@oxyhq/services 5.16.33 → 5.16.34

package/src/ui/context/hooks/useAuthOperations.ts

@@ -1,5 +1,6 @@
 import { useCallback } from 'react';
-import type { ApiError, User } from '../../../models/interfaces';
+import type { ApiError } from '../../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import type { AuthState } from '../../stores/authStore';
 import type { ClientSession, SessionLoginResponse } from '../../../models/session';
 import { DeviceManager } from '../../../utils/deviceManager';
@@ -102,51 +103,26 @@ export const useAuthOperations = ({
         const challengeResponse = await oxyServices.requestChallenge(publicKey);
         challenge = challengeResponse.challenge;
       } catch (error) {
-        // Check if user is not registered - auto-register and retry
-        const errorCode = (error as any)?.code;
-        const errorStatus = (error as any)?.status;
+        // Network error - generate challenge locally for offline sign-in
         const errorMessage = error instanceof Error ? error.message : String(error);
-        
-        if (errorCode === 'USER_NOT_REGISTERED' || (errorStatus === 404 && errorMessage.includes('not registered'))) {
+        const isNetworkError = 
+          errorMessage.includes('Network') ||
+          errorMessage.includes('network') ||
+          errorMessage.includes('Failed to fetch') ||
+          errorMessage.includes('fetch failed') ||
+          (error as any)?.code === 'NETWORK_ERROR' ||
+          (error as any)?.status === 0;
+
+        if (isNetworkError) {
           if (__DEV__ && logger) {
-            logger('User not registered, auto-registering before sign-in');
-          }
-          try {
-            // Auto-register the user
-            const { signature, timestamp } = await SignatureService.createRegistrationSignature();
-            await oxyServices.register(publicKey, signature, timestamp);
-            
-            // Retry requesting challenge after registration
-            const challengeResponse = await oxyServices.requestChallenge(publicKey);
-            challenge = challengeResponse.challenge;
-          } catch (registerError) {
-            // If registration fails, re-throw the original error
-            if (__DEV__ && logger) {
-              logger('Auto-registration failed:', registerError);
-            }
-            throw error; // Re-throw original "not registered" error
+            logger('Network unavailable, performing offline sign-in');
           }
+          // Generate challenge locally
+          challenge = await SignatureService.generateChallenge();
+          isOffline = true;
         } else {
-          // Network error - generate challenge locally for offline sign-in
-          const isNetworkError = 
-            errorMessage.includes('Network') ||
-            errorMessage.includes('network') ||
-            errorMessage.includes('Failed to fetch') ||
-            errorMessage.includes('fetch failed') ||
-            (error as any)?.code === 'NETWORK_ERROR' ||
-            errorStatus === 0;
-
-          if (isNetworkError) {
-            if (__DEV__ && logger) {
-              logger('Network unavailable, performing offline sign-in');
-            }
-            // Generate challenge locally
-            challenge = await SignatureService.generateChallenge();
-            isOffline = true;
-          } else {
-            // Re-throw non-network errors
-            throw error;
-          }
+          // Re-throw non-network errors
+          throw error;
         }
       }
 
@@ -171,9 +147,9 @@ export const useAuthOperations = ({
         const localDeviceId = `device_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
         const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString(); // 7 days
 
-        // Create minimal user object with publicKey as id (canonical identity)
+        // Create minimal user object with publicKey as id
         fullUser = {
-          id: publicKey, // publicKey is the canonical user identity
+          id: publicKey, // Use publicKey as id (per migration document)
           publicKey,
           username: '',
           privacySettings: {},
@@ -195,7 +171,7 @@ export const useAuthOperations = ({
           deviceId: localDeviceId,
           expiresAt,
           lastActive: new Date().toISOString(),
-          publicKey, // Canonical user identity
+          userId: publicKey,
           isCurrent: true,
         };
 
@@ -229,10 +205,17 @@ export const useAuthOperations = ({
         // Get full user data
         fullUser = await oxyServices.getUserBySession(sessionResponse.sessionId);
         
-        // user.id is now publicKey (canonical identity) - this is correct
-        // Ensure publicKey field is set for consistency
-        if (!fullUser.publicKey && fullUser.id) {
-          fullUser.publicKey = fullUser.id;
+        // IMPORTANT: user.id should be MongoDB ObjectId, not publicKey
+        // The API should return the correct id (ObjectId) from the database
+        // If it doesn't, we need to fix the API, not work around it here
+        // Validate that id is ObjectId format (24 hex characters)
+        if (fullUser.id && !/^[0-9a-fA-F]{24}$/.test(fullUser.id)) {
+          console.warn('[useAuthOperations] User.id is not MongoDB ObjectId format:', {
+            id: fullUser.id.substring(0, 20),
+            publicKey: fullUser.publicKey.substring(0, 20),
+            message: 'API should return MongoDB ObjectId as user.id, not publicKey'
+          });
+          // Don't override - let the API fix this issue
         }
 
