@01.software/sdk 0.8.0 → 0.9.0

package/dist/index.js

@@ -1,82 +1,3 @@
-// src/core/internal/utils/jwt.ts
-import { SignJWT, jwtVerify, decodeJwt } from "jose";
-async function createServerToken(clientKey, secretKey, expiresIn = "1h") {
-  if (!clientKey || !secretKey) {
-    throw new Error("clientKey and secretKey are required.");
-  }
-  const secret = new TextEncoder().encode(secretKey);
-  return new SignJWT({ clientKey }).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime(expiresIn).sign(secret);
-}
-async function verifyServerToken(token, secretKey) {
-  if (!token || !secretKey) {
-    throw new Error("token and secretKey are required.");
-  }
-  const secret = new TextEncoder().encode(secretKey);
-  const { payload } = await jwtVerify(token, secret, {
-    algorithms: ["HS256"]
-  });
-  if (!payload.clientKey || typeof payload.clientKey !== "string") {
-    throw new Error("Invalid token payload: clientKey is missing");
-  }
-  return {
-    clientKey: payload.clientKey,
-    iat: payload.iat,
-    exp: payload.exp
-  };
-}
-function decodeServerToken(token) {
-  if (!token) {
-    throw new Error("token is required.");
-  }
-  const payload = decodeJwt(token);
-  if (!payload.clientKey || typeof payload.clientKey !== "string") {
-    throw new Error("Invalid token payload: clientKey is missing");
-  }
-  return {
-    clientKey: payload.clientKey,
-    iat: payload.iat,
-    exp: payload.exp
-  };
-}
-
-// src/core/internal/utils/encoding.ts
-function createApiKey(clientKey, secretKey) {
-  if (!clientKey || !secretKey) {
-    throw new Error("clientKey and secretKey are required.");
-  }
-  if (typeof Buffer !== "undefined") {
-    return Buffer.from(`${clientKey}:${secretKey}`).toString("base64");
-  }
-  return btoa(`${clientKey}:${secretKey}`);
-}
-function parseApiKey(apiKey) {
-  if (!apiKey) {
-    throw new Error("apiKey is required.");
-  }
-  try {
-    let decoded;
-    if (typeof Buffer !== "undefined") {
-      decoded = Buffer.from(apiKey, "base64").toString("utf-8");
-    } else {
-      decoded = atob(apiKey);
-    }
-    const colonIndex = decoded.indexOf(":");
-    if (colonIndex === -1) {
-      throw new Error("Invalid format: missing colon separator");
-    }
-    const clientKey = decoded.substring(0, colonIndex);
-    const secretKey = decoded.substring(colonIndex + 1);
-    if (!clientKey || !secretKey) {
-      throw new Error("Invalid format: empty clientKey or secretKey");
-    }
-    return { clientKey, secretKey };
-  } catch {
-    throw new Error(
-      'Invalid API key. Expected Base64 encoded "clientKey:secretKey"'
-    );
-  }
-}
-
 // src/core/internal/errors/index.ts
 var SDKError = class extends Error {
   constructor(code, message, status, details, userMessage, suggestion) {
@@ -197,7 +118,6 @@ function isUsageLimitError(error) {
   return error instanceof UsageLimitError;
 }
 var createNetworkError = (message, status, details, userMessage, suggestion) => new NetworkError(message, status, details, userMessage, suggestion);
-var createValidationError = (message, details, userMessage, suggestion) => new ValidationError(message, details, userMessage, suggestion);
 var createApiError = (message, status, details, userMessage, suggestion) => new ApiError(message, status, details, userMessage, suggestion);
 var createConfigError = (message, details, userMessage, suggestion) => new ConfigError(message, details, userMessage, suggestion);
 var createTimeoutError = (message, details, userMessage, suggestion) => new TimeoutError(message, details, userMessage, suggestion);
@@ -291,24 +211,24 @@ async function delay(ms) {
 }
 async function httpFetch(url, options) {
   const {
-    clientKey,
+    publishableKey,
     secretKey,
     customerToken,
     timeout = DEFAULT_TIMEOUT,
-    baseUrl = resolveApiUrl(),
     debug,
     retry,
     onUnauthorized,
     ...requestInit
   } = options || {};
+  const baseUrl = resolveApiUrl();
   const retryConfig = {
     maxRetries: retry?.maxRetries ?? 3,
     retryableStatuses: retry?.retryableStatuses ?? DEFAULT_RETRYABLE_STATUSES,
