@noatgnu/cupcake-core 1.2.8 → 1.2.10

package/fesm2022/noatgnu-cupcake-core.mjs

@@ -1,10 +1,10 @@
 import * as i0 from '@angular/core';
-import { InjectionToken, inject, Injectable, signal, computed, Component, effect, ChangeDetectorRef, NgModule } from '@angular/core';
+import { inject, InjectionToken, Injectable, signal, computed, Component, effect, ChangeDetectorRef, NgModule } from '@angular/core';
 import * as i1 from '@angular/common/http';
 import { HttpClient, HttpParams, provideHttpClient, withInterceptors, HttpClientModule } from '@angular/common/http';
-import { BehaviorSubject, map, tap, throwError, catchError, Subject, timer, EMPTY, take, switchMap as switchMap$1, filter, debounceTime, distinctUntilChanged } from 'rxjs';
-import { map as map$1, takeUntil, tap as tap$1, switchMap } from 'rxjs/operators';
+import { BehaviorSubject, catchError, throwError, switchMap, filter, take, map, tap, Subject, timer, EMPTY, debounceTime, distinctUntilChanged } from 'rxjs';
 import { Router, ActivatedRoute, RouterModule } from '@angular/router';
+import { map as map$1, takeUntil, tap as tap$1, switchMap as switchMap$1 } from 'rxjs/operators';
 import * as i1$1 from '@angular/forms';
 import { FormBuilder, Validators, ReactiveFormsModule, FormsModule, NonNullableFormBuilder } from '@angular/forms';
 import * as i2 from '@angular/common';
@@ -75,6 +75,114 @@ const InvitationStatusLabels = {
  */
 // Base types and enums
 
+let isRefreshing = false;
+let refreshFailedCount = 0;
+let lastRefreshFailTime = 0;
+const MAX_REFRESH_RETRIES = 3;
+const REFRESH_RETRY_WINDOW_MS = 60000;
+const refreshTokenSubject = new BehaviorSubject(null);
+function resetRefreshState() {
+    refreshFailedCount = 0;
+    lastRefreshFailTime = 0;
+    isRefreshing = false;
+}
+const authInterceptor = (req, next) => {
+    const router = inject(Router);
+    const http = inject(HttpClient);
+    const config = inject(CUPCAKE_CORE_CONFIG);
+    if (req.url.includes('/auth/login/') ||
+        req.url.includes('/auth/token/') ||
+        req.url.includes('/auth/orcid/') ||
+        req.url.includes('/auth/register/') ||
+        req.url.includes('/site-config/public/')) {
+        return next(req);
+    }
+    const token = localStorage.getItem('ccvAccessToken');
+    let authReq = req;
+    if (token) {
+        authReq = addTokenToRequest(req, token);
+    }
+    return next(authReq).pipe(catchError((error) => {
+        if (error.status === 401) {
+            return handle401Error(authReq, next, http, router, config);
+        }
+        return throwError(() => error);
+    }));
+};
+function addTokenToRequest(request, token) {
+    return request.clone({
+        setHeaders: {
+            Authorization: `Bearer ${token}`
+        }
+    });
+}
+function handle401Error(request, next, http, router, config) {
+    const now = Date.now();
+    if (now - lastRefreshFailTime > REFRESH_RETRY_WINDOW_MS) {
+        refreshFailedCount = 0;
+    }
+    if (refreshFailedCount >= MAX_REFRESH_RETRIES) {
+        return throwError(() => new Error('Maximum token refresh attempts exceeded. Please log in again.'));
+    }
+    if (!isRefreshing) {
+        isRefreshing = true;
+        refreshTokenSubject.next(null);
+        const refreshToken = localStorage.getItem('ccvRefreshToken');
+        if (refreshToken) {
+            return http.post(`${config.apiUrl}/auth/token/refresh/`, {
+                refresh: refreshToken
+            }).pipe(switchMap((tokenResponse) => {
+                isRefreshing = false;
+                refreshFailedCount = 0;
+                lastRefreshFailTime = 0;
+                localStorage.setItem('ccvAccessToken', tokenResponse.access);
+                refreshTokenSubject.next(tokenResponse.access);
+                if (typeof window !== 'undefined') {
+                    window.dispatchEvent(new CustomEvent('tokenRefreshed'));
+                }
+                return next(addTokenToRequest(request, tokenResponse.access));
