@blimu/react 1.1.0 → 1.1.4

package/README.md

@@ -269,7 +269,7 @@ function Component() {
     isLoading,          // Boolean
     login,              // (returnUrl?) => void
     logout,             // () => Promise<void>
-    getToken,           // (options) => Promise<string | null>
+    getToken,           // (options) => Promise<string | undefined>
   } = useAuth();
 }
 ```

package/dist/_virtual/index.cjs

@@ -1,2 +1,6 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("../node_modules/use-sync-external-store/shim/index.cjs");var r=e.__require();exports.shimExports=r;
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const index = require("../node_modules/use-sync-external-store/shim/index.cjs");
+var shimExports = index.__require();
+exports.shimExports = shimExports;
 //# sourceMappingURL=index.cjs.map

package/dist/_virtual/index.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}
+{"version":3,"file":"index.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;"}

package/dist/_virtual/index.js

@@ -1,6 +1,6 @@
-import { __require as r } from "../node_modules/use-sync-external-store/shim/index.js";
-var i = r();
+import { __require as requireShim } from "../node_modules/use-sync-external-store/shim/index.js";
+var shimExports = requireShim();
 export {
-  i as s
+  shimExports as s
 };
 //# sourceMappingURL=index.js.map

package/dist/_virtual/index2.cjs

@@ -1,2 +1,5 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});var e={exports:{}};exports.__module=e;
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+var shim = { exports: {} };
+exports.__module = shim;
 //# sourceMappingURL=index2.cjs.map

package/dist/_virtual/index2.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"index2.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}
+{"version":3,"file":"index2.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;"}

package/dist/_virtual/index2.js

@@ -1,5 +1,5 @@
-var e = { exports: {} };
+var shim = { exports: {} };
 export {
-  e as __module
+  shim as __module
 };
 //# sourceMappingURL=index2.js.map

package/dist/_virtual/use-sync-external-store-shim.development.cjs

@@ -1,2 +1,5 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});var e={};exports.__exports=e;
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+var useSyncExternalStoreShim_development = {};
+exports.__exports = useSyncExternalStoreShim_development;
 //# sourceMappingURL=use-sync-external-store-shim.development.cjs.map

package/dist/_virtual/use-sync-external-store-shim.development.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"use-sync-external-store-shim.development.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}
+{"version":3,"file":"use-sync-external-store-shim.development.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;"}

package/dist/_virtual/use-sync-external-store-shim.development.js

@@ -1,5 +1,5 @@
-var e = {};
+var useSyncExternalStoreShim_development = {};
 export {
-  e as __exports
+  useSyncExternalStoreShim_development as __exports
 };
 //# sourceMappingURL=use-sync-external-store-shim.development.js.map

package/dist/_virtual/use-sync-external-store-shim.production.cjs

@@ -1,2 +1,5 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});var e={};exports.__exports=e;
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+var useSyncExternalStoreShim_production = {};
+exports.__exports = useSyncExternalStoreShim_production;
 //# sourceMappingURL=use-sync-external-store-shim.production.cjs.map

package/dist/_virtual/use-sync-external-store-shim.production.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"use-sync-external-store-shim.production.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}
+{"version":3,"file":"use-sync-external-store-shim.production.cjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;"}

package/dist/_virtual/use-sync-external-store-shim.production.js

@@ -1,5 +1,5 @@
-var r = {};
+var useSyncExternalStoreShim_production = {};
 export {
-  r as __exports
+  useSyncExternalStoreShim_production as __exports
 };
 //# sourceMappingURL=use-sync-external-store-shim.production.js.map

package/dist/client/auth.service.cjs

@@ -1,2 +1,249 @@
-"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const E=require("@blimu/client"),o=require("../node_modules/js-cookie/dist/js.cookie.cjs"),A=require("../node_modules/jwt-decode/build/esm/index.cjs"),a="__bli_session",d="__lh_jwt",c="__lh_jwt",S=10,_=1e3,m=n=>Math.floor(n*_),O=n=>Math.floor(n/_),C=()=>O(Date.now()),T=n=>m(n),P=(n,e)=>{const s=T(n),r=m(e),t=Date.now();return Math.max(s-r-t,0)},u=(n,e)=>{const s=C();return n-e<s};class b{constructor(e,s,r,t,l){this.isLive=e,this.client=s,this.store=r,this.pendingRefresher=null,this.refreshPromise=null,this.refreshingSignals=new Set,this.refreshingSignalAbortController=null,this.localClient=new E.Blimu({baseURL:t,credentials:"include",headers:{"x-blimu-publishable-key":l}}),this.handleRequestError=this.handleRequestError.bind(this)}setCookie(e,s,r={}){const t={secure:this.isLive,sameSite:"lax",path:"/"};r.maxAge!==void 0&&(t.expires=r.maxAge/(1440*60)),o.set(e,s,t)}getSessionPayload(){const e=o.get(a);return e?A.jwtDecode(e):null}async getSessionToken(){const e=this.getSessionPayload();if(e)return this.refreshPromise?(await this.refreshPromise,o.get(a)):(u(e.exp,0)&&await this.refreshSession(),o.get(a))}async handleRequestError(e){return e instanceof E.BlimuError&&[401,500].includes(e.status)?(o.remove(a),o.remove(c),{error:e.message,user:null}):e instanceof DOMException?{error:e.message,user:null}:e instanceof Error?{error:e.message,user:null}:{error:"unknown error",user:null}}async initialize({signal:e}={}){const s=new URL(window.location.href),r=s.searchParams.get(d)??void 0;r&&(s.searchParams.delete(d),window.history.replaceState({},"",s.toString())),r&&this.setCookie(c,r,{maxAge:720*60*60});const t=o.get(c);if(console.log("localhostJWTCookie",t),t&&!o.get(a)){const i=await this.refreshSession({signal:e}).catch(this.handleRequestError);if("error"in i)return i}const l=this.getSessionPayload();if(!l)return{error:null,user:null};if(u(l.exp,S)){const i=await this.refreshSession().catch(this.handleRequestError);if("error"in i)return i}const h=await this.client.auth.getSession().catch(this.handleRequestError);return"error"in h?h:{error:null,user:h.user}}scheduleRefresh(){const e=new AbortController;let s=!0,r=null;const t=()=>{s=!0,this.pendingRefresher&&(this.pendingRefresher(),this.pendingRefresher=null)},l=()=>{s=!1};window.addEventListener("online",t),window.addEventListener("offline",l);const h=()=>{r!