@howone/sdk 0.1.9 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +7 -0
  2. package/dist/index.d.ts +7 -0
  3. package/dist/index.js +116 -3
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +116 -3
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -238,14 +238,14 @@ var FloatingButton = ({
238
238
  fontWeight: "bold",
239
239
  bottom: "28px"
240
240
  },
241
- children: /* @__PURE__ */ jsxs("div", { className: "flex items-center gap-2", children: [
241
+ children: /* @__PURE__ */ jsxs("div", { className: "flex items-center gap-2", style: { cursor: "pointer" }, children: [
242
242
  /* @__PURE__ */ jsx("img", { width: 20, className: "pointer-events-auto", src: "https://sxwxqoixnnklnpeutjrj.supabase.co/storage/v1/object/public/create-x/logo/logo-sm.svg", alt: "" }),
243
243
  text,
244
244
  /* @__PURE__ */ jsx(Icon, { icon: "mdi:close", onClick: (e) => {
245
245
  e.stopPropagation();
246
246
  const btn = document.getElementById("floating-howone-btn");
247
247
  if (btn) btn.style.display = "none";
248
- }, className: "w-5 h-5 font-bold pointer-events-auto", style: { cursor: "pointer" } })
248
+ }, className: "w-5 h-5 font-bold pointer-events-auto" })
249
249
  ] })
250
250
  }
251
251
  );
@@ -907,6 +907,91 @@ init_auth();
907
907
  init_config();
908
908
  init_config();
909
909
  init_auth();
910
+
911
+ // src/utils/urlSanitizer.ts
912
+ var DEFAULT_SENSITIVE = ["token", "access_token", "auth", "auth_token"];
913
+ function removeSensitiveParamsFromUrl(opts) {
914
+ if (typeof window === "undefined") return;
915
+ try {
916
+ const { clearAll, sensitiveParams, includeHash = true, onChanged } = opts || {};
917
+ const sens = (sensitiveParams && sensitiveParams.length > 0 ? sensitiveParams : DEFAULT_SENSITIVE).map((s) => s.toLowerCase());
918
+ const before = window.location.href;
919
+ const url = new URL(before);
920
+ if (clearAll) {
921
+ url.search = "";
922
+ } else if (url.search) {
923
+ let changed = false;
924
+ for (const [k] of url.searchParams) {
925
+ if (sens.includes(k.toLowerCase())) {
926
+ url.searchParams.delete(k);
927
+ changed = true;
928
+ }
929
+ }
930
+ if (changed) {
931
+ const qs = url.searchParams.toString();
932
+ url.search = qs ? `?${qs}` : "";
933
+ }
934
+ }
935
+ if (includeHash && url.hash) {
936
+ const raw = url.hash.slice(1);
937
+ if (raw.includes("=")) {
938
+ const hp = new URLSearchParams(raw);
939
+ let changed = false;
940
+ for (const [k] of hp) {
941
+ if (clearAll || sens.includes(k.toLowerCase())) {
942
+ hp.delete(k);
943
+ changed = true;
944
+ }
945
+ }
946
+ if (changed) {
947
+ const hs = hp.toString();
948
+ url.hash = hs ? `#${hs}` : "";
949
+ }
950
+ } else {
951
+ if (!clearAll && sens.some((p) => raw.toLowerCase().startsWith(p))) {
952
+ url.hash = "";
953
+ } else if (clearAll) {
954
+ url.hash = "";
955
+ }
956
+ }
957
+ }
958
+ const next = url.pathname + url.search + url.hash;
959
+ if (next !== window.location.pathname + window.location.search + window.location.hash) {
960
+ window.history.replaceState(window.history.state, document.title, next);
961
+ onChanged && onChanged(next);
962
+ }
963
+ } catch (e) {
964
+ console.warn("[howone][urlSanitizer] failed", e);
965
