@pooflabs/web 0.0.79 → 0.0.80

package/dist/{index.native-CEf5PJ_g.esm.js → index.native-DuKhZcus.esm.js}

@@ -6394,6 +6394,261 @@ var ReconnectingWebSocket = /** @class */ (function () {
     return ReconnectingWebSocket;
 }());
 
+function getDefaultExportFromCjs (x) {
+	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
+}
+
+var isRetryAllowed$1;
+var hasRequiredIsRetryAllowed;
+
+function requireIsRetryAllowed () {
+	if (hasRequiredIsRetryAllowed) return isRetryAllowed$1;
+	hasRequiredIsRetryAllowed = 1;
+
+	const denyList = new Set([
+		'ENOTFOUND',
+		'ENETUNREACH',
+
+		// SSL errors from https://github.com/nodejs/node/blob/fc8e3e2cdc521978351de257030db0076d79e0ab/src/crypto/crypto_common.cc#L301-L328
+		'UNABLE_TO_GET_ISSUER_CERT',
+		'UNABLE_TO_GET_CRL',
+		'UNABLE_TO_DECRYPT_CERT_SIGNATURE',
+		'UNABLE_TO_DECRYPT_CRL_SIGNATURE',
+		'UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY',
+		'CERT_SIGNATURE_FAILURE',
+		'CRL_SIGNATURE_FAILURE',
+		'CERT_NOT_YET_VALID',
+		'CERT_HAS_EXPIRED',
+		'CRL_NOT_YET_VALID',
+		'CRL_HAS_EXPIRED',
+		'ERROR_IN_CERT_NOT_BEFORE_FIELD',
+		'ERROR_IN_CERT_NOT_AFTER_FIELD',
+		'ERROR_IN_CRL_LAST_UPDATE_FIELD',
+		'ERROR_IN_CRL_NEXT_UPDATE_FIELD',
+		'OUT_OF_MEM',
+		'DEPTH_ZERO_SELF_SIGNED_CERT',
+		'SELF_SIGNED_CERT_IN_CHAIN',
+		'UNABLE_TO_GET_ISSUER_CERT_LOCALLY',
+		'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
+		'CERT_CHAIN_TOO_LONG',
+		'CERT_REVOKED',
+		'INVALID_CA',
+		'PATH_LENGTH_EXCEEDED',
+		'INVALID_PURPOSE',
+		'CERT_UNTRUSTED',
+		'CERT_REJECTED',
+		'HOSTNAME_MISMATCH'
+	]);
+
+	// TODO: Use `error?.code` when targeting Node.js 14
+	isRetryAllowed$1 = error => !denyList.has(error && error.code);
+	return isRetryAllowed$1;
+}
+
+var isRetryAllowedExports = requireIsRetryAllowed();
+var isRetryAllowed = /*@__PURE__*/getDefaultExportFromCjs(isRetryAllowedExports);
+
+const namespace = 'axios-retry';
+function isNetworkError(error) {
+    const CODE_EXCLUDE_LIST = ['ERR_CANCELED', 'ECONNABORTED'];
+    if (error.response) {
+        return false;
+    }
+    if (!error.code) {
+        return false;
+    }
+    // Prevents retrying timed out & cancelled requests
+    if (CODE_EXCLUDE_LIST.includes(error.code)) {
+        return false;
+    }
+    // Prevents retrying unsafe errors
+    return isRetryAllowed(error);
+}
+const SAFE_HTTP_METHODS = ['get', 'head', 'options'];
+const IDEMPOTENT_HTTP_METHODS = SAFE_HTTP_METHODS.concat(['put', 'delete']);
+function isRetryableError(error) {
+    return (error.code !== 'ECONNABORTED' &&
+        (!error.response ||
+            error.response.status === 429 ||
+            (error.response.status >= 500 && error.response.status <= 599)));
+}
+function isSafeRequestError(error) {
+    if (!error.config?.method) {
+        // Cannot determine if the request can be retried
+        return false;
+    }
+    return isRetryableError(error) && SAFE_HTTP_METHODS.indexOf(error.config.method) !== -1;
+}
+function isIdempotentRequestError(error) {
+    if (!error.config?.method) {
+        // Cannot determine if the request can be retried
+        return false;
+    }
+    return isRetryableError(error) && IDEMPOTENT_HTTP_METHODS.indexOf(error.config.method) !== -1;
+}
+function isNetworkOrIdempotentRequestError(error) {
+    return isNetworkError(error) || isIdempotentRequestError(error);
+}
+function retryAfter(error = undefined) {
+    const retryAfterHeader = error?.response?.headers['retry-after'];
+    if (!retryAfterHeader) {
+        return 0;
+    }
+    // if the retry after header is a number, convert it to milliseconds
+    let retryAfterMs = (Number(retryAfterHeader) || 0) * 1000;
