zudoku 0.46.3 → 0.47.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zudoku",
-  "version": "0.46.3",
+  "version": "0.47.1",
   "type": "module",
   "homepage": "https://zudoku.dev",
   "repository": {
@@ -36,10 +36,6 @@
       "import": "./lib/ui/*.js",
       "types": "./dist/lib/ui/*.d.ts"
     },
-    "./hooks": {
-      "import": "./lib/hooks/index.js",
-      "types": "./dist/lib/hooks/index.d.ts"
-    },
     "./client": {
       "types": "./client.d.ts"
     },
@@ -59,6 +55,10 @@
       "import": "./lib/zudoku.auth-supabase.js",
       "types": "./dist/lib/authentication/providers/supabase.d.ts"
     },
+    "./auth/azureb2c": {
+      "import": "./lib/zudoku.auth-azureb2c.js",
+      "types": "./dist/lib/authentication/providers/azureb2c.d.ts"
+    },
     "./plugins": {
       "import": "./lib/zudoku.plugins.js",
       "types": "./dist/lib/core/plugins.d.ts"
@@ -95,6 +95,10 @@
       "import": "./lib/zudoku.plugin-search-pagefind.js",
       "types": "./dist/lib/plugins/search-pagefind/index.d.ts"
     },
+    "./hooks": {
+      "import": "./lib/zudoku.hooks.js",
+      "types": "./dist/lib/hooks/index.d.ts"
+    },
     "./components": {
       "import": "./lib/zudoku.components.js",
       "types": "./dist/lib/components/index.d.ts"
@@ -159,11 +163,11 @@
     "@radix-ui/react-tooltip": "1.2.7",
     "@radix-ui/react-visually-hidden": "1.2.3",
     "@scalar/openapi-parser": "0.10.17",
-    "@sentry/node": "9.12.0",
-    "@shikijs/langs": "3.4.2",
-    "@shikijs/rehype": "3.4.2",
-    "@shikijs/themes": "3.4.2",
-    "@shikijs/transformers": "3.4.2",
+    "@sentry/node": "9.26.0",
+    "@shikijs/langs": "3.5.0",
+    "@shikijs/rehype": "3.5.0",
+    "@shikijs/themes": "3.5.0",
+    "@shikijs/transformers": "3.5.0",
     "@sindresorhus/slugify": "2.2.1",
     "@stefanprobst/rehype-extract-toc": "3.0.0",
     "@tailwindcss/typography": "0.5.16",
@@ -171,7 +175,7 @@
     "@tanem/react-nprogress": "5.0.55",
     "@tanstack/react-query": "5.74.3",
     "@types/react": "19.1.1",
-    "@types/react-dom": "19.1.2",
+    "@types/react-dom": "19.1.6",
     "@vitejs/plugin-react": "4.4.1",
     "@zudoku/httpsnippet": "10.0.9",
     "@zudoku/react-helmet-async": "2.0.5",
@@ -183,14 +187,14 @@
     "devlop": "^1.1.0",
     "dotenv": "16.5.0",
     "embla-carousel-react": "8.6.0",
-    "estree-util-value-to-estree": "3.3.3",
+    "estree-util-value-to-estree": "3.4.0",
     "express": "5.1.0",
     "fast-equals": "5.2.2",
     "framer-motion": "^12.12.2",
-    "glob": "11.0.1",
+    "glob": "11.0.2",
     "graphql": "16.11.0",
     "graphql-type-json": "0.3.2",
-    "graphql-yoga": "5.13.3",
+    "graphql-yoga": "5.13.5",
     "gray-matter": "4.0.3",
     "hast-util-to-jsx-runtime": "^2.3.6",
     "hast-util-to-string": "3.0.1",
@@ -227,7 +231,7 @@
     "remark-rehype": "^11.1.2",
     "rollup": "4.41.1",
     "semver": "7.7.1",
-    "shiki": "3.4.2",
+    "shiki": "3.5.0",
     "sitemap": "8.0.0",
     "spin-delay": "2.0.1",
     "strip-ansi": "7.1.0",
@@ -239,11 +243,11 @@
     "vaul": "1.1.2",
     "vfile": "6.0.3",
     "vite": "6.3.5",
-    "yaml": "2.7.1",
+    "yaml": "2.8.0",
     "yargs": "17.7.2",
-    "zod": "3.24.2",
+    "zod": "3.25.51",
     "zod-validation-error": "3.4.1",
-    "zustand": "5.0.3"
+    "zustand": "5.0.5"
   },
   "devDependencies": {
     "@graphql-codegen/cli": "5.0.6",
@@ -264,7 +268,7 @@
     "@types/semver": "7.7.0",
     "@types/unist": "^3.0.3",
     "@types/yargs": "17.0.33",
-    "@vitest/coverage-v8": "3.1.1",
+    "@vitest/coverage-v8": "3.2.1",
     "esbuild": "0.25.1",
     "happy-dom": "17.5.6",
     "mdast-util-mdx": "3.0.0",
@@ -276,13 +280,27 @@
   },
   "peerDependencies": {
     "react": ">=19",
-    "react-dom": ">=19"
-  },
-  "optionalDependencies": {
+    "react-dom": ">=19",
+    "@azure/msal-browser": "^4.13.0",
     "@clerk/clerk-js": "^5.63.1",
     "@sentry/react": "^9.12.0",
     "@supabase/supabase-js": "^2.49.4"
   },
+  "optionalDependencies": {},
+  "peerDependenciesMeta": {
+    "@azure/msal-browser": {
+      "optional": true
+    },
+    "@clerk/clerk-js": {
+      "optional": true
+    },
+    "@sentry/react": {
+      "optional": true
+    },
+    "@supabase/supabase-js": {
+      "optional": true
+    }
+  },
   "scripts": {
     "build": "tsc --project tsconfig.app.json",
     "build:dev": "esbuild './src/**/*.ts' --format=esm --platform=node --target=node22 --outdir=dist --splitting --log-level=warning",

