@oxyhq/auth 1.0.0

package/dist/cjs/stores/authStore.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useAuthStore = void 0;
+const zustand_1 = require("zustand");
+const core_1 = require("@oxyhq/core");
+const debug = (0, core_1.createDebugLogger)('AuthStore');
+exports.useAuthStore = (0, zustand_1.create)((set, get) => ({
+    user: null,
+    isAuthenticated: false,
+    isLoading: false,
+    error: null,
+    lastUserFetch: null,
+    loginSuccess: (user) => set({
+        isLoading: false,
+        isAuthenticated: true,
+        user,
+        lastUserFetch: Date.now(),
+    }),
+    loginFailure: (error) => set({ isLoading: false, error }),
+    logout: () => set({
+        user: null,
+        isAuthenticated: false,
+        lastUserFetch: null,
+    }),
+    setUser: (user) => set({ user, lastUserFetch: Date.now() }),
+    fetchUser: async (oxyServices, forceRefresh = false) => {
+        const state = get();
+        const now = Date.now();
+        const cacheAge = state.lastUserFetch ? now - state.lastUserFetch : Number.POSITIVE_INFINITY;
+        const cacheValid = cacheAge < 5 * 60 * 1000; // 5 minutes cache
+        // Use cached data if available and not forcing refresh
+        if (!forceRefresh && state.user && cacheValid) {
+            debug.log('Using cached user data (age:', cacheAge, 'ms)');
+            return;
+        }
+        set({ isLoading: true, error: null });
+        try {
+            const user = await oxyServices.getCurrentUser();
+            set({ user, isLoading: false, isAuthenticated: true, lastUserFetch: now });
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Failed to fetch user';
+            debug.error('Error fetching user:', error);
+            set({ error: errorMessage, isLoading: false });
+        }
+    },
+}));

package/dist/cjs/stores/followStore.js

@@ -0,0 +1,154 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useFollowStore = void 0;
+const zustand_1 = require("zustand");
+exports.useFollowStore = (0, zustand_1.create)((set, get) => ({
+    followingUsers: {},
+    loadingUsers: {},
+    fetchingUsers: {},
+    errors: {},
+    followerCounts: {},
+    followingCounts: {},
+    loadingCounts: {},
+    setFollowingStatus: (userId, isFollowing) => set((state) => ({
+        followingUsers: { ...state.followingUsers, [userId]: isFollowing },
+        errors: { ...state.errors, [userId]: null },
+    })),
+    clearFollowError: (userId) => set((state) => ({
+        errors: { ...state.errors, [userId]: null },
+    })),
+    resetFollowState: () => set({
+        followingUsers: {},
+        loadingUsers: {},
+        fetchingUsers: {},
+        errors: {},
+        followerCounts: {},
+        followingCounts: {},
+        loadingCounts: {},
+    }),
+    fetchFollowStatus: async (userId, oxyServices) => {
+        set((state) => ({
+            fetchingUsers: { ...state.fetchingUsers, [userId]: true },
+            errors: { ...state.errors, [userId]: null },
+        }));
+        try {
+            const response = await oxyServices.getFollowStatus(userId);
+            set((state) => ({
+                followingUsers: { ...state.followingUsers, [userId]: response.isFollowing },
+                fetchingUsers: { ...state.fetchingUsers, [userId]: false },
+                errors: { ...state.errors, [userId]: null },
+            }));
+        }
+        catch (error) {
+            set((state) => ({
+                fetchingUsers: { ...state.fetchingUsers, [userId]: false },
+                errors: { ...state.errors, [userId]: error?.message || 'Failed to fetch follow status' },
+            }));
+        }
+    },
+    toggleFollowUser: async (userId, oxyServices, isCurrentlyFollowing) => {
+        set((state) => ({
+            loadingUsers: { ...state.loadingUsers, [userId]: true },
+            errors: { ...state.errors, [userId]: null },
+        }));
+        try {
+            let response;
+            let newFollowState;
+            if (isCurrentlyFollowing) {
+                response = await oxyServices.unfollowUser(userId);
+                newFollowState = false;
+            }
+            else {
+                response = await oxyServices.followUser(userId);
+                newFollowState = true;
+            }
+            // Update follow status
+            set((state) => ({
+                followingUsers: { ...state.followingUsers, [userId]: newFollowState },
+                loadingUsers: { ...state.loadingUsers, [userId]: false },
+                errors: { ...state.errors, [userId]: null },
+            }));
+            // Update counts if the response includes them
+            // The API returns counts for both users:
