@mitway/sdk 0.2.4 → 0.4.0

package/README.md

@@ -73,6 +73,22 @@ const { data: newPost } = await client.database
 const { data: stats } = await client.database
   .rpc('get_user_stats', { user_id: session.user.id });
 
+// Upload a file
+const { data: uploaded, error: upErr } = await client.storage
+  .from('avatars')
+  .upload('user-123/avatar.png', file, { contentType: 'image/png' });
+
+// Share a link that expires in an hour
+const { data: signed } = await client.storage
+  .from('private-docs')
+  .createSignedUrl('contract.pdf', { expiresIn: 3600 });
+console.log(signed?.url);
+
+// Public download URL (for public buckets)
+const { data: pub } = client.storage
+  .from('avatars')
+  .getPublicUrl('user-123/avatar.png');
+
 // Sign out
 await client.auth.signOut();
 ```

package/dist/index.cjs

@@ -28,6 +28,8 @@ __export(index_exports, {
   MitwayBaasError: () => MitwayBaasError,
   Realtime: () => Realtime,
   RealtimeChannel: () => RealtimeChannel,
+  Storage: () => Storage,
+  StorageBucketClient: () => StorageBucketClient,
   TokenManager: () => TokenManager,
   createClient: () => createClient,
   default: () => index_default
@@ -564,6 +566,29 @@ var HttpClient = class {
       throw error;
     }
   }
+  /**
+   * Low-level fetch helper for binary bodies (uploads) and streamed responses
+   * (downloads). Applies the current Bearer token (user session → anon key
+   * fallback) plus any configured default headers, resolves `path` against
+   * `baseUrl`, and returns the raw `Response` — it does NOT unwrap the
+   * `{ data, error }` envelope, so the caller is responsible for status
+   * checking and parsing.
+   *
+   * Used by the storage module for object upload/download paths where the
+   * body or response is not JSON.
+   */
+  async rawFetch(path, init = {}) {
+    const url = this.buildUrl(path);
+    const headers = new Headers(init.headers ?? {});
+    for (const [k, v] of Object.entries(this.defaultHeaders)) {
+      if (!headers.has(k)) headers.set(k, v);
+    }
+    if (!headers.has("Authorization")) {
+      const token = this.userToken ?? this.anonKey;
+      if (token) headers.set("Authorization", `Bearer ${token}`);
+    }
+    return this.fetch(url, { ...init, headers });
+  }
   get(path, options) {
     return this.request("GET", path, options);
   }
@@ -893,6 +918,11 @@ var Database = class {
 // src/modules/realtime.ts
 var import_socket = require("socket.io-client");
 var PRESENCE_HEARTBEAT_MS = 2e4;
+function makeChannelError(code, message) {
+  const err = new Error(message);
+  err.code = code;
+  return err;
+}
 var DEFAULT_CONNECT_TIMEOUT_MS = 1e4;
 var RealtimeChannel = class {
   constructor(topic, realtime, options = {}) {
@@ -963,12 +993,19 @@ var RealtimeChannel = class {
       this.statusCallback?.("SUBSCRIBED");
     } catch (err) {
       this.state = "errored";
-      this.statusCallback?.("CHANNEL_ERROR", {
-        code: "REJOIN_FAILED",
-        message: err instanceof Error ? err.message : String(err)
-      });
+      this.statusCallback?.(
+        "CHANNEL_ERROR",
+        makeChannelError("REJOIN_FAILED", err instanceof Error ? err.message : String(err))
+      );
     }
   }
+  // ── implementation signature (not in public type surface).
