@mezo-org/passport 0.4.0-dev.1 → 0.4.0-dev.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mezo-org/passport",
-  "version": "0.4.0-dev.1",
+  "version": "0.4.0-dev.4",
   "main": "dist/src/index.js",
   "license": "GPL-3.0-only",
   "scripts": {
@@ -37,9 +37,11 @@
   },
   "dependencies": {
     "@mezo-org/orangekit": "1.0.0-beta.40-dev.0",
+    "@mezo-org/sign-in-with-wallet": "1.0.0-beta.8"
+  },
+  "peerDependencies": {
     "@rainbow-me/rainbowkit": "2.0.2",
     "@tanstack/react-query": "^5.28.4",
-    "@mezo-org/sign-in-with-wallet": "1.0.0-beta.8",
     "react": "^18.2.0",
     "viem": "2.22.8",
     "wagmi": "2.5.12"

package/src/api/auth.ts

@@ -10,7 +10,8 @@ type AccountPublicData = {
   evmAddress: string
 }
 
-type Account = {
+type AuthUser = {
+  id: string
   app_metadata: {
     provider: PassportIdentityProvider
     providers: PassportIdentityProvider[]
@@ -18,13 +19,36 @@ type Account = {
   user_metadata: AccountPublicData
 }
 
+type AuthProvider = "discord"
+
+export type LinkedAccount =
+  | {
+      type: "wallet"
+      btcAddress?: string
+      evmAddress: string
+    }
+  | {
+      type: AuthProvider
+      name: string
+      id: string
+      avatarUrl: string
+    }
+
+type Account = {
+  mezoId: string
+  hasModifiedMezoId: boolean
+  linkedAccounts: LinkedAccount[]
+  authUser: AuthUser
+}
+
 type Session = {
-  access_token: string
-  token_type: string
-  expires_in: number
-  expires_at: number
-  refresh_token: string
-  user: Account
+  expiresIn: number
+  expiresAt: number
+  sessionLinks: {
+    _links: {
+      account: "/session/account"
+    }
+  }
 }
 
 type AuthenticationProviderRedirectResponse = {
@@ -45,28 +69,38 @@ export type LinkAccountRequest = CreateSessionRequest
 
 export type CreateAccountRequest = WalletAccountCredentials
 
+export type GetSessionResponse = Session | { nonce: string }
+
+export type GetCurrentAccountResponse = Partial<Account> | null
+
+export type GetAccountByMezoIdOrAddressResponse = {
+  mezoId?: string
+  linkedAccounts?: LinkedAccount[]
+}
+
 export const API_ENDPOINTS_BY_ENV = {
   mainnet: "https://api.mezo.org",
   testnet: "https://api.test.mezo.org",
 }
 
-const DEFAULT_API_ENDPOINT = API_ENDPOINTS_BY_ENV.mainnet
-
 export class AuthApiClient {
   private apiUrl: string
 
   constructor(apiUrl?: string) {
-    this.apiUrl = apiUrl ?? DEFAULT_API_ENDPOINT
+    this.apiUrl = apiUrl ?? API_ENDPOINTS_BY_ENV.mainnet
   }
 
   /**
    * The request handler for the Passport API. It accepts an API endpoint and
    * request options.
    * @dev Generic type `D` is a type of returned object from the function
+   * @dev WARNING: This function hardcodes `credentials: "include"`, meaning
+   * cookies and authentication headers will be sent with every request. Ensure
+   * this is safe if you plan to use it in other contexts than auth api worker.
    * @param endpoint - The API endpoint to request. Should start with
    * forward slash ("/")
-   * @param {RequestHandlerOptions<B>} options - The request options, the
-   * `RequestInit` type with additional type-safe properties
+   * @param options - The request options, the `RequestInit` type with
+   * additional type-safe properties
    * @returns The promise of the API response
    */
   protected async handleRequest<D>(
@@ -91,42 +125,34 @@ export class AuthApiClient {
       .filter(([, value]) => value) // Remove falsy values
       .forEach(([key, value]) => url.searchParams.append(key, value!))
 
