@vylth/nexus-react 1.0.0

package/dist/index.d.mts

@@ -0,0 +1,86 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ReactNode } from 'react';
+
+interface NexusUser {
+    id: string;
+    email: string;
+    username: string;
+    firstName: string;
+    lastName: string;
+    avatar: string;
+    globalRole: string;
+    emailVerified: boolean;
+    affiliateCode: string;
+    twoFactorEnabled: boolean;
+    appRoles?: Record<string, {
+        role: string;
+        permissions: string[];
+    }>;
+}
+interface NexusConfig {
+    clientId: string;
+    redirectUri: string;
+    nexusUrl?: string;
+    apiUrl?: string;
+}
+interface NexusAuthResult {
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+    investor: {
+        id: string;
+        email: string;
+        first_name: string;
+        last_name: string;
+        username: string;
+        avatar_url: string;
+        email_verified: boolean;
+        two_factor_enabled: boolean;
+        global_role: string;
+    };
+    session_id: string;
+}
+interface NexusContextValue {
+    user: NexusUser | null;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    accessToken: string | null;
+    login: () => void;
+    logout: () => void;
+    refreshUser: () => Promise<void>;
+}
+
+interface NexusProviderProps extends NexusConfig {
+    children: ReactNode;
+    onLogin?: (user: NexusUser) => void;
+    onLogout?: () => void;
+}
+declare function NexusProvider({ children, clientId, redirectUri, nexusUrl, apiUrl, onLogin, onLogout, }: NexusProviderProps): react_jsx_runtime.JSX.Element;
+
+interface NexusCallbackProps {
+    onSuccess?: () => void;
+    onError?: (error: string) => void;
+}
+declare function NexusCallback({ onSuccess, onError }: NexusCallbackProps): react_jsx_runtime.JSX.Element;
+
+interface NexusLoginButtonProps {
+    label?: string;
+    size?: 'sm' | 'md' | 'lg';
+    variant?: 'dark' | 'light' | 'outline';
+    className?: string;
+    style?: React.CSSProperties;
+}
+declare function NexusLoginButton({ label, size, variant, className, style: customStyle, }: NexusLoginButtonProps): react_jsx_runtime.JSX.Element;
+
+declare function useNexus(): NexusContextValue;
+
+declare function setTokens(access: string, refresh: string): void;
+declare function getAccessToken(): string | null;
+declare function getRefreshToken(): string | null;
+declare function clearTokens(): void;
+declare function isTokenValid(): boolean;
+declare function decodeUser(token: string): NexusUser | null;
+declare function refreshTokens(apiUrl: string): Promise<boolean>;
+declare function nexusFetch<T>(apiUrl: string, path: string, options?: RequestInit, onAuthFailure?: () => void): Promise<T>;
+
+export { type NexusAuthResult, NexusCallback, type NexusConfig, type NexusContextValue, NexusLoginButton, NexusProvider, type NexusUser, clearTokens, decodeUser, getAccessToken, getRefreshToken, isTokenValid, nexusFetch, refreshTokens, setTokens, useNexus };

package/dist/index.d.ts

@@ -0,0 +1,86 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ReactNode } from 'react';
+
+interface NexusUser {
+    id: string;
+    email: string;
+    username: string;
+    firstName: string;
+    lastName: string;
+    avatar: string;
+    globalRole: string;
+    emailVerified: boolean;
+    affiliateCode: string;
+    twoFactorEnabled: boolean;
+    appRoles?: Record<string, {
+        role: string;
+        permissions: string[];
+    }>;
+}
+interface NexusConfig {
+    clientId: string;
+    redirectUri: string;
+    nexusUrl?: string;
+    apiUrl?: string;
+}
+interface NexusAuthResult {
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+    investor: {
+        id: string;
+        email: string;
+        first_name: string;
+        last_name: string;
+        username: string;
+        avatar_url: string;
+        email_verified: boolean;
+        two_factor_enabled: boolean;
+        global_role: string;
+    };
+    session_id: string;
+}
+interface NexusContextValue {
+    user: NexusUser | null;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    accessToken: string | null;
+    login: () => void;
+    logout: () => void;
+    refreshUser: () => Promise<void>;
+}
+
+interface NexusProviderProps extends NexusConfig {
+    children: ReactNode;
+    onLogin?: (user: NexusUser) => void;
+    onLogout?: () => void;
+}
