@oxyhq/core 1.11.10 → 1.11.12

package/src/crypto/signatureService.ts

@@ -9,23 +9,28 @@ import { ec as EC } from 'elliptic';
 import { KeyManager } from './keyManager';
 import { isReactNative, isNodeJS } from '../utils/platform';
 
-// Lazy import for expo-crypto
+// Lazy imports for platform-specific crypto
 let ExpoCrypto: typeof import('expo-crypto') | null = null;
+let NodeCrypto: typeof import('crypto') | null = null;
 
 const ec = new EC('secp256k1');
 
-/**
- * Initialize expo-crypto module
- */
 async function initExpoCrypto(): Promise<typeof import('expo-crypto')> {
   if (!ExpoCrypto) {
-    // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
     const moduleName = 'expo-crypto';
-    ExpoCrypto = await import(moduleName);
+    ExpoCrypto = await import(/* @vite-ignore */ moduleName);
   }
   return ExpoCrypto!;
 }
 
+async function initNodeCrypto(): Promise<typeof import('crypto')> {
+  if (!NodeCrypto) {
+    const moduleName = 'crypto';
+    NodeCrypto = await import(/* @vite-ignore */ moduleName);
+  }
+  return NodeCrypto!;
+}
+
 /**
  * Compute SHA-256 hash of a string
  */
@@ -39,10 +44,9 @@ async function sha256(message: string): Promise<string> {
     );
   }
 
-  // In Node.js, use Node's crypto module
   if (isNodeJS()) {
     try {
-      const nodeCrypto = await import('crypto');
+      const nodeCrypto = await initNodeCrypto();
       return nodeCrypto.createHash('sha256').update(message).digest('hex');
     } catch {
       // Fall through to Web Crypto API
@@ -85,12 +89,9 @@ export class SignatureService {
         .join('');
     }
 
-    // In Node.js, use Node's crypto module
-    // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
     if (isNodeJS()) {
       try {
-        const cryptoModuleName = 'crypto';
-        const nodeCrypto = await import(cryptoModuleName);
+        const nodeCrypto = await initNodeCrypto();
         return nodeCrypto.randomBytes(32).toString('hex');
       } catch {
         // Fall through to Web Crypto API

package/src/index.ts

@@ -32,6 +32,7 @@ export type { PopupAuthOptions } from './mixins/OxyServices.popup';
 export type { RedirectAuthOptions } from './mixins/OxyServices.redirect';
 export type { ServiceTokenResponse } from './mixins/OxyServices.auth';
 export type { ServiceApp } from './mixins/OxyServices.utility';
+export type { CreateManagedAccountInput, ManagedAccountManager, ManagedAccount } from './mixins/OxyServices.managedAccounts';
 
 // --- Crypto / Identity ---
 export { KeyManager, SignatureService, RecoveryPhraseService } from './crypto';

package/src/mixins/OxyServices.language.ts

@@ -25,7 +25,7 @@ export function OxyServicesLanguageMixin<T extends typeof OxyServicesBase>(Base:
         try {
           // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
           const moduleName = '@react-native-async-storage/async-storage';
-          const asyncStorageModule = await import(moduleName);
+          const asyncStorageModule = await import(/* @vite-ignore */ moduleName);
           const storage = asyncStorageModule.default as unknown as { getItem: (key: string) => Promise<string | null>; setItem: (key: string, value: string) => Promise<void>; removeItem: (key: string) => Promise<void> };
           return {
             getItem: storage.getItem.bind(storage),

