@oxyhq/services 5.17.8 → 5.17.10

package/src/ui/context/OxyContext.tsx

@@ -41,7 +41,6 @@ import {
   type OxyContextProviderProps,
 } from './OxyContextBase';
 
-// Re-export for backwards compatibility
 export { OxyContext, useOxy, type OxyContextState, type OxyContextProviderProps };
 
 let cachedUseFollowHook: UseFollowHook | null = null;
@@ -98,16 +97,20 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
   const {
     isAuthenticated,
+    isOnline,
     isLoading,
     error,
+    setOnline,
     loginSuccess,
     loginFailure,
     logoutStore,
   } = useAuthStore(
     useShallow((state: AuthState) => ({
       isAuthenticated: state.isAuthenticated,
+      isOnline: state.isOnline,
       isLoading: state.isLoading,
       error: state.error,
+      setOnline: state.setOnline,
       loginSuccess: state.loginSuccess,
       loginFailure: state.loginFailure,
       logoutStore: state.logout,
@@ -132,9 +135,6 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
   const { storage, isReady: isStorageReady } = useStorage({ onError, logger });
 
-  // Offline queuing is now handled by TanStack Query mutations
-  // No need for custom offline queue
-
   const {
     currentLanguage,
     metadata: currentLanguageMetadata,
@@ -176,10 +176,6 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     queryClient,
   });
 
-  // Get current user from query (no persistent cache - always fetch fresh)
-  // Services never caches profile - always fetch from backend
-  // Note: We use useQuery directly here instead of useCurrentUser to avoid
-  // circular dependency (useCurrentUser calls useOxy, but we're inside the provider)
   const { data: userData } = useQuery({
     queryKey: queryKeys.accounts.current(),
     queryFn: async () => {
@@ -189,14 +185,14 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
       return await oxyServices.getUserBySession(activeSessionId);
     },
     enabled: isAuthenticated && !!activeSessionId && tokenReady,
-    staleTime: 0, // Always fetch fresh - Services never caches profile
-    gcTime: 0, // No garbage collection time - always fetch fresh
-    retry: false, // Don't retry on 401 - session is invalid
+    staleTime: 0,
+    gcTime: 0,
+    retry: false,
   });
   const user = userData ?? null;
 
   const {
-    signIn,
+    completeSignIn,
     logout,
     logoutAll,
   } = useAuthOperations({
@@ -219,13 +215,9 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     logger,
   });
 
-  // Clear all account data when logging out (for accounts app)
-  // In accounts app, identity = account, so losing identity means losing everything
   const clearAllAccountData = useCallback(async (): Promise<void> => {
-    // Clear TanStack Query cache (in-memory)
     queryClient.clear();
 
-    // Clear persisted query cache
     if (storage) {
       try {
         await clearQueryCache(storage);
@@ -234,18 +226,13 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
       }
     }
 
-    // Clear session state (sessions, activeSessionId, storage)
     await clearSessionState();
 
-    // Reset account store
     useAccountStore.getState().reset();
 
-    // Clear HTTP service cache
     oxyServices.clearCache();
   }, [queryClient, storage, clearSessionState, logger, oxyServices]);
 
-  // Network reconnect - TanStack Query automatically retries mutations on reconnect
-  // Network reconnect - TanStack Query automatically retries mutations on reconnect
   useEffect(() => {
     if (!storage) return;
 
@@ -268,14 +255,22 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
 
         // If we were offline and now we're online
         if (wasOffline) {
-          logger('Network reconnected');
+          logger('Network reconnected - setting online state');
+          setOnline(true);
           // TanStack Query will automatically retry pending mutations
+          // Session management will handle token refresh if needed
           wasOffline = false;
+        } else {
+          // We're online and were already online
+          setOnline(true);
         }
       } catch (error) {
         // Network check failed - we're offline
-        if (!wasOffline && __DEV__) {
-          logger('Network appears offline');
+        if (!wasOffline) {
+          if (__DEV__) {
+            logger('Network appears offline - suspending authentication');
+          }
+          setOnline(false); // This will set isAuthenticated to false
         }
         wasOffline = true;
       } finally {
@@ -291,7 +286,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
         clearTimeout(checkTimeout);
       }
     };
-  }, [oxyServices, storage, logger]);
+  }, [oxyServices, storage, logger, setOnline]);
 
