@oxyhq/services 5.16.44 → 5.17.0

package/src/core/identity-session/IdentitySessionCore.ts

@@ -1,464 +0,0 @@
-/**
- * Identity Session Core
- * 
- * Main orchestrator for identity and session management.
- * Provides a unified API for all identity and session operations.
- */
-
-import type { PlatformAdapter } from '../../adapters';
-import type { Identity, Session, Device, BackupData, IdentitySessionEvent } from './types';
-import { IdentityManager } from './IdentityManager';
-import { SessionManager } from './SessionManager';
-import { DeviceManager } from './DeviceManager';
-import { RefreshManager } from './RefreshManager';
-import {
-  createIdentitySessionError,
-  IdentitySessionErrorCodes,
-} from './errors';
-
-/**
- * Identity Session Core Class
- */
-export class IdentitySessionCore {
-  private adapter: PlatformAdapter;
-  private identityManager: IdentityManager;
-  private sessionManager: SessionManager;
-  private deviceManager: DeviceManager;
-  private refreshManager: RefreshManager;
-  private baseURL: string | null = null;
-  private eventListeners: Set<(event: IdentitySessionEvent) => void> = new Set();
-  private initialized: boolean = false;
-
-  constructor(adapter: PlatformAdapter, baseURL?: string) {
-    this.adapter = adapter;
-    this.baseURL = baseURL || null;
-
-    // Initialize managers
-    this.identityManager = new IdentityManager(adapter);
-    this.deviceManager = new DeviceManager(adapter);
-    this.refreshManager = new RefreshManager(adapter, baseURL);
-    this.sessionManager = new SessionManager(
-      adapter,
-      this.deviceManager,
-      this.refreshManager,
-      baseURL
-    );
-  }
-
-  /**
-   * Set base URL for API requests
-   */
-  setBaseURL(baseURL: string): void {
-    this.baseURL = baseURL;
-    this.sessionManager.setBaseURL(baseURL);
-    this.refreshManager.setBaseURL(baseURL);
-  }
-
-  /**
-   * Initialize the core (load data from storage)
-   */
-  async initialize(): Promise<void> {
-    if (this.initialized) {
-      return;
-    }
-
-    await this.sessionManager.initialize();
-    this.initialized = true;
-  }
-
-  /**
-   * Emit an event to all subscribers
-   */
-  private emit(event: IdentitySessionEvent): void {
-    this.eventListeners.forEach(listener => {
-      try {
-        listener(event);
-      } catch (error) {
-        console.error('[IdentitySessionCore] Error in event listener:', error);
-      }
-    });
-  }
-
-  // ==================== Identity Operations ====================
-
-  /**
-   * Get current identity (SOLO NATIVE)
-   */
-  async getCurrentIdentity(): Promise<Identity | null> {
-    if (this.adapter.platform !== 'native') {
-      return null; // Identity only exists on native
-    }
-
-    const publicKey = await this.identityManager.getPublicKey();
-    if (!publicKey) {
-      return null;
-    }
-
-    // Identity object would need to be fetched from server
-    // For now, return a minimal identity object
-    return {
-      id: '', // Would be fetched from server
-      publicKey,
-    } as Identity;
-  }
-
-  /**
-   * Create a new identity (SOLO NATIVE)
-   */
-  async createIdentity(username?: string): Promise<Identity> {
-    if (this.adapter.platform !== 'native') {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_AVAILABLE_ON_WEB,
-        'Identity creation is only available on native platforms'
-      );
-    }
-
-    try {
-      const publicKey = await this.identityManager.createIdentity();
-      
-      const identity: Identity = {
-        id: '', // Will be set after sync with server
-        publicKey,
-        username,
-      };
-
-      this.emit({ type: 'identity:created', identity });
-      return identity;
-    } catch (error) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_CREATION_FAILED,
-        `Failed to create identity: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-
-  /**
-   * Import identity from backup (SOLO NATIVE)
-   */
-  async importIdentity(backupData: BackupData, password: string): Promise<Identity> {
-    if (this.adapter.platform !== 'native') {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_AVAILABLE_ON_WEB,
-        'Identity import is only available on native platforms'
-      );
-    }
-
-    try {
-      const publicKey = await this.identityManager.decryptAndImportBackup(backupData, password);
-      
-      const identity: Identity = {
-        id: '', // Will be set after sync with server
-        publicKey,
-      };
-
-      this.emit({ type: 'identity:imported', identity });
-      return identity;
-    } catch (error) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_IMPORT_FAILED,
-        `Failed to import identity: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-
-  /**
-   * Delete identity (SOLO NATIVE)
-   */
-  async deleteIdentity(
-    skipBackup: boolean = false,
-    force: boolean = false,
-    userConfirmed: boolean = false
