@fluid-app/rep-sdk 0.1.3 → 0.1.5

package/dist/{chunk-V3IMQZIG.cjs → chunk-W37C774B.cjs}

@@ -6,7 +6,7 @@ var app = require('@fluid-app/fluid-messaging-ui/app');
 var fluidMessagingUi = require('@fluid-app/fluid-messaging-ui');
 var fluidMessagingApiClient = require('@fluid-app/fluid-messaging-api-client');
 var reactQuery = require('@tanstack/react-query');
-var jose = require('jose');
+var auth = require('@fluid-app/auth');
 var jsxRuntime = require('react/jsx-runtime');
 var theme_star = require('@fluid-app/rep-core/theme');
 var registryContext = require('@fluid-app/rep-core/data-sources/registry-context');
@@ -35,393 +35,6 @@ function _interopNamespace(e) {
 
 var theme_star__namespace = /*#__PURE__*/_interopNamespace(theme_star);
 
-// src/auth/constants.ts
-var AUTH_CONSTANTS = {
-  /**
-   * Grace period in milliseconds to account for clock skew
-   * when checking token expiration. Tokens are considered valid
-   * if they expire within this period.
-   */
-  TOKEN_GRACE_PERIOD_MS: 30 * 1e3,
-  // 30 seconds
-  /**
-   * Default cookie max age in seconds (9 days).
-   * This matches the typical JWT token lifetime from the Fluid API.
-   */
-  COOKIE_MAX_AGE: 9 * 24 * 60 * 60
-  // 9 days = 777600 seconds
-};
-var STORAGE_KEYS = {
-  /** localStorage key for user token */
-  USER_TOKEN: "fluidUserToken",
-  /** localStorage key for company token (legacy) */
-  COMPANY_TOKEN: "fluidCompanyToken",
-  /** Cookie name for auth token */
-  AUTH_COOKIE: "auth_token"
-};
-var URL_PARAMS = {
-  /** URL parameter name for user token */
-  USER_TOKEN: "fluidUserToken",
-  /** URL parameter name for company token (legacy) */
-  COMPANY_TOKEN: "fluidCompanyToken"
-};
-
-// src/auth/browser-utils.ts
-function isBrowser() {
-  return typeof window !== "undefined" && typeof document !== "undefined";
-}
-
-// src/auth/url-token.ts
-function extractTokenFromUrl(tokenKey = URL_PARAMS.USER_TOKEN) {
-  if (!isBrowser()) {
-    return null;
-  }
-  try {
-    const searchParams = new URLSearchParams(window.location.search);
-    return searchParams.get(tokenKey);
-  } catch {
-    return null;
-  }
-}
-function extractCompanyTokenFromUrl(tokenKey = URL_PARAMS.COMPANY_TOKEN) {
-  if (!isBrowser()) {
-    return null;
-  }
-  try {
-    const searchParams = new URLSearchParams(window.location.search);
-    return searchParams.get(tokenKey);
-  } catch {
-    return null;
-  }
-}
-function cleanTokenFromUrl(tokenKey = URL_PARAMS.USER_TOKEN) {
-  if (!isBrowser()) {
-    return;
-  }
-  try {
-    const url = new URL(window.location.href);
-    const hadToken = url.searchParams.has(tokenKey);
-    const hadCompanyToken = url.searchParams.has(URL_PARAMS.COMPANY_TOKEN);
-    url.searchParams.delete(tokenKey);
-    url.searchParams.delete(URL_PARAMS.COMPANY_TOKEN);
-    if (hadToken || hadCompanyToken) {
-      window.history.replaceState(
-        window.history.state,
-        document.title,
-        url.toString()
-      );
-    }
