@oxyhq/services 5.16.12 → 5.16.14

package/src/crypto/keyManager.ts

@@ -28,7 +28,15 @@ const STORAGE_KEYS = {
  */
 async function initSecureStore(): Promise<typeof import('expo-secure-store')> {
   if (!SecureStore) {
-    SecureStore = await import('expo-secure-store');
+    try {
+      SecureStore = await import('expo-secure-store');
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      throw new Error(`Failed to load expo-secure-store: ${errorMessage}. Make sure expo-secure-store is installed and properly configured.`);
+    }
+  }
+  if (!SecureStore) {
+    throw new Error('expo-secure-store module is not available');
   }
   return SecureStore;
 }
@@ -95,6 +103,19 @@ export interface KeyPair {
 }
 
 export class KeyManager {
+  // In-memory cache for identity state (invalidated on identity changes)
+  private static cachedPublicKey: string | null = null;
+  private static cachedHasIdentity: boolean | null = null;
+
+  /**
+   * Invalidate cached identity state
+   * Called internally when identity is created/deleted/imported
+   */
+  private static invalidateCache(): void {
+    KeyManager.cachedPublicKey = null;
+    KeyManager.cachedHasIdentity = null;
+  }
+
   /**
    * Generate a new ECDSA secp256k1 key pair
    * Returns the keys in hexadecimal format
@@ -129,14 +150,16 @@ export class KeyManager {
     const store = await initSecureStore();
     const { privateKey, publicKey } = await KeyManager.generateKeyPair();
 
-    // Store private key securely
     await store.setItemAsync(STORAGE_KEYS.PRIVATE_KEY, privateKey, {
       keychainAccessible: store.WHEN_UNLOCKED_THIS_DEVICE_ONLY,
     });
 
-    // Store public key (for quick access without deriving)
     await store.setItemAsync(STORAGE_KEYS.PUBLIC_KEY, publicKey);
 
+    // Update cache
+    KeyManager.cachedPublicKey = publicKey;
+    KeyManager.cachedHasIdentity = true;
+
     return publicKey;
   }
 
@@ -146,16 +169,18 @@ export class KeyManager {
   static async importKeyPair(privateKey: string): Promise<string> {
     const store = await initSecureStore();
     
-    // Derive public key from private key
     const keyPair = ec.keyFromPrivate(privateKey);
     const publicKey = keyPair.getPublic('hex');
 
-    // Store both keys
     await store.setItemAsync(STORAGE_KEYS.PRIVATE_KEY, privateKey, {
       keychainAccessible: store.WHEN_UNLOCKED_THIS_DEVICE_ONLY,
     });
     await store.setItemAsync(STORAGE_KEYS.PUBLIC_KEY, publicKey);
 
+    // Update cache
+    KeyManager.cachedPublicKey = publicKey;
+    KeyManager.cachedHasIdentity = true;
+
     return publicKey;
   }
 
@@ -164,24 +189,71 @@ export class KeyManager {
    * WARNING: Only use this for signing operations within the app
    */
   static async getPrivateKey(): Promise<string | null> {
-    const store = await initSecureStore();
-    return store.getItemAsync(STORAGE_KEYS.PRIVATE_KEY);
+    try {
+      const store = await initSecureStore();
+      return await store.getItemAsync(STORAGE_KEYS.PRIVATE_KEY);
+    } catch (error) {
+      // If secure store is not available, return null (no identity)
+      // This allows the app to continue functioning even if secure store fails to load
+      if (__DEV__) {
+        console.warn('[KeyManager] Failed to access secure store:', error);
+      }
+      return null;
+    }
   }
 
   /**
-   * Get the stored public key
+   * Get the stored public key (cached for performance)
    */
   static async getPublicKey(): Promise<string | null> {
-    const store = await initSecureStore();
-    return store.getItemAsync(STORAGE_KEYS.PUBLIC_KEY);
+    if (KeyManager.cachedPublicKey !== null) {
+      return KeyManager.cachedPublicKey;
+    }
+
+    try {
+      const store = await initSecureStore();
+      const publicKey = await store.getItemAsync(STORAGE_KEYS.PUBLIC_KEY);
+      
+      // Cache result (null is a valid cache value meaning no identity)
+      KeyManager.cachedPublicKey = publicKey;
+      
+      return publicKey;
+    } catch (error) {
+      // If secure store is not available, return null (no identity)
+      // Cache null to avoid repeated failed attempts
+      KeyManager.cachedPublicKey = null;
+      if (__DEV__) {
+        console.warn('[KeyManager] Failed to access secure store:', error);
+      }
+      return null;
+    }
   }
 
