npm - nexu-app - Versions diffs - 2.0.0 - Mend

nexu-app 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/templates/default/packages/auth/src/utils/api.ts ADDED Viewed

@@ -0,0 +1,228 @@
+import type {
+  AuthConfig,
+  AuthError,
+  AuthErrorCode,
+  AuthResponse,
+  AuthUser,
+  SignInCredentials,
+  SignUpCredentials,
+  UpdatePasswordRequest,
+} from '../types';
+import { TokenManager } from './token';
+/**
+ * Auth API client for making authenticated requests
+ */
+export class AuthApiClient {
+  private baseUrl: string;
+  private headers: Record<string, string>;
+  private tokenManager: TokenManager;
+  private debug: boolean;
+  constructor(config: AuthConfig, tokenManager: TokenManager) {
+    this.baseUrl = config.apiBaseUrl.replace(/\/$/, '');
+    this.headers = config.headers || {};
+    this.tokenManager = tokenManager;
+    this.debug = config.debug || false;
+  }
+  private log(...args: unknown[]): void {
+    if (this.debug) {
+      // eslint-disable-next-line no-console
+      console.log('[Auth]', ...args);
+    }
+  }
+  private async request<T>(endpoint: string, options: RequestInit = {}): Promise<T> {
+    const url = `${this.baseUrl}${endpoint}`;
+    const token = this.tokenManager.getAccessToken();
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+      ...this.headers,
+      ...(options.headers as Record<string, string>),
+    };
+    if (token) {
+      headers['Authorization'] = `Bearer ${token}`;
+    }
+    this.log(`${options.method || 'GET'} ${url}`);
+    try {
+      const response = await fetch(url, {
+        ...options,
+        headers,
+      });
+      const data = (await response.json().catch(() => ({}))) as T & {
+        message?: string;
+        code?: string;
+        details?: unknown;
+      };
+      if (!response.ok) {
+        throw this.createError(response.status, data);
+      }
+      return data;
+    } catch (error) {
+      if ((error as AuthError).code) {
+        throw error;
+      }
+      throw this.createError(0, {
+        message: error instanceof Error ? error.message : 'Network error',
+      });
+    }
+  }
+  private createError(
+    status: number,
+    data: { message?: string; code?: string; details?: unknown }
+  ): AuthError {
+    let code: AuthErrorCode = 'UNKNOWN_ERROR';
+    if (data.code) {
+      code = data.code as AuthErrorCode;
+    } else if (status === 401) {
+      code = 'UNAUTHORIZED';
+    } else if (status === 403) {
+      code = 'FORBIDDEN';
+    } else if (status === 404) {
+      code = 'USER_NOT_FOUND';
+    } else if (status === 409) {
+      code = 'USER_ALREADY_EXISTS';
+    } else if (status === 0) {
+      code = 'NETWORK_ERROR';
+    }
+    return {
+      code,
+      message: data.message || 'An error occurred',
+      details: data.details,
+    };
+  }
+  /**
+   * Sign in with email and password
+   */
+  async signIn(credentials: SignInCredentials): Promise<AuthResponse> {
+    return this.request<AuthResponse>('/signin', {
+      method: 'POST',
+      body: JSON.stringify(credentials),
+    });
+  }
+  /**
+   * Sign up with email and password
+   */
+  async signUp(credentials: SignUpCredentials): Promise<AuthResponse> {
+    return this.request<AuthResponse>('/signup', {
+      method: 'POST',
+      body: JSON.stringify(credentials),
+    });
+  }
+  /**
+   * Sign out
+   */
+  async signOut(): Promise<void> {
+    const refreshToken = this.tokenManager.getRefreshToken();
+    await this.request('/signout', {
+      method: 'POST',
+      body: JSON.stringify({ refreshToken }),
+    });
+  }
+  /**
+   * Refresh the access token
+   */
+  async refreshToken(): Promise<AuthResponse> {
+    const refreshToken = this.tokenManager.getRefreshToken();
+    if (!refreshToken) {
+      throw this.createError(401, { message: 'No refresh token available' });
+    }
+    return this.request<AuthResponse>('/refresh', {
+      method: 'POST',
+      body: JSON.stringify({ refreshToken }),
+    });
+  }
+  /**
+   * Get the current user
+   */
+  async getUser(): Promise<AuthUser> {
+    return this.request<AuthUser>('/me');
+  }
+  /**
+   * Update the current user
+   */
+  async updateUser(data: Partial<AuthUser>): Promise<AuthUser> {
+    return this.request<AuthUser>('/me', {
+      method: 'PATCH',
+      body: JSON.stringify(data),
+    });
+  }
+  /**
+   * Request password reset
+   */
+  async resetPassword(email: string): Promise<void> {
+    await this.request('/reset-password', {
+      method: 'POST',
+      body: JSON.stringify({ email }),
+    });
+  }
+  /**
+   * Update password
+   */
+  async updatePassword(request: UpdatePasswordRequest): Promise<void> {
+    await this.request('/update-password', {
+      method: 'POST',
+      body: JSON.stringify(request),
+    });
+  }
+  /**
+   * Verify email
+   */
+  async verifyEmail(token: string): Promise<void> {
+    await this.request('/verify-email', {
+      method: 'POST',
+      body: JSON.stringify({ token }),
+    });
+  }
+  /**
+   * Resend verification email
+   */
+  async resendVerification(): Promise<void> {
+    await this.request('/resend-verification', {
+      method: 'POST',
+    });
+  }
+  /**
+   * Exchange OAuth code for tokens
+   */
+  async exchangeOAuthCode(provider: string, code: string, state?: string): Promise<AuthResponse> {
+    return this.request<AuthResponse>(`/oauth/${provider}/callback`, {
+      method: 'POST',
+      body: JSON.stringify({ code, state }),
+    });
+  }
+}
+/**
+ * Create an auth API client instance
+ */
+export function createAuthApiClient(config: AuthConfig, tokenManager: TokenManager): AuthApiClient {
+  return new AuthApiClient(config, tokenManager);
+}

