@carto/api-client 0.5.30-alpha.3cf7d80.116 → 0.5.30-alpha.bdcd62f.119

package/build/api-client.js

@@ -5559,6 +5559,10 @@ var SchemaFieldType = /* @__PURE__ */ ((SchemaFieldType2) => {
   SchemaFieldType2["Unknown"] = "unknown";
   return SchemaFieldType2;
 })(SchemaFieldType || {});
+function isSpatialIndexFilter(spatialFilter) {
+  const filter = spatialFilter;
+  return Array.isArray(filter?.indexes) && ["h3", "h3int", "quadbin"].includes(filter?.type);
+}
 
 // src/utils.ts
 var FILTER_TYPES = new Set(Object.values(FilterType));
@@ -5737,6 +5741,41 @@ function getFilterValue(filtersWithoutTimeType, timeColumn, timeFilter, filterSi
   };
 }
 
+// src/api/auth.ts
+function buildAuthHeaders(options) {
+  if (options.authMode === "session") {
+    if (options.accessToken) {
+      throw new Error(
+        `accessToken must not be provided with authMode: 'session' \u2014 authentication is delegated to the server behind apiBaseUrl`
+      );
+    }
+    return {};
+  }
+  if (!options.accessToken) {
+    throw new Error(
+      `accessToken is required (or pass authMode: 'session' to authenticate via a same-origin session instead)`
+    );
+  }
+  return { Authorization: `Bearer ${options.accessToken}` };
+}
+function getAuthCredentials(authMode) {
+  return authMode === "session" ? "same-origin" : void 0;
+}
+function rewriteUrlForSessionMode(url, apiBaseUrl) {
+  let origin;
+  try {
+    const parsed = new URL(url);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      return url;
+    }
+    origin = parsed.origin;
+  } catch {
+    return url;
+  }
+  const base = apiBaseUrl.replace(/\/+$/, "");
+  return base + url.slice(origin.length);
+}
+
 // src/api/carto-api-error.ts
 var CartoAPIError = class extends Error {
   constructor(error, errorContext, response, responseJson) {
@@ -5843,7 +5882,8 @@ async function requestWithParameters({
   errorContext,
   maxLengthURL = DEFAULT_MAX_LENGTH_URL,
   localCache,
-  signal
+  signal,
+  credentials
 }) {
   parameters = {
     v: V3_MINOR_VERSION,
@@ -5867,8 +5907,9 @@ async function requestWithParameters({
     method: "POST",
     body: JSON.stringify(parameters),
     headers,
-    signal
-  }) : fetch(url, { headers, signal });
+    signal,
+    ...credentials && { credentials }
+  }) : fetch(url, { headers, signal, ...credentials && { credentials } });
   let response;
   let responseJson;
   const jsonPromise = fetchPromise.then((_response) => {
@@ -5914,8 +5955,19 @@ function createCacheKey(baseUrl, parameters, headers) {
     headers: headerEntries
   });
 }
+var RELATIVE_ORIGIN = "https://relative.invalid";
+function parseBaseUrl(baseUrlString) {
+  const isRelative = baseUrlString.startsWith("/") && !baseUrlString.startsWith("//");
+  return {
+    url: new URL(baseUrlString, isRelative ? RELATIVE_ORIGIN : void 0),
+    isRelative
+  };
+}
+function serializeBaseUrl(url, isRelative) {
+  return isRelative ? `${url.pathname}${url.search}` : url.toString();
+}
 function createURLWithParameters(baseUrlString, parameters) {
-  const baseUrl = new URL(baseUrlString);
+  const { url: baseUrl, isRelative } = parseBaseUrl(baseUrlString);
   for (const [key, value] of Object.entries(parameters)) {
     if (isPureObject(value) || Array.isArray(value)) {
       baseUrl.searchParams.set(key, JSON.stringify(value));
@@ -5928,16 +5980,16 @@ function createURLWithParameters(baseUrlString, parameters) {
       }
     }
   }
-  return baseUrl.toString();
+  return serializeBaseUrl(baseUrl, isRelative);
 }
 function excludeURLParameters(baseUrlString, parameters) {
-  const baseUrl = new URL(baseUrlString);
+  const { url: baseUrl, isRelative } = parseBaseUrl(baseUrlString);
   for (const param of parameters) {
     if (baseUrl.searchParams.has(param)) {
       baseUrl.searchParams.delete(param);
     }
   }
-  return baseUrl.toString();
+  return serializeBaseUrl(baseUrl, isRelative);
 }
 function clearDefaultRequestCache() {
   DEFAULT_REQUEST_CACHE.clear();
@@ -5965,10 +6017,12 @@ async function baseSource(endpoint, options, urlParameters) {
   }
   const baseUrl = buildSourceUrl(mergedOptions);
   const { clientId, maxLengthURL, localCache } = mergedOptions;
+  const sessionMode = options.authMode === "session";
   const headers = {
-    Authorization: `Bearer ${options.accessToken}`,
+    ...buildAuthHeaders(options),
     ...options.headers
   };
+  const credentials = getAuthCredentials(options.authMode);
   const parameters = { client: clientId, ...options.tags, ...urlParameters };
   const errorContext = {
     requestType: "Map instantiation",
@@ -5982,15 +6036,19 @@ async function baseSource(endpoint, options, urlParameters) {
     headers,
     errorContext,
     maxLengthURL,
-    localCache
+    localCache,
+    credentials
   });
-  const dataUrl = tilejson.url[0];
+  let dataUrl = tilejson.url[0];
