permissions:
-  contents: write
-  id-token: write
-  pull-requests: write
-
-jobs:
-  publish:
-    if: "!contains(github.event.head_commit.message, '[skip ci]')"
-    uses: abofs/stonyx-workflows/.github/workflows/npm-publish.yml@main
-    with:
-      version-type: ${{ github.event.inputs.version-type }}
-      custom-version: ${{ github.event.inputs.custom-version }}
-      cascade-source: ${{ github.event.client_payload.source_package || '' }}
-    secrets: inherit
-
-  cascade:
-    needs: publish
-    uses: abofs/stonyx-workflows/.github/workflows/cascade.yml@main
-    with:
-      package-name: ${{ needs.publish.outputs.package-name }}
-      published-version: ${{ needs.publish.outputs.published-version }}
-    secrets: inherit

package/src/token-manager.js

@@ -1,26 +0,0 @@
-export default class TokenManager {
-  constructor(flow) {
-    this.flow = flow;
-  }
-
-  async getTokens(code) {
-    const tokens = await this.flow.exchangeCode(code);
-    tokens.expiresAt = Date.now() + (tokens.expiresIn * 1000);
-    return tokens;
-  }
-
-  async refresh(refreshToken) {
-    const tokens = await this.flow.refreshAccessToken(refreshToken);
-    tokens.expiresAt = Date.now() + (tokens.expiresIn * 1000);
-    return tokens;
-  }
-
-  async revoke(accessToken) {
-    return this.flow.revokeToken(accessToken);
-  }
-
-  isExpired(tokenData) {
-    if (!tokenData?.expiresAt) return true;
-    return Date.now() >= tokenData.expiresAt;
-  }
-}

package/test/config/environment.js

@@ -1,18 +0,0 @@
-export default {
-  restServer: {
-    dir: './test/sample/requests',
-  },
-  oauth: {
-    providers: {
-      mock: {
-        clientId: 'test-client-id',
-        clientSecret: 'test-client-secret',
-        redirectUri: 'http://localhost:2666/auth/callback/mock',
-        scopes: ['identify'],
-        module: './test/sample/providers/mock.js',
-      }
-    },
-    sessionDuration: 3600,
-    frontendCallbackUrl: 'http://localhost:4200/auth/callback',
-  }
-};