hightjs 0.1.1 → 0.2.1

package/dist/auth/providers/discord.d.ts

@@ -0,0 +1,67 @@
+import type { AuthProviderClass, AuthRoute, User } from '../types';
+export interface DiscordConfig {
+    id?: string;
+    name?: string;
+    clientId: string;
+    clientSecret: string;
+    callbackUrl?: string;
+    successUrl?: string;
+    scope?: string[];
+}
+/**
+ * Provider para autenticação com Discord OAuth2
+ *
+ * Este provider permite autenticação usando Discord OAuth2.
+ * Automaticamente gerencia o fluxo OAuth completo e rotas necessárias.
+ *
+ * Exemplo de uso:
+ * ```typescript
+ * new DiscordProvider({
+ * clientId: process.env.DISCORD_CLIENT_ID!,
+ * clientSecret: process.env.DISCORD_CLIENT_SECRET!,
+ * callbackUrl: "http://localhost:3000/api/auth/callback/discord"
+ * })
+ * ```
+ *
+ * Fluxo de autenticação:
+ * 1. GET /api/auth/signin/discord - Gera URL e redireciona para Discord
+ * 2. Discord redireciona para /api/auth/callback/discord com código
+ * 3. Provider troca código por token e busca dados do usuário
+ * 4. Retorna objeto User com dados do Discord
+ */
+export declare class DiscordProvider implements AuthProviderClass {
+    readonly id: string;
+    readonly name: string;
+    readonly type: string;
+    private config;
+    private readonly defaultScope;
+    constructor(config: DiscordConfig);
+    /**
+     * Método para gerar URL OAuth (usado pelo handleSignIn)
+     */
+    handleOauth(credentials?: Record<string, string>): string;
+    /**
+     * Método principal - agora redireciona para OAuth ou processa callback
+     */
+    handleSignIn(credentials: Record<string, string>): Promise<User | string | null>;
+    /**
+     * Processa o callback OAuth (código → usuário)
+     */
+    private processOAuthCallback;
+    /**
+     * Método opcional para logout
+     */
+    handleSignOut?(): Promise<void>;
+    /**
+     * Rotas adicionais específicas do Discord OAuth
+     */
+    additionalRoutes: AuthRoute[];
+    /**
+     * Gera URL de autorização do Discord
+     */
+    getAuthorizationUrl(): string;
+    /**
+     * Retorna configuração pública do provider
+     */
+    getConfig(): any;
+}

