astro-tokenkit 1.0.16 → 1.0.18

package/dist/index.cjs

@@ -39,20 +39,23 @@ typeof SuppressedError === "function" ? SuppressedError : function (error, suppr
  * API Error
  */
 class APIError extends Error {
-    constructor(message, status, response, request) {
+    constructor(message, status, response, request, cause) {
         super(message);
         this.status = status;
         this.response = response;
         this.request = request;
+        this.cause = cause;
         this.name = 'APIError';
+        if (cause && !this.cause)
+            this.cause = cause;
     }
 }
 /**
  * Authentication Error
  */
 class AuthError extends APIError {
-    constructor(message, status, response, request) {
-        super(message, status, response, request);
+    constructor(message, status, response, request, cause) {
+        super(message, status, response, request, cause);
         this.name = 'AuthError';
     }
 }
@@ -60,8 +63,8 @@ class AuthError extends APIError {
  * Network Error
  */
 class NetworkError extends APIError {
-    constructor(message, request) {
-        super(message, undefined, undefined, request);
+    constructor(message, request, cause) {
+        super(message, undefined, undefined, request, cause);
         this.name = 'NetworkError';
     }
 }
@@ -69,8 +72,8 @@ class NetworkError extends APIError {
  * Timeout Error
  */
 class TimeoutError extends APIError {
-    constructor(message, request) {
-        super(message, undefined, undefined, request);
+    constructor(message, request, cause) {
+        super(message, undefined, undefined, request, cause);
         this.name = 'TimeoutError';
     }
 }
@@ -396,6 +399,122 @@ function isExpired(expiresAt, now, policy = {}) {
     return now + clockSkew > expiresAt;
 }
 
+// packages/astro-tokenkit/src/utils/fetch.ts
+/**
+ * Perform a fetch request with optional certificate validation bypass
+ */
+function safeFetch(url, init, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const fetchFn = config.fetch || fetch;
+        const fetchOptions = Object.assign({}, init);
+        if (config.dangerouslyIgnoreCertificateErrors && typeof process !== 'undefined') {
+            // In Node.js environment
+            try {
+                // Try to use undici Agent if available (it is built-in in Node 18+)
+                // However, we might need to import it if we want to create an Agent.
+                // Since we don't want to depend on undici in package.json, we use dynamic import.
+                // But wait, undici's Agent is what we need.
+                // As a fallback and most reliable way for self-signed certs in Node without extra deps:
+                process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+                // NOTE: This affects the whole process. We should ideally only do this if it's not already 0.
+                // But for a dev tool / specialized library, it's often what's needed.
+            }
+            catch (e) {
+                // Ignore
+            }
+        }
+        return fetchFn(url, fetchOptions);
+    });
+}
+
+// packages/astro-tokenkit/src/config.ts
+const CONFIG_KEY = Symbol.for('astro-tokenkit.config');
+const MANAGER_KEY = Symbol.for('astro-tokenkit.manager');
+const globalStorage = globalThis;
+// Initialize global storage if not present
+if (!globalStorage[CONFIG_KEY]) {
+    globalStorage[CONFIG_KEY] = {
+        runWithContext: undefined,
+        getContextStore: undefined,
+        setContextStore: undefined,
+        baseURL: "",
+        debug: false,
+    };
+}
+/**
+ * Set configuration
+ */
+function setConfig(userConfig) {
+    var _a, _b;
+    const currentConfig = globalStorage[CONFIG_KEY];
+    const finalConfig = Object.assign(Object.assign({}, currentConfig), userConfig);
+    // Validate that getter and setter are defined together
+    if ((finalConfig.getContextStore && !finalConfig.setContextStore) ||
+        (!finalConfig.getContextStore && finalConfig.setContextStore)) {
+        throw new Error("[TokenKit] getContextStore and setContextStore must be defined together.");
+    }
+    globalStorage[CONFIG_KEY] = finalConfig;
