@sanity/sdk 2.1.0 → 2.1.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sanity/sdk",
-  "version": "2.1.0",
+  "version": "2.1.1",
   "private": false,
   "description": "Sanity SDK",
   "keywords": [
@@ -42,6 +42,7 @@
   "browserslist": "extends @sanity/browserslist-config",
   "prettier": "@sanity/prettier-config",
   "dependencies": {
+    "@sanity/bifur-client": "^0.4.1",
     "@sanity/client": "^7.2.1",
     "@sanity/comlink": "^3.0.4",
     "@sanity/diff-match-patch": "^3.2.0",
@@ -58,7 +59,7 @@
   },
   "devDependencies": {
     "@sanity/browserslist-config": "^1.0.5",
-    "@sanity/pkg-utils": "^7.2.2",
+    "@sanity/pkg-utils": "^7.9.6",
     "@sanity/prettier-config": "^1.0.3",
     "@types/lodash-es": "^4.17.12",
     "@vitest/coverage-v8": "3.1.2",

package/src/_exports/index.ts

@@ -104,6 +104,15 @@ export {type JsonMatch} from '../document/patchOperations'
 export {type DocumentPermissionsResult, type PermissionDeniedReason} from '../document/permissions'
 export type {FavoriteStatusResponse} from '../favorites/favorites'
 export {getFavoritesState, resolveFavoritesState} from '../favorites/favorites'
+export {getPresence} from '../presence/presenceStore'
+export type {
+  DisconnectEvent,
+  PresenceLocation,
+  RollCallEvent,
+  StateEvent,
+  TransportEvent,
+  UserPresence,
+} from '../presence/types'
 export {getPreviewState, type GetPreviewStateOptions} from '../preview/getPreviewState'
 export type {PreviewStoreState, PreviewValue, ValuePending} from '../preview/previewStore'
 export {resolvePreview, type ResolvePreviewOptions} from '../preview/resolvePreview'
@@ -127,15 +136,27 @@ export {createSanityInstance, type SanityInstance} from '../store/createSanityIn
 export {type Selector, type StateSource} from '../store/createStateSourceAction'
 export {getUsersKey, parseUsersKey} from '../users/reducers'
 export {
+  type GetUserOptions,
   type GetUsersOptions,
   type Membership,
+  type ResolveUserOptions,
   type ResolveUsersOptions,
   type SanityUser,
+  type SanityUserResponse,
   type UserProfile,
+  type UsersGroupState,
+  type UsersStoreState,
 } from '../users/types'
-export {getUsersState, loadMoreUsers, resolveUsers} from '../users/usersStore'
+export {
+  getUsersState,
+  getUserState,
+  loadMoreUsers,
+  resolveUser,
+  resolveUsers,
+} from '../users/usersStore'
 export {type FetcherStore, type FetcherStoreState} from '../utils/createFetcherStore'
 export {createGroqSearchFilter} from '../utils/createGroqSearchFilter'
+export {defineIntent, type Intent, type IntentFilter} from '../utils/defineIntent'
 export {CORE_SDK_VERSION} from '../version'
 export {
   getIndexForKey,

package/src/auth/authStore.ts

@@ -35,6 +35,7 @@ export type LoggedInAuthState = {
   type: AuthStateType.LOGGED_IN
   token: string
   currentUser: CurrentUser | null
+  lastTokenRefresh?: number
 }
 
 /**

package/src/auth/refreshStampedToken.test.ts

@@ -8,7 +8,12 @@ import {createStoreState} from '../store/createStoreState'
 import {AuthStateType} from './authStateType'
 import {type AuthState, authStore} from './authStore'
 // Import only the public function
-import {refreshStampedToken} from './refreshStampedToken'
+import {
+  getLastRefreshTime,
+  getNextRefreshDelay,
+  refreshStampedToken,
+  setLastRefreshTime,
+} from './refreshStampedToken'
 
 // Type definitions for Web Locks (can be kept if needed for context)
 // ... (Lock, LockOptions, LockGrantedCallback types)
@@ -16,6 +21,7 @@ import {refreshStampedToken} from './refreshStampedToken'
 describe('refreshStampedToken', () => {
   let mockStorage: Storage
   let originalNavigator: typeof navigator // Restored
+  let originalDocument: Document
   let subscriptions: Subscription[]
   // mockLocksRequest removed
 