   const { getDeviceSessions, logoutAllDeviceSessions, updateDeviceName } = useDeviceManagement({
     oxyServices,
@@ -503,7 +498,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
     currentLanguageMetadata,
     currentLanguageName,
     currentNativeLanguageName,
-    signIn,
+    completeSignIn,
     logout,
     logoutAll,
     switchSession: switchSessionForContext,
@@ -522,7 +517,7 @@ export const OxyProvider: React.FC<OxyContextProviderProps> = ({
   }), [
     activeSessionId,
     currentDeviceId,
-    signIn,
+    completeSignIn,
     currentLanguage,
     currentLanguageMetadata,
     currentLanguageName,

package/src/ui/context/OxyContextBase.tsx

@@ -2,11 +2,10 @@ import { createContext, useContext } from 'react';
 import type { ReactNode } from 'react';
 import type { OxyServices } from '../../core';
 import type { User, ApiError } from '../../models/interfaces';
-import type { ClientSession } from '../../models/session';
+import type { ClientSession, SessionLoginResponse } from '../../models/session';
 import type { UseFollowHook } from '../hooks/useFollow.types';
 import type { useLanguageManagement } from '../hooks/useLanguageManagement';
 import type { RouteName } from '../navigation/routes';
-import type { BackupData } from '../../crypto';
 
 export interface OxyContextState {
     user: User | null;
@@ -24,8 +23,9 @@ export interface OxyContextState {
     currentNativeLanguageName: string;
 
     // Authentication (Services SDK only handles tokens/sessions, NOT identity)
-    // Identity management (createIdentity, importIdentity, etc.) belongs in Accounts app
-    signIn: (deviceName?: string) => Promise<User>;
+    // Identity management (KeyManager, SignatureService, challenge signing) belongs ONLY in Accounts app
+    // completeSignIn accepts already-verified session data from Accounts app
+    completeSignIn: (sessionResponse: SessionLoginResponse) => Promise<User>;
 
     // Session management
     logout: (targetSessionId?: string) => Promise<void>;

package/src/ui/context/hooks/useAuthOperations.ts

@@ -1,13 +1,11 @@
 import { useCallback } from 'react';
 import type { ApiError, User } from '../../../models/interfaces';
 import type { AuthState } from '../../stores/authStore';
-import type { ClientSession } from '../../../models/session';
-import { DeviceManager } from '../../../utils/deviceManager';
+import type { ClientSession, SessionLoginResponse } from '../../../models/session';
 import { fetchSessionsWithFallback } from '../../utils/sessionHelpers';
 import { handleAuthError, isInvalidSessionError } from '../../utils/errorHandlers';
 import type { StorageInterface } from '../../utils/storageHelpers';
 import type { OxyServices } from '../../../core';
-import { KeyManager, SignatureService } from '../../../crypto';
 
 export interface UseAuthOperationsOptions {
   oxyServices: OxyServices;
@@ -30,23 +28,15 @@ export interface UseAuthOperationsOptions {
 }
 
 export interface UseAuthOperationsResult {
-  /** Sign in with existing identity on device */
-  signIn: (deviceName?: string) => Promise<User>;
-  /** Logout from current session */
+  completeSignIn: (sessionResponse: SessionLoginResponse) => Promise<User>;
   logout: (targetSessionId?: string) => Promise<void>;
-  /** Logout from all sessions */
   logoutAll: () => Promise<void>;
 }
 
-const LOGIN_ERROR_CODE = 'LOGIN_ERROR';
 const LOGOUT_ERROR_CODE = 'LOGOUT_ERROR';
 const LOGOUT_ALL_ERROR_CODE = 'LOGOUT_ALL_ERROR';
 
 
-/**
- * Authentication operations using public key cryptography.
- * No passwords required - identity is based on ECDSA key pairs.
- */
 export const useAuthOperations = ({
   oxyServices,
   storage,
@@ -67,149 +57,66 @@ export const useAuthOperations = ({
   logger,
 }: UseAuthOperationsOptions): UseAuthOperationsResult => {
   
-  /**
-   * Internal function to perform challenge-response sign in
-   */
-  const performSignIn = useCallback(
-    async (publicKey: string, deviceName?: string): Promise<User> => {
-      const deviceFingerprintObj = DeviceManager.getDeviceFingerprint();
-      const deviceFingerprint = JSON.stringify(deviceFingerprintObj);
-      const deviceInfo = await DeviceManager.getDeviceInfo();
-      const defaultDeviceName = deviceInfo.deviceName || DeviceManager.getDefaultDeviceName();
-      const finalDeviceName = deviceName || defaultDeviceName;
-
-      // Look up user by public key
-      const userLookup = await oxyServices.getUserByPublicKey(publicKey);
-      const userId = userLookup.id;
-
-      // Request challenge
-      const challengeResponse = await oxyServices.requestChallenge(userId);
-      const challenge = challengeResponse.challenge;
+  const completeSignIn = useCallback(
+    async (sessionResponse: SessionLoginResponse): Promise<User> => {
+      if (!storage) throw new Error('Storage not initialized');
 
