@blimu/react 0.6.2 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const E=require("@blimu/client"),o=require("../node_modules/js-cookie/dist/js.cookie.cjs"),A=require("../node_modules/jwt-decode/build/esm/index.cjs"),a="__bli_session",d="__lh_jwt",u="__lh_jwt",S=10,_=1e3,m=
|
|
1
|
+
"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const E=require("@blimu/client"),o=require("../node_modules/js-cookie/dist/js.cookie.cjs"),A=require("../node_modules/jwt-decode/build/esm/index.cjs"),a="__bli_session",d="__lh_jwt",u="__lh_jwt",S=10,_=1e3,m=i=>Math.floor(i*_),O=i=>Math.floor(i/_),C=()=>O(Date.now()),T=i=>m(i),P=(i,e)=>{const s=T(i),r=m(e),t=Date.now();return Math.max(s-r-t,0)},c=(i,e)=>{const s=C();return i-e<s};class b{constructor(e,s,r,t,l){this.isLive=e,this.client=s,this.store=r,this.pendingRefresher=null,this.refreshPromise=null,this.refreshingSignals=new Set,this.refreshingSignalAbortController=null,this.localClient=new E.Blimu({baseURL:t,credentials:"include",headers:{"x-blimu-publishable-key":l}}),this.handleRequestError=this.handleRequestError.bind(this)}setCookie(e,s,r={}){const t={secure:this.isLive,sameSite:"lax",path:"/"};r.maxAge!==void 0&&(t.expires=r.maxAge/(1440*60)),o.set(e,s,t)}getSessionPayload(){const e=o.get(a);return e?A.jwtDecode(e):null}async getSessionToken(){const e=this.getSessionPayload();if(e)return this.refreshPromise?(await this.refreshPromise,o.get(a)):(c(e.exp,0)&&await this.refreshSession(),o.get(a))}async handleRequestError(e){return e instanceof E.BlimuError&&[401,500].includes(e.status)?(o.remove(a),o.remove(u),{error:e.message,user:null}):e instanceof DOMException?{error:e.message,user:null}:e instanceof Error?{error:e.message,user:null}:{error:"unknown error",user:null}}async initialize({signal:e}={}){const s=new URL(window.location.href),r=s.searchParams.get(d)??void 0;if(r&&(s.searchParams.delete(d),window.history.replaceState({},"",s.toString())),r&&this.setCookie(u,r,{maxAge:720*60*60}),o.get(u)&&!o.get(a)){const n=await this.refreshSession({signal:e}).catch(this.handleRequestError);if("error"in n)return n}const l=this.getSessionPayload();if(!l)return{error:null,user:null};if(c(l.exp,S)){const n=await this.refreshSession().catch(this.handleRequestError);if("error"in n)return n}const h=await this.client.auth.getSession().catch(this.handleRequestError);return"error"in h?h:{error:null,user:h.user}}scheduleRefresh(){const e=new AbortController;let s=!0,r=null;const t=()=>{s=!0,this.pendingRefresher&&(this.pendingRefresher(),this.pendingRefresher=null)},l=()=>{s=!1};window.addEventListener("online",t),window.addEventListener("offline",l);const h=()=>{r!==null&&(window.clearTimeout(r),r=null);const n=this.getSessionPayload();if(!n||c(n.exp,0))return;const g=P(n.exp,S);if(g<0)return;const w=async()=>{if(r=null,!s){this.pendingRefresher=w;return}const f=await this.refreshSession({signal:e.signal});if("error"in f){if(f.error==="aborted")return;this.store.setState({status:"error",user:null,error:f.error});return}else h()};r=window.setTimeout(w,g)};return h(),()=>{r&&window.clearTimeout(r),e.abort(),window.removeEventListener("online",t),window.removeEventListener("offline",l)}}async refreshSession({signal:e}={}){if(e&&(this.refreshingSignals.add(e),e.addEventListener("abort",()=>{this.refreshingSignals.delete(e),this.refreshingSignals.size===0&&this.refreshingSignalAbortController?.abort()})),this.refreshPromise)return this.refreshPromise;this.refreshingSignalAbortController=new AbortController,this.refreshingSignalAbortController.signal.addEventListener("abort",()=>{this.refreshPromise=null,this.refreshingSignalAbortController=null,this.refreshingSignals.clear()});const s=this.isLive?void 0:o.get(u),r={};s&&(r.__lh_jwt=s),this.refreshPromise=this.localClient.auth.refresh(r,{signal:this.refreshingSignalAbortController.signal}).then(t=>(this.isLive||this.setCookie(a,t.sessionToken,{maxAge:720*60*60}),t)).catch(this.handleRequestError);try{return await this.refreshPromise}finally{this.refreshPromise=null,this.refreshingSignalAbortController=null,this.refreshingSignals.clear()}}}exports.AuthSessionService=b;exports.LOCALHOST_JWT_COOKIE_NAME=u;exports.LOCALHOST_JWT_URL_PARAM_NAME=d;exports.SESSION_COOKIE_NAME=a;exports.SESSION_EXPIRATION_BUFFER=S;exports.isExpiredIn=c;
|
|
2
2
|
//# sourceMappingURL=auth.service.cjs.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.service.cjs","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/**\n * Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n */\nconst SECONDS_TO_MS = 1000;\n\n/**\n * Convert seconds to milliseconds\n */\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds * SECONDS_TO_MS);\n\n/**\n * Convert milliseconds to seconds\n */\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/**\n * Get current time in seconds (Unix timestamp)\n */\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/**\n * Convert JWT expiration time (seconds) to milliseconds\n */\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/**\n * Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n */\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n const bufferMS = secondsToMilliseconds(bufferSeconds);\n const nowMS = Date.now();\n return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/**\n * Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n */\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n const now = nowInSeconds();\n return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n private pendingRefresher: (() => void) | null = null;\n private refreshPromise: Promise<RefreshResponse | { error: string; user: null }> | null = null;\n private refreshingSignals: Set<AbortSignal> = new Set();\n private refreshingSignalAbortController: AbortController | null = null;\n // A local client that doesn't call getSessionToken() which calls refreshSession().\n private localClient: Blimu;\n\n constructor(\n private readonly isLive: boolean,\n private readonly client: Blimu,\n private readonly store: ExternalStore<AuthState>,\n baseURL: string,\n publishableKey: string,\n ) {\n this.localClient = new Blimu({\n baseURL,\n credentials: 'include',\n headers: { 'x-blimu-publishable-key': publishableKey },\n });\n this.handleRequestError = this.handleRequestError.bind(this);\n }\n\n /**\n * Set cookie with appropriate security settings based on environment\n */\n private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n const cookieOptions: Cookies.CookieAttributes = {\n secure: this.isLive, // true for live environments, false for localhost\n sameSite: 'lax',\n path: '/',\n };\n\n if (options.maxAge !== undefined) {\n cookieOptions.expires = options.maxAge / (24 * 60 * 60); // Convert seconds to days\n }\n\n Cookies.set(name, value, cookieOptions);\n }\n\n getSessionPayload(): {\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n } | null {\n const token = Cookies.get(SESSION_COOKIE_NAME);\n\n if (!token) {\n return null;\n }\n\n const decoded = jwtDecode<{\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n }>(token);\n\n return decoded;\n }\n\n async getSessionToken(): Promise<string | undefined> {\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return undefined;\n }\n\n // If a refresh is already in progress, wait for it to complete\n // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n // which triggers accessToken() which calls getSessionToken()\n if (this.refreshPromise) {\n await this.refreshPromise;\n // After refresh completes, return the updated token from cookie\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n if (isExpiredIn(sessionPayload.exp, 0)) {\n await this.refreshSession();\n }\n\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n Cookies.remove(SESSION_COOKIE_NAME);\n Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n return {\n error: error.message,\n user: null,\n };\n }\n\n if (error instanceof DOMException)\n return {\n error: error.message,\n user: null,\n };\n\n if (error instanceof Error) {\n return {\n error: error.message,\n user: null,\n };\n }\n\n return {\n error: 'unknown error',\n user: null,\n };\n }\n\n async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n error: string | null;\n user: User | null;\n }> {\n const url = new URL(window.location.href);\n const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n // Clean up URL parameters immediately to prevent re-processing on re-renders\n if (localhostJWT) {\n url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n window.history.replaceState({}, '', url.toString());\n }\n\n // Handle localhost JWT from URL parameter\n if (localhostJWT) {\n // Set localhost JWT cookie on customer app domain\n this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n\n const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return {\n error: null,\n user: null,\n };\n }\n\n if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n const result = await this.refreshSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const result = await this.client.auth.getSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n\n return {\n error: null,\n user: result.user,\n };\n }\n\n scheduleRefresh() {\n const abortController = new AbortController();\n let isOnline = true;\n let timeoutId: number | null = null;\n\n const onlineHandler = () => {\n isOnline = true;\n if (this.pendingRefresher) {\n this.pendingRefresher();\n this.pendingRefresher = null;\n }\n };\n const offlineHandler = () => {\n isOnline = false;\n };\n\n window.addEventListener('online', onlineHandler);\n window.addEventListener('offline', offlineHandler);\n\n const refresh = () => {\n // Clear any existing timeout before scheduling a new one\n // This prevents infinite loops when refresh() is called recursively\n if (timeoutId !