npm - @oxyhq/services - Versions diffs - 5.25.0 → 5.26.0 - Mend

@oxyhq/services 5.25.0 → 5.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (444) hide show

package/README.md CHANGED Viewed

@@ -23,7 +23,7 @@ A comprehensive TypeScript client library for the Oxy API providing authenticati
 ## ✨ Features
 - 🔐 **Zero-Config Authentication**: Automatic token management and refresh
-- 🌐 **Cross-Domain SSO**: Sign in once, authenticated everywhere (FedCM-based)
+- 🌐 **Cross-Domain SSO**: Sign in once, authenticated everywhere (FedCM, popup, redirect)
 - 📱 **Universal Provider**: Single `OxyProvider` works on iOS, Android, and Web
 - 🎨 **UI Components**: Pre-built components for auth, profiles, and more
 - ✍️ **Inter Font Included**: Default Oxy ecosystem font with automatic loading
@@ -33,6 +33,20 @@ A comprehensive TypeScript client library for the Oxy API providing authenticati
 - 🚀 **Performance Optimized**: Automatic caching with TanStack Query
 - 🛡️ **Production Ready**: Error handling, retry logic, and security best practices
+## 🏗️ Architecture
+OxyServices uses a modular architecture with multiple entry points for different use cases:
+| Entry Point | Use Case | Dependencies |
+|------------|----------|--------------|
+| `@oxyhq/services` | Expo apps (native + web) | Full (RN, Expo) |
+| `@oxyhq/services/web` | Pure React apps (Vite, Next.js) | React only |
+| `@oxyhq/services/core` | Node.js / Backend | None |
+| `@oxyhq/services/shared` | Utilities anywhere | None |
+| `@oxyhq/services/crypto` | Identity management | Node crypto |
+📖 **[Complete Architecture Guide](./docs/ARCHITECTURE.md)**
 ## 📦 Installation
 ```bash
@@ -111,6 +125,25 @@ function App() {
     </WebOxyProvider>
   );
 }
+function LoginButton() {
+  const { signIn, signOut, user, isAuthenticated, isFedCMSupported } = useAuth();
+  if (isAuthenticated) {
+    return (
+      <div>
+        <p>Welcome, {user?.username}!</p>
+        <button onClick={signOut}>Sign Out</button>
+      </div>
+    );
+  }
+  return (
+    <button onClick={signIn}>
+      {isFedCMSupported() ? 'Sign in with Oxy' : 'Sign in'}
+    </button>
+  );
+}
 ```
 ⚠️ **Important:** If you're using Expo, always use `OxyProvider` instead - it already handles web in addition to native platforms. Never use `WebOxyProvider` in Expo apps.
@@ -127,10 +160,28 @@ import { WebOxyProvider, useAuth, OxyServices } from '@oxyhq/services/web';
 import { WebOxyProvider } from '@oxyhq/services';
 ```
+**Authentication Methods Available:**
+- **FedCM** (Browser-native, Google-style) - Best UX, no popups
+- **Popup** - OAuth2-style popup window
+- **Redirect** - Full page redirect (fallback)
+```typescript
+const { signIn, signInWithFedCM, signInWithPopup, signInWithRedirect, isFedCMSupported } = useAuth();
+// Auto-select best method (FedCM → Popup → Redirect)
+await signIn();
+// Or use specific method
+await signInWithFedCM();
+await signInWithPopup();
+signInWithRedirect();
+```
 **Benefits:**
 - Smaller bundle size (no React Native dependencies)
 - No need for react-native-web or complex build configuration
 - Faster builds and smaller production bundles
+- Full FedCM support for modern browsers
 - All web-compatible features included (auth, hooks, stores, etc.)
 **Note:** If you must use the main entry point (`@oxyhq/services`), you'll need to configure your bundler with react-native-web aliases. See the [Web Bundler Configuration](#web-bundler-configuration) section below.
@@ -177,16 +228,18 @@ app.listen(3000);
 **Inter is the default font for all Oxy ecosystem apps.** This package includes the Inter font family and provides automatic font loading for both web and native platforms.
