@crosspost/sdk 0.1.8 → 0.1.10

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@crosspost/sdk",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "SDK for interacting with the Crosspost API",
   "type": "module",
   "main": "dist/index.cjs",
@@ -36,6 +36,7 @@
   "author": "crosspost.near",
   "license": "MIT",
   "dependencies": {
+    "@crosspost/types": "^0.1.9",
     "near-sign-verify": "^0.1.3"
   },
   "devDependencies": {

package/src/api/auth.ts

@@ -5,7 +5,6 @@ import type {
   AuthStatusParams,
   AuthStatusResponse,
   AuthTokenRequest,
-  AuthUrlResponse,
   ConnectedAccount,
   ConnectedAccountsResponse,
   NearAuthorizationRequest,
@@ -14,6 +13,7 @@ import type {
   Platform,
 } from '@crosspost/types';
 import { makeRequest, type RequestOptions } from '../core/request.ts';
+import { openAuthPopup } from '../utils/popup.ts';
 
 /**
  * Authentication-related API operations
@@ -55,22 +55,40 @@ export class AuthApi {
   }
 
   /**
-   * Initiates the login process for a specific platform.
-   * The service handles the OAuth flow; this method triggers it.
+   * Initiates the login process for a specific platform using a popup window.
    * @param platform The target platform.
    * @param options Optional success and error redirect URLs.
-   * @returns A promise resolving with the response from the service (might indicate success/failure or redirect info).
+   * @returns Promise that resolves with the authentication result when the popup completes.
+   * @throws Error if popups are blocked or if running in a non-browser environment.
    */
   async loginToPlatform(
     platform: Platform,
     options?: AuthInitRequest,
-  ): Promise<AuthUrlResponse> {
-    return makeRequest<AuthUrlResponse, AuthInitRequest>(
-      'POST',
-      `/auth/${platform}/login`,
-      this.options,
-      options || {},
-    );
+  ): Promise<AuthCallbackResponse> {
+    // Construct the login URL
+    const baseUrl = this.options.baseUrl || '';
+    const loginUrl = new URL(`/auth/${platform}/login`, baseUrl);
+
+    // Add successUrl and errorUrl if provided
+    if (options?.successUrl) {
+      loginUrl.searchParams.set('successUrl', options.successUrl);
+    }
+    if (options?.errorUrl) {
+      loginUrl.searchParams.set('errorUrl', options.errorUrl);
+    }
+
+    // Open the popup and wait for the result
+    const result = await openAuthPopup(loginUrl.toString());
+
+    if (!result.success || !result.userId) {
+      throw new Error(result.error || 'Authentication failed');
+    }
+
+    // Return the result in the expected format
+    return {
+      platform,
+      userId: result.userId,
+    };
   }
 
   /**
@@ -146,7 +164,8 @@ export class AuthApi {
 
   /**
    * Lists all accounts connected to the NEAR account.
-   * @returns A promise resolving with the list of connected accounts.
+   * @returns A promise resolving with the connected accounts response containing an array of accounts.
+   * @throws {CrosspostError} If the request fails or returns invalid data.
    */
   async getConnectedAccounts(): Promise<ConnectedAccountsResponse> {
     return makeRequest<ConnectedAccountsResponse, never>(

package/src/core/client.ts

@@ -24,14 +24,12 @@ export class CrosspostClient {
   constructor(config: CrosspostClientConfig = {}) {
     const baseUrl = config.baseUrl || DEFAULT_CONFIG.baseUrl; // you can deploy your own
     const timeout = config.timeout || DEFAULT_CONFIG.timeout;
-    const retries = config.retries ?? DEFAULT_CONFIG.retries;
 
     const nearAuthData = config.nearAuthData;
 
     this.options = {
       baseUrl,
       timeout,
-      retries,
       nearAuthData,
     };
 

package/src/core/config.ts

@@ -18,11 +18,6 @@ export interface CrosspostClientConfig {
    * @default 30000
    */
   timeout?: number;
-  /**
-   * Number of retries for failed requests (specifically for network errors or 5xx status codes)
-   * @default 2
-   */
-  retries?: number;
 }
 
