@mapcreator/api 5.0.0-alpha.88 → 5.0.0-alpha.90

package/src/README.md

@@ -1,126 +1,126 @@
-### Used type system
-
-We use type declarations for both the data coming over the wire and the data used by the application. In general, these types differ only in the presence of additional fields in the data arriving over the network (like `created_at`), and used naming convention. Data over the network uses the so-called snake case.
-
-All in all, we can use TypeScript's native mechanisms to convert one type to another and fully define just one type:
-
-```typescript
-import type { CamelCasedProperties } from 'type-fest';
-
-type ApiType =
-  | ({
-      data: {
-        prop: unknown;
-      } & ApiCommonData;
-    } & Omit<ApiSuccess, 'data'>)
-  | ApiError;
-
-type AppType = CamelCasedProperties<Omit<Exclude<ApiType, ApiError>['data'], keyof ApiCommonData>>;
-```
-
-or in reverse order:
-
-```typescript
-import type { SnakeCasedProperties } from 'type-fest';
-
-type AppType = {
-  prop: unknown;
-};
-
-type ApiType =
-  | ({
-      data: SnakeCasedProperties<AppType> & ApiCommonData;
-    } & Omit<ApiSuccess, 'data'>)
-  | ApiError;
-```
-
-But the decision was made not to do this, since it may be more difficult for the developer to make the conversion in their head than to see it in front of their eyes.
-
-### Using a `request()`
-
-The function has the following signature:
-
-```typescript
-async function request<I extends ApiCommon, O extends Record<string, unknown> | string>(
-  path: string,
-  body?: XMLHttpRequestBodyInit | Record<string | number, unknown> | null,
-  extraHeaders?: Record<string, string> | null,
-  extraOptions?: ExtraOptions<I, O>,
-): Promise<O | O[]> { /* ... */ }
-```
-
-Let's take it step by step.
-
-`I extends ApiCommon` - represents the type of data we receive over the network.
-
-`O extends Record<string, unknown> | string` - represents the data type that will be used in the application.
-
-Ideally you should describe and convey both types. This will help to check the data types in the arguments passed.
-See current data types for an example.
-
-`path: string` - the path to the resource, must include the API version, but must not include the schema or authority.
-Example: `/v1/jobs/12345`
-
-`body?: XMLHttpRequestBodyInit | Record<string | number, unknown> | null` - any meaningful body type. In general,
-the presence of an JSON object is assumed (or the absence of one for methods that only request data), but you can
-also pass `Blob`, `FormData`, `URLSearchParams` or just `ArrayBuffer`. The required content type will be added to
-the headers automatically.
-
-`extraHeaders?: Record<string, string> | null` - the object with additional headers.
-
-`extraOptions?: ExtraOptions<I, O>` - where `ExtraOptions<I, O>` is defined like this:
-
-```typescript
-interface ExtraOptions<I extends ApiCommon, O extends Record<string, unknown> | string> {
-  method?: 'GET' | 'HEAD' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
-  revivers?: O extends Record<string, unknown> ? Revivers<I, O> : never;
-  sendNull?: boolean;
-  withMeta?: boolean;
-}
-```
-
-Most fields are self-explanatory.
-
-`sendNull` can be used if you really want to pass `null` as body content.
-
-`revivers` is used to specify an object that can modify the behavior of the internal handler of data coming over
-the network. Let's take a closer look at this moment.
-
-#### Revivers
-
-By default, the `request()` function does the following things with data coming over the network:
-
-- It removes `created_at`, `updated_at`, `deleted_at` fields from the output objects.
-- It preserves all the remaining fields but converts their names into camelCase.
-
-When passing an object with revivers you can a couple of things:
-
-- You can list the fields that you want **to exclude** from the result object. To do this, the field must be assigned an
-`undefined` value.
-- You can **add** new fields or **modify** the type of existing ones. To do this, you need to pass a function as a field
-value, which will receive the original object as input.
-
-Example:
-
-```typescript
-const jobRevivers: Revivers<ApiJob, Job> = {
-  user_id: undefined,
-  description: undefined,
-  share_token: undefined,
-  autosave_preview_path: undefined,
-  job_folder_id: undefined,
-
-  jobTypeId: () => 9,
-  createdAt: (data: ApiJobData) => data.created_at as string,
-  previewPath: (data: ApiJobData) => data.autosave_preview_path ?? undefined,
-};
-```
-
-`user_id`, `description`, `share_token`, `autosave_preview_path`, `job_folder_id` fields will be excluded from the
-result object.
-
-`jobTypeId` will be always **9**.
-
-`createdAt` will be returned (please note that that field is excluded by default)
-