-### Quick Setup
+### Automatic Loading
+**If you're using `OxyProvider`, fonts are loaded automatically.** No additional setup needed:
 ```typescript
-import { FontLoader, fontFamilies, fontStyles } from '@oxyhq/services';
+import { OxyProvider } from '@oxyhq/services';
 function App() {
   return (
-    <FontLoader>
+    <OxyProvider baseURL="https://api.oxy.so">
       <YourAppContent />
-    </FontLoader>
+    </OxyProvider>
   );
 }
 ```
@@ -210,8 +263,7 @@ const styles = StyleSheet.create({
 ### Available Exports
-- **`FontLoader`** - Component that loads Inter fonts automatically
-- **`setupFonts()`** - Function to manually load fonts
+- **`setupFonts()`** - Function to manually load fonts (called automatically by OxyProvider)
 - **`fontFamilies`** - Object with all Inter weight variants (inter, interLight, interMedium, interSemiBold, interBold, interExtraBold, interBlack)
 - **`fontStyles`** - Pre-defined text styles (titleLarge, titleMedium, titleSmall, buttonText)
@@ -729,7 +781,7 @@ function AuthModal({ visible, onRequestClose }: { visible: boolean; onRequestClo
     <Modal visible onRequestClose={onRequestClose} animationType="slide">
       <OxyRouter
         oxyServices={oxyServices}
-        initialScreen="SignIn"
+        initialScreen="OxyAuth"
         onClose={onRequestClose}
         onAuthenticated={onRequestClose}
         theme="light"

package/lib/commonjs/core/AuthManager.js ADDED Viewed

@@ -0,0 +1,405 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.AuthManager = void 0;
+exports.createAuthManager = createAuthManager;
+/**
+ * AuthManager - Centralized Authentication Manager
+ *
+ * Provides a unified authentication interface for all platforms.
+ * Handles token storage, session management, and auth state changes.
+ *
+ * @module core/AuthManager
+ */
+/**
+ * OxyServices with optional FedCM methods (provided by FedCM mixin).
+ */
+/**
+ * Storage adapter interface for platform-agnostic storage.
+ */
+/**
+ * Auth state change callback type.
+ */
+/**
+ * Auth method types.
+ */
+/**
+ * Auth manager configuration.
+ */
+/**
+ * Storage keys used by AuthManager.
+ */
+const STORAGE_KEYS = {
+  ACCESS_TOKEN: 'oxy_access_token',
+  REFRESH_TOKEN: 'oxy_refresh_token',
+  SESSION: 'oxy_session',
+  USER: 'oxy_user',
+  AUTH_METHOD: 'oxy_auth_method'
+};
+/**
+ * Default in-memory storage for non-browser environments.
+ */
+class MemoryStorage {
+  store = new Map();
+  getItem(key) {
+    return this.store.get(key) ?? null;
+  }
+  setItem(key, value) {
+    this.store.set(key, value);
+  }
+  removeItem(key) {
+    this.store.delete(key);
+  }
+}
+/**
+ * Browser localStorage adapter.
+ */
+class LocalStorageAdapter {
+  getItem(key) {
+    if (typeof window === 'undefined') return null;
+    try {
+      return localStorage.getItem(key);
+    } catch {
+      return null;
+    }
+  }
+  setItem(key, value) {
+    if (typeof window === 'undefined') return;
+    try {
+      localStorage.setItem(key, value);
+    } catch {
+      // Storage full or blocked
+    }
+  }
+  removeItem(key) {
+    if (typeof window === 'undefined') return;
+    try {
+      localStorage.removeItem(key);
+    } catch {
+      // Ignore errors
+    }
+  }
+}
+/**
+ * AuthManager - Centralized authentication management.
+ *
+ * Provides a single point of control for:
+ * - Token storage and retrieval
+ * - Session management
+ * - Auth state change notifications
+ * - Multiple auth method support
+ *
+ * @example
+ * ```typescript
+ * const authManager = new AuthManager(oxyServices);
+ *
+ * // Listen for auth changes
+ * authManager.onAuthStateChange((user) => {
+ *   console.log('Auth state changed:', user);
+ * });
+ *
+ * // Handle successful auth
+ * await authManager.handleAuthSuccess(session);
+ *
+ * // Sign out
+ * await authManager.signOut();
+ * ```
+ */
+class AuthManager {
+  listeners = new Set();
+  currentUser = null;
+  refreshTimer = null;
+  constructor(oxyServices, config = {}) {
+    this.oxyServices = oxyServices;
+    this.config = {
+      storage: config.storage ?? this.getDefaultStorage(),
+      autoRefresh: config.autoRefresh ?? true,
+      refreshBuffer: config.refreshBuffer ?? 5 * 60 * 1000 // 5 minutes
+    };
+    this.storage = this.config.storage;
+  }
+  /**
+   * Get default storage based on environment.
+   */
+  getDefaultStorage() {
+    if (typeof window !== 'undefined' && window.localStorage) {
+      return new LocalStorageAdapter();
+    }
+    return new MemoryStorage();
+  }
+  /**
+   * Subscribe to auth state changes.
+   *
+   * @param callback - Function called when auth state changes
+   * @returns Unsubscribe function
+   */
+  onAuthStateChange(callback) {
+    this.listeners.add(callback);
+    // Call immediately with current state
+    callback(this.currentUser);
+    return () => {
+      this.listeners.delete(callback);
+    };
+  }
+  /**
+   * Notify all listeners of auth state change.
+   */
+  notifyListeners() {
+    for (const listener of this.listeners) {
+      try {
+        listener(this.currentUser);
+      } catch {
+        // Ignore listener errors
+      }
+    }
+  }
+  /**
+   * Handle successful authentication.
