@distinctagency/cms-client 1.14.1 → 1.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/dist/index.d.mts +58 -1
  2. package/dist/index.d.ts +58 -1
  3. package/dist/index.js +64 -6
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +60 -5
  6. package/dist/index.mjs.map +1 -1
  7. package/dist/tracking-scripts.d.mts +1 -0
  8. package/dist/tracking-scripts.d.ts +1 -0
  9. package/dist/tracking-scripts.js +11 -6
  10. package/dist/tracking-scripts.js.map +1 -1
  11. package/dist/tracking-scripts.mjs +11 -6
  12. package/dist/tracking-scripts.mjs.map +1 -1
  13. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -1,5 +1,14 @@
1
1
  import { SupabaseClient } from '@supabase/supabase-js';
2
2
 
3
+ /**
4
+ * The version of @distinctagency/cms-client embedded in this build.
5
+ *
6
+ * Bump this in lock-step with package.json — the value is read by the SDK to
7
+ * report installed-version telemetry and to send `x-cms-client-version` on
8
+ * outgoing requests.
9
+ */
10
+ declare const CMS_CLIENT_VERSION = "1.16.0";
11
+
3
12
  /** Field types supported by the CMS schema */
4
13
  type FieldType = "text" | "textarea" | "richtext" | "date" | "datetime" | "select" | "number" | "boolean" | "image" | "gallery" | "url" | "file" | "reference" | "computed" | "color" | "tags" | "json" | "embed" | "flipbook";
5
14
  interface ImageConfig {
@@ -456,6 +465,7 @@ interface TrackingConfigOptions {
456
465
  interface TrackingConfig {
457
466
  googleAnalyticsId: string | null;
458
467
  googleTagManagerId: string | null;
468
+ googleAdsId: string | null;
459
469
  metaPixelId: string | null;
460
470
  }
461
471
 
@@ -675,4 +685,51 @@ declare const IMAGE_PRESETS: {
675
685
  };
676
686
  };
677
687
 
678
- export { type BookingStatus, type CmsClientOptions, type CmsEvent, type CmsTicketTier, type ContentItem, type ContentQueryOptions, type ContentType, type ContentTypeSeoConfig, type CreateBookingParams, type CreateBookingResult, type CreateOrderParams, type CreateOrderResult, type DiscountType, type EmbedValue, type EventQueryOptions, type EventStatus, type EventWithTiers, type FieldDefinition, type FieldType, type FlipbookPagePublic, type FlipbookPublic, type FlipbookTocEntryPublic, type GoogleReview, IMAGE_PRESETS, type ImageConfig, type ImageTransformOptions, type MediaFolder, type MediaItem, type Member, type MembershipTier, type OrderAddress, type OrderLineItem, type OrderStatus, type PaymentStatus, type Product, type ProductCategory, type ProductOption, type ProductQueryOptions, type ProductStatus, type ProductVariant, type Profile, type ReviewQueryOptions, TRACKING_CONFIG_TAG, type Tenant, type TenantMembership, type TrackingConfig, type TrackingConfigOptions, createCmsClient, createEventsClient, createShopClient, getEmbedHtml, getSrcSet, getTransformUrl };
688
+ /**
689
+ * Helpers for verifying outbound webhooks fired by the CMS.
690
+ *
691
+ * The CMS POSTs JSON to subscriber URLs and signs the raw body with
692
+ * HMAC-SHA256 using the shared secret you set in the Webhooks tab. The hex
693
+ * digest arrives in the `X-CMS-Signature` header.
694
+ *
695
+ * Use Web Crypto so this works in Node, Edge, Deno, and Bun runtimes.
696
+ */
697
+ interface WebhookEventPayload {
698
+ event: string;
699
+ tenant_id: string;
700
+ content_type_slug?: string;
701
+ content_item_id?: string;
702
+ slug?: string;
703
+ title?: string;
704
+ status?: string;
705
+ timestamp: string;
706
+ /** Commerce + custom events may attach extra fields. */
707
+ [key: string]: unknown;
708
+ }
709
+ /**
710
+ * Verify the HMAC-SHA256 signature on a webhook delivery.
711
+ *
712
+ * Pass the **raw** request body (not a parsed JSON object) — re-stringifying
713
+ * a parsed body can change whitespace and invalidate the signature.
714
+ *
715
+ * Returns `true` when the signature matches in constant time, `false`
716
+ * otherwise. Never throws on a bad signature; only throws if the
717
+ * `crypto.subtle` API is unavailable in the runtime.
718
+ *
719
+ * @example
720
+ * const raw = await req.text()
721
+ * const sig = req.headers.get("x-cms-signature")
722
+ * if (!await verifyWebhookSignature(process.env.CMS_WEBHOOK_SECRET!, raw, sig)) {
723
+ * return new Response("bad signature", { status: 401 })
724
+ * }
725
+ * const payload = JSON.parse(raw) as WebhookEventPayload
726
+ */
727
+ declare function verifyWebhookSignature(secret: string, rawBody: string, signature: string | null | undefined): Promise<boolean>;
728
+ /**
729
+ * The webhook event names the CMS can fire. Use as a discriminator on the
730
+ * `event` field of {@link WebhookEventPayload}.
731
+ */
732
+ declare const WEBHOOK_EVENTS: readonly ["content.published", "content.unpublished", "content.updated", "content.deleted", "order.created", "order.paid", "order.payment_failed", "order.refunded", "order.shipped", "booking.confirmed", "inventory.low_stock"];
733
+ type WebhookEvent = (typeof WEBHOOK_EVENTS)[number];
734
+
735
+ export { type BookingStatus, CMS_CLIENT_VERSION, type CmsClientOptions, type CmsEvent, type CmsTicketTier, type ContentItem, type ContentQueryOptions, type ContentType, type ContentTypeSeoConfig, type CreateBookingParams, type CreateBookingResult, type CreateOrderParams, type CreateOrderResult, type DiscountType, type EmbedValue, type EventQueryOptions, type EventStatus, type EventWithTiers, type FieldDefinition, type FieldType, type FlipbookPagePublic, type FlipbookPublic, type FlipbookTocEntryPublic, type GoogleReview, IMAGE_PRESETS, type ImageConfig, type ImageTransformOptions, type MediaFolder, type MediaItem, type Member, type MembershipTier, type OrderAddress, type OrderLineItem, type OrderStatus, type PaymentStatus, type Product, type ProductCategory, type ProductOption, type ProductQueryOptions, type ProductStatus, type ProductVariant, type Profile, type ReviewQueryOptions, TRACKING_CONFIG_TAG, type Tenant, type TenantMembership, type TrackingConfig, type TrackingConfigOptions, WEBHOOK_EVENTS, type WebhookEvent, type WebhookEventPayload, createCmsClient, createEventsClient, createShopClient, getEmbedHtml, getSrcSet, getTransformUrl, verifyWebhookSignature };
package/dist/index.d.ts CHANGED
@@ -1,5 +1,14 @@
1
1
  import { SupabaseClient } from '@supabase/supabase-js';
2
2
 
3
+ /**
4
+ * The version of @distinctagency/cms-client embedded in this build.
5
+ *
6
+ * Bump this in lock-step with package.json — the value is read by the SDK to
7
+ * report installed-version telemetry and to send `x-cms-client-version` on
8
+ * outgoing requests.
9
+ */
10
+ declare const CMS_CLIENT_VERSION = "1.16.0";
11
+
3
12
  /** Field types supported by the CMS schema */
4
13
  type FieldType = "text" | "textarea" | "richtext" | "date" | "datetime" | "select" | "number" | "boolean" | "image" | "gallery" | "url" | "file" | "reference" | "computed" | "color" | "tags" | "json" | "embed" | "flipbook";
5
14
  interface ImageConfig {
@@ -456,6 +465,7 @@ interface TrackingConfigOptions {
456
465
  interface TrackingConfig {
457
466
  googleAnalyticsId: string | null;
458
467
  googleTagManagerId: string | null;
468
+ googleAdsId: string | null;
459
469
  metaPixelId: string | null;
460
470
  }
461
471
 
@@ -675,4 +685,51 @@ declare const IMAGE_PRESETS: {
675
685
  };
676
686
  };
677
687
 
678
- export { type BookingStatus, type CmsClientOptions, type CmsEvent, type CmsTicketTier, type ContentItem, type ContentQueryOptions, type ContentType, type ContentTypeSeoConfig, type CreateBookingParams, type CreateBookingResult, type CreateOrderParams, type CreateOrderResult, type DiscountType, type EmbedValue, type EventQueryOptions, type EventStatus, type EventWithTiers, type FieldDefinition, type FieldType, type FlipbookPagePublic, type FlipbookPublic, type FlipbookTocEntryPublic, type GoogleReview, IMAGE_PRESETS, type ImageConfig, type ImageTransformOptions, type MediaFolder, type MediaItem, type Member, type MembershipTier, type OrderAddress, type OrderLineItem, type OrderStatus, type PaymentStatus, type Product, type ProductCategory, type ProductOption, type ProductQueryOptions, type ProductStatus, type ProductVariant, type Profile, type ReviewQueryOptions, TRACKING_CONFIG_TAG, type Tenant, type TenantMembership, type TrackingConfig, type TrackingConfigOptions, createCmsClient, createEventsClient, createShopClient, getEmbedHtml, getSrcSet, getTransformUrl };
688
+ /**
689
+ * Helpers for verifying outbound webhooks fired by the CMS.
690
+ *
691
+ * The CMS POSTs JSON to subscriber URLs and signs the raw body with
692
+ * HMAC-SHA256 using the shared secret you set in the Webhooks tab. The hex
693
+ * digest arrives in the `X-CMS-Signature` header.
694
+ *
695
+ * Use Web Crypto so this works in Node, Edge, Deno, and Bun runtimes.
696
+ */
697
+ interface WebhookEventPayload {
698
+ event: string;
699
+ tenant_id: string;
700
+ content_type_slug?: string;
701
+ content_item_id?: string;
702
+ slug?: string;
703
+ title?: string;
704
+ status?: string;
705
+ timestamp: string;
706
+ /** Commerce + custom events may attach extra fields. */
707
+ [key: string]: unknown;
708
+ }
709
+ /**
710
+ * Verify the HMAC-SHA256 signature on a webhook delivery.
711
+ *
712
+ * Pass the **raw** request body (not a parsed JSON object) — re-stringifying
713
+ * a parsed body can change whitespace and invalidate the signature.
714
+ *
715
+ * Returns `true` when the signature matches in constant time, `false`
716
+ * otherwise. Never throws on a bad signature; only throws if the
717
+ * `crypto.subtle` API is unavailable in the runtime.
718
+ *
719
+ * @example
720
+ * const raw = await req.text()
721
+ * const sig = req.headers.get("x-cms-signature")
722
+ * if (!await verifyWebhookSignature(process.env.CMS_WEBHOOK_SECRET!, raw, sig)) {
723
+ * return new Response("bad signature", { status: 401 })
724
+ * }
725
+ * const payload = JSON.parse(raw) as WebhookEventPayload
726
+ */
727
+ declare function verifyWebhookSignature(secret: string, rawBody: string, signature: string | null | undefined): Promise<boolean>;
728
+ /**
729
+ * The webhook event names the CMS can fire. Use as a discriminator on the
730
+ * `event` field of {@link WebhookEventPayload}.
731
+ */
732
+ declare const WEBHOOK_EVENTS: readonly ["content.published", "content.unpublished", "content.updated", "content.deleted", "order.created", "order.paid", "order.payment_failed", "order.refunded", "order.shipped", "booking.confirmed", "inventory.low_stock"];
733
+ type WebhookEvent = (typeof WEBHOOK_EVENTS)[number];
734
+
735
+ export { type BookingStatus, CMS_CLIENT_VERSION, type CmsClientOptions, type CmsEvent, type CmsTicketTier, type ContentItem, type ContentQueryOptions, type ContentType, type ContentTypeSeoConfig, type CreateBookingParams, type CreateBookingResult, type CreateOrderParams, type CreateOrderResult, type DiscountType, type EmbedValue, type EventQueryOptions, type EventStatus, type EventWithTiers, type FieldDefinition, type FieldType, type FlipbookPagePublic, type FlipbookPublic, type FlipbookTocEntryPublic, type GoogleReview, IMAGE_PRESETS, type ImageConfig, type ImageTransformOptions, type MediaFolder, type MediaItem, type Member, type MembershipTier, type OrderAddress, type OrderLineItem, type OrderStatus, type PaymentStatus, type Product, type ProductCategory, type ProductOption, type ProductQueryOptions, type ProductStatus, type ProductVariant, type Profile, type ReviewQueryOptions, TRACKING_CONFIG_TAG, type Tenant, type TenantMembership, type TrackingConfig, type TrackingConfigOptions, WEBHOOK_EVENTS, type WebhookEvent, type WebhookEventPayload, createCmsClient, createEventsClient, createShopClient, getEmbedHtml, getSrcSet, getTransformUrl, verifyWebhookSignature };
package/dist/index.js CHANGED
@@ -20,23 +20,26 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
20
20
  // src/index.ts
21
21
  var src_exports = {};
22
22
  __export(src_exports, {
23
+ CMS_CLIENT_VERSION: () => CMS_CLIENT_VERSION,
23
24
  IMAGE_PRESETS: () => IMAGE_PRESETS,
24
25
  TRACKING_CONFIG_TAG: () => TRACKING_CONFIG_TAG,
26
+ WEBHOOK_EVENTS: () => WEBHOOK_EVENTS,
25
27
  createCmsClient: () => createCmsClient,
26
28
  createEventsClient: () => createEventsClient,
27
29
  createShopClient: () => createShopClient,
28
30
  getEmbedHtml: () => getEmbedHtml,
29
31
  getSrcSet: () => getSrcSet,
30
- getTransformUrl: () => getTransformUrl
32
+ getTransformUrl: () => getTransformUrl,
33
+ verifyWebhookSignature: () => verifyWebhookSignature
31
34
  });
32
35
  module.exports = __toCommonJS(src_exports);
33
36
 
37
+ // src/version.ts
38
+ var CMS_CLIENT_VERSION = "1.16.0";
39
+
34
40
  // src/queries.ts
35
41
  var import_supabase_js = require("@supabase/supabase-js");
36
42
 
37
- // src/version.ts
38
- var CMS_CLIENT_VERSION = "1.14.1";
39
-
40
43
  // src/telemetry.ts
41
44
  var DEFAULT_APP_URL = "https://cms.distinctstudio.co.nz";
42
45
  var reported = /* @__PURE__ */ new Map();
@@ -343,7 +346,7 @@ function createCmsClient(supabase, options) {
343
346
  const { revalidate = 3600, tags = [TRACKING_CONFIG_TAG] } = options2;
344
347
  const supabaseUrl = supabase.supabaseUrl;
345
348
  const supabaseKey = supabase.supabaseKey;
346
- const url = `${supabaseUrl}/rest/v1/tenant_settings?select=google_analytics_id,google_tag_manager_id,meta_pixel_id&limit=1`;
349
+ const url = `${supabaseUrl}/rest/v1/tenant_settings?select=google_analytics_id,google_tag_manager_id,google_ads_id,meta_pixel_id&limit=1`;
347
350
  const init = {
348
351
  headers: {
349
352
  apikey: supabaseKey,
@@ -366,6 +369,7 @@ function createCmsClient(supabase, options) {
366
369
  return {
367
370
  googleAnalyticsId: nullify(row?.google_analytics_id),
368
371
  googleTagManagerId: nullify(row?.google_tag_manager_id),
372
+ googleAdsId: nullify(row?.google_ads_id),
369
373
  metaPixelId: nullify(row?.meta_pixel_id)
370
374
  };
371
375
  }
@@ -571,15 +575,69 @@ var IMAGE_PRESETS = {
571
575
  avatar: { width: 80, height: 80, resize: "cover", quality: 75 },
572
576
  full: { width: 1920, resize: "contain", quality: 85 }
573
577
  };
578
+
579
+ // src/webhooks.ts
580
+ async function verifyWebhookSignature(secret, rawBody, signature) {
581
+ if (!signature || !secret) return false;
582
+ const subtle = globalThis.crypto && globalThis.crypto.subtle || null;
583
+ if (!subtle) {
584
+ throw new Error(
585
+ "verifyWebhookSignature requires the Web Crypto API (globalThis.crypto.subtle). Available in Node 18+, all Edge runtimes, Deno, and Bun."
586
+ );
587
+ }
588
+ const encoder = new TextEncoder();
589
+ const key = await subtle.importKey(
590
+ "raw",
591
+ encoder.encode(secret),
592
+ { name: "HMAC", hash: "SHA-256" },
593
+ false,
594
+ ["sign"]
595
+ );
596
+ const sigBuffer = await subtle.sign("HMAC", key, encoder.encode(rawBody));
597
+ const expected = bufferToHex(sigBuffer);
598
+ return timingSafeEqualHex(expected, signature.trim());
599
+ }
600
+ var WEBHOOK_EVENTS = [
601
+ "content.published",
602
+ "content.unpublished",
603
+ "content.updated",
604
+ "content.deleted",
605
+ "order.created",
606
+ "order.paid",
607
+ "order.payment_failed",
608
+ "order.refunded",
609
+ "order.shipped",
610
+ "booking.confirmed",
611
+ "inventory.low_stock"
612
+ ];
613
+ function bufferToHex(buf) {
614
+ const bytes = new Uint8Array(buf);
615
+ let out = "";
616
+ for (let i = 0; i < bytes.length; i++) {
617
+ out += bytes[i].toString(16).padStart(2, "0");
618
+ }
619
+ return out;
620
+ }
621
+ function timingSafeEqualHex(a, b) {
622
+ if (a.length !== b.length) return false;
623
+ let mismatch = 0;
624
+ for (let i = 0; i < a.length; i++) {
625
+ mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
626
+ }
627
+ return mismatch === 0;
628
+ }
574
629
  // Annotate the CommonJS export names for ESM import in node:
575
630
  0 && (module.exports = {
631
+ CMS_CLIENT_VERSION,
576
632
  IMAGE_PRESETS,
577
633
  TRACKING_CONFIG_TAG,
634
+ WEBHOOK_EVENTS,
578
635
  createCmsClient,
579
636
  createEventsClient,
580
637
  createShopClient,
581
638
  getEmbedHtml,
582
639
  getSrcSet,
583
- getTransformUrl
640
+ getTransformUrl,
641
+ verifyWebhookSignature
584
642
  });
585
643
  //# sourceMappingURL=index.js.map
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/queries.ts","../src/version.ts","../src/telemetry.ts","../src/embed.ts","../src/shop.ts","../src/events.ts","../src/cdn.ts"],"sourcesContent":["// Server-safe exports — no React, no \"use client\"\nexport { createCmsClient, TRACKING_CONFIG_TAG } from \"./queries\"\nexport type { TrackingConfig, TrackingConfigOptions } from \"./queries\"\nexport { getEmbedHtml } from \"./embed\"\nexport { createShopClient } from \"./shop\"\nexport { createEventsClient } from \"./events\"\nexport type {\n CmsEvent,\n CmsTicketTier,\n EventWithTiers,\n EventQueryOptions,\n CreateBookingParams,\n CreateBookingResult,\n EventStatus,\n BookingStatus,\n} from \"./events\"\nexport { getTransformUrl, getSrcSet, IMAGE_PRESETS } from \"./cdn\"\nexport type { ImageTransformOptions } from \"./cdn\"\nexport type {\n FieldType,\n FieldDefinition,\n Tenant,\n Profile,\n ContentType,\n ContentItem,\n MediaItem,\n MediaFolder,\n ContentQueryOptions,\n CmsClientOptions,\n TenantMembership,\n ImageConfig,\n ContentTypeSeoConfig,\n Product,\n ProductStatus,\n ProductCategory,\n ProductVariant,\n ProductOption,\n OrderAddress,\n OrderStatus,\n PaymentStatus,\n OrderLineItem,\n DiscountType,\n CreateOrderParams,\n CreateOrderResult,\n ProductQueryOptions,\n MembershipTier,\n Member,\n GoogleReview,\n ReviewQueryOptions,\n EmbedValue,\n FlipbookPagePublic,\n FlipbookTocEntryPublic,\n FlipbookPublic,\n} from \"./types\"\n","import { createClient as createSupabaseClient } from \"@supabase/supabase-js\"\nimport type { SupabaseClient } from \"@supabase/supabase-js\"\nimport type {\n CmsClientOptions,\n ContentItem,\n ContentQueryOptions,\n ContentType,\n GoogleReview,\n ReviewQueryOptions,\n} from \"./types\"\nimport { CMS_CLIENT_VERSION } from \"./version\"\nimport { reportClientVersion } from \"./telemetry\"\n\n/**\n * Creates a CMS query client authenticated with a tenant API key.\n *\n * Usage:\n * ```ts\n * const cms = createCmsClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const events = await cms.getContentItems('events', { status: 'published' })\n * ```\n *\n * The API key is sent as an `x-cms-api-key` header on every request.\n * Supabase RLS policies validate it against the tenant's stored key.\n */\nexport function createCmsClient(\n supabase: SupabaseClient,\n options: CmsClientOptions\n) {\n const { apiKey } = options\n\n // Create a new Supabase client with the API key header injected globally\n const client = withApiKey(supabase, apiKey) as SupabaseClient\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, options.appUrl)\n\n /** Resolve the tenant ID from the API key (cached per request) */\n let tenantIdCache: string | null = null\n\n async function getTenantId(): Promise<string> {\n if (tenantIdCache) return tenantIdCache\n\n const { data, error } = await client\n .from(\"tenants\")\n .select(\"id\")\n .single()\n\n if (error || !data) {\n throw new Error(\n \"Invalid CMS API key — no tenant found. Check your apiKey.\"\n )\n }\n\n tenantIdCache = data.id\n return data.id\n }\n\n /** Resolve a content type from its slug (cached) */\n const contentTypeCache = new Map<string, ContentType>()\n\n async function getContentTypeBySlug(contentTypeSlug: string): Promise<ContentType> {\n if (contentTypeCache.has(contentTypeSlug)) return contentTypeCache.get(contentTypeSlug)!\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", contentTypeSlug)\n .single()\n\n if (error || !data) {\n throw new Error(`Content type not found: ${contentTypeSlug}`)\n }\n\n const ct = data as ContentType\n contentTypeCache.set(contentTypeSlug, ct)\n return ct\n }\n\n async function getContentTypeId(contentTypeSlug: string): Promise<string> {\n const ct = await getContentTypeBySlug(contentTypeSlug)\n return ct.id\n }\n\n /** Check if a member token has access to a gated content type */\n async function checkMemberAccess(\n contentType: ContentType,\n memberToken?: string\n ): Promise<{ allowed: boolean; memberTierId: string | null }> {\n const requiredTierId = contentType.required_membership_tier_id\n if (!requiredTierId) return { allowed: true, memberTierId: null } // Public\n\n if (!memberToken) return { allowed: false, memberTierId: null } // Gated but no token\n\n // Verify the member's token and check their tier\n const { data: session } = await client\n .from(\"member_sessions\")\n .select(\"member_id\")\n .eq(\"token_hash\", memberToken) // Note: caller should hash the token\n .single()\n\n if (!session) return { allowed: false, memberTierId: null }\n\n const { data: member } = await client\n .from(\"members\")\n .select(\"membership_tier_id, status\")\n .eq(\"id\", session.member_id)\n .single()\n\n if (!member || member.status !== \"active\") return { allowed: false, memberTierId: null }\n\n // Check if the member's tier matches (or exceeds) the required tier\n // For now: exact match or the member has the required tier\n return {\n allowed: member.membership_tier_id === requiredTierId,\n memberTierId: member.membership_tier_id as string | null,\n }\n }\n\n async function getFlipbook(id: string): Promise<import(\"./types\").FlipbookPublic | null> {\n const { data, error } = await client\n .from(\"flipbooks\")\n .select(\"id, title, page_count, status, manifest, download_enabled, tenant_id\")\n .eq(\"id\", id)\n .single()\n if (error || !data) return null\n\n const manifest = data.manifest as\n | { pages: Array<{ image: string; thumb: string; w: number; h: number }>; toc: Array<{ title: string; page: number }> }\n | null\n if (!manifest) {\n return {\n id: data.id as string,\n title: data.title as string,\n page_count: (data.page_count as number) ?? 0,\n status: data.status as \"pending_upload\" | \"pending\" | \"processing\" | \"ready\" | \"failed\",\n page_images: [],\n toc: [],\n download_url: null,\n }\n }\n\n // Browser-safe env lookup via globalThis. The client package builds without\n // @types/node so referring to `process` directly fails the dts build; reading\n // through globalThis sidesteps that and works in every JS environment that\n // matters (Node, browsers, edge runtimes).\n const proc = (globalThis as { process?: { env?: Record<string, string | undefined> } }).process\n const cdnBase = proc?.env?.NEXT_PUBLIC_R2_PUBLIC_URL ?? \"https://cdn.distinctstudio.co.nz\"\n const prefix = `flipbooks/${data.tenant_id as string}/${data.id as string}/`\n return {\n id: data.id as string,\n title: data.title as string,\n page_count: (data.page_count as number) ?? manifest.pages.length,\n status: data.status as \"pending\" | \"processing\" | \"ready\" | \"failed\",\n page_images: manifest.pages.map((p) => ({\n url: `${cdnBase}/${prefix}${p.image}`,\n thumb_url: `${cdnBase}/${prefix}${p.thumb}`,\n w: p.w,\n h: p.h,\n })),\n toc: manifest.toc,\n download_url: data.download_enabled\n ? `${options.appUrl ?? \"\"}/api/flipbooks/${data.id as string}/download`\n : null,\n }\n }\n\n return {\n /**\n * List content items for a content type.\n * Defaults to published items ordered by most recent.\n */\n async getContentItems(\n contentTypeSlug: string,\n options: ContentQueryOptions = {}\n ): Promise<(ContentItem & { locked?: boolean })[]> {\n const contentType = await getContentTypeBySlug(contentTypeSlug)\n\n const {\n status = \"published\",\n orderBy = \"published_at\",\n orderDirection = \"desc\",\n limit = 100,\n offset = 0,\n memberToken,\n } = options\n\n // Check membership access\n const access = await checkMemberAccess(contentType, memberToken)\n\n // If gated and no access, check gating mode\n if (!access.allowed && contentType.required_membership_tier_id) {\n // Get tenant settings for gating mode\n const tenantId = await getTenantId()\n const { data: settings } = await client\n .from(\"tenant_settings\")\n .select(\"membership_gating_mode\")\n .eq(\"tenant_id\", tenantId)\n .single()\n\n const mode = (settings?.membership_gating_mode as string) ?? \"teaser\"\n\n if (mode === \"hide\") {\n return [] // Hide: return nothing\n }\n\n // Teaser mode: return items with locked flag, no body/data\n let query = client\n .from(\"content_items\")\n .select(\"id, title, slug, status, excerpt, seo_title, seo_description, featured_image, published_at, created_at, updated_at\")\n .eq(\"content_type_id\", contentType.id)\n\n if (status) query = query.eq(\"status\", status)\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n if (error) throw new Error(`Failed to fetch ${contentTypeSlug}: ${error.message}`)\n\n return (data ?? []).map((item) => ({\n ...item,\n data: {},\n locked: true,\n })) as (ContentItem & { locked: boolean })[]\n }\n\n // Full access\n let query = client\n .from(\"content_items\")\n .select(\"*\")\n .eq(\"content_type_id\", contentType.id)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n\n if (error) {\n throw new Error(`Failed to fetch ${contentTypeSlug}: ${error.message}`)\n }\n\n return (data ?? []) as ContentItem[]\n },\n\n /**\n * Get a single content item by its slug.\n * Returns null if not found.\n */\n async getContentItemBySlug(\n contentTypeSlug: string,\n itemSlug: string\n ): Promise<ContentItem | null> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"content_items\")\n .select(\"*\")\n .eq(\"content_type_id\", contentTypeId)\n .eq(\"slug\", itemSlug)\n .single()\n\n if (error) {\n if (error.code === \"PGRST116\") return null // not found\n throw new Error(\n `Failed to fetch ${contentTypeSlug}/${itemSlug}: ${error.message}`\n )\n }\n\n return data as ContentItem\n },\n\n /**\n * Get a content type definition (including its field schema).\n */\n async getContentType(contentTypeSlug: string): Promise<ContentType> {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", contentTypeSlug)\n .single()\n\n if (error || !data) {\n throw new Error(`Content type not found: ${contentTypeSlug}`)\n }\n\n return data as ContentType\n },\n\n /**\n * Get all slugs for a content type (for generateStaticParams).\n */\n async getAllSlugs(\n contentTypeSlug: string\n ): Promise<{ slug: string }[]> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"content_items\")\n .select(\"slug\")\n .eq(\"content_type_id\", contentTypeId)\n .eq(\"status\", \"published\")\n\n if (error) {\n throw new Error(\n `Failed to fetch slugs for ${contentTypeSlug}: ${error.message}`\n )\n }\n\n return (data ?? []) as { slug: string }[]\n },\n\n /**\n * List all content types for this tenant.\n */\n async getContentTypes(): Promise<ContentType[]> {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .order(\"name\")\n\n if (error) {\n throw new Error(`Failed to fetch content types: ${error.message}`)\n }\n\n return (data ?? []) as ContentType[]\n },\n\n /**\n * Get all slug redirects for a content type.\n * Use in next.config.js redirects() or middleware for 301s.\n * Returns: [{ old_slug, new_slug }, ...]\n */\n async getRedirects(\n contentTypeSlug: string\n ): Promise<{ old_slug: string; new_slug: string }[]> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"slug_redirects\")\n .select(\"old_slug, new_slug\")\n .eq(\"content_type_id\", contentTypeId)\n\n if (error) {\n throw new Error(\n `Failed to fetch redirects for ${contentTypeSlug}: ${error.message}`\n )\n }\n\n return (data ?? []) as { old_slug: string; new_slug: string }[]\n },\n\n /**\n * Get all custom path redirects for this tenant.\n * Use alongside getRedirects() in next.config.ts for full redirect coverage.\n */\n async getCustomRedirects(): Promise<\n { source_path: string; destination_path: string; permanent: boolean }[]\n > {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"custom_redirects\")\n .select(\"source_path, destination_path, permanent\")\n .eq(\"tenant_id\", tenantId)\n\n if (error) {\n throw new Error(`Failed to fetch custom redirects: ${error.message}`)\n }\n\n return (data ?? []) as {\n source_path: string\n destination_path: string\n permanent: boolean\n }[]\n },\n\n /**\n * Get form submissions for a specific form.\n * Useful for displaying testimonials, reviews, etc.