@oxyhq/services 5.16.22 → 5.16.24

package/lib/module/core/OxyServices.base.js

@@ -5,10 +5,11 @@
  * 
  * Contains core infrastructure, HTTP client, request management, and error handling
  */
-import { jwtDecode } from 'jwt-decode';
+
 import { handleHttpError } from '../utils/errorUtils';
 import { HttpService } from './HttpService';
 import { OxyAuthenticationError, OxyAuthenticationTimeoutError } from './OxyServices.errors';
+import { tokenService } from './services/TokenService';
 /**
  * Base class for OxyServices with core infrastructure
  */
@@ -114,18 +115,10 @@ export class OxyServicesBase {
 
   /**
    * Get the current user ID from the access token
+   * Returns MongoDB ObjectId (never publicKey)
    */
   getCurrentUserId() {
-    const accessToken = this.httpService.getAccessToken();
-    if (!accessToken) {
-      return null;
-    }
-    try {
-      const decoded = jwtDecode(accessToken);
-      return decoded.userId || decoded.id || null;
-    } catch (error) {
-      return null;
-    }
+    return tokenService.getUserIdFromToken();
   }
 
   /**

package/lib/module/core/OxyServices.base.js.map

@@ -1 +1 @@
-{"version":3,"names":["jwtDecode","handleHttpError","HttpService","OxyAuthenticationError","OxyAuthenticationTimeoutError","OxyServicesBase","constructor","args","config","Error","cloudURL","httpService","__resetTokensForTests","makeRequest","method","url","data","options","request","undefined","params","getBaseURL","getClient","getMetrics","clearCache","clearCacheEntry","key","getCacheStats","getCloudURL","setTokens","accessToken","refreshToken","clearTokens","getCurrentUserId","getAccessToken","decoded","userId","id","error","hasValidToken","hasAccessToken","waitForAuth","timeoutMs","startTime","performance","now","maxTime","pollInterval","Promise","resolve","setTimeout","Math","min","withAuthRetry","operation","operationName","maxRetries","retryDelay","authTimeoutMs","attempt","authReady","isLastAttempt","errorObj","isAuthError","response","status","code","message","includes","handleError","validate","res","cache","retry","valid","api","trim","err","details","healthCheck","timeout"],"sourceRoot":"../../../src","sources":["core/OxyServices.base.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA,SAASA,SAAS,QAAQ,YAAY;AAEtC,SAASC,eAAe,QAAQ,qBAAqB;AACrD,SAASC,WAAW,QAA6B,eAAe;AAChE,SAASC,sBAAsB,EAAEC,6BAA6B,QAAQ,sBAAsB;AAc5F;AACA;AACA;AACA,OAAO,MAAMC,eAAe,CAAC;EAK3BC,WAAWA,CAAC,GAAGC,IAAW,EAAE;IAC1B,MAAMC,MAAM,GAAGD,IAAI,CAAC,CAAC,CAAc;IACnC,IAAI,CAACC,MAAM,IAAI,OAAOA,MAAM,KAAK,QAAQ,EAAE;MACzC,MAAM,IAAIC,KAAK,CAAC,uBAAuB,CAAC;IAC1C;IACA,IAAI,CAACD,MAAM,GAAGA,MAAM;IACpB,IAAI,CAACE,QAAQ,GAAGF,MAAM,CAACE,QAAQ,IAAI,sBAAsB;;IAEzD;IACA,IAAI,CAACC,WAAW,GAAG,IAAIT,WAAW,CAACM,MAAM,CAAC;EAC5C;;EAEA;EACA,OAAOI,qBAAqBA,CAAA,EAAS;IACnCV,WAAW,CAACU,qBAAqB,CAAC,CAAC;EACrC;;EAEA;AACF;AACA;AACA;EACE,MAAaC,WAAWA,CACtBC,MAAmD,EACnDC,GAAW,EACXC,IAAU,EACVC,OAAuB,GAAG,CAAC,CAAC,EAChB;IACZ,OAAO,IAAI,CAACN,WAAW,CAACO,OAAO,CAAI;MACjCJ,MAAM;MACNC,GAAG;MACHC,IAAI,EAAEF,MAAM,KAAK,KAAK,GAAGE,IAAI,GAAGG,SAAS;MACzCC,MAAM,EAAEN,MAAM,KAAK,KAAK,GAAGE,IAAI,GAAGG,SAAS;MAC3C,GAAGF;IACL,CAAC,CAAC;EACJ;;EAEA;EACA;EACA;;EAEA;AACF;AACA;EACSI,UAAUA,CAAA,EAAW;IAC1B,OAAO,IAAI,CAACV,WAAW,CAACU,UAAU,CAAC,CAAC;EACtC;;EAEA;AACF;AACA;AACA;EACSC,SAASA,CAAA,EAAgB;IAC9B,OAAO,IAAI,CAACX,WAAW;EACzB;;EAEA;AACF;AACA;EACSY,UAAUA,CAAA,EAAG;IAClB,OAAO,IAAI,CAACZ,WAAW,CAACY,UAAU,CAAC,CAAC;EACtC;;EAEA;AACF;AACA;EACSC,UAAUA,CAAA,EAAS;IACxB,IAAI,CAACb,WAAW,CAACa,UAAU,CAAC,CAAC;EAC/B;;EAEA;AACF;AACA;EACSC,eAAeA,CAACC,GAAW,EAAQ;IACxC,IAAI,CAACf,WAAW,CAACc,eAAe,CAACC,GAAG,CAAC;EACvC;;EAEA;AACF;AACA;EACSC,aAAaA,CAAA,EAAG;IACrB,OAAO,IAAI,CAAChB,WAAW,CAACgB,aAAa,CAAC,CAAC;EACzC;;EAEA;AACF;AACA;EACSC,WAAWA,CAAA,EAAW;IAC3B,OAAO,IAAI,CAAClB,QAAQ;EACtB;;EAEA;AACF;AACA;EACSmB,SAASA,CAACC,WAAmB,EAAEC,YAAY,GAAG,EAAE,EAAQ;IAC7D,IAAI,CAACpB,WAAW,CAACkB,SAAS,CAACC,WAAW,EAAEC,YAAY,CAAC;EACvD;;EAEA;AACF;AACA;EACSC,WAAWA,CAAA,EAAS;IACzB,IAAI,CAACrB,WAAW,CAACqB,WAAW,CAAC,CAAC;EAChC;;EAEA;AACF;AACA;EACSC,gBAAgBA,CAAA,EAAkB;IACvC,MAAMH,WAAW,GAAG,IAAI,CAACnB,WAAW,CAACuB,cAAc,CAAC,CAAC;IACrD,IAAI,CAACJ,WAAW,EAAE;MAChB,OAAO,IAAI;IACb;IAEA,IAAI;MACF,MAAMK,OAAO,GAAGnC,SAAS,CAAa8B,WAAW,CAAC;MAClD,OAAOK,OAAO,CAACC,MAAM,IAAID,OAAO,CAACE,EAAE,IAAI,IAAI;IAC7C,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd,OAAO,IAAI;IACb;EACF;;EAEA;AACF;AACA;EACSC,aAAaA,CAAA,EAAY;IAC9B,OAAO,IAAI,CAAC5B,WAAW,CAAC6B,cAAc,CAAC,CAAC;EAC1C;;EAEA;AACF;AACA;EACSN,cAAcA,CAAA,EAAkB;IACrC,OAAO,IAAI,CAACvB,WAAW,CAACuB,cAAc,CAAC,CAAC;EAC1C;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAaO,WAAWA,CAACC,SAAS,GAAG,IAAI,EAAoB;IAC3D;IACA,IAAI,IAAI,CAAC/B,WAAW,CAAC6B,cAAc,CAAC,CAAC,EAAE;MACrC,OAAO,IAAI;IACb;IAEA,MAAMG,SAAS,GAAGC,WAAW,CAACC,GAAG,CAAC,CAAC;IACnC,MAAMC,OAAO,GAAGH,SAAS,GAAGD,SAAS;;IAErC;IACA,IAAIK,YAAY,GAAG,EAAE,CAAC,CAAC;;IAEvB,OAAOH,WAAW,CAACC,GAAG,CAAC,CAAC,GAAGC,OAAO,EAAE;MAClC,MAAM,IAAIE,OAAO,CAACC,OAAO,IAAIC,UAAU,CAACD,OAAO,EAAEF,YAAY,CAAC,CAAC;MAE/D,IAAI,IAAI,CAACpC,WAAW,CAAC6B,cAAc,CAAC,CAAC,EAAE;QACrC,OAAO,IAAI;MACb;;MAEA;MACA;MACA,IAAIO,YAAY,GAAG,GAAG,EAAE;QACtBA,YAAY,GAAGI,IAAI,CAACC,GAAG,CAACL,YAAY,GAAG,GAAG,EAAE,GAAG,CAAC;MAClD;IACF;IAEA,OAAO,KAAK;EACd;;EAEA;AACF;AACA;AACA;EACE,MAAaM,aAAaA,CACxBC,SAA2B,EAC3BC,aAAqB,EACrBtC,OAIC,GAAG,CAAC,CAAC,EACM;IACZ,MAAM;MACJuC,UAAU,GAAG,CAAC;MACdC,UAAU,GAAG,IAAI;MACjBC,aAAa,GAAG;IAClB,CAAC,GAAGzC,OAAO;IAEX,KAAK,IAAI0C,OAAO,GAAG,CAAC,EAAEA,OAAO,IAAIH,UAAU,EAAEG,OAAO,EAAE,EAAE;MACtD,IAAI;QACF;QACA,IAAI,CAAC,IAAI,CAAChD,WAAW,CAAC6B,cAAc,CAAC,CAAC,EAAE;UACtC,IAAImB,OAAO,KAAK,CAAC,EAAE;YACjB;YACA,MAAMC,SAAS,GAAG,MAAM,IAAI,CAACnB,WAAW,CAACiB,aAAa,CAAC;YAEvD,IAAI,CAACE,SAAS,EAAE;cACd,MAAM,IAAIxD,6BAA6B,CAACmD,aAAa,EAAEG,aAAa,CAAC;YACvE;UACF,CAAC,MAAM;YACL;YACA,MAAM,IAAIvD,sBAAsB,CAC9B,4BAA4BoD,aAAa,iCAAiC,EAC1E,eACF,CAAC;UACH;QACF;;QAEA;QACA,OAAO,MAAMD,SAAS,CAAC,CAAC;MAE1B,CAAC,CAAC,OAAOhB,KAAc,EAAE;QACvB,MAAMuB,aAAa,GAAGF,OAAO,KAAKH,UAAU;QAC5C,MAAMM,QAAQ,GAAGxB,KAAK,IAAI,OAAOA,KAAK,KAAK,QAAQ,GAAGA,KAAK,GAA0E,IAAI;QACzI,MAAMyB,WAAW,GAAGD,QAAQ,EAAEE,QAAQ,EAAEC,MAAM,KAAK,GAAG,IACnCH,QAAQ,EAAEI,IAAI,KAAK,eAAe,IAClCJ,QAAQ,EAAEK,OAAO,EAAEC,QAAQ,CAAC,gBAAgB,CAAC,IAC7C9B,KAAK,YAAYnC,sBAAsB;QAE1D,IAAI4D,WAAW,IAAI,CAACF,aAAa,IAAI,EAAEvB,KAAK,YAAYlC,6BAA6B,CAAC,EAAE;UACtF,MAAM,IAAI4C,OAAO,CAACC,OAAO,IAAIC,UAAU,CAACD,OAAO,EAAEQ,UAAU,CAAC,CAAC;UAC7D;QACF;;QAEA;QACA,IAAInB,KAAK,YAAYnC,sBAAsB,EAAE;UAC3C,MAAMmC,KAAK;QACb;QACA,MAAM,IAAI,CAAC+B,WAAW,CAAC/B,KAAK,CAAC;MAC/B;IACF;;IAEA;IACA,MAAM,IAAInC,sBAAsB,CAAC,GAAGoD,aAAa,iBAAiBC,UAAU,GAAG,CAAC,WAAW,CAAC;EAC9F;;EAEA;AACF;AACA;EACE,MAAMc,QAAQA,CAAA,EAAqB;IACjC,IAAI,CAAC,IAAI,CAAC/B,aAAa,CAAC,CAAC,EAAE;MACzB,OAAO,KAAK;IACd;IAEA,IAAI;MACF,MAAMgC,GAAG,GAAG,MAAM,IAAI,CAAC1D,WAAW,CAAqB,KAAK,EAAE,oBAAoB,EAAEM,SAAS,EAAE;QAC7FqD,KAAK,EAAE,KAAK;QACZC,KAAK,EAAE;MACT,CAAC,CAAC;MACF,OAAOF,GAAG,CAACG,KAAK,KAAK,IAAI;IAC3B,CAAC,CAAC,OAAOpC,KAAK,EAAE;MACd,OAAO,KAAK;IACd;EACF;;EAEA;AACF;AACA;EACS+B,WAAWA,CAAC/B,KAAc,EAAS;IACxC,MAAMqC,GAAG,GAAG1E,eAAe,CAACqC,KAAK,CAAC;IAClC;IACA,MAAM6B,OAAO,GAAGQ,GAAG,CAACR,OAAO,EAAES,IAAI,CAAC,CAAC,IAAI,8BAA8B;IACrE,MAAMC,GAAG,GAAG,IAAIpE,KAAK,CAAC0D,OAAO,CAAkF;IAC/GU,GAAG,CAACX,IAAI,GAAGS,GAAG,CAACT,IAAI;IACnBW,GAAG,CAACZ,MAAM,GAAGU,GAAG,CAACV,MAAM;IACvBY,GAAG,CAACC,OAAO,GAAGH,GAAG,CAACG,OAAO;IACzB,OAAOD,GAAG;EACZ;;EAEA;AACF;AACA;EACE,MAAME,WAAWA,CAAA,EAKd;IACD,IAAI;MACF,OAAO,MAAM,IAAI,CAAClE,WAAW,CAAC,KAAK,EAAE,SAAS,EAAEM,SAAS,EAAE;QACzDqD,KAAK,EAAE,KAAK;QACZC,KAAK,EAAE,KAAK;QACZO,OAAO,EAAE;MACX,CAAC,CAAC;IACJ,CAAC,CAAC,OAAO1C,KAAK,EAAE;MACd,MAAM,IAAI,CAAC+B,WAAW,CAAC/B,KAAK,CAAC;IAC/B;EACF;AACF","ignoreList":[]}
+{"version":3,"names":["handleHttpError","HttpService","OxyAuthenticationError","OxyAuthenticationTimeoutError","tokenService","OxyServicesBase","constructor","args","config","Error","cloudURL","httpService","__resetTokensForTests","makeRequest","method","url","data","options","request","undefined","params","getBaseURL","getClient","getMetrics","clearCache","clearCacheEntry","key","getCacheStats","getCloudURL","setTokens","accessToken","refreshToken","clearTokens","getCurrentUserId","getUserIdFromToken","hasValidToken","hasAccessToken","getAccessToken","waitForAuth","timeoutMs","startTime","performance","now","maxTime","pollInterval","Promise","resolve","setTimeout","Math","min","withAuthRetry","operation","operationName","maxRetries","retryDelay","authTimeoutMs","attempt","authReady","error","isLastAttempt","errorObj","isAuthError","response","status","code","message","includes","handleError","validate","res","cache","retry","valid","api","trim","err","details","healthCheck","timeout"],"sourceRoot":"../../../src","sources":["core/OxyServices.base.