@dragonmastery/dragoncore-vue 0.0.1

package/dist/useRpcAuth-BLlRSHy8.js

@@ -0,0 +1,722 @@
+import { computed, readonly, ref, watchEffect } from "vue";
+import { newHttpBatchRpcSession } from "capnweb";
+import { jwtDecode } from "jwt-decode";
+import { defineStore } from "pinia";
+
+//#region src/composables/useEnv.ts
+function useEnv() {
+	return readonly({
+		restApiClient: {
+			apiUrl: import.meta.env.VITE_API_CLIENT_URL,
+			authOptions: {
+				userDetails: import.meta.env.VITE_CF_APP_USER_DETAILS,
+				accessToken: import.meta.env.VITE_CF_APP_ACCESS_TOKEN,
+				decodedToken: import.meta.env.VITE_CF_APP_DECODED_TOKEN
+			}
+		},
+		allowUserSignup: import.meta.env.VITE_ALLOW_USER_SIGNUP === "true",
+		maxAttachmentFileSize: import.meta.env.VITE_MAX_ATTACHMENT_FILE_SIZE_MB ? parseInt(import.meta.env.VITE_MAX_ATTACHMENT_FILE_SIZE_MB, 10) * 1024 * 1024 : 50 * 1024 * 1024
+	});
+}
+
+//#endregion
+//#region src/utils/logger.ts
+/**
+* Log levels as string literals
+*/
+const LOG_LEVEL = {
+	NONE: "NONE",
+	ERROR: "ERROR",
+	WARN: "WARN",
+	INFO: "INFO",
+	DEBUG: "DEBUG",
+	TRACE: "TRACE"
+};
+/**
+* Logger utility that conditionally logs based on configured log level
+*/
+var Logger = class Logger {
+	static instance;
+	logLevel = LOG_LEVEL.INFO;
+	constructor() {
+		this.setLogLevelFromEnv();
+	}
+	/**
+	* Get the singleton logger instance
+	*/
+	static getInstance() {
+		if (!Logger.instance) Logger.instance = new Logger();
+		return Logger.instance;
+	}
+	/**
+	* Set the log level from environment variables
+	*/
+	setLogLevelFromEnv() {
+		const logLevelStr = import.meta.env.VITE_LOG_LEVEL || "";
+		if (logLevelStr) switch (logLevelStr.toUpperCase()) {
+			case "NONE":
+				this.logLevel = LOG_LEVEL.NONE;
+				break;
+			case "ERROR":
+				this.logLevel = LOG_LEVEL.ERROR;
+				break;
+			case "WARN":
+				this.logLevel = LOG_LEVEL.WARN;
+				break;
+			case "INFO":
+				this.logLevel = LOG_LEVEL.INFO;
+				break;
+			case "DEBUG":
+				this.logLevel = LOG_LEVEL.DEBUG;
+				break;
+			case "TRACE":
+				this.logLevel = LOG_LEVEL.TRACE;
+				break;
+		}
+		else this.logLevel = import.meta.env.DEV === true || import.meta.env.MODE === "development" || import.meta.env.VITE_APP_ENV === "local" || import.meta.env.VITE_APP_ENV === "dev" ? LOG_LEVEL.DEBUG : LOG_LEVEL.INFO;
+		console.log(`[Logger] Log level set to: ${this.logLevel.toUpperCase()}`);
+	}
+	/**
+	* Set the log level programmatically
+	*/
+	setLogLevel(level) {
+		this.logLevel = level;
+		console.log(`[Logger] Log level changed to: ${this.logLevel.toUpperCase()}`);
+	}
+	/**
+	* Get the current log level
+	*/
+	getLogLevel() {
+		return this.logLevel;
+	}
+	/**
+	* Determine if a message at the given level should be logged
+	* based on the current log level setting
+	*/
+	shouldLog(level) {
+		const levelPriority = {
+			[LOG_LEVEL.NONE]: 0,
+			[LOG_LEVEL.ERROR]: 1,
+			[LOG_LEVEL.WARN]: 2,
+			[LOG_LEVEL.INFO]: 3,
+			[LOG_LEVEL.DEBUG]: 4,
+			[LOG_LEVEL.TRACE]: 5
+		};
+		return levelPriority[this.logLevel] >= levelPriority[level];
+	}
+	/**
+	* Log a trace message (most verbose)
+	*/
+	trace(message, ...args) {
+		if (this.shouldLog(LOG_LEVEL.TRACE)) console.log(`[TRACE] ${message}`, ...args);
+	}
+	/**
+	* Log a debug message
+	*/
+	debug(message, ...args) {
+		if (this.shouldLog(LOG_LEVEL.DEBUG)) console.debug(`[DEBUG] ${message}`, ...args);
+	}
+	/**
+	* Log an info message
+	*/
+	info(message, ...args) {
+		if (this.shouldLog(LOG_LEVEL.INFO)) console.log(`[INFO] ${message}`, ...args);
