@howone/sdk 0.1.9 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +7 -0
  2. package/dist/index.d.ts +7 -0
  3. package/dist/index.js +134 -5
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +134 -5
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -238,14 +238,14 @@ var FloatingButton = ({
238
238
  fontWeight: "bold",
239
239
  bottom: "28px"
240
240
  },
241
- children: /* @__PURE__ */ jsxs("div", { className: "flex items-center gap-2", children: [
241
+ children: /* @__PURE__ */ jsxs("div", { className: "flex items-center gap-2", style: { cursor: "pointer" }, children: [
242
242
  /* @__PURE__ */ jsx("img", { width: 20, className: "pointer-events-auto", src: "https://sxwxqoixnnklnpeutjrj.supabase.co/storage/v1/object/public/create-x/logo/logo-sm.svg", alt: "" }),
243
243
  text,
244
244
  /* @__PURE__ */ jsx(Icon, { icon: "mdi:close", onClick: (e) => {
245
245
  e.stopPropagation();
246
246
  const btn = document.getElementById("floating-howone-btn");
247
247
  if (btn) btn.style.display = "none";
248
- }, className: "w-5 h-5 font-bold pointer-events-auto", style: { cursor: "pointer" } })
248
+ }, className: "w-5 h-5 font-bold pointer-events-auto" })
249
249
  ] })
250
250
  }
251
251
  );
@@ -907,6 +907,91 @@ init_auth();
907
907
  init_config();
908
908
  init_config();
909
909
  init_auth();
910
+
911
+ // src/utils/urlSanitizer.ts
912
+ var DEFAULT_SENSITIVE = ["token", "access_token", "auth", "auth_token"];
913
+ function removeSensitiveParamsFromUrl(opts) {
914
+ if (typeof window === "undefined") return;
915
+ try {
916
+ const { clearAll, sensitiveParams, includeHash = true, onChanged } = opts || {};
917
+ const sens = (sensitiveParams && sensitiveParams.length > 0 ? sensitiveParams : DEFAULT_SENSITIVE).map((s) => s.toLowerCase());
918
+ const before = window.location.href;
919
+ const url = new URL(before);
920
+ if (clearAll) {
921
+ url.search = "";
922
+ } else if (url.search) {
923
+ let changed = false;
924
+ for (const [k] of url.searchParams) {
925
+ if (sens.includes(k.toLowerCase())) {
926
+ url.searchParams.delete(k);
927
+ changed = true;
928
+ }
929
+ }
930
+ if (changed) {
931
+ const qs = url.searchParams.toString();
932
+ url.search = qs ? `?${qs}` : "";
933
+ }
934
+ }
935
+ if (includeHash && url.hash) {
936
+ const raw = url.hash.slice(1);
937
+ if (raw.includes("=")) {
938
+ const hp = new URLSearchParams(raw);
939
+ let changed = false;
940
+ for (const [k] of hp) {
941
+ if (clearAll || sens.includes(k.toLowerCase())) {
942
+ hp.delete(k);
943
+ changed = true;
944
+ }
945
+ }
946
+ if (changed) {
947
+ const hs = hp.toString();
948
+ url.hash = hs ? `#${hs}` : "";
949
+ }
950
+ } else {
951
+ if (!clearAll && sens.some((p) => raw.toLowerCase().startsWith(p))) {
952
+ url.hash = "";
953
+ } else if (clearAll) {
954
+ url.hash = "";
955
+ }
956
+ }
957
+ }
958
+ const next = url.pathname + url.search + url.hash;
959
+ if (next !== window.location.pathname + window.location.search + window.location.hash) {
960
+ window.history.replaceState(window.history.state, document.title, next);
961
+ onChanged && onChanged(next);
962
+ }
963
+ } catch (e) {
964
+ console.warn("[howone][urlSanitizer] failed", e);
965
+ }
966
+ }
967
+ function setupClearUrlTokenListener(opts) {
968
+ if (typeof window === "undefined") return;
969
+ if (window.__howone_url_sanitize_registered) return;
970
+ window.__howone_url_sanitize_registered = true;
971
+ const allowed = opts?.allowedOrigins || [];
972
+ function handler(ev) {
973
+ try {
974
+ if (!ev.data || typeof ev.data !== "object") return;
975
+ if (ev.data.type !== "CLEAR_URL_TOKEN") return;
976
+ if (allowed.length > 0 && !allowed.includes(ev.origin)) return;
977
+ removeSensitiveParamsFromUrl({
978
