@tabl.io/auth 0.1.0

package/README.md

@@ -0,0 +1,142 @@
+# @tabl.io/auth
+
+Autenticação e autorização compartilhada para os apps Tabl com login real (Manager, Cashier).
+
+## Instalação
+
+```bash
+npm install @tabl.io/auth
+```
+
+O pacote tem `@supabase/supabase-js` e `react` como `peerDependencies` — devem estar instalados no app consumidor.
+
+---
+
+## Setup
+
+### 1. Criar o cliente Supabase (`src/api/supabase.ts`)
+
+```ts
+import { createTablaClient } from '@tabl.io/auth'
+
+export const supabase = createTablaClient({
+  url: import.meta.env.VITE_TABL_SERVER_URL,
+  anonKey: import.meta.env.VITE_TABL_SERVER_ANON_KEY,
+})
+```
+
+### 2. Inicializar no boot do app (`src/App.tsx`)
+
+```tsx
+import { useEffect } from 'react'
+import { useAuthStore, LoginPage } from '@tabl.io/auth'
+import { supabase } from './api/supabase'
+
+export default function App() {
+  const { init, isInitializing, isAuthenticated } = useAuthStore()
+
+  useEffect(() => {
+    const unsubscribe = init(supabase)
+    return unsubscribe        // cleanup do listener ao desmontar
+  }, [])
+
+  if (isInitializing) return <Loading />
+
+  if (!isAuthenticated) {
+    return (
+      <div data-module="manager">   {/* ativa tema de cor do módulo */}
+        <LoginPage supabase={supabase} moduleName="Manager" />
+      </div>
+    )
+  }
+
+  return (
+    <div data-module="manager">
+      <RouterProvider router={router} />
+    </div>
+  )
+}
+```
+
+Para o Cashier, substituir `data-module="manager"` por `data-module="cashier"` e `moduleName="Caixa"`.
+
+---
+
+## Proteger rotas
+
+### Via hook — redireciona se não autorizado
+
+```tsx
+import { useRequireRole } from '@tabl.io/auth'
+
+export function SettingsPage() {
+  const navigate = useNavigate()
+  useRequireRole('manager', () => navigate('/'))
+  // ...
+}
+```
+
+### Via componente — oculta elemento de UI
+
+```tsx
+import { RoleGuard } from '@tabl.io/auth'
+
+<RoleGuard role="manager">
+  <DeleteButton />
+</RoleGuard>
+```
+
+---
+
+## Verificar permissão em código
+
+```tsx
+import { useAuth } from '@tabl.io/auth'
+
+const { user, role, can } = useAuth()
+
+can('manager')    // true se role >= manager
+can('cashier')    // true se role >= cashier
+can('supervisor') // true para qualquer role autenticado
+```
+
+---
+
+## Criar usuários com role
+
+Via Supabase Dashboard ou edge function administrativa.
+O campo `role` deve ficar em `app_metadata` — nunca em `user_metadata` (editável pelo próprio usuário).
