@oxyhq/core 1.6.5 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/AuthManager.js +2 -1
- package/dist/cjs/HttpService.js +5 -2
- package/dist/esm/AuthManager.js +2 -1
- package/dist/esm/HttpService.js +5 -2
- package/dist/esm/crypto/keyManager.js +2 -1
- package/dist/esm/crypto/polyfill.js +2 -1
- package/dist/esm/crypto/signatureService.js +2 -1
- package/package.json +1 -1
- package/src/AuthManager.ts +2 -1
- package/src/HttpService.ts +5 -2
package/dist/cjs/AuthManager.js
CHANGED
|
@@ -296,11 +296,12 @@ class AuthManager {
|
|
|
296
296
|
* Sign out and clear all auth data.
|
|
297
297
|
*/
|
|
298
298
|
async signOut() {
|
|
299
|
-
// Clear refresh timer
|
|
299
|
+
// Clear refresh timer and cancel any in-flight refresh
|
|
300
300
|
if (this.refreshTimer) {
|
|
301
301
|
clearTimeout(this.refreshTimer);
|
|
302
302
|
this.refreshTimer = null;
|
|
303
303
|
}
|
|
304
|
+
this.refreshPromise = null;
|
|
304
305
|
// Invalidate current session on the server (best-effort)
|
|
305
306
|
try {
|
|
306
307
|
const sessionJson = await this.storage.getItem(STORAGE_KEYS.SESSION);
|
package/dist/cjs/HttpService.js
CHANGED
|
@@ -244,8 +244,9 @@ class HttpService {
|
|
|
244
244
|
// Token decode failed, fall through to clear
|
|
245
245
|
}
|
|
246
246
|
}
|
|
247
|
-
// Refresh failed or no token — clear tokens
|
|
247
|
+
// Refresh failed or no token — clear tokens and stale CSRF
|
|
248
248
|
this.tokenStore.clearTokens();
|
|
249
|
+
this.tokenStore.clearCsrfToken();
|
|
249
250
|
}
|
|
250
251
|
// On 403 with CSRF error, clear cached token and retry once
|
|
251
252
|
if (response.status === 403 && !config._isCsrfRetry) {
|
|
@@ -503,12 +504,14 @@ class HttpService {
|
|
|
503
504
|
const result = await this.tokenRefreshPromise;
|
|
504
505
|
if (result)
|
|
505
506
|
return result;
|
|
507
|
+
// Refresh failed — don't use the expired token (would cause 401 loop)
|
|
508
|
+
return null;
|
|
506
509
|
}
|
|
507
510
|
return `Bearer ${accessToken}`;
|
|
508
511
|
}
|
|
509
512
|
catch (error) {
|
|
510
513
|
this.logger.error('Error processing token:', error);
|
|
511
|
-
return
|
|
514
|
+
return null;
|
|
512
515
|
}
|
|
513
516
|
}
|
|
514
517
|
async _refreshTokenFromSession(sessionId) {
|
package/dist/esm/AuthManager.js
CHANGED
|
@@ -292,11 +292,12 @@ export class AuthManager {
|
|
|
292
292
|
* Sign out and clear all auth data.
|
|
293
293
|
*/
|
|
294
294
|
async signOut() {
|
|
295
|
-
// Clear refresh timer
|
|
295
|
+
// Clear refresh timer and cancel any in-flight refresh
|
|
296
296
|
if (this.refreshTimer) {
|
|
297
297
|
clearTimeout(this.refreshTimer);
|
|
298
298
|
this.refreshTimer = null;
|
|
299
299
|
}
|
|
300
|
+
this.refreshPromise = null;
|
|
300
301
|
// Invalidate current session on the server (best-effort)
|
|
301
302
|
try {
|
|
302
303
|
const sessionJson = await this.storage.getItem(STORAGE_KEYS.SESSION);
|
package/dist/esm/HttpService.js
CHANGED
|
@@ -241,8 +241,9 @@ export class HttpService {
|
|
|
241
241
|
// Token decode failed, fall through to clear
|
|
242
242
|
}
|
|
243
243
|
}
|
|
244
|
-
// Refresh failed or no token — clear tokens
|
|
244
|
+
// Refresh failed or no token — clear tokens and stale CSRF
|
|
245
245
|
this.tokenStore.clearTokens();
|
|
246
|
+
this.tokenStore.clearCsrfToken();
|
|
246
247
|
}
|
|
247
248
|
// On 403 with CSRF error, clear cached token and retry once
|
|
248
249
|
if (response.status === 403 && !config._isCsrfRetry) {
|
|
@@ -500,12 +501,14 @@ export class HttpService {
|
|
|
500
501
|
const result = await this.tokenRefreshPromise;
|
|
501
502
|
if (result)
|
|
502
503
|
return result;
|
|
504
|
+
// Refresh failed — don't use the expired token (would cause 401 loop)
|
|
505
|
+
return null;
|
|
503
506
|
}
|
|
504
507
|
return `Bearer ${accessToken}`;
|
|
505
508
|
}
|
|
506
509
|
catch (error) {
|
|
507
510
|
this.logger.error('Error processing token:', error);
|
|
508
|
-
return
|
|
511
|
+
return null;
|
|
509
512
|
}
|
|
510
513
|
}
|
|
511
514
|
async _refreshTokenFromSession(sessionId) {
|
|
@@ -4,7 +4,8 @@
|
|
|
4
4
|
* Handles secure generation, storage, and retrieval of cryptographic keys.
