npm - @conduit-client/salesforce-lightning-service-worker - Versions diffs - 3.3.0 → 3.5.0 - Mend

@conduit-client/salesforce-lightning-service-worker 3.3.0 → 3.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +72 -37
package/dist/index.js +316 -34
package/dist/index.js.map +1 -1
package/dist/types/fetch.d.ts +32 -0
package/dist/types/index.d.ts +40 -8
package/package.json +7 -6
package/dist/types/csrf.d.ts +0 -1
/package/dist/types/__tests__/{csrf.spec.d.ts → fetch.spec.d.ts} +0 -0

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Salesforce Lightning Service Worker
-A lightweight service worker utility for Salesforce Lightning applications that provides basic service worker registration and management functionality.
+A specialized HTTP client and service worker for Salesforce Lightning applications that provides automatic CSRF (Cross-Site Request Forgery) protection for API requests. This package ensures secure communication with Salesforce APIs by automatically managing CSRF tokens.
 ## Installation
@@ -10,72 +10,107 @@ npm install @conduit-client/salesforce-lightning-service-worker
 ## Usage
-This package exports two main functions that work together to implement service worker functionality in your application:
+This package provides two ways to use CSRF protection:
-### 1. Register the Service Worker (App Code)
+### 1. Using ConduitClient (Recommended)
-In your main application code, use the `registerServiceWorker` function to register your service worker:
+The `ConduitClient` provides a convenient wrapper around fetch with automatic CSRF protection:
 ```typescript
-import { registerServiceWorker } from '@conduit-client/salesforce-lightning-service-worker';
+import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';
-// Register service worker with module type support
-const registration = await registerServiceWorker('./sw.js', { type: 'module' });
+// Create a client instance
+const client = ConduitClient.create();
+// Make API calls - CSRF protection is automatic for protected endpoints
+const response = await client.fetch('/services/data/v65.0/sobjects/Account', {
+  method: 'POST',
+  body: JSON.stringify({ Name: 'Test Account' }),
+});
 ```
-**Parameters:**
+### 2. Using Service Worker (Advanced)
+For applications that desire service worker-level CSRF protection:
-- `scriptUrl`: The URL path to your service worker file
-- `options`: Optional `RegistrationOptions` (e.g., `{ type: 'module' }` for ES6 module support)
+#### Register the Service Worker
+```typescript
+import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';
-### 2. Create the Service Worker File
+// Register service worker for enhanced protection
+await ConduitClient.registerServiceWorker('./sw.js');
+```
-You must configure your bundler to expose a statically named service worker file (without hash tokens) that calls the `createServiceWorker` function:
+#### Create the Service Worker File
 ```typescript
-// sw.js or similar
-import { createServiceWorker } from '@conduit-client/salesforce-lightning-service-worker';
+// sw.js - served statically by your bundler
+import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';
-createServiceWorker();
+// Define service worker behavior
+ConduitClient.defineServiceWorker({ debug: true });
 ```
+**NOTE: ** Note, if service worker registration fails the wrapper approach will remain in
+place in order to maintain CSRF protection.
 **Important Configuration Notes:**
-1. **Static File Name**: The service worker file must have a static name (e.g., `sw.js`) without hash tokens to ensure consistent registration/updates
-2. **Module Type**: If using ES6 imports in your service worker, register it with `{ type: 'module' }`
-3. **Scope**: The path from which the service worker file is served establishes the scope for which the service worker will apply. For example:
-   - `/sw.js` → Controls the entire origin
-   - `/app/sw.js` → Only controls paths under `/app/`
+1. **Static File Name**: The service worker file must have a static name (e.g., `sw.js`) without hash tokens
+2. **Module Type**: Use ES6 modules for modern bundlers
+3. **Scope**: Service worker scope determines which requests it can intercept
+## CSRF Protection Features
+This package provides automatic CSRF protection with the following features:
-## Service Worker Features
+### Automatic Token Management
-The `createServiceWorker` function sets up a basic service worker with:
+- **Token Caching**: CSRF tokens are cached using the Cache API for performance
+- **Token Refresh**: Automatically refreshes tokens when they become invalid
+- **Retry Logic**: Retries requests once with fresh tokens on authentication failures
+### Protected Endpoints
+- **Method Protection**: Automatically protects data-mutating methods (POST, PUT, PATCH, DELETE)
+- **URL Protection**: Currently protects all Salesforce API endpoints under `/services`
+- **Intelligent Detection**: Only applies CSRF protection where needed
+### Service Worker Integration
 - **Install Handler**: Skips waiting to activate immediately
 - **Activate Handler**: Claims all clients immediately
-- **Fetch Handler**: Intercepts and logs all `fetch` requests (currently passes through all requests)
+- **Fetch Interception**: Intercepts and enhances requests with CSRF tokens
-## Example Implementation
+## Complete Example
 ```typescript
-// Main app code
-import { registerServiceWorker } from '@conduit-client/salesforce-lightning-service-worker';
-async function initializeApp() {
-  try {
-    const registration = await registerServiceWorker('./sw.js', { type: 'module' });
-    console.log('Service worker registered:', registration?.scope);
-  } catch (error) {
-    console.error('Service worker registration failed:', error);
-  }
+// Main application code
+import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';
+async function setupApiClient() {
+  // Optionally register service worker for enhanced protection
+  await ConduitClient.registerServiceWorker('./sw.js');
+  // Create client for API calls
+  const client = ConduitClient.create();
+  // Make API calls - CSRF protection is automatic
+  const account = await client.fetch('/services/data/v65.0/sobjects/Account', {
+    method: 'POST',
+    body: JSON.stringify({ Name: 'New Account' }),
+  });
+  return client;
 }
 ```
 ```typescript
-// sw.js (served statically by your bundler)
-import { createServiceWorker } from '@conduit-client/salesforce-lightning-service-worker';
+// sw.js - Service worker file if `registerServiceWorker` is used
+import { ConduitClient } from '@conduit-client/salesforce-lightning-service-worker';
-createServiceWorker();
+ConduitClient.defineServiceWorker({ debug: false });
 ```
 ## Development

package/dist/index.js CHANGED Viewed

@@ -3,8 +3,91 @@
  * All rights reserved.
  * For full license text, see the LICENSE.txt file
  */
+/*!
+ * Copyright (c) 2022, Salesforce, Inc.,
+ * All rights reserved.
+ * For full license text, see the LICENSE.txt file
+ */
+function resolvedPromiseLike(result) {
+  if (isPromiseLike(result)) {
+    return result.then((nextResult) => nextResult);
+  }
+  return {
+    then: (onFulfilled, _onRejected) => {
+      try {
+        return resolvedPromiseLike(onFulfilled(result));
+      } catch (e) {
+        if (onFulfilled === void 0) {
+          return resolvedPromiseLike(result);
+        }
+        return rejectedPromiseLike(e);
+      }
+    }
+  };
+}
+function rejectedPromiseLike(reason) {
+  if (isPromiseLike(reason)) {
+    return reason.then((nextResult) => nextResult);
+  }
+  return {
+    then: (_onFulfilled, onRejected) => {
+      if (typeof onRejected === "function") {
+        try {
+          return resolvedPromiseLike(onRejected(reason));
+        } catch (e) {
+          return rejectedPromiseLike(e);
+        }
+      }
+      return rejectedPromiseLike(reason);
+    }
+  };
+}
+function isPromiseLike(x) {
+  return typeof (x == null ? void 0 : x.then) === "function";
+}
+/*!
+ * Copyright (c) 2022, Salesforce, Inc.,
+ * All rights reserved.
+ * For full license text, see the LICENSE.txt file
+ */
+function buildServiceDescriptor(interceptors = { request: [], response: [], finally: [] }, retryService) {
+  return {
+    type: "fetch",
+    version: "1.0",
+    service: function(...args) {
+      var _a;
+      const context = (_a = interceptors.createContext) == null ? void 0 : _a.call(interceptors);
+      const {
+        request: requestInterceptors = [],
+        response: responseInterceptors = [],
+        finally: finallyInterceptors = []
+      } = interceptors;
+      const pending = requestInterceptors.reduce(
+        (previousPromise, interceptor) => previousPromise.then((args2) => interceptor(args2, context)),
+        resolvedPromiseLike(args)
+      );
+      return Promise.resolve(pending).then((args2) => {
+        return fetch(...args2);
+      }).then((response) => {
+        return responseInterceptors.reduce(
+          (previousPromise, interceptor) => previousPromise.then((response2) => interceptor(response2, context)),
+          resolvedPromiseLike(response)
+        );
+      }).finally(() => {
+        if (finallyInterceptors.length > 0) {
+          return finallyInterceptors.reduce(
+            (previousPromise, interceptor) => previousPromise.then(() => interceptor(context)),
+            Promise.resolve()
+          );
+        }
+      });
+    }
+  };
+}
 const CACHE_VERSION = 1;
 const CACHE_NAME = `salesforce-lightning-service-worker-${CACHE_VERSION}`;
+const CSRF_HEADER = "X-CSRF-Token";
+const API_PATH_PREFIX = "/services/data/v";
 async function withCache(callback) {
   if (caches) {
     const cache = await caches.open(CACHE_NAME);
@@ -19,7 +102,7 @@ function isProtectedMethod(method) {
 }
 function isProtectedUrl(urlString) {
   const url = new URL(urlString);
-  return url.pathname.startsWith("/services");
+  return url.pathname.includes(API_PATH_PREFIX);
 }
 async function isTokenInvalid(response) {
   var _a;
@@ -29,61 +112,260 @@ async function isTokenInvalid(response) {
   }
   return false;
 }
-function createCsrfHandler(version) {
-  const CSRF_TOKEN_URL = `/services/data/v${version}/ui-api/session/csrf`;
+function createLightningFetch(config = {}) {
+  const { fireEvent = () => {
+  }, csrfTokenSource, interceptors } = config;
+  const { service: fetchService } = buildServiceDescriptor(interceptors);
+  let tokenUrl = `${API_PATH_PREFIX}65.0/ui-api/session/csrf`;
+  let tokenProvider = obtainToken;
+  if (csrfTokenSource) {
+    if (typeof csrfTokenSource === "string" || csrfTokenSource instanceof URL) {
+      tokenUrl = csrfTokenSource;
+    } else if (typeof csrfTokenSource === "function") {
+      tokenProvider = csrfTokenSource;
+    }
+  }
+  function generateId() {
+    return Date.now().toString(36);
+  }
   async function obtainToken() {
-    let response = await withCache((cache) => cache.match(CSRF_TOKEN_URL));
+    const id = generateId();
+    fireEvent("csrf_token_obtain_start", id);
+    let response = await withCache((cache) => cache.match(tokenUrl));
     if (!response) {
-      response = await fetch(CSRF_TOKEN_URL, { method: "get" });
+      fireEvent("csrf_token_fetch_start", id);
+      response = await fetchService(tokenUrl, { method: "get" });
+      fireEvent("csrf_token_fetch_complete", id, { status: response.status });
+    } else {
+      fireEvent("csrf_token_cache_hit", id);
     }
     const csrfToken = (await response.clone().json()).csrfToken;
-    await withCache((cache) => cache.put(CSRF_TOKEN_URL, response));
+    await withCache((cache) => cache.put(tokenUrl, response));
+    fireEvent("csrf_token_obtain_complete", id);
     return csrfToken;
   }
-  let tokenPromise = obtainToken();
+  let tokenPromise = tokenProvider();
   async function refreshToken() {
-    await withCache((cache) => cache.delete(CSRF_TOKEN_URL));
-    tokenPromise = obtainToken();
+    const id = generateId();
+    fireEvent("csrf_token_refresh_start", id);
+    await withCache((cache) => cache.delete(tokenUrl));
+    tokenPromise = tokenProvider();
+    fireEvent("csrf_token_refresh_complete", id);
   }
   async function fetchWithToken(request) {
     const headers = new Headers(request.headers);
-    headers.set("X-CSRF-Token", await tokenPromise);
-    return fetch(request, { headers });
+    if (!headers.has(CSRF_HEADER)) {
+      headers.set(CSRF_HEADER, await tokenPromise);
+    }
+    return fetchService(request, { headers });
   }
-  return async (request) => {
+  return async function lightningFetch(input, init) {
+    const id = generateId();
+    const request = new Request(input, init);
     if (isProtectedMethod(request.method) && isProtectedUrl(request.url)) {
+      fireEvent("protected_request_start", id, { method: request.method, url: request.url });
+      const response = await fetchWithToken(request.clone());
+      if (await isTokenInvalid(response)) {
+        fireEvent("csrf_token_invalid", id, { status: response.status });
+        await refreshToken();
+        const retryResponse = await fetchWithToken(request.clone());
+        fireEvent("protected_request_complete", id, {
+          method: request.method,
+          url: request.url,
+          status: retryResponse.status,
+          retried: true
+        });
+        return retryResponse;
+      } else {
+        fireEvent("protected_request_complete", id, {
+          method: request.method,
+          url: request.url,
+          status: response.status,
+          retried: false
+        });
+        return response;
+      }
+    } else {
+      fireEvent("unprotected_request", id, { method: request.method, url: request.url });
+      return fetchService(request);
+    }
+  };
+}
+let clientFetch = createLightningFetch();
+let serviceWorkerLoading = false;
+let pendingRequests = [];
+class ConduitClient {
+  constructor() {
+  }
+  /**
+   * Makes an HTTP request
+   *
+   * @param input - The URL, Request object, or relative path to request
+   * @param init - Optional request configuration that will be merged with defaults
+   * @returns Promise that resolves to the Response object
+   */
+  fetch(input, init = {}) {
+    if (serviceWorkerLoading) {
+      return new Promise((resolve) => {
+        pendingRequests.push({ input, init, resolve });
+      });
+    }
+    return clientFetch(input, init);
+  }
+  /**
+   * Factory method to create a new ConduitClient instance
+   *
+   * @returns A new ConduitClient instance
+   */
+  static create() {
+    return new ConduitClient();
+  }
+  /**
+   * Registers a service worker for enhanced CSRF protection and caching.