+
+```ts
+await supabase.auth.admin.createUser({
+  email: 'gerente@restaurante.com',
+  password: 'senha-segura',
+  email_confirm: true,
+  app_metadata: { role: 'manager' }, // 'manager' | 'cashier' | 'supervisor'
+})
+```
+
+---
+
+## Hierarquia de roles
+
+| Role         | Acesso                              |
+|--------------|-------------------------------------|
+| `manager`    | Total — gestão, caixa, supervisão   |
+| `cashier`    | Operação de caixa                   |
+| `supervisor` | Visualização e aprovações           |
+
+`hasRole('manager', 'cashier')` → `true` (manager pode tudo que cashier pode)
+
+---
+
+## Tokens de cor por módulo (`@tabl.io/ui`)
+
+Adicionar `cashier-token.patch.css` em `@tabl.io/ui/src/foundation/tokens.css`:
+
+| `data-module` | Cor     | App        |
+|---------------|---------|------------|
+| `pdv`         | Laranja | PDV        |
+| `kds`         | Azul    | KDS        |
+| `manager`     | Roxo    | Manager    |
+| `cashier`     | Teal    | Cashier    |

package/dist/index.css

@@ -0,0 +1,3 @@
+/*! tailwindcss v4.2.1 | MIT License | https://tailwindcss.com */
+@layer properties{@supports (((-webkit-hyphens:none)) and (not (margin-trim:inline))) or ((-moz-orient:inline) and (not (color:rgb(from red r g b)))){*,:before,:after,::backdrop{--tw-space-y-reverse:0;--tw-border-style:solid;--tw-font-weight:initial;--tw-tracking:initial;--tw-shadow:0 0 #0000;--tw-shadow-color:initial;--tw-shadow-alpha:100%;--tw-inset-shadow:0 0 #0000;--tw-inset-shadow-color:initial;--tw-inset-shadow-alpha:100%;--tw-ring-color:initial;--tw-ring-shadow:0 0 #0000;--tw-inset-ring-color:initial;--tw-inset-ring-shadow:0 0 #0000;--tw-ring-inset:initial;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-offset-shadow:0 0 #0000;--tw-animation-delay:0s;--tw-animation-direction:normal;--tw-animation-duration:initial;--tw-animation-fill-mode:none;--tw-animation-iteration-count:1;--tw-enter-blur:0;--tw-enter-opacity:1;--tw-enter-rotate:0;--tw-enter-scale:1;--tw-enter-translate-x:0;--tw-enter-translate-y:0;--tw-exit-blur:0;--tw-exit-opacity:1;--tw-exit-rotate:0;--tw-exit-scale:1;--tw-exit-translate-x:0;--tw-exit-translate-y:0}}}@layer theme{:root,:host{--font-sans:ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";--font-mono:ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;--spacing:.25rem;--container-sm:24rem;--text-xs:.75rem;--text-xs--line-height:calc(1 / .75);--text-sm:.875rem;--text-sm--line-height:calc(1.25 / .875);--text-base:1rem;--text-base--line-height:calc(1.5 / 1);--text-2xl:1.5rem;--text-2xl--line-height:calc(2 / 1.5);--font-weight-medium:500;--font-weight-semibold:600;--font-weight-bold:700;--tracking-widest:.1em;--radius-md:.375rem;--radius-xl:.75rem;--animate-spin:spin 1s linear infinite;--default-transition-duration:.15s;--default-transition-timing-function:cubic-bezier(.4, 0, .2, 1);--default-font-family:var(--font-sans);--default-mono-font-family:var(--font-mono)}}@layer base{*,:after,:before,::backdrop{box-sizing:border-box;border:0 solid;margin:0;padding:0}::file-selector-button{box-sizing:border-box;border:0 solid;margin:0;padding:0}html,:host{-webkit-text-size-adjust:100%;tab-size:4;line-height:1.5;font-family:var(--default-font-family,ui-sans-serif, system-ui, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji");font-feature-settings:var(--default-font-feature-settings,normal);font-variation-settings:var(--default-font-variation-settings,normal);-webkit-tap-highlight-color:transparent}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;-webkit-text-decoration:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,samp,pre{font-family:var(--default-mono-font-family,ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace);font-feature-settings:var(--default-mono-font-feature-settings,normal);font-variation-settings:var(--default-mono-font-variation-settings,normal);font-size:1em}small{font-size:80%}sub,sup{vertical-align:baseline;font-size:75%;line-height:0;position:relative}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit;border-collapse:collapse}:-moz-focusring{outline:auto}progress{vertical-align:baseline}summary{display:list-item}ol,ul,menu{list-style:none}img,svg,video,canvas,audio,iframe,embed,object{vertical-align:middle;display:block}img,video{max-width:100%;height:auto}button,input,select,optgroup,textarea{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}::file-selector-button{font:inherit;font-feature-settings:inherit;font-variation-settings:inherit;letter-spacing:inherit;color:inherit;opacity:1;background-color:#0000;border-radius:0}:where(select:is([multiple],[size])) optgroup{font-weight:bolder}:where(select:is([multiple],[size])) optgroup option{padding-inline-start:20px}::file-selector-button{margin-inline-end:4px}::placeholder{opacity:1}@supports (not ((-webkit-appearance:-apple-pay-button))) or (contain-intrinsic-size:1px){::placeholder{color:currentColor}@supports (color:color-mix(in lab, red, red)){::placeholder{color:color-mix(in oklab, currentcolor 50%, transparent)}}}textarea{resize:vertical}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-date-and-time-value{min-height:1lh;text-align:inherit}::-webkit-datetime-edit{display:inline-flex}::-webkit-datetime-edit-fields-wrapper{padding:0}::-webkit-datetime-edit{padding-block:0}::-webkit-datetime-edit-year-field{padding-block:0}::-webkit-datetime-edit-month-field{padding-block:0}::-webkit-datetime-edit-day-field{padding-block:0}::-webkit-datetime-edit-hour-field{padding-block:0}::-webkit-datetime-edit-minute-field{padding-block:0}::-webkit-datetime-edit-second-field{padding-block:0}::-webkit-datetime-edit-millisecond-field{padding-block:0}::-webkit-datetime-edit-meridiem-field{padding-block:0}::-webkit-calendar-picker-indicator{line-height:1}:-moz-ui-invalid{box-shadow:none}button,input:where([type=button],[type=reset],[type=submit]){appearance:button}::file-selector-button{appearance:button}::-webkit-inner-spin-button{height:auto}::-webkit-outer-spin-button{height:auto}[hidden]:where(:not([hidden=until-found])){display:none!important}}@layer components;@layer utilities{.mb-2{margin-bottom:calc(var(--spacing) * 2)}.flex{display:flex}.inline-flex{display:inline-flex}.size-4{width:calc(var(--spacing) * 4);height:calc(var(--spacing) * 4)}.min-h-screen{min-height:100vh}.w-full{width:100%}.max-w-sm{max-width:var(--container-sm)}.animate-spin{animation:var(--animate-spin)}.flex-col{flex-direction:column}.items-center{align-items:center}.justify-center{justify-content:center}.gap-2{gap:calc(var(--spacing) * 2)}.gap-3{gap:calc(var(--spacing) * 3)}:where(.space-y-1>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 1) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 1) * calc(1 - var(--tw-space-y-reverse)))}:where(.space-y-1\.5>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 1.5) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 1.5) * calc(1 - var(--tw-space-y-reverse)))}:where(.space-y-3>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 3) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 3) * calc(1 - var(--tw-space-y-reverse)))}:where(.space-y-4>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 4) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 4) * calc(1 - var(--tw-space-y-reverse)))}:where(.space-y-8>:not(:last-child)){--tw-space-y-reverse:0;margin-block-start:calc(calc(var(--spacing) * 8) * var(--tw-space-y-reverse));margin-block-end:calc(calc(var(--spacing) * 8) * calc(1 - var(--tw-space-y-reverse)))}.rounded-md{border-radius:var(--radius-md)}.rounded-xl{border-radius:var(--radius-xl)}.border{border-style:var(--tw-border-style);border-width:1px}.p-4{padding:calc(var(--spacing) * 