@insforge/sdk 1.0.1-refresh.2 → 1.0.1-refresh.4

package/dist/index.mjs

@@ -85,11 +85,11 @@ var HttpClient = class {
       method,
       headers: requestHeaders,
       body: processedBody,
-      credentials: "include",
-      // Essential for httpOnly cookies (refresh token)
-      ...fetchOptions
+      ...fetchOptions,
+      credentials: "include"
     });
-    if (response.status === 401 && !isRetry && this.refreshCallback) {
+    const isRefreshEndpoint = path.includes("/api/auth/refresh") || path.includes("/api/auth/logout");
+    if (response.status === 401 && !isRetry && !isRefreshEndpoint && this.refreshCallback) {
       const newToken = await this.handleTokenRefresh();
       if (newToken) {
         this.setAuthToken(newToken);
@@ -139,7 +139,7 @@ var HttpClient = class {
     }
     this.isRefreshing = true;
     try {
-      const newToken = await this.refreshCallback();
+      const newToken = await this.refreshCallback?.();
       this.refreshQueue.forEach(({ resolve, reject }) => {
         if (newToken) {
           resolve(newToken);
@@ -148,7 +148,7 @@ var HttpClient = class {
         }
       });
       this.refreshQueue = [];
-      return newToken;
+      return newToken || null;
     } catch (error) {
       this.refreshQueue.forEach(({ reject }) => {
         reject(error instanceof Error ? error : new Error("Token refresh failed"));
@@ -200,10 +200,9 @@ var SecureSessionStorage = class {
   saveSession(session) {
     this.accessToken = session.accessToken;
     this.user = session.user;
-    this.setAuthFlag(true);
   }
   getSession() {
-    if (!this.accessToken) return null;
+    if (!this.accessToken || !this.user) return null;
     return {
       accessToken: this.accessToken,
       user: this.user
@@ -224,30 +223,22 @@ var SecureSessionStorage = class {
   clearSession() {
     this.accessToken = null;
     this.user = null;
-    this.setAuthFlag(false);
   }
   shouldAttemptRefresh() {
     if (this.accessToken) return false;
     return this.hasAuthFlag();
   }
-  // --- Private: Auth Flag Cookie Management ---
-  setAuthFlag(authenticated) {
-    if (typeof document === "undefined") return;
-    if (authenticated) {
-      const maxAge = 7 * 24 * 60 * 60;
-      document.cookie = `${AUTH_FLAG_COOKIE}=true; path=/; max-age=${maxAge}; SameSite=Lax`;
-    } else {
-      document.cookie = `${AUTH_FLAG_COOKIE}=; path=/; max-age=0`;
-    }
-  }
+  // --- Private: Auth Flag Cookie Detection (read-only) ---
   hasAuthFlag() {
     if (typeof document === "undefined") return false;
-    return document.cookie.includes(`${AUTH_FLAG_COOKIE}=true`);
+    return document.cookie.split(";").some(
+      (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+    );
   }
 };
-var PersistentSessionStorage = class {
+var LocalSessionStorage = class {
   constructor(storage) {
-    this.strategyId = "persistent";
+    this.strategyId = "local";
     if (storage) {
       this.storage = storage;
     } else if (typeof window !== "undefined" && window.localStorage) {
@@ -313,10 +304,10 @@ var PersistentSessionStorage = class {
 var TokenManager = class {
   /**
    * Create a new TokenManager
-   * @param storage - Optional custom storage adapter (used for initial PersistentSessionStorage)
+   * @param storage - Optional custom storage adapter (used for initial LocalSessionStorage)
    */
   constructor(storage) {
-    this.strategy = new PersistentSessionStorage(storage);
+    this.strategy = new LocalSessionStorage(storage);
   }
   /**
    * Set the storage strategy
@@ -388,41 +379,6 @@ var TokenManager = class {
   }
 };
 
-// src/lib/capability-discovery.ts
-var DEFAULT_CAPABILITIES = {
-  secureSessionStorage: false,
-  refreshTokens: false
-};
-async function discoverCapabilities(baseUrl, fetchImpl = globalThis.fetch) {
-  try {
-    const response = await fetchImpl(`${baseUrl}/api/health`, {
-      method: "GET",
-      headers: {
-        "Accept": "application/json"
-      }
-    });
-    if (!response.ok) {
-      return DEFAULT_CAPABILITIES;
-    }
-    const health = await response.json();
-    if (health.capabilities) {
-      return health.capabilities;
