npm - @dotbots-boutique/auth-sdk - Versions diffs - 1.0.9 → 1.0.11 - Mend

@dotbots-boutique/auth-sdk 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +9 -9
package/dist/cjs/index.js +20 -4
package/dist/esm/index.js +20 -4
package/dist/types/DotBotsAuth.d.ts +1 -1
package/dist/types/PostMessageHandler.d.ts +4 -0
package/dist/types/index.js +20 -4
package/dist/types/types.d.ts +5 -5
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -115,7 +115,7 @@ App (frontend) → Local proxy (per server) → api.dotbots.ai
 During `initialize()`, the SDK fetches the proxy config from `GET {apiUrl}/api/proxy/config`. After that, all `auth.fetch()` calls are routed through the proxy automatically. If the proxy config cannot be fetched, the SDK falls back to direct communication with `apiUrl`.
-Auth endpoints (`/auth/*`) and the proxy config endpoint always go directly to `apiUrl` — never through the proxy.
+Only `GET /api/proxy/config` always goes directly to `apiUrl`. All other calls — auth token exchange, refresh, revoke, user info, payments, and `auth.fetch()` — go to `proxyUrl` when available, falling back to `apiUrl` when proxy is unavailable.
 ---
@@ -150,7 +150,7 @@ const response = await auth.fetch('/api/customers', {
 });
 ```
-This is the **only** method that routes via `proxyUrl`. All auth calls and the proxy config call always go directly to `apiUrl`.
+All SDK calls route via `proxyUrl` when available. Only `GET /api/proxy/config` always goes to `apiUrl`.
 ---
@@ -210,6 +210,7 @@ auth.on('sessionExpired', () => {
 });
 auth.on('loggedOut', () => { });
 auth.on('userLoaded', () => { });
+auth.on('charged', () => { });
 ```
 | Event | Description |
@@ -218,6 +219,7 @@ auth.on('userLoaded', () => { });
 | `loggedOut` | User logged out |
 | `sessionExpired` | Refresh token expired, user must re-authenticate |
 | `userLoaded` | User data was fetched |
+| `charged` | Successful charge — also sent as `DOTBOTS_CHARGE` postMessage to parent |
 ---
@@ -283,19 +285,17 @@ interface DotBotsConfig {
 ```typescript
 interface DotBotsUser {
   id: string;
-  name: string | null;        // null if 'profile' scope not granted
-  email: string | null;       // null if 'email' scope not granted
+  name: string;
+  email: string;
   orgId: string;
-  orgName: string | null;     // null if 'org' scope not granted
+  orgName: string;
   teams: { teamId: string; teamName: string }[];
   roles: string[];
   permissions: string[];
-  avatarUrl: string | null;   // null if 'avatar' scope not granted
+  avatarUrl?: string;
 }
 ```
-Fields marked as `null` are not provided by the platform because the user has not granted the corresponding scope.
 ---
 ## API Reference
@@ -340,7 +340,7 @@ Authenticated fetch wrapper. Routes through the proxy when available, falls back
 #### `charge(featureCode: string, paidBy: 'org' | 'app', quantity?: number): Promise<{ transactionId: string }>`
-Charges a feature usage. Calls `POST {proxyUrl}/payments/charge`. Throws `PAYMENT_FAILED` on 402 with a message indicating the reason (`INSUFFICIENT_BALANCE`, `BUDGET_EXCEEDED`, `FEATURE_NOT_FOUND`, `PAYMENT_REJECTED`).
+Charges a feature usage. Calls `POST {proxyUrl}/payments/charge`. On success, sends a `DOTBOTS_CHARGE` postMessage to the parent window (iframe only) and emits the `charged` event. Throws `PAYMENT_FAILED` on 402 with a message indicating the reason (`INSUFFICIENT_BALANCE`, `BUDGET_EXCEEDED`, `FEATURE_NOT_FOUND`, `PAYMENT_REJECTED`).
 #### `logout(): Promise<void>`

