@oxyhq/services 10.2.1 → 10.2.3

package/src/ui/context/OxyContext.tsx

@@ -4,6 +4,7 @@ import {
   useCallback,
   useContext,
   useEffect,
+  useLayoutEffect,
   useMemo,
   useRef,
   useState,
@@ -250,6 +251,35 @@ const COOKIE_RESTORE_TIMEOUT = 3000;
  */
 const COLD_BOOT_OVERALL_DEADLINE = 20000;
 
+function getHttpStatus(error: unknown): number | undefined {
+  if (!error || typeof error !== 'object') {
+    return undefined;
+  }
+
+  if ('status' in error) {
+    const status = (error as { status?: unknown }).status;
+    if (typeof status === 'number') {
+      return status;
+    }
+  }
+
+  if ('response' in error) {
+    const response = (error as { response?: unknown }).response;
+    if (response && typeof response === 'object' && 'status' in response) {
+      const status = (response as { status?: unknown }).status;
+      if (typeof status === 'number') {
+        return status;
+      }
+    }
+  }
+
+  return undefined;
+}
+
+function isUnauthorizedStatus(error: unknown): boolean {
+  return getHttpStatus(error) === 401;
+}
+
 /**
  * Whether `idpOrigin` is a same-site, first-party host of the current page —
  * i.e. it shares the page's registrable apex (last two labels), so a "no
@@ -272,7 +302,10 @@ function isSameSiteIdP(idpOrigin: string): boolean {
   let idpHostname: string;
   try {
     idpHostname = new URL(idpOrigin).hostname;
-  } catch {
+  } catch (parseError) {
+    if (__DEV__) {
+      loggerUtil.debug('Invalid IdP origin while checking same-site session status', { component: 'OxyContext' }, parseError as unknown);
+    }
     return false;
   }
   const pageHostname = window.location.hostname;
@@ -287,6 +320,12 @@ function isSameSiteIdP(idpOrigin: string): boolean {
   return idpHostname === pageApex || idpHostname.endsWith(`.${pageApex}`);
 }
 
+function isOnSsoCallbackPath(): boolean {
+  return isWebBrowser() && window.location.pathname === SSO_CALLBACK_PATH;
+}
+
+const useBrowserLayoutEffect = typeof document !== 'undefined' ? useLayoutEffect : useEffect;
+
 let cachedUseFollowHook: UseFollowHook | null = null;
 
 const loadUseFollowHook = (): UseFollowHook => {
@@ -386,7 +425,12 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   // `isAuthResolved` on the context type for the consumer contract.
   const [authResolved, setAuthResolved] = useState(false);
   const authResolvedRef = useRef(false);
+  const userRef = useRef<User | null>(user);
+  const isAuthenticatedRef = useRef(isAuthenticated);
+  userRef.current = user;
+  isAuthenticatedRef.current = isAuthenticated;
   const [initialized, setInitialized] = useState(false);
+  const [ssoCallbackIntercepting, setSsoCallbackIntercepting] = useState(false);
   const setAuthState = useAuthStore.setState;
 
   // Keep the shared `oxyClient` singleton's token store in lockstep with the
@@ -625,6 +669,42 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   updateSessionsRef.current = updateSessions;
   const clearSessionStateRef = useRef(clearSessionState);
   clearSessionStateRef.current = clearSessionState;
+  const clearingInvalidTokenRef = useRef(false);
+
+  useEffect(() => {
+    const handleTokenChange = (accessToken: string | null) => {
+      if (accessToken) {
+        setTokenReady(true);
+        return;
+      }
+
+      if (userRef.current || isAuthenticatedRef.current) {
+        setTokenReady(false);
+        if (clearingInvalidTokenRef.current) {
+          return;
+        }
+        clearingInvalidTokenRef.current = true;
+        clearSessionStateRef.current()
+          .catch((clearError) => {
+            logger('Failed to clear invalidated auth session', clearError);
+          })
+          .finally(() => {
+            clearingInvalidTokenRef.current = false;
+            if (authResolvedRef.current) {
+              setTokenReady(true);
+            }
+          });
+        return;
+      }
+
+      if (authResolvedRef.current) {
+        setTokenReady(true);
+      }
+    };
+
+    handleTokenChange(oxyServices.getAccessToken());
+    return oxyServices.onTokensChanged(handleTokenChange);
+  }, [logger, oxyServices]);
 
