npm - fauxbase - Versions diffs - 0.5.6 → 0.5.8 - Mend

fauxbase 0.5.6 → 0.5.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -279,10 +279,15 @@ var AuthService = class extends Service {
   saveState = null;
   httpDriver = null;
   authChangeListeners = [];
+  refreshTimer = null;
+  _isRefreshing = null;
   /** @internal — called by createClient to wire persistence */
   _initAuth(loadState, saveState) {
     this.saveState = saveState;
     this.authState = loadState();
+    if (this.authState?.expiresAt) {
+      this.scheduleRefresh();
+    }
   }
   /** @internal — called by createClient when using HttpDriver */
   _setHttpMode(driver) {
@@ -301,9 +306,38 @@ var AuthService = class extends Service {
     return this.localRegister(data);
   }
   logout() {
+    this.clearRefreshTimer();
     this.authState = null;
     this.persistState();
   }
+  /** Manually refresh the token. Returns the new token. */
+  async refresh() {
+    if (!this.authState?.refreshToken) {
+      throw new ForbiddenError("No refresh token available");
+    }
+    if (this.httpDriver) {
+      return this.httpRefresh();
+    }
+    return this.localRefresh();
+  }
+  /**
+   * Ensure the token is valid before making a request.
+   * If expired, auto-refreshes. Safe to call concurrently.
+   */
+  async ensureValidToken() {
+    if (!this.authState) return;
+    if (!this.authState.expiresAt) return;
+    const buffer = 30 * 1e3;
+    if (Date.now() + buffer >= this.authState.expiresAt) {
+      if (!this._isRefreshing) {
+        this._isRefreshing = this.refresh().then(() => {
+        }).finally(() => {
+          this._isRefreshing = null;
+        });
+      }
+      await this._isRefreshing;
+    }
+  }
   get currentUser() {
     return this.authState ? { id: this.authState.userId, email: this.authState.email } : null;
   }
@@ -313,6 +347,16 @@ var AuthService = class extends Service {
   get token() {
     return this.authState?.token ?? null;
   }
+  get refreshToken() {
+    return this.authState?.refreshToken ?? null;
+  }
+  get expiresAt() {
+    return this.authState?.expiresAt ?? null;
+  }
+  get isExpired() {
+    if (!this.authState?.expiresAt) return false;
+    return Date.now() >= this.authState.expiresAt;
+  }
   hasRole(role) {
     return this.authState?.role === role;
   }
@@ -323,7 +367,7 @@ var AuthService = class extends Service {
       userName: this.authState.userName
     };
   }
-  // --- Local mode (original implementation) ---
+  // --- Local mode ---
   async localLogin(credentials) {
     const { items } = await this.list({ filter: { email: credentials.email } });
     if (items.length === 0) {
@@ -333,14 +377,18 @@ var AuthService = class extends Service {
     if (user.password !== credentials.password) {
       throw new ForbiddenError("Invalid email or password");
     }
+    const expiresAt = Date.now() + 60 * 60 * 1e3;
     this.authState = {
       userId: user.id,
       email: user.email,
       userName: user.name || user.email,
       role: user.role,
-      token: this.generateToken(user)
+      token: this.generateToken(user, expiresAt),
+      refreshToken: this.generateRefreshToken(user),
+      expiresAt
     };
     this.persistState();
+    this.scheduleRefresh();
     return user;
   }
   async localRegister(data) {
@@ -353,16 +401,33 @@ var AuthService = class extends Service {
     }
     const { data: user } = await this.create(data);
     const u = user;
+    const expiresAt = Date.now() + 60 * 60 * 1e3;
     this.authState = {
       userId: u.id,
       email: u.email,
       userName: u.name || u.email,
       role: u.role,
-      token: this.generateToken(u)
+      token: this.generateToken(u, expiresAt),
+      refreshToken: this.generateRefreshToken(u),
+      expiresAt
     };
     this.persistState();
+    this.scheduleRefresh();
     return user;
   }
+  async localRefresh() {
+    const payload = JSON.parse(atob(this.authState.refreshToken));
+    const expiresAt = Date.now() + 60 * 60 * 1e3;
+    this.authState = {
+      ...this.authState,
+      token: this.generateToken(payload, expiresAt),
+      refreshToken: this.generateRefreshToken(payload),
+      expiresAt
+    };
+    this.persistState();
+    this.scheduleRefresh();
+    return this.authState.token;
+  }
   // --- HTTP mode ---
   async httpLogin(credentials) {
     const preset = this.httpDriver.preset;
@@ -384,17 +449,9 @@ var AuthService = class extends Service {
