npm - fetchguard - Versions diffs - 1.6.3 → 2.1.0 - Mend

fetchguard 1.6.3 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/worker.js CHANGED Viewed

@@ -18,7 +18,8 @@ var MSG = Object.freeze({
   AUTH_STATE_CHANGED: "AUTH_STATE_CHANGED",
   AUTH_CALL_RESULT: "AUTH_CALL_RESULT",
   FETCH_RESULT: "FETCH_RESULT",
-  FETCH_ERROR: "FETCH_ERROR"
+  FETCH_ERROR: "FETCH_ERROR",
+  TOKEN_REFRESHED: "TOKEN_REFRESHED"
 });
 // src/constants.ts
@@ -26,33 +27,67 @@ var DEFAULT_REFRESH_EARLY_MS = 6e4;
 // src/errors.ts
 import { defineError, defineErrorAdvanced } from "ts-micro-result";
+// src/error-codes.ts
+var ERROR_CODES = {
+  // General
+  UNEXPECTED: "UNEXPECTED",
+  UNKNOWN_MESSAGE: "UNKNOWN_MESSAGE",
+  RESULT_PARSE_ERROR: "RESULT_PARSE_ERROR",
+  // Init
+  INIT_ERROR: "INIT_ERROR",
+  PROVIDER_INIT_FAILED: "PROVIDER_INIT_FAILED",
+  INIT_FAILED: "INIT_FAILED",
+  // Auth
+  TOKEN_REFRESH_FAILED: "TOKEN_REFRESH_FAILED",
+  TOKEN_EXCHANGE_FAILED: "TOKEN_EXCHANGE_FAILED",
+  LOGIN_FAILED: "LOGIN_FAILED",
+  LOGOUT_FAILED: "LOGOUT_FAILED",
+  NOT_AUTHENTICATED: "NOT_AUTHENTICATED",
+  // Domain
+  DOMAIN_NOT_ALLOWED: "DOMAIN_NOT_ALLOWED",
+  // Request
+  NETWORK_ERROR: "NETWORK_ERROR",
+  REQUEST_CANCELLED: "REQUEST_CANCELLED",
+  HTTP_ERROR: "HTTP_ERROR",
+  RESPONSE_PARSE_FAILED: "RESPONSE_PARSE_FAILED",
+  QUEUE_FULL: "QUEUE_FULL",
+  REQUEST_TIMEOUT: "REQUEST_TIMEOUT"
+};
+// src/errors.ts
 var GeneralErrors = {
-  Unexpected: defineError("UNEXPECTED", "Unexpected error", 500),
-  UnknownMessage: defineError("UNKNOWN_MESSAGE", "Unknown message type", 400),
-  ResultParse: defineError("RESULT_PARSE_ERROR", "Failed to parse result", 500)
+  Unexpected: defineError(ERROR_CODES.UNEXPECTED, "Unexpected error"),
+  UnknownMessage: defineError(ERROR_CODES.UNKNOWN_MESSAGE, "Unknown message type"),
+  ResultParse: defineError(ERROR_CODES.RESULT_PARSE_ERROR, "Failed to parse result")
 };
 var InitErrors = {
-  NotInitialized: defineError("INIT_ERROR", "Worker not initialized", 500),
-  ProviderInitFailed: defineError("PROVIDER_INIT_FAILED", "Failed to initialize provider", 500),
-  InitFailed: defineError("INIT_FAILED", "Initialization failed", 500)
+  NotInitialized: defineError(ERROR_CODES.INIT_ERROR, "Worker not initialized"),
+  ProviderInitFailed: defineError(ERROR_CODES.PROVIDER_INIT_FAILED, "Failed to initialize provider"),
+  InitFailed: defineError(ERROR_CODES.INIT_FAILED, "Initialization failed")
 };
 var AuthErrors = {
-  TokenRefreshFailed: defineError("TOKEN_REFRESH_FAILED", "Token refresh failed", 401),
-  LoginFailed: defineError("LOGIN_FAILED", "Login failed", 401),
-  LogoutFailed: defineError("LOGOUT_FAILED", "Logout failed", 500),
-  NotAuthenticated: defineError("NOT_AUTHENTICATED", "User is not authenticated", 401)
+  TokenRefreshFailed: defineError(ERROR_CODES.TOKEN_REFRESH_FAILED, "Token refresh failed"),
+  TokenExchangeFailed: defineError(ERROR_CODES.TOKEN_EXCHANGE_FAILED, "Token exchange failed"),
+  LoginFailed: defineError(ERROR_CODES.LOGIN_FAILED, "Login failed"),
+  LogoutFailed: defineError(ERROR_CODES.LOGOUT_FAILED, "Logout failed"),
+  NotAuthenticated: defineError(ERROR_CODES.NOT_AUTHENTICATED, "User is not authenticated")
 };
 var DomainErrors = {
-  NotAllowed: defineErrorAdvanced("DOMAIN_NOT_ALLOWED", "Domain not allowed: {url}", 403)
+  NotAllowed: defineErrorAdvanced(ERROR_CODES.DOMAIN_NOT_ALLOWED, "Domain not allowed: {url}")
 };
 var RequestErrors = {
   // Network errors (connection failed, no response)
-  NetworkError: defineError("NETWORK_ERROR", "Network error", 500),
-  Cancelled: defineError("REQUEST_CANCELLED", "Request was cancelled", 499),
+  NetworkError: defineError(ERROR_CODES.NETWORK_ERROR, "Network error"),
+  Cancelled: defineError(ERROR_CODES.REQUEST_CANCELLED, "Request was cancelled"),
   // HTTP errors (server responded with error status)
-  HttpError: defineErrorAdvanced("HTTP_ERROR", "HTTP {status} error", 500),
+  HttpError: defineErrorAdvanced(ERROR_CODES.HTTP_ERROR, "HTTP {status} error"),
   // Response parsing errors
-  ResponseParseFailed: defineError("RESPONSE_PARSE_FAILED", "Failed to parse response body", 500)