+declare function NexusProvider({ children, clientId, redirectUri, nexusUrl, apiUrl, onLogin, onLogout, }: NexusProviderProps): react_jsx_runtime.JSX.Element;
+
+interface NexusCallbackProps {
+    onSuccess?: () => void;
+    onError?: (error: string) => void;
+}
+declare function NexusCallback({ onSuccess, onError }: NexusCallbackProps): react_jsx_runtime.JSX.Element;
+
+interface NexusLoginButtonProps {
+    label?: string;
+    size?: 'sm' | 'md' | 'lg';
+    variant?: 'dark' | 'light' | 'outline';
+    className?: string;
+    style?: React.CSSProperties;
+}
+declare function NexusLoginButton({ label, size, variant, className, style: customStyle, }: NexusLoginButtonProps): react_jsx_runtime.JSX.Element;
+
+declare function useNexus(): NexusContextValue;
+
+declare function setTokens(access: string, refresh: string): void;
+declare function getAccessToken(): string | null;
+declare function getRefreshToken(): string | null;
+declare function clearTokens(): void;
+declare function isTokenValid(): boolean;
+declare function decodeUser(token: string): NexusUser | null;
+declare function refreshTokens(apiUrl: string): Promise<boolean>;
+declare function nexusFetch<T>(apiUrl: string, path: string, options?: RequestInit, onAuthFailure?: () => void): Promise<T>;
+
+export { type NexusAuthResult, NexusCallback, type NexusConfig, type NexusContextValue, NexusLoginButton, NexusProvider, type NexusUser, clearTokens, decodeUser, getAccessToken, getRefreshToken, isTokenValid, nexusFetch, refreshTokens, setTokens, useNexus };

package/dist/index.js

@@ -0,0 +1,472 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  NexusCallback: () => NexusCallback,
+  NexusLoginButton: () => NexusLoginButton,
+  NexusProvider: () => NexusProvider,
+  clearTokens: () => clearTokens,
+  decodeUser: () => decodeUser,
+  getAccessToken: () => getAccessToken,
+  getRefreshToken: () => getRefreshToken,
+  isTokenValid: () => isTokenValid,
+  nexusFetch: () => nexusFetch,
+  refreshTokens: () => refreshTokens,
+  setTokens: () => setTokens,
+  useNexus: () => useNexus
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/NexusProvider.tsx
+var import_react = require("react");
+
+// src/client.ts
+var TOKEN_KEY = "nexus_access_token";
+var REFRESH_KEY = "nexus_refresh_token";
+var STATE_KEY = "nexus_oauth_state";
+var memoryAccessToken = null;
+var memoryRefreshToken = null;
+var refreshPromise = null;
+function setTokens(access, refresh) {
+  memoryAccessToken = access;
+  memoryRefreshToken = refresh;
+  localStorage.setItem(TOKEN_KEY, access);
+  localStorage.setItem(REFRESH_KEY, refresh);
+}
+function getAccessToken() {
+  if (!memoryAccessToken) {
+    memoryAccessToken = localStorage.getItem(TOKEN_KEY);
+  }
+  return memoryAccessToken;
+}
+function getRefreshToken() {
+  if (!memoryRefreshToken) {
+    memoryRefreshToken = localStorage.getItem(REFRESH_KEY);
+  }
+  return memoryRefreshToken;
+}
+function clearTokens() {
+  memoryAccessToken = null;
+  memoryRefreshToken = null;
+  localStorage.removeItem(TOKEN_KEY);
+  localStorage.removeItem(REFRESH_KEY);
+}
+function isTokenValid() {
+  const token = getAccessToken();
+  if (!token) return false;
+  try {
+    const payload = JSON.parse(atob(token.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")));
+    return payload.exp * 1e3 > Date.now() + 3e4;
+  } catch {
+    return false;
+  }
+}
+function decodeUser(token) {
+  try {
+    const payload = JSON.parse(atob(token.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")));
+    return {
+      id: payload.sub,
+      email: payload.email,
+      username: payload.username || "",
+      firstName: "",
+      lastName: "",
+      avatar: payload.avatar || "",
+      globalRole: payload.global_role || "citizen",
+      emailVerified: payload.email_verified || false,
+      affiliateCode: payload.affiliate_code || "",
+      twoFactorEnabled: payload.two_factor_verified || false,
+      appRoles: payload.app_roles
+    };
+  } catch {
+    return null;
+  }
+}
+function generateState() {
+  const state = Math.random().toString(36).substring(2) + Math.random().toString(36).substring(2);
+  sessionStorage.setItem(STATE_KEY, state);
+  return state;
+}
+function validateState(state) {
+  const saved = sessionStorage.getItem(STATE_KEY);
+  sessionStorage.removeItem(STATE_KEY);
+  return saved === state;
+}
+function getLoginUrl(config) {
