import { VersionInfo } from '@start9labs/start-sdk'

// Frontend convenience release: persist auth across page reloads.
//
// Background: through 0.1.0:40 the auth token + user object were held only
// in React state in memory. Any refresh, tab close, or browser restart
// dropped the token and forced the user back to the login screen. Since
// the JWT is signed with /data/.crm-secret (which already survives sideloads
// and container restarts), the underlying token is still valid for its full
// 24-hour lifetime — we just weren't keeping it anywhere persistent.
//
// 0.1.0:41 stores the JWT and user object in localStorage on login (and
// rehydrates from there on app mount), so refreshes and reopened tabs stay
// signed in until the token expires. The api() helper now also dispatches
// a 'crm:unauthorized' event whenever an authenticated request comes back
// with a 401, and the AuthProvider listens for that event to clear the
// stored auth — so an expired or rejected token immediately bounces the
// user back to the login screen instead of leaving the app in a broken
// "loaded but every request fails" state.
//
// Backend is unchanged: the JWT still carries the user's true role and is
// re-verified on every request, so a tampered localStorage user object
// cannot escalate privileges (the next admin call would just 401/403).
//
// No data migration is required.
export const v_0_1_0_41 = VersionInfo.of({
  version: '0.1.0:41',
  releaseNotes: {
    en_US: [
      'Logins now persist across page refreshes and tab closures for',
      'the full 24-hour token lifetime. Previously every reload bounced',
      'you to the login screen even though the token was still valid.',
      'If the server later rejects a stored token (expired, secret key',
      'changed, etc.) the app automatically clears it and shows the',
      'login screen instead of leaving requests silently failing.',
    ].join(' '),
  },
  migrations: {
    up: async () => {},
    down: async () => {},
  },
})