@cloudbase/oauth 3.0.0 → 3.0.1

package/dist/esm/oauth2client/oauth2client.js

@@ -1,10 +1,10 @@
 import { ErrorType } from './consts';
-import { ApiUrls, ApiUrlsV2, AUTH_API_PREFIX } from '../auth/consts';
+import { ApiUrls, ApiUrlsV2, AUTH_API_PREFIX, AUTH_STATE_CHANGED_TYPE, EVENTS } from '../auth/consts';
 import { uuidv4 } from '../utils/uuid';
 import { getPathName } from '../utils/index';
 import { SinglePromise } from '../utils/function/single-promise';
 import { weBtoa } from '../utils/base64';
-import { isMatch } from '../utils/cloudbase-adapter-wx_mp';
+import { isMp } from '../utils/mp';
 import { langEvent } from '@cloudbase/utilities';
 const RequestIdHeaderName = 'x-request-id';
 const DeviceIdHeaderName = 'x-device-id';
@@ -103,15 +103,13 @@ function isCredentialsExpired(credentials) {
 class LocalCredentials {
     constructor(options) {
         this.credentials = null;
+        this.accessKeyCredentials = null;
         this.singlePromise = null;
         this.tokenSectionName = options.tokenSectionName;
         this.storage = options.storage;
         this.clientId = options.clientId;
         this.singlePromise = new SinglePromise({ clientId: this.clientId });
         this.credentials = options.credentials || null;
-        if (this.credentials) {
-            this.setCredentials(this.credentials);
-        }
     }
     getStorageCredentialsSync() {
         let credentials = null;
@@ -148,10 +146,17 @@ class LocalCredentials {
             this.credentials = null;
         }
     }
+    setAccessKeyCredentials(credentials) {
+        this.accessKeyCredentials = credentials;
+    }
     async getCredentials() {
         return this.singlePromise.run('getCredentials', async () => {
             if (isCredentialsExpired(this.credentials)) {
-                this.credentials = await this.getStorageCredentials();
+                const { credentials, isAccessKeyCredentials } = await this.getStorageCredentials();
+                if (isAccessKeyCredentials) {
+                    return credentials;
+                }
+                this.credentials = credentials;
             }
             return this.credentials;
         });
@@ -159,8 +164,9 @@ class LocalCredentials {
     async getStorageCredentials() {
         return this.singlePromise.run('_getStorageCredentials', async () => {
             let credentials = null;
+            let isAccessKeyCredentials = false;
             const tokenStr = await this.storage.getItem(this.tokenSectionName);
-            if (tokenStr !== undefined && tokenStr !== null) {
+            if (!!tokenStr) {
                 try {
                     credentials = JSON.parse(tokenStr);
                     if (credentials?.expires_at) {
@@ -172,12 +178,19 @@ class LocalCredentials {
                     credentials = null;
                 }
             }
-            return credentials;
+            else {
+                credentials = this.accessKeyCredentials || null;
+                isAccessKeyCredentials = true;
+            }
+            return { credentials, isAccessKeyCredentials };
         });
     }
 }
 class OAuth2Client {
     constructor(options) {
+        this.initializePromise = null;
+        this.lockAcquired = false;
+        this.pendingInLock = [];
         this.singlePromise = null;
         if (!options.clientSecret) {
             options.clientSecret = '';
@@ -189,7 +202,7 @@ class OAuth2Client {
         this.apiPath = options.apiPath || AUTH_API_PREFIX;
         this.clientId = options.clientId;
         this.i18n = options.i18n;
-        this.publishable_key = options.publishable_key;
+        this.eventBus = options.eventBus;
         this.singlePromise = new SinglePromise({ clientId: this.clientId });
         this.retry = this.formatRetry(options.retry, OAuth2Client.defaultRetry);
         if (options.baseRequest) {
@@ -205,13 +218,6 @@ class OAuth2Client {
             tokenSectionName: `credentials_${options.clientId}`,
             storage: this.storage,
             clientId: options.clientId,
-            credentials: this.publishable_key ? {
-                access_token: this.publishable_key,
-                token_type: 'Bearer',
-                scope: 'publishable_key',
-                expires_at: new Date(+new Date() + +new Date()),
-                expires_in: +new Date() + +new Date(),
-            } : null,
         });
         this.clientSecret = options.clientSecret;
         if (options.clientId) {
@@ -219,9 +225,12 @@ class OAuth2Client {
         }
         this.wxCloud = options.wxCloud;
         try {
-            if (isMatch() && this.wxCloud === undefined && options.env) {
-                wx.cloud.init({ env: options.env });
-                this.wxCloud = wx.cloud;
+            if (isMp()) {
+                this.useWxCloud = options.useWxCloud;
+                if (this.wxCloud === undefined && options.env) {
+                    wx.cloud.init({ env: options.env });
+                    this.wxCloud = wx.cloud;
+                }
             }
         }
         catch (error) {
@@ -229,14 +238,39 @@ class OAuth2Client {
         this.refreshTokenFunc = options.refreshTokenFunc || this.defaultRefreshTokenFunc;
         this.anonymousSignInFunc = options.anonymousSignInFunc;
         this.onCredentialsError = options.onCredentialsError;
+        this.getInitialSession = options.getInitialSession;
+        this.onInitialSessionObtained = options.onInitialSessionObtained;
