@crosspost/sdk 0.1.3 → 0.1.4

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Open Crosspost
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -13,34 +13,22 @@ bun install @crosspost/sdk
 ```typescript
 import { ApiError, CrosspostClient, isAuthError, PlatformError } from '@crosspost/sdk';
 
-// Initialize the client with direct authentication
+// Initialize the client (authentication can be provided later)
 const client = new CrosspostClient({
   baseUrl: 'https://your-crosspost-api.com', // Optional: Defaults to official API
-  nearAuthData: {
-    accountId: 'your-account.near',
-    publicKey: 'ed25519:...',
-    signature: '...',
-    message: '...',
-  },
-});
-
-// Or initialize with cookie-based authentication (will auto-load from cookie if available)
-const cookieClient = new CrosspostClient({
-  baseUrl: 'https://your-crosspost-api.com',
-  // No nearAuthData provided - will check for cookie
 });
 
-// Set authentication explicitly (also stores in secure cookie)
-await cookieClient.setAuthentication({
+// Set authentication with fresh signature for the request
+client.setAuthentication({
   accountId: 'your-account.near',
   publicKey: 'ed25519:...',
   signature: '...',
   message: '...',
 });
 
-// Check if client is authenticated
-if (cookieClient.isAuthenticated()) {
-  console.log('Client is authenticated');
+// Check if client has authentication data set
+if (client.isAuthenticated()) {
+  console.log('Client has authentication data');
 }
 
 // NEAR Account Authorization
@@ -110,6 +98,7 @@ async function revokePlatformAuth(platform) {
 async function createPost() {
   try {
     const response = await client.post.createPost({
+      targets: [{ platform: 'twitter', userId: 'your-twitter-id' }],
       content: {
         text: 'Hello from Crosspost SDK!',
       },
@@ -178,13 +167,21 @@ constructor(config?: {
 
 ### Post API (client.post)
 
-- `createPost(request): Promise<CreatePostResponse>` - Creates a new post
-- `repost(request): Promise<RepostResponse>` - Reposts an existing post
-- `quotePost(request): Promise<QuotePostResponse>` - Quotes an existing post
-- `replyToPost(request): Promise<ReplyToPostResponse>` - Replies to a post
-- `likePost(request): Promise<LikePostResponse>` - Likes a post
-- `unlikePost(request): Promise<UnlikePostResponse>` - Unlikes a post
-- `deletePost(request): Promise<DeletePostResponse>` - Deletes a post
+Each post operation accepts a request object that includes:
+
+- `targets`: Array of `{ platform: string, userId: string }` specifying where to perform the action
+- Additional parameters specific to each operation
+
+Available methods:
+
+- `createPost(request: CreatePostRequest): Promise<CreatePostResponse>` - Creates posts on specified
+  platforms
+- `repost(request: RepostRequest): Promise<RepostResponse>` - Reposts an existing post
+- `quotePost(request: QuotePostRequest): Promise<QuotePostResponse>` - Quotes an existing post
+- `replyToPost(request: ReplyToPostRequest): Promise<ReplyToPostResponse>` - Replies to a post
+- `likePost(request: LikePostRequest): Promise<LikePostResponse>` - Likes a post
+- `unlikePost(request: UnlikePostRequest): Promise<UnlikePostResponse>` - Unlikes a post
+- `deletePost(request: DeletePostRequest): Promise<DeletePostResponse>` - Deletes posts
 
 ### Activity API (client.activity)
 
@@ -249,51 +246,81 @@ const result = await apiWrapper(
 ### Creating a Post
 
 ```typescript
-// Create a simple text post
+// Create a text post on Twitter
 const textPostResponse = await client.post.createPost({
-  content: {
+  targets: [{
+    platform: 'twitter',
+    userId: 'your-twitter-id',
+  }],
+  content: [{
     text: 'Hello from Crosspost SDK!',
-  },
+  }],
 });
 
-// Create a post with media
+// Create a post with media on multiple platforms
 const mediaPostResponse = await client.post.createPost({
-  content: {
+  targets: [
+    { platform: 'twitter', userId: 'your-twitter-id' },
+    { platform: 'facebook', userId: 'your-facebook-id' },
+  ],
+  content: [{
     text: 'Check out this image!',
-    media: [
-      {
