@insforge/sdk 1.2.6 → 1.2.8-dev.0

package/dist/index.mjs

@@ -284,6 +284,7 @@ var TokenManager = class {
 // src/lib/http-client.ts
 var RETRYABLE_STATUS_CODES = /* @__PURE__ */ new Set([500, 502, 503, 504]);
 var IDEMPOTENT_METHODS = /* @__PURE__ */ new Set(["GET", "HEAD", "PUT", "DELETE", "OPTIONS"]);
+var REFRESHABLE_AUTH_ERROR_CODE = "AUTH_UNAUTHORIZED";
 function serializeBody(method, body, headers) {
   if (body === void 0) return void 0;
   if (method === "GET" || method === "HEAD") return void 0;
@@ -338,12 +339,11 @@ var HttpClient = class {
    */
   constructor(config, tokenManager, logger) {
     this.userToken = null;
-    this.autoRefreshToken = true;
     this.isRefreshing = false;
     this.refreshPromise = null;
     this.refreshToken = null;
+    this.config = config;
     this.baseUrl = config.baseUrl || "http://localhost:7130";
-    this.autoRefreshToken = config.autoRefreshToken ?? true;
     this.fetch = config.fetch || (globalThis.fetch ? globalThis.fetch.bind(globalThis) : void 0);
     this.anonKey = config.anonKey;
     this.defaultHeaders = {
@@ -393,48 +393,19 @@ var HttpClient = class {
     const jitter = base * (0.85 + Math.random() * 0.3);
     return Math.round(jitter);
   }
-  /**
-   * Performs an HTTP request with automatic retry and timeout handling.
-   * Retries on network errors and 5xx server errors with exponential backoff.
-   * Client errors (4xx) and timeouts are thrown immediately without retry.
-   * @param method - HTTP method (GET, POST, PUT, PATCH, DELETE).
-   * @param path - API path relative to the base URL.
-   * @param options - Optional request configuration including headers, body, and query params.
-   * @returns Parsed response data.
-   * @throws {InsForgeError} On timeout, network failure, or HTTP error responses.
-   */
-  async handleRequest(method, path, options = {}) {
+  shouldRefreshAccessToken(statusCode, errorCode, options = {}) {
+    return statusCode === 401 && errorCode === REFRESHABLE_AUTH_ERROR_CODE && !(this.config.isServerMode ?? !!this.config.edgeFunctionToken) && !options.skipAuthRefresh && this.userToken !== null;
+  }
+  async fetchWithRetry(args) {
     const {
-      params,
-      headers = {},
+      method,
+      url,
+      headers,
       body,
-      signal: callerSignal,
-      ...fetchOptions
-    } = options;
-    const url = this.buildUrl(path, params);
-    const startTime = Date.now();
-    const canRetry = IDEMPOTENT_METHODS.has(method.toUpperCase()) || options.idempotent === true;
-    const maxAttempts = canRetry ? this.retryCount : 0;
-    const requestHeaders = {
-      ...this.defaultHeaders
-    };
-    const authToken = this.userToken || this.anonKey;
-    if (authToken) {
-      requestHeaders["Authorization"] = `Bearer ${authToken}`;
-    }
-    const processedBody = serializeBody(method, body, requestHeaders);
-    if (headers instanceof Headers) {
-      headers.forEach((value, key) => {
-        requestHeaders[key] = value;
-      });
-    } else if (Array.isArray(headers)) {
-      headers.forEach(([key, value]) => {
-        requestHeaders[key] = value;
-      });
-    } else {
-      Object.assign(requestHeaders, headers);
-    }
-    this.logger.logRequest(method, url, requestHeaders, processedBody);
+      fetchOptions,
+      callerSignal,
+      maxAttempts
+    } = args;
     let lastError;
     for (let attempt = 0; attempt <= maxAttempts; attempt++) {
       if (attempt > 0) {
@@ -486,8 +457,8 @@ var HttpClient = class {
       try {
         const response = await this.fetch(url, {
           method,
-          headers: requestHeaders,
-          body: processedBody,
+          headers,
+          body,
           ...fetchOptions,
           ...controller ? { signal: controller.signal } : {}
         });
@@ -501,31 +472,8 @@ var HttpClient = class {
           );
           continue;
         }
-        let data;
-        try {
-          data = await parseResponse(response);
-        } catch (err) {
-          if (timer !== void 0) clearTimeout(timer);
-          if (err instanceof InsForgeError) {
-            this.logger.logResponse(
-              method,
-              url,
-              err.statusCode || response.status,
-              Date.now() - startTime,
-              err
-            );
-          }
-          throw err;
-        }
         if (timer !== void 0) clearTimeout(timer);
-        this.logger.logResponse(
-          method,
