@oxyhq/services 14.1.0 → 16.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (292) hide show
  1. package/lib/commonjs/index.js +4 -21
  2. package/lib/commonjs/index.js.map +1 -1
  3. package/lib/commonjs/ui/components/SignInAccountChooser.js +189 -0
  4. package/lib/commonjs/ui/components/SignInAccountChooser.js.map +1 -0
  5. package/lib/commonjs/ui/components/SignInModal.js +350 -131
  6. package/lib/commonjs/ui/components/SignInModal.js.map +1 -1
  7. package/lib/commonjs/ui/context/OxyContext.js +340 -1547
  8. package/lib/commonjs/ui/context/OxyContext.js.map +1 -1
  9. package/lib/commonjs/ui/context/hooks/useAuthOperations.js +61 -64
  10. package/lib/commonjs/ui/context/hooks/useAuthOperations.js.map +1 -1
  11. package/lib/commonjs/ui/hooks/mutations/mutationKeys.js +1 -1
  12. package/lib/commonjs/ui/hooks/mutations/useAccountMutations.js +9 -9
  13. package/lib/commonjs/ui/hooks/mutations/useAccountMutations.js.map +1 -1
  14. package/lib/commonjs/ui/hooks/queries/queryKeys.js +1 -1
  15. package/lib/commonjs/ui/hooks/queries/useAccountQueries.js +7 -8
  16. package/lib/commonjs/ui/hooks/queries/useAccountQueries.js.map +1 -1
  17. package/lib/commonjs/ui/hooks/useAuth.js +14 -33
  18. package/lib/commonjs/ui/hooks/useAuth.js.map +1 -1
  19. package/lib/commonjs/ui/hooks/usePasswordSignIn.js +170 -0
  20. package/lib/commonjs/ui/hooks/usePasswordSignIn.js.map +1 -0
  21. package/lib/commonjs/ui/hooks/useProfileEditing.js +2 -5
  22. package/lib/commonjs/ui/hooks/useProfileEditing.js.map +1 -1
  23. package/lib/commonjs/ui/hooks/useSessionManagement.js +2 -2
  24. package/lib/commonjs/ui/hooks/useSessionManagement.js.map +1 -1
  25. package/lib/commonjs/ui/navigation/routes.js +1 -0
  26. package/lib/commonjs/ui/navigation/routes.js.map +1 -1
  27. package/lib/commonjs/ui/screens/ConnectedAppsScreen.js +17 -18
  28. package/lib/commonjs/ui/screens/ConnectedAppsScreen.js.map +1 -1
  29. package/lib/commonjs/ui/screens/EditProfileFieldScreen.js +93 -68
  30. package/lib/commonjs/ui/screens/EditProfileFieldScreen.js.map +1 -1
  31. package/lib/commonjs/ui/screens/EditProfileScreen.js +187 -0
  32. package/lib/commonjs/ui/screens/EditProfileScreen.js.map +1 -0
  33. package/lib/commonjs/ui/screens/ManageAccountScreen.js +3 -7
  34. package/lib/commonjs/ui/screens/ManageAccountScreen.js.map +1 -1
  35. package/lib/commonjs/ui/screens/OxyAuthScreen.js +231 -95
  36. package/lib/commonjs/ui/screens/OxyAuthScreen.js.map +1 -1
  37. package/lib/commonjs/ui/screens/ProfileScreen.js +15 -2
  38. package/lib/commonjs/ui/screens/ProfileScreen.js.map +1 -1
  39. package/lib/commonjs/ui/screens/linkFormat.js +38 -0
  40. package/lib/commonjs/ui/screens/linkFormat.js.map +1 -0
  41. package/lib/commonjs/ui/session/authStore.js +146 -0
  42. package/lib/commonjs/ui/session/authStore.js.map +1 -0
  43. package/lib/commonjs/ui/session/createSessionClient.js +23 -17
  44. package/lib/commonjs/ui/session/createSessionClient.js.map +1 -1
  45. package/lib/commonjs/ui/session/index.js +13 -7
  46. package/lib/commonjs/ui/session/index.js.map +1 -1
  47. package/lib/commonjs/ui/session/tokenTransport.js +19 -31
  48. package/lib/commonjs/ui/session/tokenTransport.js.map +1 -1
  49. package/lib/commonjs/ui/utils/isWebBrowser.js +13 -0
  50. package/lib/commonjs/ui/utils/isWebBrowser.js.map +1 -0
  51. package/lib/commonjs/utils/deviceFlowSignIn.js +13 -16
  52. package/lib/commonjs/utils/deviceFlowSignIn.js.map +1 -1
  53. package/lib/module/index.js +2 -7
  54. package/lib/module/index.js.map +1 -1
  55. package/lib/module/ui/components/SignInAccountChooser.js +183 -0
  56. package/lib/module/ui/components/SignInAccountChooser.js.map +1 -0
  57. package/lib/module/ui/components/SignInModal.js +352 -134
  58. package/lib/module/ui/components/SignInModal.js.map +1 -1
  59. package/lib/module/ui/context/OxyContext.js +342 -1551
  60. package/lib/module/ui/context/OxyContext.js.map +1 -1
  61. package/lib/module/ui/context/hooks/useAuthOperations.js +60 -63
  62. package/lib/module/ui/context/hooks/useAuthOperations.js.map +1 -1
  63. package/lib/module/ui/hooks/mutations/mutationKeys.js +1 -1
  64. package/lib/module/ui/hooks/mutations/useAccountMutations.js +7 -7
  65. package/lib/module/ui/hooks/mutations/useAccountMutations.js.map +1 -1
  66. package/lib/module/ui/hooks/queries/queryKeys.js +1 -1
  67. package/lib/module/ui/hooks/queries/useAccountQueries.js +5 -6
  68. package/lib/module/ui/hooks/queries/useAccountQueries.js.map +1 -1
  69. package/lib/module/ui/hooks/useAuth.js +14 -33
  70. package/lib/module/ui/hooks/useAuth.js.map +1 -1
  71. package/lib/module/ui/hooks/usePasswordSignIn.js +165 -0
  72. package/lib/module/ui/hooks/usePasswordSignIn.js.map +1 -0
  73. package/lib/module/ui/hooks/useProfileEditing.js +2 -5
  74. package/lib/module/ui/hooks/useProfileEditing.js.map +1 -1
  75. package/lib/module/ui/hooks/useSessionManagement.js +1 -1
  76. package/lib/module/ui/hooks/useSessionManagement.js.map +1 -1
  77. package/lib/module/ui/navigation/routes.js +1 -0
  78. package/lib/module/ui/navigation/routes.js.map +1 -1
  79. package/lib/module/ui/screens/ConnectedAppsScreen.js +19 -20
  80. package/lib/module/ui/screens/ConnectedAppsScreen.js.map +1 -1
  81. package/lib/module/ui/screens/EditProfileFieldScreen.js +91 -66
  82. package/lib/module/ui/screens/EditProfileFieldScreen.js.map +1 -1
  83. package/lib/module/ui/screens/EditProfileScreen.js +182 -0
  84. package/lib/module/ui/screens/EditProfileScreen.js.map +1 -0
  85. package/lib/module/ui/screens/ManageAccountScreen.js +3 -7
  86. package/lib/module/ui/screens/ManageAccountScreen.js.map +1 -1
  87. package/lib/module/ui/screens/OxyAuthScreen.js +233 -97
  88. package/lib/module/ui/screens/OxyAuthScreen.js.map +1 -1
  89. package/lib/module/ui/screens/ProfileScreen.js +15 -2
  90. package/lib/module/ui/screens/ProfileScreen.js.map +1 -1
  91. package/lib/module/ui/screens/linkFormat.js +31 -0
  92. package/lib/module/ui/screens/linkFormat.js.map +1 -0
  93. package/lib/module/ui/session/authStore.js +143 -0
  94. package/lib/module/ui/session/authStore.js.map +1 -0
  95. package/lib/module/ui/session/createSessionClient.js +22 -16
  96. package/lib/module/ui/session/createSessionClient.js.map +1 -1
  97. package/lib/module/ui/session/index.js +9 -9
  98. package/lib/module/ui/session/index.js.map +1 -1
  99. package/lib/module/ui/session/tokenTransport.js +20 -33
  100. package/lib/module/ui/session/tokenTransport.js.map +1 -1
  101. package/lib/module/ui/utils/isWebBrowser.js +11 -0
  102. package/lib/module/ui/utils/isWebBrowser.js.map +1 -0
  103. package/lib/module/utils/deviceFlowSignIn.js +14 -17
  104. package/lib/module/utils/deviceFlowSignIn.js.map +1 -1
  105. package/lib/typescript/commonjs/index.d.ts +2 -3
  106. package/lib/typescript/commonjs/index.d.ts.map +1 -1
  107. package/lib/typescript/commonjs/ui/components/SignInAccountChooser.d.ts +29 -0
  108. package/lib/typescript/commonjs/ui/components/SignInAccountChooser.d.ts.map +1 -0
  109. package/lib/typescript/commonjs/ui/components/SignInModal.d.ts +15 -10
  110. package/lib/typescript/commonjs/ui/components/SignInModal.d.ts.map +1 -1
  111. package/lib/typescript/commonjs/ui/context/OxyContext.d.ts +36 -42
  112. package/lib/typescript/commonjs/ui/context/OxyContext.d.ts.map +1 -1
  113. package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts +18 -23
  114. package/lib/typescript/commonjs/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
  115. package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts +4 -6
  116. package/lib/typescript/commonjs/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