+            // - followers: target user's follower count (the user being followed)
+            // - following: current user's following count (the user doing the following)
+            if (response && response.counts) {
+                const { counts } = response;
+                // Get current user ID from oxyServices
+                const currentUserId = oxyServices.getCurrentUserId();
+                set((state) => {
+                    const updates = {};
+                    // Update target user's follower count (the user being followed)
+                    updates.followerCounts = {
+                        ...state.followerCounts,
+                        [userId]: counts.followers
+                    };
+                    // Update current user's following count (the user doing the following)
+                    if (currentUserId) {
+                        updates.followingCounts = {
+                            ...state.followingCounts,
+                            [currentUserId]: counts.following
+                        };
+                    }
+                    return updates;
+                });
+            }
+        }
+        catch (error) {
+            set((state) => ({
+                loadingUsers: { ...state.loadingUsers, [userId]: false },
+                errors: { ...state.errors, [userId]: error?.message || 'Failed to update follow status' },
+            }));
+        }
+    },
+    setFollowerCount: (userId, count) => set((state) => ({
+        followerCounts: { ...state.followerCounts, [userId]: count },
+    })),
+    setFollowingCount: (userId, count) => set((state) => ({
+        followingCounts: { ...state.followingCounts, [userId]: count },
+    })),
+    updateCountsFromFollowAction: (targetUserId, action, counts, currentUserId) => {
+        set((state) => {
+            const updates = {};
+            // Update target user's follower count (the user being followed)
+            updates.followerCounts = {
+                ...state.followerCounts,
+                [targetUserId]: counts.followers
+            };
+            // Update current user's following count (the user doing the following)
+            if (currentUserId) {
+                updates.followingCounts = {
+                    ...state.followingCounts,
+                    [currentUserId]: counts.following
+                };
+            }
+            return updates;
+        });
+    },
+    fetchUserCounts: async (userId, oxyServices) => {
+        set((state) => ({
+            loadingCounts: { ...state.loadingCounts, [userId]: true },
+        }));
+        try {
+            const user = await oxyServices.getUserById(userId);
+            if (user && user._count) {
+                set((state) => ({
+                    followerCounts: {
+                        ...state.followerCounts,
+                        [userId]: user._count?.followers || 0
+                    },
+                    followingCounts: {
+                        ...state.followingCounts,
+                        [userId]: user._count?.following || 0
+                    },
+                    loadingCounts: { ...state.loadingCounts, [userId]: false },
+                }));
+            }
+        }
+        catch (error) {
+            set((state) => ({
+                loadingCounts: { ...state.loadingCounts, [userId]: false },
+            }));
+        }
+    },
+}));

package/dist/cjs/utils/authHelpers.js

@@ -0,0 +1,154 @@
+"use strict";
+/**
+ * Authentication helper utilities to reduce code duplication across hooks and utilities.
+ * These functions handle common token validation and authentication error patterns.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthenticationFailedError = exports.SessionSyncRequiredError = void 0;
+exports.ensureValidToken = ensureValidToken;
+exports.isAuthenticationError = isAuthenticationError;
+exports.withAuthErrorHandling = withAuthErrorHandling;
+exports.authenticatedApiCall = authenticatedApiCall;
+/**
+ * Error thrown when session sync is required
+ */
+class SessionSyncRequiredError extends Error {
+    constructor(message = 'Session needs to be synced. Please try again.') {
+        super(message);
+        this.name = 'SessionSyncRequiredError';
+    }
+}
+exports.SessionSyncRequiredError = SessionSyncRequiredError;
+/**
+ * Error thrown when authentication fails
+ */
+class AuthenticationFailedError extends Error {
+    constructor(message = 'Authentication failed. Please sign in again.') {
+        super(message);
+        this.name = 'AuthenticationFailedError';
+    }
+}
+exports.AuthenticationFailedError = AuthenticationFailedError;
+/**
+ * Ensures a valid token exists before making authenticated API calls.