       throw new ForbiddenError(body2.message ?? "Login failed");
     }
     const body = await response.json();
-    const token = body[preset.auth.tokenField];
-    const user = body[preset.auth.userField] ?? body;
-    this.authState = {
-      userId: user.id,
-      email: user.email ?? credentials.email,
-      userName: user.name || user.email || credentials.email,
-      role: user.role,
-      token
-    };
-    this.persistState();
-    return user;
+    this.setAuthFromResponse(body, preset, credentials.email);
+    const unwrapped = this.unwrapBody(body);
+    return unwrapped[preset.auth.userField] ?? unwrapped;
   }
   async httpRegister(data) {
     const preset = this.httpDriver.preset;
@@ -413,27 +470,103 @@ var AuthService = class extends Service {
       throw new ForbiddenError(body2.message ?? "Registration failed");
     }
     const body = await response.json();
-    const token = body[preset.auth.tokenField];
-    const user = body[preset.auth.userField] ?? body;
+    this.setAuthFromResponse(body, preset, data.email);
+    const unwrapped = this.unwrapBody(body);
+    return unwrapped[preset.auth.userField] ?? unwrapped;
+  }
+  async httpRefresh() {
+    const preset = this.httpDriver.preset;
+    const baseUrl = this.httpDriver.baseUrl;
+    const refreshUrl = preset.auth.refreshUrl;
+    if (!refreshUrl) {
+      throw new ForbiddenError("Refresh URL not configured in preset");
+    }
+    const response = await fetch(`${baseUrl}${refreshUrl}`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ refreshToken: this.authState.refreshToken })
+    });
+    if (!response.ok) {
+      this.logout();
+      throw new ForbiddenError("Session expired. Please log in again.");
+    }
+    const body = await response.json();
+    const unwrapped = this.unwrapBody(body);
+    const token = unwrapped[preset.auth.tokenField];
+    const refreshToken = preset.auth.refreshTokenField ? unwrapped[preset.auth.refreshTokenField] : this.authState.refreshToken;
+    const expiresIn = preset.auth.expiresInField ? unwrapped[preset.auth.expiresInField] : null;
+    const expiresAt = expiresIn ? Date.now() + expiresIn * 1e3 : void 0;
+    this.authState = {
+      ...this.authState,
+      token,
+      refreshToken,
+      expiresAt
+    };
+    this.persistState();
+    this.scheduleRefresh();
+    return token;
+  }
+  unwrapBody(body) {
+    if (body.data && typeof body.data === "object" && !Array.isArray(body.data)) {
+      return body.data;
+    }
+    return body;
+  }
+  setAuthFromResponse(body, preset, fallbackEmail) {
+    const unwrapped = this.unwrapBody(body);
+    const token = unwrapped[preset.auth.tokenField];
+    const user = unwrapped[preset.auth.userField] ?? unwrapped;
+    const refreshToken = preset.auth.refreshTokenField ? unwrapped[preset.auth.refreshTokenField] : void 0;
+    const expiresIn = preset.auth.expiresInField ? unwrapped[preset.auth.expiresInField] : null;
+    const expiresAt = expiresIn ? Date.now() + expiresIn * 1e3 : void 0;
     this.authState = {
       userId: user.id,
-      email: user.email ?? data.email,
-      userName: user.name || user.email || data.email,
+      email: user.email ?? fallbackEmail,
+      userName: user.name || user.email || fallbackEmail,
       role: user.role,
-      token
+      token,
+      refreshToken,
+      expiresAt
     };
     this.persistState();
-    return user;
+    this.scheduleRefresh();
   }
-  generateToken(user) {
+  // --- Token generation (local mode) ---
+  generateToken(user, expiresAt) {
     return btoa(JSON.stringify({
-      userId: user.id,
+      userId: user.id ?? user.userId,
       email: user.email,
       role: user.role,
       iat: Date.now(),
-      exp: Date.now() + 24 * 60 * 60 * 1e3
+      exp: expiresAt
     }));
   }
+  generateRefreshToken(user) {
+    return btoa(JSON.stringify({
+      userId: user.id ?? user.userId,
+      email: user.email,
+      role: user.role,
+      type: "refresh",
+      iat: Date.now()
+    }));
+  }
+  // --- Refresh scheduling ---
+  scheduleRefresh() {
+    this.clearRefreshTimer();
+    if (!this.authState?.expiresAt) return;
+    const delay = this.authState.expiresAt - Date.now() - 60 * 1e3;
+    if (delay <= 0) return;
+    this.refreshTimer = setTimeout(() => {
+      this.refresh().catch(() => {
+      });
+    }, delay);
+  }
+  clearRefreshTimer() {
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+  }
