npm - @spidy092/auth-client - Versions diffs - 2.1.8 → 3.0.0 - Mend

@spidy092/auth-client 2.1.8 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/Readme.md +9 -0
package/dist/api.cjs +329 -0
package/dist/api.cjs.map +1 -0
package/dist/api.js +299 -0
package/dist/api.js.map +1 -0
package/dist/index.cjs +1047 -0
package/dist/index.cjs.map +1 -0
package/dist/index.js +1008 -0
package/dist/index.js.map +1 -0
package/dist/react/AuthProvider.cjs +692 -0
package/dist/react/AuthProvider.cjs.map +1 -0
package/dist/react/AuthProvider.js +657 -0
package/dist/react/AuthProvider.js.map +1 -0
package/dist/react/useAuth.cjs +86 -0
package/dist/react/useAuth.cjs.map +1 -0
package/dist/react/useAuth.js +52 -0
package/dist/react/useAuth.js.map +1 -0
package/dist/react/useSessionMonitor.cjs +926 -0
package/dist/react/useSessionMonitor.cjs.map +1 -0
package/dist/react/useSessionMonitor.js +892 -0
package/dist/react/useSessionMonitor.js.map +1 -0
package/dist/utils/jwt.cjs +72 -0
package/dist/utils/jwt.cjs.map +1 -0
package/dist/utils/jwt.js +46 -0
package/dist/utils/jwt.js.map +1 -0
package/package.json +34 -13
package/api.js +0 -95
package/config.js +0 -63
package/core.js +0 -567
package/index.js +0 -106
package/react/AuthProvider.jsx +0 -150
package/react/useAuth.js +0 -10
package/react/useSessionMonitor.js +0 -121
package/token.js +0 -455
package/utils/jwt.js +0 -27

package/dist/react/AuthProvider.cjs ADDED Viewed

@@ -0,0 +1,692 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// react/AuthProvider.jsx
+var AuthProvider_exports = {};
+__export(AuthProvider_exports, {
+  AuthContext: () => AuthContext,
+  AuthProvider: () => AuthProvider
+});
+module.exports = __toCommonJS(AuthProvider_exports);
+var import_react = __toESM(require("react"), 1);
+// token.js
+var import_jwt_decode = require("jwt-decode");
+var accessToken = null;
+var listeners = /* @__PURE__ */ new Set();
+var REFRESH_COOKIE = "account_refresh_token";
+var COOKIE_MAX_AGE = 7 * 24 * 60 * 60;
+function secureAttribute() {
+  var _a;
+  try {
+    return typeof window !== "undefined" && ((_a = window.location) == null ? void 0 : _a.protocol) === "https:" ? "; Secure" : "";
+  } catch (err) {
+    return "";
+  }
+}
+function writeAccessToken(token) {
+  if (!token) {
+    try {
+      localStorage.removeItem("authToken");
+    } catch (err) {
+      console.warn("Could not clear token from localStorage:", err);
+    }
+    return;
+  }
+  try {
+    localStorage.setItem("authToken", token);
+  } catch (err) {
+    console.warn("Could not persist token to localStorage:", err);
+  }
+}
+function readAccessToken() {
+  try {
+    return localStorage.getItem("authToken");
+  } catch (err) {
+    console.warn("Could not read token from localStorage:", err);
+    return null;
+  }
+}
+function decode(token) {
+  try {
+    return (0, import_jwt_decode.jwtDecode)(token);
+  } catch (err) {
+    return null;
+  }
+}
+function getTimeUntilExpiry(token) {
+  if (!token) return -1;
+  const decoded = decode(token);
+  if (!(decoded == null ? void 0 : decoded.exp)) return -1;
+  const now = Date.now() / 1e3;
+  return Math.floor(decoded.exp - now);
+}
+function setToken(token) {
+  const previousToken = accessToken;
+  accessToken = token || null;
+  writeAccessToken(accessToken);
+  if (previousToken !== accessToken) {
+    listeners.forEach((listener) => {
+      try {
+        listener(accessToken, previousToken);
+      } catch (err) {
+        console.warn("Token listener error:", err);
+      }
+    });
+  }
+}
+function getToken() {
+  if (accessToken) return accessToken;
+  accessToken = readAccessToken();
+  return accessToken;
+}
+function clearToken() {
+  if (!accessToken) {
+    writeAccessToken(null);
+    clearRefreshToken();
+    return;
+  }
+  const previousToken = accessToken;
+  accessToken = null;
+  writeAccessToken(null);
+  clearRefreshToken();
+  listeners.forEach((listener) => {
