@thetechfossil/auth2 1.2.19 → 1.2.21

package/dist/index.mjs

@@ -1,8 +1,9 @@
 "use client";
 import axios from 'axios';
+import { io } from 'socket.io-client';
 import { UpfilesClient, ImageManager } from '@thetechfossil/upfiles';
 export { ConnectProjectDialog, ImageManager, ProjectFilesWidget, UpfilesClient, Uploader } from '@thetechfossil/upfiles';
-import React, { createContext, forwardRef, useContext, useState, useCallback, useEffect, useRef, useMemo } from 'react';
+import React, { createContext, forwardRef, useContext, useState, useEffect, useCallback, useRef, useMemo } from 'react';
 import { jsx, jsxs, Fragment } from 'react/jsx-runtime';
 
 var __defProp = Object.defineProperty;
@@ -16,6 +17,16 @@ var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
+var ERROR_MESSAGES = {
+  NETWORK_ERROR: "Unable to connect to the server. Please check your internet connection and try again.",
+  TIMEOUT: "The request took too long. Please try again.",
+  SERVER_ERROR: "Something went wrong on our end. Please try again later.",
+  UNAUTHORIZED: "Your session has expired. Please log in again.",
+  FORBIDDEN: "You do not have permission to perform this action.",
+  NOT_FOUND: "The requested resource was not found.",
+  RATE_LIMITED: "Too many requests. Please wait a moment and try again.",
+  UNKNOWN: "An unexpected error occurred. Please try again."
+};
 var HttpClient = class {
   constructor(baseUrl, defaultHeaders = {}) {
     this.csrfToken = null;
@@ -50,7 +61,7 @@ var HttpClient = class {
         }
         return config;
       },
-      (error) => Promise.reject(error)
+      (error) => Promise.reject(this.createUserFriendlyError(error))
     );
     this.axiosInstance.interceptors.response.use(
       (response) => response,
@@ -65,18 +76,71 @@ var HttpClient = class {
             }
             return this.axiosInstance(originalRequest);
           } catch (refreshError) {
-            return Promise.reject(refreshError);
+            return Promise.reject(this.createUserFriendlyError(refreshError));
           }
         }
-        if (error.response && error.response.data && error.response.data.message) {
-          const customError = new Error(error.response.data.message);
-          customError.response = error.response;
-          return Promise.reject(customError);
-        }
-        return Promise.reject(error);
+        return Promise.reject(this.createUserFriendlyError(error));
       }
     );
   }
+  /**
+   * Creates a user-friendly error message from an Axios error
+   */
+  createUserFriendlyError(error) {
+    if (error instanceof Error && !error.isAxiosError) {
+      return error;
+    }
+    let message;
+    let statusCode;
+    if (axios.isAxiosError(error)) {
+      statusCode = error.response?.status;
+      const responseData = error.response?.data;
+      if (responseData?.message) {
+        message = responseData.message;
+      } else if (!error.response) {
+        if (error.code === "ECONNABORTED" || error.message.includes("timeout")) {
+          message = ERROR_MESSAGES.TIMEOUT;
+        } else if (error.code === "ERR_NETWORK" || error.message === "Network Error") {
+          message = ERROR_MESSAGES.NETWORK_ERROR;
+        } else {
+          message = ERROR_MESSAGES.NETWORK_ERROR;
+        }
+      } else {
+        switch (statusCode) {
+          case 400:
+            message = responseData?.message || "Invalid request. Please check your input.";
+            break;
+          case 401:
+            message = responseData?.message || ERROR_MESSAGES.UNAUTHORIZED;
+            break;
+          case 403:
+            message = responseData?.message || ERROR_MESSAGES.FORBIDDEN;
+            break;
+          case 404:
+            message = responseData?.message || ERROR_MESSAGES.NOT_FOUND;
+            break;
+          case 429:
+            message = ERROR_MESSAGES.RATE_LIMITED;
+            break;
+          case 500:
+          case 502:
+          case 503:
+          case 504:
+            message = ERROR_MESSAGES.SERVER_ERROR;
+            break;
+          default:
+            message = responseData?.message || ERROR_MESSAGES.UNKNOWN;
+        }
+      }
+    } else {
+      message = error?.message || ERROR_MESSAGES.UNKNOWN;
+    }
+    const customError = new Error(message);
+    customError.response = error?.response;
+    customError.statusCode = statusCode;
