@insforge/sdk 1.0.1-refresh.7 → 1.0.1-refresh.8

package/dist/index.d.mts

@@ -74,33 +74,15 @@ declare class InsForgeError extends Error {
 interface RequestOptions extends RequestInit {
     params?: Record<string, string>;
 }
-/**
- * Callback type for token refresh
- * Returns new access token or null if refresh failed
- */
-type RefreshCallback = () => Promise<string | null>;
 declare class HttpClient {
     readonly baseUrl: string;
     readonly fetch: typeof fetch;
     private defaultHeaders;
     private anonKey;
     private userToken;
-    private refreshCallback?;
-    private isRefreshing;
-    private refreshQueue;
     constructor(config: InsForgeConfig);
-    /**
-     * Set the refresh callback for automatic token refresh on 401
-     */
-    setRefreshCallback(callback: RefreshCallback): void;
     private buildUrl;
     request<T>(method: string, path: string, options?: RequestOptions): Promise<T>;
-    private performRequest;
-    /**
-     * Handle token refresh with queue to prevent duplicate refreshes
-     * Multiple concurrent 401s will wait for a single refresh to complete
-     */
-    private handleTokenRefresh;
     get<T>(path: string, options?: RequestOptions): Promise<T>;
     post<T>(path: string, body?: any, options?: RequestOptions): Promise<T>;
     put<T>(path: string, body?: any, options?: RequestOptions): Promise<T>;
@@ -111,118 +93,38 @@ declare class HttpClient {
 }
 
 /**
- * Session Storage Strategies for InsForge SDK
+ * Token Manager for InsForge SDK
  *
- * Implements the Strategy Pattern for token storage:
- * - SecureSessionStorage: In-memory tokens + httpOnly cookie refresh (XSS-resistant)
- * - LocalSessionStorage: localStorage-based storage (legacy/fallback)
+ * Simple token storage that supports two modes:
+ * - Memory mode (new backend): tokens stored in memory only, more secure
+ * - Storage mode (legacy backend): tokens persisted in localStorage
  */
 
