@fusebase/fusebase-gate-sdk 2.3.4 → 2.3.5-sdk.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/apis/PortalFeatureContextApi.d.ts +24 -0
- package/dist/apis/PortalFeatureContextApi.js +30 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +3 -1
- package/dist/types/index.d.ts +1 -0
- package/dist/types/portal-feature-context/portal-feature-context.d.ts +18 -0
- package/dist/types/portal-feature-context/portal-feature-context.js +2 -0
- package/package.json +1 -1
- package/release-notes/2.3.5-sdk.0.md +9 -0
- package/release-notes/latest.md +3 -3
- package/release-notes/2.3.4-sdk.0.md +0 -46
- package/release-notes/2.3.4.md +0 -9
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* PortalFeatureContext API
|
|
3
|
+
*
|
|
4
|
+
* Generated from contract introspection
|
|
5
|
+
* Domain: portal-feature-context
|
|
6
|
+
*/
|
|
7
|
+
import type { Client } from "../runtime/transport";
|
|
8
|
+
import type { orgIdInPathRequired, VerifyPortalFeatureContextTokenRequestContract, VerifyPortalFeatureContextTokenResponseContract } from "../types";
|
|
9
|
+
export declare class PortalFeatureContextApi {
|
|
10
|
+
private client;
|
|
11
|
+
constructor(client: Client);
|
|
12
|
+
/**
|
|
13
|
+
* Verify portal embed context token
|
|
14
|
+
* Validates a platform-signed `portalFeatureContextToken` (iframe query param) and returns trusted portalId/workspaceId for backend RLS context. The token must match the path appId when bound to a specific app feature.
|
|
15
|
+
*/
|
|
16
|
+
verifyPortalFeatureContextToken(params: {
|
|
17
|
+
path: {
|
|
18
|
+
orgId: orgIdInPathRequired;
|
|
19
|
+
appId: string;
|
|
20
|
+
};
|
|
21
|
+
headers?: Record<string, string>;
|
|
22
|
+
body: VerifyPortalFeatureContextTokenRequestContract;
|
|
23
|
+
}): Promise<VerifyPortalFeatureContextTokenResponseContract>;
|
|
24
|
+
}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* PortalFeatureContext API
|
|
4
|
+
*
|
|
5
|
+
* Generated from contract introspection
|
|
6
|
+
* Domain: portal-feature-context
|
|
7
|
+
*/
|
|
8
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
+
exports.PortalFeatureContextApi = void 0;
|
|
10
|
+
class PortalFeatureContextApi {
|
|
11
|
+
constructor(client) {
|
|
12
|
+
this.client = client;
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* Verify portal embed context token
|
|
16
|
+
* Validates a platform-signed `portalFeatureContextToken` (iframe query param) and returns trusted portalId/workspaceId for backend RLS context. The token must match the path appId when bound to a specific app feature.
|
|
17
|
+
*/
|
|
18
|
+
async verifyPortalFeatureContextToken(params) {
|
|
19
|
+
return this.client.request({
|
|
20
|
+
method: "POST",
|
|
21
|
+
path: "/:orgId/apps/:appId/portal-feature-context/verify",
|
|
22
|
+
pathParams: params.path,
|
|
23
|
+
headers: params.headers,
|
|
24
|
+
body: params.body,
|
|
25
|
+
opId: "verifyPortalFeatureContextToken",
|
|
26
|
+
expectedContentType: "application/json",
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
exports.PortalFeatureContextApi = PortalFeatureContextApi;
|
package/dist/index.d.ts
CHANGED
|
@@ -19,6 +19,7 @@ export { NotesApi } from "./apis/NotesApi";
|
|
|
19
19
|
export { OrgGroupsApi } from "./apis/OrgGroupsApi";
|
|
20
20
|
export { OrgUsersApi } from "./apis/OrgUsersApi";
|
|
21
21
|
export { OrgsApi } from "./apis/OrgsApi";
|
|
22
|
+
export { PortalFeatureContextApi } from "./apis/PortalFeatureContextApi";
|
|
22
23
|
export { PortalsApi } from "./apis/PortalsApi";
|
|
23
24
|
export { SystemApi } from "./apis/SystemApi";
|
|
24
25
|
export { TokensApi } from "./apis/TokensApi";
|
package/dist/index.js
CHANGED
|
@@ -19,7 +19,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
19
19
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
20
20
|
};
|
|
21
21
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
22
|
-
exports.WorkspacesApi = exports.TokensApi = exports.SystemApi = exports.PortalsApi = exports.OrgsApi = exports.OrgUsersApi = exports.OrgGroupsApi = exports.NotesApi = exports.McpManagerApi = exports.IsolatedStoresApi = exports.HealthApi = exports.FusebaseAuthApi = exports.FilesApi = exports.EmailsApi = exports.BillingApi = exports.AppMagicLinksApi = exports.AppApisApi = exports.AccessApi = void 0;
|
|
22
|
+
exports.WorkspacesApi = exports.TokensApi = exports.SystemApi = exports.PortalsApi = exports.PortalFeatureContextApi = exports.OrgsApi = exports.OrgUsersApi = exports.OrgGroupsApi = exports.NotesApi = exports.McpManagerApi = exports.IsolatedStoresApi = exports.HealthApi = exports.FusebaseAuthApi = exports.FilesApi = exports.EmailsApi = exports.BillingApi = exports.AppMagicLinksApi = exports.AppApisApi = exports.AccessApi = void 0;
|
|
23
23
|
__exportStar(require("./runtime"), exports);
|
|
24
24
|
__exportStar(require("./types"), exports);
|
|
25
25
|
var AccessApi_1 = require("./apis/AccessApi");
