@thetechfossil/auth2 1.2.1 → 1.2.3

package/dist/index.next.server.d.ts

@@ -1,3 +1,5 @@
+import { NextRequest, NextResponse } from 'next/server';
+
 interface LinkedAccount {
     provider: 'google' | 'github';
     providerId: string;
@@ -33,7 +35,6 @@ interface RegisterData {
     name: string;
     email: string;
     password: string;
-    frontendBaseUrl?: string;
 }
 interface UpdateUserData {
     name: string;
@@ -53,6 +54,30 @@ interface AuthConfig {
     token?: string;
     csrfEnabled?: boolean;
 }
+interface Session {
+    id: string;
+    userId?: string;
+    token?: string;
+    userAgent?: string;
+    ipAddress?: string;
+    expiresAt: string;
+    createdAt: string;
+    updatedAt?: string;
+}
+interface MFASetup {
+    success: boolean;
+    qrCode?: string;
+    secret?: string;
+    message: string;
+}
+interface AuditLog {
+    id: string;
+    userId: string;
+    action: string;
+    details?: any;
+    ipAddress?: string;
+    timestamp: string;
+}
 interface UseAuthReturn {
     user: User | null;
     isAuthenticated: boolean;
@@ -71,6 +96,20 @@ interface UseAuthReturn {
     unlinkOAuthProvider: (provider: OAuthProvider) => Promise<AuthResponse>;
     csrfToken: string | null;
     refreshCsrfToken: () => Promise<void>;
+    changePassword: (oldPassword: string, newPassword: string) => Promise<AuthResponse>;
+    updateAvatar: (avatar: string) => Promise<AuthResponse>;
+    requestEmailChange: (newEmail: string) => Promise<AuthResponse>;
+    verifyEmailChange: (token: string) => Promise<AuthResponse>;
+    generate2FA: () => Promise<MFASetup>;
+    enable2FA: (token: string) => Promise<AuthResponse>;
+    disable2FA: (token: string) => Promise<AuthResponse>;
+    validate2FA: (token: string) => Promise<AuthResponse>;
+    getSessions: () => Promise<{
+        success: boolean;
+        sessions: Session[];
+    }>;
+    revokeSession: (sessionId: string) => Promise<AuthResponse>;
+    revokeAllSessions: () => Promise<AuthResponse>;
 }
 
 declare class AuthService {
@@ -100,11 +139,39 @@ declare class AuthService {
     getUserById(id: string): Promise<User>;
     forgotPassword(email: string): Promise<AuthResponse>;
     resetPassword(token: string, password: string): Promise<AuthResponse>;
+    changePassword(oldPassword: string, newPassword: string): Promise<AuthResponse>;
+    updateAvatar(avatar: string): Promise<AuthResponse>;
+    requestEmailChange(newEmail: string): Promise<AuthResponse>;
+    verifyEmailChange(token: string): Promise<AuthResponse>;
+    generate2FA(): Promise<{
+        success: boolean;
+        qrCode?: string;
+        secret?: string;
+        message: string;
+    }>;
+    enable2FA(token: string): Promise<AuthResponse>;
+    disable2FA(token: string): Promise<AuthResponse>;
+    validate2FA(token: string): Promise<AuthResponse>;
+    getSessions(): Promise<{
+        success: boolean;
+        sessions: any[];
+    }>;
+    revokeSession(sessionId: string): Promise<AuthResponse>;
+    revokeAllSessions(): Promise<AuthResponse>;
+    getAuditLogs(filters?: any): Promise<{
+        success: boolean;
+        logs: any[];
+    }>;
+    adminVerifyUser(userId: string): Promise<AuthResponse>;
+    adminForcePasswordReset(userId: string): Promise<AuthResponse>;
+    adminSuspendUser(userId: string): Promise<AuthResponse>;
+    adminActivateUser(userId: string): Promise<AuthResponse>;
 }
 
 declare class HttpClient {
     private axiosInstance;
     private csrfToken;
+    private frontendBaseUrl;
     constructor(baseUrl: string, defaultHeaders?: Record<string, string>);
     get<T>(endpoint: string, headers?: Record<string, string>): Promise<T>;
     post<T>(endpoint: string, data?: any, headers?: Record<string, string>): Promise<T>;
@@ -115,6 +182,9 @@ declare class HttpClient {
     setCsrfToken(token: string): void;
     getCsrfToken(): string | null;
     removeCsrfToken(): void;
+    setFrontendBaseUrl(url: string): void;
+    getFrontendBaseUrl(): string | null;
+    removeFrontendBaseUrl(): void;
     private refreshCsrfToken;
 }
 
