@oxyhq/services 5.15.9 → 5.16.0

package/src/i18n/locales/fr-FR.json

@@ -46,14 +46,6 @@
     "status": {
       "accountSwitched": "Utilisation de {{name}}"
     },
-    "totp": {
-      "title": "Code à deux facteurs",
-      "subtitle": "Entrez le code à 6 chiffres de votre application d'authentification pour @{{username}}",
-      "invalidCode": "Code invalide. Veuillez réessayer.",
-      "noAccess": "Pas d'accès à votre authentificateur ?",
-      "useBackupCode": "Utiliser le code de sauvegarde",
-      "useRecoveryKey": "Utiliser la clé de récupération"
-    }
   },
   "signup": {
     "welcome": {
@@ -98,7 +90,7 @@
         "password": "Mot de passe"
       },
       "notSet": "Non défini",
-      "securityTip": "Pour une sécurité renforcée, activez l'authentification à deux facteurs (TOTP) dans les paramètres du compte après avoir créé votre compte.",
+      "securityTip": "Pour une sécurité renforcée, activez l'authentification biométrique dans les paramètres du compte après avoir créé votre compte.",
       "legalReminder": "En créant un compte, vous acceptez nos Conditions d'utilisation et notre Politique de confidentialité."
     }
   },

package/src/i18n/locales/it-IT.json

@@ -46,14 +46,6 @@
     "status": {
       "accountSwitched": "Ora usando {{name}}"
     },
-    "totp": {
-      "title": "Codice a due fattori",
-      "subtitle": "Inserisci il codice a 6 cifre dalla tua app autenticatore per @{{username}}",
-      "invalidCode": "Codice non valido. Riprova.",
-      "noAccess": "Nessun accesso al tuo autenticatore?",
-      "useBackupCode": "Usa codice di backup",
-      "useRecoveryKey": "Usa chiave di recupero"
-    }
   },
   "signup": {
     "welcome": {
@@ -98,7 +90,7 @@
         "password": "Password"
       },
       "notSet": "Non impostato",
-      "securityTip": "Per una maggiore sicurezza, abilita l'autenticazione a due fattori (TOTP) dalle Impostazioni account dopo aver creato il tuo account.",
+      "securityTip": "Per una maggiore sicurezza, abilita l'autenticazione biometrica dalle Impostazioni account dopo aver creato il tuo account.",
       "legalReminder": "Creando un account, accetti i nostri Termini di servizio e l'Informativa sulla privacy."
     }
   },

package/src/i18n/locales/ja-JP.json

@@ -46,14 +46,6 @@
         "status": {
             "accountSwitched": "{{name}}を使用中"
         },
-        "totp": {
-            "title": "二要素認証コード",
-            "subtitle": "@{{username}}の認証アプリから6桁のコードを入力してください",
-            "invalidCode": "無効なコードです。もう一度お試しください。",
-            "noAccess": "認証アプリにアクセスできませんか？",
-            "useBackupCode": "バックアップコードを使用",
-            "useRecoveryKey": "回復キーを使用"
-        }
     },
     "signup": {
         "welcome": {
@@ -98,7 +90,7 @@
                 "password": "パスワード"
             },
             "notSet": "未設定",
-            "securityTip": "より強力なセキュリティのため、アカウント作成後、アカウント設定から二要素認証（TOTP）を有効にしてください。",
+            "securityTip": "より強力なセキュリティのため、アカウント作成後、アカウント設定から生体認証を有効にしてください。",
             "legalReminder": "アカウントを作成することで、利用規約とプライバシーポリシーに同意したことになります。"
         }
     },

