npm - win-portal-auth-sdk - Versions diffs - 1.6.2 → 1.6.3 - Mend

win-portal-auth-sdk 1.6.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/client/auth-client.d.ts +44 -18
package/dist/client/auth-client.d.ts.map +1 -1
package/dist/client/auth-client.js +81 -18
package/dist/client/index.d.ts +1 -0
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +3 -1
package/dist/client/session-socket.d.ts +89 -0
package/dist/client/session-socket.d.ts.map +1 -0
package/dist/client/session-socket.js +195 -0
package/dist/middleware/express.middleware.d.ts +18 -5
package/dist/middleware/express.middleware.d.ts.map +1 -1
package/dist/middleware/express.middleware.js +18 -5
package/dist/middleware/nestjs.guard.d.ts +30 -6
package/dist/middleware/nestjs.guard.d.ts.map +1 -1
package/dist/middleware/nestjs.guard.js +30 -6
package/package.json +9 -1

package/dist/client/auth-client.d.ts CHANGED Viewed

@@ -128,6 +128,9 @@ export declare class AuthClient {
     private activityThrottleTimeout;
     private activityThrottleMs;
     private refreshTimeoutMs;
+    private lastActivityRefreshTime;
+    private ACTIVITY_REFRESH_INTERVAL_MS;
+    private sessionSocket;
     readonly auth: AuthAPI;
     readonly health: HealthAPI;
     readonly systemConfig: SystemConfigAPI;
@@ -188,22 +191,32 @@ export declare class AuthClient {
     /**
      * Set JWT token for authenticated requests
      *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ใช้ `createAuthGuard()` หรือ `authMiddleware()` แทน (ไม่ต้อง setToken)
+     *
      * @param token - JWT access token
      * @param type - Token type: 'jwt' (default), 'oauth', or 'hybrid'
      *
      * @example
      * ```typescript
-     * // JWT token from /auth/login
+     * // Frontend: JWT token from /auth/login
      * authClient.setToken(session.token, 'jwt');
      *
-     * // OAuth access token
+     * // Frontend: OAuth access token
      * authClient.setToken(oauthToken, 'oauth');
      *
-     * // Auto-detect (hybrid mode)
-     * authClient.setToken(token);
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
+     * // @UseGuards(AuthGuard)
      * ```
      */
     setToken(token: string, type?: 'jwt' | 'oauth' | 'hybrid'): void;
+    /**
+     * Update session socket token if real-time monitoring is enabled
+     *
+     * @private
+     * @param token - New JWT token to update
+     */
+    private updateSessionSocketToken;
     /**
      * Get current token type
      */
@@ -228,33 +241,30 @@ export declare class AuthClient {
     getAxiosInstance(): AxiosInstance;
     /**
      * Enable automatic token refresh
-     * Call this after user is authenticated to enable automatic refresh
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ถือ token, Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป
+     *
+     * Call this after user is authenticated to enable automatic refresh.
+     * SDK จะ refresh token อัตโนมัติก่อนหมดอายุผ่าน axios interceptor.
      *
      * @param options - Options for automatic refresh (optional - SDK will use session-based refresh if not provided)
      *
      * @example
      * ```typescript
-     * // Option 1: Session-based refresh (default - no refresh token needed)
-     * // Works when login only returns access_token
+     * // Frontend: Session-based refresh (default - no refresh token needed)
      * await authClient.enableAutomaticRefresh({
      *   onRefreshFailure: () => window.location.href = '/login'
      * });
      *
-     * // Option 2: With refresh token (if login returns refresh_token)
+     * // Frontend: With refresh token (if login returns refresh_token)
      * await authClient.enableAutomaticRefresh({
      *   refreshTokenKey: 'refresh_token',
      *   onRefreshFailure: () => window.location.href = '/login'
      * });
      *
-     * // Option 3: Custom callbacks
-     * await authClient.enableAutomaticRefresh({
-     *   callbacks: {
-     *     getRefreshToken: () => customStorage.get('refresh_token'),
-     *     setRefreshToken: (token) => customStorage.set('refresh_token', token),
-     *     clearRefreshToken: () => customStorage.remove('refresh_token'),
-     *     onRefreshFailure: () => window.location.href = '/login'
-     *   }
-     * });
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
+     * // @UseGuards(AuthGuard) // Guard จะ validate token อัตโนมัติ
      * ```
      */
     enableAutomaticRefresh(options?: AutomaticRefreshOptions): Promise<void>;
@@ -285,12 +295,17 @@ export declare class AuthClient {
     reloadJwtConfig(): Promise<void>;
     /**
      * Enable session expiration monitoring
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ track session expiration, Frontend เป็นคนจัดการ
+     *
      * จะตรวจสอบ session expiration ตาม config จาก settings/sessions และเรียก callback เมื่อใกล้หมดอายุ
      *
      * @param options - Options for session expiration monitoring
      *
      * @example
      * ```typescript
+     * // Frontend: Monitor session expiration
      * await authClient.enableSessionExpirationMonitoring({
      *   callbacks: {
      *     onSessionExpiring: (remainingMinutes, expirationType) => {
@@ -304,6 +319,8 @@ export declare class AuthClient {
      *   },
      *   checkIntervalSeconds: 30 // ตรวจสอบทุก 30 วินาที
      * });
+     *
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
      * ```
      */
     enableSessionExpirationMonitoring(options: SessionExpirationOptions): Promise<void>;
@@ -345,12 +362,18 @@ export declare class AuthClient {
     reloadSessionManagementConfig(): Promise<void>;
     /**
      * Enable inactivity detection
-     * จับ user activity (mouse/keyboard/touch/scroll) และ trigger callback เมื่อ inactivity timeout
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ track user activity, Frontend เป็นคนจัดการ
+     *
+     * จับ user activity (mouse/keyboard/touch/scroll) และ trigger callback เมื่อ inactivity timeout.
+     * เมื่อมี activity จะ trigger token refresh เพื่อ update server-side `last_access_at`.
      *
      * @param options - Options for inactivity detection
      *
      * @example
      * ```typescript
+     * // Frontend: Track user activity and trigger token refresh
      * await authClient.enableInactivityDetection({
      *   callbacks: {
      *     onInactivityWarning: (remainingSeconds) => {
@@ -368,6 +391,8 @@ export declare class AuthClient {
      *   warningSeconds: 300, // 5 minutes warning (optional, default: จาก session management config)
      *   events: ['mousemove', 'keydown', 'touchstart', 'scroll'] // (optional, default: ทั้งหมด)
      * });
+     *
+     * // Backend: ไม่ต้องใช้ - Server-side inactivity enforcement ทำงานอัตโนมัติ
      * ```
      */
     enableInactivityDetection(options: InactivityDetectionOptions): Promise<void>;
@@ -377,6 +402,7 @@ export declare class AuthClient {
     disableInactivityDetection(): void;
     /**
      * Handle user activity - reset inactivity timer with throttle
+     * Also trigger token refresh to update server-side last_access_at (if auto-refresh enabled)
      */
     private handleUserActivity;
     /**

