@tern-secure/auth 1.1.0-canary.v20251008131428 → 1.1.0-canary.v20251019190011
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/{resources → auth}/AuthCookieManager.js +12 -1
- package/dist/cjs/auth/AuthCookieManager.js.map +1 -0
- package/dist/cjs/auth/cookies/session.js +83 -0
- package/dist/cjs/auth/cookies/session.js.map +1 -0
- package/dist/cjs/auth/request.js +159 -0
- package/dist/cjs/auth/request.js.map +1 -0
- package/dist/cjs/index.js +2 -0
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/instance/TernAuth.js +163 -19
- package/dist/cjs/instance/TernAuth.js.map +1 -1
- package/dist/cjs/instance/events.js +3 -2
- package/dist/cjs/instance/events.js.map +1 -1
- package/dist/cjs/instance/jwtClient.js +72 -0
- package/dist/cjs/instance/jwtClient.js.map +1 -0
- package/dist/cjs/resources/Base.js +7 -0
- package/dist/cjs/resources/Base.js.map +1 -1
- package/dist/cjs/resources/Session.js +105 -0
- package/dist/cjs/resources/Session.js.map +1 -0
- package/dist/cjs/resources/SignIn.js +25 -27
- package/dist/cjs/resources/SignIn.js.map +1 -1
- package/dist/cjs/resources/Token.js +32 -0
- package/dist/cjs/resources/Token.js.map +1 -0
- package/dist/cjs/resources/UserData.js +43 -0
- package/dist/cjs/resources/UserData.js.map +1 -0
- package/dist/cjs/resources/cookie.js +154 -0
- package/dist/cjs/resources/cookie.js.map +1 -0
- package/dist/cjs/resources/internal.js +4 -2
- package/dist/cjs/resources/internal.js.map +1 -1
- package/dist/cjs/utils/jwt.js +46 -0
- package/dist/cjs/utils/jwt.js.map +1 -0
- package/dist/cjs/utils/mapDecode.js +33 -0
- package/dist/cjs/utils/mapDecode.js.map +1 -0
- package/dist/esm/{resources → auth}/AuthCookieManager.js +13 -4
- package/dist/esm/auth/AuthCookieManager.js.map +1 -0
- package/dist/esm/auth/cookies/session.js +58 -0
- package/dist/esm/auth/cookies/session.js.map +1 -0
- package/dist/esm/auth/request.js +134 -0
- package/dist/esm/auth/request.js.map +1 -0
- package/dist/esm/index.js +2 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/instance/TernAuth.js +166 -21
- package/dist/esm/instance/TernAuth.js.map +1 -1
- package/dist/esm/instance/events.js +3 -2
- package/dist/esm/instance/events.js.map +1 -1
- package/dist/esm/instance/jwtClient.js +47 -0
- package/dist/esm/instance/jwtClient.js.map +1 -0
- package/dist/esm/resources/Base.js +7 -0
- package/dist/esm/resources/Base.js.map +1 -1
- package/dist/esm/resources/Session.js +81 -0
- package/dist/esm/resources/Session.js.map +1 -0
- package/dist/esm/resources/SignIn.js +25 -27
- package/dist/esm/resources/SignIn.js.map +1 -1
- package/dist/esm/resources/Token.js +8 -0
- package/dist/esm/resources/Token.js.map +1 -0
- package/dist/esm/resources/UserData.js +19 -0
- package/dist/esm/resources/UserData.js.map +1 -0
- package/dist/esm/resources/cookie.js +130 -0
- package/dist/esm/resources/cookie.js.map +1 -0
- package/dist/esm/resources/internal.js +2 -1
- package/dist/esm/resources/internal.js.map +1 -1
- package/dist/esm/utils/jwt.js +22 -0
- package/dist/esm/utils/jwt.js.map +1 -0
- package/dist/esm/utils/mapDecode.js +9 -0
- package/dist/esm/utils/mapDecode.js.map +1 -0
- package/dist/types/{resources → auth}/AuthCookieManager.d.ts +5 -1
- package/dist/types/auth/AuthCookieManager.d.ts.map +1 -0
- package/dist/types/auth/cookies/session.d.ts +8 -0
- package/dist/types/auth/cookies/session.d.ts.map +1 -0
- package/dist/types/auth/request.d.ts +49 -0
- package/dist/types/auth/request.d.ts.map +1 -0
- package/dist/types/index.d.ts +2 -2
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/instance/TernAuth.d.ts +27 -5
- package/dist/types/instance/TernAuth.d.ts.map +1 -1
- package/dist/types/instance/events.d.ts +9 -1
- package/dist/types/instance/events.d.ts.map +1 -1
- package/dist/types/instance/jwtClient.d.ts +22 -0
- package/dist/types/instance/jwtClient.d.ts.map +1 -0
- package/dist/types/resources/Base.d.ts +6 -0
- package/dist/types/resources/Base.d.ts.map +1 -1
- package/dist/types/resources/Session.d.ts +49 -0
- package/dist/types/resources/Session.d.ts.map +1 -0
- package/dist/types/resources/SignIn.d.ts +8 -6
- package/dist/types/resources/SignIn.d.ts.map +1 -1
- package/dist/types/resources/Token.d.ts +5 -0
- package/dist/types/resources/Token.d.ts.map +1 -0
- package/dist/types/resources/UserData.d.ts +8 -0
- package/dist/types/resources/UserData.d.ts.map +1 -0
- package/dist/types/resources/cookie.d.ts +24 -0
- package/dist/types/resources/cookie.d.ts.map +1 -0
- package/dist/types/resources/internal.d.ts +2 -1
- package/dist/types/resources/internal.d.ts.map +1 -1
- package/dist/types/utils/jwt.d.ts +12 -0
- package/dist/types/utils/jwt.d.ts.map +1 -0
- package/dist/types/utils/mapDecode.d.ts +4 -0
- package/dist/types/utils/mapDecode.d.ts.map +1 -0
- package/package.json +4 -5
- package/dist/cjs/resources/AuthCookieManager.js.map +0 -1
- package/dist/esm/resources/AuthCookieManager.js.map +0 -1
- package/dist/types/resources/AuthCookieManager.d.ts.map +0 -1
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { eventBus, events } from "../instance/events";
|
|
2
|
+
import { TernSecureBase } from "./Base";
|
|
3
|
+
class Session extends TernSecureBase {
|
|
4
|
+
pathRoot = "/sessions/createsession";
|
|
5
|
+
status;
|
|
6
|
+
token;
|
|
7
|
+
claims;
|
|
8
|
+
authTime;
|
|
9
|
+
expirationTime;
|
|
10
|
+
issuedAtTime;
|
|
11
|
+
signInProvider;
|
|
12
|
+
signInSecondFactor;
|
|
13
|
+
user;
|
|
14
|
+
constructor(sessionData) {
|
|
15
|
+
super();
|
|
16
|
+
this.initializeFromSessionData(sessionData);
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Initialize session from existing session data
|
|
20
|
+
*/
|
|
21
|
+
initializeFromSessionData(sessionData) {
|
|
22
|
+
this.status = sessionData.status || "pending";
|
|
23
|
+
this.token = sessionData.token || "";
|
|
24
|
+
this.claims = sessionData.claims || {};
|
|
25
|
+
this.authTime = sessionData.authTime || "";
|
|
26
|
+
this.expirationTime = sessionData.expirationTime || "";
|
|
27
|
+
this.issuedAtTime = sessionData.issuedAtTime || "";
|
|
28
|
+
this.signInProvider = sessionData.signInProvider || null;
|
|
29
|
+
this.signInSecondFactor = sessionData.signInSecondFactor || null;
|
|
30
|
+
this.user = sessionData.user;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Create custom token from current session for server-side sync
|
|
34
|
+
* This calls the backend API to create a custom token from the current ID token
|
|
35
|
+
*/
|
|
36
|
+
createSession = (idToken, csrfToken) => {
|
|
37
|
+
return this._post({
|
|
38
|
+
path: this.pathRoot,
|
|
39
|
+
body: {
|
|
40
|
+
idToken,
|
|
41
|
+
csrfToken
|
|
42
|
+
}
|
|
43
|
+
});
|
|
44
|
+
};
|
|
45
|
+
/**
|
|
46
|
+
* FIXED: Now properly returns the custom token string instead of the full API response
|
|
47
|
+
* This method correctly extracts the token from the API response structure
|
|
48
|
+
*/
|
|
49
|
+
getIdAndRefreshToken = async (idToken, csrfToken) => {
|
|
50
|
+
await this.createSession(idToken, csrfToken);
|
|
51
|
+
};
|
|
52
|
+
/**
|
|
53
|
+
* NEW: create method that calls API to create session
|
|
54
|
+
* API handles everything, no return value needed
|
|
55
|
+
* This method works with the existing sessionData passed to constructor
