astro-tokenkit 1.0.17 → 1.0.19

package/README.md

@@ -114,6 +114,7 @@ const specializedClient = createClient({
 | `timeout` | `number` | Request timeout in milliseconds (default: 30000). |
 | `retry` | `RetryConfig` | Retry strategy for failed requests. |
 | `interceptors`| `InterceptorsConfig` | Request/Response/Error interceptors. |
+| `idle` | `IdleConfig` | Inactivity session timeout configuration. |
 | `context` | `AsyncLocalStorage` | External AsyncLocalStorage instance. |
 | `getContextStore`| `() => TokenKitContext`| Custom method to retrieve the context store. |
 | `setContextStore`| `(ctx) => void`| Custom method to set the context store. |
@@ -138,6 +139,47 @@ const specializedClient = createClient({
 | `cookies` | `CookieConfig` | Configuration for auth cookies. |
 | `policy` | `RefreshPolicy` | Strategy for when to trigger token refresh. |
 
+### Idle Session Timeout
+
+Astro TokenKit automatically monitors user inactivity and closes the session across all open tabs. This feature uses `BroadcastChannel` to synchronize activity and logout events.
+
+**Important:** When using the Astro integration, the `onIdle` function cannot be passed in `astro.config.mjs` because it is not serializable. Instead, listen for the `tk:idle` event on the client.
+
+| Property | Type | Description |
+| :--- | :--- | :--- |
+| `timeout` | `number` | **Required.** Inactivity timeout in seconds. |
+| `autoLogout`| `boolean` | Whether to automatically trigger logout by calling the configured logout endpoint (default: `true`). |
+| `activeTabOnly` | `boolean` | Whether to track activity only on the active tab to save CPU/memory (default: `true`). |
+| `alert` | `any` | Custom data to be passed to the `tk:idle` event. Ideal for configuring SweetAlert options. |
+
+#### Handling Idle Events (e.g. SweetAlert)
+
+On the client (browser), you can listen for the `tk:idle` event to show a notification. You can use the `alert` property from your configuration to pass options to your alert plugin.
+
+```javascript
+// astro.config.mjs
+tokenKit({
+  idle: {
+    timeout: 300,
+    alert: {
+      title: "Session Expired",
+      text: "You have been logged out due to inactivity.",
+      icon: "warning"
+    }
+  }
+})
+```
+
+```html
+<script>
+  window.addEventListener('tk:idle', (event) => {
+    const options = event.detail.alert;
+    // Use SweetAlert or any other plugin
+    swal(options);
+  });
+</script>
+```
+
 ### Login Options
 
 | Property | Type | Description |
@@ -242,6 +284,26 @@ api.login(credentials)
 
 > **Note:** Since all methods return an `APIResponse` object, you can use destructuring in `.then()` to access the data directly, which allows for clean syntax like `.then(({ data: token }) => ... )`.
 
+## Performance
+
+Astro TokenKit is designed with a "low impact" philosophy. It introduces negligible overhead to your requests while providing powerful features like automatic token rotation.
+
+### Benchmark Results
+
+Run on a standard development machine using `npm run bench`:
+
+| Scenario | Operations/sec | Latency (Overhead) |
+| :--- | :--- | :--- |
+| **Native fetch (Baseline)** | ~720,000 | 0µs |
+| **Middleware overhead** | ~1,680,000 | <1µs |
+| **APIClient (No Auth)** | ~200,000 | ~3.5µs |
+| **APIClient (With Auth)** | ~150,000 | ~5.3µs |
+
+**Key Takeaways:**
+- **Zero-impact Middleware:** The middleware adds less than 1 microsecond to each Astro request.
+- **Ultra-low Client Overhead:** Using the `APIClient` adds about 3-5 microseconds per request compared to native `fetch`.
+- **Negligible in Real World:** In a typical scenario where a network request takes 10ms (10,000µs), Astro TokenKit adds less than **0.05%** latency.
+
 ## License
 
 MIT © [oamm](https://github.com/oamm)

package/dist/auth/manager.d.ts

@@ -23,7 +23,7 @@ export declare class TokenManager {
     /**
      * Ensure valid tokens (with automatic refresh)
      */
-    ensure(ctx: TokenKitContext, options?: AuthOptions, headers?: Record<string, string>): Promise<Session | null>;
+    ensure(ctx: TokenKitContext, options?: AuthOptions, headers?: Record<string, string>, force?: boolean): Promise<Session | null>;
     /**
      * Logout (clear tokens)
      */

