@oxyhq/core 1.11.11 → 1.11.12

package/dist/esm/HttpService.js

@@ -16,7 +16,6 @@ import { TTLCache, registerCacheForCleanup } from './utils/cache.js';
 import { RequestDeduplicator, RequestQueue, SimpleLogger } from './utils/requestUtils.js';
 import { retryAsync } from './utils/asyncUtils.js';
 import { handleHttpError } from './utils/errorUtils.js';
-import { isDev } from './shared/utils/debugUtils.js';
 import { jwtDecode } from 'jwt-decode';
 import { isNative, getPlatformOS } from './utils/platform.js';
 /**
@@ -187,9 +186,12 @@ export class HttpService {
                 if (isNativeApp && isStateChangingMethod) {
                     headers['X-Native-App'] = 'true';
                 }
-                // Debug logging for CSRF issues
-                if (isStateChangingMethod && isDev()) {
-                    console.log('[HttpService] CSRF Debug:', {
+                // Debug logging for CSRF issues — routed through the SimpleLogger so
+                // it only fires when consumers opt in via `enableLogging`. Previously
+                // this was a bare console.log that leaked noise into every host app's
+                // stdout in development.
+                if (isStateChangingMethod) {
+                    this.logger.debug('CSRF Debug:', {
                         url,
                         method,
                         isNativeApp,
@@ -409,23 +411,20 @@ export class HttpService {
         // Return cached token if available
         const cachedToken = this.tokenStore.getCsrfToken();
         if (cachedToken) {
-            if (isDev())
-                console.log('[HttpService] Using cached CSRF token');
+            this.logger.debug('Using cached CSRF token');
             return cachedToken;
         }
         // Deduplicate concurrent CSRF token fetches
         const existingPromise = this.tokenStore.getCsrfTokenFetchPromise();
         if (existingPromise) {
-            if (isDev())
-                console.log('[HttpService] Waiting for existing CSRF fetch');
+            this.logger.debug('Waiting for existing CSRF fetch');
             return existingPromise;
         }
         const fetchPromise = (async () => {
             const maxAttempts = 2;
             for (let attempt = 1; attempt <= maxAttempts; attempt++) {
                 try {
-                    if (isDev())
-                        console.log('[HttpService] Fetching CSRF token from:', `${this.baseURL}/csrf-token`, `(attempt ${attempt})`);
+                    this.logger.debug('Fetching CSRF token from:', `${this.baseURL}/csrf-token`, `(attempt ${attempt})`);
                     // Use AbortController for timeout (more compatible than AbortSignal.timeout)
                     const controller = new AbortController();
                     const timeoutId = setTimeout(() => controller.abort(), 5000);
@@ -436,12 +435,10 @@ export class HttpService {
                         signal: controller.signal,
                     });
                     clearTimeout(timeoutId);
-                    if (isDev())
-                        console.log('[HttpService] CSRF fetch response:', response.status, response.ok);
+                    this.logger.debug('CSRF fetch response:', response.status, response.ok);
                     if (response.ok) {
                         const data = await response.json();
-                        if (isDev())
-                            console.log('[HttpService] CSRF response data:', data);
+                        this.logger.debug('CSRF response data:', data);
                         const token = data.csrfToken || null;
                         this.tokenStore.setCsrfToken(token);
                         this.logger.debug('CSRF token fetched');
@@ -454,13 +451,11 @@ export class HttpService {
                         this.logger.debug('CSRF token from header');
                         return headerToken;
                     }
-                    if (isDev())
-                        console.log('[HttpService] CSRF fetch failed with status:', response.status);
+                    this.logger.debug('CSRF fetch failed with status:', response.status);
                     this.logger.warn('Failed to fetch CSRF token:', response.status);
                 }
                 catch (error) {
-                    if (isDev())
-                        console.log('[HttpService] CSRF fetch error:', error);
+                    this.logger.debug('CSRF fetch error:', error);
                     this.logger.warn('CSRF token fetch error:', error);
                 }
                 // Wait before retry (500ms)