   if (cache) {
     cache.value = parseInt(
       new URL(dataUrl).searchParams.get("cache") || "",
       10
     );
   }
+  if (sessionMode) {
+    dataUrl = rewriteUrlForSessionMode(dataUrl, mergedOptions.apiBaseUrl);
+  }
   errorContext.requestType = "Map data";
   const json = await requestWithParameters({
     baseUrl: dataUrl,
@@ -5998,9 +6056,14 @@ async function baseSource(endpoint, options, urlParameters) {
     headers,
     errorContext,
     maxLengthURL,
-    localCache
+    localCache,
+    credentials
   });
-  if (accessToken) {
+  if (sessionMode) {
+    json.tiles = json.tiles?.map(
+      (template) => rewriteUrlForSessionMode(template, mergedOptions.apiBaseUrl)
+    );
+  } else if (accessToken) {
     json.accessToken = accessToken;
   }
   if (schema) {
@@ -6105,6 +6168,7 @@ function dealWithApiError({
 async function makeCall({
   url,
   accessToken,
+  authMode,
   opts
 }) {
   let response;
@@ -6113,10 +6177,13 @@ async function makeCall({
   try {
     response = await fetch(url.toString(), {
       headers: {
-        Authorization: `Bearer ${accessToken}`,
+        ...buildAuthHeaders({ accessToken, authMode }),
         ...isPost && { "Content-Type": "application/json" },
         ...opts.headers
       },
+      ...getAuthCredentials(authMode) && {
+        credentials: getAuthCredentials(authMode)
+      },
       ...isPost && {
         method: opts?.method,
         body: opts?.body
@@ -6160,9 +6227,8 @@ function executeModel(props) {
     )}`
   );
   const { model, source, params, opts } = props;
-  const { type, apiVersion, apiBaseUrl, accessToken, connectionName, clientId } = source;
+  const { type, apiVersion, apiBaseUrl, connectionName, clientId } = source;
   assert2(apiBaseUrl, "executeModel: missing apiBaseUrl");
-  assert2(accessToken, "executeModel: missing accessToken");
   assert2(apiVersion === V3, "executeModel: SQL Model API requires CARTO 3+");
   assert2(type !== "tileset", "executeModel: Tilesets not supported");
   let url = `${apiBaseUrl}/v3/sql/${connectionName}/model/${model}`;
@@ -6201,6 +6267,7 @@ function executeModel(props) {
   return makeCall({
     url,
     accessToken: source.accessToken,
+    authMode: source.authMode,
     opts: {
       ...opts,
       method: isGet ? "GET" : "POST",
@@ -6325,6 +6392,7 @@ var WidgetRemoteSource = class extends WidgetSource {
       apiBaseUrl: props.apiBaseUrl,
       clientId: props.clientId,
       accessToken: props.accessToken,
+      authMode: props.authMode,
       connectionName: props.connectionName,
       filters: getApplicableFilters(filterOwner, filters || props.filters),
       filtersLogicalOperator: props.filtersLogicalOperator,
@@ -6654,7 +6722,7 @@ var WidgetRemoteSource = class extends WidgetSource {
       url = `${apiBaseUrl}/${apiVersion}/stats/${connectionName}/${data}/${spatialDataColumn}`;
     }
     const headers = {
-      Authorization: `Bearer ${this.props.accessToken}`,
+      ...buildAuthHeaders(this.props),
       ...this.props.headers
     };
     const errorContext = {
@@ -6667,7 +6735,8 @@ var WidgetRemoteSource = class extends WidgetSource {
       headers,
       signal,
       errorContext,
-      parameters
+      parameters,
+      credentials: getAuthCredentials(this.props.authMode)
     }).then(({ extent: { xmin, ymin, xmax, ymax } }) => ({
       bbox: [xmin, ymin, xmax, ymax]
     }));
@@ -7376,16 +7445,17 @@ var WidgetTilesetSourceImpl = class extends WidgetSource {
     this._features.length = 0;
   }
   _extractTileFeatures(spatialFilter) {
+    const geometryFilter = spatialFilter && !isSpatialIndexFilter(spatialFilter) ? spatialFilter : void 0;
     const prevInputs = this._tileFeatureExtractPreviousInputs;
-    if (this._features.length && spatialFilterEquals(prevInputs.spatialFilter, spatialFilter)) {
+    if (this._features.length && spatialFilterEquals(prevInputs.spatialFilter, geometryFilter)) {
       return;
     }
     this._features = tileFeatures({
       ...assignOptional({}, this.props, this._tileFeatureExtractOptions),
       tiles: this._tiles,
-      spatialFilter
+      spatialFilter: geometryFilter
     });
-    prevInputs.spatialFilter = spatialFilter;
+    prevInputs.spatialFilter = geometryFilter;
   }
   /**
    * Loads features as GeoJSON (used for testing).
@@ -8409,7 +8479,7 @@ var query = async function(options) {
   }
   const baseUrl = buildQueryUrl({ apiBaseUrl, connectionName });
   const headers = {
-    Authorization: `Bearer ${options.accessToken}`,
+    ...buildAuthHeaders(options),
     ...options.headers
   };
   const parameters = {
@@ -8431,7 +8501,8 @@ var query = async function(options) {
     errorContext,
     maxLengthURL,
     localCache,
-    signal: options.signal
+    signal: options.signal,
+    credentials: getAuthCredentials(options.authMode)
   });
 };
 
