spck 0.3.1

package/dist/proxy/__tests__/ProxySocketWrapper.test.js

@@ -0,0 +1,190 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+/**
+ * Unit tests for ProxySocketWrapper
+ */
+import { ProxySocketWrapper } from '../ProxySocketWrapper.js';
+describe('ProxySocketWrapper', () => {
+    let wrapper;
+    let mockSendFn;
+    const connectionId = 'test-connection-123';
+    const userId = 'test-user-456';
+    const deviceId = 'test-device-789';
+    beforeEach(() => {
+        mockSendFn = vi.fn();
+        wrapper = new ProxySocketWrapper(connectionId, userId, mockSendFn, deviceId);
+    });
+    describe('constructor', () => {
+        it('should initialize with correct connection ID, user ID, and device ID', () => {
+            expect(wrapper.id).toBe(connectionId);
+            expect(wrapper.data.uid).toBe(userId);
+            expect(wrapper.data.deviceId).toBe(deviceId);
+        });
+        it('should initialize broadcast object', () => {
+            expect(wrapper.broadcast).toBeDefined();
+            expect(typeof wrapper.broadcast.emit).toBe('function');
+        });
+    });
+    describe('emit()', () => {
+        it('should call sendFn with correct parameters', () => {
+            const event = 'test-event';
+            const data = { message: 'hello' };
+            wrapper.emit(event, data);
+            expect(mockSendFn).toHaveBeenCalledWith(connectionId, event, data);
+        });
+        it('should handle emit without data', () => {
+            const event = 'test-event';
+            wrapper.emit(event);
+            expect(mockSendFn).toHaveBeenCalledWith(connectionId, event, {});
+        });
+        it('should return true', () => {
+            const result = wrapper.emit('test-event');
+            expect(result).toBe(true);
+        });
+    });
+    describe('broadcast.emit()', () => {
+        it('should call regular emit (sends to single client)', () => {
+            const event = 'broadcast-event';
+            const data = { type: 'notification' };
+            wrapper.broadcast.emit(event, data);
+            expect(mockSendFn).toHaveBeenCalledWith(connectionId, event, data);
+        });
+        it('should return true', () => {
+            const result = wrapper.broadcast.emit('test-event');
+            expect(result).toBe(true);
+        });
+    });
+    describe('on()', () => {
+        it('should register event listener', () => {
+            const listener = vi.fn();
+            wrapper.on('rpc', listener);
+            // Trigger the event
+            wrapper.triggerEvent('rpc', { test: 'data' });
+            expect(listener).toHaveBeenCalledWith({ test: 'data' });
+        });
+        it('should support multiple listeners for same event', () => {
+            const listener1 = vi.fn();
+            const listener2 = vi.fn();
+            wrapper.on('rpc', listener1);
+            wrapper.on('rpc', listener2);
+            wrapper.triggerEvent('rpc', { test: 'data' });
+            expect(listener1).toHaveBeenCalledWith({ test: 'data' });
+            expect(listener2).toHaveBeenCalledWith({ test: 'data' });
+        });
+        it('should return this for chaining', () => {
+            const listener = vi.fn();
+            const result = wrapper.on('test', listener);
+            expect(result).toBe(wrapper);
+        });
+    });
+    describe('off()', () => {
+        it('should remove specific listener', () => {
+            const listener1 = vi.fn();
+            const listener2 = vi.fn();
+            wrapper.on('rpc', listener1);
+            wrapper.on('rpc', listener2);
+            wrapper.off('rpc', listener1);
+            wrapper.triggerEvent('rpc', { test: 'data' });
+            expect(listener1).not.toHaveBeenCalled();
+            expect(listener2).toHaveBeenCalled();
+        });
+        it('should remove all listeners for event when no listener specified', () => {
+            const listener1 = vi.fn();
+            const listener2 = vi.fn();
+            wrapper.on('rpc', listener1);
+            wrapper.on('rpc', listener2);
+            wrapper.off('rpc');
+            wrapper.triggerEvent('rpc', { test: 'data' });
+            expect(listener1).not.toHaveBeenCalled();
+            expect(listener2).not.toHaveBeenCalled();
+        });
+        it('should return this for chaining', () => {
+            const listener = vi.fn();
+            wrapper.on('test', listener);
+            const result = wrapper.off('test', listener);
+            expect(result).toBe(wrapper);
+        });
+    });
+    describe('once()', () => {
+        it('should trigger listener only once', () => {
+            const listener = vi.fn();
+            wrapper.once('rpc', listener);
