npm - supaapps-auth - Versions diffs - 1.4.1 → 2.0.0-rc.10 - Mend

supaapps-auth 1.4.1 → 2.0.0-rc.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/.eslintrc +3 -0
package/.github/workflows/ci.yml +1 -0
package/.prettierrc +7 -0
package/dist/AuthManager.d.ts +17 -7
package/dist/AuthManager.js +207 -36
package/dist/index.d.ts +1 -0
package/dist/index.js +15 -0
package/dist/types.d.ts +36 -0
package/dist/types.js +24 -0
package/package.json +16 -4
package/src/AuthManager.ts +387 -130
package/src/index.ts +1 -0
package/src/types.ts +40 -0
package/tests/AuthManager.test.ts +41 -8

package/.eslintrc ADDED Viewed

@@ -0,0 +1,3 @@
+{
+    "extends": "supaapps"
+}

package/.github/workflows/ci.yml CHANGED Viewed

@@ -21,6 +21,7 @@ jobs:
         node-version: ${{ matrix.node-version }}
         cache: 'npm'
     - run: npm ci
+    - run: npm run lint
     - run: npm run build --if-present
     - run: npm run test

package/.prettierrc ADDED Viewed

@@ -0,0 +1,7 @@
+{
+    "semi": true,
+    "trailingComma": "all",
+    "singleQuote": true,
+    "printWidth": 70,
+    "tabWidth": 2
+}

package/dist/AuthManager.d.ts CHANGED Viewed

@@ -1,24 +1,34 @@
+import { AuthManagerEvent, Platforms, UserTokenPayload } from './types';
 export declare class AuthManager {
     private static instance;
     private authServer;
     private realmName;
     private redirectUri;
-    private loginCallback;
+    private onStateChange;
     private constructor();
-    static initialize(authServer: string, realmName: string, redirectUri: string, loginCallback: () => void): AuthManager;
+    static initialize(authServer: string, realmName: string, redirectUri: string, onStateChange: (event: AuthManagerEvent) => void): AuthManager;
     static getInstance(): AuthManager;
+    private tokenToPayload;
     private toBase64Url;
     private generatePKCEPair;
-    refreshAccessToken(): Promise<string>;
-    checkAccessToken(): Promise<string>;
+    refreshAccessToken(isInitialization?: boolean): Promise<string>;
+    checkAccessToken(isInitilization?: boolean): Promise<string>;
     private isTokenExpired;
-    mustBeLoggedIn(): Promise<boolean>;
+    mustBeLoggedIn(): Promise<void>;
     getLoginWithGoogleUri(): string;
     isLoggedIn(): Promise<boolean>;
-    getAccessToken(): Promise<string>;
+    getAccessToken(mustBeLoggedIn?: boolean): Promise<string>;
+    platformCheck(email: string): Promise<Array<Platforms>>;
+    verifyEmail(email: string, token: string): Promise<boolean>;
+    doPassReset(email: string, token: string, newPassword: string): Promise<boolean>;
+    changeEmail(email: string): Promise<boolean>;
+    initPasswordReset(email: string): Promise<boolean>;
+    changePassword(oldPassword: string, newPassword: string, email: string): Promise<boolean>;
+    registerUsingEmail(firstName: string, lastName: string, email: string, password: string): Promise<void>;
     private saveTokens;
+    loginUsingEmail(email: string, password: string): Promise<void>;
     loginUsingPkce(code: string): Promise<void>;
     logout(): Promise<void>;
-    static validateToken(authServer: string, bearerToken: string): Promise<boolean>;
+    static validateToken(authServer: string, bearerToken: string): Promise<UserTokenPayload>;
     static resetInstance(): void;
 }