-  ): Promise<void> {
-    if (this.adapter.platform !== 'native') {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_AVAILABLE_ON_WEB,
-        'Identity deletion is only available on native platforms'
-      );
-    }
-
-    try {
-      await this.identityManager.deleteIdentity(skipBackup, force, userConfirmed);
-      this.emit({ type: 'identity:deleted' });
-    } catch (error) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_DELETE_FAILED,
-        `Failed to delete identity: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-
-  /**
-   * Sign a challenge (SOLO NATIVE)
-   */
-  async signChallenge(challenge: string): Promise<string> {
-    if (this.adapter.platform !== 'native') {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_AVAILABLE_ON_WEB,
-        'Challenge signing is only available on native platforms'
-      );
-    }
-
-    try {
-      return await this.identityManager.signChallenge(challenge);
-    } catch (error) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_FOUND,
-        `Failed to sign challenge: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-
-  /**
-   * Generate a random challenge string
-   */
-  async generateChallenge(): Promise<string> {
-    const randomBytes = await this.adapter.crypto.getRandomBytes(32);
-    return Array.from(randomBytes, byte => byte.toString(16).padStart(2, '0')).join('');
-  }
-
-  /**
-   * Create a registration signature (SOLO NATIVE)
-   */
-  async createRegistrationSignature(): Promise<{ signature: string; publicKey: string; timestamp: number }> {
-    if (this.adapter.platform !== 'native') {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_AVAILABLE_ON_WEB,
-        'Registration signature is only available on native platforms'
-      );
-    }
-
-    const publicKey = await this.identityManager.getPublicKey();
-    if (!publicKey) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_FOUND,
-        'No identity found. Please create or import an identity first.'
-      );
-    }
-
-    const timestamp = Date.now();
-    const message = `oxy:register:${publicKey}:${timestamp}`;
-    const messageHash = await this.adapter.crypto.digestStringAsync('SHA256', message);
-    const signature = await this.identityManager.signChallenge(messageHash);
-
-    return {
-      signature,
-      publicKey,
-      timestamp,
-    };
-  }
-
-  /**
-   * Sign challenge for authentication (SOLO NATIVE)
-   * Returns AuthChallenge object with signature, publicKey, and timestamp
-   */
-  async signChallengeForAuth(challenge: string): Promise<{ challenge: string; signature: string; publicKey: string; timestamp: number }> {
-    if (this.adapter.platform !== 'native') {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_AVAILABLE_ON_WEB,
-        'Challenge signing is only available on native platforms'
-      );
-    }
-
-    const publicKey = await this.identityManager.getPublicKey();
-    if (!publicKey) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_FOUND,
-        'No identity found. Please create or import an identity first.'
-      );
-    }
-
-    const timestamp = Date.now();
-    const message = `auth:${publicKey}:${challenge}:${timestamp}`;
-    const messageHash = await this.adapter.crypto.digestStringAsync('SHA256', message);
-    const signature = await this.identityManager.signChallenge(messageHash);
-
-    return {
-      challenge,
-      signature,
-      publicKey,
-      timestamp,
-    };
-  }
-
-  /**
-   * Check if identity exists
-   */
-  async hasIdentity(): Promise<boolean> {
-    return await this.identityManager.hasIdentity();
-  }
-
-  /**
-   * Get public key
-   */
-  async getPublicKey(): Promise<string | null> {
-    return await this.identityManager.getPublicKey();
-  }
-
-  // ==================== Session Operations ====================
-
-  /**
-   * Get current session (Native + Web)
-   */
-  async getSession(): Promise<Session | null> {
-    return await this.sessionManager.getSession();
-  }
-
-  /**
-   * Get all sessions (Native + Web)
-   */
-  async getAllSessions(): Promise<Session[]> {
-    return await this.sessionManager.getAllSessions();
-  }
-
-  /**
-   * Get active session ID (Native + Web)
-   */
-  async getActiveSessionId(): Promise<string | null> {
-    return await this.sessionManager.getActiveSessionId();
-  }
-
-  /**
-   * Create a new session (sign in) (Native + Web)
-   */
-  async createSession(deviceName?: string): Promise<Session> {
-    if (this.adapter.platform !== 'native') {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_AVAILABLE_ON_WEB,
-        'Session creation requires identity, which is only available on native platforms'
-      );
-    }
-
-    const publicKey = await this.identityManager.getPublicKey();
-    if (!publicKey) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.IDENTITY_NOT_FOUND,
-        'No identity found. Please create or import an identity first.'
