npm - authfyio-javascript - Versions diffs - 0.2.1 - Mend

authfyio-javascript 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,21 @@
+# authfyio-javascript
+Framework-free JavaScript SDK for Authfyio — browser sessions, auth state subscription, and admin calls.
+> Part of [Authfyio](https://authfyio.com) — a self-hostable authentication platform.
+## Install
+```bash
+npm install authfyio-javascript
+```
+## Usage
+See the full guide at **https://authfyio.com/docs**.
+Point the SDK at your Authfyio instance via the same-origin proxy (`/api/af`) or set `AF_API_BASE_URL` for server-side calls.
+## License
+MIT

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,72 @@
+/**
+ * Framework-free JavaScript SDK — works with Vite, Webpack, Rollup, ESM
+ * CDN, or plain `<script type="module">`.
+ *
+ *     import { createAuthfyio } from 'authfyio-javascript';
+ *     const kolay = createAuthfyio({ baseUrl: 'https://fapi.example.com' });
+ *     kolay.onAuthChange((auth) => {
+ *       if (auth.isSignedIn) document.body.dataset.user = auth.userId!;
+ *     });
+ *     await kolay.signInEmailPassword('a@b.com', '…');
+ *
+ * Sessions are driven by the two-cookie Authfyio model — this SDK reads
+ * `__session` on every tick to stay in sync and calls `/sessions/refresh`
+ * before the JWT expires.
+ */
+export type SessionClaims = {
+    sid: string;
+    sub: string;
+    env: string;
+    org?: string;
+    org_role?: string;
+    /** Permission keys held in the active org (e.g. 'org:sys_billing:manage'). */
+    org_perms?: string[];
+    iat?: number;
+    exp?: number;
+};
+export type HasCheck = {
+    role?: string;
+    permission?: string;
+};
+export type AuthState = {
+    isSignedIn: boolean;
+    userId: string | null;
+    sessionId: string | null;
+    orgId: string | null;
+    orgRole: string | null;
+    claims: SessionClaims | null;
+    jwt: string | null;
+};
+/**
+ * Browser-side default. Assumes a same-origin proxy mounted at `/api/af`
+ * (e.g. `authfyio-nextjs/proxy` for Next.js apps). Override `baseUrl`
+ * if you mount the proxy elsewhere or call api.authfyio.com directly
+ * from a same-eTLD+1 host.
+ */
+export declare const DEFAULT_BASE_URL = "/api/af";
+export type AuthfyioBrowserOptions = {
+    baseUrl?: string;
+    autoRefresh?: boolean;
+    refreshSkewSeconds?: number;
+};
+export type AuthfyioBrowser = {
+    state(): AuthState;
+    onAuthChange(listener: (state: AuthState) => void): () => void;
+    refresh(): Promise<AuthState>;
+    signInEmailPassword(email: string, password: string): Promise<AuthState>;
+    signUpEmailPassword(email: string, password: string): Promise<AuthState>;
+    signInMagicLink(email: string): Promise<void>;
+    signOut(): Promise<void>;
+    oauthRedirectUrl(provider: 'google' | 'github'): string;
+    /** Raw JWT for attaching to your own API requests. */
+    getToken(): string | null;
+    /**
+     * Synchronous gating helper. Reads the JWT's `org_role` / `org_perms`
+     * claims so it works without a network round-trip. Returns false when
+     * the user has no active org (for permission checks) or no matching
+     * role.
