Merge pull request #890 from tkhq/ethan/arnaud-comments

Addressed comments and updated session expiration logic

Author: ethankonk

packages/core/src/__clients__/core.ts

@@ -1083,3 +1083,14 @@ export async function assertValidP256ECDSAKeyPair(
     );
   }
 }
+
+export function isValidPasskeyName(name: string): string {
+  const nameRegex = /^[a-zA-Z0-9 _\-:\/]{1,64}$/;
+  if (!nameRegex.test(name)) {
+    throw new TurnkeyError(
+      "Passkey name must be 1-64 characters and only contain letters, numbers, spaces, dashes, underscores, colons, or slashes.",
+      TurnkeyErrorCodes.INVALID_REQUEST,
+    );
+  }
+  return name;
+}

packages/core/src/utils.ts

@@ -24,7 +24,7 @@ import { DeveloperError } from "../design/Failure";
 import { useModal } from "../../providers/modal/Hook";
 import { useTurnkey } from "../../providers/client/Hook";
 import { ClientState } from "../../types/base";
-import { isWalletConnect } from "@utils";
+import { isWalletConnect } from "../../utils/utils";
 
 export function AuthComponent() {
   const {

packages/react-wallet-kit/src/components/auth/index.tsx

@@ -8,7 +8,7 @@ import { useTurnkey } from "../../providers/client/Hook";
 import { ActionPage } from "../auth/Action";
 import { SuccessPage } from "../design/Success";
 import type { WalletProvider } from "@turnkey/core";
-import { isWalletConnect } from "@utils";
+import { isWalletConnect } from "../../utils/utils";
 
 interface LinkWalletModalProps {
   providers: WalletProvider[];

packages/react-wallet-kit/src/components/user/LinkWallet.tsx

@@ -17,7 +17,14 @@ import {
   useDebouncedCallback,
   useWalletProviderState,
   withTurnkeyErrorHandling,
-} from "../../utils";
+} from "../../utils/utils";
+import {
+  type TimerMap,
+  clearKey,
+  clearAll,
+  setCappedTimeoutInMap,
+  setTimeoutInMap,
+} from "../../utils/timers";
 import {
   Chain,
   CreateSubOrgParams,
@@ -146,7 +153,7 @@ export const ClientProvider: React.FC<ClientProviderProps> = ({
   // this is so our useEffect that calls `initializeWalletProviderListeners()` only runs when it needs to
   const [walletProviders, setWalletProviders] = useWalletProviderState();
 
-  const expiryTimeoutsRef = useRef<Record<string, NodeJS.Timeout>>({});
+  const expiryTimeoutsRef = useRef<TimerMap>({});
   const proxyAuthConfigRef = useRef<ProxyTGetWalletKitConfigResponse | null>(
     null,
   );
@@ -648,43 +655,42 @@ export const ClientProvider: React.FC<ClientProviderProps> = ({
 
   /**
    * @internal
-   * Schedules a session expiration and warning timeout for the given session key.
+   * Schedules a session expiration and warning timer for the given session key.
    *
-   * - This function sets up two timeouts: one for warning before the session expires and another to expire the session.
-   * - The warning timeout is set to trigger before the session expires, allowing for actions like refreshing the session.
-   * - The expiration timeout clears the session and triggers any necessary callbacks.
+   * - Sets up two timers: one for warning before expiry and one for actual expiry.
+   * - Uses capped timeouts under the hood so delays > 24.8 days are safe (see utils/timers.ts).
    *
    * @param params.sessionKey - The key of the session to schedule expiration for.
-   * @param params.expiry - The expiration time in seconds for the session.
+   * @param params.expiry - The expiration time in seconds since epoch.
    * @throws {TurnkeyError} If an error occurs while scheduling the session expiration.
    */
   async function scheduleSessionExpiration(params: {
     sessionKey: string;
-    expiry: number;
+    expiry: number; // seconds since epoch
   }) {
     const { sessionKey, expiry } = params;
 
     try {
-      // Clear any existing timeout for this session key
-      if (expiryTimeoutsRef.current[sessionKey]) {
-        clearTimeout(expiryTimeoutsRef.current[sessionKey]);
-        delete expiryTimeoutsRef.current[sessionKey];
-      }
+      const warnKey = `${sessionKey}-warning`;
 
