win-portal-auth-sdk 1.6.1 → 1.6.3

package/dist/client/api/system-config.api.d.ts

@@ -1,5 +1,5 @@
+import { SessionManagementConfig, SystemConfig, SystemConfigByCategory } from '../../types';
 import { AuthClient } from '../auth-client';
-import { SystemConfig, SystemConfigByCategory, SecurityJwtConfig, SessionManagementConfig } from '../../types';
 /**
  * System Config API
  * Methods for retrieving system configurations
@@ -12,22 +12,13 @@ export declare class SystemConfigAPI {
      * GET /system-configs/categories/:category
      * ดึง configs ตาม category - ส่ง object ที่รวมทุก key เป็น { key1: value1, key2: value2 }
      */
-    getByCategory(category: string): Promise<SystemConfigByCategory>;
+    private getByCategory;
     /**
      * GET /system-configs/categories/:category/:key
      * ดึง config ตาม category และ key - ส่ง full metadata row
      */
-    getByCategoryAndKey(category: string, key: string): Promise<SystemConfig>;
-    /**
-     * GET /system-configs/categories/security
-     * ดึง security configs ทั้งหมด (convenience method)
-     */
-    security(): Promise<SystemConfigByCategory>;
-    /**
-     * GET /system-configs/categories/security/jwt
-     * ดึง JWT configuration (convenience method)
-     */
-    getSecurityJwtConfig(): Promise<SecurityJwtConfig>;
+    private getByCategoryAndKey;
+    get(category: string, key?: string): Promise<SystemConfig | SystemConfigByCategory>;
     /**
      * GET /system-configs/categories/security/session-management
      * ดึง Session Management configuration (convenience method)

package/dist/client/api/system-config.api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"system-config.api.d.ts","sourceRoot":"","sources":["../../../src/client/api/system-config.api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EACL,YAAY,EACZ,sBAAsB,EACtB,iBAAiB,EACjB,uBAAuB,EAExB,MAAM,aAAa,CAAC;AAErB;;;;GAIG;AACH,qBAAa,eAAe;IACd,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,UAAU;IAEtC;;;OAGG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAOtE;;;OAGG;IACG,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAK/E;;;OAGG;IACG,QAAQ,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAIjD;;;OAGG;IACG,oBAAoB,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAKxD;;;OAGG;IACG,oBAAoB,IAAI,OAAO,CAAC,uBAAuB,CAAC;CAS/D"}
+{"version":3,"file":"system-config.api.d.ts","sourceRoot":"","sources":["../../../src/client/api/system-config.api.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,uBAAuB,EACvB,YAAY,EACZ,sBAAsB,EACvB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C;;;;GAIG;AACH,qBAAa,eAAe;IACd,OAAO,CAAC,MAAM;gBAAN,MAAM,EAAE,UAAU;IAEtC;;;OAGG;YACW,aAAa;IAO3B;;;OAGG;YACW,mBAAmB;IAK3B,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,sBAAsB,CAAC;IAOzF;;;OAGG;IACG,oBAAoB,IAAI,OAAO,CAAC,uBAAuB,CAAC;CAI/D"}

package/dist/client/api/system-config.api.js

@@ -26,33 +26,19 @@ class SystemConfigAPI {
         const response = await this.client.get(`/system-configs/categories/${category}/${key}`);
         return response.data.data;
     }
-    /**
-     * GET /system-configs/categories/security
-     * ดึง security configs ทั้งหมด (convenience method)
-     */
-    async security() {
-        return this.getByCategory('security');
-    }
-    /**
-     * GET /system-configs/categories/security/jwt
-     * ดึง JWT configuration (convenience method)
-     */
-    async getSecurityJwtConfig() {
-        const config = await this.getByCategoryAndKey('security', 'jwt');
-        return config.value;
+    async get(category, key) {
+        if (key) {
+            return await this.getByCategoryAndKey(category, key);
+        }
+        return await this.getByCategory(category);
     }
     /**
      * GET /system-configs/categories/security/session-management
      * ดึง Session Management configuration (convenience method)
      */
     async getSessionManagement() {
-        const securityConfigs = await this.security();
-        // Key ใน database เป็น session_management (snake_case)
-        const sessionManagement = securityConfigs['session_management'] || securityConfigs['session-management'];
-        if (!sessionManagement) {
-            throw new Error('Session management configuration not found');
-        }
-        return sessionManagement;
+        const securityConfigs = await this.get('security', 'session_management');
+        return securityConfigs.value;
     }
 }
 exports.SystemConfigAPI = SystemConfigAPI;