==null&&(window.clearTimeout(r),r=null);const i=this.getSessionPayload();if(!i||u(i.exp,0))return;const g=P(i.exp,S);if(g<0)return;const w=async()=>{if(r=null,!s){this.pendingRefresher=w;return}const f=await this.refreshSession({signal:e.signal});if("error"in f){if(f.error==="aborted")return;this.store.setState({status:"error",user:null,error:f.error});return}else h()};r=window.setTimeout(w,g)};return h(),()=>{r&&window.clearTimeout(r),e.abort(),window.removeEventListener("online",t),window.removeEventListener("offline",l)}}async refreshSession({signal:e}={}){if(e&&(this.refreshingSignals.add(e),e.addEventListener("abort",()=>{this.refreshingSignals.delete(e),this.refreshingSignals.size===0&&this.refreshingSignalAbortController?.abort()})),this.refreshPromise)return this.refreshPromise;this.refreshingSignalAbortController=new AbortController,this.refreshingSignalAbortController.signal.addEventListener("abort",()=>{this.refreshPromise=null,this.refreshingSignalAbortController=null,this.refreshingSignals.clear()});const s=this.isLive?void 0:o.get(c),r={};s&&(r.__lh_jwt=s),this.refreshPromise=this.localClient.auth.refresh(r,{signal:this.refreshingSignalAbortController.signal}).then(t=>(this.isLive||this.setCookie(a,t.sessionToken,{maxAge:720*60*60}),t)).catch(this.handleRequestError);try{return await this.refreshPromise}finally{this.refreshPromise=null,this.refreshingSignalAbortController=null,this.refreshingSignals.clear()}}}exports.AuthSessionService=b;exports.LOCALHOST_JWT_COOKIE_NAME=c;exports.LOCALHOST_JWT_URL_PARAM_NAME=d;exports.SESSION_COOKIE_NAME=a;exports.SESSION_EXPIRATION_BUFFER=S;exports.isExpiredIn=u;
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const client = require("@blimu/client");
+const js_cookie = require("../node_modules/js-cookie/dist/js.cookie.cjs");
+const index = require("../node_modules/jwt-decode/build/esm/index.cjs");
+const SESSION_COOKIE_NAME = "__bli_session";
+const LOCALHOST_JWT_URL_PARAM_NAME = "__lh_jwt";
+const LOCALHOST_JWT_COOKIE_NAME = "__lh_jwt";
+const SESSION_EXPIRATION_BUFFER = 10;
+const SECONDS_TO_MS = 1e3;
+const secondsToMilliseconds = (seconds) => Math.floor(seconds * SECONDS_TO_MS);
+const millisecondsToSeconds = (ms) => Math.floor(ms / SECONDS_TO_MS);
+const nowInSeconds = () => millisecondsToSeconds(Date.now());
+const jwtExpToMilliseconds = (exp) => secondsToMilliseconds(exp);
+const calculateTimeoutDelay = (expirationSeconds, bufferSeconds) => {
+  const expirationMS = jwtExpToMilliseconds(expirationSeconds);
+  const bufferMS = secondsToMilliseconds(bufferSeconds);
+  const nowMS = Date.now();
+  return Math.max(expirationMS - bufferMS - nowMS, 0);
+};
+const isExpiredIn = (expiration, buffer) => {
+  const now = nowInSeconds();
+  return expiration - buffer < now;
+};
+class AuthSessionService {
+  constructor(isLive, client$1, store, baseURL, publishableKey) {
+    this.isLive = isLive;
+    this.client = client$1;
+    this.store = store;
+    this.pendingRefresher = null;
+    this.refreshPromise = null;
+    this.refreshingSignals = /* @__PURE__ */ new Set();
+    this.refreshingSignalAbortController = null;
+    this.localClient = new client.Blimu({
+      baseURL,
+      credentials: "include",
+      headers: { "x-blimu-publishable-key": publishableKey }
+    });
+    this.handleRequestError = this.handleRequestError.bind(this);
+  }
+  /**
+   * Set cookie with appropriate security settings based on environment
+   */
+  setCookie(name, value, options = {}) {
+    const cookieOptions = {
+      secure: this.isLive,
+      // true for live environments, false for localhost
+      sameSite: "lax",
+      path: "/"
+    };
+    if (options.maxAge !== void 0) {
+      cookieOptions.expires = options.maxAge / (24 * 60 * 60);
+    }
+    js_cookie.default.set(name, value, cookieOptions);
+  }
+  getSessionPayload() {
+    const token = js_cookie.default.get(SESSION_COOKIE_NAME);
+    if (!token) {
+      return null;
+    }
+    const decoded = index.jwtDecode(token);
+    return decoded;
+  }
+  async getSessionToken() {
+    const sessionPayload = this.getSessionPayload();
+    if (!sessionPayload) {
+      return void 0;
+    }
+    if (this.refreshPromise) {
+      await this.refreshPromise;
+      return js_cookie.default.get(SESSION_COOKIE_NAME);
+    }
+    if (isExpiredIn(sessionPayload.exp, 0)) {
+      await this.refreshSession();
+    }
+    return js_cookie.default.get(SESSION_COOKIE_NAME);
+  }
+  async handleRequestError(error) {
+    if (error instanceof client.BlimuError && [401, 500].includes(error.status)) {
+      js_cookie.default.remove(SESSION_COOKIE_NAME);
+      js_cookie.default.remove(LOCALHOST_JWT_COOKIE_NAME);
+      return {
+        error: error.message,
+        user: null
+      };
+    }
+    if (error instanceof DOMException)
+      return {
+        error: error.message,
+        user: null
+      };
+    if (error instanceof Error) {
+      return {
+        error: error.message,
+        user: null
+      };
+    }
+    return {
+      error: "unknown error",
+      user: null
+    };
+  }
+  async initialize({ signal } = {}) {
+    const url = new URL(window.location.href);
+    const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? void 0;
+    if (localhostJWT) {
+      url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);
+      window.history.replaceState({}, "", url.toString());
+    }
+    if (localhostJWT) {
+      this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {
+        maxAge: 30 * 24 * 60 * 60
+        // 30 days
+      });
+    }
+    const localhostJWTCookie = js_cookie.default.get(LOCALHOST_JWT_COOKIE_NAME);
+    if (localhostJWTCookie && !js_cookie.default.get(SESSION_COOKIE_NAME)) {
+      const result2 = await this.refreshSession({ signal }).catch(this.handleRequestError);
+      if ("error" in result2) return result2;
+    }
+    const sessionPayload = this.getSessionPayload();
+    if (!sessionPayload) {
+      return {
+        error: null,
+        user: null
+      };
+    }
+    if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {
+      const result2 = await this.refreshSession().catch(this.handleRequestError);
+      if ("error" in result2) return result2;
+    }
+    const result = await this.client.auth.getSession().catch(this.handleRequestError);
+    if ("error" in result) return result;
+    return {
+      error: null,
+      user: result.user
+    };
+  }
+  scheduleRefresh() {
+    const abortController = new AbortController();
+    let isOnline = true;
+    let timeoutId = null;
+    const onlineHandler = () => {
+      isOnline = true;
+      if (this.pendingRefresher) {
+        this.pendingRefresher();
+        this.pendingRefresher = null;
+      }
