@oxyhq/services 5.17.3 → 5.17.5

package/src/ui/context/OxyContextBase.tsx

@@ -9,77 +9,77 @@ import type { RouteName } from '../navigation/routes';
 import type { BackupData } from '../../crypto';
 
 export interface OxyContextState {
-  user: User | null;
-  sessions: ClientSession[];
-  activeSessionId: string | null;
-  currentDeviceId: string | null;
-  isAuthenticated: boolean;
-  isLoading: boolean;
-  isTokenReady: boolean;
-  isStorageReady: boolean;
-  error: string | null;
-  currentLanguage: string;
-  currentLanguageMetadata: ReturnType<typeof useLanguageManagement>['metadata'];
-  currentLanguageName: string;
-  currentNativeLanguageName: string;
+    user: User | null;
+    sessions: ClientSession[];
+    activeSessionId: string | null;
+    currentDeviceId: string | null;
+    isAuthenticated: boolean;
+    isLoading: boolean;
+    isTokenReady: boolean;
+    isStorageReady: boolean;
+    error: string | null;
+    currentLanguage: string;
+    currentLanguageMetadata: ReturnType<typeof useLanguageManagement>['metadata'];
+    currentLanguageName: string;
+    currentNativeLanguageName: string;
 
-  // Identity management (public key authentication - offline-first)
-  createIdentity: () => Promise<{ synced: boolean }>;
-  importIdentity: (backupData: BackupData, password: string) => Promise<{ synced: boolean }>;
-  signIn: (deviceName?: string) => Promise<User>;
-  hasIdentity: () => Promise<boolean>;
-  getPublicKey: () => Promise<string | null>;
-  isIdentitySynced: () => Promise<boolean>;
-  syncIdentity: () => Promise<User>;
-  deleteIdentityAndClearAccount: (skipBackup?: boolean, force?: boolean, userConfirmed?: boolean) => Promise<void>;
-  storeTransferCode: (transferId: string, code: string, sourceDeviceId: string | null, publicKey: string) => Promise<void>;
-  getTransferCode: (transferId: string) => { code: string; sourceDeviceId: string | null; publicKey: string; timestamp: number; state: 'pending' | 'completed' | 'failed' } | null;
-  clearTransferCode: (transferId: string) => Promise<void>;
-  getAllPendingTransfers: () => Array<{ transferId: string; data: { code: string; sourceDeviceId: string | null; publicKey: string; timestamp: number; state: 'pending' | 'completed' | 'failed' } }>;
-  getActiveTransferId: () => string | null;
-  updateTransferState: (transferId: string, state: 'pending' | 'completed' | 'failed') => Promise<void>;
+    // Identity management (public key authentication - offline-first)
+    createIdentity: () => Promise<{ synced: boolean }>;
+    importIdentity: (backupData: BackupData, password: string) => Promise<{ synced: boolean }>;
+    signIn: (deviceName?: string) => Promise<User>;
+    hasIdentity: () => Promise<boolean>;
+    getPublicKey: () => Promise<string | null>;
+    isIdentitySynced: () => Promise<boolean>;
+    syncIdentity: () => Promise<User>;
+    deleteIdentityAndClearAccount: (skipBackup?: boolean, force?: boolean, userConfirmed?: boolean) => Promise<void>;
+    storeTransferCode: (transferId: string, code: string, sourceDeviceId: string | null, publicKey: string) => Promise<void>;
+    getTransferCode: (transferId: string) => { code: string; sourceDeviceId: string | null; publicKey: string; timestamp: number; state: 'pending' | 'completed' | 'failed' } | null;
+    clearTransferCode: (transferId: string) => Promise<void>;
+    getAllPendingTransfers: () => Array<{ transferId: string; data: { code: string; sourceDeviceId: string | null; publicKey: string; timestamp: number; state: 'pending' | 'completed' | 'failed' } }>;
+    getActiveTransferId: () => string | null;
+    updateTransferState: (transferId: string, state: 'pending' | 'completed' | 'failed') => Promise<void>;
 
-  // Identity sync state (reactive, from Zustand store)
-  identitySyncState: {
-    isSynced: boolean;
-    isSyncing: boolean;
-  };
+    // Identity sync state (reactive, from Zustand store)
+    identitySyncState: {
+        isSynced: boolean;
+        isSyncing: boolean;
+    };
 
-  // Session management
-  logout: (targetSessionId?: string) => Promise<void>;
-  logoutAll: () => Promise<void>;
-  switchSession: (sessionId: string) => Promise<void>;
-  removeSession: (sessionId: string) => Promise<void>;
-  refreshSessions: () => Promise<void>;
-  setLanguage: (languageId: string) => Promise<void>;
-  getDeviceSessions: () => Promise<
-    Array<{
-      sessionId: string;
-      deviceId: string;
-      deviceName?: string;
-      lastActive?: string;
-      expiresAt?: string;
-    }>
-  >;
-  logoutAllDeviceSessions: () => Promise<void>;
-  updateDeviceName: (deviceName: string) => Promise<void>;
-  clearSessionState: () => Promise<void>;
-  clearAllAccountData: () => Promise<void>;
-  oxyServices: OxyServices;
-  useFollow?: UseFollowHook;
-  showBottomSheet?: (screenOrConfig: RouteName | { screen: RouteName; props?: Record<string, unknown> }) => void;
-  openAvatarPicker: () => void;
+    // Session management
+    logout: (targetSessionId?: string) => Promise<void>;
+    logoutAll: () => Promise<void>;
+    switchSession: (sessionId: string) => Promise<void>;
+    removeSession: (sessionId: string) => Promise<void>;
+    refreshSessions: () => Promise<void>;
+    setLanguage: (languageId: string) => Promise<void>;
+    getDeviceSessions: () => Promise<
+        Array<{
+            sessionId: string;
+            deviceId: string;
+            deviceName?: string;
+            lastActive?: string;
+            expiresAt?: string;
+        }>
+    >;
+    logoutAllDeviceSessions: () => Promise<void>;
+    updateDeviceName: (deviceName: string) => Promise<void>;
+    clearSessionState: () => Promise<void>;
+    clearAllAccountData: () => Promise<void>;
+    oxyServices: OxyServices;
+    useFollow?: UseFollowHook;
+    showBottomSheet?: (screenOrConfig: RouteName | { screen: RouteName; props?: Record<string, unknown> }) => void;
+    openAvatarPicker: () => void;
 }
 