-      if (expiryTimeoutsRef.current[`${sessionKey}-warning`]) {
-        clearTimeout(expiryTimeoutsRef.current[`${sessionKey}-warning`]);
-        delete expiryTimeoutsRef.current[`${sessionKey}-warning`];
-      }
+      // Replace any prior timers for this session
+      clearKey(expiryTimeoutsRef.current, sessionKey);
+      clearKey(expiryTimeoutsRef.current, warnKey);
 
-      const timeUntilExpiry = expiry * 1000 - Date.now();
+      const now = Date.now();
+      const expiryMs = expiry * 1000;
+      const timeUntilExpiry = expiryMs - now;
 
       const beforeExpiry = async () => {
         const activeSession = await getSession();
-        if (!activeSession && expiryTimeoutsRef.current[sessionKey]) {
-          clearTimeout(expiryTimeoutsRef.current[`${sessionKey}-warning`]);
-          expiryTimeoutsRef.current[`${sessionKey}-warning`] = setTimeout(
+
+        if (!activeSession && expiryTimeoutsRef.current[warnKey]) {
+          // Keep nudging until session materializes (short 10s timer is fine)
+          setTimeoutInMap(
+            expiryTimeoutsRef.current,
+            warnKey,
             beforeExpiry,
-            10000,
+            10_000,
           );
           return;
         }
@@ -693,6 +699,7 @@ export const ClientProvider: React.FC<ClientProviderProps> = ({
         if (!session) return;
 
         callbacks?.beforeSessionExpiry?.({ sessionKey });
+
         if (masterConfig?.auth?.autoRefreshSession) {
           await refreshSession({
             expirationSeconds: session.expirationSeconds!,
@@ -706,34 +713,50 @@ export const ClientProvider: React.FC<ClientProviderProps> = ({
         if (!expiredSession) return;
 
         callbacks?.onSessionExpired?.({ sessionKey });
+
         if ((await getActiveSessionKey()) === sessionKey) {
           setSession(undefined);
         }
-        setAllSessions((prevSessions) => {
-          if (!prevSessions) return prevSessions;
-          const newSessions = { ...prevSessions };
-          delete newSessions[sessionKey];
-          return newSessions;
+
+        setAllSessions((prev) => {
+          if (!prev) return prev;
+          const next = { ...prev };
+          delete next[sessionKey];
+          return next;
         });
 
         await clearSession({ sessionKey });
 
-        delete expiryTimeoutsRef.current[sessionKey];
-        delete expiryTimeoutsRef.current[`${sessionKey}-warning`];
+        // Remove timers for this session
+        clearKey(expiryTimeoutsRef.current, sessionKey);
+        clearKey(expiryTimeoutsRef.current, warnKey);
 
         await logout();
       };
 
-      if (timeUntilExpiry <= SESSION_WARNING_THRESHOLD_MS) {
-        beforeExpiry();
+      // Already expired → expire immediately
+      if (timeUntilExpiry <= 0) {
+        await expireSession();
+        return;
+      }
+
+      // Warning timer (if threshold is in the future)
+      const warnAt = expiryMs - SESSION_WARNING_THRESHOLD_MS;
+      if (warnAt <= now) {
+        void beforeExpiry(); // fire-and-forget is fine
       } else {
-        expiryTimeoutsRef.current[`${sessionKey}-warning`] = setTimeout(
+        setCappedTimeoutInMap(
+          expiryTimeoutsRef.current,
+          warnKey,
           beforeExpiry,
-          timeUntilExpiry - SESSION_WARNING_THRESHOLD_MS,
+          warnAt - now,
         );
       }
 
-      expiryTimeoutsRef.current[sessionKey] = setTimeout(
+      // Actual expiry timer (safe for long delays)
+      setCappedTimeoutInMap(
+        expiryTimeoutsRef.current,
+        sessionKey,
         expireSession,
         timeUntilExpiry,
       );
@@ -756,20 +779,16 @@ export const ClientProvider: React.FC<ClientProviderProps> = ({
   }
 