         // Fetch device sessions
@@ -240,8 +223,7 @@ export const useAuthOperations = ({
         try {
           allDeviceSessions = await fetchSessionsWithFallback(oxyServices, sessionResponse.sessionId, {
             fallbackDeviceId: sessionResponse.deviceId,
-            fallbackUserId: fullUser.id, // Still pass for backward compatibility
-            fallbackPublicKey: fullUser.publicKey || fullUser.id, // publicKey is canonical identity
+            fallbackUserId: fullUser.id,
             logger,
           });
         } catch (error) {
@@ -311,13 +293,6 @@ export const useAuthOperations = ({
       setAuthState({ isLoading: true, error: null });
 
       try {
-        // SESSION CLEANUP: Clear all sessions before creating new identity
-        // New identity means old sessions are no longer valid
-        await clearSessionState();
-        if (__DEV__ && logger) {
-          logger('Cleared all sessions before creating new identity');
-        }
-
         // Generate new key pair directly (works offline)
         const { publicKey, privateKey } = await KeyManager.generateKeyPair();
         await KeyManager.importKeyPair(privateKey);
@@ -489,13 +464,6 @@ export const useAuthOperations = ({
       setAuthState({ isLoading: true, error: null });
 
       try {
-        // SESSION CLEANUP: Clear all sessions before importing new identity
-        // Importing a different identity means old sessions are no longer valid
-        await clearSessionState();
-        if (__DEV__ && logger) {
-          logger('Cleared all sessions before importing identity');
-        }
-
         // Decrypt private key from backup data
         const Crypto = await import('expo-crypto');
         

package/src/ui/context/hooks/useLanguageManagement.ts

@@ -1,5 +1,6 @@
 import { useCallback, useEffect, useMemo, useState } from 'react';
-import type { ApiError, User } from '../../../models/interfaces';
+import type { ApiError } from '../../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import {
   getLanguageMetadata,
   getLanguageName,

package/src/ui/hooks/auth/index.ts

@@ -4,5 +4,3 @@
 export { useUsernameValidation, USERNAME_MIN_LENGTH, USERNAME_REGEX, USERNAME_FORMAT_ERROR, USERNAME_DEBOUNCE_MS } from './useUsernameValidation';
 export type { UsernameValidationResult } from './useUsernameValidation';
 
-
-

package/src/ui/hooks/mutations/useAccountMutations.ts

@@ -1,5 +1,5 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import type { User } from '../../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import { queryKeys, invalidateAccountQueries, invalidateUserQueries } from '../queries/queryKeys';
 import { useOxy } from '../../context/OxyContext';
 import { toast } from '../../../lib/sonner';

package/src/ui/hooks/mutations/useServicesMutations.ts

@@ -1,5 +1,5 @@
 import { useMutation, useQueryClient } from '@tanstack/react-query';
-import type { User } from '../../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import { queryKeys, invalidateSessionQueries } from '../queries/queryKeys';
 import { useOxy } from '../../context/OxyContext';
 import { toast } from '../../../lib/sonner';

package/src/ui/hooks/queries/useAccountQueries.ts

@@ -1,5 +1,5 @@
 import { useQuery, useQueries } from '@tanstack/react-query';
-import type { User } from '../../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import type { OxyServices } from '../../../core';
 import { queryKeys } from './queryKeys';
 import { useOxy } from '../../context/OxyContext';

package/src/ui/hooks/queries/useServicesQueries.ts

@@ -8,7 +8,7 @@ import { fetchSessionsWithFallback, mapSessionsToClient } from '../../utils/sess
  * Get all active sessions for the current user
  */
 export const useSessions = (userId?: string, options?: { enabled?: boolean }) => {
-  const { oxyServices, activeSessionId, user } = useOxy();
+  const { oxyServices, activeSessionId } = useOxy();
 
   return useQuery({
     queryKey: queryKeys.sessions.list(userId),
@@ -17,14 +17,12 @@ export const useSessions = (userId?: string, options?: { enabled?: boolean }) =>
         throw new Error('No active session');
       }
       
