npm - dhomie-app - Versions diffs - 0.0.1 - Mend

dhomie-app 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,63 @@
+# MicroApp
+This project was generated using [Angular CLI](https://github.com/angular/angular-cli) version 20.3.0.
+## Code scaffolding
+Angular CLI includes powerful code scaffolding tools. To generate a new component, run:
+```bash
+ng generate component component-name
+```
+For a complete list of available schematics (such as `components`, `directives`, or `pipes`), run:
+```bash
+ng generate --help
+```
+## Building
+To build the library, run:
+```bash
+ng build micro-app
+```
+This command will compile your project, and the build artifacts will be placed in the `dist/` directory.
+### Publishing the Library
+Once the project is built, you can publish your library by following these steps:
+1. Navigate to the `dist` directory:
+   ```bash
+   cd dist/micro-app
+   ```
+2. Run the `npm publish` command to publish your library to the npm registry:
+   ```bash
+   npm publish
+   ```
+## Running unit tests
+To execute unit tests with the [Karma](https://karma-runner.github.io) test runner, use the following command:
+```bash
+ng test
+```
+## Running end-to-end tests
+For end-to-end (e2e) testing, run:
+```bash
+ng e2e
+```
+Angular CLI does not come with an end-to-end testing framework by default. You can choose one that suits your needs.
+## Additional Resources
+For more information on using the Angular CLI, including detailed command references, visit the [Angular CLI Overview and Command Reference](https://angular.dev/tools/cli) page.

package/fesm2022/dhomie-app.mjs ADDED Viewed

@@ -0,0 +1,608 @@
+import * as i0 from '@angular/core';
+import { Injectable, inject, Component, DestroyRef, provideEnvironmentInitializer } from '@angular/core';
+import { Router, RouterOutlet } from '@angular/router';
+import { App } from '@capacitor/app';
+import { Browser } from '@capacitor/browser';
+import { Capacitor } from '@capacitor/core';
+import { OAuthService, OAuthStorage, provideOAuthClient } from 'angular-oauth2-oidc';
+const env = {
+  production: true,
+  oidc: {
+    issuer: 'https://auth.dhomie.com',
+    clientId: 'dhomie-micro-client',
+    scope: 'openid profile email offline_access',
+    redirectUri: 'https://app.dhomie.com/micro/callback',
+    mobileRedirectUri: 'com.thehood.app://micro/callback',
+    responseType: 'code',
+    showDebugInformation: false,
+    useSilentRefresh: false,
+  },
+  microApiBaseUrl: 'https://api.dhomie.com/v1',
+};
+import { Preferences } from '@capacitor/preferences';
+import { IonContent, IonSpinner, IonButton, IonButtons, IonHeader, IonItem, IonLabel, IonList, IonTitle, IonToolbar } from '@ionic/angular/standalone';
+import { HttpContextToken, HttpErrorResponse, provideHttpClient, withInterceptors } from '@angular/common/http';
+import { takeUntilDestroyed } from '@angular/core/rxjs-interop';
+import { filter, catchError, throwError, from, switchMap } from 'rxjs';
+/**
+ * Key prefix used for all entries written to @capacitor/preferences.
+ * Exported so StorageHydrationService can filter and strip it.
+ */
+const MICRO_OAUTH_PREF_PREFIX = 'micro_oauth_';
+/**
+ * OAuthStorage implementation for Capacitor apps.
+ *
+ * Two-layer design (required because angular-oauth2-oidc's OAuthStorage interface is synchronous):
+ *
+ *   Layer 1 — RAM Map (sync): satisfies getItem/setItem/removeItem immediately.
+ *   Layer 2 — @capacitor/preferences (async): persists tokens across app restarts.
+ *             Writes are fire-and-forget; reads only happen during explicit hydration.
+ *
+ * The RAM Map is populated at startup by StorageHydrationService.hydrate().
