@oxyhq/core 2.0.0 → 2.1.0

package/dist/cjs/index.js

@@ -20,7 +20,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.normalizeColorScheme = exports.normalizeTheme = exports.getContrastTextColor = exports.isLightColor = exports.withOpacity = exports.rgbToHex = exports.hexToRgb = exports.lightenColor = exports.darkenColor = exports.isAndroid = exports.isIOS = exports.isNative = exports.isWeb = exports.setPlatformOS = exports.getPlatformOS = exports.isRTLLocale = exports.normalizeLanguageCode = exports.getNativeLanguageName = exports.getLanguageName = exports.getLanguageMetadata = exports.SUPPORTED_LANGUAGES = exports.TopicSource = exports.TopicType = exports.SECURITY_EVENT_SEVERITY_MAP = exports.DeviceManager = exports.RecoveryPhraseService = exports.SignatureService = exports.IdentityPersistError = exports.IdentityAlreadyExistsError = exports.KeyManager = exports.sessionsArraysEqual = exports.normalizeAndSortSessions = exports.mergeSessions = exports.authenticatedApiCall = exports.withAuthErrorHandling = exports.isAuthenticationError = exports.ensureValidToken = exports.AuthenticationFailedError = exports.SessionSyncRequiredError = exports.OxyAppDataIdentifierError = exports.ServiceCredentialMismatchError = exports.createCrossDomainAuth = exports.CrossDomainAuth = exports.createAuthManager = exports.AuthManager = exports.oxyClient = exports.OXY_CLOUD_URL = exports.OxyAuthenticationTimeoutError = exports.OxyAuthenticationError = exports.OxyServices = void 0;
 exports.isValidURL = exports.isValidUUID = exports.isValidObject = exports.isValidArray = exports.isRequiredBoolean = exports.isRequiredNumber = exports.isRequiredString = exports.isValidPassword = exports.isValidUsername = exports.isValidEmail = exports.PASSWORD_REGEX = exports.USERNAME_REGEX = exports.EMAIL_REGEX = exports.retryAsync = exports.validateRequiredFields = exports.handleHttpError = exports.createApiError = exports.ErrorCodes = exports.safeJsonParse = exports.buildPaginationParams = exports.buildUrl = exports.buildSearchParams = exports.translate = exports.createDebugLogger = exports.debugError = exports.debugWarn = exports.debugLog = exports.isDev = exports.withRetry = exports.delay = exports.shouldAllowRequest = exports.recordSuccess = exports.recordFailure = exports.calculateBackoffInterval = exports.createCircuitBreakerState = exports.DEFAULT_CIRCUIT_BREAKER_CONFIG = exports.isRetryableError = exports.isNetworkError = exports.isServerError = exports.isRateLimitError = exports.isNotFoundError = exports.isForbiddenError = exports.isUnauthorizedError = exports.isAlreadyRegisteredError = exports.getErrorMessage = exports.getErrorStatus = exports.HttpStatus = exports.getSystemColorScheme = exports.systemPrefersDarkMode = exports.getOppositeTheme = void 0;
-exports.packageInfo = exports.getAccountColor = exports.mergeAccountsFromRefreshAll = exports.formatPublicKeyHandle = exports.getAccountFallbackHandle = exports.getAccountDisplayName = exports.createQuickAccount = exports.buildAccountsArray = exports.updateAvatarVisibility = exports.logPerformance = exports.logPayment = exports.logDevice = exports.logUser = exports.logSession = exports.logApi = exports.logAuth = exports.LogLevel = exports.logger = exports.validateAndSanitizeUserInput = exports.isValidObjectId = exports.sanitizeHTML = exports.sanitizeString = exports.isValidFileType = exports.isValidFileSize = exports.isValidDate = void 0;
+exports.packageInfo = exports.runColdBoot = exports.autoDetectAuthWebUrl = exports.getAccountColor = exports.mergeAccountsFromRefreshAll = exports.formatPublicKeyHandle = exports.getAccountFallbackHandle = exports.getAccountDisplayName = exports.createQuickAccount = exports.buildAccountsArray = exports.updateAvatarVisibility = exports.logPerformance = exports.logPayment = exports.logDevice = exports.logUser = exports.logSession = exports.logApi = exports.logAuth = exports.LogLevel = exports.logger = exports.validateAndSanitizeUserInput = exports.isValidObjectId = exports.sanitizeHTML = exports.sanitizeString = exports.isValidFileType = exports.isValidFileSize = exports.isValidDate = void 0;
 // Ensure crypto polyfills are loaded before anything else
 require("./crypto/polyfill");
 // ---------------------------------------------------------------------------
@@ -226,6 +226,13 @@ Object.defineProperty(exports, "formatPublicKeyHandle", { enumerable: true, get:
 Object.defineProperty(exports, "mergeAccountsFromRefreshAll", { enumerable: true, get: function () { return accountUtils_1.mergeAccountsFromRefreshAll; } });
 Object.defineProperty(exports, "getAccountColor", { enumerable: true, get: function () { return accountUtils_1.getAccountColor; } });
 // ---------------------------------------------------------------------------
+// Cross-domain SSO infrastructure
+// ---------------------------------------------------------------------------
+var fapiAutoDetect_1 = require("./utils/fapiAutoDetect");
+Object.defineProperty(exports, "autoDetectAuthWebUrl", { enumerable: true, get: function () { return fapiAutoDetect_1.autoDetectAuthWebUrl; } });
+var coldBoot_1 = require("./utils/coldBoot");
+Object.defineProperty(exports, "runColdBoot", { enumerable: true, get: function () { return coldBoot_1.runColdBoot; } });
+// ---------------------------------------------------------------------------
 // Constants
 // ---------------------------------------------------------------------------
 var version_1 = require("./constants/version");