\n */\n async getFormSubmissions(\n formSlug: string,\n options: { status?: string; limit?: number; offset?: number } = {}\n ): Promise<Record<string, unknown>[]> {\n const tenantId = await getTenantId()\n\n const { data: form } = await client\n .from(\"forms\")\n .select(\"id\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", formSlug)\n .single()\n\n if (!form) return []\n\n const { limit = 50, offset = 0, status } = options\n\n let query = client\n .from(\"form_submissions\")\n .select(\"*\")\n .eq(\"form_id\", form.id)\n .eq(\"is_spam\", false)\n .order(\"created_at\", { ascending: false })\n .range(offset, offset + limit - 1)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n const { data } = await query\n return (data ?? []) as Record<string, unknown>[]\n },\n\n /**\n * Get a form configuration by slug.\n */\n async getForm(\n formSlug: string\n ): Promise<Record<string, unknown> | null> {\n const tenantId = await getTenantId()\n\n const { data } = await client\n .from(\"forms\")\n .select(\"id, name, slug, description, is_active\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", formSlug)\n .single()\n\n return data as Record<string, unknown> | null\n },\n\n /**\n * Get a flipbook by ID, including CDN-resolved page image URLs.\n * Returns null if not found or manifest not yet ready.\n */\n getFlipbook,\n\n /**\n * Get Google Reviews for this tenant.\n * Defaults to approved reviews ordered by most recent.\n */\n async getReviews(\n options: ReviewQueryOptions = {}\n ): Promise<GoogleReview[]> {\n const tenantId = await getTenantId()\n\n const {\n status = \"approved\",\n minRating,\n limit = 50,\n offset = 0,\n orderBy = \"review_timestamp\",\n orderDirection = \"desc\",\n } = options\n\n let query = client\n .from(\"google_reviews\")\n .select(\"id, author_name, author_photo_url, rating, text, review_timestamp\")\n .eq(\"tenant_id\", tenantId)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n if (minRating) {\n query = query.gte(\"rating\", minRating)\n }\n\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n\n if (error) {\n throw new Error(`Failed to fetch reviews: ${error.message}`)\n }\n\n return (data ?? []) as GoogleReview[]\n },\n\n /**\n * Get the tenant's third-party tracking IDs (Google Analytics, Google Tag Manager, Meta Pixel).\n * Each value is null when not configured. These IDs are public and safe to render in HTML.\n *\n * On Next.js, the result is cached and revalidated every hour by default\n * (`revalidate: 3600`) and tagged with `TRACKING_CONFIG_TAG`. Tenant sites\n * that want zero-lag updates can call `revalidateTag(TRACKING_CONFIG_TAG)`\n * from a webhook. Pass `revalidate: 0` to disable caching, `revalidate: false`\n * to cache indefinitely (tag-only invalidation), or any positive integer\n * (seconds) to override the interval. Outside Next.js the cache hints are\n * silently ignored — every call hits the network.\n */\n async getTrackingConfig(options: TrackingConfigOptions = {}): Promise<TrackingConfig> {\n const { revalidate = 3600, tags = [TRACKING_CONFIG_TAG] } = options\n const supabaseUrl = (supabase as unknown as { supabaseUrl: string }).supabaseUrl\n const supabaseKey = (supabase as unknown as { supabaseKey: string }).supabaseKey\n\n // Direct PostgREST fetch (instead of going through supabase-js) so that\n // Next.js sees the request and applies its `next` cache options. RLS\n // restricts the result to the tenant matching `x-cms-api-key`, so no\n // explicit tenant_id filter is needed.\n const url =\n `${supabaseUrl}/rest/v1/tenant_settings` +\n `?select=google_analytics_id,google_tag_manager_id,meta_pixel_id&limit=1`\n\n const init: RequestInit & { next?: { revalidate?: number | false; tags?: string[] } } = {\n headers: {\n apikey: supabaseKey,\n Authorization: `Bearer ${supabaseKey}`,\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n Accept: \"application/json\",\n },\n next: { revalidate, tags },\n }\n\n let row: {\n google_analytics_id: string | null\n google_tag_manager_id: string | null\n meta_pixel_id: string | null\n } | undefined\n\n try {\n const res = await fetch(url, init as RequestInit)\n if (res.ok) {\n const rows = (await res.json()) as Array<typeof row>\n row = rows?.[0]\n }\n } catch {\n // Network errors fall through to the all-null result so a transient\n // outage on the CMS never breaks page renders on the tenant site.\n }\n\n return {\n googleAnalyticsId: nullify(row?.google_analytics_id),\n googleTagManagerId: nullify(row?.google_tag_manager_id),\n metaPixelId: nullify(row?.meta_pixel_id),\n }\n },\n }\n}\n\n/**\n * Cache tag applied to `getTrackingConfig()` fetches on Next.js. Call\n * `revalidateTag(TRACKING_CONFIG_TAG)` from a webhook handler on the tenant\n * site to make tracking-ID changes take effect immediately rather than\n * waiting for the next revalidation interval.\n */\nexport const TRACKING_CONFIG_TAG = \"cms:tracking-config\"\n\nexport interface TrackingConfigOptions {\n /**\n * Cache lifetime for the underlying fetch on Next.js, in seconds.\n * Defaults to 3600 (one hour). Set to `0` to disable caching, or `false`\n * to cache indefinitely until the tag is revalidated. Ignored outside\n * Next.js runtimes.\n */\n revalidate?: number | false\n /**\n * Cache tags for the underlying fetch on Next.js. Defaults to\n * `[TRACKING_CONFIG_TAG]`. Override to namespace by tenant if you share a\n * single Next.js process across multiple tenants (uncommon).\n */\n tags?: string[]\n}\n\nfunction nullify(v: string | null | undefined): string | null {\n if (!v) return null\n const trimmed = v.trim()\n return trimmed.length > 0 ? trimmed : null\n}\n\nexport interface TrackingConfig {\n googleAnalyticsId: string | null\n googleTagManagerId: string | null\n metaPixelId: string | null\n}\n\n/**\n * Creates a new Supabase client that includes the `x-cms-api-key`\n * header in every request, using the same URL and key as the original.\n */\nfunction withApiKey(supabase: SupabaseClient, apiKey: string) {\n // Extract URL and key from the existing client\n const supabaseUrl = (supabase as unknown as { supabaseUrl: string }).supabaseUrl\n const supabaseKey = (supabase as unknown as { supabaseKey: string }).supabaseKey\n\n return createSupabaseClient(supabaseUrl, supabaseKey, {\n global: {\n headers: {\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n },\n },\n })\n}\n","/**\n * The version of @distinctagency/cms-client embedded in this build.\n *\n * Bump this in lock-step with package.json — the value is read by the SDK to\n * report installed-version telemetry and to send `x-cms-client-version` on\n * outgoing requests.\n */\nexport const CMS_CLIENT_VERSION = \"1.14.1\"\n","import { CMS_CLIENT_VERSION } from \"./version\"\n\n/**\n * Reports the running SDK version to the CMS so the Super Admin UI can show\n * which client version each tenant site is on.\n *\n * Day-granular and process-local: at most one POST per (api key + day) per\n * Node process. Calls from browser code are ignored — the API key would be\n * exposed and the data is redundant with server-side reports.\n *\n * Fire-and-forget. Failures are silent — telemetry must never break a render.\n */\n\nconst DEFAULT_APP_URL = \"https://cms.distinctstudio.co.nz\"\n\ninterface ReportRecord {\n date: string // YYYY-MM-DD\n version: string\n}\n\nconst reported = new Map<string, ReportRecord>()\n\nfunction todayKey(): string {\n return new Date().toISOString().slice(0, 10)\n}\n\nexport function reportClientVersion(apiKey: string, appUrl?: string): void {\n // Skip in browser contexts — server-side calls already cover the tenant.\n if (typeof window !== \"undefined\") return\n if (!apiKey) return\n\n const today = todayKey()\n const last = reported.get(apiKey)\n if (last && last.date === today && last.version === CMS_CLIENT_VERSION) return\n\n // Optimistically mark as reported so concurrent calls don't all fire. If the\n // request fails we'll retry tomorrow — that's acceptable for telemetry.\n reported.set(apiKey, { date: today, version: CMS_CLIENT_VERSION })\n\n const envAppUrl =\n typeof process !== \"undefined\" ? process.env?.NEXT_PUBLIC_CMS_URL : undefined\n const base = (appUrl ?? envAppUrl ?? DEFAULT_APP_URL).replace(/\\/$/, \"\")\n const url = `${base}/api/client-telemetry`\n\n // Fire and forget. Use a hand-rolled then() chain rather than async/await so\n // we don't accidentally surface an unhandled rejection.\n void fetch(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n },\n body: JSON.stringify({\n api_key: apiKey,\n version: CMS_CLIENT_VERSION,\n }),\n }).catch(() => {\n // Allow a retry on the next call by clearing the optimistic record.\n reported.delete(apiKey)\n })\n}\n","import type { EmbedValue } from \"./types\"\n\nfunction toCssAspectRatio(ratio: string): string {\n const parts = ratio.split(\":\")\n if (parts.length !== 2) return \"16/9\"\n const w = parseFloat(parts[0])\n const h = parseFloat(parts[1])\n if (!w || !h || w <= 0 || h <= 0) return \"16/9\"\n return `${w}/${h}`\n}\n\n/**\n * Generate responsive iframe HTML for an embed field value.\n * Returns an empty string if the value is invalid or the URL is not HTTPS.\n */\nexport function getEmbedHtml(value: unknown): string {\n if (!value || typeof value !== \"object\") return \"\"\n const embed = value as EmbedValue\n if (!embed.url || !embed.url.startsWith(\"https://\")) return \"\"\n\n const width = embed.width || \"100%\"\n const aspectRatio = toCssAspectRatio(embed.aspect_ratio || \"16:9\")\n\n return `<div style=\"position:relative;width:${width};aspect-ratio:${aspectRatio}\"><iframe src=\"${embed.url}\" style=\"position:absolute;inset:0;width:100%;height:100%\" frameborder=\"0\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox\" allowfullscreen loading=\"lazy\"></iframe></div>`\n}\n","import type { SupabaseClient } from \"@supabase/supabase-js\"\nimport type {\n Product,\n ProductCategory,\n ProductQueryOptions,\n CreateOrderParams,\n CreateOrderResult,\n} from \"./types\"\nimport { CMS_CLIENT_VERSION } from \"./version\"\nimport { reportClientVersion } from \"./telemetry\"\n\nconst DEFAULT_APP_URL = \"https://cms.distinctstudio.co.nz\"\n\nexport interface ShopClientOptions {\n /** Tenant API key (UUID). Sent as `x-cms-api-key` on every request. */\n apiKey: string\n /** CMS app base URL. Defaults to `https://cms.distinctstudio.co.nz`. */\n appUrl?: string\n}\n\n/**\n * Creates a typed client for the eCommerce REST API (products, categories, orders).\n *\n * Unlike `createCmsClient`, the shop client talks to the CMS REST endpoints\n * (`/api/products`, `/api/product-categories`, `/api/orders/create`) rather than\n * Supabase directly — it doesn't need the `supabase` argument, but accepts it\n * for API symmetry with the rest of the SDK.\n *\n * Usage:\n * ```ts\n * const shop = createShopClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const products = await shop.getProducts({ category: \"electronics\", limit: 20 })\n * ```\n */\nexport function createShopClient(\n _supabase: SupabaseClient,\n options: ShopClientOptions\n) {\n const { apiKey } = options\n const appUrl = (options.appUrl ?? DEFAULT_APP_URL).replace(/\\/$/, \"\")\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, appUrl)\n\n function authHeaders(): HeadersInit {\n return {\n \"Content-Type\": \"application/json\",\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n }\n }\n\n async function getJson<T>(path: string): Promise<T> {\n const res = await fetch(`${appUrl}${path}`, {\n headers: authHeaders(),\n // Caller controls Next.js caching by wrapping the call site.\n })\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(\n body.error ?? `Shop request failed (${res.status}): ${path}`\n )\n }\n return res.json() as Promise<T>\n }\n\n return {\n /**\n * List published products. Includes nested `variants` and `options`.\n *\n * `category` filters by category slug (matches the FK `category_id`,\n * with a fallback to the legacy `category` text column).\n */\n async getProducts(queryOptions: ProductQueryOptions = {}): Promise<Product[]> {\n const params = new URLSearchParams()\n if (queryOptions.category) params.set(\"category\", queryOptions.category)\n if (queryOptions.tags?.length) params.set(\"tags\", queryOptions.tags.join(\",\"))\n if (queryOptions.limit) params.set(\"limit\", String(queryOptions.limit))\n if (queryOptions.offset) params.set(\"offset\", String(queryOptions.offset))\n if (queryOptions.sort) params.set(\"sort\", queryOptions.sort)\n if (queryOptions.order) params.set(\"order\", queryOptions.order)\n\n const qs = params.toString()\n const { products } = await getJson<{ products: Product[] }>(\n `/api/products${qs ? `?${qs}` : \"\"}`\n )\n return products ?? []\n },\n\n /**\n * Get a single published product by slug. Returns null if not found.\n * Includes nested `variants` and `options`.\n */\n async getProductBySlug(slug: string): Promise<Product | null> {\n const res = await fetch(`${appUrl}/api/products/${encodeURIComponent(slug)}`, {\n headers: authHeaders(),\n })\n if (res.status === 404) return null\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(body.error ?? `Failed to fetch product ${slug}`)\n }\n const { product } = (await res.json()) as { product: Product }\n return product ?? null\n },\n\n /**\n * List product categories for the tenant, ordered by sort_order then name.\n */\n async getCategories(): Promise<ProductCategory[]> {\n const { categories } = await getJson<{ categories: ProductCategory[] }>(\n `/api/product-categories`\n )\n return categories ?? []\n },\n\n /**\n * Get a single category by slug. Returns null if not found.\n */\n async getCategoryBySlug(slug: string): Promise<ProductCategory | null> {\n const all = await this.getCategories()\n return all.find((c) => c.slug === slug) ?? null\n },\n\n /**\n * Create a pending order and return a Stripe PaymentIntent client_secret\n * to confirm payment client-side.\n *\n * Stripe must be configured for the tenant; eCommerce must be enabled on\n * their billing plan. Validates stock for tracked variants and applies\n * any discount code before creating the PaymentIntent.\n */\n async createOrder(params: CreateOrderParams): Promise<CreateOrderResult> {\n const res = await fetch(`${appUrl}/api/orders/create`, {\n method: \"POST\",\n headers: authHeaders(),\n body: JSON.stringify({ api_key: apiKey, ...params }),\n })\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(body.error ?? \"Order creation failed\")\n }\n return res.json() as Promise<CreateOrderResult>\n },\n }\n}\n","import type { SupabaseClient } from \"@supabase/supabase-js\"\nimport { reportClientVersion } from \"./telemetry\"\n\nexport type EventStatus = \"draft\" | \"published\" | \"archived\"\nexport type BookingStatus = \"pending\" | \"confirmed\" | \"cancelled\" | \"refunded\"\n\nexport interface CmsEvent {\n id: string\n tenant_id: string\n title: string\n slug: string\n description: string | null\n short_description: string | null\n status: EventStatus\n start_at: string\n end_at: string | null\n venue_name: string | null\n venue_address: string | null\n hero_image: string | null\n gallery: string[]\n tags: string[]\n seo_title: string | null\n seo_description: string | null\n metadata: Record<string, unknown>\n sort_order: number\n published_at: string | null\n created_at: string\n updated_at: string\n}\n\nexport interface CmsTicketTier {\n id: string\n event_id: string\n tenant_id: string\n name: string\n description: string | null\n price_cents: number\n capacity: number | null\n sold_count: number\n sales_start_at: string | null\n sales_end_at: string | null\n is_active: boolean\n sort_order: number\n}\n\nexport interface EventWithTiers extends CmsEvent {\n tiers: CmsTicketTier[]\n}\n\nexport interface EventQueryOptions {\n /** Only include events with start_at >= now. Default false. */\n upcomingOnly?: boolean\n tag?: string\n limit?: number\n offset?: number\n sort?: \"start_at\" | \"sort_order\" | \"created_at\"\n order?: \"asc\" | \"desc\"\n}\n\nexport interface CreateBookingParams {\n event_slug: string\n ticket_tier_id?: string\n customer_email: string\n customer_name?: string\n customer_phone?: string\n quantity?: number\n success_url?: string\n cancel_url?: string\n metadata?: Record<string, unknown>\n}\n\nexport interface CreateBookingResult {\n booking_id: string\n booking_number: string\n status: \"pending\" | \"confirmed\"\n /** Redirect the browser here for paid bookings. */\n checkout_url?: string\n /** Present on free bookings — used for attendance QR display. */\n qr_token?: string\n}\n\nexport function createEventsClient(\n supabase: SupabaseClient,\n options: { apiKey: string; appUrl?: string }\n) {\n const { apiKey, appUrl } = options\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, appUrl)\n\n async function getEvents(\n queryOptions?: EventQueryOptions\n ): Promise<EventWithTiers[]> {\n let query = supabase\n .from(\"events\")\n .select(\"*, tiers:ticket_tiers(*)\")\n .eq(\"status\", \"published\")\n .order(queryOptions?.sort ?? \"start_at\", {\n ascending: (queryOptions?.order ?? \"asc\") === \"asc\",\n })\n\n if (queryOptions?.upcomingOnly) {\n query = query.gte(\"start_at\", new Date().toISOString())\n }\n if (queryOptions?.tag) {\n query = query.contains(\"tags\", [queryOptions.tag])\n }\n if (queryOptions?.limit) {\n query = query.limit(queryOptions.limit)\n }\n if (queryOptions?.offset) {\n query = query.range(\n queryOptions.offset,\n queryOptions.offset + (queryOptions.limit ?? 50) - 1\n )\n }\n\n const { data } = await query\n return (data ?? []) as EventWithTiers[]\n }\n\n async function getEventBySlug(slug: string): Promise<EventWithTiers | null> {\n const { data } = await supabase\n .from(\"events\")\n .select(\"*, tiers:ticket_tiers(*)\")\n .eq(\"slug\", slug)\n .eq(\"status\", \"published\")\n .single()\n return (data as EventWithTiers) ?? null\n }\n\n async function createBooking(\n params: CreateBookingParams\n ): Promise<CreateBookingResult> {\n const baseUrl = appUrl ?? \"\"\n const res = await fetch(`${baseUrl}/api/bookings/create`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ api_key: apiKey, ...params }),\n })\n if (!res.ok) {\n const err = await res\n .json()\n .catch(() => ({ error: \"Booking creation failed\" }))\n throw new Error(err.error ?? \"Booking creation failed\")\n }\n return res.json() as Promise<CreateBookingResult>\n }\n\n return { getEvents, getEventBySlug, createBooking }\n}\n","/**\n * Image helpers for CMS content.\n *\n * Images are already optimised (WebP, max 2400px) on upload.\n * No server-side transforms needed — serve originals directly.\n *\n * These functions are kept for backward compatibility but no longer\n * call Supabase image transformation endpoints.\n */\n\nexport interface ImageTransformOptions {\n width?: number\n height?: number\n quality?: number\n resize?: \"contain\" | \"cover\" | \"fill\"\n format?: \"origin\"\n}\n\n/**\n * Returns the image URL directly.\n *\n * Previously this converted URLs to use Supabase's /render/image/\n * transform endpoint, but images are now pre-optimised on upload\n * (WebP, max 2400px, quality 82) so transforms are unnecessary.\n *\n * The function is kept for backward compatibility — existing code\n * that calls getTransformUrl() will continue to work without changes.\n */\nexport function getTransformUrl(\n originalUrl: string,\n _options: ImageTransformOptions = {}\n): string {\n return originalUrl\n}\n\n/**\n * Returns a simple srcSet using the original image.\n *\n * Previously generated multiple transformed widths, but since images\n * are now pre-optimised WebP, a single source is sufficient.\n * Modern browsers handle responsive display efficiently with a\n * well-sized WebP source.\n */\nexport function getSrcSet(\n originalUrl: string,\n _widths: number[] = [],\n _quality = 80\n): string {\n return `${originalUrl} 2400w`\n}\n\n/**\n * Common image size presets — kept for backward compatibility.\n * Since images are pre-optimised, these are informational only.\n */\nexport const IMAGE_PRESETS = {\n thumbnail: { width: 150, height: 150, resize: \"cover\" as const, quality: 70 },\n card: { width: 400, height: 300, resize: \"cover\" as const, quality: 80 },\n hero: { width: 1200, height: 630, resize: \"cover\" as const, quality: 85 },\n og: { width: 1200, height: 630, resize: \"cover\" as const, quality: 90 },\n avatar: { width: 80, height: 80, resize: \"cover\" as const, quality: 75 },\n full: { width: 1920, resize: \"contain\" as const, quality: 85 },\n} as const\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,yBAAqD;;;ACO9C,IAAM,qBAAqB;;;ACMlC,IAAM,kBAAkB;AAOxB,IAAM,WAAW,oBAAI,IAA0B;AAE/C,SAAS,WAAmB;AAC1B,UAAO,oBAAI,KAAK,GAAE,YAAY,EAAE,MAAM,GAAG,EAAE;AAC7C;AAEO,SAAS,oBAAoB,QAAgB,QAAuB;AAEzE,MAAI,OAAO,WAAW,YAAa;AACnC,MAAI,CAAC,OAAQ;AAEb,QAAM,QAAQ,SAAS;AACvB,QAAM,OAAO,SAAS,IAAI,MAAM;AAChC,MAAI,QAAQ,KAAK,SAAS,SAAS,KAAK,YAAY,mBAAoB;AAIxE,WAAS,IAAI,QAAQ,EAAE,MAAM,OAAO,SAAS,mBAAmB,CAAC;AAEjE,QAAM,YACJ,OAAO,YAAY,cAAc,QAAQ,KAAK,sBAAsB;AACtE,QAAM,QAAQ,UAAU,aAAa,iBAAiB,QAAQ,OAAO,EAAE;AACvE,QAAM,MAAM,GAAG,IAAI;AAInB,OAAK,MAAM,KAAK;AAAA,IACd,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,wBAAwB;AAAA,IAC1B;AAAA,IACA,MAAM,KAAK,UAAU;AAAA,MACnB,SAAS;AAAA,MACT,SAAS;AAAA,IACX,CAAC;AAAA,EACH,CAAC,EAAE,MAAM,MAAM;AAEb,aAAS,OAAO,MAAM;AAAA,EACxB,CAAC;AACH;;;AFpCO,SAAS,gBACd,UACA,SACA;AACA,QAAM,EAAE,OAAO,IAAI;AAGnB,QAAM,SAAS,WAAW,UAAU,MAAM;AAG1C,sBAAoB,QAAQ,QAAQ,MAAM;AAG1C,MAAI,gBAA+B;AAEnC,iBAAe,cAA+B;AAC5C,QAAI,cAAe,QAAO;AAE1B,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,SAAS,EACd,OAAO,IAAI,EACX,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,oBAAgB,KAAK;AACrB,WAAO,KAAK;AAAA,EACd;AAGA,QAAM,mBAAmB,oBAAI,IAAyB;AAEtD,iBAAe,qBAAqB,iBAA+C;AACjF,QAAI,iBAAiB,IAAI,eAAe,EAAG,QAAO,iBAAiB,IAAI,eAAe;AACtF,UAAM,WAAW,MAAM,YAAY;AAEnC,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,eAAe,EAC1B,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,YAAM,IAAI,MAAM,2BAA2B,eAAe,EAAE;AAAA,IAC9D;AAEA,UAAM,KAAK;AACX,qBAAiB,IAAI,iBAAiB,EAAE;AACxC,WAAO;AAAA,EACT;AAEA,iBAAe,iBAAiB,iBAA0C;AACxE,UAAM,KAAK,MAAM,qBAAqB,eAAe;AACrD,WAAO,GAAG;AAAA,EACZ;AAGA,iBAAe,kBACb,aACA,aAC4D;AAC5D,UAAM,iBAAiB,YAAY;AACnC,QAAI,CAAC,eAAgB,QAAO,EAAE,SAAS,MAAM,cAAc,KAAK;AAEhE,QAAI,CAAC,YAAa,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAG9D,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,OAC7B,KAAK,iBAAiB,EACtB,OAAO,WAAW,EAClB,GAAG,cAAc,WAAW,EAC5B,OAAO;AAEV,QAAI,CAAC,QAAS,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAE1D,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,OAC5B,KAAK,SAAS,EACd,OAAO,4BAA4B,EACnC,GAAG,MAAM,QAAQ,SAAS,EAC1B,OAAO;AAEV,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAIvF,WAAO;AAAA,MACL,SAAS,OAAO,uBAAuB;AAAA,MACvC,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAEA,iBAAe,YAAY,IAA8D;AACvF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,WAAW,EAChB,OAAO,sEAAsE,EAC7E,GAAG,MAAM,EAAE,EACX,OAAO;AACV,QAAI,SAAS,CAAC,KAAM,QAAO;AAE3B,UAAM,WAAW,KAAK;AAGtB,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,QACL,IAAI,KAAK;AAAA,QACT,OAAO,KAAK;AAAA,QACZ,YAAa,KAAK,cAAyB;AAAA,QAC3C,QAAQ,KAAK;AAAA,QACb,aAAa,CAAC;AAAA,QACd,KAAK,CAAC;AAAA,QACN,cAAc;AAAA,MAChB;AAAA,IACF;AAMA,UAAM,OAAQ,WAA0E;AACxF,UAAM,UAAU,MAAM,KAAK,6BAA6B;AACxD,UAAM,SAAS,aAAa,KAAK,SAAmB,IAAI,KAAK,EAAY;AACzE,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,YAAa,KAAK,cAAyB,SAAS,MAAM;AAAA,MAC1D,QAAQ,KAAK;AAAA,MACb,aAAa,SAAS,MAAM,IAAI,CAAC,OAAO;AAAA,QACtC,KAAK,GAAG,OAAO,IAAI,MAAM,GAAG,EAAE,KAAK;AAAA,QACnC,WAAW,GAAG,OAAO,IAAI,MAAM,GAAG,EAAE,KAAK;AAAA,QACzC,GAAG,EAAE;AAAA,QACL,GAAG,EAAE;AAAA,MACP,EAAE;AAAA,MACF,KAAK,SAAS;AAAA,MACd,cAAc,KAAK,mBACf,GAAG,QAAQ,UAAU,EAAE,kBAAkB,KAAK,EAAY,cAC1D;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,IAKL,MAAM,gBACJ,iBACAA,WAA+B,CAAC,GACiB;AACjD,YAAM,cAAc,MAAM,qBAAqB,eAAe;AAE9D,YAAM;AAAA,QACJ,SAAS;AAAA,QACT,UAAU;AAAA,QACV,iBAAiB;AAAA,QACjB,QAAQ;AAAA,QACR,SAAS;AAAA,QACT;AAAA,MACF,IAAIA;AAGJ,YAAM,SAAS,MAAM,kBAAkB,aAAa,WAAW;AAG/D,UAAI,CAAC,OAAO,WAAW,YAAY,6BAA6B;AAE9D,cAAM,WAAW,MAAM,YAAY;AACnC,cAAM,EAAE,MAAM,SAAS,IAAI,MAAM,OAC9B,KAAK,iBAAiB,EACtB,OAAO,wBAAwB,EAC/B,GAAG,aAAa,QAAQ,EACxB,OAAO;AAEV,cAAM,OAAQ,UAAU,0BAAqC;AAE7D,YAAI,SAAS,QAAQ;AACnB,iBAAO,CAAC;AAAA,QACV;AAGA,YAAIC,SAAQ,OACT,KAAK,eAAe,EACpB,OAAO,oHAAoH,EAC3H,GAAG,mBAAmB,YAAY,EAAE;AAEvC,YAAI,OAAQ,CAAAA,SAAQA,OAAM,GAAG,UAAU,MAAM;AAC7C,QAAAA,SAAQA,OACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,cAAM,EAAE,MAAAC,OAAM,OAAAC,OAAM,IAAI,MAAMF;AAC9B,YAAIE,OAAO,OAAM,IAAI,MAAM,mBAAmB,eAAe,KAAKA,OAAM,OAAO,EAAE;AAEjF,gBAAQD,SAAQ,CAAC,GAAG,IAAI,CAAC,UAAU;AAAA,UACjC,GAAG;AAAA,UACH,MAAM,CAAC;AAAA,UACP,QAAQ;AAAA,QACV,EAAE;AAAA,MACJ;AAGA,UAAI,QAAQ,OACT,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,mBAAmB,YAAY,EAAE;AAEvC,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,cAAQ,MACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,mBAAmB,eAAe,KAAK,MAAM,OAAO,EAAE;AAAA,MACxE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,qBACJ,iBACA,UAC6B;AAC7B,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,mBAAmB,aAAa,EACnC,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,WAAY,QAAO;AACtC,cAAM,IAAI;AAAA,UACR,mBAAmB,eAAe,IAAI,QAAQ,KAAK,MAAM,OAAO;AAAA,QAClE;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,eAAe,iBAA+C;AAClE,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,eAAe,EAC1B,OAAO;AAEV,UAAI,SAAS,CAAC,MAAM;AAClB,cAAM,IAAI,MAAM,2BAA2B,eAAe,EAAE;AAAA,MAC9D;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,YACJ,iBAC6B;AAC7B,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,MAAM,EACb,GAAG,mBAAmB,aAAa,EACnC,GAAG,UAAU,WAAW;AAE3B,UAAI,OAAO;AACT,cAAM,IAAI;AAAA,UACR,6BAA6B,eAAe,KAAK,MAAM,OAAO;AAAA,QAChE;AAAA,MACF;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAA0C;AAC9C,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,MAAM,MAAM;AAEf,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,kCAAkC,MAAM,OAAO,EAAE;AAAA,MACnE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAM,aACJ,iBACmD;AACnD,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,gBAAgB,EACrB,OAAO,oBAAoB,EAC3B,GAAG,mBAAmB,aAAa;AAEtC,UAAI,OAAO;AACT,cAAM,IAAI;AAAA,UACR,iCAAiC,eAAe,KAAK,MAAM,OAAO;AAAA,QACpE;AAAA,MACF;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,qBAEJ;AACA,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,kBAAkB,EACvB,OAAO,0CAA0C,EACjD,GAAG,aAAa,QAAQ;AAE3B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,qCAAqC,MAAM,OAAO,EAAE;AAAA,MACtE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IAKnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,mBACJ,UACAF,WAAgE,CAAC,GAC7B;AACpC,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAC1B,KAAK,OAAO,EACZ,OAAO,IAAI,EACX,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,UAAI,CAAC,KAAM,QAAO,CAAC;AAEnB,YAAM,EAAE,QAAQ,IAAI,SAAS,GAAG,OAAO,IAAIA;AAE3C,UAAI,QAAQ,OACT,KAAK,kBAAkB,EACvB,OAAO,GAAG,EACV,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,WAAW,KAAK,EACnB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,YAAM,EAAE,KAAK,IAAI,MAAM;AACvB,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,QACJ,UACyC;AACzC,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,KAAK,IAAI,MAAM,OACpB,KAAK,OAAO,EACZ,OAAO,wCAAwC,EAC/C,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,WACJA,WAA8B,CAAC,GACN;AACzB,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM;AAAA,QACJ,SAAS;AAAA,QACT;AAAA,QACA,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,UAAU;AAAA,QACV,iBAAiB;AAAA,MACnB,IAAIA;AAEJ,UAAI,QAAQ,OACT,KAAK,gBAAgB,EACrB,OAAO,mEAAmE,EAC1E,GAAG,aAAa,QAAQ;AAE3B,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,UAAI,WAAW;AACb,gBAAQ,MAAM,IAAI,UAAU,SAAS;AAAA,MACvC;AAEA,cAAQ,MACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,4BAA4B,MAAM,OAAO,EAAE;AAAA,MAC7D;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAcA,MAAM,kBAAkBA,WAAiC,CAAC,GAA4B;AACpF,YAAM,EAAE,aAAa,MAAM,OAAO,CAAC,mBAAmB,EAAE,IAAIA;AAC5D,YAAM,cAAe,SAAgD;AACrE,YAAM,cAAe,SAAgD;AAMrE,YAAM,MACJ,GAAG,WAAW;AAGhB,YAAM,OAAkF;AAAA,QACtF,SAAS;AAAA,UACP,QAAQ;AAAA,UACR,eAAe,UAAU,WAAW;AAAA,UACpC,iBAAiB;AAAA,UACjB,wBAAwB;AAAA,UACxB,QAAQ;AAAA,QACV;AAAA,QACA,MAAM,EAAE,YAAY,KAAK;AAAA,MAC3B;AAEA,UAAI;AAMJ,UAAI;AACF,cAAM,MAAM,MAAM,MAAM,KAAK,IAAmB;AAChD,YAAI,IAAI,IAAI;AACV,gBAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,gBAAM,OAAO,CAAC;AAAA,QAChB;AAAA,MACF,QAAQ;AAAA,MAGR;AAEA,aAAO;AAAA,QACL,mBAAmB,QAAQ,KAAK,mBAAmB;AAAA,QACnD,oBAAoB,QAAQ,KAAK,qBAAqB;AAAA,QACtD,aAAa,QAAQ,KAAK,aAAa;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAQO,IAAM,sBAAsB;AAkBnC,SAAS,QAAQ,GAA6C;AAC5D,MAAI,CAAC,EAAG,QAAO;AACf,QAAM,UAAU,EAAE,KAAK;AACvB,SAAO,QAAQ,SAAS,IAAI,UAAU;AACxC;AAYA,SAAS,WAAW,UAA0B,QAAgB;AAE5D,QAAM,cAAe,SAAgD;AACrE,QAAM,cAAe,SAAgD;AAErE,aAAO,mBAAAI,cAAqB,aAAa,aAAa;AAAA,IACpD,QAAQ;AAAA,MACN,SAAS;AAAA,QACP,iBAAiB;AAAA,QACjB,wBAAwB;AAAA,MAC1B;AAAA,IACF;AAAA,EACF,CAAC;AACH;;;AGhmBA,SAAS,iBAAiB,OAAuB;AAC/C,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,IAAI,WAAW,MAAM,CAAC,CAAC;AAC7B,QAAM,IAAI,WAAW,MAAM,CAAC,CAAC;AAC7B,MAAI,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,KAAK,EAAG,QAAO;AACzC,SAAO,GAAG,CAAC,IAAI,CAAC;AAClB;AAMO,SAAS,aAAa,OAAwB;AACnD,MAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAChD,QAAM,QAAQ;AACd,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,IAAI,WAAW,UAAU,EAAG,QAAO;AAE5D,QAAM,QAAQ,MAAM,SAAS;AAC7B,QAAM,cAAc,iBAAiB,MAAM,gBAAgB,MAAM;AAEjE,SAAO,uCAAuC,KAAK,iBAAiB,WAAW,kBAAkB,MAAM,GAAG;AAC5G;;;ACbA,IAAMC,mBAAkB;AAuBjB,SAAS,iBACd,WACA,SACA;AACA,QAAM,EAAE,OAAO,IAAI;AACnB,QAAM,UAAU,QAAQ,UAAUA,kBAAiB,QAAQ,OAAO,EAAE;AAGpE,sBAAoB,QAAQ,MAAM;AAElC,WAAS,cAA2B;AAClC,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,wBAAwB;AAAA,IAC1B;AAAA,EACF;AAEA,iBAAe,QAAW,MAA0B;AAClD,UAAM,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,IAAI,IAAI;AAAA,MAC1C,SAAS,YAAY;AAAA;AAAA,IAEvB,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,YAAM,IAAI;AAAA,QACR,KAAK,SAAS,wBAAwB,IAAI,MAAM,MAAM,IAAI;AAAA,MAC5D;AAAA,IACF;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOL,MAAM,YAAY,eAAoC,CAAC,GAAuB;AAC5E,YAAM,SAAS,IAAI,gBAAgB;AACnC,UAAI,aAAa,SAAU,QAAO,IAAI,YAAY,aAAa,QAAQ;AACvE,UAAI,aAAa,MAAM,OAAQ,QAAO,IAAI,QAAQ,aAAa,KAAK,KAAK,GAAG,CAAC;AAC7E,UAAI,aAAa,MAAO,QAAO,IAAI,SAAS,OAAO,aAAa,KAAK,CAAC;AACtE,UAAI,aAAa,OAAQ,QAAO,IAAI,UAAU,OAAO,aAAa,MAAM,CAAC;AACzE,UAAI,aAAa,KAAM,QAAO,IAAI,QAAQ,aAAa,IAAI;AAC3D,UAAI,aAAa,MAAO,QAAO,IAAI,SAAS,aAAa,KAAK;AAE9D,YAAM,KAAK,OAAO,SAAS;AAC3B,YAAM,EAAE,SAAS,IAAI,MAAM;AAAA,QACzB,gBAAgB,KAAK,IAAI,EAAE,KAAK,EAAE;AAAA,MACpC;AACA,aAAO,YAAY,CAAC;AAAA,IACtB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,iBAAiB,MAAuC;AAC5D,YAAM,MAAM,MAAM,MAAM,GAAG,MAAM,iBAAiB,mBAAmB,IAAI,CAAC,IAAI;AAAA,QAC5E,SAAS,YAAY;AAAA,MACvB,CAAC;AACD,UAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,cAAM,IAAI,MAAM,KAAK,SAAS,2BAA2B,IAAI,EAAE;AAAA,MACjE;AACA,YAAM,EAAE,QAAQ,IAAK,MAAM,IAAI,KAAK;AACpC,aAAO,WAAW;AAAA,IACpB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,gBAA4C;AAChD,YAAM,EAAE,WAAW,IAAI,MAAM;AAAA,QAC3B;AAAA,MACF;AACA,aAAO,cAAc,CAAC;AAAA,IACxB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAAkB,MAA+C;AACrE,YAAM,MAAM,MAAM,KAAK,cAAc;AACrC,aAAO,IAAI,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI,KAAK;AAAA,IAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,MAAM,YAAY,QAAuD;AACvE,YAAM,MAAM,MAAM,MAAM,GAAG,MAAM,sBAAsB;AAAA,QACrD,QAAQ;AAAA,QACR,SAAS,YAAY;AAAA,QACrB,MAAM,KAAK,UAAU,EAAE,SAAS,QAAQ,GAAG,OAAO,CAAC;AAAA,MACrD,CAAC;AACD,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,cAAM,IAAI,MAAM,KAAK,SAAS,uBAAuB;AAAA,MACvD;AACA,aAAO,IAAI,KAAK;AAAA,IAClB;AAAA,EACF;AACF;;;AChEO,SAAS,mBACd,UACA,SACA;AACA,QAAM,EAAE,QAAQ,OAAO,IAAI;AAG3B,sBAAoB,QAAQ,MAAM;AAElC,iBAAe,UACb,cAC2B;AAC3B,QAAI,QAAQ,SACT,KAAK,QAAQ,EACb,OAAO,0BAA0B,EACjC,GAAG,UAAU,WAAW,EACxB,MAAM,cAAc,QAAQ,YAAY;AAAA,MACvC,YAAY,cAAc,SAAS,WAAW;AAAA,IAChD,CAAC;AAEH,QAAI,cAAc,cAAc;AAC9B,cAAQ,MAAM,IAAI,aAAY,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,IACxD;AACA,QAAI,cAAc,KAAK;AACrB,cAAQ,MAAM,SAAS,QAAQ,CAAC,aAAa,GAAG,CAAC;AAAA,IACnD;AACA,QAAI,cAAc,OAAO;AACvB,cAAQ,MAAM,MAAM,aAAa,KAAK;AAAA,IACxC;AACA,QAAI,cAAc,QAAQ;AACxB,cAAQ,MAAM;AAAA,QACZ,aAAa;AAAA,QACb,aAAa,UAAU,aAAa,SAAS,MAAM;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM;AACvB,WAAQ,QAAQ,CAAC;AAAA,EACnB;AAEA,iBAAe,eAAe,MAA8C;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,SACpB,KAAK,QAAQ,EACb,OAAO,0BAA0B,EACjC,GAAG,QAAQ,IAAI,EACf,GAAG,UAAU,WAAW,EACxB,OAAO;AACV,WAAQ,QAA2B;AAAA,EACrC;AAEA,iBAAe,cACb,QAC8B;AAC9B,UAAM,UAAU,UAAU;AAC1B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,wBAAwB;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,SAAS,QAAQ,GAAG,OAAO,CAAC;AAAA,IACrD,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,MAAM,MAAM,IACf,KAAK,EACL,MAAM,OAAO,EAAE,OAAO,0BAA0B,EAAE;AACrD,YAAM,IAAI,MAAM,IAAI,SAAS,yBAAyB;AAAA,IACxD;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO,EAAE,WAAW,gBAAgB,cAAc;AACpD;;;AC1HO,SAAS,gBACd,aACA,WAAkC,CAAC,GAC3B;AACR,SAAO;AACT;AAUO,SAAS,UACd,aACA,UAAoB,CAAC,GACrB,WAAW,IACH;AACR,SAAO,GAAG,WAAW;AACvB;AAMO,IAAM,gBAAgB;AAAA,EAC3B,WAAW,EAAE,OAAO,KAAK,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EAC5E,MAAM,EAAE,OAAO,KAAK,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACvE,MAAM,EAAE,OAAO,MAAM,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACxE,IAAI,EAAE,OAAO,MAAM,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACtE,QAAQ,EAAE,OAAO,IAAI,QAAQ,IAAI,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACvE,MAAM,EAAE,OAAO,MAAM,QAAQ,WAAoB,SAAS,GAAG;AAC/D;","names":["options","query","data","error","createSupabaseClient","DEFAULT_APP_URL"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/version.ts","../src/queries.ts","../src/telemetry.ts","../src/embed.ts","../src/shop.ts","../src/events.ts","../src/cdn.ts","../src/webhooks.ts"],"sourcesContent":["// Server-safe exports — no React, no \"use client\"\nexport { CMS_CLIENT_VERSION } from \"./version\"\nexport { createCmsClient, TRACKING_CONFIG_TAG } from \"./queries\"\nexport type { TrackingConfig, TrackingConfigOptions } from \"./queries\"\nexport { getEmbedHtml } from \"./embed\"\nexport { createShopClient } from \"./shop\"\nexport { createEventsClient } from \"./events\"\nexport type {\n CmsEvent,\n CmsTicketTier,\n EventWithTiers,\n EventQueryOptions,\n CreateBookingParams,\n CreateBookingResult,\n EventStatus,\n BookingStatus,\n} from \"./events\"\nexport { getTransformUrl, getSrcSet, IMAGE_PRESETS } from \"./cdn\"\nexport type { ImageTransformOptions } from \"./cdn\"\nexport { verifyWebhookSignature, WEBHOOK_EVENTS } from \"./webhooks\"\nexport type { WebhookEvent, WebhookEventPayload } from \"./webhooks\"\nexport type {\n FieldType,\n FieldDefinition,\n Tenant,\n Profile,\n ContentType,\n ContentItem,\n MediaItem,\n MediaFolder,\n ContentQueryOptions,\n CmsClientOptions,\n TenantMembership,\n ImageConfig,\n ContentTypeSeoConfig,\n Product,\n ProductStatus,\n ProductCategory,\n ProductVariant,\n ProductOption,\n OrderAddress,\n OrderStatus,\n PaymentStatus,\n OrderLineItem,\n DiscountType,\n CreateOrderParams,\n CreateOrderResult,\n ProductQueryOptions,\n MembershipTier,\n Member,\n GoogleReview,\n ReviewQueryOptions,\n EmbedValue,\n FlipbookPagePublic,\n FlipbookTocEntryPublic,\n FlipbookPublic,\n} from \"./types\"\n","/**\n * The version of @distinctagency/cms-client embedded in this build.\n *\n * Bump this in lock-step with package.json — the value is read by the SDK to\n * report installed-version telemetry and to send `x-cms-client-version` on\n * outgoing requests.\n */\nexport const CMS_CLIENT_VERSION = \"1.16.0\"\n","import { createClient as createSupabaseClient } from \"@supabase/supabase-js\"\nimport type { SupabaseClient } from \"@supabase/supabase-js\"\nimport type {\n CmsClientOptions,\n ContentItem,\n ContentQueryOptions,\n ContentType,\n GoogleReview,\n ReviewQueryOptions,\n} from \"./types\"\nimport { CMS_CLIENT_VERSION } from \"./version\"\nimport { reportClientVersion } from \"./telemetry\"\n\n/**\n * Creates a CMS query client authenticated with a tenant API key.\n *\n * Usage:\n * ```ts\n * const cms = createCmsClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const events = await cms.getContentItems('events', { status: 'published' })\n * ```\n *\n * The API key is sent as an `x-cms-api-key` header on every request.\n * Supabase RLS policies validate it against the tenant's stored key.\n */\nexport function createCmsClient(\n supabase: SupabaseClient,\n options: CmsClientOptions\n) {\n const { apiKey } = options\n\n // Create a new Supabase client with the API key header injected globally\n const client = withApiKey(supabase, apiKey) as SupabaseClient\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, options.appUrl)\n\n /** Resolve the tenant ID from the API key (cached per request) */\n let tenantIdCache: string | null = null\n\n async function getTenantId(): Promise<string> {\n if (tenantIdCache) return tenantIdCache\n\n const { data, error } = await client\n .from(\"tenants\")\n .select(\"id\")\n .single()\n\n if (error || !data) {\n throw new Error(\n \"Invalid CMS API key — no tenant found. Check your apiKey.\"\n )\n }\n\n tenantIdCache = data.id\n return data.id\n }\n\n /** Resolve a content type from its slug (cached) */\n const contentTypeCache = new Map<string, ContentType>()\n\n async function getContentTypeBySlug(contentTypeSlug: string): Promise<ContentType> {\n if (contentTypeCache.has(contentTypeSlug)) return contentTypeCache.get(contentTypeSlug)!\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", contentTypeSlug)\n .single()\n\n if (error || !data) {\n throw new Error(`Content type not found: ${contentTypeSlug}`)\n }\n\n const ct = data as ContentType\n contentTypeCache.set(contentTypeSlug, ct)\n return ct\n }\n\n async function getContentTypeId(contentTypeSlug: string): Promise<string> {\n const ct = await getContentTypeBySlug(contentTypeSlug)\n return ct.id\n }\n\n /** Check if a member token has access to a gated content type */\n async function checkMemberAccess(\n contentType: ContentType,\n memberToken?: string\n ): Promise<{ allowed: boolean; memberTierId: string | null }> {\n const requiredTierId = contentType.required_membership_tier_id\n if (!requiredTierId) return { allowed: true, memberTierId: null } // Public\n\n if (!memberToken) return { allowed: false, memberTierId: null } // Gated but no token\n\n // Verify the member's token and check their tier\n const { data: session } = await client\n .from(\"member_sessions\")\n .select(\"member_id\")\n .eq(\"token_hash\", memberToken) // Note: caller should hash the token\n .single()\n\n if (!session) return { allowed: false, memberTierId: null }\n\n const { data: member } = await client\n .from(\"members\")\n .select(\"membership_tier_id, status\")\n .eq(\"id\", session.member_id)\n .single()\n\n if (!member || member.status !== \"active\") return { allowed: false, memberTierId: null }\n\n // Check if the member's tier matches (or exceeds) the required tier\n // For now: exact match or the member has the required tier\n return {\n allowed: member.membership_tier_id === requiredTierId,\n memberTierId: member.membership_tier_id as string | null,\n }\n }\n\n async function getFlipbook(id: string): Promise<import(\"./types\").FlipbookPublic | null> {\n const { data, error } = await client\n .from(\"flipbooks\")\n .select(\"id, title, page_count, status, manifest, download_enabled, tenant_id\")\n .eq(\"id\", id)\n .single()\n if (error || !data) return null\n\n const manifest = data.manifest as\n | { pages: Array<{ image: string; thumb: string; w: number; h: number }>; toc: Array<{ title: string; page: number }> }\n | null\n if (!manifest) {\n return {\n id: data.id as string,\n title: data.title as string,\n page_count: (data.page_count as number) ?? 0,\n status: data.status as \"pending_upload\" | \"pending\" | \"processing\" | \"ready\" | \"failed\",\n page_images: [],\n toc: [],\n download_url: null,\n }\n }\n\n // Browser-safe env lookup via globalThis. The client package builds without\n // @types/node so referring to `process` directly fails the dts build; reading\n // through globalThis sidesteps that and works in every JS environment that\n // matters (Node, browsers, edge runtimes).\n const proc = (globalThis as { process?: { env?: Record<string, string | undefined> } }).process\n const cdnBase = proc?.env?.NEXT_PUBLIC_R2_PUBLIC_URL ?? \"https://cdn.distinctstudio.co.nz\"\n const prefix = `flipbooks/${data.tenant_id as string}/${data.id as string}/`\n return {\n id: data.id as string,\n title: data.title as string,\n page_count: (data.page_count as number) ?? manifest.pages.length,\n status: data.status as \"pending\" | \"processing\" | \"ready\" | \"failed\",\n page_images: manifest.pages.map((p) => ({\n url: `${cdnBase}/${prefix}${p.image}`,\n thumb_url: `${cdnBase}/${prefix}${p.thumb}`,\n w: p.w,\n h: p.h,\n })),\n toc: manifest.toc,\n download_url: data.download_enabled\n ? `${options.appUrl ?? \"\"}/api/flipbooks/${data.id as string}/download`\n : null,\n }\n }\n\n return {\n /**\n * List content items for a content type.\n * Defaults to published items ordered by most recent.\n */\n async getContentItems(\n contentTypeSlug: string,\n options: ContentQueryOptions = {}\n ): Promise<(ContentItem & { locked?: boolean })[]> {\n const contentType = await getContentTypeBySlug(contentTypeSlug)\n\n const {\n status = \"published\",\n orderBy = \"published_at\",\n orderDirection = \"desc\",\n limit = 100,\n offset = 0,\n memberToken,\n } = options\n\n // Check membership access\n const access = await checkMemberAccess(contentType, memberToken)\n\n // If gated and no access, check gating mode\n if (!access.allowed && contentType.required_membership_tier_id) {\n // Get tenant settings for gating mode\n const tenantId = await getTenantId()\n const { data: settings } = await client\n .from(\"tenant_settings\")\n .select(\"membership_gating_mode\")\n .eq(\"tenant_id\", tenantId)\n .single()\n\n const mode = (settings?.membership_gating_mode as string) ?? \"teaser\"\n\n if (mode === \"hide\") {\n return [] // Hide: return nothing\n }\n\n // Teaser mode: return items with locked flag, no body/data\n let query = client\n .from(\"content_items\")\n .select(\"id, title, slug, status, excerpt, seo_title, seo_description, featured_image, published_at, created_at, updated_at\")\n .eq(\"content_type_id\", contentType.id)\n\n if (status) query = query.eq(\"status\", status)\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n if (error) throw new Error(`Failed to fetch ${contentTypeSlug}: ${error.message}`)\n\n return (data ?? []).map((item) => ({\n ...item,\n data: {},\n locked: true,\n })) as (ContentItem & { locked: boolean })[]\n }\n\n // Full access\n let query = client\n .from(\"content_items\")\n .select(\"*\")\n .eq(\"content_type_id\", contentType.id)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n\n if (error) {\n throw new Error(`Failed to fetch ${contentTypeSlug}: ${error.message}`)\n }\n\n return (data ?? []) as ContentItem[]\n },\n\n /**\n * Get a single content item by its slug.\n * Returns null if not found.\n */\n async getContentItemBySlug(\n contentTypeSlug: string,\n itemSlug: string\n ): Promise<ContentItem | null> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"content_items\")\n .select(\"*\")\n .eq(\"content_type_id\", contentTypeId)\n .eq(\"slug\", itemSlug)\n .single()\n\n if (error) {\n if (error.code === \"PGRST116\") return null // not found\n throw new Error(\n `Failed to fetch ${contentTypeSlug}/${itemSlug}: ${error.message}`\n )\n }\n\n return data as ContentItem\n },\n\n /**\n * Get a content type definition (including its field schema).\n */\n async getContentType(contentTypeSlug: string): Promise<ContentType> {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", contentTypeSlug)\n .single()\n\n if (error || !data) {\n throw new Error(`Content type not found: ${contentTypeSlug}`)\n }\n\n return data as ContentType\n },\n\n /**\n * Get all slugs for a content type (for generateStaticParams).\n */\n async getAllSlugs(\n contentTypeSlug: string\n ): Promise<{ slug: string }[]> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"content_items\")\n .select(\"slug\")\n .eq(\"content_type_id\", contentTypeId)\n .eq(\"status\", \"published\")\n\n if (error) {\n throw new Error(\n `Failed to fetch slugs for ${contentTypeSlug}: ${error.message}`\n )\n }\n\n return (data ?? []) as { slug: string }[]\n },\n\n /**\n * List all content types for this tenant.\n */\n async getContentTypes(): Promise<ContentType[]> {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .order(\"name\")\n\n if (error) {\n throw new Error(`Failed to fetch content types: ${error.message}`)\n }\n\n return (data ?? []) as ContentType[]\n },\n\n /**\n * Get all slug redirects for a content type.\n * Use in next.config.js redirects() or middleware for 301s.\n * Returns: [{ old_slug, new_slug }, ...]\n */\n async getRedirects(\n contentTypeSlug: string\n ): Promise<{ old_slug: string; new_slug: string }[]> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"slug_redirects\")\n .select(\"old_slug, new_slug\")\n .eq(\"content_type_id\", contentTypeId)\n\n if (error) {\n throw new Error(\n `Failed to fetch redirects for ${contentTypeSlug}: ${error.message}`\n )\n }\n\n return (data ?? []) as { old_slug: string; new_slug: string }[]\n },\n\n /**\n * Get all custom path redirects for this tenant.\n * Use alongside getRedirects() in next.config.ts for full redirect coverage.\n */\n async getCustomRedirects(): Promise<\n { source_path: string; destination_path: string; permanent: boolean }[]\n > {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"custom_redirects\")\n .select(\"source_path, destination_path, permanent\")\n .eq(\"tenant_id\", tenantId)\n\n if (error) {\n throw new Error(`Failed to fetch custom redirects: ${error.message}`)\n }\n\n return (data ?? []) as {\n source_path: string\n destination_path: string\n permanent: boolean\n }[]\n },\n\n /**\n * Get form submissions for a specific form.\n * Useful for displaying testimonials, reviews, etc.\n */\n async getFormSubmissions(\n formSlug: string,\n options: { status?: string; limit?: number; offset?: number } = {}\n ): Promise<Record<string, unknown>[]> {\n const tenantId = await getTenantId()\n\n const { data: form } = await client\n .from(\"forms\")\n .select(\"id\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", formSlug)\n .single()\n\n if (!form) return []\n\n const { limit = 50, offset = 0, status } = options\n\n let query = client\n .from(\"form_submissions\")\n .select(\"*\")\n .eq(\"form_id\", form.id)\n .eq(\"is_spam\", false)\n .order(\"created_at\", { ascending: false })\n .range(offset, offset + limit - 1)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n const { data } = await query\n return (data ?? []) as Record<string, unknown>[]\n },\n\n /**\n * Get a form configuration by slug.\n */\n async getForm(\n formSlug: string\n ): Promise<Record<string, unknown> | null> {\n const tenantId = await getTenantId()\n\n const { data } = await client\n .from(\"forms\")\n .select(\"id, name, slug, description, is_active\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", formSlug)\n .single()\n\n return data as Record<string, unknown> | null\n },\n\n /**\n * Get a flipbook by ID, including CDN-resolved page image URLs.\n * Returns null if not found or manifest not yet ready.\n */\n getFlipbook,\n\n /**\n * Get Google Reviews for this tenant.\n * Defaults to approved reviews ordered by most recent.\n */\n async getReviews(\n options: ReviewQueryOptions = {}\n ): Promise<GoogleReview[]> {\n const tenantId = await getTenantId()\n\n const {\n status = \"approved\",\n minRating,\n limit = 50,\n offset = 0,\n orderBy = \"review_timestamp\",\n orderDirection = \"desc\",\n } = options\n\n let query = client\n .from(\"google_reviews\")\n .select(\"id, author_name, author_photo_url, rating, text, review_timestamp\")\n .eq(\"tenant_id\", tenantId)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n if (minRating) {\n query = query.gte(\"rating\", minRating)\n }\n\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n\n if (error) {\n throw new Error(`Failed to fetch reviews: ${error.message}`)\n }\n\n return (data ?? []) as GoogleReview[]\n },\n\n /**\n * Get the tenant's third-party tracking IDs (Google Analytics, Google Tag Manager, Meta Pixel).\n * Each value is null when not configured. These IDs are public and safe to render in HTML.\n *\n * On Next.js, the result is cached and revalidated every hour by default\n * (`revalidate: 3600`) and tagged with `TRACKING_CONFIG_TAG`. Tenant sites\n * that want zero-lag updates can call `revalidateTag(TRACKING_CONFIG_TAG)`\n * from a webhook. Pass `revalidate: 0` to disable caching, `revalidate: false`\n * to cache indefinitely (tag-only invalidation), or any positive integer\n * (seconds) to override the interval. Outside Next.js the cache hints are\n * silently ignored — every call hits the network.\n */\n async getTrackingConfig(options: TrackingConfigOptions = {}): Promise<TrackingConfig> {\n const { revalidate = 3600, tags = [TRACKING_CONFIG_TAG] } = options\n const supabaseUrl = (supabase as unknown as { supabaseUrl: string }).supabaseUrl\n const supabaseKey = (supabase as unknown as { supabaseKey: string }).supabaseKey\n\n // Direct PostgREST fetch (instead of going through supabase-js) so that\n // Next.js sees the request and applies its `next` cache options. RLS\n // restricts the result to the tenant matching `x-cms-api-key`, so no\n // explicit tenant_id filter is needed.\n const url =\n `${supabaseUrl}/rest/v1/tenant_settings` +\n `?select=google_analytics_id,google_tag_manager_id,google_ads_id,meta_pixel_id&limit=1`\n\n const init: RequestInit & { next?: { revalidate?: number | false; tags?: string[] } } = {\n headers: {\n apikey: supabaseKey,\n Authorization: `Bearer ${supabaseKey}`,\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n Accept: \"application/json\",\n },\n next: { revalidate, tags },\n }\n\n let row: {\n google_analytics_id: string | null\n google_tag_manager_id: string | null\n google_ads_id: string | null\n meta_pixel_id: string | null\n } | undefined\n\n try {\n const res = await fetch(url, init as RequestInit)\n if (res.ok) {\n const rows = (await res.json()) as Array<typeof row>\n row = rows?.[0]\n }\n } catch {\n // Network errors fall through to the all-null result so a transient\n // outage on the CMS never breaks page renders on the tenant site.\n }\n\n return {\n googleAnalyticsId: nullify(row?.google_analytics_id),\n googleTagManagerId: nullify(row?.google_tag_manager_id),\n googleAdsId: nullify(row?.google_ads_id),\n metaPixelId: nullify(row?.meta_pixel_id),\n }\n },\n }\n}\n\n/**\n * Cache tag applied to `getTrackingConfig()` fetches on Next.js. Call\n * `revalidateTag(TRACKING_CONFIG_TAG)` from a webhook handler on the tenant\n * site to make tracking-ID changes take effect immediately rather than\n * waiting for the next revalidation interval.\n */\nexport const TRACKING_CONFIG_TAG = \"cms:tracking-config\"\n\nexport interface TrackingConfigOptions {\n /**\n * Cache lifetime for the underlying fetch on Next.js, in seconds.\n * Defaults to 3600 (one hour). Set to `0` to disable caching, or `false`\n * to cache indefinitely until the tag is revalidated. Ignored outside\n * Next.js runtimes.\n */\n revalidate?: number | false\n /**\n * Cache tags for the underlying fetch on Next.js. Defaults to\n * `[TRACKING_CONFIG_TAG]`. Override to namespace by tenant if you share a\n * single Next.js process across multiple tenants (uncommon).\n */\n tags?: string[]\n}\n\nfunction nullify(v: string | null | undefined): string | null {\n if (!v) return null\n const trimmed = v.trim()\n return trimmed.length > 0 ? trimmed : null\n}\n\nexport interface TrackingConfig {\n googleAnalyticsId: string | null\n googleTagManagerId: string | null\n googleAdsId: string | null\n metaPixelId: string | null\n}\n\n/**\n * Creates a new Supabase client that includes the `x-cms-api-key`\n * header in every request, using the same URL and key as the original.\n */\nfunction withApiKey(supabase: SupabaseClient, apiKey: string) {\n // Extract URL and key from the existing client\n const supabaseUrl = (supabase as unknown as { supabaseUrl: string }).supabaseUrl\n const supabaseKey = (supabase as unknown as { supabaseKey: string }).supabaseKey\n\n return createSupabaseClient(supabaseUrl, supabaseKey, {\n global: {\n headers: {\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n },\n },\n })\n}\n","import { CMS_CLIENT_VERSION } from \"./version\"\n\n/**\n * Reports the running SDK version to the CMS so the Super Admin UI can show\n * which client version each tenant site is on.\n *\n * Day-granular and process-local: at most one POST per (api key + day) per\n * Node process. Calls from browser code are ignored — the API key would be\n * exposed and the data is redundant with server-side reports.\n *\n * Fire-and-forget. Failures are silent — telemetry must never break a render.\n */\n\nconst DEFAULT_APP_URL = \"https://cms.distinctstudio.co.nz\"\n\ninterface ReportRecord {\n date: string // YYYY-MM-DD\n version: string\n}\n\nconst reported = new Map<string, ReportRecord>()\n\nfunction todayKey(): string {\n return new Date().toISOString().slice(0, 10)\n}\n\nexport function reportClientVersion(apiKey: string, appUrl?: string): void {\n // Skip in browser contexts — server-side calls already cover the tenant.\n if (typeof window !== \"undefined\") return\n if (!apiKey) return\n\n const today = todayKey()\n const last = reported.get(apiKey)\n if (last && last.date === today && last.version === CMS_CLIENT_VERSION) return\n\n // Optimistically mark as reported so concurrent calls don't all fire. If the\n // request fails we'll retry tomorrow — that's acceptable for telemetry.\n reported.set(apiKey, { date: today, version: CMS_CLIENT_VERSION })\n\n const envAppUrl =\n typeof process !== \"undefined\" ? process.env?.NEXT_PUBLIC_CMS_URL : undefined\n const base = (appUrl ?? envAppUrl ?? DEFAULT_APP_URL).replace(/\\/$/, \"\")\n const url = `${base}/api/client-telemetry`\n\n // Fire and forget. Use a hand-rolled then() chain rather than async/await so\n // we don't accidentally surface an unhandled rejection.\n void fetch(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n },\n body: JSON.stringify({\n api_key: apiKey,\n version: CMS_CLIENT_VERSION,\n }),\n }).catch(() => {\n // Allow a retry on the next call by clearing the optimistic record.\n reported.delete(apiKey)\n })\n}\n","import type { EmbedValue } from \"./types\"\n\nfunction toCssAspectRatio(ratio: string): string {\n const parts = ratio.split(\":\")\n if (parts.length !== 2) return \"16/9\"\n const w = parseFloat(parts[0])\n const h = parseFloat(parts[1])\n if (!w || !h || w <= 0 || h <= 0) return \"16/9\"\n return `${w}/${h}`\n}\n\n/**\n * Generate responsive iframe HTML for an embed field value.\n * Returns an empty string if the value is invalid or the URL is not HTTPS.\n */\nexport function getEmbedHtml(value: unknown): string {\n if (!value || typeof value !== \"object\") return \"\"\n const embed = value as EmbedValue\n if (!embed.url || !embed.url.startsWith(\"https://\")) return \"\"\n\n const width = embed.width || \"100%\"\n const aspectRatio = toCssAspectRatio(embed.aspect_ratio || \"16:9\")\n\n return `<div style=\"position:relative;width:${width};aspect-ratio:${aspectRatio}\"><iframe src=\"${embed.url}\" style=\"position:absolute;inset:0;width:100%;height:100%\" frameborder=\"0\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox\" allowfullscreen loading=\"lazy\"></iframe></div>`\n}\n","import type { SupabaseClient } from \"@supabase/supabase-js\"\nimport type {\n Product,\n ProductCategory,\n ProductQueryOptions,\n CreateOrderParams,\n CreateOrderResult,\n} from \"./types\"\nimport { CMS_CLIENT_VERSION } from \"./version\"\nimport { reportClientVersion } from \"./telemetry\"\n\nconst DEFAULT_APP_URL = \"https://cms.distinctstudio.co.nz\"\n\nexport interface ShopClientOptions {\n /** Tenant API key (UUID). Sent as `x-cms-api-key` on every request. */\n apiKey: string\n /** CMS app base URL. Defaults to `https://cms.distinctstudio.co.nz`. */\n appUrl?: string\n}\n\n/**\n * Creates a typed client for the eCommerce REST API (products, categories, orders).\n *\n * Unlike `createCmsClient`, the shop client talks to the CMS REST endpoints\n * (`/api/products`, `/api/product-categories`, `/api/orders/create`) rather than\n * Supabase directly — it doesn't need the `supabase` argument, but accepts it\n * for API symmetry with the rest of the SDK.\n *\n * Usage:\n * ```ts\n * const shop = createShopClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const products = await shop.getProducts({ category: \"electronics\", limit: 20 })\n * ```\n */\nexport function createShopClient(\n _supabase: SupabaseClient,\n options: ShopClientOptions\n) {\n const { apiKey } = options\n const appUrl = (options.appUrl ?? DEFAULT_APP_URL).replace(/\\/$/, \"\")\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, appUrl)\n\n function authHeaders(): HeadersInit {\n return {\n \"Content-Type\": \"application/json\",\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n }\n }\n\n async function getJson<T>(path: string): Promise<T> {\n const res = await fetch(`${appUrl}${path}`, {\n headers: authHeaders(),\n // Caller controls Next.js caching by wrapping the call site.