@giaeulate/baas-sdk 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -45,18 +45,43 @@ type RealtimeCallback<T = any> = (payload: RealtimePayload<T>) => void;
45
45
  * Base class providing HTTP request infrastructure for all SDK modules
46
46
  */
47
47
 
48
+ /** Privilege class of the API key. anon = RLS applies (safe for browsers);
49
+ * service_role = RLS bypass / admin (server-side only). Both share the
50
+ * `baas_sk_` prefix, so the type cannot be inferred — it must be declared. */
51
+ type KeyType = 'anon' | 'service_role';
52
+ interface ClientOptions {
53
+ /** Defaults to 'service_role' for backward-compat. Set 'anon' in any client
54
+ * bundle (browser / mobile app) — see warnIfUnsafeKey. */
55
+ keyType?: KeyType;
56
+ }
48
57
  declare class HttpClient {
49
58
  url: string;
50
59
  apiKey: string;
60
+ keyType: KeyType;
51
61
  token: string | null;
62
+ refreshToken: string | null;
52
63
  private environment;
53
64
  private _onForceLogout;
54
- constructor(url?: string, apiKey?: string);
65
+ private _refreshing;
66
+ constructor(url?: string, apiKey?: string, options?: ClientOptions);
67
+ /** SECURITY: a service_role key bypasses RLS and grants admin over every
68
+ * tenant. If it ends up in a browser bundle, anyone can extract it. Warn
69
+ * loudly when a non-anon key is constructed in a browser context. */
70
+ private warnIfUnsafeKey;
55
71
  /**
56
72
  * Set the auth token manually (e.g. restoring from SecureStore in React Native).
57
73
  * Persists to both the in-memory property and localStorage so getDynamicToken() works.
58
74
  */
59
75
  setToken(token: string | null): void;
76
+ /** Persist the rotating refresh token (used by auto-refresh on 401). In the
77
+ * browser the server also sets an HttpOnly `baas_refresh` cookie, so storing
78
+ * it here is mainly for non-cookie clients (React Native). */
79
+ setRefreshToken(token: string | null): void;
80
+ private getRefreshToken;
81
+ /** Attempts a single token refresh, deduped across concurrent 401s. Sends the
82
+ * stored refresh token (falls back to the HttpOnly cookie in browsers). */
83
+ private tryRefresh;
84
+ private doRefresh;
60
85
  /**
61
86
  * Register a callback invoked on forced logout (401).
62
87
  * Use this in React Native instead of the default window.location redirect.
@@ -71,7 +96,7 @@ declare class HttpClient {
71
96
  /**
72
97
  * Core HTTP request method - DRY principle
73
98
  */
74
- protected request<T = any>(endpoint: string, options?: RequestOptions): Promise<T>;
99
+ protected request<T = any>(endpoint: string, options?: RequestOptions, _isRetry?: boolean): Promise<T>;
75
100
  protected get<T = any>(endpoint: string): Promise<T>;
76
101
  protected post<T = any>(endpoint: string, body?: unknown): Promise<T>;
77
102
  protected put<T = any>(endpoint: string, body?: unknown): Promise<T>;
@@ -133,7 +158,23 @@ declare class QueryBuilder {
133
158
  is(column: string, value: any): this;
134
159
  in(column: string, values: any[]): this;
135
160
  not(column: string, operator: string, value: any): this;
161
+ /** Array/jsonb/range contains (@>). Arrays become a `{a,b}` literal. */
162
+ contains(column: string, values: any): this;
163
+ /** Array/jsonb/range contained-by (<@). */
164
+ containedBy(column: string, values: any): this;
165
+ /** Array/range overlap (&&). */