package/dist/client/auth-client.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth-client.d.ts","sourceRoot":"","sources":["../../src/client/auth-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAc,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAA8B,MAAM,OAAO,CAAC;AAC5G,OAAO,EAAE,aAAa,EAA8C,MAAM,UAAU,CAAC;AACrF,OAAO,EACL,OAAO,EACP,SAAS,EACT,eAAe,EACf,QAAQ,EACR,WAAW,EACX,UAAU,EACV,QAAQ,EACR,WAAW,EACX,OAAO,EACP,OAAO,EACP,OAAO,EACP,MAAM,EACN,QAAQ,EACR,WAAW,EACX,eAAe,EACf,UAAU,EACX,MAAM,OAAO,CAAC;AAiBf,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,eAAe,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC9D;;OAEG;IACH,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,0BAA0B;IACzC;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,GAAG,UAAU,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClH;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,wBAAwB;IACvC;;OAEG;IACH,SAAS,EAAE,0BAA0B,CAAC;IACtC;;OAEG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,uBAAuB;IACtC;;;;;OAKG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,qBAAqB,CAAC;IAClC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzE;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAClD;AAED,MAAM,WAAW,0BAA0B;IACzC;;OAEG;IACH,SAAS,EAAE,mBAAmB,CAAC;IAC/B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,MAAM,CAAC,EAAE,CAAC,WAAW,GAAG,SAAS,GAAG,YAAY,GAAG,QAAQ,CAAC,EAAE,CAAC;CAChE;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,QAAQ,CAAwC;IAGxD,OAAO,CAAC,qBAAqB,CAAsC;IACnE,OAAO,CAAC,gBAAgB,CAA8B;IACtD,OAAO,CAAC,uBAAuB,CAAuB;IACtD,OAAO,CAAC,uBAAuB,CAAwB;IACvD,OAAO,CAAC,kBAAkB,CAAa;IACvC,OAAO,CAAC,cAAc,CAAgC;IAGtD,OAAO,CAAC,0BAA0B,CAA2C;IAC7E,OAAO,CAAC,uBAAuB,CAAwC;IACvE,OAAO,CAAC,8BAA8B,CAA8B;IACpE,OAAO,CAAC,8BAA8B,CAA+B;IACrE,OAAO,CAAC,qCAAqC,CAAkD;IAC/F,OAAO,CAAC,eAAe,CAAa;IAGpC,OAAO,CAAC,mBAAmB,CAAoC;IAC/D,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,wBAAwB,CAA+B;IAC/D,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,0BAA0B,CAAkB;IACpD,OAAO,CAAC,wBAAwB,CAAa;IAC7C,OAAO,CAAC,wBAAwB,CAAa;IAC7C,OAAO,CAAC,cAAc,CAA6D;IACnF,OAAO,CAAC,eAAe,CAA6B;IACpD,OAAO,CAAC,uBAAuB,CAA+B;IAC9D,OAAO,CAAC,kBAAkB,CAAwC;IAClE,OAAO,CAAC,gBAAgB,CAAsC;~~IAG9D~~,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,MAAM,EAAE,SAAS,CAAC;IAClC,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,SAAgB,KAAK,EAAE,QAAQ,CAAC;IAChC,SAAgB,QAAQ,EAAE,WAAW,CAAC;IACtC,SAAgB,OAAO,EAAE,UAAU,CAAC;IACpC,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,GAAG,EAAE,MAAM,CAAC;IAC5B,SAAgB,KAAK,EAAE,QAAQ,CAAC;IAChC,SAAgB,QAAQ,EAAE,WAAW,CAAC;IACtC,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,SAAgB,OAAO,EAAE,UAAU,CAAC;IAC7B,KAAK,CAAC,EAAE,QAAQ,CAAC;gBAEZ,MAAM,EAAE,aAAa;~~IAiKjC~~;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAW1C;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIvF;;OAEG;IACG,IAAI,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIpG;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAInG;;OAEG;IACG,KAAK,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIrG;;OAEG;IACG,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAI1F;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAI/B;;OAEG;IACH,eAAe,IAAI,MAAM;IAMzB~~;;;;;;;;;;;;;;;;;OAiBG~~;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,KAAK,GAAG,OAAO,GAAG,QAAgB,GAAG,IAAI;~~IAcvE~~;;OAEG;IACH,WAAW,IAAI,KAAK,GAAG,OAAO,GAAG,QAAQ;IAIzC;;;;OAIG;IACH,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,IAAI;IAKnD;;OAEG;IACH,cAAc,IAAI,MAAM;IAOxB;;OAEG;IACH,UAAU,IAAI,IAAI;IAMlB;;OAEG;IACH,gBAAgB,IAAI,aAAa;IAIjC~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG~~;IACG,sBAAsB,CAAC,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C9E;;OAEG;IACH,uBAAuB,IAAI,IAAI;IAO/B;;OAEG;YACW,aAAa;IAS3B;;OAEG;YACW,oBAAoB;IAgBlC;;OAEG;YACW,cAAc;IAmB5B;;;OAGG;YACW,SAAS;~~IAqDvB~~;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAOtC~~;;;;;;;;;;;;;;;;;;;;;;OAsBG~~;IACG,iCAAiC,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWzF;;OAEG;IACH,kCAAkC,IAAI,IAAI;IAO1C;;OAEG;YACW,2BAA2B;IASzC;;OAEG;YACW,kCAAkC;IAmBhD;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAaxC;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAOvC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IAiE9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAe9B;;OAEG;IACG,6BAA6B,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpD~~;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG~~;IACG,yBAAyB,CAAC,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IAsDnF;;OAEG;IACH,0BAA0B,IAAI,IAAI;IAyBlC~~;;OAEG~~;IACH,OAAO,CAAC,kBAAkB;~~IAkB1B~~;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAuB9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAW/B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAmC5B;;OAEG;IACH,OAAO,CAAC,sBAAsB;CA0B/B"}