package/dist/AuthManager.js CHANGED Viewed

@@ -13,17 +13,29 @@ exports.AuthManager = void 0;
 const axios_1 = require("axios");
 const crypto_1 = require("crypto");
 const jsonwebtoken_1 = require("jsonwebtoken"); // Ensure jsonwebtoken is correctly imported
+const types_1 = require("./types");
 class AuthManager {
-    constructor(authServer, realmName, redirectUri, loginCallback) {
+    constructor(authServer, realmName, redirectUri, onStateChange) {
         this.authServer = authServer;
         this.realmName = realmName;
         this.redirectUri = redirectUri;
-        this.loginCallback = loginCallback;
+        this.onStateChange = onStateChange;
         AuthManager.instance = this;
     }
-    static initialize(authServer, realmName, redirectUri, loginCallback) {
+    static initialize(authServer, realmName, redirectUri, onStateChange) {
         if (!AuthManager.instance) {
-            AuthManager.instance = new AuthManager(authServer, realmName, redirectUri, loginCallback);
+            AuthManager.instance = new AuthManager(authServer, realmName, redirectUri, onStateChange);
+            AuthManager.instance
+                .checkAccessToken(true)
+                .then((token) => {
+                onStateChange({
+                    type: types_1.AuthEventType.INITALIZED_IN,
+                    user: AuthManager.instance.tokenToPayload(token),
+                });
+            })
+                .catch(() => {
+                onStateChange({ type: types_1.AuthEventType.INITALIZED_OUT });
+            });
         }
         return AuthManager.instance;
     }
@@ -33,8 +45,14 @@ class AuthManager {
         }
         return AuthManager.instance;
     }
+    tokenToPayload(token) {
+        return JSON.parse(atob(token.split('.')[1]));
+    }
     toBase64Url(base64String) {
-        return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+        return base64String
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=+$/, '');
     }
     generatePKCEPair() {
         var _a, _b;
@@ -45,46 +63,50 @@ class AuthManager {
         return { verifier, challenge };
     }
     refreshAccessToken() {
-        return __awaiter(this, void 0, void 0, function* () {
+        return __awaiter(this, arguments, void 0, function* (isInitialization = false) {
             try {
                 const refreshToken = localStorage.getItem('refresh_token');
                 if (!refreshToken) {
                     throw new Error('No refresh token found');
                 }
                 const response = yield axios_1.default.post(`${this.authServer}auth/refresh`, {
-                    refresh_token: refreshToken
+                    refresh_token: refreshToken,
                 });
-                localStorage.setItem('refresh_token', response.data.refresh_token);
-                localStorage.setItem('access_token', response.data.access_token);
-                const user = (0, jsonwebtoken_1.decode)(response.data.access_token);
-                localStorage.setItem('user', JSON.stringify(user));
+                this.saveTokens(response, true);
                 return response.data.access_token;
             }
             catch (error) {
                 console.error(`Refresh token error, logging out: ${error}`);
                 localStorage.removeItem('access_token');
                 localStorage.removeItem('refresh_token');
-                this.loginCallback();
+                if (!isInitialization) {
+                    // throw refresh fail only if not initialization
+                    this.onStateChange({ type: types_1.AuthEventType.REFRESH_FAILED });
+                }
                 throw error;
             }
         });
     }
     checkAccessToken() {
-        return __awaiter(this, void 0, void 0, function* () {
-            let accessToken = localStorage.getItem('access_token');
-            if (!accessToken || this.isTokenExpired(accessToken)) {
-                return this.refreshAccessToken();
+        return __awaiter(this, arguments, void 0, function* (isInitilization = false) {
+            const accessToken = localStorage.getItem('access_token');
+            if (accessToken && this.isTokenExpired(accessToken)) {
+                return this.refreshAccessToken(isInitilization);
             }
             return accessToken;
         });
     }
     isTokenExpired(token) {
-        const decoded = JSON.parse(atob(token.split('.')[1]));
+        const decoded = this.tokenToPayload(token);
         return decoded.exp < Date.now() / 1000;
     }
     mustBeLoggedIn() {
         return __awaiter(this, void 0, void 0, function* () {
-            return this.isLoggedIn() || (this.loginCallback(), false);
+            if (!(yield this.isLoggedIn())) {
+                this.onStateChange({
+                    type: types_1.AuthEventType.FAILED_MUST_LOGIN_CHECK,
+                });
+            }
         });
     }
     getLoginWithGoogleUri() {
@@ -103,16 +125,150 @@ class AuthManager {
         });
     }
     getAccessToken() {
+        return __awaiter(this, arguments, void 0, function* (mustBeLoggedIn = false) {
+            try {
+                return yield this.checkAccessToken();
+            }
+            catch (error) {
+                if (mustBeLoggedIn) {
+                    this.onStateChange({
+                        type: types_1.AuthEventType.FAILED_MUST_LOGIN_CHECK,
+                    });
+                }
+                return '';
+            }
+        });
+    }
+    platformCheck(email) {
         return __awaiter(this, void 0, void 0, function* () {
-            return this.checkAccessToken();
+            const response = yield axios_1.default.post(`${this.authServer}auth/email/platform_check`, {
+                realm_name: this.realmName,
+                email,
+            });
+            if (response.data.error || response.data.errors) {
+                throw new Error(response.data.error || response.data.message);
+            }
+            return (response.status === 200) ? response.data : { 'platforms': [] };
         });
     }
-    saveTokens(response) {
+    verifyEmail(email, token) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield axios_1.default.post(`${this.authServer}auth/email/verify`, {
+                realm_name: this.realmName,
+                email,
+                token,
+            });
+            if (response.data.error || response.data.errors) {
+                throw new Error(response.data.error || response.data.message);
+            }
+            return response.status === 200;
+        });
+    }
+    doPassReset(email, token, newPassword) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield axios_1.default.post(`${this.authServer}auth/email/do_pass_reset`, {
+                realm_name: this.realmName,
+                email,
+                token,
+                new_password: newPassword,
+            });
+            if (response.data.error || response.data.errors) {
+                throw new Error(response.data.error || response.data.message);
+            }
+            return response.status === 200;
+        });
+    }
+    changeEmail(email) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const accessToken = localStorage.getItem('access_token');
+            if (!accessToken) {
+                throw new Error('Access token not found');
+            }
+            const response = yield axios_1.default.post(`${this.authServer}auth/email/change_email`, {
+                realm_name: this.realmName,
+                email,
+            }, {
+                headers: { Authorization: `Bearer ${accessToken}` },
+            });
+            if (response.data.error || response.data.errors) {
+                throw new Error(response.data.error || response.data.message);
+            }
+            return response.status === 200;
+        });
+    }
+    initPasswordReset(email) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield axios_1.default.post(`${this.authServer}auth/email/init_pass_reset`, {
+                realm_name: this.realmName,
+                email,
+            });
+            if (response.data.error || response.data.errors) {
+                throw new Error(response.data.error || response.data.message);
+            }
+            return response.status === 200 || response.status === 201;
+        });
+    }
+    changePassword(oldPassword, newPassword, email) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const accessToken = localStorage.getItem('access_token');
+            if (!accessToken) {
+                throw new Error('Access token not found');
+            }
+            const response = yield axios_1.default.post(`${this.authServer}auth/email/change_pass`, {
+                realm_name: this.realmName,
+                email,
+                old_password: oldPassword,
+                new_password: newPassword,
+            }, {
+                headers: { Authorization: `Bearer ${accessToken}` },
+            });
+            if (response.data.error || response.data.errors) {
+                throw new Error(response.data.error || response.data.message);
+            }
+            return response.status === 200;
+        });
+    }
+    registerUsingEmail(firstName, lastName, email, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield axios_1.default.post(`${this.authServer}auth/email/register`, {
+                realm_name: this.realmName,
+                first_name: firstName,
+                last_name: lastName,
+                email,
+                password,
+            });
+            if (response.data.message || response.data.error) {
+                throw new Error(response.data.message || response.data.error);
+            }
+            if (!response.data.access_token) {
+                throw new Error('Something went wrong');
+            }
+            this.saveTokens(response, false);
+        });
+    }
+    saveTokens(response, byRefresh) {
         localStorage.setItem('access_token', response.data.access_token);
         localStorage.setItem('refresh_token', response.data.refresh_token);
-        const user = (0, jsonwebtoken_1.decode)(response.data.access_token);
+        this.onStateChange({
+            type: byRefresh ? types_1.AuthEventType.USER_UPDATED : types_1.AuthEventType.USER_LOGGED_IN,
+            user: this.tokenToPayload(response.data.access_token),
+        });
+        const user = this.tokenToPayload(response.data.access_token);
         localStorage.setItem('user', JSON.stringify(user));
     }
+    loginUsingEmail(email, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield axios_1.default.post(`${this.authServer}auth/email/login`, {
+                realm_name: this.realmName,
+                email,
+                password,
+            });
+            if (response.data.message || response.data.error) {
+                throw new Error(response.data.message || response.data.error);
+            }
+            this.saveTokens(response, false);
+        });
+    }
     loginUsingPkce(code) {
         return __awaiter(this, void 0, void 0, function* () {
             try {
@@ -126,7 +282,7 @@ class AuthManager {
                     redirect_uri: this.redirectUri,
                     code_verifier: codeVerifier,
                 });
-                this.saveTokens(response);
+                this.saveTokens(response, false);
             }
             finally {
                 localStorage.removeItem('codeVerifier');
@@ -142,33 +298,48 @@ class AuthManager {
                     throw new Error('Access token not found');
                 }
                 yield axios_1.default.post(`${this.authServer}auth/logout`, {}, {
-                    headers: { Authorization: `Bearer ${accessToken}` }
+                    headers: { Authorization: `Bearer ${accessToken}` },
                 });
             }
             finally {
                 localStorage.removeItem('access_token');
                 localStorage.removeItem('refresh_token');
+                this.onStateChange({ type: types_1.AuthEventType.USER_LOGGED_OUT });
             }
         });
     }
     static validateToken(authServer, bearerToken) {
-        var _a;
         return __awaiter(this, void 0, void 0, function* () {
+            var _a;
             // @todo tests missing for this static validation
-            try {
-                const decodedToken = (_a = (0, jsonwebtoken_1.decode)(bearerToken, { complete: true })) === null || _a === void 0 ? void 0 : _a.payload;
-                if (!decodedToken) {
-                    return false;
-                }
-                const { data: publicKey } = yield axios_1.default.get(`${authServer}public/public_key`);
-                const { data: algo } = yield axios_1.default.get(`${authServer}public/algo`);
-                (0, jsonwebtoken_1.verify)(bearerToken, publicKey, { algorithms: [algo] });
-                const { data: revokedIds } = yield axios_1.default.get(`${authServer}public/revoked_ids`);
-                return !revokedIds.includes(decodedToken['id']);
+            // @todo add caching for public key and algo
+            const decodedToken = (_a = (0, jsonwebtoken_1.decode)(bearerToken, {
+                complete: true,
+            })) === null || _a === void 0 ? void 0 : _a.payload;
+            if (!decodedToken) {
+                throw new Error('Not a valid jwt token');
             }
-            catch (error) {
-                return false;
+            const userToken = {
+                id: decodedToken.id,
+                iss: decodedToken.iss,
+                sub: typeof decodedToken.sub === 'string' ? parseInt(decodedToken.sub) : decodedToken.sub,
+                first_name: decodedToken.first_name,
+                last_name: decodedToken.last_name,
+                email: decodedToken.email,
+                aud: decodedToken.aud,
+                iat: decodedToken.iat,
+                exp: decodedToken.exp,
+                scopes: decodedToken.scopes,
+                realm: decodedToken.realm,
+            };
+            const { data: publicKey } = yield axios_1.default.get(`${authServer}public/public_key`);
+            const { data: algo } = yield axios_1.default.get(`${authServer}public/algo`);
+            (0, jsonwebtoken_1.verify)(bearerToken, publicKey, { algorithms: [algo] });
+            const { data: revokedIds } = yield axios_1.default.get(`${authServer}public/revoked_ids`);
+            if (revokedIds.includes(decodedToken.id)) {
+                throw new Error('Token is revoked');
             }
+            return userToken;
         });
     }
     static resetInstance() {

