@aifabrix/miso-client 3.8.2 → 4.0.0

package/dist/utils/data-client.js

@@ -46,21 +46,14 @@ const data_client_cache_1 = require("./data-client-cache");
 const data_client_request_1 = require("./data-client-request");
 const data_client_auth_1 = require("./data-client-auth");
 const data_client_redirect_1 = require("./data-client-redirect");
-const browser_permission_service_1 = require("../services/browser-permission.service");
-const browser_role_service_1 = require("../services/browser-role.service");
-const cache_service_1 = require("../services/cache.service");
-const http_client_1 = require("../utils/http-client");
-const internal_http_client_1 = require("../utils/internal-http-client");
-const api_1 = require("../api");
-const logger_1 = require("../services/logger");
-const redis_service_1 = require("../services/redis.service");
+const data_client_init_1 = require("./data-client-init");
+const permissionHelpers = __importStar(require("./data-client-permissions"));
+const roleHelpers = __importStar(require("./data-client-roles"));
 class DataClient {
     constructor(config) {
         this.misoClient = null;
         this.cache = new Map();
         this.pendingRequests = new Map();
-        // Track failed requests to prevent rapid re-requests (deduplication for failures)
-        // Extended cooldown period to prevent retry storms
         this.failedRequests = new Map();
         this.interceptors = {};
         this.metrics = {
@@ -72,227 +65,85 @@ class DataClient {
         };
         this.permissionService = null;
         this.roleService = null;
-        this.config = {
-            tokenKeys: ["token", "accessToken", "authToken"],
-            loginUrl: "/login",
-            timeout: 30000,
-            cache: {
-                enabled: true,
-                defaultTTL: 300,
-                maxSize: 100,
-            },
-            retry: {
-                enabled: true,
-                maxRetries: 3,
-                baseDelay: 1000,
-                maxDelay: 10000,
-            },
-            audit: {
-                enabled: true,
-                level: "standard",
-                batchSize: 10,
-                maxResponseSize: 10000,
-                maxMaskingSize: 50000,
-                skipEndpoints: [],
-            },
-            ...config,
-        };
-        // Security: Warn if clientSecret is provided in browser environment
-        // This is a security risk as clientSecret should never be exposed in client-side code
-        if ((0, data_client_utils_1.isBrowser)() && this.config.misoConfig?.clientSecret) {
-            console.warn("⚠️ SECURITY WARNING: clientSecret detected in browser environment. " +
-                "Client secrets should NEVER be exposed in client-side code. " +
-                "Use the client token pattern instead (clientToken + onClientTokenRefresh). " +
-                "See documentation for browser-safe configuration.");
-        }
+        this.config = (0, data_client_init_1.createDefaultConfig)(config);
+        (0, data_client_init_1.warnIfClientSecretInBrowser)(this.config);
         // Initialize MisoClient if config provided
-        let misoConfigWithRefresh;
-        if (this.config.misoConfig) {
-            // Automatically bridge DataClient.getEnvironmentToken() to MisoClient
-            // This allows MisoClient's logger service to get client tokens automatically
-            // Users don't need to manually provide onClientTokenRefresh!
