@canva/cli 0.0.1-beta.2 → 0.0.1-beta.4

package/templates/base/utils/backend/bearer_middleware/tests/bearer_middleware.tests.ts

@@ -0,0 +1,192 @@
+/* eslint-disable @typescript-eslint/no-require-imports */
+import type { NextFunction, Request, Response } from "express";
+import type {
+  createBearerMiddleware,
+  GetTokenFromRequest,
+} from "../bearer_middleware";
+
+type Middleware = (req: Request, res: Response, next: NextFunction) => void;
+
+describe("createBearerMiddleware", () => {
+  let fakeGetTokenFromRequest: jest.MockedFn<GetTokenFromRequest>;
+  let verify: jest.MockedFn<(token: string) => Promise<string | undefined>>;
+
+  let req: Request;
+  let res: Response;
+  let next: jest.MockedFn<() => void>;
+
+  let AuthorizationError: typeof Error;
+  let createBearerMiddlewareFn: typeof createBearerMiddleware;
+  let bearerMiddleware: Middleware;
+
+  beforeEach(() => {
+    jest.resetAllMocks();
+    jest.resetModules();
+
+    fakeGetTokenFromRequest = jest.fn();
+    verify = jest.fn();
+
+    const middlewareModule = require("../bearer_middleware");
+    createBearerMiddlewareFn = middlewareModule.createBearerMiddleware;
+    AuthorizationError = middlewareModule.AuthorizationError;
+  });
+
+  describe("When called", () => {
+    beforeEach(() => {
+      req = {
+        header: (_name: string) => undefined,
+      } as Request;
+
+      res = {
+        status: jest.fn().mockReturnThis(),
+        json: jest.fn().mockReturnThis(),
+        send: jest.fn().mockReturnThis(),
+      } as unknown as Response;
+
+      next = jest.fn();
+
+      bearerMiddleware = createBearerMiddlewareFn(
+        verify,
+        fakeGetTokenFromRequest,
+      );
+    });
+
+    describe("When `getTokenFromRequest` throws an exception ('Fake error')", () => {
+      beforeEach(() => {
+        fakeGetTokenFromRequest.mockRejectedValue(
+          new AuthorizationError("Fake error"),
+        );
+      });
+
+      it(`Does not call next() and returns HTTP 401 with error = "unauthorized" and message = "Fake error"`, async () => {
+        expect.assertions(8);
+
+        expect(fakeGetTokenFromRequest).not.toHaveBeenCalled();
+        await bearerMiddleware(req, res, next);
+
+        expect(fakeGetTokenFromRequest).toHaveBeenCalledTimes(1);
+        expect(fakeGetTokenFromRequest).toHaveBeenLastCalledWith(req);
+
+        expect(res.status).toHaveBeenCalledTimes(1);
+        expect(res.status).toHaveBeenLastCalledWith(401);
+
+        expect(res.json).toHaveBeenCalledTimes(1);
+        expect(res.json).toHaveBeenLastCalledWith({
+          error: "unauthorized",
+          message: "Fake error",
+        });
+
+        expect(next).not.toHaveBeenCalled();
+      });
+    });
+
+    describe("When the middleware cannot verify the token", () => {
+      beforeEach(() => {
+        fakeGetTokenFromRequest.mockReturnValue("TOKEN");
+
+        verify.mockImplementation(() => Promise.resolve(undefined));
+      });
+
+      it(`Does not call next() and returns HTTP 401 with error = "unauthorized" and message = "Token is invalid"`, async () => {
+        expect.assertions(5);
+
+        await bearerMiddleware(req, res, next);
+
+        expect(res.status).toHaveBeenCalledTimes(1);
+        expect(res.status).toHaveBeenLastCalledWith(401);
+
+        expect(res.json).toHaveBeenCalledTimes(1);
+        expect(res.json).toHaveBeenLastCalledWith({
+          error: "unauthorized",
+          message: "Token is invalid",
+        });
+
+        expect(next).not.toHaveBeenCalled();
+      });
+    });
+  });
+});
+
+describe("getTokenFromHttpHeader", () => {
+  let getHeader: jest.MockedFn<(name: string) => string | undefined>;
+  let req: Request;
+  let getTokenFromHttpHeader: (req: Request) => string;
+  let AuthorizationError: typeof Error;
+
+  beforeEach(() => {
+    getHeader = jest.fn();
+    req = {
+      header: (name: string) => getHeader(name),
+    } as Request;
+
+    const bearerMiddlewareModule = require("../bearer_middleware");
+    getTokenFromHttpHeader = bearerMiddlewareModule.getTokenFromHttpHeader;
+    AuthorizationError = bearerMiddlewareModule.AuthorizationError;
+  });
+
+  describe("When the 'Authorization' header is missing", () => {
+    beforeEach(() => {
+      getHeader.mockReturnValue(undefined);
+    });
+
+    it(`Throws a AuthorizationError with message = 'Missing the "Authorization" header'`, async () => {
+      expect.assertions(3);
+
+      expect(() => getTokenFromHttpHeader(req)).toThrow(
+        new AuthorizationError('Missing the "Authorization" header'),
+      );
+      expect(getHeader).toHaveBeenCalledTimes(1);
+      expect(getHeader).toHaveBeenLastCalledWith("Authorization");
+    });
+  });
+
+  describe("When the 'Authorization' header doesn't have a Bearer scheme", () => {
+    beforeEach(() => {
+      getHeader.mockReturnValue("Beerer FAKE_TOKEN");
+    });
+
+    it(`Throws a AuthorizationError with message = 'Missing a "Bearer" token in the "Authorization" header''`, async () => {
+      expect.assertions(3);
+
+      expect(() => getTokenFromHttpHeader(req)).toThrow(
+        new AuthorizationError(
+          'Missing a "Bearer" token in the "Authorization" header',
+        ),
+      );
+      expect(getHeader).toHaveBeenCalledTimes(1);
+      expect(getHeader).toHaveBeenLastCalledWith("Authorization");
+    });
+  });
+
+  describe("When the 'Authorization' Bearer scheme header doesn't have a token", () => {
+    beforeEach(() => {
+      getHeader.mockReturnValue("Bearer ");
+    });
+
+    it(`Throws a AuthorizationError with message = 'Missing a "Bearer" token in the "Authorization" header'`, async () => {
+      expect.assertions(3);
+
+      expect(() => getTokenFromHttpHeader(req)).toThrow(
+        new AuthorizationError(
+          'Missing a "Bearer" token in the "Authorization" header',
+        ),
+      );
+      expect(getHeader).toHaveBeenCalledTimes(1);
+      expect(getHeader).toHaveBeenLastCalledWith("Authorization");
+    });
+  });
+
+  describe("When the 'Authorization' Bearer scheme header has a token", () => {
+    beforeEach(() => {
+      getHeader.mockReturnValue("Bearer TOKEN");
+    });
+
+    it(`Returns the token`, async () => {
+      expect.assertions(3);
+
+      expect(getTokenFromHttpHeader(req)).toEqual("TOKEN");
+      expect(getHeader).toHaveBeenCalledTimes(1);
+      expect(getHeader).toHaveBeenLastCalledWith("Authorization");
+    });
+  });
+});