|
|
5
5
|
* Private keys are stored securely using expo-secure-store and never leave the device.
|
|
6
6
|
*/
|
|
7
|
-
import
|
|
7
|
+
import _cjs_elliptic from 'elliptic';
|
|
8
|
+
const { ec: EC } = _cjs_elliptic;
|
|
8
9
|
import { isWeb, isIOS, isAndroid, isReactNative, isNodeJS } from '../utils/platform.js';
|
|
9
10
|
import { logger } from '../utils/loggerUtils.js';
|
|
10
11
|
import { isDev } from '../shared/utils/debugUtils.js';
|
|
@@ -7,7 +7,8 @@
|
|
|
7
7
|
* - Browser/Node.js: Uses native crypto
|
|
8
8
|
* - React Native: Falls back to expo-crypto if native crypto unavailable
|
|
9
9
|
*/
|
|
10
|
-
import
|
|
10
|
+
import _cjs_buffer from 'buffer';
|
|
11
|
+
const { Buffer } = _cjs_buffer;
|
|
11
12
|
const getGlobalObject = () => {
|
|
12
13
|
if (typeof globalThis !== 'undefined')
|
|
13
14
|
return globalThis;
|
|
@@ -4,7 +4,8 @@
|
|
|
4
4
|
* Handles signing and verification of messages using ECDSA secp256k1.
|
|
5
5
|
* Used for authenticating requests and proving identity ownership.
|
|
6
6
|
*/
|
|
7
|
-
import
|
|
7
|
+
import _cjs_elliptic from 'elliptic';
|
|
8
|
+
const { ec: EC } = _cjs_elliptic;
|
|
8
9
|
import { KeyManager } from './keyManager.js';
|
|
9
10
|
import { isReactNative, isNodeJS } from '../utils/platform.js';
|
|
10
11
|
// Lazy import for expo-crypto
|
package/package.json
CHANGED
package/src/AuthManager.ts
CHANGED
|
@@ -361,11 +361,12 @@ export class AuthManager {
|
|
|
361
361
|
* Sign out and clear all auth data.
|
|
362
362
|
*/
|
|
363
363
|
async signOut(): Promise<void> {
|
|
364
|
-
// Clear refresh timer
|
|
364
|
+
// Clear refresh timer and cancel any in-flight refresh
|
|
365
365
|
if (this.refreshTimer) {
|
|
366
366
|
clearTimeout(this.refreshTimer);
|
|
367
367
|
this.refreshTimer = null;
|
|
368
368
|
}
|
|
369
|
+
this.refreshPromise = null;
|
|
369
370
|
|
|
370
371
|
// Invalidate current session on the server (best-effort)
|
|
371
372
|
try {
|
package/src/HttpService.ts
CHANGED
|
@@ -337,8 +337,9 @@ export class HttpService {
|
|
|
337
337
|
// Token decode failed, fall through to clear
|
|
338
338
|
}
|
|
339
339
|
}
|
|
340
|
-
// Refresh failed or no token — clear tokens
|
|
340
|
+
// Refresh failed or no token — clear tokens and stale CSRF
|
|
341
341
|
this.tokenStore.clearTokens();
|
|
342
|
+
this.tokenStore.clearCsrfToken();
|
|
342
343
|
}
|
|
343
344
|
|
|
344
345
|
// On 403 with CSRF error, clear cached token and retry once
|
|
@@ -616,12 +617,14 @@ export class HttpService {
|
|
|
616
617
|
}
|
|
617
618
|
const result = await this.tokenRefreshPromise;
|
|
618
619
|
if (result) return result;
|
|
620
|
+
// Refresh failed — don't use the expired token (would cause 401 loop)
|
|
621
|
+
return null;
|
|
619
622
|
}
|
|
620
623
|
|
|
621
624
|
return `Bearer ${accessToken}`;
|
|
622
625
|
} catch (error) {
|
|
623
626
|
this.logger.error('Error processing token:', error);
|
|
624
|
-
return
|
|
627
|
+
return null;
|
|
625
628
|
}
|
|
626
629
|
}
|
|
627
630
|
|