-    try {
-      const response = await fetch(url, {
-        method,
-        credentials: "include",
-        headers: {
-          "Content-Type": "application/json",
-          ...headers,
-        },
-        body: body ? JSON.stringify(body) : undefined,
-        ...restOptions,
-      })
-
-      const data = await response.json()
-
-      if (!response.ok || data?.error) {
-        const error = data?.error || "An error occurred"
-        throw new Error(error)
-      }
-
-      return data as D
-    } catch (error) {
-      const errorMessage =
-        error instanceof Error ? error.message : "An error occurred"
-
-      throw new Error(errorMessage)
+    const response = await fetch(url, {
+      method,
+      credentials: "include",
+      headers: {
+        "Content-Type": "application/json",
+        ...headers,
+      },
+      body: body ? JSON.stringify(body) : undefined,
+      ...restOptions,
+    })
+
+    const data = await response.json()
+
+    if (!response.ok || data?.error) {
+      const error =
+        data?.error ||
+        `An error occurred when handling API request: ${JSON.stringify(data)}`
+      throw new Error(`Error [${response.status}]: ${error}`)
     }
+
+    return data as D
   }
 
   async getSession(code?: string) {
-    const data = await this.handleRequest<Session | { nonce: string }>(
-      "/session",
-      {
-        method: "GET",
-        queryParams: { code },
-      },
-    )
+    const data = await this.handleRequest<GetSessionResponse>("/session", {
+      method: "GET",
+      queryParams: { code },
+    })
 
     return data
   }
@@ -154,15 +180,18 @@ export class AuthApiClient {
   }
 
   async getCurrentAccount() {
-    const data = await this.handleRequest<Account>("/session/account", {
-      method: "GET",
-    })
+    const data = await this.handleRequest<GetCurrentAccountResponse>(
+      "/session/account",
+      {
+        method: "GET",
+      },
+    )
 
     return data
   }
 
   async getAccountByMezoIdOrAddress(mezoIdOrAddress: string) {
-    const data = await this.handleRequest<AccountPublicData>(
+    const data = await this.handleRequest<GetAccountByMezoIdOrAddressResponse>(
       `/accounts/${mezoIdOrAddress}`,
       {
         method: "GET",
@@ -193,10 +222,13 @@ export class AuthApiClient {
   }
 
   async updateMezoId(newMezoId: string) {
-    const data = await this.handleRequest<Account>("/session/account", {
-      method: "PATCH",
-      body: { newMezoId },
-    })
+    const data = await this.handleRequest<Partial<Account> | null>(
+      "/session/account",
+      {
+        method: "PATCH",
+        body: { mezoId: newMezoId },
+      },
+    )
 
     return data
   }

package/src/hooks/constants.ts

@@ -1,6 +1,5 @@
 export const QUERY_KEYS = {
-  ACCOUNT_BY_ADDRESS: "getAccountByAddress",
-  ACCOUNT_BY_MEZO_ID: "getAccountByMezoId",
-  SESSION: "getSession",
-  CURRENT_ACCOUNT: "getCurrentAccount",
+  ACCOUNT: "account",
+  SESSION: "session",
+  CURRENT: "current",
 }

package/src/hooks/index.ts

@@ -6,15 +6,12 @@ export {
   useSubscribeToConnectorEvent,
   useSubscribeToWalletNetworkDoesNotMatchProviderChain,
 } from "@mezo-org/orangekit"
-export * from "./constants"
-export * from "./useAuthApiClient"
 export * from "./useCreateAccount"
 export * from "./useGetAccountByAddress"
 export * from "./useGetAccountByMezoId"
 export * from "./useGetCurrentAccount"
 export * from "./useGetSession"
 export * from "./useLinkAccount"
-export * from "./usePassportContext"
 export * from "./useSignInWithDiscord"
 export * from "./useSignInWithWallet"
 export * from "./useSignOut"