   // Durable, navigation-safe session persistence.
   //
@@ -641,12 +721,16 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     await readyStorage.setItem(storageKeys.activeSessionId, sessionId);
     const existingIds = await readyStorage.getItem(storageKeys.sessionIds);
     let sessionIds: string[] = [];
-    try { sessionIds = existingIds ? JSON.parse(existingIds) : []; } catch { /* corrupted storage */ }
+    try {
+      sessionIds = existingIds ? JSON.parse(existingIds) : [];
+    } catch (parseError) {
+      logger('Failed to parse persisted session ids; replacing corrupted storage value', parseError);
+    }
     if (!sessionIds.includes(sessionId)) {
       sessionIds.push(sessionId);
       await readyStorage.setItem(storageKeys.sessionIds, JSON.stringify(sessionIds));
     }
-  }, [getReadyStorage, storageKeys.activeSessionId, storageKeys.sessionIds]);
+  }, [getReadyStorage, logger, storageKeys.activeSessionId, storageKeys.sessionIds]);
 
   // Refs so the cold-boot restore can plant session state without widening its
   // dependency array (mirrors the existing ref pattern above).
@@ -1293,13 +1377,12 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   // +not-found screen before the storage-gated cold-boot `sso-return` step gets
   // a chance to strip the fragment and restore the real destination.
   //
-  // This effect fires the SAME `runSsoReturn` kernel the instant we mount ON the
-  // callback path, BEFORE the cold boot (which awaits storage init). It restores
-  // the pre-bounce destination (and, on `ok`, commits the exchanged session via
-  // `handleWebSSOSession`) immediately, so the router re-syncs off the callback
-  // path and never lingers on it. Because the SDK owns this interception
-  // entirely, NO app needs a `/__oxy/sso-callback` route — it works identically
-  // across every consumer with zero per-app code.
+  // This effect fires the SAME `runSsoReturn` kernel the instant we hydrate ON
+  // the callback path, BEFORE the cold boot (which awaits storage init). The
+  // first render intentionally matches the app/router's static HTML; the
+  // browser layout effect then hides the internal route and consumes the
+  // callback before the first visible paint. That keeps SSR/SSG hydration stable
+  // while still ensuring no app needs a `/__oxy/sso-callback` route.
   //
   // It is purely ADDITIVE. The later cold-boot `sso-return` step stays as
   // defense-in-depth for the non-callback-path case; `consumeSsoReturn` strips
@@ -1315,13 +1398,13 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   // already wired when this fires at eager-mount time. If for any reason it were
   // not yet set, the later cold-boot `sso-return` step would commit it — but the
   // ref IS set during render, so the eager `ok` commit works.
-  useEffect(() => {
-    if (!isWebBrowser()) {
-      return;
-    }
-    if (window.location.pathname !== SSO_CALLBACK_PATH) {
+  useBrowserLayoutEffect(() => {
+    if (!isOnSsoCallbackPath()) {
+      setSsoCallbackIntercepting(false);
       return;
     }
+    let mounted = true;
+    setSsoCallbackIntercepting(true);
     runSsoReturnRef.current().catch((error) => {
       if (__DEV__) {
         loggerUtil.debug(
@@ -1330,7 +1413,15 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
           error,
         );
       }
+    }).finally(() => {
+      if (mounted) {
+        setSsoCallbackIntercepting(false);
+      }
     });
+
+    return () => {
+      mounted = false;
+    };
   }, []);
 
