@oxyhq/services 5.26.3 → 5.27.0

package/dist/web/types/crypto/keyManager.d.ts

@@ -0,0 +1,189 @@
+/**
+ * Key Manager - ECDSA secp256k1 Key Generation and Storage
+ *
+ * Handles secure generation, storage, and retrieval of cryptographic keys.
+ * Private keys are stored securely using expo-secure-store and never leave the device.
+ */
+import type { ECKeyPair } from 'elliptic';
+export interface KeyPair {
+    publicKey: string;
+    privateKey: string;
+}
+export declare class KeyManager {
+    private static cachedPublicKey;
+    private static cachedHasIdentity;
+    private static cachedSharedPublicKey;
+    private static cachedHasSharedIdentity;
+    /**
+     * Invalidate cached identity state
+     * Called internally when identity is created/deleted/imported
+     */
+    private static invalidateCache;
+    /**
+     * Invalidate cached shared identity state
+     * Called internally when shared identity is created/deleted/imported
+     */
+    private static invalidateSharedCache;
+    /**
+     * Generate a new ECDSA secp256k1 key pair
+     * Returns the keys in hexadecimal format
+     */
+    static generateKeyPairSync(): KeyPair;
+    /**
+     * Generate a new key pair using secure random bytes
+     */
+    static generateKeyPair(): Promise<KeyPair>;
+    /**
+     * Create a shared identity accessible across all Oxy apps
+     *
+     * iOS: Stores in shared keychain group (requires entitlement configuration)
+     * Android: Stores in Account Manager (requires sharedUserId in manifest)
+     *
+     * This enables true cross-app SSO - when user signs in to one Oxy app,
+     * they're automatically signed in to all other Oxy apps.
+     *
+     * @returns Public key of the shared identity
+     * @throws Error if not on native platform or if sharing is not configured
+     */
+    static createSharedIdentity(): Promise<string>;
+    /**
+     * Get the shared public key (accessible across all Oxy apps)
+     *
+     * @returns Shared public key or null if no shared identity exists
+     */
+    static getSharedPublicKey(): Promise<string | null>;
+    /**
+     * Get the shared private key (for signing operations)
+     *
+     * WARNING: Only use this for signing operations within the app.
+     * The private key should NEVER be transmitted or exposed.
+     *
+     * @returns Shared private key or null if no shared identity exists
+     */
+    static getSharedPrivateKey(): Promise<string | null>;
+    /**
+     * Check if a shared identity exists (accessible across all Oxy apps)
+     *
+     * @returns True if shared identity exists, false otherwise
+     */
+    static hasSharedIdentity(): Promise<boolean>;
+    /**
+     * Import an existing key pair as shared identity
+     *
+     * This is used when:
+     * 1. User signs in to a new Oxy app for the first time
+     * 2. User has existing identity on another Oxy app
+     * 3. We want to sync the identity across apps
+     *
+     * @param privateKey - Private key in hex format
+     * @returns Public key
+     */
+    static importSharedIdentity(privateKey: string): Promise<string>;
+    /**
+     * Store session information in shared storage
+     *
+     * This allows all Oxy apps to access the same session without
+     * re-authenticating. When user signs in to one app, all apps
+     * get the session automatically.
+     *
+     * @param sessionId - Session ID from authentication
+     * @param accessToken - Access token for API calls
+     */
+    static storeSharedSession(sessionId: string, accessToken: string): Promise<void>;
+    /**
+     * Get shared session information
+     *
+     * This allows any Oxy app to check if user is already signed in
+     * via another Oxy app. Enables instant cross-app SSO.
+     *
+     * @returns Session data or null if no shared session exists
+     */
+    static getSharedSession(): Promise<{
+        sessionId: string;
+        accessToken: string;
+    } | null>;
+    /**
+     * Clear shared session (on logout)
+     *
+     * This signs out the user from ALL Oxy apps simultaneously.
+     * Call this when user explicitly logs out.
+     */
+    static clearSharedSession(): Promise<void>;
+    /**
+     * Migrate local identity to shared identity
+     *
+     * Call this when upgrading existing apps to use shared identities.
+     * Copies the device-specific identity to shared storage so it can
+     * be accessed by other Oxy apps.
+     *
+     * @returns True if migration was successful, false if no local identity exists
+     */
+    static migrateToSharedIdentity(): Promise<boolean>;
+    /**
+     * Generate and securely store a new key pair on the device
+     * Returns only the public key (private key is stored securely)
+     */
+    static createIdentity(): Promise<string>;
+    /**
+     * Import an existing key pair (e.g., from recovery phrase)
+     */
+    static importKeyPair(privateKey: string): Promise<string>;
+    /**
+     * Get the stored private key
+     * WARNING: Only use this for signing operations within the app
+     */
+    static getPrivateKey(): Promise<string | null>;
+    /**
+     * Get the stored public key (cached for performance)
+     */
+    static getPublicKey(): Promise<string | null>;
+    /**
+     * Check if an identity (key pair) exists on this device (cached for performance)
+     */
+    static hasIdentity(): Promise<boolean>;
+    /**
+     * Delete the stored identity (both keys)
+     * Use with EXTREME caution - this is irreversible without a recovery phrase
+     * This should ONLY be called when explicitly requested by the user
+     * @param skipBackup - If true, skip backup before deletion (default: false)
+     * @param force - If true, skip confirmation checks (default: false)
+     * @param userConfirmed - If true, user has explicitly confirmed deletion (default: false)
+     */
+    static deleteIdentity(skipBackup?: boolean, force?: boolean, userConfirmed?: boolean): Promise<void>;
+    /**
+     * Backup identity to SecureStore (separate backup storage)
+     * This provides a recovery mechanism if primary storage fails
+     */
+    static backupIdentity(): Promise<boolean>;
+    /**
+     * Verify identity integrity - checks if keys are valid and accessible
+     */
+    static verifyIdentityIntegrity(): Promise<boolean>;
+    /**
+     * Restore identity from backup if primary storage is corrupted
+     */
+    static restoreIdentityFromBackup(): Promise<boolean>;
+    /**
+     * Get the elliptic curve key object from the stored private key
+     * Used internally for signing operations
+     */
+    static getKeyPairObject(): Promise<ECKeyPair | null>;
+    /**
+     * Derive public key from a private key (without storing)
+     */
+    static derivePublicKey(privateKey: string): string;
+    /**
+     * Validate that a string is a valid public key
+     */
+    static isValidPublicKey(publicKey: string): boolean;
+    /**
+     * Validate that a string is a valid private key
+     */
+    static isValidPrivateKey(privateKey: string): boolean;
+    /**
+     * Get a shortened version of the public key for display
+     * Format: first 8 chars...last 8 chars
+     */
+    static shortenPublicKey(publicKey: string): string;
+}
+export default KeyManager;

