@cloudsignal/pwa-sdk 1.1.1 → 1.2.0

package/dist/index.cjs

@@ -7,6 +7,114 @@ Object.defineProperty(exports, '__esModule', { value: true });
  * https://cloudsignal.io
  * MIT License
  */
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/utils/hmac.ts
+var hmac_exports = {};
+__export(hmac_exports, {
+  generateAuthHeaders: () => generateAuthHeaders,
+  generateHMACSignature: () => generateHMACSignature,
+  isValidUUID: () => isValidUUID,
+  makeAuthenticatedRequest: () => makeAuthenticatedRequest
+});
+function toHex(buffer) {
+  return Array.from(new Uint8Array(buffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function toBase64(buffer) {
+  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+}
+async function generateHMACSignature(secret, organizationId, timestamp, method, url, body = "") {
+  const encoder = new TextEncoder();
+  let path;
+  let query;
+  try {
+    const urlObj = url.startsWith("http") ? new URL(url) : new URL(url, "https://pwa.cloudsignal.app");
+    path = urlObj.pathname;
+    query = urlObj.search ? urlObj.search.slice(1) : "";
+  } catch {
+    const queryIndex = url.indexOf("?");
+    if (queryIndex > -1) {
+      path = url.slice(0, queryIndex);
+      query = url.slice(queryIndex + 1);
+    } else {
+      path = url;
+      query = "";
+    }
+  }
+  const canonicalParts = [
+    method.toUpperCase(),
+    path,
+    query,
+    organizationId,
+    timestamp
+  ];
+  if (body && body.length > 0) {
+    const bodyHashBuffer = await crypto.subtle.digest("SHA-256", encoder.encode(body));
+    const bodyHashHex = toHex(bodyHashBuffer);
+    canonicalParts.push(bodyHashHex);
+  }
+  const canonicalString = canonicalParts.join("\n");
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.subtle.sign("HMAC", key, encoder.encode(canonicalString));
+  return toBase64(signature);
+}
+async function generateAuthHeaders(organizationId, organizationSecret, method, url, body) {
+  const timestamp = Math.floor(Date.now() / 1e3).toString();
+  const signature = await generateHMACSignature(
+    organizationSecret,
+    organizationId,
+    timestamp,
+    method,
+    url,
+    body || ""
+  );
+  return {
+    "X-CloudSignal-Organization-ID": organizationId,
+    "X-CloudSignal-Timestamp": timestamp,
+    "X-CloudSignal-Signature": signature,
+    "Content-Type": "application/json"
+  };
+}
+async function makeAuthenticatedRequest(organizationId, organizationSecret, method, url, body) {
+  const bodyStr = body ? JSON.stringify(body) : void 0;
+  const headers = await generateAuthHeaders(
+    organizationId,
+    organizationSecret,
+    method,
+    url,
+    bodyStr
+  );
+  const options = {
+    method,
+    headers
+  };
+  if (bodyStr) {
+    options.body = bodyStr;
+  }
+  return fetch(url, options);
+}
+function isValidUUID(value) {
+  if (!value || typeof value !== "string") return false;
+  return /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(value);
+}
+var init_hmac = __esm({
+  "src/utils/hmac.ts"() {
+  }
+});
 
 // src/utils/fingerprint.ts
 async function generateBrowserFingerprint() {
@@ -893,80 +1001,20 @@ var InstallationManager = class {
   }
 };
 
