@symbo.ls/sdk 2.34.34 → 3.1.1

package/dist/node/services/AuthService.js

@@ -1,745 +1,153 @@
 import { BaseService } from "./BaseService.js";
 import {
+  PERMISSION_MAP,
   ROLE_PERMISSIONS,
   TIER_FEATURES,
   PROJECT_ROLE_PERMISSIONS
 } from "../utils/permission.js";
-const PLUGIN_SESSION_STORAGE_KEY = "plugin_auth_session";
 class AuthService extends BaseService {
   constructor(config) {
-    var _a, _b;
     super(config);
     this._userRoles = /* @__PURE__ */ new Set(["guest", "editor", "admin", "owner"]);
     this._projectTiers = /* @__PURE__ */ new Set([
       "ready",
-      "starter",
+      "free",
       "pro1",
       "pro2",
       "enterprise"
     ]);
-    this._projectRoleCache = /* @__PURE__ */ new Map();
-    this._roleCacheExpiry = 5 * 60 * 1e3;
-    this._pluginSession = null;
-    this._resolvePluginSession(
-      (config == null ? void 0 : config.session) || (config == null ? void 0 : config.pluginSession) || ((_a = config == null ? void 0 : config.options) == null ? void 0 : _a.pluginSession) || ((_b = config == null ? void 0 : config.context) == null ? void 0 : _b.pluginSession) || null
-    );
-  }
-  // Use BaseService.init/_request/_requireReady implementations
-  // ==================== AUTH METHODS ====================
-  async register(userData, options = {}) {
-    try {
-      const { payload, session } = this._preparePluginPayload(
-        { ...userData || {} },
-        options.session
-      );
-      const response = await this._request("/auth/register", {
-        method: "POST",
-        body: JSON.stringify(payload),
-        methodName: "register"
-      });
-      if (response.success) {
-        if (session) {
-          this._clearPluginSession(session);
-        }
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Registration failed: ${error.message}`, { cause: error });
-    }
+    this._initialized = false;
   }
-  async login(email, password, options = {}) {
-    var _a;
+  // eslint-disable-next-line no-empty-pattern
+  init({}) {
     try {
-      const { payload, session } = this._preparePluginPayload(
-        {
-          email,
-          password
-        },
-        options.session
-      );
-      const response = await this._request("/auth/login", {
-        method: "POST",
-        body: JSON.stringify(payload),
-        methodName: "login"
-      });
-      if (response.success && response.data && response.data.tokens) {
-        const { tokens } = response.data;
-        const tokenData = {
-          access_token: tokens.accessToken,
-          refresh_token: tokens.refreshToken,
-          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
-          token_type: "Bearer"
-        };
-        if (this._tokenManager) {
-          this._tokenManager.setTokens(tokenData);
+      const { authToken, appKey } = this._context || {};
+      this._info = {
+        config: {
+          appKey: appKey ? `${appKey.substr(0, 4)}...${appKey.substr(-4)}` : void 0,
+          // eslint-disable-line no-undefined
+          hasToken: Boolean(authToken)
         }
-      }
-      if (response.success) {
-        if (session) {
-          this._clearPluginSession(session);
-        }
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Login failed: ${error.message}`, { cause: error });
-    }
-  }
-  async logout() {
-    this._requireReady("logout");
-    try {
-      await this._request("/auth/logout", {
-        method: "POST",
-        methodName: "logout"
-      });
-      if (this._tokenManager) {
-        this._tokenManager.clearTokens();
-      }
-    } catch (error) {
-      if (this._tokenManager) {
-        this._tokenManager.clearTokens();
-      }
-      throw new Error(`Logout failed: ${error.message}`, { cause: error });
-    }
-  }
-  async refreshToken(refreshToken) {
-    try {
-      const response = await this._request("/auth/refresh", {
-        method: "POST",
-        body: JSON.stringify({ refreshToken }),
-        methodName: "refreshToken"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
+      };
+      this._initialized = true;
+      this._setReady();
     } catch (error) {
-      throw new Error(`Token refresh failed: ${error.message}`, { cause: error });
-    }
+      this._setError(error);
+      throw error;
+    }
+  }
+  _requiresInit(methodName) {
+    const noInitMethods = /* @__PURE__ */ new Set([
+      "users:login",
+      "users:register",
+      "users:request-password-reset",
+      "users:reset-password",
+      "users:reset-password-confirm",
+      "users:register-confirmation",
+      "users:google-auth",
+      "users:github-auth"
+    ]);
+    return !noInitMethods.has(methodName);