+   * When successfully registered, the client will switch to using native fetch
+   * as the service worker will handle CSRF protection.
+   *
+   * The script URL must identify a source file that calls `defineServiceWorker`.
+   *
+   * @param scriptURL - URL or path to the service worker script
+   */
+  static async registerServiceWorker(scriptURL) {
+    if ("serviceWorker" in navigator) {
       try {
-        const response = await fetchWithToken(request.clone());
-        if (await isTokenInvalid(response)) {
-          await refreshToken();
-          return fetchWithToken(request.clone());
+        serviceWorkerLoading = true;
+        const registration = await navigator.serviceWorker.register(scriptURL, {
+          type: "module"
+        });
+        const scopePath = getScopePath(registration);
+        if (scopePath !== "/") {
+          clientFetch = (input, init) => {
+            return fetch(prependScope(scopePath, input), init);
+          };
         } else {
-          return response;
+          clientFetch = fetch;
         }
+        console.log("[Conduit Client] Service registration succeeded:", registration);
       } catch (error) {
-        return new Response(JSON.stringify({ error }), { status: 500 });
+        console.log(
+          "[Conduit Client] Service Worker registration failed (using decorated `fetch`):",
+          error
+        );
+      } finally {
+        processQueuedRequests();
       }
     } else {
-      return fetch(request);
+      console.log("[Conduit Client] Service Worker not supported (using decorated `fetch`):");
     }
-  };
+  }
+  /**
+   * Defines the service worker behavior for CSRF protection.
+   *
+   * This method must be called within a service worker script whose URL is supplied to
+   * `registerServiceWorker`
+   */
+  static defineServiceWorker() {
+    const scope = self;
+    const scopePath = getScopePath(scope.registration);
+    const fetchService = createLightningFetch({
+      // potential optimization: only register interceptor if there is a scope
+      interceptors: { request: [stripScope(scopePath)] }
+    });
+    scope.addEventListener("install", (event) => {
+      event.waitUntil(scope.skipWaiting());
+    });
+    scope.addEventListener("activate", (event) => {
+      event.waitUntil(scope.clients.claim());
+    });
+    scope.addEventListener("fetch", (event) => {
+      event.respondWith(fetchService(event.request));
+    });
+  }
 }
-function createServiceWorker({ version, debug }) {
-  const scope = self;
-  scope.addEventListener("install", (event) => {
-    if (debug) console.log("[Service Worker] Installed");
-    event.waitUntil(scope.skipWaiting());
-  });
-  scope.addEventListener("activate", (event) => {
-    if (debug) console.log("[Service Worker] Activated");
-    event.waitUntil(scope.clients.claim());
-  });
-  const applyCsrfProtection = createCsrfHandler(version);
-  scope.addEventListener("fetch", (event) => {
-    event.respondWith(applyCsrfProtection(event.request));
+function processQueuedRequests() {
+  serviceWorkerLoading = false;
+  pendingRequests.forEach(({ input, init, resolve }) => {
+    resolve(clientFetch(input, init));
   });
+  pendingRequests = [];
+}
+function getScopePath(registration) {
+  const swUrl = new URL(registration.scope);
+  const folderUrl = new URL(".", swUrl);
+  return folderUrl.pathname;
+}
+function prependScope(base, input) {
+  if (!base) {
+    return input;
+  }
+  const addBaseToString = (path) => {
+    const baseUrl = typeof base === "string" ? base : base.toString();
+    return baseUrl.endsWith("/") ? baseUrl + path.slice(1) : baseUrl + path;
+  };
+  const addBaseToUrl = (url) => {
+    const path = url.pathname;
+    const pathStart = path.indexOf(API_PATH_PREFIX);
+    const trimmedPath = path.slice(pathStart);
+    const newPath = addBaseToString(trimmedPath);
+    return new URL(newPath, url);
+  };
+  if (typeof input === "string") {
+    if (input.startsWith(API_PATH_PREFIX)) {
+      return addBaseToString(input);
+    }
+  } else if (input instanceof URL) {
+    const path = input.pathname;
+    if (path.includes(API_PATH_PREFIX)) {
+      return addBaseToUrl(input);
+    }
+  } else if (input instanceof Request) {
+    const url = new URL(input.url);
+    const path = url.pathname;
+    if (path.includes(API_PATH_PREFIX)) {
+      const newUrl = addBaseToUrl(url);
+      return new Request(newUrl, input);
+    }
+  }
+  return input;
+}
+function stripScope(apiPathBase) {
+  return (fetchArgs) => {
+    if (!apiPathBase) {
+      return Promise.resolve(fetchArgs);
+    }
+    const [input, init] = fetchArgs;
+    const baseUrl = typeof apiPathBase === "string" ? apiPathBase : apiPathBase.toString();
+    if (typeof input === "string") {
+      if (input.startsWith(baseUrl)) {
+        const pathStart = input.indexOf(API_PATH_PREFIX);
+        if (pathStart !== -1) {
+          const apiPath = input.slice(pathStart);
+          return Promise.resolve([apiPath, init]);
+        }
+      }
+    } else if (input instanceof URL) {
+      const path = input.pathname;
+      if (path.startsWith(baseUrl)) {
+        const pathStart = path.indexOf(API_PATH_PREFIX);
+        if (pathStart !== -1) {
+          const apiPath = path.slice(pathStart);
+          return Promise.resolve([new URL(apiPath, input), init]);
+        }
+      }
+    } else if (input instanceof Request) {
+      const url = new URL(input.url);
+      const path = url.pathname;
+      if (path.startsWith(baseUrl)) {
+        const pathStart = path.indexOf(API_PATH_PREFIX);
+        if (pathStart !== -1) {
+          const apiPath = path.slice(pathStart);
+          return Promise.resolve([new Request(new URL(apiPath, url), input), init]);
+        }
+      }
+    }
+    return Promise.resolve(fetchArgs);
+  };
 }
 export {
-  createServiceWorker
+  ConduitClient
 };
 //# sourceMappingURL=index.js.map

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sources":["../src/csrf.ts","../src/index.ts"],"sourcesContent":["const CACHE_VERSION = 1;\nconst CACHE_NAME = `salesforce-lightning-service-worker-${CACHE_VERSION}`;\n\n/*\n Retrieves the cache and supplies it to a callback.\n \n @param callback\n /\nasync function withCache<T>(callback: (cache: Cache) => Promise<T>): Promise<T \| undefined> {\n // defend against the cache API not being available\n if (caches) {\n const cache = await caches.open(CACHE_NAME);\n return callback(cache);\n } else {\n return undefined;\n }\n}\n\n/\n Determine if an HTTP method is one that mutates data.\n /\nfunction isProtectedMethod(method: string) {\n const normalizedMethod = method.toLowerCase();\n return (\n normalizedMethod === 'post' \|\|\n normalizedMethod === 'put' \|\|\n normalizedMethod === 'patch' \|\|\n normalizedMethod === 'delete'\n );\n}\n\n/\n Determine if the URL is for a path that has CSRF protection.\n \n Note: Could allow customization\n /\nfunction isProtectedUrl(urlString: string) {\n const url = new URL(urlString);\n return url.pathname.startsWith('/services');\n}\n\n/\n Check response for status and error code of an invalid token\n /\nasync function isTokenInvalid(response: Response) {\n if (response.status === 400) {\n // clone response to read body without consuming it\n const body = await response.clone().json();\n\n // check for specific error code\n return body[0]?.errorCode === 'INVALID_ACCESS_TOKEN';\n }\n\n return false;\n}\n\nexport function createCsrfHandler(version: string) {\n const CSRF_TOKEN_URL = `/services/data/v${version}/ui-api/session/csrf`;\n\n async function obtainToken(): Promise<string> {\n // look up response in cache\n let response = await withCache((cache) => cache.match(CSRF_TOKEN_URL));\n\n if (!response) {\n // cached response not available to fetch\n response = await fetch(CSRF_TOKEN_URL, { method: 'get' });\n }\n\n // extract token using clone so caching can still process\n const csrfToken: string = (await response.clone().json()).csrfToken;\n\n // store token response\n await withCache((cache) => cache.put(CSRF_TOKEN_URL, response));\n\n return csrfToken;\n }\n\n let tokenPromise = obtainToken();\n\n /\n Clear any cached token and retrieve a new one.\n /\n async function refreshToken() {\n await withCache((cache) => cache.delete(CSRF_TOKEN_URL));\n\n tokenPromise = obtainToken();\n }\n\n /\n Make a request with the token header based on the supplied request\n /\n async function fetchWithToken(request: Request) {\n // combine original headers with new csrf header\n const headers = new Headers(request.headers);\n headers.set('X-CSRF-Token', await tokenPromise!);\n\n // make request with updated headers\n return fetch(request, { headers });\n }\n\n /\n Applies a valid CSRF token to targeted requests that modify data\n /\n return async (request: Request): Promise<Response> => {\n // see if the method and url qualify for CSRF\n if (isProtectedMethod(request.method) && isProtectedUrl(request.url)) {\n try {\n // make request with token, clone so that any retry isn't based on a consumed request\n const response = await fetchWithToken(request.clone());\n\n // see if token was bad\n if (await isTokenInvalid(response)) {\n // it was, so refresh and try again\n await refreshToken();\n return fetchWithToken(request.clone());\n } else {\n // use response\n return response;\n }\n } catch (error) {\n // always need to return a response\n return new Response(JSON.stringify({ error }), { status: 500 });\n }\n } else {\n // protection not required, run as is\n return fetch(request);\n }\n };\n}\n","import { createCsrfHandler } from './csrf';\n\nexport type Config = {\n version: string;\n debug?: boolean;\n};\n\n/\n Adds event listeners for setting up service worker.