-      const publicKey = user?.publicKey || user?.id || ''; // user.id is now publicKey
       const sessions = await fetchSessionsWithFallback(oxyServices, activeSessionId, {
         fallbackDeviceId: undefined,
         fallbackUserId: userId,
-        fallbackPublicKey: publicKey,
       });
       
-      return sessions; // Already mapped by fetchSessionsWithFallback
+      return mapSessionsToClient(sessions, activeSessionId);
     },
     enabled: (options?.enabled !== false) && !!activeSessionId,
     staleTime: 2 * 60 * 1000, // 2 minutes (sessions change frequently)
@@ -51,15 +49,12 @@ export const useSession = (sessionId: string | null, options?: { enabled?: boole
       }
 
       const now = new Date();
-      // user.id is now publicKey (canonical identity)
-      const publicKey = validation.user.publicKey || validation.user.id || '';
       return {
         sessionId,
         deviceId: '', // Device ID not available from validation response
         expiresAt: validation.expiresAt || new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000).toISOString(),
         lastActive: validation.lastActivity || now.toISOString(),
-        publicKey, // Canonical user identity
-        userId: validation.user.id?.toString(), // Optional MongoDB ObjectId
+        userId: validation.user.id?.toString() ?? '',
         isCurrent: false,
       } as ClientSession;
     },

package/src/ui/hooks/useLanguageManagement.ts

@@ -1,5 +1,6 @@
 import { useCallback, useEffect, useMemo, useState } from 'react';
-import type { ApiError, User } from '../../models/interfaces';
+import type { ApiError } from '../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import {
   getLanguageMetadata,
   getLanguageName,

package/src/ui/hooks/useSessionManagement.ts

@@ -1,5 +1,6 @@
 import { useCallback, useMemo, useRef, useState } from 'react';
-import type { ApiError, User } from '../../models/interfaces';
+import type { ApiError } from '../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import type { ClientSession } from '../../models/session';
 import { mergeSessions, normalizeAndSortSessions, sessionsArraysEqual } from '../../utils/sessionUtils';
 import { fetchSessionsWithFallback, mapSessionsToClient, validateSessionBatch } from '../utils/sessionHelpers';
@@ -255,10 +256,8 @@ export const useSessionManagement = ({
         await activateSession(sessionId, user);
 
         try {
-          const publicKey = user.publicKey || user.id || ''; // user.id is now publicKey
           const deviceSessions = await fetchSessionsWithFallback(oxyServices, sessionId, {
-            fallbackUserId: user.id, // Still pass for backward compatibility
-            fallbackPublicKey: publicKey,
+            fallbackUserId: user.id,
             logger,
           });
           updateSessions(deviceSessions, { merge: true });
@@ -332,13 +331,8 @@ export const useSessionManagement = ({
 
       const refreshPromise = (async () => {
         try {
-          // Get publicKey from active session or current user
-          const activeSession = sessions.find(s => s.sessionId === activeSessionId);
-          const publicKey = activeSession?.publicKey || activeUserId || ''; // Fallback to userId if publicKey not available
-          
           const deviceSessions = await fetchSessionsWithFallback(oxyServices, activeSessionId, {
             fallbackUserId: activeUserId,
-            fallbackPublicKey: publicKey,
             logger,
           });
           updateSessions(deviceSessions, { merge: true });

package/src/ui/index.ts

@@ -81,4 +81,5 @@ export {
 
 // Re-export core services for convenience in UI context
 export { OxyServices } from '../core';
-export type { User, LoginResponse, ApiError } from '../models/interfaces';
+// Note: User and LoginResponse should be imported from @oxyhq/shared
+export type { ApiError } from '../models/interfaces';

package/src/ui/screens/AccountSettingsScreen.tsx

@@ -233,7 +233,7 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
 
                 // Handle locations - convert single location to array format
                 if (finalUser.locations && Array.isArray(finalUser.locations)) {
-                    setLocations(finalUser.locations.map((loc, index) => ({
+                    setLocations(finalUser.locations.map((loc: any, index: number) => ({
                         id: loc.id || `existing-${index}`,
                         name: loc.name,
                         label: loc.label,
@@ -252,17 +252,17 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
 
