@onairos/react-native 3.0.75 → 3.1.1

package/lib/module/services/platformAuthService.js

@@ -1,67 +1,33 @@
 import AsyncStorage from '@react-native-async-storage/async-storage';
-import { makeAuthenticatedRequest } from './apiKeyService';
+import { makeDeveloperRequest, getApiConfig, storeJWT, extractUsernameFromJWT } from './apiKeyService';
 
-// 🔑 CRITICAL: Initialize API key service for authentication
-let isApiKeyInitialized = false;
+// 🔑 CRITICAL: Use two-tier authentication system
+// - Developer API key for email verification requests
+// - JWT tokens for user-authenticated requests after email verification
 
 /**
- * Initialize the API key service with the admin key for testing
- * This ensures all API requests include proper authentication headers
+ * Initialize the platform auth service
+ * This service now uses the two-tier authentication system
  */
 export const initializePlatformAuthService = async () => {
-  if (isApiKeyInitialized) {
-    console.log('🔑 API key service already initialized');
-    return;
-  }
   try {
-    // Import the initialization function
-    const {
-      initializeApiKey,
-      ADMIN_API_KEY,
-      getApiConfig
-    } = await import('./apiKeyService');
-
-    // Check if there's already an app initialization
+    // Check if app is already initialized with API key
     const existingConfig = getApiConfig();
     if (existingConfig && existingConfig.apiKey) {
-      console.log('🔑 App already initialized with API key, using existing configuration');
-      // Use the existing app's configuration instead of overriding
-      isApiKeyInitialized = true;
-      console.log(`✅ Platform auth service using existing app configuration (${existingConfig.environment})`);
+      console.log('🔑 Platform auth service using existing app configuration');
+      console.log(`✅ Environment: ${existingConfig.environment}`);
       return;
     }
 
-    // Only initialize with admin key if no app initialization exists
-    const environment = __DEV__ ? 'development' : 'production';
-    console.log('🔑 No app initialization found, initializing platform auth service with admin key');
-    console.log('🔑 Environment:', environment);
-
-    // Initialize with admin key as fallback
-    await initializeApiKey({
-      apiKey: ADMIN_API_KEY,
-      // 'OnairosIsAUnicorn2025'
-      environment: environment,
-      enableLogging: true,
-      timeout: 30000
-    });
-    isApiKeyInitialized = true;
-    console.log(`✅ Platform auth service initialized with admin key (${environment})`);
+    // If no app initialization, we can't proceed
+    console.error('❌ Platform auth service requires app-level API key initialization');
+    throw new Error('Platform auth service requires app-level API key initialization. Please call initializeApiKey() first.');
   } catch (error) {
     console.error('❌ Failed to initialize platform auth service:', error);
     throw error;
   }
 };
 
-/**
- * Ensure API key is initialized before making authenticated requests
- */
-const ensureApiKeyInitialized = async () => {
-  if (!isApiKeyInitialized) {
-    console.log('🔑 API key not initialized, initializing now...');
-    await initializePlatformAuthService();
-  }
-};
-
 // Configuration for each platform's authentication
 let PLATFORM_AUTH_CONFIG = {
   instagram: {
@@ -169,7 +135,7 @@ export const initiateOAuth = async (platform, username, appName) => {
         }
       };
       console.log('📤 Sending Instagram OAuth request:', jsonData);
-      const response = await makeAuthenticatedRequest(PLATFORM_AUTH_CONFIG[platform].authEndpoint, {
+      const response = await makeDeveloperRequest(PLATFORM_AUTH_CONFIG[platform].authEndpoint, {
         method: 'POST',
         body: JSON.stringify(jsonData)
       });
@@ -207,7 +173,7 @@ export const initiateOAuth = async (platform, username, appName) => {
     console.log(`📤 Sending ${platform} OAuth request:`, jsonData);
 