\n \n @param version\n * @param debug\n */\nexport function createServiceWorker({ version, debug }: Config) {\n const scope = self as any as ServiceWorkerGlobalScope;\n\n scope.addEventListener('install', (event) => {\n if (debug) console.log('[Service Worker] Installed');\n\n // Skip waiting to activate immediately\n event.waitUntil(scope.skipWaiting());\n });\n\n scope.addEventListener('activate', (event) => {\n if (debug) console.log('[Service Worker] Activated');\n\n // Claim all clients immediately\n event.waitUntil(scope.clients.claim());\n });\n\n const applyCsrfProtection = createCsrfHandler(version);\n scope.addEventListener('fetch', (event) => {\n // Apply CSRF protection\n event.respondWith(applyCsrfProtection(event.request));\n });\n}\n"],"names":[],"mappings":";;;;;AAAA,MAAM,gBAAgB;AACtB,MAAM,aAAa,uCAAuC,aAAa;AAOvE,eAAe,UAAa,UAAgE;AAExF,MAAI,QAAQ;AACR,UAAM,QAAQ,MAAM,OAAO,KAAK,UAAU;AAC1C,WAAO,SAAS,KAAK;AAAA,EACzB,OAAO;AACH,WAAO;AAAA,EACX;AACJ;AAKA,SAAS,kBAAkB,QAAgB;AACvC,QAAM,mBAAmB,OAAO,YAAA;AAChC,SACI,qBAAqB,UACrB,qBAAqB,SACrB,qBAAqB,WACrB,qBAAqB;AAE7B;AAOA,SAAS,eAAe,WAAmB;AACvC,QAAM,MAAM,IAAI,IAAI,SAAS;AAC7B,SAAO,IAAI,SAAS,WAAW,WAAW;AAC9C;AAKA,eAAe,eAAe,UAAoB;;AAC9C,MAAI,SAAS,WAAW,KAAK;AAEzB,UAAM,OAAO,MAAM,SAAS,MAAA,EAAQ,KAAA;AAGpC,aAAO,UAAK,CAAC,MAAN,mBAAS,eAAc;AAAA,EAClC;AAEA,SAAO;AACX;AAEO,SAAS,kBAAkB,SAAiB;AAC/C,QAAM,iBAAiB,mBAAmB,OAAO;AAEjD,iBAAe,cAA+B;AAE1C,QAAI,WAAW,MAAM,UAAU,CAAC,UAAU,MAAM,MAAM,cAAc,CAAC;AAErE,QAAI,CAAC,UAAU;AAEX,iBAAW,MAAM,MAAM,gBAAgB,EAAE,QAAQ,OAAO;AAAA,IAC5D;AAGA,UAAM,aAAqB,MAAM,SAAS,MAAA,EAAQ,QAAQ;AAG1D,UAAM,UAAU,CAAC,UAAU,MAAM,IAAI,gBAAgB,QAAQ,CAAC;AAE9D,WAAO;AAAA,EACX;AAEA,MAAI,eAAe,YAAA;AAKnB,iBAAe,eAAe;AAC1B,UAAM,UAAU,CAAC,UAAU,MAAM,OAAO,cAAc,CAAC;AAEvD,mBAAe,YAAA;AAAA,EACnB;AAKA,iBAAe,eAAe,SAAkB;AAE5C,UAAM,UAAU,IAAI,QAAQ,QAAQ,OAAO;AAC3C,YAAQ,IAAI,gBAAgB,MAAM,YAAa;AAG/C,WAAO,MAAM,SAAS,EAAE,SAAS;AAAA,EACrC;AAKA,SAAO,OAAO,YAAwC;AAElD,QAAI,kBAAkB,QAAQ,MAAM,KAAK,eAAe,QAAQ,GAAG,GAAG;AAClE,UAAI;AAEA,cAAM,WAAW,MAAM,eAAe,QAAQ,OAAO;AAGrD,YAAI,MAAM,eAAe,QAAQ,GAAG;AAEhC,gBAAM,aAAA;AACN,iBAAO,eAAe,QAAQ,OAAO;AAAA,QACzC,OAAO;AAEH,iBAAO;AAAA,QACX;AAAA,MACJ,SAAS,OAAO;AAEZ,eAAO,IAAI,SAAS,KAAK,UAAU,EAAE,MAAA,CAAO,GAAG,EAAE,QAAQ,KAAK;AAAA,MAClE;AAAA,IACJ,OAAO;AAEH,aAAO,MAAM,OAAO;AAAA,IACxB;AAAA,EACJ;AACJ;ACnHO,SAAS,oBAAoB,EAAE,SAAS,SAAiB;AAC5D,QAAM,QAAQ;AAEd,QAAM,iBAAiB,WAAW,CAAC,UAAU;AACzC,QAAI,MAAO,SAAQ,IAAI,4BAA4B;AAGnD,UAAM,UAAU,MAAM,aAAa;AAAA,EACvC,CAAC;AAED,QAAM,iBAAiB,YAAY,CAAC,UAAU;AAC1C,QAAI,MAAO,SAAQ,IAAI,4BAA4B;AAGnD,UAAM,UAAU,MAAM,QAAQ,MAAA,CAAO;AAAA,EACzC,CAAC;AAED,QAAM,sBAAsB,kBAAkB,OAAO;AACrD,QAAM,iBAAiB,SAAS,CAAC,UAAU;AAEvC,UAAM,YAAY,oBAAoB,MAAM,OAAO,CAAC;AAAA,EACxD,CAAC;AACL;"}
1	+ {"version":3,"file":"index.js","sources":["../../utils/dist/index.js","../../services/fetch-network/dist/v1/index.js","../src/fetch.ts","../src/index.ts"],"sourcesContent":["/!\n Copyright (c) 2022, Salesforce, Inc.,\n * All rights reserved.\n * For full license text, see the LICENSE.txt file\n /\nfunction bfs(start, predicate, getChildren) {\n const queue = [...start];\n const visited = / @__PURE__ / new Set([...start]);\n const matches2 = / @__PURE__ / new Set();\n while (queue.length) {\n const curr = queue.shift();\n if (predicate(curr)) {\n matches2.add(curr);\n }\n const children = getChildren(curr);\n for (const child of children) {\n if (!visited.has(child)) {\n visited.add(child);\n queue.push(child);\n }\n }\n }\n return matches2;\n}\nfunction lineFormatter(position, message, filePath) {\n return `${message} (${filePath}:${position.line}:${position.column})`;\n}\nclass DefaultFileParserLogger {\n constructor(services, filePath) {\n this.services = services;\n this.filePath = filePath;\n }\n trace(position, message) {\n this.services.logger.trace(this.format(position, message));\n }\n debug(position, message) {\n this.services.logger.debug(this.format(position, message));\n }\n info(position, message) {\n this.services.logger.info(this.format(position, message));\n }\n warn(position, message) {\n this.services.logger.warn(this.format(position, message));\n }\n error(position, message) {\n this.services.logger.error(this.format(position, message));\n }\n format(position, message) {\n return lineFormatter(position, message, this.filePath);\n }\n}\nfunction matches(test, s) {\n if (test === void 0) {\n return false;\n } else if (typeof test === \"string\") {\n return s === test;\n } else if (test instanceof RegExp) {\n return test.test(s);\n } else if (typeof test === \"function\") {\n return test(s);\n }\n return test.some((m) => matches(m, s));\n}\nfunction includes(incexc, s) {\n if (matches(incexc.exclude, s)) {\n return false;\n }\n if (matches(incexc.include, s)) {\n return true;\n }\n if (incexc.include) {\n return false;\n }\n return true;\n}\nconst { create, freeze, keys, entries } = Object;\nconst { hasOwnProperty } = Object.prototype;\nconst { isArray } = Array;\nconst { push, indexOf, slice } = Array.prototype;\nconst { stringify, parse } = JSON;\nconst WeakSetConstructor = WeakSet;\nconst LogLevelMap = {\n TRACE: 4,\n DEBUG: 3,\n INFO: 2,\n WARN: 1,\n ERROR: 0\n};\nclass ConsoleLogger {\n constructor(level = \"WARN\", printer = console.log, formatter = (level2, message) => `${level2}: ${message}`) {\n this.level = level;\n this.printer = printer;\n this.formatter = formatter;\n this.messages = [];\n }\n trace(message) {\n this.log(\"TRACE\", message);\n }\n debug(message) {\n this.log(\"DEBUG\", message);\n }\n info(message) {\n this.log(\"INFO\", message);\n }\n warn(message) {\n this.log(\"WARN\", message);\n }\n error(message) {\n this.log(\"ERROR\", message);\n }\n log(level, message) {\n if (LogLevelMap[level] > LogLevelMap[this.level]) {\n return;\n }\n this.printer(this.formatter(level, message));\n }\n}\nfunction loggerService(level, printer, formatter) {\n return new ConsoleLogger(level, printer, formatter);\n}\nclass Ok {\n constructor(value) {\n this.value = value;\n }\n isOk() {\n return true;\n }\n isErr() {\n return !this.isOk();\n }\n}\nclass Err {\n constructor(error) {\n this.error = error;\n }\n isOk() {\n return false;\n }\n isErr() {\n return !this.isOk();\n }\n}\nconst ok = (value) => new Ok(value);\nconst err = (err2) => new Err(err2);\nclass DataNotFoundError extends Error {\n constructor(message) {\n super(message);\n this.name = \"DataNotFoundError\";\n }\n}\nclass DataIncompleteError extends Error {\n constructor(message, partialData) {\n super(message);\n this.partialData = partialData;\n this.name = \"DataIncompleteError\";\n }\n}\nfunction isDataNotFoundError(error) {\n return error instanceof DataNotFoundError \|\| error.name === \"DataNotFoundError\";\n}\nfunction isDataIncompleteError(error) {\n return error instanceof DataIncompleteError \|\| error.name === \"DataIncompleteError\";\n}\nfunction isCacheHitOrError(value) {\n if (value.isErr() && (isDataIncompleteError(value.error) \|\| isDataNotFoundError(value.error))) {\n return false;\n }\n return true;\n}\nfunction isCacheMiss(value) {\n return !isCacheHitOrError(value);\n}\nfunction isResult(value) {\n return value != null && typeof value === \"object\" && \"isOk\" in value && \"isErr\" in value && typeof value.isOk === \"function\" && typeof value.isErr === \"function\" && (value.isOk() === true && value.isErr() === false && \"value\" in value \|\| value.isOk() === false && value.isErr() === true && \"error\" in value);\n}\nfunction setOverlaps(setA, setB) {\n for (const element of setA) {\n if (setB.has(element)) {\n return true;\n }\n }\n return false;\n}\nfunction setDifference(setA, setB) {\n const differenceSet = / @__PURE__ / new Set();\n for (const element of setA) {\n if (!setB.has(element)) {\n differenceSet.add(element);\n }\n }\n return differenceSet;\n}\nfunction addAllToSet(targetSet, sourceSet) {\n for (const element of sourceSet) {\n targetSet.add(element);\n }\n}\nconst toTypeScriptSafeIdentifier = (s) => s.length >= 1 ? s[0].replace(/[^$_\\p{ID_Start}]/u, \"_\") + s.slice(1).replace(/[^$\\u200c\\u200d\\p{ID_Continue}]/gu, \"_\") : \"\";\nfunction isSubscribable(obj) {\n return typeof obj === \"object\" && obj !