create-fluxstack 1.12.1 → 1.14.0

package/app/server/auth/sessions/SessionManager.ts

@@ -0,0 +1,164 @@
+/**
+ * FluxStack Auth - Session Manager
+ *
+ * Gerencia sessões de usuários usando o cache system modular.
+ * Cada sessão é um registro no cache com TTL automático.
+ *
+ * ```ts
+ * const sessionId = await sessionManager.create({ userId: 1 })
+ * const data = await sessionManager.read(sessionId)
+ * await sessionManager.destroy(sessionId)
+ * ```
+ */
+
+import type { CacheDriver } from '@server/cache/contracts'
+import { cacheManager } from '@server/cache'
+
+export interface SessionData {
+  [key: string]: unknown
+}
+
+export interface SessionConfig {
+  /** Tempo de vida da sessão em segundos (default: 7200 = 2h) */
+  lifetime: number
+  /** Nome do cookie (default: 'fluxstack_session') */
+  cookieName: string
+  /** Cookie httpOnly (default: true) */
+  httpOnly: boolean
+  /** Cookie secure (default: false em dev, true em prod) */
+  secure: boolean
+  /** Cookie sameSite (default: 'lax') */
+  sameSite: 'strict' | 'lax' | 'none'
+  /** Cookie path (default: '/') */
+  path: string
+  /** Cookie domain (default: undefined = current domain) */
+  domain?: string
+}
+
+const DEFAULT_CONFIG: SessionConfig = {
+  lifetime: 7200,
+  cookieName: 'fluxstack_session',
+  httpOnly: true,
+  secure: false,
+  sameSite: 'lax',
+  path: '/',
+}
+
+export class SessionManager {
+  private cache: CacheDriver
+  private config: SessionConfig
+
+  constructor(cache?: CacheDriver, config?: Partial<SessionConfig>) {
+    this.cache = cache ?? cacheManager.driver()
+    this.config = { ...DEFAULT_CONFIG, ...config }
+  }
+
+  /**
+   * Cria uma nova sessão e retorna o ID.
+   */
+  async create(data: SessionData = {}): Promise<string> {
+    const sessionId = this.generateId()
+    await this.cache.set(
+      this.cacheKey(sessionId),
+      { ...data, _createdAt: Date.now() },
+      this.config.lifetime
+    )
+    return sessionId
+  }
+
+  /**
+   * Lê os dados de uma sessão.
+   */
+  async read(sessionId: string): Promise<SessionData | null> {
+    return this.cache.get<SessionData>(this.cacheKey(sessionId))
+  }
+
+  /**
+   * Atualiza os dados de uma sessão (merge com dados existentes).
+   */
+  async update(sessionId: string, data: SessionData): Promise<void> {
+    const existing = await this.read(sessionId)
+    if (!existing) return
+
+    await this.cache.set(
+      this.cacheKey(sessionId),
+      { ...existing, ...data },
+      this.config.lifetime
+    )
+  }
+
+  /**
+   * Define um valor específico na sessão.
+   */
+  async put(sessionId: string, key: string, value: unknown): Promise<void> {
+    const existing = await this.read(sessionId)
+    if (!existing) return
+
+    existing[key] = value
+    await this.cache.set(
+      this.cacheKey(sessionId),
+      existing,
+      this.config.lifetime
+    )
+  }
+
+  /**
+   * Remove um valor específico da sessão.
+   */
+  async forget(sessionId: string, key: string): Promise<void> {
+    const existing = await this.read(sessionId)
+    if (!existing) return
+
+    delete existing[key]
+    await this.cache.set(
+      this.cacheKey(sessionId),
+      existing,
+      this.config.lifetime
+    )
+  }
+
+  /**
+   * Destroi uma sessão.
+   */
+  async destroy(sessionId: string): Promise<void> {
+    await this.cache.delete(this.cacheKey(sessionId))
+  }
+
+  /**
+   * Regenera o ID da sessão (mantém os dados).
+   * Importante após login para prevenir session fixation.
+   */
+  async regenerate(oldSessionId: string): Promise<string> {
+    const data = await this.read(oldSessionId)
+    await this.destroy(oldSessionId)
+
+    const newSessionId = this.generateId()
+    if (data) {
+      await this.cache.set(
+        this.cacheKey(newSessionId),
+        data,
+        this.config.lifetime
+      )
+    }
+    return newSessionId
+  }
+
+  /** Retorna a configuração de sessão */
+  getConfig(): SessionConfig {
+    return this.config
+  }
+
+  /** Gera um session ID criptograficamente seguro */
+  private generateId(): string {
+    const bytes = new Uint8Array(32)
+    crypto.getRandomValues(bytes)
+    return Array.from(bytes)
+      .map(b => b.toString(16).padStart(2, '0'))
+      .join('')
+  }
+
+  /** Chave no cache para a sessão */
+  private cacheKey(sessionId: string): string {
+    return `session:${sessionId}`
+  }
+}