package/dist/cjs/index.js CHANGED Viewed

@@ -193,6 +193,15 @@ class PostMessageHandler {
             window.parent.postMessage({ type: 'DOTBOTS_LOGOUT' }, this.marketplaceOrigin);
         }
     }
+    /**
+     * Notify the parent of a successful charge (for real-time payment indicator).
+     */
+    sendCharge(appId, featureCode, amount, transactionId) {
+        if (this.isInIframe()) {
+            console.warn(`[DotBotsAuth] Sending DOTBOTS_CHARGE postMessage — featureCode: ${featureCode}, amount: ${amount}, transactionId: ${transactionId}`);
+            window.parent.postMessage({ type: 'DOTBOTS_CHARGE', appId, featureCode, amount, transactionId }, this.marketplaceOrigin);
+        }
+    }
 }
 class ProxyConfigManager {
@@ -328,6 +337,7 @@ class DotBotsAuth {
     async charge(featureCode, paidBy, quantity) {
         this.assertInitialized();
         const baseUrl = this.proxyConfigManager.getBaseUrl();
+        console.warn(`[DotBotsAuth] charge() — featureCode: ${featureCode}, paidBy: ${paidBy}, quantity: ${quantity ?? 1}`);
         const response = await this.buildRequest(`${baseUrl}/payments/charge`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
@@ -335,12 +345,18 @@ class DotBotsAuth {
         });
         if (response.status === 402) {
             const body = await response.json();
+            console.error(`[DotBotsAuth] charge() failed — 402: ${body.error}`, body.reason);
             throw new DotBotsAuthError('PAYMENT_FAILED', body.error, body.reason);
         }
         if (!response.ok) {
+            console.error(`[DotBotsAuth] charge() failed — HTTP ${response.status}`);
             throw new DotBotsAuthError('NETWORK_ERROR', 'Payment request failed');
         }
-        return response.json();
+        const result = await response.json();
+        console.warn(`[DotBotsAuth] charge() success — transactionId: ${result.transactionId}, amount: ${result.amount}`);
+        this.postMessageHandler.sendCharge(this.config.appId, featureCode, result.amount, result.transactionId);
+        this.emit('charged');
+        return result;
     }
     async logout() {
         this.assertInitialized();
@@ -352,7 +368,7 @@ class DotBotsAuth {
         }
         else {
             const redirectUri = encodeURIComponent(window.location.origin);
-            window.location.href = `${this.config.apiUrl}/auth/logout?redirectUri=${redirectUri}`;
+            window.location.href = `${this.config.apiUrl}/api/auth/logout?redirectUri=${redirectUri}`;
         }
     }
     on(event, handler) {
@@ -400,7 +416,7 @@ class DotBotsAuth {
         else if (!this.tokenManager.isAuthenticated()) {
             // Redirect to auth
             const redirectUri = encodeURIComponent(window.location.href);
-            window.location.href = `${this.config.apiUrl}/auth/authorize?appId=${this.config.appId}&redirectUri=${redirectUri}`;
+            window.location.href = `${this.config.apiUrl}/api/auth/authorize?appId=${this.config.appId}&redirectUri=${redirectUri}`;
         }
     }
     async buildRequest(url, options) {
@@ -432,7 +448,7 @@ class DotBotsAuth {
         }
     }
 }
-DotBotsAuth.SDK_VERSION = '1.0.9';
+DotBotsAuth.SDK_VERSION = '1.0.11';
 exports.DotBotsAuth = DotBotsAuth;
 exports.DotBotsAuthError = DotBotsAuthError;

