dauth-context-react 4.0.4 → 5.0.0

package/dist/index.mjs

@@ -5,8 +5,7 @@ import {
   useEffect,
   useCallback,
   createContext,
-  useContext,
-  useRef
+  useContext
 } from "react";
 
 // src/initialDauthState.ts
@@ -21,7 +20,6 @@ var initialDauthState = {
   },
   logout: () => {
   },
-  getAccessToken: () => Promise.resolve(""),
   updateUser: () => Promise.resolve(false),
   updateUserWithRedirect: () => {
   },
@@ -69,162 +67,108 @@ function userReducer(state, action) {
   }
 }
 
-// src/api/utils/config.ts
-var apiVersion = "v1";
-var serverDomain = "dauth.ovh";
-var _dauthUrl;
-function setDauthUrl(url) {
-  _dauthUrl = url?.replace(/\/+$/, "");
-}
-function checkIsLocalhost() {
-  if (typeof window === "undefined") return false;
-  const hostname = window.location.hostname;
-  return Boolean(
-    hostname === "localhost" || hostname === "[::1]" || hostname.match(
-      /(192)\.(168)\.(1)\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/gm
-    ) || hostname.match(/^127(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}$/)
+// src/api/dauth.api.ts
+function getCsrfToken() {
+  const match = document.cookie.match(
+    /(?:^|;\s*)(?:__Host-csrf|csrf-token)=([^;]*)/
   );
+  return match?.[1] ?? "";
 }
-function getServerBasePath() {
-  if (_dauthUrl) return `${_dauthUrl}/api/${apiVersion}`;
-  const isLocalhost = checkIsLocalhost();
-  const serverPort = 4012;
-  const serverLocalUrl = `${window.location.protocol}//${window.location.hostname}:${serverPort}/api/${apiVersion}`;
-  const serverProdUrl = `https://${serverDomain}/api/${apiVersion}`;
-  return isLocalhost ? serverLocalUrl : serverProdUrl;
-}
-function getClientBasePath() {
-  if (_dauthUrl) return _dauthUrl;
-  const isLocalhost = checkIsLocalhost();
-  const clientPort = 5185;
-  const clientLocalUrl = `${window.location.protocol}//${window.location.hostname}:${clientPort}`;
-  const clientProdUrl = `https://${serverDomain}`;
-  return isLocalhost ? clientLocalUrl : clientProdUrl;
+async function exchangeCodeAPI(basePath, code) {
+  const response = await fetch(`${basePath}/exchange-code`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    credentials: "include",
+    body: JSON.stringify({ code })
+  });
+  const data = await response.json();
+  return { response, data };
 }
-
-// src/api/dauth.api.ts
-var getUserAPI = async (domainName, token) => {
-  const params = {
+async function getSessionAPI(basePath) {
+  const response = await fetch(`${basePath}/session`, {
     method: "GET",
-    headers: {
-      Authorization: token,
-      "Content-Type": "application/json"
-    }
-  };
-  const response = await fetch(
-    `${getServerBasePath()}/app/${domainName}/user`,
-    params
-  );
+    credentials: "include"
+  });
   const data = await response.json();
   return { response, data };
-};
-var updateUserAPI = async (domainName, user, token) => {
-  const params = {
+}
+async function logoutAPI(basePath) {
+  const response = await fetch(`${basePath}/logout`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "X-CSRF-Token": getCsrfToken()
+    },
+    credentials: "include"
+  });
+  return { response };
+}
+async function updateUserAPI(basePath, user) {
+  const response = await fetch(`${basePath}/user`, {
     method: "PATCH",
     headers: {
-      Authorization: token,
-      "Content-Type": "application/json"
+      "Content-Type": "application/json",
+      "X-CSRF-Token": getCsrfToken()
     },
+    credentials: "include",
     body: JSON.stringify(user)
-  };
-  const response = await fetch(
-    `${getServerBasePath()}/app/${domainName}/user`,
-    params
-  );
-  const data = await response.json();
