npm - @oxyhq/services - Versions diffs - 10.2.2 → 10.2.4 - Mend

@oxyhq/services 10.2.2 → 10.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/lib/commonjs/ui/context/OxyContext.js +106 -9
package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
package/lib/commonjs/ui/hooks/useAuth.js +6 -0
package/lib/commonjs/ui/hooks/useAuth.js.map +1 -1
package/lib/module/ui/context/OxyContext.js +106 -9
package/lib/module/ui/context/OxyContext.js.map +1 -1
package/lib/module/ui/hooks/useAuth.js +6 -0
package/lib/module/ui/hooks/useAuth.js.map +1 -1
package/lib/typescript/commonjs/ui/context/OxyContext.d.ts +3 -0
package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
package/lib/typescript/commonjs/ui/hooks/useAuth.d.ts +13 -0
package/lib/typescript/commonjs/ui/hooks/useAuth.d.ts.map +1 -1
package/lib/typescript/module/ui/context/OxyContext.d.ts +3 -0
package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
package/lib/typescript/module/ui/hooks/useAuth.d.ts +13 -0
package/lib/typescript/module/ui/hooks/useAuth.d.ts.map +1 -1
package/package.json +2 -2
package/src/ui/context/OxyContext.tsx +120 -8
package/src/ui/hooks/useAuth.ts +22 -0

