npm - @mitway/sdk - Versions diffs - 0.3.0 → 0.5.0 - Mend

@mitway/sdk 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -73,6 +73,22 @@ const { data: newPost } = await client.database
 const { data: stats } = await client.database
   .rpc('get_user_stats', { user_id: session.user.id });
+// Upload a file
+const { data: uploaded, error: upErr } = await client.storage
+  .from('avatars')
+  .upload('user-123/avatar.png', file, { contentType: 'image/png' });
+// Share a link that expires in an hour
+const { data: signed } = await client.storage
+  .from('private-docs')
+  .createSignedUrl('contract.pdf', { expiresIn: 3600 });
+console.log(signed?.url);
+// Public download URL (for public buckets)
+const { data: pub } = client.storage
+  .from('avatars')
+  .getPublicUrl('user-123/avatar.png');
 // Sign out
 await client.auth.signOut();
 ```

package/dist/index.cjs CHANGED Viewed

@@ -28,6 +28,8 @@ __export(index_exports, {
   MitwayBaasError: () => MitwayBaasError,
   Realtime: () => Realtime,
   RealtimeChannel: () => RealtimeChannel,
+  Storage: () => Storage,
+  StorageBucketClient: () => StorageBucketClient,
   TokenManager: () => TokenManager,
   createClient: () => createClient,
   default: () => index_default
@@ -197,6 +199,7 @@ var Logger = class {
 // src/lib/token-manager.ts
 var CSRF_TOKEN_COOKIE = "mitway_baas_csrf_token";
+var DEFAULT_STORAGE_KEY = "mitway_baas_session";
 function getCsrfToken() {
   if (typeof document === "undefined") return null;
   const match = document.cookie.split(";").find((c) => c.trim().startsWith(`${CSRF_TOKEN_COOKIE}=`));
@@ -216,13 +219,24 @@ function clearCsrfToken() {
 }
 var TokenManager = class {
   accessToken = null;
+  refreshToken = null;
   user = null;
+  persistSession;
+  storageKey;
   /** Fired when the access token changes (used by long-lived consumers). */
   onTokenChange = null;
+  constructor(opts) {
+    this.persistSession = opts?.persistSession ?? true;
+    this.storageKey = opts?.storageKey ?? DEFAULT_STORAGE_KEY;
+  }
   saveSession(session) {
     const tokenChanged = session.accessToken !== this.accessToken;
     this.accessToken = session.accessToken;
     this.user = session.user;
+    if (session.refreshToken !== void 0) {
+      this.refreshToken = session.refreshToken ?? null;
+    }
+    this.persist();
     if (tokenChanged && this.onTokenChange) {
       this.onTokenChange();
     }
@@ -231,6 +245,7 @@ var TokenManager = class {
     if (!this.accessToken || !this.user) return null;
     return {
       accessToken: this.accessToken,
+      refreshToken: this.refreshToken ?? void 0,
       user: this.user
     };
   }
@@ -240,24 +255,76 @@ var TokenManager = class {
   setAccessToken(token) {
     const tokenChanged = token !== this.accessToken;
     this.accessToken = token;
+    this.persist();
     if (tokenChanged && this.onTokenChange) {
       this.onTokenChange();
     }
   }
+  getRefreshToken() {
+    return this.refreshToken;
+  }
+  setRefreshToken(token) {
+    this.refreshToken = token;
+    this.persist();
+  }
   getUser() {
     return this.user;
   }
   setUser(user) {
     this.user = user;
+    this.persist();
   }
   clearSession() {
     const hadToken = this.accessToken !== null;
     this.accessToken = null;
+    this.refreshToken = null;
     this.user = null;
+    this.removePersisted();
     if (hadToken && this.onTokenChange) {
       this.onTokenChange();
     }
   }
+  /**
+   * Restore the session from localStorage. Returns true if a persisted
+   * session was found and loaded into memory.
