@oxyhq/services 5.5.7 → 5.5.9

package/src/__tests__/ui/hooks/real-world-scenarios.test.ts

@@ -0,0 +1,224 @@
+/**
+ * Real-world scenario test: Mention app and other Oxy ecosystem apps
+ * This test demonstrates the exact use case described in the issue
+ */
+
+describe('Real-world Oxy Ecosystem Integration', () => {
+  describe('Mention app scenario', () => {
+    // Simulate the complete Mention app setup
+    function simulateMentionAppSetup() {
+      console.log('Setting up Mention app with Oxy authentication...');
+
+      // 1. Create OxyServices for Oxy API authentication
+      const oxyServices = {
+        baseURL: 'https://api.oxy.so',
+        getBaseURL: () => 'https://api.oxy.so',
+        setBaseURL: (url: string) => {
+          console.log(`[OxyServices] Internal URL change to: ${url}`);
+        },
+        // Internal methods that need to call Oxy API
+        authenticateToken: async (token: string) => {
+          const url = `https://api.oxy.so/auth/validate`;
+          console.log(`[Internal] Validating token at: ${url}`);
+          return { valid: true, user: { id: 'user123', username: 'mentionuser' } };
+        },
+        refreshTokens: async () => {
+          const url = `https://api.oxy.so/auth/refresh`;
+          console.log(`[Internal] Refreshing tokens at: ${url}`);
+          return { accessToken: 'new-token', refreshToken: 'new-refresh' };
+        }
+      };
+
+      // 2. Create context with separation
+      let appBaseURL = oxyServices.baseURL; // Initially same
+
+      const oxyContext = {
+        oxyServices,
+        setApiUrl: (url: string) => {
+          console.log(`[App] Setting app API URL to: ${url}`);
+          appBaseURL = url; // Only affects public authFetch
+        },
+        getAppBaseURL: () => appBaseURL,
+        isAuthenticated: true,
+        user: { id: 'user123', username: 'mentionuser' },
+        login: async (username: string, password: string) => ({ id: 'user123' }),
+        logout: async () => {},
+        signUp: async (username: string, email: string, password: string) => ({ id: 'user123' }),
+        activeSessionId: 'session123'
+      };
+
+      // 3. Create authFetch that uses app-specific URL
+      const authFetch = {
+        get: async (endpoint: string) => {
+          const url = `${oxyContext.getAppBaseURL()}${endpoint}`;
+          console.log(`[AuthFetch] GET ${url}`);
+          return { data: `Response from ${url}` };
+        },
+        post: async (endpoint: string, data: any) => {
+          const url = `${oxyContext.getAppBaseURL()}${endpoint}`;
+          console.log(`[AuthFetch] POST ${url}`, data);
+          return { data: `Posted to ${url}`, created: data };
+        },
+        put: async (endpoint: string, data: any) => {
+          const url = `${oxyContext.getAppBaseURL()}${endpoint}`;
+          console.log(`[AuthFetch] PUT ${url}`, data);
+          return { data: `Updated at ${url}`, updated: data };
+        },
+        delete: async (endpoint: string) => {
+          const url = `${oxyContext.getAppBaseURL()}${endpoint}`;
+          console.log(`[AuthFetch] DELETE ${url}`);
+          return { data: `Deleted from ${url}` };
+        },
+        setApiUrl: oxyContext.setApiUrl,
+        isAuthenticated: oxyContext.isAuthenticated,
+        user: oxyContext.user
+      };
+
+      return { oxyServices, oxyContext, authFetch };
+    }
+
+    test('should enable Mention app to use its own backend with Oxy authentication', async () => {
+      console.log('\\n=== Mention App Real-world Test ===\\n');
+
+      const { oxyServices, oxyContext, authFetch } = simulateMentionAppSetup();
+
+      console.log('1. Initial setup - both use Oxy API:');
+      // Internal authentication calls
+      await oxyServices.authenticateToken('user-token');
+      
+      // Public app calls (initially to Oxy API)
+      await authFetch.get('/api/user/profile');
+
+      console.log('\\n2. Mention app configures its own backend:');
+      // This is the key change - app sets its own API URL
+      authFetch.setApiUrl('https://mention.earth/api');
+
+      console.log('\\n3. After configuration - clean separation:');
+      
+      // Internal module calls STILL go to Oxy API
+      await oxyServices.authenticateToken('user-token');
+      await oxyServices.refreshTokens();
+      
+      // Public authFetch calls now go to Mention's backend
+      await authFetch.get('/api/mentions');
+      await authFetch.post('/api/mentions', { 