-            misoConfigWithRefresh = {
-                ...this.config.misoConfig,
-                // Only auto-bridge if:
-                // 1. User hasn't provided onClientTokenRefresh (allow override)
-                // 2. We're in browser (server-side uses clientSecret)
-                // 3. No clientSecret provided (would use that instead)
-                onClientTokenRefresh: this.config.misoConfig.onClientTokenRefresh ||
-                    ((0, data_client_utils_1.isBrowser)() && !this.config.misoConfig.clientSecret
-                        ? async () => {
-                            const token = await this.getEnvironmentToken();
-                            if (!token) {
-                                throw new Error("Failed to get client token");
-                            }
-                            // Get expiration from localStorage (set by getEnvironmentToken)
-                            const expiresAtStr = (0, data_client_utils_1.getLocalStorage)("miso:client-token-expires-at");
-                            const expiresAt = expiresAtStr
-                                ? parseInt(expiresAtStr, 10)
-                                : Date.now() + 3600000; // Default 1 hour
-                            const expiresIn = Math.floor((expiresAt - Date.now()) / 1000);
-                            return {
-                                token,
-                                expiresIn: expiresIn > 0 ? expiresIn : 3600, // Default 1 hour if invalid
-                            };
-                        }
-                        : undefined),
-            };
+        const misoConfigWithRefresh = (0, data_client_init_1.createMisoConfigWithRefresh)(this.config, () => this.getEnvironmentToken());
+        if (misoConfigWithRefresh) {
             this.misoClient = new index_1.MisoClient(misoConfigWithRefresh);
         }
         // Initialize DataMasker with config path if provided
         if (this.config.misoConfig?.sensitiveFieldsConfig) {
             data_masker_1.DataMasker.setConfigPath(this.config.misoConfig.sensitiveFieldsConfig);
         }
-        // Initialize browser-compatible permission and role services
-        // These services need HttpClient and CacheService, so they're initialized after MisoClient
-        if (this.misoClient && misoConfigWithRefresh) {
-            // Create InternalHttpClient first (base HTTP functionality)
-            // Use misoConfigWithRefresh which includes onClientTokenRefresh callback
-            const internalClient = new internal_http_client_1.InternalHttpClient(misoConfigWithRefresh);
-            // Create Redis service (will be undefined for browser, but needed for LoggerService)
-            const redis = new redis_service_1.RedisService(misoConfigWithRefresh.redis);
-            // Create LoggerService with InternalHttpClient (needs httpClient.request() and httpClient.config)
-            const logger = new logger_1.LoggerService(internalClient, redis);
-            // Create HttpClient that wraps InternalHttpClient with logger
-            // Use misoConfigWithRefresh which includes onClientTokenRefresh callback
-            const httpClient = new http_client_1.HttpClient(misoConfigWithRefresh, logger);
-            // Update LoggerService to use the new HttpClient (for logging)
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            logger.httpClient = httpClient;
-            // Create ApiClient that wraps HttpClient (provides typed API interfaces)
-            const apiClient = new api_1.ApiClient(httpClient);
-            // Set ApiClient in LoggerService (resolves circular dependency)
-            logger.setApiClient(apiClient);
-            // Create CacheService without Redis (in-memory only for browser)
-            const cacheService = new cache_service_1.CacheService(undefined);
-            // Create browser-compatible services (pass both httpClient and apiClient)
-            this.permissionService = new browser_permission_service_1.BrowserPermissionService(httpClient, apiClient, cacheService);
-            this.roleService = new browser_role_service_1.BrowserRoleService(httpClient, apiClient, cacheService);
-        }
+        // Initialize browser services
+        const services = (0, data_client_init_1.initializeBrowserServices)(this.misoClient, misoConfigWithRefresh);
+        this.permissionService = services.permissionService;
+        this.roleService = services.roleService;
         // Auto-handle OAuth callback on initialization (browser only)
-        // This ensures tokens are extracted immediately when DataClient is created
         if ((0, data_client_utils_1.isBrowser)()) {
             this.handleOAuthCallback();
         }
     }
-    /**
-     * Get authentication token from localStorage
-     */
+    // ==================== PRIVATE HELPERS ====================
     getToken() {
         return (0, data_client_auth_1.getToken)(this.config.tokenKeys);
     }
-    /**
-     * Check if client token is available (from localStorage cache or config)
-     */
     hasClientToken() {
         return (0, data_client_auth_1.hasClientToken)(this.misoClient, this.config.misoConfig);
     }
-    /**
-     * Check if any authentication token is available (user token OR client token)
-     */
     hasAnyToken() {
         return (0, data_client_auth_1.hasAnyToken)(this.config.tokenKeys, this.misoClient, this.config.misoConfig);
     }
-    /**
-     * Get client token for requests
-     * Checks localStorage cache first, then config, then calls getEnvironmentToken() if needed
-     * @returns Client token string or null if unavailable
-     */
     async getClientToken() {
         return (0, data_client_auth_1.getClientToken)(this.config.misoConfig, this.config.baseUrl, () => this.getEnvironmentToken());
     }
-    /**
-     * Build controller URL from configuration
-     * Uses controllerPublicUrl (browser) or controllerUrl (fallback)