+  ResponseParseFailed: defineError(ERROR_CODES.RESPONSE_PARSE_FAILED, "Failed to parse response body"),
+  // Queue errors
+  QueueFull: defineErrorAdvanced(ERROR_CODES.QUEUE_FULL, "Request queue full ({size}/{maxSize})"),
+  // Timeout errors
+  Timeout: defineError(ERROR_CODES.REQUEST_TIMEOUT, "Request timed out")
 };
 // src/worker-post.ts
@@ -61,17 +96,19 @@ function post(message) {
   self.postMessage(message);
 }
 function sendError(id, result) {
-  post({
-    type: MSG.ERROR,
-    id,
-    payload: { errors: result.errors, meta: result.meta, status: result.status }
-  });
+  if (!result.ok) {
+    post({
+      type: MSG.ERROR,
+      id,
+      payload: { errors: result.errors, meta: result.meta }
+    });
+  }
 }
-function sendFetchResult(id, response) {
+function sendFetchResult(id, envelope) {
   post({
     type: MSG.FETCH_RESULT,
     id,
-    payload: response
+    payload: envelope
   });
 }
 function sendFetchError(id, error, status) {
@@ -115,6 +152,13 @@ function sendAuthCallResult(id, authResult) {
     payload: authResult
   });
 }
+function sendTokenRefreshed(reason) {
+  post({
+    type: MSG.TOKEN_REFRESHED,
+    id: `evt_${Date.now()}`,
+    payload: { reason }
+  });
+}
 // src/utils/registry.ts
 var registry = /* @__PURE__ */ new Map();
@@ -139,7 +183,7 @@ function createProvider(config) {
         const response = await config.strategy.refresh(currentRefreshToken);
         if (!response.ok) {
           const body = await response.text().catch(() => "");
-          return err(AuthErrors.TokenRefreshFailed(), { body }, response.status);
+          return err(AuthErrors.TokenRefreshFailed(), { params: { body, status: response.status } });
         }
         const tokenInfo = await config.parser.parse(response);
         if (!tokenInfo.token) {
@@ -158,7 +202,7 @@ function createProvider(config) {
         const response = await config.strategy.login(payload, url);
         if (!response.ok) {
           const body = await response.text().catch(() => "");
-          return err(AuthErrors.LoginFailed(), { body }, response.status);
+          return err(AuthErrors.LoginFailed(), { params: { body, status: response.status } });
         }
         const tokenInfo = await config.parser.parse(response);
         if (!tokenInfo.token) {
@@ -177,7 +221,7 @@ function createProvider(config) {
         const response = await config.strategy.logout(payload);
         if (!response.ok) {
           const body = await response.text().catch(() => "");
-          return err(AuthErrors.LogoutFailed(), { body }, response.status);
+          return err(AuthErrors.LogoutFailed(), { params: { body, status: response.status } });
         }
         if (config.refreshStorage) {
           await config.refreshStorage.set(null);
@@ -192,6 +236,37 @@ function createProvider(config) {
       } catch (error) {
         return err(RequestErrors.NetworkError({ message: String(error) }));
       }
+    },
+    async exchangeToken(accessToken, url, options = {}) {
+      const { method = "POST", payload } = options;
+      if (!accessToken) {
+        return err(AuthErrors.NotAuthenticated());
+      }
+      try {
+        const response = await fetch(url, {
+          method,
+          headers: {
+            "Content-Type": "application/json",
+            "Authorization": `Bearer ${accessToken}`
+          },
+          body: payload ? JSON.stringify(payload) : void 0,
+          credentials: "include"
+        });
+        if (!response.ok) {
+          const body = await response.text().catch(() => "");
+          return err(AuthErrors.TokenExchangeFailed(), { params: { body, status: response.status } });
+        }
+        const tokenInfo = await config.parser.parse(response);
+        if (!tokenInfo.token) {
+          return err(AuthErrors.TokenExchangeFailed({ message: "No access token in response" }));
+        }
+        if (config.refreshStorage && tokenInfo.refreshToken) {
+          await config.refreshStorage.set(tokenInfo.refreshToken);
+        }
+        return ok(tokenInfo);
+      } catch (error) {
+        return err(RequestErrors.NetworkError({ message: String(error) }));