package/dist/index.d.ts CHANGED Viewed

	@@ -1 +1,2 @@
1	+ export * from './types';
1 2	export { AuthManager } from './AuthManager';

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,20 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthManager = void 0;
+__exportStar(require("./types"), exports);
 var AuthManager_1 = require("./AuthManager");
 Object.defineProperty(exports, "AuthManager", { enumerable: true, get: function () { return AuthManager_1.AuthManager; } });

package/dist/types.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+export declare enum AuthEventType {
+    INITALIZED_IN = "initialized-logged-in",
+    INITALIZED_OUT = "initialized-logged-out",
+    USER_LOGGED_IN = "user-logged-in",
+    USER_LOGGED_OUT = "user-logged-out",
+    USER_UPDATED = "user-updated",
+    FAILED_MUST_LOGIN_CHECK = "failed-must-login",
+    REFRESH_FAILED = "refresh-failed"
+}
+export interface UserTokenPayload {
+    id: number;
+    iss: string;
+    sub: number | string;
+    first_name: string;
+    last_name: string;
+    email: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    scopes: string;
+    realm: string;
+}
+export interface AuthManagerEvent {
+    type: AuthEventType;
+    user?: UserTokenPayload;
+}
+export declare enum Platforms {
+    PASSWORD = "password",
+    GOOGLE = "google",
+    FACEBOOK = "facebook",
+    TWITTER = "twitter",
+    GITHUB = "github",
+    APPLE = "apple",
+    LINKEDIN = "linkedin",
+    MICROSOFT = "microsoft"
+}