package/src/mixins/OxyServices.managedAccounts.ts

@@ -0,0 +1,147 @@
+/**
+ * Managed Accounts Methods Mixin
+ *
+ * Provides SDK methods for creating and managing sub-accounts (managed identities).
+ * Managed accounts are full User documents without passwords, accessible only
+ * by their owners/managers via the X-Acting-As header mechanism.
+ */
+import type { User } from '../models/interfaces';
+import type { OxyServicesBase } from '../OxyServices.base';
+
+export interface CreateManagedAccountInput {
+  username: string;
+  name?: { first?: string; last?: string };
+  bio?: string;
+  avatar?: string;
+}
+
+export interface ManagedAccountManager {
+  userId: string;
+  role: 'owner' | 'admin' | 'editor';
+  addedAt: string;
+  addedBy?: string;
+}
+
+export interface ManagedAccount {
+  accountId: string;
+  ownerId: string;
+  managers: ManagedAccountManager[];
+  account?: User;
+  createdAt?: string;
+  updatedAt?: string;
+}
+
+export function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase>(Base: T) {
+  return class extends Base {
+    constructor(...args: any[]) {
+      super(...(args as [any]));
+    }
+
+    /**
+     * Create a new managed account (sub-account).
+     *
+     * The server creates a User document with `isManagedAccount: true` and links
+     * it to the authenticated user as owner.
+     */
+    async createManagedAccount(data: CreateManagedAccountInput): Promise<ManagedAccount> {
+      try {
+        return await this.makeRequest<ManagedAccount>('POST', '/managed-accounts', data, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * List all accounts the authenticated user manages.
+     */
+    async getManagedAccounts(): Promise<ManagedAccount[]> {
+      try {
+        return await this.makeRequest<ManagedAccount[]>('GET', '/managed-accounts', undefined, {
+          cache: true,
+          cacheTTL: 2 * 60 * 1000, // 2 minutes cache
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Get details for a specific managed account.
+     */
+    async getManagedAccountDetails(accountId: string): Promise<ManagedAccount> {
+      try {
+        return await this.makeRequest<ManagedAccount>('GET', `/managed-accounts/${accountId}`, undefined, {
+          cache: true,
+          cacheTTL: 2 * 60 * 1000,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Update a managed account's profile data.
+     * Requires owner or admin role.
+     */
+    async updateManagedAccount(accountId: string, data: Partial<CreateManagedAccountInput>): Promise<ManagedAccount> {
+      try {
+        return await this.makeRequest<ManagedAccount>('PUT', `/managed-accounts/${accountId}`, data, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Delete a managed account permanently.
+     * Requires owner role.
+     */
+    async deleteManagedAccount(accountId: string): Promise<void> {
+      try {
+        await this.makeRequest<void>('DELETE', `/managed-accounts/${accountId}`, undefined, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Add a manager to a managed account.
+     * Requires owner or admin role on the account.
+     *
+     * @param accountId - The managed account to add the manager to
+     * @param userId - The user to grant management access
+     * @param role - The role to assign: 'admin' or 'editor'
+     */
+    async addManager(accountId: string, userId: string, role: 'admin' | 'editor'): Promise<void> {
+      try {
+        await this.makeRequest<void>('POST', `/managed-accounts/${accountId}/managers`, { userId, role }, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+
+    /**
+     * Remove a manager from a managed account.
+     * Requires owner role.
+     *
+     * @param accountId - The managed account
+     * @param userId - The manager to remove
+     */
+    async removeManager(accountId: string, userId: string): Promise<void> {
+      try {
+        await this.makeRequest<void>('DELETE', `/managed-accounts/${accountId}/managers/${userId}`, undefined, {
+          cache: false,
+        });
+      } catch (error) {
+        throw this.handleError(error);
+      }
+    }
+  };
+}

package/src/mixins/OxyServices.user.ts

@@ -24,6 +24,24 @@ export function OxyServicesUserMixin<T extends typeof OxyServicesBase>(Base: T)
       }
     }
 
+    /**
+     * Lightweight username lookup for login flows.
+     * Returns minimal public info: exists, color, avatar, displayName.
+     * Faster than getProfileByUsername — no stats, no formatting.
+     */
+    async lookupUsername(username: string): Promise<{
+      exists: boolean;
+      username: string;
+      color: string | null;
+      avatar: string | null;
+      displayName: string;
+    }> {
+      return await this.makeRequest('GET', `/auth/lookup/${encodeURIComponent(username)}`, undefined, {
+        cache: true,
+        cacheTTL: 60 * 1000, // 1 minute cache
+      });
+    }
+
     /**
      * Search user profiles
      */

