@thetechfossil/auth2 1.2.19 → 1.2.21

package/dist/index.next.server.mjs

@@ -1,4 +1,5 @@
 import axios from 'axios';
+import { io } from 'socket.io-client';
 import { UpfilesClient } from '@thetechfossil/upfiles';
 import { cookies } from 'next/headers';
 import { redirect } from 'next/navigation';
@@ -9,6 +10,16 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
   if (typeof require !== "undefined") return require.apply(this, arguments);
   throw Error('Dynamic require of "' + x + '" is not supported');
 });
+var ERROR_MESSAGES = {
+  NETWORK_ERROR: "Unable to connect to the server. Please check your internet connection and try again.",
+  TIMEOUT: "The request took too long. Please try again.",
+  SERVER_ERROR: "Something went wrong on our end. Please try again later.",
+  UNAUTHORIZED: "Your session has expired. Please log in again.",
+  FORBIDDEN: "You do not have permission to perform this action.",
+  NOT_FOUND: "The requested resource was not found.",
+  RATE_LIMITED: "Too many requests. Please wait a moment and try again.",
+  UNKNOWN: "An unexpected error occurred. Please try again."
+};
 var HttpClient = class {
   constructor(baseUrl, defaultHeaders = {}) {
     this.csrfToken = null;
@@ -43,7 +54,7 @@ var HttpClient = class {
         }
         return config;
       },
-      (error) => Promise.reject(error)
+      (error) => Promise.reject(this.createUserFriendlyError(error))
     );
     this.axiosInstance.interceptors.response.use(
       (response) => response,
@@ -58,18 +69,71 @@ var HttpClient = class {
             }
             return this.axiosInstance(originalRequest);
           } catch (refreshError) {
-            return Promise.reject(refreshError);
+            return Promise.reject(this.createUserFriendlyError(refreshError));
           }
         }
-        if (error.response && error.response.data && error.response.data.message) {
-          const customError = new Error(error.response.data.message);
-          customError.response = error.response;
-          return Promise.reject(customError);
-        }
-        return Promise.reject(error);
+        return Promise.reject(this.createUserFriendlyError(error));
       }
     );
   }
+  /**
+   * Creates a user-friendly error message from an Axios error
+   */
+  createUserFriendlyError(error) {
+    if (error instanceof Error && !error.isAxiosError) {
+      return error;
+    }
+    let message;
+    let statusCode;
+    if (axios.isAxiosError(error)) {
+      statusCode = error.response?.status;
+      const responseData = error.response?.data;
+      if (responseData?.message) {
+        message = responseData.message;
+      } else if (!error.response) {
+        if (error.code === "ECONNABORTED" || error.message.includes("timeout")) {
+          message = ERROR_MESSAGES.TIMEOUT;
+        } else if (error.code === "ERR_NETWORK" || error.message === "Network Error") {
+          message = ERROR_MESSAGES.NETWORK_ERROR;
+        } else {
+          message = ERROR_MESSAGES.NETWORK_ERROR;
+        }
+      } else {
+        switch (statusCode) {
+          case 400:
+            message = responseData?.message || "Invalid request. Please check your input.";
+            break;
+          case 401:
+            message = responseData?.message || ERROR_MESSAGES.UNAUTHORIZED;
+            break;
+          case 403:
+            message = responseData?.message || ERROR_MESSAGES.FORBIDDEN;
+            break;
+          case 404:
+            message = responseData?.message || ERROR_MESSAGES.NOT_FOUND;
+            break;
+          case 429:
+            message = ERROR_MESSAGES.RATE_LIMITED;
+            break;
+          case 500:
+          case 502:
+          case 503:
+          case 504:
+            message = ERROR_MESSAGES.SERVER_ERROR;
+            break;
+          default:
+            message = responseData?.message || ERROR_MESSAGES.UNKNOWN;
+        }
+      }
+    } else {
+      message = error?.message || ERROR_MESSAGES.UNKNOWN;
+    }
+    const customError = new Error(message);
+    customError.response = error?.response;
+    customError.statusCode = statusCode;