  117. package/lib/typescript/commonjs/ui/hooks/queries/useAccountQueries.d.ts +6 -7
  118. package/lib/typescript/commonjs/ui/hooks/queries/useAccountQueries.d.ts.map +1 -1
  119. package/lib/typescript/commonjs/ui/hooks/useAuth.d.ts.map +1 -1
  120. package/lib/typescript/commonjs/ui/hooks/usePasswordSignIn.d.ts +31 -0
  121. package/lib/typescript/commonjs/ui/hooks/usePasswordSignIn.d.ts.map +1 -0
  122. package/lib/typescript/commonjs/ui/hooks/useProfileEditing.d.ts +0 -1
  123. package/lib/typescript/commonjs/ui/hooks/useProfileEditing.d.ts.map +1 -1
  124. package/lib/typescript/commonjs/ui/navigation/routes.d.ts +1 -1
  125. package/lib/typescript/commonjs/ui/navigation/routes.d.ts.map +1 -1
  126. package/lib/typescript/commonjs/ui/screens/ConnectedAppsScreen.d.ts.map +1 -1
  127. package/lib/typescript/commonjs/ui/screens/EditProfileFieldScreen.d.ts.map +1 -1
  128. package/lib/typescript/commonjs/ui/screens/EditProfileScreen.d.ts +14 -0
  129. package/lib/typescript/commonjs/ui/screens/EditProfileScreen.d.ts.map +1 -0
  130. package/lib/typescript/commonjs/ui/screens/ManageAccountScreen.d.ts +1 -1
  131. package/lib/typescript/commonjs/ui/screens/ManageAccountScreen.d.ts.map +1 -1
  132. package/lib/typescript/commonjs/ui/screens/OxyAuthScreen.d.ts +13 -12
  133. package/lib/typescript/commonjs/ui/screens/OxyAuthScreen.d.ts.map +1 -1
  134. package/lib/typescript/commonjs/ui/screens/ProfileScreen.d.ts.map +1 -1
  135. package/lib/typescript/commonjs/ui/screens/linkFormat.d.ts +23 -0
  136. package/lib/typescript/commonjs/ui/screens/linkFormat.d.ts.map +1 -0
  137. package/lib/typescript/commonjs/ui/session/authStore.d.ts +33 -0
  138. package/lib/typescript/commonjs/ui/session/authStore.d.ts.map +1 -0
  139. package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts +19 -15
  140. package/lib/typescript/commonjs/ui/session/createSessionClient.d.ts.map +1 -1
  141. package/lib/typescript/commonjs/ui/session/index.d.ts +9 -9
  142. package/lib/typescript/commonjs/ui/session/index.d.ts.map +1 -1
  143. package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts +13 -19
  144. package/lib/typescript/commonjs/ui/session/tokenTransport.d.ts.map +1 -1
  145. package/lib/typescript/commonjs/ui/utils/isWebBrowser.d.ts +9 -0
  146. package/lib/typescript/commonjs/ui/utils/isWebBrowser.d.ts.map +1 -0
  147. package/lib/typescript/commonjs/ui/utils/storageHelpers.d.ts +7 -7
  148. package/lib/typescript/commonjs/utils/deviceFlowSignIn.d.ts +15 -13
  149. package/lib/typescript/commonjs/utils/deviceFlowSignIn.d.ts.map +1 -1
  150. package/lib/typescript/module/index.d.ts +2 -3
  151. package/lib/typescript/module/index.d.ts.map +1 -1
  152. package/lib/typescript/module/ui/components/SignInAccountChooser.d.ts +29 -0
  153. package/lib/typescript/module/ui/components/SignInAccountChooser.d.ts.map +1 -0
  154. package/lib/typescript/module/ui/components/SignInModal.d.ts +15 -10
  155. package/lib/typescript/module/ui/components/SignInModal.d.ts.map +1 -1
  156. package/lib/typescript/module/ui/context/OxyContext.d.ts +36 -42
  157. package/lib/typescript/module/ui/context/OxyContext.d.ts.map +1 -1
  158. package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts +18 -23
  159. package/lib/typescript/module/ui/context/hooks/useAuthOperations.d.ts.map +1 -1
  160. package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts +4 -6
  161. package/lib/typescript/module/ui/hooks/mutations/useAccountMutations.d.ts.map +1 -1
  162. package/lib/typescript/module/ui/hooks/queries/useAccountQueries.d.ts +6 -7
  163. package/lib/typescript/module/ui/hooks/queries/useAccountQueries.d.ts.map +1 -1
  164. package/lib/typescript/module/ui/hooks/useAuth.d.ts.map +1 -1
  165. package/lib/typescript/module/ui/hooks/usePasswordSignIn.d.ts +31 -0
  166. package/lib/typescript/module/ui/hooks/usePasswordSignIn.d.ts.map +1 -0
  167. package/lib/typescript/module/ui/hooks/useProfileEditing.d.ts +0 -1
  168. package/lib/typescript/module/ui/hooks/useProfileEditing.d.ts.map +1 -1
  169. package/lib/typescript/module/ui/navigation/routes.d.ts +1 -1
  170. package/lib/typescript/module/ui/navigation/routes.d.ts.map +1 -1
  171. package/lib/typescript/module/ui/screens/ConnectedAppsScreen.d.ts.map +1 -1
  172. package/lib/typescript/module/ui/screens/EditProfileFieldScreen.d.ts.map +1 -1
  173. package/lib/typescript/module/ui/screens/EditProfileScreen.d.ts +14 -0
  174. package/lib/typescript/module/ui/screens/EditProfileScreen.d.ts.map +1 -0
  175. package/lib/typescript/module/ui/screens/ManageAccountScreen.d.ts +1 -1
  176. package/lib/typescript/module/ui/screens/ManageAccountScreen.d.ts.map +1 -1
  177. package/lib/typescript/module/ui/screens/OxyAuthScreen.d.ts +13 -12
  178. package/lib/typescript/module/ui/screens/OxyAuthScreen.d.ts.map +1 -1
  179. package/lib/typescript/module/ui/screens/ProfileScreen.d.ts.map +1 -1
  180. package/lib/typescript/module/ui/screens/linkFormat.d.ts +23 -0
  181. package/lib/typescript/module/ui/screens/linkFormat.d.ts.map +1 -0
  182. package/lib/typescript/module/ui/session/authStore.d.ts +33 -0
  183. package/lib/typescript/module/ui/session/authStore.d.ts.map +1 -0
  184. package/lib/typescript/module/ui/session/createSessionClient.d.ts +19 -15
  185. package/lib/typescript/module/ui/session/createSessionClient.d.ts.map +1 -1
  186. package/lib/typescript/module/ui/session/index.d.ts +9 -9
  187. package/lib/typescript/module/ui/session/index.d.ts.map +1 -1
  188. package/lib/typescript/module/ui/session/tokenTransport.d.ts +13 -19
  189. package/lib/typescript/module/ui/session/tokenTransport.d.ts.map +1 -1
  190. package/lib/typescript/module/ui/utils/isWebBrowser.d.ts +9 -0
  191. package/lib/typescript/module/ui/utils/isWebBrowser.d.ts.map +1 -0
  192. package/lib/typescript/module/ui/utils/storageHelpers.d.ts +7 -7
  193. package/lib/typescript/module/utils/deviceFlowSignIn.d.ts +15 -13
  194. package/lib/typescript/module/utils/deviceFlowSignIn.d.ts.map +1 -1
  195. package/package.json +4 -4
  196. package/src/index.ts +2 -6
  197. package/src/ui/components/SignInAccountChooser.tsx +162 -0
  198. package/src/ui/components/SignInModal.tsx +309 -139
  199. package/src/ui/context/OxyContext.tsx +532 -1785
  200. package/src/ui/context/hooks/useAuthOperations.ts +65 -76
  201. package/src/ui/hooks/mutations/mutationKeys.ts +1 -1
  202. package/src/ui/hooks/mutations/useAccountMutations.ts +7 -7
  203. package/src/ui/hooks/queries/queryKeys.ts +1 -1
  204. package/src/ui/hooks/queries/useAccountQueries.ts +8 -9
  205. package/src/ui/hooks/useAuth.ts +14 -35
  206. package/src/ui/hooks/usePasswordSignIn.ts +207 -0
  207. package/src/ui/hooks/useProfileEditing.ts +2 -8
  208. package/src/ui/hooks/useSessionManagement.ts +1 -1
  209. package/src/ui/navigation/routes.ts +3 -1
  210. package/src/ui/screens/ConnectedAppsScreen.tsx +23 -24
  211. package/src/ui/screens/EditProfileFieldScreen.tsx +102 -66
  212. package/src/ui/screens/EditProfileScreen.tsx +155 -0
  213. package/src/ui/screens/ManageAccountScreen.tsx +3 -7
  214. package/src/ui/screens/OxyAuthScreen.tsx +259 -112
  215. package/src/ui/screens/ProfileScreen.tsx +15 -2
  216. package/src/ui/screens/__tests__/linkFormat.test.ts +73 -0
  217. package/src/ui/screens/linkFormat.ts +37 -0
  218. package/src/ui/session/__tests__/createSessionClient.test.ts +22 -7
  219. package/src/ui/session/__tests__/tokenTransport.test.ts +37 -49
  220. package/src/ui/session/authStore.ts +164 -0
  221. package/src/ui/session/createSessionClient.ts +30 -17
  222. package/src/ui/session/index.ts +10 -9