\n })\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(\n body.error ?? `Shop request failed (${res.status}): ${path}`\n )\n }\n return res.json() as Promise<T>\n }\n\n return {\n /**\n * List published products. Includes nested `variants` and `options`.\n *\n * `category` filters by category slug (matches the FK `category_id`,\n * with a fallback to the legacy `category` text column).\n */\n async getProducts(queryOptions: ProductQueryOptions = {}): Promise<Product[]> {\n const params = new URLSearchParams()\n if (queryOptions.category) params.set(\"category\", queryOptions.category)\n if (queryOptions.tags?.length) params.set(\"tags\", queryOptions.tags.join(\",\"))\n if (queryOptions.limit) params.set(\"limit\", String(queryOptions.limit))\n if (queryOptions.offset) params.set(\"offset\", String(queryOptions.offset))\n if (queryOptions.sort) params.set(\"sort\", queryOptions.sort)\n if (queryOptions.order) params.set(\"order\", queryOptions.order)\n\n const qs = params.toString()\n const { products } = await getJson<{ products: Product[] }>(\n `/api/products${qs ? `?${qs}` : \"\"}`\n )\n return products ?? []\n },\n\n /**\n * Get a single published product by slug. Returns null if not found.\n * Includes nested `variants` and `options`.\n */\n async getProductBySlug(slug: string): Promise<Product | null> {\n const res = await fetch(`${appUrl}/api/products/${encodeURIComponent(slug)}`, {\n headers: authHeaders(),\n })\n if (res.status === 404) return null\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(body.error ?? `Failed to fetch product ${slug}`)\n }\n const { product } = (await res.json()) as { product: Product }\n return product ?? null\n },\n\n /**\n * List product categories for the tenant, ordered by sort_order then name.\n */\n async getCategories(): Promise<ProductCategory[]> {\n const { categories } = await getJson<{ categories: ProductCategory[] }>(\n `/api/product-categories`\n )\n return categories ?? []\n },\n\n /**\n * Get a single category by slug. Returns null if not found.\n */\n async getCategoryBySlug(slug: string): Promise<ProductCategory | null> {\n const all = await this.getCategories()\n return all.find((c) => c.slug === slug) ?? null\n },\n\n /**\n * Create a pending order and return a Stripe PaymentIntent client_secret\n * to confirm payment client-side.\n *\n * Stripe must be configured for the tenant; eCommerce must be enabled on\n * their billing plan. Validates stock for tracked variants and applies\n * any discount code before creating the PaymentIntent.\n */\n async createOrder(params: CreateOrderParams): Promise<CreateOrderResult> {\n const res = await fetch(`${appUrl}/api/orders/create`, {\n method: \"POST\",\n headers: authHeaders(),\n body: JSON.stringify({ api_key: apiKey, ...params }),\n })\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(body.error ?? \"Order creation failed\")\n }\n return res.json() as Promise<CreateOrderResult>\n },\n }\n}\n","import type { SupabaseClient } from \"@supabase/supabase-js\"\nimport { reportClientVersion } from \"./telemetry\"\n\nexport type EventStatus = \"draft\" | \"published\" | \"archived\"\nexport type BookingStatus = \"pending\" | \"confirmed\" | \"cancelled\" | \"refunded\"\n\nexport interface CmsEvent {\n id: string\n tenant_id: string\n title: string\n slug: string\n description: string | null\n short_description: string | null\n status: EventStatus\n start_at: string\n end_at: string | null\n venue_name: string | null\n venue_address: string | null\n hero_image: string | null\n gallery: string[]\n tags: string[]\n seo_title: string | null\n seo_description: string | null\n metadata: Record<string, unknown>\n sort_order: number\n published_at: string | null\n created_at: string\n updated_at: string\n}\n\nexport interface CmsTicketTier {\n id: string\n event_id: string\n tenant_id: string\n name: string\n description: string | null\n price_cents: number\n capacity: number | null\n sold_count: number\n sales_start_at: string | null\n sales_end_at: string | null\n is_active: boolean\n sort_order: number\n}\n\nexport interface EventWithTiers extends CmsEvent {\n tiers: CmsTicketTier[]\n}\n\nexport interface EventQueryOptions {\n /** Only include events with start_at >= now. Default false. */\n upcomingOnly?: boolean\n tag?: string\n limit?: number\n offset?: number\n sort?: \"start_at\" | \"sort_order\" | \"created_at\"\n order?: \"asc\" | \"desc\"\n}\n\nexport interface CreateBookingParams {\n event_slug: string\n ticket_tier_id?: string\n customer_email: string\n customer_name?: string\n customer_phone?: string\n quantity?: number\n success_url?: string\n cancel_url?: string\n metadata?: Record<string, unknown>\n}\n\nexport interface CreateBookingResult {\n booking_id: string\n booking_number: string\n status: \"pending\" | \"confirmed\"\n /** Redirect the browser here for paid bookings. */\n checkout_url?: string\n /** Present on free bookings — used for attendance QR display. */\n qr_token?: string\n}\n\nexport function createEventsClient(\n supabase: SupabaseClient,\n options: { apiKey: string; appUrl?: string }\n) {\n const { apiKey, appUrl } = options\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, appUrl)\n\n async function getEvents(\n queryOptions?: EventQueryOptions\n ): Promise<EventWithTiers[]> {\n let query = supabase\n .from(\"events\")\n .select(\"*, tiers:ticket_tiers(*)\")\n .eq(\"status\", \"published\")\n .order(queryOptions?.sort ?? \"start_at\", {\n ascending: (queryOptions?.order ?? \"asc\") === \"asc\",\n })\n\n if (queryOptions?.upcomingOnly) {\n query = query.gte(\"start_at\", new Date().toISOString())\n }\n if (queryOptions?.tag) {\n query = query.contains(\"tags\", [queryOptions.tag])\n }\n if (queryOptions?.limit) {\n query = query.limit(queryOptions.limit)\n }\n if (queryOptions?.offset) {\n query = query.range(\n queryOptions.offset,\n queryOptions.offset + (queryOptions.limit ?? 50) - 1\n )\n }\n\n const { data } = await query\n return (data ?? []) as EventWithTiers[]\n }\n\n async function getEventBySlug(slug: string): Promise<EventWithTiers | null> {\n const { data } = await supabase\n .from(\"events\")\n .select(\"*, tiers:ticket_tiers(*)\")\n .eq(\"slug\", slug)\n .eq(\"status\", \"published\")\n .single()\n return (data as EventWithTiers) ?? null\n }\n\n async function createBooking(\n params: CreateBookingParams\n ): Promise<CreateBookingResult> {\n const baseUrl = appUrl ?? \"\"\n const res = await fetch(`${baseUrl}/api/bookings/create`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ api_key: apiKey, ...params }),\n })\n if (!res.ok) {\n const err = await res\n .json()\n .catch(() => ({ error: \"Booking creation failed\" }))\n throw new Error(err.error ?? \"Booking creation failed\")\n }\n return res.json() as Promise<CreateBookingResult>\n }\n\n return { getEvents, getEventBySlug, createBooking }\n}\n","/**\n * Image helpers for CMS content.\n *\n * Images are already optimised (WebP, max 2400px) on upload.\n * No server-side transforms needed — serve originals directly.\n *\n * These functions are kept for backward compatibility but no longer\n * call Supabase image transformation endpoints.\n */\n\nexport interface ImageTransformOptions {\n width?: number\n height?: number\n quality?: number\n resize?: \"contain\" | \"cover\" | \"fill\"\n format?: \"origin\"\n}\n\n/**\n * Returns the image URL directly.\n *\n * Previously this converted URLs to use Supabase's /render/image/\n * transform endpoint, but images are now pre-optimised on upload\n * (WebP, max 2400px, quality 82) so transforms are unnecessary.\n *\n * The function is kept for backward compatibility — existing code\n * that calls getTransformUrl() will continue to work without changes.\n */\nexport function getTransformUrl(\n originalUrl: string,\n _options: ImageTransformOptions = {}\n): string {\n return originalUrl\n}\n\n/**\n * Returns a simple srcSet using the original image.\n *\n * Previously generated multiple transformed widths, but since images\n * are now pre-optimised WebP, a single source is sufficient.\n * Modern browsers handle responsive display efficiently with a\n * well-sized WebP source.\n */\nexport function getSrcSet(\n originalUrl: string,\n _widths: number[] = [],\n _quality = 80\n): string {\n return `${originalUrl} 2400w`\n}\n\n/**\n * Common image size presets — kept for backward compatibility.\n * Since images are pre-optimised, these are informational only.\n */\nexport const IMAGE_PRESETS = {\n thumbnail: { width: 150, height: 150, resize: \"cover\" as const, quality: 70 },\n card: { width: 400, height: 300, resize: \"cover\" as const, quality: 80 },\n hero: { width: 1200, height: 630, resize: \"cover\" as const, quality: 85 },\n og: { width: 1200, height: 630, resize: \"cover\" as const, quality: 90 },\n avatar: { width: 80, height: 80, resize: \"cover\" as const, quality: 75 },\n full: { width: 1920, resize: \"contain\" as const, quality: 85 },\n} as const\n","/**\n * Helpers for verifying outbound webhooks fired by the CMS.\n *\n * The CMS POSTs JSON to subscriber URLs and signs the raw body with\n * HMAC-SHA256 using the shared secret you set in the Webhooks tab. The hex\n * digest arrives in the `X-CMS-Signature` header.\n *\n * Use Web Crypto so this works in Node, Edge, Deno, and Bun runtimes.\n */\n\nexport interface WebhookEventPayload {\n event: string\n tenant_id: string\n content_type_slug?: string\n content_item_id?: string\n slug?: string\n title?: string\n status?: string\n timestamp: string\n /** Commerce + custom events may attach extra fields. */\n [key: string]: unknown\n}\n\n/**\n * Verify the HMAC-SHA256 signature on a webhook delivery.\n *\n * Pass the **raw** request body (not a parsed JSON object) — re-stringifying\n * a parsed body can change whitespace and invalidate the signature.\n *\n * Returns `true` when the signature matches in constant time, `false`\n * otherwise. Never throws on a bad signature; only throws if the\n * `crypto.subtle` API is unavailable in the runtime.\n *\n * @example\n * const raw = await req.text()\n * const sig = req.headers.get(\"x-cms-signature\")\n * if (!await verifyWebhookSignature(process.env.CMS_WEBHOOK_SECRET!, raw, sig)) {\n * return new Response(\"bad signature\", { status: 401 })\n * }\n * const payload = JSON.parse(raw) as WebhookEventPayload\n */\nexport async function verifyWebhookSignature(\n secret: string,\n rawBody: string,\n signature: string | null | undefined\n): Promise<boolean> {\n if (!signature || !secret) return false\n\n const subtle = (globalThis.crypto && globalThis.crypto.subtle) || null\n if (!subtle) {\n throw new Error(\n \"verifyWebhookSignature requires the Web Crypto API (globalThis.crypto.subtle). \" +\n \"Available in Node 18+, all Edge runtimes, Deno, and Bun.\"\n )\n }\n\n const encoder = new TextEncoder()\n const key = await subtle.importKey(\n \"raw\",\n encoder.encode(secret),\n { name: \"HMAC\", hash: \"SHA-256\" },\n false,\n [\"sign\"]\n )\n const sigBuffer = await subtle.sign(\"HMAC\", key, encoder.encode(rawBody))\n const expected = bufferToHex(sigBuffer)\n\n return timingSafeEqualHex(expected, signature.trim())\n}\n\n/**\n * The webhook event names the CMS can fire. Use as a discriminator on the\n * `event` field of {@link WebhookEventPayload}.\n */\nexport const WEBHOOK_EVENTS = [\n \"content.published\",\n \"content.unpublished\",\n \"content.updated\",\n \"content.deleted\",\n \"order.created\",\n \"order.paid\",\n \"order.payment_failed\",\n \"order.refunded\",\n \"order.shipped\",\n \"booking.confirmed\",\n \"inventory.low_stock\",\n] as const\n\nexport type WebhookEvent = (typeof WEBHOOK_EVENTS)[number]\n\nfunction bufferToHex(buf: ArrayBuffer): string {\n const bytes = new Uint8Array(buf)\n let out = \"\"\n for (let i = 0; i < bytes.length; i++) {\n out += bytes[i].toString(16).padStart(2, \"0\")\n }\n return out\n}\n\n/**\n * Constant-time equality check on two hex strings. Returns false fast when\n * lengths differ — the length itself is not secret.\n */\nfunction timingSafeEqualHex(a: string, b: string): boolean {\n if (a.length !== b.length) return false\n let mismatch = 0\n for (let i = 0; i < a.length; i++) {\n mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i)\n }\n return mismatch === 0\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACOO,IAAM,qBAAqB;;;ACPlC,yBAAqD;;;ACarD,IAAM,kBAAkB;AAOxB,IAAM,WAAW,oBAAI,IAA0B;AAE/C,SAAS,WAAmB;AAC1B,UAAO,oBAAI,KAAK,GAAE,YAAY,EAAE,MAAM,GAAG,EAAE;AAC7C;AAEO,SAAS,oBAAoB,QAAgB,QAAuB;AAEzE,MAAI,OAAO,WAAW,YAAa;AACnC,MAAI,CAAC,OAAQ;AAEb,QAAM,QAAQ,SAAS;AACvB,QAAM,OAAO,SAAS,IAAI,MAAM;AAChC,MAAI,QAAQ,KAAK,SAAS,SAAS,KAAK,YAAY,mBAAoB;AAIxE,WAAS,IAAI,QAAQ,EAAE,MAAM,OAAO,SAAS,mBAAmB,CAAC;AAEjE,QAAM,YACJ,OAAO,YAAY,cAAc,QAAQ,KAAK,sBAAsB;AACtE,QAAM,QAAQ,UAAU,aAAa,iBAAiB,QAAQ,OAAO,EAAE;AACvE,QAAM,MAAM,GAAG,IAAI;AAInB,OAAK,MAAM,KAAK;AAAA,IACd,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,wBAAwB;AAAA,IAC1B;AAAA,IACA,MAAM,KAAK,UAAU;AAAA,MACnB,SAAS;AAAA,MACT,SAAS;AAAA,IACX,CAAC;AAAA,EACH,CAAC,EAAE,MAAM,MAAM;AAEb,aAAS,OAAO,MAAM;AAAA,EACxB,CAAC;AACH;;;ADpCO,SAAS,gBACd,UACA,SACA;AACA,QAAM,EAAE,OAAO,IAAI;AAGnB,QAAM,SAAS,WAAW,UAAU,MAAM;AAG1C,sBAAoB,QAAQ,QAAQ,MAAM;AAG1C,MAAI,gBAA+B;AAEnC,iBAAe,cAA+B;AAC5C,QAAI,cAAe,QAAO;AAE1B,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,SAAS,EACd,OAAO,IAAI,EACX,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,oBAAgB,KAAK;AACrB,WAAO,KAAK;AAAA,EACd;AAGA,QAAM,mBAAmB,oBAAI,IAAyB;AAEtD,iBAAe,qBAAqB,iBAA+C;AACjF,QAAI,iBAAiB,IAAI,eAAe,EAAG,QAAO,iBAAiB,IAAI,eAAe;AACtF,UAAM,WAAW,MAAM,YAAY;AAEnC,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,eAAe,EAC1B,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,YAAM,IAAI,MAAM,2BAA2B,eAAe,EAAE;AAAA,IAC9D;AAEA,UAAM,KAAK;AACX,qBAAiB,IAAI,iBAAiB,EAAE;AACxC,WAAO;AAAA,EACT;AAEA,iBAAe,iBAAiB,iBAA0C;AACxE,UAAM,KAAK,MAAM,qBAAqB,eAAe;AACrD,WAAO,GAAG;AAAA,EACZ;AAGA,iBAAe,kBACb,aACA,aAC4D;AAC5D,UAAM,iBAAiB,YAAY;AACnC,QAAI,CAAC,eAAgB,QAAO,EAAE,SAAS,MAAM,cAAc,KAAK;AAEhE,QAAI,CAAC,YAAa,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAG9D,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,OAC7B,KAAK,iBAAiB,EACtB,OAAO,WAAW,EAClB,GAAG,cAAc,WAAW,EAC5B,OAAO;AAEV,QAAI,CAAC,QAAS,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAE1D,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,OAC5B,KAAK,SAAS,EACd,OAAO,4BAA4B,EACnC,GAAG,MAAM,QAAQ,SAAS,EAC1B,OAAO;AAEV,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAIvF,WAAO;AAAA,MACL,SAAS,OAAO,uBAAuB;AAAA,MACvC,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAEA,iBAAe,YAAY,IAA8D;AACvF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,WAAW,EAChB,OAAO,sEAAsE,EAC7E,GAAG,MAAM,EAAE,EACX,OAAO;AACV,QAAI,SAAS,CAAC,KAAM,QAAO;AAE3B,UAAM,WAAW,KAAK;AAGtB,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,QACL,IAAI,KAAK;AAAA,QACT,OAAO,KAAK;AAAA,QACZ,YAAa,KAAK,cAAyB;AAAA,QAC3C,QAAQ,KAAK;AAAA,QACb,aAAa,CAAC;AAAA,QACd,KAAK,CAAC;AAAA,QACN,cAAc;AAAA,MAChB;AAAA,IACF;AAMA,UAAM,OAAQ,WAA0E;AACxF,UAAM,UAAU,MAAM,KAAK,6BAA6B;AACxD,UAAM,SAAS,aAAa,KAAK,SAAmB,IAAI,KAAK,EAAY;AACzE,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,YAAa,KAAK,cAAyB,SAAS,MAAM;AAAA,MAC1D,QAAQ,KAAK;AAAA,MACb,aAAa,SAAS,MAAM,IAAI,CAAC,OAAO;AAAA,QACtC,KAAK,GAAG,OAAO,IAAI,MAAM,GAAG,EAAE,KAAK;AAAA,QACnC,WAAW,GAAG,OAAO,IAAI,MAAM,GAAG,EAAE,KAAK;AAAA,QACzC,GAAG,EAAE;AAAA,QACL,GAAG,EAAE;AAAA,MACP,EAAE;AAAA,MACF,KAAK,SAAS;AAAA,MACd,cAAc,KAAK,mBACf,GAAG,QAAQ,UAAU,EAAE,kBAAkB,KAAK,EAAY,cAC1D;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,IAKL,MAAM,gBACJ,iBACAA,WAA+B,CAAC,GACiB;AACjD,YAAM,cAAc,MAAM,qBAAqB,eAAe;AAE9D,YAAM;AAAA,QACJ,SAAS;AAAA,QACT,UAAU;AAAA,QACV,iBAAiB;AAAA,QACjB,QAAQ;AAAA,QACR,SAAS;AAAA,QACT;AAAA,MACF,IAAIA;AAGJ,YAAM,SAAS,MAAM,kBAAkB,aAAa,WAAW;AAG/D,UAAI,CAAC,OAAO,WAAW,YAAY,6BAA6B;AAE9D,cAAM,WAAW,MAAM,YAAY;AACnC,cAAM,EAAE,MAAM,SAAS,IAAI,MAAM,OAC9B,KAAK,iBAAiB,EACtB,OAAO,wBAAwB,EAC/B,GAAG,aAAa,QAAQ,EACxB,OAAO;AAEV,cAAM,OAAQ,UAAU,0BAAqC;AAE7D,YAAI,SAAS,QAAQ;AACnB,iBAAO,CAAC;AAAA,QACV;AAGA,YAAIC,SAAQ,OACT,KAAK,eAAe,EACpB,OAAO,oHAAoH,EAC3H,GAAG,mBAAmB,YAAY,EAAE;AAEvC,YAAI,OAAQ,CAAAA,SAAQA,OAAM,GAAG,UAAU,MAAM;AAC7C,QAAAA,SAAQA,OACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,cAAM,EAAE,MAAAC,OAAM,OAAAC,OAAM,IAAI,MAAMF;AAC9B,YAAIE,OAAO,OAAM,IAAI,MAAM,mBAAmB,eAAe,KAAKA,OAAM,OAAO,EAAE;AAEjF,gBAAQD,SAAQ,CAAC,GAAG,IAAI,CAAC,UAAU;AAAA,UACjC,GAAG;AAAA,UACH,MAAM,CAAC;AAAA,UACP,QAAQ;AAAA,QACV,EAAE;AAAA,MACJ;AAGA,UAAI,QAAQ,OACT,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,mBAAmB,YAAY,EAAE;AAEvC,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,cAAQ,MACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,mBAAmB,eAAe,KAAK,MAAM,OAAO,EAAE;AAAA,MACxE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,qBACJ,iBACA,UAC6B;AAC7B,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,mBAAmB,aAAa,EACnC,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,WAAY,QAAO;AACtC,cAAM,IAAI;AAAA,UACR,mBAAmB,eAAe,IAAI,QAAQ,KAAK,MAAM,OAAO;AAAA,QAClE;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,eAAe,iBAA+C;AAClE,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,eAAe,EAC1B,OAAO;AAEV,UAAI,SAAS,CAAC,MAAM;AAClB,cAAM,IAAI,MAAM,2BAA2B,eAAe,EAAE;AAAA,MAC9D;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,YACJ,iBAC6B;AAC7B,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,MAAM,EACb,GAAG,mBAAmB,aAAa,EACnC,GAAG,UAAU,WAAW;AAE3B,UAAI,OAAO;AACT,cAAM,IAAI;AAAA,UACR,6BAA6B,eAAe,KAAK,MAAM,OAAO;AAAA,QAChE;AAAA,MACF;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAA0C;AAC9C,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,MAAM,MAAM;AAEf,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,kCAAkC,MAAM,OAAO,EAAE;AAAA,MACnE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAM,aACJ,iBACmD;AACnD,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,gBAAgB,EACrB,OAAO,oBAAoB,EAC3B,GAAG,mBAAmB,aAAa;AAEtC,UAAI,OAAO;AACT,cAAM,IAAI;AAAA,UACR,iCAAiC,eAAe,KAAK,MAAM,OAAO;AAAA,QACpE;AAAA,MACF;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,qBAEJ;AACA,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,kBAAkB,EACvB,OAAO,0CAA0C,EACjD,GAAG,aAAa,QAAQ;AAE3B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,qCAAqC,MAAM,OAAO,EAAE;AAAA,MACtE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IAKnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,mBACJ,UACAF,WAAgE,CAAC,GAC7B;AACpC,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAC1B,KAAK,OAAO,EACZ,OAAO,IAAI,EACX,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,UAAI,CAAC,KAAM,QAAO,CAAC;AAEnB,YAAM,EAAE,QAAQ,IAAI,SAAS,GAAG,OAAO,IAAIA;AAE3C,UAAI,QAAQ,OACT,KAAK,kBAAkB,EACvB,OAAO,GAAG,EACV,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,WAAW,KAAK,EACnB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,YAAM,EAAE,KAAK,IAAI,MAAM;AACvB,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,QACJ,UACyC;AACzC,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,KAAK,IAAI,MAAM,OACpB,KAAK,OAAO,EACZ,OAAO,wCAAwC,EAC/C,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,WACJA,WAA8B,CAAC,GACN;AACzB,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM;AAAA,QACJ,SAAS;AAAA,QACT;AAAA,QACA,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,UAAU;AAAA,QACV,iBAAiB;AAAA,MACnB,IAAIA;AAEJ,UAAI,QAAQ,OACT,KAAK,gBAAgB,EACrB,OAAO,mEAAmE,EAC1E,GAAG,aAAa,QAAQ;AAE3B,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,UAAI,WAAW;AACb,gBAAQ,MAAM,IAAI,UAAU,SAAS;AAAA,MACvC;AAEA,cAAQ,MACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,4BAA4B,MAAM,OAAO,EAAE;AAAA,MAC7D;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAcA,MAAM,kBAAkBA,WAAiC,CAAC,GAA4B;AACpF,YAAM,EAAE,aAAa,MAAM,OAAO,CAAC,mBAAmB,EAAE,IAAIA;AAC5D,YAAM,cAAe,SAAgD;AACrE,YAAM,cAAe,SAAgD;AAMrE,YAAM,MACJ,GAAG,WAAW;AAGhB,YAAM,OAAkF;AAAA,QACtF,SAAS;AAAA,UACP,QAAQ;AAAA,UACR,eAAe,UAAU,WAAW;AAAA,UACpC,iBAAiB;AAAA,UACjB,wBAAwB;AAAA,UACxB,QAAQ;AAAA,QACV;AAAA,QACA,MAAM,EAAE,YAAY,KAAK;AAAA,MAC3B;AAEA,UAAI;AAOJ,UAAI;AACF,cAAM,MAAM,MAAM,MAAM,KAAK,IAAmB;AAChD,YAAI,IAAI,IAAI;AACV,gBAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,gBAAM,OAAO,CAAC;AAAA,QAChB;AAAA,MACF,QAAQ;AAAA,MAGR;AAEA,aAAO;AAAA,QACL,mBAAmB,QAAQ,KAAK,mBAAmB;AAAA,QACnD,oBAAoB,QAAQ,KAAK,qBAAqB;AAAA,QACtD,aAAa,QAAQ,KAAK,aAAa;AAAA,QACvC,aAAa,QAAQ,KAAK,aAAa;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAQO,IAAM,sBAAsB;AAkBnC,SAAS,QAAQ,GAA6C;AAC5D,MAAI,CAAC,EAAG,QAAO;AACf,QAAM,UAAU,EAAE,KAAK;AACvB,SAAO,QAAQ,SAAS,IAAI,UAAU;AACxC;AAaA,SAAS,WAAW,UAA0B,QAAgB;AAE5D,QAAM,cAAe,SAAgD;AACrE,QAAM,cAAe,SAAgD;AAErE,aAAO,mBAAAI,cAAqB,aAAa,aAAa;AAAA,IACpD,QAAQ;AAAA,MACN,SAAS;AAAA,QACP,iBAAiB;AAAA,QACjB,wBAAwB;AAAA,MAC1B;AAAA,IACF;AAAA,EACF,CAAC;AACH;;;AEnmBA,SAAS,iBAAiB,OAAuB;AAC/C,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,IAAI,WAAW,MAAM,CAAC,CAAC;AAC7B,QAAM,IAAI,WAAW,MAAM,CAAC,CAAC;AAC7B,MAAI,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,KAAK,EAAG,QAAO;AACzC,SAAO,GAAG,CAAC,IAAI,CAAC;AAClB;AAMO,SAAS,aAAa,OAAwB;AACnD,MAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAChD,QAAM,QAAQ;AACd,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,IAAI,WAAW,UAAU,EAAG,QAAO;AAE5D,QAAM,QAAQ,MAAM,SAAS;AAC7B,QAAM,cAAc,iBAAiB,MAAM,gBAAgB,MAAM;AAEjE,SAAO,uCAAuC,KAAK,iBAAiB,WAAW,kBAAkB,MAAM,GAAG;AAC5G;;;ACbA,IAAMC,mBAAkB;AAuBjB,SAAS,iBACd,WACA,SACA;AACA,QAAM,EAAE,OAAO,IAAI;AACnB,QAAM,UAAU,QAAQ,UAAUA,kBAAiB,QAAQ,OAAO,EAAE;AAGpE,sBAAoB,QAAQ,MAAM;AAElC,WAAS,cAA2B;AAClC,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,wBAAwB;AAAA,IAC1B;AAAA,EACF;AAEA,iBAAe,QAAW,MAA0B;AAClD,UAAM,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,IAAI,IAAI;AAAA,MAC1C,SAAS,YAAY;AAAA;AAAA,IAEvB,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,YAAM,IAAI;AAAA,QACR,KAAK,SAAS,wBAAwB,IAAI,MAAM,MAAM,IAAI;AAAA,MAC5D;AAAA,IACF;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOL,MAAM,YAAY,eAAoC,CAAC,GAAuB;AAC5E,YAAM,SAAS,IAAI,gBAAgB;AACnC,UAAI,aAAa,SAAU,QAAO,IAAI,YAAY,aAAa,QAAQ;AACvE,UAAI,aAAa,MAAM,OAAQ,QAAO,IAAI,QAAQ,aAAa,KAAK,KAAK,GAAG,CAAC;AAC7E,UAAI,aAAa,MAAO,QAAO,IAAI,SAAS,OAAO,aAAa,KAAK,CAAC;AACtE,UAAI,aAAa,OAAQ,QAAO,IAAI,UAAU,OAAO,aAAa,MAAM,CAAC;AACzE,UAAI,aAAa,KAAM,QAAO,IAAI,QAAQ,aAAa,IAAI;AAC3D,UAAI,aAAa,MAAO,QAAO,IAAI,SAAS,aAAa,KAAK;AAE9D,YAAM,KAAK,OAAO,SAAS;AAC3B,YAAM,EAAE,SAAS,IAAI,MAAM;AAAA,QACzB,gBAAgB,KAAK,IAAI,EAAE,KAAK,EAAE;AAAA,MACpC;AACA,aAAO,YAAY,CAAC;AAAA,IACtB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,iBAAiB,MAAuC;AAC5D,YAAM,MAAM,MAAM,MAAM,GAAG,MAAM,iBAAiB,mBAAmB,IAAI,CAAC,IAAI;AAAA,QAC5E,SAAS,YAAY;AAAA,MACvB,CAAC;AACD,UAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,cAAM,IAAI,MAAM,KAAK,SAAS,2BAA2B,IAAI,EAAE;AAAA,MACjE;AACA,YAAM,EAAE,QAAQ,IAAK,MAAM,IAAI,KAAK;AACpC,aAAO,WAAW;AAAA,IACpB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,gBAA4C;AAChD,YAAM,EAAE,WAAW,IAAI,MAAM;AAAA,QAC3B;AAAA,MACF;AACA,aAAO,cAAc,CAAC;AAAA,IACxB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAAkB,MAA+C;AACrE,YAAM,MAAM,MAAM,KAAK,cAAc;AACrC,aAAO,IAAI,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI,KAAK;AAAA,IAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,MAAM,YAAY,QAAuD;AACvE,YAAM,MAAM,MAAM,MAAM,GAAG,MAAM,sBAAsB;AAAA,QACrD,QAAQ;AAAA,QACR,SAAS,YAAY;AAAA,QACrB,MAAM,KAAK,UAAU,EAAE,SAAS,QAAQ,GAAG,OAAO,CAAC;AAAA,MACrD,CAAC;AACD,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,cAAM,IAAI,MAAM,KAAK,SAAS,uBAAuB;AAAA,MACvD;AACA,aAAO,IAAI,KAAK;AAAA,IAClB;AAAA,EACF;AACF;;;AChEO,SAAS,mBACd,UACA,SACA;AACA,QAAM,EAAE,QAAQ,OAAO,IAAI;AAG3B,sBAAoB,QAAQ,MAAM;AAElC,iBAAe,UACb,cAC2B;AAC3B,QAAI,QAAQ,SACT,KAAK,QAAQ,EACb,OAAO,0BAA0B,EACjC,GAAG,UAAU,WAAW,EACxB,MAAM,cAAc,QAAQ,YAAY;AAAA,MACvC,YAAY,cAAc,SAAS,WAAW;AAAA,IAChD,CAAC;AAEH,QAAI,cAAc,cAAc;AAC9B,cAAQ,MAAM,IAAI,aAAY,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,IACxD;AACA,QAAI,cAAc,KAAK;AACrB,cAAQ,MAAM,SAAS,QAAQ,CAAC,aAAa,GAAG,CAAC;AAAA,IACnD;AACA,QAAI,cAAc,OAAO;AACvB,cAAQ,MAAM,MAAM,aAAa,KAAK;AAAA,IACxC;AACA,QAAI,cAAc,QAAQ;AACxB,cAAQ,MAAM;AAAA,QACZ,aAAa;AAAA,QACb,aAAa,UAAU,aAAa,SAAS,MAAM;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM;AACvB,WAAQ,QAAQ,CAAC;AAAA,EACnB;AAEA,iBAAe,eAAe,MAA8C;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,SACpB,KAAK,QAAQ,EACb,OAAO,0BAA0B,EACjC,GAAG,QAAQ,IAAI,EACf,GAAG,UAAU,WAAW,EACxB,OAAO;AACV,WAAQ,QAA2B;AAAA,EACrC;AAEA,iBAAe,cACb,QAC8B;AAC9B,UAAM,UAAU,UAAU;AAC1B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,wBAAwB;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,SAAS,QAAQ,GAAG,OAAO,CAAC;AAAA,IACrD,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,MAAM,MAAM,IACf,KAAK,EACL,MAAM,OAAO,EAAE,OAAO,0BAA0B,EAAE;AACrD,YAAM,IAAI,MAAM,IAAI,SAAS,yBAAyB;AAAA,IACxD;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO,EAAE,WAAW,gBAAgB,cAAc;AACpD;;;AC1HO,SAAS,gBACd,aACA,WAAkC,CAAC,GAC3B;AACR,SAAO;AACT;AAUO,SAAS,UACd,aACA,UAAoB,CAAC,GACrB,WAAW,IACH;AACR,SAAO,GAAG,WAAW;AACvB;AAMO,IAAM,gBAAgB;AAAA,EAC3B,WAAW,EAAE,OAAO,KAAK,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EAC5E,MAAM,EAAE,OAAO,KAAK,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACvE,MAAM,EAAE,OAAO,MAAM,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACxE,IAAI,EAAE,OAAO,MAAM,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACtE,QAAQ,EAAE,OAAO,IAAI,QAAQ,IAAI,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACvE,MAAM,EAAE,OAAO,MAAM,QAAQ,WAAoB,SAAS,GAAG;AAC/D;;;ACrBA,eAAsB,uBACpB,QACA,SACA,WACkB;AAClB,MAAI,CAAC,aAAa,CAAC,OAAQ,QAAO;AAElC,QAAM,SAAU,WAAW,UAAU,WAAW,OAAO,UAAW;AAClE,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AAEA,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,MAAM,MAAM,OAAO;AAAA,IACvB;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,MAAM;AAAA,EACT;AACA,QAAM,YAAY,MAAM,OAAO,KAAK,QAAQ,KAAK,QAAQ,OAAO,OAAO,CAAC;AACxE,QAAM,WAAW,YAAY,SAAS;AAEtC,SAAO,mBAAmB,UAAU,UAAU,KAAK,CAAC;AACtD;AAMO,IAAM,iBAAiB;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAIA,SAAS,YAAY,KAA0B;AAC7C,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,WAAO,MAAM,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EAC9C;AACA,SAAO;AACT;AAMA,SAAS,mBAAmB,GAAW,GAAoB;AACzD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,MAAI,WAAW;AACf,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,gBAAY,EAAE,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC;AAAA,EAC9C;AACA,SAAO,aAAa;AACtB;","names":["options","query","data","error","createSupabaseClient","DEFAULT_APP_URL"]}
package/dist/index.mjs CHANGED
@@ -1,9 +1,9 @@
1
+ // src/version.ts
2
+ var CMS_CLIENT_VERSION = "1.16.0";
3
+
1
4
  // src/queries.ts
2
5
  import { createClient as createSupabaseClient } from "@supabase/supabase-js";
3
6
 
4
- // src/version.ts
5
- var CMS_CLIENT_VERSION = "1.14.1";
6
-
7
7
  // src/telemetry.ts
8
8
  var DEFAULT_APP_URL = "https://cms.distinctstudio.co.nz";
9
9
  var reported = /* @__PURE__ */ new Map();
@@ -310,7 +310,7 @@ function createCmsClient(supabase, options) {
310
310
  const { revalidate = 3600, tags = [TRACKING_CONFIG_TAG] } = options2;
311
311
  const supabaseUrl = supabase.supabaseUrl;
312
312
  const supabaseKey = supabase.supabaseKey;
313
- const url = `${supabaseUrl}/rest/v1/tenant_settings?select=google_analytics_id,google_tag_manager_id,meta_pixel_id&limit=1`;
313
+ const url = `${supabaseUrl}/rest/v1/tenant_settings?select=google_analytics_id,google_tag_manager_id,google_ads_id,meta_pixel_id&limit=1`;
314
314
  const init = {
315
315
  headers: {
316
316
  apikey: supabaseKey,
@@ -333,6 +333,7 @@ function createCmsClient(supabase, options) {
333
333
  return {
334
334
  googleAnalyticsId: nullify(row?.google_analytics_id),
335
335
  googleTagManagerId: nullify(row?.google_tag_manager_id),
336
+ googleAdsId: nullify(row?.google_ads_id),
336
337
  metaPixelId: nullify(row?.meta_pixel_id)
337
338
  };
338
339
  }
@@ -538,14 +539,68 @@ var IMAGE_PRESETS = {
538
539
  avatar: { width: 80, height: 80, resize: "cover", quality: 75 },
539
540
  full: { width: 1920, resize: "contain", quality: 85 }
540
541
  };
542
+
543
+ // src/webhooks.ts
544
+ async function verifyWebhookSignature(secret, rawBody, signature) {
545
+ if (!signature || !secret) return false;
546
+ const subtle = globalThis.crypto && globalThis.crypto.subtle || null;
547
+ if (!subtle) {
548
+ throw new Error(
549
+ "verifyWebhookSignature requires the Web Crypto API (globalThis.crypto.subtle). Available in Node 18+, all Edge runtimes, Deno, and Bun."
