@symbo.ls/sdk 3.2.3 → 3.2.7

package/dist/node/services/AuthService.js

@@ -1,191 +1,745 @@
 import { BaseService } from "./BaseService.js";
 import {
-  PERMISSION_MAP,
   ROLE_PERMISSIONS,
   TIER_FEATURES,
   PROJECT_ROLE_PERMISSIONS
 } from "../utils/permission.js";
+const PLUGIN_SESSION_STORAGE_KEY = "plugin_auth_session";
 class AuthService extends BaseService {
   constructor(config) {
+    var _a, _b;
     super(config);
     this._userRoles = /* @__PURE__ */ new Set(["guest", "editor", "admin", "owner"]);
     this._projectTiers = /* @__PURE__ */ new Set([
       "ready",
-      "free",
+      "starter",
       "pro1",
       "pro2",
       "enterprise"
     ]);
-    this._initialized = false;
+    this._projectRoleCache = /* @__PURE__ */ new Map();
+    this._roleCacheExpiry = 5 * 60 * 1e3;
+    this._pluginSession = null;
+    this._resolvePluginSession(
+      (config == null ? void 0 : config.session) || (config == null ? void 0 : config.pluginSession) || ((_a = config == null ? void 0 : config.options) == null ? void 0 : _a.pluginSession) || ((_b = config == null ? void 0 : config.context) == null ? void 0 : _b.pluginSession) || null
+    );
   }
-  // eslint-disable-next-line no-empty-pattern
-  init({}) {
+  // Use BaseService.init/_request/_requireReady implementations
+  // ==================== AUTH METHODS ====================
+  async register(userData, options = {}) {
     try {
-      const { authToken, appKey } = this._context || {};
-      this._info = {
-        config: {
-          appKey: appKey ? `${appKey.substr(0, 4)}...${appKey.substr(-4)}` : void 0,
-          // eslint-disable-line no-undefined
-          hasToken: Boolean(authToken)
+      const { payload, session } = this._preparePluginPayload(
+        { ...userData || {} },
+        options.session
+      );
+      const response = await this._request("/auth/register", {
+        method: "POST",
+        body: JSON.stringify(payload),
+        methodName: "register"
+      });
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
         }
-      };
-      this._initialized = true;
-      this._setReady();
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      this._setError(error);
-      throw error;
-    }
-  }
-  _requiresInit(methodName) {
-    const noInitMethods = /* @__PURE__ */ new Set([
-      "users:login",
-      "users:register",
-      "users:request-password-reset",
-      "users:reset-password",
-      "users:reset-password-confirm",
-      "users:register-confirmation",
-      "users:google-auth",
-      "users:github-auth"
-    ]);
-    return !noInitMethods.has(methodName);
+      throw new Error(`Registration failed: ${error.message}`, { cause: error });
+    }
   }
-  _requireReady(methodName) {
-    if (this._requiresInit(methodName) && !this._initialized) {
-      throw new Error("Service not initialized");
+  async login(email, password, options = {}) {
+    var _a;
+    try {
+      const { payload, session } = this._preparePluginPayload(
+        {
+          email,
+          password
+        },
+        options.session
+      );
+      const response = await this._request("/auth/login", {
+        method: "POST",
+        body: JSON.stringify(payload),
+        methodName: "login"
+      });
+      if (response.success && response.data && response.data.tokens) {
+        const { tokens } = response.data;
+        const tokenData = {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+          token_type: "Bearer"
+        };
+        if (this._tokenManager) {
+          this._tokenManager.setTokens(tokenData);
+        }
+      }
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
+        }
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Login failed: ${error.message}`, { cause: error });
     }
   }
-  _getBasedService(methodName) {
+  async logout() {
+    this._requireReady("logout");
+    try {
+      await this._request("/auth/logout", {
+        method: "POST",
+        methodName: "logout"
+      });
+      if (this._tokenManager) {
+        this._tokenManager.clearTokens();
+      }
+    } catch (error) {
+      if (this._tokenManager) {
+        this._tokenManager.clearTokens();
+      }
+      throw new Error(`Logout failed: ${error.message}`, { cause: error });
+    }
+  }
+  async refreshToken(refreshToken) {
+    try {
+      const response = await this._request("/auth/refresh", {
+        method: "POST",
+        body: JSON.stringify({ refreshToken }),
+        methodName: "refreshToken"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Token refresh failed: ${error.message}`, { cause: error });
+    }
+  }
+  async googleAuth(idToken, inviteToken = null, options = {}) {
     var _a;