+ }
966
+ }
967
+ function setupClearUrlTokenListener(opts) {
968
+ if (typeof window === "undefined") return;
969
+ if (window.__howone_url_sanitize_registered) return;
970
+ window.__howone_url_sanitize_registered = true;
971
+ const allowed = opts?.allowedOrigins || [];
972
+ function handler(ev) {
973
+ try {
974
+ if (!ev.data || typeof ev.data !== "object") return;
975
+ if (ev.data.type !== "CLEAR_URL_TOKEN") return;
976
+ if (allowed.length > 0 && !allowed.includes(ev.origin)) return;
977
+ removeSensitiveParamsFromUrl({
978
+ clearAll: opts?.clearAll || !!ev.data.clearAll,
979
+ sensitiveParams: opts?.sensitiveParams
980
+ });
981
+ try {
982
+ ev.source?.postMessage({ type: "CLEAR_URL_TOKEN_ACK" }, ev.origin);
983
+ } catch {
984
+ }
985
+ } catch {
986
+ }
987
+ }
988
+ window.addEventListener("message", handler);
989
+ if (typeof opts?.autoRunMs === "number") {
990
+ setTimeout(() => removeSensitiveParamsFromUrl({ clearAll: opts.clearAll, sensitiveParams: opts.sensitiveParams }), opts.autoRunMs);
991
+ }
992
+ }
993
+
994
+ // src/services/index.ts
910
995
  var request = new request_default({
911
996
  baseURL: "https://create-x-backend.fly.dev/api",
912
997
  timeout: 6e4,
@@ -1057,6 +1142,19 @@ function createClient(opts) {
1057
1142
  if (tokenFromPostMessage) {
1058
1143
  token = tokenFromPostMessage;
1059
1144
  applyToken(token);
1145
+ try {
1146
+ const cfg = opts?.auth?.tokenInjection;
1147
+ if (cfg && typeof window !== "undefined") {
1148
+ const delay = cfg.clearUrlParamsAfterInjectionMs ?? 50;
1149
+ setTimeout(() => {
1150
+ removeSensitiveParamsFromUrl({
1151
+ clearAll: cfg.clearAllUrlParams,
1152
+ sensitiveParams: cfg.sensitiveParams
1153
+ });
1154
+ }, delay);
1155
+ }
1156
+ } catch {
1157
+ }
1060
1158
  return;
1061
1159
  }
1062
1160
  }
@@ -1064,6 +1162,14 @@ function createClient(opts) {
1064
1162
  try {
1065
1163
  if (typeof window !== "undefined") {
1066
1164
  void initToken();
1165
+ if (runtimeMode === "embedded" && opts?.auth?.tokenInjection) {
1166
+ setupClearUrlTokenListener({
1167
+ allowedOrigins: opts.auth.tokenInjection.allowedOrigins,
1168
+ clearAll: opts.auth.tokenInjection.clearAllUrlParams,
1169
+ sensitiveParams: opts.auth.tokenInjection.sensitiveParams,
1170
+ autoRunMs: void 0
1171
+ });
1172
+ }
1067
1173
  }
1068
1174
  } catch (_e) {
1069
1175
  }
@@ -1113,6 +1219,13 @@ function createClient(opts) {
1113
1219
  token = null;
1114
1220
  applyToken(null);
1115
1221
  }
1222
+ },
1223
+ sanitizeUrl: (o) => {
1224
+ if (typeof window === "undefined") return;
1225
+ removeSensitiveParamsFromUrl({
1226
+ clearAll: o?.clearAll,
1227
+ sensitiveParams: o?.sensitiveParams
1228
+ });
1116
1229
  }
1117
1230
  };
1118
1231
  }
@@ -1411,7 +1524,7 @@ var AuthProvider = ({ children, autoRedirect = true, showFloatingButton = true,
1411
1524
  setIsLoading(false);
1412
1525
  if (autoRedirect && !state.user) {
1413
1526
  try {
1414
- const root = getAuthRoot() || "http://localhost:3000";
1527
+ const root = getAuthRoot();
1415
1528
  const authUrl = new URL("/auth", String(root));
1416
1529
  authUrl.searchParams.set("redirect_uri", window.location.href);
1417
1530
  const pid = getDefaultProjectId();