hightjs 0.1.1 → 0.2.2

package/dist/auth/routes.js

@@ -13,17 +13,31 @@ function createAuthRoutes(config) {
      * Uso: /api/auth/[...value].ts
      */
     return {
-        pattern: '/api/auth/[value]',
+        pattern: '/api/auth/[...value]',
         async GET(req, params) {
             const path = params["value"];
             const route = Array.isArray(path) ? path.join('/') : path || '';
+            // Verifica rotas adicionais dos providers primeiro
+            const additionalRoutes = auth.getAllAdditionalRoutes();
+            for (const { provider, route: additionalRoute } of additionalRoutes) {
+                if (additionalRoute.method === 'GET' && additionalRoute.path.includes(route)) {
+                    try {
+                        return await additionalRoute.handler(req, params);
+                    }
+                    catch (error) {
+                        console.error(`[${provider} Provider] Error in additional route:`, error);
+                        return http_1.HightJSResponse.json({ error: 'Provider route error' }, { status: 500 });
+                    }
+                }
+            }
+            // Rotas padrão do sistema
             switch (route) {
                 case 'session':
                     return await handleSession(req, auth);
                 case 'csrf':
                     return await handleCsrf(req);
                 case 'providers':
-                    return await handleProviders(config);
+                    return await handleProviders(auth);
                 default:
                     return http_1.HightJSResponse.json({ error: 'Route not found' }, { status: 404 });
             }
@@ -31,6 +45,20 @@ function createAuthRoutes(config) {
         async POST(req, params) {
             const path = params["value"];
             const route = Array.isArray(path) ? path.join('/') : path || '';
+            // Verifica rotas adicionais dos providers primeiro
+            const additionalRoutes = auth.getAllAdditionalRoutes();
+            for (const { provider, route: additionalRoute } of additionalRoutes) {
+                if (additionalRoute.method === 'POST' && additionalRoute.path.includes(route)) {
+                    try {
+                        return await additionalRoute.handler(req, params);
+                    }
+                    catch (error) {
+                        console.error(`[${provider} Provider] Error in additional route:`, error);
+                        return http_1.HightJSResponse.json({ error: 'Provider route error' }, { status: 500 });
+                    }
+                }
+            }
+            // Rotas padrão do sistema
             switch (route) {
                 case 'signin':
                     return await handleSignIn(req, auth);
@@ -66,14 +94,8 @@ async function handleCsrf(req) {
 /**
  * Handler para GET /api/auth/providers
  */
-async function handleProviders(config) {
-    const providers = config.providers
-        .filter(p => p.type === 'credentials') // Apenas credentials
-        .map(p => ({
-        id: p.id,
-        name: p.name,
-        type: p.type
-    }));
+async function handleProviders(auth) {
+    const providers = auth.getProviders();
     return http_1.HightJSResponse.json({ providers });
 }
 /**
@@ -82,17 +104,27 @@ async function handleProviders(config) {
 async function handleSignIn(req, auth) {
     try {
         const { provider = 'credentials', ...credentials } = await req.json();
-        // Apenas credentials agora
         const result = await auth.signIn(provider, credentials);
         if (!result) {
             return http_1.HightJSResponse.json({ error: 'Invalid credentials' }, { status: 401 });
         }
+        // Se tem redirectUrl, é OAuth - retorna URL para redirecionamento
+        if ('redirectUrl' in result) {
+            return http_1.HightJSResponse.json({
+                success: true,
+                redirectUrl: result.redirectUrl,
+                type: 'oauth'
+            });
+        }
+        // Se tem session, é credentials - retorna sessão
         return auth.createAuthResponse(result.token, {
             success: true,
-            user: result.session.user
+            user: result.session.user,
+            type: 'session'
         });
     }
     catch (error) {
+        console.error('[hweb-auth] Erro no handleSignIn:', error);
         return http_1.HightJSResponse.json({ error: 'Authentication failed' }, { status: 500 });
     }
 }
@@ -100,5 +132,5 @@ async function handleSignIn(req, auth) {
  * Handler para POST /api/auth/signout
  */
 async function handleSignOut(req, auth) {
-    return auth.signOut();
+    return await auth.signOut(req);
 }

