@kawaiininja/fetch 1.0.17 → 1.0.18

package/dist/hooks/useFetch.d.ts

@@ -1,14 +1,7 @@
-import { BaseFetchOptions } from "./types";
 import { ApiSurface } from "./utils";
-/**
- * 🔥 SECURITY UPGRADE: Clear Vault
- * Call this on logout to ensure tokens are purged from memory.
- */
-export declare const clearNativeAuthVault: (debug?: boolean) => void;
+export { clearNativeAuthVault } from "./useFetch.vault";
 /**
  * useFetch Hook
- *
- * A comprehensive hook for data fetching with automatic CSRF handling,
- * request cancellation, and a rich API surface.
+ * 🛡️ STABILITY UPGRADE: Internal Recursion Guard + Optimized Lifecycle
  */
-export declare const useFetch: <T = any>(endpoint: string, baseOptions?: BaseFetchOptions) => ApiSurface<T>;
+export declare const useFetch: <T = any>(endpoint: string, baseOptions?: any) => ApiSurface<T>;

package/dist/hooks/useFetch.executor.d.ts

@@ -0,0 +1,6 @@
+/**
+ * 🛡️ CORE FETCH EXECUTOR
+ * Handles the actual network request with retries and timeout.
+ */
+export declare const performFetch: (url: string, method: string, token: string, body?: BodyInit, headers?: HeadersInit, rest?: RequestInit, debug?: boolean, abortSignal?: AbortSignal, apiUrl?: (path: string) => string) => Promise<Response>;
+export declare const parseResponse: (res: Response, parseAs: string) => Promise<any>;

package/dist/hooks/useFetch.executor.js

@@ -0,0 +1,84 @@
+import { INTERNAL_HEADER } from "../context/ApiContext";
+import { isNative } from "./platform";
+import { initializeVault, nativeAuthVault } from "./useFetch.vault";
+/**
+ * 🛡️ CORE FETCH EXECUTOR
+ * Handles the actual network request with retries and timeout.
+ */
+export const performFetch = async (url, method, token, body, headers, rest, debug, abortSignal, apiUrl) => {
+    const _isNative = isNative();
+    const isInternal = url.startsWith("/") || (apiUrl && url.startsWith(apiUrl(""))) || false;
+    const headersConfig = {
+        ...(headers || {}),
+        ...INTERNAL_HEADER,
+    };
+    // 🔒 NATIVE SECURITY
+    if (_isNative && isInternal) {
+        await initializeVault(debug);
+        const authToken = nativeAuthVault.token;
+        const sessionId = nativeAuthVault.sessionId;
+        if (authToken)
+            headersConfig["Authorization"] = `Bearer ${authToken}`;
+        if (sessionId)
+            headersConfig["X-Session-ID"] = sessionId;
+    }
+    // 🔒 WEB SECURITY
+    if (!_isNative && isInternal && token) {
+        headersConfig["X-CSRF-Token"] = token;
+    }
+    return executeWithRetry(url, method, headersConfig, body, rest, debug, abortSignal);
+};
+/**
+ * Executes a fetch request with 3 retry attempts.
+ */
+async function executeWithRetry(url, method, headers, body, rest, debug, abortSignal) {
+    let attempt = 0;
+    const maxAttempts = 3;
+    let lastError = null;
+    while (attempt < maxAttempts) {
+        attempt++;
+        const TIMEOUT_MS = 15000;
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
+        // Link to external abort signal if provided
+        const onAbort = () => controller.abort();
+        if (abortSignal)
+            abortSignal.addEventListener("abort", onAbort);
+        try {
+            const response = await Promise.race([
+                fetch(url, { ...rest, method, signal: controller.signal, credentials: "include", headers, body }),
+                new Promise((_, reject) => setTimeout(() => reject(new Error(`Timeout of ${TIMEOUT_MS}ms exceeded`)), TIMEOUT_MS)),
+            ]);
+            clearTimeout(timeoutId);
+            if (abortSignal)
+                abortSignal.removeEventListener("abort", onAbort);
+            return response;
+        }
+        catch (error) {
+            clearTimeout(timeoutId);
+            if (abortSignal)
+                abortSignal.removeEventListener("abort", onAbort);
+            lastError = error;
+            if (error.name === "AbortError" || abortSignal?.aborted)
+                throw error;
+            if (debug)
+                console.warn(`[useFetch] Attempt ${attempt} failed: ${error.message}.`);
+            if (attempt < maxAttempts)
+                await new Promise((r) => setTimeout(r, 1000));
+        }
+    }
+    throw lastError || new Error("Request failed after 3 attempts");
+}
+export const parseResponse = async (res, parseAs) => {
+    const type = res.headers.get("content-type") || "";
+    if (parseAs === "json" || (parseAs === "auto" && type.includes("application/json"))) {
+        return res.json();
+    }
+    else if (parseAs === "text") {
+        return res.text();
+    }
+    else if (parseAs === "blob") {
+        return res.blob();
+    }
+    return res.text();
+};