   // Web SSO: automatically check for cross-domain session on web platforms.
@@ -1382,7 +1473,10 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     let fullUser: User;
     try {
       fullUser = await oxyServices.getCurrentUser();
-    } catch {
+    } catch (profileError) {
+      if (__DEV__) {
+        loggerUtil.debug('Failed to fetch full user after web session; using session user fallback', { component: 'OxyContext', method: 'handleWebSSOSession' }, profileError as unknown);
+      }
       // If the profile fetch fails, fall back to the minimal data from the session
       // so the user is still logged in (the store accepts User, but the shapes overlap at runtime).
       fullUser = session.user as unknown as User;
@@ -1600,16 +1694,25 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
   // Load managed accounts when authenticated
   const refreshManagedAccounts = useCallback(async (): Promise<void> => {
-    if (!isAuthenticated) return;
+    if (!isAuthenticated || !tokenReady || !oxyServices.getAccessToken()) {
+      setManagedAccounts([]);
+      return;
+    }
+
     try {
       const accounts = await oxyServices.getManagedAccounts();
       setManagedAccounts(accounts);
     } catch (err) {
+      if (isUnauthorizedStatus(err)) {
+        setManagedAccounts([]);
+        await clearSessionStateRef.current();
+        return;
+      }
       if (__DEV__) {
         loggerUtil.debug('Failed to load managed accounts', { component: 'OxyContext' }, err as unknown);
       }
     }
-  }, [isAuthenticated, oxyServices]);
+  }, [isAuthenticated, oxyServices, tokenReady]);
 
   useEffect(() => {
     if (isAuthenticated && initialized && tokenReady) {
@@ -1623,9 +1726,13 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     // Persist to storage
     if (storage) {
       if (userId) {
-        storage.setItem(`${storageKeyPrefix}_acting_as`, userId).catch(() => {});
+        storage.setItem(`${storageKeyPrefix}_acting_as`, userId).catch((persistError) => {
+          loggerUtil.debug('Failed to persist acting-as account', { component: 'OxyContext' }, persistError as unknown);
+        });
       } else {
-        storage.removeItem(`${storageKeyPrefix}_acting_as`).catch(() => {});
+        storage.removeItem(`${storageKeyPrefix}_acting_as`).catch((persistError) => {
+          loggerUtil.debug('Failed to clear acting-as account', { component: 'OxyContext' }, persistError as unknown);
+        });
       }
     }
   }, [oxyServices, storage, storageKeyPrefix]);
@@ -1718,7 +1825,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
   return (
     <OxyContext.Provider value={contextValue}>
-      {children}
+      {ssoCallbackIntercepting ? null : children}
     </OxyContext.Provider>
   );
 };

package/src/ui/hooks/useAuth.ts

@@ -194,7 +194,7 @@ export function useAuth(): UseAuthReturn {
     // State
     user,
     isAuthenticated,
-    isLoading,
+    isLoading: isLoading || !isAuthResolved,
     isReady: isTokenReady,
     isAuthResolved,
     error,

package/src/ui/hooks/useFollow.ts

@@ -1,7 +1,7 @@
 import { useCallback, useMemo, useEffect } from 'react';
 import { useFollowStore } from '../stores/followStore';
 import { useOxy } from '../context/OxyContext';
-import type { OxyServices } from '@oxyhq/core';
+import { logger as loggerUtil, type OxyServices } from '@oxyhq/core';
 import { useShallow } from 'zustand/react/shallow';
 
 /**
@@ -18,7 +18,8 @@ import { useShallow } from 'zustand/react/shallow';
  *    them in selectors would cause unnecessary selector recalculations).
  */
 export const useFollow = (userId?: string | string[]) => {
-  const { oxyServices } = useOxy();
+  const { oxyServices, isAuthenticated, isAuthResolved, isTokenReady } = useOxy();
+  const canUsePrivateApi = isAuthResolved && isTokenReady && isAuthenticated;
   const userIds = useMemo(() => (Array.isArray(userId) ? userId : userId ? [userId] : []), [userId]);
   const isSingleUser = typeof userId === 'string';
 