+            }), catchError((refreshError) => {
+                isRefreshing = false;
+                refreshFailedCount++;
+                lastRefreshFailTime = Date.now();
+                localStorage.removeItem('ccvAccessToken');
+                localStorage.removeItem('ccvRefreshToken');
+                refreshTokenSubject.next(null);
+                if (typeof window !== 'undefined') {
+                    window.dispatchEvent(new CustomEvent('authCleared'));
+                }
+                if (refreshFailedCount >= MAX_REFRESH_RETRIES) {
+                    router.navigate(['/login'], {
+                        queryParams: { returnUrl: router.url }
+                    });
+                }
+                return throwError(() => refreshError);
+            }));
+        }
+        else {
+            isRefreshing = false;
+            refreshFailedCount++;
+            lastRefreshFailTime = Date.now();
+            localStorage.removeItem('ccvAccessToken');
+            localStorage.removeItem('ccvRefreshToken');
+            if (typeof window !== 'undefined') {
+                window.dispatchEvent(new CustomEvent('authCleared'));
+            }
+            if (refreshFailedCount >= MAX_REFRESH_RETRIES) {
+                router.navigate(['/login'], {
+                    queryParams: { returnUrl: router.url }
+                });
+            }
+            return throwError(() => new Error('No refresh token available'));
+        }
+    }
+    else {
+        return refreshTokenSubject.pipe(filter((token) => token !== null), take(1), switchMap((token) => {
+            return next(addTokenToRequest(request, token));
+        }));
+    }
+}
+
 const CUPCAKE_CORE_CONFIG = new InjectionToken('CUPCAKE_CORE_CONFIG');
 class AuthService {
     http = inject(HttpClient);
@@ -258,6 +366,7 @@ class AuthService {
         const convertedUser = this.convertUserFromSnakeToCamel(response.user);
         this.currentUserSubject.next(convertedUser);
         this.isAuthenticatedSubject.next(true);
+        resetRefreshState();
     }
     tryRefreshToken() {
         const refreshToken = this.getRefreshToken();
@@ -699,6 +808,17 @@ class ApiService {
     deleteAnnotationFolder(id) {
         return this.http.delete(`${this.apiUrl}/annotation-folders/${id}/`);
     }
+    /**
+     * WARNING: This method accesses the base annotation endpoint and should only be used
+     * for standalone annotations that are NOT attached to parent resources.
+     *
+     * For annotations attached to parent resources, use the specialized services instead:
+     * - Instrument annotations: Use InstrumentService from @noatgnu/cupcake-macaron
+     * - StoredReagent annotations: Use ReagentService from @noatgnu/cupcake-macaron
+     * - Session annotations: Use SessionService from @noatgnu/cupcake-red-velvet
+     *
+     * These specialized services ensure proper permission checking through parent resources.
+     */
     getAnnotations(params) {
         let httpParams = new HttpParams();
         if (params) {
@@ -714,9 +834,33 @@ class ApiService {
             results: response.results.map((annotation) => this.resourceService.transformLegacyResource(annotation))
         })));
     }
+    /**
+     * WARNING: This method accesses the base annotation endpoint and should only be used
+     * for standalone annotations that are NOT attached to parent resources.
+     *
+     * For annotations attached to parent resources, use the specialized services instead:
+     * - Instrument annotations: Use InstrumentService.getInstrumentAnnotation()
+     * - StoredReagent annotations: Use ReagentService.getStoredReagentAnnotation()
+     * - Session annotations: Use SessionService (session folder annotations)
+     *
+     * The backend enforces parent resource permissions, but using specialized services
+     * provides cleaner access control and better context.