-          url,
-          response.status,
-          Date.now() - startTime,
-          data
-        );
-        return data;
+        return response;
       } catch (err) {
         if (timer !== void 0) clearTimeout(timer);
         if (err?.name === "AbortError") {
@@ -538,9 +486,6 @@ var HttpClient = class {
           }
           throw err;
         }
-        if (err instanceof InsForgeError) {
-          throw err;
-        }
         if (attempt < maxAttempts) {
           lastError = err;
           continue;
@@ -558,33 +503,176 @@ var HttpClient = class {
       "NETWORK_ERROR"
     );
   }
+  /**
+   * Performs an HTTP request with automatic retry and timeout handling.
+   * Retries on network errors and 5xx server errors with exponential backoff.
+   * Client errors (4xx) and timeouts are thrown immediately without retry.
+   * @param method - HTTP method (GET, POST, PUT, PATCH, DELETE).
+   * @param path - API path relative to the base URL.
+   * @param options - Optional request configuration including headers, body, and query params.
+   * @returns Parsed response data.
+   * @throws {InsForgeError} On timeout, network failure, or HTTP error responses.
+   */
+  async handleRequest(method, path, options = {}) {
+    const {
+      params,
+      headers = {},
+      body,
+      skipAuthRefresh: _skipAuthRefresh,
+      signal: callerSignal,
+      ...fetchOptions
+    } = options;
+    const url = this.buildUrl(path, params);
+    const startTime = Date.now();
+    const canRetry = IDEMPOTENT_METHODS.has(method.toUpperCase()) || options.idempotent === true;
+    const maxAttempts = canRetry ? this.retryCount : 0;
+    const requestHeaders = {
+      ...this.defaultHeaders
+    };
+    const authToken = this.userToken || this.anonKey;
+    if (authToken) {
+      requestHeaders["Authorization"] = `Bearer ${authToken}`;
+    }
+    const processedBody = serializeBody(method, body, requestHeaders);
+    if (headers instanceof Headers) {
+      headers.forEach((value, key) => {
+        requestHeaders[key] = value;
+      });
+    } else if (Array.isArray(headers)) {
+      headers.forEach(([key, value]) => {
+        requestHeaders[key] = value;
+      });
+    } else {
+      Object.assign(requestHeaders, headers);
+    }
+    this.logger.logRequest(method, url, requestHeaders, processedBody);
+    const response = await this.fetchWithRetry({
+      method,
+      url,
+      headers: requestHeaders,
+      body: processedBody,
+      fetchOptions,
+      callerSignal,
+      maxAttempts
+    });
+    let data;
+    try {
+      data = await parseResponse(response);
+    } catch (err) {
+      if (err instanceof InsForgeError) {
+        this.logger.logResponse(
+          method,
+          url,
+          err.statusCode || response.status,
+          Date.now() - startTime,
+          err
+        );
+      }
+      throw err;
+    }
+    this.logger.logResponse(
+      method,
+      url,
+      response.status,
+      Date.now() - startTime,
+      data
+    );
+    return data;
+  }
   async request(method, path, options = {}) {
     try {
       return await this.handleRequest(method, path, { ...options });
     } catch (error) {
-      if (error instanceof InsForgeError && error.statusCode === 401 && error.error === "INVALID_TOKEN" && this.autoRefreshToken) {
+      if (error instanceof InsForgeError && this.shouldRefreshAccessToken(error.statusCode, error.error, options)) {
         try {
-          const newTokenData = await this.handleTokenRefresh();
-          this.setAuthToken(newTokenData.accessToken);
-          this.tokenManager.saveSession(newTokenData);
-          if (newTokenData.csrfToken) {
-            setCsrfToken(newTokenData.csrfToken);
-          }
-          if (newTokenData.refreshToken) {
-            this.setRefreshToken(newTokenData.refreshToken);
-          }
-          return await this.handleRequest(method, path, { ...options });
+          await this.refreshAndSaveSession();
         } catch (error2) {
-          this.tokenManager.clearSession();
-          this.userToken = null;
-          this.refreshToken = null;
-          clearCsrfToken();
+          this.clearAuthSession();
           throw error2;
         }
+        return await this.handleRequest(method, path, { ...options });
       }
       throw error;
     }
   }
+  /**
+   * Performs an SDK-configured fetch and returns the raw Response.