-      // Sign the challenge
-      const { challenge: signature, timestamp } = await SignatureService.signChallenge(challenge);
+      setAuthState({ isLoading: true, error: null });
 
-      // Verify and create session
-      let sessionResponse;
       try {
-        sessionResponse = await oxyServices.verifyChallenge(
-          userId,
-          challenge,
-          signature,
-          timestamp,
-          finalDeviceName,
-          deviceFingerprint,
-        );
-      } catch (verifyError) {
-        if (__DEV__) {
-          console.error('[useAuthOperations] verifyChallenge failed:', {
-            error: verifyError,
-            userId,
-            challengeLength: challenge?.length,
-            signatureLength: signature?.length,
-            timestamp,
-            timeSinceChallenge: Date.now() - timestamp,
-          });
-        }
-        throw verifyError;
-      }
-
-      // Store tokens
-      oxyServices.setTokens(sessionResponse.accessToken, sessionResponse.refreshToken);
+        oxyServices.setTokens(sessionResponse.accessToken, sessionResponse.refreshToken);
 
-      // Get full user data
-      const fullUser = await oxyServices.getUserBySession(sessionResponse.sessionId);
+        const fullUser = await oxyServices.getUserBySession(sessionResponse.sessionId);
 
-      // Fetch device sessions
-      let allDeviceSessions: ClientSession[] = [];
-      try {
-        allDeviceSessions = await fetchSessionsWithFallback(oxyServices, sessionResponse.sessionId, {
-          fallbackDeviceId: sessionResponse.deviceId,
-          fallbackUserId: fullUser.id,
-          logger,
-        });
-      } catch (error) {
-        if (__DEV__) {
-          console.warn('Failed to fetch device sessions after login:', error);
-        }
-      }
-
-      // Check for existing session for same user
-      const existingSession = allDeviceSessions.find(
-        (session) =>
-          session.userId?.toString() === fullUser.id?.toString() &&
-          session.sessionId !== sessionResponse.sessionId,
-      );
-
-      if (existingSession) {
-        // Logout duplicate session
+        let allDeviceSessions: ClientSession[] = [];
         try {
-          await oxyServices.logoutSession(sessionResponse.sessionId, sessionResponse.sessionId);
-        } catch (logoutError) {
+          allDeviceSessions = await fetchSessionsWithFallback(oxyServices, sessionResponse.sessionId, {
+            fallbackDeviceId: sessionResponse.deviceId,
+            fallbackUserId: fullUser.id,
+            logger,
+          });
+        } catch (error) {
           if (__DEV__) {
-            console.warn('Failed to logout duplicate session:', logoutError);
+            console.warn('Failed to fetch device sessions after login:', error);
           }
         }
-        await switchSession(existingSession.sessionId);
-        updateSessions(
-          allDeviceSessions.filter((session) => session.sessionId !== sessionResponse.sessionId),
-          { merge: false },
-        );
-        onAuthStateChange?.(fullUser);
-        return fullUser;
-      }
-
-      setActiveSessionId(sessionResponse.sessionId);
-      await saveActiveSessionId(sessionResponse.sessionId);
-      updateSessions(allDeviceSessions, { merge: true });
-
-      await applyLanguagePreference(fullUser);
-      loginSuccess();
-      onAuthStateChange?.(fullUser);
-
-      return fullUser;
-    },
-    [
-      applyLanguagePreference,
-      logger,
-      loginSuccess,
-      onAuthStateChange,
-      oxyServices,
-      saveActiveSessionId,
-      setActiveSessionId,
-      switchSession,
-      updateSessions,
-    ],
-  );
 
+        const existingSession = allDeviceSessions.find(
+          (session) =>
+            session.userId?.toString() === fullUser.id?.toString() &&
+            session.sessionId !== sessionResponse.sessionId,
+        );
 
-  /**
-   * Sign in with existing identity on device
-   */
-  const signIn = useCallback(
-    async (deviceName?: string): Promise<User> => {
-      if (!storage) throw new Error('Storage not initialized');
-
-      setAuthState({ isLoading: true, error: null });
-
-      try {
-        // Get stored public key
-        const publicKey = await KeyManager.getPublicKey();
-        if (!publicKey) {
-          throw new Error('No identity found on this device. Please create or import an identity.');
+        if (existingSession) {
+          try {
+            await oxyServices.logoutSession(sessionResponse.sessionId, sessionResponse.sessionId);
+          } catch (logoutError) {
+            if (__DEV__) {
+              console.warn('Failed to logout duplicate session:', logoutError);
+            }
+          }
+          await switchSession(existingSession.sessionId);
+          updateSessions(
+            allDeviceSessions.filter((session) => session.sessionId !== sessionResponse.sessionId),
+            { merge: false },
+          );
+          onAuthStateChange?.(fullUser);
+          return fullUser;
         }
 