 /**
@@ -31,5 +26,4 @@ export interface CrosspostClientConfig {
 export const DEFAULT_CONFIG: Required<Omit<CrosspostClientConfig, 'nearAuthData'>> = {
   baseUrl: 'https://open-crosspost-proxy.deno.dev/',
   timeout: 30000,
-  retries: 2,
 };

package/src/core/request.ts

@@ -1,9 +1,9 @@
 import { ApiErrorCode, type StatusCode } from '@crosspost/types';
 import { createAuthToken, type NearAuthData } from 'near-sign-verify';
 import {
-  apiWrapper,
   createNetworkError,
   CrosspostError,
+  enrichErrorWithContext,
   handleErrorResponse,
 } from '../utils/error.ts';
 
@@ -29,20 +29,23 @@ export interface RequestOptions {
    * Request timeout in milliseconds
    */
   timeout: number;
-  /**
-   * Number of retries for failed requests
-   */
-  retries: number;
 }
 
 /**
- * Makes a request to the API with retry and error handling
+ * Makes a request to the API with error handling and data extraction
  *
  * @param method The HTTP method
  * @param path The API path
  * @param options The request options
  * @param data Optional request data
- * @returns A promise resolving with the response data
+ * @param query Optional query parameters
+ * @returns A promise resolving with the data field from the API response
+ * @throws {CrosspostError}
+ *  - If the request fails (network error, timeout)
+ *  - If the response is not valid JSON
+ *  - If the response does not follow the expected ApiResponse format
+ *  - If the response indicates success but contains no data
+ *  - If the response indicates failure (includes error details and metadata)
  */
 export async function makeRequest<
   TResponse,
@@ -76,131 +79,126 @@ export async function makeRequest<
     method,
     path,
     url,
-    retries: options.retries,
   };
 
-  return apiWrapper(async () => {
-    let lastError: Error | null = null;
-
-    for (let attempt = 0; attempt <= options.retries; attempt++) {
-      const controller = new AbortController();
-      const timeoutId = setTimeout(() => controller.abort(), options.timeout);
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), options.timeout);
+
+  try {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'Accept': 'application/json',
+    };
+
+    // For GET requests, use X-Near-Account header if available
+    if (method === 'GET') {
+      const nearAccount = options.nearAccount || options.nearAuthData?.account_id;
+      if (!nearAccount) {
+        throw new CrosspostError(
+          'No NEAR account provided for GET request',
+          ApiErrorCode.UNAUTHORIZED,
+          401,
+        );
+      }
+      headers['X-Near-Account'] = nearAccount;
+    } else {
+      // For non-GET requests, require nearAuthData
+      if (!options.nearAuthData) {
+        throw new CrosspostError(
+          'NEAR authentication data required for non-GET request',
+          ApiErrorCode.UNAUTHORIZED,
+          401,
+        );
+      }
+      headers['Authorization'] = `Bearer ${createAuthToken(options.nearAuthData)}`;
+    }
 