-`previewPath` - some actions will be performed with the source data.
+### Used type system
+
+We use type declarations for both the data coming over the wire and the data used by the application. In general, these types differ only in the presence of additional fields in the data arriving over the network (like `created_at`), and used naming convention. Data over the network uses the so-called snake case.
+
+All in all, we can use TypeScript's native mechanisms to convert one type to another and fully define just one type:
+
+```typescript
+import type { CamelCasedProperties } from 'type-fest';
+
+type ApiType =
+  | ({
+      data: {
+        prop: unknown;
+      } & ApiCommonData;
+    } & Omit<ApiSuccess, 'data'>)
+  | ApiError;
+
+type AppType = CamelCasedProperties<Omit<Exclude<ApiType, ApiError>['data'], keyof ApiCommonData>>;
+```
+
+or in reverse order:
+
+```typescript
+import type { SnakeCasedProperties } from 'type-fest';
+
+type AppType = {
+  prop: unknown;
+};
+
+type ApiType =
+  | ({
+      data: SnakeCasedProperties<AppType> & ApiCommonData;
+    } & Omit<ApiSuccess, 'data'>)
+  | ApiError;
+```
+
+But the decision was made not to do this, since it may be more difficult for the developer to make the conversion in their head than to see it in front of their eyes.
+
+### Using a `request()`
+
+The function has the following signature:
+
+```typescript
+async function request<I extends ApiCommon, O extends Record<string, unknown> | string>(
+  path: string,
+  body?: XMLHttpRequestBodyInit | Record<string | number, unknown> | null,
+  extraHeaders?: Record<string, string> | null,
+  extraOptions?: ExtraOptions<I, O>,
+): Promise<O | O[]> { /* ... */ }
+```
+
+Let's take it step by step.
+
+`I extends ApiCommon` - represents the type of data we receive over the network.
+
+`O extends Record<string, unknown> | string` - represents the data type that will be used in the application.
+
+Ideally you should describe and convey both types. This will help to check the data types in the arguments passed.
+See current data types for an example.
+
+`path: string` - the path to the resource, must include the API version, but must not include the schema or authority.
+Example: `/v1/jobs/12345`
+
+`body?: XMLHttpRequestBodyInit | Record<string | number, unknown> | null` - any meaningful body type. In general,
+the presence of an JSON object is assumed (or the absence of one for methods that only request data), but you can
+also pass `Blob`, `FormData`, `URLSearchParams` or just `ArrayBuffer`. The required content type will be added to
+the headers automatically.
+
+`extraHeaders?: Record<string, string> | null` - the object with additional headers.
+
+`extraOptions?: ExtraOptions<I, O>` - where `ExtraOptions<I, O>` is defined like this:
+
+```typescript
+interface ExtraOptions<I extends ApiCommon, O extends Record<string, unknown> | string> {
+  method?: 'GET' | 'HEAD' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+  revivers?: O extends Record<string, unknown> ? Revivers<I, O> : never;
+  sendNull?: boolean;
+  withMeta?: boolean;
+}
+```
+
+Most fields are self-explanatory.
+
+`sendNull` can be used if you really want to pass `null` as body content.
+
+`revivers` is used to specify an object that can modify the behavior of the internal handler of data coming over
+the network. Let's take a closer look at this moment.
+
+#### Revivers
+
+By default, the `request()` function does the following things with data coming over the network:
+
+- It removes `created_at`, `updated_at`, `deleted_at` fields from the output objects.
+- It preserves all the remaining fields but converts their names into camelCase.
+
+When passing an object with revivers you can a couple of things:
+
+- You can list the fields that you want **to exclude** from the result object. To do this, the field must be assigned an
+`undefined` value.
+- You can **add** new fields or **modify** the type of existing ones. To do this, you need to pass a function as a field
+value, which will receive the original object as input.
+
+Example:
+
+```typescript
+const jobRevivers: Revivers<ApiJob, Job> = {
+  user_id: undefined,
+  description: undefined,
+  share_token: undefined,
+  autosave_preview_path: undefined,
+  job_folder_id: undefined,
+
+  jobTypeId: () => 9,
+  createdAt: (data: ApiJobData) => data.created_at as string,
+  previewPath: (data: ApiJobData) => data.autosave_preview_path ?? undefined,
+};
+```
+
+`user_id`, `description`, `share_token`, `autosave_preview_path`, `job_folder_id` fields will be excluded from the
+result object.
+
+`jobTypeId` will be always **9**.
+
+`createdAt` will be returned (please note that that field is excluded by default)
+
+`previewPath` - some actions will be performed with the source data.