package/dist/auth/providers/discord.js

@@ -0,0 +1,198 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DiscordProvider = void 0;
+const http_1 = require("../../api/http");
+/**
+ * Provider para autenticação com Discord OAuth2
+ *
+ * Este provider permite autenticação usando Discord OAuth2.
+ * Automaticamente gerencia o fluxo OAuth completo e rotas necessárias.
+ *
+ * Exemplo de uso:
+ * ```typescript
+ * new DiscordProvider({
+ * clientId: process.env.DISCORD_CLIENT_ID!,
+ * clientSecret: process.env.DISCORD_CLIENT_SECRET!,
+ * callbackUrl: "http://localhost:3000/api/auth/callback/discord"
+ * })
+ * ```
+ *
+ * Fluxo de autenticação:
+ * 1. GET /api/auth/signin/discord - Gera URL e redireciona para Discord
+ * 2. Discord redireciona para /api/auth/callback/discord com código
+ * 3. Provider troca código por token e busca dados do usuário
+ * 4. Retorna objeto User com dados do Discord
+ */
+class DiscordProvider {
+    constructor(config) {
+        this.type = 'discord';
+        this.defaultScope = ['identify', 'email'];
+        /**
+         * Rotas adicionais específicas do Discord OAuth
+         */
+        this.additionalRoutes = [
+            // Rota de callback do Discord
+            {
+                method: 'GET',
+                path: '/api/auth/callback/discord',
+                handler: async (req, params) => {
+                    const url = new URL(req.url || '', 'http://localhost');
+                    const code = url.searchParams.get('code');
+                    if (!code) {
+                        return http_1.HightJSResponse.json({ error: 'Authorization code not provided' }, { status: 400 });
+                    }
+                    try {
+                        // CORREÇÃO: O fluxo correto é delegar o 'code' para o endpoint de signin
+                        // principal, que processará o código uma única vez. A implementação anterior
+                        // usava o código duas vezes, causando o erro 'invalid_grant'.
+                        const authResponse = await fetch(`${req.headers.origin || 'http://localhost:3000'}/api/auth/signin`, {
+                            method: 'POST',
+                            headers: {
+                                'Content-Type': 'application/json',
+                            },
+                            body: JSON.stringify({
+                                provider: this.id,
+                                code,
+                            })
+                        });
+                        if (authResponse.ok) {
+                            // Propaga o cookie de sessão retornado pelo endpoint de signin
+                            // e redireciona o usuário para a página de sucesso.
+                            const setCookieHeader = authResponse.headers.get('set-cookie');
+                            if (this.config.successUrl) {
+                                return http_1.HightJSResponse
+                                    .redirect(this.config.successUrl)
+                                    .header('Set-Cookie', setCookieHeader || '');
+                            }
+                            return http_1.HightJSResponse.json({ success: true })
+                                .header('Set-Cookie', setCookieHeader || '');
+                        }
+                        else {
+                            const errorText = await authResponse.text();
+                            console.error(`[${this.id} Provider] Session creation failed during callback. Status: ${authResponse.status}, Body: ${errorText}`);
+                            return http_1.HightJSResponse.json({ error: 'Session creation failed' }, { status: 500 });
+                        }
+                    }
+                    catch (error) {
+                        console.error(`[${this.id} Provider] Callback handler fetch error:`, error);
+                        return http_1.HightJSResponse.json({ error: 'Internal server error' }, { status: 500 });
+                    }
+                }
+            }
+        ];
+        this.config = config;
+        this.id = config.id || 'discord';
+        this.name = config.name || 'Discord';
+    }
+    /**
+     * Método para gerar URL OAuth (usado pelo handleSignIn)
+     */
+    handleOauth(credentials = {}) {
+        return this.getAuthorizationUrl();
+    }
+    /**
+     * Método principal - agora redireciona para OAuth ou processa callback
+     */
+    async handleSignIn(credentials) {
+        // Se tem código, é callback - processa autenticação
+        if (credentials.code) {
+            return await this.processOAuthCallback(credentials);
+        }
+        // Se não tem código, é início do OAuth - retorna URL
+        return this.handleOauth(credentials);
+    }
+    /**
+     * Processa o callback OAuth (código → usuário)
+     */
+    async processOAuthCallback(credentials) {
+        try {
+            const { code } = credentials;
+            if (!code) {
+                throw new Error('Authorization code not provided');
+            }
+            // Troca o código por access token
+            const tokenResponse = await fetch('https://discord.com/api/oauth2/token', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: new URLSearchParams({
+                    client_id: this.config.clientId,
+                    client_secret: this.config.clientSecret,
+                    grant_type: 'authorization_code',
+                    code,
+                    redirect_uri: this.config.callbackUrl || '',
+                }),
+            });
+            if (!tokenResponse.ok) {
+                const error = await tokenResponse.text();
+                // O erro original "Invalid \"code\" in request." acontece aqui.
+                throw new Error(`Failed to exchange code for token: ${error}`);
+            }
+            const tokens = await tokenResponse.json();
+            // Busca dados do usuário
+            const userResponse = await fetch('https://discord.com/api/users/@me', {
+                headers: {
+                    'Authorization': `Bearer ${tokens.access_token}`,
+                },
+            });
+            if (!userResponse.ok) {
+                throw new Error('Failed to fetch user data');
+            }
+            const discordUser = await userResponse.json();
+            // Retorna objeto User padronizado
+            return {
+                id: discordUser.id,
+                name: discordUser.global_name || discordUser.username,
+                email: discordUser.email,
+                image: discordUser.avatar
+                    ? `https://cdn.discordapp.com/avatars/${discordUser.id}/${discordUser.avatar}.png`
+                    : null,
+                username: discordUser.username,
+                discriminator: discordUser.discriminator,
+                provider: this.id,
+                providerId: discordUser.id,
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token
+            };
+        }
+        catch (error) {
+            console.error(`[${this.id} Provider] Error during OAuth callback:`, error);
+            return null;
+        }
+    }
+    /**
+     * Método opcional para logout
+     */
+    async handleSignOut() {
+        // Discord OAuth não precisa de logout especial
+        // O token será invalidado pelo tempo de vida
+        console.log(`[${this.id} Provider] User signed out`);
+    }
+    /**
+     * Gera URL de autorização do Discord
+     */
+    getAuthorizationUrl() {
+        const params = new URLSearchParams({
+            client_id: this.config.clientId,
+            redirect_uri: this.config.callbackUrl || '',
+            response_type: 'code',
+            scope: (this.config.scope || this.defaultScope).join(' ')
+        });
+        return `https://discord.com/api/oauth2/authorize?${params.toString()}`;
+    }
+    /**
+     * Retorna configuração pública do provider
+     */
+    getConfig() {
+        return {
+            id: this.id,
+            name: this.name,
+            type: this.type,
+            clientId: this.config.clientId, // Público
+            scope: this.config.scope || this.defaultScope,
+            callbackUrl: this.config.callbackUrl
+        };
+    }
+}
+exports.DiscordProvider = DiscordProvider;

