npm - @insforge/sdk - Versions diffs - 1.4.0 → 1.4.1 - Mend

@insforge/sdk 1.4.0 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/README.md +17 -1
package/SDK-REFERENCE.md +5 -1
package/dist/{client-CqfpCc8Z.d.mts → client-DoWwzWnh.d.ts} +52 -112
package/dist/{client-CqfpCc8Z.d.ts → client-hYdj36T6.d.mts} +52 -112
package/dist/index.d.mts +4 -2
package/dist/index.d.ts +4 -2
package/dist/index.js +105 -14
package/dist/index.js.map +1 -1
package/dist/index.mjs +102 -11
package/dist/index.mjs.map +1 -1
package/dist/middleware-BxJ0PzUT.d.mts +67 -0
package/dist/middleware-DLZiheYP.d.ts +67 -0
package/dist/ssr/middleware.d.mts +3 -0
package/dist/ssr/middleware.d.ts +3 -0
package/dist/ssr/middleware.js +461 -0
package/dist/ssr/middleware.js.map +1 -0
package/dist/ssr/middleware.mjs +428 -0
package/dist/ssr/middleware.mjs.map +1 -0
package/dist/ssr.d.mts +8 -69
package/dist/ssr.d.ts +8 -69
package/dist/ssr.js +107 -10
package/dist/ssr.js.map +1 -1
package/dist/ssr.mjs +107 -10
package/dist/ssr.mjs.map +1 -1
package/dist/types-NjykhyRq.d.mts +118 -0
package/dist/types-NjykhyRq.d.ts +118 -0
package/package.json +6 -1

package/dist/ssr.d.ts CHANGED Viewed

@@ -1,72 +1,23 @@
-import { a as InsForgeConfig, I as InsForgeClient, m as AuthRefreshResponse, e as InsForgeError } from './client-CqfpCc8Z.js';
+import { I as InsForgeClient } from './client-DoWwzWnh.js';
+import { I as InsForgeConfig, e as AuthRefreshResponse, d as InsForgeError } from './types-NjykhyRq.js';
+import { A as AuthCookieSettings, C as CookieStore } from './middleware-DLZiheYP.js';
+export { f as AuthCookieNames, h as AuthCookieOptions, i as CookieOptions, j as CookieReader, k as CookieWriter, D as DEFAULT_ACCESS_TOKEN_COOKIE, b as DEFAULT_REFRESH_TOKEN_COOKIE, U as UpdateSessionOptions, a as UpdateSessionResult, c as accessTokenCookieOptions, d as clearAuthCookies, g as getAccessTokenCookieName, e as getRefreshTokenCookieName, r as refreshTokenCookieOptions, s as setAuthCookies, u as updateSession } from './middleware-DLZiheYP.js';
 import '@insforge/shared-schemas';
 import '@supabase/postgrest-js';
-declare const DEFAULT_ACCESS_TOKEN_COOKIE = "insforge_access_token";
-declare const DEFAULT_REFRESH_TOKEN_COOKIE = "insforge_refresh_token";
-interface AuthCookieNames {
-    accessToken?: string;
-    refreshToken?: string;
-}
-interface CookieOptions {
-    domain?: string;
-    path?: string;
-    expires?: Date;
-    maxAge?: number;
-    httpOnly?: boolean;
-    secure?: boolean;
-    sameSite?: 'lax' | 'strict' | 'none';
-}
-interface AuthCookieOptions {
-    accessToken?: CookieOptions;
-    refreshToken?: CookieOptions;
-}
-type CookieStoreValue = string | {
-    value?: string | null;
-} | undefined | null;
-interface CookieReader {
-    get(name: string): CookieStoreValue;
-}
-interface CookieWriter {
-    set?(name: string, value: string, options?: CookieOptions): unknown;
-    set?(options: {
-        name: string;
-        value: string;
-    } & CookieOptions): unknown;
-    delete?(name: string): unknown;
-    delete?(options: {
-        name: string;
-    } & CookieOptions): unknown;
-}
-interface CookieStore extends CookieReader, CookieWriter {
-}
-interface AuthCookieSettings {
-    names?: AuthCookieNames;