package/src/app/main.tsx

@@ -71,7 +71,7 @@ export const convertZudokuConfigToOptions = (
 
 export const getRoutesByOptions = (
   options: ZudokuContextOptions,
-  enableStatusPages = false,
+  enableStatusPages = true,
 ) => {
   const allPlugins = [
     ...(options.plugins ?? []),
@@ -84,7 +84,7 @@ export const getRoutesByOptions = (
       enableStatusPages
         ? [400, 403, 404, 405, 414, 416, 500, 501, 502, 503, 504].map(
             (statusCode) => ({
-              path: `/.static/${statusCode}`,
+              path: `/${statusCode}`,
               element: <StatusPage statusCode={statusCode} />,
             }),
           )

package/src/lib/auth/issuer.test.ts

@@ -0,0 +1,120 @@
+import { describe, expect, it } from "vitest";
+import type { ZudokuConfig } from "../../config/validators/validate.js";
+import { getIssuer } from "./issuer.js";
+
+describe("getIssuer", () => {
+  it("should return clerk frontend API for clerk authentication", async () => {
+    // Using a valid base64 encoded string: "example.example$test" -> "ZXhhbXBsZS5leGFtcGxlJHRlc3Q="
+    const config: ZudokuConfig = {
+      authentication: {
+        type: "clerk",
+        clerkPubKey:
+          "pk_test_dG9sZXJhbnQtaG9ybmV0LTQ2LmNsZXJrLmFjY291bnRzLmRldiQ",
+      },
+    };
+
+    const result = await getIssuer(config);
+    expect(result).toBe("tolerant-hornet-46.clerk.accounts.dev");
+  });
+
+  it("should throw error for invalid clerk public key format", async () => {
+    const config: ZudokuConfig = {
+      authentication: {
+        type: "clerk",
+        clerkPubKey: "pk_test_invalid",
+      },
+    };
+
+    await expect(getIssuer(config)).rejects.toThrow(
+      "Clerk public key is invalid",
+    );
+  });
+
+  it("should throw error for clerk key with invalid base64", async () => {
+    const config: ZudokuConfig = {
+      authentication: {
+        type: "clerk",
+        clerkPubKey: "pk_test_invalid_base64",
+      },
+    };
+
+    await expect(getIssuer(config)).rejects.toThrow(
+      "Clerk public key is invalid",
+    );
+  });
+
+  it("should return auth0 issuer URL for auth0 authentication", async () => {
+    const config: ZudokuConfig = {
+      authentication: {
+        type: "auth0",
+        domain: "example.auth0.com",
+        clientId: "test-client-id",
+      },
+    };
+
+    const result = await getIssuer(config);
+    expect(result).toBe("https://example.auth0.com/");
+  });
+
+  it("should return openid issuer for openid authentication", async () => {
+    const config: ZudokuConfig = {
+      authentication: {
+        type: "openid",
+        issuer: "https://example.com/auth",
+        clientId: "test-client-id",
+      },
+    };
+
+    const result = await getIssuer(config);
+    expect(result).toBe("https://example.com/auth");
+  });
+
+  it("should return azureb2c issuer for azureb2c authentication", async () => {
+    const config: ZudokuConfig = {
+      authentication: {
+        type: "azureb2c",
+        tenantName: "example",
+        policyName: "B2C_1_SignUpSignIn",
+        issuer: "https://example.b2clogin.com/example.onmicrosoft.com/v2.0/",
+        clientId: "test-client-id",
+      },
+    };
+    const result = await getIssuer(config);
+    expect(result).toBe(
+      "https://example.b2clogin.com/example.onmicrosoft.com/v2.0/",
+    );
+  });
+
+  it("should return supabase URL for supabase authentication", async () => {
+    const config: ZudokuConfig = {
+      authentication: {
+        type: "supabase",
+        supabaseUrl: "https://project.supabase.co",
+        supabaseKey: "test-anon-key",
+        provider: "github",
+      },
+    };
+
+    const result = await getIssuer(config);
+    expect(result).toBe("https://project.supabase.co");
+  });
+
+  it("should return undefined for no authentication", async () => {
+    const config: ZudokuConfig = {};
+
+    const result = await getIssuer(config);
+    expect(result).toBeUndefined();
+  });
+
+  it("should throw error for unsupported authentication type", async () => {
+    const config = {
+      authentication: {
+        type: "unsupported" as any,
+      },
+    } as ZudokuConfig;
+
+    await expect(getIssuer(config)).rejects.toThrow(
+      "Unsupported authentication type",
+    );
+  });
+});

