Add supabase auth token refresh under feature flag

crates/api-auth/src/lib.rs

@@ -4,7 +4,7 @@ use axum::{
     middleware::Next,
     response::{IntoResponse, Response},
 };
-use hypr_supabase_auth::{Error as SupabaseAuthError, server::SupabaseAuth};
+use hypr_supabase_auth::server::{Error as SupabaseAuthError, SupabaseAuth};
 
 pub use hypr_supabase_auth::Claims;
 

crates/api-sync/src/error.rs

@@ -18,8 +18,8 @@ pub enum SyncError {
     Internal(String),
 }
 
-impl From<hypr_supabase_auth::Error> for SyncError {
-    fn from(err: hypr_supabase_auth::Error) -> Self {
+impl From<hypr_supabase_auth::server::Error> for SyncError {
+    fn from(err: hypr_supabase_auth::server::Error) -> Self {
         Self::Auth(err.to_string())
     }
 }

crates/supabase-auth/Cargo.toml

@@ -7,6 +7,7 @@ edition = "2024"
 default = []
 server = ["dep:reqwest", "dep:jsonwebtoken", "dep:tokio"]
 client = ["dep:hypr-storage"]
+refresh = ["dep:reqwest"]
 
 [dependencies]
 # always available
@@ -24,3 +25,7 @@ tokio = { workspace = true, optional = true }
 
 # client feature
 hypr-storage = { workspace = true, optional = true }
+
+[dev-dependencies]
+axum = { workspace = true }
+tokio = { workspace = true, features = ["macros", "net", "rt-multi-thread"] }

crates/supabase-auth/src/claims/error.rs

@@ -0,0 +1,18 @@
+use serde::{Serialize, ser::Serializer};
+
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+    #[error("invalid token")]
+    InvalidToken,
+}
+
+impl Serialize for Error {
+    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        serializer.serialize_str(self.to_string().as_ref())
+    }
+}
+
+pub type Result<T> = std::result::Result<T, Error>;

crates/supabase-auth/src/claims.rs → crates/supabase-auth/src/claims/mod.rs

@@ -1,6 +1,8 @@
 use chrono::{DateTime, Utc};
 
-use crate::error::Error;
+pub use error::{Error, Result};
+
+mod error;
 
 // https://docs.stripe.com/api/subscriptions/object#subscription_object-status
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize, specta::Type)]
@@ -43,7 +45,7 @@ impl Claims {
         self.is_pro() || self.is_lite()
     }
 
-    pub fn decode_insecure(token: &str) -> Result<Self, Error> {
+    pub fn decode_insecure(token: &str) -> Result<Self> {
         use base64::{Engine, engine::general_purpose::URL_SAFE_NO_PAD};
 
         let parts: Vec<&str> = token.split('.').collect();

crates/supabase-auth/src/client/mod.rs

@@ -1,5 +1,4 @@
 mod error;
 pub use error::{Error, Result};
 
-pub mod session;
 pub mod store;

crates/supabase-auth/src/lib.rs

@@ -1,17 +1,15 @@
-// Supabase JWT authentication utilities.
-//
-// References:
-// - https://supabase.com/docs/guides/auth/jwts
-// - https://supabase.com/docs/guides/auth/signing-keys
+// Supabase authentication utilities.
 
-mod claims;
-pub use claims::*;
+pub mod claims;
+pub use claims::{Claims, SubscriptionStatus};
 
-mod error;
-pub use error::*;
+pub mod session;
 
 #[cfg(feature = "server")]
 pub mod server;
 
 #[cfg(feature = "client")]
 pub mod client;
+
+#[cfg(feature = "refresh")]
+pub mod refresh;

crates/supabase-auth/src/refresh/error.rs

@@ -0,0 +1,15 @@
+#[derive(Debug, thiserror::Error)]
+pub enum Error {
+    #[error(transparent)]
+    Request(#[from] reqwest::Error),
+    #[error("missing refresh token")]
+    MissingRefreshToken,
+    #[error("invalid api key header value")]
+    InvalidApiKey(#[from] reqwest::header::InvalidHeaderValue),
+    #[error("invalid session payload")]
+    InvalidSession(#[source] serde_json::Error),
+    #[error("supabase auth request failed ({status}): {message}")]
+    Auth { status: u16, message: String },
+}
+
+pub type Result<T> = std::result::Result<T, Error>;