-// src/utils/hmac.ts
-function toHex(buffer) {
-  return Array.from(new Uint8Array(buffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-function toBase64(buffer) {
-  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
-}
-async function generateHMACSignature(secret, organizationId, timestamp, method, url, body = "") {
-  const encoder = new TextEncoder();
-  let path;
-  let query;
-  try {
-    const urlObj = url.startsWith("http") ? new URL(url) : new URL(url, "https://pwa.cloudsignal.app");
-    path = urlObj.pathname;
-    query = urlObj.search ? urlObj.search.slice(1) : "";
-  } catch {
-    const queryIndex = url.indexOf("?");
-    if (queryIndex > -1) {
-      path = url.slice(0, queryIndex);
-      query = url.slice(queryIndex + 1);
-    } else {
-      path = url;
-      query = "";
-    }
-  }
-  const canonicalParts = [
-    method.toUpperCase(),
-    path,
-    query,
-    organizationId,
-    timestamp
-  ];
-  if (body && body.length > 0) {
-    const bodyHashBuffer = await crypto.subtle.digest("SHA-256", encoder.encode(body));
-    const bodyHashHex = toHex(bodyHashBuffer);
-    canonicalParts.push(bodyHashHex);
-  }
-  const canonicalString = canonicalParts.join("\n");
-  const key = await crypto.subtle.importKey(
-    "raw",
-    encoder.encode(secret),
-    { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign"]
-  );
-  const signature = await crypto.subtle.sign("HMAC", key, encoder.encode(canonicalString));
-  return toBase64(signature);
-}
-async function generateAuthHeaders(organizationId, organizationSecret, method, url, body) {
-  const timestamp = Math.floor(Date.now() / 1e3).toString();
-  const signature = await generateHMACSignature(
-    organizationSecret,
-    organizationId,
-    timestamp,
-    method,
-    url,
-    body || ""
-  );
+// src/PushNotificationManager.ts
+init_hmac();
+
+// src/utils/jwt-auth.ts
+function generateJWTHeaders(token, organizationId) {
   return {
+    "Authorization": `Bearer ${token}`,
     "X-CloudSignal-Organization-ID": organizationId,
-    "X-CloudSignal-Timestamp": timestamp,
-    "X-CloudSignal-Signature": signature,
     "Content-Type": "application/json"
   };
 }
-async function makeAuthenticatedRequest(organizationId, organizationSecret, method, url, body) {
+async function makeJWTAuthenticatedRequest(config, method, url, body) {
   const bodyStr = body ? JSON.stringify(body) : void 0;
-  const headers = await generateAuthHeaders(
-    organizationId,
-    organizationSecret,
-    method,
-    url,
-    bodyStr
-  );
+  let headers = generateJWTHeaders(config.token, config.organizationId);
   const options = {
     method,
     headers
@@ -974,11 +1022,81 @@ async function makeAuthenticatedRequest(organizationId, organizationSecret, meth
   if (bodyStr) {
     options.body = bodyStr;
   }
-  return fetch(url, options);
+  let response = await fetch(url, options);
+  if (response.status === 401 && config.onTokenExpired) {
+    try {
+      const newToken = await config.onTokenExpired();
+      if (newToken) {
+        headers = generateJWTHeaders(newToken, config.organizationId);
+        options.headers = headers;
+        response = await fetch(url, options);
+      }
+    } catch (refreshError) {
+      console.warn("[CloudSignal PWA] Token refresh failed:", refreshError);
+    }
+  }
+  return response;
 }
-function isValidUUID(value) {
-  if (!value || typeof value !== "string") return false;
-  return /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(value);
+function createAuthContext(config) {
+  if (config.userToken) {
+    return {
+      mode: "jwt",
+      organizationId: config.organizationId,
+      userToken: config.userToken,
+      onTokenExpired: config.onTokenExpired
+    };
+  }
+  if (!config.organizationSecret) {
+    throw new Error("Either userToken or organizationSecret is required");
+  }
+  return {
+    mode: "hmac",
+    organizationId: config.organizationId,
+    organizationSecret: config.organizationSecret
+  };
+}
+async function makeAuthenticatedRequestWithContext(authContext, method, url, body, onTokenExpired) {
+  if (authContext.mode === "jwt") {
+    if (!authContext.userToken) {
+      throw new Error("userToken required for JWT auth mode");
+    }
+    return makeJWTAuthenticatedRequest(
+      {
+        token: authContext.userToken,
+        organizationId: authContext.organizationId,
+        // Allow override of token expired callback
+        onTokenExpired: onTokenExpired || authContext.onTokenExpired
+      },
+      method,
+      url,
+      body
+    );
+  }
+  const { makeAuthenticatedRequest: makeAuthenticatedRequest4 } = await Promise.resolve().then(() => (init_hmac(), hmac_exports));
+  if (!authContext.organizationSecret) {
+    throw new Error("organizationSecret required for HMAC auth mode");
+  }
+  return makeAuthenticatedRequest4(
+    authContext.organizationId,
+    authContext.organizationSecret,
+    method,
+    url,
+    body
+  );
+}
+function updateAuthToken(authContext, newToken) {
+  if (authContext.mode !== "jwt") {
+    return {
+      mode: "jwt",
+      organizationId: authContext.organizationId,
+      userToken: newToken,
+      onTokenExpired: authContext.onTokenExpired
+    };
+  }
+  return {
+    ...authContext,
+    userToken: newToken
+  };
 }
 
