@oxyhq/core 1.0.0

package/dist/types/CrossDomainAuth.d.ts

@@ -0,0 +1,160 @@
+/**
+ * Cross-Domain Authentication Helper
+ *
+ * Provides a simplified API for cross-domain SSO authentication that automatically
+ * selects the best authentication method based on browser capabilities:
+ *
+ * 1. FedCM (if supported) - Modern, Google-style browser-native auth
+ * 2. Popup (fallback) - OAuth2-style popup window
+ * 3. Redirect (final fallback) - Traditional full-page redirect
+ *
+ * Usage:
+ * ```typescript
+ * import { CrossDomainAuth } from '@oxyhq/services';
+ *
+ * const auth = new CrossDomainAuth(oxyServices);
+ *
+ * // Automatic method selection
+ * const session = await auth.signIn();
+ *
+ * // Or use specific method
+ * const session = await auth.signInWithPopup();
+ * ```
+ */
+import type { OxyServices } from './OxyServices';
+import type { SessionLoginResponse } from './models/session';
+export interface CrossDomainAuthOptions {
+    /**
+     * Preferred authentication method
+     * - 'auto': Automatically select best method (default)
+     * - 'fedcm': Use FedCM (browser-native)
+     * - 'popup': Use popup window
+     * - 'redirect': Use full-page redirect
+     */
+    method?: 'auto' | 'fedcm' | 'popup' | 'redirect';
+    /**
+     * Custom redirect URI (for redirect method)
+     */
+    redirectUri?: string;
+    /**
+     * Whether to open signup page instead of login
+     */
+    isSignup?: boolean;
+    /**
+     * Popup window dimensions (for popup method)
+     */
+    popupDimensions?: {
+        width?: number;
+        height?: number;
+    };
+    /**
+     * Callback when auth method is selected
+     */
+    onMethodSelected?: (method: 'fedcm' | 'popup' | 'redirect') => void;
+}
+export declare class CrossDomainAuth {
+    private oxyServices;
+    constructor(oxyServices: OxyServices);
+    /**
+     * Sign in with automatic method selection
+     *
+     * Tries methods in this order:
+     * 1. FedCM (if supported and not in private browsing)
+     * 2. Popup (if not blocked)
+     * 3. Redirect (always works)
+     *
+     * @param options - Authentication options
+     * @returns Session with user data and access token
+     */
+    signIn(options?: CrossDomainAuthOptions): Promise<SessionLoginResponse | null>;
+    /**
+     * Automatic sign-in with progressive enhancement
+     *
+     * @private
+     */
+    private autoSignIn;
+    /**
+     * Sign in using FedCM (Federated Credential Management)
+     *
+     * Best method - browser-native, no popups, Google-like experience
+     */