     // Make the authenticated request to get the OAuth URL
-    const response = await makeAuthenticatedRequest(PLATFORM_AUTH_CONFIG[platform].authEndpoint, {
+    const response = await makeDeveloperRequest(PLATFORM_AUTH_CONFIG[platform].authEndpoint, {
       method: 'POST',
       body: JSON.stringify(jsonData)
     });
@@ -808,355 +774,221 @@ export const updateGoogleClientIds = config => {
 };
 
 /**
- * 📧 EMAIL VERIFICATION FUNCTIONS
- * Using the correct Onairos email verification endpoints
+ * Request email verification using developer API key
+ * @param email Email address to verify
+ * @param testMode Whether to use test mode
+ * @returns Promise with verification result
  */
 export const requestEmailVerification = async (email, testMode = false) => {
   try {
     console.log('📧 Requesting email verification for:', email);
-    console.log('🧪 Test mode:', testMode);
-    if (!email || !email.includes('@')) {
-      return {
-        success: false,
-        error: 'Valid email address is required'
-      };
-    }
-
-    // In test mode, always return success with mock request ID
-    if (testMode) {
-      console.log('🧪 Test mode: Always returning success with mock request ID');
-      const mockRequestId = 'test-request-' + Date.now();
-
-      // Store request info for tracking
-      await AsyncStorage.setItem('email_verification_request_id', mockRequestId);
-      await AsyncStorage.setItem('email_verification_request_email', email);
+    const response = await makeDeveloperRequest('/email/verification', {
+      method: 'POST',
+      body: JSON.stringify({
+        email,
+        action: 'request',
+        testMode
+      })
+    });
+    const data = await response.json();
+    if (response.ok && data.success) {
+      console.log('✅ Email verification requested successfully');
       return {
         success: true,
-        message: 'Email verification sent successfully (test mode)',
-        requestId: mockRequestId
+        message: data.message || 'Verification code sent to your email'
       };
-    }
-
-    // Production mode: Make real API call with API key authentication
-    try {
-      // 🔑 Ensure API key is initialized before making authenticated requests
-      await ensureApiKeyInitialized();
-      const response = await makeAuthenticatedRequest('/email/verification', {
-        method: 'POST',
-        body: JSON.stringify({
-          email,
-          action: 'request'
-        })
-      });
-      const result = await response.json();
-      console.log('📡 Email verification API response:', result);
-      if (response.ok && result.success) {
-        console.log('✅ Email verification request sent');
-
-        // Store request info for tracking
-        const requestId = result.requestId || result.id || 'req-' + Date.now();
-        await AsyncStorage.setItem('email_verification_request_id', requestId);
-        await AsyncStorage.setItem('email_verification_request_email', email);
-        return {
-          success: true,
-          message: result.message || 'Email verification sent successfully',
-          requestId: requestId
-        };
-      } else {
-        console.error('❌ Email verification request failed:', result.error);
-        return {
-          success: false,
-          error: result.error || 'Failed to send verification email'
-        };
-      }
-    } catch (apiError) {
-      console.error('❌ Email verification API call failed:', apiError);
+    } else {
+      console.error('❌ Email verification request failed:', data.error);
       return {
         success: false,
-        error: 'Network error while sending verification email'
+        error: data.error || 'Failed to send verification code'
       };
     }
   } catch (error) {
-    console.error('❌ Email verification request error:', error);
+    console.error('❌ Error requesting email verification:', error);
     return {
       success: false,
-      error: error instanceof Error ? error.message : 'Unknown error'
+      error: error instanceof Error ? error.message : 'Network error'
     };
   }
 };
+
+/**
+ * Verify email code and store JWT token
+ * @param email Email address
+ * @param code Verification code
+ * @param testMode Whether to use test mode
+ * @returns Promise with verification result and JWT token
+ */
 export const verifyEmailCode = async (email, code, testMode = false) => {
   try {
     console.log('🔍 Verifying email code for:', email);
-    console.log('🔑 Code length:', code.length);
-    console.log('🧪 Test mode:', testMode);
-    if (!email || !email.includes('@')) {
-      return {
-        success: false,
-        error: 'Valid email address is required'
-      };
-    }
-    if (!code || code.length < 4) {
-      return {
-        success: false,
-        error: 'Valid verification code is required'
-      };
-    }
-
-    // In test mode, always return success with mock JWT token
-    if (testMode) {
-      console.log('🧪 Test mode: Always returning success with mock JWT token');
-      const mockToken = 'test-jwt-token-' + Date.now();
-
-      // Store mock token for API requests
-      await AsyncStorage.setItem('email_verification_token', mockToken);
-      await AsyncStorage.setItem('onairos_jwt_token', mockToken);
-      await AsyncStorage.setItem('email_verification_email', email);
+    const response = await makeDeveloperRequest('/email/verification', {
+      method: 'POST',
+      body: JSON.stringify({
+        email,
+        action: 'verify',
+        code,
+        testMode
+      })
+    });
+    const data = await response.json();
+    if (response.ok && data.success) {
+      console.log('✅ Email verification successful');
+
+      // Store JWT token if received