+    try {
+      listener(null, previousToken);
+    } catch (err) {
+      console.warn("Token listener error:", err);
+    }
+  });
+}
+var REFRESH_TOKEN_KEY = "auth_refresh_token";
+function isHttpDevelopment() {
+  var _a;
+  try {
+    return typeof window !== "undefined" && ((_a = window.location) == null ? void 0 : _a.protocol) === "http:";
+  } catch (err) {
+    return false;
+  }
+}
+function setRefreshToken(token) {
+  if (!token) {
+    clearRefreshToken();
+    return;
+  }
+  if (isHttpDevelopment()) {
+    try {
+      localStorage.setItem(REFRESH_TOKEN_KEY, token);
+      console.log("\u{1F4E6} Refresh token stored in localStorage (HTTP dev mode)");
+    } catch (err) {
+      console.warn("Could not store refresh token:", err);
+    }
+  } else {
+    console.log("\u{1F512} Refresh token managed by server httpOnly cookie (production mode)");
+  }
+}
+function getRefreshToken() {
+  if (isHttpDevelopment()) {
+    try {
+      const token = localStorage.getItem(REFRESH_TOKEN_KEY);
+      return token;
+    } catch (err) {
+      console.warn("Could not read refresh token:", err);
+      return null;
+    }
+  }
+  return null;
+}
+function clearRefreshToken() {
+  try {
+    localStorage.removeItem(REFRESH_TOKEN_KEY);
+  } catch (err) {
+  }
+  try {
+    document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Strict${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;
+  } catch (err) {
+    console.warn("Could not clear refresh token cookie:", err);
+  }
+  try {
+    sessionStorage.removeItem(REFRESH_COOKIE);
+  } catch (err) {
+  }
+}
+// config.js
+var config = {
+  clientKey: null,
+  authBaseUrl: null,
+  redirectUri: null,
+  accountUiUrl: null,
+  isRouter: false,
+  // ✅ Add router flag
+  // ========== SESSION SECURITY SETTINGS ==========
+  // Buffer time (in seconds) before token expiry to trigger proactive refresh
+  // With 5-minute access tokens, refreshing 60s before expiry ensures seamless UX
+  tokenRefreshBuffer: 60,
+  // Interval (in milliseconds) for periodic session validation
+  // Validates that the session still exists in Keycloak (not deleted by admin)
+  // Default: 2 minutes (120000ms) - balances responsiveness vs server load
+  sessionValidationInterval: 2 * 60 * 1e3,
+  // Enable/disable periodic session validation
+  // When enabled, the client will ping the server to verify session is still active
+  enableSessionValidation: true,
+  // Enable/disable proactive token refresh
+  // When enabled, tokens are refreshed before they expire (using tokenRefreshBuffer)
+  enableProactiveRefresh: true,
+  // Validate session when browser tab becomes visible again
+  // Catches session deletions that happened while the tab was inactive
+  validateOnVisibility: true
+};
+function getConfig() {
+  return { ...config };
+}
+function isRouterMode() {
+  return config.isRouter;
+}
+// core.js
+var callbackProcessed = false;
+function login(clientKeyArg, redirectUriArg) {
+  resetCallbackState();
+  const {
+    clientKey: defaultClientKey,
+    authBaseUrl,
+    redirectUri: defaultRedirectUri,
+    accountUiUrl
+  } = getConfig();
+  const clientKey = clientKeyArg || defaultClientKey;
+  const redirectUri = redirectUriArg || defaultRedirectUri;
+  console.log("\u{1F504} Smart Login initiated:", {
+    mode: isRouterMode() ? "ROUTER" : "CLIENT",
+    clientKey,
+    redirectUri
+  });
+  if (!clientKey || !redirectUri) {
+    throw new Error("Missing clientKey or redirectUri");
+  }
+  sessionStorage.setItem("originalApp", clientKey);
+  sessionStorage.setItem("returnUrl", redirectUri);
+  if (isRouterMode()) {
+    return routerLogin(clientKey, redirectUri);
+  } else {
+    return clientLogin(clientKey, redirectUri);
+  }
+}
+function routerLogin(clientKey, redirectUri) {
+  const { authBaseUrl } = getConfig();
+  const params = new URLSearchParams();
+  if (redirectUri) {
