mindcache 3.4.4 → 3.5.0

package/dist/index.d.mts

@@ -1,8 +1,130 @@
-import { e as MindCacheOptions, M as MindCache } from './CloudAdapter-DOvDQswy.mjs';
-export { A as AccessLevel, a as CloudAdapter, c as CloudAdapterEvents, C as CloudConfig, b as ConnectionState, h as ContextRules, n as DEFAULT_KEY_ATTRIBUTES, G as GlobalListener, H as HistoryEntry, k as HistoryOptions, K as KeyAttributes, j as KeyEntry, f as KeyType, L as Listener, l as MindCacheCloudOptions, m as MindCacheIndexedDBOptions, i as STM, j as STMEntry, g as SystemTag, o as SystemTagHelpers } from './CloudAdapter-DOvDQswy.mjs';
+import { e as MindCacheOptions, M as MindCache } from './CloudAdapter-CM7nyJaG.mjs';
+export { A as AccessLevel, a as CloudAdapter, c as CloudAdapterEvents, C as CloudConfig, b as ConnectionState, h as ContextRules, n as DEFAULT_KEY_ATTRIBUTES, G as GlobalListener, H as HistoryEntry, k as HistoryOptions, K as KeyAttributes, j as KeyEntry, f as KeyType, L as Listener, l as MindCacheCloudOptions, m as MindCacheIndexedDBOptions, i as STM, j as STMEntry, g as SystemTag, o as SystemTagHelpers } from './CloudAdapter-CM7nyJaG.mjs';
 export { IndexedDBAdapter, IndexedDBConfig } from './server.mjs';
 import 'yjs';
 
+/**
+ * MindCache OAuth Client
+ *
+ * Browser-compatible OAuth 2.0 client for "Sign in with MindCache"
+ * Supports PKCE for secure authorization
+ */
+interface OAuthConfig {
+    /** Client ID from developer portal */
+    clientId: string;
+    /** Redirect URI (defaults to current URL) */
+    redirectUri?: string;
+    /** Scopes to request (default: ['read', 'write']) */
+    scopes?: string[];
+    /** MindCache authorize URL (default: production) */
+    authUrl?: string;
+    /** MindCache token URL (default: production) */
+    tokenUrl?: string;
+    /** Use PKCE for security (default: true) */
+    usePKCE?: boolean;
+    /** Storage key prefix (default: 'mindcache_oauth') */
+    storagePrefix?: string;
+}
+interface OAuthTokens {
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt: number;
+    scopes: string[];
+    instanceId?: string;
+}
+interface MindCacheUser {
+    id: string;
+    email?: string;
+    name?: string;
+    instanceId?: string;
+}
+/**
+ * OAuth client for browser applications
+ *
+ * @example
+ * ```typescript
+ * const oauth = new OAuthClient({ clientId: 'mc_app_abc123' });
+ *
+ * // Start OAuth flow
+ * await oauth.authorize();
+ *
+ * // Handle callback (on redirect page)
+ * const tokens = await oauth.handleCallback();
+ *
+ * // Get access token for API calls
+ * const token = await oauth.getAccessToken();
+ * ```
+ */
+declare class OAuthClient {
+    private config;
+    private tokens;
+    private refreshPromise;
+    constructor(config: OAuthConfig);
+    /**
+       * Check if user is authenticated
+       */
+    isAuthenticated(): boolean;
+    /**
+       * Get stored tokens (if any)
+       */
+    getTokens(): OAuthTokens | null;
+    /**
+       * Get instance ID for this user+app
+       */
+    getInstanceId(): string | null;
+    /**
+       * Start OAuth authorization flow
+       * Redirects to MindCache authorization page
+       */
+    authorize(options?: {
+        popup?: boolean;
+        state?: string;
+    }): Promise<void>;
+    /**
+       * Handle OAuth callback
+       * Call this on your redirect URI page
+       *
+       * @returns Tokens if successful
+       */
+    handleCallback(): Promise<OAuthTokens>;
+    /**
+       * Get a valid access token
+       * Automatically refreshes if needed
+       */
+    getAccessToken(): Promise<string>;
+    /**
+       * Refresh access token
+       */
+    private refreshTokens;
+    /**
+       * Get user info from MindCache
+       */
+    getUserInfo(): Promise<MindCacheUser>;
+    /**
+       * Logout - revoke tokens and clear storage
+       */
+    logout(): Promise<void>;
+    /**
+       * Clear authentication state
+       */
+    private clearAuth;
+    /**
+       * Token provider function for MindCache cloud config
+       * Use this with MindCacheCloudOptions.tokenProvider
+       */
+    tokenProvider: () => Promise<string>;
+    private getStorage;
+    private setStorage;
+    private removeStorage;
+    private clearStorage;
+    private loadTokens;
+    private saveTokens;
+}
+/**
+ * Create OAuth client with environment-appropriate defaults
+ */
+declare function createOAuthClient(config: OAuthConfig): OAuthClient;
+
 interface UseMindCacheResult {
     /** The MindCache instance, null until loaded */
     mindcache: MindCache | null;
@@ -34,4 +156,4 @@ declare function useMindCache(options?: MindCacheOptions): UseMindCacheResult;
 