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;;AAEA,SAASA,eAAe,QAAQ,qBAAqB;AACrD,SAASC,WAAW,QAA6B,eAAe;AAChE,SAASC,sBAAsB,EAAEC,6BAA6B,QAAQ,sBAAsB;AAC5F,SAASC,YAAY,QAAQ,yBAAyB;AAMtD;AACA;AACA;AACA,OAAO,MAAMC,eAAe,CAAC;EAK3BC,WAAWA,CAAC,GAAGC,IAAW,EAAE;IAC1B,MAAMC,MAAM,GAAGD,IAAI,CAAC,CAAC,CAAc;IACnC,IAAI,CAACC,MAAM,IAAI,OAAOA,MAAM,KAAK,QAAQ,EAAE;MACzC,MAAM,IAAIC,KAAK,CAAC,uBAAuB,CAAC;IAC1C;IACA,IAAI,CAACD,MAAM,GAAGA,MAAM;IACpB,IAAI,CAACE,QAAQ,GAAGF,MAAM,CAACE,QAAQ,IAAI,sBAAsB;;IAEzD;IACA,IAAI,CAACC,WAAW,GAAG,IAAIV,WAAW,CAACO,MAAM,CAAC;EAC5C;;EAEA;EACA,OAAOI,qBAAqBA,CAAA,EAAS;IACnCX,WAAW,CAACW,qBAAqB,CAAC,CAAC;EACrC;;EAEA;AACF;AACA;AACA;EACE,MAAaC,WAAWA,CACtBC,MAAmD,EACnDC,GAAW,EACXC,IAAU,EACVC,OAAuB,GAAG,CAAC,CAAC,EAChB;IACZ,OAAO,IAAI,CAACN,WAAW,CAACO,OAAO,CAAI;MACjCJ,MAAM;MACNC,GAAG;MACHC,IAAI,EAAEF,MAAM,KAAK,KAAK,GAAGE,IAAI,GAAGG,SAAS;MACzCC,MAAM,EAAEN,MAAM,KAAK,KAAK,GAAGE,IAAI,GAAGG,SAAS;MAC3C,GAAGF;IACL,CAAC,CAAC;EACJ;;EAEA;EACA;EACA;;EAEA;AACF;AACA;EACSI,UAAUA,CAAA,EAAW;IAC1B,OAAO,IAAI,CAACV,WAAW,CAACU,UAAU,CAAC,CAAC;EACtC;;EAEA;AACF;AACA;AACA;EACSC,SAASA,CAAA,EAAgB;IAC9B,OAAO,IAAI,CAACX,WAAW;EACzB;;EAEA;AACF;AACA;EACSY,UAAUA,CAAA,EAAG;IAClB,OAAO,IAAI,CAACZ,WAAW,CAACY,UAAU,CAAC,CAAC;EACtC;;EAEA;AACF;AACA;EACSC,UAAUA,CAAA,EAAS;IACxB,IAAI,CAACb,WAAW,CAACa,UAAU,CAAC,CAAC;EAC/B;;EAEA;AACF;AACA;EACSC,eAAeA,CAACC,GAAW,EAAQ;IACxC,IAAI,CAACf,WAAW,CAACc,eAAe,CAACC,GAAG,CAAC;EACvC;;EAEA;AACF;AACA;EACSC,aAAaA,CAAA,EAAG;IACrB,OAAO,IAAI,CAAChB,WAAW,CAACgB,aAAa,CAAC,CAAC;EACzC;;EAEA;AACF;AACA;EACSC,WAAWA,CAAA,EAAW;IAC3B,OAAO,IAAI,CAAClB,QAAQ;EACtB;;EAEA;AACF;AACA;EACSmB,SAASA,CAACC,WAAmB,EAAEC,YAAY,GAAG,EAAE,EAAQ;IAC7D,IAAI,CAACpB,WAAW,CAACkB,SAAS,CAACC,WAAW,EAAEC,YAAY,CAAC;EACvD;;EAEA;AACF;AACA;EACSC,WAAWA,CAAA,EAAS;IACzB,IAAI,CAACrB,WAAW,CAACqB,WAAW,CAAC,CAAC;EAChC;;EAEA;AACF;AACA;AACA;EACSC,gBAAgBA,CAAA,EAAkB;IACvC,OAAO7B,YAAY,CAAC8B,kBAAkB,CAAC,CAAC;EAC1C;;EAEA;AACF;AACA;EACSC,aAAaA,CAAA,EAAY;IAC9B,OAAO,IAAI,CAACxB,WAAW,CAACyB,cAAc,CAAC,CAAC;EAC1C;;EAEA;AACF;AACA;EACSC,cAAcA,CAAA,EAAkB;IACrC,OAAO,IAAI,CAAC1B,WAAW,CAAC0B,cAAc,CAAC,CAAC;EAC1C;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,MAAaC,WAAWA,CAACC,SAAS,GAAG,IAAI,EAAoB;IAC3D;IACA,IAAI,IAAI,CAAC5B,WAAW,CAACyB,cAAc,CAAC,CAAC,EAAE;MACrC,OAAO,IAAI;IACb;IAEA,MAAMI,SAAS,GAAGC,WAAW,CAACC,GAAG,CAAC,CAAC;IACnC,MAAMC,OAAO,GAAGH,SAAS,GAAGD,SAAS;;IAErC;IACA,IAAIK,YAAY,GAAG,EAAE,CAAC,CAAC;;IAEvB,OAAOH,WAAW,CAACC,GAAG,CAAC,CAAC,GAAGC,OAAO,EAAE;MAClC,MAAM,IAAIE,OAAO,CAACC,OAAO,IAAIC,UAAU,CAACD,OAAO,EAAEF,YAAY,CAAC,CAAC;MAE/D,IAAI,IAAI,CAACjC,WAAW,CAACyB,cAAc,CAAC,CAAC,EAAE;QACrC,OAAO,IAAI;MACb;;MAEA;MACA;MACA,IAAIQ,YAAY,GAAG,GAAG,EAAE;QACtBA,YAAY,GAAGI,IAAI,CAACC,GAAG,CAACL,YAAY,GAAG,GAAG,EAAE,GAAG,CAAC;MAClD;IACF;IAEA,OAAO,KAAK;EACd;;EAEA;AACF;AACA;AACA;EACE,MAAaM,aAAaA,CACxBC,SAA2B,EAC3BC,aAAqB,EACrBnC,OAIC,GAAG,CAAC,CAAC,EACM;IACZ,MAAM;MACJoC,UAAU,GAAG,CAAC;MACdC,UAAU,GAAG,IAAI;MACjBC,aAAa,GAAG;IAClB,CAAC,GAAGtC,OAAO;IAEX,KAAK,IAAIuC,OAAO,GAAG,CAAC,EAAEA,OAAO,IAAIH,UAAU,EAAEG,OAAO,EAAE,EAAE;MACtD,IAAI;QACF;QACA,IAAI,CAAC,IAAI,CAAC7C,WAAW,CAACyB,cAAc,CAAC,CAAC,EAAE;UACtC,IAAIoB,OAAO,KAAK,CAAC,EAAE;YACjB;YACA,MAAMC,SAAS,GAAG,MAAM,IAAI,CAACnB,WAAW,CAACiB,aAAa,CAAC;YAEvD,IAAI,CAACE,SAAS,EAAE;cACd,MAAM,IAAItD,6BAA6B,CAACiD,aAAa,EAAEG,aAAa,CAAC;YACvE;UACF,CAAC,MAAM;YACL;YACA,MAAM,IAAIrD,sBAAsB,CAC9B,4BAA4BkD,aAAa,iCAAiC,EAC1E,eACF,CAAC;UACH;QACF;;QAEA;QACA,OAAO,MAAMD,SAAS,CAAC,CAAC;MAE1B,CAAC,CAAC,OAAOO,KAAc,EAAE;QACvB,MAAMC,aAAa,GAAGH,OAAO,KAAKH,UAAU;QAC5C,MAAMO,QAAQ,GAAGF,KAAK,IAAI,OAAOA,KAAK,KAAK,QAAQ,GAAGA,KAAK,GAA0E,IAAI;QACzI,MAAMG,WAAW,GAAGD,QAAQ,EAAEE,QAAQ,EAAEC,MAAM,KAAK,GAAG,IACnCH,QAAQ,EAAEI,IAAI,KAAK,eAAe,IAClCJ,QAAQ,EAAEK,OAAO,EAAEC,QAAQ,CAAC,gBAAgB,CAAC,IAC7CR,KAAK,YAAYxD,sBAAsB;QAE1D,IAAI2D,WAAW,IAAI,CAACF,aAAa,IAAI,EAAED,KAAK,YAAYvD,6BAA6B,CAAC,EAAE;UACtF,MAAM,IAAI0C,OAAO,CAACC,OAAO,IAAIC,UAAU,CAACD,OAAO,EAAEQ,UAAU,CAAC,CAAC;UAC7D;QACF;;QAEA;QACA,IAAII,KAAK,YAAYxD,sBAAsB,EAAE;UAC3C,MAAMwD,KAAK;QACb;QACA,MAAM,IAAI,CAACS,WAAW,CAACT,KAAK,CAAC;MAC/B;IACF;;IAEA;IACA,MAAM,IAAIxD,sBAAsB,CAAC,GAAGkD,aAAa,iBAAiBC,UAAU,GAAG,CAAC,WAAW,CAAC;EAC9F;;EAEA;AACF;AACA;EACE,MAAMe,QAAQA,CAAA,EAAqB;IACjC,IAAI,CAAC,IAAI,CAACjC,aAAa,CAAC,CAAC,EAAE;MACzB,OAAO,KAAK;IACd;IAEA,IAAI;MACF,MAAMkC,GAAG,GAAG,MAAM,IAAI,CAACxD,WAAW,CAAqB,KAAK,EAAE,oBAAoB,EAAEM,SAAS,EAAE;QAC7FmD,KAAK,EAAE,KAAK;QACZC,KAAK,EAAE;MACT,CAAC,CAAC;MACF,OAAOF,GAAG,CAACG,KAAK,KAAK,IAAI;IAC3B,CAAC,CAAC,OAAOd,KAAK,EAAE;MACd,OAAO,KAAK;IACd;EACF;;EAEA;AACF;AACA;EACSS,WAAWA,CAACT,KAAc,EAAS;IACxC,MAAMe,GAAG,GAAGzE,eAAe,CAAC0D,KAAK,CAAC;IAClC;IACA,MAAMO,OAAO,GAAGQ,GAAG,CAACR,OAAO,EAAES,IAAI,CAAC,CAAC,IAAI,8BAA8B;IACrE,MAAMC,GAAG,GAAG,IAAIlE,KAAK,CAACwD,OAAO,CAAkF;IAC/GU,GAAG,CAACX,IAAI,GAAGS,GAAG,CAACT,IAAI;IACnBW,GAAG,CAACZ,MAAM,GAAGU,GAAG,CAACV,MAAM;IACvBY,GAAG,CAACC,OAAO,GAAGH,GAAG,CAACG,OAAO;IACzB,OAAOD,GAAG;EACZ;;EAEA;AACF;AACA;EACE,MAAME,WAAWA,CAAA,EAKd;IACD,IAAI;MACF,OAAO,MAAM,IAAI,CAAChE,WAAW,CAAC,KAAK,EAAE,SAAS,EAAEM,SAAS,EAAE;QACzDmD,KAAK,EAAE,KAAK;QACZC,KAAK,EAAE,KAAK;QACZO,OAAO,EAAE;MACX,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOpB,KAAK,EAAE;MACd,MAAM,IAAI,CAACS,WAAW,CAACT,KAAK,CAAC;IAC/B;EACF;AACF","ignoreList":[]}