1	+ {"version":3,"file":"auth-client.d.ts","sourceRoot":"","sources":["../../src/client/auth-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAc,EAAE,aAAa,EAAE,kBAAkB,EAAE,aAAa,EAA8B,MAAM,OAAO,CAAC;AAC5G,OAAO,EAAE,aAAa,EAA8C,MAAM,UAAU,CAAC;AACrF,OAAO,EACL,OAAO,EACP,SAAS,EACT,eAAe,EACf,QAAQ,EACR,WAAW,EACX,UAAU,EACV,QAAQ,EACR,WAAW,EACX,OAAO,EACP,OAAO,EACP,OAAO,EACP,MAAM,EACN,QAAQ,EACR,WAAW,EACX,eAAe,EACf,UAAU,EACX,MAAM,OAAO,CAAC;AAiBf,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,eAAe,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC9D;;OAEG;IACH,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,0BAA0B;IACzC;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,GAAG,UAAU,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClH;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,wBAAwB;IACvC;;OAEG;IACH,SAAS,EAAE,0BAA0B,CAAC;IACtC;;OAEG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,uBAAuB;IACtC;;;;;OAKG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;;OAKG;IACH,SAAS,CAAC,EAAE,qBAAqB,CAAC;IAClC;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAED,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,mBAAmB,CAAC,EAAE,CAAC,gBAAgB,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACzE;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAClD;AAED,MAAM,WAAW,0BAA0B;IACzC;;OAEG;IACH,SAAS,EAAE,mBAAmB,CAAC;IAC/B;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB;;OAEG;IACH,MAAM,CAAC,EAAE,CAAC,WAAW,GAAG,SAAS,GAAG,YAAY,GAAG,QAAQ,CAAC,EAAE,CAAC;CAChE;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,QAAQ,CAAwC;IAGxD,OAAO,CAAC,qBAAqB,CAAsC;IACnE,OAAO,CAAC,gBAAgB,CAA8B;IACtD,OAAO,CAAC,uBAAuB,CAAuB;IACtD,OAAO,CAAC,uBAAuB,CAAwB;IACvD,OAAO,CAAC,kBAAkB,CAAa;IACvC,OAAO,CAAC,cAAc,CAAgC;IAGtD,OAAO,CAAC,0BAA0B,CAA2C;IAC7E,OAAO,CAAC,uBAAuB,CAAwC;IACvE,OAAO,CAAC,8BAA8B,CAA8B;IACpE,OAAO,CAAC,8BAA8B,CAA+B;IACrE,OAAO,CAAC,qCAAqC,CAAkD;IAC/F,OAAO,CAAC,eAAe,CAAa;IAGpC,OAAO,CAAC,mBAAmB,CAAoC;IAC/D,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,wBAAwB,CAA+B;IAC/D,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,0BAA0B,CAAkB;IACpD,OAAO,CAAC,wBAAwB,CAAa;IAC7C,OAAO,CAAC,wBAAwB,CAAa;IAC7C,OAAO,CAAC,cAAc,CAA6D;IACnF,OAAO,CAAC,eAAe,CAA6B;IACpD,OAAO,CAAC,uBAAuB,CAA+B;IAC9D,OAAO,CAAC,kBAAkB,CAAwC;IAClE,OAAO,CAAC,gBAAgB,CAAsC;IAC9D,OAAO,CAAC,uBAAuB,CAAa;IAC5C,OAAO,CAAC,4BAA4B,CAAiB;IAGrD,OAAO,CAAC,aAAa,CAAa;IAGlC,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,MAAM,EAAE,SAAS,CAAC;IAClC,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,SAAgB,KAAK,EAAE,QAAQ,CAAC;IAChC,SAAgB,QAAQ,EAAE,WAAW,CAAC;IACtC,SAAgB,OAAO,EAAE,UAAU,CAAC;IACpC,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,IAAI,EAAE,OAAO,CAAC;IAC9B,SAAgB,GAAG,EAAE,MAAM,CAAC;IAC5B,SAAgB,KAAK,EAAE,QAAQ,CAAC;IAChC,SAAgB,QAAQ,EAAE,WAAW,CAAC;IACtC,SAAgB,YAAY,EAAE,eAAe,CAAC;IAC9C,SAAgB,OAAO,EAAE,UAAU,CAAC;IAC7B,KAAK,CAAC,EAAE,QAAQ,CAAC;gBAEZ,MAAM,EAAE,aAAa;IAmKjC;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAW1C;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIvF;;OAEG;IACG,IAAI,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIpG;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAInG;;OAEG;IACG,KAAK,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAIrG;;OAEG;IACG,MAAM,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAI1F;;OAEG;IACH,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAI/B;;OAEG;IACH,eAAe,IAAI,MAAM;IAMzB;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,KAAK,GAAG,OAAO,GAAG,QAAgB,GAAG,IAAI;IAgBvE;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IAOhC;;OAEG;IACH,WAAW,IAAI,KAAK,GAAG,OAAO,GAAG,QAAQ;IAIzC;;;;OAIG;IACH,WAAW,CAAC,IAAI,EAAE,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,IAAI;IAKnD;;OAEG;IACH,cAAc,IAAI,MAAM;IAOxB;;OAEG;IACH,UAAU,IAAI,IAAI;IAMlB;;OAEG;IACH,gBAAgB,IAAI,aAAa;IAIjC;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACG,sBAAsB,CAAC,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C9E;;OAEG;IACH,uBAAuB,IAAI,IAAI;IAO/B;;OAEG;YACW,aAAa;IAS3B;;OAEG;YACW,oBAAoB;IAgBlC;;OAEG;YACW,cAAc;IAmB5B;;;OAGG;YACW,SAAS;IAyDvB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;IAOtC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACG,iCAAiC,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,IAAI,CAAC;IAWzF;;OAEG;IACH,kCAAkC,IAAI,IAAI;IAO1C;;OAEG;YACW,2BAA2B;IASzC;;OAEG;YACW,kCAAkC;IAmBhD;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAaxC;;OAEG;IACH,OAAO,CAAC,+BAA+B;IAOvC;;;;;;OAMG;IACH,OAAO,CAAC,sBAAsB;IAiE9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAe9B;;OAEG;IACG,6BAA6B,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,yBAAyB,CAAC,OAAO,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IAsDnF;;OAEG;IACH,0BAA0B,IAAI,IAAI;IAyBlC;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA+C1B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAuB9B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAc/B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAW/B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAmC5B;;OAEG;IACH,OAAO,CAAC,sBAAsB;CA0B/B"}

