@insforge/react 0.7.0 → 0.7.2

package/dist/index.d.cts

@@ -34,6 +34,13 @@ interface InsforgeProviderProps {
      * @internal - Not intended for public use, used by Next.js package
      */
     initialState?: InitialAuthState;
+    /**
+     * Internal use only - enables hosted auth mode for centralized auth pages.
+     * When true, disables automatic redirects to prevent security issues.
+     * @internal - Never set to true in user applications
+     * @default false
+     */
+    hostedMode?: boolean;
 }
 /**
  * Unified Insforge Provider - manages authentication state and configuration
@@ -73,7 +80,7 @@ interface InsforgeProviderProps {
  * </InsforgeProvider>
  * ```
  */
-declare function InsforgeProviderCore({ children, baseUrl, afterSignInUrl, onAuthChange, onSignIn, onSignOut, initialState, }: InsforgeProviderProps): react_jsx_runtime.JSX.Element;
+declare function InsforgeProviderCore({ children, baseUrl, afterSignInUrl, onAuthChange, onSignIn, onSignOut, initialState, hostedMode, }: InsforgeProviderProps): react_jsx_runtime.JSX.Element;
 declare function InsforgeProvider(props: InsforgeProviderProps): react_jsx_runtime.JSX.Element;
 /**
  * Hook to access Insforge context

package/dist/index.d.ts

@@ -34,6 +34,13 @@ interface InsforgeProviderProps {
      * @internal - Not intended for public use, used by Next.js package
      */
     initialState?: InitialAuthState;
+    /**
+     * Internal use only - enables hosted auth mode for centralized auth pages.
+     * When true, disables automatic redirects to prevent security issues.
+     * @internal - Never set to true in user applications
+     * @default false
+     */
+    hostedMode?: boolean;
 }
 /**
  * Unified Insforge Provider - manages authentication state and configuration
@@ -73,7 +80,7 @@ interface InsforgeProviderProps {
  * </InsforgeProvider>
  * ```
  */
-declare function InsforgeProviderCore({ children, baseUrl, afterSignInUrl, onAuthChange, onSignIn, onSignOut, initialState, }: InsforgeProviderProps): react_jsx_runtime.JSX.Element;
+declare function InsforgeProviderCore({ children, baseUrl, afterSignInUrl, onAuthChange, onSignIn, onSignOut, initialState, hostedMode, }: InsforgeProviderProps): react_jsx_runtime.JSX.Element;
 declare function InsforgeProvider(props: InsforgeProviderProps): react_jsx_runtime.JSX.Element;
 /**
  * Hook to access Insforge context