 export const OxyContext = createContext<OxyContextState | null>(null);
 
 export interface OxyContextProviderProps {
-  children: ReactNode;
-  oxyServices?: OxyServices;
-  baseURL?: string;
-  storageKeyPrefix?: string;
-  onAuthStateChange?: (user: User | null) => void;
-  onError?: (error: ApiError) => void;
+    children: ReactNode;
+    oxyServices?: OxyServices;
+    baseURL?: string;
+    storageKeyPrefix?: string;
+    onAuthStateChange?: (user: User | null) => void;
+    onError?: (error: ApiError) => void;
 }
 
 /**
@@ -87,9 +87,9 @@ export interface OxyContextProviderProps {
  * Must be used within an OxyContextProvider.
  */
 export const useOxy = (): OxyContextState => {
-  const context = useContext(OxyContext);
-  if (!context) {
-    throw new Error('useOxy must be used within an OxyContextProvider');
-  }
-  return context;
+    const context = useContext(OxyContext);
+    if (!context) {
+        throw new Error('useOxy must be used within an OxyContextProvider');
+    }
+    return context;
 };

package/src/ui/context/hooks/useAuthOperations.ts

@@ -96,18 +96,18 @@ export const useAuthOperations = ({
       const USER_ID_STORAGE_KEY = 'oxy_user_id';
 
       // Online-only sign-in: require backend availability
-      // First, resolve userId (prefer locally stored value)
+      // First, look up the user by public key to get the correct userId
+      // This ensures we always use the userId that matches the current identity's public key
       let userId: string | null = null;
-      if (storage) {
-        userId = await storage.getItem(USER_ID_STORAGE_KEY);
-      }
-
-      if (!userId) {
-        const userLookup = await oxyServices.getUserByPublicKey(publicKey);
-        userId = userLookup.id;
-        if (storage && userId) {
-          await storage.setItem(USER_ID_STORAGE_KEY, userId).catch(() => {});
-        }
+      
+      // Always verify the userId matches the current public key
+      // This prevents auth failures when identity has changed
+      const userLookup = await oxyServices.getUserByPublicKey(publicKey);
+      userId = userLookup.id;
+      
+      // Update stored userId to match current identity
+      if (storage && userId) {
+        await storage.setItem(USER_ID_STORAGE_KEY, userId).catch(() => {});
       }
       
       const challengeResponse = await oxyServices.requestChallenge(userId);
@@ -126,14 +126,30 @@ export const useAuthOperations = ({
       }
       
       // Verify and create session using userId
-      const sessionResponse = await oxyServices.verifyChallenge(
-        userId,
-        challenge,
-        signature,
-        timestamp,
-        deviceName,
-        deviceFingerprint,
-      );
+      let sessionResponse;
+      try {
+        sessionResponse = await oxyServices.verifyChallenge(
+          userId,
+          challenge,
+          signature,
+          timestamp,
+          deviceName,
+          deviceFingerprint,
+        );
+      } catch (verifyError) {
+        // Add detailed logging for 401 errors to help diagnose auth failures
+        if (__DEV__) {
+          console.error('[useAuthOperations] verifyChallenge failed:', {
+            error: verifyError,
+            userId,
+            challengeLength: challenge?.length,
+            signatureLength: signature?.length,
+            timestamp,
+            timeSinceChallenge: Date.now() - timestamp,
+          });
+        }
+        throw verifyError;
+      }
 
       // Store tokens immediately (no extra round-trip)
       oxyServices.setTokens(sessionResponse.accessToken, sessionResponse.refreshToken);

package/src/ui/hooks/useSessionSocket.ts

@@ -63,6 +63,21 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
       return;
     }
 
+    // IMPORTANT: If userId is set but we have no token, defer socket creation
+    // This prevents socket reconnection race condition during auth flow
+    // (e.g., when userId changes but tokens aren't set yet in transfer flow)
+    const freshToken = getAccessTokenRef.current();
+    if (!freshToken) {
+      logger.debug('Deferring socket creation - no access token available yet', { component: 'useSessionSocket', userId });
+      // Disconnect existing socket if it exists but we have no token
+      if (socketRef.current) {
+        socketRef.current.disconnect();
+        socketRef.current = null;
+        joinedRoomRef.current = null;
+      }
+      return;
+    }
+
     // Initialize socket with token refresh
     const initializeSocket = async () => {
       try {
@@ -96,6 +111,8 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
           };
         } else {
           logger.debug('No access token available for socket authentication', { component: 'useSessionSocket', userId });
+          // Defer socket creation if token is still missing
+          return;
         }
         
         socketRef.current = io(baseURL, socketOptions);