package/app/server/cache/CacheManager.ts

@@ -0,0 +1,81 @@
+/**
+ * FluxStack Cache - Cache Manager
+ *
+ * Factory para drivers de cache. Extensível com extend().
+ *
+ * Uso:
+ * ```ts
+ * const cache = cacheManager.driver()      // driver padrão (memory)
+ * const redis = cacheManager.driver('redis') // driver específico
+ *
+ * await cache.set('key', 'value', 60)
+ * const val = await cache.get('key')
+ * ```
+ */
+
+import type { CacheDriver } from './contracts'
+import { MemoryCacheDriver } from './MemoryDriver'
+
+type DriverFactory = () => CacheDriver
+
+export class CacheManager {
+  private drivers = new Map<string, CacheDriver>()
+  private factories = new Map<string, DriverFactory>()
+  private defaultDriverName: string
+
+  constructor(defaultDriver: string = 'memory') {
+    this.defaultDriverName = defaultDriver
+
+    // Registrar driver padrão
+    this.factories.set('memory', () => new MemoryCacheDriver())
+  }
+
+  /**
+   * Retorna uma instância do driver de cache.
+   * Drivers são criados uma vez e reutilizados (singleton por nome).
+   */
+  driver(name?: string): CacheDriver {
+    const driverName = name ?? this.defaultDriverName
+
+    // Cache de instâncias
+    if (this.drivers.has(driverName)) {
+      return this.drivers.get(driverName)!
+    }
+
+    const factory = this.factories.get(driverName)
+    if (!factory) {
+      throw new Error(
+        `Cache driver '${driverName}' not registered. ` +
+        `Available: ${Array.from(this.factories.keys()).join(', ')}`
+      )
+    }
+
+    const driver = factory()
+    this.drivers.set(driverName, driver)
+    return driver
+  }
+
+  /**
+   * Registra um driver customizado.
+   *
+   * ```ts
+   * cacheManager.extend('redis', () => new RedisCacheDriver({ url: '...' }))
+   * ```
+   */
+  extend(name: string, factory: DriverFactory): void {
+    this.factories.set(name, factory)
+  }
+
+  /** Retorna o nome do driver padrão */
+  getDefaultDriver(): string {
+    return this.defaultDriverName
+  }
+
+  /** Altera o driver padrão */
+  setDefaultDriver(name: string): void {
+    this.defaultDriverName = name
+  }
+}
+
+/** Instância global do cache manager */
+export const cacheManager = new CacheManager()