+        text: 'Hello world from Mention!',
+        userId: 'user123'
+      });
+      await authFetch.put('/api/mentions/123', { 
+        text: 'Updated mention text' 
+      });
+      await authFetch.delete('/api/mentions/456');
+
+      console.log('\\n4. Verification:');
+      const internalURL = oxyServices.getBaseURL();
+      const publicURL = oxyContext.getAppBaseURL();
+      
+      console.log(`Internal (Oxy API): ${internalURL}`);
+      console.log(`Public (Mention API): ${publicURL}`);
+
+      // Verify the separation
+      expect(internalURL).toBe('https://api.oxy.so');
+      expect(publicURL).toBe('https://mention.earth/api');
+
+      console.log('\\n✅ Mention app can use Oxy auth with its own backend!');
+    });
+
+    test('should support multiple Oxy ecosystem apps with different backends', async () => {
+      console.log('\\n=== Multiple Oxy Apps Test ===\\n');
+
+      // Simulate different apps in the Oxy ecosystem
+      const apps = [
+        { name: 'Mention', url: 'https://mention.earth/api' },
+        { name: 'Homiio', url: 'https://homiio.com/api' },
+        { name: 'Custom App', url: 'https://my-custom-app.com/api' }
+      ];
+
+      for (const app of apps) {
+        console.log(`${app.name} app setup:`);
+        
+        const { oxyServices, oxyContext, authFetch } = simulateMentionAppSetup();
+        
+        // Each app configures its own backend
+        authFetch.setApiUrl(app.url);
+        
+        // Internal auth still works with Oxy
+        await oxyServices.authenticateToken('token');
+        
+        // App-specific calls go to app backend
+        await authFetch.get('/api/data');
+        
+        // Verify separation for each app
+        expect(oxyServices.getBaseURL()).toBe('https://api.oxy.so');
+        expect(oxyContext.getAppBaseURL()).toBe(app.url);
+        
+        console.log(`  ✅ ${app.name} configured successfully\\n`);
+      }
+
+      console.log('✅ Multiple apps can coexist with independent backends!');
+    });
+
+    test('should demonstrate zero-config setup with runtime configuration', async () => {
+      console.log('\\n=== Zero-Config + Runtime Config Test ===\\n');
+
+      console.log('1. Zero-config setup (as described in issue):');
+      
+      // App developer just needs to:
+      const { oxyServices, authFetch } = simulateMentionAppSetup();
+      
+      console.log('   - Create OxyServices instance ✅');
+      console.log('   - Wrap app with OxyProvider ✅');
+      console.log('   - Use authFetch in components ✅');
+      
+      console.log('\\n2. Runtime configuration (almost zero setup):');
+      
+      // App can dynamically configure its API
+      authFetch.setApiUrl('https://production.myapp.com/api');
+      
+      console.log('\\n3. Everything works seamlessly:');
+      
+      // Authentication through Oxy
+      await oxyServices.authenticateToken('user-token');
+      
+      // App data through app's backend
+      await authFetch.get('/api/app-specific-data');
+      await authFetch.post('/api/app-actions', { action: 'create' });
+      
+      console.log('\\n✅ Zero-config setup with runtime flexibility achieved!');
+    });
+  });
+
+  describe('Backend integration scenarios', () => {
+    test('should support backend token validation while frontend uses app API', async () => {
+      console.log('\\n=== Backend Integration Test ===\\n');
+
+      // Simulate backend middleware
+      const backendOxyServices = {
+        baseURL: 'https://api.oxy.so',
+        authenticateToken: async (token: string) => {
+          const url = `https://api.oxy.so/auth/validate`;
+          console.log(`[Backend] Validating token at: ${url}`);
+          return { 
+            valid: true, 
+            user: { id: 'user123', username: 'testuser' },
+            userId: 'user123'
+          };
+        }
+      };
+
+      // Simulate frontend using app API
+      const { authFetch } = simulateMentionAppSetup();
+      authFetch.setApiUrl('https://myapp.com/api');
+
+      console.log('1. Frontend makes authenticated request to app backend:');
+      await authFetch.post('/api/protected-endpoint', { data: 'sensitive' });
+
+      console.log('\\n2. Backend validates token with Oxy API:');
+      const tokenValidation = await backendOxyServices.authenticateToken('user-jwt-token');
+      
+      console.log('   Token validation result:', tokenValidation);
+
+      console.log('\\n✅ Backend validates with Oxy, frontend uses app API!');
+    });
+  });
+});

