@adventurelabs/scout-core 1.4.75 → 1.4.78

package/dist/providers/ScoutRefreshProvider.js

@@ -6,6 +6,10 @@ import { createBrowserClient } from "@supabase/ssr";
 import { CLIENT_ABILITIES_TOKEN_TTL_SEC, } from "../types/client_abilities_token";
 import { EnumWebResponse } from "../types/requests";
 import { get_client_abilities_jwt_public_keys, mint_client_abilities_token, verify_client_abilities_token, } from "../helpers/client_abilities_token";
+import { scoutCache } from "../helpers/cache";
+import { get_pubsub_jwt_public_keys, mint_pubsub_token, verify_pubsub_token, } from "../helpers/pubsub_token";
+import { PUBSUB_TOKEN_TTL_SEC } from "../types/pubsub_token";
+import { derive_jwt_mint_status, } from "../types/jwt_mint";
 const ScoutRefreshContext = createContext(null);
 const DEFAULT_REFRESH_BEFORE_EXPIRY_SEC = 120;
 const DEFAULT_PUBLIC_KEYS_CACHE_MS = 10 * 60 * 1000;
@@ -25,102 +29,123 @@ function useScoutRefreshContext() {
 export function useSupabase() {
     return useScoutRefreshContext().supabase;
 }
-/** Verified client abilities JWT (minted on a schedule by ScoutRefreshProvider). */
 export function useClientAbilitiesMint() {
     return useScoutRefreshContext().abilities;
 }
+export function usePubsubTokenMint() {
+    return useScoutRefreshContext().pubsub;
+}
 function resolveAbilityParams(abilityParams) {
     return {
         mintClientAbilitiesToken: abilityParams?.mintClientAbilitiesToken ?? true,
+        mintPubsubToken: abilityParams?.mintPubsubToken ?? false,
         clientAbilitiesTokenTtlSec: abilityParams?.clientAbilitiesTokenTtlSec ??
             CLIENT_ABILITIES_TOKEN_TTL_SEC,
+        pubsubTokenTtlSec: abilityParams?.pubsubTokenTtlSec ?? PUBSUB_TOKEN_TTL_SEC,
         refreshBeforeExpirySec: abilityParams?.refreshBeforeExpirySec ??
             DEFAULT_REFRESH_BEFORE_EXPIRY_SEC,
         publicKeysCacheTtlMs: abilityParams?.publicKeysCacheTtlMs ?? DEFAULT_PUBLIC_KEYS_CACHE_MS,
     };
 }
-function useClientAbilitiesMintLifecycle(supabase, config) {
-    const { mintClientAbilitiesToken: enabled, clientAbilitiesTokenTtlSec: ttlSec, refreshBeforeExpirySec, publicKeysCacheTtlMs, } = config;
-    const [mint, setMint] = useState(null);
-    const [isLoading, setIsLoading] = useState(false);
-    const [error, setError] = useState(null);
-    const inFlightRef = useRef(false);
-    const publicKeysRef = useRef(null);
-    const publicKeysAtRef = useRef(0);
-    const loadPublicKeys = useCallback(async (force = false) => {
+function useCachedPublicKeys(supabase, publicKeysCacheTtlMs, fetchKeys) {
+    const keysRef = useRef(null);
+    const keysAtRef = useRef(0);
+    return useCallback(async (force = false) => {
         const now = Date.now();
         if (!force &&
-            publicKeysRef.current?.length &&
-            now - publicKeysAtRef.current < publicKeysCacheTtlMs) {
-            return publicKeysRef.current;
+            keysRef.current?.length &&
+            now - keysAtRef.current < publicKeysCacheTtlMs) {
+            return keysRef.current;
         }
-        const { status, data, msg } = await get_client_abilities_jwt_public_keys(supabase);
+        const { status, data, msg } = await fetchKeys(supabase);
         if (status !== EnumWebResponse.SUCCESS || !data?.length) {
-            throw new Error(msg ?? "get_client_abilities_jwt_public_keys returned no keys");
+            throw new Error(msg ?? "jwt public keys RPC returned no keys");
         }
-        publicKeysRef.current = data;
-        publicKeysAtRef.current = now;
+        keysRef.current = data;
+        keysAtRef.current = now;
         return data;
-    }, [supabase, publicKeysCacheTtlMs]);
+    }, [supabase, publicKeysCacheTtlMs, fetchKeys]);
+}
+function useJwtMintLifecycle({ enabled, supabase, cacheKey, ttlSec, refreshBeforeExpirySec, loadPublicKeys, mintToken, verifyToken, }) {
+    const [mint, setMint] = useState(null);
+    const [inFlight, setInFlight] = useState(false);
+    const [error, setError] = useState(null);
+    const inFlightRef = useRef(false);
+    const status = useMemo(() => derive_jwt_mint_status(enabled, mint, inFlight, error), [enabled, mint, inFlight, error]);
     const refreshMint = useCallback(async () => {
         if (!enabled || inFlightRef.current) {
             return;
         }
         inFlightRef.current = true;
-        setIsLoading(true);
+        setInFlight(true);
         setError(null);
         try {
             const { data: { session }, } = await supabase.auth.getSession();
             if (!session) {
                 setMint(null);
+                await scoutCache.clearJwtMint(cacheKey);
                 return;
             }
-            const mintResponse = await mint_client_abilities_token(supabase);
+            const mintResponse = await mintToken(supabase);
             if (mintResponse.status !== EnumWebResponse.SUCCESS ||
                 !mintResponse.data) {
-                setMint(null);
