@tern-secure/auth 1.0.0

package/dist/cjs/instance/TernAuthServer.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/instance/TernAuthServer.ts"],"sourcesContent":["import type { TernSecureConfig, TernSecureUser } from \"@tern-secure/types\";\nimport type {\n  FirebaseServerApp,\n  FirebaseServerAppSettings} from \"firebase/app\";\nimport {\n  initializeServerApp\n} from \"firebase/app\";\nimport type { Auth} from \"firebase/auth\";\nimport { getAuth, getIdToken } from \"firebase/auth\";\n\ntype TernSecureServerConfig = {\n  apiKey: string;\n};\nexport interface TernServerAuthOptions {\n  firebaseConfig?: TernSecureConfig;\n  firebaseServerConfig?: TernSecureServerConfig;\n  authIdToken?: string;\n}\n\nexport interface AuthenticatedApp {\n  firebaseServerApp: FirebaseServerApp;\n  auth: Auth;\n  currentUser?: TernSecureUser | null;\n}\n\nexport class TernServerAuth {\n  private static instance: TernServerAuth | null = null;\n  private auth!: Auth;\n  #options: TernServerAuthOptions = {};\n\n  public constructor() {}\n\n  static getInstance(): TernServerAuth {\n    if (!this.instance) {\n      this.instance = new TernServerAuth();\n    }\n    return this.instance;\n  }\n\n  public static initialize(options: TernServerAuthOptions): TernServerAuth {\n    const instance = this.getInstance();\n    instance.#initialize(options);\n    return instance;\n  }\n\n  #initialize(options: TernServerAuthOptions): void {\n    this.#options = this.#initOptions(options);\n  }\n\n  static clearInstance(): void {\n    this.instance = null;\n  }\n\n  getAuthIdToken = async (): Promise<string | undefined> => {\n    await this.auth.authStateReady();\n    if (!this.auth.currentUser) return;\n    return await getIdToken(this.auth.currentUser);\n  };\n\n  getAuthenticatedAppFromHeaders = async (headers: {\n    get: (key: string) => string | null;\n  }): Promise<AuthenticatedApp> => {\n    const authHeader = headers.get(\"Authorization\");\n    const idToken = authHeader?.split(\"Bearer \")[1];\n\n    let appSettings: FirebaseServerAppSettings = {};\n\n    appSettings = {\n      releaseOnDeref: headers,\n    };\n\n    if (idToken && idToken.trim()) {\n      appSettings.authIdToken = idToken;\n    }\n\n    return this.getServerApp(appSettings);\n  };\n\n  getServerApp = async (\n    appSettings?: FirebaseServerAppSettings\n  ): Promise<AuthenticatedApp> => {\n    const firebaseServerConfig = this.#options.firebaseServerConfig;\n    if (!firebaseServerConfig) {\n      throw new Error(\n        \"Firebase server configuration is required to initialize the server app\"\n      );\n    }\n\n    const firebaseServerApp = initializeServerApp(\n      firebaseServerConfig,\n      appSettings || {}\n    );\n\n    this.auth = getAuth(firebaseServerApp);\n    await this.auth.authStateReady();\n\n    return {\n      firebaseServerApp,\n      currentUser: this.auth.currentUser,\n      auth: this.auth,\n    };\n  };\n\n  #initOptions = (options?: TernServerAuthOptions): TernServerAuthOptions => {\n    return {\n      ...options,\n    };\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,iBAEO;AAEP,kBAAoC;AAiB7B,MAAM,eAAe;AAAA,EAC1B,OAAe,WAAkC;AAAA,EACzC;AAAA,EACR,WAAkC,CAAC;AAAA,EAE5B,cAAc;AAAA,EAAC;AAAA,EAEtB,OAAO,cAA8B;AACnC,QAAI,CAAC,KAAK,UAAU;AAClB,WAAK,WAAW,IAAI,eAAe;AAAA,IACrC;AACA,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAc,WAAW,SAAgD;AACvE,UAAM,WAAW,KAAK,YAAY;AAClC,aAAS,YAAY,OAAO;AAC5B,WAAO;AAAA,EACT;AAAA,EAEA,YAAY,SAAsC;AAChD,SAAK,WAAW,KAAK,aAAa,OAAO;AAAA,EAC3C;AAAA,EAEA,OAAO,gBAAsB;AAC3B,SAAK,WAAW;AAAA,EAClB;AAAA,EAEA,iBAAiB,YAAyC;AACxD,UAAM,KAAK,KAAK,eAAe;AAC/B,QAAI,CAAC,KAAK,KAAK,YAAa;AAC5B,WAAO,UAAM,wBAAW,KAAK,KAAK,WAAW;AAAA,EAC/C;AAAA,EAEA,iCAAiC,OAAO,YAEP;AAC/B,UAAM,aAAa,QAAQ,IAAI,eAAe;AAC9C,UAAM,UAAU,yCAAY,MAAM,WAAW;AAE7C,QAAI,cAAyC,CAAC;AAE9C,kBAAc;AAAA,MACZ,gBAAgB;AAAA,IAClB;AAEA,QAAI,WAAW,QAAQ,KAAK,GAAG;AAC7B,kBAAY,cAAc;AAAA,IAC5B;AAEA,WAAO,KAAK,aAAa,WAAW;AAAA,EACtC;AAAA,EAEA,eAAe,OACb,gBAC8B;AAC9B,UAAM,uBAAuB,KAAK,SAAS;AAC3C,QAAI,CAAC,sBAAsB;AACzB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,wBAAoB;AAAA,MACxB;AAAA,MACA,eAAe,CAAC;AAAA,IAClB;AAEA,SAAK,WAAO,qBAAQ,iBAAiB;AACrC,UAAM,KAAK,KAAK,eAAe;AAE/B,WAAO;AAAA,MACL;AAAA,MACA,aAAa,KAAK,KAAK;AAAA,MACvB,MAAM,KAAK;AAAA,IACb;AAAA,EACF;AAAA,EAEA,eAAe,CAAC,YAA2D;AACzE,WAAO;AAAA,MACL,GAAG;AAAA,IACL;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/instance/coreApiClient.example.js

@@ -0,0 +1,96 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var coreApiClient_example_exports = {};
+__export(coreApiClient_example_exports, {
+  basicExample: () => basicExample,
+  clientWithHooksExample: () => clientWithHooksExample,
+  postExample: () => postExample
+});
+module.exports = __toCommonJS(coreApiClient_example_exports);
+var import_coreApiClient = require("./coreApiClient");
+async function basicExample() {
+  var _a;
+  try {
+    const response = await import_coreApiClient.coreApiClient.request({
+      path: "/users",
+      method: "GET"
+      //search: { limit: 10, offset: 0 }
+    }, {
+      apiUrl: "https://api.example.com",
+      timeoutMs: 5e3
+    });
+    console.log("Users:", (_a = response.payload) == null ? void 0 : _a.response.users);
+  } catch (error) {
+    console.error("Failed to fetch users:", error);
+  }
+}
+async function clientWithHooksExample() {
+  var _a;