+    };
+    const offlineHandler = () => {
+      isOnline = false;
+    };
+    window.addEventListener("online", onlineHandler);
+    window.addEventListener("offline", offlineHandler);
+    const refresh = () => {
+      if (timeoutId !== null) {
+        window.clearTimeout(timeoutId);
+        timeoutId = null;
+      }
+      const sessionPayload = this.getSessionPayload();
+      if (!sessionPayload || isExpiredIn(sessionPayload.exp, 0)) return;
+      const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);
+      if (timeoutDelayMS < 0) {
+        return;
+      }
+      const refresher = async () => {
+        timeoutId = null;
+        if (!isOnline) {
+          this.pendingRefresher = refresher;
+          return;
+        }
+        const result = await this.refreshSession({ signal: abortController.signal });
+        if ("error" in result) {
+          if (result.error === "aborted") {
+            return;
+          }
+          this.store.setState({
+            status: "error",
+            user: null,
+            error: result.error
+          });
+          return;
+        } else {
+          refresh();
+        }
+      };
+      timeoutId = window.setTimeout(refresher, timeoutDelayMS);
+    };
+    refresh();
+    return () => {
+      if (timeoutId) {
+        window.clearTimeout(timeoutId);
+      }
+      abortController.abort();
+      window.removeEventListener("online", onlineHandler);
+      window.removeEventListener("offline", offlineHandler);
+    };
+  }
+  async refreshSession({ signal } = {}) {
+    if (signal) {
+      this.refreshingSignals.add(signal);
+      signal.addEventListener("abort", () => {
+        this.refreshingSignals.delete(signal);
+        if (this.refreshingSignals.size === 0) {
+          this.refreshingSignalAbortController?.abort();
+        }
+      });
+    }
+    if (this.refreshPromise) {
+      return this.refreshPromise;
+    }
+    this.refreshingSignalAbortController = new AbortController();
+    this.refreshingSignalAbortController.signal.addEventListener("abort", () => {
+      this.refreshPromise = null;
+      this.refreshingSignalAbortController = null;
+      this.refreshingSignals.clear();
+    });
+    const localhostJWT = !this.isLive ? js_cookie.default.get(LOCALHOST_JWT_COOKIE_NAME) : void 0;
+    const queryParams = {};
+    if (localhostJWT) {
+      queryParams.__lh_jwt = localhostJWT;
+    }
+    this.refreshPromise = this.localClient.auth.refresh(queryParams, {
+      signal: this.refreshingSignalAbortController.signal
+    }).then((response) => {
+      if (!this.isLive) {
+        this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {
+          maxAge: 30 * 24 * 60 * 60
+          // 30 days
+        });
+      }
+      return response;
+    }).catch(this.handleRequestError);
+    try {
+      return await this.refreshPromise;
+    } finally {
+      this.refreshPromise = null;
+      this.refreshingSignalAbortController = null;
+      this.refreshingSignals.clear();
+    }
+  }
+}
+exports.AuthSessionService = AuthSessionService;
+exports.LOCALHOST_JWT_COOKIE_NAME = LOCALHOST_JWT_COOKIE_NAME;
+exports.LOCALHOST_JWT_URL_PARAM_NAME = LOCALHOST_JWT_URL_PARAM_NAME;
+exports.SESSION_COOKIE_NAME = SESSION_COOKIE_NAME;
+exports.SESSION_EXPIRATION_BUFFER = SESSION_EXPIRATION_BUFFER;
+exports.isExpiredIn = isExpiredIn;
 //# sourceMappingURL=auth.service.cjs.map

package/dist/client/auth.service.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"auth.service.cjs","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/**\n * Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n */\nconst SECONDS_TO_MS = 1000;\n\n/**\n * Convert seconds to milliseconds\n */\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds * SECONDS_TO_MS);\n\n/**\n * Convert milliseconds to seconds\n */\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/**\n * Get current time in seconds (Unix timestamp)\n */\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/**\n * Convert JWT expiration time (seconds) to milliseconds\n */\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/**\n * Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n */\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n  const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n  const bufferMS = secondsToMilliseconds(bufferSeconds);\n  const nowMS = Date.now();\n  return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/**\n * Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n */\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n  const now = nowInSeconds();\n  return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n  private pendingRefresher: (() => void) | null = null;\n  private refreshPromise: Promise<RefreshResponse | { error: string; user: null }> | null = null;\n  private refreshingSignals: Set<AbortSignal> = new Set();\n  private refreshingSignalAbortController: AbortController | null = null;\n  // A local client that doesn't call getSessionToken() which calls refreshSession().\n  private localClient: Blimu;\n\n  constructor(\n    private readonly isLive: boolean,\n    private readonly client: Blimu,\n    private readonly store: ExternalStore<AuthState>,\n    baseURL: string,\n    publishableKey: string,\n  ) {\n    this.localClient = new Blimu({\n      baseURL,\n      credentials: 'include',\n      headers: { 'x-blimu-publishable-key': publishableKey },\n    });\n    this.handleRequestError = this.handleRequestError.bind(this);\n  }\n\n  /**\n   * Set cookie with appropriate security settings based on environment\n   */\n  private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n    const cookieOptions: Cookies.CookieAttributes = {\n      secure: this.isLive, // true for live environments, false for localhost\n      sameSite: 'lax',\n      path: '/',\n    };\n\n    if (options.maxAge !