174 lines
5.1 KiB
JavaScript
174 lines
5.1 KiB
JavaScript
// src/client.ts
|
|
import { UserManager, WebStorageStateStore } from "oidc-client-ts";
|
|
|
|
// src/guards.ts
|
|
var RedirectGuard = class {
|
|
constructor(maxRedirects, windowSeconds, prefix) {
|
|
this.maxRedirects = maxRedirects;
|
|
this.windowSeconds = windowSeconds;
|
|
this.countKey = `${prefix}redirect_count`;
|
|
this.tsKey = `${prefix}redirect_ts`;
|
|
}
|
|
isLooping() {
|
|
const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
|
|
const ts = parseInt(sessionStorage.getItem(this.tsKey) ?? "0", 10);
|
|
if (ts > 0 && Date.now() - ts > this.windowSeconds * 1e3) {
|
|
this.clear();
|
|
return false;
|
|
}
|
|
return count > this.maxRedirects;
|
|
}
|
|
recordRedirect() {
|
|
const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
|
|
if (count === 0) {
|
|
sessionStorage.setItem(this.tsKey, String(Date.now()));
|
|
}
|
|
sessionStorage.setItem(this.countKey, String(count + 1));
|
|
}
|
|
clear() {
|
|
sessionStorage.removeItem(this.countKey);
|
|
sessionStorage.removeItem(this.tsKey);
|
|
}
|
|
};
|
|
|
|
// src/client.ts
|
|
var ZitadelAuth = class {
|
|
constructor(config) {
|
|
this.currentUser = null;
|
|
this._isLoading = true;
|
|
this._error = null;
|
|
this.listeners = /* @__PURE__ */ new Set();
|
|
this.prefix = config.storagePrefix ?? "kuns_auth_";
|
|
this.redirectGuard = new RedirectGuard(
|
|
config.maxRedirects ?? 3,
|
|
config.redirectWindowSeconds ?? 30,
|
|
this.prefix
|
|
);
|
|
this.manager = new UserManager({
|
|
authority: config.issuer ?? "https://auth.kuns.dev",
|
|
client_id: config.clientId,
|
|
redirect_uri: config.redirectUri ?? `${window.location.origin}/auth/callback`,
|
|
post_logout_redirect_uri: config.postLogoutUri ?? window.location.origin,
|
|
scope: (config.scopes ?? ["openid", "profile", "email"]).join(" "),
|
|
automaticSilentRenew: config.silentRenew ?? true,
|
|
userStore: new WebStorageStateStore({ store: window.localStorage })
|
|
});
|
|
this.manager.events.addUserLoaded((user) => {
|
|
this.currentUser = user;
|
|
this.notify();
|
|
});
|
|
this.manager.events.addUserUnloaded(() => {
|
|
this.currentUser = null;
|
|
this.notify();
|
|
});
|
|
this.manager.events.addSilentRenewError(() => {
|
|
});
|
|
}
|
|
get isAuthenticated() {
|
|
return this.currentUser != null && !this.currentUser.expired;
|
|
}
|
|
get isLoading() {
|
|
return this._isLoading;
|
|
}
|
|
get user() {
|
|
if (!this.currentUser) return null;
|
|
return {
|
|
sub: this.currentUser.profile.sub,
|
|
name: this.currentUser.profile.name ?? "",
|
|
email: this.currentUser.profile.email ?? ""
|
|
};
|
|
}
|
|
get accessToken() {
|
|
if (!this.currentUser || this.currentUser.expired) return null;
|
|
return this.currentUser.access_token;
|
|
}
|
|
get error() {
|
|
return this._error;
|
|
}
|
|
async init() {
|
|
this._isLoading = true;
|
|
this.notify();
|
|
try {
|
|
if (window.location.pathname.endsWith("/auth/callback")) {
|
|
const user = await this.manager.signinRedirectCallback();
|
|
this.currentUser = user;
|
|
this.redirectGuard.clear();
|
|
const returnUrl = sessionStorage.getItem(`${this.prefix}return_url`) ?? "/";
|
|
sessionStorage.removeItem(`${this.prefix}return_url`);
|
|
window.history.replaceState({}, "", returnUrl);
|
|
} else {
|
|
const user = await this.manager.getUser();
|
|
if (user?.expired) {
|
|
await this.manager.removeUser();
|
|
this.currentUser = null;
|
|
} else {
|
|
this.currentUser = user;
|
|
}
|
|
}
|
|
} catch (e) {
|
|
this._error = `Auth initialization failed: ${e instanceof Error ? e.message : String(e)}`;
|
|
await this.manager.removeUser().catch(() => {
|
|
});
|
|
this.currentUser = null;
|
|
if (window.location.pathname.endsWith("/auth/callback")) {
|
|
window.history.replaceState({}, "", "/");
|
|
}
|
|
} finally {
|
|
this._isLoading = false;
|
|
this.notify();
|
|
}
|
|
}
|
|
login() {
|
|
if (this.redirectGuard.isLooping()) {
|
|
this._error = "Redirect loop detected. Please clear your browser cache and cookies, then try again.";
|
|
this.notify();
|
|
return;
|
|
}
|
|
this.redirectGuard.recordRedirect();
|
|
sessionStorage.setItem(
|
|
`${this.prefix}return_url`,
|
|
window.location.pathname + window.location.search
|
|
);
|
|
this.manager.signinRedirect();
|
|
}
|
|
async logout() {
|
|
this.redirectGuard.clear();
|
|
await this.manager.signoutRedirect();
|
|
}
|
|
requireAuth() {
|
|
if (this._isLoading) return false;
|
|
if (!this.isAuthenticated) {
|
|
this.login();
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
async fetch(url, init) {
|
|
const token = this.accessToken;
|
|
if (!token) {
|
|
this.login();
|
|
return new Response(null, { status: 401 });
|
|
}
|
|
const headers = new Headers(init?.headers);
|
|
headers.set("Authorization", `Bearer ${token}`);
|
|
return window.fetch(url, { ...init, headers });
|
|
}
|
|
onAuthChange(cb) {
|
|
this.listeners.add(cb);
|
|
return () => this.listeners.delete(cb);
|
|
}
|
|
notify() {
|
|
const state = {
|
|
isAuthenticated: this.isAuthenticated,
|
|
isLoading: this._isLoading,
|
|
user: this.user,
|
|
error: this._error
|
|
};
|
|
this.listeners.forEach((cb) => cb(state));
|
|
}
|
|
};
|
|
|
|
export {
|
|
ZitadelAuth
|
|
};
|