@oxyhq/core 1.11.23 → 2.0.0

package/dist/cjs/mixins/OxyServices.popup.js

@@ -81,7 +81,37 @@ function OxyServicesPopupAuthMixin(Base) {
                     clientId: window.location.origin,
                     redirectUri: `${this.resolveAuthUrl()}/auth/callback`,
                 });
-                const popup = this.openCenteredPopup(authUrl, 'Oxy Sign In', width, height);
+                // If the caller pre-opened a popup on the raw user gesture (recommended
+                // path — see `openBlankPopup` and `PopupAuthOptions.popup`), navigate it
+                // to the auth URL instead of issuing a fresh `window.open` (which would
+                // be blocked once any prior `await` has consumed the user activation).
+                let popup;
+                const preOpened = options.popup ?? null;
+                if (preOpened) {
+                    if (preOpened.closed) {
+                        // The pre-opened popup is gone — distinguish a user cancel (they
+                        // closed the blank window before sign-in could navigate it) from a
+                        // blocker rejection. Lumping these together as "Popup blocked" is
+                        // misleading: the popup was NOT blocked, it was opened successfully
+                        // and then dismissed.
+                        throw new OxyServices_errors_1.OxyAuthenticationError('Sign-in window was closed before authentication could start.');
+                    }
+                    try {
+                        preOpened.location.replace(authUrl);
+                    }
+                    catch (replaceError) {
+                        // `location.replace` can throw in sandboxed / cross-origin-locked
+                        // environments. Fall back to `href` assignment, which is more
+                        // permissive. Logged at debug-level so consumers can correlate
+                        // unusual sign-in behaviour without producing noise in normal flows.
+                        debug.warn('location.replace failed, falling back to location.href', replaceError);
+                        preOpened.location.href = authUrl;
+                    }
+                    popup = preOpened;
+                }
+                else {
+                    popup = this.openCenteredPopup(authUrl, 'Oxy Sign In', width, height);
+                }
                 if (!popup) {
                     throw new OxyServices_errors_1.OxyAuthenticationError('Popup blocked. Please allow popups for this site and try again.');
                 }
@@ -224,6 +254,36 @@ function OxyServicesPopupAuthMixin(Base) {
                     document.body.removeChild(iframe);
                 }
             }
+            /**
+             * Open a blank, centered popup window SYNCHRONOUSLY.
+             *
+             * Use this in a click (or other user-gesture) handler BEFORE any `await`
+             * to capture the transient user-activation. Pass the returned handle into
+             * `signInWithPopup({ popup })` once the async portion of the flow runs.
+             *
+             * Returns `null` if the browser's popup blocker rejected the open.
+             *
+             * @example
+             * ```typescript
+             * const onSignInClick = () => {
+             *   const popup = oxyServices.openBlankPopup();
+             *   (async () => {
+             *     const silent = await oxyServices.silentSignInWithFedCM();
+             *     if (silent) { popup?.close(); return; }
+             *     await oxyServices.signInWithPopup({ popup });
+             *   })();
+             * };
+             * ```
+             */
+            openBlankPopup(width, height) {
+                if (typeof window === 'undefined') {
+                    return null;
+                }
+                const ctor = this.constructor;
+                const w = width ?? ctor.POPUP_WIDTH;
+                const h = height ?? ctor.POPUP_HEIGHT;
+                return this.openCenteredPopup('about:blank', 'Oxy Sign In', w, h);
+            }
             /**
              * Open a centered popup window
              *

package/dist/cjs/mixins/OxyServices.user.js

@@ -218,6 +218,24 @@ function OxyServicesUserMixin(Base) {
                 throw this.handleError(error);
             }
         }
+        /**
+         * Update the authenticated user's notification preferences.
+         *
+         * Thin wrapper over `updateProfile` that constrains the patch to known
+         * notification channels — same persistence path, same cache invalidation,
+         * but type-safe at the call site.
+         */
+        async updateNotificationPreferences(preferences) {
+            return this.updateProfile({ notificationPreferences: preferences });
+        }
+        /**
+         * Update the authenticated user's general preferences (language, theme,
+         * reduce-motion, timezone). Persisted on the User document via
+         * `PUT /users/me` — same cache-invalidation behaviour as `updateProfile`.
+         */
+        async updateUserPreferences(preferences) {
+            return this.updateProfile({ userPreferences: preferences });
+        }
         /**
          * Request account verification
          */