-/**
- * Strategy interface for session storage
- * All storage implementations must conform to this interface
- */
-interface SessionStorageStrategy {
-    /** Save complete session (token + user) */
-    saveSession(session: AuthSession): void;
-    /** Get current session */
-    getSession(): AuthSession | null;
-    /** Get access token only */
-    getAccessToken(): string | null;
-    /** Update access token (e.g., after refresh) */
-    setAccessToken(token: string): void;
-    /** Get user data */
-    getUser(): UserSchema | null;
-    /** Update user data */
-    setUser(user: UserSchema): void;
-    /** Clear all session data */
-    clearSession(): void;
-    /** Check if token refresh should be attempted (e.g., on page reload) */
-    shouldAttemptRefresh(): boolean;
-    /** Get strategy identifier for debugging */
-    readonly strategyId: string;
-}
-/**
- * Secure Session Storage Strategy
- *
- * Stores access token in memory only (cleared on page refresh).
- * Refresh token is stored in httpOnly cookie by the backend (on backend domain).
- * The `isAuthenticated` cookie is set by the SDK on the frontend domain to signal
- * that a secure session exists and token refresh should be attempted on page reload.
- *
- * Security benefits:
- * - Access token not accessible to XSS attacks (in memory only)
- * - Refresh token completely inaccessible to JavaScript (httpOnly)
- */
-declare class SecureSessionStorage implements SessionStorageStrategy {
-    readonly strategyId = "secure";
+declare class TokenManager {
     private accessToken;
     private user;
-    saveSession(session: AuthSession): void;
-    getSession(): AuthSession | null;
-    getAccessToken(): string | null;
-    setAccessToken(token: string): void;
-    getUser(): UserSchema | null;
-    setUser(user: UserSchema): void;
-    clearSession(): void;
-    shouldAttemptRefresh(): boolean;
-    private hasAuthFlag;
-}
-/**
- * Local Session Storage Strategy
- *
- * Stores tokens in localStorage for persistence across page reloads.
- * Used for legacy backends or environments where httpOnly cookies aren't available.
- *
- * Note: This approach exposes tokens to XSS attacks. Use SecureSessionStorage
- * when possible.
- */
-declare class LocalSessionStorage implements SessionStorageStrategy {
-    readonly strategyId = "local";
     private storage;
+    private _mode;
     constructor(storage?: TokenStorage);
-    saveSession(session: AuthSession): void;
-    getSession(): AuthSession | null;
-    getAccessToken(): string | null;
-    setAccessToken(token: string): void;
-    getUser(): UserSchema | null;
-    setUser(user: UserSchema): void;
-    clearSession(): void;
-    shouldAttemptRefresh(): boolean;
-}
-
-/**
- * Token Manager for InsForge SDK
- *
- * A thin wrapper that delegates to the underlying SessionStorageStrategy.
- * This class maintains backward compatibility while using the Strategy Pattern internally.
- */
-
-/**
- * TokenManager - Manages session storage using the Strategy Pattern
- *
- * The actual storage implementation is delegated to a SessionStorageStrategy.
- * By default, uses LocalSessionStorage until a strategy is explicitly set
- * via setStrategy() during client initialization.
- */
-declare class TokenManager {
-    private strategy;
     /**
-     * Create a new TokenManager
-     * @param storage - Optional custom storage adapter (used for initial LocalSessionStorage)
+     * Get current mode
      */
-    constructor(storage?: TokenStorage);
+    get mode(): 'memory' | 'storage';
+    /**
+     * Set mode to memory (new backend with cookies + memory)
+     */
+    setMemoryMode(): void;
     /**
-     * Set the storage strategy
-     * Called after capability discovery to switch to the appropriate strategy
+     * Set mode to storage (legacy backend with localStorage)
+     * Also loads existing session from localStorage
      */
-    setStrategy(strategy: SessionStorageStrategy): void;
+    setStorageMode(): void;
     /**
-     * Get the current strategy identifier
+     * Load session from localStorage
      */
-    getStrategyId(): string;
+    private loadFromStorage;
     /**
-     * Save session data
+     * Save session (memory always, localStorage only in storage mode)
      */
     saveSession(session: AuthSession): void;
     /**
@@ -234,26 +136,25 @@ declare class TokenManager {
      */
     getAccessToken(): string | null;
     /**
-     * Update access token (e.g., after refresh)
+     * Set access token
      */
     setAccessToken(token: string): void;
     /**
-     * Get user data
+     * Get user
      */
     getUser(): UserSchema | null;
     /**
-     * Update user data
+     * Set user
      */
     setUser(user: UserSchema): void;
     /**
-     * Clear all session data
+     * Clear session (both memory and localStorage)
      */
     clearSession(): void;
     /**
-     * Check if token refresh should be attempted
-     * (e.g., on page reload in secure mode)
+     * Check if there's a session in localStorage (for legacy detection)
      */
-    shouldAttemptRefresh(): boolean;
+    hasStoredSession(): boolean;
 }
 
 /**
@@ -282,38 +183,29 @@ declare class Auth {
     private database;
     constructor(http: HttpClient, tokenManager: TokenManager);
     /**
-     * Set the isAuthenticated cookie flag on the frontend domain
-     * This is managed by SDK, not backend, to work in cross-origin scenarios
-     */
-    private setAuthenticatedCookie;
-    /**
-     * Clear the isAuthenticated cookie flag from the frontend domain
-     */
-    private clearAuthenticatedCookie;
-    /**
-     * Switch to SecureSessionStorage (cookie-based auth)
-     * Called when backend returns sessionMode: 'secure'
-     * @internal
-     */
-    _switchToSecureStorage(): void;
-    /**
-     * Switch to LocalSessionStorage (localStorage-based auth)
-     * Called when cookie-based auth fails (fallback)
-     * @internal
-     */
-    _switchToLocalStorage(): void;
+   * Restore session on app initialization
+   *
+   * @returns Object with isLoggedIn status
+   *
+   * @example
+   * ```typescript
+   * const client = new InsForgeClient({ baseUrl: '...' });
+   * const { isLoggedIn } = await client.auth.restoreSession();
+   *
+   * if (isLoggedIn) {
+   *   const { data } = await client.auth.getCurrentUser();
+   * }
+   * ```
+   */
+    restoreSession(): Promise<{
+        isLoggedIn: boolean;
+    }>;
     /**
-     * Detect storage strategy based on backend response
-     * @param sessionMode - The sessionMode returned by backend ('secure' or undefined)
-     * @internal
+     * Automatically detect and handle OAuth callback parameters in the URL
+     * This runs on initialization to seamlessly complete the OAuth flow
+     * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
      */
-    private _detectStorageFromResponse;
-    /**
-   * Automatically detect and handle OAuth callback parameters in the URL
-   * This runs on initialization to seamlessly complete the OAuth flow
-   * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
-   */
-    detectAuthCallback(): void;
+    private detectAuthCallback;
     /**
      * Sign up a new user
      */
@@ -344,18 +236,10 @@ declare class Auth {
     }>;
     /**
      * Sign out the current user
-     * In modern mode, also calls backend to clear the refresh token cookie
      */
     signOut(): Promise<{
         error: InsForgeError | null;
     }>;
-    /**
-     * Refresh the access token using the httpOnly refresh token cookie
-     * Only works when backend supports secure session storage (httpOnly cookies)
-     *
-     * @returns New access token or throws an error
-     */
-    refreshToken(): Promise<string>;
     /**
      * Get all public authentication configuration (OAuth + Email)
      * Returns both OAuth providers and email authentication settings in one request
@@ -379,9 +263,6 @@ declare class Auth {
     /**
      * Get the current user with full profile information
      * Returns both auth info (id, email, role) and profile data (dynamic fields from users table)
-     *
-     * In secure session mode (httpOnly cookie), this method will automatically attempt
-     * to refresh the session if no access token is available (e.g., after page reload).
      */
     getCurrentUser(): Promise<{
         data: {
@@ -832,10 +713,6 @@ declare class InsForgeClient {
      * ```
      */
     getHttpClient(): HttpClient;
-    /**
-     * Get the current storage strategy identifier
-     */
-    getStorageStrategy(): string;
 }
 
