@makolabs/ripple 1.6.6 → 1.6.8

package/dist/funcs/user-management.remote.js

@@ -88,43 +88,56 @@ async function makeAuthRequest(endpoint, options = {}) {
             ...options.headers
         }
     });
-    const data = await response.json();
-    // Return both status and data for verification purposes
+    const text = await response.text();
+    let data;
+    try {
+        data = JSON.parse(text);
+    }
+    catch (parseError) {
+        // Not JSON, treat as plain text error (e.g., "404 page not found")
+        data = { error: text, message: text };
+    }
     return {
         ok: response.ok,
         status: response.status,
-        data: JSON.parse(JSON.stringify(data))
+        data: data
     };
 }
 async function verifyApiKeyToken(apiKey) {
     try {
-        const result = await makeAuthRequest('/auth/issue', {
+        const result = await makeAuthRequest('/auth/token', {
             method: 'POST',
             headers: {
                 'X-API-Key': apiKey
             }
         });
         if (result.ok && result.data?.data?.access_token) {
-            // Parse the JWT to get scopes (or use verify endpoint)
+            const token = result.data.data.access_token;
             const verifyResult = await makeAuthRequest('/auth/verify', {
-                method: 'POST',
+                method: 'GET',
                 headers: {
-                    'Authorization': `Bearer ${result.data.data.access_token}`
+                    'Authorization': `Bearer ${token}`
                 }
             });
             if (verifyResult.ok && verifyResult.data?.data) {
+                // The API returns "scope" (singular) as a space-separated string, not "scopes" array
+                const scopeString = verifyResult.data.data.scope;
+                const scopes = scopeString ? scopeString.split(' ').filter(Boolean) : [];
                 return {
                     valid: true,
-                    scopes: verifyResult.data.data.scopes || []
+                    scopes: scopes
                 };
             }
         }
+        const errorMsg = result.data?.message || result.data?.error || `API key verification failed with status ${result.status}`;
+        console.warn('[verifyApiKeyToken] Verification failed:', errorMsg);
         return {
             valid: false,
-            error: result.data?.error || `API key verification failed with status ${result.status}`
+            error: errorMsg
         };
     }
     catch (error) {
+        console.error('[verifyApiKeyToken] Exception during verification:', error);
         return {
             valid: false,
             error: error instanceof Error ? error.message : 'Unknown error during verification'
@@ -444,12 +457,12 @@ export const updateUserPermissions = command('unchecked', async (options) => {
             if (apiKeyString) {
                 try {
                     const verification = await verifyApiKeyToken(apiKeyString);
+                    console.log('[updateUserPermissions] Key verification:', verification);
                     if (verification.valid) {
-                        console.log('[updateUserPermissions] Token verification successful. Scopes:', verification.scopes);
                         // Check if the scopes match what we expect
                         const scopesMatch = filteredPermissions.every(perm => verification.scopes?.includes(perm));
                         if (!scopesMatch) {
-                            console.warn('[updateUserPermissions] Token scopes do not match expected permissions');
+                            console.warn('[updateUserPermissions] Scopes mismatch. Expected:', filteredPermissions, 'Got:', verification.scopes);
                         }
                     }
                     else {
@@ -490,12 +503,14 @@ export const generateApiKey = command('unchecked', async (options) => {
         const userKeys = (allKeysData?.data?.data || []).filter((key) => key.status === 'active');
         let newApiKey;
         let wasRotated = false;
+        let oldApiKey;
+        let currentUser = null;
         if (userKeys.length > 0 && options.revokeOld) {
             // Use rotate endpoint (per Mako Auth API spec)
             const keyId = userKeys[0].id;
-            // Get the old API key string before rotating
-            const oldKeyData = await makeAdminRequest(`/admin/keys/${keyId}`);
-            const oldApiKey = oldKeyData?.data?.key;
+            // Get the old API key from Clerk's private_metadata
+            currentUser = await makeClerkRequest(`/users/${options.userId}`);
+            oldApiKey = currentUser.private_metadata?.mako_api_key;
             const rotateResult = await makeAdminRequest(`/admin/keys/${keyId}/rotate`, {
                 method: 'POST',
                 body: JSON.stringify({
@@ -512,11 +527,9 @@ export const generateApiKey = command('unchecked', async (options) => {