+ clearAll: opts?.clearAll || !!ev.data.clearAll,
979
+ sensitiveParams: opts?.sensitiveParams
980
+ });
981
+ try {
982
+ ev.source?.postMessage({ type: "CLEAR_URL_TOKEN_ACK" }, ev.origin);
983
+ } catch {
984
+ }
985
+ } catch {
986
+ }
987
+ }
988
+ window.addEventListener("message", handler);
989
+ if (typeof opts?.autoRunMs === "number") {
990
+ setTimeout(() => removeSensitiveParamsFromUrl({ clearAll: opts.clearAll, sensitiveParams: opts.sensitiveParams }), opts.autoRunMs);
991
+ }
992
+ }
993
+
994
+ // src/services/index.ts
910
995
  var request = new request_default({
911
996
  baseURL: "https://create-x-backend.fly.dev/api",
912
997
  timeout: 6e4,
@@ -979,8 +1064,24 @@ function wrapRequestWithProjectPrefix(biz, projectId) {
979
1064
  return wrapped;
980
1065
  }
981
1066
  function createClient(opts) {
982
- const biz = opts?.requestInstance || request;
983
- const ai = opts?.aiRequestInstance || aiRequest;
1067
+ function makeRequestFromBase(base) {
1068
+ if (!base) return void 0;
1069
+ return new request_default({
1070
+ baseURL: base,
1071
+ timeout: 6e4,
1072
+ interceptors: {
1073
+ requestInterceptor: (config) => {
1074
+ config.headers = config.headers || {};
1075
+ return config;
1076
+ },
1077
+ requestInterceptorCatch: (err) => Promise.reject(err),
1078
+ responseInterceptor: (res) => res,
1079
+ responseInterceptorCatch: (err) => Promise.reject(err)
1080
+ }
1081
+ });
1082
+ }
1083
+ const biz = opts?.requestInstance || makeRequestFromBase(opts?.baseUrl) || request;
1084
+ const ai = opts?.aiRequestInstance || makeRequestFromBase(opts?.aiBaseUrl) || aiRequest;
984
1085
  const bizWrapped = wrapRequestWithProjectPrefix(biz, opts?.projectId);
985
1086
  let token = null;
986
1087
  try {
@@ -1057,6 +1158,19 @@ function createClient(opts) {
1057
1158
  if (tokenFromPostMessage) {
1058
1159
  token = tokenFromPostMessage;
1059
1160
  applyToken(token);
1161
+ try {
1162
+ const cfg = opts?.auth?.tokenInjection;
1163
+ if (cfg && typeof window !== "undefined") {
1164
+ const delay = cfg.clearUrlParamsAfterInjectionMs ?? 50;
1165
+ setTimeout(() => {
1166
+ removeSensitiveParamsFromUrl({
1167
+ clearAll: cfg.clearAllUrlParams,
1168
+ sensitiveParams: cfg.sensitiveParams
1169
+ });
1170
+ }, delay);
1171
+ }
1172
+ } catch {
1173
+ }
1060
1174
  return;
1061
1175
  }
1062
1176
  }
@@ -1064,6 +1178,14 @@ function createClient(opts) {
1064
1178
  try {
1065
1179
  if (typeof window !== "undefined") {
1066
1180
  void initToken();
1181
+ if (runtimeMode === "embedded" && opts?.auth?.tokenInjection) {
1182
+ setupClearUrlTokenListener({
1183
+ allowedOrigins: opts.auth.tokenInjection.allowedOrigins,
1184
+ clearAll: opts.auth.tokenInjection.clearAllUrlParams,
1185
+ sensitiveParams: opts.auth.tokenInjection.sensitiveParams,
1186
+ autoRunMs: void 0
1187
+ });
1188
+ }
1067
1189
  }
1068
1190
  } catch (_e) {
1069
1191
  }
@@ -1113,6 +1235,13 @@ function createClient(opts) {
1113
1235
  token = null;
1114
1236
  applyToken(null);
1115
1237
  }
1238
+ },
1239
+ sanitizeUrl: (o) => {
1240
+ if (typeof window === "undefined") return;
1241
+ removeSensitiveParamsFromUrl({
1242
+ clearAll: o?.clearAll,
1243
+ sensitiveParams: o?.sensitiveParams
1244
+ });
1116
1245
  }
1117
1246
  };
1118
1247
  }
@@ -1411,7 +1540,7 @@ var AuthProvider = ({ children, autoRedirect = true, showFloatingButton = true,
1411
1540
  setIsLoading(false);
1412
1541
  if (autoRedirect && !state.user) {
1413
1542
  try {
1414
- const root = getAuthRoot() || "http://localhost:3000";
1543
+ const root = getAuthRoot();
1415
1544
  const authUrl = new URL("/auth", String(root));
1416
1545
  authUrl.searchParams.set("redirect_uri", window.location.href);
1417
1546
  const pid = getDefaultProjectId();