package/dist/client/auth-client.d.ts

@@ -128,6 +128,9 @@ export declare class AuthClient {
     private activityThrottleTimeout;
     private activityThrottleMs;
     private refreshTimeoutMs;
+    private lastActivityRefreshTime;
+    private ACTIVITY_REFRESH_INTERVAL_MS;
+    private sessionSocket;
     readonly auth: AuthAPI;
     readonly health: HealthAPI;
     readonly systemConfig: SystemConfigAPI;
@@ -188,22 +191,32 @@ export declare class AuthClient {
     /**
      * Set JWT token for authenticated requests
      *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ใช้ `createAuthGuard()` หรือ `authMiddleware()` แทน (ไม่ต้อง setToken)
+     *
      * @param token - JWT access token
      * @param type - Token type: 'jwt' (default), 'oauth', or 'hybrid'
      *
      * @example
      * ```typescript
-     * // JWT token from /auth/login
+     * // Frontend: JWT token from /auth/login
      * authClient.setToken(session.token, 'jwt');
      *
-     * // OAuth access token
+     * // Frontend: OAuth access token
      * authClient.setToken(oauthToken, 'oauth');
      *
-     * // Auto-detect (hybrid mode)
-     * authClient.setToken(token);
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
+     * // @UseGuards(AuthGuard)
      * ```
      */
     setToken(token: string, type?: 'jwt' | 'oauth' | 'hybrid'): void;
+    /**
+     * Update session socket token if real-time monitoring is enabled
+     *
+     * @private
+     * @param token - New JWT token to update
+     */
+    private updateSessionSocketToken;
     /**
      * Get current token type
      */
@@ -228,33 +241,30 @@ export declare class AuthClient {
     getAxiosInstance(): AxiosInstance;
     /**
      * Enable automatic token refresh
-     * Call this after user is authenticated to enable automatic refresh
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ถือ token, Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป
+     *
+     * Call this after user is authenticated to enable automatic refresh.
+     * SDK จะ refresh token อัตโนมัติก่อนหมดอายุผ่าน axios interceptor.
      *
      * @param options - Options for automatic refresh (optional - SDK will use session-based refresh if not provided)
      *
      * @example
      * ```typescript
-     * // Option 1: Session-based refresh (default - no refresh token needed)
-     * // Works when login only returns access_token
+     * // Frontend: Session-based refresh (default - no refresh token needed)
      * await authClient.enableAutomaticRefresh({
      *   onRefreshFailure: () => window.location.href = '/login'
      * });
      *
-     * // Option 2: With refresh token (if login returns refresh_token)
+     * // Frontend: With refresh token (if login returns refresh_token)
      * await authClient.enableAutomaticRefresh({
      *   refreshTokenKey: 'refresh_token',
      *   onRefreshFailure: () => window.location.href = '/login'
      * });
      *
-     * // Option 3: Custom callbacks
-     * await authClient.enableAutomaticRefresh({
-     *   callbacks: {
-     *     getRefreshToken: () => customStorage.get('refresh_token'),
-     *     setRefreshToken: (token) => customStorage.set('refresh_token', token),
-     *     clearRefreshToken: () => customStorage.remove('refresh_token'),
-     *     onRefreshFailure: () => window.location.href = '/login'
-     *   }
-     * });
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
+     * // @UseGuards(AuthGuard) // Guard จะ validate token อัตโนมัติ
      * ```
      */
     enableAutomaticRefresh(options?: AutomaticRefreshOptions): Promise<void>;
@@ -285,12 +295,17 @@ export declare class AuthClient {
     reloadJwtConfig(): Promise<void>;
     /**
      * Enable session expiration monitoring
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ track session expiration, Frontend เป็นคนจัดการ
+     *
      * จะตรวจสอบ session expiration ตาม config จาก settings/sessions และเรียก callback เมื่อใกล้หมดอายุ
      *
      * @param options - Options for session expiration monitoring
      *
      * @example
      * ```typescript
+     * // Frontend: Monitor session expiration
      * await authClient.enableSessionExpirationMonitoring({
      *   callbacks: {
      *     onSessionExpiring: (remainingMinutes, expirationType) => {
@@ -304,6 +319,8 @@ export declare class AuthClient {
      *   },
      *   checkIntervalSeconds: 30 // ตรวจสอบทุก 30 วินาที
      * });
+     *
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
      * ```
      */
     enableSessionExpirationMonitoring(options: SessionExpirationOptions): Promise<void>;
@@ -345,12 +362,18 @@ export declare class AuthClient {
     reloadSessionManagementConfig(): Promise<void>;
     /**
      * Enable inactivity detection
-     * จับ user activity (mouse/keyboard/touch/scroll) และ trigger callback เมื่อ inactivity timeout
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ track user activity, Frontend เป็นคนจัดการ
+     *
+     * จับ user activity (mouse/keyboard/touch/scroll) และ trigger callback เมื่อ inactivity timeout.
+     * เมื่อมี activity จะ trigger token refresh เพื่อ update server-side `last_access_at`.
      *
      * @param options - Options for inactivity detection
      *
      * @example
      * ```typescript
+     * // Frontend: Track user activity and trigger token refresh
      * await authClient.enableInactivityDetection({
      *   callbacks: {
      *     onInactivityWarning: (remainingSeconds) => {
@@ -368,6 +391,8 @@ export declare class AuthClient {
      *   warningSeconds: 300, // 5 minutes warning (optional, default: จาก session management config)
      *   events: ['mousemove', 'keydown', 'touchstart', 'scroll'] // (optional, default: ทั้งหมด)
      * });
+     *
+     * // Backend: ไม่ต้องใช้ - Server-side inactivity enforcement ทำงานอัตโนมัติ
      * ```
      */
     enableInactivityDetection(options: InactivityDetectionOptions): Promise<void>;
@@ -377,6 +402,7 @@ export declare class AuthClient {
     disableInactivityDetection(): void;
     /**
      * Handle user activity - reset inactivity timer with throttle
+     * Also trigger token refresh to update server-side last_access_at (if auto-refresh enabled)
      */
     private handleUserActivity;
     /**

