@taruvi/sdk 1.0.2 → 1.0.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@taruvi/sdk",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Taruvi SDK",
   "main": "src/index.ts",
   "type": "module",

package/src/client.ts

@@ -33,8 +33,11 @@ export class Client {
     }
 
     /**
-     * Extracts access_token and refresh_token from URL hash and stores them in localStorage.
-     * This handles OAuth callback URLs like: #access_token=xxx&refresh_token=xxx
+     * Extracts authentication tokens from URL hash and stores them using TokenClient.
+     * This handles Web UI Flow callback URLs like:
+     * #session_token=xxx&access_token=yyy&refresh_token=zzz&expires_in=172800&token_type=Bearer
+     *
+     * After successful extraction, the URL hash is cleared to prevent token exposure.
      */
     private extractTokensFromUrl(): void {
         if (typeof window === "undefined" || typeof localStorage === "undefined") {
@@ -47,15 +50,38 @@ export class Client {
         }
 
         const params = new URLSearchParams(hash.substring(1))
+        const sessionToken = params.get("session_token")
         const accessToken = params.get("access_token")
         const refreshToken = params.get("refresh_token")
+        const expiresIn = params.get("expires_in")
+        const tokenType = params.get("token_type")
 
-        if (accessToken) {
-            localStorage.setItem("jwt", accessToken)
+        // Only proceed if we have the required tokens
+        if (!accessToken || !refreshToken) {
+            return
+        }
+
+        // Store tokens using TokenClient
+        const tokens: any = {
+            accessToken,
+            refreshToken,
+            tokenType: tokenType || "Bearer"
+        }
+
+        if (sessionToken) {
+            tokens.sessionToken = sessionToken
+        }
+
+        if (expiresIn) {
+            tokens.expiresIn = parseInt(expiresIn, 10)
         }
 
-        if (refreshToken) {
-            localStorage.setItem("refresh_token", refreshToken)
+        this._tokenClient.setTokens(tokens)
+
+        // Clear hash from URL without reloading page
+        if (window.history && window.history.replaceState) {
+            const urlWithoutHash = window.location.pathname + window.location.search
+            window.history.replaceState(null, "", urlWithoutHash)
         }
     }
 

package/src/index.ts

@@ -12,9 +12,10 @@ export { Secrets } from "./lib/Secrets/SecretsClient.js"
 
 // Export types
 export type { TaruviConfig, StorageFilters, DatabaseFilters } from "./types.js"
+export type { AuthTokens } from "./lib-internal/token/TokenClient.js"
 export type { UserCreateRequest, UserCreateResponse as UserResponse, UserDataResponse } from "./lib/user/types.js"
 export type { FunctionRequest, FunctionResponse, FunctionInvocation } from "./lib/Function/types.js"
 export type { DatabaseRequest, DatabaseResponse } from "./lib/Database/types.js"
 export type { StorageRequest, StorageUpdateRequest, StorageResponse } from "./lib/Storage/types.js"
-export type { SettingsRequest, SettingsResponse, SettingsMetadataResponse } from "./lib/Settings/types.js"
+export type { SettingsResponse } from "./lib/Settings/types.js"
 export type { SecretRequest, SecretResponse } from "./lib/Secrets/types.js"

package/src/lib/Database/DatabaseClient.ts

@@ -1,5 +1,5 @@
 import type { Client } from "../../client.js";
-import { DatabaseRoutes } from "../../lib-internal/routes/DatabaseRoutes.js";
+import { DatabaseRoutes, type DatabaseRouteKey } from "../../lib-internal/routes/DatabaseRoutes.js";
 import { HttpMethod } from "../../lib-internal/http/types.js";
 import type { TaruviConfig, DatabaseFilters } from "../../types.js";
 import type { UrlParams } from "./types.js";
@@ -44,12 +44,21 @@ export class Database {
     }
 
