npm - @oxyhq/auth - Versions diffs - 2.0.4 → 2.0.5 - Mend

@oxyhq/auth 2.0.4 → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/dist/cjs/.tsbuildinfo +1 -1
package/dist/cjs/WebOxyProvider.js +37 -0
package/dist/cjs/hooks/mutations/useAccountMutations.js +185 -43
package/dist/cjs/hooks/queryClient.js +136 -92
package/dist/cjs/hooks/useFileDownloadUrl.js +12 -36
package/dist/cjs/hooks/useSessionSocket.js +81 -94
package/dist/cjs/index.js +1 -2
package/dist/cjs/utils/sessionHelpers.js +3 -1
package/dist/cjs/utils/storageHelpers.js +36 -10
package/dist/esm/.tsbuildinfo +1 -1
package/dist/esm/WebOxyProvider.js +38 -1
package/dist/esm/hooks/mutations/useAccountMutations.js +186 -44
package/dist/esm/hooks/queryClient.js +132 -89
package/dist/esm/hooks/useFileDownloadUrl.js +11 -34
package/dist/esm/hooks/useSessionSocket.js +81 -94
package/dist/esm/index.js +1 -1
package/dist/esm/utils/sessionHelpers.js +3 -1
package/dist/esm/utils/storageHelpers.js +36 -10
package/dist/types/.tsbuildinfo +1 -1
package/dist/types/WebOxyProvider.d.ts +1 -1
package/dist/types/hooks/mutations/useAccountMutations.d.ts +153 -9
package/dist/types/hooks/queries/useAccountQueries.d.ts +11 -7
package/dist/types/hooks/queries/useSecurityQueries.d.ts +2 -2
package/dist/types/hooks/queries/useServicesQueries.d.ts +7 -5
package/dist/types/hooks/queryClient.d.ts +24 -10
package/dist/types/hooks/useAssets.d.ts +1 -1
package/dist/types/hooks/useFileDownloadUrl.d.ts +2 -6
package/dist/types/index.d.ts +1 -1
package/dist/types/utils/sessionHelpers.d.ts +3 -1
package/package.json +22 -3
package/src/WebOxyProvider.tsx +39 -1
package/src/hooks/mutations/useAccountMutations.ts +230 -57
package/src/hooks/queryClient.ts +140 -83
package/src/hooks/useFileDownloadUrl.ts +15 -39
package/src/hooks/useSessionSocket.ts +123 -91
package/src/index.ts +1 -1
package/src/utils/sessionHelpers.ts +3 -1
package/src/utils/storageHelpers.ts +49 -10