@@ -25,6 +31,19 @@ describe('refreshStampedToken', () => {
     vi.useFakeTimers()
 
     originalNavigator = global.navigator // Restore original navigator setup
+
+    // Mock document for visibility API
+    originalDocument = global.document
+    Object.defineProperty(global, 'document', {
+      value: {
+        visibilityState: 'visible',
+        addEventListener: vi.fn(),
+        removeEventListener: vi.fn(),
+      },
+      writable: true,
+      configurable: true,
+    })
+
     mockStorage = {
       getItem: vi.fn(),
       setItem: vi.fn(),
@@ -76,6 +95,11 @@ describe('refreshStampedToken', () => {
       value: originalNavigator,
       writable: true,
     })
+    // Restore original document
+    Object.defineProperty(global, 'document', {
+      value: originalDocument,
+      writable: true,
+    })
     // Restore real timers
     try {
       await vi.runAllTimersAsync() // Attempt to flush cleanly
@@ -122,6 +146,49 @@ describe('refreshStampedToken', () => {
       const locksRequest = navigator.locks.request as ReturnType<typeof vi.fn>
       expect(locksRequest).not.toHaveBeenCalled()
     })
+
+    it('does not refresh when tab is not visible', async () => {
+      // Set visibility to hidden
+      Object.defineProperty(global, 'document', {
+        value: {
+          visibilityState: 'hidden',
+          addEventListener: vi.fn(),
+          removeEventListener: vi.fn(),
+        },
+        writable: true,
+        configurable: true,
+      })
+
+      const mockClient = {
+        observable: {request: vi.fn(() => of({token: 'sk-refreshed-token-st123'}))},
+      }
+      const mockClientFactory = vi.fn().mockReturnValue(mockClient)
+      const instance = createSanityInstance({
+        projectId: 'p',
+        dataset: 'd',
+        auth: {clientFactory: mockClientFactory, storageArea: mockStorage},
+      })
+      const initialState = authStore.getInitialState(instance)
+      initialState.authState = {
+        type: AuthStateType.LOGGED_IN,
+        token: 'sk-initial-token-st123',
+        currentUser: null,
+      }
+      initialState.dashboardContext = {mode: 'test'}
+      const state = createStoreState(initialState)
+
+      const subscription = refreshStampedToken({state, instance})
+      subscriptions.push(subscription)
+
+      await vi.advanceTimersToNextTimerAsync()
+
+      // Verify that no refresh occurred
+      expect(mockClient.observable.request).not.toHaveBeenCalled()
+      const finalAuthState = state.get().authState
+      if (finalAuthState.type === AuthStateType.LOGGED_IN) {
+        expect(finalAuthState.token).toBe('sk-initial-token-st123')
+      }
+    })
   })
 
   describe('non-dashboard context', () => {
@@ -150,11 +217,19 @@ describe('refreshStampedToken', () => {
         subscriptions.push(subscription!)
       }).not.toThrow()
 
-      // Avoid advancing timers here, as it would trigger the infinite loop
-      // await vi.advanceTimersByTimeAsync(0)
-
-      // No assertions about navigator.locks.request call
-      // No assertions about final token state (due to infinite loop in source)
+      // DO NOT advance timers or yield here - focus on immediate observable logic
+      // We cannot reliably test that failingLocksRequest is called due to async/timer issues,
+      // but we *can* test the consequence of it resolving to false.
+
+      // VERIFY THE OUTCOME:
+      // Check client request was NOT made (because filter(hasLock => hasLock) receives false)
+      expect(mockClient.observable.request).not.toHaveBeenCalled()
+      // Check state remains unchanged
+      const finalAuthState = state.get().authState
+      expect(finalAuthState.type).toBe(AuthStateType.LOGGED_IN)
+      if (finalAuthState.type === AuthStateType.LOGGED_IN) {
+        expect(finalAuthState.token).toBe('sk-initial-token-st123')
+      }
     })
 
     it('skips refresh if lock request returns false', async () => {
@@ -209,6 +284,61 @@ describe('refreshStampedToken', () => {
     })
   })
 