package/dist/client/auth-client.js CHANGED Viewed

@@ -56,6 +56,10 @@ class AuthClient {
         this.activityThrottleTimeout = null;
         this.activityThrottleMs = DEFAULT_ACTIVITY_THROTTLE_MS;
         this.refreshTimeoutMs = DEFAULT_REFRESH_TIMEOUT_MS;
+        this.lastActivityRefreshTime = 0; // Track last time we refreshed due to activity
+        this.ACTIVITY_REFRESH_INTERVAL_MS = 5 * 60 * 1000; // Refresh every 5 minutes when active (keep-alive)
+        // Real-time session monitoring (Socket.IO)
+        this.sessionSocket = null; // SessionSocket instance
         this.apiKey = config.apiKey;
         this.apiKeyHeader = config.apiKeyHeader || 'X-API-Key';
         // Apply advanced config if provided
@@ -107,6 +111,8 @@ class AuthClient {
                                         ]);
                                         this.token = newToken;
                                         requestConfig.headers['Authorization'] = `Bearer ${newToken}`;
+                                        // Update session socket token if real-time monitoring is enabled
+                                        this.updateSessionSocketToken(newToken);
                                         logger_1.logger.info('Token refreshed successfully (critical)');
                                     }
                                     catch (error) {
@@ -261,24 +267,29 @@ class AuthClient {
     /**
      * Set JWT token for authenticated requests
      *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ใช้ `createAuthGuard()` หรือ `authMiddleware()` แทน (ไม่ต้อง setToken)
+     *
      * @param token - JWT access token
      * @param type - Token type: 'jwt' (default), 'oauth', or 'hybrid'
      *
      * @example
      * ```typescript
-     * // JWT token from /auth/login
+     * // Frontend: JWT token from /auth/login
      * authClient.setToken(session.token, 'jwt');
      *
-     * // OAuth access token
+     * // Frontend: OAuth access token
      * authClient.setToken(oauthToken, 'oauth');
      *
-     * // Auto-detect (hybrid mode)
-     * authClient.setToken(token);
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
+     * // @UseGuards(AuthGuard)
      * ```
      */
     setToken(token, type = 'jwt') {
         this.token = token;
         this.authType = type;
+        // Update session socket token if real-time monitoring is enabled
+        this.updateSessionSocketToken(token);
         logger_1.logger.debug(`Token set with type: ${type}`);
         // Reset warning time when token changes
         this.lastWarningTime = 0;
@@ -287,6 +298,18 @@ class AuthClient {
             this.checkSessionExpiration();
         }
     }
+    /**
+     * Update session socket token if real-time monitoring is enabled
+     *
+     * @private
+     * @param token - New JWT token to update
+     */
+    updateSessionSocketToken(token) {
+        if (this.sessionSocket && typeof this.sessionSocket.updateToken === 'function') {
+            this.sessionSocket.updateToken(token);
+            logger_1.logger.debug('Session socket token updated');
+        }
+    }
     /**
      * Get current token type
      */
@@ -329,33 +352,30 @@ class AuthClient {
     }
     /**
      * Enable automatic token refresh
-     * Call this after user is authenticated to enable automatic refresh
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ถือ token, Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป
+     *
+     * Call this after user is authenticated to enable automatic refresh.
+     * SDK จะ refresh token อัตโนมัติก่อนหมดอายุผ่าน axios interceptor.
      *
      * @param options - Options for automatic refresh (optional - SDK will use session-based refresh if not provided)
      *
      * @example
      * ```typescript
-     * // Option 1: Session-based refresh (default - no refresh token needed)
-     * // Works when login only returns access_token
+     * // Frontend: Session-based refresh (default - no refresh token needed)
      * await authClient.enableAutomaticRefresh({
      *   onRefreshFailure: () => window.location.href = '/login'
      * });
      *
-     * // Option 2: With refresh token (if login returns refresh_token)
+     * // Frontend: With refresh token (if login returns refresh_token)
      * await authClient.enableAutomaticRefresh({
      *   refreshTokenKey: 'refresh_token',
      *   onRefreshFailure: () => window.location.href = '/login'
      * });
      *
-     * // Option 3: Custom callbacks
-     * await authClient.enableAutomaticRefresh({
-     *   callbacks: {
-     *     getRefreshToken: () => customStorage.get('refresh_token'),
-     *     setRefreshToken: (token) => customStorage.set('refresh_token', token),
-     *     clearRefreshToken: () => customStorage.remove('refresh_token'),
-     *     onRefreshFailure: () => window.location.href = '/login'
-     *   }
-     * });
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
+     * // @UseGuards(AuthGuard) // Guard จะ validate token อัตโนมัติ
      * ```
      */
     async enableAutomaticRefresh(options) {
@@ -478,6 +498,8 @@ class AuthClient {
                 const newAccessToken = result.token;
                 // Update token in client
                 this.token = newAccessToken;
+                // Update session socket token if real-time monitoring is enabled
+                this.updateSessionSocketToken(newAccessToken);
                 logger_1.logger.debug('Token refreshed successfully (session-based)');
                 return newAccessToken;
             }
@@ -499,6 +521,8 @@ class AuthClient {
                     const newAccessToken = session.access_token;
                     // Update token in client
                     this.token = newAccessToken;
+                    // Update session socket token if real-time monitoring is enabled
+                    this.updateSessionSocketToken(newAccessToken);
                     // Save new refresh token if rotated
                     if (session.refresh_token) {
                         await this.refreshTokenCallbacks.setRefreshToken(session.refresh_token);
@@ -526,12 +550,17 @@ class AuthClient {
     }
     /**
      * Enable session expiration monitoring
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ track session expiration, Frontend เป็นคนจัดการ
+     *
      * จะตรวจสอบ session expiration ตาม config จาก settings/sessions และเรียก callback เมื่อใกล้หมดอายุ
      *
      * @param options - Options for session expiration monitoring
      *
      * @example
      * ```typescript
+     * // Frontend: Monitor session expiration
      * await authClient.enableSessionExpirationMonitoring({
      *   callbacks: {
      *     onSessionExpiring: (remainingMinutes, expirationType) => {
@@ -545,6 +574,8 @@ class AuthClient {
      *   },
      *   checkIntervalSeconds: 30 // ตรวจสอบทุก 30 วินาที
      * });
+     *
+     * // Backend: ไม่ต้องใช้ - ใช้ createAuthGuard() แทน
      * ```
      */
     async enableSessionExpirationMonitoring(options) {
@@ -703,12 +734,18 @@ class AuthClient {
     }
     /**
      * Enable inactivity detection
-     * จับ user activity (mouse/keyboard/touch/scroll) และ trigger callback เมื่อ inactivity timeout
+     *
+     * @platform **Frontend only** - สำหรับ React/Next.js applications
+     * @platform **Backend**: ไม่ต้องใช้ - Backend ไม่ได้ track user activity, Frontend เป็นคนจัดการ
+     *
+     * จับ user activity (mouse/keyboard/touch/scroll) และ trigger callback เมื่อ inactivity timeout.
+     * เมื่อมี activity จะ trigger token refresh เพื่อ update server-side `last_access_at`.
      *
      * @param options - Options for inactivity detection
      *
      * @example
      * ```typescript
+     * // Frontend: Track user activity and trigger token refresh
      * await authClient.enableInactivityDetection({
      *   callbacks: {
      *     onInactivityWarning: (remainingSeconds) => {
@@ -726,6 +763,8 @@ class AuthClient {
      *   warningSeconds: 300, // 5 minutes warning (optional, default: จาก session management config)
      *   events: ['mousemove', 'keydown', 'touchstart', 'scroll'] // (optional, default: ทั้งหมด)
      * });
+     *
+     * // Backend: ไม่ต้องใช้ - Server-side inactivity enforcement ทำงานอัตโนมัติ
      * ```
      */
     async enableInactivityDetection(options) {
@@ -799,6 +838,7 @@ class AuthClient {
     }
     /**
      * Handle user activity - reset inactivity timer with throttle
+     * Also trigger token refresh to update server-side last_access_at (if auto-refresh enabled)
      */
     handleUserActivity() {
         if (!this.inactivityDetectionEnabled) {
@@ -810,6 +850,29 @@ class AuthClient {
         }
         this.lastActivityTime = Date.now();
         this.resetInactivityTimer();
+        // ✅ Connect inactivity detection with auto-refresh: trigger refresh to update server-side last_access_at
+        // This ensures server knows user is active even if no API calls are made
+        if (this.automaticRefreshEnabled &&
+            this.refreshTokenCallbacks &&
+            this.token &&
+            (0, token_utils_1.isTokenValid)(this.token)) {
+            const now = Date.now();
+            const timeSinceLastActivityRefresh = now - this.lastActivityRefreshTime;
+            // Refresh token if:
+            // 1. Token is near expiration (use refresh_threshold_minutes)
+            // 2. OR it's been 5 minutes since last activity refresh (keep-alive)
+            const shouldRefresh = (this.refreshThresholdMinutes !== null &&
+                (0, token_utils_1.isTokenNearExpiration)(this.token, this.refreshThresholdMinutes)) ||
+                timeSinceLastActivityRefresh >= this.ACTIVITY_REFRESH_INTERVAL_MS;
+            if (shouldRefresh && !this.refreshPromise) {
+                this.lastActivityRefreshTime = now;
+                // Trigger background refresh (non-blocking)
+                this.performRefresh().catch((error) => {
+                    logger_1.logger.debug('Activity-triggered token refresh failed:', error);
+                    // Don't call onRefreshFailure here - this is just a keep-alive, not critical
+                });
+            }
+        }
         this.activityThrottleTimeout = setTimeout(() => {
             this.activityThrottleTimeout = null;
         }, this.activityThrottleMs);