+        this.logDebugMessages = options.debug ?? false;
         langEvent.bus.on(langEvent.LANG_CHANGE_EVENT, (params) => {
             this.i18n = params.data?.i18n || this.i18n;
         });
     }
-    setCredentials(credentials) {
-        return this.localCredentials.setCredentials(credentials);
+    setGetInitialSession(callback) {
+        this.getInitialSession = callback;
+    }
+    setOnInitialSessionObtained(callback) {
+        this.onInitialSessionObtained = callback;
+    }
+    async initialize(func) {
+        if (this.initializePromise) {
+            return await this.initializePromise;
+        }
+        if (func !== undefined) {
+            this.initializePromise = func;
+            return await this.initializePromise;
+        }
+        this.initializePromise = (async () => await this._acquireLock(-1, async () => await this._initialize()))();
+        return await this.initializePromise;
+    }
+    async setCredentials(credentials) {
+        await this.initializePromise;
+        return this._acquireLock(-1, async () => this.localCredentials.setCredentials(credentials));
+    }
+    setAccessKeyCredentials(credentials) {
+        return this.localCredentials.setAccessKeyCredentials(credentials);
     }
     async getAccessToken() {
+        await this.initializePromise;
         const credentials = await this.getCredentials();
         if (credentials?.access_token) {
             return Promise.resolve(credentials.access_token);
@@ -267,7 +301,7 @@ class OAuth2Client {
             options.headers.Authorization = this.basicAuth;
         }
         if (options?.withCredentials) {
-            const credentials = await this.getCredentials();
+            const credentials = options.getCredentials ? await options.getCredentials() : await this.getCredentials();
             if (credentials) {
                 if (this.tokenInURL) {
                     if (url.indexOf('?') < 0) {
@@ -293,12 +327,19 @@ class OAuth2Client {
         const maxRequestTimes = retry + 1;
         for (let requestTime = 0; requestTime < maxRequestTimes; requestTime++) {
             try {
-                if (options.useWxCloud) {
+                if (options.useWxCloud || this.useWxCloud) {
                     response = await this.wxCloudCallFunction(url, options);
                 }
                 else {
                     response = await this.baseRequest(url, options);
                 }
+                if (!!response?.code) {
+                    throw ({
+                        error: response.code,
+                        error_description: response.message,
+                        error_uri: new URL(url).pathname,
+                    });
+                }
                 break;
             }
             catch (responseError) {
@@ -359,37 +400,8 @@ class OAuth2Client {
         }
     }
     async getCredentials() {
-        let credentials = await this.localCredentials.getCredentials();
-        if (!credentials) {
-            const msg = 'credentials not found';
-            this.onCredentialsError?.({ msg });
-            return this.unAuthenticatedError(msg);
-        }
-        if (isCredentialsExpired(credentials)) {
-            if (credentials.refresh_token) {
-                try {
-                    credentials = await this.refreshToken(credentials);
-                }
-                catch (error) {
-                    if (credentials.scope === 'anonymous') {
-                        credentials = await this.anonymousLogin(credentials);
-                    }
-                    else {
-                        this.onCredentialsError?.({ msg: error.error_description });
-                        return Promise.reject(error);
-                    }
-                }
-            }
-            else if (credentials.scope === 'anonymous') {
-                credentials = await this.anonymousLogin(credentials);
-            }
-            else {
-                const msg = 'no refresh token found in credentials';
-                this.onCredentialsError?.({ msg });
-                return this.unAuthenticatedError(msg);
-            }
-        }
-        return credentials;
+        await this.initializePromise;
+        return this._acquireLock(-1, async () => this._getCredentials());
     }
     getCredentialsSync() {
         const credentials = this.localCredentials.getStorageCredentialsSync();
@@ -416,7 +428,11 @@ class OAuth2Client {
         }
         return credentials.groups;
     }
-    async refreshToken(credentials) {
+    async refreshToken(credentials, options) {
+        await this.initializePromise;
+        return this._acquireLock(-1, async () => this._refreshToken(credentials, options));
+    }
+    async _refreshToken(credentials, options) {
         return this.singlePromise.run('_refreshToken', async () => {
             if (!credentials || !credentials.refresh_token) {
                 const msg = 'no refresh token found in credentials';
@@ -426,9 +442,13 @@ class OAuth2Client {
             try {
                 const newCredentials = await this.refreshTokenFunc(credentials.refresh_token, credentials);
                 await this.localCredentials.setCredentials(newCredentials);
+                this.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.TOKEN_REFRESHED });
                 return newCredentials;
             }
             catch (error) {
+                if (options?.throwError) {
