npm - @vex-chat/libvex - Versions diffs - 6.1.9 → 6.2.1 - Mend

@vex-chat/libvex 6.1.9 → 6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/Client.d.ts +111 -10
package/dist/Client.d.ts.map +1 -1
package/dist/Client.js +165 -8
package/dist/Client.js.map +1 -1
package/dist/codecs.d.ts +60 -0
package/dist/codecs.d.ts.map +1 -1
package/dist/codecs.js +22 -1
package/dist/codecs.js.map +1 -1
package/dist/index.d.ts +2 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js.map +1 -1
package/dist/transport/websocket.d.ts +31 -0
package/dist/transport/websocket.d.ts.map +1 -1
package/dist/transport/websocket.js +56 -1
package/dist/transport/websocket.js.map +1 -1
package/package.json +3 -3
package/src/Client.ts +322 -19
package/src/codecs.ts +30 -0
package/src/index.ts +2 -1
package/src/transport/websocket.ts +59 -1

package/src/codecs.ts CHANGED Viewed

@@ -21,6 +21,7 @@ import {
     FileSQLSchema,
     InviteSchema,
     KeyBundleSchema,
+    PasskeySchema,
     PermissionSchema,
     ServerSchema,
     UserSchema,
@@ -156,6 +157,35 @@ export const WhoamiCodec = createCodec(
 export const OtkCountCodec = createCodec(z.object({ count: z.number() }));
+// ── Passkey response codecs ────────────────────────────────────────────────
+export const PasskeyCodec = createCodec(PasskeySchema);
+export const PasskeyArrayCodec = createCodec(z.array(PasskeySchema));
+/**
+ * The shape of `/user/:id/passkeys/register/begin` and
+ * `/auth/passkey/begin` responses. `options` is the WebAuthn JSON
+ * the host hands straight to `navigator.credentials.create()` /
+ * `.get()` (via `@simplewebauthn/browser`); we don't validate its
+ * inner shape because both ends of the wire (`@simplewebauthn/server`
+ * on spire, `@simplewebauthn/browser` on the host) already do.
+ */
+export const PasskeyOptionsCodec = createCodec(
+    z.object({
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any -- WebAuthn options shape varies by simplewebauthn version
+        options: z.unknown() as z.ZodType<any>,
+        requestID: z.string(),
+    }),
+);
+export const PasskeyAuthFinishResponseCodec = createCodec(
+    z.object({
+        passkeyID: z.string(),
+        token: z.string(),
+        user: UserSchema,
+    }),
+);
 // ── Helper: decode axios response buffer ────────────────────────────────────
 /**

package/src/index.ts CHANGED Viewed

@@ -23,6 +23,7 @@ export type {
     Message,
     Messages,
     Moderation,
+    Passkeys,
     PendingDeviceApprovalStatus,
     PendingDeviceRegistration,
     PendingDeviceRequest,
@@ -47,4 +48,4 @@ export type {
     UnsavedPreKey,
 } from "./types/index.js";
 // Re-export app-facing types
-export type { Invite } from "@vex-chat/types";
+export type { Invite, Passkey } from "@vex-chat/types";

package/src/transport/websocket.ts CHANGED Viewed

@@ -102,11 +102,69 @@ export class WebSocketAdapter implements WebSocketLike {
         }
     }
+    /**
+     * Forward `data` to the underlying socket if and only if it's
+     * OPEN. Throws `WebSocketNotOpenError` (a typed, named error)
+     * otherwise, so callers can distinguish a teardown race from a
+     * protocol error and either retry on the next socket or drop
+     * the frame.
+     *
+     * Without this guard a transient teardown surfaces as
+     * `DOMException("INVALID_STATE_ERR")` from the platform WebSocket
+     * — opaque, hard to catch by name, and surfaced by React Native
+     * as an unhandled promise rejection (red box / "frozen UI") any
+     * time a `void this.send(...)` callsite (ping / pong / queued
+     * notify reply) is in flight when the close event lands.
+     */
     send(data: Uint8Array) {
-        this.ws.send(new Uint8Array(data));
+        if (this.ws.readyState !== 1) {
+            throw new WebSocketNotOpenError(this.ws.readyState);
+        }
+        try {
+            this.ws.send(new Uint8Array(data));
+        } catch (err: unknown) {
+            // Handles the TOCTOU between the readyState check above
+            // and the actual `ws.send` call. React Native's bridge
+            // can dispatch a `websocketMessage` and a
+            // `websocketClosed` back-to-back in the same JS turn:
+            // our message listener observes readyState=1 because
+            // the close event hasn't been processed yet, but the
+            // underlying WebSocket has already transitioned native-
+            // side and `send` throws INVALID_STATE_ERR.
+            if (
+                err instanceof Error &&
+                /invalid_state|INVALID_STATE_ERR/i.test(err.message)
+            ) {
+                throw new WebSocketNotOpenError(this.ws.readyState);
+            }
+            throw err;
+        }
     }
     terminate() {
         this.ws.close();
     }
 }
+/**
+ * Thrown when `send()` is called on a socket that's not in the OPEN
+ * state. Surfaced as a named, recognisable type so callers can
+ * distinguish "transient teardown race" from a real protocol error
+ * and either drop the frame (pings) or wait for reconnect (real
+ * payloads).
+ *
+ * Replaces the bare `DOMException("INVALID_STATE_ERR")` that the
+ * underlying WebSocket throws — that one is opaque, gets reported
+ * by RN's dev console as a red unhandled rejection, and freezes the
+ * passkey/foreground/network-swap recovery flow because every code
+ * path that voids the resulting promise leaks the rejection.
+ */
+export class WebSocketNotOpenError extends Error {
+    public readonly readyState: number;
+    constructor(readyState: number) {
+        super(`WebSocket is not open (readyState=${readyState.toString()})`);
+        this.name = "WebSocketNotOpenError";
+        this.readyState = readyState;
+    }
+}