npm - @openrouter/sdk - Versions diffs - 0.0.0-beta.37 → 0.0.0-beta.39 - Mend

@openrouter/sdk 0.0.0-beta.37 → 0.0.0-beta.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (442) hide show

package/src/funcs/custom/oAuthCreateAuthorizationUrl.test.ts ADDED Viewed

@@ -0,0 +1,265 @@
+import { describe, it, expect } from "vitest";
+import { OpenRouterCore } from "../../core.js";
+import { oAuthCreateAuthorizationUrl } from "./oAuthCreateAuthorizationUrl.js";
+describe("oAuthCreateAuthorizationUrl", () => {
+  const createMockClient = (serverURL?: string) => {
+    return new OpenRouterCore({ serverURL });
+  };
+  it("should generate authorization URL with callback URL", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("callback_url")).toBe(
+        "https://example.com/callback",
+      );
+    }
+  });
+  it("should generate authorization URL with URL object as callback", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const callbackUrl = new URL("https://example.com/callback");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl,
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("callback_url")).toBe(
+        "https://example.com/callback",
+      );
+    }
+  });
+  it("should include code challenge with S256 method", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback",
+      codeChallenge: "test-code-challenge-abc123",
+      codeChallengeMethod: "S256",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("code_challenge")).toBe(
+        "test-code-challenge-abc123",
+      );
+      expect(url.searchParams.get("code_challenge_method")).toBe("S256");
+    }
+  });
+  it("should include code challenge with plain method", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback",
+      codeChallenge: "plain-code-challenge",
+      codeChallengeMethod: "plain",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("code_challenge")).toBe(
+        "plain-code-challenge",
+      );
+      expect(url.searchParams.get("code_challenge_method")).toBe("plain");
+    }
+  });
+  it("should include limit parameter when provided", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback",
+      limit: 100,
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("limit")).toBe("100");
+    }
+  });
+  it("should handle callback URL with query parameters", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback?state=abc123&redirect=true",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("callback_url")).toBe(
+        "https://example.com/callback?state=abc123&redirect=true",
+      );
+    }
+  });
+  it("should handle callback URL with special characters", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback?data=hello%20world",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("callback_url")).toBe(
+        "https://example.com/callback?data=hello%20world",
+      );
+    }
+  });
+  it("should return error for invalid callback URL string", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "not-a-valid-url" as any,
+    });
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBeDefined();
+    }
+  });
+  it("should handle callback URL with localhost", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "http://localhost:3000/callback",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("callback_url")).toBe(
+        "http://localhost:3000/callback",
+      );
+    }
+  });
+  it("should use default production server when no serverURL provided", () => {
+    const client = createMockClient();
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.origin).toBe("https://openrouter.ai");
+      expect(url.pathname).toBe("/auth");
+    }
+  });
+  it("should use custom server URL when provided", () => {
+    const client = createMockClient("https://custom.example.com/api");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.origin).toBe("https://custom.example.com");
+      expect(url.pathname).toBe("/auth");
+    }
+  });
+  it("should preserve all parameters with PKCE", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback?state=xyz",
+      codeChallenge: "challenge123",
+      codeChallengeMethod: "S256",
+      limit: 50,
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("callback_url")).toBe(
+        "https://example.com/callback?state=xyz",
+      );
+      expect(url.searchParams.get("code_challenge")).toBe("challenge123");
+      expect(url.searchParams.get("code_challenge_method")).toBe("S256");
+      expect(url.searchParams.get("limit")).toBe("50");
+    }
+  });
+  it("should handle callback URL with fragment", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback#section",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("callback_url")).toBe(
+        "https://example.com/callback#section",
+      );
+    }
+  });
+  it("should return error for invalid input types", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: 12345 as any,
+    });
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBeDefined();
+    }
+  });
+  it("should handle URL with port number in callback", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com:8443/callback",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("callback_url")).toBe(
+        "https://example.com:8443/callback",
+      );
+    }
+  });
+  it("should not omit limit parameter when value is 0", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback",
+      limit: 0,
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.get("limit")).toBe("0");
+    }
+  });
+  it("should omit limit parameter when not provided", () => {
+    const client = createMockClient("https://openrouter.ai/api/v1");
+    const result = oAuthCreateAuthorizationUrl(client, {
+      callbackUrl: "https://example.com/callback",
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      const url = new URL(result.value);
+      expect(url.searchParams.has("limit")).toBe(false);
+    }
+  });
+});