package/dist/types.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Platforms = exports.AuthEventType = void 0;
+var AuthEventType;
+(function (AuthEventType) {
+    AuthEventType["INITALIZED_IN"] = "initialized-logged-in";
+    AuthEventType["INITALIZED_OUT"] = "initialized-logged-out";
+    AuthEventType["USER_LOGGED_IN"] = "user-logged-in";
+    AuthEventType["USER_LOGGED_OUT"] = "user-logged-out";
+    AuthEventType["USER_UPDATED"] = "user-updated";
+    AuthEventType["FAILED_MUST_LOGIN_CHECK"] = "failed-must-login";
+    AuthEventType["REFRESH_FAILED"] = "refresh-failed";
+})(AuthEventType || (exports.AuthEventType = AuthEventType = {}));
+var Platforms;
+(function (Platforms) {
+    Platforms["PASSWORD"] = "password";
+    Platforms["GOOGLE"] = "google";
+    Platforms["FACEBOOK"] = "facebook";
+    Platforms["TWITTER"] = "twitter";
+    Platforms["GITHUB"] = "github";
+    Platforms["APPLE"] = "apple";
+    Platforms["LINKEDIN"] = "linkedin";
+    Platforms["MICROSOFT"] = "microsoft";
+})(Platforms || (exports.Platforms = Platforms = {}));

package/package.json CHANGED Viewed

@@ -1,12 +1,13 @@
 {
   "name": "supaapps-auth",
-  "version": "1.4.1",
+  "version": "2.0.0-rc.10",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "scripts": {
     "test": "jest",
-    "build": "tsc"
+    "build": "tsc",
+    "lint": "eslint src/ --ext .ts,.tsx"
   },
   "author": "",
   "license": "MIT",
@@ -16,15 +17,26 @@
     "jsonwebtoken": "^9.0.2"
   },
   "devDependencies": {
+    "@next/eslint-plugin-next": "^13.5.6",
     "@types/axios": "^0.14.0",
     "@types/jest": "^29.5.12",
     "@types/jsonwebtoken": "^9.0.6",
-    "@types/node": "^20.11.10",
+    "@types/node": "^20.12.12",
+    "@typescript-eslint/eslint-plugin": "^6.21.0",
+    "@typescript-eslint/parser": "^6.21.0",
     "axios-mock-adapter": "^1.22.0",
+    "eslint": "^8.57.1",
+    "eslint-config-airbnb-base": "^15.0.0",
+    "eslint-config-airbnb-typescript": "^17.1.0",
+    "eslint-config-next": "^13.5.6",
+    "eslint-config-prettier": "^9.1.0",
+    "eslint-config-supaapps": "^1.1.0",
+    "eslint-plugin-import": "^2.29.1",
     "jest": "^29.7.0",
     "jest-localstorage-mock": "^2.4.26",
     "jest-mock-axios": "^4.7.3",
     "ts-jest": "^29.1.2",
-    "typescript": "^5.3.3"
+    "typescript": "^5.3.3",
+    "undefined": "^0.1.0"
   }
 }