package/lib/module/core/services/SessionService.js

@@ -0,0 +1,159 @@
+"use strict";
+
+/**
+ * SessionService - Single Source of Truth for Session Management
+ * 
+ * Handles all session operations: creation, validation, refresh, invalidation.
+ * Manages active session state and provides session data to other services.
+ * 
+ * Architecture:
+ * - Single source of truth for session operations
+ * - Handles both online and offline sessions
+ * - Integrates with TokenService for token management
+ * - userId is always MongoDB ObjectId, never publicKey
+ */
+
+import { tokenService } from './TokenService';
+/**
+ * SessionService - Singleton pattern for global session management
+ */
+class SessionService {
+  oxyServices = null;
+  activeSession = null;
+  sessions = [];
+  constructor() {}
+  static getInstance() {
+    if (!SessionService.instance) {
+      SessionService.instance = new SessionService();
+    }
+    return SessionService.instance;
+  }
+
+  /**
+   * Initialize SessionService with OxyServices instance
+   */
+  initialize(oxyServices) {
+    this.oxyServices = oxyServices;
+  }
+
+  /**
+   * Get active session
+   */
+  getActiveSession() {
+    return this.activeSession;
+  }
+
+  /**
+   * Get all sessions
+   */
+  getAllSessions() {
+    return [...this.sessions];
+  }
+
+  /**
+   * Create a new session (sign in)
+   * @param publicKey - User's public key for authentication
+   * @returns User object and session data
+   */
+  async createSession(publicKey) {
+    if (!this.oxyServices) {
+      throw new Error('SessionService not initialized with OxyServices');
+    }
+
+    // This will be implemented by delegating to existing sign-in logic
+    // For now, this is a placeholder that shows the interface
+    throw new Error('SessionService.createSession not yet implemented - use existing signIn flow');
+  }
+
+  /**
+   * Refresh current session
+   */
+  async refreshSession() {
+    if (!this.activeSession) {
+      throw new Error('No active session to refresh');
+    }
+
+    // Refresh token first
+    await tokenService.refreshTokenIfNeeded();
+
+    // Then refresh session data from server
+    // Implementation will be added
+    return this.activeSession;
+  }
+
+  /**
+   * Validate current session
+   */
+  async validateSession() {
+    if (!this.activeSession) {
+      return false;
+    }
+
+    // Check if session expired
+    if (new Date(this.activeSession.expiresAt) < new Date()) {
+      return false;
+    }
+
+    // Check if token is valid
+    const token = tokenService.getAccessToken();
+    if (!token) {
+      return false;
+    }
+
+    // Additional validation can be added here
+    return true;
+  }
+
+  /**
+   * Invalidate current session (sign out)
+   */
+  async invalidateSession() {
+    if (!this.activeSession || !this.oxyServices) {
+      return;
+    }
+    try {
+      // Call API to invalidate session on server
+      await this.oxyServices.makeRequest('POST', `/api/session/${this.activeSession.sessionId}/logout`, undefined, {
+        cache: false
+      });
+    } catch (error) {
+      // Continue with local cleanup even if API call fails
+      console.warn('Failed to invalidate session on server:', error);
+    }
+
+    // Clear tokens
+    tokenService.clearTokens();
+
+    // Clear active session
+    this.activeSession = null;
+    this.sessions = this.sessions.filter(s => s.sessionId !== this.activeSession?.sessionId);
+  }
+
+  /**
+   * Set active session (internal use)
+   */
+  setActiveSession(session) {
+    this.activeSession = session;
+
+    // Update sessions list
+    const existingIndex = this.sessions.findIndex(s => s.sessionId === session.sessionId);
+    if (existingIndex >= 0) {
+      this.sessions[existingIndex] = session;
+    } else {
+      this.sessions.push(session);
+    }
+  }
+
+  /**
+   * Clear all sessions (logout all)
+   */
+  clearAllSessions() {
+    this.activeSession = null;
+    this.sessions = [];
+    tokenService.clearTokens();
+  }
+}
+
+// Export singleton instance
+export const sessionService = SessionService.getInstance();
+//# sourceMappingURL=SessionService.js.map

package/lib/module/core/services/SessionService.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["tokenService","SessionService","oxyServices","activeSession","sessions","constructor","getInstance","instance","initialize","getActiveSession","getAllSessions","createSession","publicKey","Error","refreshSession","refreshTokenIfNeeded","validateSession","Date","expiresAt","token","getAccessToken","invalidateSession","makeRequest","sessionId","undefined","cache","error","console","warn","clearTokens","filter","s","setActiveSession","session","existingIndex","findIndex","push","clearAllSessions","sessionService"],"sourceRoot":"../../../../src","sources":["core/services/SessionService.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAGA,SAASA,YAAY,QAAQ,gBAAgB;AAc7C;AACA;AACA;AACA,MAAMC,cAAc,CAAC;EAEXC,WAAW,GAAuB,IAAI;EACtCC,aAAa,GAAmB,IAAI;EACpCC,QAAQ,GAAc,EAAE;EAExBC,WAAWA,CAAA,EAAG,CAAC;EAEvB,OAAOC,WAAWA,CAAA,EAAmB;IACnC,IAAI,CAACL,cAAc,CAACM,QAAQ,EAAE;MAC5BN,cAAc,CAACM,QAAQ,GAAG,IAAIN,cAAc,CAAC,CAAC;IAChD;IACA,OAAOA,cAAc,CAACM,QAAQ;EAChC;;EAEA;AACF;AACA;EACEC,UAAUA,CAACN,WAAwB,EAAQ;IACzC,IAAI,CAACA,WAAW,GAAGA,WAAW;EAChC;;EAEA;AACF;AACA;EACEO,gBAAgBA,CAAA,EAAmB;IACjC,OAAO,IAAI,CAACN,aAAa;EAC3B;;EAEA;AACF;AACA;EACEO,cAAcA,CAAA,EAAc;IAC1B,OAAO,CAAC,GAAG,IAAI,CAACN,QAAQ,CAAC;EAC3B;;EAEA;AACF;AACA;AACA;AACA;EACE,MAAMO,aAAaA,CAACC,SAAiB,EAA6C;IAChF,IAAI,CAAC,IAAI,CAACV,WAAW,EAAE;MACrB,MAAM,IAAIW,KAAK,CAAC,iDAAiD,CAAC;IACpE;;IAEA;IACA;IACA,MAAM,IAAIA,KAAK,CAAC,6EAA6E,CAAC;EAChG;;EAEA;AACF;AACA;EACE,MAAMC,cAAcA,CAAA,EAAqB;IACvC,IAAI,CAAC,IAAI,CAACX,aAAa,EAAE;MACvB,MAAM,IAAIU,KAAK,CAAC,8BAA8B,CAAC;IACjD;;IAEA;IACA,MAAMb,YAAY,CAACe,oBAAoB,CAAC,CAAC;;IAEzC;IACA;IACA,OAAO,IAAI,CAACZ,aAAa;EAC3B;;EAEA;AACF;AACA;EACE,MAAMa,eAAeA,CAAA,EAAqB;IACxC,IAAI,CAAC,IAAI,CAACb,aAAa,EAAE;MACvB,OAAO,KAAK;IACd;;IAEA;IACA,IAAI,IAAIc,IAAI,CAAC,IAAI,CAACd,aAAa,CAACe,SAAS,CAAC,GAAG,IAAID,IAAI,CAAC,CAAC,EAAE;MACvD,OAAO,KAAK;IACd;;IAEA;IACA,MAAME,KAAK,GAAGnB,YAAY,CAACoB,cAAc,CAAC,CAAC;IAC3C,IAAI,CAACD,KAAK,EAAE;MACV,OAAO,KAAK;IACd;;IAEA;IACA,OAAO,IAAI;EACb;;EAEA;AACF;AACA;EACE,MAAME,iBAAiBA,CAAA,EAAkB;IACvC,IAAI,CAAC,IAAI,CAAClB,aAAa,IAAI,CAAC,IAAI,CAACD,WAAW,EAAE;MAC5C;IACF;IAEA,IAAI;MACF;MACA,MAAM,IAAI,CAACA,WAAW,CAACoB,WAAW,CAAC,MAAM,EAAE,gBAAgB,IAAI,CAACnB,aAAa,CAACoB,SAAS,SAAS,EAAEC,SAAS,EAAE;QAAEC,KAAK,EAAE;MAAM,CAAC,CAAC;IAChI,CAAC,CAAC,OAAOC,KAAK,EAAE;MACd;MACAC,OAAO,CAACC,IAAI,CAAC,yCAAyC,EAAEF,KAAK,CAAC;IAChE;;IAEA;IACA1B,YAAY,CAAC6B,WAAW,CAAC,CAAC;;IAE1B;IACA,IAAI,CAAC1B,aAAa,GAAG,IAAI;IACzB,IAAI,CAACC,QAAQ,GAAG,IAAI,CAACA,QAAQ,CAAC0B,MAAM,CAACC,CAAC,IAAIA,CAAC,CAACR,SAAS,KAAK,IAAI,CAACpB,aAAa,EAAEoB,SAAS,CAAC;EAC1F;;EAEA;AACF;AACA;EACES,gBAAgBA,CAACC,OAAgB,EAAQ;IACvC,IAAI,CAAC9B,aAAa,GAAG8B,OAAO;;IAE5B;IACA,MAAMC,aAAa,GAAG,IAAI,CAAC9B,QAAQ,CAAC+B,SAAS,CAACJ,CAAC,IAAIA,CAAC,CAACR,SAAS,KAAKU,OAAO,CAACV,SAAS,CAAC;IACrF,IAAIW,aAAa,IAAI,CAAC,EAAE;MACtB,IAAI,CAAC9B,QAAQ,CAAC8B,aAAa,CAAC,GAAGD,OAAO;IACxC,CAAC,MAAM;MACL,IAAI,CAAC7B,QAAQ,CAACgC,IAAI,CAACH,OAAO,CAAC;IAC7B;EACF;;EAEA;AACF;AACA;EACEI,gBAAgBA,CAAA,EAAS;IACvB,IAAI,CAAClC,aAAa,GAAG,IAAI;IACzB,IAAI,CAACC,QAAQ,GAAG,EAAE;IAClBJ,YAAY,CAAC6B,WAAW,CAAC,CAAC;EAC5B;AACF;;AAEA;AACA,OAAO,MAAMS,cAAc,GAAGrC,cAAc,CAACK,WAAW,CAAC,CAAC","ignoreList":[]}