== null) {\n window.clearTimeout(timeoutId);\n timeoutId = null;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload || isExpiredIn(sessionPayload.exp, 0)) return;\n\n // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n // Prevent scheduling if timeout is negative (token already expired)\n // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n // This prevents immediate re-scheduling that could cause infinite loops\n if (timeoutDelayMS < 0) {\n return;\n }\n\n // Having this function outside timeout, allows us to call refresh immediately when back online\n const refresher = async () => {\n // Clear timeoutId since we're executing now\n timeoutId = null;\n\n if (!isOnline) {\n // Keep closure of refresh function alive\n this.pendingRefresher = refresher;\n return;\n }\n\n const result = await this.refreshSession({ signal: abortController.signal });\n\n if ('error' in result) {\n // If the refresh was aborted (e.g., due to React strict mode unmounting),\n // don't treat it as an error - just return and let the component remount handle it\n if (result.error === 'aborted') {\n return;\n }\n // For real errors, update the store\n this.store.setState({\n status: 'error',\n user: null,\n error: result.error,\n });\n return;\n } else {\n // After successful refresh, schedule the next refresh with the new token\n refresh();\n }\n };\n\n timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n };\n\n refresh();\n\n return () => {\n if (timeoutId) {\n window.clearTimeout(timeoutId);\n }\n abortController.abort();\n window.removeEventListener('online', onlineHandler);\n window.removeEventListener('offline', offlineHandler);\n };\n }\n\n private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n if (signal) {\n // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n this.refreshingSignals.add(signal);\n\n signal.addEventListener('abort', () => {\n this.refreshingSignals.delete(signal);\n\n if (this.refreshingSignals.size === 0) {\n this.refreshingSignalAbortController?.abort();\n }\n });\n }\n\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n\n this.refreshingSignalAbortController = new AbortController();\n\n this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n });\n\n // Get localhost_jwt from cookie to send as query parameter\n const localhostJWT = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n // There are hacks to avoid infinite recursion, but they are not reliable.\n // The localhost_jwt is sent as a query parameter\n // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n // but the underlying CoreClient.request() method does support it\n this.refreshPromise = this.localClient.auth\n .refresh(\n { __lh_jwt: localhostJWT },\n {\n signal: this.refreshingSignalAbortController.signal,\n },\n )\n .then((response) => {\n // Update cookie with new session token from response body\n // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n if (response.sessionToken) {\n this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n return response;\n })\n .catch(this.handleRequestError);\n\n try {\n return await this.refreshPromise;\n } finally {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n }\n }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","response"],"mappings":"uOAQaA,EAAsB,gBACtBC,EAA+B,WAC/BC,EAA4B,WAC5BC,EAA4B,GAMnCC,EAAgB,IAKhBC,EAAyBC,GAA4B,KAAK,MAAMA,EAAUF,CAAa,EAKvFG,EAAyBC,GAAuB,KAAK,MAAMA,EAAKJ,CAAa,EAK7EK,EAAe,IAAcF,EAAsB,KAAK,KAAK,EAK7DG,EAAwBC,GAAwBN,EAAsBM,CAAG,EAQzEC,EAAwB,CAACC,EAA2BC,IAAkC,CAC1F,MAAMC,EAAeL,EAAqBG,CAAiB,EACrDG,EAAWX,EAAsBS,CAAa,EAC9CG,EAAQ,KAAK,IAAA,EACnB,OAAO,KAAK,IAAIF,EAAeC,EAAWC,EAAO,CAAC,CACpD,EAQaC,EAAc,CAACC,EAAoBC,IAA4B,CAC1E,MAAMC,EAAMZ,EAAA,EACZ,OAAOU,EAAaC,EAASC,CAC/B,EAEO,MAAMC,CAAmB,CAQ9B,YACmBC,EACAC,EACAC,EACjBC,EACAC,EACA,CALiB,KAAA,OAAAJ,EACA,KAAA,OAAAC,EACA,KAAA,MAAAC,EAVnB,KAAQ,iBAAwC,KAChD,KAAQ,eAAkF,KAC1F,KAAQ,sBAA0C,IAClD,KAAQ,gCAA0D,KAWhE,KAAK,YAAc,IAAIG,QAAM,CAC3B,QAAAF,EACA,YAAa,UACb,QAAS,CAAE,0BAA2BC,CAAA,CAAe,CACtD,EACD,KAAK,mBAAqB,KAAK,mBAAmB,KAAK,IAAI,CAC7D,CAKQ,UAAUE,EAAcC,EAAeC,EAA+B,CAAA,EAAU,CACtF,MAAMC,EAA0C,CAC9C,OAAQ,KAAK,OACb,SAAU,MACV,KAAM,GAAA,EAGJD,EAAQ,SAAW,SACrBC,EAAc,QAAUD,EAAQ,QAAU,KAAU,KAGtDE,EAAQ,IAAIJ,EAAMC,EAAOE,CAAa,CACxC,CAEA,mBAMS,CACP,MAAME,EAAQD,EAAQ,IAAIjC,CAAmB,EAE7C,OAAKkC,EAIWC,EAAAA,UAMbD,CAAK,EATC,IAYX,CAEA,MAAM,iBAA+C,CACnD,MAAME,EAAiB,KAAK,kBAAA,EAE5B,GAAKA,EAOL,OAAI,KAAK,gBACP,MAAM,KAAK,eAEJH,EAAQ,IAAIjC,CAAmB,IAGpCkB,EAAYkB,EAAe,IAAK,CAAC,GACnC,MAAM,KAAK,eAAA,EAGNH,EAAQ,IAAIjC,CAAmB,EACxC,CAEA,MAAM,mBAAmBqC,EAAwD,CAC/E,OAAIA,aAAiBC,EAAAA,YAAc,CAAC,IAAK,GAAG,EAAE,SAASD,EAAM,MAAM,GACjEJ,EAAQ,OAAOjC,CAAmB,EAClCiC,EAAQ,OAAO/B,CAAyB,EAEjC,CACL,MAAOmC,EAAM,QACb,KAAM,IAAA,GAINA,aAAiB,aACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAGNA,aAAiB,MACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAIH,CACL,MAAO,gBACP,KAAM,IAAA,CAEV,CAEA,MAAM,WAAW,CAAE,OAAAE,CAAA,EAAqC,GAGrD,CACD,MAAMC,EAAM,IAAI,IAAI,OAAO,SAAS,IAAI,EAClCC,EAAeD,EAAI,aAAa,IAAIvC,CAA4B,GAAK,OAkB3E,GAfIwC,IACFD,EAAI,aAAa,OAAOvC,CAA4B,EACpD,OAAO,QAAQ,aAAa,CAAA,EAAI,GAAIuC,EAAI,UAAU,GAIhDC,GAEF,KAAK,UAAUvC,EAA2BuC,EAAc,CACtD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAGwBR,EAAQ,IAAI/B,CAAyB,GAEtC,CAAC+B,EAAQ,IAAIjC,CAAmB,EAAG,CAC3D,MAAM0C,EAAS,MAAM,KAAK,eAAe,CAAE,OAAAH,EAAQ,EAAE,MAAM,KAAK,kBAAkB,EAClF,GAAI,UAAWG,EAAQ,OAAOA,CAChC,CAEA,MAAMN,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,EACH,MAAO,CACL,MAAO,KACP,KAAM,IAAA,EAIV,GAAIlB,EAAYkB,EAAe,IAAKjC,CAAyB,EAAG,CAC9D,MAAMuC,EAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB,EACxE,GAAI,UAAWA,EAAQ,OAAOA,CAChC,CAEA,MAAMA,EAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB,EAChF,MAAI,UAAWA,EAAeA,EAEvB,CACL,MAAO,KACP,KAAMA,EAAO,IAAA,CAEjB,CAEA,iBAAkB,CAChB,MAAMC,EAAkB,IAAI,gBAC5B,IAAIC,EAAW,GACXC,EAA2B,KAE/B,MAAMC,EAAgB,IAAM,CAC1BF,EAAW,GACP,KAAK,mBACP,KAAK,iBAAA,EACL,KAAK,iBAAmB,KAE5B,EACMG,EAAiB,IAAM,CAC3BH,EAAW,EACb,EAEA,OAAO,iBAAiB,SAAUE,CAAa,EAC/C,OAAO,iBAAiB,UAAWC,CAAc,EAEjD,MAAMC,EAAU,IAAM,CAGhBH,IAAc,OAChB,OAAO,aAAaA,CAAS,EAC7BA,EAAY,MAGd,MAAMT,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,GAAkBlB,EAAYkB,EAAe,IAAK,CAAC,EAAG,OAG3D,MAAMa,EAAiBrC,EAAsBwB,EAAe,IAAKjC,CAAyB,EAK1F,GAAI8C,EAAiB,EACnB,OAIF,MAAMC,EAAY,SAAY,CAI5B,GAFAL,EAAY,KAER,CAACD,EAAU,CAEb,KAAK,iBAAmBM,EACxB,MACF,CAEA,MAAMR,EAAS,MAAM,KAAK,eAAe,CAAE,OAAQC,EAAgB,OAAQ,EAE3E,GAAI,UAAWD,EAAQ,CAGrB,GAAIA,EAAO,QAAU,UACnB,OAGF,KAAK,MAAM,SAAS,CAClB,OAAQ,QACR,KAAM,KACN,MAAOA,EAAO,KAAA,CACf,EACD,MACF,MAEEM,EAAA,CAEJ,EAEAH,EAAY,OAAO,WAAWK,EAAWD,CAAc,CACzD,EAEA,OAAAD,EAAA,EAEO,IAAM,CACPH,GACF,OAAO,aAAaA,CAAS,EAE/BF,EAAgB,MAAA,EAChB,OAAO,oBAAoB,SAAUG,CAAa,EAClD,OAAO,oBAAoB,UAAWC,CAAc,CACtD,CACF,CAEA,MAAc,eAAe,CAAE,OAAAR,CAAA,EAAqC,GAAI,CActE,GAbIA,IAEF,KAAK,kBAAkB,IAAIA,CAAM,EAEjCA,EAAO,iBAAiB,QAAS,IAAM,CACrC,KAAK,kBAAkB,OAAOA,CAAM,EAEhC,KAAK,kBAAkB,OAAS,GAClC,KAAK,iCAAiC,MAAA,CAE1C,CAAC,GAGC,KAAK,eACP,OAAO,KAAK,eAGd,KAAK,gCAAkC,IAAI,gBAE3C,KAAK,gCAAgC,OAAO,iBAAiB,QAAS,IAAM,CAC1E,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CAAC,EAGD,MAAME,EAAeR,EAAQ,IAAI/B,CAAyB,EAO1D,KAAK,eAAiB,KAAK,YAAY,KACpC,QACC,CAAE,SAAUuC,CAAA,EACZ,CACE,OAAQ,KAAK,gCAAgC,MAAA,CAC/C,EAED,KAAMU,IAGDA,EAAS,cACX,KAAK,UAAUnD,EAAqBmD,EAAS,aAAc,CACzD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAEIA,EACR,EACA,MAAM,KAAK,kBAAkB,EAEhC,GAAI,CACF,OAAO,MAAM,KAAK,cACpB,QAAA,CACE,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CACF,CACF"}
|
|
1
|
+
