@haex-space/vault-sdk 2.5.101 → 2.5.102

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.mts +18 -25
  2. package/dist/index.d.ts +18 -25
  3. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -90,19 +90,25 @@ declare function installPolyfills(): void;
90
90
  */
91
91
  /**
92
92
  * S3-compatible storage configuration provided by the sync server.
93
- * This contains all credentials needed to access the user's storage bucket.
93
+ *
94
+ * When using the sync server's S3 proxy, the client authenticates with their
95
+ * existing auth token (Bearer token), so accessKeyId and secretAccessKey are
96
+ * not needed.
97
+ *
98
+ * For direct S3 access to providers like AWS S3 or Wasabi, the client would
99
+ * provide their own credentials.
94
100
  */
95
101
  interface StorageConfig {
96
- /** S3 endpoint URL (e.g., "https://supabase.haex.space/storage/v1/s3") */
102
+ /** S3 endpoint URL (e.g., "https://sync.haex.space/storage/s3") */
97
103
  endpoint: string;
98
- /** Access Key ID (Supabase project reference) */
99
- accessKeyId: string;
100
- /** Secret Access Key (Supabase anon key) */
101
- secretAccessKey: string;
102
104
  /** User's bucket name (e.g., "storage-{user_id}") */
103
105
  bucket: string;
104
- /** S3 region (usually "auto" for Supabase) */
106
+ /** S3 region (usually "auto" for Supabase/proxy) */
105
107
  region: string;
108
+ /** Access Key ID - only needed for direct S3 access (AWS, Wasabi, etc.) */
109
+ accessKeyId?: string;
110
+ /** Secret Access Key - only needed for direct S3 access (AWS, Wasabi, etc.) */
111
+ secretAccessKey?: string;
106
112
  }
107
113
  /**
108
114
  * User info returned from auth endpoints
@@ -118,14 +124,14 @@ interface AuthUser {
118
124
  *
119
125
  * Contains:
120
126
  * - Session tokens for vault sync (access_token, refresh_token)
121
- * - Storage-only token for S3 operations (storage_token)
122
127
  * - Pre-configured S3 storage settings (storage_config)
123
128
  *
124
- * The storage_token is scoped to only allow S3 storage access.
125
- * It cannot be used to access vault data or other sensitive resources.
129
+ * The access_token is used for both vault sync operations and S3 proxy access.
130
+ * The sync server's S3 proxy validates the token and forwards requests to
131
+ * the underlying storage backend.
126
132
  */
127
133
  interface LoginResponse {
128
- /** JWT access token for vault sync operations */
134
+ /** JWT access token for vault sync and storage operations */
129
135
  access_token: string;
130
136
  /** Refresh token for obtaining new access tokens */
131
137
  refresh_token: string;
@@ -135,22 +141,9 @@ interface LoginResponse {
135
141
  expires_at: number;
136
142
  /** Authenticated user info */
137
143
  user: AuthUser;
138
- /**
139
- * Storage-only JWT token for S3 operations.
140
- * This token is scoped to only allow storage access (scope: "storage").
141
- * It cannot be used to access vault_keys, sync_changes, or other sensitive data.
142
- * Only present if SUPABASE_JWT_SECRET is configured on the server.
143
- */
144
- storage_token?: string;
145
- /**
146
- * Storage token expiration timestamp (Unix epoch).
147
- * Same as expires_at since both tokens expire at the same time.
148
- */
149
- storage_token_expires_at?: number;
150
144
  /**
151
145
  * Pre-configured S3 storage settings.
152
- * Contains all credentials needed to access the user's storage bucket.
153
- * Only present if storage_token is available.
146
+ * Contains the proxy endpoint and bucket name for the user's storage.
154
147
  */
155
148
  storage_config?: StorageConfig;
156
149
  }
package/dist/index.d.ts CHANGED
@@ -90,19 +90,25 @@ declare function installPolyfills(): void;
90
90
  */
91
91
  /**
92
92
  * S3-compatible storage configuration provided by the sync server.
93
- * This contains all credentials needed to access the user's storage bucket.
93
+ *
94
+ * When using the sync server's S3 proxy, the client authenticates with their
95
+ * existing auth token (Bearer token), so accessKeyId and secretAccessKey are
96
+ * not needed.
97
+ *
98
+ * For direct S3 access to providers like AWS S3 or Wasabi, the client would
99
+ * provide their own credentials.
94
100
  */
95
101
  interface StorageConfig {
96
- /** S3 endpoint URL (e.g., "https://supabase.haex.space/storage/v1/s3") */
102
+ /** S3 endpoint URL (e.g., "https://sync.haex.space/storage/s3") */
97
103
  endpoint: string;
98
- /** Access Key ID (Supabase project reference) */
99
- accessKeyId: string;
100
- /** Secret Access Key (Supabase anon key) */
101
- secretAccessKey: string;
102
104
  /** User's bucket name (e.g., "storage-{user_id}") */
103
105
  bucket: string;
104
- /** S3 region (usually "auto" for Supabase) */
106
+ /** S3 region (usually "auto" for Supabase/proxy) */
105
107
  region: string;
108
+ /** Access Key ID - only needed for direct S3 access (AWS, Wasabi, etc.) */
109
+ accessKeyId?: string;
110
+ /** Secret Access Key - only needed for direct S3 access (AWS, Wasabi, etc.) */
111
+ secretAccessKey?: string;
106
112
  }
107
113
  /**
108
114
  * User info returned from auth endpoints
@@ -118,14 +124,14 @@ interface AuthUser {
118
124
  *
119
125
  * Contains:
120
126
  * - Session tokens for vault sync (access_token, refresh_token)
121
- * - Storage-only token for S3 operations (storage_token)
122
127
  * - Pre-configured S3 storage settings (storage_config)
123
128
  *
124
- * The storage_token is scoped to only allow S3 storage access.
125
- * It cannot be used to access vault data or other sensitive resources.
129
+ * The access_token is used for both vault sync operations and S3 proxy access.
130
+ * The sync server's S3 proxy validates the token and forwards requests to
131
+ * the underlying storage backend.
126
132
  */
127
133
  interface LoginResponse {
128
- /** JWT access token for vault sync operations */
134
+ /** JWT access token for vault sync and storage operations */
129
135
  access_token: string;
130
136
  /** Refresh token for obtaining new access tokens */
131
137
  refresh_token: string;
@@ -135,22 +141,9 @@ interface LoginResponse {
135
141
  expires_at: number;
136
142
  /** Authenticated user info */
137
143
  user: AuthUser;
138
- /**
139
- * Storage-only JWT token for S3 operations.
140
- * This token is scoped to only allow storage access (scope: "storage").
141
- * It cannot be used to access vault_keys, sync_changes, or other sensitive data.
142
- * Only present if SUPABASE_JWT_SECRET is configured on the server.
143
- */
144
- storage_token?: string;
145
- /**
146
- * Storage token expiration timestamp (Unix epoch).
147
- * Same as expires_at since both tokens expire at the same time.
148
- */
149
- storage_token_expires_at?: number;
150
144
  /**
151
145
  * Pre-configured S3 storage settings.
152
- * Contains all credentials needed to access the user's storage bucket.
153
- * Only present if storage_token is available.
146
+ * Contains the proxy endpoint and bucket name for the user's storage.
154
147
  */
155
148
  storage_config?: StorageConfig;
156
149
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@haex-space/vault-sdk",
3
- "version": "2.5.101",
3
+ "version": "2.5.102",
4
4
  "description": "SDK for building Haex Vault extensions",
5
5
  "repository": {
6
6
  "type": "git",