package/dist/esm/crypto/keyManager.js

@@ -45,7 +45,7 @@ async function initSecureStore() {
         try {
             // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
             const moduleName = 'expo-secure-store';
-            SecureStore = await import(moduleName);
+            SecureStore = await import(/* @vite-ignore */ moduleName);
         }
         catch (error) {
             const errorMessage = error instanceof Error ? error.message : String(error);
@@ -68,7 +68,7 @@ async function initExpoCrypto() {
     if (!ExpoCrypto) {
         // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
         const moduleName = 'expo-crypto';
-        ExpoCrypto = await import(moduleName);
+        ExpoCrypto = await import(/* @vite-ignore */ moduleName);
     }
     return ExpoCrypto;
 }
@@ -94,7 +94,7 @@ async function getSecureRandomBytes(length) {
     // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
     try {
         const cryptoModuleName = 'crypto';
-        const nodeCrypto = await import(cryptoModuleName);
+        const nodeCrypto = await import(/* @vite-ignore */ cryptoModuleName);
         return new Uint8Array(nodeCrypto.randomBytes(length));
     }
     catch (error) {

package/dist/esm/crypto/polyfill.js

@@ -40,7 +40,7 @@ function startExpoCryptoLoad() {
     expoCryptoLoadPromise = (async () => {
         try {
             const moduleName = 'expo-crypto';
-            expoCryptoModule = await import(moduleName);
+            expoCryptoModule = await import(/* @vite-ignore */ moduleName);
         }
         catch {
             // expo-crypto not available — expected in non-RN environments

package/dist/esm/crypto/signatureService.js

@@ -8,20 +8,24 @@ import _cjs_elliptic from 'elliptic';
 const { ec: EC } = _cjs_elliptic;
 import { KeyManager } from './keyManager.js';
 import { isReactNative, isNodeJS } from '../utils/platform.js';
-// Lazy import for expo-crypto
+// Lazy imports for platform-specific crypto
 let ExpoCrypto = null;
+let NodeCrypto = null;
 const ec = new EC('secp256k1');
-/**
- * Initialize expo-crypto module
- */
 async function initExpoCrypto() {
     if (!ExpoCrypto) {
-        // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
         const moduleName = 'expo-crypto';
-        ExpoCrypto = await import(moduleName);
+        ExpoCrypto = await import(/* @vite-ignore */ moduleName);
     }
     return ExpoCrypto;
 }
+async function initNodeCrypto() {
+    if (!NodeCrypto) {
+        const moduleName = 'crypto';
+        NodeCrypto = await import(/* @vite-ignore */ moduleName);
+    }
+    return NodeCrypto;
+}
 /**
  * Compute SHA-256 hash of a string
  */
@@ -31,10 +35,9 @@ async function sha256(message) {
         const Crypto = await initExpoCrypto();
         return Crypto.digestStringAsync(Crypto.CryptoDigestAlgorithm.SHA256, message);
     }
-    // In Node.js, use Node's crypto module
     if (isNodeJS()) {
         try {
-            const nodeCrypto = await import('crypto');
+            const nodeCrypto = await initNodeCrypto();
             return nodeCrypto.createHash('sha256').update(message).digest('hex');
         }
         catch {
@@ -62,12 +65,9 @@ export class SignatureService {
                 .map((b) => b.toString(16).padStart(2, '0'))
                 .join('');
         }
-        // In Node.js, use Node's crypto module
-        // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
         if (isNodeJS()) {
             try {
-                const cryptoModuleName = 'crypto';
-                const nodeCrypto = await import(cryptoModuleName);
+                const nodeCrypto = await initNodeCrypto();
                 return nodeCrypto.randomBytes(32).toString('hex');
             }
             catch {

