@tstdl/base 0.93.127 → 0.93.129

package/api/client/client.js

@@ -1,3 +1,4 @@
+import { CancellationToken } from '../../cancellation/index.js';
 import { HttpClient, HttpClientRequest } from '../../http/client/index.js';
 import { bustCache, normalizeSingleHttpValue } from '../../http/index.js';
 import { inject } from '../../injector/inject.js';
@@ -64,8 +65,25 @@ export function compileClient(definition, options = defaultOptions) {
         let resource;
         const hasGet = methods.includes('GET');
         const fallbackMethod = methods.find((method) => method != 'GET') ?? 'GET';
+        const hasParameters = isDefined(endpoint.parameters);
+        const hasBody = isDefined(endpoint.body);
         const apiEndpointFunction = {
-            async [name](parameters, requestBody) {
+            async [name](...args) {
+                let parameters;
+                let requestBody;
+                let requestOptions;
+                if (hasBody) {
+                    parameters = args[0];
+                    requestBody = args[1];
+                    requestOptions = args[2];
+                }
+                else if (hasParameters) {
+                    parameters = args[0];
+                    requestOptions = args[1];
+                }
+                else {
+                    requestOptions = args[0];
+                }
                 resource ??= getFullApiEndpointResource({ api: definition, endpoint, defaultPrefix: options.prefix });
                 const context = { endpoint };
                 const method = (hasGet && isUndefined(parameters)) ? 'GET' : fallbackMethod;
@@ -73,15 +91,15 @@ export function compileClient(definition, options = defaultOptions) {
                     if (isDefined(requestBody)) {
                         throw new Error('Body not supported for Server Sent Events.');
                     }
-                    return getServerSentEvents(this[httpClientSymbol].options.baseUrl, resource, endpoint, parameters);
+                    return getServerSentEvents(this[httpClientSymbol].options.baseUrl, resource, endpoint, parameters, requestOptions);
                 }
                 if (endpoint.result == DataStream) {
                     if (isDefined(requestBody)) {
                         throw new Error('Body not supported for DataStream.');
                     }
-                    return getDataStream(this[httpClientSymbol].options.baseUrl, resource, endpoint, parameters);
+                    return getDataStream(this[httpClientSymbol].options.baseUrl, resource, endpoint, parameters, requestOptions);
                 }
-                if (context.endpoint.data?.[bustCache] == true) {
+                if (context.endpoint.data?.[bustCache] == true || requestOptions?.bustCache == true) {
                     context[bustCache] = true;
                 }
                 const request = new HttpClientRequest({
@@ -90,7 +108,12 @@ export function compileClient(definition, options = defaultOptions) {
                     parameters,
                     body: getRequestBody(requestBody),
                     credentials: (endpoint.credentials == true) ? 'include' : undefined,
-                    context,
+                    context: { ...context, ...requestOptions?.context },
+                    abortSignal: getCancellationSignal(requestOptions?.abortSignal),
+                    timeout: requestOptions?.timeout,
+                    headers: requestOptions?.headers,
+                    authorization: requestOptions?.authorization,
+                    priority: requestOptions?.priority,
                 });
                 const response = await this[httpClientSymbol].rawRequest(request);
                 return await getResponseBody(response, endpoint.result);
@@ -133,11 +156,11 @@ async function getResponseBody(response, schema) {
         : undefined;
     return Schema.parse(schema, body, { mask: true });
 }
-function getDataStream(baseUrl, resource, endpoint, parameters) {
-    const sse = getServerSentEvents(baseUrl, resource, endpoint, parameters);
+function getDataStream(baseUrl, resource, endpoint, parameters, options) {
+    const sse = getServerSentEvents(baseUrl, resource, endpoint, parameters, options);
     return DataStream.parse(sse);
 }
-function getServerSentEvents(baseUrl, resource, endpoint, parameters) {
+function getServerSentEvents(baseUrl, resource, endpoint, parameters, options) {
     const { parsedUrl, parametersRest } = buildUrl(resource, parameters, { arraySeparator: ',' });
     const url = new URL(parsedUrl, baseUrl);
     for (const [parameter, value] of objectEntries(parametersRest)) {
@@ -148,7 +171,20 @@ function getServerSentEvents(baseUrl, resource, endpoint, parameters) {
             url.searchParams.append(parameter, normalizeSingleHttpValue(val));
         }
     }
-    return new ServerSentEvents(url.toString(), { withCredentials: endpoint.credentials });
+    const sse = new ServerSentEvents(url.toString(), { withCredentials: endpoint.credentials });
+    if (isDefined(options?.abortSignal)) {
+        options.abortSignal.addEventListener('abort', () => sse.close(), { once: true });
+    }
+    return sse;
+}
+function getCancellationSignal(signal) {
+    if (isUndefined(signal)) {
+        return undefined;
+    }
+    if (signal instanceof AbortSignal) {
+        return CancellationToken.from(signal).signal;
+    }
+    return signal;
 }
 export function getHttpClientOfApiClient(apiClient) {
     return apiClient[httpClientSymbol];