-        type: 'image',
-        url: 'https://example.com/image.jpg',
-      },
-    ],
-  },
+    media: [{
+      data: imageBlob,
+      mimeType: 'image/jpeg',
+      altText: 'A beautiful sunset',
+    }],
+  }],
 });
 ```
 
 ### Post Interactions
 
 ```typescript
-// Like a post
+// Like a post on Twitter
 await client.post.likePost({
+  targets: [{
+    platform: 'twitter',
+    userId: 'your-twitter-id',
+  }],
+  platform: 'twitter',
   postId: '1234567890',
 });
 
-// Repost
+// Repost on multiple platforms
 await client.post.repost({
+  targets: [
+    { platform: 'twitter', userId: 'your-twitter-id' },
+    { platform: 'facebook', userId: 'your-facebook-id' },
+  ],
+  platform: 'twitter',
   postId: '1234567890',
 });
 
 // Reply to a post
 await client.post.replyToPost({
+  targets: [{
+    platform: 'twitter',
+    userId: 'your-twitter-id',
+  }],
+  platform: 'twitter',
   postId: '1234567890',
-  content: {
+  content: [{
     text: 'This is a reply!',
-  },
+  }],
 });
 
-// Delete a post
+// Delete posts
 await client.post.deletePost({
-  postId: '1234567890',
+  targets: [{
+    platform: 'twitter',
+    userId: 'your-twitter-id',
+  }],
+  posts: [{
+    platform: 'twitter',
+    userId: 'your-twitter-id',
+    postId: '1234567890',
+  }],
 });
 ```
 
@@ -330,56 +357,21 @@ const postRateLimit = await client.system.getEndpointRateLimit('post');
 
 ## Authentication and Security
 
-### Authentication Strategies
-
-The SDK supports two authentication strategies:
-
-1. **Direct Authentication**: Provide `nearAuthData` directly in the constructor.
-   ```typescript
-   const client = new CrosspostClient({
-     nearAuthData: {
-       accountId: 'your-account.near',
-       publicKey: 'ed25519:...',
-       signature: '...',
-       message: '...',
-     },
-   });
-   ```
-
-2. **Cookie-Based Authentication**: Automatically read/write authentication data from a secure
-   cookie.
-   ```typescript
-   // Initialize without auth data (will check for cookie)
-   const client = new CrosspostClient();
-
-   // Set authentication (also stores in cookie)
-   client.setAuthentication(nearAuthData);
-   ```
+### Authentication Strategy
 
-### Cookie Security
+The SDK uses direct authentication with per-request signatures:
 
-When using cookie-based authentication, the SDK stores authentication data in a secure cookie with
-the following settings:
-
-- **Name**: `__crosspost_auth`
-- **Secure**: `true` (only sent over HTTPS)
-- **SameSite**: `Lax` (sent with same-site requests and top-level navigations)
-- **Path**: `/` (available across the entire domain)
-- **Expires**: 30 days
-
-### CSRF Protection
-
-The SDK implements CSRF protection for state-changing requests (non-GET) using the Double Submit
-Cookie pattern:
-
-1. The backend API sets a CSRF token in a non-HttpOnly cookie (`XSRF-TOKEN`)
-2. The SDK reads this token and includes it in the `X-CSRF-Token` header for all state-changing
-   requests
-3. The backend validates that the token in the header matches the token in the cookie
-
-This protection is automatically enabled when using cookie-based authentication and requires no
-additional configuration from the client side.
-
-## License
+```typescript
+// Initialize the client
+const client = new CrosspostClient({
+  baseUrl: 'https://your-crosspost-api.com',
+});
 
-MIT
+// Before making authenticated requests, set fresh signature
+client.setAuthentication({
+  accountId: 'your-account.near',
+  publicKey: 'ed25519:...',
+  signature: '...',
+  message: '...',
+});
+```

package/dist/index.cjs

@@ -1,9 +1,7 @@
 "use strict";
-var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -17,21 +15,11 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
-  AUTH_COOKIE_NAME: () => AUTH_COOKIE_NAME,
-  AUTH_COOKIE_OPTIONS: () => AUTH_COOKIE_OPTIONS,
   AccountActivityEntrySchema: () => AccountActivityEntrySchema,
   AccountActivityParamsSchema: () => AccountActivityParamsSchema,
   AccountActivityQuerySchema: () => AccountActivityQuerySchema,
@@ -55,8 +43,6 @@ __export(index_exports, {