package/src/lib/auth/issuer.ts

@@ -0,0 +1,41 @@
+import type { ZudokuConfig } from "../../config/validators/validate.js";
+import invariant from "../util/invariant.js";
+
+export const getIssuer = async (config: ZudokuConfig) => {
+  switch (config.authentication?.type) {
+    case "clerk": {
+      const frontendApiEncoded = config.authentication.clerkPubKey
+        .split("_")
+        .at(-1);
+      invariant(frontendApiEncoded, "Clerk public key is invalid");
+      const frontendApiParts = atob(frontendApiEncoded).split("$");
+
+      if (frontendApiParts.length !== 2) {
+        throw new Error("Clerk public key is invalid");
+      }
+
+      const frontendApi = frontendApiParts.at(0);
+      invariant(frontendApi, "Clerk public key is invalid");
+
+      return frontendApi;
+    }
+    case "auth0": {
+      return `https://${config.authentication.domain}/`;
+    }
+    case "openid": {
+      return config.authentication.issuer;
+    }
+    case "supabase": {
+      return config.authentication.supabaseUrl;
+    }
+    case "azureb2c": {
+      return config.authentication.issuer;
+    }
+    case undefined: {
+      return undefined;
+    }
+    default: {
+      throw new Error(`Unsupported authentication type`);
+    }
+  }
+};

package/src/lib/authentication/providers/auth0.tsx

@@ -14,7 +14,7 @@ class Auth0AuthenticationProvider
     super({
       ...config,
       type: "openid",
-      issuer: `https://${config.domain}`,
+      issuer: `https://${config.domain}/`,
       clientId: config.clientId,
       audience: config.audience,
       scopes: config.scopes,

