hightjs 0.1.1 → 0.2.1

package/src/auth/providers/discord.ts

@@ -0,0 +1,231 @@
+import type {AuthProviderClass, AuthRoute, User} from '../types';
+import {HightJSRequest, HightJSResponse} from '../../api/http';
+
+export interface DiscordConfig {
+    id?: string;
+    name?: string;
+    clientId: string;
+    clientSecret: string;
+    callbackUrl?: string;
+    successUrl?: string;
+    // Escopos OAuth, padrão: ['identify', 'email']
+    scope?: string[];
+}
+
+/**
+ * Provider para autenticação com Discord OAuth2
+ *
+ * Este provider permite autenticação usando Discord OAuth2.
+ * Automaticamente gerencia o fluxo OAuth completo e rotas necessárias.
+ *
+ * Exemplo de uso:
+ * ```typescript
+ * new DiscordProvider({
+ * clientId: process.env.DISCORD_CLIENT_ID!,
+ * clientSecret: process.env.DISCORD_CLIENT_SECRET!,
+ * callbackUrl: "http://localhost:3000/api/auth/callback/discord"
+ * })
+ * ```
+ *
+ * Fluxo de autenticação:
+ * 1. GET /api/auth/signin/discord - Gera URL e redireciona para Discord
+ * 2. Discord redireciona para /api/auth/callback/discord com código
+ * 3. Provider troca código por token e busca dados do usuário
+ * 4. Retorna objeto User com dados do Discord
+ */
+export class DiscordProvider implements AuthProviderClass {
+    public readonly id: string;
+    public readonly name: string;
+    public readonly type: string = 'discord';
+
+    private config: DiscordConfig;
+    private readonly defaultScope = ['identify', 'email'];
+
+    constructor(config: DiscordConfig) {
+        this.config = config;
+        this.id = config.id || 'discord';
+        this.name = config.name || 'Discord';
+    }
+
+    /**
+     * Método para gerar URL OAuth (usado pelo handleSignIn)
+     */
+    handleOauth(credentials: Record<string, string> = {}): string {
+        return this.getAuthorizationUrl();
+    }
+
+    /**
+     * Método principal - agora redireciona para OAuth ou processa callback
+     */
+    async handleSignIn(credentials: Record<string, string>): Promise<User | string | null> {
+        // Se tem código, é callback - processa autenticação
+        if (credentials.code) {
+            return await this.processOAuthCallback(credentials);
+        }
+
+        // Se não tem código, é início do OAuth - retorna URL
+        return this.handleOauth(credentials);
+    }
+
+    /**
+     * Processa o callback OAuth (código → usuário)
+     */
+    private async processOAuthCallback(credentials: Record<string, string>): Promise<User | null> {
+        try {
+            const { code } = credentials;
+            if (!code) {
+                throw new Error('Authorization code not provided');
+            }
+
+
+            // Troca o código por access token
+            const tokenResponse = await fetch('https://discord.com/api/oauth2/token', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: new URLSearchParams({
+                    client_id: this.config.clientId,
+                    client_secret: this.config.clientSecret,
+                    grant_type: 'authorization_code',
+                    code,
+                    redirect_uri: this.config.callbackUrl || '',
+                }),
+            });
+
+            if (!tokenResponse.ok) {
+                const error = await tokenResponse.text();
+                // O erro original "Invalid \"code\" in request." acontece aqui.
+                throw new Error(`Failed to exchange code for token: ${error}`);
+            }
+
+            const tokens = await tokenResponse.json();
+
+            // Busca dados do usuário
+            const userResponse = await fetch('https://discord.com/api/users/@me', {
+                headers: {
+                    'Authorization': `Bearer ${tokens.access_token}`,
+                },
+            });
+
+            if (!userResponse.ok) {
+                throw new Error('Failed to fetch user data');
+            }
+
+            const discordUser = await userResponse.json();
+
+            // Retorna objeto User padronizado
+            return {
+                id: discordUser.id,
+                name: discordUser.global_name || discordUser.username,
+                email: discordUser.email,
+                image: discordUser.avatar
+                    ? `https://cdn.discordapp.com/avatars/${discordUser.id}/${discordUser.avatar}.png`
+                    : null,
+                username: discordUser.username,
+                discriminator: discordUser.discriminator,
+                provider: this.id,
+                providerId: discordUser.id,