package/dist/auth/providers/index.d.ts

@@ -0,0 +1,2 @@
+export * from './credentials';
+export * from './discord';

package/dist/auth/providers/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+// Exportações dos providers
+__exportStar(require("./credentials"), exports);
+__exportStar(require("./discord"), exports);

package/dist/auth/providers.d.ts

@@ -1,5 +1,2 @@
-import type { AuthProvider, CredentialsConfig } from './types';
-/**
- * Provider para autenticação com credenciais (email/senha)
- */
-export declare function CredentialsProvider(config: CredentialsConfig): AuthProvider;
+export { CredentialsProvider } from './providers/credentials';
+export { DiscordProvider } from './providers/discord';

package/dist/auth/providers.js

@@ -1,14 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CredentialsProvider = CredentialsProvider;
-/**
- * Provider para autenticação com credenciais (email/senha)
- */
-function CredentialsProvider(config) {
-    return {
-        id: config.id || 'credentials',
-        name: config.name || 'Credentials',
-        type: 'credentials',
-        authorize: config.authorize
-    };
-}
+exports.DiscordProvider = exports.CredentialsProvider = void 0;
+// Exportações dos providers
+var credentials_1 = require("./providers/credentials");
+Object.defineProperty(exports, "CredentialsProvider", { enumerable: true, get: function () { return credentials_1.CredentialsProvider; } });
+var discord_1 = require("./providers/discord");
+Object.defineProperty(exports, "DiscordProvider", { enumerable: true, get: function () { return discord_1.DiscordProvider; } });

package/dist/auth/react.js

@@ -5,7 +5,7 @@ exports.useSession = useSession;
 exports.useAuth = useAuth;
 const jsx_runtime_1 = require("react/jsx-runtime");
 const react_1 = require("react");
-const client_1 = require("../client");
+const clientRouter_1 = require("../client/clientRouter");
 const SessionContext = (0, react_1.createContext)(undefined);
 function SessionProvider({ children, basePath = '/api/auth', refetchInterval = 0, refetchOnWindowFocus = true }) {
     const [session, setSession] = (0, react_1.useState)(null);
@@ -57,21 +57,28 @@ function SessionProvider({ children, basePath = '/api/auth', refetchInterval = 0
             });
             const data = await response.json();
             if (response.ok && data.success) {
-                // Atualiza a sessão após login bem-sucedido
-                if (redirect && typeof window !== 'undefined') {
-                    try {
-                        client_1.router.push(callbackUrl || '/');
+                // Se é OAuth, redireciona para URL fornecida
+                if (data.type === 'oauth' && data.redirectUrl) {
+                    if (redirect && typeof window !== 'undefined') {
+                        window.location.href = data.redirectUrl;
                     }
-                    catch (e) {
+                    return {
+                        ok: true,
+                        status: 200,
+                        url: data.redirectUrl
+                    };
+                }
+                // Se é sessão (credentials), redireciona para callbackUrl
+                if (data.type === 'session') {
+                    if (redirect && typeof window !== 'undefined') {
                         window.location.href = callbackUrl || '/';
                     }
+                    return {
+                        ok: true,
+                        status: 200,
+                        url: callbackUrl || '/'
+                    };
                 }
-                await fetchSession();
-                return {
-                    ok: true,
-                    status: 200,
-                    url: callbackUrl || '/'
-                };
             }
             else {
                 return {
@@ -101,7 +108,7 @@ function SessionProvider({ children, basePath = '/api/auth', refetchInterval = 0
             setStatus('unauthenticated');
             if (typeof window !== 'undefined') {
                 try {
-                    client_1.router.push(options.callbackUrl || '/');
+                    clientRouter_1.router.push(options.callbackUrl || '/');
                 }
                 catch (e) {
                     window.location.href = options.callbackUrl || '/';

