npm - @insforge/sdk - Versions diffs - 1.0.1-refresh.3 → 1.0.1-refresh.4 - Mend

@insforge/sdk 1.0.1-refresh.3 → 1.0.1-refresh.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js CHANGED Viewed

@@ -33,10 +33,7 @@ __export(index_exports, {
   StorageBucket: () => StorageBucket,
   TokenManager: () => TokenManager,
   createClient: () => createClient,
-  createSessionStorage: () => createSessionStorage,
-  default: () => index_default,
-  discoverBackendConfig: () => discoverBackendConfig,
-  getDefaultBackendConfig: () => getDefaultBackendConfig
+  default: () => index_default
 });
 module.exports = __toCommonJS(index_exports);
@@ -127,11 +124,11 @@ var HttpClient = class {
       method,
       headers: requestHeaders,
       body: processedBody,
-      credentials: "include",
-      // Essential for httpOnly cookies (refresh token)
-      ...fetchOptions
+      ...fetchOptions,
+      credentials: "include"
     });
-    if (response.status === 401 && !isRetry && this.refreshCallback) {
+    const isRefreshEndpoint = path.includes("/api/auth/refresh") || path.includes("/api/auth/logout");
+    if (response.status === 401 && !isRetry && !isRefreshEndpoint && this.refreshCallback) {
       const newToken = await this.handleTokenRefresh();
       if (newToken) {
         this.setAuthToken(newToken);
@@ -181,7 +178,7 @@ var HttpClient = class {
     }
     this.isRefreshing = true;
     try {
-      const newToken = await this.refreshCallback();
+      const newToken = await this.refreshCallback?.();
       this.refreshQueue.forEach(({ resolve, reject }) => {
         if (newToken) {
           resolve(newToken);
@@ -190,7 +187,7 @@ var HttpClient = class {
         }
       });
       this.refreshQueue = [];
-      return newToken;
+      return newToken || null;
     } catch (error) {
       this.refreshQueue.forEach(({ reject }) => {
         reject(error instanceof Error ? error : new Error("Token refresh failed"));
@@ -242,10 +239,9 @@ var SecureSessionStorage = class {
   saveSession(session) {
     this.accessToken = session.accessToken;
     this.user = session.user;
-    this.setAuthFlag(true);
   }
   getSession() {
-    if (!this.accessToken) return null;
+    if (!this.accessToken || !this.user) return null;
     return {
       accessToken: this.accessToken,
       user: this.user
@@ -266,25 +262,17 @@ var SecureSessionStorage = class {
   clearSession() {
     this.accessToken = null;
     this.user = null;
-    this.setAuthFlag(false);
   }
   shouldAttemptRefresh() {
     if (this.accessToken) return false;
     return this.hasAuthFlag();
   }
-  // --- Private: Auth Flag Cookie Management ---
-  setAuthFlag(authenticated) {
-    if (typeof document === "undefined") return;
-    if (authenticated) {
-      const maxAge = 7 * 24 * 60 * 60;
-      document.cookie = `${AUTH_FLAG_COOKIE}=true; path=/; max-age=${maxAge}; SameSite=Lax`;
-    } else {
-      document.cookie = `${AUTH_FLAG_COOKIE}=; path=/; max-age=0`;
-    }
-  }
+  // --- Private: Auth Flag Cookie Detection (read-only) ---
   hasAuthFlag() {
     if (typeof document === "undefined") return false;
-    return document.cookie.includes(`${AUTH_FLAG_COOKIE}=true`);
+    return document.cookie.split(";").some(
+      (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+    );
   }
 };
 var LocalSessionStorage = class {
@@ -430,41 +418,6 @@ var TokenManager = class {
   }
 };
-// src/lib/backend-config.ts
-var DEFAULT_CONFIG = {
-  secureSessionStorage: false,
-  refreshTokens: false
-};
-async function discoverBackendConfig(baseUrl, fetchImpl = globalThis.fetch) {
-  try {
-    const response = await fetchImpl(`${baseUrl}/api/health`, {
-      method: "GET",
-      headers: {
-        "Accept": "application/json"
-      }
-    });
-    if (!response.ok) {
-      return DEFAULT_CONFIG;
-    }
-    const health = await response.json();
-    if (health.config) {
-      return health.config;
-    }
-    return DEFAULT_CONFIG;
-  } catch {
-    return DEFAULT_CONFIG;
-  }
-}
-function createSessionStorage(config, storage) {
-  if (config.secureSessionStorage && config.refreshTokens) {
-    return new SecureSessionStorage();
-  }
-  return new LocalSessionStorage(storage);
-}
-function getDefaultBackendConfig() {
-  return { ...DEFAULT_CONFIG };
-}
 // src/modules/database-postgrest.ts
 var import_postgrest_js = require("@supabase/postgrest-js");
 function createInsForgePostgrestFetch(httpClient, tokenManager) {
@@ -571,99 +524,66 @@ function isHostedAuthEnvironment() {
   return false;
 }
 var Auth = class {
-  constructor(http, tokenManager, initializePromise) {
+  constructor(http, tokenManager) {
     this.http = http;
     this.tokenManager = tokenManager;
-    this.authStateListeners = /* @__PURE__ */ new Set();
     this.database = new Database(http, tokenManager);
-    this.initializePromise = initializePromise ?? Promise.resolve();
+    this.detectAuthCallback();
   }
   /**
-   * Subscribe to auth state changes
-   *
-   * New subscribers will receive an INITIAL_SESSION event after initialization completes.