+    customError.originalError = error;
+    return customError;
+  }
   async get(endpoint, headers) {
     const response = await this.axiosInstance.get(endpoint, { headers });
     return response.data;
@@ -127,16 +191,134 @@ var HttpClient = class {
     }
   }
 };
+var SocketService = class {
+  constructor(config) {
+    this.socket = null;
+    this.token = null;
+    this.eventHandlers = /* @__PURE__ */ new Map();
+    this.isConnecting = false;
+    this.config = {
+      autoConnect: false,
+      reconnection: true,
+      reconnectionAttempts: 5,
+      reconnectionDelay: 1e3,
+      ...config
+    };
+  }
+  connect(token) {
+    if (this.socket?.connected || this.isConnecting) {
+      return;
+    }
+    this.token = token;
+    this.isConnecting = true;
+    this.socket = io(this.config.baseUrl, {
+      auth: { token },
+      autoConnect: true,
+      reconnection: this.config.reconnection,
+      reconnectionAttempts: this.config.reconnectionAttempts,
+      reconnectionDelay: this.config.reconnectionDelay,
+      transports: ["websocket", "polling"]
+    });
+    this.setupEventListeners();
+  }
+  setupEventListeners() {
+    if (!this.socket) return;
+    this.socket.on("connect", () => {
+      this.isConnecting = false;
+      console.log("[Auth SDK] Socket connected");
+      this.emit("connected", {});
+    });
+    this.socket.on("disconnect", (reason) => {
+      console.log("[Auth SDK] Socket disconnected:", reason);
+      this.emit("disconnected", { reason });
+    });
+    this.socket.on("connect_error", (error) => {
+      this.isConnecting = false;
+      console.error("[Auth SDK] Socket connection error:", error.message);
+      this.emit("error", { error: error.message });
+    });
+    this.socket.on("user:updated", (data) => {
+      this.emit("user:updated", data);
+    });
+    this.socket.on("session:revoked", (data) => {
+      this.emit("session:revoked", data);
+    });
+    this.socket.on("session:all-revoked", () => {
+      this.emit("session:all-revoked", {});
+    });
+    this.socket.on("auth:password-changed", () => {
+      this.emit("auth:password-changed", {});
+    });
+    this.socket.on("auth:2fa-changed", (data) => {
+      this.emit("auth:2fa-changed", data);
+    });
+    this.socket.on("user:refresh", () => {
+      this.emit("user:refresh", {});
+    });
+  }
+  disconnect() {
+    if (this.socket) {
+      this.socket.disconnect();
+      this.socket = null;
+      this.token = null;
+      this.isConnecting = false;
+    }
+  }
+  isConnected() {
+    return this.socket?.connected ?? false;
+  }
+  // Event subscription
+  on(event, handler) {
+    if (!this.eventHandlers.has(event)) {
+      this.eventHandlers.set(event, /* @__PURE__ */ new Set());
+    }
+    this.eventHandlers.get(event).add(handler);
+    return () => {
+      this.eventHandlers.get(event)?.delete(handler);
+    };
+  }
+  off(event, handler) {
+    if (handler) {
+      this.eventHandlers.get(event)?.delete(handler);
+    } else {
+      this.eventHandlers.delete(event);
+    }
+  }
+  emit(event, data) {
+    const handlers = this.eventHandlers.get(event);
+    if (handlers) {
+      handlers.forEach((handler) => {
+        try {
+          handler(data);
+        } catch (error) {
+          console.error(`[Auth SDK] Error in event handler for ${event}:`, error);
+        }
+      });
+    }
+  }
+  // Request fresh user data from server
+  requestUserRefresh() {
+    if (this.socket?.connected) {
+      this.socket.emit("request:user");
+    }
+  }
+};
 var AuthService = class {
+  // 5 minutes cache
   constructor(config) {
     this.token = null;
     this.upfilesClient = null;
+    this.cachedUser = null;
+    this.userCacheTimestamp = 0;
+    this.USER_CACHE_TTL = 5 * 60 * 1e3;
     this.config = {
       localStorageKey: "auth_token",
       csrfEnabled: true,
+      enableSocket: true,
       ...config
     };
     this.httpClient = new HttpClient(this.config.baseUrl);
+    this.socketService = new SocketService({ baseUrl: this.config.baseUrl });
     this.loadTokenFromStorage();
     if (this.config.upfilesConfig) {
       this.upfilesClient = new UpfilesClient({
@@ -153,6 +335,9 @@ var AuthService = class {
         this.httpClient.setFrontendBaseUrl(frontendBaseUrl);
       }
     }
+    if (this.token && this.config.enableSocket !== false) {
+      this.connectSocket();