package/src/AuthManager.ts CHANGED Viewed

@@ -1,174 +1,431 @@
 import axios, { AxiosResponse } from 'axios';
 import { createHash, randomBytes } from 'crypto';
-import {decode as jwtDecode, verify as jwtVerify} from 'jsonwebtoken';  // Ensure jsonwebtoken is correctly imported
+import {
+  decode as jwtDecode,
+  verify as jwtVerify,
+} from 'jsonwebtoken'; // Ensure jsonwebtoken is correctly imported
+import {AuthEventType, AuthManagerEvent, Platforms, UserTokenPayload} from './types';
 export class AuthManager {
-    private static instance: AuthManager | null = null;
-    private authServer: string;
-    private realmName: string;
-    private redirectUri: string;
-    private loginCallback: () => void;
+  private static instance: AuthManager | null = null;
-    private constructor(authServer: string, realmName: string, redirectUri: string, loginCallback: () => void) {
-        this.authServer = authServer;
-        this.realmName = realmName;
-        this.redirectUri = redirectUri;
-        this.loginCallback = loginCallback;
-        AuthManager.instance = this;
+  private authServer: string;
+  private realmName: string;
+  private redirectUri: string;
+  private onStateChange: (event: AuthManagerEvent) => void;
+  private constructor(
+    authServer: string,
+    realmName: string,
+    redirectUri: string,
+    onStateChange: (event: AuthManagerEvent) => void,
+  ) {
+    this.authServer = authServer;
+    this.realmName = realmName;
+    this.redirectUri = redirectUri;
+    this.onStateChange = onStateChange;
+    AuthManager.instance = this;
+  }
+  public static initialize(
+    authServer: string,
+    realmName: string,
+    redirectUri: string,
+    onStateChange: (event: AuthManagerEvent) => void,
+  ): AuthManager {
+    if (!AuthManager.instance) {
+      AuthManager.instance = new AuthManager(
+        authServer,
+        realmName,
+        redirectUri,
+        onStateChange,
+      );
+      AuthManager.instance
+      .checkAccessToken(true)
+      .then((token) => {
+        onStateChange({
+          type: AuthEventType.INITALIZED_IN,
+          user: AuthManager.instance.tokenToPayload(token),
+        });
+      })
+      .catch(() => {
+        onStateChange({ type: AuthEventType.INITALIZED_OUT });
+      });
+    }
+    return AuthManager.instance;
+  }
+  public static getInstance(): AuthManager {
+    if (!AuthManager.instance) {
+      throw new Error('AuthManager not initialized');
     }
+    return AuthManager.instance;
+  }
+  private tokenToPayload(token: string): UserTokenPayload {
+    return JSON.parse(atob(token.split('.')[1]));
+  }
-    public static initialize(authServer: string, realmName: string, redirectUri: string, loginCallback: () => void): AuthManager {
-        if (!AuthManager.instance) {
-            AuthManager.instance = new AuthManager(authServer, realmName, redirectUri, loginCallback);
-        }
-        return AuthManager.instance;
+  private toBase64Url(base64String: string): string {
+    return base64String
+      .replace(/\+/g, '-')
+      .replace(/\//g, '_')
+      .replace(/=+$/, '');
+  }
+  private generatePKCEPair(): {
+    verifier: string,
+    challenge: string,
+  } {
+    const verifier =
+      localStorage.getItem('codeVerifier') ??
+      this.toBase64Url(randomBytes(32).toString('base64'));
+    const challenge =
+      localStorage.getItem('codeChallenge') ??
+      this.toBase64Url(
+        createHash('sha256').update(verifier).digest('base64'),
+      );
+    localStorage.setItem('codeVerifier', verifier);
+    localStorage.setItem('codeChallenge', challenge);
+    return { verifier, challenge };
+  }
+  public async refreshAccessToken(isInitialization: boolean = false): Promise<string> {
+    try {
+      const refreshToken = localStorage.getItem('refresh_token');
+      if (!refreshToken) {
+        throw new Error('No refresh token found');
+      }
+      const response = await axios.post(
+        `${this.authServer}auth/refresh`,
+        {
+          refresh_token: refreshToken,
+        },
+      );
+      this.saveTokens(response, true);
+      return response.data.access_token;
+    } catch (error) {
+      console.error(`Refresh token error, logging out: ${error}`);
+      localStorage.removeItem('access_token');
+      localStorage.removeItem('refresh_token');
+      if (!isInitialization) {
+        // throw refresh fail only if not initialization
+        this.onStateChange({ type: AuthEventType.REFRESH_FAILED });
+      }
+      throw error;
     }
+  }
-    public static getInstance(): AuthManager {
-        if (!AuthManager.instance) {
-            throw new Error('AuthManager not initialized');
-        }
-        return AuthManager.instance;
+  public async checkAccessToken(isInitilization: boolean = false): Promise<string> {
+    const accessToken = localStorage.getItem('access_token');
+    if (accessToken && this.isTokenExpired(accessToken)) {
+      return this.refreshAccessToken(isInitilization);
     }
+    return accessToken;
+  }
+  private isTokenExpired(token: string): boolean {
+    const decoded = this.tokenToPayload(token);
+    return decoded.exp < Date.now() / 1000;
+  }
-    private toBase64Url(base64String: string): string {
-        return base64String.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+  public async mustBeLoggedIn(): Promise<void> {
+    if (!(await this.isLoggedIn())) {
+      this.onStateChange({
+        type: AuthEventType.FAILED_MUST_LOGIN_CHECK,
+      });
     }
+  }
-    private generatePKCEPair(): { verifier: string; challenge: string } {
-        const verifier = localStorage.getItem('codeVerifier') ?? this.toBase64Url(randomBytes(32).toString('base64'));
-        const challenge = localStorage.getItem('codeChallenge') ?? this.toBase64Url(createHash('sha256').update(verifier).digest('base64'));
+  public getLoginWithGoogleUri(): string {
+    const { challenge } = this.generatePKCEPair();
+    return `${this.authServer}auth/login_with_google?realm_name=${this.realmName}&redirect_uri=${encodeURIComponent(this.redirectUri)}&code_challenge=${challenge}&code_challenge_method=S256`;
+  }
-        localStorage.setItem('codeVerifier', verifier);
-        localStorage.setItem('codeChallenge', challenge);
+  public async isLoggedIn(): Promise<boolean> {
+    try {
+      await this.checkAccessToken();
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
-        return { verifier, challenge };
-    }
-    public async refreshAccessToken(): Promise<string> {
-        try {
-            const refreshToken = localStorage.getItem('refresh_token');
-            if (!refreshToken) {
-                throw new Error('No refresh token found');
-            }
+  public async getAccessToken(mustBeLoggedIn: boolean = false): Promise<string> {
+    try {
+      return await this.checkAccessToken();
+    } catch (error) {
+      if (mustBeLoggedIn) {
+        this.onStateChange({
+          type: AuthEventType.FAILED_MUST_LOGIN_CHECK,
+        });
+      }
+      return '';
+    }
+  }
-            const response = await axios.post(`${this.authServer}auth/refresh`, {
-                refresh_token: refreshToken
-            });
-            localStorage.setItem('refresh_token', response.data.refresh_token);
-            localStorage.setItem('access_token', response.data.access_token);
-            const user = jwtDecode(response.data.access_token);
-            localStorage.setItem('user', JSON.stringify(user));
-            return response.data.access_token;
-        } catch (error) {
-            console.error(`Refresh token error, logging out: ${error}`);
-            localStorage.removeItem('access_token');
-            localStorage.removeItem('refresh_token');
-            this.loginCallback();
-            throw error;
-        }
+  public async platformCheck(email: string): Promise<Array<Platforms>> {
+    const response = await axios.post(
+        `${this.authServer}auth/email/platform_check`,
+        {
+          realm_name: this.realmName,
+          email,
+        },
+    );
+    if (response.data.error || response.data.errors) {
+      throw new Error(response.data.error || response.data.message);
     }
-    public async checkAccessToken(): Promise<string> {
-        let accessToken = localStorage.getItem('access_token');
-        if (!accessToken || this.isTokenExpired(accessToken)) {
-            return this.refreshAccessToken();
-        }
-        return accessToken;
+    return (response.status === 200) ? response.data : {'platforms': []};
+  }
+  public async verifyEmail(email: string, token: string): Promise<boolean> {
+    const response = await axios.post(
+      `${this.authServer}auth/email/verify`,
+      {
+        realm_name: this.realmName,
+        email,
+        token,
+      },
+    );
+    if (response.data.error || response.data.errors) {
+      throw new Error(response.data.error || response.data.message);
     }
-    private isTokenExpired(token: string): boolean {
-        const decoded = JSON.parse(atob(token.split('.')[1]));
-        return decoded.exp < Date.now() / 1000;
+    return response.status === 200;
+  }
+  public async doPassReset(email: string, token: string, newPassword: string): Promise<boolean> {
+    const response = await axios.post(
+        `${this.authServer}auth/email/do_pass_reset`,
+        {
+          realm_name: this.realmName,
+          email,
+          token,
+          new_password: newPassword,
+        },
+    );
+    if (response.data.error || response.data.errors) {
