// ================================================================= // pw-session.jsx — session management for the Operator Dashboard. // // window.__session — singleton: { token, user, issuedAt, expiresAt } // // - signIn({email, password}) → mints a session (mock) or POSTs to // the BFF /auth/session (live). // - signOut(reason) → clears session. // - auto-expiry timer + idle countdown; 401 from the API → sign-out. // - persisted in localStorage; survives refresh until it expires. // // wraps the app: no valid session → . // ================================================================= (() => { const KEY = "krafts.paywall.session.v1"; const listeners = []; const emit = () => listeners.forEach(fn => { try { fn(current); } catch (e) {} }); const subscribe = (fn) => { listeners.push(fn); return () => { const i = listeners.indexOf(fn); if (i >= 0) listeners.splice(i, 1); }; }; const load = () => { try { const r = localStorage.getItem(KEY); return r ? JSON.parse(r) : null; } catch (e) { return null; } }; const persist = () => { try { current ? localStorage.setItem(KEY, JSON.stringify(current)) : localStorage.removeItem(KEY); } catch (e) {} }; let current = load(); let timer = null; const ttlMs = () => (window.PAYWALL_API.auth.sessionTtlMinutes || 30) * 60000; const isValid = () => !!(current && current.token && current.expiresAt > Date.now()); const remainingMs = () => (current ? Math.max(0, current.expiresAt - Date.now()) : 0); const scheduleExpiry = () => { clearTimeout(timer); if (!isValid()) return; timer = setTimeout(() => { signOut("expired"); }, remainingMs()); }; const fakeToken = (email) => "sess_" + btoa(unescape(encodeURIComponent(email))).replace(/=+$/, "").slice(0, 18) + "." + Math.random().toString(36).slice(2, 10); const startSession = (user) => { const now = Date.now(); current = { token: fakeToken(user.email), user, issuedAt: now, expiresAt: now + ttlMs() }; persist(); scheduleExpiry(); emit(); return current; }; const signIn = async ({ email, password }) => { const cfg = window.PAYWALL_API; const op = window.PAYWALL_CONFIG.operator; if (window.__api.getConfig().live) { // Live: authenticate against the BFF; it returns { token, user, expires_at }. const res = await window.__api.call("signIn", { body: { email, password } }); const now = Date.now(); current = { token: res.token, user: res.user || { name: email.split("@")[0], email, roleLabel: op.roleLabel }, issuedAt: now, expiresAt: res.expires_at ? new Date(res.expires_at).getTime() : now + ttlMs(), }; persist(); scheduleExpiry(); emit(); if (current.user?.defaultRole && window.__setRole) window.__setRole(current.user.defaultRole); return current; } // Mock: accept any non-empty credentials; identity from config. await new Promise(r => setTimeout(r, 420)); const normalizedEmail = email.trim().toLowerCase(); const demo = (window.PAYWALL_CONFIG.demoUsers || []).find(u => [u.email, u.username].filter(Boolean).map(v => v.toLowerCase()).includes(normalizedEmail) && (!u.password || u.password === password)); const known = normalizedEmail === op.email.toLowerCase(); if (demo?.defaultRole && window.__setRole) window.__setRole(demo.defaultRole); if (known && op.defaultRole && window.__setRole) window.__setRole(op.defaultRole); return startSession(demo ? { ...demo, password: undefined } : known ? { ...op } : { name: email.split("@")[0].replace(/[._]/g, " ").replace(/\b\w/g, c => c.toUpperCase()), email: email.trim(), roleLabel: op.roleLabel, defaultRole: "operator" }); }; const extend = () => { if (current) { current.expiresAt = Date.now() + ttlMs(); persist(); scheduleExpiry(); emit(); } }; const signOut = async (reason) => { if (window.__api.getConfig().live && current) { try { await window.__api.call("signOut"); } catch (e) {} } current = null; clearTimeout(timer); persist(); emit(); if (reason === "expired") window.__toast && window.__toast("Session expired — please sign in again", "warn"); else if (reason) window.__toast && window.__toast("Signed out"); }; // 401/403 from the API → force sign-out. window.__api.on("authError", () => { if (isValid()) signOut("expired"); }); if (isValid()) scheduleExpiry(); window.__session = { get: () => current, isValid, remainingMs, signIn, signOut, extend, subscribe }; // React hook window.useSession = () => { const [s, setS] = React.useState(current); React.useEffect(() => window.__session.subscribe(setS), []); return { session: s, valid: isValid(), remainingMs, signIn, signOut, extend }; }; })(); // ================================================================= // Sign-in screen // ================================================================= const SignInScreen = () => { const cfg = window.PAYWALL_CONFIG; const [email, setEmail] = React.useState(""); const [password, setPassword] = React.useState(""); const [show, setShow] = React.useState(false); const [busy, setBusy] = React.useState(false); const [err, setErr] = React.useState(""); const submit = async (e, override) => { e && e.preventDefault(); const credentials = override || { email, password }; if (!credentials.email.trim() || !credentials.password) { setErr("Enter your email and password."); return; } setBusy(true); setErr(""); try { await window.__session.signIn(credentials); } catch (e2) { setErr(e2.message || "Sign-in failed."); setBusy(false); } }; return (

); }; // ================================================================= // Session gate — show the app only with a valid session. // ================================================================= const SessionGate = ({ children }) => { const { valid } = useSession(); return valid ? children : ; }; Object.assign(window, { SignInScreen, SessionGate });

Sign in to DropCap