npm - @blimu/react - Versions diffs - 0.7.0 → 1.1.0 - Mend

@blimu/react 0.7.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/client/auth.service.cjs +1 -1
package/dist/client/auth.service.cjs.map +1 -1
package/dist/client/auth.service.d.ts.map +1 -1
package/dist/client/auth.service.js +15 -13
package/dist/client/auth.service.js.map +1 -1
package/dist/client/runtime-client.cjs +1 -1
package/dist/client/runtime-client.cjs.map +1 -1
package/dist/client/runtime-client.js +5 -5
package/dist/client/runtime-client.js.map +1 -1
package/package.json +2 -2

package/dist/client/auth.service.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const E=require("@blimu/client"),o=require("../node_modules/js-cookie/dist/js.cookie.cjs"),A=require("../node_modules/jwt-decode/build/esm/index.cjs"),a="__bli_session",d="__lh_jwt",u="__lh_jwt",S=10,_=1e3,m=i=>Math.floor(i*_),O=i=>Math.floor(i/_),C=()=>O(Date.now()),T=i=>m(i),P=(i,e)=>{const s=T(i),r=m(e),t=Date.now();return Math.max(s-r-t,0)},c=(i,e)=>{const s=C();return i-e<s};class b{constructor(e,s,r,t,l){this.isLive=e,this.client=s,this.store=r,this.pendingRefresher=null,this.refreshPromise=null,this.refreshingSignals=new Set,this.refreshingSignalAbortController=null,this.localClient=new E.Blimu({baseURL:t,credentials:"include",headers:{"x-blimu-publishable-key":l}}),this.handleRequestError=this.handleRequestError.bind(this)}setCookie(e,s,r={}){const t={secure:this.isLive,sameSite:"lax",path:"/"};r.maxAge!==void 0&&(t.expires=r.maxAge/(1440*60)),o.set(e,s,t)}getSessionPayload(){const e=o.get(a);return e?A.jwtDecode(e):null}async getSessionToken(){const e=this.getSessionPayload();if(e)return this.refreshPromise?(await this.refreshPromise,o.get(a)):(c(e.exp,0)&&await this.refreshSession(),o.get(a))}async handleRequestError(e){return e instanceof E.BlimuError&&[401,500].includes(e.status)?(o.remove(a),o.remove(u),{error:e.message,user:null}):e instanceof DOMException?{error:e.message,user:null}:e instanceof Error?{error:e.message,user:null}:{error:"unknown error",user:null}}async initialize({signal:e}={}){const s=new URL(window.location.href),r=s.searchParams.get(d)??void 0;if(r&&(s.searchParams.delete(d),window.history.replaceState({},"",s.toString())),r&&this.setCookie(u,r,{maxAge:720*60*60}),o.get(u)&&!o.get(a)){const n=await this.refreshSession({signal:e}).catch(this.handleRequestError);if("error"in n)return n}const l=this.getSessionPayload();if(!l)return{error:null,user:null};if(c(l.exp,S)){const n=await this.refreshSession().catch(this.handleRequestError);if("error"in n)return n}const h=await this.client.auth.getSession().catch(this.handleRequestError);return"error"in h?h:{error:null,user:h.user}}scheduleRefresh(){const e=new AbortController;let s=!0,r=null;const t=()=>{s=!0,this.pendingRefresher&&(this.pendingRefresher(),this.pendingRefresher=null)},l=()=>{s=!1};window.addEventListener("online",t),window.addEventListener("offline",l);const h=()=>{r!==null&&(window.clearTimeout(r),r=null);const n=this.getSessionPayload();if(!n||c(n.exp,0))return;const g=P(n.exp,S);if(g<0)return;const w=async()=>{if(r=null,!s){this.pendingRefresher=w;return}const f=await this.refreshSession({signal:e.signal});if("error"in f){if(f.error==="aborted")return;this.store.setState({status:"error",user:null,error:f.error});return}else h()};r=window.setTimeout(w,g)};return h(),()=>{r&&window.clearTimeout(r),e.abort(),window.removeEventListener("online",t),window.removeEventListener("offline",l)}}async refreshSession({signal:e}={}){if(e&&(this.refreshingSignals.add(e),e.addEventListener("abort",()=>{this.refreshingSignals.delete(e),this.refreshingSignals.size===0&&this.refreshingSignalAbortController?.abort()})),this.refreshPromise)return this.refreshPromise;this.refreshingSignalAbortController=new AbortController,this.refreshingSignalAbortController.signal.addEventListener("abort",()=>{this.refreshPromise=null,this.refreshingSignalAbortController=null,this.refreshingSignals.clear()});const s=this.isLive?void 0:o.get(u),r={};s&&(r.__lh_jwt=s),this.refreshPromise=this.localClient.auth.refresh(r,{signal:this.refreshingSignalAbortController.signal}).then(t=>(this.isLive||this.setCookie(a,t.sessionToken,{maxAge:720*60*60}),t)).catch(this.handleRequestError);try{return await this.refreshPromise}finally{this.refreshPromise=null,this.refreshingSignalAbortController=null,this.refreshingSignals.clear()}}}exports.AuthSessionService=b;exports.LOCALHOST_JWT_COOKIE_NAME=u;exports.LOCALHOST_JWT_URL_PARAM_NAME=d;exports.SESSION_COOKIE_NAME=a;exports.SESSION_EXPIRATION_BUFFER=S;exports.isExpiredIn=c;
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const E=require("@blimu/client"),o=require("../node_modules/js-cookie/dist/js.cookie.cjs"),A=require("../node_modules/jwt-decode/build/esm/index.cjs"),a="__bli_session",d="__lh_jwt",c="__lh_jwt",S=10,_=1e3,m=n=>Math.floor(n*_),O=n=>Math.floor(n/_),C=()=>O(Date.now()),T=n=>m(n),P=(n,e)=>{const s=T(n),r=m(e),t=Date.now();return Math.max(s-r-t,0)},u=(n,e)=>{const s=C();return n-e<s};class b{constructor(e,s,r,t,l){this.isLive=e,this.client=s,this.store=r,this.pendingRefresher=null,this.refreshPromise=null,this.refreshingSignals=new Set,this.refreshingSignalAbortController=null,this.localClient=new E.Blimu({baseURL:t,credentials:"include",headers:{"x-blimu-publishable-key":l}}),this.handleRequestError=this.handleRequestError.bind(this)}setCookie(e,s,r={}){const t={secure:this.isLive,sameSite:"lax",path:"/"};r.maxAge!==void 0&&(t.expires=r.maxAge/(1440*60)),o.set(e,s,t)}getSessionPayload(){const e=o.get(a);return e?A.jwtDecode(e):null}async getSessionToken(){const e=this.getSessionPayload();if(e)return this.refreshPromise?(await this.refreshPromise,o.get(a)):(u(e.exp,0)&&await this.refreshSession(),o.get(a))}async handleRequestError(e){return e instanceof E.BlimuError&&[401,500].includes(e.status)?(o.remove(a),o.remove(c),{error:e.message,user:null}):e instanceof DOMException?{error:e.message,user:null}:e instanceof Error?{error:e.message,user:null}:{error:"unknown error",user:null}}async initialize({signal:e}={}){const s=new URL(window.location.href),r=s.searchParams.get(d)??void 0;r&&(s.searchParams.delete(d),window.history.replaceState({},"",s.toString())),r&&this.setCookie(c,r,{maxAge:720*60*60});const t=o.get(c);if(console.log("localhostJWTCookie",t),t&&!o.get(a)){const i=await this.refreshSession({signal:e}).catch(this.handleRequestError);if("error"in i)return i}const l=this.getSessionPayload();if(!l)return{error:null,user:null};if(u(l.exp,S)){const i=await this.refreshSession().catch(this.handleRequestError);if("error"in i)return i}const h=await this.client.auth.getSession().catch(this.handleRequestError);return"error"in h?h:{error:null,user:h.user}}scheduleRefresh(){const e=new AbortController;let s=!0,r=null;const t=()=>{s=!0,this.pendingRefresher&&(this.pendingRefresher(),this.pendingRefresher=null)},l=()=>{s=!1};window.addEventListener("online",t),window.addEventListener("offline",l);const h=()=>{r!==null&&(window.clearTimeout(r),r=null);const i=this.getSessionPayload();if(!i||u(i.exp,0))return;const g=P(i.exp,S);if(g<0)return;const w=async()=>{if(r=null,!s){this.pendingRefresher=w;return}const f=await this.refreshSession({signal:e.signal});if("error"in f){if(f.error==="aborted")return;this.store.setState({status:"error",user:null,error:f.error});return}else h()};r=window.setTimeout(w,g)};return h(),()=>{r&&window.clearTimeout(r),e.abort(),window.removeEventListener("online",t),window.removeEventListener("offline",l)}}async refreshSession({signal:e}={}){if(e&&(this.refreshingSignals.add(e),e.addEventListener("abort",()=>{this.refreshingSignals.delete(e),this.refreshingSignals.size===0&&this.refreshingSignalAbortController?.abort()})),this.refreshPromise)return this.refreshPromise;this.refreshingSignalAbortController=new AbortController,this.refreshingSignalAbortController.signal.addEventListener("abort",()=>{this.refreshPromise=null,this.refreshingSignalAbortController=null,this.refreshingSignals.clear()});const s=this.isLive?void 0:o.get(c),r={};s&&(r.__lh_jwt=s),this.refreshPromise=this.localClient.auth.refresh(r,{signal:this.refreshingSignalAbortController.signal}).then(t=>(this.isLive||this.setCookie(a,t.sessionToken,{maxAge:720*60*60}),t)).catch(this.handleRequestError);try{return await this.refreshPromise}finally{this.refreshPromise=null,this.refreshingSignalAbortController=null,this.refreshingSignals.clear()}}}exports.AuthSessionService=b;exports.LOCALHOST_JWT_COOKIE_NAME=c;exports.LOCALHOST_JWT_URL_PARAM_NAME=d;exports.SESSION_COOKIE_NAME=a;exports.SESSION_EXPIRATION_BUFFER=S;exports.isExpiredIn=u;
 //# sourceMappingURL=auth.service.cjs.map

package/dist/client/auth.service.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.service.cjs","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/*\n Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n /\nconst SECONDS_TO_MS = 1000;\n\n/\n Convert seconds to milliseconds\n /\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds SECONDS_TO_MS);\n\n/*\n Convert milliseconds to seconds\n /\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/\n Get current time in seconds (Unix timestamp)\n /\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/\n Convert JWT expiration time (seconds) to milliseconds\n /\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/\n Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n /\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n const bufferMS = secondsToMilliseconds(bufferSeconds);\n const nowMS = Date.now();\n return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/\n Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n /\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n const now = nowInSeconds();\n return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n private pendingRefresher: (() => void) \| null = null;\n private refreshPromise: Promise<RefreshResponse \| { error: string; user: null }> \| null = null;\n private refreshingSignals: Set<AbortSignal> = new Set();\n private refreshingSignalAbortController: AbortController \| null = null;\n // A local client that doesn't call getSessionToken() which calls refreshSession().\n private localClient: Blimu;\n\n constructor(\n private readonly isLive: boolean,\n private readonly client: Blimu,\n private readonly store: ExternalStore<AuthState>,\n baseURL: string,\n publishableKey: string,\n ) {\n this.localClient = new Blimu({\n baseURL,\n credentials: 'include',\n headers: { 'x-blimu-publishable-key': publishableKey },\n });\n this.handleRequestError = this.handleRequestError.bind(this);\n }\n\n /\n Set cookie with appropriate security settings based on environment\n /\n private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n const cookieOptions: Cookies.CookieAttributes = {\n secure: this.isLive, // true for live environments, false for localhost\n sameSite: 'lax',\n path: '/',\n };\n\n if (options.maxAge !== undefined) {\n cookieOptions.expires = options.maxAge / (24 60 * 60); // Convert seconds to days\n }\n\n Cookies.set(name, value, cookieOptions);\n }\n\n getSessionPayload(): {\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n } \| null {\n const token = Cookies.get(SESSION_COOKIE_NAME);\n\n if (!token) {\n return null;\n }\n\n const decoded = jwtDecode<{\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n }>(token);\n\n return decoded;\n }\n\n async getSessionToken(): Promise<string \| undefined> {\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return undefined;\n }\n\n // If a refresh is already in progress, wait for it to complete\n // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n // which triggers accessToken() which calls getSessionToken()\n if (this.refreshPromise) {\n await this.refreshPromise;\n // After refresh completes, return the updated token from cookie\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n if (isExpiredIn(sessionPayload.exp, 0)) {\n await this.refreshSession();\n }\n\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n Cookies.remove(SESSION_COOKIE_NAME);\n Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n return {\n error: error.message,\n user: null,\n };\n }\n\n if (error instanceof DOMException)\n return {\n error: error.message,\n user: null,\n };\n\n if (error instanceof Error) {\n return {\n error: error.message,\n user: null,\n };\n }\n\n return {\n error: 'unknown error',\n user: null,\n };\n }\n\n async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n error: string \| null;\n user: User \| null;\n }> {\n const url = new URL(window.location.href);\n const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n // Clean up URL parameters immediately to prevent re-processing on re-renders\n if (localhostJWT) {\n url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n window.history.replaceState({}, '', url.toString());\n }\n\n // Handle localhost JWT from URL parameter\n if (localhostJWT) {\n // Set localhost JWT cookie on customer app domain\n this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n\n const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return {\n error: null,\n user: null,\n };\n }\n\n if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n const result = await this.refreshSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const result = await this.client.auth.getSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n\n return {\n error: null,\n user: result.user,\n };\n }\n\n scheduleRefresh() {\n const abortController = new AbortController();\n let isOnline = true;\n let timeoutId: number \| null = null;\n\n const onlineHandler = () => {\n isOnline = true;\n if (this.pendingRefresher) {\n this.pendingRefresher();\n this.pendingRefresher = null;\n }\n };\n const offlineHandler = () => {\n isOnline = false;\n };\n\n window.addEventListener('online', onlineHandler);\n window.addEventListener('offline', offlineHandler);\n\n const refresh = () => {\n // Clear any existing timeout before scheduling a new one\n // This prevents infinite loops when refresh() is called recursively\n if (timeoutId !