package/src/hooks/useCreateAccount.ts

@@ -12,12 +12,7 @@ export function useCreateAccount(useMutationOptions = {}) {
       authApiClient.createAccount(createAccountRequest),
     onSuccess: () => {
       queryClient.resetQueries({
-        queryKey: [QUERY_KEYS.ACCOUNT_BY_ADDRESS],
-        exact: false,
-      })
-      queryClient.resetQueries({
-        queryKey: [QUERY_KEYS.ACCOUNT_BY_MEZO_ID],
-        exact: false,
+        queryKey: [QUERY_KEYS.ACCOUNT],
       })
     },
     ...useMutationOptions,

package/src/hooks/useCreateSession.ts

@@ -14,22 +14,15 @@ export function useCreateSession(useMutationOptions = {}) {
   const { mutate, mutateAsync, ...rest } = useMutation({
     mutationFn: (createSessionRequest: CreateSessionRequest) =>
       authApiClient.createSession(createSessionRequest),
-    onSuccess: (data) => {
+    onSuccess: () => {
       // Since `getSession` query also has code in it's query keys we can't
       // set query data for a specific query, because we don't know if the
       // code was used or not. Because of that we just reset all getSession
       // queries
+      queryClient.resetQueries({ queryKey: [QUERY_KEYS.SESSION] })
       queryClient.resetQueries({
-        queryKey: [QUERY_KEYS.SESSION],
-        exact: false,
+        queryKey: [QUERY_KEYS.ACCOUNT, QUERY_KEYS.CURRENT],
       })
-      if ("user" in data) {
-        queryClient.setQueryData([QUERY_KEYS.CURRENT_ACCOUNT], data.user)
-      } else {
-        queryClient.resetQueries({
-          queryKey: [QUERY_KEYS.CURRENT_ACCOUNT],
-        })
-      }
     },
     ...useMutationOptions,
   })

package/src/hooks/useEnsureNoSessionAndFetchNonce.ts

@@ -0,0 +1,45 @@
+import { useCallback } from "react"
+import { useGetSession } from "./useGetSession"
+import { useSignOut } from "./useSignOut"
+
+function useEnsureNoSessionAndFetchNonce() {
+  const { refetch: getSession } = useGetSession(undefined, {
+    enabled: false,
+  })
+  const { signOutAsync } = useSignOut()
+
+  const getAndValidateSession = useCallback(async () => {
+    const getSessionResult = await getSession()
+
+    // TODO: We should create a separate endpoint that will always return nonce
+    if (getSessionResult.error) {
+      throw new Error(
+        `Sign in error: Failed to fetch the current session: ${getSessionResult.error}`,
+      )
+    }
+    if (!getSessionResult.data) {
+      throw new Error(
+        "Sign in error: Failed to fetch the current session; no data returned.",
+      )
+    }
+
+    return getSessionResult.data
+  }, [getSession])
+
+  const ensureNoSessionAndFetchNonce = useCallback(async () => {
+    let getSessionResult = await getAndValidateSession()
+
+    if (!("nonce" in getSessionResult)) {
+      // If there is active session we are terminating it
+      await signOutAsync()
+      // Because we've signed out we can assume nonce will be returned here
+      getSessionResult = (await getAndValidateSession()) as { nonce: string }
+    }
+
+    return getSessionResult.nonce
+  }, [getAndValidateSession, signOutAsync])
+
+  return { ensureNoSessionAndFetchNonce }
+}
+
+export { useEnsureNoSessionAndFetchNonce }

package/src/hooks/useGetAccountByAddress.ts

@@ -1,19 +1,25 @@
-import { useQuery, skipToken } from "@tanstack/react-query"
+import { useQuery, skipToken, UseBaseQueryOptions } from "@tanstack/react-query"
 import { useAuthApiClient } from "./useAuthApiClient"
 import { QUERY_KEYS } from "./constants"
 import { ONE_MINUTE_MS } from "../utils/time"
+import { GetAccountByMezoIdOrAddressResponse } from "../api/auth"
 