-  } catch (error) {
-    console.warn("[FluidAuth] Failed to clean token from URL:", error);
-  }
-}
-function hasTokenInUrl(tokenKey = URL_PARAMS.USER_TOKEN) {
-  if (!isBrowser()) {
-    return false;
-  }
-  try {
-    const searchParams = new URLSearchParams(window.location.search);
-    return searchParams.has(tokenKey);
-  } catch {
-    return false;
-  }
-}
-function extractAllTokensFromUrl(userTokenKey = URL_PARAMS.USER_TOKEN, companyTokenKey = URL_PARAMS.COMPANY_TOKEN) {
-  if (!isBrowser()) {
-    return { userToken: null, companyToken: null };
-  }
-  try {
-    const searchParams = new URLSearchParams(window.location.search);
-    return {
-      userToken: searchParams.get(userTokenKey),
-      companyToken: searchParams.get(companyTokenKey)
-    };
-  } catch {
-    return { userToken: null, companyToken: null };
-  }
-}
-
-// src/auth/token-storage.ts
-function parseCookies() {
-  if (!isBrowser()) {
-    return {};
-  }
-  const cookies = {};
-  const cookieString = document.cookie;
-  if (!cookieString) {
-    return cookies;
-  }
-  cookieString.split(";").forEach((cookie) => {
-    const [name, ...valueParts] = cookie.trim().split("=");
-    if (name) {
-      cookies[name] = decodeURIComponent(valueParts.join("="));
-    }
-  });
-  return cookies;
-}
-function setCookie(name, value, options = {}) {
-  if (!isBrowser()) {
-    return;
-  }
-  const {
-    maxAge = AUTH_CONSTANTS.COOKIE_MAX_AGE,
-    path = "/",
-    sameSite = "lax",
-    secure = window.location.protocol === "https:"
-  } = options;
-  let cookieString = `${name}=${encodeURIComponent(value)}`;
-  cookieString += `; path=${path}`;
-  cookieString += `; max-age=${maxAge}`;
-  cookieString += `; samesite=${sameSite}`;
-  if (secure) {
-    cookieString += "; secure";
-  }
-  document.cookie = cookieString;
-}
-function deleteCookie(name, path = "/") {
-  if (!isBrowser()) {
-    return;
-  }
-  document.cookie = `${name}=; path=${path}; max-age=0`;
-}
-function getStoredToken(config) {
-  if (!isBrowser()) {
-    return null;
-  }
-  const cookieKey = config?.cookieKey ?? STORAGE_KEYS.AUTH_COOKIE;
-  const localStorageKey = STORAGE_KEYS.USER_TOKEN;
-  const cookies = parseCookies();
-  const cookieToken = cookies[cookieKey];
-  if (cookieToken) {
-    return cookieToken;
-  }
-  try {
-    return localStorage.getItem(localStorageKey);
-  } catch {
-    return null;
-  }
-}
-function storeToken(token, config) {
-  if (!isBrowser()) {
-    return;
-  }
-  const cookieKey = config?.cookieKey ?? STORAGE_KEYS.AUTH_COOKIE;
-  const maxAge = config?.cookieMaxAge ?? AUTH_CONSTANTS.COOKIE_MAX_AGE;
-  try {
-    const inIframe = window.self !== window.top;
-    const sameSite = inIframe ? "none" : "lax";
-    setCookie(cookieKey, token, {
-      maxAge,
-      path: "/",
-      sameSite,
-      // SameSite=None requires Secure per RFC 6265bis; browsers silently
-      // reject the cookie otherwise (e.g. HTTP localhost in an iframe).