package/src/lib/authentication/providers/azureb2c.tsx

@@ -0,0 +1,196 @@
+import type { AuthenticationResult, EventMessage } from "@azure/msal-browser";
+import { EventType, PublicClientApplication } from "@azure/msal-browser";
+import { type AzureB2CAuthenticationConfig } from "../../../config/config.js";
+import { ClientOnly } from "../../components/ClientOnly.js";
+import { joinUrl } from "../../util/joinUrl.js";
+import {
+  type AuthenticationPlugin,
+  type AuthenticationProviderInitializer,
+} from "../authentication.js";
+import { CallbackHandler } from "../components/CallbackHandler.js";
+import { AuthorizationError } from "../errors.js";
+import { useAuthState } from "../state.js";
+
+import { CoreAuthenticationPlugin } from "../AuthenticationPlugin.js";
+
+const AZUREB2C_CALLBACK_PATH = "/oauth/callback";
+
+export class AzureB2CAuthPlugin
+  extends CoreAuthenticationPlugin
+  implements AuthenticationPlugin
+{
+  private msalInstance: PublicClientApplication;
+  private readonly scopes: string[];
+  private readonly redirectToAfterSignUp?: string;
+  private readonly redirectToAfterSignIn?: string;
+  private readonly redirectToAfterSignOut: string;
+
+  constructor({
+    clientId,
+    tenantName,
+    policyName,
+    scopes,
+    redirectToAfterSignUp,
+    redirectToAfterSignIn,
+    redirectToAfterSignOut = "/",
+    basePath = "",
+  }: AzureB2CAuthenticationConfig) {
+    super();
+    this.scopes = scopes ?? ["openid", "profile", "email"];
+    this.redirectToAfterSignUp = redirectToAfterSignUp;
+    this.redirectToAfterSignIn = redirectToAfterSignIn;
+    this.redirectToAfterSignOut = redirectToAfterSignOut;
+
+    const authority = `https://${tenantName}.b2clogin.com/${tenantName}.onmicrosoft.com/${policyName}`;
+    const redirectUri = joinUrl(basePath, AZUREB2C_CALLBACK_PATH);
+
+    this.msalInstance = new PublicClientApplication({
+      auth: {
+        clientId,
+        authority,
+        redirectUri,
+        knownAuthorities: [`${tenantName}.b2clogin.com`],
+      },
+      cache: {
+        cacheLocation: "sessionStorage",
+        storeAuthStateInCookie: false,
+      },
+    });
+
+    void this.msalInstance.initialize().then(async () => {
+      void this.msalInstance
+        .handleRedirectPromise()
+        .then((response: AuthenticationResult | null) => {
+          if (response) {
+            this.handleAuthResponse(response);
+          }
+        });
+
+      // Add event callback
+      void this.msalInstance.addEventCallback((event: EventMessage) => {
+        if (event.eventType === EventType.LOGIN_SUCCESS) {
+          this.handleAuthResponse(event.payload as AuthenticationResult);
+        }
+      });
+    });
+  }
+
+  private handleAuthResponse(response: AuthenticationResult) {
+    const { accessToken, idToken, scopes, account } = response;
+
+    if (!account) {
+      throw new AuthorizationError("No account information in response");
+    }
+
+    // Get the user's name from Azure B2C claims
+    const name =
+      [account.idTokenClaims?.given_name, account.idTokenClaims?.family_name]
+        .filter(Boolean)
+        .join(" ") || account.username;
+
+    useAuthState.getState().setLoggedIn({
+      providerData: {
+        accessToken,
+        idToken,
+        scopes,
+        account,
+      },
+      profile: {
+        sub: account.localAccountId,
+        email: account.username,
+        name,
+        emailVerified: true, // Azure B2C emails are verified
+        pictureUrl: undefined, // Azure B2C doesn't provide profile pictures by default
+      },
+    });
+  }
+
+  async signUp({ redirectTo }: { redirectTo?: string } = {}) {
+    const redirectUri = this.redirectToAfterSignUp ?? redirectTo ?? "/";
+    sessionStorage.setItem("redirect-to", redirectUri);
+
+    await this.msalInstance.loginRedirect({
+      scopes: this.scopes,
+      prompt: "select_account",
+    });
+  }
+
+  async signIn({ redirectTo }: { redirectTo?: string } = {}) {
+    const redirectUri = this.redirectToAfterSignIn ?? redirectTo ?? "/";
+    sessionStorage.setItem("redirect-to", redirectUri);
+
+    await this.msalInstance.loginRedirect({
+      scopes: this.scopes,
+    });
+  }
+
+  async getAccessToken(): Promise<string> {
+    const account = this.msalInstance.getAllAccounts()[0];
+    if (!account) {
+      throw new AuthorizationError("No active account");
+    }
+
+    try {
+      const response = await this.msalInstance.acquireTokenSilent({
+        scopes: this.scopes,
+        account,
+      });
+      return response.accessToken;
+    } catch {
+      // If silent token acquisition fails, try interactive
+      await this.msalInstance.acquireTokenRedirect({
+        scopes: this.scopes,
+        account,
+      });
+
+      throw new AuthorizationError(
+        "Token acquisition failed after interactive attempt",
+      );
+    }
+  }
+
+  signRequest = async (request: Request): Promise<Request> => {
+    const accessToken = await this.getAccessToken();
+    request.headers.set("Authorization", `Bearer ${accessToken}`);
+    return request;
+  };
+
+  signOut = async () => {
+    const account = this.msalInstance.getAllAccounts()[0];
+    if (account) {
+      await this.msalInstance.logoutRedirect({
+        account,
+        postLogoutRedirectUri:
+          window.location.origin + this.redirectToAfterSignOut,
+      });
+    }
+
+    useAuthState.getState().setLoggedOut();
+  };
+
+  handleCallback = async () => {
+    const redirectTo = sessionStorage.getItem("redirect-to") ?? "/";
+    sessionStorage.removeItem("redirect-to");
+    return redirectTo;
+  };
+
+  getRoutes() {
+    return [
+      ...super.getRoutes(),
+      {
+        path: AZUREB2C_CALLBACK_PATH,
+        element: (
+          <ClientOnly>
+            <CallbackHandler handleCallback={this.handleCallback} />
+          </ClientOnly>
+        ),
+      },
+    ];
+  }
+}
+
+const azureB2CAuth: AuthenticationProviderInitializer<
+  AzureB2CAuthenticationConfig
+> = (options) => new AzureB2CAuthPlugin(options);
+
+export default azureB2CAuth;