   /**
-   * Clears all scheduled session expiration and warning timeouts for the client.
+   * Clears all scheduled session timers (warning + expiry).
    *
-   * - This function removes all active session expiration and warning timeouts managed by the provider.
-   * - It is called automatically when sessions are re-initialized or on logout to prevent memory leaks and ensure no stale timeouts remain.
-   * - All timeouts stored in `expiryTimeoutsRef` are cleared and the reference is reset.
+   * - Removes all active timers managed by this client.
+   * - Useful on re-init or logout to avoid stale timers.
    *
-   * @throws {TurnkeyError} If an error occurs while clearing the timeouts.
+   * @throws {TurnkeyError} If an error occurs while clearing the timers.
    */
   function clearSessionTimeouts() {
     try {
-      Object.values(expiryTimeoutsRef.current).forEach((timeout) => {
-        clearTimeout(timeout);
-      });
-      expiryTimeoutsRef.current = {};
+      clearAll(expiryTimeoutsRef.current); // clears & deletes everything
     } catch (error) {
       if (
         error instanceof TurnkeyError ||
@@ -779,7 +798,7 @@ export const ClientProvider: React.FC<ClientProviderProps> = ({
       } else {
         callbacks?.onError?.(
           new TurnkeyError(
-            `Failed to clear session timeouts`,
+            "Failed to clear session timeouts",
             TurnkeyErrorCodes.CLEAR_SESSION_TIMEOUTS_ERROR,
             error,
           ),

packages/react-wallet-kit/src/providers/client/Provider.tsx

@@ -1,6 +1,6 @@
 "use client";
 
-import { useScreenSize } from "@utils";
+import { useScreenSize } from "../../utils/utils";
 import { createContext, useState, ReactNode } from "react";
 