+   *
+   * @param session - Session response from auth
+   * @param method - Auth method used
+   */
+  async handleAuthSuccess(session, method = 'credentials') {
+    // Store tokens
+    if (session.accessToken) {
+      await this.storage.setItem(STORAGE_KEYS.ACCESS_TOKEN, session.accessToken);
+      this.oxyServices.httpService.setTokens(session.accessToken);
+    }
+    // Store refresh token if available
+    if (session.refreshToken) {
+      await this.storage.setItem(STORAGE_KEYS.REFRESH_TOKEN, session.refreshToken);
+    }
+    // Store session info
+    await this.storage.setItem(STORAGE_KEYS.SESSION, JSON.stringify({
+      sessionId: session.sessionId,
+      deviceId: session.deviceId,
+      expiresAt: session.expiresAt
+    }));
+    // Store user only if it has valid required fields (not an empty placeholder)
+    if (session.user && typeof session.user.id === 'string' && session.user.id.length > 0) {
+      await this.storage.setItem(STORAGE_KEYS.USER, JSON.stringify(session.user));
+      this.currentUser = session.user;
+    }
+    // Store auth method
+    await this.storage.setItem(STORAGE_KEYS.AUTH_METHOD, method);
+    // Setup auto-refresh if enabled
+    if (this.config.autoRefresh && session.expiresAt) {
+      this.setupTokenRefresh(session.expiresAt);
+    }
+    // Notify listeners
+    this.notifyListeners();
+  }
+  /**
+   * Setup automatic token refresh.
+   */
+  setupTokenRefresh(expiresAt) {
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+    }
+    const expiresAtMs = new Date(expiresAt).getTime();
+    const now = Date.now();
+    const refreshAt = expiresAtMs - this.config.refreshBuffer;
+    const delay = Math.max(0, refreshAt - now);
+    if (delay > 0) {
+      this.refreshTimer = setTimeout(() => {
+        this.refreshToken().catch(() => {
+          // Refresh failed, user will need to re-auth
+        });
+      }, delay);
+    }
+  }
+  /**
+   * Refresh the access token.
+   */
+  async refreshToken() {
+    const refreshToken = await this.storage.getItem(STORAGE_KEYS.REFRESH_TOKEN);
+    if (!refreshToken) {
+      return false;
+    }
+    try {
+      // Cast httpService to proper type (needed due to mixin composition)
+      const httpService = this.oxyServices.httpService;
+      const response = await httpService.request({
+        method: 'POST',
+        url: '/api/auth/refresh',
+        data: {
+          refreshToken
+        },
+        cache: false
+      });
+      await this.handleAuthSuccess(response, 'credentials');
+      return true;
+    } catch {
+      // Refresh failed, clear session and update state
+      await this.clearSession();
+      this.currentUser = null;
+      this.notifyListeners();
+      return false;
+    }
+  }
+  /**
+   * Sign out and clear all auth data.
+   */
+  async signOut() {
+    // Clear refresh timer
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+    // Revoke FedCM credential if supported
+    try {
+      const services = this.oxyServices;
+      if (services.revokeFedCMCredential) {
+        await services.revokeFedCMCredential();
+      }
+    } catch {
+      // Ignore FedCM errors
+    }
+    // Clear HTTP client tokens
+    this.oxyServices.httpService.setTokens('');
+    // Clear storage
+    await this.clearSession();
+    // Update state and notify
+    this.currentUser = null;
+    this.notifyListeners();
+  }
+  /**
+   * Clear session data from storage.
+   */
+  async clearSession() {
+    await this.storage.removeItem(STORAGE_KEYS.ACCESS_TOKEN);
+    await this.storage.removeItem(STORAGE_KEYS.REFRESH_TOKEN);
+    await this.storage.removeItem(STORAGE_KEYS.SESSION);
+    await this.storage.removeItem(STORAGE_KEYS.USER);
+    await this.storage.removeItem(STORAGE_KEYS.AUTH_METHOD);
+  }
+  /**
+   * Get current user.
+   */
+  getCurrentUser() {
+    return this.currentUser;
+  }
+  /**
+   * Check if user is authenticated.
+   */
+  isAuthenticated() {
+    return this.currentUser !== null;
+  }
+  /**
+   * Get stored access token.
+   */
+  async getAccessToken() {
+    return this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN);
+  }
+  /**
+   * Get the auth method used for current session.
+   */
+  async getAuthMethod() {
+    const method = await this.storage.getItem(STORAGE_KEYS.AUTH_METHOD);
+    return method;
+  }
+  /**
+   * Initialize auth state from storage.
+   *
+   * Call this on app startup to restore previous session.