 /**
@@ -846,4 +723,4 @@ declare class InsForgeClient {
 
 declare function createClient(config: InsForgeConfig): InsForgeClient;
 
-export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, Database, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, LocalSessionStorage, type ProfileData, SecureSessionStorage, type SessionStorageStrategy, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, type UpdateProfileData, createClient, InsForgeClient as default };
+export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, Database, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, type ProfileData, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, type UpdateProfileData, createClient, InsForgeClient as default };

package/dist/index.d.ts

@@ -74,33 +74,15 @@ declare class InsForgeError extends Error {
 interface RequestOptions extends RequestInit {
     params?: Record<string, string>;
 }
-/**
- * Callback type for token refresh
- * Returns new access token or null if refresh failed
- */
-type RefreshCallback = () => Promise<string | null>;
 declare class HttpClient {
     readonly baseUrl: string;
     readonly fetch: typeof fetch;
     private defaultHeaders;
     private anonKey;
     private userToken;
-    private refreshCallback?;
-    private isRefreshing;
-    private refreshQueue;
     constructor(config: InsForgeConfig);
-    /**
-     * Set the refresh callback for automatic token refresh on 401
-     */
-    setRefreshCallback(callback: RefreshCallback): void;
     private buildUrl;
     request<T>(method: string, path: string, options?: RequestOptions): Promise<T>;
-    private performRequest;
-    /**
-     * Handle token refresh with queue to prevent duplicate refreshes
-     * Multiple concurrent 401s will wait for a single refresh to complete
-     */
-    private handleTokenRefresh;
     get<T>(path: string, options?: RequestOptions): Promise<T>;
     post<T>(path: string, body?: any, options?: RequestOptions): Promise<T>;
     put<T>(path: string, body?: any, options?: RequestOptions): Promise<T>;
@@ -111,118 +93,38 @@ declare class HttpClient {
 }
 
 /**
- * Session Storage Strategies for InsForge SDK
+ * Token Manager for InsForge SDK
  *
- * Implements the Strategy Pattern for token storage:
- * - SecureSessionStorage: In-memory tokens + httpOnly cookie refresh (XSS-resistant)
- * - LocalSessionStorage: localStorage-based storage (legacy/fallback)
+ * Simple token storage that supports two modes:
+ * - Memory mode (new backend): tokens stored in memory only, more secure
+ * - Storage mode (legacy backend): tokens persisted in localStorage
  */
 