-    const based = (_a = this._context.services) == null ? void 0 : _a.based;
-    if (this._requiresInit(methodName) && !based) {
-      throw new Error("Based service not available");
+    try {
+      const { payload, session } = this._preparePluginPayload({ idToken }, options.session);
+      if (inviteToken) {
+        payload.inviteToken = inviteToken;
+      }
+      const response = await this._request("/auth/google", {
+        method: "POST",
+        body: JSON.stringify(payload),
+        methodName: "googleAuth"
+      });
+      if (response.success && response.data && response.data.tokens) {
+        const { tokens } = response.data;
+        const tokenData = {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+          token_type: "Bearer"
+        };
+        if (this._tokenManager) {
+          this._tokenManager.setTokens(tokenData);
+        }
+      }
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
+        }
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Google auth failed: ${error.message}`, { cause: error });
     }
-    return based._client;
   }
-  async login(identifier, password) {
+  async githubAuth(code, inviteToken = null, options = {}) {
+    var _a;
     try {
-      const based = this._getBasedService("login");
-      const response = await based.call("users:login", { identifier, password });
-      if (this._initialized) {
-        this.updateContext({ authToken: response.token });
-      }
-      based.setAuthState({
-        token: response.token,
-        userId: response.userId,
-        projectRoles: response.projectRoles,
-        globalRole: response.globalRole,
-        persistent: true
+      const { payload, session } = this._preparePluginPayload({ code }, options.session);
+      if (inviteToken) {
+        payload.inviteToken = inviteToken;
+      }
+      const response = await this._request("/auth/github", {
+        method: "POST",
+        body: JSON.stringify(payload),
+        methodName: "githubAuth"
       });
-      return response;
+      if (response.success && response.data && response.data.tokens) {
+        const { tokens } = response.data;
+        const tokenData = {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+          token_type: "Bearer"
+        };
+        if (this._tokenManager) {
+          this._tokenManager.setTokens(tokenData);
+        }
+      }
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
+        }
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Login failed: ${error.message}`);
+      throw new Error(`GitHub auth failed: ${error.message}`, { cause: error });
     }
   }
-  async register(userData) {
+  async googleAuthCallback(code, redirectUri, inviteToken = null, options = {}) {
+    var _a;
     try {
-      const based = this._getBasedService("register");
-      return await based.call("users:register", userData);
+      const { payload: body, session } = this._preparePluginPayload(
+        { code, redirectUri },
+        options.session
+      );
+      if (inviteToken) {
+        body.inviteToken = inviteToken;
+      }
+      const response = await this._request("/auth/google/callback", {
+        method: "POST",
+        body: JSON.stringify(body),
+        methodName: "googleAuthCallback"
+      });
+      if (response.success && response.data && response.data.tokens) {
+        const { tokens } = response.data;
+        const tokenData = {
+          access_token: tokens.accessToken,
+          refresh_token: tokens.refreshToken,
+          expires_in: (_a = tokens.accessTokenExp) == null ? void 0 : _a.expiresIn,
+          token_type: "Bearer"
+        };
+        if (this._tokenManager) {
+          this._tokenManager.setTokens(tokenData);
+        }
+      }
+      if (response.success) {
+        if (session) {
+          this._clearPluginSession(session);
+        }
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Registration failed: ${error.message}`);
+      throw new Error(`Google auth callback failed: ${error.message}`, { cause: error });
     }
   }
-  async googleAuth(idToken) {
+  async requestPasswordReset(email) {
     try {
-      const based = this._getBasedService("googleAuth");
-      const response = await based.call("users:google-auth", { idToken });
-      if (this._initialized) {
-        this.updateContext({ authToken: response.token });
-      }
-      based.setAuthState({
-        token: response.token,
-        userId: response.userId,
-        persistent: true
+      const response = await this._request("/auth/request-password-reset", {
+        method: "POST",
+        body: JSON.stringify({ email }),
+        methodName: "requestPasswordReset"
       });
-      return response;
