@oxyhq/services 5.17.17 → 5.17.18

package/src/ui/context/hooks/useAuthOperations.ts

@@ -2,10 +2,12 @@ import { useCallback } from 'react';
 import type { ApiError, User } from '../../../models/interfaces';
 import type { AuthState } from '../../stores/authStore';
 import type { ClientSession, SessionLoginResponse } from '../../../models/session';
-import { fetchSessionsWithFallback } from '../../utils/sessionHelpers';
+import { DeviceManager } from '../../../utils/deviceManager';
+import { fetchSessionsWithFallback, mapSessionsToClient } from '../../utils/sessionHelpers';
 import { handleAuthError, isInvalidSessionError } from '../../utils/errorHandlers';
 import type { StorageInterface } from '../../utils/storageHelpers';
 import type { OxyServices } from '../../../core';
+import { SignatureService } from '../../../crypto';
 
 export interface UseAuthOperationsOptions {
   oxyServices: OxyServices;
@@ -20,7 +22,7 @@ export interface UseAuthOperationsOptions {
   applyLanguagePreference: (user: User) => Promise<void>;
   onAuthStateChange?: (user: User | null) => void;
   onError?: (error: ApiError) => void;
-  loginSuccess: () => void;
+  loginSuccess: (user: User) => void;
   loginFailure: (message: string) => void;
   logoutStore: () => void;
   setAuthState: (state: Partial<AuthState>) => void;
@@ -28,15 +30,22 @@ export interface UseAuthOperationsOptions {
 }
 
 export interface UseAuthOperationsResult {
-  completeSignIn: (sessionResponse: SessionLoginResponse) => Promise<User>;
+  /** Sign in with existing public key */
+  signIn: (publicKey: string, deviceName?: string) => Promise<User>;
+  /** Logout from current session */
   logout: (targetSessionId?: string) => Promise<void>;
+  /** Logout from all sessions */
   logoutAll: () => Promise<void>;
 }
 
+const LOGIN_ERROR_CODE = 'LOGIN_ERROR';
 const LOGOUT_ERROR_CODE = 'LOGOUT_ERROR';
 const LOGOUT_ALL_ERROR_CODE = 'LOGOUT_ALL_ERROR';
 
-
+/**
+ * Authentication operations using public key cryptography.
+ * Accepts public key as parameter - identity management is handled by the app layer.
+ */
 export const useAuthOperations = ({
   oxyServices,
   storage,
@@ -57,17 +66,136 @@ export const useAuthOperations = ({
   logger,
 }: UseAuthOperationsOptions): UseAuthOperationsResult => {
   
-  const completeSignIn = useCallback(
-    async (sessionResponse: SessionLoginResponse): Promise<User> => {
-      if (!storage) throw new Error('Storage not initialized');
+  /**
+   * Internal function to perform challenge-response sign in (works offline)
+   */
+  const performSignIn = useCallback(
+    async (publicKey: string): Promise<User> => {
+      const deviceFingerprintObj = DeviceManager.getDeviceFingerprint();
+      const deviceFingerprint = JSON.stringify(deviceFingerprintObj);
+      const deviceInfo = await DeviceManager.getDeviceInfo();
+      const deviceName = deviceInfo.deviceName || DeviceManager.getDefaultDeviceName();
 
-      setAuthState({ isLoading: true, error: null });
+      let challenge: string;
+      let isOffline = false;
 
