npm - @insforge/sdk - Versions diffs - 1.0.1-refresh.2 → 1.0.1-refresh.4 - Mend

@insforge/sdk 1.0.1-refresh.2 → 1.0.1-refresh.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js CHANGED Viewed

@@ -27,16 +27,13 @@ __export(index_exports, {
   HttpClient: () => HttpClient,
   InsForgeClient: () => InsForgeClient,
   InsForgeError: () => InsForgeError,
-  PersistentSessionStorage: () => PersistentSessionStorage,
+  LocalSessionStorage: () => LocalSessionStorage,
   SecureSessionStorage: () => SecureSessionStorage,
   Storage: () => Storage,
   StorageBucket: () => StorageBucket,
   TokenManager: () => TokenManager,
   createClient: () => createClient,
-  createSessionStorage: () => createSessionStorage,
-  default: () => index_default,
-  discoverCapabilities: () => discoverCapabilities,
-  getDefaultCapabilities: () => getDefaultCapabilities
+  default: () => index_default
 });
 module.exports = __toCommonJS(index_exports);
@@ -127,11 +124,11 @@ var HttpClient = class {
       method,
       headers: requestHeaders,
       body: processedBody,
-      credentials: "include",
-      // Essential for httpOnly cookies (refresh token)
-      ...fetchOptions
+      ...fetchOptions,
+      credentials: "include"
     });
-    if (response.status === 401 && !isRetry && this.refreshCallback) {
+    const isRefreshEndpoint = path.includes("/api/auth/refresh") || path.includes("/api/auth/logout");
+    if (response.status === 401 && !isRetry && !isRefreshEndpoint && this.refreshCallback) {
       const newToken = await this.handleTokenRefresh();
       if (newToken) {
         this.setAuthToken(newToken);
@@ -181,7 +178,7 @@ var HttpClient = class {
     }
     this.isRefreshing = true;
     try {
-      const newToken = await this.refreshCallback();
+      const newToken = await this.refreshCallback?.();
       this.refreshQueue.forEach(({ resolve, reject }) => {
         if (newToken) {
           resolve(newToken);
@@ -190,7 +187,7 @@ var HttpClient = class {
         }
       });
       this.refreshQueue = [];
-      return newToken;
+      return newToken || null;
     } catch (error) {
       this.refreshQueue.forEach(({ reject }) => {
         reject(error instanceof Error ? error : new Error("Token refresh failed"));
@@ -242,10 +239,9 @@ var SecureSessionStorage = class {
   saveSession(session) {
     this.accessToken = session.accessToken;
     this.user = session.user;
-    this.setAuthFlag(true);
   }
   getSession() {
-    if (!this.accessToken) return null;
+    if (!this.accessToken || !this.user) return null;
     return {
       accessToken: this.accessToken,
       user: this.user
@@ -266,30 +262,22 @@ var SecureSessionStorage = class {
   clearSession() {
     this.accessToken = null;
     this.user = null;
-    this.setAuthFlag(false);
   }
   shouldAttemptRefresh() {
     if (this.accessToken) return false;
     return this.hasAuthFlag();
   }
-  // --- Private: Auth Flag Cookie Management ---
-  setAuthFlag(authenticated) {
-    if (typeof document === "undefined") return;
-    if (authenticated) {
-      const maxAge = 7 * 24 * 60 * 60;
-      document.cookie = `${AUTH_FLAG_COOKIE}=true; path=/; max-age=${maxAge}; SameSite=Lax`;
-    } else {
-      document.cookie = `${AUTH_FLAG_COOKIE}=; path=/; max-age=0`;
-    }
-  }
+  // --- Private: Auth Flag Cookie Detection (read-only) ---
   hasAuthFlag() {
     if (typeof document === "undefined") return false;
-    return document.cookie.includes(`${AUTH_FLAG_COOKIE}=true`);
+    return document.cookie.split(";").some(
+      (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+    );
   }
 };
-var PersistentSessionStorage = class {
+var LocalSessionStorage = class {
   constructor(storage) {
-    this.strategyId = "persistent";
+    this.strategyId = "local";
     if (storage) {
       this.storage = storage;
     } else if (typeof window !== "undefined" && window.localStorage) {
@@ -355,10 +343,10 @@ var PersistentSessionStorage = class {
 var TokenManager = class {
   /**
    * Create a new TokenManager
-   * @param storage - Optional custom storage adapter (used for initial PersistentSessionStorage)
+   * @param storage - Optional custom storage adapter (used for initial LocalSessionStorage)
    */
   constructor(storage) {
-    this.strategy = new PersistentSessionStorage(storage);
+    this.strategy = new LocalSessionStorage(storage);