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token
+            };
+
+        } catch (error) {
+            console.error(`[${this.id} Provider] Error during OAuth callback:`, error);
+            return null;
+        }
+    }
+
+    /**
+     * Método opcional para logout
+     */
+    async handleSignOut?(): Promise<void> {
+        // Discord OAuth não precisa de logout especial
+        // O token será invalidado pelo tempo de vida
+        console.log(`[${this.id} Provider] User signed out`);
+    }
+
+    /**
+     * Rotas adicionais específicas do Discord OAuth
+     */
+    public additionalRoutes: AuthRoute[] = [
+        // Rota de callback do Discord
+        {
+            method: 'GET',
+            path: '/api/auth/callback/discord',
+            handler: async (req: HightJSRequest, params: any) => {
+                const url = new URL(req.url || '', 'http://localhost');
+                const code = url.searchParams.get('code');
+
+                if (!code) {
+                    return HightJSResponse.json({ error: 'Authorization code not provided' }, { status: 400 });
+                }
+
+                try {
+                    // CORREÇÃO: O fluxo correto é delegar o 'code' para o endpoint de signin
+                    // principal, que processará o código uma única vez. A implementação anterior
+                    // usava o código duas vezes, causando o erro 'invalid_grant'.
+                    const authResponse = await fetch(`${req.headers.origin || 'http://localhost:3000'}/api/auth/signin`, {
+                        method: 'POST',
+                        headers: {
+                            'Content-Type': 'application/json',
+                        },
+                        body: JSON.stringify({
+                            provider: this.id,
+                            code,
+                        })
+                    });
+
+                    if (authResponse.ok) {
+                        // Propaga o cookie de sessão retornado pelo endpoint de signin
+                        // e redireciona o usuário para a página de sucesso.
+                        const setCookieHeader = authResponse.headers.get('set-cookie');
+                        if(this.config.successUrl) {
+                            return HightJSResponse
+                                .redirect(this.config.successUrl)
+                                .header('Set-Cookie', setCookieHeader || '');
+                        }
+                        return HightJSResponse.json({ success: true })
+                            .header('Set-Cookie', setCookieHeader || '');
+                    } else {
+                        const errorText = await authResponse.text();
+                        console.error(`[${this.id} Provider] Session creation failed during callback. Status: ${authResponse.status}, Body: ${errorText}`);
+                        return HightJSResponse.json({ error: 'Session creation failed' }, { status: 500 });
+                    }
+
+                } catch (error) {
+                    console.error(`[${this.id} Provider] Callback handler fetch error:`, error);
+                    return HightJSResponse.json({ error: 'Internal server error' }, { status: 500 });
+                }
+            }
+        }
+    ];
+
+    /**
+     * Gera URL de autorização do Discord
+     */
+    getAuthorizationUrl(): string {
+        const params = new URLSearchParams({
+            client_id: this.config.clientId,
+            redirect_uri: this.config.callbackUrl || '',
+            response_type: 'code',
+            scope: (this.config.scope || this.defaultScope).join(' ')
+        });
+
+        return `https://discord.com/api/oauth2/authorize?${params.toString()}`;
+    }
+
+    /**
+     * Retorna configuração pública do provider
+     */
+    getConfig(): any {
+        return {
+            id: this.id,
+            name: this.name,
+            type: this.type,
+            clientId: this.config.clientId, // Público
+            scope: this.config.scope || this.defaultScope,
+            callbackUrl: this.config.callbackUrl
+        };
+    }
+}

package/src/auth/providers/index.ts

@@ -0,0 +1,4 @@
+// Exportações dos providers
+export * from './credentials';
+export * from './discord';
+

package/src/auth/providers.ts

@@ -1,13 +1,4 @@
-import type { AuthProvider, CredentialsConfig } from './types';
+// Exportações dos providers
+export { CredentialsProvider } from './providers/credentials';
+export { DiscordProvider } from './providers/discord';
 