 declare const mindcache: MindCache;
 
-export { MindCache, MindCacheOptions, type UseMindCacheResult, mindcache, useMindCache };
+export { MindCache, MindCacheOptions, type MindCacheUser, OAuthClient, type OAuthConfig, type OAuthTokens, type UseMindCacheResult, createOAuthClient, mindcache, useMindCache };

package/dist/index.d.ts

@@ -1,8 +1,130 @@
-import { e as MindCacheOptions, M as MindCache } from './CloudAdapter-DOvDQswy.js';
-export { A as AccessLevel, a as CloudAdapter, c as CloudAdapterEvents, C as CloudConfig, b as ConnectionState, h as ContextRules, n as DEFAULT_KEY_ATTRIBUTES, G as GlobalListener, H as HistoryEntry, k as HistoryOptions, K as KeyAttributes, j as KeyEntry, f as KeyType, L as Listener, l as MindCacheCloudOptions, m as MindCacheIndexedDBOptions, i as STM, j as STMEntry, g as SystemTag, o as SystemTagHelpers } from './CloudAdapter-DOvDQswy.js';
+import { e as MindCacheOptions, M as MindCache } from './CloudAdapter-CM7nyJaG.js';
+export { A as AccessLevel, a as CloudAdapter, c as CloudAdapterEvents, C as CloudConfig, b as ConnectionState, h as ContextRules, n as DEFAULT_KEY_ATTRIBUTES, G as GlobalListener, H as HistoryEntry, k as HistoryOptions, K as KeyAttributes, j as KeyEntry, f as KeyType, L as Listener, l as MindCacheCloudOptions, m as MindCacheIndexedDBOptions, i as STM, j as STMEntry, g as SystemTag, o as SystemTagHelpers } from './CloudAdapter-CM7nyJaG.js';
 export { IndexedDBAdapter, IndexedDBConfig } from './server.js';
 import 'yjs';
 