                 // Handle links - simple and direct like other fields
                 if (finalUser.linksMetadata && Array.isArray(finalUser.linksMetadata)) {
-                    const urls = finalUser.linksMetadata.map(l => l.url);
+                    const urls = finalUser.linksMetadata.map((l: any) => l.url);
                     setLinks(urls);
-                    const metadataWithIds = finalUser.linksMetadata.map((link, index) => ({
+                    const metadataWithIds = finalUser.linksMetadata.map((link: any, index: number) => ({
                         ...link,
                         id: link.id || `existing-${index}`
                     }));
                     setLinksMetadata(metadataWithIds);
                 } else if (Array.isArray(finalUser.links)) {
-                    const simpleLinks = finalUser.links.map(l => typeof l === 'string' ? l : l.link).filter(Boolean);
+                    const simpleLinks = finalUser.links.map((l: any) => typeof l === 'string' ? l : l.link).filter(Boolean);
                     setLinks(simpleLinks);
-                    const linksWithMetadata = simpleLinks.map((url, index) => ({
+                    const linksWithMetadata = simpleLinks.map((url: string, index: number) => ({
                         url,
                         title: url.replace(/^https?:\/\//, '').replace(/\/$/, ''),
                         description: `Link to ${url}`,
@@ -553,7 +553,7 @@ const AccountSettingsScreen: React.FC<BaseScreenProps & { initialField?: string;
             }
 
             if (currentUser.linksMetadata && Array.isArray(currentUser.linksMetadata)) {
-                setLinksMetadata(currentUser.linksMetadata.map((link, index) => ({
+                setLinksMetadata(currentUser.linksMetadata.map((link: any, index: number) => ({
                     ...link,
                     id: link.id || `existing-${index}`
                 })));

package/src/ui/screens/AccountSwitcherScreen.tsx

@@ -15,7 +15,7 @@ import {
 import type { BaseScreenProps } from '../types/navigation';
 import type { ClientSession } from '../../models/session';
 import { fontFamilies } from '../styles/fonts';
-import type { User } from '../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import { toast } from '../../lib/sonner';
 import { confirmAction } from '../utils/confirmAction';
 import OxyIcon from '../components/icon/OxyIcon';

package/src/ui/screens/OxyAuthScreen.tsx

@@ -220,7 +220,7 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
 
     try {
       // Generate a unique session token for this auth request
-      const sessionToken = generateSessionToken();
+      const sessionToken = await generateSessionToken();
       const expiresAt = Date.now() + AUTH_SESSION_EXPIRY_MS;
 
       // Register the auth session with the server
@@ -242,14 +242,10 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
     }
   }, [oxyServices, connectSocket]);
 
-  // Generate a random session token
-  const generateSessionToken = (): string => {
-    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-    let result = '';
-    for (let i = 0; i < 32; i++) {
-      result += chars.charAt(Math.floor(Math.random() * chars.length));
-    }
-    return result;
+  // Generate a random session token using secure random bytes
+  const generateSessionToken = async (): Promise<string> => {
+    const { generateSessionToken: sharedGenerate } = await import('@oxyhq/shared');
+    return sharedGenerate(32); // 32 bytes = 64 hex characters
   };
 
   // Clean up on unmount

package/src/ui/screens/ProfileScreen.tsx

@@ -10,7 +10,7 @@ import { Ionicons } from '@expo/vector-icons';
 import { useI18n } from '../hooks/useI18n';
 import { useOxy } from '../context/OxyContext';
 import { logger } from '../../utils/loggerUtils';
-import type { User } from '../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import { extractErrorMessage } from '../utils/errorHandlers';
 
 interface ProfileScreenProps extends BaseScreenProps {

package/src/ui/stores/authStore.ts

@@ -1,5 +1,5 @@
 import { create } from 'zustand';
-import type { User } from '../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 
 export interface AuthState {
   user: User | null;

package/src/ui/types/navigation.ts

@@ -1,7 +1,7 @@
 import type { ReactNode, RefObject } from 'react';
 import type { QueryClient } from '@tanstack/react-query';
 import type { RouteName } from '../navigation/routes';
-import type { User } from '../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import type { ClientSession } from '../../models/session';
 
 // Re-export RouteName from routes for convenience

package/src/ui/utils/avatarUtils.ts

@@ -1,5 +1,5 @@
 import type { OxyServices } from '../../core';
-import type { User } from '../../models/interfaces';
+import type { User } from '@oxyhq/shared';
 import { useAccountStore } from '../stores/accountStore';
 import { useAuthStore } from '../stores/authStore';
 import { QueryClient } from '@tanstack/react-query';

package/src/ui/utils/sessionHelpers.ts

@@ -7,16 +7,14 @@ interface DeviceSession {
   deviceName?: string;
   expiresAt?: string;
   lastActive?: string;
-  user?: { id?: string; publicKey?: string; _id?: { toString(): string } };
+  user?: { id?: string; _id?: { toString(): string } };
   userId?: string;
-  publicKey?: string;
   isCurrent?: boolean;
 }
 
 export interface FetchSessionsWithFallbackOptions {
   fallbackDeviceId?: string;
   fallbackUserId?: string;
-  fallbackPublicKey?: string; // Canonical user identity
   logger?: (message: string, error?: unknown) => void;
 }
 
