@onairos/react-native 3.0.75 → 3.1.1

package/src/types/index.d.ts

@@ -213,11 +213,12 @@ declare module '@onairos/react-native' {
   export class OAuthWebView extends Component<OAuthWebViewProps> {}
 
   // Authentication & PIN Management Functions
-  export function storePinAfterBiometric(
-    username: string,
-    pin: string,
-    jwtToken?: string
-  ): Promise<PinStorageResult>;
+  // TODO: Commented out temporarily - biometric functionality disabled
+  // export function storePinAfterBiometric(
+  //   username: string,
+  //   pin: string,
+  //   jwtToken?: string
+  // ): Promise<PinStorageResult>;
 
   export function getStoredJwtToken(): Promise<string | null>;
 
@@ -242,6 +243,11 @@ declare module '@onairos/react-native' {
   // SDK Initialization Functions
   export function initializeApiKey(config: any): Promise<void>;
   export const ADMIN_API_KEY: string;
+  
+  // JWT Token Functions
+  export function extractUsernameFromJWT(token?: string): string | null;
+  export function extractUserDataFromJWT(token?: string): any;
+  export function decodeJWTPayload(token: string): any;
 
   // Programmatic Flow
   export function executeOnairosFlow(config: any): Promise<any>;

package/src/utils/onairosApi.ts

@@ -2,13 +2,7 @@ import { Platform } from 'react-native';
 import NetInfo from '@react-native-community/netinfo';
 import { OnairosCredentials } from './secureStorage';
 import { logDebug } from './debugHelper';
-
-// API configuration
-const API_CONFIG = {
-  baseUrl: 'https://api2.onairos.uk',
-  version: 'v1',
-  timeout: 30000, // 30 seconds
-};
+import { getJWT, makeUserRequest, makeDeveloperRequest, isUserAuthenticated, extractUsernameFromJWT } from '../services/apiKeyService';
 
 // API response types
 export interface ApiResponse<T = any> {
@@ -54,44 +48,121 @@ const checkNetworkConnection = async (): Promise<boolean> => {
 };
 
 /**
- * Build API request headers
+ * Make user-authenticated API request using JWT token
  */
-const buildHeaders = (accessToken?: string, additionalHeaders = {}): Record<string, string> => {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-    'Accept': 'application/json',
-    'User-Agent': `OnairosReactNative/${Platform.OS}/${Platform.Version}`,
-    ...additionalHeaders,
-  };
+const makeUserApiRequest = async <T>(
+  endpoint: string,
+  method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH',
+  options: {
+    data?: any;
+    headers?: Record<string, string>;
+    debug?: boolean;
+  } = {}
+): Promise<ApiResponse<T>> => {
+  const { data, headers = {}, debug = false } = options;
   
-  if (accessToken) {
-    headers['Authorization'] = `Bearer ${accessToken}`;
+  try {
+    // Check for network connectivity
+    const isConnected = await checkNetworkConnection();
+    if (!isConnected) {
+      throw new ApiError(
+        'No network connection available',
+        'network_error'
+      );
+    }
+    
+    // Check if user is authenticated
+    if (!isUserAuthenticated()) {
+      throw new ApiError(
+        'User not authenticated. Please verify email first.',
+        'auth_error'
+      );
+    }
+    
+    // Log request information if debug mode is enabled
+    if (debug) {
+      logDebug('User API Request', {
+        endpoint,
+        method,
+        headers: { ...headers, Authorization: '[REDACTED]' },
+        data: data || null,
+      });
+    }
+    
+    // Make authenticated request using JWT token
+    const response = await makeUserRequest(endpoint, {
+      method,
+      headers,
+      ...(data ? { body: JSON.stringify(data) } : {}),
+    });
+    
+    // Parse response as JSON
+    const responseData = await response.json();
+    
+    // Log response if debug mode is enabled
+    if (debug) {
+      logDebug('User API Response', {
+        status: response.status,
+        data: responseData,
+      });
+    }
+    
+    // Handle API error responses
+    if (!response.ok) {
+      const errorType: ApiErrorType = 
+        response.status === 401 || response.status === 403 ? 'auth_error' :
+        response.status === 400 ? 'validation_error' :
+        response.status >= 500 ? 'server_error' : 'unknown_error';
+      
+      throw new ApiError(
+        responseData.error?.message || 'API request failed',
+        errorType,
+        responseData.error?.code,
+        responseData.error?.details
+      );
+    }
+    
+    return responseData as ApiResponse<T>;
+  } catch (error) {
+    // Handle specific error types
+    if (error instanceof ApiError) {
+      throw error;
+    }
+    
+    if (error.name === 'AbortError') {
+      throw new ApiError('Request timed out', 'timeout_error');
+    }
+    
+    // Log error if debug mode is enabled
+    if (debug) {
+      logDebug('User API Error', {
+        endpoint,
+        method,
+        error: error.message || 'Unknown error',
+      });
+    }
+    
+    // Return a generic error for all other cases
+    throw new ApiError(
+      error.message || 'An unexpected error occurred',
+      'unknown_error'
+    );
   }
-  
-  return headers;
 };
 