package/src/i18n/locales/ko-KR.json

@@ -46,14 +46,6 @@
     "status": {
       "accountSwitched": "{{name}} 사용 중"
     },
-    "totp": {
-      "title": "2단계 인증 코드",
-      "subtitle": "@{{username}}의 인증 앱에서 6자리 코드를 입력하세요",
-      "invalidCode": "잘못된 코드입니다. 다시 시도해주세요.",
-      "noAccess": "인증 앱에 액세스할 수 없나요?",
-      "useBackupCode": "백업 코드 사용",
-      "useRecoveryKey": "복구 키 사용"
-    }
   },
   "signup": {
     "welcome": {
@@ -98,7 +90,7 @@
         "password": "비밀번호"
       },
       "notSet": "설정되지 않음",
-      "securityTip": "더 강력한 보안을 위해 계정을 만든 후 계정 설정에서 2단계 인증(TOTP)을 활성화하세요.",
+      "securityTip": "더 강력한 보안을 위해 계정을 만든 후 계정 설정에서 생체 인증을 활성화하세요.",
       "legalReminder": "계정을 만들면 서비스 약관 및 개인정보 보호정책에 동의하는 것입니다."
     }
   },

package/src/i18n/locales/pt-PT.json

@@ -46,14 +46,6 @@
     "status": {
       "accountSwitched": "Agora a usar {{name}}"
     },
-    "totp": {
-      "title": "Código de dois fatores",
-      "subtitle": "Introduza o código de 6 dígitos da sua app autenticadora para @{{username}}",
-      "invalidCode": "Código inválido. Por favor, tente novamente.",
-      "noAccess": "Sem acesso ao seu autenticador?",
-      "useBackupCode": "Usar código de backup",
-      "useRecoveryKey": "Usar chave de recuperação"
-    }
   },
   "signup": {
     "welcome": {
@@ -98,7 +90,7 @@
         "password": "Palavra-passe"
       },
       "notSet": "Não definido",
-      "securityTip": "Para maior segurança, ative a Autenticação de Dois Fatores (TOTP) nas Definições da conta após criar a sua conta.",
+      "securityTip": "Para maior segurança, ative a autenticação biométrica nas Definições da conta após criar a sua conta.",
       "legalReminder": "Ao criar uma conta, concorda com os nossos Termos de Serviço e Política de Privacidade."
     }
   },

package/src/i18n/locales/zh-CN.json

@@ -46,14 +46,6 @@
     "status": {
       "accountSwitched": "正在使用{{name}}"
     },
-    "totp": {
-      "title": "双因素验证码",
-      "subtitle": "输入@{{username}}的验证器应用中的6位数字代码",
-      "invalidCode": "无效的代码。请重试。",
-      "noAccess": "无法访问您的验证器？",
-      "useBackupCode": "使用备份代码",
-      "useRecoveryKey": "使用恢复密钥"
-    }
   },
   "signup": {
     "welcome": {
@@ -98,7 +90,7 @@
         "password": "密码"
       },
       "notSet": "未设置",
-      "securityTip": "为了更强的安全性，创建账户后，请在账户设置中启用双因素身份验证（TOTP）。",
+      "securityTip": "为了更强的安全性，创建账户后，请在账户设置中启用生物识别身份验证。",
       "legalReminder": "创建账户即表示您同意我们的服务条款和隐私政策。"
     }
   },

package/src/models/interfaces.ts

@@ -30,7 +30,6 @@ export interface User {
   avatar?: string;
   // Privacy and security settings
   privacySettings?: {
-    twoFactorEnabled?: boolean;
     [key: string]: unknown;
   };
   name?: {
@@ -60,6 +59,7 @@ export interface User {
     followers?: number;
     following?: number;
   };
+  accountExpiresAfterInactivityDays?: number | null; // Days of inactivity before account expires (null = never expire)
   [key: string]: unknown;
 }
 

package/src/types/bip39.d.ts

@@ -29,3 +29,4 @@ declare module 'bip39' {
   export function mnemonicToSeedHexSync(mnemonic: string, passphrase?: string): string;
 }
 