package/dist/client/auth-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-client.d.ts","sourceRoot":"","sources":["../../src/client/auth-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAc,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAA8B,MAAM,OAAO,CAAC;AAC5G,OAAO,EAAE,aAAa,EAA8C,MAAM,UAAU,CAAC;AACrF,OAAO,EACL,OAAO,EACP,SAAS,EACT,eAAe,EACf,QAAQ,EACR,WAAW,EACX,UAAU,EACV,QAAQ,EACR,WAAW,EACX,OAAO,EACP,OAAO,EACP,OAAO,EACP,MAAM,EACN,QAAQ,EACR,WAAW,EACX,eAAe,EACf,UAAU,EACX,MAAM,OAAO,CAAC;AAiBf,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,eAAe,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC9D;;OAEG;IACH,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,0BAA0B;IACzC;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,GAAG,UAAU,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClH;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,wBAAwB;IACvC;;OAEG;IACH,SAAS,EAAE,0BAA0B,CAAC;IACtC;;OAEG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,uBAAuB;IACtC;;;;;OAKG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,qBAAqB,CAAC;IAClC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzE;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAClD;AAED,MAAM,WAAW,0BAA0B;IACzC;;OAEG;IACH,SAAS,EAAE,mBAAmB,CAAC;IAC/B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,MAAM,CAAC,EAAE,CAAC,WAAW,GAAG,SAAS,GAAG,YAAY,GAAG,QAAQ,CAAC,EAAE,CAAC;CAChE;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,QAAQ,CAAwC;IAGxD,OAAO,CAAC,qBAAqB,CAAsC;IACnE,OAAO,CAAC,gBAAgB,CAA8B;IACtD,OAAO,CAAC,uBAAuB,CAAuB;IACtD,OAAO,CAAC,uBAAuB,CAAwB;IACvD,OAAO,CAAC,kBAAkB,CAAa;IACvC,OAAO,CAAC,cAAc,CAAgC;IAGtD,OAAO,CAAC,0BAA0B,CAA2C;IAC7E,OAAO,CAAC,uBAAuB,CAAwC;IACvE,OAAO,CAAC,8BAA8B,CAA8B;IACpE,OAAO,CAAC,8BAA8B,CAA+B;IACrE,OAAO,CAAC,qCAAqC,CAAkD;IAC/F,OAAO,CAAC,eAAe,CAAa;IAGpC,OAAO,CAAC,mBAAmB,CAAoC;IAC/D,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,wBAAwB,CAA+B;IAC/D,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,0BAA0B,CAAkB;IACpD,OAAO,CAAC,wBAAwB,CAAa;IAC7C,OAAO,CAAC,wBAAwB,CAAa;IAC7C,OAAO,CAAC,cAAc,CAA6D;IACnF,OAAO,CAAC,eAAe,CAA6B;IACpD,OAAO,CAAC,uBAAuB,CAA+B;IAC9D,OAAO,CAAC,kBAAkB,CAAwC;IAClE,OAAO,CAAC,gBAAgB,CAAsC;IAG9D,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,MAAM,EAAE,SAAS,CAAC;IAClC,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,SAAgB,KAAK,EAAE,QAAQ,CAAC;IAChC,SAAgB,QAAQ,EAAE,WAAW,CAAC;IACtC,SAAgB,OAAO,EAAE,UAAU,CAAC;IACpC,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,GAAG,EAAE,MAAM,CAAC;IAC5B,SAAgB,KAAK,EAAE,QAAQ,CAAC;IAChC,SAAgB,QAAQ,EAAE,WAAW,CAAC;IACtC,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,SAAgB,OAAO,EAAE,UAAU,CAAC;IAC7B,KAAK,CAAC,EAAE,QAAQ,CAAC;gBAEZ,MAAM,EAAE,aAAa;IAiKjC;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAW1C;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIvF;;OAEG;IACG,IAAI,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIpG;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAInG;;OAEG;IACG,KAAK,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIrG;;OAEG;IACG,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAI1F;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAI/B;;OAEG;IACH,eAAe,IAAI,MAAM;IAMzB;;;;;;;;;;;;;;;;;OAiBG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,KAAK,GAAG,OAAO,GAAG,QAAgB,GAAG,IAAI;IAcvE;;OAEG;IACH,WAAW,IAAI,KAAK,GAAG,OAAO,GAAG,QAAQ;IAIzC;;;;OAIG;IACH,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,IAAI;IAKnD;;OAEG;IACH,cAAc,IAAI,MAAM;IAOxB;;OAEG;IACH,UAAU,IAAI,IAAI;IAMlB;;OAEG;IACH,gBAAgB,IAAI,aAAa;IAIjC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACG,sBAAsB,CAAC,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C9E;;OAEG;IACH,uBAAuB,IAAI,IAAI;IAO/B;;OAEG;YACW,aAAa;IAS3B;;OAEG;YACW,oBAAoB;IAgBlC;;OAEG;YACW,cAAc;IAmB5B;;;OAGG;YACW,SAAS;IAqDvB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAOtC;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACG,iCAAiC,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWzF;;OAEG;IACH,kCAAkC,IAAI,IAAI;IAO1C;;OAEG;YACW,2BAA2B;IASzC;;OAEG;YACW,kCAAkC;IAmBhD;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAaxC;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAOvC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IAiE9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAe9B;;OAEG;IACG,6BAA6B,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpD;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACG,yBAAyB,CAAC,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IAsDnF;;OAEG;IACH,0BAA0B,IAAI,IAAI;IAyBlC;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAkB1B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAuB9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAW/B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAmC5B;;OAEG;IACH,OAAO,CAAC,sBAAsB;CA0B/B"}
+{"version":3,"file":"auth-client.d.ts","sourceRoot":"","sources":["../../src/client/auth-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAc,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAA8B,MAAM,OAAO,CAAC;AAC5G,OAAO,EAAE,aAAa,EAA8C,MAAM,UAAU,CAAC;AACrF,OAAO,EACL,OAAO,EACP,SAAS,EACT,eAAe,EACf,QAAQ,EACR,WAAW,EACX,UAAU,EACV,QAAQ,EACR,WAAW,EACX,OAAO,EACP,OAAO,EACP,OAAO,EACP,MAAM,EACN,QAAQ,EACR,WAAW,EACX,eAAe,EACf,UAAU,EACX,MAAM,OAAO,CAAC;AAiBf,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,eAAe,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC9D;;OAEG;IACH,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,0BAA0B;IACzC;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,GAAG,UAAU,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClH;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,wBAAwB;IACvC;;OAEG;IACH,SAAS,EAAE,0BAA0B,CAAC;IACtC;;OAEG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,uBAAuB;IACtC;;;;;OAKG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,qBAAqB,CAAC;IAClC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzE;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAClD;AAED,MAAM,WAAW,0BAA0B;IACzC;;OAEG;IACH,SAAS,EAAE,mBAAmB,CAAC;IAC/B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,MAAM,CAAC,EAAE,CAAC,WAAW,GAAG,SAAS,GAAG,YAAY,GAAG,QAAQ,CAAC,EAAE,CAAC;CAChE;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,QAAQ,CAAwC;IAGxD,OAAO,CAAC,qBAAqB,CAAsC;IACnE,OAAO,CAAC,gBAAgB,CAA8B;IACtD,OAAO,CAAC,uBAAuB,CAAuB;IACtD,OAAO,CAAC,uBAAuB,CAAwB;IACvD,OAAO,CAAC,kBAAkB,CAAa;IACvC,OAAO,CAAC,cAAc,CAAgC;IAGtD,OAAO,CAAC,0BAA0B,CAA2C;IAC7E,OAAO,CAAC,uBAAuB,CAAwC;IACvE,OAAO,CAAC,8BAA8B,CAA8B;IACpE,OAAO,CAAC,8BAA8B,CAA+B;IACrE,OAAO,CAAC,qCAAqC,CAAkD;IAC/F,OAAO,CAAC,eAAe,CAAa;IAGpC,OAAO,CAAC,mBAAmB,CAAoC;IAC/D,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,wBAAwB,CAA+B;IAC/D,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,0BAA0B,CAAkB;IACpD,OAAO,CAAC,wBAAwB,CAAa;IAC7C,OAAO,CAAC,wBAAwB,CAAa;IAC7C,OAAO,CAAC,cAAc,CAA6D;IACnF,OAAO,CAAC,eAAe,CAA6B;IACpD,OAAO,CAAC,uBAAuB,CAA+B;IAC9D,OAAO,CAAC,kBAAkB,CAAwC;IAClE,OAAO,CAAC,gBAAgB,CAAsC;IAC9D,OAAO,CAAC,uBAAuB,CAAa;IAC5C,OAAO,CAAC,4BAA4B,CAAiB;IAGrD,OAAO,CAAC,aAAa,CAAa;IAGlC,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,MAAM,EAAE,SAAS,CAAC;IAClC,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,SAAgB,KAAK,EAAE,QAAQ,CAAC;IAChC,SAAgB,QAAQ,EAAE,WAAW,CAAC;IACtC,SAAgB,OAAO,EAAE,UAAU,CAAC;IACpC,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,GAAG,EAAE,MAAM,CAAC;IAC5B,SAAgB,KAAK,EAAE,QAAQ,CAAC;IAChC,SAAgB,QAAQ,EAAE,WAAW,CAAC;IACtC,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,SAAgB,OAAO,EAAE,UAAU,CAAC;IAC7B,KAAK,CAAC,EAAE,QAAQ,CAAC;gBAEZ,MAAM,EAAE,aAAa;IAmKjC;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAW1C;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIvF;;OAEG;IACG,IAAI,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIpG;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAInG;;OAEG;IACG,KAAK,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIrG;;OAEG;IACG,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAI1F;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAI/B;;OAEG;IACH,eAAe,IAAI,MAAM;IAMzB;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,KAAK,GAAG,OAAO,GAAG,QAAgB,GAAG,IAAI;IAgBvE;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IAOhC;;OAEG;IACH,WAAW,IAAI,KAAK,GAAG,OAAO,GAAG,QAAQ;IAIzC;;;;OAIG;IACH,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,IAAI;IAKnD;;OAEG;IACH,cAAc,IAAI,MAAM;IAOxB;;OAEG;IACH,UAAU,IAAI,IAAI;IAMlB;;OAEG;IACH,gBAAgB,IAAI,aAAa;IAIjC;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACG,sBAAsB,CAAC,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C9E;;OAEG;IACH,uBAAuB,IAAI,IAAI;IAO/B;;OAEG;YACW,aAAa;IAS3B;;OAEG;YACW,oBAAoB;IAgBlC;;OAEG;YACW,cAAc;IAmB5B;;;OAGG;YACW,SAAS;IAyDvB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAOtC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACG,iCAAiC,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWzF;;OAEG;IACH,kCAAkC,IAAI,IAAI;IAO1C;;OAEG;YACW,2BAA2B;IASzC;;OAEG;YACW,kCAAkC;IAmBhD;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAaxC;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAOvC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IAiE9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAe9B;;OAEG;IACG,6BAA6B,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,yBAAyB,CAAC,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IAsDnF;;OAEG;IACH,0BAA0B,IAAI,IAAI;IAyBlC;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA+C1B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAuB9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAW/B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAmC5B;;OAEG;IACH,OAAO,CAAC,sBAAsB;CA0B/B"}