+  const nexusUrl = config.nexusUrl || "https://accounts.vylth.com";
+  const state = generateState();
+  const params = new URLSearchParams({
+    client_id: config.clientId,
+    redirect_uri: config.redirectUri,
+    state
+  });
+  return `${nexusUrl}/oauth/authorize?${params.toString()}`;
+}
+async function exchangeCode(code, apiUrl) {
+  const res = await fetch(`${apiUrl}/token/exchange`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ code })
+  });
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: "Token exchange failed" }));
+    throw new Error(err.error || "Token exchange failed");
+  }
+  const data = await res.json();
+  setTokens(data.access_token, data.refresh_token);
+  return data;
+}
+async function doRefresh(apiUrl) {
+  const rt = getRefreshToken();
+  if (!rt) return false;
+  try {
+    const res = await fetch(`${apiUrl}/token/refresh`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ refresh_token: rt })
+    });
+    if (res.ok) {
+      const data = await res.json();
+      setTokens(data.access_token, data.refresh_token);
+      return true;
+    }
+  } catch {
+  }
+  return false;
+}
+function refreshTokens(apiUrl) {
+  if (!refreshPromise) {
+    refreshPromise = doRefresh(apiUrl).finally(() => {
+      refreshPromise = null;
+    });
+  }
+  return refreshPromise;
+}
+async function nexusFetch(apiUrl, path, options = {}, onAuthFailure) {
+  const token = getAccessToken();
+  const headers = {
+    "Content-Type": "application/json",
+    ...options.headers
+  };
+  if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
+  const res = await fetch(`${apiUrl}${path}`, { ...options, headers });
+  if (res.status === 401 && token) {
+    const refreshed = await refreshTokens(apiUrl);
+    if (refreshed) {
+      headers["Authorization"] = `Bearer ${getAccessToken()}`;
+      const retry = await fetch(`${apiUrl}${path}`, { ...options, headers });
+      if (!retry.ok) {
+        const err = await retry.json().catch(() => ({ error: "Request failed" }));
+        throw new Error(err.error || "Request failed");
+      }
+      return retry.json();
+    }
+    clearTokens();
+    onAuthFailure?.();
+    throw new Error("Session expired");
+  }
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+    throw new Error(err.error || `HTTP ${res.status}`);
+  }
+  return res.json();
+}
+
+// src/NexusProvider.tsx
+var import_jsx_runtime = require("react/jsx-runtime");
+var NexusContext = (0, import_react.createContext)(null);
+function NexusProvider({
+  children,
+  clientId,
+  redirectUri,
+  nexusUrl,
+  apiUrl,
+  onLogin,
+  onLogout
+}) {
+  const resolvedApiUrl = apiUrl || "https://auth.vylth.com/api/nexus";
+  const config = { clientId, redirectUri, nexusUrl, apiUrl: resolvedApiUrl };
+  const [user, setUser] = (0, import_react.useState)(null);
+  const [isLoading, setIsLoading] = (0, import_react.useState)(true);
+  const initAuth = (0, import_react.useCallback)(async () => {
+    const token = getAccessToken();
+    if (!token) {
+      setIsLoading(false);
+      return;
+    }
+    if (isTokenValid()) {
+      const decoded = decodeUser(token);
+      if (decoded) {
+        setUser(decoded);
+        setIsLoading(false);
+        return;
+      }
+    }
+    const refreshed = await refreshTokens(resolvedApiUrl);
+    if (refreshed) {
+      const newToken = getAccessToken();
+      if (newToken) {
+        const decoded = decodeUser(newToken);
+        setUser(decoded);
+      }
+    } else {
+      clearTokens();
+    }
+    setIsLoading(false);
+  }, [resolvedApiUrl]);
+  (0, import_react.useEffect)(() => {
+    initAuth();
+  }, [initAuth]);
+  const login = (0, import_react.useCallback)(() => {
+    window.location.href = getLoginUrl(config);
+  }, [config]);
+  const logout = (0, import_react.useCallback)(() => {
+    clearTokens();
+    setUser(null);
+    onLogout?.();
+  }, [onLogout]);
+  const refreshUser = (0, import_react.useCallback)(async () => {
+    const refreshed = await refreshTokens(resolvedApiUrl);
+    if (refreshed) {
+      const token = getAccessToken();
+      if (token) {
+        const decoded = decodeUser(token);
+        setUser(decoded);
+      }
+    }
+  }, [resolvedApiUrl]);
+  const setUserWithCallback = (0, import_react.useCallback)(
+    (u) => {
+      setUser(u);
+      onLogin?.(u);
+    },
+    [onLogin]
