mindcache 3.4.4 → 3.5.1

package/dist/index.mjs

@@ -367,10 +367,12 @@ var init_CloudAdapter = __esm({
           try {
             if (typeof event.data === "string") {
               const msg = JSON.parse(event.data);
+              console.log("\u2601\uFE0F CloudAdapter: Received JSON message:", msg.type, msg);
               if (msg.type === "auth_success") {
                 this._state = "connected";
                 this.reconnectAttempts = 0;
                 this.emit("connected");
+                console.log("\u2601\uFE0F Connected to MindCache cloud");
               } else if (msg.type === "auth_error" || msg.type === "error") {
                 this._state = "error";
                 this.emit("error", new Error(msg.error));
@@ -378,6 +380,7 @@ var init_CloudAdapter = __esm({
                 console.debug("MindCache Cloud: Received message type:", msg.type, msg);
               }
             } else {
+              console.log("\u2601\uFE0F CloudAdapter: Received binary message, length:", event.data.byteLength);
               const encoder = encoding.createEncoder();
               const decoder = decoding.createDecoder(new Uint8Array(event.data));
               if (this.mindcache) {
@@ -388,6 +391,7 @@ var init_CloudAdapter = __esm({
                 if (!this._synced && (messageType === 1 || messageType === 2)) {
                   this._synced = true;
                   this.emit("synced");
+                  console.log("\u2601\uFE0F Synced with cloud");
                 }
               }
             }
@@ -2617,6 +2621,355 @@ var MindCache = class {
 init_CloudAdapter();
 init_CloudAdapter();
 
+// src/cloud/OAuthClient.ts
+var DEFAULT_AUTH_URL = "https://api.mindcache.dev/oauth/authorize";
+var DEFAULT_TOKEN_URL = "https://api.mindcache.dev/oauth/token";
+var DEFAULT_USERINFO_URL = "https://api.mindcache.dev/oauth/userinfo";
+var TOKEN_REFRESH_BUFFER = 5 * 60 * 1e3;
+function generateRandomString(length2) {
+  const array = new Uint8Array(length2);
+  crypto.getRandomValues(array);
+  return Array.from(array).map((b) => b.toString(16).padStart(2, "0")).join("").slice(0, length2);
+}
+function base64UrlEncode(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function generateCodeVerifier() {
+  return generateRandomString(64);
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  return base64UrlEncode(hash);
+}
+var OAuthClient = class {
+  config;
+  tokens = null;
+  refreshPromise = null;
+  constructor(config) {
+    let redirectUri = config.redirectUri;
+    if (!redirectUri && typeof window !== "undefined") {
+      const url = new URL(window.location.href);
+      url.search = "";
+      url.hash = "";
+      redirectUri = url.toString();
+    }
+    this.config = {
+      clientId: config.clientId,
+      redirectUri: redirectUri || "",
+      scopes: config.scopes || ["read", "write"],
+      authUrl: config.authUrl || DEFAULT_AUTH_URL,
+      tokenUrl: config.tokenUrl || DEFAULT_TOKEN_URL,
+      apiUrl: config.apiUrl || (config.tokenUrl || DEFAULT_TOKEN_URL).replace("/oauth/token", ""),
+      usePKCE: config.usePKCE !== false,
+      // Default true
+      storagePrefix: config.storagePrefix || "mindcache_oauth"
+    };
+    this.loadTokens();
+  }
+  /**
+     * Check if user is authenticated
+     */
+  isAuthenticated() {
+    return this.tokens !== null && this.tokens.expiresAt > Date.now();
+  }
+  /**
+     * Get stored tokens (if any)
+     */
+  getTokens() {
+    return this.tokens;
+  }
+  /**
+     * Get instance ID for this user+app
+     */
+  getInstanceId() {
+    return this.tokens?.instanceId || null;
+  }
+  /**
+     * Start OAuth authorization flow
+     * Redirects to MindCache authorization page
+     */
+  async authorize(options) {
+    const state = options?.state || generateRandomString(32);
+    this.setStorage("state", state);
+    const url = new URL(this.config.authUrl);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", this.config.clientId);
+    url.searchParams.set("redirect_uri", this.config.redirectUri);
+    url.searchParams.set("scope", this.config.scopes.join(" "));
