@insforge/sdk 1.3.2-razorpay.1 → 1.4.1

package/dist/ssr.mjs

@@ -397,7 +397,7 @@ var HttpClient = class {
     return Math.round(jitter);
   }
   shouldRefreshAccessToken(statusCode, errorCode, authToken, options = {}) {
-    return statusCode === 401 && REFRESHABLE_AUTH_ERROR_CODES.has(errorCode ?? "") && !this.config.isServerMode && !this.config.edgeFunctionToken && !options.skipAuthRefresh && authToken !== null;
+    return statusCode === 401 && REFRESHABLE_AUTH_ERROR_CODES.has(errorCode ?? "") && !this.config.isServerMode && !this.config.accessToken && !this.config.edgeFunctionToken && !options.skipAuthRefresh && authToken !== null;
   }
   async fetchWithRetry(args) {
     const {
@@ -1609,7 +1609,7 @@ var StorageBucket = class {
           size: file.size,
           mimeType: file.type || "application/octet-stream",
           uploadedAt: (/* @__PURE__ */ new Date()).toISOString(),
-          url: this.getPublicUrl(strategy.key)
+          url: this.getPublicUrl(strategy.key).data.publicUrl
         },
         error: null
       };
@@ -1681,11 +1681,101 @@ var StorageBucket = class {
     }
   }
   /**
-   * Get public URL for a file
+   * Get the public URL for an object in a public bucket.
+   *
+   * Pure string construction — no network call, no auth. The URL only resolves
+   * if the bucket is public; for private objects use {@link createSignedUrl}.
+   *
    * @param path - The object key/path
+   * @returns `{ data: { publicUrl }, error }` — matches the external SDK pattern,
+   *   so `const { data } = getPublicUrl(path)` then `data.publicUrl`.
    */
   getPublicUrl(path) {
-    return `${this.http.baseUrl}/api/storage/buckets/${this.bucketName}/objects/${encodeURIComponent(path)}`;
+    const publicUrl = `${this.http.baseUrl}/api/storage/buckets/${this.bucketName}/objects/${encodeURIComponent(path)}`;
+    return { data: { publicUrl }, error: null };
+  }
+  /**
+   * Resolve a download strategy (signed or direct URL) for an object with a
+   * caller-supplied TTL. Prefers the canonical GET route and falls back to the
+   * legacy POST alias so signed-URL creation still works against older backends
+   * that predate the GET route (they return 404/405 for it). A genuine
+   * "object not found" (STORAGE_NOT_FOUND) is not retried.
+   */
+  async requestDownloadStrategy(path, expiresIn) {
+    const encoded = encodeURIComponent(path);
+    try {
+      return await this.http.get(
+        `/api/storage/buckets/${this.bucketName}/download-strategy/objects/${encoded}`,
+        { params: { expiresIn: expiresIn.toString() } }
+      );
+    } catch (error) {
+      const status = error instanceof InsForgeError ? error.statusCode : void 0;
+      const isMissingRoute = (status === 404 || status === 405) && !(error instanceof InsForgeError && error.error === "STORAGE_NOT_FOUND");
+      if (!isMissingRoute) throw error;
+      return await this.http.post(
+        `/api/storage/buckets/${this.bucketName}/objects/${encoded}/download-strategy`,
+        { expiresIn }
+      );
+    }
+  }
+  /**
+   * Create a signed URL for an object.
+   *
+   * Returns a time-limited, credential-free URL that can be handed directly to
+   * a browser (`<img src>`), an email, or a third party — no SDK or session is
+   * needed to fetch it. Authorization is enforced when the URL is minted (the
+   * caller must be allowed to read the object), so the resulting link is a
+   * pre-authorized capability scoped to this one object until it expires.
+   *
+   * @param path - The object key/path
+   * @param expiresIn - Lifetime in seconds (default 3600 = 1h, max 604800 = 7d).
+   *   Honored for private buckets; public buckets return their long-lived URL.
+   */
+  async createSignedUrl(path, expiresIn = 3600) {
+    try {
+      const strategy = await this.requestDownloadStrategy(path, expiresIn);
+      return {
+        data: {
+          signedUrl: strategy.url,
+          expiresAt: strategy.expiresAt ? new Date(strategy.expiresAt).toISOString() : null
+        },
+        error: null
+      };
+    } catch (error) {
+      return {
+        data: null,
+        error: error instanceof InsForgeError ? error : new InsForgeError("Failed to create signed URL", 500, "STORAGE_ERROR")
+      };
+    }
+  }
+  /**
+   * Create signed URLs for multiple objects in a single call.
+   *
+   * Each entry resolves independently: a failure on one key (not found / not
+   * permitted) is reported on that entry's `error` without failing the rest.
+   *
+   * @param paths - The object keys/paths
+   * @param expiresIn - Lifetime in seconds (default 3600 = 1h, max 604800 = 7d)
+   */
+  async createSignedUrls(paths, expiresIn = 3600) {
+    try {
+      const data = await Promise.all(
+        paths.map(async (path) => {
+          const { data: signed, error } = await this.createSignedUrl(path, expiresIn);
+          return {
+            path,
+            signedUrl: signed?.signedUrl ?? null,
+            error: error ? error.message : null
+          };
+        })
+      );
+      return { data, error: null };
+    } catch (error) {
+      return {
+        data: null,
+        error: error instanceof InsForgeError ? error : new InsForgeError("Failed to create signed URLs", 500, "STORAGE_ERROR")
+      };
+    }
   }
   /**
    * List objects in the bucket
@@ -2664,12 +2754,13 @@ var InsForgeClient = class {
     const logger = new Logger(config.debug);
     this.tokenManager = new TokenManager();
     this.http = new HttpClient(config, this.tokenManager, logger);
-    if (config.edgeFunctionToken) {
-      this.http.setAuthToken(config.edgeFunctionToken);
-      this.tokenManager.setAccessToken(config.edgeFunctionToken);
+    const accessToken = config.accessToken ?? config.edgeFunctionToken;
+    if (accessToken) {
+      this.http.setAuthToken(accessToken);
+      this.tokenManager.setAccessToken(accessToken);
     }
     this.auth = new Auth(this.http, this.tokenManager, {
-      isServerMode: config.isServerMode ?? !!config.edgeFunctionToken
+      isServerMode: config.isServerMode ?? !!accessToken
     });
     this.database = new Database(this.http);
     this.storage = new Storage(this.http);
@@ -3075,7 +3166,10 @@ function createBrowserClient(options = {}) {
     ...options,
     baseUrl,
     anonKey,
-    fetch: ssrFetch
+    fetch: ssrFetch,
+    // Browser clients manage tokens via the refresh route, not a static
+    // config token; shadow any untyped accessToken in the options spread.
+    accessToken: void 0
   });
   const setAccessToken = client.setAccessToken.bind(client);
   client.setAccessToken = (token) => {
@@ -3113,7 +3207,10 @@ function createServerClient(options = {}) {
     baseUrl,
     anonKey,
     isServerMode: true,
-    edgeFunctionToken: accessToken ?? void 0
+    accessToken: accessToken ?? void 0,
+    // The cookie/option token is the only credential source here; shadow any
+    // untyped edgeFunctionToken smuggled through the options spread.
+    edgeFunctionToken: void 0
   });
 }