== null) {\n window.clearTimeout(timeoutId);\n timeoutId = null;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload \|\| isExpiredIn(sessionPayload.exp, 0)) return;\n\n // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n // Prevent scheduling if timeout is negative (token already expired)\n // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n // This prevents immediate re-scheduling that could cause infinite loops\n if (timeoutDelayMS < 0) {\n return;\n }\n\n // Having this function outside timeout, allows us to call refresh immediately when back online\n const refresher = async () => {\n // Clear timeoutId since we're executing now\n timeoutId = null;\n\n if (!isOnline) {\n // Keep closure of refresh function alive\n this.pendingRefresher = refresher;\n return;\n }\n\n const result = await this.refreshSession({ signal: abortController.signal });\n\n if ('error' in result) {\n // If the refresh was aborted (e.g., due to React strict mode unmounting),\n // don't treat it as an error - just return and let the component remount handle it\n if (result.error === 'aborted') {\n return;\n }\n // For real errors, update the store\n this.store.setState({\n status: 'error',\n user: null,\n error: result.error,\n });\n return;\n } else {\n // After successful refresh, schedule the next refresh with the new token\n refresh();\n }\n };\n\n timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n };\n\n refresh();\n\n return () => {\n if (timeoutId) {\n window.clearTimeout(timeoutId);\n }\n abortController.abort();\n window.removeEventListener('online', onlineHandler);\n window.removeEventListener('offline', offlineHandler);\n };\n }\n\n private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n if (signal) {\n // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n this.refreshingSignals.add(signal);\n\n signal.addEventListener('abort', () => {\n this.refreshingSignals.delete(signal);\n\n if (this.refreshingSignals.size === 0) {\n this.refreshingSignalAbortController?.abort();\n }\n });\n }\n\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n\n this.refreshingSignalAbortController = new AbortController();\n\n this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n });\n\n // Get localhost_jwt from cookie to send as query parameter (only for non-live environments)\n const localhostJWT = !this.isLive ? Cookies.get(LOCALHOST_JWT_COOKIE_NAME) : undefined;\n\n // Build query parameters - only include __lh_jwt for non-live environments when cookie exists\n const queryParams: { __lh_jwt?: string } = {};\n if (localhostJWT) {\n queryParams.__lh_jwt = localhostJWT;\n }\n\n // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n // There are hacks to avoid infinite recursion, but they are not reliable.\n // The localhost_jwt is sent as a query parameter only in non-live environments\n // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n // but the underlying CoreClient.request() method does support it\n this.refreshPromise = this.localClient.auth\n .refresh(queryParams, {\n signal: this.refreshingSignalAbortController.signal,\n })\n .then((response) => {\n // Update cookie with new session token from response body\n // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n if (!this.isLive) {\n this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n return response;\n })\n .catch(this.handleRequestError);\n\n try {\n return await this.refreshPromise;\n } finally {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n }\n }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","queryParams","response"],"mappings":"uOAQaA,EAAsB,gBACtBC,EAA+B,WAC/BC,EAA4B,WAC5BC,EAA4B,GAMnCC,EAAgB,IAKhBC,EAAyBC,GAA4B,KAAK,MAAMA,EAAUF,CAAa,EAKvFG,EAAyBC,GAAuB,KAAK,MAAMA,EAAKJ,CAAa,EAK7EK,EAAe,IAAcF,EAAsB,KAAK,KAAK,EAK7DG,EAAwBC,GAAwBN,EAAsBM,CAAG,EAQzEC,EAAwB,CAACC,EAA2BC,IAAkC,CAC1F,MAAMC,EAAeL,EAAqBG,CAAiB,EACrDG,EAAWX,EAAsBS,CAAa,EAC9CG,EAAQ,KAAK,IAAA,EACnB,OAAO,KAAK,IAAIF,EAAeC,EAAWC,EAAO,CAAC,CACpD,EAQaC,EAAc,CAACC,EAAoBC,IAA4B,CAC1E,MAAMC,EAAMZ,EAAA,EACZ,OAAOU,EAAaC,EAASC,CAC/B,EAEO,MAAMC,CAAmB,CAQ9B,YACmBC,EACAC,EACAC,EACjBC,EACAC,EACA,CALiB,KAAA,OAAAJ,EACA,KAAA,OAAAC,EACA,KAAA,MAAAC,EAVnB,KAAQ,iBAAwC,KAChD,KAAQ,eAAkF,KAC1F,KAAQ,sBAA0C,IAClD,KAAQ,gCAA0D,KAWhE,KAAK,YAAc,IAAIG,QAAM,CAC3B,QAAAF,EACA,YAAa,UACb,QAAS,CAAE,0BAA2BC,CAAA,CAAe,CACtD,EACD,KAAK,mBAAqB,KAAK,mBAAmB,KAAK,IAAI,CAC7D,CAKQ,UAAUE,EAAcC,EAAeC,EAA+B,CAAA,EAAU,CACtF,MAAMC,EAA0C,CAC9C,OAAQ,KAAK,OACb,SAAU,MACV,KAAM,GAAA,EAGJD,EAAQ,SAAW,SACrBC,EAAc,QAAUD,EAAQ,QAAU,KAAU,KAGtDE,EAAQ,IAAIJ,EAAMC,EAAOE,CAAa,CACxC,CAEA,mBAMS,CACP,MAAME,EAAQD,EAAQ,IAAIjC,CAAmB,EAE7C,OAAKkC,EAIWC,EAAAA,UAMbD,CAAK,EATC,IAYX,CAEA,MAAM,iBAA+C,CACnD,MAAME,EAAiB,KAAK,kBAAA,EAE5B,GAAKA,EAOL,OAAI,KAAK,gBACP,MAAM,KAAK,eAEJH,EAAQ,IAAIjC,CAAmB,IAGpCkB,EAAYkB,EAAe,IAAK,CAAC,GACnC,MAAM,KAAK,eAAA,EAGNH,EAAQ,IAAIjC,CAAmB,EACxC,CAEA,MAAM,mBAAmBqC,EAAwD,CAC/E,OAAIA,aAAiBC,EAAAA,YAAc,CAAC,IAAK,GAAG,EAAE,SAASD,EAAM,MAAM,GACjEJ,EAAQ,OAAOjC,CAAmB,EAClCiC,EAAQ,OAAO/B,CAAyB,EAEjC,CACL,MAAOmC,EAAM,QACb,KAAM,IAAA,GAINA,aAAiB,aACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAGNA,aAAiB,MACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAIH,CACL,MAAO,gBACP,KAAM,IAAA,CAEV,CAEA,MAAM,WAAW,CAAE,OAAAE,CAAA,EAAqC,GAGrD,CACD,MAAMC,EAAM,IAAI,IAAI,OAAO,SAAS,IAAI,EAClCC,EAAeD,EAAI,aAAa,IAAIvC,CAA4B,GAAK,OAkB3E,GAfIwC,IACFD,EAAI,aAAa,OAAOvC,CAA4B,EACpD,OAAO,QAAQ,aAAa,CAAA,EAAI,GAAIuC,EAAI,UAAU,GAIhDC,GAEF,KAAK,UAAUvC,EAA2BuC,EAAc,CACtD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAGwBR,EAAQ,IAAI/B,CAAyB,GAEtC,CAAC+B,EAAQ,IAAIjC,CAAmB,EAAG,CAC3D,MAAM0C,EAAS,MAAM,KAAK,eAAe,CAAE,OAAAH,EAAQ,EAAE,MAAM,KAAK,kBAAkB,EAClF,GAAI,UAAWG,EAAQ,OAAOA,CAChC,CAEA,MAAMN,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,EACH,MAAO,CACL,MAAO,KACP,KAAM,IAAA,EAIV,GAAIlB,EAAYkB,EAAe,IAAKjC,CAAyB,EAAG,CAC9D,MAAMuC,EAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB,EACxE,GAAI,UAAWA,EAAQ,OAAOA,CAChC,CAEA,MAAMA,EAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB,EAChF,MAAI,UAAWA,EAAeA,EAEvB,CACL,MAAO,KACP,KAAMA,EAAO,IAAA,CAEjB,CAEA,iBAAkB,CAChB,MAAMC,EAAkB,IAAI,gBAC5B,IAAIC,EAAW,GACXC,EAA2B,KAE/B,MAAMC,EAAgB,IAAM,CAC1BF,EAAW,GACP,KAAK,mBACP,KAAK,iBAAA,EACL,KAAK,iBAAmB,KAE5B,EACMG,EAAiB,IAAM,CAC3BH,EAAW,EACb,EAEA,OAAO,iBAAiB,SAAUE,CAAa,EAC/C,OAAO,iBAAiB,UAAWC,CAAc,EAEjD,MAAMC,EAAU,IAAM,CAGhBH,IAAc,OAChB,OAAO,aAAaA,CAAS,EAC7BA,EAAY,MAGd,MAAMT,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,GAAkBlB,EAAYkB,EAAe,IAAK,CAAC,EAAG,OAG3D,MAAMa,EAAiBrC,EAAsBwB,EAAe,IAAKjC,CAAyB,EAK1F,GAAI8C,EAAiB,EACnB,OAIF,MAAMC,EAAY,SAAY,CAI5B,GAFAL,EAAY,KAER,CAACD,EAAU,CAEb,KAAK,iBAAmBM,EACxB,MACF,CAEA,MAAMR,EAAS,MAAM,KAAK,eAAe,CAAE,OAAQC,EAAgB,OAAQ,EAE3E,GAAI,UAAWD,EAAQ,CAGrB,GAAIA,EAAO,QAAU,UACnB,OAGF,KAAK,MAAM,SAAS,CAClB,OAAQ,QACR,KAAM,KACN,MAAOA,EAAO,KAAA,CACf,EACD,MACF,MAEEM,EAAA,CAEJ,EAEAH,EAAY,OAAO,WAAWK,EAAWD,CAAc,CACzD,EAEA,OAAAD,EAAA,EAEO,IAAM,CACPH,GACF,OAAO,aAAaA,CAAS,EAE/BF,EAAgB,MAAA,EAChB,OAAO,oBAAoB,SAAUG,CAAa,EAClD,OAAO,oBAAoB,UAAWC,CAAc,CACtD,CACF,CAEA,MAAc,eAAe,CAAE,OAAAR,CAAA,EAAqC,GAAI,CActE,GAbIA,IAEF,KAAK,kBAAkB,IAAIA,CAAM,EAEjCA,EAAO,iBAAiB,QAAS,IAAM,CACrC,KAAK,kBAAkB,OAAOA,CAAM,EAEhC,KAAK,kBAAkB,OAAS,GAClC,KAAK,iCAAiC,MAAA,CAE1C,CAAC,GAGC,KAAK,eACP,OAAO,KAAK,eAGd,KAAK,gCAAkC,IAAI,gBAE3C,KAAK,gCAAgC,OAAO,iBAAiB,QAAS,IAAM,CAC1E,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CAAC,EAGD,MAAME,EAAgB,KAAK,OAAkD,OAAzCR,EAAQ,IAAI/B,CAAyB,EAGnEiD,EAAqC,CAAA,EACvCV,IACFU,EAAY,SAAWV,GAQzB,KAAK,eAAiB,KAAK,YAAY,KACpC,QAAQU,EAAa,CACpB,OAAQ,KAAK,gCAAgC,MAAA,CAC9C,EACA,KAAMC,IAGA,KAAK,QACR,KAAK,UAAUpD,EAAqBoD,EAAS,aAAc,CACzD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAEIA,EACR,EACA,MAAM,KAAK,kBAAkB,EAEhC,GAAI,CACF,OAAO,MAAM,KAAK,cACpB,QAAA,CACE,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CACF,CACF"}
1	+ {"version":3,"file":"auth.service.cjs","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/*\n Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n /\nconst SECONDS_TO_MS = 1000;\n\n/\n Convert seconds to milliseconds\n /\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds SECONDS_TO_MS);\n\n/*\n Convert milliseconds to seconds\n /\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/\n Get current time in seconds (Unix timestamp)\n /\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/\n Convert JWT expiration time (seconds) to milliseconds\n /\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/\n Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n /\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n const bufferMS = secondsToMilliseconds(bufferSeconds);\n const nowMS = Date.now();\n return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/\n Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n /\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n const now = nowInSeconds();\n return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n private pendingRefresher: (() => void) \| null = null;\n private refreshPromise: Promise<RefreshResponse \| { error: string; user: null }> \| null = null;\n private refreshingSignals: Set<AbortSignal> = new Set();\n private refreshingSignalAbortController: AbortController \| null = null;\n // A local client that doesn't call getSessionToken() which calls refreshSession().\n private localClient: Blimu;\n\n constructor(\n private readonly isLive: boolean,\n private readonly client: Blimu,\n private readonly store: ExternalStore<AuthState>,\n baseURL: string,\n publishableKey: string,\n ) {\n this.localClient = new Blimu({\n baseURL,\n credentials: 'include',\n headers: { 'x-blimu-publishable-key': publishableKey },\n });\n this.handleRequestError = this.handleRequestError.bind(this);\n }\n\n /\n Set cookie with appropriate security settings based on environment\n /\n private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n const cookieOptions: Cookies.CookieAttributes = {\n secure: this.isLive, // true for live environments, false for localhost\n sameSite: 'lax',\n path: '/',\n };\n\n if (options.maxAge !== undefined) {\n cookieOptions.expires = options.maxAge / (24 60 * 60); // Convert seconds to days\n }\n\n Cookies.set(name, value, cookieOptions);\n }\n\n getSessionPayload(): {\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n } \| null {\n const token = Cookies.get(SESSION_COOKIE_NAME);\n\n if (!token) {\n return null;\n }\n\n const decoded = jwtDecode<{\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n }>(token);\n\n return decoded;\n }\n\n async getSessionToken(): Promise<string \| undefined> {\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return undefined;\n }\n\n // If a refresh is already in progress, wait for it to complete\n // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n // which triggers accessToken() which calls getSessionToken()\n if (this.refreshPromise) {\n await this.refreshPromise;\n // After refresh completes, return the updated token from cookie\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n if (isExpiredIn(sessionPayload.exp, 0)) {\n await this.refreshSession();\n }\n\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n Cookies.remove(SESSION_COOKIE_NAME);\n Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n return {\n error: error.message,\n user: null,\n };\n }\n\n if (error instanceof DOMException)\n return {\n error: error.message,\n user: null,\n };\n\n if (error instanceof Error) {\n return {\n error: error.message,\n user: null,\n };\n }\n\n return {\n error: 'unknown error',\n user: null,\n };\n }\n\n async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n error: string \| null;\n user: User \| null;\n }> {\n const url = new URL(window.location.href);\n const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n // Clean up URL parameters immediately to prevent re-processing on re-renders\n if (localhostJWT) {\n url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n window.history.replaceState({}, '', url.toString());\n }\n\n // Handle localhost JWT from URL parameter\n if (localhostJWT) {\n // Set localhost JWT cookie on customer app domain\n this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n\n const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n console.log('localhostJWTCookie', localhostJWTCookie);\n\n if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return {\n error: null,\n user: null,\n };\n }\n\n if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n const result = await this.refreshSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const result = await this.client.auth.getSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n\n return {\n error: null,\n user: result.user,\n };\n }\n\n scheduleRefresh() {\n const abortController = new AbortController();\n let isOnline = true;\n let timeoutId: number \| null = null;\n\n const onlineHandler = () => {\n isOnline = true;\n if (this.pendingRefresher) {\n this.pendingRefresher();\n this.pendingRefresher = null;\n }\n };\n const offlineHandler = () => {\n isOnline = false;\n };\n\n window.addEventListener('online', onlineHandler);\n window.addEventListener('offline', offlineHandler);\n\n const refresh = () => {\n // Clear any existing timeout before scheduling a new one\n // This prevents infinite loops when refresh() is called recursively\n if (timeoutId !