 export type ModalPage = {

packages/react-wallet-kit/src/providers/modal/Provider.tsx

@@ -0,0 +1,155 @@
+// This file contains utility functions for managing timers and timeouts for session management.
+// Unfortunately, the delay param in Node Timeouts is a 32-bit signed integer, meaning it can only represent delays up to ~24.8 days.
+// This file provides functions to handle long delays by breaking them into smaller chunks.
+// These functions are separate from the normal utils function to reduce clutter and improve visibility.
+// Use `setTimeoutInMap` for short, frequent nudges (10s), and `setCappedTimeoutInMap` for anything that could exceed ~24.8 days.
+
+// Always store controllers (uniform shape)
+export type TimerController = { clear: () => void };
+export type TimerMap = Record<string, TimerController>;
+
+export const MAX_DELAY_MS = 2_147_483_647; // ~24.8 days
+
+/** @internal */
+function toIntMs(x: number) {
+  return Math.max(0, Math.floor(Number.isFinite(x) ? x : 0));
+}
+
+/**
+ * @internal A drop-in replacement for `setTimeout` that supports arbitrarily long delays.
+ *
+ * ### Why?
+ * Browsers clamp `setTimeout` delays to a 32-bit signed integer,
+ * i.e. a maximum of ~24.8 days (`2_147_483_647ms`). Any larger value
+ * will fire almost immediately. This helper safely schedules timeouts
+ * that can be months or years into the future.
+ *
+ * ### How it works
+ * - On call, we record a fixed **target timestamp** (`now + delayMs`).
+ * - We schedule a single "leg" of at most ~24.8 days into the future,
+ *   with an internal `tick` function as the callback.
+ * - When a leg expires, `tick` checks how much time is left:
+ *   - If `remaining > 0`, it schedules the next leg (`min(MAX_DELAY_MS, remaining)`).
+ *   - If `remaining <= 0`, the full delay has passed and we finally call your `cb()`.
+ * - At any time, only **one** leg is active. Calling `.clear()` cancels
+ *   the current leg and prevents further hops.
+ *
+ * ### Benefits
+ * - Works seamlessly for both short and very long delays.
+ * - Survives tab sleep / system suspend: when the tab wakes,
+ *   `tick` re-checks the target timestamp and fires immediately if overdue.
+ * - No drift accumulation: each hop recalculates based on the fixed target,
+ *   so you always land as close as possible to the intended deadline.
+ *
+ * ### Example
+ * ```ts
+ * const controller = setCappedTimeout(() => {
+ *   console.log("A whole year later!");
+ * }, 1000 * 60 * 60 * 24 * 365);
+ *
+ * // Cancel if needed
+ * controller.clear();
+ * ```
+ *
+ * @param cb - Function to run once the full delay has elapsed.
+ * @param delayMs - Delay in milliseconds (can exceed 2_147_483_647).
+ * @returns A controller with a `.clear()` method to cancel the timeout.
+ */
+export function setCappedTimeout(
+  cb: () => void,
+  delayMs: number,
+): TimerController {
+  const target = Date.now() + toIntMs(delayMs);
+  let handle: number | undefined;
+
+  const tick = () => {
+    const remaining = target - Date.now();
+    if (remaining <= 0) {
+      cb();
+      return;
+    }
+    handle = window.setTimeout(tick, Math.min(MAX_DELAY_MS, remaining));
+  };
+
+  tick();
+
+  return {
+    clear() {
+      if (handle !== undefined) {
+        window.clearTimeout(handle);
+        handle = undefined;
+      }
+    },
+  };
+}
+
+/** @internal Simple one-shot timeout that still returns a controller for uniformity. */
+export function setTimeoutController(
+  cb: () => void,
+  delayMs: number,
+): TimerController {
+  const ms = toIntMs(delayMs);
+  let id = window.setTimeout(cb, ms);
+  return { clear: () => window.clearTimeout(id) };
+}
+
+/** @internal Replace any existing timer for `key` with `controller`. */
+export function putTimer(
+  map: TimerMap,
+  key: string,
+  controller: TimerController,
+) {
+  map[key]?.clear?.();
+  map[key] = controller;
+}
+
+/** @internal Clear a specific key (noop if missing). */
+export function clearKey(map: TimerMap, key: string) {
+  map[key]?.clear?.();
+  delete map[key];
+}
+
+/** @internal Clear several keys at once (noop on missing). */
+export function clearKeys(map: TimerMap, keys: string[]) {
+  for (const k of keys) clearKey(map, k);
+}
+
+/** @internal Clear all timers in the map. */
+export function clearAll(map: TimerMap) {
+  for (const k of Object.keys(map)) {
+    map[k]?.clear?.();
+    delete map[k];
+  }
+}
+
+/**
+ * @internal Convenience: set a capped timeout directly into the map for `key`.
+ * @param map The map to store the timer in (pass in the ref to the timer map)
+ * @param key The key to associate with the timer
+ * @param cb The callback to invoke when the timer expires
+ * @param delayMs The delay in milliseconds before the timer expires
+ * */
+export function setCappedTimeoutInMap(
+  map: TimerMap,
+  key: string,
+  cb: () => void,
+  delayMs: number,
+) {
+  putTimer(map, key, setCappedTimeout(cb, delayMs));
+}
+
+/**
+ * @internal Convenience: set a regular (short) timeout into the map for `key`.
+ * @param map The map to store the timer in (pass in the ref to the timer map)
+ * @param key The key to associate with the timer
+ * @param cb The callback to invoke when the timer expires
+ * @param delayMs The delay in milliseconds before the timer expires
+ */
+export function setTimeoutInMap(
+  map: TimerMap,
+  key: string,
+  cb: () => void,
+  delayMs: number,
+) {
+  putTimer(map, key, setTimeoutController(cb, delayMs));
+}

packages/react-wallet-kit/src/utils/timers.ts

@@ -1,5 +1,5 @@
 import { Session, TurnkeyError, TurnkeyErrorCodes } from "@turnkey/sdk-types";
-import type { TurnkeyCallbacks } from "./types/base";
+import type { TurnkeyCallbacks } from "../types/base";
 import { useCallback, useRef, useState, useEffect } from "react";
 import { WalletInterfaceType, WalletProvider } from "@turnkey/core";