GoSec_Cloud/gsc-web-kit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Phase 2 — layout · auth · shell are real

Browse Source 
@gsc/web-kit v0.2.0. Three modules turn from stubs into the working
surface apps need to render a chrome-wrapped Next.js page with one
import per concern.

auth/server:
- createAuth({ keycloak: { clientId, clientSecret, issuer } }) factory
  returns { handlers, signIn, signOut, auth, requireAuth, signInPath }.
  Canonical SessionUser shape (id, keycloakId, tenantId, email,
  displayName, givenName, familyName, roles, accessToken, idToken)
  baked into the session callback. Apps drop their hand-rolled
  src/auth.ts (~80 lines) for a 6-line factory call.
- requireAuth() — server-only. await it at the top of an RSC layout
  or page; redirects to signInPath if no session.

auth/middleware:
- createAuthMiddleware({ publicRoutes? }) returns a Next.js middleware
  that redirects unauth'd requests to /api/auth/signin/keycloak with
  ?callbackUrl=<original>. Bypasses /api/auth/*, /_next/*, /images/*,
  favicon, robots.txt always.

auth (client):
- signInRedirect(callbackUrl?) — hard-nav from any client component.

shell/server:
- fetchShellConfig({ appKey, accessToken, apiUrl?, timeoutMs? }).
  Server-only fetcher. 3s default timeout. Graceful fallback config
  on any error — shell-api outages can't blank-screen a host app.

shell (client):
- <ShellProvider> + useShell() — read the resolved config from any
  descendant of <AppLayout>.

layout:
- <AppLayout config currentPath translate onSignOut navbarExtras>.
  Renders the chronos-style Bootstrap-Layout-3 chrome (navbar-static,
  sidebar-light sidebar-main with collapse + persistence in
  localStorage, navbar-footer). Wraps children with the kit's
  ShellProvider so useShell() works.

devDep: @types/node for the server-side process.env read.

All 14 sub-exports still resolve under dist/. Phase 3 (data + forms)
and the gscCRM pilot cutover come next.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude
2026-05-11 00:20:08 +02:00
parent 957880e5c5
commit 1f2141118d
11 changed files with 838 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/auth/index.ts
View File

@@ -1,2 +1,24 @@
// @gsc/web-kit/auth — Phase 1 stub. Real surface lands in later phases.
export {};
/**
* @gsc/web-kit/auth — client-side auth helpers.
*
* Server-side surface (createAuth, requireAuth) lives in
* `@gsc/web-kit/auth/server`. The split keeps client bundles from
* pulling in next-auth's server runtime.
*/
export type { SessionUser } from "./types";
/**
* Client-side hard navigation to the sign-in endpoint. Use when a
* component detects an auth-required action without a session — e.g.
* a 401 from an API call.
*
* Default target matches createAuth's default (`/api/auth/signin/keycloak`).
*/
export function signInRedirect(callbackUrl?: string): void {
if (typeof window === "undefined") return;
const target = "/api/auth/signin/keycloak";
const url = new URL(target, window.location.origin);
url.searchParams.set("callbackUrl", callbackUrl ?? window.location.pathname);
window.location.href = url.toString();
}