+	}
+	/**
+	* Log a warning message
+	*/
+	warn(message, ...args) {
+		if (this.shouldLog(LOG_LEVEL.WARN)) console.warn(`[WARN] ${message}`, ...args);
+	}
+	/**
+	* Log an error message
+	*/
+	error(message, ...args) {
+		if (this.shouldLog(LOG_LEVEL.ERROR)) console.error(`[ERROR] ${message}`, ...args);
+	}
+};
+const logger = Logger.getInstance();
+/**
+* Conditionally log based on per-instance debug flag and global log level
+* - If debug === false: never log (explicitly disabled)
+* - If debug === true: always log (bypasses global log level)
+* - If debug === undefined: use global log level (default behavior)
+*/
+function logIfEnabled(level, message, debug, ...args) {
+	if (debug === false) return;
+	if (debug === true) {
+		const prefix = `[${level.toUpperCase()}]`;
+		if (level === "error") console.error(prefix, message, ...args);
+		else if (level === "warn") console.warn(prefix, message, ...args);
+		else console.log(prefix, message, ...args);
+		return;
+	}
+	if (level === "debug") logger.debug(message, ...args);
+	else if (level === "error") logger.error(message, ...args);
+	else if (level === "warn") logger.warn(message, ...args);
+	else logger.info(message, ...args);
+}
+
+//#endregion
+//#region src/composables/useUserSessionStore.ts
+/**
+* Generic user session store for Dragoncore applications.
+*
+* Responsibilities:
+* - Store and manage user session state (accessToken, userSession)
+* - Sync with localStorage
+* - Provide token refresh capability
+* - Provide token expiration checking
+*
+* Note: This store is intentionally NOT generic on TApi.
+* The refresh method uses createAppBatch which can be typed on a per-call basis.
+*/
+const useUserSessionStore = defineStore("userSession", () => {
+	const env = useEnv().restApiClient;
+	const userSession = ref(null);
+	const accessToken = ref(null);
+	const decodedToken = ref(null);
+	const isRefreshing = ref(false);
+	const debug = ref(false);
+	watchEffect(() => {
+		if (!env.authOptions.accessToken || !env.authOptions.userDetails) {
+			logIfEnabled("error", "[UserSessionStore] localStorage keys are undefined - check environment variables", debug.value);
+			return;
+		}
+		const storedAccessToken = localStorage.getItem(env.authOptions.accessToken);
+		if (storedAccessToken !== accessToken.value) {
+			accessToken.value = storedAccessToken;
+			try {
+				decodedToken.value = storedAccessToken ? jwtDecode(storedAccessToken) : null;
+			} catch (error) {
+				logIfEnabled("error", "[UserSessionStore] Failed to decode access token:", debug.value, error);
+				decodedToken.value = null;
+			}
+		}
+		const storedUserSession = localStorage.getItem(env.authOptions.userDetails);
+		if (storedUserSession) try {
+			const sessionData = jwtDecode(storedUserSession).details;
+			if (JSON.stringify(sessionData) !== JSON.stringify(userSession.value)) userSession.value = sessionData;
+		} catch (error) {
+			logIfEnabled("error", "[UserSessionStore] Failed to decode user session:", debug.value, error);
+			if (userSession.value !== null) userSession.value = null;
+		}
+		else if (userSession.value !== null) userSession.value = null;
+	});
+	const currentSession = computed(() => {
+		if (!userSession.value) return null;
+		return userSession.value;
+	});
+	const clientHeaders = computed(() => ({
+		"Content-Type": "application/json",
+		...accessToken.value ? { Authorization: `Bearer ${accessToken.value}` } : {}
+	}));
+	/**
+	* Refresh the access token using the refresh token (from HTTP-only cookie).