package/dist/auth/manager.js

@@ -26,21 +26,18 @@ class SingleFlight {
             const existing = this.inFlight.get(key);
             if (existing)
                 return existing;
-            const promise = this.doExecute(key, fn);
+            const promise = (() => __awaiter(this, void 0, void 0, function* () {
+                try {
+                    return yield fn();
+                }
+                finally {
+                    this.inFlight.delete(key);
+                }
+            }))();
             this.inFlight.set(key, promise);
             return promise;
         });
     }
-    doExecute(key, fn) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                return yield fn();
-            }
-            finally {
-                this.inFlight.delete(key);
-            }
-        });
-    }
 }
 /**
  * Token Manager handles all token operations
@@ -56,6 +53,7 @@ export class TokenManager {
      */
     login(ctx, credentials, options) {
         return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b;
             const url = this.joinURL(this.baseURL, this.config.login);
             const contentType = this.config.contentType || 'application/json';
             const headers = Object.assign(Object.assign({ 'Content-Type': contentType }, this.config.headers), options === null || options === void 0 ? void 0 : options.headers);
@@ -67,12 +65,16 @@ export class TokenManager {
             else {
                 requestBody = JSON.stringify(data);
             }
+            const timeout = (_b = (_a = options === null || options === void 0 ? void 0 : options.timeout) !== null && _a !== void 0 ? _a : this.config.timeout) !== null && _b !== void 0 ? _b : 30000;
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), timeout);
             let response;
             try {
                 response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
+                    signal: controller.signal,
                 }, this.config);
             }
             catch (error) {
@@ -81,6 +83,9 @@ export class TokenManager {
                     yield options.onError(authError, ctx);
                 throw authError;
             }
+            finally {
+                clearTimeout(timeoutId);
+            }
             if (!response.ok) {
                 const authError = new AuthError(`Login failed: ${response.status} ${response.statusText}`, response.status, response);
                 if (options === null || options === void 0 ? void 0 : options.onError)
@@ -136,6 +141,7 @@ export class TokenManager {
      */
     performRefresh(ctx, refreshToken, options, extraHeaders) {
         return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b;
             const url = this.joinURL(this.baseURL, this.config.refresh);
             const contentType = this.config.contentType || 'application/json';
             const headers = Object.assign(Object.assign({ 'Content-Type': contentType }, this.config.headers), extraHeaders);
@@ -148,17 +154,24 @@ export class TokenManager {
             else {
                 requestBody = JSON.stringify(data);
             }
+            const timeout = (_b = (_a = options === null || options === void 0 ? void 0 : options.timeout) !== null && _a !== void 0 ? _a : this.config.timeout) !== null && _b !== void 0 ? _b : 30000;
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), timeout);
             let response;
             try {
                 response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
+                    signal: controller.signal,
                 }, this.config);
             }
             catch (error) {
                 throw new AuthError(`Refresh request failed: ${error.message}`, undefined, undefined, undefined, error);
             }
+            finally {
+                clearTimeout(timeoutId);
+            }
             if (!response.ok) {
                 // 401/403 = invalid refresh token
                 if (response.status === 401 || response.status === 403) {
@@ -190,8 +203,8 @@ export class TokenManager {
     /**
      * Ensure valid tokens (with automatic refresh)
      */
-    ensure(ctx, options, headers) {
-        return __awaiter(this, void 0, void 0, function* () {
+    ensure(ctx_1, options_1, headers_1) {
+        return __awaiter(this, arguments, void 0, function* (ctx, options, headers, force = false) {
             var _a, _b, _c, _d, _e, _f;
             const now = Math.floor(Date.now() / 1000);
             const tokens = retrieveTokens(ctx, this.config.cookies);
@@ -199,12 +212,14 @@ export class TokenManager {
             if (!tokens.accessToken || !tokens.refreshToken || !tokens.expiresAt) {
                 return null;
             }
-            // Token expired
-            if (isExpired(tokens.expiresAt, now, this.config.policy)) {
+            // Token expired or force refresh
+            if (force || isExpired(tokens.expiresAt, now, this.config.policy)) {
                 const flightKey = this.createFlightKey(tokens.refreshToken);
                 const bundle = yield this.singleFlight.execute(flightKey, () => this.refresh(ctx, tokens.refreshToken, options, headers));
                 if (!bundle)
                     return null;
+                // Ensure tokens are stored in the current context (in case of shared flight)
+                storeTokens(ctx, bundle, this.config.cookies);
                 return {
                     accessToken: bundle.accessToken,
                     expiresAt: bundle.accessExpiresAt,
@@ -217,6 +232,8 @@ export class TokenManager {
                 const flightKey = this.createFlightKey(tokens.refreshToken);
                 const bundle = yield this.singleFlight.execute(flightKey, () => this.refresh(ctx, tokens.refreshToken, options, headers));
                 if (bundle) {
+                    // Ensure tokens are stored in the current context (in case of shared flight)
+                    storeTokens(ctx, bundle, this.config.cookies);
                     return {
                         accessToken: bundle.accessToken,
                         expiresAt: bundle.accessExpiresAt,
@@ -244,23 +261,33 @@ export class TokenManager {
      */
     logout(ctx) {
         return __awaiter(this, void 0, void 0, function* () {
-            var _a;
+            var _a, _b;
             // Optionally call logout endpoint
             if (this.config.logout) {
+                const timeout = (_a = this.config.timeout) !== null && _a !== void 0 ? _a : 10000;
+                const controller = new AbortController();
+                const timeoutId = setTimeout(() => controller.abort(), timeout);
                 try {
                     const url = this.joinURL(this.baseURL, this.config.logout);
                     const session = this.getSession(ctx);
                     const headers = {};
                     if (session === null || session === void 0 ? void 0 : session.accessToken) {
-                        const injectFn = (_a = this.config.injectToken) !== null && _a !== void 0 ? _a : ((token, type) => `${type !== null && type !== void 0 ? type : 'Bearer'} ${token}`);
+                        const injectFn = (_b = this.config.injectToken) !== null && _b !== void 0 ? _b : ((token, type) => `${type !== null && type !== void 0 ? type : 'Bearer'} ${token}`);
                         headers['Authorization'] = injectFn(session.accessToken, session.tokenType);
                     }
-                    yield safeFetch(url, { method: 'POST', headers }, this.config);
+                    yield safeFetch(url, {
+                        method: 'POST',
+                        headers,
+                        signal: controller.signal,
+                    }, this.config);
                 }
                 catch (error) {
                     // Ignore logout endpoint errors
                     logger.debug('[TokenKit] Logout endpoint failed:', error);
                 }
+                finally {
+                    clearTimeout(timeoutId);
+                }
             }
             clearTokens(ctx, this.config.cookies);
         });