package/dist/auth/routes.d.ts

@@ -1,4 +1,4 @@
-import { HightJSRequest, HightJSResponse } from '../api/http';
+import { HightJSRequest } from '../api/http';
 import type { AuthConfig } from './types';
 import { HWebAuth } from './core';
 /**
@@ -8,7 +8,7 @@ export declare function createAuthRoutes(config: AuthConfig): {
     pattern: string;
     GET(req: HightJSRequest, params: {
         [key: string]: string;
-    }): Promise<HightJSResponse>;
+    }): Promise<any>;
     POST(req: HightJSRequest, params: {
         [key: string]: string;
     }): Promise<any>;

package/dist/auth/routes.js

@@ -13,17 +13,31 @@ function createAuthRoutes(config) {
      * Uso: /api/auth/[...value].ts
      */
     return {
-        pattern: '/api/auth/[value]',
+        pattern: '/api/auth/[...value]',
         async GET(req, params) {
             const path = params["value"];
             const route = Array.isArray(path) ? path.join('/') : path || '';
+            // Verifica rotas adicionais dos providers primeiro
+            const additionalRoutes = auth.getAllAdditionalRoutes();
+            for (const { provider, route: additionalRoute } of additionalRoutes) {
+                if (additionalRoute.method === 'GET' && additionalRoute.path.includes(route)) {
+                    try {
+                        return await additionalRoute.handler(req, params);
+                    }
+                    catch (error) {
+                        console.error(`[${provider} Provider] Error in additional route:`, error);
+                        return http_1.HightJSResponse.json({ error: 'Provider route error' }, { status: 500 });
+                    }
+                }
+            }
+            // Rotas padrão do sistema
             switch (route) {
                 case 'session':
                     return await handleSession(req, auth);
                 case 'csrf':
                     return await handleCsrf(req);
                 case 'providers':
-                    return await handleProviders(config);
+                    return await handleProviders(auth);
                 default:
                     return http_1.HightJSResponse.json({ error: 'Route not found' }, { status: 404 });
             }
@@ -31,6 +45,20 @@ function createAuthRoutes(config) {
         async POST(req, params) {
             const path = params["value"];
             const route = Array.isArray(path) ? path.join('/') : path || '';
+            // Verifica rotas adicionais dos providers primeiro
+            const additionalRoutes = auth.getAllAdditionalRoutes();
+            for (const { provider, route: additionalRoute } of additionalRoutes) {
+                if (additionalRoute.method === 'POST' && additionalRoute.path.includes(route)) {
+                    try {
+                        return await additionalRoute.handler(req, params);
+                    }
+                    catch (error) {
+                        console.error(`[${provider} Provider] Error in additional route:`, error);
+                        return http_1.HightJSResponse.json({ error: 'Provider route error' }, { status: 500 });
+                    }
+                }
+            }
+            // Rotas padrão do sistema
             switch (route) {
                 case 'signin':
                     return await handleSignIn(req, auth);
@@ -66,14 +94,8 @@ async function handleCsrf(req) {
 /**
  * Handler para GET /api/auth/providers
  */
-async function handleProviders(config) {
-    const providers = config.providers
-        .filter(p => p.type === 'credentials') // Apenas credentials
-        .map(p => ({
-        id: p.id,
-        name: p.name,
-        type: p.type
-    }));
+async function handleProviders(auth) {
+    const providers = auth.getProviders();
     return http_1.HightJSResponse.json({ providers });
 }
 /**
@@ -82,17 +104,27 @@ async function handleProviders(config) {
 async function handleSignIn(req, auth) {
     try {
         const { provider = 'credentials', ...credentials } = await req.json();
-        // Apenas credentials agora
         const result = await auth.signIn(provider, credentials);
         if (!result) {
             return http_1.HightJSResponse.json({ error: 'Invalid credentials' }, { status: 401 });
         }
+        // Se tem redirectUrl, é OAuth - retorna URL para redirecionamento
+        if ('redirectUrl' in result) {
+            return http_1.HightJSResponse.json({
+                success: true,
+                redirectUrl: result.redirectUrl,
+                type: 'oauth'
+            });
+        }
+        // Se tem session, é credentials - retorna sessão
         return auth.createAuthResponse(result.token, {
             success: true,
-            user: result.session.user
+            user: result.session.user,
+            type: 'session'
         });
     }
     catch (error) {
+        console.error('[hweb-auth] Erro no handleSignIn:', error);
         return http_1.HightJSResponse.json({ error: 'Authentication failed' }, { status: 500 });
     }
 }
@@ -100,5 +132,5 @@ async function handleSignIn(req, auth) {
  * Handler para POST /api/auth/signout
  */
 async function handleSignOut(req, auth) {
-    return auth.signOut();
+    return await auth.signOut(req);
 }