package/app/server/cache/MemoryDriver.ts

@@ -0,0 +1,112 @@
+/**
+ * FluxStack Cache - Memory Driver
+ *
+ * Armazena cache na memória do processo.
+ * Ideal para desenvolvimento e testes.
+ *
+ * Para produção, troque por Redis, Memcached, etc.
+ */
+
+import type { CacheDriver } from './contracts'
+
+interface CacheEntry<T = unknown> {
+  value: T
+  expiresAt: number | null // null = sem expiração
+}
+
+export class MemoryCacheDriver implements CacheDriver {
+  private store = new Map<string, CacheEntry>()
+  private gcInterval: ReturnType<typeof setInterval> | null = null
+
+  constructor(gcIntervalMs: number = 60_000) {
+    // GC periódico para limpar entradas expiradas
+    this.gcInterval = setInterval(() => this.gc(), gcIntervalMs)
+    if (this.gcInterval.unref) {
+      this.gcInterval.unref()
+    }
+  }
+
+  async get<T = unknown>(key: string): Promise<T | null> {
+    const entry = this.store.get(key)
+    if (!entry) return null
+
+    // Verificar expiração
+    if (entry.expiresAt !== null && Date.now() > entry.expiresAt) {
+      this.store.delete(key)
+      return null
+    }
+
+    return entry.value as T
+  }
+
+  async set<T = unknown>(key: string, value: T, ttlSeconds?: number): Promise<void> {
+    const expiresAt = ttlSeconds && ttlSeconds > 0
+      ? Date.now() + (ttlSeconds * 1000)
+      : null
+
+    this.store.set(key, { value, expiresAt })
+  }
+
+  async has(key: string): Promise<boolean> {
+    const value = await this.get(key)
+    return value !== null
+  }
+
+  async delete(key: string): Promise<boolean> {
+    return this.store.delete(key)
+  }
+
+  async flush(): Promise<void> {
+    this.store.clear()
+  }
+
+  async increment(key: string, amount: number = 1): Promise<number> {
+    const current = await this.get<number>(key)
+    const newValue = (current ?? 0) + amount
+
+    // Preservar TTL original se existir
+    const entry = this.store.get(key)
+    const remainingTtl = entry?.expiresAt
+      ? Math.max(0, Math.ceil((entry.expiresAt - Date.now()) / 1000))
+      : undefined
+
+    await this.set(key, newValue, remainingTtl)
+    return newValue
+  }
+
+  async decrement(key: string, amount: number = 1): Promise<number> {
+    return this.increment(key, -amount)
+  }
+
+  async remember<T = unknown>(key: string, ttlSeconds: number, callback: () => Promise<T>): Promise<T> {
+    const cached = await this.get<T>(key)
+    if (cached !== null) return cached
+
+    const value = await callback()
+    await this.set(key, value, ttlSeconds)
+    return value
+  }
+
+  async gc(): Promise<void> {
+    const now = Date.now()
+    for (const [key, entry] of this.store) {
+      if (entry.expiresAt !== null && now > entry.expiresAt) {
+        this.store.delete(key)
+      }
+    }
+  }
+
+  /** Para testes: retorna quantidade de itens no cache */
+  get size(): number {
+    return this.store.size
+  }
+
+  /** Cleanup ao destruir */
+  destroy(): void {
+    if (this.gcInterval) {
+      clearInterval(this.gcInterval)
+      this.gcInterval = null
+    }
+    this.store.clear()
+  }
+}

package/app/server/cache/contracts.ts

@@ -0,0 +1,49 @@
+/**
+ * FluxStack Cache System - Contracts
+ *
+ * Interface modular para cache. Hoje usa memória do processo,
+ * amanhã pode trocar para Redis, Memcached, SQLite, etc.
+ *
+ * Inspirado no Cache do Laravel: driver swappable via config.
+ */
+
+/**
+ * Interface que todo driver de cache deve implementar.
+ *
+ * Para criar um driver customizado (ex: Redis):
+ * ```ts
+ * class RedisCacheDriver implements CacheDriver {
+ *   async get(key) { return redis.get(key) }
+ *   async set(key, value, ttl) { redis.setex(key, ttl, value) }
+ *   // ...
+ * }
+ * ```
+ */
+export interface CacheDriver {
+  /** Busca valor do cache. Retorna null se não existe ou expirou. */
+  get<T = unknown>(key: string): Promise<T | null>
+
+  /** Armazena valor no cache. TTL em segundos (0 = sem expiração). */
+  set<T = unknown>(key: string, value: T, ttlSeconds?: number): Promise<void>
+
+  /** Verifica se a chave existe no cache. */
+  has(key: string): Promise<boolean>
+
+  /** Remove uma chave do cache. */
+  delete(key: string): Promise<boolean>
+
+  /** Remove todas as chaves do cache. */
+  flush(): Promise<void>
+
+  /** Incrementa um valor numérico. Retorna o novo valor. */
+  increment(key: string, amount?: number): Promise<number>
+
+  /** Decrementa um valor numérico. Retorna o novo valor. */
+  decrement(key: string, amount?: number): Promise<number>
+
+  /** Busca ou armazena: se não existe, executa callback e salva. */
+  remember<T = unknown>(key: string, ttlSeconds: number, callback: () => Promise<T>): Promise<T>
+
+  /** Remove entradas expiradas (garbage collection). */
+  gc(): Promise<void>
+}

