@buildspacestudio/sdk 0.2.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/index.cjs +259 -0
- package/dist/auth/index.cjs.map +1 -0
- package/dist/auth/{server.d.ts → index.d.cts} +9 -6
- package/dist/auth/index.d.ts +118 -5
- package/dist/auth/index.js +255 -2
- package/dist/auth/index.js.map +1 -1
- package/dist/client/index.cjs +428 -0
- package/dist/client/index.cjs.map +1 -0
- package/dist/client/index.d.cts +85 -0
- package/dist/client/index.d.ts +8 -7
- package/dist/client/index.js +416 -105
- package/dist/client/index.js.map +1 -1
- package/dist/{auth/client.d.ts → client-BH7LbrKM.d.ts} +7 -5
- package/dist/client-C67hy1kt.d.cts +58 -0
- package/dist/{events/client.d.ts → client-Dlif1JBf.d.ts} +5 -3
- package/dist/{auth/client.js → client-DqWXAwCr.d.cts} +27 -30
- package/dist/events/index.cjs +131 -0
- package/dist/events/index.cjs.map +1 -0
- package/dist/events/{server.d.ts → index.d.cts} +7 -4
- package/dist/events/index.d.ts +59 -4
- package/dist/events/index.js +127 -2
- package/dist/events/index.js.map +1 -1
- package/dist/http-U-zzKmFF.d.cts +100 -0
- package/dist/http-U-zzKmFF.d.ts +100 -0
- package/dist/index.cjs +801 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +87 -0
- package/dist/index.d.ts +16 -15
- package/dist/index.js +785 -106
- package/dist/index.js.map +1 -1
- package/dist/notifications/index.cjs +56 -0
- package/dist/notifications/index.cjs.map +1 -0
- package/dist/notifications/{server.d.ts → index.d.cts} +8 -6
- package/dist/notifications/index.d.ts +79 -3
- package/dist/notifications/index.js +53 -1
- package/dist/notifications/index.js.map +1 -1
- package/dist/storage/index.cjs +213 -0
- package/dist/storage/index.cjs.map +1 -0
- package/dist/storage/index.d.cts +195 -0
- package/dist/storage/index.d.ts +195 -5
- package/dist/storage/index.js +209 -2
- package/dist/storage/index.js.map +1 -1
- package/package.json +75 -16
- package/dist/auth/client.d.ts.map +0 -1
- package/dist/auth/client.js.map +0 -1
- package/dist/auth/index.d.ts.map +0 -1
- package/dist/auth/server.d.ts.map +0 -1
- package/dist/auth/server.js +0 -148
- package/dist/auth/server.js.map +0 -1
- package/dist/client/index.d.ts.map +0 -1
- package/dist/config.d.ts +0 -40
- package/dist/config.d.ts.map +0 -1
- package/dist/config.js +0 -27
- package/dist/config.js.map +0 -1
- package/dist/errors.d.ts +0 -31
- package/dist/errors.d.ts.map +0 -1
- package/dist/errors.js +0 -30
- package/dist/errors.js.map +0 -1
- package/dist/events/client.d.ts.map +0 -1
- package/dist/events/client.js +0 -97
- package/dist/events/client.js.map +0 -1
- package/dist/events/index.d.ts.map +0 -1
- package/dist/events/server.d.ts.map +0 -1
- package/dist/events/server.js +0 -65
- package/dist/events/server.js.map +0 -1
- package/dist/http.d.ts +0 -39
- package/dist/http.d.ts.map +0 -1
- package/dist/http.js +0 -74
- package/dist/http.js.map +0 -1
- package/dist/index.d.ts.map +0 -1
- package/dist/notifications/index.d.ts.map +0 -1
- package/dist/notifications/server.d.ts.map +0 -1
- package/dist/notifications/server.js +0 -73
- package/dist/notifications/server.js.map +0 -1
- package/dist/storage/client.d.ts +0 -91
- package/dist/storage/client.d.ts.map +0 -1
- package/dist/storage/client.js +0 -117
- package/dist/storage/client.js.map +0 -1
- package/dist/storage/index.d.ts.map +0 -1
- package/dist/storage/server.d.ts +0 -104
- package/dist/storage/server.d.ts.map +0 -1
- package/dist/storage/server.js +0 -104
- package/dist/storage/server.js.map +0 -1
|
@@ -0,0 +1,259 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
// src/auth/client.ts
|
|
4
|
+
var AuthClientNamespace = class {
|
|
5
|
+
transport;
|
|
6
|
+
constructor(transport) {
|
|
7
|
+
this.transport = transport;
|
|
8
|
+
}
|
|
9
|
+
/**
|
|
10
|
+
* Build a URL that redirects the user to the Buildspace sign-in page.
|
|
11
|
+
*
|
|
12
|
+
* After the user authenticates, they are redirected back to `redirectUri`
|
|
13
|
+
* with a `?code=` parameter that can be exchanged for tokens via
|
|
14
|
+
* `buildspace.auth.handleCallback()` on the server.
|
|
15
|
+
*
|
|
16
|
+
* @param opts - Sign-in URL options.
|
|
17
|
+
* @returns The full sign-in URL as a string.
|
|
18
|
+
*/
|
|
19
|
+
getSignInUrl(opts) {
|
|
20
|
+
const url = new URL("/sign-in", this.transport.loginUrl);
|
|
21
|
+
if (opts.appSlug) {
|
|
22
|
+
url.searchParams.set("app", opts.appSlug);
|
|
23
|
+
}
|
|
24
|
+
url.searchParams.set("redirect_uri", opts.redirectUri);
|
|
25
|
+
url.searchParams.set("client_id", this.transport.key);
|
|
26
|
+
if (opts.env) {
|
|
27
|
+
url.searchParams.set("env", opts.env);
|
|
28
|
+
}
|
|
29
|
+
return url.toString();
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Build a URL that redirects the user to the Buildspace sign-up page.
|
|
33
|
+
*
|
|
34
|
+
* Works identically to {@link getSignInUrl} but directs the user to the
|
|
35
|
+
* registration flow instead.
|
|
36
|
+
*
|
|
37
|
+
* @param opts - Sign-up URL options.
|
|
38
|
+
* @returns The full sign-up URL as a string.