   /**
-   * Check if an identity (key pair) exists on this device
+   * Check if an identity (key pair) exists on this device (cached for performance)
    */
   static async hasIdentity(): Promise<boolean> {
-    const privateKey = await KeyManager.getPrivateKey();
-    return privateKey !== null;
+    if (KeyManager.cachedHasIdentity !== null) {
+      return KeyManager.cachedHasIdentity;
+    }
+
+    try {
+      const privateKey = await KeyManager.getPrivateKey();
+      const hasIdentity = privateKey !== null;
+      
+      // Cache result
+      KeyManager.cachedHasIdentity = hasIdentity;
+      
+      return hasIdentity;
+    } catch (error) {
+      // If we can't check, assume no identity (safer default)
+      // Cache false to avoid repeated failed attempts
+      KeyManager.cachedHasIdentity = false;
+      if (__DEV__) {
+        console.warn('[KeyManager] Failed to check identity:', error);
+      }
+      return false;
+    }
   }
 
   /**
@@ -228,6 +300,9 @@ export class KeyManager {
     await store.deleteItemAsync(STORAGE_KEYS.PRIVATE_KEY);
     await store.deleteItemAsync(STORAGE_KEYS.PUBLIC_KEY);
     
+    // Invalidate cache
+    KeyManager.invalidateCache();
+    
     // Also clear backup if force deletion
     if (force) {
       try {
@@ -343,16 +418,17 @@ export class KeyManager {
         return false; // Backup keys don't match
       }
 
-      // Restore from backup
       await store.setItemAsync(STORAGE_KEYS.PRIVATE_KEY, backupPrivateKey, {
         keychainAccessible: store.WHEN_UNLOCKED_THIS_DEVICE_ONLY,
       });
       await store.setItemAsync(STORAGE_KEYS.PUBLIC_KEY, backupPublicKey);
 
-      // Verify restoration was successful
       const restored = await KeyManager.verifyIdentityIntegrity();
       if (restored) {
-        // Update backup timestamp
+        // Update cache
+        KeyManager.cachedPublicKey = backupPublicKey;
+        KeyManager.cachedHasIdentity = true;
+
         await store.setItemAsync(STORAGE_KEYS.BACKUP_TIMESTAMP, Date.now().toString());
         return true;
       }

package/src/index.ts

@@ -103,7 +103,12 @@ export type {
   AssetUpdateVisibilityResponse,
   // Account storage usage
   AccountStorageCategoryUsage,
-  AccountStorageUsageResponse
+  AccountStorageUsageResponse,
+  // Security activity
+  SecurityEventType,
+  SecurityEventSeverity,
+  SecurityActivity,
+  SecurityActivityResponse
 } from './models/interfaces';
 
 export type {

package/src/models/interfaces.ts

@@ -50,15 +50,11 @@ export interface User {
     image?: string;
     link: string;
   }>;
-  // Social counts - can be returned by API in different formats
+  // Social counts
   _count?: {
     followers?: number;
     following?: number;
   };
-  stats?: {
-    followers?: number;
-    following?: number;
-  };
   accountExpiresAfterInactivityDays?: number | null; // Days of inactivity before account expires (null = never expire)
   [key: string]: unknown;
 }
@@ -407,6 +403,53 @@ export interface AccountStorageUsageResponse {
   updatedAt: string;
 }
 
+/**
+ * Security activity event types
+ */
+export type SecurityEventType = 
+  | 'sign_in'
+  | 'sign_out'
+  | 'email_changed'
+  | 'profile_updated'
+  | 'device_added'
+  | 'device_removed'
+  | 'account_recovery'
+  | 'security_settings_changed'
+  | 'suspicious_activity';
+
+/**
+ * Security event severity levels
+ */
+export type SecurityEventSeverity = 'low' | 'medium' | 'high' | 'critical';
+
+/**
+ * Security activity event
+ */
+export interface SecurityActivity {
+  id: string;
+  userId: string;
+  eventType: SecurityEventType;
+  eventDescription: string;
+  metadata?: Record<string, any>;
+  ipAddress?: string;
+  userAgent?: string;
+  deviceId?: string;
+  timestamp: string;
+  severity: SecurityEventSeverity;
+  createdAt: string;
+}
+
+/**
+ * Security activity response with pagination
+ */
+export interface SecurityActivityResponse {
+  data: SecurityActivity[];
+  total: number;
+  limit: number;
+  offset: number;
+  hasMore: boolean;
+}
+
 export interface AssetUploadProgress {
   fileId: string;
   uploaded: number;