-    }
-    return DEFAULT_CAPABILITIES;
-  } catch {
-    return DEFAULT_CAPABILITIES;
-  }
-}
-function createSessionStorage(capabilities, storage) {
-  if (capabilities.secureSessionStorage && capabilities.refreshTokens) {
-    return new SecureSessionStorage();
-  }
-  return new PersistentSessionStorage(storage);
-}
-function getDefaultCapabilities() {
-  return { ...DEFAULT_CAPABILITIES };
-}
-
 // src/modules/database-postgrest.ts
 import { PostgrestClient } from "@supabase/postgrest-js";
 function createInsForgePostgrestFetch(httpClient, tokenManager) {
@@ -532,62 +488,73 @@ var Auth = class {
   constructor(http, tokenManager) {
     this.http = http;
     this.tokenManager = tokenManager;
-    this.initPromise = null;
     this.database = new Database(http, tokenManager);
+    this.detectAuthCallback();
   }
   /**
-   * Check if an error represents an authentication failure
-   * Used to determine appropriate HTTP status code (401 vs 500)
+   * Check if the isAuthenticated cookie flag exists
    */
-  isAuthenticationError(error) {
-    if (error instanceof Error) {
-      const message = error.message.toLowerCase();
-      const authKeywords = [
-        "unauthorized",
-        "invalid token",
-        "expired token",
-        "token expired",
-        "invalid refresh token",
-        "refresh token",
-        "authentication",
-        "not authenticated",
-        "session expired"
-      ];
-      return authKeywords.some((keyword) => message.includes(keyword));
-    }
-    return false;
+  hasAuthenticatedCookie() {
+    if (typeof document === "undefined") return false;
+    return document.cookie.split(";").some(
+      (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+    );
   }
   /**
-   * Set the initialization promise that auth operations should wait for
-   * This ensures TokenManager mode is set before any auth operations
+   * Switch to SecureSessionStorage (cookie-based auth)
+   * Called when we detect backend supports secure cookie mode
+   * @internal
    */
-  setInitPromise(promise) {
-    this.initPromise = promise;
-    this.detectAuthCallbackAsync();
+  _switchToSecureStorage() {
+    if (this.tokenManager.getStrategyId() === "secure") return;
+    const currentSession = this.tokenManager.getSession();
+    this.tokenManager.setStrategy(new SecureSessionStorage());
+    if (typeof localStorage !== "undefined") {
+      localStorage.removeItem(TOKEN_KEY);
+      localStorage.removeItem(USER_KEY);
+    }
+    if (currentSession) {
+      this.tokenManager.saveSession(currentSession);
+    }
   }
   /**
-   * Wait for initialization to complete (if set)
+   * Switch to LocalSessionStorage (localStorage-based auth)
+   * Called when cookie-based auth fails (fallback)
+   * @internal
    */
-  async waitForInit() {
-    if (this.initPromise) {
-      await this.initPromise;
+  _switchToLocalStorage() {
+    if (this.tokenManager.getStrategyId() === "local") return;
+    const currentSession = this.tokenManager.getSession();
+    this.tokenManager.setStrategy(new LocalSessionStorage());
+    if (currentSession) {
+      this.tokenManager.saveSession(currentSession);
     }
   }
   /**
-   * Automatically detect and handle OAuth callback parameters in the URL
-   * This runs after initialization to seamlessly complete the OAuth flow
-   * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+   * Detect storage strategy after successful auth
+   * Checks for isAuthenticated cookie to determine backend mode
+   * @internal
    */
-  async detectAuthCallbackAsync() {
+  _detectStorageAfterAuth() {
+    if (this.hasAuthenticatedCookie()) {
+      this._switchToSecureStorage();
+    }
+  }
+  /**
+  * Automatically detect and handle OAuth callback parameters in the URL
+  * This runs on initialization to seamlessly complete the OAuth flow
+  * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+  */
+  detectAuthCallback() {
     if (typeof window === "undefined") return;
     try {
-      await this.waitForInit();
       const params = new URLSearchParams(window.location.search);
       const accessToken = params.get("access_token");
