@01.software/sdk 0.17.0 → 0.19.0

package/dist/index.cjs

@@ -24,6 +24,7 @@ __export(src_exports, {
   AuthError: () => AuthError,
   BaseApi: () => BaseApi,
   COLLECTIONS: () => COLLECTIONS,
+  CUSTOMER_PASSWORD_RESET_OPERATION: () => CUSTOMER_PASSWORD_RESET_OPERATION,
   CartApi: () => CartApi,
   Client: () => Client,
   CollectionClient: () => CollectionClient,
@@ -65,6 +66,7 @@ __export(src_exports, {
   createAuthError: () => createAuthError,
   createClient: () => createClient,
   createConflictError: () => createConflictError,
+  createCustomerAuthWebhookHandler: () => createCustomerAuthWebhookHandler,
   createNotFoundError: () => createNotFoundError,
   createPermissionError: () => createPermissionError,
   createRateLimitError: () => createRateLimitError,
@@ -91,6 +93,7 @@ __export(src_exports, {
   isAuthError: () => isAuthError,
   isConfigError: () => isConfigError,
   isConflictError: () => isConflictError,
+  isCustomerPasswordResetWebhookEvent: () => isCustomerPasswordResetWebhookEvent,
   isGoneError: () => isGoneError,
   isNetworkError: () => isNetworkError,
   isNotFoundError: () => isNotFoundError,
@@ -529,7 +532,7 @@ async function parseErrorBody(response) {
   };
   try {
     const body = await response.json();
-    const reason = typeof body.reason === "string" ? body.reason : void 0;
+    const reason = typeof body.reason === "string" ? body.reason : typeof body.code === "string" ? body.code : void 0;
     if (body.errors && Array.isArray(body.errors)) {
       const fieldErrors = [];
       for (const e of body.errors) {
@@ -552,6 +555,7 @@ async function parseErrorBody(response) {
           errorMessage: `HTTP ${response.status}: ${details}`,
           userMessage: details,
           reason,
+          body,
           errors: fieldErrors.length > 0 ? fieldErrors : body.errors
         };
       }
@@ -560,17 +564,19 @@ async function parseErrorBody(response) {
       return {
         errorMessage: `HTTP ${response.status}: ${body.error}`,
         userMessage: body.error,
-        reason
+        reason,
+        body
       };
     }
     if (body.message) {
       return {
         errorMessage: `HTTP ${response.status}: ${body.message}`,
         userMessage: body.message,
-        reason
+        reason,
+        body
       };
     }
-    return { ...fallback, reason };
+    return { ...fallback, reason, body };
   } catch {
     return fallback;
   }
@@ -587,7 +593,6 @@ async function httpFetch(url, options) {
     publishableKey,
     secretKey,
     customerToken,
-    tenantId,
     timeout = DEFAULT_TIMEOUT,
     debug,
     retry,
@@ -617,9 +622,6 @@ async function httpFetch(url, options) {
       if (authToken) {
         headers.set("Authorization", `Bearer ${authToken}`);
       }
-      if (tenantId) {
-        headers.set("X-Tenant-Id", tenantId);
-      }
       if (!headers.has("Content-Type") && requestInit.body && !(requestInit.body instanceof FormData)) {
         headers.set("Content-Type", "application/json");
       }
@@ -786,10 +788,9 @@ async function httpFetch(url, options) {
 
 // src/core/collection/http-client.ts
 var HttpClient = class {
-  constructor(publishableKey, secretKey, getCustomerToken, onUnauthorized, onRequestId, tenantId) {
+  constructor(publishableKey, secretKey, getCustomerToken, onUnauthorized, onRequestId) {
     this.publishableKey = publishableKey;
     this.secretKey = secretKey;
-    this.tenantId = tenantId;
     this.getCustomerToken = getCustomerToken;
     this.onUnauthorized = onUnauthorized;
     this.onRequestId = onRequestId;
@@ -799,9 +800,6 @@ var HttpClient = class {
       publishableKey: this.publishableKey,
       secretKey: this.secretKey
     };
-    if (this.secretKey?.startsWith("pat01_") && this.tenantId) {
-      opts.tenantId = this.tenantId;
-    }
     const token = this.getCustomerToken?.();
     if (token) {
       opts.customerToken = token;
@@ -1077,8 +1075,6 @@ var INTERNAL_COLLECTIONS = [
   "track-assets",
   "audiences",
   "email-logs",
-  "tenant-auth-settings",
-  "tenant-community-settings",
   "api-usage",
   "tenant-analytics-daily",
   "analytics-event-schemas",
@@ -1092,7 +1088,8 @@ var INTERNAL_COLLECTIONS = [