+	* This method uses createAppBatch directly to avoid circular dependencies.
+	*
+	* @returns true if refresh was successful, false otherwise
+	*/
+	async function refreshToken() {
+		try {
+			if (isRefreshing.value) {
+				logIfEnabled("debug", "[RefreshToken] Token refresh already in progress", debug.value);
+				return false;
+			}
+			isRefreshing.value = true;
+			logIfEnabled("debug", "[RefreshToken] Starting token refresh", debug.value);
+			if (userSession.value) {
+				if (isTokenExpired().refreshTokenExpired) {
+					logIfEnabled("warn", "[RefreshToken] Refresh token is already expired, cannot refresh", debug.value);
+					return false;
+				}
+			}
+			const tokens = await createAppBatch$1({ credentials: "include" }).userSessions.refreshToken();
+			if (!tokens || !tokens.access_token || !tokens.user_details_token) {
+				logIfEnabled("error", "[RefreshToken] Invalid response from refresh endpoint", debug.value);
+				return false;
+			}
+			setSession(tokens.user_details_token);
+			setAccessToken(tokens.access_token);
+			if (!(!!userSession.value && !!accessToken.value)) {
+				logIfEnabled("error", "[RefreshToken] Failed to update all session components", debug.value);
+				return false;
+			}
+			if (isTokenExpired().accessTokenExpired) {
+				logIfEnabled("error", "[RefreshToken] New access token is already expired!", debug.value);
+				return false;
+			}
+			logIfEnabled("debug", "[RefreshToken] Token refresh successful", debug.value);
+			return true;
+		} catch (refreshError) {
+			logIfEnabled("error", "[RefreshToken] Token refresh failed:", debug.value, refreshError);
+			return false;
+		} finally {
+			isRefreshing.value = false;
+		}
+	}
+	/**
+	* Check if tokens are expired
+	*/
+	function isTokenExpired() {
+		const now = Date.now() / 1e3;
+		return {
+			accessTokenExpired: decodedToken.value?.exp ? decodedToken.value.exp < now : true,
+			refreshTokenExpired: userSession.value?.expires_at ? new Date(userSession.value.expires_at).getTime() / 1e3 < now : true
+		};
+	}
+	/**
+	* Set the user session (stored in localStorage as JWT)
+	*/
+	function setSession(token) {
+		if (token) try {
+			userSession.value = jwtDecode(token).details;
+			localStorage.setItem(env.authOptions.userDetails, token);
+			logIfEnabled("debug", "[SetSession] User session set successfully", debug.value);
+		} catch (error) {
+			logger.error("[SetSession] Failed to decode user session token:", error);
+			userSession.value = null;
+			localStorage.removeItem(env.authOptions.userDetails);
+		}
+		else {
+			userSession.value = null;
+			localStorage.removeItem(env.authOptions.userDetails);
+			logIfEnabled("debug", "[SetSession] User session cleared", debug.value);
+		}
+	}
+	/**
+	* Set the access token (stored in localStorage as JWT string)
+	*/
+	function setAccessToken(token) {
+		if (token) try {
+			const decoded = jwtDecode(token);
+			accessToken.value = token;
+			decodedToken.value = decoded;
+			localStorage.setItem(env.authOptions.accessToken, token);
+			logIfEnabled("debug", "[SetAccessToken] Access token set successfully", debug.value);
+		} catch (error) {
+			logger.error("[SetAccessToken] Failed to decode access token:", error);
+			accessToken.value = null;
+			decodedToken.value = null;
+			localStorage.removeItem(env.authOptions.accessToken);
+			if (userSession.value) {
+				userSession.value = null;
+				localStorage.removeItem(env.authOptions.userDetails);
+			}
+		}
+		else {
+			accessToken.value = null;
+			decodedToken.value = null;
+			localStorage.removeItem(env.authOptions.accessToken);
+			logIfEnabled("debug", "[SetAccessToken] Access token cleared", debug.value);
+		}
+	}
+	/**
+	* Clear all session data
+	*/
+	function clearSession() {
+		setSession(null);
+		setAccessToken(null);
+	}
+	return {
+		userSession,
+		currentSession,
+		accessToken,
+		clientHeaders,
+		debug,
+		setSession,
+		setAccessToken,
+		clearSession,
+		refreshToken,
+		isTokenExpired
+	};
+});
+
+//#endregion
+//#region src/composables/useRpc.ts
+/**
+* Creates a fresh RPC batch session with authentication headers.