package/app/server/cache/index.ts

@@ -0,0 +1,42 @@
+/**
+ * FluxStack Cache System
+ *
+ * Sistema modular de cache. Hoje usa memória, amanhã Redis.
+ *
+ * ```ts
+ * import { cache, cacheManager } from '@server/cache'
+ *
+ * // Usar cache padrão
+ * await cache.set('user:1', userData, 3600)
+ * const user = await cache.get('user:1')
+ *
+ * // Trocar driver
+ * cacheManager.extend('redis', () => new MyRedisDriver())
+ * const redis = cacheManager.driver('redis')
+ * ```
+ */
+
+export type { CacheDriver } from './contracts'
+export { MemoryCacheDriver } from './MemoryDriver'
+export { CacheManager, cacheManager } from './CacheManager'
+
+/** Atalho: driver de cache padrão (lazy-initialized) */
+import type { CacheDriver as CacheDriverType } from './contracts'
+import { cacheManager as _cm } from './CacheManager'
+
+let _cacheInstance: CacheDriverType | null = null
+
+function getCacheInstance(): CacheDriverType {
+  if (!_cacheInstance) {
+    _cacheInstance = _cm.driver()
+  }
+  return _cacheInstance
+}
+
+export const cache: CacheDriverType = new Proxy({} as CacheDriverType, {
+  get(_, prop: string) {
+    const instance = getCacheInstance()
+    const value = (instance as any)[prop]
+    return typeof value === 'function' ? value.bind(instance) : value
+  }
+})

package/app/server/index.ts

@@ -17,6 +17,20 @@ import { liveComponentsPlugin } from "@core/server/live/websocket-plugin"
 import { appInstance } from "@server/app"
 import { appConfig } from "@config"
 
+// 🔒 Auth provider para Live Components
+import { liveAuthManager } from "@core/server/live/auth"
+import { DevAuthProvider } from "./auth/DevAuthProvider"
+
+// 🔐 Auth system (Guard + Provider, Laravel-inspired)
+import { initAuth } from "@server/auth"
+
+// Registrar provider de desenvolvimento (tokens simples para testes)
+liveAuthManager.register(new DevAuthProvider())
+console.log('🔓 DevAuthProvider registered')
+
+// Inicializar sistema de autenticação
+initAuth()
+
 const framework = new FluxStackFramework()
   .use(swaggerPlugin)
   .use(liveComponentsPlugin)