+/**
+ * MindCache OAuth Client
+ *
+ * Browser-compatible OAuth 2.0 client for "Sign in with MindCache"
+ * Supports PKCE for secure authorization
+ */
+interface OAuthConfig {
+    /** Client ID from developer portal */
+    clientId: string;
+    /** Redirect URI (defaults to current URL) */
+    redirectUri?: string;
+    /** Scopes to request (default: ['read', 'write']) */
+    scopes?: string[];
+    /** MindCache authorize URL (default: production) */
+    authUrl?: string;
+    /** MindCache token URL (default: production) */
+    tokenUrl?: string;
+    /** Use PKCE for security (default: true) */
+    usePKCE?: boolean;
+    /** Storage key prefix (default: 'mindcache_oauth') */
+    storagePrefix?: string;
+}
+interface OAuthTokens {
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt: number;
+    scopes: string[];
+    instanceId?: string;
+}
+interface MindCacheUser {
+    id: string;
+    email?: string;
+    name?: string;
+    instanceId?: string;
+}
+/**
+ * OAuth client for browser applications
+ *
+ * @example
+ * ```typescript
+ * const oauth = new OAuthClient({ clientId: 'mc_app_abc123' });
+ *
+ * // Start OAuth flow
+ * await oauth.authorize();
+ *
+ * // Handle callback (on redirect page)
+ * const tokens = await oauth.handleCallback();
+ *
+ * // Get access token for API calls
+ * const token = await oauth.getAccessToken();
+ * ```
+ */
+declare class OAuthClient {
+    private config;
+    private tokens;
+    private refreshPromise;
+    constructor(config: OAuthConfig);
+    /**
+       * Check if user is authenticated
+       */
+    isAuthenticated(): boolean;
+    /**
+       * Get stored tokens (if any)
+       */
+    getTokens(): OAuthTokens | null;
+    /**
+       * Get instance ID for this user+app
+       */
+    getInstanceId(): string | null;
+    /**
+       * Start OAuth authorization flow
+       * Redirects to MindCache authorization page
+       */
+    authorize(options?: {
+        popup?: boolean;
+        state?: string;
+    }): Promise<void>;
+    /**
+       * Handle OAuth callback
+       * Call this on your redirect URI page
+       *
+       * @returns Tokens if successful
+       */
+    handleCallback(): Promise<OAuthTokens>;
+    /**
+       * Get a valid access token
+       * Automatically refreshes if needed
+       */
+    getAccessToken(): Promise<string>;
+    /**
+       * Refresh access token
+       */
+    private refreshTokens;
+    /**
+       * Get user info from MindCache
+       */
+    getUserInfo(): Promise<MindCacheUser>;
+    /**
+       * Logout - revoke tokens and clear storage
+       */
+    logout(): Promise<void>;
+    /**
+       * Clear authentication state
+       */
+    private clearAuth;
+    /**
+       * Token provider function for MindCache cloud config
+       * Use this with MindCacheCloudOptions.tokenProvider
+       */
+    tokenProvider: () => Promise<string>;
+    private getStorage;
+    private setStorage;
+    private removeStorage;
+    private clearStorage;
+    private loadTokens;
+    private saveTokens;
+}
+/**
+ * Create OAuth client with environment-appropriate defaults
+ */
+declare function createOAuthClient(config: OAuthConfig): OAuthClient;
+
 interface UseMindCacheResult {
     /** The MindCache instance, null until loaded */
     mindcache: MindCache | null;
@@ -34,4 +156,4 @@ declare function useMindCache(options?: MindCacheOptions): UseMindCacheResult;
 
 declare const mindcache: MindCache;
 
-export { MindCache, MindCacheOptions, type UseMindCacheResult, mindcache, useMindCache };
+export { MindCache, MindCacheOptions, type MindCacheUser, OAuthClient, type OAuthConfig, type OAuthTokens, type UseMindCacheResult, createOAuthClient, mindcache, useMindCache };

package/dist/index.js

@@ -2645,6 +2645,325 @@ var MindCache = class {
 init_CloudAdapter();
 init_CloudAdapter();
 