-        // Ensure identity is registered before attempting sign-in
-        const { registered } = await oxyServices.checkPublicKeyRegistered(publicKey);
-        if (!registered) {
-          throw new Error('Identity is not registered. Please register your identity in the Accounts app before signing in.');
-        }
+        setActiveSessionId(sessionResponse.sessionId);
+        await saveActiveSessionId(sessionResponse.sessionId);
+        updateSessions(allDeviceSessions, { merge: true });
 
-        return await performSignIn(publicKey, deviceName);
+        await applyLanguagePreference(fullUser);
+        loginSuccess();
+        onAuthStateChange?.(fullUser);
+
+        return fullUser;
       } catch (error) {
         const message = handleAuthError(error, {
           defaultMessage: 'Sign in failed',
-          code: LOGIN_ERROR_CODE,
+          code: 'COMPLETE_SIGNIN_ERROR',
           onError,
           setAuthError: (msg: string) => setAuthState({ error: msg }),
           logger,
@@ -220,7 +127,21 @@ export const useAuthOperations = ({
         setAuthState({ isLoading: false });
       }
     },
-    [storage, setAuthState, performSignIn, loginFailure, onError, logger, oxyServices],
+    [
+      storage,
+      setAuthState,
+      oxyServices,
+      logger,
+      saveActiveSessionId,
+      setActiveSessionId,
+      switchSession,
+      updateSessions,
+      applyLanguagePreference,
+      loginSuccess,
+      onAuthStateChange,
+      onError,
+      loginFailure,
+    ],
   );
 
 
@@ -304,7 +225,7 @@ export const useAuthOperations = ({
   }, [activeSessionId, clearSessionState, logger, onError, oxyServices, setAuthState]);
 
   return {
-    signIn,
+    completeSignIn,
     logout,
     logoutAll,
   };

package/src/ui/hooks/useSessionSocket.ts

@@ -25,7 +25,6 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
   const lastRegisteredSocketIdRef = useRef<string | null>(null);
   const getAccessTokenRef = useRef(getAccessToken);
   
-  // Store callbacks in refs to avoid re-joining when they change
   const refreshSessionsRef = useRef(refreshSessions);
   const logoutRef = useRef(logout);
   const clearSessionStateRef = useRef(clearSessionState);
@@ -34,7 +33,6 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
   const activeSessionIdRef = useRef(activeSessionId);
   const currentDeviceIdRef = useRef(currentDeviceId);
 
-  // Update refs when callbacks change
   useEffect(() => {
     refreshSessionsRef.current = refreshSessions;
     logoutRef.current = logout;
@@ -48,7 +46,6 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
 
   useEffect(() => {
     if (!userId || !baseURL) {
-      // Clean up if userId or baseURL becomes invalid
       if (socketRef.current) {
         socketRef.current.disconnect();
         socketRef.current = null;
@@ -56,14 +53,9 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
       }
       return;
     }
-
-    // IMPORTANT: If userId is set but we have no token, defer socket creation
-    // This prevents socket reconnection race condition during auth flow
-    // (e.g., when userId changes but tokens aren't set yet in transfer flow)
     const freshToken = getAccessTokenRef.current();
     if (!freshToken) {
       logger.debug('Deferring socket creation - no access token available yet', { component: 'useSessionSocket', userId });
-      // Disconnect existing socket if it exists but we have no token
       if (socketRef.current) {
         socketRef.current.disconnect();
         socketRef.current = null;
@@ -72,32 +64,25 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
       return;
     }
 
-    // Initialize socket with token refresh
     const initializeSocket = async () => {
       try {
-        // Refresh token if expiring soon before creating socket connection
         await tokenService.refreshTokenIfNeeded();
       } catch (error) {
-        // If refresh fails, log but continue with current token
         logger.debug('Token refresh failed before socket connection', { component: 'useSessionSocket', userId, error });
       }
 
       const accessToken = getAccessTokenRef.current();
-      // Recreate socket if token changed or socket doesn't exist
       const tokenChanged = accessTokenRef.current !== accessToken;
       if (!socketRef.current || tokenChanged) {
-        // Disconnect old socket if exists
         if (socketRef.current) {
           socketRef.current.disconnect();
           socketRef.current = null;
         }
-        
-        // Create new socket with authentication
+
         const socketOptions: any = {
           transports: ['websocket'],
         };
         
