authfyio-react 0.3.9

package/dist/hooks-flow.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Higher-level hooks that wrap the raw auth endpoints with a controlled-form
+ * API. Use these to build a fully custom sign-in / sign-up UI without
+ * reaching for fetch() every time.
+ */
+export type SignInCreateParams = {
+    identifier: string;
+    password?: string;
+};
+export type SignInVerifyParams = {
+    code: string;
+};
+export type SignInResource = {
+    isLoading: boolean;
+    error: string | null;
+    /** Start email + password sign-in. Returns { status: 'complete' } on success. */
+    create: (p: SignInCreateParams) => Promise<{
+        status: 'complete' | 'needs_verification';
+    }>;
+    /** Start magic link / SMS OTP. Tell the user to watch their inbox / phone. */
+    sendCode: (p: {
+        strategy: 'magic_link' | 'sms_otp';
+        identifier: string;
+    }) => Promise<{
+        ok: boolean;
+    }>;
+    /** Verify SMS OTP. */
+    verifyCode: (p: SignInVerifyParams & {
+        phone: string;
+    }) => Promise<{
+        status: 'complete';
+    }>;
+    /** Start a Google / GitHub OAuth flow — returns the URL to navigate to. */
+    authenticateWithRedirect: (p: {
+        strategy: 'oauth_google' | 'oauth_github';
+        redirectUrl?: string;
+    }) => string;
+};
+export type SignUpCreateParams = {
+    emailAddress: string;
+    password: string;
+};
+export type SignUpResource = {
+    isLoading: boolean;
+    error: string | null;
+    create: (p: SignUpCreateParams) => Promise<{
+        status: 'complete';
+    }>;
+};
+/**
+ * Stateful controller for a custom sign-in form. Use when you want full
+ * control over the UI — otherwise drop in `<SignIn>`.
+ */
+export declare function useSignIn(): SignInResource;
+/**
+ * Stateful controller for a custom sign-up form.
+ */
+export declare function useSignUp(): SignUpResource;
+//# sourceMappingURL=hooks-flow.d.ts.map

package/dist/hooks-flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks-flow.d.ts","sourceRoot":"","sources":["../src/hooks-flow.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,iFAAiF;IACjF,MAAM,EAAE,CAAC,CAAC,EAAE,kBAAkB,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,UAAU,GAAG,oBAAoB,CAAA;KAAE,CAAC,CAAC;IAC1F,8EAA8E;IAC9E,QAAQ,EAAE,CAAC,CAAC,EAAE;QAAE,QAAQ,EAAE,YAAY,GAAG,SAAS,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IACtG,sBAAsB;IACtB,UAAU,EAAE,CAAC,CAAC,EAAE,kBAAkB,GAAG;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC,CAAC;IAC3F,2EAA2E;IAC3E,wBAAwB,EAAE,CAAC,CAAC,EAAE;QAAE,QAAQ,EAAE,cAAc,GAAG,cAAc,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,MAAM,CAAC;CAC9G,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,CAAC,CAAC,EAAE,kBAAkB,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,UAAU,CAAA;KAAE,CAAC,CAAC;CACpE,CAAC;AAEF;;;GAGG;AACH,wBAAgB,SAAS,IAAI,cAAc,CAsF1C;AAED;;GAEG;AACH,wBAAgB,SAAS,IAAI,cAAc,CA8B1C"}