package/api/client/tests/api-client.test.d.ts

@@ -0,0 +1 @@
+export {};

package/api/client/tests/api-client.test.js

@@ -0,0 +1,194 @@
+import { describe, expect, it, vi } from 'vitest';
+import { CancellationToken } from '../../../cancellation/index.js';
+import { HttpClient } from '../../../http/client/index.js';
+import { bustCache } from '../../../http/index.js';
+import { object } from '../../../schema/index.js';
+import { DataStream } from '../../../sse/data-stream.js';
+import { ServerSentEvents } from '../../../sse/server-sent-events.js';
+import { defineApi } from '../../types.js';
+import { compileClient } from '../client.js';
+describe('ApiClient', () => {
+    it('should pass abortSignal and handle positional arguments', async () => {
+        const apiDefinition = defineApi({
+            resource: 'test',
+            endpoints: {
+                noParams: {
+                    method: 'GET',
+                    resource: 'no-params',
+                },
+                onlyParams: {
+                    method: 'GET',
+                    resource: 'only-params',
+                    parameters: object({
+                        id: String,
+                    }),
+                },
+                paramsAndBody: {
+                    method: 'POST',
+                    resource: 'params-and-body',
+                    parameters: object({
+                        id: String,
+                    }),
+                    body: object({
+                        data: String,
+                    }),
+                },
+            },
+        });
+        const mockHttpClient = Object.assign(Object.create(HttpClient.prototype), {
+            rawRequest: vi.fn().mockResolvedValue({
+                statusCode: 200,
+                hasBody: false,
+                close: vi.fn(),
+            }),
+            options: { baseUrl: 'http://localhost/' },
+        });
+        const Client = compileClient(apiDefinition);
+        const client = new Client(mockHttpClient);
+        const abortController = new AbortController();
+        const cancellationToken = new CancellationToken();
+        // 1. No params
+        await client.noParams({ abortSignal: abortController.signal });
+        expect(mockHttpClient.rawRequest).toHaveBeenLastCalledWith(expect.objectContaining({
+            url: expect.stringContaining('no-params'),
+        }));
+        let lastRequest = mockHttpClient.rawRequest.mock.calls.at(-1)[0];
+        expect(lastRequest.abortSignal.isSet).toBe(false);
+        abortController.abort();
+        expect(lastRequest.abortSignal.isSet).toBe(true);
+        // 2. Only params
+        await client.onlyParams({ id: '123' }, { abortSignal: cancellationToken.abortSignal });
+        expect(mockHttpClient.rawRequest).toHaveBeenLastCalledWith(expect.objectContaining({
+            url: expect.stringContaining('only-params'),
+            parameters: { id: '123' },
+        }));
+        lastRequest = mockHttpClient.rawRequest.mock.calls.at(-1)[0];
+        expect(lastRequest.abortSignal.isSet).toBe(false);
+        cancellationToken.set();
+        expect(lastRequest.abortSignal.isSet).toBe(true);
+        // 3. Params and body
+        const abortController3 = new AbortController();
+        await client.paramsAndBody({ id: '456' }, { data: 'val' }, { abortSignal: abortController3.signal });
+        expect(mockHttpClient.rawRequest).toHaveBeenLastCalledWith(expect.objectContaining({
+            url: expect.stringContaining('params-and-body'),
+            parameters: { id: '456' },
+            body: { json: { data: 'val' } },
+        }));
+        lastRequest = mockHttpClient.rawRequest.mock.calls.at(-1)[0];
+        expect(lastRequest.abortSignal.isSet).toBe(false);
+        abortController3.abort();
+        expect(lastRequest.abortSignal.isSet).toBe(true);
+        // 4. Omitted requestOptions
+        await client.onlyParams({ id: '789' });
+        expect(mockHttpClient.rawRequest).toHaveBeenLastCalledWith(expect.objectContaining({
+            url: expect.stringContaining('only-params'),
+            parameters: { id: '789' },
+        }));
+        lastRequest = mockHttpClient.rawRequest.mock.calls.at(-1)[0];
+        expect(lastRequest.abortSignal.isSet).toBe(false);
+    });
+    it('should handle different HTTP methods', async () => {
+        const apiDefinition = defineApi({
+            resource: 'methods',
+            endpoints: {
+                get: { method: 'GET' },
+                post: { method: 'POST' },
+                put: { method: 'PUT' },
+                patch: { method: 'PATCH' },
+                delete: { method: 'DELETE' },
+            },
+        });
+        const mockHttpClient = Object.assign(Object.create(HttpClient.prototype), {
