@oxyhq/services 5.17.5 → 5.17.8

package/src/ui/context/OxyContextBase.tsx

@@ -23,27 +23,9 @@ export interface OxyContextState {
     currentLanguageName: string;
     currentNativeLanguageName: string;
 
-    // Identity management (public key authentication - offline-first)
-    createIdentity: () => Promise<{ synced: boolean }>;
-    importIdentity: (backupData: BackupData, password: string) => Promise<{ synced: boolean }>;
+    // Authentication (Services SDK only handles tokens/sessions, NOT identity)
+    // Identity management (createIdentity, importIdentity, etc.) belongs in Accounts app
     signIn: (deviceName?: string) => Promise<User>;
-    hasIdentity: () => Promise<boolean>;
-    getPublicKey: () => Promise<string | null>;
-    isIdentitySynced: () => Promise<boolean>;
-    syncIdentity: () => Promise<User>;
-    deleteIdentityAndClearAccount: (skipBackup?: boolean, force?: boolean, userConfirmed?: boolean) => Promise<void>;
-    storeTransferCode: (transferId: string, code: string, sourceDeviceId: string | null, publicKey: string) => Promise<void>;
-    getTransferCode: (transferId: string) => { code: string; sourceDeviceId: string | null; publicKey: string; timestamp: number; state: 'pending' | 'completed' | 'failed' } | null;
-    clearTransferCode: (transferId: string) => Promise<void>;
-    getAllPendingTransfers: () => Array<{ transferId: string; data: { code: string; sourceDeviceId: string | null; publicKey: string; timestamp: number; state: 'pending' | 'completed' | 'failed' } }>;
-    getActiveTransferId: () => string | null;
-    updateTransferState: (transferId: string, state: 'pending' | 'completed' | 'failed') => Promise<void>;
-
-    // Identity sync state (reactive, from Zustand store)
-    identitySyncState: {
-        isSynced: boolean;
-        isSyncing: boolean;
-    };
 
     // Session management
     logout: (targetSessionId?: string) => Promise<void>;

package/src/ui/context/hooks/useAuthOperations.ts

@@ -1,13 +1,13 @@
 import { useCallback } from 'react';
 import type { ApiError, User } from '../../../models/interfaces';
 import type { AuthState } from '../../stores/authStore';
-import type { ClientSession, SessionLoginResponse } from '../../../models/session';
+import type { ClientSession } from '../../../models/session';
 import { DeviceManager } from '../../../utils/deviceManager';
-import { fetchSessionsWithFallback, mapSessionsToClient } from '../../utils/sessionHelpers';
+import { fetchSessionsWithFallback } from '../../utils/sessionHelpers';
 import { handleAuthError, isInvalidSessionError } from '../../utils/errorHandlers';
 import type { StorageInterface } from '../../utils/storageHelpers';
 import type { OxyServices } from '../../../core';
-import { KeyManager, SignatureService, type BackupData } from '../../../crypto';
+import { KeyManager, SignatureService } from '../../../crypto';
 
 export interface UseAuthOperationsOptions {
   oxyServices: OxyServices;
@@ -26,38 +26,23 @@ export interface UseAuthOperationsOptions {
   loginFailure: (message: string) => void;
   logoutStore: () => void;
   setAuthState: (state: Partial<AuthState>) => void;
-  // Identity sync store actions
-  setIdentitySynced: (synced: boolean) => void;
-  setSyncing: (syncing: boolean) => void;
   logger?: (message: string, error?: unknown) => void;
 }
 
 export interface UseAuthOperationsResult {
-  /** Create a new identity locally (offline-first) and optionally sync with server */
-  createIdentity: () => Promise<{ synced: boolean }>;
-  /** Import an existing identity from backup file data */
-  importIdentity: (backupData: BackupData, password: string) => Promise<{ synced: boolean }>;
   /** Sign in with existing identity on device */
   signIn: (deviceName?: string) => Promise<User>;
   /** Logout from current session */
   logout: (targetSessionId?: string) => Promise<void>;
   /** Logout from all sessions */
   logoutAll: () => Promise<void>;
-  /** Check if device has an identity stored */
-  hasIdentity: () => Promise<boolean>;
-  /** Get the public key of the stored identity */
-  getPublicKey: () => Promise<string | null>;
-  /** Check if identity is synced with server */
-  isIdentitySynced: () => Promise<boolean>;
-  /** Sync local identity with server (when online) */
-  syncIdentity: () => Promise<User>;
 }
 