|
|
56
|
+
*/
|
|
57
|
+
create = async (csrfToken) => {
|
|
58
|
+
await this.createSession(this.token, csrfToken);
|
|
59
|
+
eventBus.emit(events.SessionChanged, null);
|
|
60
|
+
};
|
|
61
|
+
/**
|
|
62
|
+
* Convert session to plain object for serialization
|
|
63
|
+
*/
|
|
64
|
+
toJSON() {
|
|
65
|
+
return {
|
|
66
|
+
status: this.status,
|
|
67
|
+
token: this.token,
|
|
68
|
+
claims: this.claims,
|
|
69
|
+
authTime: this.authTime,
|
|
70
|
+
expirationTime: this.expirationTime,
|
|
71
|
+
issuedAtTime: this.issuedAtTime,
|
|
72
|
+
signInProvider: this.signInProvider,
|
|
73
|
+
signInSecondFactor: this.signInSecondFactor,
|
|
74
|
+
user: this.user
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
export {
|
|
79
|
+
Session
|
|
80
|
+
};
|
|
81
|
+
//# sourceMappingURL=Session.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/resources/Session.ts"],"sourcesContent":["import type {\n IdTokenResult,\n SessionJson,\n SessionResource,\n SessionStatus,\n TernSecureUser,\n} from '@tern-secure/types';\n\nimport { eventBus, events } from '../instance/events';\nimport { TernSecureBase } from './Base';\n\n/**\n * Enhanced Session class that handles custom token authentication for client-server sync.\n *\n * Key Features:\n * - Manages custom tokens for server-side verification\n * - Uses TernSecureUser object directly (no Firebase Auth instance needed)\n * - Provides seamless client-server session synchronization\n * - Works with in-memory persistence by using custom tokens to restore auth state\n */\nexport class Session extends TernSecureBase implements SessionResource {\n pathRoot = '/sessions/createsession';\n\n status!: SessionStatus;\n token!: string;\n claims!: IdTokenResult['claims'];\n authTime!: string;\n expirationTime!: string;\n issuedAtTime!: string;\n signInProvider!: string | null;\n signInSecondFactor!: string | null;\n user?: TernSecureUser;\n\n constructor(sessionData: Partial<SessionResource>) {\n super();\n this.initializeFromSessionData(sessionData);\n }\n\n /**\n * Initialize session from existing session data\n */\n private initializeFromSessionData(sessionData: Partial<SessionResource>): void {\n this.status = sessionData.status || 'pending';\n this.token = sessionData.token || '';\n this.claims = sessionData.claims || {};\n this.authTime = sessionData.authTime || '';\n this.expirationTime = sessionData.expirationTime || '';\n this.issuedAtTime = sessionData.issuedAtTime || '';\n this.signInProvider = sessionData.signInProvider || null;\n this.signInSecondFactor = sessionData.signInSecondFactor || null;\n this.user = sessionData.user;\n }\n\n /**\n * Create custom token from current session for server-side sync\n * This calls the backend API to create a custom token from the current ID token\n */\n private createSession = (idToken: string, csrfToken: string) => {\n return this._post({\n path: this.pathRoot,\n body: {\n idToken,\n csrfToken,\n },\n });\n };\n\n\n /**\n * FIXED: Now properly returns the custom token string instead of the full API response\n * This method correctly extracts the token from the API response structure\n */\n getIdAndRefreshToken = async (idToken: string, csrfToken: string): Promise<void> => {\n await this.createSession(idToken, csrfToken);\n };\n\n /**\n * NEW: create method that calls API to create session\n * API handles everything, no return value needed\n * This method works with the existing sessionData passed to constructor\n */\n create = async (csrfToken: string): Promise<void> => {\n await this.createSession(this.token, csrfToken);\n eventBus.emit(events.SessionChanged, null);\n };\n\n /**\n * Convert session to plain object for serialization\n */\n toJSON(): SessionJson {\n return {\n status: this.status,\n token: this.token,\n claims: this.claims,\n authTime: this.authTime,\n expirationTime: this.expirationTime,\n issuedAtTime: this.issuedAtTime,\n signInProvider: this.signInProvider,\n signInSecondFactor: this.signInSecondFactor,\n user: this.user,\n };\n }\n}\n"],"mappings":"AAQA,SAAS,UAAU,cAAc;AACjC,SAAS,sBAAsB;AAWxB,MAAM,gBAAgB,eAA0C;AAAA,EACrE,WAAW;AAAA,EAEX;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA,YAAY,aAAuC;AACjD,UAAM;AACN,SAAK,0BAA0B,WAAW;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKQ,0BAA0B,aAA6C;AAC7E,SAAK,SAAS,YAAY,UAAU;AACpC,SAAK,QAAQ,YAAY,SAAS;AAClC,SAAK,SAAS,YAAY,UAAU,CAAC;AACrC,SAAK,WAAW,YAAY,YAAY;AACxC,SAAK,iBAAiB,YAAY,kBAAkB;AACpD,SAAK,eAAe,YAAY,gBAAgB;AAChD,SAAK,iBAAiB,YAAY,kBAAkB;AACpD,SAAK,qBAAqB,YAAY,sBAAsB;AAC5D,SAAK,OAAO,YAAY;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMQ,gBAAgB,CAAC,SAAiB,cAAsB;AAC9D,WAAO,KAAK,MAAM;AAAA,MAChB,MAAM,KAAK;AAAA,MACX,MAAM;AAAA,QACJ;AAAA,QACA;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,uBAAuB,OAAO,SAAiB,cAAqC;AAClF,UAAM,KAAK,cAAc,SAAS,SAAS;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,SAAS,OAAO,cAAqC;AACnD,UAAM,KAAK,cAAc,KAAK,OAAO,SAAS;AAC9C,aAAS,KAAK,OAAO,gBAAgB,IAAI;AAAA,EAC3C;AAAA;AAAA;AAAA;AAAA,EAKA,SAAsB;AACpB,WAAO;AAAA,MACL,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,MACZ,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,MACrB,cAAc,KAAK;AAAA,MACnB,gBAAgB,KAAK;AAAA,MACrB,oBAAoB,KAAK;AAAA,MACzB,MAAM,KAAK;AAAA,IACb;AAAA,EACF;AACF;","names":[]}
|
|
@@ -34,22 +34,25 @@ class SignIn extends TernSecureBase {
|
|
|
34
34
|
withEmailAndPassword = async (params) => {
|
|
35
35
|
try {
|
|
36
36
|
const { email, password } = params;
|
|
37
|
-
const
|
|
38
|
-
|
|
39
|
-
|
|
37
|
+
const { user, providerId, operationType } = await signInWithEmailAndPassword(
|
|
38
|
+
this.auth,
|
|
39
|
+
email,
|
|
40
|
+
password
|
|
41
|
+
);
|
|
40
42
|
return {
|
|
41
|
-
|
|
42
|
-
message: "Authentication successful",
|
|
43
|
+
status: "success",
|
|
43
44
|
user,
|
|
45
|
+
providerId,
|
|
46
|
+
operationType,
|
|
47
|
+
message: "Authentication successful",
|
|
44
48
|
error: !user.emailVerified ? "REQUIRES_VERIFICATION" : "AUTHENTICATED"
|
|
45
49
|
};
|
|
46
50
|
} catch (error) {
|
|
47
51
|
const authError = handleFirebaseAuthError(error);
|
|
48
52
|
return {
|
|
49
|
-
|
|
53
|
+
status: "error",
|
|
50
54
|
message: authError.message,
|
|
51
|
-
error: authError.code
|
|
52
|
-
user: null
|
|
55
|
+
error: authError.code
|
|
53
56
|
};
|
|
54
57
|
}
|
|
55
58
|
};
|
|
@@ -68,7 +71,7 @@ class SignIn extends TernSecureBase {
|
|
|
68
71
|
if ((options == null ? void 0 : options.mode) === "redirect") {
|
|
69
72
|
const redirectResult = await this.authRedirectResult();
|
|
70
73
|
if (redirectResult) {
|
|
71
|
-
if (redirectResult.success) {
|
|
74
|
+
if (redirectResult.status === "success") {
|
|
72
75
|
console.log("Redirect after sign in");
|
|
73
76
|
}
|
|
74
77
|
return redirectResult;
|
|
@@ -78,16 +81,15 @@ class SignIn extends TernSecureBase {
|
|
|
78
81
|
} else {
|
|
79
82
|
await this._signInWithPopUp(provider);
|
|
80
83
|
return {
|
|
81
|
-
|
|
84
|
+
status: "success",
|
|
82
85
|
message: "Sign in successful"
|
|
83
86
|
};
|
|
84
87
|
}
|
|
85
88
|
} catch (error) {
|
|
86
89
|
return {
|
|
87
|
-
|
|
90
|
+
status: "error",
|
|
88
91
|
message: error.message || `Sign in with ${provider} failed`,
|
|
89
|
-
error
|
|
90
|
-
user: null
|
|
92
|
+