 /**
- * Make API request with proper error handling
+ * Make developer-authenticated API request using API key
  */
-const apiRequest = async <T>(
+const makeDeveloperApiRequest = async <T>(
   endpoint: string,
   method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH',
   options: {
     data?: any;
-    accessToken?: string;
     headers?: Record<string, string>;
-    timeout?: number;
     debug?: boolean;
   } = {}
 ): Promise<ApiResponse<T>> => {
-  const {
-    data,
-    accessToken,
-    headers = {},
-    timeout = API_CONFIG.timeout,
-    debug = false,
-  } = options;
+  const { data, headers = {}, debug = false } = options;
   
   try {
     // Check for network connectivity
@@ -103,45 +174,29 @@ const apiRequest = async <T>(
       );
     }
     
-    // Build request URL
-    const url = `${API_CONFIG.baseUrl}/${API_CONFIG.version}/${endpoint}`;
-    
     // Log request information if debug mode is enabled
     if (debug) {
-      logDebug('API Request', {
-        url,
+      logDebug('Developer API Request', {
+        endpoint,
         method,
-        headers: { ...buildHeaders(accessToken, headers), Authorization: accessToken ? '[REDACTED]' : undefined },
+        headers: { ...headers, Authorization: '[REDACTED]' },
         data: data || null,
       });
     }
     
-    // Set up request options
-    const fetchOptions: RequestInit = {
+    // Make authenticated request using developer API key
+    const response = await makeDeveloperRequest(endpoint, {
       method,
-      headers: buildHeaders(accessToken, headers),
+      headers,
       ...(data ? { body: JSON.stringify(data) } : {}),
-    };
-    
-    // Create fetch request with timeout
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), timeout);
-    
-    // Execute request
-    const response = await fetch(url, {
-      ...fetchOptions,
-      signal: controller.signal,
     });
     
-    // Clear timeout
-    clearTimeout(timeoutId);
-    
     // Parse response as JSON
     const responseData = await response.json();
     
     // Log response if debug mode is enabled
     if (debug) {
-      logDebug('API Response', {
+      logDebug('Developer API Response', {
         status: response.status,
         data: responseData,
       });
@@ -175,7 +230,7 @@ const apiRequest = async <T>(
     
     // Log error if debug mode is enabled
     if (debug) {
-      logDebug('API Error', {
+      logDebug('Developer API Error', {
         endpoint,
         method,
         error: error.message || 'Unknown error',
@@ -191,14 +246,14 @@ const apiRequest = async <T>(
 };
 
 /**
- * Validate user credentials with the API
+ * Validate user credentials with the API (uses JWT)
  */
 export const validateCredentials = async (
   username: string,
   options = { debug: false }
 ): Promise<{ isValid: boolean; message?: string }> => {
   try {
-    const response = await apiRequest<{ isValid: boolean }>('auth/validate', 'POST', {
+    const response = await makeUserApiRequest<{ isValid: boolean }>('auth/validate', 'POST', {
       data: { username },
       debug: options.debug,
     });
@@ -216,13 +271,13 @@ export const validateCredentials = async (
 };
 