-  return { response, data };
-};
-var refreshTokenAPI = async (domainName, refreshToken) => {
-  const params = {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ refreshToken })
-  };
-  const response = await fetch(
-    `${getServerBasePath()}/app/${domainName}/refresh-token`,
-    params
-  );
+  });
   const data = await response.json();
   return { response, data };
-};
-var deleteAccountAPI = async (domainName, token) => {
-  const params = {
+}
+async function deleteAccountAPI(basePath) {
+  const response = await fetch(`${basePath}/user`, {
     method: "DELETE",
-    headers: {
-      Authorization: token,
-      "Content-Type": "application/json"
-    }
-  };
-  const response = await fetch(
-    `${getServerBasePath()}/app/${domainName}/user`,
-    params
-  );
+    headers: { "X-CSRF-Token": getCsrfToken() },
+    credentials: "include"
+  });
   const data = await response.json();
   return { response, data };
-};
-var exchangeCodeAPI = async (domainName, code) => {
-  const params = {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ code })
-  };
+}
+async function profileRedirectAPI(basePath) {
   const response = await fetch(
-    `${getServerBasePath()}/app/${domainName}/exchange-code`,
-    params
+    `${basePath}/profile-redirect`,
+    {
+      method: "GET",
+      headers: { "X-CSRF-Token": getCsrfToken() },
+      credentials: "include"
+    }
   );
   const data = await response.json();
   return { response, data };
-};
-var logoutAPI = async (domainName, refreshToken) => {
-  const params = {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ refreshToken })
-  };
-  const response = await fetch(
-    `${getServerBasePath()}/app/${domainName}/logout`,
-    params
-  );
-  return { response };
-};
+}
 
 // src/reducer/dauth.actions.ts
-async function exchangeCodeAction({
-  dispatch,
-  code,
-  domainName,
-  storageKeys,
-  onError
-}) {
+async function exchangeCodeAction(ctx, code) {
+  const { dispatch, authProxyPath, onError } = ctx;
   dispatch({
     type: SET_IS_LOADING,
     payload: { isLoading: true }
   });
   try {
-    window.history.replaceState({}, document.title, window.location.pathname);
-    const exchangeResult = await exchangeCodeAPI(domainName, code);
-    if (exchangeResult.response.status !== 200) {
-      return resetUser(dispatch, storageKeys);
-    }
-    const { accessToken, refreshToken } = exchangeResult.data;
-    localStorage.setItem(storageKeys.accessToken, accessToken);
-    localStorage.setItem(storageKeys.refreshToken, refreshToken);
-    const getUserFetch = await getUserAPI(domainName, accessToken);
-    if (getUserFetch.response.status === 200) {
+    window.history.replaceState(
+      {},
+      document.title,
+      window.location.pathname
+    );
+    const result = await exchangeCodeAPI(authProxyPath, code);
+    if (result.response.status === 200) {
       dispatch({
         type: LOGIN,
         payload: {
-          user: getUserFetch.data.user,
-          domain: getUserFetch.data.domain,
+          user: result.data.user,
+          domain: result.data.domain,
           isAuthenticated: true
         }
       });
       return;
     }
-    return resetUser(dispatch, storageKeys);
+    resetUser(dispatch);
   } catch (error) {
-    onError(error instanceof Error ? error : new Error(String(error)));
-    return resetUser(dispatch, storageKeys);
+    onError(
+      error instanceof Error ? error : new Error(String(error))
+    );
+    resetUser(dispatch);
   } finally {
     dispatch({
       type: SET_IS_LOADING,
@@ -232,45 +176,31 @@ async function exchangeCodeAction({
     });
   }
 }
