@oxyhq/services 5.17.16 → 5.17.18

package/src/core/CrossDomainAuth.ts

@@ -0,0 +1,307 @@
+/**
+ * Cross-Domain Authentication Helper
+ *
+ * Provides a simplified API for cross-domain SSO authentication that automatically
+ * selects the best authentication method based on browser capabilities:
+ *
+ * 1. FedCM (if supported) - Modern, Google-style browser-native auth
+ * 2. Popup (fallback) - OAuth2-style popup window
+ * 3. Redirect (final fallback) - Traditional full-page redirect
+ *
+ * Usage:
+ * ```typescript
+ * import { CrossDomainAuth } from '@oxyhq/services';
+ *
+ * const auth = new CrossDomainAuth(oxyServices);
+ *
+ * // Automatic method selection
+ * const session = await auth.signIn();
+ *
+ * // Or use specific method
+ * const session = await auth.signInWithPopup();
+ * ```
+ */
+
+import type { OxyServices } from './OxyServices';
+import type { SessionLoginResponse } from '../models/session';
+
+export interface CrossDomainAuthOptions {
+  /**
+   * Preferred authentication method
+   * - 'auto': Automatically select best method (default)
+   * - 'fedcm': Use FedCM (browser-native)
+   * - 'popup': Use popup window
+   * - 'redirect': Use full-page redirect
+   */
+  method?: 'auto' | 'fedcm' | 'popup' | 'redirect';
+
+  /**
+   * Custom redirect URI (for redirect method)
+   */
+  redirectUri?: string;
+
+  /**
+   * Whether to open signup page instead of login
+   */
+  isSignup?: boolean;
+
+  /**
+   * Popup window dimensions (for popup method)
+   */
+  popupDimensions?: {
+    width?: number;
+    height?: number;
+  };
+
+  /**
+   * Callback when auth method is selected
+   */
+  onMethodSelected?: (method: 'fedcm' | 'popup' | 'redirect') => void;
+}
+
+export class CrossDomainAuth {
+  constructor(private oxyServices: OxyServices) {}
+
+  /**
+   * Sign in with automatic method selection
+   *
+   * Tries methods in this order:
+   * 1. FedCM (if supported and not in private browsing)
+   * 2. Popup (if not blocked)
+   * 3. Redirect (always works)
+   *
+   * @param options - Authentication options
+   * @returns Session with user data and access token
+   */
+  async signIn(options: CrossDomainAuthOptions = {}): Promise<SessionLoginResponse | null> {
+    const method = options.method || 'auto';
+
+    // If specific method requested, use it directly
+    if (method === 'fedcm') {
+      return this.signInWithFedCM(options);
+    }
+
+    if (method === 'popup') {
+      return this.signInWithPopup(options);
+    }
+
+    if (method === 'redirect') {
+      this.signInWithRedirect(options);
+      return null; // Redirect doesn't return immediately
+    }
+
+    // Auto mode: Try methods in order of preference
+    return this.autoSignIn(options);
+  }
+
+  /**
+   * Automatic sign-in with progressive enhancement
+   *
+   * @private
+   */
+  private async autoSignIn(options: CrossDomainAuthOptions): Promise<SessionLoginResponse | null> {
+    // 1. Try FedCM first (best UX, most modern)
+    if (this.isFedCMSupported()) {
+      try {
+        options.onMethodSelected?.('fedcm');
+        return await this.signInWithFedCM(options);
+      } catch (error) {
+        console.warn('[CrossDomainAuth] FedCM failed, trying popup...', error);
+      }
+    }
+
+    // 2. Try popup (good UX, widely supported)
+    try {
+      options.onMethodSelected?.('popup');
+      return await this.signInWithPopup(options);
+    } catch (error) {
+      console.warn('[CrossDomainAuth] Popup failed, falling back to redirect...', error);
+    }
+
+    // 3. Fallback to redirect (always works)
+    options.onMethodSelected?.('redirect');
+    this.signInWithRedirect(options);
+    return null;
+  }
+
+  /**
+   * Sign in using FedCM (Federated Credential Management)
+   *
+   * Best method - browser-native, no popups, Google-like experience
+   */
+  async signInWithFedCM(options: CrossDomainAuthOptions = {}): Promise<SessionLoginResponse> {
+    return (this.oxyServices as any).signInWithFedCM({
+      context: options.isSignup ? 'signup' : 'signin',
+    });
+  }
+
+  /**
+   * Sign in using popup window
+   *
+   * Good method - preserves app state, no full page reload
+   */
+  async signInWithPopup(options: CrossDomainAuthOptions = {}): Promise<SessionLoginResponse> {
+    return (this.oxyServices as any).signInWithPopup({
+      mode: options.isSignup ? 'signup' : 'login',
+      width: options.popupDimensions?.width,
+      height: options.popupDimensions?.height,
+    });
+  }
+
+  /**
+   * Sign in using full-page redirect
+   *
+   * Fallback method - works everywhere but loses app state