550
+ );
551
+ }
552
+ const encoder = new TextEncoder();
553
+ const key = await subtle.importKey(
554
+ "raw",
555
+ encoder.encode(secret),
556
+ { name: "HMAC", hash: "SHA-256" },
557
+ false,
558
+ ["sign"]
559
+ );
560
+ const sigBuffer = await subtle.sign("HMAC", key, encoder.encode(rawBody));
561
+ const expected = bufferToHex(sigBuffer);
562
+ return timingSafeEqualHex(expected, signature.trim());
563
+ }
564
+ var WEBHOOK_EVENTS = [
565
+ "content.published",
566
+ "content.unpublished",
567
+ "content.updated",
568
+ "content.deleted",
569
+ "order.created",
570
+ "order.paid",
571
+ "order.payment_failed",
572
+ "order.refunded",
573
+ "order.shipped",
574
+ "booking.confirmed",
575
+ "inventory.low_stock"
576
+ ];
577
+ function bufferToHex(buf) {
578
+ const bytes = new Uint8Array(buf);
579
+ let out = "";
580
+ for (let i = 0; i < bytes.length; i++) {
581
+ out += bytes[i].toString(16).padStart(2, "0");
582
+ }
583
+ return out;
584
+ }
585
+ function timingSafeEqualHex(a, b) {
586
+ if (a.length !== b.length) return false;
587
+ let mismatch = 0;
588
+ for (let i = 0; i < a.length; i++) {
589
+ mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
590
+ }
591
+ return mismatch === 0;
592
+ }
541
593
  export {
594
+ CMS_CLIENT_VERSION,
542
595
  IMAGE_PRESETS,
543
596
  TRACKING_CONFIG_TAG,
597
+ WEBHOOK_EVENTS,
544
598
  createCmsClient,
545
599
  createEventsClient,
546
600
  createShopClient,
547
601
  getEmbedHtml,
548
602
  getSrcSet,
549
- getTransformUrl
603
+ getTransformUrl,
604
+ verifyWebhookSignature
550
605
  };
551
606
  //# sourceMappingURL=index.mjs.map
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/queries.ts","../src/version.ts","../src/telemetry.ts","../src/embed.ts","../src/shop.ts","../src/events.ts","../src/cdn.ts"],"sourcesContent":["import { createClient as createSupabaseClient } from \"@supabase/supabase-js\"\nimport type { SupabaseClient } from \"@supabase/supabase-js\"\nimport type {\n CmsClientOptions,\n ContentItem,\n ContentQueryOptions,\n ContentType,\n GoogleReview,\n ReviewQueryOptions,\n} from \"./types\"\nimport { CMS_CLIENT_VERSION } from \"./version\"\nimport { reportClientVersion } from \"./telemetry\"\n\n/**\n * Creates a CMS query client authenticated with a tenant API key.\n *\n * Usage:\n * ```ts\n * const cms = createCmsClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const events = await cms.getContentItems('events', { status: 'published' })\n * ```\n *\n * The API key is sent as an `x-cms-api-key` header on every request.\n * Supabase RLS policies validate it against the tenant's stored key.\n */\nexport function createCmsClient(\n supabase: SupabaseClient,\n options: CmsClientOptions\n) {\n const { apiKey } = options\n\n // Create a new Supabase client with the API key header injected globally\n const client = withApiKey(supabase, apiKey) as SupabaseClient\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, options.appUrl)\n\n /** Resolve the tenant ID from the API key (cached per request) */\n let tenantIdCache: string | null = null\n\n async function getTenantId(): Promise<string> {\n if (tenantIdCache) return tenantIdCache\n\n const { data, error } = await client\n .from(\"tenants\")\n .select(\"id\")\n .single()\n\n if (error || !data) {\n throw new Error(\n \"Invalid CMS API key — no tenant found. Check your apiKey.\"\n )\n }\n\n tenantIdCache = data.id\n return data.id\n }\n\n /** Resolve a content type from its slug (cached) */\n const contentTypeCache = new Map<string, ContentType>()\n\n async function getContentTypeBySlug(contentTypeSlug: string): Promise<ContentType> {\n if (contentTypeCache.has(contentTypeSlug)) return contentTypeCache.get(contentTypeSlug)!\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", contentTypeSlug)\n .single()\n\n if (error || !data) {\n throw new Error(`Content type not found: ${contentTypeSlug}`)\n }\n\n const ct = data as ContentType\n contentTypeCache.set(contentTypeSlug, ct)\n return ct\n }\n\n async function getContentTypeId(contentTypeSlug: string): Promise<string> {\n const ct = await getContentTypeBySlug(contentTypeSlug)\n return ct.id\n }\n\n /** Check if a member token has access to a gated content type */\n async function checkMemberAccess(\n contentType: ContentType,\n memberToken?: string\n ): Promise<{ allowed: boolean; memberTierId: string | null }> {\n const requiredTierId = contentType.required_membership_tier_id\n if (!requiredTierId) return { allowed: true, memberTierId: null } // Public\n\n if (!memberToken) return { allowed: false, memberTierId: null } // Gated but no token\n\n // Verify the member's token and check their tier\n const { data: session } = await client\n .from(\"member_sessions\")\n .select(\"member_id\")\n .eq(\"token_hash\", memberToken) // Note: caller should hash the token\n .single()\n\n if (!session) return { allowed: false, memberTierId: null }\n\n const { data: member } = await client\n .from(\"members\")\n .select(\"membership_tier_id, status\")\n .eq(\"id\", session.member_id)\n .single()\n\n if (!member || member.status !== \"active\") return { allowed: false, memberTierId: null }\n\n // Check if the member's tier matches (or exceeds) the required tier\n // For now: exact match or the member has the required tier\n return {\n allowed: member.membership_tier_id === requiredTierId,\n memberTierId: member.membership_tier_id as string | null,\n }\n }\n\n async function getFlipbook(id: string): Promise<import(\"./types\").FlipbookPublic | null> {\n const { data, error } = await client\n .from(\"flipbooks\")\n .select(\"id, title, page_count, status, manifest, download_enabled, tenant_id\")\n .eq(\"id\", id)\n .single()\n if (error || !data) return null\n\n const manifest = data.manifest as\n | { pages: Array<{ image: string; thumb: string; w: number; h: number }>; toc: Array<{ title: string; page: number }> }\n | null\n if (!manifest) {\n return {\n id: data.id as string,\n title: data.title as string,\n page_count: (data.page_count as number) ?? 0,\n status: data.status as \"pending_upload\" | \"pending\" | \"processing\" | \"ready\" | \"failed\",\n page_images: [],\n toc: [],\n download_url: null,\n }\n }\n\n // Browser-safe env lookup via globalThis. The client package builds without\n // @types/node so referring to `process` directly fails the dts build; reading\n // through globalThis sidesteps that and works in every JS environment that\n // matters (Node, browsers, edge runtimes).\n const proc = (globalThis as { process?: { env?: Record<string, string | undefined> } }).process\n const cdnBase = proc?.env?.NEXT_PUBLIC_R2_PUBLIC_URL ?? \"https://cdn.distinctstudio.co.nz\"\n const prefix = `flipbooks/${data.tenant_id as string}/${data.id as string}/`\n return {\n id: data.id as string,\n title: data.title as string,\n page_count: (data.page_count as number) ?? manifest.pages.length,\n status: data.status as \"pending\" | \"processing\" | \"ready\" | \"failed\",\n page_images: manifest.pages.map((p) => ({\n url: `${cdnBase}/${prefix}${p.image}`,\n thumb_url: `${cdnBase}/${prefix}${p.thumb}`,\n w: p.w,\n h: p.h,\n })),\n toc: manifest.toc,\n download_url: data.download_enabled\n ? `${options.appUrl ?? \"\"}/api/flipbooks/${data.id as string}/download`\n : null,\n }\n }\n\n return {\n /**\n * List content items for a content type.\n * Defaults to published items ordered by most recent.\n */\n async getContentItems(\n contentTypeSlug: string,\n options: ContentQueryOptions = {}\n ): Promise<(ContentItem & { locked?: boolean })[]> {\n const contentType = await getContentTypeBySlug(contentTypeSlug)\n\n const {\n status = \"published\",\n orderBy = \"published_at\",\n orderDirection = \"desc\",\n limit = 100,\n offset = 0,\n memberToken,\n } = options\n\n // Check membership access\n const access = await checkMemberAccess(contentType, memberToken)\n\n // If gated and no access, check gating mode\n if (!access.allowed && contentType.required_membership_tier_id) {\n // Get tenant settings for gating mode\n const tenantId = await getTenantId()\n const { data: settings } = await client\n .from(\"tenant_settings\")\n .select(\"membership_gating_mode\")\n .eq(\"tenant_id\", tenantId)\n .single()\n\n const mode = (settings?.membership_gating_mode as string) ?? \"teaser\"\n\n if (mode === \"hide\") {\n return [] // Hide: return nothing\n }\n\n // Teaser mode: return items with locked flag, no body/data\n let query = client\n .from(\"content_items\")\n .select(\"id, title, slug, status, excerpt, seo_title, seo_description, featured_image, published_at, created_at, updated_at\")\n .eq(\"content_type_id\", contentType.id)\n\n if (status) query = query.eq(\"status\", status)\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n if (error) throw new Error(`Failed to fetch ${contentTypeSlug}: ${error.message}`)\n\n return (data ?? []).map((item) => ({\n ...item,\n data: {},\n locked: true,\n })) as (ContentItem & { locked: boolean })[]\n }\n\n // Full access\n let query = client\n .from(\"content_items\")\n .select(\"*\")\n .eq(\"content_type_id\", contentType.id)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n\n if (error) {\n throw new Error(`Failed to fetch ${contentTypeSlug}: ${error.message}`)\n }\n\n return (data ?? []) as ContentItem[]\n },\n\n /**\n * Get a single content item by its slug.\n * Returns null if not found.\n */\n async getContentItemBySlug(\n contentTypeSlug: string,\n itemSlug: string\n ): Promise<ContentItem | null> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"content_items\")\n .select(\"*\")\n .eq(\"content_type_id\", contentTypeId)\n .eq(\"slug\", itemSlug)\n .single()\n\n if (error) {\n if (error.code === \"PGRST116\") return null // not found\n throw new Error(\n `Failed to fetch ${contentTypeSlug}/${itemSlug}: ${error.message}`\n )\n }\n\n return data as ContentItem\n },\n\n /**\n * Get a content type definition (including its field schema).\n */\n async getContentType(contentTypeSlug: string): Promise<ContentType> {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", contentTypeSlug)\n .single()\n\n if (error || !data) {\n throw new Error(`Content type not found: ${contentTypeSlug}`)\n }\n\n return data as ContentType\n },\n\n /**\n * Get all slugs for a content type (for generateStaticParams).\n */\n async getAllSlugs(\n contentTypeSlug: string\n ): Promise<{ slug: string }[]> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"content_items\")\n .select(\"slug\")\n .eq(\"content_type_id\", contentTypeId)\n .eq(\"status\", \"published\")\n\n if (error) {\n throw new Error(\n `Failed to fetch slugs for ${contentTypeSlug}: ${error.message}`\n )\n }\n\n return (data ?? []) as { slug: string }[]\n },\n\n /**\n * List all content types for this tenant.\n */\n async getContentTypes(): Promise<ContentType[]> {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .order(\"name\")\n\n if (error) {\n throw new Error(`Failed to fetch content types: ${error.message}`)\n }\n\n return (data ?? []) as ContentType[]\n },\n\n /**\n * Get all slug redirects for a content type.\n * Use in next.config.js redirects() or middleware for 301s.\n * Returns: [{ old_slug, new_slug }, ...]\n */\n async getRedirects(\n contentTypeSlug: string\n ): Promise<{ old_slug: string; new_slug: string }[]> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"slug_redirects\")\n .select(\"old_slug, new_slug\")\n .eq(\"content_type_id\", contentTypeId)\n\n if (error) {\n throw new Error(\n `Failed to fetch redirects for ${contentTypeSlug}: ${error.message}`\n )\n }\n\n return (data ?? []) as { old_slug: string; new_slug: string }[]\n },\n\n /**\n * Get all custom path redirects for this tenant.\n * Use alongside getRedirects() in next.config.ts for full redirect coverage.\n */\n async getCustomRedirects(): Promise<\n { source_path: string; destination_path: string; permanent: boolean }[]\n > {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"custom_redirects\")\n .select(\"source_path, destination_path, permanent\")\n .eq(\"tenant_id\", tenantId)\n\n if (error) {\n throw new Error(`Failed to fetch custom redirects: ${error.message}`)\n }\n\n return (data ?? []) as {\n source_path: string\n destination_path: string\n permanent: boolean\n }[]\n },\n\n /**\n * Get form submissions for a specific form.\n * Useful for displaying testimonials, reviews, etc.\n */\n async getFormSubmissions(\n formSlug: string,\n options: { status?: string; limit?: number; offset?: number } = {}\n ): Promise<Record<string, unknown>[]> {\n const tenantId = await getTenantId()\n\n const { data: form } = await client\n .from(\"forms\")\n .select(\"id\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", formSlug)\n .single()\n\n if (!form) return []\n\n const { limit = 50, offset = 0, status } = options\n\n let query = client\n .from(\"form_submissions\")\n .select(\"*\")\n .eq(\"form_id\", form.id)\n .eq(\"is_spam\", false)\n .order(\"created_at\", { ascending: false })\n .range(offset, offset + limit - 1)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n const { data } = await query\n return (data ?? []) as Record<string, unknown>[]\n },\n\n /**\n * Get a form configuration by slug.\n */\n async getForm(\n formSlug: string\n ): Promise<Record<string, unknown> | null> {\n const tenantId = await getTenantId()\n\n const { data } = await client\n .from(\"forms\")\n .select(\"id, name, slug, description, is_active\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", formSlug)\n .single()\n\n return data as Record<string, unknown> | null\n },\n\n /**\n * Get a flipbook by ID, including CDN-resolved page image URLs.\n * Returns null if not found or manifest not yet ready.\n */\n getFlipbook,\n\n /**\n * Get Google Reviews for this tenant.\n * Defaults to approved reviews ordered by most recent.\n */\n async getReviews(\n options: ReviewQueryOptions = {}\n ): Promise<GoogleReview[]> {\n const tenantId = await getTenantId()\n\n const {\n status = \"approved\",\n minRating,\n limit = 50,\n offset = 0,\n orderBy = \"review_timestamp\",\n orderDirection = \"desc\",\n } = options\n\n let query = client\n .from(\"google_reviews\")\n .select(\"id, author_name, author_photo_url, rating, text, review_timestamp\")\n .eq(\"tenant_id\", tenantId)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n if (minRating) {\n query = query.gte(\"rating\", minRating)\n }\n\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n\n if (error) {\n throw new Error(`Failed to fetch reviews: ${error.message}`)\n }\n\n return (data ?? []) as GoogleReview[]\n },\n\n /**\n * Get the tenant's third-party tracking IDs (Google Analytics, Google Tag Manager, Meta Pixel).\n * Each value is null when not configured. These IDs are public and safe to render in HTML.\n *\n * On Next.js, the result is cached and revalidated every hour by default\n * (`revalidate: 3600`) and tagged with `TRACKING_CONFIG_TAG`. Tenant sites\n * that want zero-lag updates can call `revalidateTag(TRACKING_CONFIG_TAG)`\n * from a webhook. Pass `revalidate: 0` to disable caching, `revalidate: false`\n * to cache indefinitely (tag-only invalidation), or any positive integer\n * (seconds) to override the interval. Outside Next.js the cache hints are\n * silently ignored — every call hits the network.\n */\n async getTrackingConfig(options: TrackingConfigOptions = {}): Promise<TrackingConfig> {\n const { revalidate = 3600, tags = [TRACKING_CONFIG_TAG] } = options\n const supabaseUrl = (supabase as unknown as { supabaseUrl: string }).supabaseUrl\n const supabaseKey = (supabase as unknown as { supabaseKey: string }).supabaseKey\n\n // Direct PostgREST fetch (instead of going through supabase-js) so that\n // Next.js sees the request and applies its `next` cache options. RLS\n // restricts the result to the tenant matching `x-cms-api-key`, so no\n // explicit tenant_id filter is needed.\n const url =\n `${supabaseUrl}/rest/v1/tenant_settings` +\n `?select=google_analytics_id,google_tag_manager_id,meta_pixel_id&limit=1`\n\n const init: RequestInit & { next?: { revalidate?: number | false; tags?: string[] } } = {\n headers: {\n apikey: supabaseKey,\n Authorization: `Bearer ${supabaseKey}`,\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n Accept: \"application/json\",\n },\n next: { revalidate, tags },\n }\n\n let row: {\n google_analytics_id: string | null\n google_tag_manager_id: string | null\n meta_pixel_id: string | null\n } | undefined\n\n try {\n const res = await fetch(url, init as RequestInit)\n if (res.ok) {\n const rows = (await res.json()) as Array<typeof row>\n row = rows?.[0]\n }\n } catch {\n // Network errors fall through to the all-null result so a transient\n // outage on the CMS never breaks page renders on the tenant site.\n }\n\n return {\n googleAnalyticsId: nullify(row?.google_analytics_id),\n googleTagManagerId: nullify(row?.google_tag_manager_id),\n metaPixelId: nullify(row?.meta_pixel_id),\n }\n },\n }\n}\n\n/**\n * Cache tag applied to `getTrackingConfig()` fetches on Next.js. Call\n * `revalidateTag(TRACKING_CONFIG_TAG)` from a webhook handler on the tenant\n * site to make tracking-ID changes take effect immediately rather than\n * waiting for the next revalidation interval.\n */\nexport const TRACKING_CONFIG_TAG = \"cms:tracking-config\"\n\nexport interface TrackingConfigOptions {\n /**\n * Cache lifetime for the underlying fetch on Next.js, in seconds.\n * Defaults to 3600 (one hour). Set to `0` to disable caching, or `false`\n * to cache indefinitely until the tag is revalidated. Ignored outside\n * Next.js runtimes.\n */\n revalidate?: number | false\n /**\n * Cache tags for the underlying fetch on Next.js. Defaults to\n * `[TRACKING_CONFIG_TAG]`. Override to namespace by tenant if you share a\n * single Next.js process across multiple tenants (uncommon).\n */\n tags?: string[]\n}\n\nfunction nullify(v: string | null | undefined): string | null {\n if (!v) return null\n const trimmed = v.trim()\n return trimmed.length > 0 ? trimmed : null\n}\n\nexport interface TrackingConfig {\n googleAnalyticsId: string | null\n googleTagManagerId: string | null\n metaPixelId: string | null\n}\n\n/**\n * Creates a new Supabase client that includes the `x-cms-api-key`\n * header in every request, using the same URL and key as the original.\n */\nfunction withApiKey(supabase: SupabaseClient, apiKey: string) {\n // Extract URL and key from the existing client\n const supabaseUrl = (supabase as unknown as { supabaseUrl: string }).supabaseUrl\n const supabaseKey = (supabase as unknown as { supabaseKey: string }).supabaseKey\n\n return createSupabaseClient(supabaseUrl, supabaseKey, {\n global: {\n headers: {\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n },\n },\n })\n}\n","/**\n * The version of @distinctagency/cms-client embedded in this build.\n *\n * Bump this in lock-step with package.json — the value is read by the SDK to\n * report installed-version telemetry and to send `x-cms-client-version` on\n * outgoing requests.\n */\nexport const CMS_CLIENT_VERSION = \"1.14.1\"\n","import { CMS_CLIENT_VERSION } from \"./version\"\n\n/**\n * Reports the running SDK version to the CMS so the Super Admin UI can show\n * which client version each tenant site is on.\n *\n * Day-granular and process-local: at most one POST per (api key + day) per\n * Node process. Calls from browser code are ignored — the API key would be\n * exposed and the data is redundant with server-side reports.\n *\n * Fire-and-forget. Failures are silent — telemetry must never break a render.\n */\n\nconst DEFAULT_APP_URL = \"https://cms.distinctstudio.co.nz\"\n\ninterface ReportRecord {\n date: string // YYYY-MM-DD\n version: string\n}\n\nconst reported = new Map<string, ReportRecord>()\n\nfunction todayKey(): string {\n return new Date().toISOString().slice(0, 10)\n}\n\nexport function reportClientVersion(apiKey: string, appUrl?: string): void {\n // Skip in browser contexts — server-side calls already cover the tenant.\n if (typeof window !== \"undefined\") return\n if (!apiKey) return\n\n const today = todayKey()\n const last = reported.get(apiKey)\n if (last && last.date === today && last.version === CMS_CLIENT_VERSION) return\n\n // Optimistically mark as reported so concurrent calls don't all fire. If the\n // request fails we'll retry tomorrow — that's acceptable for telemetry.\n reported.set(apiKey, { date: today, version: CMS_CLIENT_VERSION })\n\n const envAppUrl =\n typeof process !== \"undefined\" ? process.env?.NEXT_PUBLIC_CMS_URL : undefined\n const base = (appUrl ?? envAppUrl ?? DEFAULT_APP_URL).replace(/\\/$/, \"\")\n const url = `${base}/api/client-telemetry`\n\n // Fire and forget. Use a hand-rolled then() chain rather than async/await so\n // we don't accidentally surface an unhandled rejection.\n void fetch(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n },\n body: JSON.stringify({\n api_key: apiKey,\n version: CMS_CLIENT_VERSION,\n }),\n }).catch(() => {\n // Allow a retry on the next call by clearing the optimistic record.\n reported.delete(apiKey)\n })\n}\n","import type { EmbedValue } from \"./types\"\n\nfunction toCssAspectRatio(ratio: string): string {\n const parts = ratio.split(\":\")\n if (parts.length !== 2) return \"16/9\"\n const w = parseFloat(parts[0])\n const h = parseFloat(parts[1])\n if (!w || !h || w <= 0 || h <= 0) return \"16/9\"\n return `${w}/${h}`\n}\n\n/**\n * Generate responsive iframe HTML for an embed field value.\n * Returns an empty string if the value is invalid or the URL is not HTTPS.\n */\nexport function getEmbedHtml(value: unknown): string {\n if (!value || typeof value !== \"object\") return \"\"\n const embed = value as EmbedValue\n if (!embed.url || !embed.url.startsWith(\"https://\")) return \"\"\n\n const width = embed.width || \"100%\"\n const aspectRatio = toCssAspectRatio(embed.aspect_ratio || \"16:9\")\n\n return `<div style=\"position:relative;width:${width};aspect-ratio:${aspectRatio}\"><iframe src=\"${embed.url}\" style=\"position:absolute;inset:0;width:100%;height:100%\" frameborder=\"0\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox\" allowfullscreen loading=\"lazy\"></iframe></div>`\n}\n","import type { SupabaseClient } from \"@supabase/supabase-js\"\nimport type {\n Product,\n ProductCategory,\n ProductQueryOptions,\n CreateOrderParams,\n CreateOrderResult,\n} from \"./types\"\nimport { CMS_CLIENT_VERSION } from \"./version\"\nimport { reportClientVersion } from \"./telemetry\"\n\nconst DEFAULT_APP_URL = \"https://cms.distinctstudio.co.nz\"\n\nexport interface ShopClientOptions {\n /** Tenant API key (UUID). Sent as `x-cms-api-key` on every request. */\n apiKey: string\n /** CMS app base URL. Defaults to `https://cms.distinctstudio.co.nz`. */\n appUrl?: string\n}\n\n/**\n * Creates a typed client for the eCommerce REST API (products, categories, orders).\n *\n * Unlike `createCmsClient`, the shop client talks to the CMS REST endpoints\n * (`/api/products`, `/api/product-categories`, `/api/orders/create`) rather than\n * Supabase directly — it doesn't need the `supabase` argument, but accepts it\n * for API symmetry with the rest of the SDK.\n *\n * Usage:\n * ```ts\n * const shop = createShopClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const products = await shop.getProducts({ category: \"electronics\", limit: 20 })\n * ```\n */\nexport function createShopClient(\n _supabase: SupabaseClient,\n options: ShopClientOptions\n) {\n const { apiKey } = options\n const appUrl = (options.appUrl ?? DEFAULT_APP_URL).replace(/\\/$/, \"\")\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, appUrl)\n\n function authHeaders(): HeadersInit {\n return {\n \"Content-Type\": \"application/json\",\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n }\n }\n\n async function getJson<T>(path: string): Promise<T> {\n const res = await fetch(`${appUrl}${path}`, {\n headers: authHeaders(),\n // Caller controls Next.js caching by wrapping the call site.\n })\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(\n body.error ?? `Shop request failed (${res.status}): ${path}`\n )\n }\n return res.json() as Promise<T>\n }\n\n return {\n /**\n * List published products. Includes nested `variants` and `options`.\n *\n * `category` filters by category slug (matches the FK `category_id`,\n * with a fallback to the legacy `category` text column).\n */\n async getProducts(queryOptions: ProductQueryOptions = {}): Promise<Product[]> {\n const params = new URLSearchParams()\n if (queryOptions.category) params.set(\"category\", queryOptions.category)\n if (queryOptions.tags?.length) params.set(\"tags\", queryOptions.tags.join(\",\"))\n if (queryOptions.limit) params.set(\"limit\", String(queryOptions.limit))\n if (queryOptions.offset) params.set(\"offset\", String(queryOptions.offset))\n if (queryOptions.sort) params.set(\"sort\", queryOptions.sort)\n if (queryOptions.order) params.set(\"order\", queryOptions.order)\n\n const qs = params.toString()\n const { products } = await getJson<{ products: Product[] }>(\n `/api/products${qs ? `?${qs}` : \"\"}`\n )\n return products ?? []\n },\n\n /**\n * Get a single published product by slug. Returns null if not found.\n * Includes nested `variants` and `options`.\n */\n async getProductBySlug(slug: string): Promise<Product | null> {\n const res = await fetch(`${appUrl}/api/products/${encodeURIComponent(slug)}`, {\n headers: authHeaders(),\n })\n if (res.status === 404) return null\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(body.error ?? `Failed to fetch product ${slug}`)\n }\n const { product } = (await res.json()) as { product: Product }\n return product ?? null\n },\n\n /**\n * List product categories for the tenant, ordered by sort_order then name.\n */\n async getCategories(): Promise<ProductCategory[]> {\n const { categories } = await getJson<{ categories: ProductCategory[] }>(\n `/api/product-categories`\n )\n return categories ?? []\n },\n\n /**\n * Get a single category by slug. Returns null if not found.\n */\n async getCategoryBySlug(slug: string): Promise<ProductCategory | null> {\n const all = await this.getCategories()\n return all.find((c) => c.slug === slug) ?? null\n },\n\n /**\n * Create a pending order and return a Stripe PaymentIntent client_secret\n * to confirm payment client-side.\n *\n * Stripe must be configured for the tenant; eCommerce must be enabled on\n * their billing plan. Validates stock for tracked variants and applies\n * any discount code before creating the PaymentIntent.\n */\n async createOrder(params: CreateOrderParams): Promise<CreateOrderResult> {\n const res = await fetch(`${appUrl}/api/orders/create`, {\n method: \"POST\",\n headers: authHeaders(),\n body: JSON.stringify({ api_key: apiKey, ...params }),\n })\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(body.error ?? \"Order creation failed\")\n }\n return res.json() as Promise<CreateOrderResult>\n },\n }\n}\n","import type { SupabaseClient } from \"@supabase/supabase-js\"\nimport { reportClientVersion } from \"./telemetry\"\n\nexport type EventStatus = \"draft\" | \"published\" | \"archived\"\nexport type BookingStatus = \"pending\" | \"confirmed\" | \"cancelled\" | \"refunded\"\n\nexport interface CmsEvent {\n id: string\n tenant_id: string\n title: string\n slug: string\n description: string | null\n short_description: string | null\n status: EventStatus\n start_at: string\n end_at: string | null\n venue_name: string | null\n venue_address: string | null\n hero_image: string | null\n gallery: string[]\n tags: string[]\n seo_title: string | null\n seo_description: string | null\n metadata: Record<string, unknown>\n sort_order: number\n published_at: string | null\n created_at: string\n updated_at: string\n}\n\nexport interface CmsTicketTier {\n id: string\n event_id: string\n tenant_id: string\n name: string\n description: string | null\n price_cents: number\n capacity: number | null\n sold_count: number\n sales_start_at: string | null\n sales_end_at: string | null\n is_active: boolean\n sort_order: number\n}\n\nexport interface EventWithTiers extends CmsEvent {\n tiers: CmsTicketTier[]\n}\n\nexport interface EventQueryOptions {\n /** Only include events with start_at >= now. Default false. */\n upcomingOnly?: boolean\n tag?: string\n limit?: number\n offset?: number\n sort?: \"start_at\" | \"sort_order\" | \"created_at\"\n order?: \"asc\" | \"desc\"\n}\n\nexport interface CreateBookingParams {\n event_slug: string\n ticket_tier_id?: string\n customer_email: string\n customer_name?: string\n customer_phone?: string\n quantity?: number\n success_url?: string\n cancel_url?: string\n metadata?: Record<string, unknown>\n}\n\nexport interface CreateBookingResult {\n booking_id: string\n booking_number: string\n status: \"pending\" | \"confirmed\"\n /** Redirect the browser here for paid bookings. */\n checkout_url?: string\n /** Present on free bookings — used for attendance QR display. */\n qr_token?: string\n}\n\nexport function createEventsClient(\n supabase: SupabaseClient,\n options: { apiKey: string; appUrl?: string }\n) {\n const { apiKey, appUrl } = options\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, appUrl)\n\n async function getEvents(\n queryOptions?: EventQueryOptions\n ): Promise<EventWithTiers[]> {\n let query = supabase\n .from(\"events\")\n .select(\"*, tiers:ticket_tiers(*)\")\n .eq(\"status\", \"published\")\n .order(queryOptions?.sort ?? \"start_at\", {\n ascending: (queryOptions?.order ?? \"asc\") === \"asc\",\n })\n\n if (queryOptions?.upcomingOnly) {\n query = query.gte(\"start_at\", new Date().toISOString())\n }\n if (queryOptions?.tag) {\n query = query.contains(\"tags\", [queryOptions.tag])\n }\n if (queryOptions?.limit) {\n query = query.limit(queryOptions.limit)\n }\n if (queryOptions?.offset) {\n query = query.range(\n queryOptions.offset,\n queryOptions.offset + (queryOptions.limit ?? 50) - 1\n )\n }\n\n const { data } = await query\n return (data ?? []) as EventWithTiers[]\n }\n\n async function getEventBySlug(slug: string): Promise<EventWithTiers | null> {\n const { data } = await supabase\n .from(\"events\")\n .select(\"*, tiers:ticket_tiers(*)\")\n .eq(\"slug\", slug)\n .eq(\"status\", \"published\")\n .single()\n return (data as EventWithTiers) ?? null\n }\n\n async function createBooking(\n params: CreateBookingParams\n ): Promise<CreateBookingResult> {\n const baseUrl = appUrl ?? \"\"\n const res = await fetch(`${baseUrl}/api/bookings/create`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ api_key: apiKey, ...params }),\n })\n if (!res.ok) {\n const err = await res\n .json()\n .catch(() => ({ error: \"Booking creation failed\" }))\n throw new Error(err.error ?? \"Booking creation failed\")\n }\n return res.json() as Promise<CreateBookingResult>\n }\n\n return { getEvents, getEventBySlug, createBooking }\n}\n","/**\n * Image helpers for CMS content.\n *\n * Images are already optimised (WebP, max 2400px) on upload.\n * No server-side transforms needed — serve originals directly.\n *\n * These functions are kept for backward compatibility but no longer\n * call Supabase image transformation endpoints.