@pelican-identity/auth-core 1.2.10 → 1.2.11

package/dist/index.js

@@ -188,16 +188,32 @@ var StateMachine = class {
 var Transport = class {
   constructor(handlers) {
     this.reconnectAttempts = 0;
-    this.maxReconnectAttempts = 5;
+    this.maxReconnectAttempts = 3;
+    // Reduced from 5 for mobile
     this.isExplicitlyClosed = false;
+    this.isReconnecting = false;
     this.handlers = handlers;
   }
+  /**
+   * Establish WebSocket connection
+   * @param url - WebSocket URL
+   */
   connect(url) {
     this.url = url;
     this.isExplicitlyClosed = false;
+    if (this.socket) {
+      this.socket.onclose = null;
+      this.socket.onerror = null;
+      this.socket.onmessage = null;
+      this.socket.onopen = null;
+      if (this.socket.readyState === WebSocket.OPEN || this.socket.readyState === WebSocket.CONNECTING) {
+        this.socket.close();
+      }
+    }
     this.socket = new WebSocket(url);
     this.socket.onopen = () => {
       this.reconnectAttempts = 0;
+      this.isReconnecting = false;
       this.handlers.onOpen?.();
     };
     this.socket.onmessage = (e) => {
@@ -205,43 +221,103 @@ var Transport = class {
         const data = JSON.parse(e.data);
         this.handlers.onMessage?.(data);
       } catch (err) {
-        console.error("Failed to parse message", err);
+        console.error("Failed to parse WebSocket message", err);
       }
     };
     this.socket.onerror = (e) => {
-      this.handlers.onError?.(e);
+      if (!this.isReconnecting && !this.isExplicitlyClosed) {
+        this.handlers.onError?.(e);
+      }
     };
     this.socket.onclose = (e) => {
-      this.handlers.onClose?.(e);
-      if (!this.isExplicitlyClosed) {
+      if (this.reconnectTimeout) {
+        clearTimeout(this.reconnectTimeout);
+        this.reconnectTimeout = void 0;
+      }
+      if (!this.isReconnecting) {
+        this.handlers.onClose?.(e);
+      }
+      if (!this.isExplicitlyClosed && !this.isReconnecting && this.reconnectAttempts < this.maxReconnectAttempts) {
         this.attemptReconnect();
       }
     };
   }
+  /**
+   * Attempt to reconnect with exponential backoff
+   */
   attemptReconnect() {
     if (this.reconnectAttempts >= this.maxReconnectAttempts) {
-      console.error("\u274C Max reconnect attempts reached");
+      console.warn("Max WebSocket reconnect attempts reached");
       return;
     }
+    this.isReconnecting = true;
     this.reconnectAttempts++;
-    const delay = Math.pow(2, this.reconnectAttempts) * 500;
-    setTimeout(() => {
-      if (this.url) this.connect(this.url);
+    const delay = Math.min(Math.pow(2, this.reconnectAttempts - 1) * 500, 2e3);
+    console.log(
+      `Reconnecting WebSocket (attempt ${this.reconnectAttempts}/${this.maxReconnectAttempts}) in ${delay}ms...`
+    );
+    this.reconnectTimeout = window.setTimeout(() => {
+      if (this.url && !this.isExplicitlyClosed) {
+        this.connect(this.url);
+      }
     }, delay);
   }
+  /**
+   * Send a message through the WebSocket
+   * Queues message if connection is not open
+   */
   send(payload) {
     if (this.socket?.readyState === WebSocket.OPEN) {
-      this.socket.send(JSON.stringify(payload));
+      try {
+        this.socket.send(JSON.stringify(payload));
+      } catch (err) {
+        console.error("Failed to send WebSocket message:", err);
+      }
+    } else {
+      console.warn(
+        "WebSocket not open, message not sent:",
+        this.socket?.readyState
+      );
     }
   }
+  /**
+   * Close the WebSocket connection
+   * Prevents automatic reconnection
+   */
   close() {
     this.isExplicitlyClosed = true;
-    this.socket?.close();
+    this.isReconnecting = false;
+    if (this.reconnectTimeout) {
+      clearTimeout(this.reconnectTimeout);
+      this.reconnectTimeout = void 0;
+    }
+    if (this.socket) {
+      this.socket.onclose = null;