+     */
+    has(check: HasCheck): boolean;
+};
+export declare function createAuthfyio(opts?: AuthfyioBrowserOptions): AuthfyioBrowser;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,QAAQ,GAAG;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,UAAU,EAAE,OAAO,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,aAAa,GAAG,IAAI,CAAC;IAC7B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;CACpB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,YAAY,CAAC;AAE1C,MAAM,MAAM,sBAAsB,GAAG;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,KAAK,IAAI,SAAS,CAAC;IACnB,YAAY,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,IAAI,GAAG,MAAM,IAAI,CAAC;IAC/D,OAAO,IAAI,OAAO,CAAC,SAAS,CAAC,CAAC;IAC9B,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACzE,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACzE,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9C,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;IACxD,sDAAsD;IACtD,QAAQ,IAAI,MAAM,GAAG,IAAI,CAAC;IAC1B;;;;;OAKG;IACH,GAAG,CAAC,KAAK,EAAE,QAAQ,GAAG,OAAO,CAAC;CAC/B,CAAC;AAEF,wBAAgB,cAAc,CAAC,IAAI,GAAE,sBAA2B,GAAG,eAAe,CAmIjF"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,204 @@
+/**
+ * Framework-free JavaScript SDK — works with Vite, Webpack, Rollup, ESM
+ * CDN, or plain `<script type="module">`.
+ *
+ *     import { createAuthfyio } from 'authfyio-javascript';
+ *     const kolay = createAuthfyio({ baseUrl: 'https://fapi.example.com' });
+ *     kolay.onAuthChange((auth) => {
+ *       if (auth.isSignedIn) document.body.dataset.user = auth.userId!;
+ *     });
+ *     await kolay.signInEmailPassword('a@b.com', '…');
+ *
+ * Sessions are driven by the two-cookie Authfyio model — this SDK reads
+ * `__session` on every tick to stay in sync and calls `/sessions/refresh`
+ * before the JWT expires.
+ */
+/**
+ * Browser-side default. Assumes a same-origin proxy mounted at `/api/af`
+ * (e.g. `authfyio-nextjs/proxy` for Next.js apps). Override `baseUrl`
+ * if you mount the proxy elsewhere or call api.authfyio.com directly
+ * from a same-eTLD+1 host.
+ */
+export const DEFAULT_BASE_URL = '/api/af';
+export function createAuthfyio(opts = {}) {
+    const baseUrl = (opts.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, '');
+    const listeners = new Set();
+    let current = readState();
+    let refreshTimer = null;
+    function readState() {
+        const jwt = readSessionCookie();
+        if (!jwt)
+            return empty();
+        try {
+            const claims = decodeJwt(jwt);
+            return {
+                isSignedIn: true,
+                userId: claims.sub ?? null,
+                sessionId: claims.sid ?? null,
+                orgId: claims.org ?? null,
+                orgRole: claims.org_role ?? null,
+                claims,
+                jwt,
+            };
+        }
+        catch {
+            return empty();
+        }
+    }
+    function emit() {
+        const next = readState();
+        if (!shallowEqual(next, current)) {
+            current = next;
+            for (const fn of listeners)
+                fn(current);
+        }
+        else {
+            current = next;
+        }
+    }
+    function scheduleRefresh() {
+        if (refreshTimer)
+            clearTimeout(refreshTimer);
+        if (opts.autoRefresh === false)
+            return;
+        if (!current.isSignedIn || !current.claims?.exp)
+            return;
+        const skew = opts.refreshSkewSeconds ?? 15;
+        const msUntil = Math.max(0, current.claims.exp * 1000 - Date.now() - skew * 1000);
+        refreshTimer = setTimeout(async () => {
+            try {
+                await api.refresh();
+            }
+            catch { }
+        }, msUntil);
+    }
+    const api = {
+        state: () => current,
+        onAuthChange(fn) {
+            listeners.add(fn);
+            fn(current);
+            return () => listeners.delete(fn);
+        },
+        async refresh() {
+            await fetch(`${baseUrl}/v1/auth/sessions/refresh`, {
+                method: 'POST',
+                credentials: 'include',
+            });
+            emit();
+            scheduleRefresh();
+            return current;
+        },
+        async signInEmailPassword(email, password) {
+            const res = await fetch(`${baseUrl}/v1/auth/sign-in/email-password`, {
+                method: 'POST',
+                credentials: 'include',