     retryDelay: retry?.retryDelay ?? ((attempt) => Math.min(1e3 * 2 ** attempt, 1e4))
   };
   let authToken;
-  if (secretKey && clientKey) {
-    authToken = await createServerToken(clientKey, secretKey);
+  if (secretKey) {
+    authToken = secretKey;
   } else if (customerToken) {
     authToken = customerToken;
   }
@@ -317,8 +237,8 @@ async function httpFetch(url, options) {
   for (let attempt = 0; attempt <= retryConfig.maxRetries; attempt++) {
     try {
       const headers = new Headers(requestInit.headers);
-      if (clientKey) {
-        headers.set("X-Client-Key", clientKey);
+      if (publishableKey) {
+        headers.set("X-Publishable-Key", publishableKey);
       }
       if (authToken) {
         headers.set("Authorization", `Bearer ${authToken}`);
@@ -509,23 +429,18 @@ async function parseApiResponse(response, endpoint) {
 // src/core/api/base-api.ts
 var BaseApi = class {
   constructor(apiName, options) {
-    if (!options.clientKey) {
-      throw createConfigError(`clientKey is required for ${apiName}.`);
-    }
     if (!options.secretKey) {
       throw createConfigError(`secretKey is required for ${apiName}.`);
     }
-    this.clientKey = options.clientKey;
+    this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
-    this.baseUrl = options.baseUrl;
   }
   async request(endpoint, body, options) {
     const method = options?.method ?? "POST";
     const response = await httpFetch(endpoint, {
       method,
-      clientKey: this.clientKey,
+      publishableKey: this.publishableKey,
       secretKey: this.secretKey,
-      baseUrl: this.baseUrl,
       ...body !== void 0 && { body: JSON.stringify(body) },
       ...options?.headers && { headers: options.headers }
     });
@@ -588,28 +503,23 @@ var OrderApi = class extends BaseApi {
 // src/core/api/cart-api.ts
 var CartApi = class {
   constructor(options) {
-    if (!options.clientKey) {
-      throw createConfigError("clientKey is required for CartApi.");
-    }
     if (!options.secretKey && !options.customerToken) {
       throw createConfigError(
         "Either secretKey or customerToken is required for CartApi."
       );
     }
-    this.clientKey = options.clientKey;
+    this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
     this.customerToken = options.customerToken;
-    this.baseUrl = options.baseUrl;
     this.onUnauthorized = options.onUnauthorized;
   }
   async execute(endpoint, method, body) {
     const token = typeof this.customerToken === "function" ? this.customerToken() : this.customerToken;
     const response = await httpFetch(endpoint, {
       method,
-      clientKey: this.clientKey,
+      publishableKey: this.publishableKey,
       secretKey: this.secretKey,
       customerToken: token ?? void 0,
-      baseUrl: this.baseUrl,
       ...token && this.onUnauthorized && { onUnauthorized: this.onUnauthorized },
       ...body !== void 0 && { body: JSON.stringify(body) }
     });
@@ -856,21 +766,16 @@ var CollectionQueryBuilder = class {
 // src/core/collection/http-client.ts
 import { stringify } from "qs-esm";
 var HttpClient = class {
-  constructor(clientKey, secretKey, baseUrl, getCustomerToken, onUnauthorized) {
-    if (!clientKey) {
-      throw createValidationError("clientKey is required.");
-    }
-    this.clientKey = clientKey;
+  constructor(publishableKey, secretKey, getCustomerToken, onUnauthorized) {
+    this.publishableKey = publishableKey;
     this.secretKey = secretKey;
-    this.baseUrl = baseUrl;
     this.getCustomerToken = getCustomerToken;
     this.onUnauthorized = onUnauthorized;
   }
   get defaultOptions() {
     const opts = {
-      clientKey: this.clientKey,
-      secretKey: this.secretKey,
-      baseUrl: this.baseUrl
+      publishableKey: this.publishableKey,
+      secretKey: this.secretKey
     };
     const token = this.getCustomerToken?.();
     if (token) {
@@ -985,9 +890,6 @@ function buildPayloadFormData(data, file, filename) {
   return formData;
 }
 var CollectionClient = class extends HttpClient {
-  constructor(clientKey, secretKey, baseUrl, getCustomerToken, onUnauthorized) {