package/src/ui/context/OxyContext.tsx CHANGED Viewed

@@ -60,6 +60,9 @@ export interface OxyContextState {
   isAuthenticated: boolean;
   isLoading: boolean;
   isTokenReady: boolean;
+  hasAccessToken: boolean;
+  canUsePrivateApi: boolean;
+  isPrivateApiPending: boolean;
   /**
    * Whether the initial auth determination has concluded.
    *
@@ -251,6 +254,35 @@ const COOKIE_RESTORE_TIMEOUT = 3000;
  */
 const COLD_BOOT_OVERALL_DEADLINE = 20000;
+function getHttpStatus(error: unknown): number | undefined {
+  if (!error || typeof error !== 'object') {
+    return undefined;
+  }
+  if ('status' in error) {
+    const status = (error as { status?: unknown }).status;
+    if (typeof status === 'number') {
+      return status;
+    }
+  }
+  if ('response' in error) {
+    const response = (error as { response?: unknown }).response;
+    if (response && typeof response === 'object' && 'status' in response) {
+      const status = (response as { status?: unknown }).status;
+      if (typeof status === 'number') {
+        return status;
+      }
+    }
+  }
+  return undefined;
+}
+function isUnauthorizedStatus(error: unknown): boolean {
+  return getHttpStatus(error) === 401;
+}
 /**
  * Whether `idpOrigin` is a same-site, first-party host of the current page —
  * i.e. it shares the page's registrable apex (last two labels), so a "no
@@ -273,7 +305,10 @@ function isSameSiteIdP(idpOrigin: string): boolean {
   let idpHostname: string;
   try {
     idpHostname = new URL(idpOrigin).hostname;
-  } catch {
+  } catch (parseError) {
+    if (__DEV__) {
+      loggerUtil.debug('Invalid IdP origin while checking same-site session status', { component: 'OxyContext' }, parseError as unknown);
+    }
     return false;
   }
   const pageHostname = window.location.hostname;
@@ -384,6 +419,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   );
   const [tokenReady, setTokenReady] = useState(true);
+  const [hasAccessToken, setHasAccessToken] = useState(() => Boolean(oxyServices.getAccessToken()));
   // Whether the FIRST cold-boot auth restore has concluded. Starts `false`
   // (auth undetermined) and flips to `true` exactly once — monotonic, never
   // reverts. It now flips the MOMENT a session commits (the common reload case
@@ -393,6 +429,10 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   // `isAuthResolved` on the context type for the consumer contract.
   const [authResolved, setAuthResolved] = useState(false);
   const authResolvedRef = useRef(false);
+  const userRef = useRef<User | null>(user);
+  const isAuthenticatedRef = useRef(isAuthenticated);
+  userRef.current = user;
+  isAuthenticatedRef.current = isAuthenticated;
   const [initialized, setInitialized] = useState(false);
   const [ssoCallbackIntercepting, setSsoCallbackIntercepting] = useState(false);
   const setAuthState = useAuthStore.setState;
@@ -633,6 +673,43 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   updateSessionsRef.current = updateSessions;
   const clearSessionStateRef = useRef(clearSessionState);
   clearSessionStateRef.current = clearSessionState;
+  const clearingInvalidTokenRef = useRef(false);
+  useEffect(() => {
+    const handleTokenChange = (accessToken: string | null) => {
+      setHasAccessToken(Boolean(accessToken));
+      if (accessToken) {
+        setTokenReady(true);
+        return;
+      }
+      if (userRef.current || isAuthenticatedRef.current) {
+        setTokenReady(false);
+        if (clearingInvalidTokenRef.current) {
+          return;
+        }
+        clearingInvalidTokenRef.current = true;
+        clearSessionStateRef.current()
+          .catch((clearError) => {
+            logger('Failed to clear invalidated auth session', clearError);
+          })
+          .finally(() => {
+            clearingInvalidTokenRef.current = false;
+            if (authResolvedRef.current) {
+              setTokenReady(true);
+            }
+          });
+        return;
+      }
+      if (authResolvedRef.current) {
+        setTokenReady(true);
+      }
+    };
+    handleTokenChange(oxyServices.getAccessToken());
+    return oxyServices.onTokensChanged(handleTokenChange);
+  }, [logger, oxyServices]);
   // Durable, navigation-safe session persistence.
   //
@@ -649,12 +726,16 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     await readyStorage.setItem(storageKeys.activeSessionId, sessionId);
     const existingIds = await readyStorage.getItem(storageKeys.sessionIds);
     let sessionIds: string[] = [];
-    try { sessionIds = existingIds ? JSON.parse(existingIds) : []; } catch { /* corrupted storage */ }
+    try {
+      sessionIds = existingIds ? JSON.parse(existingIds) : [];
+    } catch (parseError) {
+      logger('Failed to parse persisted session ids; replacing corrupted storage value', parseError);
+    }
     if (!sessionIds.includes(sessionId)) {
       sessionIds.push(sessionId);
       await readyStorage.setItem(storageKeys.sessionIds, JSON.stringify(sessionIds));
     }
-  }, [getReadyStorage, storageKeys.activeSessionId, storageKeys.sessionIds]);
+  }, [getReadyStorage, logger, storageKeys.activeSessionId, storageKeys.sessionIds]);
   // Refs so the cold-boot restore can plant session state without widening its
   // dependency array (mirrors the existing ref pattern above).
@@ -1397,7 +1478,10 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     let fullUser: User;
     try {
       fullUser = await oxyServices.getCurrentUser();
-    } catch {
+    } catch (profileError) {
+      if (__DEV__) {
+        loggerUtil.debug('Failed to fetch full user after web session; using session user fallback', { component: 'OxyContext', method: 'handleWebSSOSession' }, profileError as unknown);
+      }
       // If the profile fetch fails, fall back to the minimal data from the session
       // so the user is still logged in (the store accepts User, but the shapes overlap at runtime).
       fullUser = session.user as unknown as User;
@@ -1615,16 +1699,25 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   // Load managed accounts when authenticated
   const refreshManagedAccounts = useCallback(async (): Promise<void> => {
-    if (!isAuthenticated) return;
+    if (!isAuthenticated || !tokenReady || !oxyServices.getAccessToken()) {
+      setManagedAccounts([]);
+      return;
+    }
     try {
       const accounts = await oxyServices.getManagedAccounts();
       setManagedAccounts(accounts);
     } catch (err) {
+      if (isUnauthorizedStatus(err)) {
+        setManagedAccounts([]);
+        await clearSessionStateRef.current();
+        return;
+      }
       if (__DEV__) {
         loggerUtil.debug('Failed to load managed accounts', { component: 'OxyContext' }, err as unknown);
       }
     }
-  }, [isAuthenticated, oxyServices]);
+  }, [isAuthenticated, oxyServices, tokenReady]);
   useEffect(() => {
     if (isAuthenticated && initialized && tokenReady) {
@@ -1638,9 +1731,13 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     // Persist to storage
     if (storage) {
       if (userId) {
-        storage.setItem(`${storageKeyPrefix}_acting_as`, userId).catch(() => {});
+        storage.setItem(`${storageKeyPrefix}_acting_as`, userId).catch((persistError) => {
+          loggerUtil.debug('Failed to persist acting-as account', { component: 'OxyContext' }, persistError as unknown);
+        });
       } else {
-        storage.removeItem(`${storageKeyPrefix}_acting_as`).catch(() => {});
+        storage.removeItem(`${storageKeyPrefix}_acting_as`).catch((persistError) => {
+          loggerUtil.debug('Failed to clear acting-as account', { component: 'OxyContext' }, persistError as unknown);
+        });
       }
     }
   }, [oxyServices, storage, storageKeyPrefix]);
@@ -1651,6 +1748,9 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     return account;
   }, [oxyServices, refreshManagedAccounts]);
+  const canUsePrivateApi = authResolved && isAuthenticated && tokenReady && hasAccessToken;
+  const isPrivateApiPending = !authResolved || (isAuthenticated && (!tokenReady || !hasAccessToken));
   const contextValue: OxyContextState = useMemo(() => ({
     user,
     sessions,
@@ -1658,6 +1758,9 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     isAuthenticated,
     isLoading,
     isTokenReady: tokenReady,
+    hasAccessToken,
+    canUsePrivateApi,
+    isPrivateApiPending,
     isAuthResolved: authResolved,
     isStorageReady: storage !== null,
     error,
@@ -1701,6 +1804,9 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     currentNativeLanguageName,
     error,
     getDeviceSessions,
+    hasAccessToken,
+    canUsePrivateApi,
+    isPrivateApiPending,
     getPublicKey,
     hasIdentity,
     isAuthenticated,
@@ -1717,6 +1823,9 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     storage,
     switchSessionForContext,
     tokenReady,
+    hasAccessToken,
+    canUsePrivateApi,
+    isPrivateApiPending,
     authResolved,
     updateDeviceName,
     clearAllAccountData,
@@ -1765,6 +1874,9 @@ const LOADING_STATE: OxyContextState = {
   isAuthenticated: false,
   isLoading: true,
   isTokenReady: false,
+  hasAccessToken: false,
+  canUsePrivateApi: false,
+  isPrivateApiPending: true,
   isAuthResolved: false,
   isStorageReady: false,
   error: null,