+    const requestOptions: RequestInit = {
+      method,
+      headers,
+      body: method !== 'GET' && data ? JSON.stringify(data) : undefined,
+      signal: controller.signal,
+    };
+
+    const response = await fetch(url, requestOptions);
+    clearTimeout(timeoutId);
+
+    let responseData: any;
+    try {
+      responseData = await response.json();
+    } catch (jsonError) {
+      // JSON parsing failed - try to get response text for context
+      let responseText: string | undefined;
       try {
-        const headers: Record<string, string> = {
-          'Content-Type': 'application/json',
-          'Accept': 'application/json',
-        };
-
-        // For GET requests, use X-Near-Account header if available
-        if (method === 'GET') {
-          const nearAccount = options.nearAccount || options.nearAuthData?.account_id;
-          if (!nearAccount) {
-            throw new CrosspostError(
-              'No NEAR account provided for GET request',
-              ApiErrorCode.UNAUTHORIZED,
-              401,
-            );
-          }
-          headers['X-Near-Account'] = nearAccount;
-        } else {
-          // For non-GET requests, require nearAuthData
-          if (!options.nearAuthData) {
-            throw new CrosspostError(
-              'NEAR authentication data required for non-GET request',
-              ApiErrorCode.UNAUTHORIZED,
-              401,
-            );
-          }
-          headers['Authorization'] = `Bearer ${createAuthToken(options.nearAuthData)}`;
-        }
-
-        const requestOptions: RequestInit = {
-          method,
-          headers,
-          body: method !== 'GET' && data ? JSON.stringify(data) : undefined,
-          signal: controller.signal,
-        };
-
-        const response = await fetch(url, requestOptions);
-        clearTimeout(timeoutId); // Clear timeout if fetch completes
-
-        let responseData: any;
-        try {
-          responseData = await response.json();
-        } catch (jsonError) {
-          // If JSON parsing fails, did API throw an error?
-          if (!response.ok) {
-            throw new CrosspostError(
-              `API request failed with status ${response.status} and non-JSON response`,
-              ApiErrorCode.NETWORK_ERROR,
-              response.status as StatusCode,
-              { originalStatusText: response.statusText },
-            );
-          }
-          // Otherwise, throw a custom error
-          throw new CrosspostError(
-            `Failed to parse JSON response: ${
-              jsonError instanceof Error ? jsonError.message : String(jsonError)
-            }`,
-            ApiErrorCode.INTERNAL_ERROR,
-            response.status as StatusCode,
-          );
-        }
-
-        if (!response.ok) {
-          lastError = handleErrorResponse(responseData, response.status);
-          // Only retry rate limit errors
-          const shouldRetry = lastError instanceof CrosspostError &&
-            lastError.code === ApiErrorCode.RATE_LIMITED;
-          if (shouldRetry && attempt < options.retries) {
-            await new Promise((resolve) => setTimeout(resolve, 1000 * Math.pow(2, attempt))); // Exponential backoff
-            continue; // Retry
-          }
-          throw lastError; // Throw error if not retrying or retries exhausted
-        }
-
-        // Handle response based on success flag
-        if (responseData && typeof responseData === 'object' && 'success' in responseData) {
-          if (responseData.success) {
-            // Success response - return the data
-            return responseData.data as TResponse;
-          } else {
-            // Error response - handle with our error utilities
-            lastError = handleErrorResponse(responseData, response.status);
-            // Only retry rate limit errors
-            const shouldRetry = lastError instanceof CrosspostError &&
-              lastError.code === ApiErrorCode.RATE_LIMITED;
-            if (shouldRetry && attempt < options.retries) {
-              await new Promise((resolve) => setTimeout(resolve, 1000 * Math.pow(2, attempt))); // Exponential backoff
-              continue; // Retry
-            }
-            throw lastError;
-          }
-        }
-      } catch (error) {
-        clearTimeout(timeoutId); // Clear timeout on error
-        lastError = error instanceof Error ? error : new Error(String(error)); // Store the error
-
-        // Handle fetch/network errors specifically for retries
-        const isNetworkError = error instanceof TypeError ||
-          (error instanceof DOMException && error.name === 'AbortError');
-        if (isNetworkError && attempt < options.retries) {
-          await new Promise((resolve) => setTimeout(resolve, 1000 * Math.pow(2, attempt))); // Exponential backoff
-          continue; // Retry network error
-        }
-
-        // If it's not a known ApiError/PlatformError, wrap it
-        if (!(error instanceof CrosspostError)) {
-          throw createNetworkError(error, url, options.timeout);
-        }
-
-        throw error; // Re-throw known ApiError or final network error
+        responseText = await response.text();
+      } catch (_) { /* ignore */ }
+
+      throw new CrosspostError(
+        `API request failed with status ${response.status} and non-JSON response`,
+        ApiErrorCode.INVALID_RESPONSE,
+        response.status as StatusCode,
+        {
+          originalStatusText: response.statusText,
+          originalError: jsonError instanceof Error ? jsonError.message : String(jsonError),
+          responseText,
+        },
+      );
+    }
+
+    // Handle non-ok responses (4xx/5xx)
+    if (!response.ok) {
+      throw handleErrorResponse(responseData, response.status);
+    }
+
+    // Validate success response structure
+    if (!responseData || typeof responseData !== 'object' || !('success' in responseData)) {
+      throw new CrosspostError(
+        'Invalid success response format from API',
+        ApiErrorCode.INVALID_RESPONSE,
+        response.status as StatusCode,
+        { responseData },
+      );
+    }
+
+    if (responseData.success) {
+      if (!responseData.data) {
+        throw new CrosspostError(
+          'API returned success but no data',
+          ApiErrorCode.INVALID_RESPONSE,
+          response.status as StatusCode,
+          { responseData },
+        );
       }
+      return responseData.data as TResponse;
     }
 
