@insureco/bio 0.3.0 → 0.4.0

package/dist/users.js

@@ -0,0 +1,185 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/users.ts
+var users_exports = {};
+__export(users_exports, {
+  BioUsers: () => BioUsers
+});
+module.exports = __toCommonJS(users_exports);
+
+// src/errors.ts
+var BioError = class extends Error {
+  /** HTTP status code (if from an API response) */
+  statusCode;
+  /** Machine-readable error code (e.g. 'invalid_grant', 'token_expired') */
+  code;
+  /** Additional error details from the API */
+  details;
+  constructor(message, code, statusCode, details) {
+    super(message);
+    this.name = "BioError";
+    this.code = code;
+    this.statusCode = statusCode;
+    this.details = details;
+  }
+};
+
+// src/utils.ts
+function retryDelay(attempt) {
+  const baseDelay = Math.min(1e3 * 2 ** attempt, 5e3);
+  return baseDelay * (0.5 + Math.random() * 0.5);
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function parseJsonResponse(response) {
+  try {
+    return await response.json();
+  } catch {
+    throw new BioError(
+      `Bio-ID returned ${response.status} with non-JSON body`,
+      "parse_error",
+      response.status
+    );
+  }
+}
+
+// src/users.ts
+var DEFAULT_TIMEOUT_MS = 1e4;
+var BioUsers = class _BioUsers {
+  usersUrl;
+  serviceKey;
+  timeoutMs;
+  constructor(config) {
+    if (!config.usersUrl) {
+      throw new BioError(
+        "usersUrl is required \u2014 declare spec.userAccess in catalog-info.yaml and deploy to inject BIO_USERS_URL",
+        "config_error"
+      );
+    }
+    if (!config.serviceKey) {
+      throw new BioError(
+        "serviceKey is required \u2014 declare spec.userAccess in catalog-info.yaml and deploy to inject BIO_SERVICE_KEY",
+        "config_error"
+      );
+    }
+    this.usersUrl = config.usersUrl.replace(/\/$/, "");
+    this.serviceKey = config.serviceKey;
+    this.timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  }
+  /**
+   * Create a BioUsers client from environment variables.
+   * Reads BIO_USERS_URL and BIO_SERVICE_KEY (injected by builder on deploy).
+   */
+  static fromEnv(overrides) {
+    return new _BioUsers({
+      usersUrl: overrides?.usersUrl ?? process.env.BIO_USERS_URL ?? "",
+      serviceKey: overrides?.serviceKey ?? process.env.BIO_SERVICE_KEY ?? "",
+      timeoutMs: overrides?.timeoutMs
+    });
+  }
+  /**
+   * List members of a specific org.
+   *
+   * @param orgSlug - The org slug to query
+   * @param filters - Optional filters (modules, roles, limit, page)
+   */
+  async getOrgMembers(orgSlug, filters) {
+    const params = buildParams({ orgSlug, ...filters });
+    return this.request(params);
+  }
+  /**
+   * List users across orgs with optional filters.
+   * Cross-org queries require scope: cross-org in catalog-info.yaml
+   * and approval from the target org.
+   *
+   * @param filters - Optional filters (orgSlug, modules, roles, limit, page)
+   */
+  async listUsers(filters) {
+    const params = buildParams(filters ?? {});
+    return this.request(params);
+  }
+  async request(params, attempt = 0) {
+    const url = `${this.usersUrl}?${params.toString()}`;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+    let response;
+    try {
+      response = await fetch(url, {
+        headers: {
+          "x-service-key": this.serviceKey,
+          "Content-Type": "application/json"
+        },
+        signal: controller.signal
+      });
+    } catch (err) {
+      clearTimeout(timer);
+      const isTimeout = err instanceof Error && err.name === "AbortError";
+      if (!isTimeout && attempt < 2) {
+        await sleep(retryDelay(attempt));
+        return this.request(params, attempt + 1);
+      }
+      throw new BioError(
+        isTimeout ? "Bio-ID user access request timed out" : `Bio-ID user access request failed: ${String(err)}`,
+        isTimeout ? "timeout" : "network_error"
+      );
+    } finally {
+      clearTimeout(timer);
+    }
+    if (response.status === 403) {
+      throw new BioError(
+        "Cross-org access denied \u2014 the target org has not approved your service, or scope: cross-org is missing from catalog-info.yaml",
+        "access_denied",
+        403
+      );
+    }
+    if (response.status === 401) {
+      throw new BioError(
+        "Invalid service key \u2014 BIO_SERVICE_KEY may be expired or missing",
+        "unauthorized",
+        401
+      );
+    }
+    if (!response.ok) {
+      const body2 = await parseJsonResponse(response).catch(() => ({}));
+      throw new BioError(
+        `Bio-ID user access returned ${response.status}`,
+        "api_error",
+        response.status,
+        body2
+      );
+    }
+    const body = await parseJsonResponse(response);
+    return body.data ?? body;
+  }
+};
+function buildParams(filters) {
+  const params = new URLSearchParams();
+  if (filters.orgSlug) params.set("orgSlug", filters.orgSlug);
+  if (filters.modules?.length) params.set("modules", filters.modules.join(","));
+  if (filters.roles?.length) params.set("roles", filters.roles.join(","));
+  if (filters.limit) params.set("limit", String(filters.limit));
+  if (filters.page) params.set("page", String(filters.page));
+  return params;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  BioUsers
+});

