browser-extension-manager 1.3.14 → 1.3.16

package/dist/background.js

@@ -68,6 +68,9 @@ class Manager {
     // Setup auth storage listener (detect sign-out from pages)
     this.setupAuthStorageListener();
 
+    // Restore auth state from storage on startup
+    this.restoreAuthState();
+
     // Setup livereload
     this.setupLiveReload();
 
@@ -120,10 +123,42 @@ class Manager {
       }
     });
 
+    // Listen for runtime messages (from popup, options, pages, etc.)
+    this.extension.runtime.onMessage.addListener((message, _sender, sendResponse) => {
+      // Handle auth ID token requests from other contexts
+      // Other contexts use storage listener to know WHEN to request, this just provides the token
+      if (message.command === 'bxm:getIdToken') {
+        this.handleGetIdToken(sendResponse);
+        return true; // Keep channel open for async response
+      }
+    });
+
     // Log
     this.logger.log('Set up message handlers');
   }
 
+  // Handle ID token request from other contexts
+  // Called when other contexts detect auth state in storage and need a fresh token to sign in
+  async handleGetIdToken(sendResponse) {
+    try {
+      // Check if Firebase auth is initialized and user is signed in
+      if (!this.libraries.firebaseAuth?.currentUser) {
+        this.logger.log('[AUTH] getIdToken: No user signed in');
+        sendResponse({ success: false, error: 'No user signed in' });
+        return;
+      }
+
+      // Get fresh ID token (Firebase auto-refreshes if needed)
+      const idToken = await this.libraries.firebaseAuth.currentUser.getIdToken(true);
+
+      this.logger.log('[AUTH] getIdToken: Providing fresh ID token');
+      sendResponse({ success: true, idToken: idToken });
+    } catch (error) {
+      this.logger.error('[AUTH] getIdToken error:', error.message);
+      sendResponse({ success: false, error: error.message });
+    }
+  }
+
   // Initialize Firebase
   initializeFirebase() {
     // Get Firebase config
@@ -266,6 +301,58 @@ class Manager {
     this.logger.log('[AUTH] Auth storage listener set up');
   }
 
+  // Restore auth state on startup
+  // Firebase Auth persists sessions in IndexedDB - we just need to initialize it
+  // and onAuthStateChanged will fire if there's a persisted session
+  async restoreAuthState() {
+    try {
+      // Check for existing auth state in storage (for logging purposes)
+      const result = await new Promise(resolve =>
+        this.extension.storage.local.get('bxm:authState', resolve)
+      );
+      const authState = result['bxm:authState'];
+
+      // Log existing storage state
+      if (authState) {
+        this.logger.log('[AUTH] Found existing auth state in storage on startup:', {
+          user: authState.user?.email || 'unknown',
+          timestamp: authState.timestamp,
+          age: authState.timestamp ? `${Math.round((Date.now() - authState.timestamp) / 1000 / 60)} minutes ago` : 'unknown',
+        });
+      } else {
+        this.logger.log('[AUTH] No existing auth state found in storage on startup');
+      }
+
+      // Get Firebase config
+      const firebaseConfig = this.config?.firebase?.app?.config;
+      if (!firebaseConfig) {
+        this.logger.log('[AUTH] Firebase config not available, skipping auth restore');
+        return;
+      }
+
+      // Initialize Firebase auth - it will auto-restore from IndexedDB if session exists
+      // onAuthStateChanged (set up in getFirebaseAuth) will fire and sync to storage
+      this.logger.log('[AUTH] Initializing Firebase Auth (will restore persisted session if any)...');
+      const auth = this.getFirebaseAuth();
+
+      // Check if already signed in (Firebase restored from IndexedDB)
+      if (auth.currentUser) {
+        this.logger.log('[AUTH] Firebase restored session from persistence:', auth.currentUser.email);
+      } else {
+        this.logger.log('[AUTH] No persisted Firebase session found');
+
+        // If storage has auth state but Firebase doesn't, storage is stale - clear it
+        if (authState) {
+          this.logger.log('[AUTH] Clearing stale auth state from storage');
+          await this.extension.storage.local.remove('bxm:authState');
+        }
+      }
+
+    } catch (error) {
+      this.logger.error('[AUTH] Error restoring auth state:', error.message);
+    }
+  }
+
   // Get or initialize Firebase auth (reuse existing instance)
   getFirebaseAuth() {
     // Return existing instance if available
@@ -298,19 +385,14 @@ class Manager {
   }
 
