lemma-sdk 0.2.22 → 0.2.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.d.ts +1 -0
- package/dist/auth.js +13 -12
- package/dist/browser/lemma-client.js +13 -12
- package/package.json +1 -1
package/dist/auth.d.ts
CHANGED
|
@@ -109,6 +109,7 @@ export declare class AuthManager {
|
|
|
109
109
|
* This helps recover when signout/session-expiry paths leave local markers behind.
|
|
110
110
|
*/
|
|
111
111
|
private clearFrontendSessionMarkers;
|
|
112
|
+
private applyUnauthenticatedState;
|
|
112
113
|
private clearInjectedToken;
|
|
113
114
|
private rawSignOutViaBackend;
|
|
114
115
|
/**
|
package/dist/auth.js
CHANGED
|
@@ -278,6 +278,12 @@ export class AuthManager {
|
|
|
278
278
|
}
|
|
279
279
|
}
|
|
280
280
|
}
|
|
281
|
+
applyUnauthenticatedState() {
|
|
282
|
+
this.clearFrontendSessionMarkers();
|
|
283
|
+
const next = { status: "unauthenticated", user: null };
|
|
284
|
+
this.setState(next);
|
|
285
|
+
return next;
|
|
286
|
+
}
|
|
281
287
|
clearInjectedToken() {
|
|
282
288
|
this.injectedToken = null;
|
|
283
289
|
clearTestingToken();
|
|
@@ -386,16 +392,11 @@ export class AuthManager {
|
|
|
386
392
|
const response = await fetch(`${this.apiUrl}/users/me`, this.getRequestInit({ method: "GET" }));
|
|
387
393
|
// Only 401 means not authenticated — 403 means authenticated but forbidden
|
|
388
394
|
if (response.status === 401) {
|
|
389
|
-
this.
|
|
390
|
-
const next = { status: "unauthenticated", user: null };
|
|
391
|
-
this.setState(next);
|
|
392
|
-
return next;
|
|
395
|
+
return this.applyUnauthenticatedState();
|
|
393
396
|
}
|
|
394
397
|
if (!response.ok) {
|
|
395
398
|
// For non-401 errors on /users/me, treat as unauthenticated (conservative)
|
|
396
|
-
|
|
397
|
-
this.setState(next);
|
|
398
|
-
return next;
|
|
399
|
+
return this.applyUnauthenticatedState();
|
|
399
400
|
}
|
|
400
401
|
const user = (await response.json());
|
|
401
402
|
const next = { status: "authenticated", user };
|
|
@@ -403,9 +404,7 @@ export class AuthManager {
|
|
|
403
404
|
return next;
|
|
404
405
|
}
|
|
405
406
|
catch {
|
|
406
|
-
|
|
407
|
-
this.setState(next);
|
|
408
|
-
return next;
|
|
407
|
+
return this.applyUnauthenticatedState();
|
|
409
408
|
}
|
|
410
409
|
}
|
|
411
410
|
/**
|
|
@@ -413,8 +412,7 @@ export class AuthManager {
|
|
|
413
412
|
* Does NOT redirect — call redirectToAuth() explicitly if desired.
|
|
414
413
|
*/
|
|
415
414
|
markUnauthenticated() {
|
|
416
|
-
this.
|
|
417
|
-
this.setState({ status: "unauthenticated", user: null });
|
|
415
|
+
this.applyUnauthenticatedState();
|
|
418
416
|
}
|
|
419
417
|
/**
|
|
420
418
|
* Sign out the current user session.
|
|
@@ -442,6 +440,9 @@ export class AuthManager {
|
|
|
442
440
|
// best effort fallback only
|
|
443
441
|
}
|
|
444
442
|
}
|
|
443
|
+
// Always clear frontend markers on logout attempt, even if backend session
|
|
444
|
+
// cleanup is partial. This avoids stale local "EXISTS" signals.
|
|
445
|
+
this.clearFrontendSessionMarkers();
|
|
445
446
|
const isAuthenticated = await this.isAuthenticatedViaCookie();
|
|
446
447
|
if (!isAuthenticated) {
|
|
447
448
|
this.markUnauthenticated();
|
|
@@ -461,6 +461,12 @@ class AuthManager {
|
|
|
461
461
|
}
|
|
462
462
|
}
|
|
463
463
|
}
|
|
464
|
+
applyUnauthenticatedState() {
|
|
465
|
+
this.clearFrontendSessionMarkers();
|
|
466
|
+
const next = { status: "unauthenticated", user: null };
|
|
467
|
+
this.setState(next);
|
|
468
|
+
return next;
|
|
469
|
+
}
|
|
464
470
|
clearInjectedToken() {
|
|
465
471
|
this.injectedToken = null;
|
|
466
472
|
clearTestingToken();
|
|
@@ -569,16 +575,11 @@ class AuthManager {
|
|
|
569
575
|
const response = await fetch(`${this.apiUrl}/users/me`, this.getRequestInit({ method: "GET" }));
|
|
570
576
|
// Only 401 means not authenticated — 403 means authenticated but forbidden
|
|
571
577
|
if (response.status === 401) {
|
|
572
|
-
this.
|
|
573
|
-
const next = { status: "unauthenticated", user: null };
|
|
574
|
-
this.setState(next);
|
|
575
|
-
return next;
|
|
578
|
+
return this.applyUnauthenticatedState();
|
|
576
579
|
}
|
|
577
580
|
if (!response.ok) {
|
|
578
581
|
// For non-401 errors on /users/me, treat as unauthenticated (conservative)
|
|
579
|
-
|
|
580
|
-
this.setState(next);
|
|
581
|
-
return next;
|
|
582
|
+
return this.applyUnauthenticatedState();
|
|
582
583
|
}
|
|
583
584
|
const user = (await response.json());
|
|
584
585
|
const next = { status: "authenticated", user };
|
|
@@ -586,9 +587,7 @@ class AuthManager {
|
|
|
586
587
|
return next;
|
|
587
588
|
}
|
|
588
589
|
catch {
|
|
589
|
-
|
|
590
|
-
this.setState(next);
|
|
591
|
-
return next;
|
|
590
|
+
return this.applyUnauthenticatedState();
|
|
592
591
|
}
|
|
593
592
|
}
|
|
594
593
|
/**
|
|
@@ -596,8 +595,7 @@ class AuthManager {
|
|
|
596
595
|
* Does NOT redirect — call redirectToAuth() explicitly if desired.
|
|
597
596
|
*/
|
|
598
597
|
markUnauthenticated() {
|
|
599
|
-
this.
|
|
600
|
-
this.setState({ status: "unauthenticated", user: null });
|
|
598
|
+
this.applyUnauthenticatedState();
|
|
601
599
|
}
|
|
602
600
|
/**
|
|
603
601
|
* Sign out the current user session.
|
|
@@ -625,6 +623,9 @@ class AuthManager {
|
|
|
625
623
|
// best effort fallback only
|
|
626
624
|
}
|
|
627
625
|
}
|
|
626
|
+
// Always clear frontend markers on logout attempt, even if backend session
|
|
627
|
+
// cleanup is partial. This avoids stale local "EXISTS" signals.
|
|
628
|
+
this.clearFrontendSessionMarkers();
|
|
628
629
|
const isAuthenticated = await this.isAuthenticatedViaCookie();
|
|
629
630
|
if (!isAuthenticated) {
|
|
630
631
|
this.markUnauthenticated();
|