 /**
- * Create a new user account
+ * Create a new user account (uses developer API key)
  */
 export const createAccount = async (
   credentials: Partial<OnairosCredentials>,
   options = { debug: false }
 ): Promise<ApiResponse<{ accessToken: string; userId: string }>> => {
-  return apiRequest('auth/register', 'POST', {
+  return makeDeveloperApiRequest('auth/register', 'POST', {
     data: {
       username: credentials.username,
       platforms: credentials.platforms,
@@ -232,13 +287,13 @@ export const createAccount = async (
 };
 
 /**
- * Authenticate with the API using credentials
+ * Authenticate with the API using credentials (uses JWT)
  */
 export const authenticate = async (
   credentials: Partial<OnairosCredentials>,
   options = { debug: false }
 ): Promise<ApiResponse<{ accessToken: string; refreshToken: string }>> => {
-  return apiRequest('auth/login', 'POST', {
+  return makeUserApiRequest('auth/login', 'POST', {
     data: {
       username: credentials.username,
       pin: credentials.userPin,
@@ -248,56 +303,89 @@ export const authenticate = async (
 };
 
 /**
- * Refresh authentication token
+ * Refresh authentication token (uses JWT)
  */
 export const refreshToken = async (
   refreshToken: string,
   options = { debug: false }
 ): Promise<ApiResponse<{ accessToken: string; refreshToken: string }>> => {
-  return apiRequest('auth/refresh', 'POST', {
+  return makeUserApiRequest('auth/refresh', 'POST', {
     data: { refreshToken },
     debug: options.debug,
   });
 };
 
 /**
- * Get user's connected platform data
+ * Get user's connected platform data (uses JWT)
  */
 export const getPlatformData = async (
-  accessToken: string,
   platform: string,
   options = { debug: false }
 ): Promise<ApiResponse<any>> => {
-  return apiRequest(`platforms/${platform}/data`, 'GET', {
-    accessToken,
+  return makeUserApiRequest(`platforms/${platform}/data`, 'GET', {
     debug: options.debug,
   });
 };
 
 /**
- * Get user profile information
+ * Get user profile information (uses JWT)
  */
 export const getUserProfile = async (
-  accessToken: string,
   options = { debug: false }
 ): Promise<ApiResponse<any>> => {
-  return apiRequest('user/profile', 'GET', {
-    accessToken,
+  return makeUserApiRequest('user/profile', 'GET', {
     debug: options.debug,
   });
 };
 
 /**
- * Update user platform connections
+ * Update user platform connections (uses JWT)
  */
 export const updatePlatformConnections = async (
-  accessToken: string,
   platforms: Record<string, any>,
   options = { debug: false }
 ): Promise<ApiResponse<any>> => {
-  return apiRequest('user/platforms', 'PUT', {
-    accessToken,
+  return makeUserApiRequest('user/platforms', 'PUT', {
     data: { platforms },
     debug: options.debug,
   });
 };
+
+/**
+ * Store user PIN (uses JWT and extracts username from JWT)
+ */
+export const storePIN = async (
+  pin: string,
+  options: { debug?: boolean; username?: string } = {}
+): Promise<ApiResponse<any>> => {
+  const { debug = false, username } = options;
+  
+  // Extract username from JWT if not provided
+  const userToStore = username || extractUsernameFromJWT();
+  
+  if (!userToStore) {
+    throw new ApiError(
+      'No username available - either provide username or ensure JWT token is valid',
+      'auth_error'
+    );
+  }
+  
+  return makeUserApiRequest('store-pin/mobile', 'POST', {
+    data: { username: userToStore, pin },
+    debug,
+  });
+};
+
+/**
+ * Get current JWT token
+ */
+export const getCurrentUserToken = async (): Promise<string | null> => {
+  return await getJWT();
+};
+
+/**
+ * Check if user is authenticated with JWT
+ */
+export const isCurrentUserAuthenticated = (): boolean => {
+  return isUserAuthenticated();
+};

package/src/utils/secureStorage.ts

@@ -1,6 +1,10 @@
 import { Platform } from 'react-native';
 import { sha256 } from './crypto';
 import { STORAGE_KEYS } from '../constants';
+import AsyncStorage from '@react-native-async-storage/async-storage';
+
+// JWT token storage key
+const JWT_TOKEN_KEY = 'onairos_jwt_token';
 