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Google auth failed: ${error.message}`);
+      throw new Error(`Password reset request failed: ${error.message}`, { cause: error });
     }
   }
-  async googleAuthCallback(code, redirectUri) {
+  async confirmPasswordReset(token, password) {
     try {
-      const based = this._getBasedService("googleAuthCallback");
-      const response = await based.call("users:google-auth-callback", {
-        code,
-        redirectUri
+      const response = await this._request("/auth/reset-password-confirm", {
+        method: "POST",
+        body: JSON.stringify({ token, password }),
+        methodName: "confirmPasswordReset"
       });
-      if (this._initialized) {
-        this.updateContext({ authToken: response.token });
+      if (response.success) {
+        return response.data;
       }
-      based.setAuthState({
-        token: response.token,
-        userId: response.userId,
-        persistent: true
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Password reset confirmation failed: ${error.message}`, { cause: error });
+    }
+  }
+  async confirmRegistration(token) {
+    try {
+      const response = await this._request("/auth/register-confirmation", {
+        method: "POST",
+        body: JSON.stringify({ token }),
+        methodName: "confirmRegistration"
       });
-      return response;
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Google auth callback failed: ${error.message}`);
+      throw new Error(`Registration confirmation failed: ${error.message}`, { cause: error });
     }
   }
-  async githubAuth(code) {
+  async requestPasswordChange() {
+    this._requireReady("requestPasswordChange");
     try {
-      const based = this._getBasedService("githubAuth");
-      const response = await based.call("users:github-auth", { code });
-      if (this._initialized) {
-        this.updateContext({ authToken: response.token });
-      }
-      based.setAuthState({
-        token: response.token,
-        userId: response.userId,
-        persistent: true
+      const response = await this._request("/auth/request-password-change", {
+        method: "POST",
+        methodName: "requestPasswordChange"
       });
-      return response;
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`GitHub auth failed: ${error.message}`);
+      throw new Error(`Password change request failed: ${error.message}`, { cause: error });
     }
   }
-  async logout() {
-    this._requireReady("logout");
+  async confirmPasswordChange(currentPassword, newPassword, code) {
+    this._requireReady("confirmPasswordChange");
     try {
-      const based = this._getBasedService("logout");
-      await based.call("users:logout");
-      this.updateContext({ authToken: null });
+      const response = await this._request("/auth/confirm-password-change", {
+        method: "POST",
+        body: JSON.stringify({ currentPassword, newPassword, code }),
+        methodName: "confirmPasswordChange"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Logout failed: ${error.message}`);
+      throw new Error(`Password change confirmation failed: ${error.message}`, { cause: error });
+    }
+  }
+  async getMe(options = {}) {
+    this._requireReady("getMe");
+    try {
+      const session = this._resolvePluginSession(options.session);
+      const endpoint = session ? `/auth/me?session=${encodeURIComponent(session)}` : "/auth/me";
+      const response = await this._request(endpoint, {
+        method: "GET",
+        methodName: "getMe"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Failed to get user profile: ${error.message}`, { cause: error });
+    }
+  }
+  getAuthToken() {
+    if (!this._tokenManager) {
+      return null;
     }
+    return this._tokenManager.getAccessToken();
   }
-  async updateUserRole(userId, newRole) {
-    this._requireReady("updateUserRole");
+  /**
+   * Get stored authentication state (backward compatibility method)
+   * Replaces AuthService.getStoredAuthState()
+   */
+  async getStoredAuthState() {
+    try {
+      if (!this._tokenManager) {
+        return {
+          userId: false,
+          authToken: false
+        };
+      }
+      const tokenStatus = this._tokenManager.getTokenStatus();
+      if (!tokenStatus.hasTokens) {
+        return {
+          userId: false,
+          authToken: false
+        };
+      }
+      if (!tokenStatus.isValid && tokenStatus.hasRefreshToken) {
+        try {
+          await this._tokenManager.ensureValidToken();
+        } catch (error) {
+          console.warn("[AuthService] Token refresh failed:", error.message);
+          if (error.message.includes("401") || error.message.includes("403") || error.message.includes("invalid") || error.message.includes("expired")) {