package/templates/default/packages/auth/src/utils/index.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from './token';
+export * from './api';
+export * from './oauth';

package/templates/default/packages/auth/src/utils/oauth.ts ADDED Viewed

@@ -0,0 +1,230 @@
+import type { AuthProvider, AuthProviderConfig, OAuthProviderConfig } from '../types';
+/**
+ * OAuth provider URLs
+ */
+const OAUTH_URLS: Record<string, { authUrl: string; defaultScope: string[] }> = {
+  google: {
+    authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
+    defaultScope: ['openid', 'email', 'profile'],
+  },
+  github: {
+    authUrl: 'https://github.com/login/oauth/authorize',
+    defaultScope: ['read:user', 'user:email'],
+  },
+  facebook: {
+    authUrl: 'https://www.facebook.com/v18.0/dialog/oauth',
+    defaultScope: ['email', 'public_profile'],
+  },
+  apple: {
+    authUrl: 'https://appleid.apple.com/auth/authorize',
+    defaultScope: ['name', 'email'],
+  },
+  twitter: {
+    authUrl: 'https://twitter.com/i/oauth2/authorize',
+    defaultScope: ['users.read', 'tweet.read'],
+  },
+};
+/**
+ * Generate a random state string for CSRF protection
+ */
+export function generateState(): string {
+  const array = new Uint8Array(32);
+  crypto.getRandomValues(array);
+  return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');
+}
+/**
+ * Generate a code verifier for PKCE
+ */
+export function generateCodeVerifier(): string {
+  const array = new Uint8Array(32);
+  crypto.getRandomValues(array);
+  return base64UrlEncode(array);
+}
+/**
+ * Generate a code challenge from a code verifier
+ */
+export async function generateCodeChallenge(verifier: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const hash = await crypto.subtle.digest('SHA-256', data);
+  return base64UrlEncode(new Uint8Array(hash));
+}
+/**
+ * Base64 URL encode
+ */
+function base64UrlEncode(buffer: Uint8Array): string {
+  let binary = '';
+  for (let i = 0; i < buffer.length; i++) {
+    binary += String.fromCharCode(buffer[i]);
+  }
+  return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+/**
+ * Store OAuth state in session storage
+ */
+export function storeOAuthState(provider: string, state: string, codeVerifier?: string): void {
+  if (typeof window === 'undefined') return;
+  const data = { state, codeVerifier, timestamp: Date.now() };
+  sessionStorage.setItem(`oauth_state_${provider}`, JSON.stringify(data));
+}
+/**
+ * Get stored OAuth state
+ */
+export function getStoredOAuthState(
+  provider: string
+): { state: string; codeVerifier?: string } | null {
+  if (typeof window === 'undefined') return null;
+  const stored = sessionStorage.getItem(`oauth_state_${provider}`);
+  if (!stored) return null;
+  try {
+    const data = JSON.parse(stored) as {
+      state: string;
+      codeVerifier?: string;
+      timestamp: number;
+    };
+    // Check if state is older than 10 minutes
+    if (Date.now() - data.timestamp > 10 * 60 * 1000) {
+      sessionStorage.removeItem(`oauth_state_${provider}`);
+      return null;
+    }
+    return { state: data.state, codeVerifier: data.codeVerifier };
