@proveanything/smartlinks-auth-ui 0.5.15 → 0.5.17

package/dist/components/SmartlinksAuthUI.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SmartlinksAuthUI.d.ts","sourceRoot":"","sources":["../../src/components/SmartlinksAuthUI.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA+C,MAAM,OAAO,CAAC;AAcpE,OAAO,KAAK,EAAE,qBAAqB,EAAyF,MAAM,UAAU,CAAC;AAgT7I,QAAA,MAAM,mBAAmB,QAAa,OAAO,CAAC,IAAI,CAqBjD,CAAC;AAqDF,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAI/B,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,EAAE,CAAC,qBAAqB,CA8qE5D,CAAC"}
+{"version":3,"file":"SmartlinksAuthUI.d.ts","sourceRoot":"","sources":["../../src/components/SmartlinksAuthUI.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA+C,MAAM,OAAO,CAAC;AAcpE,OAAO,KAAK,EAAE,qBAAqB,EAAyF,MAAM,UAAU,CAAC;AA2V7I,QAAA,MAAM,mBAAmB,QAAa,OAAO,CAAC,IAAI,CAqBjD,CAAC;AAqDF,OAAO,EAAE,mBAAmB,EAAE,CAAC;AAI/B,eAAO,MAAM,gBAAgB,EAAE,KAAK,CAAC,EAAE,CAAC,qBAAqB,CAutE5D,CAAC"}

package/dist/context/AuthContext.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../src/context/AuthContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA8E,MAAM,OAAO,CAAC;AAOnG,OAAO,KAAK,EAAqC,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGvG,eAAO,MAAM,WAAW,6CAAyD,CAAC;AAGlF,YAAY,EAAE,gBAAgB,EAAE,CAAC;AAEjC,eAAO,MAAM,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC,iBAAiB,CA4oCpD,CAAC;AAEF,eAAO,MAAM,OAAO,QAAO,gBAM1B,CAAC"}
+{"version":3,"file":"AuthContext.d.ts","sourceRoot":"","sources":["../../src/context/AuthContext.tsx"],"names":[],"mappings":"AAAA,OAAO,KAA8E,MAAM,OAAO,CAAC;AAOnG,OAAO,KAAK,EAAqC,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGvG,eAAO,MAAM,WAAW,6CAAyD,CAAC;AAGlF,YAAY,EAAE,gBAAgB,EAAE,CAAC;AAEjC,eAAO,MAAM,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC,iBAAiB,CAoqCpD,CAAC;AAEF,eAAO,MAAM,OAAO,QAAO,gBAM1B,CAAC"}

package/dist/index.esm.js

@@ -12134,10 +12134,34 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
             }
         });
     }, []);
-    // Sync contact to Smartlinks (non-blocking)
+    // Sync contact to Smartlinks (non-blocking).
+    // Strategy: call publicGetMine() first — the "me" endpoint tells us if a
+    // contact already exists for this (org, userId) pair. If it does, we skip
+    // the upsert entirely (the backend's "upsert" currently calls
+    // prisma.contact.create() unconditionally and 400s on the unique
+    // constraint, so we must not call it for returning users). Only when no
+    // contact exists do we create one via publicUpsert.
     const syncContact = useCallback(async (authUser, customFields) => {
         if (!collectionId || !shouldSyncContacts)
             return null;
+        // 1. Look up existing contact via the "me" endpoint.
+        try {
+            const myContactResponse = await smartlinks.contact.publicGetMine(collectionId);
+            const existing = myContactResponse?.contact;
+            if (existing?.contactId) {
+                if (!proxyMode) {
+                    await tokenStorage.saveContactId(existing.contactId);
+                }
+                setContact(existing);
+                setContactId(existing.contactId);
+                notifyAuthStateChange('CONTACT_SYNCED', authUser, token, accountData, accountInfo, isVerified, existing, existing.contactId);
+                return existing.contactId;
+            }
+        }
+        catch (lookupErr) {
+            // Non-fatal — fall through to create.
+        }
+        // 2. No existing contact — create one.
         try {
             const result = await smartlinks.contact.publicUpsert(collectionId, {
                 userId: authUser.uid,
@@ -13088,8 +13112,48 @@ const useAuth = () => {
 };
 