+ * If no valid token exists and an active session ID is available,
+ * attempts to refresh the token using the session.
+ *
+ * @param oxyServices - The OxyServices instance
+ * @param activeSessionId - The active session ID (if available)
+ * @throws {SessionSyncRequiredError} If the session needs to be synced (offline session)
+ * @throws {Error} If token refresh fails for other reasons
+ *
+ * @example
+ * ```ts
+ * // In a mutation or query function:
+ * await ensureValidToken(oxyServices, activeSessionId);
+ * return await oxyServices.updateProfile(updates);
+ * ```
+ */
+async function ensureValidToken(oxyServices, activeSessionId) {
+    if (oxyServices.hasValidToken() || !activeSessionId) {
+        return;
+    }
+    try {
+        await oxyServices.getTokenBySession(activeSessionId);
+    }
+    catch (tokenError) {
+        const errorMessage = tokenError instanceof Error ? tokenError.message : String(tokenError);
+        if (errorMessage.includes('AUTH_REQUIRED_OFFLINE_SESSION') || errorMessage.includes('offline')) {
+            throw new SessionSyncRequiredError();
+        }
+        throw tokenError;
+    }
+}
+/**
+ * Checks if an error is an authentication error (401 or auth-related message)
+ *
+ * @param error - The error to check
+ * @returns True if the error is an authentication error
+ */
+function isAuthenticationError(error) {
+    if (!error || typeof error !== 'object') {
+        return false;
+    }
+    const errorObj = error;
+    const errorMessage = errorObj.message || '';
+    const status = errorObj.status || errorObj.response?.status;
+    return (status === 401 ||
+        errorMessage.includes('Authentication required') ||
+        errorMessage.includes('Invalid or missing authorization header'));
+}
+/**
+ * Wraps an API call with authentication error handling.
+ * If an authentication error occurs, it can optionally attempt to sync the session and retry.
+ *
+ * @param apiCall - The API call function to execute
+ * @param options - Optional error handling configuration
+ * @returns The result of the API call
+ * @throws {AuthenticationFailedError} If authentication fails and cannot be recovered
+ * @throws {Error} If the API call fails for non-auth reasons
+ *
+ * @example
+ * ```ts
+ * // Simple usage:
+ * const result = await withAuthErrorHandling(
+ *   () => oxyServices.updateProfile(updates)
+ * );
+ *
+ * // With retry on auth failure:
+ * const result = await withAuthErrorHandling(
+ *   () => oxyServices.updateProfile(updates),
+ *   { syncSession, activeSessionId, oxyServices }
+ * );
+ * ```
+ */
+async function withAuthErrorHandling(apiCall, options) {
+    try {
+        return await apiCall();
+    }
+    catch (error) {
+        if (!isAuthenticationError(error)) {
+            throw error;
+        }
+        // If we have sync capabilities, try to recover
+        if (options?.syncSession && options?.activeSessionId && options?.oxyServices) {
+            try {
+                await options.syncSession();
+                await options.oxyServices.getTokenBySession(options.activeSessionId);
+                // Retry the API call after refreshing token
+                return await apiCall();
+            }
+            catch {
+                throw new AuthenticationFailedError();
+            }
+        }
+        throw new AuthenticationFailedError();
+    }
+}
+/**
+ * Combines token validation and auth error handling for a complete authenticated API call.
+ * This is the recommended helper for most authenticated API operations.