166
+ overlaps(column: string, values: any): this;
167
+ /** Full-text search (@@). type: fts|plfts|phfts|wfts (tsquery flavour). */
168
+ textSearch(column: string, query: string, type?: 'fts' | 'plfts' | 'phfts' | 'wfts'): this;
169
+ private arrayLiteral;
170
+ /** OR group: `or=(c1,c2)`. Members are dotted `col.op.value` strings. */
136
171
  or(filters: string): this;
172
+ /** AND group: `and=(c1,c2)` — e.g. a range `qty.gt.5,qty.lt.20`. */
173
+ and(filters: string): this;
174
+ /** Negated AND group: `not.and=(...)`. */
175
+ notAnd(filters: string): this;
176
+ /** Negated OR group: `not.or=(...)`. */
177
+ notOr(filters: string): this;
137
178
  order(column: string, { ascending }?: {
138
179
  ascending?: boolean | undefined;
139
180
  }): this;
@@ -177,6 +218,26 @@ declare class QueryBuilder {
177
218
  } | {
178
219
  success: boolean;
179
220
  }>;
221
+ /** Insert-or-update on conflict. [onConflict] is the conflict-target column(s). */
222
+ upsert(data: any, onConflict: string): Promise<{
223
+ data: null;
224
+ error: any;
225
+ status: number;
226
+ } | {
227
+ data: any;
228
+ error: null;
229
+ status: number;
230
+ }>;
231
+ /**
232
+ * Count rows matching the current filters (PostgREST parity). Sends
233
+ * `Prefer: count=exact` and parses the total from the `Content-Range`
234
+ * response header. Returns `{ count, error, status }`.
235
+ */
236
+ count(): Promise<{
237
+ count: number;
238
+ error: string | null;
239
+ status: number;
240
+ }>;
180
241
  private getHeaders;
181
242
  private handleResponse;
182
243
  }
@@ -192,6 +253,7 @@ interface MFASetupResponse {
192
253
  }
193
254
  interface AuthModule {
194
255
  login(email: string, password: string): Promise<any>;
256
+ refresh(): Promise<any>;
195
257
  logout(): Promise<void>;
196
258
  verifyMFA(mfaToken: string, code: string): Promise<any>;
197
259
  verifyMFAWithRecoveryCode(mfaToken: string, recoveryCode: string): Promise<any>;
@@ -205,6 +267,10 @@ interface AuthModule {
205
267
  validateResetToken(token: string): Promise<any>;
206
268
  verifyEmail(token: string): Promise<any>;
207
269
  requestEmailVerification(): Promise<any>;
270
+ signInAnonymous(): Promise<any>;
271
+ requestOtp(email: string, createUser?: boolean): Promise<any>;
272
+ verifyOtp(type: 'email_otp' | 'magic_link', email: string, token: string): Promise<any>;
273
+ upgradeAnonymous(email: string, password: string): Promise<any>;
208
274
  getAuthProviders(): Promise<any>;
209
275
  getAuthProvider(provider: string): Promise<any>;
210
276
  configureAuthProvider(provider: string, clientID: string, clientSecret: string, enabled: boolean): Promise<any>;
@@ -303,6 +369,8 @@ interface StorageBucket {
303
369
  id: string;
304
370
  name: string;
305
371
  is_public: boolean;
372
+ /** Per-bucket upload cap in bytes (absent = no bucket-specific cap). */
373
+ max_bytes?: number;
306
374
  created_at: string;
307
375
  }
308
376
  interface StorageModule {
@@ -310,12 +378,22 @@ interface StorageModule {
310
378
  upload(file: File, bucketId?: string): Promise<StorageFile>;
311
379
  /** List all files across buckets. */
312
380
  listFiles(): Promise<StorageFile[]>;
313
- /** Get file metadata + a 15-min presigned download URL. */
314
- getFile(fileId: string): Promise<StorageFileWithUrl>;
381
+ /** Get file metadata + a presigned download URL. expiresIn (seconds) controls