package/src/ui/components/TextField/TextFieldFlat.tsx

@@ -438,7 +438,7 @@ const TextInputFlat = ({
               flexShrink: 1,
               minWidth: 0,
             },
-            Platform.OS === 'web' ? { outline: 'none' } : undefined,
+            Platform.OS === 'web' ? { outline: 'none', outlineWidth: 0, outlineStyle: 'none' } : undefined,
             adornmentStyleAdjustmentForNativeInput,
             contentStyle,
           ],

package/src/ui/components/TextField/TextFieldOutlined.tsx

@@ -427,7 +427,7 @@ const TextInputOutlined = ({
               flexShrink: 1,
               minWidth: 0,
             },
-            Platform.OS === 'web' ? { outline: 'none' } : undefined,
+            Platform.OS === 'web' ? { outline: 'none', outlineWidth: 0, outlineStyle: 'none' } : undefined,
             adornmentStyleAdjustmentForNativeInput,
             contentStyle,
           ],

package/src/ui/context/OxyContext.tsx

@@ -201,7 +201,6 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
     const checkAndRestoreIdentity = async () => {
       try {
-        const { KeyManager } = await import('../../crypto/index.js');
         // Check if identity exists and verify integrity
         const hasIdentity = await KeyManager.hasIdentity();
         if (hasIdentity) {
@@ -209,14 +208,11 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
           if (!isValid) {
             // Try to restore from backup
             const restored = await KeyManager.restoreIdentityFromBackup();
-            if (restored) {
-              if (__DEV__) {
-                logger('Identity restored from backup successfully');
-              }
-            } else {
-              if (__DEV__) {
-                logger('Identity integrity check failed - user may need to restore from recovery phrase');
-              }
+            if (__DEV__) {
+              logger(restored
+                ? 'Identity restored from backup successfully'
+                : 'Identity integrity check failed - user may need to restore from recovery phrase'
+              );
             }
           } else {
             // Identity is valid - ensure backup is up to date
@@ -317,9 +313,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   });
 
   // syncIdentity - TanStack Query handles offline mutations automatically
-  const syncIdentity = useCallback(async () => {
-    return await syncIdentityBase();
-  }, [syncIdentityBase]);
+  const syncIdentity = useCallback(() => syncIdentityBase(), [syncIdentityBase]);
 
   // Clear all account data when identity is lost (for accounts app)
   // In accounts app, identity = account, so losing identity means losing everything
@@ -332,9 +326,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
       try {
         await clearQueryCache(storage);
       } catch (error) {
-        if (logger) {
-          logger('Failed to clear persisted query cache', error);
-        }
+        logger('Failed to clear persisted query cache', error);
       }
     }
 
@@ -346,9 +338,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
       try {
         await storage.removeItem('oxy_identity_synced');
       } catch (error) {
-        if (logger) {
-          logger('Failed to clear identity sync state', error);
-        }
+        logger('Failed to clear identity sync state', error);
       }
     }
 
@@ -419,20 +409,21 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
         // If we were offline and now we're online, sync identity if needed
         if (wasOffline) {
-          if (__DEV__ && logger) {
-            logger('Network reconnected, checking identity sync...');
-          }
+          logger('Network reconnected, checking identity sync...');
 
           // Sync identity first (if not synced)
           try {
-            const isSynced = await storage.getItem('oxy_identity_synced');
-            if (isSynced === 'false') {
-              await syncIdentity();
+            const hasIdentityValue = await hasIdentity();
+            if (hasIdentityValue) {
+              // Check sync status directly - sync if not explicitly 'true'
+              // undefined = not synced yet, 'false' = explicitly not synced, 'true' = synced
+              const syncStatus = await storage.getItem('oxy_identity_synced');
+              if (syncStatus !== 'true') {
+                await syncIdentity();
+              }
             }
           } catch (syncError) {
-            if (__DEV__ && logger) {
-              logger('Error syncing identity on reconnect', syncError);
-            }
+            logger('Error syncing identity on reconnect', syncError);
           }
 
           // TanStack Query will automatically retry pending mutations
@@ -515,7 +506,11 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
               });
             }
           } catch (validationError) {
-            logger('Session validation failed during init', validationError);
+            // Silently handle expected 401 errors (expired/invalid sessions) during restoration
+            // Only log unexpected errors
+            if (!isInvalidSessionError(validationError)) {
+              logger('Session validation failed during init', validationError);
+            }
           }
         }
 
