npm - nexu-app - Versions diffs - 2.0.0 - Mend

nexu-app 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (106) hide show

package/templates/default/packages/auth/src/index.ts ADDED Viewed

@@ -0,0 +1,45 @@
+// Types
+export * from './types';
+// Provider
+export { AuthProvider, useAuthContext } from './providers';
+// Hooks
+export { useAuth, useUser, useSession, useRequireAuth } from './hooks';
+// Components
+export { SignInForm, SignUpForm, SocialButtons, SocialButton, ProtectedRoute } from './components';
+// Utilities
+export { TokenManager, createTokenManager } from './utils/token';
+export { AuthApiClient, createAuthApiClient } from './utils/api';
+export {
+  generateState,
+  generateCodeVerifier,
+  generateCodeChallenge,
+  buildOAuthUrl,
+  getProviderConfig,
+  initiateOAuthFlow,
+  parseOAuthCallback,
+} from './utils/oauth';
+// Re-export for convenience
+export type {
+  AuthConfig,
+  AuthUser,
+  AuthSession,
+  AuthState,
+  AuthError,
+  AuthErrorCode,
+  AuthProvider as AuthProviderType,
+  SignInCredentials,
+  SignUpCredentials,
+  AuthResponse,
+  UseAuthReturn,
+  UseUserReturn,
+  UseSessionReturn,
+  SignInFormProps,
+  SignUpFormProps,
+  SocialButtonsProps,
+  ProtectedRouteProps,
+} from './types';

package/templates/default/packages/auth/src/next/index.ts ADDED Viewed

@@ -0,0 +1,18 @@
+// Middleware helpers
+export {
+  createAuthMiddleware,
+  getTokenFromRequest,
+  isRequestAuthenticated,
+  type AuthMiddlewareConfig,
+} from './middleware';
+// Server-side helpers (for Server Components)
+export {
+  getAccessToken,
+  getRefreshToken,
+  getSession,
+  getUser,
+  isAuthenticated,
+  hasRole,
+  hasPermission,
+} from './server';