package/dist/auth/types.d.ts

@@ -4,8 +4,43 @@ export interface Session {
     expires: string;
     accessToken?: string;
 }
+export interface SignInOptions {
+    redirect?: boolean;
+    callbackUrl?: string;
+    [key: string]: any;
+}
+export interface SignInResult {
+    error?: string;
+    status?: number;
+    ok?: boolean;
+    url?: string;
+}
+export interface SessionContextType {
+    data: Session | null;
+    status: 'loading' | 'authenticated' | 'unauthenticated';
+    signIn: (provider?: string, options?: SignInOptions) => Promise<SignInResult | undefined>;
+    signOut: (options?: {
+        callbackUrl?: string;
+    }) => Promise<void>;
+    update: () => Promise<Session | null>;
+}
+export interface AuthRoute {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE';
+    path: string;
+    handler: (req: any, params: any) => Promise<any>;
+}
+export interface AuthProviderClass {
+    id: string;
+    name: string;
+    type: string;
+    handleOauth?(credentials: Record<string, string>): Promise<string> | string;
+    handleSignIn(credentials: Record<string, string>): Promise<User | string | null>;
+    handleSignOut?(): Promise<void>;
+    additionalRoutes?: AuthRoute[];
+    getConfig?(): any;
+}
 export interface AuthConfig {
-    providers: AuthProvider[];
+    providers: AuthProviderClass[];
     pages?: {
         signIn?: string;
         signOut?: string;
@@ -30,26 +65,6 @@ export interface AuthProvider {
     type: 'credentials';
     authorize?: (credentials: Record<string, string>) => Promise<User | null> | User | null;
 }
-export interface SignInOptions {
-    redirect?: boolean;
-    callbackUrl?: string;
-    [key: string]: any;
-}
-export interface SignInResult {
-    error?: string;
-    status?: number;
-    ok?: boolean;
-    url?: string;
-}
-export interface SessionContextType {
-    data: Session | null;
-    status: 'loading' | 'authenticated' | 'unauthenticated';
-    signIn: (provider?: string, options?: SignInOptions) => Promise<SignInResult | undefined>;
-    signOut: (options?: {
-        callbackUrl?: string;
-    }) => Promise<void>;
-    update: () => Promise<Session | null>;
-}
 export interface CredentialsConfig {
     id?: string;
     name?: string;

package/dist/router.js

@@ -309,7 +309,15 @@ function findMatchingBackendRoute(pathname, method) {
         // Verifica se a rota tem um handler para o método HTTP atual
         if (!route.pattern || !route[method.toUpperCase()])
             continue;
-        const regexPattern = route.pattern.replace(/\[(\w+)\]/g, '(?<$1>[^/]+)');
+        const regexPattern = route.pattern
+            // [[...param]] → opcional catch-all
+            .replace(/\[\[\.\.\.(\w+)\]\]/g, '(?<$1>.+)?')
+            // [...param] → obrigatório catch-all
+            .replace(/\[\.\.\.(\w+)\]/g, '(?<$1>.+)')
+            // [[param]] → segmento opcional
+            .replace(/\[\[(\w+)\]\]/g, '(?<$1>[^/]+)?')
+            // [param] → segmento obrigatório
+            .replace(/\[(\w+)\]/g, '(?<$1>[^/]+)');
         const regex = new RegExp(`^${regexPattern}/?$`);
         const match = pathname.match(regex);
         if (match) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hightjs",
-  "version": "0.1.1",
+  "version": "0.2.2",
   "description": "HightJS is a high-level framework for building web applications with ease and speed. It provides a robust set of tools and features to streamline development and enhance productivity.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/api/http.ts