package/dist/auth/types.d.ts

@@ -4,8 +4,43 @@ export interface Session {
     expires: string;
     accessToken?: string;
 }
+export interface SignInOptions {
+    redirect?: boolean;
+    callbackUrl?: string;
+    [key: string]: any;
+}
+export interface SignInResult {
+    error?: string;
+    status?: number;
+    ok?: boolean;
+    url?: string;
+}
+export interface SessionContextType {
+    data: Session | null;
+    status: 'loading' | 'authenticated' | 'unauthenticated';
+    signIn: (provider?: string, options?: SignInOptions) => Promise<SignInResult | undefined>;
+    signOut: (options?: {
+        callbackUrl?: string;
+    }) => Promise<void>;
+    update: () => Promise<Session | null>;
+}
+export interface AuthRoute {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE';
+    path: string;
+    handler: (req: any, params: any) => Promise<any>;
+}
+export interface AuthProviderClass {
+    id: string;
+    name: string;
+    type: string;
+    handleOauth?(credentials: Record<string, string>): Promise<string> | string;
+    handleSignIn(credentials: Record<string, string>): Promise<User | string | null>;
+    handleSignOut?(): Promise<void>;
+    additionalRoutes?: AuthRoute[];
+    getConfig?(): any;
+}
 export interface AuthConfig {
-    providers: AuthProvider[];
+    providers: AuthProviderClass[];
     pages?: {
         signIn?: string;
         signOut?: string;
@@ -30,26 +65,6 @@ export interface AuthProvider {
     type: 'credentials';
     authorize?: (credentials: Record<string, string>) => Promise<User | null> | User | null;
 }
-export interface SignInOptions {
-    redirect?: boolean;
-    callbackUrl?: string;
-    [key: string]: any;
-}
-export interface SignInResult {
-    error?: string;
-    status?: number;
-    ok?: boolean;
-    url?: string;
-}
-export interface SessionContextType {
-    data: Session | null;
-    status: 'loading' | 'authenticated' | 'unauthenticated';
-    signIn: (provider?: string, options?: SignInOptions) => Promise<SignInResult | undefined>;
-    signOut: (options?: {
-        callbackUrl?: string;
-    }) => Promise<void>;
-    update: () => Promise<Session | null>;
-}
 export interface CredentialsConfig {
     id?: string;
     name?: string;

package/dist/router.js

@@ -309,7 +309,15 @@ function findMatchingBackendRoute(pathname, method) {
         // Verifica se a rota tem um handler para o método HTTP atual
         if (!route.pattern || !route[method.toUpperCase()])
             continue;
-        const regexPattern = route.pattern.replace(/\[(\w+)\]/g, '(?<$1>[^/]+)');
+        const regexPattern = route.pattern
+            // [[...param]] → opcional catch-all
+            .replace(/\[\[\.\.\.(\w+)\]\]/g, '(?<$1>.+)?')
+            // [...param] → obrigatório catch-all
+            .replace(/\[\.\.\.(\w+)\]/g, '(?<$1>.+)')
+            // [[param]] → segmento opcional
+            .replace(/\[\[(\w+)\]\]/g, '(?<$1>[^/]+)?')
+            // [param] → segmento obrigatório
+            .replace(/\[(\w+)\]/g, '(?<$1>[^/]+)');
         const regex = new RegExp(`^${regexPattern}/?$`);
         const match = pathname.match(regex);
         if (match) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hightjs",
-  "version": "0.1.1",
+  "version": "0.2.1",
   "description": "HightJS is a high-level framework for building web applications with ease and speed. It provides a robust set of tools and features to streamline development and enhance productivity.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/api/http.ts

@@ -407,12 +407,16 @@ export class HightJSResponse {
             }
         });
 
+        // Handle redirects specifically
+        if (this._headers['Location']) {
+            res.redirect(this._headers['Location']);
+            return;
+        }
+
         // Envia o corpo se foi definido
         if (this._sent && this._body !== null) {
             if (this._headers['Content-Type']?.includes('application/json')) {
                 res.json(JSON.parse(this._body));
-            } else if (this._headers['Location']) {
-                res.redirect(this._headers['Location']);
             } else {
                 res.send(this._body);
             }