package/dist/esm/index.js CHANGED Viewed

@@ -191,6 +191,15 @@ class PostMessageHandler {
             window.parent.postMessage({ type: 'DOTBOTS_LOGOUT' }, this.marketplaceOrigin);
         }
     }
+    /**
+     * Notify the parent of a successful charge (for real-time payment indicator).
+     */
+    sendCharge(appId, featureCode, amount, transactionId) {
+        if (this.isInIframe()) {
+            console.warn(`[DotBotsAuth] Sending DOTBOTS_CHARGE postMessage — featureCode: ${featureCode}, amount: ${amount}, transactionId: ${transactionId}`);
+            window.parent.postMessage({ type: 'DOTBOTS_CHARGE', appId, featureCode, amount, transactionId }, this.marketplaceOrigin);
+        }
+    }
 }
 class ProxyConfigManager {
@@ -326,6 +335,7 @@ class DotBotsAuth {
     async charge(featureCode, paidBy, quantity) {
         this.assertInitialized();
         const baseUrl = this.proxyConfigManager.getBaseUrl();
+        console.warn(`[DotBotsAuth] charge() — featureCode: ${featureCode}, paidBy: ${paidBy}, quantity: ${quantity ?? 1}`);
         const response = await this.buildRequest(`${baseUrl}/payments/charge`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
@@ -333,12 +343,18 @@ class DotBotsAuth {
         });
         if (response.status === 402) {
             const body = await response.json();
+            console.error(`[DotBotsAuth] charge() failed — 402: ${body.error}`, body.reason);
             throw new DotBotsAuthError('PAYMENT_FAILED', body.error, body.reason);
         }
         if (!response.ok) {
+            console.error(`[DotBotsAuth] charge() failed — HTTP ${response.status}`);
             throw new DotBotsAuthError('NETWORK_ERROR', 'Payment request failed');
         }
-        return response.json();
+        const result = await response.json();
+        console.warn(`[DotBotsAuth] charge() success — transactionId: ${result.transactionId}, amount: ${result.amount}`);
+        this.postMessageHandler.sendCharge(this.config.appId, featureCode, result.amount, result.transactionId);
+        this.emit('charged');
+        return result;
     }
     async logout() {
         this.assertInitialized();
@@ -350,7 +366,7 @@ class DotBotsAuth {
         }
         else {
             const redirectUri = encodeURIComponent(window.location.origin);
-            window.location.href = `${this.config.apiUrl}/auth/logout?redirectUri=${redirectUri}`;
+            window.location.href = `${this.config.apiUrl}/api/auth/logout?redirectUri=${redirectUri}`;
         }
     }
     on(event, handler) {
@@ -398,7 +414,7 @@ class DotBotsAuth {
         else if (!this.tokenManager.isAuthenticated()) {
             // Redirect to auth
             const redirectUri = encodeURIComponent(window.location.href);
-            window.location.href = `${this.config.apiUrl}/auth/authorize?appId=${this.config.appId}&redirectUri=${redirectUri}`;
+            window.location.href = `${this.config.apiUrl}/api/auth/authorize?appId=${this.config.appId}&redirectUri=${redirectUri}`;
         }
     }
     async buildRequest(url, options) {
@@ -430,6 +446,6 @@ class DotBotsAuth {
         }
     }
 }
-DotBotsAuth.SDK_VERSION = '1.0.9';
+DotBotsAuth.SDK_VERSION = '1.0.11';
 export { DotBotsAuth, DotBotsAuthError };

package/dist/types/DotBotsAuth.d.ts CHANGED Viewed

@@ -8,7 +8,7 @@ export declare class DotBotsAuth {
     private readonly listeners;
     private cachedUser;
     private initialized;
-    static readonly SDK_VERSION = "1.0.9";
+    static readonly SDK_VERSION = "1.0.11";
     constructor(config: DotBotsConfig);
     initialize(): Promise<void>;
     getUser(): Promise<DotBotsUser>;

package/dist/types/PostMessageHandler.d.ts CHANGED Viewed

@@ -15,4 +15,8 @@ export declare class PostMessageHandler {
      * Notify the parent that the user has logged out.
      */
     sendLogout(): void;
+    /**
+     * Notify the parent of a successful charge (for real-time payment indicator).
+     */
+    sendCharge(appId: string, featureCode: string, amount: number, transactionId: string): void;
 }