|
|
39
|
+
*/
|
|
40
|
+
getSignUpUrl(opts) {
|
|
41
|
+
const url = new URL("/sign-up", this.transport.loginUrl);
|
|
42
|
+
if (opts.appSlug) {
|
|
43
|
+
url.searchParams.set("app", opts.appSlug);
|
|
44
|
+
}
|
|
45
|
+
url.searchParams.set("redirect_uri", opts.redirectUri);
|
|
46
|
+
url.searchParams.set("client_id", this.transport.key);
|
|
47
|
+
if (opts.env) {
|
|
48
|
+
url.searchParams.set("env", opts.env);
|
|
49
|
+
}
|
|
50
|
+
return url.toString();
|
|
51
|
+
}
|
|
52
|
+
};
|
|
53
|
+
|
|
54
|
+
// src/errors.ts
|
|
55
|
+
var BuildspaceError = class extends Error {
|
|
56
|
+
/** Machine-readable error code, e.g. `"auth/invalid-token"`. */
|
|
57
|
+
code;
|
|
58
|
+
/** Which service produced the error. */
|
|
59
|
+
service;
|
|
60
|
+
/** HTTP status code from the API. */
|
|
61
|
+
status;
|
|
62
|
+
constructor({
|
|
63
|
+
code,
|
|
64
|
+
message,
|
|
65
|
+
service,
|
|
66
|
+
status
|
|
67
|
+
}) {
|
|
68
|
+
super(message);
|
|
69
|
+
this.name = "BuildspaceError";
|
|
70
|
+
this.code = code;
|
|
71
|
+
this.service = service;
|
|
72
|
+
this.status = status;
|
|
73
|
+
}
|
|
74
|
+
};
|
|
75
|
+
|
|
76
|
+
// src/auth/server.ts
|
|
77
|
+
var LOOPBACK_HOSTS = /* @__PURE__ */ new Set(["127.0.0.1", "localhost", "::1", "0.0.0.0"]);
|
|
78
|
+
var FORWARDED_HOST_RE = /host="?([^;"]+)"?/i;
|
|
79
|
+
var FORWARDED_PROTO_RE = /proto="?([^;"]+)"?/i;
|
|
80
|
+
function getFirstForwardedValue(value) {
|
|
81
|
+
if (!value) {
|
|
82
|
+
return null;
|
|
83
|
+
}
|
|
84
|
+
return value.split(",").map((part) => part.trim()).find(Boolean) ?? null;
|
|
85
|
+
}
|
|
86
|
+
function stripPort(host) {
|
|
87
|
+
if (host.startsWith("[") && host.includes("]")) {
|
|
88
|
+
return host.slice(1, host.indexOf("]"));
|
|
89
|
+
}
|
|
90
|
+
const colonIndex = host.indexOf(":");
|
|
91
|
+
return colonIndex >= 0 ? host.slice(0, colonIndex) : host;
|
|
92
|
+
}
|
|
93
|
+
function isPrivateIpv4(hostname) {
|
|
94
|
+
const parts = hostname.split(".").map((part) => Number(part));
|
|
95
|
+
if (parts.length !== 4 || parts.some((part) => Number.isNaN(part) || part < 0 || part > 255)) {
|
|
96
|
+
return false;
|
|
97
|
+
}
|
|
98
|
+
return parts[0] === 10 || parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31 || parts[0] === 192 && parts[1] === 168;
|
|
99
|
+
}
|
|
100
|
+
function isInternalHostname(hostname) {
|
|
101
|
+
const normalized = hostname.toLowerCase();
|
|
102
|
+
return LOOPBACK_HOSTS.has(normalized) || normalized.endsWith(".local") || normalized.endsWith(".internal") || isPrivateIpv4(normalized);
|
|
103
|
+
}
|
|
104
|
+
function getForwardedOrigin(request) {
|
|
105
|
+
const forwarded = getFirstForwardedValue(request.headers.get("forwarded"));
|
|
106
|
+
if (forwarded) {
|
|
107
|
+
const forwardedHost2 = forwarded.match(FORWARDED_HOST_RE)?.[1]?.trim();
|
|
108
|
+
const forwardedProto2 = forwarded.match(FORWARDED_PROTO_RE)?.[1]?.trim();
|
|
109
|
+
if (forwardedHost2 && forwardedProto2) {
|
|
110
|
+
return `${forwardedProto2}://${forwardedHost2}`;
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
const forwardedHost = getFirstForwardedValue(request.headers.get("x-forwarded-host"));
|
|
114
|
+
const forwardedProto = getFirstForwardedValue(request.headers.get("x-forwarded-proto"));
|
|
115
|
+
if (forwardedHost && forwardedProto) {
|
|
116
|
+
return `${forwardedProto}://${forwardedHost}`;
|
|
117
|
+
}
|
|
118
|
+
return null;
|
|
119
|
+
}
|
|
120
|
+
function resolveDefaultRedirectUri(request, url) {
|
|
121
|
+
if (!(request instanceof Request)) {
|
|
122
|
+
return `${url.origin}${url.pathname}`;
|
|
123
|
+
}
|
|
124
|
+
const forwardedOrigin = getForwardedOrigin(request);
|
|
125
|
+
if (forwardedOrigin) {
|
|
126
|
+
return `${forwardedOrigin}${url.pathname}`;
|
|
127
|
+
}
|
|
128
|
+
const hostHeader = request.headers.get("host")?.trim();
|
|
129
|
+
if (hostHeader && !isInternalHostname(stripPort(hostHeader))) {
|
|
130
|
+
return `${url.protocol}//${hostHeader}${url.pathname}`;
|
|
131
|
+
}
|
|
132
|
+
if (!isInternalHostname(url.hostname)) {
|
|
133
|
+
return `${url.origin}${url.pathname}`;
|
|
134
|
+
}
|
|
135
|
+
return `${url.origin}${url.pathname}`;
|
|
136
|
+
}
|
|
137
|
+
var AuthServerNamespace = class {
|
|
138
|
+
transport;
|
|
139
|
+
constructor(transport) {
|
|
140
|
+
this.transport = transport;
|
|
141
|
+
}
|
|
142
|
+
/**
|
|
143
|
+
* Retrieve the session associated with a token.
|
|
144
|
+
*
|
|
145
|
+
* Returns the {@link AuthSession} if valid, or `null` if the token is
|
|
146
|
+
* expired, revoked, or invalid (401/404).
|
|
147
|
+
*
|
|
148
|
+
* @throws {BuildspaceError} On unexpected server errors (5xx, network issues).