+            wrapper.triggerEvent('rpc', { call: 1 });
+            wrapper.triggerEvent('rpc', { call: 2 });
+            expect(listener).toHaveBeenCalledTimes(1);
+            expect(listener).toHaveBeenCalledWith({ call: 1 });
+        });
+        it('should return this for chaining', () => {
+            const listener = vi.fn();
+            const result = wrapper.once('test', listener);
+            expect(result).toBe(wrapper);
+        });
+    });
+    describe('removeAllListeners()', () => {
+        it('should remove all listeners for specific event', () => {
+            const listener1 = vi.fn();
+            const listener2 = vi.fn();
+            wrapper.on('event1', listener1);
+            wrapper.on('event2', listener2);
+            wrapper.removeAllListeners('event1');
+            wrapper.triggerEvent('event1', {});
+            wrapper.triggerEvent('event2', {});
+            expect(listener1).not.toHaveBeenCalled();
+            expect(listener2).toHaveBeenCalled();
+        });
+        it('should remove all listeners when no event specified', () => {
+            const listener1 = vi.fn();
+            const listener2 = vi.fn();
+            wrapper.on('event1', listener1);
+            wrapper.on('event2', listener2);
+            wrapper.removeAllListeners();
+            wrapper.triggerEvent('event1', {});
+            wrapper.triggerEvent('event2', {});
+            expect(listener1).not.toHaveBeenCalled();
+            expect(listener2).not.toHaveBeenCalled();
+        });
+        it('should return this for chaining', () => {
+            const result = wrapper.removeAllListeners();
+            expect(result).toBe(wrapper);
+        });
+    });
+    describe('triggerEvent()', () => {
+        it('should call all registered listeners with arguments', () => {
+            const listener = vi.fn();
+            wrapper.on('test', listener);
+            wrapper.triggerEvent('test', 'arg1', 'arg2', 'arg3');
+            expect(listener).toHaveBeenCalledWith('arg1', 'arg2', 'arg3');
+        });
+        it('should handle errors in listeners gracefully', () => {
+            const errorListener = vi.fn(() => {
+                throw new Error('Listener error');
+            });
+            const goodListener = vi.fn();
+            const consoleErrorSpy = vi.spyOn(console, 'error').mockImplementation(() => { });
+            wrapper.on('test', errorListener);
+            wrapper.on('test', goodListener);
+            wrapper.triggerEvent('test', {});
+            expect(errorListener).toHaveBeenCalled();
+            expect(goodListener).toHaveBeenCalled();
+            expect(consoleErrorSpy).toHaveBeenCalled();
+            consoleErrorSpy.mockRestore();
+        });
+        it('should do nothing if no listeners registered', () => {
+            // Should not throw
+            expect(() => {
+                wrapper.triggerEvent('nonexistent-event', {});
+            }).not.toThrow();
+        });
+    });
+    describe('id getter', () => {
+        it('should return connection ID', () => {
+            expect(wrapper.id).toBe(connectionId);
+        });
+    });
+    describe('data property', () => {
+        it('should have uid property', () => {
+            expect(wrapper.data).toHaveProperty('uid');
+            expect(wrapper.data.uid).toBe(userId);
+        });
+    });
+});
+//# sourceMappingURL=ProxySocketWrapper.test.js.map

package/dist/proxy/__tests__/handshake-validation.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=handshake-validation.test.d.ts.map

package/dist/proxy/__tests__/handshake-validation.test.js

@@ -0,0 +1,282 @@
+import { describe, it, expect } from 'vitest';
+/**
+ * Tests for handshake validation - Replay attack prevention
+ */
+import { validateHandshakeTimestamp } from '../handshake-validation.js';
+describe('validateHandshakeTimestamp - Replay Attack Prevention', () => {
+    const ONE_MINUTE = 60 * 1000;
+    const NOW = 1640000000000; // Fixed timestamp for testing
+    describe('Valid timestamps', () => {
+        it('should accept message with current timestamp', () => {
+            const result = validateHandshakeTimestamp(NOW, { now: NOW });
+            expect(result.valid).toBe(true);
+            expect(result.error).toBeUndefined();
+        });
+        it('should accept message 30 seconds old', () => {
+            const timestamp = NOW - 30 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(true);
+            expect(result.error).toBeUndefined();
+        });
+        it('should accept message exactly 1 minute old (boundary)', () => {
+            const timestamp = NOW - ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(true);