+      // Try to request challenge from server (online)
       try {
-        oxyServices.setTokens(sessionResponse.accessToken, sessionResponse.refreshToken);
+        const challengeResponse = await oxyServices.requestChallenge(publicKey);
+        challenge = challengeResponse.challenge;
+      } catch (error) {
+        // Network error - generate challenge locally for offline sign-in
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        const isNetworkError = 
+          errorMessage.includes('Network') ||
+          errorMessage.includes('network') ||
+          errorMessage.includes('Failed to fetch') ||
+          errorMessage.includes('fetch failed') ||
+          (error as any)?.code === 'NETWORK_ERROR' ||
+          (error as any)?.status === 0;
+
+        if (isNetworkError) {
+          if (__DEV__ && logger) {
+            logger('Network unavailable, performing offline sign-in');
+          }
+          // Generate challenge locally
+          challenge = await SignatureService.generateChallenge();
+          isOffline = true;
+        } else {
+          // Re-throw non-network errors
+          throw error;
+        }
+      }
+
+      // Note: Biometric authentication check should be handled by the app layer
+      // (e.g., accounts app) before calling signIn. The biometric preference is stored
+      // in local storage as 'oxy_biometric_enabled' and can be checked there.
+
+      // Sign the challenge
+      const { challenge: signature, timestamp } = await SignatureService.signChallenge(challenge);
+
+      let fullUser: User;
+      let sessionResponse: SessionLoginResponse;
+
+      if (isOffline) {
+        // Offline sign-in: create local session and minimal user object
+        if (__DEV__ && logger) {
+          logger('Creating offline session');
+        }
+
+        // Generate a local session ID
+        const localSessionId = `offline_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+        const localDeviceId = `device_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+        const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString(); // 7 days
+
+        // Create minimal user object with publicKey as id
+        fullUser = {
+          id: publicKey, // Use publicKey as id (per migration document)
+          publicKey,
+          username: '',
+          privacySettings: {},
+        } as User;
 
-        const fullUser = await oxyServices.getUserBySession(sessionResponse.sessionId);
+        sessionResponse = {
+          sessionId: localSessionId,
+          deviceId: localDeviceId,
+          expiresAt,
+          user: {
+            id: publicKey,
+            username: '',
+          },
+        };
 
+        // Store offline session locally
+        const offlineSession: ClientSession = {
+          sessionId: localSessionId,
+          deviceId: localDeviceId,
+          expiresAt,
+          lastActive: new Date().toISOString(),
+          userId: publicKey,
+          isCurrent: true,
+        };
+
+        setActiveSessionId(localSessionId);
+        await saveActiveSessionId(localSessionId);
+        updateSessions([offlineSession], { merge: true });
+
+        // Mark session as offline for later sync
+        if (storage) {
+          await storage.setItem(`oxy_session_${localSessionId}_offline`, 'true');
+        }
+
+        if (__DEV__ && logger) {
+          logger('Offline sign-in successful');
+        }
+      } else {
+        // Online sign-in: use normal flow
+        // Verify and create session
+        sessionResponse = await oxyServices.verifyChallenge(
+          publicKey,
+          challenge,
+          signature,
+          timestamp,
+          deviceName,
+          deviceFingerprint,
+        );
+
+        // Get token for the session
+        try {
+          await oxyServices.getTokenBySession(sessionResponse.sessionId);
+        } catch (tokenError: unknown) {
+          const errorMessage = tokenError instanceof Error ? tokenError.message : String(tokenError);
+          const status = (tokenError as any)?.status;
+          if (status === 404 || errorMessage.includes('404')) {
+            throw new Error(`Session was created but token could not be retrieved. Session ID: ${sessionResponse.sessionId.substring(0, 8)}...`);
+          }
+          throw tokenError;
+        }
+
+        // Get full user data
+        fullUser = await oxyServices.getUserBySession(sessionResponse.sessionId);
+
+        // Fetch device sessions
         let allDeviceSessions: ClientSession[] = [];
         try {
           allDeviceSessions = await fetchSessionsWithFallback(oxyServices, sessionResponse.sessionId, {
@@ -76,11 +204,12 @@ export const useAuthOperations = ({
             logger,
           });
         } catch (error) {
-          if (__DEV__) {
-            console.warn('Failed to fetch device sessions after login:', error);
+          if (__DEV__ && logger) {
+            logger('Failed to fetch device sessions after login', error);
           }
         }
 