package/dist/hooks/useFetch.js

@@ -1,295 +1,89 @@
-import { SecureStoragePlugin } from "capacitor-secure-storage-plugin";
 import { useCallback, useEffect, useMemo, useRef, useState } from "react";
-import { INTERNAL_HEADER } from "../context/ApiContext";
-import { isNative } from "./platform";
 import { useApiConfig } from "./useApiConfig";
 import { useCsrf } from "./useCsrf";
+import { parseResponse, performFetch } from "./useFetch.executor";
 import { createApiMethods } from "./utils";
-/**
- * 🛡️ SESSION MEMORY VAULT
- * Caches native tokens in memory for the lifetime of the JS process.
- * This avoids expensive SecureStorage calls on every request.
- */
-const nativeAuthVault = {
-    token: undefined,
-    sessionId: undefined,
-    loaded: false,
-    /**
-     * 🛡️ RECURSION GUARD: Initialization Promise
-     * Prevents multiple concurrent requests from triggering separate
-     * SecureStorage calls. All requests will await the same first check.
-     */
-    initPromise: null,
-};
-/**
- * 🔥 SECURITY UPGRADE: Clear Vault
- * Call this on logout to ensure tokens are purged from memory.
- */
-export const clearNativeAuthVault = (debug) => {
-    nativeAuthVault.loaded = false;
-    nativeAuthVault.token = undefined;
-    nativeAuthVault.sessionId = undefined;
-    if (debug)
-        console.log("[useFetch] [Native] Auth vault cleared.");
-};
+export { clearNativeAuthVault } from "./useFetch.vault";
 /**
  * useFetch Hook
- *
- * A comprehensive hook for data fetching with automatic CSRF handling,
- * request cancellation, and a rich API surface.
+ * 🛡️ STABILITY UPGRADE: Internal Recursion Guard + Optimized Lifecycle
  */
 export const useFetch = (endpoint, baseOptions = {}) => {
     const { apiUrl, onError, debug } = useApiConfig();
     const { fetchCSRF, clearCsrf } = useCsrf();
     const runsRef = useRef(0);
-    const resolvedUrl = endpoint.startsWith("http") ? endpoint : apiUrl(endpoint);
     const abortRef = useRef(new AbortController());
     const mounted = useRef(true);
-    const optionsRef = useRef(baseOptions);
+    const isRequestingRef = useRef(false);
     const [state, setState] = useState({
         data: null,
         loading: false,
         error: null,
         status: null,
     });
-    useEffect(() => {
-        optionsRef.current = baseOptions;
-    }, [baseOptions]);
     const safeSet = useCallback((fn) => {
-        if (mounted.current) {
+        if (mounted.current)
             setState((prev) => ({ ...prev, ...fn(prev) }));
-        }
     }, []);
-    const performFetch = async (url, method, token, body, headers, rest) => {
-        // 🌍 PLATFORM DETECTION
-        const _isNative = isNative();
-        // 🎯 TARGET CHECK (Prevent Credential Leakage)
-        // Only attach sensitive headers if sending to our own API
-        const isInternal = url.startsWith("/") ||
-            (apiUrl("") && url.startsWith(apiUrl(""))) ||
-            false;
-        const headersConfig = {
-            ...(optionsRef.current.headers || {}),
-            ...(headers || {}),
-            ...INTERNAL_HEADER,
-        };
-        // 🔒 SECURITY STRATEGY: NATIVE (MOBILE)
-        if (_isNative && isInternal) {
-            if (!nativeAuthVault.loaded) {
-                if (debug)
-                    console.log("[useFetch] [Native] Vault not loaded, initializing...");
-                if (!nativeAuthVault.initPromise) {
-                    nativeAuthVault.initPromise = (async () => {
-                        try {
-                            if (debug)
-                                console.log("[useFetch] [Native] Reading SecureStorage...");
-                            const { value: t } = await SecureStoragePlugin.get({
-                                key: "token",
-                            });
-                            const { value: s } = await SecureStoragePlugin.get({
-                                key: "session_id",
-                            });
-                            nativeAuthVault.token = t || undefined;
-                            nativeAuthVault.sessionId = s || undefined;
-                            if (!nativeAuthVault.token) {
-                                if (debug)
-                                    console.log("[useFetch] [Native] SecureStorage empty, trying localStorage fallback");
-                                nativeAuthVault.token =
-                                    localStorage.getItem("token") || undefined;
-                                nativeAuthVault.sessionId =
-                                    localStorage.getItem("session_id") || undefined;
-                            }
-                            nativeAuthVault.loaded = true;