package/app/server/live/LiveAdminPanel.ts

@@ -0,0 +1,174 @@
+// 🔒 LiveAdminPanel - Exemplo completo de Live Component com autenticação
+//
+// Demonstra todos os cenários de auth:
+//  1. Componente público (sem auth)          → LiveCounter
+//  2. Componente protegido (auth required)   → este componente
+//  3. Componente com roles                   → este componente (role: admin)
+//  4. Actions com permissões granulares      → deleteUser requer 'users.delete'
+//  5. Acesso ao $auth dentro de actions      → getAuthInfo, audit trail
+//
+// Client: import { LiveAdminPanel } from '@server/live/LiveAdminPanel'
+// Client link: import type { AdminPanelDemo as _Client } from '@client/src/live/AdminPanelDemo'
+
+import { LiveComponent } from '@core/types/types'
+import type { LiveComponentAuth, LiveActionAuthMap } from '@core/server/live/auth/types'
+
+// ===== State =====
+
+interface User {
+  id: string
+  name: string
+  role: string
+  createdAt: number
+}
+
+interface AuditEntry {
+  action: string
+  performedBy: string
+  target?: string
+  timestamp: number
+}
+
+interface AdminPanelState {
+  users: User[]
+  audit: AuditEntry[]
+  currentUser: string | null
+  currentRoles: string[]
+  isAdmin: boolean
+}
+
+// ===== Component =====
+
+export class LiveAdminPanel extends LiveComponent<AdminPanelState> {
+  static componentName = 'LiveAdminPanel'
+  static publicActions = ['getAuthInfo', 'init', 'listUsers', 'addUser', 'deleteUser', 'clearAudit'] as const
+
+  static defaultState: AdminPanelState = {
+    users: [
+      { id: '1', name: 'Alice', role: 'admin', createdAt: Date.now() },
+      { id: '2', name: 'Bob', role: 'user', createdAt: Date.now() },
+      { id: '3', name: 'Carol', role: 'moderator', createdAt: Date.now() },
+    ],
+    audit: [],
+    currentUser: null,
+    currentRoles: [],
+    isAdmin: false,
+  }
+
+  // ─────────────────────────────────────────
+  // 🔒 Auth: requer autenticação + role admin
+  // ─────────────────────────────────────────
+  static auth: LiveComponentAuth = {
+    required: true,
+    roles: ['admin'],
+  }
+
+  // ─────────────────────────────────────────
+  // 🔒 Auth por action: permissões granulares
+  // ─────────────────────────────────────────
+  static actionAuth: LiveActionAuthMap = {
+    deleteUser: { permissions: ['users.delete'] },
+    clearAudit: { roles: ['admin'] },
+  }
+
+  // ===== Actions =====
+
+  /**
+   * Retorna info do usuário autenticado.
+   * Qualquer admin pode chamar (protegido pelo static auth do componente).
+   */
+  async getAuthInfo() {
+    return {
+      authenticated: this.$auth.authenticated,
+      userId: this.$auth.user?.id,
+      roles: this.$auth.user?.roles || [],
+      permissions: this.$auth.user?.permissions || [],
+      isAdmin: this.$auth.hasRole('admin'),
+    }
+  }
+
+  /**
+   * Popula o state com info do usuário autenticado.
+   * Chamado pelo client após mount para exibir quem está logado.
+   */
+  async init() {
+    this.setState({
+      currentUser: this.$auth.user?.id || null,
+      currentRoles: this.$auth.user?.roles || [],
+      isAdmin: this.$auth.hasRole('admin'),
+    })
+
+    this.addAudit('LOGIN', this.$auth.user?.id || 'unknown')
+
+    return { success: true }
+  }
+
+  /**
+   * Lista usuários - qualquer admin pode.
+   */
+  async listUsers() {
+    return { users: this.state.users }
+  }
+
+  /**
+   * Adiciona um usuário - qualquer admin pode.
+   */
+  async addUser(payload: { name: string; role: string }) {
+    const user: User = {
+      id: String(Date.now()),
+      name: payload.name,
+      role: payload.role,
+      createdAt: Date.now(),
+    }
+
+    this.setState({
+      users: [...this.state.users, user],
+    })
+
+    this.addAudit('ADD_USER', this.$auth.user?.id || 'unknown', user.name)
+
+    return { success: true, user }
+  }
+
+  /**
+   * 🔒 Deleta um usuário.
+   * Requer permissão 'users.delete' (via static actionAuth).
+   * Se o usuário não tiver essa permissão, o framework bloqueia ANTES
+   * de executar este método.
+   */
+  async deleteUser(payload: { userId: string }) {
+    const user = this.state.users.find(u => u.id === payload.userId)
+    if (!user) throw new Error('User not found')
+
+    this.setState({
+      users: this.state.users.filter(u => u.id !== payload.userId),
+    })
+
+    this.addAudit('DELETE_USER', this.$auth.user?.id || 'unknown', user.name)
+
+    return { success: true }
+  }
+
+  /**
+   * 🔒 Limpa o audit log.
+   * Requer role 'admin' (via static actionAuth).
+   */
+  async clearAudit() {
+    this.setState({ audit: [] })
+    return { success: true }
+  }
+
+  // ===== Helpers (privados, não expostos como actions) =====
+
+  private addAudit(action: string, performedBy: string, target?: string) {
+    const entry: AuditEntry = {
+      action,
+      performedBy,
+      target,
+      timestamp: Date.now(),
+    }
+    this.setState({
+      audit: [...this.state.audit, entry].slice(-20),
+    })
+  }
+}