@@ -10761,6 +10832,9 @@ function createChannelProps(id, layerType, config2, visualChannels, data, datase
   };
 }
 function createLoadOptions(accessToken) {
+  if (!accessToken) {
+    return { loadOptions: { fetch: { credentials: "same-origin" } } };
+  }
   return {
     loadOptions: { fetch: { headers: { Authorization: `Bearer ${accessToken}` } } }
   };
@@ -11350,6 +11424,20 @@ function _getHexagonResolution(viewport, tileSize) {
     Math.floor(hexagonScaleFactor + latitudeScaleFactor - BIAS)
   );
 }
+var DYNAMIC_TILES_POINTS_AGGREGATION_LEVEL = 8;
+var AGG_LEVEL_CORRECTION_BY_TILE_RESOLUTION = {
+  0.25: -1,
+  0.5: 0,
+  1: 1,
+  2: 2,
+  4: 3
+};
+function getPointsAggregationLevel({
+  tileResolution,
+  zoomLevel
+}) {
+  return zoomLevel + DYNAMIC_TILES_POINTS_AGGREGATION_LEVEL + AGG_LEVEL_CORRECTION_BY_TILE_RESOLUTION[tileResolution];
+}
 
 // src/utils/CellSet.ts
 var EMPTY_U32 = 2 ** 32 - 1;
@@ -11445,6 +11533,7 @@ export {
   fillInTileStats as _fillInTileStats,
   _getHexagonResolution,
   getLog10ScaleSteps as _getLog10ScaleSteps,
+  getPointsAggregationLevel as _getPointsAggregationLevel,
   getRasterTileLayerStyleProps as _getRasterTileLayerStyleProps,
   validateVecExprSyntax as _validateVecExprSyntax,
   addFilter,
@@ -11454,6 +11543,7 @@ export {
   applySorting,
   boundaryQuerySource,
   boundaryTableSource,
+  buildAuthHeaders,
   buildBinaryFeatureFilter,
   buildPublicMapUrl,
   buildStatsUrl,
@@ -11472,6 +11562,7 @@ export {
   filterFunctions,
   geojsonFeatures,
   getApplicableFilters,
+  getAuthCredentials,
   getClient,
   getColorAccessor,
   getColumnNameFromGeoColumn,
@@ -11493,6 +11584,7 @@ export {
   h3TilesetSource,
   hasFilter,
   histogram,
+  isSpatialIndexFilter,
   makeIntervalComplete,
   negateAccessor,
   opacityToAlpha,
@@ -11504,6 +11596,7 @@ export {
   rasterSource,
   removeFilter,
   requestWithParameters,
+  rewriteUrlForSessionMode,
   scaleAggregationResLevel,
   scatterPlot,
   setClient,