 // src/utils/storage.ts
@@ -1224,14 +1342,19 @@ var PushNotificationManager = class {
     this.vapidPublicKey = null;
     this.serviceUrl = options.serviceUrl;
     this.organizationId = options.organizationId;
-    this.organizationSecret = options.organizationSecret;
     this.serviceId = options.serviceId;
     this.debug = options.debug ?? false;
     this.deviceDetector = new DeviceDetector();
+    this.authContext = createAuthContext({
+      organizationId: options.organizationId,
+      organizationSecret: options.organizationSecret,
+      userToken: options.userToken
+    });
     this.onRegistered = options.onRegistered;
     this.onUnregistered = options.onUnregistered;
     this.onError = options.onError;
     this.onPermissionDenied = options.onPermissionDenied;
+    this.onTokenExpired = options.onTokenExpired;
     this.registrationId = getRegistrationId(this.organizationId, this.serviceId);
   }
   /**
@@ -1258,6 +1381,19 @@ var PushNotificationManager = class {
   isRegistered() {
     return this.registrationId !== null;
   }
+  /**
+   * Get current authentication mode
+   */
+  getAuthMode() {
+    return this.authContext.mode;
+  }
+  /**
+   * Update JWT token (for token refresh or upgrading from HMAC to JWT)
+   */
+  updateToken(token) {
+    this.authContext = updateAuthToken(this.authContext, token);
+    this.log(`Auth mode: ${this.authContext.mode}`);
+  }
   /**
    * Register for push notifications
    */
@@ -1307,12 +1443,12 @@ var PushNotificationManager = class {
         language: options.language || navigator.language || "en-US"
       };
       const url = `${this.serviceUrl}/api/v1/registration/register`;
-      const response = await makeAuthenticatedRequest(
-        this.organizationId,
-        this.organizationSecret,
+      const response = await makeAuthenticatedRequestWithContext(
+        this.authContext,
         "POST",
         url,
-        registrationData
+        registrationData,
+        this.onTokenExpired
       );
       if (!response.ok) {
         const errorText = await response.text();
@@ -1351,12 +1487,12 @@ var PushNotificationManager = class {
         this.pushSubscription = null;
       }
       const url = `${this.serviceUrl}/api/v1/registration/unregister`;
-      const response = await makeAuthenticatedRequest(
-        this.organizationId,
-        this.organizationSecret,
+      const response = await makeAuthenticatedRequestWithContext(
+        this.authContext,
         "POST",
         url,
-        { registration_id: this.registrationId }
+        { registration_id: this.registrationId },
+        this.onTokenExpired
       );
       if (!response.ok) {
         this.log(`Backend unregistration failed: ${response.status}`, "warn");
@@ -1382,9 +1518,8 @@ var PushNotificationManager = class {
         throw new Error("Not registered for push notifications");
       }
       const url = `${this.serviceUrl}/api/v1/registration/update`;
-      const response = await makeAuthenticatedRequest(
-        this.organizationId,
-        this.organizationSecret,
+      const response = await makeAuthenticatedRequestWithContext(
+        this.authContext,
         "POST",
         url,
         {
@@ -1393,7 +1528,8 @@ var PushNotificationManager = class {
           timezone: preferences.timezone,
           language: preferences.language,
           is_active: preferences.isActive
-        }
+        },
+        this.onTokenExpired
       );
       if (!response.ok) {
         throw new Error(`Update failed: ${response.status}`);
@@ -1416,11 +1552,12 @@ var PushNotificationManager = class {
         return null;
       }
       const url = `${this.serviceUrl}/api/v1/registration/status/${this.registrationId}`;
-      const response = await makeAuthenticatedRequest(
-        this.organizationId,
-        this.organizationSecret,
+      const response = await makeAuthenticatedRequestWithContext(
+        this.authContext,
         "GET",
-        url
+        url,
+        void 0,
+        this.onTokenExpired
       );
       if (!response.ok) {
         if (response.status === 404) {
@@ -1510,6 +1647,7 @@ var PushNotificationManager = class {
 };
 
