@01.software/sdk 0.18.0 → 0.19.0

package/dist/index.js

@@ -418,7 +418,7 @@ async function parseErrorBody(response) {
   };
   try {
     const body = await response.json();
-    const reason = typeof body.reason === "string" ? body.reason : void 0;
+    const reason = typeof body.reason === "string" ? body.reason : typeof body.code === "string" ? body.code : void 0;
     if (body.errors && Array.isArray(body.errors)) {
       const fieldErrors = [];
       for (const e of body.errors) {
@@ -441,6 +441,7 @@ async function parseErrorBody(response) {
           errorMessage: `HTTP ${response.status}: ${details}`,
           userMessage: details,
           reason,
+          body,
           errors: fieldErrors.length > 0 ? fieldErrors : body.errors
         };
       }
@@ -449,17 +450,19 @@ async function parseErrorBody(response) {
       return {
         errorMessage: `HTTP ${response.status}: ${body.error}`,
         userMessage: body.error,
-        reason
+        reason,
+        body
       };
     }
     if (body.message) {
       return {
         errorMessage: `HTTP ${response.status}: ${body.message}`,
         userMessage: body.message,
-        reason
+        reason,
+        body
       };
     }
-    return { ...fallback, reason };
+    return { ...fallback, reason, body };
   } catch {
     return fallback;
   }
@@ -476,7 +479,6 @@ async function httpFetch(url, options) {
     publishableKey,
     secretKey,
     customerToken,
-    tenantId,
     timeout = DEFAULT_TIMEOUT,
     debug,
     retry,
@@ -506,9 +508,6 @@ async function httpFetch(url, options) {
       if (authToken) {
         headers.set("Authorization", `Bearer ${authToken}`);
       }
-      if (tenantId) {
-        headers.set("X-Tenant-Id", tenantId);
-      }
       if (!headers.has("Content-Type") && requestInit.body && !(requestInit.body instanceof FormData)) {
         headers.set("Content-Type", "application/json");
       }
@@ -675,10 +674,9 @@ async function httpFetch(url, options) {
 
 // src/core/collection/http-client.ts
 var HttpClient = class {
-  constructor(publishableKey, secretKey, getCustomerToken, onUnauthorized, onRequestId, tenantId) {
+  constructor(publishableKey, secretKey, getCustomerToken, onUnauthorized, onRequestId) {
     this.publishableKey = publishableKey;
     this.secretKey = secretKey;
-    this.tenantId = tenantId;
     this.getCustomerToken = getCustomerToken;
     this.onUnauthorized = onUnauthorized;
     this.onRequestId = onRequestId;
@@ -688,9 +686,6 @@ var HttpClient = class {
       publishableKey: this.publishableKey,
       secretKey: this.secretKey
     };
-    if (this.secretKey?.startsWith("pat01_") && this.tenantId) {
-      opts.tenantId = this.tenantId;
-    }
     const token = this.getCustomerToken?.();
     if (token) {
       opts.customerToken = token;
@@ -1014,10 +1009,10 @@ var COLLECTIONS = [
   "documents",
   "document-categories",
   "document-types",
-  "posts",
-  "post-authors",
-  "post-categories",
-  "post-tags",
+  "articles",
+  "article-authors",
+  "article-categories",
+  "article-tags",
   "playlists",
   "playlist-categories",
   "playlist-tags",
@@ -1046,12 +1041,12 @@ var COLLECTIONS = [
   "forms",
   "form-submissions",
   // Community
-  "threads",
+  "posts",
   "comments",
   "reactions",
   "reaction-types",
   "bookmarks",
-  "thread-categories",
+  "post-categories",
   "reports",
   "community-bans",
   // Events
@@ -1112,7 +1107,6 @@ var CommunityClient = class {
   constructor(options) {
     this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
-    this.tenantId = options.tenantId;
     this.customerToken = options.customerToken;
     this.onUnauthorized = options.onUnauthorized;
     this.onRequestId = options.onRequestId;
@@ -1124,13 +1118,11 @@ var CommunityClient = class {
   }
   async execute(endpoint, method, body) {
     const token = typeof this.customerToken === "function" ? this.customerToken() : this.customerToken;
-    const tenantId = this.secretKey?.startsWith("pat01_") && this.tenantId ? this.tenantId : void 0;