 const LOGIN_ERROR_CODE = 'LOGIN_ERROR';
-const REGISTER_ERROR_CODE = 'REGISTER_ERROR';
 const LOGOUT_ERROR_CODE = 'LOGOUT_ERROR';
 const LOGOUT_ALL_ERROR_CODE = 'LOGOUT_ALL_ERROR';
 
+
 /**
  * Authentication operations using public key cryptography.
  * No passwords required - identity is based on ECDSA key pairs.
@@ -78,54 +63,33 @@ export const useAuthOperations = ({
   loginSuccess,
   loginFailure,
   logoutStore,
-    setAuthState,
-    setIdentitySynced,
-    setSyncing,
-    logger,
+  setAuthState,
+  logger,
 }: UseAuthOperationsOptions): UseAuthOperationsResult => {
   
   /**
-   * Internal function to perform challenge-response sign in (works offline)
+   * Internal function to perform challenge-response sign in
    */
   const performSignIn = useCallback(
-    async (publicKey: string): Promise<User> => {
+    async (publicKey: string, deviceName?: string): Promise<User> => {
       const deviceFingerprintObj = DeviceManager.getDeviceFingerprint();
       const deviceFingerprint = JSON.stringify(deviceFingerprintObj);
       const deviceInfo = await DeviceManager.getDeviceInfo();
-      const deviceName = deviceInfo.deviceName || DeviceManager.getDefaultDeviceName();
-      const USER_ID_STORAGE_KEY = 'oxy_user_id';
-
-      // Online-only sign-in: require backend availability
-      // First, look up the user by public key to get the correct userId
-      // This ensures we always use the userId that matches the current identity's public key
-      let userId: string | null = null;
-      
-      // Always verify the userId matches the current public key
-      // This prevents auth failures when identity has changed
+      const defaultDeviceName = deviceInfo.deviceName || DeviceManager.getDefaultDeviceName();
+      const finalDeviceName = deviceName || defaultDeviceName;
+
+      // Look up user by public key
       const userLookup = await oxyServices.getUserByPublicKey(publicKey);
-      userId = userLookup.id;
-      
-      // Update stored userId to match current identity
-      if (storage && userId) {
-        await storage.setItem(USER_ID_STORAGE_KEY, userId).catch(() => {});
-      }
-      
+      const userId = userLookup.id;
+
+      // Request challenge
       const challengeResponse = await oxyServices.requestChallenge(userId);
       const challenge = challengeResponse.challenge;
 
-      // Note: Biometric authentication check should be handled by the app layer
-      // (e.g., accounts app) before calling signIn. The biometric preference is stored
-      // in local storage as 'oxy_biometric_enabled' and can be checked there.
-
       // Sign the challenge
       const { challenge: signature, timestamp } = await SignatureService.signChallenge(challenge);
 
-      // Online sign-in: use normal flow
-      if (!userId) {
-        throw new Error('User ID not found');
-      }
-      
-      // Verify and create session using userId
+      // Verify and create session
       let sessionResponse;
       try {
         sessionResponse = await oxyServices.verifyChallenge(
@@ -133,11 +97,10 @@ export const useAuthOperations = ({
           challenge,
           signature,
           timestamp,
-          deviceName,
+          finalDeviceName,
           deviceFingerprint,
         );
       } catch (verifyError) {
-        // Add detailed logging for 401 errors to help diagnose auth failures
         if (__DEV__) {
           console.error('[useAuthOperations] verifyChallenge failed:', {
             error: verifyError,
@@ -151,24 +114,11 @@ export const useAuthOperations = ({
         throw verifyError;
       }
 
-      // Store tokens immediately (no extra round-trip)
+      // Store tokens
       oxyServices.setTokens(sessionResponse.accessToken, sessionResponse.refreshToken);
 
