@elvix.is/sdk 0.6.4 → 0.6.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.d.ts +20 -2
- package/dist/server.js +10 -4
- package/package.json +1 -1
package/dist/server.d.ts
CHANGED
|
@@ -12,9 +12,20 @@ type VerifyOptions = {
|
|
|
12
12
|
/** Per-request timeout in ms. Default 5000. */
|
|
13
13
|
timeoutMs?: number;
|
|
14
14
|
};
|
|
15
|
+
type VerifyArgs = {
|
|
16
|
+
/** End-user session token. The value the SDK handed you via `onResult({ token })`. */
|
|
17
|
+
token: string;
|
|
18
|
+
/** Your Application's client ID. Optional, but recommended — lets elvix scope
|
|
19
|
+
* the verify against the right application when one user spans multiple. */
|
|
20
|
+
clientId?: string;
|
|
21
|
+
/** Override the elvix origin for testing / proxy setups. */
|
|
22
|
+
baseUrl?: string;
|
|
23
|
+
/** Per-request timeout in ms. Default 5000. */
|
|
24
|
+
timeoutMs?: number;
|
|
25
|
+
};
|
|
15
26
|
/**
|
|
16
27
|
* Verify an end-user session token (the value the SDK handed you via
|
|
17
|
-
* `
|
|
28
|
+
* `onResult({ token })`) and get back the live user envelope — roles,
|
|
18
29
|
* scopes, memberships — for the token's application.
|
|
19
30
|
*
|
|
20
31
|
* The token is self-authenticating: POST it as a Bearer to
|
|
@@ -23,9 +34,16 @@ type VerifyOptions = {
|
|
|
23
34
|
* `ok:false` here within one request — call this on each protected request
|
|
24
35
|
* (or cache for a few seconds) and you enforce bans server-side too.
|
|
25
36
|
*
|
|
37
|
+
* Two call shapes — both supported, the object form is the canonical one
|
|
38
|
+
* since 0.6.5:
|
|
39
|
+
*
|
|
40
|
+
* await verifyElvixToken({ token, clientId }) // canonical
|
|
41
|
+
* await verifyElvixToken(token) // legacy, still works
|
|
42
|
+
*
|
|
26
43
|
* Returns a discriminated union — never throws on auth failure. Throws only
|
|
27
44
|
* on infra failure (network, timeout, malformed JSON).
|
|
28
45
|
*/
|
|
46
|
+
declare function verifyElvixToken(args: VerifyArgs): Promise<ElvixVerifyResult>;
|
|
29
47
|
declare function verifyElvixToken(token: string, opts?: VerifyOptions): Promise<ElvixVerifyResult>;
|
|
30
48
|
|
|
31
|
-
export { type VerifyOptions, verifyElvixToken };
|
|
49
|
+
export { type VerifyArgs, type VerifyOptions, verifyElvixToken };
|
package/dist/server.js
CHANGED
|
@@ -2,14 +2,20 @@ import "./chunk-MLKGABMK.js";
|
|
|
2
2
|
|
|
3
3
|
// src/server.ts
|
|
4
4
|
var DEFAULT_BASE_URL = "https://elvix.is";
|
|
5
|
-
async function verifyElvixToken(
|
|
6
|
-
const
|
|
5
|
+
async function verifyElvixToken(tokenOrArgs, opts = {}) {
|
|
6
|
+
const args = typeof tokenOrArgs === "string" ? { token: tokenOrArgs, baseUrl: opts.baseUrl, timeoutMs: opts.timeoutMs } : tokenOrArgs;
|
|
7
|
+
const { token, clientId } = args;
|
|
8
|
+
const url = `${args.baseUrl ?? DEFAULT_BASE_URL}/api/v1/session`;
|
|
7
9
|
const ctrl = new AbortController();
|
|
8
|
-
const timer = setTimeout(() => ctrl.abort(),
|
|
10
|
+
const timer = setTimeout(() => ctrl.abort(), args.timeoutMs ?? 5e3);
|
|
9
11
|
try {
|
|
12
|
+
const headers = {
|
|
13
|
+
authorization: `Bearer ${token}`
|
|
14
|
+
};
|
|
15
|
+
if (clientId) headers["x-elvix-client-id"] = clientId;
|
|
10
16
|
const res = await fetch(url, {
|
|
11
17
|
method: "POST",
|
|
12
|
-
headers
|
|
18
|
+
headers,
|
|
13
19
|
signal: ctrl.signal
|
|
14
20
|
});
|
|
15
21
|
const body = await res.json();
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@elvix.is/sdk",
|
|
3
|
-
"version": "0.6.
|
|
3
|
+
"version": "0.6.5",
|
|
4
4
|
"description": "Official elvix SDK. Drop-in React components, server helpers, and an MCP server so AI coding agents integrate elvix on the first try.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"homepage": "https://elvix.is",
|