\n */\n\nexport interface ImageTransformOptions {\n width?: number\n height?: number\n quality?: number\n resize?: \"contain\" | \"cover\" | \"fill\"\n format?: \"origin\"\n}\n\n/**\n * Returns the image URL directly.\n *\n * Previously this converted URLs to use Supabase's /render/image/\n * transform endpoint, but images are now pre-optimised on upload\n * (WebP, max 2400px, quality 82) so transforms are unnecessary.\n *\n * The function is kept for backward compatibility — existing code\n * that calls getTransformUrl() will continue to work without changes.\n */\nexport function getTransformUrl(\n originalUrl: string,\n _options: ImageTransformOptions = {}\n): string {\n return originalUrl\n}\n\n/**\n * Returns a simple srcSet using the original image.\n *\n * Previously generated multiple transformed widths, but since images\n * are now pre-optimised WebP, a single source is sufficient.\n * Modern browsers handle responsive display efficiently with a\n * well-sized WebP source.\n */\nexport function getSrcSet(\n originalUrl: string,\n _widths: number[] = [],\n _quality = 80\n): string {\n return `${originalUrl} 2400w`\n}\n\n/**\n * Common image size presets — kept for backward compatibility.\n * Since images are pre-optimised, these are informational only.\n */\nexport const IMAGE_PRESETS = {\n thumbnail: { width: 150, height: 150, resize: \"cover\" as const, quality: 70 },\n card: { width: 400, height: 300, resize: \"cover\" as const, quality: 80 },\n hero: { width: 1200, height: 630, resize: \"cover\" as const, quality: 85 },\n og: { width: 1200, height: 630, resize: \"cover\" as const, quality: 90 },\n avatar: { width: 80, height: 80, resize: \"cover\" as const, quality: 75 },\n full: { width: 1920, resize: \"contain\" as const, quality: 85 },\n} as const\n"],"mappings":";AAAA,SAAS,gBAAgB,4BAA4B;;;ACO9C,IAAM,qBAAqB;;;ACMlC,IAAM,kBAAkB;AAOxB,IAAM,WAAW,oBAAI,IAA0B;AAE/C,SAAS,WAAmB;AAC1B,UAAO,oBAAI,KAAK,GAAE,YAAY,EAAE,MAAM,GAAG,EAAE;AAC7C;AAEO,SAAS,oBAAoB,QAAgB,QAAuB;AAEzE,MAAI,OAAO,WAAW,YAAa;AACnC,MAAI,CAAC,OAAQ;AAEb,QAAM,QAAQ,SAAS;AACvB,QAAM,OAAO,SAAS,IAAI,MAAM;AAChC,MAAI,QAAQ,KAAK,SAAS,SAAS,KAAK,YAAY,mBAAoB;AAIxE,WAAS,IAAI,QAAQ,EAAE,MAAM,OAAO,SAAS,mBAAmB,CAAC;AAEjE,QAAM,YACJ,OAAO,YAAY,cAAc,QAAQ,KAAK,sBAAsB;AACtE,QAAM,QAAQ,UAAU,aAAa,iBAAiB,QAAQ,OAAO,EAAE;AACvE,QAAM,MAAM,GAAG,IAAI;AAInB,OAAK,MAAM,KAAK;AAAA,IACd,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,wBAAwB;AAAA,IAC1B;AAAA,IACA,MAAM,KAAK,UAAU;AAAA,MACnB,SAAS;AAAA,MACT,SAAS;AAAA,IACX,CAAC;AAAA,EACH,CAAC,EAAE,MAAM,MAAM;AAEb,aAAS,OAAO,MAAM;AAAA,EACxB,CAAC;AACH;;;AFpCO,SAAS,gBACd,UACA,SACA;AACA,QAAM,EAAE,OAAO,IAAI;AAGnB,QAAM,SAAS,WAAW,UAAU,MAAM;AAG1C,sBAAoB,QAAQ,QAAQ,MAAM;AAG1C,MAAI,gBAA+B;AAEnC,iBAAe,cAA+B;AAC5C,QAAI,cAAe,QAAO;AAE1B,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,SAAS,EACd,OAAO,IAAI,EACX,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,oBAAgB,KAAK;AACrB,WAAO,KAAK;AAAA,EACd;AAGA,QAAM,mBAAmB,oBAAI,IAAyB;AAEtD,iBAAe,qBAAqB,iBAA+C;AACjF,QAAI,iBAAiB,IAAI,eAAe,EAAG,QAAO,iBAAiB,IAAI,eAAe;AACtF,UAAM,WAAW,MAAM,YAAY;AAEnC,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,eAAe,EAC1B,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,YAAM,IAAI,MAAM,2BAA2B,eAAe,EAAE;AAAA,IAC9D;AAEA,UAAM,KAAK;AACX,qBAAiB,IAAI,iBAAiB,EAAE;AACxC,WAAO;AAAA,EACT;AAEA,iBAAe,iBAAiB,iBAA0C;AACxE,UAAM,KAAK,MAAM,qBAAqB,eAAe;AACrD,WAAO,GAAG;AAAA,EACZ;AAGA,iBAAe,kBACb,aACA,aAC4D;AAC5D,UAAM,iBAAiB,YAAY;AACnC,QAAI,CAAC,eAAgB,QAAO,EAAE,SAAS,MAAM,cAAc,KAAK;AAEhE,QAAI,CAAC,YAAa,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAG9D,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,OAC7B,KAAK,iBAAiB,EACtB,OAAO,WAAW,EAClB,GAAG,cAAc,WAAW,EAC5B,OAAO;AAEV,QAAI,CAAC,QAAS,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAE1D,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,OAC5B,KAAK,SAAS,EACd,OAAO,4BAA4B,EACnC,GAAG,MAAM,QAAQ,SAAS,EAC1B,OAAO;AAEV,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAIvF,WAAO;AAAA,MACL,SAAS,OAAO,uBAAuB;AAAA,MACvC,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAEA,iBAAe,YAAY,IAA8D;AACvF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,WAAW,EAChB,OAAO,sEAAsE,EAC7E,GAAG,MAAM,EAAE,EACX,OAAO;AACV,QAAI,SAAS,CAAC,KAAM,QAAO;AAE3B,UAAM,WAAW,KAAK;AAGtB,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,QACL,IAAI,KAAK;AAAA,QACT,OAAO,KAAK;AAAA,QACZ,YAAa,KAAK,cAAyB;AAAA,QAC3C,QAAQ,KAAK;AAAA,QACb,aAAa,CAAC;AAAA,QACd,KAAK,CAAC;AAAA,QACN,cAAc;AAAA,MAChB;AAAA,IACF;AAMA,UAAM,OAAQ,WAA0E;AACxF,UAAM,UAAU,MAAM,KAAK,6BAA6B;AACxD,UAAM,SAAS,aAAa,KAAK,SAAmB,IAAI,KAAK,EAAY;AACzE,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,YAAa,KAAK,cAAyB,SAAS,MAAM;AAAA,MAC1D,QAAQ,KAAK;AAAA,MACb,aAAa,SAAS,MAAM,IAAI,CAAC,OAAO;AAAA,QACtC,KAAK,GAAG,OAAO,IAAI,MAAM,GAAG,EAAE,KAAK;AAAA,QACnC,WAAW,GAAG,OAAO,IAAI,MAAM,GAAG,EAAE,KAAK;AAAA,QACzC,GAAG,EAAE;AAAA,QACL,GAAG,EAAE;AAAA,MACP,EAAE;AAAA,MACF,KAAK,SAAS;AAAA,MACd,cAAc,KAAK,mBACf,GAAG,QAAQ,UAAU,EAAE,kBAAkB,KAAK,EAAY,cAC1D;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,IAKL,MAAM,gBACJ,iBACAA,WAA+B,CAAC,GACiB;AACjD,YAAM,cAAc,MAAM,qBAAqB,eAAe;AAE9D,YAAM;AAAA,QACJ,SAAS;AAAA,QACT,UAAU;AAAA,QACV,iBAAiB;AAAA,QACjB,QAAQ;AAAA,QACR,SAAS;AAAA,QACT;AAAA,MACF,IAAIA;AAGJ,YAAM,SAAS,MAAM,kBAAkB,aAAa,WAAW;AAG/D,UAAI,CAAC,OAAO,WAAW,YAAY,6BAA6B;AAE9D,cAAM,WAAW,MAAM,YAAY;AACnC,cAAM,EAAE,MAAM,SAAS,IAAI,MAAM,OAC9B,KAAK,iBAAiB,EACtB,OAAO,wBAAwB,EAC/B,GAAG,aAAa,QAAQ,EACxB,OAAO;AAEV,cAAM,OAAQ,UAAU,0BAAqC;AAE7D,YAAI,SAAS,QAAQ;AACnB,iBAAO,CAAC;AAAA,QACV;AAGA,YAAIC,SAAQ,OACT,KAAK,eAAe,EACpB,OAAO,oHAAoH,EAC3H,GAAG,mBAAmB,YAAY,EAAE;AAEvC,YAAI,OAAQ,CAAAA,SAAQA,OAAM,GAAG,UAAU,MAAM;AAC7C,QAAAA,SAAQA,OACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,cAAM,EAAE,MAAAC,OAAM,OAAAC,OAAM,IAAI,MAAMF;AAC9B,YAAIE,OAAO,OAAM,IAAI,MAAM,mBAAmB,eAAe,KAAKA,OAAM,OAAO,EAAE;AAEjF,gBAAQD,SAAQ,CAAC,GAAG,IAAI,CAAC,UAAU;AAAA,UACjC,GAAG;AAAA,UACH,MAAM,CAAC;AAAA,UACP,QAAQ;AAAA,QACV,EAAE;AAAA,MACJ;AAGA,UAAI,QAAQ,OACT,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,mBAAmB,YAAY,EAAE;AAEvC,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,cAAQ,MACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,mBAAmB,eAAe,KAAK,MAAM,OAAO,EAAE;AAAA,MACxE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,qBACJ,iBACA,UAC6B;AAC7B,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,mBAAmB,aAAa,EACnC,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,WAAY,QAAO;AACtC,cAAM,IAAI;AAAA,UACR,mBAAmB,eAAe,IAAI,QAAQ,KAAK,MAAM,OAAO;AAAA,QAClE;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,eAAe,iBAA+C;AAClE,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,eAAe,EAC1B,OAAO;AAEV,UAAI,SAAS,CAAC,MAAM;AAClB,cAAM,IAAI,MAAM,2BAA2B,eAAe,EAAE;AAAA,MAC9D;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,YACJ,iBAC6B;AAC7B,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,MAAM,EACb,GAAG,mBAAmB,aAAa,EACnC,GAAG,UAAU,WAAW;AAE3B,UAAI,OAAO;AACT,cAAM,IAAI;AAAA,UACR,6BAA6B,eAAe,KAAK,MAAM,OAAO;AAAA,QAChE;AAAA,MACF;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAA0C;AAC9C,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,MAAM,MAAM;AAEf,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,kCAAkC,MAAM,OAAO,EAAE;AAAA,MACnE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAM,aACJ,iBACmD;AACnD,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,gBAAgB,EACrB,OAAO,oBAAoB,EAC3B,GAAG,mBAAmB,aAAa;AAEtC,UAAI,OAAO;AACT,cAAM,IAAI;AAAA,UACR,iCAAiC,eAAe,KAAK,MAAM,OAAO;AAAA,QACpE;AAAA,MACF;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,qBAEJ;AACA,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,kBAAkB,EACvB,OAAO,0CAA0C,EACjD,GAAG,aAAa,QAAQ;AAE3B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,qCAAqC,MAAM,OAAO,EAAE;AAAA,MACtE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IAKnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,mBACJ,UACAF,WAAgE,CAAC,GAC7B;AACpC,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAC1B,KAAK,OAAO,EACZ,OAAO,IAAI,EACX,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,UAAI,CAAC,KAAM,QAAO,CAAC;AAEnB,YAAM,EAAE,QAAQ,IAAI,SAAS,GAAG,OAAO,IAAIA;AAE3C,UAAI,QAAQ,OACT,KAAK,kBAAkB,EACvB,OAAO,GAAG,EACV,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,WAAW,KAAK,EACnB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,YAAM,EAAE,KAAK,IAAI,MAAM;AACvB,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,QACJ,UACyC;AACzC,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,KAAK,IAAI,MAAM,OACpB,KAAK,OAAO,EACZ,OAAO,wCAAwC,EAC/C,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,WACJA,WAA8B,CAAC,GACN;AACzB,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM;AAAA,QACJ,SAAS;AAAA,QACT;AAAA,QACA,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,UAAU;AAAA,QACV,iBAAiB;AAAA,MACnB,IAAIA;AAEJ,UAAI,QAAQ,OACT,KAAK,gBAAgB,EACrB,OAAO,mEAAmE,EAC1E,GAAG,aAAa,QAAQ;AAE3B,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,UAAI,WAAW;AACb,gBAAQ,MAAM,IAAI,UAAU,SAAS;AAAA,MACvC;AAEA,cAAQ,MACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,4BAA4B,MAAM,OAAO,EAAE;AAAA,MAC7D;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAcA,MAAM,kBAAkBA,WAAiC,CAAC,GAA4B;AACpF,YAAM,EAAE,aAAa,MAAM,OAAO,CAAC,mBAAmB,EAAE,IAAIA;AAC5D,YAAM,cAAe,SAAgD;AACrE,YAAM,cAAe,SAAgD;AAMrE,YAAM,MACJ,GAAG,WAAW;AAGhB,YAAM,OAAkF;AAAA,QACtF,SAAS;AAAA,UACP,QAAQ;AAAA,UACR,eAAe,UAAU,WAAW;AAAA,UACpC,iBAAiB;AAAA,UACjB,wBAAwB;AAAA,UACxB,QAAQ;AAAA,QACV;AAAA,QACA,MAAM,EAAE,YAAY,KAAK;AAAA,MAC3B;AAEA,UAAI;AAMJ,UAAI;AACF,cAAM,MAAM,MAAM,MAAM,KAAK,IAAmB;AAChD,YAAI,IAAI,IAAI;AACV,gBAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,gBAAM,OAAO,CAAC;AAAA,QAChB;AAAA,MACF,QAAQ;AAAA,MAGR;AAEA,aAAO;AAAA,QACL,mBAAmB,QAAQ,KAAK,mBAAmB;AAAA,QACnD,oBAAoB,QAAQ,KAAK,qBAAqB;AAAA,QACtD,aAAa,QAAQ,KAAK,aAAa;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAQO,IAAM,sBAAsB;AAkBnC,SAAS,QAAQ,GAA6C;AAC5D,MAAI,CAAC,EAAG,QAAO;AACf,QAAM,UAAU,EAAE,KAAK;AACvB,SAAO,QAAQ,SAAS,IAAI,UAAU;AACxC;AAYA,SAAS,WAAW,UAA0B,QAAgB;AAE5D,QAAM,cAAe,SAAgD;AACrE,QAAM,cAAe,SAAgD;AAErE,SAAO,qBAAqB,aAAa,aAAa;AAAA,IACpD,QAAQ;AAAA,MACN,SAAS;AAAA,QACP,iBAAiB;AAAA,QACjB,wBAAwB;AAAA,MAC1B;AAAA,IACF;AAAA,EACF,CAAC;AACH;;;AGhmBA,SAAS,iBAAiB,OAAuB;AAC/C,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,IAAI,WAAW,MAAM,CAAC,CAAC;AAC7B,QAAM,IAAI,WAAW,MAAM,CAAC,CAAC;AAC7B,MAAI,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,KAAK,EAAG,QAAO;AACzC,SAAO,GAAG,CAAC,IAAI,CAAC;AAClB;AAMO,SAAS,aAAa,OAAwB;AACnD,MAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAChD,QAAM,QAAQ;AACd,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,IAAI,WAAW,UAAU,EAAG,QAAO;AAE5D,QAAM,QAAQ,MAAM,SAAS;AAC7B,QAAM,cAAc,iBAAiB,MAAM,gBAAgB,MAAM;AAEjE,SAAO,uCAAuC,KAAK,iBAAiB,WAAW,kBAAkB,MAAM,GAAG;AAC5G;;;ACbA,IAAMI,mBAAkB;AAuBjB,SAAS,iBACd,WACA,SACA;AACA,QAAM,EAAE,OAAO,IAAI;AACnB,QAAM,UAAU,QAAQ,UAAUA,kBAAiB,QAAQ,OAAO,EAAE;AAGpE,sBAAoB,QAAQ,MAAM;AAElC,WAAS,cAA2B;AAClC,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,wBAAwB;AAAA,IAC1B;AAAA,EACF;AAEA,iBAAe,QAAW,MAA0B;AAClD,UAAM,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,IAAI,IAAI;AAAA,MAC1C,SAAS,YAAY;AAAA;AAAA,IAEvB,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,YAAM,IAAI;AAAA,QACR,KAAK,SAAS,wBAAwB,IAAI,MAAM,MAAM,IAAI;AAAA,MAC5D;AAAA,IACF;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOL,MAAM,YAAY,eAAoC,CAAC,GAAuB;AAC5E,YAAM,SAAS,IAAI,gBAAgB;AACnC,UAAI,aAAa,SAAU,QAAO,IAAI,YAAY,aAAa,QAAQ;AACvE,UAAI,aAAa,MAAM,OAAQ,QAAO,IAAI,QAAQ,aAAa,KAAK,KAAK,GAAG,CAAC;AAC7E,UAAI,aAAa,MAAO,QAAO,IAAI,SAAS,OAAO,aAAa,KAAK,CAAC;AACtE,UAAI,aAAa,OAAQ,QAAO,IAAI,UAAU,OAAO,aAAa,MAAM,CAAC;AACzE,UAAI,aAAa,KAAM,QAAO,IAAI,QAAQ,aAAa,IAAI;AAC3D,UAAI,aAAa,MAAO,QAAO,IAAI,SAAS,aAAa,KAAK;AAE9D,YAAM,KAAK,OAAO,SAAS;AAC3B,YAAM,EAAE,SAAS,IAAI,MAAM;AAAA,QACzB,gBAAgB,KAAK,IAAI,EAAE,KAAK,EAAE;AAAA,MACpC;AACA,aAAO,YAAY,CAAC;AAAA,IACtB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,iBAAiB,MAAuC;AAC5D,YAAM,MAAM,MAAM,MAAM,GAAG,MAAM,iBAAiB,mBAAmB,IAAI,CAAC,IAAI;AAAA,QAC5E,SAAS,YAAY;AAAA,MACvB,CAAC;AACD,UAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,cAAM,IAAI,MAAM,KAAK,SAAS,2BAA2B,IAAI,EAAE;AAAA,MACjE;AACA,YAAM,EAAE,QAAQ,IAAK,MAAM,IAAI,KAAK;AACpC,aAAO,WAAW;AAAA,IACpB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,gBAA4C;AAChD,YAAM,EAAE,WAAW,IAAI,MAAM;AAAA,QAC3B;AAAA,MACF;AACA,aAAO,cAAc,CAAC;AAAA,IACxB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAAkB,MAA+C;AACrE,YAAM,MAAM,MAAM,KAAK,cAAc;AACrC,aAAO,IAAI,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI,KAAK;AAAA,IAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,MAAM,YAAY,QAAuD;AACvE,YAAM,MAAM,MAAM,MAAM,GAAG,MAAM,sBAAsB;AAAA,QACrD,QAAQ;AAAA,QACR,SAAS,YAAY;AAAA,QACrB,MAAM,KAAK,UAAU,EAAE,SAAS,QAAQ,GAAG,OAAO,CAAC;AAAA,MACrD,CAAC;AACD,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,cAAM,IAAI,MAAM,KAAK,SAAS,uBAAuB;AAAA,MACvD;AACA,aAAO,IAAI,KAAK;AAAA,IAClB;AAAA,EACF;AACF;;;AChEO,SAAS,mBACd,UACA,SACA;AACA,QAAM,EAAE,QAAQ,OAAO,IAAI;AAG3B,sBAAoB,QAAQ,MAAM;AAElC,iBAAe,UACb,cAC2B;AAC3B,QAAI,QAAQ,SACT,KAAK,QAAQ,EACb,OAAO,0BAA0B,EACjC,GAAG,UAAU,WAAW,EACxB,MAAM,cAAc,QAAQ,YAAY;AAAA,MACvC,YAAY,cAAc,SAAS,WAAW;AAAA,IAChD,CAAC;AAEH,QAAI,cAAc,cAAc;AAC9B,cAAQ,MAAM,IAAI,aAAY,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,IACxD;AACA,QAAI,cAAc,KAAK;AACrB,cAAQ,MAAM,SAAS,QAAQ,CAAC,aAAa,GAAG,CAAC;AAAA,IACnD;AACA,QAAI,cAAc,OAAO;AACvB,cAAQ,MAAM,MAAM,aAAa,KAAK;AAAA,IACxC;AACA,QAAI,cAAc,QAAQ;AACxB,cAAQ,MAAM;AAAA,QACZ,aAAa;AAAA,QACb,aAAa,UAAU,aAAa,SAAS,MAAM;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM;AACvB,WAAQ,QAAQ,CAAC;AAAA,EACnB;AAEA,iBAAe,eAAe,MAA8C;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,SACpB,KAAK,QAAQ,EACb,OAAO,0BAA0B,EACjC,GAAG,QAAQ,IAAI,EACf,GAAG,UAAU,WAAW,EACxB,OAAO;AACV,WAAQ,QAA2B;AAAA,EACrC;AAEA,iBAAe,cACb,QAC8B;AAC9B,UAAM,UAAU,UAAU;AAC1B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,wBAAwB;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,SAAS,QAAQ,GAAG,OAAO,CAAC;AAAA,IACrD,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,MAAM,MAAM,IACf,KAAK,EACL,MAAM,OAAO,EAAE,OAAO,0BAA0B,EAAE;AACrD,YAAM,IAAI,MAAM,IAAI,SAAS,yBAAyB;AAAA,IACxD;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO,EAAE,WAAW,gBAAgB,cAAc;AACpD;;;AC1HO,SAAS,gBACd,aACA,WAAkC,CAAC,GAC3B;AACR,SAAO;AACT;AAUO,SAAS,UACd,aACA,UAAoB,CAAC,GACrB,WAAW,IACH;AACR,SAAO,GAAG,WAAW;AACvB;AAMO,IAAM,gBAAgB;AAAA,EAC3B,WAAW,EAAE,OAAO,KAAK,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EAC5E,MAAM,EAAE,OAAO,KAAK,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACvE,MAAM,EAAE,OAAO,MAAM,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACxE,IAAI,EAAE,OAAO,MAAM,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACtE,QAAQ,EAAE,OAAO,IAAI,QAAQ,IAAI,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACvE,MAAM,EAAE,OAAO,MAAM,QAAQ,WAAoB,SAAS,GAAG;AAC/D;","names":["options","query","data","error","DEFAULT_APP_URL"]}
1
+ {"version":3,"sources":["../src/version.ts","../src/queries.ts","../src/telemetry.ts","../src/embed.ts","../src/shop.ts","../src/events.ts","../src/cdn.ts","../src/webhooks.ts"],"sourcesContent":["/**\n * The version of @distinctagency/cms-client embedded in this build.\n *\n * Bump this in lock-step with package.json — the value is read by the SDK to\n * report installed-version telemetry and to send `x-cms-client-version` on\n * outgoing requests.\n */\nexport const CMS_CLIENT_VERSION = \"1.16.0\"\n","import { createClient as createSupabaseClient } from \"@supabase/supabase-js\"\nimport type { SupabaseClient } from \"@supabase/supabase-js\"\nimport type {\n CmsClientOptions,\n ContentItem,\n ContentQueryOptions,\n ContentType,\n GoogleReview,\n ReviewQueryOptions,\n} from \"./types\"\nimport { CMS_CLIENT_VERSION } from \"./version\"\nimport { reportClientVersion } from \"./telemetry\"\n\n/**\n * Creates a CMS query client authenticated with a tenant API key.\n *\n * Usage:\n * ```ts\n * const cms = createCmsClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const events = await cms.getContentItems('events', { status: 'published' })\n * ```\n *\n * The API key is sent as an `x-cms-api-key` header on every request.\n * Supabase RLS policies validate it against the tenant's stored key.\n */\nexport function createCmsClient(\n supabase: SupabaseClient,\n options: CmsClientOptions\n) {\n const { apiKey } = options\n\n // Create a new Supabase client with the API key header injected globally\n const client = withApiKey(supabase, apiKey) as SupabaseClient\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, options.appUrl)\n\n /** Resolve the tenant ID from the API key (cached per request) */\n let tenantIdCache: string | null = null\n\n async function getTenantId(): Promise<string> {\n if (tenantIdCache) return tenantIdCache\n\n const { data, error } = await client\n .from(\"tenants\")\n .select(\"id\")\n .single()\n\n if (error || !data) {\n throw new Error(\n \"Invalid CMS API key — no tenant found. Check your apiKey.\"\n )\n }\n\n tenantIdCache = data.id\n return data.id\n }\n\n /** Resolve a content type from its slug (cached) */\n const contentTypeCache = new Map<string, ContentType>()\n\n async function getContentTypeBySlug(contentTypeSlug: string): Promise<ContentType> {\n if (contentTypeCache.has(contentTypeSlug)) return contentTypeCache.get(contentTypeSlug)!\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", contentTypeSlug)\n .single()\n\n if (error || !data) {\n throw new Error(`Content type not found: ${contentTypeSlug}`)\n }\n\n const ct = data as ContentType\n contentTypeCache.set(contentTypeSlug, ct)\n return ct\n }\n\n async function getContentTypeId(contentTypeSlug: string): Promise<string> {\n const ct = await getContentTypeBySlug(contentTypeSlug)\n return ct.id\n }\n\n /** Check if a member token has access to a gated content type */\n async function checkMemberAccess(\n contentType: ContentType,\n memberToken?: string\n ): Promise<{ allowed: boolean; memberTierId: string | null }> {\n const requiredTierId = contentType.required_membership_tier_id\n if (!requiredTierId) return { allowed: true, memberTierId: null } // Public\n\n if (!memberToken) return { allowed: false, memberTierId: null } // Gated but no token\n\n // Verify the member's token and check their tier\n const { data: session } = await client\n .from(\"member_sessions\")\n .select(\"member_id\")\n .eq(\"token_hash\", memberToken) // Note: caller should hash the token\n .single()\n\n if (!session) return { allowed: false, memberTierId: null }\n\n const { data: member } = await client\n .from(\"members\")\n .select(\"membership_tier_id, status\")\n .eq(\"id\", session.member_id)\n .single()\n\n if (!member || member.status !== \"active\") return { allowed: false, memberTierId: null }\n\n // Check if the member's tier matches (or exceeds) the required tier\n // For now: exact match or the member has the required tier\n return {\n allowed: member.membership_tier_id === requiredTierId,\n memberTierId: member.membership_tier_id as string | null,\n }\n }\n\n async function getFlipbook(id: string): Promise<import(\"./types\").FlipbookPublic | null> {\n const { data, error } = await client\n .from(\"flipbooks\")\n .select(\"id, title, page_count, status, manifest, download_enabled, tenant_id\")\n .eq(\"id\", id)\n .single()\n if (error || !data) return null\n\n const manifest = data.manifest as\n | { pages: Array<{ image: string; thumb: string; w: number; h: number }>; toc: Array<{ title: string; page: number }> }\n | null\n if (!manifest) {\n return {\n id: data.id as string,\n title: data.title as string,\n page_count: (data.page_count as number) ?? 0,\n status: data.status as \"pending_upload\" | \"pending\" | \"processing\" | \"ready\" | \"failed\",\n page_images: [],\n toc: [],\n download_url: null,\n }\n }\n\n // Browser-safe env lookup via globalThis. The client package builds without\n // @types/node so referring to `process` directly fails the dts build; reading\n // through globalThis sidesteps that and works in every JS environment that\n // matters (Node, browsers, edge runtimes).\n const proc = (globalThis as { process?: { env?: Record<string, string | undefined> } }).process\n const cdnBase = proc?.env?.NEXT_PUBLIC_R2_PUBLIC_URL ?? \"https://cdn.distinctstudio.co.nz\"\n const prefix = `flipbooks/${data.tenant_id as string}/${data.id as string}/`\n return {\n id: data.id as string,\n title: data.title as string,\n page_count: (data.page_count as number) ?? manifest.pages.length,\n status: data.status as \"pending\" | \"processing\" | \"ready\" | \"failed\",\n page_images: manifest.pages.map((p) => ({\n url: `${cdnBase}/${prefix}${p.image}`,\n thumb_url: `${cdnBase}/${prefix}${p.thumb}`,\n w: p.w,\n h: p.h,\n })),\n toc: manifest.toc,\n download_url: data.download_enabled\n ? `${options.appUrl ?? \"\"}/api/flipbooks/${data.id as string}/download`\n : null,\n }\n }\n\n return {\n /**\n * List content items for a content type.\n * Defaults to published items ordered by most recent.\n */\n async getContentItems(\n contentTypeSlug: string,\n options: ContentQueryOptions = {}\n ): Promise<(ContentItem & { locked?: boolean })[]> {\n const contentType = await getContentTypeBySlug(contentTypeSlug)\n\n const {\n status = \"published\",\n orderBy = \"published_at\",\n orderDirection = \"desc\",\n limit = 100,\n offset = 0,\n memberToken,\n } = options\n\n // Check membership access\n const access = await checkMemberAccess(contentType, memberToken)\n\n // If gated and no access, check gating mode\n if (!access.allowed && contentType.required_membership_tier_id) {\n // Get tenant settings for gating mode\n const tenantId = await getTenantId()\n const { data: settings } = await client\n .from(\"tenant_settings\")\n .select(\"membership_gating_mode\")\n .eq(\"tenant_id\", tenantId)\n .single()\n\n const mode = (settings?.membership_gating_mode as string) ?? \"teaser\"\n\n if (mode === \"hide\") {\n return [] // Hide: return nothing\n }\n\n // Teaser mode: return items with locked flag, no body/data\n let query = client\n .from(\"content_items\")\n .select(\"id, title, slug, status, excerpt, seo_title, seo_description, featured_image, published_at, created_at, updated_at\")\n .eq(\"content_type_id\", contentType.id)\n\n if (status) query = query.eq(\"status\", status)\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n if (error) throw new Error(`Failed to fetch ${contentTypeSlug}: ${error.message}`)\n\n return (data ?? []).map((item) => ({\n ...item,\n data: {},\n locked: true,\n })) as (ContentItem & { locked: boolean })[]\n }\n\n // Full access\n let query = client\n .from(\"content_items\")\n .select(\"*\")\n .eq(\"content_type_id\", contentType.id)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n\n if (error) {\n throw new Error(`Failed to fetch ${contentTypeSlug}: ${error.message}`)\n }\n\n return (data ?? []) as ContentItem[]\n },\n\n /**\n * Get a single content item by its slug.\n * Returns null if not found.\n */\n async getContentItemBySlug(\n contentTypeSlug: string,\n itemSlug: string\n ): Promise<ContentItem | null> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"content_items\")\n .select(\"*\")\n .eq(\"content_type_id\", contentTypeId)\n .eq(\"slug\", itemSlug)\n .single()\n\n if (error) {\n if (error.code === \"PGRST116\") return null // not found\n throw new Error(\n `Failed to fetch ${contentTypeSlug}/${itemSlug}: ${error.message}`\n )\n }\n\n return data as ContentItem\n },\n\n /**\n * Get a content type definition (including its field schema).\n */\n async getContentType(contentTypeSlug: string): Promise<ContentType> {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", contentTypeSlug)\n .single()\n\n if (error || !data) {\n throw new Error(`Content type not found: ${contentTypeSlug}`)\n }\n\n return data as ContentType\n },\n\n /**\n * Get all slugs for a content type (for generateStaticParams).\n */\n async getAllSlugs(\n contentTypeSlug: string\n ): Promise<{ slug: string }[]> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"content_items\")\n .select(\"slug\")\n .eq(\"content_type_id\", contentTypeId)\n .eq(\"status\", \"published\")\n\n if (error) {\n throw new Error(\n `Failed to fetch slugs for ${contentTypeSlug}: ${error.message}`\n )\n }\n\n return (data ?? []) as { slug: string }[]\n },\n\n /**\n * List all content types for this tenant.\n */\n async getContentTypes(): Promise<ContentType[]> {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"content_types\")\n .select(\"*\")\n .eq(\"tenant_id\", tenantId)\n .order(\"name\")\n\n if (error) {\n throw new Error(`Failed to fetch content types: ${error.message}`)\n }\n\n return (data ?? []) as ContentType[]\n },\n\n /**\n * Get all slug redirects for a content type.\n * Use in next.config.js redirects() or middleware for 301s.\n * Returns: [{ old_slug, new_slug }, ...]\n */\n async getRedirects(\n contentTypeSlug: string\n ): Promise<{ old_slug: string; new_slug: string }[]> {\n const contentTypeId = await getContentTypeId(contentTypeSlug)\n\n const { data, error } = await client\n .from(\"slug_redirects\")\n .select(\"old_slug, new_slug\")\n .eq(\"content_type_id\", contentTypeId)\n\n if (error) {\n throw new Error(\n `Failed to fetch redirects for ${contentTypeSlug}: ${error.message}`\n )\n }\n\n return (data ?? []) as { old_slug: string; new_slug: string }[]\n },\n\n /**\n * Get all custom path redirects for this tenant.\n * Use alongside getRedirects() in next.config.ts for full redirect coverage.\n */\n async getCustomRedirects(): Promise<\n { source_path: string; destination_path: string; permanent: boolean }[]\n > {\n const tenantId = await getTenantId()\n\n const { data, error } = await client\n .from(\"custom_redirects\")\n .select(\"source_path, destination_path, permanent\")\n .eq(\"tenant_id\", tenantId)\n\n if (error) {\n throw new Error(`Failed to fetch custom redirects: ${error.message}`)\n }\n\n return (data ?? []) as {\n source_path: string\n destination_path: string\n permanent: boolean\n }[]\n },\n\n /**\n * Get form submissions for a specific form.\n * Useful for displaying testimonials, reviews, etc.\n */\n async getFormSubmissions(\n formSlug: string,\n options: { status?: string; limit?: number; offset?: number } = {}\n ): Promise<Record<string, unknown>[]> {\n const tenantId = await getTenantId()\n\n const { data: form } = await client\n .from(\"forms\")\n .select(\"id\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", formSlug)\n .single()\n\n if (!form) return []\n\n const { limit = 50, offset = 0, status } = options\n\n let query = client\n .from(\"form_submissions\")\n .select(\"*\")\n .eq(\"form_id\", form.id)\n .eq(\"is_spam\", false)\n .order(\"created_at\", { ascending: false })\n .range(offset, offset + limit - 1)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n const { data } = await query\n return (data ?? []) as Record<string, unknown>[]\n },\n\n /**\n * Get a form configuration by slug.\n */\n async getForm(\n formSlug: string\n ): Promise<Record<string, unknown> | null> {\n const tenantId = await getTenantId()\n\n const { data } = await client\n .from(\"forms\")\n .select(\"id, name, slug, description, is_active\")\n .eq(\"tenant_id\", tenantId)\n .eq(\"slug\", formSlug)\n .single()\n\n return data as Record<string, unknown> | null\n },\n\n /**\n * Get a flipbook by ID, including CDN-resolved page image URLs.\n * Returns null if not found or manifest not yet ready.\n */\n getFlipbook,\n\n /**\n * Get Google Reviews for this tenant.\n * Defaults to approved reviews ordered by most recent.\n */\n async getReviews(\n options: ReviewQueryOptions = {}\n ): Promise<GoogleReview[]> {\n const tenantId = await getTenantId()\n\n const {\n status = \"approved\",\n minRating,\n limit = 50,\n offset = 0,\n orderBy = \"review_timestamp\",\n orderDirection = \"desc\",\n } = options\n\n let query = client\n .from(\"google_reviews\")\n .select(\"id, author_name, author_photo_url, rating, text, review_timestamp\")\n .eq(\"tenant_id\", tenantId)\n\n if (status) {\n query = query.eq(\"status\", status)\n }\n\n if (minRating) {\n query = query.gte(\"rating\", minRating)\n }\n\n query = query\n .order(orderBy, { ascending: orderDirection === \"asc\" })\n .range(offset, offset + limit - 1)\n\n const { data, error } = await query\n\n if (error) {\n throw new Error(`Failed to fetch reviews: ${error.message}`)\n }\n\n return (data ?? []) as GoogleReview[]\n },\n\n /**\n * Get the tenant's third-party tracking IDs (Google Analytics, Google Tag Manager, Meta Pixel).\n * Each value is null when not configured. These IDs are public and safe to render in HTML.\n *\n * On Next.js, the result is cached and revalidated every hour by default\n * (`revalidate: 3600`) and tagged with `TRACKING_CONFIG_TAG`. Tenant sites\n * that want zero-lag updates can call `revalidateTag(TRACKING_CONFIG_TAG)`\n * from a webhook. Pass `revalidate: 0` to disable caching, `revalidate: false`\n * to cache indefinitely (tag-only invalidation), or any positive integer\n * (seconds) to override the interval. Outside Next.js the cache hints are\n * silently ignored — every call hits the network.\n */\n async getTrackingConfig(options: TrackingConfigOptions = {}): Promise<TrackingConfig> {\n const { revalidate = 3600, tags = [TRACKING_CONFIG_TAG] } = options\n const supabaseUrl = (supabase as unknown as { supabaseUrl: string }).supabaseUrl\n const supabaseKey = (supabase as unknown as { supabaseKey: string }).supabaseKey\n\n // Direct PostgREST fetch (instead of going through supabase-js) so that\n // Next.js sees the request and applies its `next` cache options. RLS\n // restricts the result to the tenant matching `x-cms-api-key`, so no\n // explicit tenant_id filter is needed.\n const url =\n `${supabaseUrl}/rest/v1/tenant_settings` +\n `?select=google_analytics_id,google_tag_manager_id,google_ads_id,meta_pixel_id&limit=1`\n\n const init: RequestInit & { next?: { revalidate?: number | false; tags?: string[] } } = {\n headers: {\n apikey: supabaseKey,\n Authorization: `Bearer ${supabaseKey}`,\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n Accept: \"application/json\",\n },\n next: { revalidate, tags },\n }\n\n let row: {\n google_analytics_id: string | null\n google_tag_manager_id: string | null\n google_ads_id: string | null\n meta_pixel_id: string | null\n } | undefined\n\n try {\n const res = await fetch(url, init as RequestInit)\n if (res.ok) {\n const rows = (await res.json()) as Array<typeof row>\n row = rows?.[0]\n }\n } catch {\n // Network errors fall through to the all-null result so a transient\n // outage on the CMS never breaks page renders on the tenant site.\n }\n\n return {\n googleAnalyticsId: nullify(row?.google_analytics_id),\n googleTagManagerId: nullify(row?.google_tag_manager_id),\n googleAdsId: nullify(row?.google_ads_id),\n metaPixelId: nullify(row?.meta_pixel_id),\n }\n },\n }\n}\n\n/**\n * Cache tag applied to `getTrackingConfig()` fetches on Next.js. Call\n * `revalidateTag(TRACKING_CONFIG_TAG)` from a webhook handler on the tenant\n * site to make tracking-ID changes take effect immediately rather than\n * waiting for the next revalidation interval.\n */\nexport const TRACKING_CONFIG_TAG = \"cms:tracking-config\"\n\nexport interface TrackingConfigOptions {\n /**\n * Cache lifetime for the underlying fetch on Next.js, in seconds.