package/src/ui/hooks/useAuth.ts CHANGED Viewed

@@ -41,6 +41,22 @@ export interface AuthState {
   /** Whether the auth token is ready for API calls */
   isReady: boolean;
+  /** Whether the current OxyServices instance currently holds an access token */
+  hasAccessToken: boolean;
+  /**
+   * True only when auth cold-boot is resolved, the user is authenticated, and a
+   * bearer token is available for private backend requests.
+   */
+  canUsePrivateApi: boolean;
+  /**
+   * True while the SDK is still resolving auth or an authenticated session is
+   * waiting for its bearer token. Use this to hold private API screens in a
+   * loading state instead of firing unauthenticated requests.
+   */
+  isPrivateApiPending: boolean;
   /**
    * Whether the initial auth determination has concluded.
    *
@@ -107,6 +123,9 @@ export function useAuth(): UseAuthReturn {
     isAuthenticated,
     isLoading,
     isTokenReady,
+    hasAccessToken,
+    canUsePrivateApi,
+    isPrivateApiPending,
     isAuthResolved,
     error,
     signIn: oxySignIn,
@@ -196,6 +215,9 @@ export function useAuth(): UseAuthReturn {
     isAuthenticated,
     isLoading: isLoading || !isAuthResolved,
     isReady: isTokenReady,
+    hasAccessToken,
+    canUsePrivateApi,
+    isPrivateApiPending,
     isAuthResolved,
     error,