+   */
+  restoreSession() {
+    if (!this.persistSession || typeof localStorage === "undefined") return false;
+    try {
+      const raw = localStorage.getItem(this.storageKey);
+      if (!raw) return false;
+      const stored = JSON.parse(raw);
+      if (!stored.accessToken || !stored.user) return false;
+      this.accessToken = stored.accessToken;
+      this.refreshToken = stored.refreshToken ?? null;
+      this.user = stored.user;
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  persist() {
+    if (!this.persistSession || typeof localStorage === "undefined") return;
+    if (!this.accessToken || !this.user) return;
+    try {
+      const data = {
+        accessToken: this.accessToken,
+        user: this.user
+      };
+      if (this.refreshToken) {
+        data.refreshToken = this.refreshToken;
+      }
+      localStorage.setItem(this.storageKey, JSON.stringify(data));
+    } catch {
+    }
+  }
+  removePersisted() {
+    if (!this.persistSession || typeof localStorage === "undefined") return;
+    try {
+      localStorage.removeItem(this.storageKey);
+    } catch {
+    }
+  }
 };
 // src/lib/auth-envelope.ts
@@ -564,6 +631,29 @@ var HttpClient = class {
       throw error;
     }
   }
+  /**
+   * Low-level fetch helper for binary bodies (uploads) and streamed responses
+   * (downloads). Applies the current Bearer token (user session → anon key
+   * fallback) plus any configured default headers, resolves `path` against
+   * `baseUrl`, and returns the raw `Response` — it does NOT unwrap the
+   * `{ data, error }` envelope, so the caller is responsible for status
+   * checking and parsing.
+   *
+   * Used by the storage module for object upload/download paths where the
+   * body or response is not JSON.
+   */
+  async rawFetch(path, init = {}) {
+    const url = this.buildUrl(path);
+    const headers = new Headers(init.headers ?? {});
+    for (const [k, v] of Object.entries(this.defaultHeaders)) {
+      if (!headers.has(k)) headers.set(k, v);
+    }
+    if (!headers.has("Authorization")) {
+      const token = this.userToken ?? this.anonKey;
+      if (token) headers.set("Authorization", `Bearer ${token}`);
+    }
+    return this.fetch(url, { ...init, headers });
+  }
   get(path, options) {
     return this.request("GET", path, options);
   }
@@ -654,6 +744,7 @@ var Auth = class {
   saveSessionFromResponse(response) {
     const session = {
       accessToken: response.accessToken,
+      refreshToken: response.refreshToken,
       user: response.user
     };
     if (response.csrfToken) {
@@ -747,6 +838,70 @@ var Auth = class {
       return wrapError(error, "Session refresh failed");
     }
   }
+  /**
+   * Restore the session from localStorage and validate it with the backend.
+   * Call this once on app startup (e.g. in a React AuthProvider useEffect).
+   *
+   * Flow:
+   *   1. Read persisted session from localStorage.
+   *   2. Populate in-memory state (TokenManager + HttpClient).
+   *   3. Validate with `GET /api/auth/sessions/current`.
+   *      - If the access token expired, the HttpClient auto-refresh kicks in
+   *        using the persisted refresh token (sent in the POST body, not
+   *        cookies — works cross-site).
+   *   4. Return the validated user or an error.
+   *
+   * If no persisted session exists, returns `{ data: null, error }` — the
+   * app should show the login page.
+   */
+  async initialize() {
+    const restored = this.tokenManager.restoreSession();
+    if (!restored) {
+      return {
+        data: null,
+        error: new MitwayBaasError("No persisted session", 0, "NO_SESSION")
+      };
+    }
+    const session = this.tokenManager.getSession();
+    if (!session) {
+      return {
+        data: null,
+        error: new MitwayBaasError("No persisted session", 0, "NO_SESSION")
+      };
+    }
+    this.http.setAuthToken(session.accessToken);
+    const refreshToken = this.tokenManager.getRefreshToken();
+    if (refreshToken) {
+      this.http.setRefreshToken(refreshToken);
+    }
+    try {
+      const response = await this.http.get(
+        "/api/auth/sessions/current"
+      );
+      if (response?.user) {
+        this.tokenManager.setUser(response.user);
+        return {
+          data: {
+            user: response.user,
+            accessToken: session.accessToken
+          },
+          error: null
+        };
+      }
+      this.tokenManager.clearSession();
+      this.http.setAuthToken(null);
+      this.http.setRefreshToken(null);
+      return {
+        data: null,
+        error: new MitwayBaasError("Invalid session", 401, "INVALID_SESSION")
+      };
+    } catch (error) {
+      this.tokenManager.clearSession();
+      this.http.setAuthToken(null);
+      this.http.setRefreshToken(null);
+      return wrapError(error, "Session restore failed");
+    }
+  }
   /**
    * Get the current in-memory session, or null if the user is not signed in.