-      secure: sameSite === "none" || window.location.protocol === "https:"
-    });
-  } catch (error) {
-    console.warn("[FluidAuth] Failed to store token in cookie:", error);
-  }
-  try {
-    localStorage.setItem(STORAGE_KEYS.USER_TOKEN, token);
-  } catch (error) {
-    console.warn("[FluidAuth] Failed to store token in localStorage:", error);
-  }
-}
-function clearTokens(config) {
-  if (!isBrowser()) {
-    return;
-  }
-  const cookieKey = config?.cookieKey ?? STORAGE_KEYS.AUTH_COOKIE;
-  try {
-    deleteCookie(cookieKey);
-  } catch {
-  }
-  try {
-    localStorage.removeItem(STORAGE_KEYS.USER_TOKEN);
-    localStorage.removeItem(STORAGE_KEYS.COMPANY_TOKEN);
-  } catch {
-  }
-}
-function hasStoredToken(config) {
-  return getStoredToken(config) !== null;
-}
-
-// src/auth/types.ts
-var USER_TYPES = {
-  admin: "admin",
-  rep: "rep",
-  root_admin: "root_admin",
-  customer: "customer"
-};
-function isUserType(value) {
-  return Object.values(USER_TYPES).includes(value);
-}
-
-// src/auth/token-utils.ts
-function extractPayloadFromJose(decoded) {
-  const rawUserType = decoded.user_type;
-  const rawOgUserType = decoded.og_user_type;
-  return {
-    id: typeof decoded.id === "number" ? decoded.id : void 0,
-    email: typeof decoded.email === "string" ? decoded.email : void 0,
-    full_name: typeof decoded.full_name === "string" ? decoded.full_name : void 0,
-    user_type: typeof rawUserType === "string" && isUserType(rawUserType) ? rawUserType : "rep",
-    og_user_type: typeof rawOgUserType === "string" && isUserType(rawOgUserType) ? rawOgUserType : void 0,
-    company_id: typeof decoded.company_id === "number" ? decoded.company_id : void 0,
-    exp: decoded.exp,
-    auth_type: typeof decoded.auth_type === "string" ? decoded.auth_type : void 0
-  };
-}
-function decodeToken(token) {
-  try {
-    const decoded = jose.decodeJwt(token);
-    return extractPayloadFromJose(decoded);
-  } catch (error) {
-    console.error("[FluidAuth] Failed to decode JWT token:", error);
-    return null;
-  }
-}
-function isTokenExpired(token, gracePeriodMs = AUTH_CONSTANTS.TOKEN_GRACE_PERIOD_MS) {
-  try {
-    const decoded = jose.decodeJwt(token);
-    if (!decoded.exp) {
-      return false;
-    }
-    const expirationTime = decoded.exp * 1e3;
-    const currentTime = Date.now();
-    return currentTime > expirationTime + gracePeriodMs;
-  } catch {
-    return true;
-  }
-}
-function validateToken(token, gracePeriodMs = AUTH_CONSTANTS.TOKEN_GRACE_PERIOD_MS) {
-  if (!token || token.trim() === "") {
-    return {
-      isValid: false,
-      error: "Token is empty or not provided"
-    };
-  }
-  const payload = decodeToken(token);
-  if (!payload) {
-    return {
-      isValid: false,
-      error: "Token has invalid format"
-    };
-  }
-  if (isTokenExpired(token, gracePeriodMs)) {
-    return {
-      isValid: false,
-      payload,
-      error: "Token has expired"
-    };
-  }
-  return {
-    isValid: true,
-    payload
-  };
-}
-function isValidToken(result) {
-  return result.isValid === true;
-}
-function getTokenExpiration(token) {
-  try {
-    const decoded = jose.decodeJwt(token);
-    if (!decoded.exp) {
-      return null;
-    }
-    return new Date(decoded.exp * 1e3);
-  } catch {
-    return null;
-  }
-}
-function getTokenTimeRemaining(token) {
-  try {
-    const decoded = jose.decodeJwt(token);
-    if (!decoded.exp) {
-      return Infinity;
-    }
-    const expirationTime = decoded.exp * 1e3;
-    const remaining = expirationTime - Date.now();