@@ -139,4 +209,39 @@ declare class NextServerAuth extends AuthClient {
     static createAuthenticatedClient(config: AuthConfig, token: string): NextServerAuth;
 }
 
-export { AuthClient, AuthConfig, AuthResponse, AuthService, CsrfTokenResponse, HttpClient, LinkedAccount, LoginData, NextServerAuth, OAuthConfig, OAuthProvider, RegisterData, UpdateUserData, UseAuthReturn, User, VerifyData };
+interface AuthServerConfig {
+    authApiUrl?: string;
+    tokenCookieName?: string;
+}
+declare class AuthServer {
+    private config;
+    constructor(config?: AuthServerConfig);
+    getToken(): Promise<string | null>;
+    getCurrentUser(): Promise<User | null>;
+    isAuthenticated(): Promise<boolean>;
+    requireAuth(redirectTo?: string): Promise<User>;
+    redirectIfAuthenticated(redirectTo?: string): Promise<void>;
+    getProfile(): Promise<User | null>;
+}
+declare function getAuthServer(config?: AuthServerConfig): AuthServer;
+declare function currentUser(): Promise<User | null>;
+declare function auth(): Promise<{
+    user: User | null;
+    userId: string | null;
+    isAuthenticated: boolean;
+    token: string | null;
+}>;
+declare function requireAuth(redirectTo?: string): Promise<User>;
+declare function redirectIfAuthenticated(redirectTo?: string): Promise<void>;
+
+interface AuthMiddlewareConfig {
+    publicRoutes?: string[];
+    protectedRoutes?: string[];
+    loginUrl?: string;
+    afterLoginUrl?: string;
+    tokenCookieName?: string;
+}
+declare function authMiddleware(config?: AuthMiddlewareConfig): (request: NextRequest) => NextResponse<unknown>;
+declare function createAuthMiddleware(config?: AuthMiddlewareConfig): (request: NextRequest) => NextResponse<unknown>;
+
+export { AuditLog, AuthClient, AuthConfig, AuthResponse, AuthServer, AuthService, CsrfTokenResponse, HttpClient, LinkedAccount, LoginData, MFASetup, NextServerAuth, OAuthConfig, OAuthProvider, RegisterData, Session, UpdateUserData, UseAuthReturn, User, VerifyData, auth, authMiddleware, createAuthMiddleware, currentUser, getAuthServer, redirectIfAuthenticated, requireAuth };

package/dist/index.next.server.js

@@ -1,6 +1,9 @@
 'use strict';
 