== undefined) {\n      cookieOptions.expires = options.maxAge / (24 * 60 * 60); // Convert seconds to days\n    }\n\n    Cookies.set(name, value, cookieOptions);\n  }\n\n  getSessionPayload(): {\n    sub: string;\n    environmentId: string;\n    type: string;\n    iat: number;\n    exp: number;\n  } | null {\n    const token = Cookies.get(SESSION_COOKIE_NAME);\n\n    if (!token) {\n      return null;\n    }\n\n    const decoded = jwtDecode<{\n      sub: string;\n      environmentId: string;\n      type: string;\n      iat: number;\n      exp: number;\n    }>(token);\n\n    return decoded;\n  }\n\n  async getSessionToken(): Promise<string | undefined> {\n    const sessionPayload = this.getSessionPayload();\n\n    if (!sessionPayload) {\n      return undefined;\n    }\n\n    // If a refresh is already in progress, wait for it to complete\n    // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n    // which triggers accessToken() which calls getSessionToken()\n    if (this.refreshPromise) {\n      await this.refreshPromise;\n      // After refresh completes, return the updated token from cookie\n      return Cookies.get(SESSION_COOKIE_NAME);\n    }\n\n    if (isExpiredIn(sessionPayload.exp, 0)) {\n      await this.refreshSession();\n    }\n\n    return Cookies.get(SESSION_COOKIE_NAME);\n  }\n\n  async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n    if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n      Cookies.remove(SESSION_COOKIE_NAME);\n      Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n      return {\n        error: error.message,\n        user: null,\n      };\n    }\n\n    if (error instanceof DOMException)\n      return {\n        error: error.message,\n        user: null,\n      };\n\n    if (error instanceof Error) {\n      return {\n        error: error.message,\n        user: null,\n      };\n    }\n\n    return {\n      error: 'unknown error',\n      user: null,\n    };\n  }\n\n  async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n    error: string | null;\n    user: User | null;\n  }> {\n    const url = new URL(window.location.href);\n    const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n    // Clean up URL parameters immediately to prevent re-processing on re-renders\n    if (localhostJWT) {\n      url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n      window.history.replaceState({}, '', url.toString());\n    }\n\n    // Handle localhost JWT from URL parameter\n    if (localhostJWT) {\n      // Set localhost JWT cookie on customer app domain\n      this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n        maxAge: 30 * 24 * 60 * 60, // 30 days\n      });\n    }\n\n    const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n    console.log('localhostJWTCookie', localhostJWTCookie);\n\n    if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n      const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n      if ('error' in result) return result;\n    }\n\n    const sessionPayload = this.getSessionPayload();\n\n    if (!sessionPayload) {\n      return {\n        error: null,\n        user: null,\n      };\n    }\n\n    if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n      const result = await this.refreshSession().catch(this.handleRequestError);\n      if ('error' in result) return result;\n    }\n\n    const result = await this.client.auth.getSession().catch(this.handleRequestError);\n    if ('error' in result) return result;\n\n    return {\n      error: null,\n      user: result.user,\n    };\n  }\n\n  scheduleRefresh() {\n    const abortController = new AbortController();\n    let isOnline = true;\n    let timeoutId: number | null = null;\n\n    const onlineHandler = () => {\n      isOnline = true;\n      if (this.pendingRefresher) {\n        this.pendingRefresher();\n        this.pendingRefresher = null;\n      }\n    };\n    const offlineHandler = () => {\n      isOnline = false;\n    };\n\n    window.addEventListener('online', onlineHandler);\n    window.addEventListener('offline', offlineHandler);\n\n    const refresh = () => {\n      // Clear any existing timeout before scheduling a new one\n      // This prevents infinite loops when refresh() is called recursively\n      if (timeoutId !== null) {\n        window.clearTimeout(timeoutId);\n        timeoutId = null;\n      }\n\n      const sessionPayload = this.getSessionPayload();\n\n      if (!sessionPayload || isExpiredIn(sessionPayload.exp, 0)) return;\n\n      // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n      const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n      // Prevent scheduling if timeout is negative (token already expired)\n      // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n      // This prevents immediate re-scheduling that could cause infinite loops\n      if (timeoutDelayMS < 0) {\n        return;\n      }\n\n      // Having this function outside timeout, allows us to call refresh immediately when back online\n      const refresher = async () => {\n        // Clear timeoutId since we're executing now\n        timeoutId = null;\n\n        if (!isOnline) {\n          // Keep closure of refresh function alive\n          this.pendingRefresher = refresher;\n          return;\n        }\n\n        const result = await this.refreshSession({ signal: abortController.signal });\n\n        if ('error' in result) {\n          // If the refresh was aborted (e.g., due to React strict mode unmounting),\n          // don't treat it as an error - just return and let the component remount handle it\n          if (result.error === 'aborted') {\n            return;\n          }\n          // For real errors, update the store\n          this.store.setState({\n            status: 'error',\n            user: null,\n            error: result.error,\n          });\n          return;\n        } else {\n          // After successful refresh, schedule the next refresh with the new token\n          refresh();\n        }\n      };\n\n      timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n    };\n\n    refresh();\n\n    return () => {\n      if (timeoutId) {\n        window.clearTimeout(timeoutId);\n      }\n      abortController.abort();\n      window.removeEventListener('online', onlineHandler);\n      window.removeEventListener('offline', offlineHandler);\n    };\n  }\n\n  private async refreshSession({ signal }: { signal?: AbortSignal } = {}) {\n    if (signal) {\n      // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n      this.refreshingSignals.add(signal);\n\n      signal.addEventListener('abort', () => {\n        this.refreshingSignals.delete(signal);\n\n        if (this.refreshingSignals.size === 0) {\n          this.refreshingSignalAbortController?.abort();\n        }\n      });\n    }\n\n    if (this.refreshPromise) {\n      return this.refreshPromise;\n    }\n\n    this.refreshingSignalAbortController = new AbortController();\n\n    this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n      this.refreshPromise = null;\n      this.refreshingSignalAbortController = null;\n      this.refreshingSignals.clear();\n    });\n\n    // Get localhost_jwt from cookie to send as query parameter (only for non-live environments)\n    const localhostJWT = !this.isLive ? Cookies.get(LOCALHOST_JWT_COOKIE_NAME) : undefined;\n\n    // Build query parameters - only include __lh_jwt for non-live environments when cookie exists\n    const queryParams: { __lh_jwt?: string } = {};\n    if (localhostJWT) {\n      queryParams.