@@ -407,12 +407,16 @@ export class HightJSResponse {
             }
         });
 
+        // Handle redirects specifically
+        if (this._headers['Location']) {
+            res.redirect(this._headers['Location']);
+            return;
+        }
+
         // Envia o corpo se foi definido
         if (this._sent && this._body !== null) {
             if (this._headers['Content-Type']?.includes('application/json')) {
                 res.json(JSON.parse(this._body));
-            } else if (this._headers['Location']) {
-                res.redirect(this._headers['Location']);
             } else {
                 res.send(this._body);
             }

package/src/auth/client.ts

@@ -6,9 +6,6 @@ export function setBasePath(path: string) {
     basePath = path;
 }
 
-
-
-
 /**
  * Função para obter a sessão atual (similar ao NextAuth getSession)
  */
@@ -72,3 +69,87 @@ export async function getProviders(): Promise<any[] | null> {
     }
 }
 
+/**
+ * Função para fazer login (similar ao NextAuth signIn)
+ */
+export async function signIn(
+    provider: string = 'credentials',
+    options: SignInOptions = {}
+): Promise<SignInResult | undefined> {
+    try {
+        const { redirect = true, callbackUrl, ...credentials } = options;
+
+        const response = await fetch(`${basePath}/signin`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+            credentials: 'include',
+            body: JSON.stringify({
+                provider,
+                ...credentials
+            })
+        });
+
+        const data = await response.json();
+
+        if (response.ok && data.success) {
+            // Se é OAuth, redireciona para URL fornecida
+            if (data.type === 'oauth' && data.redirectUrl) {
+                if (redirect && typeof window !== 'undefined') {
+                    window.location.href = data.redirectUrl;
+                }
+
+                return {
+                    ok: true,
+                    status: 200,
+                    url: data.redirectUrl
+                };
+            }
+
+            // Se é sessão (credentials), redireciona para callbackUrl
+            if (data.type === 'session') {
+                if (redirect && typeof window !== 'undefined') {
+                    window.location.href = callbackUrl || '/';
+                }
+
+                return {
+                    ok: true,
+                    status: 200,
+                    url: callbackUrl || '/'
+                };
+            }
+        } else {
+            return {
+                error: data.error || 'Authentication failed',
+                status: response.status,
+                ok: false
+            };
+        }
+    } catch (error) {
+        console.error('[hweb-auth] Erro no signIn:', error);
+        return {
+            error: 'Network error',
+            status: 500,
+            ok: false
+        };
+    }
+}
+
+/**
+ * Função para fazer logout (similar ao NextAuth signOut)
+ */
+export async function signOut(options: { callbackUrl?: string } = {}): Promise<void> {
+    try {
+        await fetch(`${basePath}/signout`, {
+            method: 'POST',
+            credentials: 'include'
+        });
+
+        if (typeof window !== 'undefined') {
+            window.location.href = options.callbackUrl || '/';
+        }
+    } catch (error) {
+        console.error('[hweb-auth] Erro no signOut:', error);
+    }
+}

package/src/auth/core.ts

@@ -1,5 +1,5 @@
 import { HightJSRequest, HightJSResponse } from '../api/http';
-import type { AuthConfig, AuthProvider, User, Session } from './types';
+import type { AuthConfig, AuthProviderClass, User, Session } from './types';
 import { SessionManager } from './jwt';
 
 export class HWebAuth {
@@ -37,38 +37,45 @@ export class HWebAuth {
     }
 
     /**
-     * Autentica um usuário com credenciais
+     * Autentica um usuário usando um provider específico
      */
-    async signIn(provider: string, credentials: Record<string, string>): Promise<{ session: Session; token: string } | null> {
-        const authProvider = this.config.providers.find(p => p.id === provider);
-        if (!authProvider || authProvider.type !== 'credentials') {
-            return null;
-        }
-
-        if (!authProvider.authorize) {
+    async signIn(providerId: string, credentials: Record<string, string>): Promise<{ session: Session; token: string } | { redirectUrl: string } | null> {
+        const provider = this.config.providers.find(p => p.id === providerId);
+        if (!provider) {
+            console.error(`[hweb-auth] Provider not found: ${providerId}`);
             return null;
         }
 