+ * Call hydrate() and await it BEFORE any token check (MicroAuthGuard does this).
+ */
+class CapacitorOAuthStorage {
+    constructor() {
+        this.ram = new Map();
+    }
+    getItem(key) {
+        return this.ram.get(key) ?? null;
+    }
+    setItem(key, data) {
+        this.ram.set(key, data);
+        Preferences.set({ key: MICRO_OAUTH_PREF_PREFIX + key, value: data }).catch(() => { });
+    }
+    removeItem(key) {
+        this.ram.delete(key);
+        Preferences.remove({ key: MICRO_OAUTH_PREF_PREFIX + key }).catch(() => { });
+    }
+    /**
+     * Writes a key→value pair directly into the RAM cache without touching Preferences.
+     * Called exclusively by StorageHydrationService during the hydration phase to avoid
+     * a redundant async write-back of data that was just read from Preferences.
+     */
+    hydrateEntry(key, value) {
+        this.ram.set(key, value);
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: CapacitorOAuthStorage, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: CapacitorOAuthStorage }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: CapacitorOAuthStorage, decorators: [{
+            type: Injectable
+        }] });
+/**
+ * Bridges the async @capacitor/preferences layer and the sync RAM cache in CapacitorOAuthStorage.
+ *
+ * Call hydrate() once before the first token check. All subsequent calls return the same
+ * memoized Promise so concurrent callers (e.g. parallel route guards) await a single read.
+ *
+ * Lifecycle:
+ *   App start → MicroAuthGuard fires → hydrate() → RAM populated → hasValidAccessToken() checked
+ *
+ * hydrate() is NOT called by MicroCallbackComponent (the callback route has no guard).
+ * After tryLoginCodeFlow() the library writes tokens via setItem(), which populates RAM
+ * directly and schedules the async Preferences write in the background.
+ */
+class StorageHydrationService {
+    constructor() {
+        this.storage = inject(CapacitorOAuthStorage);
+        this.hydrated = null;
+    }
+    hydrate() {
+        this.hydrated ??= this.doHydrate();
+        return this.hydrated;
+    }
+    async doHydrate() {
+        const { keys } = await Preferences.keys();
+        await Promise.all(keys
+            .filter((k) => k.startsWith(MICRO_OAUTH_PREF_PREFIX))
+            .map(async (prefixedKey) => {
+            const { value } = await Preferences.get({ key: prefixedKey });
+            if (value !== null) {
+                this.storage.hydrateEntry(prefixedKey.slice(MICRO_OAUTH_PREF_PREFIX.length), value);
+            }
+        }));
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: StorageHydrationService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: StorageHydrationService }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: StorageHydrationService, decorators: [{
+            type: Injectable
+        }] });
+/**
+ * Route guard for all guarded micro-app routes (everything except /micro/callback).
+ *
+ * Sequence (mirrors the frozen auth sequence):
+ *   1. Hydrate RAM cache from @capacitor/preferences — memoized, instant on repeat calls.
+ *   2. hasValidAccessToken() → true: allow navigation immediately.
+ *   3. loadDiscoveryDocument() — skipped when already loaded.
+ *   4a. Native: set mobileRedirectUri, createLoginUrl() (generates + stores PKCE verifier),
+ *               register appUrlOpen listener, Browser.open(), return false.
+ *   4b. Web:    set web redirectUri, initCodeFlow() (redirects window.location.href),
+ *               return false.
+ *
+ * The guard is a plain CanActivateFn — no class, no provideMicroApp() entry needed.
+ * inject() works because Angular runs guards inside the child environment injector.
+ */
+const microAuthGuard = async () => {
+    const oauth = inject(OAuthService);
+    const hydration = inject(StorageHydrationService);
+    const router = inject(Router);
+    // Step 1: populate RAM from persisted storage.
+    await hydration.hydrate();
+    // Step 2: still-valid token → allow.