|
|
149
|
+
*/
|
|
150
|
+
async getSession(sessionToken) {
|
|
151
|
+
try {
|
|
152
|
+
return await this.transport.request({
|
|
153
|
+
service: "auth",
|
|
154
|
+
path: "/v1/auth/session",
|
|
155
|
+
headers: { "X-Session-Token": sessionToken }
|
|
156
|
+
});
|
|
157
|
+
} catch (error) {
|
|
158
|
+
if (error instanceof BuildspaceError && (error.status === 401 || error.status === 404)) {
|
|
159
|
+
return null;
|
|
160
|
+
}
|
|
161
|
+
throw error;
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
/**
|
|
165
|
+
* Exchange an OAuth authorization code for tokens.
|
|
166
|
+
*
|
|
167
|
+
* Extracts the `code` query parameter from the callback URL and exchanges
|
|
168
|
+
* it with the Buildspace API for an access token and user info.
|
|
169
|
+
*
|
|
170
|
+
* @param request - The incoming callback request. Accepts a `Request` object,
|
|
171
|
+
* a `URL`, or a raw URL string containing the `?code=` parameter.
|
|
172
|
+
* @param opts - Optional settings.
|
|
173
|
+
* @param opts.redirectUri - Override the redirect URI sent to the token endpoint.
|
|
174
|
+
* Defaults to the origin + pathname of the callback URL.
|
|
175
|
+
* @returns The token response containing `access_token`, `expires_in`, and `user`.
|
|
176
|
+
*
|
|
177
|
+
* @throws {BuildspaceError} If the code exchange fails (invalid code, expired, etc.).
|
|
178
|
+
*
|
|
179
|
+
* @example
|
|
180
|
+
* ```ts
|
|
181
|
+
* // Next.js Route Handler
|
|
182
|
+
* export async function GET(request: Request) {
|
|
183
|
+
* const { access_token, user } = await buildspace.auth.handleCallback(request);
|
|
184
|
+
* // Store access_token as a session cookie
|
|
185
|
+
* }
|
|
186
|
+
* ```
|
|
187
|
+
*/
|
|
188
|
+
handleCallback(request, opts) {
|
|
189
|
+
let url;
|
|
190
|
+
if (typeof request === "string") {
|
|
191
|
+
url = new URL(request);
|
|
192
|
+
} else if (request instanceof URL) {
|
|
193
|
+
url = request;
|
|
194
|
+
} else {
|
|
195
|
+
url = new URL(request.url);
|
|
196
|
+
}
|
|
197
|
+
const code = url.searchParams.get("code");
|
|
198
|
+
if (!code) {
|
|
199
|
+
throw new BuildspaceError({
|
|
200
|
+
service: "auth",
|
|
201
|
+
status: 400,
|
|
202
|
+
code: "auth/missing-code",
|
|
203
|
+
message: "No auth code found in callback URL. Expected ?code= parameter."
|
|
204
|
+
});
|
|
205
|
+
}
|
|
206
|
+
const redirectUri = opts?.redirectUri ?? resolveDefaultRedirectUri(request, url);
|
|
207
|
+
return this.transport.request({
|
|
208
|
+
service: "auth",
|
|
209
|
+
path: "/v1/auth/token",
|
|
210
|
+
method: "POST",
|
|
211
|
+
body: {
|
|
212
|
+
code,
|
|
213
|
+
redirect_uri: redirectUri
|
|
214
|
+
}
|
|
215
|
+
});
|
|
216
|
+
}
|
|
217
|
+
/**
|
|
218
|
+
* Revoke a specific session token.
|
|
219
|
+
*
|
|
220
|
+
* @param sessionToken - The token to revoke.
|
|
221
|
+
* @throws {BuildspaceError} If the revocation fails.
|
|
222
|
+
*/
|
|
223
|
+
async revokeSession(sessionToken) {
|
|
224
|
+
await this.transport.request({
|
|
225
|
+
service: "auth",
|
|
226
|
+
path: "/v1/auth/session",
|
|
227
|
+
method: "DELETE",
|
|
228
|
+
headers: { "X-Session-Token": sessionToken }
|
|
229
|
+
});
|
|
230
|
+
}
|
|
231
|
+
/**
|
|
232
|
+
* Sign the user out by revoking the session and clearing the SDK's stored token.
|
|
233
|
+
*
|
|
234
|
+
* If the session is already expired or not found, the error is silently
|
|
235
|
+
* ignored and the local session is still cleared.
|
|
236
|
+
*
|
|
237
|
+
* @param sessionToken - Token to revoke. If omitted, uses the token
|
|
238
|
+
* previously set via `buildspace.setSession()`.
|
|
239
|
+
*/
|
|
240
|
+
async signOut(sessionToken) {
|
|
241
|
+
const token = sessionToken ?? this.transport.getSessionToken();
|
|
242
|
+
try {
|
|
243
|
+
if (token) {
|
|
244
|
+
await this.revokeSession(token);
|
|
245
|
+
}
|
|
246
|
+
} catch (error) {
|
|
247
|
+
if (!(error instanceof BuildspaceError && error.service === "auth" && (error.status === 401 || error.status === 404))) {
|
|
248
|
+
throw error;
|
|
249
|
+
}
|
|
250
|
+
} finally {
|
|
251
|
+
this.transport.clearSession();
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
};
|
|
255
|
+
|
|
256
|
+
exports.AuthClientNamespace = AuthClientNamespace;
|
|
257
|
+
exports.AuthServerNamespace = AuthServerNamespace;
|
|
258
|
+
//# sourceMappingURL=index.cjs.map
|
|
259
|
+
//# sourceMappingURL=index.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../src/auth/client.ts","../../src/errors.ts","../../src/auth/server.ts"],"names":["forwardedHost","forwardedProto"],"mappings":";;;AA0CO,IAAM,sBAAN,MAA0B;AAAA,EACd,SAAA;AAAA,EAEjB,YAAY,SAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,aAAa,IAAA,EAAgC;AAC3C,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,UAAA,EAAY,IAAA,CAAK,UAAU,QAAQ,CAAA;AAEvD,IAAA,IAAI,KAAK,OAAA,EAAS;AAChB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA;AAAA,IAC1C;AAEA,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,IAAA,CAAK,WAAW,CAAA;AACrD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,UAAU,GAAG,CAAA;AAEpD,IAAA,IAAI,KAAK,GAAA,EAAK;AACZ,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,KAAA,EAAO,IAAA,CAAK,GAAG,CAAA;AAAA,IACtC;AAEA,