+            expect(result.error).toBeUndefined();
+        });
+        it('should accept message 59 seconds old', () => {
+            const timestamp = NOW - 59 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(true);
+            expect(result.error).toBeUndefined();
+        });
+        it('should accept message 30 seconds in future (clock skew)', () => {
+            const timestamp = NOW + 30 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(true);
+            expect(result.error).toBeUndefined();
+        });
+        it('should accept message exactly 1 minute in future (clock skew boundary)', () => {
+            const timestamp = NOW + ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(true);
+            expect(result.error).toBeUndefined();
+        });
+        it('should accept message 59 seconds in future', () => {
+            const timestamp = NOW + 59 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(true);
+            expect(result.error).toBeUndefined();
+        });
+    });
+    describe('Invalid timestamps - Too old', () => {
+        it('should reject message 2 minutes old', () => {
+            const timestamp = NOW - 2 * ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too old');
+            expect(result.error).toContain('120s'); // 2 minutes
+        });
+        it('should reject message 5 minutes old', () => {
+            const timestamp = NOW - 5 * ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too old');
+            expect(result.error).toContain('300s'); // 5 minutes
+        });
+        it('should reject message 1 minute and 1 millisecond old', () => {
+            const timestamp = NOW - ONE_MINUTE - 1;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too old');
+        });
+        it('should reject message 61 seconds old', () => {
+            const timestamp = NOW - 61 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too old');
+        });
+        it('should reject very old message (1 hour)', () => {
+            const timestamp = NOW - 60 * ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too old');
+        });
+    });
+    describe('Invalid timestamps - Too far in future', () => {
+        it('should reject message 2 minutes in future', () => {
+            const timestamp = NOW + 2 * ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too far in future');
+            expect(result.error).toContain('120s'); // 2 minutes
+        });
+        it('should reject message 5 minutes in future', () => {
+            const timestamp = NOW + 5 * ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too far in future');
+        });
+        it('should reject message 1 minute and 1 millisecond in future', () => {
+            const timestamp = NOW + ONE_MINUTE + 1;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too far in future');
+        });
+        it('should reject message 61 seconds in future', () => {
+            const timestamp = NOW + 61 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too far in future');
+        });
+    });
+    describe('Invalid timestamp formats', () => {
+        it('should reject non-number timestamp', () => {
+            const result = validateHandshakeTimestamp('invalid', { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('Invalid timestamp format');
+        });
+        it('should reject NaN timestamp', () => {
+            const result = validateHandshakeTimestamp(NaN, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('Invalid timestamp format');
+        });
+        it('should reject Infinity timestamp', () => {
+            const result = validateHandshakeTimestamp(Infinity, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('Invalid timestamp format');
+        });
+        it('should reject negative timestamp', () => {
+            const result = validateHandshakeTimestamp(-1000, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('Timestamp must be positive');
+        });
+        it('should reject zero timestamp', () => {
+            const result = validateHandshakeTimestamp(0, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('Timestamp must be positive');
+        });
+        it('should reject null timestamp', () => {
+            const result = validateHandshakeTimestamp(null, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('Invalid timestamp format');
+        });
+        it('should reject undefined timestamp', () => {
+            const result = validateHandshakeTimestamp(undefined, { now: NOW });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('Invalid timestamp format');
+        });
+    });
+    describe('Custom options', () => {
+        it('should accept custom maxAge (5 minutes)', () => {
