sh3-core 0.17.2 → 0.19.0

package/dist/transport/apiFetch.test.js

@@ -0,0 +1,37 @@
+import { describe, expect, it, vi, beforeEach, afterEach } from 'vitest';
+describe('apiFetch', () => {
+    let originalFetch;
+    beforeEach(() => {
+        originalFetch = globalThis.fetch;
+        vi.resetModules();
+    });
+    afterEach(() => {
+        globalThis.fetch = originalFetch;
+    });
+    it('uses global fetch with credentials:include when Tauri plugin-http is unavailable', async () => {
+        const calls = [];
+        globalThis.fetch = vi.fn(async (input, init) => {
+            calls.push([input, init]);
+            return new Response('ok');
+        });
+        const { apiFetch } = await import('./apiFetch');
+        const res = await apiFetch('https://example.com/api/foo', { method: 'GET' });
+        expect(await res.text()).toBe('ok');
+        expect(calls).toHaveLength(1);
+        const [input, init] = calls[0];
+        expect(input).toBe('https://example.com/api/foo');
+        expect(init.credentials).toBe('include');
+        expect(init.method).toBe('GET');
+    });
+    it('lets caller-provided credentials override the default', async () => {
+        const calls = [];
+        globalThis.fetch = vi.fn(async (input, init) => {
+            calls.push([input, init]);
+            return new Response('ok');
+        });
+        const { apiFetch } = await import('./apiFetch');
+        await apiFetch('https://example.com/api/foo', { credentials: 'omit' });
+        const [, init] = calls[0];
+        expect(init.credentials).toBe('omit');
+    });
+});

package/dist/transport/authToken.d.ts

@@ -0,0 +1,2 @@
+export declare function setAuthToken(value: string | null): void;
+export declare function getAuthToken(): string | null;

package/dist/transport/authToken.js

@@ -0,0 +1,53 @@
+/*
+ * Auth-token store used by `apiFetch` to attach `Authorization: Bearer
+ * <token>` to every request when a session exists.
+ *
+ * The browser auth flow relies on Set-Cookie + same-origin requests to
+ * keep the session alive. That breaks down for cross-origin Tauri
+ * clients (e.g. Android): the WebView's origin is `tauri://localhost`
+ * and the sh3-server lives on a different domain, so the session
+ * cookie is treated as cross-site and dropped under SameSite=Lax. On
+ * top of that, `@tauri-apps/plugin-http` (reqwest under the hood)
+ * doesn't enable a persistent cookie store by default, so even if
+ * SameSite weren't an issue cookies wouldn't survive between calls.
+ *
+ * Carrying the session token in a header sidesteps both problems.
+ * `auth.svelte.ts` populates this store after login/register/initFromBoot
+ * and clears it on logout. The token is mirrored to localStorage so an
+ * app restart doesn't dump the user back at the sign-in wall.
+ */
+const KEY = 'sh3:authToken';
+let token = null;
+let restored = false;
+function restore() {
+    if (restored)
+        return;
+    restored = true;
+    if (typeof localStorage === 'undefined')
+        return;
+    try {
+        token = localStorage.getItem(KEY);
+    }
+    catch (_a) {
+        token = null;
+    }
+}
+export function setAuthToken(value) {
+    restored = true;
+    token = value;
+    if (typeof localStorage === 'undefined')
+        return;
+    try {
+        if (value)
+            localStorage.setItem(KEY, value);
+        else
+            localStorage.removeItem(KEY);
+    }
+    catch (_a) {
+        // localStorage may be disabled (private browsing); in-memory copy still works.
+    }
+}
+export function getAuthToken() {
+    restore();
+    return token;
+}

package/dist/transport/authToken.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/transport/authToken.test.js

@@ -0,0 +1,33 @@
+import { describe, expect, it, beforeEach, vi } from 'vitest';
+describe('authToken', () => {
+    beforeEach(() => {
+        vi.resetModules();
+        if (typeof localStorage !== 'undefined')
+            localStorage.clear();
+    });
+    it('returns null when nothing stored', async () => {
+        const { getAuthToken } = await import('./authToken');
+        expect(getAuthToken()).toBeNull();
+    });
+    it('round-trips set/get', async () => {
+        const { setAuthToken, getAuthToken } = await import('./authToken');
+        setAuthToken('sh3s_deadbeef');
+        expect(getAuthToken()).toBe('sh3s_deadbeef');
+    });
+    it('persists across module re-imports via localStorage', async () => {
+        const first = await import('./authToken');
+        first.setAuthToken('sh3s_persisted');
+        vi.resetModules();
+        const second = await import('./authToken');
+        expect(second.getAuthToken()).toBe('sh3s_persisted');
+    });
+    it('clear removes from storage', async () => {
+        const { setAuthToken, getAuthToken } = await import('./authToken');
+        setAuthToken('sh3s_x');
+        setAuthToken(null);
+        expect(getAuthToken()).toBeNull();
+        vi.resetModules();
+        const reloaded = await import('./authToken');
+        expect(reloaded.getAuthToken()).toBeNull();
+    });
+});

package/dist/version.d.ts

@@ -1,2 +1,2 @@
 /** Auto-generated from package.json — do not edit manually. */
-export declare const VERSION = "0.17.2";
+export declare const VERSION = "0.19.0";

package/dist/version.js

@@ -1,2 +1,2 @@
 /** Auto-generated from package.json — do not edit manually. */
-export const VERSION = '0.17.2';
+export const VERSION = '0.19.0';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sh3-core",
-  "version": "0.17.2",
+  "version": "0.19.0",
   "type": "module",
   "files": [
     "dist"