+  const client = new import_coreApiClient.CoreApiClient({
+    apiUrl: "https://api.example.com",
+    timeoutMs: 1e4,
+    failureThreshold: 3,
+    maxTries: 5
+  });
+  client.onBeforeRequest(() => {
+    const token = localStorage.getItem("auth_token");
+    return !!token;
+  });
+  client.onAfterResponse((response) => {
+    console.log(`Response: ${response.status}`);
+    return true;
+  });
+  try {
+    const response = await client.request({
+      path: "/protected-resource",
+      method: "GET",
+      sessionId: "user-session-123"
+    });
+    console.log("Protected data:", (_a = response.payload) == null ? void 0 : _a.response);
+  } catch (error) {
+    console.error("Request failed:", error);
+  }
+}
+async function postExample() {
+  var _a;
+  try {
+    const response = await import_coreApiClient.coreApiClient.request({
+      path: "/users",
+      method: "POST",
+      body: {
+        firstName: "John",
+        lastName: "Doe",
+        emailAddress: "john.doe@example.com"
+      }
+      // Cast to any since our implementation handles object-to-form conversion
+    }, {
+      apiUrl: "https://api.example.com"
+    });
+    console.log("Created user:", (_a = response.payload) == null ? void 0 : _a.response);
+  } catch (error) {
+    console.error("Failed to create user:", error);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  basicExample,
+  clientWithHooksExample,
+  postExample
+});
+//# sourceMappingURL=coreApiClient.example.js.map

package/dist/cjs/instance/coreApiClient.example.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/instance/coreApiClient.example.ts"],"sourcesContent":["/**\n * Example usage of CoreApiClient\n */\n\nimport { CoreApiClient, coreApiClient } from './coreApiClient';\n\n// Example 1: Basic usage with default instance\nasync function basicExample() {\n  try {\n    const response = await coreApiClient.request<{ users: any[] }>({\n      path: '/users',\n      method: 'GET',\n      //search: { limit: 10, offset: 0 }\n    }, {\n      apiUrl: 'https://api.example.com',\n      timeoutMs: 5000\n    });\n\n    console.log('Users:', response.payload?.response.users);\n  } catch (error) {\n    console.error('Failed to fetch users:', error);\n  }\n}\n\n// Example 2: Custom client with hooks\nasync function clientWithHooksExample() {\n  const client = new CoreApiClient({\n    apiUrl: 'https://api.example.com',\n    timeoutMs: 10000,\n    failureThreshold: 3,\n    maxTries: 5\n  });\n\n  // Add authentication hook\n  client.onBeforeRequest(() => {\n    const token = localStorage.getItem('auth_token');\n    return !!token; // Only proceed if token exists\n  });\n\n  // Add logging hook\n  client.onAfterResponse((response) => {\n    console.log(`Response: ${response.status}`);\n    return true;\n  });\n\n  try {\n    const response = await client.request({\n      path: '/protected-resource',\n      method: 'GET',\n      sessionId: 'user-session-123'\n    });\n\n    console.log('Protected data:', response.payload?.response);\n  } catch (error) {\n    console.error('Request failed:', error);\n  }\n}\n\n// Example 3: POST request with form data\nasync function postExample() {\n  try {\n    const response = await coreApiClient.request({\n      path: '/users',\n      method: 'POST',\n      body: {\n        firstName: 'John',\n        lastName: 'Doe',\n        emailAddress: 'john.doe@example.com'\n      } as any // Cast to any since our implementation handles object-to-form conversion\n    }, {\n      apiUrl: 'https://api.example.com'\n    });\n\n    console.log('Created user:', response.payload?.response);\n  } catch (error) {\n    console.error('Failed to create user:', error);\n  }\n}\n\nexport { basicExample, clientWithHooksExample, postExample };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,2BAA6C;AAG7C,eAAe,eAAe;AAP9B;AAQE,MAAI;AACF,UAAM,WAAW,MAAM,mCAAc,QAA0B;AAAA,MAC7D,MAAM;AAAA,MACN,QAAQ;AAAA;AAAA,IAEV,GAAG;AAAA,MACD,QAAQ;AAAA,MACR,WAAW;AAAA,IACb,CAAC;AAED,YAAQ,IAAI,WAAU,cAAS,YAAT,mBAAkB,SAAS,KAAK;AAAA,EACxD,SAAS,OAAO;AACd,YAAQ,MAAM,0BAA0B,KAAK;AAAA,EAC/C;AACF;AAGA,eAAe,yBAAyB;AAzBxC;AA0BE,QAAM,SAAS,IAAI,mCAAc;AAAA,IAC/B,QAAQ;AAAA,IACR,WAAW;AAAA,IACX,kBAAkB;AAAA,IAClB,UAAU;AAAA,EACZ,CAAC;AAGD,SAAO,gBAAgB,MAAM;AAC3B,UAAM,QAAQ,aAAa,QAAQ,YAAY;AAC/C,WAAO,CAAC,CAAC;AAAA,EACX,CAAC;AAGD,SAAO,gBAAgB,CAAC,aAAa;AACnC,YAAQ,IAAI,aAAa,SAAS,MAAM,EAAE;AAC1C,WAAO;AAAA,EACT,CAAC;AAED,MAAI;AACF,UAAM,WAAW,MAAM,OAAO,QAAQ;AAAA,MACpC,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,WAAW;AAAA,IACb,CAAC;AAED,YAAQ,IAAI,oBAAmB,cAAS,YAAT,mBAAkB,QAAQ;AAAA,EAC3D,SAAS,OAAO;AACd,YAAQ,MAAM,mBAAmB,KAAK;AAAA,EACxC;AACF;AAGA,eAAe,cAAc;AA3D7B;AA4DE,MAAI;AACF,UAAM,WAAW,MAAM,mCAAc,QAAQ;AAAA,MAC3C,MAAM;AAAA,MACN,QAAQ;AAAA,MACR,MAAM;AAAA,QACJ,WAAW;AAAA,QACX,UAAU;AAAA,QACV,cAAc;AAAA,MAChB;AAAA;AAAA,IACF,GAAG;AAAA,MACD,QAAQ;AAAA,IACV,CAAC;AAED,YAAQ,IAAI,kBAAiB,cAAS,YAAT,mBAAkB,QAAQ;AAAA,EACzD,SAAS,OAAO;AACd,YAAQ,MAAM,0BAA0B,KAAK;AAAA,EAC/C;AACF;","names":[]}

package/dist/cjs/instance/coreApiClient.js

@@ -0,0 +1,255 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var coreApiClient_exports = {};
+__export(coreApiClient_exports, {
+  CircuitOpenError: () => CircuitOpenError,
+  CoreApiClient: () => CoreApiClient,
+  HTTPError: () => HTTPError,
+  NetworkError: () => NetworkError,
+  TimeoutError: () => TimeoutError,
+  coreApiClient: () => coreApiClient