   }
-  async googleAuth(idToken, inviteToken = null, options = {}) {
-    var _a;
-    try {
-      const { payload, session } = this._preparePluginPayload({ idToken }, options.session);
-      if (inviteToken) {
-        payload.inviteToken = inviteToken;
-      }
-      const response = await this._request("/auth/google", {
-        method: "POST",
-        body: JSON.stringify(payload),
-        methodName: "googleAuth"
-      });
-      if (response.success && response.data && response.data.tokens) {
-        const { tokens } = response.data;
-        const tokenData = {
-          access_token: tokens.accessToken,
-          refresh_token: tokens.refreshToken,
-          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
-          token_type: "Bearer"
-        };
-        if (this._tokenManager) {
-          this._tokenManager.setTokens(tokenData);
-        }
-      }
-      if (response.success) {
-        if (session) {
-          this._clearPluginSession(session);
-        }
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Google auth failed: ${error.message}`, { cause: error });
+  _requireReady(methodName) {
+    if (this._requiresInit(methodName) && !this._initialized) {
+      throw new Error("Service not initialized");
     }
   }
-  async githubAuth(code, inviteToken = null, options = {}) {
+  _getBasedService(methodName) {
     var _a;
-    try {
-      const { payload, session } = this._preparePluginPayload({ code }, options.session);
-      if (inviteToken) {
-        payload.inviteToken = inviteToken;
-      }
-      const response = await this._request("/auth/github", {
-        method: "POST",
-        body: JSON.stringify(payload),
-        methodName: "githubAuth"
-      });
-      if (response.success && response.data && response.data.tokens) {
-        const { tokens } = response.data;
-        const tokenData = {
-          access_token: tokens.accessToken,
-          refresh_token: tokens.refreshToken,
-          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
-          token_type: "Bearer"
-        };
-        if (this._tokenManager) {
-          this._tokenManager.setTokens(tokenData);
-        }
-      }
-      if (response.success) {
-        if (session) {
-          this._clearPluginSession(session);
-        }
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`GitHub auth failed: ${error.message}`, { cause: error });
+    const based = (_a = this._context.services) == null ? void 0 : _a.based;
+    if (this._requiresInit(methodName) && !based) {
+      throw new Error("Based service not available");
     }
+    return based._client;
   }
-  async googleAuthCallback(code, redirectUri, inviteToken = null, options = {}) {
-    var _a;
+  async login(identifier, password) {
     try {
-      const { payload: body, session } = this._preparePluginPayload(
-        { code, redirectUri },
-        options.session
-      );
-      if (inviteToken) {
-        body.inviteToken = inviteToken;
-      }
-      const response = await this._request("/auth/google/callback", {
-        method: "POST",
-        body: JSON.stringify(body),
-        methodName: "googleAuthCallback"
+      const based = this._getBasedService("login");
+      const response = await based.call("users:login", { identifier, password });
+      if (this._initialized) {
+        this.updateContext({ authToken: response.token });
+      }
+      based.setAuthState({
+        token: response.token,
+        userId: response.userId,
+        projectRoles: response.projectRoles,
+        globalRole: response.globalRole,
+        persistent: true
       });
-      if (response.success && response.data && response.data.tokens) {
-        const { tokens } = response.data;
-        const tokenData = {
-          access_token: tokens.accessToken,
-          refresh_token: tokens.refreshToken,
-          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
-          token_type: "Bearer"
-        };
-        if (this._tokenManager) {
-          this._tokenManager.setTokens(tokenData);
-        }
-      }
-      if (response.success) {
-        if (session) {
-          this._clearPluginSession(session);
-        }
-        return response.data;
-      }
-      throw new Error(response.message);
+      return response;
     } catch (error) {
-      throw new Error(`Google auth callback failed: ${error.message}`, { cause: error });
+      throw new Error(`Login failed: ${error.message}`);
     }
   }
-  async requestPasswordReset(email) {
+  async register(userData) {
     try {
-      const response = await this._request("/auth/request-password-reset", {