+    customError.originalError = error;
+    return customError;
+  }
   async get(endpoint, headers) {
     const response = await this.axiosInstance.get(endpoint, { headers });
     return response.data;
@@ -120,16 +184,134 @@ var HttpClient = class {
     }
   }
 };
+var SocketService = class {
+  constructor(config) {
+    this.socket = null;
+    this.token = null;
+    this.eventHandlers = /* @__PURE__ */ new Map();
+    this.isConnecting = false;
+    this.config = {
+      autoConnect: false,
+      reconnection: true,
+      reconnectionAttempts: 5,
+      reconnectionDelay: 1e3,
+      ...config
+    };
+  }
+  connect(token) {
+    if (this.socket?.connected || this.isConnecting) {
+      return;
+    }
+    this.token = token;
+    this.isConnecting = true;
+    this.socket = io(this.config.baseUrl, {
+      auth: { token },
+      autoConnect: true,
+      reconnection: this.config.reconnection,
+      reconnectionAttempts: this.config.reconnectionAttempts,
+      reconnectionDelay: this.config.reconnectionDelay,
+      transports: ["websocket", "polling"]
+    });
+    this.setupEventListeners();
+  }
+  setupEventListeners() {
+    if (!this.socket) return;
+    this.socket.on("connect", () => {
+      this.isConnecting = false;
+      console.log("[Auth SDK] Socket connected");
+      this.emit("connected", {});
+    });
+    this.socket.on("disconnect", (reason) => {
+      console.log("[Auth SDK] Socket disconnected:", reason);
+      this.emit("disconnected", { reason });
+    });
+    this.socket.on("connect_error", (error) => {
+      this.isConnecting = false;
+      console.error("[Auth SDK] Socket connection error:", error.message);
+      this.emit("error", { error: error.message });
+    });
+    this.socket.on("user:updated", (data) => {
+      this.emit("user:updated", data);
+    });
+    this.socket.on("session:revoked", (data) => {
+      this.emit("session:revoked", data);
+    });
+    this.socket.on("session:all-revoked", () => {
+      this.emit("session:all-revoked", {});
+    });
+    this.socket.on("auth:password-changed", () => {
+      this.emit("auth:password-changed", {});
+    });
+    this.socket.on("auth:2fa-changed", (data) => {
+      this.emit("auth:2fa-changed", data);
+    });
+    this.socket.on("user:refresh", () => {
+      this.emit("user:refresh", {});
+    });
+  }
+  disconnect() {
+    if (this.socket) {
+      this.socket.disconnect();
+      this.socket = null;
+      this.token = null;
+      this.isConnecting = false;
+    }
+  }
+  isConnected() {
+    return this.socket?.connected ?? false;
+  }
+  // Event subscription
+  on(event, handler) {
+    if (!this.eventHandlers.has(event)) {
+      this.eventHandlers.set(event, /* @__PURE__ */ new Set());
+    }
+    this.eventHandlers.get(event).add(handler);
+    return () => {
+      this.eventHandlers.get(event)?.delete(handler);
+    };
+  }
+  off(event, handler) {
+    if (handler) {
+      this.eventHandlers.get(event)?.delete(handler);
+    } else {
+      this.eventHandlers.delete(event);
+    }
+  }
+  emit(event, data) {
+    const handlers = this.eventHandlers.get(event);
+    if (handlers) {
+      handlers.forEach((handler) => {
+        try {
+          handler(data);
+        } catch (error) {
+          console.error(`[Auth SDK] Error in event handler for ${event}:`, error);
+        }
+      });
+    }
+  }
+  // Request fresh user data from server
+  requestUserRefresh() {
+    if (this.socket?.connected) {
+      this.socket.emit("request:user");
+    }
+  }
+};
 var AuthService = class {
+  // 5 minutes cache
   constructor(config) {
     this.token = null;
     this.upfilesClient = null;
+    this.cachedUser = null;
+    this.userCacheTimestamp = 0;
+    this.USER_CACHE_TTL = 5 * 60 * 1e3;
     this.config = {
       localStorageKey: "auth_token",
       csrfEnabled: true,
+      enableSocket: true,
       ...config
     };
     this.httpClient = new HttpClient(this.config.baseUrl);
+    this.socketService = new SocketService({ baseUrl: this.config.baseUrl });
     this.loadTokenFromStorage();