__lh_jwt = localhostJWT;\n    }\n\n    // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n    // There are hacks to avoid infinite recursion, but they are not reliable.\n    // The localhost_jwt is sent as a query parameter only in non-live environments\n    // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n    // but the underlying CoreClient.request() method does support it\n    this.refreshPromise = this.localClient.auth\n      .refresh(queryParams, {\n        signal: this.refreshingSignalAbortController.signal,\n      })\n      .then((response) => {\n        // Update cookie with new session token from response body\n        // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n        if (!this.isLive) {\n          this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n            maxAge: 30 * 24 * 60 * 60, // 30 days\n          });\n        }\n        return response;\n      })\n      .catch(this.handleRequestError);\n\n    try {\n      return await this.refreshPromise;\n    } finally {\n      this.refreshPromise = null;\n      this.refreshingSignalAbortController = null;\n      this.refreshingSignals.clear();\n    }\n  }\n}\n"],"names":["SESSION_COOKIE_NAME","LOCALHOST_JWT_URL_PARAM_NAME","LOCALHOST_JWT_COOKIE_NAME","SESSION_EXPIRATION_BUFFER","SECONDS_TO_MS","secondsToMilliseconds","seconds","millisecondsToSeconds","ms","nowInSeconds","jwtExpToMilliseconds","exp","calculateTimeoutDelay","expirationSeconds","bufferSeconds","expirationMS","bufferMS","nowMS","isExpiredIn","expiration","buffer","now","AuthSessionService","isLive","client","store","baseURL","publishableKey","Blimu","name","value","options","cookieOptions","Cookies","token","jwtDecode","sessionPayload","error","BlimuError","signal","url","localhostJWT","localhostJWTCookie","result","abortController","isOnline","timeoutId","onlineHandler","offlineHandler","refresh","timeoutDelayMS","refresher","queryParams","response"],"mappings":"uOAQaA,EAAsB,gBACtBC,EAA+B,WAC/BC,EAA4B,WAC5BC,EAA4B,GAMnCC,EAAgB,IAKhBC,EAAyBC,GAA4B,KAAK,MAAMA,EAAUF,CAAa,EAKvFG,EAAyBC,GAAuB,KAAK,MAAMA,EAAKJ,CAAa,EAK7EK,EAAe,IAAcF,EAAsB,KAAK,KAAK,EAK7DG,EAAwBC,GAAwBN,EAAsBM,CAAG,EAQzEC,EAAwB,CAACC,EAA2BC,IAAkC,CAC1F,MAAMC,EAAeL,EAAqBG,CAAiB,EACrDG,EAAWX,EAAsBS,CAAa,EAC9CG,EAAQ,KAAK,IAAA,EACnB,OAAO,KAAK,IAAIF,EAAeC,EAAWC,EAAO,CAAC,CACpD,EAQaC,EAAc,CAACC,EAAoBC,IAA4B,CAC1E,MAAMC,EAAMZ,EAAA,EACZ,OAAOU,EAAaC,EAASC,CAC/B,EAEO,MAAMC,CAAmB,CAQ9B,YACmBC,EACAC,EACAC,EACjBC,EACAC,EACA,CALiB,KAAA,OAAAJ,EACA,KAAA,OAAAC,EACA,KAAA,MAAAC,EAVnB,KAAQ,iBAAwC,KAChD,KAAQ,eAAkF,KAC1F,KAAQ,sBAA0C,IAClD,KAAQ,gCAA0D,KAWhE,KAAK,YAAc,IAAIG,QAAM,CAC3B,QAAAF,EACA,YAAa,UACb,QAAS,CAAE,0BAA2BC,CAAA,CAAe,CACtD,EACD,KAAK,mBAAqB,KAAK,mBAAmB,KAAK,IAAI,CAC7D,CAKQ,UAAUE,EAAcC,EAAeC,EAA+B,CAAA,EAAU,CACtF,MAAMC,EAA0C,CAC9C,OAAQ,KAAK,OACb,SAAU,MACV,KAAM,GAAA,EAGJD,EAAQ,SAAW,SACrBC,EAAc,QAAUD,EAAQ,QAAU,KAAU,KAGtDE,EAAQ,IAAIJ,EAAMC,EAAOE,CAAa,CACxC,CAEA,mBAMS,CACP,MAAME,EAAQD,EAAQ,IAAIjC,CAAmB,EAE7C,OAAKkC,EAIWC,EAAAA,UAMbD,CAAK,EATC,IAYX,CAEA,MAAM,iBAA+C,CACnD,MAAME,EAAiB,KAAK,kBAAA,EAE5B,GAAKA,EAOL,OAAI,KAAK,gBACP,MAAM,KAAK,eAEJH,EAAQ,IAAIjC,CAAmB,IAGpCkB,EAAYkB,EAAe,IAAK,CAAC,GACnC,MAAM,KAAK,eAAA,EAGNH,EAAQ,IAAIjC,CAAmB,EACxC,CAEA,MAAM,mBAAmBqC,EAAwD,CAC/E,OAAIA,aAAiBC,EAAAA,YAAc,CAAC,IAAK,GAAG,EAAE,SAASD,EAAM,MAAM,GACjEJ,EAAQ,OAAOjC,CAAmB,EAClCiC,EAAQ,OAAO/B,CAAyB,EAEjC,CACL,MAAOmC,EAAM,QACb,KAAM,IAAA,GAINA,aAAiB,aACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAGNA,aAAiB,MACZ,CACL,MAAOA,EAAM,QACb,KAAM,IAAA,EAIH,CACL,MAAO,gBACP,KAAM,IAAA,CAEV,CAEA,MAAM,WAAW,CAAE,OAAAE,CAAA,EAAqC,GAGrD,CACD,MAAMC,EAAM,IAAI,IAAI,OAAO,SAAS,IAAI,EAClCC,EAAeD,EAAI,aAAa,IAAIvC,CAA4B,GAAK,OAGvEwC,IACFD,EAAI,aAAa,OAAOvC,CAA4B,EACpD,OAAO,QAAQ,aAAa,CAAA,EAAI,GAAIuC,EAAI,UAAU,GAIhDC,GAEF,KAAK,UAAUvC,EAA2BuC,EAAc,CACtD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAGH,MAAMC,EAAqBT,EAAQ,IAAI/B,CAAyB,EAIhE,GAFA,QAAQ,IAAI,qBAAsBwC,CAAkB,EAEhDA,GAAsB,CAACT,EAAQ,IAAIjC,CAAmB,EAAG,CAC3D,MAAM2C,EAAS,MAAM,KAAK,eAAe,CAAE,OAAAJ,EAAQ,EAAE,MAAM,KAAK,kBAAkB,EAClF,GAAI,UAAWI,EAAQ,OAAOA,CAChC,CAEA,MAAMP,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,EACH,MAAO,CACL,MAAO,KACP,KAAM,IAAA,EAIV,GAAIlB,EAAYkB,EAAe,IAAKjC,CAAyB,EAAG,CAC9D,MAAMwC,EAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB,EACxE,GAAI,UAAWA,EAAQ,OAAOA,CAChC,CAEA,MAAMA,EAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB,EAChF,MAAI,UAAWA,EAAeA,EAEvB,CACL,MAAO,KACP,KAAMA,EAAO,IAAA,CAEjB,CAEA,iBAAkB,CAChB,MAAMC,EAAkB,IAAI,gBAC5B,IAAIC,EAAW,GACXC,EAA2B,KAE/B,MAAMC,EAAgB,IAAM,CAC1BF,EAAW,GACP,KAAK,mBACP,KAAK,iBAAA,EACL,KAAK,iBAAmB,KAE5B,EACMG,EAAiB,IAAM,CAC3BH,EAAW,EACb,EAEA,OAAO,iBAAiB,SAAUE,CAAa,EAC/C,OAAO,iBAAiB,UAAWC,CAAc,EAEjD,MAAMC,EAAU,IAAM,CAGhBH,IAAc,OAChB,OAAO,aAAaA,CAAS,EAC7BA,EAAY,MAGd,MAAMV,EAAiB,KAAK,kBAAA,EAE5B,GAAI,CAACA,GAAkBlB,EAAYkB,EAAe,IAAK,CAAC,EAAG,OAG3D,MAAMc,EAAiBtC,EAAsBwB,EAAe,IAAKjC,CAAyB,EAK1F,GAAI+C,EAAiB,EACnB,OAIF,MAAMC,EAAY,SAAY,CAI5B,GAFAL,EAAY,KAER,CAACD,EAAU,CAEb,KAAK,iBAAmBM,EACxB,MACF,CAEA,MAAMR,EAAS,MAAM,KAAK,eAAe,CAAE,OAAQC,EAAgB,OAAQ,EAE3E,GAAI,UAAWD,EAAQ,CAGrB,GAAIA,EAAO,QAAU,UACnB,OAGF,KAAK,MAAM,SAAS,CAClB,OAAQ,QACR,KAAM,KACN,MAAOA,EAAO,KAAA,CACf,EACD,MACF,MAEEM,EAAA,CAEJ,EAEAH,EAAY,OAAO,WAAWK,EAAWD,CAAc,CACzD,EAEA,OAAAD,EAAA,EAEO,IAAM,CACPH,GACF,OAAO,aAAaA,CAAS,EAE/BF,EAAgB,MAAA,EAChB,OAAO,oBAAoB,SAAUG,CAAa,EAClD,OAAO,oBAAoB,UAAWC,CAAc,CACtD,CACF,CAEA,MAAc,eAAe,CAAE,OAAAT,CAAA,EAAqC,GAAI,CActE,GAbIA,IAEF,KAAK,kBAAkB,IAAIA,CAAM,EAEjCA,EAAO,iBAAiB,QAAS,IAAM,CACrC,KAAK,kBAAkB,OAAOA,CAAM,EAEhC,KAAK,kBAAkB,OAAS,GAClC,KAAK,iCAAiC,MAAA,CAE1C,CAAC,GAGC,KAAK,eACP,OAAO,KAAK,eAGd,KAAK,gCAAkC,IAAI,gBAE3C,KAAK,gCAAgC,OAAO,iBAAiB,QAAS,IAAM,CAC1E,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CAAC,EAGD,MAAME,EAAgB,KAAK,OAAkD,OAAzCR,EAAQ,IAAI/B,CAAyB,EAGnEkD,EAAqC,CAAA,EACvCX,IACFW,EAAY,SAAWX,GAQzB,KAAK,eAAiB,KAAK,YAAY,KACpC,QAAQW,EAAa,CACpB,OAAQ,KAAK,gCAAgC,MAAA,CAC9C,EACA,KAAMC,IAGA,KAAK,QACR,KAAK,UAAUrD,EAAqBqD,EAAS,aAAc,CACzD,OAAQ,IAAU,GAAK,EAAA,CACxB,EAEIA,EACR,EACA,MAAM,KAAK,kBAAkB,EAEhC,GAAI,CACF,OAAO,MAAM,KAAK,cACpB,QAAA,CACE,KAAK,eAAiB,KACtB,KAAK,gCAAkC,KACvC,KAAK,kBAAkB,MAAA,CACzB,CACF,CACF"}