-        method: "POST",
-        body: JSON.stringify({ email }),
-        methodName: "requestPasswordReset"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
+      const based = this._getBasedService("register");
+      return await based.call("users:register", userData);
     } catch (error) {
-      throw new Error(`Password reset request failed: ${error.message}`, { cause: error });
+      throw new Error(`Registration failed: ${error.message}`);
     }
   }
-  async confirmPasswordReset(token, password) {
+  async googleAuth(idToken) {
     try {
-      const response = await this._request("/auth/reset-password-confirm", {
-        method: "POST",
-        body: JSON.stringify({ token, password }),
-        methodName: "confirmPasswordReset"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
+      const based = this._getBasedService("googleAuth");
+      return await based.call("users:google-auth", { idToken });
     } catch (error) {
-      throw new Error(`Password reset confirmation failed: ${error.message}`, { cause: error });
+      throw new Error(`Google auth failed: ${error.message}`);
     }
   }
-  async confirmRegistration(token) {
+  async githubAuth(code) {
     try {
-      const response = await this._request("/auth/register-confirmation", {
-        method: "POST",
-        body: JSON.stringify({ token }),
-        methodName: "confirmRegistration"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
+      const based = this._getBasedService("githubAuth");
+      return await based.call("users:github-auth", { code });
     } catch (error) {
-      throw new Error(`Registration confirmation failed: ${error.message}`, { cause: error });
+      throw new Error(`GitHub auth failed: ${error.message}`);
     }
   }
-  async requestPasswordChange() {
-    this._requireReady("requestPasswordChange");
-    try {
-      const response = await this._request("/auth/request-password-change", {
-        method: "POST",
-        methodName: "requestPasswordChange"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Password change request failed: ${error.message}`, { cause: error });
-    }
-  }
-  async confirmPasswordChange(currentPassword, newPassword, code) {
-    this._requireReady("confirmPasswordChange");
-    try {
-      const response = await this._request("/auth/confirm-password-change", {
-        method: "POST",
-        body: JSON.stringify({ currentPassword, newPassword, code }),
-        methodName: "confirmPasswordChange"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Password change confirmation failed: ${error.message}`, { cause: error });
-    }
-  }
-  async getMe(options = {}) {
-    this._requireReady("getMe");
-    try {
-      const session = this._resolvePluginSession(options.session);
-      const endpoint = session ? `/auth/me?session=${encodeURIComponent(session)}` : "/auth/me";
-      const response = await this._request(endpoint, {
-        method: "GET",
-        methodName: "getMe"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Failed to get user profile: ${error.message}`, { cause: error });
-    }
-  }
-  getAuthToken() {
-    if (!this._tokenManager) {
-      return null;
-    }
-    return this._tokenManager.getAccessToken();
-  }
-  /**
-   * Get stored authentication state (backward compatibility method)
-   * Replaces AuthService.getStoredAuthState()
-   */
-  async getStoredAuthState() {
-    try {
-      if (!this._tokenManager) {
-        return {
-          userId: false,
-          authToken: false
-        };
-      }
-      const tokenStatus = this._tokenManager.getTokenStatus();
-      if (!tokenStatus.hasTokens) {
-        return {
-          userId: false,
-          authToken: false
-        };
-      }
-      if (!tokenStatus.isValid && tokenStatus.hasRefreshToken) {
-        try {
-          await this._tokenManager.ensureValidToken();
-        } catch (error) {
-          console.warn("[AuthService] Token refresh failed:", error.message);
-          if (error.message.includes("401") || error.message.includes("403") || error.message.includes("invalid") || error.message.includes("expired")) {
-            this._tokenManager.clearTokens();
-            return {
-              userId: false,
-              authToken: false,
-              error: `Authentication failed: ${error.message}`
-            };
-          }
-          return {
-            userId: false,
-            authToken: this._tokenManager.getAccessToken(),
-            error: `Network error during token refresh: ${error.message}`,
-            hasTokens: true
-          };
-        }
-      }
-      const currentAccessToken = this._tokenManager.getAccessToken();