     if (this.config.upfilesConfig) {
       this.upfilesClient = new UpfilesClient({
@@ -146,6 +328,9 @@ var AuthService = class {
         this.httpClient.setFrontendBaseUrl(frontendBaseUrl);
       }
     }
+    if (this.token && this.config.enableSocket !== false) {
+      this.connectSocket();
+    }
   }
   loadTokenFromStorage() {
     if (typeof window !== "undefined" && this.config.localStorageKey) {
@@ -178,6 +363,57 @@ var AuthService = class {
       }
     }
   }
+  // Socket connection management
+  connectSocket() {
+    if (this.token && this.config.enableSocket !== false && typeof window !== "undefined") {
+      this.socketService.connect(this.token);
+    }
+  }
+  disconnectSocket() {
+    this.socketService.disconnect();
+  }
+  // Socket event subscription
+  onUserUpdated(handler) {
+    return this.socketService.on("user:updated", (data) => {
+      if (data.user) {
+        this.cachedUser = data.user;
+        this.userCacheTimestamp = Date.now();
+      }
+      handler(data);
+    });
+  }
+  onSessionRevoked(handler) {
+    return this.socketService.on("session:revoked", handler);
+  }
+  onAllSessionsRevoked(handler) {
+    return this.socketService.on("session:all-revoked", handler);
+  }
+  onPasswordChanged(handler) {
+    return this.socketService.on("auth:password-changed", handler);
+  }
+  on2FAChanged(handler) {
+    return this.socketService.on("auth:2fa-changed", handler);
+  }
+  onSocketConnected(handler) {
+    return this.socketService.on("connected", handler);
+  }
+  onSocketDisconnected(handler) {
+    return this.socketService.on("disconnected", handler);
+  }
+  onSocketError(handler) {
+    return this.socketService.on("error", handler);
+  }
+  isSocketConnected() {
+    return this.socketService.isConnected();
+  }
+  // Cache management
+  clearUserCache() {
+    this.cachedUser = null;
+    this.userCacheTimestamp = 0;
+  }
+  isCacheValid() {
+    return this.cachedUser !== null && Date.now() - this.userCacheTimestamp < this.USER_CACHE_TTL;
+  }
   isAuthenticated() {
     return !!this.token;
   }
@@ -243,6 +479,11 @@ var AuthService = class {
       this.token = response.token;
       this.httpClient.setAuthToken(response.token);
       this.saveTokenToStorage(response.token);
+      if (response.user) {
+        this.cachedUser = response.user;
+        this.userCacheTimestamp = Date.now();
+      }
+      this.connectSocket();
       return response;
     }
     if (response.success && (response.message === "OTP sent to your email." || response.message === "OTP sent to your phone number.")) {
@@ -252,6 +493,11 @@ var AuthService = class {
       this.token = response.token;
       this.httpClient.setAuthToken(response.token);
       this.saveTokenToStorage(response.token);
+      if (response.user) {
+        this.cachedUser = response.user;
+        this.userCacheTimestamp = Date.now();
+      }
+      this.connectSocket();
       return response;
     }
     throw new Error(response.message || "Login failed");
@@ -295,21 +541,29 @@ var AuthService = class {
     }
   }
   async logout() {
+    this.disconnectSocket();
     try {
       await this.httpClient.post("/api/v1/auth/logout", {});
     } catch (error) {
       console.warn("Failed to call logout endpoint:", error);
     }
     this.token = null;
+    this.cachedUser = null;
+    this.userCacheTimestamp = 0;
     this.httpClient.removeAuthToken();
     this.httpClient.removeCsrfToken();
     this.removeTokenFromStorage();
   }
-  async getProfile() {
+  async getProfile(forceRefresh = false) {
     if (!this.token) {
       throw new Error("Not authenticated");
     }
+    if (!forceRefresh && this.isCacheValid() && this.cachedUser) {
+      return this.cachedUser;
+    }
     const response = await this.httpClient.get("/api/v1/user/me");
+    this.cachedUser = response.user;
+    this.userCacheTimestamp = Date.now();
     return response.user;
   }
   async updateProfile(data) {
@@ -473,6 +727,16 @@ var AuthService = class {
     );
     return response;
   }
+  async adminCreateUser(data) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post(