+    }
   }
   loadTokenFromStorage() {
     if (typeof window !== "undefined" && this.config.localStorageKey) {
@@ -185,6 +370,57 @@ var AuthService = class {
       }
     }
   }
+  // Socket connection management
+  connectSocket() {
+    if (this.token && this.config.enableSocket !== false && typeof window !== "undefined") {
+      this.socketService.connect(this.token);
+    }
+  }
+  disconnectSocket() {
+    this.socketService.disconnect();
+  }
+  // Socket event subscription
+  onUserUpdated(handler) {
+    return this.socketService.on("user:updated", (data) => {
+      if (data.user) {
+        this.cachedUser = data.user;
+        this.userCacheTimestamp = Date.now();
+      }
+      handler(data);
+    });
+  }
+  onSessionRevoked(handler) {
+    return this.socketService.on("session:revoked", handler);
+  }
+  onAllSessionsRevoked(handler) {
+    return this.socketService.on("session:all-revoked", handler);
+  }
+  onPasswordChanged(handler) {
+    return this.socketService.on("auth:password-changed", handler);
+  }
+  on2FAChanged(handler) {
+    return this.socketService.on("auth:2fa-changed", handler);
+  }
+  onSocketConnected(handler) {
+    return this.socketService.on("connected", handler);
+  }
+  onSocketDisconnected(handler) {
+    return this.socketService.on("disconnected", handler);
+  }
+  onSocketError(handler) {
+    return this.socketService.on("error", handler);
+  }
+  isSocketConnected() {
+    return this.socketService.isConnected();
+  }
+  // Cache management
+  clearUserCache() {
+    this.cachedUser = null;
+    this.userCacheTimestamp = 0;
+  }
+  isCacheValid() {
+    return this.cachedUser !== null && Date.now() - this.userCacheTimestamp < this.USER_CACHE_TTL;
+  }
   isAuthenticated() {
     return !!this.token;
   }
@@ -250,6 +486,11 @@ var AuthService = class {
       this.token = response.token;
       this.httpClient.setAuthToken(response.token);
       this.saveTokenToStorage(response.token);
+      if (response.user) {
+        this.cachedUser = response.user;
+        this.userCacheTimestamp = Date.now();
+      }
+      this.connectSocket();
       return response;
     }
     if (response.success && (response.message === "OTP sent to your email." || response.message === "OTP sent to your phone number.")) {
@@ -259,6 +500,11 @@ var AuthService = class {
       this.token = response.token;
       this.httpClient.setAuthToken(response.token);
       this.saveTokenToStorage(response.token);
+      if (response.user) {
+        this.cachedUser = response.user;
+        this.userCacheTimestamp = Date.now();
+      }
+      this.connectSocket();
       return response;
     }
     throw new Error(response.message || "Login failed");
@@ -302,21 +548,29 @@ var AuthService = class {
     }
   }
   async logout() {
+    this.disconnectSocket();
     try {
       await this.httpClient.post("/api/v1/auth/logout", {});
     } catch (error) {
       console.warn("Failed to call logout endpoint:", error);
     }
     this.token = null;
+    this.cachedUser = null;
+    this.userCacheTimestamp = 0;
     this.httpClient.removeAuthToken();
     this.httpClient.removeCsrfToken();
     this.removeTokenFromStorage();
   }
-  async getProfile() {
+  async getProfile(forceRefresh = false) {
     if (!this.token) {
       throw new Error("Not authenticated");
     }
+    if (!forceRefresh && this.isCacheValid() && this.cachedUser) {
+      return this.cachedUser;
+    }
     const response = await this.httpClient.get("/api/v1/user/me");
+    this.cachedUser = response.user;
+    this.userCacheTimestamp = Date.now();
     return response.user;
   }
   async updateProfile(data) {
@@ -480,6 +734,16 @@ var AuthService = class {
     );
     return response;
   }
+  async adminCreateUser(data) {
+    if (!this.token) {
+      throw new Error("Not authenticated");
+    }
+    const response = await this.httpClient.post(
+      "/api/v1/admin/create-user",
+      data
+    );
+    return response;
+  }
   async adminVerifyUser(userId) {
     if (!this.token) {
       throw new Error("Not authenticated");
@@ -572,21 +836,49 @@ var AuthProvider = ({ children, config }) => {
   const [user, setUser] = useState(null);
   const [isLoaded, setIsLoaded] = useState(false);
   const [loading, setLoading] = useState(false);
-  const checkAuthStatus = useCallback(async () => {