+     */
     getAnnotation(id) {
         return this.http.get(`${this.apiUrl}/annotations/${id}/`).pipe(map$1(response => this.resourceService.transformLegacyResource(response)));
     }
+    /**
+     * WARNING: This method accesses the base annotation endpoint and should only be used
+     * for standalone annotations that are NOT attached to parent resources.
+     *
+     * For creating annotations attached to parent resources, use specialized upload methods:
+     * - Instrument annotations: Use InstrumentService.uploadAnnotation()
+     * - StoredReagent annotations: Use ReagentService.uploadAnnotation()
+     * - Session/Step annotations: Use the appropriate chunked upload service
+     *
+     * These specialized methods provide chunked upload support, progress tracking,
+     * and automatic binding to parent resources with proper permission enforcement.
+     */
     createAnnotation(annotationData) {
         const formData = new FormData();
         Object.keys(annotationData).forEach(key => {
@@ -732,10 +876,29 @@ class ApiService {
         });
         return this.http.post(`${this.apiUrl}/annotations/`, formData).pipe(map$1(response => this.resourceService.transformLegacyResource(response)));
     }
+    /**
+     * WARNING: This method accesses the base annotation endpoint and should only be used
+     * for standalone annotations that are NOT attached to parent resources.
+     *
+     * For annotations attached to parent resources, the backend enforces parent resource
+     * permissions. However, using specialized services provides better context and access control.
+     */
     updateAnnotation(id, annotationData) {
         const preparedData = this.resourceService.prepareForAPI(annotationData);
         return this.http.patch(`${this.apiUrl}/annotations/${id}/`, preparedData).pipe(map$1(response => this.resourceService.transformLegacyResource(response)));
     }
+    /**
+     * WARNING: This method accesses the base annotation endpoint and should only be used
+     * for standalone annotations that are NOT attached to parent resources.
+     *
+     * For deleting annotations attached to parent resources, use specialized services:
+     * - Instrument annotations: Use InstrumentService.deleteInstrumentAnnotation()
+     * - StoredReagent annotations: Use ReagentService.deleteStoredReagentAnnotation()
+     * - Session annotations: Use appropriate session/step annotation delete methods
+     *
+     * The backend enforces parent resource permissions, but using specialized services
+     * provides clearer intent and better access control context.
+     */
     deleteAnnotation(id) {
         return this.http.delete(`${this.apiUrl}/annotations/${id}/`);
     }
@@ -1475,7 +1638,7 @@ class WebSocketService {
         })).subscribe();
     }
     filterMessages(type) {
-        return this.messages$.pipe(tap$1(msg => console.log('Filtering message:', msg.type, 'looking for:', type)), switchMap(message => message.type === type ? [message] : EMPTY));
+        return this.messages$.pipe(tap$1(msg => console.log('Filtering message:', msg.type, 'looking for:', type)), switchMap$1(message => message.type === type ? [message] : EMPTY));
     }
     getNotifications() {
         return this.filterMessages('notification');
@@ -1856,89 +2019,6 @@ const adminGuard = (route, state) => {
     return true;
 };
 
-let isRefreshing = false;
-const refreshTokenSubject = new BehaviorSubject(null);
-const authInterceptor = (req, next) => {
-    const router = inject(Router);
-    const http = inject(HttpClient);
-    const config = inject(CUPCAKE_CORE_CONFIG);
-    if (req.url.includes('/auth/login/') ||
-        req.url.includes('/auth/token/') ||
-        req.url.includes('/auth/orcid/') ||
-        req.url.includes('/auth/register/') ||
-        req.url.includes('/site-config/public/')) {
-        return next(req);
-    }
-    const token = localStorage.getItem('ccvAccessToken');
-    let authReq = req;
-    if (token) {
-        authReq = addTokenToRequest(req, token);
-    }
-    return next(authReq).pipe(catchError((error) => {
-        if (error.status === 401) {
