@oxyhq/core 1.0.1 → 1.1.0

package/dist/cjs/i18n/locales/zh-CN.json

@@ -1,120 +1,119 @@
 {
-  "signin": {
-    "title": "登录",
-    "subtitle": "登录以继续",
-    "addAccountTitle": "添加另一个账户",
-    "addAccountSubtitle": "使用另一个账户登录",
-    "username": {
-      "label": "用户名",
-      "placeholder": "输入您的用户名",
-      "helper": "3-30个字符，仅字母和数字",
-      "required": "请输入您的用户名。",
-      "minLength": "用户名必须至少包含3个字符。"
+    "signin": {
+        "title": "登录",
+        "subtitle": "登录以继续",
+        "addAccountTitle": "添加另一个账户",
+        "addAccountSubtitle": "使用另一个账户登录",
+        "username": {
+            "label": "用户名",
+            "placeholder": "输入您的用户名",
+            "helper": "3-30个字符，仅字母和数字",
+            "required": "请输入您的用户名。",
+            "minLength": "用户名必须至少包含3个字符。"
+        },
+        "password": {
+            "label": "密码",
+            "placeholder": "输入您的密码",
+            "required": "请输入您的密码。",
+            "hint": "输入您的密码以登录"
+        },
+        "actions": {
+            "continue": "继续",
+            "back": "返回",
+            "signIn": "登录",
+            "verify": "验证",
+            "openAccountSwitcher": "切换到另一个账户",
+            "openAccountSwitcherSubtitle": "{{count}}个其他账户可用",
+            "openAccountSwitcherSubtitle_singular": "1个其他账户可用",
+            "openAccountSwitcherSubtitle_zero": "查看您保存的账户",
+            "manageAccounts": "管理保存的账户",
+            "manageAccountsSubtitle": "查看会话、删除或登出",
+            "loadingOtherAccounts": "加载其他账户中…",
+            "switchAccountFailed": "无法切换账户。请重试。"
+        },
+        "forgotPrompt": "忘记密码？",
+        "security": {
+            "dataSecure": "您的数据已加密且安全"
+        },
+        "currentlySignedInAs": "当前登录为",
+        "alreadySignedInWith": "已登录",
+        "alreadySignedIn": "已登录",
+        "alreadySignedInMessage": "此账户已登录。继续使用此账户？",
+        "continueWithAccount": "继续",
+        "currentAccount": "当前",
+        "or": "或",
+        "viewAllAccounts": "查看更多{{count}}个",
+        "status": {
+            "accountSwitched": "正在使用{{name}}"
+        }
     },
-    "password": {
-      "label": "密码",
-      "placeholder": "输入您的密码",
-      "required": "请输入您的密码。",
-      "hint": "输入您的密码以登录"
+    "signup": {
+        "welcome": {
+            "title": "欢迎使用Oxy！",
+            "subtitle": "只需几步即可创建您的账户",
+            "haveAccount": "已有账户？",
+            "signInCta": "登录"
+        },
+        "identity": {
+            "title": "您是谁？",
+            "subtitle": "选择您的用户名并输入您的电子邮件"
+        },
+        "username": {
+            "helper": "3-30个字符，仅字母和数字",
+            "required": "请输入用户名",
+            "minLength": "用户名必须至少包含3个字符"
+        },
+        "email": {
+            "required": "请输入电子邮件地址",
+            "invalid": "请输入有效的电子邮件地址",
+            "helper": "我们绝不会分享您的电子邮件"
+        },
+        "security": {
+            "title": "保护您的账户",
+            "subtitle": "创建强密码以保护您的账户"
+        },
+        "password": {
+            "helper": "至少8个字符",
+            "required": "请输入密码",
+            "minLength": "密码必须至少包含8个字符",
+            "confirmRequired": "请确认您的密码",
+            "mismatch": "密码不匹配",
+            "confirmHint": "重新输入您的密码以确认"
+        },
+        "summary": {
+            "title": "快完成了！",
+            "subtitle": "查看您的信息并创建账户",
+            "sectionTitle": "账户信息",
+            "fields": {
+                "username": "用户名",
+                "email": "电子邮件",