-async function setAutoLoginAction({
-  dispatch,
-  domainName,
-  storageKeys,
-  onError
-}) {
-  dispatch({ type: SET_IS_LOADING, payload: { isLoading: true } });
-  const storedRefreshToken = localStorage.getItem(storageKeys.refreshToken);
-  if (!storedRefreshToken) {
-    dispatch({
-      type: SET_IS_LOADING,
-      payload: { isLoading: false }
-    });
-    return resetUser(dispatch, storageKeys);
-  }
+async function autoLoginAction(ctx) {
+  const { dispatch, authProxyPath, onError } = ctx;
+  dispatch({
+    type: SET_IS_LOADING,
+    payload: { isLoading: true }
+  });
   try {
-    const refreshResult = await refreshTokenAPI(domainName, storedRefreshToken);
-    if (refreshResult.response.status === 200) {
-      const newAccessToken = refreshResult.data.accessToken;
-      const newRefreshToken = refreshResult.data.refreshToken;
-      localStorage.setItem(storageKeys.accessToken, newAccessToken);
-      localStorage.setItem(storageKeys.refreshToken, newRefreshToken);
-      const getUserFetch = await getUserAPI(domainName, newAccessToken);
-      if (getUserFetch.response.status === 200) {
-        dispatch({
-          type: LOGIN,
-          payload: {
-            user: getUserFetch.data.user,
-            domain: getUserFetch.data.domain,
-            isAuthenticated: true
-          }
-        });
-        return;
-      }
+    const result = await getSessionAPI(authProxyPath);
+    if (result.response.status === 200) {
+      dispatch({
+        type: LOGIN,
+        payload: {
+          user: result.data.user,
+          domain: result.data.domain,
+          isAuthenticated: true
+        }
+      });
+      return;
     }
-    resetUser(dispatch, storageKeys);
+    resetUser(dispatch);
   } catch (error) {
-    onError(error instanceof Error ? error : new Error(String(error)));
-    resetUser(dispatch, storageKeys);
+    onError(
+      error instanceof Error ? error : new Error(String(error))
+    );
+    resetUser(dispatch);
   } finally {
     dispatch({
       type: SET_IS_LOADING,
@@ -278,19 +208,16 @@ async function setAutoLoginAction({
     });
   }
 }
-async function setLogoutAction({
-  dispatch,
-  domainName,
-  storageKeys
-}) {
-  const storedRefreshToken = localStorage.getItem(storageKeys.refreshToken);
-  if (storedRefreshToken && domainName) {
-    try {
-      await logoutAPI(domainName, storedRefreshToken);
-    } catch (_) {
-    }
+async function logoutAction(ctx) {
+  const { dispatch, authProxyPath } = ctx;
+  try {
+    await logoutAPI(authProxyPath);
+  } catch {
   }
-  dispatch({ type: SET_IS_LOADING, payload: { isLoading: true } });
+  dispatch({
+    type: SET_IS_LOADING,
+    payload: { isLoading: true }
+  });
   dispatch({
     type: LOGIN,
     payload: {
@@ -301,126 +228,73 @@ async function setLogoutAction({
       isAuthenticated: false
     }
   });
-  localStorage.removeItem(storageKeys.accessToken);
-  localStorage.removeItem(storageKeys.refreshToken);
-  return dispatch({
+  dispatch({
     type: SET_IS_LOADING,
     payload: { isLoading: false }
   });
 }
-async function refreshSessionAction({
-  dispatch,
-  domainName,
-  storageKeys,
-  onError
-}) {
-  const storedRefreshToken = localStorage.getItem(storageKeys.refreshToken);
-  if (!storedRefreshToken) {
-    return resetUser(dispatch, storageKeys);
-  }
-  try {
-    const refreshResult = await refreshTokenAPI(domainName, storedRefreshToken);
-    if (refreshResult.response.status === 200) {
-      localStorage.setItem(
-        storageKeys.accessToken,
-        refreshResult.data.accessToken
-      );
-      localStorage.setItem(
-        storageKeys.refreshToken,
-        refreshResult.data.refreshToken