+  // The callback type is intentionally broad: each overload above pins a
+  // specific payload shape, but TypeScript overload resolution needs the
+  // implementation to accept the union of every narrow callback without
+  // the contravariance conflict (TS2394). `any` is the standard escape
+  // hatch for this exact pattern and is confined to this one line — the
+  // public surface users see is strictly typed via the overloads.
   on(type, filter, callback) {
     if (type === "postgres_changes") {
       this.bindings.push({
@@ -1070,18 +1107,18 @@ var RealtimeChannel = class {
         } catch (err) {
           this.state = "errored";
           const message = err instanceof Error ? err.message : String(err);
-          this.statusCallback?.("CHANNEL_ERROR", {
-            code: "SUBSCRIBE_FAILED",
-            message
-          });
+          this.statusCallback?.(
+            "CHANNEL_ERROR",
+            makeChannelError("SUBSCRIBE_FAILED", message)
+          );
         }
       },
       (err) => {
         this.state = "errored";
-        this.statusCallback?.("CHANNEL_ERROR", {
-          code: "CONNECT_FAILED",
-          message: err.message
-        });
+        this.statusCallback?.(
+          "CHANNEL_ERROR",
+          makeChannelError("CONNECT_FAILED", err.message)
+        );
       }
     );
     return this;
@@ -1134,6 +1171,12 @@ var RealtimeChannel = class {
    * events, write to your own application table and enable
    * `postgres_changes` on it; the SDK will surface the INSERT as a
    * `postgres_changes` event without a separate channel.send call.
+   *
+   * The returned promise always resolves with the server ack, so callers
+   * can `await channel.send(...)` to confirm delivery + get the server-
+   * assigned `message_id`. There's no performance cost — Socket.IO piggy-
+   * backs the ack on the same frame. Callers that don't need it just
+   * don't await.
    */
   async send(args) {
     if (args.type !== "broadcast") {
@@ -1160,9 +1203,7 @@ var RealtimeChannel = class {
     if (!socket) {
       throw new MitwayBaasError("Socket not connected", 503, "NOT_CONNECTED");
     }
-    const broadcastCfg = this.options.config?.broadcast;
-    const wantAck = broadcastCfg?.ack === true;
-    const self = broadcastCfg?.self;
+    const self = this.options.config?.broadcast?.self;
     const wirePayload = {
       channel: this.topic,
       event: args.event,
@@ -1171,10 +1212,6 @@ var RealtimeChannel = class {
     if (self === false) {
       wirePayload.self = false;
     }
-    if (!wantAck) {
-      socket.emit("realtime:publish", wirePayload);
-      return;
-    }
     return await new Promise((resolve) => {
       socket.emit(
         "realtime:publish",
@@ -1215,7 +1252,7 @@ var RealtimeChannel = class {
         if (!b.subscriptionId || !pcEvent.ids.includes(b.subscriptionId)) {
           continue;
         }
-        const matchesEvent = b.filter.event === "*" || b.filter.event === pcEvent.data.type;
+        const matchesEvent = b.filter.event === "*" || b.filter.event === pcEvent.data.eventType;
         if (!matchesEvent) {
           continue;
         }
@@ -1274,7 +1311,13 @@ var RealtimeChannel = class {
         continue;
       }
       try {
-        b.callback(payload);
+        if (payload.event === "sync") {
+          b.callback();
+        } else if (payload.event === "join") {
+          b.callback(payload);
+        } else {
+          b.callback(payload);
+        }
       } catch {
       }
     }
@@ -1293,7 +1336,7 @@ var RealtimeChannel = class {
           "realtime:subscribe",
           { channel: this.topic, private: this.isPrivate },
           (ack) => {
-            if (ack.ok) {
+            if (ack.status === "ok") {
               resolve();
             } else {
               reject(new Error(ack.error?.message ?? "subscribe failed"));
@@ -1317,7 +1360,7 @@ var RealtimeChannel = class {
               filter: b.filter.filter
             },
             (ack) => {
-              if (ack.ok && ack.subscription_id) {
+              if (ack.status === "ok" && ack.subscription_id) {
                 b.subscriptionId = ack.subscription_id;
                 resolve();
               } else {
@@ -1363,13 +1406,14 @@ var Realtime = class {
    * The optional `opts` argument lets the caller configure the channel:
    *   * `config.private` — enable subscribe-side authorization against
    *     `realtime.authorize_subscribe(...)` on the tenant DB.
-   *   * `config.broadcast.ack` — `channel.send()` resolves with the
-   *     server's ack (message_id) instead of fire-and-forget.
    *   * `config.broadcast.self` — `false` excludes the sender from the
    *     fan-out (defaults to `true`).