package/src/mixins/OxyServices.utility.ts

@@ -20,6 +20,15 @@ interface JwtPayload {
   [key: string]: any;
 }
 
+/**
+ * Result from the managed-accounts verification endpoint.
+ * Indicates whether a user is authorized to act as a given managed account.
+ */
+interface ActingAsVerification {
+  authorized: boolean;
+  role: 'owner' | 'admin' | 'editor';
+}
+
 /**
  * Service app metadata attached to requests authenticated with service tokens
  */
@@ -50,9 +59,55 @@ interface AuthMiddlewareOptions {
 
 export function OxyServicesUtilityMixin<T extends typeof OxyServicesBase>(Base: T) {
   return class extends Base {
+    /** @internal In-memory cache for acting-as verification results (TTL: 5 min) */
+    _actingAsCache = new Map<string, { result: ActingAsVerification | null; expiresAt: number }>();
+
     constructor(...args: any[]) {
       super(...(args as [any]));
     }
+
+    /**
+     * Verify that a user is authorized to act as a managed account.
+     * Results are cached in-memory for 5 minutes to avoid repeated API calls.
+     *
+     * @internal Used by the auth() middleware — not part of the public API
+     */
+    async verifyActingAs(userId: string, accountId: string): Promise<ActingAsVerification | null> {
+      const cacheKey = `${userId}:${accountId}`;
+      const now = Date.now();
+
+      // Check cache
+      const cached = this._actingAsCache.get(cacheKey);
+      if (cached && cached.expiresAt > now) {
+        return cached.result;
+      }
+
+      // Query the API
+      try {
+        const result = await this.makeRequest<ActingAsVerification>(
+          'GET',
+          '/managed-accounts/verify',
+          { accountId, userId },
+          { cache: false, retry: false, timeout: 5000 }
+        );
+
+        // Cache successful result for 5 minutes
+        this._actingAsCache.set(cacheKey, {
+          result: result && result.authorized ? result : null,
+          expiresAt: now + 5 * 60 * 1000,
+        });
+
+        return result && result.authorized ? result : null;
+      } catch {
+        // Cache negative result for 1 minute to avoid hammering on transient errors
+        this._actingAsCache.set(cacheKey, {
+          result: null,
+          expiresAt: now + 1 * 60 * 1000,
+        });
+        return null;
+      }
+    }
+
     /**
      * Fetch link metadata
      */
@@ -125,6 +180,49 @@ export function OxyServicesUtilityMixin<T extends typeof OxyServicesBase>(Base:
 
       // Return an async middleware function
       return async (req: any, res: any, next: any) => {
+        // Process X-Acting-As header for managed account identity delegation.
+        // Called after successful authentication, before next(). If the header
+        // is present, verifies authorization and swaps the request identity to
+        // the managed account, preserving the original user for audit trails.
+        const processActingAs = async (): Promise<boolean> => {
+          const actingAsUserId = req.headers['x-acting-as'] as string | undefined;
+          if (!actingAsUserId) return true; // No header, proceed normally
+
+          const verification = await oxyInstance.verifyActingAs(req.userId, actingAsUserId);
+          if (!verification) {
+            const error = {
+              error: 'ACTING_AS_UNAUTHORIZED',
+              message: 'Not authorized to act as this account',
+              code: 'ACTING_AS_UNAUTHORIZED',
+              status: 403,
+            };
+            if (onError) {
+              onError(error);
+            } else {
+              res.status(403).json(error);
+            }
+            return false;
+          }
+
+          // Preserve original user for audit trails
+          req.originalUser = { id: req.userId, ...req.user };
+          req.actingAs = { userId: actingAsUserId, role: verification.role };
+
+          // Swap user identity to the managed account
+          req.userId = actingAsUserId;
+          req.user = { id: actingAsUserId } as any;
+          // Also set _id for routes that use Pattern B (req.user._id)
+          if (req.user) {
+            (req.user as any)._id = actingAsUserId;
+          }
+
+          if (debug) {
+            console.log(`[oxy.auth] Acting as ${actingAsUserId} (role=${verification.role}) original=${req.originalUser.id}`);
+          }
+
+          return true;
+        };
+
         try {
           // Extract token from Authorization header or query params
           const authHeader = req.headers['authorization'];
@@ -360,7 +458,9 @@ export function OxyServicesUtilityMixin<T extends typeof OxyServicesBase>(Base:
                 console.log(`[oxy.auth] OK user=${userId} session=${decoded.sessionId}`);
               }
 