+            this._tokenManager.clearTokens();
+            return {
+              userId: false,
+              authToken: false,
+              error: `Authentication failed: ${error.message}`
+            };
+          }
+          return {
+            userId: false,
+            authToken: this._tokenManager.getAccessToken(),
+            error: `Network error during token refresh: ${error.message}`,
+            hasTokens: true
+          };
+        }
+      }
+      const currentAccessToken = this._tokenManager.getAccessToken();
+      if (!currentAccessToken) {
+        return {
+          userId: false,
+          authToken: false
+        };
+      }
+      try {
+        const currentUser = await this.getMe();
+        return {
+          userId: currentUser.user.id,
+          authToken: currentAccessToken,
+          ...currentUser,
+          error: null
+        };
+      } catch (error) {
+        console.warn("[AuthService] Failed to get user data:", error.message);
+        if (error.message.includes("401") || error.message.includes("403")) {
+          this._tokenManager.clearTokens();
+          return {
+            userId: false,
+            authToken: false,
+            error: `Authentication failed: ${error.message}`
+          };
+        }
+        return {
+          userId: false,
+          authToken: currentAccessToken,
+          error: `Failed to get user data: ${error.message}`,
+          hasTokens: true
+        };
+      }
+    } catch (error) {
+      console.error(
+        "[AuthService] Unexpected error in getStoredAuthState:",
+        error
+      );
+      return {
+        userId: false,
+        authToken: false,
+        error: `Failed to get stored auth state: ${error.message}`
+      };
+    }
+  }
+  // ==================== USER METHODS ====================
+  async getUserProfile() {
+    this._requireReady("getUserProfile");
+    try {
+      const response = await this._request("/users/profile", {
+        method: "GET",
+        methodName: "getUserProfile"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Failed to get user profile: ${error.message}`, { cause: error });
+    }
+  }
+  async updateUserProfile(profileData) {
+    this._requireReady("updateUserProfile");
+    try {
+      const response = await this._request("/users/profile", {
+        method: "PATCH",
+        body: JSON.stringify(profileData),
+        methodName: "updateUserProfile"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Failed to update user profile: ${error.message}`, { cause: error });
+    }
+  }
+  async getUserProjects() {
+    this._requireReady("getUserProjects");
+    try {
+      const response = await this._request("/users/projects", {
+        method: "GET",
+        methodName: "getUserProjects"
+      });
+      if (response.success) {
+        return response.data.map((project) => ({
+          ...project,
+          ...project.icon && {
+            icon: {
+              src: `${this._apiUrl}/core/files/public/${project.icon.id}/download`,
+              ...project.icon
+            }
+          }
+        }));
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Failed to get user projects: ${error.message}`, { cause: error });
+    }
+  }
+  async getUser(userId) {
+    this._requireReady("getUser");
     if (!userId) {
       throw new Error("User ID is required");
     }
-    if (!this._userRoles.has(newRole)) {
-      throw new Error(`Invalid role: ${newRole}`);
+    try {
+      const response = await this._request(`/users/${userId}`, {
+        method: "GET",
+        methodName: "getUser"
+      });
+      if (response.success) {
+        return response.data;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      throw new Error(`Failed to get user: ${error.message}`, { cause: error });
+    }
+  }
+  async getUserByEmail(email) {
+    this._requireReady("getUserByEmail");
+    if (!email) {
+      throw new Error("Email is required");
     }
     try {
-      const based = this._getBasedService("updateUserRole");
-      return await based.call("users:update-role", { userId, role: newRole });
+      const response = await this._request(`/auth/user?email=${email}`, {
+        method: "GET",
+        methodName: "getUserByEmail"
+      });
+      if (response.success) {
+        return response.data.user;
+      }
+      throw new Error(response.message);
     } catch (error) {
-      throw new Error(`Failed to update user role: ${error.message}`);
+      throw new Error(`Failed to get user by email: ${error.message}`, { cause: error });
     }
   }
-  async updateProjectTier(projectId, newTier) {
-    this._requireReady("updateProjectTier");