{"version":3,"file":"auth.service.cjs","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/**\n * Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n */\nconst SECONDS_TO_MS = 1000;\n\n/**\n * Convert seconds to milliseconds\n */\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds * SECONDS_TO_MS);\n\n/**\n * Convert milliseconds to seconds\n */\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/**\n * Get current time in seconds (Unix timestamp)\n */\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/**\n * Convert JWT expiration time (seconds) to milliseconds\n */\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/**\n * Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n */\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n const bufferMS = secondsToMilliseconds(bufferSeconds);\n const nowMS = Date.now();\n return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/**\n * Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n */\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n const now = nowInSeconds();\n return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n private pendingRefresher: (() => void) | null = null;\n private refreshPromise: Promise<RefreshResponse | { error: string; user: null }> | null = null;\n private refreshingSignals: Set<AbortSignal> = new Set();\n private refreshingSignalAbortController: AbortController | null = null;\n // A local client that doesn't call getSessionToken() which calls refreshSession().\n private localClient: Blimu;\n\n constructor(\n private readonly isLive: boolean,\n private readonly client: Blimu,\n private readonly store: ExternalStore<AuthState>,\n baseURL: string,\n publishableKey: string,\n ) {\n this.localClient = new Blimu({\n baseURL,\n credentials: 'include',\n headers: { 'x-blimu-publishable-key': publishableKey },\n });\n this.handleRequestError = this.handleRequestError.bind(this);\n }\n\n /**\n * Set cookie with appropriate security settings based on environment\n */\n private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n const cookieOptions: Cookies.CookieAttributes = {\n secure: this.isLive, // true for live environments, false for localhost\n sameSite: 'lax',\n path: '/',\n };\n\n if (options.maxAge !== undefined) {\n cookieOptions.expires = options.maxAge / (24 * 60 * 60); // Convert seconds to days\n }\n\n Cookies.set(name, value, cookieOptions);\n }\n\n getSessionPayload(): {\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n } | null {\n const token = Cookies.get(SESSION_COOKIE_NAME);\n\n if (!token) {\n return null;\n }\n\n const decoded = jwtDecode<{\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n }>(token);\n\n return decoded;\n }\n\n async getSessionToken(): Promise<string | undefined> {\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return undefined;\n }\n\n // If a refresh is already in progress, wait for it to complete\n // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n // which triggers accessToken() which calls getSessionToken()\n if (this.refreshPromise) {\n await this.refreshPromise;\n // After refresh completes, return the updated token from cookie\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n if (isExpiredIn(sessionPayload.exp, 0)) {\n await this.refreshSession();\n }\n\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n Cookies.remove(SESSION_COOKIE_NAME);\n Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n return {\n error: error.message,\n user: null,\n };\n }\n\n if (error instanceof DOMException)\n return {\n error: error.message,\n user: null,\n };\n\n if (error instanceof Error) {\n return {\n error: error.message,\n user: null,\n };\n }\n\n return {\n error: 'unknown error',\n user: null,\n };\n }\n\n async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n error: string | null;\n user: User | null;\n }> {\n const url = new URL(window.location.href);\n const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n // Clean up URL parameters immediately to prevent re-processing on re-renders\n if (localhostJWT) {\n url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n window.history.replaceState({}, '', url.toString());\n }\n\n // Handle localhost JWT from URL parameter\n if (localhostJWT) {\n // Set localhost JWT cookie on customer app domain\n this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n\n const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return {\n error: null,\n user: null,\n };\n }\n\n if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n const result = await this.refreshSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const result = await this.client.auth.getSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n\n return {\n error: null,\n user: result.user,\n };\n }\n\n scheduleRefresh() {\n const abortController = new AbortController();\n let isOnline = true;\n let timeoutId: number | null = null;\n\n const onlineHandler = () => {\n isOnline = true;\n if (this.pendingRefresher) {\n this.pendingRefresher();\n this.pendingRefresher = null;\n }\n };\n const offlineHandler = () => {\n isOnline = false;\n };\n\n window.addEventListener('online', onlineHandler);\n window.addEventListener('offline', offlineHandler);\n\n const refresh = () => {\n // Clear any existing timeout before scheduling a new one\n // This prevents infinite loops when refresh() is called recursively\n if (timeoutId !== null) {\n window.clearTimeout(timeoutId);\n timeoutId = null;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload || isExpiredIn(sessionPayload.exp, 0)) return;\n\n // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n // Prevent scheduling if timeout is negative (token already expired)\n // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n // This prevents immediate re-scheduling that could cause infinite loops\n if (timeoutDelayMS < 0) {\n return;\n }\n\n // Having this function outside timeout, allows us to call refresh immediately when back online\n const refresher = async () => {\n // Clear timeoutId since we're executing now\n timeoutId = null;\n\n if (!isOnline) {\n // Keep closure of refresh function alive\n this.pendingRefresher = refresher;\n return;\n }\n\n const result = await this.refreshSession({ signal: abortController.signal });\n\n if ('error' in result) {\n // If the refresh was aborted (e.g., due to React strict mode unmounting),\n // don't treat it as an error - just return and let the component remount handle it\n if (result.error === 'aborted') {\n return;\n }\n // For real errors, update the store\n this.store.setState({\n status: 'error',\n user: null,\n error: result.error,\n });\n return;\n } else {\n // After successful refresh, schedule the next refresh with the new token\n refresh();\n }\n };\n\n timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n };\n\n refresh();\n\n return () => {\n if (timeoutId) {\n window.clearTimeout(timeoutId);\n }\n abortController.abort();\n window.removeEventListener('online', onlineHandler);\n window.removeEventListener('offline', offlineHandler);\n };\n }\n\n private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n if (signal) {\n // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n this.refreshingSignals.add(signal);\n\n signal.addEventListener('abort', () => {\n this.refreshingSignals.delete(signal);\n\n if (this.refreshingSignals.size === 0) {\n this.refreshingSignalAbortController?.abort();\n }\n });\n }\n\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n\n this.refreshingSignalAbortController = new AbortController();\n\n this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n });\n\n // Get localhost_jwt from cookie to send as query parameter (only for non-live environments)\n const localhostJWT = !this.isLive ? Cookies.get(LOCALHOST_JWT_COOKIE_NAME) : undefined;\n\n // Build query parameters - only include __lh_jwt for non-live environments when cookie exists\n const queryParams: { __lh_jwt?: string } = {};\n if (localhostJWT) {\n queryParams.__lh_jwt = localhostJWT;\n }\n\n // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n // There are hacks to avoid infinite recursion, but they are not reliable.\n // The localhost_jwt is sent as a query parameter only in non-live environments\n // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n // but the underlying CoreClient.request() method does support it\n this.refreshPromise = this.localClient.auth\n .refresh(queryParams, {\n signal: this.refreshingSignalAbortController.signal,\n })\n .then((response) => {\n // Update cookie with new session token from response body\n // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n if (!this.isLive) {\n this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n return response;\n })\n .catch(this.handleRequestError);\n\n try {\n return await this.refreshPromise;\n } finally {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n }\n }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","queryParams","response"],"mappings":"uOAQaA,EAAsB,gBACtBC,EAA+B,WAC/BC,EAA4B,WAC5BC,EAA4B,GAMnCC,EAAgB,IAKhBC,EAAyBC,GAA4B,KAAK,MAAMA,EAAUF,CAAa,EAKvFG,EAAyBC,GAAuB,KAAK,MAAMA,EAAKJ,CAAa,EAK7EK,EAAe,IAAcF,EAAsB,KAAK,KAAK,EAK7DG,EAAwBC,GAAwBN,EAAsBM,CAAG,EAQzEC,EAAwB,CAACC,EAA2BC,IAAkC,CAC1F,MAAMC,EAAeL,EAAqBG,CAAiB,EACrDG,EAAWX,EAAsBS,CAAa,EAC9CG,EAAQ,KAAK,IAAA,EACnB,OAAO,KAAK,IAAIF,EAAeC,EAAWC,EAAO,CAAC,CACpD,EAQaC,EAAc,CAACC,EAAoBC,IAA4B,CAC1E,MAAMC,EAAMZ,EAAA,EACZ,OAAOU,EAAaC,EAASC,CAC/B,EAEO,MAAMC,CAAmB,CAQ9B,YACmBC,EACAC,EACAC,EACjBC,EACAC,EACA,CALiB,KAAA,OAAAJ,EACA,KAAA,OAAAC,EACA,KAAA,MAAAC,EAVnB,KAAQ,iBAAwC,KAChD,KAAQ,eAAkF,KAC1F,KAAQ,sBAA0C,IAClD,KAAQ,gCAA0D,KAWhE,KAAK,YAAc,IAAIG,QAAM,CAC3B,QAAAF,EACA,YAAa,UACb,QAAS,CAAE,0BAA2BC,CAAA,CAAe,CACtD,EACD,KAAK,mBAAqB,KAAK,mBAAmB,KAAK,IAAI,CAC7D,CAKQ,UAAUE,EAAcC,EAAeC,EAA+B,CAAA,EAAU,CACtF,MAAMC,EAA0C,CAC9C,OAAQ,KAAK,OACb,SAAU,MACV,KAAM,GAAA,EAGJD,EAAQ,SAAW,SACrBC,EAAc,QAAUD,EAAQ,QAAU,KAAU,KAGtDE,EAAQ,IAAIJ,EAAMC,EAAOE,CAAa,CACxC,CAEA,mBAMS,CACP,MAAME,EAAQD,EAAQ,IAAIjC,CAAmB,EAE7C,OAAKkC,EAIWC,EAAAA,UAMbD,CAAK,EATC,IAYX,CAEA,MAAM,iBAA+C,CACnD,MAAME,EAAiB,KAAK,kBAAA,EAE5B,GAAKA,EAOL,OAAI,KAAK,gBACP,MAAM,KAAK,eAEJH,EAAQ,IAAIjC,CAAmB,IAGpCkB,EAAYkB,EAAe,IAAK,CAAC,GACnC,MAAM,KAAK,eAAA,EAGNH,EAAQ,IAAIjC,CAAmB,EACxC,CAEA,MAAM,mBAAmBqC,EAAwD,CAC/E,OAAIA,aAAiBC,EAAAA,YAAc,CAAC,IAAK,GAAG,EAAE,SAASD,EAAM,MAAM,GACjEJ,EAAQ,OAAOjC,CAAmB,EAClCiC,EAAQ,OAAO/B,CAAyB,EAEjC,CACL,MAAOmC,EAAM,QACb,KAAM,IAAA,GAINA,aAAiB,aACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAGNA,aAAiB,MACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAIH,CACL,MAAO,gBACP,KAAM,IAAA,CAEV,CAEA,MAAM,WAAW,CAAE,OAAAE,CAAA,EAAqC,GAGrD,CACD,MAAMC,EAAM,IAAI,IAAI,OAAO,SAAS,IAAI,EAClCC,EAAeD,EAAI,aAAa,IAAIvC,CAA4B,GAAK,OAkB3E,GAfIwC,IACFD,EAAI,aAAa,OAAOvC,CAA4B,EACpD,OAAO,QAAQ,aAAa,CAAA,EAAI,GAAIuC,EAAI,UAAU,GAIhDC,GAEF,KAAK,UAAUvC,EAA2BuC,EAAc,CACtD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAGwBR,EAAQ,IAAI/B,CAAyB,GAEtC,CAAC+B,EAAQ,IAAIjC,CAAmB,EAAG,CAC3D,MAAM0C,EAAS,MAAM,KAAK,eAAe,CAAE,OAAAH,EAAQ,EAAE,MAAM,KAAK,kBAAkB,EAClF,GAAI,UAAWG,EAAQ,OAAOA,CAChC,CAEA,MAAMN,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,EACH,MAAO,CACL,MAAO,KACP,KAAM,IAAA,EAIV,GAAIlB,EAAYkB,EAAe,IAAKjC,CAAyB,EAAG,CAC9D,MAAMuC,EAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB,EACxE,GAAI,UAAWA,EAAQ,OAAOA,CAChC,CAEA,MAAMA,EAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB,EAChF,MAAI,UAAWA,EAAeA,EAEvB,CACL,MAAO,KACP,KAAMA,EAAO,IAAA,CAEjB,CAEA,iBAAkB,CAChB,MAAMC,EAAkB,IAAI,gBAC5B,IAAIC,EAAW,GACXC,EAA2B,KAE/B,MAAMC,EAAgB,IAAM,CAC1BF,EAAW,GACP,KAAK,mBACP,KAAK,iBAAA,EACL,KAAK,iBAAmB,KAE5B,EACMG,EAAiB,IAAM,CAC3BH,EAAW,EACb,EAEA,OAAO,iBAAiB,SAAUE,CAAa,EAC/C,OAAO,iBAAiB,UAAWC,CAAc,EAEjD,MAAMC,EAAU,IAAM,CAGhBH,IAAc,OAChB,OAAO,aAAaA,CAAS,EAC7BA,EAAY,MAGd,MAAMT,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,GAAkBlB,EAAYkB,EAAe,IAAK,CAAC,EAAG,OAG3D,MAAMa,EAAiBrC,EAAsBwB,EAAe,IAAKjC,CAAyB,EAK1F,GAAI8C,EAAiB,EACnB,OAIF,MAAMC,EAAY,SAAY,CAI5B,GAFAL,EAAY,KAER,CAACD,EAAU,CAEb,KAAK,iBAAmBM,EACxB,MACF,CAEA,MAAMR,EAAS,MAAM,KAAK,eAAe,CAAE,OAAQC,EAAgB,OAAQ,EAE3E,GAAI,UAAWD,EAAQ,CAGrB,GAAIA,EAAO,QAAU,UACnB,OAGF,KAAK,MAAM,SAAS,CAClB,OAAQ,QACR,KAAM,KACN,MAAOA,EAAO,KAAA,CACf,EACD,MACF,MAEEM,EAAA,CAEJ,EAEAH,EAAY,OAAO,WAAWK,EAAWD,CAAc,CACzD,EAEA,OAAAD,EAAA,EAEO,IAAM,CACPH,GACF,OAAO,aAAaA,CAAS,EAE/BF,EAAgB,MAAA,EAChB,OAAO,oBAAoB,SAAUG,CAAa,EAClD,OAAO,oBAAoB,UAAWC,CAAc,CACtD,CACF,CAEA,MAAc,eAAe,CAAE,OAAAR,CAAA,EAAqC,GAAI,CActE,GAbIA,IAEF,KAAK,kBAAkB,IAAIA,CAAM,EAEjCA,EAAO,iBAAiB,QAAS,IAAM,CACrC,KAAK,kBAAkB,OAAOA,CAAM,EAEhC,KAAK,kBAAkB,OAAS,GAClC,KAAK,iCAAiC,MAAA,CAE1C,CAAC,GAGC,KAAK,eACP,OAAO,KAAK,eAGd,KAAK,gCAAkC,IAAI,gBAE3C,KAAK,gCAAgC,OAAO,iBAAiB,QAAS,IAAM,CAC1E,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CAAC,EAGD,MAAME,EAAgB,KAAK,OAAkD,OAAzCR,EAAQ,IAAI/B,CAAyB,EAGnEiD,EAAqC,CAAA,EACvCV,IACFU,EAAY,SAAWV,GAQzB,KAAK,eAAiB,KAAK,YAAY,KACpC,QAAQU,EAAa,CACpB,OAAQ,KAAK,gCAAgC,MAAA,CAC9C,EACA,KAAMC,IAGA,KAAK,QACR,KAAK,UAAUpD,EAAqBoD,EAAS,aAAc,CACzD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAEIA,EACR,EACA,MAAM,KAAK,kBAAkB,EAEhC,GAAI,CACF,OAAO,MAAM,KAAK,cACpB,QAAA,CACE,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CACF,CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/client/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAc,MAAM,eAAe,CAAC;AAKlD,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,eAAO,MAAM,mBAAmB,kBAAkB,CAAC;AACnD,eAAO,MAAM,4BAA4B,aAAa,CAAC;AACvD,eAAO,MAAM,yBAAyB,aAAa,CAAC;AACpD,eAAO,MAAM,yBAAyB,KAAK,CAAC;AAyC5C;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAI,YAAY,MAAM,EAAE,QAAQ,MAAM,KAAG,OAGhE,CAAC;AAEF,qBAAa,kBAAkB;IAS3B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IAVxB,OAAO,CAAC,gBAAgB,CAA6B;IACrD,OAAO,CAAC,cAAc,CAAyE;IAC/F,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,+BAA+B,CAAgC;IAEvE,OAAO,CAAC,WAAW,CAAQ;gBAGR,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,KAAK,EACb,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAChD,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM;IAUxB;;OAEG;IACH,OAAO,CAAC,SAAS;IAcjB,iBAAiB,IAAI;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,GAAG,IAAI;IAkBF,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAuB9C,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,CAAA;KAAE,CAAC;IA8B1E,UAAU,CAAC,EAAE,MAAM,EAAE,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GAAG,OAAO,CAAC;QACnE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;KACnB,CAAC;IAgDF,eAAe;YAwFD,cAAc;
|
|
1
|
+
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/client/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAc,MAAM,eAAe,CAAC;AAKlD,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,eAAO,MAAM,mBAAmB,kBAAkB,CAAC;AACnD,eAAO,MAAM,4BAA4B,aAAa,CAAC;AACvD,eAAO,MAAM,yBAAyB,aAAa,CAAC;AACpD,eAAO,MAAM,yBAAyB,KAAK,CAAC;AAyC5C;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAI,YAAY,MAAM,EAAE,QAAQ,MAAM,KAAG,OAGhE,CAAC;AAEF,qBAAa,kBAAkB;IAS3B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IAVxB,OAAO,CAAC,gBAAgB,CAA6B;IACrD,OAAO,CAAC,cAAc,CAAyE;IAC/F,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,+BAA+B,CAAgC;IAEvE,OAAO,CAAC,WAAW,CAAQ;gBAGR,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,KAAK,EACb,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAChD,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM;IAUxB;;OAEG;IACH,OAAO,CAAC,SAAS;IAcjB,iBAAiB,IAAI;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,GAAG,IAAI;IAkBF,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAuB9C,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,CAAA;KAAE,CAAC;IA8B1E,UAAU,CAAC,EAAE,MAAM,EAAE,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GAAG,OAAO,CAAC;QACnE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;KACnB,CAAC;IAgDF,eAAe;YAwFD,cAAc;CAgE7B"}
|
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
import { Blimu as _, BlimuError as A } from "@blimu/client";
|
|
2
2
|
import o from "../node_modules/js-cookie/dist/js.cookie.js";
|
|
3
3
|
import { jwtDecode as C } from "../node_modules/jwt-decode/build/esm/index.js";
|
|
4
|
-
const h = "__bli_session", S = "__lh_jwt", u = "__lh_jwt",
|
|
5
|
-
const s = P(
|
|
6
|
-
return Math.max(s - r -
|
|
7
|
-
}, f = (
|
|
4
|
+
const h = "__bli_session", S = "__lh_jwt", u = "__lh_jwt", m = 10, w = 1e3, E = (i) => Math.floor(i * w), b = (i) => Math.floor(i / w), p = () => b(Date.now()), P = (i) => E(i), v = (i, e) => {
|
|
5
|
+
const s = P(i), r = E(e), t = Date.now();
|
|
6
|
+
return Math.max(s - r - t, 0);
|
|
7
|
+
}, f = (i, e) => {
|
|
8
8
|
const s = p();
|
|
9
|
-
return
|
|
9
|
+
return i - e < s;
|
|
10
10
|
};
|
|
11
|
-
class
|
|
12
|
-
constructor(e, s, r,
|
|
11
|
+
class x {
|
|
12
|
+
constructor(e, s, r, t, l) {
|
|
13
13
|
this.isLive = e, this.client = s, this.store = r, this.pendingRefresher = null, this.refreshPromise = null, this.refreshingSignals = /* @__PURE__ */ new Set(), this.refreshingSignalAbortController = null, this.localClient = new _({
|
|
14
|
-
baseURL:
|
|
14
|
+
baseURL: t,
|
|
15
15
|
credentials: "include",
|
|
16
16
|
headers: { "x-blimu-publishable-key": l }
|
|
17
17
|
}), this.handleRequestError = this.handleRequestError.bind(this);
|
|
@@ -20,13 +20,13 @@ class v {
|
|
|
20
20
|
* Set cookie with appropriate security settings based on environment
|
|
21
21
|
*/
|
|
22
22
|
setCookie(e, s, r = {}) {
|
|
23
|
-
const
|
|
23
|
+
const t = {
|
|
24
24
|
secure: this.isLive,
|
|
25
25
|
// true for live environments, false for localhost
|
|
26
26
|
sameSite: "lax",
|
|
27
27
|
path: "/"
|
|
28
28
|
};
|
|
29
|
-
r.maxAge !== void 0 && (
|
|
29
|
+
r.maxAge !== void 0 && (t.expires = r.maxAge / (1440 * 60)), o.set(e, s, t);
|
|
30
30
|
}
|
|
31
31
|
getSessionPayload() {
|
|
32
32
|
const e = o.get(h);
|
|
@@ -58,8 +58,8 @@ class v {
|
|
|
58
58
|
maxAge: 720 * 60 * 60
|
|
59
59
|
// 30 days
|
|
60
60
|
}), o.get(u) && !o.get(h)) {
|
|
61
|
-
const
|
|
62
|
-
if ("error" in
|
|
61
|
+
const n = await this.refreshSession({ signal: e }).catch(this.handleRequestError);
|
|
62
|
+
if ("error" in n) return n;
|
|
63
63
|
}
|
|
64
64
|
const l = this.getSessionPayload();
|
|
65
65
|
if (!l)
|
|
@@ -67,9 +67,9 @@ class v {
|
|
|
67
67
|
error: null,
|
|
68
68
|
user: null
|
|
69
69
|
};
|
|
70
|
-
if (f(l.exp,
|
|
71
|
-
const
|
|
72
|
-
if ("error" in
|
|
70
|
+
if (f(l.exp, m)) {
|
|
71
|
+
const n = await this.refreshSession().catch(this.handleRequestError);
|
|
72
|
+
if ("error" in n) return n;
|
|
73
73
|
}
|
|
74
74
|
const a = await this.client.auth.getSession().catch(this.handleRequestError);
|
|
75
75
|
return "error" in a ? a : {
|
|
@@ -80,17 +80,17 @@ class v {
|
|
|
80
80
|
scheduleRefresh() {
|
|
81
81
|
const e = new AbortController();
|
|
82
82
|
let s = !0, r = null;
|
|
83
|
-
const
|
|
83
|
+
const t = () => {
|
|
84
84
|
s = !0, this.pendingRefresher && (this.pendingRefresher(), this.pendingRefresher = null);
|
|
85
85
|
}, l = () => {
|
|
86
86
|
s = !1;
|
|
87
87
|
};
|
|
88
|
-
window.addEventListener("online",
|
|
88
|
+
window.addEventListener("online", t), window.addEventListener("offline", l);
|
|
89
89
|
const a = () => {
|
|
90
90
|
r !== null && (window.clearTimeout(r), r = null);
|
|
91
|
-
const
|
|
92
|
-
if (!