   // Handle Firebase auth state changes (source of truth for all contexts)
+  // Syncs user info to storage (NOT tokens - those are requested via messaging)
   async handleAuthStateChange(user) {
     this.logger.log('[AUTH] Auth state changed:', user?.email || 'signed out');
 
     if (user) {
-      // User is signed in - get current stored state to preserve token
-      const result = await new Promise(resolve =>
-        this.extension.storage.local.get('bxm:authState', resolve)
-      );
-      const currentState = result['bxm:authState'] || {};
-
-      // Update auth state with current user info
+      // User is signed in - store user info only (no tokens, they expire)
+      // Other contexts will request fresh ID tokens via bxm:getIdToken message
       const authState = {
-        token: currentState.token, // Preserve existing token
         user: {
           uid: user.uid,
           email: user.email,
@@ -322,7 +404,7 @@ class Manager {
       };
 
       await this.extension.storage.local.set({ 'bxm:authState': authState });
-      this.logger.log('[AUTH] Auth state synced to storage');
+      this.logger.log('[AUTH] Auth state synced to storage (user info only)');
     } else {
       // User is signed out - clear storage
       await this.extension.storage.local.remove('bxm:authState');
@@ -330,7 +412,7 @@ class Manager {
     }
   }
 
-  // Handle auth token from website
+  // Handle auth token from website (custom token from /token page)
   async handleAuthToken(token, tabId, authSourceTabId = null) {
     try {
       // Log
@@ -340,6 +422,8 @@ class Manager {
       const auth = this.getFirebaseAuth();
 
       // Sign in with custom token
+      // Firebase Auth will persist the session - we don't store the custom token (it expires in 1 hour)
+      // Other contexts will request fresh ID tokens via bxm:getIdToken message
       this.logger.log('[AUTH] Calling signInWithCustomToken...');
       const userCredential = await signInWithCustomToken(auth, token);
       const user = userCredential.user;
@@ -347,19 +431,7 @@ class Manager {
       // Log
       this.logger.log('[AUTH] Signed in successfully:', user.email);
 
-      // Save token to storage (user state will be synced by onAuthStateChanged)
-      const result = await new Promise(resolve =>
-        this.extension.storage.local.get('bxm:authState', resolve)
-      );
-      const currentState = result['bxm:authState'] || {};
-
-      await this.extension.storage.local.set({
-        'bxm:authState': {
-          ...currentState,
-          token: token,
-          timestamp: Date.now(),
-        }
-      });
+      // Note: onAuthStateChanged will sync user info to storage automatically
 
       // Close the auth tab
       await this.extension.tabs.remove(tabId);

package/dist/gulp/tasks/publish.js

@@ -320,42 +320,23 @@ async function publishToEdge() {
     'X-ClientID': clientId,
   };
 
-  // Step 1: Try to submit first to check if there's a pending submission
-  // This is faster than uploading first, since upload always succeeds
-  logger.log('[edge] Checking for pending submissions...');
+  // Helper to parse Edge API response (handles empty bodies)
+  async function parseEdgeResponse(response, label) {
+    const text = await response.text();
+    logger.log(`[edge] ${label} - Status: ${response.status}, Body: ${text || '(empty)'}`);
 
-  const publishUrl = `https://api.addons.microsoftedge.microsoft.com/v1/products/${productId}/submissions`;
-  const checkResponse = await fetch(publishUrl, {
-    method: 'POST',
-    headers: {
-      ...edgeHeaders,
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({
-      notes: `Check for pending submission`,
-    }),
-  });
-
-  const checkData = await checkResponse.json().catch(() => null);
-
-  // Log the response for debugging
-  logger.log(`[edge] Submission check response: ${JSON.stringify(checkData)}`);
-
-  // Check if there's a pending submission blocking us
-  if (checkData && checkData.status === 'Failed') {
-    if (checkData.errorCode === 'InProgressSubmission') {
-      throw new Error('Extension already has a pending submission in review. Wait for it to complete before publishing again.');
-    }
-    if (checkData.errorCode === 'UnpublishInProgress') {
-      throw new Error('Extension is being unpublished. Wait for unpublish to complete before publishing.');
+    if (!text) {
+      return { status: response.status, data: null };
     }
-    // If it failed for another reason (like no draft package), that's expected - continue to upload
-    if (checkData.errorCode !== 'NoDraftPackage' && checkData.errorCode !== 'NoPackageToPublish') {
-      logger.log(`[edge] Check failed with: ${checkData.errorCode} - ${checkData.message}`);
+
+    try {
+      return { status: response.status, data: JSON.parse(text) };
+    } catch (e) {
+      return { status: response.status, data: text };
     }
   }
 
