@fourt/sdk 1.1.7 → 1.2.1

package/dist/index.js

@@ -1,16 +1,15 @@
 // src/session/index.ts
 import { createStore } from "zustand";
-import { createJSONStorage, persist } from "zustand/middleware";
+import { persist, createJSONStorage } from "zustand/middleware";
 var SessionStore = class {
   _store;
-  /**
-   * Initializes a new instance of the `SessionStore` class by creating a new `zustand`store with the initial state.
-   */
   constructor() {
     this._store = createStore()(
       persist(this._getInitialState, {
-        name: "fourt.io-signer-session",
-        storage: createJSONStorage(() => localStorage)
+        name: "fourt-session",
+        storage: createJSONStorage(() => localStorage),
+        // keep only these keys in persisted storage
+        partialize: (state) => ({ bundle: state.bundle, type: state.type })
       })
     );
   }
@@ -46,6 +45,22 @@ var SessionStore = class {
   set token(token) {
     this._store.setState({ token });
   }
+  /**
+   * Gets the CSRF token from the session state.
+   *
+   * @returns {string | undefined} the CSRF token.
+   */
+  get csrfToken() {
+    return this._store.getState().csrfToken;
+  }
+  /**
+   * Sets the CSRF token in the session state.
+   *
+   * @param {string} csrfToken the CSRF token to set.
+   */
+  set csrfToken(csrfToken) {
+    this._store.setState({ csrfToken });
+  }
   /**
    * Gets the bundle from the session state.
    *
@@ -366,26 +381,29 @@ var UserModule = class {
     this._webSignerClient = _webSignerClient;
   }
   /**
-   * Gets the user information.
-   *
-   * @returns {User | undefined} user information.
+   * Retrieves information for the authenticated user.
+   * Assumes a user is already logged in, otherwise it will throw an error.
    */
-  get info() {
-    return this._webSignerClient.user;
+  async getInfo() {
+    return this._webSignerClient.getUser();
   }
-  /**  Gets the user token.
-   *
-   * @returns {string | undefined} user token.
+  /**
+   * Checks if a user is currently logged in to the fourt.io SDK.
    */
-  get token() {
+  async isLoggedIn() {
+    return this._webSignerClient.isLoggedIn();
+  }
+  /**
+   * Generates an access token with a lifespan of 15 minutes.
+   * Assumes a user is already logged in, otherwise it will throw an error.
+   */
+  async getToken() {
     return this._webSignerClient.getToken();
   }
   /**
    * Logs out the user.
-   *
-   * @returns {void}
    */
-  logout() {
+  async logout() {
     return this._webSignerClient.logout();
   }
 };
@@ -452,24 +470,29 @@ var UnauthenticatedError = class _UnauthenticatedError extends SDKError {
   }
 };
 
-// src/types/Routes.ts
+// src/types/routes.ts
 var ROUTE_METHOD_MAP = {
   "/v1/signup": "POST",
   "/v1/email-auth": "POST",
   "/v1/lookup": "POST",
   "/v1/signin": "POST",
   "/v1/sign": "POST",
-  "v1/oauth/init": "POST"
+  "/v1/oauth/init": "POST",
+  "/v1/refresh": "POST",
+  "/v1/csrf-token": "GET",
+  "/v1/logout": "POST",
+  "/v1/me": "GET"
 };
 
 // src/signer/index.ts
 import { jwtDecode } from "jwt-decode";
-import { isPast, secondsToMilliseconds } from "date-fns";
+import { differenceInMilliseconds, isBefore, subMinutes } from "date-fns";
 var SignerClient = class {
   _turnkeyClient;
   _configuration;
   _sessionStore;
-  _user;
+  _refreshPromise;
+  _refreshTimer;
   constructor({
     stamper,
     configuration: { apiUrl, paymasterRpcUrl, ...requiredConfiguration }
@@ -485,54 +508,97 @@ var SignerClient = class {
     };
     this._sessionStore = new SessionStore();
   }
-  logout() {
-    this._user = void 0;
-    this.sessionStore.clearAll();
-  }
   get configuration() {
     return this._configuration;
   }
-  get user() {
-    if (this._user) return this._user;
-    if (!this.sessionStore.token) {
-      this.sessionStore.clearAll();
-      return void 0;