+   */
+  signInWithRedirect(options: CrossDomainAuthOptions = {}): void {
+    (this.oxyServices as any).signInWithRedirect({
+      redirectUri: options.redirectUri,
+      mode: options.isSignup ? 'signup' : 'login',
+    });
+  }
+
+  /**
+   * Handle redirect callback
+   *
+   * Call this on app startup to check if we're returning from auth redirect
+   */
+  handleRedirectCallback(): SessionLoginResponse | null {
+    return (this.oxyServices as any).handleAuthCallback();
+  }
+
+  /**
+   * Silent sign-in (check for existing session)
+   *
+   * Tries to automatically sign in without user interaction.
+   * Works with both FedCM and popup/iframe methods.
+   *
+   * @returns Session if user is already signed in, null otherwise
+   */
+  async silentSignIn(): Promise<SessionLoginResponse | null> {
+    // Try FedCM silent sign-in first (if supported)
+    if (this.isFedCMSupported()) {
+      try {
+        const session = await (this.oxyServices as any).silentSignInWithFedCM();
+        if (session) {
+          return session;
+        }
+      } catch (error) {
+        console.warn('[CrossDomainAuth] FedCM silent sign-in failed:', error);
+      }
+    }
+
+    // Fallback to iframe-based silent auth
+    try {
+      return await (this.oxyServices as any).silentSignIn();
+    } catch (error) {
+      console.warn('[CrossDomainAuth] Silent sign-in failed:', error);
+      return null;
+    }
+  }
+
+  /**
+   * Restore session from storage
+   *
+   * For redirect method - restores previously authenticated session from localStorage
+   */
+  restoreSession(): boolean {
+    return (this.oxyServices as any).restoreSession?.() || false;
+  }
+
+  /**
+   * Check if FedCM is supported in current browser
+   */
+  isFedCMSupported(): boolean {
+    return (this.oxyServices as any).constructor.isFedCMSupported?.() || false;
+  }
+
+  /**
+   * Get recommended authentication method for current environment
+   *
+   * @returns Recommended method name and reason
+   */
+  getRecommendedMethod(): { method: 'fedcm' | 'popup' | 'redirect'; reason: string } {
+    if (this.isFedCMSupported()) {
+      return {
+        method: 'fedcm',
+        reason: 'FedCM is supported - provides best UX with browser-native auth',
+      };
+    }
+
+    if (typeof window !== 'undefined') {
+      return {
+        method: 'popup',
+        reason: 'Browser environment - popup preserves app state',
+      };
+    }
+
+    return {
+      method: 'redirect',
+      reason: 'Fallback method - works in all environments',
+    };
+  }
+
+  /**
+   * Initialize cross-domain auth on app startup
+   *
+   * This handles:
+   * 1. Redirect callback (if returning from auth.oxy.so)
+   * 2. Session restoration (from localStorage)
+   * 3. Silent sign-in (check for existing SSO session)
+   *
+   * @returns Session if user is authenticated, null otherwise
+   */
+  async initialize(): Promise<SessionLoginResponse | null> {
+    // 1. Check if this is a redirect callback
+    const callbackSession = this.handleRedirectCallback();
+    if (callbackSession) {
+      return callbackSession;
+    }
+
+    // 2. Try to restore existing session from storage
+    const restored = this.restoreSession();
+    if (restored) {
+      // Verify session is still valid by fetching user
+      try {
+        const user = await (this.oxyServices as any).getCurrentUser();
+        if (user) {
+          return {
+            sessionId: (this.oxyServices as any).getStoredSessionId?.() || '',
+            deviceId: '',
+            expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString(),
+            user,
+          };
+        }
+      } catch (error) {
+        console.warn('[CrossDomainAuth] Stored session invalid:', error);
+      }
+    }
+
+    // 3. Try silent sign-in (check for SSO session at auth.oxy.so)
+    return await this.silentSignIn();
+  }
+}
+
+/**
+ * Helper function to create CrossDomainAuth instance
+ *
+ * @example
+ * ```typescript
+ * import { createCrossDomainAuth } from '@oxyhq/services';
+ *
+ * const oxyServices = new OxyServices({ baseURL: 'https://api.oxy.so' });
+ * const auth = createCrossDomainAuth(oxyServices);
+ *
+ * // On app startup
+ * const session = await auth.initialize();
+ * if (session) {
+ *   console.log('User is signed in:', session.user);
+ * }
+ *
+ * // Sign in button click
+ * const session = await auth.signIn();
+ * ```
+ */
+export function createCrossDomainAuth(oxyServices: OxyServices): CrossDomainAuth {
+  return new CrossDomainAuth(oxyServices);
+}