+            const timestamp = NOW - 3 * ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, {
+                now: NOW,
+                maxAge: 5 * ONE_MINUTE,
+            });
+            expect(result.valid).toBe(true);
+        });
+        it('should reject with custom maxAge (30 seconds)', () => {
+            const timestamp = NOW - 45 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, {
+                now: NOW,
+                maxAge: 30 * 1000,
+            });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too old');
+        });
+        it('should accept custom clockSkewTolerance (2 minutes)', () => {
+            const timestamp = NOW + 90 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, {
+                now: NOW,
+                clockSkewTolerance: 2 * ONE_MINUTE,
+            });
+            expect(result.valid).toBe(true);
+        });
+        it('should reject with custom clockSkewTolerance (30 seconds)', () => {
+            const timestamp = NOW + 45 * 1000;
+            const result = validateHandshakeTimestamp(timestamp, {
+                now: NOW,
+                clockSkewTolerance: 30 * 1000,
+            });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too far in future');
+        });
+    });
+    describe('Replay attack scenarios', () => {
+        it('should prevent replay of 2-minute-old captured message', () => {
+            // Simulate attacker capturing a message and replaying it 2 minutes later
+            const capturedTimestamp = NOW - 2 * ONE_MINUTE;
+            const replayTime = NOW;
+            const result = validateHandshakeTimestamp(capturedTimestamp, { now: replayTime });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too old');
+        });
+        it('should prevent replay of 5-minute-old captured message', () => {
+            // Simulate attacker capturing a message and replaying it 5 minutes later
+            const capturedTimestamp = NOW - 5 * ONE_MINUTE;
+            const replayTime = NOW;
+            const result = validateHandshakeTimestamp(capturedTimestamp, { now: replayTime });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too old');
+        });
+        it('should allow legitimate message sent 30 seconds ago', () => {
+            // Simulate legitimate slow network (30 second delay)
+            const sentTimestamp = NOW - 30 * 1000;
+            const receiveTime = NOW;
+            const result = validateHandshakeTimestamp(sentTimestamp, { now: receiveTime });
+            expect(result.valid).toBe(true);
+        });
+        it('should prevent attacker from using far-future timestamp', () => {
+            // Attacker tries to use timestamp far in future to extend validity
+            const attackTimestamp = NOW + 10 * ONE_MINUTE;
+            const receiveTime = NOW;
+            const result = validateHandshakeTimestamp(attackTimestamp, { now: receiveTime });
+            expect(result.valid).toBe(false);
+            expect(result.error).toContain('too far in future');
+        });
+    });
+    describe('Edge cases and boundaries', () => {
+        it('should handle message at exact maxAge boundary', () => {
+            const timestamp = NOW - ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, {
+                now: NOW,
+                maxAge: ONE_MINUTE,
+            });
+            expect(result.valid).toBe(true);
+        });
+        it('should handle message at exact clockSkewTolerance boundary', () => {
+            const timestamp = NOW + ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, {
+                now: NOW,
+                clockSkewTolerance: ONE_MINUTE,
+            });
+            expect(result.valid).toBe(true);
+        });
+        it('should reject message 1ms past maxAge boundary', () => {
+            const timestamp = NOW - ONE_MINUTE - 1;
+            const result = validateHandshakeTimestamp(timestamp, {
+                now: NOW,
+                maxAge: ONE_MINUTE,
+            });
+            expect(result.valid).toBe(false);
+        });
+        it('should reject message 1ms past clockSkewTolerance boundary', () => {
+            const timestamp = NOW + ONE_MINUTE + 1;
+            const result = validateHandshakeTimestamp(timestamp, {
+                now: NOW,
+                clockSkewTolerance: ONE_MINUTE,
+            });
+            expect(result.valid).toBe(false);
+        });
+        it('should handle very recent timestamp (1ms old)', () => {
+            const timestamp = NOW - 1;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(true);
+        });
+        it('should handle very recent future timestamp (1ms ahead)', () => {