package/dist/index.js

@@ -109,22 +109,36 @@ var InsforgeManager = class _InsforgeManager {
   // Public initialization method
   // Even if we have initialState (isLoaded=true from cookies), we still need to load full user data from SDK/API
   async initialize() {
+    console.log("[InsforgeManager] initialize() called", {
+      isInitializing: this.isInitializing,
+      currentUser: this.user?.id || "none",
+      isLoaded: this.isLoaded,
+      hostedMode: this.config.hostedMode
+    });
     if (this.isInitializing) {
+      console.log("[InsforgeManager] Already initializing, skipping");
       return;
     }
     this.isInitializing = true;
     try {
       const sessionResult = this.sdk.auth.getCurrentSession();
       const hasToken = !!sessionResult.data?.session?.accessToken;
+      console.log("[InsforgeManager] Session check:", {
+        hasToken,
+        tokenPreview: hasToken ? sessionResult.data?.session?.accessToken?.substring(0, 20) + "..." : "none"
+      });
       if (hasToken) {
+        console.log("[InsforgeManager] Token found, loading auth state...");
         await this.loadAuthState();
       } else if (this.user === void 0) {
+        console.log("[InsforgeManager] No token and no initialState, marking as loaded with no user");
         this.user = null;
         this.isLoaded = true;
         this.notifyListeners();
       }
     } finally {
       this.isInitializing = false;
+      console.log("[InsforgeManager] initialize() completed");
     }
   }
   // Get current state
@@ -464,20 +478,39 @@ var InsforgeManager = class _InsforgeManager {
   // Handle auth redirect after successful authentication
   // Works for all auth sources: OAuth providers, cloud hosting sign-in, email verification
   handleAuthRedirect(isLoaded, user) {
+    console.log("[InsforgeManager] handleAuthRedirect called:", {
+      isLoaded,
+      hasUser: !!user,
+      userId: user?.id,
+      hostedMode: this.config.hostedMode,
+      afterSignInUrl: this.config.afterSignInUrl,
+      hasProcessedCallback: this.hasProcessedCallbackRef,
+      currentPath: typeof window !== "undefined" ? window.location.pathname : "SSR"
+    });
+    if (this.config.hostedMode) {
+      console.log("[InsforgeManager] \u{1F6AB} BLOCKED: hostedMode is enabled, skipping redirect");
+      return false;
+    }
     if (!isLoaded || this.hasProcessedCallbackRef) {
+      console.log("[InsforgeManager] \u{1F6AB} BLOCKED: isLoaded=", isLoaded, "hasProcessedCallback=", this.hasProcessedCallbackRef);
       return false;
     }
     if (user && this.config.afterSignInUrl) {
       const currentPath = window.location.pathname + window.location.search;
       const targetPath = this.config.afterSignInUrl;
+      console.log("[InsforgeManager] Checking redirect conditions:", {
+        currentPath,
+        targetPath,
+        shouldRedirect: currentPath !== targetPath
+      });
       if (currentPath !== targetPath && !this.hasProcessedCallbackRef) {
         this.hasProcessedCallbackRef = true;
-        setTimeout(() => {
-          window.location.href = targetPath;
-        }, 100);
-        return true;
+        console.log("[InsforgeManager] \u{1F504} REDIRECTING to:", targetPath);
+        console.log("[InsforgeManager] \u26A0\uFE0F REDIRECT BLOCKED FOR DEBUGGING");
+        return false;
       }
     }
+    console.log("[InsforgeManager] No redirect performed");
     return false;
   }
   // Cleanup
@@ -507,7 +540,8 @@ function InsforgeProviderCore({
   onAuthChange,
   onSignIn,
   onSignOut,
-  initialState
+  initialState,
+  hostedMode = false
 }) {
   const manager = useMemo(
     () => InsforgeManager.getInstance({
@@ -515,9 +549,10 @@ function InsforgeProviderCore({
       afterSignInUrl,
       onAuthChange,
       onSignIn,
-      onSignOut
+      onSignOut,
+      hostedMode
     }),
-    [baseUrl, afterSignInUrl, onAuthChange, onSignIn, onSignOut]
+    [baseUrl, afterSignInUrl, onAuthChange, onSignIn, onSignOut, hostedMode]
   );
   if (initialState) {
     const currentState = manager.getState();
@@ -2208,13 +2243,22 @@ function SignIn({ onError, ...uiProps }) {
         throw new Error(result.error);
       }
       const { user, accessToken, redirectTo } = result;
+      console.log("[SignIn] Login success:", {
+        hasUser: !!user,
+        userId: user?.id,
+        hasAccessToken: !!accessToken,
+        redirectTo,
+        redirectUrl,
+        currentLocation: window.location.href
+      });
       if (user) {
         const finalUrl = new URL(redirectTo || redirectUrl || "", window.location.origin);
         finalUrl.searchParams.set("access_token", accessToken);
         finalUrl.searchParams.set("user_id", user.id);
         finalUrl.searchParams.set("email", user.email);
         finalUrl.searchParams.set("name", user.name);
-        window.location.href = finalUrl.toString();
+        console.log("[SignIn] \u{1F504} About to redirect to:", finalUrl.toString());
+        console.log("[SignIn] \u26A0\uFE0F REDIRECT BLOCKED FOR DEBUGGING");
       }
     } catch (err) {
       const errorMessage = err instanceof Error ? err.message : "Sign in failed";