+  describe('unsupported environments', () => {
+    it('falls back to immediate refresh if Web Locks API is not supported', async () => {
+      // Temporarily remove navigator.locks for this test
+      const originalLocks = navigator.locks
+      Object.defineProperty(global.navigator, 'locks', {
+        value: undefined,
+        writable: true,
+      })
+
+      try {
+        const mockClient = {
+          observable: {request: vi.fn(() => of({token: 'sk-refreshed-immediately-st123'}))},
+        }
+        const mockClientFactory = vi.fn().mockReturnValue(mockClient)
+        const instance = createSanityInstance({
+          projectId: 'p',
+          dataset: 'd',
+          auth: {clientFactory: mockClientFactory, storageArea: mockStorage},
+        })
+        const initialState = authStore.getInitialState(instance)
+        initialState.authState = {
+          type: AuthStateType.LOGGED_IN,
+          token: 'sk-initial-token-st123',
+          currentUser: null,
+        }
+        const state = createStoreState(initialState)
+
+        const subscription = refreshStampedToken({state, instance})
+        subscriptions.push(subscription)
+
+        // Advance timers to allow the async `performRefresh` to execute
+        await vi.advanceTimersToNextTimerAsync()
+
+        // Verify the refresh was performed and state was updated
+        expect(mockClient.observable.request).toHaveBeenCalled()
+        const finalAuthState = state.get().authState
+        expect(finalAuthState.type).toBe(AuthStateType.LOGGED_IN)
+        if (finalAuthState.type === AuthStateType.LOGGED_IN) {
+          expect(finalAuthState.token).toBe('sk-refreshed-immediately-st123')
+        }
+        // Verify token was set in storage
+        expect(mockStorage.setItem).toHaveBeenCalledWith(
+          initialState.options.storageKey,
+          JSON.stringify({token: 'sk-refreshed-immediately-st123'}),
+        )
+      } finally {
+        // Restore navigator.locks
+        Object.defineProperty(global.navigator, 'locks', {
+          value: originalLocks,
+          writable: true,
+        })
+      }
+    })
+  })
+
   // Restore other tests to their simpler form
   it('sets an error state when token refresh fails', async () => {
     const error = new Error('Refresh failed')
@@ -298,3 +428,92 @@ describe('refreshStampedToken', () => {
     }
   })
 })
+
+describe('time-based refresh helpers', () => {
+  let mockStorage: Storage
+  const storageKey = 'my-test-key'
+
+  beforeEach(() => {
+    mockStorage = {
+      getItem: vi.fn(),
+      setItem: vi.fn(),
+      removeItem: vi.fn(),
+      clear: vi.fn(),
+      key: vi.fn(),
+      length: 0,
+    }
+    vi.useFakeTimers()
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  describe('getLastRefreshTime', () => {
+    it('returns 0 if storage is undefined', () => {
+      expect(getLastRefreshTime(undefined, storageKey)).toBe(0)
+    })
+
+    it('returns 0 if item is not in storage', () => {
+      vi.spyOn(mockStorage, 'getItem').mockReturnValue(null)
+      expect(getLastRefreshTime(mockStorage, storageKey)).toBe(0)
+      expect(mockStorage.getItem).toHaveBeenCalledWith(`${storageKey}_last_refresh`)
+    })
+
+    it('returns the parsed timestamp from storage', () => {
+      const now = Date.now()
+      vi.spyOn(mockStorage, 'getItem').mockReturnValue(now.toString())
+      expect(getLastRefreshTime(mockStorage, storageKey)).toBe(now)
+    })
+
+    it('returns 0 if stored data is malformed', () => {
+      vi.spyOn(mockStorage, 'getItem').mockReturnValue('not a number')
+      expect(getLastRefreshTime(mockStorage, storageKey)).toBe(0)
+    })
+
+    it('returns 0 on storage access error', () => {
+      vi.spyOn(mockStorage, 'getItem').mockImplementation(() => {
+        throw new Error('Storage access failed')
+      })
+      expect(getLastRefreshTime(mockStorage, storageKey)).toBe(0)
+    })
+  })
+
+  describe('setLastRefreshTime', () => {
+    it('sets the current timestamp in storage', () => {
+      const now = Date.now()
+      setLastRefreshTime(mockStorage, storageKey)
+      expect(mockStorage.setItem).toHaveBeenCalledWith(`${storageKey}_last_refresh`, now.toString())
+    })
+
+    it('does not throw on storage access error', () => {
+      vi.spyOn(mockStorage, 'setItem').mockImplementation(() => {
+        throw new Error('Storage access failed')
+      })
+      expect(() => setLastRefreshTime(mockStorage, storageKey)).not.toThrow()
+    })
+  })
+
+  describe('getNextRefreshDelay', () => {
+    const REFRESH_INTERVAL = 12 * 60 * 60 * 1000
+
+    it('returns 0 if last refresh time is not available', () => {
+      vi.spyOn(mockStorage, 'getItem').mockReturnValue(null)
+      expect(getNextRefreshDelay(mockStorage, storageKey)).toBe(0)
+    })
+
+    it('returns the remaining time until the next refresh', () => {
+      const lastRefresh = Date.now() - 10000 // 10 seconds ago
+      vi.spyOn(mockStorage, 'getItem').mockReturnValue(lastRefresh.toString())
+
+      const delay = getNextRefreshDelay(mockStorage, storageKey)
+      expect(delay).toBeCloseTo(REFRESH_INTERVAL - 10000, -2)
+    })
+
+    it('returns 0 if the refresh interval has passed', () => {
+      const lastRefresh = Date.now() - REFRESH_INTERVAL - 5000 // 5 seconds past due
+      vi.spyOn(mockStorage, 'getItem').mockReturnValue(lastRefresh.toString())
+      expect(getNextRefreshDelay(mockStorage, storageKey)).toBe(0)
+    })
+  })
+})