  223. package/src/ui/session/tokenTransport.ts +26 -36
  224. package/src/ui/utils/isWebBrowser.ts +8 -0
  225. package/src/ui/utils/storageHelpers.ts +7 -7
  226. package/src/utils/__tests__/deviceFlowSignIn.test.ts +50 -131
  227. package/src/utils/deviceFlowSignIn.ts +19 -26
  228. package/lib/commonjs/ui/context/inSessionTokenRefresh.js +0 -243
  229. package/lib/commonjs/ui/context/inSessionTokenRefresh.js.map +0 -1
  230. package/lib/commonjs/ui/context/silentSessionRestore.js +0 -56
  231. package/lib/commonjs/ui/context/silentSessionRestore.js.map +0 -1
  232. package/lib/commonjs/ui/hooks/useWebSSO.js +0 -28
  233. package/lib/commonjs/ui/hooks/useWebSSO.js.map +0 -1
  234. package/lib/commonjs/ui/session/projectSessionState.js +0 -86
  235. package/lib/commonjs/ui/session/projectSessionState.js.map +0 -1
  236. package/lib/commonjs/ui/session/sessionClientHost.js +0 -30
  237. package/lib/commonjs/ui/session/sessionClientHost.js.map +0 -1
  238. package/lib/commonjs/ui/utils/activeAuthuser.js +0 -142
  239. package/lib/commonjs/ui/utils/activeAuthuser.js.map +0 -1
  240. package/lib/commonjs/utils/crossApex.js +0 -74
  241. package/lib/commonjs/utils/crossApex.js.map +0 -1
  242. package/lib/module/ui/context/inSessionTokenRefresh.js +0 -238
  243. package/lib/module/ui/context/inSessionTokenRefresh.js.map +0 -1
  244. package/lib/module/ui/context/silentSessionRestore.js +0 -53
  245. package/lib/module/ui/context/silentSessionRestore.js.map +0 -1
  246. package/lib/module/ui/hooks/useWebSSO.js +0 -24
  247. package/lib/module/ui/hooks/useWebSSO.js.map +0 -1
  248. package/lib/module/ui/session/projectSessionState.js +0 -79
  249. package/lib/module/ui/session/projectSessionState.js.map +0 -1
  250. package/lib/module/ui/session/sessionClientHost.js +0 -26
  251. package/lib/module/ui/session/sessionClientHost.js.map +0 -1
  252. package/lib/module/ui/utils/activeAuthuser.js +0 -134
  253. package/lib/module/ui/utils/activeAuthuser.js.map +0 -1
  254. package/lib/module/utils/crossApex.js +0 -69
  255. package/lib/module/utils/crossApex.js.map +0 -1
  256. package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts +0 -106
  257. package/lib/typescript/commonjs/ui/context/inSessionTokenRefresh.d.ts.map +0 -1
  258. package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts +0 -36
  259. package/lib/typescript/commonjs/ui/context/silentSessionRestore.d.ts.map +0 -1
  260. package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts +0 -19
  261. package/lib/typescript/commonjs/ui/hooks/useWebSSO.d.ts.map +0 -1
  262. package/lib/typescript/commonjs/ui/session/projectSessionState.d.ts +0 -45
  263. package/lib/typescript/commonjs/ui/session/projectSessionState.d.ts.map +0 -1
  264. package/lib/typescript/commonjs/ui/session/sessionClientHost.d.ts +0 -14
  265. package/lib/typescript/commonjs/ui/session/sessionClientHost.d.ts.map +0 -1
  266. package/lib/typescript/commonjs/ui/utils/activeAuthuser.d.ts +0 -67
  267. package/lib/typescript/commonjs/ui/utils/activeAuthuser.d.ts.map +0 -1
  268. package/lib/typescript/commonjs/utils/crossApex.d.ts +0 -55
  269. package/lib/typescript/commonjs/utils/crossApex.d.ts.map +0 -1
  270. package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts +0 -106
  271. package/lib/typescript/module/ui/context/inSessionTokenRefresh.d.ts.map +0 -1
  272. package/lib/typescript/module/ui/context/silentSessionRestore.d.ts +0 -36
  273. package/lib/typescript/module/ui/context/silentSessionRestore.d.ts.map +0 -1
  274. package/lib/typescript/module/ui/hooks/useWebSSO.d.ts +0 -19
  275. package/lib/typescript/module/ui/hooks/useWebSSO.d.ts.map +0 -1
  276. package/lib/typescript/module/ui/session/projectSessionState.d.ts +0 -45
  277. package/lib/typescript/module/ui/session/projectSessionState.d.ts.map +0 -1
  278. package/lib/typescript/module/ui/session/sessionClientHost.d.ts +0 -14
  279. package/lib/typescript/module/ui/session/sessionClientHost.d.ts.map +0 -1
  280. package/lib/typescript/module/ui/utils/activeAuthuser.d.ts +0 -67
  281. package/lib/typescript/module/ui/utils/activeAuthuser.d.ts.map +0 -1
  282. package/lib/typescript/module/utils/crossApex.d.ts +0 -55
  283. package/lib/typescript/module/utils/crossApex.d.ts.map +0 -1
  284. package/src/ui/context/inSessionTokenRefresh.ts +0 -264
  285. package/src/ui/context/silentSessionRestore.ts +0 -53
  286. package/src/ui/hooks/useWebSSO.ts +0 -23
  287. package/src/ui/session/__tests__/projectSessionState.test.ts +0 -114
  288. package/src/ui/session/__tests__/sessionClientHost.test.ts +0 -43
  289. package/src/ui/session/projectSessionState.ts +0 -85
  290. package/src/ui/session/sessionClientHost.ts +0 -27
  291. package/src/ui/utils/activeAuthuser.ts +0 -142
  292. package/src/utils/crossApex.ts +0 -75
@@ -1,28 +0,0 @@
1
- "use strict";
2
-
3
- Object.defineProperty(exports, "__esModule", {
4
- value: true
5
- });
6
- exports.isWebBrowser = isWebBrowser;
7
- /**
8
- * Platform detection helper for the web auth/session-sync surfaces.
9
- *
10
- * This module previously hosted a FedCM-based `useWebSSO` hook (Federated
11
- * Credential Management — Chrome-only). It was removed: FedCM is no longer
12
- * used anywhere in the client sign-in/cold-boot path (see `CrossDomainAuth`'s
13
- * doc comment in `@oxyhq/core` for the production sign-in loop that motivated
14
- * the removal). Cross-domain silent SSO is owned entirely by the
15
- * `silent-iframe` cold-boot step (per-apex `/auth/silent`) plus the terminal
16
- * `/sso` bounce in `OxyContext`.
17
- *
18
- * `isWebBrowser` is kept here (rather than moved) so every existing consumer
19
- * import path stays valid.
20
- */
21
-
22
- /**
23
- * Check if we're running in a web browser environment (not React Native)
24
- */
25
- function isWebBrowser() {
26
- return typeof window !== 'undefined' && typeof document !== 'undefined' && typeof document.documentElement !== 'undefined';
27
- }
28
- //# sourceMappingURL=useWebSSO.js.map
@@ -1 +0,0 @@
1
- {"version":3,"names":["isWebBrowser","window","document","documentElement"],"sourceRoot":"../../../../src","sources":["ui/hooks/useWebSSO.ts"],"mappings":";;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACO,SAASA,YAAYA,CAAA,EAAY;EACtC,OAAO,OAAOC,MAAM,KAAK,WAAW,IAC7B,OAAOC,QAAQ,KAAK,WAAW,IAC/B,OAAOA,QAAQ,CAACC,eAAe,KAAK,WAAW;AACxD","ignoreList":[]}
@@ -1,86 +0,0 @@
1
- "use strict";
2
-
3
- Object.defineProperty(exports, "__esModule", {
4
- value: true
5
- });
6
- exports.accountIdsOf = accountIdsOf;
7
- exports.activeSessionIdOf = activeSessionIdOf;
8
- exports.activeUserOf = activeUserOf;
9
- exports.deviceStateToClientSessions = deviceStateToClientSessions;
10
- /**
11
- * Pure projection helpers: `DeviceSessionState` (the device-scoped
12
- * multi-account session-sync state produced by `@oxyhq/core`'s
13
- * `SessionClient`) -> the shapes `OxyContext` renders today
14
- * (`ClientSession[]`, an active session id, an active `User`).
15
- *
16
- * No I/O. The caller fetches profiles via
17
- * `oxyServices.getUsersByIds(accountIdsOf(state))` and builds `usersById`
18
- * from the result before calling `deviceStateToClientSessions` /
19
- * `activeUserOf`.
20
- */
21
-
22
- /**
23
- * Maps every `SessionAccount` in `state.accounts` to a `ClientSession`.
24
- *
25
- * `DeviceSessionState` carries no per-account `expiresAt` / `lastActive` —
26
- * both are set to `state.updatedAt` (converted to an ISO-8601 string; the
27
- * wire value is an epoch-ms number) as a provisional value. Fase 3-B
28
- * rewrites `ClientSession` to make `expiresAt`/`lastActive` optional (they
29
- * are not derivable from `DeviceSessionState`).