+    url.searchParams.set("state", state);
+    if (this.config.usePKCE) {
+      const codeVerifier = generateCodeVerifier();
+      const codeChallenge = await generateCodeChallenge(codeVerifier);
+      this.setStorage("code_verifier", codeVerifier);
+      url.searchParams.set("code_challenge", codeChallenge);
+      url.searchParams.set("code_challenge_method", "S256");
+    }
+    if (options?.popup) {
+      const popup = window.open(url.toString(), "mindcache_oauth", "width=500,height=600");
+      if (!popup) {
+        throw new Error("Popup blocked. Please allow popups for this site.");
+      }
+    } else {
+      window.location.href = url.toString();
+    }
+  }
+  /**
+     * Handle OAuth callback
+     * Call this on your redirect URI page
+     *
+     * @returns Tokens if successful
+     */
+  async handleCallback() {
+    if (typeof window === "undefined") {
+      throw new Error("handleCallback must be called in browser");
+    }
+    const url = new URL(window.location.href);
+    const code = url.searchParams.get("code");
+    const state = url.searchParams.get("state");
+    const error = url.searchParams.get("error");
+    const errorDescription = url.searchParams.get("error_description");
+    if (error) {
+      this.clearStorage();
+      throw new Error(errorDescription || error);
+    }
+    const storedState = this.getStorage("state");
+    if (!state || state !== storedState) {
+      this.clearStorage();
+      throw new Error("Invalid state parameter");
+    }
+    if (!code) {
+      this.clearStorage();
+      throw new Error("No authorization code received");
+    }
+    const body = {
+      grant_type: "authorization_code",
+      code,
+      client_id: this.config.clientId,
+      redirect_uri: this.config.redirectUri
+    };
+    if (this.config.usePKCE) {
+      const codeVerifier = this.getStorage("code_verifier");
+      if (!codeVerifier) {
+        throw new Error("Missing code verifier");
+      }
+      body.code_verifier = codeVerifier;
+    }
+    const response = await fetch(this.config.tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    if (!response.ok) {
+      const data2 = await response.json().catch(() => ({}));
+      throw new Error(data2.error_description || data2.error || "Token exchange failed");
+    }
+    const data = await response.json();
+    this.tokens = {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token,
+      expiresAt: Date.now() + data.expires_in * 1e3,
+      scopes: data.scope?.split(" ") || this.config.scopes,
+      instanceId: data.instance_id
+    };
+    this.saveTokens();
+    url.searchParams.delete("code");
+    url.searchParams.delete("state");
+    window.history.replaceState({}, "", url.toString());
+    this.removeStorage("state");
+    this.removeStorage("code_verifier");
+    return this.tokens;
+  }
+  /**
+     * Get a valid access token
+     * Automatically refreshes if needed
+     */
+  async getAccessToken() {
+    if (!this.tokens) {
+      throw new Error("Not authenticated. Call authorize() first.");
+    }
+    const needsRefresh = this.tokens.expiresAt - Date.now() < TOKEN_REFRESH_BUFFER;
+    if (needsRefresh && this.tokens.refreshToken) {
+      if (!this.refreshPromise) {
+        this.refreshPromise = this.refreshTokens();
+      }
+      return this.refreshPromise;
+    }
+    return this.tokens.accessToken;
+  }
+  /**
+     * Refresh access token
+     */
+  async refreshTokens() {
+    if (!this.tokens?.refreshToken) {
+      throw new Error("No refresh token available");
+    }
+    try {
+      const response = await fetch(this.config.tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          grant_type: "refresh_token",
+          refresh_token: this.tokens.refreshToken,
+          client_id: this.config.clientId
+        })
+      });
+      if (!response.ok) {
+        this.clearAuth();
+        throw new Error("Session expired. Please sign in again.");
+      }
+      const data = await response.json();
+      this.tokens = {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token || this.tokens.refreshToken,