+    // If the retry after header is a date, get the number of milliseconds until that date
+    if (retryAfterMs === 0) {
+        retryAfterMs = (new Date(retryAfterHeader).valueOf() || 0) - Date.now();
+    }
+    return Math.max(0, retryAfterMs);
+}
+function noDelay(_retryNumber = 0, error = undefined) {
+    return Math.max(0, retryAfter(error));
+}
+function exponentialDelay(retryNumber = 0, error = undefined, delayFactor = 100) {
+    const calculatedDelay = 2 ** retryNumber * delayFactor;
+    const delay = Math.max(calculatedDelay, retryAfter(error));
+    const randomSum = delay * 0.2 * Math.random(); // 0-20% of the delay
+    return delay + randomSum;
+}
+/**
+ * Linear delay
+ * @param {number | undefined} delayFactor - delay factor in milliseconds (default: 100)
+ * @returns {function} (retryNumber: number, error: AxiosError | undefined) => number
+ */
+function linearDelay(delayFactor = 100) {
+    return (retryNumber = 0, error = undefined) => {
+        const delay = retryNumber * delayFactor;
+        return Math.max(delay, retryAfter(error));
+    };
+}
+const DEFAULT_OPTIONS = {
+    retries: 3,
+    retryCondition: isNetworkOrIdempotentRequestError,
+    retryDelay: noDelay,
+    shouldResetTimeout: false,
+    onRetry: () => { },
+    onMaxRetryTimesExceeded: () => { },
+    validateResponse: null
+};
+function getRequestOptions(config, defaultOptions) {
+    return { ...DEFAULT_OPTIONS, ...defaultOptions, ...config[namespace] };
+}
+function setCurrentState(config, defaultOptions, resetLastRequestTime = false) {
+    const currentState = getRequestOptions(config, defaultOptions || {});
+    currentState.retryCount = currentState.retryCount || 0;
+    if (!currentState.lastRequestTime || resetLastRequestTime) {
+        currentState.lastRequestTime = Date.now();
+    }
+    config[namespace] = currentState;
+    return currentState;
+}
+function fixConfig(axiosInstance, config) {
+    // @ts-ignore
+    if (axiosInstance.defaults.agent === config.agent) {
+        // @ts-ignore
+        delete config.agent;
+    }
+    if (axiosInstance.defaults.httpAgent === config.httpAgent) {
+        delete config.httpAgent;
+    }
+    if (axiosInstance.defaults.httpsAgent === config.httpsAgent) {
+        delete config.httpsAgent;
+    }
+}
+async function shouldRetry(currentState, error) {
+    const { retries, retryCondition } = currentState;
+    const shouldRetryOrPromise = (currentState.retryCount || 0) < retries && retryCondition(error);
+    // This could be a promise
+    if (typeof shouldRetryOrPromise === 'object') {
+        try {
+            const shouldRetryPromiseResult = await shouldRetryOrPromise;
+            // keep return true unless shouldRetryPromiseResult return false for compatibility
+            return shouldRetryPromiseResult !== false;
+        }
+        catch (_err) {
+            return false;
+        }
+    }
+    return shouldRetryOrPromise;
+}
+async function handleRetry(axiosInstance, currentState, error, config) {
+    currentState.retryCount += 1;
+    const { retryDelay, shouldResetTimeout, onRetry } = currentState;
+    const delay = retryDelay(currentState.retryCount, error);
+    // Axios fails merging this configuration to the default configuration because it has an issue
+    // with circular structures: https://github.com/mzabriskie/axios/issues/370
+    fixConfig(axiosInstance, config);
+    if (!shouldResetTimeout && config.timeout && currentState.lastRequestTime) {
+        const lastRequestDuration = Date.now() - currentState.lastRequestTime;
+        const timeout = config.timeout - lastRequestDuration - delay;
+        if (timeout <= 0) {