+

package/src/types/buffer.d.ts

@@ -94,3 +94,4 @@ declare module 'buffer' {
 
   type BufferEncoding = 'ascii' | 'utf8' | 'utf-8' | 'utf16le' | 'ucs2' | 'ucs-2' | 'base64' | 'base64url' | 'latin1' | 'binary' | 'hex';
 }
+

package/src/types/color.d.ts

@@ -17,3 +17,4 @@ declare module 'color' {
   export default color;
 }
 
+

package/src/types/elliptic.d.ts

@@ -59,3 +59,4 @@ declare module 'elliptic' {
   export const ec: ECConstructor;
 }
 
+

package/src/types/expo-crypto.d.ts

@@ -27,3 +27,4 @@ declare module 'expo-crypto' {
   export function getRandomUUIDAsync(): Promise<string>;
 }
 
+

package/src/types/expo-secure-store.d.ts

@@ -19,3 +19,4 @@ declare module 'expo-secure-store' {
   export async function isAvailableAsync(): Promise<boolean>;
 }
 
+

package/src/ui/context/OxyContext.tsx

@@ -40,12 +40,20 @@ export interface OxyContextState {
   currentLanguageName: string;
   currentNativeLanguageName: string;
 
-  // Identity management (public key authentication)
-  createIdentity: (username: string, email?: string) => Promise<{ user: User; recoveryPhrase: string[] }>;
-  importIdentity: (phrase: string, username?: string, email?: string) => Promise<User>;
+  // Identity management (public key authentication - offline-first)
+  createIdentity: () => Promise<{ recoveryPhrase: string[]; synced: boolean }>;
+  importIdentity: (phrase: string) => Promise<{ synced: boolean }>;
   signIn: (deviceName?: string) => Promise<User>;
   hasIdentity: () => Promise<boolean>;
   getPublicKey: () => Promise<string | null>;
+  isIdentitySynced: () => Promise<boolean>;
+  syncIdentity: () => Promise<User>;
+
+  // Identity sync state (reactive, from Zustand store)
+  identitySyncState: {
+    isSynced: boolean;
+    isSyncing: boolean;
+  };
 
   // Session management
   logout: (targetSessionId?: string) => Promise<void>;
@@ -140,6 +148,11 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     loginSuccess,
     loginFailure,
     logoutStore,
+    // Identity sync state and actions
+    isIdentitySyncedStore,
+    isSyncing,
+    setIdentitySynced,
+    setSyncing,
   } = useAuthStore(
     useShallow((state: AuthState) => ({
       user: state.user,
@@ -149,6 +162,11 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
       loginSuccess: state.loginSuccess,
       loginFailure: state.loginFailure,
       logoutStore: state.logout,
+      // Identity sync state and actions
+      isIdentitySyncedStore: state.isIdentitySynced,
+      isSyncing: state.isSyncing,
+      setIdentitySynced: state.setIdentitySynced,
+      setSyncing: state.setSyncing,
     })),
   );
 
@@ -212,6 +230,8 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     logoutAll,
     hasIdentity,
     getPublicKey,
+    isIdentitySynced,
+    syncIdentity,
   } = useAuthOperations({
     oxyServices,
     storage,
@@ -229,6 +249,8 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     loginFailure,
     logoutStore,
     setAuthState,
+    setIdentitySynced,
+    setSyncing,
     logger,
   });
 
@@ -392,6 +414,12 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     signIn,
     hasIdentity,
     getPublicKey,
+    isIdentitySynced,
+    syncIdentity,
+    identitySyncState: {
+      isSynced: isIdentitySyncedStore ?? true,
+      isSyncing: isSyncing ?? false,
+    },
     logout,
     logoutAll,
     switchSession: switchSessionForContext,
@@ -411,6 +439,10 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     signIn,
     hasIdentity,
     getPublicKey,
+    isIdentitySynced,
+    syncIdentity,
+    isIdentitySyncedStore,
+    isSyncing,
     currentLanguage,
     currentLanguageMetadata,
     currentLanguageName,