4)}.p-6{padding:calc(var(--spacing) * 6)}.px-3{padding-inline:calc(var(--spacing) * 3)}.px-4{padding-inline:calc(var(--spacing) * 4)}.py-2{padding-block:calc(var(--spacing) * 2)}.text-center{text-align:center}.text-2xl{font-size:var(--text-2xl);line-height:var(--tw-leading,var(--text-2xl--line-height))}.text-base{font-size:var(--text-base);line-height:var(--tw-leading,var(--text-base--line-height))}.text-sm{font-size:var(--text-sm);line-height:var(--tw-leading,var(--text-sm--line-height))}.text-xs{font-size:var(--text-xs);line-height:var(--tw-leading,var(--text-xs--line-height))}.font-bold{--tw-font-weight:var(--font-weight-bold);font-weight:var(--font-weight-bold)}.font-medium{--tw-font-weight:var(--font-weight-medium);font-weight:var(--font-weight-medium)}.font-semibold{--tw-font-weight:var(--font-weight-semibold);font-weight:var(--font-weight-semibold)}.tracking-widest{--tw-tracking:var(--tracking-widest);letter-spacing:var(--tracking-widest)}.uppercase{text-transform:uppercase}.shadow-sm{--tw-shadow:0 1px 3px 0 var(--tw-shadow-color,#0000001a), 0 1px 2px -1px var(--tw-shadow-color,#0000001a);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.transition{transition-property:color,background-color,border-color,outline-color,text-decoration-color,fill,stroke,--tw-gradient-from,--tw-gradient-via,--tw-gradient-to,opacity,box-shadow,transform,translate,scale,rotate,filter,-webkit-backdrop-filter,backdrop-filter,display,content-visibility,overlay,pointer-events;transition-timing-function:var(--tw-ease,var(--default-transition-timing-function));transition-duration:var(--tw-duration,var(--default-transition-duration))}.outline-none{--tw-outline-style:none;outline-style:none}.focus\:ring-2:focus{--tw-ring-shadow:var(--tw-ring-inset,) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color,currentcolor);box-shadow:var(--tw-inset-shadow), var(--tw-inset-ring-shadow), var(--tw-ring-offset-shadow), var(--tw-ring-shadow), var(--tw-shadow)}.disabled\:pointer-events-none:disabled{pointer-events:none}.disabled\:opacity-50:disabled{opacity:.5}}@property --tw-animation-delay{syntax:"*";inherits:false;initial-value:0s}@property --tw-animation-direction{syntax:"*";inherits:false;initial-value:normal}@property --tw-animation-duration{syntax:"*";inherits:false}@property --tw-animation-fill-mode{syntax:"*";inherits:false;initial-value:none}@property --tw-animation-iteration-count{syntax:"*";inherits:false;initial-value:1}@property --tw-enter-blur{syntax:"*";inherits:false;initial-value:0}@property --tw-enter-opacity{syntax:"*";inherits:false;initial-value:1}@property --tw-enter-rotate{syntax:"*";inherits:false;initial-value:0}@property --tw-enter-scale{syntax:"*";inherits:false;initial-value:1}@property --tw-enter-translate-x{syntax:"*";inherits:false;initial-value:0}@property --tw-enter-translate-y{syntax:"*";inherits:false;initial-value:0}@property --tw-exit-blur{syntax:"*";inherits:false;initial-value:0}@property --tw-exit-opacity{syntax:"*";inherits:false;initial-value:1}@property --tw-exit-rotate{syntax:"*";inherits:false;initial-value:0}@property --tw-exit-scale{syntax:"*";inherits:false;initial-value:1}@property --tw-exit-translate-x{syntax:"*";inherits:false;initial-value:0}@property --tw-exit-translate-y{syntax:"*";inherits:false;initial-value:0}@property --tw-space-y-reverse{syntax:"*";inherits:false;initial-value:0}@property --tw-border-style{syntax:"*";inherits:false;initial-value:solid}@property --tw-font-weight{syntax:"*";inherits:false}@property --tw-tracking{syntax:"*";inherits:false}@property --tw-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-shadow-color{syntax:"*";inherits:false}@property --tw-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-inset-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-inset-shadow-color{syntax:"*";inherits:false}@property --tw-inset-shadow-alpha{syntax:"<percentage>";inherits:false;initial-value:100%}@property --tw-ring-color{syntax:"*";inherits:false}@property --tw-ring-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-inset-ring-color{syntax:"*";inherits:false}@property --tw-inset-ring-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@property --tw-ring-inset{syntax:"*";inherits:false}@property --tw-ring-offset-width{syntax:"<length>";inherits:false;initial-value:0}@property --tw-ring-offset-color{syntax:"*";inherits:false;initial-value:#fff}@property --tw-ring-offset-shadow{syntax:"*";inherits:false;initial-value:0 0 #0000}@keyframes spin{to{transform:rotate(360deg)}}
+/*$vite$:1*/

package/dist/index.d.ts

@@ -0,0 +1,149 @@
+import { JSX } from 'react/jsx-runtime';
+import { ReactNode } from '../../node_modules/react';
+import { StoreApi } from '../../node_modules/zustand';
+import { SupabaseClient } from '../../node_modules/@supabase/supabase-js';
+import { UseBoundStore } from '../../node_modules/zustand';
+import { User } from '../../node_modules/@supabase/supabase-js';
+import { User as User_2 } from '@supabase/auth-js';
+
+export declare interface AuthState {
+    user: User | null;
+    role: UserRole | null;
+    isInitializing: boolean;
+    isAuthenticated: boolean;
+    error: string | null;
+    /** Inicializa o listener de sessão — chamar uma vez no boot do app, retorna unsubscribe */
+    init: (supabase: SupabaseClient) => () => void;
+    /** Login com email e senha */
+    signIn: (supabase: SupabaseClient, email: string, password: string) => Promise<void>;
+    /** Logout */
+    signOut: (supabase: SupabaseClient) => Promise<void>;
+}
+
+/**
+ * Cria um cliente Supabase com as configurações padrão dos apps Tabl.
+ * Cada app instancia o seu próprio cliente via esta factory.
+ *
+ * @example
+ * // src/api/supabase.ts de cada app
+ * export const supabase = createTablaClient({
+ *   url: import.meta.env.VITE_TABL_SERVER_URL,
+ *   anonKey: import.meta.env.VITE_TABL_SERVER_ANON_KEY,
+ * })
+ */
+export declare function createTablaClient(config: TablaClientConfig): SupabaseClient;
+
+/**
+ * Extrai o role do app_metadata do JWT Supabase.
+ * Retorna null se ausente ou inválido — nunca lança exceção.
+ */
+export declare function getRoleFromMetadata(appMetadata: Record<string, unknown> | null | undefined): UserRole | null;
+
+/**
+ * Verifica se o role do usuário satisfaz o role mínimo requerido.
+ *
+ * @example
+ * hasRole('manager', 'cashier')  // true  — manager pode tudo que cashier pode
+ * hasRole('cashier', 'manager')  // false — cashier não acessa funções de manager
+ * hasRole('cashier', 'cashier')  // true  — mesmo nível
+ */
+export declare function hasRole(userRole: UserRole, requiredRole: UserRole): boolean;
+
+/**
+ * Tela de login reutilizável para Manager e Cashier.
+ * Estilizada com tokens CSS do @tabl.io/ui — aplica `data-module` no elemento
+ * raiz do app para herdar a cor primária correta de cada módulo.
+ *
+ * @example
+ * // App.tsx do manager
+ * <div data-module="manager">
+ *   <LoginPage supabase={supabase} moduleName="Manager" />
+ * </div>
+ *
+ * // App.tsx do cashier
+ * <div data-module="cashier">
+ *   <LoginPage supabase={supabase} moduleName="Caixa" />
+ * </div>
+ */
+export declare function LoginPage({ supabase, moduleName, logo }: LoginPageProps): JSX.Element;
+
+export declare interface LoginPageProps {
+    /** Cliente Supabase do app consumidor */
+    supabase: SupabaseClient;
+    /** Nome do módulo exibido como título — ex: "Manager", "Caixa" */
+    moduleName: string;
+    /** Logo ou ícone exibido acima do form */
+    logo?: React.ReactNode;
+}
+
+/**
+ * Wrapper declarativo que protege conteúdo por role.