@@ -528,13 +523,16 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         try {
           await switchSession(storedActiveSessionId);
         } catch (switchError) {
+          // Silently handle expected 401 errors (expired/invalid active session)
           if (isInvalidSessionError(switchError)) {
             await storage.removeItem(storageKeys.activeSessionId);
             updateSessions(
               validSessions.filter((session) => session.sessionId !== storedActiveSessionId),
               { merge: false },
             );
+            // Don't log expected session errors during restoration
           } else {
+            // Only log unexpected errors
             logger('Active session validation error', switchError);
           }
         }

package/src/ui/context/hooks/useSessionManagement.ts

@@ -7,7 +7,7 @@ import { getStorageKeys, type StorageInterface } from '../utils/storageHelpers';
 import { handleAuthError, isInvalidSessionError } from '../utils/errorHandlers';
 import type { OxyServices } from '../../../core';
 import type { QueryClient } from '@tanstack/react-query';
-import { clearQueryCache } from '../../hooks/queryClient.js';
+import { clearQueryCache } from '../../hooks/queryClient';
 
 export interface UseSessionManagementOptions {
   oxyServices: OxyServices;

package/src/ui/context/utils/errorHandlers.ts

@@ -53,11 +53,21 @@ export const isInvalidSessionError = (error: unknown): boolean => {
     return false;
   }
 
+  // Check error.status directly (HttpService sets this)
+  if ((error as any).status === 401) {
+    return true;
+  }
+
   const normalizedMessage = extractErrorMessage(error)?.toLowerCase();
   if (!normalizedMessage) {
     return false;
   }
 
+  // Check for HTTP 401 in message (HttpService creates errors with "HTTP 401:" format)
+  if (normalizedMessage.includes('http 401') || normalizedMessage.includes('401')) {
+    return true;
+  }
+
   return DEFAULT_INVALID_SESSION_MESSAGES.some((msg) =>
     normalizedMessage.includes(msg.toLowerCase()),
   );

package/src/ui/hooks/mutations/useAccountMutations.ts

@@ -4,6 +4,7 @@ import { queryKeys, invalidateAccountQueries, invalidateUserQueries } from '../q
 import { useOxy } from '../../context/OxyContext';
 import { toast } from '../../../lib/sonner';
 import { refreshAvatarInStore } from '../../utils/avatarUtils';
+import { useAuthStore } from '../../stores/authStore';
 
 /**
  * Update user profile with optimistic updates and offline queue support
@@ -107,6 +108,9 @@ export const useUpdateProfile = () => {
         queryClient.setQueryData(queryKeys.users.profile(activeSessionId), data);
       }
       
+      // Update authStore so frontend components see the changes immediately
+      useAuthStore.getState().setUser(data);
+      
       // If avatar was updated, refresh accountStore with cache-busted URL
       if (updates.avatar && activeSessionId && oxyServices) {
         refreshAvatarInStore(activeSessionId, updates.avatar, oxyServices);
@@ -220,6 +224,9 @@ export const useUploadAvatar = () => {
         queryClient.setQueryData(queryKeys.users.profile(activeSessionId), data);
       }
       
+      // Update authStore so frontend components see the changes immediately
+      useAuthStore.getState().setUser(data);
+      
       // Refresh accountStore with cache-busted URL if avatar was updated
       if (data?.avatar && activeSessionId && oxyServices) {
         refreshAvatarInStore(activeSessionId, data.avatar, oxyServices);
@@ -268,6 +275,10 @@ export const useUpdateAccountSettings = () => {
     },
     onSuccess: (data) => {
       queryClient.setQueryData(queryKeys.accounts.current(), data);
+      
+      // Update authStore so frontend components see the changes immediately
+      useAuthStore.getState().setUser(data);
+      
       invalidateAccountQueries(queryClient);
       toast.success('Settings updated successfully');
     },
@@ -394,10 +405,14 @@ export const useUpdatePrivacySettings = () => {
       // Also update account query if it contains privacy settings
       const currentUser = queryClient.getQueryData<User>(queryKeys.accounts.current());
       if (currentUser) {
-        queryClient.setQueryData<User>(queryKeys.accounts.current(), {
+        const updatedUser = {
           ...currentUser,
           privacySettings: data,
-        });
+        };
+        queryClient.setQueryData<User>(queryKeys.accounts.current(), updatedUser);
+        
+        // Update authStore so frontend components see the changes immediately
+        useAuthStore.getState().setUser(updatedUser);
       }
       invalidateAccountQueries(queryClient);
     },

package/src/ui/hooks/queries/index.ts

@@ -25,6 +25,12 @@ export {
   useSecurityInfo,
 } from './useServicesQueries';
 