== null) {\n window.clearTimeout(timeoutId);\n timeoutId = null;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload \|\| isExpiredIn(sessionPayload.exp, 0)) return;\n\n // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n // Prevent scheduling if timeout is negative (token already expired)\n // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n // This prevents immediate re-scheduling that could cause infinite loops\n if (timeoutDelayMS < 0) {\n return;\n }\n\n // Having this function outside timeout, allows us to call refresh immediately when back online\n const refresher = async () => {\n // Clear timeoutId since we're executing now\n timeoutId = null;\n\n if (!isOnline) {\n // Keep closure of refresh function alive\n this.pendingRefresher = refresher;\n return;\n }\n\n const result = await this.refreshSession({ signal: abortController.signal });\n\n if ('error' in result) {\n // If the refresh was aborted (e.g., due to React strict mode unmounting),\n // don't treat it as an error - just return and let the component remount handle it\n if (result.error === 'aborted') {\n return;\n }\n // For real errors, update the store\n this.store.setState({\n status: 'error',\n user: null,\n error: result.error,\n });\n return;\n } else {\n // After successful refresh, schedule the next refresh with the new token\n refresh();\n }\n };\n\n timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n };\n\n refresh();\n\n return () => {\n if (timeoutId) {\n window.clearTimeout(timeoutId);\n }\n abortController.abort();\n window.removeEventListener('online', onlineHandler);\n window.removeEventListener('offline', offlineHandler);\n };\n }\n\n private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n if (signal) {\n // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n this.refreshingSignals.add(signal);\n\n signal.addEventListener('abort', () => {\n this.refreshingSignals.delete(signal);\n\n if (this.refreshingSignals.size === 0) {\n this.refreshingSignalAbortController?.abort();\n }\n });\n }\n\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n\n this.refreshingSignalAbortController = new AbortController();\n\n this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n });\n\n // Get localhost_jwt from cookie to send as query parameter (only for non-live environments)\n const localhostJWT = !this.isLive ? Cookies.get(LOCALHOST_JWT_COOKIE_NAME) : undefined;\n\n // Build query parameters - only include __lh_jwt for non-live environments when cookie exists\n const queryParams: { __lh_jwt?: string } = {};\n if (localhostJWT) {\n queryParams.__lh_jwt = localhostJWT;\n }\n\n // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n // There are hacks to avoid infinite recursion, but they are not reliable.\n // The localhost_jwt is sent as a query parameter only in non-live environments\n // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n // but the underlying CoreClient.request() method does support it\n this.refreshPromise = this.localClient.auth\n .refresh(queryParams, {\n signal: this.refreshingSignalAbortController.signal,\n })\n .then((response) => {\n // Update cookie with new session token from response body\n // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n if (!this.isLive) {\n this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n return response;\n })\n .catch(this.handleRequestError);\n\n try {\n return await this.refreshPromise;\n } finally {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n }\n }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","localhostJWTCookie","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","queryParams","response"],"mappings":"uOAQaA,EAAsB,gBACtBC,EAA+B,WAC/BC,EAA4B,WAC5BC,EAA4B,GAMnCC,EAAgB,IAKhBC,EAAyBC,GAA4B,KAAK,MAAMA,EAAUF,CAAa,EAKvFG,EAAyBC,GAAuB,KAAK,MAAMA,EAAKJ,CAAa,EAK7EK,EAAe,IAAcF,EAAsB,KAAK,KAAK,EAK7DG,EAAwBC,GAAwBN,EAAsBM,CAAG,EAQzEC,EAAwB,CAACC,EAA2BC,IAAkC,CAC1F,MAAMC,EAAeL,EAAqBG,CAAiB,EACrDG,EAAWX,EAAsBS,CAAa,EAC9CG,EAAQ,KAAK,IAAA,EACnB,OAAO,KAAK,IAAIF,EAAeC,EAAWC,EAAO,CAAC,CACpD,EAQaC,EAAc,CAACC,EAAoBC,IAA4B,CAC1E,MAAMC,EAAMZ,EAAA,EACZ,OAAOU,EAAaC,EAASC,CAC/B,EAEO,MAAMC,CAAmB,CAQ9B,YACmBC,EACAC,EACAC,EACjBC,EACAC,EACA,CALiB,KAAA,OAAAJ,EACA,KAAA,OAAAC,EACA,KAAA,MAAAC,EAVnB,KAAQ,iBAAwC,KAChD,KAAQ,eAAkF,KAC1F,KAAQ,sBAA0C,IAClD,KAAQ,gCAA0D,KAWhE,KAAK,YAAc,IAAIG,QAAM,CAC3B,QAAAF,EACA,YAAa,UACb,QAAS,CAAE,0BAA2BC,CAAA,CAAe,CACtD,EACD,KAAK,mBAAqB,KAAK,mBAAmB,KAAK,IAAI,CAC7D,CAKQ,UAAUE,EAAcC,EAAeC,EAA+B,CAAA,EAAU,CACtF,MAAMC,EAA0C,CAC9C,OAAQ,KAAK,OACb,SAAU,MACV,KAAM,GAAA,EAGJD,EAAQ,SAAW,SACrBC,EAAc,QAAUD,EAAQ,QAAU,KAAU,KAGtDE,EAAQ,IAAIJ,EAAMC,EAAOE,CAAa,CACxC,CAEA,mBAMS,CACP,MAAME,EAAQD,EAAQ,IAAIjC,CAAmB,EAE7C,OAAKkC,EAIWC,EAAAA,UAMbD,CAAK,EATC,IAYX,CAEA,MAAM,iBAA+C,CACnD,MAAME,EAAiB,KAAK,kBAAA,EAE5B,GAAKA,EAOL,OAAI,KAAK,gBACP,MAAM,KAAK,eAEJH,EAAQ,IAAIjC,CAAmB,IAGpCkB,EAAYkB,EAAe,IAAK,CAAC,GACnC,MAAM,KAAK,eAAA,EAGNH,EAAQ,IAAIjC,CAAmB,EACxC,CAEA,MAAM,mBAAmBqC,EAAwD,CAC/E,OAAIA,aAAiBC,EAAAA,YAAc,CAAC,IAAK,GAAG,EAAE,SAASD,EAAM,MAAM,GACjEJ,EAAQ,OAAOjC,CAAmB,EAClCiC,EAAQ,OAAO/B,CAAyB,EAEjC,CACL,MAAOmC,EAAM,QACb,KAAM,IAAA,GAINA,aAAiB,aACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAGNA,aAAiB,MACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAIH,CACL,MAAO,gBACP,KAAM,IAAA,CAEV,CAEA,MAAM,WAAW,CAAE,OAAAE,CAAA,EAAqC,GAGrD,CACD,MAAMC,EAAM,IAAI,IAAI,OAAO,SAAS,IAAI,EAClCC,EAAeD,EAAI,aAAa,IAAIvC,CAA4B,GAAK,OAGvEwC,IACFD,EAAI,aAAa,OAAOvC,CAA4B,EACpD,OAAO,QAAQ,aAAa,CAAA,EAAI,GAAIuC,EAAI,UAAU,GAIhDC,GAEF,KAAK,UAAUvC,EAA2BuC,EAAc,CACtD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAGH,MAAMC,EAAqBT,EAAQ,IAAI/B,CAAyB,EAIhE,GAFA,QAAQ,IAAI,qBAAsBwC,CAAkB,EAEhDA,GAAsB,CAACT,EAAQ,IAAIjC,CAAmB,EAAG,CAC3D,MAAM2C,EAAS,MAAM,KAAK,eAAe,CAAE,OAAAJ,EAAQ,EAAE,MAAM,KAAK,kBAAkB,EAClF,GAAI,UAAWI,EAAQ,OAAOA,CAChC,CAEA,MAAMP,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,EACH,MAAO,CACL,MAAO,KACP,KAAM,IAAA,EAIV,GAAIlB,EAAYkB,EAAe,IAAKjC,CAAyB,EAAG,CAC9D,MAAMwC,EAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB,EACxE,GAAI,UAAWA,EAAQ,OAAOA,CAChC,CAEA,MAAMA,EAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB,EAChF,MAAI,UAAWA,EAAeA,EAEvB,CACL,MAAO,KACP,KAAMA,EAAO,IAAA,CAEjB,CAEA,iBAAkB,CAChB,MAAMC,EAAkB,IAAI,gBAC5B,IAAIC,EAAW,GACXC,EAA2B,KAE/B,MAAMC,EAAgB,IAAM,CAC1BF,EAAW,GACP,KAAK,mBACP,KAAK,iBAAA,EACL,KAAK,iBAAmB,KAE5B,EACMG,EAAiB,IAAM,CAC3BH,EAAW,EACb,EAEA,OAAO,iBAAiB,SAAUE,CAAa,EAC/C,OAAO,iBAAiB,UAAWC,CAAc,EAEjD,MAAMC,EAAU,IAAM,CAGhBH,IAAc,OAChB,OAAO,aAAaA,CAAS,EAC7BA,EAAY,MAGd,MAAMV,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,GAAkBlB,EAAYkB,EAAe,IAAK,CAAC,EAAG,OAG3D,MAAMc,EAAiBtC,EAAsBwB,EAAe,IAAKjC,CAAyB,EAK1F,GAAI+C,EAAiB,EACnB,OAIF,MAAMC,EAAY,SAAY,CAI5B,GAFAL,EAAY,KAER,CAACD,EAAU,CAEb,KAAK,iBAAmBM,EACxB,MACF,CAEA,MAAMR,EAAS,MAAM,KAAK,eAAe,CAAE,OAAQC,EAAgB,OAAQ,EAE3E,GAAI,UAAWD,EAAQ,CAGrB,GAAIA,EAAO,QAAU,UACnB,OAGF,KAAK,MAAM,SAAS,CAClB,OAAQ,QACR,KAAM,KACN,MAAOA,EAAO,KAAA,CACf,EACD,MACF,MAEEM,EAAA,CAEJ,EAEAH,EAAY,OAAO,WAAWK,EAAWD,CAAc,CACzD,EAEA,OAAAD,EAAA,EAEO,IAAM,CACPH,GACF,OAAO,aAAaA,CAAS,EAE/BF,EAAgB,MAAA,EAChB,OAAO,oBAAoB,SAAUG,CAAa,EAClD,OAAO,oBAAoB,UAAWC,CAAc,CACtD,CACF,CAEA,MAAc,eAAe,CAAE,OAAAT,CAAA,EAAqC,GAAI,CActE,GAbIA,IAEF,KAAK,kBAAkB,IAAIA,CAAM,EAEjCA,EAAO,iBAAiB,QAAS,IAAM,CACrC,KAAK,kBAAkB,OAAOA,CAAM,EAEhC,KAAK,kBAAkB,OAAS,GAClC,KAAK,iCAAiC,MAAA,CAE1C,CAAC,GAGC,KAAK,eACP,OAAO,KAAK,eAGd,KAAK,gCAAkC,IAAI,gBAE3C,KAAK,gCAAgC,OAAO,iBAAiB,QAAS,IAAM,CAC1E,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CAAC,EAGD,MAAME,EAAgB,KAAK,OAAkD,OAAzCR,EAAQ,IAAI/B,CAAyB,EAGnEkD,EAAqC,CAAA,EACvCX,IACFW,EAAY,SAAWX,GAQzB,KAAK,eAAiB,KAAK,YAAY,KACpC,QAAQW,EAAa,CACpB,OAAQ,KAAK,gCAAgC,MAAA,CAC9C,EACA,KAAMC,IAGA,KAAK,QACR,KAAK,UAAUrD,EAAqBqD,EAAS,aAAc,CACzD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAEIA,EACR,EACA,MAAM,KAAK,kBAAkB,EAEhC,GAAI,CACF,OAAO,MAAM,KAAK,cACpB,QAAA,CACE,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CACF,CACF"}

package/dist/client/auth.service.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/client/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAc,MAAM,eAAe,CAAC;AAKlD,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,eAAO,MAAM,mBAAmB,kBAAkB,CAAC;AACnD,eAAO,MAAM,4BAA4B,aAAa,CAAC;AACvD,eAAO,MAAM,yBAAyB,aAAa,CAAC;AACpD,eAAO,MAAM,yBAAyB,KAAK,CAAC;AAyC5C;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAI,YAAY,MAAM,EAAE,QAAQ,MAAM,KAAG,OAGhE,CAAC;AAEF,qBAAa,kBAAkB;IAS3B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IAVxB,OAAO,CAAC,gBAAgB,CAA6B;IACrD,OAAO,CAAC,cAAc,CAAyE;IAC/F,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,+BAA+B,CAAgC;IAEvE,OAAO,CAAC,WAAW,CAAQ;gBAGR,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,KAAK,EACb,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAChD,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM;IAUxB;;OAEG;IACH,OAAO,CAAC,SAAS;IAcjB,iBAAiB,IAAI;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,GAAG,IAAI;IAkBF,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAuB9C,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,CAAA;KAAE,CAAC;IA8B1E,UAAU,CAAC,EAAE,MAAM,EAAE,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GAAG,OAAO,CAAC;QACnE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;KACnB,CAAC;~~IAgDF~~,eAAe;YAwFD,cAAc;CAgE7B"}
1	+ {"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/client/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAc,MAAM,eAAe,CAAC;AAKlD,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,eAAO,MAAM,mBAAmB,kBAAkB,CAAC;AACnD,eAAO,MAAM,4BAA4B,aAAa,CAAC;AACvD,eAAO,MAAM,yBAAyB,aAAa,CAAC;AACpD,eAAO,MAAM,yBAAyB,KAAK,CAAC;AAyC5C;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAI,YAAY,MAAM,EAAE,QAAQ,MAAM,KAAG,OAGhE,CAAC;AAEF,qBAAa,kBAAkB;IAS3B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IAVxB,OAAO,CAAC,gBAAgB,CAA6B;IACrD,OAAO,CAAC,cAAc,CAAyE;IAC/F,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,+BAA+B,CAAgC;IAEvE,OAAO,CAAC,WAAW,CAAQ;gBAGR,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,KAAK,EACb,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAChD,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM;IAUxB;;OAEG;IACH,OAAO,CAAC,SAAS;IAcjB,iBAAiB,IAAI;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,GAAG,IAAI;IAkBF,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAuB9C,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,CAAA;KAAE,CAAC;IA8B1E,UAAU,CAAC,EAAE,MAAM,EAAE,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GAAG,OAAO,CAAC;QACnE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;KACnB,CAAC;IAkDF,eAAe;YAwFD,cAAc;CAgE7B"}

package/dist/client/auth.service.js CHANGED Viewed

@@ -1,12 +1,12 @@
 import { Blimu as _, BlimuError as A } from "@blimu/client";
 import o from "../node_modules/js-cookie/dist/js.cookie.js";
 import { jwtDecode as C } from "../node_modules/jwt-decode/build/esm/index.js";
-const h = "__bli_session", S = "__lh_jwt", u = "__lh_jwt", m = 10, w = 1e3, E = (i) => Math.floor(i * w), b = (i) => Math.floor(i / w), p = () => b(Date.now()), P = (i) => E(i), v = (i, e) => {
-  const s = P(i), r = E(e), t = Date.now();
+const h = "__bli_session", S = "__lh_jwt", u = "__lh_jwt", m = 10, w = 1e3, E = (n) => Math.floor(n * w), b = (n) => Math.floor(n / w), p = () => b(Date.now()), P = (n) => E(n), v = (n, e) => {
+  const s = P(n), r = E(e), t = Date.now();
   return Math.max(s - r - t, 0);
-}, f = (i, e) => {
+}, f = (n, e) => {
   const s = p();
-  return i - e < s;
+  return n - e < s;
 };
 class x {
   constructor(e, s, r, t, l) {
@@ -54,12 +54,14 @@ class x {
   }
   async initialize({ signal: e } = {}) {
     const s = new URL(window.location.href), r = s.searchParams.get(S) ?? void 0;
-    if (r && (s.searchParams.delete(S), window.history.replaceState({}, "", s.toString())), r && this.setCookie(u, r, {
+    r && (s.searchParams.delete(S), window.history.replaceState({}, "", s.toString())), r && this.setCookie(u, r, {
       maxAge: 720 * 60 * 60
       // 30 days
-    }), o.get(u) && !o.get(h)) {
-      const n = await this.refreshSession({ signal: e }).catch(this.handleRequestError);
-      if ("error" in n) return n;
+    });
+    const t = o.get(u);
+    if (console.log("localhostJWTCookie", t), t && !o.get(h)) {
+      const i = await this.refreshSession({ signal: e }).catch(this.handleRequestError);
+      if ("error" in i) return i;
     }
     const l = this.getSessionPayload();
     if (!l)
@@ -68,8 +70,8 @@ class x {
         user: null
       };
     if (f(l.exp, m)) {
-      const n = await this.refreshSession().catch(this.handleRequestError);
-      if ("error" in n) return n;