       // Get full user data
       const fullUser = await oxyServices.getUserBySession(sessionResponse.sessionId);
-      
-      // IMPORTANT: user.id should be MongoDB ObjectId, not publicKey
-      // The API should return the correct id (ObjectId) from the database
-      // If it doesn't, we need to fix the API, not work around it here
-      // Validate that id is ObjectId format (24 hex characters)
-      if (fullUser.id && !/^[0-9a-fA-F]{24}$/.test(fullUser.id)) {
-        console.warn('[useAuthOperations] User.id is not MongoDB ObjectId format:', {
-          id: fullUser.id.substring(0, 20),
-          publicKey: fullUser.publicKey.substring(0, 20),
-          message: 'API should return MongoDB ObjectId as user.id, not publicKey'
-        });
-        // Don't override - let the API fix this issue
-      }
 
       // Fetch device sessions
       let allDeviceSessions: ClientSession[] = [];
@@ -214,13 +164,9 @@ export const useAuthOperations = ({
       updateSessions(allDeviceSessions, { merge: true });
 
       await applyLanguagePreference(fullUser);
-      loginSuccess(); // Services never caches profile - only tokens
+      loginSuccess();
       onAuthStateChange?.(fullUser);
-      if (storage) {
-        await storage.setItem('oxy_identity_synced', 'true').catch(() => {});
-      }
-      setIdentitySynced(true);
-      
+
       return fullUser;
     },
     [
@@ -231,263 +177,11 @@ export const useAuthOperations = ({
       oxyServices,
       saveActiveSessionId,
       setActiveSessionId,
-      setIdentitySynced,
       switchSession,
       updateSessions,
-      storage,
     ],
   );
 