-      if (!currentAccessToken) {
-        return {
-          userId: false,
-          authToken: false
-        };
-      }
-      try {
-        const currentUser = await this.getMe();
-        return {
-          userId: currentUser.user.id,
-          authToken: currentAccessToken,
-          ...currentUser,
-          error: null
-        };
-      } catch (error) {
-        console.warn("[AuthService] Failed to get user data:", error.message);
-        if (error.message.includes("401") || error.message.includes("403")) {
-          this._tokenManager.clearTokens();
-          return {
-            userId: false,
-            authToken: false,
-            error: `Authentication failed: ${error.message}`
-          };
-        }
-        return {
-          userId: false,
-          authToken: currentAccessToken,
-          error: `Failed to get user data: ${error.message}`,
-          hasTokens: true
-        };
-      }
-    } catch (error) {
-      console.error(
-        "[AuthService] Unexpected error in getStoredAuthState:",
-        error
-      );
-      return {
-        userId: false,
-        authToken: false,
-        error: `Failed to get stored auth state: ${error.message}`
-      };
-    }
-  }
-  // ==================== USER METHODS ====================
-  async getUserProfile() {
-    this._requireReady("getUserProfile");
-    try {
-      const response = await this._request("/users/profile", {
-        method: "GET",
-        methodName: "getUserProfile"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Failed to get user profile: ${error.message}`, { cause: error });
-    }
-  }
-  async updateUserProfile(profileData) {
-    this._requireReady("updateUserProfile");
-    try {
-      const response = await this._request("/users/profile", {
-        method: "PATCH",
-        body: JSON.stringify(profileData),
-        methodName: "updateUserProfile"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Failed to update user profile: ${error.message}`, { cause: error });
-    }
-  }
-  async getUserProjects() {
-    this._requireReady("getUserProjects");
+  async logout() {
+    this._requireReady("logout");
     try {
-      const response = await this._request("/users/projects", {
-        method: "GET",
-        methodName: "getUserProjects"
-      });
-      if (response.success) {
-        return response.data.map((project) => ({
-          ...project,
-          ...project.icon && {
-            icon: {
-              src: `${this._apiUrl}/core/files/public/${project.icon.id}/download`,
-              ...project.icon
-            }
-          }
-        }));
-      }
-      throw new Error(response.message);
+      const based = this._getBasedService("logout");
+      await based.call("logout");
+      this.updateContext({ authToken: null });
     } catch (error) {
-      throw new Error(`Failed to get user projects: ${error.message}`, { cause: error });
+      throw new Error(`Logout failed: ${error.message}`);
     }
   }
-  async getUser(userId) {
-    this._requireReady("getUser");
+  async updateUserRole(userId, newRole) {
+    this._requireReady("updateUserRole");
     if (!userId) {
       throw new Error("User ID is required");
     }
-    try {
-      const response = await this._request(`/users/${userId}`, {
-        method: "GET",
-        methodName: "getUser"
-      });
-      if (response.success) {
-        return response.data;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      throw new Error(`Failed to get user: ${error.message}`, { cause: error });
-    }
-  }
-  async getUserByEmail(email) {
-    this._requireReady("getUserByEmail");
-    if (!email) {
-      throw new Error("Email is required");
+    if (!this._userRoles.has(newRole)) {
+      throw new Error(`Invalid role: ${newRole}`);
     }
     try {
-      const response = await this._request(`/auth/user?email=${email}`, {
-        method: "GET",
-        methodName: "getUserByEmail"
-      });
-      if (response.success) {
-        return response.data.user;
-      }
-      throw new Error(response.message);
+      const based = this._getBasedService("updateUserRole");
+      return await based.call("users:update-role", { userId, role: newRole });
     } catch (error) {
-      throw new Error(`Failed to get user by email: ${error.message}`, { cause: error });
+      throw new Error(`Failed to update user role: ${error.message}`);
     }
   }
-  // ==================== PROJECT ROLE METHODS ====================
-  /**
-   * Get the current user's role for a specific project by project ID
-   * Uses caching to avoid repeated API calls
-   */