+            const timestamp = NOW + 1;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.valid).toBe(true);
+        });
+    });
+    describe('Error messages', () => {
+        it('should provide detailed error for old message', () => {
+            const timestamp = NOW - 2 * ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.error).toContain('age: 120s');
+            expect(result.error).toContain('max: 60s');
+        });
+        it('should provide detailed error for future message', () => {
+            const timestamp = NOW + 2 * ONE_MINUTE;
+            const result = validateHandshakeTimestamp(timestamp, { now: NOW });
+            expect(result.error).toContain('skew: 120s');
+            expect(result.error).toContain('max: 60s');
+        });
+        it('should provide clear error for invalid format', () => {
+            const result = validateHandshakeTimestamp('not-a-number', { now: NOW });
+            expect(result.error).toBe('Invalid timestamp format');
+        });
+    });
+});
+//# sourceMappingURL=handshake-validation.test.js.map

package/dist/proxy/__tests__/token-refresh-race.test.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Test case for token refresh race condition
+ *
+ * Scenario:
+ * 1. Network issue causes ping timeout disconnect
+ * 2. Socket.IO auto-reconnects with expired token
+ * 3. Server detects expired token, emits error, disconnects
+ * 4. Client starts async token refresh
+ * 5. OLD socket's disconnect event arrives (race condition)
+ *
+ * Expected: Client should NOT exit, should complete refresh and reconnect
+ */
+export {};
+//# sourceMappingURL=token-refresh-race.test.d.ts.map

package/dist/proxy/__tests__/token-refresh-race.test.js

@@ -0,0 +1,173 @@
+/**
+ * Test case for token refresh race condition
+ *
+ * Scenario:
+ * 1. Network issue causes ping timeout disconnect
+ * 2. Socket.IO auto-reconnects with expired token
+ * 3. Server detects expired token, emits error, disconnects
+ * 4. Client starts async token refresh
+ * 5. OLD socket's disconnect event arrives (race condition)
+ *
+ * Expected: Client should NOT exit, should complete refresh and reconnect
+ */
+import { EventEmitter } from 'events';
+// Mock Socket.IO socket
+class MockSocket extends EventEmitter {
+    constructor(auth) {
+        super();
+        this.connected = false;
+        this.disconnectReason = null;
+        this.auth = auth;
+    }
+    connect() {
+        this.connected = true;
+        setTimeout(() => this.emit('connect'), 10);
+    }
+    disconnect() {
+        this.connected = false;
+        if (this.disconnectReason) {
+            setTimeout(() => this.emit('disconnect', this.disconnectReason), 10);
+        }
+    }
+    // Simulate server disconnect
+    simulateServerDisconnect(reason = 'io server disconnect') {
+        this.disconnectReason = reason;
+        this.connected = false;
+        // Emit disconnect event with delay to simulate race condition
+        setTimeout(() => this.emit('disconnect', reason), 50);
+    }
+    emit(event, ...args) {
+        return super.emit(event, ...args);
+    }
+}
+describe('Token Refresh Race Condition', () => {
+    let mockSocket;
+    let processExitSpy;
+    let consoleLogSpy;
+    let consoleErrorSpy;
+    beforeEach(() => {
+        // Spy on process.exit
+        processExitSpy = jest.spyOn(process, 'exit').mockImplementation((() => {
+            throw new Error('process.exit called');
+        }));
+        // Spy on console methods
+        consoleLogSpy = jest.spyOn(console, 'log').mockImplementation();
+        consoleErrorSpy = jest.spyOn(console, 'error').mockImplementation();
+    });
+    afterEach(() => {
+        processExitSpy.mockRestore();
+        consoleLogSpy.mockRestore();
+        consoleErrorSpy.mockRestore();
+    });
+    test('should NOT exit when disconnect event arrives during token refresh', async () => {
+        // Simulate the race condition scenario
+        const events = [];
+        mockSocket = new MockSocket({ firebaseToken: 'expired-token' });
+        // Step 1: Simulate ping timeout
+        events.push('ping timeout');
+        mockSocket.emit('disconnect', 'ping timeout');
+        // Step 2: Simulate auto-reconnect with expired token
+        await new Promise(resolve => setTimeout(resolve, 20));
+        events.push('reconnect attempt');
+        // Step 3: Server detects expired token, emits error
+        events.push('server error: expired_firebase_token');
+        mockSocket.emit('error', {
+            code: 'expired_firebase_token',
+            message: 'Firebase token has expired'
+        });
+        // Step 4: Start async token refresh (takes time)
+        const tokenRefreshPromise = new Promise(resolve => {
