npm - @howone/sdk - Versions diffs - 0.1.9 → 0.1.10 - Mend

@howone/sdk 0.1.9 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -366,6 +366,9 @@ declare function createClient(opts?: {
         tokenInjection?: {
             allowedOrigins?: string[];
             waitMs?: number;
+            clearUrlParamsAfterInjectionMs?: number;
+            clearAllUrlParams?: boolean;
+            sensitiveParams?: string[];
         };
     };
     requestInstance?: Request;
@@ -395,6 +398,10 @@ declare function createClient(opts?: {
         login: (redirect?: string) => void;
         logout: () => void;
     };
+    sanitizeUrl: (o?: {
+        clearAll?: boolean;
+        sensitiveParams?: string[];
+    }) => void;
 };
 interface LoginFormProps {

package/dist/index.d.ts CHANGED Viewed

@@ -366,6 +366,9 @@ declare function createClient(opts?: {
         tokenInjection?: {
             allowedOrigins?: string[];
             waitMs?: number;
+            clearUrlParamsAfterInjectionMs?: number;
+            clearAllUrlParams?: boolean;
+            sensitiveParams?: string[];
         };
     };
     requestInstance?: Request;
@@ -395,6 +398,10 @@ declare function createClient(opts?: {
         login: (redirect?: string) => void;
         logout: () => void;
     };
+    sanitizeUrl: (o?: {
+        clearAll?: boolean;
+        sensitiveParams?: string[];
+    }) => void;
 };
 interface LoginFormProps {

