TSDoc and tests

Author: jacekradko

packages/clerk-js/src/core/auth/AuthCookieService.ts

@@ -48,6 +48,9 @@ export class AuthCookieService {
   private devBrowser: DevBrowser;
   private poller: SessionCookiePoller | null = null;
   private sessionCookie: SessionCookieHandler;
+  /**
+   * Shared lock for coordinating token refresh operations across tabs
+   */
   private tokenRefreshLock: SafeLockReturn;
 
   public static async create(

packages/clerk-js/src/core/auth/SessionCookiePoller.ts

@@ -6,6 +6,24 @@ import { SafeLock } from './safeLock';
 export const REFRESH_SESSION_TOKEN_LOCK_KEY = 'clerk.lock.refreshSessionToken';
 const INTERVAL_IN_MS = 5 * 1_000;
 
+/**
+ * Polls for session token refresh at regular intervals with cross-tab coordination.
+ *
+ * @example
+ * ```typescript
+ * // Create a shared lock for coordination with focus handlers
+ * const sharedLock = SafeLock(REFRESH_SESSION_TOKEN_LOCK_KEY);
+ *
+ * // Poller uses the shared lock
+ * const poller = new SessionCookiePoller(sharedLock);
+ * poller.startPollingForSessionToken(() => refreshToken());
+ *
+ * // Focus handler can use the same lock to prevent races
+ * window.addEventListener('focus', () => {
+ *   sharedLock.acquireLockAndRun(() => refreshToken());
+ * });
+ * ```
+ */
 export class SessionCookiePoller {
   private lock: SafeLockReturn;
   private workerTimers = createWorkerTimers();

packages/clerk-js/src/core/auth/__tests__/SessionCookiePoller.test.ts

@@ -0,0 +1,146 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+
+import type { SafeLockReturn } from '../safeLock';
+import { SessionCookiePoller } from '../SessionCookiePoller';
+
+describe('SessionCookiePoller', () => {
+  beforeEach(() => {
+    vi.useFakeTimers();
+  });
+
+  afterEach(() => {
+    vi.useRealTimers();
+    vi.restoreAllMocks();
+  });
+
+  describe('shared lock coordination', () => {
+    it('accepts an external lock for coordination with other components', () => {
+      const sharedLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockResolvedValue(undefined),
+      };
+
+      const poller = new SessionCookiePoller(sharedLock);
+      const callback = vi.fn().mockResolvedValue(undefined);
+
+      poller.startPollingForSessionToken(callback);
+
+      // Verify the shared lock is used
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledWith(callback);
+
+      poller.stopPollingForSessionToken();
+    });
+
+    it('creates internal lock when none provided (backward compatible)', () => {
+      // Should not throw when no lock is provided
+      const poller = new SessionCookiePoller();
+      expect(poller).toBeInstanceOf(SessionCookiePoller);
+    });
+
+    it('enables focus handler and poller to share the same lock', () => {
+      // This test demonstrates the shared lock pattern used in AuthCookieService
+      const sharedLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockImplementation(async (cb: () => Promise<unknown>) => {
+          return cb();
+        }),
+      };
+
+      const poller = new SessionCookiePoller(sharedLock);
+      const pollerCallback = vi.fn().mockResolvedValue('poller-result');
+
+      // Poller uses the shared lock
+      poller.startPollingForSessionToken(pollerCallback);
+
+      // Simulate focus handler also using the shared lock (like AuthCookieService does)
+      const focusCallback = vi.fn().mockResolvedValue('focus-result');
+      void sharedLock.acquireLockAndRun(focusCallback);
+
+      // Both should use the same lock instance
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledTimes(2);
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledWith(pollerCallback);
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledWith(focusCallback);
+
+      poller.stopPollingForSessionToken();
+    });
+  });
+
+  describe('startPollingForSessionToken', () => {
+    it('executes callback immediately on start', () => {
+      const sharedLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockResolvedValue(undefined),
+      };
+
+      const poller = new SessionCookiePoller(sharedLock);
+      const callback = vi.fn().mockResolvedValue(undefined);
+
+      poller.startPollingForSessionToken(callback);
+
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledWith(callback);
+
+      poller.stopPollingForSessionToken();
+    });
+
+    it('prevents multiple concurrent polling sessions', () => {
+      const sharedLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockResolvedValue(undefined),
+      };
+
+      const poller = new SessionCookiePoller(sharedLock);
+      const callback = vi.fn().mockResolvedValue(undefined);
+
+      poller.startPollingForSessionToken(callback);
+      poller.startPollingForSessionToken(callback); // Second call should be ignored
+
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledTimes(1);
+
+      poller.stopPollingForSessionToken();
+    });
+  });
+
+  describe('stopPollingForSessionToken', () => {
+    it('allows restart after stop', async () => {
+      const sharedLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockResolvedValue(undefined),
+      };
+
+      const poller = new SessionCookiePoller(sharedLock);
+      const callback = vi.fn().mockResolvedValue(undefined);
+
+      // Start and stop
+      poller.startPollingForSessionToken(callback);
+      poller.stopPollingForSessionToken();
+
+      // Clear mock to check restart
+      vi.mocked(sharedLock.acquireLockAndRun).mockClear();
+
+      // Should be able to start again
+      poller.startPollingForSessionToken(callback);
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledTimes(1);
+
+      poller.stopPollingForSessionToken();
+    });
+  });
+
+  describe('polling interval', () => {
+    it('schedules next poll after callback completes', async () => {
+      const sharedLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockResolvedValue(undefined),
+      };
+
+      const poller = new SessionCookiePoller(sharedLock);
+      const callback = vi.fn().mockResolvedValue(undefined);
+
+      poller.startPollingForSessionToken(callback);
+
+      // Initial call
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledTimes(1);
+
+      // Wait for first interval (5 seconds)
+      await vi.advanceTimersByTimeAsync(5000);
+
+      // Should have scheduled another call
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledTimes(2);
+
+      poller.stopPollingForSessionToken();
+    });
+  });
+});