+  // ==================== PROJECT ROLE METHODS ====================
+  /**
+   * Get the current user's role for a specific project by project ID
+   * Uses caching to avoid repeated API calls
+   */
+  async getMyProjectRole(projectId) {
+    this._requireReady("getMyProjectRole");
     if (!projectId) {
       throw new Error("Project ID is required");
     }
-    if (!this._projectTiers.has(newTier)) {
-      throw new Error(`Invalid project tier: ${newTier}`);
+    if (!this.hasValidTokens()) {
+      return "guest";
+    }
+    const cacheKey = `role_${projectId}`;
+    const cached = this._projectRoleCache.get(cacheKey);
+    if (cached && Date.now() - cached.timestamp < this._roleCacheExpiry) {
+      return cached.role;
+    }
+    try {
+      const response = await this._request(`/projects/${projectId}/role`, {
+        method: "GET",
+        methodName: "getMyProjectRole"
+      });
+      if (response.success) {
+        const { role } = response.data;
+        this._projectRoleCache.set(cacheKey, {
+          role,
+          timestamp: Date.now()
+        });
+        return role;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      const message = (error == null ? void 0 : error.message) || "";
+      if (/401|403|unauthorized|no token|invalid token/iu.test(message)) {
+        return "guest";
+      }
+      throw new Error(`Failed to get project role: ${message}`, { cause: error });
+    }
+  }
+  /**
+   * Get the current user's role for a specific project by project key
+   * Uses caching to avoid repeated API calls
+   */
+  async getMyProjectRoleByKey(projectKey) {
+    this._requireReady("getMyProjectRoleByKey");
+    if (!projectKey) {
+      throw new Error("Project key is required");
+    }
+    if (!this.hasValidTokens()) {
+      return "guest";
+    }
+    const cacheKey = `role_key_${projectKey}`;
+    const cached = this._projectRoleCache.get(cacheKey);
+    if (cached && Date.now() - cached.timestamp < this._roleCacheExpiry) {
+      return cached.role;
     }
     try {
-      const based = this._getBasedService("updateProjectTier");
-      return await based.call("projects:update-tier", {
-        projectId,
-        tier: newTier
+      const response = await this._request(`/projects/key/${projectKey}/role`, {
+        method: "GET",
+        methodName: "getMyProjectRoleByKey"
       });
+      if (response.success) {
+        const { role } = response.data;
+        this._projectRoleCache.set(cacheKey, {
+          role,
+          timestamp: Date.now()
+        });
+        return role;
+      }
+      throw new Error(response.message);
+    } catch (error) {
+      const message = (error == null ? void 0 : error.message) || "";
+      if (/401|403|unauthorized|no token|invalid token/iu.test(message)) {
+        return "guest";
+      }
+      throw new Error(`Failed to get project role by key: ${message}`, { cause: error });
+    }
+  }
+  /**
+   * Clear the project role cache for a specific project or all projects
+   */
+  clearProjectRoleCache(projectId = null) {
+    if (projectId) {
+      this._projectRoleCache.delete(`role_${projectId}`);
+      for (const [key] of this._projectRoleCache) {
+        if (key.startsWith("role_key_")) {
+          this._projectRoleCache.delete(key);
+        }
+      }
+    } else {
+      this._projectRoleCache.clear();
+    }
+  }
+  /**
+   * Get project role with fallback to user projects list
+   * This method tries to get the role from user projects first,
+   * then falls back to API call if not found
+   */
+  async getProjectRoleWithFallback(projectId, userProjects = null) {
+    this._requireReady("getProjectRoleWithFallback");
+    if (!projectId) {
+      throw new Error("Project ID is required");
+    }
+    if (userProjects && Array.isArray(userProjects)) {
+      const userProject = userProjects.find((p) => p.id === projectId);
+      if (userProject && userProject.role) {
+        return userProject.role;
+      }
+    }
+    return await this.getMyProjectRole(projectId);
+  }
+  /**
+   * Get project role with fallback to user projects list (by project key)
+   * This method tries to get the role from user projects first,
+   * then falls back to API call if not found
+   */
+  async getProjectRoleByKeyWithFallback(projectKey, userProjects = null) {
+    this._requireReady("getProjectRoleByKeyWithFallback");
+    if (!projectKey) {
+      throw new Error("Project key is required");
+    }
+    if (userProjects && Array.isArray(userProjects)) {
+      const userProject = userProjects.find((p) => p.key === projectKey);
+      if (userProject && userProject.role) {
+        return userProject.role;
+      }
+    }