package/dist/index.js CHANGED Viewed

@@ -293,14 +293,14 @@ var FloatingButton = ({
         fontWeight: "bold",
         bottom: "28px"
       },
-      children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "flex items-center gap-2", children: [
+      children: /* @__PURE__ */ (0, import_jsx_runtime.jsxs)("div", { className: "flex items-center gap-2", style: { cursor: "pointer" }, children: [
         /* @__PURE__ */ (0, import_jsx_runtime.jsx)("img", { width: 20, className: "pointer-events-auto", src: "https://sxwxqoixnnklnpeutjrj.supabase.co/storage/v1/object/public/create-x/logo/logo-sm.svg", alt: "" }),
         text,
         /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_iconify.Icon, { icon: "mdi:close", onClick: (e) => {
           e.stopPropagation();
           const btn = document.getElementById("floating-howone-btn");
           if (btn) btn.style.display = "none";
-        }, className: "w-5 h-5 font-bold pointer-events-auto", style: { cursor: "pointer" } })
+        }, className: "w-5 h-5 font-bold pointer-events-auto" })
       ] })
     }
   );
@@ -962,6 +962,91 @@ init_auth();
 init_config();
 init_config();
 init_auth();
+// src/utils/urlSanitizer.ts
+var DEFAULT_SENSITIVE = ["token", "access_token", "auth", "auth_token"];
+function removeSensitiveParamsFromUrl(opts) {
+  if (typeof window === "undefined") return;
+  try {
+    const { clearAll, sensitiveParams, includeHash = true, onChanged } = opts || {};
+    const sens = (sensitiveParams && sensitiveParams.length > 0 ? sensitiveParams : DEFAULT_SENSITIVE).map((s) => s.toLowerCase());
+    const before = window.location.href;
+    const url = new URL(before);
+    if (clearAll) {
+      url.search = "";
+    } else if (url.search) {
+      let changed = false;
+      for (const [k] of url.searchParams) {
+        if (sens.includes(k.toLowerCase())) {
+          url.searchParams.delete(k);
+          changed = true;
+        }
+      }
+      if (changed) {
+        const qs = url.searchParams.toString();
+        url.search = qs ? `?${qs}` : "";
+      }
+    }
+    if (includeHash && url.hash) {
+      const raw = url.hash.slice(1);
+      if (raw.includes("=")) {
+        const hp = new URLSearchParams(raw);
+        let changed = false;
+        for (const [k] of hp) {
+          if (clearAll || sens.includes(k.toLowerCase())) {
+            hp.delete(k);
+            changed = true;
+          }
+        }
+        if (changed) {
+          const hs = hp.toString();
+          url.hash = hs ? `#${hs}` : "";
+        }
+      } else {
+        if (!clearAll && sens.some((p) => raw.toLowerCase().startsWith(p))) {
+          url.hash = "";
+        } else if (clearAll) {
+          url.hash = "";
+        }
+      }
+    }
+    const next = url.pathname + url.search + url.hash;
+    if (next !== window.location.pathname + window.location.search + window.location.hash) {
+      window.history.replaceState(window.history.state, document.title, next);
+      onChanged && onChanged(next);
+    }
+  } catch (e) {
+    console.warn("[howone][urlSanitizer] failed", e);
+  }
+}
+function setupClearUrlTokenListener(opts) {
+  if (typeof window === "undefined") return;
+  if (window.__howone_url_sanitize_registered) return;
+  window.__howone_url_sanitize_registered = true;
+  const allowed = opts?.allowedOrigins || [];
+  function handler(ev) {
+    try {
+      if (!ev.data || typeof ev.data !== "object") return;
+      if (ev.data.type !== "CLEAR_URL_TOKEN") return;
+      if (allowed.length > 0 && !allowed.includes(ev.origin)) return;
+      removeSensitiveParamsFromUrl({
+        clearAll: opts?.clearAll || !!ev.data.clearAll,
+        sensitiveParams: opts?.sensitiveParams
+      });
+      try {
+        ev.source?.postMessage({ type: "CLEAR_URL_TOKEN_ACK" }, ev.origin);
+      } catch {
+      }
+    } catch {
+    }
+  }
+  window.addEventListener("message", handler);
+  if (typeof opts?.autoRunMs === "number") {
+    setTimeout(() => removeSensitiveParamsFromUrl({ clearAll: opts.clearAll, sensitiveParams: opts.sensitiveParams }), opts.autoRunMs);
+  }
+}
+// src/services/index.ts
 var request = new request_default({
   baseURL: "https://create-x-backend.fly.dev/api",
   timeout: 6e4,
@@ -1112,6 +1197,19 @@ function createClient(opts) {
       if (tokenFromPostMessage) {
         token = tokenFromPostMessage;
         applyToken(token);
+        try {
+          const cfg = opts?.auth?.tokenInjection;
+          if (cfg && typeof window !== "undefined") {
+            const delay = cfg.clearUrlParamsAfterInjectionMs ?? 50;
+            setTimeout(() => {
+              removeSensitiveParamsFromUrl({
+                clearAll: cfg.clearAllUrlParams,
+                sensitiveParams: cfg.sensitiveParams
+              });
+            }, delay);
+          }
+        } catch {
+        }
         return;
       }
     }
@@ -1119,6 +1217,14 @@ function createClient(opts) {
   try {
     if (typeof window !== "undefined") {
       void initToken();
+      if (runtimeMode === "embedded" && opts?.auth?.tokenInjection) {
+        setupClearUrlTokenListener({
+          allowedOrigins: opts.auth.tokenInjection.allowedOrigins,
+          clearAll: opts.auth.tokenInjection.clearAllUrlParams,
+          sensitiveParams: opts.auth.tokenInjection.sensitiveParams,
+          autoRunMs: void 0
+        });
+      }
     }
   } catch (_e) {
   }
@@ -1168,6 +1274,13 @@ function createClient(opts) {
         token = null;
         applyToken(null);
       }
+    },
+    sanitizeUrl: (o) => {
+      if (typeof window === "undefined") return;
+      removeSensitiveParamsFromUrl({
+        clearAll: o?.clearAll,
+        sensitiveParams: o?.sensitiveParams
+      });
     }
   };
 }
@@ -1466,7 +1579,7 @@ var AuthProvider = ({ children, autoRedirect = true, showFloatingButton = true,
       setIsLoading(false);
       if (autoRedirect && !state.user) {
         try {
-          const root = getAuthRoot() || "http://localhost:3000";
+          const root = getAuthRoot();
           const authUrl = new URL("/auth", String(root));
           authUrl.searchParams.set("redirect_uri", window.location.href);
           const pid = getDefaultProjectId();