+   * This is used by clients such as postgrest-js that need to own response
+   * parsing while still sharing SDK auth and refresh behavior.
+   */
+  async rawFetch(input, init, options = {}) {
+    const request = typeof Request !== "undefined" && input instanceof Request ? input : void 0;
+    const {
+      method: initMethod,
+      headers: initHeaders,
+      body: initBody,
+      signal: initSignal,
+      ...fetchOptions
+    } = init ?? {};
+    const method = initMethod ?? request?.method ?? "GET";
+    const url = request?.url ?? input.toString();
+    const startTime = Date.now();
+    const headers = new Headers(this.getHeaders());
+    request?.headers.forEach((value, key) => {
+      headers.set(key, value);
+    });
+    new Headers(initHeaders).forEach((value, key) => {
+      headers.set(key, value);
+    });
+    const requestHeaders = {};
+    headers.forEach((value, key) => {
+      requestHeaders[key] = value;
+    });
+    const body = initBody ?? request?.body ?? void 0;
+    const callerSignal = initSignal ?? request?.signal;
+    const maxAttempts = IDEMPOTENT_METHODS.has(method.toUpperCase()) ? this.retryCount : 0;
+    this.logger.logRequest(method, url, requestHeaders, body);
+    const response = await this.fetchWithRetry({
+      method,
+      url,
+      headers: requestHeaders,
+      body,
+      fetchOptions,
+      callerSignal,
+      maxAttempts
+    });
+    this.logger.logResponse(
+      method,
+      url,
+      response.status,
+      Date.now() - startTime
+    );
+    let errorCode = null;
+    if (response.status === 401) {
+      try {
+        const data = await response.clone().json();
+        if (data && typeof data === "object") {
+          const candidate = data.error ?? data.code;
+          if (typeof candidate === "string") {
+            errorCode = candidate;
+          }
+        }
+      } catch {
+      }
+    }
+    if (!this.shouldRefreshAccessToken(response.status, errorCode, options)) {
+      return response;
+    }
+    let newTokenData;
+    try {
+      newTokenData = await this.refreshAndSaveSession();
+    } catch (error) {
+      this.clearAuthSession();
+      throw error;
+    }
+    const retryHeaders = new Headers(initHeaders);
+    retryHeaders.set("Authorization", `Bearer ${newTokenData.accessToken}`);
+    return await this.rawFetch(
+      input,
+      { ...init, headers: retryHeaders },
+      { skipAuthRefresh: true }
+    );
+  }
   /** Performs a GET request. */
   get(path, options) {
     return this.request("GET", path, options);
@@ -621,7 +709,7 @@ var HttpClient = class {
     }
     return headers;
   }
-  async handleTokenRefresh() {
+  async refreshAccessToken() {
     if (this.isRefreshing) {
       return this.refreshPromise;
     }
@@ -632,7 +720,7 @@ var HttpClient = class {
         const body = this.refreshToken ? { refreshToken: this.refreshToken } : void 0;
         const response = await this.handleRequest(
           "POST",
-          "/api/auth/sessions/current",
+          this.refreshToken ? "/api/auth/refresh?client_type=mobile" : "/api/auth/refresh",
           {
             body,
             headers: csrfToken ? { "X-CSRF-Token": csrfToken } : {},
@@ -647,6 +735,24 @@ var HttpClient = class {
     })();
     return this.refreshPromise;
   }
+  async refreshAndSaveSession() {
+    const newTokenData = await this.refreshAccessToken();
+    this.setAuthToken(newTokenData.accessToken);
+    this.tokenManager.saveSession(newTokenData);
+    if (newTokenData.csrfToken) {
+      setCsrfToken(newTokenData.csrfToken);
+    }
+    if (newTokenData.refreshToken) {