+        // Check for existing session for same user and switch to it to avoid duplicates
         const existingSession = allDeviceSessions.find(
           (session) =>
             session.userId?.toString() === fullUser.id?.toString() &&
@@ -88,11 +217,13 @@ export const useAuthOperations = ({
         );
 
         if (existingSession) {
+          // Switch to existing session instead of creating duplicate
           try {
             await oxyServices.logoutSession(sessionResponse.sessionId, sessionResponse.sessionId);
           } catch (logoutError) {
-            if (__DEV__) {
-              console.warn('Failed to logout duplicate session:', logoutError);
+            // Non-critical - continue to switch session even if logout fails
+            if (__DEV__ && logger) {
+              logger('Failed to logout duplicate session, continuing with switch', logoutError);
             }
           }
           await switchSession(existingSession.sessionId);
@@ -107,16 +238,41 @@ export const useAuthOperations = ({
         setActiveSessionId(sessionResponse.sessionId);
         await saveActiveSessionId(sessionResponse.sessionId);
         updateSessions(allDeviceSessions, { merge: true });
+      }
 
-        await applyLanguagePreference(fullUser);
-        loginSuccess();
-        onAuthStateChange?.(fullUser);
+      await applyLanguagePreference(fullUser);
+      loginSuccess(fullUser);
+      onAuthStateChange?.(fullUser);
+      
+      return fullUser;
+    },
+    [
+      applyLanguagePreference,
+      logger,
+      loginSuccess,
+      onAuthStateChange,
+      oxyServices,
+      saveActiveSessionId,
+      setActiveSessionId,
+      switchSession,
+      updateSessions,
+      storage,
+    ],
+  );
+
+  /**
+   * Sign in with existing public key
+   */
+  const signIn = useCallback(
+    async (publicKey: string, deviceName?: string): Promise<User> => {
+      setAuthState({ isLoading: true, error: null });
 
-        return fullUser;
+      try {
+        return await performSignIn(publicKey);
       } catch (error) {
         const message = handleAuthError(error, {
           defaultMessage: 'Sign in failed',
-          code: 'COMPLETE_SIGNIN_ERROR',
+          code: LOGIN_ERROR_CODE,
           onError,
           setAuthError: (msg: string) => setAuthState({ error: msg }),
           logger,
@@ -127,24 +283,9 @@ export const useAuthOperations = ({
         setAuthState({ isLoading: false });
       }
     },
-    [
-      storage,
-      setAuthState,
-      oxyServices,
-      logger,
-      saveActiveSessionId,
-      setActiveSessionId,
-      switchSession,
-      updateSessions,
-      applyLanguagePreference,
-      loginSuccess,
-      onAuthStateChange,
-      onError,
-      loginFailure,
-    ],
+    [setAuthState, performSignIn, loginFailure, onError, logger],
   );
 
-
   /**
    * Logout from session
    */
@@ -225,7 +366,7 @@ export const useAuthOperations = ({
   }, [activeSessionId, clearSessionState, logger, onError, oxyServices, setAuthState]);
 
   return {
-    completeSignIn,
+    signIn,
     logout,
     logoutAll,
   };