+            return Promise.reject(error);
+        }
+        config.timeout = timeout;
+    }
+    config.transformRequest = [(data) => data];
+    await onRetry(currentState.retryCount, error, config);
+    if (config.signal?.aborted) {
+        return Promise.resolve(axiosInstance(config));
+    }
+    return new Promise((resolve) => {
+        const abortListener = () => {
+            clearTimeout(timeout);
+            resolve(axiosInstance(config));
+        };
+        const timeout = setTimeout(() => {
+            resolve(axiosInstance(config));
+            if (config.signal?.removeEventListener) {
+                config.signal.removeEventListener('abort', abortListener);
+            }
+        }, delay);
+        if (config.signal?.addEventListener) {
+            config.signal.addEventListener('abort', abortListener, { once: true });
+        }
+    });
+}
+async function handleMaxRetryTimesExceeded(currentState, error) {
+    if (currentState.retryCount >= currentState.retries)
+        await currentState.onMaxRetryTimesExceeded(error, currentState.retryCount);
+}
+const axiosRetry = (axiosInstance, defaultOptions) => {
+    const requestInterceptorId = axiosInstance.interceptors.request.use((config) => {
+        setCurrentState(config, defaultOptions, true);
+        if (config[namespace]?.validateResponse) {
+            // by setting this, all HTTP responses will be go through the error interceptor first
+            config.validateStatus = () => false;
+        }
+        return config;
+    });
+    const responseInterceptorId = axiosInstance.interceptors.response.use(null, async (error) => {
+        const { config } = error;
+        // If we have no information to retry the request
+        if (!config) {
+            return Promise.reject(error);
+        }
+        const currentState = setCurrentState(config, defaultOptions);
+        if (error.response && currentState.validateResponse?.(error.response)) {
+            // no issue with response
+            return error.response;
+        }
+        if (await shouldRetry(currentState, error)) {
+            return handleRetry(axiosInstance, currentState, error, config);
+        }
+        await handleMaxRetryTimesExceeded(currentState, error);
+        return Promise.reject(error);
+    });
+    return { requestInterceptorId, responseInterceptorId };
+};
+// Compatibility with CommonJS
+axiosRetry.isNetworkError = isNetworkError;
+axiosRetry.isSafeRequestError = isSafeRequestError;
+axiosRetry.isIdempotentRequestError = isIdempotentRequestError;
+axiosRetry.isNetworkOrIdempotentRequestError = isNetworkOrIdempotentRequestError;
+axiosRetry.exponentialDelay = exponentialDelay;
+axiosRetry.linearDelay = linearDelay;
+axiosRetry.isRetryableError = isRetryableError;
+
 let axiosClient;
 async function getAxiosAuthClient() {
     if (!axiosClient) {
@@ -6403,6 +6658,7 @@ async function getAxiosAuthClient() {
             headers: {
                 'Content-Type': 'application/json',
             },
+            timeout: 30000, // 30s timeout, matching makeApiRequest
         });
     }
     return axiosClient;
@@ -6449,15 +6705,41 @@ async function createSessionWithPrivy(authToken, address, privyIdToken) {
     });
     return response.data;
 }
+// Deduplicate concurrent refreshSession calls to prevent multiple code paths
+// (WebSocket reconnection, periodic refresh, API 401 retry) from all hitting
+// /session/refresh simultaneously.
+// Note: module-level state is shared across requests in SSR/Node — acceptable
+// since there is only one active session per server instance (same pattern as
+// refreshInFlight in api.ts).