package/dist/hooks-flow.js

@@ -0,0 +1,133 @@
+/**
+ * Higher-level hooks that wrap the raw auth endpoints with a controlled-form
+ * API. Use these to build a fully custom sign-in / sign-up UI without
+ * reaching for fetch() every time.
+ */
+import { useState } from 'react';
+import { useAuthfyio } from './provider.js';
+/**
+ * Stateful controller for a custom sign-in form. Use when you want full
+ * control over the UI — otherwise drop in `<SignIn>`.
+ */
+export function useSignIn() {
+    const { client } = useAuthfyio();
+    const baseUrl = client.baseUrl;
+    const [isLoading, setLoading] = useState(false);
+    const [error, setError] = useState(null);
+    async function create(p) {
+        setLoading(true);
+        setError(null);
+        try {
+            if (p.password) {
+                const res = await fetch(`${baseUrl}/v1/auth/sign-in/email-password`, {
+                    method: 'POST',
+                    credentials: 'include',
+                    headers: { 'content-type': 'application/json' },
+                    body: JSON.stringify({ email: p.identifier, password: p.password }),
+                });
+                if (!res.ok) {
+                    const body = await res.json().catch(() => ({}));
+                    throw new Error(body?.message ?? 'invalid_credentials');
+                }
+                return { status: 'complete' };
+            }
+            throw new Error('missing_password');
+        }
+        catch (err) {
+            setError(err?.message ?? 'Sign-in failed.');
+            throw err;
+        }
+        finally {
+            setLoading(false);
+        }
+    }
+    async function sendCode(p) {
+        setLoading(true);
+        setError(null);
+        try {
+            const path = p.strategy === 'magic_link' ? '/v1/auth/sign-in/magic-link' : '/v1/auth/sign-in/sms-otp';
+            const body = p.strategy === 'magic_link' ? { email: p.identifier } : { phone: p.identifier };
+            const res = await fetch(`${baseUrl}${path}`, {
+                method: 'POST',
+                credentials: 'include',
+                headers: { 'content-type': 'application/json' },
+                body: JSON.stringify(body),
+            });
+            if (!res.ok) {
+                const bodyJson = await res.json().catch(() => ({}));
+                throw new Error(bodyJson?.message ?? 'send_code_failed');
+            }
+            return { ok: true };
+        }
+        catch (err) {
+            setError(err?.message ?? 'Could not send code.');
+            throw err;
+        }
+        finally {
+            setLoading(false);
+        }
+    }
+    async function verifyCode(p) {
+        setLoading(true);
+        setError(null);
+        try {
+            const res = await fetch(`${baseUrl}/v1/auth/sms/verify`, {
+                method: 'POST',
+                credentials: 'include',
+                headers: { 'content-type': 'application/json' },
+                body: JSON.stringify({ phone: p.phone, code: p.code }),
+            });
+            if (!res.ok) {
+                const body = await res.json().catch(() => ({}));
+                throw new Error(body?.message ?? 'invalid_code');
+            }
+            return { status: 'complete' };
+        }
+        catch (err) {
+            setError(err?.message ?? 'Invalid code.');
+            throw err;
+        }
+        finally {
+            setLoading(false);
+        }
+    }
+    function authenticateWithRedirect(p) {
+        const provider = p.strategy === 'oauth_google' ? 'google' : 'github';
+        return `${baseUrl}/v1/auth/oauth/${provider}/authorize`;
+    }
+    return { isLoading, error, create, sendCode, verifyCode, authenticateWithRedirect };
+}
+/**
+ * Stateful controller for a custom sign-up form.
+ */
+export function useSignUp() {
+    const { client } = useAuthfyio();
+    const baseUrl = client.baseUrl;
+    const [isLoading, setLoading] = useState(false);
+    const [error, setError] = useState(null);
+    async function create(p) {
+        setLoading(true);
+        setError(null);
+        try {
+            const res = await fetch(`${baseUrl}/v1/auth/sign-up/email-password`, {
+                method: 'POST',
+                credentials: 'include',
+                headers: { 'content-type': 'application/json' },
+                body: JSON.stringify({ email: p.emailAddress, password: p.password }),
+            });
+            if (!res.ok) {
+                const body = await res.json().catch(() => ({}));
+                throw new Error(body?.message ?? 'sign_up_failed');
+            }
+            return { status: 'complete' };
+        }
+        catch (err) {
+            setError(err?.message ?? 'Sign-up failed.');
+            throw err;
+        }
+        finally {
+            setLoading(false);
+        }
+    }
+    return { isLoading, error, create };
+}

