authvital-sdk 0.1.1-dev.3.cefb119.0

package/dist/chunk-JPODZIZT.mjs

@@ -0,0 +1,95 @@
+// src/client/invitations.ts
+var INVITE_TOKEN_KEY = "authvital_invite_token";
+function storeInviteToken(token) {
+  if (typeof window === "undefined") return;
+  sessionStorage.setItem(INVITE_TOKEN_KEY, token);
+}
+function getStoredInviteToken() {
+  if (typeof window === "undefined") return null;
+  return sessionStorage.getItem(INVITE_TOKEN_KEY);
+}
+function clearStoredInviteToken() {
+  if (typeof window === "undefined") return;
+  sessionStorage.removeItem(INVITE_TOKEN_KEY);
+}
+function captureInviteTokenFromUrl() {
+  if (typeof window === "undefined") return null;
+  const params = new URLSearchParams(window.location.search);
+  const token = params.get("invite_token") || params.get("token");
+  if (token && window.location.pathname.includes("/invite")) {
+    storeInviteToken(token);
+    return token;
+  }
+  return null;
+}
+async function getInvitation(authVitalHost, token) {
+  const response = await fetch(`${authVitalHost}/api/invitations/token/${token}`);
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to get invitation: ${response.status}`);
+  }
+  return response.json();
+}
+async function createInvitation(authVitalHost, _accessToken, params) {
+  const response = await fetch(`${authVitalHost}/api/invitations`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    credentials: "include",
+    // Send httpOnly cookie
+    body: JSON.stringify(params)
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to create invitation: ${response.status}`);
+  }
+  return response.json();
+}
+async function consumeInvitation(authVitalHost, _accessToken, token) {
+  const response = await fetch(`${authVitalHost}/api/invitations/consume`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    credentials: "include",
+    // Send httpOnly cookie
+    body: JSON.stringify({ token })
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to consume invitation: ${response.status}`);
+  }
+  return response.json();
+}
+async function listTenantInvitations(authVitalHost, _accessToken, tenantId) {
+  const response = await fetch(`${authVitalHost}/api/invitations/tenant/${tenantId}`, {
+    credentials: "include"
+    // Send httpOnly cookie
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to list invitations: ${response.status}`);
+  }
+  return response.json();
+}
+async function revokeInvitation(authVitalHost, _accessToken, invitationId) {
+  const response = await fetch(`${authVitalHost}/api/invitations/${invitationId}`, {
+    method: "DELETE",
+    credentials: "include"
+    // Send httpOnly cookie
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to revoke invitation: ${response.status}`);
+  }
+  return response.json();
+}
+
+export {
+  storeInviteToken,
+  getStoredInviteToken,
+  clearStoredInviteToken,
+  captureInviteTokenFromUrl,
+  getInvitation,
+  createInvitation,
+  consumeInvitation,
+  listTenantInvitations,
+  revokeInvitation
+};