-  // Step 2: Upload the package
+  // Step 1: Upload the package first
   logger.log('[edge] Uploading to Microsoft Edge Add-ons...');
 
   const zipBuffer = jetpack.read(PATHS.chromium.zip, 'buffer');
@@ -370,17 +351,16 @@ async function publishToEdge() {
     body: zipBuffer,
   });
 
+  const upload = await parseEdgeResponse(uploadResponse, 'Upload response');
+
   if (!uploadResponse.ok) {
-    const errorText = await uploadResponse.text();
-    throw new Error(`Edge upload error: ${uploadResponse.status} - ${errorText}`);
+    throw new Error(`Edge upload error: ${upload.status} - ${JSON.stringify(upload.data)}`);
   }
 
-  const uploadData = await uploadResponse.json().catch(() => null);
-  logger.log(`[edge] Upload response: ${JSON.stringify(uploadData)}`);
-
   logger.log('[edge] Package uploaded, submitting for review...');
 
-  // Step 3: Submit for review
+  // Step 2: Submit for review - this is where we'll get InProgressSubmission if there's a pending review
+  const publishUrl = `https://api.addons.microsoftedge.microsoft.com/v1/products/${productId}/submissions`;
   const publishResponse = await fetch(publishUrl, {
     method: 'POST',
     headers: {
@@ -392,25 +372,33 @@ async function publishToEdge() {
     }),
   });
 
-  const publishData = await publishResponse.json().catch(() => null);
-
-  // Log the full response
-  logger.log(`[edge] Publish response: ${JSON.stringify(publishData)}`);
+  const publish = await parseEdgeResponse(publishResponse, 'Publish response');
 
-  // Check for HTTP errors
+  // Check for HTTP errors (4xx, 5xx)
   if (!publishResponse.ok) {
-    throw new Error(`Edge publish error: ${publishResponse.status} - ${JSON.stringify(publishData)}`);
-  }
-
-  // Check for API-level failures (HTTP 200 but status: "Failed")
-  if (publishData && publishData.status === 'Failed') {
-    if (publishData.errorCode === 'InProgressSubmission') {
+    // Check if it's a 409 Conflict or similar indicating in-progress submission
+    if (publish.status === 409) {
       throw new Error('Extension already has a pending submission in review. Wait for it to complete before publishing again.');
     }
-    if (publishData.errorCode === 'UnpublishInProgress') {
-      throw new Error('Extension is being unpublished. Wait for unpublish to complete before publishing.');
+    throw new Error(`Edge publish error: ${publish.status} - ${JSON.stringify(publish.data)}`);
+  }
+
+  // Check for API-level failures (HTTP 200/202 but status: "Failed" in body)
+  if (publish.data && typeof publish.data === 'object') {
+    if (publish.data.status === 'Failed') {
+      if (publish.data.errorCode === 'InProgressSubmission') {
+        throw new Error('Extension already has a pending submission in review. Wait for it to complete before publishing again.');
+      }
+      if (publish.data.errorCode === 'UnpublishInProgress') {
+        throw new Error('Extension is being unpublished. Wait for unpublish to complete before publishing.');
+      }
+      throw new Error(`Edge publish failed: ${publish.data.message || publish.data.errorCode || 'Unknown error'}`);
     }
-    throw new Error(`Edge publish failed: ${publishData.message || publishData.errorCode || 'Unknown error'}`);
+  }
+
+  // HTTP 202 Accepted means submission was queued successfully
+  if (publish.status === 202) {
+    logger.log('[edge] Submission accepted and queued for review');
   }
 
   logger.log('[edge] Upload complete');

package/dist/lib/auth-helpers.js

@@ -1,36 +1,59 @@
 // Auth helpers for cross-context auth sync in browser extensions
 // Used by popup.js, options.js, sidepanel.js, page.js
+//
+// Architecture:
+// - Background.js is the source of truth for Firebase Auth (persists in IndexedDB)
+// - Storage (bxm:authState): Contains user info only, used for UI updates and signaling auth changes
+// - Messages (bxm:getIdToken): Request fresh ID token from background.js when needed
+//
+// Flow:
+// 1. Storage listener detects auth state change (user signed in/out)
+// 2. If signed in, request fresh ID token from background.js via message
+// 3. Sign in local Firebase with the ID token using signInWithCustomToken workaround
 
