@yackey-labs/yauth-ui-solidjs 0.12.2 → 0.12.4

package/src/hooks/create-audit-destinations.ts

@@ -0,0 +1,179 @@
+// Hook for the audit-export admin surface (issue #96).
+//
+// Phase B: now uses the typed `@yackey-labs/yauth-client` after the
+// routes_meta.rs regeneration registered `/audit/destinations` and friends.
+// The raw-fetch fallback from the initial drop is gone — every call goes
+// through the generated client functions, which route via the shared
+// `customFetch` mutator.
+
+import type {
+	AuditDestinationResponse,
+	CreateAuditDestinationRequest,
+	UpdateAuditDestinationRequest,
+} from "@yackey-labs/yauth-client";
+import {
+	auditExportCreateDestination,
+	auditExportDeleteDestination,
+	auditExportListDestinationOutbox,
+	auditExportListDestinations,
+	auditExportUpdateDestination,
+} from "@yackey-labs/yauth-client";
+import { type Accessor, createEffect, createSignal } from "solid-js";
+
+export type AuditDestinationKindTag =
+	| "webhook"
+	| "syslog"
+	| "s3"
+	| "splunk"
+	| "datadog";
+
+export type AuditDestination = AuditDestinationResponse;
+
+export interface OutboxEntry {
+	id: string;
+	audit_log_id: string;
+	destination_id: string;
+	status: "pending" | "sent" | "failed" | "dead_letter";
+	attempts: number;
+	last_attempt_at: string | null;
+	last_error: string | null;
+	created_at: string;
+}
+
+export type CreateDestinationInput = Omit<
+	CreateAuditDestinationRequest,
+	"kind"
+> & {
+	kind:
+		| {
+				type: "webhook";
+				url: string;
+				format?: "json" | "cef" | "rfc5424";
+				hmac_secret?: string;
+				headers?: Record<string, string>;
+		  }
+		| {
+				type: "syslog";
+				host: string;
+				port: number;
+				transport?: "tcp" | "udp" | "tls";
+				facility?: number;
+		  }
+		| {
+				type: "s3";
+				bucket: string;
+				prefix?: string;
+				region: string;
+				partition?: "by_date" | "by_org" | "by_date_and_org";
+		  }
+		| { type: "splunk"; hec_url: string; hec_token: string }
+		| { type: "datadog"; site: string; api_key: string };
+};
+
+/**
+ * `baseUrl` is no longer required — the typed client reads its base URL
+ * from the global `configureClient` call made by the YAuthProvider. The
+ * option is kept in the signature so existing call sites compile without
+ * change.
+ */
+export interface CreateAuditDestinationsOptions {
+	baseUrl?: string;
+}
+
+/**
+ * Headless hook for audit-export destination management (issue #96).
+ *
+ * Mirrors `useAuditDestinations` from the Vue package. Pass an `orgScope`
+ * accessor; the hook auto-fetches on mount and whenever the scope changes
+ * (null = deployment-wide).
+ */
+export function createAuditDestinations(
+	orgScope?: Accessor<string | null | undefined>,
+	_options: CreateAuditDestinationsOptions = {},
+) {
+	const [destinations, setDestinations] = createSignal<AuditDestination[]>([]);
+	const [loading, setLoading] = createSignal(false);
+	const [submitting, setSubmitting] = createSignal(false);
+	const [error, setError] = createSignal<string | null>(null);
+
+	const refresh = async () => {
+		setLoading(true);
+		setError(null);
+		try {
+			const org = orgScope?.();
+			const params = org
+				? { organization_id: org }
+				: { scope: "deployment" };
+			const rows = await auditExportListDestinations(params);
+			setDestinations(rows);
+		} catch (e) {
+			setError(e instanceof Error ? e.message : "failed to load destinations");
+			setDestinations([]);
+		} finally {
+			setLoading(false);
+		}
+	};
+
+	const create = async (
+		input: CreateDestinationInput,
+	): Promise<AuditDestination | null> => {
+		setSubmitting(true);
+		setError(null);
+		try {
+			const created = await auditExportCreateDestination(
+				input as unknown as CreateAuditDestinationRequest,
+			);
+			await refresh();
+			return created;
+		} catch (e) {
+			setError(e instanceof Error ? e.message : "create failed");
+			return null;
