240 lines
7.4 KiB
JavaScript
240 lines
7.4 KiB
JavaScript
"use strict";
|
|
var __defProp = Object.defineProperty;
|
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
var __export = (target, all) => {
|
|
for (var name in all)
|
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
};
|
|
var __copyProps = (to, from, except, desc) => {
|
|
if (from && typeof from === "object" || typeof from === "function") {
|
|
for (let key of __getOwnPropNames(from))
|
|
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
}
|
|
return to;
|
|
};
|
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
|
|
// src/adapters/react.tsx
|
|
var react_exports = {};
|
|
__export(react_exports, {
|
|
ZitadelProvider: () => ZitadelProvider,
|
|
useAuth: () => useAuth
|
|
});
|
|
module.exports = __toCommonJS(react_exports);
|
|
var import_react = require("react");
|
|
|
|
// src/client.ts
|
|
var import_oidc_client_ts = require("oidc-client-ts");
|
|
|
|
// src/guards.ts
|
|
var RedirectGuard = class {
|
|
constructor(maxRedirects, windowSeconds, prefix) {
|
|
this.maxRedirects = maxRedirects;
|
|
this.windowSeconds = windowSeconds;
|
|
this.countKey = `${prefix}redirect_count`;
|
|
this.tsKey = `${prefix}redirect_ts`;
|
|
}
|
|
isLooping() {
|
|
const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
|
|
const ts = parseInt(sessionStorage.getItem(this.tsKey) ?? "0", 10);
|
|
if (ts > 0 && Date.now() - ts > this.windowSeconds * 1e3) {
|
|
this.clear();
|
|
return false;
|
|
}
|
|
return count > this.maxRedirects;
|
|
}
|
|
recordRedirect() {
|
|
const count = parseInt(sessionStorage.getItem(this.countKey) ?? "0", 10);
|
|
if (count === 0) {
|
|
sessionStorage.setItem(this.tsKey, String(Date.now()));
|
|
}
|
|
sessionStorage.setItem(this.countKey, String(count + 1));
|
|
}
|
|
clear() {
|
|
sessionStorage.removeItem(this.countKey);
|
|
sessionStorage.removeItem(this.tsKey);
|
|
}
|
|
};
|
|
|
|
// src/client.ts
|
|
var ZitadelAuth = class {
|
|
constructor(config) {
|
|
this.currentUser = null;
|
|
this._isLoading = true;
|
|
this._error = null;
|
|
this.listeners = /* @__PURE__ */ new Set();
|
|
this.prefix = config.storagePrefix ?? "kuns_auth_";
|
|
this.redirectGuard = new RedirectGuard(
|
|
config.maxRedirects ?? 3,
|
|
config.redirectWindowSeconds ?? 30,
|
|
this.prefix
|
|
);
|
|
this.manager = new import_oidc_client_ts.UserManager({
|
|
authority: config.issuer ?? "https://auth.kuns.dev",
|
|
client_id: config.clientId,
|
|
redirect_uri: config.redirectUri ?? `${window.location.origin}/auth/callback`,
|
|
post_logout_redirect_uri: config.postLogoutUri ?? window.location.origin,
|
|
scope: (config.scopes ?? ["openid", "profile", "email"]).join(" "),
|
|
automaticSilentRenew: config.silentRenew ?? true,
|
|
userStore: new import_oidc_client_ts.WebStorageStateStore({ store: window.localStorage })
|
|
});
|
|
this.manager.events.addUserLoaded((user) => {
|
|
this.currentUser = user;
|
|
this.notify();
|
|
});
|
|
this.manager.events.addUserUnloaded(() => {
|
|
this.currentUser = null;
|
|
this.notify();
|
|
});
|
|
this.manager.events.addSilentRenewError(() => {
|
|
});
|
|
}
|
|
get isAuthenticated() {
|
|
return this.currentUser != null && !this.currentUser.expired;
|
|
}
|
|
get isLoading() {
|
|
return this._isLoading;
|
|
}
|
|
get user() {
|
|
if (!this.currentUser) return null;
|
|
return {
|
|
sub: this.currentUser.profile.sub,
|
|
name: this.currentUser.profile.name ?? "",
|
|
email: this.currentUser.profile.email ?? ""
|
|
};
|
|
}
|
|
get accessToken() {
|
|
if (!this.currentUser || this.currentUser.expired) return null;
|
|
return this.currentUser.access_token;
|
|
}
|
|
get error() {
|
|
return this._error;
|
|
}
|
|
async init() {
|
|