+            rawRequest: vi.fn().mockResolvedValue({ statusCode: 200, hasBody: false, close: vi.fn() }),
+            options: { baseUrl: 'http://localhost/' },
+        });
+        const Client = compileClient(apiDefinition);
+        const client = new Client(mockHttpClient);
+        await client.get();
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].method).toBe('GET');
+        await client.post();
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].method).toBe('POST');
+        await client.put();
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].method).toBe('PUT');
+        await client.patch();
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].method).toBe('PATCH');
+        await client.delete();
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].method).toBe('DELETE');
+    });
+    it('should handle body types', async () => {
+        const apiDefinition = defineApi({
+            resource: 'body',
+            endpoints: {
+                json: { method: 'POST', body: object({ foo: String }) },
+                text: { method: 'POST', body: String },
+                binary: { method: 'POST', body: Uint8Array },
+            },
+        });
+        const mockHttpClient = Object.assign(Object.create(HttpClient.prototype), {
+            rawRequest: vi.fn().mockResolvedValue({ statusCode: 200, hasBody: false, close: vi.fn() }),
+            options: { baseUrl: 'http://localhost/' },
+        });
+        const Client = compileClient(apiDefinition);
+        const client = new Client(mockHttpClient);
+        await client.json(undefined, { foo: 'bar' });
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].body).toEqual({ json: { foo: 'bar' } });
+        await client.text(undefined, 'hello');
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].body).toEqual({ text: 'hello' });
+        const buffer = new Uint8Array([1, 2, 3]);
+        await client.binary(undefined, buffer);
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].body).toEqual({ binary: buffer });
+    });
+    it('should handle credentials, bustCache and resource methods', async () => {
+        const apiDefinition = defineApi({
+            resource: 'features',
+            endpoints: {
+                withCredentials: { method: 'GET', credentials: true },
+                withBustCache: { method: 'GET', data: { [bustCache]: true } },
+            },
+        });
+        const mockHttpClient = Object.assign(Object.create(HttpClient.prototype), {
+            rawRequest: vi.fn().mockResolvedValue({ statusCode: 200, hasBody: false, close: vi.fn() }),
+            options: { baseUrl: 'http://localhost/' },
+        });
+        const Client = compileClient(apiDefinition);
+        const client = new Client(mockHttpClient);
+        await client.withCredentials();
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].credentials).toBe('include');
+        await client.withBustCache();
+        expect(mockHttpClient.rawRequest.mock.calls.at(-1)[0].context[bustCache]).toBe(true);
+        expect(Client.getEndpointResource('withCredentials')).not.toContain('withCredentials');
+        expect(Client.getEndpointUrl('withCredentials').href).toBe('http://baseurl/api/v1/features');
+        expect(client.getEndpointUrl('withCredentials').href).toBe('http://localhost/api/v1/features');
+    });
+    it('should handle Server Sent Events and DataStream', async () => {
+        const apiDefinition = defineApi({
+            resource: 'sse',
+            endpoints: {
+                events: { method: 'GET', result: ServerSentEvents },
+                stream: { method: 'GET', result: DataStream },
+            },
+        });
+        const mockEventSource = {
+            addEventListener: vi.fn(),
+            removeEventListener: vi.fn(),
+            close: vi.fn(),
+            readyState: 0,
+        };
+        const EventSourceMock = vi.fn().mockImplementation(function () {
+            return mockEventSource;
+        });
+        vi.stubGlobal('EventSource', EventSourceMock);
+        const mockHttpClient = Object.assign(Object.create(HttpClient.prototype), {
+            options: { baseUrl: 'http://localhost/' },
+        });
+        const Client = compileClient(apiDefinition);
+        const client = new Client(mockHttpClient);
+        const sse = await client.events();
+        expect(sse).toBeInstanceOf(ServerSentEvents);
+        expect(EventSourceMock).toHaveBeenCalledWith(expect.stringContaining('sse'), expect.any(Object));
+        const stream = await client.stream();
+        expect(stream).toBeInstanceOf(Object); // It's an Observable
+        expect(EventSourceMock).toHaveBeenCalledWith(expect.stringContaining('sse'), expect.any(Object));
+        vi.unstubAllGlobals();
+    });
+});