+                "password": "密码"
+            },
+            "notSet": "未设置",
+            "securityTip": "为了更强的安全性，创建账户后，请在账户设置中启用生物识别身份验证。",
+            "legalReminder": "创建账户即表示您同意我们的服务条款和隐私政策。"
+        }
     },
-    "actions": {
-      "continue": "继续",
-      "back": "返回",
-      "signIn": "登录",
-      "verify": "验证",
-      "openAccountSwitcher": "切换到另一个账户",
-      "openAccountSwitcherSubtitle": "{{count}}个其他账户可用",
-      "openAccountSwitcherSubtitle_singular": "1个其他账户可用",
-      "openAccountSwitcherSubtitle_zero": "查看您保存的账户",
-      "manageAccounts": "管理保存的账户",
-      "manageAccountsSubtitle": "查看会话、删除或登出",
-      "loadingOtherAccounts": "加载其他账户中…",
-      "switchAccountFailed": "无法切换账户。请重试。"
-    },
-    "forgotPrompt": "忘记密码？",
-    "security": {
-      "dataSecure": "您的数据已加密且安全"
-    },
-    "currentlySignedInAs": "当前登录为",
-    "alreadySignedInWith": "已登录",
-    "alreadySignedIn": "已登录",
-    "alreadySignedInMessage": "此账户已登录。继续使用此账户？",
-    "continueWithAccount": "继续",
-    "currentAccount": "当前",
-    "or": "或",
-    "viewAllAccounts": "查看更多{{count}}个",
-    "status": {
-      "accountSwitched": "正在使用{{name}}"
-    },
-  },
-  "signup": {
-    "welcome": {
-      "title": "欢迎使用Oxy！",
-      "subtitle": "只需几步即可创建您的账户",
-      "haveAccount": "已有账户？",
-      "signInCta": "登录"
-    },
-    "identity": {
-      "title": "您是谁？",
-      "subtitle": "选择您的用户名并输入您的电子邮件"
-    },
-    "username": {
-      "helper": "3-30个字符，仅字母和数字",
-      "required": "请输入用户名",
-      "minLength": "用户名必须至少包含3个字符"
-    },
-    "email": {
-      "required": "请输入电子邮件地址",
-      "invalid": "请输入有效的电子邮件地址",
-      "helper": "我们绝不会分享您的电子邮件"
-    },
-    "security": {
-      "title": "保护您的账户",
-      "subtitle": "创建强密码以保护您的账户"
-    },
-    "password": {
-      "helper": "至少8个字符",
-      "required": "请输入密码",
-      "minLength": "密码必须至少包含8个字符",
-      "confirmRequired": "请确认您的密码",
-      "mismatch": "密码不匹配",
-      "confirmHint": "重新输入您的密码以确认"
-    },
-    "summary": {
-      "title": "快完成了！",
-      "subtitle": "查看您的信息并创建账户",
-      "sectionTitle": "账户信息",
-      "fields": {
-        "username": "用户名",
-        "email": "电子邮件",
-        "password": "密码"
-      },
-      "notSet": "未设置",
-      "securityTip": "为了更强的安全性，创建账户后，请在账户设置中启用生物识别身份验证。",
-      "legalReminder": "创建账户即表示您同意我们的服务条款和隐私政策。"
-    }
-  },
-  "common": {
-    "actions": {
-      "back": "返回",
-      "continue": "继续",
-      "next": "下一步",
-      "getStarted": "开始",
-      "createAccount": "创建账户",
-      "signIn": "登录",
-      "verify": "验证",
-      "resetPassword": "重置密码"
-    },
-    "links": {
-      "recoverAccount": "恢复您的账户",
-      "signUp": "注册"
-    },
-    "labels": {
-      "username": "用户名",
-      "email": "电子邮件",
-      "password": "密码",
-      "confirmPassword": "确认密码"
+    "common": {
+        "actions": {
+            "back": "返回",
+            "continue": "继续",
+            "next": "下一步",
+            "getStarted": "开始",
+            "createAccount": "创建账户",
+            "signIn": "登录",
+            "verify": "验证",
+            "resetPassword": "重置密码"
+        },
+        "links": {
+            "recoverAccount": "恢复您的账户",
+            "signUp": "注册"
+        },
+        "labels": {
+            "username": "用户名",
+            "email": "电子邮件",
+            "password": "密码",
+            "confirmPassword": "确认密码"
+        }
     }
-  }
 }
-

