@insforge/sdk 1.1.6 → 1.2.0-dev.0

package/dist/index.mjs

@@ -136,8 +136,6 @@ var HttpClient = class {
 };
 
 // src/lib/token-manager.ts
-var TOKEN_KEY = "insforge-auth-token";
-var USER_KEY = "insforge-auth-user";
 var CSRF_TOKEN_COOKIE = "insforge_csrf_token";
 function getCsrfToken() {
   if (typeof document === "undefined") return null;
@@ -157,81 +155,20 @@ function clearCsrfToken() {
   document.cookie = `${CSRF_TOKEN_COOKIE}=; path=/; max-age=0; SameSite=Lax${secure}`;
 }
 var TokenManager = class {
-  constructor(storage) {
+  constructor() {
     // In-memory storage
     this.accessToken = null;
     this.user = null;
-    // Mode: 'memory' (new backend) or 'storage' (legacy backend, default)
-    this._mode = "storage";
     // Callback for token changes (used by realtime to reconnect with new token)
     this.onTokenChange = null;
-    if (storage) {
-      this.storage = storage;
-    } else if (typeof window !== "undefined" && window.localStorage) {
-      this.storage = window.localStorage;
-    } else {
-      const store = /* @__PURE__ */ new Map();
-      this.storage = {
-        getItem: (key) => store.get(key) || null,
-        setItem: (key, value) => {
-          store.set(key, value);
-        },
-        removeItem: (key) => {
-          store.delete(key);
-        }
-      };
-    }
-  }
-  /**
-   * Get current mode
-   */
-  get mode() {
-    return this._mode;
-  }
-  /**
-   * Set mode to memory (new backend with cookies + memory)
-   */
-  setMemoryMode() {
-    if (this._mode === "storage") {
-      this.storage.removeItem(TOKEN_KEY);
-      this.storage.removeItem(USER_KEY);
-    }
-    this._mode = "memory";
   }
   /**
-   * Set mode to storage (legacy backend with localStorage)
-   * Also loads existing session from localStorage
-   */
-  setStorageMode() {
-    this._mode = "storage";
-    this.loadFromStorage();
-  }
-  /**
-   * Load session from localStorage
-   */
-  loadFromStorage() {
-    const token = this.storage.getItem(TOKEN_KEY);
-    const userStr = this.storage.getItem(USER_KEY);
-    if (token && userStr) {
-      try {
-        this.accessToken = token;
-        this.user = JSON.parse(userStr);
-      } catch {
-        this.clearSession();
-      }
-    }
-  }
-  /**
-   * Save session (memory always, localStorage only in storage mode)
+   * Save session in memory
    */
   saveSession(session) {
     const tokenChanged = session.accessToken !== this.accessToken;
     this.accessToken = session.accessToken;
     this.user = session.user;
-    if (this._mode === "storage") {
-      this.storage.setItem(TOKEN_KEY, session.accessToken);
-      this.storage.setItem(USER_KEY, JSON.stringify(session.user));
-    }
     if (tokenChanged && this.onTokenChange) {
       this.onTokenChange();
     }
@@ -240,7 +177,6 @@ var TokenManager = class {
    * Get current session
    */
   getSession() {
-    this.loadFromStorage();
     if (!this.accessToken || !this.user) return null;
     return {
       accessToken: this.accessToken,
@@ -251,7 +187,6 @@ var TokenManager = class {
    * Get access token
    */
   getAccessToken() {
-    this.loadFromStorage();
     return this.accessToken;
   }
   /**
@@ -260,9 +195,6 @@ var TokenManager = class {
   setAccessToken(token) {
     const tokenChanged = token !== this.accessToken;
     this.accessToken = token;
-    if (this._mode === "storage") {
-      this.storage.setItem(TOKEN_KEY, token);
-    }
     if (tokenChanged && this.onTokenChange) {
       this.onTokenChange();
     }
@@ -278,30 +210,18 @@ var TokenManager = class {
    */
   setUser(user) {
     this.user = user;
-    if (this._mode === "storage") {
-      this.storage.setItem(USER_KEY, JSON.stringify(user));
-    }
   }
   /**
-   * Clear session (both memory and localStorage)
+   * Clear in-memory session
    */
   clearSession() {
     const hadToken = this.accessToken !== null;
     this.accessToken = null;
     this.user = null;
-    this.storage.removeItem(TOKEN_KEY);
-    this.storage.removeItem(USER_KEY);
     if (hadToken && this.onTokenChange) {
       this.onTokenChange();
     }
   }
-  /**