   }
   /**
    * Set the storage strategy
@@ -430,41 +418,6 @@ var TokenManager = class {
   }
 };
-// src/lib/capability-discovery.ts
-var DEFAULT_CAPABILITIES = {
-  secureSessionStorage: false,
-  refreshTokens: false
-};
-async function discoverCapabilities(baseUrl, fetchImpl = globalThis.fetch) {
-  try {
-    const response = await fetchImpl(`${baseUrl}/api/health`, {
-      method: "GET",
-      headers: {
-        "Accept": "application/json"
-      }
-    });
-    if (!response.ok) {
-      return DEFAULT_CAPABILITIES;
-    }
-    const health = await response.json();
-    if (health.capabilities) {
-      return health.capabilities;
-    }
-    return DEFAULT_CAPABILITIES;
-  } catch {
-    return DEFAULT_CAPABILITIES;
-  }
-}
-function createSessionStorage(capabilities, storage) {
-  if (capabilities.secureSessionStorage && capabilities.refreshTokens) {
-    return new SecureSessionStorage();
-  }
-  return new PersistentSessionStorage(storage);
-}
-function getDefaultCapabilities() {
-  return { ...DEFAULT_CAPABILITIES };
-}
 // src/modules/database-postgrest.ts
 var import_postgrest_js = require("@supabase/postgrest-js");
 function createInsForgePostgrestFetch(httpClient, tokenManager) {
@@ -574,62 +527,73 @@ var Auth = class {
   constructor(http, tokenManager) {
     this.http = http;
     this.tokenManager = tokenManager;
-    this.initPromise = null;
     this.database = new Database(http, tokenManager);
+    this.detectAuthCallback();
   }
   /**
-   * Check if an error represents an authentication failure
-   * Used to determine appropriate HTTP status code (401 vs 500)
+   * Check if the isAuthenticated cookie flag exists
    */
-  isAuthenticationError(error) {
-    if (error instanceof Error) {
-      const message = error.message.toLowerCase();
-      const authKeywords = [
-        "unauthorized",
-        "invalid token",
-        "expired token",
-        "token expired",
-        "invalid refresh token",
-        "refresh token",
-        "authentication",
-        "not authenticated",
-        "session expired"
-      ];
-      return authKeywords.some((keyword) => message.includes(keyword));
-    }
-    return false;
+  hasAuthenticatedCookie() {
+    if (typeof document === "undefined") return false;
+    return document.cookie.split(";").some(
+      (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+    );
   }
   /**
-   * Set the initialization promise that auth operations should wait for
-   * This ensures TokenManager mode is set before any auth operations
+   * Switch to SecureSessionStorage (cookie-based auth)
+   * Called when we detect backend supports secure cookie mode
+   * @internal
    */
-  setInitPromise(promise) {
-    this.initPromise = promise;
-    this.detectAuthCallbackAsync();
+  _switchToSecureStorage() {
+    if (this.tokenManager.getStrategyId() === "secure") return;
+    const currentSession = this.tokenManager.getSession();
+    this.tokenManager.setStrategy(new SecureSessionStorage());
+    if (typeof localStorage !== "undefined") {
+      localStorage.removeItem(TOKEN_KEY);
+      localStorage.removeItem(USER_KEY);
+    }
+    if (currentSession) {
+      this.tokenManager.saveSession(currentSession);
+    }
   }
   /**
-   * Wait for initialization to complete (if set)
+   * Switch to LocalSessionStorage (localStorage-based auth)
+   * Called when cookie-based auth fails (fallback)
+   * @internal
    */
-  async waitForInit() {
-    if (this.initPromise) {
-      await this.initPromise;
+  _switchToLocalStorage() {
+    if (this.tokenManager.getStrategyId() === "local") return;
+    const currentSession = this.tokenManager.getSession();
+    this.tokenManager.setStrategy(new LocalSessionStorage());
+    if (currentSession) {
+      this.tokenManager.saveSession(currentSession);
     }
   }
   /**
-   * Automatically detect and handle OAuth callback parameters in the URL
-   * This runs after initialization to seamlessly complete the OAuth flow
-   * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+   * Detect storage strategy after successful auth
+   * Checks for isAuthenticated cookie to determine backend mode
+   * @internal
    */
-  async detectAuthCallbackAsync() {
+  _detectStorageAfterAuth() {
+    if (this.hasAuthenticatedCookie()) {
+      this._switchToSecureStorage();
+    }
+  }