+ *
+ * @param oxyServices - The OxyServices instance
+ * @param activeSessionId - The active session ID
+ * @param apiCall - The API call function to execute
+ * @param syncSession - Optional callback to sync session on auth failure
+ * @returns The result of the API call
+ *
+ * @example
+ * ```ts
+ * return await authenticatedApiCall(
+ *   oxyServices,
+ *   activeSessionId,
+ *   () => oxyServices.updateProfile(updates)
+ * );
+ * ```
+ */
+async function authenticatedApiCall(oxyServices, activeSessionId, apiCall, syncSession) {
+    await ensureValidToken(oxyServices, activeSessionId);
+    return withAuthErrorHandling(apiCall, {
+        syncSession,
+        activeSessionId,
+        oxyServices,
+    });
+}

package/dist/cjs/utils/avatarUtils.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.updateAvatarVisibility = updateAvatarVisibility;
+exports.refreshAvatarInStore = refreshAvatarInStore;
+exports.updateProfileWithAvatar = updateProfileWithAvatar;
+const accountStore_1 = require("../stores/accountStore");
+const authStore_1 = require("../stores/authStore");
+const queryKeys_1 = require("../hooks/queries/queryKeys");
+const authHelpers_1 = require("./authHelpers");
+/**
+ * Updates file visibility to public for avatar use.
+ * Handles errors gracefully, only logging non-404 errors.
+ *
+ * @param fileId - The file ID to update visibility for
+ * @param oxyServices - OxyServices instance
+ * @param contextName - Optional context name for logging
+ * @returns Promise that resolves when visibility is updated (or skipped)
+ */
+async function updateAvatarVisibility(fileId, oxyServices, contextName = 'AvatarUtils') {
+    // Skip if temporary asset ID or no file ID
+    if (!fileId || fileId.startsWith('temp-')) {
+        return;
+    }
+    try {
+        await oxyServices.assetUpdateVisibility(fileId, 'public');
+        // Visibility update is logged by the API
+    }
+    catch (visError) {
+        // Silently handle errors - 404 means asset doesn't exist yet (which is OK)
+        // Other errors are logged by the API, so no need to log here
+        // Function continues gracefully regardless of visibility update success
+    }
+}
+/**
+ * Refreshes avatar in accountStore with cache-busted URL to force image reload.
+ *
+ * @param sessionId - The session ID for the account to update
+ * @param avatarFileId - The new avatar file ID
+ * @param oxyServices - OxyServices instance to generate download URL
+ */
+function refreshAvatarInStore(sessionId, avatarFileId, oxyServices) {
+    const { updateAccount } = accountStore_1.useAccountStore.getState();
+    const cacheBustedUrl = oxyServices.getFileDownloadUrl(avatarFileId, 'thumb') + `?t=${Date.now()}`;
+    updateAccount(sessionId, {
+        avatar: avatarFileId,
+        avatarUrl: cacheBustedUrl,
+    });
+}
+/**
+ * Updates user profile with avatar and handles all side effects (query invalidation, accountStore update).
+ * This function can be used from within OxyContext provider without requiring useOxy hook.
+ *
+ * @param updates - Profile updates including avatar
+ * @param oxyServices - OxyServices instance
+ * @param activeSessionId - Active session ID
+ * @param queryClient - TanStack Query client
+ * @param syncSession - Optional function to sync session/refresh token when auth errors occur
+ * @returns Promise that resolves with updated user data
+ */
+async function updateProfileWithAvatar(updates, oxyServices, activeSessionId, queryClient, syncSession) {
+    const data = await (0, authHelpers_1.authenticatedApiCall)(oxyServices, activeSessionId, () => oxyServices.updateProfile(updates), syncSession);
+    // Update cache with server response
+    queryClient.setQueryData(queryKeys_1.queryKeys.accounts.current(), data);
+    if (activeSessionId) {
+        queryClient.setQueryData(queryKeys_1.queryKeys.users.profile(activeSessionId), data);
+    }
+    // Update authStore so frontend components see the changes immediately
+    authStore_1.useAuthStore.getState().setUser(data);
+    // If avatar was updated, refresh accountStore with cache-busted URL
+    if (updates.avatar && activeSessionId) {
+        refreshAvatarInStore(activeSessionId, updates.avatar, oxyServices);
+    }
+    // Invalidate all related queries to refresh everywhere
+    (0, queryKeys_1.invalidateUserQueries)(queryClient);
+    (0, queryKeys_1.invalidateAccountQueries)(queryClient);
+    return data;
+}

package/dist/cjs/utils/errorHandlers.js

@@ -0,0 +1,128 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleAuthError = exports.extractErrorMessage = exports.isTimeoutOrNetworkError = exports.isInvalidSessionError = void 0;
+const DEFAULT_INVALID_SESSION_MESSAGES = [
+    'Invalid or expired session',
+    'Session is invalid',
+    'Session not found',
+    'Session expired',
+];
+const isObject = (value) => typeof value === 'object' && value !== null;
+const getResponseStatus = (error) => {
+    if (!isObject(error))
+        return undefined;
+    const response = error.response;
+    return response?.status;
+};
+/**
+ * Determine whether the error represents an invalid session condition.