package/lib/module/core/services/TokenService.js

@@ -0,0 +1,203 @@
+"use strict";
+
+/**
+ * TokenService - Single Source of Truth for Token Management
+ * 
+ * Handles all token storage, retrieval, refresh, and validation.
+ * Used by HttpService, SocketService, and other services that need tokens.
+ * 
+ * Architecture:
+ * - Single storage location (no duplication)
+ * - Automatic token refresh when expiring soon
+ * - Type-safe token payload handling
+ * - userId is always MongoDB ObjectId, never publicKey
+ */
+
+import { jwtDecode } from 'jwt-decode';
+
+/**
+ * AccessTokenPayload - Matches the token payload structure from API
+ * userId is always MongoDB ObjectId (24 hex characters), never publicKey
+ */
+
+/**
+ * TokenService - Singleton pattern for global token management
+ */
+class TokenService {
+  tokenStore = {
+    accessToken: null,
+    refreshToken: null
+  };
+  refreshPromise = null;
+  baseURL = null;
+  constructor() {}
+  static getInstance() {
+    if (!TokenService.instance) {
+      TokenService.instance = new TokenService();
+    }
+    return TokenService.instance;
+  }
+
+  /**
+   * Initialize TokenService with base URL for refresh requests
+   */
+  initialize(baseURL) {
+    this.baseURL = baseURL;
+  }
+
+  /**
+   * Get current access token
+   */
+  getAccessToken() {
+    return this.tokenStore.accessToken;
+  }
+
+  /**
+   * Get current refresh token
+   */
+  getRefreshToken() {
+    return this.tokenStore.refreshToken;
+  }
+
+  /**
+   * Set tokens (called after login or token refresh)
+   */
+  setTokens(accessToken, refreshToken = '') {
+    this.tokenStore.accessToken = accessToken;
+    this.tokenStore.refreshToken = refreshToken || this.tokenStore.refreshToken;
+  }
+
+  /**
+   * Clear all tokens (called on logout)
+   */
+  clearTokens() {
+    this.tokenStore.accessToken = null;
+    this.tokenStore.refreshToken = null;
+    this.refreshPromise = null;
+  }
+
+  /**
+   * Check if access token exists
+   */
+  hasAccessToken() {
+    return !!this.tokenStore.accessToken;
+  }
+
+  /**
+   * Check if token is expiring soon (within 60 seconds)
+   */
+  isTokenExpiringSoon() {
+    const token = this.tokenStore.accessToken;
+    if (!token) return false;
+    try {
+      const decoded = jwtDecode(token);
+      if (!decoded.exp) return false;
+      const currentTime = Math.floor(Date.now() / 1000);
+      return decoded.exp - currentTime < 60; // Expiring within 60 seconds
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Get userId from current access token
+   * Returns MongoDB ObjectId (never publicKey)
+   */
+  getUserIdFromToken() {
+    const token = this.tokenStore.accessToken;
+    if (!token) return null;
+    try {
+      const decoded = jwtDecode(token);
+      return decoded.userId || null;
+    } catch {
+      return null;
+    }
+  }
+
+  /**
+   * Refresh access token if expiring soon
+   * Returns promise that resolves when token is refreshed (or already valid)
+   */
+  async refreshTokenIfNeeded() {
+    // If already refreshing, wait for that promise
+    if (this.refreshPromise) {
+      return this.refreshPromise;
+    }
+
+    // If token not expiring soon, no refresh needed
+    if (!this.isTokenExpiringSoon()) {
+      return;
+    }
+
+    // Start refresh
+    this.refreshPromise = this._performRefresh();
+    try {
+      await this.refreshPromise;
+    } finally {
+      this.refreshPromise = null;
+    }
+  }
+
+  /**
+   * Perform token refresh
+   */
+  async _performRefresh() {
+    const token = this.tokenStore.accessToken;
+    if (!token) {
+      throw new Error('No access token to refresh');
+    }
+    try {
+      const decoded = jwtDecode(token);
+      if (!decoded.sessionId) {
+        throw new Error('Token missing sessionId');
+      }
+      if (!this.baseURL) {
+        throw new Error('TokenService not initialized with baseURL');
+      }
+      const refreshUrl = `${this.baseURL}/api/session/token/${decoded.sessionId}`;
+      const response = await fetch(refreshUrl, {
+        method: 'GET',
+        headers: {
+          'Accept': 'application/json'
+        },
+        signal: AbortSignal.timeout(5000)
+      });
+      if (!response.ok) {
+        throw new Error(`Token refresh failed: ${response.status}`);
+      }
+      const {
+        accessToken: newToken
+      } = await response.json();
+      if (!newToken) {
+        throw new Error('No access token in refresh response');
+      }
+
+      // Validate new token has correct userId format (ObjectId)
+      const newDecoded = jwtDecode(newToken);
+      if (newDecoded.userId && !/^[0-9a-fA-F]{24}$/.test(newDecoded.userId)) {
+        throw new Error(`Invalid userId format in refreshed token: ${newDecoded.userId.substring(0, 20)}...`);
+      }
+      this.setTokens(newToken);
+    } catch (error) {
+      // Clear tokens on refresh failure (likely expired or invalid)
+      this.clearTokens();
+      throw error;
+    }
+  }
+
+  /**
+   * Get authorization header with automatic refresh
+   */
+  async getAuthHeader() {
+    // Refresh if needed
+    await this.refreshTokenIfNeeded().catch(() => {
+      // Ignore refresh errors, will use current token or return null
+    });
+    const token = this.tokenStore.accessToken;
+    return token ? `Bearer ${token}` : null;
+  }
+}
+
+// Export singleton instance
+export const tokenService = TokenService.getInstance();
+//# sourceMappingURL=TokenService.js.map

package/lib/module/core/services/TokenService.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["jwtDecode","TokenService","tokenStore","accessToken","refreshToken","refreshPromise","baseURL","constructor","getInstance","instance","initialize","getAccessToken","getRefreshToken","setTokens","clearTokens","hasAccessToken","isTokenExpiringSoon","token","decoded","exp","currentTime","Math","floor","Date","now","getUserIdFromToken","userId","refreshTokenIfNeeded","_performRefresh","Error","sessionId","refreshUrl","response","fetch","method","headers","signal","AbortSignal","timeout","ok","status","newToken","json","newDecoded","test","substring","error","getAuthHeader","catch","tokenService"],"sourceRoot":"../../../../src","sources":["core/services/TokenService.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,SAAS,QAAQ,YAAY;;AAEtC;AACA;AACA;AACA;;AAeA;AACA;AACA;AACA,MAAMC,YAAY,CAAC;EAETC,UAAU,GAAe;IAC/BC,WAAW,EAAE,IAAI;IACjBC,YAAY,EAAE;EAChB,CAAC;EACOC,cAAc,GAAyB,IAAI;EAC3CC,OAAO,GAAkB,IAAI;EAE7BC,WAAWA,CAAA,EAAG,CAAC;EAEvB,OAAOC,WAAWA,CAAA,EAAiB;IACjC,IAAI,CAACP,YAAY,CAACQ,QAAQ,EAAE;MAC1BR,YAAY,CAACQ,QAAQ,GAAG,IAAIR,YAAY,CAAC,CAAC;IAC5C;IACA,OAAOA,YAAY,CAACQ,QAAQ;EAC9B;;EAEA;AACF;AACA;EACEC,UAAUA,CAACJ,OAAe,EAAQ;IAChC,IAAI,CAACA,OAAO,GAAGA,OAAO;EACxB;;EAEA;AACF;AACA;EACEK,cAAcA,CAAA,EAAkB;IAC9B,OAAO,IAAI,CAACT,UAAU,CAACC,WAAW;EACpC;;EAEA;AACF;AACA;EACES,eAAeA,CAAA,EAAkB;IAC/B,OAAO,IAAI,CAACV,UAAU,CAACE,YAAY;EACrC;;EAEA;AACF;AACA;EACES,SAASA,CAACV,WAAmB,EAAEC,YAAoB,GAAG,EAAE,EAAQ;IAC9D,IAAI,CAACF,UAAU,CAACC,WAAW,GAAGA,WAAW;IACzC,IAAI,CAACD,UAAU,CAACE,YAAY,GAAGA,YAAY,IAAI,IAAI,CAACF,UAAU,CAACE,YAAY;EAC7E;;EAEA;AACF;AACA;EACEU,WAAWA,CAAA,EAAS;IAClB,IAAI,CAACZ,UAAU,CAACC,WAAW,GAAG,IAAI;IAClC,IAAI,CAACD,UAAU,CAACE,YAAY,GAAG,IAAI;IACnC,IAAI,CAACC,cAAc,GAAG,IAAI;EAC5B;;EAEA;AACF;AACA;EACEU,cAAcA,CAAA,EAAY;IACxB,OAAO,CAAC,CAAC,IAAI,CAACb,UAAU,CAACC,WAAW;EACtC;;EAEA;AACF;AACA;EACEa,mBAAmBA,CAAA,EAAY;IAC7B,MAAMC,KAAK,GAAG,IAAI,CAACf,UAAU,CAACC,WAAW;IACzC,IAAI,CAACc,KAAK,EAAE,OAAO,KAAK;IAExB,IAAI;MACF,MAAMC,OAAO,GAAGlB,SAAS,CAAqBiB,KAAK,CAAC;MACpD,IAAI,CAACC,OAAO,CAACC,GAAG,EAAE,OAAO,KAAK;MAE9B,MAAMC,WAAW,GAAGC,IAAI,CAACC,KAAK,CAACC,IAAI,CAACC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;MACjD,OAAON,OAAO,CAACC,GAAG,GAAGC,WAAW,GAAG,EAAE,CAAC,CAAC;IACzC,CAAC,CAAC,MAAM;MACN,OAAO,KAAK;IACd;EACF;;EAEA;AACF;AACA;AACA;EACEK,kBAAkBA,CAAA,EAAkB;IAClC,MAAMR,KAAK,GAAG,IAAI,CAACf,UAAU,CAACC,WAAW;IACzC,IAAI,CAACc,KAAK,EAAE,OAAO,IAAI;IAEvB,IAAI;MACF,MAAMC,OAAO,GAAGlB,SAAS,CAAqBiB,KAAK,CAAC;MACpD,OAAOC,OAAO,CAACQ,MAAM,IAAI,IAAI;IAC/B,CAAC,CAAC,MAAM;MACN,OAAO,IAAI;IACb;EACF;;EAEA;AACF;AACA;AACA;EACE,MAAMC,oBAAoBA,CAAA,EAAkB;IAC1C;IACA,IAAI,IAAI,CAACtB,cAAc,EAAE;MACvB,OAAO,IAAI,CAACA,cAAc;IAC5B;;IAEA;IACA,IAAI,CAAC,IAAI,CAACW,mBAAmB,CAAC,CAAC,EAAE;MAC/B;IACF;;IAEA;IACA,IAAI,CAACX,cAAc,GAAG,IAAI,CAACuB,eAAe,CAAC,CAAC;IAE5C,IAAI;MACF,MAAM,IAAI,CAACvB,cAAc;IAC3B,CAAC,SAAS;MACR,IAAI,CAACA,cAAc,GAAG,IAAI;IAC5B;EACF;;EAEA;AACF;AACA;EACE,MAAcuB,eAAeA,CAAA,EAAkB;IAC7C,MAAMX,KAAK,GAAG,IAAI,CAACf,UAAU,CAACC,WAAW;IACzC,IAAI,CAACc,KAAK,EAAE;MACV,MAAM,IAAIY,KAAK,CAAC,4BAA4B,CAAC;IAC/C;IAEA,IAAI;MACF,MAAMX,OAAO,GAAGlB,SAAS,CAAqBiB,KAAK,CAAC;MACpD,IAAI,CAACC,OAAO,CAACY,SAAS,EAAE;QACtB,MAAM,IAAID,KAAK,CAAC,yBAAyB,CAAC;MAC5C;MAEA,IAAI,CAAC,IAAI,CAACvB,OAAO,EAAE;QACjB,MAAM,IAAIuB,KAAK,CAAC,2CAA2C,CAAC;MAC9D;MAEA,MAAME,UAAU,GAAG,GAAG,IAAI,CAACzB,OAAO,sBAAsBY,OAAO,CAACY,SAAS,EAAE;MAE3E,MAAME,QAAQ,GAAG,MAAMC,KAAK,CAACF,UAAU,EAAE;QACvCG,MAAM,EAAE,KAAK;QACbC,OAAO,EAAE;UAAE,QAAQ,EAAE;QAAmB,CAAC;QACzCC,MAAM,EAAEC,WAAW,CAACC,OAAO,CAAC,IAAI;MAClC,CAAC,CAAC;MAEF,IAAI,CAACN,QAAQ,CAACO,EAAE,EAAE;QAChB,MAAM,IAAIV,KAAK,CAAC,yBAAyBG,QAAQ,CAACQ,MAAM,EAAE,CAAC;MAC7D;MAEA,MAAM;QAAErC,WAAW,EAAEsC;MAAS,CAAC,GAAG,MAAMT,QAAQ,CAACU,IAAI,CAAC,CAAC;MAEvD,IAAI,CAACD,QAAQ,EAAE;QACb,MAAM,IAAIZ,KAAK,CAAC,qCAAqC,CAAC;MACxD;;MAEA;MACA,MAAMc,UAAU,GAAG3C,SAAS,CAAqByC,QAAQ,CAAC;MAC1D,IAAIE,UAAU,CAACjB,MAAM,IAAI,CAAC,mBAAmB,CAACkB,IAAI,CAACD,UAAU,CAACjB,MAAM,CAAC,EAAE;QACrE,MAAM,IAAIG,KAAK,CAAC,6CAA6Cc,UAAU,CAACjB,MAAM,CAACmB,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC;MACvG;MAEA,IAAI,CAAChC,SAAS,CAAC4B,QAAQ,CAAC;IAC1B,CAAC,CAAC,OAAOK,KAAK,EAAE;MACd;MACA,IAAI,CAAChC,WAAW,CAAC,CAAC;MAClB,MAAMgC,KAAK;IACb;EACF;;EAEA;AACF;AACA;EACE,MAAMC,aAAaA,CAAA,EAA2B;IAC5C;IACA,MAAM,IAAI,CAACpB,oBAAoB,CAAC,CAAC,CAACqB,KAAK,CAAC,MAAM;MAC5C;IAAA,CACD,CAAC;IAEF,MAAM/B,KAAK,GAAG,IAAI,CAACf,UAAU,CAACC,WAAW;IACzC,OAAOc,KAAK,GAAG,UAAUA,KAAK,EAAE,GAAG,IAAI;EACzC;AACF;;AAEA;AACA,OAAO,MAAMgC,YAAY,GAAGhD,YAAY,CAACO,WAAW,CAAC,CAAC","ignoreList":[]}