+      throw new Error(response.data.error || response.data.message);
     }
-    public async mustBeLoggedIn(): Promise<boolean> {
-        return this.isLoggedIn() || (this.loginCallback(), false);
+    return response.status === 200;
+  }
+  public async changeEmail(email: string): Promise<boolean> {
+    const accessToken = localStorage.getItem('access_token');
+    if (!accessToken) {
+      throw new Error('Access token not found');
+    }
+    const response = await axios.post(
+      `${this.authServer}auth/email/change_email`,
+      {
+        realm_name: this.realmName,
+        email,
+      },
+      {
+        headers: { Authorization: `Bearer ${accessToken}` },
+      },
+    );
+    if (response.data.error || response.data.errors) {
+      throw new Error(response.data.error || response.data.message);
     }
-    public getLoginWithGoogleUri(): string {
-        const { challenge } = this.generatePKCEPair();
-        return `${this.authServer}auth/login_with_google?realm_name=${this.realmName}&redirect_uri=${encodeURIComponent(this.redirectUri)}&code_challenge=${challenge}&code_challenge_method=S256`;
+    return response.status === 200;
+  }
+  public async initPasswordReset(email: string): Promise<boolean> {
+    const response = await axios.post(
+      `${this.authServer}auth/email/init_pass_reset`,
+      {
+        realm_name: this.realmName,
+        email,
+      },
+    );
+    if (response.data.error || response.data.errors) {
+      throw new Error(response.data.error || response.data.message);
     }
-    public async isLoggedIn(): Promise<boolean> {
-        try {
-            await this.checkAccessToken();
-            return true;
-        } catch (error) {
-            return false;
-        }
+    return response.status === 200 || response.status === 201;
+  }
+  public async changePassword(oldPassword: string, newPassword: string, email: string): Promise<boolean> {
+    const accessToken = localStorage.getItem('access_token');
+    if (!accessToken) {
+      throw new Error('Access token not found');
     }
+    const response = await axios.post(
+      `${this.authServer}auth/email/change_pass`,
+      {
+        realm_name: this.realmName,
+        email,
+        old_password: oldPassword,
+        new_password: newPassword,
+      },
+      {
+        headers: { Authorization: `Bearer ${accessToken}` },
+      },
+    );
+    if (response.data.error || response.data.errors) {
+      throw new Error(response.data.error || response.data.message);
+    }
+    return response.status === 200;
+  }
-    public async getAccessToken(): Promise<string> {
-        return this.checkAccessToken();
+  public async registerUsingEmail(
+      firstName: string,
+      lastName: string,
+      email: string,
+      password: string
+  ): Promise<void> {
+    const response = await axios.post(
+      `${this.authServer}auth/email/register`,
+      {
+        realm_name: this.realmName,
+        first_name: firstName,
+        last_name: lastName,
+        email,
+        password,
+      },
+    );
+    if (response.data.message || response.data.error) {
+      throw new Error(response.data.message || response.data.error);
     }
-    private saveTokens(response: AxiosResponse): void {
-        localStorage.setItem('access_token', response.data.access_token);
-        localStorage.setItem('refresh_token', response.data.refresh_token);
-        const user = jwtDecode(response.data.access_token);
-        localStorage.setItem('user', JSON.stringify(user));
+    if (!response.data.access_token) {
+        throw new Error('Something went wrong');
     }
-    public async loginUsingPkce(code: string): Promise<void> {
-        try {
-            const codeVerifier = localStorage.getItem('codeVerifier');
-            if (!codeVerifier) {
-                throw new Error('Code verifier not found');
-            }
+    this.saveTokens(response, false);
+  }
-            const response = await axios.post(`${this.authServer}auth/pkce_exchange`, {
-                realm_name: this.realmName,
-                code,
-                redirect_uri: this.redirectUri,
-                code_verifier: codeVerifier,
-            });
-            this.saveTokens(response);
-        } finally {
-            localStorage.removeItem('codeVerifier');
-            localStorage.removeItem('codeChallenge');
-        }
+  private saveTokens(response: AxiosResponse, byRefresh: boolean): void {
+    localStorage.setItem('access_token', response.data.access_token);
+    localStorage.setItem(
+      'refresh_token',
+      response.data.refresh_token,
+    );
+    this.onStateChange({
+      type: byRefresh ? AuthEventType.USER_UPDATED : AuthEventType.USER_LOGGED_IN,
+      user: this.tokenToPayload(response.data.access_token),
+     });
+    const user = this.tokenToPayload(response.data.access_token);
+    localStorage.setItem('user', JSON.stringify(user));
+  }
+  public async loginUsingEmail(email: string, password: string): Promise<void> {
+    const response = await axios.post(
+      `${this.authServer}auth/email/login`,
+      {
+        realm_name: this.realmName,
+        email,
+        password,
+      },
+    );
+    if (response.data.message || response.data.error) {
+      throw new Error(response.data.message || response.data.error);
     }
+    this.saveTokens(response, false);
+  }
+  public async loginUsingPkce(code: string): Promise<void> {
+    try {
+      const codeVerifier = localStorage.getItem('codeVerifier');
+      if (!codeVerifier) {
+        throw new Error('Code verifier not found');
+      }
-    public async logout(): Promise<void> {
-        try {
-            const accessToken = localStorage.getItem('access_token');
-            if (!accessToken) {
-                throw new Error('Access token not found');
-            }
-            await axios.post(`${this.authServer}auth/logout`, {}, {
-                headers: { Authorization: `Bearer ${accessToken}` }
-            });
-        } finally {
-            localStorage.removeItem('access_token');
-            localStorage.removeItem('refresh_token');
-        }
-    }
-    public static async validateToken(authServer: string, bearerToken: string): Promise<boolean> {
-        // @todo tests missing for this static validation
-        try {
-            const decodedToken = jwtDecode(bearerToken, { complete: true })?.payload;
+      const response = await axios.post(
+        `${this.authServer}auth/pkce_exchange`,
+        {
+          realm_name: this.realmName,
+          code,
+          redirect_uri: this.redirectUri,
+          code_verifier: codeVerifier,
+        },
+      );
+      this.saveTokens(response, false);
+    } finally {
+      localStorage.removeItem('codeVerifier');
+      localStorage.removeItem('codeChallenge');
+    }
+  }
-            if (!decodedToken) {
-                return false;
-            }
+  public async logout(): Promise<void> {
+    try {
+      const accessToken = localStorage.getItem('access_token');
+      if (!accessToken) {
+        throw new Error('Access token not found');
+      }
+      await axios.post(
+        `${this.authServer}auth/logout`,
+        {},
+        {
+          headers: { Authorization: `Bearer ${accessToken}` },
+        },
+      );
+    } finally {
+      localStorage.removeItem('access_token');
+      localStorage.removeItem('refresh_token');
+      this.onStateChange({ type: AuthEventType.USER_LOGGED_OUT });
+    }
+  }
-            const { data: publicKey } = await axios.get(`${authServer}public/public_key`);
-            const { data: algo } = await axios.get(`${authServer}public/algo`);
+  public static async validateToken(
+    authServer: string,
+    bearerToken: string,
+  ): Promise<UserTokenPayload> {
+    // @todo tests missing for this static validation
+    // @todo add caching for public key and algo
+    const decodedToken = jwtDecode(bearerToken, {
+      complete: true,
+    })?.payload as unknown as UserTokenPayload;
-            jwtVerify(bearerToken, publicKey, { algorithms: [algo] });
+    if (!decodedToken) {
+      throw new Error('Not a valid jwt token');
+    }
-            const { data: revokedIds } = await axios.get(`${authServer}public/revoked_ids`);
-            return !revokedIds.includes(decodedToken['id']);
-        } catch (error) {
-            return false;
-        }
+    const userToken: UserTokenPayload = {
+        id: decodedToken.id,
+        iss: decodedToken.iss,
+        sub: typeof decodedToken.sub === 'string' ? parseInt(decodedToken.sub) : decodedToken.sub,
+        first_name: decodedToken.first_name,
+        last_name: decodedToken.last_name,
+        email: decodedToken.email,
+        aud: decodedToken.aud,
+        iat: decodedToken.iat,
+        exp: decodedToken.exp,
+        scopes: decodedToken.scopes,
+        realm: decodedToken.realm,
     }
-    public static resetInstance(): void {
-        AuthManager.instance = null;
+    const { data: publicKey } = await axios.get(
+      `${authServer}public/public_key`,
+    );
+    const { data: algo } = await axios.get(
+      `${authServer}public/algo`,
+    );
+    jwtVerify(bearerToken, publicKey, { algorithms: [algo] });
+    const { data: revokedIds } = await axios.get(
+      `${authServer}public/revoked_ids`,
+    );
+    if(revokedIds.includes(decodedToken.id)){
+      throw new Error('Token is revoked');
     }
+    return userToken;
+  }
+  public static resetInstance(): void {
+    AuthManager.instance = null;
+  }
 }