-     * @returns Controller base URL or null if not configured
-     */
     getControllerUrl() {
         return (0, data_client_auth_1.getControllerUrl)(this.config.misoConfig);
     }
-    /**
-     * Check if user is authenticated
-     */
+    // ==================== PUBLIC AUTH METHODS ====================
     isAuthenticated() {
         return this.getToken() !== null;
     }
-    /**
-     * Handle OAuth callback from authentication redirect
-     * Extracts token from URL hash fragment and stores securely
-     * ISO 27001 compliant with immediate cleanup and validation
-     *
-     * @returns Extracted token or null if not found/invalid
-     */
     handleOAuthCallback() {
         return (0, data_client_auth_1.handleOAuthCallback)(this.config);
     }
-    /**
-     * Redirect to login page via controller
-     * Calls the controller login endpoint with redirect parameter and x-client-token header
-     * @param redirectUrl - Optional redirect URL to return to after login (defaults to current page URL)
-     */
     async redirectToLogin(redirectUrl) {
         return (0, data_client_redirect_1.redirectToLogin)(this.config, () => this.getClientToken(), redirectUrl);
     }
-    /**
-     * Logout user and redirect
-     * Calls logout API with x-client-token header, clears tokens from localStorage, clears cache, and redirects
-     * @param redirectUrl - Optional redirect URL after logout (defaults to logoutUrl or loginUrl)
-     */
     async logout(redirectUrl) {
         return (0, data_client_auth_1.logout)(this.config, () => this.getToken(), () => this.getClientToken(), () => this.clearCache(), redirectUrl, this.misoClient);
     }
-    /**
-     * Set interceptors
-     */
+    // ==================== CONFIGURATION ====================
     setInterceptors(config) {
         this.interceptors = { ...this.interceptors, ...config };
     }
-    /**
-     * Set audit configuration
-     */
     setAuditConfig(config) {
         this.config.audit = { ...this.config.audit, ...config };
     }
-    /**
-     * Set log level for MisoClient logger
-     * Note: This updates the MisoClient config logLevel if MisoClient is initialized
-     * @param level - Log level ('debug' | 'info' | 'warn' | 'error')
-     */
     setLogLevel(level) {
         if (this.misoClient && this.config.misoConfig) {
-            // Update the config's logLevel
-            // Note: TypeScript readonly doesn't prevent runtime updates
             this.config.misoConfig.logLevel = level;
-            // Also try to update MisoClient's internal config if accessible
             try {
                 const misoConfig = this.misoClient.config;
-                if (misoConfig) {
+                if (misoConfig)
                     misoConfig.logLevel = level;
-                }
             }
             catch {
                 // Silently ignore if config is not accessible
             }
         }
     }
-    /**
-     * Clear all cached responses
-     */
     clearCache() {
         this.cache.clear();
     }
-    /**
-     * Get request metrics
-     */
     getMetrics() {
         const responseTimes = (this.metrics.responseTimes || []).sort((a, b) => a - b);
         const len = responseTimes.length;
         return {
             totalRequests: this.metrics.totalRequests,
             totalFailures: this.metrics.totalFailures,
-            averageResponseTime: len > 0
-                ? responseTimes.reduce((a, b) => a + b, 0) / len
-                : 0,
+            averageResponseTime: len > 0 ? responseTimes.reduce((a, b) => a + b, 0) / len : 0,
             responseTimeDistribution: {
                 min: len > 0 ? responseTimes[0] : 0,
                 max: len > 0 ? responseTimes[len - 1] : 0,
@@ -300,128 +151,84 @@ class DataClient {
                 p95: len > 0 ? responseTimes[Math.floor(len * 0.95)] : 0,
                 p99: len > 0 ? responseTimes[Math.floor(len * 0.99)] : 0,
             },
-            errorRate: this.metrics.totalRequests > 0
-                ? this.metrics.totalFailures / this.metrics.totalRequests
-                : 0,
+            errorRate: this.metrics.totalRequests > 0 ? this.metrics.totalFailures / this.metrics.totalRequests : 0,
             cacheHitRate: this.metrics.cacheHits + this.metrics.cacheMisses > 0
-                ? this.metrics.cacheHits /
-                    (this.metrics.cacheHits + this.metrics.cacheMisses)
+                ? this.metrics.cacheHits / (this.metrics.cacheHits + this.metrics.cacheMisses)
                 : 0,
         };
     }
-    /**
-     * Make HTTP request with all features (caching, retry, deduplication, audit)
-     */
+    // ==================== HTTP REQUEST CORE ====================
     async request(method, endpoint, options) {
         const startTime = Date.now();
         const fullUrl = `${this.config.baseUrl}${endpoint}`;
-        // Generate cache key with explicit method to ensure consistency
-        // Use method parameter (from get/post/etc) not options.method which might be undefined
         const cacheKeyOptions = { ...options, method: method.toUpperCase() };
         const cacheKey = (0, data_client_cache_1.getCacheKeyForRequest)(endpoint, cacheKeyOptions);
         const isGetRequest = method.toUpperCase() === "GET";
         const cacheEnabled = (0, data_client_cache_1.isCacheEnabled)(method, this.config.cache, options);
-        // CRITICAL: Check circuit breaker FIRST (before cache/pending checks)
-        // This prevents any requests to failing endpoints, even if cache is cleared
+        // Circuit breaker check
         const failedRequest = this.failedRequests.get(cacheKey);
         if (failedRequest) {
             const timeSinceFailure = Date.now() - failedRequest.timestamp;
             const failureCount = failedRequest.count || 1;
-            // Exponential backoff: 5s, 15s, 30s, 30s...