package/dist/client/auth-client.js

@@ -56,6 +56,10 @@ class AuthClient {
         this.activityThrottleTimeout = null;
         this.activityThrottleMs = DEFAULT_ACTIVITY_THROTTLE_MS;
         this.refreshTimeoutMs = DEFAULT_REFRESH_TIMEOUT_MS;
+        this.lastActivityRefreshTime = 0; // Track last time we refreshed due to activity
+        this.ACTIVITY_REFRESH_INTERVAL_MS = 5 * 60 * 1000; // Refresh every 5 minutes when active (keep-alive)
+        // Real-time session monitoring (Socket.IO)
+        this.sessionSocket = null; // SessionSocket instance
         this.apiKey = config.apiKey;
         this.apiKeyHeader = config.apiKeyHeader || 'X-API-Key';
         // Apply advanced config if provided
@@ -107,6 +111,8 @@ class AuthClient {
                                         ]);
                                         this.token = newToken;
                                         requestConfig.headers['Authorization'] = `Bearer ${newToken}`;
+                                        // Update session socket token if real-time monitoring is enabled
+                                        this.updateSessionSocketToken(newToken);
                                         logger_1.logger.info('Token refreshed successfully (critical)');
                                     }
                                     catch (error) {
@@ -261,24 +267,29 @@ class AuthClient {
     /**
      * Set JWT token for authenticated requests
      *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ใช้ `createAuthGuard()` หรือ `authMiddleware()` แทน (ไม่ต้อง setToken)
+     *
      * @param token - JWT access token
      * @param type - Token type: 'jwt' (default), 'oauth', or 'hybrid'
      *
      * @example
      * ```typescript
-     * // JWT token from /auth/login
+     * // Frontend: JWT token from /auth/login
      * authClient.setToken(session.token, 'jwt');
      *
-     * // OAuth access token
+     * // Frontend: OAuth access token
      * authClient.setToken(oauthToken, 'oauth');
      *
-     * // Auto-detect (hybrid mode)
-     * authClient.setToken(token);
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
+     * // @UseGuards(AuthGuard)
      * ```
      */
     setToken(token, type = 'jwt') {
         this.token = token;
         this.authType = type;
+        // Update session socket token if real-time monitoring is enabled
+        this.updateSessionSocketToken(token);
         logger_1.logger.debug(`Token set with type: ${type}`);
         // Reset warning time when token changes
         this.lastWarningTime = 0;
@@ -287,6 +298,18 @@ class AuthClient {
             this.checkSessionExpiration();
         }
     }
+    /**
+     * Update session socket token if real-time monitoring is enabled
+     *
+     * @private
+     * @param token - New JWT token to update
+     */
+    updateSessionSocketToken(token) {
+        if (this.sessionSocket && typeof this.sessionSocket.updateToken === 'function') {
+            this.sessionSocket.updateToken(token);
+            logger_1.logger.debug('Session socket token updated');
+        }
+    }
     /**
      * Get current token type
      */
@@ -329,33 +352,30 @@ class AuthClient {
     }
     /**
      * Enable automatic token refresh
-     * Call this after user is authenticated to enable automatic refresh
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ถือ token, Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป
+     *
+     * Call this after user is authenticated to enable automatic refresh.
+     * SDK จะ refresh token อัตโนมัติก่อนหมดอายุผ่าน axios interceptor.
      *
      * @param options - Options for automatic refresh (optional - SDK will use session-based refresh if not provided)
      *
      * @example
      * ```typescript
-     * // Option 1: Session-based refresh (default - no refresh token needed)
-     * // Works when login only returns access_token
+     * // Frontend: Session-based refresh (default - no refresh token needed)
      * await authClient.enableAutomaticRefresh({
      *   onRefreshFailure: () => window.location.href = '/login'
      * });
      *
-     * // Option 2: With refresh token (if login returns refresh_token)
+     * // Frontend: With refresh token (if login returns refresh_token)
      * await authClient.enableAutomaticRefresh({
      *   refreshTokenKey: 'refresh_token',
      *   onRefreshFailure: () => window.location.href = '/login'
      * });
      *
-     * // Option 3: Custom callbacks
-     * await authClient.enableAutomaticRefresh({
-     *   callbacks: {
-     *     getRefreshToken: () => customStorage.get('refresh_token'),
-     *     setRefreshToken: (token) => customStorage.set('refresh_token', token),
-     *     clearRefreshToken: () => customStorage.remove('refresh_token'),
-     *     onRefreshFailure: () => window.location.href = '/login'
-     *   }
-     * });
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
+     * // @UseGuards(AuthGuard) // Guard จะ validate token อัตโนมัติ
      * ```
      */
     async enableAutomaticRefresh(options) {
@@ -432,7 +452,7 @@ class AuthClient {
      */
     async performJwtConfigLoad() {
         try {
-            const config = await this.systemConfig.getSecurityJwtConfig();
+            const config = (await this.systemConfig.get('security', 'jwt')).value;
             this.refreshThresholdMinutes = config.refresh_threshold_minutes;
             this.automaticRefreshEnabled = config.automatic_refresh ?? true;
             logger_1.logger.debug(`JWT config loaded: refresh_threshold_minutes=${this.refreshThresholdMinutes} minutes, automatic_refresh=${this.automaticRefreshEnabled}`);
@@ -478,6 +498,8 @@ class AuthClient {
                 const newAccessToken = result.token;
                 // Update token in client
                 this.token = newAccessToken;
+                // Update session socket token if real-time monitoring is enabled
+                this.updateSessionSocketToken(newAccessToken);
                 logger_1.logger.debug('Token refreshed successfully (session-based)');
                 return newAccessToken;
             }
@@ -499,6 +521,8 @@ class AuthClient {
                     const newAccessToken = session.access_token;
                     // Update token in client
                     this.token = newAccessToken;
+                    // Update session socket token if real-time monitoring is enabled
+                    this.updateSessionSocketToken(newAccessToken);
                     // Save new refresh token if rotated
                     if (session.refresh_token) {
                         await this.refreshTokenCallbacks.setRefreshToken(session.refresh_token);
@@ -526,12 +550,17 @@ class AuthClient {
     }
     /**
      * Enable session expiration monitoring
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ track session expiration, Frontend เป็นคนจัดการ
+     *
      * จะตรวจสอบ session expiration ตาม config จาก settings/sessions และเรียก callback เมื่อใกล้หมดอายุ
      *
      * @param options - Options for session expiration monitoring
      *
      * @example
      * ```typescript
+     * // Frontend: Monitor session expiration
      * await authClient.enableSessionExpirationMonitoring({
      *   callbacks: {
      *     onSessionExpiring: (remainingMinutes, expirationType) => {
@@ -545,6 +574,8 @@ class AuthClient {
      *   },
      *   checkIntervalSeconds: 30 // ตรวจสอบทุก 30 วินาที
      * });
+     *
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
      * ```
      */
     async enableSessionExpirationMonitoring(options) {
@@ -703,12 +734,18 @@ class AuthClient {
     }
     /**
      * Enable inactivity detection
-     * จับ user activity (mouse/keyboard/touch/scroll) และ trigger callback เมื่อ inactivity timeout
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ track user activity, Frontend เป็นคนจัดการ
+     *
+     * จับ user activity (mouse/keyboard/touch/scroll) และ trigger callback เมื่อ inactivity timeout.
+     * เมื่อมี activity จะ trigger token refresh เพื่อ update server-side `last_access_at`.
      *
      * @param options - Options for inactivity detection
      *
      * @example
      * ```typescript
+     * // Frontend: Track user activity and trigger token refresh
      * await authClient.enableInactivityDetection({
      *   callbacks: {
      *     onInactivityWarning: (remainingSeconds) => {
@@ -726,6 +763,8 @@ class AuthClient {
      *   warningSeconds: 300, // 5 minutes warning (optional, default: จาก session management config)
      *   events: ['mousemove', 'keydown', 'touchstart', 'scroll'] // (optional, default: ทั้งหมด)
      * });
+     *
+     * // Backend: ไม่ต้องใช้ - Server-side inactivity enforcement ทำงานอัตโนมัติ
      * ```
      */
     async enableInactivityDetection(options) {
@@ -799,6 +838,7 @@ class AuthClient {
     }
     /**
      * Handle user activity - reset inactivity timer with throttle
+     * Also trigger token refresh to update server-side last_access_at (if auto-refresh enabled)
      */
     handleUserActivity() {
         if (!this.inactivityDetectionEnabled) {
@@ -810,6 +850,29 @@ class AuthClient {
         }
         this.lastActivityTime = Date.now();
         this.resetInactivityTimer();
+        // ✅ Connect inactivity detection with auto-refresh: trigger refresh to update server-side last_access_at
+        // This ensures server knows user is active even if no API calls are made
+        if (this.automaticRefreshEnabled &&
+            this.refreshTokenCallbacks &&
+            this.token &&
+            (0, token_utils_1.isTokenValid)(this.token)) {
+            const now = Date.now();
+            const timeSinceLastActivityRefresh = now - this.lastActivityRefreshTime;
+            // Refresh token if:
+            // 1. Token is near expiration (use refresh_threshold_minutes)
+            // 2. OR it's been 5 minutes since last activity refresh (keep-alive)
+            const shouldRefresh = (this.refreshThresholdMinutes !== null &&
+                (0, token_utils_1.isTokenNearExpiration)(this.token, this.refreshThresholdMinutes)) ||
+                timeSinceLastActivityRefresh >= this.ACTIVITY_REFRESH_INTERVAL_MS;
+            if (shouldRefresh && !this.refreshPromise) {
+                this.lastActivityRefreshTime = now;
+                // Trigger background refresh (non-blocking)
+                this.performRefresh().catch((error) => {
+                    logger_1.logger.debug('Activity-triggered token refresh failed:', error);
+                    // Don't call onRefreshFailure here - this is just a keep-alive, not critical
+                });
+            }
+        }
         this.activityThrottleTimeout = setTimeout(() => {
             this.activityThrottleTimeout = null;
         }, this.activityThrottleMs);