-   * This ensures no race condition where subscribers miss the initial state.
-   *
-   * @param callback - Function called when auth state changes
-   * @returns Unsubscribe function
-   *
-   * @example
-   * ```typescript
-   * const { data: { subscription } } = client.auth.onAuthStateChange((event, session) => {
-   *   if (event === 'SIGNED_IN') {
-   *     console.log('User signed in:', session?.user.email);
-   *   } else if (event === 'SIGNED_OUT') {
-   *     console.log('User signed out');
-   *   }
-   * });
-   *
-   * // Later: unsubscribe
-   * subscription.unsubscribe();
-   * ```
+   * Check if the isAuthenticated cookie flag exists
    */
-  onAuthStateChange(callback) {
-    this.authStateListeners.add(callback);
-    ;
-    (async () => {
-      await this.initializePromise;
-      if (this.authStateListeners.has(callback)) {
-        const session = this.tokenManager.getSession();
-        try {
-          callback("INITIAL_SESSION", session);
-        } catch (error) {
-          console.error("[Auth] Error in auth state change listener:", error);
-        }
-      }
-    })();
-    return {
-      data: {
-        subscription: {
-          unsubscribe: () => {
-            this.authStateListeners.delete(callback);
-          }
-        }
-      }
-    };
+  hasAuthenticatedCookie() {
+    if (typeof document === "undefined") return false;
+    return document.cookie.split(";").some(
+      (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+    );
   }
   /**
-   * Emit auth state change to all listeners
+   * Switch to SecureSessionStorage (cookie-based auth)
+   * Called when we detect backend supports secure cookie mode
    * @internal
    */
-  _emitAuthStateChange(event, session) {
-    this.authStateListeners.forEach((callback) => {
-      try {
-        callback(event, session);
-      } catch (error) {
-        console.error("[Auth] Error in auth state change listener:", error);
-      }
-    });
+  _switchToSecureStorage() {
+    if (this.tokenManager.getStrategyId() === "secure") return;
+    const currentSession = this.tokenManager.getSession();
+    this.tokenManager.setStrategy(new SecureSessionStorage());
+    if (typeof localStorage !== "undefined") {
+      localStorage.removeItem(TOKEN_KEY);
+      localStorage.removeItem(USER_KEY);
+    }
+    if (currentSession) {
+      this.tokenManager.saveSession(currentSession);
+    }
   }
   /**
-   * Check if an error represents an authentication failure
-   * Used to determine appropriate HTTP status code (401 vs 500)
+   * Switch to LocalSessionStorage (localStorage-based auth)
+   * Called when cookie-based auth fails (fallback)
+   * @internal
    */
-  isAuthenticationError(error) {
-    if (error instanceof Error) {
-      const message = error.message.toLowerCase();
-      const authKeywords = [
-        "unauthorized",
-        "invalid token",
-        "expired token",
-        "token expired",
-        "invalid refresh token",
-        "refresh token",
-        "authentication",
-        "not authenticated",
-        "session expired"
-      ];
-      return authKeywords.some((keyword) => message.includes(keyword));
+  _switchToLocalStorage() {
+    if (this.tokenManager.getStrategyId() === "local") return;
+    const currentSession = this.tokenManager.getSession();
+    this.tokenManager.setStrategy(new LocalSessionStorage());
+    if (currentSession) {
+      this.tokenManager.saveSession(currentSession);
     }
-    return false;
   }
   /**
-   * Detect and handle OAuth callback parameters in the URL.