package/src/core/HttpService.ts

@@ -17,8 +17,17 @@ import { TTLCache, registerCacheForCleanup } from '../utils/cache';
 import { RequestDeduplicator, RequestQueue, SimpleLogger } from '../utils/requestUtils';
 import { retryAsync } from '../utils/asyncUtils';
 import { handleHttpError } from '../utils/errorUtils';
+import { jwtDecode } from 'jwt-decode';
 import type { OxyConfig } from '../models/interfaces';
 
+interface JwtPayload {
+  exp?: number;
+  userId?: string;
+  id?: string;
+  sessionId?: string;
+  [key: string]: any;
+}
+
 export interface RequestOptions {
   cache?: boolean;
   cacheTTL?: number;
@@ -37,8 +46,45 @@ interface RequestConfig extends RequestOptions {
   params?: Record<string, unknown>;
 }
 
-// Token management moved to TokenService - import it instead
-import { tokenService } from './services/TokenService';
+/**
+ * Token store for authentication (singleton)
+ */
+class TokenStore {
+  private static instance: TokenStore;
+  private accessToken: string | null = null;
+  private refreshToken: string | null = null;
+
+  private constructor() {}
+
+  static getInstance(): TokenStore {
+    if (!TokenStore.instance) {
+      TokenStore.instance = new TokenStore();
+    }
+    return TokenStore.instance;
+  }
+
+  setTokens(accessToken: string, refreshToken = ''): void {
+    this.accessToken = accessToken;
+    this.refreshToken = refreshToken;
+  }
+
+  getAccessToken(): string | null {
+    return this.accessToken;
+  }
+
+  getRefreshToken(): string | null {
+    return this.refreshToken;
+  }
+
+  clearTokens(): void {
+    this.accessToken = null;
+    this.refreshToken = null;
+  }
+
+  hasAccessToken(): boolean {
+    return !!this.accessToken;
+  }
+}
 
 /**
  * Unified HTTP Service
@@ -48,6 +94,7 @@ import { tokenService } from './services/TokenService';
  */
 export class HttpService {
   private baseURL: string;
+  private tokenStore: TokenStore;
   private cache: TTLCache<any>;
   private deduplicator: RequestDeduplicator;
   private requestQueue: RequestQueue;
@@ -67,9 +114,7 @@ export class HttpService {
   constructor(config: OxyConfig) {
     this.config = config;
     this.baseURL = config.baseURL;
-    
-    // Initialize TokenService with baseURL
-    tokenService.initialize(this.baseURL);
+    this.tokenStore = TokenStore.getInstance();
     
     this.logger = new SimpleLogger(
       config.enableLogging || false,
@@ -216,7 +261,7 @@ export class HttpService {
         // Handle response
         if (!response.ok) {
           if (response.status === 401) {
-            tokenService.clearTokens();
+            this.tokenStore.clearTokens();
           }
           