 // src/HeartbeatManager.ts
+init_hmac();
 var DEFAULT_INTERVALS = {
   "4g": 3e4,
   // 30 seconds
@@ -1533,13 +1671,18 @@ var HeartbeatManager = class {
     this.batteryManager = null;
     this.serviceUrl = options.serviceUrl;
     this.organizationId = options.organizationId;
-    this.organizationSecret = options.organizationSecret;
     this.debug = options.debug ?? false;
     this.onHeartbeatSent = options.onHeartbeatSent;
     this.onHeartbeatError = options.onHeartbeatError;
     this.onIntervalChanged = options.onIntervalChanged;
     this.onPausedForBattery = options.onPausedForBattery;
     this.onResumedFromBattery = options.onResumedFromBattery;
+    this.onTokenExpired = options.onTokenExpired;
+    this.authContext = createAuthContext({
+      organizationId: options.organizationId,
+      organizationSecret: options.organizationSecret,
+      userToken: options.userToken
+    });
     this.config = {
       enabled: options.config?.enabled ?? true,
       interval: options.config?.interval ?? 3e4,
@@ -1630,6 +1773,19 @@ var HeartbeatManager = class {
   isHeartbeatRunning() {
     return this.isRunning;
   }
+  /**
+   * Get current authentication mode
+   */
+  getAuthMode() {
+    return this.authContext.mode;
+  }
+  /**
+   * Update JWT token (for token refresh or upgrading from HMAC to JWT)
+   */
+  updateToken(token) {
+    this.authContext = updateAuthToken(this.authContext, token);
+    this.log(`Auth mode: ${this.authContext.mode}`);
+  }
   /**
    * Send a single heartbeat
    */
@@ -1640,11 +1796,12 @@ var HeartbeatManager = class {
     }
     try {
       const url = `${this.serviceUrl}/api/v1/registration/heartbeat/${this.registrationId}`;
-      const response = await makeAuthenticatedRequest(
-        this.organizationId,
-        this.organizationSecret,
+      const response = await makeAuthenticatedRequestWithContext(
+        this.authContext,
         "POST",
-        url
+        url,
+        void 0,
+        this.onTokenExpired
       );
       if (!response.ok) {
         throw new Error(`Heartbeat failed: ${response.status}`);
@@ -2960,7 +3117,7 @@ var IOSInstallBanner = class {
 