-    return Math.max(0, remaining);
-  } catch {
-    return 0;
-  }
-}
-async function verifyToken(token, jwksUrl) {
-  try {
-    const JWKS = jose.createRemoteJWKSet(new URL(jwksUrl));
-    const { payload } = await jose.jwtVerify(token, JWKS);
-    const decoded = payload;
-    return extractPayloadFromJose(decoded);
-  } catch (error) {
-    console.error("[FluidAuth] JWT signature verification failed:", error);
-    return null;
-  }
-}
-
-// src/auth/dev-utils.ts
-function isDevBypassActive(devBypass) {
-  if (!devBypass) return false;
-  try {
-    return undefined.DEV === true;
-  } catch {
-    return false;
-  }
-}
-function createDevUser() {
-  return {
-    id: 99999,
-    // Dev placeholder — avoids falsy 0
-    email: "dev@localhost",
-    full_name: "Dev User",
-    user_type: USER_TYPES.rep,
-    og_user_type: void 0,
-    company_id: 99999,
-    // Dev placeholder — avoids falsy 0
-    exp: void 0,
-    // Never expires
-    auth_type: "dev_bypass"
-  };
-}
-
-// src/auth/auth-redirect.ts
-var DEFAULT_AUTH_URL = "https://auth.fluid.app";
-var AUTH_REDIRECT_TOKEN_KEY = "jwt";
-var REDIRECT_TIMESTAMP_KEY = "__fluid_auth_redirect_ts";
-var REDIRECT_COOLDOWN_S = 10;
-function isRedirectLoop() {
-  try {
-    const ts = sessionStorage.getItem(REDIRECT_TIMESTAMP_KEY);
-    if (!ts) return false;
-    const elapsed = (Date.now() - Number(ts)) / 1e3;
-    return elapsed < REDIRECT_COOLDOWN_S;
-  } catch {
-    return false;
-  }
-}
-function markRedirect() {
-  try {
-    sessionStorage.setItem(REDIRECT_TIMESTAMP_KEY, String(Date.now()));
-  } catch {
-  }
-}
-function createDefaultAuthRedirect(authUrl) {
-  return () => {
-    if (isRedirectLoop()) {
-      console.warn(
-        "[FluidAuth] Auth redirect suppressed \u2014 possible redirect loop. Check that your auth server returns a token accepted by the API."
-      );
-      return;
-    }
-    markRedirect();
-    const base = authUrl ?? DEFAULT_AUTH_URL;
-    const currentUrl = encodeURIComponent(window.location.href);
-    window.location.href = `${base}/?redirect_url=${currentUrl}`;
-  };
-}
-function resolveAuthFailureHandler(onAuthFailure, authUrl) {
-  return onAuthFailure ?? createDefaultAuthRedirect(authUrl);
-}
 var FluidAuthContext = react.createContext(null);
 function FluidAuthProvider({
   children,
@@ -437,19 +50,19 @@ function FluidAuthProvider({
     const initializeAuth = async () => {
       const handleAuthFailure = () => {
         const current = configRef.current;
-        const handler = resolveAuthFailureHandler(
+        const handler = auth.resolveAuthFailureHandler(
           current?.onAuthFailure,
           current?.authUrl
         );
         handler();
       };
       try {
-        if (isDevBypassActive(config?.devBypass)) {
+        if (auth.isDevBypassActive(config?.devBypass)) {
           const envToken = undefined.VITE_DEV_TOKEN;
           if (envToken) {
-            const validation = validateToken(envToken, config?.gracePeriodMs);
+            const validation = auth.validateToken(envToken, config?.gracePeriodMs);
             if (validation.isValid && validation.payload) {
-              storeToken(envToken, config);
+              auth.storeToken(envToken, config);
               setToken(envToken);
               setUser(validation.payload);
               setError(null);
@@ -462,36 +75,36 @@ function FluidAuthProvider({
           console.warn(
             "[FluidAuth] Dev bypass active - using mock user. API calls will fail without a real token."