package/lib/module/models/interfaces.js

@@ -1,5 +1,20 @@
 "use strict";
 
+/**
+ * User Model
+ * 
+ * IMPORTANT: 
+ * - id: MongoDB ObjectId (24 hex characters) - PRIMARY IDENTIFIER for all internal operations
+ * - publicKey: Cryptographic public key (130 hex characters) - LOOKUP KEY for authentication and identity operations
+ * 
+ * Never use publicKey as an ID. Always use id (ObjectId) for:
+ * - Database queries
+ * - Session userId
+ * - Token userId
+ * - Socket room names
+ * - API route parameters (unless explicitly doing publicKey lookup)
+ */
+
 /**
  * File management interfaces
  */

package/lib/module/models/interfaces.js.map

@@ -1 +1 @@
-{"version":3,"names":["SECURITY_EVENT_SEVERITY_MAP"],"sourceRoot":"../../../src","sources":["models/interfaces.ts"],"mappings":";;AAyNA;AACA;AACA;;AAmDA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAuGA;AACA;AACA;;AAqBA;AACA;AACA;;AAcA;AACA;AACA;;AAGA;AACA;AACA;AACA;AACA,OAAO,MAAMA,2BAA6E,GAAG;EAC3F,SAAS,EAAE,KAAK;EAChB,UAAU,EAAE,KAAK;EACjB,iBAAiB,EAAE,KAAK;EACxB,eAAe,EAAE,QAAQ;EACzB,cAAc,EAAE,QAAQ;EACxB,gBAAgB,EAAE,QAAQ;EAC1B,2BAA2B,EAAE,QAAQ;EACrC,kBAAkB,EAAE,MAAM;EAC1B,sBAAsB,EAAE,MAAM;EAC9B,gBAAgB,EAAE,MAAM;EACxB,qBAAqB,EAAE;AACzB,CAAC;;AAED;AACA;AACA;;AAeA;AACA;AACA;;AAkBA","ignoreList":[]}
+{"version":3,"names":["SECURITY_EVENT_SEVERITY_MAP"],"sourceRoot":"../../../src","sources":["models/interfaces.ts"],"mappings":";;AAuBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmMA;AACA;AACA;;AAmDA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAuGA;AACA;AACA;;AAqBA;AACA;AACA;;AAcA;AACA;AACA;;AAGA;AACA;AACA;AACA;AACA,OAAO,MAAMA,2BAA6E,GAAG;EAC3F,SAAS,EAAE,KAAK;EAChB,UAAU,EAAE,KAAK;EACjB,iBAAiB,EAAE,KAAK;EACxB,eAAe,EAAE,QAAQ;EACzB,cAAc,EAAE,QAAQ;EACxB,gBAAgB,EAAE,QAAQ;EAC1B,2BAA2B,EAAE,QAAQ;EACrC,kBAAkB,EAAE,MAAM;EAC1B,sBAAsB,EAAE,MAAM;EAC9B,gBAAgB,EAAE,MAAM;EACxB,qBAAqB,EAAE;AACzB,CAAC;;AAED;AACA;AACA;;AAeA;AACA;AACA;;AAkBA","ignoreList":[]}

package/lib/module/ui/context/OxyContext.js

@@ -507,7 +507,11 @@ export const OxyProvider = ({
   }, [restoreSessionsFromStorage, storage]);
   const activeSession = activeSessionId ? sessions.find(session => session.sessionId === activeSessionId) : undefined;
   const currentDeviceId = activeSession?.deviceId ?? null;
-  const userId = user?.id;
+
+  // Get userId from JWT token (MongoDB ObjectId) for socket room matching
+  // user.id is set to publicKey for compatibility, but socket rooms use MongoDB ObjectId
+  // The JWT token's userId field contains the MongoDB ObjectId
+  const userId = oxyServices.getCurrentUserId() || user?.id;
 