-    options?: AuthCookieOptions;
-}
-declare function getAccessTokenCookieName(names?: AuthCookieNames): string;
-declare function getRefreshTokenCookieName(names?: AuthCookieNames): string;
-declare function accessTokenCookieOptions(token: string, overrides?: CookieOptions): CookieOptions;
-declare function refreshTokenCookieOptions(token: string, overrides?: CookieOptions): CookieOptions;
-declare function setAuthCookies(cookies: CookieWriter | undefined, tokens: {
-    accessToken: string;
-    refreshToken?: string | null;
-}, settings?: AuthCookieSettings): void;
-declare function clearAuthCookies(cookies: CookieWriter | undefined, settings?: AuthCookieSettings): void;
-interface CreateBrowserClientOptions extends Omit<InsForgeConfig, 'edgeFunctionToken' | 'isServerMode' | 'auth'>, AuthCookieSettings {
+interface CreateBrowserClientOptions extends Omit<InsForgeConfig, 'accessToken' | 'edgeFunctionToken' | 'isServerMode' | 'auth'>, AuthCookieSettings {
     refreshUrl?: string;
     refreshLeewaySeconds?: number;
 }
 declare function createBrowserClient(options?: CreateBrowserClientOptions): InsForgeClient;
-interface CreateServerClientOptions extends Omit<InsForgeConfig, 'edgeFunctionToken' | 'isServerMode' | 'auth'>, AuthCookieSettings {
+interface CreateServerClientOptions extends Omit<InsForgeConfig, 'accessToken' | 'edgeFunctionToken' | 'isServerMode' | 'auth'>, AuthCookieSettings {
     cookies?: Pick<CookieStore, 'get'>;
     accessToken?: string;
 }
 declare function createServerClient(options?: CreateServerClientOptions): InsForgeClient;
-interface RefreshAuthOptions extends Omit<InsForgeConfig, 'edgeFunctionToken' | 'isServerMode' | 'auth'>, AuthCookieSettings {
+interface RefreshAuthOptions extends Omit<InsForgeConfig, 'accessToken' | 'edgeFunctionToken' | 'isServerMode' | 'auth'>, AuthCookieSettings {
     request?: Request;
     cookies?: Pick<CookieStore, 'get'>;
     refreshToken?: string;
@@ -84,16 +35,4 @@ declare function createRefreshAuthRouter(options?: Omit<RefreshAuthOptions, 'req
     POST: RefreshAuthRouteHandler;
 };
-interface UpdateSessionOptions extends Omit<InsForgeConfig, 'edgeFunctionToken' | 'isServerMode' | 'auth'>, AuthCookieSettings {
-    requestCookies: CookieStore;
-    responseCookies: CookieStore;
-    refreshLeewaySeconds?: number;
-}
-interface UpdateSessionResult {
-    refreshed: boolean;
-    accessToken: string | null;
-    error: InsForgeError | null;
-}
-declare function updateSession(options: UpdateSessionOptions): Promise<UpdateSessionResult>;
-export { type AuthCookieNames, type AuthCookieOptions, type AuthCookieSettings, type CookieOptions, type CookieReader, type CookieStore, type CookieWriter, type CreateBrowserClientOptions, type CreateServerClientOptions, DEFAULT_ACCESS_TOKEN_COOKIE, DEFAULT_REFRESH_TOKEN_COOKIE, type RefreshAuthOptions, type RefreshAuthResult, type RefreshAuthRouteHandler, type UpdateSessionOptions, type UpdateSessionResult, accessTokenCookieOptions, clearAuthCookies, createBrowserClient, createRefreshAuthRouter, createServerClient, getAccessTokenCookieName, getRefreshTokenCookieName, refreshAuth, refreshTokenCookieOptions, setAuthCookies, updateSession };