+      const i = await this.refreshSession().catch(this.handleRequestError);
+      if ("error" in i) return i;
     }
     const a = await this.client.auth.getSession().catch(this.handleRequestError);
     return "error" in a ? a : {
@@ -88,9 +90,9 @@ class x {
     window.addEventListener("online", t), window.addEventListener("offline", l);
     const a = () => {
       r !== null && (window.clearTimeout(r), r = null);
-      const n = this.getSessionPayload();
-      if (!n || f(n.exp, 0)) return;
-      const d = v(n.exp, m);
+      const i = this.getSessionPayload();
+      if (!i || f(i.exp, 0)) return;
+      const d = v(i.exp, m);
       if (d < 0)
         return;
       const g = async () => {

package/dist/client/auth.service.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.service.js","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/*\n Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n /\nconst SECONDS_TO_MS = 1000;\n\n/\n Convert seconds to milliseconds\n /\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds SECONDS_TO_MS);\n\n/*\n Convert milliseconds to seconds\n /\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/\n Get current time in seconds (Unix timestamp)\n /\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/\n Convert JWT expiration time (seconds) to milliseconds\n /\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/\n Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n /\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n const bufferMS = secondsToMilliseconds(bufferSeconds);\n const nowMS = Date.now();\n return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/\n Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n /\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n const now = nowInSeconds();\n return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n private pendingRefresher: (() => void) \| null = null;\n private refreshPromise: Promise<RefreshResponse \| { error: string; user: null }> \| null = null;\n private refreshingSignals: Set<AbortSignal> = new Set();\n private refreshingSignalAbortController: AbortController \| null = null;\n // A local client that doesn't call getSessionToken() which calls refreshSession().\n private localClient: Blimu;\n\n constructor(\n private readonly isLive: boolean,\n private readonly client: Blimu,\n private readonly store: ExternalStore<AuthState>,\n baseURL: string,\n publishableKey: string,\n ) {\n this.localClient = new Blimu({\n baseURL,\n credentials: 'include',\n headers: { 'x-blimu-publishable-key': publishableKey },\n });\n this.handleRequestError = this.handleRequestError.bind(this);\n }\n\n /\n Set cookie with appropriate security settings based on environment\n /\n private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n const cookieOptions: Cookies.CookieAttributes = {\n secure: this.isLive, // true for live environments, false for localhost\n sameSite: 'lax',\n path: '/',\n };\n\n if (options.maxAge !== undefined) {\n cookieOptions.expires = options.maxAge / (24 60 * 60); // Convert seconds to days\n }\n\n Cookies.set(name, value, cookieOptions);\n }\n\n getSessionPayload(): {\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n } \| null {\n const token = Cookies.get(SESSION_COOKIE_NAME);\n\n if (!token) {\n return null;\n }\n\n const decoded = jwtDecode<{\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n }>(token);\n\n return decoded;\n }\n\n async getSessionToken(): Promise<string \| undefined> {\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return undefined;\n }\n\n // If a refresh is already in progress, wait for it to complete\n // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n // which triggers accessToken() which calls getSessionToken()\n if (this.refreshPromise) {\n await this.refreshPromise;\n // After refresh completes, return the updated token from cookie\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n if (isExpiredIn(sessionPayload.exp, 0)) {\n await this.refreshSession();\n }\n\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n Cookies.remove(SESSION_COOKIE_NAME);\n Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n return {\n error: error.message,\n user: null,\n };\n }\n\n if (error instanceof DOMException)\n return {\n error: error.message,\n user: null,\n };\n\n if (error instanceof Error) {\n return {\n error: error.message,\n user: null,\n };\n }\n\n return {\n error: 'unknown error',\n user: null,\n };\n }\n\n async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n error: string \| null;\n user: User \| null;\n }> {\n const url = new URL(window.location.href);\n const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n // Clean up URL parameters immediately to prevent re-processing on re-renders\n if (localhostJWT) {\n url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n window.history.replaceState({}, '', url.toString());\n }\n\n // Handle localhost JWT from URL parameter\n if (localhostJWT) {\n // Set localhost JWT cookie on customer app domain\n this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n\n const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return {\n error: null,\n user: null,\n };\n }\n\n if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n const result = await this.refreshSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const result = await this.client.auth.getSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n\n return {\n error: null,\n user: result.user,\n };\n }\n\n scheduleRefresh() {\n const abortController = new AbortController();\n let isOnline = true;\n let timeoutId: number \| null = null;\n\n const onlineHandler = () => {\n isOnline = true;\n if (this.pendingRefresher) {\n this.pendingRefresher();\n this.pendingRefresher = null;\n }\n };\n const offlineHandler = () => {\n isOnline = false;\n };\n\n window.addEventListener('online', onlineHandler);\n window.addEventListener('offline', offlineHandler);\n\n const refresh = () => {\n // Clear any existing timeout before scheduling a new one\n // This prevents infinite loops when refresh() is called recursively\n if (timeoutId !== null) {\n window.clearTimeout(timeoutId);\n timeoutId = null;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload \|\| isExpiredIn(sessionPayload.exp, 0)) return;\n\n // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n // Prevent scheduling if timeout is negative (token already expired)\n // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n // This prevents immediate re-scheduling that could cause infinite loops\n if (timeoutDelayMS < 0) {\n return;\n }\n\n // Having this function outside timeout, allows us to call refresh immediately when back online\n const refresher = async () => {\n // Clear timeoutId since we're executing now\n timeoutId = null;\n\n if (!isOnline) {\n // Keep closure of refresh function alive\n this.pendingRefresher = refresher;\n return;\n }\n\n const result = await this.refreshSession({ signal: abortController.signal });\n\n if ('error' in result) {\n // If the refresh was aborted (e.g., due to React strict mode unmounting),\n // don't treat it as an error - just return and let the component remount handle it\n if (result.error === 'aborted') {\n return;\n }\n // For real errors, update the store\n this.store.setState({\n status: 'error',\n user: null,\n error: result.error,\n });\n return;\n } else {\n // After successful refresh, schedule the next refresh with the new token\n refresh();\n }\n };\n\n timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n };\n\n refresh();\n\n return () => {\n if (timeoutId) {\n window.clearTimeout(timeoutId);\n }\n abortController.abort();\n window.removeEventListener('online', onlineHandler);\n window.removeEventListener('offline', offlineHandler);\n };\n }\n\n private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n if (signal) {\n // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n this.refreshingSignals.add(signal);\n\n signal.addEventListener('abort', () => {\n this.refreshingSignals.delete(signal);\n\n if (this.refreshingSignals.size === 0) {\n this.refreshingSignalAbortController?.abort();\n }\n });\n }\n\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n\n this.refreshingSignalAbortController = new AbortController();\n\n this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n });\n\n // Get localhost_jwt from cookie to send as query parameter (only for non-live environments)\n const localhostJWT = !this.isLive ? Cookies.get(LOCALHOST_JWT_COOKIE_NAME) : undefined;\n\n // Build query parameters - only include __lh_jwt for non-live environments when cookie exists\n const queryParams: { __lh_jwt?: string } = {};\n if (localhostJWT) {\n queryParams.__lh_jwt = localhostJWT;\n }\n\n // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n // There are hacks to avoid infinite recursion, but they are not reliable.\n // The localhost_jwt is sent as a query parameter only in non-live environments\n // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n // but the underlying CoreClient.request() method does support it\n this.refreshPromise = this.localClient.auth\n .refresh(queryParams, {\n signal: this.refreshingSignalAbortController.signal,\n })\n .then((response) => {\n // Update cookie with new session token from response body\n // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n if (!this.isLive) {\n this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n return response;\n })\n .catch(this.handleRequestError);\n\n try {\n return await this.refreshPromise;\n } finally {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n }\n }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","queryParams","response"],"mappings":";;;AAQO,MAAMA,IAAsB,iBACtBC,IAA+B,YAC/BC,IAA4B,YAC5BC,IAA4B,IAMnCC,IAAgB,KAKhBC,IAAwB,CAACC,MAA4B,KAAK,MAAMA,IAAUF,CAAa,GAKvFG,IAAwB,CAACC,MAAuB,KAAK,MAAMA,IAAKJ,CAAa,GAK7EK,IAAe,MAAcF,EAAsB,KAAK,KAAK,GAK7DG,IAAuB,CAACC,MAAwBN,EAAsBM,CAAG,GAQzEC,IAAwB,CAACC,GAA2BC,MAAkC;AAC1F,QAAMC,IAAeL,EAAqBG,CAAiB,GACrDG,IAAWX,EAAsBS,CAAa,GAC9CG,IAAQ,KAAK,IAAA;AACnB,SAAO,KAAK,IAAIF,IAAeC,IAAWC,GAAO,CAAC;AACpD,GAQaC,IAAc,CAACC,GAAoBC,MAA4B;AAC1E,QAAMC,IAAMZ,EAAA;AACZ,SAAOU,IAAaC,IAASC;AAC/B;AAEO,MAAMC,EAAmB;AAAA,EAQ9B,YACmBC,GACAC,GACAC,GACjBC,GACAC,GACA;AALiB,SAAA,SAAAJ,GACA,KAAA,SAAAC,GACA,KAAA,QAAAC,GAVnB,KAAQ,mBAAwC,MAChD,KAAQ,iBAAkF,MAC1F,KAAQ,wCAA0C,IAAA,GAClD,KAAQ,kCAA0D,MAWhE,KAAK,cAAc,IAAIG,EAAM;AAAA,MAC3B,SAAAF;AAAA,MACA,aAAa;AAAA,MACb,SAAS,EAAE,2BAA2BC,EAAA;AAAA,IAAe,CACtD,GACD,KAAK,qBAAqB,KAAK,mBAAmB,KAAK,IAAI;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAUE,GAAcC,GAAeC,IAA+B,CAAA,GAAU;AACtF,UAAMC,IAA0C;AAAA,MAC9C,QAAQ,KAAK;AAAA;AAAA,MACb,UAAU;AAAA,MACV,MAAM;AAAA,IAAA;AAGR,IAAID,EAAQ,WAAW,WACrBC,EAAc,UAAUD,EAAQ,UAAU,OAAU,MAGtDE,EAAQ,IAAIJ,GAAMC,GAAOE,CAAa;AAAA,EACxC;AAAA,EAEA,oBAMS;AACP,UAAME,IAAQD,EAAQ,IAAIjC,CAAmB;AAE7C,WAAKkC,IAIWC,EAMbD,CAAK,IATC;AAAA,EAYX;AAAA,EAEA,MAAM,kBAA+C;AACnD,UAAME,IAAiB,KAAK,kBAAA;AAE5B,QAAKA;AAOL,aAAI,KAAK,kBACP,MAAM,KAAK,gBAEJH,EAAQ,IAAIjC,CAAmB,MAGpCkB,EAAYkB,EAAe,KAAK,CAAC,KACnC,MAAM,KAAK,eAAA,GAGNH,EAAQ,IAAIjC,CAAmB;AAAA,EACxC;AAAA,EAEA,MAAM,mBAAmBqC,GAAwD;AAC/E,WAAIA,aAAiBC,KAAc,CAAC,KAAK,GAAG,EAAE,SAASD,EAAM,MAAM,KACjEJ,EAAQ,OAAOjC,CAAmB,GAClCiC,EAAQ,OAAO/B,CAAyB,GAEjC;AAAA,MACL,OAAOmC,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,KAINA,aAAiB,eACZ;AAAA,MACL,OAAOA,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,IAGNA,aAAiB,QACZ;AAAA,MACL,OAAOA,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,IAIH;AAAA,MACL,OAAO;AAAA,MACP,MAAM;AAAA,IAAA;AAAA,EAEV;AAAA,EAEA,MAAM,WAAW,EAAE,QAAAE,EAAA,IAAqC,IAGrD;AACD,UAAMC,IAAM,IAAI,IAAI,OAAO,SAAS,IAAI,GAClCC,IAAeD,EAAI,aAAa,IAAIvC,CAA4B,KAAK;AAkB3E,QAfIwC,MACFD,EAAI,aAAa,OAAOvC,CAA4B,GACpD,OAAO,QAAQ,aAAa,CAAA,GAAI,IAAIuC,EAAI,UAAU,IAIhDC,KAEF,KAAK,UAAUvC,GAA2BuC,GAAc;AAAA,MACtD,QAAQ,MAAU,KAAK;AAAA;AAAA,IAAA,CACxB,GAGwBR,EAAQ,IAAI/B,CAAyB,KAEtC,CAAC+B,EAAQ,IAAIjC,CAAmB,GAAG;AAC3D,YAAM0C,IAAS,MAAM,KAAK,eAAe,EAAE,QAAAH,GAAQ,EAAE,MAAM,KAAK,kBAAkB;AAClF,UAAI,WAAWG,EAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAMN,IAAiB,KAAK,kBAAA;AAE5B,QAAI,CAACA;AACH,aAAO;AAAA,QACL,OAAO;AAAA,QACP,MAAM;AAAA,MAAA;AAIV,QAAIlB,EAAYkB,EAAe,KAAKjC,CAAyB,GAAG;AAC9D,YAAMuC,IAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB;AACxE,UAAI,WAAWA,EAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAMA,IAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB;AAChF,WAAI,WAAWA,IAAeA,IAEvB;AAAA,MACL,OAAO;AAAA,MACP,MAAMA,EAAO;AAAA,IAAA;AAAA,EAEjB;AAAA,EAEA,kBAAkB;AAChB,UAAMC,IAAkB,IAAI,gBAAA;AAC5B,QAAIC,IAAW,IACXC,IAA2B;AAE/B,UAAMC,IAAgB,MAAM;AAC1B,MAAAF,IAAW,IACP,KAAK,qBACP,KAAK,iBAAA,GACL,KAAK,mBAAmB;AAAA,IAE5B,GACMG,IAAiB,MAAM;AAC3B,MAAAH,IAAW;AAAA,IACb;AAEA,WAAO,iBAAiB,UAAUE,CAAa,GAC/C,OAAO,iBAAiB,WAAWC,CAAc;AAEjD,UAAMC,IAAU,MAAM;AAGpB,MAAIH,MAAc,SAChB,OAAO,aAAaA,CAAS,GAC7BA,IAAY;AAGd,YAAMT,IAAiB,KAAK,kBAAA;AAE5B,UAAI,CAACA,KAAkBlB,EAAYkB,EAAe,KAAK,CAAC,EAAG;AAG3D,YAAMa,IAAiBrC,EAAsBwB,EAAe,KAAKjC,CAAyB;AAK1F,UAAI8C,IAAiB;AACnB;AAIF,YAAMC,IAAY,YAAY;AAI5B,YAFAL,IAAY,MAER,CAACD,GAAU;AAEb,eAAK,mBAAmBM;AACxB;AAAA,QACF;AAEA,cAAMR,IAAS,MAAM,KAAK,eAAe,EAAE,QAAQC,EAAgB,QAAQ;AAE3E,YAAI,WAAWD,GAAQ;AAGrB,cAAIA,EAAO,UAAU;AACnB;AAGF,eAAK,MAAM,SAAS;AAAA,YAClB,QAAQ;AAAA,YACR,MAAM;AAAA,YACN,OAAOA,EAAO;AAAA,UAAA,CACf;AACD;AAAA,QACF;AAEE,UAAAM,EAAA;AAAA,MAEJ;AAEA,MAAAH,IAAY,OAAO,WAAWK,GAAWD,CAAc;AAAA,IACzD;AAEA,WAAAD,EAAA,GAEO,MAAM;AACX,MAAIH,KACF,OAAO,aAAaA,CAAS,GAE/BF,EAAgB,MAAA,GAChB,OAAO,oBAAoB,UAAUG,CAAa,GAClD,OAAO,oBAAoB,WAAWC,CAAc;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,eAAe,EAAE,QAAAR,EAAA,IAAqC,IAAI;AActE,QAbIA,MAEF,KAAK,kBAAkB,IAAIA,CAAM,GAEjCA,EAAO,iBAAiB,SAAS,MAAM;AACrC,WAAK,kBAAkB,OAAOA,CAAM,GAEhC,KAAK,kBAAkB,SAAS,KAClC,KAAK,iCAAiC,MAAA;AAAA,IAE1C,CAAC,IAGC,KAAK;AACP,aAAO,KAAK;AAGd,SAAK,kCAAkC,IAAI,gBAAA,GAE3C,KAAK,gCAAgC,OAAO,iBAAiB,SAAS,MAAM;AAC1E,WAAK,iBAAiB,MACtB,KAAK,kCAAkC,MACvC,KAAK,kBAAkB,MAAA;AAAA,IACzB,CAAC;AAGD,UAAME,IAAgB,KAAK,SAAkD,SAAzCR,EAAQ,IAAI/B,CAAyB,GAGnEiD,IAAqC,CAAA;AAC3C,IAAIV,MACFU,EAAY,WAAWV,IAQzB,KAAK,iBAAiB,KAAK,YAAY,KACpC,QAAQU,GAAa;AAAA,MACpB,QAAQ,KAAK,gCAAgC;AAAA,IAAA,CAC9C,EACA,KAAK,CAACC,OAGA,KAAK,UACR,KAAK,UAAUpD,GAAqBoD,EAAS,cAAc;AAAA,MACzD,QAAQ,MAAU,KAAK;AAAA;AAAA,IAAA,CACxB,GAEIA,EACR,EACA,MAAM,KAAK,kBAAkB;AAEhC,QAAI;AACF,aAAO,MAAM,KAAK;AAAA,IACpB,UAAA;AACE,WAAK,iBAAiB,MACtB,KAAK,kCAAkC,MACvC,KAAK,kBAAkB,MAAA;AAAA,IACzB;AAAA,EACF;AACF;"}