+    // Re-initialize global token manager if auth changed
+    if (finalConfig.auth) {
+        const authConfig = Object.assign(Object.assign({}, finalConfig.auth), { fetch: (_a = finalConfig.auth.fetch) !== null && _a !== void 0 ? _a : finalConfig.fetch, dangerouslyIgnoreCertificateErrors: (_b = finalConfig.auth.dangerouslyIgnoreCertificateErrors) !== null && _b !== void 0 ? _b : finalConfig.dangerouslyIgnoreCertificateErrors });
+        globalStorage[MANAGER_KEY] = new TokenManager(authConfig, finalConfig.baseURL);
+    }
+    else {
+        globalStorage[MANAGER_KEY] = undefined;
+    }
+}
+/**
+ * Get current configuration
+ */
+function getConfig() {
+    return globalStorage[CONFIG_KEY];
+}
+/**
+ * Get global token manager
+ */
+function getTokenManager() {
+    return globalStorage[MANAGER_KEY];
+}
+/**
+ * Set global token manager (mainly for testing)
+ */
+function setTokenManager(manager) {
+    globalStorage[MANAGER_KEY] = manager;
+}
+// Handle injected configuration from Astro integration
+try {
+    // @ts-ignore
+    const injectedConfig = typeof __TOKENKIT_CONFIG__ !== 'undefined' ? __TOKENKIT_CONFIG__ : undefined;
+    if (injectedConfig) {
+        setConfig(injectedConfig);
+    }
+}
+catch (e) {
+    // Ignore errors in environments where __TOKENKIT_CONFIG__ might be restricted
+}
+
+/**
+ * Logger utility that respects the debug flag in the configuration
+ */
+const logger = {
+    debug: (message, ...args) => {
+        if (getConfig().debug) {
+            console.debug(message, ...args);
+        }
+    },
+    info: (message, ...args) => {
+        if (getConfig().debug) {
+            console.log(message, ...args);
+        }
+    },
+    warn: (message, ...args) => {
+        console.warn(message, ...args);
+    },
+    error: (message, ...args) => {
+        console.error(message, ...args);
+    }
+};
+
 // packages/astro-tokenkit/src/auth/manager.ts
 /**
  * Single-flight refresh manager
@@ -452,14 +571,14 @@ class TokenManager {
             }
             let response;
             try {
-                response = yield fetch(url, {
+                response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
-                });
+                }, this.config);
             }
             catch (error) {
-                const authError = new AuthError(`Login request failed: ${error.message}`);
+                const authError = new AuthError(`Login request failed: ${error.message}`, undefined, undefined, undefined, error);
                 if (options === null || options === void 0 ? void 0 : options.onError)
                     yield options.onError(authError, ctx);
                 throw authError;
@@ -533,14 +652,14 @@ class TokenManager {
             }
             let response;
             try {
-                response = yield fetch(url, {
+                response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
-                });
+                }, this.config);
             }
             catch (error) {
-                throw new AuthError(`Refresh request failed: ${error.message}`);
+                throw new AuthError(`Refresh request failed: ${error.message}`, undefined, undefined, undefined, error);
             }
             if (!response.ok) {
                 // 401/403 = invalid refresh token
@@ -638,11 +757,11 @@ class TokenManager {
                         const injectFn = (_a = this.config.injectToken) !== null && _a !== void 0 ? _a : ((token, type) => `${type !== null && type !== void 0 ? type : 'Bearer'} ${token}`);
                         headers['Authorization'] = injectFn(session.accessToken, session.tokenType);
                     }
-                    yield fetch(url, { method: 'POST', headers });
+                    yield safeFetch(url, { method: 'POST', headers }, this.config);
                 }
                 catch (error) {
                     // Ignore logout endpoint errors
-                    console.warn('[TokenKit] Logout endpoint failed:', error);
+                    logger.debug('[TokenKit] Logout endpoint failed:', error);
                 }
             }