+  );
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(
+    NexusContext.Provider,
+    {
+      value: {
+        user,
+        isAuthenticated: !!user,
+        isLoading,
+        accessToken: getAccessToken(),
+        login,
+        logout,
+        refreshUser
+      },
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsx)(NexusConfigContext.Provider, { value: { ...config, setUser: setUserWithCallback }, children })
+    }
+  );
+}
+var NexusConfigContext = (0, import_react.createContext)(null);
+
+// src/NexusCallback.tsx
+var import_react2 = require("react");
+var import_jsx_runtime2 = require("react/jsx-runtime");
+function NexusCallback({ onSuccess, onError }) {
+  const config = (0, import_react2.useContext)(NexusConfigContext);
+  const [error, setError] = (0, import_react2.useState)("");
+  (0, import_react2.useEffect)(() => {
+    if (!config) return;
+    const params = new URLSearchParams(window.location.search);
+    const code = params.get("code");
+    const state = params.get("state");
+    const oauthError = params.get("error");
+    if (oauthError) {
+      const msg = `Authentication denied: ${oauthError}`;
+      setError(msg);
+      onError?.(msg);
+      return;
+    }
+    if (!code) {
+      const msg = "No authorization code received";
+      setError(msg);
+      onError?.(msg);
+      return;
+    }
+    if (state && !validateState(state)) {
+      const msg = "Invalid state parameter";
+      setError(msg);
+      onError?.(msg);
+      return;
+    }
+    const apiUrl = config.apiUrl || "https://auth.vylth.com/api/nexus";
+    exchangeCode(code, apiUrl).then((result) => {
+      const user = decodeUser(result.access_token);
+      if (user) {
+        user.firstName = result.investor.first_name;
+        user.lastName = result.investor.last_name;
+        user.avatar = result.investor.avatar_url || user.avatar;
+        user.emailVerified = result.investor.email_verified;
+        config.setUser(user);
+      }
+      onSuccess?.();
+    }).catch((err) => {
+      const msg = err.message || "Authentication failed";
+      setError(msg);
+      onError?.(msg);
+    });
+  }, [config]);
+  if (error) {
+    return /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)("div", { style: { display: "flex", flexDirection: "column", alignItems: "center", justifyContent: "center", minHeight: "100vh", fontFamily: "system-ui, sans-serif", background: "#0a0a0a", color: "#fff" }, children: [
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("p", { style: { color: "#ef4444", marginBottom: "16px" }, children: error }),
+      /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(
+        "button",
+        {
+          onClick: () => window.location.href = "/",
+          style: { padding: "8px 24px", borderRadius: "8px", border: "1px solid rgba(255,255,255,0.1)", background: "rgba(255,255,255,0.05)", color: "#fff", cursor: "pointer" },
+          children: "Try Again"
+        }
+      )
+    ] });
+  }
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("div", { style: { display: "flex", alignItems: "center", justifyContent: "center", minHeight: "100vh", background: "#0a0a0a", color: "#fff" }, children: /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)("div", { style: { textAlign: "center" }, children: [
+    /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("div", { style: { width: "32px", height: "32px", border: "3px solid rgba(255,255,255,0.1)", borderTopColor: "#d4a574", borderRadius: "50%", animation: "nexus-spin 0.8s linear infinite", margin: "0 auto 16px" } }),
+    /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("p", { style: { fontFamily: "monospace", fontSize: "14px", opacity: 0.6 }, children: "Authenticating with Nexus..." }),
+    /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("style", { children: `@keyframes nexus-spin { to { transform: rotate(360deg) } }` })
+  ] }) });
+}
+
+// src/NexusLoginButton.tsx
+var import_react3 = require("react");
+var import_jsx_runtime3 = require("react/jsx-runtime");
+var NEXUS_LOGO = `data:image/svg+xml,${encodeURIComponent(`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M12 2L2 7l10 5 10-5-10-5z"/><path d="M2 17l10 5 10-5"/><path d="M2 12l10 5 10-5"/></svg>`)}`;
+var sizes = {
+  sm: { padding: "8px 16px", fontSize: "13px", iconSize: 16, gap: 6 },