-  async getMyProjectRole(projectId) {
-    this._requireReady("getMyProjectRole");
+  async updateProjectTier(projectId, newTier) {
+    this._requireReady("updateProjectTier");
     if (!projectId) {
       throw new Error("Project ID is required");
     }
-    if (!this.hasValidTokens()) {
-      return "guest";
-    }
-    const cacheKey = `role_${projectId}`;
-    const cached = this._projectRoleCache.get(cacheKey);
-    if (cached && Date.now() - cached.timestamp < this._roleCacheExpiry) {
-      return cached.role;
-    }
-    try {
-      const response = await this._request(`/projects/${projectId}/role`, {
-        method: "GET",
-        methodName: "getMyProjectRole"
-      });
-      if (response.success) {
-        const { role } = response.data;
-        this._projectRoleCache.set(cacheKey, {
-          role,
-          timestamp: Date.now()
-        });
-        return role;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      const message = (error == null ? void 0 : error.message) || "";
-      if (/401|403|unauthorized|no token|invalid token/iu.test(message)) {
-        return "guest";
-      }
-      throw new Error(`Failed to get project role: ${message}`, { cause: error });
-    }
-  }
-  /**
-   * Get the current user's role for a specific project by project key
-   * Uses caching to avoid repeated API calls
-   */
-  async getMyProjectRoleByKey(projectKey) {
-    this._requireReady("getMyProjectRoleByKey");
-    if (!projectKey) {
-      throw new Error("Project key is required");
-    }
-    if (!this.hasValidTokens()) {
-      return "guest";
-    }
-    const cacheKey = `role_key_${projectKey}`;
-    const cached = this._projectRoleCache.get(cacheKey);
-    if (cached && Date.now() - cached.timestamp < this._roleCacheExpiry) {
-      return cached.role;
+    if (!this._projectTiers.has(newTier)) {
+      throw new Error(`Invalid project tier: ${newTier}`);
     }
     try {
-      const response = await this._request(`/projects/key/${projectKey}/role`, {
-        method: "GET",
-        methodName: "getMyProjectRoleByKey"
+      const based = this._getBasedService("updateProjectTier");
+      return await based.call("projects:update-tier", {
+        projectId,
+        tier: newTier
       });
-      if (response.success) {
-        const { role } = response.data;
-        this._projectRoleCache.set(cacheKey, {
-          role,
-          timestamp: Date.now()
-        });
-        return role;
-      }
-      throw new Error(response.message);
-    } catch (error) {
-      const message = (error == null ? void 0 : error.message) || "";
-      if (/401|403|unauthorized|no token|invalid token/iu.test(message)) {
-        return "guest";
-      }
-      throw new Error(`Failed to get project role by key: ${message}`, { cause: error });
-    }
-  }
-  /**
-   * Clear the project role cache for a specific project or all projects
-   */
-  clearProjectRoleCache(projectId = null) {
-    if (projectId) {
-      this._projectRoleCache.delete(`role_${projectId}`);
-      for (const [key] of this._projectRoleCache) {
-        if (key.startsWith("role_key_")) {
-          this._projectRoleCache.delete(key);
-        }
-      }
-    } else {
-      this._projectRoleCache.clear();
-    }
-  }
-  /**
-   * Get project role with fallback to user projects list
-   * This method tries to get the role from user projects first,
-   * then falls back to API call if not found
-   */
-  async getProjectRoleWithFallback(projectId, userProjects = null) {
-    this._requireReady("getProjectRoleWithFallback");
-    if (!projectId) {
-      throw new Error("Project ID is required");
-    }
-    if (userProjects && Array.isArray(userProjects)) {
-      const userProject = userProjects.find((p) => p.id === projectId);
-      if (userProject && userProject.role) {
-        return userProject.role;
-      }
-    }
-    return await this.getMyProjectRole(projectId);
-  }
-  /**
-   * Get project role with fallback to user projects list (by project key)
-   * This method tries to get the role from user projects first,
-   * then falls back to API call if not found
-   */
-  async getProjectRoleByKeyWithFallback(projectKey, userProjects = null) {
-    this._requireReady("getProjectRoleByKeyWithFallback");
-    if (!projectKey) {
-      throw new Error("Project key is required");
-    }
-    if (userProjects && Array.isArray(userProjects)) {
-      const userProject = userProjects.find((p) => p.key === projectKey);
-      if (userProject && userProject.role) {
-        return userProject.role;
-      }
-    }
-    return await this.getMyProjectRoleByKey(projectKey);
-  }