                 setError(mintResponse.msg ?? "mint failed");
                 return;
             }
             let keys = await loadPublicKeys();
             let verified;
             try {
-                verified = await verify_client_abilities_token(mintResponse.data, keys);
+                verified = await verifyToken(mintResponse.data, keys);
             }
             catch {
                 keys = await loadPublicKeys(true);
-                verified = await verify_client_abilities_token(mintResponse.data, keys);
+                verified = await verifyToken(mintResponse.data, keys);
             }
             setMint(verified);
+            try {
+                await scoutCache.setJwtMint(cacheKey, verified);
+            }
+            catch (cacheError) {
+                console.warn(`[ScoutRefreshProvider] ${cacheKey} cache save failed:`, cacheError);
+            }
         }
         catch (e) {
-            setMint(null);
-            setError(e instanceof Error ? e.message : "client abilities mint failed");
+            setError(e instanceof Error ? e.message : "mint failed");
         }
         finally {
             inFlightRef.current = false;
-            setIsLoading(false);
+            setInFlight(false);
         }
-    }, [enabled, supabase, loadPublicKeys]);
+    }, [enabled, supabase, cacheKey, loadPublicKeys, mintToken, verifyToken]);
     useEffect(() => {
         if (!enabled) {
             setMint(null);
             setError(null);
             return;
         }
+        let cancelled = false;
+        void scoutCache.getJwtMint(cacheKey).then((cached) => {
+            if (!cancelled && cached.data) {
+                setMint(cached.data);
+            }
+        });
         void refreshMint();
         const { data: { subscription }, } = supabase.auth.onAuthStateChange((event) => {
             if (event === "SIGNED_OUT") {
                 setMint(null);
                 setError(null);
+                void scoutCache.clearJwtMint(cacheKey);
                 return;
             }
             if (event === "SIGNED_IN" || event === "TOKEN_REFRESHED") {
                 void refreshMint();
             }
         });
-        return () => subscription.unsubscribe();
-    }, [enabled, supabase, refreshMint]);
+        return () => {
+            cancelled = true;
+            subscription.unsubscribe();
+        };
+    }, [enabled, supabase, cacheKey, refreshMint]);
     useEffect(() => {
         if (!enabled || !mint) {
             return;
@@ -134,7 +159,35 @@ function useClientAbilitiesMintLifecycle(supabase, config) {
         }, delayMs);
         return () => clearTimeout(timer);
     }, [enabled, mint, ttlSec, refreshBeforeExpirySec, refreshMint]);
-    return useMemo(() => ({ mint, isLoading, error, refreshMint }), [mint, isLoading, error, refreshMint]);
+    return useMemo(() => ({ mint, status, error, refreshMint }), [mint, status, error, refreshMint]);
+}
+function useClientAbilitiesMintLifecycle(supabase, config) {
+    const { mintClientAbilitiesToken: enabled, clientAbilitiesTokenTtlSec: ttlSec, refreshBeforeExpirySec, publicKeysCacheTtlMs, } = config;
+    const loadPublicKeys = useCachedPublicKeys(supabase, publicKeysCacheTtlMs, get_client_abilities_jwt_public_keys);
+    return useJwtMintLifecycle({
+        enabled,
+        supabase,
+        cacheKey: "client_abilities",
+        ttlSec,
+        refreshBeforeExpirySec,
+        loadPublicKeys,
+        mintToken: mint_client_abilities_token,
+        verifyToken: verify_client_abilities_token,
+    });
+}
+function usePubsubTokenMintLifecycle(supabase, config) {
+    const { mintPubsubToken: enabled, pubsubTokenTtlSec: ttlSec, refreshBeforeExpirySec, publicKeysCacheTtlMs, } = config;
+    const loadPublicKeys = useCachedPublicKeys(supabase, publicKeysCacheTtlMs, get_pubsub_jwt_public_keys);
+    return useJwtMintLifecycle({
+        enabled,
+        supabase,
+        cacheKey: "pubsub",
+        ttlSec,
+        refreshBeforeExpirySec,
+        loadPublicKeys,
+        mintToken: mint_pubsub_token,
+        verifyToken: verify_pubsub_token,
+    });
 }
 export function ScoutRefreshProvider({ children, abilityParams, ...refreshOptions }) {
     const urlRef = useRef(process.env.NEXT_PUBLIC_SUPABASE_URL || "");
@@ -143,6 +196,7 @@ export function ScoutRefreshProvider({ children, abilityParams, ...refreshOption
     const abilitiesConfig = useMemo(() => resolveAbilityParams(abilityParams), [abilityParams]);
     useScoutRefresh({ ...refreshOptions, supabase });
     const abilities = useClientAbilitiesMintLifecycle(supabase, abilitiesConfig);
-    const value = useMemo(() => ({ supabase, abilities }), [supabase, abilities]);
+    const pubsub = usePubsubTokenMintLifecycle(supabase, abilitiesConfig);
+    const value = useMemo(() => ({ supabase, abilities, pubsub }), [supabase, abilities, pubsub]);
     return (_jsx(ScoutRefreshContext.Provider, { value: value, children: children }));
 }