\n * Defaults to 3600 (one hour). Set to `0` to disable caching, or `false`\n * to cache indefinitely until the tag is revalidated. Ignored outside\n * Next.js runtimes.\n */\n revalidate?: number | false\n /**\n * Cache tags for the underlying fetch on Next.js. Defaults to\n * `[TRACKING_CONFIG_TAG]`. Override to namespace by tenant if you share a\n * single Next.js process across multiple tenants (uncommon).\n */\n tags?: string[]\n}\n\nfunction nullify(v: string | null | undefined): string | null {\n if (!v) return null\n const trimmed = v.trim()\n return trimmed.length > 0 ? trimmed : null\n}\n\nexport interface TrackingConfig {\n googleAnalyticsId: string | null\n googleTagManagerId: string | null\n googleAdsId: string | null\n metaPixelId: string | null\n}\n\n/**\n * Creates a new Supabase client that includes the `x-cms-api-key`\n * header in every request, using the same URL and key as the original.\n */\nfunction withApiKey(supabase: SupabaseClient, apiKey: string) {\n // Extract URL and key from the existing client\n const supabaseUrl = (supabase as unknown as { supabaseUrl: string }).supabaseUrl\n const supabaseKey = (supabase as unknown as { supabaseKey: string }).supabaseKey\n\n return createSupabaseClient(supabaseUrl, supabaseKey, {\n global: {\n headers: {\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n },\n },\n })\n}\n","import { CMS_CLIENT_VERSION } from \"./version\"\n\n/**\n * Reports the running SDK version to the CMS so the Super Admin UI can show\n * which client version each tenant site is on.\n *\n * Day-granular and process-local: at most one POST per (api key + day) per\n * Node process. Calls from browser code are ignored — the API key would be\n * exposed and the data is redundant with server-side reports.\n *\n * Fire-and-forget. Failures are silent — telemetry must never break a render.\n */\n\nconst DEFAULT_APP_URL = \"https://cms.distinctstudio.co.nz\"\n\ninterface ReportRecord {\n date: string // YYYY-MM-DD\n version: string\n}\n\nconst reported = new Map<string, ReportRecord>()\n\nfunction todayKey(): string {\n return new Date().toISOString().slice(0, 10)\n}\n\nexport function reportClientVersion(apiKey: string, appUrl?: string): void {\n // Skip in browser contexts — server-side calls already cover the tenant.\n if (typeof window !== \"undefined\") return\n if (!apiKey) return\n\n const today = todayKey()\n const last = reported.get(apiKey)\n if (last && last.date === today && last.version === CMS_CLIENT_VERSION) return\n\n // Optimistically mark as reported so concurrent calls don't all fire. If the\n // request fails we'll retry tomorrow — that's acceptable for telemetry.\n reported.set(apiKey, { date: today, version: CMS_CLIENT_VERSION })\n\n const envAppUrl =\n typeof process !== \"undefined\" ? process.env?.NEXT_PUBLIC_CMS_URL : undefined\n const base = (appUrl ?? envAppUrl ?? DEFAULT_APP_URL).replace(/\\/$/, \"\")\n const url = `${base}/api/client-telemetry`\n\n // Fire and forget. Use a hand-rolled then() chain rather than async/await so\n // we don't accidentally surface an unhandled rejection.\n void fetch(url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n },\n body: JSON.stringify({\n api_key: apiKey,\n version: CMS_CLIENT_VERSION,\n }),\n }).catch(() => {\n // Allow a retry on the next call by clearing the optimistic record.\n reported.delete(apiKey)\n })\n}\n","import type { EmbedValue } from \"./types\"\n\nfunction toCssAspectRatio(ratio: string): string {\n const parts = ratio.split(\":\")\n if (parts.length !== 2) return \"16/9\"\n const w = parseFloat(parts[0])\n const h = parseFloat(parts[1])\n if (!w || !h || w <= 0 || h <= 0) return \"16/9\"\n return `${w}/${h}`\n}\n\n/**\n * Generate responsive iframe HTML for an embed field value.\n * Returns an empty string if the value is invalid or the URL is not HTTPS.\n */\nexport function getEmbedHtml(value: unknown): string {\n if (!value || typeof value !== \"object\") return \"\"\n const embed = value as EmbedValue\n if (!embed.url || !embed.url.startsWith(\"https://\")) return \"\"\n\n const width = embed.width || \"100%\"\n const aspectRatio = toCssAspectRatio(embed.aspect_ratio || \"16:9\")\n\n return `<div style=\"position:relative;width:${width};aspect-ratio:${aspectRatio}\"><iframe src=\"${embed.url}\" style=\"position:absolute;inset:0;width:100%;height:100%\" frameborder=\"0\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox\" allowfullscreen loading=\"lazy\"></iframe></div>`\n}\n","import type { SupabaseClient } from \"@supabase/supabase-js\"\nimport type {\n Product,\n ProductCategory,\n ProductQueryOptions,\n CreateOrderParams,\n CreateOrderResult,\n} from \"./types\"\nimport { CMS_CLIENT_VERSION } from \"./version\"\nimport { reportClientVersion } from \"./telemetry\"\n\nconst DEFAULT_APP_URL = \"https://cms.distinctstudio.co.nz\"\n\nexport interface ShopClientOptions {\n /** Tenant API key (UUID). Sent as `x-cms-api-key` on every request. */\n apiKey: string\n /** CMS app base URL. Defaults to `https://cms.distinctstudio.co.nz`. */\n appUrl?: string\n}\n\n/**\n * Creates a typed client for the eCommerce REST API (products, categories, orders).\n *\n * Unlike `createCmsClient`, the shop client talks to the CMS REST endpoints\n * (`/api/products`, `/api/product-categories`, `/api/orders/create`) rather than\n * Supabase directly — it doesn't need the `supabase` argument, but accepts it\n * for API symmetry with the rest of the SDK.\n *\n * Usage:\n * ```ts\n * const shop = createShopClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const products = await shop.getProducts({ category: \"electronics\", limit: 20 })\n * ```\n */\nexport function createShopClient(\n _supabase: SupabaseClient,\n options: ShopClientOptions\n) {\n const { apiKey } = options\n const appUrl = (options.appUrl ?? DEFAULT_APP_URL).replace(/\\/$/, \"\")\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, appUrl)\n\n function authHeaders(): HeadersInit {\n return {\n \"Content-Type\": \"application/json\",\n \"x-cms-api-key\": apiKey,\n \"x-cms-client-version\": CMS_CLIENT_VERSION,\n }\n }\n\n async function getJson<T>(path: string): Promise<T> {\n const res = await fetch(`${appUrl}${path}`, {\n headers: authHeaders(),\n // Caller controls Next.js caching by wrapping the call site.\n })\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(\n body.error ?? `Shop request failed (${res.status}): ${path}`\n )\n }\n return res.json() as Promise<T>\n }\n\n return {\n /**\n * List published products. Includes nested `variants` and `options`.\n *\n * `category` filters by category slug (matches the FK `category_id`,\n * with a fallback to the legacy `category` text column).\n */\n async getProducts(queryOptions: ProductQueryOptions = {}): Promise<Product[]> {\n const params = new URLSearchParams()\n if (queryOptions.category) params.set(\"category\", queryOptions.category)\n if (queryOptions.tags?.length) params.set(\"tags\", queryOptions.tags.join(\",\"))\n if (queryOptions.limit) params.set(\"limit\", String(queryOptions.limit))\n if (queryOptions.offset) params.set(\"offset\", String(queryOptions.offset))\n if (queryOptions.sort) params.set(\"sort\", queryOptions.sort)\n if (queryOptions.order) params.set(\"order\", queryOptions.order)\n\n const qs = params.toString()\n const { products } = await getJson<{ products: Product[] }>(\n `/api/products${qs ? `?${qs}` : \"\"}`\n )\n return products ?? []\n },\n\n /**\n * Get a single published product by slug. Returns null if not found.\n * Includes nested `variants` and `options`.\n */\n async getProductBySlug(slug: string): Promise<Product | null> {\n const res = await fetch(`${appUrl}/api/products/${encodeURIComponent(slug)}`, {\n headers: authHeaders(),\n })\n if (res.status === 404) return null\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(body.error ?? `Failed to fetch product ${slug}`)\n }\n const { product } = (await res.json()) as { product: Product }\n return product ?? null\n },\n\n /**\n * List product categories for the tenant, ordered by sort_order then name.\n */\n async getCategories(): Promise<ProductCategory[]> {\n const { categories } = await getJson<{ categories: ProductCategory[] }>(\n `/api/product-categories`\n )\n return categories ?? []\n },\n\n /**\n * Get a single category by slug. Returns null if not found.\n */\n async getCategoryBySlug(slug: string): Promise<ProductCategory | null> {\n const all = await this.getCategories()\n return all.find((c) => c.slug === slug) ?? null\n },\n\n /**\n * Create a pending order and return a Stripe PaymentIntent client_secret\n * to confirm payment client-side.\n *\n * Stripe must be configured for the tenant; eCommerce must be enabled on\n * their billing plan. Validates stock for tracked variants and applies\n * any discount code before creating the PaymentIntent.\n */\n async createOrder(params: CreateOrderParams): Promise<CreateOrderResult> {\n const res = await fetch(`${appUrl}/api/orders/create`, {\n method: \"POST\",\n headers: authHeaders(),\n body: JSON.stringify({ api_key: apiKey, ...params }),\n })\n if (!res.ok) {\n const body = await res.json().catch(() => ({}) as { error?: string })\n throw new Error(body.error ?? \"Order creation failed\")\n }\n return res.json() as Promise<CreateOrderResult>\n },\n }\n}\n","import type { SupabaseClient } from \"@supabase/supabase-js\"\nimport { reportClientVersion } from \"./telemetry\"\n\nexport type EventStatus = \"draft\" | \"published\" | \"archived\"\nexport type BookingStatus = \"pending\" | \"confirmed\" | \"cancelled\" | \"refunded\"\n\nexport interface CmsEvent {\n id: string\n tenant_id: string\n title: string\n slug: string\n description: string | null\n short_description: string | null\n status: EventStatus\n start_at: string\n end_at: string | null\n venue_name: string | null\n venue_address: string | null\n hero_image: string | null\n gallery: string[]\n tags: string[]\n seo_title: string | null\n seo_description: string | null\n metadata: Record<string, unknown>\n sort_order: number\n published_at: string | null\n created_at: string\n updated_at: string\n}\n\nexport interface CmsTicketTier {\n id: string\n event_id: string\n tenant_id: string\n name: string\n description: string | null\n price_cents: number\n capacity: number | null\n sold_count: number\n sales_start_at: string | null\n sales_end_at: string | null\n is_active: boolean\n sort_order: number\n}\n\nexport interface EventWithTiers extends CmsEvent {\n tiers: CmsTicketTier[]\n}\n\nexport interface EventQueryOptions {\n /** Only include events with start_at >= now. Default false. */\n upcomingOnly?: boolean\n tag?: string\n limit?: number\n offset?: number\n sort?: \"start_at\" | \"sort_order\" | \"created_at\"\n order?: \"asc\" | \"desc\"\n}\n\nexport interface CreateBookingParams {\n event_slug: string\n ticket_tier_id?: string\n customer_email: string\n customer_name?: string\n customer_phone?: string\n quantity?: number\n success_url?: string\n cancel_url?: string\n metadata?: Record<string, unknown>\n}\n\nexport interface CreateBookingResult {\n booking_id: string\n booking_number: string\n status: \"pending\" | \"confirmed\"\n /** Redirect the browser here for paid bookings. */\n checkout_url?: string\n /** Present on free bookings — used for attendance QR display. */\n qr_token?: string\n}\n\nexport function createEventsClient(\n supabase: SupabaseClient,\n options: { apiKey: string; appUrl?: string }\n) {\n const { apiKey, appUrl } = options\n\n // Day-granular, fire-and-forget version ping (server-side only).\n reportClientVersion(apiKey, appUrl)\n\n async function getEvents(\n queryOptions?: EventQueryOptions\n ): Promise<EventWithTiers[]> {\n let query = supabase\n .from(\"events\")\n .select(\"*, tiers:ticket_tiers(*)\")\n .eq(\"status\", \"published\")\n .order(queryOptions?.sort ?? \"start_at\", {\n ascending: (queryOptions?.order ?? \"asc\") === \"asc\",\n })\n\n if (queryOptions?.upcomingOnly) {\n query = query.gte(\"start_at\", new Date().toISOString())\n }\n if (queryOptions?.tag) {\n query = query.contains(\"tags\", [queryOptions.tag])\n }\n if (queryOptions?.limit) {\n query = query.limit(queryOptions.limit)\n }\n if (queryOptions?.offset) {\n query = query.range(\n queryOptions.offset,\n queryOptions.offset + (queryOptions.limit ?? 50) - 1\n )\n }\n\n const { data } = await query\n return (data ?? []) as EventWithTiers[]\n }\n\n async function getEventBySlug(slug: string): Promise<EventWithTiers | null> {\n const { data } = await supabase\n .from(\"events\")\n .select(\"*, tiers:ticket_tiers(*)\")\n .eq(\"slug\", slug)\n .eq(\"status\", \"published\")\n .single()\n return (data as EventWithTiers) ?? null\n }\n\n async function createBooking(\n params: CreateBookingParams\n ): Promise<CreateBookingResult> {\n const baseUrl = appUrl ?? \"\"\n const res = await fetch(`${baseUrl}/api/bookings/create`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ api_key: apiKey, ...params }),\n })\n if (!res.ok) {\n const err = await res\n .json()\n .catch(() => ({ error: \"Booking creation failed\" }))\n throw new Error(err.error ?? \"Booking creation failed\")\n }\n return res.json() as Promise<CreateBookingResult>\n }\n\n return { getEvents, getEventBySlug, createBooking }\n}\n","/**\n * Image helpers for CMS content.\n *\n * Images are already optimised (WebP, max 2400px) on upload.\n * No server-side transforms needed — serve originals directly.\n *\n * These functions are kept for backward compatibility but no longer\n * call Supabase image transformation endpoints.\n */\n\nexport interface ImageTransformOptions {\n width?: number\n height?: number\n quality?: number\n resize?: \"contain\" | \"cover\" | \"fill\"\n format?: \"origin\"\n}\n\n/**\n * Returns the image URL directly.\n *\n * Previously this converted URLs to use Supabase's /render/image/\n * transform endpoint, but images are now pre-optimised on upload\n * (WebP, max 2400px, quality 82) so transforms are unnecessary.\n *\n * The function is kept for backward compatibility — existing code\n * that calls getTransformUrl() will continue to work without changes.\n */\nexport function getTransformUrl(\n originalUrl: string,\n _options: ImageTransformOptions = {}\n): string {\n return originalUrl\n}\n\n/**\n * Returns a simple srcSet using the original image.\n *\n * Previously generated multiple transformed widths, but since images\n * are now pre-optimised WebP, a single source is sufficient.\n * Modern browsers handle responsive display efficiently with a\n * well-sized WebP source.\n */\nexport function getSrcSet(\n originalUrl: string,\n _widths: number[] = [],\n _quality = 80\n): string {\n return `${originalUrl} 2400w`\n}\n\n/**\n * Common image size presets — kept for backward compatibility.\n * Since images are pre-optimised, these are informational only.\n */\nexport const IMAGE_PRESETS = {\n thumbnail: { width: 150, height: 150, resize: \"cover\" as const, quality: 70 },\n card: { width: 400, height: 300, resize: \"cover\" as const, quality: 80 },\n hero: { width: 1200, height: 630, resize: \"cover\" as const, quality: 85 },\n og: { width: 1200, height: 630, resize: \"cover\" as const, quality: 90 },\n avatar: { width: 80, height: 80, resize: \"cover\" as const, quality: 75 },\n full: { width: 1920, resize: \"contain\" as const, quality: 85 },\n} as const\n","/**\n * Helpers for verifying outbound webhooks fired by the CMS.\n *\n * The CMS POSTs JSON to subscriber URLs and signs the raw body with\n * HMAC-SHA256 using the shared secret you set in the Webhooks tab. The hex\n * digest arrives in the `X-CMS-Signature` header.\n *\n * Use Web Crypto so this works in Node, Edge, Deno, and Bun runtimes.\n */\n\nexport interface WebhookEventPayload {\n event: string\n tenant_id: string\n content_type_slug?: string\n content_item_id?: string\n slug?: string\n title?: string\n status?: string\n timestamp: string\n /** Commerce + custom events may attach extra fields. */\n [key: string]: unknown\n}\n\n/**\n * Verify the HMAC-SHA256 signature on a webhook delivery.\n *\n * Pass the **raw** request body (not a parsed JSON object) — re-stringifying\n * a parsed body can change whitespace and invalidate the signature.\n *\n * Returns `true` when the signature matches in constant time, `false`\n * otherwise. Never throws on a bad signature; only throws if the\n * `crypto.subtle` API is unavailable in the runtime.\n *\n * @example\n * const raw = await req.text()\n * const sig = req.headers.get(\"x-cms-signature\")\n * if (!await verifyWebhookSignature(process.env.CMS_WEBHOOK_SECRET!, raw, sig)) {\n * return new Response(\"bad signature\", { status: 401 })\n * }\n * const payload = JSON.parse(raw) as WebhookEventPayload\n */\nexport async function verifyWebhookSignature(\n secret: string,\n rawBody: string,\n signature: string | null | undefined\n): Promise<boolean> {\n if (!signature || !secret) return false\n\n const subtle = (globalThis.crypto && globalThis.crypto.subtle) || null\n if (!subtle) {\n throw new Error(\n \"verifyWebhookSignature requires the Web Crypto API (globalThis.crypto.subtle). \" +\n \"Available in Node 18+, all Edge runtimes, Deno, and Bun.\"\n )\n }\n\n const encoder = new TextEncoder()\n const key = await subtle.importKey(\n \"raw\",\n encoder.encode(secret),\n { name: \"HMAC\", hash: \"SHA-256\" },\n false,\n [\"sign\"]\n )\n const sigBuffer = await subtle.sign(\"HMAC\", key, encoder.encode(rawBody))\n const expected = bufferToHex(sigBuffer)\n\n return timingSafeEqualHex(expected, signature.trim())\n}\n\n/**\n * The webhook event names the CMS can fire. Use as a discriminator on the\n * `event` field of {@link WebhookEventPayload}.\n */\nexport const WEBHOOK_EVENTS = [\n \"content.published\",\n \"content.unpublished\",\n \"content.updated\",\n \"content.deleted\",\n \"order.created\",\n \"order.paid\",\n \"order.payment_failed\",\n \"order.refunded\",\n \"order.shipped\",\n \"booking.confirmed\",\n \"inventory.low_stock\",\n] as const\n\nexport type WebhookEvent = (typeof WEBHOOK_EVENTS)[number]\n\nfunction bufferToHex(buf: ArrayBuffer): string {\n const bytes = new Uint8Array(buf)\n let out = \"\"\n for (let i = 0; i < bytes.length; i++) {\n out += bytes[i].toString(16).padStart(2, \"0\")\n }\n return out\n}\n\n/**\n * Constant-time equality check on two hex strings. Returns false fast when\n * lengths differ — the length itself is not secret.\n */\nfunction timingSafeEqualHex(a: string, b: string): boolean {\n if (a.length !== b.length) return false\n let mismatch = 0\n for (let i = 0; i < a.length; i++) {\n mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i)\n }\n return mismatch === 0\n}\n"],"mappings":";AAOO,IAAM,qBAAqB;;;ACPlC,SAAS,gBAAgB,4BAA4B;;;ACarD,IAAM,kBAAkB;AAOxB,IAAM,WAAW,oBAAI,IAA0B;AAE/C,SAAS,WAAmB;AAC1B,UAAO,oBAAI,KAAK,GAAE,YAAY,EAAE,MAAM,GAAG,EAAE;AAC7C;AAEO,SAAS,oBAAoB,QAAgB,QAAuB;AAEzE,MAAI,OAAO,WAAW,YAAa;AACnC,MAAI,CAAC,OAAQ;AAEb,QAAM,QAAQ,SAAS;AACvB,QAAM,OAAO,SAAS,IAAI,MAAM;AAChC,MAAI,QAAQ,KAAK,SAAS,SAAS,KAAK,YAAY,mBAAoB;AAIxE,WAAS,IAAI,QAAQ,EAAE,MAAM,OAAO,SAAS,mBAAmB,CAAC;AAEjE,QAAM,YACJ,OAAO,YAAY,cAAc,QAAQ,KAAK,sBAAsB;AACtE,QAAM,QAAQ,UAAU,aAAa,iBAAiB,QAAQ,OAAO,EAAE;AACvE,QAAM,MAAM,GAAG,IAAI;AAInB,OAAK,MAAM,KAAK;AAAA,IACd,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,wBAAwB;AAAA,IAC1B;AAAA,IACA,MAAM,KAAK,UAAU;AAAA,MACnB,SAAS;AAAA,MACT,SAAS;AAAA,IACX,CAAC;AAAA,EACH,CAAC,EAAE,MAAM,MAAM;AAEb,aAAS,OAAO,MAAM;AAAA,EACxB,CAAC;AACH;;;ADpCO,SAAS,gBACd,UACA,SACA;AACA,QAAM,EAAE,OAAO,IAAI;AAGnB,QAAM,SAAS,WAAW,UAAU,MAAM;AAG1C,sBAAoB,QAAQ,QAAQ,MAAM;AAG1C,MAAI,gBAA+B;AAEnC,iBAAe,cAA+B;AAC5C,QAAI,cAAe,QAAO;AAE1B,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,SAAS,EACd,OAAO,IAAI,EACX,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,oBAAgB,KAAK;AACrB,WAAO,KAAK;AAAA,EACd;AAGA,QAAM,mBAAmB,oBAAI,IAAyB;AAEtD,iBAAe,qBAAqB,iBAA+C;AACjF,QAAI,iBAAiB,IAAI,eAAe,EAAG,QAAO,iBAAiB,IAAI,eAAe;AACtF,UAAM,WAAW,MAAM,YAAY;AAEnC,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,eAAe,EAC1B,OAAO;AAEV,QAAI,SAAS,CAAC,MAAM;AAClB,YAAM,IAAI,MAAM,2BAA2B,eAAe,EAAE;AAAA,IAC9D;AAEA,UAAM,KAAK;AACX,qBAAiB,IAAI,iBAAiB,EAAE;AACxC,WAAO;AAAA,EACT;AAEA,iBAAe,iBAAiB,iBAA0C;AACxE,UAAM,KAAK,MAAM,qBAAqB,eAAe;AACrD,WAAO,GAAG;AAAA,EACZ;AAGA,iBAAe,kBACb,aACA,aAC4D;AAC5D,UAAM,iBAAiB,YAAY;AACnC,QAAI,CAAC,eAAgB,QAAO,EAAE,SAAS,MAAM,cAAc,KAAK;AAEhE,QAAI,CAAC,YAAa,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAG9D,UAAM,EAAE,MAAM,QAAQ,IAAI,MAAM,OAC7B,KAAK,iBAAiB,EACtB,OAAO,WAAW,EAClB,GAAG,cAAc,WAAW,EAC5B,OAAO;AAEV,QAAI,CAAC,QAAS,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAE1D,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,OAC5B,KAAK,SAAS,EACd,OAAO,4BAA4B,EACnC,GAAG,MAAM,QAAQ,SAAS,EAC1B,OAAO;AAEV,QAAI,CAAC,UAAU,OAAO,WAAW,SAAU,QAAO,EAAE,SAAS,OAAO,cAAc,KAAK;AAIvF,WAAO;AAAA,MACL,SAAS,OAAO,uBAAuB;AAAA,MACvC,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAEA,iBAAe,YAAY,IAA8D;AACvF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,WAAW,EAChB,OAAO,sEAAsE,EAC7E,GAAG,MAAM,EAAE,EACX,OAAO;AACV,QAAI,SAAS,CAAC,KAAM,QAAO;AAE3B,UAAM,WAAW,KAAK;AAGtB,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,QACL,IAAI,KAAK;AAAA,QACT,OAAO,KAAK;AAAA,QACZ,YAAa,KAAK,cAAyB;AAAA,QAC3C,QAAQ,KAAK;AAAA,QACb,aAAa,CAAC;AAAA,QACd,KAAK,CAAC;AAAA,QACN,cAAc;AAAA,MAChB;AAAA,IACF;AAMA,UAAM,OAAQ,WAA0E;AACxF,UAAM,UAAU,MAAM,KAAK,6BAA6B;AACxD,UAAM,SAAS,aAAa,KAAK,SAAmB,IAAI,KAAK,EAAY;AACzE,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,OAAO,KAAK;AAAA,MACZ,YAAa,KAAK,cAAyB,SAAS,MAAM;AAAA,MAC1D,QAAQ,KAAK;AAAA,MACb,aAAa,SAAS,MAAM,IAAI,CAAC,OAAO;AAAA,QACtC,KAAK,GAAG,OAAO,IAAI,MAAM,GAAG,EAAE,KAAK;AAAA,QACnC,WAAW,GAAG,OAAO,IAAI,MAAM,GAAG,EAAE,KAAK;AAAA,QACzC,GAAG,EAAE;AAAA,QACL,GAAG,EAAE;AAAA,MACP,EAAE;AAAA,MACF,KAAK,SAAS;AAAA,MACd,cAAc,KAAK,mBACf,GAAG,QAAQ,UAAU,EAAE,kBAAkB,KAAK,EAAY,cAC1D;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,IAKL,MAAM,gBACJ,iBACAA,WAA+B,CAAC,GACiB;AACjD,YAAM,cAAc,MAAM,qBAAqB,eAAe;AAE9D,YAAM;AAAA,QACJ,SAAS;AAAA,QACT,UAAU;AAAA,QACV,iBAAiB;AAAA,QACjB,QAAQ;AAAA,QACR,SAAS;AAAA,QACT;AAAA,MACF,IAAIA;AAGJ,YAAM,SAAS,MAAM,kBAAkB,aAAa,WAAW;AAG/D,UAAI,CAAC,OAAO,WAAW,YAAY,6BAA6B;AAE9D,cAAM,WAAW,MAAM,YAAY;AACnC,cAAM,EAAE,MAAM,SAAS,IAAI,MAAM,OAC9B,KAAK,iBAAiB,EACtB,OAAO,wBAAwB,EAC/B,GAAG,aAAa,QAAQ,EACxB,OAAO;AAEV,cAAM,OAAQ,UAAU,0BAAqC;AAE7D,YAAI,SAAS,QAAQ;AACnB,iBAAO,CAAC;AAAA,QACV;AAGA,YAAIC,SAAQ,OACT,KAAK,eAAe,EACpB,OAAO,oHAAoH,EAC3H,GAAG,mBAAmB,YAAY,EAAE;AAEvC,YAAI,OAAQ,CAAAA,SAAQA,OAAM,GAAG,UAAU,MAAM;AAC7C,QAAAA,SAAQA,OACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,cAAM,EAAE,MAAAC,OAAM,OAAAC,OAAM,IAAI,MAAMF;AAC9B,YAAIE,OAAO,OAAM,IAAI,MAAM,mBAAmB,eAAe,KAAKA,OAAM,OAAO,EAAE;AAEjF,gBAAQD,SAAQ,CAAC,GAAG,IAAI,CAAC,UAAU;AAAA,UACjC,GAAG;AAAA,UACH,MAAM,CAAC;AAAA,UACP,QAAQ;AAAA,QACV,EAAE;AAAA,MACJ;AAGA,UAAI,QAAQ,OACT,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,mBAAmB,YAAY,EAAE;AAEvC,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,cAAQ,MACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,mBAAmB,eAAe,KAAK,MAAM,OAAO,EAAE;AAAA,MACxE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,qBACJ,iBACA,UAC6B;AAC7B,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,mBAAmB,aAAa,EACnC,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,WAAY,QAAO;AACtC,cAAM,IAAI;AAAA,UACR,mBAAmB,eAAe,IAAI,QAAQ,KAAK,MAAM,OAAO;AAAA,QAClE;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,eAAe,iBAA+C;AAClE,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,eAAe,EAC1B,OAAO;AAEV,UAAI,SAAS,CAAC,MAAM;AAClB,cAAM,IAAI,MAAM,2BAA2B,eAAe,EAAE;AAAA,MAC9D;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,YACJ,iBAC6B;AAC7B,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,MAAM,EACb,GAAG,mBAAmB,aAAa,EACnC,GAAG,UAAU,WAAW;AAE3B,UAAI,OAAO;AACT,cAAM,IAAI;AAAA,UACR,6BAA6B,eAAe,KAAK,MAAM,OAAO;AAAA,QAChE;AAAA,MACF;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAA0C;AAC9C,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,eAAe,EACpB,OAAO,GAAG,EACV,GAAG,aAAa,QAAQ,EACxB,MAAM,MAAM;AAEf,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,kCAAkC,MAAM,OAAO,EAAE;AAAA,MACnE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAM,aACJ,iBACmD;AACnD,YAAM,gBAAgB,MAAM,iBAAiB,eAAe;AAE5D,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,gBAAgB,EACrB,OAAO,oBAAoB,EAC3B,GAAG,mBAAmB,aAAa;AAEtC,UAAI,OAAO;AACT,cAAM,IAAI;AAAA,UACR,iCAAiC,eAAe,KAAK,MAAM,OAAO;AAAA,QACpE;AAAA,MACF;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,qBAEJ;AACA,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,OAC3B,KAAK,kBAAkB,EACvB,OAAO,0CAA0C,EACjD,GAAG,aAAa,QAAQ;AAE3B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,qCAAqC,MAAM,OAAO,EAAE;AAAA,MACtE;AAEA,aAAQ,QAAQ,CAAC;AAAA,IAKnB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,mBACJ,UACAF,WAAgE,CAAC,GAC7B;AACpC,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,MAAM,KAAK,IAAI,MAAM,OAC1B,KAAK,OAAO,EACZ,OAAO,IAAI,EACX,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,UAAI,CAAC,KAAM,QAAO,CAAC;AAEnB,YAAM,EAAE,QAAQ,IAAI,SAAS,GAAG,OAAO,IAAIA;AAE3C,UAAI,QAAQ,OACT,KAAK,kBAAkB,EACvB,OAAO,GAAG,EACV,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,WAAW,KAAK,EACnB,MAAM,cAAc,EAAE,WAAW,MAAM,CAAC,EACxC,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,YAAM,EAAE,KAAK,IAAI,MAAM;AACvB,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,QACJ,UACyC;AACzC,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM,EAAE,KAAK,IAAI,MAAM,OACpB,KAAK,OAAO,EACZ,OAAO,wCAAwC,EAC/C,GAAG,aAAa,QAAQ,EACxB,GAAG,QAAQ,QAAQ,EACnB,OAAO;AAEV,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,WACJA,WAA8B,CAAC,GACN;AACzB,YAAM,WAAW,MAAM,YAAY;AAEnC,YAAM;AAAA,QACJ,SAAS;AAAA,QACT;AAAA,QACA,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,UAAU;AAAA,QACV,iBAAiB;AAAA,MACnB,IAAIA;AAEJ,UAAI,QAAQ,OACT,KAAK,gBAAgB,EACrB,OAAO,mEAAmE,EAC1E,GAAG,aAAa,QAAQ;AAE3B,UAAI,QAAQ;AACV,gBAAQ,MAAM,GAAG,UAAU,MAAM;AAAA,MACnC;AAEA,UAAI,WAAW;AACb,gBAAQ,MAAM,IAAI,UAAU,SAAS;AAAA,MACvC;AAEA,cAAQ,MACL,MAAM,SAAS,EAAE,WAAW,mBAAmB,MAAM,CAAC,EACtD,MAAM,QAAQ,SAAS,QAAQ,CAAC;AAEnC,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM,IAAI,MAAM,4BAA4B,MAAM,OAAO,EAAE;AAAA,MAC7D;AAEA,aAAQ,QAAQ,CAAC;AAAA,IACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAcA,MAAM,kBAAkBA,WAAiC,CAAC,GAA4B;AACpF,YAAM,EAAE,aAAa,MAAM,OAAO,CAAC,mBAAmB,EAAE,IAAIA;AAC5D,YAAM,cAAe,SAAgD;AACrE,YAAM,cAAe,SAAgD;AAMrE,YAAM,MACJ,GAAG,WAAW;AAGhB,YAAM,OAAkF;AAAA,QACtF,SAAS;AAAA,UACP,QAAQ;AAAA,UACR,eAAe,UAAU,WAAW;AAAA,UACpC,iBAAiB;AAAA,UACjB,wBAAwB;AAAA,UACxB,QAAQ;AAAA,QACV;AAAA,QACA,MAAM,EAAE,YAAY,KAAK;AAAA,MAC3B;AAEA,UAAI;AAOJ,UAAI;AACF,cAAM,MAAM,MAAM,MAAM,KAAK,IAAmB;AAChD,YAAI,IAAI,IAAI;AACV,gBAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,gBAAM,OAAO,CAAC;AAAA,QAChB;AAAA,MACF,QAAQ;AAAA,MAGR;AAEA,aAAO;AAAA,QACL,mBAAmB,QAAQ,KAAK,mBAAmB;AAAA,QACnD,oBAAoB,QAAQ,KAAK,qBAAqB;AAAA,QACtD,aAAa,QAAQ,KAAK,aAAa;AAAA,QACvC,aAAa,QAAQ,KAAK,aAAa;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;AAQO,IAAM,sBAAsB;AAkBnC,SAAS,QAAQ,GAA6C;AAC5D,MAAI,CAAC,EAAG,QAAO;AACf,QAAM,UAAU,EAAE,KAAK;AACvB,SAAO,QAAQ,SAAS,IAAI,UAAU;AACxC;AAaA,SAAS,WAAW,UAA0B,QAAgB;AAE5D,QAAM,cAAe,SAAgD;AACrE,QAAM,cAAe,SAAgD;AAErE,SAAO,qBAAqB,aAAa,aAAa;AAAA,IACpD,QAAQ;AAAA,MACN,SAAS;AAAA,QACP,iBAAiB;AAAA,QACjB,wBAAwB;AAAA,MAC1B;AAAA,IACF;AAAA,EACF,CAAC;AACH;;;AEnmBA,SAAS,iBAAiB,OAAuB;AAC/C,QAAM,QAAQ,MAAM,MAAM,GAAG;AAC7B,MAAI,MAAM,WAAW,EAAG,QAAO;AAC/B,QAAM,IAAI,WAAW,MAAM,CAAC,CAAC;AAC7B,QAAM,IAAI,WAAW,MAAM,CAAC,CAAC;AAC7B,MAAI,CAAC,KAAK,CAAC,KAAK,KAAK,KAAK,KAAK,EAAG,QAAO;AACzC,SAAO,GAAG,CAAC,IAAI,CAAC;AAClB;AAMO,SAAS,aAAa,OAAwB;AACnD,MAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAChD,QAAM,QAAQ;AACd,MAAI,CAAC,MAAM,OAAO,CAAC,MAAM,IAAI,WAAW,UAAU,EAAG,QAAO;AAE5D,QAAM,QAAQ,MAAM,SAAS;AAC7B,QAAM,cAAc,iBAAiB,MAAM,gBAAgB,MAAM;AAEjE,SAAO,uCAAuC,KAAK,iBAAiB,WAAW,kBAAkB,MAAM,GAAG;AAC5G;;;ACbA,IAAMI,mBAAkB;AAuBjB,SAAS,iBACd,WACA,SACA;AACA,QAAM,EAAE,OAAO,IAAI;AACnB,QAAM,UAAU,QAAQ,UAAUA,kBAAiB,QAAQ,OAAO,EAAE;AAGpE,sBAAoB,QAAQ,MAAM;AAElC,WAAS,cAA2B;AAClC,WAAO;AAAA,MACL,gBAAgB;AAAA,MAChB,iBAAiB;AAAA,MACjB,wBAAwB;AAAA,IAC1B;AAAA,EACF;AAEA,iBAAe,QAAW,MAA0B;AAClD,UAAM,MAAM,MAAM,MAAM,GAAG,MAAM,GAAG,IAAI,IAAI;AAAA,MAC1C,SAAS,YAAY;AAAA;AAAA,IAEvB,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,YAAM,IAAI;AAAA,QACR,KAAK,SAAS,wBAAwB,IAAI,MAAM,MAAM,IAAI;AAAA,MAC5D;AAAA,IACF;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOL,MAAM,YAAY,eAAoC,CAAC,GAAuB;AAC5E,YAAM,SAAS,IAAI,gBAAgB;AACnC,UAAI,aAAa,SAAU,QAAO,IAAI,YAAY,aAAa,QAAQ;AACvE,UAAI,aAAa,MAAM,OAAQ,QAAO,IAAI,QAAQ,aAAa,KAAK,KAAK,GAAG,CAAC;AAC7E,UAAI,aAAa,MAAO,QAAO,IAAI,SAAS,OAAO,aAAa,KAAK,CAAC;AACtE,UAAI,aAAa,OAAQ,QAAO,IAAI,UAAU,OAAO,aAAa,MAAM,CAAC;AACzE,UAAI,aAAa,KAAM,QAAO,IAAI,QAAQ,aAAa,IAAI;AAC3D,UAAI,aAAa,MAAO,QAAO,IAAI,SAAS,aAAa,KAAK;AAE9D,YAAM,KAAK,OAAO,SAAS;AAC3B,YAAM,EAAE,SAAS,IAAI,MAAM;AAAA,QACzB,gBAAgB,KAAK,IAAI,EAAE,KAAK,EAAE;AAAA,MACpC;AACA,aAAO,YAAY,CAAC;AAAA,IACtB;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,iBAAiB,MAAuC;AAC5D,YAAM,MAAM,MAAM,MAAM,GAAG,MAAM,iBAAiB,mBAAmB,IAAI,CAAC,IAAI;AAAA,QAC5E,SAAS,YAAY;AAAA,MACvB,CAAC;AACD,UAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,cAAM,IAAI,MAAM,KAAK,SAAS,2BAA2B,IAAI,EAAE;AAAA,MACjE;AACA,YAAM,EAAE,QAAQ,IAAK,MAAM,IAAI,KAAK;AACpC,aAAO,WAAW;AAAA,IACpB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,gBAA4C;AAChD,YAAM,EAAE,WAAW,IAAI,MAAM;AAAA,QAC3B;AAAA,MACF;AACA,aAAO,cAAc,CAAC;AAAA,IACxB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAAkB,MAA+C;AACrE,YAAM,MAAM,MAAM,KAAK,cAAc;AACrC,aAAO,IAAI,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI,KAAK;AAAA,IAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,MAAM,YAAY,QAAuD;AACvE,YAAM,MAAM,MAAM,MAAM,GAAG,MAAM,sBAAsB;AAAA,QACrD,QAAQ;AAAA,QACR,SAAS,YAAY;AAAA,QACrB,MAAM,KAAK,UAAU,EAAE,SAAS,QAAQ,GAAG,OAAO,CAAC;AAAA,MACrD,CAAC;AACD,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC,EAAwB;AACpE,cAAM,IAAI,MAAM,KAAK,SAAS,uBAAuB;AAAA,MACvD;AACA,aAAO,IAAI,KAAK;AAAA,IAClB;AAAA,EACF;AACF;;;AChEO,SAAS,mBACd,UACA,SACA;AACA,QAAM,EAAE,QAAQ,OAAO,IAAI;AAG3B,sBAAoB,QAAQ,MAAM;AAElC,iBAAe,UACb,cAC2B;AAC3B,QAAI,QAAQ,SACT,KAAK,QAAQ,EACb,OAAO,0BAA0B,EACjC,GAAG,UAAU,WAAW,EACxB,MAAM,cAAc,QAAQ,YAAY;AAAA,MACvC,YAAY,cAAc,SAAS,WAAW;AAAA,IAChD,CAAC;AAEH,QAAI,cAAc,cAAc;AAC9B,cAAQ,MAAM,IAAI,aAAY,oBAAI,KAAK,GAAE,YAAY,CAAC;AAAA,IACxD;AACA,QAAI,cAAc,KAAK;AACrB,cAAQ,MAAM,SAAS,QAAQ,CAAC,aAAa,GAAG,CAAC;AAAA,IACnD;AACA,QAAI,cAAc,OAAO;AACvB,cAAQ,MAAM,MAAM,aAAa,KAAK;AAAA,IACxC;AACA,QAAI,cAAc,QAAQ;AACxB,cAAQ,MAAM;AAAA,QACZ,aAAa;AAAA,QACb,aAAa,UAAU,aAAa,SAAS,MAAM;AAAA,MACrD;AAAA,IACF;AAEA,UAAM,EAAE,KAAK,IAAI,MAAM;AACvB,WAAQ,QAAQ,CAAC;AAAA,EACnB;AAEA,iBAAe,eAAe,MAA8C;AAC1E,UAAM,EAAE,KAAK,IAAI,MAAM,SACpB,KAAK,QAAQ,EACb,OAAO,0BAA0B,EACjC,GAAG,QAAQ,IAAI,EACf,GAAG,UAAU,WAAW,EACxB,OAAO;AACV,WAAQ,QAA2B;AAAA,EACrC;AAEA,iBAAe,cACb,QAC8B;AAC9B,UAAM,UAAU,UAAU;AAC1B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,wBAAwB;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,SAAS,QAAQ,GAAG,OAAO,CAAC;AAAA,IACrD,CAAC;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,MAAM,MAAM,IACf,KAAK,EACL,MAAM,OAAO,EAAE,OAAO,0BAA0B,EAAE;AACrD,YAAM,IAAI,MAAM,IAAI,SAAS,yBAAyB;AAAA,IACxD;AACA,WAAO,IAAI,KAAK;AAAA,EAClB;AAEA,SAAO,EAAE,WAAW,gBAAgB,cAAc;AACpD;;;AC1HO,SAAS,gBACd,aACA,WAAkC,CAAC,GAC3B;AACR,SAAO;AACT;AAUO,SAAS,UACd,aACA,UAAoB,CAAC,GACrB,WAAW,IACH;AACR,SAAO,GAAG,WAAW;AACvB;AAMO,IAAM,gBAAgB;AAAA,EAC3B,WAAW,EAAE,OAAO,KAAK,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EAC5E,MAAM,EAAE,OAAO,KAAK,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACvE,MAAM,EAAE,OAAO,MAAM,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACxE,IAAI,EAAE,OAAO,MAAM,QAAQ,KAAK,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACtE,QAAQ,EAAE,OAAO,IAAI,QAAQ,IAAI,QAAQ,SAAkB,SAAS,GAAG;AAAA,EACvE,MAAM,EAAE,OAAO,MAAM,QAAQ,WAAoB,SAAS,GAAG;AAC/D;;;ACrBA,eAAsB,uBACpB,QACA,SACA,WACkB;AAClB,MAAI,CAAC,aAAa,CAAC,OAAQ,QAAO;AAElC,QAAM,SAAU,WAAW,UAAU,WAAW,OAAO,UAAW;AAClE,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AAEA,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,MAAM,MAAM,OAAO;AAAA,IACvB;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,MAAM;AAAA,EACT;AACA,QAAM,YAAY,MAAM,OAAO,KAAK,QAAQ,KAAK,QAAQ,OAAO,OAAO,CAAC;AACxE,QAAM,WAAW,YAAY,SAAS;AAEtC,SAAO,mBAAmB,UAAU,UAAU,KAAK,CAAC;AACtD;AAMO,IAAM,iBAAiB;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAIA,SAAS,YAAY,KAA0B;AAC7C,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,MAAI,MAAM;AACV,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,WAAO,MAAM,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AAAA,EAC9C;AACA,SAAO;AACT;AAMA,SAAS,mBAAmB,GAAW,GAAoB;AACzD,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,MAAI,WAAW;AACf,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,gBAAY,EAAE,WAAW,CAAC,IAAI,EAAE,WAAW,CAAC;AAAA,EAC9C;AACA,SAAO,aAAa;AACtB;","names":["options","query","data","error","DEFAULT_APP_URL"]}