-  // ==================== AUTH HELPER METHODS ====================
-  /**
-   * Debug method to check token status
-   */
-  getTokenDebugInfo() {
-    if (!this._tokenManager) {
-      return {
-        tokenManagerExists: false,
-        error: "TokenManager not initialized"
-      };
-    }
-    const tokenStatus = this._tokenManager.getTokenStatus();
-    const { tokens } = this._tokenManager;
-    return {
-      tokenManagerExists: true,
-      tokenStatus,
-      hasAccessToken: Boolean(tokens.accessToken),
-      hasRefreshToken: Boolean(tokens.refreshToken),
-      accessTokenPreview: tokens.accessToken ? `${tokens.accessToken.substring(0, 20)}...` : null,
-      expiresAt: tokens.expiresAt,
-      timeToExpiry: tokenStatus.timeToExpiry,
-      authHeader: this._tokenManager.getAuthHeader()
-    };
-  }
-  /**
-   * Helper method to check if user is authenticated
-   */
-  isAuthenticated() {
-    if (!this._tokenManager) {
-      return false;
-    }
-    return this._tokenManager.hasTokens();
-  }
-  /**
-   * Helper method to check if user has valid tokens
-   */
-  hasValidTokens() {
-    if (!this._tokenManager) {
-      return false;
-    }
-    return this._tokenManager.hasTokens() && this._tokenManager.isAccessTokenValid();
-  }
-  /**
-   * Helper method to get current user info
-   */
-  async getCurrentUser() {
-    try {
-      return await this.getMe();
     } catch (error) {
-      throw new Error(`Failed to get current user: ${error.message}`, { cause: error });
-    }
-  }
-  /**
-   * Helper method to validate user data for registration
-   */
-  validateRegistrationData(userData) {
-    const errors = [];
-    if (!userData.email || typeof userData.email !== "string") {
-      errors.push("Email is required and must be a string");
-    } else if (!this._isValidEmail(userData.email)) {
-      errors.push("Email must be a valid email address");
-    }
-    if (!userData.password || typeof userData.password !== "string") {
-      errors.push("Password is required and must be a string");
-    } else if (userData.password.length < 8) {
-      errors.push("Password must be at least 8 characters long");
-    }
-    if (userData.username && typeof userData.username !== "string") {
-      errors.push("Username must be a string");
-    } else if (userData.username && userData.username.length < 3) {
-      errors.push("Username must be at least 3 characters long");
+      throw new Error(`Failed to update project tier: ${error.message}`);
     }
-    return {
-      isValid: errors.length === 0,
-      errors
-    };
-  }
-  /**
-   * Helper method to register with validation
-   */
-  async registerWithValidation(userData, options = {}) {
-    const validation = this.validateRegistrationData(userData);
-    if (!validation.isValid) {
-      throw new Error(`Validation failed: ${validation.errors.join(", ")}`);
-    }
-    return await this.register(userData, options);
-  }
-  /**
-   * Helper method to login with validation
-   */
-  async loginWithValidation(email, password, options = {}) {
-    if (!email || typeof email !== "string") {
-      throw new Error("Email is required and must be a string");
-    }
-    if (!password || typeof password !== "string") {
-      throw new Error("Password is required and must be a string");
-    }
-    if (!this._isValidEmail(email)) {
-      throw new Error("Email must be a valid email address");
-    }
-    return await this.login(email, password, options);
-  }
-  /**
-   * Private helper to validate email format
-   */
-  _isValidEmail(email) {
-    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/u;
-    return emailRegex.test(email);
   }
-  // ==================== PERMISSION METHODS (Existing) ====================
   hasPermission(requiredPermission) {
     var _a;
     const authState = (_a = this._context) == null ? void 0 : _a.state;
@@ -788,17 +196,23 @@ class AuthService extends BaseService {
     if (!operationConfig) {
       return false;
     }
+    if (!operationConfig) {
+      return false;
+    }
     const { permissions = [], features = [] } = operationConfig;
     try {
       const permissionResults = await Promise.all(
         permissions.map(
-          (permission) => this.checkProjectPermission(projectId, permission)
+          (permission) => this.hasProjectPermission(projectId, permission)
         )
       );
       const hasPermissions = requireAll ? permissionResults.every(Boolean) : permissionResults.some(Boolean);
       if (!hasPermissions) {
         return false;
       }
+      if (!hasPermissions) {
+        return false;
+      }
       if (checkFeatures && features.length > 0) {