package/api/types.d.ts

@@ -1,6 +1,7 @@
 import type { Observable } from 'rxjs';
 import type { Auditor } from '../audit/index.js';
 import type { Token } from '../authentication/index.js';
+import type { HttpHeaders, HttpHeadersObject, HttpRequestAuthorization } from '../http/index.js';
 import type { HttpServerRequest, HttpServerResponse } from '../http/server/index.js';
 import type { HttpMethod } from '../http/types.js';
 import type { SchemaOutput, SchemaTestable } from '../schema/index.js';
@@ -53,7 +54,7 @@ export type ApiEndpointDefinition = {
      *
      * results in
      * ```ts
-     * ${endpoint.rootResource ?? api.ressource}/${endpoint.resource}
+     * ${endpoint.rootResource ?? api.resource}/${endpoint.resource}
      * ```
      * @default name of endpoint property
      */
@@ -118,7 +119,38 @@ export type ApiRequestContext<T extends ApiDefinition = ApiDefinition, K extends
     getAuditor(): Promise<Auditor>;
 };
 export type ApiEndpointServerImplementation<T extends ApiDefinition = ApiDefinition, K extends ApiEndpointKeys<T> = ApiEndpointKeys<T>> = (context: ApiRequestContext<T, K>) => ApiServerResult<T, K> | Promise<ApiServerResult<T, K>>;
-export type ApiEndpointClientImplementation<T extends ApiDefinition = ApiDefinition, K extends ApiEndpointKeys<T> = ApiEndpointKeys<T>> = ApiClientBody<T, K> extends never ? ApiParameters<T, K> extends never ? () => Promise<ApiClientResult<T, K>> : (parameters: ApiParameters<T, K>) => Promise<ApiClientResult<T, K>> : (parameters: ApiParameters<T, K> extends never ? undefined | Record<never, never> : ApiParameters<T, K>, body: ApiClientBody<T, K>) => Promise<ApiClientResult<T, K>>;
+export type ApiClientRequestOptions = {
+    /**
+     * AbortSignal to cancel the request.
+     */
+    abortSignal?: AbortSignal;
+    /**
+     * Request timeout in milliseconds.
+     * @default 30000
+     */
+    timeout?: number;
+    /**
+     * Additional headers to send with the request.
+     */
+    headers?: HttpHeadersObject | HttpHeaders;
+    /**
+     * Can be used to store data for middleware etc.
+     */
+    context?: Record;
+    /**
+     * If true, adds a cache-busting parameter to the request URL.
+     */
+    bustCache?: boolean;
+    /**
+     * Authorization for the request.
+     */
+    authorization?: HttpRequestAuthorization;
+    /**
+     * Fetch priority for the request.
+     */
+    priority?: RequestPriority;
+};
+export type ApiEndpointClientImplementation<T extends ApiDefinition = ApiDefinition, K extends ApiEndpointKeys<T> = ApiEndpointKeys<T>> = ApiClientBody<T, K> extends never ? ApiParameters<T, K> extends never ? (options?: ApiClientRequestOptions) => Promise<ApiClientResult<T, K>> : (parameters: ApiParameters<T, K>, options?: ApiClientRequestOptions) => Promise<ApiClientResult<T, K>> : (parameters: ApiParameters<T, K> extends never ? undefined | Record<never, never> : ApiParameters<T, K>, body: ApiClientBody<T, K>, options?: ApiClientRequestOptions) => Promise<ApiClientResult<T, K>>;
 export type ApiController<T extends ApiDefinition = any> = {
     [P in ApiEndpointKeys<T>]: ApiEndpointServerImplementation<T, P>;
 };
@@ -126,7 +158,7 @@ export type ApiClientImplementation<T extends ApiDefinition = any> = {
     [P in ApiEndpointKeys<T>]: ApiEndpointClientImplementation<T, P>;
 } & {
     getEndpointResource<E extends ApiEndpointKeys<T>>(endpoint: E, parameters?: ApiParameters<T, E>): string;
-    getEndpointUrl<E extends ApiEndpointKeys<T>>(endpoint: E, parameters?: ApiParameters<T, E>): string;
+    getEndpointUrl<E extends ApiEndpointKeys<T>>(endpoint: E, parameters?: ApiParameters<T, E>): URL;
 };
 export declare function defineApi<T extends ApiDefinition>(definition: T): T;
 export declare function resolveApiEndpointDataProvider<T>(request: HttpServerRequest, context: ApiGatewayMiddlewareContext, provider: ApiEndpointDataProvider<T>): Promise<T>;