   /** @internal — called by createClient to listen for auth state changes */
   _onAuthChange(listener) {
     this.authChangeListeners.push(listener);
@@ -1005,7 +1138,7 @@ var defaultPreset = definePreset({
 var springBootPreset = definePreset({
   name: "spring-boot",
   response: {
-    single: (raw) => ({ data: raw }),
+    single: (raw) => ({ data: raw.data ?? raw }),
     list: (raw) => ({
       items: raw.content ?? [],
       meta: {
@@ -1037,7 +1170,10 @@ var springBootPreset = definePreset({
   auth: {
     loginUrl: "/api/auth/login",
     registerUrl: "/api/auth/register",
+    refreshUrl: "/api/auth/refresh",
     tokenField: "token",
+    refreshTokenField: "refreshToken",
+    expiresInField: "expiresIn",
     userField: "user",
     headerFormat: "Bearer {token}"
   }
@@ -1088,7 +1224,7 @@ var laravelPreset = definePreset({
 var djangoPreset = definePreset({
   name: "django",
   response: {
-    single: (raw) => ({ data: raw }),
+    single: (raw) => ({ data: raw.data ?? raw }),
     list: (raw) => ({
       items: raw.results ?? [],
       meta: {
@@ -1277,6 +1413,7 @@ var HttpDriver = class {
   defaultHeaders;
   endpoints = /* @__PURE__ */ new Map();
   authProvider = null;
+  onUnauthorized = null;
   constructor(config) {
     this.baseUrl = config.baseUrl.replace(/\/$/, "");
     this.preset = typeof config.preset === "string" ? getPreset(config.preset ?? "default") : config.preset ?? getPreset("default");
@@ -1288,6 +1425,10 @@ var HttpDriver = class {
   setAuthProvider(provider) {
     this.authProvider = provider;
   }
+  /** @internal — set callback to refresh token on 401 */
+  setOnUnauthorized(handler) {
+    this.onUnauthorized = handler;
+  }
   registerEndpoint(resource, endpoint) {
     this.endpoints.set(resource, endpoint);
   }
@@ -1321,6 +1462,12 @@ var HttpDriver = class {
       });
       clearTimeout(timer);
       if (!response.ok) {
+        if (response.status === 401 && retryCount === 0 && this.onUnauthorized) {
+          const refreshed = await this.onUnauthorized();
+          if (refreshed) {
+            return this._fetch(url, options, 1);
+          }
+        }
         if (response.status >= 500 && retryCount < this.maxRetries) {
           const delay = this.baseDelay * Math.pow(2, retryCount);
           await new Promise((r) => setTimeout(r, delay));
@@ -1444,7 +1591,7 @@ var HttpDriver = class {
       url += `?${params.toString()}`;
     }
     return this._fetch(url, {
-      method: options?.method ?? "POST",
+      method: options?.method ?? (options?.body !== void 0 ? "POST" : "GET"),
       body: options?.body !== void 0 ? JSON.stringify(options.body) : void 0
     });
   }
@@ -1684,10 +1831,25 @@ function createClient(config) {
     } else if (defaultDriver instanceof HttpDriver) {
       authInstance._init(defaultDriver, resourceName);
       defaultDriver.registerEndpoint(resourceName, authInstance.endpoint);
+      const hasLocalStorage = typeof localStorage !== "undefined";
+      const LS_AUTH_KEY = "fauxbase:auth";
       let memoryAuthState = null;
       authInstance._initAuth(
-        () => memoryAuthState,
+        () => {
+          if (hasLocalStorage) {
+            const raw = localStorage.getItem(LS_AUTH_KEY);
+            return raw ? JSON.parse(raw) : null;
+          }
+          return memoryAuthState;
+        },
         (state) => {
+          if (hasLocalStorage) {
+            if (state) {
+              localStorage.setItem(LS_AUTH_KEY, JSON.stringify(state));
+            } else {
+              localStorage.removeItem(LS_AUTH_KEY);
+            }
+          }
           memoryAuthState = state;
         }
       );
@@ -1696,6 +1858,14 @@ function createClient(config) {
         const token = authInstance.token;
         return token ? { token } : null;
       });
+      defaultDriver.setOnUnauthorized(async () => {
+        try {
+          await authInstance.refresh();
+          return true;
+        } catch {
+          return false;
+        }
+      });
     }
     client.auth = authInstance;
     for (const driver of overrideDrivers.values()) {
@@ -1704,6 +1874,14 @@ function createClient(config) {
           const token = client.auth?.token;
           return token ? { token } : null;
         });
+        driver.setOnUnauthorized(async () => {
+          try {
+            await client.auth.refresh();
+            return true;
+          } catch {
+            return false;
+          }
+        });
       }
     }
   }