       const userId = params.get("user_id");
       const email = params.get("email");
       const name = params.get("name");
       if (accessToken && userId && email) {
+        this._detectStorageAfterAuth();
         const session = {
           accessToken,
           user: {
@@ -613,7 +580,8 @@ var Auth = class {
         }
         window.history.replaceState({}, document.title, url.toString());
       }
-    } catch {
+    } catch (error) {
+      console.debug("OAuth callback detection skipped:", error);
     }
   }
   /**
@@ -621,7 +589,6 @@ var Auth = class {
    */
   async signUp(request) {
     try {
-      await this.waitForInit();
       const response = await this.http.post("/api/auth/users", request);
       if (response.accessToken && response.user) {
         const session = {
@@ -632,6 +599,7 @@ var Auth = class {
           this.tokenManager.saveSession(session);
         }
         this.http.setAuthToken(response.accessToken);
+        this._detectStorageAfterAuth();
       }
       return {
         data: response,
@@ -656,7 +624,6 @@ var Auth = class {
    */
   async signInWithPassword(request) {
     try {
-      await this.waitForInit();
       const response = await this.http.post("/api/auth/sessions", request);
       const session = {
         accessToken: response.accessToken || "",
@@ -673,6 +640,7 @@ var Auth = class {
         this.tokenManager.saveSession(session);
       }
       this.http.setAuthToken(response.accessToken || "");
+      this._detectStorageAfterAuth();
       return {
         data: response,
         error: null
@@ -782,15 +750,9 @@ var Auth = class {
         }
         throw error;
       }
-      const errorMessage = error instanceof Error ? error.message : "Token refresh failed";
-      const isAuthError = this.isAuthenticationError(error);
-      if (isAuthError) {
-        this.tokenManager.clearSession();
-        this.http.setAuthToken(null);
-      }
       throw new InsForgeError(
-        errorMessage,
-        isAuthError ? 401 : 500,
+        "Token refresh failed",
+        500,
         "REFRESH_FAILED"
       );
     }
@@ -835,14 +797,27 @@ var Auth = class {
   /**
    * Get the current user with full profile information
    * Returns both auth info (id, email, role) and profile data (dynamic fields from users table)
+   * 
+   * In secure session mode (httpOnly cookie), this method will automatically attempt
+   * to refresh the session if no access token is available (e.g., after page reload).
    */
   async getCurrentUser() {
     try {
-      const session = this.tokenManager.getSession();
-      if (!session?.accessToken) {
+      let accessToken = this.tokenManager.getAccessToken();
+      if (!accessToken && this.tokenManager.shouldAttemptRefresh()) {
+        try {
+          accessToken = await this.refreshToken();
+        } catch (error) {
+          if (error instanceof InsForgeError && (error.statusCode === 401 || error.statusCode === 403)) {
+            return { data: null, error };
+          }
+          return { data: null, error: error instanceof InsForgeError ? error : new InsForgeError("Token refresh failed", 500, "REFRESH_FAILED") };
+        }
+      }
+      if (!accessToken) {
         return { data: null, error: null };
       }
-      this.http.setAuthToken(session.accessToken);
+      this.http.setAuthToken(accessToken);
       const authResponse = await this.http.get("/api/auth/sessions/current");
       const { data: profile, error: profileError } = await this.database.from("users").select("*").eq("id", authResponse.user.id).single();
       if (profileError && profileError.code !== "PGRST116") {
@@ -1101,7 +1076,6 @@ var Auth = class {
    */
   async verifyEmail(request) {
     try {
-      await this.waitForInit();
       const response = await this.http.post(
         "/api/auth/email/verify",
         request
@@ -1656,13 +1630,19 @@ var Functions = class {
 };
 
 // src/client.ts
+function hasAuthenticatedCookie() {
+  if (typeof document === "undefined") return false;
+  return document.cookie.split(";").some(
+    (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+  );