package/src/ui/context/hooks/useAuthOperations.ts

@@ -26,14 +26,17 @@ export interface UseAuthOperationsOptions {
   loginFailure: (message: string) => void;
   logoutStore: () => void;
   setAuthState: (state: Partial<AuthState>) => void;
+  // Identity sync store actions
+  setIdentitySynced: (synced: boolean) => void;
+  setSyncing: (syncing: boolean) => void;
   logger?: (message: string, error?: unknown) => void;
 }
 
 export interface UseAuthOperationsResult {
-  /** Create a new identity and register with the server */
-  createIdentity: (username: string, email?: string) => Promise<{ user: User; recoveryPhrase: string[] }>;
+  /** Create a new identity locally (offline-first) and optionally sync with server */
+  createIdentity: () => Promise<{ recoveryPhrase: string[]; synced: boolean }>;
   /** Import an existing identity from recovery phrase */
-  importIdentity: (phrase: string, username?: string, email?: string) => Promise<User>;
+  importIdentity: (phrase: string) => Promise<{ synced: boolean }>;
   /** Sign in with existing identity on device */
   signIn: (deviceName?: string) => Promise<User>;
   /** Logout from current session */
@@ -44,6 +47,10 @@ export interface UseAuthOperationsResult {
   hasIdentity: () => Promise<boolean>;
   /** Get the public key of the stored identity */
   getPublicKey: () => Promise<string | null>;
+  /** Check if identity is synced with server */
+  isIdentitySynced: () => Promise<boolean>;
+  /** Sync local identity with server (when online) */
+  syncIdentity: () => Promise<User>;
 }
 
 const LOGIN_ERROR_CODE = 'LOGIN_ERROR';
@@ -71,103 +78,12 @@ export const useAuthOperations = ({
   loginSuccess,
   loginFailure,
   logoutStore,
-  setAuthState,
-  logger,
+    setAuthState,
+    setIdentitySynced,
+    setSyncing,
+    logger,
 }: UseAuthOperationsOptions): UseAuthOperationsResult => {
   
-  /**
-   * Create a new identity with recovery phrase
-   */
-  const createIdentity = useCallback(
-    async (username: string, email?: string): Promise<{ user: User; recoveryPhrase: string[] }> => {
-      if (!storage) throw new Error('Storage not initialized');
-
-      setAuthState({ isLoading: true, error: null });
-
-      try {
-        // Generate new identity with recovery phrase
-        const { phrase, words, publicKey } = await RecoveryPhraseService.generateIdentityWithRecovery();
-
-        // Create registration signature
-        const { signature, timestamp } = await SignatureService.createRegistrationSignature(username, email);
-
-        // Register with server
-        const { user } = await oxyServices.register(publicKey, username, signature, timestamp, email);
-
-        // Now sign in to create a session
-        const fullUser = await performSignIn(publicKey);
-
-        return {
-          user: fullUser,
-          recoveryPhrase: words,
-        };
-      } catch (error) {
-        // Clean up identity if registration failed
-        await KeyManager.deleteIdentity().catch(() => {});
-        
-        const message = handleAuthError(error, {
-          defaultMessage: 'Failed to create identity',
-          code: REGISTER_ERROR_CODE,
-          onError,
-          setAuthError: (msg) => setAuthState({ error: msg }),
-          logger,
-        });
-        loginFailure(message);
-        throw error;
-      } finally {
-        setAuthState({ isLoading: false });
-      }
-    },
-    [oxyServices, storage, setAuthState, loginFailure, onError, logger],
-  );
-
-  /**
-   * Import identity from recovery phrase
-   */
-  const importIdentity = useCallback(
-    async (phrase: string, username?: string, email?: string): Promise<User> => {
-      if (!storage) throw new Error('Storage not initialized');
-
-      setAuthState({ isLoading: true, error: null });
-
-      try {
-        // Restore identity from phrase
-        const publicKey = await RecoveryPhraseService.restoreFromPhrase(phrase);
-
-        // Check if this identity is already registered
-        const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
-
-        if (registered) {
-          // Identity exists, just sign in
-          return await performSignIn(publicKey);
-        } else {
-          // Need to register this identity
-          if (!username) {
-            throw new Error('Username is required for new registration');
-          }
-
-          const { signature, timestamp } = await SignatureService.createRegistrationSignature(username, email);
-          await oxyServices.register(publicKey, username, signature, timestamp, email);
-          
-          return await performSignIn(publicKey);
-        }
-      } catch (error) {
-        const message = handleAuthError(error, {
-          defaultMessage: 'Failed to import identity',
-          code: REGISTER_ERROR_CODE,
-          onError,
-          setAuthError: (msg) => setAuthState({ error: msg }),
-          logger,
-        });
-        loginFailure(message);
-        throw error;
-      } finally {
-        setAuthState({ isLoading: false });
-      }
-    },
-    [oxyServices, storage, setAuthState, loginFailure, onError, logger],
-  );
-
   /**
    * Internal function to perform challenge-response sign in
    */
@@ -181,6 +97,10 @@ export const useAuthOperations = ({
       // Request challenge
       const { challenge } = await oxyServices.requestChallenge(publicKey);
 
