fix(auth): harden rate-limit, source hydration, and Play gating flows

import kotlinx.coroutines.flow.MutableStateFlow

import kotlinx.coroutines.flow.StateFlow

import kotlinx.coroutines.flow.asStateFlow

import kotlinx.coroutines.flow.combine

import kotlinx.coroutines.flow.distinctUntilChanged

import kotlinx.coroutines.flow.drop

import kotlinx.coroutines.flow.filter

import kotlinx.coroutines.flow.filterNotNull

import kotlinx.coroutines.launch

import javax.inject.Inject

import javax.inject.Singleton

    private val _enabledSourcesFlow = MutableStateFlow(emptySet<Source>())

    val enabledSourcesFlow: StateFlow<Set<Source>> = _enabledSourcesFlow.asStateFlow()

    private val _hasHydratedCapabilities = MutableStateFlow(false)

    val hydratedEnabledSourcesFlow: Flow<Set<Source>> =

        combine(enabledSourcesFlow, _hasHydratedCapabilities) { enabledSources, hasHydrated ->

            enabledSources.takeIf { hasHydrated }

        }

            .filterNotNull()

            .distinctUntilChanged()

    init {

        coroutineScope.launch(start = CoroutineStart.UNDISPATCHED) {

}

internal fun EnabledSourceState.enabledStoreChanges(): Flow<Set<Source>> =

    enabledSourcesFlow

        .filter { hasHydratedCapabilities }

    hydratedEnabledSourcesFlow

        .drop(1)

internal fun Source.isAccessible(capabilities: UserCapabilities): Boolean {

import foundation.e.apps.data.enums.Source

import foundation.e.apps.data.enums.isUnFiltered

import foundation.e.apps.data.handleNetworkResult

import foundation.e.apps.data.playstore.PlayStoreRepository

import javax.inject.Inject

class CategoryApiImpl @Inject constructor(

    private suspend fun fetchGplayCategories(

        type: CategoryType,

    ): Pair<List<Category>, ResultStatus> {

        val playStoreRepository = awaitPlayStoreRepository()

            ?: return Pair(

                emptyList(),

                ResultStatus.UNKNOWN.apply { message = "Play Store unavailable" },

            )

        val categoryList = mutableListOf<Category>()

        val result = handleNetworkResult {

            val playResponse = appSources.gplayRepo.getCategories(type).map { gplayCategory ->

            val playResponse = playStoreRepository.getCategories(type).map { gplayCategory ->

                val category = gplayCategory.toCategory()

                category.drawable =

                    CategoryUtils.provideAppsCategoryIconResource(

        category: String,

        pageUrl: String?

    ): ResultSupreme<Pair<List<Application>, String>> {

        val playStoreRepository = awaitPlayStoreRepository()

            ?: return ResultSupreme.Error("Play Store unavailable")

        return handleNetworkResult {

            val cluster =

                appSources.gplayRepo.getAppsByCategory(category, pageUrl)

                playStoreRepository.getAppsByCategory(category, pageUrl)

            val filteredApps = filterRestrictedGPlayApps(cluster.clusterAppList)

            val applications = (filteredApps.data ?: emptyList()).toMutableList()

        else -> null

    }

    private suspend fun awaitPlayStoreRepository(): PlayStoreRepository? {

        return enabledStoreRepositoryProvider.awaitStore(Source.PLAY_STORE) as? PlayStoreRepository

    }

}

            },

            onError = ::showErrorDialog,

        )

        systemWideGoogleLoginLauncher.restore(savedInstanceState)

        requireActivity().onBackPressedDispatcher.addCallback(

            this,

            object : OnBackPressedCallback(true) {

        dialogState = null

    }

    override fun onSaveInstanceState(outState: Bundle) {

        systemWideGoogleLoginLauncher.save(outState)

        super.onSaveInstanceState(outState)

    }

    private fun navigateToGoogleSignInFragment(): Boolean {

        return findNavController().safeNavigate(

            R.id.signInFragment,

internal class SystemWideGoogleLoginCoordinator {

    private var pendingAccountName: String? = null

    fun snapshotPendingAccountName(): String? = pendingAccountName

    fun restorePendingAccountName(accountName: String?) {

        pendingAccountName = accountName?.takeIf { it.isNotBlank() }

    }

    fun start(

        hasSupportedMicrog: Boolean,

        hasMicrogAccount: Boolean,

import android.accounts.AccountManager

import android.app.Activity

import android.content.Intent

import android.os.Bundle

import androidx.activity.result.contract.ActivityResultContracts

import androidx.core.os.BundleCompat

import androidx.fragment.app.Fragment

import androidx.lifecycle.lifecycleScope

import foundation.e.apps.R

    private val onCredentialsReady: (String, String) -> Unit,

    private val onError: (String) -> Unit,

) {

    companion object {

        private const val KEY_PENDING_ACCOUNT_NAME = "system_wide_google_login_pending_account_name"

        private const val KEY_PENDING_CONSENT_INTENT = "system_wide_google_login_pending_consent_intent"

    }

    private val coordinator = SystemWideGoogleLoginCoordinator()

    private var pendingConsentIntent: Intent? = null

        )

    }

    fun restore(savedInstanceState: Bundle?) {

        if (savedInstanceState == null) return

        coordinator.restorePendingAccountName(

            savedInstanceState.getString(KEY_PENDING_ACCOUNT_NAME),

        )

        pendingConsentIntent = BundleCompat.getParcelable(

            savedInstanceState,

            KEY_PENDING_CONSENT_INTENT,

            Intent::class.java,

        )

    }

    fun save(outState: Bundle) {

        outState.putString(KEY_PENDING_ACCOUNT_NAME, coordinator.snapshotPendingAccountName())

        outState.putParcelable(KEY_PENDING_CONSENT_INTENT, pendingConsentIntent)

    }

    private fun fetchSelectedAccount(accountName: String) {

        fragment.lifecycleScope.launch {

            val fetchResult = microgAccountFetcher.fetchAccount(accountName)