package/src/__tests__/ui/hooks/url-resolution.test.ts

@@ -0,0 +1,129 @@
+/**
+ * Tests for URL resolution in separated authFetch implementation
+ */
+
+describe('URL Resolution Separation', () => {
+  describe('resolveURL function behavior', () => {
+    // Mock implementation of resolveURL logic used in useAuthFetch
+    function resolveURL(input: RequestInfo | URL, baseURL: string): string {
+      if (!baseURL) {
+        throw new Error('Base URL not configured. Please provide a baseURL in OxyServices configuration.');
+      }
+
+      const url = input.toString();
+      
+      // If it's already a full URL (http/https), return as is
+      if (url.startsWith('http://') || url.startsWith('https://')) {
+        return url;
+      }
+      
+      // Normalize base URL (remove trailing slash)
+      const normalizedBaseURL = baseURL.replace(/\/$/, '');
+      
+      // If URL starts with /, it's relative to base URL
+      if (url.startsWith('/')) {
+        return `${normalizedBaseURL}${url}`;
+      }
+      
+      // Otherwise, append to base URL with /
+      return `${normalizedBaseURL}/${url}`;
+    }
+
+    test('should resolve relative URLs with app base URL', () => {
+      const appBaseURL = 'https://myapp.example.com';
+      
+      expect(resolveURL('/api/users', appBaseURL)).toBe('https://myapp.example.com/api/users');
+      expect(resolveURL('api/users', appBaseURL)).toBe('https://myapp.example.com/api/users');
+      expect(resolveURL('/api/posts', appBaseURL)).toBe('https://myapp.example.com/api/posts');
+    });
+
+    test('should preserve absolute URLs unchanged', () => {
+      const appBaseURL = 'https://myapp.example.com';
+      const absoluteURL = 'https://external-api.example.com/data';
+      
+      expect(resolveURL(absoluteURL, appBaseURL)).toBe(absoluteURL);
+    });
+
+    test('should handle different app base URLs independently', () => {
+      const appBaseURL1 = 'https://app1.example.com';
+      const appBaseURL2 = 'https://app2.example.com';
+      const oxyBaseURL = 'https://api.oxy.so';
+      
+      // Same endpoint, different base URLs
+      expect(resolveURL('/api/users', appBaseURL1)).toBe('https://app1.example.com/api/users');
+      expect(resolveURL('/api/users', appBaseURL2)).toBe('https://app2.example.com/api/users');
+      expect(resolveURL('/api/users', oxyBaseURL)).toBe('https://api.oxy.so/api/users');
+    });
+
+    test('should normalize base URLs correctly', () => {
+      const baseURLWithSlash = 'https://myapp.example.com/';
+      const baseURLWithoutSlash = 'https://myapp.example.com';
+      
+      expect(resolveURL('/api/users', baseURLWithSlash)).toBe('https://myapp.example.com/api/users');
+      expect(resolveURL('/api/users', baseURLWithoutSlash)).toBe('https://myapp.example.com/api/users');
+    });
+
+    test('should throw error for missing base URL', () => {
+      expect(() => resolveURL('/api/users', '')).toThrow('Base URL not configured');
+    });
+  });
+
+  describe('Separation scenarios', () => {
+    test('should demonstrate independent URL management', () => {
+      // Simulate the separation: internal vs public URLs
+      const internalOxyURL = 'https://api.oxy.so';
+      const publicAppURL = 'https://mention.earth/api';
+      
+      // Internal module calls (would use OxyServices base URL)
+      const internalCall = resolveURL('/auth/validate', internalOxyURL);
+      expect(internalCall).toBe('https://api.oxy.so/auth/validate');
+      
+      // Public authFetch calls (would use app base URL)
+      const publicCall = resolveURL('/api/mentions', publicAppURL);
+      expect(publicCall).toBe('https://mention.earth/api/api/mentions');
+    });
+
+    test('should support dynamic app URL changes', () => {
+      // Simulate changing app URL without affecting internal URL
+      let appBaseURL = 'https://staging.myapp.com';
+      const oxyBaseURL = 'https://api.oxy.so';
+      
+      // Initial state
+      expect(resolveURL('/api/data', appBaseURL)).toBe('https://staging.myapp.com/api/data');
+      expect(resolveURL('/auth/me', oxyBaseURL)).toBe('https://api.oxy.so/auth/me');
+      
+      // App changes its URL
+      appBaseURL = 'https://production.myapp.com';
+      
+      // App URLs updated
+      expect(resolveURL('/api/data', appBaseURL)).toBe('https://production.myapp.com/api/data');
+      // Internal URLs unchanged
+      expect(resolveURL('/auth/me', oxyBaseURL)).toBe('https://api.oxy.so/auth/me');
+    });
+  });
+
+  // Helper function to mimic resolveURL from the actual implementation
+  function resolveURL(input: RequestInfo | URL, baseURL: string): string {
+    if (!baseURL) {
+      throw new Error('Base URL not configured. Please provide a baseURL in OxyServices configuration.');
+    }
+
+    const url = input.toString();
+    
+    // If it's already a full URL (http/https), return as is
+    if (url.startsWith('http://') || url.startsWith('https://')) {
+      return url;
+    }
+    
+    // Normalize base URL (remove trailing slash)
+    const normalizedBaseURL = baseURL.replace(/\/$/, '');
+    
+    // If URL starts with /, it's relative to base URL
+    if (url.startsWith('/')) {
+      return `${normalizedBaseURL}${url}`;
+    }
+    
+    // Otherwise, append to base URL with /
+    return `${normalizedBaseURL}/${url}`;
+  }
+});

