npm - @vaultix.ai/react - Versions diffs - 0.2.0 → 0.2.1 - Mend

@vaultix.ai/react 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -60,6 +60,26 @@ function resolveApiOrigin(key, apiUrlProp) {
     throw new Error("Publishable key has an unreadable API origin payload.");
   }
 }
+var STORAGE_KEY = "vaultix_jwt";
+function storeJwt(jwt) {
+  try {
+    sessionStorage.setItem(STORAGE_KEY, jwt);
+  } catch {
+  }
+}
+function loadJwt() {
+  try {
+    return sessionStorage.getItem(STORAGE_KEY);
+  } catch {
+    return null;
+  }
+}
+function clearJwt() {
+  try {
+    sessionStorage.removeItem(STORAGE_KEY);
+  } catch {
+  }
+}
 var VaultixContext = (0, import_react.createContext)(null);
 function useVaultixContext() {
   const ctx = (0, import_react.useContext)(VaultixContext);
@@ -82,42 +102,89 @@ function VaultixProvider({
   const [user, setUser] = (0, import_react.useState)(null);
   const [session, setSession] = (0, import_react.useState)(null);
   const [organization, setOrganization] = (0, import_react.useState)(null);
+  const jwtRef = (0, import_react.useRef)(null);
   const refreshTimerRef = (0, import_react.useRef)(null);
+  const clearAuth = (0, import_react.useCallback)(() => {
+    jwtRef.current = null;
+    clearJwt();
+    setUser(null);
+    setSession(null);
+    setOrganization(null);
+  }, []);
   const scheduleRefresh = (0, import_react.useCallback)(
     (expiresAt) => {
       if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);
-      const msUntilRefresh = expiresAt * 1e3 - Date.now() - 1e4;
+      const msUntilRefresh = expiresAt * 1e3 - Date.now() - 3e4;
       if (msUntilRefresh <= 0) return;
       refreshTimerRef.current = setTimeout(async () => {
         try {
-          const res = await fetch(`${apiOrigin}/v1/session/refresh`, {
+          const headers = {};
+          if (jwtRef.current) headers["Authorization"] = `Bearer ${jwtRef.current}`;
+          const res = await fetch(`${apiOrigin}/api/v1/session/refresh`, {
             method: "POST",
-            credentials: "include"
+            credentials: jwtRef.current ? "omit" : "include",
+            headers
           });
           if (!res.ok) {
-            setUser(null);
-            setSession(null);
-            setOrganization(null);
+            clearAuth();
             return;
           }
           const data = await res.json();
+          if (data.session_jwt) {
+            jwtRef.current = data.session_jwt;
+            storeJwt(data.session_jwt);
+          }
           setSession(data.session);
           scheduleRefresh(data.session.expiresAt);
         } catch {
         }
       }, msUntilRefresh);
     },
-    [apiOrigin]
+    [apiOrigin, clearAuth]
   );
   (0, import_react.useEffect)(() => {
     let cancelled = false;
     async function hydrate() {
+      let jwt = null;
+      if (typeof window !== "undefined") {
+        const url = new URL(window.location.href);
+        const handshakeToken = url.searchParams.get("__vaultix_handshake");
+        if (handshakeToken) {
+          url.searchParams.delete("__vaultix_handshake");
+          window.history.replaceState({}, "", url.toString());
+          try {
+            const res = await fetch(`${apiOrigin}/api/v1/tokens/exchange`, {
+              method: "POST",
+              headers: { "Content-Type": "application/json" },
+              body: JSON.stringify({ handshake_token: handshakeToken })
+            });
+            if (res.ok) {
+              const data = await res.json();
+              jwt = data.session_jwt;
+              storeJwt(jwt);
+            }
+          } catch {
+          }
+        } else {
+          jwt = loadJwt();
+        }
+        jwtRef.current = jwt;
+      }
       try {
-        const res = await fetch(`${apiOrigin}/v1/me`, {
-          credentials: "include",
-          headers: { "X-Vaultix-Publishable-Key": publishableKey }
+        const headers = {
+          "X-Vaultix-Publishable-Key": publishableKey
+        };
+        if (jwt) headers["Authorization"] = `Bearer ${jwt}`;
+        const res = await fetch(`${apiOrigin}/api/v1/me`, {
+          // Use Bearer token for cross-domain; fall back to cookie for same-domain
+          credentials: jwt ? "omit" : "include",
+          headers
         });
         if (!res.ok) {
+          if (jwt) {
+            clearJwt();
+            jwtRef.current = null;
+          }
           if (!cancelled) setIsLoaded(true);
           return;
         }
@@ -140,19 +207,21 @@ function VaultixProvider({
     };
   }, [apiOrigin, publishableKey, scheduleRefresh]);
   const signOut = (0, import_react.useCallback)(async () => {
+    const jwt = jwtRef.current;
+    clearAuth();
+    if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);
     try {
-      await fetch(`${apiOrigin}/v1/session`, {
+      const headers = {};
+      if (jwt) headers["Authorization"] = `Bearer ${jwt}`;
+      await fetch(`${apiOrigin}/api/v1/session`, {
         method: "DELETE",
-        credentials: "include"
+        credentials: jwt ? "omit" : "include",
+        headers
       });
     } catch {
-    } finally {
-      setUser(null);
-      setSession(null);
-      setOrganization(null);
-      if (afterSignInUrl) window.location.href = afterSignInUrl;
     }
-  }, [apiOrigin, afterSignInUrl]);
+    if (afterSignInUrl) window.location.href = afterSignInUrl;
+  }, [apiOrigin, afterSignInUrl, clearAuth]);
   const value = {
     user,
     session,

