@joytreesite/joytree 1.0.2 → 1.0.3

package/lib/api.js

@@ -1,15 +1,10 @@
 'use strict';
 
-const https  = require('https');
-const http   = require('http');
+const https   = require('https');
+const http    = require('http');
 const { URL } = require('url');
-const config = require('./config');
+const config  = require('./config');
 
-/**
- * Make an authenticated request to the Joytree API.
- * Auth is done via ?api_key=jtk_... (same pattern as /api/v1/transfer).
- * For session-based endpoints we pass token as Bearer header.
- */
 async function request(method, endpoint, body = null, opts = {}) {
   const apiKey  = config.getApiKey();
   const baseUrl = config.getBaseUrl();
@@ -18,9 +13,7 @@ async function request(method, endpoint, body = null, opts = {}) {
     throw new Error('Not authenticated. Run: joytree login');
   }
 
-  const separator = endpoint.includes('?') ? '&' : '?';
-  const url = new URL(`${baseUrl}${endpoint}${apiKey ? `${separator}api_key=${encodeURIComponent(apiKey)}` : ''}`);
-
+  const url    = new URL(`${baseUrl}${endpoint}`);
   const payload = body ? JSON.stringify(body) : null;
 
   return new Promise((resolve, reject) => {
@@ -33,6 +26,8 @@ async function request(method, endpoint, body = null, opts = {}) {
       headers: {
         'Content-Type': 'application/json',
         'User-Agent': `joytree-cli/${require('../package.json').version}`,
+        // Send API key as Bearer token — this is what requireAuth on the server reads
+        ...(apiKey ? { 'Authorization': `Bearer ${apiKey}` } : {}),
         ...(payload ? { 'Content-Length': Buffer.byteLength(payload) } : {}),
         ...(opts.headers || {}),
       },
@@ -63,7 +58,6 @@ async function request(method, endpoint, body = null, opts = {}) {
   });
 }
 
-// Convenience wrappers
 const api = {
   get:    (path, opts)       => request('GET',    path, null, opts),
   post:   (path, body, opts) => request('POST',   path, body, opts),
@@ -72,19 +66,24 @@ const api = {
   delete: (path, opts)       => request('DELETE', path, null, opts),
 };
 
-/**
- * Validate an API key by calling /api/v1/transfer and reading the response.
- * Returns { ok, email, projectCount } or throws.
- */
+// Validate API key via /api/v1/transfer
 async function validateApiKey(apiKey, baseUrl) {
-  const url = `${baseUrl}/api/v1/transfer?api_key=${encodeURIComponent(apiKey)}`;
-  const parsed = new URL(url);
-  const mod = parsed.protocol === 'https:' ? require('https') : require('http');
+  const url = new URL(`${baseUrl}/api/v1/transfer`);
+  const mod = url.protocol === 'https:' ? require('https') : require('http');
 
   return new Promise((resolve, reject) => {
-    const req = mod.get(url, {
-      headers: { 'User-Agent': `joytree-cli/${require('../package.json').version}` }
-    }, (res) => {
+    const reqOpts = {
+      hostname: url.hostname,
+      port: url.port || (url.protocol === 'https:' ? 443 : 80),
+      path: url.pathname,
+      method: 'GET',
+      headers: {
+        'Authorization': `Bearer ${apiKey}`,
+        'User-Agent': `joytree-cli/${require('../package.json').version}`,
+      },
+    };
+
+    const req = mod.request(reqOpts, (res) => {
       let raw = '';
       res.on('data', c => raw += c);
       res.on('end', () => {
@@ -98,6 +97,7 @@ async function validateApiKey(apiKey, baseUrl) {
       });
     });
     req.on('error', reject);
+    req.end();
   });
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@joytreesite/joytree",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "Joytree CLI — deploy and manage your sites from the terminal",
   "main": "bin/joytree.js",
   "bin": {