+    if (oauth.hasValidAccessToken()) {
+        return true;
+    }
+    // Step 3: fetch OIDC discovery document.
+    if (!oauth.discoveryDocumentLoaded) {
+        await oauth.loadDiscoveryDocument();
+    }
+    // Step 4: platform-split login.
+    if (Capacitor.isNativePlatform()) {
+        // Mutate redirectUri so tryLoginCodeFlow() (in MicroCallbackComponent) sends the
+        // correct redirect_uri in the token exchange request — must match what we use here.
+        oauth.redirectUri = env.oidc.mobileRedirectUri;
+        // createLoginUrl() generates a code_verifier, stores it in OAuthStorage (RAM cache),
+        // computes the code_challenge, and returns the full authorization URL.
+        const loginUrl = await oauth.createLoginUrl();
+        // Register the listener BEFORE opening the browser — the auth flow can complete
+        // faster than the next event loop tick on some devices.
+        const handle = await App.addListener('appUrlOpen', async (event) => {
+            await handle.remove();
+            await Browser.close();
+            // Parse query params from the custom-scheme callback URL.
+            // e.g. com.thehood.app://micro/callback?code=abc&state=xyz
+            const callbackUrl = new URL(event.url);
+            const queryParams = {};
+            callbackUrl.searchParams.forEach((value, key) => {
+                queryParams[key] = value;
+            });
+            // Navigate to the callback route with the code + state as query params.
+            // Angular Router updates window.location so tryLoginCodeFlow() can read them.
+            await router.navigate(['/micro/callback'], { queryParams });
+        });
+        await Browser.open({ url: loginUrl });
+        return false;
+    }
+    else {
+        // Web: restore web redirect URI in case a previous native-path call mutated it.
+        oauth.redirectUri = env.oidc.redirectUri;
+        oauth.initCodeFlow();
+        return false;
+    }
+};
+/**
+ * Handles the OAuth 2.0 Authorization Code + PKCE callback.
+ *
+ * This route has NO guard by design — the guard would redirect to login, creating
+ * a redirect loop.  The component completes the token exchange itself.
+ *
+ * Flow:
+ *   Web:    IdP redirects browser to /micro/callback?code=xxx&state=yyy
+ *           Angular Router activates this component; window.location contains the params.
+ *   Native: MicroAuthGuard's appUrlOpen handler calls router.navigate(['/micro/callback'],
+ *           { queryParams: { code, state } }), then this component activates.
+ *           window.location reflects the Angular Router URL so tryLoginCodeFlow() can
+ *           read the same params transparently.
+ *
+ * On success:  navigate to /micro/home (replaceUrl so callback is not in history).
+ * On failure:  navigate to /micro/home anyway — MicroAuthGuard will restart the login.
+ *   Failure reasons include cold-start after OS kill (code_verifier lost from RAM),
+ *   user denying access at the IdP, or a network error during token exchange.
+ */
+class MicroCallbackComponent {
+    constructor() {
+        this.oauth = inject(OAuthService);
+        this.router = inject(Router);
+    }
+    async ngOnInit() {
+        try {
+            // Exchanges the authorization code for tokens.
+            // Reads code + state from window.location (set by Angular Router).
+            // Verifies the state nonce and PKCE code_verifier stored in OAuthStorage (RAM cache).
+            // On success, tokens are written to OAuthStorage → RAM + async @capacitor/preferences.
+            await this.oauth.tryLoginCodeFlow();
+        }
+        catch {
+            // Token exchange failed (cold-start, user denied, network error, etc.).
+            // Navigate to home — MicroAuthGuard will detect no valid token and restart login.