package/dist/cjs/mixins/OxyServices.fedcm.js

@@ -151,7 +151,10 @@ function OxyServicesFedCMMixin(Base) {
                 }
                 const clientId = this.getClientId();
                 debug.log('Silent SSO: Starting for', clientId);
-                // First try silent mediation (no UI) - works if user previously consented
+                // Only try silent mediation (no UI) - works if user previously consented.
+                // We intentionally do NOT fall back to optional mediation here because
+                // this runs on app startup — showing browser UI without user action is bad UX.
+                // Optional/interactive mediation should only happen when the user clicks "Sign In".
                 let credential = null;
                 try {
                     const nonce = this.generateNonce();
@@ -165,33 +168,13 @@ function OxyServicesFedCMMixin(Base) {
                     debug.log('Silent SSO: Silent mediation result:', { hasCredential: !!credential, hasToken: !!credential?.token });
                 }
                 catch (silentError) {
-                    // Silent mediation failed - this is expected if user hasn't consented before or is in quiet period
                     const errorName = silentError instanceof Error ? silentError.name : 'Unknown';
                     const errorMessage = silentError instanceof Error ? silentError.message : String(silentError);
-                    debug.log('Silent SSO: Silent mediation error (will try optional):', { name: errorName, message: errorMessage });
-                }
-                // If silent failed, try optional mediation which shows browser UI if needed
-                if (!credential || !credential.token) {
-                    try {
-                        const nonce = this.generateNonce();
-                        debug.log('Silent SSO: Trying optional mediation (may show browser UI)...');
-                        credential = await this.requestIdentityCredential({
-                            configURL: this.constructor.DEFAULT_CONFIG_URL,
-                            clientId,
-                            nonce,
-                            mediation: 'optional',
-                        });
-                        debug.log('Silent SSO: Optional mediation result:', { hasCredential: !!credential, hasToken: !!credential?.token });
-                    }
-                    catch (optionalError) {
-                        const errorName = optionalError instanceof Error ? optionalError.name : 'Unknown';
-                        const errorMessage = optionalError instanceof Error ? optionalError.message : String(optionalError);
-                        debug.log('Silent SSO: Optional mediation also failed:', { name: errorName, message: errorMessage });
-                        return null;
-                    }
+                    debug.log('Silent SSO: Silent mediation failed:', { name: errorName, message: errorMessage });
+                    return null;
                 }
                 if (!credential || !credential.token) {
-                    debug.log('Silent SSO: No credential returned (user may have dismissed prompt or is not logged in at IdP)');
+                    debug.log('Silent SSO: No credential returned (user not logged in at IdP or hasn\'t consented)');
                     return null;
                 }
                 debug.log('Silent SSO: Got credential, exchanging for session...');
@@ -341,28 +324,17 @@ function OxyServicesFedCMMixin(Base) {
              * @private
              */
             async exchangeIdTokenForSession(idToken) {
-                debug.log('exchangeIdTokenForSession: Starting exchange...');
-                debug.log('exchangeIdTokenForSession: Token length:', idToken?.length);
-                debug.log('exchangeIdTokenForSession: Token preview:', idToken?.substring(0, 50) + '...');
+                debug.log('Exchanging ID token for session...');
                 try {
                     const response = await this.makeRequest('POST', '/api/fedcm/exchange', { id_token: idToken }, { cache: false });
-                    debug.log('exchangeIdTokenForSession: Response received:', {
-                        hasResponse: !!response,
-                        hasSessionId: !!response?.sessionId,
+                    debug.log('Token exchange complete:', {
+                        hasSession: !!response?.sessionId,
                         hasUser: !!response?.user,
-                        hasAccessToken: !!response?.accessToken,
-                        userId: response?.user?.id,
-                        username: response?.user?.username,
-                        responseKeys: response ? Object.keys(response) : [],
                     });
                     return response;
                 }
                 catch (error) {
-                    debug.error('exchangeIdTokenForSession: Error:', {
-                        name: error instanceof Error ? error.name : 'Unknown',
-                        message: error instanceof Error ? error.message : String(error),
-                        stack: error instanceof Error ? error.stack : undefined,
-                    });
+                    debug.error('Token exchange failed:', error instanceof Error ? error.message : String(error));
                     throw error;
                 }
             }
@@ -427,9 +399,9 @@ function OxyServicesFedCMMixin(Base) {
             }
         },
         _a.DEFAULT_CONFIG_URL = 'https://auth.oxy.so/fedcm.json',
-        _a.FEDCM_TIMEOUT = 60000 // 1 minute for interactive
+        _a.FEDCM_TIMEOUT = 15000 // 15 seconds for interactive
     ,
-        _a.FEDCM_SILENT_TIMEOUT = 10000 // 10 seconds for silent mediation
+        _a.FEDCM_SILENT_TIMEOUT = 3000 // 3 seconds for silent mediation
     ,
         _a;
 }