+      if (data.token || data.jwtToken) {
+        const jwtToken = data.token || data.jwtToken;
+        await storeJWT(jwtToken);
+        console.log('🎫 JWT token stored successfully');
+      }
       return {
         success: true,
-        message: 'Email verification successful (test mode)',
-        existingUser: false,
-        jwtToken: mockToken
+        message: data.message || 'Email verified successfully',
+        existingUser: data.existingUser || false,
+        token: data.token || data.jwtToken
       };
-    }
-
-    // Production mode: Make real API call with API key authentication
-    try {
-      // 🔑 Ensure API key is initialized before making authenticated requests
-      await ensureApiKeyInitialized();
-      const response = await makeAuthenticatedRequest('/email/verification', {
-        method: 'POST',
-        body: JSON.stringify({
-          email,
-          code,
-          action: 'verify'
-        })
-      });
-      const result = await response.json();
-      console.log('📡 Email verification API response:', result);
-      if (response.ok && result.success) {
-        console.log('✅ Email verification successful');
-
-        // 🎫 CRITICAL: Store JWT token from email verification response
-        const jwtToken = result.token || result.jwtToken || result.jwt || result.authToken;
-        if (jwtToken) {
-          console.log('🎫 Storing JWT token from email verification response');
-          await AsyncStorage.setItem('email_verification_token', jwtToken);
-          await AsyncStorage.setItem('onairos_jwt_token', jwtToken);
-          await AsyncStorage.setItem('enoch_token', jwtToken);
-          await AsyncStorage.setItem('auth_token', jwtToken);
-          await AsyncStorage.setItem('email_verification_email', email);
-          await AsyncStorage.setItem('token_timestamp', Date.now().toString());
-        } else {
-          console.warn('⚠️ No JWT token received from email verification API');
-        }
-        return {
-          success: true,
-          message: result.message || 'Email verification successful',
-          existingUser: result.existingUser || false,
-          jwtToken: jwtToken
-        };
-      } else {
-        console.error('❌ Email verification failed:', result.error);
-        return {
-          success: false,
-          error: result.error || 'Email verification failed'
-        };
-      }
-    } catch (apiError) {
-      console.error('❌ Email verification API call failed:', apiError);
+    } else {
+      console.error('❌ Email verification failed:', data.error);
       return {
         success: false,
-        error: 'Network error during email verification'
+        error: data.error || 'Invalid verification code'
       };
     }
   } catch (error) {
-    console.error('❌ Email verification error:', error);
+    console.error('❌ Error verifying email code:', error);
     return {
       success: false,
-      error: error instanceof Error ? error.message : 'Unknown error'
+      error: error instanceof Error ? error.message : 'Network error'
     };
   }
 };
+
+/**
+ * Check email verification status
+ * @param email Email address
+ * @param testMode Whether to use test mode
+ * @returns Promise with status result
+ */
 export const checkEmailVerificationStatus = async (email, testMode = false) => {
   try {
     console.log('🔍 Checking email verification status for:', email);
-    console.log('🔍 Test mode:', testMode);
-
-    // In test mode, always return no pending verification
-    if (testMode) {
-      console.log('🧪 Test mode: Always returning no pending verification');
+    const response = await makeDeveloperRequest('/email/verification/status', {
+      method: 'POST',
+      body: JSON.stringify({
+        email,
+        testMode
+      })
+    });
+    const data = await response.json();
+    if (response.ok && data.success) {
       return {
         success: true,
-        isPending: false,
-        message: 'Status retrieved successfully (test mode)'
+        isPending: data.isPending || false
       };
-    }
-
-    // Production mode: Make real API call with API key authentication
-    try {
-      // 🔑 Ensure API key is initialized before making authenticated requests
-      await ensureApiKeyInitialized();
-      const response = await makeAuthenticatedRequest(`/email/verify/status/${encodeURIComponent(email)}`, {
-        method: 'GET'
-      });
-      const result = await response.json();
-      console.log('📡 Email verification status API response:', result);
-      if (response.ok && result.success) {
-        console.log('✅ Email verification status retrieved');
-        return {
-          success: true,
-          isPending: result.isPending || false,
-          message: result.message || 'Status retrieved successfully'
-        };
-      } else {
-        console.error('❌ Email verification status failed:', result.error);
-        return {
-          success: false,
-          error: result.error || 'Failed to check verification status'
-        };
-      }
-    } catch (apiError) {
-      console.error('❌ Email verification status API call failed:', apiError);
+    } else {
       return {
         success: false,
-        error: 'Network error while checking status'
+        error: data.error || 'Failed to check verification status'
       };
     }
   } catch (error) {
-    console.error('❌ Email verification status error:', error);
+    console.error('❌ Error checking email verification status:', error);
     return {
       success: false,
-      error: error instanceof Error ? error.message : 'Unknown error'
+      error: error instanceof Error ? error.message : 'Network error'
     };
   }
 };
 