package/dist/web/types/crypto/polyfill.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Crypto Polyfills for React Native
+ *
+ * This file ensures that required polyfills are available
+ * before any crypto operations are performed.
+ *
+ * Polyfills included:
+ * - Buffer: Required by bip39 and other crypto libraries
+ * - crypto.getRandomValues: Required by bip39 for secure random number generation
+ */
+import { Buffer } from 'buffer';
+export { Buffer };

package/dist/web/types/crypto/recoveryPhrase.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Recovery Phrase Service - BIP39 Mnemonic Generation
+ *
+ * Handles generation and restoration of recovery phrases (mnemonic seeds)
+ * for backing up and restoring user identities.
+ *
+ * Note: This module requires the polyfill to be loaded first (done via crypto/index.ts)
+ */
+export interface RecoveryPhraseResult {
+    phrase: string;
+    words: string[];
+    publicKey: string;
+}
+export declare class RecoveryPhraseService {
+    /**
+     * Generate a new identity with a recovery phrase
+     * Returns the mnemonic phrase (should only be shown once to the user)
+     */
+    static generateIdentityWithRecovery(): Promise<RecoveryPhraseResult>;
+    /**
+     * Generate a 24-word recovery phrase for higher security
+     */
+    static generateIdentityWithRecovery24(): Promise<RecoveryPhraseResult>;
+    /**
+     * Restore an identity from a recovery phrase
+     */
+    static restoreFromPhrase(phrase: string): Promise<string>;
+    /**
+     * Validate a recovery phrase without importing it
+     */
+    static validatePhrase(phrase: string): boolean;
+    /**
+     * Get the word list for autocomplete/validation
+     */
+    static getWordList(): string[];
+    /**
+     * Check if a word is valid in the BIP39 word list
+     */
+    static isValidWord(word: string): boolean;
+    /**
+     * Get suggestions for a partial word
+     */
+    static getSuggestions(partial: string, limit?: number): string[];
+    /**
+     * Derive the public key from a phrase without storing
+     * Useful for verification before importing
+     */
+    static derivePublicKeyFromPhrase(phrase: string): Promise<string>;
+    /**
+     * Convert a phrase to its word array
+     */
+    static phraseToWords(phrase: string): string[];
+    /**
+     * Convert a word array to a phrase string
+     */
+    static wordsToPhrase(words: string[]): string;
+}
+export default RecoveryPhraseService;