+   */
+  async initialize() {
+    try {
+      // Try to restore user from storage
+      const userJson = await this.storage.getItem(STORAGE_KEYS.USER);
+      if (userJson) {
+        this.currentUser = JSON.parse(userJson);
+      }
+      // Restore token to HTTP client
+      const token = await this.storage.getItem(STORAGE_KEYS.ACCESS_TOKEN);
+      if (token) {
+        this.oxyServices.httpService.setTokens(token);
+      }
+      // Check session expiry
+      const sessionJson = await this.storage.getItem(STORAGE_KEYS.SESSION);
+      if (sessionJson) {
+        const session = JSON.parse(sessionJson);
+        if (session.expiresAt) {
+          const expiresAt = new Date(session.expiresAt).getTime();
+          if (expiresAt <= Date.now()) {
+            // Session expired, try refresh
+            const refreshed = await this.refreshToken();
+            if (!refreshed) {
+              await this.clearSession();
+              this.currentUser = null;
+            }
+          } else if (this.config.autoRefresh) {
+            // Setup refresh timer
+            this.setupTokenRefresh(session.expiresAt);
+          }
+        }
+      }
+      return this.currentUser;
+    } catch {
+      // Failed to restore, start fresh
+      await this.clearSession();
+      this.currentUser = null;
+      return null;
+    }
+  }
+  /**
+   * Destroy the auth manager and clean up resources.
+   */
+  destroy() {
+    if (this.refreshTimer) {
+      clearTimeout(this.refreshTimer);
+      this.refreshTimer = null;
+    }
+    this.listeners.clear();
+  }
+}
+/**
+ * Create an AuthManager instance.
+ *
+ * @param oxyServices - OxyServices instance
+ * @param config - Optional configuration
+ * @returns AuthManager instance
+ */
+exports.AuthManager = AuthManager;
+function createAuthManager(oxyServices, config) {
+  return new AuthManager(oxyServices, config);
+}
+//# sourceMappingURL=AuthManager.js.map

package/lib/commonjs/core/AuthManager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["STORAGE_KEYS","ACCESS_TOKEN","REFRESH_TOKEN","SESSION","USER","AUTH_METHOD","MemoryStorage","store","Map","getItem","key","get","setItem","value","set","removeItem","delete","LocalStorageAdapter","window","localStorage","AuthManager","listeners","Set","currentUser","refreshTimer","constructor","oxyServices","config","storage","getDefaultStorage","autoRefresh","refreshBuffer","onAuthStateChange","callback","add","notifyListeners","listener","handleAuthSuccess","session","method","accessToken","httpService","setTokens","refreshToken","JSON","stringify","sessionId","deviceId","expiresAt","user","id","length","setupTokenRefresh","clearTimeout","expiresAtMs","Date","getTime","now","refreshAt","delay","Math","max","setTimeout","catch","response","request","url","data","cache","clearSession","signOut","services","revokeFedCMCredential","getCurrentUser","isAuthenticated","getAccessToken","getAuthMethod","initialize