-                            if (debug)
-                                console.log("[useFetch] [Native] Auth vault initialized.");
-                        }
-                        catch (err) {
-                            if (debug)
-                                console.warn("[useFetch] [Native] SecureStorage failed, falling back to localStorage:", err);
-                            nativeAuthVault.token =
-                                localStorage.getItem("token") || undefined;
-                            nativeAuthVault.sessionId =
-                                localStorage.getItem("session_id") || undefined;
-                            nativeAuthVault.loaded = true;
-                        }
-                        finally {
-                            nativeAuthVault.initPromise = null;
-                        }
-                    })();
-                }
-                await nativeAuthVault.initPromise;
-                if (debug)
-                    console.log("[useFetch] [Native] Vault ready.");
-            }
-            const authToken = nativeAuthVault.token;
-            const sessionId = nativeAuthVault.sessionId;
-            if (authToken)
-                headersConfig["Authorization"] = `Bearer ${authToken}`;
-            if (sessionId)
-                headersConfig["X-Session-ID"] = sessionId;
-        }
-        // 🔒 SECURITY STRATEGY: WEB (BROWSER)
-        if (!_isNative && isInternal) {
-            // Web relies on Cookies ("Passive Courier") for Auth
-            if (token) {
-                headersConfig["X-CSRF-Token"] = token;
-            }
-        }
-        // 🛡️ RETRY LOGIC (3 Attempts)
-        // We try 3 times. If all 3 fail, we throw.
-        let attempt = 0;
-        const maxAttempts = 3;
-        let lastError = null;
-        while (attempt < maxAttempts) {
-            attempt++;
-            const TIMEOUT_MS = 15000;
-            const controller = new AbortController();
-            const timeoutId = setTimeout(() => controller.abort(), TIMEOUT_MS);
-            // Link to component lifecycle
-            const onUnmount = () => controller.abort();
-            abortRef.current.signal.addEventListener("abort", onUnmount);
-            try {
-                const response = await Promise.race([
-                    fetch(url, {
-                        ...optionsRef.current,
-                        ...rest,
-                        method,
-                        signal: controller.signal,
-                        credentials: "include",
-                        headers: headersConfig,
-                        body,
-                    }),
-                    new Promise((_, reject) => setTimeout(() => reject(new Error(`Timeout of ${TIMEOUT_MS}ms exceeded`)), TIMEOUT_MS)),
-                ]);
-                clearTimeout(timeoutId);
-                abortRef.current.signal.removeEventListener("abort", onUnmount);
-                return response; // Success!
-            }
-            catch (error) {
-                clearTimeout(timeoutId);
-                abortRef.current.signal.removeEventListener("abort", onUnmount);
-                lastError = error;
-                // If aborted by user/unmount, DO NOT RETRY
-                if (error.name === "AbortError" || abortRef.current.signal.aborted) {
-                    throw error;
-                }
-                if (debug) {
-                    console.warn(`[useFetch] Attempt ${attempt} failed: ${error.message}. Retrying...`);
-                }
-                // Wait 1s before retry
-                if (attempt < maxAttempts) {
-                    await new Promise((r) => setTimeout(r, 1000));
-                }
-            }
-        }
-        throw lastError || new Error("Request failed after 3 attempts");
-    };
-    const parseResponse = async (res, parseAs) => {
-        const type = res.headers.get("content-type") || "";
-        if (parseAs === "json" ||
-            (parseAs === "auto" && type.includes("application/json"))) {
-            return res.json();
-        }
-        else if (parseAs === "text") {
-            return res.text();
-        }
-        else if (parseAs === "blob") {
-            return res.blob();
-        }
-        return res.text();
-    };
-    // 🛡️ RECURSION GUARD
-    const isRequestingRef = useRef(false);
-    // 🚀 STABLE REQUEST METHOD
     const request = useCallback(async (params = {}) => {
+        // 🛡️ RECURSION GUARD: Instant rejection of concurrent loops
         if (isRequestingRef.current) {
             if (debug)
-                console.warn("[useFetch] 🔥 RECURSION GUARD: Blocking concurrent request to prevent stack overflow.");