package/dist/types/index.js CHANGED Viewed

@@ -191,6 +191,15 @@ class PostMessageHandler {
             window.parent.postMessage({ type: 'DOTBOTS_LOGOUT' }, this.marketplaceOrigin);
         }
     }
+    /**
+     * Notify the parent of a successful charge (for real-time payment indicator).
+     */
+    sendCharge(appId, featureCode, amount, transactionId) {
+        if (this.isInIframe()) {
+            console.warn(`[DotBotsAuth] Sending DOTBOTS_CHARGE postMessage — featureCode: ${featureCode}, amount: ${amount}, transactionId: ${transactionId}`);
+            window.parent.postMessage({ type: 'DOTBOTS_CHARGE', appId, featureCode, amount, transactionId }, this.marketplaceOrigin);
+        }
+    }
 }
 class ProxyConfigManager {
@@ -326,6 +335,7 @@ class DotBotsAuth {
     async charge(featureCode, paidBy, quantity) {
         this.assertInitialized();
         const baseUrl = this.proxyConfigManager.getBaseUrl();
+        console.warn(`[DotBotsAuth] charge() — featureCode: ${featureCode}, paidBy: ${paidBy}, quantity: ${quantity ?? 1}`);
         const response = await this.buildRequest(`${baseUrl}/payments/charge`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
@@ -333,12 +343,18 @@ class DotBotsAuth {
         });
         if (response.status === 402) {
             const body = await response.json();
+            console.error(`[DotBotsAuth] charge() failed — 402: ${body.error}`, body.reason);
             throw new DotBotsAuthError('PAYMENT_FAILED', body.error, body.reason);
         }
         if (!response.ok) {
+            console.error(`[DotBotsAuth] charge() failed — HTTP ${response.status}`);
             throw new DotBotsAuthError('NETWORK_ERROR', 'Payment request failed');
         }
-        return response.json();
+        const result = await response.json();
+        console.warn(`[DotBotsAuth] charge() success — transactionId: ${result.transactionId}, amount: ${result.amount}`);
+        this.postMessageHandler.sendCharge(this.config.appId, featureCode, result.amount, result.transactionId);
+        this.emit('charged');
+        return result;
     }
     async logout() {
         this.assertInitialized();
@@ -350,7 +366,7 @@ class DotBotsAuth {
         }
         else {
             const redirectUri = encodeURIComponent(window.location.origin);
-            window.location.href = `${this.config.apiUrl}/auth/logout?redirectUri=${redirectUri}`;
+            window.location.href = `${this.config.apiUrl}/api/auth/logout?redirectUri=${redirectUri}`;
         }
     }
     on(event, handler) {
@@ -398,7 +414,7 @@ class DotBotsAuth {
         else if (!this.tokenManager.isAuthenticated()) {
             // Redirect to auth
             const redirectUri = encodeURIComponent(window.location.href);
-            window.location.href = `${this.config.apiUrl}/auth/authorize?appId=${this.config.appId}&redirectUri=${redirectUri}`;
+            window.location.href = `${this.config.apiUrl}/api/auth/authorize?appId=${this.config.appId}&redirectUri=${redirectUri}`;
         }
     }
     async buildRequest(url, options) {
@@ -430,6 +446,6 @@ class DotBotsAuth {
         }
     }
 }
-DotBotsAuth.SDK_VERSION = '1.0.9';
+DotBotsAuth.SDK_VERSION = '1.0.11';
 export { DotBotsAuth, DotBotsAuthError };

package/dist/types/types.d.ts CHANGED Viewed

@@ -19,17 +19,17 @@ export interface DotBotsConfig {
 }
 export interface DotBotsUser {
     id: string;
-    name: string | null;
-    email: string | null;
+    name: string;
+    email: string;
     orgId: string;
-    orgName: string | null;
+    orgName: string;
     teams: {
         teamId: string;
         teamName: string;
     }[];
     roles: string[];
     permissions: string[];
-    avatarUrl: string | null;
+    avatarUrl?: string;
 }
 export interface DotBotsProxyConfig {
     /** URL of the local proxy, e.g. 'https://proxy.test-apps.dotbots.boutique' */
@@ -40,7 +40,7 @@ export interface DotBotsProxyConfig {
     cacheTtl: number;
 }
 export type ProxyFeature = 'cache' | 'localdb' | 'webhooks' | 'ratelimit';
-export type DotBotsAuthEvent = 'tokenRefreshed' | 'loggedOut' | 'sessionExpired' | 'userLoaded';
+export type DotBotsAuthEvent = 'tokenRefreshed' | 'loggedOut' | 'sessionExpired' | 'userLoaded' | 'charged';
 export type DotBotsAuthErrorCode = 'IFRAME_TIMEOUT' | 'CODE_EXPIRED' | 'UNAUTHORIZED' | 'REFRESH_FAILED' | 'NETWORK_ERROR' | 'NOT_INITIALIZED' | 'PROXY_UNAVAILABLE' | 'PAYMENT_FAILED';
 export interface TokenPair {
     accessToken: string;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dotbots-boutique/auth-sdk",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "description": "Authentication SDK for DotBots marketplace apps",
   "license": "MIT",
   "type": "module",