+ * This centralizes 401 detection across different fetch clients.
+ */
+const isInvalidSessionError = (error) => {
+    const status = getResponseStatus(error);
+    if (status === 401) {
+        return true;
+    }
+    if (!isObject(error)) {
+        return false;
+    }
+    // Check error.status directly (HttpService sets this)
+    if (error.status === 401) {
+        return true;
+    }
+    const normalizedMessage = (0, exports.extractErrorMessage)(error)?.toLowerCase();
+    if (!normalizedMessage) {
+        return false;
+    }
+    // Check for HTTP 401 in message (HttpService creates errors with "HTTP 401:" format)
+    if (normalizedMessage.includes('http 401') || normalizedMessage.includes('401')) {
+        return true;
+    }
+    return DEFAULT_INVALID_SESSION_MESSAGES.some((msg) => normalizedMessage.includes(msg.toLowerCase()));
+};
+exports.isInvalidSessionError = isInvalidSessionError;
+/**
+ * Determine whether the error represents a timeout or network error.
+ * These are expected when the device is offline or has poor connectivity.
+ */
+const isTimeoutOrNetworkError = (error) => {
+    if (!isObject(error) && !(error instanceof Error)) {
+        return false;
+    }
+    const message = (0, exports.extractErrorMessage)(error, '').toLowerCase();
+    const errorCode = error.code;
+    // Check for timeout/cancelled messages
+    if (message.includes('timeout') ||
+        message.includes('cancelled') ||
+        message.includes('econnaborted') ||
+        message.includes('aborted') ||
+        message.includes('request timeout or cancelled')) {
+        return true;
+    }
+    // Check for timeout/network error codes
+    if (errorCode === 'TIMEOUT' || errorCode === 'NETWORK_ERROR' || errorCode === 'ECONNABORTED') {
+        return true;
+    }
+    // Check for AbortError
+    if (error instanceof Error && error.name === 'AbortError') {
+        return true;
+    }
+    // Check for network-related TypeErrors
+    if (error instanceof TypeError) {
+        const typeErrorMessage = error.message.toLowerCase();
+        if (typeErrorMessage.includes('fetch') ||
+            typeErrorMessage.includes('network') ||
+            typeErrorMessage.includes('failed to fetch')) {
+            return true;
+        }
+    }
+    return false;
+};
+exports.isTimeoutOrNetworkError = isTimeoutOrNetworkError;
+/**
+ * Extract a consistent error message from unknown error shapes.
+ *
+ * @param error - The unknown error payload
+ * @param fallbackMessage - Message to return when no concrete message is available
+ */
+const extractErrorMessage = (error, fallbackMessage = 'Unexpected error') => {
+    if (typeof error === 'string' && error.trim().length > 0) {
+        return error;
+    }
+    if (!isObject(error)) {
+        return fallbackMessage;
+    }
+    const withMessage = error;
+    if (withMessage.message && withMessage.message.trim().length > 0) {
+        return withMessage.message;
+    }
+    const withResponse = error;
+    const responseMessage = withResponse.response?.data?.message ?? withResponse.response?.data?.error;
+    if (typeof responseMessage === 'string' && responseMessage.trim().length > 0) {
+        return responseMessage;
+    }
+    return fallbackMessage;
+};
+exports.extractErrorMessage = extractErrorMessage;
+/**
+ * Centralized error handler for auth-related operations.