   "webhook-deliveries",
   "audit-logs",
   "plans",
-  "webhooks"
+  "webhooks",
+  "event-registrations"
 ];
 var COLLECTIONS = [
   "tenants",
@@ -1126,10 +1123,10 @@ var COLLECTIONS = [
   "documents",
   "document-categories",
   "document-types",
-  "posts",
-  "post-authors",
-  "post-categories",
-  "post-tags",
+  "articles",
+  "article-authors",
+  "article-categories",
+  "article-tags",
   "playlists",
   "playlist-categories",
   "playlist-tags",
@@ -1158,14 +1155,19 @@ var COLLECTIONS = [
   "forms",
   "form-submissions",
   // Community
-  "threads",
+  "posts",
   "comments",
   "reactions",
   "reaction-types",
   "bookmarks",
-  "thread-categories",
+  "post-categories",
   "reports",
-  "community-bans"
+  "community-bans",
+  // Events
+  "event-calendars",
+  "events",
+  "event-occurrences",
+  "event-tags"
 ];
 
 // src/core/api/parse-response.ts
@@ -1219,7 +1221,6 @@ var CommunityClient = class {
   constructor(options) {
     this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
-    this.tenantId = options.tenantId;
     this.customerToken = options.customerToken;
     this.onUnauthorized = options.onUnauthorized;
     this.onRequestId = options.onRequestId;
@@ -1231,13 +1232,11 @@ var CommunityClient = class {
   }
   async execute(endpoint, method, body) {
     const token = typeof this.customerToken === "function" ? this.customerToken() : this.customerToken;
-    const tenantId = this.secretKey?.startsWith("pat01_") && this.tenantId ? this.tenantId : void 0;
     try {
       const response = await httpFetch(endpoint, {
         method,
         publishableKey: this.publishableKey,
         secretKey: this.secretKey,
-        tenantId,
         customerToken: token ?? void 0,
         ...token && this.onUnauthorized && { onUnauthorized: this.onUnauthorized },
         ...body !== void 0 && { body: JSON.stringify(body) }
@@ -1250,49 +1249,48 @@ var CommunityClient = class {
       throw err;
     }
   }
-  // Threads
-  createThread(params) {
-    return this.execute("/api/threads", "POST", params);
+  createPost(params) {
+    return this.execute("/api/posts", "POST", params);
   }
-  getMyThreads(params) {
+  getMyPosts(params) {
     return this.execute(
-      `/api/threads/my${this.buildQuery(params)}`,
+      `/api/posts/my${this.buildQuery(params)}`,
       "GET"
     );
   }
   getTrending(params) {
     return this.execute(
-      `/api/threads/trending${this.buildQuery(params)}`,
+      `/api/posts/trending${this.buildQuery(params)}`,
       "GET"
     );
   }
   incrementView(params) {
     return this.execute(
-      `/api/threads/${params.threadId}/view`,
+      `/api/posts/${params.postId}/view`,
       "POST"
     );
   }
-  reportThread(params) {
-    const { threadId, ...body } = params;
+  reportPost(params) {
+    const { postId, ...body } = params;
     return this.execute(
-      `/api/threads/${threadId}/report`,
+      `/api/posts/${postId}/report`,
       "POST",
       body
     );
   }
   // Comments
   createComment(params) {
-    const { threadId, parentId, body: commentBody } = params;
-    const body = { thread: threadId, body: commentBody };
+    const { postId, parentId, body: commentBody } = params;
+    const body = { post: postId, body: commentBody };
     if (parentId !== void 0) {
       body.parent = parentId;
     }
     return this.execute("/api/comments", "POST", body);
   }
   listComments(params) {
-    const { threadId, page, limit, rootComment } = params;
+    const { postId, page, limit, rootComment } = params;
     const urlParams = new URLSearchParams();
-    urlParams.set("where[thread][equals]", threadId);
+    urlParams.set("where[post][equals]", postId);
     urlParams.set("sort", "-createdAt");
     if (limit !== void 0) urlParams.set("limit", String(limit));
     if (page !== void 0) urlParams.set("page", String(page));
@@ -1326,16 +1324,16 @@ var CommunityClient = class {
   }
   // Reactions
   addReaction(params) {
-    const { threadId, type } = params;
+    const { postId, type } = params;
     return this.execute("/api/reactions", "POST", {
-      thread: threadId,
+      post: postId,
       type
     });
   }
   removeReaction(params) {