+            events.push('token refresh started');
+            setTimeout(() => {
+                events.push('token refresh completed');
+                resolve();
+            }, 100); // Simulates async refresh delay
+        });
+        // Step 5: Server disconnects (OLD socket disconnect event)
+        // This arrives DURING or AFTER token refresh
+        setTimeout(() => {
+            events.push('disconnect event received (io server disconnect)');
+            mockSocket.simulateServerDisconnect('io server disconnect');
+        }, 30); // Arrives during refresh
+        // Wait for token refresh to complete
+        await tokenRefreshPromise;
+        // Give time for disconnect event to be processed
+        await new Promise(resolve => setTimeout(resolve, 100));
+        // Verify the sequence of events
+        console.log('\nEvent sequence:', events);
+        // CRITICAL: process.exit should NOT have been called
+        expect(processExitSpy).not.toHaveBeenCalled();
+        // Verify events occurred in problematic order
+        const disconnectIndex = events.indexOf('disconnect event received (io server disconnect)');
+        const refreshCompletedIndex = events.indexOf('token refresh completed');
+        // This test verifies the race condition scenario
+        expect(disconnectIndex).toBeGreaterThan(-1);
+        expect(refreshCompletedIndex).toBeGreaterThan(-1);
+    });
+    test('should handle disconnect after refresh completes but before new connection', async () => {
+        const events = [];
+        mockSocket = new MockSocket({ firebaseToken: 'expired-token' });
+        // Token refresh completes
+        events.push('token refresh completed');
+        // New connection starts (but hasn't authenticated yet)
+        events.push('new connection starting');
+        // OLD socket disconnect event arrives NOW (worst case timing)
+        setTimeout(() => {
+            events.push('OLD socket disconnect event');
+            mockSocket.emit('disconnect', 'io server disconnect');
+        }, 10);
+        await new Promise(resolve => setTimeout(resolve, 50));
+        // Should NOT exit - the disconnect is from the OLD socket
+        expect(processExitSpy).not.toHaveBeenCalled();
+    });
+    test('should differentiate between old and new socket disconnect events', async () => {
+        // This test verifies we need to track which socket emitted the disconnect
+        const oldSocket = new MockSocket({ firebaseToken: 'expired-token' });
+        const newSocket = new MockSocket({ firebaseToken: 'fresh-token' });
+        const events = [];
+        // Setup handlers for both sockets
+        oldSocket.on('disconnect', (reason) => {
+            events.push(`OLD socket disconnected: ${reason}`);
+            // This should be ignored during token refresh
+        });
+        newSocket.on('disconnect', (reason) => {
+            events.push(`NEW socket disconnected: ${reason}`);
+            // This should trigger exit
+        });
+        // Simulate token refresh scenario
+        oldSocket.emit('disconnect', 'io server disconnect'); // Should be ignored
+        await new Promise(resolve => setTimeout(resolve, 10));
+        newSocket.emit('disconnect', 'io server disconnect'); // Should trigger exit
+        expect(events).toEqual([
+            'OLD socket disconnected: io server disconnect',
+            'NEW socket disconnected: io server disconnect'
+        ]);
+        // The implementation needs to distinguish between these
+    });
+});
+describe('Proposed Server-Side Fix', () => {
+    test('server should NOT disconnect on expired token during reconnection', () => {
+        // Proposed behavior:
+        // 1. Server detects expired token
+        // 2. Server emits error event (expired_firebase_token)
+        // 3. Server does NOT disconnect
+        // 4. Client refreshes token
+        // 5. Client updates socket.auth
+        // 6. Client re-authenticates without reconnecting
+        const proposedServerBehavior = {
+            onExpiredTokenDuringReconnect: (socket) => {
+                // Current (problematic):
+                // socket.emit('error', { code: 'expired_firebase_token' })
+                // socket.disconnect(false)  ❌ This causes the race condition
+                // Proposed:
+                socket.emit('error', {
+                    code: 'expired_firebase_token',
+                    message: 'Please refresh your token and re-authenticate'
+                });
+                // Don't disconnect - let client handle it
+            }
+        };
+        expect(proposedServerBehavior).toBeDefined();
+    });
+});
+//# sourceMappingURL=token-refresh-race.test.js.map