+// src/cloud/OAuthClient.ts
+var DEFAULT_AUTH_URL = "https://api.mindcache.dev/oauth/authorize";
+var DEFAULT_TOKEN_URL = "https://api.mindcache.dev/oauth/token";
+var DEFAULT_USERINFO_URL = "https://api.mindcache.dev/oauth/userinfo";
+var TOKEN_REFRESH_BUFFER = 5 * 60 * 1e3;
+function generateRandomString(length2) {
+  const array = new Uint8Array(length2);
+  crypto.getRandomValues(array);
+  return Array.from(array).map((b) => b.toString(16).padStart(2, "0")).join("").slice(0, length2);
+}
+function base64UrlEncode(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function generateCodeVerifier() {
+  return generateRandomString(64);
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  return base64UrlEncode(hash);
+}
+var OAuthClient = class {
+  config;
+  tokens = null;
+  refreshPromise = null;
+  constructor(config) {
+    let redirectUri = config.redirectUri;
+    if (!redirectUri && typeof window !== "undefined") {
+      const url = new URL(window.location.href);
+      url.search = "";
+      url.hash = "";
+      redirectUri = url.toString();
+    }
+    this.config = {
+      clientId: config.clientId,
+      redirectUri: redirectUri || "",
+      scopes: config.scopes || ["read", "write"],
+      authUrl: config.authUrl || DEFAULT_AUTH_URL,
+      tokenUrl: config.tokenUrl || DEFAULT_TOKEN_URL,
+      usePKCE: config.usePKCE !== false,
+      // Default true
+      storagePrefix: config.storagePrefix || "mindcache_oauth"
+    };
+    this.loadTokens();
+  }
+  /**
+     * Check if user is authenticated
+     */
+  isAuthenticated() {
+    return this.tokens !== null && this.tokens.expiresAt > Date.now();
+  }
+  /**
+     * Get stored tokens (if any)
+     */
+  getTokens() {
+    return this.tokens;
+  }
+  /**
+     * Get instance ID for this user+app
+     */
+  getInstanceId() {
+    return this.tokens?.instanceId || null;
+  }
+  /**
+     * Start OAuth authorization flow
+     * Redirects to MindCache authorization page
+     */
+  async authorize(options) {
+    const state = options?.state || generateRandomString(32);
+    this.setStorage("state", state);
+    const url = new URL(this.config.authUrl);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", this.config.clientId);
+    url.searchParams.set("redirect_uri", this.config.redirectUri);
+    url.searchParams.set("scope", this.config.scopes.join(" "));
+    url.searchParams.set("state", state);
+    if (this.config.usePKCE) {
+      const codeVerifier = generateCodeVerifier();
+      const codeChallenge = await generateCodeChallenge(codeVerifier);
+      this.setStorage("code_verifier", codeVerifier);
+      url.searchParams.set("code_challenge", codeChallenge);
+      url.searchParams.set("code_challenge_method", "S256");
+    }
+    if (options?.popup) {
+      const popup = window.open(url.toString(), "mindcache_oauth", "width=500,height=600");
+      if (!popup) {
+        throw new Error("Popup blocked. Please allow popups for this site.");
+      }
+    } else {
+      window.location.href = url.toString();
+    }
+  }
+  /**
+     * Handle OAuth callback
+     * Call this on your redirect URI page
+     *
+     * @returns Tokens if successful
+     */
+  async handleCallback() {
+    if (typeof window === "undefined") {
+      throw new Error("handleCallback must be called in browser");
+    }
+    const url = new URL(window.location.href);
+    const code = url.searchParams.get("code");
+    const state = url.searchParams.get("state");
+    const error = url.searchParams.get("error");
+    const errorDescription = url.searchParams.get("error_description");
+    if (error) {
+      this.clearStorage();
+      throw new Error(errorDescription || error);
+    }
+    const storedState = this.getStorage("state");
+    if (!state || state !== storedState) {
+      this.clearStorage();
+      throw new Error("Invalid state parameter");
+    }
+    if (!code) {
+      this.clearStorage();
+      throw new Error("No authorization code received");
+    }
+    const body = {
+      grant_type: "authorization_code",
+      code,
+      client_id: this.config.clientId,
+      redirect_uri: this.config.redirectUri
+    };
+    if (this.config.usePKCE) {
+      const codeVerifier = this.getStorage("code_verifier");
+      if (!codeVerifier) {
+        throw new Error("Missing code verifier");
+      }
+      body.code_verifier = codeVerifier;
+    }
+    const response = await fetch(this.config.tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const data2 = await response.json().catch(() => ({}));
+      throw new Error(data2.error_description || data2.error || "Token exchange failed");
+    }
+    const data = await response.json();
+    this.tokens = {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token,