package/dist/cjs/mixins/OxyServices.language.js

@@ -38,6 +38,7 @@ exports.OxyServicesLanguageMixin = OxyServicesLanguageMixin;
  * Language Methods Mixin
  */
 const languageUtils_1 = require("../utils/languageUtils");
+const debugUtils_1 = require("../shared/utils/debugUtils");
 function OxyServicesLanguageMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -50,7 +51,9 @@ function OxyServicesLanguageMixin(Base) {
             const isReactNative = typeof navigator !== 'undefined' && navigator.product === 'ReactNative';
             if (isReactNative) {
                 try {
-                    const asyncStorageModule = await Promise.resolve().then(() => __importStar(require('@react-native-async-storage/async-storage')));
+                    // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+                    const moduleName = '@react-native-async-storage/async-storage';
+                    const asyncStorageModule = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
                     const storage = asyncStorageModule.default;
                     return {
                         getItem: storage.getItem.bind(storage),
@@ -113,7 +116,7 @@ function OxyServicesLanguageMixin(Base) {
                 return null;
             }
             catch (error) {
-                if (__DEV__) {
+                if ((0, debugUtils_1.isDev)()) {
                     console.warn('Failed to get current language:', error);
                 }
                 return null;

package/dist/cjs/mixins/OxyServices.privacy.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OxyServicesPrivacyMixin = OxyServicesPrivacyMixin;
+const debugUtils_1 = require("../shared/utils/debugUtils");
 function OxyServicesPrivacyMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -28,7 +29,7 @@ function OxyServicesPrivacyMixin(Base) {
             }
             catch (error) {
                 // If there's an error, assume not in list to avoid breaking functionality
-                if (__DEV__) {
+                if ((0, debugUtils_1.isDev)()) {
                     console.warn('Error checking user list:', error);
                 }
                 return false;

package/dist/cjs/mixins/OxyServices.security.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OxyServicesSecurityMixin = OxyServicesSecurityMixin;
+const debugUtils_1 = require("../shared/utils/debugUtils");
 function OxyServicesSecurityMixin(Base) {
     return class extends Base {
         constructor(...args) {
@@ -55,7 +56,7 @@ function OxyServicesSecurityMixin(Base) {
             catch (error) {
                 // Don't throw - logging failures shouldn't break user flow
                 // But log for monitoring
-                if (__DEV__) {
+                if ((0, debugUtils_1.isDev)()) {
                     console.warn('[OxyServices] Failed to log private key exported event:', error);
                 }
             }
@@ -72,7 +73,7 @@ function OxyServicesSecurityMixin(Base) {
             catch (error) {
                 // Don't throw - logging failures shouldn't break user flow
                 // But log for monitoring
-                if (__DEV__) {
+                if ((0, debugUtils_1.isDev)()) {
                     console.warn('[OxyServices] Failed to log backup created event:', error);
                 }
             }