             const cooldownPeriod = failureCount === 1 ? 5000 : failureCount === 2 ? 15000 : 30000;
             if (timeSinceFailure < cooldownPeriod) {
-                // Return rejected promise with the same error to prevent duplicate requests
-                // This prevents React Query and other retry mechanisms from hammering the server
-                // Re-throw the same error to maintain error consistency
                 throw failedRequest.error;
             }
             else {
-                // Clean up old failed request entry after cooldown expires
                 this.failedRequests.delete(cacheKey);
             }
         }
-        // Check cache for GET requests (after circuit breaker check)
+        // Check cache for GET requests
         if (cacheEnabled) {
             const cached = (0, data_client_cache_1.getCachedEntry)(this.cache, cacheKey, this.metrics);
-            if (cached !== null) {
+            if (cached !== null)
                 return cached;
-            }
         }
-        // CRITICAL: Check for duplicate concurrent requests BEFORE creating promise
-        // This must be atomic to prevent race conditions when multiple requests arrive simultaneously
+        // Check for duplicate concurrent requests
         if (isGetRequest) {
             const pendingRequest = this.pendingRequests.get(cacheKey);
-            if (pendingRequest) {
+            if (pendingRequest)
                 return pendingRequest;
-            }
         }
-        // Create request promise wrapper that ensures atomic storage
-        // This prevents race conditions where multiple requests check before any are stored
+        // Execute request
         let requestPromise;
         if (isGetRequest) {
-            // For GET requests, create a promise that wraps the actual execution
-            // Store it immediately to prevent race conditions
             requestPromise = (async () => {
                 try {
                     return await (0, data_client_request_1.executeHttpRequest)(method, fullUrl, endpoint, this.config, this.cache, cacheKey, cacheEnabled, startTime, this.misoClient, () => this.hasAnyToken(), () => this.getToken(), () => this.handleAuthError(), () => this.refreshUserToken(), this.interceptors, this.metrics, options);
                 }
                 finally {
-                    // Cleanup pending request when done (success or failure)
                     this.pendingRequests.delete(cacheKey);
                 }
             })();
-            // Store immediately - this is atomic and prevents race conditions
-            // If another request comes in now, it will see this promise and reuse it
             this.pendingRequests.set(cacheKey, requestPromise);
         }
         else {
-            // For non-GET requests, execute directly (no deduplication)
             requestPromise = (0, data_client_request_1.executeHttpRequest)(method, fullUrl, endpoint, this.config, this.cache, cacheKey, cacheEnabled, startTime, this.misoClient, () => this.hasAnyToken(), () => this.getToken(), () => this.handleAuthError(), () => this.refreshUserToken(), this.interceptors, this.metrics, options);
         }
         try {
             const result = await requestPromise;
-            // Clean up failed request entry on success (works for all methods)
             this.failedRequests.delete(cacheKey);
             return result;
         }
         catch (error) {
-            // Store failed request to prevent rapid re-requests (works for all methods)
-            // Circuit breaker pattern: track failure count for exponential backoff
             const existingFailure = this.failedRequests.get(cacheKey);
             const failureCount = existingFailure ? (existingFailure.count || 1) + 1 : 1;
-            this.failedRequests.set(cacheKey, {
-                timestamp: Date.now(),
-                error: error,
-                count: failureCount,
-            });
-            // Clean up after maximum cooldown period (30 seconds)
-            // This prevents memory leaks while still providing protection
-            setTimeout(() => {
-                this.failedRequests.delete(cacheKey);
-            }, 30000);
+            this.failedRequests.set(cacheKey, { timestamp: Date.now(), error: error, count: failureCount });
+            setTimeout(() => this.failedRequests.delete(cacheKey), 30000);
             throw error;
         }
     }
-    /**
-     * Refresh user token using onTokenRefresh callback
-     * @returns New token and expiration, or null if refresh failed
-     */
     async refreshUserToken() {
-        if (!this.config.onTokenRefresh) {
+        if (!this.config.onTokenRefresh)
             return null;
-        }
         try {
             const result = await this.config.onTokenRefresh();
-            // Update token in localStorage
             if ((0, data_client_utils_1.isBrowser)() && result.token) {