+    params.append("redirect_uri", redirectUri);
+  }
+  const query = params.toString();
+  const backendLoginUrl = `${authBaseUrl}/login/${clientKey}${query ? `?${query}` : ""}`;
+  console.log("\u{1F3ED} Router Login: Direct backend authentication", {
+    clientKey,
+    redirectUri,
+    backendUrl: backendLoginUrl
+  });
+  window.location.href = backendLoginUrl;
+}
+function clientLogin(clientKey, redirectUri) {
+  const { accountUiUrl } = getConfig();
+  const params = new URLSearchParams({
+    client: clientKey
+  });
+  if (redirectUri) {
+    params.append("redirect_uri", redirectUri);
+  }
+  const centralizedLoginUrl = `${accountUiUrl}/login?${params.toString()}`;
+  console.log("\u{1F504} Client Login: Redirecting to centralized login", {
+    clientKey,
+    redirectUri,
+    centralizedUrl: centralizedLoginUrl
+  });
+  window.location.href = centralizedLoginUrl;
+}
+function logout() {
+  resetCallbackState();
+  const { clientKey, authBaseUrl, accountUiUrl } = getConfig();
+  const token = getToken();
+  console.log("\u{1F6AA} Smart Logout initiated");
+  clearToken();
+  clearRefreshToken();
+  sessionStorage.removeItem("originalApp");
+  sessionStorage.removeItem("returnUrl");
+  if (isRouterMode()) {
+    return routerLogout(clientKey, authBaseUrl, accountUiUrl, token);
+  } else {
+    return clientLogout(clientKey, accountUiUrl);
+  }
+}
+async function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {
+  console.log("\u{1F3ED} Router Logout");
+  const refreshToken2 = getRefreshToken();
+  try {
+    const response = await fetch(`${authBaseUrl}/logout/${clientKey}`, {
+      method: "POST",
+      credentials: "include",
+      headers: {
+        "Authorization": token ? `Bearer ${token}` : "",
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        refreshToken: refreshToken2
+      })
+    });
+    const data = await response.json();
+    console.log("\u2705 Logout response:", data);
+    clearRefreshToken();
+    clearToken();
+    console.log("\u{1F504} Redirecting to login (skipping Keycloak confirmation)");
+    window.location.href = "/login";
+  } catch (error) {
+    console.warn("\u26A0\uFE0F Logout failed:", error);
+    clearRefreshToken();
+    clearToken();
+    window.location.href = "/login";
+  }
+}
+function clientLogout(clientKey, accountUiUrl) {
+  console.log("\u{1F504} Client Logout");
+  const logoutUrl = `${accountUiUrl}/login?client=${clientKey}&logout=true`;
+  window.location.href = logoutUrl;
+}
+function resetCallbackState() {
+  callbackProcessed = false;
+}
+var refreshInProgress = false;
+var refreshPromise = null;
+async function refreshToken() {
+  const { clientKey, authBaseUrl } = getConfig();
+  if (refreshInProgress && refreshPromise) {
+    console.log("\u{1F504} Token refresh already in progress, waiting...");
+    return refreshPromise;
+  }
+  refreshInProgress = true;
+  refreshPromise = (async () => {
+    try {
+      const storedRefreshToken = getRefreshToken();
+      console.log("\u{1F504} Refreshing token:", {
+        clientKey,
+        mode: isRouterMode() ? "ROUTER" : "CLIENT",
+        hasStoredRefreshToken: !!storedRefreshToken
+      });
+      const requestOptions = {
+        method: "POST",
+        credentials: "include",
+        // ✅ Include httpOnly cookies (for HTTPS)
+        headers: {
+          "Content-Type": "application/json"
+        }
+      };
+      if (storedRefreshToken) {
+        requestOptions.headers["X-Refresh-Token"] = storedRefreshToken;
+        requestOptions.body = JSON.stringify({ refreshToken: storedRefreshToken });
+      }
+      const response = await fetch(`${authBaseUrl}/refresh/${clientKey}`, requestOptions);
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.error("\u274C Token refresh failed:", response.status, errorText);
+        throw new Error(`Refresh failed: ${response.status}`);
+      }