package/dist/cjs/utils/coldBoot.js

@@ -0,0 +1,71 @@
+"use strict";
+/**
+ * coldBoot — a pure, ordered, short-circuit runner for "cold boot"
+ * authentication resolution.
+ *
+ * On a fresh page load / app launch the SDK may have several ways to recover an
+ * existing session (silent FedCM, a persisted refresh token, a cross-domain
+ * claim, an explicit popup flow, …). They must be attempted in a *deterministic
+ * order*, and the FIRST one that yields a session wins — every later step is
+ * skipped. This module encodes exactly that contract and nothing else.
+ *
+ * Design constraints (all enforced):
+ *   - PURE: no DOM, no `navigator`, no `window`, no React, no platform globals.
+ *   - NO module-level mutable state. Every call to {@link runColdBoot} is fully
+ *     self-contained, so it is safe under bundler re-evaluation (e.g. the Metro
+ *     web bundle, which is precisely why the FedCM silent-SSO guard had to live
+ *     in consumers rather than a core singleton).
+ *   - Architecture-agnostic: both candidate cross-domain SSO designs consume
+ *     this same primitive; it knows nothing about HOW a step resolves a session.
+ *
+ * A step is skipped (without running) when its `enabled` predicate returns
+ * false. Any thrown error — from either `enabled` or `run` — is reported via
+ * `onStepError` and treated as a non-fatal skip, so one broken recovery path
+ * can never prevent a later, healthy one from succeeding.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runColdBoot = runColdBoot;
+/**
+ * Run the ordered cold-boot steps and resolve to the first recovered session,
+ * or `unauthenticated` if none recovers one.
+ *
+ * Semantics:
+ *   1. Iterate `steps` in order.
+ *   2. If a step has an `enabled` predicate, call it inside try/catch:
+ *      - throw → report via `onStepError(id, err)` → treat as disabled → continue.
+ *      - returns false → continue (skip, `run` not called).
+ *   3. Otherwise await `step.run()` inside try/catch:
+ *      - throw → report via `onStepError(id, err)` → continue.
+ *      - `{ kind: 'session' }` → return `{ kind: 'session', via: step.id, session }`.
+ *      - `{ kind: 'skip' }` → continue.
+ *   4. After the loop with no winner → `{ kind: 'unauthenticated' }`.
+ */
+async function runColdBoot(options) {
+    const { steps, onStepError } = options;
+    for (const step of steps) {
+        if (step.enabled) {
+            let isEnabled;
+            try {
+                isEnabled = step.enabled();
+            }
+            catch (error) {
+                onStepError?.(step.id, error);
+                continue;
+            }
+            if (!isEnabled)
+                continue;
+        }
+        let result;
+        try {
+            result = await step.run();
+        }
+        catch (error) {
+            onStepError?.(step.id, error);
+            continue;
+        }
+        if (result.kind === 'session') {
+            return { kind: 'session', via: step.id, session: result.session };
+        }
+    }
+    return { kind: 'unauthenticated' };
+}