package/dist/web/types/crypto/signatureService.d.ts

@@ -0,0 +1,86 @@
+/**
+ * Signature Service - ECDSA Digital Signatures
+ *
+ * Handles signing and verification of messages using ECDSA secp256k1.
+ * Used for authenticating requests and proving identity ownership.
+ */
+export interface SignedMessage {
+    message: string;
+    signature: string;
+    publicKey: string;
+    timestamp: number;
+}
+export interface AuthChallenge {
+    challenge: string;
+    publicKey: string;
+    timestamp: number;
+}
+export declare class SignatureService {
+    /**
+     * Generate a random challenge string (for offline use)
+     * Uses expo-crypto in React Native, crypto.randomBytes in Node.js
+     */
+    static generateChallenge(): Promise<string>;
+    /**
+     * Hash a message using SHA-256
+     */
+    static hashMessage(message: string): Promise<string>;
+    /**
+     * Sign a message using the stored private key
+     * Returns the signature in DER format (hex encoded)
+     */
+    static sign(message: string): Promise<string>;
+    /**
+     * Sign a message with an explicit private key (without storing)
+     * Useful for one-time operations or testing
+     */
+    static signWithKey(message: string, privateKey: string): Promise<string>;
+    /**
+     * Verify a signature against a message and public key
+     */
+    static verify(message: string, signature: string, publicKey: string): Promise<boolean>;
+    /**
+     * Synchronous verification (for Node.js backend)
+     * Uses crypto module directly for hashing
+     * Note: This method should only be used in Node.js environments
+     */
+    static verifySync(message: string, signature: string, publicKey: string): boolean;
+    /**
+     * Create a signed message object with metadata
+     */
+    static createSignedMessage(message: string): Promise<SignedMessage>;
+    /**
+     * Verify a signed message object
+     * Checks both signature validity and timestamp freshness
+     */
+    static verifySignedMessage(signedMessage: SignedMessage, maxAgeMs?: number): Promise<boolean>;
+    /**
+     * Create a signed authentication challenge response
+     * Used for challenge-response authentication
+     */
+    static signChallenge(challenge: string): Promise<AuthChallenge>;
+    /**
+     * Verify a challenge response
+     */
+    static verifyChallengeResponse(originalChallenge: string, response: AuthChallenge, maxAgeMs?: number): Promise<boolean>;
+    /**
+     * Create a registration signature
+     * Used when registering a new identity with the server
+     * Format matches server expectation: oxy:register:{publicKey}:{timestamp}
+     */
+    static createRegistrationSignature(): Promise<{
+        signature: string;
+        publicKey: string;
+        timestamp: number;
+    }>;
+    /**
+     * Sign arbitrary data for API requests
+     * Creates a canonical string representation and signs it
+     */
+    static signRequestData(data: Record<string, unknown>): Promise<{
+        signature: string;
+        publicKey: string;
+        timestamp: number;
+    }>;
+}
+export default SignatureService;

package/dist/web/types/i18n/index.d.ts

@@ -0,0 +1,3 @@
+export type LocaleDict = Record<string, any>;
+export declare function translate(locale: string | undefined, key: string, vars?: Record<string, string | number>): string;
+export declare function hasKey(locale: string | undefined, key: string): boolean;