+      // Note: Biometric authentication check should be handled by the app layer
+      // (e.g., accounts app) before calling signIn. The biometric preference is stored
+      // in local storage as 'oxy_biometric_enabled' and can be checked there.
+
       // Sign the challenge
       const { challenge: signature, timestamp } = await SignatureService.signChallenge(challenge);
 
@@ -261,6 +181,198 @@ export const useAuthOperations = ({
     ],
   );
 
+  /**
+   * Create a new identity with recovery phrase (offline-first)
+   * Identity is purely cryptographic - no username or email required
+   */
+  const createIdentity = useCallback(
+    async (): Promise<{ recoveryPhrase: string[]; synced: boolean }> => {
+      if (!storage) throw new Error('Storage not initialized');
+
+      setAuthState({ isLoading: true, error: null });
+
+      try {
+        // Generate new identity with recovery phrase (works offline)
+        const { phrase, words, publicKey } = await RecoveryPhraseService.generateIdentityWithRecovery();
+
+        // Mark as not synced
+        await storage.setItem('oxy_identity_synced', 'false');
+        setIdentitySynced(false);
+
+        // Try to sync with server (will succeed if online)
+        try {
+          const { signature, timestamp } = await SignatureService.createRegistrationSignature();
+          await oxyServices.register(publicKey, signature, timestamp);
+          
+          // Mark as synced (Zustand store + storage)
+          await storage.setItem('oxy_identity_synced', 'true');
+          setIdentitySynced(true);
+
+          return {
+            recoveryPhrase: words,
+            synced: true,
+          };
+        } catch (syncError) {
+          // Offline or server error - identity is created locally but not synced
+          if (__DEV__) {
+            console.log('[Auth] Identity created locally, will sync when online:', syncError);
+          }
+          
+          return {
+            recoveryPhrase: words,
+            synced: false,
+          };
+        }
+      } catch (error) {
+        // Clean up identity if generation failed
+        await KeyManager.deleteIdentity().catch(() => {});
+        await storage.removeItem('oxy_identity_synced').catch(() => {});
+        setIdentitySynced(true);
+        
+        const message = handleAuthError(error, {
+          defaultMessage: 'Failed to create identity',
+          code: REGISTER_ERROR_CODE,
+          onError,
+          setAuthError: (msg) => setAuthState({ error: msg }),
+          logger,
+        });
+        loginFailure(message);
+        throw error;
+      } finally {
+        setAuthState({ isLoading: false });
+      }
+    },
+    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced],
+  );
+
+  /**
+   * Check if identity is synced with server (reads from storage for persistence)
+   */
+  const isIdentitySyncedFn = useCallback(async (): Promise<boolean> => {
+    if (!storage) return true;
+    const synced = await storage.getItem('oxy_identity_synced');
+    const isSynced = synced !== 'false';
+    setIdentitySynced(isSynced);
+    return isSynced;
+  }, [storage, setIdentitySynced]);
+
+  /**
+   * Sync local identity with server (call when online)
+   */
+  const syncIdentity = useCallback(
+    async (): Promise<User> => {
+      if (!storage) throw new Error('Storage not initialized');
+
+      setAuthState({ isLoading: true, error: null });
+      setSyncing(true);
+
+      try {
+        const publicKey = await KeyManager.getPublicKey();
+        if (!publicKey) {
+          throw new Error('No identity found on this device');
+        }
+
+        // Check if already synced
+        const alreadySynced = await storage.getItem('oxy_identity_synced');
+        if (alreadySynced === 'true') {
