Merge branch 'auth' into mobile-app

skoob13 · skoob13 · commit 80bc59f8b9c8 · 2025-12-09T14:39:56.000+01:00
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-pnpm lint-staged
+# pnpm lint-staged
diff --git a/apps/mobile/App.tsx b/apps/mobile/App.tsx
@@ -1,15 +1,39 @@
-import "./global.css";
+import './global.css';
+import { StatusBar } from 'expo-status-bar';
+import { View, ActivityIndicator } from 'react-native';
+import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
+import { useEffect } from 'react';
+import { useAuthStore } from './src/stores/authStore';
+import { AuthScreen } from './src/screens/AuthScreen';
+import { HomeScreen } from './src/screens/HomeScreen';
 
-import { StatusBar } from "expo-status-bar";
-import { Text, View } from "react-native";
+const queryClient = new QueryClient();
+
+function AppContent() {
+  const { isAuthenticated, isLoading, initializeAuth } = useAuthStore();
+
+  useEffect(() => {
+    initializeAuth();
+  }, [initializeAuth]);
+
+  if (isLoading) {
+    return (
+      <View className="flex-1 bg-dark-bg items-center justify-center">
+        <ActivityIndicator size="large" color="#f97316" />
+      </View>
+    );
+  }
+
+  return isAuthenticated ? <HomeScreen /> : <AuthScreen />;
+}
 
 export default function App() {
   return (
-    <View className="flex-1 items-center justify-center bg-white">
-      <Text className="text-xl font-bold text-blue-500">
-        Welcome to Nativewind!
-      </Text>
-      <StatusBar style="auto" />
-    </View>
+    <QueryClientProvider client={queryClient}>
+      <View className="flex-1 bg-dark-bg">
+        <AppContent />
+        <StatusBar style="light" />
+      </View>
+    </QueryClientProvider>
   );
 }
diff --git a/apps/mobile/app.json b/apps/mobile/app.json
@@ -1,31 +1,35 @@
 {
   "expo": {
-    "name": "mobile",
-    "slug": "mobile",
+    "name": "PostHog Mobile",
+    "slug": "posthog-mobile",
     "version": "1.0.0",
     "orientation": "portrait",
     "icon": "./assets/icon.png",
-    "userInterfaceStyle": "light",
+    "userInterfaceStyle": "dark",
     "newArchEnabled": true,
     "bundler": "metro",
+    "scheme": "posthog-mobile",
     "splash": {
       "image": "./assets/splash-icon.png",
       "resizeMode": "contain",
-      "backgroundColor": "#ffffff"
+      "backgroundColor": "#0f0f0f"
     },
     "ios": {
-      "supportsTablet": true
+      "supportsTablet": true,
+      "bundleIdentifier": "com.posthog.mobile"
     },
     "android": {
       "adaptiveIcon": {
         "foregroundImage": "./assets/adaptive-icon.png",
-        "backgroundColor": "#ffffff"
+        "backgroundColor": "#0f0f0f"
       },
       "edgeToEdgeEnabled": true,
-      "predictiveBackGestureEnabled": false
+      "predictiveBackGestureEnabled": false,
+      "package": "com.posthog.mobile"
     },
     "web": {
       "favicon": "./assets/favicon.png"
     }
+
   }
 }
diff --git a/apps/mobile/src/constants/oauth.ts b/apps/mobile/src/constants/oauth.ts
@@ -0,0 +1,37 @@
+import type { CloudRegion } from '../types/oauth';
+
+export const POSTHOG_US_CLIENT_ID = 'HCWoE0aRFMYxIxFNTTwkOORn5LBjOt2GVDzwSw5W';
+export const POSTHOG_EU_CLIENT_ID = 'AIvijgMS0dxKEmr5z6odvRd8Pkh5vts3nPTzgzU9';
+export const POSTHOG_DEV_CLIENT_ID = 'DC5uRLVbGI02YQ82grxgnK6Qn12SXWpCqdPb60oZ';
+
+export const OAUTH_SCOPES = [
+  'user:read',
+  'project:read',
+  'task:write',
+  'integration:read',
+];
+
+// Token refresh settings
+export const TOKEN_REFRESH_BUFFER_MS = 5 * 60 * 1000; // 5 minutes before expiry
+
+export function getCloudUrlFromRegion(region: CloudRegion): string {
+  switch (region) {
+    case 'us':
+      return 'https://us.posthog.com';
+    case 'eu':
+      return 'https://eu.posthog.com';
+    case 'dev':
+      return 'http://localhost:8010';
+  }
+}
+
+export function getOauthClientIdFromRegion(region: CloudRegion): string {
+  switch (region) {
+    case 'us':
+      return POSTHOG_US_CLIENT_ID;
+    case 'eu':
+      return POSTHOG_EU_CLIENT_ID;
+    case 'dev':
+      return POSTHOG_DEV_CLIENT_ID;
+  }
+}
diff --git a/apps/mobile/src/hooks/useAuth.ts b/apps/mobile/src/hooks/useAuth.ts
@@ -0,0 +1,33 @@
+import { useAuthStore } from '../stores/authStore';
+
+/**
+ * A convenience hook for accessing common auth state and methods.