error
|
|
91
93
|
};
|
|
92
94
|
}
|
|
93
95
|
};
|
|
@@ -105,8 +107,6 @@ class SignIn extends TernSecureBase {
|
|
|
105
107
|
await user.reload();
|
|
106
108
|
if (user.emailVerified) {
|
|
107
109
|
return {
|
|
108
|
-
success: true,
|
|
109
|
-
message: "Email is already verified. You can sign in.",
|
|
110
110
|
isVerified: true
|
|
111
111
|
};
|
|
112
112
|
}
|
|
@@ -117,8 +117,6 @@ class SignIn extends TernSecureBase {
|
|
|
117
117
|
};
|
|
118
118
|
await sendEmailVerification(user, actionCodeSettings);
|
|
119
119
|
return {
|
|
120
|
-
success: true,
|
|
121
|
-
message: "Verification email sent. Please check your inbox.",
|
|
122
120
|
isVerified: false
|
|
123
121
|
};
|
|
124
122
|
};
|
|
@@ -151,20 +149,21 @@ class SignIn extends TernSecureBase {
|
|
|
151
149
|
try {
|
|
152
150
|
const result = await getRedirectResult(this.auth);
|
|
153
151
|
if (result) {
|
|
154
|
-
const user = result
|
|
152
|
+
const { user, providerId, operationType } = result;
|
|
155
153
|
return {
|
|
156
|
-
|
|
157
|
-
user
|
|
154
|
+
status: "success",
|
|
155
|
+
user,
|
|
156
|
+
providerId,
|
|
157
|
+
operationType
|
|
158
158
|
};
|
|
159
159
|
}
|
|
160
160
|
return null;
|
|
161
161
|
} catch (error) {
|
|
162
162
|
const authError = handleFirebaseAuthError(error);
|
|
163
163
|
return {
|
|
164
|
-
|
|
164
|
+
status: "error",
|
|
165
165
|
message: authError.message,
|
|
166
|
-
error: authError.code
|
|
167
|
-
user: null
|
|
166
|
+
error: authError.code
|
|
168
167
|
};
|
|
169
168
|
}
|
|
170
169
|
}
|
|
@@ -173,14 +172,13 @@ class SignIn extends TernSecureBase {
|
|
|
173
172
|
config.provider.setCustomParameters(config.customParameters);
|
|
174
173
|
try {
|
|
175
174
|
await authMethod(this.auth, config.provider);
|
|
176
|
-
return {
|
|
175
|
+
return { status: "success", message: "Authentication initiated" };
|
|
177
176
|
} catch (error) {
|
|
178
177
|
const authError = handleFirebaseAuthError(error);
|
|
179
178
|
return {
|
|
180
|
-
|
|
179
|
+
status: "error",
|
|
181
180
|
message: authError.message,
|
|
182
|
-
error: authError.code
|
|
183
|
-
user: null
|
|
181
|
+
error: authError.code
|
|
184
182
|
};
|
|
185
183
|
}
|
|
186
184
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/resources/SignIn.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport type {\n ResendEmailVerification,\n SignInFormValuesTree,\n SignInResource,\n SignInResponseTree,\n SignInStatus,\n TernSecureUser,\n} from '@tern-secure/types';\nimport type { Auth, UserCredential } from 'firebase/auth';\nimport {\n getRedirectResult,\n GoogleAuthProvider,\n OAuthProvider,\n sendEmailVerification,\n signInWithEmailAndPassword,\n signInWithPopup,\n signInWithRedirect,\n} from 'firebase/auth';\n\nimport { TernSecureBase } from './Base';\n\ninterface ProviderConfig {\n provider: GoogleAuthProvider | OAuthProvider;\n customParameters: Record<string, string>;\n}\n\nexport type TernRequestInit = RequestInit;\n\nexport type SignInParams = {\n idToken: string;\n csrfToken: string | undefined;\n};\n\ntype FirebaseAuthResult = UserCredential | void;\n\ntype AuthMethodFunction = (\n auth: Auth,\n provider: GoogleAuthProvider | OAuthProvider,\n) => Promise<FirebaseAuthResult>;\n\nexport class SignIn extends TernSecureBase implements SignInResource {\n pathRoot = '/sessions/createsession';\n\n status?: SignInStatus | undefined;\n private auth: Auth;\n private csrfToken: string | undefined;\n private _currentUser: TernSecureUser | null = null;\n\n constructor(auth: Auth, csrfToken: string | undefined) {\n super();\n this.auth = auth;\n this.csrfToken = csrfToken;\n }\n\n signInWithCredential = async (credential: UserCredential) => {\n const idToken = await credential.user.getIdToken();\n const params = {\n idToken: idToken,\n csrfToken: this.csrfToken,\n };\n\n return this._post({\n path: this.pathRoot,\n body: params,\n });\n };\n\n withEmailAndPassword = async (params: SignInFormValuesTree): Promise<SignInResponseTree> => {\n try {\n const { email, password } = params;\n const userCredential = await signInWithEmailAndPassword(this.auth, email, password);\n\n await this.signInWithCredential(userCredential);\n\n const { user } = userCredential;\n return {\n success: true,\n message: 'Authentication successful',\n user,\n error: !user.emailVerified ? 'REQUIRES_VERIFICATION' : 'AUTHENTICATED',\n };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n success: false,\n message: authError.message,\n error: authError.code,\n user: null,\n };\n }\n };\n\n withCredential = async (params: SignInFormValuesTree): Promise<void> => {\n try {\n const { email, password } = params;\n const userCredential = await signInWithEmailAndPassword(this.auth, email, password);\n await this.signInWithCredential(userCredential);\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n console.error(authError);\n }\n };\n\n withSocialProvider = async (\n provider: string,\n options?: {\n mode?: 'popup' | 'redirect';\n },\n ): Promise<SignInResponseTree | void> => {\n try {\n if (options?.mode === 'redirect') {\n const redirectResult = await this.authRedirectResult();\n\n if (redirectResult) {\n if (redirectResult.success) {\n console.log('Redirect after sign in');\n }\n return redirectResult;\n }\n\n await this._signInWithRedirect(provider);\n return;\n } else {\n await this._signInWithPopUp(provider);\n return {\n success: true,\n message: 'Sign in successful',\n };\n }\n } catch (error: any) {\n return {\n success: false,\n message: error.message || `Sign in with ${provider} failed`,\n error,\n user: null,\n };\n }\n };\n\n completeMfaSignIn = async (_mfaToken: string, _mfaContext?: any): Promise<SignInResponseTree> => {\n throw new Error('Method not implemented.');\n };\n\n sendPasswordResetEmail = async (email: string): Promise<void> => {\n console.log(`Sending password reset email to ${email}`);\n };\n\n resendEmailVerification = async (): Promise<ResendEmailVerification> => {\n const user = this._currentUser;\n if (!user) {\n throw new Error('No user is currently signed in');\n }\n\n await user.reload();\n\n if (user.emailVerified) {\n return {\n success: true,\n message: 'Email is already verified. You can sign in.',\n isVerified: true,\n };\n }\n\n const actionCodeSettings = {\n url: '/sign-in', // TODO: Make this configurable\n handleCodeInApp: true,\n };\n\n await sendEmailVerification(user, actionCodeSettings);\n return {\n success: true,\n message: 'Verification email sent. Please check your inbox.',\n isVerified: false,\n };\n };\n\n private getProviderConfig(providerName: string): ProviderConfig {\n switch (providerName.toLowerCase()) {\n case 'google': {\n const googleProvider = new GoogleAuthProvider();\n return {\n provider: googleProvider,\n customParameters: {\n login_hint: 'user@example.com',\n prompt: 'select_account',\n },\n };\n }\n case 'microsoft': {\n const microsoftProvider = new OAuthProvider('microsoft.com');\n return {\n provider: microsoftProvider,\n customParameters: {\n prompt: 'consent',\n },\n };\n }\n default:\n throw new Error(`Unsupported provider: ${providerName}`);\n }\n }\n\n private async authRedirectResult(): Promise<SignInResponseTree | null> {\n try {\n const result = await