package/dist/hooks.d.ts

@@ -0,0 +1,113 @@
+export type HasCheck = {
+    /** Match by stable plan key (`plan.key`), e.g. 'pro', 'gold'. */
+    plan?: string;
+    /** Match by feature key attached to the active plan. */
+    feature?: string;
+    /** Match by org role (same as `orgRole`). */
+    role?: string;
+    /**
+     * Match by org permission key (e.g. 'org:sys_billing:manage' or
+     * 'org:read_users'). Resolved against the JWT's `org_perms` claim,
+     * which is populated from the user's role in the active org.
+     * Returns false if the user has no active org.
+     */
+    permission?: string;
+};
+export type AuthObject = {
+    userId: string | null;
+    sessionId: string | null;
+    orgId: string | null;
+    orgRole: string | null;
+    environmentId: string | null;
+    isSignedIn: boolean;
+    getToken: () => string | null;
+    /**
+     * customisable gating helper.
+     * `has({ plan: 'pro' })` — true when the active subscription plan's `key` matches.
+     * `has({ feature: 'pro_export' })` — true when the plan carries that feature.
+     * `has({ role: 'admin' })` — true when the session's `orgRole` matches.
+     * Undefined when billing data has not finished loading yet.
+     */
+    has: (check: HasCheck) => boolean | undefined;
+};
+export declare function useAuth(): AuthObject;
+export type UserResource = {
+    id: string;
+    email: string | null;
+    username: string | null;
+    firstName: string | null;
+    lastName: string | null;
+    publicMetadata: Record<string, unknown>;
+    createdAt: string;
+};
+export type UseUserResult = {
+    isLoaded: false;
+    user: null;
+} | {
+    isLoaded: true;
+    user: UserResource | null;
+};
+export declare function useUser(): UseUserResult;
+export type OrganizationResource = {
+    id: string;
+    name: string;
+    slug: string;
+};
+export type UseOrganizationResult = {
+    isLoaded: false;
+    organization: null;
+} | {
+    isLoaded: true;
+    organization: OrganizationResource | null;
+};
+export declare function useOrganization(): UseOrganizationResult;
+export type PlanResource = {
+    id: string;
+    name: string;
+    description: string | null;
+    monthlyPriceCents: number;
+    annualPriceCents: number | null;
+};
+export declare function usePlans(): {
+    isLoaded: boolean;
+    plans: PlanResource[];
+};
+export type BillingMe = {
+    plan: {
+        id: string;
+        key: string | null;
+        name: string;
+    } | null;
+    features: Array<{
+        key: string;
+        name: string;
+        description?: string;
+    }>;
+    status: string | null;
+};
+export type UseBillingResult = {
+    isLoaded: boolean;
+} & BillingMe;
+/**
+ * Reads the caller's active plan + attached features from the instance API.
+ * Used by `<Protect plan="..." feature="...">`, `<Show when={...}>`, and
+ * `useAuth().has({...})`. Cached per-provider; the hook itself de-duplicates
+ * by memoizing the fetch promise.
+ */
+export declare function useBilling(): UseBillingResult;
+export type SubscriptionResource = {
+    id: string;
+    status: string;
+    planId: string;
+    currentPeriodEnd: string | null;
+};
+export declare function useSubscription(): {
+    isLoaded: boolean;
+    subscription: SubscriptionResource | null;
+};
+export type UseCheckoutResult = {
+    isLoading: boolean;
+    startCheckout: (planId: string, billingCycle?: 'monthly' | 'annual') => Promise<void>;
+};
+export declare function useCheckout(): UseCheckoutResult;
+//# sourceMappingURL=hooks.d.ts.map

package/dist/hooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../src/hooks.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,QAAQ,GAAG;IACrB,iEAAiE;IACjE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,OAAO,CAAC;IACpB,QAAQ,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAC9B;;;;;;OAMG;IACH,GAAG,EAAE,CAAC,KAAK,EAAE,QAAQ,KAAK,OAAO,GAAG,SAAS,CAAC;CAC/C,CAAC;AAEF,wBAAgB,OAAO,IAAI,UAAU,CA8CpC;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,aAAa,GACrB;IAAE,QAAQ,EAAE,KAAK,CAAC;IAAC,IAAI,EAAE,IAAI,CAAA;CAAE,GAC/B;IAAE,QAAQ,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,YAAY,GAAG,IAAI,CAAA;CAAE,CAAC;AAElD,wBAAgB,OAAO,IAAI,aAAa,CAyBvC;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAC7B;IAAE,QAAQ,EAAE,KAAK,CAAC;IAAC,YAAY,EAAE,IAAI,CAAA;CAAE,GACvC;IAAE,QAAQ,EAAE,IAAI,CAAC;IAAC,YAAY,EAAE,oBAAoB,GAAG,IAAI,CAAA;CAAE,CAAC;AAElE,wBAAgB,eAAe,IAAI,qBAAqB,CAyBvD;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACjC,CAAC;AAEF,wBAAgB,QAAQ,IAAI;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,YAAY,EAAE,CAAA;CAAE,CAuBvE;AAED,MAAM,MAAM,SAAS,GAAG;IACtB,IAAI,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAC9D,QAAQ,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,EAAE,OAAO,CAAC;CACnB,GAAG,SAAS,CAAC;AAEd;;;;;GAKG;AACH,wBAAgB,UAAU,IAAI,gBAAgB,CAmC7C;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACjC,CAAC;AAEF,wBAAgB,eAAe,IAAI;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,oBAAoB,GAAG,IAAI,CAAA;CAAE,CA4BlG;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,SAAS,EAAE,OAAO,CAAC;IACnB,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,SAAS,GAAG,QAAQ,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACvF,CAAC;AAEF,wBAAgB,WAAW,IAAI,iBAAiB,CAkB/C"}