+      "/api/v1/admin/create-user",
+      data
+    );
+    return response;
+  }
   async adminVerifyUser(userId) {
     if (!this.token) {
       throw new Error("Not authenticated");
@@ -581,6 +845,135 @@ var AuthClient = class extends AuthService {
   }
 };
 
+// src/node/token-verifier.ts
+var TokenVerifier = class {
+  constructor(config) {
+    this.cache = /* @__PURE__ */ new Map();
+    this.cleanupInterval = null;
+    this.config = {
+      cacheTTL: 6e4,
+      // 1 minute default
+      cacheEnabled: true,
+      ...config
+    };
+    if (this.config.cacheEnabled) {
+      this.startCleanup();
+    }
+  }
+  /**
+   * Verify a JWT token and get user data
+   * Returns cached user if available and valid
+   */
+  async verifyToken(token) {
+    if (!token) {
+      return null;
+    }
+    if (this.config.cacheEnabled) {
+      const cached = this.getFromCache(token);
+      if (cached) {
+        return cached;
+      }
+    }
+    try {
+      const response = await fetch(`${this.config.authServiceUrl}/api/v1/user/me`, {
+        headers: {
+          "Authorization": `Bearer ${token}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        this.cache.delete(token);
+        return null;
+      }
+      const data = await response.json();
+      const user = data.user || null;
+      if (user && this.config.cacheEnabled) {
+        this.setCache(token, user);
+      }
+      return user;
+    } catch (error) {
+      console.error("[TokenVerifier] Auth service verification failed:", error);
+      return null;
+    }
+  }
+  /**
+   * Invalidate cache for a specific token
+   */
+  invalidateToken(token) {
+    this.cache.delete(token);
+  }
+  /**
+   * Clear all cached tokens
+   */
+  clearCache() {
+    this.cache.clear();
+  }
+  /**
+   * Get cache statistics
+   */
+  getCacheStats() {
+    return {
+      size: this.cache.size,
+      enabled: this.config.cacheEnabled,
+      ttl: this.config.cacheTTL
+    };
+  }
+  /**
+   * Stop the cleanup interval (call when shutting down)
+   */
+  destroy() {
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+      this.cleanupInterval = null;
+    }
+    this.cache.clear();
+  }
+  getFromCache(token) {
+    const entry = this.cache.get(token);
+    if (!entry) {
+      return null;
+    }
+    if (Date.now() > entry.expiresAt) {
+      this.cache.delete(token);
+      return null;
+    }
+    return entry.user;
+  }
+  setCache(token, user) {
+    this.cache.set(token, {
+      user,
+      expiresAt: Date.now() + this.config.cacheTTL
+    });
+  }
+  startCleanup() {
+    this.cleanupInterval = setInterval(() => {
+      const now = Date.now();
+      for (const [token, entry] of this.cache.entries()) {
+        if (now > entry.expiresAt) {
+          this.cache.delete(token);
+        }
+      }
+    }, 6e4);
+    if (this.cleanupInterval && this.cleanupInterval.unref) {
+      this.cleanupInterval.unref();
+    }
+  }
+};
+var defaultVerifier = null;
+function createTokenVerifier(config) {
+  defaultVerifier = new TokenVerifier(config);
+  return defaultVerifier;
+}
+function getTokenVerifier() {
+  if (!defaultVerifier) {
+    throw new Error("TokenVerifier not initialized. Call createTokenVerifier() first.");
+  }
+  return defaultVerifier;
+}
+async function verifyToken(token) {
+  return getTokenVerifier().verifyToken(token);
+}
+
 // src/nextjs/server-auth.ts
 var NextServerAuth = class _NextServerAuth extends AuthClient {
   constructor(config) {
@@ -779,6 +1172,6 @@ function createAuthMiddleware(config) {
   return authMiddleware(config);
 }
 
-export { AuthClient, AuthServer, AuthService, HttpClient, NextServerAuth, auth, authMiddleware, createAuthMiddleware, currentUser, getAuthServer, redirectIfAuthenticated, requireAuth };
+export { AuthClient, AuthServer, AuthService, HttpClient, NextServerAuth, TokenVerifier, auth, authMiddleware, createAuthMiddleware, createTokenVerifier, currentUser, getAuthServer, getTokenVerifier, redirectIfAuthenticated, requireAuth, verifyToken };
 //# sourceMappingURL=index.next.server.mjs.map
 //# sourceMappingURL=index.next.server.mjs.map