package/dist/cjs/hooks/useFileDownloadUrl.js CHANGED Viewed

@@ -1,42 +1,19 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.useFileDownloadUrl = exports.setOxyFileUrlInstance = void 0;
+exports.useFileDownloadUrl = void 0;
 const react_1 = require("react");
-const core_1 = require("@oxyhq/core");
-let oxyInstance = null;
-const setOxyFileUrlInstance = (instance) => {
-    oxyInstance = instance;
-};
-exports.setOxyFileUrlInstance = setOxyFileUrlInstance;
 /**
  * Hook to resolve a file's download URL asynchronously.
  *
- * Prefers the provided `oxyServices` instance, falls back to the module-level
- * singleton set via `setOxyFileUrlInstance`.
- *
  * Uses `getFileDownloadUrlAsync` first, falling back to the synchronous
  * `getFileDownloadUrl` if the async call fails.
  */
-const useFileDownloadUrl = (fileIdOrServices, fileIdOrOptions, maybeOptions) => {
-    // Support two call signatures:
-    // 1. useFileDownloadUrl(oxyServices, fileId, options)  — preferred
-    // 2. useFileDownloadUrl(fileId, options)               — legacy (uses singleton)
-    let services;
-    let fileId;
-    let options;
-    if (fileIdOrServices instanceof core_1.OxyServices) {
-        services = fileIdOrServices;
-        fileId = typeof fileIdOrOptions === 'string' ? fileIdOrOptions : null;
-        options = maybeOptions;
-    }
-    else {
-        services = oxyInstance;
-        fileId = typeof fileIdOrServices === 'string' ? fileIdOrServices : null;
-        options = typeof fileIdOrOptions === 'object' && fileIdOrOptions !== null ? fileIdOrOptions : undefined;
-    }
+const useFileDownloadUrl = (oxyServices, fileId, options) => {
     const [url, setUrl] = (0, react_1.useState)(null);
     const [loading, setLoading] = (0, react_1.useState)(false);
     const [error, setError] = (0, react_1.useState)(null);
+    const variant = options?.variant;
+    const expiresIn = options?.expiresIn;
     (0, react_1.useEffect)(() => {
         if (!fileId) {
             setUrl(null);
@@ -44,25 +21,25 @@ const useFileDownloadUrl = (fileIdOrServices, fileIdOrOptions, maybeOptions) =>
             setError(null);
             return;
         }
-        if (!services) {
+        if (!oxyServices) {
             setUrl(null);
             setLoading(false);
             setError(new Error('OxyServices instance not configured for useFileDownloadUrl'));
             return;
         }
         let cancelled = false;
-        const instance = services;
+        const instance = oxyServices;
+        const targetFileId = fileId;
         const load = async () => {
             setLoading(true);
             setError(null);
             try {
-                const { variant, expiresIn } = options || {};
                 let resolvedUrl = null;
                 if (typeof instance.getFileDownloadUrlAsync === 'function') {
-                    resolvedUrl = await instance.getFileDownloadUrlAsync(fileId, variant, expiresIn);
+                    resolvedUrl = await instance.getFileDownloadUrlAsync(targetFileId, variant, expiresIn);
                 }
                 if (!resolvedUrl && typeof instance.getFileDownloadUrl === 'function') {
-                    resolvedUrl = instance.getFileDownloadUrl(fileId, variant, expiresIn);
+                    resolvedUrl = instance.getFileDownloadUrl(targetFileId, variant, expiresIn);
                 }
                 if (!cancelled) {
                     setUrl(resolvedUrl || null);
@@ -72,8 +49,7 @@ const useFileDownloadUrl = (fileIdOrServices, fileIdOrOptions, maybeOptions) =>
                 // Fallback to sync URL on error where possible
                 try {
                     if (typeof instance.getFileDownloadUrl === 'function') {
-                        const { variant, expiresIn } = options || {};
-                        const fallbackUrl = instance.getFileDownloadUrl(fileId, variant, expiresIn);
+                        const fallbackUrl = instance.getFileDownloadUrl(targetFileId, variant, expiresIn);
                         if (!cancelled) {
                             setUrl(fallbackUrl || null);
                             setError(err instanceof Error ? err : new Error(String(err)));
@@ -82,7 +58,7 @@ const useFileDownloadUrl = (fileIdOrServices, fileIdOrOptions, maybeOptions) =>
                     }
                 }
                 catch {
-                    // ignore secondary failure
+                    // Secondary failure: surface the original error below.
                 }
                 if (!cancelled) {
                     setError(err instanceof Error ? err : new Error(String(err)));
@@ -98,7 +74,7 @@ const useFileDownloadUrl = (fileIdOrServices, fileIdOrOptions, maybeOptions) =>
         return () => {
             cancelled = true;
         };
-    }, [fileId, services, options?.variant, options?.expiresIn]);
+    }, [fileId, oxyServices, variant, expiresIn]);
     return { url, loading, error };
 };
 exports.useFileDownloadUrl = useFileDownloadUrl;