    *   * `config.presence.key` — stable presence key to group multiple
    *     tabs of the same user under one entry.
    *
+   * `channel.send()` always resolves with the server ack (see its own
+   * docstring); there is no separate opt-in needed.
+   *
    * Options are locked in when the channel is first created; subsequent
    * `.channel('same')` calls with different opts are ignored. Pass a
    * different topic to get a different-configured channel.
@@ -1494,6 +1538,373 @@ var Realtime = class {
   }
 };
 
+// src/modules/storage.ts
+function bucketFromWire(row) {
+  return {
+    id: row.id,
+    name: row.name,
+    public: row.public,
+    fileSizeLimitBytes: row.file_size_limit_bytes,
+    allowedMimeTypes: row.allowed_mime_types,
+    createdAt: row.created_at,
+    updatedAt: row.updated_at
+  };
+}
+function objectFromWire(row, bucketName) {
+  return {
+    id: row.id,
+    bucket: bucketName,
+    key: row.key,
+    size: row.size,
+    mimeType: row.mime_type,
+    etag: row.etag,
+    cacheControl: row.cache_control,
+    contentDisposition: row.content_disposition,
+    uploadedBy: row.uploaded_by,
+    uploadedAt: row.uploaded_at,
+    updatedAt: row.updated_at
+  };
+}
+function configFromWire(row) {
+  return {
+    defaultFileSizeLimitBytes: row.default_file_size_limit_bytes,
+    maxFileSizeLimitBytes: row.max_file_size_limit_bytes,
+    tenantStorageQuotaBytes: row.tenant_storage_quota_bytes,
+    reservedSpaceBytes: row.reserved_space_bytes,
+    signedUrlDefaultTtlSec: row.signed_url_default_ttl_sec,
+    signedUrlMaxTtlSec: row.signed_url_max_ttl_sec
+  };
+}
+function encodeKey(key) {
+  return key.split("/").map(encodeURIComponent).join("/");
+}
+function wrapError2(err, fallback) {
+  if (err instanceof MitwayBaasError) return { data: null, error: err };
+  return {
+    data: null,
+    error: new MitwayBaasError(
+      err instanceof Error ? err.message : fallback,
+      0,
+      "STORAGE_ERROR"
+    )
+  };
+}
+async function readEnvelopeError(response) {
+  let code = "STORAGE_ERROR";
+  let message = `HTTP ${response.status}`;
+  try {
+    const body = await response.json();
+    if (body && body.error) {
+      code = body.error.code ?? code;
+      message = body.error.message ?? message;
+    }
+  } catch {
+  }
+  return new MitwayBaasError(message, response.status, code);
+}
+var StorageBucketClient = class {
+  constructor(http, bucketName) {
+    this.http = http;
+    this.bucketName = bucketName;
+  }
+  http;
+  bucketName;
+  bucketBase() {
+    return `/api/storage/buckets/${encodeURIComponent(this.bucketName)}`;
+  }
+  objectPath(key) {
+    return `${this.bucketBase()}/objects/${encodeKey(key)}`;
+  }
+  async upload(key, body, opts = {}) {
+    try {
+      const method = opts.upsert ? "PUT" : "POST";
+      const headers = {
+        "Content-Type": opts.contentType ?? "application/octet-stream"
+      };
+      if (opts.cacheControl) headers["Cache-Control"] = opts.cacheControl;
+      if (opts.contentDisposition)
+        headers["Content-Disposition"] = opts.contentDisposition;
+      const response = await this.http.rawFetch(this.objectPath(key), {
+        method,
+        headers,
+        body,
+        signal: opts.abortSignal
+      });
+      if (!response.ok) {
+        return { data: null, error: await readEnvelopeError(response) };
+      }
+      const parsed = await response.json();
+      if (parsed.error || !parsed.data) {
+        return {
+          data: null,
+          error: new MitwayBaasError(
+            parsed.error?.message ?? "Upload failed",
+            response.status,
+            parsed.error?.code ?? "STORAGE_ERROR"
+          )
+        };
+      }
+      return { data: objectFromWire(parsed.data, this.bucketName), error: null };
+    } catch (err) {
+      return wrapError2(err, "Upload failed");
+    }
+  }
+  async download(key, opts = {}) {
+    try {
+      const headers = {};
+      if (opts.range) {