-   * Called by client after initialization.
+   * Detect storage strategy after successful auth
+   * Checks for isAuthenticated cookie to determine backend mode
+   * @internal
    */
+  _detectStorageAfterAuth() {
+    if (this.hasAuthenticatedCookie()) {
+      this._switchToSecureStorage();
+    }
+  }
+  /**
+  * Automatically detect and handle OAuth callback parameters in the URL
+  * This runs on initialization to seamlessly complete the OAuth flow
+  * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
+  */
   detectAuthCallback() {
     if (typeof window === "undefined") return;
     try {
@@ -673,6 +593,7 @@ var Auth = class {
       const email = params.get("email");
       const name = params.get("name");
       if (accessToken && userId && email) {
+        this._detectStorageAfterAuth();
         const session = {
           accessToken,
           user: {
@@ -697,9 +618,9 @@ var Auth = class {
           url.searchParams.delete("error");
         }
         window.history.replaceState({}, document.title, url.toString());
-        this._emitAuthStateChange("SIGNED_IN", session);
       }
-    } catch {
+    } catch (error) {
+      console.debug("OAuth callback detection skipped:", error);
     }
   }
   /**
@@ -717,7 +638,7 @@ var Auth = class {
           this.tokenManager.saveSession(session);
         }
         this.http.setAuthToken(response.accessToken);
-        this._emitAuthStateChange("SIGNED_IN", session);
+        this._detectStorageAfterAuth();
       }
       return {
         data: response,
@@ -758,7 +679,7 @@ var Auth = class {
         this.tokenManager.saveSession(session);
       }
       this.http.setAuthToken(response.accessToken || "");
-      this._emitAuthStateChange("SIGNED_IN", session);
+      this._detectStorageAfterAuth();
       return {
         data: response,
         error: null
@@ -825,7 +746,6 @@ var Auth = class {
       }
       this.tokenManager.clearSession();
       this.http.setAuthToken(null);
-      this._emitAuthStateChange("SIGNED_OUT", null);
       return { error: null };
     } catch (error) {
       return {
@@ -854,8 +774,6 @@ var Auth = class {
         if (response.user) {
           this.tokenManager.setUser(response.user);
         }
-        const session = this.tokenManager.getSession();
-        this._emitAuthStateChange("TOKEN_REFRESHED", session);
         return response.accessToken;
       }
       throw new InsForgeError(
@@ -871,15 +789,9 @@ var Auth = class {
         }
         throw error;
       }
-      const errorMessage = error instanceof Error ? error.message : "Token refresh failed";
-      const isAuthError = this.isAuthenticationError(error);
-      if (isAuthError) {
-        this.tokenManager.clearSession();
-        this.http.setAuthToken(null);
-      }
       throw new InsForgeError(
-        errorMessage,
-        isAuthError ? 401 : 500,
+        "Token refresh failed",
+        500,
         "REFRESH_FAILED"
       );
     }
@@ -924,14 +836,27 @@ var Auth = class {
   /**
    * Get the current user with full profile information
    * Returns both auth info (id, email, role) and profile data (dynamic fields from users table)
+   *
+   * In secure session mode (httpOnly cookie), this method will automatically attempt
+   * to refresh the session if no access token is available (e.g., after page reload).