package/dist/hooks.js

@@ -0,0 +1,212 @@
+import { useCallback, useEffect, useState } from 'react';
+import { useAuthfyio, useSession, useUserId } from './provider.js';
+export function useAuth() {
+    const s = useSession();
+    const billing = useBilling();
+    const orgPerms = s.status === 'signed_in' ? s.claims.org_perms ?? [] : [];
+    const base = s.status === 'signed_in'
+        ? {
+            userId: s.claims.sub ?? null,
+            sessionId: s.claims.sid ?? null,
+            orgId: s.claims.org ?? null,
+            orgRole: s.claims.org_role ?? null,
+            environmentId: s.claims.env ?? null,
+            isSignedIn: true,
+            getToken: () => s.jwt,
+        }
+        : {
+            userId: null,
+            sessionId: null,
+            orgId: null,
+            orgRole: null,
+            environmentId: null,
+            isSignedIn: false,
+            getToken: () => null,
+        };
+    const has = useCallback((check) => {
+        if (!base.isSignedIn)
+            return false;
+        if (check.role) {
+            if (base.orgRole !== check.role)
+                return false;
+        }
+        if (check.permission) {
+            if (!base.orgId)
+                return false;
+            if (!orgPerms.includes(check.permission))
+                return false;
+        }
+        if (check.plan || check.feature) {
+            if (!billing.isLoaded)
+                return undefined;
+            if (check.plan && billing.plan?.key !== check.plan)
+                return false;
+            if (check.feature && !billing.features.some((f) => f.key === check.feature))
+                return false;
+        }
+        return true;
+    }, [base.isSignedIn, base.orgRole, base.orgId, orgPerms, billing.isLoaded, billing.plan?.key, billing.features]);
+    return { ...base, has };
+}
+export function useUser() {
+    const { client } = useAuthfyio();
+    const userId = useUserId();
+    const [state, setState] = useState({ isLoaded: false, user: null });
+    useEffect(() => {
+        if (!userId) {
+            setState({ isLoaded: true, user: null });
+            return;
+        }
+        let cancelled = false;
+        client
+            .fetchCurrentUser()
+            .then((u) => {
+            if (!cancelled)
+                setState({ isLoaded: true, user: u });
+        })
+            .catch(() => {
+            if (!cancelled)
+                setState({ isLoaded: true, user: null });
+        });
+        return () => {
+            cancelled = true;
+        };
+    }, [userId, client]);
+    return state;
+}
+export function useOrganization() {
+    const { client } = useAuthfyio();
+    const auth = useAuth();
+    const [state, setState] = useState({ isLoaded: false, organization: null });
+    useEffect(() => {
+        if (!auth.orgId) {
+            setState({ isLoaded: true, organization: null });
+            return;
+        }
+        let cancelled = false;
+        client
+            .fetchOrganization(auth.orgId)
+            .then((org) => {
+            if (!cancelled)
+                setState({ isLoaded: true, organization: org });
+        })
+            .catch(() => {
+            if (!cancelled)
+                setState({ isLoaded: true, organization: null });
+        });
+        return () => {
+            cancelled = true;
+        };
+    }, [auth.orgId, client]);
+    return state;
+}
+export function usePlans() {
+    const { client } = useAuthfyio();
+    const [state, setState] = useState({
+        isLoaded: false,
+        plans: [],
+    });
+    useEffect(() => {
+        let cancelled = false;
+        client
+            .fetchPlans()
+            .then((plans) => {
+            if (!cancelled)
+                setState({ isLoaded: true, plans });
+        })
+            .catch(() => {
+            if (!cancelled)
+                setState({ isLoaded: true, plans: [] });
+        });
+        return () => {
+            cancelled = true;
+        };
+    }, [client]);
+    return state;
+}
+/**
+ * Reads the caller's active plan + attached features from the instance API.
+ * Used by `<Protect plan="..." feature="...">`, `<Show when={...}>`, and
+ * `useAuth().has({...})`. Cached per-provider; the hook itself de-duplicates
+ * by memoizing the fetch promise.
+ */
+export function useBilling() {
+    const { client } = useAuthfyio();
+    const userId = useUserId();
+    const [state, setState] = useState({
+        isLoaded: false,
+        plan: null,
+        features: [],
+        status: null,
+    });
+    useEffect(() => {
+        if (!userId) {
+            setState({ isLoaded: true, plan: null, features: [], status: null });
+            return;
+        }
+        let cancelled = false;
+        client
+            .fetchMyBilling()
+            .then((b) => {
+            if (cancelled)
+                return;
+            if (!b) {
+                setState({ isLoaded: true, plan: null, features: [], status: null });
+                return;
+            }
+            setState({ isLoaded: true, plan: b.plan, features: b.features, status: b.status });
+        })
+            .catch(() => {
+            if (!cancelled)
+                setState({ isLoaded: true, plan: null, features: [], status: null });
+        });
+        return () => {
+            cancelled = true;
+        };
+    }, [userId, client]);
+    return state;
+}
+export function useSubscription() {
+    const { client } = useAuthfyio();
+    const userId = useUserId();
+    const [state, setState] = useState({
+        isLoaded: false,
+        subscription: null,
+    });
+    useEffect(() => {
+        if (!userId) {
+            setState({ isLoaded: true, subscription: null });
+            return;
+        }
+        let cancelled = false;
+        client
+            .fetchSubscription()
+            .then((sub) => {
+            if (!cancelled)
+                setState({ isLoaded: true, subscription: sub });
+        })
+            .catch(() => {
+            if (!cancelled)
+                setState({ isLoaded: true, subscription: null });
+        });
+        return () => {
+            cancelled = true;
+        };
+    }, [userId, client]);
+    return state;
+}
+export function useCheckout() {
+    const { client } = useAuthfyio();
+    const [isLoading, setIsLoading] = useState(false);
+    const startCheckout = useCallback(async (planId, billingCycle = 'monthly') => {
+        setIsLoading(true);
+        try {
+            const { url } = await client.createCheckoutSession(planId, billingCycle);
+            window.location.href = url;
+        }
+        finally {
+            setIsLoading(false);
+        }
+    }, [client]);
+    return { isLoading, startCheckout };
+}