packages/clerk-js/src/core/auth/__tests__/safeLock.test.ts

@@ -0,0 +1,106 @@
+import { describe, expect, it, vi } from 'vitest';
+
+import type { SafeLockReturn } from '../safeLock';
+import { SafeLock } from '../safeLock';
+
+describe('SafeLock', () => {
+  describe('interface contract', () => {
+    it('returns SafeLockReturn interface with acquireLockAndRun method', () => {
+      const lock = SafeLock('test-interface');
+
+      expect(lock).toHaveProperty('acquireLockAndRun');
+      expect(typeof lock.acquireLockAndRun).toBe('function');
+    });
+
+    it('SafeLockReturn type allows creating mock implementations', () => {
+      // This test verifies the type interface works correctly for mocking
+      const mockLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockResolvedValue('mock-result'),
+      };
+
+      expect(mockLock.acquireLockAndRun).toBeDefined();
+    });
+  });
+
+  describe('Web Locks API path', () => {
+    it('uses Web Locks API when available in secure context', async () => {
+      // Skip if Web Locks not available (like in jsdom without polyfill)
+      if (!('locks' in navigator) || !navigator.locks) {
+        return;
+      }
+
+      const clearTimeoutSpy = vi.spyOn(globalThis, 'clearTimeout');
+      const lock = SafeLock('test-weblocks-' + Date.now());
+      const callback = vi.fn().mockResolvedValue('web-locks-result');
+
+      const result = await lock.acquireLockAndRun(callback);
+
+      expect(callback).toHaveBeenCalled();
+      expect(result).toBe('web-locks-result');
+      // Verify cleanup happened
+      expect(clearTimeoutSpy).toHaveBeenCalled();
+
+      clearTimeoutSpy.mockRestore();
+    });
+  });
+
+  describe('shared lock pattern', () => {
+    it('allows multiple components to share a lock via SafeLockReturn interface', async () => {
+      // This demonstrates how AuthCookieService shares a lock between poller and focus handler
+      const executionLog: string[] = [];
+
+      const sharedLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockImplementation(async (cb: () => Promise<unknown>) => {
+          executionLog.push('lock-acquired');
+          const result = await cb();
+          executionLog.push('lock-released');
+          return result;
+        }),
+      };
+
+      // Simulate poller using the lock
+      await sharedLock.acquireLockAndRun(() => {
+        executionLog.push('poller-callback');
+        return Promise.resolve('poller-done');
+      });
+
+      // Simulate focus handler using the same lock
+      await sharedLock.acquireLockAndRun(() => {
+        executionLog.push('focus-callback');
+        return Promise.resolve('focus-done');
+      });
+
+      expect(executionLog).toEqual([
+        'lock-acquired',
+        'poller-callback',
+        'lock-released',
+        'lock-acquired',
+        'focus-callback',
+        'lock-released',
+      ]);
+    });
+
+    it('mock lock can simulate sequential execution', async () => {
+      const results: string[] = [];
+
+      // Create a mock that simulates sequential lock behavior
+      const sharedLock: SafeLockReturn = {
+        acquireLockAndRun: vi.fn().mockImplementation(async (cb: () => Promise<unknown>) => {
+          const result = await cb();
+          results.push(result as string);
+          return result;
+        }),
+      };
+
+      // Both "tabs" try to refresh
+      const promise1 = sharedLock.acquireLockAndRun(() => Promise.resolve('tab1-result'));
+      const promise2 = sharedLock.acquireLockAndRun(() => Promise.resolve('tab2-result'));
+
+      await Promise.all([promise1, promise2]);
+
+      expect(results).toContain('tab1-result');
+      expect(results).toContain('tab2-result');
+      expect(sharedLock.acquireLockAndRun).toHaveBeenCalledTimes(2);
+    });
+  });
+});