-      );
-      return;
-    }
-    resetUser(dispatch, storageKeys);
-  } catch (error) {
-    onError(error instanceof Error ? error : new Error(String(error)));
-    resetUser(dispatch, storageKeys);
-  }
-}
-async function setUpdateUserAction({
-  dispatch,
-  domainName,
-  user,
-  token,
-  onError
-}) {
+async function updateUserAction(ctx, user) {
+  const { dispatch, authProxyPath, onError } = ctx;
   if (user.language) {
-    window.document.documentElement.setAttribute("lang", user.language);
-  }
-  if (!token) {
-    dispatch({
-      type: UPDATE_USER,
-      payload: user
-    });
-    return false;
+    window.document.documentElement.setAttribute(
+      "lang",
+      user.language
+    );
   }
   try {
-    const getUserFetch = await updateUserAPI(domainName, user, token);
-    if (getUserFetch.response.status === 200) {
+    const result = await updateUserAPI(authProxyPath, user);
+    if (result.response.status === 200) {
       dispatch({
         type: UPDATE_USER,
-        payload: getUserFetch.data.user
+        payload: result.data.user
       });
       return true;
-    } else {
-      onError(new Error("Update user error: " + getUserFetch.data.message));
-      return false;
     }
+    onError(
+      new Error("Update user error: " + result.data.message)
+    );
+    return false;
   } catch (error) {
-    onError(error instanceof Error ? error : new Error("Update user error"));
+    onError(
+      error instanceof Error ? error : new Error("Update user error")
+    );
     return false;
   }
 }
-async function getAccessTokenAction({
-  dispatch,
-  domainName,
-  storageKeys,
-  onError
-}) {
-  const token_ls = localStorage.getItem(storageKeys.accessToken);
-  if (!token_ls) return "token-not-found";
+async function updateUserWithRedirectAction(ctx) {
+  const { authProxyPath, onError } = ctx;
   try {
-    const payloadB64 = token_ls.split(".")[1];
-    if (payloadB64) {
-      const payload = JSON.parse(atob(payloadB64));
-      const expiresIn = (payload.exp || 0) * 1e3 - Date.now();
-      if (expiresIn < 5 * 60 * 1e3) {
-        await refreshSessionAction({
-          dispatch,
-          domainName,
-          storageKeys,
-          onError
-        });
-        const refreshedToken = localStorage.getItem(storageKeys.accessToken);
-        return refreshedToken || "token-not-found";
-      }
+    const result = await profileRedirectAPI(authProxyPath);
+    if (result.response.status === 200 && result.data.redirectUrl) {
+      window.location.replace(result.data.redirectUrl);
+      return;
     }
-  } catch (_) {
+    onError(
+      new Error("Could not generate profile redirect")
+    );
+  } catch (error) {
+    onError(
+      error instanceof Error ? error : new Error("Profile redirect error")
+    );
   }
-  return token_ls;
 }
-async function deleteAccountAction({
-  dispatch,
-  domainName,
-  storageKeys,
-  onError,
-  token
-}) {
+async function deleteAccountAction(ctx) {
+  const { dispatch, authProxyPath, onError } = ctx;
   try {
-    const result = await deleteAccountAPI(domainName, token);
+    const result = await deleteAccountAPI(authProxyPath);
     if (result.response.status === 200) {
-      resetUser(dispatch, storageKeys);
+      resetUser(dispatch);
       return true;
     }
     return false;
   } catch (error) {
-    onError(error instanceof Error ? error : new Error("Delete account error"));
+    onError(
+      error instanceof Error ? error : new Error("Delete account error")
+    );
     return false;
   }
 }
-var resetUser = (dispatch, storageKeys) => {
-  localStorage.removeItem(storageKeys.accessToken);