+    signInWithFedCM(options?: CrossDomainAuthOptions): Promise<SessionLoginResponse>;
+    /**
+     * Sign in using popup window
+     *
+     * Good method - preserves app state, no full page reload
+     */
+    signInWithPopup(options?: CrossDomainAuthOptions): Promise<SessionLoginResponse>;
+    /**
+     * Sign in using full-page redirect
+     *
+     * Fallback method - works everywhere but loses app state
+     */
+    signInWithRedirect(options?: CrossDomainAuthOptions): void;
+    /**
+     * Handle redirect callback
+     *
+     * Call this on app startup to check if we're returning from auth redirect
+     */
+    handleRedirectCallback(): SessionLoginResponse | null;
+    /**
+     * Silent sign-in (check for existing session)
+     *
+     * Tries to automatically sign in without user interaction.
+     * Works with both FedCM and popup/iframe methods.
+     *
+     * @returns Session if user is already signed in, null otherwise
+     */
+    silentSignIn(): Promise<SessionLoginResponse | null>;
+    /**
+     * Restore session from storage
+     *
+     * For redirect method - restores previously authenticated session from localStorage
+     */
+    restoreSession(): boolean;
+    /**
+     * Check if FedCM is supported in current browser
+     */
+    isFedCMSupported(): boolean;
+    /**
+     * Get recommended authentication method for current environment
+     *
+     * @returns Recommended method name and reason
+     */
+    getRecommendedMethod(): {
+        method: 'fedcm' | 'popup' | 'redirect';
+        reason: string;
+    };
+    /**
+     * Initialize cross-domain auth on app startup
+     *
+     * This handles:
+     * 1. Redirect callback (if returning from auth.oxy.so)
+     * 2. Session restoration (from localStorage)
+     * 3. Silent sign-in (check for existing SSO session)
+     *
+     * @returns Session if user is authenticated, null otherwise
+     */
+    initialize(): Promise<SessionLoginResponse | null>;
+}
+/**
+ * Helper function to create CrossDomainAuth instance
+ *
+ * @example
+ * ```typescript
+ * import { createCrossDomainAuth } from '@oxyhq/services';
+ *
+ * const oxyServices = new OxyServices({ baseURL: 'https://api.oxy.so' });
+ * const auth = createCrossDomainAuth(oxyServices);
+ *
+ * // On app startup
+ * const session = await auth.initialize();
+ * if (session) {
+ *   console.log('User is signed in:', session.user);
+ * }
+ *
+ * // Sign in button click
+ * const session = await auth.signIn();
+ * ```
+ */
+export declare function createCrossDomainAuth(oxyServices: OxyServices): CrossDomainAuth;