           );
-          const devUser = createDevUser();
+          const devUser = auth.createDevUser();
           setToken(null);
           setUser(devUser);
           setError(null);
           return;
         }
         const tokenKey = config?.tokenKey ?? "fluidUserToken";
-        let candidateToken = extractTokenFromUrl(tokenKey);
-        if (!candidateToken && tokenKey !== AUTH_REDIRECT_TOKEN_KEY) {
-          candidateToken = extractTokenFromUrl(AUTH_REDIRECT_TOKEN_KEY);
+        let candidateToken = auth.extractTokenFromUrl(tokenKey);
+        if (!candidateToken && tokenKey !== auth.AUTH_REDIRECT_TOKEN_KEY) {
+          candidateToken = auth.extractTokenFromUrl(auth.AUTH_REDIRECT_TOKEN_KEY);
         }
-        cleanTokenFromUrl(tokenKey);
-        cleanTokenFromUrl(AUTH_REDIRECT_TOKEN_KEY);
+        auth.cleanTokenFromUrl(tokenKey);
+        auth.cleanTokenFromUrl(auth.AUTH_REDIRECT_TOKEN_KEY);
         if (!candidateToken) {
-          candidateToken = getStoredToken(config);
+          candidateToken = auth.getStoredToken(config);
         }
         if (candidateToken) {
           let payload = null;
           if (config?.jwksUrl) {
-            payload = await verifyToken(candidateToken, config.jwksUrl);
+            payload = await auth.verifyToken(candidateToken, config.jwksUrl);
             if (!payload) {
-              clearTokens(config);
+              auth.clearTokens(config);
               setToken(null);
               setUser(null);
               setError(new Error("JWT signature verification failed"));
               handleAuthFailure();
               return;
             }
-            if (isTokenExpired(candidateToken, config?.gracePeriodMs)) {
-              clearTokens(config);
+            if (auth.isTokenExpired(candidateToken, config?.gracePeriodMs)) {
+              auth.clearTokens(config);
               setToken(null);
               setUser(null);
               setError(new Error("Token has expired"));
@@ -499,14 +112,14 @@ function FluidAuthProvider({
               return;
             }
           } else {
-            const validation = validateToken(
+            const validation = auth.validateToken(
               candidateToken,
               config?.gracePeriodMs
             );
             if (validation.isValid && validation.payload) {
               payload = validation.payload;
             } else {
-              clearTokens(config);
+              auth.clearTokens(config);
               setToken(null);
               setUser(null);
               setError(new Error(validation.error ?? "Invalid token"));
@@ -514,7 +127,7 @@ function FluidAuthProvider({
               return;
             }
           }
-          storeToken(candidateToken, config);
+          auth.storeToken(candidateToken, config);
           setToken(candidateToken);
           setUser(payload);
           setError(null);
@@ -537,7 +150,7 @@ function FluidAuthProvider({
     void initializeAuth();
   }, []);
   const clearAuth = react.useCallback(() => {
-    clearTokens(configRef.current);
+    auth.clearTokens(configRef.current);
     setToken(null);
     setUser(null);
     setError(null);
@@ -1046,6 +659,10 @@ function transformManifestToRepAppData(response) {
     toNavigationItem
   );
   const nav = rawProfile?.navigation;
+  const mobileNav = rawProfile?.mobile_navigation;
+  const mobileNavigationItems = (mobileNav?.navigation_items ?? []).map(
+    toNavigationItem
+  );
   const activeThemeId = theme_star.getActiveThemeId(rawThemes);
   return {
     definition_id: manifest.definition_id,
@@ -1063,7 +680,16 @@ function transformManifestToRepAppData(response) {