           // Try to parse error response (handle empty/malformed JSON)
@@ -224,9 +269,12 @@ export class HttpService {
           const contentType = response.headers.get('content-type');
           if (contentType && contentType.includes('application/json')) {
             try {
-              const errorData = await response.json() as { message?: string } | null;
+              const errorData = await response.json() as { message?: string; error?: string } | null;
+              // Check both 'message' and 'error' fields for backwards compatibility
               if (errorData?.message) {
                 errorMessage = errorData.message;
+              } else if (errorData?.error) {
+                errorMessage = errorData.error;
               }
             } catch (parseError) {
               // Malformed JSON or empty response - use status text
@@ -370,10 +418,45 @@ export class HttpService {
 
   /**
    * Get auth header with automatic token refresh
-   * Uses TokenService for all token operations
    */
   private async getAuthHeader(): Promise<string | null> {
-    return await tokenService.getAuthHeader();
+    const accessToken = this.tokenStore.getAccessToken();
+    if (!accessToken) {
+      return null;
+    }
+
+    try {
+      const decoded = jwtDecode<JwtPayload>(accessToken);
+      const currentTime = Math.floor(Date.now() / 1000);
+
+      // If token expires in less than 60 seconds, refresh it
+      if (decoded.exp && decoded.exp - currentTime < 60 && decoded.sessionId) {
+        try {
+          const refreshUrl = `${this.baseURL}/api/session/token/${decoded.sessionId}`;
+          
+          // Use AbortSignal.timeout for consistent timeout handling
+          const response = await fetch(refreshUrl, {
+            method: 'GET',
+            headers: { 'Accept': 'application/json' },
+            signal: AbortSignal.timeout(5000),
+          });
+
+          if (response.ok) {
+            const { accessToken: newToken } = await response.json();
+            this.tokenStore.setTokens(newToken);
+            this.logger.debug('Token refreshed');
+            return `Bearer ${newToken}`;
+          }
+        } catch (refreshError) {
+          this.logger.warn('Token refresh failed, using current token');
+        }
+      }
+
+      return `Bearer ${accessToken}`;
+    } catch (error) {
+      this.logger.error('Error processing token:', error);
+      return `Bearer ${accessToken}`;
+    }
   }
 
   /**
@@ -478,21 +561,21 @@ export class HttpService {
     return { data: result as T };
   }
 
-  // Token management - delegates to TokenService
+  // Token management
   setTokens(accessToken: string, refreshToken = ''): void {
-    tokenService.setTokens(accessToken, refreshToken);
+    this.tokenStore.setTokens(accessToken, refreshToken);
   }
 
   clearTokens(): void {
-    tokenService.clearTokens();
+    this.tokenStore.clearTokens();
   }
 
   getAccessToken(): string | null {
-    return tokenService.getAccessToken();
+    return this.tokenStore.getAccessToken();
   }
 
   hasAccessToken(): boolean {
-    return tokenService.hasAccessToken();
+    return this.tokenStore.hasAccessToken();
   }
 
   getBaseURL(): string {
@@ -526,10 +609,10 @@ export class HttpService {
   // Test-only utility
   static __resetTokensForTests(): void {
     try {
-      tokenService.clearTokens();
+      TokenStore.getInstance().clearTokens();
     } catch (error) {
       // Silently fail in test cleanup - this is expected behavior
-      // TokenService might not be initialized in some test scenarios
+      // TokenStore might not be initialized in some test scenarios
     }
   }
 }

package/src/core/OxyServices.base.ts

@@ -3,16 +3,24 @@
  * 
  * Contains core infrastructure, HTTP client, request management, and error handling
  */
+import { jwtDecode } from 'jwt-decode';
 import type { OxyConfig as OxyConfigBase, ApiError, User } from '../models/interfaces';
 import { handleHttpError } from '../utils/errorUtils';
 import { HttpService, type RequestOptions } from './HttpService';
 import { OxyAuthenticationError, OxyAuthenticationTimeoutError } from './OxyServices.errors';
-import { tokenService } from './services/TokenService';
 
 export interface OxyConfig extends OxyConfigBase {
   cloudURL?: string;
 }
 
+interface JwtPayload {
+  exp?: number;
+  userId?: string;
+  id?: string;
+  sessionId?: string;
+  [key: string]: any;
+}
+
 /**
  * Base class for OxyServices with core infrastructure
  */
@@ -127,10 +135,19 @@ export class OxyServicesBase {
 