package/dist/cjs/hooks/useSessionSocket.js CHANGED Viewed

@@ -60,7 +60,8 @@ function readTokenFromStorage() {
     try {
         return window.localStorage.getItem(LS_ACCESS_TOKEN_KEY);
     }
-    catch {
+    catch (err) {
+        console.warn('[oxy.session-socket] localStorage read failed:', err);
         return null;
     }
 }
@@ -73,12 +74,12 @@ async function getSocketIO() {
         return null;
     _ioLoadAttempted = true;
     try {
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
-        const mod = await Promise.resolve().then(() => __importStar(require('socket.io-client')));
-        _io = (mod.io ?? mod.default);
+        const mod = (await Promise.resolve().then(() => __importStar(require('socket.io-client'))));
+        _io = mod.io ?? mod.default ?? null;
         return _io;
     }
-    catch {
+    catch (err) {
+        console.warn('[oxy.session-socket] socket.io-client import failed:', err);
         debug.warn('socket.io-client is not installed. useSessionSocket will be disabled. Install it with: bun add socket.io-client');
         return null;
     }
@@ -145,7 +146,7 @@ function useSessionSocket(options) {
             // If no token is available at all, we skip the initial connect and let
             // the storage listener or retry logic connect when a token appears.
             const token = resolveToken();
-            socketRef.current = ioFn(baseURL, {
+            const socket = ioFn(baseURL, {
                 transports: ['websocket'],
                 autoConnect: !!token, // don't auto-connect when there is no token
                 auth: (cb) => {
@@ -162,7 +163,7 @@ function useSessionSocket(options) {
                     cb({ token: resolved });
                 },
             });
-            const socket = socketRef.current;
+            socketRef.current = socket;
             // Server auto-joins the user to `user:<userId>` room on connection
             const handleConnect = () => {
                 debug.log('Socket connected:', socket.id);
@@ -198,110 +199,94 @@ function useSessionSocket(options) {
                 (0, queryKeys_1.invalidateSessionQueries)(queryClientRef.current);
                 return Promise.resolve();
             };
+            const triggerLocalSignOut = async (toastMessage, errorContext) => {
+                if (onRemoteSignOutRef.current) {
+                    onRemoteSignOutRef.current();
+                }
+                else {
+                    sonner_1.toast.info(toastMessage);
+                }
+                // Clear local state since the server has already removed the session.
+                // Await so storage cleanup completes before any subsequent navigation.
+                try {
+                    await clearSessionStateRef.current();
+                }
+                catch (error) {
+                    if (process.env.NODE_ENV !== 'production') {
+                        core_1.logger.error(`Failed to clear session state after ${errorContext}`, error instanceof Error ? error : new Error(String(error)), { component: 'useSessionSocket' });
+                    }
+                }
+            };
             const handleSessionUpdate = async (data) => {
                 debug.log('Received session_update:', data);
                 const currentActiveSessionId = activeSessionIdRef.current;
                 const deviceId = currentDeviceIdRef.current;
-                // Handle different event types
-                if (data.type === 'session_removed') {
-                    // Track removed session
-                    if (data.sessionId && onSessionRemovedRef.current) {
-                        onSessionRemovedRef.current(data.sessionId);
-                    }
-                    // If the removed sessionId matches the current activeSessionId, immediately clear state
-                    if (data.sessionId === currentActiveSessionId) {
-                        if (onRemoteSignOutRef.current) {
-                            onRemoteSignOutRef.current();
-                        }
-                        else {
-                            sonner_1.toast.info('You have been signed out remotely.');
+                // Strict whitelist. Every event type that may sign the user out must
+                // appear in the switch. Anything unknown falls through to `default`,
+                // which only logs in dev. This guards against future server-side event
+                // additions (e.g. `session_created` after a successful sign-in)
+                // accidentally triggering sign-out via a fallback branch that compares
+                // `data.sessionId === currentActiveSessionId` — that branch would match
+                // the user's NEW session id and trigger an instant remote sign-out
+                // toast on every login.
+                switch (data.type) {
+                    case 'session_removed': {
+                        if (data.sessionId && onSessionRemovedRef.current) {
+                            onSessionRemovedRef.current(data.sessionId);
                         }
-                        try {
-                            await clearSessionStateRef.current();
+                        if (data.sessionId && data.sessionId === currentActiveSessionId) {
+                            await triggerLocalSignOut('You have been signed out remotely.', 'session_removed');
                         }
-                        catch (error) {
-                            if (process.env.NODE_ENV !== 'production') {
-                                core_1.logger.error('Failed to clear session state after session_removed', error instanceof Error ? error : new Error(String(error)), { component: 'useSessionSocket' });
-                            }
+                        else {
+                            refreshSessions();
                         }
+                        break;
                     }
-                    else {
-                        refreshSessions();
-                    }
-                }
-                else if (data.type === 'device_removed') {
-                    // Track all removed sessions from this device
-                    if (data.sessionIds && onSessionRemovedRef.current) {
-                        for (const sessionId of data.sessionIds) {
-                            onSessionRemovedRef.current(sessionId);
+                    case 'device_removed': {