|
|
93
|
-
const d =
|
|
91
|
+
const n = this.getSessionPayload();
|
|
92
|
+
if (!n || f(n.exp, 0)) return;
|
|
93
|
+
const d = v(n.exp, m);
|
|
94
94
|
if (d < 0)
|
|
95
95
|
return;
|
|
96
96
|
const g = async () => {
|
|
@@ -114,7 +114,7 @@ class v {
|
|
|
114
114
|
r = window.setTimeout(g, d);
|
|
115
115
|
};
|
|
116
116
|
return a(), () => {
|
|
117
|
-
r && window.clearTimeout(r), e.abort(), window.removeEventListener("online",
|
|
117
|
+
r && window.clearTimeout(r), e.abort(), window.removeEventListener("online", t), window.removeEventListener("offline", l);
|
|
118
118
|
};
|
|
119
119
|
}
|
|
120
120
|
async refreshSession({ signal: e } = {}) {
|
|
@@ -125,16 +125,13 @@ class v {
|
|
|
125
125
|
this.refreshingSignalAbortController = new AbortController(), this.refreshingSignalAbortController.signal.addEventListener("abort", () => {
|
|
126
126
|
this.refreshPromise = null, this.refreshingSignalAbortController = null, this.refreshingSignals.clear();
|
|
127
127
|
});
|
|
128
|
-
const s = o.get(u);
|
|
129
|
-
this.refreshPromise = this.localClient.auth.refresh(
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
signal: this.refreshingSignalAbortController.signal
|
|
133
|
-
}
|
|
134
|
-
).then((r) => (r.sessionToken && this.setCookie(h, r.sessionToken, {
|
|
128
|
+
const s = this.isLive ? void 0 : o.get(u), r = {};
|
|
129
|
+
s && (r.__lh_jwt = s), this.refreshPromise = this.localClient.auth.refresh(r, {
|
|
130
|
+
signal: this.refreshingSignalAbortController.signal
|
|
131
|
+
}).then((t) => (this.isLive || this.setCookie(h, t.sessionToken, {
|
|
135
132
|
maxAge: 720 * 60 * 60
|
|
136
133
|
// 30 days
|
|
137
|
-
}),
|
|
134
|
+
}), t)).catch(this.handleRequestError);
|
|
138
135
|
try {
|
|
139
136
|
return await this.refreshPromise;
|
|
140
137
|
} finally {
|
|
@@ -143,11 +140,11 @@ class v {
|
|
|
143
140
|
}
|
|
144
141
|
}
|
|
145
142
|
export {
|
|
146
|
-
|
|
143
|
+
x as AuthSessionService,
|
|
147
144
|
u as LOCALHOST_JWT_COOKIE_NAME,
|
|
148
145
|
S as LOCALHOST_JWT_URL_PARAM_NAME,
|
|
149
146
|
h as SESSION_COOKIE_NAME,
|
|
150
|
-
|
|
147
|
+
m as SESSION_EXPIRATION_BUFFER,
|
|
151
148
|
f as isExpiredIn
|
|
152
149
|
};
|
|
153
150
|
//# sourceMappingURL=auth.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.service.js","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/**\n * Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n */\nconst SECONDS_TO_MS = 1000;\n\n/**\n * Convert seconds to milliseconds\n */\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds * SECONDS_TO_MS);\n\n/**\n * Convert milliseconds to seconds\n */\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/**\n * Get current time in seconds (Unix timestamp)\n */\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/**\n * Convert JWT expiration time (seconds) to milliseconds\n */\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/**\n * Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n */\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n const bufferMS = secondsToMilliseconds(bufferSeconds);\n const nowMS = Date.now();\n return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/**\n * Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n */\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n const now = nowInSeconds();\n return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n private pendingRefresher: (() => void) | null = null;\n private refreshPromise: Promise<RefreshResponse | { error: string; user: null }> | null = null;\n private refreshingSignals: Set<AbortSignal> = new Set();\n private refreshingSignalAbortController: AbortController | null = null;\n // A local client that doesn't call getSessionToken() which calls refreshSession().\n private localClient: Blimu;\n\n constructor(\n private readonly isLive: boolean,\n private readonly client: Blimu,\n private readonly store: ExternalStore<AuthState>,\n baseURL: string,\n publishableKey: string,\n ) {\n this.localClient = new Blimu({\n baseURL,\n credentials: 'include',\n headers: { 'x-blimu-publishable-key': publishableKey },\n });\n this.handleRequestError = this.handleRequestError.bind(this);\n }\n\n /**\n * Set cookie with appropriate security settings based on environment\n */\n private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n const cookieOptions: Cookies.CookieAttributes = {\n secure: this.isLive, // true for live environments, false for localhost\n sameSite: 'lax',\n path: '/',\n };\n\n if (options.maxAge !== undefined) {\n cookieOptions.expires = options.maxAge / (24 * 60 * 60); // Convert seconds to days\n }\n\n Cookies.set(name, value, cookieOptions);\n }\n\n getSessionPayload(): {\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n } | null {\n const token = Cookies.get(SESSION_COOKIE_NAME);\n\n if (!token) {\n return null;\n }\n\n const decoded = jwtDecode<{\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n }>(token);\n\n return decoded;\n }\n\n async getSessionToken(): Promise<string | undefined> {\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return undefined;\n }\n\n // If a refresh is already in progress, wait for it to complete\n // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n // which triggers accessToken() which calls getSessionToken()\n if (this.refreshPromise) {\n await this.refreshPromise;\n // After refresh completes, return the updated token from cookie\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n if (isExpiredIn(sessionPayload.exp, 0)) {\n await this.refreshSession();\n }\n\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n Cookies.remove(SESSION_COOKIE_NAME);\n Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n return {\n error: error.message,\n user: null,\n };\n }\n\n if (error instanceof DOMException)\n return {\n error: error.message,\n user: null,\n };\n\n if (error instanceof Error) {\n return {\n error: error.message,\n user: null,\n };\n }\n\n return {\n error: 'unknown error',\n user: null,\n };\n }\n\n async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n error: string | null;\n user: User | null;\n }> {\n const url = new URL(window.location.href);\n const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n // Clean up URL parameters immediately to prevent re-processing on re-renders\n if (localhostJWT) {\n url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n window.history.replaceState({}, '', url.toString());\n }\n\n // Handle localhost JWT from URL parameter\n if (localhostJWT) {\n // Set localhost JWT cookie on customer app domain\n this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n\n const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return {\n error: null,\n user: null,\n };\n }\n\n if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n const result = await this.refreshSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const result = await this.client.auth.getSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n\n return {\n error: null,\n user: result.user,\n };\n }\n\n scheduleRefresh() {\n const abortController = new AbortController();\n let isOnline = true;\n let timeoutId: number | null = null;\n\n const onlineHandler = () => {\n isOnline = true;\n if (this.pendingRefresher) {\n this.pendingRefresher();\n this.pendingRefresher = null;\n }\n };\n const offlineHandler = () => {\n isOnline = false;\n };\n\n window.addEventListener('online', onlineHandler);\n window.addEventListener('offline', offlineHandler);\n\n const refresh = () => {\n // Clear any existing timeout before scheduling a new one\n // This prevents infinite loops when refresh() is called recursively\n if (timeoutId !