382
+ * the URL lifetime (default 15m, server cap 7d). */
383
+ getFile(fileId: string, expiresIn?: number): Promise<StorageFileWithUrl>;
384
+ /** Create a time-limited signed download URL (Supabase createSignedUrl parity). */
385
+ createSignedUrl(fileId: string, expiresIn?: number): Promise<{
386
+ signedUrl: string;
387
+ }>;
315
388
  /** Delete a file by ID. */
316
389
  deleteFile(fileId: string): Promise<void>;
317
- /** Create a new bucket. */
318
- createBucket(name: string, isPublic?: boolean): Promise<StorageBucket>;
390
+ /** Create a new bucket. maxBytes sets a per-bucket upload cap (omit for none). */
391
+ createBucket(name: string, isPublic?: boolean, maxBytes?: number): Promise<StorageBucket>;
392
+ /** Update mutable bucket fields (is_public, max_bytes). */
393
+ updateBucket(bucketId: string, opts: {
394
+ isPublic?: boolean;
395
+ maxBytes?: number;
396
+ }): Promise<StorageBucket>;
319
397
  /** List all buckets. */
320
398
  listBuckets(): Promise<StorageBucket[]>;
321
399
  /** Get bucket info by ID. */
@@ -324,6 +402,10 @@ interface StorageModule {
324
402
  deleteBucket(bucketId: string): Promise<void>;
325
403
  /** List files inside a specific bucket. */
326
404
  listBucketFiles(bucketId: string): Promise<StorageFile[]>;
405
+ /** Download a file's bytes via the backend download route (streams + enforces
406
+ * the bucket's public/RLS rules; the Bearer is sent so private files work).
407
+ * Returns a Blob. */
408
+ download(fileId: string): Promise<Blob>;
327
409
  /** @deprecated Use upload(file, bucketId?) instead. */
328
410
  upload(table: string, file: File): Promise<any>;
329
411
  }
@@ -450,21 +532,26 @@ interface EnvVarsModule {
450
532
  */
451
533
 
452
534
  interface EmailConfig {
535
+ id?: string;
453
536
  provider: string;
454
537
  smtp_host?: string;
455
538
  smtp_port?: number;
456
539
  smtp_user?: string;
457
540
  smtp_password?: string;
541
+ smtp_secure?: boolean;
458
542
  sendgrid_api_key?: string;
459
543
  resend_api_key?: string;
460
544
  from_email: string;
461
545
  from_name?: string;
546
+ label?: string;
547
+ is_default?: boolean;
462
548
  }
463
549
  interface EmailTemplate {
464
550
  name: string;
465
551
  subject: string;
466
552
  text_body?: string;
467
553
  html_body?: string;
554
+ email_config_id?: string | null;
468
555
  }
469
556
  interface SendEmailInput {
470
557
  to: string[];
@@ -472,12 +559,16 @@ interface SendEmailInput {
472
559
  text_body?: string;
473
560
  html_body?: string;
474
561
  template_id?: string;
562
+ config_id?: string;
475
563
  template_data?: Record<string, any>;
476
564
  }
477
565
  interface EmailModule {
478
566
  send(input: SendEmailInput): Promise<any>;
479
567
  getConfig(): Promise<any>;
568
+ listConfigs(): Promise<any>;
480
569
  saveConfig(config: EmailConfig): Promise<any>;
570
+ setDefaultConfig(id: string): Promise<any>;
571
+ deleteConfig(id: string): Promise<any>;
481
572
  createTemplate(template: EmailTemplate): Promise<any>;
482
573
  listTemplates(): Promise<any>;
483
574
  getTemplate(id: string): Promise<any>;
@@ -562,6 +653,10 @@ interface AuditLogsOptions {
562
653
  interface AuditModule {
563
654
  list(options?: AuditLogsOptions): Promise<any>;
564
655
  getActions(): Promise<any>;
656