+                        if (data.sessionIds && onSessionRemovedRef.current) {
+                            for (const sessionId of data.sessionIds) {
+                                onSessionRemovedRef.current(sessionId);
+                            }
                         }
-                    }
-                    // If the removed deviceId matches the current device, immediately clear state
-                    if (data.deviceId && data.deviceId === deviceId) {
-                        if (onRemoteSignOutRef.current) {
-                            onRemoteSignOutRef.current();
+                        if (data.deviceId && deviceId && data.deviceId === deviceId) {
+                            await triggerLocalSignOut('This device has been removed. You have been signed out.', 'device_removed');
                         }
                         else {
-                            sonner_1.toast.info('This device has been removed. You have been signed out.');
-                        }
-                        try {
-                            await clearSessionStateRef.current();
-                        }
-                        catch (error) {
-                            if (process.env.NODE_ENV !== 'production') {
-                                core_1.logger.error('Failed to clear session state after device_removed', error instanceof Error ? error : new Error(String(error)), { component: 'useSessionSocket' });
-                            }
+                            refreshSessions();
                         }
+                        break;
                     }
-                    else {
-                        refreshSessions();
-                    }
-                }
-                else if (data.type === 'sessions_removed') {
-                    // Track all removed sessions
-                    if (data.sessionIds && onSessionRemovedRef.current) {
-                        for (const sessionId of data.sessionIds) {
-                            onSessionRemovedRef.current(sessionId);
+                    case 'sessions_removed': {
+                        if (data.sessionIds && onSessionRemovedRef.current) {
+                            for (const sessionId of data.sessionIds) {
+                                onSessionRemovedRef.current(sessionId);
+                            }
                         }
-                    }
-                    // If the current activeSessionId is in the removed sessionIds list, immediately clear state
-                    if (data.sessionIds && currentActiveSessionId && data.sessionIds.includes(currentActiveSessionId)) {
-                        if (onRemoteSignOutRef.current) {
-                            onRemoteSignOutRef.current();
+                        if (data.sessionIds &&
+                            currentActiveSessionId &&
+                            data.sessionIds.includes(currentActiveSessionId)) {
+                            await triggerLocalSignOut('You have been signed out remotely.', 'sessions_removed');
                         }
                         else {
-                            sonner_1.toast.info('You have been signed out remotely.');
-                        }
-                        try {
-                            await clearSessionStateRef.current();
-                        }
-                        catch (error) {
-                            if (process.env.NODE_ENV !== 'production') {
-                                core_1.logger.error('Failed to clear session state after sessions_removed', error instanceof Error ? error : new Error(String(error)), { component: 'useSessionSocket' });
-                            }
+                            refreshSessions();
                         }
+                        break;
                     }
-                    else {
+                    case 'session_created':
+                    case 'session_update': {
+                        // Lifecycle event for the current user. Just resync the sessions
+                        // list — never sign out.
                         refreshSessions();
+                        break;
                     }
-                }
-                else {
-                    // For other event types (e.g., session_created), refresh sessions
-                    refreshSessions();
-                    // If the current session was logged out (legacy behavior), handle it specially
-                    if (data.sessionId === currentActiveSessionId) {
-                        if (onRemoteSignOutRef.current) {
-                            onRemoteSignOutRef.current();
-                        }
-                        else {
-                            sonner_1.toast.info('You have been signed out remotely.');
-                        }
-                        try {
-                            await clearSessionStateRef.current();
-                        }
-                        catch (error) {
-                            debug.error('Failed to clear session state after session_update:', error);
+                    default: {
+                        if (process.env.NODE_ENV !== 'production') {
+                            core_1.logger.warn('Unknown session socket event type', {
+                                component: 'useSessionSocket',
+                                type: data.type,
+                            });
                         }
+                        break;
                     }
                 }
             };
@@ -329,12 +314,14 @@ function useSessionSocket(options) {
             if (authRetryTimer) {
                 clearTimeout(authRetryTimer);
             }
-            if (socketRef.current) {
+            const currentSocket = socketRef.current;
+            if (currentSocket) {
                 // Remove cross-tab storage listener
-                if (typeof window !== 'undefined' && socketRef.current.__oxyStorageHandler) {
-                    window.removeEventListener('storage', socketRef.current.__oxyStorageHandler);
+                const storageHandler = currentSocket.__oxyStorageHandler;
+                if (typeof window !== 'undefined' && storageHandler) {
+                    window.removeEventListener('storage', storageHandler);
                 }
-                socketRef.current.disconnect();
+                currentSocket.disconnect();
                 socketRef.current = null;
             }
         };