package/src/auth/refreshStampedToken.ts

@@ -20,16 +20,19 @@ import {type AuthState, type AuthStoreState} from './authStore'
 const REFRESH_INTERVAL = 12 * 60 * 60 * 1000 // 12 hours in milliseconds
 const LOCK_NAME = 'sanity-token-refresh-lock'
 
-function getLastRefreshTime(storageArea: Storage | undefined, storageKey: string): number {
+/** @internal */
+export function getLastRefreshTime(storageArea: Storage | undefined, storageKey: string): number {
   try {
     const data = storageArea?.getItem(`${storageKey}_last_refresh`)
-    return data ? parseInt(data, 10) : 0
+    const parsed = data ? parseInt(data, 10) : 0
+    return isNaN(parsed) ? 0 : parsed
   } catch {
     return 0
   }
 }
 
-function setLastRefreshTime(storageArea: Storage | undefined, storageKey: string): void {
+/** @internal */
+export function setLastRefreshTime(storageArea: Storage | undefined, storageKey: string): void {
   try {
     storageArea?.setItem(`${storageKey}_last_refresh`, Date.now().toString())
   } catch {
@@ -37,7 +40,8 @@ function setLastRefreshTime(storageArea: Storage | undefined, storageKey: string
   }
 }
 
-function getNextRefreshDelay(storageArea: Storage | undefined, storageKey: string): number {
+/** @internal */
+export function getNextRefreshDelay(storageArea: Storage | undefined, storageKey: string): number {
   const lastRefresh = getLastRefreshTime(storageArea, storageKey)
   if (!lastRefresh) return 0
 
@@ -127,6 +131,12 @@ async function acquireTokenRefreshLock(
   }
 }
 
+function shouldRefreshToken(lastRefresh: number | undefined): boolean {
+  if (!lastRefresh) return true
+  const timeSinceLastRefresh = Date.now() - lastRefresh
+  return timeSinceLastRefresh >= REFRESH_INTERVAL
+}
+
 /**
  * @internal
  */
@@ -178,51 +188,106 @@ export const refreshStampedToken = ({state}: StoreContext<AuthStoreState>): Subs
       }
 