package/dist/index.mjs CHANGED Viewed

@@ -28,6 +28,26 @@ function resolveApiOrigin(key, apiUrlProp) {
     throw new Error("Publishable key has an unreadable API origin payload.");
   }
 }
+var STORAGE_KEY = "vaultix_jwt";
+function storeJwt(jwt) {
+  try {
+    sessionStorage.setItem(STORAGE_KEY, jwt);
+  } catch {
+  }
+}
+function loadJwt() {
+  try {
+    return sessionStorage.getItem(STORAGE_KEY);
+  } catch {
+    return null;
+  }
+}
+function clearJwt() {
+  try {
+    sessionStorage.removeItem(STORAGE_KEY);
+  } catch {
+  }
+}
 var VaultixContext = createContext(null);
 function useVaultixContext() {
   const ctx = useContext(VaultixContext);
@@ -50,42 +70,89 @@ function VaultixProvider({
   const [user, setUser] = useState(null);
   const [session, setSession] = useState(null);
   const [organization, setOrganization] = useState(null);
+  const jwtRef = useRef(null);
   const refreshTimerRef = useRef(null);
+  const clearAuth = useCallback(() => {
+    jwtRef.current = null;
+    clearJwt();
+    setUser(null);
+    setSession(null);
+    setOrganization(null);
+  }, []);
   const scheduleRefresh = useCallback(
     (expiresAt) => {
       if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);
-      const msUntilRefresh = expiresAt * 1e3 - Date.now() - 1e4;
+      const msUntilRefresh = expiresAt * 1e3 - Date.now() - 3e4;
       if (msUntilRefresh <= 0) return;
       refreshTimerRef.current = setTimeout(async () => {
         try {
-          const res = await fetch(`${apiOrigin}/v1/session/refresh`, {
+          const headers = {};
+          if (jwtRef.current) headers["Authorization"] = `Bearer ${jwtRef.current}`;
+          const res = await fetch(`${apiOrigin}/api/v1/session/refresh`, {
             method: "POST",
-            credentials: "include"
+            credentials: jwtRef.current ? "omit" : "include",
+            headers
           });
           if (!res.ok) {
-            setUser(null);
-            setSession(null);
-            setOrganization(null);
+            clearAuth();
             return;
           }
           const data = await res.json();
+          if (data.session_jwt) {
+            jwtRef.current = data.session_jwt;
+            storeJwt(data.session_jwt);
+          }
           setSession(data.session);
           scheduleRefresh(data.session.expiresAt);
         } catch {
         }
       }, msUntilRefresh);
     },
-    [apiOrigin]
+    [apiOrigin, clearAuth]
   );
   useEffect(() => {
     let cancelled = false;
     async function hydrate() {
+      let jwt = null;
+      if (typeof window !== "undefined") {
+        const url = new URL(window.location.href);
+        const handshakeToken = url.searchParams.get("__vaultix_handshake");
+        if (handshakeToken) {
+          url.searchParams.delete("__vaultix_handshake");
+          window.history.replaceState({}, "", url.toString());
+          try {
+            const res = await fetch(`${apiOrigin}/api/v1/tokens/exchange`, {