getRedirectResult(this.auth);\n\n if (result) {\n const user = result.user;\n return {\n success: true,\n user,\n };\n }\n return null;\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n success: false,\n message: authError.message,\n error: authError.code,\n user: null,\n };\n }\n }\n\n private async executeAuthMethod(\n authMethod: AuthMethodFunction,\n providerName: string,\n ): Promise<SignInResponseTree> {\n const config = this.getProviderConfig(providerName);\n config.provider.setCustomParameters(config.customParameters);\n try {\n await authMethod(this.auth, config.provider);\n return { success: true, message: 'Authentication initiated' };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n success: false,\n message: authError.message,\n error: authError.code,\n user: null,\n };\n }\n }\n\n private async _signInWithRedirect(providerName: string): Promise<SignInResponseTree> {\n return this.executeAuthMethod(signInWithRedirect, providerName);\n }\n\n private async _signInWithPopUp(providerName: string): Promise<SignInResponseTree> {\n return this.executeAuthMethod(signInWithPopup, providerName);\n }\n\n public async checkRedirectResult(): Promise<SignInResponseTree | null> {\n return this.authRedirectResult();\n }\n}\n"],"mappings":"AAAA,SAAS,+BAA+B;AAUxC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,sBAAsB;AAqBxB,MAAM,eAAe,eAAyC;AAAA,EACnE,WAAW;AAAA,EAEX;AAAA,EACQ;AAAA,EACA;AAAA,EACA,eAAsC;AAAA,EAE9C,YAAY,MAAY,WAA+B;AACrD,UAAM;AACN,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AAAA,EAEA,uBAAuB,OAAO,eAA+B;AAC3D,UAAM,UAAU,MAAM,WAAW,KAAK,WAAW;AACjD,UAAM,SAAS;AAAA,MACb;AAAA,MACA,WAAW,KAAK;AAAA,IAClB;AAEA,WAAO,KAAK,MAAM;AAAA,MAChB,MAAM,KAAK;AAAA,MACX,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA,EAEA,uBAAuB,OAAO,WAA8D;AAC1F,QAAI;AACF,YAAM,EAAE,OAAO,SAAS,IAAI;AAC5B,YAAM,iBAAiB,MAAM,2BAA2B,KAAK,MAAM,OAAO,QAAQ;AAElF,YAAM,KAAK,qBAAqB,cAAc;AAE9C,YAAM,EAAE,KAAK,IAAI;AACjB,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT;AAAA,QACA,OAAO,CAAC,KAAK,gBAAgB,0BAA0B;AAAA,MACzD;AAAA,IACF,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,QACjB,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAAA,EAEA,iBAAiB,OAAO,WAAgD;AACtE,QAAI;AACF,YAAM,EAAE,OAAO,SAAS,IAAI;AAC5B,YAAM,iBAAiB,MAAM,2BAA2B,KAAK,MAAM,OAAO,QAAQ;AAClF,YAAM,KAAK,qBAAqB,cAAc;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,cAAQ,MAAM,SAAS;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,qBAAqB,OACnB,UACA,YAGuC;AACvC,QAAI;AACF,WAAI,mCAAS,UAAS,YAAY;AAChC,cAAM,iBAAiB,MAAM,KAAK,mBAAmB;AAErD,YAAI,gBAAgB;AAClB,cAAI,eAAe,SAAS;AAC1B,oBAAQ,IAAI,wBAAwB;AAAA,UACtC;AACA,iBAAO;AAAA,QACT;AAEA,cAAM,KAAK,oBAAoB,QAAQ;AACvC;AAAA,MACF,OAAO;AACL,cAAM,KAAK,iBAAiB,QAAQ;AACpC,eAAO;AAAA,UACL,SAAS;AAAA,UACT,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF,SAAS,OAAY;AACnB,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,MAAM,WAAW,gBAAgB,QAAQ;AAAA,QAClD;AAAA,QACA,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAAA,EAEA,oBAAoB,OAAO,WAAmB,gBAAmD;AAC/F,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAAA,EAEA,yBAAyB,OAAO,UAAiC;AAC/D,YAAQ,IAAI,mCAAmC,KAAK,EAAE;AAAA,EACxD;AAAA,EAEA,0BAA0B,YAA8C;AACtE,UAAM,OAAO,KAAK;AAClB,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,gCAAgC;AAAA,IAClD;AAEA,UAAM,KAAK,OAAO;AAElB,QAAI,KAAK,eAAe;AACtB,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS;AAAA,QACT,YAAY;AAAA,MACd;AAAA,IACF;AAEA,UAAM,qBAAqB;AAAA,MACzB,KAAK;AAAA;AAAA,MACL,iBAAiB;AAAA,IACnB;AAEA,UAAM,sBAAsB,MAAM,kBAAkB;AACpD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EAEQ,kBAAkB,cAAsC;AAC9D,YAAQ,aAAa,YAAY,GAAG;AAAA,MAClC,KAAK,UAAU;AACb,cAAM,iBAAiB,IAAI,mBAAmB;AAC9C,eAAO;AAAA,UACL,UAAU;AAAA,UACV,kBAAkB;AAAA,YAChB,YAAY;AAAA,YACZ,QAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,MACA,KAAK,aAAa;AAChB,cAAM,oBAAoB,IAAI,cAAc,eAAe;AAC3D,eAAO;AAAA,UACL,UAAU;AAAA,UACV,kBAAkB;AAAA,YAChB,QAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,MACA;AACE,cAAM,IAAI,MAAM,yBAAyB,YAAY,EAAE;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAc,qBAAyD;AACrE,QAAI;AACF,YAAM,SAAS,MAAM,kBAAkB,KAAK,IAAI;AAEhD,UAAI,QAAQ;AACV,cAAM,OAAO,OAAO;AACpB,eAAO;AAAA,UACL,SAAS;AAAA,UACT;AAAA,QACF;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,QACjB,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,kBACZ,YACA,cAC6B;AAC7B,UAAM,SAAS,KAAK,kBAAkB,YAAY;AAClD,WAAO,SAAS,oBAAoB,OAAO,gBAAgB;AAC3D,QAAI;AACF,YAAM,WAAW,KAAK,MAAM,OAAO,QAAQ;AAC3C,aAAO,EAAE,SAAS,MAAM,SAAS,2BAA2B;AAAA,IAC9D,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,QACjB,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,oBAAoB,cAAmD;AACnF,WAAO,KAAK,kBAAkB,oBAAoB,YAAY;AAAA,EAChE;AAAA,EAEA,MAAc,iBAAiB,cAAmD;AAChF,WAAO,KAAK,kBAAkB,iBAAiB,YAAY;AAAA,EAC7D;AAAA,EAEA,MAAa,sBAA0D;AACrE,WAAO,KAAK,mBAAmB;AAAA,EACjC;AACF;","names":[]}
|
|
1
|
+
{"version":3,"sources":["../../../src/resources/SignIn.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport type {\n ResendEmailVerification,\n SignInFormValues,\n SignInResource,\n SignInResponse as SignInResponseFromTypes,\n SignInStatus,\n TernSecureUser,\n} from '@tern-secure/types';\nimport type { Auth, UserCredential } from 'firebase/auth';\nimport {\n getRedirectResult,\n GoogleAuthProvider,\n OAuthProvider,\n sendEmailVerification,\n signInWithEmailAndPassword,\n signInWithPopup,\n signInWithRedirect,\n} from 'firebase/auth';\n\nimport { TernSecureBase } from './Base';\n\ntype SignInResponse = SignInResponseFromTypes;\n\ninterface ProviderConfig {\n provider: GoogleAuthProvider | OAuthProvider;\n customParameters: Record<string, string>;\n}\n\nexport type TernRequestInit = RequestInit;\n\nexport type SignInParams = {\n idToken: string;\n csrfToken: string | undefined;\n};\n\ntype FirebaseAuthResult = UserCredential | void;\n\ntype AuthMethodFunction = (\n auth: Auth,\n provider: GoogleAuthProvider | OAuthProvider,\n) => Promise<FirebaseAuthResult>;\n\nexport class SignIn extends TernSecureBase implements SignInResource {\n pathRoot = '/sessions/createsession';\n\n status?: SignInStatus | undefined;\n private auth: Auth;\n private csrfToken: string | undefined;\n private _currentUser: TernSecureUser | null = null;\n\n constructor(auth: Auth, csrfToken: string | undefined) {\n super();\n this.auth = auth;\n this.csrfToken = csrfToken;\n }\n\n signInWithCredential = async (credential: UserCredential) => {\n const idToken = await credential.user.getIdToken();\n const params = {\n idToken: idToken,\n csrfToken: this.csrfToken,\n };\n\n return this._post({\n path: this.pathRoot,\n body: params,\n });\n };\n\n withEmailAndPassword = async (params: SignInFormValues): Promise<SignInResponse> => {\n try {\n const { email, password } = params;\n const { user, providerId, operationType } = await signInWithEmailAndPassword(\n this.auth,\n email,\n password,\n );\n return {\n status: 'success',\n user,\n providerId,\n operationType,\n message: 'Authentication successful',\n error: !user.emailVerified ? 