npm - @kawaiininja/fetch - Versions diffs - 1.0.3 → 1.0.4 - Mend

@kawaiininja/fetch 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/hooks/useCsrf.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
 export declare function useCsrf(): {
     fetchCSRF: () => Promise<string>;
-    clearCsrf: () => void;
+    clearCsrf: () => Promise<void>;
 };

package/dist/hooks/useCsrf.js CHANGED Viewed

@@ -1,27 +1,59 @@
+import { SecureStoragePlugin } from "capacitor-secure-storage-plugin";
 import { useCallback, useRef } from "react";
 import { INTERNAL_HEADER } from "../context/ApiContext";
 import { useApiConfig } from "./useApiConfig";
 export function useCsrf() {
     const { apiUrl } = useApiConfig();
     const csrfRef = useRef(null);
-    const clearCsrf = useCallback(() => {
+    const clearCsrf = useCallback(async () => {
+        console.log("[useCsrf] Clearing CSRF token...");
         csrfRef.current = null;
         if (typeof window !== "undefined") {
+            const platform = window.Capacitor?.getPlatform() || "web";
+            const isNative = platform === "ios" || platform === "android";
+            if (isNative) {
+                try {
+                    await SecureStoragePlugin.remove({ key: "csrf_token" });
+                    console.log("[useCsrf] Cleared from SecureStorage.");
+                }
+                catch (e) {
+                    console.warn("[useCsrf] Failed to clear from SecureStorage, trying localStorage:", e);
+                }
+            }
             localStorage.removeItem("csrf_token");
         }
     }, []);
     const fetchCSRF = useCallback(async () => {
         if (csrfRef.current)
             return csrfRef.current;
-        // Try to get from localStorage first (for Capacitor/mobile)
+        // Try to get from storage first (for Capacitor/mobile)
         if (typeof window !== "undefined") {
+            const platform = window.Capacitor?.getPlatform() || "web";
+            const isNative = platform === "ios" || platform === "android";
+            if (isNative) {
+                try {
+                    const { value } = await SecureStoragePlugin.get({
+                        key: "csrf_token",
+                    });
+                    if (value) {
+                        console.log("[useCsrf] Retrieved from SecureStorage.");
+                        csrfRef.current = value;
+                        return value;
+                    }
+                }
+                catch (e) {
+                    console.warn("[useCsrf] SecureStorage check failed:", e);
+                }
+            }
             const storedCsrf = localStorage.getItem("csrf_token");
             if (storedCsrf) {
+                console.log("[useCsrf] Retrieved from localStorage.");
                 csrfRef.current = storedCsrf;
                 return storedCsrf;
             }
         }
         // Construct CSRF URL using the context's baseUrl
+        console.log("[useCsrf] Fetching new CSRF token from server...");
         const csrfUrl = apiUrl("auth/csrf-token");
         const res = await fetch(csrfUrl, {
             method: "GET",
@@ -33,8 +65,19 @@ export function useCsrf() {
         if (!token)
             throw new Error("Missing CSRF token");
         csrfRef.current = token;
-        // Store in localStorage for Capacitor/mobile (cookies don't work cross-domain)
+        // Store in storage
         if (typeof window !== "undefined") {
+            const platform = window.Capacitor?.getPlatform() || "web";
+            const isNative = platform === "ios" || platform === "android";
+            if (isNative) {
+                try {
+                    await SecureStoragePlugin.set({ key: "csrf_token", value: token });
+                    console.log("[useCsrf] Stored in SecureStorage.");
+                }
+                catch (e) {
+                    console.warn("[useCsrf] SecureStorage set failed, falling back to localStorage:", e);
+                }
+            }
             localStorage.setItem("csrf_token", token);
         }
         return token;

package/dist/hooks/useFetch.js CHANGED Viewed

@@ -51,30 +51,42 @@ export const useFetch = (endpoint, baseOptions = {}) => {
         // 🔒 SECURITY STRATEGY: NATIVE (MOBILE)
         if (isNative && isInternal) {
             // Mobile relies on manual headers ("Active Courier")
-            // We DO NOT use CSRF tokens on mobile (Cookies generally don't work reliably here)
             // 🛡️ S-RANK UPGRADE: Use Secure Storage (Async) instead of LocalStorage
+            console.log(`[useFetch] [Native] Strategy: Active Courier for ${url}`);
+            let authToken = null;
+            let sessionId = null;
             try {
-                const { value: authToken } = await SecureStoragePlugin.get({
+                const { value: secureAuthToken } = await SecureStoragePlugin.get({
                     key: "token",
-                }).catch(() => ({ value: null }));
-                const { value: sessionId } = await SecureStoragePlugin.get({
+                });
+                const { value: secureSessionId } = await SecureStoragePlugin.get({
                     key: "session_id",
-                }).catch(() => ({ value: null }));
+                });
+                authToken = secureAuthToken;
+                sessionId = secureSessionId;
                 if (authToken)
-                    headersConfig["Authorization"] = `Bearer ${authToken}`;
-                if (sessionId)
-                    headersConfig["X-Session-ID"] = sessionId;
+                    console.log("[useFetch] [Native] Token retrieved from SecureStorage.");
             }
             catch (err) {
-                // Determine if we should log this - might be noisy if keys just don't exist yet
+                console.warn("[useFetch] [Native] SecureStorage failed or not present, trying localStorage:", err);
+                authToken = localStorage.getItem("token");
+                sessionId = localStorage.getItem("session_id");
+                if (authToken)
+                    console.log("[useFetch] [Native] Token retrieved from localStorage fallback.");
             }
+            if (authToken)
+                headersConfig["Authorization"] = `Bearer ${authToken}`;
+            if (sessionId)
+                headersConfig["X-Session-ID"] = sessionId;
         }
         // 🔒 SECURITY STRATEGY: WEB (BROWSER)
         if (!isNative && isInternal) {
             // Web relies on Cookies ("Passive Courier") for Auth
             // BUT we MUST attach the CSRF Token to prevent attacks
-            if (token)
+            if (token) {
                 headersConfig["X-CSRF-Token"] = token;
+                // console.log("[useFetch] [Web] CSRF token attached.");
+            }
             // On Web, we DO NOT attach 'Authorization' or 'Session-ID' from localStorage
             // This minimizes XSS risk. The HttpOnly cookie handles it.
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@kawaiininja/fetch",
-    "version": "1.0.3",
+    "version": "1.0.4",
     "description": "Core fetch utility for Onyx Framework",
     "main": "dist/index.js",
     "types": "dist/index.d.ts",