+* Each call creates a new session, which is the correct pattern for Cap'n Web RPC.
+*
+* This is the simple version - just creates a batch with auth headers.
+* For advanced features (token refresh, retry, tracked sessions), use executeWithAuth from useRpcAuth.
+*
+* @param options - Optional configuration for the RPC batch
+* @param options.credentials - Credentials mode for the request. Use 'include' for login/logout/refreshToken to allow cookies.
+*/
+function createAppBatch$1(options) {
+	const userStore = useUserSessionStore();
+	const env = useEnv();
+	const headers = {};
+	const accessToken = userStore.accessToken;
+	if (accessToken) headers["Authorization"] = `Bearer ${accessToken}`;
+	return newHttpBatchRpcSession(new Request(env.restApiClient.apiUrl + "/rpc", {
+		method: "POST",
+		headers,
+		credentials: options?.credentials ?? "omit"
+	}));
+}
+
+//#endregion
+//#region src/utils/EnhancedRefreshTokenHandler.ts
+var EnhancedRefreshTokenHandler = class {
+	refreshState = {
+		isRefreshing: false,
+		pendingPromise: null,
+		lastAttempt: 0,
+		failureCount: 0
+	};
+	async performRefreshWithStrategies() {
+		if (this.refreshState.isRefreshing && this.refreshState.pendingPromise) {
+			logger.debug("[EnhancedRefresh] Refresh already in progress, returning existing promise");
+			return this.refreshState.pendingPromise;
+		}
+		this.refreshState.isRefreshing = true;
+		this.refreshState.pendingPromise = this.executeRefreshStrategies();
+		try {
+			const tokens = await this.refreshState.pendingPromise;
+			this.refreshState.failureCount = 0;
+			logger.debug("[EnhancedRefresh] Refresh completed successfully");
+			return tokens;
+		} catch (error) {
+			this.refreshState.failureCount++;
+			logger.error("[EnhancedRefresh] All refresh strategies failed:", error);
+			throw error;
+		} finally {
+			this.refreshState.isRefreshing = false;
+			this.refreshState.pendingPromise = null;
+			this.refreshState.lastAttempt = Date.now();
+		}
+	}
+	async executeRefreshStrategies() {
+		const strategies = [
+			{
+				name: "Direct RefreshToken",
+				execute: () => this.directRefreshToken()
+			},
+			{
+				name: "Warmup + Retry RefreshToken",
+				execute: () => this.warmupAndRetryRefresh()
+			},
+			{
+				name: "Alternative Domain RefreshToken",
+				execute: () => this.alternativeDomainRefresh()
+			}
+		];
+		let lastError;
+		let partialSuccess = false;
+		for (const [index, strategy] of strategies.entries()) try {
+			logger.debug(`[EnhancedRefresh] Attempting strategy ${index + 1}: ${strategy.name}`);
+			const tokens = await strategy.execute();
+			logger.debug(`[EnhancedRefresh] Strategy ${index + 1} (${strategy.name}) succeeded`);
+			return tokens;
+		} catch (error) {
+			lastError = error;
+			logger.debug(`[EnhancedRefresh] Strategy ${index + 1} (${strategy.name}) failed:`, error);
+			const errorMessage = error instanceof Error ? error.message : String(error);
+			if (!errorMessage.includes("No refresh_token") && !errorMessage.includes("REFRESH_TOKEN_EXPIRED")) partialSuccess = true;
+			if (index < strategies.length - 1) {
+				const backoffDelay = 100 * (index + 1);