 // Define OnairosCredentials interface locally to avoid circular dependencies
 export interface OnairosCredentials {
@@ -237,3 +241,121 @@ export const verifyCredentials = async (username: string): Promise<boolean> => {
     return false;
   }
 };
+
+/**
+ * JWT Token Storage Functions
+ * These functions handle JWT tokens from email verification
+ * 
+ * Note: Main JWT token management is handled in apiKeyService.ts
+ * These are utility functions for backwards compatibility
+ */
+
+/**
+ * Retrieve JWT token
+ * @returns JWT token or null if not found
+ */
+export const getJWT = async (): Promise<string | null> => {
+  try {
+    const token = await AsyncStorage.getItem(JWT_TOKEN_KEY);
+    return token;
+  } catch (error) {
+    console.error('❌ Failed to retrieve JWT token:', error);
+    return null;
+  }
+};
+
+/**
+ * Check if JWT token exists
+ * @returns True if JWT token exists
+ */
+export const hasJWT = async (): Promise<boolean> => {
+  try {
+    const token = await AsyncStorage.getItem(JWT_TOKEN_KEY);
+    return !!token;
+  } catch (error) {
+    console.error('❌ Failed to check JWT token:', error);
+    return false;
+  }
+};
+
+/**
+ * Clear JWT token
+ */
+export const clearJWT = async (): Promise<boolean> => {
+  try {
+    await AsyncStorage.removeItem(JWT_TOKEN_KEY);
+    console.log('🗑️ JWT token cleared');
+    return true;
+  } catch (error) {
+    console.error('❌ Failed to clear JWT token:', error);
+    return false;
+  }
+};
+
+/**
+ * Simple base64 decoder for React Native
+ */
+const base64Decode = (str: string): string => {
+  // Add padding if needed
+  while (str.length % 4) {
+    str += '=';
+  }
+  
+  // Simple base64 decoding
+  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+  let result = '';
+  
+  for (let i = 0; i < str.length; i += 4) {
+    const a = chars.indexOf(str.charAt(i));
+    const b = chars.indexOf(str.charAt(i + 1));
+    const c = chars.indexOf(str.charAt(i + 2));
+    const d = chars.indexOf(str.charAt(i + 3));
+    
+    const bitmap = (a << 18) | (b << 12) | (c << 6) | d;
+    
+    result += String.fromCharCode((bitmap >> 16) & 255);
+    if (c !== 64) result += String.fromCharCode((bitmap >> 8) & 255);
+    if (d !== 64) result += String.fromCharCode(bitmap & 255);
+  }
+  
+  return result;
+};
+
+/**
+ * Get JWT token payload (decoded)
+ * @returns Decoded JWT payload or null if invalid
+ */
+export const getJWTPayload = async (): Promise<any | null> => {
+  try {
+    const token = await getJWT();
+    if (!token) return null;
+    
+    // Decode JWT payload (middle part of token)
+    const parts = token.split('.');
+    if (parts.length !== 3) return null;
+    
+    const decodedPayload = base64Decode(parts[1]);
+    const payload = JSON.parse(decodedPayload);
+    return payload;
+  } catch (error) {
+    console.error('❌ Failed to decode JWT payload:', error);
+    return null;
+  }
+};
+
+/**
+ * Check if JWT token is expired
+ * @returns True if token is expired or invalid
+ */
+export const isJWTExpired = async (): Promise<boolean> => {
+  try {
+    const payload = await getJWTPayload();
+    if (!payload || !payload.exp) return true;
+    
+    const currentTime = Math.floor(Date.now() / 1000);
+    return payload.exp < currentTime;
+  } catch (error) {
+    console.error('❌ Failed to check JWT expiration:', error);
+    return true;
+  }
+};