'REQUIRES_VERIFICATION' : 'AUTHENTICATED',\n };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n };\n\n withCredential = async (params: SignInFormValues): Promise<void> => {\n try {\n const { email, password } = params;\n const userCredential = await signInWithEmailAndPassword(this.auth, email, password);\n await this.signInWithCredential(userCredential);\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n console.error(authError);\n }\n };\n\n withSocialProvider = async (\n provider: string,\n options?: {\n mode?: 'popup' | 'redirect';\n },\n ): Promise<SignInResponse | void> => {\n try {\n if (options?.mode === 'redirect') {\n const redirectResult = await this.authRedirectResult();\n\n if (redirectResult) {\n if (redirectResult.status === 'success') {\n console.log('Redirect after sign in');\n }\n return redirectResult;\n }\n\n await this._signInWithRedirect(provider);\n return;\n } else {\n await this._signInWithPopUp(provider);\n return {\n status: 'success',\n message: 'Sign in successful',\n };\n }\n } catch (error: any) {\n return {\n status: 'error',\n message: error.message || `Sign in with ${provider} failed`,\n error,\n };\n }\n };\n\n completeMfaSignIn = async (_mfaToken: string, _mfaContext?: any): Promise<SignInResponse> => {\n throw new Error('Method not implemented.');\n };\n\n sendPasswordResetEmail = async (email: string): Promise<void> => {\n console.log(`Sending password reset email to ${email}`);\n };\n\n resendEmailVerification = async (): Promise<ResendEmailVerification> => {\n const user = this._currentUser;\n if (!user) {\n throw new Error('No user is currently signed in');\n }\n\n await user.reload();\n\n if (user.emailVerified) {\n return {\n isVerified: true,\n };\n }\n\n const actionCodeSettings = {\n url: '/sign-in', // TODO: Make this configurable\n handleCodeInApp: true,\n };\n\n await sendEmailVerification(user, actionCodeSettings);\n return {\n isVerified: false,\n };\n };\n\n private getProviderConfig(providerName: string): ProviderConfig {\n switch (providerName.toLowerCase()) {\n case 'google': {\n const googleProvider = new GoogleAuthProvider();\n return {\n provider: googleProvider,\n customParameters: {\n login_hint: 'user@example.com',\n prompt: 'select_account',\n },\n };\n }\n case 'microsoft': {\n const microsoftProvider = new OAuthProvider('microsoft.com');\n return {\n provider: microsoftProvider,\n customParameters: {\n prompt: 'consent',\n },\n };\n }\n default:\n throw new Error(`Unsupported provider: ${providerName}`);\n }\n }\n\n private async authRedirectResult(): Promise<SignInResponse | null> {\n try {\n const result = await getRedirectResult(this.auth);\n\n if (result) {\n const { user, providerId, operationType } = result;\n return {\n status: 'success',\n user,\n providerId,\n operationType,\n };\n }\n return null;\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n }\n\n private async executeAuthMethod(\n authMethod: AuthMethodFunction,\n providerName: string,\n ): Promise<SignInResponse> {\n const config = this.getProviderConfig(providerName);\n config.provider.setCustomParameters(config.customParameters);\n try {\n await authMethod(this.auth, config.provider);\n return { status: 'success', message: 'Authentication initiated' };\n } catch (error) {\n const authError = handleFirebaseAuthError(error);\n return {\n status: 'error',\n message: authError.message,\n error: authError.code,\n };\n }\n }\n\n private async _signInWithRedirect(providerName: string): Promise<SignInResponse> {\n return this.executeAuthMethod(signInWithRedirect, providerName);\n }\n\n private async _signInWithPopUp(providerName: string): Promise<SignInResponse> {\n return this.executeAuthMethod(signInWithPopup, providerName);\n }\n\n public async checkRedirectResult(): Promise<SignInResponse | null> {\n return this.authRedirectResult();\n }\n}\n"],"mappings":"AAAA,SAAS,+BAA+B;AAUxC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP,SAAS,sBAAsB;AAuBxB,MAAM,eAAe,eAAyC;AAAA,EACnE,WAAW;AAAA,EAEX;AAAA,EACQ;AAAA,EACA;AAAA,EACA,eAAsC;AAAA,EAE9C,YAAY,MAAY,WAA+B;AACrD,UAAM;AACN,SAAK,OAAO;AACZ,SAAK,YAAY;AAAA,EACnB;AAAA,EAEA,uBAAuB,OAAO,eAA+B;AAC3D,UAAM,UAAU,MAAM,WAAW,KAAK,WAAW;AACjD,UAAM,SAAS;AAAA,MACb;AAAA,MACA,WAAW,KAAK;AAAA,IAClB;AAEA,WAAO,KAAK,MAAM;AAAA,MAChB,MAAM,KAAK;AAAA,MACX,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AAAA,EAEA,uBAAuB,OAAO,WAAsD;AAClF,QAAI;AACF,YAAM,EAAE,OAAO,SAAS,IAAI;AAC5B,YAAM,EAAE,MAAM,YAAY,cAAc,IAAI,MAAM;AAAA,QAChD,KAAK;AAAA,QACL;AAAA,QACA;AAAA,MACF;AACA,aAAO;AAAA,QACL,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,QACA,SAAS;AAAA,QACT,OAAO,CAAC,KAAK,gBAAgB,0BAA0B;AAAA,MACzD;AAAA,IACF,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,iBAAiB,OAAO,WAA4C;AAClE,QAAI;AACF,YAAM,EAAE,OAAO,SAAS,IAAI;AAC5B,YAAM,iBAAiB,MAAM,2BAA2B,KAAK,MAAM,OAAO,QAAQ;AAClF,YAAM,KAAK,qBAAqB,cAAc;AAAA,IAChD,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,cAAQ,MAAM,SAAS;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,qBAAqB,OACnB,UACA,YAGmC;AACnC,QAAI;AACF,WAAI,mCAAS,UAAS,YAAY;AAChC,cAAM,iBAAiB,MAAM,KAAK,mBAAmB;AAErD,YAAI,gBAAgB;AAClB,cAAI,eAAe,WAAW,WAAW;AACvC,oBAAQ,IAAI,wBAAwB;AAAA,UACtC;AACA,iBAAO;AAAA,QACT;AAEA,cAAM,KAAK,oBAAoB,QAAQ;AACvC;AAAA,MACF,OAAO;AACL,cAAM,KAAK,iBAAiB,QAAQ;AACpC,eAAO;AAAA,UACL,QAAQ;AAAA,UACR,SAAS;AAAA,QACX;AAAA,MACF;AAAA,IACF,SAAS,OAAY;AACnB,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,MAAM,WAAW,gBAAgB,QAAQ;AAAA,QAClD;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,oBAAoB,OAAO,WAAmB,gBAA+C;AAC3F,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C;AAAA,EAEA,yBAAyB,OAAO,UAAiC;AAC/D,YAAQ,IAAI,mCAAmC,KAAK,EAAE;AAAA,EACxD;AAAA,EAEA,0BAA0B,YAA8C;AACtE,UAAM,OAAO,KAAK;AAClB,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,MAAM,gCAAgC;AAAA,IAClD;AAEA,UAAM,KAAK,OAAO;AAElB,QAAI,KAAK,eAAe;AACtB,aAAO;AAAA,QACL,YAAY;AAAA,MACd;AAAA,IACF;AAEA,UAAM,qBAAqB;AAAA,MACzB,KAAK;AAAA;AAAA,MACL,iBAAiB;AAAA,IACnB;AAEA,UAAM,sBAAsB,MAAM,kBAAkB;AACpD,WAAO;AAAA,MACL,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EAEQ,kBAAkB,cAAsC;AAC9D,YAAQ,aAAa,YAAY,GAAG;AAAA,MAClC,KAAK,UAAU;AACb,cAAM,iBAAiB,IAAI,mBAAmB;AAC9C,eAAO;AAAA,UACL,UAAU;AAAA,UACV,kBAAkB;AAAA,YAChB,YAAY;AAAA,YACZ,QAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,MACA,KAAK,aAAa;AAChB,cAAM,oBAAoB,IAAI,cAAc,eAAe;AAC3D,eAAO;AAAA,UACL,UAAU;AAAA,UACV,kBAAkB;AAAA,YAChB,QAAQ;AAAA,UACV;AAAA,QACF;AAAA,MACF;AAAA,MACA;AACE,cAAM,IAAI,MAAM,yBAAyB,YAAY,EAAE;AAAA,IAC3D;AAAA,EACF;AAAA,EAEA,MAAc,qBAAqD;AACjE,QAAI;AACF,YAAM,SAAS,MAAM,kBAAkB,KAAK,IAAI;AAEhD,UAAI,QAAQ;AACV,cAAM,EAAE,MAAM,YAAY,cAAc,IAAI;AAC5C,eAAO;AAAA,UACL,QAAQ;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,kBACZ,YACA,cACyB;AACzB,UAAM,SAAS,KAAK,kBAAkB,YAAY;AAClD,WAAO,SAAS,oBAAoB,OAAO,gBAAgB;AAC3D,QAAI;AACF,YAAM,WAAW,KAAK,MAAM,OAAO,QAAQ;AAC3C,aAAO,EAAE,QAAQ,WAAW,SAAS,2BAA2B;AAAA,IAClE,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,QAAQ;AAAA,QACR,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,oBAAoB,cAA+C;AAC/E,WAAO,KAAK,kBAAkB,oBAAoB,YAAY;AAAA,EAChE;AAAA,EAEA,MAAc,iBAAiB,cAA+C;AAC5E,WAAO,KAAK,kBAAkB,iBAAiB,YAAY;AAAA,EAC7D;AAAA,EAEA,MAAa,sBAAsD;AACjE,WAAO,KAAK,mBAAmB;AAAA,EACjC;AACF;","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/resources/Token.ts"],"sourcesContent":["import { TernSecureBase } from './Base';\n\nexport class Token extends TernSecureBase {\n pathroot = 'tokens';\n}\n"],"mappings":"AAAA,SAAS,sBAAsB;AAExB,MAAM,cAAc,eAAe;AAAA,EACtC,WAAW;AACf;","names":[]}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { TernSecureBase } from "./Base";
|
|
2
|
+