 var axios = require('axios');
+var headers = require('next/headers');
+var navigation = require('next/navigation');
+var server = require('next/server');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -10,6 +13,7 @@ var axios__default = /*#__PURE__*/_interopDefault(axios);
 var HttpClient = class {
   constructor(baseUrl, defaultHeaders = {}) {
     this.csrfToken = null;
+    this.frontendBaseUrl = null;
     this.axiosInstance = axios__default.default.create({
       baseURL: baseUrl.replace(/\/$/, ""),
       headers: {
@@ -26,6 +30,9 @@ var HttpClient = class {
         if (this.csrfToken && ["post", "put", "delete", "patch"].includes(config.method?.toLowerCase() || "")) {
           config.headers["x-csrf-token"] = this.csrfToken;
         }
+        if (this.frontendBaseUrl) {
+          config.headers["X-Frontend-URL"] = this.frontendBaseUrl;
+        }
         return config;
       },
       (error) => Promise.reject(error)
@@ -81,6 +88,15 @@ var HttpClient = class {
   removeCsrfToken() {
     this.csrfToken = null;
   }
+  setFrontendBaseUrl(url) {
+    this.frontendBaseUrl = url;
+  }
+  getFrontendBaseUrl() {
+    return this.frontendBaseUrl;
+  }
+  removeFrontendBaseUrl() {
+    this.frontendBaseUrl = null;
+  }
   async refreshCsrfToken() {
     try {
       const response = await this.axiosInstance.get("/api/v1/auth/csrf-token");
@@ -103,6 +119,12 @@ var AuthService = class {
     };
     this.httpClient = new HttpClient(this.config.baseUrl);
     this.loadTokenFromStorage();
+    if (typeof window !== "undefined") {
+      const frontendBaseUrl = process.env.NEXT_PUBLIC_FRONTEND_BASE_URL || process.env.REACT_APP_FRONTEND_BASE_URL || process.env.NEXT_PUBLIC_APP_URL || window.location.origin;
+      if (frontendBaseUrl) {
+        this.httpClient.setFrontendBaseUrl(frontendBaseUrl);
+      }
+    }
     if (this.config.csrfEnabled && typeof window !== "undefined") {
       this.refreshCsrfToken();
     }
@@ -219,11 +241,7 @@ var AuthService = class {
     throw new Error(response.message || "Login failed");
   }
   async register(data) {
-    const registerData = { ...data };
-    if (!registerData.frontendBaseUrl && typeof window !== "undefined") {
-      registerData.frontendBaseUrl = process.env.FRONTEND_BASE_URL || process.env.NEXT_PUBLIC_FRONTEND_BASE_URL || process.env.REACT_APP_FRONTEND_BASE_URL || process.env.NEXT_PUBLIC_APP_URL || window.location.origin;
-    }
-    const response = await this.httpClient.post("/api/v1/auth/register", registerData);
+    const response = await this.httpClient.post("/api/v1/auth/register", data);
     if (response.success && response.message === "Registration data saved. Verification email sent. Please check your inbox.") {
       return response;
     }
@@ -239,15 +257,33 @@ var AuthService = class {
     return response;
   }
   async verifyEmailToken(token) {
-    const response = await this.httpClient.get(`/api/v1/auth/verify-email?token=${token}`);
-    if (response.success && response.token) {
-      this.token = response.token;
-      this.httpClient.setAuthToken(response.token);
-      this.saveTokenToStorage(response.token);
+    try {
+      const response = await this.httpClient.get(`/api/v1/auth/verify-email?token=${token}`);
+      if (response.success && response.token) {
+        this.token = response.token;
+        this.httpClient.setAuthToken(response.token);
+        this.saveTokenToStorage(response.token);
+      }
+      return response;
+    } catch (error) {
+      if (error.response?.data) {
+        return {
+          success: false,
+          message: error.response.data.message || "Email verification failed"
+        };
+      }
+      return {
+        success: false,
+        message: error.message || "Network error occurred"
+      };
     }
-    return response;
   }
   async logout() {
+    try {
+      await this.httpClient.post("/api/v1/auth/logout", {});
+    } catch (error) {
