@lark-sh/client 0.1.15 → 0.1.16

package/dist/fb-v8/index.js

@@ -72,18 +72,10 @@ var Coordinator = class {
    * Request connection details from the coordinator.
    *
    * @param database - Database ID in format "project/database"
-   * @param options - Either a user token or anonymous flag
-   * @returns Connection details including host, port, and connection token
+   * @returns Connection details including WebSocket URL and UDP host/port
    */
-  async connect(database, options = {}) {
+  async connect(database) {
     const body = { database };
-    if (options.token) {
-      body.token = options.token;
-    } else if (options.anonymous) {
-      body.anonymous = true;
-    } else {
-      body.anonymous = true;
-    }
     const response = await fetch(`${this.baseUrl}/connect`, {
       method: "POST",
       headers: {
@@ -2919,6 +2911,125 @@ function generatePushId() {
   return id;
 }
 
+// src/utils/validation.ts
+var MAX_KEY_BYTES = 768;
+var INVALID_KEY_CHARS = /[.#$\[\]\/]/;
+var CONTROL_CHARS = /[\x00-\x1f\x7f]/;
+function hasControlChars(str) {
+  return CONTROL_CHARS.test(str);
+}
+function getByteLength(str) {
+  if (typeof TextEncoder !== "undefined") {
+    return new TextEncoder().encode(str).length;
+  }
+  return Buffer.byteLength(str, "utf8");
+}
+function validateKey(key, context) {
+  const prefix = context ? `${context}: ` : "";
+  if (typeof key !== "string") {
+    throw new LarkError(
+      ErrorCode.INVALID_DATA,
+      `${prefix}key must be a string`
+    );
+  }
+  if (key.length === 0) {
+    throw new LarkError(
+      ErrorCode.INVALID_DATA,
+      `${prefix}key cannot be empty`
+    );
+  }
+  if (INVALID_KEY_CHARS.test(key)) {
+    throw new LarkError(
+      ErrorCode.INVALID_DATA,
+      `${prefix}key "${key}" contains invalid characters (. $ # [ ] / are not allowed)`
+    );
+  }
+  if (hasControlChars(key)) {
+    throw new LarkError(
+      ErrorCode.INVALID_DATA,
+      `${prefix}key "${key}" contains control characters (ASCII 0-31, 127 are not allowed)`
+    );
+  }
+  const byteLength = getByteLength(key);
+  if (byteLength > MAX_KEY_BYTES) {
+    throw new LarkError(
+      ErrorCode.INVALID_DATA,
+      `${prefix}key "${key.substring(0, 50)}..." exceeds maximum size of ${MAX_KEY_BYTES} bytes (got ${byteLength})`
+    );
+  }
+}
+function validatePath(path, context) {
+  if (typeof path !== "string") {
+    throw new LarkError(
+      ErrorCode.INVALID_PATH,
+      `${context ? `${context}: ` : ""}path must be a string`
+    );
+  }
+  if (path === "" || path === "/") {
+    return;
+  }
+  const segments = path.split("/").filter((s) => s.length > 0);
+  for (const segment of segments) {
+    if (segment === ".priority" || segment === ".value" || segment === ".sv" || segment === ".info") {
+      continue;
+    }
+    validateKey(segment, context);
+  }
+}
+function validateValue(value, context, path = "") {
+  const prefix = context ? `${context}: ` : "";
+  const location = path ? ` at "${path}"` : "";
+  if (value === null || value === void 0) {
+    return;
+  }
+  if (typeof value === "string") {
+    if (hasControlChars(value)) {
+      throw new LarkError(
+        ErrorCode.INVALID_DATA,
+        `${prefix}string value${location} contains control characters (ASCII 0-31, 127 are not allowed)`
+      );
+    }
+    return;
+  }
+  if (typeof value === "number" || typeof value === "boolean") {
+    return;
+  }
+  if (Array.isArray(value)) {
+    for (let i = 0; i < value.length; i++) {
+      validateValue(value[i], context, path ? `${path}/${i}` : String(i));
+    }
+    return;
+  }
+  if (typeof value === "object") {
+    const obj = value;
+    const keys = Object.keys(obj);
+    if (".value" in obj) {
+      const otherKeys = keys.filter((k) => k !== ".value" && k !== ".priority");
+      if (otherKeys.length > 0) {
+        const loc = path || "/";
+        throw new LarkError(
+          ErrorCode.INVALID_DATA,
+          `${prefix}data at ${loc} contains ".value" alongside other children (${otherKeys.join(", ")}). ".value" can only be used with ".priority" for primitives with priority.`
+        );
+      }
+    }
+    for (const [key, childValue] of Object.entries(obj)) {
+      if (key !== ".priority" && key !== ".value" && key !== ".sv") {
+        validateKey(key, context);
+      }
+      validateValue(childValue, context, path ? `${path}/${key}` : key);
+    }
+    return;
+  }
+  throw new LarkError(
+    ErrorCode.INVALID_DATA,
+    `${prefix}invalid value type${location}: ${typeof value}`
+  );
+}
+function validateWriteData(value, context) {
+  validateValue(value, context);
+}
+
 // src/DatabaseReference.ts
 function isInfoPath(path) {
   return path === "/.info" || path.startsWith("/.info/");
@@ -3090,6 +3201,7 @@ var DatabaseReference = class _DatabaseReference {
    * Get a reference to a child path.
    */
   child(path) {
+    validatePath(path, "child");
     const childPath = joinPath(this._path, path);
     return new _DatabaseReference(this._db, childPath);
   }
@@ -3106,6 +3218,7 @@ var DatabaseReference = class _DatabaseReference {
    */
   async set(value) {
     validateNotInfoPath(this._path, "set");
+    validateWriteData(value, "set");
     if (this._db.isVolatilePath(this._path)) {
       this._db._sendVolatileSet(this._path, value);
       return;
@@ -3135,6 +3248,16 @@ var DatabaseReference = class _DatabaseReference {
    */
   async update(values) {
     validateNotInfoPath(this._path, "update");
+    for (const [key, value] of Object.entries(values)) {
+      if (key.includes("/")) {
+        validatePath(key, "update");
+      } else {
+        validateKey(key, "update");
+      }
+      if (value !== null) {
+        validateWriteData(value, "update");
+      }
+    }
     const hasPathKeys = Object.keys(values).some((key) => key.startsWith("/"));
     if (hasPathKeys) {
       const ops = [];
@@ -3193,6 +3316,10 @@ var DatabaseReference = class _DatabaseReference {
    */
   async setWithPriority(value, priority) {
     validateNotInfoPath(this._path, "setWithPriority");
+    validateWriteData(value, "setWithPriority");
+    if (typeof priority === "string") {
+      validateWriteData(priority, "setWithPriority (priority)");
+    }
     if (value === null || value === void 0) {
       await this._db._sendSet(this._path, value);
       return;
@@ -3734,17 +3861,11 @@ var DatabaseReference = class _DatabaseReference {
     }
   }
   /**
-   * Validate that a key is a valid Firebase key format.
-   * Invalid characters: . $ # [ ] /
-   * Also cannot start or end with .
+   * Validate that a key is a valid key format.
+   * Delegates to the shared validation utility.
    */
   _validateKeyFormat(methodName, key) {
-    if (/[.#$\[\]\/]/.test(key)) {
-      throw new LarkError(
-        ErrorCode.INVALID_QUERY,
-        `Query.${methodName}: invalid key "${key}" - keys cannot contain . # $ [ ] /`
-      );
-    }
+    validateKey(key, `Query.${methodName}`);
   }
   // ============================================
   // Internal Helpers
@@ -4112,28 +4233,6 @@ function isVolatilePath(path, patterns) {
 }
 