+      this.socket.onerror = null;
+      this.socket.onmessage = null;
+      this.socket.onopen = null;
+      if (this.socket.readyState === WebSocket.OPEN || this.socket.readyState === WebSocket.CONNECTING) {
+        this.socket.close();
+      }
+      this.socket = void 0;
+    }
+  }
+  /**
+   * Get current connection state
+   */
+  get readyState() {
+    return this.socket?.readyState;
+  }
+  /**
+   * Check if connection is open
+   */
+  get isOpen() {
+    return this.socket?.readyState === WebSocket.OPEN;
   }
 };
 
 // src/constants.ts
-var BASEURL = "https://identityapi.pelicanidentity.com";
+var BASEURL = "http://192.168.1.9:8080";
 
 // src/engine/engine.ts
 var PelicanAuthentication = class {
@@ -250,6 +326,7 @@ var PelicanAuthentication = class {
     this.stateMachine = new StateMachine();
     this.sessionId = "";
     this.sessionKey = null;
+    this.useWebSocket = true;
     this.listeners = {};
     if (!config.publicKey) throw new Error("Missing publicKey");
     if (!config.projectId) throw new Error("Missing projectId");
@@ -262,104 +339,67 @@ var PelicanAuthentication = class {
     this.stateMachine.subscribe((s) => this.emit("state", s));
     this.attachVisibilityRecovery();
   }
-  /* -------------------- public API -------------------- */
-  /**
-   * Subscribe to SDK events (qr, deeplink, success, error, state)
-   * @returns Unsubscribe function
-   */
+  /* -------------------- Public API -------------------- */
   on(event, cb) {
     var _a;
     (_a = this.listeners)[event] ?? (_a[event] = /* @__PURE__ */ new Set());
     this.listeners[event].add(cb);
     return () => this.listeners[event].delete(cb);
   }
-  /**
-   * Initializes the authentication flow.
-   * Fetches a relay, establishes a WebSocket, and generates the E2EE session key.
-   */
   async start() {
     if (this.stateMachine.current !== "idle") return;
     this.resetSession();
     clearAuthSession();
     this.stateMachine.transition("initializing");
     try {
-      const relay = await this.fetchRelayUrl();
       this.sessionKey = this.crypto.generateSymmetricKey();
       this.sessionId = crypto.randomUUID() + crypto.randomUUID();
-      this.transport = new Transport({
-        onOpen: () => {
-          this.transport.send({
-            type: "register",
-            sessionID: this.sessionId,
-            ...this.config
-          });
-          this.stateMachine.transition("awaiting-pair");
-        },
-        onMessage: (msg) => this.handleMessage(msg),
-        onError: () => this.fail(new Error("WebSocket connection failed"))
-      });
-      this.transport.connect(relay);
-      await this.emitEntryPoint();
+      this.useWebSocket = this.shouldUseWebSocket();
+      if (this.useWebSocket) {
+        await this.startWebSocketFlow();
+      } else {
+        await this.startDeepLinkFlow();
+      }
     } catch (err) {
       this.fail(err instanceof Error ? err : new Error("Start failed"));
     }
   }
-  /**
-   * Manually stops the authentication process and closes connections.
-   */
   stop() {
     this.terminate(false);
   }
-  /* -------------------- internals -------------------- */
-  /** Fetches the WebSocket Relay URL from the backend */
-  async fetchRelayUrl() {
-    const { publicKey, projectId, authType } = this.config;
-    const res = await fetch(
-      `${BASEURL}/relay?public_key=${publicKey}&auth_type=${authType}&project_id=${projectId}`
-    );
-    if (!res.ok) {
-      const error = await res.text();
-      throw new Error(error);
-    }
-    const json = await res.json();
-    return json.relay_url;
+  destroy() {
+    this.detachVisibilityRecovery();
+    this.clearBackupCheck();
+    this.transport?.close();
+    this.transport = void 0;
+    this.listeners = {};
   }
-  /**
-   * Decides whether to show a QR code (Desktop) or a Deep Link (Mobile).