+});
+module.exports = __toCommonJS(coreApiClient_exports);
+var import_utils = require("../utils");
+class NetworkError extends Error {
+  constructor(url, original) {
+    super(`Network error for ${url}: ${original.message}`);
+    this.url = url;
+    this.original = original;
+    this.name = "NetworkError";
+  }
+}
+class TimeoutError extends Error {
+  constructor() {
+    super("Request timed out");
+    this.name = "TimeoutError";
+  }
+}
+class CircuitOpenError extends Error {
+  constructor() {
+    super("Circuit breaker is open");
+    this.name = "CircuitOpenError";
+  }
+}
+class HTTPError extends Error {
+  constructor(status, url, body) {
+    super(`HTTP ${status} error for ${url}`);
+    this.status = status;
+    this.url = url;
+    this.body = body;
+    this.name = "HTTPError";
+  }
+}
+function camelToSnake(str) {
+  return str.replace(/[A-Z]/g, (letter) => `_${letter.toLowerCase()}`);
+}
+function jitteredDelay(delay) {
+  return delay * Math.random();
+}
+function buildUrl(requestInit, options) {
+  const { path } = requestInit;
+  const baseUrl = options.apiUrl;
+  if (!baseUrl) {
+    throw new Error("API URL is required");
+  }
+  const fullPath = path ? path.startsWith("/") ? path : `/${path}` : "";
+  const fullUrl = baseUrl.replace(/\/$/, "") + fullPath;
+  return (0, import_utils.buildURL)(
+    {
+      base: fullUrl,
+      searchParams: requestInit.search ? new URLSearchParams(requestInit.search) : void 0
+    },
+    { stringify: false }
+  );
+}
+class CoreApiClient {
+  constructor(options = {}) {
+    this.options = options;
+  }
+  circuitBreaker = {
+    failures: 0,
+    lastFailureTime: 0,
+    state: "closed"
+  };
+  beforeRequestHooks = [];
+  afterResponseHooks = [];
+  onBeforeRequest(hook) {
+    this.beforeRequestHooks.push(hook);
+  }
+  onAfterResponse(hook) {
+    this.afterResponseHooks.push(hook);
+  }
+  async runBeforeRequestHooks() {
+    for (const hook of this.beforeRequestHooks) {
+      const result = await hook();
+      if (result === false) return false;
+    }
+    return true;
+  }
+  async runAfterResponseHooks(response) {
+    for (const hook of this.afterResponseHooks) {
+      await hook(response);
+    }
+  }
+  checkCircuitBreaker() {
+    const { recoveryTimeoutMs = 6e4 } = this.options;
+    const now = Date.now();
+    if (this.circuitBreaker.state === "open") {
+      if (now - this.circuitBreaker.lastFailureTime >= recoveryTimeoutMs) {
+        this.circuitBreaker.state = "half-open";
+      } else {
+        throw new CircuitOpenError();
+      }
+    }
+  }
+  recordSuccess() {
+    this.circuitBreaker.failures = 0;
+    this.circuitBreaker.state = "closed";
+  }
+  recordFailure() {
+    const { failureThreshold = 5 } = this.options;
+    this.circuitBreaker.failures++;
+    this.circuitBreaker.lastFailureTime = Date.now();
+    if (this.circuitBreaker.failures >= failureThreshold) {
+      this.circuitBreaker.state = "open";
+    }
+  }
+  shouldRetry(error, method, attempt, maxTries) {
+    const isRetryable = error instanceof NetworkError && method.toUpperCase() === "GET" && attempt < maxTries;
+    if (!isRetryable) {
+      this.recordFailure();
+    }
+    return isRetryable;
+  }
+  async retryWithBackoff(attemptFn, shouldRetry) {
+    const {
+      initialDelay = 700,
+      factor = 2,
+      maxDelay = 5e3,
+      maxTries = typeof navigator !== "undefined" && navigator.onLine ? 4 : 11
+    } = this.options;
+    let lastError;
+    for (let attempt = 1; attempt <= maxTries; attempt++) {
+      try {
+        const result = await attemptFn();
+        this.recordSuccess();
+        return result;
+      } catch (error) {
+        lastError = error;
+        if (!shouldRetry(error, attempt)) {
+          throw error;
+        }
+        this.recordFailure();
+        if (attempt < maxTries) {
+          const delay = Math.min(initialDelay * Math.pow(factor, attempt - 1), maxDelay);
+          await new Promise((resolve) => setTimeout(resolve, jitteredDelay(delay)));
+        }
+      }
+    }
+    throw lastError;
+  }
+  async request(init, opts = {}) {
+    const requestInit = { ...init };
+    const { method = "GET", body } = requestInit;
+    requestInit.url = buildUrl({ ...init }, { ...opts });
+    this.checkCircuitBreaker();
+    const shouldContinue = await this.runBeforeRequestHooks();
+    if (!shouldContinue) {
+      const mockResponse = new Response("{}", {
+        status: 200
+      });
+      mockResponse.payload = { response: {} };
+      await this.runAfterResponseHooks(mockResponse);
+      return mockResponse;
+    }
+    const mergedOptions = { ...opts };
+    const { timeoutMs } = mergedOptions;
+    const overwrittenRequestMethod = method === "GET" ? "GET" : "POST";
+    const url = requestInit.url.toString();
+    console.log("Request URL:", url);
+    requestInit.headers = new Headers(requestInit.headers);
+    if (method !== "GET" && !(body instanceof FormData) && !requestInit.headers.has("content-type")) {
+      requestInit.headers.set("content-type", "application/json");
+    }
+    if (requestInit.headers.get("content-type") === "application/x-www-form-urlencoded") {
+      requestInit.body = body ? (0, import_utils.stringifyQueryParams)(body, {
+        keyEncoder: camelToSnake
+      }) : body;