package/dist/client/client.d.ts

@@ -1,4 +1,4 @@
-import type { APIResponse, ClientConfig, RequestConfig, RequestOptions, Session, TokenKitConfig, LoginOptions, TokenBundle } from '../types';
+import type { APIResponse, ClientConfig, LoginOptions, RequestConfig, RequestOptions, Session, TokenBundle, TokenKitConfig } from '../types';
 import { TokenManager } from '../auth/manager';
 /**
  * API Client

package/dist/client/client.js

@@ -177,8 +177,8 @@ export class APIClient {
                 clearTimeout(timeoutId);
                 // Handle 401 (try refresh and retry once)
                 if (response.status === 401 && this.tokenManager && !config.skipAuth && attempt === 1) {
-                    // Clear and try fresh session
-                    const session = yield this.tokenManager.ensure(ctx, config.auth, config.headers);
+                    // Clear and try fresh session (force refresh)
+                    const session = yield this.tokenManager.ensure(ctx, config.auth, config.headers, true);
                     if (session) {
                         // Retry with new token
                         return this.executeRequest(config, ctx, attempt + 1);
@@ -305,7 +305,7 @@ export class APIClient {
                 throw new Error('Auth is not configured for this client');
             }
             const context = getContextStore();
-            return this.tokenManager.login(context, credentials, options);
+            return yield this.tokenManager.login(context, credentials, options);
         });
     }
     /**

package/dist/client/idle-manager.d.ts

@@ -0,0 +1,30 @@
+import type { IdleConfig } from '../types';
+/**
+ * IdleManager handles user inactivity across multiple tabs.
+ * It uses BroadcastChannel to synchronize activity and logout events.
+ */
+export declare class IdleManager {
+    private channel;
+    private timeout;
+    private onIdle;
+    private activeTabOnly;
+    private rafId;
+    private lastCheck;
+    private isIdle;
+    private eventHandler;
+    private config;
+    private isMonitoring;
+    private lastActivity;
+    private expiredTimeKey;
+    constructor(config: IdleConfig);
+    private start;
+    private loop;
+    private setupEventListeners;
+    private addTrackers;
+    private removeTrackers;
+    private reportActivity;
+    private updateExpiredTimeLocal;
+    private handleTimeout;
+    private triggerIdle;
+    cleanup(): void;
+}