+          // Already synced, just sign in
+          setIdentitySynced(true);
+          return await performSignIn(publicKey);
+        }
+
+        // Check if already registered on server
+        const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
+
+        if (!registered) {
+          // Register with server (identity is just the publicKey)
+          const { signature, timestamp } = await SignatureService.createRegistrationSignature();
+          await oxyServices.register(publicKey, signature, timestamp);
+        }
+
+        // Mark as synced (Zustand store + storage)
+        await storage.setItem('oxy_identity_synced', 'true');
+        setIdentitySynced(true);
+
+        // Sign in
+        return await performSignIn(publicKey);
+      } catch (error) {
+        const message = handleAuthError(error, {
+          defaultMessage: 'Failed to sync identity',
+          code: REGISTER_ERROR_CODE,
+          onError,
+          setAuthError: (msg) => setAuthState({ error: msg }),
+          logger,
+        });
+        loginFailure(message);
+        throw error;
+      } finally {
+        setAuthState({ isLoading: false });
+        setSyncing(false);
+      }
+    },
+    [oxyServices, storage, setAuthState, performSignIn, loginFailure, onError, logger, setSyncing, setIdentitySynced],
+  );
+
+  /**
+   * Import identity from recovery phrase (offline-first)
+   */
+  const importIdentity = useCallback(
+    async (phrase: string): Promise<{ synced: boolean }> => {
+      if (!storage) throw new Error('Storage not initialized');
+
+      setAuthState({ isLoading: true, error: null });
+
+      try {
+        // Restore identity from phrase (works offline)
+        const publicKey = await RecoveryPhraseService.restoreFromPhrase(phrase);
+
+        // Mark as not synced
+        await storage.setItem('oxy_identity_synced', 'false');
+        setIdentitySynced(false);
+
+        // Try to sync with server
+        try {
+          // Check if this identity is already registered
+          const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
+
+          if (registered) {
+            // Identity exists, mark as synced
+            await storage.setItem('oxy_identity_synced', 'true');
+            setIdentitySynced(true);
+            return { synced: true };
+          } else {
+            // Need to register this identity (identity is just the publicKey)
+            const { signature, timestamp } = await SignatureService.createRegistrationSignature();
+            await oxyServices.register(publicKey, signature, timestamp);
+            
+            await storage.setItem('oxy_identity_synced', 'true');
+            setIdentitySynced(true);
+            return { synced: true };
+          }
+        } catch (syncError) {
+          // Offline - identity restored locally but not synced
+          if (__DEV__) {
+            console.log('[Auth] Identity imported locally, will sync when online:', syncError);
+          }
+          return { synced: false };
+        }
+      } catch (error) {
+        const message = handleAuthError(error, {
+          defaultMessage: 'Failed to import identity',
+          code: REGISTER_ERROR_CODE,
+          onError,
+          setAuthError: (msg) => setAuthState({ error: msg }),
+          logger,
+        });
+        loginFailure(message);
+        throw error;
+      } finally {
+        setAuthState({ isLoading: false });
+      }
+    },
+    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced],
+  );
+
   /**
    * Sign in with existing identity on device
    */
@@ -396,5 +508,7 @@ export const useAuthOperations = ({
     logoutAll,
     hasIdentity,
     getPublicKey,
+    isIdentitySynced: isIdentitySyncedFn,
+    syncIdentity,
   };
 };