npm - @oxyhq/services - Versions diffs - 5.16.33 → 5.16.35 - Mend

@oxyhq/services 5.16.33 → 5.16.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (240) hide show

package/src/shared/transport/index.ts ADDED Viewed

@@ -0,0 +1,349 @@
+/**
+ * Transport Abstraction
+ *
+ * Unified transport layer for WebSocket, SSE, and polling.
+ * Provides automatic fallback and unified configuration.
+ */
+export type TransportType = 'websocket' | 'sse' | 'polling';
+export interface TransportConfig {
+  baseURL: string;
+  namespace?: string;
+  sessionToken?: string;
+  accessToken?: string;
+  pollingInterval?: number; // milliseconds
+  reconnectAttempts?: number;
+  reconnectDelay?: number; // milliseconds
+  timeout?: number; // milliseconds
+}
+export interface TransportUpdate {
+  status: 'authorized' | 'cancelled' | 'expired' | 'pending';
+  sessionId?: string;
+  publicKey?: string;
+  userId?: string;
+  username?: string;
+  [key: string]: unknown;
+}
+export interface TransportCallbacks {
+  onUpdate?: (update: TransportUpdate) => void;
+  onConnect?: () => void;
+  onDisconnect?: () => void;
+  onError?: (error: Error) => void;
+}
+/**
+ * Transport Interface
+ * All transport implementations must implement this
+ */
+export interface Transport {
+  /**
+   * Connect to the transport
+   */
+  connect(): Promise<void>;
+  /**
+   * Disconnect from the transport
+   */
+  disconnect(): void;
+  /**
+   * Check if currently connected
+   */
+  isConnected(): boolean;
+  /**
+   * Get the transport type
+   */
+  getType(): TransportType;
+}
+/**
+ * Transport Factory
+ * Creates the appropriate transport based on availability and configuration
+ */
+export class TransportFactory {
+  /**
+   * Create a transport with automatic fallback
+   * Tries WebSocket first, then SSE, then polling
+   */
+  static async create(
+    config: TransportConfig,
+    callbacks: TransportCallbacks
+  ): Promise<Transport> {
+    // Try WebSocket first (best for real-time)
+    if (await this.isWebSocketAvailable()) {
+      try {
+        return new WebSocketTransport(config, callbacks);
+      } catch (error) {
+        // Fall through to SSE
+      }
+    }
+    // Try SSE second (good for one-way updates)
+    if (await this.isSSEAvailable()) {
+      try {
+        return new SSETransport(config, callbacks);
+      } catch (error) {
+        // Fall through to polling
+      }
+    }
+    // Fall back to polling (always available)
+    return new PollingTransport(config, callbacks);
+  }
+  /**
+   * Check if WebSocket is available
+   */
+  private static async isWebSocketAvailable(): Promise<boolean> {
+    // WebSocket is available in browsers and Node.js with socket.io-client
+    return typeof window !== 'undefined' || typeof process !== 'undefined';
+  }
+  /**
+   * Check if SSE is available
+   */
+  private static async isSSEAvailable(): Promise<boolean> {
+    // SSE is available in browsers via EventSource
+    // In Node.js, would need a polyfill or library
+    return typeof EventSource !== 'undefined' ||
+           (typeof window !== 'undefined' && 'EventSource' in window);
+  }
+}
+/**
+ * WebSocket Transport Implementation
+ * Uses socket.io-client for WebSocket connections
+ */
+class WebSocketTransport implements Transport {
+  private socket: any = null;
+  private config: TransportConfig;
+  private callbacks: TransportCallbacks;
+  private connected = false;
+  constructor(config: TransportConfig, callbacks: TransportCallbacks) {
+    this.config = config;
+    this.callbacks = callbacks;
+  }
+  async connect(): Promise<void> {
+    // Dynamic import to avoid bundling socket.io-client if not needed
+    let io: any;
+    try {
+      io = (await import('socket.io-client')).default;
+    } catch (error) {
+      throw new Error('socket.io-client is required for WebSocket transport. Install it as a dependency.');
+    }
+    const url = this.config.namespace
+      ? `${this.config.baseURL}/${this.config.namespace}`
+      : this.config.baseURL;
+    const socketOptions: any = {
+      transports: ['websocket', 'polling'],
+      reconnection: true,
+      reconnectionAttempts: this.config.reconnectAttempts ?? 3,
+      reconnectionDelay: this.config.reconnectDelay ?? 1000,
+    };
+    if (this.config.accessToken) {
+      socketOptions.auth = { token: this.config.accessToken };
+    }
+    this.socket = io(url, socketOptions);