package/dist/types/HttpService.d.ts

@@ -0,0 +1,163 @@
+/**
+ * Unified HTTP Service
+ *
+ * Consolidates HttpClient + RequestManager into a single efficient class.
+ * Uses native fetch instead of axios for smaller bundle size.
+ *
+ * Handles:
+ * - Authentication (token management, auto-refresh)
+ * - Caching (TTL-based)
+ * - Deduplication (concurrent requests)
+ * - Retry logic
+ * - Error handling
+ * - Request queuing
+ */
+import type { OxyConfig } from './models/interfaces';
+export interface RequestOptions {
+    cache?: boolean;
+    cacheTTL?: number;
+    deduplicate?: boolean;
+    retry?: boolean;
+    maxRetries?: number;
+    timeout?: number;
+    signal?: AbortSignal;
+    headers?: Record<string, string>;
+}
+interface RequestConfig extends RequestOptions {
+    method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+    url: string;
+    data?: unknown;
+    params?: Record<string, unknown>;
+}
+/**
+ * Unified HTTP Service
+ *
+ * Consolidates HttpClient + RequestManager into a single efficient class.
+ * Uses native fetch instead of axios for smaller bundle size.
+ */
+export declare class HttpService {
+    private baseURL;
+    private tokenStore;
+    private cache;
+    private deduplicator;
+    private requestQueue;
+    private logger;
+    private config;
+    private requestMetrics;
+    constructor(config: OxyConfig);
+    /**
+     * Robust FormData detection that works in browser and Node.js environments
+     * Checks multiple conditions to handle different FormData implementations
+     */
+    private isFormData;
+    /**
+     * Main request method - handles everything in one place
+     */
+    request<T = unknown>(config: RequestConfig): Promise<T>;
+    /**
+     * Generate cache key efficiently
+     * Uses simple hash for large objects to avoid expensive JSON.stringify
+     */
+    private generateCacheKey;
+    /**
+     * Build full URL with query params
+     */
+    private buildURL;
+    /**
+     * Fetch CSRF token from server (with deduplication)
+     * Required for state-changing requests (POST, PUT, PATCH, DELETE)
+     */
+    private fetchCsrfToken;
+    /**
+     * Get auth header with automatic token refresh
+     */
+    private getAuthHeader;
+    /**
+     * Unwrap standardized API response format
+     */
+    private unwrapResponse;
+    /**
+     * Update request metrics
+     */
+    private updateMetrics;
+    /**
+     * GET request convenience method
+     */
+    get<T = unknown>(url: string, config?: Omit<RequestConfig, 'method' | 'url'>): Promise<{
+        data: T;
+    }>;
+    /**
+     * POST request convenience method
+     * Supports FormData uploads - Content-Type will be set automatically for FormData
+     * @param url - Request URL
+     * @param data - Request body (can be FormData for file uploads)
+     * @param config - Request configuration including optional headers
+     * @example
+     * ```typescript
+     * const formData = new FormData();
+     * formData.append('file', file);
+     * await api.post('/upload', formData, { headers: { 'X-Custom-Header': 'value' } });
+     * ```
+     */
+    post<T = unknown>(url: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'url' | 'data'>): Promise<{
+        data: T;
+    }>;
+    /**
+     * PUT request convenience method
+     * Supports FormData uploads - Content-Type will be set automatically for FormData
+     * @param url - Request URL
+     * @param data - Request body (can be FormData for file uploads)
+     * @param config - Request configuration including optional headers
+     * @example
+     * ```typescript
+     * const formData = new FormData();
+     * formData.append('file', file);
+     * await api.put('/upload', formData, { headers: { 'X-Custom-Header': 'value' } });
+     * ```
+     */
+    put<T = unknown>(url: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'url' | 'data'>): Promise<{
+        data: T;
+    }>;
+    /**
+     * PATCH request convenience method
+     * Supports FormData uploads - Content-Type will be set automatically for FormData
+     * @param url - Request URL
+     * @param data - Request body (can be FormData for file uploads)
+     * @param config - Request configuration including optional headers
+     * @example
+     * ```typescript
+     * const formData = new FormData();
+     * formData.append('file', file);
+     * await api.patch('/upload', formData, { headers: { 'X-Custom-Header': 'value' } });
+     * ```
+     */
+    patch<T = unknown>(url: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'url' | 'data'>): Promise<{
+        data: T;
+    }>;
+    delete<T = unknown>(url: string, config?: Omit<RequestConfig, 'method' | 'url'>): Promise<{
+        data: T;
+    }>;
+    setTokens(accessToken: string, refreshToken?: string): void;
+    clearTokens(): void;
+    getAccessToken(): string | null;
+    hasAccessToken(): boolean;
+    getBaseURL(): string;
+    clearCache(): void;
+    clearCacheEntry(key: string): void;
+    getCacheStats(): {
+        size: number;
+        hits: number;
+        misses: number;
+        hitRate: number;
+    };
+    getMetrics(): {
+        totalRequests: number;
+        successfulRequests: number;
+        failedRequests: number;
+        cacheHits: number;
+        cacheMisses: number;
+        averageResponseTime: number;
+    };
+    static __resetTokensForTests(): void;
+}
+export {};