+              method: "POST",
+              headers: { "Content-Type": "application/json" },
+              body: JSON.stringify({ handshake_token: handshakeToken })
+            });
+            if (res.ok) {
+              const data = await res.json();
+              jwt = data.session_jwt;
+              storeJwt(jwt);
+            }
+          } catch {
+          }
+        } else {
+          jwt = loadJwt();
+        }
+        jwtRef.current = jwt;
+      }
       try {
-        const res = await fetch(`${apiOrigin}/v1/me`, {
-          credentials: "include",
-          headers: { "X-Vaultix-Publishable-Key": publishableKey }
+        const headers = {
+          "X-Vaultix-Publishable-Key": publishableKey
+        };
+        if (jwt) headers["Authorization"] = `Bearer ${jwt}`;
+        const res = await fetch(`${apiOrigin}/api/v1/me`, {
+          // Use Bearer token for cross-domain; fall back to cookie for same-domain
+          credentials: jwt ? "omit" : "include",
+          headers
         });
         if (!res.ok) {
+          if (jwt) {
+            clearJwt();
+            jwtRef.current = null;
+          }
           if (!cancelled) setIsLoaded(true);
           return;
         }
@@ -108,19 +175,21 @@ function VaultixProvider({
     };
   }, [apiOrigin, publishableKey, scheduleRefresh]);
   const signOut = useCallback(async () => {
+    const jwt = jwtRef.current;
+    clearAuth();
+    if (refreshTimerRef.current) clearTimeout(refreshTimerRef.current);
     try {
-      await fetch(`${apiOrigin}/v1/session`, {
+      const headers = {};
+      if (jwt) headers["Authorization"] = `Bearer ${jwt}`;
+      await fetch(`${apiOrigin}/api/v1/session`, {
         method: "DELETE",
-        credentials: "include"
+        credentials: jwt ? "omit" : "include",
+        headers
       });
     } catch {
-    } finally {
-      setUser(null);
-      setSession(null);
-      setOrganization(null);
-      if (afterSignInUrl) window.location.href = afterSignInUrl;
     }
-  }, [apiOrigin, afterSignInUrl]);
+    if (afterSignInUrl) window.location.href = afterSignInUrl;
+  }, [apiOrigin, afterSignInUrl, clearAuth]);
   const value = {
     user,
     session,

package/package.json CHANGED Viewed

@@ -1,11 +1,13 @@
 {
   "name": "@vaultix.ai/react",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Vaultix-ID React SDK — drop-in auth components for any React app",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
-  "files": ["dist"],
+  "files": [
+    "dist"
+  ],
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
@@ -41,7 +43,14 @@
     "@testing-library/jest-dom": "^6.0.0",
     "jest-environment-jsdom": "^29.0.0"
   },
-  "keywords": ["auth", "authentication", "react", "vaultix", "oauth", "sdk"],
+  "keywords": [
+    "auth",
+    "authentication",
+    "react",
+    "vaultix",
+    "oauth",
+    "sdk"
+  ],
   "license": "MIT",
   "repository": {
     "type": "git",