-        // Get fresh token after potential refresh
         const freshToken = getAccessTokenRef.current();
         if (freshToken) {
           socketOptions.auth = {
@@ -105,14 +90,13 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
           };
         } else {
           logger.debug('No access token available for socket authentication', { component: 'useSessionSocket', userId });
-          // Defer socket creation if token is still missing
           return;
         }
         
         socketRef.current = io(baseURL, socketOptions);
         accessTokenRef.current = freshToken;
-        joinedRoomRef.current = null; // Reset room tracking
-        handlersSetupRef.current = false; // Reset handlers flag for new socket
+        joinedRoomRef.current = null;
+        handlersSetupRef.current = false;
       }
       
       const socket = socketRef.current;
@@ -122,8 +106,6 @@ export function useSessionSocket({ userId, activeSessionId, currentDeviceId, ref
         joinedRoomRef.current = `user:${userId}`;
       }
 
-      // Set up event handlers (only once per socket instance)
-      // Define handlers - they reference socket from closure
       const handleConnect = () => {
       const currentToken = getAccessTokenRef.current();
       if (__DEV__) {

package/src/ui/screens/OxyAuthScreen.tsx

@@ -60,7 +60,7 @@ const OxyAuthScreen: React.FC<BaseScreenProps> = ({
 }) => {
   const themeValue = (theme === 'light' || theme === 'dark') ? theme : 'light';
   const colors = useThemeColors(themeValue);
-  const { oxyServices, signIn, switchSession } = useOxy();
+  const { oxyServices, switchSession } = useOxy();
 
   const [authSession, setAuthSession] = useState<AuthSession | null>(null);
   const [isLoading, setIsLoading] = useState(true);

package/src/ui/stores/authStore.ts

@@ -1,44 +1,65 @@
+/** Auth store for Services SDK (sessions/tokens only). */
+
 import { create } from 'zustand';
 
 export interface AuthState {
   isAuthenticated: boolean;
+  isOnline: boolean;
   isLoading: boolean;
   error: string | null;
+  identitySynced: boolean;
   
-  // Identity sync state (offline-first)
-  isIdentitySynced: boolean;
-  isSyncing: boolean;
-  
+  setOnline: (online: boolean) => void;
   loginSuccess: () => void;
   loginFailure: (error: string) => void;
   logout: () => void;
-  
-  // Identity sync actions
   setIdentitySynced: (synced: boolean) => void;
-  setSyncing: (syncing: boolean) => void;
+  
+  canAuthenticate: () => boolean;
 }
 
-export const useAuthStore = create<AuthState>((set: (state: Partial<AuthState>) => void) => ({
+export const useAuthStore = create<AuthState>((set, get) => ({
   isAuthenticated: false,
+  isOnline: true, // Assume online initially
   isLoading: false,
   error: null,
+  identitySynced: false,
   
-  // Identity sync state (offline-first)
-  isIdentitySynced: false, // Registration/identity sync not confirmed until done
-  isSyncing: false,
+  setOnline: (online: boolean) => {
+    set({ isOnline: online });
+    // If we go offline, we can't be authenticated
+    if (!online) {
+      set({ isAuthenticated: false });
+    }
+  },
   
   loginSuccess: () => set({ 
     isLoading: false, 
-    isAuthenticated: true,
-    isIdentitySynced: true, // If login succeeded, registration is complete
+    isAuthenticated: get().isOnline, // Only authenticated if online
+    error: null,
+  }),
+  
+  loginFailure: (error: string) => set({ 
+    isLoading: false, 
+    isAuthenticated: false,
+    error 
   }),
-  loginFailure: (error: string) => set({ isLoading: false, error }),
+  
   logout: () => set({ 
     isAuthenticated: false,
-    isSyncing: false,
+    error: null,
+    identitySynced: false,
   }),
+
+  // Track whether identity registration is confirmed with backend
+  setIdentitySynced: (synced: boolean) => set({ identitySynced: synced }),
   
-  // Identity sync actions
-  setIdentitySynced: (synced: boolean) => set({ isIdentitySynced: synced }),
-  setSyncing: (syncing: boolean) => set({ isSyncing: syncing }),
+  /**
+   * Check if user can authenticate
+   * Requires both valid tokens (checked by caller) and network
+   */
+  canAuthenticate: () => {
+    const state = get();
+    return state.isOnline;
+  },
 }));