                 const { setLocalStorage } = await Promise.resolve().then(() => __importStar(require("./data-client-utils")));
-                const tokenKeys = this.config.tokenKeys || ["token", "accessToken", "authToken"];
-                // Store token in all configured keys
-                for (const key of tokenKeys) {
+                for (const key of this.config.tokenKeys || ["token", "accessToken", "authToken"]) {
                     setLocalStorage(key, result.token);
                 }
-                // Note: Refresh token is NOT stored in localStorage for security
-                // The backend endpoint handles refresh token securely (httpOnly cookie or session)
             }
             return result;
         }
@@ -430,360 +237,114 @@ class DataClient {
             return null;
         }
     }
-    /**
-     * Handle authentication error
-     */
     handleAuthError() {
         if ((0, data_client_utils_1.isBrowser)()) {
-            // Fire and forget - redirect doesn't need to complete before throwing error
-            this.redirectToLogin().catch((error) => {
-                console.error("Failed to redirect to login:", error);
-            });
+            this.redirectToLogin().catch((error) => console.error("Failed to redirect to login:", error));
         }
     }
-    /**
-     * Apply request interceptor
-     */
     async applyRequestInterceptor(url, options) {
-        if (this.interceptors.onRequest) {
-            return await this.interceptors.onRequest(url, options);
-        }
-        return options;
+        return this.interceptors.onRequest ? await this.interceptors.onRequest(url, options) : options;
     }
     // ==================== HTTP METHODS ====================
-    /**
-     * GET request
-     */
     async get(endpoint, options) {
-        const finalOptions = await this.applyRequestInterceptor(endpoint, {
-            ...options,
-            method: "GET",
-        });
+        const finalOptions = await this.applyRequestInterceptor(endpoint, { ...options, method: "GET" });
         return this.request("GET", endpoint, finalOptions);
     }
-    /**
-     * POST request
-     */
     async post(endpoint, data, options) {
         const finalOptions = await this.applyRequestInterceptor(endpoint, {
-            ...options,
-            method: "POST",
-            body: data ? JSON.stringify(data) : undefined,
-            headers: {
-                "Content-Type": "application/json",
-                ...options?.headers,
-            },
+            ...options, method: "POST", body: data ? JSON.stringify(data) : undefined,
+            headers: { "Content-Type": "application/json", ...options?.headers },
         });
         return this.request("POST", endpoint, finalOptions);
     }
-    /**
-     * PUT request
-     */
     async put(endpoint, data, options) {
         const finalOptions = await this.applyRequestInterceptor(endpoint, {
-            ...options,
-            method: "PUT",
-            body: data ? JSON.stringify(data) : undefined,
-            headers: {
-                "Content-Type": "application/json",
-                ...options?.headers,
-            },
+            ...options, method: "PUT", body: data ? JSON.stringify(data) : undefined,
+            headers: { "Content-Type": "application/json", ...options?.headers },
         });
         return this.request("PUT", endpoint, finalOptions);
     }
-    /**
-     * PATCH request (uses fetch fallback since MisoClient doesn't support PATCH)
-     */
     async patch(endpoint, data, options) {
         const finalOptions = await this.applyRequestInterceptor(endpoint, {
-            ...options,
-            method: "PATCH",
-            body: data ? JSON.stringify(data) : undefined,
-            headers: {
-                "Content-Type": "application/json",
-                ...options?.headers,
-            },
+            ...options, method: "PATCH", body: data ? JSON.stringify(data) : undefined,
+            headers: { "Content-Type": "application/json", ...options?.headers },
         });
         return this.request("PATCH", endpoint, finalOptions);
     }
-    /**
-     * DELETE request
-     */
     async delete(endpoint, options) {
-        const finalOptions = await this.applyRequestInterceptor(endpoint, {
-            ...options,
-            method: "DELETE",
-        });
+        const finalOptions = await this.applyRequestInterceptor(endpoint, { ...options, method: "DELETE" });
         return this.request("DELETE", endpoint, finalOptions);
     }
-    // ==================== AUTHORIZATION METHODS ====================
-    /**
-     * Get user permissions (uses token from localStorage if not provided)
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns Array of permission strings
-     */
+    // ==================== PERMISSION METHODS ====================
     async getPermissions(token) {
-        if (!this.misoClient || !this.permissionService) {