+                console.warn("[useFetch] 🔥 RECURSION GUARD: Blocking concurrent call.");
             return;
         }
         const { url = endpoint, method = "GET", body, headers, parseAs = "auto", ...rest } = params;
-        let finalUrl = url.startsWith("http") ? url : apiUrl(url);
-        const runs = ++runsRef.current;
-        if (debug) {
-            console.group(`[useFetch] Request #${runs}: ${method} ${finalUrl}`);
-            console.log(`[useFetch] Config:`, {
-                isNative: isNative(),
-                parseAs,
-                endpoint,
-            });
-            console.groupEnd();
-        }
-        else {
-            console.log(`[useFetch] Request initiated: ${method} ${finalUrl}`);
-        }
-        if (!finalUrl) {
-            console.error("[useFetch] Aborted: Empty URL");
+        const finalUrl = url.startsWith("http") ? url : apiUrl(url);
+        if (!finalUrl)
             return;
-        }
         isRequestingRef.current = true;
         safeSet(() => ({ loading: true, error: null }));
         let lastStatus = null;
         try {
-            let csrfToken = "";
-            csrfToken = await fetchCSRF();
-            let res = await performFetch(finalUrl, method, csrfToken, body, headers, rest);
+            let token = await fetchCSRF();
+            let res = await performFetch(finalUrl, method, token, body, headers, { ...baseOptions, ...rest }, debug, abortRef.current.signal, apiUrl);
             lastStatus = res.status;
-            // 🔄 Auto-retry on CSRF error (One-time only)
+            // Auto-retry on 403 CSRF Error
             if (res.status === 403) {
-                try {
-                    const errorBody = await res.clone().json();
-                    if (errorBody?.code === "CSRF_ERROR" ||
-                        errorBody?.message === "Invalid or missing CSRF token") {
-                        await clearCsrf();
-                        csrfToken = await fetchCSRF();
-                        res = await performFetch(finalUrl, method, csrfToken, body, headers, rest);
-                        lastStatus = res.status;
-                    }
-                }
-                catch (e) {
-                    /* ignore parse error */
+                const bodyClone = await res
+                    .clone()
+                    .json()
+                    .catch(() => ({}));
+                if (bodyClone?.code === "CSRF_ERROR" || bodyClone?.message?.includes("CSRF")) {
+                    await clearCsrf();
+                    token = await fetchCSRF();
+                    res = await performFetch(finalUrl, method, token, body, headers, { ...baseOptions, ...rest }, debug, abortRef.current.signal, apiUrl);
+                    lastStatus = res.status;
                 }
             }
             const parsed = await parseResponse(res, parseAs);
-            if (!res.ok) {
+            if (!res.ok)
                 throw new Error(parsed?.message || res.statusText);
-            }
             safeSet(() => ({ data: parsed, status: res.status }));
             return parsed;
         }
         catch (err) {
             if (err.name !== "AbortError") {
-                console.error("[useFetch] Request Failed:", err);
                 safeSet(() => ({ error: err.message, status: lastStatus }));
                 if (onError)
                     onError(err.message, lastStatus);
                 throw err;
             }
-            else {
-                // Silently ignore component unmount aborts
-                if (debug)
-                    console.log("[useFetch] Request aborted (component unmounted).");
-            }
         }
         finally {
             safeSet(() => ({ loading: false }));
             isRequestingRef.current = false;
         }
-    }, [endpoint, fetchCSRF, clearCsrf, apiUrl, safeSet, onError, debug]);
-    // 🧹 LIFECYCLE
+    }, [endpoint, fetchCSRF, clearCsrf, apiUrl, safeSet, onError, debug, baseOptions]);
     useEffect(() => {
         mounted.current = true;
-        if (debug) {
-            console.log(`[useFetch] [Init] Hook initialized for: ${endpoint}`);
-        }
         return () => {
             mounted.current = false;
             abortRef.current?.abort();
         };
-    }, [debug, endpoint]);
-    // 🏹 STABLE API SURFACE
+    }, []);
+    const resolvedUrl = useMemo(() => (endpoint.startsWith("http") ? endpoint : apiUrl(endpoint)), [endpoint, apiUrl]);
     const methods = useMemo(() => createApiMethods({ request, baseUrl: resolvedUrl, safeSet }), [request, resolvedUrl, safeSet]);
-    // 2. Merge state with methods
     return useMemo(() => ({
         state,
         isLoading: state.loading,