-/**
- * Strategy interface for session storage
- * All storage implementations must conform to this interface
- */
-interface SessionStorageStrategy {
-    /** Save complete session (token + user) */
-    saveSession(session: AuthSession): void;
-    /** Get current session */
-    getSession(): AuthSession | null;
-    /** Get access token only */
-    getAccessToken(): string | null;
-    /** Update access token (e.g., after refresh) */
-    setAccessToken(token: string): void;
-    /** Get user data */
-    getUser(): UserSchema | null;
-    /** Update user data */
-    setUser(user: UserSchema): void;
-    /** Clear all session data */
-    clearSession(): void;
-    /** Check if token refresh should be attempted (e.g., on page reload) */
-    shouldAttemptRefresh(): boolean;
-    /** Get strategy identifier for debugging */
-    readonly strategyId: string;
-}
-/**
- * Secure Session Storage Strategy
- *
- * Stores access token in memory only (cleared on page refresh).
- * Refresh token is stored in httpOnly cookie by the backend (on backend domain).
- * The `isAuthenticated` cookie is set by the SDK on the frontend domain to signal
- * that a secure session exists and token refresh should be attempted on page reload.
- *
- * Security benefits:
- * - Access token not accessible to XSS attacks (in memory only)
- * - Refresh token completely inaccessible to JavaScript (httpOnly)
- */
-declare class SecureSessionStorage implements SessionStorageStrategy {
-    readonly strategyId = "secure";
+declare class TokenManager {
     private accessToken;
     private user;
-    saveSession(session: AuthSession): void;
-    getSession(): AuthSession | null;
-    getAccessToken(): string | null;
-    setAccessToken(token: string): void;
-    getUser(): UserSchema | null;
-    setUser(user: UserSchema): void;
-    clearSession(): void;
-    shouldAttemptRefresh(): boolean;
-    private hasAuthFlag;
-}
-/**
- * Local Session Storage Strategy
- *
- * Stores tokens in localStorage for persistence across page reloads.
- * Used for legacy backends or environments where httpOnly cookies aren't available.
- *
- * Note: This approach exposes tokens to XSS attacks. Use SecureSessionStorage
- * when possible.
- */
-declare class LocalSessionStorage implements SessionStorageStrategy {
-    readonly strategyId = "local";
     private storage;
+    private _mode;
     constructor(storage?: TokenStorage);
-    saveSession(session: AuthSession): void;
-    getSession(): AuthSession | null;
-    getAccessToken(): string | null;
-    setAccessToken(token: string): void;
-    getUser(): UserSchema | null;
-    setUser(user: UserSchema): void;
-    clearSession(): void;
-    shouldAttemptRefresh(): boolean;
-}
-
-/**
- * Token Manager for InsForge SDK
- *
- * A thin wrapper that delegates to the underlying SessionStorageStrategy.
- * This class maintains backward compatibility while using the Strategy Pattern internally.
- */
-
-/**
- * TokenManager - Manages session storage using the Strategy Pattern
- *
- * The actual storage implementation is delegated to a SessionStorageStrategy.
- * By default, uses LocalSessionStorage until a strategy is explicitly set
- * via setStrategy() during client initialization.
- */
-declare class TokenManager {
-    private strategy;
     /**
-     * Create a new TokenManager
-     * @param storage - Optional custom storage adapter (used for initial LocalSessionStorage)
+     * Get current mode
      */
-    constructor(storage?: TokenStorage);
+    get mode(): 'memory' | 'storage';
+    /**
+     * Set mode to memory (new backend with cookies + memory)
+     */
+    setMemoryMode(): void;
     /**
-     * Set the storage strategy
-     * Called after capability discovery to switch to the appropriate strategy
+     * Set mode to storage (legacy backend with localStorage)
+     * Also loads existing session from localStorage
      */
-    setStrategy(strategy: SessionStorageStrategy): void;
+    setStorageMode(): void;
     /**
-     * Get the current strategy identifier
+     * Load session from localStorage
      */
-    getStrategyId(): string;
+    private loadFromStorage;
     /**
-     * Save session data
+     * Save session (memory always, localStorage only in storage mode)
      */
     saveSession(session: AuthSession): void;
     /**
@@ -234,26 +136,25 @@ declare class TokenManager {
      */
     getAccessToken(): string | null;
     /**
-     * Update access token (e.g., after refresh)
+     * Set access token
      */
     setAccessToken(token: string): void;
     /**
-     * Get user data
+     * Get user
      */
     getUser(): UserSchema | null;
     /**
-     * Update user data
+     * Set user
      */
     setUser(user: UserSchema): void;
     /**
-     * Clear all session data
+     * Clear session (both memory and localStorage)
      */
     clearSession(): void;
     /**
-     * Check if token refresh should be attempted
-     * (e.g., on page reload in secure mode)
+     * Check if there's a session in localStorage (for legacy detection)
      */
-    shouldAttemptRefresh(): boolean;
+    hasStoredSession(): boolean;
 }
 