package/src/__tests__/ui/hooks/useAuthFetch-separation.test.ts

@@ -0,0 +1,69 @@
+/**
+ * Tests for authFetch separation between public and internal usage
+ */
+
+import { OxyServices } from '../../../core';
+
+describe('AuthFetch Separation', () => {
+  let oxyServices: OxyServices;
+
+  beforeEach(() => {
+    oxyServices = new OxyServices({
+      baseURL: 'https://api.oxy.so'
+    });
+  });
+
+  describe('OxyServices internal base URL isolation', () => {
+    test('should preserve original base URL for internal calls', () => {
+      const originalBaseURL = 'https://api.oxy.so';
+      
+      // Verify initial state
+      expect(oxyServices.getBaseURL()).toBe(originalBaseURL);
+      
+      // Simulate app changing its own base URL (this should not affect OxyServices)
+      // Note: In the new implementation, setApiUrl only affects app authFetch, not OxyServices
+      const appBaseURL = 'https://app-api.example.com';
+      
+      // OxyServices base URL should remain unchanged
+      expect(oxyServices.getBaseURL()).toBe(originalBaseURL);
+    });
+
+    test('should handle OxyServices base URL changes separately', () => {
+      const originalBaseURL = 'https://api.oxy.so';
+      const newOxyBaseURL = 'https://new-oxy-api.example.com';
+      
+      expect(oxyServices.getBaseURL()).toBe(originalBaseURL);
+      
+      // This should still work for internal module updates
+      oxyServices.setBaseURL(newOxyBaseURL);
+      expect(oxyServices.getBaseURL()).toBe(newOxyBaseURL);
+    });
+
+    test('should maintain separation - internal vs public URLs', () => {
+      const oxyBaseURL = 'https://api.oxy.so';
+      const appBaseURL = 'https://myapp.example.com';
+      
+      // OxyServices keeps its own URL for internal calls
+      expect(oxyServices.getBaseURL()).toBe(oxyBaseURL);
+      
+      // App can have its own URL (this would be managed in context)
+      // The separation ensures these don't interfere with each other
+      expect(oxyBaseURL).not.toBe(appBaseURL);
+    });
+  });
+
+  describe('URL validation and error handling', () => {
+    test('should validate URLs properly', () => {
+      expect(() => oxyServices.setBaseURL('')).toThrow('Base URL cannot be empty');
+      expect(() => oxyServices.setBaseURL('not-a-url')).not.toThrow(); // axios will handle invalid URLs
+    });
+
+    test('should handle URL normalization', () => {
+      oxyServices.setBaseURL('https://api.example.com/');
+      expect(oxyServices.getBaseURL()).toBe('https://api.example.com/');
+      
+      oxyServices.setBaseURL('https://api.example.com');
+      expect(oxyServices.getBaseURL()).toBe('https://api.example.com');
+    });
+  });
+});