     private buildRoute(): string {
-        return DatabaseRoutes.baseUrl(this.config.appSlug) + Object.keys(this.urlParams).reduce((acc, key) => {
-            if (this.urlParams[key] && DatabaseRoutes[key]) {
-                acc += DatabaseRoutes[key](this.urlParams[key])
-            }
-            return acc
-        }, "") + "/" + buildQueryString(this.filters)
+        return (
+            DatabaseRoutes.baseUrl(this.config.appSlug) +
+            (Object.keys(this.urlParams) as DatabaseRouteKey[]).reduce((acc, key) => {
+                const value = this.urlParams[key]
+                const routeBuilder = DatabaseRoutes[key]
+
+                if (value && routeBuilder) {
+                    acc += routeBuilder(value)
+                }
+
+                return acc
+            }, "") +
+            "/" +
+            buildQueryString(this.filters)
+        )
     }
 
     async execute() {

package/src/lib/Storage/StorageClient.ts

@@ -1,6 +1,6 @@
 import type { Client } from "../../client.js";
 import type { BucketFileUpload, BucketUrlParams } from "./types.js";
-import { StorageRoutes } from "../../lib-internal/routes/StorageRoutes.js";
+import { StorageRoutes, type StorageRouteKey } from "../../lib-internal/routes/StorageRoutes.js";
 import type { TaruviConfig, StorageFilters } from "../../types.js";
 import { HttpMethod } from "../../lib-internal/http/types.js";
 import { buildQueryString } from "../../utils/utils.js";
@@ -55,17 +55,32 @@ export class Storage {
         }, HttpMethod.POST, formData)
     }
 
-
     private buildRoute(): string {
-        return StorageRoutes.baseUrl(this.config.appSlug, this.urlParams.bucket) + Object.keys(this.urlParams).reduce((acc, key) => {
-            if (this.urlParams[key] && StorageRoutes[key]) {
-                acc += StorageRoutes[key](this.urlParams[key])
-            }
-            return acc
-        }, "") + "/" + buildQueryString(this.filters as Record<string, unknown>)
+        return (
+            StorageRoutes.baseUrl(this.config.appSlug, this.urlParams.bucket!) +
+            (Object.keys(this.urlParams) as StorageRouteKey[]).reduce((acc, key) => {
+                const value = this.urlParams[key as keyof BucketUrlParams]
+
+                if (!value) return acc
+
+                if (key === 'path' && typeof value === 'string') {
+                    acc += StorageRoutes.path(value)
+                }
+
+                if ((key === 'upload' || key === 'delete') && typeof StorageRoutes[key] === 'function') {
+                    acc += (StorageRoutes[key] as () => string)()
+                }
+
+                return acc
+            }, '') +
+            '/' +
+            buildQueryString(this.filters as Record<string, unknown>)
+        )
     }
 
-    async execute(): Promise<T> {
+
+
+    async execute(): Promise<any> {
         const url = this.buildRoute()
         const operation = this.operation || HttpMethod.GET
 

package/src/lib/auth/AuthClient.ts

@@ -1,8 +1,15 @@
 import type { Client } from "../../client.js";
-import { User } from "../user/UserClient.js";
-import { Settings } from "../Settings/SettingsClient.js";
 
-// handles user auth not dev auth
+/**
+ * Auth Client - Handles user authentication using Web UI Flow
+ * Implements cross-domain authentication with redirect-based token delivery
+ *
+ * Flow:
+ * 1. User calls login() → Redirects to backend /accounts/login/
+ * 2. User authenticates on backend
+ * 3. Backend redirects back with tokens in URL hash
+ * 4. Client extracts and stores tokens automatically
+ */
 export class Auth {
     private client: Client
 