+ * Não redireciona — use `useRequireRole` para redirecionamento de rota.
+ * Use RoleGuard para ocultar elementos de UI condicionalmente.
+ *
+ * @example
+ * <RoleGuard role="manager">
+ *   <DeleteButton />
+ * </RoleGuard>
+ */
+export declare function RoleGuard({ role, fallback, children }: RoleGuardProps): JSX.Element;
+
+export declare interface RoleGuardProps {
+    /** Role mínimo requerido para renderizar children */
+    role: UserRole;
+    /** Conteúdo exibido enquanto verifica autenticação ou se não autorizado */
+    fallback?: ReactNode;
+    children: ReactNode;
+}
+
+export declare interface TablaClientConfig {
+    url: string;
+    anonKey: string;
+    /** Padrão 10 — reduzir em dispositivos com banda limitada */
+    realtimeEventsPerSecond?: number;
+}
+
+/**
+ * Hook principal de autenticação — estado atual e helper de permissão.
+ *
+ * @example
+ * const { user, role, isAuthenticated, can } = useAuth()
+ *
+ * if (can('manager')) {
+ *   // exibe funções restritas a manager
+ * }
+ */
+export declare function useAuth(): {
+    user: User_2 | null;
+    role: UserRole | null;
+    isInitializing: boolean;
+    isAuthenticated: boolean;
+    error: string | null;
+    can: (requiredRole: UserRole) => boolean;
+};
+
+export declare const useAuthStore: UseBoundStore<StoreApi<AuthState>>;
+
+/**
+ * Guard declarativo para rotas protegidas por role.
+ * Chama `onUnauthorized` se o usuário não tiver o role mínimo.
+ * Não age enquanto `isInitializing` for true.
+ *
+ * @example
+ * export function SettingsPage() {
+ *   const navigate = useNavigate()
+ *   useRequireRole('manager', () => navigate('/'))
+ *   // ...
+ * }
+ */
+export declare function useRequireRole(requiredRole: UserRole, onUnauthorized: () => void): void;
+
+/**
+ * Roles de usuário humano — autenticação real via email/senha.
+ * Distinto de DeviceMode (staff/client) que é autenticação de dispositivo anônimo.
+ *
+ * Armazenado em auth.users.app_metadata.role via Supabase Admin API.
+ */
+export declare type UserRole = 'manager' | 'cashier' | 'supervisor';
+
+export { }

package/dist/index.js

@@ -0,0 +1,210 @@
+import { create as v } from "zustand";
+import { useEffect as w, useState as m } from "react";
+import { Loader2 as N } from "lucide-react";
+import { Fragment as f, jsx as i, jsxs as l } from "react/jsx-runtime";
+import { createClient as E } from "@supabase/supabase-js";
+var g = {
+  supervisor: 1,
+  cashier: 2,
+  manager: 3
+};
+function I(t, e) {
+  return g[t] >= g[e];
+}
+function p(t) {
+  const e = t?.role;
+  return e === "manager" || e === "cashier" || e === "supervisor" ? e : null;
+}
+const b = v()((t) => ({
+  user: null,
+  role: null,
+  isInitializing: !0,
+  isAuthenticated: !1,
+  error: null,
+  init: (e) => {
+    e.auth.getSession().then(({ data: { session: r } }) => {
+      r?.user ? t({
+        user: r.user,
+        role: p(r.user.app_metadata),
+        isAuthenticated: !0,
+        isInitializing: !1
+      }) : t({ isInitializing: !1 });
+    });
+    const { data: { subscription: a } } = e.auth.onAuthStateChange((r, n) => {
+      n?.user ? t({
+        user: n.user,
+        role: p(n.user.app_metadata),
+        isAuthenticated: !0,
+        isInitializing: !1,
+        error: null
+      }) : t({
+        user: null,
+        role: null,
+        isAuthenticated: !1,
+        isInitializing: !1
+      });
+    });
+    return () => a.unsubscribe();
+  },
+  signIn: async (e, a, r) => {
+    t({ error: null });