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,aAAa,IAAA,EAAgC;AAC3C,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,UAAA,EAAY,IAAA,CAAK,UAAU,QAAQ,CAAA;AAEvD,IAAA,IAAI,KAAK,OAAA,EAAS;AAChB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,KAAA,EAAO,IAAA,CAAK,OAAO,CAAA;AAAA,IAC1C;AAEA,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,IAAA,CAAK,WAAW,CAAA;AACrD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAa,IAAA,CAAK,UAAU,GAAG,CAAA;AAEpD,IAAA,IAAI,KAAK,GAAA,EAAK;AACZ,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,KAAA,EAAO,IAAA,CAAK,GAAG,CAAA;AAAA,IACtC;AAEA,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AACF;;;ACpFO,IAAM,eAAA,GAAN,cAA8B,KAAA,CAAM;AAAA;AAAA,EAEhC,IAAA;AAAA;AAAA,EAEA,OAAA;AAAA;AAAA,EAEA,MAAA;AAAA,EAET,WAAA,CAAY;AAAA,IACV,IAAA;AAAA,IACA,OAAA;AAAA,IACA,OAAA;AAAA,IACA;AAAA,GACF,EAKG;AACD,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,iBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AACf,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EAChB;AACF,CAAA;;;ACDA,IAAM,cAAA,uBAAqB,GAAA,CAAI,CAAC,aAAa,WAAA,EAAa,KAAA,EAAO,SAAS,CAAC,CAAA;AAC3E,IAAM,iBAAA,GAAoB,oBAAA;AAC1B,IAAM,kBAAA,GAAqB,qBAAA;AAE3B,SAAS,uBAAuB,KAAA,EAAqC;AACnE,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OACE,KAAA,CACG,KAAA,CAAM,GAAG,CAAA,CACT,GAAA,CAAI,CAAC,IAAA,KAAS,IAAA,CAAK,IAAA,EAAM,CAAA,CACzB,IAAA,CAAK,OAAO,CAAA,IAAK,IAAA;AAExB;AAEA,SAAS,UAAU,IAAA,EAAsB;AACvC,EAAA,IAAI,KAAK,UAAA,CAAW,GAAG,KAAK,IAAA,CAAK,QAAA,CAAS,GAAG,CAAA,EAAG;AAC9C,IAAA,OAAO,KAAK,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAC,CAAA;AAAA,EACxC;AAEA,EAAA,MAAM,UAAA,GAAa,IAAA,CAAK,OAAA,CAAQ,GAAG,CAAA;AACnC,EAAA,OAAO,cAAc,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,UAAU,CAAA,GAAI,IAAA;AACvD;AAEA,SAAS,cAAc,QAAA,EAA2B;AAChD,EAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA,CAAE,IAAI,CAAC,IAAA,KAAS,MAAA,CAAO,IAAI,CAAC,CAAA;AAC5D,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,IAAK,KAAA,CAAM,KAAK,CAAC,IAAA,KAAS,MAAA,CAAO,KAAA,CAAM,IAAI,CAAA,IAAK,IAAA,GAAO,CAAA,IAAK,IAAA,GAAO,GAAG,CAAA,EAAG;AAC5F,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,OACE,KAAA,CAAM,CAAC,CAAA,KAAM,EAAA,IACZ,MAAM,CAAC,CAAA,KAAM,GAAA,IAAO,KAAA,CAAM,CAAC,CAAA,IAAK,MAAM,KAAA,CAAM,CAAC,KAAK,EAAA,IAClD,KAAA,CAAM,CAAC,CAAA,KAAM,GAAA,IAAO,KAAA,CAAM,CAAC,CAAA,KAAM,GAAA;AAEtC;AAEA,SAAS,mBAAmB,QAAA,EAA2B;AACrD,EAAA,MAAM,UAAA,GAAa,SAAS,WAAA,EAAY;AAExC,EAAA,OACE,cAAA,CAAe,GAAA,CAAI,UAAU,CAAA,IAC7B,UAAA,CAAW,QAAA,CAAS,QAAQ,CAAA,IAC5B,UAAA,CAAW,QAAA,CAAS,WAAW,CAAA,IAC/B,cAAc,UAAU,CAAA;AAE5B;AAEA,SAAS,mBAAmB,OAAA,EAAiC;AAC3D,EAAA,MAAM,YAAY,sBAAA,CAAuB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,WAAW,CAAC,CAAA;AACzE,EAAA,IAAI,SAAA,EAAW;AACb,IAAA,MAAMA,iBAAgB,SAAA,CAAU,KAAA,CAAM,iBAAiB,CAAA,GAAI,CAAC,GAAG,IAAA,EAAK;AACpE,IAAA,MAAMC,kBAAiB,SAAA,CAAU,KAAA,CAAM,kBAAkB,CAAA,GAAI,CAAC,GAAG,IAAA,EAAK;AAEtE,IAAA,IAAID,kBAAiBC,eAAAA,EAAgB;AACnC,MAAA,OAAO,CAAA,EAAGA,eAAc,CAAA,GAAA,EAAMD,cAAa,CAAA,CAAA;AAAA,IAC7C;AAAA,EACF;AAEA,EAAA,MAAM,gBAAgB,sBAAA,CAAuB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAC,CAAA;AACpF,EAAA,MAAM,iBAAiB,sBAAA,CAAuB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAC,CAAA;AAEtF,EAAA,IAAI,iBAAiB,cAAA,EAAgB;AACnC,IAAA,OAAO,CAAA,EAAG,cAAc,CAAA,GAAA,EAAM,aAAa,CAAA,CAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,yBAAA,CAA0B,SAAiC,GAAA,EAAkB;AACpF,EAAA,IAAI,EAAE,mBAAmB,OAAA,CAAA,EAAU;AACjC,IAAA,OAAO,CAAA,EAAG,GAAA,CAAI,MAAM,CAAA,EAAG,IAAI,QAAQ,CAAA,CAAA;AAAA,EACrC;AAEA,EAAA,MAAM,eAAA,GAAkB,mBAAmB,OAAO,CAAA;AAClD,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,OAAO,CAAA,EAAG,eAAe,CAAA,EAAG,GAAA,CAAI,QAAQ,CAAA,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,aAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,GAAG,IAAA,EAAK;AACrD,EAAA,IAAI,cAAc,CAAC,kBAAA,CAAmB,SAAA,CAAU,UAAU,CAAC,CAAA,EAAG;AAC5D,IAAA,OAAO,GAAG,GAAA,CAAI,QAAQ,KAAK,UAAU,CAAA,EAAG,IAAI,QAAQ,CAAA,CAAA;AAAA,EACtD;AAEA,EAAA,IAAI,CAAC,kBAAA,CAAmB,GAAA,CAAI,QAAQ,CAAA,EAAG;AACrC,IAAA,OAAO,CAAA,EAAG,GAAA,CAAI,MAAM,CAAA,EAAG,IAAI,QAAQ,CAAA,CAAA;AAAA,EACrC;AAEA,EAAA,OAAO,CAAA,EAAG,GAAA,CAAI,MAAM,CAAA,EAAG,IAAI,QAAQ,CAAA,CAAA;AACrC;AAuBO,IAAM,sBAAN,MAA0B;AAAA,EACd,SAAA;AAAA,EAEjB,YAAY,SAAA,EAA0B;AACpC,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,WAAW,YAAA,EAAmD;AAClE,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,SAAA,CAAU,OAAA,CAAqB;AAAA,QAC/C,OAAA,EAAS,MAAA;AAAA,QACT,IAAA,EAAM,kBAAA;AAAA,QACN,OAAA,EAAS,EAAE,iBAAA,EAAmB,YAAA;AAAa,OAC5C,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,eAAA,KAAoB,KAAA,CAAM,WAAW,GAAA,IAAO,KAAA,CAAM,WAAW,GAAA,CAAA,EAAM;AACtF,QAAA,OAAO,IAAA;AAAA,MACT;AACA,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA0BA,cAAA,CACE,SACA,IAAA,EACwB;AACxB,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI,OAAO,YAAY,QAAA,EAAU;AAC/B,MAAA,GAAA,GAAM,IAAI,IAAI,OAAO,CAAA;AAAA,IACvB,CAAA,MAAA,IAAW,mBAAmB,GAAA,EAAK;AACjC,MAAA,GAAA,GAAM,OAAA;AAAA,IACR,CAAA,MAAO;AACL,MAAA,GAAA,GAAM,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA;AAAA,IAC3B;AAEA,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,OAAA,EAAS,MAAA;AAAA,QACT,MAAA,EAAQ,GAAA;AAAA,QACR,IAAA,EAAM,mBAAA;AAAA,QACN,OAAA,EAAS;AAAA,OACV,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,WAAA,GAAc,IAAA,EAAM,WAAA,IAAe,yBAAA,CAA0B,SAAS,GAAG,CAAA;AAE/E,IAAA,OAAO,IAAA,CAAK,UAAU,OAAA,CAAuB;AAAA,MAC3C,OAAA,EAAS,MAAA;AAAA,MACT,IAAA,EAAM,gBAAA;AAAA,MACN,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM;AAAA,QACJ,IAAA;AAAA,QACA,YAAA,EAAc;AAAA;AAChB,KACD,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,YAAA,EAAqC;AACvD,IAAA,MAAM,IAAA,CAAK,UAAU,OAAA,CAAc;AAAA,MACjC,OAAA,EAAS,MAAA;AAAA,MACT,IAAA,EAAM,kBAAA;AAAA,MACN,MAAA,EAAQ,QAAA;AAAA,MACR,OAAA,EAAS,EAAE,iBAAA,EAAmB,YAAA;AAAa,KAC5C,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,QAAQ,YAAA,EAAsC;AAClD,IAAA,MAAM,KAAA,GAAQ,YAAA,IAAgB,IAAA,CAAK,SAAA,CAAU,eAAA,EAAgB;AAE7D,IAAA,IAAI;AACF,MAAA,IAAI,KAAA,EAAO;AACT,QAAA,MAAM,IAAA,CAAK,cAAc,KAAK,CAAA;AAAA,MAChC;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IACE,EACE,KAAA,YAAiB,eAAA,IACjB,KAAA,CAAM,OAAA,KAAY,MAAA,KACjB,KAAA,CAAM,MAAA,KAAW,GAAA,IAAO,KAAA,CAAM,MAAA,KAAW,GAAA,CAAA,CAAA,EAE5C;AACA,QAAA,MAAM,KAAA;AAAA,MACR;AAAA,IACF,CAAA,SAAE;AACA,MAAA,IAAA,CAAK,UAAU,YAAA,EAAa;AAAA,IAC9B;AAAA,EACF;AACF","file":"index.cjs","sourcesContent":["import type { HttpTransport } from \"../http\";\n\n/** Options for generating a sign-in URL. */\nexport interface SignInUrlOptions {\n /** App slug to scope the login to a specific creator app. */\n appSlug?: string;\n /** Environment to authenticate against. */\n env?: \"dev\" | \"prod\";\n /** URL to redirect the user to after authentication completes. */\n redirectUri: string;\n}\n\n/** Options for generating a sign-up URL. */\nexport interface SignUpUrlOptions {\n /** App slug to scope the registration to a specific creator app. */\n appSlug?: string;\n /** Environment to authenticate against. */\n env?: \"dev\" | \"prod\";\n /** URL to redirect the user to after registration completes. */\n redirectUri: string;\n}\n\n/**\n * Client-side authentication methods for generating login URLs.\n *\n * Access via `buildspace.auth` on the client SDK, or `buildspace.authClient`\n * on the server SDK when you need to generate URLs from server-side code.\n *\n * @example\n * ```ts\n * import { createClient } from \"@buildspacestudio/sdk/client\";\n *\n * const buildspace = createClient(process.env.NEXT_PUBLIC_BUILDSPACE_KEY!);\n *\n * const signInUrl = buildspace.auth.getSignInUrl({\n * redirectUri: \"https://yourapp.com/auth/callback\",\n * });\n *\n * // Use in a link or redirect\n * window.location.href = signInUrl;\n * ```\n */\nexport class AuthClientNamespace {\n private readonly transport: HttpTransport;\n\n constructor(transport: HttpTransport) {\n this.transport = transport;\n }\n\n /**\n * Build a URL that redirects the user to the Buildspace sign-in page.\n *\n * After the user authenticates, they are redirected back to `redirectUri`\n * with a `?code=` parameter that can be exchanged for tokens via\n * `buildspace.auth.handleCallback()` on the server.\n *\n * @param opts - Sign-in URL options.\n * @returns The full sign-in URL as a string.\n */\n getSignInUrl(opts: SignInUrlOptions): string {\n const url = new URL(\"/sign-in\", this.transport.loginUrl);\n\n if (opts.appSlug) {\n url.searchParams.set(\"app\", opts.appSlug);\n }\n\n url.searchParams.set(\"redirect_uri\", opts.redirectUri);\n url.searchParams.set(\"client_id\", this.transport.key);\n\n if (opts.env) {\n url.searchParams.set(\"env\", opts.env);\n }\n\n return url.toString();\n }\n\n /**\n * Build a URL that redirects the user to the Buildspace sign-up page.\n *\n * Works identically to {@link getSignInUrl} but directs the user to the\n * registration flow instead.\n *\n * @param opts - Sign-up URL options.\n * @returns The full sign-up URL as a string.\n */\n getSignUpUrl(opts: SignUpUrlOptions): string {\n const url = new URL(\"/sign-up\", this.transport.loginUrl);\n\n if (opts.appSlug) {\n url.searchParams.set(\"app\", opts.appSlug);\n }\n\n url.searchParams.set(\"redirect_uri\", opts.redirectUri);\n url.searchParams.set(\"client_id\", this.transport.key);\n\n if (opts.env) {\n url.searchParams.set(\"env\", opts.env);\n }\n\n return url.toString();\n }\n}\n","/** Services available in the Buildspace platform. */\nexport type BuildspaceService = \"auth\" | \"events\" | \"notifications\" | \"storage\";\n\n/**\n * Error thrown by all Buildspace SDK methods on failure.\n *\n * @example\n * ```ts\n * try {\n * await buildspace.auth.getSession(token);\n * } catch (err) {\n * if (err instanceof BuildspaceError) {\n * console.error(err.service, err.code, err.status, err.message);\n * }\n * }\n * ```\n */\nexport class BuildspaceError extends Error {\n /** Machine-readable error code, e.g. `\"auth/invalid-token\"`. */\n readonly code: string;\n /** Which service produced the error. */\n readonly service: BuildspaceService;\n /** HTTP status code from the API. */\n readonly status: number;\n\n constructor({\n code,\n message,\n service,\n status,\n }: {\n code: string;\n message: string;\n service: BuildspaceService;\n status: number;\n }) {\n super(message);\n this.name = \"BuildspaceError\";\n this.code = code;\n this.service = service;\n this.status = status;\n }\n}\n","import { BuildspaceError } from \"../errors\";\nimport type { HttpTransport } from \"../http\";\n\n/** A Buildspace user returned from auth endpoints. */\nexport interface AuthUser {\n /** The user's email address. */\n email: string;\n /** Unique user identifier. */\n id: string;\n /** The user's display name, or `null` if not set. */\n name: string | null;\n}\n\n/**\n * An active session for an authenticated user.