+    return await this.getMyProjectRoleByKey(projectKey);
+  }
+  // ==================== AUTH HELPER METHODS ====================
+  /**
+   * Debug method to check token status
+   */
+  getTokenDebugInfo() {
+    if (!this._tokenManager) {
+      return {
+        tokenManagerExists: false,
+        error: "TokenManager not initialized"
+      };
+    }
+    const tokenStatus = this._tokenManager.getTokenStatus();
+    const { tokens } = this._tokenManager;
+    return {
+      tokenManagerExists: true,
+      tokenStatus,
+      hasAccessToken: Boolean(tokens.accessToken),
+      hasRefreshToken: Boolean(tokens.refreshToken),
+      accessTokenPreview: tokens.accessToken ? `${tokens.accessToken.substring(0, 20)}...` : null,
+      expiresAt: tokens.expiresAt,
+      timeToExpiry: tokenStatus.timeToExpiry,
+      authHeader: this._tokenManager.getAuthHeader()
+    };
+  }
+  /**
+   * Helper method to check if user is authenticated
+   */
+  isAuthenticated() {
+    if (!this._tokenManager) {
+      return false;
+    }
+    return this._tokenManager.hasTokens();
+  }
+  /**
+   * Helper method to check if user has valid tokens
+   */
+  hasValidTokens() {
+    if (!this._tokenManager) {
+      return false;
+    }
+    return this._tokenManager.hasTokens() && this._tokenManager.isAccessTokenValid();
+  }
+  /**
+   * Helper method to get current user info
+   */
+  async getCurrentUser() {
+    try {
+      return await this.getMe();
     } catch (error) {
-      throw new Error(`Failed to update project tier: ${error.message}`);
+      throw new Error(`Failed to get current user: ${error.message}`, { cause: error });
+    }
+  }
+  /**
+   * Helper method to validate user data for registration
+   */
+  validateRegistrationData(userData) {
+    const errors = [];
+    if (!userData.email || typeof userData.email !== "string") {
+      errors.push("Email is required and must be a string");
+    } else if (!this._isValidEmail(userData.email)) {
+      errors.push("Email must be a valid email address");
+    }
+    if (!userData.password || typeof userData.password !== "string") {
+      errors.push("Password is required and must be a string");
+    } else if (userData.password.length < 8) {
+      errors.push("Password must be at least 8 characters long");
+    }
+    if (userData.username && typeof userData.username !== "string") {
+      errors.push("Username must be a string");
+    } else if (userData.username && userData.username.length < 3) {
+      errors.push("Username must be at least 3 characters long");
+    }
+    return {
+      isValid: errors.length === 0,
+      errors
+    };
+  }
+  /**
+   * Helper method to register with validation
+   */
+  async registerWithValidation(userData, options = {}) {
+    const validation = this.validateRegistrationData(userData);
+    if (!validation.isValid) {
+      throw new Error(`Validation failed: ${validation.errors.join(", ")}`);
+    }
+    return await this.register(userData, options);
+  }
+  /**
+   * Helper method to login with validation
+   */
+  async loginWithValidation(email, password, options = {}) {
+    if (!email || typeof email !== "string") {
+      throw new Error("Email is required and must be a string");
+    }
+    if (!password || typeof password !== "string") {
+      throw new Error("Password is required and must be a string");
     }
+    if (!this._isValidEmail(email)) {
+      throw new Error("Email must be a valid email address");
+    }
+    return await this.login(email, password, options);
+  }
+  /**
+   * Private helper to validate email format
+   */
+  _isValidEmail(email) {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/u;
+    return emailRegex.test(email);
   }
+  // ==================== PERMISSION METHODS (Existing) ====================
   hasPermission(requiredPermission) {
     var _a;
     const authState = (_a = this._context) == null ? void 0 : _a.state;
@@ -234,23 +788,17 @@ class AuthService extends BaseService {
     if (!operationConfig) {
       return false;
     }
-    if (!operationConfig) {
-      return false;
-    }
     const { permissions = [], features = [] } = operationConfig;
     try {
       const permissionResults = await Promise.all(
         permissions.map(
-          (permission) => this.hasProjectPermission(projectId, permission)
+          (permission) => this.checkProjectPermission(projectId, permission)
         )
       );
       const hasPermissions = requireAll ? permissionResults.every(Boolean) : permissionResults.some(Boolean);
       if (!hasPermissions) {
         return false;
       }
-      if (!hasPermissions) {
-        return false;
-      }
       if (checkFeatures && features.length > 0) {