package/src/api/font.ts

@@ -1,4 +1,12 @@
-import { type ApiCommonData, type ApiError, type ApiSuccess, type Flatten, type Revivers, getSearchParams, request } from '../utils.js';
+import {
+  type ApiCommonData,
+  type ApiError,
+  type ApiSuccess,
+  type Flatten,
+  type Revivers,
+  getSearchParams,
+  request,
+} from '../utils.js';
 
 export type Font = {
   id: number;

package/src/api/insetMap.ts

@@ -1,4 +1,4 @@
-import { apiHost, authenticate, token } from '../oauth.js';
+import { apiHost, authenticate, getAuthorizationHeaders, token } from '../oauth.js';
 import {
   APIError,
   type ApiCommonData,
@@ -63,10 +63,9 @@ export async function getInsetMap(insetMapId: number): Promise<InsetMap> {
 
 export async function getInsetMapTopoJson<TopoJSON>(insetMapId: number): Promise<TopoJSON> {
   const href = `${apiHost}/v1/inset-maps/${insetMapId}/json`;
-  const headers = { Accept: 'application/json', ...(token ? { Authorization: token.toString() } : null) };
-  const response = await fetch(href, { headers }).catch((error: Error) => {
-    throw new NetworkError(error?.message ?? error);
-  });
+  const headers = getAuthorizationHeaders('GET');
+  const response = await fetch(href, { headers, ...!token && { credentials: 'include' } })
+    .catch((error: Error) => { throw new NetworkError(error?.message ?? error) });
 
   if (response.ok) {
     return response.json().catch(() => {

package/src/api/job.ts

@@ -53,9 +53,9 @@ export const jobRevivers: Revivers<ApiJob, Job> = {
   previewPath: (data: ApiJobData) => data.autosave_preview_path ?? undefined,
 };
 
-export async function createJob(title: string): Promise<Job> {
+export async function createJob(title: string, skipValidation?: boolean): Promise<Job> {
   const path = `/v1/jobs`;
-  const body = { title, job_type_id: 9 };
+  const body = { title, job_type_id: 9, skip_validation: skipValidation ?? false };
   const options = { revivers: jobRevivers };
 
   // Technically, the returning `data` will contain only the following fields:

package/src/api/jobRevision.ts

@@ -1,5 +1,5 @@
+import { apiHost, authenticate, getAuthorizationHeaders, token } from '../oauth.js';
 import { type ApiLayerData, type Layer, layerRevivers } from './layer.js';
-import { apiHost, authenticate, token } from '../oauth.js';
 import type { ApiMapstyleSetData } from './mapstyleSet.js';
 import type { ApiLanguageData } from './language.js';
 import {
@@ -70,6 +70,7 @@ export async function createJobRevision(
   layers: number[],
   output: FileFormat,
   jobObject: Record<string, unknown>,
+  skipValidation?: boolean
 ): Promise<JobRevision> {
   const pathname = `/v1/jobs/${jobId}/revisions`;
   const path = `${pathname}?${deletedNoneParam}`;
@@ -79,6 +80,7 @@ export async function createJobRevision(
     object: JSON.stringify(jobObject),
     output,
     layers,
+    skip_validation: skipValidation ?? false
   };
   const options = { revivers: jobRevisionRevivers };
 