+        headers["Range"] = `bytes=${opts.range.start}-${opts.range.end}`;
+      }
+      const response = await this.http.rawFetch(this.objectPath(key), {
+        method: "GET",
+        headers,
+        signal: opts.abortSignal
+      });
+      if (!response.ok) {
+        return { data: null, error: await readEnvelopeError(response) };
+      }
+      const blob = await response.blob();
+      return { data: blob, error: null };
+    } catch (err) {
+      return wrapError2(err, "Download failed");
+    }
+  }
+  async getStream(key, opts = {}) {
+    try {
+      const headers = {};
+      if (opts.range) {
+        headers["Range"] = `bytes=${opts.range.start}-${opts.range.end}`;
+      }
+      const response = await this.http.rawFetch(this.objectPath(key), {
+        method: "GET",
+        headers,
+        signal: opts.abortSignal
+      });
+      if (!response.ok) {
+        return { data: null, error: await readEnvelopeError(response) };
+      }
+      if (!response.body) {
+        return {
+          data: null,
+          error: new MitwayBaasError(
+            "Response body is not a stream",
+            response.status,
+            "STORAGE_ERROR"
+          )
+        };
+      }
+      return {
+        data: response.body,
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "Download failed");
+    }
+  }
+  async remove(keys) {
+    try {
+      const results = await Promise.allSettled(
+        keys.map(
+          (key) => this.http.rawFetch(this.objectPath(key), { method: "DELETE" })
+        )
+      );
+      const removed = [];
+      const errors = [];
+      for (let i = 0; i < keys.length; i++) {
+        const key = keys[i];
+        const r = results[i];
+        if (r.status === "fulfilled" && r.value.ok) {
+          removed.push(key);
+        } else if (r.status === "fulfilled") {
+          errors.push(`${key}: HTTP ${r.value.status}`);
+        } else {
+          const msg = r.reason instanceof Error ? r.reason.message : String(r.reason);
+          errors.push(`${key}: ${msg}`);
+        }
+      }
+      if (errors.length > 0) {
+        return {
+          data: null,
+          error: new MitwayBaasError(
+            `Failed to delete some objects: ${errors.join("; ")}`,
+            0,
+            "STORAGE_ERROR"
+          )
+        };
+      }
+      return { data: { removed }, error: null };
+    } catch (err) {
+      return wrapError2(err, "Delete failed");
+    }
+  }
+  async list(opts = {}) {
+    try {
+      const params = {};
+      if (opts.prefix !== void 0) params.prefix = opts.prefix;
+      if (opts.limit !== void 0) params.limit = String(opts.limit);
+      if (opts.startAfter !== void 0) params.start_after = opts.startAfter;
+      const rows = await this.http.get(
+        `${this.bucketBase()}/objects`,
+        { params }
+      );
+      return {
+        data: rows.map((r) => objectFromWire(r, this.bucketName)),
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "List failed");
+    }
+  }
+  async copy(fromKey, toKey, toBucket) {
+    try {
+      const row = await this.http.post(
+        `${this.objectPath(fromKey)}/copy`,
+        {
+          dest_bucket: toBucket ?? this.bucketName,
+          dest_key: toKey
+        }
+      );
+      return {
+        data: objectFromWire(row, toBucket ?? this.bucketName),
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "Copy failed");
+    }
+  }
+  async move(fromKey, toKey, toBucket) {
+    try {
+      const row = await this.http.post(
+        `${this.objectPath(fromKey)}/move`,
+        {
+          dest_bucket: toBucket ?? this.bucketName,
+          dest_key: toKey
+        }
+      );
+      return {
+        data: objectFromWire(row, toBucket ?? this.bucketName),
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "Move failed");
+    }
+  }
+  async createSignedUrl(key, opts = {}) {
+    try {
+      const body = {};
+      if (opts.expiresIn !== void 0) body.expires_in = opts.expiresIn;