 /**
- * Sign in with custom token from storage
+ * Request fresh ID token from background.js
+ * The ID token can be used for authenticated API calls
  * @param {Object} context - The manager instance
- * @param {Object} authState - Auth state with token
+ * @returns {Promise<string|null>} The ID token or null if not signed in
  */
-async function signInWithStoredToken(context, authState) {
-  const { webManager, logger } = context;
-
-  // Skip if no token
-  if (!authState?.token) {
-    logger.log('[AUTH-SYNC] No token in auth state, skipping sign in');
-    return;
-  }
+export async function getIdToken(context) {
+  const { extension, logger } = context;
 
   try {
-    logger.log('[AUTH-SYNC] Signing in with stored token...');
+    logger.log('[AUTH-SYNC] Requesting fresh ID token from background...');
 
-    // Sign in using webManager's auth which initializes Firebase
-    await webManager.auth().signInWithCustomToken(authState.token);
+    // Request fresh ID token from background.js
+    const response = await new Promise((resolve) => {
+      extension.runtime.sendMessage({ command: 'bxm:getIdToken' }, resolve);
+    });
 
-    logger.log('[AUTH-SYNC] Signed in successfully:', authState.user?.email);
+    // Check response
+    if (!response?.success) {
+      logger.log('[AUTH-SYNC] Failed to get ID token:', response?.error || 'Unknown error');
+      return null;
+    }
+
+    logger.log('[AUTH-SYNC] Got fresh ID token from background');
+    return response.idToken;
   } catch (error) {
-    // Token may have expired, clear it
-    logger.error('[AUTH-SYNC] Error signing in with token:', error.message);
+    logger.error('[AUTH-SYNC] Error getting ID token:', error.message);
+    return null;
+  }
+}
 
-    // If token is invalid/expired, clear the auth state
-    if (error.code === 'auth/invalid-custom-token' || error.code === 'auth/custom-token-expired') {
-      logger.log('[AUTH-SYNC] Token expired, clearing auth state');
-      context.extension.storage.local.remove('bxm:authState');
-    }
+/**
+ * Sync auth state from background.js
+ * Fetches fresh ID token and stores for API calls
+ * @param {Object} context - The manager instance
+ */
+async function syncAuthFromBackground(context) {
+  const idToken = await getIdToken(context);
+
+  if (idToken) {
+    // Store on context for API calls
+    context._idToken = idToken;
+    context.logger.log('[AUTH-SYNC] ID token synced and stored');
   }
 }
 
@@ -42,13 +65,14 @@ async function signInWithStoredToken(context, authState) {
 export function setupAuthStorageListener(context) {
   const { extension, webManager, logger } = context;
 
-  // Check existing auth state on load and sign in
+  // Check existing auth state on load
   extension.storage.local.get('bxm:authState', (result) => {
     const authState = result['bxm:authState'];
 
-    if (authState?.token) {
-      logger.log('[AUTH-SYNC] Found existing auth state, signing in...', authState.user?.email);
-      signInWithStoredToken(context, authState);
+    if (authState?.user) {
+      logger.log('[AUTH-SYNC] Found existing auth state on load:', authState.user?.email);
+      // Request fresh ID token from background for any API calls
+      syncAuthFromBackground(context);
     }
   });
 
@@ -63,7 +87,6 @@ export function setupAuthStorageListener(context) {
   });
 
   // Listen for storage changes from background.js
-  // Note: BEM normalizes storage to sync or local, so we listen to all areas
   extension.storage.onChanged.addListener((changes) => {
     // Check for auth state change
     const authChange = changes['bxm:authState'];
@@ -80,13 +103,14 @@ export function setupAuthStorageListener(context) {
     // If auth state was cleared (signed out)
     if (!newAuthState) {
       logger.log('[AUTH-SYNC] Auth state cleared, signing out...');
+      context._idToken = null;
       webManager.auth().signOut();
       return;
     }
 
-    // Sign in with the new token
-    if (newAuthState?.token) {
-      signInWithStoredToken(context, newAuthState);
+    // User signed in - request fresh ID token from background
+    if (newAuthState?.user) {
+      syncAuthFromBackground(context);
     }
   });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "browser-extension-manager",
-  "version": "1.3.14",
+  "version": "1.3.16",
   "description": "Browser Extension Manager dependency manager",
   "main": "dist/index.js",
   "exports": {