+		} finally {
+			setSubmitting(false);
+		}
+	};
+
+	const disable = async (id: string): Promise<void> => {
+		setSubmitting(true);
+		try {
+			await auditExportUpdateDestination(id, {
+				status: "disabled",
+			} as UpdateAuditDestinationRequest);
+			await refresh();
+		} finally {
+			setSubmitting(false);
+		}
+	};
+
+	const remove = async (id: string): Promise<void> => {
+		setSubmitting(true);
+		try {
+			await auditExportDeleteDestination(id);
+			await refresh();
+		} finally {
+			setSubmitting(false);
+		}
+	};
+
+	const outbox = async (id: string, limit = 50): Promise<OutboxEntry[]> =>
+		(await auditExportListDestinationOutbox(id, {
+			limit: String(limit),
+		})) as unknown as OutboxEntry[];
+
+	createEffect(() => {
+		void orgScope?.();
+		void refresh();
+	});
+
+	return {
+		destinations,
+		loading,
+		submitting,
+		error,
+		refresh,
+		create,
+		disable,
+		remove,
+		outbox,
+	};
+}

package/src/hooks/create-organizations.ts

@@ -0,0 +1,495 @@
+import type {
+  ChangeRoleRequest,
+  CreateDomainRequest,
+  CreateDomainResponse,
+  CreateInvitationRequest,
+  CreateInvitationResponse,
+  CreateOrgRequest,
+  DomainResponse,
+  MembershipResponse,
+  OrganizationResponse,
+  PermissionsResponse,
+  TransferOwnershipRequest,
+  UpdateDomainRequest,
+  UpdateOrgRequest,
+  VerifyDomainResponse,
+} from "@yackey-labs/yauth-client";
+import { type Accessor, createEffect, createSignal } from "solid-js";
+import { useYAuth } from "../provider";
+
+/**
+ * Generate a URL-safe slug from a free-form name.
+ * Deterministic + idempotent — safe to recompute on every keystroke.
+ */
+export function slugify(input: string): string {
+  return input
+    .toLowerCase()
+    .trim()
+    .replace(/[^a-z0-9\s-]/g, "")
+    .replace(/\s+/g, "-")
+    .replace(/-+/g, "-")
+    .replace(/^-|-$/g, "")
+    .slice(0, 64);
+}
+
+/**
+ * Headless hook for the current user's organization list.
+ *
+ * NOTE: We use `createSignal` + manual fetch (rather than `createResource`)
+ * because `createResource` requires a tracked source, and we want fully
+ * imperative `refetch` semantics matching the Vue composable's shape. The
+ * active-organization concept lives in issue #89.
+ */
+export function createOrganizations() {
+  const { client } = useYAuth();
+  const [organizations, setOrganizations] = createSignal<OrganizationResponse[]>([]);
+  const [loading, setLoading] = createSignal(false);
+  const [error, setError] = createSignal<string | null>(null);
+
+  const refetch = async () => {
+    if (!client?.organizations) {
+      setError("Organizations feature is not enabled on this server.");
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    try {
+      setOrganizations(await client.organizations.list());
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const create = async (body: CreateOrgRequest): Promise<OrganizationResponse | null> => {
+    if (!client?.organizations) {
+      setError("Organizations feature is not enabled on this server.");
+      return null;
+    }
+    setError(null);
+    try {
+      const org = await client.organizations.create(body);
+      setOrganizations([...organizations(), org]);
+      return org;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return null;
+    }
+  };
+
+  const remove = async (id: string): Promise<boolean> => {
+    if (!client?.organizations) {
+      setError("Organizations feature is not enabled on this server.");
+      return false;
+    }
+    setError(null);
+    try {
+      await client.organizations.delete(id);
+      setOrganizations(organizations().filter((o) => o.id !== id));
+      return true;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return false;
+    }
+  };
+
+  void refetch();
+
+  return { organizations, loading, error, refetch, create, remove };
+}
+
+/**
+ * Headless hook for a single organization by id accessor.