+ exportLogs(format: 'csv' | 'json', options?: AuditLogsOptions): Promise<any>;
657
+ purgePreview(olderThanDays: number): Promise<any>;
658
+ purge(olderThanDays: number): Promise<any>;
659
+ clearAll(): Promise<any>;
565
660
  }
566
661
 
567
662
  /**
@@ -639,14 +734,26 @@ interface BranchesModule {
639
734
  }
640
735
 
641
736
  /**
642
- * Realtime Module - WebSocket subscriptions
737
+ * Realtime Module - WebSocket subscriptions (CDC tables, Broadcast, Presence)
643
738
  */
644
739
 
645
740
  interface Subscription {
646
741
  unsubscribe: () => void;
647
742
  }
743
+ interface PresenceHandle {
744
+ leave: () => void;
745
+ }
648
746
  interface RealtimeModule {
649
- subscribe<T = any>(table: string, action: RealtimeAction, callback: RealtimeCallback<T>): Promise<Subscription>;
747
+ /** Subscribe to table changes. `filter` narrows delivery per-subscription
748
+ * (PostgREST-style "op.value" specs, e.g. { status: 'eq.pending' }). */
749
+ subscribe<T = any>(table: string, action: RealtimeAction, callback: RealtimeCallback<T>, filter?: Record<string, string>): Promise<Subscription>;
750
+ /** Subscribe to an ephemeral Broadcast channel (no DB, no RLS). */
751
+ subscribeBroadcast(channel: string, callback: (payload: any) => void): Promise<Subscription>;
752
+ /** Publish a message to a Broadcast channel. */
753
+ broadcast(channel: string, payload: unknown): void;
754
+ /** Join a Presence channel with an arbitrary state object. The callback
755
+ * receives sync/join/leave events with the member list. */
756
+ subscribePresence(channel: string, state: unknown, callback: (msg: any) => void): Promise<PresenceHandle>;
650
757
  }
651
758
 
652
759
  /**
@@ -658,6 +765,7 @@ interface ApiKeysModule {
658
765
  list(): Promise<any>;
659
766
  revoke(keyId: string): Promise<any>;
660
767
  delete(keyId: string): Promise<any>;
768
+ setBrand(keyId: string, emailConfigId: string): Promise<any>;
661
769
  getInstanceToken(): Promise<any>;
662
770
  regenerateInstanceToken(): Promise<any>;
663
771
  }
@@ -712,6 +820,69 @@ interface IPWhitelistModule {
712
820
  delete(id: string): Promise<any>;
713
821
  }
714
822
 
823
+ /**
824
+ * Cache Management Module
825
+ */
826
+
827
+ type CacheStrategy = 'no_cache' | 'ttl_only' | 'cdc_invalidation' | 'write_through';
828
+ interface CacheStatus {
829
+ connected: boolean;
830
+ backend: string;
831
+ version: string;
832
+ ping_latency_ms: number;
833
+ circuit_state: string;
834
+ cdc_lag_seconds: number;
835
+ }
836
+ interface CacheStats {
837
+ memory_used: string;
838
+ memory_used_bytes: number;
839
+ db_size: number;
840
+ uptime_seconds: number;
841
+ ops_per_sec: number;
842
+ namespaces_total: number;
843
+ }
844
+ interface CachePolicy {
845
+ namespace: string;
846
+ strategy: CacheStrategy;
847
+ ttl_seconds: number;
848
+ use_versioning: boolean;
849
+ is_default: boolean;
850
+ }
851
+ interface CacheKey {
852
+ key: string;
853
+ ttl_seconds: number;
854
+ }
855
+ interface CacheKeysResponse {
856
+ keys: CacheKey[];
857
+ next_cursor: number;
858
+ has_more: boolean;
859
+ }
860
+ interface CacheKeyInspect {
861
+ key: string;
862
+ exists: boolean;
863
+ ttl_seconds: number;
864
+ size_bytes: number;
865
+ value_preview: string;
866
+ value_truncated: boolean;
867
+ }
868
+ interface CacheModule {
869
+ getStatus(): Promise<CacheStatus>;
870
+ getStats(): Promise<CacheStats>;