== null) {\n window.clearTimeout(timeoutId);\n timeoutId = null;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload || isExpiredIn(sessionPayload.exp, 0)) return;\n\n // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n // Prevent scheduling if timeout is negative (token already expired)\n // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n // This prevents immediate re-scheduling that could cause infinite loops\n if (timeoutDelayMS < 0) {\n return;\n }\n\n // Having this function outside timeout, allows us to call refresh immediately when back online\n const refresher = async () => {\n // Clear timeoutId since we're executing now\n timeoutId = null;\n\n if (!isOnline) {\n // Keep closure of refresh function alive\n this.pendingRefresher = refresher;\n return;\n }\n\n const result = await this.refreshSession({ signal: abortController.signal });\n\n if ('error' in result) {\n // If the refresh was aborted (e.g., due to React strict mode unmounting),\n // don't treat it as an error - just return and let the component remount handle it\n if (result.error === 'aborted') {\n return;\n }\n // For real errors, update the store\n this.store.setState({\n status: 'error',\n user: null,\n error: result.error,\n });\n return;\n } else {\n // After successful refresh, schedule the next refresh with the new token\n refresh();\n }\n };\n\n timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n };\n\n refresh();\n\n return () => {\n if (timeoutId) {\n window.clearTimeout(timeoutId);\n }\n abortController.abort();\n window.removeEventListener('online', onlineHandler);\n window.removeEventListener('offline', offlineHandler);\n };\n }\n\n private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n if (signal) {\n // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n this.refreshingSignals.add(signal);\n\n signal.addEventListener('abort', () => {\n this.refreshingSignals.delete(signal);\n\n if (this.refreshingSignals.size === 0) {\n this.refreshingSignalAbortController?.abort();\n }\n });\n }\n\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n\n this.refreshingSignalAbortController = new AbortController();\n\n this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n });\n\n // Get localhost_jwt from cookie to send as query parameter\n const localhostJWT = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n // There are hacks to avoid infinite recursion, but they are not reliable.\n // The localhost_jwt is sent as a query parameter\n // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n // but the underlying CoreClient.request() method does support it\n this.refreshPromise = this.localClient.auth\n .refresh(\n { __lh_jwt: localhostJWT },\n {\n signal: this.refreshingSignalAbortController.signal,\n },\n )\n .then((response) => {\n // Update cookie with new session token from response body\n // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n if (response.sessionToken) {\n this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n return response;\n })\n .catch(this.handleRequestError);\n\n try {\n return await this.refreshPromise;\n } finally {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n }\n }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","response"],"mappings":";;;AAQO,MAAMA,IAAsB,iBACtBC,IAA+B,YAC/BC,IAA4B,YAC5BC,IAA4B,IAMnCC,IAAgB,KAKhBC,IAAwB,CAACC,MAA4B,KAAK,MAAMA,IAAUF,CAAa,GAKvFG,IAAwB,CAACC,MAAuB,KAAK,MAAMA,IAAKJ,CAAa,GAK7EK,IAAe,MAAcF,EAAsB,KAAK,KAAK,GAK7DG,IAAuB,CAACC,MAAwBN,EAAsBM,CAAG,GAQzEC,IAAwB,CAACC,GAA2BC,MAAkC;AAC1F,QAAMC,IAAeL,EAAqBG,CAAiB,GACrDG,IAAWX,EAAsBS,CAAa,GAC9CG,IAAQ,KAAK,IAAA;AACnB,SAAO,KAAK,IAAIF,IAAeC,IAAWC,GAAO,CAAC;AACpD,GAQaC,IAAc,CAACC,GAAoBC,MAA4B;AAC1E,QAAMC,IAAMZ,EAAA;AACZ,SAAOU,IAAaC,IAASC;AAC/B;AAEO,MAAMC,EAAmB;AAAA,EAQ9B,YACmBC,GACAC,GACAC,GACjBC,GACAC,GACA;AALiB,SAAA,SAAAJ,GACA,KAAA,SAAAC,GACA,KAAA,QAAAC,GAVnB,KAAQ,mBAAwC,MAChD,KAAQ,iBAAkF,MAC1F,KAAQ,wCAA0C,IAAA,GAClD,KAAQ,kCAA0D,MAWhE,KAAK,cAAc,IAAIG,EAAM;AAAA,MAC3B,SAAAF;AAAA,MACA,aAAa;AAAA,MACb,SAAS,EAAE,2BAA2BC,EAAA;AAAA,IAAe,CACtD,GACD,KAAK,qBAAqB,KAAK,mBAAmB,KAAK,IAAI;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAUE,GAAcC,GAAeC,IAA+B,CAAA,GAAU;AACtF,UAAMC,IAA0C;AAAA,MAC9C,QAAQ,KAAK;AAAA;AAAA,MACb,UAAU;AAAA,MACV,MAAM;AAAA,IAAA;AAGR,IAAID,EAAQ,WAAW,WACrBC,EAAc,UAAUD,EAAQ,UAAU,OAAU,MAGtDE,EAAQ,IAAIJ,GAAMC,GAAOE,CAAa;AAAA,EACxC;AAAA,EAEA,oBAMS;AACP,UAAME,IAAQD,EAAQ,IAAIjC,CAAmB;AAE7C,WAAKkC,IAIWC,EAMbD,CAAK,IATC;AAAA,EAYX;AAAA,EAEA,MAAM,kBAA+C;AACnD,UAAME,IAAiB,KAAK,kBAAA;AAE5B,QAAKA;AAOL,aAAI,KAAK,kBACP,MAAM,KAAK,gBAEJH,EAAQ,IAAIjC,CAAmB,MAGpCkB,EAAYkB,EAAe,KAAK,CAAC,KACnC,MAAM,KAAK,eAAA,GAGNH,EAAQ,IAAIjC,CAAmB;AAAA,EACxC;AAAA,EAEA,MAAM,mBAAmBqC,GAAwD;AAC/E,WAAIA,aAAiBC,KAAc,CAAC,KAAK,GAAG,EAAE,SAASD,EAAM,MAAM,KACjEJ,EAAQ,OAAOjC,CAAmB,GAClCiC,EAAQ,OAAO/B,CAAyB,GAEjC;AAAA,MACL,OAAOmC,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,KAINA,aAAiB,eACZ;AAAA,MACL,OAAOA,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,IAGNA,aAAiB,QACZ;AAAA,MACL,OAAOA,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,IAIH;AAAA,MACL,OAAO;AAAA,MACP,MAAM;AAAA,IAAA;AAAA,EAEV;AAAA,EAEA,MAAM,WAAW,EAAE,QAAAE,EAAA,IAAqC,IAGrD;AACD,UAAMC,IAAM,IAAI,IAAI,OAAO,SAAS,IAAI,GAClCC,IAAeD,EAAI,aAAa,IAAIvC,CAA4B,KAAK;AAkB3E,QAfIwC,MACFD,EAAI,aAAa,OAAOvC,CAA4B,GACpD,OAAO,QAAQ,aAAa,CAAA,GAAI,IAAIuC,EAAI,UAAU,IAIhDC,KAEF,KAAK,UAAUvC,GAA2BuC,GAAc;AAAA,MACtD,QAAQ,MAAU,KAAK;AAAA;AAAA,IAAA,CACxB,GAGwBR,EAAQ,IAAI/B,CAAyB,KAEtC,CAAC+B,EAAQ,IAAIjC,CAAmB,GAAG;AAC3D,YAAM0C,IAAS,MAAM,KAAK,eAAe,EAAE,QAAAH,GAAQ,EAAE,MAAM,KAAK,kBAAkB;AAClF,UAAI,WAAWG,EAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAMN,IAAiB,KAAK,kBAAA;AAE5B,QAAI,CAACA;AACH,aAAO;AAAA,QACL,OAAO;AAAA,QACP,MAAM;AAAA,MAAA;AAIV,QAAIlB,EAAYkB,EAAe,KAAKjC,CAAyB,GAAG;AAC9D,YAAMuC,IAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB;AACxE,UAAI,WAAWA,EAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAMA,IAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB;AAChF,WAAI,WAAWA,IAAeA,IAEvB;AAAA,MACL,OAAO;AAAA,MACP,MAAMA,EAAO;AAAA,IAAA;AAAA,EAEjB;AAAA,EAEA,kBAAkB;AAChB,UAAMC,IAAkB,IAAI,gBAAA;AAC5B,QAAIC,IAAW,IACXC,IAA2B;AAE/B,UAAMC,IAAgB,MAAM;AAC1B,MAAAF,IAAW,IACP,KAAK,qBACP,KAAK,iBAAA,GACL,KAAK,mBAAmB;AAAA,IAE5B,GACMG,IAAiB,MAAM;AAC3B,MAAAH,IAAW;AAAA,IACb;AAEA,WAAO,iBAAiB,UAAUE,CAAa,GAC/C,OAAO,iBAAiB,WAAWC,CAAc;AAEjD,UAAMC,IAAU,MAAM;AAGpB,MAAIH,MAAc,SAChB,OAAO,aAAaA,CAAS,GAC7BA,IAAY;AAGd,YAAMT,IAAiB,KAAK,kBAAA;AAE5B,UAAI,CAACA,KAAkBlB,EAAYkB,EAAe,KAAK,CAAC,EAAG;AAG3D,YAAMa,IAAiBrC,EAAsBwB,EAAe,KAAKjC,CAAyB;AAK1F,UAAI8C,IAAiB;AACnB;AAIF,YAAMC,IAAY,YAAY;AAI5B,YAFAL,IAAY,MAER,CAACD,GAAU;AAEb,eAAK,mBAAmBM;AACxB;AAAA,QACF;AAEA,cAAMR,IAAS,MAAM,KAAK,eAAe,EAAE,QAAQC,EAAgB,QAAQ;AAE3E,YAAI,WAAWD,GAAQ;AAGrB,cAAIA,EAAO,UAAU;AACnB;AAGF,eAAK,MAAM,SAAS;AAAA,YAClB,QAAQ;AAAA,YACR,MAAM;AAAA,YACN,OAAOA,EAAO;AAAA,UAAA,CACf;AACD;AAAA,QACF;AAEE,UAAAM,EAAA;AAAA,MAEJ;AAEA,MAAAH,IAAY,OAAO,WAAWK,GAAWD,CAAc;AAAA,IACzD;AAEA,WAAAD,EAAA,GAEO,MAAM;AACX,MAAIH,KACF,OAAO,aAAaA,CAAS,GAE/BF,EAAgB,MAAA,GAChB,OAAO,oBAAoB,UAAUG,CAAa,GAClD,OAAO,oBAAoB,WAAWC,CAAc;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,eAAe,EAAE,QAAAR,EAAA,IAAqC,IAAI;AActE,QAbIA,MAEF,KAAK,kBAAkB,IAAIA,CAAM,GAEjCA,EAAO,iBAAiB,SAAS,MAAM;AACrC,WAAK,kBAAkB,OAAOA,CAAM,GAEhC,KAAK,kBAAkB,SAAS,KAClC,KAAK,iCAAiC,MAAA;AAAA,IAE1C,CAAC,IAGC,KAAK;AACP,aAAO,KAAK;AAGd,SAAK,kCAAkC,IAAI,gBAAA,GAE3C,KAAK,gCAAgC,OAAO,iBAAiB,SAAS,MAAM;AAC1E,WAAK,iBAAiB,MACtB,KAAK,kCAAkC,MACvC,KAAK,kBAAkB,MAAA;AAAA,IACzB,CAAC;AAGD,UAAME,IAAeR,EAAQ,IAAI/B,CAAyB;AAO1D,SAAK,iBAAiB,KAAK,YAAY,KACpC;AAAA,MACC,EAAE,UAAUuC,EAAA;AAAA,MACZ;AAAA,QACE,QAAQ,KAAK,gCAAgC;AAAA,MAAA;AAAA,IAC/C,EAED,KAAK,CAACU,OAGDA,EAAS,gBACX,KAAK,UAAUnD,GAAqBmD,EAAS,cAAc;AAAA,MACzD,QAAQ,MAAU,KAAK;AAAA;AAAA,IAAA,CACxB,GAEIA,EACR,EACA,MAAM,KAAK,kBAAkB;AAEhC,QAAI;AACF,aAAO,MAAM,KAAK;AAAA,IACpB,UAAA;AACE,WAAK,iBAAiB,MACtB,KAAK,kCAAkC,MACvC,KAAK,kBAAkB,MAAA;AAAA,IACzB;AAAA,EACF;AACF;"}