package/templates/base/utils/use_add_element.ts

@@ -0,0 +1,48 @@
+import type {
+  EmbedElement,
+  ImageElement,
+  RichtextElement,
+  TableElement,
+  TextElement,
+  VideoElement,
+} from "@canva/design";
+import { addElementAtCursor, addElementAtPoint } from "@canva/design";
+import { useFeatureSupport } from "./use_feature_support";
+import { features } from "@canva/platform";
+import { useEffect, useState } from "react";
+
+type AddElementParams =
+  | ImageElement
+  | VideoElement
+  | EmbedElement
+  | TextElement
+  | RichtextElement
+  | TableElement;
+
+export const useAddElement = () => {
+  const isSupported = useFeatureSupport();
+
+  // Store a wrapped addElement function that checks feature support
+  const [addElement, setAddElement] = useState(() => {
+    return (element: AddElementParams) => {
+      if (features.isSupported(addElementAtPoint)) {
+        return addElementAtPoint(element);
+      } else if (features.isSupported(addElementAtCursor)) {
+        return addElementAtCursor(element);
+      }
+    };
+  });
+
+  useEffect(() => {
+    const addElement = (element: AddElementParams) => {
+      if (isSupported(addElementAtPoint)) {
+        return addElementAtPoint(element);
+      } else if (isSupported(addElementAtCursor)) {
+        return addElementAtCursor(element);
+      }
+    };
+    setAddElement(() => addElement);
+  }, [isSupported]);
+
+  return addElement;
+};