-              return next();
+              // Process X-Acting-As header before proceeding
+              if (await processActingAs()) return next();
+              return;
             } catch (validationError) {
               if (debug) {
                 console.log(`[oxy.auth] Session validation failed:`, validationError);
@@ -414,7 +514,8 @@ export function OxyServicesUtilityMixin<T extends typeof OxyServicesBase>(Base:
             console.log(`[oxy.auth] OK user=${userId} (no session)`);
           }
 
-          next();
+          // Process X-Acting-As header before proceeding
+          if (await processActingAs()) next();
         } catch (error) {
           const apiError = oxyInstance.handleError(error) as any;
 

package/src/mixins/index.ts

@@ -24,6 +24,7 @@ import { OxyServicesSecurityMixin } from './OxyServices.security';
 import { OxyServicesUtilityMixin } from './OxyServices.utility';
 import { OxyServicesFeaturesMixin } from './OxyServices.features';
 import { OxyServicesTopicsMixin } from './OxyServices.topics';
+import { OxyServicesManagedAccountsMixin } from './OxyServices.managedAccounts';
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 type MixinFunction = (Base: any) => any;
@@ -68,6 +69,7 @@ const MIXIN_PIPELINE: MixinFunction[] = [
     OxyServicesSecurityMixin,
     OxyServicesFeaturesMixin,
     OxyServicesTopicsMixin,
+    OxyServicesManagedAccountsMixin,
 
     // Utility (last, can use all above)
     OxyServicesUtilityMixin,

package/src/models/interfaces.ts

@@ -74,6 +74,9 @@ export interface User {
   automation?: {
     ownerId?: string;
   };
+  // Managed account fields
+  isManagedAccount?: boolean;
+  managedBy?: string;
   [key: string]: unknown;
 }
 