package/src/__tests__/ui/hooks/useAuthFetch.test.ts

@@ -0,0 +1,70 @@
+/**
+ * Tests for refactored useAuthFetch hook
+ */
+
+import { OxyServices } from '../../../core';
+
+describe('useAuthFetch', () => {
+  let oxyServices: OxyServices;
+
+  beforeEach(() => {
+    oxyServices = new OxyServices({
+      baseURL: 'https://api.test.com'
+    });
+  });
+
+  describe('OxyServices integration', () => {
+    test('should set and get base URL', () => {
+      expect(oxyServices.getBaseURL()).toBe('https://api.test.com');
+      
+      oxyServices.setBaseURL('https://new-api.test.com');
+      expect(oxyServices.getBaseURL()).toBe('https://new-api.test.com');
+    });
+
+    test('should throw error for empty base URL', () => {
+      expect(() => oxyServices.setBaseURL('')).toThrow('Base URL cannot be empty');
+    });
+
+    test('should handle token validation methods', () => {
+      // Test that core methods exist
+      expect(typeof oxyServices.getAccessToken).toBe('function');
+      expect(typeof oxyServices.setTokens).toBe('function');
+      expect(typeof oxyServices.clearTokens).toBe('function');
+      expect(typeof oxyServices.refreshTokens).toBe('function');
+    });
+  });
+
+  describe('URL resolution', () => {
+    test('should resolve relative URLs correctly', () => {
+      // This tests the logic that would be used in resolveURL function
+      const baseURL = 'https://api.test.com';
+      
+      // Test relative URL with leading slash
+      const relativeUrl = '/api/users';
+      const expectedUrl = `${baseURL}${relativeUrl}`;
+      expect(expectedUrl).toBe('https://api.test.com/api/users');
+      
+      // Test relative URL without leading slash
+      const relativeUrl2 = 'api/users';
+      const expectedUrl2 = `${baseURL}/${relativeUrl2}`;
+      expect(expectedUrl2).toBe('https://api.test.com/api/users');
+      
+      // Test absolute URL (should remain unchanged)
+      const absoluteUrl = 'https://other-api.test.com/api/users';
+      expect(absoluteUrl).toBe('https://other-api.test.com/api/users');
+    });
+  });
+
+  describe('Authentication middleware compatibility', () => {
+    test('should create middleware function', () => {
+      const middleware = oxyServices.createAuthenticateTokenMiddleware();
+      expect(typeof middleware).toBe('function');
+    });
+
+    test('should validate tokens', async () => {
+      const result = await oxyServices.authenticateToken('invalid-token');
+      expect(result.valid).toBe(false);
+      expect(result.error).toBeTruthy();
+    });
+  });
+});

package/src/core/index.ts

@@ -68,14 +68,9 @@ interface JwtPayload {
 /**
  * OxyServices - Client library for interacting with the Oxy API
  * 
- * ⚠️  IMPORTANT: For authentication operations, use the new AuthManager class instead.
- * This provides a centralized, professional authentication system.
- * 
- * @deprecated Direct authentication methods - Use AuthManager instead
- * @see packages/services/docs/authentication-v2.md
+ * Note: For authentication status in UI components, use `isAuthenticated` from useOxy() context
+ * instead of checking token status directly on this service.
  */
-export { AuthManager } from './AuthManager';
-
 export class OxyServices {
   private client: AxiosInstance;
   private accessToken: string | null = null;
@@ -169,6 +164,17 @@ export class OxyServices {
     return this.client.defaults.baseURL || '';
   }
 
+  /**
+   * Sets/updates the base URL for this OxyServices instance
+   * @param baseURL - The new base URL to use for API requests
+   */
+  public setBaseURL(baseURL: string): void {
+    if (!baseURL) {
+      throw new Error('Base URL cannot be empty');
+    }
+    this.client.defaults.baseURL = baseURL;
+  }
+
   /**
    * Gets the currently authenticated user ID from the token
    * @returns The user ID or null if not authenticated