package/templates/base/utils/use_feature_support.ts

@@ -0,0 +1,28 @@
+import { features } from "@canva/platform";
+import type { Feature } from "@canva/platform";
+import { useState, useEffect } from "react";
+
+/**
+ * This hook allows re-rendering of a React component whenever
+ * the state of feature support changes in Canva.
+ *
+ * @returns isSupported - callback to inspect a Canva SDK method.
+ **/
+export function useFeatureSupport() {
+  // Store a wrapped function that checks feature support
+  const [isSupported, setIsSupported] = useState(() => {
+    return (...args: Feature[]) => features.isSupported(...args);
+  });
+
+  useEffect(() => {
+    // create new function ref when feature support changes to trigger
+    // re-render
+    return features.registerOnSupportChange(() => {
+      setIsSupported(() => {
+        return (...args: Feature[]) => features.isSupported(...args);
+      });
+    });
+  }, []);
+
+  return isSupported;
+}

package/templates/common/.gitignore.template

@@ -1,9 +1,8 @@
-.idea
-.ssl
-node_modules
 .DS_Store
-yarn-error.log
-dist
-secrets.json
 .env
+.idea
+.ssl
+*.log*
 **/*/db.json
+dist
+node_modules

package/templates/common/README.md

@@ -63,18 +63,15 @@ To preview apps in Safari:
 1. Start the development server with HTTPS enabled:
 
 ```bash
-# Run the main app
 npm start --use-https
-
-# Run an example
-npm start <example-name> --use-https
 ```
 
 2. Navigate to <https://localhost:8080>.
 3. Bypass the invalid security certificate warning:
-4. Click **Show details**.
-5. Click **Visit website**.
-6. In the Developer Portal, set the app's **Development URL** to <https://localhost:8080>.
+   1. Click **Show details**.
+   2. Click **Visit website**.
+4. In the Developer Portal, set the app's **Development URL** to <https://localhost:8080>.
+5. Click preview (or refresh your app if it's already open).
 
 You need to bypass the invalid security certificate warning every time you start the local server. A similar warning will appear in other browsers (and will need to be bypassed) whenever HTTPS is enabled.
 
@@ -181,70 +178,3 @@ To use ngrok, you'll need to do the following:
    ```
 
 This environment variable is available for the current terminal session, so the command must be re-run for each new session. Alternatively, you can add the variable to your terminal's default parameters.
-
-## Run the development server with ngrok and add authentication to the app
-
-These steps demonstrate how to start the local development server with ngrok.
-
-From your app's root directory
-
-1. Stop any running scripts, and run the following command to launch the backend and frontend development servers. The `--ngrok` parameter exposes the backend server via a publicly accessible URL.
-
-   ```bash
-   npm start --ngrok
-   ```
-
-2. After ngrok is running, copy your ngrok url
-   (e.g. `https://0000-0000.ngrok-free.app`) to the clipboard.
-
-   1. Go to your app in the [Developer Portal](https://www.canva.com/developers/apps).
-   2. Navigate to the "Add authentication" section of your app.
-   3. Check "This app requires authentication"
-   4. In the "Redirect URL" text box, enter your ngrok url followed by `/redirect-url` e.g.
-      `https://0000-0000.ngrok-free.app/redirect-url`
-   5. In the "Authentication base URL" text box, enter your ngrok url followed by `/` e.g.
-      `https://0000-0000.ngrok-free.app/`
-      Note: Your ngrok URL changes each time you restart ngrok. Keep these fields up to
-      date to ensure your example authentication step will run.
-
-3. Make sure the app is authenticating users by making the following changes:
-
-   1. Replace
-
-      `router.post("/resources/find", async (req, res) => {`
-
-      with
-
-      `router.post("/api/resources/find", async (req, res) => {`
-
-      in [./backend/routers/auth.ts](./backend/routers/auth.ts). Adding `/api/` to the route ensures
-      the JWT middleware authenticates requests.
-
-   2. Replace
-
-      ``const url = new URL(`${BACKEND_HOST}/resources/find`);``
-
-      with
-
-      ``const url = new URL(`${BACKEND_HOST}/api/resources/find`);``
-
-      in [./adapter.ts](./adapter.ts)
-
-   3. Comment out these lines in [./app.tsx](./app.tsx)
-
-      ```typescript
-      // Comment this next line out for production apps
-      setAuthState("authenticated");
-      ```
-
-4. Navigate to your app at `https://www.canva.com/developers/apps`, and click **Preview** to preview the app.
-   1. A new screen will appear asking if you want to authenticate.
-      Press **Connect** to start the authentication flow.
-   2. A ngrok screen may appear. If it does, select **Visit Site**
-   3. An authentication popup will appear. For the username, enter `username`, and
-      for the password enter `password`.
-   4. If successful, you will be redirected back to your app.
-5. You can now modify the `/redirect-url` function in `server.ts` to authenticate with your third-party
-   asset manager, and `/api/resources/find` to pull assets from your third-party asset manager.
-
-   See `https://www.canva.dev/docs/apps/authenticating-users/` for more details.