    * Synchronous — does not hit the network.
@@ -1513,6 +1668,373 @@ var Realtime = class {
   }
 };
+// src/modules/storage.ts
+function bucketFromWire(row) {
+  return {
+    id: row.id,
+    name: row.name,
+    public: row.public,
+    fileSizeLimitBytes: row.file_size_limit_bytes,
+    allowedMimeTypes: row.allowed_mime_types,
+    createdAt: row.created_at,
+    updatedAt: row.updated_at
+  };
+}
+function objectFromWire(row, bucketName) {
+  return {
+    id: row.id,
+    bucket: bucketName,
+    key: row.key,
+    size: row.size,
+    mimeType: row.mime_type,
+    etag: row.etag,
+    cacheControl: row.cache_control,
+    contentDisposition: row.content_disposition,
+    uploadedBy: row.uploaded_by,
+    uploadedAt: row.uploaded_at,
+    updatedAt: row.updated_at
+  };
+}
+function configFromWire(row) {
+  return {
+    defaultFileSizeLimitBytes: row.default_file_size_limit_bytes,
+    maxFileSizeLimitBytes: row.max_file_size_limit_bytes,
+    tenantStorageQuotaBytes: row.tenant_storage_quota_bytes,
+    reservedSpaceBytes: row.reserved_space_bytes,
+    signedUrlDefaultTtlSec: row.signed_url_default_ttl_sec,
+    signedUrlMaxTtlSec: row.signed_url_max_ttl_sec
+  };
+}
+function encodeKey(key) {
+  return key.split("/").map(encodeURIComponent).join("/");
+}
+function wrapError2(err, fallback) {
+  if (err instanceof MitwayBaasError) return { data: null, error: err };
+  return {
+    data: null,
+    error: new MitwayBaasError(
+      err instanceof Error ? err.message : fallback,
+      0,
+      "STORAGE_ERROR"
+    )
+  };
+}
+async function readEnvelopeError(response) {
+  let code = "STORAGE_ERROR";
+  let message = `HTTP ${response.status}`;
+  try {
+    const body = await response.json();
+    if (body && body.error) {
+      code = body.error.code ?? code;
+      message = body.error.message ?? message;
+    }
+  } catch {
+  }
+  return new MitwayBaasError(message, response.status, code);
+}
+var StorageBucketClient = class {
+  constructor(http, bucketName) {
+    this.http = http;
+    this.bucketName = bucketName;
+  }
+  http;
+  bucketName;
+  bucketBase() {
+    return `/api/storage/buckets/${encodeURIComponent(this.bucketName)}`;
+  }
+  objectPath(key) {
+    return `${this.bucketBase()}/objects/${encodeKey(key)}`;
+  }
+  async upload(key, body, opts = {}) {
+    try {
+      const method = opts.upsert ? "PUT" : "POST";
+      const headers = {
+        "Content-Type": opts.contentType ?? "application/octet-stream"
+      };
+      if (opts.cacheControl) headers["Cache-Control"] = opts.cacheControl;
+      if (opts.contentDisposition)
+        headers["Content-Disposition"] = opts.contentDisposition;
+      const response = await this.http.rawFetch(this.objectPath(key), {
+        method,
+        headers,
+        body,
+        signal: opts.abortSignal
+      });
+      if (!response.ok) {
+        return { data: null, error: await readEnvelopeError(response) };
+      }
+      const parsed = await response.json();
+      if (parsed.error || !parsed.data) {
+        return {
+          data: null,
+          error: new MitwayBaasError(
+            parsed.error?.message ?? "Upload failed",
+            response.status,
+            parsed.error?.code ?? "STORAGE_ERROR"
+          )
+        };
+      }
+      return { data: objectFromWire(parsed.data, this.bucketName), error: null };
+    } catch (err) {
+      return wrapError2(err, "Upload failed");
+    }
+  }
+  async download(key, opts = {}) {
+    try {
+      const headers = {};
+      if (opts.range) {
+        headers["Range"] = `bytes=${opts.range.start}-${opts.range.end}`;
+      }
+      const response = await this.http.rawFetch(this.objectPath(key), {
+        method: "GET",
+        headers,
+        signal: opts.abortSignal
+      });
+      if (!response.ok) {
+        return { data: null, error: await readEnvelopeError(response) };
+      }
+      const blob = await response.blob();
+      return { data: blob, error: null };