-    super(clientKey, secretKey, baseUrl, getCustomerToken, onUnauthorized);
-  }
   from(collection) {
     return new CollectionQueryBuilder(this, collection);
   }
@@ -1189,23 +1091,18 @@ var COLLECTIONS = [
 // src/core/community/community-client.ts
 var CommunityClient = class {
   constructor(options) {
-    if (!options.clientKey) {
-      throw createConfigError("clientKey is required for CommunityClient.");
-    }
-    this.clientKey = options.clientKey;
+    this.publishableKey = options.publishableKey ?? "";
     this.secretKey = options.secretKey;
     this.customerToken = options.customerToken;
-    this.baseUrl = options.baseUrl;
     this.onUnauthorized = options.onUnauthorized;
   }
   async execute(endpoint, method, body) {
     const token = typeof this.customerToken === "function" ? this.customerToken() : this.customerToken;
     const response = await httpFetch(endpoint, {
       method,
-      clientKey: this.clientKey,
+      publishableKey: this.publishableKey,
       secretKey: this.secretKey,
       customerToken: token ?? void 0,
-      baseUrl: this.baseUrl,
       ...token && this.onUnauthorized && { onUnauthorized: this.onUnauthorized },
       ...body !== void 0 && { body: JSON.stringify(body) }
     });
@@ -1382,10 +1279,10 @@ function safeGetItem(key) {
   }
 }
 var CustomerAuth = class {
-  constructor(clientKey, baseUrl, options) {
+  constructor(publishableKey, options) {
     this.refreshPromise = null;
-    this.clientKey = clientKey;
-    this.baseUrl = baseUrl;
+    this.publishableKey = publishableKey;
+    this.baseUrl = resolveApiUrl();
     const persist = options?.persist ?? true;
     if (persist) {
       const key = typeof persist === "string" ? persist : "customer-token";
@@ -1571,7 +1468,7 @@ var CustomerAuth = class {
    */
   async requestJson(path, init) {
     const headers = new Headers(init.headers);
-    headers.set("X-Client-Key", this.clientKey);
+    headers.set("X-Publishable-Key", this.publishableKey);
     if (!headers.has("Content-Type") && init.body) {
       headers.set("Content-Type", "application/json");
     }
@@ -2064,11 +1961,11 @@ var QueryHooks = class extends CollectionHooks {
 // src/core/client/client.ts
 var Client = class {
   constructor(options) {
-    if (!options.clientKey) {
-      throw createConfigError("clientKey is required.");
+    const publishableKey = options.publishableKey;
+    if (!publishableKey) {
+      throw createConfigError("publishableKey is required.");
     }
-    this.config = { ...options };
-    this.baseUrl = resolveApiUrl();
+    this.config = { ...options, publishableKey };
     const metadata = {
       timestamp: Date.now(),
       userAgent: typeof window !== "undefined" ? window.navigator?.userAgent : "Node.js"
@@ -2076,8 +1973,7 @@ var Client = class {
     this.state = { metadata };
     this.queryClient = getQueryClient();
     this.customer = new CustomerAuth(
-      this.config.clientKey,
-      this.baseUrl,
+      this.config.publishableKey,
       options.customer
     );
     const onUnauthorized = async () => {
@@ -2089,21 +1985,18 @@ var Client = class {
       }
     };
     this.cart = new CartApi({
-      clientKey: this.config.clientKey,
+      publishableKey: this.config.publishableKey,
       customerToken: () => this.customer.getToken(),
-      baseUrl: this.baseUrl,
       onUnauthorized
     });
     this.community = new CommunityClient({
-      clientKey: this.config.clientKey,
+      publishableKey: this.config.publishableKey,
       customerToken: () => this.customer.getToken(),
-      baseUrl: this.baseUrl,
       onUnauthorized
     });
     this.collections = new CollectionClient(
-      this.config.clientKey,
+      this.config.publishableKey,
       void 0,
-      this.baseUrl,
       () => this.customer.getToken(),
       onUnauthorized
     );
@@ -2135,43 +2028,39 @@ var ServerClient = class {
         "ServerClient must not be used in a browser environment. This risks exposing your secretKey in client bundles. Use createClient() for browser code instead."