-   * Check if there's a session in localStorage (for legacy detection)
-   */
-  hasStoredSession() {
-    const token = this.storage.getItem(TOKEN_KEY);
-    return !!token;
-  }
 };
 
 // src/modules/auth/helpers.ts
@@ -336,19 +256,6 @@ function retrievePkceVerifier() {
   }
   return verifier;
 }
-function isHostedAuthEnvironment() {
-  if (typeof window === "undefined") {
-    return false;
-  }
-  const { hostname, port, protocol } = window.location;
-  if (hostname === "localhost" && port === "7130") {
-    return true;
-  }
-  if (protocol === "https:" && hostname.endsWith(".insforge.app")) {
-    return true;
-  }
-  return false;
-}
 function wrapError(error, fallbackMessage) {
   if (error instanceof InsForgeError) {
     return { data: null, error };
@@ -373,14 +280,18 @@ function cleanUrlParams(...params) {
 
 // src/modules/auth/auth.ts
 var Auth = class {
-  constructor(http, tokenManager) {
+  constructor(http, tokenManager, options = {}) {
     this.http = http;
     this.tokenManager = tokenManager;
+    this.options = options;
     this.authCallbackHandled = this.detectAuthCallback();
   }
+  isServerMode() {
+    return !!this.options.isServerMode;
+  }
   /**
    * Save session from API response
-   * Handles token storage, CSRF token, and HTTP client auth header
+   * Handles token storage, CSRF token, and HTTP auth header
    */
   saveSessionFromResponse(response) {
     if (!response.accessToken || !response.user) {
@@ -390,11 +301,12 @@ var Auth = class {
       accessToken: response.accessToken,
       user: response.user
     };
-    if (response.csrfToken) {
-      this.tokenManager.setMemoryMode();
+    if (!this.isServerMode() && response.csrfToken) {
       setCsrfToken(response.csrfToken);
     }
-    this.tokenManager.saveSession(session);
+    if (!this.isServerMode()) {
+      this.tokenManager.saveSession(session);
+    }
     this.http.setAuthToken(response.accessToken);
     return true;
   }
@@ -406,7 +318,7 @@ var Auth = class {
    * Supports PKCE flow (insforge_code) and legacy flow (access_token in URL)
    */
   async detectAuthCallback() {
-    if (typeof window === "undefined") return;
+    if (this.isServerMode() || typeof window === "undefined") return;
     try {
       const params = new URLSearchParams(window.location.search);
       const error = params.get("error");
@@ -431,7 +343,6 @@ var Auth = class {
         const csrfToken = params.get("csrf_token");
         const name = params.get("name");
         if (csrfToken) {
-          this.tokenManager.setMemoryMode();
           setCsrfToken(csrfToken);
         }
         const session = {
@@ -460,7 +371,7 @@ var Auth = class {
   async signUp(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/users",
+        this.isServerMode() ? "/api/auth/users?client_type=mobile" : "/api/auth/users",
         request,
         { credentials: "include" }
       );
@@ -475,7 +386,7 @@ var Auth = class {
   async signInWithPassword(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/sessions",
+        this.isServerMode() ? "/api/auth/sessions?client_type=mobile" : "/api/auth/sessions",
         request,
         { credentials: "include" }
       );
@@ -488,12 +399,18 @@ var Auth = class {
   async signOut() {
     try {
       try {
-        await this.http.post("/api/auth/logout", void 0, { credentials: "include" });
+        await this.http.post(
+          this.isServerMode() ? "/api/auth/logout?client_type=mobile" : "/api/auth/logout",
+          void 0,
+          { credentials: "include" }
+        );
       } catch {
       }
       this.tokenManager.clearSession();
       this.http.setAuthToken(null);
-      clearCsrfToken();
+      if (!this.isServerMode()) {
+        clearCsrfToken();
+      }
       return { error: null };
     } catch {
       return { error: new InsForgeError("Failed to sign out", 500, "SIGNOUT_ERROR") };
@@ -513,11 +430,8 @@ var Auth = class {
       storePkceVerifier(codeVerifier);
       const params = { code_challenge: codeChallenge };
       if (redirectTo) params.redirect_uri = redirectTo;
-      const response = await this.http.get(
-        `/api/auth/oauth/${provider}`,