+    } catch (err) {
+      return wrapError2(err, "Download failed");
+    }
+  }
+  async getStream(key, opts = {}) {
+    try {
+      const headers = {};
+      if (opts.range) {
+        headers["Range"] = `bytes=${opts.range.start}-${opts.range.end}`;
+      }
+      const response = await this.http.rawFetch(this.objectPath(key), {
+        method: "GET",
+        headers,
+        signal: opts.abortSignal
+      });
+      if (!response.ok) {
+        return { data: null, error: await readEnvelopeError(response) };
+      }
+      if (!response.body) {
+        return {
+          data: null,
+          error: new MitwayBaasError(
+            "Response body is not a stream",
+            response.status,
+            "STORAGE_ERROR"
+          )
+        };
+      }
+      return {
+        data: response.body,
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "Download failed");
+    }
+  }
+  async remove(keys) {
+    try {
+      const results = await Promise.allSettled(
+        keys.map(
+          (key) => this.http.rawFetch(this.objectPath(key), { method: "DELETE" })
+        )
+      );
+      const removed = [];
+      const errors = [];
+      for (let i = 0; i < keys.length; i++) {
+        const key = keys[i];
+        const r = results[i];
+        if (r.status === "fulfilled" && r.value.ok) {
+          removed.push(key);
+        } else if (r.status === "fulfilled") {
+          errors.push(`${key}: HTTP ${r.value.status}`);
+        } else {
+          const msg = r.reason instanceof Error ? r.reason.message : String(r.reason);
+          errors.push(`${key}: ${msg}`);
+        }
+      }
+      if (errors.length > 0) {
+        return {
+          data: null,
+          error: new MitwayBaasError(
+            `Failed to delete some objects: ${errors.join("; ")}`,
+            0,
+            "STORAGE_ERROR"
+          )
+        };
+      }
+      return { data: { removed }, error: null };
+    } catch (err) {
+      return wrapError2(err, "Delete failed");
+    }
+  }
+  async list(opts = {}) {
+    try {
+      const params = {};
+      if (opts.prefix !== void 0) params.prefix = opts.prefix;
+      if (opts.limit !== void 0) params.limit = String(opts.limit);
+      if (opts.startAfter !== void 0) params.start_after = opts.startAfter;
+      const rows = await this.http.get(
+        `${this.bucketBase()}/objects`,
+        { params }
+      );
+      return {
+        data: rows.map((r) => objectFromWire(r, this.bucketName)),
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "List failed");
+    }
+  }
+  async copy(fromKey, toKey, toBucket) {
+    try {
+      const row = await this.http.post(
+        `${this.objectPath(fromKey)}/copy`,
+        {
+          dest_bucket: toBucket ?? this.bucketName,
+          dest_key: toKey
+        }
+      );
+      return {
+        data: objectFromWire(row, toBucket ?? this.bucketName),
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "Copy failed");
+    }
+  }
+  async move(fromKey, toKey, toBucket) {
+    try {
+      const row = await this.http.post(
+        `${this.objectPath(fromKey)}/move`,
+        {
+          dest_bucket: toBucket ?? this.bucketName,
+          dest_key: toKey
+        }
+      );
+      return {
+        data: objectFromWire(row, toBucket ?? this.bucketName),
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "Move failed");
+    }
+  }
+  async createSignedUrl(key, opts = {}) {
+    try {
+      const body = {};
+      if (opts.expiresIn !== void 0) body.expires_in = opts.expiresIn;
+      const wire = await this.http.post(`${this.objectPath(key)}/sign`, body);
+      return {
+        data: {
+          url: wire.url,
+          token: wire.token,
+          expiresAt: wire.expiresAt
+        },
+        error: null
+      };
+    } catch (err) {
+      return wrapError2(err, "Sign failed");
+    }
+  }
+  getPublicUrl(key) {
+    const url = `${this.http.baseUrl.replace(/\/$/, "")}${this.objectPath(key)}`;