+ *
+ * @param error - Unknown error object
+ * @param options - Error handling configuration
+ * @returns Resolved error message
+ */
+const handleAuthError = (error, { defaultMessage, code, status, onError, setAuthError, logger, }) => {
+    const resolvedStatus = status ?? getResponseStatus(error) ?? ((0, exports.isInvalidSessionError)(error) ? 401 : 500);
+    const message = (0, exports.extractErrorMessage)(error, defaultMessage);
+    if (logger) {
+        logger(message, error);
+    }
+    setAuthError?.(message);
+    onError?.({
+        message,
+        code,
+        status: resolvedStatus,
+    });
+    return message;
+};
+exports.handleAuthError = handleAuthError;

package/dist/cjs/utils/sessionHelpers.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateSessionBatch = exports.fetchSessionsWithFallback = exports.mapSessionsToClient = void 0;
+/**
+ * Normalize backend session payloads into `ClientSession` objects.
+ *
+ * @param sessions - Raw session array returned from the API
+ * @param fallbackDeviceId - Device identifier to use when missing from payload
+ * @param fallbackUserId - User identifier to use when missing from payload
+ */
+const mapSessionsToClient = (sessions, fallbackDeviceId, fallbackUserId) => {
+    const now = new Date();
+    return sessions.map((session) => ({
+        sessionId: session.sessionId,
+        deviceId: session.deviceId || fallbackDeviceId || '',
+        expiresAt: session.expiresAt || new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000).toISOString(),
+        lastActive: session.lastActive || now.toISOString(),
+        userId: session.user?.id ||
+            session.userId ||
+            (session.user?._id ? session.user._id.toString() : undefined) ||
+            fallbackUserId ||
+            '',
+        isCurrent: Boolean(session.isCurrent),
+    }));
+};
+exports.mapSessionsToClient = mapSessionsToClient;
+/**
+ * Fetch device sessions with fallback to the legacy session endpoint when needed.
+ *
+ * @param oxyServices - Oxy service instance
+ * @param sessionId - Session identifier to fetch
+ * @param options - Optional fallback options
+ */
+const fetchSessionsWithFallback = async (oxyServices, sessionId, { fallbackDeviceId, fallbackUserId, logger, } = {}) => {
+    try {
+        const deviceSessions = await oxyServices.getDeviceSessions(sessionId);
+        return (0, exports.mapSessionsToClient)(deviceSessions, fallbackDeviceId, fallbackUserId);
+    }
+    catch (error) {
+        if (__DEV__ && logger) {
+            logger('Failed to get device sessions, falling back to user sessions', error);
+        }
+        const userSessions = await oxyServices.getSessionsBySessionId(sessionId);
+        return (0, exports.mapSessionsToClient)(userSessions, fallbackDeviceId, fallbackUserId);
+    }
+};
+exports.fetchSessionsWithFallback = fetchSessionsWithFallback;
+/**
+ * Validate multiple sessions concurrently with configurable concurrency.
+ *
+ * @param oxyServices - Oxy service instance
+ * @param sessionIds - Session identifiers to validate
+ * @param options - Validation options
+ */
+const validateSessionBatch = async (oxyServices, sessionIds, { useHeaderValidation = true, maxConcurrency = 5 } = {}) => {
+    if (!sessionIds.length) {
+        return [];
+    }
+    const uniqueSessionIds = Array.from(new Set(sessionIds));
+    const safeConcurrency = Math.max(1, Math.min(maxConcurrency, uniqueSessionIds.length));
+    const results = [];
+    let index = 0;
+    const worker = async () => {
+        while (index < uniqueSessionIds.length) {
+            const currentIndex = index;
+            index += 1;
+            const sessionId = uniqueSessionIds[currentIndex];
+            try {
+                const validation = await oxyServices.validateSession(sessionId, { useHeaderValidation });
+                const valid = Boolean(validation?.valid);
+                results.push({
+                    sessionId,
+                    valid,
+                    user: validation?.user,
+                    raw: validation,
+                });
+            }
+            catch (error) {
+                results.push({
+                    sessionId,
+                    valid: false,
+                    error,
+                });
+            }
+        }
+    };
+    await Promise.all(Array.from({ length: safeConcurrency }, worker));
+    return results;
+};
+exports.validateSessionBatch = validateSessionBatch;