@sudobility/auth_lib 0.0.12 → 0.0.14

package/dist/admin/index.d.ts

@@ -1,5 +1,9 @@
 /**
  * @fileoverview Admin utilities exports
+ *
+ * Re-exports admin utilities from @sudobility/types for backwards compatibility.
+ * These utilities are now defined in @sudobility/types to be shared between
+ * frontend (auth_lib) and backend (auth_service) packages.
  */
-export { parseAdminEmails, isAdminEmail, createAdminChecker, } from './admin-emails';
+export { parseAdminEmails, isAdminEmail, createAdminChecker, } from '@sudobility/types';
 //# sourceMappingURL=index.d.ts.map

package/dist/admin/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/admin/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,GACnB,MAAM,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/admin/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,GACnB,MAAM,mBAAmB,CAAC"}

package/dist/admin/index.js

@@ -1,4 +1,8 @@
 /**
  * @fileoverview Admin utilities exports
+ *
+ * Re-exports admin utilities from @sudobility/types for backwards compatibility.
+ * These utilities are now defined in @sudobility/types to be shared between
+ * frontend (auth_lib) and backend (auth_service) packages.
  */
-export { parseAdminEmails, isAdminEmail, createAdminChecker, } from './admin-emails';
+export { parseAdminEmails, isAdminEmail, createAdminChecker, } from '@sudobility/types';

package/dist/hooks/index.d.ts

@@ -2,4 +2,5 @@
  * @fileoverview Hooks exports
  */
 export { useFirebaseAuthNetworkClient } from './useFirebaseAuthNetworkClient';
+export { useSiteAdmin, siteAdminQueryKey, type UseSiteAdminOptions, type UseSiteAdminResult, type UserInfoResponse, } from './useSiteAdmin';
 //# sourceMappingURL=index.d.ts.map

package/dist/hooks/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hooks/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hooks/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AAE9E,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,GACtB,MAAM,gBAAgB,CAAC"}

package/dist/hooks/index.js

@@ -2,3 +2,4 @@
  * @fileoverview Hooks exports
  */
 export { useFirebaseAuthNetworkClient } from './useFirebaseAuthNetworkClient';
+export { useSiteAdmin, siteAdminQueryKey, } from './useSiteAdmin';

package/dist/hooks/useSiteAdmin.d.ts

@@ -0,0 +1,67 @@
+/**
+ * @fileoverview Hook to check if the current user is a site admin.
+ *
+ * Fetches user info from the backend API and caches the result using TanStack Query.
+ * This provides a single source of truth for site admin status from the backend.
+ */
+import type { NetworkClient, UserInfoResponse } from '@sudobility/types';
+export type { UserInfoResponse } from '@sudobility/types';
+/**
+ * Options for useSiteAdmin hook
+ */
+export interface UseSiteAdminOptions {
+    /** Network client for making API requests */
+    networkClient: NetworkClient;
+    /** Base URL of the API (e.g., "https://api.example.com/api/v1") */
+    baseUrl: string;
+    /** Firebase user ID */
+    userId: string | undefined;
+    /** Firebase ID token for authentication */
+    token: string | undefined;
+    /** Cache time in milliseconds (default: 5 minutes) */
+    staleTime?: number;
+    /** Whether to enable the query (default: true when userId and token are provided) */
+    enabled?: boolean;
+}
+/**
+ * Return type for useSiteAdmin hook
+ */
+export interface UseSiteAdminResult {
+    /** Whether the user is a site admin */
+    isSiteAdmin: boolean;
+    /** Full user info from the API */
+    userInfo: UserInfoResponse | null;
+    /** Whether the query is loading */
+    isLoading: boolean;
+    /** Whether the query has an error */
+    isError: boolean;
+    /** Error object if query failed */
+    error: Error | null;
+    /** Refetch the user info */
+    refetch: () => void;
+}
+/**
+ * Query key for site admin queries
+ */
+export declare const siteAdminQueryKey: (userId: string) => readonly ["siteAdmin", string];
+/**
+ * Hook to check if the current user is a site admin.
+ *
+ * Fetches user info from the backend /users/:userId endpoint and caches the result.
+ * The backend is the single source of truth for site admin status.
+ *
+ * @example
+ * ```tsx
+ * const { isSiteAdmin, isLoading } = useSiteAdmin({
+ *   networkClient,
+ *   baseUrl: 'https://api.example.com/api/v1',
+ *   userId: user?.uid,
+ *   token: idToken,
+ * });
+ *
+ * if (isLoading) return <Loading />;
+ * if (isSiteAdmin) return <AdminPanel />;
+ * ```
+ */
+export declare function useSiteAdmin(options: UseSiteAdminOptions): UseSiteAdminResult;
+//# sourceMappingURL=useSiteAdmin.d.ts.map