","userJson","parse","token","sessionJson","refreshed","destroy","clear","exports","createAuthManager"],"sourceRoot":"../../../src","sources":["core/AuthManager.ts"],"mappings":";;;;;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;;AAKA;AACA;AACA;;AAOA;AACA;AACA;;AAGA;AACA;AACA;;AAGA;AACA;AACA;;AAUA;AACA;AACA;AACA,MAAMA,YAAY,GAAG;EACnBC,YAAY,EAAE,kBAAkB;EAChCC,aAAa,EAAE,mBAAmB;EAClCC,OAAO,EAAE,aAAa;EACtBC,IAAI,EAAE,UAAU;EAChBC,WAAW,EAAE;AACf,CAAU;;AAEV;AACA;AACA;AACA,MAAMC,aAAa,CAA2B;EACpCC,KAAK,GAAG,IAAIC,GAAG,CAAiB,CAAC;EAEzCC,OAAOA,CAACC,GAAW,EAAiB;IAClC,OAAO,IAAI,CAACH,KAAK,CAACI,GAAG,CAACD,GAAG,CAAC,IAAI,IAAI;EACpC;EAEAE,OAAOA,CAACF,GAAW,EAAEG,KAAa,EAAQ;IACxC,IAAI,CAACN,KAAK,CAACO,GAAG,CAACJ,GAAG,EAAEG,KAAK,CAAC;EAC5B;EAEAE,UAAUA,CAACL,GAAW,EAAQ;IAC5B,IAAI,CAACH,KAAK,CAACS,MAAM,CAACN,GAAG,CAAC;EACxB;AACF;;AAEA;AACA;AACA;AACA,MAAMO,mBAAmB,CAA2B;EAClDR,OAAOA,CAACC,GAAW,EAAiB;IAClC,IAAI,OAAOQ,MAAM,KAAK,WAAW,EAAE,OAAO,IAAI;IAC9C,IAAI;MACF,OAAOC,YAAY,CAACV,OAAO,CAACC,GAAG,CAAC;IAClC,CAAC,CAAC,MAAM;MACN,OAAO,IAAI;IACb;EACF;EAEAE,OAAOA,CAACF,GAAW,EAAEG,KAAa,EAAQ;IACxC,IAAI,OAAOK,MAAM,KAAK,WAAW,EAAE;IACnC,IAAI;MACFC,YAAY,CAACP,OAAO,CAACF,GAAG,EAAEG,KAAK,CAAC;IAClC,CAAC,CAAC,MAAM;MACN;IAAA;EAEJ;EAEAE,UAAUA,CAACL,GAAW,EAAQ;IAC5B,IAAI,OAAOQ,MAAM,KAAK,WAAW,EAAE;IACnC,IAAI;MACFC,YAAY,CAACJ,UAAU,CAACL,GAAG,CAAC;IAC9B,CAAC,CAAC,MAAM;MACN;IAAA;EAEJ;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMU,WAAW,CAAC;EAGfC,SAAS,GAAiC,IAAIC,GAAG,CAAC,CAAC;EACnDC,WAAW,GAA2B,IAAI;EAC1CC,YAAY,GAAyC,IAAI;EAGjEC,WAAWA,CAACC,WAAwB,EAAEC,MAAyB,GAAG,CAAC,CAAC,EAAE;IACpE,IAAI,CAACD,WAAW,GAAGA,WAAW;IAC9B,IAAI,CAACC,MAAM,GAAG;MACZC,OAAO,EAAED,MAAM,CAACC,OAAO,IAAI,IAAI,CAACC,iBAAiB,CAAC,CAAC;MACnDC,WAAW,EAAEH,MAAM,CAACG,WAAW,IAAI,IAAI;MACvCC,aAAa,EAAEJ,MAAM,CAACI,aAAa,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAE;IACxD,CAAC;IACD,IAAI,CAACH,OAAO,GAAG,IAAI,CAACD,MAAM,CAACC,OAAO;EACpC;;EAEA;AACF;AACA;EACUC,iBAAiBA,CAAA,EAAmB;IAC1C,IAAI,OAAOX,MAAM,KAAK,WAAW,IAAIA,MAAM,CAACC,YAAY,EAAE;MACxD,OAAO,IAAIF,mBAAmB,CAAC,CAAC;IAClC;IACA,OAAO,IAAIX,aAAa,CAAC,CAAC;EAC5B;;EAEA;AACF;AACA;AACA;AACA;AACA;EACE0B,iBAAiBA,CAACC,QAAiC,EAAc;IAC/D,IAAI,CAACZ,SAAS,CAACa,GAAG,CAACD,QAAQ,CAAC;IAC5B;IACAA,QAAQ,CAAC,IAAI,CAACV,WAAW,CAAC;IAC1B,OAAO,MAAM;MACX,IAAI,CAACF,SAAS,CAACL,MAAM,CAACiB,QAAQ,CAAC;IACjC,CAAC;EACH;;EAEA;AACF;AACA;EACUE,eAAeA,CAAA,EAAS;IAC9B,KAAK,MAAMC,QAAQ,IAAI,IAAI,CAACf,SAAS,EAAE;MACrC,IAAI;QACFe,QAAQ,CAAC,IAAI,CAACb,WAAW,CAAC;MAC5B,CAAC,CAAC,MAAM;QACN;MAAA;IAEJ;EACF;;EAEA;AACF;AACA;AACA;AACA;AACA;EACE,MAAMc,iBAAiBA,CACrBC,OAA6B,EAC7BC,MAAkB,GAAG,aAAa,EACnB;IACf;IACA,IAAID,OAAO,CAACE,WAAW,EAAE;MACvB,MAAM,IAAI,CAACZ,OAAO,CAAChB,OAAO,CAACZ,YAAY,CAACC,YAAY,EAAEqC,OAAO,CAACE,WAAW,CAAC;MAC1E,IAAI,CAACd,WAAW,CAACe,WAAW,CAACC,SAAS,CAACJ,OAAO,CAACE,WAAW,CAAC;IAC7D;;IAEA;IACA,IAAIF,OAAO,CAACK,YAAY,EAAE;MACxB,MAAM,IAAI,CAACf,OAAO,CAAChB,OAAO,CAACZ,YAAY,CAACE,aAAa,EAAEoC,OAAO,CAACK,YAAY,CAAC;IAC9E;;IAEA;IACA,MAAM,IAAI,CAACf,OAAO,CAAChB,OAAO,CAACZ,YAAY,CAACG,OAAO,EAAEyC,IAAI,CAACC,SAAS,CAAC;MAC9DC,SAAS,EAAER,OAAO,CAACQ,SAAS;MAC5BC,QAAQ,EAAET,OAAO,CAACS,QAAQ;MAC1BC,SAAS,EAAEV,OAAO,CAACU;IACrB,CAAC,CAAC,CAAC;;IAEH;IACA,IAAIV,OAAO,CAACW,IAAI,IAAI,OAAQX,OAAO,CAACW,IAAI,CAASC,EAAE,KAAK,QAAQ,IAAKZ,OAAO,CAACW,IAAI,CAASC,EAAE,CAACC,MAAM,GAAG,CAAC,EAAE;MACvG,MAAM,IAAI,CAACvB,OAAO,CAAChB,OAAO,CAACZ,YAAY,CAACI,IAAI,EAAEwC,IAAI,CAACC,SAAS,CAACP,OAAO,CAACW,IAAI,CAAC,CAAC;MAC3E,IAAI,CAAC1B,WAAW,GAAGe,OAAO,CAACW,IAAI;IACjC;;IAEA;IACA,MAAM,IAAI,CAACrB,OAAO,CAAChB,OAAO,CAACZ,YAAY,CAACK,WAAW,EAAEkC,MAAM,CAAC;;IAE5D;IACA,IAAI,IAAI,CAACZ,MAAM,CAACG,WAAW,IAAIQ,OAAO,CAACU,SAAS,EAAE;MAChD,IAAI,CAACI,iBAAiB,CAACd,OAAO,CAACU,SAAS,CAAC;IAC3C;;IAEA;IACA,IAAI,CAACb,eAAe,CAAC,CAAC;EACxB;;EAEA;AACF;AACA;EACUiB,iBAAiBA,CAACJ,SAAiB,EAAQ;IACjD,IAAI,IAAI,CAACxB,YAAY,EAAE;MACrB6B,YAAY,CAAC,IAAI,CAAC7B,YAAY,CAAC;IACjC;IAEA,MAAM8B,WAAW,GAAG,IAAIC,IAAI,CAACP,SAAS,CAAC,CAACQ,OAAO,CAAC,CAAC;IACjD,MAAMC,GAAG,GAAGF,IAAI,CAACE,GAAG,CAAC,CAAC;IACtB,MAAMC,SAAS,GAAGJ,WAAW,GAAG,IAAI,CAAC3B,MAAM,CAACI,aAAa;IACzD,MAAM4B,KAAK,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC,EAAEH,SAAS,GAAGD,GAAG,CAAC;IAE1C,IAAIE,KAAK,GAAG,CAAC,EAAE;MACb,IAAI,CAACnC,YAAY,GAAGsC,UAAU,CAAC,MAAM;QACnC,IAAI,CAACnB,YAAY,CAAC,CAAC,CAACoB,KAAK,CAAC,MAAM;UAC9B;QAAA,CACD,CAAC;MACJ,CAAC,EAAEJ,KAAK,CAAC;IACX;EACF;;EAEA;AACF;AACA;EACE,MAAMhB,YAAYA,CAAA,EAAqB;IACrC,MAAMA,YAAY,GAAG,MAAM,IAAI,CAACf,OAAO,CAACnB,OAAO,CAACT,YAAY,CAACE,aAAa,CAAC;IAC3E,IAAI,CAACyC,YAAY,EAAE;MACjB,OAAO,KAAK;IACd;IAEA,IAAI;MACF;MACA,MAAMF,WAAW,GAAG,IAAI,CAACf,WAAW,CAACe,WAA0B;MAC/D,MAAMuB,QAAQ,GAAG,MAAMvB,WAAW,CAACwB,OAAO,CAAuB;QAC/D1B,MAAM,EAAE,MAAM;QACd2B,GAAG,EAAE,mBAAmB;QACxBC,IAAI,EAAE;UAAExB;QAAa,CAAC;QACtByB,KAAK,EAAE;MACT,CAAC,CAAC;MAEF,MAAM,IAAI,CAAC/B,iBAAiB,CAAC2B,QAAQ,EAAE,aAAa,CAAC;MACrD,OAAO,IAAI;IACb,CAAC,CAAC,MAAM;MACN;MACA,MAAM,IAAI,CAACK,YAAY,CAAC,CAAC;MACzB,IAAI,CAAC9C,WAAW,GAAG,IAAI;MACvB,IAAI,CAACY,eAAe,CAAC,CAAC;MACtB,OAAO,KAAK;IACd;EACF;;EAEA;AACF;AACA;EACE,MAAMmC,OAAOA,CAAA,EAAkB;IAC7B;IACA,IAAI,IAAI,CAAC9C,YAAY,EAAE;MACrB6B,YAAY,CAAC,IAAI,CAAC7B,YAAY,CAAC;MAC/B,IAAI,CAACA,YAAY,GAAG,IAAI;IAC1B;;IAEA;IACA,IAAI;MACF,MAAM+C,QAAQ,GAAG,IAAI,CAAC7C,WAAmC;MACzD,IAAI6C,QAAQ,CAACC,qBAAqB,EAAE;QAClC,MAAMD,QAAQ,CAACC,qBAAqB,CAAC,CAAC;MACxC;IACF,CAAC,CAAC,MAAM;MACN;IAAA;;IAGF;IACA,IAAI,CAAC9C,WAAW,CAACe,WAAW,CAACC,SAAS,CAAC,EAAE,CAAC;;IAE1C;IACA,MAAM,IAAI,CAAC2B,YAAY,CAAC,CAAC;;IAEzB;IACA,IAAI,CAAC9C,WAAW,GAAG,IAAI;IACvB,IAAI,CAACY,eAAe,CAAC,CAAC;EACxB;;EAEA;AACF;AACA;EACE,MAAckC,YAAYA,CAAA,EAAkB;IAC1C,MAAM,IAAI,CAACzC,OAAO,CAACb,UAAU,CAACf,YAAY,CAACC,YAAY,CAAC;IACxD,MAAM,IAAI,CAAC2B,OAAO,CAACb,UAAU,CAACf,YAAY,CAACE,aAAa,CAAC;IACzD,MAAM,IAAI,CAAC0B,OAAO,CAACb,UAAU,CAACf,YAAY,CAACG,OAAO,CAAC;IACnD,MAAM,IAAI,CAACyB,OAAO,CAACb,UAAU,CAACf,YAAY,CAACI,IAAI,CAAC;IAChD,MAAM,IAAI,CAACwB,OAAO,CAACb,UAAU,CAACf,YAAY,CAACK,WAAW,CAAC;EACzD;;EAEA;AACF;AACA;EACEoE,cAAcA,CAAA,EAA2B;IACvC,OAAO,IAAI,CAAClD,WAAW;EACzB;;EAEA;AACF