package/dist/client/index.d.ts

@@ -2,6 +2,7 @@
  * Client exports for frontend applications
  */
 export { AuthClient } from './auth-client';
+export { SessionSocket, type SessionSocketOptions, type SessionEventData } from './session-socket';
 export type { RefreshTokenCallbacks, AutomaticRefreshOptions, SessionExpirationCallbacks, SessionExpirationOptions, InactivityCallbacks, InactivityDetectionOptions, } from './auth-client';
 export * from './api';
 //# sourceMappingURL=index.d.ts.map

package/dist/client/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EACV,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AACvB,cAAc,OAAO,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,KAAK,oBAAoB,EAAE,KAAK,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACnG,YAAY,EACV,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AACvB,cAAc,OAAO,CAAC"}

package/dist/client/index.js

@@ -17,7 +17,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthClient = void 0;
+exports.SessionSocket = exports.AuthClient = void 0;
 var auth_client_1 = require("./auth-client");
 Object.defineProperty(exports, "AuthClient", { enumerable: true, get: function () { return auth_client_1.AuthClient; } });
+var session_socket_1 = require("./session-socket");
+Object.defineProperty(exports, "SessionSocket", { enumerable: true, get: function () { return session_socket_1.SessionSocket; } });
 __exportStar(require("./api"), exports);

package/dist/client/session-socket.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Session Socket Options
+ */
+export interface SessionSocketOptions {
+    /** Portal API URL (same as AuthClient baseURL) */
+    baseURL: string;
+    /** JWT token for authentication */
+    token: string;
+    /** Namespace (default: /app-sessions) */
+    namespace?: string;
+    /** Callbacks */
+    onSessionExpired?: (data: SessionEventData) => void;
+    onSessionRevoked?: (data: SessionEventData) => void;
+    onSessionExpiring?: (data: {
+        remaining_seconds: number;
+        reason: string;
+    }) => void;
+    onConnectionChange?: (connected: boolean) => void;
+    /** Auto-reconnect (default: true) */
+    autoReconnect?: boolean;
+    /** Reconnect attempts (default: 5) */
+    reconnectAttempts?: number;
+    /** Reconnect delay in ms (default: 1000) */
+    reconnectDelay?: number;
+}
+/**
+ * Session Event Data
+ */
+export interface SessionEventData {
+    session_id: string;
+    reason: string;
+    expired_at?: string;
+    last_access_at?: string;
+    revoked_by?: string;
+    revoked_at?: string;
+}
+/**
+ * Session Socket Client
+ *
+ * @description Socket.IO client wrapper for real-time session events
+ * Requires socket.io-client as peer dependency
+ *
+ * @example
+ * ```typescript
+ * const socket = new SessionSocket({
+ *   baseURL: 'https://portal.example.com',
+ *   token: 'jwt-token',
+ *   onSessionExpired: (data) => {
+ *     console.log('Session expired:', data);
+ *     window.location.href = '/login';
+ *   },
+ * });
+ *
+ * socket.connect();
+ * ```
+ */
+export declare class SessionSocket {
+    private socket;
+    private options;
+    private reconnectAttempts;
+    private reconnectTimeout;
+    private isConnecting;
+    constructor(options: SessionSocketOptions);
+    /**
+     * Connect to Socket.IO server
+     */
+    connect(): Promise<void>;
+    /**
+     * Disconnect from Socket.IO server
+     */
+    disconnect(): void;
+    /**
+     * Check if socket is connected
+     */
+    isConnected(): boolean;
+    /**
+     * Update JWT token (useful when token is refreshed)
+     */
+    updateToken(token: string): void;
+    /**
+     * Setup Socket.IO event listeners
+     */
+    private setupEventListeners;
+    /**
+     * Schedule reconnection attempt
+     */
+    private scheduleReconnect;
+}
+//# sourceMappingURL=session-socket.d.ts.map