package/dist/hooks/useSiteAdmin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useSiteAdmin.d.ts","sourceRoot":"","sources":["../../src/hooks/useSiteAdmin.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAGzE,YAAY,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAW1D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,6CAA6C;IAC7C,aAAa,EAAE,aAAa,CAAC;IAC7B,mEAAmE;IACnE,OAAO,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,2CAA2C;IAC3C,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1B,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qFAAqF;IACrF,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uCAAuC;IACvC,WAAW,EAAE,OAAO,CAAC;IACrB,kCAAkC;IAClC,QAAQ,EAAE,gBAAgB,GAAG,IAAI,CAAC;IAClC,mCAAmC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,qCAAqC;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,mCAAmC;IACnC,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;IACpB,4BAA4B;IAC5B,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAAI,QAAQ,MAAM,mCAChB,CAAC;AAEjC;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,kBAAkB,CAqD7E"}

package/dist/hooks/useSiteAdmin.js

@@ -0,0 +1,69 @@
+/**
+ * @fileoverview Hook to check if the current user is a site admin.
+ *
+ * Fetches user info from the backend API and caches the result using TanStack Query.
+ * This provides a single source of truth for site admin status from the backend.
+ */
+import { useQuery } from '@tanstack/react-query';
+/**
+ * Query key for site admin queries
+ */
+export const siteAdminQueryKey = (userId) => ['siteAdmin', userId];
+/**
+ * Hook to check if the current user is a site admin.
+ *
+ * Fetches user info from the backend /users/:userId endpoint and caches the result.
+ * The backend is the single source of truth for site admin status.
+ *
+ * @example
+ * ```tsx
+ * const { isSiteAdmin, isLoading } = useSiteAdmin({
+ *   networkClient,
+ *   baseUrl: 'https://api.example.com/api/v1',
+ *   userId: user?.uid,
+ *   token: idToken,
+ * });
+ *
+ * if (isLoading) return <Loading />;
+ * if (isSiteAdmin) return <AdminPanel />;
+ * ```
+ */
+export function useSiteAdmin(options) {
+    const { networkClient, baseUrl, userId, token, staleTime = 5 * 60 * 1000, // 5 minutes default
+    enabled, } = options;
+    const isEnabled = enabled ?? (!!userId && !!token);
+    const query = useQuery({
+        queryKey: siteAdminQueryKey(userId ?? ''),
+        queryFn: async () => {
+            if (!userId || !token) {
+                return null;
+            }
+            const url = `${baseUrl}/users/${userId}`;
+            const response = await networkClient.get(url, {
+                headers: {
+                    Authorization: `Bearer ${token}`,
+                    'Content-Type': 'application/json',
+                },
+            });
+            if (!response.ok || !response.data?.success || !response.data.data) {
+                // User not found or not authorized - not an admin
+                return null;
+            }
+            return response.data.data;
+        },
+        enabled: isEnabled,
+        staleTime,
+        // Retry once on failure (might be a transient network error)
+        retry: 1,
+        // Don't refetch on window focus for admin status
+        refetchOnWindowFocus: false,
+    });
+    return {
+        isSiteAdmin: query.data?.siteAdmin ?? false,
+        userInfo: query.data ?? null,
+        isLoading: query.isLoading,
+        isError: query.isError,
+        error: query.error,
+        refetch: query.refetch,
+    };
+}