@@ -221,10 +223,9 @@ export async function getJobRevisionOutput(jobId: number): Promise<JobRevisionOu
   await createJobRevisionBuild(jobId);
 
   const href = `${apiHost}/v1/jobs/${jobId}/revisions/${lastJobRevision}/result/output`;
-  const headers = { ...(token ? { Authorization: token.toString() } : null) };
-  const response = await fetch(href, { headers }).catch((error: Error) => {
-    throw new NetworkError(error?.message ?? error);
-  });
+  const headers = getAuthorizationHeaders('GET');
+  const response = await fetch(href, { headers, ...!token && { credentials: 'include' } })
+    .catch((error: Error) => { throw new NetworkError(error?.message ?? error) });
 
   if (response.ok) {
     const blob = await response.blob().catch(() => {
@@ -271,9 +272,9 @@ export async function getJobRevisionOutput(jobId: number): Promise<JobRevisionOu
   }
 }
 
-async function createJobRevisionBuild(jobId: number): Promise<string> {
+async function createJobRevisionBuild(jobId: number, skipValidation?: boolean): Promise<string> {
   const pathname = `/v1/jobs/${jobId}/revisions/${lastJobRevision}/build`;
   const path = `${pathname}?${deletedNoneParam}`;
 
-  return request<ApiCommon, string>(path, null, null, { method: 'POST' });
+  return request<ApiCommon, string>(path, { skip_validation: skipValidation ?? false }, null, { method: 'POST' });
 }

package/src/oauth.ts

@@ -8,27 +8,19 @@ export let token: {
   toString: () => string;
 } | null = null;
 
-let apiClientId = '';
 let callbackUrl = '';
-let oauthScopes = ['*'];
 
-const anchorParams = ['access_token', 'token_type', 'expires_in', 'state'];
-
-const storagePrefix = '_m4n_';
-const statePrefix = 'oauth_state_';
-const storageName = 'api_token';
-
-const dummyTokenExpires = new Date('2100-01-01T01:00:00');
+/**
+ * Cleanup of previously used data. The code part can be removed in a while.
+ */
+for (let i = 0; i < window.localStorage.length; ++i) {
+  const key = window.localStorage.key(i);
 
-interface AnchorToken {
-  access_token: string;
-  token_type: string;
-  expires_in: string;
-  state: string;
+  if (key?.startsWith('_m4n_')) {
+    window.localStorage.removeItem(key);
+  }
 }
 
-const titleCase = (str: unknown): string => String(str).toLowerCase().replace(/\b\w/g, c => c.toUpperCase());
-
 /**
  * Setup internal structures to use dummy authentication flow
  *
@@ -40,9 +32,9 @@ export function initDummyFlow(apiUrl: string, oauthToken: string): void {
 
   apiHost = apiUrl.replace(/\/+$/, '');
   token = {
-    type: titleCase(parts[0]),
+    type: parts[0].toLowerCase().replace(/\b\w/g, c => c.toUpperCase()),
     token: parts[1],
-    expires: dummyTokenExpires,
+    expires: new Date('2100-01-01T01:00:00'),
 
     toString(): string {
       return `${this.type} ${this.token}`;
@@ -54,261 +46,39 @@ export function initDummyFlow(apiUrl: string, oauthToken: string): void {
  * Setup internal structures to use implicit authentication flow
  *
  * @param {string} apiUrl - Full API URL
- * @param {string} clientId - OAuth client id
  * @param {string} [redirectUrl] - Callback URL
- * @param {string[]} [scopes] - A list of required scopes
  */
-export function initImplicitFlow(apiUrl: string, clientId: string, redirectUrl = '', scopes = ['*']): void {
+export function initImplicitFlow(apiUrl: string, redirectUrl = ''): void {
   apiHost = apiUrl.replace(/\/+$/, '');
 
