@proveanything/smartlinks-auth-ui 0.5.15 → 0.5.17

package/dist/index.js

@@ -12154,10 +12154,34 @@ collectionId, enableContactSync, enableInteractionTracking, interactionAppId, in
             }
         });
     }, []);
-    // Sync contact to Smartlinks (non-blocking)
+    // Sync contact to Smartlinks (non-blocking).
+    // Strategy: call publicGetMine() first — the "me" endpoint tells us if a
+    // contact already exists for this (org, userId) pair. If it does, we skip
+    // the upsert entirely (the backend's "upsert" currently calls
+    // prisma.contact.create() unconditionally and 400s on the unique
+    // constraint, so we must not call it for returning users). Only when no
+    // contact exists do we create one via publicUpsert.
     const syncContact = React.useCallback(async (authUser, customFields) => {
         if (!collectionId || !shouldSyncContacts)
             return null;
+        // 1. Look up existing contact via the "me" endpoint.
+        try {
+            const myContactResponse = await smartlinks__namespace.contact.publicGetMine(collectionId);
+            const existing = myContactResponse?.contact;
+            if (existing?.contactId) {
+                if (!proxyMode) {
+                    await tokenStorage.saveContactId(existing.contactId);
+                }
+                setContact(existing);
+                setContactId(existing.contactId);
+                notifyAuthStateChange('CONTACT_SYNCED', authUser, token, accountData, accountInfo, isVerified, existing, existing.contactId);
+                return existing.contactId;
+            }
+        }
+        catch (lookupErr) {
+            // Non-fatal — fall through to create.
+        }
+        // 2. No existing contact — create one.
         try {
             const result = await smartlinks__namespace.contact.publicUpsert(collectionId, {
                 userId: authUser.uid,
@@ -13108,8 +13132,48 @@ const useAuth = () => {
 };
 