 // src/LarkDatabase.ts
-function validateWriteData(data, path = "") {
-  if (!data || typeof data !== "object" || Array.isArray(data)) {
-    return;
-  }
-  const obj = data;
-  const keys = Object.keys(obj);
-  if (".value" in obj) {
-    const otherKeys = keys.filter((k) => k !== ".value" && k !== ".priority");
-    if (otherKeys.length > 0) {
-      const location = path || "/";
-      throw new LarkError(
-        "invalid_data",
-        `Data at ${location} contains ".value" alongside other children (${otherKeys.join(", ")}). ".value" can only be used with ".priority" for primitives with priority.`
-      );
-    }
-  }
-  for (const key of keys) {
-    if (key !== ".priority" && key !== ".value") {
-      validateWriteData(obj[key], path ? `${path}/${key}` : `/${key}`);
-    }
-  }
-}
 var RECONNECT_BASE_DELAY_MS = 1e3;
 var RECONNECT_MAX_DELAY_MS = 3e4;
 var RECONNECT_JITTER_FACTOR = 0.5;
@@ -4356,10 +4455,7 @@ var LarkDatabase = class {
     try {
       const coordinatorUrl = this._coordinatorUrl;
       const coordinator = new Coordinator(coordinatorUrl);
-      const connectResponse = await coordinator.connect(databaseId, {
-        token: options.token,
-        anonymous: options.anonymous
-      });
+      const connectResponse = await coordinator.connect(databaseId);
       const wsUrl = connectResponse.ws_url;
       const transportResult = await createTransport(
         wsUrl,
@@ -4756,14 +4852,20 @@ var LarkDatabase = class {
    */
   async convertToTxOp(op) {
     const path = normalizePath(op.path) || "/";
+    validatePath(op.path, "transaction");
     switch (op.op) {
       case "set":
+        validateWriteData(op.value, "transaction");
         return { o: "s", p: path, v: op.value };
       case "update":
+        validateWriteData(op.value, "transaction");
         return { o: "u", p: path, v: op.value };
       case "delete":
         return { o: "d", p: path };
       case "condition":
+        if (op.value !== void 0 && op.value !== null) {
+          validateWriteData(op.value, "transaction condition");
+        }
         if (isPrimitive(op.value)) {
           return { o: "c", p: path, v: op.value };
         } else {
@@ -4781,10 +4883,12 @@ var LarkDatabase = class {
   convertObjectToTxOps(obj) {
     const ops = [];
     for (const [path, value] of Object.entries(obj)) {
+      validatePath(path, "transaction");
       const normalizedPath = normalizePath(path) || "/";
       if (value === null) {
         ops.push({ o: "d", p: normalizedPath });
       } else {
+        validateWriteData(value, "transaction");
         ops.push({ o: "s", p: normalizedPath, v: value });
       }
     }