-  apiClientId = String(clientId);
   callbackUrl = String(redirectUrl || window.location.href.split('#')[0]);
-  oauthScopes = scopes;
-
-  {
-    const key = `${storagePrefix}${storageName}`;
-    const data = window.localStorage.getItem(key);
-
-    if (data) {
-      try {
-        const obj = JSON.parse(data) as { type?: unknown; token?: unknown; expires?: unknown };
-
-        if (
-          typeof obj.type === 'string' &&
-          typeof obj.token === 'string' &&
-          typeof obj.expires === 'string' &&
-          new Date(obj.expires) > new Date()
-        ) {
-          token = {
-            type: titleCase(obj.type),
-            token: obj.token,
-            expires: new Date(obj.expires),
-
-            toString(): string {
-              return `${this.type} ${this.token}`;
-            },
-          };
-        } else {
-          window.localStorage.removeItem(key);
-        }
-      } catch (e) {
-        /* */
-      }
-    }
-  }
-
-  {
-    const obj = getAnchorToken();
-
-    if (isAnchorToken(obj)) {
-      // We'll not go there if anchor contains error and/or message
-      // This means that anchor parameters will be preserved for the next processing
-      cleanAnchorParams();
-
-      const expires = new Date(Date.now() + Number(obj.expires_in) * 1000);
-
-      if (isValidState(obj.state) && expires > new Date()) {
-        token = {
-          type: titleCase(obj.token_type),
-          token: obj.access_token,
-          expires,
-
-          toString(): string {
-            return `${this.type} ${this.token}`;
-          },
-        };
-
-        const key = `${storagePrefix}${storageName}`;
-        const data = { type: token.type, token: token.token, expires: expires.toUTCString() };
-
-        window.localStorage.setItem(key, JSON.stringify(data));
-      } else {
-        // TODO: add some logic to handle this
-        // throw Error('Invalid state in url');
-      }
-    }
-  }
 
-  if (authenticated()) {
-    const href = sessionStorage.getItem('redirect-url');
+  const href = sessionStorage.getItem('redirect-url');
 
-    if (href) {
-      sessionStorage.removeItem('redirect-url');
-      window.history.replaceState(null, document.title, href);
-    }
+  if (href) {
+    sessionStorage.removeItem('redirect-url');
+    window.history.replaceState(null, document.title, href);
   }
 }
 
-export async function authenticate(): Promise<string> | never {
+export async function authenticate(): Promise<never> {
   return new Promise(() => {
-    if (anchorContainsError()) {
-      console.error(getError());
-      cleanAnchorParams();
-    }
-
-    forget();
-
     sessionStorage.setItem('redirect-url', window.location.href);
-    window.location.assign(buildRedirectUrl());
+    window.location.assign(`${apiHost}/login?${new URLSearchParams({ redirect_uri: callbackUrl })}`);
   });
 }
 
-export function authenticated(): boolean {
-  return token != null && token.expires > new Date() && (
-    token.expires.valueOf() === dummyTokenExpires.valueOf() ||
-    !!window.localStorage.getItem(`${storagePrefix}${storageName}`)
-  );
-}
-
-export async function logout(): Promise<void> {
-  if (token) {
-    await fetch(`${apiHost}/oauth/logout`, {
-      method: 'POST',
-      headers: {
-        Accept: 'application/json',
-        Authorization: token.toString(),
-      },
-    });
-  }
-
-  forget();
-}
-
-function forget(): void {
-  for (let i = 0; i < window.localStorage.length; ++i) {
-    const key = window.localStorage.key(i);
-
-    if (key?.startsWith(storagePrefix)) {
-      window.localStorage.removeItem(key);
-    }
-  }
-
-  token = null;
-}
-
-function buildRedirectUrl(): string {
-  const queryParams = new URLSearchParams({
-    client_id: apiClientId,
-    redirect_uri: callbackUrl,
-    response_type: 'token',
-    scope: oauthScopes.join(' '),
-    state: generateState(),
-  });
-
-  return `${apiHost}/oauth/authorize?${queryParams}`;
-}
-
-function getAnchorQuery(): string {
-  return window.location.hash.replace(/^#\/?/, '');
-}
-
-function getAnchorParams(): Record<string, unknown> {
-  const query = getAnchorQuery();
-  // eslint-disable-next-line @stylistic/padding-line-between-statements,@typescript-eslint/no-unsafe-return
-  return Object.fromEntries(query.split('&').map(pair => pair.split('=').map(decodeURIComponent)));
-}
-
-function getAnchorToken(): Partial<AnchorToken> {
-  const params = getAnchorParams();
-
-  return Object.fromEntries(Object.entries(params).filter(([key]) => anchorParams.includes(key)));
-}
-
-function isAnchorToken(anchorToken: Partial<AnchorToken>): anchorToken is AnchorToken {
-  const queryKeys = Object.keys(anchorToken);
-
-  return anchorParams.every(key => queryKeys.includes(key));
-}
-
-function cleanAnchorParams(): void {
-  const query = window.location.hash.replace(/^#\/?/, '');
-  const targets = [...anchorParams, 'error', 'message'];
-  const newHash = query
-    .split('&')
-    .filter(pair => !targets.includes(decodeURIComponent(pair.split('=')[0])))
-    .join('&');
-
-  if (newHash) {
-    window.location.hash = newHash;
-  } else {
-    const { origin, pathname, search } = window.location;
-
-    window.history.replaceState(null, document.title, `${origin}${pathname}${search}`);
-  }
-}
-
-function isValidState(state: string): boolean {
-  const key = `${storagePrefix}${statePrefix}${state}`;
-  const found = window.localStorage.getItem(key) != null;
-
-  if (found) {
-    window.localStorage.removeItem(key);
-  }
-
-  return found;
-}
-
-function anchorContainsError(): boolean {
-  return 'error' in getAnchorParams();
-}
+// eslint-disable-next-line @typescript-eslint/naming-convention
+type AuthHeaders = { Authorization: string } | { 'X-XSRF-Token': string } | undefined;
 