+  } catch {
+    return null;
+  }
+}
+/**
+ * Clear stored OAuth state
+ */
+export function clearOAuthState(provider: string): void {
+  if (typeof window === 'undefined') return;
+  sessionStorage.removeItem(`oauth_state_${provider}`);
+}
+/**
+ * Build OAuth authorization URL
+ */
+export function buildOAuthUrl(
+  provider: AuthProvider,
+  config: OAuthProviderConfig,
+  options?: {
+    state?: string;
+    codeChallenge?: string;
+    codeChallengeMethod?: string;
+  }
+): string {
+  const providerConfig = OAUTH_URLS[provider];
+  if (!providerConfig) {
+    throw new Error(`Unknown OAuth provider: ${provider}`);
+  }
+  const params = new URLSearchParams({
+    client_id: config.clientId,
+    redirect_uri: config.redirectUri || `${window.location.origin}/auth/callback/${provider}`,
+    response_type: 'code',
+    scope: (config.scope || providerConfig.defaultScope).join(' '),
+  });
+  if (options?.state) {
+    params.set('state', options.state);
+  }
+  if (options?.codeChallenge) {
+    params.set('code_challenge', options.codeChallenge);
+    params.set('code_challenge_method', options.codeChallengeMethod || 'S256');
+  }
+  // Provider-specific parameters
+  if (provider === 'google') {
+    params.set('access_type', 'offline');
+    params.set('prompt', 'consent');
+  }
+  return `${providerConfig.authUrl}?${params.toString()}`;
+}
+/**
+ * Get the OAuth config for a provider
+ */
+export function getProviderConfig(
+  provider: AuthProvider,
+  config?: AuthProviderConfig
+): OAuthProviderConfig | null {
+  if (!config) return null;
+  switch (provider) {
+    case 'google':
+      return config.google || null;
+    case 'github':
+      return config.github || null;
+    case 'facebook':
+      return config.facebook || null;
+    case 'apple':
+      return config.apple || null;
+    case 'twitter':
+      return config.twitter || null;
+    default:
+      return null;
+  }
+}
+/**
+ * Initiate OAuth flow
+ */
+export async function initiateOAuthFlow(
+  provider: AuthProvider,
+  providerConfig: OAuthProviderConfig,
+  usePKCE: boolean = true
+): Promise<void> {
+  const state = generateState();
+  let codeVerifier: string | undefined;
+  let codeChallenge: string | undefined;
+  if (usePKCE) {
+    codeVerifier = generateCodeVerifier();
+    codeChallenge = await generateCodeChallenge(codeVerifier);
+  }
+  storeOAuthState(provider, state, codeVerifier);
+  const url = buildOAuthUrl(provider, providerConfig, {
+    state,
+    codeChallenge,
+    codeChallengeMethod: 'S256',
+  });
+  window.location.href = url;
+}
+/**
+ * Parse OAuth callback URL parameters
+ */
+export function parseOAuthCallback(): {
+  code?: string;
+  state?: string;
+  error?: string;
+  errorDescription?: string;
+} | null {
+  if (typeof window === 'undefined') return null;
+  const params = new URLSearchParams(window.location.search);
+  return {
+    code: params.get('code') || undefined,
+    state: params.get('state') || undefined,
+    error: params.get('error') || undefined,
+    errorDescription: params.get('error_description') || undefined,
+  };
+}