-  localStorage.removeItem(storageKeys.refreshToken);
+var resetUser = (dispatch) => {
   return dispatch({
     type: LOGIN,
     payload: {
@@ -431,120 +305,87 @@ var resetUser = (dispatch, storageKeys) => {
   });
 };
 
+// src/api/utils/config.ts
+var serverDomain = "dauth.ovh";
+var _dauthUrl;
+function setDauthUrl(url) {
+  _dauthUrl = url?.replace(/\/+$/, "");
+}
+function checkIsLocalhost() {
+  if (typeof window === "undefined") return false;
+  const hostname = window.location.hostname;
+  return Boolean(
+    hostname === "localhost" || hostname === "[::1]" || hostname.match(
+      /(192)\.(168)\.(1)\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/gm
+    ) || hostname.match(
+      /^127(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}$/
+    )
+  );
+}
+function getClientBasePath() {
+  if (_dauthUrl) return _dauthUrl;
+  const isLocalhost = checkIsLocalhost();
+  const clientPort = 5185;
+  const clientLocalUrl = `${window.location.protocol}//${window.location.hostname}:${clientPort}`;
+  const clientProdUrl = `https://${serverDomain}`;
+  return isLocalhost ? clientLocalUrl : clientProdUrl;
+}
+
 // src/constants.ts
-var TOKEN_LS = "dauth_state";
-var REFRESH_TOKEN_LS = "dauth_refresh_token";
 var AUTH_CODE_PARAM = "code";
 
 // src/api/utils/routes.ts
 var routes = {
-  signin: "signin",
-  updateUser: "update-user"
+  signin: "signin"
 };
 
 // src/index.tsx
 import { jsx } from "react/jsx-runtime";
 var defaultOnError = (error) => console.error(error);
 var DauthProvider = (props) => {
-  const { domainName, children, storageKey, onError, env, dauthUrl } = props;
-  const [dauthState, dispatch] = useReducer(userReducer, initialDauthState_default);
-  const refreshTimerRef = useRef(null);
+  const {
+    domainName,
+    children,
+    authProxyPath = "/api/auth",
+    onError,
+    env,
+    dauthUrl
+  } = props;
+  const [dauthState, dispatch] = useReducer(
+    userReducer,
+    initialDauthState_default
+  );
   useEffect(() => {
     setDauthUrl(dauthUrl);
   }, [dauthUrl]);
-  const storageKeys = useMemo(
-    () => ({
-      accessToken: storageKey?.accessToken ?? TOKEN_LS,
-      refreshToken: storageKey?.refreshToken ?? REFRESH_TOKEN_LS
-    }),
-    [storageKey?.accessToken, storageKey?.refreshToken]
-  );
   const handleError = useCallback(
     (error) => (onError ?? defaultOnError)(error),
     [onError]
   );
   const ctx = useMemo(
-    () => ({ dispatch, domainName, storageKeys, onError: handleError }),
-    [domainName, storageKeys, handleError]
+    () => ({ dispatch, authProxyPath, onError: handleError }),
+    [authProxyPath, handleError]
   );
-  const scheduleRefresh = useCallback(() => {
-    if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);
-    const token = localStorage.getItem(storageKeys.accessToken);
-    if (!token) return;
-    try {
-      const payloadB64 = token.split(".")[1];
-      if (!payloadB64) return;
-      const payload = JSON.parse(atob(payloadB64));
-      const expiresIn = (payload.exp || 0) * 1e3 - Date.now();
-      const refreshIn = Math.max(expiresIn - 5 * 60 * 1e3, 1e4);
-      refreshTimerRef.current = setTimeout(async () => {
-        await refreshSessionAction(ctx);
-        scheduleRefresh();
-      }, refreshIn);
-    } catch (_) {
-      refreshTimerRef.current = setTimeout(
-        async () => {
-          await refreshSessionAction(ctx);
-          scheduleRefresh();
-        },
-        5 * 60 * 1e3
-      );
-    }
-  }, [ctx, storageKeys.accessToken]);
-  useEffect(() => {
-    (async () => {
-      const queryString = window.location.search;
-      if (!queryString) return;