+ */
+export function createOrganization(id: Accessor<string | null | undefined>) {
+  const { client } = useYAuth();
+  const [organization, setOrganization] = createSignal<OrganizationResponse | null>(null);
+  const [loading, setLoading] = createSignal(false);
+  const [error, setError] = createSignal<string | null>(null);
+
+  const refetch = async () => {
+    const current = id();
+    if (!current) {
+      setOrganization(null);
+      return;
+    }
+    if (!client?.organizations) {
+      setError("Organizations feature is not enabled on this server.");
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    try {
+      setOrganization(await client.organizations.get(current));
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      setOrganization(null);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const update = async (body: UpdateOrgRequest): Promise<OrganizationResponse | null> => {
+    const current = id();
+    if (!current || !client?.organizations) return null;
+    setError(null);
+    try {
+      const updated = await client.organizations.update(current, body);
+      setOrganization(updated);
+      return updated;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return null;
+    }
+  };
+
+  void refetch();
+
+  return { organization, loading, error, refetch, update };
+}
+
+/**
+ * Headless hook for an organization's members + invitation creation.
+ */
+export function createMembers(orgId: Accessor<string | null | undefined>) {
+  const { client } = useYAuth();
+  const [members, setMembers] = createSignal<MembershipResponse[]>([]);
+  const [loading, setLoading] = createSignal(false);
+  const [error, setError] = createSignal<string | null>(null);
+
+  const refetch = async () => {
+    const current = orgId();
+    if (!current) {
+      setMembers([]);
+      return;
+    }
+    if (!client?.organizations) {
+      setError("Organizations feature is not enabled on this server.");
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    try {
+      setMembers(await client.organizations.listMembers(current));
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const invite = async (
+    body: CreateInvitationRequest,
+  ): Promise<CreateInvitationResponse | null> => {
+    const current = orgId();
+    if (!current || !client?.organizations) return null;
+    setError(null);
+    try {
+      return await client.organizations.createInvitation(current, body);
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return null;
+    }
+  };
+
+  void refetch();
+
+  return { members, loading, error, refetch, invite };
+}
+
+/**
+ * Headless hook for accepting an invitation by token.
+ * Stateless — caller invokes `accept` explicitly.
+ */
+export function createInvitation() {
+  const { client } = useYAuth();
+  const [submitting, setSubmitting] = createSignal(false);
+  const [error, setError] = createSignal<string | null>(null);
+
+  const accept = async (token: string): Promise<MembershipResponse | null> => {
+    if (!client?.organizations) {
+      setError("Organizations feature is not enabled on this server.");
+      return null;
+    }
+    if (!token.trim()) {
+      setError("Invitation token is required.");
+      return null;
+    }
+    setSubmitting(true);
+    setError(null);
+    try {
+      return await client.organizations.acceptInvitation({ token });
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return null;
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  return { submitting, error, accept };
+}
+// ──────────────────────────────────────────────
+// RBAC (#88) hooks
+// ──────────────────────────────────────────────
+
+/**
+ * Built-in role string constants — mirrors `yauth::auth::rbac::roles`.
+ * Custom role strings are permitted but receive no default permissions.
+ */
+export const ROLES = {
+  OWNER: "owner",
+  ADMIN: "admin",
+  BILLING_ADMIN: "billing_admin",
+  MEMBER: "member",
+  VIEWER: "viewer",
+} as const;
+
+export type BuiltinRole = (typeof ROLES)[keyof typeof ROLES];
+
+/**
+ * Headless hook for the calling user's effective permissions in an org.
+ * Auto-fetches when `orgId` changes.
+ */
+export function createOrgPermissions(orgId: Accessor<string | null | undefined>) {
+  const { client } = useYAuth();
+  const [permissions, setPermissions] = createSignal<PermissionsResponse | null>(null);
+  const [loading, setLoading] = createSignal(false);
+  const [error, setError] = createSignal<string | null>(null);
+
+  const refetch = async () => {
+    const current = orgId();
+    if (!current) {
+      setPermissions(null);
+      return;
+    }
+    if (!client?.organizations) {
+      setError("Organizations feature is not enabled on this server.");
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    try {
+      const next = await client.organizations.listPermissions(current);
+      setPermissions(next);
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const hasPermission = (perm: string): boolean =>
+    permissions()?.permissions.includes(perm) ?? false;
+
+  const isRole = (role: string): boolean => permissions()?.role === role;
+
+  createEffect(() => {
+    orgId();
+    void refetch();
+  });
+
+  return {
+    permissions,
+    loading,
+    error,
+    refetch,
+    hasPermission,
+    isRole,
+  };
+}
+
+/**
+ * Headless hook for the change-role + remove-member + transfer actions.