package/templates/default/packages/auth/src/utils/token.ts ADDED Viewed

@@ -0,0 +1,204 @@
+import Cookies from 'js-cookie';
+import { jwtDecode } from 'jwt-decode';
+import type { TokenStorage, TokenPayload, AuthConfig } from '../types';
+const ACCESS_TOKEN_KEY = 'auth_access_token';
+const REFRESH_TOKEN_KEY = 'auth_refresh_token';
+let memoryStorage: { accessToken?: string; refreshToken?: string } = {};
+/**
+ * Get the token storage implementation based on config
+ */
+function getStorage(storage: TokenStorage) {
+  switch (storage) {
+    case 'localStorage':
+      return {
+        get: (key: string) => {
+          if (typeof window === 'undefined') return null;
+          return localStorage.getItem(key);
+        },
+        set: (key: string, value: string) => {
+          if (typeof window === 'undefined') return;
+          localStorage.setItem(key, value);
+        },
+        remove: (key: string) => {
+          if (typeof window === 'undefined') return;
+          localStorage.removeItem(key);
+        },
+      };
+    case 'cookie':
+      return {
+        get: (key: string) => Cookies.get(key) || null,
+        set: (key: string, value: string, options?: Cookies.CookieAttributes) => {
+          Cookies.set(key, value, options);
+        },
+        remove: (key: string, options?: Cookies.CookieAttributes) => {
+          Cookies.remove(key, options);
+        },
+      };
+    case 'memory':
+      return {
+        get: (key: string) => {
+          if (key === ACCESS_TOKEN_KEY) return memoryStorage.accessToken || null;
+          if (key === REFRESH_TOKEN_KEY) return memoryStorage.refreshToken || null;
+          return null;
+        },
+        set: (key: string, value: string) => {
+          if (key === ACCESS_TOKEN_KEY) memoryStorage.accessToken = value;
+          if (key === REFRESH_TOKEN_KEY) memoryStorage.refreshToken = value;
+        },
+        remove: (key: string) => {
+          if (key === ACCESS_TOKEN_KEY) delete memoryStorage.accessToken;
+          if (key === REFRESH_TOKEN_KEY) delete memoryStorage.refreshToken;
+        },
+      };
+    default:
+      throw new Error(`Unknown storage type: ${storage as string}`);
+  }
+}
+/**
+ * Token manager class for handling token storage and validation
+ */
+export class TokenManager {
+  private storage: TokenStorage;
+  private cookieOptions?: AuthConfig['cookieOptions'];
+  constructor(config: Pick<AuthConfig, 'tokenStorage' | 'cookieOptions'>) {
+    this.storage = config.tokenStorage || 'cookie';
+    this.cookieOptions = config.cookieOptions;
+  }
+  /**
+   * Get the access token
+   */
+  getAccessToken(): string | null {
+    return getStorage(this.storage).get(ACCESS_TOKEN_KEY);
+  }
+  /**
+   * Get the refresh token
+   */
+  getRefreshToken(): string | null {
+    return getStorage(this.storage).get(REFRESH_TOKEN_KEY);
+  }
+  /**
+   * Set the access token
+   */
+  setAccessToken(token: string, expiresIn?: number): void {
+    const storage = getStorage(this.storage);
+    if (this.storage === 'cookie') {
+      const expires = expiresIn ? new Date(Date.now() + expiresIn * 1000) : undefined;
+      storage.set(ACCESS_TOKEN_KEY, token, {
+        expires,
+        secure: this.cookieOptions?.secure ?? true,
+        sameSite: this.cookieOptions?.sameSite ?? 'lax',
+        domain: this.cookieOptions?.domain,
+        path: this.cookieOptions?.path ?? '/',
+      });
+    } else {
+      storage.set(ACCESS_TOKEN_KEY, token);