-   */
-  async emitEntryPoint() {
-    const payload = {
-      sessionID: this.sessionId,
-      sessionKey: this.sessionKey,
-      publicKey: this.config.publicKey,
-      authType: this.config.authType,
-      projectId: this.config.projectId,
-      url: window.location.href
-    };
-    const shouldUseQR = this.config.forceQRCode || !/Android|iPhone|iPad/i.test(navigator.userAgent);
-    if (!shouldUseQR && this.sessionKey) {
-      storeAuthSession(this.sessionId, this.sessionKey, 5 * 6e4);
-      this.emit(
-        "deeplink",
-        `pelicanvault://auth/deep-link?sessionID=${encodeURIComponent(
-          this.sessionId
-        )}&sessionKey=${encodeURIComponent(
-          this.sessionKey
-        )}&publicKey=${encodeURIComponent(this.config.publicKey)}&authType=${this.config.authType}&projectId=${encodeURIComponent(
-          this.config.projectId
-        )}&url=${encodeURIComponent(window.location.href)}`
-      );
-    } else {
-      const qr = await QRCode__default.default.toDataURL(JSON.stringify(payload), {
-        type: "image/png",
-        scale: 3,
-        color: { light: "#ffffff", dark: "#424242ff" }
-      });
-      this.emit("qr", qr);
-    }
+  /* -------------------- Flow Selection -------------------- */
+  shouldUseWebSocket() {
+    return this.config.forceQRCode || !/Android|iPhone|iPad/i.test(navigator.userAgent);
+  }
+  /* -------------------- WebSocket Flow (QR Code) -------------------- */
+  async startWebSocketFlow() {
+    const relay = await this.fetchRelayUrl();
+    this.transport = new Transport({
+      onOpen: () => {
+        this.transport.send({
+          type: "register",
+          sessionID: this.sessionId,
+          ...this.config
+        });
+        this.stateMachine.transition("awaiting-pair");
+      },
+      onMessage: (msg) => this.handleWebSocketMessage(msg),
+      onError: (err) => {
+        console.error("WebSocket error:", err);
+        this.fail(new Error("WebSocket connection failed"));
+      }
+    });
+    this.transport.connect(relay);
+    await this.emitQRCode();
   }
-  /** Main WebSocket message router */
-  handleMessage(msg) {
+  handleWebSocketMessage(msg) {
     switch (msg.type) {
       case "paired":
         this.stateMachine.transition("paired");
@@ -374,7 +414,7 @@ var PelicanAuthentication = class {
         this.handleAuthSuccess(msg);
         return;
       case "phone-terminated":
-        this.fail(new Error("Authenticating device terminated the connection"));
+        this.fail(new Error("Authentication cancelled on device"));
         this.restartIfContinuous();
         return;
       case "confirmed":
@@ -383,9 +423,6 @@ var PelicanAuthentication = class {
         return;
     }
   }
-  /**
-   * Decrypts the identity payload received from the phone using the session key.
-   */
   handleAuthSuccess(msg) {
     if (!this.sessionKey || !msg.cipher || !msg.nonce) {
       this.fail(new Error("Invalid authentication payload"));
@@ -414,40 +451,89 @@ var PelicanAuthentication = class {
       this.restartIfContinuous();
     }
   }
-  /**
-   * Logic to handle users returning to the browser tab after using the mobile app.
-   * Checks the server for a completed session that might have finished while in background.
-   */
-  async getCachedEntry(cached) {
+  /* -------------------- Deep Link Flow (Mobile) -------------------- */
+  async startDeepLinkFlow() {
+    await this.fetchRelayUrl();
+    if (this.sessionKey) {
+      storeAuthSession(this.sessionId, this.sessionKey, 10 * 6e4);
+    }
+    await this.emitDeepLink();
+    this.stateMachine.transition("awaiting-pair");
+  }
+  clearBackupCheck() {
+    if (this.backupCheckTimeout) {
+      clearTimeout(this.backupCheckTimeout);
+      this.backupCheckTimeout = void 0;
+    }
+  }
+  async checkSession() {
+    const cached = getAuthSession();
+    if (!cached) return;
+    this.stateMachine.transition("awaiting-auth");
     try {
       const res = await fetch(
         `${BASEURL}/session?session_id=${cached.sessionId}`
       );
-      if (!res.ok) throw new Error("Invalid session");
+      if (!res.ok) return;
       const data = await res.json();
       const decrypted = this.crypto.decryptSymmetric({
         encrypted: { cipher: data.cipher, nonce: data.nonce },
         keyString: cached.sessionKey
       });
       if (!decrypted) {
-        this.fail(new Error("Invalid session data"));
-        this.restartIfContinuous();