30
- *
31
- * `usersById` is accepted for signature symmetry with `activeUserOf` even
32
- * though `ClientSession` only stores `userId` — a session is still
33
- * projected for an account whose id is absent from `usersById` (no
34
- * placeholder user is fabricated).
35
- */
36
- function deviceStateToClientSessions(state, usersById) {
37
- const provisionalTimestamp = new Date(state.updatedAt).toISOString();
38
- return state.accounts.map(account => ({
39
- sessionId: account.sessionId,
40
- deviceId: state.deviceId,
41
- // provisional: Fase 3-B rewrites ClientSession to make expiresAt/lastActive
42
- // optional (they are not in DeviceSessionState)
43
- expiresAt: provisionalTimestamp,
44
- lastActive: provisionalTimestamp,
45
- userId: account.accountId,
46
- isCurrent: account.accountId === state.activeAccountId,
47
- authuser: account.authuser
48
- }));
49
- }
50
-
51
- /**
52
- * The active account's `sessionId`, or `null` when there is no state or no
53
- * active account is set.
54
- */
55
- function activeSessionIdOf(state) {
56
- if (state === null || state.activeAccountId === null) {
57
- return null;
58
- }
59
- const activeAccountId = state.activeAccountId;
60
- const activeAccount = state.accounts.find(account => account.accountId === activeAccountId);
61
- return activeAccount?.sessionId ?? null;
62
- }
63
-
64
- /**
65
- * The active account's `User`, resolved from `usersById`. `null` when there
66
- * is no state, no active account is set, or the active account id is absent
67
- * from `usersById`.
68
- */
69
- function activeUserOf(state, usersById) {
70
- if (state === null || state.activeAccountId === null) {
71
- return null;
72
- }
73
- return usersById.get(state.activeAccountId) ?? null;
74
- }
75
-
76
- /**
77
- * All account ids in `state`, suitable for an `oxyServices.getUsersByIds(...)`
78
- * fetch. `[]` for `null` state.
79
- */
80
- function accountIdsOf(state) {
81
- if (state === null) {
82
- return [];
83
- }
84
- return state.accounts.map(account => account.accountId);
85
- }
86
- //# sourceMappingURL=projectSessionState.js.map
@@ -1 +0,0 @@
1
- {"version":3,"names":["deviceStateToClientSessions","state","usersById","provisionalTimestamp","Date","updatedAt","toISOString","accounts","map","account","sessionId","deviceId","expiresAt","lastActive","userId","accountId","isCurrent","activeAccountId","authuser","activeSessionIdOf","activeAccount","find","activeUserOf","get","accountIdsOf"],"sourceRoot":"../../../../src","sources":["ui/session/projectSessionState.ts"],"mappings":";;;;;;;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,2BAA2BA,CACzCC,KAAyB,EACzBC,SAA4B,EACX;EACjB,MAAMC,oBAAoB,GAAG,IAAIC,IAAI,CAACH,KAAK,CAACI,SAAS,CAAC,CAACC,WAAW,CAAC,CAAC;EACpE,OAAOL,KAAK,CAACM,QAAQ,CAACC,GAAG,CAAEC,OAAO,KAAM;IACtCC,SAAS,EAAED,OAAO,CAACC,SAAS;IAC5BC,QAAQ,EAAEV,KAAK,CAACU,QAAQ;IACxB;IACA;IACAC,SAAS,EAAET,oBAAoB;IAC/BU,UAAU,EAAEV,oBAAoB;IAChCW,MAAM,EAAEL,OAAO,CAACM,SAAS;IACzBC,SAAS,EAAEP,OAAO,CAACM,SAAS,KAAKd,KAAK,CAACgB,eAAe;IACtDC,QAAQ,EAAET,OAAO,CAACS;EACpB,CAAC,CAAC,CAAC;AACL;;AAEA;AACA;AACA;AACA;AACO,SAASC,iBAAiBA,CAAClB,KAAgC,EAAiB;EACjF,IAAIA,KAAK,KAAK,IAAI,IAAIA,KAAK,CAACgB,eAAe,KAAK,IAAI,EAAE;IACpD,OAAO,IAAI;EACb;EACA,MAAMA,eAAe,GAAGhB,KAAK,CAACgB,eAAe;EAC7C,MAAMG,aAAa,GAAGnB,KAAK,CAACM,QAAQ,CAACc,IAAI,CAAEZ,OAAO,IAAKA,OAAO,CAACM,SAAS,KAAKE,eAAe,CAAC;EAC7F,OAAOG,aAAa,EAAEV,SAAS,IAAI,IAAI;AACzC;;AAEA;AACA;AACA;AACA;AACA;AACO,SAASY,YAAYA,CAC1BrB,KAAgC,EAChCC,SAA4B,EACf;EACb,IAAID,KAAK,KAAK,IAAI,IAAIA,KAAK,CAACgB,eAAe,KAAK,IAAI,EAAE;IACpD,OAAO,IAAI;EACb;EACA,OAAOf,SAAS,CAACqB,GAAG,CAACtB,KAAK,CAACgB,eAAe,CAAC,IAAI,IAAI;AACrD;;AAEA;AACA;AACA;AACA;AACO,SAASO,YAAYA,CAACvB,KAAgC,EAAY;EACvE,IAAIA,KAAK,KAAK,IAAI,EAAE;IAClB,OAAO,EAAE;EACX;EACA,OAAOA,KAAK,CAACM,QAAQ,CAACC,GAAG,CAAEC,OAAO,IAAKA,OAAO,CAACM,SAAS,CAAC;AAC3D","ignoreList":[]}
@@ -1,30 +0,0 @@
1
- "use strict";
2
-
3
- Object.defineProperty(exports, "__esModule", {
4
- value: true
5
- });
6
- exports.createSessionClientHost = createSessionClientHost;
7
- /**
8
- * Thin `SessionClientHost` adapter over an `OxyServices` instance.
9
- *
10
- * `SessionClient` (in `@oxyhq/core`) is host-agnostic: it only needs a REST +
11
- * token surface. `OxyServices` already exposes all of that except
12
- * `getCurrentAccountId`, which has no direct equivalent — the adapter holds a
13
- * mutable ref set by the caller (`OxyContext`, in Fase 3-B) via
14
- * `setCurrentAccountId`.
15
- */
16
- function createSessionClientHost(oxyServices) {
17
- let currentAccountId = null;
18
- return {
19
- makeRequest: (method, url, data, options) => oxyServices.makeRequest(method, url, data, options),
20
- getBaseURL: () => oxyServices.getBaseURL(),
21
- getAccessToken: () => oxyServices.getAccessToken(),
22
- onTokensChanged: listener => oxyServices.onTokensChanged(listener),
23
- setTokens: accessToken => oxyServices.setTokens(accessToken),
24
- getCurrentAccountId: () => currentAccountId,
25
- setCurrentAccountId: id => {
26
- currentAccountId = id;
27
- }
28
- };
29
- }
30
- //# sourceMappingURL=sessionClientHost.js.map
@@ -1 +0,0 @@
1
- {"version":3,"names":["createSessionClientHost","oxyServices","currentAccountId","makeRequest","method","url","data","options","getBaseURL","getAccessToken","onTokensChanged","listener","setTokens","accessToken","getCurrentAccountId","setCurrentAccountId","id"],"sourceRoot":"../../../../src","sources":["ui/session/sessionClientHost.ts"],"mappings":";;;;;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASA,uBAAuBA,CACrCC,WAAwB,EAC8C;EACtE,IAAIC,gBAA+B,GAAG,IAAI;EAC1C,OAAO;IACLC,WAAW,EAAEA,CAACC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,OAAO,KAAKN,WAAW,CAACE,WAAW,CAACC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,OAAO,CAAC;IAChGC,UAAU,EAAEA,CAAA,KAAMP,WAAW,CAACO,UAAU,CAAC,CAAC;IAC1CC,cAAc,EAAEA,CAAA,KAAMR,WAAW,CAACQ,cAAc,CAAC,CAAC;IAClDC,eAAe,EAAGC,QAAQ,IAAKV,WAAW,CAACS,eAAe,CAACC,QAAQ,CAAC;IACpEC,SAAS,EAAGC,WAAW,IAAKZ,WAAW,CAACW,SAAS,CAACC,WAAW,CAAC;IAC9DC,mBAAmB,EAAEA,CAAA,KAAMZ,gBAAgB;IAC3Ca,mBAAmB,EAAGC,EAAE,IAAK;MAC3Bd,gBAAgB,GAAGc,EAAE;IACvB;EACF,CAAC;AACH","ignoreList":[]}
@@ -1,142 +0,0 @@
1
- "use strict";
2
-
3
- Object.defineProperty(exports, "__esModule", {
4
- value: true
5
- });
6
- exports.clearSignedOut = clearSignedOut;
7
- exports.clearSsoBounceState = clearSsoBounceState;
8
- exports.isSilentRestoreSuppressed = isSilentRestoreSuppressed;
9
- exports.markSignedOut = markSignedOut;
10
- exports.readActiveAuthuser = readActiveAuthuser;
11
- var _core = require("@oxyhq/core");
12
- /**
13
- * Web-only helpers around the retired `oxy_rt_${authuser}` multi-slot
14
- * refresh-cookie scheme, PLUS the (unrelated, still load-bearing) deliberate
15
- * sign-out / SSO-bounce gates.