package/dist/types/OxyServices.base.d.ts

@@ -0,0 +1,126 @@
+import type { OxyConfig as OxyConfigBase } from './models/interfaces';
+import { HttpService, type RequestOptions } from './HttpService';
+export interface OxyConfig extends OxyConfigBase {
+    cloudURL?: string;
+}
+/**
+ * Base class for OxyServices with core infrastructure
+ */
+export declare class OxyServicesBase {
+    httpService: HttpService;
+    cloudURL: string;
+    config: OxyConfig;
+    constructor(...args: any[]);
+    static __resetTokensForTests(): void;
+    /**
+     * Make a request with all performance optimizations
+     * This is the main method for all API calls - ensures authentication and performance features
+     */
+    makeRequest<T>(method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE', url: string, data?: any, options?: RequestOptions): Promise<T>;
+    /**
+     * Get the configured Oxy API base URL
+     */
+    getBaseURL(): string;
+    /**
+     * Get the HTTP service instance
+     * Useful for advanced use cases where direct access to the HTTP service is needed
+     */
+    getClient(): HttpService;
+    /**
+     * Get performance metrics
+     */
+    getMetrics(): {
+        totalRequests: number;
+        successfulRequests: number;
+        failedRequests: number;
+        cacheHits: number;
+        cacheMisses: number;
+        averageResponseTime: number;
+    };
+    /**
+     * Clear request cache
+     */
+    clearCache(): void;
+    /**
+     * Clear specific cache entry
+     */
+    clearCacheEntry(key: string): void;
+    /**
+     * Get cache statistics
+     */
+    getCacheStats(): {
+        size: number;
+        hits: number;
+        misses: number;
+        hitRate: number;
+    };
+    /**
+     * Get the configured Oxy Cloud (file storage/CDN) URL
+     */
+    getCloudURL(): string;
+    /**
+     * Set authentication tokens
+     */
+    setTokens(accessToken: string, refreshToken?: string): void;
+    /**
+     * Clear stored authentication tokens
+     */
+    clearTokens(): void;
+    /**
+     * Get the current user ID from the access token
+     */
+    getCurrentUserId(): string | null;
+    /**
+     * Check if the client has a valid access token (public method)
+     */
+    hasValidToken(): boolean;
+    /**
+     * Get the raw access token (for constructing anchor URLs when needed)
+     */
+    getAccessToken(): string | null;
+    /**
+     * Wait for authentication to be ready
+     *
+     * Optimized for high-scale usage with immediate synchronous check and adaptive polling.
+     * Returns immediately if token is already available (0ms delay), otherwise uses
+     * adaptive polling that starts fast (50ms) and gradually increases to reduce CPU usage.
+     *
+     * @param timeoutMs Maximum time to wait in milliseconds (default: 5000ms)
+     * @returns Promise that resolves to true if authentication is ready, false if timeout
+     *
+     * @example
+     * ```typescript
+     * const isReady = await oxyServices.waitForAuth(3000);
+     * if (isReady) {
+     *   // Proceed with authenticated operations
+     * }
+     * ```
+     */
+    waitForAuth(timeoutMs?: number): Promise<boolean>;
+    /**
+     * Execute a function with automatic authentication retry logic
+     * This handles the common case where API calls are made before authentication completes
+     */
+    withAuthRetry<T>(operation: () => Promise<T>, operationName: string, options?: {
+        maxRetries?: number;
+        retryDelay?: number;
+        authTimeoutMs?: number;
+    }): Promise<T>;
+    /**
+     * Validate the current access token with the server
+     */
+    validate(): Promise<boolean>;
+    /**
+     * Centralized error handling
+     */
+    handleError(error: unknown): Error;
+    /**
+     * Health check endpoint
+     */
+    healthCheck(): Promise<{
+        status: string;
+        users?: number;
+        timestamp?: string;
+        [key: string]: any;
+    }>;
+}