 // src/CloudSignalPWA.ts
 var DEFAULT_SERVICE_URL = "https://pwa.cloudsignal.app";
-var SDK_VERSION = "1.1.0";
+var SDK_VERSION = "1.2.0";
 var CloudSignalPWA = class {
   constructor(config) {
     this.initialized = false;
@@ -2974,6 +3131,14 @@ var CloudSignalPWA = class {
     this.config = config;
     this.serviceUrl = config.serviceUrl || DEFAULT_SERVICE_URL;
     this.debug = config.debug ?? false;
+    if (!config.organizationSecret && !config.userToken) {
+      throw new Error("Either organizationSecret or userToken must be provided");
+    }
+    this.authContext = createAuthContext({
+      organizationId: config.organizationId,
+      organizationSecret: config.organizationSecret,
+      userToken: config.userToken
+    });
     this.deviceDetector = new DeviceDetector();
     this.serviceWorkerManager = new ServiceWorkerManager({
       config: config.serviceWorker,
@@ -2993,6 +3158,8 @@ var CloudSignalPWA = class {
       serviceUrl: this.serviceUrl,
       organizationId: config.organizationId,
       organizationSecret: config.organizationSecret,
+      userToken: config.userToken,
+      onTokenExpired: config.onTokenExpired,
       serviceId: config.serviceId,
       debug: this.debug,
       onRegistered: (reg) => {
@@ -3010,6 +3177,8 @@ var CloudSignalPWA = class {
       serviceUrl: this.serviceUrl,
       organizationId: config.organizationId,
       organizationSecret: config.organizationSecret,
+      userToken: config.userToken,
+      onTokenExpired: config.onTokenExpired,
       config: config.heartbeat,
       debug: this.debug,
       onHeartbeatSent: () => this.emit("heartbeat:sent", { timestamp: Date.now() }),
@@ -3118,12 +3287,12 @@ var CloudSignalPWA = class {
   async downloadConfig() {
     try {
       const url = `${this.serviceUrl}/api/v1/config/download`;
-      const response = await makeAuthenticatedRequest(
-        this.config.organizationId,
-        this.config.organizationSecret,
+      const response = await makeAuthenticatedRequestWithContext(
+        this.authContext,
         "POST",
         url,
-        { organization_id: this.config.organizationId }
+        { organization_id: this.config.organizationId },
+        this.config.onTokenExpired
       );
       if (!response.ok) {
         throw new Error(`Config download failed: ${response.status}`);
@@ -3225,6 +3394,27 @@ var CloudSignalPWA = class {
     return this.pushNotificationManager.requestPermission();
   }
   // ============================================
+  // Authentication
+  // ============================================
+  /**
+   * Get current authentication mode
+   */
+  getAuthMode() {
+    return this.authContext.mode;
+  }
+  /**
+   * Set JWT user token (for upgrading anonymous to authenticated, or token refresh)
+   * After calling this, you should call registerForPush() again to re-register with user context
+   * @param token - JWT token from identity provider
+   */
+  setUserToken(token) {
+    this.authContext = updateAuthToken(this.authContext, token);
+    this.pushNotificationManager.updateToken(token);
+    this.heartbeatManager.updateToken(token);
+    this.emit("auth:tokenUpdated", { mode: this.authContext.mode });
+    this.log(`Auth mode updated to: ${this.authContext.mode}`);
+  }
+  // ============================================
   // Device Information
   // ============================================
   /**
@@ -3944,7 +4134,8 @@ var NotificationPermissionPrompt = class {
 };
 
 // src/index.ts
-var VERSION = "1.1.0";
+init_hmac();
+var VERSION = "1.2.0";
 
 exports.CloudSignalPWA = CloudSignalPWA;
 exports.DeviceDetector = DeviceDetector;
@@ -3960,20 +4151,25 @@ exports.PushNotificationManager = PushNotificationManager;
 exports.ServiceWorkerManager = ServiceWorkerManager;
 exports.VERSION = VERSION;
 exports.WakeLockManager = WakeLockManager;
+exports.createAuthContext = createAuthContext;
 exports.default = CloudSignalPWA_default;
 exports.detectBrowserLanguage = detectBrowserLanguage;
 exports.deviceDetector = deviceDetector;
 exports.generateAuthHeaders = generateAuthHeaders;
 exports.generateBrowserFingerprint = generateBrowserFingerprint;
 exports.generateHMACSignature = generateHMACSignature;
+exports.generateJWTHeaders = generateJWTHeaders;
 exports.generateTrackingId = generateTrackingId;
 exports.getRegistrationId = getRegistrationId;
 exports.getStorageItem = getStorageItem;
 exports.isValidUUID = isValidUUID;
 exports.makeAuthenticatedRequest = makeAuthenticatedRequest;
+exports.makeAuthenticatedRequestWithContext = makeAuthenticatedRequestWithContext;
+exports.makeJWTAuthenticatedRequest = makeJWTAuthenticatedRequest;
 exports.removeRegistrationId = removeRegistrationId;
 exports.removeStorageItem = removeStorageItem;
 exports.setRegistrationId = setRegistrationId;
 exports.setStorageItem = setStorageItem;
+exports.updateAuthToken = updateAuthToken;
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map