package/src/utils/__tests__/asyncUtils.test.ts

@@ -0,0 +1,187 @@
+import { retryAsync } from '../asyncUtils';
+import { handleHttpError } from '../errorUtils';
+
+/**
+ * Regression coverage for the 1.11.11 retry storm:
+ *
+ * HttpService wraps fetch errors through handleHttpError before rethrowing.
+ * handleHttpError returns a flat ApiError ({ message, code, status }) without
+ * a nested `.response` field. Prior to the fix, retryAsync's default
+ * shouldRetry predicate only inspected `error.response.status`, so every 4xx
+ * response was treated as retryable. That turned ~5ms 404 lookups into 8-10s
+ * stalls because every Mention endpoint hitting Oxy for a missing
+ * user/topic hit the full retry+backoff schedule.
+ *
+ * These tests lock the fix in place: both the nested and flat shapes MUST
+ * short-circuit retries for 4xx, and 5xx/network errors MUST still retry.
+ */
+describe('retryAsync default shouldRetry predicate', () => {
+  it('does not retry on a flat ApiError-shaped 404 (handleHttpError output)', async () => {
+    let attempts = 0;
+    const started = Date.now();
+    const apiError = { message: 'Not found', code: 'NOT_FOUND', status: 404 };
+
+    await expect(
+      retryAsync(async () => {
+        attempts++;
+        throw apiError;
+      }, 3, 50)
+    ).rejects.toBe(apiError);
+
+    expect(attempts).toBe(1);
+    // Sanity: we should NOT have slept through any backoff windows.
+    expect(Date.now() - started).toBeLessThan(100);
+  });
+
+  it('does not retry on an axios-style nested 404 (response.status)', async () => {
+    let attempts = 0;
+    const axiosError = {
+      message: 'Not found',
+      response: { status: 404, statusText: 'Not Found' },
+    };
+
+    await expect(
+      retryAsync(async () => {
+        attempts++;
+        throw axiosError;
+      }, 3, 50)
+    ).rejects.toBe(axiosError);
+
+    expect(attempts).toBe(1);
+  });
+
+  it('does not retry on any 4xx flat-shape (400/401/403/422)', async () => {
+    for (const status of [400, 401, 403, 422]) {
+      let attempts = 0;
+      await expect(
+        retryAsync(async () => {
+          attempts++;
+          throw { message: 'client', code: 'X', status };
+        }, 2, 10)
+      ).rejects.toBeDefined();
+      expect(attempts).toBe(1);
+    }
+  });
+
+  it('retries on flat-shape 500 errors until maxRetries', async () => {
+    let attempts = 0;
+    await expect(
+      retryAsync(async () => {
+        attempts++;
+        throw { message: 'boom', code: 'INTERNAL_ERROR', status: 500 };
+      }, 2, 1)
+    ).rejects.toBeDefined();
+    expect(attempts).toBe(3); // initial + 2 retries
+  });
+
+  it('retries on nested-shape 503 errors until maxRetries', async () => {
+    let attempts = 0;
+    await expect(
+      retryAsync(async () => {
+        attempts++;
+        throw { message: 'unavailable', response: { status: 503 } };
+      }, 2, 1)
+    ).rejects.toBeDefined();
+    expect(attempts).toBe(3);
+  });
+
+  it('retries on network-style errors without any status (TypeError)', async () => {
+    let attempts = 0;
+    await expect(
+      retryAsync(async () => {
+        attempts++;
+        throw new TypeError('Failed to fetch');
+      }, 2, 1)
+    ).rejects.toBeDefined();
+    expect(attempts).toBe(3);
+  });
+
+  it('returns the successful result without extra attempts', async () => {
+    let attempts = 0;
+    const result = await retryAsync(async () => {
+      attempts++;
+      return 'ok' as const;
+    }, 3, 1);
+    expect(result).toBe('ok');
+    expect(attempts).toBe(1);
+  });
+
+  it('recovers after a transient 5xx followed by success', async () => {
+    let attempts = 0;
+    const result = await retryAsync(async () => {
+      attempts++;
+      if (attempts < 2) {
+        throw { message: 'transient', status: 502 };
+      }
+      return 'recovered' as const;
+    }, 3, 1);
+    expect(result).toBe('recovered');
+    expect(attempts).toBe(2);
+  });
+
+  it('honours a custom shouldRetry predicate even when default would retry', async () => {
+    let attempts = 0;
+    await expect(
+      retryAsync(
+        async () => {
+          attempts++;
+          throw { message: 'nope', status: 500 };
+        },
+        5,
+        1,
+        () => false
+      )
+    ).rejects.toBeDefined();
+    expect(attempts).toBe(1);
+  });
+
+  it('ignores non-numeric status fields instead of treating them as 4xx', async () => {
+    let attempts = 0;
+    await expect(
+      retryAsync(async () => {
+        attempts++;
+        throw { message: 'weird', status: 'oops' as unknown as number };
+      }, 2, 1)
+    ).rejects.toBeDefined();
+    // Non-numeric status must NOT be interpreted as 4xx — should retry normally.
+    expect(attempts).toBe(3);
+  });
+});
+
+/**
+ * handleHttpError is the wire between fetch-thrown errors and retryAsync.
+ * Lock in that it exposes the HTTP status at the top level so the retry
+ * predicate above can see it.
+ */
+describe('handleHttpError preserves HTTP status for retry predicates', () => {
+  it('flattens a fetch-style error with .response.status into ApiError.status', () => {
+    const fetchError = Object.assign(new Error('Not found'), {
+      status: 404,
+      response: { status: 404, statusText: 'Not Found' },
+    });
+    const result = handleHttpError(fetchError);
+    expect(result.status).toBe(404);
+    expect(result.code).toBe('NOT_FOUND');
+    expect(result.message).toBe('Not found');
+  });
+
+  it('preserves 401 status from fetch errors', () => {
+    const fetchError = Object.assign(new Error('Unauthorized'), {
+      status: 401,
+      response: { status: 401, statusText: 'Unauthorized' },
+    });
+    const result = handleHttpError(fetchError);
+    expect(result.status).toBe(401);
+    expect(result.code).toBe('UNAUTHORIZED');
+  });
+
+  it('maps 500 to INTERNAL_ERROR with status preserved', () => {
+    const fetchError = Object.assign(new Error('boom'), {
+      status: 500,
+      response: { status: 500, statusText: 'Internal Server Error' },
+    });
+    const result = handleHttpError(fetchError);
+    expect(result.status).toBe(500);
+    expect(result.code).toBe('INTERNAL_ERROR');
+  });
+});