+  /**
+  * Automatically detect and handle OAuth callback parameters in the URL
+  * This runs on initialization to seamlessly complete the OAuth flow
+  * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+  */
+  detectAuthCallback() {
     if (typeof window === "undefined") return;
     try {
-      await this.waitForInit();
       const params = new URLSearchParams(window.location.search);
       const accessToken = params.get("access_token");
       const userId = params.get("user_id");
       const email = params.get("email");
       const name = params.get("name");
       if (accessToken && userId && email) {
+        this._detectStorageAfterAuth();
         const session = {
           accessToken,
           user: {
@@ -655,7 +619,8 @@ var Auth = class {
         }
         window.history.replaceState({}, document.title, url.toString());
       }
-    } catch {
+    } catch (error) {
+      console.debug("OAuth callback detection skipped:", error);
     }
   }
   /**
@@ -663,7 +628,6 @@ var Auth = class {
    */
   async signUp(request) {
     try {
-      await this.waitForInit();
       const response = await this.http.post("/api/auth/users", request);
       if (response.accessToken && response.user) {
         const session = {
@@ -674,6 +638,7 @@ var Auth = class {
           this.tokenManager.saveSession(session);
         }
         this.http.setAuthToken(response.accessToken);
+        this._detectStorageAfterAuth();
       }
       return {
         data: response,
@@ -698,7 +663,6 @@ var Auth = class {
    */
   async signInWithPassword(request) {
     try {
-      await this.waitForInit();
       const response = await this.http.post("/api/auth/sessions", request);
       const session = {
         accessToken: response.accessToken || "",
@@ -715,6 +679,7 @@ var Auth = class {
         this.tokenManager.saveSession(session);
       }
       this.http.setAuthToken(response.accessToken || "");
+      this._detectStorageAfterAuth();
       return {
         data: response,
         error: null
@@ -824,15 +789,9 @@ var Auth = class {
         }
         throw error;
       }
-      const errorMessage = error instanceof Error ? error.message : "Token refresh failed";
-      const isAuthError = this.isAuthenticationError(error);
-      if (isAuthError) {
-        this.tokenManager.clearSession();
-        this.http.setAuthToken(null);
-      }
       throw new InsForgeError(
-        errorMessage,
-        isAuthError ? 401 : 500,
+        "Token refresh failed",
+        500,
         "REFRESH_FAILED"
       );
     }
@@ -877,14 +836,27 @@ var Auth = class {
   /**
    * Get the current user with full profile information
    * Returns both auth info (id, email, role) and profile data (dynamic fields from users table)
+   *
+   * In secure session mode (httpOnly cookie), this method will automatically attempt
+   * to refresh the session if no access token is available (e.g., after page reload).
    */
   async getCurrentUser() {
     try {
-      const session = this.tokenManager.getSession();
-      if (!session?.accessToken) {
+      let accessToken = this.tokenManager.getAccessToken();
+      if (!accessToken && this.tokenManager.shouldAttemptRefresh()) {
+        try {
+          accessToken = await this.refreshToken();
+        } catch (error) {
+          if (error instanceof InsForgeError && (error.statusCode === 401 || error.statusCode === 403)) {
+            return { data: null, error };
+          }
+          return { data: null, error: error instanceof InsForgeError ? error : new InsForgeError("Token refresh failed", 500, "REFRESH_FAILED") };
+        }
+      }
+      if (!accessToken) {
         return { data: null, error: null };
       }
-      this.http.setAuthToken(session.accessToken);
+      this.http.setAuthToken(accessToken);
       const authResponse = await this.http.get("/api/auth/sessions/current");
       const { data: profile, error: profileError } = await this.database.from("users").select("*").eq("id", authResponse.user.id).single();
       if (profileError && profileError.code !== "PGRST116") {
@@ -1143,7 +1115,6 @@ var Auth = class {
    */
   async verifyEmail(request) {
     try {
-      await this.waitForInit();
       const response = await this.http.post(
         "/api/auth/email/verify",
         request