 // VERSION: Update this when making changes to help identify which version is running
-const AUTH_UI_VERSION = '46';
+const AUTH_UI_VERSION = '47';
 const LOG_PREFIX = `[SmartlinksAuthUI:v${AUTH_UI_VERSION}]`;
+const PERMANENT_WHATSAPP_EXCHANGE_ERROR_CODES = new Set([
+    'TOKEN_ALREADY_USED',
+    'SESSION_ALREADY_USED',
+    'WHATSAPP_SESSION_ALREADY_USED',
+    'INVALID_TOKEN',
+    'TOKEN_EXPIRED',
+    'INVALID_SESSION',
+    'SESSION_EXPIRED',
+    'SESSION_NOT_FOUND',
+]);
+const getExchangeErrorCode = (error) => {
+    if (!error || typeof error !== 'object')
+        return undefined;
+    const err = error;
+    return err.errorCode || err.details?.errorCode || err.details?.error || err.response?.data?.errorCode || err.response?.data?.error;
+};
+const getExchangeErrorStatus = (error) => {
+    if (!error || typeof error !== 'object')
+        return undefined;
+    const err = error;
+    return err.statusCode || err.status || err.response?.status;
+};
+const getExchangeErrorMessage = (error) => {
+    if (error instanceof Error)
+        return error.message || '';
+    if (!error || typeof error !== 'object')
+        return '';
+    const err = error;
+    return err.message || err.details?.message || err.response?.data?.message || '';
+};
+const isPermanentWhatsAppExchangeError = (error) => {
+    const errorCode = getExchangeErrorCode(error)?.toUpperCase();
+    if (errorCode && PERMANENT_WHATSAPP_EXCHANGE_ERROR_CODES.has(errorCode)) {
+        return true;
+    }
+    const status = getExchangeErrorStatus(error);
+    const message = getExchangeErrorMessage(error).toLowerCase();
+    const looksPermanentMessage = /(already used|already been used|session.*used|expired|invalid|not found|consumed)/i.test(message);
+    return looksPermanentMessage && [400, 401, 404, 409, 410].includes(status ?? -1);
+};
 // Normalize malformed query strings where a second '?' is used instead of '&'.
 // Some host platforms append "?mode=...&token=..." to a URL that already has a "?pageId=...",
 // resulting in "?pageId=xxx?mode=resetPassword&token=yyy". Convert any extra '?' to '&'
@@ -14751,18 +14815,40 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
         try {
             // No ensureAccount and no phone number — the backend creates/links the
             // account from the inbound WhatsApp webhook (sender's number is the proof).
-            // Resolve reply config: per-call prop wins, otherwise fall back to AuthKit default.
-            const replyConfig = whatsappReply ?? config?.whatsappReply;
+            // Resolve reply config: per-call prop wins, then AuthKit config, then a
+            // sensible built-in default so the post-verification WhatsApp reply ALWAYS
+            // carries a "Continue" CTA back to the app with the resume token in the URL.
+            // Without this, a user verifying in WhatsApp on one device/browser can't
+            // resume the session by tapping back into our app from the chat thread.
             const effectiveRedirectUrl = getRedirectUrl();
             const resumableRedirectUrl = appendWhatsAppResumeParams(effectiveRedirectUrl, '{{token}}');
+            const friendlyClientName = (clientName && clientName.trim()) || 'this app';
+            const defaultReplyConfig = {
+                enabled: true,
+                text: `You're verified! Tap below to continue signing in to ${friendlyClientName}.`,
+                cta: {
+                    body: `You're verified! Tap below to continue signing in to ${friendlyClientName}.`,
+                    buttonLabel: 'Continue',
+                    buttonUrl: '{{returnUrl}}',
+                },
+            };
+            const replyConfig = whatsappReply ??
+                config?.whatsappReply ??
+                defaultReplyConfig;
             const reply = buildWhatsAppReply(replyConfig, {
                 name: displayName,
                 clientName,
                 returnUrl: resumableRedirectUrl,
                 clientId,
             });
-            // Resolve outbound prefill message: per-call prop wins, then AuthKit default.
-            const prefillMessage = whatsappPrefillMessage ?? config?.whatsappPrefillMessage;
+            // Resolve outbound prefill message: per-call prop wins, then AuthKit config,
+            // then a sensible built-in default so the wa.me body is never blank and always
+            // carries the verification token (the SDK appends {{token}} if missing, but we
+            // also want friendly human context for the recipient).
+            const defaultPrefill = `Hi! I'd like to sign in to ${friendlyClientName}. Code: {{token}}`;
+            const prefillMessage = whatsappPrefillMessage ??
+                config?.whatsappPrefillMessage ??
+                defaultPrefill;
             // Pass collected signup details as contactData so the backend creates the
             // contact with name/customFields already attached and returns a fully
             // formed session.user — no follow-up updateProfile call needed.
@@ -14811,6 +14897,10 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
             try {
                 await updatePendingWhatsAppSession({ exchangeStartedAt: Date.now() });
                 const session = await api.exchangeWhatsAppSession(send.token, send.sessionKey);
+                const resultErrorMessage = getActionResultErrorMessage(session);
+                if (resultErrorMessage) {
+                    throw Object.assign(new Error(resultErrorMessage), session);
+                }
                 if (session?.token && session.user) {
                     await auth.login(session.token, session.user, session.accountData, true, getExpirationFromResponse(session));
                     if (!proxyMode) {
@@ -14823,6 +14913,15 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
                 }
             }
             catch (err) {
+                if (isPermanentWhatsAppExchangeError(err)) {
+                    log.warn('WhatsApp session exchange failed permanently; clearing stale pending session:', err);
+                    setAuthSuccess(false);
+                    setSuccessMessage(undefined);
+                    setError('This WhatsApp sign-in session has already been used or expired. Please start again.');
+                    setRestoredWhatsAppSend(null);
+                    await clearPendingWhatsAppSession();
+                    return true;
+                }
                 const latestPending = await loadPendingWhatsAppSession();
                 if (!latestPending) {
                     return true;
@@ -14871,9 +14970,12 @@ const SmartlinksAuthUI = ({ apiEndpoint, clientId, clientName, accountData, onAu
                         color: config?.branding?.inheritHostStyles
                             ? 'hsl(var(--foreground, 215 25% 15%))'
                             : (resolvedTheme === 'dark' ? '#f1f5f9' : 'inherit')
-                    }, children: successMessage?.includes('verified') ? 'Email Verified!' :
-                        successMessage?.includes('Magic link') ? 'Check Your Email!' :
-                            mode === 'register' ? 'Account Created!' : 'Login Successful!' }), jsxRuntime.jsx("p", { style: {
+                    }, children: successMessage?.includes('WhatsApp') ? 'WhatsApp Verified!' :
+                        successMessage?.includes('Phone') ? 'Phone Verified!' :
+                            successMessage?.includes('Email verified') || successMessage?.includes('email verified') ? 'Email Verified!' :
+                                successMessage?.includes('Magic link') ? 'Check Your Email!' :
+                                    successMessage?.includes('verified') ? 'Verified!' :
+                                        mode === 'register' ? 'Account Created!' : 'Login Successful!' }), jsxRuntime.jsx("p", { style: {
                         color: config?.branding?.inheritHostStyles
                             ? 'hsl(var(--muted-foreground, 215 15% 45%))'
                             : (resolvedTheme === 'dark' ? '#94a3b8' : '#6B7280'),