     try {
       const response = await httpFetch(endpoint, {
         method,
         publishableKey: this.publishableKey,
         secretKey: this.secretKey,
-        tenantId,
         customerToken: token ?? void 0,
         ...token && this.onUnauthorized && { onUnauthorized: this.onUnauthorized },
         ...body !== void 0 && { body: JSON.stringify(body) }
@@ -1143,49 +1135,48 @@ var CommunityClient = class {
       throw err;
     }
   }
-  // Threads
-  createThread(params) {
-    return this.execute("/api/threads", "POST", params);
+  createPost(params) {
+    return this.execute("/api/posts", "POST", params);
   }
-  getMyThreads(params) {
+  getMyPosts(params) {
     return this.execute(
-      `/api/threads/my${this.buildQuery(params)}`,
+      `/api/posts/my${this.buildQuery(params)}`,
       "GET"
     );
   }
   getTrending(params) {
     return this.execute(
-      `/api/threads/trending${this.buildQuery(params)}`,
+      `/api/posts/trending${this.buildQuery(params)}`,
       "GET"
     );
   }
   incrementView(params) {
     return this.execute(
-      `/api/threads/${params.threadId}/view`,
+      `/api/posts/${params.postId}/view`,
       "POST"
     );
   }
-  reportThread(params) {
-    const { threadId, ...body } = params;
+  reportPost(params) {
+    const { postId, ...body } = params;
     return this.execute(
-      `/api/threads/${threadId}/report`,
+      `/api/posts/${postId}/report`,
       "POST",
       body
     );
   }
   // Comments
   createComment(params) {
-    const { threadId, parentId, body: commentBody } = params;
-    const body = { thread: threadId, body: commentBody };
+    const { postId, parentId, body: commentBody } = params;
+    const body = { post: postId, body: commentBody };
     if (parentId !== void 0) {
       body.parent = parentId;
     }
     return this.execute("/api/comments", "POST", body);
   }
   listComments(params) {
-    const { threadId, page, limit, rootComment } = params;
+    const { postId, page, limit, rootComment } = params;
     const urlParams = new URLSearchParams();
-    urlParams.set("where[thread][equals]", threadId);
+    urlParams.set("where[post][equals]", postId);
     urlParams.set("sort", "-createdAt");
     if (limit !== void 0) urlParams.set("limit", String(limit));
     if (page !== void 0) urlParams.set("page", String(page));
@@ -1219,16 +1210,16 @@ var CommunityClient = class {
   }
   // Reactions
   addReaction(params) {
-    const { threadId, type } = params;
+    const { postId, type } = params;
     return this.execute("/api/reactions", "POST", {
-      thread: threadId,
+      post: postId,
       type
     });
   }
   removeReaction(params) {
-    const { threadId, type } = params;
+    const { postId, type } = params;
     return this.execute(
-      `/api/threads/${threadId}/react?type=${encodeURIComponent(type)}`,
+      `/api/posts/${postId}/react?type=${encodeURIComponent(type)}`,
       "DELETE"
     );
   }
@@ -1248,7 +1239,7 @@ var CommunityClient = class {
   }
   getReactionSummary(params) {
     return this.execute(
-      `/api/threads/${params.threadId}/reactions`,
+      `/api/posts/${params.postId}/reactions`,
       "GET"
     );
   }
@@ -1261,12 +1252,12 @@ var CommunityClient = class {
   // Bookmarks
   addBookmark(params) {
     return this.execute("/api/bookmarks", "POST", {
-      thread: params.threadId
+      post: params.postId
     });
   }
   removeBookmark(params) {
     return this.execute(
-      `/api/threads/${params.threadId}/bookmark`,
+      `/api/posts/${params.postId}/bookmark`,
       "DELETE"
     );
   }
@@ -1286,18 +1277,15 @@ var BaseApi = class {
     }
     this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
-    this.tenantId = options.tenantId;
     this.onRequestId = options.onRequestId;
   }
   async request(endpoint, body, options) {
     const method = options?.method ?? "POST";
-    const tenantId = this.secretKey.startsWith("pat01_") && this.tenantId ? this.tenantId : void 0;
     try {