package/dist/cjs/shared/utils/debugUtils.js

@@ -13,7 +13,14 @@ exports.createDebugLogger = exports.debugError = exports.debugWarn = exports.deb
  * Check if running in development mode
  */
 const isDev = () => {
-    return typeof __DEV__ !== 'undefined' && __DEV__;
+    if (typeof __DEV__ !== 'undefined')
+        return __DEV__;
+    try {
+        return typeof process !== 'undefined' && process.env?.NODE_ENV === 'development';
+    }
+    catch {
+        return false;
+    }
 };
 exports.isDev = isDev;
 /**

package/dist/cjs/utils/deviceManager.js

@@ -51,7 +51,9 @@ class DeviceManager {
     static async getStorage() {
         if (this.isReactNative()) {
             try {
-                const asyncStorageModule = await Promise.resolve().then(() => __importStar(require('@react-native-async-storage/async-storage')));
+                // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+                const moduleName = '@react-native-async-storage/async-storage';
+                const asyncStorageModule = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
                 const storage = asyncStorageModule.default;
                 return {
                     getItem: storage.getItem.bind(storage),

package/dist/cjs/utils/platform.js

@@ -134,8 +134,9 @@ async function initPlatformFromReactNative() {
         return; // Already initialized
     }
     try {
-        // Dynamic import to avoid bundler issues
-        const { Platform } = await Promise.resolve().then(() => __importStar(require('react-native')));
+        // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
+        const moduleName = 'react-native';
+        const { Platform } = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
         setPlatformOS(Platform.OS);
     }
     catch {

package/dist/esm/AuthManager.js

@@ -6,6 +6,7 @@
  *
  * @module core/AuthManager
  */
+import { retryAsync } from './utils/asyncUtils';
 /**
  * Storage keys used by AuthManager.
  */
@@ -206,19 +207,28 @@ export class AuthManager {
             return false;
         }
         try {
-            // Cast httpService to proper type (needed due to mixin composition)
-            const httpService = this.oxyServices.httpService;
-            const response = await httpService.request({
-                method: 'POST',
-                url: '/api/auth/refresh',
-                data: { refreshToken },
-                cache: false,
+            await retryAsync(async () => {
+                const httpService = this.oxyServices.httpService;
+                const response = await httpService.request({
+                    method: 'POST',
+                    url: '/api/auth/refresh',
+                    data: { refreshToken },
+                    cache: false,
+                });
+                await this.handleAuthSuccess(response, 'credentials');
+            }, 2, // 2 retries = 3 total attempts
+            1000, // 1s base delay with exponential backoff + jitter
+            (error) => {
+                // Don't retry on 4xx client errors (invalid/revoked token)
+                const status = error?.status ?? error?.response?.status;
+                if (status && status >= 400 && status < 500)
+                    return false;
+                return true;
             });
-            await this.handleAuthSuccess(response, 'credentials');
             return true;
         }
         catch {
-            // Refresh failed, clear session and update state
+            // All retry attempts exhausted, clear session
             await this.clearSession();
             this.currentUser = null;
             this.notifyListeners();

package/dist/esm/CrossDomainAuth.js

@@ -10,7 +10,7 @@
  *
  * Usage:
  * ```typescript
- * import { CrossDomainAuth } from '@oxyhq/services';
+ * import { CrossDomainAuth } from '@oxyhq/core';
  *
  * const auth = new CrossDomainAuth(oxyServices);
  *
@@ -233,7 +233,7 @@ export class CrossDomainAuth {
  *
  * @example
  * ```typescript
- * import { createCrossDomainAuth } from '@oxyhq/services';
+ * import { createCrossDomainAuth } from '@oxyhq/core';
  *
  * const oxyServices = new OxyServices({ baseURL: 'https://api.oxy.so' });
  * const auth = createCrossDomainAuth(oxyServices);