+    } else if (requestInit.headers.get("content-type") === "application/json" && body) {
+      requestInit.body = typeof body === "string" ? body : JSON.stringify(body);
+    }
+    const attemptRequest = async () => {
+      const controller = new AbortController();
+      const timeoutId = timeoutMs ? setTimeout(() => {
+        controller.abort();
+      }, timeoutMs) : null;
+      let response;
+      const fetchOpts = {
+        ...requestInit,
+        credentials: "include",
+        method: overwrittenRequestMethod
+      };
+      try {
+        response = await fetch(url, fetchOpts);
+        if (timeoutId) clearTimeout(timeoutId);
+        let payload = null;
+        if (response.status === 204) {
+          payload = null;
+        } else {
+          try {
+            const json = await response.json();
+            payload = json;
+          } catch {
+            payload = { response: {} };
+          }
+        }
+        const apiResponse = response;
+        apiResponse.payload = payload;
+        await this.runAfterResponseHooks(apiResponse);
+        return apiResponse;
+      } catch (error) {
+        if (timeoutId) clearTimeout(timeoutId);
+        if (error.name === "AbortError") {
+          throw new TimeoutError();
+        }
+        throw new NetworkError(url, error);
+      }
+    };
+    return this.retryWithBackoff(
+      attemptRequest,
+      (error, attempt) => this.shouldRetry(
+        error,
+        overwrittenRequestMethod,
+        attempt,
+        mergedOptions.maxTries || (typeof navigator !== "undefined" && navigator.onLine ? 4 : 11)
+      )
+    );
+  }
+}
+const coreApiClient = new CoreApiClient();
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  CircuitOpenError,
+  CoreApiClient,
+  HTTPError,
+  NetworkError,
+  TimeoutError,
+  coreApiClient
+});
+//# sourceMappingURL=coreApiClient.js.map

package/dist/cjs/instance/coreApiClient.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/instance/coreApiClient.ts"],"sourcesContent":["import type { TernSecureApiErrorJSON } from '@tern-secure/types';\n\nimport { buildURL as buildUrlUtil,stringifyQueryParams } from '../utils';\n\nexport type HTTPMethod =\n  | 'CONNECT'\n  | 'DELETE'\n  | 'GET'\n  | 'HEAD'\n  | 'OPTIONS'\n  | 'PATCH'\n  | 'POST'\n  | 'PUT'\n  | 'TRACE';\n\nexport type ApiRequestInit = RequestInit & {\n  path?: string;\n  search?: ConstructorParameters<typeof URLSearchParams>[0];\n  sessionId?: string;\n  url?: URL;\n};\n\nexport interface ApiResponseJSON<T> {\n  response: T;\n  errors?: TernSecureApiErrorJSON[];\n}\n\nexport type ApiResponse<T> = Response & { payload: ApiResponseJSON<T> | null };\n\nexport type ApiRequestCallback<T> = (request: ApiRequestInit, response?: ApiResponse<T>) => unknown;\n\nexport interface RequestOptions {\n  timeoutMs?: number;\n  maxTries?: number;\n  initialDelay?: number;\n  factor?: number;\n  maxDelay?: number;\n  failureThreshold?: number;\n  recoveryTimeoutMs?: number;\n  apiUrl?: string;\n  frontendApi?: string;\n}\n\nexport type BeforeRequestHook = () => boolean | Promise<boolean>;\nexport type AfterResponseHook = (response: ApiResponse<any>) => boolean | Promise<boolean>;\n\n// Error classes\nexport class NetworkError extends Error {\n  constructor(\n    public url: string,\n    public original: Error,\n  ) {\n    super(`Network error for ${url}: ${original.message}`);\n    this.name = 'NetworkError';\n  }\n}\n\nexport class TimeoutError extends Error {\n  constructor() {\n    super('Request timed out');\n    this.name = 'TimeoutError';\n  }\n}\n\nexport class CircuitOpenError extends Error {\n  constructor() {\n    super('Circuit breaker is open');\n    this.name = 'CircuitOpenError';\n  }\n}\n\nexport class HTTPError extends Error {\n  constructor(\n    public status: number,\n    public url: string,\n    public body?: any,\n  ) {\n    super(`HTTP ${status} error for ${url}`);\n    this.name = 'HTTPError';\n  }\n}\n\n// Circuit breaker state\ninterface CircuitBreakerState {\n  failures: number;\n  lastFailureTime: number;\n  state: 'closed' | 'open' | 'half-open';\n}\n\n// Utility functions\nfunction camelToSnake(str: string): string {\n  return str.replace(/[A-Z]/g, letter => `_${letter.toLowerCase()}`);\n}\n\nfunction jitteredDelay(delay: number): number {\n  return delay * Math.random();\n}\n\nfunction buildUrl(requestInit: ApiRequestInit, options: RequestOptions): URL {\n  const { path } = requestInit;\n  const baseUrl = options.apiUrl;\n\n  if (!baseUrl) {\n    throw new Error('API URL is required');\n  }\n\n  // Ensure proper URL construction by joining baseUrl and path\n  const fullPath = path ? (path.startsWith('/') ? path : `/${path}`) : '';\n  const fullUrl = baseUrl.replace(/\\/$/, '') + fullPath;\n\n  return buildUrlUtil(\n    {\n      base: fullUrl,\n      searchParams: requestInit.search ? new URLSearchParams(requestInit.search) : undefined,\n    },\n    { stringify: false },\n  );\n}\n\nexport class CoreApiClient {\n  private circuitBreaker: CircuitBreakerState = {\n    failures: 0,\n    lastFailureTime: 0,\n    state: 'closed',\n  };\n\n  private beforeRequestHooks: BeforeRequestHook[] = [];\n  private afterResponseHooks: AfterResponseHook[] = [];\n\n  constructor(private options: RequestOptions = {}) {}\n\n  onBeforeRequest(hook: BeforeRequestHook): void {\n    this.beforeRequestHooks.push(hook);\n  }\n\n  onAfterResponse(hook: AfterResponseHook): void {\n    this.afterResponseHooks.push(hook);\n  }\n\n  private async runBeforeRequestHooks(): Promise<boolean> {\n    for (const hook of this.beforeRequestHooks) {\n      const result = await hook();\n      if (result === false) return false;\n    }\n    return true;\n  }\n\n  private async runAfterResponseHooks(response: ApiResponse<any>): Promise<void> {\n    for (const hook of this.afterResponseHooks) {\n      await hook(response);\n    }\n  }\n\n  private checkCircuitBreaker(): void {\n    const { recoveryTimeoutMs = 60000 } = this.options;\n    const now = Date.now();\n\n    if (this.circuitBreaker.state === 'open') {\n      if (now - this.circuitBreaker.lastFailureTime >= recoveryTimeoutMs) {\n        this.circuitBreaker.state = 'half-open';\n      } else {\n        throw new CircuitOpenError();\n      }\n    }\n  }\n\n  private recordSuccess(): void {\n    this.circuitBreaker.failures = 0;\n    this.circuitBreaker.state = 'closed';\n  }\n\n  private recordFailure(): void {\n    const { failureThreshold = 5 } = this.options;\n    this.circuitBreaker.failures++;\n    this.circuitBreaker.lastFailureTime = Date.now();\n\n    if (this.circuitBreaker.failures >= failureThreshold) {\n      this.circuitBreaker.state = 'open';\n    }\n  }\n\n  private shouldRetry(error: any, method: string, attempt: number, maxTries: number): boolean {\n    // Only retry on network errors for GET requests\n    const isRetryable =\n      error instanceof NetworkError && method.toUpperCase() === 'GET' && attempt < maxTries;\n\n    // If not retrying, we should still record the failure for circuit breaker\n    if (!isRetryable) {\n      this.recordFailure();\n    }\n\n    return isRetryable;\n  }\n\n  private async retryWithBackoff<T>(\n    attemptFn: () => Promise<T>,\n    shouldRetry: (error: any, attempt: number) => boolean,\n  ): Promise<T> {\n    const {\n      initialDelay = 700,\n      factor = 2,\n      maxDelay = 5000,\n      maxTries = typeof navigator !== 'undefined' && navigator.onLine ? 4 : 11,\n    } = this.options;\n\n    let lastError: any;\n\n    for (let attempt = 1; attempt <= maxTries; attempt++) {\n      try {\n        const result = await attemptFn();\n        this.recordSuccess();\n        return result;\n      } catch (error) {\n        lastError = error;\n\n        if (!shouldRetry(error, attempt)) {\n          // shouldRetry already recorded the failure, so just throw\n          throw error;\n        }\n\n        // This is a retryable error, record failure for circuit breaker\n        this.recordFailure();\n\n        if (attempt < maxTries) {\n          const delay = Math.min(initialDelay * Math.pow(factor, attempt - 1), maxDelay);\n          await new Promise(resolve => setTimeout(resolve, jitteredDelay(delay)));\n        }\n      }\n    }\n\n    throw lastError;\n  }\n\n  async request<T>(init: ApiRequestInit, opts: RequestOptions = {}): Promise<ApiResponse<T>> {\n    const requestInit = { ...init };\n    const { method = 'GET', body } = requestInit;\n\n    requestInit.url = buildUrl({ ...init }, { ...opts });\n    // Check circuit breaker\n    this.checkCircuitBreaker();\n\n    // Run before request hooks\n    const shouldContinue = await this.runBeforeRequestHooks();\n    if (!shouldContinue) {\n      const mockResponse = new Response('{}', {\n        status: 200,\n      }) as ApiResponse<T>;\n      mockResponse.payload = { response: {} as T };\n      await this.runAfterResponseHooks(mockResponse);\n      return mockResponse;\n    }\n\n    const mergedOptions = { ...opts };\n    const { timeoutMs } = mergedOptions;\n\n    // Safari workaround - only use GET/POST\n    const overwrittenRequestMethod = method === 'GET' ? 'GET' : 'POST';\n\n    const url = requestInit.url.toString();\n\n    console.log('Request URL:', url);\n\n    requestInit.headers = new Headers(requestInit.headers);\n\n    // Set the default content type for non-GET requests.\n    if (\n      method !== 'GET' &&\n      !(body instanceof FormData) &&\n      !requestInit.headers.has('content-type')\n    ) {\n      requestInit.headers.set('content-type', 'application/json');\n    }\n\n    if (requestInit.headers.get('content-type') === 'application/x-www-form-urlencoded') {\n      requestInit.body = body\n        ? stringifyQueryParams(body as any as Record<string, string>, {\n            keyEncoder: camelToSnake,\n          })\n        : body;\n    } else if (requestInit.headers.get('content-type') === 'application/json' && body) {\n      requestInit.body = typeof body === 'string' ? body : JSON.stringify(body);\n    }\n\n    const attemptRequest = async (): Promise<ApiResponse<T>> => {\n      const controller = new AbortController();\n      const timeoutId = timeoutMs\n        ? setTimeout(() => {\n            controller.abort();\n          }, timeoutMs)\n        : null;\n\n      let response: Response;\n      const fetchOpts: ApiRequestInit = {\n        ...requestInit,\n        credentials: 'include',\n        method: overwrittenRequestMethod,\n      };\n      try {\n        response = await fetch(url, fetchOpts);\n\n        if (timeoutId) clearTimeout(timeoutId);\n\n        // Parse response\n        let payload: ApiResponseJSON<T> | null = null;\n\n        if (response.status === 204) {\n          payload = null;\n        } else {\n          try {\n            