package/src/index.ts CHANGED Viewed

	@@ -1 +1,2 @@
1	+ export * from './types';
1 2	export { AuthManager } from './AuthManager';

package/src/types.ts ADDED Viewed

@@ -0,0 +1,40 @@
+export enum AuthEventType {
+    INITALIZED_IN = 'initialized-logged-in',
+    INITALIZED_OUT = 'initialized-logged-out',
+    USER_LOGGED_IN = 'user-logged-in',
+    USER_LOGGED_OUT = 'user-logged-out',
+    USER_UPDATED = 'user-updated',
+    FAILED_MUST_LOGIN_CHECK = 'failed-must-login',
+    REFRESH_FAILED = 'refresh-failed',
+}
+export interface UserTokenPayload {
+    id: number;
+    iss: string;
+    sub: number | string;
+    first_name: string;
+    last_name: string;
+    email: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    scopes: string;
+    realm: string;
+}
+export interface AuthManagerEvent {
+    type:  AuthEventType;
+    user?: UserTokenPayload;
+}
+export enum Platforms {
+    PASSWORD = 'password',
+    GOOGLE = 'google',
+    FACEBOOK = 'facebook',
+    TWITTER = 'twitter',
+    GITHUB = 'github',
+    APPLE = 'apple',
+    LINKEDIN = 'linkedin',
+    MICROSOFT = 'microsoft',
+}