-    // Should not be reachable if retries >= 0, but needed for type safety
-    throw lastError ||
-      new CrosspostError('Request failed after multiple retries', ApiErrorCode.INTERNAL_ERROR, 500);
-  }, context);
+    // If we get here, we have response.ok but success: false
+    // This is unexpected - treat as an error
+    throw handleErrorResponse(responseData, response.status);
+  } catch (error) {
+    clearTimeout(timeoutId);
+
+    if (error instanceof CrosspostError) {
+      // Enrich CrosspostError with request context
+      throw enrichErrorWithContext(error, context);
+    }
+
+    // Handle network errors (including timeouts)
+    if (
+      error instanceof TypeError || (error instanceof DOMException && error.name === 'AbortError')
+    ) {
+      throw enrichErrorWithContext(createNetworkError(error, url, options.timeout), context);
+    }
+
+    // For any other errors, wrap them with context
+    throw enrichErrorWithContext(
+      new CrosspostError(
+        error instanceof Error ? error.message : String(error),
+        ApiErrorCode.INTERNAL_ERROR,
+        500,
+        { originalError: String(error) },
+      ),
+      context,
+    );
+  }
 }

package/src/utils/popup.ts

@@ -0,0 +1,129 @@
+import type { PlatformName } from '@crosspost/types';
+
+// Augment the Window interface
+declare global {
+  interface Window {
+    innerWidth: number;
+    innerHeight: number;
+    open(url: string, target: string, features: string): Window | null;
+  }
+
+  interface WindowEventMap {
+    message: MessageEvent<AuthCallbackMessage>;
+  }
+}
+
+interface PopupOptions {
+  width?: number;
+  height?: number;
+  left?: number;
+  top?: number;
+}
+
+interface AuthCallbackData {
+  success: boolean;
+  platform: PlatformName;
+  userId?: string;
+  error?: string;
+  error_description?: string;
+}
+
+interface AuthCallbackMessage {
+  type: 'AUTH_CALLBACK';
+  data: AuthCallbackData;
+}
+
+/**
+ * Opens a popup window and returns a promise that resolves when the authentication is complete
+ * @param url The URL to open in the popup
+ * @param options Optional popup window dimensions and position
+ * @returns Promise that resolves with the authentication result
+ * @throws Error if popups are blocked or if running in a non-browser environment
+ */
+export function openAuthPopup(url: string, options: PopupOptions = {}): Promise<AuthCallbackData> {
+  // Check for browser environment
+  if (typeof window === 'undefined') {
+    throw new Error('openAuthPopup can only be used in a browser environment');
+  }
+
+  return new Promise((resolve, reject) => {
+    // Calculate popup dimensions and position
+    const {
+      width = 600,
+      height = 700,
+      left = Math.max(0, (window.innerWidth - 600) / 2),
+      top = Math.max(0, (window.innerHeight - 700) / 2),
+    } = options;
+
+    // Open the popup
+    const popup = window.open(
+      url,
+      'authPopup',
+      `width=${width},height=${height},left=${left},top=${top},scrollbars=yes`,
+    );
+
+    if (!popup) {
+      reject(new Error('Popup blocked. Please allow popups for this site.'));
+      return;
+    }
+
+    let messageReceived = false;
+
+    // Function to handle messages from the popup with proper typing
+    const handleMessage = (event: MessageEvent<AuthCallbackMessage>) => {
+      // Verify the message is from our popup and popup exists
+      if (!popup || event.source !== popup) {
+        return;
+      }
+
+      const message = event.data;
+      if (message?.type === 'AUTH_CALLBACK') {
+        messageReceived = true;
+        window.removeEventListener('message', handleMessage);
+        clearInterval(checkClosedInterval);
+
+        if (message.data.success) {
+          resolve(message.data);
+        } else {
+          reject(message.data);
+        }
+
+        // Give a moment for any final operations before closing
+        setTimeout(() => {
+          try {
+            if (popup && !popup.closed) {
+              popup.close();
+            }
+          } catch (e) {
+            console.warn('Failed to close popup window:', e);
+          }
+        }, 100);
+      }
+    };
+
+    // Listen for messages from the popup
+    window.addEventListener('message', handleMessage as EventListener);
+
+    // Check if popup was closed manually
+    const checkClosedInterval = setInterval(() => {
+      try {
+        if (!popup || popup.closed) {
+          cleanup();
+        }
+      } catch (e) {
+        console.warn('Error checking popup state:', e);
+        cleanup();
+      }
+    }, 500);
+
+    // Cleanup function to handle popup closure
+    function cleanup() {
+      clearInterval(checkClosedInterval);
+      window.removeEventListener('message', handleMessage as EventListener);
+
+      if (!messageReceived) {
+        reject(new Error('Authentication cancelled by user.'));
+      }
+    }
+  });
+}