-export function useGetAccountByAddress(address?: string, useQueryOptions = {}) {
+export function useGetAccountByAddress(
+  address?: string,
+  queryOptions: Omit<
+    UseBaseQueryOptions<GetAccountByMezoIdOrAddressResponse>,
+    "queryKey" | "queryFn"
+  > = {},
+) {
   const authApiClient = useAuthApiClient()
 
   return useQuery({
-    queryKey: [QUERY_KEYS.ACCOUNT_BY_ADDRESS, address],
+    queryKey: [QUERY_KEYS.ACCOUNT, address],
     queryFn: address
       ? () => authApiClient.getAccountByMezoIdOrAddress(address)
       : skipToken,
     staleTime: ONE_MINUTE_MS,
     retry: 1,
-    enabled: !!address,
-    ...useQueryOptions,
+    ...queryOptions,
   })
 }

package/src/hooks/useGetAccountByMezoId.ts

@@ -1,19 +1,25 @@
-import { useQuery, skipToken } from "@tanstack/react-query"
+import { useQuery, skipToken, UseBaseQueryOptions } from "@tanstack/react-query"
 import { useAuthApiClient } from "./useAuthApiClient"
 import { QUERY_KEYS } from "./constants"
 import { ONE_MINUTE_MS } from "../utils/time"
+import { GetAccountByMezoIdOrAddressResponse } from "../api/auth"
 
-export function useGetAccountByMezoId(mezoId?: string, useQueryOptions = {}) {
+export function useGetAccountByMezoId(
+  mezoId?: string,
+  queryOptions: Omit<
+    UseBaseQueryOptions<GetAccountByMezoIdOrAddressResponse>,
+    "queryKey" | "queryFn"
+  > = {},
+) {
   const authApiClient = useAuthApiClient()
 
   return useQuery({
-    queryKey: [QUERY_KEYS.ACCOUNT_BY_MEZO_ID, mezoId],
+    queryKey: [QUERY_KEYS.ACCOUNT, mezoId],
     queryFn: mezoId
       ? () => authApiClient.getAccountByMezoIdOrAddress(mezoId)
       : skipToken,
     staleTime: ONE_MINUTE_MS,
     retry: 1,
-    enabled: !!mezoId,
-    ...useQueryOptions,
+    ...queryOptions,
   })
 }

package/src/hooks/useGetCurrentAccount.ts

@@ -1,16 +1,22 @@
-import { useQuery } from "@tanstack/react-query"
+import { useQuery, UseBaseQueryOptions } from "@tanstack/react-query"
 import { useAuthApiClient } from "./useAuthApiClient"
 import { QUERY_KEYS } from "./constants"
 import { ONE_MINUTE_MS } from "../utils/time"
+import { GetCurrentAccountResponse } from "../api/auth"
 
-export function useGetCurrentAccount(useQueryOptions = {}) {
+export function useGetCurrentAccount(
+  queryOptions: Omit<
+    UseBaseQueryOptions<GetCurrentAccountResponse>,
+    "queryKey" | "queryFn"
+  > = {},
+) {
   const authApiClient = useAuthApiClient()
 
   return useQuery({
-    queryKey: [QUERY_KEYS.CURRENT_ACCOUNT],
+    queryKey: [QUERY_KEYS.ACCOUNT, QUERY_KEYS.CURRENT],
     queryFn: () => authApiClient.getCurrentAccount(),
     staleTime: ONE_MINUTE_MS,
     retry: 1,
-    ...useQueryOptions,
+    ...queryOptions,
   })
 }

package/src/hooks/useGetSession.ts

@@ -1,15 +1,22 @@
-import { useQuery } from "@tanstack/react-query"
+import { useQuery, UseBaseQueryOptions } from "@tanstack/react-query"
 import { useAuthApiClient } from "./useAuthApiClient"
 import { QUERY_KEYS } from "./constants"
 import { ONE_MINUTE_MS } from "../utils/time"
+import { GetSessionResponse } from "../api/auth"
 
