@base44-preview/sdk 0.8.35-pr.212.23f3cb2 → 0.8.35-pr.212.36b2685

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/client.js CHANGED
@@ -12,7 +12,7 @@ import { createAppLogsModule } from "./modules/app-logs.js";
12
12
  import { createUsersModule } from "./modules/users.js";
13
13
  import { RoomsSocket } from "./utils/socket-utils.js";
14
14
  import { createAnalyticsModule } from "./modules/analytics.js";
15
- import { createRealtimeModule, pushUserTokenToActiveSockets } from "./modules/realtime.js";
15
+ import { createRealtimeModule } from "./modules/realtime.js";
16
16
  /**
17
17
  * Creates a Base44 client.
18
18
  *
@@ -124,21 +124,6 @@ export function createClient(config) {
124
124
  appBaseUrl: normalizedAppBaseUrl,
125
125
  serverUrl,
126
126
  });
127
- // Current user session token (axios defaults are the single source of truth —
128
- // createClient({token}) and every setToken() land there). Used for in-band
129
- // realtime auth; read lazily so refreshes are always picked up.
130
- const getUserToken = () => {
131
- var _a;
132
- const h = (_a = axiosClient.defaults.headers.common) === null || _a === void 0 ? void 0 : _a["Authorization"];
133
- return typeof h === "string" && h.startsWith("Bearer ") ? h.slice(7) : null;
134
- };
135
- // Login / token refresh must reach long-lived realtime sockets too, so the
136
- // handler-side credential never goes stale mid-connection.
137
- const originalSetToken = userAuthModule.setToken.bind(userAuthModule);
138
- userAuthModule.setToken = (newToken, saveToStorage) => {
139
- originalSetToken(newToken, saveToStorage);
140
- pushUserTokenToActiveSockets(newToken);
141
- };
142
127
  // Apply the access token before any module that may issue authenticated
143
128
  // requests during construction (notably analytics, which fires an init
144
129
  // event whose flush calls auth.me()). Without this, the first User/me
@@ -189,22 +174,13 @@ export function createClient(config) {
189
174
  realtime: createRealtimeModule({
190
175
  appId,
191
176
  dispatcherWsUrl: resolvedDispatcherWsUrl,
192
- getUserToken,
193
177
  getToken: async (handlerName, instanceId, connId) => {
194
178
  // axiosClient interceptors unwrap response.data, so the result is the body directly.
195
179
  // conn_id rides inside the signed token (not a WS query param) so it survives
196
180
  // proxies that strip params; the dispatcher forwards it as the handler's conn.id.
197
181
  // Base44-Functions-Version rides along (like function calls) so live apps get
198
182
  // tokens for the *published* realtime script and previews get the draft.
199
- const data = await axiosClient.post(`/apps/${appId}/realtime-token`, {
200
- handler_name: handlerName,
201
- instance_id: instanceId,
202
- conn_id: connId,
203
- // Declares "an __auth message follows right after connect" — the
204
- // handler delays handleConnect until it arrives (signed into the
205
- // token so old SDKs, which never send __auth, are never waited on).
206
- supports_inband_auth: getUserToken() != null,
207
- }, functionsVersion
183
+ const data = await axiosClient.post(`/apps/${appId}/realtime-token`, { handler_name: handlerName, instance_id: instanceId, conn_id: connId }, functionsVersion
208
184
  ? { headers: { "Base44-Functions-Version": functionsVersion } }
209
185
  : undefined);
210
186
  return data.token;
@@ -1,13 +1,6 @@
1
- /** Push a (new) user session token to every open realtime socket — called on
2
- * login/refresh so long-lived connections keep a valid credential server-side. */
3
- export declare function pushUserTokenToActiveSockets(token: string): void;
4
1
  export declare function createRealtimeModule(config: {
5
2
  appId: string;
6
3
  getToken(handlerName: string, instanceId: string, connId: string): Promise<string>;
7
- /** Current user session token, if signed in. Sent in-band ({type:"__auth"})
8
- * right after every socket open — never in the URL — so the handler can act
9
- * as this user (createUserClient / RLS). */
10
- getUserToken?: () => string | null;
11
4
  dispatcherWsUrl: string;
12
5
  }): Record<string, RealtimeHandler>;
13
6
  /** Handle for an active realtime subscription. */
@@ -4,19 +4,6 @@ const activeSockets = new Map();
4
4
  function socketKey(handlerName, instanceId) {
5
5
  return `${handlerName}:${instanceId}`;
6
6
  }
7
- /** Push a (new) user session token to every open realtime socket — called on
8
- * login/refresh so long-lived connections keep a valid credential server-side. */
9
- export function pushUserTokenToActiveSockets(token) {
10
- if (!token)
11
- return;
12
- const payload = JSON.stringify({ type: "__auth", token });
13
- for (const ws of activeSockets.values()) {
14
- try {
15
- ws.send(payload);
16
- }
17
- catch ( /* not open — the open handler will send */_a) { /* not open — the open handler will send */ }
18
- }
19
- }
20
7
  export function createRealtimeModule(config) {
21
8
  return new Proxy({}, {
22
9
  get(_, handlerName) {
@@ -41,21 +28,6 @@ export function createRealtimeModule(config) {
41
28
  query: () => config.getToken(handlerName, instanceId, connId).then((token) => ({ token })),
42
29
  });
43
30
  activeSockets.set(key, ws);
44
- // In-band credential delivery (Supabase-style): the user token rides the
45
- // open socket, never the URL. Sent on every open (incl. reconnects); the
46
- // server may also nudge with {type:"__auth_required"} (e.g. just before
47
- // the held token expires) and we answer with the current one.