-            return [];
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return [];
-        }
-        return this.permissionService.getPermissions(userToken);
-    }
-    /**
-     * Check if user has specific permission
-     * @param permission - Permission to check
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns True if user has the permission
-     */
+        return permissionHelpers.getPermissions(this.permissionService, this.misoClient, () => this.getToken(), token);
+    }
     async hasPermission(permission, token) {
-        if (!this.misoClient || !this.permissionService) {
-            return false;
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return false;
-        }
-        return this.permissionService.hasPermission(userToken, permission);
-    }
-    /**
-     * Check if user has any of the specified permissions
-     * @param permissions - Permissions to check
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns True if user has any of the permissions
-     */
+        return permissionHelpers.hasPermission(this.permissionService, this.misoClient, () => this.getToken(), permission, token);
+    }
     async hasAnyPermission(permissions, token) {
-        if (!this.misoClient || !this.permissionService) {
-            return false;
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return false;
-        }
-        return this.permissionService.hasAnyPermission(userToken, permissions);
-    }
-    /**
-     * Check if user has all of the specified permissions
-     * @param permissions - Permissions to check
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns True if user has all of the permissions
-     */
+        return permissionHelpers.hasAnyPermission(this.permissionService, this.misoClient, () => this.getToken(), permissions, token);
+    }
     async hasAllPermissions(permissions, token) {
-        if (!this.misoClient || !this.permissionService) {
-            return false;
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return false;
-        }
-        return this.permissionService.hasAllPermissions(userToken, permissions);
+        return permissionHelpers.hasAllPermissions(this.permissionService, this.misoClient, () => this.getToken(), permissions, token);
     }
-    /**
-     * Force refresh permissions from controller (bypass cache)
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns Array of permission strings
-     */
     async refreshPermissions(token) {
-        if (!this.misoClient || !this.permissionService) {
-            return [];
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return [];
-        }
-        return this.permissionService.refreshPermissions(userToken);
+        return permissionHelpers.refreshPermissions(this.permissionService, this.misoClient, () => this.getToken(), token);
     }
-    /**
-     * Clear cached permissions for a user
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     */
     async clearPermissionsCache(token) {
-        if (!this.misoClient || !this.permissionService) {
-            return;
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return;
-        }
-        return this.permissionService.clearPermissionsCache(userToken);
+        return permissionHelpers.clearPermissionsCache(this.permissionService, this.misoClient, () => this.getToken(), token);
     }
-    /**
-     * Get user roles (uses token from localStorage if not provided)
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns Array of role strings
-     */
+    // ==================== ROLE METHODS ====================
     async getRoles(token) {
-        if (!this.misoClient || !this.roleService) {
-            return [];
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return [];
-        }
-        return this.roleService.getRoles(userToken);
-    }
-    /**
-     * Check if user has specific role
-     * @param role - Role to check
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns True if user has the role
-     */
+        return roleHelpers.getRoles(this.roleService, this.misoClient, () => this.getToken(), token);
+    }
     async hasRole(role, token) {
-        if (!this.misoClient || !this.roleService) {
-            return false;
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return false;
-        }
-        return this.roleService.hasRole(userToken, role);
-    }
-    /**
-     * Check if user has any of the specified roles
-     * @param roles - Roles to check
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns True if user has any of the roles
-     */
+        return roleHelpers.hasRole(this.roleService, this.misoClient, () => this.getToken(), role, token);
+    }
     async hasAnyRole(roles, token) {
-        if (!this.misoClient || !this.roleService) {
-            return false;
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return false;
-        }
-        return this.roleService.hasAnyRole(userToken, roles);