@@ -39,41 +37,27 @@ export interface SessionValidationResult {
  * @param sessions - Raw session array returned from the API
  * @param fallbackDeviceId - Device identifier to use when missing from payload
  * @param fallbackUserId - User identifier to use when missing from payload
- * @param fallbackPublicKey - Public key to use when missing from payload (canonical identity)
  */
 export const mapSessionsToClient = (
   sessions: DeviceSession[],
   fallbackDeviceId?: string,
   fallbackUserId?: string,
-  fallbackPublicKey?: string,
 ): ClientSession[] => {
   const now = new Date();
 
-  return sessions.map((session) => {
-    // publicKey is the canonical user identity (user.id now equals publicKey)
-    // Extract from user.id (which is now publicKey), user.publicKey, or session.publicKey
-    const publicKey =
-      session.user?.id || // user.id is now publicKey (canonical identifier)
-      session.user?.publicKey ||
-      session.publicKey ||
-      fallbackPublicKey ||
-      '';
-
-    // userId is MongoDB ObjectId (internal backend reference, optional)
-    const userId =
+  return sessions.map((session) => ({
+    sessionId: session.sessionId,
+    deviceId: session.deviceId || fallbackDeviceId || '',
+    expiresAt: session.expiresAt || new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000).toISOString(),
+    lastActive: session.lastActive || now.toISOString(),
+    userId:
+      session.user?.id ||
       session.userId ||
-      (session.user?._id ? session.user._id.toString() : undefined);
-
-    return {
-      sessionId: session.sessionId,
-      deviceId: session.deviceId || fallbackDeviceId || '',
-      expiresAt: session.expiresAt || new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000).toISOString(),
-      lastActive: session.lastActive || now.toISOString(),
-      publicKey, // Canonical user identity - REQUIRED
-      userId, // MongoDB ObjectId (optional, for backward compatibility)
-      isCurrent: Boolean(session.isCurrent),
-    };
-  });
+      (session.user?._id ? session.user._id.toString() : undefined) ||
+      fallbackUserId ||
+      '',
+    isCurrent: Boolean(session.isCurrent),
+  }));
 };
 
 /**
@@ -89,20 +73,19 @@ export const fetchSessionsWithFallback = async (
   {
     fallbackDeviceId,
     fallbackUserId,
-    fallbackPublicKey,
     logger,
   }: FetchSessionsWithFallbackOptions = {},
 ): Promise<ClientSession[]> => {
   try {
     const deviceSessions = await oxyServices.getDeviceSessions(sessionId);
-    return mapSessionsToClient(deviceSessions, fallbackDeviceId, fallbackUserId, fallbackPublicKey);
+    return mapSessionsToClient(deviceSessions, fallbackDeviceId, fallbackUserId);
   } catch (error) {
     if (__DEV__ && logger) {
       logger('Failed to get device sessions, falling back to user sessions', error);
     }
 
     const userSessions = await oxyServices.getSessionsBySessionId(sessionId);
-    return mapSessionsToClient(userSessions, fallbackDeviceId, fallbackUserId, fallbackPublicKey);
+    return mapSessionsToClient(userSessions, fallbackDeviceId, fallbackUserId);
   }
 };
 

package/src/utils/sessionUtils.ts

@@ -12,19 +12,12 @@ import type { ClientSession } from '../models/session';
  */
 export function normalizeSession(session: Partial<ClientSession> & { sessionId: string }): ClientSession {
   const now = new Date().toISOString();
-  
-  // publicKey is required (canonical user identity)
-  if (!session.publicKey) {
-    throw new Error(`Session ${session.sessionId} is missing required publicKey field`);
-  }
-  
   return {
     sessionId: session.sessionId,
     deviceId: session.deviceId || '',
     expiresAt: session.expiresAt || now,
     lastActive: session.lastActive || now,
-    publicKey: session.publicKey, // Canonical user identity - required
-    userId: session.userId, // Optional MongoDB ObjectId for backward compatibility
+    userId: session.userId || '',
   };
 }