-/**
- * Provider para autenticação com credenciais (email/senha)
- */
-export function CredentialsProvider(config: CredentialsConfig): AuthProvider {
-    return {
-        id: config.id || 'credentials',
-        name: config.name || 'Credentials',
-        type: 'credentials',
-        authorize: config.authorize
-    };
-}

package/src/auth/react.tsx

@@ -1,6 +1,6 @@
 import React, { createContext, useContext, useEffect, useState, useCallback, ReactNode } from 'react';
 import type { Session, SessionContextType, SignInOptions, SignInResult, User } from './types';
-import {router} from "../client";
+import { router } from "../client/clientRouter";
 
 const SessionContext = createContext<SessionContextType | undefined>(undefined);
 
@@ -75,23 +75,31 @@ export function SessionProvider({
             const data = await response.json();
 
             if (response.ok && data.success) {
-                // Atualiza a sessão após login bem-sucedido
+                // Se é OAuth, redireciona para URL fornecida
+                if (data.type === 'oauth' && data.redirectUrl) {
+                    if (redirect && typeof window !== 'undefined') {
+                        window.location.href = data.redirectUrl;
+                    }
+
+                    return {
+                        ok: true,
+                        status: 200,
+                        url: data.redirectUrl
+                    };
+                }
 
-                if (redirect && typeof window !== 'undefined') {
-                    try {
-                        router.push(callbackUrl || '/');
-                    } catch (e) {
+                // Se é sessão (credentials), redireciona para callbackUrl
+                if (data.type === 'session') {
+                    if (redirect && typeof window !== 'undefined') {
                         window.location.href = callbackUrl || '/';
                     }
 
+                    return {
+                        ok: true,
+                        status: 200,
+                        url: callbackUrl || '/'
+                    };
                 }
-                await fetchSession();
-
-                return {
-                    ok: true,
-                    status: 200,
-                    url: callbackUrl || '/'
-                };
             } else {
                 return {
                     error: data.error || 'Authentication failed',

package/src/auth/routes.ts

@@ -13,12 +13,28 @@ export function createAuthRoutes(config: AuthConfig) {
      * Uso: /api/auth/[...value].ts
      */
     return {
-        pattern: '/api/auth/[value]',
+        pattern: '/api/auth/[...value]',
 
         async GET(req: HightJSRequest, params: { [key: string]: string }) {
+
             const path = params["value"];
             const route = Array.isArray(path) ? path.join('/') : path || '';
 
+            // Verifica rotas adicionais dos providers primeiro
+            const additionalRoutes = auth.getAllAdditionalRoutes();
+            for (const { provider, route: additionalRoute } of additionalRoutes) {
+
+                if (additionalRoute.method === 'GET' && additionalRoute.path.includes(route)) {
+                    try {
+                        return await additionalRoute.handler(req, params);
+                    } catch (error) {
+                        console.error(`[${provider} Provider] Error in additional route:`, error);
+                        return HightJSResponse.json({ error: 'Provider route error' }, { status: 500 });
+                    }
+                }
+            }
+
+            // Rotas padrão do sistema
             switch (route) {
                 case 'session':
                     return await handleSession(req, auth);
@@ -27,7 +43,7 @@ export function createAuthRoutes(config: AuthConfig) {
                     return await handleCsrf(req);
 
                 case 'providers':
-                    return await handleProviders(config);
+                    return await handleProviders(auth);
 
                 default:
                     return HightJSResponse.json({ error: 'Route not found' }, { status: 404 });
@@ -38,6 +54,20 @@ export function createAuthRoutes(config: AuthConfig) {
             const path = params["value"];
             const route = Array.isArray(path) ? path.join('/') : path || '';
 