+}
 var InsForgeClient = class {
   constructor(config = {}) {
-    this.initialized = false;
-    this.initializationPromise = null;
-    this.capabilities = null;
     this.http = new HttpClient(config);
     this.tokenManager = new TokenManager(config.storage);
+    if (hasAuthenticatedCookie()) {
+      this.tokenManager.setStrategy(new SecureSessionStorage());
+    }
     if (config.edgeFunctionToken) {
       this.http.setAuthToken(config.edgeFunctionToken);
       this.tokenManager.saveSession({
@@ -1671,65 +1651,26 @@ var InsForgeClient = class {
         // Will be populated by getCurrentUser()
       });
     }
-    this.auth = new Auth(this.http, this.tokenManager);
     this.http.setRefreshCallback(async () => {
       try {
         return await this.auth.refreshToken();
       } catch {
+        if (this.tokenManager.getStrategyId() === "secure") {
+          this.auth._switchToLocalStorage();
+        }
         return null;
       }
     });
     const existingSession = this.tokenManager.getSession();
     if (existingSession?.accessToken) {
       this.http.setAuthToken(existingSession.accessToken);
+    } else if (this.tokenManager.getStrategyId() === "secure") {
     }
+    this.auth = new Auth(this.http, this.tokenManager);
     this.database = new Database(this.http, this.tokenManager);
     this.storage = new Storage(this.http);
     this.ai = new AI(this.http);
     this.functions = new Functions(this.http);
-    this.initializationPromise = this.initializeAsync();
-    this.auth.setInitPromise(this.initializationPromise);
-  }
-  /**
-   * Initialize the client by discovering backend capabilities
-   * This is called automatically on construction but can be awaited for guaranteed initialization
-   * 
-   * @example
-   * ```typescript
-   * const client = new InsForgeClient({ baseUrl: 'https://api.example.com' });
-   * await client.initialize(); // Wait for capability discovery
-   * ```
-   */
-  async initialize() {
-    if (this.initializationPromise) {
-      await this.initializationPromise;
-    }
-  }
-  /**
-   * Internal async initialization - discovers capabilities and configures storage strategy
-   */
-  async initializeAsync() {
-    if (this.initialized) return;
-    try {
-      this.capabilities = await discoverCapabilities(
-        this.http.baseUrl,
-        this.http.fetch
-      );
-      const strategy = createSessionStorage(this.capabilities);
-      this.tokenManager.setStrategy(strategy);
-      if (this.capabilities.refreshTokens && this.tokenManager.shouldAttemptRefresh()) {
-        try {
-          const newToken = await this.auth.refreshToken();
-          this.http.setAuthToken(newToken);
-        } catch {
-          this.tokenManager.clearSession();
-          this.http.setAuthToken(null);
-        }
-      }
-      this.initialized = true;
-    } catch {
-      this.initialized = true;
-    }
   }
   /**
    * Get the underlying HTTP client for custom requests
@@ -1743,12 +1684,6 @@ var InsForgeClient = class {
   getHttpClient() {
     return this.http;
   }
-  /**
-   * Get the discovered backend capabilities
-   */
-  getCapabilities() {
-    return this.capabilities;
-  }
   /**
    * Get the current storage strategy identifier
    */
@@ -1756,11 +1691,13 @@ var InsForgeClient = class {
     return this.tokenManager.getStrategyId();
   }
   /**
-   * Check if the client has been fully initialized
+   * Future modules will be added here:
+   * - database: Database operations
+   * - storage: File storage operations
+   * - functions: Serverless functions
+   * - tables: Table management
+   * - metadata: Backend metadata
    */
-  isInitialized() {
-    return this.initialized;
-  }
 };
 
 // src/index.ts
@@ -1776,15 +1713,12 @@ export {
   HttpClient,
   InsForgeClient,
   InsForgeError,
-  PersistentSessionStorage,
+  LocalSessionStorage,
   SecureSessionStorage,
   Storage,
   StorageBucket,
   TokenManager,
   createClient,
-  createSessionStorage,
-  index_default as default,
-  discoverCapabilities,
-  getDefaultCapabilities
+  index_default as default
 };
 //# sourceMappingURL=index.mjs.map