       if (storeState.dashboardContext) {
-        return timer(REFRESH_INTERVAL, REFRESH_INTERVAL).pipe(
-          // Check if still logged in before each refresh attempt in the timer
+        return new Observable<{token: string}>((subscriber) => {
+          const visibilityHandler = () => {
+            const currentState = state.get()
+            if (
+              document.visibilityState === 'visible' &&
+              currentState.authState.type === AuthStateType.LOGGED_IN &&
+              shouldRefreshToken(currentState.authState.lastTokenRefresh)
+            ) {
+              createTokenRefreshStream(
+                currentState.authState.token,
+                clientFactory,
+                apiHost,
+              ).subscribe({
+                next: (response) => {
+                  state.set('setRefreshStampedToken', (prev) => ({
+                    authState:
+                      prev.authState.type === AuthStateType.LOGGED_IN
+                        ? {
+                            ...prev.authState,
+                            token: response.token,
+                            lastTokenRefresh: Date.now(),
+                          }
+                        : prev.authState,
+                  }))
+                  subscriber.next(response)
+                },
+                error: (error) => subscriber.error(error),
+              })
+            }
+          }
+
+          const timerSubscription = timer(REFRESH_INTERVAL, REFRESH_INTERVAL)
+            .pipe(
+              filter(() => document.visibilityState === 'visible'),
+              switchMap(() => {
+                const currentState = state.get().authState
+                if (currentState.type !== AuthStateType.LOGGED_IN) {
+                  throw new Error('User logged out before refresh could complete')
+                }
+                return createTokenRefreshStream(currentState.token, clientFactory, apiHost)
+              }),
+            )
+            .subscribe({
+              next: (response) => {
+                state.set('setRefreshStampedToken', (prev) => ({
+                  authState:
+                    prev.authState.type === AuthStateType.LOGGED_IN
+                      ? {
+                          ...prev.authState,
+                          token: response.token,
+                          lastTokenRefresh: Date.now(),
+                        }
+                      : prev.authState,
+                }))
+                subscriber.next(response)
+              },
+              error: (error) => subscriber.error(error),
+            })
+
+          document.addEventListener('visibilitychange', visibilityHandler)
+
+          return () => {
+            document.removeEventListener('visibilitychange', visibilityHandler)
+            timerSubscription.unsubscribe()
+          }
+        }).pipe(
           takeWhile(() => state.get().authState.type === AuthStateType.LOGGED_IN),
-          // Use switchMap here: if the timer ticks again, we *do* want the latest token request
-          switchMap(() =>
-            createTokenRefreshStream(storeState.authState.token, clientFactory, apiHost),
-          ),
-          // Map the successful response for the outer subscribe block
-          map((response) => ({token: response.token})),
+          map((response: {token: string}) => ({token: response.token})),
         )
       }
 
-      // If not in dashboard context, use lock-based refresh.
-      // exhaustMap prevents this from running again if state changes while lock logic is active.
-      // NOTE: Based on Web Locks API, this `from(acquireTokenRefreshLock(...))` observable
-      // will likely NOT emit if the lock is successfully acquired, as the underlying promise
-      // may never resolve due to the while(true) loop. This path needs verification.
+      // If not in dashboard context, use lock-based refresh
       return from(acquireTokenRefreshLock(performRefresh, storageArea, storageKey)).pipe(
         filter((hasLock) => hasLock),
-        // If acquireTokenRefreshLock *does* somehow resolve true (e.g., locks unsupported),
-        // emit the token that triggered this exhaustMap execution.
-        map(() => ({token: storeState.authState.token})),
+        map(() => {
+          const currentState = state.get().authState
+          if (currentState.type !== AuthStateType.LOGGED_IN) {
+            throw new Error('User logged out before refresh could complete')
+          }
+          return {token: currentState.token} as const
+        }),
       )
     }),
   )
 
   return refreshToken$.subscribe({
-    next: (response) => {
-      // This block now primarily handles updates from the dashboard timer path,
-      // or potentially from the lock path if acquireTokenRefreshLock resolves unexpectedly.
-      // exhaustMap prevents this state update from causing an immediate loop.
+    next: (response: {token: string}) => {
       state.set('setRefreshStampedToken', (prev) => ({
         authState:
           prev.authState.type === AuthStateType.LOGGED_IN
-            ? {...prev.authState, token: response.token}
+            ? {
+                ...prev.authState,
+                token: response.token,
+                lastTokenRefresh: Date.now(),
+              }
             : prev.authState,
       }))
       storageArea?.setItem(storageKey, JSON.stringify({token: response.token}))
     },
     error: (error) => {
-      // Log errors from either refresh path
-      // Consider how refresh failures should affect the overall auth state
-      // E.g., maybe attempt retry, or eventually set state to ERROR if retries fail
-      // For now, just log, avoiding immediate state change to ERROR
-      // console.error('Token refresh failed:', error) // Removed to satisfy linter
       state.set('setRefreshStampedTokenError', {authState: {type: AuthStateType.ERROR, error}})
     },
   })