+                headers: { 'content-type': 'application/json' },
+                body: JSON.stringify({ email, password }),
+            });
+            if (!res.ok)
+                throw new Error('invalid_credentials');
+            emit();
+            scheduleRefresh();
+            return current;
+        },
+        async signUpEmailPassword(email, password) {
+            const res = await fetch(`${baseUrl}/v1/auth/sign-up/email-password`, {
+                method: 'POST',
+                credentials: 'include',
+                headers: { 'content-type': 'application/json' },
+                body: JSON.stringify({ email, password }),
+            });
+            if (!res.ok) {
+                const body = (await res.json().catch(() => null));
+                throw new Error(body?.message ?? 'signup_failed');
+            }
+            emit();
+            scheduleRefresh();
+            return current;
+        },
+        async signInMagicLink(email) {
+            await fetch(`${baseUrl}/v1/auth/sign-in/magic-link`, {
+                method: 'POST',
+                credentials: 'include',
+                headers: { 'content-type': 'application/json' },
+                body: JSON.stringify({ email }),
+            });
+        },
+        async signOut() {
+            await fetch(`${baseUrl}/v1/auth/sign-out`, {
+                method: 'POST',
+                credentials: 'include',
+            });
+            emit();
+            if (refreshTimer)
+                clearTimeout(refreshTimer);
+        },
+        oauthRedirectUrl(provider) {
+            return `${baseUrl}/v1/auth/oauth/${provider}/authorize`;
+        },
+        getToken() {
+            return current.jwt;
+        },
+        has(check) {
+            if (!current.isSignedIn || !current.claims)
+                return false;
+            if (check.role && current.claims.org_role !== check.role)
+                return false;
+            if (check.permission) {
+                if (!current.claims.org)
+                    return false;
+                const perms = Array.isArray(current.claims.org_perms) ? current.claims.org_perms : [];
+                if (!perms.includes(check.permission))
+                    return false;
+            }
+            return true;
+        },
+    };
+    scheduleRefresh();
+    // Cheap drift detection — re-check cookies every 30s in case another tab
+    // (or a direct server-side rotation) changed the JWT.
+    if (typeof window !== 'undefined') {
+        setInterval(emit, 30_000);
+    }
+    return api;
+}
+function empty() {
+    return {
+        isSignedIn: false,
+        userId: null,
+        sessionId: null,
+        orgId: null,
+        orgRole: null,
+        claims: null,
+        jwt: null,
+    };
+}
+function shallowEqual(a, b) {
+    return (a.isSignedIn === b.isSignedIn &&
+        a.userId === b.userId &&
+        a.sessionId === b.sessionId &&
+        a.orgId === b.orgId &&
+        a.orgRole === b.orgRole &&
+        a.jwt === b.jwt);
+}
+function readSessionCookie() {
+    if (typeof document === 'undefined')
+        return null;
+    for (const pair of document.cookie.split(';')) {
+        const eq = pair.indexOf('=');
+        if (eq <= 0)
+            continue;
+        const name = pair.slice(0, eq).trim();
+        if (name !== '__session')
+            continue;
+        return decodeURIComponent(pair.slice(eq + 1).trim());
+    }
+    return null;
+}
+function decodeJwt(token) {
+    const [, payload] = token.split('.');
+    const b64 = payload.replace(/-/g, '+').replace(/_/g, '/');
+    const padded = b64 + '='.repeat((4 - (b64.length % 4)) % 4);
+    const json = atob(padded);
+    return JSON.parse(json);
+}

package/package.json ADDED Viewed

@@ -0,0 +1,39 @@
+{
+  "name": "authfyio-javascript",
+  "version": "0.2.1",
+  "description": "Framework-free JavaScript SDK for Authfyio — browser sessions, auth state subscription, and admin calls.",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "typecheck": "tsc -p tsconfig.build.json --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "authfyio",
+    "auth",
+    "javascript",
+    "browser",
+    "sdk"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "homepage": "https://authfyio.com/docs",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/authfyio/authfyio.git"
+  }
+}