871
+ listPolicies(): Promise<{
872
+ policies: CachePolicy[];
873
+ }>;
874
+ updatePolicy(namespace: string, body: {
875
+ strategy: CacheStrategy;
876
+ ttl_seconds: number;
877
+ use_versioning: boolean;
878
+ }): Promise<any>;
879
+ removePolicy(namespace: string): Promise<any>;
880
+ invalidateNamespace(namespace: string): Promise<any>;
881
+ invalidateAll(): Promise<any>;
882
+ listKeys(prefix: string, cursor?: number, count?: number): Promise<CacheKeysResponse>;
883
+ inspectKey(key: string): Promise<CacheKeyInspect>;
884
+ }
885
+
715
886
  /**
716
887
  * Main BaaS Client - Composes all feature modules
717
888
  *
@@ -753,11 +924,20 @@ declare class BaasClient extends HttpClient {
753
924
  readonly corsOrigins: CorsOriginsModule;
754
925
  readonly policies: PoliciesModule;
755
926
  readonly ipWhitelist: IPWhitelistModule;
756
- constructor(url?: string, apiKey?: string);
927
+ readonly cache: CacheModule;
928
+ constructor(url?: string, apiKey?: string, options?: ClientOptions);
757
929
  /**
758
930
  * Create a query builder for fluent data queries
759
931
  */
760
932
  from(table: string): QueryBuilder;
933
+ /**
934
+ * Invoke a PL/pgSQL function (PostgREST `.rpc()` parity). Runs under the
935
+ * caller's RLS context; args bind by name and are $N-safe. Pass [params] for
936
+ * POST (named args in the body) or set `opts.get = true` for the GET variant.
937
+ */
938
+ rpc(fn: string, params?: Record<string, any>, opts?: {
939
+ get?: boolean;
940
+ }): Promise<any>;
761
941
  login(email: string, password: string): Promise<any>;
762
942
  verifyMFA(mfaToken: string, code: string): Promise<any>;
763
943
  getProfile(): Promise<any>;
@@ -795,7 +975,7 @@ declare class BaasClient extends HttpClient {
795
975
  listStorageFiles(): Promise<StorageFile[]>;
796
976
  getStorageFile(fileId: string): Promise<StorageFileWithUrl>;
797
977
  deleteStorageFile(fileId: string): Promise<void>;
798
- createStorageBucket(name: string, isPublic?: boolean): Promise<StorageBucket>;
978
+ createStorageBucket(name: string, isPublic?: boolean, maxBytes?: number): Promise<StorageBucket>;
799
979
  listStorageBuckets(): Promise<StorageBucket[]>;
800
980
  getStorageBucket(bucketId: string): Promise<StorageBucket>;
801
981
  deleteStorageBucket(bucketId: string): Promise<void>;
@@ -805,6 +985,7 @@ declare class BaasClient extends HttpClient {
805
985
  listApiKeys(): Promise<any>;
806
986
  revokeApiKey(keyId: string): Promise<any>;
807
987
  deleteApiKey(keyId: string): Promise<any>;
988
+ setApiKeyBrand(keyId: string, emailConfigId: string): Promise<any>;
808
989
  getInstanceToken(): Promise<any>;
809
990
  regenerateInstanceToken(): Promise<any>;
810
991
  createBackup(options?: any): Promise<any>;
@@ -828,7 +1009,10 @@ declare class BaasClient extends HttpClient {
828
1009
  generateMigration(tableName: string, changes: any[]): Promise<any>;
829
1010
  sendEmail(input: any): Promise<any>;
830
1011
  getEmailConfig(): Promise<any>;
1012
+ listEmailConfigs(): Promise<any>;
831
1013
  saveEmailConfig(config: any): Promise<any>;
1014
+ setDefaultEmailConfig(id: string): Promise<any>;
1015
+ deleteEmailConfig(id: string): Promise<any>;
832
1016
  createEmailTemplate(template: any): Promise<any>;
833
1017
  listEmailTemplates(): Promise<any>;
834
1018
  getEmailTemplate(id: string): Promise<any>;