+            // Verifica rotas adicionais dos providers primeiro
+            const additionalRoutes = auth.getAllAdditionalRoutes();
+            for (const { provider, route: additionalRoute } of additionalRoutes) {
+                if (additionalRoute.method === 'POST' && additionalRoute.path.includes(route)) {
+                    try {
+                        return await additionalRoute.handler(req, params);
+                    } catch (error) {
+                        console.error(`[${provider} Provider] Error in additional route:`, error);
+                        return HightJSResponse.json({ error: 'Provider route error' }, { status: 500 });
+                    }
+                }
+            }
+
+            // Rotas padrão do sistema
             switch (route) {
                 case 'signin':
                     return await handleSignIn(req, auth);
@@ -50,7 +80,6 @@ export function createAuthRoutes(config: AuthConfig) {
             }
         },
 
-
         // Instância do auth para uso manual
         auth
     };
@@ -59,7 +88,7 @@ export function createAuthRoutes(config: AuthConfig) {
 /**
  * Handler para GET /api/auth/session
  */
-async function handleSession(req: HightJSRequest, auth: any) {
+async function handleSession(req: HightJSRequest, auth: HWebAuth) {
     const session = await auth.getSession(req);
 
     if (!session) {
@@ -83,14 +112,8 @@ async function handleCsrf(req: HightJSRequest) {
 /**
  * Handler para GET /api/auth/providers
  */
-async function handleProviders(config: AuthConfig) {
-    const providers = config.providers
-        .filter(p => p.type === 'credentials') // Apenas credentials
-        .map(p => ({
-            id: p.id,
-            name: p.name,
-            type: p.type
-        }));
+async function handleProviders(auth: HWebAuth) {
+    const providers = auth.getProviders();
 
     return HightJSResponse.json({ providers });
 }
@@ -98,11 +121,10 @@ async function handleProviders(config: AuthConfig) {
 /**
  * Handler para POST /api/auth/signin
  */
-async function handleSignIn(req: HightJSRequest, auth: any) {
+async function handleSignIn(req: HightJSRequest, auth: HWebAuth) {
     try {
         const { provider = 'credentials', ...credentials } = await req.json();
 
-        // Apenas credentials agora
         const result = await auth.signIn(provider, credentials);
 
         if (!result) {
@@ -112,11 +134,23 @@ async function handleSignIn(req: HightJSRequest, auth: any) {
             );
         }
 
+        // Se tem redirectUrl, é OAuth - retorna URL para redirecionamento
+        if ('redirectUrl' in result) {
+            return HightJSResponse.json({
+                success: true,
+                redirectUrl: result.redirectUrl,
+                type: 'oauth'
+            });
+        }
+
+        // Se tem session, é credentials - retorna sessão
         return auth.createAuthResponse(result.token, {
             success: true,
-            user: result.session.user
+            user: result.session.user,
+            type: 'session'
         });
     } catch (error) {
+        console.error('[hweb-auth] Erro no handleSignIn:', error);
         return HightJSResponse.json(
             { error: 'Authentication failed' },
             { status: 500 }
@@ -127,7 +161,6 @@ async function handleSignIn(req: HightJSRequest, auth: any) {
 /**
  * Handler para POST /api/auth/signout
  */
-async function handleSignOut(req: HightJSRequest, auth: any) {
-    return auth.signOut();
+async function handleSignOut(req: HightJSRequest, auth: HWebAuth) {
+    return await auth.signOut(req);
 }
-