+export { AuthCookieSettings, CookieStore, type CreateBrowserClientOptions, type CreateServerClientOptions, type RefreshAuthOptions, type RefreshAuthResult, type RefreshAuthRouteHandler, createBrowserClient, createRefreshAuthRouter, createServerClient, refreshAuth };

package/dist/ssr.js CHANGED Viewed

@@ -445,7 +445,7 @@ var HttpClient = class {
     return Math.round(jitter);
   }
   shouldRefreshAccessToken(statusCode, errorCode, authToken, options = {}) {
-    return statusCode === 401 && REFRESHABLE_AUTH_ERROR_CODES.has(errorCode ?? "") && !this.config.isServerMode && !this.config.edgeFunctionToken && !options.skipAuthRefresh && authToken !== null;
+    return statusCode === 401 && REFRESHABLE_AUTH_ERROR_CODES.has(errorCode ?? "") && !this.config.isServerMode && !this.config.accessToken && !this.config.edgeFunctionToken && !options.skipAuthRefresh && authToken !== null;
   }
   async fetchWithRetry(args) {
     const {
@@ -1657,7 +1657,7 @@ var StorageBucket = class {
           size: file.size,
           mimeType: file.type || "application/octet-stream",
           uploadedAt: (/* @__PURE__ */ new Date()).toISOString(),
-          url: this.getPublicUrl(strategy.key)
+          url: this.getPublicUrl(strategy.key).data.publicUrl
         },
         error: null
       };
@@ -1729,11 +1729,101 @@ var StorageBucket = class {
     }
   }
   /**
-   * Get public URL for a file
+   * Get the public URL for an object in a public bucket.
+   *
+   * Pure string construction — no network call, no auth. The URL only resolves
+   * if the bucket is public; for private objects use {@link createSignedUrl}.
+   *
    * @param path - The object key/path
+   * @returns `{ data: { publicUrl }, error }` — matches the external SDK pattern,
+   *   so `const { data } = getPublicUrl(path)` then `data.publicUrl`.
    */
   getPublicUrl(path) {
-    return `${this.http.baseUrl}/api/storage/buckets/${this.bucketName}/objects/${encodeURIComponent(path)}`;
+    const publicUrl = `${this.http.baseUrl}/api/storage/buckets/${this.bucketName}/objects/${encodeURIComponent(path)}`;
+    return { data: { publicUrl }, error: null };
+  }
+  /**
+   * Resolve a download strategy (signed or direct URL) for an object with a
+   * caller-supplied TTL. Prefers the canonical GET route and falls back to the
+   * legacy POST alias so signed-URL creation still works against older backends
+   * that predate the GET route (they return 404/405 for it). A genuine
+   * "object not found" (STORAGE_NOT_FOUND) is not retried.
+   */
+  async requestDownloadStrategy(path, expiresIn) {
+    const encoded = encodeURIComponent(path);
+    try {
+      return await this.http.get(
+        `/api/storage/buckets/${this.bucketName}/download-strategy/objects/${encoded}`,
+        { params: { expiresIn: expiresIn.toString() } }
+      );
+    } catch (error) {
+      const status = error instanceof InsForgeError ? error.statusCode : void 0;
+      const isMissingRoute = (status === 404 || status === 405) && !(error instanceof InsForgeError && error.error === "STORAGE_NOT_FOUND");
+      if (!isMissingRoute) throw error;
+      return await this.http.post(
+        `/api/storage/buckets/${this.bucketName}/objects/${encoded}/download-strategy`,
+        { expiresIn }
+      );
+    }
+  }
+  /**
+   * Create a signed URL for an object.