16
- *
17
- * NOTE (session-sync cutover, Task 5): the device account SET is now
18
- * server-authoritative via `SessionClient` (`@oxyhq/core`) — nothing in
19
- * `@oxyhq/services` writes the persisted active-`authuser`-slot key anymore
20
- * (`writeActiveAuthuser`/`clearActiveAuthuser` were deleted; their only
21
- * callers were the deleted `establishDeviceRefreshSlot` sign-in registration
22
- * and the deleted `switchToAccount`/`switchSession` slot bookkeeping).
23
- * {@link readActiveAuthuser} is KEPT purely as an OPTIONAL restore hint:
24
- * `OxyContext`'s `restoreStoredSession` cold-boot step reads it only to
25
- * backfill `clientSession.authuser` for the active session when a legacy value
26
- * happens to be present. It NO LONGER gates whether restore is attempted — the
27
- * old guard that also required this marker made every web reload with a lapsed
28
- * local bearer bail before any network validation (P0), and was replaced by a
29
- * "bail only when there is nothing to restore" guard plus a valid-session
30
- * election. Since nothing writes the key anymore, the backfill is dormant on
31
- * fresh installs; it stays for legacy installs and costs nothing.
32
- *
33
- * Native (React Native) has no equivalent of these device-local cookies
34
- * and uses bearer-protected session ids directly, so these helpers no-op
35
- * outside the browser.
36
- */
37
-
38
- const ACTIVE_AUTHUSER_KEY = 'oxy_active_authuser';
39
- function hasLocalStorage() {
40
- return typeof window !== 'undefined' && typeof window.localStorage !== 'undefined';
41
- }
42
- function getSessionStorage() {
43
- if (typeof window === 'undefined') return null;
44
- try {
45
- return window.sessionStorage ?? null;
46
- } catch {
47
- return null;
48
- }
49
- }
50
-
51
- /**
52
- * Read the persisted active `authuser` slot index.
53
- *
54
- * Returns `null` on native, on a corrupted value, or when nothing has been
55
- * persisted yet (first visit). Callers treat `null` as "no preference" and
56
- * fall back to deterministic selection (lowest authuser).
57
- */
58
- function readActiveAuthuser() {
59
- if (!hasLocalStorage()) {
60
- return null;
61
- }
62
- try {
63
- const raw = window.localStorage.getItem(ACTIVE_AUTHUSER_KEY);
64
- if (raw === null) return null;
65
- const parsed = Number.parseInt(raw, 10);
66
- if (!Number.isFinite(parsed) || parsed < 0) return null;
67
- return parsed;
68
- } catch {
69
- return null;
70
- }
71
- }
72
-
73
- /**
74
- * Mark this origin as DELIBERATELY signed out (durable `localStorage`, via the
75
- * core {@link ssoSignedOutKey}). Called ONLY on EXPLICIT full sign-out so that
76
- * the next cold boot does NOT silently re-mint a session from a still-live IdP
77
- * session (the per-apex `/auth/silent` iframe cold-boot step). Cleared by any
78
- * deliberate sign-in (see {@link clearSignedOut}). No-ops on native / storage
79
- * failure (best-effort).
80
- */
81
- function markSignedOut() {
82
- if (!hasLocalStorage()) return;
83
- try {
84
- window.localStorage.setItem((0, _core.ssoSignedOutKey)(window.location.origin), '1');
85
- } catch {
86
- // Best-effort; swallow QuotaExceededError / SecurityError (private mode).
87
- }
88
- }
89
-
90
- /**
91
- * Clear the durable deliberately-signed-out flag. Called on ANY deliberate
92
- * sign-in (password, account switch, device claim) so a real sign-in
93
- * fully re-enables automatic silent restore — there is no "stuck signed out"
94
- * state. No-ops on native / storage failure.
95
- */
96
- function clearSignedOut() {
97
- if (!hasLocalStorage()) return;
98
- try {
99
- window.localStorage.removeItem((0, _core.ssoSignedOutKey)(window.location.origin));
100
- } catch {
101
- // Best-effort.
102
- }
103
- }
104
-
105
- /**
106
- * Whether AUTOMATIC silent restore is suppressed for the current origin because
107
- * the user deliberately signed out. Reads the durable flag through the core
108
- * {@link silentRestoreSuppressed} predicate. Returns `false` off-web and on any
109
- * storage failure (fail safe toward normal restore). Used to gate the
110
- * `silent-iframe` cold-boot step.
111
- */
112
- function isSilentRestoreSuppressed() {
113
- // Unlike its try/catch-wrapped siblings this reads `window.location.origin`
114
- // directly, so guard it: an RN polyfill can expose `localStorage` without a
115
- // `location`, which would throw here. Fail safe toward normal restore.
116
- if (!hasLocalStorage() || typeof window.location === 'undefined') return false;
117
- return (0, _core.silentRestoreSuppressed)(window.localStorage, window.location.origin);
118
- }
119
-
120
- /**
121
- * Clear all per-origin SSO bounce sessionStorage keys. Called ONLY on EXPLICIT
122
- * user sign-out (logout / logoutAll) — never on a cold-boot failure path — so a
123
- * fresh deliberate sign-in can re-probe the central IdP. Clearing on cold-boot
124
- * failure would reintroduce the redirect loop.
125
- *
126
- * No-ops on native and on any storage failure (best-effort).
127
- */
128
- function clearSsoBounceState() {
129
- const storage = getSessionStorage();
130
- if (!storage) return;
131
- try {
132
- const origin = window.location.origin;
133
- storage.removeItem((0, _core.ssoAttemptedKey)(origin));
134
- storage.removeItem((0, _core.ssoNoSessionKey)(origin));
135
- storage.removeItem((0, _core.ssoGuardKey)(origin));
136
- storage.removeItem((0, _core.ssoStateKey)(origin));
137
- storage.removeItem((0, _core.ssoDestKey)(origin));
138
- } catch {
139
- // Best-effort; swallow SecurityError (e.g. Safari private mode).
140
- }
141
- }
142
- //# sourceMappingURL=activeAuthuser.js.map
@@ -1 +0,0 @@
1
- {"version":3,"names":["_core","require","ACTIVE_AUTHUSER_KEY","hasLocalStorage","window","localStorage","getSessionStorage","sessionStorage","readActiveAuthuser","raw","getItem","parsed","Number","parseInt","isFinite","markSignedOut","setItem","ssoSignedOutKey","location","origin","clearSignedOut","removeItem","isSilentRestoreSuppressed","silentRestoreSuppressed","clearSsoBounceState","storage","ssoAttemptedKey","ssoNoSessionKey","ssoGuardKey","ssoStateKey","ssoDestKey"],"sourceRoot":"../../../../src","sources":["ui/utils/activeAuthuser.ts"],"mappings":";;;;;;;;;;AA0BA,IAAAA,KAAA,GAAAC,OAAA;AA1BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAYA,MAAMC,mBAAmB,GAAG,qBAAqB;AAEjD,SAASC,eAAeA,CAAA,EAAY;EAClC,OAAO,OAAOC,MAAM,KAAK,WAAW,IAAI,OAAOA,MAAM,CAACC,YAAY,KAAK,WAAW;AACpF;AAEA,SAASC,iBAAiBA,CAAA,EAAmB;EAC3C,IAAI,OAAOF,MAAM,KAAK,WAAW,EAAE,OAAO,IAAI;EAC9C,IAAI;IACF,OAAOA,MAAM,CAACG,cAAc,IAAI,IAAI;EACtC,CAAC,CAAC,MAAM;IACN,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,kBAAkBA,CAAA,EAAkB;EAClD,IAAI,CAACL,eAAe,CAAC,CAAC,EAAE;IACtB,OAAO,IAAI;EACb;EACA,IAAI;IACF,MAAMM,GAAG,GAAGL,MAAM,CAACC,YAAY,CAACK,OAAO,CAACR,mBAAmB,CAAC;IAC5D,IAAIO,GAAG,KAAK,IAAI,EAAE,OAAO,IAAI;IAC7B,MAAME,MAAM,GAAGC,MAAM,CAACC,QAAQ,CAACJ,GAAG,EAAE,EAAE,CAAC;IACvC,IAAI,CAACG,MAAM,CAACE,QAAQ,CAACH,MAAM,CAAC,IAAIA,MAAM,GAAG,CAAC,EAAE,OAAO,IAAI;IACvD,OAAOA,MAAM;EACf,CAAC,CAAC,MAAM;IACN,OAAO,IAAI;EACb;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASI,aAAaA,CAAA,EAAS;EACpC,IAAI,CAACZ,eAAe,CAAC,CAAC,EAAE;EACxB,IAAI;IACFC,MAAM,CAACC,YAAY,CAACW,OAAO,CAAC,IAAAC,qBAAe,EAACb,MAAM,CAACc,QAAQ,CAACC,MAAM,CAAC,EAAE,GAAG,CAAC;EAC3E,CAAC,CAAC,MAAM;IACN;EAAA;AAEJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,cAAcA,CAAA,EAAS;EACrC,IAAI,CAACjB,eAAe,CAAC,CAAC,EAAE;EACxB,IAAI;IACFC,MAAM,CAACC,YAAY,CAACgB,UAAU,CAAC,IAAAJ,qBAAe,EAACb,MAAM,CAACc,QAAQ,CAACC,MAAM,CAAC,CAAC;EACzE,CAAC,CAAC,MAAM;IACN;EAAA;AAEJ;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASG,yBAAyBA,CAAA,EAAY;EACnD;EACA;EACA;EACA,IAAI,CAACnB,eAAe,CAAC,CAAC,IAAI,OAAOC,MAAM,CAACc,QAAQ,KAAK,WAAW,EAAE,OAAO,KAAK;EAC9E,OAAO,IAAAK,6BAAuB,EAACnB,MAAM,CAACC,YAAY,EAAED,MAAM,CAACc,QAAQ,CAACC,MAAM,CAAC;AAC7E;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASK,mBAAmBA,CAAA,EAAS;EAC1C,MAAMC,OAAO,GAAGnB,iBAAiB,CAAC,CAAC;EACnC,IAAI,CAACmB,OAAO,EAAE;EACd,IAAI;IACF,MAAMN,MAAM,GAAGf,MAAM,CAACc,QAAQ,CAACC,MAAM;IACrCM,OAAO,CAACJ,UAAU,CAAC,IAAAK,qBAAe,EAACP,MAAM,CAAC,CAAC;IAC3CM,OAAO,CAACJ,UAAU,CAAC,IAAAM,qBAAe,EAACR,MAAM,CAAC,CAAC;IAC3CM,OAAO,CAACJ,UAAU,CAAC,IAAAO,iBAAW,EAACT,MAAM,CAAC,CAAC;IACvCM,OAAO,CAACJ,UAAU,CAAC,IAAAQ,iBAAW,EAACV,MAAM,CAAC,CAAC;IACvCM,OAAO,CAACJ,UAAU,CAAC,IAAAS,gBAAU,EAACX,MAAM,CAAC,CAAC;EACxC,CAAC,CAAC,MAAM;IACN;EAAA;AAEJ","ignoreList":[]}
@@ -1,74 +0,0 @@
1
- "use strict";
2
-
3
- Object.defineProperty(exports, "__esModule", {
4
- value: true
5
- });
6
- exports.CrossApexDirectSignInError = void 0;
7
- exports.isCrossApexWeb = isCrossApexWeb;
8
- var _core = require("@oxyhq/core");
9
- /**
10
- * Cross-apex web detection for sign-in durability gating.