package/dist/web/types/index.d.ts

@@ -0,0 +1,62 @@
+/**
+ * OxyHQServices Main Export File - Universal (Frontend + Backend)
+ *
+ * This exports everything but uses environment detection to avoid crashes.
+ * - Frontend: Full UI + Core functionality
+ * - Backend: Core functionality only (UI components are no-ops)
+ */
+import './utils/platformInit';
+import './crypto/polyfill';
+export { KeyManager, SignatureService, RecoveryPhraseService } from './crypto';
+export { OxyServices, OxyAuthenticationError, OxyAuthenticationTimeoutError } from './core';
+export { OXY_CLOUD_URL, oxyClient } from './core';
+export { CrossDomainAuth, createCrossDomainAuth } from './core';
+export type { CrossDomainAuthOptions } from './core';
+export type { KeyPair, SignedMessage, AuthChallenge, RecoveryPhraseResult } from './crypto';
+export { useOxy } from './ui/context/OxyContext';
+export { useAuth } from './ui/hooks/useAuth';
+export type { AuthState, AuthActions, UseAuthReturn } from './ui/hooks/useAuth';
+export { default as OxyProvider } from './ui/components/OxyProvider';
+export { FontLoader } from './ui/components/FontLoader';
+export { default as WebOxyProvider } from './ui/components/WebOxyProvider';
+export { DeviceManager } from './utils/deviceManager';
+export type { DeviceFingerprint, StoredDeviceInfo } from './utils/deviceManager';
+export { SUPPORTED_LANGUAGES, getLanguageMetadata, getLanguageName, getNativeLanguageName, normalizeLanguageCode } from './utils/languageUtils';
+export type { LanguageMetadata } from './utils/languageUtils';
+export type { OxyConfig, User, LoginResponse, Notification, Wallet, Transaction, TransferFundsRequest, PurchaseRequest, WithdrawalRequest, TransactionResponse, KarmaRule, KarmaHistory, KarmaLeaderboardEntry, KarmaAwardRequest, ApiError, PaymentMethod, PaymentRequest, PaymentResponse, AnalyticsData, FollowerDetails, ContentViewer, FileMetadata, FileUploadResponse, FileListResponse, FileUpdateRequest, FileDeleteResponse, DeviceSession, DeviceSessionsResponse, DeviceSessionLogoutResponse, UpdateDeviceNameResponse, BlockedUser, RestrictedUser, FileVisibility, AssetLink, AssetVariant, Asset, AssetInitRequest, AssetInitResponse, AssetCompleteRequest, AssetLinkRequest, AssetUnlinkRequest, AssetUrlResponse, AssetDeleteSummary, AssetUploadProgress, AssetUpdateVisibilityRequest, AssetUpdateVisibilityResponse, AccountStorageCategoryUsage, AccountStorageUsageResponse, SecurityEventType, SecurityEventSeverity, SecurityActivity, SecurityActivityResponse, } from './models/interfaces';
+export { SECURITY_EVENT_SEVERITY_MAP } from './models/interfaces';
+export type { SessionLoginResponse, ClientSession, MinimalUserData } from './models/session';
+export { useAuthStore } from './ui/stores/authStore';
+export { useAssetStore, useAssets as useAssetsStore, useAsset, useUploadProgress, useAssetLoading, useAssetErrors, useAssetsByApp, useAssetsByEntity, useAssetUsageCount, useIsAssetLinked } from './ui/stores/assetStore';
+export { useSessionSocket } from './ui/hooks/useSessionSocket';
+export { useAssets, setOxyAssetInstance } from './ui/hooks/useAssets';
+export { useFileDownloadUrl, setOxyFileUrlInstance } from './ui/hooks/useFileDownloadUrl';
+export { useFollow, useFollowerCounts } from './ui/hooks/useFollow';
+export { useUserProfile, useUserProfiles, useCurrentUser, useUserById, useUserByUsername, useUsersBySessions, usePrivacySettings, useSessions, useSession, useDeviceSessions, useUserDevices, useSecurityInfo, useSecurityActivity, useRecentSecurityActivity, } from './ui/hooks/queries';
+export { useUpdateProfile, useUploadAvatar, useUpdateAccountSettings, useUpdatePrivacySettings, useUploadFile, useSwitchSession, useLogoutSession, useLogoutAll, useUpdateDeviceName, useRemoveDevice, } from './ui/hooks/mutations';
+export { createProfileMutation, createGenericMutation, } from './ui/hooks/mutations/mutationFactory';
+export type { ProfileMutationConfig, GenericMutationConfig, } from './ui/hooks/mutations/mutationFactory';
+export { ensureValidToken, withAuthErrorHandling, authenticatedApiCall, isAuthenticationError, SessionSyncRequiredError, AuthenticationFailedError, } from './ui/utils/authHelpers';
+export type { HandleApiErrorOptions } from './ui/utils/authHelpers';
+export { handleAuthError, isInvalidSessionError, isTimeoutOrNetworkError, extractErrorMessage } from './ui/utils/errorHandlers';
+export type { HandleAuthErrorOptions } from './ui/utils/errorHandlers';
+export { useFileFiltering } from './ui/hooks/useFileFiltering';
+export type { ViewMode, SortBy, SortOrder } from './ui/hooks/useFileFiltering';
+export { OxySignInButton } from './ui/components/OxySignInButton';
+export { OxyLogo, FollowButton } from './ui';
+export { darkenColor, lightenColor, hexToRgb, rgbToHex, withOpacity, isLightColor, getContrastTextColor, } from './shared/utils/colorUtils';
+export { normalizeTheme, normalizeColorScheme, getOppositeTheme, systemPrefersDarkMode, getSystemColorScheme, } from './shared/utils/themeUtils';
+export type { ThemeValue } from './shared/utils/themeUtils';
+export { HttpStatus, getErrorStatus, getErrorMessage, isAlreadyRegisteredError, isUnauthorizedError, isForbiddenError, isNotFoundError, isRateLimitError, isServerError, isNetworkError, isRetryableError, } from './shared/utils/errorUtils';
+export { DEFAULT_CIRCUIT_BREAKER_CONFIG, createCircuitBreakerState, calculateBackoffInterval, recordFailure, recordSuccess, shouldAllowRequest, delay, withRetry, } from './shared/utils/networkUtils';
+export type { CircuitBreakerState, CircuitBreakerConfig } from './shared/utils/networkUtils';
+export * from './utils/apiUtils';
+export { ErrorCodes, createApiError, handleHttpError, validateRequiredFields, } from './utils/errorUtils';
+export { retryAsync } from './utils/asyncUtils';
+export * from './utils/validationUtils';
+export { logger, LogLevel, LogContext, logAuth, logApi, logSession, logUser, logDevice, logPayment, logPerformance } from './utils/loggerUtils';
+export * from './utils/asyncUtils';
+export * from './utils/hookUtils';
+export { showBottomSheet, closeBottomSheet } from './ui/navigation/bottomSheetManager';
+export type { RouteName } from './ui/navigation/routes';
+export { showSignInModal, hideSignInModal } from './ui/components/SignInModal';