+      expiresAt: Date.now() + data.expires_in * 1e3,
+      scopes: data.scope?.split(" ") || this.config.scopes,
+      instanceId: data.instance_id
+    };
+    this.saveTokens();
+    url.searchParams.delete("code");
+    url.searchParams.delete("state");
+    window.history.replaceState({}, "", url.toString());
+    this.removeStorage("state");
+    this.removeStorage("code_verifier");
+    return this.tokens;
+  }
+  /**
+     * Get a valid access token
+     * Automatically refreshes if needed
+     */
+  async getAccessToken() {
+    if (!this.tokens) {
+      throw new Error("Not authenticated. Call authorize() first.");
+    }
+    const needsRefresh = this.tokens.expiresAt - Date.now() < TOKEN_REFRESH_BUFFER;
+    if (needsRefresh && this.tokens.refreshToken) {
+      if (!this.refreshPromise) {
+        this.refreshPromise = this.refreshTokens();
+      }
+      return this.refreshPromise;
+    }
+    return this.tokens.accessToken;
+  }
+  /**
+     * Refresh access token
+     */
+  async refreshTokens() {
+    if (!this.tokens?.refreshToken) {
+      throw new Error("No refresh token available");
+    }
+    try {
+      const response = await fetch(this.config.tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          grant_type: "refresh_token",
+          refresh_token: this.tokens.refreshToken,
+          client_id: this.config.clientId
+        })
+      });
+      if (!response.ok) {
+        this.clearAuth();
+        throw new Error("Session expired. Please sign in again.");
+      }
+      const data = await response.json();
+      this.tokens = {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token || this.tokens.refreshToken,
+        expiresAt: Date.now() + data.expires_in * 1e3,
+        scopes: data.scope?.split(" ") || this.tokens.scopes,
+        instanceId: data.instance_id || this.tokens.instanceId
+      };
+      this.saveTokens();
+      return this.tokens.accessToken;
+    } finally {
+      this.refreshPromise = null;
+    }
+  }
+  /**
+     * Get user info from MindCache
+     */
+  async getUserInfo() {
+    const token = await this.getAccessToken();
+    const response = await fetch(DEFAULT_USERINFO_URL, {
+      headers: {
+        Authorization: `Bearer ${token}`
+      }
+    });
+    if (!response.ok) {
+      throw new Error("Failed to get user info");
+    }
+    const data = await response.json();
+    return {
+      id: data.sub,
+      email: data.email,
+      name: data.name,
+      instanceId: data.instance_id
+    };
+  }
+  /**
+     * Logout - revoke tokens and clear storage
+     */
+  async logout() {
+    if (this.tokens?.accessToken) {
+      try {
+        await fetch(this.config.tokenUrl.replace("/token", "/revoke"), {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({
+            token: this.tokens.accessToken
+          })
+        });
+      } catch {
+      }
+    }
+    this.clearAuth();
+  }
+  /**
+     * Clear authentication state
+     */
+  clearAuth() {
+    this.tokens = null;
+    this.removeStorage("tokens");
+  }
+  /**
+     * Token provider function for MindCache cloud config
+     * Use this with MindCacheCloudOptions.tokenProvider
+     */
+  tokenProvider = async () => {
+    return this.getAccessToken();
+  };
+  // Storage helpers
+  getStorage(key) {
+    if (typeof localStorage === "undefined") {
+      return null;
+    }
+    return localStorage.getItem(`${this.config.storagePrefix}_${key}`);
+  }
+  setStorage(key, value) {
+    if (typeof localStorage === "undefined") {
+      return;
+    }
+    localStorage.setItem(`${this.config.storagePrefix}_${key}`, value);
+  }
+  removeStorage(key) {
+    if (typeof localStorage === "undefined") {
+      return;
+    }
+    localStorage.removeItem(`${this.config.storagePrefix}_${key}`);
+  }
+  clearStorage() {
+    this.removeStorage("state");
+    this.removeStorage("code_verifier");
+    this.removeStorage("tokens");
+  }
+  loadTokens() {
+    const stored = this.getStorage("tokens");
+    if (stored) {
+      try {
+        this.tokens = JSON.parse(stored);
+      } catch {
+        this.tokens = null;
+      }
+    }
+  }
+  saveTokens() {
+    if (this.tokens) {
+      this.setStorage("tokens", JSON.stringify(this.tokens));
+    }
+  }
+};
+function createOAuthClient(config) {
+  return new OAuthClient(config);
+}
+
 // src/local/index.ts
 init_IndexedDBAdapter();
 function useMindCache(options) {
@@ -2687,7 +3006,9 @@ var mindcache = new MindCache();
 
 exports.DEFAULT_KEY_ATTRIBUTES = DEFAULT_KEY_ATTRIBUTES;
 exports.MindCache = MindCache;
+exports.OAuthClient = OAuthClient;
 exports.SystemTagHelpers = SystemTagHelpers;
+exports.createOAuthClient = createOAuthClient;
 exports.mindcache = mindcache;
 exports.useMindCache = useMindCache;
 //# sourceMappingURL=index.js.map