         name: nav?.name ?? "Main Navigation",
         navigation_items: navigationItems,
         screens
-      }
+      },
+      ...mobileNav ? {
+        mobile_navigation: {
+          definition_id: mobileNav.definition_id ?? manifest.definition_id,
+          id: mobileNav.id ?? 0,
+          name: mobileNav.name ?? "Mobile Navigation",
+          navigation_items: mobileNavigationItems,
+          screens
+        }
+      } : {}
     }
   };
 }
@@ -1111,7 +737,7 @@ function extractErrorMessage(data, fallback) {
 }
 function createFluidClient(config) {
   const { baseUrl, getAuthToken, onAuthError, defaultHeaders = {} } = config;
-  const effectiveOnAuthError = onAuthError ?? createDefaultAuthRedirect();
+  const effectiveOnAuthError = onAuthError ?? auth.createDefaultAuthRedirect();
   const fetchClient = createFetchClient({
     baseUrl,
     ...getAuthToken ? { getAuthToken } : {},
@@ -1883,6 +1509,14 @@ var messagingScreenPropertySchema = {
   fields: []
 };
 
+Object.defineProperty(exports, "DEFAULT_AUTH_URL", {
+  enumerable: true,
+  get: function () { return auth.DEFAULT_AUTH_URL; }
+});
+Object.defineProperty(exports, "createDefaultAuthRedirect", {
+  enumerable: true,
+  get: function () { return auth.createDefaultAuthRedirect; }
+});
 Object.defineProperty(exports, "buildThemeDefinition", {
   enumerable: true,
   get: function () { return theme_star.buildThemeDefinition; }
@@ -1895,38 +1529,17 @@ Object.defineProperty(exports, "transformThemes", {
   enumerable: true,
   get: function () { return theme_star.transformThemes; }
 });
-exports.AUTH_CONSTANTS = AUTH_CONSTANTS;
 exports.ApiError = ApiError2;
-exports.DEFAULT_AUTH_URL = DEFAULT_AUTH_URL;
 exports.DEFAULT_SDK_WIDGET_REGISTRY = DEFAULT_SDK_WIDGET_REGISTRY;
 exports.FluidAuthProvider = FluidAuthProvider;
 exports.FluidProvider = FluidProvider;
 exports.FluidThemeProvider = FluidThemeProvider;
 exports.MessagingScreen = MessagingScreen;
-exports.STORAGE_KEYS = STORAGE_KEYS;
-exports.URL_PARAMS = URL_PARAMS;
-exports.USER_TYPES = USER_TYPES;
-exports.cleanTokenFromUrl = cleanTokenFromUrl;
-exports.clearTokens = clearTokens;
-exports.createDefaultAuthRedirect = createDefaultAuthRedirect;
 exports.createFluidClient = createFluidClient;
 exports.createFluidFileUploader = createFluidFileUploader;
-exports.decodeToken = decodeToken;
-exports.extractAllTokensFromUrl = extractAllTokensFromUrl;
-exports.extractCompanyTokenFromUrl = extractCompanyTokenFromUrl;
-exports.extractTokenFromUrl = extractTokenFromUrl;
-exports.getStoredToken = getStoredToken;
-exports.getTokenExpiration = getTokenExpiration;
-exports.getTokenTimeRemaining = getTokenTimeRemaining;
-exports.hasStoredToken = hasStoredToken;
-exports.hasTokenInUrl = hasTokenInUrl;
 exports.isApiError = isApiError2;
-exports.isTokenExpired = isTokenExpired;
-exports.isUserType = isUserType;
-exports.isValidToken = isValidToken;
 exports.messagingScreenPropertySchema = messagingScreenPropertySchema;
 exports.normalizeComponentTree = normalizeComponentTree;
-exports.storeToken = storeToken;
 exports.themes_exports = themes_exports;
 exports.toNavigationItem = toNavigationItem;
 exports.toScreenDefinition = toScreenDefinition;
@@ -1937,6 +1550,5 @@ exports.useFluidContext = useFluidContext;
 exports.useMessagingAuth = useMessagingAuth;
 exports.useMessagingConfig = useMessagingConfig;
 exports.useThemeContext = useThemeContext;
-exports.validateToken = validateToken;
-//# sourceMappingURL=chunk-V3IMQZIG.cjs.map
-//# sourceMappingURL=chunk-V3IMQZIG.cjs.map
+//# sourceMappingURL=chunk-W37C774B.cjs.map
+//# sourceMappingURL=chunk-W37C774B.cjs.map