             if (oldApiKey) {
                 try {
                     const oldKeyVerification = await verifyApiKeyToken(oldApiKey);
+                    console.log('[generateApiKey] Old key verification:', oldKeyVerification.valid ? 'Still valid ⚠️' : 'Revoked ✓');
                     if (oldKeyVerification.valid) {
-                        console.warn('[generateApiKey] Old API key is still valid after rotation');
-                    }
-                    else {
-                        console.log('[generateApiKey] Old API key successfully revoked');
+                        console.warn('[generateApiKey] Old API key still valid after rotation');
                     }
                 }
                 catch (verifyError) {
@@ -526,16 +539,16 @@ export const generateApiKey = command('unchecked', async (options) => {
             // Verify new key works with correct scopes
             try {
                 const newKeyVerification = await verifyApiKeyToken(newApiKey);
+                console.log('[generateApiKey] New key verification:', newKeyVerification);
                 if (newKeyVerification.valid) {
-                    console.log('[generateApiKey] New API key verification successful. Scopes:', newKeyVerification.scopes);
                     // Check if the scopes match what we expect
                     const scopesMatch = filteredPermissions.every(perm => newKeyVerification.scopes?.includes(perm));
                     if (!scopesMatch) {
-                        console.warn('[generateApiKey] New key scopes do not match expected permissions');
+                        console.warn('[generateApiKey] Scopes mismatch. Expected:', filteredPermissions, 'Got:', newKeyVerification.scopes);
                     }
                 }
                 else {
-                    console.warn('[generateApiKey] New API key verification failed:', newKeyVerification.error);
+                    console.warn('[generateApiKey] New key verification failed:', newKeyVerification.error);
                 }
             }
             catch (verifyError) {
@@ -555,7 +568,10 @@ export const generateApiKey = command('unchecked', async (options) => {
         }
         // Update Clerk profile with new key
         try {
-            const currentUser = await makeClerkRequest(`/users/${options.userId}`);
+            // Reuse currentUser if already fetched (during rotation), otherwise fetch it
+            if (!currentUser) {
+                currentUser = await makeClerkRequest(`/users/${options.userId}`);
+            }
             await makeClerkRequest(`/users/${options.userId}`, {
                 method: 'PATCH',
                 body: JSON.stringify({
@@ -589,24 +605,39 @@ export const verifyToken = command('unchecked', async (options) => {
         const result = await verifyApiKeyToken(options.apiKey);
         // Also return the issued token for debugging
         if (result.valid) {
-            const tokenResult = await makeAuthRequest('/auth/issue', {
-                method: 'POST',
-                headers: {
-                    'X-API-Key': options.apiKey
-                }
-            });
-            return {
-                ...result,
-                token: tokenResult.data?.data?.access_token
-            };
+            try {
+                const tokenResult = await makeAuthRequest('/auth/token', {
+                    method: 'POST',
+                    headers: {
+                        'X-API-Key': options.apiKey
+                    }
+                });
+                const finalResult = {
+                    valid: result.valid,
+                    scopes: result.scopes,
+                    token: tokenResult.data?.data?.access_token
+                };
+                // Ensure result is serializable
+                return JSON.parse(JSON.stringify(finalResult));
+            }
+            catch (tokenError) {
+                console.warn('[verifyToken] Could not fetch token:', tokenError);
+                // Return result without token
+                return JSON.parse(JSON.stringify({
+                    valid: result.valid,
+                    scopes: result.scopes
+                }));
+            }
         }
-        return result;
+        // Ensure result is serializable
+        return JSON.parse(JSON.stringify(result));
     }
     catch (error) {
         console.error('[verifyToken] Error:', error);
-        return {
+        const errorResult = {
             valid: false,
             error: error instanceof Error ? error.message : 'Unknown error during verification'
         };
+        return JSON.parse(JSON.stringify(errorResult));
     }
 });

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@makolabs/ripple",
-	"version": "1.6.6",
+	"version": "1.6.8",
 	"description": "Simple Svelte 5 powered component library ✨",
 	"license": "SEE LICENSE IN LICENSE",
 	"repository": {