package/dist/users.mjs

@@ -0,0 +1,128 @@
+import {
+  BioError,
+  parseJsonResponse,
+  retryDelay,
+  sleep
+} from "./chunk-NK5VXXWF.mjs";
+
+// src/users.ts
+var DEFAULT_TIMEOUT_MS = 1e4;
+var BioUsers = class _BioUsers {
+  usersUrl;
+  serviceKey;
+  timeoutMs;
+  constructor(config) {
+    if (!config.usersUrl) {
+      throw new BioError(
+        "usersUrl is required \u2014 declare spec.userAccess in catalog-info.yaml and deploy to inject BIO_USERS_URL",
+        "config_error"
+      );
+    }
+    if (!config.serviceKey) {
+      throw new BioError(
+        "serviceKey is required \u2014 declare spec.userAccess in catalog-info.yaml and deploy to inject BIO_SERVICE_KEY",
+        "config_error"
+      );
+    }
+    this.usersUrl = config.usersUrl.replace(/\/$/, "");
+    this.serviceKey = config.serviceKey;
+    this.timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  }
+  /**
+   * Create a BioUsers client from environment variables.
+   * Reads BIO_USERS_URL and BIO_SERVICE_KEY (injected by builder on deploy).
+   */
+  static fromEnv(overrides) {
+    return new _BioUsers({
+      usersUrl: overrides?.usersUrl ?? process.env.BIO_USERS_URL ?? "",
+      serviceKey: overrides?.serviceKey ?? process.env.BIO_SERVICE_KEY ?? "",
+      timeoutMs: overrides?.timeoutMs
+    });
+  }
+  /**
+   * List members of a specific org.
+   *
+   * @param orgSlug - The org slug to query
+   * @param filters - Optional filters (modules, roles, limit, page)
+   */
+  async getOrgMembers(orgSlug, filters) {
+    const params = buildParams({ orgSlug, ...filters });
+    return this.request(params);
+  }
+  /**
+   * List users across orgs with optional filters.
+   * Cross-org queries require scope: cross-org in catalog-info.yaml
+   * and approval from the target org.
+   *
+   * @param filters - Optional filters (orgSlug, modules, roles, limit, page)
+   */
+  async listUsers(filters) {
+    const params = buildParams(filters ?? {});
+    return this.request(params);
+  }
+  async request(params, attempt = 0) {
+    const url = `${this.usersUrl}?${params.toString()}`;
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+    let response;
+    try {
+      response = await fetch(url, {
+        headers: {
+          "x-service-key": this.serviceKey,
+          "Content-Type": "application/json"
+        },
+        signal: controller.signal
+      });
+    } catch (err) {
+      clearTimeout(timer);
+      const isTimeout = err instanceof Error && err.name === "AbortError";
+      if (!isTimeout && attempt < 2) {
+        await sleep(retryDelay(attempt));
+        return this.request(params, attempt + 1);
+      }
+      throw new BioError(
+        isTimeout ? "Bio-ID user access request timed out" : `Bio-ID user access request failed: ${String(err)}`,
+        isTimeout ? "timeout" : "network_error"
+      );
+    } finally {
+      clearTimeout(timer);
+    }
+    if (response.status === 403) {
+      throw new BioError(
+        "Cross-org access denied \u2014 the target org has not approved your service, or scope: cross-org is missing from catalog-info.yaml",
+        "access_denied",
+        403
+      );
+    }
+    if (response.status === 401) {
+      throw new BioError(
+        "Invalid service key \u2014 BIO_SERVICE_KEY may be expired or missing",
+        "unauthorized",
+        401
+      );
+    }
+    if (!response.ok) {
+      const body2 = await parseJsonResponse(response).catch(() => ({}));
+      throw new BioError(
+        `Bio-ID user access returned ${response.status}`,
+        "api_error",
+        response.status,
+        body2
+      );
+    }
+    const body = await parseJsonResponse(response);
+    return body.data ?? body;
+  }
+};
+function buildParams(filters) {
+  const params = new URLSearchParams();
+  if (filters.orgSlug) params.set("orgSlug", filters.orgSlug);
+  if (filters.modules?.length) params.set("modules", filters.modules.join(","));
+  if (filters.roles?.length) params.set("roles", filters.roles.join(","));
+  if (filters.limit) params.set("limit", String(filters.limit));
+  if (filters.page) params.set("page", String(filters.page));
+  return params;
+}
+export {
+  BioUsers
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@insureco/bio",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "SDK for Bio-ID SSO integration on the Tawa platform",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -10,18 +10,16 @@
       "types": "./dist/index.d.ts",
       "import": "./dist/index.mjs",
       "require": "./dist/index.js"
+    },
+    "./users": {
+      "types": "./dist/users.d.ts",
+      "import": "./dist/users.mjs",
+      "require": "./dist/users.js"
     }
   },
   "files": [
     "dist"
   ],
-  "scripts": {
-    "build": "tsup src/index.ts --format cjs,esm --dts --clean",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "lint": "tsc --noEmit",
-    "prepublishOnly": "npm run build"
-  },
   "keywords": [
     "insureco",
     "tawa",
@@ -44,5 +42,11 @@
   },
   "engines": {
     "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts src/users.ts --format cjs,esm --dts --clean",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit"
   }
-}
+}