package/dist/cjs/index.js CHANGED Viewed

@@ -25,7 +25,7 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.useAssets = exports.useSessionSocket = exports.isWebBrowser = exports.useWebSSO = exports.createGenericMutation = exports.createProfileMutation = exports.useRemoveDevice = exports.useUpdateDeviceName = exports.useLogoutAll = exports.useLogoutSession = exports.useSwitchSession = exports.useUploadFile = exports.useUpdatePrivacySettings = exports.useUpdateAccountSettings = exports.useUploadAvatar = exports.useUpdateProfile = exports.useRecentSecurityActivity = exports.useSecurityActivity = exports.useSecurityInfo = exports.useUserDevices = exports.useDeviceSessions = exports.useSession = exports.useSessions = exports.usePrivacySettings = exports.useUsersBySessions = exports.useUserByUsername = exports.useUserById = exports.useCurrentUser = exports.useUserProfiles = exports.useUserProfile = exports.useFollowStore = exports.useAccountLoadingSession = exports.useAccountError = exports.useAccountLoading = exports.useAccounts = exports.useAccountStore = exports.useIsAssetLinked = exports.useAssetUsageCount = exports.useAssetsByEntity = exports.useAssetsByApp = exports.useAssetErrors = exports.useAssetLoading = exports.useUploadProgress = exports.useAsset = exports.useAssetsStore = exports.useAssetStore = exports.useAuthStore = exports.useAuth = exports.useWebOxy = exports.WebOxyProvider = void 0;
-exports.extractErrorMessage = exports.isTimeoutOrNetworkError = exports.isInvalidSessionError = exports.handleAuthError = exports.useFileFiltering = exports.useFollowerCounts = exports.useFollow = exports.setOxyFileUrlInstance = exports.useFileDownloadUrl = exports.setOxyAssetInstance = void 0;
+exports.extractErrorMessage = exports.isTimeoutOrNetworkError = exports.isInvalidSessionError = exports.handleAuthError = exports.useFileFiltering = exports.useFollowerCounts = exports.useFollow = exports.useFileDownloadUrl = exports.setOxyAssetInstance = void 0;
 // --- Provider & Hooks ---
 var WebOxyProvider_1 = require("./WebOxyProvider");
 Object.defineProperty(exports, "WebOxyProvider", { enumerable: true, get: function () { return WebOxyProvider_1.WebOxyProvider; } });
@@ -95,7 +95,6 @@ Object.defineProperty(exports, "useAssets", { enumerable: true, get: function ()
 Object.defineProperty(exports, "setOxyAssetInstance", { enumerable: true, get: function () { return useAssets_1.setOxyAssetInstance; } });
 var useFileDownloadUrl_1 = require("./hooks/useFileDownloadUrl");
 Object.defineProperty(exports, "useFileDownloadUrl", { enumerable: true, get: function () { return useFileDownloadUrl_1.useFileDownloadUrl; } });
-Object.defineProperty(exports, "setOxyFileUrlInstance", { enumerable: true, get: function () { return useFileDownloadUrl_1.setOxyFileUrlInstance; } });
 var useFollow_1 = require("./hooks/useFollow");
 Object.defineProperty(exports, "useFollow", { enumerable: true, get: function () { return useFollow_1.useFollow; } });
 Object.defineProperty(exports, "useFollowerCounts", { enumerable: true, get: function () { return useFollow_1.useFollowerCounts; } });