11
- *
12
- * On a web Relying Party whose registrable apex differs from the central Oxy
13
- * Identity Provider apex (`oxy.so`), the ONLY sign-in completion that survives a
14
- * page reload is the interactive "Continue with Oxy" IdP flow, because it is the
15
- * only one that establishes a first-party `fedcm_session` cookie at
16
- * `auth.<apex>` — the anchor the cross-domain cold-boot restore reads on reload.
17
- *
18
- * The other sign-in completions the SDK can drive do NOT plant a `fedcm_session`:
19
- * - password / public-key sign-in mints a bearer directly against the Oxy API
20
- * (its refresh cookie is host-scoped to `api.oxy.so` and `SameSite=Lax`, so
21
- * it is unreachable cross-site from the RP), and
22
- * - the Commons-app device-flow handoff (cross-device QR / same-device
23
- * deep-link) is approved OUTSIDE the browser, so no IdP browser session is
24
- * established.
25
- * On a cross-apex RP each of these leaves the user signed in for the current
26
- * page only — a reload logs them out. See OxyHQServices AGENTS.md
27
- * "Auth / Session Contract".
28
- *
29
- * Same-apex `*.oxy.so` apps (e.g. `accounts.oxy.so`) are first-party with
30
- * `api.oxy.so`: their refresh cookie rides same-site requests so reload restore
31
- * works without `fedcm_session`, and they are therefore NOT gated.
32
- *
33
- * Returns `false` off-browser (React Native has no `window.location`) and for
34
- * hosts without a registrable apex (localhost / raw IP / single-label dev
35
- * hosts), so native and local development keep every sign-in method.
36
- */
37
-
38
- /**
39
- * Whether the given host is a web RP on a registrable apex other than the
40
- * central Oxy IdP apex (`oxy.so`). See the module doc for why this gates the
41
- * non-durable sign-in paths.
42
- *
43
- * @param hostname - The host to classify. Defaults to the current
44
- * `window.location.hostname`; resolves to `undefined` off-browser (React
45
- * Native / SSR), which yields `false`. The explicit parameter mirrors
46
- * `autoDetectAuthWebUrl(location?)` and keeps the predicate unit-testable
47
- * without manipulating the global `window.location`.
48
- */
49
- function isCrossApexWeb(hostname = typeof window !== 'undefined' ? window.location?.hostname : undefined) {
50
- if (!hostname) {
51
- return false;
52
- }
53
- const apex = (0, _core.registrableApex)(hostname);
54
- return apex !== null && apex !== _core.CENTRAL_IDP_APEX;
55
- }
56
-
57
- /**
58
- * Thrown when an app attempts a direct (non-IdP) sign-in — password or
59
- * public-key — on a cross-apex web RP, where such a sign-in would not survive a
60
- * page reload because no `fedcm_session` is established (see {@link isCrossApexWeb}).
61
- *
62
- * Apps on a cross-apex apex must sign in through the interactive
63
- * "Continue with Oxy" IdP flow (`OxySignInButton` / `showSignInModal()`), which
64
- * plants the durable session.
65
- */
66
- class CrossApexDirectSignInError extends Error {
67
- name = 'CrossApexDirectSignInError';
68
- code = 'CROSS_APEX_DIRECT_SIGN_IN_UNSUPPORTED';
69
- constructor() {
70
- super('Direct sign-in is unavailable on this domain because the session would ' + 'not survive a page reload. Use "Continue with Oxy" to sign in through ' + 'the Oxy identity provider.');
71
- }
72
- }
73
- exports.CrossApexDirectSignInError = CrossApexDirectSignInError;
74
- //# sourceMappingURL=crossApex.js.map
@@ -1 +0,0 @@
1
- {"version":3,"names":["_core","require","isCrossApexWeb","hostname","window","location","undefined","apex","registrableApex","CENTRAL_IDP_APEX","CrossApexDirectSignInError","Error","name","code","constructor","exports"],"sourceRoot":"../../../src","sources":["utils/crossApex.ts"],"mappings":";;;;;;;AA6BA,IAAAA,KAAA,GAAAC,OAAA;AA7BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAASC,cAAcA,CAC5BC,QAA4B,GAAG,OAAOC,MAAM,KAAK,WAAW,GACxDA,MAAM,CAACC,QAAQ,EAAEF,QAAQ,GACzBG,SAAS,EACJ;EACT,IAAI,CAACH,QAAQ,EAAE;IACb,OAAO,KAAK;EACd;EACA,MAAMI,IAAI,GAAG,IAAAC,qBAAe,EAACL,QAAQ,CAAC;EACtC,OAAOI,IAAI,KAAK,IAAI,IAAIA,IAAI,KAAKE,sBAAgB;AACnD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,0BAA0B,SAASC,KAAK,CAAC;EAClCC,IAAI,GAAG,4BAA4B;EAC5CC,IAAI,GAAG,uCAAuC;EAEvDC,WAAWA,CAAA,EAAG;IACZ,KAAK,CACH,yEAAyE,GACvE,wEAAwE,GACxE,4BACJ,CAAC;EACH;AACF;AAACC,OAAA,CAAAL,0BAAA,GAAAA,0BAAA","ignoreList":[]}
@@ -1,238 +0,0 @@
1
- "use strict";
2
-
3
- /**
4
- * In-session access-token refresh for the React Native / Expo SDK.
5
- *
6
- * THE GAP THIS CLOSES: the services `OxyContext` owns the session but never
7
- * installed an `authRefreshHandler` on the owner `HttpService`, so
8
- * `HttpService.refreshAccessToken` short-circuited to `null` — there was NO
9
- * in-session token refresh on the RN path at all. A 15-minute access token
10
- * expired with the tab/app open and nothing re-minted one; cross-apex RP feeds
11
- * (mention.earth, …) then 401'd in a loop while `isAuthenticated` stayed `true`
12
- * (a zombie logged-in state), because the `Domain=oxy.so` refresh cookie can't
13
- * reach `api.<apex>`. (`AuthManager`, which installs a refresh handler on the
14
- * web path, is only ever constructed by `WebOxyProvider` in `@oxyhq/auth`.)
15
- *
16
- * THE FIX, two cooperating pieces both wired from `OxyContext`:
17
- *
18
- * 1. {@link createInSessionRefreshHandler} — an `AuthRefreshHandler` installed
19
- * on the owner client. It re-mints a fresh access token WITHOUT a page
20
- * reload by composing the SAME silent-restore primitive cold boot uses
21
- * ({@link mintSessionViaPerApexIframe}) — not a copy. The linked client
22
- * (`createLinkedClient`) inherits the fix for free: its refresh delegates
23
- * back to the owner's `refreshAccessToken`.
24
- *
25
- * 2. {@link startTokenRefreshScheduler} — a proactive scheduler that refreshes
26
- * ~{@link TOKEN_REFRESH_LEAD_MS} before expiry (and on web tab-focus / native
27
- * app-foreground), so the common case never even reaches the reactive
28
- * 401-then-recover flash.