package/src/auth/types.ts

@@ -7,8 +7,55 @@ export interface Session {
     accessToken?: string;
 }
 
+// Client-side types
+export interface SignInOptions {
+    redirect?: boolean;
+    callbackUrl?: string;
+    [key: string]: any;
+}
+
+export interface SignInResult {
+    error?: string;
+    status?: number;
+    ok?: boolean;
+    url?: string;
+}
+
+export interface SessionContextType {
+    data: Session | null;
+    status: 'loading' | 'authenticated' | 'unauthenticated';
+    signIn: (provider?: string, options?: SignInOptions) => Promise<SignInResult | undefined>;
+    signOut: (options?: { callbackUrl?: string }) => Promise<void>;
+    update: () => Promise<Session | null>;
+}
+
+export interface AuthRoute {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE';
+    path: string;
+    handler: (req: any, params: any) => Promise<any>;
+}
+
+export interface AuthProviderClass {
+    id: string;
+    name: string;
+    type: string;
+
+    // Para providers OAuth - retorna URL de redirecionamento
+    handleOauth?(credentials: Record<string, string>): Promise<string> | string;
+
+    // Métodos principais
+    handleSignIn(credentials: Record<string, string>): Promise<User | string | null>;
+    handleSignOut?(): Promise<void>;
+
+    // Rotas adicionais que o provider pode ter
+    additionalRoutes?: AuthRoute[];
+
+    // Configurações específicas do provider
+    getConfig?(): any;
+}
+
 export interface AuthConfig {
-    providers: AuthProvider[];
+    providers: AuthProviderClass[];
     pages?: {
         signIn?: string;
         signOut?: string;
@@ -28,6 +75,7 @@ export interface AuthConfig {
     debug?: boolean;
 }
 
+// Interface legada para compatibilidade
 export interface AuthProvider {
     id: string;
     name: string;
@@ -35,27 +83,6 @@ export interface AuthProvider {
     authorize?: (credentials: Record<string, string>) => Promise<User | null> | User | null;
 }
 
-export interface SignInOptions {
-    redirect?: boolean;
-    callbackUrl?: string;
-    [key: string]: any;
-}
-
-export interface SignInResult {
-    error?: string;
-    status?: number;
-    ok?: boolean;
-    url?: string;
-}
-
-export interface SessionContextType {
-    data: Session | null;
-    status: 'loading' | 'authenticated' | 'unauthenticated';
-    signIn: (provider?: string, options?: SignInOptions) => Promise<SignInResult | undefined>;
-    signOut: (options?: { callbackUrl?: string }) => Promise<void>;
-    update: () => Promise<Session | null>;
-}
-
 // Provider para credenciais
 export interface CredentialsConfig {
     id?: string;
@@ -67,7 +94,3 @@ export interface CredentialsConfig {
     }>;
     authorize: (credentials: Record<string, string>) => Promise<User | null> | User | null;
 }
-
-
-
-

package/src/router.ts

@@ -341,8 +341,16 @@ export function findMatchingBackendRoute(pathname: string, method: string) {
     for (const route of allBackendRoutes) {
         // Verifica se a rota tem um handler para o método HTTP atual
         if (!route.pattern || !route[method.toUpperCase() as keyof BackendRouteConfig]) continue;
+        const regexPattern = route.pattern
+            // [[...param]] → opcional catch-all
+            .replace(/\[\[\.\.\.(\w+)\]\]/g, '(?<$1>.+)?')
+            // [...param] → obrigatório catch-all
+            .replace(/\[\.\.\.(\w+)\]/g, '(?<$1>.+)')
+            // [[param]] → segmento opcional
+            .replace(/\[\[(\w+)\]\]/g, '(?<$1>[^/]+)?')
+            // [param] → segmento obrigatório
+            .replace(/\[(\w+)\]/g, '(?<$1>[^/]+)');
 
-        const regexPattern = route.pattern.replace(/\[(\w+)\]/g, '(?<$1>[^/]+)');
         const regex = new RegExp(`^${regexPattern}/?$`);
         const match = pathname.match(regex);