48
- const sendAuth = () => {
49
- var _a;
50
- const t = (_a = config.getUserToken) === null || _a === void 0 ? void 0 : _a.call(config);
51
- if (t) {
52
- try {
53
- ws.send(JSON.stringify({ type: "__auth", token: t }));
54
- }
55
- catch ( /* not open */_b) { /* not open */ }
56
- }
57
- };
58
- ws.addEventListener("open", sendAuth);
59
31
  // Heartbeat / half-open detection. PartySocket only reconnects on a
60
32
  // browser close/error event, so a silently-dead connection (TCP alive,
61
33
  // no data — common behind proxies/LBs) hangs until the OS idle timeout
@@ -77,14 +49,9 @@ export function createRealtimeModule(config) {
77
49
  catch (_a) {
78
50
  return; // ignore malformed
79
51
  }
80
- // Swallow platform messages — never surface them to the app.
81
- const msgType = data && typeof data === "object" ? data.type : undefined;
82
- if (msgType === "__pong")
52
+ // Swallow heartbeat acks — never surface them to the app.
53
+ if (data && typeof data === "object" && data.type === "__pong")
83
54
  return;
84
- if (msgType === "__auth_required") {
85
- sendAuth();
86
- return;
87
- }
88
55
  callback(data);
89
56
  });
90
57
  const heartbeat = setInterval(() => {
@@ -68,19 +68,5 @@ export declare abstract class RealtimeHandler<Incoming = unknown, Outgoing = unk
68
68
  protected stopLoop(): Promise<void>;
69
69
  protected get instanceId(): string;
70
70
  protected get storage(): Storage;
71
- /**
72
- * SDK client acting **as the connected user** — every entity call respects
73
- * the app's row-level security, evaluated as that user at call time. The
74
- * default wherever a `conn` is in scope (connect/message/close).
75
- *
76
- * Throws if the connection carries no user credential (anonymous visitor,
77
- * signed-out session, or an app SDK that predates in-band auth).
78
- */
79
- protected createUserClient(conn: Conn): Base44Client;
80
- /**
81
- * Service-role SDK client — bypasses RLS. For work with **no user in scope**
82
- * (tick, alarm, onStart). Inside handleMessage/handleConnect prefer
83
- * `createUserClient(conn)`.
84
- */
85
71
  protected createServiceClient(): Base44Client;
86
72
  }
@@ -56,23 +56,6 @@ export class RealtimeHandler {
56
56
  get storage() {
57
57
  throw new Error("RealtimeHandler.storage is only available inside a deployed handler");
58
58
  }
59
- /**
60
- * SDK client acting **as the connected user** — every entity call respects
61
- * the app's row-level security, evaluated as that user at call time. The
62
- * default wherever a `conn` is in scope (connect/message/close).
63
- *
64
- * Throws if the connection carries no user credential (anonymous visitor,
65
- * signed-out session, or an app SDK that predates in-band auth).
66
- */
67
- createUserClient(conn) {
68
- void conn;
69
- throw new Error("RealtimeHandler.createUserClient() is only available inside a deployed handler");
70
- }
71
- /**
72
- * Service-role SDK client — bypasses RLS. For work with **no user in scope**
73
- * (tick, alarm, onStart). Inside handleMessage/handleConnect prefer
74
- * `createUserClient(conn)`.
75
- */
76
59
  createServiceClient() {
77
60
  throw new Error("RealtimeHandler.createServiceClient() is only available inside a deployed handler");
78
61
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@base44-preview/sdk",
3
- "version": "0.8.35-pr.212.23f3cb2",
3
+ "version": "0.8.35-pr.212.36b2685",
4
4
  "description": "JavaScript SDK for Base44 API",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",