   // Store transfer codes in memory for verification
   // Map: transferId -> { code, sourceDeviceId, publicKey, timestamp }
@@ -569,30 +573,47 @@ export const OxyProvider = ({
     logout().catch(remoteError => logger('Failed to process remote sign out', remoteError));
   }, [logger, logout]);
   const handleIdentityTransferComplete = useCallback(async data => {
+    if (__DEV__) {
+      console.log('[OxyContext] handleIdentityTransferComplete called', {
+        transferId: data.transferId,
+        sourceDeviceId: data.sourceDeviceId,
+        currentDeviceId,
+        hasActiveSession: activeSessionId !== null
+      });
+    }
     try {
+      logger('Received identity transfer complete notification', {
+        transferId: data.transferId,
+        sourceDeviceId: data.sourceDeviceId,
+        currentDeviceId,
+        hasActiveSession: activeSessionId !== null,
+        publicKey: data.publicKey.substring(0, 16) + '...'
+      });
+
       // Get stored transfer code for verification
       const storedTransfer = getTransferCode(data.transferId);
       if (!storedTransfer) {
+        if (__DEV__) {
+          console.warn('[OxyContext] Transfer code not found for transferId', {
+            transferId: data.transferId
+          });
+        }
         logger('Transfer code not found for transferId', {
           transferId: data.transferId
         });
         toast.error('Transfer verification failed: Code not found. Identity will not be deleted.');
         return;
       }
-
-      // Verify deviceId matches (or session exists as fallback)
-      const deviceIdMatches = data.sourceDeviceId && (data.sourceDeviceId === currentDeviceId || currentDeviceId === null && activeSessionId !== null);
-      if (!deviceIdMatches) {
-        logger('Device ID mismatch for transfer', {
+      if (__DEV__) {
+        console.log('[OxyContext] Found stored transfer code', {
           transferId: data.transferId,
-          receivedDeviceId: data.sourceDeviceId,
+          storedSourceDeviceId: storedTransfer.sourceDeviceId,
+          receivedSourceDeviceId: data.sourceDeviceId,
           currentDeviceId
         });
-        toast.error('Transfer verification failed: Device mismatch. Identity will not be deleted.');
-        return;
       }
 
-      // Verify publicKey matches
+      // Verify publicKey matches first (most important check)
       const publicKeyMatches = data.publicKey === storedTransfer.publicKey;
       if (!publicKeyMatches) {
         logger('Public key mismatch for transfer', {
@@ -604,21 +625,53 @@ export const OxyProvider = ({
         return;
       }
 
+      // Verify deviceId matches - very lenient since publicKey is the critical check
+      // If publicKey matches, we allow deletion even if deviceId doesn't match exactly
+      // This handles cases where deviceId might not be available or slightly different
+      const deviceIdMatches =
+      // Exact match
+      data.sourceDeviceId && data.sourceDeviceId === currentDeviceId ||
+      // Stored sourceDeviceId matches current deviceId
+      storedTransfer.sourceDeviceId && storedTransfer.sourceDeviceId === currentDeviceId;
+
+      // If publicKey matches, we're very lenient with deviceId - only warn but don't block
+      if (!deviceIdMatches && publicKeyMatches) {
+        logger('Device ID mismatch for transfer, but publicKey matches - proceeding with deletion', {
+          transferId: data.transferId,
+          receivedDeviceId: data.sourceDeviceId,
+          storedDeviceId: storedTransfer.sourceDeviceId,
+          currentDeviceId,
+          hasActiveSession: activeSessionId !== null
+        });
+        // Proceed with deletion - publicKey match is the critical verification
+      } else if (!deviceIdMatches && !publicKeyMatches) {
+        // Both don't match - this is suspicious, block deletion
+        logger('Device ID and publicKey mismatch for transfer', {
+          transferId: data.transferId,
+          receivedDeviceId: data.sourceDeviceId,
+          currentDeviceId
+        });
+        toast.error('Transfer verification failed: Device and key mismatch. Identity will not be deleted.');
+        return;
+      }
+
       // Verify transfer code matches (if provided)
+      // Transfer code is optional - if not provided, we still proceed if publicKey matches
       if (data.transferCode) {
         const codeMatches = data.transferCode.toUpperCase() === storedTransfer.code.toUpperCase();
         if (!codeMatches) {
-          logger('Transfer code mismatch', {
+          logger('Transfer code mismatch, but publicKey matches - proceeding with deletion', {
             transferId: data.transferId,
-            receivedCode: data.transferCode
+            receivedCode: data.transferCode,
+            storedCode: storedTransfer.code.substring(0, 2) + '****'
           });
-          toast.error('Transfer verification failed: Code mismatch. Identity will not be deleted.');
-          return;
+          // Don't block - publicKey match is sufficient, code mismatch might be due to user error
+          // Log warning but proceed
         }
       } else {
-        // If transfer code is not provided, log warning but still proceed (for backward compatibility)
+        // If transfer code is not provided, log info but proceed
         if (__DEV__) {
-          logger('Transfer code not provided in completion notification', {
+          logger('Transfer code not provided in completion notification, but publicKey matches - proceeding', {
             transferId: data.transferId
           });
         }
@@ -630,7 +683,8 @@ export const OxyProvider = ({
       if (transferAge > tenMinutes) {
         logger('Transfer confirmation received too late', {
           transferId: data.transferId,
-          age: transferAge
+          age: transferAge,
+          ageMinutes: Math.round(transferAge / 60000)
         });
         toast.error('Transfer verification failed: Confirmation received too late. Identity will not be deleted.');
         clearTransferCode(data.transferId);
@@ -638,15 +692,37 @@ export const OxyProvider = ({
       }
 
       // All verifications passed - automatically delete identity
+      if (__DEV__) {
+        console.log('[OxyContext] All verifications passed, deleting identity', {
+          transferId: data.transferId,
+          sourceDeviceId: data.sourceDeviceId,
+          currentDeviceId
+        });
+      }
       logger('All transfer verifications passed, deleting identity from source device', {
         transferId: data.transferId,
-        sourceDeviceId: data.sourceDeviceId
+        sourceDeviceId: data.sourceDeviceId,
+        publicKey: data.publicKey.substring(0, 16) + '...'
       });
-      await deleteIdentityAndClearAccount(false, false, true);
+      try {
+        await deleteIdentityAndClearAccount(false, false, true);
+        if (__DEV__) {
+          console.log('[OxyContext] Identity deleted successfully');
+        }
 
-      // Clear the transfer code after successful deletion
-      clearTransferCode(data.transferId);
-      toast.success('Identity successfully transferred and removed from this device');
+        // Clear the transfer code after successful deletion
+        clearTransferCode(data.transferId);
+        logger('Identity successfully deleted and transfer code cleared', {
+          transferId: data.transferId
+        });
+        toast.success('Identity successfully transferred and removed from this device');
+      } catch (deleteError) {
+        if (__DEV__) {
+          console.error('[OxyContext] Error deleting identity', deleteError);
+        }
+        logger('Error during identity deletion', deleteError);
+        throw deleteError; // Re-throw to be caught by outer catch
+      }
     } catch (error) {
       logger('Failed to delete identity after transfer', error);
       toast.error(error?.message || 'Failed to remove identity from this device. Please try again manually from Security Settings.');
@@ -660,6 +736,8 @@ export const OxyProvider = ({
     logout,
     clearSessionState,
     baseURL: oxyServices.getBaseURL(),
+    getAccessToken: () => oxyServices.getAccessToken(),
+    getTransferCode: getTransferCode,
     onRemoteSignOut: handleRemoteSignOut,
     onSessionRemoved: handleSessionRemoved,
     onIdentityTransferComplete: handleIdentityTransferComplete