@unhingged/vizu-core 0.1.5 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/auto.cjs CHANGED
@@ -379,11 +379,59 @@ var CloudStorageAdapter = class {
379
379
  this.apiUrl = (opts.apiUrl ?? DEFAULT_API_URL).replace(/\/$/, "");
380
380
  this.autoSignIn = opts.autoSignIn !== false;
381
381
  this.onAuthChanged = opts.onAuthChanged;
382
- this.cachedToken = this.readStoredToken();
382
+ const fromHash = this.readHashToken();
383
+ if (fromHash) {
384
+ this.cachedToken = fromHash;
385
+ this.writeStoredToken(fromHash);
386
+ } else {
387
+ this.cachedToken = this.readStoredToken();
388
+ }
383
389
  if (this.cachedToken && !this.isExpired(this.cachedToken)) {
384
390
  this.fireAuthChanged(this.cachedToken);
385
391
  }
386
392
  }
393
+ /**
394
+ * Pull a token out of the URL fragment if /connect just redirected us
395
+ * back here. Strips the fragment on success so the token doesn't sit
396
+ * in browser history or get shared if the user copies the URL.
397
+ *
398
+ * The fragment is base64-encoded JSON with compact keys; see
399
+ * apps/landing/app/connect/RedirectComplete.tsx for the producer side.
400
+ */
401
+ readHashToken() {
402
+ if (typeof window === "undefined") return null;
403
+ const hash = window.location.hash;
404
+ if (!hash || hash.length < 2) return null;
405
+ const params = new URLSearchParams(hash.slice(1));
406
+ const payload = params.get("vizu_auth");
407
+ if (!payload) return null;
408
+ try {
409
+ const json = JSON.parse(atob(payload));
410
+ if (!json.t || !json.e || !json.u || !json.w) return null;
411
+ if (json.w !== this.workspace) return null;
412
+ const stored = {
413
+ token: json.t,
414
+ expiresAt: json.e,
415
+ userId: json.u,
416
+ user: typeof json.n === "string" ? {
417
+ id: json.u,
418
+ name: json.n,
419
+ avatarUrl: typeof json.a === "string" ? json.a : void 0
420
+ } : null
421
+ };
422
+ params.delete("vizu_auth");
423
+ const remaining = params.toString();
424
+ const newHash = remaining ? `#${remaining}` : "";
425
+ try {
426
+ const newUrl = window.location.pathname + window.location.search + newHash;
427
+ window.history.replaceState(null, "", newUrl);
428
+ } catch {
429
+ }
430
+ return stored;
431
+ } catch {
432
+ return null;
433
+ }
434
+ }
387
435
  /**
388
436
  * Open the sign-in popup right now (or no-op if a valid token is
389
437
  * cached). Vizu calls this on enable() so the user signs in BEFORE
@@ -652,12 +700,19 @@ var CloudStorageAdapter = class {
652
700
  `width=${POPUP_WIDTH},height=${POPUP_HEIGHT},left=${left},top=${top},noopener=no,popup=yes`
653
701
  );
654
702
  if (!popup) {
655
- return reject(
656
- makeAuthError(
657
- "popup_blocked",
658
- "Sign-in popup was blocked by the browser. Allow popups for this site and try again."
659
- )
660
- );
703
+ try {
704
+ const returnTo = window.location.href;
705
+ const redirectUrl = this.apiUrl + "/connect?workspace=" + encodeURIComponent(this.workspace) + "&origin=" + encodeURIComponent(hostOrigin) + "&return_to=" + encodeURIComponent(returnTo);
706
+ window.location.assign(redirectUrl);
707
+ return;
708
+ } catch (err) {
709
+ return reject(
710
+ makeAuthError(
711
+ "popup_blocked",
712
+ "Sign-in popup was blocked and redirect fallback failed: " + (err instanceof Error ? err.message : String(err))
713
+ )
714
+ );
715
+ }
661
716
  }
662
717
  let resolved = false;
663
718
  const onMessage = (e) => {
@@ -3151,7 +3206,16 @@ var Vizu = class {
3151
3206
  }
3152
3207
  if (matches(e, this.parsedShortcut)) {
3153
3208
  e.preventDefault();
3209
+ const wasEnabled = this.enabled;
3154
3210
  this.toggle();
3211
+ if (!wasEnabled && this.enabled && this.storage instanceof CloudStorageAdapter) {
3212
+ void this.storage.preflightAuth().catch((err) => {
3213
+ if (err?.code === "auth_canceled" || err?.code === "popup_blocked") return;
3214
+ if (typeof console !== "undefined") {
3215
+ console.warn("[vizu] preflight auth failed:", err);
3216
+ }
3217
+ });
3218
+ }
3155
3219
  }
3156
3220
  };
3157
3221
  /* ===== Reposition on scroll/resize ===== */
@@ -3240,14 +3304,6 @@ var Vizu = class {
3240
3304
  this.enabled = true;
3241
3305
  this.bus.emit("enabled", {});
3242
3306
  this.deferred(() => this.mount());
3243
- if (this.storage instanceof CloudStorageAdapter) {
3244
- void this.storage.preflightAuth().catch((err) => {
3245
- if (err?.code === "auth_canceled" || err?.code === "popup_blocked") return;
3246
- if (typeof console !== "undefined") {
3247
- console.warn("[vizu] preflight auth failed:", err);
3248
- }
3249
- });
3250
- }
3251
3307
  }
3252
3308
  disable() {
3253
3309
  if (!this.enabled) return;