1	+ {"version":3,"file":"auth.service.js","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/*\n Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n /\nconst SECONDS_TO_MS = 1000;\n\n/\n Convert seconds to milliseconds\n /\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds SECONDS_TO_MS);\n\n/*\n Convert milliseconds to seconds\n /\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/\n Get current time in seconds (Unix timestamp)\n /\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/\n Convert JWT expiration time (seconds) to milliseconds\n /\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/\n Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n /\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n const bufferMS = secondsToMilliseconds(bufferSeconds);\n const nowMS = Date.now();\n return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/\n Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n /\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n const now = nowInSeconds();\n return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n private pendingRefresher: (() => void) \| null = null;\n private refreshPromise: Promise<RefreshResponse \| { error: string; user: null }> \| null = null;\n private refreshingSignals: Set<AbortSignal> = new Set();\n private refreshingSignalAbortController: AbortController \| null = null;\n // A local client that doesn't call getSessionToken() which calls refreshSession().\n private localClient: Blimu;\n\n constructor(\n private readonly isLive: boolean,\n private readonly client: Blimu,\n private readonly store: ExternalStore<AuthState>,\n baseURL: string,\n publishableKey: string,\n ) {\n this.localClient = new Blimu({\n baseURL,\n credentials: 'include',\n headers: { 'x-blimu-publishable-key': publishableKey },\n });\n this.handleRequestError = this.handleRequestError.bind(this);\n }\n\n /\n Set cookie with appropriate security settings based on environment\n /\n private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n const cookieOptions: Cookies.CookieAttributes = {\n secure: this.isLive, // true for live environments, false for localhost\n sameSite: 'lax',\n path: '/',\n };\n\n if (options.maxAge !== undefined) {\n cookieOptions.expires = options.maxAge / (24 60 * 60); // Convert seconds to days\n }\n\n Cookies.set(name, value, cookieOptions);\n }\n\n getSessionPayload(): {\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n } \| null {\n const token = Cookies.get(SESSION_COOKIE_NAME);\n\n if (!token) {\n return null;\n }\n\n const decoded = jwtDecode<{\n sub: string;\n environmentId: string;\n type: string;\n iat: number;\n exp: number;\n }>(token);\n\n return decoded;\n }\n\n async getSessionToken(): Promise<string \| undefined> {\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return undefined;\n }\n\n // If a refresh is already in progress, wait for it to complete\n // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n // which triggers accessToken() which calls getSessionToken()\n if (this.refreshPromise) {\n await this.refreshPromise;\n // After refresh completes, return the updated token from cookie\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n if (isExpiredIn(sessionPayload.exp, 0)) {\n await this.refreshSession();\n }\n\n return Cookies.get(SESSION_COOKIE_NAME);\n }\n\n async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n Cookies.remove(SESSION_COOKIE_NAME);\n Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n return {\n error: error.message,\n user: null,\n };\n }\n\n if (error instanceof DOMException)\n return {\n error: error.message,\n user: null,\n };\n\n if (error instanceof Error) {\n return {\n error: error.message,\n user: null,\n };\n }\n\n return {\n error: 'unknown error',\n user: null,\n };\n }\n\n async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n error: string \| null;\n user: User \| null;\n }> {\n const url = new URL(window.location.href);\n const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n // Clean up URL parameters immediately to prevent re-processing on re-renders\n if (localhostJWT) {\n url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n window.history.replaceState({}, '', url.toString());\n }\n\n // Handle localhost JWT from URL parameter\n if (localhostJWT) {\n // Set localhost JWT cookie on customer app domain\n this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n\n const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n console.log('localhostJWTCookie', localhostJWTCookie);\n\n if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload) {\n return {\n error: null,\n user: null,\n };\n }\n\n if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n const result = await this.refreshSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n }\n\n const result = await this.client.auth.getSession().catch(this.handleRequestError);\n if ('error' in result) return result;\n\n return {\n error: null,\n user: result.user,\n };\n }\n\n scheduleRefresh() {\n const abortController = new AbortController();\n let isOnline = true;\n let timeoutId: number \| null = null;\n\n const onlineHandler = () => {\n isOnline = true;\n if (this.pendingRefresher) {\n this.pendingRefresher();\n this.pendingRefresher = null;\n }\n };\n const offlineHandler = () => {\n isOnline = false;\n };\n\n window.addEventListener('online', onlineHandler);\n window.addEventListener('offline', offlineHandler);\n\n const refresh = () => {\n // Clear any existing timeout before scheduling a new one\n // This prevents infinite loops when refresh() is called recursively\n if (timeoutId !== null) {\n window.clearTimeout(timeoutId);\n timeoutId = null;\n }\n\n const sessionPayload = this.getSessionPayload();\n\n if (!sessionPayload \|\| isExpiredIn(sessionPayload.exp, 0)) return;\n\n // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n // Prevent scheduling if timeout is negative (token already expired)\n // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n // This prevents immediate re-scheduling that could cause infinite loops\n if (timeoutDelayMS < 0) {\n return;\n }\n\n // Having this function outside timeout, allows us to call refresh immediately when back online\n const refresher = async () => {\n // Clear timeoutId since we're executing now\n timeoutId = null;\n\n if (!isOnline) {\n // Keep closure of refresh function alive\n this.pendingRefresher = refresher;\n return;\n }\n\n const result = await this.refreshSession({ signal: abortController.signal });\n\n if ('error' in result) {\n // If the refresh was aborted (e.g., due to React strict mode unmounting),\n // don't treat it as an error - just return and let the component remount handle it\n if (result.error === 'aborted') {\n return;\n }\n // For real errors, update the store\n this.store.setState({\n status: 'error',\n user: null,\n error: result.error,\n });\n return;\n } else {\n // After successful refresh, schedule the next refresh with the new token\n refresh();\n }\n };\n\n timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n };\n\n refresh();\n\n return () => {\n if (timeoutId) {\n window.clearTimeout(timeoutId);\n }\n abortController.abort();\n window.removeEventListener('online', onlineHandler);\n window.removeEventListener('offline', offlineHandler);\n };\n }\n\n private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n if (signal) {\n // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n this.refreshingSignals.add(signal);\n\n signal.addEventListener('abort', () => {\n this.refreshingSignals.delete(signal);\n\n if (this.refreshingSignals.size === 0) {\n this.refreshingSignalAbortController?.abort();\n }\n });\n }\n\n if (this.refreshPromise) {\n return this.refreshPromise;\n }\n\n this.refreshingSignalAbortController = new AbortController();\n\n this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n });\n\n // Get localhost_jwt from cookie to send as query parameter (only for non-live environments)\n const localhostJWT = !this.isLive ? Cookies.get(LOCALHOST_JWT_COOKIE_NAME) : undefined;\n\n // Build query parameters - only include __lh_jwt for non-live environments when cookie exists\n const queryParams: { __lh_jwt?: string } = {};\n if (localhostJWT) {\n queryParams.__lh_jwt = localhostJWT;\n }\n\n // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n // There are hacks to avoid infinite recursion, but they are not reliable.\n // The localhost_jwt is sent as a query parameter only in non-live environments\n // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n // but the underlying CoreClient.request() method does support it\n this.refreshPromise = this.localClient.auth\n .refresh(queryParams, {\n signal: this.refreshingSignalAbortController.signal,\n })\n .then((response) => {\n // Update cookie with new session token from response body\n // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n if (!this.isLive) {\n this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n maxAge: 30 * 24 * 60 * 60, // 30 days\n });\n }\n return response;\n })\n .catch(this.handleRequestError);\n\n try {\n return await this.refreshPromise;\n } finally {\n this.refreshPromise = null;\n this.refreshingSignalAbortController = null;\n this.refreshingSignals.clear();\n }\n }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","localhostJWTCookie","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","queryParams","response"],"mappings":";;;AAQO,MAAMA,IAAsB,iBACtBC,IAA+B,YAC/BC,IAA4B,YAC5BC,IAA4B,IAMnCC,IAAgB,KAKhBC,IAAwB,CAACC,MAA4B,KAAK,MAAMA,IAAUF,CAAa,GAKvFG,IAAwB,CAACC,MAAuB,KAAK,MAAMA,IAAKJ,CAAa,GAK7EK,IAAe,MAAcF,EAAsB,KAAK,KAAK,GAK7DG,IAAuB,CAACC,MAAwBN,EAAsBM,CAAG,GAQzEC,IAAwB,CAACC,GAA2BC,MAAkC;AAC1F,QAAMC,IAAeL,EAAqBG,CAAiB,GACrDG,IAAWX,EAAsBS,CAAa,GAC9CG,IAAQ,KAAK,IAAA;AACnB,SAAO,KAAK,IAAIF,IAAeC,IAAWC,GAAO,CAAC;AACpD,GAQaC,IAAc,CAACC,GAAoBC,MAA4B;AAC1E,QAAMC,IAAMZ,EAAA;AACZ,SAAOU,IAAaC,IAASC;AAC/B;AAEO,MAAMC,EAAmB;AAAA,EAQ9B,YACmBC,GACAC,GACAC,GACjBC,GACAC,GACA;AALiB,SAAA,SAAAJ,GACA,KAAA,SAAAC,GACA,KAAA,QAAAC,GAVnB,KAAQ,mBAAwC,MAChD,KAAQ,iBAAkF,MAC1F,KAAQ,wCAA0C,IAAA,GAClD,KAAQ,kCAA0D,MAWhE,KAAK,cAAc,IAAIG,EAAM;AAAA,MAC3B,SAAAF;AAAA,MACA,aAAa;AAAA,MACb,SAAS,EAAE,2BAA2BC,EAAA;AAAA,IAAe,CACtD,GACD,KAAK,qBAAqB,KAAK,mBAAmB,KAAK,IAAI;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAUE,GAAcC,GAAeC,IAA+B,CAAA,GAAU;AACtF,UAAMC,IAA0C;AAAA,MAC9C,QAAQ,KAAK;AAAA;AAAA,MACb,UAAU;AAAA,MACV,MAAM;AAAA,IAAA;AAGR,IAAID,EAAQ,WAAW,WACrBC,EAAc,UAAUD,EAAQ,UAAU,OAAU,MAGtDE,EAAQ,IAAIJ,GAAMC,GAAOE,CAAa;AAAA,EACxC;AAAA,EAEA,oBAMS;AACP,UAAME,IAAQD,EAAQ,IAAIjC,CAAmB;AAE7C,WAAKkC,IAIWC,EAMbD,CAAK,IATC;AAAA,EAYX;AAAA,EAEA,MAAM,kBAA+C;AACnD,UAAME,IAAiB,KAAK,kBAAA;AAE5B,QAAKA;AAOL,aAAI,KAAK,kBACP,MAAM,KAAK,gBAEJH,EAAQ,IAAIjC,CAAmB,MAGpCkB,EAAYkB,EAAe,KAAK,CAAC,KACnC,MAAM,KAAK,eAAA,GAGNH,EAAQ,IAAIjC,CAAmB;AAAA,EACxC;AAAA,EAEA,MAAM,mBAAmBqC,GAAwD;AAC/E,WAAIA,aAAiBC,KAAc,CAAC,KAAK,GAAG,EAAE,SAASD,EAAM,MAAM,KACjEJ,EAAQ,OAAOjC,CAAmB,GAClCiC,EAAQ,OAAO/B,CAAyB,GAEjC;AAAA,MACL,OAAOmC,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,KAINA,aAAiB,eACZ;AAAA,MACL,OAAOA,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,IAGNA,aAAiB,QACZ;AAAA,MACL,OAAOA,EAAM;AAAA,MACb,MAAM;AAAA,IAAA,IAIH;AAAA,MACL,OAAO;AAAA,MACP,MAAM;AAAA,IAAA;AAAA,EAEV;AAAA,EAEA,MAAM,WAAW,EAAE,QAAAE,EAAA,IAAqC,IAGrD;AACD,UAAMC,IAAM,IAAI,IAAI,OAAO,SAAS,IAAI,GAClCC,IAAeD,EAAI,aAAa,IAAIvC,CAA4B,KAAK;AAG3E,IAAIwC,MACFD,EAAI,aAAa,OAAOvC,CAA4B,GACpD,OAAO,QAAQ,aAAa,CAAA,GAAI,IAAIuC,EAAI,UAAU,IAIhDC,KAEF,KAAK,UAAUvC,GAA2BuC,GAAc;AAAA,MACtD,QAAQ,MAAU,KAAK;AAAA;AAAA,IAAA,CACxB;AAGH,UAAMC,IAAqBT,EAAQ,IAAI/B,CAAyB;AAIhE,QAFA,QAAQ,IAAI,sBAAsBwC,CAAkB,GAEhDA,KAAsB,CAACT,EAAQ,IAAIjC,CAAmB,GAAG;AAC3D,YAAM2C,IAAS,MAAM,KAAK,eAAe,EAAE,QAAAJ,GAAQ,EAAE,MAAM,KAAK,kBAAkB;AAClF,UAAI,WAAWI,EAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAMP,IAAiB,KAAK,kBAAA;AAE5B,QAAI,CAACA;AACH,aAAO;AAAA,QACL,OAAO;AAAA,QACP,MAAM;AAAA,MAAA;AAIV,QAAIlB,EAAYkB,EAAe,KAAKjC,CAAyB,GAAG;AAC9D,YAAMwC,IAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB;AACxE,UAAI,WAAWA,EAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAMA,IAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB;AAChF,WAAI,WAAWA,IAAeA,IAEvB;AAAA,MACL,OAAO;AAAA,MACP,MAAMA,EAAO;AAAA,IAAA;AAAA,EAEjB;AAAA,EAEA,kBAAkB;AAChB,UAAMC,IAAkB,IAAI,gBAAA;AAC5B,QAAIC,IAAW,IACXC,IAA2B;AAE/B,UAAMC,IAAgB,MAAM;AAC1B,MAAAF,IAAW,IACP,KAAK,qBACP,KAAK,iBAAA,GACL,KAAK,mBAAmB;AAAA,IAE5B,GACMG,IAAiB,MAAM;AAC3B,MAAAH,IAAW;AAAA,IACb;AAEA,WAAO,iBAAiB,UAAUE,CAAa,GAC/C,OAAO,iBAAiB,WAAWC,CAAc;AAEjD,UAAMC,IAAU,MAAM;AAGpB,MAAIH,MAAc,SAChB,OAAO,aAAaA,CAAS,GAC7BA,IAAY;AAGd,YAAMV,IAAiB,KAAK,kBAAA;AAE5B,UAAI,CAACA,KAAkBlB,EAAYkB,EAAe,KAAK,CAAC,EAAG;AAG3D,YAAMc,IAAiBtC,EAAsBwB,EAAe,KAAKjC,CAAyB;AAK1F,UAAI+C,IAAiB;AACnB;AAIF,YAAMC,IAAY,YAAY;AAI5B,YAFAL,IAAY,MAER,CAACD,GAAU;AAEb,eAAK,mBAAmBM;AACxB;AAAA,QACF;AAEA,cAAMR,IAAS,MAAM,KAAK,eAAe,EAAE,QAAQC,EAAgB,QAAQ;AAE3E,YAAI,WAAWD,GAAQ;AAGrB,cAAIA,EAAO,UAAU;AACnB;AAGF,eAAK,MAAM,SAAS;AAAA,YAClB,QAAQ;AAAA,YACR,MAAM;AAAA,YACN,OAAOA,EAAO;AAAA,UAAA,CACf;AACD;AAAA,QACF;AAEE,UAAAM,EAAA;AAAA,MAEJ;AAEA,MAAAH,IAAY,OAAO,WAAWK,GAAWD,CAAc;AAAA,IACzD;AAEA,WAAAD,EAAA,GAEO,MAAM;AACX,MAAIH,KACF,OAAO,aAAaA,CAAS,GAE/BF,EAAgB,MAAA,GAChB,OAAO,oBAAoB,UAAUG,CAAa,GAClD,OAAO,oBAAoB,WAAWC,CAAc;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,eAAe,EAAE,QAAAT,EAAA,IAAqC,IAAI;AActE,QAbIA,MAEF,KAAK,kBAAkB,IAAIA,CAAM,GAEjCA,EAAO,iBAAiB,SAAS,MAAM;AACrC,WAAK,kBAAkB,OAAOA,CAAM,GAEhC,KAAK,kBAAkB,SAAS,KAClC,KAAK,iCAAiC,MAAA;AAAA,IAE1C,CAAC,IAGC,KAAK;AACP,aAAO,KAAK;AAGd,SAAK,kCAAkC,IAAI,gBAAA,GAE3C,KAAK,gCAAgC,OAAO,iBAAiB,SAAS,MAAM;AAC1E,WAAK,iBAAiB,MACtB,KAAK,kCAAkC,MACvC,KAAK,kBAAkB,MAAA;AAAA,IACzB,CAAC;AAGD,UAAME,IAAgB,KAAK,SAAkD,SAAzCR,EAAQ,IAAI/B,CAAyB,GAGnEkD,IAAqC,CAAA;AAC3C,IAAIX,MACFW,EAAY,WAAWX,IAQzB,KAAK,iBAAiB,KAAK,YAAY,KACpC,QAAQW,GAAa;AAAA,MACpB,QAAQ,KAAK,gCAAgC;AAAA,IAAA,CAC9C,EACA,KAAK,CAACC,OAGA,KAAK,UACR,KAAK,UAAUrD,GAAqBqD,EAAS,cAAc;AAAA,MACzD,QAAQ,MAAU,KAAK;AAAA;AAAA,IAAA,CACxB,GAEIA,EACR,EACA,MAAM,KAAK,kBAAkB;AAEhC,QAAI;AACF,aAAO,MAAM,KAAK;AAAA,IACpB,UAAA;AACE,WAAK,iBAAiB,MACtB,KAAK,kCAAkC,MACvC,KAAK,kBAAkB,MAAA;AAAA,IACzB;AAAA,EACF;AACF;"}