package/dist/client/session-socket.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-socket.d.ts","sourceRoot":"","sources":["../../src/client/session-socket.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,kDAAkD;IAClD,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB;IAChB,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE,gBAAgB,KAAK,IAAI,CAAC;IACpD,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE,gBAAgB,KAAK,IAAI,CAAC;IACpD,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE;QAAE,iBAAiB,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;IAClF,kBAAkB,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,IAAI,CAAC;IAClD,qCAAqC;IACrC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,sCAAsC;IACtC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,4CAA4C;IAC5C,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,iBAAiB,CAAK;IAC9B,OAAO,CAAC,gBAAgB,CAA+B;IACvD,OAAO,CAAC,YAAY,CAAS;gBAEjB,OAAO,EAAE,oBAAoB;IAUzC;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAuC9B;;OAEG;IACH,UAAU,IAAI,IAAI;IAgBlB;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAYhC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAiD3B;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAiB1B"}

package/dist/client/session-socket.js

@@ -0,0 +1,195 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionSocket = void 0;
+const logger_1 = require("../utils/logger");
+/**
+ * Session Socket Client
+ *
+ * @description Socket.IO client wrapper for real-time session events
+ * Requires socket.io-client as peer dependency
+ *
+ * @example
+ * ```typescript
+ * const socket = new SessionSocket({
+ *   baseURL: 'https://portal.example.com',
+ *   token: 'jwt-token',
+ *   onSessionExpired: (data) => {
+ *     console.log('Session expired:', data);
+ *     window.location.href = '/login';
+ *   },
+ * });
+ *
+ * socket.connect();
+ * ```
+ */
+class SessionSocket {
+    constructor(options) {
+        this.socket = null; // socket.io-client Socket
+        this.reconnectAttempts = 0;
+        this.reconnectTimeout = null;
+        this.isConnecting = false;
+        this.options = {
+            namespace: '/app-sessions',
+            autoReconnect: true,
+            reconnectAttempts: 5,
+            reconnectDelay: 1000,
+            ...options,
+        };
+    }
+    /**
+     * Connect to Socket.IO server
+     */
+    async connect() {
+        if (this.isConnecting || this.isConnected()) {
+            return;
+        }
+        try {
+            // Dynamic import socket.io-client
+            const { io } = await Promise.resolve().then(() => __importStar(require('socket.io-client')));
+            this.isConnecting = true;
+            const url = `${this.options.baseURL}${this.options.namespace}`;
+            this.socket = io(url, {
+                auth: {
+                    token: this.options.token,
+                },
+                transports: ['websocket', 'polling'],
+                reconnection: this.options.autoReconnect,
+                reconnectionAttempts: this.options.reconnectAttempts,
+                reconnectionDelay: this.options.reconnectDelay,
+            });
+            // Setup event listeners
+            this.setupEventListeners();
+            logger_1.logger.debug('SessionSocket connecting...', { url, namespace: this.options.namespace });
+        }
+        catch (error) {
+            this.isConnecting = false;
+            if (error.message?.includes('Cannot find module') || error.message?.includes('socket.io-client')) {
+                logger_1.logger.warn('socket.io-client not installed. Install it to enable real-time session monitoring: npm install socket.io-client');
+            }
+            else {
+                logger_1.logger.error('Failed to connect SessionSocket:', error);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Disconnect from Socket.IO server
+     */
+    disconnect() {
+        if (this.socket) {
+            this.socket.disconnect();
+            this.socket = null;
+        }
+        if (this.reconnectTimeout) {
+            clearTimeout(this.reconnectTimeout);
+            this.reconnectTimeout = null;
+        }
+        this.reconnectAttempts = 0;
+        this.isConnecting = false;
+        logger_1.logger.debug('SessionSocket disconnected');
+    }
+    /**
+     * Check if socket is connected
+     */
+    isConnected() {
+        return this.socket?.connected === true;
+    }
+    /**
+     * Update JWT token (useful when token is refreshed)
+     */
+    updateToken(token) {
+        this.options.token = token;
+        if (this.socket) {
+            this.socket.auth = { token };
+            // Reconnect with new token
+            if (this.isConnected()) {
+                this.disconnect();
+                this.connect();
+            }
+        }
+    }
+    /**
+     * Setup Socket.IO event listeners
+     */
+    setupEventListeners() {
+        if (!this.socket) {
+            return;
+        }
+        // Connection events
+        this.socket.on('connect', () => {
+            this.isConnecting = false;
+            this.reconnectAttempts = 0;
+            logger_1.logger.debug('SessionSocket connected');
+            this.options.onConnectionChange?.(true);
+        });
+        this.socket.on('disconnect', (reason) => {
+            logger_1.logger.debug('SessionSocket disconnected:', reason);
+            this.options.onConnectionChange?.(false);
+            // Auto-reconnect if enabled and not manually disconnected
+            if (this.options.autoReconnect && reason !== 'io client disconnect') {
+                this.scheduleReconnect();
+            }
+        });
+        this.socket.on('connect_error', (error) => {
+            logger_1.logger.warn('SessionSocket connection error:', error.message);
+            this.isConnecting = false;
+        });
+        // Session events
+        this.socket.on('session_expired', (data) => {
+            logger_1.logger.debug('Session expired event received:', data);
+            this.options.onSessionExpired?.(data);
+        });
+        this.socket.on('session_revoked', (data) => {
+            logger_1.logger.debug('Session revoked event received:', data);
+            this.options.onSessionRevoked?.(data);
+        });
+        this.socket.on('session_expiring', (data) => {
+            logger_1.logger.debug('Session expiring event received:', data);
+            this.options.onSessionExpiring?.(data);
+        });
+        this.socket.on('connection_status', (data) => {
+            logger_1.logger.debug('Connection status:', data);
+        });
+    }
+    /**
+     * Schedule reconnection attempt
+     */
+    scheduleReconnect() {
+        if (this.reconnectAttempts >= (this.options.reconnectAttempts || 5)) {
+            logger_1.logger.warn('Max reconnection attempts reached');
+            return;
+        }
+        this.reconnectAttempts++;
+        const delay = (this.options.reconnectDelay || 1000) * this.reconnectAttempts; // Exponential backoff
+        logger_1.logger.debug(`Scheduling reconnect attempt ${this.reconnectAttempts} in ${delay}ms`);
+        this.reconnectTimeout = setTimeout(() => {
+            this.connect().catch((error) => {
+                logger_1.logger.error('Reconnection failed:', error);
+            });
+        }, delay);
+    }
+}
+exports.SessionSocket = SessionSocket;