;AACA;EACEmD,eAAeA,CAAA,EAAY;IACzB,OAAO,IAAI,CAACnD,WAAW,KAAK,IAAI;EAClC;;EAEA;AACF;AACA;EACE,MAAMoD,cAAcA,CAAA,EAA2B;IAC7C,OAAO,IAAI,CAAC/C,OAAO,CAACnB,OAAO,CAACT,YAAY,CAACC,YAAY,CAAC;EACxD;;EAEA;AACF;AACA;EACE,MAAM2E,aAAaA,CAAA,EAA+B;IAChD,MAAMrC,MAAM,GAAG,MAAM,IAAI,CAACX,OAAO,CAACnB,OAAO,CAACT,YAAY,CAACK,WAAW,CAAC;IACnE,OAAOkC,MAAM;EACf;;EAEA;AACF;AACA;AACA;AACA;EACE,MAAMsC,UAAUA,CAAA,EAAoC;IAClD,IAAI;MACF;MACA,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAAClD,OAAO,CAACnB,OAAO,CAACT,YAAY,CAACI,IAAI,CAAC;MAC9D,IAAI0E,QAAQ,EAAE;QACZ,IAAI,CAACvD,WAAW,GAAGqB,IAAI,CAACmC,KAAK,CAACD,QAAQ,CAAC;MACzC;;MAEA;MACA,MAAME,KAAK,GAAG,MAAM,IAAI,CAACpD,OAAO,CAACnB,OAAO,CAACT,YAAY,CAACC,YAAY,CAAC;MACnE,IAAI+E,KAAK,EAAE;QACT,IAAI,CAACtD,WAAW,CAACe,WAAW,CAACC,SAAS,CAACsC,KAAK,CAAC;MAC/C;;MAEA;MACA,MAAMC,WAAW,GAAG,MAAM,IAAI,CAACrD,OAAO,CAACnB,OAAO,CAACT,YAAY,CAACG,OAAO,CAAC;MACpE,IAAI8E,WAAW,EAAE;QACf,MAAM3C,OAAO,GAAGM,IAAI,CAACmC,KAAK,CAACE,WAAW,CAAC;QACvC,IAAI3C,OAAO,CAACU,SAAS,EAAE;UACrB,MAAMA,SAAS,GAAG,IAAIO,IAAI,CAACjB,OAAO,CAACU,SAAS,CAAC,CAACQ,OAAO,CAAC,CAAC;UACvD,IAAIR,SAAS,IAAIO,IAAI,CAACE,GAAG,CAAC,CAAC,EAAE;YAC3B;YACA,MAAMyB,SAAS,GAAG,MAAM,IAAI,CAACvC,YAAY,CAAC,CAAC;YAC3C,IAAI,CAACuC,SAAS,EAAE;cACd,MAAM,IAAI,CAACb,YAAY,CAAC,CAAC;cACzB,IAAI,CAAC9C,WAAW,GAAG,IAAI;YACzB;UACF,CAAC,MAAM,IAAI,IAAI,CAACI,MAAM,CAACG,WAAW,EAAE;YAClC;YACA,IAAI,CAACsB,iBAAiB,CAACd,OAAO,CAACU,SAAS,CAAC;UAC3C;QACF;MACF;MAEA,OAAO,IAAI,CAACzB,WAAW;IACzB,CAAC,CAAC,MAAM;MACN;MACA,MAAM,IAAI,CAAC8C,YAAY,CAAC,CAAC;MACzB,IAAI,CAAC9C,WAAW,GAAG,IAAI;MACvB,OAAO,IAAI;IACb;EACF;;EAEA;AACF;AACA;EACE4D,OAAOA,CAAA,EAAS;IACd,IAAI,IAAI,CAAC3D,YAAY,EAAE;MACrB6B,YAAY,CAAC,IAAI,CAAC7B,YAAY,CAAC;MAC/B,IAAI,CAACA,YAAY,GAAG,IAAI;IAC1B;IACA,IAAI,CAACH,SAAS,CAAC+D,KAAK,CAAC,CAAC;EACxB;AACF;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AANAC,OAAA,CAAAjE,WAAA,GAAAA,WAAA;AAOO,SAASkE,iBAAiBA,CAC/B5D,WAAwB,EACxBC,MAA0B,EACb;EACb,OAAO,IAAIP,WAAW,CAACM,WAAW,EAAEC,MAAM,CAAC;AAC7C","ignoreList":[]}

package/lib/commonjs/core/HttpService.js CHANGED Viewed

@@ -9,6 +9,7 @@ var _requestUtils = require("../utils/requestUtils.js");
 var _asyncUtils = require("../utils/asyncUtils.js");
 var _errorUtils = require("../utils/errorUtils.js");
 var _jwtDecode = require("jwt-decode");
+var _reactNative = require("react-native");
 /**
  * Unified HTTP Service
  *
@@ -24,6 +25,11 @@ var _jwtDecode = require("jwt-decode");
  * - Request queuing
  */
+/**
+ * Check if we're running in a native app environment (React Native, not web)
+ * This is used to determine CSRF handling mode
+ */
+const isNativeApp = _reactNative.Platform.OS !== 'web';
 /**
  * Token store for authentication (singleton)
  */
@@ -208,6 +214,26 @@ class HttpService {
           headers['X-CSRF-Token'] = csrfToken;
         }
+        // Add native app header for React Native (required for CSRF validation)
+        // Native apps can't persist cookies like browsers, so the server uses