package/dist/cjs/utils/sessionHelpers.js CHANGED Viewed

@@ -25,7 +25,9 @@ const mapSessionsToClient = (sessions, fallbackDeviceId, fallbackUserId) => {
 };
 exports.mapSessionsToClient = mapSessionsToClient;
 /**
- * Fetch device sessions with fallback to the legacy session endpoint when needed.
+ * Fetch device sessions, falling back to the per-user session endpoint
+ * if the device endpoint is unavailable (older API versions or disabled
+ * device-grouping feature flag).
  *
  * @param oxyServices - Oxy service instance
  * @param sessionId - Session identifier to fetch

package/dist/cjs/utils/storageHelpers.js CHANGED Viewed

@@ -41,7 +41,8 @@ const MEMORY_STORAGE = () => {
     const store = new Map();
     return {
         async getItem(key) {
-            return store.has(key) ? store.get(key) : null;
+            const value = store.get(key);
+            return value === undefined ? null : value;
         },
         async setItem(key, value) {
             store.set(key, value);
@@ -67,7 +68,8 @@ const createWebStorage = () => {
             try {
                 return window.localStorage.getItem(key);
             }
-            catch {
+            catch (err) {
+                console.warn('[oxy.storage] localStorage.getItem failed:', err);
                 return null;
             }
         },
@@ -75,29 +77,44 @@ const createWebStorage = () => {
             try {
                 window.localStorage.setItem(key, value);
             }
-            catch {
-                // Ignore quota or access issues for now.
+            catch (err) {
+                // Quota exceeded or storage disabled (e.g., Safari private mode).
+                // Surface to logs so it is debuggable, but do not throw so callers
+                // can keep functioning with degraded persistence.
+                console.warn('[oxy.storage] localStorage.setItem failed:', err);
             }
         },
         async removeItem(key) {
             try {
                 window.localStorage.removeItem(key);
             }
-            catch {
-                // Ignore failures.
+            catch (err) {
+                console.warn('[oxy.storage] localStorage.removeItem failed:', err);
             }
         },
         async clear() {
             try {
                 window.localStorage.clear();
             }
-            catch {
-                // Ignore failures.
+            catch (err) {
+                console.warn('[oxy.storage] localStorage.clear failed:', err);
             }
         },
     };
 };
 let asyncStorageInstance = null;
+/**
+ * Type guard verifying that an imported value exposes the AsyncStorage API.
+ */
+const isAsyncStorageLike = (value) => {
+    if (typeof value !== 'object' || value === null)
+        return false;
+    const candidate = value;
+    return (typeof candidate.getItem === 'function' &&
+        typeof candidate.setItem === 'function' &&
+        typeof candidate.removeItem === 'function' &&
+        typeof candidate.clear === 'function');
+};
 /**
  * Lazily import React Native AsyncStorage implementation.
  */
@@ -108,8 +125,17 @@ const createNativeStorage = async () => {
     try {
         // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
         const moduleName = '@react-native-async-storage/async-storage';
-        const asyncStorageModule = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
-        asyncStorageInstance = asyncStorageModule.default;
+        const asyncStorageModule = (await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s))));
+        const candidate = asyncStorageModule.default;
+        if (!isAsyncStorageLike(candidate)) {
+            throw new Error('AsyncStorage default export does not match expected API');
+        }
+        asyncStorageInstance = {
+            getItem: (key) => candidate.getItem(key),
+            setItem: (key, value) => candidate.setItem(key, value),
+            removeItem: (key) => candidate.removeItem(key),
+            clear: () => candidate.clear(),
+        };
         return asyncStorageInstance;
     }
     catch (error) {