package/dist/client/index.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@
  * Client exports for frontend applications
  */
 export { AuthClient } from './auth-client';
+export { SessionSocket, type SessionSocketOptions, type SessionEventData } from './session-socket';
 export type { RefreshTokenCallbacks, AutomaticRefreshOptions, SessionExpirationCallbacks, SessionExpirationOptions, InactivityCallbacks, InactivityDetectionOptions, } from './auth-client';
 export * from './api';
 //# sourceMappingURL=index.d.ts.map

package/dist/client/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,YAAY,EACV,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AACvB,cAAc,OAAO,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,KAAK,oBAAoB,EAAE,KAAK,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACnG,YAAY,EACV,qBAAqB,EACrB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,mBAAmB,EACnB,0BAA0B,GAC3B,MAAM,eAAe,CAAC;AACvB,cAAc,OAAO,CAAC"}

package/dist/client/index.js CHANGED Viewed

@@ -17,7 +17,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthClient = void 0;
+exports.SessionSocket = exports.AuthClient = void 0;
 var auth_client_1 = require("./auth-client");
 Object.defineProperty(exports, "AuthClient", { enumerable: true, get: function () { return auth_client_1.AuthClient; } });
+var session_socket_1 = require("./session-socket");
+Object.defineProperty(exports, "SessionSocket", { enumerable: true, get: function () { return session_socket_1.SessionSocket; } });
 __exportStar(require("./api"), exports);