         const featureResults = features.map((feature) => {
           const result = this.hasProjectFeature(projectId, feature);
@@ -260,9 +808,6 @@ class AuthService extends BaseService {
         if (!hasFeatures) {
           return false;
         }
-        if (!hasFeatures) {
-          return false;
-        }
       }
       return true;
     } catch (error) {
@@ -284,205 +829,92 @@ class AuthService extends BaseService {
     }
     return action();
   }
-  // Project access information
-  async getProjectAccess(projectId) {
-    this._requireReady();
-    if (!projectId) {
-      throw new Error("Project ID is required");
-    }
-    const operations = Object.keys(PERMISSION_MAP);
-    const access = await Promise.all(
-      operations.map(async (operation) => {
-        const allowed = await this.canPerformOperation(projectId, operation);
-        const config = PERMISSION_MAP[operation];
-        return {
-          operation,
-          allowed,
-          permissions: config.permissions,
-          features: config.features,
-          aiTokens: operation.startsWith("ai") ? this._getAITokens(projectId, operation.replace("ai", "")) : null
-        };
-      })
-    );
-    return {
-      projectId,
-      permissions: access.reduce(
-        (acc, { operation, ...details }) => ({
-          ...acc,
-          [operation]: details
-        }),
-        {}
-      ),
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
+  // Cleanup
+  destroy() {
+    if (this._tokenManager) {
+      this._tokenManager.destroy();
+      this._tokenManager = null;
+    }
+    this._projectRoleCache.clear();
+    this._setReady(false);
   }
-  // AI token management
-  _getAITokens(projectId, featureType) {
-    const tokenFeatures = [
-      `ai${featureType}:3`,
-      `ai${featureType}:5`,
-      `ai${featureType}:15`
-    ];
-    return tokenFeatures.reduce((total, feature) => {
-      const tokens = this.hasProjectFeature(projectId, feature);
-      return total + (typeof tokens === "number" ? tokens : 0);
-    }, 0);
-  }
-  async getProjectMembers(projectId) {
-    var _a;
-    this._requireReady("getProjectMembers");
-    if (!projectId) {
-      throw new Error("Project ID is required");
-    }
-    try {
-      const based = this._getBasedService("getProjectMembers");
-      return await based.call("projects:get-members", { projectId });
-    } catch (error) {
-      if ((_a = error.message) == null ? void 0 : _a.includes("Authentication failed. Please try again"))
-        window.location.reload();
-      throw new Error(`Failed to get project members: ${error.message}`);
-    }
-  }
-  async inviteMember(projectId, email, role, name, callbackUrl) {
-    this._requireReady("inviteMember");
-    if (!projectId) {
-      throw new Error("Project ID is required");
-    }
-    if (!email) {
-      throw new Error("Email is required");
-    }
-    if (!callbackUrl || Object.keys(callbackUrl).length === 0) {
-      throw new Error("Callback Url is required");
-    }
-    if (!role || !this._userRoles.has(role)) {
-      throw new Error(`Invalid role: ${role}`);
-    }
-    try {
-      const based = this._getBasedService("inviteMember");
-      return await based.call("projects:invite-member", {
-        projectId,
-        email,
-        role,
-        name,
-        callbackUrl
-      });
-    } catch (error) {
-      throw new Error(`Failed to invite member: ${error.message}`);
-    }
+  _preparePluginPayload(payload, sessionOverride = null) {
+    const target = payload && typeof payload === "object" ? { ...payload } : {};
+    const session = this._resolvePluginSession(sessionOverride);
+    if (session && !Object.hasOwn(target, "session")) {
+      target.session = session;
+      return { payload: target, session };
+    }
+    return { payload: target, session: null };
   }
-  async acceptInvite(token) {
-    this._requireReady("acceptInvite");
-    try {
-      const based = this._getBasedService("acceptInvite");
-      return await based.call("projects:accept-invite", { token });
-    } catch (error) {
-      throw new Error(`Failed to accept invite: ${error.message}`);
-    }
-  }
-  async updateMemberRole(projectId, userId, role) {
-    this._requireReady("updateMemberRole");
-    if (!projectId) {
-      throw new Error("Project ID is required");
-    }
-    if (!userId) {
-      throw new Error("User ID is required");
-    }
-    if (!this._userRoles.has(role)) {
-      throw new Error(`Invalid role: ${role}`);
+  _resolvePluginSession(sessionOverride = null) {
+    var _a, _b;
+    if (sessionOverride) {
+      return this._cachePluginSession(sessionOverride);
     }
-    try {
-      const based = this._getBasedService("updateMemberRole");