package/dist/middleware/express.middleware.d.ts

@@ -9,21 +9,34 @@ import './express.types';
 /**
  * Create Express middleware
  *
+ * @platform **Backend only** - สำหรับ Express applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Validate token จาก request header และ attach user profile ลง `req.user`.
+ * Backend ไม่ต้อง refresh token - Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป.
+ *
+ * @param config - Configuration สำหรับ auth middleware
+ * @returns Express middleware function
+ *
  * @example
  * ```typescript
+ * // Backend: Express middleware
  * import { authMiddleware } from 'win-portal-auth-sdk';
  *
- * // Express
  * app.use(authMiddleware({
- *   baseURL: 'https://api.example.com',
- *   apiKey: 'your-api-key'
+ *   baseURL: process.env.PORTAL_API_URL!,
+ *   apiKey: process.env.PORTAL_API_KEY!,
+ *   cacheTimeout: 300, // Cache user profile 5 นาที (default)
  * }));
  *
  * // In routes
  * app.get('/profile', (req, res) => {
- *   const user = req.user; // User
- *   const token = req.token;
+ *   const user = req.user; // UserProfileResponseDto from Portal
+ *   const token = req.token; // JWT token
+ *   res.json({ user });
  * });
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 export declare function authMiddleware(config: MiddlewareConfig): (req: any, res: any, next: any) => Promise<any>;

package/dist/middleware/express.middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"express.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/express.middleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAMxD,OAAO,iBAAiB,CAAC;AAEzB;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,gBAAgB,SAGlC,GAAG,OAAO,GAAG,QAAQ,GAAG,kBA4B5C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,WAAW,CAK7C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG;IACrC,IAAI,EAAE,IAAI,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;CACf,CASA;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,QAM5C"}
+{"version":3,"file":"express.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/express.middleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAMxD,OAAO,iBAAiB,CAAC;AAEzB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,gBAAgB,SAGlC,GAAG,OAAO,GAAG,QAAQ,GAAG,kBA4B5C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,WAAW,CAK7C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG;IACrC,IAAI,EAAE,IAAI,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;CACf,CASA;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,QAM5C"}

package/dist/middleware/express.middleware.js

@@ -14,21 +14,34 @@ require("./express.types");
 /**
  * Create Express middleware
  *
+ * @platform **Backend only** - สำหรับ Express applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Validate token จาก request header และ attach user profile ลง `req.user`.
+ * Backend ไม่ต้อง refresh token - Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป.
+ *
+ * @param config - Configuration สำหรับ auth middleware
+ * @returns Express middleware function
+ *
  * @example
  * ```typescript
+ * // Backend: Express middleware
  * import { authMiddleware } from 'win-portal-auth-sdk';
  *
- * // Express
  * app.use(authMiddleware({
- *   baseURL: 'https://api.example.com',
- *   apiKey: 'your-api-key'
+ *   baseURL: process.env.PORTAL_API_URL!,
+ *   apiKey: process.env.PORTAL_API_KEY!,
+ *   cacheTimeout: 300, // Cache user profile 5 นาที (default)
  * }));
  *
  * // In routes
  * app.get('/profile', (req, res) => {
- *   const user = req.user; // User
- *   const token = req.token;
+ *   const user = req.user; // UserProfileResponseDto from Portal
+ *   const token = req.token; // JWT token
+ *   res.json({ user });
  * });
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 function authMiddleware(config) {

package/dist/middleware/nestjs.guard.d.ts

@@ -7,22 +7,34 @@ import { MiddlewareConfig } from './types';
 /**
  * NestJS Auth Guard
  *
+ * @platform **Backend only** - สำหรับ NestJS applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Validate token จาก request header และ attach user profile ลง `request.user`.
+ * Backend ไม่ต้อง refresh token - Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป.
+ *
+ * @param config - Configuration สำหรับ auth guard
+ * @returns NestJS Guard class ที่สามารถใช้กับ `@UseGuards()` decorator
+ *
  * @example
  * ```typescript
- * // In your auth.guard.ts
+ * // Backend: In your auth.guard.ts
  * import { createAuthGuard } from 'win-portal-auth-sdk';
  *
  * export const AuthGuard = createAuthGuard({
- *   baseURL: process.env.API_BASE_URL,
- *   apiKey: process.env.API_KEY
+ *   baseURL: process.env.PORTAL_API_URL!,
+ *   apiKey: process.env.PORTAL_API_KEY!,
+ *   cacheTimeout: 300, // Cache user profile 5 นาที (default)
  * });
  *
  * // In your controller
  * @UseGuards(AuthGuard)
  * @Get('profile')
- * getProfile(@CurrentUser() user: User) {
- *   return user;
+ * getProfile(@CurrentUser() user: UserProfileResponseDto) {
+ *   return user; // user มาจาก Portal API (ผ่าน Guard validation)
  * }
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 export declare function createAuthGuard(config: Omit<MiddlewareConfig, 'optional'>): {
@@ -33,14 +45,26 @@ export declare function createAuthGuard(config: Omit<MiddlewareConfig, 'optional
 /**
  * Optional Auth Guard - Does not block if no token
  *
+ * @platform **Backend only** - สำหรับ NestJS applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Similar to `createAuthGuard()` แต่ไม่ block request ถ้าไม่มี token.
+ * ใช้สำหรับ routes ที่ต้องการ user ถ้ามี แต่ยังทำงานได้ถ้าไม่มี.
+ *
+ * @param config - Configuration สำหรับ auth guard
+ * @returns NestJS Guard class ที่สามารถใช้กับ `@UseGuards()` decorator
+ *
  * @example
  * ```typescript
+ * // Backend: Optional auth guard
  * @UseGuards(OptionalAuthGuard)
  * @Get('posts')
- * getPosts(@CurrentUser() user: User | null) {
+ * getPosts(@CurrentUser() user: UserProfileResponseDto | null) {
  *   // user may be null
  *   return user ? 'Your posts' : 'Public posts';
  * }
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 export declare function createOptionalAuthGuard(config: Omit<MiddlewareConfig, 'optional'>): {

package/dist/middleware/nestjs.guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nestjs.guard.d.ts","sourceRoot":"","sources":["../../src/middleware/nestjs.guard.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAI3C;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;;6BAO3C,GAAG,GAAG,QAAQ,OAAO,CAAC;;EAoBpD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;;6BAOnD,GAAG,GAAG,QAAQ,OAAO,CAAC;;EAepD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,QAMhD"}
+{"version":3,"file":"nestjs.guard.d.ts","sourceRoot":"","sources":["../../src/middleware/nestjs.guard.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAI3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;;6BAO3C,GAAG,GAAG,QAAQ,OAAO,CAAC;;EAoBpD;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;;6BAOnD,GAAG,GAAG,QAAQ,OAAO,CAAC;;EAepD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,QAMhD"}