+    }
+  }
+  /**
+   * Set the refresh token
+   */
+  setRefreshToken(token: string): void {
+    const storage = getStorage(this.storage);
+    if (this.storage === 'cookie') {
+      storage.set(REFRESH_TOKEN_KEY, token, {
+        expires: 30, // 30 days
+        secure: this.cookieOptions?.secure ?? true,
+        sameSite: this.cookieOptions?.sameSite ?? 'lax',
+        domain: this.cookieOptions?.domain,
+        path: this.cookieOptions?.path ?? '/',
+        httpOnly: false, // Can't set httpOnly from client-side
+      });
+    } else {
+      storage.set(REFRESH_TOKEN_KEY, token);
+    }
+  }
+  /**
+   * Clear all tokens
+   */
+  clearTokens(): void {
+    const storage = getStorage(this.storage);
+    if (this.storage === 'cookie') {
+      storage.remove(ACCESS_TOKEN_KEY, {
+        domain: this.cookieOptions?.domain,
+        path: this.cookieOptions?.path ?? '/',
+      });
+      storage.remove(REFRESH_TOKEN_KEY, {
+        domain: this.cookieOptions?.domain,
+        path: this.cookieOptions?.path ?? '/',
+      });
+    } else {
+      storage.remove(ACCESS_TOKEN_KEY);
+      storage.remove(REFRESH_TOKEN_KEY);
+    }
+    // Also clear memory storage
+    memoryStorage = {};
+  }
+  /**
+   * Decode the access token
+   */
+  decodeToken(token?: string): TokenPayload | null {
+    const tokenToDecode = token || this.getAccessToken();
+    if (!tokenToDecode) return null;
+    try {
+      return jwtDecode<TokenPayload>(tokenToDecode);
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Check if the token is expired
+   */
+  isTokenExpired(token?: string, threshold: number = 0): boolean {
+    const payload = this.decodeToken(token);
+    if (!payload || !payload.exp) return true;
+    const expiresAt = payload.exp * 1000;
+    return Date.now() >= expiresAt - threshold * 1000;
+  }
+  /**
+   * Get token expiration time in milliseconds
+   */
+  getTokenExpiration(token?: string): number | null {
+    const payload = this.decodeToken(token);
+    if (!payload || !payload.exp) return null;
+    return payload.exp * 1000;
+  }
+  /**
+   * Check if we should refresh the token
+   */
+  shouldRefresh(threshold: number = 300): boolean {
+    const token = this.getAccessToken();
+    if (!token) return false;
+    return this.isTokenExpired(token, threshold);
+  }
+}
+/**
+ * Create a token manager instance
+ */
+export function createTokenManager(
+  config: Pick<AuthConfig, 'tokenStorage' | 'cookieOptions'>
+): TokenManager {
+  return new TokenManager(config);
+}

package/templates/default/packages/auth/tsconfig.json ADDED Viewed

@@ -0,0 +1,14 @@
+{
+  "extends": "@repo/config/typescript/base",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src",
+    "jsx": "react-jsx",
+    "lib": ["ES2020", "DOM", "DOM.Iterable"],
+    "types": ["node"],
+    "declaration": true,
+    "declarationMap": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "dist"]
+}

package/templates/default/packages/auth/tsup.config.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { defineConfig } from 'tsup';
+export default defineConfig({
+  entry: [
+    'src/index.ts',
+    'src/hooks/index.ts',
+    'src/components/index.ts',
+    'src/providers/index.ts',
+    'src/next/index.ts',
+  ],
+  format: ['cjs', 'esm'],
+  dts: true,
+  splitting: false,
+  sourcemap: true,
+  clean: true,
+  external: ['react', 'react-dom', 'next', 'next/server', 'next/headers'],
+  treeshake: true,
+});