+  md: { padding: "10px 24px", fontSize: "14px", iconSize: 18, gap: 8 },
+  lg: { padding: "12px 32px", fontSize: "15px", iconSize: 20, gap: 10 }
+};
+var variants = {
+  dark: {
+    background: "#1a1a1a",
+    color: "#ffffff",
+    border: "1px solid rgba(255,255,255,0.1)",
+    hoverBg: "#252525"
+  },
+  light: {
+    background: "#ffffff",
+    color: "#0a0a0a",
+    border: "1px solid rgba(0,0,0,0.1)",
+    hoverBg: "#f5f5f5"
+  },
+  outline: {
+    background: "transparent",
+    color: "#d4a574",
+    border: "1px solid #d4a574",
+    hoverBg: "rgba(212,165,116,0.1)"
+  }
+};
+function NexusLoginButton({
+  label = "Sign in with Nexus",
+  size = "md",
+  variant = "dark",
+  className,
+  style: customStyle
+}) {
+  const context = (0, import_react3.useContext)(NexusContext);
+  const s = sizes[size];
+  const v = variants[variant];
+  const handleClick = () => {
+    context?.login();
+  };
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(
+    "button",
+    {
+      onClick: handleClick,
+      className,
+      style: {
+        display: "inline-flex",
+        alignItems: "center",
+        justifyContent: "center",
+        gap: `${s.gap}px`,
+        padding: s.padding,
+        fontSize: s.fontSize,
+        fontFamily: "'JetBrains Mono', 'SF Mono', 'Fira Code', monospace",
+        fontWeight: 500,
+        letterSpacing: "0.02em",
+        background: v.background,
+        color: v.color,
+        border: v.border,
+        borderRadius: "12px",
+        cursor: "pointer",
+        transition: "all 0.2s ease",
+        textDecoration: "none",
+        whiteSpace: "nowrap",
+        ...customStyle
+      },
+      onMouseEnter: (e) => {
+        e.target.style.background = v.hoverBg;
+        e.target.style.transform = "translateY(-1px)";
+      },
+      onMouseLeave: (e) => {
+        e.target.style.background = v.background;
+        e.target.style.transform = "translateY(0)";
+      },
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(
+          "svg",
+          {
+            width: s.iconSize,
+            height: s.iconSize,
+            viewBox: "0 0 24 24",
+            fill: "none",
+            stroke: "#d4a574",
+            strokeWidth: "2",
+            strokeLinecap: "round",
+            strokeLinejoin: "round",
+            children: [
+              /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M12 2L2 7l10 5 10-5-10-5z" }),
+              /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M2 17l10 5 10-5" }),
+              /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M2 12l10 5 10-5" })
+            ]
+          }
+        ),
+        label
+      ]
+    }
+  );
+}
+
+// src/useNexus.ts
+var import_react4 = require("react");
+function useNexus() {
+  const context = (0, import_react4.useContext)(NexusContext);
+  if (!context) {
+    throw new Error("useNexus must be used within a <NexusProvider>");
+  }
+  return context;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  NexusCallback,
+  NexusLoginButton,
+  NexusProvider,
+  clearTokens,
+  decodeUser,
+  getAccessToken,
+  getRefreshToken,
+  isTokenValid,
+  nexusFetch,
+  refreshTokens,
+  setTokens,
+  useNexus
+});

package/dist/index.mjs

@@ -0,0 +1,434 @@
+// src/NexusProvider.tsx
+import { createContext, useCallback, useEffect, useState } from "react";
+
+// src/client.ts
+var TOKEN_KEY = "nexus_access_token";
+var REFRESH_KEY = "nexus_refresh_token";
+var STATE_KEY = "nexus_oauth_state";
+var memoryAccessToken = null;
+var memoryRefreshToken = null;
+var refreshPromise = null;
+function setTokens(access, refresh) {
+  memoryAccessToken = access;
+  memoryRefreshToken = refresh;
+  localStorage.setItem(TOKEN_KEY, access);
+  localStorage.setItem(REFRESH_KEY, refresh);
+}
+function getAccessToken() {
+  if (!memoryAccessToken) {
+    memoryAccessToken = localStorage.getItem(TOKEN_KEY);
+  }
+  return memoryAccessToken;
+}
+function getRefreshToken() {
+  if (!memoryRefreshToken) {
+    memoryRefreshToken = localStorage.getItem(REFRESH_KEY);
+  }
+  return memoryRefreshToken;
+}
+function clearTokens() {
+  memoryAccessToken = null;
+  memoryRefreshToken = null;
+  localStorage.removeItem(TOKEN_KEY);
+  localStorage.removeItem(REFRESH_KEY);
+}
+function isTokenValid() {
+  const token = getAccessToken();
+  if (!token) return false;
+  try {