   AuthStatusResponseSchema: () => AuthStatusResponseSchema,
   AuthUrlResponseSchema: () => AuthUrlResponseSchema,
   BaseError: () => BaseError,
-  CSRF_COOKIE_NAME: () => CSRF_COOKIE_NAME,
-  CSRF_HEADER_NAME: () => CSRF_HEADER_NAME,
   ConnectedAccountSchema: () => ConnectedAccountSchema,
   ConnectedAccountsResponseSchema: () => ConnectedAccountsResponseSchema,
   CreatePostRequestSchema: () => CreatePostRequestSchema,
@@ -112,7 +98,9 @@ __export(index_exports, {
   ReplyToPostResponseSchema: () => ReplyToPostResponseSchema,
   RepostRequestSchema: () => RepostRequestSchema,
   RepostResponseSchema: () => RepostResponseSchema,
+  SUPPORTED_PLATFORMS: () => SUPPORTED_PLATFORMS,
   SuccessDetailSchema: () => SuccessDetailSchema,
+  SupportedPlatformSchema: () => SupportedPlatformSchema,
   SystemApi: () => SystemApi,
   TargetSchema: () => TargetSchema,
   TimePeriod: () => TimePeriod,
@@ -121,7 +109,6 @@ __export(index_exports, {
   UsageRateLimitSchema: () => UsageRateLimitSchema,
   UserProfileSchema: () => UserProfileSchema,
   apiWrapper: () => apiWrapper,
-  clearAuthCookie: () => clearAuthCookie,
   createApiResponse: () => createApiResponse,
   createEnhancedApiResponse: () => createEnhancedApiResponse,
   createEnhancedErrorResponse: () => createEnhancedErrorResponse,
@@ -131,8 +118,6 @@ __export(index_exports, {
   createNetworkError: () => createNetworkError,
   createSuccessDetail: () => createSuccessDetail,
   enrichErrorWithContext: () => enrichErrorWithContext,
-  getAuthFromCookie: () => getAuthFromCookie,
-  getCsrfToken: () => getCsrfToken,
   getErrorDetails: () => getErrorDetails,
   getErrorMessage: () => getErrorMessage,
   handleErrorResponse: () => handleErrorResponse,
@@ -142,11 +127,11 @@ __export(index_exports, {
   isMediaError: () => isMediaError,
   isNetworkError: () => isNetworkError,
   isPlatformError: () => isPlatformError,
+  isPlatformSupported: () => isPlatformSupported,
   isPostError: () => isPostError,
   isRateLimitError: () => isRateLimitError,
   isRecoverableError: () => isRecoverableError,
-  isValidationError: () => isValidationError,
-  storeAuthInCookie: () => storeAuthInCookie
+  isValidationError: () => isValidationError
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -4211,19 +4196,22 @@ var z = /* @__PURE__ */ Object.freeze({
 });
 
 // ../types/dist/index.js
-var PlatformSchema = z.enum([
-  "unknown",
-  "twitter"
-  // Add more platforms as they're implemented
-  // 'linkedin',
-  // 'facebook',
-  // 'instagram',
-]).describe("Social media platform");
-var Platform = /* @__PURE__ */ ((Platform22) => {
-  Platform22["UNKNOWN"] = "unknown";
-  Platform22["TWITTER"] = "twitter";
-  return Platform22;
+var Platform = /* @__PURE__ */ ((Platform2) => {
+  Platform2["UNKNOWN"] = "unknown";
+  Platform2["TWITTER"] = "twitter";
+  return Platform2;
 })(Platform || {});
+var PlatformSchema = z.nativeEnum(Platform).describe("Social media platform");
+var SUPPORTED_PLATFORMS = [
+  "twitter"
+  /* TWITTER */
+  // Add more platforms here as they're implemented
+];
+var SupportedPlatformSchema = SUPPORTED_PLATFORMS.length > 0 ? z.enum(SUPPORTED_PLATFORMS) : z.never();
+SupportedPlatformSchema.describe("Currently supported social media platforms");
+function isPlatformSupported(platform) {
+  return SUPPORTED_PLATFORMS.includes(platform);
+}
 var ApiResponseSchema = z.object({
   data: z.any().describe("Response data"),
   meta: z.object({
@@ -4962,59 +4950,6 @@ var ProfileRefreshResponseSchema = EnhancedResponseSchema(
 var import_near_sign_verify = require("near-sign-verify");
 
 // src/utils/error.ts
-function handleErrorResponse(data, status) {
-  const errorData = data?.error || {};
-  const message = errorData?.message || data?.message || "An API error occurred";
-  const codeString = errorData?.code || data?.code || ApiErrorCode.UNKNOWN_ERROR;
-  const code = Object.values(ApiErrorCode).includes(codeString) ? codeString : ApiErrorCode.UNKNOWN_ERROR;
-  const details = errorData?.details || data?.details || {};
-  const recoverable = errorData?.recoverable ?? data?.recoverable ?? false;