+        }
+        await this.router.navigate(['/micro/home'], { replaceUrl: true });
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroCallbackComponent, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
+    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "20.3.17", type: MicroCallbackComponent, isStandalone: true, selector: "micro-callback", ngImport: i0, template: `
+    <ion-content>
+      <div class="callback-loader">
+        <ion-spinner name="crescent" />
+      </div>
+    </ion-content>
+  `, isInline: true, styles: [".callback-loader{display:flex;align-items:center;justify-content:center;height:100%}\n"], dependencies: [{ kind: "component", type: IonContent, selector: "ion-content", inputs: ["color", "fixedSlotPlacement", "forceOverscroll", "fullscreen", "scrollEvents", "scrollX", "scrollY"] }, { kind: "component", type: IonSpinner, selector: "ion-spinner", inputs: ["color", "duration", "name", "paused"] }] }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroCallbackComponent, decorators: [{
+            type: Component,
+            args: [{ selector: 'micro-callback', standalone: true, imports: [IonContent, IonSpinner], template: `
+    <ion-content>
+      <div class="callback-loader">
+        <ion-spinner name="crescent" />
+      </div>
+    </ion-content>
+  `, styles: [".callback-loader{display:flex;align-items:center;justify-content:center;height:100%}\n"] }]
+        }] });
+class MicroHomeComponent {
+    constructor() {
+        this.oauth = inject(OAuthService);
+        this.router = inject(Router);
+    }
+    get claims() {
+        return this.oauth.getIdentityClaims() ?? null;
+    }
+    async logout() {
+        // logOut(true): clears all tokens from OAuthStorage (CapacitorOAuthStorage.removeItem()
+        // flushes RAM and fires async @capacitor/preferences removal for each token key)
+        // without redirecting to the IdP's end_session_endpoint.
+        this.oauth.logOut(true);
+        // replaceUrl prevents the user navigating back to the logged-in state via back button.
+        // MicroAuthGuard fires on /micro/home → no valid token → restarts login.
+        await this.router.navigate(['/micro/home'], { replaceUrl: true });
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroHomeComponent, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
+    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "17.0.0", version: "20.3.17", type: MicroHomeComponent, isStandalone: true, selector: "micro-home", ngImport: i0, template: `
+    <ion-header [translucent]="true">
+      <ion-toolbar>
+        <ion-title>DHomie</ion-title>
+        <ion-buttons slot="end">
+          <ion-button (click)="logout()">Sign out</ion-button>
+        </ion-buttons>
+      </ion-toolbar>
+    </ion-header>
+    <ion-content [fullscreen]="true">
+      <ion-header collapse="condense">
+        <ion-toolbar>
+          <ion-title size="large">DHomie</ion-title>
+        </ion-toolbar>
+      </ion-header>
+      @if (claims) {
+        <ion-list>
+          <ion-item>
+            <ion-label>
+              <h2>{{ claims['name'] ?? claims['sub'] }}</h2>
+              <p>{{ claims['email'] }}</p>
+            </ion-label>
+          </ion-item>
+        </ion-list>
+      }
+    </ion-content>
+  `, isInline: true, dependencies: [{ kind: "component", type: IonButton, selector: "ion-button", inputs: ["buttonType", "color", "disabled", "download", "expand", "fill", "form", "href", "mode", "rel", "routerAnimation", "routerDirection", "shape", "size", "strong", "target", "type"] }, { kind: "component", type: IonButtons, selector: "ion-buttons", inputs: ["collapse"] }, { kind: "component", type: IonContent, selector: "ion-content", inputs: ["color", "fixedSlotPlacement", "forceOverscroll", "fullscreen", "scrollEvents", "scrollX", "scrollY"] }, { kind: "component", type: IonHeader, selector: "ion-header", inputs: ["collapse", "mode", "translucent"] }, { kind: "component", type: IonItem, selector: "ion-item", inputs: ["button", "color", "detail", "detailIcon", "disabled", "download", "href", "lines", "mode", "rel", "routerAnimation", "routerDirection", "target", "type"] }, { kind: "component", type: IonLabel, selector: "ion-label", inputs: ["color", "mode", "position"] }, { kind: "component", type: IonList, selector: "ion-list", inputs: ["inset", "lines", "mode"] }, { kind: "component", type: IonTitle, selector: "ion-title", inputs: ["color", "size"] }, { kind: "component", type: IonToolbar, selector: "ion-toolbar", inputs: ["color", "mode"] }] }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroHomeComponent, decorators: [{