package/dist/tracking-scripts.d.mts CHANGED
@@ -3,6 +3,7 @@ import * as react_jsx_runtime from 'react/jsx-runtime';
3
3
  interface TrackingConfig {
4
4
  googleAnalyticsId: string | null;
5
5
  googleTagManagerId: string | null;
6
+ googleAdsId: string | null;
6
7
  metaPixelId: string | null;
7
8
  }
8
9
 
package/dist/tracking-scripts.d.ts CHANGED
@@ -3,6 +3,7 @@ import * as react_jsx_runtime from 'react/jsx-runtime';
3
3
  interface TrackingConfig {
4
4
  googleAnalyticsId: string | null;
5
5
  googleTagManagerId: string | null;
6
+ googleAdsId: string | null;
6
7
  metaPixelId: string | null;
7
8
  }
8
9
 
package/dist/tracking-scripts.js CHANGED
@@ -26,11 +26,12 @@ __export(tracking_scripts_exports, {
26
26
  module.exports = __toCommonJS(tracking_scripts_exports);
27
27
  var import_jsx_runtime = require("react/jsx-runtime");
28
28
  function TrackingScripts({ config, forceGa4WithGtm = false }) {
29
- const { googleAnalyticsId, googleTagManagerId, metaPixelId } = config;
29
+ const { googleAnalyticsId, googleTagManagerId, googleAdsId, metaPixelId } = config;
30
30
  const renderGa4 = !!googleAnalyticsId && (forceGa4WithGtm || !googleTagManagerId);
31
+ const renderAds = !!googleAdsId && (forceGa4WithGtm || !googleTagManagerId);
31
32
  return /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_jsx_runtime.Fragment, { children: [
32
33
  googleTagManagerId && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(GtmHeadScript, { id: googleTagManagerId }),
33
- renderGa4 && googleAnalyticsId && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(Ga4Script, { id: googleAnalyticsId }),
34
+ (renderGa4 || renderAds) && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(GtagBundle, { ga4Id: renderGa4 ? googleAnalyticsId : null, adsId: renderAds ? googleAdsId : null }),
34
35
  metaPixelId && /* @__PURE__ */ (0, import_jsx_runtime.jsx)(MetaPixelScript, { id: metaPixelId })
35
36
  ] });
36
37
  }
@@ -63,11 +64,15 @@ function GtmHeadScript({ id }) {
63
64
  const html = `(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer',${escaped});`;
64
65
  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)("script", { dangerouslySetInnerHTML: { __html: html } });
65
66
  }
66
- function Ga4Script({ id }) {
67
- const safeId = JSON.stringify(id);
68
- const html = `window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());gtag('config', ${safeId});`;
67
+ function GtagBundle({ ga4Id, adsId }) {
68
+ const loaderId = ga4Id ?? adsId;
69
+ if (!loaderId) return null;
70
+ const configs = [];
71
+ if (ga4Id) configs.push(`gtag('config', ${JSON.stringify(ga4Id)});`);
72
+ if (adsId) configs.push(`gtag('config', ${JSON.stringify(adsId)});`);
73
+ const html = `window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());${configs.join("")}`;
69
74
  return /* @__PURE__ */ (0, import_jsx_runtime.jsxs)(import_jsx_runtime.Fragment, { children: [
70
- /* @__PURE__ */ (0, import_jsx_runtime.jsx)("script", { async: true, src: `https://www.googletagmanager.com/gtag/js?id=${encodeURIComponent(id)}` }),
75
+ /* @__PURE__ */ (0, import_jsx_runtime.jsx)("script", { async: true, src: `https://www.googletagmanager.com/gtag/js?id=${encodeURIComponent(loaderId)}` }),
71
76
  /* @__PURE__ */ (0, import_jsx_runtime.jsx)("script", { dangerouslySetInnerHTML: { __html: html } })
72
77
  ] });
73
78
  }
package/dist/tracking-scripts.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/tracking-scripts.tsx"],"sourcesContent":["// Server-safe React component — renders inline <script> tags for third-party\n// trackers based on tenant config from cms.getTrackingConfig(). No \"use client\"\n// directive: this is meant to render in the document <head> from a Server\n// Component (e.g. app/layout.tsx).\n\nimport type { TrackingConfig } from \"./queries\"\n\ninterface TrackingScriptsProps {\n config: TrackingConfig\n /**\n * When both GTM and GA4 are set, by default only GTM is rendered (configure\n * GA4 inside GTM to avoid double-counting). Set this to `true` to force-render\n * the GA4 snippet alongside GTM.\n */\n forceGa4WithGtm?: boolean\n}\n\n/**\n * Drop-in script injection for Google Tag Manager, Google Analytics 4, and\n * Meta Pixel. Each block renders only when its corresponding ID is set.\n *\n * Usage in `app/layout.tsx`:\n * ```tsx\n * import { createCmsClient } from '@distinctagency/cms-client'\n * import { TrackingScripts } from '@distinctagency/cms-client/tracking-scripts'\n *\n * export default async function RootLayout({ children }: { children: React.ReactNode }) {\n * const cms = createCmsClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const tracking = await cms.getTrackingConfig()\n * return (\n * <html>\n * <head>\n * <TrackingScripts config={tracking} />\n * </head>\n * <body>{children}</body>\n * </html>\n * )\n * }\n * ```\n */\nexport function TrackingScripts({ config, forceGa4WithGtm = false }: TrackingScriptsProps) {\n const { googleAnalyticsId, googleTagManagerId, metaPixelId } = config\n const renderGa4 = !!googleAnalyticsId && (forceGa4WithGtm || !googleTagManagerId)\n\n return (\n <>\n {googleTagManagerId && <GtmHeadScript id={googleTagManagerId} />}\n {renderGa4 && googleAnalyticsId && <Ga4Script id={googleAnalyticsId} />}\n {metaPixelId && <MetaPixelScript id={metaPixelId} />}\n </>\n )\n}\n\n/**\n * Renders the GTM `<noscript>` iframe that should live immediately after the\n * opening `<body>` tag. Use this alongside `<TrackingScripts />` if you also\n * want to support no-JS visitors.\n *\n * ```tsx\n * <body>\n * <TrackingNoScript config={tracking} />\n * ...\n * </body>\n * ```\n */\nexport function TrackingNoScript({ config }: { config: TrackingConfig }) {\n const { googleTagManagerId, metaPixelId } = config\n return (\n <>\n {googleTagManagerId && (\n <noscript>\n <iframe\n src={`https://www.googletagmanager.com/ns.html?id=${encodeURIComponent(googleTagManagerId)}`}\n height=\"0\"\n width=\"0\"\n style={{ display: \"none\", visibility: \"hidden\" }}\n />\n </noscript>\n )}\n {metaPixelId && (\n <noscript>\n <img\n height=\"1\"\n width=\"1\"\n style={{ display: \"none\" }}\n alt=\"\"\n src={`https://www.facebook.com/tr?id=${encodeURIComponent(metaPixelId)}&ev=PageView&noscript=1`}\n />\n </noscript>\n )}\n </>\n )\n}\n\nfunction GtmHeadScript({ id }: { id: string }) {\n const escaped = JSON.stringify(id)\n const html = `(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer',${escaped});`\n return <script dangerouslySetInnerHTML={{ __html: html }} />\n}\n\nfunction Ga4Script({ id }: { id: string }) {\n const safeId = JSON.stringify(id)\n const html = `window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());gtag('config', ${safeId});`\n return (\n <>\n <script async src={`https://www.googletagmanager.com/gtag/js?id=${encodeURIComponent(id)}`} />\n <script dangerouslySetInnerHTML={{ __html: html }} />\n </>\n )\n}\n\nfunction MetaPixelScript({ id }: { id: string }) {\n const safeId = JSON.stringify(id)\n const html = `!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,document,'script','https://connect.facebook.net/en_US/fbevents.js');fbq('init', ${safeId});fbq('track', 'PageView');`\n return <script dangerouslySetInnerHTML={{ __html: html }} />\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AA6CI;AALG,SAAS,gBAAgB,EAAE,QAAQ,kBAAkB,MAAM,GAAyB;AACzF,QAAM,EAAE,mBAAmB,oBAAoB,YAAY,IAAI;AAC/D,QAAM,YAAY,CAAC,CAAC,sBAAsB,mBAAmB,CAAC;AAE9D,SACE,4EACG;AAAA,0BAAsB,4CAAC,iBAAc,IAAI,oBAAoB;AAAA,IAC7D,aAAa,qBAAqB,4CAAC,aAAU,IAAI,mBAAmB;AAAA,IACpE,eAAe,4CAAC,mBAAgB,IAAI,aAAa;AAAA,KACpD;AAEJ;AAcO,SAAS,iBAAiB,EAAE,OAAO,GAA+B;AACvE,QAAM,EAAE,oBAAoB,YAAY,IAAI;AAC5C,SACE,4EACG;AAAA,0BACC,4CAAC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,KAAK,+CAA+C,mBAAmB,kBAAkB,CAAC;AAAA,QAC1F,QAAO;AAAA,QACP,OAAM;AAAA,QACN,OAAO,EAAE,SAAS,QAAQ,YAAY,SAAS;AAAA;AAAA,IACjD,GACF;AAAA,IAED,eACC,4CAAC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,QAAO;AAAA,QACP,OAAM;AAAA,QACN,OAAO,EAAE,SAAS,OAAO;AAAA,QACzB,KAAI;AAAA,QACJ,KAAK,kCAAkC,mBAAmB,WAAW,CAAC;AAAA;AAAA,IACxE,GACF;AAAA,KAEJ;AAEJ;AAEA,SAAS,cAAc,EAAE,GAAG,GAAmB;AAC7C,QAAM,UAAU,KAAK,UAAU,EAAE;AACjC,QAAM,OAAO,sUAAsU,OAAO;AAC1V,SAAO,4CAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAC5D;AAEA,SAAS,UAAU,EAAE,GAAG,GAAmB;AACzC,QAAM,SAAS,KAAK,UAAU,EAAE;AAChC,QAAM,OAAO,8HAA8H,MAAM;AACjJ,SACE,4EACE;AAAA,gDAAC,YAAO,OAAK,MAAC,KAAK,+CAA+C,mBAAmB,EAAE,CAAC,IAAI;AAAA,IAC5F,4CAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAAA,KACrD;AAEJ;AAEA,SAAS,gBAAgB,EAAE,GAAG,GAAmB;AAC/C,QAAM,SAAS,KAAK,UAAU,EAAE;AAChC,QAAM,OAAO,uYAAuY,MAAM;AAC1Z,SAAO,4CAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAC5D;","names":[]}
1
+ {"version":3,"sources":["../src/tracking-scripts.tsx"],"sourcesContent":["// Server-safe React component — renders inline <script> tags for third-party\n// trackers based on tenant config from cms.getTrackingConfig(). No \"use client\"\n// directive: this is meant to render in the document <head> from a Server\n// Component (e.g. app/layout.tsx).\n\nimport type { TrackingConfig } from \"./queries\"\n\ninterface TrackingScriptsProps {\n config: TrackingConfig\n /**\n * When both GTM and GA4 are set, by default only GTM is rendered (configure\n * GA4 inside GTM to avoid double-counting). Set this to `true` to force-render\n * the GA4 snippet alongside GTM.\n */\n forceGa4WithGtm?: boolean\n}\n\n/**\n * Drop-in script injection for Google Tag Manager, Google Analytics 4, and\n * Meta Pixel. Each block renders only when its corresponding ID is set.\n *\n * Usage in `app/layout.tsx`:\n * ```tsx\n * import { createCmsClient } from '@distinctagency/cms-client'\n * import { TrackingScripts } from '@distinctagency/cms-client/tracking-scripts'\n *\n * export default async function RootLayout({ children }: { children: React.ReactNode }) {\n * const cms = createCmsClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const tracking = await cms.getTrackingConfig()\n * return (\n * <html>\n * <head>\n * <TrackingScripts config={tracking} />\n * </head>\n * <body>{children}</body>\n * </html>\n * )\n * }\n * ```\n */\nexport function TrackingScripts({ config, forceGa4WithGtm = false }: TrackingScriptsProps) {\n const { googleAnalyticsId, googleTagManagerId, googleAdsId, metaPixelId } = config\n const renderGa4 = !!googleAnalyticsId && (forceGa4WithGtm || !googleTagManagerId)\n // Google Ads is independent of the GA4/GTM \"only one\" rule — it's a separate\n // ads conversion product. Skip when GTM is set (configure AW inside GTM\n // instead, same reasoning as GA4) unless explicitly forced via the GA4 flag,\n // which we reuse: most tenants who force GA4 alongside GTM also want AW.\n const renderAds = !!googleAdsId && (forceGa4WithGtm || !googleTagManagerId)\n\n return (\n <>\n {googleTagManagerId && <GtmHeadScript id={googleTagManagerId} />}\n {(renderGa4 || renderAds) && (\n <GtagBundle ga4Id={renderGa4 ? googleAnalyticsId : null} adsId={renderAds ? googleAdsId : null} />\n )}\n {metaPixelId && <MetaPixelScript id={metaPixelId} />}\n </>\n )\n}\n\n/**\n * Renders the GTM `<noscript>` iframe that should live immediately after the\n * opening `<body>` tag. Use this alongside `<TrackingScripts />` if you also\n * want to support no-JS visitors.\n *\n * ```tsx\n * <body>\n * <TrackingNoScript config={tracking} />\n * ...\n * </body>\n * ```\n */\nexport function TrackingNoScript({ config }: { config: TrackingConfig }) {\n const { googleTagManagerId, metaPixelId } = config\n return (\n <>\n {googleTagManagerId && (\n <noscript>\n <iframe\n src={`https://www.googletagmanager.com/ns.html?id=${encodeURIComponent(googleTagManagerId)}`}\n height=\"0\"\n width=\"0\"\n style={{ display: \"none\", visibility: \"hidden\" }}\n />\n </noscript>\n )}\n {metaPixelId && (\n <noscript>\n <img\n height=\"1\"\n width=\"1\"\n style={{ display: \"none\" }}\n alt=\"\"\n src={`https://www.facebook.com/tr?id=${encodeURIComponent(metaPixelId)}&ev=PageView&noscript=1`}\n />\n </noscript>\n )}\n </>\n )\n}\n\nfunction GtmHeadScript({ id }: { id: string }) {\n const escaped = JSON.stringify(id)\n const html = `(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer',${escaped});`\n return <script dangerouslySetInnerHTML={{ __html: html }} />\n}\n\nfunction GtagBundle({ ga4Id, adsId }: { ga4Id: string | null; adsId: string | null }) {\n // The gtag library is the same regardless of how many products are configured.\n // Load it once with whichever ID is set first (URL `id` only affects the\n // initial config call inside the loader script — explicit gtag('config', ...)\n // calls below are what actually register each product).\n const loaderId = ga4Id ?? adsId\n if (!loaderId) return null\n const configs: string[] = []\n if (ga4Id) configs.push(`gtag('config', ${JSON.stringify(ga4Id)});`)\n if (adsId) configs.push(`gtag('config', ${JSON.stringify(adsId)});`)\n const html = `window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());${configs.join(\"\")}`\n return (\n <>\n <script async src={`https://www.googletagmanager.com/gtag/js?id=${encodeURIComponent(loaderId)}`} />\n <script dangerouslySetInnerHTML={{ __html: html }} />\n </>\n )\n}\n\nfunction MetaPixelScript({ id }: { id: string }) {\n const safeId = JSON.stringify(id)\n const html = `!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,document,'script','https://connect.facebook.net/en_US/fbevents.js');fbq('init', ${safeId});fbq('track', 'PageView');`\n return <script dangerouslySetInnerHTML={{ __html: html }} />\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAkDI;AAVG,SAAS,gBAAgB,EAAE,QAAQ,kBAAkB,MAAM,GAAyB;AACzF,QAAM,EAAE,mBAAmB,oBAAoB,aAAa,YAAY,IAAI;AAC5E,QAAM,YAAY,CAAC,CAAC,sBAAsB,mBAAmB,CAAC;AAK9D,QAAM,YAAY,CAAC,CAAC,gBAAgB,mBAAmB,CAAC;AAExD,SACE,4EACG;AAAA,0BAAsB,4CAAC,iBAAc,IAAI,oBAAoB;AAAA,KAC5D,aAAa,cACb,4CAAC,cAAW,OAAO,YAAY,oBAAoB,MAAM,OAAO,YAAY,cAAc,MAAM;AAAA,IAEjG,eAAe,4CAAC,mBAAgB,IAAI,aAAa;AAAA,KACpD;AAEJ;AAcO,SAAS,iBAAiB,EAAE,OAAO,GAA+B;AACvE,QAAM,EAAE,oBAAoB,YAAY,IAAI;AAC5C,SACE,4EACG;AAAA,0BACC,4CAAC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,KAAK,+CAA+C,mBAAmB,kBAAkB,CAAC;AAAA,QAC1F,QAAO;AAAA,QACP,OAAM;AAAA,QACN,OAAO,EAAE,SAAS,QAAQ,YAAY,SAAS;AAAA;AAAA,IACjD,GACF;AAAA,IAED,eACC,4CAAC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,QAAO;AAAA,QACP,OAAM;AAAA,QACN,OAAO,EAAE,SAAS,OAAO;AAAA,QACzB,KAAI;AAAA,QACJ,KAAK,kCAAkC,mBAAmB,WAAW,CAAC;AAAA;AAAA,IACxE,GACF;AAAA,KAEJ;AAEJ;AAEA,SAAS,cAAc,EAAE,GAAG,GAAmB;AAC7C,QAAM,UAAU,KAAK,UAAU,EAAE;AACjC,QAAM,OAAO,sUAAsU,OAAO;AAC1V,SAAO,4CAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAC5D;AAEA,SAAS,WAAW,EAAE,OAAO,MAAM,GAAmD;AAKpF,QAAM,WAAW,SAAS;AAC1B,MAAI,CAAC,SAAU,QAAO;AACtB,QAAM,UAAoB,CAAC;AAC3B,MAAI,MAAO,SAAQ,KAAK,kBAAkB,KAAK,UAAU,KAAK,CAAC,IAAI;AACnE,MAAI,MAAO,SAAQ,KAAK,kBAAkB,KAAK,UAAU,KAAK,CAAC,IAAI;AACnE,QAAM,OAAO,+GAA+G,QAAQ,KAAK,EAAE,CAAC;AAC5I,SACE,4EACE;AAAA,gDAAC,YAAO,OAAK,MAAC,KAAK,+CAA+C,mBAAmB,QAAQ,CAAC,IAAI;AAAA,IAClG,4CAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAAA,KACrD;AAEJ;AAEA,SAAS,gBAAgB,EAAE,GAAG,GAAmB;AAC/C,QAAM,SAAS,KAAK,UAAU,EAAE;AAChC,QAAM,OAAO,uYAAuY,MAAM;AAC1Z,SAAO,4CAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAC5D;","names":[]}
package/dist/tracking-scripts.mjs CHANGED
@@ -1,11 +1,12 @@
1
1
  // src/tracking-scripts.tsx
2
2
  import { Fragment, jsx, jsxs } from "react/jsx-runtime";
3
3
  function TrackingScripts({ config, forceGa4WithGtm = false }) {
4
- const { googleAnalyticsId, googleTagManagerId, metaPixelId } = config;
4
+ const { googleAnalyticsId, googleTagManagerId, googleAdsId, metaPixelId } = config;
5
5
  const renderGa4 = !!googleAnalyticsId && (forceGa4WithGtm || !googleTagManagerId);
6
+ const renderAds = !!googleAdsId && (forceGa4WithGtm || !googleTagManagerId);
6
7
  return /* @__PURE__ */ jsxs(Fragment, { children: [
7
8
  googleTagManagerId && /* @__PURE__ */ jsx(GtmHeadScript, { id: googleTagManagerId }),
8
- renderGa4 && googleAnalyticsId && /* @__PURE__ */ jsx(Ga4Script, { id: googleAnalyticsId }),
9
+ (renderGa4 || renderAds) && /* @__PURE__ */ jsx(GtagBundle, { ga4Id: renderGa4 ? googleAnalyticsId : null, adsId: renderAds ? googleAdsId : null }),
9
10
  metaPixelId && /* @__PURE__ */ jsx(MetaPixelScript, { id: metaPixelId })
10
11
  ] });
11
12
  }
@@ -38,11 +39,15 @@ function GtmHeadScript({ id }) {
38
39
  const html = `(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer',${escaped});`;
39
40
  return /* @__PURE__ */ jsx("script", { dangerouslySetInnerHTML: { __html: html } });
40
41
  }
41
- function Ga4Script({ id }) {
42
- const safeId = JSON.stringify(id);
43
- const html = `window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());gtag('config', ${safeId});`;
42
+ function GtagBundle({ ga4Id, adsId }) {
43
+ const loaderId = ga4Id ?? adsId;
44
+ if (!loaderId) return null;
45
+ const configs = [];
46
+ if (ga4Id) configs.push(`gtag('config', ${JSON.stringify(ga4Id)});`);
47
+ if (adsId) configs.push(`gtag('config', ${JSON.stringify(adsId)});`);
48
+ const html = `window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());${configs.join("")}`;
44
49
  return /* @__PURE__ */ jsxs(Fragment, { children: [
45
- /* @__PURE__ */ jsx("script", { async: true, src: `https://www.googletagmanager.com/gtag/js?id=${encodeURIComponent(id)}` }),
50
+ /* @__PURE__ */ jsx("script", { async: true, src: `https://www.googletagmanager.com/gtag/js?id=${encodeURIComponent(loaderId)}` }),
46
51
  /* @__PURE__ */ jsx("script", { dangerouslySetInnerHTML: { __html: html } })
47
52
  ] });
48
53
  }
package/dist/tracking-scripts.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/tracking-scripts.tsx"],"sourcesContent":["// Server-safe React component — renders inline <script> tags for third-party\n// trackers based on tenant config from cms.getTrackingConfig(). No \"use client\"\n// directive: this is meant to render in the document <head> from a Server\n// Component (e.g. app/layout.tsx).\n\nimport type { TrackingConfig } from \"./queries\"\n\ninterface TrackingScriptsProps {\n config: TrackingConfig\n /**\n * When both GTM and GA4 are set, by default only GTM is rendered (configure\n * GA4 inside GTM to avoid double-counting). Set this to `true` to force-render\n * the GA4 snippet alongside GTM.\n */\n forceGa4WithGtm?: boolean\n}\n\n/**\n * Drop-in script injection for Google Tag Manager, Google Analytics 4, and\n * Meta Pixel. Each block renders only when its corresponding ID is set.\n *\n * Usage in `app/layout.tsx`:\n * ```tsx\n * import { createCmsClient } from '@distinctagency/cms-client'\n * import { TrackingScripts } from '@distinctagency/cms-client/tracking-scripts'\n *\n * export default async function RootLayout({ children }: { children: React.ReactNode }) {\n * const cms = createCmsClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const tracking = await cms.getTrackingConfig()\n * return (\n * <html>\n * <head>\n * <TrackingScripts config={tracking} />\n * </head>\n * <body>{children}</body>\n * </html>\n * )\n * }\n * ```\n */\nexport function TrackingScripts({ config, forceGa4WithGtm = false }: TrackingScriptsProps) {\n const { googleAnalyticsId, googleTagManagerId, metaPixelId } = config\n const renderGa4 = !!googleAnalyticsId && (forceGa4WithGtm || !googleTagManagerId)\n\n return (\n <>\n {googleTagManagerId && <GtmHeadScript id={googleTagManagerId} />}\n {renderGa4 && googleAnalyticsId && <Ga4Script id={googleAnalyticsId} />}\n {metaPixelId && <MetaPixelScript id={metaPixelId} />}\n </>\n )\n}\n\n/**\n * Renders the GTM `<noscript>` iframe that should live immediately after the\n * opening `<body>` tag. Use this alongside `<TrackingScripts />` if you also\n * want to support no-JS visitors.\n *\n * ```tsx\n * <body>\n * <TrackingNoScript config={tracking} />\n * ...\n * </body>\n * ```\n */\nexport function TrackingNoScript({ config }: { config: TrackingConfig }) {\n const { googleTagManagerId, metaPixelId } = config\n return (\n <>\n {googleTagManagerId && (\n <noscript>\n <iframe\n src={`https://www.googletagmanager.com/ns.html?id=${encodeURIComponent(googleTagManagerId)}`}\n height=\"0\"\n width=\"0\"\n style={{ display: \"none\", visibility: \"hidden\" }}\n />\n </noscript>\n )}\n {metaPixelId && (\n <noscript>\n <img\n height=\"1\"\n width=\"1\"\n style={{ display: \"none\" }}\n alt=\"\"\n src={`https://www.facebook.com/tr?id=${encodeURIComponent(metaPixelId)}&ev=PageView&noscript=1`}\n />\n </noscript>\n )}\n </>\n )\n}\n\nfunction GtmHeadScript({ id }: { id: string }) {\n const escaped = JSON.stringify(id)\n const html = `(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer',${escaped});`\n return <script dangerouslySetInnerHTML={{ __html: html }} />\n}\n\nfunction Ga4Script({ id }: { id: string }) {\n const safeId = JSON.stringify(id)\n const html = `window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());gtag('config', ${safeId});`\n return (\n <>\n <script async src={`https://www.googletagmanager.com/gtag/js?id=${encodeURIComponent(id)}`} />\n <script dangerouslySetInnerHTML={{ __html: html }} />\n </>\n )\n}\n\nfunction MetaPixelScript({ id }: { id: string }) {\n const safeId = JSON.stringify(id)\n const html = `!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,document,'script','https://connect.facebook.net/en_US/fbevents.js');fbq('init', ${safeId});fbq('track', 'PageView');`\n return <script dangerouslySetInnerHTML={{ __html: html }} />\n}\n"],"mappings":";AA6CI,mBACyB,KADzB;AALG,SAAS,gBAAgB,EAAE,QAAQ,kBAAkB,MAAM,GAAyB;AACzF,QAAM,EAAE,mBAAmB,oBAAoB,YAAY,IAAI;AAC/D,QAAM,YAAY,CAAC,CAAC,sBAAsB,mBAAmB,CAAC;AAE9D,SACE,iCACG;AAAA,0BAAsB,oBAAC,iBAAc,IAAI,oBAAoB;AAAA,IAC7D,aAAa,qBAAqB,oBAAC,aAAU,IAAI,mBAAmB;AAAA,IACpE,eAAe,oBAAC,mBAAgB,IAAI,aAAa;AAAA,KACpD;AAEJ;AAcO,SAAS,iBAAiB,EAAE,OAAO,GAA+B;AACvE,QAAM,EAAE,oBAAoB,YAAY,IAAI;AAC5C,SACE,iCACG;AAAA,0BACC,oBAAC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,KAAK,+CAA+C,mBAAmB,kBAAkB,CAAC;AAAA,QAC1F,QAAO;AAAA,QACP,OAAM;AAAA,QACN,OAAO,EAAE,SAAS,QAAQ,YAAY,SAAS;AAAA;AAAA,IACjD,GACF;AAAA,IAED,eACC,oBAAC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,QAAO;AAAA,QACP,OAAM;AAAA,QACN,OAAO,EAAE,SAAS,OAAO;AAAA,QACzB,KAAI;AAAA,QACJ,KAAK,kCAAkC,mBAAmB,WAAW,CAAC;AAAA;AAAA,IACxE,GACF;AAAA,KAEJ;AAEJ;AAEA,SAAS,cAAc,EAAE,GAAG,GAAmB;AAC7C,QAAM,UAAU,KAAK,UAAU,EAAE;AACjC,QAAM,OAAO,sUAAsU,OAAO;AAC1V,SAAO,oBAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAC5D;AAEA,SAAS,UAAU,EAAE,GAAG,GAAmB;AACzC,QAAM,SAAS,KAAK,UAAU,EAAE;AAChC,QAAM,OAAO,8HAA8H,MAAM;AACjJ,SACE,iCACE;AAAA,wBAAC,YAAO,OAAK,MAAC,KAAK,+CAA+C,mBAAmB,EAAE,CAAC,IAAI;AAAA,IAC5F,oBAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAAA,KACrD;AAEJ;AAEA,SAAS,gBAAgB,EAAE,GAAG,GAAmB;AAC/C,QAAM,SAAS,KAAK,UAAU,EAAE;AAChC,QAAM,OAAO,uYAAuY,MAAM;AAC1Z,SAAO,oBAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAC5D;","names":[]}
1
+ {"version":3,"sources":["../src/tracking-scripts.tsx"],"sourcesContent":["// Server-safe React component — renders inline <script> tags for third-party\n// trackers based on tenant config from cms.getTrackingConfig(). No \"use client\"\n// directive: this is meant to render in the document <head> from a Server\n// Component (e.g. app/layout.tsx).\n\nimport type { TrackingConfig } from \"./queries\"\n\ninterface TrackingScriptsProps {\n config: TrackingConfig\n /**\n * When both GTM and GA4 are set, by default only GTM is rendered (configure\n * GA4 inside GTM to avoid double-counting). Set this to `true` to force-render\n * the GA4 snippet alongside GTM.\n */\n forceGa4WithGtm?: boolean\n}\n\n/**\n * Drop-in script injection for Google Tag Manager, Google Analytics 4, and\n * Meta Pixel. Each block renders only when its corresponding ID is set.\n *\n * Usage in `app/layout.tsx`:\n * ```tsx\n * import { createCmsClient } from '@distinctagency/cms-client'\n * import { TrackingScripts } from '@distinctagency/cms-client/tracking-scripts'\n *\n * export default async function RootLayout({ children }: { children: React.ReactNode }) {\n * const cms = createCmsClient(supabase, { apiKey: process.env.CMS_API_KEY! })\n * const tracking = await cms.getTrackingConfig()\n * return (\n * <html>\n * <head>\n * <TrackingScripts config={tracking} />\n * </head>\n * <body>{children}</body>\n * </html>\n * )\n * }\n * ```\n */\nexport function TrackingScripts({ config, forceGa4WithGtm = false }: TrackingScriptsProps) {\n const { googleAnalyticsId, googleTagManagerId, googleAdsId, metaPixelId } = config\n const renderGa4 = !!googleAnalyticsId && (forceGa4WithGtm || !googleTagManagerId)\n // Google Ads is independent of the GA4/GTM \"only one\" rule — it's a separate\n // ads conversion product. Skip when GTM is set (configure AW inside GTM\n // instead, same reasoning as GA4) unless explicitly forced via the GA4 flag,\n // which we reuse: most tenants who force GA4 alongside GTM also want AW.\n const renderAds = !!googleAdsId && (forceGa4WithGtm || !googleTagManagerId)\n\n return (\n <>\n {googleTagManagerId && <GtmHeadScript id={googleTagManagerId} />}\n {(renderGa4 || renderAds) && (\n <GtagBundle ga4Id={renderGa4 ? googleAnalyticsId : null} adsId={renderAds ? googleAdsId : null} />\n )}\n {metaPixelId && <MetaPixelScript id={metaPixelId} />}\n </>\n )\n}\n\n/**\n * Renders the GTM `<noscript>` iframe that should live immediately after the\n * opening `<body>` tag. Use this alongside `<TrackingScripts />` if you also\n * want to support no-JS visitors.\n *\n * ```tsx\n * <body>\n * <TrackingNoScript config={tracking} />\n * ...\n * </body>\n * ```\n */\nexport function TrackingNoScript({ config }: { config: TrackingConfig }) {\n const { googleTagManagerId, metaPixelId } = config\n return (\n <>\n {googleTagManagerId && (\n <noscript>\n <iframe\n src={`https://www.googletagmanager.com/ns.html?id=${encodeURIComponent(googleTagManagerId)}`}\n height=\"0\"\n width=\"0\"\n style={{ display: \"none\", visibility: \"hidden\" }}\n />\n </noscript>\n )}\n {metaPixelId && (\n <noscript>\n <img\n height=\"1\"\n width=\"1\"\n style={{ display: \"none\" }}\n alt=\"\"\n src={`https://www.facebook.com/tr?id=${encodeURIComponent(metaPixelId)}&ev=PageView&noscript=1`}\n />\n </noscript>\n )}\n </>\n )\n}\n\nfunction GtmHeadScript({ id }: { id: string }) {\n const escaped = JSON.stringify(id)\n const html = `(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer',${escaped});`\n return <script dangerouslySetInnerHTML={{ __html: html }} />\n}\n\nfunction GtagBundle({ ga4Id, adsId }: { ga4Id: string | null; adsId: string | null }) {\n // The gtag library is the same regardless of how many products are configured.\n // Load it once with whichever ID is set first (URL `id` only affects the\n // initial config call inside the loader script — explicit gtag('config', ...)\n // calls below are what actually register each product).\n const loaderId = ga4Id ?? adsId\n if (!loaderId) return null\n const configs: string[] = []\n if (ga4Id) configs.push(`gtag('config', ${JSON.stringify(ga4Id)});`)\n if (adsId) configs.push(`gtag('config', ${JSON.stringify(adsId)});`)\n const html = `window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());${configs.join(\"\")}`\n return (\n <>\n <script async src={`https://www.googletagmanager.com/gtag/js?id=${encodeURIComponent(loaderId)}`} />\n <script dangerouslySetInnerHTML={{ __html: html }} />\n </>\n )\n}\n\nfunction MetaPixelScript({ id }: { id: string }) {\n const safeId = JSON.stringify(id)\n const html = `!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,document,'script','https://connect.facebook.net/en_US/fbevents.js');fbq('init', ${safeId});fbq('track', 'PageView');`\n return <script dangerouslySetInnerHTML={{ __html: html }} />\n}\n"],"mappings":";AAkDI,mBACyB,KADzB;AAVG,SAAS,gBAAgB,EAAE,QAAQ,kBAAkB,MAAM,GAAyB;AACzF,QAAM,EAAE,mBAAmB,oBAAoB,aAAa,YAAY,IAAI;AAC5E,QAAM,YAAY,CAAC,CAAC,sBAAsB,mBAAmB,CAAC;AAK9D,QAAM,YAAY,CAAC,CAAC,gBAAgB,mBAAmB,CAAC;AAExD,SACE,iCACG;AAAA,0BAAsB,oBAAC,iBAAc,IAAI,oBAAoB;AAAA,KAC5D,aAAa,cACb,oBAAC,cAAW,OAAO,YAAY,oBAAoB,MAAM,OAAO,YAAY,cAAc,MAAM;AAAA,IAEjG,eAAe,oBAAC,mBAAgB,IAAI,aAAa;AAAA,KACpD;AAEJ;AAcO,SAAS,iBAAiB,EAAE,OAAO,GAA+B;AACvE,QAAM,EAAE,oBAAoB,YAAY,IAAI;AAC5C,SACE,iCACG;AAAA,0BACC,oBAAC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,KAAK,+CAA+C,mBAAmB,kBAAkB,CAAC;AAAA,QAC1F,QAAO;AAAA,QACP,OAAM;AAAA,QACN,OAAO,EAAE,SAAS,QAAQ,YAAY,SAAS;AAAA;AAAA,IACjD,GACF;AAAA,IAED,eACC,oBAAC,cACC;AAAA,MAAC;AAAA;AAAA,QACC,QAAO;AAAA,QACP,OAAM;AAAA,QACN,OAAO,EAAE,SAAS,OAAO;AAAA,QACzB,KAAI;AAAA,QACJ,KAAK,kCAAkC,mBAAmB,WAAW,CAAC;AAAA;AAAA,IACxE,GACF;AAAA,KAEJ;AAEJ;AAEA,SAAS,cAAc,EAAE,GAAG,GAAmB;AAC7C,QAAM,UAAU,KAAK,UAAU,EAAE;AACjC,QAAM,OAAO,sUAAsU,OAAO;AAC1V,SAAO,oBAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAC5D;AAEA,SAAS,WAAW,EAAE,OAAO,MAAM,GAAmD;AAKpF,QAAM,WAAW,SAAS;AAC1B,MAAI,CAAC,SAAU,QAAO;AACtB,QAAM,UAAoB,CAAC;AAC3B,MAAI,MAAO,SAAQ,KAAK,kBAAkB,KAAK,UAAU,KAAK,CAAC,IAAI;AACnE,MAAI,MAAO,SAAQ,KAAK,kBAAkB,KAAK,UAAU,KAAK,CAAC,IAAI;AACnE,QAAM,OAAO,+GAA+G,QAAQ,KAAK,EAAE,CAAC;AAC5I,SACE,iCACE;AAAA,wBAAC,YAAO,OAAK,MAAC,KAAK,+CAA+C,mBAAmB,QAAQ,CAAC,IAAI;AAAA,IAClG,oBAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAAA,KACrD;AAEJ;AAEA,SAAS,gBAAgB,EAAE,GAAG,GAAmB;AAC/C,QAAM,SAAS,KAAK,UAAU,EAAE;AAChC,QAAM,OAAO,uYAAuY,MAAM;AAC1Z,SAAO,oBAAC,YAAO,yBAAyB,EAAE,QAAQ,KAAK,GAAG;AAC5D;","names":[]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@distinctagency/cms-client",
3
- "version": "1.14.1",
3
+ "version": "1.16.0",
4
4
  "description": "Client library for Distinct CMS — query content, products, and manage orders",
5
5
  "main": "dist/index.js",
6
6
  "module": "dist/index.mjs",