+				await this.delay(backoffDelay);
+			}
+		}
+		if (lastError && partialSuccess) {
+			const enhancedError = lastError;
+			enhancedError.partialSuccess = true;
+			enhancedError.isTemporaryFailure = true;
+		}
+		throw lastError;
+	}
+	async directRefreshToken() {
+		try {
+			const tokens = await createAppBatch$1({ credentials: "include" }).userSessions.refreshToken();
+			if (!tokens || !tokens.access_token || !tokens.user_details_token) throw new Error("No refresh_token in response");
+			return {
+				access_token: tokens.access_token,
+				user_details_token: tokens.user_details_token
+			};
+		} catch (error) {
+			logger.error("[EnhancedRefresh] Refresh token call failed:", {
+				error,
+				name: error?.name,
+				message: error?.message,
+				code: error?.code,
+				originalError: error?.originalError,
+				stack: error?.stack
+			});
+			if (error?.name === "InternalServerError" && error?.originalError) throw error.originalError;
+			throw error;
+		}
+	}
+	async warmupAndRetryRefresh() {
+		logger.debug("[EnhancedRefresh] Warming up cookie context");
+		await this.warmupCookieContext();
+		await this.delay(150);
+		return this.directRefreshToken();
+	}
+	async alternativeDomainRefresh() {
+		await this.warmupCookieContext();
+		await this.delay(300);
+		return this.directRefreshToken();
+	}
+	async warmupCookieContext() {
+		const warmupStrategies = [
+			() => fetch(window.location.origin + "/favicon.ico", {
+				method: "HEAD",
+				credentials: "include",
+				cache: "no-cache",
+				mode: "same-origin"
+			}),
+			() => {
+				const rpcEndpoint = useEnv().restApiClient.apiUrl + "/rpc";
+				return fetch(rpcEndpoint, {
+					method: "OPTIONS",
+					credentials: "include",
+					cache: "no-cache"
+				});
+			},
+			() => fetch(window.location.origin + "/", {
+				method: "HEAD",
+				credentials: "include",
+				cache: "no-cache",
+				mode: "same-origin"
+			})
+		];
+		try {
+			await Promise.race(warmupStrategies.map((strategy) => strategy().catch(() => {})));
+			logger.debug("[EnhancedRefresh] Cookie context warmed up");
+		} catch (error) {
+			logger.debug("[EnhancedRefresh] Cookie warmup failed, continuing:", error);
+		}
+	}
+	delay(ms) {
+		return new Promise((resolve) => setTimeout(resolve, ms));
+	}
+	shouldAttemptRefresh() {
+		return Date.now() - this.refreshState.lastAttempt > Math.min(5e3, 1e3 * Math.pow(2, this.refreshState.failureCount));
+	}
+	getRefreshState() {
+		return { ...this.refreshState };
+	}
+};
+/**
+* Create an instance of the refresh token handler for your API type.
+* Your API must extend AuthenticatableApi (must have userSessions.refreshToken method).
+*
+* @example
+* ```typescript
+* // In your app's setup/config
+* import type { AppApi } from '@follow-zap/shared';
+* import { createRefreshTokenHandler, setRefreshTokenHandler } from '@dragonmastery/dragoncore-vue';
+*
+* // Initialize during app setup
+* setRefreshTokenHandler(createRefreshTokenHandler<AppApi>());
+* ```
+*/
+function createRefreshTokenHandler() {
+	return new EnhancedRefreshTokenHandler();
+}
+/**
+* Global refresh token handler instance.
+* Set this once in your app's initialization.