29
- *
30
- * Concurrency/cooldown/dedup are owned by `HttpService.refreshAccessToken`
31
- * (single in-flight `tokenRefreshPromise` + cooldown) — this module does not
32
- * reimplement them, so the timer / foreground / per-request triggers collapse to
33
- * one network attempt (no refresh storm).
34
- *
35
- * NOTE (session-sync cutover, Task 5): the web arm chain used to fall through
36
- * to a same-apex `oxy_rt` refresh-cookie arm (`refreshAllSessions` +
37
- * `selectActiveRefreshAccount`). That arm is DELETED — the device account set
38
- * is now server-authoritative via `SessionClient` (`@oxyhq/core`), which
39
- * `OxyContext` bootstraps/reprojects independently of in-session token
40
- * refresh. `selectActiveRefreshAccount` had no other caller and was deleted
41
- * with it.
42
- */
43
-
44
- import { logger as loggerUtil } from '@oxyhq/core';
45
- import { AppState } from 'react-native';
46
- import { isWebBrowser } from "../hooks/useWebSSO.js";
47
- import { mintSessionViaPerApexIframe } from "./silentSessionRestore.js";
48
-
49
- /**
50
- * Per-arm fail-fast budget (ms) for the web first-party `/auth/silent` iframe
51
- * arm. Slightly more generous than the cold-boot iframe budget (2.5s) because an
52
- * in-session refresh is NOT in the first-paint critical path — a couple hundred
53
- * ms of extra headroom for the same-origin handshake is worth a higher success
54
- * rate. `silentSignIn` still fail-fasts on `iframe.onerror`, so a hard failure
55
- * returns well before this.
56
- */
57
- const SILENT_IFRAME_REFRESH_TIMEOUT = 4000;
58
-
59
- /**
60
- * Lead time (ms) before access-token expiry at which the proactive scheduler
61
- * refreshes. Mirrors `HttpService`'s per-request `TOKEN_REFRESH_LEAD_SECONDS`
62
- * (60s) so the scheduled refresh and the request-time preflight refresh use the
63
- * same window — the scheduler simply fires it during idle/background instead of
64
- * waiting for the next request.
65
- */
66
- export const TOKEN_REFRESH_LEAD_MS = 60_000;
67
-
68
- /**
69
- * A single refresh arm: attempts one silent-restore mechanism and resolves to
70
- * the freshly planted access token, or `null` to fall through to the next arm.
71
- */
72
-
73
- /**
74
- * Build the in-session `AuthRefreshHandler` for the owner client.
75
- *
76
- * Arms run in an explicit order; the first to plant a token wins. Each arm
77
- * resolves to the planted token (read back via `getAccessToken()` — the
78
- * underlying SDK call plants it internally) or `null`. A throw in one arm is
79
- * logged and treated as `null` so the chain continues.
80
- *
81
- * NATIVE (Expo): shared cross-app identity key re-mint
82
- * (`signInWithSharedIdentity` → challenge→sign→verify plants the tokens).
83
- * The ONLY silent native arm (mirrors cold boot's `shared-key-signin`); the
84
- * `/auth/silent` web iframe is NEVER attempted on native. Resolves to `null`
85
- * when the device holds no shared identity (e.g. a password-only native
86
- * sign-in) so a genuinely dead session reconciles to logged-out rather than
87
- * staying a zombie.
88
- *
89
- * WEB: Per-apex `/auth/silent` iframe — {@link mintSessionViaPerApexIframe}
90
- * (shared verbatim with cold boot). The durable cross-apex path; also
91
- * covers `*.oxy.so` (the per-apex host IS the central host there). There
92
- * is no FedCM arm — FedCM was removed from the client sign-in/refresh path
93
- * entirely (Chrome-only; see `CrossDomainAuth`'s doc comment in
94
- * `@oxyhq/core` for the production sign-in loop that motivated the
95
- * removal).
96
- *
97
- * NO RECURSION: no arm issues a request through the authed client's
98
- * `refreshAccessToken` path. The iframe transport is postMessage-based; the
99
- * follow-up `/session/user` fetch inside `silentSignIn`
100
- * runs against the just-planted FULL-TTL token (≫ the preflight lead), so it
101
- * never re-enters the refresh path.
102
- */
103
- export function createInSessionRefreshHandler(oxyServices) {
104
- const runArm = async (label, reason, arm) => {
105
- try {
106
- return await arm();
107
- } catch (error) {
108
- if (__DEV__) {
109
- loggerUtil.debug(`In-session refresh arm "${label}" failed (falling through)`, {
110
- component: 'inSessionTokenRefresh',
111
- method: 'authRefreshHandler',
112
- reason
113
- }, error);
114
- }
115
- return null;
116
- }
117
- };
118
- const webArms = [['silent-iframe', async () => (await mintSessionViaPerApexIframe(oxyServices, SILENT_IFRAME_REFRESH_TIMEOUT)) ? oxyServices.getAccessToken() : null]];
119
- return async reason => {
120
- if (!isWebBrowser()) {
121
- return runArm('native-shared-key', reason, async () => (await oxyServices.signInWithSharedIdentity?.()) ? oxyServices.getAccessToken() : null);
122
- }
123
- for (const [label, arm] of webArms) {
124
- const token = await runArm(label, reason, arm);
125
- if (token) {
126
- return token;
127
- }
128
- }
129
- return null;
130
- };
131
- }
132
-
133
- /**
134
- * Handle returned by {@link startTokenRefreshScheduler}; call `dispose()` to tear
135
- * down the timer and the foreground listener.
136
- */
137
-
138
- /**
139
- * Start the proactive in-session refresh scheduler against `oxyServices`.
140
- *
141
- * Schedules a single timer to fire {@link TOKEN_REFRESH_LEAD_MS} before the
142
- * current access token's `exp`, calling `httpService.refreshAccessToken`
143
- * ('preflight') — which runs the installed handler and is deduped + cooldown-
144
- * guarded. After every attempt it reschedules from the (possibly rotated) token.
145
- * It also reschedules whenever the token changes (`onTokensChanged` — so a
146
- * sign-out that clears the token cancels the timer) and, on web tab-focus /
147
- * native app-foreground, refreshes immediately if already inside the lead window
148
- * (a long-hidden tab throttles timers, so the token can be expired on return).
149
- *
150
- * The `exp` is derived directly from the JWT via `getAccessTokenExpiry()`. No-ops
151
- * cleanly when there is no token, an opaque/no-`exp` token, or the host lacks
152
- * `getAccessTokenExpiry` (older stubs) — the reactive 401 path stays the only
153
- * refresh trigger in those cases.
154
- */
155
- export function startTokenRefreshScheduler(oxyServices) {
156
- let disposed = false;
157
- let timer = null;
158
- const clearTimer = () => {
159
- if (timer !== null) {
160
- clearTimeout(timer);
161
- timer = null;
162
- }
163
- };
164
- const runRefresh = () => {
165
- // `refreshAccessToken` is deduped + cooldown-guarded internally, so this is
166
- // safe to call from the timer, the foreground listener, and request-time
167
- // preflight concurrently — they collapse to one network attempt.