package/dist/esm/HttpService.js

@@ -16,6 +16,7 @@ import { TTLCache, registerCacheForCleanup } from './utils/cache';
 import { RequestDeduplicator, RequestQueue, SimpleLogger } from './utils/requestUtils';
 import { retryAsync } from './utils/asyncUtils';
 import { handleHttpError } from './utils/errorUtils';
+import { isDev } from './shared/utils/debugUtils';
 import { jwtDecode } from 'jwt-decode';
 import { isNative, getPlatformOS } from './utils/platform';
 /**
@@ -186,7 +187,7 @@ export class HttpService {
                     headers['X-Native-App'] = 'true';
                 }
                 // Debug logging for CSRF issues
-                if (isStateChangingMethod && __DEV__) {
+                if (isStateChangingMethod && isDev()) {
                     console.log('[HttpService] CSRF Debug:', {
                         url,
                         method,
@@ -370,20 +371,20 @@ export class HttpService {
         // Return cached token if available
         const cachedToken = this.tokenStore.getCsrfToken();
         if (cachedToken) {
-            if (__DEV__)
+            if (isDev())
                 console.log('[HttpService] Using cached CSRF token');
             return cachedToken;
         }
         // Deduplicate concurrent CSRF token fetches
         const existingPromise = this.tokenStore.getCsrfTokenFetchPromise();
         if (existingPromise) {
-            if (__DEV__)
+            if (isDev())
                 console.log('[HttpService] Waiting for existing CSRF fetch');
             return existingPromise;
         }
         const fetchPromise = (async () => {
             try {
-                if (__DEV__)
+                if (isDev())
                     console.log('[HttpService] Fetching CSRF token from:', `${this.baseURL}/api/csrf-token`);
                 // Use AbortController for timeout (more compatible than AbortSignal.timeout)
                 const controller = new AbortController();
@@ -395,11 +396,11 @@ export class HttpService {
                     signal: controller.signal,
                 });
                 clearTimeout(timeoutId);
-                if (__DEV__)
+                if (isDev())
                     console.log('[HttpService] CSRF fetch response:', response.status, response.ok);
                 if (response.ok) {
                     const data = await response.json();
-                    if (__DEV__)
+                    if (isDev())
                         console.log('[HttpService] CSRF response data:', data);
                     const token = data.csrfToken || null;
                     this.tokenStore.setCsrfToken(token);
@@ -413,13 +414,13 @@ export class HttpService {
                     this.logger.debug('CSRF token from header');
                     return headerToken;
                 }
-                if (__DEV__)
+                if (isDev())
                     console.log('[HttpService] CSRF fetch failed with status:', response.status);
                 this.logger.warn('Failed to fetch CSRF token:', response.status);
                 return null;
             }
             catch (error) {
-                if (__DEV__)
+                if (isDev())
                     console.log('[HttpService] CSRF fetch error:', error);
                 this.logger.warn('CSRF token fetch error:', error);
                 return null;

package/dist/esm/OxyServices.base.js

@@ -12,6 +12,8 @@ import { OxyAuthenticationError, OxyAuthenticationTimeoutError } from './OxyServ
  */
 export class OxyServicesBase {
     constructor(...args) {
+        /** @internal */ this._cachedUserId = undefined;
+        /** @internal */ this._cachedAccessToken = null;
         const config = args[0];
         if (!config || typeof config !== 'object') {
             throw new Error('OxyConfig is required');
@@ -95,20 +97,31 @@ export class OxyServicesBase {
      */
     clearTokens() {
         this.httpService.clearTokens();
+        this._cachedUserId = undefined;
+        this._cachedAccessToken = null;
     }
     /**
-     * Get the current user ID from the access token
+     * Get the current user ID from the access token.
+     * Caches the decoded value and invalidates when the token changes.
      */
     getCurrentUserId() {
         const accessToken = this.httpService.getAccessToken();
+        // Return cached value if token hasn't changed
+        if (accessToken === this._cachedAccessToken && this._cachedUserId !== undefined) {
+            return this._cachedUserId;
+        }
+        this._cachedAccessToken = accessToken;
         if (!accessToken) {
+            this._cachedUserId = null;
             return null;
         }
         try {
             const decoded = jwtDecode(accessToken);
-            return decoded.userId || decoded.id || null;
+            this._cachedUserId = decoded.userId || decoded.id || null;
+            return this._cachedUserId;
         }
-        catch (error) {
+        catch {
+            this._cachedUserId = null;
             return null;
         }
     }