+*/
+let globalRefreshTokenHandler = null;
+/**
+* Set the global refresh token handler for your application.
+* Call this once during app initialization.
+*/
+function setRefreshTokenHandler(handler) {
+	globalRefreshTokenHandler = handler;
+}
+/**
+* Get the global refresh token handler.
+* This is used internally by useQuery and useMutation.
+*
+* @throws Error if handler is not set
+*/
+function getRefreshTokenHandler() {
+	if (!globalRefreshTokenHandler) throw new Error("Refresh token handler not initialized. Call setRefreshTokenHandler() in your app initialization.");
+	return globalRefreshTokenHandler;
+}
+
+//#endregion
+//#region src/composables/useRpcAuth.ts
+/**
+* Auth error codes that should trigger token refresh
+*/
+const AUTH_ERROR_CODES = [
+	"ACCESS_TOKEN_EXPIRED",
+	"ACCESS_TOKEN_REVOKED",
+	"NO_ACCESS_TOKEN",
+	"NO_REFRESH_TOKEN"
+];
+const BATCH_MODE = {
+	batch: "batch",
+	tracked: "tracked"
+};
+/**
+* Check if an error is an auth error that should trigger refresh
+*/
+function isAuthError(error) {
+	if (!error) return false;
+	let actualError = error;
+	if (error.name === "InternalServerError" && error.originalError) actualError = error.originalError;
+	if (actualError.name === "AuthenticationError" || error.name === "AuthenticationError") return true;
+	if (actualError.code && AUTH_ERROR_CODES.includes(actualError.code)) return true;
+	if (error.code && AUTH_ERROR_CODES.includes(error.code)) return true;
+	const errorMessage = actualError.message || error.message || String(error);
+	if (AUTH_ERROR_CODES.some((code) => errorMessage.includes(code))) return true;
+	if (errorMessage.includes("Unauthorized") || errorMessage.includes("authentication") || errorMessage.includes("token")) return errorMessage.toLowerCase().includes("expired") || errorMessage.toLowerCase().includes("revoked") || errorMessage.toLowerCase().includes("invalid token") || errorMessage.toLowerCase().includes("no refresh token");
+	return false;
+}
+/**
+* Global router instance.
+* Set this once in your app's initialization.
+*/
+let globalRouter = null;
+/**
+* Set the global router instance for your application.
+* Call this once during app initialization.
+*/
+function setRouter(router) {
+	globalRouter = router;
+}
+/**
+* Get the global router instance.
+* This is used internally by executeWithAuth for navigation.
+*
+* @throws Error if router is not set
+*/
+function getRouter() {
+	if (!globalRouter) throw new Error("Router not initialized. Call setRouter() in your app initialization.");
+	return globalRouter;
+}
+/**
+* Check if token needs refresh before making a request
+*/
+function needsRefresh(userStore) {
+	if (!userStore.accessToken) return true;
+	const { accessTokenExpired, refreshTokenExpired } = userStore.isTokenExpired();
+	return accessTokenExpired || refreshTokenExpired;
+}
+/**
+* Attempt to refresh the token using the provided handler
+*/
+async function attemptRefresh(userStore, refreshTokenHandler) {
+	const router = getRouter();
+	try {
+		if (!userStore.currentSession && !userStore.accessToken) return false;
+		if (userStore.currentSession) {
+			const { refreshTokenExpired } = userStore.isTokenExpired();
+			if (refreshTokenExpired) {
+				await router.push("/auth/logout");
+				return false;
+			}
+		}
+		if (!refreshTokenHandler.shouldAttemptRefresh()) return false;
+		const tokens = await refreshTokenHandler.performRefreshWithStrategies();
+		userStore.setSession(tokens.user_details_token);
+		userStore.setAccessToken(tokens.access_token);
+		return true;
+	} catch (error) {
+		console.error("[RPC Auth] Refresh attempt failed:", {
+			error,
+			name: error?.name,
+			message: error?.message,
+			code: error?.code,
+			originalError: error?.originalError
+		});