package/authentication/client/authentication.service.js

@@ -7,7 +7,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-import { Subject, filter, firstValueFrom, map, race, timer } from 'rxjs';
+import { Subject, filter, firstValueFrom, map, race, skip, timer } from 'rxjs';
 import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
 import { BadRequestError } from '../../errors/bad-request.error.js';
 import { ForbiddenError } from '../../errors/forbidden.error.js';
@@ -36,7 +36,6 @@ const impersonatorAuthenticationDataStorageKey = 'AuthenticationService:imperson
 const tokenUpdateBusName = 'AuthenticationService:tokenUpdate';
 const loggedOutBusName = 'AuthenticationService:loggedOut';
 const refreshLockResource = 'AuthenticationService:refresh';
-const refreshBufferSeconds = 15;
 const maxRefreshDelay = 15 * millisecondsPerMinute;
 const lockTimeout = 10000;
 const logoutTimeout = 150;
@@ -377,8 +376,9 @@ let AuthenticationClientService = class AuthenticationClientService {
             await this.syncClock();
         }
         while (this.disposeSignal.isUnset) {
+            const iterationToken = this.token();
             try {
-                const token = this.token();
+                const token = iterationToken;
                 if (isUndefined(token)) {
                     // Wait for login or dispose.
                     // We ignore forceRefreshToken here because we can't refresh without a token.
@@ -387,6 +387,7 @@ let AuthenticationClientService = class AuthenticationClientService {
                 }
                 const now = this.estimatedServerTimestampSeconds();
                 const forceRefresh = this.forceRefreshToken.isSet;
+                const refreshBufferSeconds = calculateRefreshBufferSeconds(token);
                 const needsRefresh = forceRefresh || (now >= (token.exp - refreshBufferSeconds));
                 if (needsRefresh) {
                     let lockAcquired = false;
@@ -394,18 +395,24 @@ let AuthenticationClientService = class AuthenticationClientService {
                         lockAcquired = true;
                         const currentToken = this.token();
                         const currentNow = this.estimatedServerTimestampSeconds();
-                        const stillNeedsRefresh = isDefined(currentToken) && (this.forceRefreshToken.isSet || (currentNow >= (currentToken.exp - refreshBufferSeconds)));
+                        const currentRefreshBufferSeconds = isDefined(currentToken) ? calculateRefreshBufferSeconds(currentToken) : 0;
+                        // Passive Sync: Check if another tab refreshed the token while we were waiting for the lock (or trying to get it)
+                        const stillNeedsRefresh = isDefined(currentToken) && (forceRefresh || (currentNow >= (currentToken.exp - currentRefreshBufferSeconds)));
                         if (stillNeedsRefresh) {
                             await this.refresh();
+                            if (forceRefresh && (this.token() == currentToken)) {
+                                this.forceRefreshToken.unset();
+                            }