         try {
-            const user = await authProvider.authorize(credentials);
-            if (!user) return null;
+            // Usa o método handleSignIn do provider
+            const result = await provider.handleSignIn(credentials);
+
+            if (!result) return null;
+
+            // Se resultado é string, é URL de redirecionamento OAuth
+            if (typeof result === 'string') {
+                return { redirectUrl: result };
+            }
+
+            // Se resultado é User, cria sessão
+            const user = result as User;
 
             // Callback de signIn se definido
             if (this.config.callbacks?.signIn) {
-                const allowed = await this.config.callbacks.signIn(user, { provider }, {});
+                const allowed = await this.config.callbacks.signIn(user, { provider: providerId }, {});
                 if (!allowed) return null;
             }
 
-            const result = this.sessionManager.createSession(user);
+            const sessionResult = this.sessionManager.createSession(user);
 
             // Callback de sessão se definido
             if (this.config.callbacks?.session) {
-                result.session = await this.config.callbacks.session(result.session, user);
+                sessionResult.session = await this.config.callbacks.session(sessionResult.session, user);
             }
 
-            return result;
+            return sessionResult;
         } catch (error) {
-            console.error('[hweb-auth] Erro no signIn:', error);
+            console.error(`[hweb-auth] Erro no signIn com provider ${providerId}:`, error);
             return null;
         }
     }
@@ -76,14 +83,28 @@ export class HWebAuth {
     /**
      * Faz logout do usuário
      */
-    signOut(): HightJSResponse {
+    async signOut(req: HightJSRequest): Promise<HightJSResponse> {
+        // Busca a sessão atual para saber qual provider usar
+        const { session } = await this.middleware(req);
+
+        if (session?.user?.provider) {
+            const provider = this.config.providers.find(p => p.id === session.user.provider);
+            if (provider && provider.handleSignOut) {
+                try {
+                    await provider.handleSignOut();
+                } catch (error) {
+                    console.error(`[hweb-auth] Erro no signOut do provider ${provider.id}:`, error);
+                }
+            }
+        }
+
         return HightJSResponse
             .json({ success: true })
             .clearCookie('hweb-auth-token', {
                 path: '/',
                 httpOnly: true,
-                secure: true, // Always use secure cookies
-                sameSite: 'strict' // Stronger CSRF protection
+                secure: true,
+                sameSite: 'strict'
             });
     }
 
@@ -103,6 +124,41 @@ export class HWebAuth {
         return session !== null;
     }
 
+    /**
+     * Retorna todos os providers disponíveis (dados públicos)
+     */
+    getProviders(): any[] {
+        return this.config.providers.map(provider => ({
+            id: provider.id,
+            name: provider.name,
+            type: provider.type,
+            config: provider.getConfig ? provider.getConfig() : {}
+        }));
+    }
+
+    /**
+     * Busca um provider específico
+     */
+    getProvider(id: string): AuthProviderClass | null {
+        return this.config.providers.find(p => p.id === id) || null;
+    }
+
+    /**
+     * Retorna todas as rotas adicionais dos providers
+     */
+    getAllAdditionalRoutes(): Array<{ provider: string; route: any }> {
+        const routes: Array<{ provider: string; route: any }> = [];
+
+        for (const provider of this.config.providers) {
+            if (provider.additionalRoutes) {
+                for (const route of provider.additionalRoutes) {
+                    routes.push({ provider: provider.id, route });
+                }
+            }
+        }
+
+        return routes;
+    }
 