packages/clerk-js/src/core/auth/safeLock.ts

@@ -1,13 +1,45 @@
 import Lock from 'browser-tabs-lock';
 
+/**
+ * Return type for SafeLock providing cross-tab lock coordination.
+ */
 export interface SafeLockReturn {
+  /**
+   * Acquires a cross-tab lock and executes the callback while holding it.
+   * Other tabs attempting to acquire the same lock will wait until this callback completes.
+   *
+   * @param cb - Async callback to execute while holding the lock
+   * @returns The callback's return value, or `false` if lock acquisition times out
+   */
   acquireLockAndRun: (cb: () => Promise<unknown>) => Promise<unknown>;
 }
 
+/**
+ * Creates a cross-tab lock mechanism for coordinating exclusive operations across browser tabs.
+ *
+ * This is used to prevent multiple tabs from performing the same operation simultaneously,
+ * such as refreshing session tokens. When one tab holds the lock, other tabs will wait
+ * until the lock is released before proceeding.
+ *
+ * @param key - Shared identifier for the lock
+ * @returns SafeLockReturn with acquireLockAndRun method
+ *
+ * @example
+ * ```typescript
+ * const tokenLock = SafeLock('clerk.lock.refreshToken');
+ *
+ * // In Tab 1:
+ * await tokenLock.acquireLockAndRun(async () => {
+ *   await refreshToken(); // Only one tab executes this at a time
+ * });
+ *
+ * // Tab 2 will wait for Tab 1 to finish before executing its callback
+ * ```
+ */
 export function SafeLock(key: string): SafeLockReturn {
   const lock = new Lock();
 
-  // TODO: Figure out how to fix this linting error
+  // Release any held locks when the tab is closing to prevent deadlocks
   // eslint-disable-next-line @typescript-eslint/no-misused-promises
   window.addEventListener('beforeunload', async () => {
     await lock.releaseLock(key);
@@ -17,13 +49,15 @@ export function SafeLock(key: string): SafeLockReturn {
     if ('locks' in navigator && isSecureContext) {
       const controller = new AbortController();
       const lockTimeout = setTimeout(() => controller.abort(), 4999);
+
       return await navigator.locks
         .request(key, { signal: controller.signal }, async () => {
           clearTimeout(lockTimeout);
           return await cb();
         })
         .catch(() => {
-          // browser-tabs-lock never seems to throw, so we are mirroring the behavior here
+          // Lock request was aborted (timeout) or failed
+          // Return false to indicate lock was not acquired (matches browser-tabs-lock behavior)
           return false;
         });
     }
@@ -35,6 +69,8 @@ export function SafeLock(key: string): SafeLockReturn {
         await lock.releaseLock(key);
       }
     }
+
+    return false;
   };
 
   return { acquireLockAndRun };