168
- const refresh = oxyServices.httpService.refreshAccessToken?.('preflight');
169
- if (!refresh) {
170
- return;
171
- }
172
- void refresh.catch(() => null).finally(() => {
173
- if (!disposed) {
174
- schedule();
175
- }
176
- });
177
- };
178
- const schedule = () => {
179
- clearTimer();
180
- if (disposed || !oxyServices.getAccessToken()) {
181
- return;
182
- }
183
- const expSeconds = oxyServices.getAccessTokenExpiry?.() ?? null;
184
- if (expSeconds === null) {
185
- return;
186
- }
187
- const fireInMs = expSeconds * 1000 - Date.now() - TOKEN_REFRESH_LEAD_MS;
188
- timer = setTimeout(runRefresh, Math.max(fireInMs, 0));
189
- };
190
- const onForeground = () => {
191
- if (disposed || !oxyServices.getAccessToken()) {
192
- return;
193
- }
194
- const expSeconds = oxyServices.getAccessTokenExpiry?.() ?? null;
195
- if (expSeconds === null) {
196
- return;
197
- }
198
- const remainingMs = expSeconds * 1000 - Date.now();
199
- if (remainingMs <= TOKEN_REFRESH_LEAD_MS) {
200
- runRefresh();
201
- } else {
202
- schedule();
203
- }
204
- };
205
- const unsubscribeTokens = oxyServices.onTokensChanged(() => {
206
- if (!disposed) {
207
- schedule();
208
- }
209
- });
210
- let removeForeground = null;
211
- if (isWebBrowser() && typeof document !== 'undefined') {
212
- const handler = () => {
213
- if (document.visibilityState === 'visible') {
214
- onForeground();
215
- }
216
- };
217
- document.addEventListener('visibilitychange', handler);
218
- removeForeground = () => document.removeEventListener('visibilitychange', handler);
219
- } else if (!isWebBrowser() && AppState && typeof AppState.addEventListener === 'function') {
220
- const subscription = AppState.addEventListener('change', state => {
221
- if (state === 'active') {
222
- onForeground();
223
- }
224
- });
225
- removeForeground = () => subscription.remove();
226
- }
227
- schedule();
228
- return {
229
- dispose() {
230
- disposed = true;
231
- clearTimer();
232
- unsubscribeTokens();
233
- removeForeground?.();
234
- removeForeground = null;
235
- }
236
- };
237
- }
238
- //# sourceMappingURL=inSessionTokenRefresh.js.map
@@ -1 +0,0 @@
1
- {"version":3,"names":["logger","loggerUtil","AppState","isWebBrowser","mintSessionViaPerApexIframe","SILENT_IFRAME_REFRESH_TIMEOUT","TOKEN_REFRESH_LEAD_MS","createInSessionRefreshHandler","oxyServices","runArm","label","reason","arm","error","__DEV__","debug","component","method","webArms","getAccessToken","signInWithSharedIdentity","token","startTokenRefreshScheduler","disposed","timer","clearTimer","clearTimeout","runRefresh","refresh","httpService","refreshAccessToken","catch","finally","schedule","expSeconds","getAccessTokenExpiry","fireInMs","Date","now","setTimeout","Math","max","onForeground","remainingMs","unsubscribeTokens","onTokensChanged","removeForeground","document","handler","visibilityState","addEventListener","removeEventListener","subscription","state","remove","dispose"],"sourceRoot":"../../../../src","sources":["ui/context/inSessionTokenRefresh.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA,SAASA,MAAM,IAAIC,UAAU,QAAQ,aAAa;AAClD,SAASC,QAAQ,QAA6B,cAAc;AAC5D,SAASC,YAAY,QAAQ,uBAAoB;AACjD,SAASC,2BAA2B,QAAQ,2BAAwB;;AAEpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAMC,6BAA6B,GAAG,IAAI;;AAE1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,MAAMC,qBAAqB,GAAG,MAAM;;AAE3C;AACA;AACA;AACA;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,6BAA6BA,CAACC,WAAwB,EAAsB;EAC1F,MAAMC,MAAM,GAAG,MAAAA,CAAOC,KAAa,EAAEC,MAAyB,EAAEC,GAAe,KAA6B;IAC1G,IAAI;MACF,OAAO,MAAMA,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd,IAAIC,OAAO,EAAE;QACXb,UAAU,CAACc,KAAK,CACd,2BAA2BL,KAAK,4BAA4B,EAC5D;UAAEM,SAAS,EAAE,uBAAuB;UAAEC,MAAM,EAAE,oBAAoB;UAAEN;QAAO,CAAC,EAC5EE,KACF,CAAC;MACH;MACA,OAAO,IAAI;IACb;EACF,CAAC;EAED,MAAMK,OAAoC,GAAG,CAC3C,CAAC,eAAe,EAAE,YAChB,CAAC,MAAMd,2BAA2B,CAACI,WAAW,EAAEH,6BAA6B,CAAC,IAC1EG,WAAW,CAACW,cAAc,CAAC,CAAC,GAC5B,IAAI,CACT,CACF;EAED,OAAO,MAAOR,MAAyB,IAA6B;IAClE,IAAI,CAACR,YAAY,CAAC,CAAC,EAAE;MACnB,OAAOM,MAAM,CAAC,mBAAmB,EAAEE,MAAM,EAAE,YACzC,CAAC,MAAMH,WAAW,CAACY,wBAAwB,GAAG,CAAC,IAAIZ,WAAW,CAACW,cAAc,CAAC,CAAC,GAAG,IACpF,CAAC;IACH;IAEA,KAAK,MAAM,CAACT,KAAK,EAAEE,GAAG,CAAC,IAAIM,OAAO,EAAE;MAClC,MAAMG,KAAK,GAAG,MAAMZ,MAAM,CAACC,KAAK,EAAEC,MAAM,EAAEC,GAAG,CAAC;MAC9C,IAAIS,KAAK,EAAE;QACT,OAAOA,KAAK;MACd;IACF;IACA,OAAO,IAAI;EACb,CAAC;AACH;;AAEA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO,SAASC,0BAA0BA,CAACd,WAAwB,EAA+B;EAChG,IAAIe,QAAQ,GAAG,KAAK;EACpB,IAAIC,KAA2C,GAAG,IAAI;EAEtD,MAAMC,UAAU,GAAGA,CAAA,KAAY;IAC7B,IAAID,KAAK,KAAK,IAAI,EAAE;MAClBE,YAAY,CAACF,KAAK,CAAC;MACnBA,KAAK,GAAG,IAAI;IACd;EACF,CAAC;EAED,MAAMG,UAAU,GAAGA,CAAA,KAAY;IAC7B;IACA;IACA;IACA,MAAMC,OAAO,GAAGpB,WAAW,CAACqB,WAAW,CAACC,kBAAkB,GAAG,WAAW,CAAC;IACzE,IAAI,CAACF,OAAO,EAAE;MACZ;IACF;IACA,KAAKA,OAAO,CACTG,KAAK,CAAC,MAAM,IAAI,CAAC,CACjBC,OAAO,CAAC,MAAM;MACb,IAAI,CAACT,QAAQ,EAAE;QACbU,QAAQ,CAAC,CAAC;MACZ;IACF,CAAC,CAAC;EACN,CAAC;EAED,MAAMA,QAAQ,GAAGA,CAAA,KAAY;IAC3BR,UAAU,CAAC,CAAC;IACZ,IAAIF,QAAQ,IAAI,CAACf,WAAW,CAACW,cAAc,CAAC,CAAC,EAAE;MAC7C;IACF;IACA,MAAMe,UAAU,GAAG1B,WAAW,CAAC2B,oBAAoB,GAAG,CAAC,IAAI,IAAI;IAC/D,IAAID,UAAU,KAAK,IAAI,EAAE;MACvB;IACF;IACA,MAAME,QAAQ,GAAGF,UAAU,GAAG,IAAI,GAAGG,IAAI,CAACC,GAAG,CAAC,CAAC,GAAGhC,qBAAqB;IACvEkB,KAAK,GAAGe,UAAU,CAACZ,UAAU,EAAEa,IAAI,CAACC,GAAG,CAACL,QAAQ,EAAE,CAAC,CAAC,CAAC;EACvD,CAAC;EAED,MAAMM,YAAY,GAAGA,CAAA,KAAY;IAC/B,IAAInB,QAAQ,IAAI,CAACf,WAAW,CAACW,cAAc,CAAC,CAAC,EAAE;MAC7C;IACF;IACA,MAAMe,UAAU,GAAG1B,WAAW,CAAC2B,oBAAoB,GAAG,CAAC,IAAI,IAAI;IAC/D,IAAID,UAAU,KAAK,IAAI,EAAE;MACvB;IACF;IACA,MAAMS,WAAW,GAAGT,UAAU,GAAG,IAAI,GAAGG,IAAI,CAACC,GAAG,CAAC,CAAC;IAClD,IAAIK,WAAW,IAAIrC,qBAAqB,EAAE;MACxCqB,UAAU,CAAC,CAAC;IACd,CAAC,MAAM;MACLM,QAAQ,CAAC,CAAC;IACZ;EACF,CAAC;EAED,MAAMW,iBAAiB,GAAGpC,WAAW,CAACqC,eAAe,CAAC,MAAM;IAC1D,IAAI,CAACtB,QAAQ,EAAE;MACbU,QAAQ,CAAC,CAAC;IACZ;EACF,CAAC,CAAC;EAEF,IAAIa,gBAAqC,GAAG,IAAI;EAChD,IAAI3C,YAAY,CAAC,CAAC,IAAI,OAAO4C,QAAQ,KAAK,WAAW,EAAE;IACrD,MAAMC,OAAO,GAAGA,CAAA,KAAY;MAC1B,IAAID,QAAQ,CAACE,eAAe,KAAK,SAAS,EAAE;QAC1CP,YAAY,CAAC,CAAC;MAChB;IACF,CAAC;IACDK,QAAQ,CAACG,gBAAgB,CAAC,kBAAkB,EAAEF,OAAO,CAAC;IACtDF,gBAAgB,GAAGA,CAAA,KAAMC,QAAQ,CAACI,mBAAmB,CAAC,kBAAkB,EAAEH,OAAO,CAAC;EACpF,CAAC,MAAM,IAAI,CAAC7C,YAAY,CAAC,CAAC,IAAID,QAAQ,IAAI,OAAOA,QAAQ,CAACgD,gBAAgB,KAAK,UAAU,EAAE;IACzF,MAAME,YAAY,GAAGlD,QAAQ,CAACgD,gBAAgB,CAAC,QAAQ,EAAGG,KAAqB,IAAK;MAClF,IAAIA,KAAK,KAAK,QAAQ,EAAE;QACtBX,YAAY,CAAC,CAAC;MAChB;IACF,CAAC,CAAC;IACFI,gBAAgB,GAAGA,CAAA,KAAMM,YAAY,CAACE,MAAM,CAAC,CAAC;EAChD;EAEArB,QAAQ,CAAC,CAAC;EAEV,OAAO;IACLsB,OAAOA,CAAA,EAAS;MACdhC,QAAQ,GAAG,IAAI;MACfE,UAAU,CAAC,CAAC;MACZmB,iBAAiB,CAAC,CAAC;MACnBE,gBAAgB,GAAG,CAAC;MACpBA,gBAAgB,GAAG,IAAI;IACzB;EACF,CAAC;AACH","ignoreList":[]}