+    const payload = JSON.parse(atob(token.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")));
+    return payload.exp * 1e3 > Date.now() + 3e4;
+  } catch {
+    return false;
+  }
+}
+function decodeUser(token) {
+  try {
+    const payload = JSON.parse(atob(token.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")));
+    return {
+      id: payload.sub,
+      email: payload.email,
+      username: payload.username || "",
+      firstName: "",
+      lastName: "",
+      avatar: payload.avatar || "",
+      globalRole: payload.global_role || "citizen",
+      emailVerified: payload.email_verified || false,
+      affiliateCode: payload.affiliate_code || "",
+      twoFactorEnabled: payload.two_factor_verified || false,
+      appRoles: payload.app_roles
+    };
+  } catch {
+    return null;
+  }
+}
+function generateState() {
+  const state = Math.random().toString(36).substring(2) + Math.random().toString(36).substring(2);
+  sessionStorage.setItem(STATE_KEY, state);
+  return state;
+}
+function validateState(state) {
+  const saved = sessionStorage.getItem(STATE_KEY);
+  sessionStorage.removeItem(STATE_KEY);
+  return saved === state;
+}
+function getLoginUrl(config) {
+  const nexusUrl = config.nexusUrl || "https://accounts.vylth.com";
+  const state = generateState();
+  const params = new URLSearchParams({
+    client_id: config.clientId,
+    redirect_uri: config.redirectUri,
+    state
+  });
+  return `${nexusUrl}/oauth/authorize?${params.toString()}`;
+}
+async function exchangeCode(code, apiUrl) {
+  const res = await fetch(`${apiUrl}/token/exchange`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ code })
+  });
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: "Token exchange failed" }));
+    throw new Error(err.error || "Token exchange failed");
+  }
+  const data = await res.json();
+  setTokens(data.access_token, data.refresh_token);
+  return data;
+}
+async function doRefresh(apiUrl) {
+  const rt = getRefreshToken();
+  if (!rt) return false;
+  try {
+    const res = await fetch(`${apiUrl}/token/refresh`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ refresh_token: rt })
+    });
+    if (res.ok) {
+      const data = await res.json();
+      setTokens(data.access_token, data.refresh_token);
+      return true;
+    }
+  } catch {
+  }
+  return false;
+}
+function refreshTokens(apiUrl) {
+  if (!refreshPromise) {
+    refreshPromise = doRefresh(apiUrl).finally(() => {
+      refreshPromise = null;
+    });
+  }
+  return refreshPromise;
+}
+async function nexusFetch(apiUrl, path, options = {}, onAuthFailure) {
+  const token = getAccessToken();
+  const headers = {
+    "Content-Type": "application/json",
+    ...options.headers
+  };
+  if (token) {
+    headers["Authorization"] = `Bearer ${token}`;
+  }
+  const res = await fetch(`${apiUrl}${path}`, { ...options, headers });
+  if (res.status === 401 && token) {
+    const refreshed = await refreshTokens(apiUrl);
+    if (refreshed) {
+      headers["Authorization"] = `Bearer ${getAccessToken()}`;
+      const retry = await fetch(`${apiUrl}${path}`, { ...options, headers });
+      if (!retry.ok) {
+        const err = await retry.json().catch(() => ({ error: "Request failed" }));
+        throw new Error(err.error || "Request failed");
+      }
+      return retry.json();
+    }
+    clearTokens();
+    onAuthFailure?.();
+    throw new Error("Session expired");
+  }
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+    throw new Error(err.error || `HTTP ${res.status}`);
+  }
+  return res.json();
+}
+
+// src/NexusProvider.tsx
+import { jsx } from "react/jsx-runtime";
+var NexusContext = createContext(null);
+function NexusProvider({
+  children,
+  clientId,
+  redirectUri,
+  nexusUrl,
+  apiUrl,
+  onLogin,
+  onLogout
+}) {
+  const resolvedApiUrl = apiUrl || "https://auth.vylth.com/api/nexus";
+  const config = { clientId, redirectUri, nexusUrl, apiUrl: resolvedApiUrl };
+  const [user, setUser] = useState(null);
+  const [isLoading, setIsLoading] = useState(true);
+  const initAuth = useCallback(async () => {
+    const token = getAccessToken();
+    if (!token) {
+      setIsLoading(false);
+      return;
+    }
+    if (isTokenValid()) {
+      const decoded = decodeUser(token);
+      if (decoded) {
+        setUser(decoded);
+        setIsLoading(false);
+        return;
+      }
+    }
+    const refreshed = await refreshTokens(resolvedApiUrl);