 /**
- * 🔌 UNIVERSAL PLATFORM DISCONNECTION
- * Backend confirmed this endpoint is fully implemented
+ * Disconnect a platform (uses developer API key)
+ * @param platform Platform to disconnect
+ * @param username Username associated with the platform
+ * @returns Promise with disconnect result
  */
 export const disconnectPlatform = async (platform, username) => {
   try {
     console.log('🔌 Disconnecting platform:', platform, 'for user:', username);
-    if (!platform || !username) {
-      return {
-        success: false,
-        error: 'Platform and username are required'
-      };
-    }
 
     // Make authenticated API call to disconnect platform
-    const response = await makeAuthenticatedRequest('/revoke', {
+    const response = await makeDeveloperRequest('/revoke', {
       method: 'POST',
       body: JSON.stringify({
         platform,
         username
       })
     });
-    const result = await response.json();
-    console.log('📡 Platform disconnect API response:', result);
-    if (response.ok && result.success) {
-      console.log('✅ Platform disconnected successfully');
+    const data = await response.json();
+    if (response.ok && data.success) {
+      console.log(`✅ ${platform} disconnected successfully`);
       return {
-        success: true,
-        message: result.message || 'Platform disconnected successfully'
+        success: true
       };
     } else {
-      console.error('❌ Platform disconnect failed:', result.error);
+      console.error(`❌ Failed to disconnect ${platform}:`, data.error);
       return {
         success: false,
-        error: result.error || 'Failed to disconnect platform'
+        error: data.error || 'Failed to disconnect platform'
       };
     }
   } catch (error) {
-    console.error('❌ Platform disconnect error:', error);
+    console.error(`❌ Error disconnecting ${platform}:`, error);
     return {
       success: false,
-      error: error instanceof Error ? error.message : 'Platform disconnect failed'
+      error: error instanceof Error ? error.message : 'Network error'
     };
   }
 };
 