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+export * from './jwt.js';
+export * from './client.js';
+export * from './provider.js';
+export * from './hooks.js';
+export * from './components.js';
+export * from './hooks-flow.js';
+export * from './ui/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AASA,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,eAAe,CAAC;AAC9B,cAAc,YAAY,CAAC;AAC3B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}

package/dist/index.js

@@ -0,0 +1,15 @@
+'use client';
+// Mark the entire barrel as client-side. Without this, importing any
+// client component (e.g. SignedIn) from a server component eagerly
+// evaluates provider.tsx's `createContext` on the server and throws
+// `createContext only works in Client Components`. All public exports
+// here are React hooks / components / a fetch-based client — none of
+// them are usable from the server anyway, so the boundary belongs at
+// the package root.
+export * from './jwt.js';
+export * from './client.js';
+export * from './provider.js';
+export * from './hooks.js';
+export * from './components.js';
+export * from './hooks-flow.js';
+export * from './ui/index.js';

package/dist/jwt.d.ts

@@ -0,0 +1,20 @@
+export type SessionClaims = {
+    sid?: string;
+    sub?: string;
+    env?: string;
+    org?: string;
+    org_role?: string;
+    /**
+     * Permission keys (e.g. ['org:sys_billing:read', 'org:read_users'])
+     * the user holds in their active org. Absent / empty when the user
+     * is not in an org or the role grants no permissions. Backs
+     * `useAuth().has({ permission })`.
+     */
+    org_perms?: string[];
+    iat?: number;
+    exp?: number;
+    iss?: string;
+};
+export declare function decodeJwtPayload<T = unknown>(jwt: string): T;
+export declare function getSessionJwtFromDocumentCookie(): string | null;
+//# sourceMappingURL=jwt.d.ts.map

package/dist/jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG;IAC1B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,CAAC;AAUF,wBAAgB,gBAAgB,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,CAK5D;AAED,wBAAgB,+BAA+B,IAAI,MAAM,GAAG,IAAI,CAY/D"}