+        // header-only CSRF validation when this header is present
+        if (isNativeApp && isStateChangingMethod) {
+          headers['X-Native-App'] = 'true';
+        }
+        // Debug logging for CSRF issues
+        if (isStateChangingMethod && __DEV__) {
+          console.log('[HttpService] CSRF Debug:', {
+            url,
+            method,
+            isNativeApp,
+            platformOS: _reactNative.Platform.OS,
+            hasCsrfToken: !!csrfToken,
+            csrfTokenLength: csrfToken?.length,
+            hasNativeAppHeader: headers['X-Native-App'] === 'true'
+          });
+        }
         // Merge custom headers if provided
         if (config.headers) {
           Object.entries(config.headers).forEach(([key, value]) => {
@@ -380,16 +406,23 @@ class HttpService {
     // Return cached token if available
     const cachedToken = this.tokenStore.getCsrfToken();
     if (cachedToken) {
+      if (__DEV__) console.log('[HttpService] Using cached CSRF token');
       return cachedToken;
     }
     // Deduplicate concurrent CSRF token fetches
     const existingPromise = this.tokenStore.getCsrfTokenFetchPromise();
     if (existingPromise) {
+      if (__DEV__) console.log('[HttpService] Waiting for existing CSRF fetch');
       return existingPromise;
     }
     const fetchPromise = (async () => {
       try {
+        if (__DEV__) console.log('[HttpService] Fetching CSRF token from:', `${this.baseURL}/api/csrf-token`);
+        // Use AbortController for timeout (more compatible than AbortSignal.timeout)
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), 5000);
         const response = await fetch(`${this.baseURL}/api/csrf-token`, {
           method: 'GET',
           headers: {
@@ -397,10 +430,13 @@ class HttpService {
           },
           credentials: 'include',
           // Required to receive and send cookies
-          signal: AbortSignal.timeout(5000)
+          signal: controller.signal
         });
+        clearTimeout(timeoutId);
+        if (__DEV__) console.log('[HttpService] CSRF fetch response:', response.status, response.ok);
         if (response.ok) {
           const data = await response.json();
+          if (__DEV__) console.log('[HttpService] CSRF response data:', data);
           const token = data.csrfToken || null;
           this.tokenStore.setCsrfToken(token);
           this.logger.debug('CSRF token fetched');
@@ -414,9 +450,11 @@ class HttpService {
           this.logger.debug('CSRF token from header');
           return headerToken;
         }
+        if (__DEV__) console.log('[HttpService] CSRF fetch failed with status:', response.status);
         this.logger.warn('Failed to fetch CSRF token:', response.status);
         return null;
       } catch (error) {
+        if (__DEV__) console.log('[HttpService] CSRF fetch error:', error);
         this.logger.warn('CSRF token fetch error:', error);
         return null;
       } finally {