@@ -873,7 +1057,11 @@ declare class BaasClient extends HttpClient {
873
1057
  testWebhook(id: string): Promise<any>;
874
1058
  listAuditLogs(options?: any): Promise<any>;
875
1059
  getAuditActions(): Promise<any>;
876
- subscribe<T = any>(table: string, action: RealtimeAction, callback: RealtimeCallback<T>): Promise<Subscription>;
1060
+ exportAuditLogs(format: 'csv' | 'json', options?: any): Promise<any>;
1061
+ previewPurgeAuditLogs(olderThanDays: number): Promise<any>;
1062
+ purgeAuditLogs(olderThanDays: number): Promise<any>;
1063
+ clearAllAuditLogs(): Promise<any>;
1064
+ subscribe<T = any>(table: string, action: RealtimeAction, callback: RealtimeCallback<T>, filter?: Record<string, string>): Promise<Subscription>;
877
1065
  getEnvironmentStatus(): Promise<EnvironmentStatus>;
878
1066
  initTestEnvironment(): Promise<any>;
879
1067
  promoteTestToProd(): Promise<PromoteResult>;
@@ -889,4 +1077,4 @@ declare class BaasClient extends HttpClient {
889
1077
  deleteIPWhitelistEntry(id: string): Promise<any>;
890
1078
  }
891
1079
 
892
- export { type ApiKeysModule, type ApiResponse, type ApplicationLogsOptions, type AuditLogsOptions, type AuditModule, type AuthModule, BaasClient, type BackupsModule, type BranchesModule, type CorsOriginsModule, type CreatePolicyInput, type DatabaseModule, type EmailConfig, type EmailModule, type EmailTemplate, type EnvVarsModule, type EnvironmentsModule, type FunctionsModule, type GraphQLModule, HttpClient, type HttpMethod, type IPWhitelistEntry, type IPWhitelistModule, type JobInput, type JobUpdateInput, type JobsModule, type LogDrainInput, type LogDrainUpdateInput, type LogDrainsModule, type MetricsModule, type MigrationsModule, type PaginationOptions, type PoliciesModule, type Policy, QueryBuilder, type QueryFilter, type RealtimeModule, type RequestLogsOptions, type RequestOptions, type SearchModule, type SearchOptions, type SendEmailInput, type StorageBucket, type StorageFile, type StorageFileWithUrl, type StorageModule, type Subscription, type TimeseriesOptions, type UsersModule, type WebhookInput, type WebhookUpdateInput, type WebhooksModule };
1080
+ export { type ApiKeysModule, type ApiResponse, type ApplicationLogsOptions, type AuditLogsOptions, type AuditModule, type AuthModule, BaasClient, type BackupsModule, type BranchesModule, type CacheKey, type CacheKeyInspect, type CacheKeysResponse, type CacheModule, type CachePolicy, type CacheStats, type CacheStatus, type CacheStrategy, type CorsOriginsModule, type CreatePolicyInput, type DatabaseModule, type EmailConfig, type EmailModule, type EmailTemplate, type EnvVarsModule, type EnvironmentsModule, type FunctionsModule, type GraphQLModule, HttpClient, type HttpMethod, type IPWhitelistEntry, type IPWhitelistModule, type JobInput, type JobUpdateInput, type JobsModule, type LogDrainInput, type LogDrainUpdateInput, type LogDrainsModule, type MetricsModule, type MigrationsModule, type PaginationOptions, type PoliciesModule, type Policy, QueryBuilder, type QueryFilter, type RealtimeModule, type RequestLogsOptions, type RequestOptions, type SearchModule, type SearchOptions, type SendEmailInput, type StorageBucket, type StorageFile, type StorageFileWithUrl, type StorageModule, type Subscription, type TimeseriesOptions, type UsersModule, type WebhookInput, type WebhookUpdateInput, type WebhooksModule };