       );
     }
-    if (!options.clientKey) {
-      throw createConfigError("clientKey is required.");
-    }
     if (!options.secretKey) {
       throw createConfigError("secretKey is required.");
     }
-    this.config = { ...options };
-    this.baseUrl = resolveApiUrl();
+    if (!options.publishableKey) {
+      throw createConfigError(
+        "publishableKey is required. It is used for rate limiting and monthly quota enforcement via the X-Publishable-Key header. Get it from Console > Settings > API Keys."
+      );
+    }
+    this.config = { ...options, publishableKey: options.publishableKey };
     const metadata = {
       timestamp: Date.now(),
       userAgent: "Node.js"
     };
     this.state = { metadata };
     this.api = new OrderApi({
-      clientKey: this.config.clientKey,
-      secretKey: this.config.secretKey,
-      baseUrl: this.baseUrl
+      publishableKey: this.config.publishableKey,
+      secretKey: this.config.secretKey
     });
     this.cart = new CartApi({
-      clientKey: this.config.clientKey,
-      secretKey: this.config.secretKey,
-      baseUrl: this.baseUrl
+      publishableKey: this.config.publishableKey,
+      secretKey: this.config.secretKey
     });
     this.community = new CommunityClient({
-      clientKey: this.config.clientKey,
-      secretKey: this.config.secretKey,
-      baseUrl: this.baseUrl
+      publishableKey: this.config.publishableKey,
+      secretKey: this.config.secretKey
     });
     this.product = new ProductApi({
-      clientKey: this.config.clientKey,
-      secretKey: this.config.secretKey,
-      baseUrl: this.baseUrl
+      publishableKey: this.config.publishableKey,
+      secretKey: this.config.secretKey
     });
     this.collections = new CollectionClient(
-      this.config.clientKey,
-      this.config.secretKey,
-      this.baseUrl
+      this.config.publishableKey,
+      this.config.secretKey
     );
     this.queryClient = getQueryClient();
     this.query = new QueryHooks(this.queryClient, this.collections);
@@ -2197,9 +2086,9 @@ var MAX_RECONNECT_DELAY = 3e4;
 var RECONNECT_BACKOFF_FACTOR = 2;
 var MAX_NO_TOKEN_RETRIES = 5;
 var RealtimeConnection = class {
-  constructor(baseUrl, clientKey, getToken, collections) {
+  constructor(baseUrl, publishableKey, getToken, collections) {
     this.baseUrl = baseUrl;
-    this.clientKey = clientKey;
+    this.publishableKey = publishableKey;
     this.getToken = getToken;
     this.collections = collections;
     this.abortController = null;
@@ -2252,7 +2141,7 @@ var RealtimeConnection = class {
     try {
       const response = await fetch(url, {
         headers: {
-          "X-Client-Key": this.clientKey,
+          "X-Publishable-Key": this.publishableKey,
           Authorization: `Bearer ${token}`
         },
         signal
@@ -2546,13 +2435,10 @@ export {
   UsageLimitError,
   ValidationError,
   collectionKeys,
-  createApiKey,
   createClient,
   createServerClient,
-  createServerToken,
   createTypedWebhookHandler,
   customerKeys,
-  decodeServerToken,
   formatOrderName,
   generateOrderNumber,
   getImageLqip,
@@ -2577,8 +2463,6 @@ export {
   isUsageLimitError,
   isValidWebhookEvent,
   isValidationError,
-  parseApiKey,
-  resolveRelation,
-  verifyServerToken
+  resolveRelation
 };
 //# sourceMappingURL=index.js.map