-            return handle401Error(authReq, next, http, router, config);
-        }
-        return throwError(() => error);
-    }));
-};
-function addTokenToRequest(request, token) {
-    return request.clone({
-        setHeaders: {
-            Authorization: `Bearer ${token}`
-        }
-    });
-}
-function handle401Error(request, next, http, router, config) {
-    if (!isRefreshing) {
-        isRefreshing = true;
-        refreshTokenSubject.next(null);
-        const refreshToken = localStorage.getItem('ccvRefreshToken');
-        if (refreshToken) {
-            return http.post(`${config.apiUrl}/auth/token/refresh/`, {
-                refresh: refreshToken
-            }).pipe(switchMap$1((tokenResponse) => {
-                isRefreshing = false;
-                localStorage.setItem('ccvAccessToken', tokenResponse.access);
-                refreshTokenSubject.next(tokenResponse.access);
-                if (typeof window !== 'undefined') {
-                    window.dispatchEvent(new CustomEvent('tokenRefreshed'));
-                }
-                return next(addTokenToRequest(request, tokenResponse.access));
-            }), catchError((refreshError) => {
-                isRefreshing = false;
-                localStorage.removeItem('ccvAccessToken');
-                localStorage.removeItem('ccvRefreshToken');
-                refreshTokenSubject.next(null);
-                if (typeof window !== 'undefined') {
-                    window.dispatchEvent(new CustomEvent('authCleared'));
-                }
-                router.navigate(['/login'], {
-                    queryParams: { returnUrl: router.url }
-                });
-                return throwError(() => refreshError);
-            }));
-        }
-        else {
-            isRefreshing = false;
-            localStorage.removeItem('ccvAccessToken');
-            localStorage.removeItem('ccvRefreshToken');
-            // Notify AuthService that auth was cleared
-            if (typeof window !== 'undefined') {
-                window.dispatchEvent(new CustomEvent('authCleared'));
-            }
-            router.navigate(['/login'], {
-                queryParams: { returnUrl: router.url }
-            });
-            return throwError(() => new Error('No refresh token available'));
-        }
-    }
-    else {
-        return refreshTokenSubject.pipe(filter((token) => token !== null), take(1), switchMap$1((token) => {
-            return next(addTokenToRequest(request, token));
-        }));
-    }
-}
-
 class LoginComponent {
     authService = inject(AuthService);
     fb = inject(FormBuilder);
@@ -3328,5 +3408,5 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.3", ngImpor
  * Generated bundle index. Do not edit.
  */
 
-export { ApiService, AuthService, BaseApiService, CUPCAKE_CORE_CONFIG, CupcakeCoreModule, InvitationStatus, InvitationStatusLabels, LabGroupService, LabGroupsComponent, LoginComponent, NotificationService, PoweredByFooterComponent, RegisterComponent, ResourceRole, ResourceRoleLabels, ResourceService, ResourceType, ResourceTypeLabels, ResourceVisibility, ResourceVisibilityLabels, SiteConfigComponent, SiteConfigService, ThemeService, ToastContainerComponent, ToastService, UserManagementComponent, UserManagementService, UserProfileComponent, WEBSOCKET_ENDPOINT, WEBSOCKET_ENDPOINTS, WebSocketConfigService, WebSocketEndpoints, WebSocketService, adminGuard, authGuard, authInterceptor };
+export { ApiService, AuthService, BaseApiService, CUPCAKE_CORE_CONFIG, CupcakeCoreModule, InvitationStatus, InvitationStatusLabels, LabGroupService, LabGroupsComponent, LoginComponent, NotificationService, PoweredByFooterComponent, RegisterComponent, ResourceRole, ResourceRoleLabels, ResourceService, ResourceType, ResourceTypeLabels, ResourceVisibility, ResourceVisibilityLabels, SiteConfigComponent, SiteConfigService, ThemeService, ToastContainerComponent, ToastService, UserManagementComponent, UserManagementService, UserProfileComponent, WEBSOCKET_ENDPOINT, WEBSOCKET_ENDPOINTS, WebSocketConfigService, WebSocketEndpoints, WebSocketService, adminGuard, authGuard, authInterceptor, resetRefreshState };
 //# sourceMappingURL=noatgnu-cupcake-core.mjs.map