+   *
+   * Returns a time-limited, credential-free URL that can be handed directly to
+   * a browser (`<img src>`), an email, or a third party — no SDK or session is
+   * needed to fetch it. Authorization is enforced when the URL is minted (the
+   * caller must be allowed to read the object), so the resulting link is a
+   * pre-authorized capability scoped to this one object until it expires.
+   *
+   * @param path - The object key/path
+   * @param expiresIn - Lifetime in seconds (default 3600 = 1h, max 604800 = 7d).
+   *   Honored for private buckets; public buckets return their long-lived URL.
+   */
+  async createSignedUrl(path, expiresIn = 3600) {
+    try {
+      const strategy = await this.requestDownloadStrategy(path, expiresIn);
+      return {
+        data: {
+          signedUrl: strategy.url,
+          expiresAt: strategy.expiresAt ? new Date(strategy.expiresAt).toISOString() : null
+        },
+        error: null
+      };
+    } catch (error) {
+      return {
+        data: null,
+        error: error instanceof InsForgeError ? error : new InsForgeError("Failed to create signed URL", 500, "STORAGE_ERROR")
+      };
+    }
+  }
+  /**
+   * Create signed URLs for multiple objects in a single call.
+   *
+   * Each entry resolves independently: a failure on one key (not found / not
+   * permitted) is reported on that entry's `error` without failing the rest.
+   *
+   * @param paths - The object keys/paths
+   * @param expiresIn - Lifetime in seconds (default 3600 = 1h, max 604800 = 7d)
+   */
+  async createSignedUrls(paths, expiresIn = 3600) {
+    try {
+      const data = await Promise.all(
+        paths.map(async (path) => {
+          const { data: signed, error } = await this.createSignedUrl(path, expiresIn);
+          return {
+            path,
+            signedUrl: signed?.signedUrl ?? null,
+            error: error ? error.message : null
+          };
+        })
+      );
+      return { data, error: null };
+    } catch (error) {
+      return {
+        data: null,
+        error: error instanceof InsForgeError ? error : new InsForgeError("Failed to create signed URLs", 500, "STORAGE_ERROR")
+      };
+    }
   }
   /**
    * List objects in the bucket
@@ -2712,12 +2802,13 @@ var InsForgeClient = class {
     const logger = new Logger(config.debug);
     this.tokenManager = new TokenManager();
     this.http = new HttpClient(config, this.tokenManager, logger);
-    if (config.edgeFunctionToken) {
-      this.http.setAuthToken(config.edgeFunctionToken);
-      this.tokenManager.setAccessToken(config.edgeFunctionToken);
+    const accessToken = config.accessToken ?? config.edgeFunctionToken;
+    if (accessToken) {
+      this.http.setAuthToken(accessToken);
+      this.tokenManager.setAccessToken(accessToken);
     }
     this.auth = new Auth(this.http, this.tokenManager, {
-      isServerMode: config.isServerMode ?? !!config.edgeFunctionToken
+      isServerMode: config.isServerMode ?? !!accessToken
     });
     this.database = new Database(this.http);
     this.storage = new Storage(this.http);
@@ -3123,7 +3214,10 @@ function createBrowserClient(options = {}) {
     ...options,
     baseUrl,
     anonKey,
-    fetch: ssrFetch
+    fetch: ssrFetch,
+    // Browser clients manage tokens via the refresh route, not a static
+    // config token; shadow any untyped accessToken in the options spread.
+    accessToken: void 0
   });
   const setAccessToken = client.setAccessToken.bind(client);
   client.setAccessToken = (token) => {
@@ -3161,7 +3255,10 @@ function createServerClient(options = {}) {
     baseUrl,
     anonKey,
     isServerMode: true,
-    edgeFunctionToken: accessToken ?? void 0
+    accessToken: accessToken ?? void 0,
+    // The cookie/option token is the only credential source here; shadow any
+    // untyped edgeFunctionToken smuggled through the options spread.
+    edgeFunctionToken: void 0
   });
 }