+            type: Component,
+            args: [{
+                    selector: 'micro-home',
+                    standalone: true,
+                    imports: [
+                        IonButton,
+                        IonButtons,
+                        IonContent,
+                        IonHeader,
+                        IonItem,
+                        IonLabel,
+                        IonList,
+                        IonTitle,
+                        IonToolbar,
+                    ],
+                    template: `
+    <ion-header [translucent]="true">
+      <ion-toolbar>
+        <ion-title>DHomie</ion-title>
+        <ion-buttons slot="end">
+          <ion-button (click)="logout()">Sign out</ion-button>
+        </ion-buttons>
+      </ion-toolbar>
+    </ion-header>
+    <ion-content [fullscreen]="true">
+      <ion-header collapse="condense">
+        <ion-toolbar>
+          <ion-title size="large">DHomie</ion-title>
+        </ion-toolbar>
+      </ion-header>
+      @if (claims) {
+        <ion-list>
+          <ion-item>
+            <ion-label>
+              <h2>{{ claims['name'] ?? claims['sub'] }}</h2>
+              <p>{{ claims['email'] }}</p>
+            </ion-label>
+          </ion-item>
+        </ion-list>
+      }
+    </ion-content>
+  `,
+                }]
+        }] });
+class MicroShellComponent {
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroShellComponent, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
+    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "14.0.0", version: "20.3.17", type: MicroShellComponent, isStandalone: true, selector: "micro-shell", ngImport: i0, template: '<router-outlet />', isInline: true, dependencies: [{ kind: "directive", type: RouterOutlet, selector: "router-outlet", inputs: ["name", "routerOutletData"], outputs: ["activate", "deactivate", "attach", "detach"], exportAs: ["outlet"] }] }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroShellComponent, decorators: [{
+            type: Component,
+            args: [{
+                    selector: 'micro-shell',
+                    standalone: true,
+                    imports: [RouterOutlet],
+                    template: '<router-outlet />',
+                }]
+        }] });
+/** Milliseconds before access token expiry at which a proactive refresh is triggered. */
+const REFRESH_AHEAD_MS = 60_000;
+/**
+ * Schedules proactive access-token refresh so sessions never expire mid-use.
+ *
+ * Why this exists:
+ *   MicroInterceptor already handles reactive 401 recovery (post-expiry), but that causes
+ *   a failed request, a round-trip to the token endpoint, and a retry — visible latency
+ *   for the user.  This service keeps the access token fresh by refreshing it REFRESH_AHEAD_MS
+ *   before it expires, so the interceptor path is never hit during normal operation.
+ *
+ * Lifecycle:
+ *   Constructed eagerly via provideEnvironmentInitializer() so the timer starts as soon as
+ *   the child injector is created — even when the user returns to /micro with an existing
+ *   hydrated session (no token_received event fires in that case).
+ *
+ *   Destroyed with the child EnvironmentInjector (user navigates away from /micro).
+ *   ngOnDestroy cancels any pending timer; takeUntilDestroyed unsubscribes the event stream.
+ *
+ * On refresh failure:
+ *   Clears tokens via logOut() and navigates to /micro/home.
+ *   MicroAuthGuard fires → no valid token → restarts the login flow.
+ */
+class MicroRefreshSchedulerService {
+    constructor() {
+        this.oauth = inject(OAuthService);
+        this.router = inject(Router);
+        this.destroyRef = inject(DestroyRef);
+        this.timerId = null;
+        // Reschedule every time new tokens arrive (initial login or any successful refresh).