package/dist/client/runtime-client.cjs CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const l=require("@blimu/client"),r=require("../utils/publishable-key.cjs"),o=require("./auth.service.cjs"),a=require("./external-store.cjs");class u{constructor(e){if(this.authDomain=null,this.initialized=!1,this.initializePromise=null,this.initializeAbortController=null,this.redirectToAuth=i=>{const n=i||window.location.href,s=new URL(`${this.authDomain}/login`);s.searchParams.set("redirect_url",encodeURIComponent(n)),window.location.href=s.toString()},this.logout=async()=>{try{const i=this.session.getSessionToken();i&&await this.client.auth.logout({headers:{"x-blimu-publishable-key":this.config.publishableKey,Authorization:`Bearer ${i}`}})}catch(i){console.error("Logout error:",i)}finally{this.store.setState({user:null,error:null,status:"unauthenticated"})}},this.getAccessToken=async i=>await this.session.getSessionToken()??null,this.config=e,this.store=new a.ExternalStore({user:null,error:null,status:"idle"}),this.isLive=e.publishableKey.includes("live"),this.authDomain=r.getAuthDomainFromPublishableKey(e.publishableKey),!this.authDomain)throw new Error("Failed to determine auth domain from publishable key");const t=r.getAuthApiUrl(e.publishableKey);if(!t)throw new Error("Failed to determine auth API URL from publishable key");this.client=new l.Blimu({baseURL:t,accessToken:()=>this.session.getSessionToken(),headers:{"x-blimu-publishable-key":e.publishableKey}}),this.session=new o.AuthSessionService(this.isLive,this.client,this.store,t,e.publishableKey),this.initialize=this.initialize.bind(this)}initialize(){if(!this.initialized&&!this.initializePromise)return this.initializeAbortController=new AbortController,this.initializePromise=this.session.initialize({signal:this.initializeAbortController.signal}).then(e=>{e.error?this.store.setState({user:null,error:e.error,status:"error"}):e.user?this.store.setState({user:e.user,error:null,status:"authenticated"}):this.store.setState({user:null,error:null,status:"unauthenticated"})}).catch(e=>{console.error("Initialize error:",e),this.store.setState({user:null,error:e instanceof Error?e.message:"Initialization failed",status:"error"})}).finally(()=>{this.initialized=!0,this.initializePromise=null}),()=>{console.log("aborting initialize"),this.initializeAbortController?.abort("unmounting"),this.initializePromise=null}}scheduleRefresh(){return this.session.scheduleRefresh()}getClient(){return this.client}}exports.BlimuRuntimeClientWrapper=u;
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const l=require("@blimu/client"),r=require("../utils/publishable-key.cjs"),o=require("./auth.service.cjs"),a=require("./external-store.cjs");class u{constructor(e){if(this.authDomain=null,this.initialized=!1,this.initializePromise=null,this.initializeAbortController=null,this.redirectToAuth=i=>{const n=i||window.location.href,s=new URL(`${this.authDomain}/login`);s.searchParams.set("redirect_url",encodeURIComponent(n)),window.location.href=s.toString()},this.logout=async()=>{try{const i=this.session.getSessionToken();i&&await this.client.auth.logout({headers:{"x-blimu-publishable-key":this.config.publishableKey,Authorization:`Bearer ${i}`}})}catch(i){console.error("Logout error:",i)}finally{this.store.setState({user:null,error:null,status:"unauthenticated"})}},this.getAccessToken=async i=>await this.session.getSessionToken()??null,this.config=e,this.store=new a.ExternalStore({user:null,error:null,status:"idle"}),this.isLive=e.publishableKey.includes("live"),this.authDomain=r.getAuthDomainFromPublishableKey(e.publishableKey),!this.authDomain)throw new Error("Failed to determine auth domain from publishable key");const t=r.getAuthApiUrl(e.publishableKey);if(!t)throw new Error("Failed to determine auth API URL from publishable key");this.client=new l.Blimu({baseURL:t,bearer:()=>this.session.getSessionToken(),headers:{"x-blimu-publishable-key":e.publishableKey}}),this.session=new o.AuthSessionService(this.isLive,this.client,this.store,t,e.publishableKey),this.initialize=this.initialize.bind(this)}initialize(){if(!this.initialized&&!this.initializePromise)return this.initializeAbortController=new AbortController,this.initializePromise=this.session.initialize({signal:this.initializeAbortController.signal}).then(e=>{e.error?this.store.setState({user:null,error:e.error,status:"error"}):e.user?this.store.setState({user:e.user,error:null,status:"authenticated"}):this.store.setState({user:null,error:null,status:"unauthenticated"})}).catch(e=>{console.error("Initialize error:",e),this.store.setState({user:null,error:e instanceof Error?e.message:"Initialization failed",status:"error"})}).finally(()=>{this.initialized=!0,this.initializePromise=null}),()=>{console.log("aborting initialize"),this.initializeAbortController?.abort("unmounting"),this.initializePromise=null}}scheduleRefresh(){return this.session.scheduleRefresh()}getClient(){return this.client}}exports.BlimuRuntimeClientWrapper=u;
 //# sourceMappingURL=runtime-client.cjs.map

package/dist/client/runtime-client.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"runtime-client.cjs","sources":["../../src/client/runtime-client.ts"],"sourcesContent":["import { Blimu } from '@blimu/client';\n\nimport type { AuthState, BlimuConfig, User } from '../types';\nimport { getAuthApiUrl, getAuthDomainFromPublishableKey } from '../utils/publishable-key';\nimport { AuthSessionService, LOCALHOST_JWT_URL_PARAM_NAME } from './auth.service';\nimport { ExternalStore } from './external-store';\n\nexport class BlimuRuntimeClientWrapper {\n private client: Blimu;\n private authDomain: string \| null = null;\n private initialized: boolean = false;\n private readonly session: AuthSessionService;\n\n public config: BlimuConfig;\n public isLive: boolean;\n private initializePromise: Promise<void> \| null = null;\n private initializeAbortController: AbortController \| null = null;\n\n public readonly store: ExternalStore<AuthState>;\n\n constructor(config: BlimuConfig) {\n this.config = config;\n this.store = new ExternalStore<AuthState>({\n user: null,\n error: null,\n status: 'idle',\n });\n this.isLive = config.publishableKey.includes('live');\n\n // Get auth UI domain from publishable key\n this.authDomain = getAuthDomainFromPublishableKey(config.publishableKey);\n if (!this.authDomain) {\n throw new Error('Failed to determine auth domain from publishable key');\n }\n\n // Get auth API URL from publishable key\n const authApiUrl = getAuthApiUrl(config.publishableKey);\n\n if (!authApiUrl) {\n throw new Error('Failed to determine auth API URL from publishable key');\n }\n\n this.client = new Blimu({\n baseURL: authApiUrl,\n ~~accessToken~~: () => this.session.getSessionToken(),\n headers: { 'x-blimu-publishable-key': config.publishableKey },\n });\n\n this.session = new AuthSessionService(\n this.isLive,\n this.client,\n this.store,\n authApiUrl,\n config.publishableKey,\n );\n\n this.initialize = this.initialize.bind(this);\n }\n\n /*\n Initialize authentication by checking for existing session\n * Reads session token from cookie and validates it\n * This method is idempotent - if initialization is already in progress, it will wait for that to complete\n /\n initialize(): (() => void) \| void {\n // If already initialized, return early\n if (this.initialized) return;\n\n // If initialization is in progress, return early (prevents concurrent calls)\n if (this.initializePromise) return;\n\n this.initializeAbortController = new AbortController();\n\n this.initializePromise = this.session\n .initialize({\n signal: this.initializeAbortController.signal,\n })\n .then((result) => {\n if (result.error) {\n this.store.setState({\n user: null,\n error: result.error,\n status: 'error',\n });\n } else if (result.user) {\n this.store.setState({\n user: result.user,\n error: null,\n status: 'authenticated',\n });\n } else {\n this.store.setState({\n user: null,\n error: null,\n status: 'unauthenticated',\n });\n }\n })\n .catch((error) => {\n console.error('Initialize error:', error);\n this.store.setState({\n user: null,\n error: error instanceof Error ? error.message : 'Initialization failed',\n status: 'error',\n });\n })\n .finally(() => {\n // Mark as initialized after completion (success or failure)\n // This prevents infinite loops from re-renders\n this.initialized = true;\n this.initializePromise = null;\n });\n\n return () => {\n console.log('aborting initialize');\n this.initializeAbortController?.abort('unmounting');\n this.initializePromise = null;\n // Don't reset initialized flag here - let the promise handle it\n };\n }\n\n /\n Refresh session token using the client token from httpOnly cookie\n * The client token is stored in an httpOnly cookie and sent automatically\n * Note: The auth worker should extract the __bli_client cookie and include it in the request body\n * This method is idempotent - if a refresh is already in progress, it will wait for that refresh to complete\n /\n public scheduleRefresh() {\n return this.session.scheduleRefresh();\n }\n\n /\n Redirect user to auth domain for authentication\n * Uses the auth domain derived from the publishable key\n /\n public redirectToAuth = (returnUrl?: string): void => {\n const redirectUrl = returnUrl \|\| window.location.href;\n\n // Build auth URL on the auth domain\n const authUrl = new URL(`${this.authDomain}/login`);\n authUrl.searchParams.set('redirect_url', encodeURIComponent(redirectUrl));\n\n // Redirect to auth domain\n window.location.href = authUrl.toString();\n };\n\n /\n Logout user\n * Calls the logout endpoint on the API domain using this.client\n /\n public logout = async (): Promise<void> => {\n try {\n const sessionToken = this.session.getSessionToken();\n\n if (sessionToken) {\n await this.client.auth.logout({\n headers: {\n 'x-blimu-publishable-key': this.config.publishableKey,\n Authorization: `Bearer ${sessionToken}`,\n },\n });\n }\n } catch (error) {\n console.error('Logout error:', error);\n } finally {\n this.store.setState({\n user: null,\n error: null,\n status: 'unauthenticated',\n });\n }\n };\n\n /\n Get the current session token\n /\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n getAccessToken = async (_options: { template: 'web' }): Promise<string \| null> => {\n return (await this.session.getSessionToken()) ?? null;\n };\n\n /\n Get the runtime client for direct API calls\n */\n getClient(): Blimu {\n return this.client;\n }\n}\n"],"names":["BlimuRuntimeClientWrapper","config","returnUrl","redirectUrl","authUrl","sessionToken","error","_options","ExternalStore","getAuthDomainFromPublishableKey","authApiUrl","getAuthApiUrl","Blimu","AuthSessionService","result"],"mappings":"6NAOO,MAAMA,CAA0B,CAarC,YAAYC,EAAqB,CAW/B,GAtBF,KAAQ,WAA4B,KACpC,KAAQ,YAAuB,GAK/B,KAAQ,kBAA0C,KAClD,KAAQ,0BAAoD,KAuH5D,KAAO,eAAkBC,GAA6B,CACpD,MAAMC,EAAcD,GAAa,OAAO,SAAS,KAG3CE,EAAU,IAAI,IAAI,GAAG,KAAK,UAAU,QAAQ,EAClDA,EAAQ,aAAa,IAAI,eAAgB,mBAAmBD,CAAW,CAAC,EAGxE,OAAO,SAAS,KAAOC,EAAQ,SAAA,CACjC,EAMA,KAAO,OAAS,SAA2B,CACzC,GAAI,CACF,MAAMC,EAAe,KAAK,QAAQ,gBAAA,EAE9BA,GACF,MAAM,KAAK,OAAO,KAAK,OAAO,CAC5B,QAAS,CACP,0BAA2B,KAAK,OAAO,eACvC,cAAe,UAAUA,CAAY,EAAA,CACvC,CACD,CAEL,OAASC,EAAO,CACd,QAAQ,MAAM,gBAAiBA,CAAK,CACtC,QAAA,CACE,KAAK,MAAM,SAAS,CAClB,KAAM,KACN,MAAO,KACP,OAAQ,iBAAA,CACT,CACH,CACF,EAMA,KAAA,eAAiB,MAAOC,GACd,MAAM,KAAK,QAAQ,gBAAA,GAAsB,KA7JjD,KAAK,OAASN,EACd,KAAK,MAAQ,IAAIO,gBAAyB,CACxC,KAAM,KACN,MAAO,KACP,OAAQ,MAAA,CACT,EACD,KAAK,OAASP,EAAO,eAAe,SAAS,MAAM,EAGnD,KAAK,WAAaQ,kCAAgCR,EAAO,cAAc,EACnE,CAAC,KAAK,WACR,MAAM,IAAI,MAAM,sDAAsD,EAIxE,MAAMS,EAAaC,EAAAA,cAAcV,EAAO,cAAc,EAEtD,GAAI,CAACS,EACH,MAAM,IAAI,MAAM,uDAAuD,EAGzE,KAAK,OAAS,IAAIE,QAAM,CACtB,QAASF,EACT,~~YAAa~~,IAAM,KAAK,QAAQ,gBAAA,~~EAChC~~,QAAS,CAAE,0BAA2BT,EAAO,cAAA,CAAe,CAC7D,EAED,KAAK,QAAU,IAAIY,EAAAA,mBACjB,KAAK,OACL,KAAK,OACL,KAAK,MACLH,EACAT,EAAO,cAAA,EAGT,KAAK,WAAa,KAAK,WAAW,KAAK,IAAI,CAC7C,CAOA,YAAkC,CAEhC,GAAI,MAAK,aAGL,MAAK,kBAET,YAAK,0BAA4B,IAAI,gBAErC,KAAK,kBAAoB,KAAK,QAC3B,WAAW,CACV,OAAQ,KAAK,0BAA0B,MAAA,CACxC,EACA,KAAMa,GAAW,CACZA,EAAO,MACT,KAAK,MAAM,SAAS,CAClB,KAAM,KACN,MAAOA,EAAO,MACd,OAAQ,OAAA,CACT,EACQA,EAAO,KAChB,KAAK,MAAM,SAAS,CAClB,KAAMA,EAAO,KACb,MAAO,KACP,OAAQ,eAAA,CACT,EAED,KAAK,MAAM,SAAS,CAClB,KAAM,KACN,MAAO,KACP,OAAQ,iBAAA,CACT,CAEL,CAAC,EACA,MAAOR,GAAU,CAChB,QAAQ,MAAM,oBAAqBA,CAAK,EACxC,KAAK,MAAM,SAAS,CAClB,KAAM,KACN,MAAOA,aAAiB,MAAQA,EAAM,QAAU,wBAChD,OAAQ,OAAA,CACT,CACH,CAAC,EACA,QAAQ,IAAM,CAGb,KAAK,YAAc,GACnB,KAAK,kBAAoB,IAC3B,CAAC,EAEI,IAAM,CACX,QAAQ,IAAI,qBAAqB,EACjC,KAAK,2BAA2B,MAAM,YAAY,EAClD,KAAK,kBAAoB,IAE3B,CACF,CAQO,iBAAkB,CACvB,OAAO,KAAK,QAAQ,gBAAA,CACtB,CAuDA,WAAmB,CACjB,OAAO,KAAK,MACd,CACF"}