+      const wire = await this.http.post(`${this.objectPath(key)}/sign`, body);
+      return {
+        data: {
+          url: wire.url,
+          token: wire.token,
+          expiresAt: wire.expiresAt
+        },
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "Sign failed");
+    }
+  }
+  getPublicUrl(key) {
+    const url = `${this.http.baseUrl.replace(/\/$/, "")}${this.objectPath(key)}`;
+    return { data: { url } };
+  }
+};
+var Storage = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Scope subsequent operations to a single bucket. */
+  from(bucketName) {
+    return new StorageBucketClient(this.http, bucketName);
+  }
+  // --- Admin (require service_role) ---
+  async listBuckets() {
+    try {
+      const rows = await this.http.get("/api/storage/buckets");
+      return { data: rows.map(bucketFromWire), error: null };
+    } catch (err) {
+      return wrapError2(err, "listBuckets failed");
+    }
+  }
+  async getBucket(name) {
+    try {
+      const row = await this.http.get(
+        `/api/storage/buckets/${encodeURIComponent(name)}`
+      );
+      return { data: bucketFromWire(row), error: null };
+    } catch (err) {
+      return wrapError2(err, "getBucket failed");
+    }
+  }
+  async createBucket(name, opts = {}) {
+    try {
+      const body = { name };
+      if (opts.public !== void 0) body.public = opts.public;
+      if (opts.fileSizeLimitBytes !== void 0)
+        body.file_size_limit_bytes = opts.fileSizeLimitBytes;
+      if (opts.allowedMimeTypes !== void 0)
+        body.allowed_mime_types = opts.allowedMimeTypes;
+      const row = await this.http.post(
+        "/api/storage/buckets",
+        body
+      );
+      return { data: bucketFromWire(row), error: null };
+    } catch (err) {
+      return wrapError2(err, "createBucket failed");
+    }
+  }
+  async updateBucket(name, opts) {
+    try {
+      const body = {};
+      if (opts.public !== void 0) body.public = opts.public;
+      if (opts.fileSizeLimitBytes !== void 0)
+        body.file_size_limit_bytes = opts.fileSizeLimitBytes;
+      if (opts.allowedMimeTypes !== void 0)
+        body.allowed_mime_types = opts.allowedMimeTypes;
+      const row = await this.http.patch(
+        `/api/storage/buckets/${encodeURIComponent(name)}`,
+        body
+      );
+      return { data: bucketFromWire(row), error: null };
+    } catch (err) {
+      return wrapError2(err, "updateBucket failed");
+    }
+  }
+  async deleteBucket(name) {
+    try {
+      await this.http.delete(
+        `/api/storage/buckets/${encodeURIComponent(name)}`
+      );
+      return { data: null, error: null };
+    } catch (err) {
+      return wrapError2(err, "deleteBucket failed");
+    }
+  }
+  async emptyBucket(name) {
+    try {
+      const result = await this.http.post(
+        `/api/storage/buckets/${encodeURIComponent(name)}/empty`,
+        {}
+      );
+      return { data: result, error: null };
+    } catch (err) {
+      return wrapError2(err, "emptyBucket failed");
+    }
+  }
+  // --- Storage config (service_role) ---
+  async getConfig() {
+    try {
+      const row = await this.http.get("/api/storage/config");
+      return { data: configFromWire(row), error: null };
+    } catch (err) {
+      return wrapError2(err, "getConfig failed");
+    }
+  }
+};
+
 // src/client.ts
 var MitwayBaasClient = class {
   http;
@@ -1501,6 +1912,7 @@ var MitwayBaasClient = class {
   auth;
   database;
   realtime;
+  storage;
   constructor(config = {}) {
     const logger = new Logger(config.debug);
     this.tokenManager = new TokenManager();
@@ -1513,6 +1925,7 @@ var MitwayBaasClient = class {
       config.anonKey,
       config.realtime
     );
+    this.storage = new Storage(this.http);
   }
   /**
    * Escape hatch for callers that need to make custom requests against the
@@ -1538,6 +1951,8 @@ var index_default = MitwayBaasClient;
   MitwayBaasError,
   Realtime,
   RealtimeChannel,
+  Storage,
+  StorageBucketClient,
   TokenManager,
   createClient
 });