+                    throw error;
+                }
                 if (error.error === ErrorType.INVALID_GRANT) {
                     await this.localCredentials.setCredentials(null);
                     const msg = error.error_description;
@@ -541,6 +561,131 @@ class OAuth2Client {
         };
         return Promise.reject(respErr);
     }
+    _debug(...args) {
+        if (this.logDebugMessages) {
+            console.log('[OAuth2Client]', ...args);
+        }
+    }
+    async _initialize() {
+        try {
+            if (!this.getInitialSession) {
+                this._debug('#_initialize()', 'no getInitialSession callback set, skipping');
+                return { error: null };
+            }
+            this._debug('#_initialize()', 'calling getInitialSession callback');
+            try {
+                const { data, error } = await this.getInitialSession();
+                if (data?.session) {
+                    this._debug('#_initialize()', 'session obtained from getInitialSession', data.session);
+                    await this.localCredentials.setCredentials(data?.session);
+                }
+                if (this.onInitialSessionObtained) {
+                    this._debug('#_initialize()', 'calling onInitialSessionObtained callback');
+                    try {
+                        await this.onInitialSessionObtained(data, error);
+                    }
+                    catch (callbackError) {
+                        this._debug('#_initialize()', 'error in onInitialSessionObtained', callbackError);
+                    }
+                }
+                if (error) {
+                    this._debug('#_initialize()', 'error from getInitialSession', error);
+                    return { error };
+                }
+                return { error: null };
+            }
+            catch (err) {
+                this._debug('#_initialize()', 'exception during getInitialSession', err);
+                return { error: err instanceof Error ? err : new Error(String(err)) };
+            }
+        }
+        catch (error) {
+            this._debug('#_initialize()', 'unexpected error', error);
+            return { error: error instanceof Error ? error : new Error(String(error)) };
+        }
+        finally {
+            this._debug('#_initialize()', 'end');
+        }
+    }
+    async _acquireLock(acquireTimeout, fn) {
+        this._debug('#_acquireLock', 'begin', acquireTimeout);
+        try {
+            if (this.lockAcquired) {
+                const last = this.pendingInLock.length ? this.pendingInLock[this.pendingInLock.length - 1] : Promise.resolve();
+                const result = (async () => {
+                    await last;
+                    return await fn();
+                })();
+                this.pendingInLock.push((async () => {
+                    try {
+                        await result;
+                    }
+                    catch (_e) {
+                    }
+                })());
+                return result;
+            }
+            this._debug('#_acquireLock', 'acquiring lock for client', this.clientId);
+            try {
+                this.lockAcquired = true;
+                const result = fn();
+                this.pendingInLock.push((async () => {
+                    try {
+                        await result;
+                    }
+                    catch (_e) {
+                    }
+                })());
+                await result;
+                while (this.pendingInLock.length) {
+                    const waitOn = [...this.pendingInLock];
+                    await Promise.all(waitOn);
+                    this.pendingInLock.splice(0, waitOn.length);
+                }
+                return await result;
+            }
+            finally {
+                this._debug('#_acquireLock', 'releasing lock for client', this.clientId);
+                this.lockAcquired = false;
+            }
+        }
+        finally {
+            this._debug('#_acquireLock', 'end');
+        }
+    }
+    async _getCredentials() {
+        let credentials = await this.localCredentials.getCredentials();
+        if (!credentials) {
+            const msg = 'credentials not found';
+            this.onCredentialsError?.({ msg });
+            return this.unAuthenticatedError(msg);
+        }
+        if (isCredentialsExpired(credentials)) {
+            if (credentials.refresh_token) {
+                try {
+                    credentials = await this._refreshToken(credentials);
+                }
+                catch (error) {
+                    if (credentials.scope === 'anonymous') {
+                        credentials = await this.anonymousLogin(credentials);
+                    }
+                    else {
+                        this.onCredentialsError?.({ msg: error.error_description });
+                        return Promise.reject(error);
+                    }
+                }
+            }
+            else if (credentials.scope === 'anonymous') {
+                credentials = await this.anonymousLogin(credentials);
+            }
+            else {
+                const msg = 'no refresh token found in credentials';
+                this.onCredentialsError?.({ msg });
+                return this.unAuthenticatedError(msg);
+            }
+        }
+        return credentials;
+    }
 }
 OAuth2Client.defaultRetry = 2;
 OAuth2Client.minRetry = 0;

