@oxyhq/core 3.4.17 → 3.4.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/.tsbuildinfo +1 -1
- package/dist/cjs/HttpService.js +27 -2
- package/dist/cjs/OxyServices.base.js +2 -3
- package/dist/esm/.tsbuildinfo +1 -1
- package/dist/esm/HttpService.js +27 -2
- package/dist/esm/OxyServices.base.js +2 -3
- package/dist/types/.tsbuildinfo +1 -1
- package/dist/types/HttpService.d.ts +4 -0
- package/package.json +1 -1
- package/src/HttpService.ts +34 -2
- package/src/OxyServices.base.ts +2 -3
- package/src/__tests__/httpServiceCsrf.test.ts +68 -0
- package/src/__tests__/linkedClient.test.ts +103 -13
package/dist/esm/HttpService.js
CHANGED
|
@@ -100,6 +100,7 @@ export class HttpService {
|
|
|
100
100
|
this.tokenRefreshPromise = null;
|
|
101
101
|
this.tokenRefreshCooldownUntil = 0;
|
|
102
102
|
this.authRefreshHandler = null;
|
|
103
|
+
this.accessTokenProvider = null;
|
|
103
104
|
/**
|
|
104
105
|
* Fan-out listeners notified on EVERY access-token change on this instance:
|
|
105
106
|
* explicit `setTokens`, `clearTokens`, an AuthManager-owned refresh, and the
|
|
@@ -130,6 +131,24 @@ export class HttpService {
|
|
|
130
131
|
this.deduplicator = new RequestDeduplicator();
|
|
131
132
|
this.requestQueue = new RequestQueue(config.maxConcurrentRequests || 10, config.requestQueueSize || 100);
|
|
132
133
|
}
|
|
134
|
+
syncAccessTokenFromProvider() {
|
|
135
|
+
if (!this.accessTokenProvider) {
|
|
136
|
+
return this.tokenStore.getAccessToken();
|
|
137
|
+
}
|
|
138
|
+
const providedToken = this.accessTokenProvider();
|
|
139
|
+
const currentToken = this.tokenStore.getAccessToken();
|
|
140
|
+
if (providedToken) {
|
|
141
|
+
if (providedToken !== currentToken) {
|
|
142
|
+
this.tokenStore.setTokens(providedToken);
|
|
143
|
+
this.notifyTokenChange();
|
|
144
|
+
}
|
|
145
|
+
return providedToken;
|
|
146
|
+
}
|
|
147
|
+
if (currentToken) {
|
|
148
|
+
this.clearTokens();
|
|
149
|
+
}
|
|
150
|
+
return null;
|
|
151
|
+
}
|
|
133
152
|
/**
|
|
134
153
|
* Robust FormData detection that works in browser, React Native, and
|
|
135
154
|
* Node.js polyfill environments.
|
|
@@ -685,7 +704,7 @@ export class HttpService {
|
|
|
685
704
|
* Get auth header with automatic token refresh
|
|
686
705
|
*/
|
|
687
706
|
async getAuthHeader() {
|
|
688
|
-
const accessToken = this.
|
|
707
|
+
const accessToken = this.syncAccessTokenFromProvider();
|
|
689
708
|
if (!accessToken) {
|
|
690
709
|
return null;
|
|
691
710
|
}
|
|
@@ -697,7 +716,10 @@ export class HttpService {
|
|
|
697
716
|
const refreshed = await this.refreshAccessToken('preflight');
|
|
698
717
|
if (refreshed)
|
|
699
718
|
return `Bearer ${refreshed}`;
|
|
700
|
-
|
|
719
|
+
if (decoded.exp > currentTime) {
|
|
720
|
+
return `Bearer ${accessToken}`;
|
|
721
|
+
}
|
|
722
|
+
// Refresh failed — don't use an expired token (would cause 401 loop)
|
|
701
723
|
return null;
|
|
702
724
|
}
|
|
703
725
|
return `Bearer ${accessToken}`;
|
|
@@ -800,6 +822,9 @@ export class HttpService {
|
|
|
800
822
|
setAuthRefreshHandler(handler) {
|
|
801
823
|
this.authRefreshHandler = handler;
|
|
802
824
|
}
|
|
825
|
+
setAccessTokenProvider(provider) {
|
|
826
|
+
this.accessTokenProvider = provider;
|
|
827
|
+
}
|
|
803
828
|
clearTokens() {
|
|
804
829
|
this.tokenStore.clearTokens();
|
|
805
830
|
this.tokenStore.clearCsrfToken();
|
|
@@ -110,12 +110,10 @@ export class OxyServicesBase {
|
|
|
110
110
|
};
|
|
111
111
|
syncToken(this.getAccessToken());
|
|
112
112
|
const unsubscribe = this.onTokensChanged(syncToken);
|
|
113
|
+
client.setAccessTokenProvider(() => this.getAccessToken());
|
|
113
114
|
client.setAuthRefreshHandler(async (reason) => {
|
|
114
115
|
const refreshed = await this.httpService.refreshAccessToken(reason);
|
|
115
116
|
if (!refreshed) {
|
|
116
|
-
if (reason === 'response-401') {
|
|
117
|
-
this.clearTokens();
|
|
118
|
-
}
|
|
119
117
|
return null;
|
|
120
118
|
}
|
|
121
119
|
syncToken(refreshed);
|
|
@@ -126,6 +124,7 @@ export class OxyServicesBase {
|
|
|
126
124
|
dispose: () => {
|
|
127
125
|
unsubscribe();
|
|
128
126
|
client.setAuthRefreshHandler(null);
|
|
127
|
+
client.setAccessTokenProvider(null);
|
|
129
128
|
client.clearTokens();
|
|
130
129
|
},
|
|
131
130
|
};
|