+        this.oauth.events
+            .pipe(filter((e) => e.type === 'token_received' || e.type === 'token_refreshed'), takeUntilDestroyed(this.destroyRef))
+            .subscribe(() => this.scheduleRefresh());
+        // Handle the warm-start case: user returns to /micro with tokens already in RAM
+        // (populated by StorageHydrationService).  No token event fires in this case, so
+        // check immediately after construction.
+        if (this.oauth.hasValidAccessToken()) {
+            this.scheduleRefresh();
+        }
+    }
+    ngOnDestroy() {
+        this.clearTimer();
+    }
+    scheduleRefresh() {
+        this.clearTimer();
+        const expiresAt = this.oauth.getAccessTokenExpiration();
+        const delay = expiresAt - Date.now() - REFRESH_AHEAD_MS;
+        if (delay <= 0) {
+            // Token expires within the ahead-window (or already expired) — refresh immediately.
+            this.doRefresh();
+        }
+        else {
+            this.timerId = setTimeout(() => this.doRefresh(), delay);
+        }
+    }
+    doRefresh() {
+        this.clearTimer();
+        this.oauth.refreshToken().catch(() => {
+            // Refresh failed — the refresh token is likely expired or revoked.
+            // logOut(true): clears all tokens from OAuthStorage (RAM + async Preferences.remove())
+            //               without redirecting to the IdP's end_session_endpoint.
+            this.oauth.logOut(true);
+            this.router.navigate(['/micro/home']);
+        });
+    }
+    clearTimer() {
+        if (this.timerId !== null) {
+            clearTimeout(this.timerId);
+            this.timerId = null;
+        }
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroRefreshSchedulerService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroRefreshSchedulerService }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroRefreshSchedulerService, decorators: [{
+            type: Injectable
+        }], ctorParameters: () => [] });
+/**
+ * Serialises concurrent refresh-token grants into a single in-flight Promise.
+ *
+ * Problem: Two or more simultaneous HTTP requests can all receive a 401 response at the
+ * same time (e.g. after an access token silently expires).  Without a lock, each interceptor
+ * invocation would race to call oauth.refreshToken(), resulting in multiple /token requests
+ * and potential "refresh token already used" errors from the IdP.
+ *
+ * Solution: The first caller triggers refreshToken() and caches the Promise.
+ * Every subsequent caller receives the same Promise and waits on it.
+ * The lock is cleared once the grant resolves or rejects, so the next request after
+ * a successful refresh starts with a clean lock.
+ */
+class MicroTokenRefreshService {
+    constructor() {
+        this.oauth = inject(OAuthService);
+        this.refreshLock = null;
+    }
+    refresh() {
+        this.refreshLock ??= this.oauth
+            .refreshToken()
+            .then(() => {
+            this.refreshLock = null;
+        })
+            .catch((err) => {
+            this.refreshLock = null;
+            throw err;
+        });
+        return this.refreshLock;
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroTokenRefreshService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroTokenRefreshService }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.17", ngImport: i0, type: MicroTokenRefreshService, decorators: [{
+            type: Injectable
+        }] });
+/**
+ * Marks an outgoing request as a micro-app API call.
+ *
+ * Usage (inside micro components):
+ *   httpClient.get('/endpoint', { context: new HttpContext().set(IS_MICRO_API, true) })
+ *
+ * Parent interceptors MUST check this token and call next(req) immediately when true,
+ * so they never interfere with micro-app HTTP calls.
+ */
+const IS_MICRO_API = new HttpContextToken(() => false);
+/**
+ * Clones the request with the micro-API base URL prepended (if not already absolute)
+ * and the current Bearer token attached.  No header is added when no token is present
+ * (e.g. before first login — the 401 path will then trigger a refresh attempt).
+ */
+function withBaseUrlAndToken(req, oauth) {
+    const token = oauth.getAccessToken();
+    return req.clone({
+        url: req.url.startsWith('http') ? req.url : env.microApiBaseUrl + req.url,
+        setHeaders: token ? { Authorization: `Bearer ${token}` } : {},
+    });
+}
+/**
+ * Functional HTTP interceptor scoped to the micro-app child injector.