       const response = await httpFetch(endpoint, {
         method,
         publishableKey: this.publishableKey,
         secretKey: this.secretKey,
-        tenantId,
         ...body !== void 0 && { body: JSON.stringify(body) },
         ...options?.headers && { headers: options.headers }
       });
@@ -1583,20 +1571,17 @@ var CartApi = class {
     }
     this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
-    this.tenantId = options.tenantId;
     this.customerToken = options.customerToken;
     this.onUnauthorized = options.onUnauthorized;
     this.onRequestId = options.onRequestId;
   }
   async execute(endpoint, method, body) {
     const token = typeof this.customerToken === "function" ? this.customerToken() : this.customerToken;
-    const tenantId = this.secretKey?.startsWith("pat01_") && this.tenantId ? this.tenantId : void 0;
     try {
       const response = await httpFetch(endpoint, {
         method,
         publishableKey: this.publishableKey,
         secretKey: this.secretKey,
-        tenantId,
         customerToken: token ?? void 0,
         ...token && this.onUnauthorized && { onUnauthorized: this.onUnauthorized },
         ...body !== void 0 && { body: JSON.stringify(body) }
@@ -1783,7 +1768,6 @@ var ServerCommerceClient = class {
     const serverOptions = {
       publishableKey: options.publishableKey,
       secretKey: options.secretKey,
-      tenantId: options.tenantId,
       onRequestId: options.onRequestId
     };
     const productApi = new ProductApi(serverOptions);
@@ -2454,7 +2438,6 @@ var ServerClient = class {
     const serverOptions = {
       publishableKey: this.config.publishableKey,
       secretKey: this.config.secretKey,
-      tenantId: this.config.tenantId,
       onRequestId
     };
     this.commerce = new ServerCommerceClient(serverOptions);
@@ -2471,8 +2454,7 @@ var ServerClient = class {
       this.config.secretKey,
       void 0,
       void 0,
-      onRequestId,
-      this.config.tenantId
+      onRequestId
     );
     this.queryClient = getQueryClient();
     this.query = new QueryHooks(this.queryClient, this.collections);
@@ -2665,7 +2647,7 @@ function createCustomerAuthWebhookHandler(handlers) {
     await handlers.unhandled?.(event);
   };
 }
-async function verifySignature(payload, secret, signature) {
+async function verifySignature(payload, secret, signature, timestamp, deliveryId) {
   const encoder = new TextEncoder();
   const key = await crypto.subtle.importKey(
     "raw",
@@ -2680,14 +2662,35 @@ async function verifySignature(payload, secret, signature) {
   const sigBytes = new Uint8Array(
     (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16))
   );
-  return crypto.subtle.verify("HMAC", key, sigBytes, encoder.encode(payload));
+  return crypto.subtle.verify(
+    "HMAC",
+    key,
+    sigBytes,
+    encoder.encode(`${timestamp}.${deliveryId}.${payload}`)
+  );
+}
+function timestampIsFresh(timestamp, toleranceSeconds) {
+  if (!/^\d+$/.test(timestamp)) return false;
+  const timestampMs = Number(timestamp);
+  if (!Number.isFinite(timestampMs)) return false;
+  const skewMs = Math.abs(Date.now() - timestampMs);
+  return skewMs <= toleranceSeconds * 1e3;
 }
 async function handleWebhook(request, handler, options) {
   try {
     const rawBody = await request.text();
     if (options?.secret) {
       const signature = request.headers.get("x-webhook-signature") || "";
-      const valid = await verifySignature(rawBody, options.secret, signature);
+      const timestamp = request.headers.get("x-webhook-timestamp") || "";
+      const deliveryId = request.headers.get("x-webhook-delivery-id") || "";
+      const toleranceSeconds = options.toleranceSeconds ?? 300;
+      const valid = Boolean(timestamp && deliveryId) && timestampIsFresh(timestamp, toleranceSeconds) && await verifySignature(
+        rawBody,
+        options.secret,
+        signature,
+        timestamp,
+        deliveryId
+      );
       if (!valid) {
         return new Response(
           JSON.stringify({ error: "Invalid webhook signature" }),