 // VERSION: Update this when making changes to help identify which version is running
-const AUTH_UI_VERSION = '46';
+const AUTH_UI_VERSION = '47';
 const LOG_PREFIX = `[SmartlinksAuthUI:v${AUTH_UI_VERSION}]`;
+const PERMANENT_WHATSAPP_EXCHANGE_ERROR_CODES = new Set([
+    'TOKEN_ALREADY_USED',
+    'SESSION_ALREADY_USED',
+    'WHATSAPP_SESSION_ALREADY_USED',
+    'INVALID_TOKEN',
+    'TOKEN_EXPIRED',
+    'INVALID_SESSION',
+    'SESSION_EXPIRED',
+    'SESSION_NOT_FOUND',
+]);
+const getExchangeErrorCode = (error) => {
+    if (!error || typeof error !== 'object')
+        return undefined;
+    const err = error;
+    return err.errorCode || err.details?.errorCode || err.details?.error || err.response?.data?.errorCode || err.response?.data?.error;
+};
+const getExchangeErrorStatus = (error) => {
+    if (!error || typeof error !== 'object')
+        return undefined;
+    const err = error;
+    return err.statusCode || err.status || err.response?.status;
+};
+const getExchangeErrorMessage = (error) => {
+    if (error instanceof Error)
+        return error.message || '';
+    if (!error || typeof error !== 'object')
+        return '';
+    const err = error;
+    return err.message || err.details?.message || err.response?.data?.message || '';
+};
+const isPermanentWhatsAppExchangeError = (error) => {
+    const errorCode = getExchangeErrorCode(error)?.toUpperCase();
+    if (errorCode && PERMANENT_WHATSAPP_EXCHANGE_ERROR_CODES.has(errorCode)) {
+        return true;
+    }
+    const status = getExchangeErrorStatus(error);
+    const message = getExchangeErrorMessage(error).toLowerCase();
+    const looksPermanentMessage = /(already used|already been used|session.*used|expired|invalid|not found|consumed)/i.test(message);
+    return looksPermanentMessage && [400, 401, 404, 409, 410].includes(status ?? -1);
+};
 // Normalize malformed query strings where a second '?' is used instead of '&'.
 // Some host platforms append "?mode=...&token=..." to a URL that already has a "?pageId=...",
 // resulting in "?pageId=xxx?mode=resetPassword&token=yyy". Convert any extra '?' to '&'
@@ -14731,18 +14795,40 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
         try {
             // No ensureAccount and no phone number — the backend creates/links the
             // account from the inbound WhatsApp webhook (sender's number is the proof).
-            // Resolve reply config: per-call prop wins, otherwise fall back to AuthKit default.
-            const replyConfig = whatsappReply ?? config?.whatsappReply;
+            // Resolve reply config: per-call prop wins, then AuthKit config, then a
+            // sensible built-in default so the post-verification WhatsApp reply ALWAYS
+            // carries a "Continue" CTA back to the app with the resume token in the URL.
+            // Without this, a user verifying in WhatsApp on one device/browser can't
+            // resume the session by tapping back into our app from the chat thread.
             const effectiveRedirectUrl = getRedirectUrl();
             const resumableRedirectUrl = appendWhatsAppResumeParams(effectiveRedirectUrl, '{{token}}');
+            const friendlyClientName = (clientName && clientName.trim()) || 'this app';
+            const defaultReplyConfig = {
+                enabled: true,
+                text: `You're verified! Tap below to continue signing in to ${friendlyClientName}.`,
+                cta: {
+                    body: `You're verified! Tap below to continue signing in to ${friendlyClientName}.`,
+                    buttonLabel: 'Continue',
+                    buttonUrl: '{{returnUrl}}',
+                },
+            };
+            const replyConfig = whatsappReply ??
+                config?.whatsappReply ??
+                defaultReplyConfig;
             const reply = buildWhatsAppReply(replyConfig, {
                 name: displayName,
                 clientName,
                 returnUrl: resumableRedirectUrl,
                 clientId,
             });
-            // Resolve outbound prefill message: per-call prop wins, then AuthKit default.
-            const prefillMessage = whatsappPrefillMessage ?? config?.whatsappPrefillMessage;
+            // Resolve outbound prefill message: per-call prop wins, then AuthKit config,
+            // then a sensible built-in default so the wa.me body is never blank and always
+            // carries the verification token (the SDK appends {{token}} if missing, but we
+            // also want friendly human context for the recipient).
+            const defaultPrefill = `Hi! I'd like to sign in to ${friendlyClientName}. Code: {{token}}`;
+            const prefillMessage = whatsappPrefillMessage ??
+                config?.whatsappPrefillMessage ??
+                defaultPrefill;
             // Pass collected signup details as contactData so the backend creates the
             // contact with name/customFields already attached and returns a fully
             // formed session.user — no follow-up updateProfile call needed.
@@ -14791,6 +14877,10 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
             try {
                 await updatePendingWhatsAppSession({ exchangeStartedAt: Date.now() });
                 const session = await api.exchangeWhatsAppSession(send.token, send.sessionKey);
+                const resultErrorMessage = getActionResultErrorMessage(session);
+                if (resultErrorMessage) {
+                    throw Object.assign(new Error(resultErrorMessage), session);
+                }
                 if (session?.token && session.user) {
                     await auth.login(session.token, session.user, session.accountData, true, getExpirationFromResponse(session));
                     if (!proxyMode) {
@@ -14803,6 +14893,15 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
                 }
             }
             catch (err) {
+                if (isPermanentWhatsAppExchangeError(err)) {
+                    log.warn('WhatsApp session exchange failed permanently; clearing stale pending session:', err);
+                    setAuthSuccess(false);
+                    setSuccessMessage(undefined);
+                    setError('This WhatsApp sign-in session has already been used or expired. Please start again.');
+                    setRestoredWhatsAppSend(null);
+                    await clearPendingWhatsAppSession();
+                    return true;
+                }
                 const latestPending = await loadPendingWhatsAppSession();
                 if (!latestPending) {
                     return true;
@@ -14851,9 +14950,12 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
                         color: config?.branding?.inheritHostStyles
                             ? 'hsl(var(--foreground, 215 25% 15%))'
                             : (resolvedTheme === 'dark' ? '#f1f5f9' : 'inherit')
-                    }, children: successMessage?.includes('verified') ? 'Email Verified!' :
-                        successMessage?.includes('Magic link') ? 'Check Your Email!' :
-                            mode === 'register' ? 'Account Created!' : 'Login Successful!' }), jsx("p", { style: {
+                    }, children: successMessage?.includes('WhatsApp') ? 'WhatsApp Verified!' :
+                        successMessage?.includes('Phone') ? 'Phone Verified!' :
+                            successMessage?.includes('Email verified') || successMessage?.includes('email verified') ? 'Email Verified!' :
+                                successMessage?.includes('Magic link') ? 'Check Your Email!' :
+                                    successMessage?.includes('verified') ? 'Verified!' :
+                                        mode === 'register' ? 'Account Created!' : 'Login Successful!' }), jsx("p", { style: {
                         color: config?.branding?.inheritHostStyles
                             ? 'hsl(var(--muted-foreground, 215 15% 45%))'
                             : (resolvedTheme === 'dark' ? '#94a3b8' : '#6B7280'),