UNPKG

@analog-tools/auth

Version:

Authentication module for AnalogJS applications

github.com/MrBacony/analog-tools

MrBacony/analog-tools

99 lines (98 loc) 3.14 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
import { H3Event } from 'h3'; import { AnalogAuthConfig } from '../types/auth.types'; /** * Service for handling OAuth authentication in a Backend-for-Frontend pattern */ export declare class OAuthAuthenticationService { static readonly INJECTABLE = true; private logger; constructor(config: AnalogAuthConfig); private readonly config; private openIDConfigCache; private configLastFetched; private readonly CONFIG_CACHE_TTL; private TOKEN_REFRESH_SAFETY_MARGIN; /** * Validate that the service has been properly initialized * @throws Error if mandatory configuration is missing */ private validateConfiguration; /** * Initialize session for the request */ initSession(event: H3Event): Promise<void>; getConfig(): AnalogAuthConfig; /** * Safely access a configuration value * @param key The configuration key to retrieve * @param fallbackValue Optional fallback value if the config value doesn't exist * @returns The configuration value or fallback value * @throws Error if the configuration value doesn't exist and no fallback is provided */ getConfigValue<K extends keyof AnalogAuthConfig>(key: K, fallbackValue?: AnalogAuthConfig[K]): AnalogAuthConfig[K]; /** * Check if the route is unprotected * @param path The request path * @returns True if the route is unprotected, false otherwise */ isUnprotectedRoute(path: string): boolean; /** * Get OAuth authorization URL for login */ getAuthorizationUrl(state: string, redirectUri?: string): Promise<string>; /** * Exchange authorization code for tokens */ private exchangeCodeForTokens; /** * Refresh access token using refresh token */ private refreshTokens; /** * Get user info from OAuth provider with improved error handling and retry logic */ private getUserInfo; /** * Handle OAuth callback */ handleCallback(event: H3Event, code: string, state: string): Promise<{ user: any; tokens: any; }>; /** * Calculate if token needs refresh based on safety margin * @param expiresAt Timestamp when token expires * @returns True if token should be refreshed */ private shouldRefreshToken; /** * Serverless-compatible method to refresh expiring tokens * This should be called by a scheduled function/CRON job * rather than using setInterval which doesn't work reliably in serverless */ refreshExpiringTokens(): Promise<{ refreshed: number; failed: number; total: number; }>; /** * Check if user is authenticated */ isAuthenticated(event: H3Event): Promise<boolean>; /** * Get authenticated user */ getAuthenticatedUser(event: H3Event): Promise<any>; /** * Revoke an access token */ private revokeToken; /** * Logout user */ logout(event: H3Event): Promise<string>; /** * Fetch OpenID Configuration from the well-known endpoint */ private getOpenIDConfiguration; }