const json = await response.json();\n            payload = json;\n          } catch {\n            // If JSON parsing fails, create default payload\n            payload = { response: {} as T };\n          }\n        }\n\n        const apiResponse = response as ApiResponse<T>;\n        apiResponse.payload = payload;\n\n        // Run after response hooks\n        await this.runAfterResponseHooks(apiResponse);\n\n        return apiResponse;\n      } catch (error: any) {\n        if (timeoutId) clearTimeout(timeoutId);\n\n        if (error.name === 'AbortError') {\n          throw new TimeoutError();\n        }\n\n        throw new NetworkError(url, error);\n      }\n    };\n\n    return this.retryWithBackoff(attemptRequest, (error, attempt) =>\n      this.shouldRetry(\n        error,\n        overwrittenRequestMethod,\n        attempt,\n        mergedOptions.maxTries || (typeof navigator !== 'undefined' && navigator.onLine ? 4 : 11),\n      ),\n    );\n  }\n}\n\nexport const coreApiClient = new CoreApiClient();\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAA8D;AA6CvD,MAAM,qBAAqB,MAAM;AAAA,EACtC,YACS,KACA,UACP;AACA,UAAM,qBAAqB,GAAG,KAAK,SAAS,OAAO,EAAE;AAH9C;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAEO,MAAM,qBAAqB,MAAM;AAAA,EACtC,cAAc;AACZ,UAAM,mBAAmB;AACzB,SAAK,OAAO;AAAA,EACd;AACF;AAEO,MAAM,yBAAyB,MAAM;AAAA,EAC1C,cAAc;AACZ,UAAM,yBAAyB;AAC/B,SAAK,OAAO;AAAA,EACd;AACF;AAEO,MAAM,kBAAkB,MAAM;AAAA,EACnC,YACS,QACA,KACA,MACP;AACA,UAAM,QAAQ,MAAM,cAAc,GAAG,EAAE;AAJhC;AACA;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAUA,SAAS,aAAa,KAAqB;AACzC,SAAO,IAAI,QAAQ,UAAU,YAAU,IAAI,OAAO,YAAY,CAAC,EAAE;AACnE;AAEA,SAAS,cAAc,OAAuB;AAC5C,SAAO,QAAQ,KAAK,OAAO;AAC7B;AAEA,SAAS,SAAS,aAA6B,SAA8B;AAC3E,QAAM,EAAE,KAAK,IAAI;AACjB,QAAM,UAAU,QAAQ;AAExB,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,qBAAqB;AAAA,EACvC;AAGA,QAAM,WAAW,OAAQ,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI,KAAM;AACrE,QAAM,UAAU,QAAQ,QAAQ,OAAO,EAAE,IAAI;AAE7C,aAAO,aAAAA;AAAA,IACL;AAAA,MACE,MAAM;AAAA,MACN,cAAc,YAAY,SAAS,IAAI,gBAAgB,YAAY,MAAM,IAAI;AAAA,IAC/E;AAAA,IACA,EAAE,WAAW,MAAM;AAAA,EACrB;AACF;AAEO,MAAM,cAAc;AAAA,EAUzB,YAAoB,UAA0B,CAAC,GAAG;AAA9B;AAAA,EAA+B;AAAA,EAT3C,iBAAsC;AAAA,IAC5C,UAAU;AAAA,IACV,iBAAiB;AAAA,IACjB,OAAO;AAAA,EACT;AAAA,EAEQ,qBAA0C,CAAC;AAAA,EAC3C,qBAA0C,CAAC;AAAA,EAInD,gBAAgB,MAA+B;AAC7C,SAAK,mBAAmB,KAAK,IAAI;AAAA,EACnC;AAAA,EAEA,gBAAgB,MAA+B;AAC7C,SAAK,mBAAmB,KAAK,IAAI;AAAA,EACnC;AAAA,EAEA,MAAc,wBAA0C;AACtD,eAAW,QAAQ,KAAK,oBAAoB;AAC1C,YAAM,SAAS,MAAM,KAAK;AAC1B,UAAI,WAAW,MAAO,QAAO;AAAA,IAC/B;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,sBAAsB,UAA2C;AAC7E,eAAW,QAAQ,KAAK,oBAAoB;AAC1C,YAAM,KAAK,QAAQ;AAAA,IACrB;AAAA,EACF;AAAA,EAEQ,sBAA4B;AAClC,UAAM,EAAE,oBAAoB,IAAM,IAAI,KAAK;AAC3C,UAAM,MAAM,KAAK,IAAI;AAErB,QAAI,KAAK,eAAe,UAAU,QAAQ;AACxC,UAAI,MAAM,KAAK,eAAe,mBAAmB,mBAAmB;AAClE,aAAK,eAAe,QAAQ;AAAA,MAC9B,OAAO;AACL,cAAM,IAAI,iBAAiB;AAAA,MAC7B;AAAA,IACF;AAAA,EACF;AAAA,EAEQ,gBAAsB;AAC5B,SAAK,eAAe,WAAW;AAC/B,SAAK,eAAe,QAAQ;AAAA,EAC9B;AAAA,EAEQ,gBAAsB;AAC5B,UAAM,EAAE,mBAAmB,EAAE,IAAI,KAAK;AACtC,SAAK,eAAe;AACpB,SAAK,eAAe,kBAAkB,KAAK,IAAI;AAE/C,QAAI,KAAK,eAAe,YAAY,kBAAkB;AACpD,WAAK,eAAe,QAAQ;AAAA,IAC9B;AAAA,EACF;AAAA,EAEQ,YAAY,OAAY,QAAgB,SAAiB,UAA2B;AAE1F,UAAM,cACJ,iBAAiB,gBAAgB,OAAO,YAAY,MAAM,SAAS,UAAU;AAG/E,QAAI,CAAC,aAAa;AAChB,WAAK,cAAc;AAAA,IACrB;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,iBACZ,WACA,aACY;AACZ,UAAM;AAAA,MACJ,eAAe;AAAA,MACf,SAAS;AAAA,MACT,WAAW;AAAA,MACX,WAAW,OAAO,cAAc,eAAe,UAAU,SAAS,IAAI;AAAA,IACxE,IAAI,KAAK;AAET,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,UAAU,WAAW;AACpD,UAAI;AACF,cAAM,SAAS,MAAM,UAAU;AAC/B,aAAK,cAAc;AACnB,eAAO;AAAA,MACT,SAAS,OAAO;AACd,oBAAY;AAEZ,YAAI,CAAC,YAAY,OAAO,OAAO,GAAG;AAEhC,gBAAM;AAAA,QACR;AAGA,aAAK,cAAc;AAEnB,YAAI,UAAU,UAAU;AACtB,gBAAM,QAAQ,KAAK,IAAI,eAAe,KAAK,IAAI,QAAQ,UAAU,CAAC,GAAG,QAAQ;AAC7E,gBAAM,IAAI,QAAQ,aAAW,WAAW,SAAS,cAAc,KAAK,CAAC,CAAC;AAAA,QACxE;AAAA,MACF;AAAA,IACF;AAEA,UAAM;AAAA,EACR;AAAA,EAEA,MAAM,QAAW,MAAsB,OAAuB,CAAC,GAA4B;AACzF,UAAM,cAAc,EAAE,GAAG,KAAK;AAC9B,UAAM,EAAE,SAAS,OAAO,KAAK,IAAI;AAEjC,gBAAY,MAAM,SAAS,EAAE,GAAG,KAAK,GAAG,EAAE,GAAG,KAAK,CAAC;AAEnD,SAAK,oBAAoB;AAGzB,UAAM,iBAAiB,MAAM,KAAK,sBAAsB;AACxD,QAAI,CAAC,gBAAgB;AACnB,YAAM,eAAe,IAAI,SAAS,MAAM;AAAA,QACtC,QAAQ;AAAA,MACV,CAAC;AACD,mBAAa,UAAU,EAAE,UAAU,CAAC,EAAO;AAC3C,YAAM,KAAK,sBAAsB,YAAY;AAC7C,aAAO;AAAA,IACT;AAEA,UAAM,gBAAgB,EAAE,GAAG,KAAK;AAChC,UAAM,EAAE,UAAU,IAAI;AAGtB,UAAM,2BAA2B,WAAW,QAAQ,QAAQ;AAE5D,UAAM,MAAM,YAAY,IAAI,SAAS;AAErC,YAAQ,IAAI,gBAAgB,GAAG;AAE/B,gBAAY,UAAU,IAAI,QAAQ,YAAY,OAAO;AAGrD,QACE,WAAW,SACX,EAAE,gBAAgB,aAClB,CAAC,YAAY,QAAQ,IAAI,cAAc,GACvC;AACA,kBAAY,QAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAC5D;AAEA,QAAI,YAAY,QAAQ,IAAI,cAAc,MAAM,qCAAqC;AACnF,kBAAY,OAAO,WACf,mCAAqB,MAAuC;AAAA,QAC1D,YAAY;AAAA,MACd,CAAC,IACD;AAAA,IACN,WAAW,YAAY,QAAQ,IAAI,cAAc,MAAM,sBAAsB,MAAM;AACjF,kBAAY,OAAO,OAAO,SAAS,WAAW,OAAO,KAAK,UAAU,IAAI;AAAA,IAC1E;AAEA,UAAM,iBAAiB,YAAqC;AAC1D,YAAM,aAAa,IAAI,gBAAgB;AACvC,YAAM,YAAY,YACd,WAAW,MAAM;AACf,mBAAW,MAAM;AAAA,MACnB,GAAG,SAAS,IACZ;AAEJ,UAAI;AACJ,YAAM,YAA4B;AAAA,QAChC,GAAG;AAAA,QACH,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AACA,UAAI;AACF,mBAAW,MAAM,MAAM,KAAK,SAAS;AAErC,YAAI,UAAW,cAAa,SAAS;AAGrC,YAAI,UAAqC;AAEzC,YAAI,SAAS,WAAW,KAAK;AAC3B,oBAAU;AAAA,QACZ,OAAO;AACL,cAAI;AACF,kBAAM,OAAO,MAAM,SAAS,KAAK;AACjC,sBAAU;AAAA,UACZ,QAAQ;AAEN,sBAAU,EAAE,UAAU,CAAC,EAAO;AAAA,UAChC;AAAA,QACF;AAEA,cAAM,cAAc;AACpB,oBAAY,UAAU;AAGtB,cAAM,KAAK,sBAAsB,WAAW;AAE5C,eAAO;AAAA,MACT,SAAS,OAAY;AACnB,YAAI,UAAW,cAAa,SAAS;AAErC,YAAI,MAAM,SAAS,cAAc;AAC/B,gBAAM,IAAI,aAAa;AAAA,QACzB;AAEA,cAAM,IAAI,aAAa,KAAK,KAAK;AAAA,MACnC;AAAA,IACF;AAEA,WAAO,KAAK;AAAA,MAAiB;AAAA,MAAgB,CAAC,OAAO,YACnD,KAAK;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,QACA,cAAc,aAAa,OAAO,cAAc,eAAe,UAAU,SAAS,IAAI;AAAA,MACxF;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,gBAAgB,IAAI,cAAc;","names":["buildUrlUtil"]}