1	+ {"version":3,"file":"runtime-client.cjs","sources":["../../src/client/runtime-client.ts"],"sourcesContent":["import { Blimu } from '@blimu/client';\n\nimport type { AuthState, BlimuConfig, User } from '../types';\nimport { getAuthApiUrl, getAuthDomainFromPublishableKey } from '../utils/publishable-key';\nimport { AuthSessionService, LOCALHOST_JWT_URL_PARAM_NAME } from './auth.service';\nimport { ExternalStore } from './external-store';\n\nexport class BlimuRuntimeClientWrapper {\n private client: Blimu;\n private authDomain: string \| null = null;\n private initialized: boolean = false;\n private readonly session: AuthSessionService;\n\n public config: BlimuConfig;\n public isLive: boolean;\n private initializePromise: Promise<void> \| null = null;\n private initializeAbortController: AbortController \| null = null;\n\n public readonly store: ExternalStore<AuthState>;\n\n constructor(config: BlimuConfig) {\n this.config = config;\n this.store = new ExternalStore<AuthState>({\n user: null,\n error: null,\n status: 'idle',\n });\n this.isLive = config.publishableKey.includes('live');\n\n // Get auth UI domain from publishable key\n this.authDomain = getAuthDomainFromPublishableKey(config.publishableKey);\n if (!this.authDomain) {\n throw new Error('Failed to determine auth domain from publishable key');\n }\n\n // Get auth API URL from publishable key\n const authApiUrl = getAuthApiUrl(config.publishableKey);\n\n if (!authApiUrl) {\n throw new Error('Failed to determine auth API URL from publishable key');\n }\n\n this.client = new Blimu({\n baseURL: authApiUrl,\n bearer: () => this.session.getSessionToken(),\n headers: { 'x-blimu-publishable-key': config.publishableKey },\n });\n\n this.session = new AuthSessionService(\n this.isLive,\n this.client,\n this.store,\n authApiUrl,\n config.publishableKey,\n );\n\n this.initialize = this.initialize.bind(this);\n }\n\n /*\n Initialize authentication by checking for existing session\n * Reads session token from cookie and validates it\n * This method is idempotent - if initialization is already in progress, it will wait for that to complete\n /\n initialize(): (() => void) \| void {\n // If already initialized, return early\n if (this.initialized) return;\n\n // If initialization is in progress, return early (prevents concurrent calls)\n if (this.initializePromise) return;\n\n this.initializeAbortController = new AbortController();\n\n this.initializePromise = this.session\n .initialize({\n signal: this.initializeAbortController.signal,\n })\n .then((result) => {\n if (result.error) {\n this.store.setState({\n user: null,\n error: result.error,\n status: 'error',\n });\n } else if (result.user) {\n this.store.setState({\n user: result.user,\n error: null,\n status: 'authenticated',\n });\n } else {\n this.store.setState({\n user: null,\n error: null,\n status: 'unauthenticated',\n });\n }\n })\n .catch((error) => {\n console.error('Initialize error:', error);\n this.store.setState({\n user: null,\n error: error instanceof Error ? error.message : 'Initialization failed',\n status: 'error',\n });\n })\n .finally(() => {\n // Mark as initialized after completion (success or failure)\n // This prevents infinite loops from re-renders\n this.initialized = true;\n this.initializePromise = null;\n });\n\n return () => {\n console.log('aborting initialize');\n this.initializeAbortController?.abort('unmounting');\n this.initializePromise = null;\n // Don't reset initialized flag here - let the promise handle it\n };\n }\n\n /\n Refresh session token using the client token from httpOnly cookie\n * The client token is stored in an httpOnly cookie and sent automatically\n * Note: The auth worker should extract the __bli_client cookie and include it in the request body\n * This method is idempotent - if a refresh is already in progress, it will wait for that refresh to complete\n /\n public scheduleRefresh() {\n return this.session.scheduleRefresh();\n }\n\n /\n Redirect user to auth domain for authentication\n * Uses the auth domain derived from the publishable key\n /\n public redirectToAuth = (returnUrl?: string): void => {\n const redirectUrl = returnUrl \|\| window.location.href;\n\n // Build auth URL on the auth domain\n const authUrl = new URL(`${this.authDomain}/login`);\n authUrl.searchParams.set('redirect_url', encodeURIComponent(redirectUrl));\n\n // Redirect to auth domain\n window.location.href = authUrl.toString();\n };\n\n /\n Logout user\n * Calls the logout endpoint on the API domain using this.client\n /\n public logout = async (): Promise<void> => {\n try {\n const sessionToken = this.session.getSessionToken();\n\n if (sessionToken) {\n await this.client.auth.logout({\n headers: {\n 'x-blimu-publishable-key': this.config.publishableKey,\n Authorization: `Bearer ${sessionToken}`,\n },\n });\n }\n } catch (error) {\n console.error('Logout error:', error);\n } finally {\n this.store.setState({\n user: null,\n error: null,\n status: 'unauthenticated',\n });\n }\n };\n\n /\n Get the current session token\n /\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n getAccessToken = async (_options: { template: 'web' }): Promise<string \| null> => {\n return (await this.session.getSessionToken()) ?? null;\n };\n\n /\n Get the runtime client for direct API calls\n */\n getClient(): Blimu {\n return this.client;\n }\n}\n"],"names":["BlimuRuntimeClientWrapper","config","returnUrl","redirectUrl","authUrl","sessionToken","error","_options","ExternalStore","getAuthDomainFromPublishableKey","authApiUrl","getAuthApiUrl","Blimu","AuthSessionService","result"],"mappings":"6NAOO,MAAMA,CAA0B,CAarC,YAAYC,EAAqB,CAW/B,GAtBF,KAAQ,WAA4B,KACpC,KAAQ,YAAuB,GAK/B,KAAQ,kBAA0C,KAClD,KAAQ,0BAAoD,KAuH5D,KAAO,eAAkBC,GAA6B,CACpD,MAAMC,EAAcD,GAAa,OAAO,SAAS,KAG3CE,EAAU,IAAI,IAAI,GAAG,KAAK,UAAU,QAAQ,EAClDA,EAAQ,aAAa,IAAI,eAAgB,mBAAmBD,CAAW,CAAC,EAGxE,OAAO,SAAS,KAAOC,EAAQ,SAAA,CACjC,EAMA,KAAO,OAAS,SAA2B,CACzC,GAAI,CACF,MAAMC,EAAe,KAAK,QAAQ,gBAAA,EAE9BA,GACF,MAAM,KAAK,OAAO,KAAK,OAAO,CAC5B,QAAS,CACP,0BAA2B,KAAK,OAAO,eACvC,cAAe,UAAUA,CAAY,EAAA,CACvC,CACD,CAEL,OAASC,EAAO,CACd,QAAQ,MAAM,gBAAiBA,CAAK,CACtC,QAAA,CACE,KAAK,MAAM,SAAS,CAClB,KAAM,KACN,MAAO,KACP,OAAQ,iBAAA,CACT,CACH,CACF,EAMA,KAAA,eAAiB,MAAOC,GACd,MAAM,KAAK,QAAQ,gBAAA,GAAsB,KA7JjD,KAAK,OAASN,EACd,KAAK,MAAQ,IAAIO,gBAAyB,CACxC,KAAM,KACN,MAAO,KACP,OAAQ,MAAA,CACT,EACD,KAAK,OAASP,EAAO,eAAe,SAAS,MAAM,EAGnD,KAAK,WAAaQ,kCAAgCR,EAAO,cAAc,EACnE,CAAC,KAAK,WACR,MAAM,IAAI,MAAM,sDAAsD,EAIxE,MAAMS,EAAaC,EAAAA,cAAcV,EAAO,cAAc,EAEtD,GAAI,CAACS,EACH,MAAM,IAAI,MAAM,uDAAuD,EAGzE,KAAK,OAAS,IAAIE,QAAM,CACtB,QAASF,EACT,OAAQ,IAAM,KAAK,QAAQ,gBAAA,EAC3B,QAAS,CAAE,0BAA2BT,EAAO,cAAA,CAAe,CAC7D,EAED,KAAK,QAAU,IAAIY,EAAAA,mBACjB,KAAK,OACL,KAAK,OACL,KAAK,MACLH,EACAT,EAAO,cAAA,EAGT,KAAK,WAAa,KAAK,WAAW,KAAK,IAAI,CAC7C,CAOA,YAAkC,CAEhC,GAAI,MAAK,aAGL,MAAK,kBAET,YAAK,0BAA4B,IAAI,gBAErC,KAAK,kBAAoB,KAAK,QAC3B,WAAW,CACV,OAAQ,KAAK,0BAA0B,MAAA,CACxC,EACA,KAAMa,GAAW,CACZA,EAAO,MACT,KAAK,MAAM,SAAS,CAClB,KAAM,KACN,MAAOA,EAAO,MACd,OAAQ,OAAA,CACT,EACQA,EAAO,KAChB,KAAK,MAAM,SAAS,CAClB,KAAMA,EAAO,KACb,MAAO,KACP,OAAQ,eAAA,CACT,EAED,KAAK,MAAM,SAAS,CAClB,KAAM,KACN,MAAO,KACP,OAAQ,iBAAA,CACT,CAEL,CAAC,EACA,MAAOR,GAAU,CAChB,QAAQ,MAAM,oBAAqBA,CAAK,EACxC,KAAK,MAAM,SAAS,CAClB,KAAM,KACN,MAAOA,aAAiB,MAAQA,EAAM,QAAU,wBAChD,OAAQ,OAAA,CACT,CACH,CAAC,EACA,QAAQ,IAAM,CAGb,KAAK,YAAc,GACnB,KAAK,kBAAoB,IAC3B,CAAC,EAEI,IAAM,CACX,QAAQ,IAAI,qBAAqB,EACjC,KAAK,2BAA2B,MAAM,YAAY,EAClD,KAAK,kBAAoB,IAE3B,CACF,CAQO,iBAAkB,CACvB,OAAO,KAAK,QAAQ,gBAAA,CACtB,CAuDA,WAAmB,CACjB,OAAO,KAAK,MACd,CACF"}

package/dist/client/runtime-client.js CHANGED Viewed

@@ -1,5 +1,5 @@
-import { Blimu as n } from "@blimu/client";
-import { getAuthDomainFromPublishableKey as l, getAuthApiUrl as o } from "../utils/publishable-key.js";
+import { Blimu as l } from "@blimu/client";
+import { getAuthDomainFromPublishableKey as n, getAuthApiUrl as o } from "../utils/publishable-key.js";
 import { AuthSessionService as a } from "./auth.service.js";
 import { ExternalStore as h } from "./external-store.js";
 class p {
@@ -29,14 +29,14 @@ class p {
       user: null,
       error: null,
       status: "idle"
-    }), this.isLive = i.publishableKey.includes("live"), this.authDomain = l(i.publishableKey), !this.authDomain)
+    }), this.isLive = i.publishableKey.includes("live"), this.authDomain = n(i.publishableKey), !this.authDomain)
       throw new Error("Failed to determine auth domain from publishable key");
     const t = o(i.publishableKey);
     if (!t)
       throw new Error("Failed to determine auth API URL from publishable key");
-    this.client = new n({
+    this.client = new l({
       baseURL: t,
-      accessToken: () => this.session.getSessionToken(),
+      bearer: () => this.session.getSessionToken(),
       headers: { "x-blimu-publishable-key": i.publishableKey }
     }), this.session = new a(
       this.isLive,

package/dist/client/runtime-client.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"runtime-client.js","sources":["../../src/client/runtime-client.ts"],"sourcesContent":["import { Blimu } from '@blimu/client';\n\nimport type { AuthState, BlimuConfig, User } from '../types';\nimport { getAuthApiUrl, getAuthDomainFromPublishableKey } from '../utils/publishable-key';\nimport { AuthSessionService, LOCALHOST_JWT_URL_PARAM_NAME } from './auth.service';\nimport { ExternalStore } from './external-store';\n\nexport class BlimuRuntimeClientWrapper {\n private client: Blimu;\n private authDomain: string \| null = null;\n private initialized: boolean = false;\n private readonly session: AuthSessionService;\n\n public config: BlimuConfig;\n public isLive: boolean;\n private initializePromise: Promise<void> \| null = null;\n private initializeAbortController: AbortController \| null = null;\n\n public readonly store: ExternalStore<AuthState>;\n\n constructor(config: BlimuConfig) {\n this.config = config;\n this.store = new ExternalStore<AuthState>({\n user: null,\n error: null,\n status: 'idle',\n });\n this.isLive = config.publishableKey.includes('live');\n\n // Get auth UI domain from publishable key\n this.authDomain = getAuthDomainFromPublishableKey(config.publishableKey);\n if (!this.authDomain) {\n throw new Error('Failed to determine auth domain from publishable key');\n }\n\n // Get auth API URL from publishable key\n const authApiUrl = getAuthApiUrl(config.publishableKey);\n\n if (!authApiUrl) {\n throw new Error('Failed to determine auth API URL from publishable key');\n }\n\n this.client = new Blimu({\n baseURL: authApiUrl,\n ~~accessToken~~: () => this.session.getSessionToken(),\n headers: { 'x-blimu-publishable-key': config.publishableKey },\n });\n\n this.session = new AuthSessionService(\n this.isLive,\n this.client,\n this.store,\n authApiUrl,\n config.publishableKey,\n );\n\n this.initialize = this.initialize.bind(this);\n }\n\n /*\n Initialize authentication by checking for existing session\n * Reads session token from cookie and validates it\n * This method is idempotent - if initialization is already in progress, it will wait for that to complete\n /\n initialize(): (() => void) \| void {\n // If already initialized, return early\n if (this.initialized) return;\n\n // If initialization is in progress, return early (prevents concurrent calls)\n if (this.initializePromise) return;\n\n this.initializeAbortController = new AbortController();\n\n this.initializePromise = this.session\n .initialize({\n signal: this.initializeAbortController.signal,\n })\n .then((result) => {\n if (result.error) {\n this.store.setState({\n user: null,\n error: result.error,\n status: 'error',\n });\n } else if (result.user) {\n this.store.setState({\n user: result.user,\n error: null,\n status: 'authenticated',\n });\n } else {\n this.store.setState({\n user: null,\n error: null,\n status: 'unauthenticated',\n });\n }\n })\n .catch((error) => {\n console.error('Initialize error:', error);\n this.store.setState({\n user: null,\n error: error instanceof Error ? error.message : 'Initialization failed',\n status: 'error',\n });\n })\n .finally(() => {\n // Mark as initialized after