-  const platform = errorData?.platform || data?.platform;
-  const enhancedDetails = { ...details };
-  if (typeof enhancedDetails === "object" && !enhancedDetails.originalResponse) {
-    enhancedDetails.originalResponse = data;
-  }
-  if (platform && Object.values(Platform).includes(platform)) {
-    return new PlatformError(
-      message,
-      platform,
-      code,
-      // Use the parsed code
-      status,
-      // Cast status
-      enhancedDetails,
-      recoverable
-    );
-  } else {
-    return new ApiError(
-      message,
-      code,
-      // Use the parsed code
-      status,
-      // Cast status
-      enhancedDetails,
-      recoverable
-    );
-  }
-}
-function createNetworkError(error, url, timeout) {
-  if (error instanceof DOMException && error.name === "AbortError") {
-    return new ApiError(
-      `Request timed out after ${timeout}ms`,
-      ApiErrorCode.NETWORK_ERROR,
-      408,
-      { url }
-    );
-  }
-  return new ApiError(
-    error instanceof Error ? error.message : "An unexpected error occurred during the request",
-    ApiErrorCode.INTERNAL_ERROR,
-    500,
-    { originalError: String(error), url }
-  );
-}
-
-// src/utils/error-utils.ts
 var ERROR_CATEGORIES = {
   AUTH: [
     ApiErrorCode.UNAUTHORIZED,
@@ -5142,9 +5077,6 @@ function enrichErrorWithContext(error, context) {
     false
   );
 }
-function handleErrorResponse2(data, status) {
-  return handleErrorResponse(data, status);
-}
 async function apiWrapper(apiCall, context) {
   try {
     return await apiCall();
@@ -5153,7 +5085,7 @@ async function apiWrapper(apiCall, context) {
       try {
         const errorData = await error.json();
         throw enrichErrorWithContext(
-          handleErrorResponse2(errorData, error.status),
+          handleErrorResponse(errorData, error.status),
           context || {}
         );
       } catch (jsonError) {
@@ -5180,63 +5112,56 @@ async function apiWrapper(apiCall, context) {
     );
   }
 }
-
-// src/utils/cookie.ts
-var import_js_cookie = __toESM(require("js-cookie"), 1);
-var AUTH_COOKIE_NAME = "__crosspost_auth";
-var CSRF_COOKIE_NAME = "XSRF-TOKEN";
-var CSRF_HEADER_NAME = "X-CSRF-Token";
-var isDeno = () => {
-  return typeof globalThis.Deno !== "undefined";
-};
-var isBrowser = () => {
-  return !isDeno() && typeof globalThis.window !== "undefined";
-};
-var AUTH_COOKIE_OPTIONS = {
-  secure: true,
-  sameSite: "lax",
-  // Restrict to same-site and top-level navigation
-  path: "/",
-  expires: 30
-  // 30 days
-};
-function getAuthFromCookie() {
-  try {
-    if (!isBrowser()) {
-      return void 0;
-    }
-    const cookieValue = import_js_cookie.default.get(AUTH_COOKIE_NAME);
-    if (!cookieValue) {
-      return void 0;
-    }
-    return JSON.parse(cookieValue);
-  } catch (error) {
-    console.error("Failed to parse auth cookie:", error);
-    return void 0;
-  }
-}
-function storeAuthInCookie(authData) {
-  try {
-    if (!isBrowser()) {
-      return;
-    }
-    const cookieValue = JSON.stringify(authData);
-    import_js_cookie.default.set(AUTH_COOKIE_NAME, cookieValue, AUTH_COOKIE_OPTIONS);
-  } catch (error) {
-    console.error("Failed to store auth cookie:", error);
+function handleErrorResponse(data, status) {
+  const errorData = data?.error || {};
+  const message = errorData?.message || data?.message || "An API error occurred";
+  const codeString = errorData?.code || data?.code || ApiErrorCode.UNKNOWN_ERROR;
+  const code = Object.values(ApiErrorCode).includes(codeString) ? codeString : ApiErrorCode.UNKNOWN_ERROR;
+  const details = errorData?.details || data?.details || {};
+  const recoverable = errorData?.recoverable ?? data?.recoverable ?? false;
+  const platform = errorData?.platform || data?.platform;
+  const enhancedDetails = { ...details };
+  if (typeof enhancedDetails === "object" && !enhancedDetails.originalResponse) {
+    enhancedDetails.originalResponse = data;
   }
-}
-function clearAuthCookie() {
-  if (!isBrowser()) {
-    return;
+  if (platform && Object.values(Platform).includes(platform)) {
