astro-tokenkit 1.0.16 → 1.0.18

package/dist/integration.d.ts

@@ -4,6 +4,13 @@ import type { TokenKitConfig } from './types';
  * Astro integration for TokenKit
  *
  * This integration facilitates the setup of TokenKit in an Astro project.
+ * It performs the following:
+ * - Sets the global configuration for the API client.
+ * - Injects the configuration into the client-side via Vite's `define`.
+ * - Automatically registers the TokenKit middleware (unless `autoMiddleware` is set to `false`).
+ * - Injects a client-side script (`astro-tokenkit/client-init`) to handle idle session monitoring and automatic logout.
+ *
+ * @param config - TokenKit configuration options.
  *
  * @example
  * ```ts
@@ -17,6 +24,10 @@ import type { TokenKitConfig } from './types';
  *       auth: {
  *         login: '/auth/login',
  *         refresh: '/auth/refresh',
+ *       },
+ *       idle: {
+ *         timeout: 3600, // 1 hour
+ *         alert: { title: 'Session Expired' }
  *       }
  *     })
  *   ]
@@ -25,6 +36,17 @@ import type { TokenKitConfig } from './types';
  */
 export declare function tokenKit(config: TokenKitConfig): AstroIntegration;
 /**
- * Helper to define middleware in a separate file if needed
+ * Helper to create the TokenKit middleware.
+ *
+ * Use this if you have `autoMiddleware: false` in your integration configuration
+ * and want to manually register the middleware in your `src/middleware.ts` file.
+ *
+ * @example
+ * ```ts
+ * // src/middleware.ts
+ * import { defineMiddleware } from 'astro-tokenkit';
+ *
+ * export const onRequest = defineMiddleware();
+ * ```
  */
 export declare const defineMiddleware: () => import("astro").MiddlewareHandler;

package/dist/integration.js

@@ -1,10 +1,18 @@
 // packages/astro-tokenkit/src/integration.ts
 import { createMiddleware } from './middleware';
 import { setConfig } from './config';
+import { logger } from './utils/logger';
 /**
  * Astro integration for TokenKit
  *
  * This integration facilitates the setup of TokenKit in an Astro project.
+ * It performs the following:
+ * - Sets the global configuration for the API client.
+ * - Injects the configuration into the client-side via Vite's `define`.
+ * - Automatically registers the TokenKit middleware (unless `autoMiddleware` is set to `false`).
+ * - Injects a client-side script (`astro-tokenkit/client-init`) to handle idle session monitoring and automatic logout.
+ *
+ * @param config - TokenKit configuration options.
  *
  * @example
  * ```ts
@@ -18,6 +26,10 @@ import { setConfig } from './config';
  *       auth: {
  *         login: '/auth/login',
  *         refresh: '/auth/refresh',
+ *       },
+ *       idle: {
+ *         timeout: 3600, // 1 hour
+ *         alert: { title: 'Session Expired' }
  *       }
  *     })
  *   ]
@@ -35,7 +47,7 @@ export function tokenKit(config) {
     return {
         name: 'astro-tokenkit',
         hooks: {
-            'astro:config:setup': ({ updateConfig, addMiddleware }) => {
+            'astro:config:setup': ({ updateConfig, addMiddleware, injectScript }) => {
                 updateConfig({
                     vite: {
                         define: {
@@ -50,12 +62,25 @@ export function tokenKit(config) {
                         order: 'pre'
                     });
                 }
-                console.log('[TokenKit] Integration initialized');
+                // Always inject the client-side script for idle monitoring
+                injectScript('page', `import 'astro-tokenkit/client-init';`);
+                logger.debug('[TokenKit] Integration initialized');
             },
         },
     };
 }
 /**
- * Helper to define middleware in a separate file if needed
+ * Helper to create the TokenKit middleware.
+ *
+ * Use this if you have `autoMiddleware: false` in your integration configuration
+ * and want to manually register the middleware in your `src/middleware.ts` file.
+ *
+ * @example
+ * ```ts
+ * // src/middleware.ts
+ * import { defineMiddleware } from 'astro-tokenkit';
+ *
+ * export const onRequest = defineMiddleware();
+ * ```
  */
 export const defineMiddleware = () => createMiddleware();

package/dist/middleware.cjs

@@ -39,20 +39,23 @@ typeof SuppressedError === "function" ? SuppressedError : function (error, suppr
  * API Error
  */
 class APIError extends Error {
-    constructor(message, status, response, request) {
+    constructor(message, status, response, request, cause) {
         super(message);
         this.status = status;
         this.response = response;
         this.request = request;
+        this.cause = cause;
         this.name = 'APIError';
+        if (cause && !this.cause)
+            this.cause = cause;
     }
 }
 /**
  * Authentication Error
  */
 class AuthError extends APIError {
-    constructor(message, status, response, request) {
-        super(message, status, response, request);
+    constructor(message, status, response, request, cause) {
+        super(message, status, response, request, cause);
         this.name = 'AuthError';
     }
 }
@@ -366,6 +369,56 @@ function isExpired(expiresAt, now, policy = {}) {
     return now + clockSkew > expiresAt;
 }
 