completion (success or failure)\n // This prevents infinite loops from re-renders\n this.initialized = true;\n this.initializePromise = null;\n });\n\n return () => {\n console.log('aborting initialize');\n this.initializeAbortController?.abort('unmounting');\n this.initializePromise = null;\n // Don't reset initialized flag here - let the promise handle it\n };\n }\n\n /\n Refresh session token using the client token from httpOnly cookie\n * The client token is stored in an httpOnly cookie and sent automatically\n * Note: The auth worker should extract the __bli_client cookie and include it in the request body\n * This method is idempotent - if a refresh is already in progress, it will wait for that refresh to complete\n /\n public scheduleRefresh() {\n return this.session.scheduleRefresh();\n }\n\n /\n Redirect user to auth domain for authentication\n * Uses the auth domain derived from the publishable key\n /\n public redirectToAuth = (returnUrl?: string): void => {\n const redirectUrl = returnUrl \|\| window.location.href;\n\n // Build auth URL on the auth domain\n const authUrl = new URL(`${this.authDomain}/login`);\n authUrl.searchParams.set('redirect_url', encodeURIComponent(redirectUrl));\n\n // Redirect to auth domain\n window.location.href = authUrl.toString();\n };\n\n /\n Logout user\n * Calls the logout endpoint on the API domain using this.client\n /\n public logout = async (): Promise<void> => {\n try {\n const sessionToken = this.session.getSessionToken();\n\n if (sessionToken) {\n await this.client.auth.logout({\n headers: {\n 'x-blimu-publishable-key': this.config.publishableKey,\n Authorization: `Bearer ${sessionToken}`,\n },\n });\n }\n } catch (error) {\n console.error('Logout error:', error);\n } finally {\n this.store.setState({\n user: null,\n error: null,\n status: 'unauthenticated',\n });\n }\n };\n\n /\n Get the current session token\n /\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n getAccessToken = async (_options: { template: 'web' }): Promise<string \| null> => {\n return (await this.session.getSessionToken()) ?? null;\n };\n\n /\n Get the runtime client for direct API calls\n */\n getClient(): Blimu {\n return this.client;\n }\n}\n"],"names":["BlimuRuntimeClientWrapper","config","returnUrl","redirectUrl","authUrl","sessionToken","error","_options","ExternalStore","getAuthDomainFromPublishableKey","authApiUrl","getAuthApiUrl","Blimu","AuthSessionService","result"],"mappings":";;;;AAOO,MAAMA,EAA0B;AAAA,EAarC,YAAYC,GAAqB;AAW/B,QAtBF,KAAQ,aAA4B,MACpC,KAAQ,cAAuB,IAK/B,KAAQ,oBAA0C,MAClD,KAAQ,4BAAoD,MAuH5D,KAAO,iBAAiB,CAACC,MAA6B;AACpD,YAAMC,IAAcD,KAAa,OAAO,SAAS,MAG3CE,IAAU,IAAI,IAAI,GAAG,KAAK,UAAU,QAAQ;AAClD,MAAAA,EAAQ,aAAa,IAAI,gBAAgB,mBAAmBD,CAAW,CAAC,GAGxE,OAAO,SAAS,OAAOC,EAAQ,SAAA;AAAA,IACjC,GAMA,KAAO,SAAS,YAA2B;AACzC,UAAI;AACF,cAAMC,IAAe,KAAK,QAAQ,gBAAA;AAElC,QAAIA,KACF,MAAM,KAAK,OAAO,KAAK,OAAO;AAAA,UAC5B,SAAS;AAAA,YACP,2BAA2B,KAAK,OAAO;AAAA,YACvC,eAAe,UAAUA,CAAY;AAAA,UAAA;AAAA,QACvC,CACD;AAAA,MAEL,SAASC,GAAO;AACd,gBAAQ,MAAM,iBAAiBA,CAAK;AAAA,MACtC,UAAA;AACE,aAAK,MAAM,SAAS;AAAA,UAClB,MAAM;AAAA,UACN,OAAO;AAAA,UACP,QAAQ;AAAA,QAAA,CACT;AAAA,MACH;AAAA,IACF,GAMA,KAAA,iBAAiB,OAAOC,MACd,MAAM,KAAK,QAAQ,gBAAA,KAAsB,MA7JjD,KAAK,SAASN,GACd,KAAK,QAAQ,IAAIO,EAAyB;AAAA,MACxC,MAAM;AAAA,MACN,OAAO;AAAA,MACP,QAAQ;AAAA,IAAA,CACT,GACD,KAAK,SAASP,EAAO,eAAe,SAAS,MAAM,GAGnD,KAAK,aAAaQ,EAAgCR,EAAO,cAAc,GACnE,CAAC,KAAK;AACR,YAAM,IAAI,MAAM,sDAAsD;AAIxE,UAAMS,IAAaC,EAAcV,EAAO,cAAc;AAEtD,QAAI,CAACS;AACH,YAAM,IAAI,MAAM,uDAAuD;AAGzE,SAAK,SAAS,IAAIE,EAAM;AAAA,MACtB,SAASF;AAAA,MACT,~~aAAa~~,MAAM,KAAK,QAAQ,gBAAA;AAAA,~~MAChC~~,SAAS,EAAE,2BAA2BT,EAAO,eAAA;AAAA,IAAe,CAC7D,GAED,KAAK,UAAU,IAAIY;AAAA,MACjB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACLH;AAAA,MACAT,EAAO;AAAA,IAAA,GAGT,KAAK,aAAa,KAAK,WAAW,KAAK,IAAI;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAkC;AAEhC,QAAI,MAAK,eAGL,MAAK;AAET,kBAAK,4BAA4B,IAAI,gBAAA,GAErC,KAAK,oBAAoB,KAAK,QAC3B,WAAW;AAAA,QACV,QAAQ,KAAK,0BAA0B;AAAA,MAAA,CACxC,EACA,KAAK,CAACa,MAAW;AAChB,QAAIA,EAAO,QACT,KAAK,MAAM,SAAS;AAAA,UAClB,MAAM;AAAA,UACN,OAAOA,EAAO;AAAA,UACd,QAAQ;AAAA,QAAA,CACT,IACQA,EAAO,OAChB,KAAK,MAAM,SAAS;AAAA,UAClB,MAAMA,EAAO;AAAA,UACb,OAAO;AAAA,UACP,QAAQ;AAAA,QAAA,CACT,IAED,KAAK,MAAM,SAAS;AAAA,UAClB,MAAM;AAAA,UACN,OAAO;AAAA,UACP,QAAQ;AAAA,QAAA,CACT;AAAA,MAEL,CAAC,EACA,MAAM,CAACR,MAAU;AAChB,gBAAQ,MAAM,qBAAqBA,CAAK,GACxC,KAAK,MAAM,SAAS;AAAA,UAClB,MAAM;AAAA,UACN,OAAOA,aAAiB,QAAQA,EAAM,UAAU;AAAA,UAChD,QAAQ;AAAA,QAAA,CACT;AAAA,MACH,CAAC,EACA,QAAQ,MAAM;AAGb,aAAK,cAAc,IACnB,KAAK,oBAAoB;AAAA,MAC3B,CAAC,GAEI,MAAM;AACX,gBAAQ,IAAI,qBAAqB,GACjC,KAAK,2BAA2B,MAAM,YAAY,GAClD,KAAK,oBAAoB;AAAA,MAE3B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQO,kBAAkB;AACvB,WAAO,KAAK,QAAQ,gBAAA;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA,EAuDA,YAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AACF;"}
1	+ {"version":3,"file":"runtime-client.js","sources":["../../src/client/runtime-client.ts"],"sourcesContent":["import { Blimu } from '@blimu/client';\n\nimport type { AuthState, BlimuConfig, User } from '../types';\nimport { getAuthApiUrl, getAuthDomainFromPublishableKey } from '../utils/publishable-key';\nimport { AuthSessionService, LOCALHOST_JWT_URL_PARAM_NAME } from './auth.service';\nimport { ExternalStore } from './external-store';\n\nexport class BlimuRuntimeClientWrapper {\n private client: Blimu;\n private authDomain: string \| null = null;\n private initialized: boolean = false;\n private readonly session: AuthSessionService;\n\n public config: BlimuConfig;\n public isLive: boolean;\n private initializePromise: Promise<void> \| null = null;\n private initializeAbortController: AbortController \| null = null;\n\n public readonly store: ExternalStore<AuthState>;\n\n constructor(config: BlimuConfig) {\n this.config = config;\n this.store = new ExternalStore<AuthState>({\n user: null,\n error: null,\n status: 'idle',\n });\n this.isLive = config.publishableKey.includes('live');\n\n // Get auth UI domain from publishable key\n this.authDomain = getAuthDomainFromPublishableKey(config.publishableKey);\n if (!this.authDomain) {\n throw new Error('Failed to determine auth domain from publishable key');\n }\n\n // Get auth API URL from publishable key\n const authApiUrl = getAuthApiUrl(config.publishableKey);\n\n if (!authApiUrl) {\n throw new Error('Failed to determine auth API URL from publishable key');\n }\n\n this.client = new Blimu({\n baseURL: authApiUrl,\n bearer: () => this.session.getSessionToken(),\n headers: { 'x-blimu-publishable-key': config.publishableKey },\n });\n\n this.session = new AuthSessionService(\n this.isLive,\n this.client,\n this.store,\n authApiUrl,\n config.publishableKey,\n );\n\n this.initialize = this.initialize.bind(this);\n }\n\n /*\n Initialize authentication by checking for existing session\n * Reads session token from cookie and validates it\n * This method is idempotent - if initialization is already in progress, it will wait for that to complete\n /\n initialize(): (() => void) \| void {\n // If already initialized, return early\n if (this.initialized) return;\n\n // If initialization is in progress, return early (prevents concurrent calls)\n if (this.initializePromise) return;\n\n this.initializeAbortController = new AbortController();\n\n this.initializePromise = this.session\n .initialize({\n signal: this.initializeAbortController.signal,\n })\n .then((result) => {\n if (result.error) {\n this.store.setState({\n user: null,\n error: result.error,\n status: 'error',\n });\n } else if (result.user) {\n this.store.setState({\n user: result.user,\n error: null,\n status: 'authenticated',\n });\n } else {\n this.store.setState({\n user: null,\n error: null,\n status: 'unauthenticated',\n });\n }\n })\n .catch((error) => {\n console.error('Initialize error:', error);\n this.store.setState({\n user: null,\n error: error instanceof Error ? error.message : 'Initialization failed',\n status: 'error',\n });\n })\n .finally(() => {\n // Mark as initialized after completion (success or failure)\n // This prevents infinite loops from re-renders\n this.initialized = true;\n this.initializePromise = null;\n });\n\n return () => {\n console.log('aborting initialize');\n this.initializeAbortController?.abort('unmounting');\n this.initializePromise = null;\n // Don't reset initialized flag here - let the promise handle it\n };\n }\n\n /\n Refresh session token using the client token from httpOnly cookie\n * The client token is stored in an httpOnly cookie and sent automatically\n * Note: The auth worker should extract the __bli_client cookie and include it in the request body\n * This method is idempotent - if a refresh is already in progress, it will wait for that refresh to complete\n /\n public scheduleRefresh() {\n return this.session.scheduleRefresh();\n }\n\n /\n Redirect user to auth domain for authentication\n * Uses the auth domain derived from the publishable key\n /\n public redirectToAuth = (returnUrl?: string): void => {\n const redirectUrl = returnUrl \|\| window.location.href;\n\n // Build auth URL on the auth domain\n const authUrl = new URL(`${this.authDomain}/login`);\n authUrl.searchParams.set('redirect_url', encodeURIComponent(redirectUrl));\n\n // Redirect to auth domain\n window.location.href = authUrl.toString();\n };\n\n /\n Logout user\n * Calls the logout endpoint on the API domain using this.client\n /\n public logout = async (): Promise<void> => {\n try {\n const sessionToken = this.session.getSessionToken();\n\n if (sessionToken) {\n await this.client.auth.logout({\n headers: {\n 'x-blimu-publishable-key': this.config.publishableKey,\n Authorization: `Bearer ${sessionToken}`,\n },\n });\n }\n } catch (error) {\n console.error('Logout error:', error);\n } finally {\n this.store.setState({\n user: null,\n error: null,\n status: 'unauthenticated',\n });\n }\n };\n\n /\n Get the current session token\n /\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n getAccessToken = async (_options: { template: 'web' }): Promise<string \| null> => {\n return (await this.session.getSessionToken()) ?? null;\n };\n\n /\n Get the runtime client for direct API calls\n */\n getClient(): Blimu {\n return this.client;\n }\n}\n"],"names":["BlimuRuntimeClientWrapper","config","returnUrl","redirectUrl","authUrl","sessionToken","error","_options","ExternalStore","getAuthDomainFromPublishableKey","authApiUrl","getAuthApiUrl","Blimu","AuthSessionService","result"],"mappings":";;;;AAOO,MAAMA,EAA0B;AAAA,EAarC,YAAYC,GAAqB;AAW/B,QAtBF,KAAQ,aAA4B,MACpC,KAAQ,cAAuB,IAK/B,KAAQ,oBAA0C,MAClD,KAAQ,4BAAoD,MAuH5D,KAAO,iBAAiB,CAACC,MAA6B;AACpD,YAAMC,IAAcD,KAAa,OAAO,SAAS,MAG3CE,IAAU,IAAI,IAAI,GAAG,KAAK,UAAU,QAAQ;AAClD,MAAAA,EAAQ,aAAa,IAAI,gBAAgB,mBAAmBD,CAAW,CAAC,GAGxE,OAAO,SAAS,OAAOC,EAAQ,SAAA;AAAA,IACjC,GAMA,KAAO,SAAS,YAA2B;AACzC,UAAI;AACF,cAAMC,IAAe,KAAK,QAAQ,gBAAA;AAElC,QAAIA,KACF,MAAM,KAAK,OAAO,KAAK,OAAO;AAAA,UAC5B,SAAS;AAAA,YACP,2BAA2B,KAAK,OAAO;AAAA,YACvC,eAAe,UAAUA,CAAY;AAAA,UAAA;AAAA,QACvC,CACD;AAAA,MAEL,SAASC,GAAO;AACd,gBAAQ,MAAM,iBAAiBA,CAAK;AAAA,MACtC,UAAA;AACE,aAAK,MAAM,SAAS;AAAA,UAClB,MAAM;AAAA,UACN,OAAO;AAAA,UACP,QAAQ;AAAA,QAAA,CACT;AAAA,MACH;AAAA,IACF,GAMA,KAAA,iBAAiB,OAAOC,MACd,MAAM,KAAK,QAAQ,gBAAA,KAAsB,MA7JjD,KAAK,SAASN,GACd,KAAK,QAAQ,IAAIO,EAAyB;AAAA,MACxC,MAAM;AAAA,MACN,OAAO;AAAA,MACP,QAAQ;AAAA,IAAA,CACT,GACD,KAAK,SAASP,EAAO,eAAe,SAAS,MAAM,GAGnD,KAAK,aAAaQ,EAAgCR,EAAO,cAAc,GACnE,CAAC,KAAK;AACR,YAAM,IAAI,MAAM,sDAAsD;AAIxE,UAAMS,IAAaC,EAAcV,EAAO,cAAc;AAEtD,QAAI,CAACS;AACH,YAAM,IAAI,MAAM,uDAAuD;AAGzE,SAAK,SAAS,IAAIE,EAAM;AAAA,MACtB,SAASF;AAAA,MACT,QAAQ,MAAM,KAAK,QAAQ,gBAAA;AAAA,MAC3B,SAAS,EAAE,2BAA2BT,EAAO,eAAA;AAAA,IAAe,CAC7D,GAED,KAAK,UAAU,IAAIY;AAAA,MACjB,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACLH;AAAA,MACAT,EAAO;AAAA,IAAA,GAGT,KAAK,aAAa,KAAK,WAAW,KAAK,IAAI;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAkC;AAEhC,QAAI,MAAK,eAGL,MAAK;AAET,kBAAK,4BAA4B,IAAI,gBAAA,GAErC,KAAK,oBAAoB,KAAK,QAC3B,WAAW;AAAA,QACV,QAAQ,KAAK,0BAA0B;AAAA,MAAA,CACxC,EACA,KAAK,CAACa,MAAW;AAChB,QAAIA,EAAO,QACT,KAAK,MAAM,SAAS;AAAA,UAClB,MAAM;AAAA,UACN,OAAOA,EAAO;AAAA,UACd,QAAQ;AAAA,QAAA,CACT,IACQA,EAAO,OAChB,KAAK,MAAM,SAAS;AAAA,UAClB,MAAMA,EAAO;AAAA,UACb,OAAO;AAAA,UACP,QAAQ;AAAA,QAAA,CACT,IAED,KAAK,MAAM,SAAS;AAAA,UAClB,MAAM;AAAA,UACN,OAAO;AAAA,UACP,QAAQ;AAAA,QAAA,CACT;AAAA,MAEL,CAAC,EACA,MAAM,CAACR,MAAU;AAChB,gBAAQ,MAAM,qBAAqBA,CAAK,GACxC,KAAK,MAAM,SAAS;AAAA,UAClB,MAAM;AAAA,UACN,OAAOA,aAAiB,QAAQA,EAAM,UAAU;AAAA,UAChD,QAAQ;AAAA,QAAA,CACT;AAAA,MACH,CAAC,EACA,QAAQ,MAAM;AAGb,aAAK,cAAc,IACnB,KAAK,oBAAoB;AAAA,MAC3B,CAAC,GAEI,MAAM;AACX,gBAAQ,IAAI,qBAAqB,GACjC,KAAK,2BAA2B,MAAM,YAAY,GAClD,KAAK,oBAAoB;AAAA,MAE3B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQO,kBAAkB;AACvB,WAAO,KAAK,QAAQ,gBAAA;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA,EAuDA,YAAmB;AACjB,WAAO,KAAK;AAAA,EACd;AACF;"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blimu/react",
-  "version": "0.7.0",
+  "version": "1.1.0",
   "description": "React components and hooks for Blimu authentication and authorization",
   "type": "module",
   "repository": {
@@ -44,7 +44,7 @@
     }
   },
   "dependencies": {
-    "@blimu/client": "0.7.0",
+    "@blimu/client": "1.1.0",
     "@radix-ui/react-avatar": "^1.1.11",
     "@radix-ui/react-dropdown-menu": "^2.1.16",
     "@radix-ui/react-popover": "^1.1.15",