+                        }
+                        else if (forceRefresh && (this.token() != currentToken)) {
                             this.forceRefreshToken.unset();
                         }
                     });
                     if (!lockAcquired) {
-                        // Lock held by another instance, wait 5 seconds or until state/token changes.
-                        // We ignore forceRefreshToken here to avoid a busy loop if it is already set.
+                        // Lock held by another instance, wait 5 seconds or until token changes (Passive Sync)
                         const changeReason = await firstValueFrom(race([
                             timer(5000).pipe(map(() => 'timer')),
-                            this.token$.pipe(filter((t) => t !== token), map(() => 'token')),
+                            this.token$.pipe(filter((t) => t != token), map(() => 'token')),
                             this.disposeSignal,
                         ]), { defaultValue: undefined });
                         if (changeReason == 'token') {
@@ -414,7 +421,8 @@ let AuthenticationClientService = class AuthenticationClientService {
                         continue;
                     }
                 }
-                const delay = Math.min(maxRefreshDelay, ((this.token()?.exp ?? 0) - this.estimatedServerTimestampSeconds() - refreshBufferSeconds) * millisecondsPerSecond);
+                const currentRefreshBufferSeconds = calculateRefreshBufferSeconds(token);
+                const delay = Math.min(maxRefreshDelay, ((this.token()?.exp ?? 0) - this.estimatedServerTimestampSeconds() - currentRefreshBufferSeconds) * millisecondsPerSecond);
                 const wakeUpSignals = [
                     this.disposeSignal,
                     this.token$.pipe(filter((t) => t != token)),
@@ -431,9 +439,15 @@ let AuthenticationClientService = class AuthenticationClientService {
             }
             catch (error) {
                 this.logger.error(error);
-                const initialToken = this.token();
-                await firstValueFrom(race([timer(5000), this.disposeSignal, this.token$.pipe(filter((t) => t != initialToken))]), { defaultValue: undefined });
-                await timeout(2500);
+                if (this.token() != iterationToken) {
+                    continue;
+                }
+                await firstValueFrom(race([
+                    timer(2500),
+                    this.disposeSignal.set$,
+                    this.token$.pipe(filter((t) => t != iterationToken)),
+                    this.forceRefreshToken.set$.pipe(skip(this.forceRefreshToken.isSet ? 1 : 0)),
+                ]), { defaultValue: undefined });
             }
         }
     }
@@ -516,3 +530,8 @@ AuthenticationClientService = __decorate([
     __metadata("design:paramtypes", [])
 ], AuthenticationClientService);
 export { AuthenticationClientService };
+function calculateRefreshBufferSeconds(token) {
+    const iat = token.iat ?? (token.exp - 3600);
+    const lifetime = token.exp - iat;
+    return (lifetime * 0.1) + 5;
+}