class UserData extends TernSecureBase {
|
|
3
|
+
pathRoot = "/accounts/lookup";
|
|
4
|
+
idToken;
|
|
5
|
+
constructor(idToken) {
|
|
6
|
+
super();
|
|
7
|
+
this.idToken = idToken;
|
|
8
|
+
}
|
|
9
|
+
get = async () => {
|
|
10
|
+
return this._post({
|
|
11
|
+
path: this.pathRoot,
|
|
12
|
+
method: "POST"
|
|
13
|
+
});
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
|
+
export {
|
|
17
|
+
UserData
|
|
18
|
+
};
|
|
19
|
+
//# sourceMappingURL=UserData.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/resources/UserData.ts"],"sourcesContent":["import { TernSecureBase } from './Base';\n\nexport class UserData extends TernSecureBase {\n pathRoot = '/accounts/lookup';\n\n private idToken: string | undefined;\n\n constructor(idToken?: string) {\n super();\n this.idToken = idToken;\n }\n\n get = async () => {\n return this._post({\n path: this.pathRoot,\n method: 'POST',\n });\n }\n}\n"],"mappings":"AAAA,SAAS,sBAAsB;AAExB,MAAM,iBAAiB,eAAe;AAAA,EAC3C,WAAW;AAAA,EAEH;AAAA,EAER,YAAY,SAAkB;AAC5B,UAAM;AACN,SAAK,UAAU;AAAA,EACjB;AAAA,EAEA,MAAM,YAAY;AAChB,WAAO,KAAK,MAAM;AAAA,MAChB,MAAM,KAAK;AAAA,MACX,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AACF;","names":[]}
|
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
import { TernSecureBase } from "./Base";
|
|
2
|
+
class Cookie extends TernSecureBase {
|
|
3
|
+
pathroot = "cookies";
|
|
4
|
+
idToken;
|
|
5
|
+
sessionToken;
|
|
6
|
+
refreshToken;
|
|
7
|
+
customToken;
|
|
8
|
+
constructor() {
|
|
9
|
+
super();
|
|
10
|
+
}
|
|
11
|
+
getTokenInCookie = (tokenName) => {
|
|
12
|
+
return this.baseGet({
|
|
13
|
+
path: `${this.pathroot}/get`,
|
|
14
|
+
search: { tokenName }
|
|
15
|
+
});
|
|
16
|
+
};
|
|
17
|
+
parseTokenResponse = (apiResponse, tokenType) => {
|
|
18
|
+
if (!apiResponse) {
|
|
19
|
+
return {
|
|
20
|
+
success: false,
|
|
21
|
+
error: `${tokenType} not found in httpOnly cookies`
|
|
22
|
+
};
|
|
23
|
+
}
|
|
24
|
+
const { success, token, error } = apiResponse;
|
|
25
|
+
return {
|
|
26
|
+
success,
|
|
27
|
+
token,
|
|
28
|
+
error
|
|
29
|
+
};
|
|
30
|
+
};
|
|
31
|
+
getIdToken = async () => {
|
|
32
|
+
const res = await this.getTokenInCookie("idToken");
|
|
33
|
+
return this.parseTokenResponse(res, "idToken");
|
|
34
|
+
};
|
|
35
|
+
getSessionToken = async () => {
|
|
36
|
+
var _a;
|
|
37
|
+
try {
|
|
38
|
+
const response = await this.getTokenInCookie("sessionToken");
|
|
39
|
+
if (!response || !((_a = response.response) == null ? void 0 : _a.token)) {
|
|
40
|
+
return {
|
|
41
|
+
success: false,
|
|
42
|
+
error: "Session token not found in httpOnly cookies"
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
return {
|
|
46
|
+
success: true,
|
|
47
|
+
token: response.response.token
|
|
48
|
+
};
|
|
49
|
+
} catch (error) {
|
|
50
|
+
return {
|
|
51
|
+
success: false,
|
|
52
|
+
error: `Failed to retrieve session token: ${error instanceof Error ? error.message : String(error)}`
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
};
|
|
56
|
+
getRefreshToken = async () => {
|
|
57
|
+
var _a;
|
|
58
|
+
try {
|
|
59
|
+
const response = await this.getTokenInCookie("refreshToken");
|
|
60
|
+
if (!response || !((_a = response.response) == null ? void 0 : _a.token)) {
|
|
61
|
+
return {
|
|
62
|
+
success: false,
|
|
63
|
+
error: "Refresh token not found in httpOnly cookies"
|
|
64
|
+
};
|
|
65
|
+
}
|
|
66
|
+
return {
|
|
67
|
+
success: true,
|
|
68
|
+
token: response.response.token
|
|
69
|
+
};
|
|
70
|
+
} catch (error) {
|
|
71
|
+
return {
|
|
72
|
+
success: false,
|
|
73
|
+
error: `Failed to retrieve refresh token: ${error instanceof Error ? error.message : String(error)}`
|
|
74
|
+
};
|
|
75
|
+
}
|
|
76
|
+
};
|
|
77
|
+
getCustomToken = async () => {
|
|
78
|
+
var _a;
|
|
79
|
+
try {
|
|
80
|
+
const response = await this.getTokenInCookie("customToken");
|
|
81
|
+
if (!response || !((_a = response.response) == null ? void 0 : _a.token)) {
|
|
82
|
+
return {
|
|
83
|
+
success: false,
|
|
84
|
+
error: "Custom token not found in httpOnly cookies"
|
|
85
|
+
};
|
|
86
|
+
}
|
|
87
|
+
return {
|
|
88
|
+
success: true,
|
|
89
|
+
token: response.response.token
|
|
90
|
+
};
|
|
91
|
+
} catch (error) {
|
|
92
|
+
return {
|
|
93
|
+
success: false,
|
|
94
|
+
error: `Failed to retrieve custom token: ${error instanceof Error ? error.message : String(error)}`
|
|
95
|
+
};
|
|
96
|
+
}
|
|
97
|
+
};
|
|
98
|
+
getAllTokens = async () => {
|
|
99
|
+
const [idToken, sessionToken, refreshToken, customToken] = await Promise.all([
|
|
100
|
+
this.getIdToken(),
|
|
101
|
+
this.getSessionToken(),
|
|
102
|
+
this.getRefreshToken(),
|
|
103
|
+
this.getCustomToken()
|
|
104
|
+
]);
|
|
105
|
+
return {
|
|
106
|
+
idToken,
|
|
107
|
+
sessionToken,
|
|
108
|
+
refreshToken,
|
|
109
|
+
customToken
|
|
110
|
+
};
|
|
111
|
+
};
|
|
112
|
+
hasToken = async (tokenType) => {
|
|
113
|
+
switch (tokenType) {
|
|
114
|
+
case "idToken":
|
|
115
|
+
return (await this.getIdToken()).success;
|
|
116
|
+
case "sessionToken":
|
|
117
|
+
return (await this.getSessionToken()).success;
|
|
118
|
+
case "refreshToken":
|
|
119
|
+
return (await this.getRefreshToken()).success;
|
|
120
|
+
case "customToken":
|
|
121
|
+
return (await this.getCustomToken()).success;
|
|
122
|
+
default:
|
|
123
|
+
return false;
|
|
124
|
+
}
|
|
125
|
+
};
|
|
126
|
+
}
|
|
127
|
+
export {
|
|
128
|
+
Cookie
|
|
129
|
+
};
|
|
130
|
+
//# sourceMappingURL=cookie.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/resources/cookie.ts"],"sourcesContent":["import type { CookieResource } from '@tern-secure/types';\n\n//import { eventBus, events } from '../instance/events';\nimport { TernSecureBase } from './Base';\n\nexport type TokenResult = {\n success: boolean;\n token?: string;\n error?: string;\n};\n\ntype CookieTokenResponse = {\n success: boolean;\n token?: string;\n error?: string;\n};\n\nexport class Cookie extends TernSecureBase implements CookieResource {\n pathroot = 'cookies';\n\n idToken?: string;\n sessionToken?: string;\n refreshToken?: string;\n customToken?: string;\n\n constructor() {\n super();\n }\n\n private getTokenInCookie = (tokenName: string) => {\n return this.baseGet({\n path: `${this.pathroot}/get`,\n search: { tokenName },\n });\n };\n\n\n private parseTokenResponse = (\n apiResponse: any,\n tokenType: string,\n ): TokenResult => {\n if (!apiResponse) {\n return {\n success: false,\n error: `${tokenType} not found in httpOnly cookies`,\n };\n }\n\n const { success, token, error } = apiResponse as CookieTokenResponse;\n\n return {\n success,\n token,\n error,\n };\n };\n\n getIdToken = async (): Promise<TokenResult> => {\n const res = await this.getTokenInCookie('idToken');\n //eventBus.emit(events.TokenJwt, { tokenType: 'idToken', response: res });\n return this.parseTokenResponse(res, 'idToken');\n };\n\n getSessionToken = async (): Promise<TokenResult> => {\n try {\n const response = await this.getTokenInCookie('sessionToken');\n\n if (!response || !response.response?.token) {\n return {\n success: false,\n error: 'Session token not found in httpOnly cookies',\n };\n }\n\n return {\n success: true,\n token: response.response.token,\n };\n } catch (error) {\n return {\n success: false,\n error: `Failed to retrieve session token: ${error instanceof Error ? error.message : String(error)}`,\n };\n }\n };\n\n getRefreshToken = async (): Promise<TokenResult> => {\n try {\n const response = await this.getTokenInCookie('refreshToken');\n\n if (!response || !response.response?.token) {\n return {\n success: false,\n error: 'Refresh token not found in httpOnly cookies',\n };\n }\n\n return {\n success: true,\n token: response.response.token,\n };\n } catch (error) {\n return {\n success: false,\n error: `Failed to retrieve refresh token: ${error instanceof Error ? error.message : String(error)}`,\n };\n }\n };\n\n getCustomToken = async (): Promise<TokenResult> => {\n try {\n const response = await this.getTokenInCookie('customToken');\n\n if (!response || !response.response?.token) {\n return {\n success: false,\n error: 'Custom token not found in httpOnly cookies',\n };\n }\n\n return {\n success: true,\n token: response.response.token,\n };\n } catch (error) {\n return {\n success: false,\n error: `Failed to retrieve custom token: ${error instanceof Error ? error.message : String(error)}`,\n };\n }\n };\n\n getAllTokens = async (): Promise<Record<string, TokenResult>> => {\n const [idToken, sessionToken, refreshToken, customToken] = await Promise.all([\n this.getIdToken(),\n this.getSessionToken(),\n this.getRefreshToken(),\n this.getCustomToken(),\n ]);\n\n return {\n idToken,\n sessionToken,\n refreshToken,\n customToken,\n };\n };\n\n hasToken = async (tokenType: keyof CookieResource): Promise<boolean> => {\n switch (tokenType) {\n case 'idToken':\n return (await this.getIdToken()).success;\n case 'sessionToken':\n return (await this.getSessionToken()).success;\n case 'refreshToken':\n return (await this.getRefreshToken()).success;\n case 'customToken':\n return (await this.getCustomToken()).success;\n default:\n return false;\n }\n };\n}\n"],"mappings":"AAGA,SAAS,sBAAsB;AAcxB,MAAM,eAAe,eAAyC;AAAA,EACnE,WAAW;AAAA,EAEX;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEA,cAAc;AACZ,UAAM;AAAA,EACR;AAAA,EAEQ,mBAAmB,CAAC,cAAsB;AAChD,WAAO,KAAK,QAAQ;AAAA,MAClB,MAAM,GAAG,KAAK,QAAQ;AAAA,MACtB,QAAQ,EAAE,UAAU;AAAA,IACtB,CAAC;AAAA,EACH;AAAA,EAGQ,qBAAqB,CAC3B,aACA,cACgB;AAChB,QAAI,CAAC,aAAa;AAChB,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,GAAG,SAAS;AAAA,MACrB;AAAA,IACF;AAEA,UAAM,EAAE,SAAS,OAAO,MAAM,IAAI;AAElC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,aAAa,YAAkC;AAC7C,UAAM,MAAM,MAAM,KAAK,iBAAiB,SAAS;AAEjD,WAAO,KAAK,mBAAmB,KAAK,SAAS;AAAA,EAC/C;AAAA,EAEA,kBAAkB,YAAkC;AA/DtD;AAgEI,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,iBAAiB,cAAc;AAE3D,UAAI,CAAC,YAAY,GAAC,cAAS,aAAT,mBAAmB,QAAO;AAC1C,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,QACT;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,SAAS,SAAS;AAAA,MAC3B;AAAA,IACF,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,qCAAqC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACpG;AAAA,IACF;AAAA,EACF;AAAA,EAEA,kBAAkB,YAAkC;AAtFtD;AAuFI,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,iBAAiB,cAAc;AAE3D,UAAI,CAAC,YAAY,GAAC,cAAS,aAAT,mBAAmB,QAAO;AAC1C,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,QACT;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,SAAS,SAAS;AAAA,MAC3B;AAAA,IACF,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,qCAAqC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACpG;AAAA,IACF;AAAA,EACF;AAAA,EAEA,iBAAiB,YAAkC;AA7GrD;AA8GI,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,iBAAiB,aAAa;AAE1D,UAAI,CAAC,YAAY,GAAC,cAAS,aAAT,mBAAmB,QAAO;AAC1C,eAAO;AAAA,UACL,SAAS;AAAA,UACT,OAAO;AAAA,QACT;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,SAAS,SAAS;AAAA,MAC3B;AAAA,IACF,SAAS,OAAO;AACd,aAAO;AAAA,QACL,SAAS;AAAA,QACT,OAAO,oCAAoC,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK,CAAC;AAAA,MACnG;AAAA,IACF;AAAA,EACF;AAAA,EAEA,eAAe,YAAkD;AAC/D,UAAM,CAAC,SAAS,cAAc,cAAc,WAAW,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC3E,KAAK,WAAW;AAAA,MAChB,KAAK,gBAAgB;AAAA,MACrB,KAAK,gBAAgB;AAAA,MACrB,KAAK,eAAe;AAAA,IACtB,CAAC;AAED,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,WAAW,OAAO,cAAsD;AACtE,YAAQ,WAAW;AAAA,MACjB,KAAK;AACH,gBAAQ,MAAM,KAAK,WAAW,GAAG;AAAA,MACnC,KAAK;AACH,gBAAQ,MAAM,KAAK,gBAAgB,GAAG;AAAA,MACxC,KAAK;AACH,gBAAQ,MAAM,KAAK,gBAAgB,GAAG;AAAA,MACxC,KAAK;AACH,gBAAQ,MAAM,KAAK,eAAe,GAAG;AAAA,MACvC;AACE,eAAO;AAAA,IACX;AAAA,EACF;AACF;","names":[]}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
+
export * from "./Session";
|
|
1
2
|
export * from "./SignUp";
|
|
2
3
|
export * from "./SignIn";
|
|
3
4
|
export * from "./Base";
|
|
4
|
-
export * from "
|
|
5
|
+
export * from "../auth/AuthCookieManager";
|
|
5
6
|
export * from "../utils";
|
|
6
7
|
export * from "./Error";
|
|
7
8
|
//# sourceMappingURL=internal.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/resources/internal.ts"],"sourcesContent":["export type { TernSecureAuth } from '../instance/TernAuth';\nexport * from './SignUp';\nexport * from './SignIn';\nexport * from './Base';\nexport * from '
|
|
1
|
+
{"version":3,"sources":["../../../src/resources/internal.ts"],"sourcesContent":["export type { TernSecureAuth } from '../instance/TernAuth';\nexport * from './Session';\nexport * from './SignUp';\nexport * from './SignIn';\nexport * from './Base';\nexport * from '../auth/AuthCookieManager';\nexport * from '../utils';\nexport * from './Error';\n"],"mappings":"AACA,cAAc;AACd,cAAc;AACd,cAAc;AACd,cAAc;AACd,cAAc;AACd,cAAc;AACd,cAAc;","names":[]}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { decodeJwt, decodeProtectedHeader } from "jose";
|
|
2
|
+
import { mapJwtPayloadToDecodedIdToken } from "./mapDecode";
|
|
3
|
+
function decode(token) {
|
|
4
|
+
const header = decodeProtectedHeader(token);
|
|
5
|
+
const payload = decodeJwt(token);
|
|
6
|
+
const parts = (token || "").split(".");
|
|
7
|
+
const [signature] = parts;
|
|
8
|
+
const data = {
|
|
9
|
+
header,
|
|
10
|
+
payload,
|
|
11
|
+
signature
|
|
12
|
+
};
|
|
13
|
+
const decoded = mapJwtPayloadToDecodedIdToken(payload);
|
|
14
|
+
return {
|
|
15
|
+
encoded: data,
|
|
16
|
+
decoded
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
export {
|
|
20
|
+
decode
|
|
21
|
+
};
|
|
22
|
+
//# sourceMappingURL=jwt.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/jwt.ts"],"sourcesContent":["import { decodeJwt, decodeProtectedHeader } from 'jose';\n\nimport type { DecodedIdToken, JWTPayload, JWTProtectedHeader } from './mapDecode';\nimport { mapJwtPayloadToDecodedIdToken } from './mapDecode';\n\ntype JWT = {\n encoded: { header: JWTProtectedHeader; payload: JWTPayload; signature: string };\n decoded: DecodedIdToken;\n};\n\nexport function decode(token: string): JWT {\n const header = decodeProtectedHeader(token);\n const payload = decodeJwt(token);\n\n const parts = (token || '').split('.');\n const [signature] = parts;\n\n const data = {\n header,\n payload,\n signature,\n };\n\n const decoded = mapJwtPayloadToDecodedIdToken(payload);\n\n return {\n encoded: data,\n decoded,\n };\n}\n"],"mappings":"AAAA,SAAS,WAAW,6BAA6B;AAGjD,SAAS,qCAAqC;AAOvC,SAAS,OAAO,OAAoB;AACzC,QAAM,SAAS,sBAAsB,KAAK;AAC1C,QAAM,UAAU,UAAU,KAAK;AAE/B,QAAM,SAAS,SAAS,IAAI,MAAM,GAAG;AACrC,QAAM,CAAC,SAAS,IAAI;AAEpB,QAAM,OAAO;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,UAAU,8BAA8B,OAAO;AAErD,SAAO;AAAA,IACL,SAAS;AAAA,IACT;AAAA,EACF;AACF;","names":[]}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../../src/utils/mapDecode.ts"],"sourcesContent":["import type { DecodedIdToken, JWTPayload, JWTProtectedHeader } from '@tern-secure/types';\n\nexport function mapJwtPayloadToDecodedIdToken(payload: JWTPayload) {\n const decodedIdToken = payload as DecodedIdToken;\n decodedIdToken.uid = decodedIdToken.sub;\n return decodedIdToken;\n}\n\nexport type { DecodedIdToken, JWTPayload, JWTProtectedHeader };\n"],"mappings":"AAEO,SAAS,8BAA8B,SAAqB;AACjE,QAAM,iBAAiB;AACvB,iBAAe,MAAM,eAAe;AACpC,SAAO;AACT;","names":[]}