+        expiresAt: Date.now() + data.expires_in * 1e3,
+        scopes: data.scope?.split(" ") || this.tokens.scopes,
+        instanceId: data.instance_id || this.tokens.instanceId
+      };
+      this.saveTokens();
+      return this.tokens.accessToken;
+    } finally {
+      this.refreshPromise = null;
+    }
+  }
+  /**
+     * Get user info from MindCache
+     */
+  async getUserInfo() {
+    const token = await this.getAccessToken();
+    const response = await fetch(DEFAULT_USERINFO_URL, {
+      headers: {
+        Authorization: `Bearer ${token}`
+      }
+    });
+    if (!response.ok) {
+      throw new Error("Failed to get user info");
+    }
+    const data = await response.json();
+    return {
+      id: data.sub,
+      email: data.email,
+      name: data.name,
+      instanceId: data.instance_id
+    };
+  }
+  /**
+     * Logout - revoke tokens and clear storage
+     */
+  async logout() {
+    if (this.tokens?.accessToken) {
+      try {
+        await fetch(this.config.tokenUrl.replace("/token", "/revoke"), {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({
+            token: this.tokens.accessToken
+          })
+        });
+      } catch {
+      }
+    }
+    this.clearAuth();
+  }
+  /**
+     * Clear authentication state
+     */
+  clearAuth() {
+    this.tokens = null;
+    this.removeStorage("tokens");
+  }
+  /**
+   * Token provider for MindCache cloud config
+   * This fetches a WebSocket token (short-lived) using the OAuth access token
+   * Use this with MindCacheCloudOptions.tokenProvider
+   */
+  tokenProvider = async () => {
+    const accessToken = await this.getAccessToken();
+    const instanceId = this.getInstanceId();
+    if (!instanceId) {
+      throw new Error("No instance ID available. Complete OAuth flow first.");
+    }
+    const response = await fetch(`${this.config.apiUrl}/api/ws-token`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${accessToken}`
+      },
+      body: JSON.stringify({
+        instanceId,
+        permission: "write"
+      })
+    });
+    if (!response.ok) {
+      const data2 = await response.json().catch(() => ({}));
+      throw new Error(data2.error || "Failed to get WebSocket token");
+    }
+    const data = await response.json();
+    return data.token;
+  };
+  /**
+   * Get raw OAuth access token (for API calls, not WebSocket)
+   * Use getAccessToken() for most cases
+   */
+  accessTokenProvider = async () => {
+    return this.getAccessToken();
+  };
+  // Storage helpers
+  getStorage(key) {
+    if (typeof localStorage === "undefined") {
+      return null;
+    }
+    return localStorage.getItem(`${this.config.storagePrefix}_${key}`);
+  }
+  setStorage(key, value) {
+    if (typeof localStorage === "undefined") {
+      return;
+    }
+    localStorage.setItem(`${this.config.storagePrefix}_${key}`, value);
+  }
+  removeStorage(key) {
+    if (typeof localStorage === "undefined") {
+      return;
+    }
+    localStorage.removeItem(`${this.config.storagePrefix}_${key}`);
+  }
+  clearStorage() {
+    this.removeStorage("state");
+    this.removeStorage("code_verifier");
+    this.removeStorage("tokens");
+  }
+  loadTokens() {
+    const stored = this.getStorage("tokens");
+    if (stored) {
+      try {
+        this.tokens = JSON.parse(stored);
+      } catch {
+        this.tokens = null;
+      }
+    }
+  }
+  saveTokens() {
+    if (this.tokens) {
+      this.setStorage("tokens", JSON.stringify(this.tokens));
+    }
+  }
+};
+function createOAuthClient(config) {
+  return new OAuthClient(config);
+}
+
 // src/local/index.ts
 init_IndexedDBAdapter();
 function useMindCache(options) {
@@ -2657,6 +3010,6 @@ function useMindCache(options) {
 // src/index.ts
 var mindcache = new MindCache();
 
-export { CloudAdapter, DEFAULT_KEY_ATTRIBUTES, IndexedDBAdapter, MindCache, SystemTagHelpers, mindcache, useMindCache };
+export { CloudAdapter, DEFAULT_KEY_ATTRIBUTES, IndexedDBAdapter, MindCache, OAuthClient, SystemTagHelpers, createOAuthClient, mindcache, useMindCache };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map