package/tests/AuthManager.test.ts CHANGED Viewed

@@ -1,12 +1,23 @@
 import axios from 'axios';
 import MockAdapter from 'axios-mock-adapter';
 import { AuthManager } from '../src/AuthManager';
+import { AuthEventType } from '../src/types';
 import { basename } from 'path';
 const mock = new MockAdapter(axios);
+const tokenThatWontExpire1 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZmlyc3RfbmFtZSI6IkpvaG4gRG9lIiwibGFzdF9uYW1lIjoiRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZXMiOiIvcm9vdC8qIiwiZXhwIjo5OTk5OTk5OTk5LCJpZCI6MiwiaXNzIjoxMjMsImF1ZCI6InRlc3RpbmcifQ.843X4Zq2WgNSu8fjRKx-kd_FbDqY_eVkgu2wZZbhhwE';
+const tokenThatWontExpire2 = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZmlyc3RfbmFtZSI6IkpvaG4gRG9lIiwibGFzdF9uYW1lIjoiRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZXMiOiIvcm9vdC8qIiwiZXhwIjo5OTk5OTk5OTk5LCJpZCI6MiwiaXNzIjoxMjMsImF1ZCI6InRlc3RpbmcifQ.843X4Zq2WgNSu8fjRKx-kd_FbDqY_eVkgu2wZZbhhwE';
+const tokenThatExpired = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwiZmlyc3RfbmFtZSI6IkpvaG4gRG9lIiwibGFzdF9uYW1lIjoiRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJzY29wZXMiOiIvcm9vdC8qIiwiZXhwIjo1MDAsImlkIjoyLCJpc3MiOjEyMywiYXVkIjoidGVzdGluZyJ9.ungpbhHfCM5ZP5oiZ1RnMkJ-NKJI8s3_IPJptjyKHR4';
 describe('AuthManager Tests', () => {
+    beforeAll(() => {
+      jest.spyOn(localStorage, 'getItem');
+    });
     beforeEach(() => {
         localStorage.clear();  // Clear localStorage before each test
@@ -45,13 +56,13 @@ describe('AuthManager Tests', () => {
     it('refreshes access token when expired', async () => {
       mock.onPost('http://auth-server.com/auth/refresh').reply(200, {
-        access_token: 'newAccessToken',
+        access_token: tokenThatWontExpire2,
         refresh_token: 'newRefreshToken'
       });
       const loginCallback = jest.fn();
       // check that we set localstorage correct
-      localStorage.setItem('access_token', 'mockAccessToken');
+      localStorage.setItem('access_token', tokenThatExpired);
       localStorage.setItem('refresh_token', 'mockRefreshToken');
       const refresh = localStorage.getItem('refresh_token');
@@ -60,12 +71,32 @@ describe('AuthManager Tests', () => {
       const manager = AuthManager.initialize('http://auth-server.com/', 'example-realm', 'http://myapp.com/callback', loginCallback);
       const token = await manager.refreshAccessToken();
-      expect(token).toEqual('newAccessToken');
-      expect(localStorage.setItem).toHaveBeenCalledWith('access_token', 'newAccessToken');
+      expect(token).toEqual(tokenThatWontExpire2);
+      expect(localStorage.setItem).toHaveBeenCalledWith('access_token', tokenThatWontExpire2);
       expect(localStorage.setItem).toHaveBeenCalledWith('refresh_token', 'newRefreshToken');
     });
+    describe('AuthManager Tests isolated ', () => {
+      it('doesn\'t refresh access token when its not expired', async () => {
+        const stateChange = jest.fn();
+        // check that we set localstorage correct
+        localStorage.setItem('access_token', tokenThatWontExpire1);
+        localStorage.setItem('refresh_token', 'mockRefreshToken');
+        const manager = AuthManager.initialize('http://auth-server.com/', 'example-realm', 'http://myapp.com/callback', stateChange);
+        const currentCallCount = (localStorage.getItem as jest.Mock).mock.calls.length;
+        const token = await manager.getAccessToken();
+        expect(localStorage.getItem).toHaveBeenCalledTimes(currentCallCount + 1);
+      });
+    });
     it('throws an error when no refresh token is found', async () => {
       localStorage.removeItem('refresh_token');
@@ -73,7 +104,9 @@ describe('AuthManager Tests', () => {
       const manager = AuthManager.initialize('http://auth-server.com/', 'example-realm', 'http://myapp.com/callback', loginCallback);
       await expect(manager.refreshAccessToken()).rejects.toThrow('No refresh token found');
-      await expect(loginCallback).toHaveBeenCalled();
+      await expect(loginCallback).toHaveBeenCalledWith({
+        type: AuthEventType.REFRESH_FAILED,
+      });
     });
     it('logs in using PKCE and updates local storage', async () => {
@@ -104,11 +137,11 @@ describe('AuthManager Tests', () => {
     });
     it('logs out and clears local storage', async () => {
-      localStorage.setItem('access_token', 'validAccessToken');
       mock.onPost('http://auth-server.com/auth/logout').reply(200);
       const loginCallback = jest.fn();
       const manager = AuthManager.initialize('http://auth-server.com/', 'example-realm', 'http://myapp.com/callback', loginCallback);
+      localStorage.setItem('access_token', tokenThatWontExpire1);
       await manager.logout();
       expect(localStorage.removeItem).toHaveBeenCalledWith('access_token');
@@ -117,4 +150,4 @@ describe('AuthManager Tests', () => {
-});
+});