+    this.socket.on('connect', () => {
+      this.connected = true;
+      if (this.config.sessionToken) {
+        this.socket.emit('join', this.config.sessionToken);
+      }
+      this.callbacks.onConnect?.();
+    });
+    this.socket.on('auth_update', (payload: TransportUpdate) => {
+      this.callbacks.onUpdate?.(payload);
+    });
+    this.socket.on('connect_error', (error: Error) => {
+      this.callbacks.onError?.(error);
+    });
+    this.socket.on('disconnect', () => {
+      this.connected = false;
+      this.callbacks.onDisconnect?.();
+    });
+  }
+  disconnect(): void {
+    if (this.socket) {
+      this.socket.disconnect();
+      this.socket = null;
+      this.connected = false;
+    }
+  }
+  isConnected(): boolean {
+    return this.connected && this.socket?.connected === true;
+  }
+  getType(): TransportType {
+    return 'websocket';
+  }
+}
+/**
+ * SSE Transport Implementation
+ * Uses EventSource for Server-Sent Events
+ */
+class SSETransport implements Transport {
+  private eventSource: EventSource | null = null;
+  private config: TransportConfig;
+  private callbacks: TransportCallbacks;
+  private connected = false;
+  constructor(config: TransportConfig, callbacks: TransportCallbacks) {
+    this.config = config;
+    this.callbacks = callbacks;
+  }
+  async connect(): Promise<void> {
+    if (typeof EventSource === 'undefined') {
+      throw new Error('EventSource is not available in this environment');
+    }
+    const url = this.config.sessionToken
+      ? `${this.config.baseURL}/auth/session/stream/${this.config.sessionToken}`
+      : `${this.config.baseURL}/auth/session/stream`;
+    this.eventSource = new EventSource(url);
+    this.eventSource.onopen = () => {
+      this.connected = true;
+      this.callbacks.onConnect?.();
+    };
+    this.eventSource.onmessage = (event) => {
+      try {
+        const update = JSON.parse(event.data) as TransportUpdate;
+        this.callbacks.onUpdate?.(update);
+      } catch (error) {
+        this.callbacks.onError?.(error as Error);
+      }
+    };
+    this.eventSource.onerror = (error) => {
+      this.callbacks.onError?.(new Error('SSE connection error'));
+    };
+  }
+  disconnect(): void {
+    if (this.eventSource) {
+      this.eventSource.close();
+      this.eventSource = null;
+      this.connected = false;
+    }
+  }
+  isConnected(): boolean {
+    return this.connected && this.eventSource?.readyState === EventSource.OPEN;
+  }
+  getType(): TransportType {
+    return 'sse';
+  }
+}
+/**
+ * Polling Transport Implementation
+ * Uses HTTP polling as fallback
+ */
+class PollingTransport implements Transport {
+  private intervalId: ReturnType<typeof setInterval> | null = null;
+  private config: TransportConfig;
+  private callbacks: TransportCallbacks;
+  private connected = false;
+  private abortController: AbortController | null = null;
+  constructor(config: TransportConfig, callbacks: TransportCallbacks) {
+    this.config = config;
+    this.callbacks = callbacks;
+  }
+  async connect(): Promise<void> {
+    this.connected = true;
+    this.callbacks.onConnect?.();
+    const poll = async () => {
+      if (!this.config.sessionToken) {
+        return;
+      }
+      try {
+        this.abortController = new AbortController();
+        const response = await fetch(
+          `${this.config.baseURL}/api/auth/session/status/${this.config.sessionToken}`,
+          {
+            signal: this.abortController.signal,
+            headers: this.config.accessToken
+              ? { Authorization: `Bearer ${this.config.accessToken}` }
+              : {},
+          }
+        );
+        if (!response.ok) {
+          throw new Error(`Polling failed: ${response.statusText}`);
+        }
+        const data = await response.json();
+        if (data.authorized && data.sessionId) {
+          this.callbacks.onUpdate?.({
+            status: 'authorized',
+            sessionId: data.sessionId,
+            publicKey: data.publicKey,
+          });
+        } else if (data.status === 'expired') {
+          this.callbacks.onUpdate?.({ status: 'expired' });
+        } else if (data.status === 'cancelled') {
+          this.callbacks.onUpdate?.({ status: 'cancelled' });
+        }
+      } catch (error) {
+        if (error instanceof Error && error.name !== 'AbortError') {
+          this.callbacks.onError?.(error);