         const featureResults = features.map((feature) => {
           const result = this.hasProjectFeature(projectId, feature);
@@ -808,6 +222,9 @@ class AuthService extends BaseService {
         if (!hasFeatures) {
           return false;
         }
+        if (!hasFeatures) {
+          return false;
+        }
       }
       return true;
     } catch (error) {
@@ -829,92 +246,202 @@ class AuthService extends BaseService {
     }
     return action();
   }
-  // Cleanup
-  destroy() {
-    if (this._tokenManager) {
-      this._tokenManager.destroy();
-      this._tokenManager = null;
-    }
-    this._projectRoleCache.clear();
-    this._setReady(false);
+  // Project access information
+  async getProjectAccess(projectId) {
+    this._requireReady();
+    if (!projectId) {
+      throw new Error("Project ID is required");
+    }
+    const operations = Object.keys(PERMISSION_MAP);
+    const access = await Promise.all(
+      operations.map(async (operation) => {
+        const allowed = await this.canPerformOperation(projectId, operation);
+        const config = PERMISSION_MAP[operation];
+        return {
+          operation,
+          allowed,
+          permissions: config.permissions,
+          features: config.features,
+          aiTokens: operation.startsWith("ai") ? this._getAITokens(projectId, operation.replace("ai", "")) : null
+        };
+      })
+    );
+    return {
+      projectId,
+      permissions: access.reduce(
+        (acc, { operation, ...details }) => ({
+          ...acc,
+          [operation]: details
+        }),
+        {}
+      ),
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
   }
-  _preparePluginPayload(payload, sessionOverride = null) {
-    const target = payload && typeof payload === "object" ? { ...payload } : {};
-    const session = this._resolvePluginSession(sessionOverride);
-    if (session && !Object.hasOwn(target, "session")) {
-      target.session = session;
-      return { payload: target, session };
-    }
-    return { payload: target, session: null };
+  // AI token management
+  _getAITokens(projectId, featureType) {
+    const tokenFeatures = [
+      `ai${featureType}:3`,
+      `ai${featureType}:5`,
+      `ai${featureType}:15`
+    ];
+    return tokenFeatures.reduce((total, feature) => {
+      const tokens = this.hasProjectFeature(projectId, feature);
+      return total + (typeof tokens === "number" ? tokens : 0);
+    }, 0);
+  }
+  async getProjectMembers(projectId) {
+    this._requireReady("getProjectMembers");
+    if (!projectId) {
+      throw new Error("Project ID is required");
+    }
+    try {
+      const based = this._getBasedService("getProjectMembers");
+      return await based.call("projects:get-members", { projectId });
+    } catch (error) {
+      throw new Error(`Failed to get project members: ${error.message}`);
+    }
   }
-  _resolvePluginSession(sessionOverride = null) {
-    var _a, _b;
-    if (sessionOverride) {
-      return this._cachePluginSession(sessionOverride);
+  async inviteMember(projectId, email, role, name, callbackUrl) {
+    this._requireReady("inviteMember");
+    if (!projectId) {
+      throw new Error("Project ID is required");
     }
-    if (this._pluginSession) {
-      return this._pluginSession;
+    if (!email) {
+      throw new Error("Email is required");
     }
-    const optionSession = (_a = this._options) == null ? void 0 : _a.pluginSession;
-    if (optionSession) {
-      return this._cachePluginSession(optionSession);
+    if (!callbackUrl || Object.keys(callbackUrl).length === 0) {
+      throw new Error("Callback Url is required");
     }
-    const contextSession = (_b = this._context) == null ? void 0 : _b.pluginSession;
-    if (contextSession) {
-      return this._cachePluginSession(contextSession);
+    if (!role || !this._userRoles.has(role)) {
+      throw new Error(`Invalid role: ${role}`);
     }
-    if (typeof window !== "undefined") {
-      try {
-        const sessionFromUrl = new URL(window.location.href).searchParams.get("session");
-        if (sessionFromUrl) {
-          return this._cachePluginSession(sessionFromUrl);
-        }
-      } catch {
-      }
-      try {
-        if (window.localStorage) {
-          const stored = window.localStorage.getItem(PLUGIN_SESSION_STORAGE_KEY);
-          if (stored) {
-            this._pluginSession = stored;
-            return stored;
-          }
-        }
-      } catch {
-      }
+    try {
+      const based = this._getBasedService("inviteMember");
+      return await based.call("projects:invite-member", {
+        projectId,
+        email,
+        role,
+        name,