-    }
-    const decodedToken = jwtDecode(this.sessionStore.token);
-    if (decodedToken.exp && isPast(new Date(secondsToMilliseconds(decodedToken.exp)))) {
-      this.sessionStore.clearAll();
-      return void 0;
+  async getUser() {
+    if (this._sessionStore.user) return this._sessionStore.user;
+    try {
+      const user = await this.request("/v1/me");
+      this._sessionStore.user = user;
+      return user;
+    } catch (error) {
+      if (error instanceof UnauthorizedError) {
+        try {
+          await this._refreshToken();
+          const user = await this.request("/v1/me");
+          this._sessionStore.user = user;
+          return user;
+        } catch (error2) {
+          throw error2;
+        }
+      }
+      throw error;
     }
-    if (this.sessionStore.user) this._user = this.sessionStore.user;
-    return this._user;
   }
-  set user(value) {
-    this._user = value;
+  async isLoggedIn() {
+    const token = this._sessionStore.token;
+    if (token && !this._isTokenExpired(token)) return true;
+    try {
+      await this._refreshToken();
+      return !!this._sessionStore.token;
+    } catch {
+      return false;
+    }
   }
-  set stamper(stamper) {
-    this._turnkeyClient.stamper = stamper;
+  async getToken() {
+    if (!this._sessionStore.token) {
+      try {
+        await this._refreshToken();
+      } catch {
+        throw new UnauthorizedError({
+          message: "No token found, user might not be logged in"
+        });
+      }
+    } else if (this._isTokenExpired(this._sessionStore.token)) {
+      try {
+        await this._refreshToken();
+      } catch {
+        throw new UnauthorizedError({
+          message: "Token expired and refresh failed"
+        });
+      }
+    }
+    const token = this._sessionStore.token;
+    if (!token) {
+      throw new UnauthorizedError({
+        message: "No token found, user might not be logged in"
+      });
+    }
+    return token;
   }
-  get stamper() {
-    return this._turnkeyClient.stamper;
+  _isTokenExpired(token) {
+    try {
+      const decoded = jwtDecode(token);
+      if (decoded.exp) {
+        return decoded.exp * 1e3 <= Date.now();
+      }
+      return true;
+    } catch {
+      return true;
+    }
   }
-  get sessionStore() {
-    return this._sessionStore;
+  async logout() {
+    if (this._refreshTimer) clearTimeout(this._refreshTimer);
+    this._refreshTimer = void 0;
+    await this.request("/v1/logout");
+    this._sessionStore.clearAll();
   }
   async signRawMessage(msg) {
-    if (!this._user) {
+    if (!this._sessionStore.token || !this._sessionStore.user) {
       throw new UnauthorizedError({
         message: "SignerClient must be authenticated to sign a message"
       });
     }
     const stampedRequest = await this._turnkeyClient.stampSignRawPayload({
-      organizationId: this._user.subOrgId,
+      organizationId: this._sessionStore.user.subOrgId,
       type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
       timestampMs: Date.now().toString(),
       parameters: {
         encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
         hashFunction: "HASH_FUNCTION_NO_OP",
         payload: msg,
-        signWith: this._user.walletAddress
+        signWith: this._sessionStore.user.walletAddress
       }
     });
     const { signature } = await this.request("/v1/sign", {
@@ -540,8 +606,11 @@ var SignerClient = class {
     });
     return signature;
   }
-  getToken() {
-    return this._sessionStore.token;
+  set stamper(stamper) {
+    this._turnkeyClient.stamper = stamper;
+  }
+  get stamper() {
+    return this._turnkeyClient.stamper;
   }
   async lookUpUser(email) {
     try {
@@ -561,12 +630,12 @@ var SignerClient = class {
     }
   }
   async whoAmI(subOrgId) {
-    const orgId = subOrgId || this._user?.subOrgId;