     /**
      * Cria resposta com cookie de autenticação - Secure implementation

package/src/auth/example.ts

@@ -0,0 +1,115 @@
+/**
+ * Exemplo de como usar os novos providers baseados em classes
+ */
+
+import { createAuthRoutes } from './routes';
+import { CredentialsProvider, DiscordProvider } from './providers';
+import type { AuthConfig } from './types';
+
+// Exemplo de configuração com os novos providers
+const authConfig: AuthConfig = {
+    providers: [
+        // Provider de credenciais customizado
+        new CredentialsProvider({
+            name: "Login com Email",
+            credentials: {
+                email: {
+                    label: "Email",
+                    type: "email",
+                    placeholder: "seu@email.com"
+                },
+                password: {
+                    label: "Senha",
+                    type: "password"
+                }
+            },
+            async authorize(credentials) {
+                // Aqui você faz a validação com seu banco de dados
+                const { email, password } = credentials;
+
+                // Exemplo de validação (substitua pela sua lógica)
+                if (email === "admin@example.com" && password === "123456") {
+                    return {
+                        id: "1",
+                        name: "Admin User",
+                        email: email,
+                        role: "admin"
+                    };
+                }
+
+                // Retorna null se credenciais inválidas
+                return null;
+            }
+        }),
+
+        // Provider do Discord
+        new DiscordProvider({
+            clientId: process.env.DISCORD_CLIENT_ID!,
+            clientSecret: process.env.DISCORD_CLIENT_SECRET!,
+            callbackUrl: "http://localhost:3000/api/auth/callback/discord"
+        })
+    ],
+
+    secret: process.env.HWEB_AUTH_SECRET || "seu-super-secret-aqui-32-chars-min",
+
+    session: {
+        strategy: 'jwt',
+        maxAge: 86400 // 24 horas
+    },
+
+    pages: {
+        signIn: '/auth/signin',
+        signOut: '/auth/signout'
+    },
+
+    callbacks: {
+        async signIn(user, account, profile) {
+            // Lógica customizada antes do login
+            console.log(`Usuário ${user.email} fazendo login via ${account.provider}`);
+            return true; // permitir login
+        },
+
+        async session(session, user) {
+            // Adicionar dados customizados à sessão
+            return {
+                ...session,
+                user: {
+                    ...session.user,
+                    customData: "dados extras"
+                }
+            };
+        }
+    }
+};
+
+// Criar as rotas de autenticação
+export const authRoutes = createAuthRoutes(authConfig);
+
+/**
+ * Como usar em suas rotas API:
+ *
+ * // arquivo: /api/auth/[...value].ts
+ * import { authRoutes } from '../../../src/auth/example';
+ *
+ * export const GET = authRoutes.GET;
+ * export const POST = authRoutes.POST;
+ */
+
+/**
+ * Rotas disponíveis automaticamente:
+ *
+ * Core routes:
+ * - GET  /api/auth/session - Obter sessão atual
+ * - GET  /api/auth/providers - Listar providers
+ * - GET  /api/auth/csrf - Obter token CSRF
+ * - POST /api/auth/signin - Login
+ * - POST /api/auth/signout - Logout
+ *
+ * Provider específico (CredentialsProvider):
+ * - GET  /api/auth/credentials/config - Config do provider
+ *
+ * Provider específico (DiscordProvider):
+ * - GET  /api/auth/signin/discord - Iniciar OAuth Discord
+ * - GET  /api/auth/callback/discord - Callback OAuth Discord
+ * - GET  /api/auth/discord/config - Config do provider Discord
+ */

package/src/auth/index.ts

@@ -5,5 +5,6 @@ export * from './core';
 export * from './routes';
 export * from './jwt';
 
-export { CredentialsProvider } from './providers';
+export { CredentialsProvider, DiscordProvider } from './providers';
 export { createAuthRoutes } from './routes';
+