+let refreshInFlight$1 = null;
+let refreshInFlightToken = null;
 async function refreshSession(refreshToken) {
-    const client = await getAxiosAuthClient();
-    const config = await getConfig();
-    const appId = config.appId;
-    const response = await client.post('/session/refresh', {
-        refreshToken,
-        appId
-    });
-    return response.data;
+    if (refreshInFlight$1 && refreshInFlightToken === refreshToken) {
+        return refreshInFlight$1;
+    }
+    refreshInFlightToken = refreshToken;
+    let currentFlight;
+    currentFlight = refreshInFlight$1 = (async () => {
+        try {
+            const client = await getAxiosAuthClient();
+            const config = await getConfig();
+            const appId = config.appId;
+            const response = await client.post('/session/refresh', {
+                refreshToken,
+                appId
+            });
+            return response.data;
+        }
+        finally {
+            // Only clear if we're still the active in-flight request.
+            // A second call with a different token may have replaced us.
+            if (refreshInFlight$1 === currentFlight) {
+                refreshInFlight$1 = null;
+                refreshInFlightToken = null;
+            }
+        }
+    })();
+    return refreshInFlight$1;
 }
 async function signSessionCreateMessage(_signMessageFunction) {
 }
@@ -6595,14 +6877,10 @@ class WebSessionManager {
 WebSessionManager.TAROBASE_SESSION_STORAGE_KEY = "tarobase_session_storage";
 
 var webSessionManager = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    WebSessionManager: WebSessionManager
+	__proto__: null,
+	WebSessionManager: WebSessionManager
 });
 
-function getDefaultExportFromCjs (x) {
-	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
-}
-
 var buffer$1 = {};
 
 var base64Js$1 = {};
@@ -9399,7 +9677,19 @@ async function buildSetDocumentsTransaction(connection, idl, anchorProvider, pay
         }
     }
     else if (lutKey != null) {
-        const { value: table } = await connection.getAddressLookupTable(new PublicKey(lutKey));
+        // The LUT may have just been created server-side and the client's RPC node
+        // may not have indexed it yet (load-balancer split). Retry with exponential
+        // back-off; first retry at 100 ms almost always resolves it.
+        let table = null;
+        for (let attempt = 0; attempt < 5; attempt++) {
+            const { value } = await connection.getAddressLookupTable(new PublicKey(lutKey));
+            if (value) {
+                table = value;
+                break;
+            }
+            if (attempt < 4)
+                await new Promise(r => setTimeout(r, 100 * Math.pow(2, attempt)));
+        }
         if (!table)
             throw new Error('LUT not found after creation/extend');
         lookupTables.push(table);
@@ -9534,8 +9824,8 @@ class ServerSessionManager {
 ServerSessionManager.instance = new ServerSessionManager();
 
 var serverSessionManager = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    ServerSessionManager: ServerSessionManager
+	__proto__: null,
+	ServerSessionManager: ServerSessionManager
 });
 
 /**
@@ -9634,6 +9924,23 @@ async function updateIdTokenAndAccessToken(idToken, accessToken, isServer = fals
     await WebSessionManager.updateIdTokenAndAccessToken(idToken, accessToken);
 }
 
+const apiClient = globalAxios.create();
+axiosRetry(apiClient, {
+    retries: 2,
+    retryCondition: (error) => {
+        var _a, _b;
+        // Only retry GET requests on network errors (ECONNRESET, ETIMEDOUT, etc.)
+        // Writes (POST/PUT) are not retried — the server may have processed
+        // the request before the connection was reset.
+        return axiosRetry.isNetworkError(error) && ((_b = (_a = error.config) === null || _a === void 0 ? void 0 : _a.method) === null || _b === void 0 ? void 0 : _b.toLowerCase()) === 'get';
+    },
+    retryDelay: axiosRetry.exponentialDelay,
+    shouldResetTimeout: true,
+    onRetry: (retryCount, error, requestConfig) => {
+        var _a;
+        console.warn(`[tarobase-sdk] retry ${retryCount} for ${(_a = requestConfig.method) === null || _a === void 0 ? void 0 : _a.toUpperCase()} ${requestConfig.url} — ${error.code || error.message}`);
+    },
+});
 const refreshInFlight = new Map();
 async function refreshAuthSessionOnce(appId, isServer) {
     const key = `${isServer ? "server" : "web"}:${appId}`;
@@ -9680,6 +9987,7 @@ async function makeApiRequest(method, urlPath, data, _overrides) {
         ServerSessionManager.instance.clearSession();
     };
     async function executeRequest() {
+        var _a;
         // When _getAuthHeaders is provided (wallet client), use it as the sole auth source.