@@ -75,9 +76,10 @@ export const useFollow = (userId?: string | string[]) => {
   // Store actions are accessed via getState() to avoid subscribing to them.
   const toggleFollow = useCallback(async () => {
     if (!isSingleUser || !userId) throw new Error('toggleFollow is only available for single user mode');
+    if (!canUsePrivateApi) throw new Error('Authentication is required to follow users');
     const currentlyFollowing = useFollowStore.getState().followingUsers[userId] ?? false;
     await useFollowStore.getState().toggleFollowUser(userId, oxyServices, currentlyFollowing);
-  }, [isSingleUser, userId, oxyServices]);
+  }, [isSingleUser, userId, canUsePrivateApi, oxyServices]);
 
   const setFollowStatus = useCallback((following: boolean) => {
     if (!isSingleUser || !userId) throw new Error('setFollowStatus is only available for single user mode');
@@ -86,8 +88,9 @@ export const useFollow = (userId?: string | string[]) => {
 
   const fetchStatus = useCallback(async () => {
     if (!isSingleUser || !userId) throw new Error('fetchStatus is only available for single user mode');
+    if (!canUsePrivateApi) return;
     await useFollowStore.getState().fetchFollowStatus(userId, oxyServices);
-  }, [isSingleUser, userId, oxyServices]);
+  }, [isSingleUser, userId, canUsePrivateApi, oxyServices]);
 
   const clearError = useCallback(() => {
     if (!isSingleUser || !userId) throw new Error('clearError is only available for single user mode');
@@ -114,28 +117,33 @@ export const useFollow = (userId?: string | string[]) => {
     if (!isSingleUser || !userId) return;
 
     if ((followerCount === null || followingCount === null) && !isLoadingCounts) {
-      fetchUserCounts().catch((err: unknown) => console.warn('useFollow: fetchUserCounts failed', err));
+      fetchUserCounts().catch((error: unknown) => {
+        loggerUtil.warn('useFollow: fetchUserCounts failed', { component: 'useFollow' }, error);
+      });
     }
   }, [isSingleUser, userId, followerCount, followingCount, isLoadingCounts, fetchUserCounts]);
 
   // Multi-user callbacks
   const toggleFollowForUser = useCallback(async (targetUserId: string) => {
+    if (!canUsePrivateApi) throw new Error('Authentication is required to follow users');
     const currentState = useFollowStore.getState().followingUsers[targetUserId] ?? false;
     await useFollowStore.getState().toggleFollowUser(targetUserId, oxyServices, currentState);
-  }, [oxyServices]);
+  }, [canUsePrivateApi, oxyServices]);
 
   const setFollowStatusForUser = useCallback((targetUserId: string, following: boolean) => {
     useFollowStore.getState().setFollowingStatus(targetUserId, following);
   }, []);
 
   const fetchStatusForUser = useCallback(async (targetUserId: string) => {
+    if (!canUsePrivateApi) return;
     await useFollowStore.getState().fetchFollowStatus(targetUserId, oxyServices);
-  }, [oxyServices]);
+  }, [canUsePrivateApi, oxyServices]);
 
   const fetchAllStatuses = useCallback(async () => {
+    if (!canUsePrivateApi) return;
     const store = useFollowStore.getState();
     await Promise.all(userIds.map(uid => store.fetchFollowStatus(uid, oxyServices)));
-  }, [userIds, oxyServices]);
+  }, [canUsePrivateApi, userIds, oxyServices]);
 
   const clearErrorForUser = useCallback((targetUserId: string) => {
     useFollowStore.getState().clearFollowError(targetUserId);