-    const { threadId, type } = params;
+    const { postId, type } = params;
     return this.execute(
-      `/api/threads/${threadId}/react?type=${encodeURIComponent(type)}`,
+      `/api/posts/${postId}/react?type=${encodeURIComponent(type)}`,
       "DELETE"
     );
   }
@@ -1355,7 +1353,7 @@ var CommunityClient = class {
   }
   getReactionSummary(params) {
     return this.execute(
-      `/api/threads/${params.threadId}/reactions`,
+      `/api/posts/${params.postId}/reactions`,
       "GET"
     );
   }
@@ -1368,12 +1366,12 @@ var CommunityClient = class {
   // Bookmarks
   addBookmark(params) {
     return this.execute("/api/bookmarks", "POST", {
-      thread: params.threadId
+      post: params.postId
     });
   }
   removeBookmark(params) {
     return this.execute(
-      `/api/threads/${params.threadId}/bookmark`,
+      `/api/posts/${params.postId}/bookmark`,
       "DELETE"
     );
   }
@@ -1393,18 +1391,15 @@ var BaseApi = class {
     }
     this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
-    this.tenantId = options.tenantId;
     this.onRequestId = options.onRequestId;
   }
   async request(endpoint, body, options) {
     const method = options?.method ?? "POST";
-    const tenantId = this.secretKey.startsWith("pat01_") && this.tenantId ? this.tenantId : void 0;
     try {
       const response = await httpFetch(endpoint, {
         method,
         publishableKey: this.publishableKey,
         secretKey: this.secretKey,
-        tenantId,
         ...body !== void 0 && { body: JSON.stringify(body) },
         ...options?.headers && { headers: options.headers }
       });
@@ -1581,15 +1576,6 @@ var CustomerAuth = class {
       body: JSON.stringify({ currentPassword, newPassword })
     });
   }
-  /**
-   * Verify email using the verification token
-   */
-  async verifyEmail(token) {
-    await this.requestJson("/api/customers/verify-email", {
-      method: "POST",
-      body: JSON.stringify({ token })
-    });
-  }
   /**
    * Get the authenticated customer's orders with pagination and optional status filter
    */
@@ -1699,20 +1685,17 @@ var CartApi = class {
     }
     this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
-    this.tenantId = options.tenantId;
     this.customerToken = options.customerToken;
     this.onUnauthorized = options.onUnauthorized;
     this.onRequestId = options.onRequestId;
   }
   async execute(endpoint, method, body) {
     const token = typeof this.customerToken === "function" ? this.customerToken() : this.customerToken;
-    const tenantId = this.secretKey?.startsWith("pat01_") && this.tenantId ? this.tenantId : void 0;
     try {
       const response = await httpFetch(endpoint, {
         method,
         publishableKey: this.publishableKey,
         secretKey: this.secretKey,
-        tenantId,
         customerToken: token ?? void 0,
         ...token && this.onUnauthorized && { onUnauthorized: this.onUnauthorized },
         ...body !== void 0 && { body: JSON.stringify(body) }
@@ -1899,7 +1882,6 @@ var ServerCommerceClient = class {
     const serverOptions = {
       publishableKey: options.publishableKey,
       secretKey: options.secretKey,
-      tenantId: options.tenantId,
       onRequestId: options.onRequestId
     };
     const productApi = new ProductApi(serverOptions);
@@ -2309,14 +2291,6 @@ var CustomerHooks = class {
       options
     );
   }
-  useCustomerVerifyEmail(options) {
-    return createMutation(
-      (token) => this.ensureCustomerAuth().verifyEmail(token).then(() => {
-      }),
-      options,
-      this.invalidateMe
-    );
-  }
   useCustomerRefreshToken(options) {
     return createMutation(
       () => this.ensureCustomerAuth().refreshToken(),
@@ -2361,7 +2335,6 @@ var QueryHooks = class extends CollectionHooks {
     this.useCustomerLogout = (...args) => this._customer.useCustomerLogout(...args);
     this.useCustomerForgotPassword = (...args) => this._customer.useCustomerForgotPassword(...args);
     this.useCustomerResetPassword = (...args) => this._customer.useCustomerResetPassword(...args);
-    this.useCustomerVerifyEmail = (...args) => this._customer.useCustomerVerifyEmail(...args);