-      return await based.call("projects:update-member-role", {
-        projectId,
-        userId,
-        role
-      });
-    } catch (error) {
-      throw new Error(`Failed to update member role: ${error.message}`);
+    if (this._pluginSession) {
+      return this._pluginSession;
     }
-  }
-  async removeMember(projectId, userId) {
-    this._requireReady("removeMember");
-    if (!projectId || !userId) {
-      throw new Error("Project ID and user ID are required");
+    const optionSession = (_a = this._options) == null ? void 0 : _a.pluginSession;
+    if (optionSession) {
+      return this._cachePluginSession(optionSession);
     }
-    try {
-      const based = this._getBasedService("removeMember");
-      return await based.call("projects:remove-member", { projectId, userId });
-    } catch (error) {
-      throw new Error(`Failed to remove member: ${error.message}`);
+    const contextSession = (_b = this._context) == null ? void 0 : _b.pluginSession;
+    if (contextSession) {
+      return this._cachePluginSession(contextSession);
     }
-  }
-  async confirmRegistration(token) {
-    try {
-      const based = this._getBasedService("confirmRegistration");
-      return await based.call("users:register-confirmation", { token });
-    } catch (error) {
-      throw new Error(`Registration confirmation failed: ${error.message}`);
+    if (typeof window !== "undefined") {
+      try {
+        const sessionFromUrl = new URL(window.location.href).searchParams.get("session");
+        if (sessionFromUrl) {
+          return this._cachePluginSession(sessionFromUrl);
+        }
+      } catch {
+      }
+      try {
+        if (window.localStorage) {
+          const stored = window.localStorage.getItem(PLUGIN_SESSION_STORAGE_KEY);
+          if (stored) {
+            this._pluginSession = stored;
+            return stored;
+          }
+        }
+      } catch {
+      }
     }
+    return null;
   }
-  async requestPasswordReset(email, callbackUrl) {
-    try {
-      const based = this._getBasedService("requestPasswordReset");
-      return await based.call("users:reset-password", { email, callbackUrl });
-    } catch (error) {
-      throw new Error(`Password reset request failed: ${error.message}`);
+  _cachePluginSession(session) {
+    if (!session) {
+      return null;
+    }
+    this._pluginSession = session;
+    if (typeof window !== "undefined") {
+      try {
+        if (window.localStorage) {
+          window.localStorage.setItem(PLUGIN_SESSION_STORAGE_KEY, session);
+        }
+      } catch {
+      }
     }
+    return session;
   }
-  async confirmPasswordReset(token, newPassword) {
-    try {
-      const based = this._getBasedService("confirmPasswordReset");
-      return await based.call("users:reset-password-confirm", {
-        token,
-        newPassword
-      });
-    } catch (error) {
-      throw new Error(`Password reset confirmation failed: ${error.message}`);
-    }
+  setPluginSession(session) {
+    this._cachePluginSession(session);
   }
-  async getStoredAuthState() {
-    try {
-      const based = this._getBasedService("getStoredAuthState");
-      const { authState } = based;
-      if (authState == null ? void 0 : authState.token) {
-        return {
-          userId: authState.userId,
-          authToken: authState.token,
-          projectRoles: authState.projectRoles,
-          globalRole: authState.globalRole,
-          error: null
-        };
+  _clearPluginSession(session = null) {
+    if (!session || this._pluginSession === session) {
+      this._pluginSession = null;
+    }
+    if (typeof window !== "undefined") {
+      try {
+        if (window.localStorage) {
+          window.localStorage.removeItem(PLUGIN_SESSION_STORAGE_KEY);
+        }
+      } catch {
       }
-      return {
-        userId: false,
-        authToken: false
-      };
-    } catch (error) {
-      this._setError(error);
-      return {
-        userId: false,
-        authToken: false,
-        error: `Failed to get stored auth state: ${error.message}`
-      };
     }
   }
-  async subscribeToAuthChanges(callback) {
-    const based = this._getBasedService("subscribeToAuthChanges");
-    based.on("authstate-change", async (authState) => {
-      const formattedState = (authState == null ? void 0 : authState.token) ? {
-        userId: authState.userId,
-        authToken: authState.token,
-        projectRoles: authState.projectRoles,
-        globalRole: authState.globalRole,
-        error: null
-      } : {
-        userId: false,
-        authToken: false
-      };
-      await callback(formattedState);
-    });
-    return () => based.off("authstate-change");
-  }
 }
 export {
   AuthService