package/dist/client/idle-manager.js

@@ -0,0 +1,138 @@
+/**
+ * IdleManager handles user inactivity across multiple tabs.
+ * It uses BroadcastChannel to synchronize activity and logout events.
+ */
+export class IdleManager {
+    constructor(config) {
+        var _a;
+        this.channel = null;
+        this.rafId = null;
+        this.lastCheck = 0;
+        this.isIdle = false;
+        this.isMonitoring = false;
+        this.lastActivity = 0;
+        this.config = config;
+        this.timeout = config.timeout;
+        this.onIdle = config.onIdle || (() => { });
+        this.activeTabOnly = (_a = config.activeTabOnly) !== null && _a !== void 0 ? _a : true;
+        this.expiredTimeKey = '_tk_idle_expires';
+        this.eventHandler = this.reportActivity.bind(this);
+        this.isIdle = false;
+        if (typeof window === 'undefined')
+            return;
+        try {
+            this.channel = new BroadcastChannel('tk_idle_channel');
+            this.channel.onmessage = (event) => {
+                if (event.data === 'activity') {
+                    this.updateExpiredTimeLocal();
+                }
+                else if (event.data === 'logout') {
+                    this.triggerIdle();
+                }
+            };
+        }
+        catch (e) {
+            // BroadcastChannel might fail in some environments (e.g. private mode)
+        }
+        this.start();
+    }
+    start() {
+        if (typeof window === 'undefined')
+            return;
+        this.updateExpiredTimeLocal();
+        this.setupEventListeners();
+        this.loop();
+    }
+    loop() {
+        if (this.isIdle)
+            return;
+        const now = Date.now();
+        // Check every 1 second
+        if (now - this.lastCheck >= 1000) {
+            const expiredTime = parseInt(localStorage.getItem(this.expiredTimeKey) || '0', 10);
+            if (expiredTime > 0 && now > expiredTime) {
+                this.handleTimeout();
+                return;
+            }
+            this.lastCheck = now;
+        }
+        this.rafId = requestAnimationFrame(() => this.loop());
+    }
+    setupEventListeners() {
+        if (this.activeTabOnly) {
+            document.addEventListener('visibilitychange', () => {
+                if (document.visibilityState === 'visible') {
+                    this.addTrackers();
+                }
+                else {
+                    this.removeTrackers();
+                }
+            });
+            if (document.visibilityState === 'visible') {
+                this.addTrackers();
+            }
+        }
+        else {
+            this.addTrackers();
+        }
+    }
+    addTrackers() {
+        if (this.isMonitoring)
+            return;
+        const events = ['mousemove', 'keydown', 'scroll', 'click', 'touchstart'];
+        events.forEach(e => window.addEventListener(e, this.eventHandler, { passive: true }));
+        this.isMonitoring = true;
+    }
+    removeTrackers() {
+        if (!this.isMonitoring)
+            return;
+        const events = ['mousemove', 'keydown', 'scroll', 'click', 'touchstart'];
+        events.forEach(e => window.removeEventListener(e, this.eventHandler));
+        this.isMonitoring = false;
+    }
+    reportActivity() {
+        const now = Date.now();
+        // Throttle reporting to every 1 second to reduce overhead
+        if (now - this.lastActivity < 1000)
+            return;
+        this.lastActivity = now;
+        this.updateExpiredTimeLocal();
+        if (this.channel) {
+            this.channel.postMessage('activity');
+        }
+    }
+    updateExpiredTimeLocal() {
+        const expires = Date.now() + (this.timeout * 1000);
+        localStorage.setItem(this.expiredTimeKey, expires.toString());
+    }
+    handleTimeout() {
+        if (this.isIdle)
+            return;
+        if (this.channel) {
+            this.channel.postMessage('logout');
+        }
+        this.triggerIdle();
+    }
+    triggerIdle() {
+        if (this.isIdle)
+            return;
+        this.isIdle = true;
+        if (typeof window !== 'undefined') {
+            window.dispatchEvent(new CustomEvent('tk:idle', { detail: this.config }));
+        }
+        this.cleanup();
+        this.onIdle();
+    }
+    cleanup() {
+        if (this.rafId) {
+            cancelAnimationFrame(this.rafId);
+            this.rafId = null;
+        }
+        this.removeTrackers();
+        if (this.channel) {
+            this.channel.close();
+            this.channel = null;
+        }
+        localStorage.removeItem(this.expiredTimeKey);
+    }
+}

package/dist/client/tk-client.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/client/tk-client.js

@@ -0,0 +1,22 @@
+import { IdleManager } from './idle-manager';
+if (typeof window !== 'undefined') {
+    const config = typeof __TOKENKIT_CONFIG__ !== 'undefined' ? __TOKENKIT_CONFIG__ : {};
+    // Initialize Idle Monitoring if configured
+    if (config.idle && config.idle.timeout > 0) {
+        new IdleManager(Object.assign(Object.assign({}, config.idle), { onIdle: () => {
+                var _a;
+                // Note: IdleManager dispatches 'tk:idle' automatically
+                if (config.idle.autoLogout !== false && ((_a = config.auth) === null || _a === void 0 ? void 0 : _a.logout)) {
+                    const logoutURL = config.auth.logout.startsWith('http')
+                        ? config.auth.logout
+                        : (config.baseURL || '') + config.auth.logout;
+                    fetch(logoutURL, {
+                        method: 'POST',
+                        credentials: 'include'
+                    }).finally(() => {
+                        window.location.reload();
+                    });
+                }
+            } }));
+    }
+}