package/dist/cjs/utils/accountUtils.js

@@ -4,7 +4,7 @@
  * Used by both @oxyhq/services (React Native) and @oxyhq/auth (Web) account stores.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createQuickAccount = exports.buildAccountsArray = exports.getAccountFallbackHandle = exports.getAccountDisplayName = exports.formatPublicKeyHandle = void 0;
+exports.getAccountColor = exports.mergeAccountsFromRefreshAll = exports.createQuickAccount = exports.buildAccountsArray = exports.getAccountFallbackHandle = exports.getAccountDisplayName = exports.formatPublicKeyHandle = void 0;
 const i18n_1 = require("../i18n");
 /**
  * Truncate a long public key for display, e.g. `0x12345678…`.
@@ -116,3 +116,66 @@ const createQuickAccount = (sessionId, userData, existingAccount, getFileDownloa
     };
 };
 exports.createQuickAccount = createQuickAccount;
+/**
+ * Merge a fresh `/auth/refresh-all` snapshot into an existing QuickAccount
+ * list, preserving any cached fields (`avatarUrl`) for slots that didn't
+ * change. The fresh response is canonical: the resulting list contains EXACTLY
+ * the slots present in `fresh`, sorted by `authuser` ascending. Stale stored
+ * accounts that no longer appear in `fresh` are dropped (the server already
+ * authoritatively cleared the corresponding cookie).
+ *
+ * @param stored Previously persisted QuickAccount list (any order).
+ * @param fresh Server's authoritative refresh-all response.
+ * @returns Canonical merged list, sorted by `authuser` asc.
+ */
+const mergeAccountsFromRefreshAll = (stored, fresh) => {
+    const storedByAuthuser = new Map();
+    if (stored) {
+        for (const account of stored) {
+            if (typeof account.authuser === 'number') {
+                storedByAuthuser.set(account.authuser, account);
+            }
+        }
+    }
+    const merged = fresh.map((entry) => {
+        const previous = storedByAuthuser.get(entry.authuser);
+        // `entry.user` is null on the SDK legacy-fallback path; preserve any
+        // previously cached identity for that slot rather than overwriting
+        // it with blanks, and let the AuthManager's getCurrentUser() hydration
+        // refresh it on the next snapshot.
+        const wireUser = entry.user;
+        const username = wireUser?.username ?? previous?.username ?? '';
+        const displayName = (0, exports.getAccountDisplayName)({
+            name: wireUser?.name,
+            username,
+        });
+        const avatar = wireUser?.avatar ?? previous?.avatar ?? undefined;
+        const avatarUrl = previous && previous.avatar === avatar ? previous.avatarUrl : undefined;
+        return {
+            sessionId: entry.sessionId,
+            userId: wireUser?.id ?? previous?.userId,
+            username,
+            displayName,
+            avatar,
+            avatarUrl,
+            authuser: entry.authuser,
+            color: wireUser?.color ?? previous?.color ?? null,
+        };
+    });
+    merged.sort((a, b) => {
+        const aIdx = a.authuser ?? Number.POSITIVE_INFINITY;
+        const bIdx = b.authuser ?? Number.POSITIVE_INFINITY;
+        return aIdx - bIdx;
+    });
+    return merged;
+};
+exports.mergeAccountsFromRefreshAll = mergeAccountsFromRefreshAll;
+/**
+ * Return the account's preferred Bloom color preset, or `null` if it has no
+ * preference. Centralises the `color ?? null` normalisation so consumers can
+ * drive per-account theming without duplicating the nullish-handling.
+ */
+const getAccountColor = (account) => {
+    return account.color ?? null;
+};
+exports.getAccountColor = getAccountColor;