+    return new PlatformError(
+      message,
+      platform,
+      code,
+      // Use the parsed code
+      status,
+      // Cast status
+      enhancedDetails,
+      recoverable
+    );
+  } else {
+    return new ApiError(
+      message,
+      code,
+      // Use the parsed code
+      status,
+      // Cast status
+      enhancedDetails,
+      recoverable
+    );
   }
-  import_js_cookie.default.remove(AUTH_COOKIE_NAME, { path: AUTH_COOKIE_OPTIONS.path });
 }
-function getCsrfToken() {
-  if (!isBrowser()) {
-    return void 0;
+function createNetworkError(error, url, timeout) {
+  if (error instanceof DOMException && error.name === "AbortError") {
+    return new ApiError(
+      `Request timed out after ${timeout}ms`,
+      ApiErrorCode.NETWORK_ERROR,
+      408,
+      { url }
+    );
   }
-  return import_js_cookie.default.get(CSRF_COOKIE_NAME);
+  return new ApiError(
+    error instanceof Error ? error.message : "An unexpected error occurred during the request",
+    ApiErrorCode.INTERNAL_ERROR,
+    500,
+    { originalError: String(error), url }
+  );
 }
 
 // src/core/request.ts
@@ -5274,12 +5199,6 @@ async function makeRequest(method, path, options, data, query) {
           "Accept": "application/json",
           "Authorization": `Bearer ${(0, import_near_sign_verify.createAuthToken)(options.nearAuthData)}`
         };
-        if (method !== "GET") {
-          const csrfToken = getCsrfToken();
-          if (csrfToken) {
-            headers[CSRF_HEADER_NAME] = csrfToken;
-          }
-        }
         const requestOptions = {
           method,
           headers,
@@ -5679,7 +5598,7 @@ var CrosspostClient = class {
     const baseUrl = config.baseUrl || DEFAULT_CONFIG.baseUrl;
     const timeout = config.timeout || DEFAULT_CONFIG.timeout;
     const retries = config.retries ?? DEFAULT_CONFIG.retries;
-    const nearAuthData = config.nearAuthData || getAuthFromCookie();
+    const nearAuthData = config.nearAuthData;
     this.options = {
       baseUrl,
       timeout,
@@ -5692,12 +5611,11 @@ var CrosspostClient = class {
     this.system = new SystemApi(this.options);
   }
   /**
-   * Sets the authentication data (signature) for the client and stores it in a cookie
-   * @param signature The NEAR authentication data
+   * Sets the authentication data (signature) for the client
+   * @param nearAuthData The NEAR authentication data
    */
   setAuthentication(nearAuthData) {
     this.options.nearAuthData = nearAuthData;
-    storeAuthInCookie(nearAuthData);
   }
   /**
    * Checks if authentication data (signature) exists on client
@@ -5709,8 +5627,6 @@ var CrosspostClient = class {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  AUTH_COOKIE_NAME,
-  AUTH_COOKIE_OPTIONS,
   AccountActivityEntrySchema,
   AccountActivityParamsSchema,
   AccountActivityQuerySchema,
@@ -5734,8 +5650,6 @@ var CrosspostClient = class {
   AuthStatusResponseSchema,
   AuthUrlResponseSchema,
   BaseError,
-  CSRF_COOKIE_NAME,
-  CSRF_HEADER_NAME,
   ConnectedAccountSchema,
   ConnectedAccountsResponseSchema,
   CreatePostRequestSchema,
@@ -5791,7 +5705,9 @@ var CrosspostClient = class {
   ReplyToPostResponseSchema,
   RepostRequestSchema,
   RepostResponseSchema,
+  SUPPORTED_PLATFORMS,
   SuccessDetailSchema,
+  SupportedPlatformSchema,
   SystemApi,
   TargetSchema,
   TimePeriod,
@@ -5800,7 +5716,6 @@ var CrosspostClient = class {
   UsageRateLimitSchema,
   UserProfileSchema,
   apiWrapper,
-  clearAuthCookie,
   createApiResponse,
   createEnhancedApiResponse,
   createEnhancedErrorResponse,
@@ -5810,8 +5725,6 @@ var CrosspostClient = class {
   createNetworkError,
   createSuccessDetail,
   enrichErrorWithContext,
-  getAuthFromCookie,
-  getCsrfToken,
   getErrorDetails,
   getErrorMessage,
   handleErrorResponse,
@@ -5821,9 +5734,9 @@ var CrosspostClient = class {
   isMediaError,
   isNetworkError,
   isPlatformError,
+  isPlatformSupported,
   isPostError,
   isRateLimitError,
   isRecoverableError,
-  isValidationError,
-  storeAuthInCookie
+  isValidationError
 });