package/src/utils/asyncUtils.ts

@@ -47,11 +47,38 @@ export async function parallelWithErrorHandling<T>(
   );
 }
 
+/**
+ * Extract an HTTP status code from an error value, tolerating both the
+ * axios-style nested shape (`error.response.status`) and the flat shape
+ * produced by {@link handleHttpError} / fetch-based clients (`error.status`).
+ *
+ * Centralising this lookup prevents retry predicates from silently falling
+ * through when one of the two shapes is missing, which previously caused
+ * @oxyhq/core to retry 4xx responses and turn sub-10ms failures into
+ * multi-second stalls for every missing-resource lookup.
+ */
+function extractHttpStatus(error: unknown): number | undefined {
+  if (!error || typeof error !== 'object') return undefined;
+  const candidate = error as {
+    status?: unknown;
+    response?: { status?: unknown } | null;
+  };
+  const flat = candidate.status;
+  if (typeof flat === 'number' && Number.isFinite(flat)) return flat;
+  const nested = candidate.response?.status;
+  if (typeof nested === 'number' && Number.isFinite(nested)) return nested;
+  return undefined;
+}
+
 /**
  * Retry an async operation with exponential backoff
- * 
- * By default, does not retry on 4xx errors (client errors).
- * Use shouldRetry callback to customize retry behavior.
+ *
+ * By default, does not retry on 4xx errors (client errors). The default
+ * predicate accepts both the axios-style `error.response.status` and the
+ * flat `error.status` shape produced by {@link handleHttpError}, so callers
+ * never accidentally retry a deterministic client failure.
+ *
+ * Use the `shouldRetry` callback to customize retry behavior.
  */
 export async function retryAsync<T>(
   operation: () => Promise<T>,
@@ -60,16 +87,19 @@ export async function retryAsync<T>(
   shouldRetry?: (error: any) => boolean
 ): Promise<T> {
   let lastError: any;
-  
-  // Default shouldRetry: don't retry on 4xx errors
-  const defaultShouldRetry = (error: any): boolean => {
-    // Don't retry on 4xx errors (client errors)
-    if (error?.response?.status >= 400 && error?.response?.status < 500) {
+
+  // Default shouldRetry: don't retry on 4xx errors (client errors).
+  // Checks BOTH `error.status` (flat shape from handleHttpError / fetch
+  // clients) AND `error.response.status` (axios-style shape) so neither
+  // representation can leak a client error into the retry loop.
+  const defaultShouldRetry = (error: unknown): boolean => {
+    const status = extractHttpStatus(error);
+    if (status !== undefined && status >= 400 && status < 500) {
       return false;
     }
     return true;
   };
-  
+
   const retryCheck = shouldRetry || defaultShouldRetry;
   
   for (let attempt = 0; attempt <= maxRetries; attempt++) {

package/src/utils/deviceManager.ts

@@ -44,7 +44,7 @@ export class DeviceManager {
       try {
         // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
         const moduleName = '@react-native-async-storage/async-storage';
-        const asyncStorageModule = await import(moduleName);
+        const asyncStorageModule = await import(/* @vite-ignore */ moduleName);
         const storage = asyncStorageModule.default as unknown as { getItem: (key: string) => Promise<string | null>; setItem: (key: string, value: string) => Promise<void>; removeItem: (key: string) => Promise<void> };
         return {
           getItem: storage.getItem.bind(storage),