+        }
+      }
+    };
+    // Poll immediately, then at intervals
+    await poll();
+    this.intervalId = setInterval(
+      poll,
+      this.config.pollingInterval ?? 3000
+    );
+  }
+  disconnect(): void {
+    if (this.intervalId) {
+      clearInterval(this.intervalId);
+      this.intervalId = null;
+    }
+    if (this.abortController) {
+      this.abortController.abort();
+      this.abortController = null;
+    }
+    this.connected = false;
+    this.callbacks.onDisconnect?.();
+  }
+  isConnected(): boolean {
+    return this.connected && this.intervalId !== null;
+  }
+  getType(): TransportType {
+    return 'polling';
+  }
+}

package/src/shared/utils/index.ts ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * Shared Utilities
+ *
+ * Common utility functions used across Accounts, Services SDK, and API packages.
+ */
+/**
+ * Get a shortened display version of a public key
+ * Format: first 8 chars ... last 8 chars
+ */
+export function shortenPublicKey(publicKey: string): string {
+  if (publicKey.length <= 16) return publicKey;
+  return `${publicKey.slice(0, 8)}...${publicKey.slice(-8)}`;
+}
+/**
+ * Generate a secure random session token
+ * Uses crypto.randomBytes (Node) or Web Crypto API (Browser/RN)
+ */
+export async function generateSessionToken(size: number = 32): Promise<string> {
+  // Use platform-appropriate random bytes
+  if (typeof window !== 'undefined' && window.crypto) {
+    // Web platform
+    const array = new Uint8Array(size);
+    window.crypto.getRandomValues(array);
+    return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('');
+  }
+  if (typeof process !== 'undefined' && process.versions?.node) {
+    // Node.js platform
+    // eslint-disable-next-line @typescript-eslint/no-implied-eval
+    const getCrypto = new Function('return require("crypto")');
+    const crypto = getCrypto();
+    return crypto.randomBytes(size).toString('hex');
+  }
+  // React Native - will be handled by platform adapter
+  // For now, throw an error if we can't determine platform
+  throw new Error('Unable to generate session token: no crypto implementation available');
+}
+/**
+ * Generate a session token synchronously (Node.js only)
+ */
+export function generateSessionTokenSync(size: number = 32): string {
+  if (typeof process === 'undefined' || !process.versions?.node) {
+    throw new Error('generateSessionTokenSync can only be used in Node.js');
+  }
+  // eslint-disable-next-line @typescript-eslint/no-implied-eval
+  const getCrypto = new Function('return require("crypto")');
+  const crypto = getCrypto();
+  return crypto.randomBytes(size).toString('hex');
+}
+/**
+ * Convert bytes to hex string
+ */
+export function bytesToHex(bytes: Uint8Array): string {
+  return Array.from(bytes, byte => byte.toString(16).padStart(2, '0')).join('');
+}
+/**
+ * Convert hex string to bytes
+ */
+export function hexToBytes(hex: string): Uint8Array {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+  }
+  return bytes;
+}

package/src/ui/context/OxyContext.tsx CHANGED Viewed

@@ -11,7 +11,8 @@ import {
 } from 'react';
 import { Platform } from 'react-native';
 import { OxyServices } from '../../core';
-import type { User, ApiError } from '../../models/interfaces';
+import type { ApiError } from '../../models/interfaces';
+import type { User } from '../../shared';
 import type { ClientSession } from '../../models/session';
 import { toast } from '../../lib/sonner';
 import { useAuthStore, type AuthState } from '../stores/authStore';
@@ -222,7 +223,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         // CRITICAL: Invalidate cache on app startup to ensure fresh state check
         // This prevents stale cache from previous session from showing incorrect state
         KeyManager.invalidateCache();
         // Check if identity exists and verify integrity
         const hasIdentity = await KeyManager.hasIdentity();
         if (hasIdentity) {
@@ -421,7 +422,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
       if (pendingTransfers.length > 0) {
         const activeTransferId = getActiveTransferId();
         const hasActiveTransfer = activeTransferId && pendingTransfers.some((t: { transferId: string; data: any }) => t.transferId === activeTransferId);
         if (hasActiveTransfer) {
           throw new Error(
             'Cannot delete identity: An active identity transfer is in progress. ' +