|
|
1
|
+
{"version":3,"file":"auth.service.js","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/**\n * Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n */\nconst SECONDS_TO_MS = 1000;\n\n/**\n * Convert seconds to milliseconds\n */\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds * SECONDS_TO_MS);\n\n/**\n * Convert milliseconds to seconds\n */\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/**\n * Get current time in seconds (Unix timestamp)\n */\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/**\n * Convert JWT expiration time (seconds) to milliseconds\n */\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/**\n * Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n */\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n const bufferMS = secondsToMilliseconds(bufferSeconds);\n const nowMS = Date.now();\n return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/**\n * Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n */\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n const now = nowInSeconds();\n return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n private pendingRefresher: (() => void) | null = null;\n private refreshPromise: Promise<RefreshResponse | { error: string; user: null }> | null = null;\n private refreshingSignals: Set<AbortSignal> = new Set();\n private refreshingSignalAbortController: AbortController | null = null;\n // A local client that doesn't call getSessionToken() which calls refreshSession().\n private localClient: Blimu;\n\n constructor(\n private readonly isLive: boolean,\n private readonly client: Blimu,\n private readonly store: ExternalStore<AuthState>,\n baseURL: string,\n publishableKey: string,\n ) {\n this.localClient = new Blimu({\n baseURL,\n credentials: 'include',\n headers: { 'x-blimu-publishable-key': publishableKey },\n });\n this.handleRequestError = this.handleRequestError.bind(this);\n }\n\n /**\n * Set cookie with appropriate security settings based on environment\n */\n private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n const cookieOptions: Cookies.CookieAttributes = {\n secure: this.isLive, // true for live environments, false for localhost\n sameSite: 'lax',\n path: '/',\n };\n\n if (options.maxAge !== undefined) {\n cookieOptions.expires = options.maxAge / (24 * 60 * 60); // Convert seconds to days\n }\n\n Cookies.set(name, value, cookieOptions);\n }\n\n getSessionPayload(): {\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n } | null {\n const token = Cookies.get(SESSION_COOKIE_NAME);\n\n if (!token) {\n return null;\n }\n\n const decoded = jwtDecode<{\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n }>(token);\n\n return decoded;\n }\n\n async getSessionToken(): Promise<string | undefined> {\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return undefined;\n }\n\n // If a refresh is already in progress, wait for it to complete\n // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n // which triggers accessToken() which calls getSessionToken()\n if (this.refreshPromise) {\n await this.refreshPromise;\n // After refresh completes, return the updated token from cookie\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n if (isExpiredIn(sessionPayload.exp, 0)) {\n await this.refreshSession();\n }\n\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n Cookies.remove(SESSION_COOKIE_NAME);\n Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n return {\n error: error.message,\n user: null,\n };\n }\n\n if (error instanceof DOMException)\n return {\n error: error.message,\n user: null,\n };\n\n if (error instanceof Error) {\n return {\n error: error.message,\n user: null,\n };\n }\n\n return {\n error: 'unknown error',\n user: null,\n };\n }\n\n async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n error: string | null;\n user: User | null;\n }> {\n const url = new URL(window.location.href);\n const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n // Clean up URL parameters immediately to prevent re-processing on re-renders\n if (localhostJWT) {\n url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n window.history.replaceState({}, '', url.toString());\n }\n\n // Handle localhost JWT from URL parameter\n if (localhostJWT) {\n // Set localhost JWT cookie on customer app domain\n this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n\n const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return {\n error: null,\n user: null,\n };\n }\n\n if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n const result = await this.refreshSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const result = await this.client.auth.getSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n\n return {\n error: null,\n user: result.user,\n };\n }\n\n scheduleRefresh() {\n const abortController = new AbortController();\n let isOnline = true;\n let timeoutId: number | null = null;\n\n const onlineHandler = () => {\n isOnline = true;\n if (this.pendingRefresher) {\n this.pendingRefresher();\n this.pendingRefresher = null;\n }\n };\n const offlineHandler = () => {\n isOnline = false;\n };\n\n window.addEventListener('online', onlineHandler);\n window.addEventListener('offline', offlineHandler);\n\n const refresh = () => {\n // Clear any existing timeout before scheduling a new one\n // This prevents infinite loops when refresh() is called recursively\n if (timeoutId !== null) {\n window.clearTimeout(timeoutId);\n timeoutId = null;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload || isExpiredIn(sessionPayload.exp, 0)) return;\n\n // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n // Prevent scheduling if timeout is negative (token already expired)\n // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n // This prevents immediate re-scheduling that could cause infinite loops\n if (timeoutDelayMS < 0) {\n return;\n }\n\n // Having this function outside timeout, allows us to call refresh immediately when back online\n const refresher = async () => {\n // Clear timeoutId since we're executing now\n timeoutId = null;\n\n if (!isOnline) {\n // Keep closure of refresh function alive\n this.pendingRefresher = refresher;\n return;\n }\n\n const result = await this.refreshSession({ signal: abortController.signal });\n\n if ('error' in result) {\n // If the refresh was aborted (e.g., due to React strict mode unmounting),\n // don't treat it as an error - just return and let the component remount handle it\n if (result.error === 'aborted') {\n return;\n }\n // For real errors, update the store\n this.store.setState({\n status: 'error',\n user: null,\n error: result.error,\n });\n return;\n } else {\n // After successful refresh, schedule the next refresh with the new token\n refresh();\n }\n };\n\n timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n };\n\n refresh();\n\n return () => {\n if (timeoutId) {\n window.clearTimeout(timeoutId);\n }\n abortController.abort();\n window.removeEventListener('online', onlineHandler);\n window.removeEventListener('offline', offlineHandler);\n };\n }\n\n private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n if (signal) {\n // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n this.refreshingSignals.add(signal);\n\n signal.addEventListener('abort', () => {\n this.refreshingSignals.delete(signal);\n\n if (this.refreshingSignals.size === 0) {\n this.refreshingSignalAbortController?.abort();\n }\n });\n }\n\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n\n this.refreshingSignalAbortController = new AbortController();\n\n this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n });\n\n // Get localhost_jwt from cookie to send as query parameter (only for non-live environments)\n const localhostJWT = !this.isLive ? Cookies.get(LOCALHOST_JWT_COOKIE_NAME) : undefined;\n\n // Build query parameters - only include __lh_jwt for non-live environments when cookie exists\n const queryParams: { __lh_jwt?: string } = {};\n if (localhostJWT) {\n queryParams.