+ *
+ * Routing logic:
+ *   IS_MICRO_API = false  →  pass through unchanged (covers all angular-oauth2-oidc
+ *                             /authorize, /token, /.well-known/* requests)
+ *   IS_MICRO_API = true   →  prepend base URL + attach Bearer, handle 401 with refresh lock
+ *
+ * 401 handling:
+ *   1. Delegate to MicroTokenRefreshService.refresh() — concurrent callers share one Promise.
+ *   2. On success retry the original request once with the new token.
+ *   3. On refresh failure propagate the original 401 error so the caller (guard / component)
+ *      can trigger a new login flow.
+ */
+const microInterceptor = (req, next) => {
+    if (!req.context.get(IS_MICRO_API)) {
+        return next(req);
+    }
+    const oauth = inject(OAuthService);
+    const refreshService = inject(MicroTokenRefreshService);
+    return next(withBaseUrlAndToken(req, oauth)).pipe(catchError((err) => {
+        if (!(err instanceof HttpErrorResponse) || err.status !== 401) {
+            return throwError(() => err);
+        }
+        return from(refreshService.refresh()).pipe(switchMap(() => next(withBaseUrlAndToken(req, oauth))),
+        // Refresh failed: surface the original 401 so Phase-5 guard can restart login.
+        catchError(() => throwError(() => err)));
+    }));
+};
+/**
+ * Builds the AuthConfig from the build-time env file.
+ *
+ * redirectUri is the web callback URL.  MicroAuthGuard overrides it for native
+ * by setting oauth.redirectUri = env.oidc.mobileRedirectUri before calling createLoginUrl().
+ *
+ * useSilentRefresh: false — iframe-based refresh does not work in Capacitor WKWebView.
+ * clearHashAfterLogin: false — Ionic uses path-based routing; no hash to clear.
+ * strictDiscoveryDocumentValidation: false — custom OIDC servers may not expose every
+ *   RFC-mandated endpoint; disabling strict validation avoids startup failures.
+ */
+function buildAuthConfig() {
+    return {
+        issuer: env.oidc.issuer,
+        clientId: env.oidc.clientId,
+        responseType: env.oidc.responseType,
+        scope: env.oidc.scope,
+        redirectUri: env.oidc.redirectUri,
+        useSilentRefresh: false,
+        clearHashAfterLogin: false,
+        showDebugInformation: env.oidc.showDebugInformation,
+        strictDiscoveryDocumentValidation: false,
+    };
+}
+/**
+ * All providers for the micro-app feature.  Registered on the shell route so Angular
+ * creates a child EnvironmentInjector — every provider here is scoped to /micro and
+ * invisible to the parent application.
+ *
+ * Provider order matters for tokens that appear multiple times:
+ *   provideOAuthClient() registers a default OAuthStorage (localStorage).
+ *   Our CapacitorOAuthStorage entries come AFTER and therefore win.
+ */
+function provideMicroApp() {
+    return [
+        // Child-scoped HttpClient with the micro interceptor.
+        // Requests made with this client never reach parent interceptors and vice-versa.
+        provideHttpClient(withInterceptors([microInterceptor])),
+        // angular-oauth2-oidc: provides OAuthService, token validation, event bus, etc.
+        // No resourceServer config — token attachment is handled manually in microInterceptor.
+        provideOAuthClient(),
+        // Run as soon as the child environment injector is created (first /micro navigation).
+        // Two jobs in one callback to avoid a second initializer entry:
+        //   1. Configure OAuthService with OIDC settings from the build-time env file.
+        //   2. Eagerly construct MicroRefreshSchedulerService so its constructor subscribes
+        //      to oauth.events immediately — before any token_received event could fire.