+      }
     }
   };
   if (config.customMethods) {
@@ -204,7 +279,13 @@ function createProvider(config) {
 }
 // src/provider/storage/indexeddb.ts
-function createIndexedDBStorage(dbName = "FetchGuardDB", refreshTokenKey = "refreshToken") {
+function createIndexedDBStorage(options = "FetchGuardDB", legacyRefreshTokenKey) {
+  const config = typeof options === "string" ? { dbName: options, refreshTokenKey: legacyRefreshTokenKey ?? "refreshToken", onError: void 0 } : {
+    dbName: options.dbName ?? "FetchGuardDB",
+    refreshTokenKey: options.refreshTokenKey ?? "refreshToken",
+    onError: options.onError
+  };
+  const { dbName, refreshTokenKey, onError } = config;
   const storeName = "tokens";
   const openDB = () => {
     return new Promise((resolve, reject) => {
@@ -235,7 +316,7 @@ function createIndexedDBStorage(dbName = "FetchGuardDB", refreshTokenKey = "refr
         const result = await promisifyRequest(store.get(refreshTokenKey));
         return result?.value || null;
       } catch (error) {
-        console.warn("Failed to get refresh token from IndexedDB:", error);
+        onError?.(error, "get");
         return null;
       }
     },
@@ -250,7 +331,7 @@ function createIndexedDBStorage(dbName = "FetchGuardDB", refreshTokenKey = "refr
           await promisifyRequest(store.delete(refreshTokenKey));
         }
       } catch (error) {
-        console.warn("Failed to save refresh token to IndexedDB:", error);
+        onError?.(error, token ? "set" : "delete");
       }
     }
   };
@@ -424,8 +505,7 @@ function deserializeFormData(serialized) {
     if (typeof value === "string") {
       formData.append(key, value);
     } else {
-      const uint8Array = new Uint8Array(value.data);
-      const file = new File([uint8Array], value.name, { type: value.type });
+      const file = new File([value.buffer], value.name, { type: value.type });
       formData.append(key, file);
     }
   }
@@ -465,16 +545,33 @@ function isBinaryContentType(contentType) {
   let currentUser;
   const pendingControllers = /* @__PURE__ */ new Map();
   let refreshPromise = null;
+  let authPromise = null;
+  async function withAuthMutex(operation) {
+    if (authPromise) {
+      try {
+        await authPromise;
+      } catch {
+      }
+    }
+    const promise = operation();
+    authPromise = promise;
+    try {
+      return await promise;
+    } finally {
+      authPromise = null;
+    }
+  }
   async function ensureValidToken() {
     if (!provider) {
       return err2(InitErrors.NotInitialized());
     }
-    if (accessToken && expiresAt) {
-      const refreshEarlyMs = config?.refreshEarlyMs ?? DEFAULT_REFRESH_EARLY_MS;
-      const timeLeft = expiresAt - Date.now();
-      if (timeLeft > refreshEarlyMs) {
-        return ok2(accessToken);
-      }
+    const refreshEarlyMs = config?.refreshEarlyMs ?? DEFAULT_REFRESH_EARLY_MS;
+    const now = Date.now();
+    const timeLeft = expiresAt ? expiresAt - now : 0;
+    const isExpired = !accessToken || !expiresAt || timeLeft <= 0;
+    const isProactive = !isExpired && timeLeft <= refreshEarlyMs;
+    if (accessToken && expiresAt && timeLeft > refreshEarlyMs) {
+      return ok2(accessToken);
     }
     if (refreshPromise) {
       const result = await refreshPromise;
@@ -486,7 +583,7 @@ function isBinaryContentType(contentType) {
           return err2(InitErrors.NotInitialized());
         }
         const valueRes = await provider.refreshToken(refreshToken);
-        if (valueRes.isError()) {
+        if (!valueRes.ok) {
           setTokenState({ token: null, expiresAt: null, user: void 0, refreshToken: void 0 });
           return err2(valueRes.errors);
         }
@@ -498,6 +595,7 @@ function isBinaryContentType(contentType) {
         if (!accessToken) {
           return err2(AuthErrors.TokenRefreshFailed({ message: "Access token is null after refresh" }));
         }
+        sendTokenRefreshed(isProactive ? "proactive" : "expired");
         return ok2(accessToken);
       } finally {
         refreshPromise = null;
@@ -557,7 +655,7 @@ function isBinaryContentType(contentType) {