-function generateState(): string {
-  // @ts-expect-error TS2365
-  // eslint-disable-next-line @typescript-eslint/restrict-plus-operands
-  const state = (([1e7] + -1e3 + -4e3 + -8e3 + -1e11) as string).replace(
-    /[018]/g, // @ts-expect-error TS2362
-    c => (c ^ ((Math.random() * 256) & (0x0f >>> (c >>> 2)))).toString(16),
-  );
-  const key = `${storagePrefix}${statePrefix}${state}`;
+export function getAuthorizationHeaders(method: 'GET' | 'HEAD' | 'POST' | 'PUT' | 'DELETE' | 'PATCH'): AuthHeaders {
+  const cookie = !token && method !== 'GET' && method !== 'HEAD'
+    ? document.cookie.split(/ *; */).find(pair => pair.startsWith('XSRF-TOKEN'))?.split('=')[1]
+    : undefined;
 
-  window.localStorage.setItem(key, `${Date.now()}`);
-
-  return state;
-}
-
-class OAuthError extends Error {
-  error: string;
-
-  constructor(message: string, error: unknown) {
-    super(message);
-
-    this.error = String(error);
-  }
-
-  toString(): string {
-    let error = this.error;
-
-    if (error.includes('_')) {
-      error = error.replace('_', ' ').replace(/^./, c => c.toUpperCase());
-    }
-
-    return this.message ? `${error}: ${this.message}` : error;
-  }
-}
-
-function getError(): OAuthError {
-  const params = getAnchorParams();
-
-  return params.message
-    ? new OAuthError(params.message as string, params.error)
-    : new OAuthError(titleCase(params.error), params.error);
-}
-
-/**
- * Our goal is to support even obsolete platforms (ES2017+ / Node.js 8.10+).
- * This is a small polyfill for possibly missing method used in our codebase.
- */
-if (!Object.fromEntries) { // eslint-disable-next-line arrow-body-style
-  Object.fromEntries = <T = never>(entries: Iterable<readonly [string | number, T]>): { [k: string]: T } => {
-    return Array.from(entries).reduce<{ [k: string]: T }>(
-      (object, entry) => {
-        if (!Array.isArray(entry)) {
-          throw new TypeError(`Iterator value ${entry as unknown as string} is not an entry object.`);
-        }
-        object[`${entry[0]}`] = entry[1];
-
-        return object;
-      }, {}
-    );
-  };
+  return token
+    ? { Authorization: token.toString() }
+    : cookie
+      ? { 'X-XSRF-Token': decodeURIComponent(cookie) }
+      : undefined;
 }