         // Otherwise use the global createAuthHeader (default path).
         const authHeader = (_overrides === null || _overrides === void 0 ? void 0 : _overrides._getAuthHeaders)
@@ -9701,11 +10009,12 @@ async function makeApiRequest(method, urlPath, data, _overrides) {
             method,
             url: `${config.apiUrl}${urlPath.startsWith("/") ? urlPath : `/${urlPath}`}`,
             headers,
+            timeout: (_a = _overrides === null || _overrides === void 0 ? void 0 : _overrides.timeout) !== null && _a !== void 0 ? _a : 30000,
         };
         if (method !== "GET" && method !== "get") {
             requestConfig.data = data ? JSON.stringify(data) : {};
         }
-        const response = await globalAxios(requestConfig);
+        const response = await apiClient(requestConfig);
         return { data: response.data, status: response.status, headers: response.headers };
     }
     try {
@@ -10641,6 +10950,7 @@ function scheduleTokenRefresh(connection, isServer) {
     // This replaces the old single setTimeout approach which was unreliable for long
     // delays (browsers throttle/suspend timers in background tabs).
     connection.tokenRefreshTimer = setInterval(async () => {
+        var _a, _b;
         try {
             const currentToken = await getIdToken$1(isServer);
             if (!currentToken)
@@ -10671,6 +10981,17 @@ function scheduleTokenRefresh(connection, isServer) {
                     }
                 }
                 catch (refreshError) {
+                    // If the refresh token itself is invalid (401/403), stop retrying —
+                    // the token won't magically become valid next interval, and continuing
+                    // to hammer /session/refresh causes 429 rate-limit storms.
+                    if (((_a = refreshError === null || refreshError === void 0 ? void 0 : refreshError.response) === null || _a === void 0 ? void 0 : _a.status) === 401 || ((_b = refreshError === null || refreshError === void 0 ? void 0 : refreshError.response) === null || _b === void 0 ? void 0 : _b.status) === 403) {
+                        console.warn('[WS v2] Refresh token rejected (401/403), stopping periodic refresh');
+                        if (connection.tokenRefreshTimer) {
+                            clearInterval(connection.tokenRefreshTimer);
+                            connection.tokenRefreshTimer = null;
+                        }
+                        return;
+                    }
                     console.warn('[WS v2] Proactive token refresh failed, will retry next interval:', refreshError);
                 }
             }
@@ -10681,6 +11002,7 @@ function scheduleTokenRefresh(connection, isServer) {
     }, TOKEN_CHECK_INTERVAL);
 }
 async function getFreshAuthToken(isServer) {
+    var _a, _b;
     const currentToken = await getIdToken$1(isServer);
     if (!currentToken) {
         return null;
@@ -10703,6 +11025,17 @@ async function getFreshAuthToken(isServer) {
     }
     catch (error) {
         console.error('[WS v2] Error refreshing token:', error);
+        // If the refresh token is permanently invalid (401/403), clear the stale
+        // session from storage so future attempts don't keep retrying with it.
+        if (!isServer && (((_a = error === null || error === void 0 ? void 0 : error.response) === null || _a === void 0 ? void 0 : _a.status) === 401 || ((_b = error === null || error === void 0 ? void 0 : error.response) === null || _b === void 0 ? void 0 : _b.status) === 403)) {
+            try {
+                const { WebSessionManager } = await Promise.resolve().then(function () { return webSessionManager; });
+                WebSessionManager.clearSession();
+            }
+            catch (clearError) {
+                console.warn('[WS v2] Failed to clear stale session:', clearError);
+            }
+        }
     }
     // Return null instead of the expired token to prevent infinite 401 reconnect storms.