package/dist/types/OxyServices.d.ts

@@ -0,0 +1,81 @@
+/**
+ * OxyServices - Unified client for Oxy API and Oxy Cloud
+ *
+ * # Usage Examples
+ *
+ * ## Browser (ESM/TypeScript)
+ *
+ * ```typescript
+ * import { OxyServices } from './core/OxyServices';
+ *
+ * const oxy = new OxyServices({
+ *   baseURL: 'https://api.oxy.so',
+ *   cloudURL: 'https://cloud.oxy.so',
+ * });
+ *
+ * // Authenticate and fetch user
+ * await oxy.setTokens('ACCESS_TOKEN');
+ * const user = await oxy.getCurrentUser();
+ *
+ * // Upload a file (browser File API)
+ * const fileInput = document.querySelector('input[type=file]');
+ * const file = fileInput.files[0];
+ * await oxy.uploadRawFile(file);
+ *
+ * // Get a file download URL for <img src>
+ * const url = oxy.getFileDownloadUrl('fileId', 'thumb');
+ * ```
+ *
+ * ## Node.js (CommonJS/TypeScript)
+ *
+ * ```typescript
+ * import { OxyServices } from './core/OxyServices';
+ * import fs from 'fs';
+ *
+ * const oxy = new OxyServices({
+ *   baseURL: 'https://api.oxy.so',
+ *   cloudURL: 'https://cloud.oxy.so',
+ * });
+ *
+ * // Authenticate and fetch user
+ * await oxy.setTokens('ACCESS_TOKEN');
+ * const user = await oxy.getCurrentUser();
+ *
+ * // Upload a file (Node.js Buffer)
+ * const buffer = fs.readFileSync('myfile.png');
+ * const blob = new Blob([buffer]);
+ * await oxy.uploadRawFile(blob, { filename: 'myfile.png' });
+ *
+ * // Get a file download URL
+ * const url = oxy.getFileDownloadUrl('fileId');
+ * ```
+ *
+ * ## Configuration
+ * - `baseURL`: Oxy API endpoint (e.g., https://api.oxy.so)
+ * - `cloudURL`: Oxy Cloud/CDN endpoint (e.g., https://cloud.oxy.so)
+ *
+ * See method JSDoc for more details and options.
+ */
+import { type OxyConfig } from './OxyServices.base';
+import { OxyAuthenticationError, OxyAuthenticationTimeoutError } from './OxyServices.errors';
+import { composeOxyServices } from './mixins';
+declare const OxyServices_base: any;
+export declare class OxyServices extends OxyServices_base {
+    constructor(config: OxyConfig);
+}
+export interface OxyServices extends InstanceType<ReturnType<typeof composeOxyServices>> {
+}
+export { OxyAuthenticationError, OxyAuthenticationTimeoutError };
+/**
+ * Export the default Oxy Cloud URL (for backward compatibility)
+ */
+export declare const OXY_CLOUD_URL = "https://cloud.oxy.so";
+/**
+ * Export the default Oxy API URL (for documentation)
+ */
+export declare const OXY_API_URL: string;
+/**
+ * Pre-configured client instance for easy import
+ * Uses OXY_API_URL as baseURL and OXY_CLOUD_URL as cloudURL
+ */
+export declare const oxyClient: OxyServices;

package/dist/types/OxyServices.errors.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Custom error types for better error handling
+ */
+export declare class OxyAuthenticationError extends Error {
+    readonly code: string;
+    readonly status: number;
+    constructor(message: string, code?: string, status?: number);
+}
+export declare class OxyAuthenticationTimeoutError extends OxyAuthenticationError {
+    constructor(operationName: string, timeoutMs: number);
+}

package/dist/types/constants/version.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Package version and metadata constants
+ * This file is auto-generated to avoid runtime dependency on package.json
+ */
+export declare const packageInfo: {
+    readonly name: "@oxyhq/services";
+    readonly version: "5.2.1";
+    readonly description: "Reusable OxyHQ module to handle authentication, user management, karma system and more 🚀";
+    readonly main: "lib/commonjs/node/index.js";
+    readonly module: "lib/module/node/index.js";
+    readonly types: "lib/typescript/node/index.d.ts";
+};
+export declare const name: "@oxyhq/services", version: "5.2.1", description: "Reusable OxyHQ module to handle authentication, user management, karma system and more 🚀";

package/dist/types/crypto/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Oxy Crypto Module
+ *
+ * Provides cryptographic identity management for the Oxy ecosystem.
+ * Handles key generation, secure storage, digital signatures, and recovery phrases.
+ */
+import './polyfill';
+export { KeyManager, type KeyPair } from './keyManager';
+export { SignatureService, type SignedMessage, type AuthChallenge } from './signatureService';
+export { RecoveryPhraseService, type RecoveryPhraseResult } from './recoveryPhrase';
+export { KeyManager as default } from './keyManager';