package/authentication/client/http-client.middleware.js

@@ -1,4 +1,4 @@
-import { firstValueFrom, timeout } from 'rxjs';
+import { firstValueFrom, race, timeout } from 'rxjs';
 import { HttpError } from '../../http/index.js';
 import { isDefined } from '../../utils/type-guards.js';
 import { cacheValueOrAsyncProvider } from '../../utils/value-or-provider.js';
@@ -14,8 +14,15 @@ export function waitForAuthenticationCredentialsMiddleware(authenticationService
         const endpoint = request.context?.endpoint;
         if ((endpoint?.credentials == true) && (endpoint.data?.[dontWaitForValidToken] != true)) {
             const authenticationService = await getAuthenticationService();
-            while (!authenticationService.hasValidToken) {
-                await firstValueFrom(authenticationService.validToken$.pipe(timeout(30000)));
+            while (!authenticationService.hasValidToken && authenticationService.isLoggedIn()) {
+                const race$ = race([
+                    authenticationService.validToken$,
+                    request.abortSignal,
+                ]);
+                await firstValueFrom(race$.pipe(timeout(30000))).catch(() => undefined);
+                if (request.abortSignal.isSet) {
+                    break;
+                }
             }
         }
         await next();

package/authentication/server/authentication.service.d.ts

@@ -65,6 +65,18 @@ export declare class AuthenticationServiceOptions {
      * @default 10 minutes
      */
     secretResetTokenTimeToLive?: number;
+    /**
+     * Number of iterations for password hashing.
+     *
+     * @default 250000
+     */
+    hashIterations?: number;
+    /**
+     * Number of iterations for signing secrets derivation.
+     *
+     * @default 500000
+     */
+    signingSecretsDerivationIterations?: number;
 }
 /**
  * Result of an authentication attempt.

package/authentication/server/authentication.service.js

@@ -63,6 +63,18 @@ export class AuthenticationServiceOptions {
      * @default 10 minutes
      */
     secretResetTokenTimeToLive;
+    /**
+     * Number of iterations for password hashing.
+     *
+     * @default 250000
+     */
+    hashIterations;
+    /**
+     * Number of iterations for signing secrets derivation.
+     *
+     * @default 500000
+     */
+    signingSecretsDerivationIterations;
 }
 const HASH_ITERATIONS = 250000;
 const HASH_LENGTH_BITS = 512;
@@ -747,7 +759,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         const key = await importPbkdf2Key(secret);
         const saltBase64 = await this.#keyValueStore.getOrSet('derivationSalt', encodeBase64(getRandomBytes(SALT_LENGTH)));
         const salt = decodeBase64(saltBase64);
-        const algorithm = { name: 'PBKDF2', hash: 'SHA-512', iterations: SIGNING_SECRETS_DERIVATION_ITERATIONS, salt };
+        const algorithm = { name: 'PBKDF2', hash: 'SHA-512', iterations: this.#options.signingSecretsDerivationIterations ?? SIGNING_SECRETS_DERIVATION_ITERATIONS, salt };
         const [derivedTokenSigningSecret, derivedRefreshTokenSigningSecret, derivedSecretResetTokenSigningSecret] = await deriveBytesMultiple(algorithm, key, 3, SIGNING_SECRETS_LENGTH);
         this.derivedTokenSigningSecret = derivedTokenSigningSecret;
         this.derivedRefreshTokenSigningSecret = derivedRefreshTokenSigningSecret;
@@ -755,7 +767,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
     }
     async getHash(secret, salt) {
         const key = await importPbkdf2Key(secret);
-        const hash = await globalThis.crypto.subtle.deriveBits({ name: 'PBKDF2', hash: 'SHA-512', iterations: HASH_ITERATIONS, salt }, key, HASH_LENGTH_BITS);
+        const hash = await globalThis.crypto.subtle.deriveBits({ name: 'PBKDF2', hash: 'SHA-512', iterations: this.#options.hashIterations ?? HASH_ITERATIONS, salt }, key, HASH_LENGTH_BITS);
         return new Uint8Array(hash);
     }
 };