package/dist/cjs/instance/events.js

@@ -0,0 +1,38 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var events_exports = {};
+__export(events_exports, {
+  eventBus: () => eventBus,
+  events: () => events
+});
+module.exports = __toCommonJS(events_exports);
+var import_eventBus = require("@tern-secure/shared/eventBus");
+const events = {
+  UserChanged: "user:userChanged",
+  UserSignOut: "user:userSignOut",
+  SessionChanged: "session:sessionChanged",
+  TokenRefreshed: "token:tokenRefreshed"
+};
+const eventBus = (0, import_eventBus.createEventBus)();
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  eventBus,
+  events
+});
+//# sourceMappingURL=events.js.map

package/dist/cjs/instance/events.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/instance/events.ts"],"sourcesContent":["import { createEventBus } from \"@tern-secure/shared/eventBus\";\nimport type { TernSecureUser } from \"@tern-secure/types\";\nimport type { IdTokenResult } from \"firebase/auth\";\n\nexport const events = {\n  UserChanged: \"user:userChanged\",\n  UserSignOut: \"user:userSignOut\",\n  SessionChanged: \"session:sessionChanged\",\n  TokenRefreshed: \"token:tokenRefreshed\",\n} as const;\n\ntype TokenUpdatePayload = { token: IdTokenResult | null };\n\n\ntype InternalEvents = {\n  [events.UserChanged]: TernSecureUser | null;\n  [events.UserSignOut]: null;\n  [events.SessionChanged]: null;\n  [events.TokenRefreshed]: TokenUpdatePayload;\n};\n\nexport const eventBus = createEventBus<InternalEvents>();\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAA+B;AAIxB,MAAM,SAAS;AAAA,EACpB,aAAa;AAAA,EACb,aAAa;AAAA,EACb,gBAAgB;AAAA,EAChB,gBAAgB;AAClB;AAYO,MAAM,eAAW,gCAA+B;","names":[]}

package/dist/cjs/resources/AuthCookieManager.js

@@ -0,0 +1,89 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var AuthCookieManager_exports = {};
+__export(AuthCookieManager_exports, {
+  AuthCookieManager: () => AuthCookieManager
+});
+module.exports = __toCommonJS(AuthCookieManager_exports);
+var import_cookie = require("@tern-secure/shared/cookie");
+const CSRF_COOKIE_NAME = "_session_terncf";
+const CSRF_COOKIE_OPTIONS = {
+  secure: true,
+  sameSite: "strict",
+  expires: 1 / 24
+  //1 hour
+};
+class AuthCookieManager {
+  csrfCookieHandler = (0, import_cookie.cookieHandler)(CSRF_COOKIE_NAME);
+  constructor() {
+    this.ensureCSRFToken();
+  }
+  generateCSRFToken() {
+    const array = new Uint8Array(32);
+    crypto.getRandomValues(array);
+    return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join("");
+  }
+  ensureCSRFToken() {
+    let ctoken = this.getCSRFToken();
+    if (!ctoken) {
+      ctoken = this.generateCSRFToken();
+      this.setCSRFToken({ token: ctoken });
+    }
+    return ctoken;
+  }
+  /**
+   * Set CSRFcookie
+  */
+  setCSRFToken(token) {
+    try {
+      if (token.token) {
+        this.csrfCookieHandler.set(token.token, CSRF_COOKIE_OPTIONS);
+      }
+    } catch (error) {
+      console.error("Failed to set CSRF token:", error);
+      throw new Error("Unable to store CSRF token");
+    }
+  }
+  /**
+   * Get CSRF token from cookies
+   */
+  getCSRFToken() {
+    try {
+      return this.csrfCookieHandler.get();
+    } catch (error) {
+      console.error("Failed to get CSRF token:", error);
+      return void 0;
+    }
+  }
+  /**
+   * Clear all authentication cookies
+   */
+  clearAuth() {
+    try {
+      this.csrfCookieHandler.remove();
+    } catch (error) {
+      console.error("Failed to clear auth cookies:", error);
+    }
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AuthCookieManager
+});
+//# sourceMappingURL=AuthCookieManager.js.map

package/dist/cjs/resources/AuthCookieManager.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/resources/AuthCookieManager.ts"],"sourcesContent":["import { \n  type CookieAttributes,\n  cookieHandler} from '@tern-secure/shared/cookie';\n\nconst CSRF_COOKIE_NAME = '_session_terncf';\n\ntype CSRFToken = {\n  token: string | null;\n}\n\ntype CookieOptions = CookieAttributes\n\nconst CSRF_COOKIE_OPTIONS: CookieOptions = {\n  secure: true,\n  sameSite: 'strict',\n  expires: 1 / 24 //1 hour\n};\n\n/**\n * AuthCookieManger class for managing authentication state and cookies\n */\nexport class AuthCookieManager {\n  private readonly csrfCookieHandler = cookieHandler(CSRF_COOKIE_NAME);\n\n  constructor() {\n    this.ensureCSRFToken();\n  }\n\n  \n  private generateCSRFToken(): string {\n    const array = new Uint8Array(32);\n    crypto.getRandomValues(array);\n    return Array.from(array, (byte) => byte.toString(16).padStart(2, '0')).join('');\n  }\n\n  private ensureCSRFToken(): string {\n    let ctoken = this.getCSRFToken();\n    if (!ctoken) {\n      ctoken = this.generateCSRFToken();\n      this.setCSRFToken({ token: ctoken });\n    }\n    return ctoken;\n  }\n  \n\n  /**\n   * Set CSRFcookie\n  */\n\n  setCSRFToken(token: CSRFToken): void {\n    try {\n      if (token.token) {\n        this.csrfCookieHandler.set(token.token, CSRF_COOKIE_OPTIONS);\n      }\n    } catch (error) {\n      console.error('Failed to set CSRF token:', error);\n      throw new Error('Unable to store CSRF token');\n    }\n  }\n  \n\n  /**\n   * Get CSRF token from cookies\n   */\n  getCSRFToken(): string | undefined {\n    try {\n      return this.csrfCookieHandler.get();\n    } catch (error) {\n      console.error('Failed to get CSRF token:', error);\n      return undefined;\n    }\n  }\n\n\n  /**\n   * Clear all authentication cookies\n   */\n  clearAuth(): void {\n    try {\n      this.csrfCookieHandler.remove();\n    } catch (error) {\n      console.error('Failed to clear auth cookies:', error);\n    }\n  }\n}"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAEsB;AAEtB,MAAM,mBAAmB;AAQzB,MAAM,sBAAqC;AAAA,EACzC,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,SAAS,IAAI;AAAA;AACf;AAKO,MAAM,kBAAkB;AAAA,EACZ,wBAAoB,6BAAc,gBAAgB;AAAA,EAEnE,cAAc;AACZ,SAAK,gBAAgB;AAAA,EACvB;AAAA,EAGQ,oBAA4B;AAClC,UAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,WAAO,gBAAgB,KAAK;AAC5B,WAAO,MAAM,KAAK,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EAChF;AAAA,EAEQ,kBAA0B;AAChC,QAAI,SAAS,KAAK,aAAa;AAC/B,QAAI,CAAC,QAAQ;AACX,eAAS,KAAK,kBAAkB;AAChC,WAAK,aAAa,EAAE,OAAO,OAAO,CAAC;AAAA,IACrC;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,OAAwB;AACnC,QAAI;AACF,UAAI,MAAM,OAAO;AACf,aAAK,kBAAkB,IAAI,MAAM,OAAO,mBAAmB;AAAA,MAC7D;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,eAAmC;AACjC,QAAI;AACF,aAAO,KAAK,kBAAkB,IAAI;AAAA,IACpC,SAAS,OAAO;AACd,cAAQ,MAAM,6BAA6B,KAAK;AAChD,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,YAAkB;AAChB,QAAI;AACF,WAAK,kBAAkB,OAAO;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,MAAM,iCAAiC,KAAK;AAAA,IACtD;AAAA,EACF;AACF;","names":[]}

package/dist/cjs/resources/Base.js

@@ -0,0 +1,125 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var Base_exports = {};
+__export(Base_exports, {
+  TernSecureBase: () => TernSecureBase
+});
+module.exports = __toCommonJS(Base_exports);
+var import_browser = require("@tern-secure/shared/browser");
+var import_coreApiClient = require("../instance/coreApiClient");
+var import_Error = require("./Error");
+class TernSecureBase {
+  static ternsecure;
+  static get apiUrl() {
+    return TernSecureBase.ternsecure.getApiUrl();
+  }
+  static get authCookieManager() {
+    return this.ternsecure.authCookieManager();
+  }
+  get authCookieManager() {
+    return TernSecureBase.authCookieManager;
+  }
+  /**
+   * Core method to fetch data from API endpoints using coreApiClient
+   * This method handles the complete request lifecycle including error handling
+   */
+  static async fetchFromCoreApi(requestInit) {
+    var _a;
+    if (!TernSecureBase.apiUrl) {
+      throw new Error("API URL is not defined. Make sure TernSecureAuth is properly initialized.");
+    }
+    const apiUrl = this.ternsecure.apiUrl;
+    let apiResponse;
+    try {
+      apiResponse = await import_coreApiClient.coreApiClient.request(requestInit, { apiUrl });
+    } catch (error) {
+      if (!(0, import_browser.isValidBrowserOnline)()) {
+        console.warn(error);
+        return null;
+      }
+      throw error;
+    }
+    const { payload, status, statusText, headers } = apiResponse;
+    if (headers) {
+      const country = headers.get("x-country");
+      this.ternsecure.__internal_setCountry(country ? country.toLowerCase() : null);
+    }
+    if (status >= 200 && status <= 299) {
+      return payload;
+    }
+    if (status >= 400) {
+      const errors = payload == null ? void 0 : payload.errors;
+      const message = (_a = errors == null ? void 0 : errors[0]) == null ? void 0 : _a.message;
+      const apiResponseOptions = {
+        data: errors,
+        status
+      };
+      if (status === 429 && headers) {
+        const retryAfter = headers.get("retry-After");
+        if (retryAfter) {
+          const value = parseInt(retryAfter, 10);
+          if (!isNaN(value)) {
+            apiResponseOptions.retryAfter = value;
+          }
+        }
+      }
+      throw new import_Error.TernSecureAPIResponseError(message || statusText, apiResponseOptions);
+    }
+    return null;
+  }
+  /**
+   * Convenience method for making POST requests
+   */
+  static async basePost(params) {
+    return this.fetchFromCoreApi({ ...params, method: "POST" });
+  }
+  /**
+   * Instance method to fetch data from API endpoints
+   */
+  async fetchFromCoreApi(requestInit) {
+    return TernSecureBase.fetchFromCoreApi(requestInit);
+  }
+  /**
+   * Instance method for making POST requests
+   */
+  async basePost(params) {
+    return TernSecureBase.basePost(params);
+  }
+  /**
+   * Protected instance method for making POST requests with specific path and body
+   * This is designed to be used by child classes like SignIn
+   */
+  async _post(params) {
+    return this.basePost({
+      path: params.path,
+      body: params.body
+    });
+  }
+  static async makeApiRequest(requestInit) {
+    return this.fetchFromCoreApi(requestInit);
+  }
+  async makeApiRequest(requestInit) {
+    return this.fetchFromCoreApi(requestInit);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TernSecureBase
+});
+//# sourceMappingURL=Base.js.map