this._isLoading = true;
|
|
this.notify();
|
|
try {
|
|
if (window.location.pathname.endsWith("/auth/callback")) {
|
|
const user = await this.manager.signinRedirectCallback();
|
|
this.currentUser = user;
|
|
this.redirectGuard.clear();
|
|
const returnUrl = sessionStorage.getItem(`${this.prefix}return_url`) ?? "/";
|
|
sessionStorage.removeItem(`${this.prefix}return_url`);
|
|
window.history.replaceState({}, "", returnUrl);
|
|
} else {
|
|
const user = await this.manager.getUser();
|
|
if (user?.expired) {
|
|
await this.manager.removeUser();
|
|
this.currentUser = null;
|
|
} else {
|
|
this.currentUser = user;
|
|
}
|
|
}
|
|
} catch (e) {
|
|
this._error = `Auth initialization failed: ${e instanceof Error ? e.message : String(e)}`;
|
|
await this.manager.removeUser().catch(() => {
|
|
});
|
|
this.currentUser = null;
|
|
if (window.location.pathname.endsWith("/auth/callback")) {
|
|
window.history.replaceState({}, "", "/");
|
|
}
|
|
} finally {
|
|
this._isLoading = false;
|
|
this.notify();
|
|
}
|
|
}
|
|
login() {
|
|
if (this.redirectGuard.isLooping()) {
|
|
this._error = "Redirect loop detected. Please clear your browser cache and cookies, then try again.";
|
|
this.notify();
|
|
return;
|
|
}
|
|
this.redirectGuard.recordRedirect();
|
|
sessionStorage.setItem(
|
|
`${this.prefix}return_url`,
|
|
window.location.pathname + window.location.search
|
|
);
|
|
this.manager.signinRedirect();
|
|
}
|
|
async logout() {
|
|
this.redirectGuard.clear();
|
|
await this.manager.signoutRedirect();
|
|
}
|
|
requireAuth() {
|
|
if (this._isLoading) return false;
|
|
if (!this.isAuthenticated) {
|
|
this.login();
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
async fetch(url, init) {
|
|
const token = this.accessToken;
|
|
if (!token) {
|
|
this.login();
|
|
return new Response(null, { status: 401 });
|
|
}
|
|
const headers = new Headers(init?.headers);
|
|
headers.set("Authorization", `Bearer ${token}`);
|
|
return window.fetch(url, { ...init, headers });
|
|
}
|
|
onAuthChange(cb) {
|
|
this.listeners.add(cb);
|
|
return () => this.listeners.delete(cb);
|
|
}
|
|
notify() {
|
|
const state = {
|
|
isAuthenticated: this.isAuthenticated,
|
|
isLoading: this._isLoading,
|
|
user: this.user,
|
|
error: this._error
|
|
};
|
|
this.listeners.forEach((cb) => cb(state));
|
|
}
|
|
};
|
|
|
|
// src/adapters/react.tsx
|
|
var import_jsx_runtime = require("react/jsx-runtime");
|
|
var AuthContext = (0, import_react.createContext)(null);
|
|
function ZitadelProvider({ children, ...config }) {
|
|
const [auth] = (0, import_react.useState)(() => new ZitadelAuth(config));
|
|
const [ready, setReady] = (0, import_react.useState)(false);
|
|
(0, import_react.useEffect)(() => {
|
|
auth.init().then(() => {
|
|
setReady(true);
|
|
if (!auth.isAuthenticated && !auth.error) {
|
|
auth.login();
|
|
}
|
|
});
|
|
}, [auth]);
|
|
if (!ready) return null;
|
|
return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(AuthContext.Provider, { value: auth, children });
|
|
}
|
|
function useAuth() {
|
|
const auth = (0, import_react.useContext)(AuthContext);
|
|
if (!auth) throw new Error("useAuth must be used within a ZitadelProvider");
|
|
const state = (0, import_react.useSyncExternalStore)(
|
|
(cb) => auth.onAuthChange(cb),
|
|
() => ({
|
|
isAuthenticated: auth.isAuthenticated,
|
|
isLoading: auth.isLoading,
|
|
user: auth.user,
|
|
error: auth.error
|
|
})
|
|
);
|
|
return {
|
|
...state,
|
|
login: () => auth.login(),
|
|
logout: () => auth.logout(),
|
|
fetch: (url, init) => auth.fetch(url, init)
|
|
};
|
|
}
|
|
// Annotate the CommonJS export names for ESM import in node:
|
|
0 && (module.exports = {
|
|
ZitadelProvider,
|
|
useAuth
|
|
});
|