package/dist/client/session-socket.d.ts ADDED Viewed

@@ -0,0 +1,89 @@
+/**
+ * Session Socket Options
+ */
+export interface SessionSocketOptions {
+    /** Portal API URL (same as AuthClient baseURL) */
+    baseURL: string;
+    /** JWT token for authentication */
+    token: string;
+    /** Namespace (default: /app-sessions) */
+    namespace?: string;
+    /** Callbacks */
+    onSessionExpired?: (data: SessionEventData) => void;
+    onSessionRevoked?: (data: SessionEventData) => void;
+    onSessionExpiring?: (data: {
+        remaining_seconds: number;
+        reason: string;
+    }) => void;
+    onConnectionChange?: (connected: boolean) => void;
+    /** Auto-reconnect (default: true) */
+    autoReconnect?: boolean;
+    /** Reconnect attempts (default: 5) */
+    reconnectAttempts?: number;
+    /** Reconnect delay in ms (default: 1000) */
+    reconnectDelay?: number;
+}
+/**
+ * Session Event Data
+ */
+export interface SessionEventData {
+    session_id: string;
+    reason: string;
+    expired_at?: string;
+    last_access_at?: string;
+    revoked_by?: string;
+    revoked_at?: string;
+}
+/**
+ * Session Socket Client
+ *
+ * @description Socket.IO client wrapper for real-time session events
+ * Requires socket.io-client as peer dependency
+ *
+ * @example
+ * ```typescript
+ * const socket = new SessionSocket({
+ *   baseURL: 'https://portal.example.com',
+ *   token: 'jwt-token',
+ *   onSessionExpired: (data) => {
+ *     console.log('Session expired:', data);
+ *     window.location.href = '/login';
+ *   },
+ * });
+ *
+ * socket.connect();
+ * ```
+ */
+export declare class SessionSocket {
+    private socket;
+    private options;
+    private reconnectAttempts;
+    private reconnectTimeout;
+    private isConnecting;
+    constructor(options: SessionSocketOptions);
+    /**
+     * Connect to Socket.IO server
+     */
+    connect(): Promise<void>;
+    /**
+     * Disconnect from Socket.IO server
+     */
+    disconnect(): void;
+    /**
+     * Check if socket is connected
+     */
+    isConnected(): boolean;
+    /**
+     * Update JWT token (useful when token is refreshed)
+     */
+    updateToken(token: string): void;
+    /**
+     * Setup Socket.IO event listeners
+     */
+    private setupEventListeners;
+    /**
+     * Schedule reconnection attempt
+     */
+    private scheduleReconnect;
+}
+//# sourceMappingURL=session-socket.d.ts.map

package/dist/client/session-socket.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session-socket.d.ts","sourceRoot":"","sources":["../../src/client/session-socket.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,kDAAkD;IAClD,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB;IAChB,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE,gBAAgB,KAAK,IAAI,CAAC;IACpD,gBAAgB,CAAC,EAAE,CAAC,IAAI,EAAE,gBAAgB,KAAK,IAAI,CAAC;IACpD,iBAAiB,CAAC,EAAE,CAAC,IAAI,EAAE;QAAE,iBAAiB,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAC;IAClF,kBAAkB,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,IAAI,CAAC;IAClD,qCAAqC;IACrC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,sCAAsC;IACtC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,4CAA4C;IAC5C,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,iBAAiB,CAAK;IAC9B,OAAO,CAAC,gBAAgB,CAA+B;IACvD,OAAO,CAAC,YAAY,CAAS;gBAEjB,OAAO,EAAE,oBAAoB;IAUzC;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAuC9B;;OAEG;IACH,UAAU,IAAI,IAAI;IAgBlB;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;OAEG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAYhC;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAiD3B;;OAEG;IACH,OAAO,CAAC,iBAAiB;CAiB1B"}

package/dist/client/session-socket.js ADDED Viewed

@@ -0,0 +1,195 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionSocket = void 0;
+const logger_1 = require("../utils/logger");
+/**
+ * Session Socket Client
+ *
+ * @description Socket.IO client wrapper for real-time session events
+ * Requires socket.io-client as peer dependency
+ *
+ * @example
+ * ```typescript
+ * const socket = new SessionSocket({
+ *   baseURL: 'https://portal.example.com',
+ *   token: 'jwt-token',
+ *   onSessionExpired: (data) => {
+ *     console.log('Session expired:', data);
+ *     window.location.href = '/login';
+ *   },
+ * });
+ *
+ * socket.connect();
+ * ```
+ */
+class SessionSocket {
+    constructor(options) {
+        this.socket = null; // socket.io-client Socket
+        this.reconnectAttempts = 0;
+        this.reconnectTimeout = null;
+        this.isConnecting = false;
+        this.options = {
+            namespace: '/app-sessions',
+            autoReconnect: true,
+            reconnectAttempts: 5,
+            reconnectDelay: 1000,
+            ...options,
+        };
+    }
+    /**
+     * Connect to Socket.IO server
+     */
+    async connect() {
+        if (this.isConnecting || this.isConnected()) {
+            return;
+        }
+        try {
+            // Dynamic import socket.io-client
+            const { io } = await Promise.resolve().then(() => __importStar(require('socket.io-client')));
+            this.isConnecting = true;
+            const url = `${this.options.baseURL}${this.options.namespace}`;
+            this.socket = io(url, {
+                auth: {
+                    token: this.options.token,
+                },
+                transports: ['websocket', 'polling'],
+                reconnection: this.options.autoReconnect,
+                reconnectionAttempts: this.options.reconnectAttempts,
+                reconnectionDelay: this.options.reconnectDelay,
+            });
+            // Setup event listeners
+            this.setupEventListeners();
+            logger_1.logger.debug('SessionSocket connecting...', { url, namespace: this.options.namespace });
+        }
+        catch (error) {
+            this.isConnecting = false;
+            if (error.message?.includes('Cannot find module') || error.message?.includes('socket.io-client')) {
+                logger_1.logger.warn('socket.io-client not installed. Install it to enable real-time session monitoring: npm install socket.io-client');
+            }
+            else {
+                logger_1.logger.error('Failed to connect SessionSocket:', error);
+            }
+            throw error;
+        }
+    }
+    /**
+     * Disconnect from Socket.IO server
+     */
+    disconnect() {
+        if (this.socket) {
+            this.socket.disconnect();
+            this.socket = null;
+        }
+        if (this.reconnectTimeout) {
+            clearTimeout(this.reconnectTimeout);
+            this.reconnectTimeout = null;
+        }
+        this.reconnectAttempts = 0;
+        this.isConnecting = false;
+        logger_1.logger.debug('SessionSocket disconnected');
+    }
+    /**
+     * Check if socket is connected
+     */
+    isConnected() {
+        return this.socket?.connected === true;
+    }
+    /**
+     * Update JWT token (useful when token is refreshed)
+     */
+    updateToken(token) {
+        this.options.token = token;
+        if (this.socket) {
+            this.socket.auth = { token };
+            // Reconnect with new token
+            if (this.isConnected()) {
+                this.disconnect();
+                this.connect();
+            }
+        }
+    }
+    /**
+     * Setup Socket.IO event listeners
+     */
+    setupEventListeners() {
+        if (!this.socket) {
+            return;
+        }
+        // Connection events
+        this.socket.on('connect', () => {
+            this.isConnecting = false;
+            this.reconnectAttempts = 0;
+            logger_1.logger.debug('SessionSocket connected');
+            this.options.onConnectionChange?.(true);
+        });
+        this.socket.on('disconnect', (reason) => {
+            logger_1.logger.debug('SessionSocket disconnected:', reason);
+            this.options.onConnectionChange?.(false);
+            // Auto-reconnect if enabled and not manually disconnected
+            if (this.options.autoReconnect && reason !== 'io client disconnect') {
+                this.scheduleReconnect();
+            }
+        });
+        this.socket.on('connect_error', (error) => {
+            logger_1.logger.warn('SessionSocket connection error:', error.message);
+            this.isConnecting = false;
+        });
+        // Session events
+        this.socket.on('session_expired', (data) => {
+            logger_1.logger.debug('Session expired event received:', data);
+            this.options.onSessionExpired?.(data);
+        });
+        this.socket.on('session_revoked', (data) => {
+            logger_1.logger.debug('Session revoked event received:', data);
+            this.options.onSessionRevoked?.(data);
+        });
+        this.socket.on('session_expiring', (data) => {
+            logger_1.logger.debug('Session expiring event received:', data);
+            this.options.onSessionExpiring?.(data);
+        });
+        this.socket.on('connection_status', (data) => {
+            logger_1.logger.debug('Connection status:', data);
+        });
+    }
+    /**
+     * Schedule reconnection attempt
+     */
+    scheduleReconnect() {
+        if (this.reconnectAttempts >= (this.options.reconnectAttempts || 5)) {
+            logger_1.logger.warn('Max reconnection attempts reached');
+            return;
+        }
+        this.reconnectAttempts++;
+        const delay = (this.options.reconnectDelay || 1000) * this.reconnectAttempts; // Exponential backoff
+        logger_1.logger.debug(`Scheduling reconnect attempt ${this.reconnectAttempts} in ${delay}ms`);
+        this.reconnectTimeout = setTimeout(() => {
+            this.connect().catch((error) => {
+                logger_1.logger.error('Reconnection failed:', error);
+            });
+        }, delay);
+    }
+}
+exports.SessionSocket = SessionSocket;