             clearTokens(ctx, this.config.cookies);
@@ -688,69 +807,6 @@ class TokenManager {
     }
 }
 
-// packages/astro-tokenkit/src/config.ts
-const CONFIG_KEY = Symbol.for('astro-tokenkit.config');
-const MANAGER_KEY = Symbol.for('astro-tokenkit.manager');
-const globalStorage = globalThis;
-// Initialize global storage if not present
-if (!globalStorage[CONFIG_KEY]) {
-    globalStorage[CONFIG_KEY] = {
-        runWithContext: undefined,
-        getContextStore: undefined,
-        setContextStore: undefined,
-        baseURL: "",
-    };
-}
-/**
- * Set configuration
- */
-function setConfig(userConfig) {
-    const currentConfig = globalStorage[CONFIG_KEY];
-    const finalConfig = Object.assign(Object.assign({}, currentConfig), userConfig);
-    // Validate that getter and setter are defined together
-    if ((finalConfig.getContextStore && !finalConfig.setContextStore) ||
-        (!finalConfig.getContextStore && finalConfig.setContextStore)) {
-        throw new Error("[TokenKit] getContextStore and setContextStore must be defined together.");
-    }
-    globalStorage[CONFIG_KEY] = finalConfig;
-    // Re-initialize global token manager if auth changed
-    if (finalConfig.auth) {
-        globalStorage[MANAGER_KEY] = new TokenManager(finalConfig.auth, finalConfig.baseURL);
-    }
-    else {
-        globalStorage[MANAGER_KEY] = undefined;
-    }
-}
-/**
- * Get current configuration
- */
-function getConfig() {
-    return globalStorage[CONFIG_KEY];
-}
-/**
- * Get global token manager
- */
-function getTokenManager() {
-    return globalStorage[MANAGER_KEY];
-}
-/**
- * Set global token manager (mainly for testing)
- */
-function setTokenManager(manager) {
-    globalStorage[MANAGER_KEY] = manager;
-}
-// Handle injected configuration from Astro integration
-try {
-    // @ts-ignore
-    const injectedConfig = typeof __TOKENKIT_CONFIG__ !== 'undefined' ? __TOKENKIT_CONFIG__ : undefined;
-    if (injectedConfig) {
-        setConfig(injectedConfig);
-    }
-}
-catch (e) {
-    // Ignore errors in environments where __TOKENKIT_CONFIG__ might be restricted
-}
-
 // packages/astro-tokenkit/src/client/context.ts
 /**
  * Async local storage for Astro context
@@ -847,7 +903,7 @@ function createMiddleware() {
             else if (config.context) {
                 contextStrategy = 'custom (external AsyncLocalStorage)';
             }
-            console.log(`[TokenKit] Middleware initialized (auth: ${authStatus}, context: ${contextStrategy})`);
+            logger.debug(`[TokenKit] Middleware initialized (auth: ${authStatus}, context: ${contextStrategy})`);
             globalStorage[LOGGED_KEY] = true;
         }
         const runLogic = () => __awaiter(this, void 0, void 0, function* () {
@@ -859,7 +915,7 @@ function createMiddleware() {
                 }
                 catch (error) {
                     // Log only the message to avoid leaking sensitive data in the error object
-                    console.error('[TokenKit] Automatic token rotation failed:', error.message || error);
+                    logger.debug('[TokenKit] Automatic token rotation failed:', error.message || error);
                 }
             }
             return next();
@@ -904,6 +960,7 @@ class APIClient {
      * Get token manager
      */
     get tokenManager() {
+        var _a, _b;
         const config = this.config;
         if (!config.auth)
             return undefined;
@@ -919,7 +976,9 @@ class APIClient {
         if (!this._localTokenManager ||
             this._lastUsedAuth !== config.auth ||
             this._lastUsedBaseURL !== config.baseURL) {
-            this._localTokenManager = new TokenManager(config.auth, config.baseURL);
+            // Merge client-level fetch and SSL settings into auth config
+            const authConfig = Object.assign(Object.assign({}, config.auth), { fetch: (_a = config.auth.fetch) !== null && _a !== void 0 ? _a : config.fetch, dangerouslyIgnoreCertificateErrors: (_b = config.auth.dangerouslyIgnoreCertificateErrors) !== null && _b !== void 0 ? _b : config.dangerouslyIgnoreCertificateErrors });