package/dist/hooks/useFetch.vault.d.ts

@@ -0,0 +1,25 @@
+/**
+ * 🛡️ SESSION MEMORY VAULT
+ * Caches native tokens in memory for the lifetime of the JS process.
+ * This avoids expensive SecureStorage calls on every request.
+ */
+export declare const nativeAuthVault: {
+    token: string | undefined;
+    sessionId: string | undefined;
+    loaded: boolean;
+    /**
+     * 🛡️ RECURSION GUARD: Initialization Promise
+     * Prevents multiple concurrent requests from triggering separate
+     * SecureStorage calls. All requests will await the same first check.
+     */
+    initPromise: Promise<void> | null;
+};
+/**
+ * 🔥 SECURITY UPGRADE: Clear Vault
+ * Call this on logout to ensure tokens are purged from memory.
+ */
+export declare const clearNativeAuthVault: (debug?: boolean) => void;
+/**
+ * Initialize the auth vault from SecureStorage or localStorage.
+ */
+export declare const initializeVault: (debug?: boolean) => Promise<void>;

package/dist/hooks/useFetch.vault.js

@@ -0,0 +1,67 @@
+import { SecureStoragePlugin } from "capacitor-secure-storage-plugin";
+/**
+ * 🛡️ SESSION MEMORY VAULT
+ * Caches native tokens in memory for the lifetime of the JS process.
+ * This avoids expensive SecureStorage calls on every request.
+ */
+export const nativeAuthVault = {
+    token: undefined,
+    sessionId: undefined,
+    loaded: false,
+    /**
+     * 🛡️ RECURSION GUARD: Initialization Promise
+     * Prevents multiple concurrent requests from triggering separate
+     * SecureStorage calls. All requests will await the same first check.
+     */
+    initPromise: null,
+};
+/**
+ * 🔥 SECURITY UPGRADE: Clear Vault
+ * Call this on logout to ensure tokens are purged from memory.
+ */
+export const clearNativeAuthVault = (debug) => {
+    nativeAuthVault.loaded = false;
+    nativeAuthVault.token = undefined;
+    nativeAuthVault.sessionId = undefined;
+    if (debug)
+        console.log("[useFetch] [Native] Auth vault cleared.");
+};
+/**
+ * Initialize the auth vault from SecureStorage or localStorage.
+ */
+export const initializeVault = async (debug) => {
+    if (nativeAuthVault.loaded)
+        return;
+    if (nativeAuthVault.initPromise)
+        return nativeAuthVault.initPromise;
+    nativeAuthVault.initPromise = (async () => {
+        try {
+            if (debug)
+                console.log("[useFetch] [Native] Reading SecureStorage...");
+            const { value: t } = await SecureStoragePlugin.get({ key: "token" });
+            const { value: s } = await SecureStoragePlugin.get({ key: "session_id" });
+            nativeAuthVault.token = t || undefined;
+            nativeAuthVault.sessionId = s || undefined;
+            if (!nativeAuthVault.token) {
+                if (debug)
+                    console.log("[useFetch] [Native] SecureStorage empty, trying localStorage fallback");
+                nativeAuthVault.token = localStorage.getItem("token") || undefined;
+                nativeAuthVault.sessionId = localStorage.getItem("session_id") || undefined;
+            }
+            nativeAuthVault.loaded = true;
+            if (debug)
+                console.log("[useFetch] [Native] Auth vault initialized.");
+        }
+        catch (err) {
+            if (debug)
+                console.warn("[useFetch] [Native] SecureStorage failed, falling back to localStorage:", err);
+            nativeAuthVault.token = localStorage.getItem("token") || undefined;
+            nativeAuthVault.sessionId = localStorage.getItem("session_id") || undefined;
+            nativeAuthVault.loaded = true;
+        }
+        finally {
+            nativeAuthVault.initPromise = null;
+        }
+    })();
+    return nativeAuthVault.initPromise;
+};

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@kawaiininja/fetch",
-    "version": "1.0.17",
+    "version": "1.0.18",
     "description": "Core fetch utility for Onyx Framework",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",