package/src/ui/context/hooks/useSessionManagement.ts

@@ -0,0 +1,399 @@
+import { useCallback, useMemo, useRef, useState } from 'react';
+import type { ApiError, User } from '../../../models/interfaces';
+import type { ClientSession } from '../../../models/session';
+import { mergeSessions, normalizeAndSortSessions, sessionsArraysEqual } from '../../../utils/sessionUtils';
+import { fetchSessionsWithFallback, mapSessionsToClient, validateSessionBatch } from '../../utils/sessionHelpers';
+import { getStorageKeys, type StorageInterface } from '../../utils/storageHelpers';
+import { handleAuthError, isInvalidSessionError } from '../../utils/errorHandlers';
+import type { OxyServices } from '../../../core';
+import type { QueryClient } from '@tanstack/react-query';
+import { clearQueryCache } from '../../hooks/queryClient';
+
+export interface UseSessionManagementOptions {
+  oxyServices: OxyServices;
+  storage: StorageInterface | null;
+  storageKeyPrefix?: string;
+  loginSuccess: (user: User) => void;
+  logoutStore: () => void;
+  applyLanguagePreference: (user: User) => Promise<void>;
+  onAuthStateChange?: (user: User | null) => void;
+  onError?: (error: ApiError) => void;
+  setAuthError?: (message: string | null) => void;
+  logger?: (message: string, error?: unknown) => void;
+  setTokenReady?: (ready: boolean) => void;
+  queryClient?: QueryClient | null;
+}
+
+export interface UseSessionManagementResult {
+  sessions: ClientSession[];
+  activeSessionId: string | null;
+  setActiveSessionId: (sessionId: string | null) => void;
+  updateSessions: (incoming: ClientSession[], options?: { merge?: boolean }) => void;
+  switchSession: (sessionId: string) => Promise<User>;
+  refreshSessions: (activeUserId?: string) => Promise<void>;
+  clearSessionState: () => Promise<void>;
+  saveActiveSessionId: (sessionId: string) => Promise<void>;
+  trackRemovedSession: (sessionId: string) => void;
+  storageKeys: ReturnType<typeof getStorageKeys>;
+  isRefreshInFlight: boolean;
+}
+
+const DEFAULT_SAVE_ERROR_MESSAGE = 'Failed to save session data';
+const CLEAR_STORAGE_ERROR = 'Failed to clear storage';
+
+/**
+ * Manage session state, persistence, and high-level multi-session operations.
+ *
+ * @param options - Session management configuration
+ */
+export const useSessionManagement = ({
+  oxyServices,
+  storage,
+  storageKeyPrefix,
+  loginSuccess,
+  logoutStore,
+  applyLanguagePreference,
+  onAuthStateChange,
+  onError,
+  setAuthError,
+  logger,
+  setTokenReady,
+  queryClient,
+}: UseSessionManagementOptions): UseSessionManagementResult => {
+  const [sessions, setSessions] = useState<ClientSession[]>([]);
+  const [activeSessionId, setActiveSessionId] = useState<string | null>(null);
+
+  const refreshInFlightRef = useRef<Promise<void> | null>(null);
+  const removedSessionsRef = useRef<Set<string>>(new Set());
+  const lastRefreshRef = useRef<number>(0);
+
+  const storageKeys = useMemo(() => getStorageKeys(storageKeyPrefix), [storageKeyPrefix]);
+
+  const saveSessionIds = useCallback(
+    async (sessionIds: string[]): Promise<void> => {
+      if (!storage) return;
+      try {
+        const uniqueIds = Array.from(new Set(sessionIds));
+        await storage.setItem(storageKeys.sessionIds, JSON.stringify(uniqueIds));
+      } catch (error) {
+        if (logger) {
+          logger(DEFAULT_SAVE_ERROR_MESSAGE, error);
+        } else if (__DEV__) {
+          console.warn('Failed to save session IDs:', error);
+        }
+      }
+    },
+    [logger, storage, storageKeys.sessionIds],
+  );
+
+  const updateSessions = useCallback(
+    (incoming: ClientSession[], options: { merge?: boolean } = {}): void => {
+      setSessions((prevSessions) => {
+        const processed = options.merge
+          ? mergeSessions(prevSessions, incoming, activeSessionId, false)
+          : normalizeAndSortSessions(incoming, activeSessionId, false);
+
+        if (storage) {
+          void saveSessionIds(processed.map((session) => session.sessionId));
+        }
+
+        if (sessionsArraysEqual(prevSessions, processed)) {
+          return prevSessions;
+        }
+        return processed;
+      });
+    },
+    [activeSessionId, saveSessionIds, storage],
+  );