-export function useGetSession(code?: string, useQueryOptions = {}) {
+export function useGetSession(
+  code?: string,
+  queryOptions: Omit<
+    UseBaseQueryOptions<GetSessionResponse>,
+    "queryKey" | "queryFn"
+  > = {},
+) {
   const authApiClient = useAuthApiClient()
   return useQuery({
     queryKey: [QUERY_KEYS.SESSION, code],
     queryFn: () => authApiClient.getSession(code),
     staleTime: ONE_MINUTE_MS,
     retry: 1,
-    ...useQueryOptions,
+    ...queryOptions,
   })
 }

package/src/hooks/useLinkAccount.ts

@@ -10,33 +10,8 @@ export function useLinkAccount(useMutationOptions = {}) {
   const { mutate, mutateAsync, ...rest } = useMutation({
     mutationFn: (linkAccountRequest: LinkAccountRequest) =>
       authApiClient.linkAccount(linkAccountRequest),
-    onSuccess: (data) => {
-      if ("user_metadata" in data) {
-        if (data.user_metadata.mezoId) {
-          queryClient.setQueryData(
-            [QUERY_KEYS.ACCOUNT_BY_MEZO_ID, data.user_metadata.mezoId],
-            data,
-          )
-        }
-
-        queryClient.setQueryData(
-          [QUERY_KEYS.ACCOUNT_BY_ADDRESS, data.user_metadata.btcAddress],
-          data,
-        )
-        queryClient.setQueryData(
-          [QUERY_KEYS.ACCOUNT_BY_ADDRESS, data.user_metadata.evmAddress],
-          data,
-        )
-      } else {
-        queryClient.resetQueries({
-          queryKey: [QUERY_KEYS.ACCOUNT_BY_MEZO_ID],
-          exact: false,
-        })
-        queryClient.resetQueries({
-          queryKey: [QUERY_KEYS.ACCOUNT_BY_ADDRESS],
-          exact: false,
-        })
-      }
+    onSuccess: () => {
+      queryClient.resetQueries({ queryKey: [QUERY_KEYS.ACCOUNT] })
     },
     ...useMutationOptions,
   })

package/src/hooks/useSignInWithDiscord.ts

@@ -1,32 +1,14 @@
-import { useAccount } from "wagmi"
 import { useMutation } from "@tanstack/react-query"
-import { useGetSession } from "./useGetSession"
 import { useCreateSession } from "./useCreateSession"
+import { useEnsureNoSessionAndFetchNonce } from "./useEnsureNoSessionAndFetchNonce"
 
 function useSignInWithDiscord() {
-  const { address } = useAccount()
-  const { refetch: getSession } = useGetSession(undefined, {
-    enabled: false,
-  })
+  const { ensureNoSessionAndFetchNonce } = useEnsureNoSessionAndFetchNonce()
   const { createSessionAsync } = useCreateSession()
 
   const { mutate, mutateAsync, ...signInMutationRestParameters } = useMutation({
     mutationFn: async () => {
-      if (!address) {
-        throw new Error("Sign in error: User not connected!")
-      }
-
-      const getSessionResult = await getSession()
-
-      // TODO: We should create a separate endpoint that will always return nonce
-      if (!getSessionResult.data || !("nonce" in getSessionResult.data)) {
-        if (getSessionResult.error) {
-          throw new Error(`Sign in error: ${getSessionResult.error}`)
-        }
-        throw new Error(
-          "Sign in error: Nonce not available! Remove the session first.",
-        )
-      }
+      await ensureNoSessionAndFetchNonce()
 
       return createSessionAsync({
         type: "discord",
@@ -35,8 +17,8 @@ function useSignInWithDiscord() {
   })
 
   return {
-    signIn: mutate,
-    signInAsync: mutateAsync,
+    signInWithDiscord: mutate,
+    signInWithDiscordAsync: mutateAsync,
     ...signInMutationRestParameters,
   }
 }