\n *\n * Returned by {@link AuthServerNamespace.getSession}.\n */\nexport interface AuthSession {\n /** The app this session belongs to, or `null` for platform-level sessions. */\n appId: string | null;\n /** The authenticated user. */\n user: AuthUser;\n}\n\n/**\n * Token response returned after a successful OAuth callback exchange.\n *\n * Returned by {@link AuthServerNamespace.handleCallback}.\n */\nexport interface TokenResponse {\n /** The access token to use for authenticated requests. */\n access_token: string;\n /** Token lifetime in seconds. */\n expires_in: number;\n /** Always `\"bearer\"`. */\n token_type: \"bearer\";\n /** The authenticated user. */\n user: AuthUser;\n}\n\nconst LOOPBACK_HOSTS = new Set([\"127.0.0.1\", \"localhost\", \"::1\", \"0.0.0.0\"]);\nconst FORWARDED_HOST_RE = /host=\"?([^;\"]+)\"?/i;\nconst FORWARDED_PROTO_RE = /proto=\"?([^;\"]+)\"?/i;\n\nfunction getFirstForwardedValue(value: string | null): string | null {\n if (!value) {\n return null;\n }\n\n return (\n value\n .split(\",\")\n .map((part) => part.trim())\n .find(Boolean) ?? null\n );\n}\n\nfunction stripPort(host: string): string {\n if (host.startsWith(\"[\") && host.includes(\"]\")) {\n return host.slice(1, host.indexOf(\"]\"));\n }\n\n const colonIndex = host.indexOf(\":\");\n return colonIndex >= 0 ? host.slice(0, colonIndex) : host;\n}\n\nfunction isPrivateIpv4(hostname: string): boolean {\n const parts = hostname.split(\".\").map((part) => Number(part));\n if (parts.length !== 4 || parts.some((part) => Number.isNaN(part) || part < 0 || part > 255)) {\n return false;\n }\n\n return (\n parts[0] === 10 ||\n (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) ||\n (parts[0] === 192 && parts[1] === 168)\n );\n}\n\nfunction isInternalHostname(hostname: string): boolean {\n const normalized = hostname.toLowerCase();\n\n return (\n LOOPBACK_HOSTS.has(normalized) ||\n normalized.endsWith(\".local\") ||\n normalized.endsWith(\".internal\") ||\n isPrivateIpv4(normalized)\n );\n}\n\nfunction getForwardedOrigin(request: Request): string | null {\n const forwarded = getFirstForwardedValue(request.headers.get(\"forwarded\"));\n if (forwarded) {\n const forwardedHost = forwarded.match(FORWARDED_HOST_RE)?.[1]?.trim();\n const forwardedProto = forwarded.match(FORWARDED_PROTO_RE)?.[1]?.trim();\n\n if (forwardedHost && forwardedProto) {\n return `${forwardedProto}://${forwardedHost}`;\n }\n }\n\n const forwardedHost = getFirstForwardedValue(request.headers.get(\"x-forwarded-host\"));\n const forwardedProto = getFirstForwardedValue(request.headers.get(\"x-forwarded-proto\"));\n\n if (forwardedHost && forwardedProto) {\n return `${forwardedProto}://${forwardedHost}`;\n }\n\n return null;\n}\n\nfunction resolveDefaultRedirectUri(request: Request | URL | string, url: URL): string {\n if (!(request instanceof Request)) {\n return `${url.origin}${url.pathname}`;\n }\n\n const forwardedOrigin = getForwardedOrigin(request);\n if (forwardedOrigin) {\n return `${forwardedOrigin}${url.pathname}`;\n }\n\n const hostHeader = request.headers.get(\"host\")?.trim();\n if (hostHeader && !isInternalHostname(stripPort(hostHeader))) {\n return `${url.protocol}//${hostHeader}${url.pathname}`;\n }\n\n if (!isInternalHostname(url.hostname)) {\n return `${url.origin}${url.pathname}`;\n }\n\n return `${url.origin}${url.pathname}`;\n}\n\n/**\n * Server-side authentication methods.\n *\n * Access via `buildspace.auth` on the server SDK.\n *\n * @example\n * ```ts\n * import Buildspace from \"@buildspacestudio/sdk\";\n *\n * const buildspace = new Buildspace(process.env.BUILDSPACE_SECRET_KEY!);\n *\n * // Handle OAuth callback\n * const tokens = await buildspace.auth.handleCallback(request);\n *\n * // Verify a session\n * const session = await buildspace.auth.getSession(sessionToken);\n *\n * // Sign out\n * await buildspace.auth.signOut(sessionToken);\n * ```\n */\nexport class AuthServerNamespace {\n private readonly transport: HttpTransport;\n\n constructor(transport: HttpTransport) {\n this.transport = transport;\n }\n\n /**\n * Retrieve the session associated with a token.\n *\n * Returns the {@link AuthSession} if valid, or `null` if the token is\n * expired, revoked, or invalid (401/404).\n *\n * @throws {BuildspaceError} On unexpected server errors (5xx, network issues).\n */\n async getSession(sessionToken: string): Promise<AuthSession | null> {\n try {\n return await this.transport.request<AuthSession>({\n service: \"auth\",\n path: \"/v1/auth/session\",\n headers: { \"X-Session-Token\": sessionToken },\n });\n } catch (error) {\n if (error instanceof BuildspaceError && (error.status === 401 || error.status === 404)) {\n return null;\n }\n throw error;\n }\n }\n\n /**\n * Exchange an OAuth authorization code for tokens.\n *\n * Extracts the `code` query parameter from the callback URL and exchanges\n * it with the Buildspace API for an access token and user info.