     }
     if (requiresAuth) {
       const tokenRes = await ensureValidToken();
-      if (tokenRes.isError()) {
+      if (!tokenRes.ok) {
         return err2(tokenRes.errors);
       }
       const token = tokenRes.data;
@@ -656,13 +754,12 @@ function isBinaryContentType(contentType) {
           pendingControllers.set(id, controller);
           const merged = { ...options || {}, signal: controller.signal };
           const result = await makeApiRequest(url, merged);
-          if (result.isOkWithData()) {
+          if (result.ok) {
             sendFetchResult(id, result.data);
           } else {
-            const error = result.errors?.[0];
+            const error = result.errors[0];
             const message = error?.message || "Unknown error";
-            const status = result.status;
-            sendFetchError(id, message, status);
+            sendFetchError(id, message, void 0);
           }
           pendingControllers.delete(id);
         } catch (error) {
@@ -673,38 +770,44 @@ function isBinaryContentType(contentType) {
       }
       case MSG.AUTH_CALL: {
         const { id, payload } = data;
-        try {
-          const { method, args, emitEvent } = payload;
-          const shouldEmitEvent = emitEvent ?? true;
-          if (!provider) {
-            sendError(id, err2(InitErrors.NotInitialized()));
-            break;
-          }
-          if (typeof provider[method] !== "function") {
-            sendError(id, err2(GeneralErrors.Unexpected({ message: `Method '${method}' not found on provider` })));
-            break;
-          }
-          const result = await provider[method](...args);
-          if (result.isError()) {
-            sendError(id, result);
-            break;
+        await withAuthMutex(async () => {
+          try {
+            const { method, args, emitEvent } = payload;
+            const shouldEmitEvent = emitEvent ?? true;
+            if (!provider) {
+              sendError(id, err2(InitErrors.NotInitialized()));
+              return;
+            }
+            if (typeof provider[method] !== "function") {
+              sendError(id, err2(GeneralErrors.Unexpected({ message: `Method '${method}' not found on provider` })));
+              return;
+            }
+            let methodArgs = args;
+            if (method === "exchangeToken") {
+              methodArgs = [accessToken, ...args];
+            }
+            const result = await provider[method](...methodArgs);
+            if (!result.ok) {
+              sendError(id, result);
+              return;
+            }
+            const tokenInfo = result.data;
+            if (!tokenInfo) {
+              sendError(id, err2(GeneralErrors.Unexpected({ message: "Provider returned null token info" })));
+              return;
+            }
+            setTokenState(tokenInfo, shouldEmitEvent);
+            const now = Date.now();
+            const authenticated = accessToken !== null && accessToken !== "" && (expiresAt === null || expiresAt > now);
+            sendAuthCallResult(id, {
+              authenticated,
+              expiresAt,
+              user: currentUser
+            });
+          } catch (error) {
+            sendError(id, err2(GeneralErrors.Unexpected({ message: error instanceof Error ? error.message : String(error) })));
           }
-          const tokenInfo = result.data;
-          if (!tokenInfo) {
-            sendError(id, err2(GeneralErrors.Unexpected({ message: "Provider returned null token info" })));
-            break;
-          }
-          setTokenState(tokenInfo, shouldEmitEvent);
-          const now = Date.now();
-          const authenticated = accessToken !== null && accessToken !== "" && (expiresAt === null || expiresAt > now);
-          sendAuthCallResult(id, {
-            authenticated,
-            expiresAt,
-            user: currentUser
-          });
-        } catch (error) {
-          sendError(id, err2(GeneralErrors.Unexpected({ message: error instanceof Error ? error.message : String(error) })));
-        }
+        });
         break;
       }
       case MSG.CANCEL: {