-      );
-    }
-
-    // Generate challenge and sign it
-    const timestamp = Date.now();
-    const challenge = `auth:${publicKey}:${timestamp}`;
-    const signature = await this.identityManager.signChallenge(challenge);
-
-    try {
-      const session = await this.sessionManager.createSession(
-        publicKey,
-        signature,
-        timestamp,
-        deviceName
-      );
-
-      this.emit({ type: 'session:created', session });
-      return session;
-    } catch (error) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.SESSION_CREATION_FAILED,
-        `Failed to create session: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-
-  /**
-   * Refresh current session (Native + Web)
-   */
-  async refreshSession(): Promise<Session> {
-    try {
-      const session = await this.sessionManager.refreshSession();
-      this.emit({ type: 'session:refreshed', session });
-      return session;
-    } catch (error) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.SESSION_REFRESH_FAILED,
-        `Failed to refresh session: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-
-  /**
-   * Invalidate a session (Native + Web)
-   */
-  async invalidateSession(sessionId?: string): Promise<void> {
-    try {
-      await this.sessionManager.invalidateSession(sessionId);
-      const targetSessionId = sessionId || await this.sessionManager.getActiveSessionId();
-      if (targetSessionId) {
-        this.emit({ type: 'session:invalidated', sessionId: targetSessionId });
-      }
-    } catch (error) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.SESSION_INVALID,
-        `Failed to invalidate session: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-
-  /**
-   * Invalidate all sessions (Native + Web)
-   */
-  async invalidateAllSessions(): Promise<void> {
-    try {
-      await this.sessionManager.invalidateAllSessions();
-      this.emit({ type: 'session:all-invalidated' });
-    } catch (error) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.SESSION_INVALID,
-        `Failed to invalidate all sessions: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-
-  // ==================== Device Operations ====================
-
-  /**
-   * Get current device (Native + Web)
-   */
-  async getCurrentDevice(): Promise<Device | null> {
-    return await this.deviceManager.getCurrentDevice();
-  }
-
-  // ==================== Subscriptions ====================
-
-  /**
-   * Subscribe to identity and session events
-   */
-  subscribe(callback: (event: IdentitySessionEvent) => void): () => void {
-    this.eventListeners.add(callback);
-
-    // Return unsubscribe function
-    return () => {
-      this.eventListeners.delete(callback);
-    };
-  }
-
-  // ==================== Internal Access ====================
-
-  /**
-   * Get identity manager (for advanced operations)
-   */
-  getIdentityManager(): IdentityManager {
-    return this.identityManager;
-  }
-
-  /**
-   * Get session manager (for advanced operations)
-   */
-  getSessionManager(): SessionManager {
-    return this.sessionManager;
-  }
-
-  /**
-   * Get device manager (for advanced operations)
-   */
-  getDeviceManager(): DeviceManager {
-    return this.deviceManager;
-  }
-
-  /**
-   * Get refresh manager (for advanced operations)
-   */
-  getRefreshManager(): RefreshManager {
-    return this.refreshManager;
-  }
-}
-

package/src/core/identity-session/RefreshManager.ts

@@ -1,189 +0,0 @@
-/**
- * Refresh Manager
- * 
- * Manages token refresh operations (Native + Web)
- */
-
-import { jwtDecode } from 'jwt-decode';
-import type { PlatformAdapter } from '../../adapters';
-import {
-  createIdentitySessionError,
-  IdentitySessionErrorCodes,
-} from './errors';
-
-interface AccessTokenPayload {
-  userId: string;      // MongoDB ObjectId
-  sessionId: string;   // Session UUID
-  deviceId: string;    // Device identifier
-  type: 'access';
-  iat?: number;
-  exp?: number;
-}
-
-/**
- * Refresh Manager Class
- */
-export class RefreshManager {
-  private adapter: PlatformAdapter;
-  private baseURL: string | null = null;
-  private refreshPromise: Promise<void> | null = null;
-
-  constructor(adapter: PlatformAdapter, baseURL?: string) {
-    this.adapter = adapter;
-    this.baseURL = baseURL || null;
-  }
-
-  /**
-   * Set base URL for API requests
-   */
-  setBaseURL(baseURL: string): void {