+{"version":3,"file":"auth.service.cjs","sources":["../../src/client/auth.service.ts"],"sourcesContent":["import { Blimu, BlimuError } from '@blimu/client';\nimport type { RefreshResponse } from '@blimu/client/schema';\nimport Cookies from 'js-cookie';\nimport { jwtDecode } from 'jwt-decode';\n\nimport type { AuthState, User } from '../types';\nimport { ExternalStore } from './external-store';\n\nexport const SESSION_COOKIE_NAME = '__bli_session';\nexport const LOCALHOST_JWT_URL_PARAM_NAME = '__lh_jwt';\nexport const LOCALHOST_JWT_COOKIE_NAME = '__lh_jwt';\nexport const SESSION_EXPIRATION_BUFFER = 10;\n\n/**\n * Time conversion utilities\n * JWT tokens use seconds (Unix timestamp), JavaScript Date uses milliseconds\n */\nconst SECONDS_TO_MS = 1000;\n\n/**\n * Convert seconds to milliseconds\n */\nconst secondsToMilliseconds = (seconds: number): number => Math.floor(seconds * SECONDS_TO_MS);\n\n/**\n * Convert milliseconds to seconds\n */\nconst millisecondsToSeconds = (ms: number): number => Math.floor(ms / SECONDS_TO_MS);\n\n/**\n * Get current time in seconds (Unix timestamp)\n */\nconst nowInSeconds = (): number => millisecondsToSeconds(Date.now());\n\n/**\n * Convert JWT expiration time (seconds) to milliseconds\n */\nconst jwtExpToMilliseconds = (exp: number): number => secondsToMilliseconds(exp);\n\n/**\n * Calculate timeout delay in milliseconds for refreshing before expiration\n * @param expirationSeconds - JWT exp claim in seconds\n * @param bufferSeconds - Buffer time in seconds before expiration\n * @returns Timeout delay in milliseconds\n */\nconst calculateTimeoutDelay = (expirationSeconds: number, bufferSeconds: number): number => {\n  const expirationMS = jwtExpToMilliseconds(expirationSeconds);\n  const bufferMS = secondsToMilliseconds(bufferSeconds);\n  const nowMS = Date.now();\n  return Math.max(expirationMS - bufferMS - nowMS, 0);\n};\n\n/**\n * Check if a JWT expiration time (in seconds) is expired or will expire within the buffer\n * @param expiration - JWT exp claim in seconds (Unix timestamp)\n * @param buffer - Buffer time in seconds before expiration to consider it expired\n * @returns true if expired or will expire within buffer\n */\nexport const isExpiredIn = (expiration: number, buffer: number): boolean => {\n  const now = nowInSeconds();\n  return expiration - buffer < now;\n};\n\nexport class AuthSessionService {\n  private pendingRefresher: (() => void) | null = null;\n  private refreshPromise: Promise<RefreshResponse | { error: string; user: null }> | null = null;\n  private refreshingSignals: Set<AbortSignal> = new Set();\n  private refreshingSignalAbortController: AbortController | null = null;\n  // A local client that doesn't call getSessionToken() which calls refreshSession().\n  private localClient: Blimu;\n\n  constructor(\n    private readonly isLive: boolean,\n    private readonly client: Blimu,\n    private readonly store: ExternalStore<AuthState>,\n    baseURL: string,\n    publishableKey: string,\n  ) {\n    this.localClient = new Blimu({\n      baseURL,\n      credentials: 'include',\n      headers: { 'x-blimu-publishable-key': publishableKey },\n    });\n    this.handleRequestError = this.handleRequestError.bind(this);\n  }\n\n  /**\n   * Set cookie with appropriate security settings based on environment\n   */\n  private setCookie(name: string, value: string, options: { maxAge?: number } = {}): void {\n    const cookieOptions: Cookies.CookieAttributes = {\n      secure: this.isLive, // true for live environments, false for localhost\n      sameSite: 'lax',\n      path: '/',\n    };\n\n    if (options.maxAge !== undefined) {\n      cookieOptions.expires = options.maxAge / (24 * 60 * 60); // Convert seconds to days\n    }\n\n    Cookies.set(name, value, cookieOptions);\n  }\n\n  getSessionPayload(): {\n    sub: string;\n    environmentId: string;\n    type: string;\n    iat: number;\n    exp: number;\n  } | null {\n    const token = Cookies.get(SESSION_COOKIE_NAME);\n\n    if (!token) {\n      return null;\n    }\n\n    const decoded = jwtDecode<{\n      sub: string;\n      environmentId: string;\n      type: string;\n      iat: number;\n      exp: number;\n    }>(token);\n\n    return decoded;\n  }\n\n  async getSessionToken(): Promise<string | undefined> {\n    const sessionPayload = this.getSessionPayload();\n\n    if (!sessionPayload) {\n      return undefined;\n    }\n\n    // If a refresh is already in progress, wait for it to complete\n    // This prevents infinite recursion when refreshSession() calls client.auth.refresh()\n    // which triggers accessToken() which calls getSessionToken()\n    if (this.refreshPromise) {\n      await this.refreshPromise;\n      // After refresh completes, return the updated token from cookie\n      return Cookies.get(SESSION_COOKIE_NAME);\n    }\n\n    if (isExpiredIn(sessionPayload.exp, 0)) {\n      await this.refreshSession();\n    }\n\n    return Cookies.get(SESSION_COOKIE_NAME);\n  }\n\n  async handleRequestError(error: unknown): Promise<{ error: string; user: null }> {\n    if (error instanceof BlimuError && [401, 500].includes(error.status)) {\n      Cookies.remove(SESSION_COOKIE_NAME);\n      Cookies.remove(LOCALHOST_JWT_COOKIE_NAME);\n\n      return {\n        error: error.message,\n        user: null,\n      };\n    }\n\n    if (error instanceof DOMException)\n      return {\n        error: error.message,\n        user: null,\n      };\n\n    if (error instanceof Error) {\n      return {\n        error: error.message,\n        user: null,\n      };\n    }\n\n    return {\n      error: 'unknown error',\n      user: null,\n    };\n  }\n\n  async initialize({ signal }: { signal?: AbortSignal } = {}): Promise<{\n    error: string | null;\n    user: User | null;\n  }> {\n    const url = new URL(window.location.href);\n    const localhostJWT = url.searchParams.get(LOCALHOST_JWT_URL_PARAM_NAME) ?? undefined;\n\n    // Clean up URL parameters immediately to prevent re-processing on re-renders\n    if (localhostJWT) {\n      url.searchParams.delete(LOCALHOST_JWT_URL_PARAM_NAME);\n      window.history.replaceState({}, '', url.toString());\n    }\n\n    // Handle localhost JWT from URL parameter\n    if (localhostJWT) {\n      // Set localhost JWT cookie on customer app domain\n      this.setCookie(LOCALHOST_JWT_COOKIE_NAME, localhostJWT, {\n        maxAge: 30 * 24 * 60 * 60, // 30 days\n      });\n    }\n\n    const localhostJWTCookie = Cookies.get(LOCALHOST_JWT_COOKIE_NAME);\n\n    if (localhostJWTCookie && !Cookies.get(SESSION_COOKIE_NAME)) {\n      const result = await this.refreshSession({ signal }).catch(this.handleRequestError);\n      if ('error' in result) return result;\n    }\n\n    const sessionPayload = this.getSessionPayload();\n\n    if (!sessionPayload) {\n      return {\n        error: null,\n        user: null,\n      };\n    }\n\n    if (isExpiredIn(sessionPayload.exp, SESSION_EXPIRATION_BUFFER)) {\n      const result = await this.refreshSession().catch(this.handleRequestError);\n      if ('error' in result) return result;\n    }\n\n    const result = await this.client.auth.getSession().catch(this.handleRequestError);\n    if ('error' in result) return result;\n\n    return {\n      error: null,\n      user: result.user,\n    };\n  }\n\n  scheduleRefresh() {\n    const abortController = new AbortController();\n    let isOnline = true;\n    let timeoutId: number | null = null;\n\n    const onlineHandler = () => {\n      isOnline = true;\n      if (this.pendingRefresher) {\n        this.pendingRefresher();\n        this.pendingRefresher = null;\n      }\n    };\n    const offlineHandler = () => {\n      isOnline = false;\n    };\n\n    window.addEventListener('online', onlineHandler);\n    window.addEventListener('offline', offlineHandler);\n\n    const refresh = () => {\n      // Clear any existing timeout before scheduling a new one\n      // This prevents infinite loops when refresh() is called recursively\n      if (timeoutId !