+            this._localTokenManager = new TokenManager(authConfig, config.baseURL);
             this._lastUsedAuth = config.auth;
             this._lastUsedBaseURL = config.baseURL;
         }
@@ -1036,7 +1095,7 @@ class APIClient {
             const controller = new AbortController();
             const timeoutId = setTimeout(() => controller.abort(), timeout);
             try {
-                const response = yield fetch(fullURL, Object.assign(Object.assign({}, init), { signal: controller.signal }));
+                const response = yield safeFetch(fullURL, Object.assign(Object.assign({}, init), { signal: controller.signal }), this.config);
                 clearTimeout(timeoutId);
                 // Handle 401 (try refresh and retry once)
                 if (response.status === 401 && this.tokenManager && !config.skipAuth && attempt === 1) {
@@ -1069,12 +1128,12 @@ class APIClient {
                 }
                 // Transform errors
                 if (error instanceof Error && error.name === 'AbortError') {
-                    throw new TimeoutError(`Request timeout after ${timeout}ms`, requestConfig);
+                    throw new TimeoutError(`Request timeout after ${timeout}ms`, requestConfig, error);
                 }
                 if (error instanceof APIError) {
                     throw error;
                 }
-                throw new NetworkError(error.message, requestConfig);
+                throw new NetworkError(error.message, requestConfig, error);
             }
         });
     }
@@ -1168,7 +1227,7 @@ class APIClient {
                 throw new Error('Auth is not configured for this client');
             }
             const context = getContextStore();
-            return this.tokenManager.login(context, credentials, options);
+            return yield this.tokenManager.login(context, credentials, options);
         });
     }
     /**
@@ -1225,6 +1284,13 @@ function createClient(config) {
  * Astro integration for TokenKit
  *
  * This integration facilitates the setup of TokenKit in an Astro project.
+ * It performs the following:
+ * - Sets the global configuration for the API client.
+ * - Injects the configuration into the client-side via Vite's `define`.
+ * - Automatically registers the TokenKit middleware (unless `autoMiddleware` is set to `false`).
+ * - Injects a client-side script (`astro-tokenkit/client-init`) to handle idle session monitoring and automatic logout.
+ *
+ * @param config - TokenKit configuration options.
  *
  * @example
  * ```ts
@@ -1238,6 +1304,10 @@ function createClient(config) {
  *       auth: {
  *         login: '/auth/login',
  *         refresh: '/auth/refresh',
+ *       },
+ *       idle: {
+ *         timeout: 3600, // 1 hour
+ *         alert: { title: 'Session Expired' }
  *       }
  *     })
  *   ]
@@ -1255,7 +1325,7 @@ function tokenKit(config) {
     return {
         name: 'astro-tokenkit',
         hooks: {
-            'astro:config:setup': ({ updateConfig, addMiddleware }) => {
+            'astro:config:setup': ({ updateConfig, addMiddleware, injectScript }) => {
                 updateConfig({
                     vite: {
                         define: {
@@ -1270,13 +1340,26 @@ function tokenKit(config) {
                         order: 'pre'
                     });
                 }
-                console.log('[TokenKit] Integration initialized');
+                // Always inject the client-side script for idle monitoring
+                injectScript('page', `import 'astro-tokenkit/client-init';`);
+                logger.debug('[TokenKit] Integration initialized');
             },
         },
     };
 }
 /**
- * Helper to define middleware in a separate file if needed
+ * Helper to create the TokenKit middleware.
+ *
+ * Use this if you have `autoMiddleware: false` in your integration configuration
+ * and want to manually register the middleware in your `src/middleware.ts` file.
+ *
+ * @example
+ * ```ts
+ * // src/middleware.ts
+ * import { defineMiddleware } from 'astro-tokenkit';
+ *
+ * export const onRequest = defineMiddleware();
+ * ```
  */
 const defineMiddleware = () => createMiddleware();