package/templates/common/conf/eslint-general.mjs

@@ -179,6 +179,32 @@ export default [
             "Apps are currently not allowed to open popups, or new tabs via browser APIs. Please use `requestOpenExternalUrl` from `@canva/platform` to link to external URLs. To learn more, see https://www.canva.dev/docs/apps/api/platform-request-open-external-url/",
         },
       ],
+      "no-restricted-imports": [
+        "warn",
+        {
+          // Warn when importing static assets that increase bundle size
+          patterns: [
+            // Images
+            {
+              group: ["*.png", "*.jpg", "*.jpeg", "*.gif"],
+              message:
+                "Inline images increase app bundle size and degrade app performance. Wherever possible, please use a CDN or external hosting service to dynamically load assets.",
+            },
+            // Videos
+            {
+              group: ["*.mp4", "*.webm", "*.ogg"],
+              message:
+                "Inline videos increase app bundle size and degrade app performance. Wherever possible, please use a CDN or external hosting service to dynamically load assets.",
+            },
+            // Audio
+            {
+              group: ["*.mp3", "*.wav", "*.ogg"],
+              message:
+                "Inline audio files increase app bundle size and degrade app performance. Wherever possible, please use a CDN or external hosting service to dynamically load assets.",
+            },
+          ],
+        },
+      ],
       "no-return-await": "error",
       "no-throw-literal": "error",
       "no-undef-init": "error",

package/templates/common/conf/eslint-i18n.mjs

@@ -7,7 +7,22 @@ export default [
     },
     rules: {
       "formatjs/no-invalid-icu": "error",
-      "formatjs/no-literal-string-in-jsx": "error",
+      "formatjs/no-literal-string-in-jsx": [
+        2,
+        {
+          props: {
+            // These rules are for @canva/app-ui-kit components.
+            // For your own components, suppress any false positives using eslint ignore comments.
+            include: [
+              ["*", "(*Label|label|alt)"],
+              ["*", "(title|description|name|text)"],
+              ["*", "(placeholder|additionalPlaceholder|defaultValue)"],
+              ["FormField", "error"],
+            ],
+            exclude: [["FormattedMessage", "description"]],
+          },
+        },
+      ],
       "formatjs/enforce-description": "error",
       "formatjs/enforce-default-message": "error",
       "formatjs/enforce-placeholders": "error",
@@ -18,6 +33,6 @@ export default [
       "formatjs/no-offset": "error",
       "formatjs/blocklist-elements": [2, ["selectordinal"]],
       "formatjs/no-complex-selectors": "error",
-    }
-  }
+    },
+  },
 ];

package/templates/dam/backend/server.ts

@@ -2,7 +2,6 @@ import * as express from "express";
 import * as cors from "cors";
 import { createBaseServer } from "../utils/backend/base_backend/create";
 import { createDamRouter } from "./routers/dam";
-import { createAuthRouter } from "./routers/auth";
 
 async function main() {
   // TODO: Set the CANVA_APP_ID environment variable in the project's .env file
@@ -46,12 +45,6 @@ async function main() {
    */
   router.use(cors());
 
-  /**
-   * Add routes for authorisation.
-   */
-  const authRouter = createAuthRouter();
-  router.use(authRouter);
-
   /**
    * Add routes for digital asset management.
    */