package/templates/default/packages/auth/src/next/middleware.ts ADDED Viewed

@@ -0,0 +1,183 @@
+import type { NextRequest } from 'next/server';
+import { NextResponse } from 'next/server';
+const ACCESS_TOKEN_KEY = 'auth_access_token';
+export interface AuthMiddlewareConfig {
+  /**
+   * Routes that require authentication
+   * Supports glob patterns like '/dashboard/*'
+   */
+  protectedRoutes?: string[];
+  /**
+   * Routes that should redirect to home if already authenticated
+   */
+  authRoutes?: string[];
+  /**
+   * URL to redirect unauthenticated users
+   * @default '/login'
+   */
+  loginUrl?: string;
+  /**
+   * URL to redirect authenticated users from auth routes
+   * @default '/'
+   */
+  homeUrl?: string;
+  /**
+   * Cookie name for access token
+   * @default 'auth_access_token'
+   */
+  tokenCookieName?: string;
+  /**
+   * Custom callback for additional checks
+   */
+  onAuthenticated?: (request: NextRequest) => NextResponse | null | undefined;
+}
+/**
+ * Match a path against a pattern (supports wildcards)
+ */
+function matchPath(path: string, pattern: string): boolean {
+  // Exact match
+  if (pattern === path) return true;
+  // Wildcard at end (e.g., '/dashboard/*')
+  if (pattern.endsWith('/*')) {
+    const base = pattern.slice(0, -2);
+    return path === base || path.startsWith(base + '/');
+  }
+  // Wildcard in middle (e.g., '/api/*/users')
+  const regexPattern = pattern.replace(/\*/g, '[^/]+').replace(/\//g, '\\/');
+  const regex = new RegExp(`^${regexPattern}$`);
+  return regex.test(path);
+}
+/**
+ * Check if path matches any pattern in the list
+ */
+function matchesAnyPattern(path: string, patterns: string[]): boolean {
+  return patterns.some(pattern => matchPath(path, pattern));
+}
+/**
+ * Decode JWT token (basic decode without verification)
+ */
+function decodeToken(token: string): { exp?: number } | null {
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+    const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString('utf-8')) as {
+      exp?: number;
+    };
+    return payload;
+  } catch {
+    return null;
+  }
+}
+/**
+ * Check if token is expired
+ */
+function isTokenExpired(token: string): boolean {
+  const payload = decodeToken(token);
+  if (!payload || !payload.exp) return true;
+  return Date.now() >= payload.exp * 1000;
+}
+/**
+ * Create authentication middleware for Next.js
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { createAuthMiddleware } from '@repo/auth/next';
+ *
+ * export const middleware = createAuthMiddleware({
+ *   protectedRoutes: ['/dashboard/*', '/settings/*', '/api/protected/*'],
+ *   authRoutes: ['/login', '/signup', '/forgot-password'],
+ *   loginUrl: '/login',
+ *   homeUrl: '/dashboard',
+ * });
+ *
+ * export const config = {
+ *   matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],
+ * };
+ * ```
+ */
+export function createAuthMiddleware(config: AuthMiddlewareConfig = {}) {
+  const {
+    protectedRoutes = [],
+    authRoutes = [],
+    loginUrl = '/login',
+    homeUrl = '/',
+    tokenCookieName = ACCESS_TOKEN_KEY,
+    onAuthenticated,
+  } = config;
+  return function authMiddleware(request: NextRequest): NextResponse {
+    const { pathname } = request.nextUrl;
+    // Get token from cookie
+    const token = request.cookies.get(tokenCookieName)?.value;
+    const isAuthenticated = token && !isTokenExpired(token);
+    // Check if route is protected
+    const isProtectedRoute = matchesAnyPattern(pathname, protectedRoutes);
+    // Check if route is an auth route (login, signup, etc.)
+    const isAuthRoute = matchesAnyPattern(pathname, authRoutes);
+    // Redirect unauthenticated users from protected routes
+    if (isProtectedRoute && !isAuthenticated) {
+      const url = new URL(loginUrl, request.url);
+      url.searchParams.set('returnTo', pathname);
+      return NextResponse.redirect(url);
+    }
+    // Redirect authenticated users from auth routes
+    if (isAuthRoute && isAuthenticated) {
+      const returnTo = request.nextUrl.searchParams.get('returnTo');
+      const redirectUrl = returnTo || homeUrl;
+      return NextResponse.redirect(new URL(redirectUrl, request.url));
+    }
+    // Run custom callback if provided
+    if (isAuthenticated && onAuthenticated) {
+      const customResponse = onAuthenticated(request);
+      if (customResponse) return customResponse;
+    }
+    return NextResponse.next();
+  };
+}
+/**
+ * Helper to get auth token from request (for API routes)
+ */
+export function getTokenFromRequest(request: NextRequest): string | null {
+  // Try Authorization header first
+  const authHeader = request.headers.get('authorization');
+  if (authHeader?.startsWith('Bearer ')) {
+    return authHeader.substring(7);
+  }
+  // Try cookie
+  const token = request.cookies.get(ACCESS_TOKEN_KEY)?.value;
+  return token || null;
+}
+/**
+ * Helper to check if request is authenticated (for API routes)
+ */
+export function isRequestAuthenticated(request: NextRequest): boolean {
+  const token = getTokenFromRequest(request);
+  if (!token) return false;
+  return !isTokenExpired(token);
+}