+        provideEnvironmentInitializer(() => {
+            inject(OAuthService).configure(buildAuthConfig());
+            inject(MicroRefreshSchedulerService);
+        }),
+        // Storage layer — must come AFTER provideOAuthClient() to override its localStorage binding.
+        CapacitorOAuthStorage,
+        { provide: OAuthStorage, useExisting: CapacitorOAuthStorage },
+        StorageHydrationService,
+        // Reactive 401 refresh lock — shared across all concurrent interceptor invocations.
+        MicroTokenRefreshService,
+        // Proactive token refresh — schedules refresh REFRESH_AHEAD_MS before expiry.
+        MicroRefreshSchedulerService,
+    ];
+}
+const MICRO_ROUTES = [
+    {
+        path: '',
+        component: MicroShellComponent,
+        // providers creates a child EnvironmentInjector — all micro providers are scoped here
+        // and invisible to the parent application.
+        providers: provideMicroApp(),
+        children: [
+            {
+                // No guard: this route completes the OAuth callback.
+                // Adding a guard here would cause a redirect loop.
+                path: 'callback',
+                component: MicroCallbackComponent,
+            },
+            {
+                path: 'home',
+                component: MicroHomeComponent,
+                canActivate: [microAuthGuard],
+            },
+            {
+                path: '',
+                redirectTo: 'home',
+                pathMatch: 'full',
+            },
+        ],
+    },
+];
+/**
+ * Generated bundle index. Do not edit.
+ */
+export { IS_MICRO_API, MICRO_ROUTES, provideMicroApp };

package/index.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { Routes } from '@angular/router';
+import { Provider, EnvironmentProviders } from '@angular/core';
+import { HttpContextToken } from '@angular/common/http';
+declare const MICRO_ROUTES: Routes;
+/**
+ * All providers for the micro-app feature.  Registered on the shell route so Angular
+ * creates a child EnvironmentInjector — every provider here is scoped to /micro and
+ * invisible to the parent application.
+ *
+ * Provider order matters for tokens that appear multiple times:
+ *   provideOAuthClient() registers a default OAuthStorage (localStorage).
+ *   Our CapacitorOAuthStorage entries come AFTER and therefore win.
+ */
+declare function provideMicroApp(): Array<Provider | EnvironmentProviders>;
+/**
+ * Marks an outgoing request as a micro-app API call.
+ *
+ * Usage (inside micro components):
+ *   httpClient.get('/endpoint', { context: new HttpContext().set(IS_MICRO_API, true) })
+ *
+ * Parent interceptors MUST check this token and call next(req) immediately when true,
+ * so they never interfere with micro-app HTTP calls.
+ */
+declare const IS_MICRO_API: HttpContextToken<boolean>;
+export { IS_MICRO_API, MICRO_ROUTES, provideMicroApp };

package/package.json ADDED Viewed

@@ -0,0 +1,30 @@
+{
+  "name": "dhomie-app",
+  "version": "0.0.1",
+  "peerDependencies": {
+    "@angular/common": "^20.3.0",
+    "@angular/core": "^20.3.0",
+    "@angular/router": "^20.3.0",
+    "@capacitor/app": "^7.0.0",
+    "@capacitor/browser": "^7.0.0",
+    "@capacitor/core": "^7.0.0",
+    "@capacitor/preferences": "^7.0.0",
+    "@ionic/angular": "^8.0.0",
+    "angular-oauth2-oidc": "^20.0.0"
+  },
+  "dependencies": {
+    "tslib": "^2.3.0"
+  },
+  "sideEffects": false,
+  "module": "fesm2022/dhomie-app.mjs",
+  "typings": "index.d.ts",
+  "exports": {
+    "./package.json": {
+      "default": "./package.json"
+    },
+    ".": {
+      "types": "./index.d.ts",
+      "default": "./fesm2022/dhomie-app.mjs"
+    }
+  }
+}