     // The server accepts unauthenticated connections; auth-required subscriptions will
@@ -10823,7 +11156,16 @@ async function getOrCreateConnection(appId, isServer) {
     ws.addEventListener('open', () => {
         connection.isConnecting = false;
         connection.isConnected = true;
-        connection.consecutiveAuthFailures = 0;
+        // NOTE: Do NOT reset consecutiveAuthFailures here. It is reset when a
+        // fresh auth token is actually obtained (in urlProvider, line ~389) or on
+        // an explicit auth change (reconnectWithNewAuthV2, line ~854). Resetting
+        // on every 'open' event created an infinite loop: auth fails 5x → connect
+        // without auth → open resets counter → disconnect → auth fails 5x again →
+        // repeat forever, hammering /session/refresh and causing 429s.
+        //
+        // An elevated counter is safe for anonymous/guest sessions: when there's no
+        // token at all (getIdToken returns null), the counter is never checked —
+        // urlProvider skips straight to unauthenticated connection.
         // Schedule periodic token freshness checks
         scheduleTokenRefresh(connection, isServer);
         // Re-subscribe to all existing subscriptions after reconnect
@@ -12485,15 +12827,15 @@ function clearIncompatibleSession() {
 // Lazy loaders for web-only providers.
 // Using dynamic import() ensures Metro (RN) never resolves these modules.
 async function loadPrivyWalletProvider() {
-    const mod = await import('./privy-wallet-provider-DGjYglh7.esm.js');
+    const mod = await import('./privy-wallet-provider-BLcur3Ue.esm.js');
     return mod.PrivyWalletProvider;
 }
 async function loadPhantomWalletProvider() {
-    const mod = await import('./phantom-wallet-provider-B0UmUtfB.esm.js');
+    const mod = await import('./phantom-wallet-provider--BJjVUA1.esm.js');
     return { PhantomWalletProvider: mod.PhantomWalletProvider };
 }
 async function loadSolanaMobileWalletProvider() {
-    const mod = await import('./solana-mobile-wallet-provider-DIyP-Az5.esm.js');
+    const mod = await import('./solana-mobile-wallet-provider-CFaubssb.esm.js');
     return mod.SolanaMobileWalletProvider;
 }
 async function hotSwapToPrivyProvider(config) {
@@ -15842,4 +16184,4 @@ class PrivyExpoProvider {
 }
 
 export { ReactNativeSessionManager as $, getAuthProvider as A, get as B, set as C, setMany as D, setFile as E, getFiles as F, runQuery as G, runQueryMany as H, runExpression as I, runExpressionMany as J, signMessage as K, signTransaction as L, signAndSubmitTransaction as M, count as N, aggregate as O, subscribe as P, useAuth as Q, deserializeTransaction as R, SOLANA_MAINNET_RPC_URL as S, getIdToken as T, setPlatform as U, MockAuthProvider as V, WebSessionManager as W, DEFAULT_TEST_ADDRESS as X, OffchainAuthProvider as Y, PrivyExpoProvider as Z, InsufficientBalanceError as _, SOLANA_DEVNET_RPC_URL as a, ServerSessionManager as a0, clearCache as a1, closeAllSubscriptions as a2, getCachedData as a3, getMany as a4, reconnectWithNewAuth as a5, refreshSession as a6, signSessionCreateMessage as a7, buildSetDocumentsTransaction as b, convertRemainingAccounts as c, bs58 as d, confirmAndCheckTransaction as e, createSessionWithPrivy as f, getPlatform as g, SURFNET_RPC_URL$1 as h, index as i, detectMobile as j, detectAndroid as k, setAuthLoading as l, genAuthNonce as m, genSolanaMessage as n, createSessionWithSignature as o, getDefaultExportFromCjs$1 as p, init as q, requireBuffer as r, setCurrentUser as s, getCurrentUser as t, onAuthStateChanged as u, onAuthLoadingChanged as v, getAuthLoading as w, login as x, logout as y, getConfig as z };
-//# sourceMappingURL=index.native-CEf5PJ_g.esm.js.map
+//# sourceMappingURL=index.native-DuKhZcus.esm.js.map