@@ -485,11 +486,11 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         if (wasOffline) {
           const now = Date.now();
           const timeSinceLastLog = now - lastReconnectionLog;
           if (timeSinceLastLog >= RECONNECTION_LOG_DEBOUNCE_MS) {
             logger('Network reconnected, checking identity sync...');
             lastReconnectionLog = now;
             // Sync identity first (if not synced)
             try {
               const hasIdentityValue = await hasIdentity();
@@ -520,7 +521,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
             // This is handled by useCheckPendingTransfers hook which runs automatically
             // when authenticated and online
           }
           // TanStack Query will automatically retry pending mutations
           // Reset flag immediately after processing (whether logged or not)
           wasOffline = false;
@@ -580,22 +581,6 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     setTokenReady(false);
     try {
-      // CRITICAL: Get current local identity (publicKey) before restoring sessions
-      // Sessions must belong to the current local identity stored in Accounts app
-      let currentPublicKey: string | null = null;
-      try {
-        if (Platform.OS !== 'web') {
-          // Only check identity on native platforms (web doesn't have local identity)
-          // KeyManager is already imported at the top of the file
-          currentPublicKey = await KeyManager.getPublicKey();
-        }
-      } catch (identityError) {
-        if (__DEV__) {
-          logger('Failed to get current local identity during session restoration', identityError);
-        }
-        // Continue without identity check if it fails (e.g., on web platform)
-      }
       const storedSessionIdsJson = await storage.getItem(storageKeys.sessionIds);
       const storedSessionIds: string[] = storedSessionIdsJson ? JSON.parse(storedSessionIdsJson) : [];
       const storedActiveSessionId = await storage.getItem(storageKeys.activeSessionId);
@@ -608,25 +593,12 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
             const validation = await oxyServices.validateSession(sessionId, { useHeaderValidation: true });
             if (validation?.valid && validation.user) {
               const now = new Date();
-              // user.id is now publicKey (canonical identity)
-              const sessionPublicKey = validation.user.publicKey || validation.user.id || '';
-              // IDENTITY BINDING: Only restore sessions that match current local identity
-              // If we have a current local identity, filter out sessions that don't match
-              if (currentPublicKey && sessionPublicKey !== currentPublicKey) {
-                if (__DEV__) {
-                  logger(`Skipping session ${sessionId.substring(0, 8)}... - belongs to different identity (${sessionPublicKey.substring(0, 16)}... vs ${currentPublicKey.substring(0, 16)}...)`);
-                }
-                continue; // Skip this session - it belongs to a different identity
-              }
               validSessions.push({
                 sessionId,
                 deviceId: '',
                 expiresAt: new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000).toISOString(),
                 lastActive: now.toISOString(),
-                publicKey: sessionPublicKey, // Canonical user identity
-                userId: validation.user.id?.toString(), // Optional MongoDB ObjectId for backward compatibility
+                userId: validation.user.id?.toString() ?? '',
                 isCurrent: sessionId === storedActiveSessionId,
               });
             }
@@ -644,13 +616,6 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         if (validSessions.length > 0) {
           updateSessions(validSessions, { merge: false });
-        } else if (currentPublicKey && storedSessionIds.length > 0) {
-          // All sessions were filtered out due to identity mismatch - clear stored sessions
-          if (__DEV__) {
-            logger('All stored sessions belong to different identity - clearing session storage');
-          }
-          await storage.removeItem(storageKeys.sessionIds);
-          await storage.removeItem(storageKeys.activeSessionId);
         }
       }