== null && \"subscribe\" in obj && typeof obj.subscribe === \"function\" && \"refresh\" in obj && typeof obj.refresh === \"function\";\n}\nfunction isSubscribableResult(x) {\n if (!isResult(x)) {\n return false;\n }\n return isSubscribable(x.isOk() ? x.value : x.error);\n}\nfunction buildSubscribableResult(result, subscribe, refresh) {\n if (result.isOk()) {\n return ok({ data: result.value, subscribe, refresh });\n } else {\n return err({ failure: result.error, subscribe, refresh });\n }\n}\nfunction resolvedPromiseLike(result) {\n if (isPromiseLike(result)) {\n return result.then((nextResult) => nextResult);\n }\n return {\n then: (onFulfilled, _onRejected) => {\n try {\n return resolvedPromiseLike(onFulfilled(result));\n } catch (e) {\n if (onFulfilled === void 0) {\n return resolvedPromiseLike(result);\n }\n return rejectedPromiseLike(e);\n }\n }\n };\n}\nfunction rejectedPromiseLike(reason) {\n if (isPromiseLike(reason)) {\n return reason.then((nextResult) => nextResult);\n }\n return {\n then: (_onFulfilled, onRejected) => {\n if (typeof onRejected === \"function\") {\n try {\n return resolvedPromiseLike(onRejected(reason));\n } catch (e) {\n return rejectedPromiseLike(e);\n }\n }\n return rejectedPromiseLike(reason);\n }\n };\n}\nfunction isPromiseLike(x) {\n return typeof (x == null ? void 0 : x.then) === \"function\";\n}\nfunction racesync(values) {\n for (const value of values) {\n let settled = void 0;\n if (isPromiseLike(value)) {\n value.then(\n (_) => {\n settled = value;\n },\n (_) => {\n settled = value;\n }\n );\n } else {\n settled = resolvedPromiseLike(value);\n }\n if (settled !== void 0) {\n return settled;\n }\n }\n return Promise.race(values);\n}\nfunction withResolvers() {\n let resolve, reject;\n const promise = new Promise((res, rej) => {\n resolve = res;\n reject = rej;\n });\n return { promise, resolve, reject };\n}\nfunction deepEquals(x, y) {\n if (x === void 0) {\n return y === void 0;\n } else if (x === null) {\n return y === null;\n } else if (y === null) {\n return x === null;\n } else if (isArray(x)) {\n if (!isArray(y) \|\| x.length !== y.length) {\n return false;\n }\n for (let i = 0; i < x.length; ++i) {\n if (!deepEquals(x[i], y[i])) {\n return false;\n }\n }\n return true;\n } else if (typeof x === \"object\") {\n if (typeof y !== \"object\") {\n return false;\n }\n const xkeys = Object.keys(x);\n const ykeys = Object.keys(y);\n if (xkeys.length !== ykeys.length) {\n return false;\n }\n for (let i = 0; i < xkeys.length; ++i) {\n const key = xkeys[i];\n if (!deepEquals(x[key], y[key])) {\n return false;\n }\n }\n return true;\n }\n return x === y;\n}\nfunction stableJSONStringify(node) {\n if (node && node.toJSON && typeof node.toJSON === \"function\") {\n node = node.toJSON();\n }\n if (node === void 0) {\n return;\n }\n if (typeof node === \"number\") {\n return isFinite(node) ? \"\" + node : \"null\";\n }\n if (typeof node !== \"object\") {\n return stringify(node);\n }\n let i;\n let out;\n if (isArray(node)) {\n out = \"[\";\n for (i = 0; i < node.length; i++) {\n if (i) {\n out += \",\";\n }\n out += stableJSONStringify(node[i]) \|\| \"null\";\n }\n return out + \"]\";\n }\n if (node === null) {\n return \"null\";\n }\n const objKeys = keys(node).sort();\n out = \"\";\n for (i = 0; i < objKeys.length; i++) {\n const key = objKeys[i];\n const value = stableJSONStringify(node[key]);\n if (!value) {\n continue;\n }\n if (out) {\n out += \",\";\n }\n out += stringify(key) + \":\" + value;\n }\n return \"{\" + out + \"}\";\n}\nfunction toError(x) {\n if (x instanceof Error) {\n return x;\n }\n return new Error(typeof x === \"string\" ? x : JSON.stringify(x));\n}\nfunction deepCopy(x) {\n const stringified = stringify(x);\n return stringified ? parse(stringified) : void 0;\n}\nfunction readableStreamToAsyncIterable(stream) {\n if (stream.locked) {\n return err(new Error(\"ReadableStream is already locked\"));\n }\n if (Symbol.asyncIterator in stream) {\n return ok(stream);\n }\n const reader = stream.getReader();\n return ok({\n [Symbol.asyncIterator]: () => ({\n next: async () => {\n try {\n const result = await reader.read();\n if (result.done) {\n try {\n reader.releaseLock();\n } catch {\n }\n return { done: true, value: void 0 };\n }\n return {\n done: false,\n value: result.value\n };\n } catch (e) {\n try {\n reader.releaseLock();\n } catch {\n }\n throw e;\n }\n },\n return: async (value) => {\n try {\n await reader.cancel();\n } catch {\n }\n try {\n reader.releaseLock();\n } catch {\n }\n return { done: true, value };\n },\n throw: async (exception) => {\n try {\n await reader.cancel();\n } catch {\n }\n try {\n reader.releaseLock();\n } catch {\n }\n throw exception;\n }\n })\n });\n}\nfunction satisfies(provided, requested) {\n const providedN = provided.split(\".\").map((s) => parseInt(s));\n const requestedN = requested.split(\".\").map((s) => parseInt(s));\n return providedN[0] === requestedN[0] && providedN[1] >= requestedN[1];\n}\nfunction stringIsVersion(s) {\n const versionParts = s.split(\".\");\n return (versionParts.length === 2 \|\| versionParts.length === 3) && versionParts.every((part) => part.match(/^\\d+$/));\n}\nvar HttpStatusCode = / @__PURE__ / ((HttpStatusCode2) => {\n HttpStatusCode2[HttpStatusCode2[\"Ok\"] = 200] = \"Ok\";\n HttpStatusCode2[HttpStatusCode2[\"Created\"] = 201] = \"Created\";\n HttpStatusCode2[HttpStatusCode2[\"NoContent\"] = 204] = \"NoContent\";\n HttpStatusCode2[HttpStatusCode2[\"NotModified\"] = 304] = \"NotModified\";\n HttpStatusCode2[HttpStatusCode2[\"BadRequest\"] = 400] = \"BadRequest\";\n HttpStatusCode2[HttpStatusCode2[\"Unauthorized\"] = 401] = \"Unauthorized\";\n HttpStatusCode2[HttpStatusCode2[\"Forbidden\"] = 403] = \"Forbidden\";\n HttpStatusCode2[HttpStatusCode2[\"NotFound\"] = 404] = \"NotFound\";\n HttpStatusCode2[HttpStatusCode2[\"ServerError\"] = 500] = \"ServerError\";\n HttpStatusCode2[HttpStatusCode2[\"GatewayTimeout\"] = 504] = \"GatewayTimeout\";\n return HttpStatusCode2;\n})(HttpStatusCode \|\| {});\nfunction getFetchResponseFromAuraError(err2) {\n if (err2.data !== void 0 && err2.data.statusCode !== void 0) {\n let data = {};\n data = err2.data;\n if (err2.id !== void 0) {\n data.id = err2.id;\n }\n return new FetchResponse(data.statusCode, data);\n }\n return new FetchResponse(500, {\n error: err2.message\n });\n}\nasync function coerceResponseToFetchResponse(response) {\n const { status } = response;\n const responseHeaders = {};\n response.headers.forEach((value, key) => {\n responseHeaders[key] = value;\n });\n let responseBody = null;\n if (status !== 204) {\n const contentType = responseHeaders[\"content-type\"];\n responseBody = contentType && contentType.startsWith(\"application/json\") ? await response.json() : await response.text();\n }\n return new FetchResponse(status, responseBody, responseHeaders);\n}\nfunction getStatusText(status) {\n switch (status) {\n case 200:\n return \"OK\";\n case 201:\n return \"Created\";\n case 304:\n return \"Not Modified\";\n case 400:\n return \"Bad Request\";\n case 404:\n return \"Not Found\";\n case 500:\n return \"Server Error\";\n default:\n return `Unexpected HTTP Status Code: ${status}`;\n }\n}\nclass FetchResponse extends Error {\n constructor(status, body, headers) {\n super();\n this.status = status;\n this.body = body;\n this.headers = headers \|\| {};\n this.ok = status >= 200 && this.status <= 299;\n this.statusText = getStatusText(status);\n }\n}\nconst deeplyFrozen = new WeakSetConstructor();\nfunction deepFreeze(value) {\n if (typeof value !== \"object\" \|\| value === null \|\| deeplyFrozen.has(value)) {\n return;\n }\n deeplyFrozen.add(value);\n if (isArray(value)) {\n for (let i = 0, len = value.length; i < len; i += 1) {\n deepFreeze(value[i]);\n }\n } else {\n const keys$1 = keys(value);\n for (let i = 0, len = keys$1.length; i < len; i += 1) {\n deepFreeze(value[keys$1[i]]);\n }\n }\n freeze(value);\n}\nfunction isScalar(value) {\n return typeof value === \"string\" \|\| typeof value === \"number\" \|\| typeof value === \"boolean\" \|\| value === null \|\| value === void 0;\n}\nfunction isScalarObject(value) {\n return Object.values(value).every((value2) => isScalar(value2));\n}\nfunction isScalarArray(value) {\n return value.every((item) => isScalar(item));\n}\nfunction encodeQueryParam(paramName, value, explode) {\n switch (typeof value) {\n case \"string\":\n return [`${paramName}=${encodeURIComponent(value)}`];\n case \"number\":\n case \"boolean\":\n return [`${paramName}=${value}`];\n case \"object\":\n if (value === null) {\n return [];\n }\n if (isArray(value)) {\n if (!isScalarArray(value)) {\n throw new Error(`Unsupported non-scalar array type for ${paramName}`);\n }\n if (explode) {\n return value.map(\n (item) => `${paramName}=${item ? encodeURIComponent(item) : item}`\n );\n }\n return [\n `${paramName}=${value.map((item) => item ? encodeURIComponent(item) : item).join(\",\")}`\n ];\n }\n if (!isScalarObject(value)) {\n throw new Error(`Unsupported non-scalar object type for ${paramName}`);\n }\n if (explode) {\n return entries(value).map(\n ([key, value2]) => `${key}=${value2 ? encodeURIComponent(value2) : value2}`\n );\n }\n return [\n `${paramName}=${entries(value).flat().map((item) => item ? encodeURIComponent(item) : item).join(\",\")}`\n ];\n default:\n return [];\n }\n}\nclass InternalError extends Error {\n constructor(data) {\n super();\n this.data = data;\n this.type = \"internal\";\n }\n}\nclass UserVisibleError extends Error {\n constructor(data) {\n super();\n this.data = data;\n this.type = \"user-visible\";\n }\n}\nfunction isUserVisibleError(error) {\n return error instanceof Error && \"type\" in error && error.type === \"user-visible\";\n}\nfunction logError(error) {\n if (isUserVisibleError(error)) {\n return;\n }\n console.error(\"OneStore Command threw an error that we did not expect\", error);\n}\nfunction applyDecorators(baseCommand, decorators, options) {\n if (!decorators \|\| decorators.length === 0) {\n return baseCommand;\n }\n return decorators.reduce((command, decorator) => decorator(command, options), baseCommand);\n}\nexport {\n isArray as ArrayIsArray,\n indexOf as ArrayPrototypeIndexOf,\n push as ArrayPrototypePush,\n slice as ArrayPrototypeSlice,\n ConsoleLogger,\n DataIncompleteError,\n DataNotFoundError,\n DefaultFileParserLogger,\n Err,\n FetchResponse,\n HttpStatusCode,\n InternalError,\n parse as JSONParse,\n stringify as JSONStringify,\n LogLevelMap,\n create as ObjectCreate,\n entries as ObjectEntries,\n freeze as ObjectFreeze,\n keys as ObjectKeys,\n hasOwnProperty as ObjectPrototypeHasOwnProperty,\n Ok,\n UserVisibleError,\n WeakSetConstructor,\n addAllToSet,\n applyDecorators,\n bfs,\n buildSubscribableResult,\n coerceResponseToFetchResponse,\n deepCopy,\n deepEquals,\n deepFreeze,\n encodeQueryParam,\n err,\n getFetchResponseFromAuraError,\n includes,\n isCacheHitOrError,\n isCacheMiss,\n isDataIncompleteError,\n isDataNotFoundError,\n isPromiseLike,\n isResult,\n isSubscribable,\n isSubscribableResult,\n isUserVisibleError,\n lineFormatter,\n logError,\n loggerService,\n ok,\n racesync,\n readableStreamToAsyncIterable,\n rejectedPromiseLike,\n resolvedPromiseLike,\n satisfies,\n setDifference,\n setOverlaps,\n stableJSONStringify,\n stringIsVersion,\n toError,\n toTypeScriptSafeIdentifier,\n withResolvers\n};\n//# sourceMappingURL=index.js.map\n","/!\n * Copyright (c) 2022, Salesforce, Inc.,\n * All rights reserved.\n * For full license text, see the LICENSE.txt file\n /\nimport { resolvedPromiseLike } from \"@conduit-client/utils\";\nfunction buildServiceDescriptor(interceptors = { request: [], response: [], finally: [] }, retryService) {\n return {\n type: \"fetch\",\n version: \"1.0\",\n service: function(...args) {\n var _a;\n const context = (_a = interceptors.createContext) == null ? void 0 : _a.call(interceptors);\n const {\n request: requestInterceptors = [],\n response: responseInterceptors = [],\n finally: finallyInterceptors = []\n } = interceptors;\n const pending = requestInterceptors.reduce(\n (previousPromise, interceptor) => previousPromise.then((args2) => interceptor(args2, context)),\n resolvedPromiseLike(args)\n );\n return Promise.resolve(pending).then((args2) => {\n if (retryService) {\n return retryService.applyRetry(() => fetch(...args2));\n }\n return fetch(...args2);\n }).then((response) => {\n return responseInterceptors.reduce(\n (previousPromise, interceptor) => previousPromise.then((response2) => interceptor(response2, context)),\n resolvedPromiseLike(response)\n );\n }).finally(() => {\n if (finallyInterceptors.length > 0) {\n return finallyInterceptors.reduce(\n (previousPromise, interceptor) => previousPromise.then(() => interceptor(context)),\n Promise.resolve()\n );\n }\n });\n }\n };\n}\nfunction setHeader(headerName, headerValue, [resource, options = {}], {\n throwOnExisting = false,\n errorMessage = `Unexpected ${headerName} header encountered`\n} = {}) {\n let hasHeaderBeenSet = false;\n if (resource instanceof Request && !(options == null ? void 0 : options.headers)) {\n if (throwOnExisting && resource.headers.has(headerName)) {\n throw new Error(errorMessage);\n }\n resource.headers.set(headerName, headerValue);\n hasHeaderBeenSet = true;\n }\n if ((options == null ? void 0 : options.headers) instanceof Headers) {\n if (throwOnExisting && options.headers.has(headerName)) {\n throw new Error(errorMessage);\n }\n options.headers.set(headerName, headerValue);\n } else {\n if (throwOnExisting && (options == null ? void 0 : options.headers) && Reflect.has(options.headers, headerName)) {\n throw new Error(errorMessage);\n }\n if (!hasHeaderBeenSet) {\n options.headers = {\n ...options == null ? void 0 : options.headers,\n [headerName]: headerValue\n };\n }\n }\n return [resource, options];\n}\nconst UNEXPECTED_AUTHORIZATION_HEADER_MESSAGE = \"Unexpected Authorization header encountered. To specify a custom Authorization header, use a Fetch service that is not configured with JwtRequestHeaderInterceptor\";\nfunction setHeaderAuthorization({ token }, fetchParams) {\n const authorizationValue = `Bearer ${token}`;\n return setHeader(\"Authorization\", authorizationValue, fetchParams, {\n throwOnExisting: true,\n errorMessage: UNEXPECTED_AUTHORIZATION_HEADER_MESSAGE\n });\n}\nfunction buildJwtRequestHeaderInterceptor(jwtManager, jwtRequestModifier = (_e, fetchArgs) => fetchArgs) {\n return (args) => {\n return resolvedPromiseLike(jwtManager.getJwt()).then((token) => {\n const fetchArgsWithRequestHeaderAuthorization = setHeaderAuthorization(token, args);\n return token.extraInfo ? jwtRequestModifier(token.extraInfo, fetchArgsWithRequestHeaderAuthorization) : fetchArgsWithRequestHeaderAuthorization;\n });\n };\n}\nclass AbortError extends Error {\n constructor(message = \"This operation was aborted\") {\n super(message);\n this.name = \"AbortError\";\n }\n}\nfunction buildMockFetchService(initialResponses = []) {\n let responses = [...initialResponses];\n const networkAdapter = (...args) => {\n var _a;\n const [url, fetchOptions = {}] = args;\n networkAdapter.requests.push(args);\n if ((_a = fetchOptions.signal) == null ? void 0 : _a.aborted) {\n return Promise.reject(new AbortError());\n }\n const result = responses.shift();\n if (result === void 0) {\n throw new Error(\"No more mock responses queued\");\n }\n networkAdapter.availableResponses = responses.length;\n networkAdapter.responsesUsed++;\n if (result instanceof Error) {\n return Promise.reject(result);\n }\n const delay = result.delay \|\| 0;\n return new Promise((resolve, reject) => {\n let abortHandler = null;\n if (fetchOptions.signal) {\n abortHandler = () => {\n reject(new AbortError());\n };\n fetchOptions.signal.addEventListener(\"abort\", abortHandler);\n }\n const completeRequest = () => {\n var _a2;\n if (abortHandler && fetchOptions.signal) {\n fetchOptions.signal.removeEventListener(\"abort\", abortHandler);\n }\n if ((_a2 = fetchOptions.signal) == null ? void 0 : _a2.aborted) {\n reject(new AbortError());\n return;\n }\n resolve({\n ok: result.ok !== void 0 ? result.ok : true,\n statusText: result.statusText !== void 0 ? result.statusText : \"ok\",\n status: result.status !== void 0 ? result.status : 200,\n json: () => Promise.resolve(result.body)\n });\n };\n if (delay > 0) {\n setTimeout(completeRequest, delay);\n } else {\n setTimeout(completeRequest, 0);\n }\n });\n };\n networkAdapter.requests = [];\n networkAdapter.availableResponses = responses.length;\n networkAdapter.queueResponses = (newResponses) => {\n responses = responses.concat(newResponses);\n networkAdapter.availableResponses = responses.length;\n };\n networkAdapter.fetch = (args) => networkAdapter(args);\n networkAdapter.reset = () => {\n networkAdapter.requests = [];\n responses = [];\n networkAdapter.availableResponses = 0;\n networkAdapter.responsesUsed = 0;\n };\n networkAdapter.responsesUsed = 0;\n return {\n type: \"fetch\",\n version: \"1.0\",\n service: networkAdapter\n };\n}\nexport {\n buildJwtRequestHeaderInterceptor,\n buildMockFetchService,\n buildServiceDescriptor,\n setHeader,\n setHeaderAuthorization\n};\n//# sourceMappingURL=index.js.map\n","import { buildServiceDescriptor, Interceptors } from '@conduit-client/service-fetch-network/v1';\n\n// current version of the cache for token storage\nconst CACHE_VERSION = 1;\n// name of the cache used to store CSRF tokens\nconst CACHE_NAME = `salesforce-lightning-service-worker-${CACHE_VERSION}`;\n// header name\nconst CSRF_HEADER = 'X-CSRF-Token';\n\nexport const API_PATH_PREFIX = '/services/data/v';\n\n/\n Provides a safe way to interact with the Cache API with fallback for unsupported environments.\n \n @param callback - Function that receives the cache instance and returns a promise\n * @returns The result of the callback, or undefined if caches API is not available\n /\nasync function withCache<T>(callback: (cache: Cache) => Promise<T>): Promise<T \| undefined> {\n // Defend against the cache API not being available (e.g., in some test environments)\n if (caches) {\n const cache = await caches.open(CACHE_NAME);\n return callback(cache);\n } else {\n return undefined;\n }\n}\n\n/\n Determines if an HTTP method is one that mutates data and requires CSRF protection.\n \n @param method - The HTTP method to check\n * @returns true if the method requires CSRF protection (POST, PUT, PATCH, DELETE)\n /\nfunction isProtectedMethod(method: string) {\n const normalizedMethod = method.toLowerCase();\n return (\n normalizedMethod === 'post' \|\|\n normalizedMethod === 'put' \|\|\n normalizedMethod === 'patch' \|\|\n normalizedMethod === 'delete'\n );\n}\n\n/\n Determines if the URL is for a path that requires CSRF protection.\n * Currently protects all Salesforce API endpoints under '/services'.