+    if (refreshed) {
+      const newToken = getAccessToken();
+      if (newToken) {
+        const decoded = decodeUser(newToken);
+        setUser(decoded);
+      }
+    } else {
+      clearTokens();
+    }
+    setIsLoading(false);
+  }, [resolvedApiUrl]);
+  useEffect(() => {
+    initAuth();
+  }, [initAuth]);
+  const login = useCallback(() => {
+    window.location.href = getLoginUrl(config);
+  }, [config]);
+  const logout = useCallback(() => {
+    clearTokens();
+    setUser(null);
+    onLogout?.();
+  }, [onLogout]);
+  const refreshUser = useCallback(async () => {
+    const refreshed = await refreshTokens(resolvedApiUrl);
+    if (refreshed) {
+      const token = getAccessToken();
+      if (token) {
+        const decoded = decodeUser(token);
+        setUser(decoded);
+      }
+    }
+  }, [resolvedApiUrl]);
+  const setUserWithCallback = useCallback(
+    (u) => {
+      setUser(u);
+      onLogin?.(u);
+    },
+    [onLogin]
+  );
+  return /* @__PURE__ */ jsx(
+    NexusContext.Provider,
+    {
+      value: {
+        user,
+        isAuthenticated: !!user,
+        isLoading,
+        accessToken: getAccessToken(),
+        login,
+        logout,
+        refreshUser
+      },
+      children: /* @__PURE__ */ jsx(NexusConfigContext.Provider, { value: { ...config, setUser: setUserWithCallback }, children })
+    }
+  );
+}
+var NexusConfigContext = createContext(null);
+
+// src/NexusCallback.tsx
+import { useContext, useEffect as useEffect2, useState as useState2 } from "react";
+import { jsx as jsx2, jsxs } from "react/jsx-runtime";
+function NexusCallback({ onSuccess, onError }) {
+  const config = useContext(NexusConfigContext);
+  const [error, setError] = useState2("");
+  useEffect2(() => {
+    if (!config) return;
+    const params = new URLSearchParams(window.location.search);
+    const code = params.get("code");
+    const state = params.get("state");
+    const oauthError = params.get("error");
+    if (oauthError) {
+      const msg = `Authentication denied: ${oauthError}`;
+      setError(msg);
+      onError?.(msg);
+      return;
+    }
+    if (!code) {
+      const msg = "No authorization code received";
+      setError(msg);
+      onError?.(msg);
+      return;
+    }
+    if (state && !validateState(state)) {
+      const msg = "Invalid state parameter";
+      setError(msg);
+      onError?.(msg);
+      return;
+    }
+    const apiUrl = config.apiUrl || "https://auth.vylth.com/api/nexus";
+    exchangeCode(code, apiUrl).then((result) => {
+      const user = decodeUser(result.access_token);
+      if (user) {
+        user.firstName = result.investor.first_name;
+        user.lastName = result.investor.last_name;
+        user.avatar = result.investor.avatar_url || user.avatar;
+        user.emailVerified = result.investor.email_verified;
+        config.setUser(user);
+      }
+      onSuccess?.();
+    }).catch((err) => {
+      const msg = err.message || "Authentication failed";
+      setError(msg);
+      onError?.(msg);
+    });
+  }, [config]);
+  if (error) {
+    return /* @__PURE__ */ jsxs("div", { style: { display: "flex", flexDirection: "column", alignItems: "center", justifyContent: "center", minHeight: "100vh", fontFamily: "system-ui, sans-serif", background: "#0a0a0a", color: "#fff" }, children: [
+      /* @__PURE__ */ jsx2("p", { style: { color: "#ef4444", marginBottom: "16px" }, children: error }),
+      /* @__PURE__ */ jsx2(
+        "button",
+        {
+          onClick: () => window.location.href = "/",
+          style: { padding: "8px 24px", borderRadius: "8px", border: "1px solid rgba(255,255,255,0.1)", background: "rgba(255,255,255,0.05)", color: "#fff", cursor: "pointer" },
+          children: "Try Again"
+        }
+      )
+    ] });
+  }
+  return /* @__PURE__ */ jsx2("div", { style: { display: "flex", alignItems: "center", justifyContent: "center", minHeight: "100vh", background: "#0a0a0a", color: "#fff" }, children: /* @__PURE__ */ jsxs("div", { style: { textAlign: "center" }, children: [
+    /* @__PURE__ */ jsx2("div", { style: { width: "32px", height: "32px", border: "3px solid rgba(255,255,255,0.1)", borderTopColor: "#d4a574", borderRadius: "50%", animation: "nexus-spin 0.8s linear infinite", margin: "0 auto 16px" } }),