+ */
+export function createOrgRoles(orgId: Accessor<string | null | undefined>) {
+  const { client } = useYAuth();
+  const [submitting, setSubmitting] = createSignal(false);
+  const [error, setError] = createSignal<string | null>(null);
+
+  const changeRole = async (
+    userId: string,
+    body: ChangeRoleRequest,
+  ): Promise<MembershipResponse | null> => {
+    const current = orgId();
+    if (!current || !client?.organizations) return null;
+    setSubmitting(true);
+    setError(null);
+    try {
+      return await client.organizations.changeRole(current, userId, body);
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return null;
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  const removeMember = async (userId: string): Promise<boolean> => {
+    const current = orgId();
+    if (!current || !client?.organizations) return false;
+    setSubmitting(true);
+    setError(null);
+    try {
+      await client.organizations.removeMember(current, userId);
+      return true;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return false;
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  const transferOwnership = async (body: TransferOwnershipRequest): Promise<boolean> => {
+    const current = orgId();
+    if (!current || !client?.organizations) return false;
+    setSubmitting(true);
+    setError(null);
+    try {
+      await client.organizations.transferOwnership(current, body);
+      return true;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return false;
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  return { submitting, error, changeRole, removeMember, transferOwnership };
+}
+
+// ──────────────────────────────────────────────
+// Verified email domains (#90)
+// ──────────────────────────────────────────────
+
+/**
+ * Headless hook for an organization's domain claims.
+ *
+ * Tracks the list reactively (call `refetch` after mutations). Exposes
+ * `claim`, `verify`, `update`, and `remove` operations. All mutating
+ * methods return `null` on error and surface the error via `error()`.
+ *
+ * `lastCreated` holds the most recent `CreateDomainResponse` — the
+ * `verification_token` field on that response is shown ONCE, so the UI
+ * must capture it from this signal rather than re-fetch.
+ */
+export function createDomains(orgId: Accessor<string | null>) {
+  const { client } = useYAuth();
+  const [domains, setDomains] = createSignal<DomainResponse[]>([]);
+  const [loading, setLoading] = createSignal(false);
+  const [submitting, setSubmitting] = createSignal(false);
+  const [error, setError] = createSignal<string | null>(null);
+  const [lastCreated, setLastCreated] = createSignal<CreateDomainResponse | null>(null);
+
+  const refetch = async () => {
+    const current = orgId();
+    if (!current) {
+      setDomains([]);
+      return;
+    }
+    if (!client?.organizations) {
+      setError("Organizations feature is not enabled on this server.");
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    try {
+      setDomains(await client.organizations.listDomains(current));
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const claim = async (body: CreateDomainRequest): Promise<CreateDomainResponse | null> => {
+    const current = orgId();
+    if (!current || !client?.organizations) return null;
+    setSubmitting(true);
+    setError(null);
+    try {
+      const result = await client.organizations.createDomain(current, body);
+      setLastCreated(result);
+      await refetch();
+      return result;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return null;
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  const verify = async (did: string): Promise<VerifyDomainResponse | null> => {
+    const current = orgId();
+    if (!current || !client?.organizations) return null;
+    setSubmitting(true);
+    setError(null);
+    try {
+      const result = await client.organizations.verifyDomain(current, did);
+      await refetch();
+      return result;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return null;
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  const update = async (did: string, body: UpdateDomainRequest): Promise<DomainResponse | null> => {
+    const current = orgId();
+    if (!current || !client?.organizations) return null;
+    setSubmitting(true);
+    setError(null);
+    try {
+      const result = await client.organizations.updateDomain(current, did, body);
+      await refetch();
+      return result;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return null;
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  const remove = async (did: string): Promise<boolean> => {
+    const current = orgId();
+    if (!current || !client?.organizations) return false;
+    setSubmitting(true);
+    setError(null);
+    try {
+      await client.organizations.deleteDomain(current, did);
+      await refetch();
+      return true;
+    } catch (err) {
+      setError(err instanceof Error ? err.message : String(err));
+      return false;
+    } finally {
+      setSubmitting(false);
+    }
+  };
+
+  createEffect(() => {
+    // Re-fetch whenever the org id changes.
+    void orgId();
+    void refetch();
+  });
+
+  return {
+    domains,
+    loading,
+    submitting,
+    error,
+    lastCreated,
+    refetch,
+    claim,
+    verify,
+    update,
+    remove,
+  };
+}