+    return { data: { url } };
+  }
+};
+var Storage = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Scope subsequent operations to a single bucket. */
+  from(bucketName) {
+    return new StorageBucketClient(this.http, bucketName);
+  }
+  // --- Admin (require service_role) ---
+  async listBuckets() {
+    try {
+      const rows = await this.http.get("/api/storage/buckets");
+      return { data: rows.map(bucketFromWire), error: null };
+    } catch (err) {
+      return wrapError2(err, "listBuckets failed");
+    }
+  }
+  async getBucket(name) {
+    try {
+      const row = await this.http.get(
+        `/api/storage/buckets/${encodeURIComponent(name)}`
+      );
+      return { data: bucketFromWire(row), error: null };
+    } catch (err) {
+      return wrapError2(err, "getBucket failed");
+    }
+  }
+  async createBucket(name, opts = {}) {
+    try {
+      const body = { name };
+      if (opts.public !== void 0) body.public = opts.public;
+      if (opts.fileSizeLimitBytes !== void 0)
+        body.file_size_limit_bytes = opts.fileSizeLimitBytes;
+      if (opts.allowedMimeTypes !== void 0)
+        body.allowed_mime_types = opts.allowedMimeTypes;
+      const row = await this.http.post(
+        "/api/storage/buckets",
+        body
+      );
+      return { data: bucketFromWire(row), error: null };
+    } catch (err) {
+      return wrapError2(err, "createBucket failed");
+    }
+  }
+  async updateBucket(name, opts) {
+    try {
+      const body = {};
+      if (opts.public !== void 0) body.public = opts.public;
+      if (opts.fileSizeLimitBytes !== void 0)
+        body.file_size_limit_bytes = opts.fileSizeLimitBytes;
+      if (opts.allowedMimeTypes !== void 0)
+        body.allowed_mime_types = opts.allowedMimeTypes;
+      const row = await this.http.patch(
+        `/api/storage/buckets/${encodeURIComponent(name)}`,
+        body
+      );
+      return { data: bucketFromWire(row), error: null };
+    } catch (err) {
+      return wrapError2(err, "updateBucket failed");
+    }
+  }
+  async deleteBucket(name) {
+    try {
+      await this.http.delete(
+        `/api/storage/buckets/${encodeURIComponent(name)}`
+      );
+      return { data: null, error: null };
+    } catch (err) {
+      return wrapError2(err, "deleteBucket failed");
+    }
+  }
+  async emptyBucket(name) {
+    try {
+      const result = await this.http.post(
+        `/api/storage/buckets/${encodeURIComponent(name)}/empty`,
+        {}
+      );
+      return { data: result, error: null };
+    } catch (err) {
+      return wrapError2(err, "emptyBucket failed");
+    }
+  }
+  // --- Storage config (service_role) ---
+  async getConfig() {
+    try {
+      const row = await this.http.get("/api/storage/config");
+      return { data: configFromWire(row), error: null };
+    } catch (err) {
+      return wrapError2(err, "getConfig failed");
+    }
+  }
+};
 // src/client.ts
 var MitwayBaasClient = class {
   http;
@@ -1520,9 +2042,13 @@ var MitwayBaasClient = class {
   auth;
   database;
   realtime;
+  storage;
   constructor(config = {}) {
     const logger = new Logger(config.debug);
-    this.tokenManager = new TokenManager();
+    this.tokenManager = new TokenManager({
+      persistSession: config.persistSession,
+      storageKey: config.storageKey
+    });
     this.http = new HttpClient(config, this.tokenManager, logger);
     this.auth = new Auth(this.http, this.tokenManager);
     this.database = new Database(this.http, this.tokenManager, config.anonKey);
@@ -1532,6 +2058,7 @@ var MitwayBaasClient = class {
       config.anonKey,
       config.realtime
     );
+    this.storage = new Storage(this.http);
   }
   /**
    * Escape hatch for callers that need to make custom requests against the
@@ -1557,6 +2084,8 @@ var index_default = MitwayBaasClient;
   MitwayBaasError,
   Realtime,
   RealtimeChannel,
+  Storage,
+  StorageBucketClient,
   TokenManager,
   createClient
 });