+      const data = await response.json();
+      const { access_token, refresh_token: new_refresh_token } = data;
+      if (!access_token) {
+        throw new Error("No access token in refresh response");
+      }
+      setToken(access_token);
+      if (new_refresh_token) {
+        setRefreshToken(new_refresh_token);
+        console.log("\u{1F504} New refresh token stored from rotation");
+      }
+      console.log("\u2705 Token refresh successful, listeners notified");
+      return access_token;
+    } catch (err) {
+      console.error("\u274C Token refresh error:", err);
+      clearToken();
+      clearRefreshToken();
+      throw err;
+    } finally {
+      refreshInProgress = false;
+      refreshPromise = null;
+    }
+  })();
+  return refreshPromise;
+}
+async function validateCurrentSession() {
+  try {
+    const { authBaseUrl } = getConfig();
+    const token = getToken();
+    if (!token || !authBaseUrl) {
+      return false;
+    }
+    const response = await fetch(`${authBaseUrl}/account/validate-session`, {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${token}`,
+        "Content-Type": "application/json"
+      },
+      credentials: "include"
+    });
+    if (!response.ok) {
+      if (response.status === 401) {
+        return false;
+      }
+      throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+    }
+    const data = await response.json();
+    return data.valid === true;
+  } catch (error) {
+    console.warn("Session validation failed:", error.message);
+    if (error.message.includes("401")) {
+      return false;
+    }
+    throw error;
+  }
+}
+var proactiveRefreshTimer = null;
+var sessionValidationTimer = null;
+var visibilityHandler = null;
+var sessionInvalidCallbacks = /* @__PURE__ */ new Set();
+function onSessionInvalid(callback) {
+  if (typeof callback === "function") {
+    sessionInvalidCallbacks.add(callback);
+  }
+  return () => sessionInvalidCallbacks.delete(callback);
+}
+function notifySessionInvalid(reason = "session_deleted") {
+  console.log("\u{1F6A8} Session invalidated:", reason);
+  sessionInvalidCallbacks.forEach((callback) => {
+    try {
+      callback(reason);
+    } catch (err) {
+      console.error("Session invalid callback error:", err);
+    }
+  });
+}
+function startProactiveRefresh() {
+  const { enableProactiveRefresh, tokenRefreshBuffer } = getConfig();
+  if (!enableProactiveRefresh) {
+    console.log("\u23F8\uFE0F Proactive refresh disabled by config");
+    return null;
+  }
+  stopProactiveRefresh();
+  const token = getToken();
+  if (!token) {
+    console.log("\u23F8\uFE0F No token, skipping proactive refresh setup");
+    return null;
+  }
+  const timeUntilExpiry = getTimeUntilExpiry(token);
+  if (timeUntilExpiry <= 0) {
+    console.log("\u26A0\uFE0F Token already expired, attempting immediate refresh");
+    refreshToken().catch((err) => {
+      console.error("\u274C Immediate refresh failed:", err);
+      notifySessionInvalid("token_expired");
+    });
+    return null;
+  }
+  const refreshIn = Math.max(0, timeUntilExpiry - tokenRefreshBuffer) * 1e3;
+  console.log(`\u{1F504} Scheduling proactive refresh in ${Math.round(refreshIn / 1e3)}s (token expires in ${timeUntilExpiry}s)`);
+  proactiveRefreshTimer = setTimeout(async () => {
+    var _a;
+    try {
+      console.log("\u{1F504} Proactive token refresh triggered");
+      await refreshToken();
+      console.log("\u2705 Proactive refresh successful, scheduling next refresh");
+      startProactiveRefresh();
+    } catch (err) {
+      console.error("\u274C Proactive refresh failed:", err);
+      const errorMessage = ((_a = err.message) == null ? void 0 : _a.toLowerCase()) || "";
+      const isPermanentFailure = errorMessage.includes("401") || errorMessage.includes("revoked") || errorMessage.includes("invalid") || errorMessage.includes("expired") || errorMessage.includes("unauthorized");