+      console.warn("Failed to call logout endpoint:", error);
+    }
     this.token = null;
     this.httpClient.removeAuthToken();
     this.httpClient.removeCsrfToken();
@@ -284,9 +320,6 @@ var AuthService = class {
     return response.user;
   }
   async forgotPassword(email) {
-    if (typeof window !== "undefined") {
-      process.env.FRONTEND_BASE_URL || process.env.NEXT_PUBLIC_FRONTEND_BASE_URL || process.env.REACT_APP_FRONTEND_BASE_URL || process.env.NEXT_PUBLIC_APP_URL || window.location.origin;
-    }
     const response = await this.httpClient.post("/api/v1/auth/forgot-password", { email });
     return response;
   }
@@ -294,6 +327,142 @@ var AuthService = class {
     const response = await this.httpClient.post("/api/v1/auth/reset-password", { token, password });
     return response;
   }
+  async changePassword(oldPassword, newPassword) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post("/api/v1/user/change-password", {
+      oldPassword,
+      newPassword
+    });
+    return response;
+  }
+  async updateAvatar(avatar) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post("/api/v1/user/update/avatar", { avatar });
+    if (response.success && response.token) {
+      this.token = response.token;
+      this.httpClient.setAuthToken(response.token);
+      this.saveTokenToStorage(response.token);
+    }
+    return response;
+  }
+  async requestEmailChange(newEmail) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post("/api/v1/user/request-email-change", {
+      newEmail
+    });
+    return response;
+  }
+  async verifyEmailChange(token) {
+    const response = await this.httpClient.get(`/api/v1/user/verify-email-change?token=${token}`);
+    if (response.success && response.token) {
+      this.token = response.token;
+      this.httpClient.setAuthToken(response.token);
+      this.saveTokenToStorage(response.token);
+    }
+    return response;
+  }
+  // 2FA / MFA Methods
+  async generate2FA() {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post(
+      "/api/v1/mfa/generate",
+      {}
+    );
+    return response;
+  }
+  async enable2FA(token) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post("/api/v1/mfa/enable", { token });
+    return response;
+  }
+  async disable2FA(token) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post("/api/v1/mfa/disable", { token });
+    return response;
+  }
+  async validate2FA(token) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post("/api/v1/mfa/validate", { token });
+    return response;
+  }
+  // Session Management Methods
+  async getSessions() {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.get("/api/v1/sessions");
+    return response;
+  }
+  async revokeSession(sessionId) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.delete(`/api/v1/sessions/${sessionId}`);
+    return response;
+  }
+  async revokeAllSessions() {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.delete("/api/v1/sessions/revoke/all");
+    this.token = null;
+    this.httpClient.removeAuthToken();
+    this.removeTokenFromStorage();
+    return response;
+  }
+  // Admin Methods
+  async getAuditLogs(filters) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.get(
+      "/api/v1/admin/audit-logs",
+      filters
+    );
+    return response;
+  }
+  async adminVerifyUser(userId) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post(`/api/v1/admin/verify-user/${userId}`, {});
+    return response;
+  }
+  async adminForcePasswordReset(userId) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post(`/api/v1/admin/force-password-reset/${userId}`, {});
+    return response;
+  }
+  async adminSuspendUser(userId) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post(`/api/v1/admin/suspend-user/${userId}`, {});
+    return response;
+  }
+  async adminActivateUser(userId) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post(`/api/v1/admin/activate-user/${userId}`, {});
+    return response;
+  }
 };
 