+  const [isSocketConnected, setIsSocketConnected] = useState(false);
+  useEffect(() => {
+    const unsubUserUpdated = authService.onUserUpdated(({ user: updatedUser }) => {
+      if (updatedUser) {
+        setUser(updatedUser);
+      }
+    });
+    const unsubSessionRevoked = authService.onSessionRevoked(() => {
+      authService.logout().then(() => {
+        setUser(null);
+      });
+    });
+    const unsubAllSessionsRevoked = authService.onAllSessionsRevoked(() => {
+      authService.logout().then(() => {
+        setUser(null);
+      });
+    });
+    const unsubPasswordChanged = authService.onPasswordChanged(() => {
+      authService.logout().then(() => {
+        setUser(null);
+      });
+    });
+    const unsubConnected = authService.onSocketConnected(() => {
+      setIsSocketConnected(true);
+    });
+    const unsubDisconnected = authService.onSocketDisconnected(() => {
+      setIsSocketConnected(false);
+    });
+    return () => {
+      unsubUserUpdated();
+      unsubSessionRevoked();
+      unsubAllSessionsRevoked();
+      unsubPasswordChanged();
+      unsubConnected();
+      unsubDisconnected();
+    };
+  }, [authService]);
+  useEffect(() => {
     const authenticated = authService.isAuthenticated();
     if (authenticated) {
-      try {
-        const freshUser = await authService.getProfile();
-        setUser(freshUser);
-      } catch (error) {
-        console.error("Failed to fetch fresh user profile, falling back to token:", error);
-        try {
-          const currentUser = authService.getCurrentUser();
-          setUser(currentUser);
-        } catch (fallbackError) {
-          console.error("Failed to get current user from token:", fallbackError);
-          setUser(null);
-        }
+      const currentUser = authService.getCurrentUser();
+      if (currentUser) {
+        setUser(currentUser);
       }
     } else {
       setUser(null);
@@ -594,8 +886,21 @@ var AuthProvider = ({ children, config }) => {
     setIsLoaded(true);
   }, [authService]);
   useEffect(() => {
-    checkAuthStatus();
-  }, [checkAuthStatus]);
+    if (!isLoaded) return;
+    const authenticated = authService.isAuthenticated();
+    if (!authenticated) return;
+    const fetchFreshUser = async () => {
+      try {
+        const freshUser = await authService.getProfile();
+        setUser(freshUser);
+      } catch (error) {
+        console.warn("[Auth SDK] Failed to fetch fresh user profile:", error);
+      }
+    };
+    if (isSocketConnected) {
+      fetchFreshUser();
+    }
+  }, [authService, isLoaded, isSocketConnected]);
   const signIn = useCallback(async (data) => {
     setLoading(true);
     try {
@@ -817,6 +1122,7 @@ var AuthProvider = ({ children, config }) => {
     isLoaded,
     isSignedIn: !!user,
     loading,
+    isSocketConnected,
     signIn,
     signUp,
     signOut,
@@ -3701,15 +4007,15 @@ var VerifyEmail = ({ token, onSuccess, onError }) => {
   const [message, setMessage] = useState("");
   useEffect(() => {
     const verify = async () => {
-      const verifyToken = token || (typeof window !== "undefined" ? new URLSearchParams(window.location.search).get("token") : null);
-      if (!verifyToken) {
+      const verifyToken2 = token || (typeof window !== "undefined" ? new URLSearchParams(window.location.search).get("token") : null);
+      if (!verifyToken2) {
         setStatus("error");
         setMessage("No verification token provided");
         onError?.("No verification token provided");
         return;
       }
       try {
-        const response = await verifyEmailToken(verifyToken);
+        const response = await verifyEmailToken(verifyToken2);
         if (response.success) {
           setStatus("success");
           setMessage("Email verified successfully! Redirecting...");
@@ -4468,11 +4774,11 @@ var ChangePassword = ({ onSuccess, appearance }) => {
 
 // src/react/components/utils/injectModalStyles.ts
 var injectModalStyles = () => {
-  if (document.getElementById("ttf-auth-modal-styles")) {
+  if (document.getElementById("ktw-auth-modal-styles")) {
     return;
   }
   const styleElement = document.createElement("style");
-  styleElement.id = "ttf-auth-modal-styles";
+  styleElement.id = "ktw-auth-modal-styles";
   styleElement.textContent = `
     /* ImageManager Modal Styles - Critical for proper modal display */
     /* Radix UI Dialog styles - Force visibility */