package/dist/middleware/express.middleware.d.ts CHANGED Viewed

@@ -9,21 +9,34 @@ import './express.types';
 /**
  * Create Express middleware
  *
+ * @platform **Backend only** - สำหรับ Express applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Validate token จาก request header และ attach user profile ลง `req.user`.
+ * Backend ไม่ต้อง refresh token - Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป.
+ *
+ * @param config - Configuration สำหรับ auth middleware
+ * @returns Express middleware function
+ *
  * @example
  * ```typescript
+ * // Backend: Express middleware
  * import { authMiddleware } from 'win-portal-auth-sdk';
  *
- * // Express
  * app.use(authMiddleware({
- *   baseURL: 'https://api.example.com',
- *   apiKey: 'your-api-key'
+ *   baseURL: process.env.PORTAL_API_URL!,
+ *   apiKey: process.env.PORTAL_API_KEY!,
+ *   cacheTimeout: 300, // Cache user profile 5 นาที (default)
  * }));
  *
  * // In routes
  * app.get('/profile', (req, res) => {
- *   const user = req.user; // User
- *   const token = req.token;
+ *   const user = req.user; // UserProfileResponseDto from Portal
+ *   const token = req.token; // JWT token
+ *   res.json({ user });
  * });
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 export declare function authMiddleware(config: MiddlewareConfig): (req: any, res: any, next: any) => Promise<any>;

package/dist/middleware/express.middleware.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"express.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/express.middleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAMxD,OAAO,iBAAiB,CAAC;AAEzB~~;;;;;;;;;;;;;;;;;;;GAmBG~~;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,gBAAgB,SAGlC,GAAG,OAAO,GAAG,QAAQ,GAAG,kBA4B5C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,WAAW,CAK7C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG;IACrC,IAAI,EAAE,IAAI,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;CACf,CASA;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,QAM5C"}
1	+ {"version":3,"file":"express.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/express.middleware.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChC,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAMxD,OAAO,iBAAiB,CAAC;AAEzB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,gBAAgB,SAGlC,GAAG,OAAO,GAAG,QAAQ,GAAG,kBA4B5C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,WAAW,CAK7C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG;IACrC,IAAI,EAAE,IAAI,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;CACf,CASA;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,QAM5C"}

package/dist/middleware/express.middleware.js CHANGED Viewed

@@ -14,21 +14,34 @@ require("./express.types");
 /**
  * Create Express middleware
  *
+ * @platform **Backend only** - สำหรับ Express applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Validate token จาก request header และ attach user profile ลง `req.user`.
+ * Backend ไม่ต้อง refresh token - Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป.
+ *
+ * @param config - Configuration สำหรับ auth middleware
+ * @returns Express middleware function
+ *
  * @example
  * ```typescript
+ * // Backend: Express middleware
  * import { authMiddleware } from 'win-portal-auth-sdk';
  *
- * // Express
  * app.use(authMiddleware({
- *   baseURL: 'https://api.example.com',
- *   apiKey: 'your-api-key'
+ *   baseURL: process.env.PORTAL_API_URL!,
+ *   apiKey: process.env.PORTAL_API_KEY!,
+ *   cacheTimeout: 300, // Cache user profile 5 นาที (default)
  * }));
  *
  * // In routes
  * app.get('/profile', (req, res) => {
- *   const user = req.user; // User
- *   const token = req.token;
+ *   const user = req.user; // UserProfileResponseDto from Portal
+ *   const token = req.token; // JWT token
+ *   res.json({ user });
  * });
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 function authMiddleware(config) {