+		const combinedMessage = `${((error?.originalError || error)?.message || error?.message || "").toUpperCase()} ${(error?.originalError?.message || "").toUpperCase()}`;
+		if (combinedMessage.includes("NO_REFRESH_TOKEN") || combinedMessage.includes("REFRESH_TOKEN_EXPIRED") || combinedMessage.includes("REFRESH_TOKEN_REVOKED") || combinedMessage.includes("INVALID REFRESH TOKEN") || combinedMessage.includes("NO REFRESH TOKEN FOUND")) await router.push("/auth/logout");
+		return false;
+	}
+}
+/**
+* Create a base RPC batch with current auth token
+*/
+function createAppBatch(options) {
+	const userStore = useUserSessionStore();
+	const env = useEnv();
+	const headers = {};
+	const accessToken = userStore.accessToken;
+	if (accessToken) headers["Authorization"] = `Bearer ${accessToken}`;
+	const request = new Request(env.restApiClient.apiUrl + "/rpc", {
+		method: "POST",
+		headers,
+		credentials: options?.credentials ?? "omit"
+	});
+	if (options?.mode === BATCH_MODE.batch && !options?.trackedSegment) return newHttpBatchRpcSession(request);
+	return createTrackedSession(request, options?.trackedSegment);
+}
+/**
+* Execute an RPC call with automatic auth handling
+* - Checks token expiration before call
+* - Handles auth errors and retries after refresh
+*
+* @param fn - Function that receives an RPC batch and returns a promise
+* @param options - Configuration options
+* @param options.refreshTokenHandler - Instance of refresh token handler for your API type
+*/
+async function executeWithAuth(fn, options) {
+	const userStore = useUserSessionStore();
+	const router = getRouter();
+	if (options?.skipAuthCheck) return await fn(createAppBatch(options));
+	if (needsRefresh(userStore)) {
+		if (!await attemptRefresh(userStore, options.refreshTokenHandler)) {
+			if (!userStore.accessToken) {
+				await router.push("/auth/logout");
+				throw new Error("Authentication required");
+			}
+		} else if (!userStore.accessToken) {
+			await router.push("/auth/logout");
+			throw new Error("Token refresh failed to set access token");
+		}
+	}
+	try {
+		if (!userStore.accessToken) {
+			await router.push("/auth/logout");
+			throw new Error("Authentication required");
+		}
+		return await fn(createAppBatch(options));
+	} catch (error) {
+		if (isAuthError(error)) {
+			if (await attemptRefresh(userStore, options.refreshTokenHandler)) return await fn(createAppBatch(options));
+			await router.push("/auth/logout");
+			throw error;
+		}
+		throw error;
+	}
+}
+/**
+* Create a tracked RPC session that appends method names to URL
+*/
+function createTrackedSession(request, trackedSegment) {
+	const baseUrl = request.url;
+	if (trackedSegment) return newHttpBatchRpcSession(new Request(`${baseUrl}/${trackedSegment}`, {
+		method: request.method,
+		headers: request.headers,
+		credentials: request.credentials
+	}));
+	function createProxy(path = []) {
+		return new Proxy(() => {}, {
+			get(_target, prop) {
+				if (typeof prop === "string") return createProxy([...path, prop]);
+			},
+			apply(_target, _thisArg, args) {
+				const fullPath = path.join(".");
+				let method = newHttpBatchRpcSession(new Request(`${baseUrl}/${fullPath}`, {
+					method: request.method,
+					headers: request.headers,
+					credentials: request.credentials
+				}));
+				for (const segment of path) method = method[segment];
+				return method(...args);
+			}
+		});
+	}
+	return createProxy();
+}
+
+//#endregion
+export { EnhancedRefreshTokenHandler as a, setRefreshTokenHandler as c, Logger as d, logIfEnabled as f, setRouter as i, useUserSessionStore as l, useEnv as m, createAppBatch as n, createRefreshTokenHandler as o, logger as p, executeWithAuth as r, getRefreshTokenHandler as s, BATCH_MODE as t, LOG_LEVEL as u };
+//# sourceMappingURL=useRpcAuth-BLlRSHy8.js.map