+      if (isPermanentFailure) {
+        console.log("\u{1F6A8} Token permanently invalid, triggering session expiry");
+        notifySessionInvalid("refresh_token_revoked");
+      } else {
+        proactiveRefreshTimer = setTimeout(() => startProactiveRefresh(), 3e4);
+      }
+    }
+  }, refreshIn);
+  return proactiveRefreshTimer;
+}
+function stopProactiveRefresh() {
+  if (proactiveRefreshTimer) {
+    clearTimeout(proactiveRefreshTimer);
+    proactiveRefreshTimer = null;
+    console.log("\u23F9\uFE0F Proactive refresh stopped");
+  }
+}
+function startSessionMonitor(onInvalid) {
+  const { enableSessionValidation, sessionValidationInterval, validateOnVisibility } = getConfig();
+  if (!enableSessionValidation) {
+    console.log("\u23F8\uFE0F Session validation disabled by config");
+    return null;
+  }
+  if (onInvalid && typeof onInvalid === "function") {
+    sessionInvalidCallbacks.add(onInvalid);
+  }
+  stopSessionMonitor();
+  const token = getToken();
+  if (!token) {
+    console.log("\u23F8\uFE0F No token, skipping session monitor setup");
+    return null;
+  }
+  console.log(`\u{1F441}\uFE0F Starting session monitor (interval: ${sessionValidationInterval / 1e3}s)`);
+  sessionValidationTimer = setInterval(async () => {
+    try {
+      const currentToken = getToken();
+      if (!currentToken) {
+        console.log("\u23F8\uFE0F No token, stopping session validation");
+        stopSessionMonitor();
+        return;
+      }
+      console.log("\u{1F50D} Validating session...");
+      const isValid = await validateCurrentSession();
+      if (!isValid) {
+        console.log("\u274C Session no longer valid on server");
+        stopSessionMonitor();
+        stopProactiveRefresh();
+        clearToken();
+        clearRefreshToken();
+        notifySessionInvalid("session_deleted");
+      } else {
+        console.log("\u2705 Session still valid");
+      }
+    } catch (error) {
+      console.warn("\u26A0\uFE0F Session validation check failed:", error.message);
+    }
+  }, sessionValidationInterval);
+  if (validateOnVisibility && typeof document !== "undefined") {
+    visibilityHandler = async () => {
+      if (document.visibilityState === "visible") {
+        const currentToken = getToken();
+        if (!currentToken) return;
+        console.log("\u{1F441}\uFE0F Tab visible - validating session");
+        try {
+          const isValid = await validateCurrentSession();
+          if (!isValid) {
+            console.log("\u274C Session expired while tab was hidden");
+            stopSessionMonitor();
+            stopProactiveRefresh();
+            clearToken();
+            clearRefreshToken();
+            notifySessionInvalid("session_deleted_while_hidden");
+          }
+        } catch (error) {
+          console.warn("\u26A0\uFE0F Visibility check failed:", error.message);
+        }
+      }
+    };
+    document.addEventListener("visibilitychange", visibilityHandler);
+  }
+  return sessionValidationTimer;
+}
+function stopSessionMonitor() {
+  if (sessionValidationTimer) {
+    clearInterval(sessionValidationTimer);
+    sessionValidationTimer = null;
+    console.log("\u23F9\uFE0F Session monitor stopped");
+  }
+  if (visibilityHandler && typeof document !== "undefined") {
+    document.removeEventListener("visibilitychange", visibilityHandler);
+    visibilityHandler = null;
+  }
+}
+function startSessionSecurity(onSessionInvalidCallback) {
+  console.log("\u{1F510} Starting session security (proactive refresh + session monitoring)");
+  startProactiveRefresh();
+  startSessionMonitor(onSessionInvalidCallback);
+  return {
+    stopAll: () => {
+      stopProactiveRefresh();
+      stopSessionMonitor();
+    }
+  };
+}
+function stopSessionSecurity() {
+  stopProactiveRefresh();
+  stopSessionMonitor();
+  sessionInvalidCallbacks.clear();
+  console.log("\u{1F510} Session security stopped");