@@ -10,55 +17,201 @@ export class Auth {
         this.client = client
     }
 
-    async authenticateUser() {
-    //     const myHeaders = new Headers();
-    //     myHeaders.append("sec-ch-ua-platform", "\"Linux\"");
-    //     myHeaders.append("Referer", "http://localhost:5173/");
-    //     myHeaders.append("User-Agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36");
-    //     myHeaders.append("sec-ch-ua", "\"Chromium\";v=\"142\", \"Google Chrome\";v=\"142\", \"Not_A Brand\";v=\"99\"");
-    //     myHeaders.append("Content-Type", "application/json");
-    //     myHeaders.append("sec-ch-ua-mobile", "?0");
-
-    //     const raw = JSON.stringify({
-    //         "password": "admin123",
-    //         "email": "admin@example.com"
-    //     });
-
-    //     const requestOptions: RequestInit = {
-    //         method: "POST",
-    //         headers: myHeaders,
-    //         body: raw,
-    //         redirect: "follow"
-    //     };
-
-    //     await fetch("https://test-api.taruvi.cloud/api/v1/auth/login", requestOptions)
-    //         .then((response) => response.json())
-    //         .then((result) => {
-    //             localStorage.setItem("jwt", result.meta.accesstoken)
-    //         })
-    //         .catch((error) => console.error(error));
+    /**
+     * Redirect to login page (Web UI Flow)
+     * @param callbackUrl - URL to redirect to after successful login (defaults to current page)
+     */
+    login(callbackUrl?: string): void {
+        if (typeof window === "undefined") {
+            console.error("login() can only be called in browser environment")
+            return
+        }
+
+        const config = this.client.getConfig()
+        const callback = callbackUrl || window.location.origin + window.location.pathname
+
+        // Redirect to /accounts/login/ with redirect_to parameter
+        const loginUrl = `${config.baseUrl}/accounts/login/?redirect_to=${encodeURIComponent(callback)}`
+
+        // Optional: Store state before redirecting
+        if (typeof sessionStorage !== "undefined") {
+            sessionStorage.setItem("auth_state", JSON.stringify({
+                returnTo: window.location.pathname,
+                timestamp: Date.now()
+            }))
+        }
+
+        window.location.href = loginUrl
+    }
+
+    /**
+     * Redirect to signup page (Web UI Flow)
+     * @param callbackUrl - URL to redirect to after successful signup (defaults to current page)
+     */
+    signup(callbackUrl?: string): void {
+        if (typeof window === "undefined") {
+            console.error("signup() can only be called in browser environment")
+            return
+        }
+
+        const config = this.client.getConfig()
+        const callback = callbackUrl || window.location.origin + window.location.pathname
+
+        // Redirect to /accounts/signup/ with redirect_to parameter
+        const signupUrl = `${config.baseUrl}/accounts/signup/?redirect_to=${encodeURIComponent(callback)}`
+
+        // Optional: Store state before redirecting
+        if (typeof sessionStorage !== "undefined") {
+            sessionStorage.setItem("auth_state", JSON.stringify({
+                returnTo: window.location.pathname,
+                timestamp: Date.now()
+            }))
+        }
+
+        window.location.href = signupUrl
+    }
+
+    /**
+     * Logout user and redirect to logout page
+     * @param callbackUrl - URL to redirect to after logout (defaults to home page)
+     */
+    logout(callbackUrl?: string): void {
+        if (typeof window === "undefined") {
+            console.error("logout() can only be called in browser environment")
+            return
+        }
+
+        // Clear tokens immediately
+        this.client.tokenClient.clearTokens()
+
+        const config = this.client.getConfig()
+        const callback = callbackUrl || window.location.origin
+
+        // Redirect to /accounts/logout/
+        const logoutUrl = `${config.baseUrl}/accounts/logout/?redirect_to=${encodeURIComponent(callback)}`
+
+        window.location.href = logoutUrl
+    }
+
+    /**
+     * Check if user is authenticated
+     */
+    isUserAuthenticated(): boolean {
+        return this.client.tokenClient.isAuthenticated()
+    }
+
+    /**
+     * Get the current access token
+     */
+    getAccessToken(): string | null {
+        return this.client.tokenClient.getToken()
     }
 
-    async isUserAuthenticated(): Promise<boolean> {
-        const authValue = localStorage.getItem("jwt")
-        return authValue ? true : false
+    /**
+     * Get the current refresh token
+     */
+    getRefreshToken(): string | null {
+        return this.client.tokenClient.getRefreshToken()
     }
 
-    async redirectToLogin() {
-        const settings = new Settings(this.client)
-        // let { frontEndUrl } = await settings.get().execute()
-        let frontEndUrl
-        const currentUrl = window.location.href
-        
-        if (!frontEndUrl) frontEndUrl = this.client.getConfig().deskUrl
-        window.location.href = frontEndUrl + `?redirect=${currentUrl}`
+    /**
+     * Check if the access token is expired
+     */
+    isTokenExpired(): boolean {
+        return this.client.tokenClient.isTokenExpired()
     }
 