+    const { data: n, error: s } = await e.auth.signInWithPassword({
+      email: a,
+      password: r
+    });
+    if (s)
+      throw t({ error: s.message }), s;
+    if (!p(n.user?.app_metadata)) {
+      await e.auth.signOut();
+      const o = "Usuário sem permissão de acesso.";
+      throw t({ error: o }), new Error(o);
+    }
+  },
+  signOut: async (e) => {
+    await e.auth.signOut();
+  }
+}));
+function x() {
+  const { user: t, role: e, isInitializing: a, isAuthenticated: r, error: n } = b();
+  function s(o) {
+    return e ? I(e, o) : !1;
+  }
+  return {
+    user: t,
+    role: e,
+    isInitializing: a,
+    isAuthenticated: r,
+    error: n,
+    can: s
+  };
+}
+function L(t, e) {
+  const { isInitializing: a, isAuthenticated: r, can: n } = x();
+  w(() => {
+    a || (!r || !n(t)) && e();
+  }, [
+    a,
+    r,
+    t
+  ]);
+}
+function T({ supabase: t, moduleName: e, logo: a }) {
+  const { signIn: r, error: n } = b(), [s, o] = m(""), [c, y] = m(""), [d, h] = m(!1);
+  return /* @__PURE__ */ i("div", {
+    className: "flex min-h-screen flex-col items-center justify-center bg-background p-4",
+    children: /* @__PURE__ */ l("div", {
+      className: "w-full max-w-sm space-y-8",
+      children: [/* @__PURE__ */ l("div", {
+        className: "flex flex-col items-center gap-3 text-center",
+        children: [a && /* @__PURE__ */ i("div", {
+          className: "mb-2",
+          children: a
+        }), /* @__PURE__ */ l("div", { children: [/* @__PURE__ */ i("p", {
+          className: "text-xs font-bold uppercase tracking-widest text-muted-foreground",
+          children: "tabl.io"
+        }), /* @__PURE__ */ i("h1", {
+          className: "text-2xl font-bold",
+          children: e
+        })] })]
+      }), /* @__PURE__ */ l("div", {
+        className: "rounded-xl border bg-card p-6 shadow-sm space-y-4",
+        children: [/* @__PURE__ */ l("div", {
+          className: "space-y-1",
+          children: [/* @__PURE__ */ i("h2", {
+            className: "text-base font-semibold",
+            children: "Entrar"
+          }), /* @__PURE__ */ i("p", {
+            className: "text-sm text-muted-foreground",
+            children: "Use suas credenciais de acesso"
+          })]
+        }), /* @__PURE__ */ l("form", {
+          onSubmit: async (u) => {
+            if (u.preventDefault(), !(!s || !c)) {
+              h(!0);
+              try {
+                await r(t, s, c);
+              } finally {
+                h(!1);
+              }
+            }
+          },
+          className: "space-y-3",
+          children: [
+            /* @__PURE__ */ l("div", {
+              className: "space-y-1.5",
+              children: [/* @__PURE__ */ i("label", {
+                htmlFor: "email",
+                className: "text-sm font-medium",
+                children: "E-mail"
+              }), /* @__PURE__ */ i("input", {
+                id: "email",
+                type: "email",
+                autoComplete: "email",
+                autoFocus: !0,
+                required: !0,
+                value: s,
+                onChange: (u) => o(u.target.value),
+                disabled: d,
+                placeholder: "voce@restaurante.com",
+                className: "w-full rounded-md border bg-background px-3 py-2 text-sm outline-none transition focus:ring-2 focus:ring-ring/50 disabled:opacity-50"
+              })]
+            }),
+            /* @__PURE__ */ l("div", {