package/templates/default/packages/auth/src/next/server.ts ADDED Viewed

@@ -0,0 +1,219 @@
+import { cookies } from 'next/headers';
+import type { AuthSession, AuthUser, TokenPayload } from '../types';
+const ACCESS_TOKEN_KEY = 'auth_access_token';
+const REFRESH_TOKEN_KEY = 'auth_refresh_token';
+/**
+ * Decode JWT token (basic decode without verification)
+ * For server-side use, you should verify the token with your backend
+ */
+function decodeToken(token: string): TokenPayload | null {
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+    const payload = JSON.parse(Buffer.from(parts[1], 'base64').toString('utf-8')) as TokenPayload;
+    return payload;
+  } catch {
+    return null;
+  }
+}
+/**
+ * Check if token is expired
+ */
+function isTokenExpired(token: string): boolean {
+  const payload = decodeToken(token);
+  if (!payload || !payload.exp) return true;
+  return Date.now() >= payload.exp * 1000;
+}
+/**
+ * Get the access token from cookies (Server Components)
+ *
+ * @example
+ * ```tsx
+ * // app/dashboard/page.tsx
+ * import { getAccessToken } from '@repo/auth/next';
+ *
+ * export default async function DashboardPage() {
+ *   const token = await getAccessToken();
+ *
+ *   if (!token) {
+ *     redirect('/login');
+ *   }
+ *
+ *   // Fetch data with token
+ *   const data = await fetch('/api/data', {
+ *     headers: { Authorization: `Bearer ${token}` },
+ *   });
+ *
+ *   return <Dashboard data={data} />;
+ * }
+ * ```
+ */
+export async function getAccessToken(): Promise<string | null> {
+  const cookieStore = await cookies();
+  const token = cookieStore.get(ACCESS_TOKEN_KEY)?.value;
+  if (!token || isTokenExpired(token)) {
+    return null;
+  }
+  return token;
+}
+/**
+ * Get the refresh token from cookies (Server Components)
+ */
+export async function getRefreshToken(): Promise<string | null> {
+  const cookieStore = await cookies();
+  return cookieStore.get(REFRESH_TOKEN_KEY)?.value || null;
+}
+/**
+ * Get session from cookies (Server Components)
+ *
+ * @example
+ * ```tsx
+ * // app/profile/page.tsx
+ * import { getSession } from '@repo/auth/next';
+ * import { redirect } from 'next/navigation';
+ *
+ * export default async function ProfilePage() {
+ *   const session = await getSession();
+ *
+ *   if (!session) {
+ *     redirect('/login');
+ *   }
+ *
+ *   return <Profile user={session.user} />;
+ * }
+ * ```
+ */
+export async function getSession(): Promise<AuthSession | null> {
+  const token = await getAccessToken();
+  if (!token) return null;
+  const payload = decodeToken(token);
+  if (!payload) return null;
+  const refreshToken = await getRefreshToken();
+  // Build user from token payload
+  const user: AuthUser = {
+    id: payload.sub,
+    email: payload.email || '',
+    name: payload.name,
+    metadata: {},
+  };
+  // Copy additional fields from payload to metadata
+  const knownFields = ['sub', 'email', 'name', 'exp', 'iat', 'aud', 'iss'];
+  for (const [key, value] of Object.entries(payload)) {
+    if (!knownFields.includes(key)) {
+      user.metadata![key] = value;
+    }
+  }
+  return {
+    user,
+    accessToken: token,
+    refreshToken: refreshToken || undefined,
+    expiresAt: payload.exp * 1000,
+    provider: 'email', // Will be overwritten if available in token
+  };
+}
+/**
+ * Get user from session (Server Components)
+ *
+ * @example
+ * ```tsx
+ * // app/layout.tsx
+ * import { getUser } from '@repo/auth/next';
+ *
+ * export default async function RootLayout({ children }) {
+ *   const user = await getUser();
+ *
+ *   return (
+ *     <html>
+ *       <body>
+ *         <Header user={user} />
+ *         {children}
+ *       </body>
+ *     </html>
+ *   );
+ * }
+ * ```
+ */
+export async function getUser(): Promise<AuthUser | null> {
+  const session = await getSession();
+  return session?.user || null;
+}
+/**
+ * Check if user is authenticated (Server Components)
+ *
+ * @example
+ * ```tsx
+ * // app/admin/layout.tsx
+ * import { isAuthenticated } from '@repo/auth/next';
+ * import { redirect } from 'next/navigation';
+ *
+ * export default async function AdminLayout({ children }) {
+ *   const authenticated = await isAuthenticated();
+ *
+ *   if (!authenticated) {
+ *     redirect('/login?returnTo=/admin');
+ *   }
+ *
+ *   return <>{children}</>;
+ * }
+ * ```
+ */
+export async function isAuthenticated(): Promise<boolean> {
+  const token = await getAccessToken();
+  return token !== null;
+}
+/**
+ * Check if user has specific roles (Server Components)
+ *
+ * @example
+ * ```tsx
+ * // app/admin/page.tsx
+ * import { hasRole } from '@repo/auth/next';
+ * import { redirect } from 'next/navigation';
+ *
+ * export default async function AdminPage() {
+ *   const isAdmin = await hasRole(['admin', 'superadmin']);
+ *
+ *   if (!isAdmin) {
+ *     redirect('/unauthorized');
+ *   }
+ *
+ *   return <AdminDashboard />;
+ * }
+ * ```
+ */
+export async function hasRole(roles: string[]): Promise<boolean> {
+  const session = await getSession();
+  if (!session) return false;
+  const userRoles = (session.user.metadata?.roles as string[]) || [];
+  return roles.some(role => userRoles.includes(role));
+}
+/**
+ * Check if user has specific permissions (Server Components)
+ */
+export async function hasPermission(permissions: string[]): Promise<boolean> {
+  const session = await getSession();
+  if (!session) return false;
+  const userPermissions = (session.user.metadata?.permissions as string[]) || [];
+  return permissions.every(perm => userPermissions.includes(perm));
+}