-  /**
-   * Create a new identity (offline-first)
-   * Identity is purely cryptographic - no username or email required
-   */
-  const createIdentity = useCallback(
-    async (): Promise<{ synced: boolean }> => {
-      if (!storage) throw new Error('Storage not initialized');
-
-      setAuthState({ isLoading: true, error: null });
-
-      try {
-        // Generate new key pair directly (works offline)
-        const { publicKey, privateKey } = await KeyManager.generateKeyPair();
-        await KeyManager.importKeyPair(privateKey);
-
-        // Mark as not synced
-        // Note: createIdentity only creates the key locally (offline-first)
-        // Registration with server (registerIdentity) must be done by the app (Accounts) with profile data
-        await storage.setItem('oxy_identity_synced', 'false');
-        setIdentitySynced(false);
-
-        return {
-          synced: false, // Always false - registration must be done separately by Accounts app
-        };
-      } catch (error) {
-        // CRITICAL: Never delete identity on error - it may have been successfully created
-        // Only log the error and let the user recover using their backup file
-        // Identity deletion should ONLY happen when explicitly requested by the user
-        if (__DEV__ && logger) {
-          logger('Error during identity creation (identity may still exist):', error);
-        }
-        
-        // Check if identity was actually created (keys exist)
-        const hasIdentity = await KeyManager.hasIdentity().catch(() => false);
-        if (hasIdentity) {
-          // Identity exists - don't delete it! Just mark as not synced
-          await storage.setItem('oxy_identity_synced', 'false').catch(() => {});
-          setIdentitySynced(false);
-          if (__DEV__ && logger) {
-            logger('Identity was created but sync failed - user can sync later using backup file');
-          }
-        } else {
-          // No identity exists - this was a generation failure, safe to clean up sync flag
-          await storage.removeItem('oxy_identity_synced').catch(() => {});
-          setIdentitySynced(false);
-        }
-        
-        const message = handleAuthError(error, {
-          defaultMessage: 'Failed to create identity',
-          code: REGISTER_ERROR_CODE,
-          onError,
-          setAuthError: (msg: string) => setAuthState({ error: msg }),
-          logger,
-        });
-        loginFailure(message);
-        throw error;
-      } finally {
-        setAuthState({ isLoading: false });
-      }
-    },
-    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced],
-  );
-
-  /**
-   * Check if identity is synced with server (reads from storage for persistence)
-   */
-  const isIdentitySyncedFn = useCallback(async (): Promise<boolean> => {
-    if (!storage) return true;
-    const synced = await storage.getItem('oxy_identity_synced');
-    const isSynced = synced !== 'false';
-    setIdentitySynced(isSynced);
-    return isSynced;
-  }, [storage, setIdentitySynced]);
-
-  /**
-   * Sync local identity with server (call when online)
-   * TanStack Query handles offline mutations automatically
-   */
-  const syncIdentity = useCallback(
-    async (): Promise<User> => {
-      if (!storage) throw new Error('Storage not initialized');
-
-      setAuthState({ isLoading: true, error: null });
-      setSyncing(true);
-
-      try {
-        const publicKey = await KeyManager.getPublicKey();
-        if (!publicKey) {
-          throw new Error('No identity found on this device');
-        }
-
-        // Check if already synced
-        const alreadySynced = await storage.getItem('oxy_identity_synced');
-        if (alreadySynced === 'true') {
-          setIdentitySynced(true);
-          return await performSignIn(publicKey);
-        }
-
-        // Check if already registered on server
-        const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
-
-        if (!registered) {
-          // Identity is not registered - registration must be done by Accounts app with profile data
-          // syncIdentity only syncs already-registered identities
-          throw new Error('Identity is not registered. Please register your identity first using the Accounts app.');
-        }
-
-        // Mark as synced (Zustand store + storage)
-        await storage.setItem('oxy_identity_synced', 'true');
-        setIdentitySynced(true);
-
-        // Sign in (Services never caches profile - only tokens)
-        const user = await performSignIn(publicKey);
-
-        // Check if user has username - required for syncing
-        if (!user.username) {
-          const usernameError = new Error('USERNAME_REQUIRED');
-          (usernameError as any).code = 'USERNAME_REQUIRED';
-          throw usernameError;
-        }
-
-        // TanStack Query will automatically retry any pending mutations
-
-        return user;
-      } catch (error) {
-        const message = handleAuthError(error, {
-          defaultMessage: 'Failed to sync identity',
-          code: REGISTER_ERROR_CODE,
-          onError,
-          setAuthError: (msg: string) => setAuthState({ error: msg }),
-          logger,
-        });
-        loginFailure(message);
-        throw error;
-      } finally {
-        setAuthState({ isLoading: false });
-        setSyncing(false);
-      }
-    },
-    [oxyServices, storage, setAuthState, performSignIn, loginFailure, onError, logger, setSyncing, setIdentitySynced],
-  );
-
-  /**
-   * Import identity from backup file data (offline-first)
-   */
-  const importIdentity = useCallback(
-    async (backupData: BackupData, password: string): Promise<{ synced: boolean }> => {
-      if (!storage) throw new Error('Storage not initialized');
-
-      // Validate arguments - ensure backupData is an object, not a string (old signature)
-      if (!backupData || typeof backupData !== 'object' || Array.isArray(backupData)) {
-        throw new Error('Invalid backup data. Please use the backup file import feature.');
-      }
-
-      if (!backupData.encrypted || !backupData.salt || !backupData.iv || !backupData.publicKey) {
-        throw new Error('Invalid backup data structure. Missing required fields.');
-      }
-
-      if (!password || typeof password !== 'string') {
-        throw new Error('Password is required for backup file import.');
-      }
-
-      setAuthState({ isLoading: true, error: null });
-
-      try {
-        // Decrypt private key from backup data
-        const Crypto = await import('expo-crypto');
-        
-        // Convert hex strings to Uint8Array
-        const saltBytes = new Uint8Array(
-          backupData.salt.match(/.{1,2}/g)?.map(byte => parseInt(byte, 16)) || []
-        );
-        const ivBytes = new Uint8Array(
-          backupData.iv.match(/.{1,2}/g)?.map(byte => parseInt(byte, 16)) || []
-        );
-
-        // Derive key from password (same algorithm as EncryptedBackupGenerator)
-        const saltHex = Array.from(saltBytes).map(b => b.toString(16).padStart(2, '0')).join('');
-        let key = password + saltHex;
-        for (let i = 0; i < 10000; i++) {
-          key = await Crypto.digestStringAsync(
-            Crypto.CryptoDigestAlgorithm.SHA256,
-            key
-          );
-        }
-        const keyBytes = new Uint8Array(32);
-        for (let i = 0; i < 64 && i < key.length; i += 2) {
-          keyBytes[i / 2] = parseInt(key.substring(i, i + 2), 16);
-        }
-
-        // Decrypt private key (XOR decryption - same as encryption)
-        const encryptedBytes = Buffer.from(backupData.encrypted, 'base64');
-        const decryptedBytes = new Uint8Array(encryptedBytes.length);
-        for (let i = 0; i < encryptedBytes.length; i++) {
-          decryptedBytes[i] = encryptedBytes[i] ^ keyBytes[i % keyBytes.length] ^ ivBytes[i % ivBytes.length];
-        }
-        const privateKey = new TextDecoder().decode(decryptedBytes);
-
-        // Import the key pair
-        const publicKey = await KeyManager.importKeyPair(privateKey);
-
-        // Verify public key matches
-        if (publicKey !== backupData.publicKey) {
-          throw new Error('Backup file is corrupted or password is incorrect');
-        }
-
-        // Mark as not synced
-        await storage.setItem('oxy_identity_synced', 'false');
-        setIdentitySynced(false);
-
-        // Try to sync with server
-        try {
-          // Check if this identity is already registered
-          const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
-
-          if (registered) {
-            // Identity exists, mark as synced
-            await storage.setItem('oxy_identity_synced', 'true');
-            setIdentitySynced(true);
-            return { synced: true };
-          } else {
-            // Identity is not registered - registration must be done by Accounts app with profile data
-            // importIdentity only imports already-registered identities
-            await storage.setItem('oxy_identity_synced', 'false');
-            setIdentitySynced(false);
-            return { synced: false };
-          }
-        } catch (syncError) {
-          // Offline - identity restored locally but not synced
-          if (__DEV__) {
-            console.log('[Auth] Identity imported locally, will sync when online:', syncError);
-          }
-          return { synced: false };
-        }
-      } catch (error) {
-        const message = handleAuthError(error, {
-          defaultMessage: 'Failed to import identity. Please check your password and backup file.',
-          code: REGISTER_ERROR_CODE,
-          onError,
-          setAuthError: (msg: string) => setAuthState({ error: msg }),
-          logger,
-        });
-        loginFailure(message);
-        throw error;
-      } finally {
-        setAuthState({ isLoading: false });
-      }
-    },
-    [oxyServices, storage, setAuthState, loginFailure, onError, logger, setIdentitySynced],
-  );
 