package/dist/chunk-QPYBK2J4.js

@@ -0,0 +1,235 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } } function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }// src/client/oauth.ts
+function encodeState(csrf, codeVerifier) {
+  const encodedVerifier = btoa(codeVerifier).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  return `${csrf}:${encodedVerifier}`;
+}
+function decodeState(state) {
+  const colonIndex = state.indexOf(":");
+  if (colonIndex === -1) return null;
+  const csrf = state.substring(0, colonIndex);
+  const encodedVerifier = state.substring(colonIndex + 1);
+  try {
+    const padded = encodedVerifier + "===".slice(0, (4 - encodedVerifier.length % 4) % 4);
+    const codeVerifier = atob(padded.replace(/-/g, "+").replace(/_/g, "/"));
+    return { csrf, codeVerifier };
+  } catch (e) {
+    return null;
+  }
+}
+function loginToAuthVital(authVitalHost, options) {
+  const screen = _optionalChain([options, 'optionalAccess', _ => _.screen]) || "login";
+  const page = screen === "signup" ? "/auth/signup" : "/auth/login";
+  const url = new URL(`${authVitalHost}${page}`);
+  if (_optionalChain([options, 'optionalAccess', _2 => _2.clientId])) {
+    url.searchParams.set("client_id", options.clientId);
+  }
+  window.location.href = url.toString();
+}
+function signupAtAuthVital(authVitalHost, options) {
+  loginToAuthVital(authVitalHost, { ...options, screen: "signup" });
+}
+function generateCodeVerifier() {
+  const array = new Uint8Array(32);
+  crypto.getRandomValues(array);
+  return base64UrlEncode(array);
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  return base64UrlEncode(new Uint8Array(digest));
+}
+function base64UrlEncode(buffer) {
+  let binary = "";
+  for (let i = 0; i < buffer.length; i++) {
+    binary += String.fromCharCode(buffer[i]);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+var LOGIN_ATTEMPT_KEY = "authvital_login_attempt";
+var LOGIN_COOLDOWN_MS = 5e3;
+function canAttemptLogin() {
+  const lastAttempt = sessionStorage.getItem(LOGIN_ATTEMPT_KEY);
+  if (!lastAttempt) return true;
+  return Date.now() - parseInt(lastAttempt, 10) > LOGIN_COOLDOWN_MS;
+}
+function recordLoginAttempt() {
+  sessionStorage.setItem(LOGIN_ATTEMPT_KEY, Date.now().toString());
+}
+function clearLoginAttempt() {
+  sessionStorage.removeItem(LOGIN_ATTEMPT_KEY);
+}
+async function startAuthorizationFlow(config, params = {}) {
+  if (!canAttemptLogin()) {
+    throw new Error("Too many login attempts. Please wait a moment and try again.");
+  }
+  recordLoginAttempt();
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = await generateCodeChallenge(codeVerifier);
+  const csrf = params.state || generateCodeVerifier().substring(0, 16);
+  const state = encodeState(csrf, codeVerifier);
+  const authorizeUrl = new URL(`${config.authVitalHost}/oauth/authorize`);
+  authorizeUrl.searchParams.set("client_id", config.clientId);
+  authorizeUrl.searchParams.set("redirect_uri", config.redirectUri);
+  authorizeUrl.searchParams.set("response_type", "code");
+  authorizeUrl.searchParams.set("scope", config.scope || "openid profile email");
+  authorizeUrl.searchParams.set("state", state);
+  authorizeUrl.searchParams.set("code_challenge", codeChallenge);
+  authorizeUrl.searchParams.set("code_challenge_method", "S256");
+  if (params.nonce) {
+    authorizeUrl.searchParams.set("nonce", params.nonce);
+  }
+  if (params.screen === "signup") {
+    authorizeUrl.searchParams.set("screen", "signup");
+  }
+  window.location.href = authorizeUrl.toString();
+}
+async function startLogin(options) {
+  await startAuthorizationFlow(
+    {
+      authVitalHost: options.authVitalHost,
+      clientId: options.clientId,
+      redirectUri: options.redirectUri,
+      scope: options.scope
+    },
+    { state: options.state }
+  );
+}
+async function startSignup(options) {
+  await startAuthorizationFlow(
+    {
+      authVitalHost: options.authVitalHost,
+      clientId: options.clientId,
+      redirectUri: options.redirectUri,
+      scope: options.scope
+    },
+    { state: options.state, screen: "signup" }
+  );
+}
+var callbackInProgress = null;
+async function handleCallback(config) {
+  if (callbackInProgress) {
+    await callbackInProgress;
+    return;
+  }
+  const params = new URLSearchParams(window.location.search);
+  const code = params.get("code");
+  const state = params.get("state");
+  const error = params.get("error");
+  const errorDescription = params.get("error_description");
+  if (error) {
+    throw new Error(errorDescription || error);
+  }
+  if (!code) {
+    throw new Error("No authorization code received");
+  }
+  if (!state) {
+    throw new Error("No state parameter received");
+  }
+  const decoded = decodeState(state);
+  if (!decoded) {
+    throw new Error("Invalid state format - could not extract PKCE verifier");
+  }
+  callbackInProgress = exchangeCodeForTokens(config, code, decoded.codeVerifier);
+  try {
+    await callbackInProgress;
+    window.history.replaceState({}, "", window.location.pathname);
+    clearLoginAttempt();
+  } finally {
+    callbackInProgress = null;
+  }
+}
+function extractCallbackParams() {
+  const params = new URLSearchParams(window.location.search);
+  const code = params.get("code");
+  const state = params.get("state");
+  const error = params.get("error");
+  const errorDescription = params.get("error_description");
+  if (error) {
+    return { code: null, codeVerifier: null, csrf: null, error, errorDescription };
+  }
+  if (!state) {
+    return { code, codeVerifier: null, csrf: null, error: "missing_state", errorDescription: "No state parameter" };
+  }
+  const decoded = decodeState(state);
+  if (!decoded) {
+    return { code, codeVerifier: null, csrf: null, error: "invalid_state", errorDescription: "Could not decode state" };
+  }
+  return { code, codeVerifier: decoded.codeVerifier, csrf: decoded.csrf, error: null, errorDescription: null };
+}
+async function exchangeCodeForTokens(config, code, codeVerifier) {
+  const response = await fetch(`${config.authVitalHost}/oauth/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    credentials: "include",
+    // Important: receive and send cookies
+    body: JSON.stringify({
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: config.redirectUri,
+      client_id: config.clientId,
+      code_verifier: codeVerifier
+    })
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || "Token exchange failed");
+  }
+  return response.json();
+}
+async function checkAuthStatus(authVitalHost) {
+  try {
+    const response = await fetch(`${authVitalHost}/api/auth/me`, {
+      method: "GET",
+      credentials: "include"
+      // Send cookies
+    });
+    if (!response.ok) {
+      return { authenticated: false };
+    }
+    const data = await response.json();
+    return {
+      authenticated: _nullishCoalesce(data.authenticated, () => ( false)),
+      user: data.user
+    };
+  } catch (e2) {
+    return { authenticated: false };
+  }
+}
+async function logout(authVitalHost, options) {
+  sessionStorage.removeItem(LOGIN_ATTEMPT_KEY);
+  const logoutUrl = new URL(`${authVitalHost}/api/auth/logout/redirect`);
+  if (_optionalChain([options, 'optionalAccess', _3 => _3.postLogoutRedirectUri])) {
+    logoutUrl.searchParams.set("post_logout_redirect_uri", options.postLogoutRedirectUri);
+  }
+  window.location.href = logoutUrl.toString();
+}
+function decodeJwt(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const payload = parts[1];
+    const decoded = atob(payload.replace(/-/g, "+").replace(/_/g, "/"));
+    return JSON.parse(decoded);
+  } catch (e3) {
+    return null;
+  }
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+exports.encodeState = encodeState; exports.decodeState = decodeState; exports.loginToAuthVital = loginToAuthVital; exports.signupAtAuthVital = signupAtAuthVital; exports.generateCodeVerifier = generateCodeVerifier; exports.generateCodeChallenge = generateCodeChallenge; exports.startAuthorizationFlow = startAuthorizationFlow; exports.startLogin = startLogin; exports.startSignup = startSignup; exports.handleCallback = handleCallback; exports.extractCallbackParams = extractCallbackParams; exports.exchangeCodeForTokens = exchangeCodeForTokens; exports.checkAuthStatus = checkAuthStatus; exports.logout = logout; exports.decodeJwt = decodeJwt;