+    const orgId = subOrgId || this._sessionStore.user?.subOrgId;
     if (!orgId) throw new BadRequestError({ message: "No orgId provided" });
     const stampedRequest = await this._turnkeyClient.stampGetWhoami({
       organizationId: orgId
     });
-    const { user, token } = await this.request("/v1/signin", {
+    const { user, token, csrfToken } = await this.request("/v1/signin", {
       stampedRequest
     });
     const credentialId = (() => {
@@ -576,16 +645,18 @@ var SignerClient = class {
         return void 0;
       }
     })();
-    this._user = {
+    this._sessionStore.user = {
       ...user,
       credentialId
     };
-    this.sessionStore.user = this.user;
-    this.sessionStore.token = token;
+    this._sessionStore.token = token;
+    this._sessionStore.csrfToken = csrfToken;
+    this._scheduleRefresh(token);
   }
   async request(route, body) {
     const url = new URL(`${route}`, this._configuration.apiUrl);
-    const token = this.sessionStore.token;
+    const token = this._sessionStore.token;
+    const csrfToken = this._sessionStore.csrfToken;
     const headers = {
       "Content-Type": "application/json",
       "X-FOURT-KEY": this._configuration.apiKey
@@ -593,6 +664,9 @@ var SignerClient = class {
     if (token) {
       headers["Authorization"] = `Bearer ${token}`;
     }
+    if (csrfToken) {
+      headers["X-CSRF-Token"] = csrfToken;
+    }
     const response = await fetch(url, {
       method: ROUTE_METHOD_MAP[route],
       body: JSON.stringify(body),
@@ -603,7 +677,6 @@ var SignerClient = class {
     if (error) {
       switch (error.kind) {
         case "UnauthorizedError": {
-          this.logout();
           throw new UnauthorizedError({ message: error.message });
         }
         case "NotFoundError": {
@@ -619,6 +692,80 @@ var SignerClient = class {
     }
     return { ...data };
   }
+  _scheduleRefresh(token) {
+    try {
+      const decoded = jwtDecode(token);
+      if (!decoded.exp) return;
+      const expiryDate = new Date(decoded.exp * 1e3);
+      const refreshDate = subMinutes(expiryDate, 2);
+      const delay = isBefore(refreshDate, /* @__PURE__ */ new Date()) ? 0 : differenceInMilliseconds(refreshDate, /* @__PURE__ */ new Date());
+      if (this._refreshTimer) clearTimeout(this._refreshTimer);
+      this._refreshTimer = setTimeout(() => {
+        this._refreshTimer = void 0;
+        this._refreshToken();
+      }, delay);
+    } catch {
+    }
+  }
+  async _refreshToken() {
+    if (this._refreshPromise) return this._refreshPromise;
+    this._refreshPromise = (async () => {
+      const TIMEOUT_MS = 1e4;
+      const RETRY_DELAY_MS = 5e3;
+      try {
+        if (!this._sessionStore.csrfToken) {
+          const { csrfToken } = await this.request("/v1/csrf-token");
+          this._sessionStore.csrfToken = csrfToken;
+        }
+        const refreshPromise = this.request("/v1/refresh");
+        const data = await Promise.race([
+          refreshPromise,
+          new Promise(
+            (_, reject) => setTimeout(() => reject(new Error("Refresh timeout")), TIMEOUT_MS)
+          )
+        ]);
+        if (!data || !data.token) {
+          throw new UnauthorizedError({
+            message: "Refresh did not return a token"
+          });
+        }
+        this._sessionStore.token = data.token;
+        this._scheduleRefresh(data.token);
+      } catch (error) {
+        if (error instanceof UnauthorizedError) {
+          try {
+            this._sessionStore.clearAll();
+          } catch {
+          }
+          throw error;
+        }
+        if (this._refreshTimer) clearTimeout(this._refreshTimer);
+        const MAX_RETRIES = 5;
+        let retryCount = 0;
+        this._refreshTimer = setTimeout(() => {
+          this._refreshTimer = void 0;
+          void this._refreshToken().catch(() => {