     this.useCustomerRefreshToken = (...args) => this._customer.useCustomerRefreshToken(...args);
     this.useCustomerUpdateProfile = (...args) => this._customer.useCustomerUpdateProfile(...args);
     this.useCustomerChangePassword = (...args) => this._customer.useCustomerChangePassword(...args);
@@ -2561,7 +2534,6 @@ var ServerClient = class {
     const serverOptions = {
       publishableKey: this.config.publishableKey,
       secretKey: this.config.secretKey,
-      tenantId: this.config.tenantId,
       onRequestId
     };
     this.commerce = new ServerCommerceClient(serverOptions);
@@ -2578,8 +2550,7 @@ var ServerClient = class {
       this.config.secretKey,
       void 0,
       void 0,
-      onRequestId,
-      this.config.tenantId
+      onRequestId
     );
     this.queryClient = getQueryClient();
     this.query = new QueryHooks(this.queryClient, this.collections);
@@ -2745,9 +2716,34 @@ var RealtimeConnection = class {
 function isValidWebhookEvent(data) {
   if (typeof data !== "object" || data === null) return false;
   const obj = data;
-  return typeof obj.collection === "string" && (obj.operation === "create" || obj.operation === "update") && typeof obj.data === "object" && obj.data !== null;
+  return typeof obj.collection === "string" && typeof obj.operation === "string" && obj.operation.length > 0 && typeof obj.data === "object" && obj.data !== null;
+}
+var CUSTOMER_PASSWORD_RESET_OPERATION = "password-reset";
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function hasString(value, key) {
+  return typeof value[key] === "string";
+}
+function hasStringOrNumber(value, key) {
+  return typeof value[key] === "string" || typeof value[key] === "number";
+}
+function isCustomerPasswordResetWebhookEvent(event) {
+  if (event.collection !== "customers" || event.operation !== CUSTOMER_PASSWORD_RESET_OPERATION || !isRecord(event.data)) {
+    return false;
+  }
+  return hasStringOrNumber(event.data, "customerId") && hasString(event.data, "email") && hasString(event.data, "name") && hasString(event.data, "resetPasswordToken") && hasString(event.data, "resetPasswordExpiresAt");
 }
-async function verifySignature(payload, secret, signature) {
+function createCustomerAuthWebhookHandler(handlers) {
+  return async (event) => {
+    if (isCustomerPasswordResetWebhookEvent(event) && handlers.passwordReset) {
+      await handlers.passwordReset(event.data, event);
+      return;
+    }
+    await handlers.unhandled?.(event);
+  };
+}
+async function verifySignature(payload, secret, signature, timestamp, deliveryId) {
   const encoder = new TextEncoder();
   const key = await crypto.subtle.importKey(
     "raw",
@@ -2762,14 +2758,35 @@ async function verifySignature(payload, secret, signature) {
   const sigBytes = new Uint8Array(
     (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16))
   );
-  return crypto.subtle.verify("HMAC", key, sigBytes, encoder.encode(payload));
+  return crypto.subtle.verify(
+    "HMAC",
+    key,
+    sigBytes,
+    encoder.encode(`${timestamp}.${deliveryId}.${payload}`)
+  );
+}
+function timestampIsFresh(timestamp, toleranceSeconds) {
+  if (!/^\d+$/.test(timestamp)) return false;
+  const timestampMs = Number(timestamp);
+  if (!Number.isFinite(timestampMs)) return false;
+  const skewMs = Math.abs(Date.now() - timestampMs);
+  return skewMs <= toleranceSeconds * 1e3;
 }
 async function handleWebhook(request, handler, options) {
   try {
     const rawBody = await request.text();
     if (options?.secret) {
       const signature = request.headers.get("x-webhook-signature") || "";
-      const valid = await verifySignature(rawBody, options.secret, signature);
+      const timestamp = request.headers.get("x-webhook-timestamp") || "";
+      const deliveryId = request.headers.get("x-webhook-delivery-id") || "";
+      const toleranceSeconds = options.toleranceSeconds ?? 300;
+      const valid = Boolean(timestamp && deliveryId) && timestampIsFresh(timestamp, toleranceSeconds) && await verifySignature(
+        rawBody,
+        options.secret,
+        signature,
+        timestamp,
+        deliveryId
+      );
       if (!valid) {
         return new Response(
           JSON.stringify({ error: "Invalid webhook signature" }),