-    }
-    /**
-     * Check if user has all of the specified roles
-     * @param roles - Roles to check
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns True if user has all of the roles
-     */
+        return roleHelpers.hasAnyRole(this.roleService, this.misoClient, () => this.getToken(), roles, token);
+    }
     async hasAllRoles(roles, token) {
-        if (!this.misoClient || !this.roleService) {
-            return false;
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return false;
-        }
-        return this.roleService.hasAllRoles(userToken, roles);
+        return roleHelpers.hasAllRoles(this.roleService, this.misoClient, () => this.getToken(), roles, token);
     }
-    /**
-     * Force refresh roles from controller (bypass cache)
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns Array of role strings
-     */
     async refreshRoles(token) {
-        if (!this.misoClient || !this.roleService) {
-            return [];
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return [];
-        }
-        return this.roleService.refreshRoles(userToken);
+        return roleHelpers.refreshRoles(this.roleService, this.misoClient, () => this.getToken(), token);
     }
-    /**
-     * Clear cached roles for a user
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     */
     async clearRolesCache(token) {
-        if (!this.misoClient || !this.roleService) {
-            return;
-        }
-        const userToken = token || this.getToken();
-        if (!userToken) {
-            return;
-        }
-        return this.roleService.clearRolesCache(userToken);
+        return roleHelpers.clearRolesCache(this.roleService, this.misoClient, () => this.getToken(), token);
     }
     // ==================== AUTHENTICATION METHODS ====================
-    /**
-     * Validate token (uses localStorage token if not provided)
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns True if token is valid
-     */
     async validateToken(token) {
-        if (!this.misoClient) {
+        if (!this.misoClient)
             return false;
-        }
         const userToken = token || this.getToken();
-        if (!userToken) {
-            return false;
-        }
-        return this.misoClient.validateToken(userToken);
+        return userToken ? this.misoClient.validateToken(userToken) : false;
     }
-    /**
-     * Get user info from token (uses localStorage token if not provided)
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns User info or null if not authenticated
-     */
     async getUser(token) {
-        if (!this.misoClient) {
+        if (!this.misoClient)
             return null;
-        }
         const userToken = token || this.getToken();
-        if (!userToken) {
-            return null;
-        }
-        return this.misoClient.getUser(userToken);
+        return userToken ? this.misoClient.getUser(userToken) : null;
     }
-    /**
-     * Get user info from API endpoint (uses localStorage token if not provided)
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns User info or null if not authenticated
-     */
     async getUserInfo(token) {
-        if (!this.misoClient) {
+        if (!this.misoClient)
             return null;
-        }
         const userToken = token || this.getToken();
-        if (!userToken) {
-            return null;
-        }
-        return this.misoClient.getUserInfo(userToken);
+        return userToken ? this.misoClient.getUserInfo(userToken) : null;
     }
-    /**
-     * Check if authenticated (alias for validateToken)
-     * @param token - Optional user authentication token (auto-retrieved from localStorage if not provided)
-     * @returns True if authenticated
-     */
     async isAuthenticatedAsync(token) {
         return this.validateToken(token);
     }
-    /**
-     * Get environment token (browser-side)
-     * Checks localStorage cache first, then calls backend endpoint if needed
-     * Uses clientTokenUri from config or defaults to /api/v1/auth/client-token
-     *
-     * @returns Client token string
-     * @throws Error if token fetch fails
-     */
     async getEnvironmentToken() {
         return (0, data_client_auth_1.getEnvironmentToken)(this.config, this.misoClient);
     }
-    /**
-     * Get client token information (browser-side)
-     * Extracts application and environment info from client token
-     *
-     * @returns Client token info or null if token not available
-     */
     getClientTokenInfo() {
         return (0, data_client_auth_1.getClientTokenInfo)(this.config.misoConfig);
     }
 }
 exports.DataClient = DataClient;
-/**
- * Singleton instance factory
- */
+// ==================== SINGLETON FACTORY ====================
 let defaultDataClient = null;
-/**
- * Get or create default DataClient instance
- */
 function dataClient(config) {
     if (!defaultDataClient && config) {
         defaultDataClient = new DataClient(config);