\n \n @param urlString - The full URL to check\n * @returns true if the URL requires CSRF protection\n * @note This could be made configurable in the future to support custom protected paths\n /\nfunction isProtectedUrl(urlString: string) {\n const url = new URL(urlString);\n // Agentforce Vibes IDE has the form `absproxy/PORT/services/data/...`\n return url.pathname.includes(API_PATH_PREFIX);\n}\n\n/\n Checks if a response indicates that the CSRF token is invalid.\n * Salesforce returns a 400 status with a specific error code when tokens are invalid.\n \n @param response - The HTTP response to check\n * @returns true if the response indicates an invalid CSRF token\n /\nasync function isTokenInvalid(response: Response) {\n if (response.status === 400) {\n // clone response to read body without consuming the original stream\n const body = await response.clone().json();\n\n // check for Salesforce's specific invalid token error code\n return body[0]?.errorCode === 'INVALID_ACCESS_TOKEN';\n }\n\n return false;\n}\n\n/\n Configuration options for the Lightning fetch creation.\n /\nexport interface LightningFetchConfig {\n interceptors?: Interceptors<void>;\n\n /\n Optional source for CSRF tokens. Can be:\n * - string: URL path to token endpoint (e.g., '/custom/csrf-endpoint')\n * - URL: Full URL object for token endpoint\n * - function: Custom async function that returns a token string\n \n As a string or URL, default fetching and caching (if Cache API is\n * available) will be used to obtain tokens\n /\n csrfTokenSource?: string \| URL \| (() => Promise<string>);\n\n /\n Optional callback for firing events related to fetch operations.\n * Can be used for instrumentation, logging, and monitoring.\n /\n fireEvent?: (eventName: string, id: string, data?: unknown) => void;\n}\n\n/\n Creates an enhanced fetch function with automatic CSRF token handling.\n * The returned function automatically adds CSRF tokens to protected requests\n * and handles token refresh when tokens become invalid.\n \n @param config - Optional configuration object\n * @returns An enhanced fetch function that handles CSRF protection\n /\nexport function createLightningFetch(config: LightningFetchConfig = {}): typeof fetch {\n const { fireEvent = () => {}, csrfTokenSource, interceptors } = config;\n const { service: fetchService } = buildServiceDescriptor(interceptors);\n\n // default url and provider\n let tokenUrl: string \| URL = `${API_PATH_PREFIX}65.0/ui-api/session/csrf`;\n let tokenProvider = obtainToken;\n\n if (csrfTokenSource) {\n if (typeof csrfTokenSource === 'string' \|\| csrfTokenSource instanceof URL) {\n // use supplied URL with built-in provider\n tokenUrl = csrfTokenSource;\n } else if (typeof csrfTokenSource === 'function') {\n // use external provider\n tokenProvider = csrfTokenSource;\n }\n }\n\n /\n Creates a unique identifier to correlate a series of related events.\n /\n function generateId() {\n return Date.now().toString(36);\n }\n\n /\n Obtains a CSRF token, using cache when available or fetching a new one.\n \n @returns Promise that resolves to the CSRF token string\n /\n async function obtainToken(): Promise<string> {\n const id = generateId();\n fireEvent('csrf_token_obtain_start', id);\n\n // try to get cached token response first\n let response = await withCache((cache) => cache.match(tokenUrl));\n\n if (!response) {\n // no cached response available, fetch a new token\n fireEvent('csrf_token_fetch_start', id);\n response = await fetchService(tokenUrl, { method: 'get' });\n fireEvent('csrf_token_fetch_complete', id, { status: response.status });\n } else {\n fireEvent('csrf_token_cache_hit', id);\n }\n\n // extract token from response (clone to avoid consuming original stream)\n const csrfToken: string = (await response.clone().json()).csrfToken;\n\n // cache the response for future use\n await withCache((cache) => cache.put(tokenUrl, response));\n\n fireEvent('csrf_token_obtain_complete', id);\n return csrfToken;\n }\n\n let tokenPromise = tokenProvider();\n\n /\n Clears any cached token and initiates retrieval of a fresh one.\n * Used when the current token becomes invalid.\n /\n async function refreshToken() {\n const id = generateId();\n fireEvent('csrf_token_refresh_start', id);\n\n // remove the invalid token from cache\n await withCache((cache) => cache.delete(tokenUrl));\n\n // start obtaining a new token\n tokenPromise = tokenProvider();\n\n fireEvent('csrf_token_refresh_complete', id);\n }\n\n /\n Makes a request with the CSRF token header added.\n \n @param request - The original request to enhance with CSRF token\n * @returns Promise that resolves to the response\n /\n async function fetchWithToken(request: Request) {\n // clone original headers\n const headers = new Headers(request.headers);\n\n // either use provided token or add one that's been loaded\n if (!headers.has(CSRF_HEADER)) {\n headers.set(CSRF_HEADER, await tokenPromise!);\n }\n\n // execute request with CSRF token header\n return fetchService(request, { headers });\n }\n\n /\n Enhanced fetch function that applies CSRF token protection to qualifying requests.\n * Automatically adds CSRF tokens to data-mutating requests to protected URLs,\n * with automatic token refresh when tokens become invalid.\n \n @param input - The request input (URL, Request, etc.)\n * @param init - Optional request initialization options\n * @returns Promise that resolves to the response\n /\n return async function lightningFetch(\n input: RequestInfo \| URL,\n init?: RequestInit\n ): Promise<Response> {\n const id = generateId();\n const request = new Request(input, init);\n\n // check if this request requires CSRF protection (mutating method + protected URL)\n if (isProtectedMethod(request.method) && isProtectedUrl(request.url)) {\n fireEvent('protected_request_start', id, { method: request.method, url: request.url });\n\n // make request with CSRF token (clone to allow retry with fresh request)\n const response = await fetchWithToken(request.clone());\n\n // check if the token was rejected\n if (await isTokenInvalid(response)) {\n fireEvent('csrf_token_invalid', id, { status: response.status });\n\n // token is invalid, refresh and retry once\n await refreshToken();\n const retryResponse = await fetchWithToken(request.clone());\n\n fireEvent('protected_request_complete', id, {\n method: request.method,\n url: request.url,\n status: retryResponse.status,\n retried: true,\n });\n\n return retryResponse;\n } else {\n fireEvent('protected_request_complete', id, {\n method: request.method,\n url: request.url,\n status: response.status,\n retried: false,\n });\n\n // token was valid, return the response\n return response;\n }\n } else {\n fireEvent('unprotected_request', id, { method: request.method, url: request.url });\n\n // no CSRF protection required, use standard fetch\n return fetchService(request);\n }\n };\n}\n","import { API_PATH_PREFIX, createLightningFetch } from './fetch';\n\n/\n Type alias for the native fetch function\n /\ntype Fetch = typeof fetch;\n\ntype QueuedRequest = {\n input: string \| URL \| Request;\n init?: RequestInit;\n resolve: (response: Response \| PromiseLike<Response>) => void;\n};\n\n/\n The fetch function used by the client. Defaults to enhanced fetch for CSRF protection.\n * Will be switched to native fetch when CSRF-based service worker is successfully registered.\n /\nlet clientFetch: Fetch = createLightningFetch();\n\n/\n When a service worker is to be used, we need to hold off on all fetches until the worker is\n * loaded. That way the logic provided by the worker is applied.\n /\nlet serviceWorkerLoading = false;\nlet pendingRequests: QueuedRequest[] = [];\n\n/\n A client for making HTTP requests with CSRF protection. By default, protection is provided by\n * wrapping the native `fetch` API with functionality that will apply a CSRF token to appropriate\n * requests. This includes functionality to detect expired tokens, triggering a token refresh and\n * retry of the request.\n \n Optionally, CSRF protection can be offloaded to a service worker by making the appropriate calls\n * to `registerServiceWorker` and `defineServiceWorker`\n /\nexport class ConduitClient {\n private constructor() {}\n\n /\n Makes an HTTP request\n \n @param input - The URL, Request object, or relative path to request\n * @param init - Optional request configuration that will be merged with defaults\n * @returns Promise that resolves to the Response object\n /\n fetch(input: string \| URL \| Request, init: RequestInit = {}): Promise<Response> {\n // queue any fetches until service worker is loaded\n if (serviceWorkerLoading) {\n return new Promise<Response>((resolve) => {\n pendingRequests.push({ input, init, resolve });\n });\n }\n\n return clientFetch(input, init);\n }\n\n /\n Factory method to create a new ConduitClient instance\n \n @returns A new ConduitClient instance\n /\n static create() {\n return new ConduitClient();\n }\n\n /\n Registers a service worker for enhanced CSRF protection and caching.\n * When successfully registered, the client will switch to using native fetch\n * as the service worker will handle CSRF protection.\n \n The script URL must identify a source file that calls `defineServiceWorker`.