@@ -1698,13 +1669,19 @@ var Functions = class {
 };
 // src/client.ts
+function hasAuthenticatedCookie() {
+  if (typeof document === "undefined") return false;
+  return document.cookie.split(";").some(
+    (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+  );
+}
 var InsForgeClient = class {
   constructor(config = {}) {
-    this.initialized = false;
-    this.initializationPromise = null;
-    this.capabilities = null;
     this.http = new HttpClient(config);
     this.tokenManager = new TokenManager(config.storage);
+    if (hasAuthenticatedCookie()) {
+      this.tokenManager.setStrategy(new SecureSessionStorage());
+    }
     if (config.edgeFunctionToken) {
       this.http.setAuthToken(config.edgeFunctionToken);
       this.tokenManager.saveSession({
@@ -1713,65 +1690,26 @@ var InsForgeClient = class {
         // Will be populated by getCurrentUser()
       });
     }
-    this.auth = new Auth(this.http, this.tokenManager);
     this.http.setRefreshCallback(async () => {
       try {
         return await this.auth.refreshToken();
       } catch {
+        if (this.tokenManager.getStrategyId() === "secure") {
+          this.auth._switchToLocalStorage();
+        }
         return null;
       }
     });
     const existingSession = this.tokenManager.getSession();
     if (existingSession?.accessToken) {
       this.http.setAuthToken(existingSession.accessToken);
+    } else if (this.tokenManager.getStrategyId() === "secure") {
     }
+    this.auth = new Auth(this.http, this.tokenManager);
     this.database = new Database(this.http, this.tokenManager);
     this.storage = new Storage(this.http);
     this.ai = new AI(this.http);
     this.functions = new Functions(this.http);
-    this.initializationPromise = this.initializeAsync();
-    this.auth.setInitPromise(this.initializationPromise);
-  }
-  /**
-   * Initialize the client by discovering backend capabilities
-   * This is called automatically on construction but can be awaited for guaranteed initialization
-   *
-   * @example
-   * ```typescript
-   * const client = new InsForgeClient({ baseUrl: 'https://api.example.com' });
-   * await client.initialize(); // Wait for capability discovery
-   * ```
-   */
-  async initialize() {
-    if (this.initializationPromise) {
-      await this.initializationPromise;
-    }
-  }
-  /**
-   * Internal async initialization - discovers capabilities and configures storage strategy
-   */
-  async initializeAsync() {
-    if (this.initialized) return;
-    try {
-      this.capabilities = await discoverCapabilities(
-        this.http.baseUrl,
-        this.http.fetch
-      );
-      const strategy = createSessionStorage(this.capabilities);
-      this.tokenManager.setStrategy(strategy);
-      if (this.capabilities.refreshTokens && this.tokenManager.shouldAttemptRefresh()) {
-        try {
-          const newToken = await this.auth.refreshToken();
-          this.http.setAuthToken(newToken);
-        } catch {
-          this.tokenManager.clearSession();
-          this.http.setAuthToken(null);
-        }
-      }
-      this.initialized = true;
-    } catch {
-      this.initialized = true;
-    }
   }
   /**
    * Get the underlying HTTP client for custom requests
@@ -1785,12 +1723,6 @@ var InsForgeClient = class {
   getHttpClient() {
     return this.http;
   }
-  /**
-   * Get the discovered backend capabilities
-   */
-  getCapabilities() {
-    return this.capabilities;
-  }
   /**
    * Get the current storage strategy identifier
    */
@@ -1798,11 +1730,13 @@ var InsForgeClient = class {
     return this.tokenManager.getStrategyId();
   }
   /**
-   * Check if the client has been fully initialized
+   * Future modules will be added here:
+   * - database: Database operations
+   * - storage: File storage operations
+   * - functions: Serverless functions
+   * - tables: Table management
+   * - metadata: Backend metadata
    */
-  isInitialized() {
-    return this.initialized;
-  }
 };
 // src/index.ts
@@ -1819,14 +1753,11 @@ var index_default = InsForgeClient;
   HttpClient,
   InsForgeClient,
   InsForgeError,
-  PersistentSessionStorage,
+  LocalSessionStorage,
   SecureSessionStorage,
   Storage,
   StorageBucket,
   TokenManager,
-  createClient,
-  createSessionStorage,
-  discoverCapabilities,
-  getDefaultCapabilities
+  createClient
 });
 //# sourceMappingURL=index.js.map