+      this.setRefreshToken(newTokenData.refreshToken);
+    }
+    return newTokenData;
+  }
+  clearAuthSession() {
+    this.tokenManager.clearSession();
+    this.userToken = null;
+    this.refreshToken = null;
+    clearCsrfToken();
+  }
 };
 
 // src/modules/auth/helpers.ts
@@ -775,7 +881,7 @@ var Auth = class {
       const response = await this.http.post(
         this.isServerMode() ? "/api/auth/users?client_type=mobile" : "/api/auth/users",
         request,
-        { credentials: "include" }
+        { credentials: "include", skipAuthRefresh: true }
       );
       if (response.accessToken && response.user) {
         this.saveSessionFromResponse(response);
@@ -793,7 +899,7 @@ var Auth = class {
       const response = await this.http.post(
         this.isServerMode() ? "/api/auth/sessions?client_type=mobile" : "/api/auth/sessions",
         request,
-        { credentials: "include" }
+        { credentials: "include", skipAuthRefresh: true }
       );
       this.saveSessionFromResponse(response);
       if (response.refreshToken) {
@@ -810,7 +916,7 @@ var Auth = class {
         await this.http.post(
           this.isServerMode() ? "/api/auth/logout?client_type=mobile" : "/api/auth/logout",
           void 0,
-          { credentials: "include" }
+          { credentials: "include", skipAuthRefresh: true }
         );
       } catch {
       }
@@ -847,7 +953,8 @@ var Auth = class {
       );
       const oauthPath = isBuiltInProvider ? `/api/auth/oauth/${providerKey}` : `/api/auth/oauth/custom/${providerKey}`;
       const response = await this.http.get(oauthPath, {
-        params
+        params,
+        skipAuthRefresh: true
       });
       if (!this.isServerMode() && typeof window !== "undefined" && !skipBrowserRedirect) {
         window.location.href = response.authUrl;
@@ -895,7 +1002,7 @@ var Auth = class {
       const response = await this.http.post(
         this.isServerMode() ? "/api/auth/oauth/exchange?client_type=mobile" : "/api/auth/oauth/exchange",
         request,
-        { credentials: "include" }
+        { credentials: "include", skipAuthRefresh: true }
       );
       this.saveSessionFromResponse(response);
       return {
@@ -922,7 +1029,7 @@ var Auth = class {
       const response = await this.http.post(
         "/api/auth/id-token?client_type=mobile",
         { provider, token },
-        { credentials: "include" }
+        { credentials: "include", skipAuthRefresh: true }
       );
       this.saveSessionFromResponse(response);
       if (response.refreshToken) {
@@ -969,7 +1076,8 @@ var Auth = class {
         this.isServerMode() ? { refresh_token: options?.refreshToken } : void 0,
         {
           headers: csrfToken ? { "X-CSRF-Token": csrfToken } : {},
-          credentials: "include"
+          credentials: "include",
+          skipAuthRefresh: true
         }
       );
       if (response.accessToken) {
@@ -1072,7 +1180,9 @@ var Auth = class {
   // ============================================================================
   async resendVerificationEmail(request) {
     try {
-      const response = await this.http.post("/api/auth/email/send-verification", request);
+      const response = await this.http.post("/api/auth/email/send-verification", request, {
+        skipAuthRefresh: true
+      });
       return { data: response, error: null };
     } catch (error) {
       return wrapError(
@@ -1086,7 +1196,7 @@ var Auth = class {
       const response = await this.http.post(
         this.isServerMode() ? "/api/auth/email/verify?client_type=mobile" : "/api/auth/email/verify",
         request,
-        { credentials: "include" }