package/dist/jwt.js

@@ -0,0 +1,30 @@
+function base64UrlToString(input) {
+    const pad = input.length % 4 === 0 ? '' : '='.repeat(4 - (input.length % 4));
+    const b64 = (input + pad).replace(/-/g, '+').replace(/_/g, '/');
+    const bytes = Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
+    const decoder = new TextDecoder();
+    return decoder.decode(bytes);
+}
+export function decodeJwtPayload(jwt) {
+    const parts = jwt.split('.');
+    if (parts.length < 2)
+        throw new Error('invalid_jwt');
+    const json = base64UrlToString(parts[1] ?? '');
+    return JSON.parse(json);
+}
+export function getSessionJwtFromDocumentCookie() {
+    if (typeof document === 'undefined')
+        return null;
+    const raw = document.cookie || '';
+    const parts = raw.split(';');
+    for (const p of parts) {
+        const idx = p.indexOf('=');
+        if (idx <= 0)
+            continue;
+        const k = p.slice(0, idx).trim();
+        if (k !== '__session')
+            continue;
+        return decodeURIComponent(p.slice(idx + 1).trim());
+    }
+    return null;
+}

package/dist/provider.d.ts

@@ -0,0 +1,50 @@
+import React from 'react';
+import { AuthfyioReactClient } from './client.js';
+import type { SessionClaims } from './jwt.js';
+/**
+ * Default browser-side base URL. Resolves to the same-origin proxy mounted
+ * at `/api/af` (provided by `authfyio-nextjs/proxy`) so cookies set by
+ * the upstream API land on the customer's origin.
+ *
+ * For non-Next setups you can pass `baseUrl="https://api.authfyio.com"`
+ * directly, but you must arrange same-origin cookie scoping yourself.
+ */
+export declare const DEFAULT_PROVIDER_BASE_URL = "/api/af";
+export type AuthfyioProviderProps = {
+    /**
+     * Base URL the React SDK fetches against. Defaults to `/api/af` (the
+     * same-origin Next.js proxy provided by `authfyio-nextjs/proxy`).
+     * Override only if you've mounted the proxy at a different path or
+     * you're not using Next.
+     */
+    baseUrl?: string;
+    /**
+     * `pk_live_…` / `pk_test_…` from the dashboard. Identifies which
+     * environment the SDK targets. Required for the hosted SaaS — you can
+     * also pass it via `NEXT_PUBLIC_AUTHFYIO_PUBLISHABLE_KEY` and the
+     * provider will read it automatically.
+     */
+    publishableKey?: string;
+    autoRefresh?: boolean;
+    refreshSkewSeconds?: number;
+    children: React.ReactNode;
+};
+type SessionState = {
+    status: 'signed_out';
+} | {
+    status: 'signed_in';
+    jwt: string;
+    claims: SessionClaims;
+};
+type Ctx = {
+    client: AuthfyioReactClient;
+    session: SessionState;
+    refresh: () => Promise<void>;
+};
+declare const Ctx: React.Context<Ctx | null>;
+export declare function AuthfyioProvider(props: AuthfyioProviderProps): import("react/jsx-runtime").JSX.Element;
+export declare function useAuthfyio(): Ctx;
+export declare function useSession(): SessionState;
+export declare function useUserId(): string | null;
+export {};
+//# sourceMappingURL=provider.d.ts.map

package/dist/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../src/provider.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA0E,MAAM,OAAO,CAAC;AAE/F,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAE9C;;;;;;;GAOG;AACH,eAAO,MAAM,yBAAyB,YAAY,CAAC;AAEnD,MAAM,MAAM,qBAAqB,GAAG;IAClC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;;OAKG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;CAC3B,CAAC;AAEF,KAAK,YAAY,GACb;IAAE,MAAM,EAAE,YAAY,CAAA;CAAE,GACxB;IAAE,MAAM,EAAE,WAAW,CAAC;IAAC,GAAG,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,aAAa,CAAA;CAAE,CAAC;AAEhE,KAAK,GAAG,GAAG;IACT,MAAM,EAAE,mBAAmB,CAAC;IAC5B,OAAO,EAAE,YAAY,CAAC;IACtB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B,CAAC;AAEF,QAAA,MAAM,GAAG,2BAAkC,CAAC;AAE5C,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,qBAAqB,2CAkE5D;AAED,wBAAgB,WAAW,QAI1B;AAED,wBAAgB,UAAU,iBAEzB;AAED,wBAAgB,SAAS,IAAI,MAAM,GAAG,IAAI,CAIzC"}