+// packages/astro-tokenkit/src/utils/fetch.ts
+/**
+ * Perform a fetch request with optional certificate validation bypass
+ */
+function safeFetch(url, init, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const fetchFn = config.fetch || fetch;
+        const fetchOptions = Object.assign({}, init);
+        if (config.dangerouslyIgnoreCertificateErrors && typeof process !== 'undefined') {
+            // In Node.js environment
+            try {
+                // Try to use undici Agent if available (it is built-in in Node 18+)
+                // However, we might need to import it if we want to create an Agent.
+                // Since we don't want to depend on undici in package.json, we use dynamic import.
+                // But wait, undici's Agent is what we need.
+                // As a fallback and most reliable way for self-signed certs in Node without extra deps:
+                process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+                // NOTE: This affects the whole process. We should ideally only do this if it's not already 0.
+                // But for a dev tool / specialized library, it's often what's needed.
+            }
+            catch (e) {
+                // Ignore
+            }
+        }
+        return fetchFn(url, fetchOptions);
+    });
+}
+
+/**
+ * Logger utility that respects the debug flag in the configuration
+ */
+const logger = {
+    debug: (message, ...args) => {
+        if (getConfig().debug) {
+            console.debug(message, ...args);
+        }
+    },
+    info: (message, ...args) => {
+        if (getConfig().debug) {
+            console.log(message, ...args);
+        }
+    },
+    warn: (message, ...args) => {
+        console.warn(message, ...args);
+    },
+    error: (message, ...args) => {
+        console.error(message, ...args);
+    }
+};
+
 // packages/astro-tokenkit/src/auth/manager.ts
 /**
  * Single-flight refresh manager
@@ -422,14 +475,14 @@ class TokenManager {
             }
             let response;
             try {
-                response = yield fetch(url, {
+                response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
-                });
+                }, this.config);
             }
             catch (error) {
-                const authError = new AuthError(`Login request failed: ${error.message}`);
+                const authError = new AuthError(`Login request failed: ${error.message}`, undefined, undefined, undefined, error);
                 if (options === null || options === void 0 ? void 0 : options.onError)
                     yield options.onError(authError, ctx);
                 throw authError;
@@ -503,14 +556,14 @@ class TokenManager {
             }
             let response;
             try {
-                response = yield fetch(url, {
+                response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
-                });
+                }, this.config);
             }
             catch (error) {
-                throw new AuthError(`Refresh request failed: ${error.message}`);
+                throw new AuthError(`Refresh request failed: ${error.message}`, undefined, undefined, undefined, error);
             }
             if (!response.ok) {
                 // 401/403 = invalid refresh token
@@ -608,11 +661,11 @@ class TokenManager {
                         const injectFn = (_a = this.config.injectToken) !== null && _a !== void 0 ? _a : ((token, type) => `${type !== null && type !== void 0 ? type : 'Bearer'} ${token}`);
                         headers['Authorization'] = injectFn(session.accessToken, session.tokenType);
                     }
-                    yield fetch(url, { method: 'POST', headers });
+                    yield safeFetch(url, { method: 'POST', headers }, this.config);
                 }
                 catch (error) {
                     // Ignore logout endpoint errors
-                    console.warn('[TokenKit] Logout endpoint failed:', error);
+                    logger.debug('[TokenKit] Logout endpoint failed:', error);
                 }
             }
             clearTokens(ctx, this.config.cookies);
@@ -669,12 +722,14 @@ if (!globalStorage[CONFIG_KEY]) {
         getContextStore: undefined,
         setContextStore: undefined,
         baseURL: "",
+        debug: false,
     };
 }
 /**
  * Set configuration
  */
 function setConfig(userConfig) {
+    var _a, _b;
     const currentConfig = globalStorage[CONFIG_KEY];
     const finalConfig = Object.assign(Object.assign({}, currentConfig), userConfig);
     // Validate that getter and setter are defined together
@@ -685,7 +740,8 @@ function setConfig(userConfig) {
     globalStorage[CONFIG_KEY] = finalConfig;
     // Re-initialize global token manager if auth changed
     if (finalConfig.auth) {
-        globalStorage[MANAGER_KEY] = new TokenManager(finalConfig.auth, finalConfig.baseURL);
+        const authConfig = Object.assign(Object.assign({}, finalConfig.auth), { fetch: (_a = finalConfig.auth.fetch) !== null && _a !== void 0 ? _a : finalConfig.fetch, dangerouslyIgnoreCertificateErrors: (_b = finalConfig.auth.dangerouslyIgnoreCertificateErrors) !== null && _b !== void 0 ? _b : finalConfig.dangerouslyIgnoreCertificateErrors });
+        globalStorage[MANAGER_KEY] = new TokenManager(authConfig, finalConfig.baseURL);
     }
     else {
         globalStorage[MANAGER_KEY] = undefined;
@@ -754,7 +810,7 @@ function createMiddleware() {
             else if (config.context) {
                 contextStrategy = 'custom (external AsyncLocalStorage)';
             }
-            console.log(`[TokenKit] Middleware initialized (auth: ${authStatus}, context: ${contextStrategy})`);
+            logger.debug(`[TokenKit] Middleware initialized (auth: ${authStatus}, context: ${contextStrategy})`);
             globalStorage[LOGGED_KEY] = true;
         }
         const runLogic = () => __awaiter(this, void 0, void 0, function* () {
@@ -766,7 +822,7 @@ function createMiddleware() {
                 }
                 catch (error) {
                     // Log only the message to avoid leaking sensitive data in the error object
-                    console.error('[TokenKit] Automatic token rotation failed:', error.message || error);
+                    logger.debug('[TokenKit] Automatic token rotation failed:', error.message || error);
                 }
             }
             return next();