@@ -5010,7 +5316,11 @@ __export(react_exports, {
 // src/node/index.ts
 var node_exports = {};
 __export(node_exports, {
-  AuthClient: () => AuthClient
+  AuthClient: () => AuthClient,
+  TokenVerifier: () => TokenVerifier,
+  createTokenVerifier: () => createTokenVerifier,
+  getTokenVerifier: () => getTokenVerifier,
+  verifyToken: () => verifyToken
 });
 
 // src/node/auth-client.ts
@@ -5091,6 +5401,135 @@ var AuthClient = class extends AuthService {
   }
 };
 
-export { AuthFlow, AuthProvider, AuthService, AvatarManager, AvatarUploader, ChangePassword, EmailVerificationPage, ForgotPassword, HttpClient, LoginForm, OtpForm, ProtectedRoute, PublicRoute, RegisterForm, ResetPassword, SignIn, SignOut, SignUp, UserButton, UserProfile, VerifyEmail, node_exports as node, react_exports as react, useAuth };
+// src/node/token-verifier.ts
+var TokenVerifier = class {
+  constructor(config) {
+    this.cache = /* @__PURE__ */ new Map();
+    this.cleanupInterval = null;
+    this.config = {
+      cacheTTL: 6e4,
+      // 1 minute default
+      cacheEnabled: true,
+      ...config
+    };
+    if (this.config.cacheEnabled) {
+      this.startCleanup();
+    }
+  }
+  /**
+   * Verify a JWT token and get user data
+   * Returns cached user if available and valid
+   */
+  async verifyToken(token) {
+    if (!token) {
+      return null;
+    }
+    if (this.config.cacheEnabled) {
+      const cached = this.getFromCache(token);
+      if (cached) {
+        return cached;
+      }
+    }
+    try {
+      const response = await fetch(`${this.config.authServiceUrl}/api/v1/user/me`, {
+        headers: {
+          "Authorization": `Bearer ${token}`,
+          "Content-Type": "application/json"
+        }
+      });
+      if (!response.ok) {
+        this.cache.delete(token);
+        return null;
+      }
+      const data = await response.json();
+      const user = data.user || null;
+      if (user && this.config.cacheEnabled) {
+        this.setCache(token, user);
+      }
+      return user;
+    } catch (error) {
+      console.error("[TokenVerifier] Auth service verification failed:", error);
+      return null;
+    }
+  }
+  /**
+   * Invalidate cache for a specific token
+   */
+  invalidateToken(token) {
+    this.cache.delete(token);
+  }
+  /**
+   * Clear all cached tokens
+   */
+  clearCache() {
+    this.cache.clear();
+  }
+  /**
+   * Get cache statistics
+   */
+  getCacheStats() {
+    return {
+      size: this.cache.size,
+      enabled: this.config.cacheEnabled,
+      ttl: this.config.cacheTTL
+    };
+  }
+  /**
+   * Stop the cleanup interval (call when shutting down)
+   */
+  destroy() {
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+      this.cleanupInterval = null;
+    }
+    this.cache.clear();
+  }
+  getFromCache(token) {
+    const entry = this.cache.get(token);
+    if (!entry) {
+      return null;
+    }
+    if (Date.now() > entry.expiresAt) {
+      this.cache.delete(token);
+      return null;
+    }
+    return entry.user;
+  }
+  setCache(token, user) {
+    this.cache.set(token, {
+      user,
+      expiresAt: Date.now() + this.config.cacheTTL
+    });
+  }
+  startCleanup() {
+    this.cleanupInterval = setInterval(() => {
+      const now = Date.now();
+      for (const [token, entry] of this.cache.entries()) {
+        if (now > entry.expiresAt) {
+          this.cache.delete(token);
+        }
+      }
+    }, 6e4);
+    if (this.cleanupInterval && this.cleanupInterval.unref) {
+      this.cleanupInterval.unref();
+    }
+  }
+};
+var defaultVerifier = null;
+function createTokenVerifier(config) {
+  defaultVerifier = new TokenVerifier(config);
+  return defaultVerifier;
+}
+function getTokenVerifier() {
+  if (!defaultVerifier) {
+    throw new Error("TokenVerifier not initialized. Call createTokenVerifier() first.");
+  }
+  return defaultVerifier;
+}
+async function verifyToken(token) {
+  return getTokenVerifier().verifyToken(token);
+}
+
+export { AuthFlow, AuthProvider, AuthService, AvatarManager, AvatarUploader, ChangePassword, EmailVerificationPage, ForgotPassword, HttpClient, LoginForm, OtpForm, ProtectedRoute, PublicRoute, RegisterForm, ResetPassword, SignIn, SignOut, SignUp, SocketService, UserButton, UserProfile, VerifyEmail, node_exports as node, react_exports as react, useAuth };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map