\n *\n * @param request - The incoming callback request. Accepts a `Request` object,\n * a `URL`, or a raw URL string containing the `?code=` parameter.\n * @param opts - Optional settings.\n * @param opts.redirectUri - Override the redirect URI sent to the token endpoint.\n * Defaults to the origin + pathname of the callback URL.\n * @returns The token response containing `access_token`, `expires_in`, and `user`.\n *\n * @throws {BuildspaceError} If the code exchange fails (invalid code, expired, etc.).\n *\n * @example\n * ```ts\n * // Next.js Route Handler\n * export async function GET(request: Request) {\n * const { access_token, user } = await buildspace.auth.handleCallback(request);\n * // Store access_token as a session cookie\n * }\n * ```\n */\n handleCallback(\n request: Request | URL | string,\n opts?: { redirectUri?: string }\n ): Promise<TokenResponse> {\n let url: URL;\n if (typeof request === \"string\") {\n url = new URL(request);\n } else if (request instanceof URL) {\n url = request;\n } else {\n url = new URL(request.url);\n }\n\n const code = url.searchParams.get(\"code\");\n if (!code) {\n throw new BuildspaceError({\n service: \"auth\",\n status: 400,\n code: \"auth/missing-code\",\n message: \"No auth code found in callback URL. Expected ?code= parameter.\",\n });\n }\n\n const redirectUri = opts?.redirectUri ?? resolveDefaultRedirectUri(request, url);\n\n return this.transport.request<TokenResponse>({\n service: \"auth\",\n path: \"/v1/auth/token\",\n method: \"POST\",\n body: {\n code,\n redirect_uri: redirectUri,\n },\n });\n }\n\n /**\n * Revoke a specific session token.\n *\n * @param sessionToken - The token to revoke.\n * @throws {BuildspaceError} If the revocation fails.\n */\n async revokeSession(sessionToken: string): Promise<void> {\n await this.transport.request<void>({\n service: \"auth\",\n path: \"/v1/auth/session\",\n method: \"DELETE\",\n headers: { \"X-Session-Token\": sessionToken },\n });\n }\n\n /**\n * Sign the user out by revoking the session and clearing the SDK's stored token.\n *\n * If the session is already expired or not found, the error is silently\n * ignored and the local session is still cleared.\n *\n * @param sessionToken - Token to revoke. If omitted, uses the token\n * previously set via `buildspace.setSession()`.\n */\n async signOut(sessionToken?: string): Promise<void> {\n const token = sessionToken ?? this.transport.getSessionToken();\n\n try {\n if (token) {\n await this.revokeSession(token);\n }\n } catch (error) {\n if (\n !(\n error instanceof BuildspaceError &&\n error.service === \"auth\" &&\n (error.status === 401 || error.status === 404)\n )\n ) {\n throw error;\n }\n } finally {\n this.transport.clearSession();\n }\n }\n}\n"]}
|
|
@@ -1,6 +1,8 @@
|
|
|
1
|
-
|
|
1
|
+
export { A as AuthClientNamespace, S as SignInUrlOptions, a as SignUpUrlOptions } from '../client-DqWXAwCr.cjs';
|
|
2
|
+
import { H as HttpTransport } from '../http-U-zzKmFF.cjs';
|
|
3
|
+
|
|
2
4
|
/** A Buildspace user returned from auth endpoints. */
|
|
3
|
-
|
|
5
|
+
interface AuthUser {
|
|
4
6
|
/** The user's email address. */
|
|
5
7
|
email: string;
|
|
6
8
|
/** Unique user identifier. */
|
|
@@ -13,7 +15,7 @@ export interface AuthUser {
|
|
|
13
15
|
*
|
|
14
16
|
* Returned by {@link AuthServerNamespace.getSession}.
|
|
15
17
|
*/
|
|
16
|
-
|
|
18
|
+
interface AuthSession {
|
|
17
19
|
/** The app this session belongs to, or `null` for platform-level sessions. */
|
|
18
20
|
appId: string | null;
|
|
19
21
|
/** The authenticated user. */
|
|
@@ -24,7 +26,7 @@ export interface AuthSession {
|
|
|
24
26
|
*
|
|
25
27
|
* Returned by {@link AuthServerNamespace.handleCallback}.
|
|
26
28
|
*/
|
|
27
|
-
|
|
29
|
+
interface TokenResponse {
|
|
28
30
|
/** The access token to use for authenticated requests. */
|
|
29
31
|
access_token: string;
|
|
30
32
|
/** Token lifetime in seconds. */
|
|
@@ -55,7 +57,7 @@ export interface TokenResponse {
|
|
|
55
57
|
* await buildspace.auth.signOut(sessionToken);
|
|
56
58
|
* ```
|
|
57
59
|
*/
|
|
58
|
-
|
|
60
|
+
declare class AuthServerNamespace {
|
|
59
61
|
private readonly transport;
|
|
60
62
|
constructor(transport: HttpTransport);
|
|
61
63
|
/**
|
|
@@ -112,4 +114,5 @@ export declare class AuthServerNamespace {
|
|
|
112
114
|
*/
|
|
113
115
|
signOut(sessionToken?: string): Promise<void>;
|
|
114
116
|
}
|
|
115
|
-
|
|
117
|
+
|
|
118
|
+
export { AuthServerNamespace, type AuthSession, type AuthUser, type TokenResponse };
|
package/dist/auth/index.d.ts
CHANGED
|
@@ -1,5 +1,118 @@
|
|
|
1
|
-
export
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
1
|
+
export { A as AuthClientNamespace, S as SignInUrlOptions, a as SignUpUrlOptions } from '../client-BH7LbrKM.js';
|
|
2
|
+
import { H as HttpTransport } from '../http-U-zzKmFF.js';
|
|
3
|
+
|
|
4
|
+
/** A Buildspace user returned from auth endpoints. */
|
|
5
|
+
interface AuthUser {
|
|
6
|
+
/** The user's email address. */
|
|
7
|
+
email: string;
|
|
8
|
+
/** Unique user identifier. */
|
|
9
|
+
id: string;
|
|
10
|
+
/** The user's display name, or `null` if not set. */
|
|
11
|
+
name: string | null;
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* An active session for an authenticated user.