-    // TODO: Implement authentication methods
-    // - signInWithSSO
-    // - signInWithPassword ?
-    // - signOut
-    // - isUserAuthenticated
-    // - refreshSession
-    // - redirectToLogin
+    /**
+     * Refresh the access token using the refresh token
+     * ⚠️ IMPORTANT: Taruvi uses refresh token rotation
+     * You will receive BOTH a new access token AND a new refresh token
+     *
+     * @returns Promise with new tokens or null if refresh failed
+     */
+    async refreshAccessToken(): Promise<{ access: string; refresh: string; expires_in: number } | null> {
+        const refreshToken = this.client.tokenClient.getRefreshToken()
+
+        if (!refreshToken) {
+            console.error("No refresh token available")
+            return null
+        }
+
+        try {
+            const config = this.client.getConfig()
+            const response = await fetch(`${config.baseUrl}/api/cloud/auth/jwt/token/refresh/`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({ refresh: refreshToken })
+            })
+
+            if (!response.ok) {
+                throw new Error(`Token refresh failed: ${response.statusText}`)
+            }
+
+            const data = await response.json()
+
+            // Update tokens in storage (both access and refresh due to rotation)
+            this.client.tokenClient.updateAccessToken(data.access, data.expires_in || 172800)
+
+            if (data.refresh) {
+                this.client.tokenClient.updateRefreshToken(data.refresh)
+            }
+
+            return {
+                access: data.access,
+                refresh: data.refresh || refreshToken,
+                expires_in: data.expires_in || 172800
+            }
+        } catch (error) {
+            console.error("Failed to refresh access token:", error)
+
+            // Clear tokens and redirect to login
+            this.client.tokenClient.clearTokens()
+
+            if (typeof window !== "undefined") {
+                this.login()
+            }
+
+            return null
+        }
+    }
+
+    /**
+     * Get current user info from access token (JWT decode)
+     * Note: This only decodes the token, doesn't validate signature
+     */
+    getCurrentUser(): any | null {
+        const accessToken = this.getAccessToken()
+
+        if (!accessToken) {
+            return null
+        }
+
+        try {
+            // Decode JWT (middle part is payload)
+            const parts = accessToken.split(".")
+            if (parts.length !== 3 || !parts[1]) {
+                throw new Error("Invalid JWT format")
+            }
+            const payload = JSON.parse(atob(parts[1]))
+            return payload
+        } catch (error) {
+            console.error("Failed to decode access token:", error)
+            return null
+        }
+    }
+
+    /**
+     * Legacy method: Redirect to login using desk URL
+     * @deprecated Use login() instead
+     */
+    async redirectToLogin(): Promise<void> {
+        const config = this.client.getConfig()
+        const currentUrl = typeof window !== "undefined" ? window.location.href : ""
+
+        const deskUrl = config.deskUrl || config.baseUrl
+        if (typeof window !== "undefined") {
+            window.location.href = `${deskUrl}?redirect=${encodeURIComponent(currentUrl)}`
+        }
+    }
 }

package/src/lib-internal/routes/DatabaseRoutes.ts

@@ -2,4 +2,8 @@ export const DatabaseRoutes = {
     baseUrl: (appSlug: string) => `api/apps/${appSlug}`,
     dataTables: (tableName: string): string => `/datatables/${tableName}/data`,
     recordId: (recordId: string): string => `/${recordId}`
-}
+}
+
+type AllRouteKeys = keyof typeof DatabaseRoutes
+export type DatabaseRouteKey = Exclude<AllRouteKeys, 'baseUrl'>
+export type DatabaseUrlParams = Partial<Record<DatabaseRouteKey, string>>

package/src/lib-internal/routes/StorageRoutes.ts

@@ -4,4 +4,12 @@ export const StorageRoutes = {
     upload: () => "/batch-upload",
     delete: () => "/batch-delete"
     // bucket: (appslug: string, bucketslug: string) => `${StorageRoutesClone.baseUrl(appslug)}/${bucketslug}`
-}
+}
+
+export type StoragePathKey = 'path'
+export type StorageFlagKey = 'upload' | 'delete'
+export type StorageRouteKey = StoragePathKey | StorageFlagKey
+
+export type BucketUrlParams = Partial<
+    Record<StorageRouteKey, string | true>
+>