+
+  const saveActiveSessionId = useCallback(
+    async (sessionId: string): Promise<void> => {
+      if (!storage) return;
+      try {
+        await storage.setItem(storageKeys.activeSessionId, sessionId);
+      } catch (error) {
+        handleAuthError(error, {
+          defaultMessage: DEFAULT_SAVE_ERROR_MESSAGE,
+          code: 'SESSION_PERSISTENCE_ERROR',
+          onError,
+          setAuthError,
+          logger,
+        });
+      }
+    },
+    [logger, onError, setAuthError, storage, storageKeys.activeSessionId],
+  );
+
+  const removeActiveSessionId = useCallback(async (): Promise<void> => {
+    if (!storage) return;
+    try {
+      await storage.removeItem(storageKeys.activeSessionId);
+    } catch (error) {
+      handleAuthError(error, {
+        defaultMessage: DEFAULT_SAVE_ERROR_MESSAGE,
+        code: 'SESSION_PERSISTENCE_ERROR',
+        onError,
+        setAuthError,
+        logger,
+      });
+    }
+  }, [logger, onError, setAuthError, storage, storageKeys.activeSessionId]);
+
+  const clearSessionStorage = useCallback(async (): Promise<void> => {
+    if (!storage) return;
+    try {
+      await storage.removeItem(storageKeys.activeSessionId);
+      await storage.removeItem(storageKeys.sessionIds);
+    } catch (error) {
+      handleAuthError(error, {
+        defaultMessage: CLEAR_STORAGE_ERROR,
+        code: 'STORAGE_ERROR',
+        onError,
+        setAuthError,
+        logger,
+      });
+    }
+  }, [logger, onError, setAuthError, storage, storageKeys.activeSessionId, storageKeys.sessionIds]);
+
+  const clearSessionState = useCallback(async (): Promise<void> => {
+    setSessions([]);
+    setActiveSessionId(null);
+    logoutStore();
+    
+    // Clear TanStack Query cache (in-memory)
+    if (queryClient) {
+      queryClient.clear();
+    }
+    
+    // Clear persisted query cache
+    if (storage) {
+      try {
+        await clearQueryCache(storage);
+      } catch (error) {
+        if (logger) {
+          logger('Failed to clear persisted query cache', error);
+        }
+      }
+    }
+    
+    await clearSessionStorage();
+    onAuthStateChange?.(null);
+  }, [clearSessionStorage, logoutStore, onAuthStateChange, queryClient, storage, logger]);
+
+  const activateSession = useCallback(
+    async (sessionId: string, user: User): Promise<void> => {
+      await oxyServices.getTokenBySession(sessionId);
+      setTokenReady?.(true);
+      setActiveSessionId(sessionId);
+      loginSuccess(user);
+      await saveActiveSessionId(sessionId);
+      await applyLanguagePreference(user);
+      onAuthStateChange?.(user);
+    },
+    [
+      applyLanguagePreference,
+      loginSuccess,
+      onAuthStateChange,
+      oxyServices,
+      saveActiveSessionId,
+      setTokenReady,
+    ],
+  );
+
+  const trackRemovedSession = useCallback((sessionId: string) => {
+    removedSessionsRef.current.add(sessionId);
+    setTimeout(() => {
+      removedSessionsRef.current.delete(sessionId);
+    }, 5000);
+  }, []);
+
+  const findReplacementSession = useCallback(
+    async (sessionIds: string[]): Promise<User | null> => {
+      if (!sessionIds.length) {
+        return null;
+      }
+
+      const validationResults = await validateSessionBatch(oxyServices, sessionIds, {
+        maxConcurrency: 3,
+      });
+
+      const validSession = validationResults.find((result) => result.valid);
+      if (!validSession) {
+        return null;
+      }
+
+      const validation = await oxyServices.validateSession(validSession.sessionId, {
+        useHeaderValidation: true,
+      });
+
+      if (!validation?.valid || !validation.user) {
+        return null;
+      }
+
+      const user = validation.user as User;
+      await activateSession(validSession.sessionId, user);
+      return user;
+    },
+    [activateSession, oxyServices],
+  );
+
+  const switchSession = useCallback(
+    async (sessionId: string): Promise<User> => {
+      try {
+        const validation = await oxyServices.validateSession(sessionId, { useHeaderValidation: true });
+        if (!validation?.valid) {
+          throw new Error('Session is invalid or expired');
+        }
+
+        if (!validation.user) {