package/dist/index.d.ts

@@ -9,6 +9,7 @@
 export { initializeFirebaseAuth, getFirebaseApp, getFirebaseAuth, getFirebaseConfig, isFirebaseConfigured, } from './config';
 export type { FirebaseConfig, FirebaseInitOptions, FirebaseInitResult, FirebaseAuthNetworkClientOptions, } from './config';
 export { useFirebaseAuthNetworkClient } from './hooks';
+export { useSiteAdmin, siteAdminQueryKey, type UseSiteAdminOptions, type UseSiteAdminResult, type UserInfoResponse, } from './hooks';
 export { getFirebaseErrorMessage, getFirebaseErrorCode, formatFirebaseError, isFirebaseAuthError, } from './utils';
 export { parseAdminEmails, isAdminEmail, createAdminChecker } from './admin';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,sBAAsB,EACtB,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,gCAAgC,GACjC,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,4BAA4B,EAAE,MAAM,SAAS,CAAC;AAGvD,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,sBAAsB,EACtB,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,cAAc,EACd,mBAAmB,EACnB,kBAAkB,EAClB,gCAAgC,GACjC,MAAM,UAAU,CAAC;AAGlB,OAAO,EAAE,4BAA4B,EAAE,MAAM,SAAS,CAAC;AAEvD,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,GACtB,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -10,6 +10,7 @@
 export { initializeFirebaseAuth, getFirebaseApp, getFirebaseAuth, getFirebaseConfig, isFirebaseConfigured, } from './config';
 // Hooks
 export { useFirebaseAuthNetworkClient } from './hooks';
+export { useSiteAdmin, siteAdminQueryKey, } from './hooks';
 // Utils
 export { getFirebaseErrorMessage, getFirebaseErrorCode, formatFirebaseError, isFirebaseAuthError, } from './utils';
 // Admin

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sudobility/auth_lib",
-  "version": "0.0.12",
+  "version": "0.0.14",
   "description": "Firebase authentication utilities with token refresh handling",
   "type": "module",
   "main": "./dist/index.js",
@@ -31,10 +31,13 @@
   "peerDependencies": {
     "react": "^19.2.3",
     "firebase": "^12.7.0",
-    "@sudobility/di": "^1.5.20",
-    "@sudobility/types": "^1.9.46"
+    "@sudobility/di": "^1.5.21",
+    "@sudobility/types": "^1.9.48",
+    "@tanstack/react-query": "^5.0.0"
   },
   "devDependencies": {
+    "@sudobility/types": "^1.9.48",
+    "@tanstack/react-query": "^5.80.7",
     "vitest": "^4.0.4",
     "@eslint/js": "^9.0.0",
     "@types/bun": "^1.2.8",