 /**
@@ -282,38 +183,29 @@ declare class Auth {
     private database;
     constructor(http: HttpClient, tokenManager: TokenManager);
     /**
-     * Set the isAuthenticated cookie flag on the frontend domain
-     * This is managed by SDK, not backend, to work in cross-origin scenarios
-     */
-    private setAuthenticatedCookie;
-    /**
-     * Clear the isAuthenticated cookie flag from the frontend domain
-     */
-    private clearAuthenticatedCookie;
-    /**
-     * Switch to SecureSessionStorage (cookie-based auth)
-     * Called when backend returns sessionMode: 'secure'
-     * @internal
-     */
-    _switchToSecureStorage(): void;
-    /**
-     * Switch to LocalSessionStorage (localStorage-based auth)
-     * Called when cookie-based auth fails (fallback)
-     * @internal
-     */
-    _switchToLocalStorage(): void;
+   * Restore session on app initialization
+   *
+   * @returns Object with isLoggedIn status
+   *
+   * @example
+   * ```typescript
+   * const client = new InsForgeClient({ baseUrl: '...' });
+   * const { isLoggedIn } = await client.auth.restoreSession();
+   *
+   * if (isLoggedIn) {
+   *   const { data } = await client.auth.getCurrentUser();
+   * }
+   * ```
+   */
+    restoreSession(): Promise<{
+        isLoggedIn: boolean;
+    }>;
     /**
-     * Detect storage strategy based on backend response
-     * @param sessionMode - The sessionMode returned by backend ('secure' or undefined)
-     * @internal
+     * Automatically detect and handle OAuth callback parameters in the URL
+     * This runs on initialization to seamlessly complete the OAuth flow
+     * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
      */
-    private _detectStorageFromResponse;
-    /**
-   * Automatically detect and handle OAuth callback parameters in the URL
-   * This runs on initialization to seamlessly complete the OAuth flow
-   * Matches the backend's OAuth callback response (backend/src/api/routes/auth.ts:540-544)
-   */
-    detectAuthCallback(): void;
+    private detectAuthCallback;
     /**
      * Sign up a new user
      */
@@ -344,18 +236,10 @@ declare class Auth {
     }>;
     /**
      * Sign out the current user
-     * In modern mode, also calls backend to clear the refresh token cookie
      */
     signOut(): Promise<{
         error: InsForgeError | null;
     }>;
-    /**
-     * Refresh the access token using the httpOnly refresh token cookie
-     * Only works when backend supports secure session storage (httpOnly cookies)
-     *
-     * @returns New access token or throws an error
-     */
-    refreshToken(): Promise<string>;
     /**
      * Get all public authentication configuration (OAuth + Email)
      * Returns both OAuth providers and email authentication settings in one request
@@ -379,9 +263,6 @@ declare class Auth {
     /**
      * Get the current user with full profile information
      * Returns both auth info (id, email, role) and profile data (dynamic fields from users table)
-     *
-     * In secure session mode (httpOnly cookie), this method will automatically attempt
-     * to refresh the session if no access token is available (e.g., after page reload).
      */
     getCurrentUser(): Promise<{
         data: {
@@ -832,10 +713,6 @@ declare class InsForgeClient {
      * ```
      */
     getHttpClient(): HttpClient;
-    /**
-     * Get the current storage strategy identifier
-     */
-    getStorageStrategy(): string;
 }
 
 /**
@@ -846,4 +723,4 @@ declare class InsForgeClient {
 
 declare function createClient(config: InsForgeConfig): InsForgeClient;
 
-export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, Database, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, LocalSessionStorage, type ProfileData, SecureSessionStorage, type SessionStorageStrategy, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, type UpdateProfileData, createClient, InsForgeClient as default };
+export { AI, type ApiError, Auth, type AuthSession, type InsForgeConfig as ClientOptions, Database, type FunctionInvokeOptions, Functions, HttpClient, InsForgeClient, type InsForgeConfig, InsForgeError, type ProfileData, Storage, StorageBucket, type StorageResponse, TokenManager, type TokenStorage, type UpdateProfileData, createClient, InsForgeClient as default };