package/dist/middleware/nestjs.guard.d.ts CHANGED Viewed

@@ -7,22 +7,34 @@ import { MiddlewareConfig } from './types';
 /**
  * NestJS Auth Guard
  *
+ * @platform **Backend only** - สำหรับ NestJS applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Validate token จาก request header และ attach user profile ลง `request.user`.
+ * Backend ไม่ต้อง refresh token - Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป.
+ *
+ * @param config - Configuration สำหรับ auth guard
+ * @returns NestJS Guard class ที่สามารถใช้กับ `@UseGuards()` decorator
+ *
  * @example
  * ```typescript
- * // In your auth.guard.ts
+ * // Backend: In your auth.guard.ts
  * import { createAuthGuard } from 'win-portal-auth-sdk';
  *
  * export const AuthGuard = createAuthGuard({
- *   baseURL: process.env.API_BASE_URL,
- *   apiKey: process.env.API_KEY
+ *   baseURL: process.env.PORTAL_API_URL!,
+ *   apiKey: process.env.PORTAL_API_KEY!,
+ *   cacheTimeout: 300, // Cache user profile 5 นาที (default)
  * });
  *
  * // In your controller
  * @UseGuards(AuthGuard)
  * @Get('profile')
- * getProfile(@CurrentUser() user: User) {
- *   return user;
+ * getProfile(@CurrentUser() user: UserProfileResponseDto) {
+ *   return user; // user มาจาก Portal API (ผ่าน Guard validation)
  * }
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 export declare function createAuthGuard(config: Omit<MiddlewareConfig, 'optional'>): {
@@ -33,14 +45,26 @@ export declare function createAuthGuard(config: Omit<MiddlewareConfig, 'optional
 /**
  * Optional Auth Guard - Does not block if no token
  *
+ * @platform **Backend only** - สำหรับ NestJS applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Similar to `createAuthGuard()` แต่ไม่ block request ถ้าไม่มี token.
+ * ใช้สำหรับ routes ที่ต้องการ user ถ้ามี แต่ยังทำงานได้ถ้าไม่มี.
+ *
+ * @param config - Configuration สำหรับ auth guard
+ * @returns NestJS Guard class ที่สามารถใช้กับ `@UseGuards()` decorator
+ *
  * @example
  * ```typescript
+ * // Backend: Optional auth guard
  * @UseGuards(OptionalAuthGuard)
  * @Get('posts')
- * getPosts(@CurrentUser() user: User | null) {
+ * getPosts(@CurrentUser() user: UserProfileResponseDto | null) {
  *   // user may be null
  *   return user ? 'Your posts' : 'Public posts';
  * }
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 export declare function createOptionalAuthGuard(config: Omit<MiddlewareConfig, 'optional'>): {

package/dist/middleware/nestjs.guard.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"nestjs.guard.d.ts","sourceRoot":"","sources":["../../src/middleware/nestjs.guard.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAI3C~~;;;;;;;;;;;;;;;;;;;;GAoBG~~;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;;6BAO3C,GAAG,GAAG,QAAQ,OAAO,CAAC;;EAoBpD;AAED~~;;;;;;;;;;;;GAYG~~;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;;6BAOnD,GAAG,GAAG,QAAQ,OAAO,CAAC;;EAepD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,QAMhD"}
1	+ {"version":3,"file":"nestjs.guard.d.ts","sourceRoot":"","sources":["../../src/middleware/nestjs.guard.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAI3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;;6BAO3C,GAAG,GAAG,QAAQ,OAAO,CAAC;;EAoBpD;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;;6BAOnD,GAAG,GAAG,QAAQ,OAAO,CAAC;;EAepD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,CAAC,EAAE,MAAM,QAMhD"}

package/dist/middleware/nestjs.guard.js CHANGED Viewed

@@ -11,22 +11,34 @@ const user_cache_1 = require("./shared/user-cache");
 /**
  * NestJS Auth Guard
  *
+ * @platform **Backend only** - สำหรับ NestJS applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Validate token จาก request header และ attach user profile ลง `request.user`.
+ * Backend ไม่ต้อง refresh token - Frontend เป็นคน refresh และส่ง token ใหม่มาใน request ถัดไป.
+ *
+ * @param config - Configuration สำหรับ auth guard
+ * @returns NestJS Guard class ที่สามารถใช้กับ `@UseGuards()` decorator
+ *
  * @example
  * ```typescript
- * // In your auth.guard.ts
+ * // Backend: In your auth.guard.ts
  * import { createAuthGuard } from 'win-portal-auth-sdk';
  *
  * export const AuthGuard = createAuthGuard({
- *   baseURL: process.env.API_BASE_URL,
- *   apiKey: process.env.API_KEY
+ *   baseURL: process.env.PORTAL_API_URL!,
+ *   apiKey: process.env.PORTAL_API_KEY!,
+ *   cacheTimeout: 300, // Cache user profile 5 นาที (default)
  * });
  *
  * // In your controller
  * @UseGuards(AuthGuard)
  * @Get('profile')
- * getProfile(@CurrentUser() user: User) {
- *   return user;
+ * getProfile(@CurrentUser() user: UserProfileResponseDto) {
+ *   return user; // user มาจาก Portal API (ผ่าน Guard validation)
  * }
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 function createAuthGuard(config) {
@@ -55,14 +67,26 @@ exports.createAuthGuard = createAuthGuard;
 /**
  * Optional Auth Guard - Does not block if no token
  *
+ * @platform **Backend only** - สำหรับ NestJS applications
+ * @platform **Frontend**: ไม่ต้องใช้ - Frontend ใช้ `AuthClient` แทน
+ *
+ * Similar to `createAuthGuard()` แต่ไม่ block request ถ้าไม่มี token.
+ * ใช้สำหรับ routes ที่ต้องการ user ถ้ามี แต่ยังทำงานได้ถ้าไม่มี.
+ *
+ * @param config - Configuration สำหรับ auth guard
+ * @returns NestJS Guard class ที่สามารถใช้กับ `@UseGuards()` decorator
+ *
  * @example
  * ```typescript
+ * // Backend: Optional auth guard
  * @UseGuards(OptionalAuthGuard)
  * @Get('posts')
- * getPosts(@CurrentUser() user: User | null) {
+ * getPosts(@CurrentUser() user: UserProfileResponseDto | null) {
  *   // user may be null
  *   return user ? 'Your posts' : 'Public posts';
  * }
+ *
+ * // Frontend: ไม่ต้องใช้ - ใช้ AuthClient แทน
  * ```
  */
 function createOptionalAuthGuard(config) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "win-portal-auth-sdk",
-  "version": "1.6.2",
+  "version": "1.6.3",
   "description": "Shared authentication SDK for Win Portal applications with JWT and OAuth support",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -47,6 +47,14 @@
   "dependencies": {
     "axios": "^1.6.0"
   },
+  "peerDependencies": {
+    "socket.io-client": "^4.0.0"
+  },
+  "peerDependenciesMeta": {
+    "socket.io-client": {
+      "optional": true
+    }
+  },
   "devDependencies": {
     "@types/node": "^20.0.0",
     "typescript": "^5.3.0"