+    /* @__PURE__ */ jsx2("p", { style: { fontFamily: "monospace", fontSize: "14px", opacity: 0.6 }, children: "Authenticating with Nexus..." }),
+    /* @__PURE__ */ jsx2("style", { children: `@keyframes nexus-spin { to { transform: rotate(360deg) } }` })
+  ] }) });
+}
+
+// src/NexusLoginButton.tsx
+import { useContext as useContext2 } from "react";
+import { jsx as jsx3, jsxs as jsxs2 } from "react/jsx-runtime";
+var NEXUS_LOGO = `data:image/svg+xml,${encodeURIComponent(`<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M12 2L2 7l10 5 10-5-10-5z"/><path d="M2 17l10 5 10-5"/><path d="M2 12l10 5 10-5"/></svg>`)}`;
+var sizes = {
+  sm: { padding: "8px 16px", fontSize: "13px", iconSize: 16, gap: 6 },
+  md: { padding: "10px 24px", fontSize: "14px", iconSize: 18, gap: 8 },
+  lg: { padding: "12px 32px", fontSize: "15px", iconSize: 20, gap: 10 }
+};
+var variants = {
+  dark: {
+    background: "#1a1a1a",
+    color: "#ffffff",
+    border: "1px solid rgba(255,255,255,0.1)",
+    hoverBg: "#252525"
+  },
+  light: {
+    background: "#ffffff",
+    color: "#0a0a0a",
+    border: "1px solid rgba(0,0,0,0.1)",
+    hoverBg: "#f5f5f5"
+  },
+  outline: {
+    background: "transparent",
+    color: "#d4a574",
+    border: "1px solid #d4a574",
+    hoverBg: "rgba(212,165,116,0.1)"
+  }
+};
+function NexusLoginButton({
+  label = "Sign in with Nexus",
+  size = "md",
+  variant = "dark",
+  className,
+  style: customStyle
+}) {
+  const context = useContext2(NexusContext);
+  const s = sizes[size];
+  const v = variants[variant];
+  const handleClick = () => {
+    context?.login();
+  };
+  return /* @__PURE__ */ jsxs2(
+    "button",
+    {
+      onClick: handleClick,
+      className,
+      style: {
+        display: "inline-flex",
+        alignItems: "center",
+        justifyContent: "center",
+        gap: `${s.gap}px`,
+        padding: s.padding,
+        fontSize: s.fontSize,
+        fontFamily: "'JetBrains Mono', 'SF Mono', 'Fira Code', monospace",
+        fontWeight: 500,
+        letterSpacing: "0.02em",
+        background: v.background,
+        color: v.color,
+        border: v.border,
+        borderRadius: "12px",
+        cursor: "pointer",
+        transition: "all 0.2s ease",
+        textDecoration: "none",
+        whiteSpace: "nowrap",
+        ...customStyle
+      },
+      onMouseEnter: (e) => {
+        e.target.style.background = v.hoverBg;
+        e.target.style.transform = "translateY(-1px)";
+      },
+      onMouseLeave: (e) => {
+        e.target.style.background = v.background;
+        e.target.style.transform = "translateY(0)";
+      },
+      children: [
+        /* @__PURE__ */ jsxs2(
+          "svg",
+          {
+            width: s.iconSize,
+            height: s.iconSize,
+            viewBox: "0 0 24 24",
+            fill: "none",
+            stroke: "#d4a574",
+            strokeWidth: "2",
+            strokeLinecap: "round",
+            strokeLinejoin: "round",
+            children: [
+              /* @__PURE__ */ jsx3("path", { d: "M12 2L2 7l10 5 10-5-10-5z" }),
+              /* @__PURE__ */ jsx3("path", { d: "M2 17l10 5 10-5" }),
+              /* @__PURE__ */ jsx3("path", { d: "M2 12l10 5 10-5" })
+            ]
+          }
+        ),
+        label
+      ]
+    }
+  );
+}
+
+// src/useNexus.ts
+import { useContext as useContext3 } from "react";
+function useNexus() {
+  const context = useContext3(NexusContext);
+  if (!context) {
+    throw new Error("useNexus must be used within a <NexusProvider>");
+  }
+  return context;
+}
+export {
+  NexusCallback,
+  NexusLoginButton,
+  NexusProvider,
+  clearTokens,
+  decodeUser,
+  getAccessToken,
+  getRefreshToken,
+  isTokenValid,
+  nexusFetch,
+  refreshTokens,
+  setTokens,
+  useNexus
+};

package/package.json

@@ -0,0 +1,25 @@
+{
+  "name": "@vylth/nexus-react",
+  "version": "1.0.0",
+  "description": "Nexus SSO SDK for React — Sign in with Nexus",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "files": ["dist"],
+  "scripts": {
+    "build": "tsup src/index.ts --format cjs,esm --dts --clean",
+    "dev": "tsup src/index.ts --format cjs,esm --dts --watch"
+  },
+  "peerDependencies": {
+    "react": ">=18.0.0",
+    "react-dom": ">=18.0.0"
+  },
+  "devDependencies": {
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "@types/react": "^18.3.3",
+    "typescript": "^5.5.0",
+    "tsup": "^8.0.0"
+  },
+  "license": "MIT"
+}