+            retryCount++;
+            if (retryCount <= MAX_RETRIES) {
+              const nextDelay = Math.min(
+                RETRY_DELAY_MS * 2 ** (retryCount - 1),
+                6e4
+              );
+              this._refreshTimer = setTimeout(() => {
+                this._refreshTimer = void 0;
+                void this._refreshToken().catch(() => {
+                });
+              }, nextDelay);
+            }
+          });
+        }, RETRY_DELAY_MS);
+        throw error;
+      } finally {
+        this._refreshPromise = void 0;
+      }
+    })();
+    return this._refreshPromise;
+  }
 };
 
 // src/signer/web.ts
@@ -661,10 +808,6 @@ var WebSignerClient = class extends SignerClient {
     this.webauthnStamper = new WebauthnStamper({ rpId: webauthn.rpId });
     this.oauthConfiguration = oauth;
   }
-  async signRawMessage(msg) {
-    await this.updateStamper();
-    return super.signRawMessage(msg);
-  }
   async logout() {
     super.logout();
     this.iframeStamper.clear();
@@ -678,23 +821,20 @@ var WebSignerClient = class extends SignerClient {
     this.iframeStamper = stamper;
     await this._initIframeStamper();
   }
+  async signRawMessage(msg) {
+    await this._updateStamper();
+    return super.signRawMessage(msg);
+  }
   /**
-   * Checks for an existing session and if exists, updates the stamper accordingly.
+   * Get the pre-filled URL for initiating oauth with a specific provider.
    *
+   * @param {string} provider provider for which we are getting the URL, currently google or apple
    */
-  async updateStamper() {
-    if (this._sessionStore.type === void 0 && (this._sessionStore.bundle === void 0 || this._sessionStore.token === void 0))
-      return;
-    if (this._sessionStore.type === "passkeys" /* Passkeys */) {
-      this.stamper = this.webauthnStamper;
-    } else {
-      this.stamper = this.iframeStamper;
-      await this.completeAuthWithBundle({
-        bundle: this._sessionStore.bundle,
-        subOrgId: this.user?.subOrgId,
-        sessionType: this._sessionStore.type
-      });
-    }
+  async getOAuthInitUrl(provider) {
+    const { url } = await this.request("/v1/oauth/init", {
+      provider
+    });
+    return url;
   }
   /**
    * Signs in a user with webauthn.
@@ -709,12 +849,12 @@ var WebSignerClient = class extends SignerClient {
       this.stamper = this.webauthnStamper;
       await this.whoAmI(existingUserSubOrgId);
       this._sessionStore.type = "passkeys" /* Passkeys */;
-      if (!this.user || !this.user.credentialId) {
+      if (!this._sessionStore.user || !this._sessionStore.user.credentialId) {
         return;
       }
       this.webauthnStamper.allowCredentials = [
         {
-          id: LibBase64.toBuffer(this.user.credentialId),
+          id: LibBase64.toBuffer(this._sessionStore.user.credentialId),
           type: "public-key",
           transports: ["internal", "usb"]
         }
@@ -737,23 +877,6 @@ var WebSignerClient = class extends SignerClient {
   async getIframePublicKey() {
     return await this._initIframeStamper();
   }
-  /**
-   * Signs in a user with email.
-   *
-   * @param {EmailInitializeAuthParams} params params for the sign in
-   */
-  async _signInWithEmail({
-    email,
-    expirationSeconds,
-    redirectUrl
-  }) {
-    return this.request("/v1/email-auth", {
-      email,
-      targetPublicKey: await this.getIframePublicKey(),
-      expirationSeconds,
-      redirectUrl: redirectUrl.toString()
-    });
-  }
   /**
    * Completes the authentication process with a credential bundle.
    *
@@ -773,6 +896,40 @@ var WebSignerClient = class extends SignerClient {
     this._sessionStore.type = sessionType;
     this._sessionStore.bundle = bundle;
   }
+  /**
+   * Checks for an existing session and if exists, updates the stamper accordingly.