-    this.baseURL = baseURL;
-  }
-
-  /**
-   * Check if token is expiring soon (within 60 seconds)
-   */
-  isTokenExpiringSoon(accessToken: string | null): boolean {
-    if (!accessToken) return false;
-
-    try {
-      const decoded = jwtDecode<AccessTokenPayload>(accessToken);
-      if (!decoded.exp) return false;
-
-      const currentTime = Math.floor(Date.now() / 1000);
-      return decoded.exp - currentTime < 60; // Expiring within 60 seconds
-    } catch {
-      return false;
-    }
-  }
-
-  /**
-   * Get userId from access token
-   */
-  getUserIdFromToken(accessToken: string | null): string | null {
-    if (!accessToken) return null;
-
-    try {
-      const decoded = jwtDecode<AccessTokenPayload>(accessToken);
-      return decoded.userId || null;
-    } catch {
-      return null;
-    }
-  }
-
-  /**
-   * Refresh access token if expiring soon
-   */
-  async refreshTokenIfNeeded(
-    getAccessToken: () => string | null,
-    setTokens: (accessToken: string, refreshToken?: string) => void,
-    clearTokens: () => void
-  ): Promise<void> {
-    // If already refreshing, wait for that promise
-    if (this.refreshPromise) {
-      return this.refreshPromise;
-    }
-
-    const accessToken = getAccessToken();
-    if (!accessToken) {
-      return; // No token to refresh
-    }
-
-    // If token not expiring soon, no refresh needed
-    if (!this.isTokenExpiringSoon(accessToken)) {
-      return;
-    }
-
-    // Start refresh
-    this.refreshPromise = this._performRefresh(
-      accessToken,
-      setTokens,
-      clearTokens
-    ).finally(() => {
-      this.refreshPromise = null;
-    });
-
-    return this.refreshPromise;
-  }
-
-  /**
-   * Perform token refresh
-   */
-  private async _performRefresh(
-    accessToken: string,
-    setTokens: (accessToken: string, refreshToken?: string) => void,
-    clearTokens: () => void
-  ): Promise<void> {
-    if (!this.baseURL) {
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.SESSION_REFRESH_FAILED,
-        'Base URL not set for refresh operations'
-      );
-    }
-
-    try {
-      const decoded = jwtDecode<AccessTokenPayload>(accessToken);
-      if (!decoded.sessionId) {
-        throw createIdentitySessionError(
-          IdentitySessionErrorCodes.MALFORMED_TOKEN,
-          'Token missing sessionId'
-        );
-      }
-
-      const refreshUrl = `${this.baseURL}/api/session/token/${decoded.sessionId}`;
-
-      const response = await this.adapter.fetch.fetch(refreshUrl, {
-        method: 'GET',
-        headers: { 'Accept': 'application/json' },
-        signal: AbortSignal.timeout(5000),
-      });
-
-      if (!response.ok) {
-        if (response.status === 401 || response.status === 403) {
-          // Token is invalid, clear it
-          clearTokens();
-          throw createIdentitySessionError(
-            IdentitySessionErrorCodes.TOKEN_EXPIRED,
-            'Token refresh failed: token is invalid'
-          );
-        }
-        throw createIdentitySessionError(
-          IdentitySessionErrorCodes.SESSION_REFRESH_FAILED,
-          `Token refresh failed: ${response.status}`
-        );
-      }
-
-      const data = await response.json();
-      const newAccessToken = data.accessToken;
-
-      if (!newAccessToken) {
-        throw createIdentitySessionError(
-          IdentitySessionErrorCodes.SESSION_REFRESH_FAILED,
-          'No access token in refresh response'
-        );
-      }
-
-      // Validate new token has correct userId format (ObjectId)
-      const newDecoded = jwtDecode<AccessTokenPayload>(newAccessToken);
-      if (newDecoded.userId && !/^[0-9a-fA-F]{24}$/.test(newDecoded.userId)) {
-        throw createIdentitySessionError(
-          IdentitySessionErrorCodes.MALFORMED_TOKEN,
-          `Invalid userId format in refreshed token: ${newDecoded.userId.substring(0, 20)}...`
-        );
-      }
-
-      setTokens(newAccessToken, data.refreshToken);
-    } catch (error) {
-      // Clear tokens on refresh failure (likely expired or invalid)
-      clearTokens();
-      if (error instanceof Error && error.name === 'IdentitySessionError') {
-        throw error;
-      }
-      throw createIdentitySessionError(
-        IdentitySessionErrorCodes.SESSION_REFRESH_FAILED,
-        `Token refresh failed: ${error instanceof Error ? error.message : String(error)}`
-      );
-    }
-  }
-}
-