package/dist/admin/admin-emails.d.ts

@@ -1,56 +0,0 @@
-/**
- * @fileoverview Admin email whitelist utilities
- *
- * Provides functions for parsing and checking admin email whitelists,
- * typically used for bypassing rate limits and subscription checks.
- */
-/**
- * Parse admin emails from environment variable or string
- *
- * @param input - Comma-separated string of admin emails (e.g., "admin@example.com, other@example.com")
- * @returns Array of normalized (lowercase, trimmed) email addresses
- *
- * @example
- * ```typescript
- * const adminEmails = parseAdminEmails(process.env.ADMIN_EMAILS || "");
- * // Returns: ["admin@example.com", "other@example.com"]
- * ```
- */
-export declare function parseAdminEmails(input: string | undefined | null): string[];
-/**
- * Check if an email is in the admin whitelist
- *
- * @param email - Email address to check
- * @param adminEmails - Array of admin emails (from parseAdminEmails)
- * @returns True if the email is an admin
- *
- * @example
- * ```typescript
- * const adminEmails = parseAdminEmails(process.env.ADMIN_EMAILS || "");
- * if (isAdminEmail(user.email, adminEmails)) {
- *   // Skip rate limiting, subscription checks, etc.
- * }
- * ```
- */
-export declare function isAdminEmail(email: string | undefined | null, adminEmails: string[]): boolean;
-/**
- * Create a cached admin email checker
- *
- * Parses the admin emails once and returns a checker function.
- * Useful for middleware where you don't want to re-parse on every request.
- *
- * @param input - Comma-separated string of admin emails
- * @returns Function that checks if an email is an admin
- *
- * @example
- * ```typescript
- * const isAdmin = createAdminChecker(process.env.ADMIN_EMAILS);
- *
- * // In middleware:
- * if (isAdmin(user.email)) {
- *   // Bypass checks
- * }
- * ```
- */
-export declare function createAdminChecker(input: string | undefined | null): (email: string | undefined | null) => boolean;
-//# sourceMappingURL=admin-emails.d.ts.map

package/dist/admin/admin-emails.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"admin-emails.d.ts","sourceRoot":"","sources":["../../src/admin/admin-emails.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;;;;;;;;;GAWG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,EAAE,CAS3E;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,EAChC,WAAW,EAAE,MAAM,EAAE,GACpB,OAAO,CAMT;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAC/B,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,KAAK,OAAO,CAM/C"}

package/dist/admin/admin-emails.js

@@ -1,73 +0,0 @@
-/**
- * @fileoverview Admin email whitelist utilities
- *
- * Provides functions for parsing and checking admin email whitelists,
- * typically used for bypassing rate limits and subscription checks.
- */
-/**
- * Parse admin emails from environment variable or string
- *
- * @param input - Comma-separated string of admin emails (e.g., "admin@example.com, other@example.com")
- * @returns Array of normalized (lowercase, trimmed) email addresses
- *
- * @example
- * ```typescript
- * const adminEmails = parseAdminEmails(process.env.ADMIN_EMAILS || "");
- * // Returns: ["admin@example.com", "other@example.com"]
- * ```
- */
-export function parseAdminEmails(input) {
-    if (!input) {
-        return [];
-    }
-    return input
-        .split(',')
-        .map(email => email.trim().toLowerCase())
-        .filter(email => email.length > 0 && email.includes('@'));
-}
-/**
- * Check if an email is in the admin whitelist
- *
- * @param email - Email address to check
- * @param adminEmails - Array of admin emails (from parseAdminEmails)
- * @returns True if the email is an admin
- *
- * @example
- * ```typescript
- * const adminEmails = parseAdminEmails(process.env.ADMIN_EMAILS || "");
- * if (isAdminEmail(user.email, adminEmails)) {
- *   // Skip rate limiting, subscription checks, etc.
- * }
- * ```
- */
-export function isAdminEmail(email, adminEmails) {
-    if (!email) {
-        return false;
-    }
-    return adminEmails.includes(email.toLowerCase());
-}
-/**
- * Create a cached admin email checker
- *
- * Parses the admin emails once and returns a checker function.
- * Useful for middleware where you don't want to re-parse on every request.
- *
- * @param input - Comma-separated string of admin emails
- * @returns Function that checks if an email is an admin
- *
- * @example
- * ```typescript
- * const isAdmin = createAdminChecker(process.env.ADMIN_EMAILS);
- *
- * // In middleware:
- * if (isAdmin(user.email)) {
- *   // Bypass checks
- * }
- * ```
- */
-export function createAdminChecker(input) {
-    const adminEmails = parseAdminEmails(input);
-    return (email) => {
-        return isAdminEmail(email, adminEmails);
-    };
-}