package/templates/dam/package.json

@@ -3,7 +3,7 @@
   "name": "digital_asset_management",
   "description": "An example app leveraging @canva/app-components to develop a digital asset management (DAM) app.",
   "scripts": {
-    "extract": "formatjs extract 'src/**/*.{ts,tsx}' --out-file dist/messages_en.json",
+    "extract": "formatjs extract src/**/*.{ts,tsx} --out-file dist/messages_en.json",
     "build": "webpack --config webpack.config.cjs --mode production && npm run extract",
     "format": "prettier '**/*.{css,ts,tsx}' --no-config --write",
     "format:check": "prettier '**/*.{css,ts,tsx}' --no-config --check --ignore-path",
@@ -16,14 +16,14 @@
     "test:watch": "jest --watchAll"
   },
   "dependencies": {
-    "@canva/app-i18n-kit": "^0.0.1-beta.5",
-    "@canva/app-components": "^1.0.0-beta.22",
-    "@canva/app-ui-kit": "^3.8.0",
-    "@canva/asset": "^1.7.1",
-    "@canva/design": "^1.10.0",
-    "@canva/platform": "^1.1.0",
-    "@canva/user": "^1.0.0",
-    "cookie-parser": "1.4.6",
+    "@canva/app-components": "^1.0.0-beta.29",
+    "@canva/app-i18n-kit": "^1.0.0",
+    "@canva/app-ui-kit": "^4.1.0",
+    "@canva/asset": "^2.0.0",
+    "@canva/design": "^2.1.0",
+    "@canva/platform": "^2.0.0",
+    "@canva/user": "^2.0.0",
+    "cookie-parser": "1.4.7",
     "cors": "2.8.5",
     "react": "18.3.1",
     "react-dom": "18.3.1",
@@ -31,7 +31,7 @@
   },
   "devDependencies": {
     "@eslint/eslintrc": "3.1.0",
-    "@eslint/js": "9.9.0",
+    "@eslint/js": "9.12.0",
     "@formatjs/cli": "6.2.12",
     "@formatjs/ts-transformer": "3.13.14",
     "@ngrok/ngrok": "1.4.1",
@@ -39,32 +39,32 @@
     "@types/cors": "2.8.17",
     "@types/debug": "4.1.12",
     "@types/express": "4.17.21",
-    "@types/express-serve-static-core": "4.19.5",
-    "@types/jest": "29.5.12",
-    "@types/jsonwebtoken": "9.0.6",
+    "@types/express-serve-static-core": "4.19.6",
+    "@types/jest": "29.5.13",
+    "@types/jsonwebtoken": "9.0.7",
     "@types/node": "20.10.0",
     "@types/node-fetch": "2.6.11",
     "@types/node-forge": "1.3.11",
     "@types/nodemon": "1.19.6",
     "@types/prompts": "2.4.9",
-    "@types/react": "18.3.4",
-    "@types/react-dom": "18.3.0",
+    "@types/react": "18.3.11",
+    "@types/react-dom": "18.3.1",
     "@types/webpack-env": "1.18.5",
-    "@typescript-eslint/eslint-plugin": "8.2.0",
-    "@typescript-eslint/parser": "8.2.0",
+    "@typescript-eslint/eslint-plugin": "8.9.0",
+    "@typescript-eslint/parser": "8.9.0",
     "chalk": "4.1.2",
     "cli-table3": "0.6.5",
     "css-loader": "7.1.2",
     "css-modules-typescript-loader": "4.0.1",
-    "cssnano": "7.0.5",
-    "debug": "4.3.6",
+    "cssnano": "7.0.6",
+    "debug": "4.3.7",
     "dotenv": "16.4.5",
-    "eslint": "8.57.1",
-    "eslint-plugin-formatjs": "4.13.3",
-    "eslint-plugin-jest": "28.8.0",
-    "eslint-plugin-react": "7.35.0",
+    "eslint": "9.12.0",
+    "eslint-plugin-formatjs": "5.0.0",
+    "eslint-plugin-jest": "28.8.3",
+    "eslint-plugin-react": "7.37.1",
     "exponential-backoff": "3.1.1",
-    "express": "4.19.2",
+    "express": "4.21.1",
     "express-basic-auth": "1.2.1",
     "jest": "29.7.0",
     "jsonwebtoken": "9.0.2",
@@ -78,14 +78,14 @@
     "prompts": "2.4.2",
     "style-loader": "4.0.0",
     "terser-webpack-plugin": "5.3.10",
-    "ts-jest": "29.2.4",
+    "ts-jest": "29.2.5",
     "ts-loader": "9.5.1",
     "ts-node": "10.9.2",
     "typescript": "5.5.4",
     "url-loader": "4.1.1",
-    "webpack": "5.94.0",
+    "webpack": "5.95.0",
     "webpack-cli": "5.1.4",
-    "webpack-dev-server": "5.0.4",
+    "webpack-dev-server": "5.1.0",
     "yargs": "17.7.2"
   }
 }