+              className: "space-y-1.5",
+              children: [/* @__PURE__ */ i("label", {
+                htmlFor: "password",
+                className: "text-sm font-medium",
+                children: "Senha"
+              }), /* @__PURE__ */ i("input", {
+                id: "password",
+                type: "password",
+                autoComplete: "current-password",
+                required: !0,
+                value: c,
+                onChange: (u) => y(u.target.value),
+                disabled: d,
+                placeholder: "••••••••",
+                className: "w-full rounded-md border bg-background px-3 py-2 text-sm outline-none transition focus:ring-2 focus:ring-ring/50 disabled:opacity-50"
+              })]
+            }),
+            n && /* @__PURE__ */ i("p", {
+              className: "rounded-md bg-destructive/10 px-3 py-2 text-sm text-destructive",
+              children: n
+            }),
+            /* @__PURE__ */ i("button", {
+              type: "submit",
+              disabled: d || !s || !c,
+              className: "inline-flex w-full items-center justify-center gap-2 rounded-md bg-primary px-4 py-2 text-sm font-medium text-primary-foreground transition hover:bg-primary/90 disabled:pointer-events-none disabled:opacity-50",
+              children: d ? /* @__PURE__ */ i(N, { className: "size-4 animate-spin" }) : "Entrar"
+            })
+          ]
+        })]
+      })]
+    })
+  });
+}
+function F({ role: t, fallback: e = null, children: a }) {
+  const { isInitializing: r, can: n } = x();
+  return r ? /* @__PURE__ */ i(f, { children: e }) : n(t) ? /* @__PURE__ */ i(f, { children: a }) : /* @__PURE__ */ i(f, { children: e });
+}
+function O(t) {
+  const { url: e, anonKey: a, realtimeEventsPerSecond: r = 10 } = t;
+  if (!e || !a) throw new Error("[tabl.io/auth] VITE_TABL_SERVER_URL e VITE_TABL_SERVER_ANON_KEY são obrigatórios.");
+  return E(e, a, {
+    auth: {
+      persistSession: !0,
+      autoRefreshToken: !0
+    },
+    realtime: { params: { eventsPerSecond: r } }
+  });
+}
+export {
+  T as LoginPage,
+  F as RoleGuard,
+  O as createTablaClient,
+  p as getRoleFromMetadata,
+  I as hasRole,
+  x as useAuth,
+  b as useAuthStore,
+  L as useRequireRole
+};

package/package.json

@@ -0,0 +1,55 @@
+{
+  "name": "@tabl.io/auth",
+  "private": false,
+  "license": "UNLICENSED",
+  "version": "0.1.0",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "sideEffects": false,
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "style": "./dist/index.css",
+      "default": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "vite build",
+    "lint": "eslint .",
+    "typecheck": "tsc -p tsconfig.app.json"
+  },
+  "dependencies": {
+    "lucide-react": "^0.563.0",
+    "zustand": "^5.0.0"
+  },
+  "peerDependencies": {
+    "@supabase/supabase-js": "^2.0.0",
+    "react": "^19",
+    "react-dom": "^19"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.39.1",
+    "@supabase/supabase-js": "^2.0.0",
+    "@tailwindcss/vite": "^4.1.18",
+    "@types/node": "^24.10.1",
+    "@types/react": "^19.2.7",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^5.1.4",
+    "esbuild": "^0.27.3",
+    "eslint": "^9.39.1",
+    "react": "^19",
+    "react-dom": "^19",
+    "tailwindcss": "^4.1.18",
+    "tw-animate-css": "^1.4.0",
+    "typescript": "~5.9.3",
+    "typescript-eslint": "^8.48.0",
+    "vite": "^8.0.0-beta.13",
+    "vite-plugin-dts": "^4.5.4"
+  }
+}