-        { params }
-      );
-      if (typeof window !== "undefined" && !skipBrowserRedirect) {
+      const response = await this.http.get(`/api/auth/oauth/${provider}`, { params });
+      if (!this.isServerMode() && typeof window !== "undefined" && !skipBrowserRedirect) {
         window.location.href = response.authUrl;
         return { data: {}, error: null };
       }
@@ -557,11 +471,16 @@ var Auth = class {
         };
       }
       const request = { code, code_verifier: verifier };
-      const response = await this.http.post("/api/auth/oauth/exchange", request, { credentials: "include" });
+      const response = await this.http.post(
+        this.isServerMode() ? "/api/auth/oauth/exchange?client_type=mobile" : "/api/auth/oauth/exchange",
+        request,
+        { credentials: "include" }
+      );
       this.saveSessionFromResponse(response);
       return {
         data: {
           accessToken: response.accessToken,
+          refreshToken: response.refreshToken,
           user: response.user,
           redirectTo: response.redirectTo
         },
@@ -581,7 +500,11 @@ var Auth = class {
   async signInWithIdToken(credentials) {
     try {
       const { provider, token } = credentials;
-      const response = await this.http.post("/api/auth/id-token?client_type=mobile", { provider, token }, { credentials: "include" });
+      const response = await this.http.post(
+        "/api/auth/id-token?client_type=mobile",
+        { provider, token },
+        { credentials: "include" }
+      );
       this.saveSessionFromResponse(response);
       return {
         data: {
@@ -599,70 +522,19 @@ var Auth = class {
   // Session Management
   // ============================================================================
   /**
-   * Get current session, automatically waits for pending OAuth callback
-   * @deprecated Use `getCurrentUser` instead
+   * Get current user, automatically waits for pending OAuth callback
    */
-  async getCurrentSession() {
-    await this.authCallbackHandled;
-    try {
-      const session = this.tokenManager.getSession();
-      if (session) {
-        this.http.setAuthToken(session.accessToken);
-        return { data: { session }, error: null };
-      }
-      if (typeof window !== "undefined") {
-        try {
-          const csrfToken = getCsrfToken();
-          const response = await this.http.post("/api/auth/refresh", void 0, {
-            headers: csrfToken ? { "X-CSRF-Token": csrfToken } : {},
-            credentials: "include"
-          });
-          if (response.accessToken) {
-            this.tokenManager.setMemoryMode();
-            this.tokenManager.setAccessToken(response.accessToken);
-            this.http.setAuthToken(response.accessToken);
-            if (response.user) this.tokenManager.setUser(response.user);
-            if (response.csrfToken) setCsrfToken(response.csrfToken);
-            return { data: { session: this.tokenManager.getSession() }, error: null };
-          }
-        } catch (error) {
-          if (error instanceof InsForgeError) {
-            if (error.statusCode === 404) {
-              this.tokenManager.setStorageMode();
-              const session2 = this.tokenManager.getSession();
-              if (session2?.accessToken) {
-                +this.http.setAuthToken(session2.accessToken);
-              }
-              return { data: { session: session2 }, error: null };
-            }
-            return { data: { session: null }, error };
-          }
-        }
-      }
-      return { data: { session: null }, error: null };
-    } catch (error) {
-      if (error instanceof InsForgeError) {
-        return { data: { session: null }, error };
-      }
-      return {
-        data: { session: null },
-        error: new InsForgeError(
-          "An unexpected error occurred while getting session",
-          500,
-          "UNEXPECTED_ERROR"
-        )
-      };
-    }
-  }
-  /**
-  * Get current user, automatically waits for pending OAuth callback
-  */
   async getCurrentUser() {
     await this.authCallbackHandled;
-    if (isHostedAuthEnvironment()) {