|
|
15
|
+
*
|
|
16
|
+
* Returned by {@link AuthServerNamespace.getSession}.
|
|
17
|
+
*/
|
|
18
|
+
interface AuthSession {
|
|
19
|
+
/** The app this session belongs to, or `null` for platform-level sessions. */
|
|
20
|
+
appId: string | null;
|
|
21
|
+
/** The authenticated user. */
|
|
22
|
+
user: AuthUser;
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Token response returned after a successful OAuth callback exchange.
|
|
26
|
+
*
|
|
27
|
+
* Returned by {@link AuthServerNamespace.handleCallback}.
|
|
28
|
+
*/
|
|
29
|
+
interface TokenResponse {
|
|
30
|
+
/** The access token to use for authenticated requests. */
|
|
31
|
+
access_token: string;
|
|
32
|
+
/** Token lifetime in seconds. */
|
|
33
|
+
expires_in: number;
|
|
34
|
+
/** Always `"bearer"`. */
|
|
35
|
+
token_type: "bearer";
|
|
36
|
+
/** The authenticated user. */
|
|
37
|
+
user: AuthUser;
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Server-side authentication methods.
|
|
41
|
+
*
|
|
42
|
+
* Access via `buildspace.auth` on the server SDK.
|
|
43
|
+
*
|
|
44
|
+
* @example
|
|
45
|
+
* ```ts
|
|
46
|
+
* import Buildspace from "@buildspacestudio/sdk";
|
|
47
|
+
*
|
|
48
|
+
* const buildspace = new Buildspace(process.env.BUILDSPACE_SECRET_KEY!);
|
|
49
|
+
*
|
|
50
|
+
* // Handle OAuth callback
|
|
51
|
+
* const tokens = await buildspace.auth.handleCallback(request);
|
|
52
|
+
*
|
|
53
|
+
* // Verify a session
|
|
54
|
+
* const session = await buildspace.auth.getSession(sessionToken);
|
|
55
|
+
*
|
|
56
|
+
* // Sign out
|
|
57
|
+
* await buildspace.auth.signOut(sessionToken);
|
|
58
|
+
* ```
|
|
59
|
+
*/
|
|
60
|
+
declare class AuthServerNamespace {
|
|
61
|
+
private readonly transport;
|
|
62
|
+
constructor(transport: HttpTransport);
|
|
63
|
+
/**
|
|
64
|
+
* Retrieve the session associated with a token.
|
|
65
|
+
*
|
|
66
|
+
* Returns the {@link AuthSession} if valid, or `null` if the token is
|
|
67
|
+
* expired, revoked, or invalid (401/404).
|
|
68
|
+
*
|
|
69
|
+
* @throws {BuildspaceError} On unexpected server errors (5xx, network issues).
|
|
70
|
+
*/
|
|
71
|
+
getSession(sessionToken: string): Promise<AuthSession | null>;
|
|
72
|
+
/**
|
|
73
|
+
* Exchange an OAuth authorization code for tokens.
|
|
74
|
+
*
|
|
75
|
+
* Extracts the `code` query parameter from the callback URL and exchanges
|
|
76
|
+
* it with the Buildspace API for an access token and user info.
|
|
77
|
+
*
|
|
78
|
+
* @param request - The incoming callback request. Accepts a `Request` object,
|
|
79
|
+
* a `URL`, or a raw URL string containing the `?code=` parameter.
|
|
80
|
+
* @param opts - Optional settings.
|
|
81
|
+
* @param opts.redirectUri - Override the redirect URI sent to the token endpoint.
|
|
82
|
+
* Defaults to the origin + pathname of the callback URL.
|
|
83
|
+
* @returns The token response containing `access_token`, `expires_in`, and `user`.
|
|
84
|
+
*
|
|
85
|
+
* @throws {BuildspaceError} If the code exchange fails (invalid code, expired, etc.).
|
|
86
|
+
*
|
|
87
|
+
* @example
|
|
88
|
+
* ```ts
|
|
89
|
+
* // Next.js Route Handler
|
|
90
|
+
* export async function GET(request: Request) {
|
|
91
|
+
* const { access_token, user } = await buildspace.auth.handleCallback(request);
|
|
92
|
+
* // Store access_token as a session cookie
|
|
93
|
+
* }
|
|
94
|
+
* ```
|
|
95
|
+
*/
|
|
96
|
+
handleCallback(request: Request | URL | string, opts?: {
|
|
97
|
+
redirectUri?: string;
|
|
98
|
+
}): Promise<TokenResponse>;
|
|
99
|
+
/**
|
|
100
|
+
* Revoke a specific session token.
|
|
101
|
+
*
|
|
102
|
+
* @param sessionToken - The token to revoke.
|
|
103
|
+
* @throws {BuildspaceError} If the revocation fails.
|
|
104
|
+
*/
|
|
105
|
+
revokeSession(sessionToken: string): Promise<void>;
|
|
106
|
+
/**
|
|
107
|
+
* Sign the user out by revoking the session and clearing the SDK's stored token.
|
|
108
|
+
*
|
|
109
|
+
* If the session is already expired or not found, the error is silently
|
|
110
|
+
* ignored and the local session is still cleared.
|
|
111
|
+
*
|
|
112
|
+
* @param sessionToken - Token to revoke. If omitted, uses the token
|
|
113
|
+
* previously set via `buildspace.setSession()`.
|
|
114
|
+
*/
|
|
115
|
+
signOut(sessionToken?: string): Promise<void>;
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
export { AuthServerNamespace, type AuthSession, type AuthUser, type TokenResponse };
|