|
|
@@ -6,17 +6,21 @@ type CSRFToken = {
|
|
|
6
6
|
*/
|
|
7
7
|
export declare class AuthCookieManager {
|
|
8
8
|
private readonly csrfCookieHandler;
|
|
9
|
+
private sessionCookie;
|
|
10
|
+
private idTokenCookie;
|
|
9
11
|
constructor();
|
|
10
12
|
private generateCSRFToken;
|
|
11
13
|
private ensureCSRFToken;
|
|
12
14
|
/**
|
|
13
15
|
* Set CSRFcookie
|
|
14
|
-
|
|
16
|
+
*/
|
|
15
17
|
setCSRFToken(token: CSRFToken): void;
|
|
16
18
|
/**
|
|
17
19
|
* Get CSRF token from cookies
|
|
18
20
|
*/
|
|
19
21
|
getCSRFToken(): string | undefined;
|
|
22
|
+
getSessionCookie(): string | undefined;
|
|
23
|
+
getIdTokenCookie(): string | undefined;
|
|
20
24
|
/**
|
|
21
25
|
* Clear all authentication cookies
|
|
22
26
|
*/
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"AuthCookieManager.d.ts","sourceRoot":"","sources":["../../../src/auth/AuthCookieManager.ts"],"names":[],"mappings":"AAQA,KAAK,SAAS,GAAG;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAUF;;GAEG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmC;IACrE,OAAO,CAAC,aAAa,CAAuB;IAC5C,OAAO,CAAC,aAAa,CAAuB;;IAQ5C,OAAO,CAAC,iBAAiB;IAMzB,OAAO,CAAC,eAAe;IASvB;;OAEG;IAEH,YAAY,CAAC,KAAK,EAAE,SAAS,GAAG,IAAI;IAWpC;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,SAAS;IAS3B,gBAAgB;IAIhB,gBAAgB;IAIvB;;OAEG;IACH,SAAS,IAAI,IAAI;CAOlB"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export type SessionCookieHandler = {
|
|
2
|
+
set: (token: string) => void;
|
|
3
|
+
remove: () => void;
|
|
4
|
+
get: () => string | undefined;
|
|
5
|
+
};
|
|
6
|
+
export declare const createSessionCookie: () => SessionCookieHandler;
|
|
7
|
+
export declare const createIdTokenCookie: () => SessionCookieHandler;
|
|
8
|
+
//# sourceMappingURL=session.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/auth/cookies/session.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,oBAAoB,GAAG;IACjC,GAAG,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7B,MAAM,EAAE,MAAM,IAAI,CAAC;IACnB,GAAG,EAAE,MAAM,MAAM,GAAG,SAAS,CAAC;CAC/B,CAAC;AAEF,eAAO,MAAM,mBAAmB,QAAO,oBA2BtC,CAAC;AAEF,eAAO,MAAM,mBAAmB,QAAO,oBA2BtC,CAAC"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
import type { TernSecureUserData } from '@tern-secure/types';
|
|
2
|
+
import type { TokenResult } from '../resources/cookie';
|
|
3
|
+
export interface UserDataParams {
|
|
4
|
+
idToken: string;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Client-side authentication request functionality
|
|
8
|
+
* Uses backend API calls through the configured apiUrl
|
|
9
|
+
*/
|
|
10
|
+
export declare class ClientAuthRequest {
|
|
11
|
+
private cookie;
|
|
12
|
+
private userData;
|
|
13
|
+
constructor();
|
|
14
|
+
/**
|
|
15
|
+
* Get UserData
|
|
16
|
+
*/
|
|
17
|
+
getUserData(): Promise<TernSecureUserData | null>;
|
|
18
|
+
/**
|
|
19
|
+
* Get ID token from httpOnly cookies
|
|
20
|
+
*/
|
|
21
|
+
getIdTokenFromCookie(): Promise<TokenResult>;
|
|
22
|
+
/**
|
|
23
|
+
* Get session token from httpOnly cookies
|
|
24
|
+
*/
|
|
25
|
+
getSessionTokenFromCookie(): Promise<TokenResult>;
|
|
26
|
+
/**
|
|
27
|
+
* Get refresh token from httpOnly cookies
|
|
28
|
+
*/
|
|
29
|
+
getRefreshTokenFromCookie(): Promise<TokenResult>;
|
|
30
|
+
/**
|
|
31
|
+
* Get custom token from httpOnly cookies
|
|
32
|
+
*/
|
|
33
|
+
getCustomTokenFromCookie(): Promise<TokenResult>;
|
|
34
|
+
/**
|
|
35
|
+
* Get all tokens from httpOnly cookies
|
|
36
|
+
*/
|
|
37
|
+
getAllTokensFromCookies(): Promise<Record<string, TokenResult>>;
|
|
38
|
+
/**
|
|
39
|
+
* Check if a specific token exists in cookies
|
|
40
|
+
*/
|
|
41
|
+
hasTokenInCookie(tokenType: 'idToken' | 'sessionToken' | 'refreshToken' | 'customToken'): Promise<boolean>;
|
|
42
|
+
/**
|
|
43
|
+
* Get user data using token from cookies
|
|
44
|
+
* First tries to get ID token from cookies, then uses it for user data request
|
|
45
|
+
*/
|
|
46
|
+
getUserDataWithCookieToken(): Promise<TernSecureUserData | null>;
|
|
47
|
+
}
|
|
48
|
+
export declare function createClientAuthRequest(): ClientAuthRequest;
|
|
49
|
+
//# sourceMappingURL=request.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"request.d.ts","sourceRoot":"","sources":["../../../src/auth/request.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAIvD,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,QAAQ,CAAW;;IAO3B;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAevD;;OAEG;IACG,oBAAoB,IAAI,OAAO,CAAC,WAAW,CAAC;IAWlD;;OAEG;IACG,yBAAyB,IAAI,OAAO,CAAC,WAAW,CAAC;IAWvD;;OAEG;IACG,yBAAyB,IAAI,OAAO,CAAC,WAAW,CAAC;IAWvD;;OAEG;IACG,wBAAwB,IAAI,OAAO,CAAC,WAAW,CAAC;IAWtD;;OAEG;IACG,uBAAuB,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAcrE;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,SAAS,GAAG,cAAc,GAAG,cAAc,GAAG,aAAa,GACrE,OAAO,CAAC,OAAO,CAAC;IASnB;;;OAGG;IACG,0BAA0B,IAAI,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;CAsBvE;AAED,wBAAgB,uBAAuB,IAAI,iBAAiB,CAE3D"}
|
package/dist/types/index.d.ts
CHANGED
|
@@ -4,6 +4,6 @@ export { TernServerAuth } from './instance/TernAuthServer';
|
|
|
4
4
|
export type { TernServerAuthOptions, AuthenticatedApp } from './instance/TernAuthServer';
|
|
5
5
|
export { CoreApiClient, coreApiClient } from './instance/coreApiClient';
|
|
6
6
|
export type { ApiResponse, ApiResponseJSON, RequestOptions, BeforeRequestHook, AfterResponseHook } from './instance/coreApiClient';
|
|
7
|
-
export { SignIn, TernSecureBase } from './resources/internal';
|
|
8
|
-
export type { TernSecureConfig,
|
|
7
|
+
export { SignIn, TernSecureBase, buildURL } from './resources/internal';
|
|
8
|
+
export type { AuthErrorTree, TernSecureConfig, SignInFormValues, SignInProps, SignUpProps, SignInResponse, SignInRedirectUrl, SignUpRedirectUrl, ResendEmailVerification, TernSecureUser, TernSecureState } from '@tern-secure/types';
|
|
9
9
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,YAAY,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAEzF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACxE,YAAY,EACR,WAAW,EACX,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,YAAY,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,YAAY,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAEzF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACxE,YAAY,EACR,WAAW,EACX,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAExE,YAAY,EACR,aAAa,EACb,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,cAAc,EACd,iBAAiB,EACjB,iBAAiB,EACjB,uBAAuB,EACvB,cAAc,EACd,eAAe,EAClB,MAAM,oBAAoB,CAAC"}
|