package/src/lib/authentication/providers/clerk.tsx

@@ -31,9 +31,7 @@ const clerkAuth: AuthenticationProviderInitializer<
       const verifiedEmail = clerkApi.user.emailAddresses.find(
         (email) => email.verification.status === "verified",
       );
-      useAuthState.setState({
-        isAuthenticated: true,
-        isPending: false,
+      useAuthState.getState().setLoggedIn({
         profile: {
           sub: clerkApi.user.id,
           name: clerkApi.user.fullName ?? undefined,
@@ -115,9 +113,7 @@ const clerkAuth: AuthenticationProviderInitializer<
         const verifiedEmail = clerk.session.user.emailAddresses.find(
           (email) => email.verification.status === "verified",
         );
-        useAuthState.setState({
-          isAuthenticated: true,
-          isPending: false,
+        useAuthState.getState().setLoggedIn({
           profile: {
             sub: clerk.session.user.id,
             name: clerk.session.user.fullName ?? undefined,
@@ -146,12 +142,7 @@ const clerkAuth: AuthenticationProviderInitializer<
       await clerkApi?.signOut({
         redirectUrl: window.location.origin + redirectToAfterSignOut,
       });
-      useAuthState.setState({
-        isAuthenticated: false,
-        isPending: false,
-        profile: null,
-        providerData: null,
-      });
+      useAuthState.getState().setLoggedOut();
     },
     signIn: async ({ redirectTo }: { redirectTo?: string } = {}) => {
       await ensureLoaded;

package/src/lib/authentication/providers/openid.tsx

@@ -273,6 +273,59 @@ export class OpenIDAuthenticationProvider
     }
   };
 
+  onPageLoad = async () => {
+    const { providerData } = useAuthState.getState();
+
+    if (!providerData) {
+      useAuthState.setState({ isPending: false });
+      return;
+    }
+
+    const tokenState = providerData as OpenIdProviderData;
+
+    if (new Date(tokenState.expiresOn) < new Date()) {
+      if (!tokenState.refreshToken) {
+        useAuthState.setState({
+          isAuthenticated: false,
+          isPending: false,
+          profile: null,
+          providerData: null,
+        });
+        return;
+      }
+
+      try {
+        const as = await this.getAuthServer();
+        const request = await oauth.refreshTokenGrantRequest(
+          as,
+          this.client,
+          tokenState.refreshToken,
+        );
+        const response = await oauth.processRefreshTokenResponse(
+          as,
+          this.client,
+          request,
+        );
+
+        if (!response.access_token) {
+          throw new AuthorizationError("No access token in response");
+        }
+
+        this.setTokensFromResponse(response);
+      } catch {
+        useAuthState.setState({
+          isAuthenticated: false,
+          isPending: false,
+          profile: null,
+          providerData: null,
+        });
+        return;
+      }
+    }
+
+    useAuthState.setState({ isPending: false });
+  };
+
   handleCallback = async () => {
     const url = new URL(window.location.href);
     const state = url.searchParams.get("state");

package/src/lib/authentication/providers/supabase.tsx

@@ -51,12 +51,7 @@ class SupabaseAuthenticationProvider
       if (session && (event === "SIGNED_IN" || event === "TOKEN_REFRESHED")) {
         await this.updateUserState(session);
       } else if (event === "SIGNED_OUT") {
-        useAuthState.setState({
-          isAuthenticated: false,
-          isPending: false,
-          profile: undefined,
-          providerData: undefined,
-        });
+        useAuthState.getState().setLoggedOut();
       }
     });
   }
@@ -72,9 +67,7 @@ class SupabaseAuthenticationProvider
       pictureUrl: user.user_metadata.avatar_url,
     };
 
-    useAuthState.setState({
-      isAuthenticated: true,
-      isPending: false,
+    useAuthState.getState().setLoggedIn({
       profile,
       providerData: { session },
     });