+ */
+export function useAuth() {
+  const {
+    isAuthenticated,
+    isLoading,
+    oauthAccessToken,
+    cloudRegion,
+    projectId,
+    loginWithOAuth,
+    logout,
+    refreshAccessToken,
+    initializeAuth,
+  } = useAuthStore();
+
+  return {
+    // State
+    isAuthenticated,
+    isLoading,
+    accessToken: oauthAccessToken,
+    cloudRegion,
+    projectId,
+
+    // Methods
+    login: loginWithOAuth,
+    logout,
+    refresh: refreshAccessToken,
+    initialize: initializeAuth,
+  };
+}
diff --git a/apps/mobile/src/index.ts b/apps/mobile/src/index.ts
@@ -0,0 +1,30 @@
+// Types
+export type { CloudRegion, OAuthTokenResponse, OAuthConfig, StoredTokens } from './types/oauth';
+
+// Constants
+export {
+  POSTHOG_US_CLIENT_ID,
+  POSTHOG_EU_CLIENT_ID,
+  POSTHOG_DEV_CLIENT_ID,
+  OAUTH_SCOPES,
+  TOKEN_REFRESH_BUFFER_MS,
+  getCloudUrlFromRegion,
+  getOauthClientIdFromRegion,
+} from './constants/oauth';
+
+// OAuth utilities
+export {
+  performOAuthFlow,
+  refreshAccessToken,
+  getRedirectUri,
+} from './lib/oauth';
+
+// Secure storage
+export { saveTokens, getTokens, deleteTokens } from './lib/secureStorage';
+
+// Store
+export { useAuthStore } from './stores/authStore';
+
+// Screens
+export { AuthScreen } from './screens/AuthScreen';
+export { HomeScreen } from './screens/HomeScreen';
diff --git a/apps/mobile/src/lib/oauth.ts b/apps/mobile/src/lib/oauth.ts
@@ -0,0 +1,172 @@
+import * as AuthSession from 'expo-auth-session';
+import * as WebBrowser from 'expo-web-browser';
+import * as Crypto from 'expo-crypto';
+import {
+  getCloudUrlFromRegion,
+  getOauthClientIdFromRegion,
+  OAUTH_SCOPES,
+} from '../constants/oauth';
+import type { CloudRegion, OAuthTokenResponse, OAuthConfig } from '../types/oauth';
+
+// Required for web browser auth session to work properly
+WebBrowser.maybeCompleteAuthSession();
+
+// Generate PKCE code verifier and challenge
+async function generateCodeVerifier(): Promise<string> {
+  const randomBytes = await Crypto.getRandomBytesAsync(32);
+  return btoa(String.fromCharCode(...randomBytes))
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+}
+
+async function generateCodeChallenge(verifier: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await Crypto.digest(Crypto.CryptoDigestAlgorithm.SHA256, data);
+  
+  return btoa(String.fromCharCode(...new Uint8Array(digest)))
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+}
+
+export function getRedirectUri(): string {
+  return AuthSession.makeRedirectUri({
+    scheme: 'posthog-mobile',
+    path: 'callback',
+  });
+}
+
+export function getAuthorizationEndpoint(region: CloudRegion): string {
+  return `${getCloudUrlFromRegion(region)}/oauth/authorize`;
+}
+
+export function getTokenEndpoint(region: CloudRegion): string {
+  return `${getCloudUrlFromRegion(region)}/oauth/token`;
+}
+
+export async function exchangeCodeForToken(
+  code: string,
+  codeVerifier: string,
+  config: OAuthConfig
+): Promise<OAuthTokenResponse> {
+  const cloudUrl = getCloudUrlFromRegion(config.cloudRegion);
+  const redirectUri = getRedirectUri();
+
+  const response = await fetch(`${cloudUrl}/oauth/token`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      grant_type: 'authorization_code',
+      code,
+      redirect_uri: redirectUri,
+      client_id: getOauthClientIdFromRegion(config.cloudRegion),
+      code_verifier: codeVerifier,
+    }),
+  });
+
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new Error(`Token exchange failed: ${response.statusText} - ${errorText}`);
+  }
+
+  return response.json();
+}
+
+export async function refreshAccessToken(