package/src/hooks/useSignInWithWallet.ts

@@ -1,41 +1,29 @@
 import { useAccount, useSignMessage } from "wagmi"
 import { useBitcoinAccount } from "@mezo-org/orangekit"
 import { useMutation } from "@tanstack/react-query"
-import { useGetSession } from "./useGetSession"
 import { useCreateSession } from "./useCreateSession"
 import { createSignInWithWalletMessage } from "../utils/siww"
+import { useEnsureNoSessionAndFetchNonce } from "./useEnsureNoSessionAndFetchNonce"
 
 function useSignInWithWallet() {
   const { chainId, address, connector } = useAccount()
   const { btcAddress } = useBitcoinAccount()
-  const { refetch: getSession } = useGetSession(undefined, {
-    enabled: false,
-  })
+  const { ensureNoSessionAndFetchNonce } = useEnsureNoSessionAndFetchNonce()
   const { createSessionAsync } = useCreateSession()
   const { signMessageAsync } = useSignMessage()
 
   const { mutate, mutateAsync, ...signInMutationRestParameters } = useMutation({
     mutationFn: async () => {
       if (!address) {
-        throw new Error("Sign in error: User not connected!")
+        throw new Error("Sign in error: Wallet not connected!")
       }
 
-      const getSessionResult = await getSession()
-
-      // TODO: We should create a separate endpoint that will always return nonce
-      if (!getSessionResult.data || !("nonce" in getSessionResult.data)) {
-        if (getSessionResult.error) {
-          throw new Error(`Sign in error: ${getSessionResult.error}`)
-        }
-        throw new Error(
-          "Sign in error: Nonce not available! Remove the session first.",
-        )
-      }
+      const nonce = await ensureNoSessionAndFetchNonce()
 
       const networkFamily = btcAddress ? "bitcoin" : "evm"
       const messageResult = createSignInWithWalletMessage(
         btcAddress ? btcAddress! : address!,
-        getSessionResult.data.nonce,
+        nonce,
         networkFamily,
         chainId,
       )
@@ -52,8 +40,8 @@ function useSignInWithWallet() {
   })
 
   return {
-    signIn: mutate,
-    signInAsync: mutateAsync,
+    signInWithWallet: mutate,
+    signInWithWalletAsync: mutateAsync,
     ...signInMutationRestParameters,
   }
 }

package/src/hooks/useSignOut.ts

@@ -9,8 +9,10 @@ export function useSignOut(useMutationOptions = {}) {
   const { mutate, mutateAsync, ...rest } = useMutation({
     mutationFn: () => authApiClient.deleteSession(),
     onSuccess: () => {
-      queryClient.resetQueries({ queryKey: [QUERY_KEYS.SESSION], exact: false })
-      queryClient.resetQueries({ queryKey: [QUERY_KEYS.CURRENT_ACCOUNT] })
+      queryClient.resetQueries({ queryKey: [QUERY_KEYS.SESSION] })
+      queryClient.resetQueries({
+        queryKey: [QUERY_KEYS.ACCOUNT, QUERY_KEYS.CURRENT],
+      })
     },
     ...useMutationOptions,
   })

package/src/hooks/useUpdateMezoId.ts

@@ -9,14 +9,7 @@ export function useUpdateMezoId(useMutationOptions = {}) {
   const { mutate, mutateAsync, ...rest } = useMutation({
     mutationFn: (newMezoId: string) => authApiClient.updateMezoId(newMezoId),
     onSuccess: () => {
-      queryClient.resetQueries({
-        queryKey: [QUERY_KEYS.ACCOUNT_BY_ADDRESS],
-        exact: false,
-      })
-      queryClient.resetQueries({
-        queryKey: [QUERY_KEYS.ACCOUNT_BY_MEZO_ID],
-        exact: false,
-      })
+      queryClient.resetQueries({ queryKey: [QUERY_KEYS.ACCOUNT] })
     },
     ...useMutationOptions,
   })