+   */
+  async _updateStamper() {
+    if (this._sessionStore.type === void 0 && (this._sessionStore.bundle === void 0 || this._sessionStore.token === void 0))
+      return;
+    if (this._sessionStore.type === "passkeys" /* Passkeys */) {
+      this.stamper = this.webauthnStamper;
+    } else {
+      this.stamper = this.iframeStamper;
+      await this.completeAuthWithBundle({
+        bundle: this._sessionStore.bundle,
+        subOrgId: this._sessionStore.user?.subOrgId,
+        sessionType: this._sessionStore.type
+      });
+    }
+  }
+  /**
+   * Signs in a user with email.
+   *
+   * @param {EmailInitializeAuthParams} params params for the sign in
+   */
+  async _signInWithEmail({
+    email,
+    expirationSeconds,
+    redirectUrl
+  }) {
+    return this.request("/v1/email-auth", {
+      email,
+      targetPublicKey: await this.getIframePublicKey(),
+      expirationSeconds,
+      redirectUrl: redirectUrl.toString()
+    });
+  }
   /**
    * Creates a passkey account using the webauthn stamper.
    *
@@ -782,28 +939,21 @@ var WebSignerClient = class extends SignerClient {
     const { challenge, attestation } = await this._webauthnGenerateAttestation(
       params.email
     );
-    const {
-      token,
-      user: { id, email, subOrgId, walletAddress, salt, smartAccountAddress }
-    } = await this.request("/v1/signup", {
+    const { user, token, csrfToken } = await this.request("/v1/signup", {
       passkey: {
         challenge: LibBase64.fromBuffer(challenge),
         attestation
       },
       email: params.email
     });
-    this.user = {
-      id,
-      email,
-      subOrgId,
-      walletAddress,
-      salt,
-      smartAccountAddress,
+    this._sessionStore.user = {
+      ...user,
       credentialId: attestation.credentialId
     };
-    this._sessionStore.user = this.user;
     this._sessionStore.type = "passkeys" /* Passkeys */;
     this._sessionStore.token = token;
+    this._sessionStore.csrfToken = csrfToken;
+    this._scheduleRefresh(token);
   }
   /**
    * Creates an email account using the iframe stamper.
@@ -880,17 +1030,6 @@ var WebSignerClient = class extends SignerClient {
     this.stamper = this.iframeStamper;
     return this.iframeStamper.publicKey();
   }
-  /**
-   * Get the pre-filled URL for initiating oauth with a specific provider.
-   *
-   * @param {string} provider provider for which we are getting the URL, currently google or apple
-   */
-  async getOAuthInitUrl(provider) {
-    const { url } = await this.request("v1/oauth/init", {
-      provider
-    });
-    return url;
-  }
 };
 
 // src/third-party/viem.ts
@@ -913,13 +1052,13 @@ var ViemModule = class {
     this._signerClient = _signerClient;
   }
   async toLocalAccount() {
-    const user = this._signerClient.user;
+    const user = await this._signerClient.getUser();
     if (!user) {
       throw new UnauthenticatedError({ message: "Signer not authenticated" });
     }
     return toAccount({
       address: user.walletAddress,
-      signMessage: (msg) => this.signMessage(msg.message),
+      signMessage: ({ message }) => this.signMessage(message),
       signTypedData: (typedDataDefinition) => this.signTypedData(typedDataDefinition),
       signTransaction: this.signTransaction
     });
@@ -928,7 +1067,7 @@ var ViemModule = class {
     client,
     owner
   }) {
-    const user = this._signerClient.user;
+    const user = await this._signerClient.getUser();
     if (!user) {
       throw new UnauthenticatedError({ message: "Signer not authenticated" });
     }
@@ -964,7 +1103,7 @@ var ViemModule = class {
   }
   async signTransaction(transaction, options) {
     const serializeFn = options?.serializer ?? serializeTransaction;
-    const serializedTx = serializeFn(transaction);
+    const serializedTx = await serializeFn(transaction);
     const signatureHex = await this._signerClient.signRawMessage(
       keccak256(serializedTx)
     );