+        callbackUrl
+      });
+    } catch (error) {
+      throw new Error(`Failed to invite member: ${error.message}`);
     }
-    return null;
   }
-  _cachePluginSession(session) {
-    if (!session) {
-      return null;
-    }
-    this._pluginSession = session;
-    if (typeof window !== "undefined") {
-      try {
-        if (window.localStorage) {
-          window.localStorage.setItem(PLUGIN_SESSION_STORAGE_KEY, session);
-        }
-      } catch {
-      }
+  async acceptInvite(token) {
+    this._requireReady("acceptInvite");
+    try {
+      const based = this._getBasedService("acceptInvite");
+      return await based.call("projects:accept-invite", { token });
+    } catch (error) {
+      throw new Error(`Failed to accept invite: ${error.message}`);
     }
-    return session;
   }
-  setPluginSession(session) {
-    this._cachePluginSession(session);
+  async updateMemberRole(projectId, userId, role) {
+    this._requireReady("updateMemberRole");
+    if (!projectId) {
+      throw new Error("Project ID is required");
+    }
+    if (!userId) {
+      throw new Error("User ID is required");
+    }
+    if (!this._userRoles.has(role)) {
+      throw new Error(`Invalid role: ${role}`);
+    }
+    try {
+      const based = this._getBasedService("updateMemberRole");
+      return await based.call("projects:update-member-role", {
+        projectId,
+        userId,
+        role
+      });
+    } catch (error) {
+      throw new Error(`Failed to update member role: ${error.message}`);
+    }
   }
-  _clearPluginSession(session = null) {
-    if (!session || this._pluginSession === session) {
-      this._pluginSession = null;
-    }
-    if (typeof window !== "undefined") {
-      try {
-        if (window.localStorage) {
-          window.localStorage.removeItem(PLUGIN_SESSION_STORAGE_KEY);
-        }
-      } catch {
+  async removeMember(projectId, userId) {
+    this._requireReady("removeMember");
+    if (!projectId || !userId) {
+      throw new Error("Project ID and user ID are required");
+    }
+    try {
+      const based = this._getBasedService("removeMember");
+      return await based.call("projects:remove-member", { projectId, userId });
+    } catch (error) {
+      throw new Error(`Failed to remove member: ${error.message}`);
+    }
+  }
+  async confirmRegistration(token) {
+    try {
+      const based = this._getBasedService("confirmRegistration");
+      return await based.call("users:register-confirmation", { token });
+    } catch (error) {
+      throw new Error(`Registration confirmation failed: ${error.message}`);
+    }
+  }
+  async requestPasswordReset(email, callbackUrl) {
+    try {
+      const based = this._getBasedService("requestPasswordReset");
+      return await based.call("users:reset-password", { email, callbackUrl });
+    } catch (error) {
+      throw new Error(`Password reset request failed: ${error.message}`);
+    }
+  }
+  async confirmPasswordReset(token, newPassword) {
+    try {
+      const based = this._getBasedService("confirmPasswordReset");
+      return await based.call("users:reset-password-confirm", {
+        token,
+        newPassword
+      });
+    } catch (error) {
+      throw new Error(`Password reset confirmation failed: ${error.message}`);
+    }
+  }
+  async getStoredAuthState() {
+    try {
+      const based = this._getBasedService("getStoredAuthState");
+      const { authState } = based;
+      if (authState == null ? void 0 : authState.token) {
+        return {
+          userId: authState.userId,
+          authToken: authState.token,
+          projectRoles: authState.projectRoles,
+          globalRole: authState.globalRole,
+          error: null
+        };
       }
+      return {
+        userId: false,
+        authToken: false
+      };
+    } catch (error) {
+      this._setError(error);
+      return {
+        userId: false,
+        authToken: false,
+        error: `Failed to get stored auth state: ${error.message}`
+      };
     }
   }
+  async subscribeToAuthChanges(callback) {
+    const based = this._getBasedService("subscribeToAuthChanges");
+    based.on("authstate-change", async (authState) => {
+      const formattedState = (authState == null ? void 0 : authState.token) ? {
+        userId: authState.userId,
+        authToken: authState.token,
+        projectRoles: authState.projectRoles,
+        globalRole: authState.globalRole,
+        error: null
+      } : {
+        userId: false,
+        authToken: false
+      };
+      await callback(formattedState);
+    });
+    return () => based.off("authstate-change");
+  }
 }
 export {
   AuthService