 /**
- * 🔐 STORE PIN AFTER BIOMETRIC AUTHENTICATION
- * Send PIN separately to /store-pin/web endpoint after biometric Face ID verification
+ * Store PIN for user (uses JWT authentication and extracts username from JWT)
+ * @param pin User PIN
+ * @param username Optional username (if not provided, extracts from JWT)
+ * @returns Promise with result
  */
-export const storePinAfterBiometric = async (username, pin, jwtToken) => {
+export const storePIN = async (pin, username) => {
   try {
-    console.log('🔐 Storing PIN after biometric authentication for user:', username);
-    console.log('🔑 PIN length:', pin.length);
-    console.log('🎫 JWT token provided:', !!jwtToken);
-    if (!username || !pin) {
-      return {
-        success: false,
-        error: 'Username and PIN are required'
-      };
-    }
-    if (pin.length < 4) {
+    // Extract username from JWT if not provided
+    const userToStore = username || extractUsernameFromJWT();
+    if (!userToStore) {
+      console.error('❌ No username available - either provide username or ensure JWT token is valid');
       return {
         success: false,
-        error: 'PIN must be at least 4 digits'
+        error: 'No username available for PIN storage'
       };
     }
+    console.log('🔐 Storing PIN for user:', userToStore);
 
-    // Get JWT token from storage if not provided
-    let authToken = jwtToken;
-    if (!authToken) {
-      authToken = (await AsyncStorage.getItem('onairos_jwt_token')) || (await AsyncStorage.getItem('enoch_token')) || (await AsyncStorage.getItem('auth_token')) || (await AsyncStorage.getItem('email_verification_token'));
-    }
-    if (!authToken) {
-      console.warn('⚠️ No JWT token available for PIN storage');
-      return {
-        success: false,
-        error: 'No authentication token available'
-      };
-    }
-    console.log('📤 Sending PIN to /store-pin/web endpoint');
-
-    // Make authenticated request to store PIN
-    const response = await makeAuthenticatedRequest('/store-pin/web', {
+    // Make authenticated request to store PIN (using developer API key for now)
+    const response = await makeDeveloperRequest('/store-pin/web', {
       method: 'POST',
       headers: {
-        'Authorization': `Bearer ${authToken}`
+        'Content-Type': 'application/json'
       },
       body: JSON.stringify({
-        username,
+        username: userToStore,
         pin
       })
     });
-    console.log('📡 PIN storage response status:', response.status);
-    if (!response.ok) {
-      const errorText = await response.text();
-      console.error('❌ PIN storage failed:', errorText);
-      return {
-        success: false,
-        error: `PIN storage failed: ${response.status} - ${errorText}`
-      };
-    }
-    const result = await response.json();
-    console.log('📥 PIN storage response:', result);
-    if (result.success) {
-      console.log('✅ PIN stored successfully after biometric authentication');
-
-      // Store PIN locally for future use
-      await AsyncStorage.setItem('user_pin_stored', 'true');
-      await AsyncStorage.setItem('pin_storage_timestamp', Date.now().toString());
+    const data = await response.json();
+    if (response.ok && data.success) {
+      console.log('✅ PIN stored successfully for user:', userToStore);
       return {
-        success: true,
-        message: result.message || 'PIN stored successfully'
+        success: true
       };
     } else {
-      console.error('❌ PIN storage API returned error:', result.error);
+      console.error('❌ Failed to store PIN:', data.error);
       return {
         success: false,
-        error: result.error || 'PIN storage failed'
+        error: data.error || 'Failed to store PIN'
       };
     }
   } catch (error) {
-    console.error('❌ Error storing PIN after biometric authentication:', error);
+    console.error('❌ Error storing PIN:', error);
     return {
       success: false,
-      error: error instanceof Error ? error.message : 'PIN storage failed'
+      error: error instanceof Error ? error.message : 'Network error'
     };
   }
 };