+}
+// react/AuthProvider.jsx
+var AuthContext = (0, import_react.createContext)();
+function AuthProvider({ children, onSessionExpired }) {
+  const [token, setTokenState] = (0, import_react.useState)(getToken());
+  const [user, setUser] = (0, import_react.useState)(null);
+  const [loading, setLoading] = (0, import_react.useState)(!!token);
+  const [sessionValid, setSessionValid] = (0, import_react.useState)(true);
+  const sessionSecurityRef = (0, import_react.useRef)(null);
+  const handleSessionInvalid = (reason) => {
+    console.log("\u{1F6A8} AuthProvider: Session invalidated -", reason);
+    setSessionValid(false);
+    setUser(null);
+    setTokenState(null);
+    if (onSessionExpired && typeof onSessionExpired === "function") {
+      onSessionExpired(reason);
+    }
+  };
+  (0, import_react.useEffect)(() => {
+    if (token && !sessionSecurityRef.current) {
+      console.log("\u{1F510} AuthProvider: Starting session security");
+      const unsubscribe = onSessionInvalid(handleSessionInvalid);
+      sessionSecurityRef.current = startSessionSecurity(handleSessionInvalid);
+      return () => {
+        unsubscribe();
+        if (sessionSecurityRef.current) {
+          sessionSecurityRef.current.stopAll();
+          sessionSecurityRef.current = null;
+        }
+      };
+    }
+    if (!token && sessionSecurityRef.current) {
+      sessionSecurityRef.current.stopAll();
+      sessionSecurityRef.current = null;
+    }
+  }, [token]);
+  (0, import_react.useEffect)(() => {
+    console.log("\u{1F50D} AuthProvider useEffect triggered:", {
+      hasToken: !!token,
+      tokenLength: token == null ? void 0 : token.length
+    });
+    if (!token) {
+      console.log("\u26A0\uFE0F AuthProvider: No token, setting loading=false");
+      setLoading(false);
+      return;
+    }
+    const { authBaseUrl } = getConfig();
+    if (!authBaseUrl) {
+      console.warn("AuthProvider: No authBaseUrl configured");
+      setLoading(false);
+      return;
+    }
+    console.log("\u{1F310} AuthProvider: Fetching profile with token...", {
+      authBaseUrl,
+      tokenPreview: token.slice(0, 50) + "..."
+    });
+    fetch(`${authBaseUrl}/account/profile`, {
+      headers: { Authorization: `Bearer ${token}` },
+      credentials: "include"
+    }).then((res) => {
+      console.log("\u{1F4E5} Profile response status:", res.status);
+      if (!res.ok) throw new Error("Failed to fetch user");
+      return res.json();
+    }).then((userData) => {
+      console.log("\u2705 Profile fetched successfully:", userData.email);
+      setUser(userData);
+      setSessionValid(true);
+      setLoading(false);
+    }).catch((err) => {
+      console.error("\u274C Fetch user error:", err);
+      clearToken();
+      setTokenState(null);
+      setUser(null);
+      setLoading(false);
+    });
+  }, [token]);
+  const login2 = (clientKey, redirectUri, state) => {
+    login(clientKey, redirectUri, state);
+  };
+  const logout2 = () => {
+    stopSessionSecurity();
+    sessionSecurityRef.current = null;
+    logout();
+    setUser(null);
+    setTokenState(null);
+    setSessionValid(true);
+  };
+  const value = {
+    token,
+    user,
+    loading,
+    login: login2,
+    logout: logout2,
+    isAuthenticated: !!token && !!user && sessionValid,
+    sessionValid,
+    setUser,
+    setToken: (newToken) => {
+      setToken(newToken);
+      setTokenState(newToken);
+      setSessionValid(true);
+    },
+    clearToken: () => {
+      stopSessionSecurity();
+      sessionSecurityRef.current = null;
+      clearToken();
+      setTokenState(null);
+      setUser(null);
+    }
+  };
+  return /* @__PURE__ */ import_react.default.createElement(AuthContext.Provider, { value }, children);
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthContext,
+  AuthProvider
+});
+//# sourceMappingURL=AuthProvider.cjs.map