auth-vir

import { type createBlockingInterval, type JsonCompatibleObject, type MaybePromise, type PartialWithUndefined, type SelectFrom } from '@augment-vir/common'; import { type AnyDuration } from 'date-vir'; import { type EmptyObject } from 'type-fest'; import { type CsrfHeaderNameOption } from '../csrf-token.js'; /** * Config for {@link FrontendAuthClient}. * * @category Internal */ export type FrontendAuthClientConfig = Readonly<{ csrf: Readonly<CsrfHeaderNameOption>; }> & PartialWithUndefined<{ /** * Optional suffix appended to cookie names (e.g., `'staging'` produces * `auth-vir-csrf-staging`). When `undefined`, cookie names are unchanged. */ cookieNameSuffix: string; /** * Determine if the current user can assume the identity of another user. If this is not * defined, all users will be blocked from assuming other user identities. */ canAssumeUser: () => MaybePromise<boolean>; /** Called whenever the current user becomes unauthorized and their CSRF token is wiped. */ authClearedCallback: () => MaybePromise<void>; /** * Performs automatic checks on an interval to see if the user is still authenticated. Omit * this to turn off automatic checks. */ checkUser: { /** * Get a response from the backend to see if the user is still authenticated. If the * response returns a non-authorized status, the user is wiped. Any other status is * ignored. * * If the user is not currently authorized, this should return `undefined` to prevent * unnecessary network traffic. * * This will be called any time the user interacts with the page, debounced by the * adjacent `debounce` property. */ performCheck: () => MaybePromise<SelectFrom<Response, { status: true; }> | undefined>; /** * Debounce for firing `performCheck`. * * @default {minutes: 1} */ debounce?: AnyDuration | undefined; }; /** * Overwrite the header name used for tracking is an admin is assuming the identity of * another user. */ assumedUserHeaderName: string; overrides: PartialWithUndefined<{ localStorage: SelectFrom<Storage, { setItem: true; removeItem: true; getItem: true; }>; }>; }>; /** * An auth client for sending and validating client requests to a backend. This should only be used * in a frontend environment as it accesses native browser APIs. * * @category Auth : Client * @category Clients */ export declare class FrontendAuthClient<AssumedUserParams extends JsonCompatibleObject = EmptyObject> { protected readonly config: FrontendAuthClientConfig; protected userCheckInterval: undefined | ReturnType<typeof createBlockingInterval>; /** Used to clean up the activity listener on `.destroy()`. */ protected removeActivityListener: VoidFunction | undefined; constructor(config: FrontendAuthClientConfig); /** * Destroys the client and performs all necessary cleanup (like clearing the user check * interval). */ destroy(): void; /** * Assume the given user. Pass `undefined` to wipe the currently assumed user. * * @returns Whether the assumed user setting or clearing succeeded or not. */ assumeUser(assumedUserParams: Readonly<AssumedUserParams> | undefined): Promise<boolean>; /** Gets the assumed user params stored in local storage, if any. */ getAssumedUser(): AssumedUserParams | undefined; /** * Creates a `RequestInit` object for the `fetch` API. If you have other request init options, * use [`mergeDeep` from * `@augment-vir/common`](https://electrovir.github.io/augment-vir/functions/mergeDeep.html) to * combine them with these. */ createAuthenticatedRequestInit(): RequestInit; /** Wipes the current user auth. */ logout(): Promise<void>; /** * Use to handle a login response. The CSRF token cookie is automatically stored by the browser * from the `Set-Cookie` response header. * * @throws Error if the login response failed. */ handleLoginResponse(response: Readonly<SelectFrom<Response, { ok: true; }>>): Promise<void>; /** * Use to verify _all_ responses received from the backend. Immediately logs the user out once * an unauthorized response is detected. * * @returns `true` if the auth is okay, `false` otherwise. */ verifyResponseAuth(response: Readonly<PartialWithUndefined<SelectFrom<Response, { status: true; headers: true; }>>>): Promise<boolean>; }