package/dist/cjs/utils/fapiAutoDetect.js

@@ -0,0 +1,88 @@
+"use strict";
+/**
+ * Auto-detect the FAPI (IdP) URL from the current browser hostname.
+ *
+ * This is the canonical cross-domain IdP-resolution primitive for the Oxy
+ * ecosystem. Both candidate cross-domain SSO designs derive `auth.<rp-apex>`
+ * through this helper; do not fork it.
+ *
+ * Clerk-style multi-domain SSO depends on the IdP being reachable on a
+ * subdomain of the RP's own apex (e.g. `auth.mention.earth` CNAMEd to the
+ * central Oxy IdP). That way every FedCM endpoint, the session cookie,
+ * and any popup/redirect target are same-site with the RP — the only way
+ * to get first-party cookies in Safari ITP and Firefox Total Cookie
+ * Protection.
+ *
+ * This helper computes `https://auth.<rp-apex>` from
+ * `window.location.hostname` so a consuming app doesn't have to pass
+ * `authWebUrl` explicitly. Returns `undefined` for environments where
+ * auto-detection would be wrong:
+ *
+ *   - SSR / non-browser (no `window`).
+ *   - `localhost`, `127.0.0.1`, IPv4/IPv6 literals.
+ *   - Hostnames with fewer than two labels.
+ *   - Hostnames whose trailing two labels form a known multi-part public
+ *     suffix (e.g. `co.uk`), where the naive `labels.slice(-2)` apex would be
+ *     an attacker-registrable suffix like `auth.co.uk` rather than the real
+ *     registrable domain.
+ *
+ * When the page is already loaded ON the IdP itself (`auth.<anything>`),
+ * the helper returns the current origin so the SDK keeps everything
+ * same-origin instead of hopping to a different IdP host.
+ *
+ * The IdP backend independently derives `iss`, `provider_urls`, and the
+ * `fedcm.json` icon URLs from the request host
+ * (`packages/auth/server/index.ts`), so an honest CNAME pair is all that
+ * is required for end-to-end FedCM correctness — no per-RP config.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.autoDetectAuthWebUrl = autoDetectAuthWebUrl;
+/**
+ * Known multi-part public suffixes where the registrable domain is the LAST
+ * THREE labels, not two. Deriving an apex from `labels.slice(-2)` against any
+ * of these would yield an attacker-registrable suffix (e.g. `auth.co.uk`),
+ * so we bail out instead.
+ *
+ * This is intentionally a small, explicit allow-list rather than the full
+ * Public Suffix List — it covers the suffixes the Oxy ecosystem's RPs use.
+ * Any multi-part-TLD RP MUST extend this set (or wire in a proper PSL check)
+ * before relying on this helper, otherwise auto-detection silently bails to
+ * `undefined` and the consumer must pass `authWebUrl` explicitly.
+ */
+const MULTIPART_TLDS = new Set([
+    'co.uk',
+    'com.au',
+    'co.jp',
+    'co.nz',
+    'com.br',
+    'co.za',
+    'com.mx',
+    'co.in',
+    'co.kr',
+    'com.sg',
+]);
+function autoDetectAuthWebUrl(location = typeof window !== 'undefined' ? window.location : undefined) {
+    if (!location)
+        return undefined;
+    const { hostname, protocol } = location;
+    if (!hostname)
+        return undefined;
+    if (protocol !== 'https:' && protocol !== 'http:')
+        return undefined;
+    if (hostname === 'localhost' || hostname === '127.0.0.1')
+        return undefined;
+    if (/^\d+\.\d+\.\d+\.\d+$/.test(hostname))
+        return undefined;
+    if (hostname.startsWith('['))
+        return undefined;
+    if (hostname.startsWith('auth.')) {
+        return `${protocol}//${hostname}`;
+    }
+    const labels = hostname.split('.');
+    if (labels.length < 2)
+        return undefined;
+    if (MULTIPART_TLDS.has(labels.slice(-2).join('.')))
+        return undefined;
+    const apex = labels.slice(-2).join('.');
+    return `${protocol}//auth.${apex}`;
+}