package/dist/middleware/nestjs.guard.js

@@ -11,22 +11,34 @@ const user_cache_1 = require("./shared/user-cache");
 /**
  * NestJS Auth Guard
  *
+ * @platform **Backend only** - สำหรับ NestJS applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Validate token จาก request header และ attach user profile ลง `request.user`.
+ * Backend ไม่ต้อง refresh token - Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป.
+ *
+ * @param config - Configuration สำหรับ auth guard
+ * @returns NestJS Guard class ที่สามารถใช้กับ `@UseGuards()` decorator
+ *
  * @example
  * ```typescript
- * // In your auth.guard.ts
+ * // Backend: In your auth.guard.ts
  * import { createAuthGuard } from 'win-portal-auth-sdk';
  *
  * export const AuthGuard = createAuthGuard({
- *   baseURL: process.env.API_BASE_URL,
- *   apiKey: process.env.API_KEY
+ *   baseURL: process.env.PORTAL_API_URL!,
+ *   apiKey: process.env.PORTAL_API_KEY!,
+ *   cacheTimeout: 300, // Cache user profile 5 นาที (default)
  * });
  *
  * // In your controller
  * @UseGuards(AuthGuard)
  * @Get('profile')
- * getProfile(@CurrentUser() user: User) {
- *   return user;
+ * getProfile(@CurrentUser() user: UserProfileResponseDto) {
+ *   return user; // user มาจาก Portal API (ผ่าน Guard validation)
  * }
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 function createAuthGuard(config) {
@@ -55,14 +67,26 @@ exports.createAuthGuard = createAuthGuard;
 /**
  * Optional Auth Guard - Does not block if no token
  *
+ * @platform **Backend only** - สำหรับ NestJS applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Similar to `createAuthGuard()` แต่ไม่ block request ถ้าไม่มี token.
+ * ใช้สำหรับ routes ที่ต้องการ user ถ้ามี แต่ยังทำงานได้ถ้าไม่มี.
+ *
+ * @param config - Configuration สำหรับ auth guard
+ * @returns NestJS Guard class ที่สามารถใช้กับ `@UseGuards()` decorator
+ *
  * @example
  * ```typescript
+ * // Backend: Optional auth guard
  * @UseGuards(OptionalAuthGuard)
  * @Get('posts')
- * getPosts(@CurrentUser() user: User | null) {
+ * getPosts(@CurrentUser() user: UserProfileResponseDto | null) {
  *   // user may be null
  *   return user ? 'Your posts' : 'Public posts';
  * }
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 function createOptionalAuthGuard(config) {

package/dist/types/webhook.types.d.ts

@@ -69,8 +69,10 @@ export interface WebhookLogDetail {
     status: 'pending' | 'success' | 'failed' | 'retrying';
     /** HTTP status code ที่ได้รับกลับมา */
     http_status?: number;
-    /** Headers ที่ส่งไปกับ request */
+    /** HTTP request headers จาก external ที่เรียกเข้ามา */
     request_headers?: Record<string, string>;
+    /** Headers ที่จะใช้ส่งไปกับ axios (จาก DTO หรือ webhook config) */
+    headers?: Record<string, string>;
     /** Headers ที่ได้รับกลับมาจาก response */
     response_headers?: Record<string, string>;
     /** Response body ที่ได้รับกลับมา */

package/dist/types/webhook.types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"webhook.types.d.ts","sourceRoot":"","sources":["../../src/types/webhook.types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IAEpB,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC;IAEnB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7B,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,uCAAuC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,oFAAoF;IACpF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,oCAAoC;IACpC,cAAc,EAAE,MAAM,CAAC;IAEvB,0BAA0B;IAC1B,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,UAAU,CAAC;IAEtD,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAEhB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,kDAAkD;IAClD,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,2DAA2D;IAC3D,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uBAAuB;IACvB,EAAE,EAAE,MAAM,CAAC;IAEX,kEAAkE;IAClE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,qCAAqC;IACrC,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,gDAAgD;IAChD,MAAM,EAAE,UAAU,GAAG,UAAU,CAAC;IAEhC,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;IAEpB,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC;IAEnB,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7B,6BAA6B;IAC7B,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,UAAU,CAAC;IAEtD,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,kCAAkC;IAClC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEzC,0CAA0C;IAC1C,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE1C,oCAAoC;IACpC,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,sCAAsC;IACtC,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IAEpB,iCAAiC;IACjC,aAAa,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAE9B,2CAA2C;IAC3C,YAAY,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAE7B,gDAAgD;IAChD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,kBAAkB;IAClB,UAAU,EAAE,IAAI,GAAG,MAAM,CAAC;IAE1B,yBAAyB;IACzB,UAAU,EAAE,IAAI,GAAG,MAAM,CAAC;CAC3B"}
+{"version":3,"file":"webhook.types.d.ts","sourceRoot":"","sources":["../../src/types/webhook.types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,qCAAqC;IACrC,WAAW,EAAE,MAAM,CAAC;IAEpB,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC;IAEnB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7B,yCAAyC;IACzC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,uCAAuC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,8CAA8C;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,kCAAkC;IAClC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,oFAAoF;IACpF,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,oCAAoC;IACpC,cAAc,EAAE,MAAM,CAAC;IAEvB,0BAA0B;IAC1B,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,UAAU,CAAC;IAEtD,oBAAoB;IACpB,OAAO,EAAE,MAAM,CAAC;IAEhB,gDAAgD;IAChD,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,kDAAkD;IAClD,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB,2DAA2D;IAC3D,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,uBAAuB;IACvB,EAAE,EAAE,MAAM,CAAC;IAEX,kEAAkE;IAClE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,qCAAqC;IACrC,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,gDAAgD;IAChD,MAAM,EAAE,UAAU,GAAG,UAAU,CAAC;IAEhC,4BAA4B;IAC5B,WAAW,EAAE,MAAM,CAAC;IAEpB,sBAAsB;IACtB,UAAU,EAAE,MAAM,CAAC;IAEnB,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7B,6BAA6B;IAC7B,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,UAAU,CAAC;IAEtD,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,uDAAuD;IACvD,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEzC,mEAAmE;IACnE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC,0CAA0C;IAC1C,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE1C,oCAAoC;IACpC,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,sCAAsC;IACtC,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IAEpB,iCAAiC;IACjC,aAAa,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAE9B,2CAA2C;IAC3C,YAAY,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC;IAE7B,gDAAgD;IAChD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B,kBAAkB;IAClB,UAAU,EAAE,IAAI,GAAG,MAAM,CAAC;IAE1B,yBAAyB;IACzB,UAAU,EAAE,IAAI,GAAG,MAAM,CAAC;CAC3B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "win-portal-auth-sdk",
-  "version": "1.6.1",
+  "version": "1.6.3",
   "description": "Shared authentication SDK for Win Portal applications with JWT and OAuth support",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -47,6 +47,14 @@
   "dependencies": {
     "axios": "^1.6.0"
   },
+  "peerDependencies": {
+    "socket.io-client": "^4.0.0"
+  },
+  "peerDependenciesMeta": {
+    "socket.io-client": {
+      "optional": true
+    }
+  },
   "devDependencies": {
     "@types/node": "^20.0.0",
     "typescript": "^5.3.0"