+          throw new Error('User data not available from session validation');
+        }
+
+        const user = validation.user as User;
+        await activateSession(sessionId, user);
+
+        try {
+          const deviceSessions = await fetchSessionsWithFallback(oxyServices, sessionId, {
+            fallbackUserId: user.id,
+            logger,
+          });
+          updateSessions(deviceSessions, { merge: true });
+        } catch (error) {
+          if (__DEV__) {
+            console.warn('Failed to synchronize sessions after switch:', error);
+          }
+        }
+
+        return user;
+      } catch (error) {
+        const invalidSession = isInvalidSessionError(error);
+
+        if (invalidSession) {
+          updateSessions(sessions.filter((session) => session.sessionId !== sessionId), {
+            merge: false,
+          });
+          if (sessionId === activeSessionId) {
+            const otherSessionIds = sessions
+              .filter(
+                (session) =>
+                  session.sessionId !== sessionId && !removedSessionsRef.current.has(session.sessionId),
+              )
+              .map((session) => session.sessionId);
+
+            const replacementUser = await findReplacementSession(otherSessionIds);
+            if (replacementUser) {
+              return replacementUser;
+            }
+          }
+        }
+
+        handleAuthError(error, {
+          defaultMessage: 'Failed to switch session',
+          code: invalidSession ? 'INVALID_SESSION' : 'SESSION_SWITCH_ERROR',
+          onError,
+          setAuthError,
+          logger,
+        });
+        throw error instanceof Error ? error : new Error('Failed to switch session');
+      }
+    },
+    [
+      activateSession,
+      activeSessionId,
+      findReplacementSession,
+      logger,
+      loginSuccess,
+      onError,
+      oxyServices,
+      sessions,
+      setAuthError,
+      updateSessions,
+    ],
+  );
+
+  const refreshSessions = useCallback(
+    async (activeUserId?: string): Promise<void> => {
+      if (!activeSessionId) return;
+
+      if (refreshInFlightRef.current) {
+        await refreshInFlightRef.current;
+        return;
+      }
+
+      const now = Date.now();
+      if (now - lastRefreshRef.current < 500) {
+        return;
+      }
+      lastRefreshRef.current = now;
+
+      const refreshPromise = (async () => {
+        try {
+          const deviceSessions = await fetchSessionsWithFallback(oxyServices, activeSessionId, {
+            fallbackUserId: activeUserId,
+            logger,
+          });
+          updateSessions(deviceSessions, { merge: true });
+        } catch (error) {
+          if (isInvalidSessionError(error)) {
+            const otherSessions = sessions
+              .filter(
+                (session) =>
+                  session.sessionId !== activeSessionId &&
+                  !removedSessionsRef.current.has(session.sessionId),
+              )
+              .map((session) => session.sessionId);
+
+            const replacementUser = await findReplacementSession(otherSessions);
+            if (!replacementUser) {
+              await clearSessionState();
+            }
+            return;
+          }
+
+          handleAuthError(error, {
+            defaultMessage: 'Failed to refresh sessions',
+            code: 'SESSION_REFRESH_ERROR',
+            onError,
+            setAuthError,
+            logger,
+          });
+        } finally {
+          refreshInFlightRef.current = null;
+          lastRefreshRef.current = Date.now();
+        }
+      })();
+
+      refreshInFlightRef.current = refreshPromise;
+      await refreshPromise;
+    },
+    [
+      activeSessionId,
+      clearSessionState,
+      findReplacementSession,
+      logger,
+      onError,
+      oxyServices,
+      sessions,
+      setAuthError,
+      updateSessions,
+    ],
+  );
+
+  const isRefreshInFlight = Boolean(refreshInFlightRef.current);
+
+  return {
+    sessions,
+    activeSessionId,
+    setActiveSessionId,
+    updateSessions,
+    switchSession,
+    refreshSessions,
+    clearSessionState,
+    saveActiveSessionId,
+    trackRemovedSession,
+    storageKeys,
+    isRefreshInFlight,
+  };
+};
+
+