@@ -762,9 +727,9 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     return isAuthenticatedFromStore || isAuthenticatedFromSessions;
   }, [isAuthenticatedFromStore, isAuthenticatedFromSessions]);
-  // Get userId from JWT token for socket room matching
-  // Note: JWT token may contain MongoDB ObjectId internally, but user.id is publicKey (canonical identity)
-  // Socket rooms may need internal mapping from publicKey to MongoDB ObjectId if backend requires it
+  // Get userId from JWT token (MongoDB ObjectId) for socket room matching
+  // user.id is set to publicKey for compatibility, but socket rooms use MongoDB ObjectId
+  // The JWT token's userId field contains the MongoDB ObjectId
   const userId = oxyServices.getCurrentUserId() || user?.id;
   // Use Zustand store for transfer state management
@@ -784,16 +749,16 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         // Load transfer codes
         const storedCodes = await storage.getItem(TRANSFER_CODES_STORAGE_KEY);
         const storedActiveTransferId = await storage.getItem(ACTIVE_TRANSFER_STORAGE_KEY);
         const parsedCodes = storedCodes ? JSON.parse(storedCodes) : {};
         const activeTransferId = storedActiveTransferId || null;
         // Restore to Zustand store (store handles validation and expiration)
         restoreFromStorage(parsedCodes, activeTransferId);
         markRestored();
         if (__DEV__ && Object.keys(parsedCodes).length > 0) {
-          logger('Restored transfer codes from storage', {
+          logger('Restored transfer codes from storage', {
             count: Object.keys(parsedCodes).length,
             hasActiveTransfer: !!activeTransferId,
           });
@@ -818,7 +783,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     const persistTransferCodes = async () => {
       try {
         await storage.setItem(TRANSFER_CODES_STORAGE_KEY, JSON.stringify(transferCodes));
         if (activeTransferId) {
           await storage.setItem(ACTIVE_TRANSFER_STORAGE_KEY, activeTransferId);
         } else {
@@ -846,7 +811,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   // Transfer code management functions using Zustand store
   const storeTransferCode = useCallback(async (transferId: string, code: string, sourceDeviceId: string | null, publicKey: string) => {
     storeTransferCodeStore(transferId, code, sourceDeviceId, publicKey);
     if (__DEV__) {
       logger('Stored transfer code', { transferId, sourceDeviceId, publicKey: publicKey.substring(0, 16) + '...' });
     }
@@ -858,7 +823,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   const updateTransferState = useCallback(async (transferId: string, state: 'pending' | 'completed' | 'failed') => {
     updateTransferStateStore(transferId, state);
     if (__DEV__) {
       logger('Updated transfer state', { transferId, state });
     }
@@ -866,7 +831,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   const clearTransferCode = useCallback(async (transferId: string) => {
     clearTransferCodeStore(transferId);
     if (__DEV__) {
       logger('Cleared transfer code', { transferId });
     }
@@ -908,7 +873,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         const storedTransfer = getTransferCode(data.transferId);
         if (!storedTransfer) {
-          logger('Transfer code not found for transferId', {
+          logger('Transfer code not found for transferId', {
             transferId: data.transferId,
           });
           toast.error('Transfer verification failed: Code not found. Identity will not be deleted.');
@@ -930,7 +895,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         // Verify deviceId matches - very lenient since publicKey is the critical check
         // If publicKey matches, we allow deletion even if deviceId doesn't match exactly
         // This handles cases where deviceId might not be available or slightly different
-        const deviceIdMatches =
+        const deviceIdMatches =
           // Exact match
           (data.sourceDeviceId && data.sourceDeviceId === currentDeviceId) ||
           // Stored sourceDeviceId matches current deviceId
@@ -1010,7 +975,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
           }
           await deleteIdentityAndClearAccount(false, false, true);
           // Verify identity was actually deleted
           const identityDeleted = !(await KeyManager.hasIdentity());
           if (!identityDeleted) {