-      return { data: { user: null }, error: null };
-    }
     try {
+      if (this.isServerMode()) {
+        const accessToken = this.tokenManager.getAccessToken();
+        if (!accessToken) return { data: { user: null }, error: null };
+        this.http.setAuthToken(accessToken);
+        const response = await this.http.get("/api/auth/sessions/current");
+        const user = response.user ?? null;
+        return { data: { user }, error: null };
+      }
       const session = this.tokenManager.getSession();
       if (session) {
         this.http.setAuthToken(session.accessToken);
@@ -676,23 +548,11 @@ var Auth = class {
             credentials: "include"
           });
           if (response.accessToken) {
-            this.tokenManager.setMemoryMode();
-            this.tokenManager.setAccessToken(response.accessToken);
-            this.http.setAuthToken(response.accessToken);
-            if (response.user) this.tokenManager.setUser(response.user);
-            if (response.csrfToken) setCsrfToken(response.csrfToken);
+            this.saveSessionFromResponse(response);
             return { data: { user: response.user ?? null }, error: null };
           }
         } catch (error) {
           if (error instanceof InsForgeError) {
-            if (error.statusCode === 404) {
-              this.tokenManager.setStorageMode();
-              const session2 = this.tokenManager.getSession();
-              if (session2?.accessToken) {
-                +this.http.setAuthToken(session2.accessToken);
-              }
-              return { data: { user: session2?.user ?? null }, error: null };
-            }
             return { data: { user: null }, error };
           }
         }
@@ -725,12 +585,11 @@ var Auth = class {
   }
   async setProfile(profile) {
     try {
-      const response = await this.http.patch(
-        "/api/auth/profiles/current",
-        { profile }
-      );
+      const response = await this.http.patch("/api/auth/profiles/current", {
+        profile
+      });
       const currentUser = this.tokenManager.getUser();
-      if (currentUser && response.profile !== void 0) {
+      if (!this.isServerMode() && currentUser && response.profile !== void 0) {
         this.tokenManager.setUser({ ...currentUser, profile: response.profile });
       }
       return { data: response, error: null };
@@ -759,7 +618,7 @@ var Auth = class {
   async verifyEmail(request) {
     try {
       const response = await this.http.post(
-        "/api/auth/email/verify",
+        this.isServerMode() ? "/api/auth/email/verify?client_type=mobile" : "/api/auth/email/verify",
         request,
         { credentials: "include" }
       );
@@ -1612,8 +1471,7 @@ var Realtime = class {
       return this.connectPromise;
     }
     this.connectPromise = new Promise((resolve, reject) => {
-      const session = this.tokenManager.getSession();
-      const token = session?.accessToken ?? this.anonKey;
+      const token = this.tokenManager.getAccessToken() ?? this.anonKey;
       this.socket = io(this.baseUrl, {
         transports: ["websocket"],
         auth: token ? { token } : void 0
@@ -1852,19 +1710,14 @@ var Emails = class {
 var InsForgeClient = class {
   constructor(config = {}) {
     this.http = new HttpClient(config);
-    this.tokenManager = new TokenManager(config.storage);
+    this.tokenManager = new TokenManager();
     if (config.edgeFunctionToken) {
       this.http.setAuthToken(config.edgeFunctionToken);
-      this.tokenManager.saveSession({
-        accessToken: config.edgeFunctionToken,
-        user: {}
-      });
-    }
-    const existingSession = this.tokenManager.getSession();
-    if (existingSession?.accessToken) {
-      this.http.setAuthToken(existingSession.accessToken);
+      this.tokenManager.setAccessToken(config.edgeFunctionToken);
     }
-    this.auth = new Auth(this.http, this.tokenManager);
+    this.auth = new Auth(this.http, this.tokenManager, {
+      isServerMode: config.isServerMode ?? false
+    });
     this.database = new Database(this.http, this.tokenManager);
     this.storage = new Storage(this.http);
     this.ai = new AI(this.http);