package/dist/web/types/lib/sonner-safe.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Safe sonner export that works in both frontend and backend
+ * In frontend: exports the actual toast function
+ * In backend: exports a no-op function
+ */
+type ToastFunction = (message: string, options?: Record<string, unknown>) => void;
+declare let toast: ToastFunction;
+export { toast };

package/dist/web/types/lib/sonner.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Sonner Toast - Platform-Agnostic Entry Point
+ *
+ * Bundlers resolve platform-specific implementations:
+ * - Metro (React Native): resolves to sonner.native.ts
+ * - Vite/Webpack (Web): resolves to sonner.web.ts
+ * - Node.js/SSR: uses this file (web fallback)
+ *
+ * This file exports web as the default for /core and /web entry points.
+ */
+export { toast, Toaster, type ToastT } from './sonner.web';

package/dist/web/types/lib/sonner.web.d.ts

@@ -0,0 +1,14 @@
+interface ToastFunction {
+    (message: string, options?: Record<string, unknown>): void;
+    success: (message: string, options?: Record<string, unknown>) => void;
+    error: (message: string, options?: Record<string, unknown>) => void;
+    info: (message: string, options?: Record<string, unknown>) => void;
+    warning: (message: string, options?: Record<string, unknown>) => void;
+    loading: (message: string, options?: Record<string, unknown>) => void;
+}
+type ToasterComponent = (props?: Record<string, unknown>) => React.ReactElement | null;
+declare const webToast: ToastFunction;
+export declare const toast: ToastFunction;
+export declare const Toaster: ToasterComponent;
+export type ToastT = typeof webToast;
+export {};