   /**
    * Sign in with existing identity on device
@@ -511,7 +205,7 @@ export const useAuthOperations = ({
           throw new Error('Identity is not registered. Please register your identity in the Accounts app before signing in.');
         }
 
-        return await performSignIn(publicKey);
+        return await performSignIn(publicKey, deviceName);
       } catch (error) {
         const message = handleAuthError(error, {
           defaultMessage: 'Sign in failed',
@@ -529,6 +223,7 @@ export const useAuthOperations = ({
     [storage, setAuthState, performSignIn, loginFailure, onError, logger, oxyServices],
   );
 
+
   /**
    * Logout from session
    */
@@ -608,29 +303,9 @@ export const useAuthOperations = ({
     }
   }, [activeSessionId, clearSessionState, logger, onError, oxyServices, setAuthState]);
 
-  /**
-   * Check if device has an identity stored
-   */
-  const hasIdentity = useCallback(async (): Promise<boolean> => {
-    return KeyManager.hasIdentity();
-  }, []);
-
-  /**
-   * Get the public key of the stored identity
-   */
-  const getPublicKey = useCallback(async (): Promise<string | null> => {
-    return KeyManager.getPublicKey();
-  }, []);
-
   return {
-    createIdentity,
-    importIdentity,
     signIn,
     logout,
     logoutAll,
-    hasIdentity,
-    getPublicKey,
-    isIdentitySynced: isIdentitySyncedFn,
-    syncIdentity,
   };
 };