package/dist/esm/utils/base64.d.ts

@@ -2,3 +2,8 @@ export declare function weBtoa(string: string): string;
 export declare const weAtob: (string: string) => string;
 export declare function base64_url_decode(str: string): string;
 export declare function weappJwtDecode(token: string, options?: any): any;
+export declare function weAppJwtDecodeAll(token: string): {
+    claims: any;
+    header: any;
+    signature: any;
+};

package/dist/esm/utils/base64.js

@@ -89,3 +89,15 @@ export function weappJwtDecode(token, options) {
         throw new Error(`Invalid token specified: ${e}` ? e.message : '');
     }
 }
+export function weAppJwtDecodeAll(token) {
+    if (typeof token !== 'string') {
+        throw new Error('Invalid token specified');
+    }
+    try {
+        const parts = token.split('.').map((segment, i) => i === 2 ? segment : JSON.parse(base64_url_decode(segment)));
+        return { claims: parts[1], header: parts[0], signature: parts[2] };
+    }
+    catch (e) {
+        throw new Error(`Invalid token specified: ${e}` ? e.message : '');
+    }
+}

package/dist/esm/utils/encryptlong/index.js

@@ -2429,21 +2429,25 @@ if (!globalThis.IS_MP_BUILD) {
         rng_pool = [];
         rng_pptr = 0;
         var t = void 0;
-        if (window?.crypto && window?.crypto.getRandomValues) {
-            var z = new Uint32Array(256);
-            window?.crypto.getRandomValues(z);
-            for (t = 0; t < z.length; ++t) {
-                rng_pool[rng_pptr++] = z[t] & 255;
+        if (typeof window !== 'undefined') {
+            if (window?.crypto && window?.crypto.getRandomValues) {
+                var z = new Uint32Array(256);
+                window?.crypto.getRandomValues(z);
+                for (t = 0; t < z.length; ++t) {
+                    rng_pool[rng_pptr++] = z[t] & 255;
+                }
             }
         }
         var onMouseMoveListener_1 = function (ev) {
             this.count = this.count || 0;
             if (this.count >= 256 || rng_pptr >= rng_psize) {
-                if (window?.removeEventListener) {
-                    window?.removeEventListener('mousemove', onMouseMoveListener_1, false);
-                }
-                else if (window?.detachEvent) {
-                    window?.detachEvent('onmousemove', onMouseMoveListener_1);
+                if (typeof window !== 'undefined') {
+                    if (window?.removeEventListener) {
+                        window?.removeEventListener('mousemove', onMouseMoveListener_1, false);
+                    }
+                    else if (window?.detachEvent) {
+                        window?.detachEvent('onmousemove', onMouseMoveListener_1);
+                    }
                 }
                 return;
             }
@@ -2455,11 +2459,13 @@ if (!globalThis.IS_MP_BUILD) {
             catch (e) {
             }
         };
-        if (window?.addEventListener) {
-            window?.addEventListener('mousemove', onMouseMoveListener_1, false);
-        }
-        else if (window?.attachEvent) {
-            window?.attachEvent('onmousemove', onMouseMoveListener_1);
+        if (typeof window !== 'undefined') {
+            if (window?.addEventListener) {
+                window?.addEventListener('mousemove', onMouseMoveListener_1, false);
+            }
+            else if (window?.attachEvent) {
+                window?.attachEvent('onmousemove', onMouseMoveListener_1);
+            }
         }
     }
     function rng_get_byte() {

package/dist/esm/utils/mp.js

@@ -9,7 +9,7 @@ export function isMp() {
     if (globalThis.Page === undefined) {
         return false;
     }
-    if (!wx.getSystemInfoSync) {
+    if (!wx.getDeviceInfo) {
         return false;
     }
     if (!wx.getStorageSync) {
@@ -25,10 +25,10 @@ export function isMp() {
         return false;
     }
     try {
-        if (!wx.getSystemInfoSync()) {
+        if (!wx.getDeviceInfo()) {
             return false;
         }
-        if (wx.getSystemInfoSync().AppPlatform === 'qq') {
+        if (wx.getDeviceInfo().platform === 'qq') {
             return false;
         }
     }