+        console.warn("Failed to decrypt session");
         return;
       }
       const result = JSON.parse(decrypted);
-      this.emit("success", result);
+      this.clearBackupCheck();
       clearAuthSession();
-    } catch {
-      this.fail(new Error("Session recovery failed"));
-      this.restartIfContinuous();
+      this.emit("success", result);
+      this.stateMachine.transition("authenticated");
+      if (this.config.continuousMode) {
+        setTimeout(() => {
+          this.stateMachine.transition("confirmed");
+          this.start();
+        }, 1500);
+      } else {
+        this.stateMachine.transition("confirmed");
+      }
+    } catch (err) {
+      console.debug("Session check failed:", err);
     }
   }
+  /* -------------------- Entry Point Generation -------------------- */
+  async emitQRCode() {
+    const payload = {
+      sessionID: this.sessionId,
+      sessionKey: this.sessionKey,
+      publicKey: this.config.publicKey,
+      authType: this.config.authType,
+      projectId: this.config.projectId,
+      url: window.location.href
+    };
+    const qr = await QRCode__default.default.toDataURL(JSON.stringify(payload), {
+      type: "image/png",
+      scale: 3,
+      color: { light: "#ffffff", dark: "#424242ff" }
+    });
+    this.emit("qr", qr);
+  }
+  async emitDeepLink() {
+    const deeplink = `pelicanvault://auth/deep-link?sessionID=${encodeURIComponent(
+      this.sessionId
+    )}&sessionKey=${encodeURIComponent(
+      this.sessionKey
+    )}&publicKey=${encodeURIComponent(this.config.publicKey)}&authType=${this.config.authType}&projectId=${encodeURIComponent(
+      this.config.projectId
+    )}&url=${encodeURIComponent(window.location.href)}`;
+    this.emit("deeplink", deeplink);
+  }
+  /* -------------------- Visibility Recovery -------------------- */
   attachVisibilityRecovery() {
     this.visibilityHandler = async () => {
       if (document.visibilityState !== "visible") return;
-      const cached = getAuthSession();
-      if (!cached) return;
-      await this.getCachedEntry(cached);
+      if (this.useWebSocket) return;
+      await this.checkSession();
     };
     document.addEventListener("visibilitychange", this.visibilityHandler);
   }
@@ -457,18 +543,34 @@ var PelicanAuthentication = class {
       this.visibilityHandler = void 0;
     }
   }
-  /** Cleans up the current session state */
+  /* -------------------- Helpers -------------------- */
+  async fetchRelayUrl() {
+    const { publicKey, projectId, authType } = this.config;
+    const res = await fetch(
+      `${BASEURL}/relay?public_key=${publicKey}&auth_type=${authType}&project_id=${projectId}`
+    );
+    if (!res.ok) {
+      const error = await res.text();
+      throw new Error(error);
+    }
+    const json = await res.json();
+    return json.relay_url;
+  }
   terminate(success) {
-    if (!success) {
-      this.transport?.send({
-        type: "client-terminated",
-        sessionID: this.sessionId,
-        projectId: this.config.projectId,
-        publicKey: this.config.publicKey,
-        authType: this.config.authType
-      });
+    this.clearBackupCheck();
+    if (this.transport) {
+      if (!success) {
+        this.transport.send({
+          type: "client-terminated",
+          sessionID: this.sessionId,
+          projectId: this.config.projectId,
+          publicKey: this.config.publicKey,
+          authType: this.config.authType
+        });
+      }
+      this.transport.close();
+      this.transport = void 0;
     }
-    this.transport?.close();
     clearAuthSession();
     this.resetSession();
     if (!this.config.continuousMode) {
@@ -477,9 +579,11 @@ var PelicanAuthentication = class {
     this.stateMachine.transition(success ? "confirmed" : "idle");
   }
   restartIfContinuous() {
-    this.stateMachine.transition("idle");
-    this.transport?.close();
     if (!this.config.continuousMode) return;
+    this.clearBackupCheck();
+    this.transport?.close();
+    this.transport = void 0;
+    this.stateMachine.transition("idle");
     setTimeout(() => {
       this.start();
     }, 150);
@@ -488,12 +592,6 @@ var PelicanAuthentication = class {
     this.sessionId = "";
     this.sessionKey = null;
   }
-  /** Completely destroys the instance and removes all listeners */
-  destroy() {
-    this.detachVisibilityRecovery();
-    this.transport?.close();
-    this.listeners = {};
-  }
   emit(event, payload) {
     this.listeners[event]?.forEach((cb) => cb(payload));
   }