package/dist/esm/mixins/OxyServices.language.js

@@ -17,7 +17,7 @@ export function OxyServicesLanguageMixin(Base) {
                 try {
                     // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
                     const moduleName = '@react-native-async-storage/async-storage';
-                    const asyncStorageModule = await import(moduleName);
+                    const asyncStorageModule = await import(/* @vite-ignore */ moduleName);
                     const storage = asyncStorageModule.default;
                     return {
                         getItem: storage.getItem.bind(storage),

package/dist/esm/mixins/OxyServices.user.js

@@ -18,6 +18,17 @@ export function OxyServicesUserMixin(Base) {
                 throw this.handleError(error);
             }
         }
+        /**
+         * Lightweight username lookup for login flows.
+         * Returns minimal public info: exists, color, avatar, displayName.
+         * Faster than getProfileByUsername — no stats, no formatting.
+         */
+        async lookupUsername(username) {
+            return await this.makeRequest('GET', `/auth/lookup/${encodeURIComponent(username)}`, undefined, {
+                cache: true,
+                cacheTTL: 60 * 1000, // 1 minute cache
+            });
+        }
         /**
          * Search user profiles
          */

package/dist/esm/utils/asyncUtils.js

@@ -30,18 +30,47 @@ export async function parallelWithErrorHandling(operations, errorHandler) {
     const results = await Promise.allSettled(operations.map((op, index) => withErrorHandling(op, error => errorHandler?.(error, index))));
     return results.map(result => result.status === 'fulfilled' ? result.value : null);
 }
+/**
+ * Extract an HTTP status code from an error value, tolerating both the
+ * axios-style nested shape (`error.response.status`) and the flat shape
+ * produced by {@link handleHttpError} / fetch-based clients (`error.status`).
+ *
+ * Centralising this lookup prevents retry predicates from silently falling
+ * through when one of the two shapes is missing, which previously caused
+ * @oxyhq/core to retry 4xx responses and turn sub-10ms failures into
+ * multi-second stalls for every missing-resource lookup.
+ */
+function extractHttpStatus(error) {
+    if (!error || typeof error !== 'object')
+        return undefined;
+    const candidate = error;
+    const flat = candidate.status;
+    if (typeof flat === 'number' && Number.isFinite(flat))
+        return flat;
+    const nested = candidate.response?.status;
+    if (typeof nested === 'number' && Number.isFinite(nested))
+        return nested;
+    return undefined;
+}
 /**
  * Retry an async operation with exponential backoff
  *
- * By default, does not retry on 4xx errors (client errors).
- * Use shouldRetry callback to customize retry behavior.
+ * By default, does not retry on 4xx errors (client errors). The default
+ * predicate accepts both the axios-style `error.response.status` and the
+ * flat `error.status` shape produced by {@link handleHttpError}, so callers
+ * never accidentally retry a deterministic client failure.
+ *
+ * Use the `shouldRetry` callback to customize retry behavior.
  */
 export async function retryAsync(operation, maxRetries = 3, baseDelay = 1000, shouldRetry) {
     let lastError;
-    // Default shouldRetry: don't retry on 4xx errors
+    // Default shouldRetry: don't retry on 4xx errors (client errors).
+    // Checks BOTH `error.status` (flat shape from handleHttpError / fetch
+    // clients) AND `error.response.status` (axios-style shape) so neither
+    // representation can leak a client error into the retry loop.
     const defaultShouldRetry = (error) => {
-        // Don't retry on 4xx errors (client errors)
-        if (error?.response?.status >= 400 && error?.response?.status < 500) {
+        const status = extractHttpStatus(error);
+        if (status !== undefined && status >= 400 && status < 500) {
             return false;
         }
         return true;

package/dist/esm/utils/deviceManager.js

@@ -17,7 +17,7 @@ export class DeviceManager {
             try {
                 // Variable indirection prevents bundlers (Vite, webpack) from statically resolving this
                 const moduleName = '@react-native-async-storage/async-storage';
-                const asyncStorageModule = await import(moduleName);
+                const asyncStorageModule = await import(/* @vite-ignore */ moduleName);
                 const storage = asyncStorageModule.default;
                 return {
                     getItem: storage.getItem.bind(storage),