\n \n @param scriptURL - URL or path to the service worker script\n /\n static async registerServiceWorker(scriptURL: string \| URL) {\n // check if service workers are supported in this environment\n if ('serviceWorker' in navigator) {\n try {\n serviceWorkerLoading = true;\n\n // register service worker URL\n const registration = await navigator.serviceWorker.register(scriptURL, {\n type: 'module',\n });\n\n // update client as needed based on scope\n const scopePath = getScopePath(registration);\n if (scopePath !== '/') {\n // fetch using a synthetic API url under same path/scope as service worker so that it takes affect\n clientFetch = (input: RequestInfo \| URL, init?: RequestInit) => {\n return fetch(prependScope(scopePath, input), init);\n };\n } else {\n // no need to for a synthetic API url\n clientFetch = fetch;\n }\n\n console.log('[Conduit Client] Service registration succeeded:', registration);\n } catch (error) {\n console.log(\n '[Conduit Client] Service Worker registration failed (using decorated `fetch`):',\n error\n );\n } finally {\n // with client finalized, process all queued requests\n processQueuedRequests();\n }\n } else {\n console.log('[Conduit Client] Service Worker not supported (using decorated `fetch`):');\n }\n }\n\n /\n Defines the service worker behavior for CSRF protection.\n \n This method must be called within a service worker script whose URL is supplied to\n * `registerServiceWorker`\n /\n static defineServiceWorker() {\n const scope = self as any as ServiceWorkerGlobalScope;\n const scopePath = getScopePath(scope.registration);\n\n // create fetch service that will strip any scope from requests to get actual API path\n const fetchService = createLightningFetch({\n // potential optimization: only register interceptor if there is a scope\n interceptors: { request: [stripScope(scopePath)] },\n });\n\n // handle service worker installation\n scope.addEventListener('install', (event) => {\n // skip waiting phase to activate immediately\n event.waitUntil(scope.skipWaiting());\n });\n\n // handle service worker activation\n scope.addEventListener('activate', (event) => {\n // take control of all clients immediately\n event.waitUntil(scope.clients.claim());\n });\n\n // intercept all fetch requests and apply CSRF protection\n scope.addEventListener('fetch', (event) => {\n // use enhanced fetch to automatically handle CSRF tokens for protected requests\n event.respondWith(fetchService(event.request));\n });\n }\n}\n\n/\n Complete the queued requests\n /\nfunction processQueuedRequests() {\n // stop queuing\n serviceWorkerLoading = false;\n\n // complete requests\n pendingRequests.forEach(({ input, init, resolve }) => {\n resolve(clientFetch(input, init));\n });\n pendingRequests = [];\n}\n\n/\n Returns the scope for a service worker registration.\n \n @param registration\n /\nfunction getScopePath(registration: ServiceWorkerRegistration) {\n const swUrl = new URL(registration.scope);\n const folderUrl = new URL('.', swUrl);\n return folderUrl.pathname;\n}\n\n/\n Appends a base URL to the input if the input is a relative URL starting with /services/data/v.\n \n @param base - The base URL to prepend\n * @param input - The request input that may need the base prepended\n * @returns The modified input with base prepended if needed\n /\nfunction prependScope(base: string \| URL \| undefined, input: RequestInfo \| URL): RequestInfo \| URL {\n if (!base) {\n return input;\n }\n\n const addBaseToString = (path: string) => {\n const baseUrl = typeof base === 'string' ? base : base.toString();\n return baseUrl.endsWith('/') ? baseUrl + path.slice(1) : baseUrl + path;\n };\n\n const addBaseToUrl = (url: URL) => {\n const path = url.pathname;\n const pathStart = path.indexOf(API_PATH_PREFIX);\n const trimmedPath = path.slice(pathStart);\n const newPath = addBaseToString(trimmedPath);\n return new URL(newPath, url);\n };\n\n if (typeof input === 'string') {\n if (input.startsWith(API_PATH_PREFIX)) {\n return addBaseToString(input);\n }\n } else if (input instanceof URL) {\n const path = input.pathname;\n if (path.includes(API_PATH_PREFIX)) {\n return addBaseToUrl(input);\n }\n } else if (input instanceof Request) {\n const url = new URL(input.url);\n const path = url.pathname;\n if (path.includes(API_PATH_PREFIX)) {\n const newUrl = addBaseToUrl(url);\n return new Request(newUrl, input);\n }\n }\n\n return input;\n}\n\n/\n Creates an interceptor that strips the API path base from request URLs.\n * This is used in service workers to normalize URLs before processing.\n \n @param apiPathBase - The base URL to strip from requests\n * @returns A request interceptor function\n */\nfunction stripScope(apiPathBase: string \| URL \| undefined) {\n return (fetchArgs: Parameters<typeof fetch>): Promise<Parameters<typeof fetch>> => {\n if (!apiPathBase) {\n return Promise.resolve(fetchArgs);\n }\n\n const [input, init] = fetchArgs;\n const baseUrl = typeof apiPathBase === 'string' ? apiPathBase : apiPathBase.toString();\n\n // Handle different input types\n if (typeof input === 'string') {\n if (input.startsWith(baseUrl)) {\n const pathStart = input.indexOf(API_PATH_PREFIX);\n if (pathStart !== -1) {\n const apiPath = input.slice(pathStart);\n return Promise.resolve([apiPath, init]);\n }\n }\n } else if (input instanceof URL) {\n const path = input.pathname;\n if (path.startsWith(baseUrl)) {\n const pathStart = path.indexOf(API_PATH_PREFIX);\n if (pathStart !== -1) {\n const apiPath = path.slice(pathStart);\n return Promise.resolve([new URL(apiPath, input), init]);\n }\n }\n } else if (input instanceof Request) {\n const url = new URL(input.url);\n const path = url.pathname;\n if (path.startsWith(baseUrl)) {\n const pathStart = path.indexOf(API_PATH_PREFIX);\n if (pathStart !== -1) {\n const apiPath = path.slice(pathStart);\n return Promise.resolve([new Request(new URL(apiPath, url), input), init]);\n }\n }\n }\n\n return Promise.resolve(fetchArgs);\n };\n}\n"],"names":[],"mappings":";;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAsNA,SAAS,oBAAoB,QAAQ;AACnC,MAAI,cAAc,MAAM,GAAG;AACzB,WAAO,OAAO,KAAK,CAAC,eAAe,UAAU;AAAA,EAC/C;AACA,SAAO;AAAA,IACL,MAAM,CAAC,aAAa,gBAAgB;AAClC,UAAI;AACF,eAAO,oBAAoB,YAAY,MAAM,CAAC;AAAA,MAChD,SAAS,GAAG;AACV,YAAI,gBAAgB,QAAQ;AAC1B,iBAAO,oBAAoB,MAAM;AAAA,QACnC;AACA,eAAO,oBAAoB,CAAC;AAAA,MAC9B;AAAA,IACF;AAAA,EACJ;AACA;AACA,SAAS,oBAAoB,QAAQ;AACnC,MAAI,cAAc,MAAM,GAAG;AACzB,WAAO,OAAO,KAAK,CAAC,eAAe,UAAU;AAAA,EAC/C;AACA,SAAO;AAAA,IACL,MAAM,CAAC,cAAc,eAAe;AAClC,UAAI,OAAO,eAAe,YAAY;AACpC,YAAI;AACF,iBAAO,oBAAoB,WAAW,MAAM,CAAC;AAAA,QAC/C,SAAS,GAAG;AACV,iBAAO,oBAAoB,CAAC;AAAA,QAC9B;AAAA,MACF;AACA,aAAO,oBAAoB,MAAM;AAAA,IACnC;AAAA,EACJ;AACA;AACA,SAAS,cAAc,GAAG;AACxB,SAAO,QAAQ,KAAK,OAAO,SAAS,EAAE,UAAU;AAClD;AC1PA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,uBAAuB,eAAe,EAAE,SAAS,CAAA,GAAI,UAAU,CAAA,GAAI,SAAS,GAAE,GAAI,cAAc;AACvG,SAAO;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT,SAAS,YAAY,MAAM;AACzB,UAAI;AACJ,YAAM,WAAW,KAAK,aAAa,kBAAkB,OAAO,SAAS,GAAG,KAAK,YAAY;AACzF,YAAM;AAAA,QACJ,SAAS,sBAAsB,CAAA;AAAA,QAC/B,UAAU,uBAAuB,CAAA;AAAA,QACjC,SAAS,sBAAsB,CAAA;AAAA,MACvC,IAAU;AACJ,YAAM,UAAU,oBAAoB;AAAA,QAClC,CAAC,iBAAiB,gBAAgB,gBAAgB,KAAK,CAAC,UAAU,YAAY,OAAO,OAAO,CAAC;AAAA,QAC7F,oBAAoB,IAAI;AAAA,MAChC;AACM,aAAO,QAAQ,QAAQ,OAAO,EAAE,KAAK,CAAC,UAAU;AAI9C,eAAO,MAAM,GAAG,KAAK;AAAA,MACvB,CAAC,EAAE,KAAK,CAAC,aAAa;AACpB,eAAO,qBAAqB;AAAA,UAC1B,CAAC,iBAAiB,gBAAgB,gBAAgB,KAAK,CAAC,cAAc,YAAY,WAAW,OAAO,CAAC;AAAA,UACrG,oBAAoB,QAAQ;AAAA,QACtC;AAAA,MACM,CAAC,EAAE,QAAQ,MAAM;AACf,YAAI,oBAAoB,SAAS,GAAG;AAClC,iBAAO,oBAAoB;AAAA,YACzB,CAAC,iBAAiB,gBAAgB,gBAAgB,KAAK,MAAM,YAAY,OAAO,CAAC;AAAA,YACjF,QAAQ,QAAO;AAAA,UAC3B;AAAA,QACQ;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACJ;AACA;ACvCA,MAAM,gBAAgB;AAEtB,MAAM,aAAa,uCAAuC,aAAa;AAEvE,MAAM,cAAc;AAEb,MAAM,kBAAkB;AAQ/B,eAAe,UAAa,UAAgE;AAExF,MAAI,QAAQ;AACR,UAAM,QAAQ,MAAM,OAAO,KAAK,UAAU;AAC1C,WAAO,SAAS,KAAK;AAAA,EACzB,OAAO;AACH,WAAO;AAAA,EACX;AACJ;AAQA,SAAS,kBAAkB,QAAgB;AACvC,QAAM,mBAAmB,OAAO,YAAA;AAChC,SACI,qBAAqB,UACrB,qBAAqB,SACrB,qBAAqB,WACrB,qBAAqB;AAE7B;AAUA,SAAS,eAAe,WAAmB;AACvC,QAAM,MAAM,IAAI,IAAI,SAAS;AAE7B,SAAO,IAAI,SAAS,SAAS,eAAe;AAChD;AASA,eAAe,eAAe,UAAoB;;AAC9C,MAAI,SAAS,WAAW,KAAK;AAEzB,UAAM,OAAO,MAAM,SAAS,MAAA,EAAQ,KAAA;AAGpC,aAAO,UAAK,CAAC,MAAN,mBAAS,eAAc;AAAA,EAClC;AAEA,SAAO;AACX;AAkCO,SAAS,qBAAqB,SAA+B,IAAkB;AAClF,QAAM,EAAE,YAAY,MAAM;AAAA,EAAC,GAAG,iBAAiB,aAAA,IAAiB;AAChE,QAAM,EAAE,SAAS,iBAAiB,uBAAuB,YAAY;AAGrE,MAAI,WAAyB,GAAG,eAAe;AAC/C,MAAI,gBAAgB;AAEpB,MAAI,iBAAiB;AACjB,QAAI,OAAO,oBAAoB,YAAY,2BAA2B,KAAK;AAEvE,iBAAW;AAAA,IACf,WAAW,OAAO,oBAAoB,YAAY;AAE9C,sBAAgB;AAAA,IACpB;AAAA,EACJ;AAKA,WAAS,aAAa;AAClB,WAAO,KAAK,MAAM,SAAS,EAAE;AAAA,EACjC;AAOA,iBAAe,cAA+B;AAC1C,UAAM,KAAK,WAAA;AACX,cAAU,2BAA2B,EAAE;AAGvC,QAAI,WAAW,MAAM,UAAU,CAAC,UAAU,MAAM,MAAM,QAAQ,CAAC;AAE/D,QAAI,CAAC,UAAU;AAEX,gBAAU,0BAA0B,EAAE;AACtC,iBAAW,MAAM,aAAa,UAAU,EAAE,QAAQ,OAAO;AACzD,gBAAU,6BAA6B,IAAI,EAAE,QAAQ,SAAS,QAAQ;AAAA,IAC1E,OAAO;AACH,gBAAU,wBAAwB,EAAE;AAAA,IACxC;AAGA,UAAM,aAAqB,MAAM,SAAS,MAAA,EAAQ,QAAQ;AAG1D,UAAM,UAAU,CAAC,UAAU,MAAM,IAAI,UAAU,QAAQ,CAAC;AAExD,cAAU,8BAA8B,EAAE;AAC1C,WAAO;AAAA,EACX;AAEA,MAAI,eAAe,cAAA;AAMnB,iBAAe,eAAe;AAC1B,UAAM,KAAK,WAAA;AACX,cAAU,4BAA4B,EAAE;AAGxC,UAAM,UAAU,CAAC,UAAU,MAAM,OAAO,QAAQ,CAAC;AAGjD,mBAAe,cAAA;AAEf,cAAU,+BAA+B,EAAE;AAAA,EAC/C;AAQA,iBAAe,eAAe,SAAkB;AAE5C,UAAM,UAAU,IAAI,QAAQ,QAAQ,OAAO;AAG3C,QAAI,CAAC,QAAQ,IAAI,WAAW,GAAG;AAC3B,cAAQ,IAAI,aAAa,MAAM,YAAa;AAAA,IAChD;AAGA,WAAO,aAAa,SAAS,EAAE,SAAS;AAAA,EAC5C;AAWA,SAAO,eAAe,eAClB,OACA,MACiB;AACjB,UAAM,KAAK,WAAA;AACX,UAAM,UAAU,IAAI,QAAQ,OAAO,IAAI;AAGvC,QAAI,kBAAkB,QAAQ,MAAM,KAAK,eAAe,QAAQ,GAAG,GAAG;AAClE,gBAAU,2BAA2B,IAAI,EAAE,QAAQ,QAAQ,QAAQ,KAAK,QAAQ,KAAK;AAGrF,YAAM,WAAW,MAAM,eAAe,QAAQ,OAAO;AAGrD,UAAI,MAAM,eAAe,QAAQ,GAAG;AAChC,kBAAU,sBAAsB,IAAI,EAAE,QAAQ,SAAS,QAAQ;AAG/D,cAAM,aAAA;AACN,cAAM,gBAAgB,MAAM,eAAe,QAAQ,OAAO;AAE1D,kBAAU,8BAA8B,IAAI;AAAA,UACxC,QAAQ,QAAQ;AAAA,UAChB,KAAK,QAAQ;AAAA,UACb,QAAQ,cAAc;AAAA,UACtB,SAAS;AAAA,QAAA,CACZ;AAED,eAAO;AAAA,MACX,OAAO;AACH,kBAAU,8BAA8B,IAAI;AAAA,UACxC,QAAQ,QAAQ;AAAA,UAChB,KAAK,QAAQ;AAAA,UACb,QAAQ,SAAS;AAAA,UACjB,SAAS;AAAA,QAAA,CACZ;AAGD,eAAO;AAAA,MACX;AAAA,IACJ,OAAO;AACH,gBAAU,uBAAuB,IAAI,EAAE,QAAQ,QAAQ,QAAQ,KAAK,QAAQ,KAAK;AAGjF,aAAO,aAAa,OAAO;AAAA,IAC/B;AAAA,EACJ;AACJ;AClPA,IAAI,cAAqB,qBAAA;AAMzB,IAAI,uBAAuB;AAC3B,IAAI,kBAAmC,CAAA;AAWhC,MAAM,cAAc;AAAA,EACf,cAAc;AAAA,EAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASvB,MAAM,OAA+B,OAAoB,IAAuB;AAE5E,QAAI,sBAAsB;AACtB,aAAO,IAAI,QAAkB,CAAC,YAAY;AACtC,wBAAgB,KAAK,EAAE,OAAO,MAAM,SAAS;AAAA,MACjD,CAAC;AAAA,IACL;AAEA,WAAO,YAAY,OAAO,IAAI;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,SAAS;AACZ,WAAO,IAAI,cAAA;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,aAAa,sBAAsB,WAAyB;AAExD,QAAI,mBAAmB,WAAW;AAC9B,UAAI;AACA,+BAAuB;AAGvB,cAAM,eAAe,MAAM,UAAU,cAAc,SAAS,WAAW;AAAA,UACnE,MAAM;AAAA,QAAA,CACT;AAGD,cAAM,YAAY,aAAa,YAAY;AAC3C,YAAI,cAAc,KAAK;AAEnB,wBAAc,CAAC,OAA0B,SAAuB;AAC5D,mBAAO,MAAM,aAAa,WAAW,KAAK,GAAG,IAAI;AAAA,UACrD;AAAA,QACJ,OAAO;AAEH,wBAAc;AAAA,QAClB;AAEA,gBAAQ,IAAI,oDAAoD,YAAY;AAAA,MAChF,SAAS,OAAO;AACZ,gBAAQ;AAAA,UACJ;AAAA,UACA;AAAA,QAAA;AAAA,MAER,UAAA;AAEI,8BAAA;AAAA,MACJ;AAAA,IACJ,OAAO;AACH,cAAQ,IAAI,0EAA0E;AAAA,IAC1F;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,sBAAsB;AACzB,UAAM,QAAQ;AACd,UAAM,YAAY,aAAa,MAAM,YAAY;AAGjD,UAAM,eAAe,qBAAqB;AAAA;AAAA,MAEtC,cAAc,EAAE,SAAS,CAAC,WAAW,SAAS,CAAC,EAAA;AAAA,IAAE,CACpD;AAGD,UAAM,iBAAiB,WAAW,CAAC,UAAU;AAEzC,YAAM,UAAU,MAAM,aAAa;AAAA,IACvC,CAAC;AAGD,UAAM,iBAAiB,YAAY,CAAC,UAAU;AAE1C,YAAM,UAAU,MAAM,QAAQ,MAAA,CAAO;AAAA,IACzC,CAAC;AAGD,UAAM,iBAAiB,SAAS,CAAC,UAAU;AAEvC,YAAM,YAAY,aAAa,MAAM,OAAO,CAAC;AAAA,IACjD,CAAC;AAAA,EACL;AACJ;AAKA,SAAS,wBAAwB;AAE7B,yBAAuB;AAGvB,kBAAgB,QAAQ,CAAC,EAAE,OAAO,MAAM,cAAc;AAClD,YAAQ,YAAY,OAAO,IAAI,CAAC;AAAA,EACpC,CAAC;AACD,oBAAkB,CAAA;AACtB;AAOA,SAAS,aAAa,cAAyC;AAC3D,QAAM,QAAQ,IAAI,IAAI,aAAa,KAAK;AACxC,QAAM,YAAY,IAAI,IAAI,KAAK,KAAK;AACpC,SAAO,UAAU;AACrB;AASA,SAAS,aAAa,MAAgC,OAA6C;AAC/F,MAAI,CAAC,MAAM;AACP,WAAO;AAAA,EACX;AAEA,QAAM,kBAAkB,CAAC,SAAiB;AACtC,UAAM,UAAU,OAAO,SAAS,WAAW,OAAO,KAAK,SAAA;AACvD,WAAO,QAAQ,SAAS,GAAG,IAAI,UAAU,KAAK,MAAM,CAAC,IAAI,UAAU;AAAA,EACvE;AAEA,QAAM,eAAe,CAAC,QAAa;AAC/B,UAAM,OAAO,IAAI;AACjB,UAAM,YAAY,KAAK,QAAQ,eAAe;AAC9C,UAAM,cAAc,KAAK,MAAM,SAAS;AACxC,UAAM,UAAU,gBAAgB,WAAW;AAC3C,WAAO,IAAI,IAAI,SAAS,GAAG;AAAA,EAC/B;AAEA,MAAI,OAAO,UAAU,UAAU;AAC3B,QAAI,MAAM,WAAW,eAAe,GAAG;AACnC,aAAO,gBAAgB,KAAK;AAAA,IAChC;AAAA,EACJ,WAAW,iBAAiB,KAAK;AAC7B,UAAM,OAAO,MAAM;AACnB,QAAI,KAAK,SAAS,eAAe,GAAG;AAChC,aAAO,aAAa,KAAK;AAAA,IAC7B;AAAA,EACJ,WAAW,iBAAiB,SAAS;AACjC,UAAM,MAAM,IAAI,IAAI,MAAM,GAAG;AAC7B,UAAM,OAAO,IAAI;AACjB,QAAI,KAAK,SAAS,eAAe,GAAG;AAChC,YAAM,SAAS,aAAa,GAAG;AAC/B,aAAO,IAAI,QAAQ,QAAQ,KAAK;AAAA,IACpC;AAAA,EACJ;AAEA,SAAO;AACX;AASA,SAAS,WAAW,aAAuC;AACvD,SAAO,CAAC,cAA2E;AAC/E,QAAI,CAAC,aAAa;AACd,aAAO,QAAQ,QAAQ,SAAS;AAAA,IACpC;AAEA,UAAM,CAAC,OAAO,IAAI,IAAI;AACtB,UAAM,UAAU,OAAO,gBAAgB,WAAW,cAAc,YAAY,SAAA;AAG5E,QAAI,OAAO,UAAU,UAAU;AAC3B,UAAI,MAAM,WAAW,OAAO,GAAG;AAC3B,cAAM,YAAY,MAAM,QAAQ,eAAe;AAC/C,YAAI,cAAc,IAAI;AAClB,gBAAM,UAAU,MAAM,MAAM,SAAS;AACrC,iBAAO,QAAQ,QAAQ,CAAC,SAAS,IAAI,CAAC;AAAA,QAC1C;AAAA,MACJ;AAAA,IACJ,WAAW,iBAAiB,KAAK;AAC7B,YAAM,OAAO,MAAM;AACnB,UAAI,KAAK,WAAW,OAAO,GAAG;AAC1B,cAAM,YAAY,KAAK,QAAQ,eAAe;AAC9C,YAAI,cAAc,IAAI;AAClB,gBAAM,UAAU,KAAK,MAAM,SAAS;AACpC,iBAAO,QAAQ,QAAQ,CAAC,IAAI,IAAI,SAAS,KAAK,GAAG,IAAI,CAAC;AAAA,QAC1D;AAAA,MACJ;AAAA,IACJ,WAAW,iBAAiB,SAAS;AACjC,YAAM,MAAM,IAAI,IAAI,MAAM,GAAG;AAC7B,YAAM,OAAO,IAAI;AACjB,UAAI,KAAK,WAAW,OAAO,GAAG;AAC1B,cAAM,YAAY,KAAK,QAAQ,eAAe;AAC9C,YAAI,cAAc,IAAI;AAClB,gBAAM,UAAU,KAAK,MAAM,SAAS;AACpC,iBAAO,QAAQ,QAAQ,CAAC,IAAI,QAAQ,IAAI,IAAI,SAAS,GAAG,GAAG,KAAK,GAAG,IAAI,CAAC;AAAA,QAC5E;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO,QAAQ,QAAQ,SAAS;AAAA,EACpC;AACJ;"}

package/dist/types/fetch.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { Interceptors } from '@conduit-client/service-fetch-network/v1';
+export declare const API_PATH_PREFIX = "/services/data/v";
+/**
+ * Configuration options for the Lightning fetch creation.
+ */
+export interface LightningFetchConfig {
+    interceptors?: Interceptors<void>;
+    /**
+     * Optional source for CSRF tokens. Can be:
+     * - string: URL path to token endpoint (e.g., '/custom/csrf-endpoint')
+     * - URL: Full URL object for token endpoint
+     * - function: Custom async function that returns a token string
+     *
+     * As a string or URL, default fetching and caching (if Cache API is
+     * available) will be used to obtain tokens
+     */
+    csrfTokenSource?: string | URL | (() => Promise<string>);
+    /**
+     * Optional callback for firing events related to fetch operations.
+     * Can be used for instrumentation, logging, and monitoring.
+     */
+    fireEvent?: (eventName: string, id: string, data?: unknown) => void;
+}
+/**
+ * Creates an enhanced fetch function with automatic CSRF token handling.
+ * The returned function automatically adds CSRF tokens to protected requests
+ * and handles token refresh when tokens become invalid.
+ *
+ * @param config - Optional configuration object
+ * @returns An enhanced fetch function that handles CSRF protection
+ */
+export declare function createLightningFetch(config?: LightningFetchConfig): typeof fetch;

package/dist/types/index.d.ts CHANGED Viewed

@@ -1,11 +1,43 @@
-export type Config = {
-    version: string;
-    debug?: boolean;
-};
 /**
- * Adds event listeners for setting up service worker.
+ * A client for making HTTP requests with CSRF protection.  By default, protection is provided by
+ * wrapping the native `fetch` API with functionality that will apply a CSRF token to appropriate
+ * requests.  This includes functionality to detect expired tokens, triggering a token refresh and
+ * retry of the request.
  *
- * @param version
- * @param debug
+ * Optionally, CSRF protection can be offloaded to a service worker by making the appropriate calls
+ * to `registerServiceWorker` and `defineServiceWorker`
  */
-export declare function createServiceWorker({ version, debug }: Config): void;
+export declare class ConduitClient {
+    private constructor();
+    /**
+     * Makes an HTTP request
+     *
+     * @param input - The URL, Request object, or relative path to request
+     * @param init - Optional request configuration that will be merged with defaults
+     * @returns Promise that resolves to the Response object
+     */
+    fetch(input: string | URL | Request, init?: RequestInit): Promise<Response>;
+    /**
+     * Factory method to create a new ConduitClient instance
+     *
+     * @returns A new ConduitClient instance
+     */
+    static create(): ConduitClient;
+    /**
+     * Registers a service worker for enhanced CSRF protection and caching.
+     * When successfully registered, the client will switch to using native fetch
+     * as the service worker will handle CSRF protection.
+     *
+     * The script URL must identify a source file that calls `defineServiceWorker`.
+     *
+     * @param scriptURL - URL or path to the service worker script
+     */
+    static registerServiceWorker(scriptURL: string | URL): Promise<void>;
+    /**
+     * Defines the service worker behavior for CSRF protection.
+     *
+     * This method must be called within a service worker script whose URL is supplied to
+     * `registerServiceWorker`
+     */
+    static defineServiceWorker(): void;
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@conduit-client/salesforce-lightning-service-worker",
-    "version": "3.3.0",
+    "version": "3.5.0",
     "private": false,
     "description": "Service worker for accessing Salesforce data",
     "type": "module",
@@ -24,15 +24,16 @@
         "test:size": "size-limit",
         "watch": "npm run build --watch"
     },
-    "devDependencies": {
-        "@types/express": "^4.17.17",
-        "express": "^4.18.2",
-        "tsx": "^4.7.0"
+    "dependencies": {
+        "@conduit-client/service-fetch-network": "3.5.0"
+    },
+    "volta": {
+        "extends": "../../../package.json"
     },
     "size-limit": [
         {
             "path": "dist/index.js",
-            "limit": "917 B"
+            "limit": "2.76 kB"
         }
     ]
 }

package/dist/types/csrf.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function createCsrfHandler(version: string): (request: Request) => Promise<Response>;

/package/dist/types/__tests__/{csrf.spec.d.ts → fetch.spec.d.ts} RENAMED Viewed

File without changes