+        { credentials: "include", skipAuthRefresh: true }
       );
       this.saveSessionFromResponse(response);
       if (response.refreshToken) {
@@ -1105,7 +1215,9 @@ var Auth = class {
   // ============================================================================
   async sendResetPasswordEmail(request) {
     try {
-      const response = await this.http.post("/api/auth/email/send-reset-password", request);
+      const response = await this.http.post("/api/auth/email/send-reset-password", request, {
+        skipAuthRefresh: true
+      });
       return { data: response, error: null };
     } catch (error) {
       return wrapError(
@@ -1118,7 +1230,8 @@ var Auth = class {
     try {
       const response = await this.http.post(
         "/api/auth/email/exchange-reset-password-token",
-        request
+        request,
+        { skipAuthRefresh: true }
       );
       return { data: response, error: null };
     } catch (error) {
@@ -1132,7 +1245,8 @@ var Auth = class {
     try {
       const response = await this.http.post(
         "/api/auth/email/reset-password",
-        request
+        request,
+        { skipAuthRefresh: true }
       );
       return { data: response, error: null };
     } catch (error) {
@@ -1148,7 +1262,8 @@ var Auth = class {
   async getPublicAuthConfig() {
     try {
       const response = await this.http.get(
-        "/api/auth/public-config"
+        "/api/auth/public-config",
+        { skipAuthRefresh: true }
       );
       return { data: response, error: null };
     } catch (error) {
@@ -1162,7 +1277,7 @@ var Auth = class {
 
 // src/modules/database-postgrest.ts
 import { PostgrestClient } from "@supabase/postgrest-js";
-function createInsForgePostgrestFetch(httpClient, tokenManager) {
+function createInsForgePostgrestFetch(httpClient) {
   return async (input, init) => {
     const url = typeof input === "string" ? input : input.toString();
     const urlObj = new URL(url);
@@ -1170,14 +1285,11 @@ function createInsForgePostgrestFetch(httpClient, tokenManager) {
     const rpcMatch = pathname.match(/^rpc\/(.+)$/);
     const endpoint = rpcMatch ? `/api/database/rpc/${rpcMatch[1]}` : `/api/database/records/${pathname}`;
     const insforgeUrl = `${httpClient.baseUrl}${endpoint}${urlObj.search}`;
-    const token = tokenManager.getAccessToken();
-    const httpHeaders = httpClient.getHeaders();
-    const authToken = token || httpHeaders["Authorization"]?.replace("Bearer ", "");
-    const headers = new Headers(init?.headers);
-    if (authToken && !headers.has("Authorization")) {
-      headers.set("Authorization", `Bearer ${authToken}`);
-    }
-    const response = await fetch(insforgeUrl, {
+    const headers = new Headers(httpClient.getHeaders());
+    new Headers(init?.headers).forEach((value, key) => {
+      headers.set(key, value);
+    });
+    const response = await httpClient.rawFetch(insforgeUrl, {
       ...init,
       headers
     });
@@ -1185,42 +1297,42 @@ function createInsForgePostgrestFetch(httpClient, tokenManager) {
   };
 }
 var Database = class {
-  constructor(httpClient, tokenManager) {
+  constructor(httpClient) {
     this.postgrest = new PostgrestClient("http://dummy", {
-      fetch: createInsForgePostgrestFetch(httpClient, tokenManager),
+      fetch: createInsForgePostgrestFetch(httpClient),
       headers: {}
     });
   }
   /**
    * Create a query builder for a table
-   * 
+   *
    * @example
    * // Basic query
    * const { data, error } = await client.database
    *   .from('posts')
    *   .select('*')
    *   .eq('user_id', userId);
-   * 
+   *
    * // With count (Supabase style!)