package/dist/chunk-R4OHZZQP.js

@@ -0,0 +1,95 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});// src/client/invitations.ts
+var INVITE_TOKEN_KEY = "authvital_invite_token";
+function storeInviteToken(token) {
+  if (typeof window === "undefined") return;
+  sessionStorage.setItem(INVITE_TOKEN_KEY, token);
+}
+function getStoredInviteToken() {
+  if (typeof window === "undefined") return null;
+  return sessionStorage.getItem(INVITE_TOKEN_KEY);
+}
+function clearStoredInviteToken() {
+  if (typeof window === "undefined") return;
+  sessionStorage.removeItem(INVITE_TOKEN_KEY);
+}
+function captureInviteTokenFromUrl() {
+  if (typeof window === "undefined") return null;
+  const params = new URLSearchParams(window.location.search);
+  const token = params.get("invite_token") || params.get("token");
+  if (token && window.location.pathname.includes("/invite")) {
+    storeInviteToken(token);
+    return token;
+  }
+  return null;
+}
+async function getInvitation(authVitalHost, token) {
+  const response = await fetch(`${authVitalHost}/api/invitations/token/${token}`);
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to get invitation: ${response.status}`);
+  }
+  return response.json();
+}
+async function createInvitation(authVitalHost, _accessToken, params) {
+  const response = await fetch(`${authVitalHost}/api/invitations`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    credentials: "include",
+    // Send httpOnly cookie
+    body: JSON.stringify(params)
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to create invitation: ${response.status}`);
+  }
+  return response.json();
+}
+async function consumeInvitation(authVitalHost, _accessToken, token) {
+  const response = await fetch(`${authVitalHost}/api/invitations/consume`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    credentials: "include",
+    // Send httpOnly cookie
+    body: JSON.stringify({ token })
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to consume invitation: ${response.status}`);
+  }
+  return response.json();
+}
+async function listTenantInvitations(authVitalHost, _accessToken, tenantId) {
+  const response = await fetch(`${authVitalHost}/api/invitations/tenant/${tenantId}`, {
+    credentials: "include"
+    // Send httpOnly cookie
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to list invitations: ${response.status}`);
+  }
+  return response.json();
+}
+async function revokeInvitation(authVitalHost, _accessToken, invitationId) {
+  const response = await fetch(`${authVitalHost}/api/invitations/${invitationId}`, {
+    method: "DELETE",
+    credentials: "include"
+    // Send httpOnly cookie
+  });
+  if (!response.ok) {
+    const error = await response.json().catch(() => ({}));
+    throw new Error(error.message || `Failed to revoke invitation: ${response.status}`);
+  }
+  return response.json();
+}
+
+
+
+
+
+
+
+
+
+
+
+exports.storeInviteToken = storeInviteToken; exports.getStoredInviteToken = getStoredInviteToken; exports.clearStoredInviteToken = clearStoredInviteToken; exports.captureInviteTokenFromUrl = captureInviteTokenFromUrl; exports.getInvitation = getInvitation; exports.createInvitation = createInvitation; exports.consumeInvitation = consumeInvitation; exports.listTenantInvitations = listTenantInvitations; exports.revokeInvitation = revokeInvitation;