    */
   async getCurrentUser() {
     try {
-      const session = this.tokenManager.getSession();
-      if (!session?.accessToken) {
+      let accessToken = this.tokenManager.getAccessToken();
+      if (!accessToken && this.tokenManager.shouldAttemptRefresh()) {
+        try {
+          accessToken = await this.refreshToken();
+        } catch (error) {
+          if (error instanceof InsForgeError && (error.statusCode === 401 || error.statusCode === 403)) {
+            return { data: null, error };
+          }
+          return { data: null, error: error instanceof InsForgeError ? error : new InsForgeError("Token refresh failed", 500, "REFRESH_FAILED") };
+        }
+      }
+      if (!accessToken) {
         return { data: null, error: null };
       }
-      this.http.setAuthToken(session.accessToken);
+      this.http.setAuthToken(accessToken);
       const authResponse = await this.http.get("/api/auth/sessions/current");
       const { data: profile, error: profileError } = await this.database.from("users").select("*").eq("id", authResponse.user.id).single();
       if (profileError && profileError.code !== "PGRST116") {
@@ -1201,7 +1126,6 @@ var Auth = class {
         };
         this.tokenManager.saveSession(session);
         this.http.setAuthToken(response.accessToken);
-        this._emitAuthStateChange("SIGNED_IN", session);
       }
       return {
         data: response,
@@ -1745,15 +1669,19 @@ var Functions = class {
 };
 // src/client.ts
+function hasAuthenticatedCookie() {
+  if (typeof document === "undefined") return false;
+  return document.cookie.split(";").some(
+    (c) => c.trim().startsWith(`${AUTH_FLAG_COOKIE}=`)
+  );
+}
 var InsForgeClient = class {
   constructor(config = {}) {
-    this.backendConfig = null;
-    this.initializePromise = new Promise((resolve) => {
-      this.initializeResolve = resolve;
-    });
     this.http = new HttpClient(config);
     this.tokenManager = new TokenManager(config.storage);
-    this.auth = new Auth(this.http, this.tokenManager, this.initializePromise);
+    if (hasAuthenticatedCookie()) {
+      this.tokenManager.setStrategy(new SecureSessionStorage());
+    }
     if (config.edgeFunctionToken) {
       this.http.setAuthToken(config.edgeFunctionToken);
       this.tokenManager.saveSession({
@@ -1766,82 +1694,55 @@ var InsForgeClient = class {
       try {
         return await this.auth.refreshToken();
       } catch {
+        if (this.tokenManager.getStrategyId() === "secure") {
+          this.auth._switchToLocalStorage();
+        }
         return null;
       }
     });
     const existingSession = this.tokenManager.getSession();
     if (existingSession?.accessToken) {
       this.http.setAuthToken(existingSession.accessToken);
+    } else if (this.tokenManager.getStrategyId() === "secure") {
     }
+    this.auth = new Auth(this.http, this.tokenManager);
     this.database = new Database(this.http, this.tokenManager);
     this.storage = new Storage(this.http);
     this.ai = new AI(this.http);
     this.functions = new Functions(this.http);
-    this._initializeAsync();
-  }
-  /**
-   * Internal async initialization - discovers backend config and recovers session.
-   * Emits INITIAL_SESSION event when complete.
-   * @internal
-   */
-  async _initializeAsync() {
-    try {
-      this.backendConfig = await discoverBackendConfig(
-        this.http.baseUrl,
-        this.http.fetch
-      );
-      const strategy = createSessionStorage(this.backendConfig);
-      this.tokenManager.setStrategy(strategy);
-      this.auth.detectAuthCallback();
-      let currentSession = this.tokenManager.getSession();
-      if (!currentSession?.accessToken && this.backendConfig.refreshTokens) {
-        if (this.tokenManager.shouldAttemptRefresh()) {
-          try {
-            await this.auth.refreshToken();
-            currentSession = this.tokenManager.getSession();
-          } catch {
-            this.tokenManager.clearSession();
-            this.http.setAuthToken(null);
-          }
-        }
-      }
-      this.initializeResolve();
-    } catch {
-      this.auth.detectAuthCallback();
-      this.initializeResolve();
-    }
-  }
-  /**
-   * Wait for client initialization to complete
-   * @returns Promise that resolves when initialization is done
-   */
-  async waitForInitialization() {
-    return this.initializePromise;
   }
   /**
    * Get the underlying HTTP client for custom requests
+   *
+   * @example
+   * ```typescript
+   * const httpClient = client.getHttpClient();
+   * const customData = await httpClient.get('/api/custom-endpoint');
+   * ```
    */
   getHttpClient() {
     return this.http;
   }
-  /**
-   * Get the discovered backend configuration
-   */
-  getBackendConfig() {
-    return this.backendConfig;
-  }
   /**
    * Get the current storage strategy identifier
    */
   getStorageStrategy() {
     return this.tokenManager.getStrategyId();
   }
+  /**
+   * Future modules will be added here:
+   * - database: Database operations
+   * - storage: File storage operations
+   * - functions: Serverless functions
+   * - tables: Table management
+   * - metadata: Backend metadata
+   */
 };
-function createClient(config = {}) {
-  return new InsForgeClient(config);
-}
 // src/index.ts
+function createClient(config) {
+  return new InsForgeClient(config);
+}
 var index_default = InsForgeClient;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
@@ -1857,9 +1758,6 @@ var index_default = InsForgeClient;
   Storage,
   StorageBucket,
   TokenManager,
-  createClient,
-  createSessionStorage,
-  discoverBackendConfig,
-  getDefaultBackendConfig
+  createClient
 });
 //# sourceMappingURL=index.js.map