   /**
    * Get the current user ID from the access token
-   * Returns MongoDB ObjectId (never publicKey)
    */
   public getCurrentUserId(): string | null {
-    return tokenService.getUserIdFromToken();
+    const accessToken = this.httpService.getAccessToken();
+    if (!accessToken) {
+      return null;
+    }
+    
+    try {
+      const decoded = jwtDecode<JwtPayload>(accessToken);
+      return decoded.userId || decoded.id || null;
+    } catch (error) {
+      return null;
+    }
   }
 
   /**

package/src/core/OxyServices.ts

@@ -96,20 +96,24 @@ import { composeOxyServices } from './mixins';
  * ```
  */
 // Compose all mixins into the final OxyServices class
-const OxyServicesComposed: ReturnType<typeof composeOxyServices> = composeOxyServices();
+const OxyServicesComposed = composeOxyServices();
 
 // Export as a named class to avoid TypeScript issues with anonymous class types
-export class OxyServices extends OxyServicesComposed {
+export class OxyServices extends (OxyServicesComposed as any) {
   constructor(config: OxyConfig) {
     super(config);
   }
 }
 
+// Type augmentation to expose mixin methods to TypeScript
+// This allows proper type checking while avoiding complex mixin type inference
+export interface OxyServices extends InstanceType<ReturnType<typeof composeOxyServices>> {}
+
 // Re-export error classes for convenience
 export { OxyAuthenticationError, OxyAuthenticationTimeoutError };
 
 /**
- * Default Oxy Cloud URL
+ * Export the default Oxy Cloud URL (for backward compatibility)
  */
 export const OXY_CLOUD_URL = 'https://cloud.oxy.so';
 

package/src/core/index.ts

@@ -9,6 +9,10 @@
 export { OxyServices, OxyAuthenticationError, OxyAuthenticationTimeoutError } from './OxyServices';
 export { OXY_CLOUD_URL, oxyClient } from './OxyServices';
 
+// Cross-domain authentication
+export { CrossDomainAuth, createCrossDomainAuth } from './CrossDomainAuth';
+export type { CrossDomainAuthOptions } from './CrossDomainAuth';
+
 // Re-export all models and types for convenience
 export * from '../models/interfaces';
 export * from '../models/session';
@@ -27,4 +31,8 @@ export {
 } from '../utils/languageUtils';
 export type { LanguageMetadata } from '../utils/languageUtils';
 
-// Default export removed (no longer providing backward compatibility default export)
+// Import for default export
+import { OxyServices } from './OxyServices';
+
+// Default export for backward compatibility
+export default OxyServices;

package/src/core/mixins/OxyServices.assets.ts

@@ -168,9 +168,20 @@ export function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>(Base: T
       
       try {
         const formData = new FormData();
-        // In React Native, pass filename as third parameter to avoid read-only name property error
-        // This prevents "Cannot assign to property 'name' which has only a getter" error
-        formData.append('file', file as any, fileName);
+        // Convert File to Blob to avoid read-only 'name' property error in Expo 54
+        // This is a known issue in Expo SDK 52+ where FormData tries to set the read-only 'name' property
+        let fileBlob: Blob;
+        if (file instanceof Blob) {
+          // Already a Blob, use directly
+          fileBlob = file;
+        } else if (typeof (file as any).blob === 'function') {
+          // Use async blob() method if available (Expo 54+ recommended approach)
+          fileBlob = await (file as any).blob();
+        } else {
+          // Fallback: create Blob from File (works in all environments)
+          fileBlob = new Blob([file], { type: (file as any).type || 'application/octet-stream' });
+        }
+        formData.append('file', fileBlob, fileName);
         if (visibility) {
           formData.append('visibility', visibility);
         }