+// Security activity query hooks
+export {
+  useSecurityActivity,
+  useRecentSecurityActivity,
+} from './useSecurityQueries';
+
 // Query keys and invalidation helpers (for advanced usage)
 export { queryKeys, invalidateAccountQueries, invalidateUserQueries, invalidateSessionQueries } from './queryKeys';
 

package/src/ui/hooks/queries/queryKeys.ts

@@ -54,6 +54,15 @@ export const queryKeys = {
     all: ['privacy'] as const,
     settings: (userId?: string) => [...queryKeys.privacy.all, 'settings', userId || 'current'] as const,
   },
+
+  // Security activity queries
+  security: {
+    all: ['security'] as const,
+    activity: (limit?: number, offset?: number, eventType?: string) => 
+      [...queryKeys.security.all, 'activity', limit, offset, eventType] as const,
+    recent: (limit: number) => 
+      [...queryKeys.security.all, 'recent', limit] as const,
+  },
 } as const;
 
 /**

package/src/ui/hooks/queries/useSecurityQueries.ts

@@ -0,0 +1,64 @@
+import { useQuery } from '@tanstack/react-query';
+import { queryKeys } from './queryKeys';
+import { useOxy } from '../../context/OxyContext';
+import type { SecurityActivity, SecurityEventType } from '../../../models/interfaces';
+
+/**
+ * Get user's security activity with pagination
+ */
+export const useSecurityActivity = (
+  options?: {
+    limit?: number;
+    offset?: number;
+    eventType?: SecurityEventType;
+    enabled?: boolean;
+  }
+) => {
+  const { oxyServices, activeSessionId } = useOxy();
+
+  return useQuery({
+    queryKey: queryKeys.security.activity(
+      options?.limit,
+      options?.offset,
+      options?.eventType
+    ),
+    queryFn: async () => {
+      if (!activeSessionId) {
+        throw new Error('No active session');
+      }
+
+      const response = await oxyServices.getSecurityActivity(
+        options?.limit,
+        options?.offset,
+        options?.eventType
+      );
+
+      return response;
+    },
+    enabled: (options?.enabled !== false) && !!activeSessionId,
+    staleTime: 5 * 60 * 1000, // 5 minutes
+    gcTime: 10 * 60 * 1000, // 10 minutes
+  });
+};
+
+/**
+ * Get recent security activity (convenience hook)
+ */
+export const useRecentSecurityActivity = (limit: number = 10) => {
+  const { oxyServices, activeSessionId } = useOxy();
+
+  return useQuery<SecurityActivity[]>({
+    queryKey: queryKeys.security.recent(limit),
+    queryFn: async () => {
+      if (!activeSessionId) {
+        throw new Error('No active session');
+      }
+
+      return await oxyServices.getRecentSecurityActivity(limit);
+    },
+    enabled: !!activeSessionId,
+    staleTime: 5 * 60 * 1000, // 5 minutes
+    gcTime: 10 * 60 * 1000, // 10 minutes
+  });
+};
+

package/src/ui/utils/avatarUtils.ts

@@ -1,6 +1,7 @@
 import type { OxyServices } from '../../core';
 import type { User } from '../../models/interfaces';
 import { useAccountStore } from '../stores/accountStore';
+import { useAuthStore } from '../stores/authStore';
 import { QueryClient } from '@tanstack/react-query';
 import { queryKeys, invalidateUserQueries, invalidateAccountQueries } from '../hooks/queries/queryKeys';
 
@@ -25,12 +26,11 @@ export async function updateAvatarVisibility(
 
   try {
     await oxyServices.assetUpdateVisibility(fileId, 'public');
-    console.log(`[${contextName}] Avatar visibility updated to public`);
+    // Visibility update is logged by the API
   } catch (visError: any) {
-    // Only log non-404 errors (404 means asset doesn't exist yet, which is OK)
-    if (visError?.response?.status !== 404) {
-      console.warn(`[${contextName}] Failed to update avatar visibility, continuing anyway:`, visError);
-    }
+    // Silently handle errors - 404 means asset doesn't exist yet (which is OK)
+    // Other errors are logged by the API, so no need to log here
+    // Function continues gracefully regardless of visibility update success
   }
 }
 
@@ -104,6 +104,9 @@ export async function updateProfileWithAvatar(
       queryClient.setQueryData(queryKeys.users.profile(activeSessionId), data);
     }
     
+    // Update authStore so frontend components see the changes immediately
+    useAuthStore.getState().setUser(data);
+    
     // If avatar was updated, refresh accountStore with cache-busted URL
     if (updates.avatar && activeSessionId) {
       refreshAvatarInStore(activeSessionId, updates.avatar, oxyServices);