-      const urlParams = new URLSearchParams(queryString);
-      const code = urlParams.get(AUTH_CODE_PARAM);
-      if (code && !dauthState.isAuthenticated) {
-        return exchangeCodeAction({ ...ctx, code });
-      }
-    })();
-  }, []);
-  useEffect(() => {
-    (async () => {
-      const urlParams = new URLSearchParams(window.location.search);
-      if (urlParams.get(AUTH_CODE_PARAM)) return;
-      const refreshToken = localStorage.getItem(storageKeys.refreshToken);
-      if (refreshToken && !dauthState.isAuthenticated) {
-        return setAutoLoginAction(ctx);
-      } else {
-        return dispatch({
-          type: SET_IS_LOADING,
-          payload: { isLoading: false }
-        });
-      }
-    })();
-  }, []);
   useEffect(() => {
-    if (dauthState.isAuthenticated) {
-      scheduleRefresh();
+    const params = new URLSearchParams(window.location.search);
+    const code = params.get(AUTH_CODE_PARAM);
+    if (code) {
+      exchangeCodeAction(ctx, code);
+    } else {
+      autoLoginAction(ctx);
     }
-    return () => {
-      if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);
-    };
-  }, [dauthState.isAuthenticated, scheduleRefresh]);
+  }, []);
   const loginWithRedirect = useCallback(() => {
     const base = `${getClientBasePath()}/${domainName}/${routes.signin}`;
     const url = env ? `${base}?env=${encodeURIComponent(env)}` : base;
     return window.location.replace(url);
   }, [domainName, env]);
-  const logout = useCallback(() => {
-    if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);
-    return setLogoutAction({
-      dispatch,
-      domainName,
-      storageKeys
-    });
-  }, [domainName, storageKeys]);
-  const getAccessToken = useCallback(async () => {
-    const token = await getAccessTokenAction(ctx);
-    return token;
-  }, [ctx]);
+  const logout = useCallback(
+    () => logoutAction(ctx),
+    [ctx]
+  );
   const updateUser = useCallback(
     async (fields) => {
-      const token_ls = localStorage.getItem(storageKeys.accessToken);
       const {
         name,
         lastname,
@@ -569,36 +410,23 @@ var DauthProvider = (props) => {
         country,
         metadata
       };
-      return await setUpdateUserAction({
-        ...ctx,
-        user,
-        token: token_ls
-      });
+      return updateUserAction(ctx, user);
     },
-    [ctx, storageKeys.accessToken]
+    [ctx]
+  );
+  const updateUserWithRedirect = useCallback(
+    () => updateUserWithRedirectAction(ctx),
+    [ctx]
+  );
+  const deleteAccount = useCallback(
+    () => deleteAccountAction(ctx),
+    [ctx]
   );
-  const updateUserWithRedirect = useCallback(() => {
-    const token_ls = localStorage.getItem(storageKeys.accessToken);
-    if (!token_ls) return;
-    return window.location.replace(
-      `${getClientBasePath()}/${domainName}/${routes.updateUser}/${token_ls}`
-    );
-  }, [domainName, storageKeys.accessToken]);
-  const deleteAccount = useCallback(async () => {
-    const token_ls = localStorage.getItem(storageKeys.accessToken);
-    if (!token_ls) return false;
-    if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);
-    return await deleteAccountAction({
-      ...ctx,
-      token: token_ls
-    });
-  }, [ctx, storageKeys.accessToken]);
   const memoProvider = useMemo(
     () => ({
       ...dauthState,
       loginWithRedirect,
       logout,
-      getAccessToken,
       updateUser,
       updateUserWithRedirect,
       deleteAccount
@@ -607,7 +435,6 @@ var DauthProvider = (props) => {
       dauthState,
       loginWithRedirect,
       logout,
-      getAccessToken,
       updateUser,
       updateUserWithRedirect,
       deleteAccount