|
|
@@ -50,6 +50,8 @@ var OrgUsersApi_1 = require("./apis/OrgUsersApi");
|
|
|
50
50
|
Object.defineProperty(exports, "OrgUsersApi", { enumerable: true, get: function () { return OrgUsersApi_1.OrgUsersApi; } });
|
|
51
51
|
var OrgsApi_1 = require("./apis/OrgsApi");
|
|
52
52
|
Object.defineProperty(exports, "OrgsApi", { enumerable: true, get: function () { return OrgsApi_1.OrgsApi; } });
|
|
53
|
+
var PortalFeatureContextApi_1 = require("./apis/PortalFeatureContextApi");
|
|
54
|
+
Object.defineProperty(exports, "PortalFeatureContextApi", { enumerable: true, get: function () { return PortalFeatureContextApi_1.PortalFeatureContextApi; } });
|
|
53
55
|
var PortalsApi_1 = require("./apis/PortalsApi");
|
|
54
56
|
Object.defineProperty(exports, "PortalsApi", { enumerable: true, get: function () { return PortalsApi_1.PortalsApi; } });
|
|
55
57
|
var SystemApi_1 = require("./apis/SystemApi");
|
package/dist/types/index.d.ts
CHANGED
|
@@ -18,6 +18,7 @@ export * from "./note/note";
|
|
|
18
18
|
export * from "./org-group/org-group";
|
|
19
19
|
export type { CreateWorkspaceRequestContract, OrgInviteContract, OrgMagicLinkContract, OrgPortalContract, OrgPortalListResponseContract, OrgUserAddRequestContract, OrgUserAddResponseContract, OrgUserContract, OrgUserListResponseContract, OrgWorkspaceContract, OrgWorkspaceInviteContract, OrgWorkspaceListResponseContract, OrgWorkspaceMemberContract } from "./org-user/org-user";
|
|
20
20
|
export * from "./orgs/orgs";
|
|
21
|
+
export type { VerifyPortalFeatureContextTokenRequestContract, VerifyPortalFeatureContextTokenResponseContract } from "./portal-feature-context/portal-feature-context";
|
|
21
22
|
export type { CreatePortalRequestContract, CreatePortalResponseContract, DuplicatePortalRequestContract, InviteToPortalRequestContract, InviteToPortalResponseContract, ListPortalContentResponseContract, PortalContentItemContract, PortalDetailContract, globalIdInPathRequired } from "./portals/portals";
|
|
22
23
|
export * from "./shared/common";
|
|
23
24
|
export * from "./shared/enums";
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Request body for verifyPortalFeatureContextToken.
|
|
3
|
+
*/
|
|
4
|
+
export interface VerifyPortalFeatureContextTokenRequestContract {
|
|
5
|
+
/** JWT from iframe query `portalFeatureContextToken`. */
|
|
6
|
+
token: string;
|
|
7
|
+
}
|
|
8
|
+
/**
|
|
9
|
+
* Trusted portal/workspace context extracted from a verified embed token.
|
|
10
|
+
*/
|
|
11
|
+
export interface VerifyPortalFeatureContextTokenResponseContract {
|
|
12
|
+
portalId: string;
|
|
13
|
+
workspaceId: string;
|
|
14
|
+
/** Product id (legacy payload field `appId`). */
|
|
15
|
+
productId: string;
|
|
16
|
+
/** App (feature) id (legacy payload field `featureId`). */
|
|
17
|
+
appId: string;
|
|
18
|
+
}
|
package/package.json
CHANGED
package/release-notes/latest.md
CHANGED
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
# Release Notes 2.3.4-sdk.0
|
|
2
|
-
|
|
3
|
-
- Current ref: `HEAD`
|
|
4
|
-
- Previous tag: `v2.3.3`
|
|
5
|
-
- Generated at: 2026-06-16T14:35:42.698Z
|
|
6
|
-
|
|
7
|
-
## Included Drafts
|
|
8
|
-
|
|
9
|
-
- `docs/release-notes/2026-06-16-token-rls-bypass-permission-validation.md` - Token creation accepts isolated_store RLS break-glass permissions
|
|
10
|
-
|
|
11
|
-
## Summary
|
|
12
|
-
|
|
13
|
-
### Token creation accepts isolated_store RLS break-glass permissions
|
|
14
|
-
|
|
15
|
-
Fix token creation rejecting `isolated_store.rls.bypass` and `isolated_store.rls.delegate` with `Invalid permission` even though they are part of the Gate permission catalog.
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
## API / SDK Changes
|
|
19
|
-
|
|
20
|
-
### Token creation accepts isolated_store RLS break-glass permissions
|
|
21
|
-
|
|
22
|
-
- No API contract changes.
|
|
23
|
-
- Token `POST` now accepts all permissions from the Gate catalog, including `isolated_store.rls.bypass` and `isolated_store.rls.delegate`.
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
## Consumer Impact
|
|
27
|
-
|
|
28
|
-
### Token creation accepts isolated_store RLS break-glass permissions
|
|
29
|
-
|
|
30
|
-
- Studio and other token-creation UIs can include RLS break-glass permissions when issuing owner/manager tokens.
|
|
31
|
-
- No migration or config changes required.
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
## Verification
|
|
35
|
-
|
|
36
|
-
### Token creation accepts isolated_store RLS break-glass permissions
|
|
37
|
-
|
|
38
|
-
- `npm test -- tests/unit/permissions.test.ts`
|
|
39
|
-
- Create a token via `POST /tokens` with `isolated_store.rls.bypass` in `permissions`.
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
## Follow-ups
|
|
43
|
-
|
|
44
|
-
### Token creation accepts isolated_store RLS break-glass permissions
|
|
45
|
-
|
|
46
|
-
- None.
|