== null) {\n        window.clearTimeout(timeoutId);\n        timeoutId = null;\n      }\n\n      const sessionPayload = this.getSessionPayload();\n\n      if (!sessionPayload || isExpiredIn(sessionPayload.exp, 0)) return;\n\n      // Calculate timeout delay: refresh SESSION_EXPIRATION_BUFFER seconds before expiration\n      const timeoutDelayMS = calculateTimeoutDelay(sessionPayload.exp, SESSION_EXPIRATION_BUFFER);\n\n      // Prevent scheduling if timeout is negative (token already expired)\n      // Allow 0ms delays to handle edge cases where we're exactly at the refresh point\n      // This prevents immediate re-scheduling that could cause infinite loops\n      if (timeoutDelayMS < 0) {\n        return;\n      }\n\n      // Having this function outside timeout, allows us to call refresh immediately when back online\n      const refresher = async () => {\n        // Clear timeoutId since we're executing now\n        timeoutId = null;\n\n        if (!isOnline) {\n          // Keep closure of refresh function alive\n          this.pendingRefresher = refresher;\n          return;\n        }\n\n        const result = await this.refreshSession({ signal: abortController.signal });\n\n        if ('error' in result) {\n          // If the refresh was aborted (e.g., due to React strict mode unmounting),\n          // don't treat it as an error - just return and let the component remount handle it\n          if (result.error === 'aborted') {\n            return;\n          }\n          // For real errors, update the store\n          this.store.setState({\n            status: 'error',\n            user: null,\n            error: result.error,\n          });\n          return;\n        } else {\n          // After successful refresh, schedule the next refresh with the new token\n          refresh();\n        }\n      };\n\n      timeoutId = window.setTimeout(refresher, timeoutDelayMS);\n    };\n\n    refresh();\n\n    return () => {\n      if (timeoutId) {\n        window.clearTimeout(timeoutId);\n      }\n      abortController.abort();\n      window.removeEventListener('online', onlineHandler);\n      window.removeEventListener('offline', offlineHandler);\n    };\n  }\n\n  private async refreshSession({ signal }: { signal?: AbortSignal | undefined } = {}) {\n    if (signal) {\n      // Add signal to tracking set (was using .has() instead of .add() - bug fix)\n      this.refreshingSignals.add(signal);\n\n      signal.addEventListener('abort', () => {\n        this.refreshingSignals.delete(signal);\n\n        if (this.refreshingSignals.size === 0) {\n          this.refreshingSignalAbortController?.abort();\n        }\n      });\n    }\n\n    if (this.refreshPromise) {\n      return this.refreshPromise;\n    }\n\n    this.refreshingSignalAbortController = new AbortController();\n\n    this.refreshingSignalAbortController.signal.addEventListener('abort', () => {\n      this.refreshPromise = null;\n      this.refreshingSignalAbortController = null;\n      this.refreshingSignals.clear();\n    });\n\n    // Get localhost_jwt from cookie to send as query parameter (only for non-live environments)\n    const localhostJWT = !this.isLive ? Cookies.get(LOCALHOST_JWT_COOKIE_NAME) : undefined;\n\n    // Build query parameters - only include __lh_jwt for non-live environments when cookie exists\n    const queryParams: { __lh_jwt?: string } = {};\n    if (localhostJWT) {\n      queryParams.__lh_jwt = localhostJWT;\n    }\n\n    // Use local client to avoid infinite recursion. Regular client calls getSessionToken() which calls refreshSession().\n    // There are hacks to avoid infinite recursion, but they are not reliable.\n    // The localhost_jwt is sent as a query parameter only in non-live environments\n    // Note: Type assertion needed because the generated SDK type doesn't include 'query' in RequestInit,\n    // but the underlying CoreClient.request() method does support it\n    this.refreshPromise = this.localClient.auth\n      .refresh(queryParams, {\n        signal: this.refreshingSignalAbortController.signal,\n      })\n      .then((response) => {\n        // Update cookie with new session token from response body\n        // Server also sets it via Set-Cookie header on auth domain, but we set it manually on customer domain\n        if (!this.isLive) {\n          this.setCookie(SESSION_COOKIE_NAME, response.sessionToken, {\n            maxAge: 30 * 24 * 60 * 60, // 30 days\n          });\n        }\n        return response;\n      })\n      .catch(this.handleRequestError);\n\n    try {\n      return await this.refreshPromise;\n    } finally {\n      this.refreshPromise = null;\n      this.refreshingSignalAbortController = null;\n      this.refreshingSignals.clear();\n    }\n  }\n}\n"],"names":["client","Blimu","Cookies","jwtDecode","BlimuError","result"],"mappings":";;;;;AAQO,MAAM,sBAAsB;AAC5B,MAAM,+BAA+B;AACrC,MAAM,4BAA4B;AAClC,MAAM,4BAA4B;AAMzC,MAAM,gBAAgB;AAKtB,MAAM,wBAAwB,CAAC,YAA4B,KAAK,MAAM,UAAU,aAAa;AAK7F,MAAM,wBAAwB,CAAC,OAAuB,KAAK,MAAM,KAAK,aAAa;AAKnF,MAAM,eAAe,MAAc,sBAAsB,KAAK,KAAK;AAKnE,MAAM,uBAAuB,CAAC,QAAwB,sBAAsB,GAAG;AAQ/E,MAAM,wBAAwB,CAAC,mBAA2B,kBAAkC;AAC1F,QAAM,eAAe,qBAAqB,iBAAiB;AAC3D,QAAM,WAAW,sBAAsB,aAAa;AACpD,QAAM,QAAQ,KAAK,IAAA;AACnB,SAAO,KAAK,IAAI,eAAe,WAAW,OAAO,CAAC;AACpD;AAQO,MAAM,cAAc,CAAC,YAAoB,WAA4B;AAC1E,QAAM,MAAM,aAAA;AACZ,SAAO,aAAa,SAAS;AAC/B;AAEO,MAAM,mBAAmB;AAAA,EAQ9B,YACmB,QACAA,UACA,OACjB,SACA,gBACA;AALiB,SAAA,SAAA;AACA,SAAA,SAAAA;AACA,SAAA,QAAA;AAVnB,SAAQ,mBAAwC;AAChD,SAAQ,iBAAkF;AAC1F,SAAQ,wCAA0C,IAAA;AAClD,SAAQ,kCAA0D;AAWhE,SAAK,cAAc,IAAIC,aAAM;AAAA,MAC3B;AAAA,MACA,aAAa;AAAA,MACb,SAAS,EAAE,2BAA2B,eAAA;AAAA,IAAe,CACtD;AACD,SAAK,qBAAqB,KAAK,mBAAmB,KAAK,IAAI;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA,EAKQ,UAAU,MAAc,OAAe,UAA+B,CAAA,GAAU;AACtF,UAAM,gBAA0C;AAAA,MAC9C,QAAQ,KAAK;AAAA;AAAA,MACb,UAAU;AAAA,MACV,MAAM;AAAA,IAAA;AAGR,QAAI,QAAQ,WAAW,QAAW;AAChC,oBAAc,UAAU,QAAQ,UAAU,KAAK,KAAK;AAAA,IACtD;AAEAC,cAAAA,QAAQ,IAAI,MAAM,OAAO,aAAa;AAAA,EACxC;AAAA,EAEA,oBAMS;AACP,UAAM,QAAQA,UAAAA,QAAQ,IAAI,mBAAmB;AAE7C,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,UAAM,UAAUC,MAAAA,UAMb,KAAK;AAER,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,kBAA+C;AACnD,UAAM,iBAAiB,KAAK,kBAAA;AAE5B,QAAI,CAAC,gBAAgB;AACnB,aAAO;AAAA,IACT;AAKA,QAAI,KAAK,gBAAgB;AACvB,YAAM,KAAK;AAEX,aAAOD,UAAAA,QAAQ,IAAI,mBAAmB;AAAA,IACxC;AAEA,QAAI,YAAY,eAAe,KAAK,CAAC,GAAG;AACtC,YAAM,KAAK,eAAA;AAAA,IACb;AAEA,WAAOA,UAAAA,QAAQ,IAAI,mBAAmB;AAAA,EACxC;AAAA,EAEA,MAAM,mBAAmB,OAAwD;AAC/E,QAAI,iBAAiBE,OAAAA,cAAc,CAAC,KAAK,GAAG,EAAE,SAAS,MAAM,MAAM,GAAG;AACpEF,gBAAAA,QAAQ,OAAO,mBAAmB;AAClCA,gBAAAA,QAAQ,OAAO,yBAAyB;AAExC,aAAO;AAAA,QACL,OAAO,MAAM;AAAA,QACb,MAAM;AAAA,MAAA;AAAA,IAEV;AAEA,QAAI,iBAAiB;AACnB,aAAO;AAAA,QACL,OAAO,MAAM;AAAA,QACb,MAAM;AAAA,MAAA;AAGV,QAAI,iBAAiB,OAAO;AAC1B,aAAO;AAAA,QACL,OAAO,MAAM;AAAA,QACb,MAAM;AAAA,MAAA;AAAA,IAEV;AAEA,WAAO;AAAA,MACL,OAAO;AAAA,MACP,MAAM;AAAA,IAAA;AAAA,EAEV;AAAA,EAEA,MAAM,WAAW,EAAE,OAAA,IAAqC,IAGrD;AACD,UAAM,MAAM,IAAI,IAAI,OAAO,SAAS,IAAI;AACxC,UAAM,eAAe,IAAI,aAAa,IAAI,4BAA4B,KAAK;AAG3E,QAAI,cAAc;AAChB,UAAI,aAAa,OAAO,4BAA4B;AACpD,aAAO,QAAQ,aAAa,CAAA,GAAI,IAAI,IAAI,UAAU;AAAA,IACpD;AAGA,QAAI,cAAc;AAEhB,WAAK,UAAU,2BAA2B,cAAc;AAAA,QACtD,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,MAAA,CACxB;AAAA,IACH;AAEA,UAAM,qBAAqBA,UAAAA,QAAQ,IAAI,yBAAyB;AAEhE,QAAI,sBAAsB,CAACA,UAAAA,QAAQ,IAAI,mBAAmB,GAAG;AAC3D,YAAMG,UAAS,MAAM,KAAK,eAAe,EAAE,QAAQ,EAAE,MAAM,KAAK,kBAAkB;AAClF,UAAI,WAAWA,QAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAM,iBAAiB,KAAK,kBAAA;AAE5B,QAAI,CAAC,gBAAgB;AACnB,aAAO;AAAA,QACL,OAAO;AAAA,QACP,MAAM;AAAA,MAAA;AAAA,IAEV;AAEA,QAAI,YAAY,eAAe,KAAK,yBAAyB,GAAG;AAC9D,YAAMA,UAAS,MAAM,KAAK,iBAAiB,MAAM,KAAK,kBAAkB;AACxE,UAAI,WAAWA,QAAQ,QAAOA;AAAAA,IAChC;AAEA,UAAM,SAAS,MAAM,KAAK,OAAO,KAAK,aAAa,MAAM,KAAK,kBAAkB;AAChF,QAAI,WAAW,OAAQ,QAAO;AAE9B,WAAO;AAAA,MACL,OAAO;AAAA,MACP,MAAM,OAAO;AAAA,IAAA;AAAA,EAEjB;AAAA,EAEA,kBAAkB;AAChB,UAAM,kBAAkB,IAAI,gBAAA;AAC5B,QAAI,WAAW;AACf,QAAI,YAA2B;AAE/B,UAAM,gBAAgB,MAAM;AAC1B,iBAAW;AACX,UAAI,KAAK,kBAAkB;AACzB,aAAK,iBAAA;AACL,aAAK,mBAAmB;AAAA,MAC1B;AAAA,IACF;AACA,UAAM,iBAAiB,MAAM;AAC3B,iBAAW;AAAA,IACb;AAEA,WAAO,iBAAiB,UAAU,aAAa;AAC/C,WAAO,iBAAiB,WAAW,cAAc;AAEjD,UAAM,UAAU,MAAM;AAGpB,UAAI,cAAc,MAAM;AACtB,eAAO,aAAa,SAAS;AAC7B,oBAAY;AAAA,MACd;AAEA,YAAM,iBAAiB,KAAK,kBAAA;AAE5B,UAAI,CAAC,kBAAkB,YAAY,eAAe,KAAK,CAAC,EAAG;AAG3D,YAAM,iBAAiB,sBAAsB,eAAe,KAAK,yBAAyB;AAK1F,UAAI,iBAAiB,GAAG;AACtB;AAAA,MACF;AAGA,YAAM,YAAY,YAAY;AAE5B,oBAAY;AAEZ,YAAI,CAAC,UAAU;AAEb,eAAK,mBAAmB;AACxB;AAAA,QACF;AAEA,cAAM,SAAS,MAAM,KAAK,eAAe,EAAE,QAAQ,gBAAgB,QAAQ;AAE3E,YAAI,WAAW,QAAQ;AAGrB,cAAI,OAAO,UAAU,WAAW;AAC9B;AAAA,UACF;AAEA,eAAK,MAAM,SAAS;AAAA,YAClB,QAAQ;AAAA,YACR,MAAM;AAAA,YACN,OAAO,OAAO;AAAA,UAAA,CACf;AACD;AAAA,QACF,OAAO;AAEL,kBAAA;AAAA,QACF;AAAA,MACF;AAEA,kBAAY,OAAO,WAAW,WAAW,cAAc;AAAA,IACzD;AAEA,YAAA;AAEA,WAAO,MAAM;AACX,UAAI,WAAW;AACb,eAAO,aAAa,SAAS;AAAA,MAC/B;AACA,sBAAgB,MAAA;AAChB,aAAO,oBAAoB,UAAU,aAAa;AAClD,aAAO,oBAAoB,WAAW,cAAc;AAAA,IACtD;AAAA,EACF;AAAA,EAEA,MAAc,eAAe,EAAE,OAAA,IAAiD,IAAI;AAClF,QAAI,QAAQ;AAEV,WAAK,kBAAkB,IAAI,MAAM;AAEjC,aAAO,iBAAiB,SAAS,MAAM;AACrC,aAAK,kBAAkB,OAAO,MAAM;AAEpC,YAAI,KAAK,kBAAkB,SAAS,GAAG;AACrC,eAAK,iCAAiC,MAAA;AAAA,QACxC;AAAA,MACF,CAAC;AAAA,IACH;AAEA,QAAI,KAAK,gBAAgB;AACvB,aAAO,KAAK;AAAA,IACd;AAEA,SAAK,kCAAkC,IAAI,gBAAA;AAE3C,SAAK,gCAAgC,OAAO,iBAAiB,SAAS,MAAM;AAC1E,WAAK,iBAAiB;AACtB,WAAK,kCAAkC;AACvC,WAAK,kBAAkB,MAAA;AAAA,IACzB,CAAC;AAGD,UAAM,eAAe,CAAC,KAAK,SAASH,UAAAA,QAAQ,IAAI,yBAAyB,IAAI;AAG7E,UAAM,cAAqC,CAAA;AAC3C,QAAI,cAAc;AAChB,kBAAY,WAAW;AAAA,IACzB;AAOA,SAAK,iBAAiB,KAAK,YAAY,KACpC,QAAQ,aAAa;AAAA,MACpB,QAAQ,KAAK,gCAAgC;AAAA,IAAA,CAC9C,EACA,KAAK,CAAC,aAAa;AAGlB,UAAI,CAAC,KAAK,QAAQ;AAChB,aAAK,UAAU,qBAAqB,SAAS,cAAc;AAAA,UACzD,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,QAAA,CACxB;AAAA,MACH;AACA,aAAO;AAAA,IACT,CAAC,EACA,MAAM,KAAK,kBAAkB;AAEhC,QAAI;AACF,aAAO,MAAM,KAAK;AAAA,IACpB,UAAA;AACE,WAAK,iBAAiB;AACtB,WAAK,kCAAkC;AACvC,WAAK,kBAAkB,MAAA;AAAA,IACzB;AAAA,EACF;AACF;;;;;;;"}

package/dist/client/auth.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/client/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAc,MAAM,eAAe,CAAC;AAKlD,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,eAAO,MAAM,mBAAmB,kBAAkB,CAAC;AACnD,eAAO,MAAM,4BAA4B,aAAa,CAAC;AACvD,eAAO,MAAM,yBAAyB,aAAa,CAAC;AACpD,eAAO,MAAM,yBAAyB,KAAK,CAAC;AAyC5C;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAI,YAAY,MAAM,EAAE,QAAQ,MAAM,KAAG,OAGhE,CAAC;AAEF,qBAAa,kBAAkB;IAS3B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IAVxB,OAAO,CAAC,gBAAgB,CAA6B;IACrD,OAAO,CAAC,cAAc,CAAyE;IAC/F,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,+BAA+B,CAAgC;IAEvE,OAAO,CAAC,WAAW,CAAQ;gBAGR,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,KAAK,EACb,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAChD,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM;IAUxB;;OAEG;IACH,OAAO,CAAC,SAAS;IAcjB,iBAAiB,IAAI;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,GAAG,IAAI;IAkBF,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAuB9C,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,CAAA;KAAE,CAAC;IA8B1E,UAAU,CAAC,EAAE,MAAM,EAAE,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GAAG,OAAO,CAAC;QACnE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;KACnB,CAAC;IAkDF,eAAe;YAwFD,cAAc;CAgE7B"}
+{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/client/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAc,MAAM,eAAe,CAAC;AAKlD,OAAO,KAAK,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,eAAO,MAAM,mBAAmB,kBAAkB,CAAC;AACnD,eAAO,MAAM,4BAA4B,aAAa,CAAC;AACvD,eAAO,MAAM,yBAAyB,aAAa,CAAC;AACpD,eAAO,MAAM,yBAAyB,KAAK,CAAC;AAyC5C;;;;;GAKG;AACH,eAAO,MAAM,WAAW,GAAI,YAAY,MAAM,EAAE,QAAQ,MAAM,KAAG,OAGhE,CAAC;AAEF,qBAAa,kBAAkB;IAS3B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,KAAK;IAVxB,OAAO,CAAC,gBAAgB,CAA6B;IACrD,OAAO,CAAC,cAAc,CAAyE;IAC/F,OAAO,CAAC,iBAAiB,CAA+B;IACxD,OAAO,CAAC,+BAA+B,CAAgC;IAEvE,OAAO,CAAC,WAAW,CAAQ;gBAGR,MAAM,EAAE,OAAO,EACf,MAAM,EAAE,KAAK,EACb,KAAK,EAAE,aAAa,CAAC,SAAS,CAAC,EAChD,OAAO,EAAE,MAAM,EACf,cAAc,EAAE,MAAM;IAUxB;;OAEG;IACH,OAAO,CAAC,SAAS;IAcjB,iBAAiB,IAAI;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;KACb,GAAG,IAAI;IAkBF,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAuB9C,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,IAAI,CAAA;KAAE,CAAC;IA8B1E,UAAU,CAAC,EAAE,MAAM,EAAE,GAAE;QAAE,MAAM,CAAC,EAAE,WAAW,CAAA;KAAO,GAAG,OAAO,CAAC;QACnE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,IAAI,EAAE,IAAI,GAAG,IAAI,CAAC;KACnB,CAAC;IAgDF,eAAe;YAwFD,cAAc;CAgE7B"}