 // src/node/auth-client.ts
@@ -304,11 +473,11 @@ var AuthClient = class extends AuthService {
   // Override methods that require browser-specific features
   // For Node.js, token persistence must be handled manually
   async register(data) {
-    const registerData = { ...data };
-    if (!registerData.frontendBaseUrl) {
-      registerData.frontendBaseUrl = process.env.FRONTEND_BASE_URL || process.env.NEXT_PUBLIC_FRONTEND_BASE_URL || process.env.REACT_APP_FRONTEND_BASE_URL;
+    const frontendBaseUrl = process.env.FRONTEND_BASE_URL || process.env.NEXT_PUBLIC_FRONTEND_BASE_URL || process.env.REACT_APP_FRONTEND_BASE_URL;
+    if (frontendBaseUrl) {
+      this["httpClient"].setFrontendBaseUrl(frontendBaseUrl);
     }
-    const response = await this["httpClient"].post("/api/v1/auth/register", registerData);
+    const response = await this["httpClient"].post("/api/v1/auth/register", data);
     if (response.success && response.message === "Registration data saved. Verification email sent. Please check your inbox.") {
       return response;
     }
@@ -388,8 +557,8 @@ var NextServerAuth = class extends AuthClient {
     return authHeader.substring(7);
   }
   // Parse token from cookies
-  static parseTokenFromCookies(cookies) {
-    const cookieArray = cookies.split(";");
+  static parseTokenFromCookies(cookies2) {
+    const cookieArray = cookies2.split(";");
     for (const cookie of cookieArray) {
       const [name, value] = cookie.trim().split("=");
       if (name === "auth_token") {
@@ -433,10 +602,150 @@ var NextServerAuth = class extends AuthClient {
     return client;
   }
 };
+var AuthServer = class {
+  constructor(config) {
+    this.config = {
+      authApiUrl: config?.authApiUrl || process.env.AUTH_API_URL || "http://localhost:7000",
+      tokenCookieName: config?.tokenCookieName || "auth_token"
+    };
+  }
+  async getToken() {
+    const cookieStore = await headers.cookies();
+    const token = cookieStore.get(this.config.tokenCookieName);
+    return token?.value || null;
+  }
+  async getCurrentUser() {
+    const token = await this.getToken();
+    if (!token)
+      return null;
+    try {
+      const payload = JSON.parse(Buffer.from(token.split(".")[1], "base64").toString());
+      return payload.user || null;
+    } catch (error) {
+      console.error("Failed to parse user from token:", error);
+      return null;
+    }
+  }
+  async isAuthenticated() {
+    const token = await this.getToken();
+    return !!token;
+  }
+  async requireAuth(redirectTo) {
+    const user = await this.getCurrentUser();
+    if (!user) {
+      const loginPath = redirectTo || process.env.NEXT_PUBLIC_AUTH_REDIRECT_TO_LOGIN || "/auth/login";
+      navigation.redirect(loginPath);
+    }
+    return user;
+  }
+  async redirectIfAuthenticated(redirectTo) {
+    const isAuth = await this.isAuthenticated();
+    if (isAuth) {
+      const dashboardPath = redirectTo || process.env.NEXT_PUBLIC_AUTH_REDIRECT_AFTER_LOGIN || "/dashboard";
+      navigation.redirect(dashboardPath);
+    }
+  }
+  async getProfile() {
+    const token = await this.getToken();
+    if (!token)
+      return null;
+    try {
+      const response = await fetch(`${this.config.authApiUrl}/api/v1/user/me`, {
+        headers: {
+          "Authorization": `Bearer ${token}`
+        }
+      });
+      if (!response.ok) {
+        return null;
+      }
+      const data = await response.json();
+      return data.user;
+    } catch (error) {
+      console.error("Failed to fetch profile:", error);
+      return null;
+    }
+  }
+};
+var authServerInstance = null;
+function getAuthServer(config) {
+  if (!authServerInstance) {
+    authServerInstance = new AuthServer(config);
+  }
+  return authServerInstance;
+}
+async function currentUser() {
+  const auth2 = getAuthServer();
+  return auth2.getCurrentUser();
+}
+async function auth() {
+  const authServer = getAuthServer();
+  const user = await authServer.getCurrentUser();
+  const token = await authServer.getToken();
+  return {
+    user,
+    userId: user?._id || null,
+    isAuthenticated: !!user,
+    token
+  };
+}
+async function requireAuth(redirectTo) {
+  const authServer = getAuthServer();
+  return authServer.requireAuth(redirectTo);
+}
+async function redirectIfAuthenticated(redirectTo) {
+  const authServer = getAuthServer();
+  return authServer.redirectIfAuthenticated(redirectTo);
+}
+function authMiddleware(config) {
+  const {
+    publicRoutes = ["/auth/login", "/auth/register", "/auth/verify-email", "/auth/forgot-password", "/auth/reset-password"],
+    protectedRoutes = ["/dashboard"],
+    loginUrl = "/auth/login",
+    afterLoginUrl = "/dashboard",
+    tokenCookieName = "auth_token"
+  } = config || {};
+  return function middleware(request) {
+    const { pathname } = request.nextUrl;
+    const token = request.cookies.get(tokenCookieName)?.value;
+    const isAuthenticated = !!token;
+    const isPublicRoute = publicRoutes.some((route) => {
+      if (route.endsWith("*")) {
+        return pathname.startsWith(route.slice(0, -1));
+      }
+      return pathname === route || pathname.startsWith(route + "/");
+    });
+    const isProtectedRoute = protectedRoutes.some((route) => {
+      if (route.endsWith("*")) {
+        return pathname.startsWith(route.slice(0, -1));
+      }
+      return pathname === route || pathname.startsWith(route + "/");
+    });
+    if (isAuthenticated && isPublicRoute) {
+      return server.NextResponse.redirect(new URL(afterLoginUrl, request.url));
+    }
+    if (!isAuthenticated && isProtectedRoute) {
+      const loginUrlWithRedirect = new URL(loginUrl, request.url);
+      loginUrlWithRedirect.searchParams.set("redirect", pathname);
+      return server.NextResponse.redirect(loginUrlWithRedirect);
+    }
+    return server.NextResponse.next();
+  };
+}
+function createAuthMiddleware(config) {
+  return authMiddleware(config);
+}
 
 exports.AuthClient = AuthClient;
+exports.AuthServer = AuthServer;
 exports.AuthService = AuthService;
 exports.HttpClient = HttpClient;
 exports.NextServerAuth = NextServerAuth;
+exports.auth = auth;
+exports.authMiddleware = authMiddleware;
+exports.createAuthMiddleware = createAuthMiddleware;
+exports.currentUser = currentUser;
+exports.getAuthServer = getAuthServer;
+exports.redirectIfAuthenticated = redirectIfAuthenticated;
+exports.requireAuth = requireAuth;
 //# sourceMappingURL=out.js.map
 //# sourceMappingURL=index.next.server.js.map