    * const { data, error, count } = await client.database
    *   .from('posts')
    *   .select('*', { count: 'exact' })
    *   .range(0, 9);
-   * 
+   *
    * // Just get count, no data
    * const { count } = await client.database
    *   .from('posts')
    *   .select('*', { count: 'exact', head: true });
-   * 
+   *
    * // Complex queries with OR
    * const { data } = await client.database
    *   .from('posts')
    *   .select('*, users!inner(*)')
    *   .or('status.eq.active,status.eq.pending');
-   * 
+   *
    * // All features work:
    * - Nested selects
-   * - Foreign key expansion  
+   * - Foreign key expansion
    * - OR/AND/NOT conditions
    * - Count with head
    * - Range pagination
@@ -2261,8 +2373,7 @@ var Payments = class {
    *
    * @example
    * ```typescript
-   * const { data, error } = await client.payments.createCheckoutSession({
-   *   environment: 'test',
+   * const { data, error } = await client.payments.createCheckoutSession('test', {
    *   mode: 'payment',
    *   lineItems: [{ stripePriceId: 'price_123', quantity: 1 }],
    *   successUrl: `${window.location.origin}/success`,
@@ -2274,10 +2385,10 @@ var Payments = class {
    * }
    * ```
    */
-  async createCheckoutSession(request) {
+  async createCheckoutSession(environment, request) {
     try {
       const data = await this.http.post(
-        "/api/payments/checkout-sessions",
+        `/api/payments/${encodeURIComponent(environment)}/checkout-sessions`,
         request,
         { idempotent: !!request.idempotencyKey }
       );
@@ -2292,10 +2403,10 @@ var Payments = class {
   /**
    * Create a Stripe Billing Portal Session for a mapped billing subject.
    */
-  async createCustomerPortalSession(request) {
+  async createCustomerPortalSession(environment, request) {
     try {
       const data = await this.http.post(
-        "/api/payments/customer-portal-sessions",
+        `/api/payments/${encodeURIComponent(environment)}/customer-portal-sessions`,
         request
       );
       return { data, error: null };
@@ -2321,7 +2432,7 @@ var InsForgeClient = class {
     this.auth = new Auth(this.http, this.tokenManager, {
       isServerMode: config.isServerMode ?? !!config.edgeFunctionToken
     });
-    this.database = new Database(this.http, this.tokenManager);
+    this.database = new Database(this.http);
     this.storage = new Storage(this.http);
     this.ai = new AI(this.http);
     this.functions = new Functions(this.http, config.functionsUrl);
@@ -2345,6 +2456,37 @@ var InsForgeClient = class {
   getHttpClient() {
     return this.http;
   }
+  /**
+   * Set the access token used by every SDK surface. Updates both the HTTP
+   * client (database / storage / functions / AI / emails) and the realtime
+   * token manager (which fires `onTokenChange` to reconnect the WebSocket
+   * with the new bearer). Pass `null` to clear.
+   *
+   * Use this when an external auth provider (Better Auth, Clerk, Auth0,
+   * WorkOS, Kinde, Stytch, …) issues the JWT and you need to keep the
+   * long-lived InsForge client in sync. Without this, you'd have to call
+   * `client.getHttpClient().setAuthToken(token)` AND reach into the private
+   * `client.realtime.tokenManager.setAccessToken(token)` separately —
+   * forgetting the second one silently breaks realtime auth.
+   *
+   * @example
+   * ```typescript
+   * // Refresh a third-party-issued JWT periodically
+   * const { token } = await fetch('/api/insforge-token').then((r) => r.json());
+   * client.setAccessToken(token);
+   *
+   * // Sign-out
+   * client.setAccessToken(null);
+   * ```
+   */
+  setAccessToken(token) {
+    this.http.setAuthToken(token);
+    if (token === null) {
+      this.tokenManager.clearSession();
+    } else {
+      this.tokenManager.setAccessToken(token);
+    }
+  }
   /**
    * Future modules will be added here:
    * - database: Database operations