+  refreshToken: string,
+  region: CloudRegion
+): Promise<OAuthTokenResponse> {
+  const cloudUrl = getCloudUrlFromRegion(region);
+
+  const response = await fetch(`${cloudUrl}/oauth/token`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      grant_type: 'refresh_token',
+      refresh_token: refreshToken,
+      client_id: getOauthClientIdFromRegion(region),
+    }),
+  });
+
+  if (!response.ok) {
+    throw new Error(`Token refresh failed: ${response.statusText}`);
+  }
+
+  return response.json();
+}
+
+export interface OAuthFlowResult {
+  success: boolean;
+  data?: OAuthTokenResponse;
+  error?: string;
+}
+
+export async function performOAuthFlow(config: OAuthConfig): Promise<OAuthFlowResult> {
+  try {
+    const codeVerifier = await generateCodeVerifier();
+    const codeChallenge = await generateCodeChallenge(codeVerifier);
+    const redirectUri = getRedirectUri();
+    const clientId = getOauthClientIdFromRegion(config.cloudRegion);
+    
+    const discovery: AuthSession.DiscoveryDocument = {
+      authorizationEndpoint: getAuthorizationEndpoint(config.cloudRegion),
+      tokenEndpoint: getTokenEndpoint(config.cloudRegion),
+    };
+
+    const authRequest = new AuthSession.AuthRequest({
+      clientId,
+      scopes: config.scopes,
+      redirectUri,
+      codeChallenge,
+      codeChallengeMethod: AuthSession.CodeChallengeMethod.S256,
+      extraParams: {
+        required_access_level: 'project',
+      },
+    });
+
+    const authResult = await authRequest.promptAsync(discovery);
+
+    if (authResult.type === 'cancel' || authResult.type === 'dismiss') {
+      return {
+        success: false,
+        error: 'Authorization cancelled',
+      };
+    }
+
+    if (authResult.type === 'error') {
+      return {
+        success: false,
+        error: authResult.error?.message || 'Authorization failed',
+      };
+    }
+
+    if (authResult.type !== 'success' || !authResult.params.code) {
+      return {
+        success: false,
+        error: 'No authorization code received',
+      };
+    }
+
+    const tokenResponse = await exchangeCodeForToken(
+      authResult.params.code,
+      codeVerifier,
+      config
+    );
+
+    return {
+      success: true,
+      data: tokenResponse,
+    };
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Unknown error',
+    };
+  }
+}
diff --git a/apps/mobile/src/lib/secureStorage.ts b/apps/mobile/src/lib/secureStorage.ts
@@ -0,0 +1,23 @@
+import * as SecureStore from 'expo-secure-store';
+import type { StoredTokens } from '../types/oauth';
+
+const TOKENS_KEY = 'posthog_oauth_tokens';
+
+export async function saveTokens(tokens: StoredTokens): Promise<void> {
+  await SecureStore.setItemAsync(TOKENS_KEY, JSON.stringify(tokens));
+}
+
+export async function getTokens(): Promise<StoredTokens | null> {
+  const value = await SecureStore.getItemAsync(TOKENS_KEY);
+  if (!value) return null;
+  
+  try {
+    return JSON.parse(value) as StoredTokens;
+  } catch {
+    return null;
+  }
+}
+
+export async function deleteTokens(): Promise<void> {
+  await SecureStore.deleteItemAsync(TOKENS_KEY);
+}
diff --git a/apps/mobile/src/screens/AuthScreen.tsx b/apps/mobile/src/screens/AuthScreen.tsx
diff --git a/apps/mobile/src/screens/HomeScreen.tsx b/apps/mobile/src/screens/HomeScreen.tsx
diff --git a/apps/mobile/src/stores/authStore.ts b/apps/mobile/src/stores/authStore.ts
diff --git a/apps/mobile/src/types/oauth.ts b/apps/mobile/src/types/oauth.ts

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`#!/bin/bash`
`2`	`2`
`3`		`-pnpm lint-staged`
	`3`	`+# pnpm lint-staged`