__lh_jwt = localhostJWT;\n }\n\n // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n // There are hacks to avoid infinite recursion, but they are not reliable.\n // The localhost_jwt is sent as a query parameter only in non-live environments\n // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n // but the underlying CoreClient.request() method does support it\n this.refreshPromise = this.localClient.auth\n .refresh(queryParams, {\n signal: this.refreshingSignalAbortController.signal,\n })\n .then((response) => {\n // Update cookie with new session token from response body\n // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n if (!this.isLive) {\n this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n return response;\n })\n .catch(this.handleRequestError);\n\n try {\n return await this.refreshPromise;\n } finally {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n }\n }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","queryParams","response"],"mappings":";;;AAQO,MAAMA,IAAsB,iBACtBC,IAA+B,YAC/BC,IAA4B,YAC5BC,IAA4B,IAMnCC,IAAgB,KAKhBC,IAAwB,CAACC,MAA4B,KAAK,MAAMA,IAAUF,CAAa,GAKvFG,IAAwB,CAACC,MAAuB,KAAK,MAAMA,IAAKJ,CAAa,GAK7EK,IAAe,MAAcF,EAAsB,KAAK,KAAK,GAK7DG,IAAuB,CAACC,MAAwBN,EAAsBM,CAAG,GAQzEC,IAAwB,CAACC,GAA2BC,MAAkC;AAC1F,QAAMC,IAAeL,EAAqBG,CAAiB,GACrDG,IAAWX,EAAsBS,CAAa,GAC9CG,IAAQ,KAAK,IAAA;AACnB,SAAO,KAAK,IAAIF,IAAeC,IAAWC,GAAO,CAAC;AACpD,GAQaC,IAAc,CAACC,GAAoBC,MAA4B;AAC1E,QAAMC,IAAMZ,EAAA;AACZ,SAAOU,IAAaC,IAASC;AAC/B;AAEO,MAAMC,EAAmB;AAAA,EAQ9B,YACmBC,GACAC,GACAC,GACjBC,GACAC,GACA;AALiB,SAAA,SAAAJ,GACA,KAAA,SAAAC,GACA,KAAA,QAAAC,GAVnB,KAAQ,mBAAwC,MAChD,KAAQ,iBAAkF,MAC1F,KAAQ,wCAA0C,IAAA,GAClD,KAAQ,kCAA0D,MAWhE,KAAK,cAAc,IAAIG,EAAM;AAAA,MAC3B,SAAAF;AAAA,MACA,aAAa;AAAA,MACb,SAAS,EAAE,2BAA2BC,EAAA;AAAA,IAAe,CACtD,GACD,KAAK,qBAAqB,KAAK,mBAAmB,KAAK,IAAI;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAUE,GAAcC,GAAeC,IAA+B,CAAA,GAAU;AACtF,UAAMC,IAA0C;AAAA,MAC9C,QAAQ,KAAK;AAAA;AAAA,MACb,UAAU;AAAA,MACV,MAAM;AAAA,IAAA;AAGR,IAAID,EAAQ,WAAW,WACrBC,EAAc,UAAUD,EAAQ,UAAU,OAAU,MAGtDE,EAAQ,IAAIJ,GAAMC,GAAOE,CAAa;AAAA,EACxC;AAAA,EAEA,oBAMS;AACP,UAAME,IAAQD,EAAQ,IAAIjC,CAAmB;AAE7C,WAAKkC,IAIWC,EAMbD,CAAK,IATC;AAAA,EAYX;AAAA,EAEA,MAAM,kBAA+C;AACnD,UAAME,IAAiB,KAAK,kBAAA;AAE5B,QAAKA;AAOL,aAAI,KAAK,kBACP,MAAM,KAAK,gBAEJH,EAAQ,IAAIjC,CAAmB,MAGpCkB,EAAYkB,EAAe,KAAK,CAAC,KACnC,MAAM,KAAK,eAAA,GAGNH,EAAQ,IAAIjC,CAAmB;AAAA,EACxC;AAAA,EAEA,MAAM,mBAAmBqC,GAAwD;AAC/E,WAAIA,aAAiBC,KAAc,CAAC,KAAK,GAAG,EAAE,SAASD,EAAM,MAAM,KACjEJ,EAAQ,OAAOjC,CAAmB,GAClCiC,EAAQ,OAAO/B,CAAyB,GAEjC;AAAA,MACL,OAAOmC,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,KAINA,aAAiB,eACZ;AAAA,MACL,OAAOA,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,IAGNA,aAAiB,QACZ;AAAA,MACL,OAAOA,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,IAIH;AAAA,MACL,OAAO;AAAA,MACP,MAAM;AAAA,IAAA;AAAA,EAEV;AAAA,EAEA,MAAM,WAAW,EAAE,QAAAE,EAAA,IAAqC,IAGrD;AACD,UAAMC,IAAM,IAAI,IAAI,OAAO,SAAS,IAAI,GAClCC,IAAeD,EAAI,aAAa,IAAIvC,CAA4B,KAAK;AAkB3E,QAfIwC,MACFD,EAAI,aAAa,OAAOvC,CAA4B,GACpD,OAAO,QAAQ,aAAa,CAAA,GAAI,IAAIuC,EAAI,UAAU,IAIhDC,KAEF,KAAK,UAAUvC,GAA2BuC,GAAc;AAAA,MACtD,QAAQ,MAAU,KAAK;AAAA;AAAA,IAAA,CACxB,GAGwBR,EAAQ,IAAI/B,CAAyB,KAEtC,CAAC+B,EAAQ,IAAIjC,CAAmB,GAAG;AAC3D,YAAM0C,IAAS,MAAM,KAAK,eAAe,EAAE,QAAAH,GAAQ,EAAE,MAAM,KAAK,kBAAkB;AAClF,UAAI,WAAWG,EAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAMN,IAAiB,KAAK,kBAAA;AAE5B,QAAI,CAACA;AACH,aAAO;AAAA,QACL,OAAO;AAAA,QACP,MAAM;AAAA,MAAA;AAIV,QAAIlB,EAAYkB,EAAe,KAAKjC,CAAyB,GAAG;AAC9D,YAAMuC,IAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB;AACxE,UAAI,WAAWA,EAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAMA,IAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB;AAChF,WAAI,WAAWA,IAAeA,IAEvB;AAAA,MACL,OAAO;AAAA,MACP,MAAMA,EAAO;AAAA,IAAA;AAAA,EAEjB;AAAA,EAEA,kBAAkB;AAChB,UAAMC,IAAkB,IAAI,gBAAA;AAC5B,QAAIC,IAAW,IACXC,IAA2B;AAE/B,UAAMC,IAAgB,MAAM;AAC1B,MAAAF,IAAW,IACP,KAAK,qBACP,KAAK,iBAAA,GACL,KAAK,mBAAmB;AAAA,IAE5B,GACMG,IAAiB,MAAM;AAC3B,MAAAH,IAAW;AAAA,IACb;AAEA,WAAO,iBAAiB,UAAUE,CAAa,GAC/C,OAAO,iBAAiB,WAAWC,CAAc;AAEjD,UAAMC,IAAU,MAAM;AAGpB,MAAIH,MAAc,SAChB,OAAO,aAAaA,CAAS,GAC7BA,IAAY;AAGd,YAAMT,IAAiB,KAAK,kBAAA;AAE5B,UAAI,CAACA,KAAkBlB,EAAYkB,EAAe,KAAK,CAAC,EAAG;AAG3D,YAAMa,IAAiBrC,EAAsBwB,EAAe,KAAKjC,CAAyB;AAK1F,UAAI8C,IAAiB;AACnB;AAIF,YAAMC,IAAY,YAAY;AAI5B,YAFAL,IAAY,MAER,CAACD,GAAU;AAEb,eAAK,mBAAmBM;AACxB;AAAA,QACF;AAEA,cAAMR,IAAS,MAAM,KAAK,eAAe,EAAE,QAAQC,EAAgB,QAAQ;AAE3E,YAAI,WAAWD,GAAQ;AAGrB,cAAIA,EAAO,UAAU;AACnB;AAGF,eAAK,MAAM,SAAS;AAAA,YAClB,QAAQ;AAAA,YACR,MAAM;AAAA,YACN,OAAOA,EAAO;AAAA,UAAA,CACf;AACD;AAAA,QACF;AAEE,UAAAM,EAAA;AAAA,MAEJ;AAEA,MAAAH,IAAY,OAAO,WAAWK,GAAWD,CAAc;AAAA,IACzD;AAEA,WAAAD,EAAA,GAEO,MAAM;AACX,MAAIH,KACF,OAAO,aAAaA,CAAS,GAE/BF,EAAgB,MAAA,GAChB,OAAO,oBAAoB,UAAUG,CAAa,GAClD,OAAO,oBAAoB,WAAWC,CAAc;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,eAAe,EAAE,QAAAR,EAAA,IAAqC,IAAI;AActE,QAbIA,MAEF,KAAK,kBAAkB,IAAIA,CAAM,GAEjCA,EAAO,iBAAiB,SAAS,MAAM;AACrC,WAAK,kBAAkB,OAAOA,CAAM,GAEhC,KAAK,kBAAkB,SAAS,KAClC,KAAK,iCAAiC,MAAA;AAAA,IAE1C,CAAC,IAGC,KAAK;AACP,aAAO,KAAK;AAGd,SAAK,kCAAkC,IAAI,gBAAA,GAE3C,KAAK,gCAAgC,OAAO,iBAAiB,SAAS,MAAM;AAC1E,WAAK,iBAAiB,MACtB,KAAK,kCAAkC,MACvC,KAAK,kBAAkB,MAAA;AAAA,IACzB,CAAC;AAGD,UAAME,IAAgB,KAAK,SAAkD,SAAzCR,EAAQ,IAAI/B,CAAyB,GAGnEiD,IAAqC,CAAA;AAC3C,IAAIV,MACFU,EAAY,WAAWV,IAQzB,KAAK,iBAAiB,KAAK,YAAY,KACpC,QAAQU,GAAa;AAAA,MACpB,QAAQ,KAAK,gCAAgC;AAAA,IAAA,CAC9C,EACA,KAAK,CAACC,OAGA,KAAK,UACR,KAAK,UAAUpD,GAAqBoD,EAAS,cAAc;AAAA,MACzD,QAAQ,MAAU,KAAK;AAAA;AAAA,IAAA,CACxB,GAEIA,EACR,EACA,MAAM,KAAK,kBAAkB;AAEhC,QAAI;AACF,aAAO,MAAM,KAAK;AAAA,IACpB,UAAA;AACE,WAAK,iBAAiB,MACtB,KAAK,kCAAkC,MACvC,KAAK,kBAAkB,MAAA;AAAA,IACzB;AAAA,EACF;AACF;"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@blimu/react",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.0",
|
|
4
4
|
"description": "React components and hooks for Blimu authentication and authorization",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"repository": {
|
|
@@ -44,7 +44,7 @@
|
|
|
44
44
|
}
|
|
45
45
|
},
|
|
46
46
|
"dependencies": {
|
|
47
|
-
"@blimu/client": "
|
|
47
|
+
"@blimu/client": "0.7.0",
|
|
48
48
|
"@radix-ui/react-avatar": "^1.1.11",
|
|
49
49
|
"@radix-ui/react-dropdown-menu": "^2.1.16",
|
|
50
50
|
"@radix-ui/react-popover": "^1.1.15",
|
|
@@ -58,7 +58,6 @@
|
|
|
58
58
|
"zustand": "^5.0.9"
|
|
59
59
|
},
|
|
60
60
|
"devDependencies": {
|
|
61
|
-
"@blimu/client": "workspace:*",
|
|
62
61
|
"@storybook/addon-links": "^10.1.11",
|
|
63
62
|
"@storybook/react": "^10.1.11",
|
|
64
63
|
"@storybook/react-vite": "^10.1.11",
|