package/src/funcs/custom/oAuthCreateAuthorizationUrl.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import z from "zod/v3";
+import { OpenRouterCore } from "../../core.js";
+import { serverURLFromOptions } from "../../lib/config.js";
+import { Result } from "../../types/fp.js";
+const CreateAuthorizationUrlBaseSchema = z.object({
+  callbackUrl: z.union([z.string().url(), z.instanceof(URL)]),
+  limit: z.number().optional(),
+});
+const CreateAuthorizationurlParamsSchema = z.union([
+  CreateAuthorizationUrlBaseSchema.extend({
+    codeChallengeMethod: z.enum(["S256", "plain"]),
+    codeChallenge: z.string(),
+  }),
+  CreateAuthorizationUrlBaseSchema,
+]);
+export type CreateAuthorizationUrlRequest = z.infer<
+  typeof CreateAuthorizationurlParamsSchema
+>;
+/**
+ * Generate a OAuth2 authorization URL
+ *
+ * @remarks
+ * Generates a URL to redirect users to for authorizing your application. The
+ * URL includes the provided callback URL and, if applicable, the code
+ * challenge parameters for PKCE.
+ *
+ * @see {@link https://openrouter.ai/docs/use-cases/oauth-pkce}
+ */
+export function oAuthCreateAuthorizationUrl(
+  client: OpenRouterCore,
+  params: CreateAuthorizationUrlRequest,
+): Result<string> {
+  const parsedParams = CreateAuthorizationurlParamsSchema.safeParse(params);
+  if (!parsedParams.success) return { ok: false, error: parsedParams.error };
+  const baseURL = serverURLFromOptions(client._options);
+  if (!baseURL) {
+    return { ok: false, error: new Error("No server URL configured") };
+  }
+  // Clone the URL to avoid mutating the original
+  const authURL = new URL("/auth", baseURL);
+  authURL.searchParams.set(
+    "callback_url",
+    parsedParams.data.callbackUrl.toString(),
+  );
+  if ("codeChallengeMethod" in parsedParams.data) {
+    authURL.searchParams.set("code_challenge", parsedParams.data.codeChallenge);
+    authURL.searchParams.set(
+      "code_challenge_method",
+      parsedParams.data.codeChallengeMethod,
+    );
+  }
+  if (parsedParams.data.limit !== undefined) {
+    authURL.searchParams.set("limit", parsedParams.data.limit.toString());
+  }
+  return { ok: true, value: authURL.toString() };
+}

package/src/funcs/custom/oAuthCreateSHA256CodeChallenge.test.ts ADDED Viewed

@@ -0,0 +1,189 @@
+import { describe, it, expect } from "vitest";
+import { oAuthCreateSHA256CodeChallenge } from "./oAuthCreateSHA256CodeChallenge.js";
+describe("oAuthCreateSHA256CodeChallenge", () => {
+  it("should generate code challenge from provided code verifier", async () => {
+    // Use RFC 7636 compliant verifier (43 chars minimum)
+    const codeVerifier = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
+    const result = await oAuthCreateSHA256CodeChallenge({ codeVerifier });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.value.codeVerifier).toBe(codeVerifier);
+      expect(result.value.codeChallenge).toBeTruthy();
+      expect(typeof result.value.codeChallenge).toBe("string");
+      // Code challenge should be base64url encoded (no +, /, or = characters)
+      expect(result.value.codeChallenge).not.toMatch(/[+/=]/);
+    }
+  });
+  it("should generate consistent code challenge for same verifier", async () => {
+    // RFC compliant verifier (43+ chars)
+    const codeVerifier = "a".repeat(43);
+    const result1 = await oAuthCreateSHA256CodeChallenge({ codeVerifier });
+    const result2 = await oAuthCreateSHA256CodeChallenge({ codeVerifier });
+    expect(result1.ok).toBe(true);
+    expect(result2.ok).toBe(true);
+    if (result1.ok && result2.ok) {
+      expect(result1.value.codeChallenge).toBe(result2.value.codeChallenge);
+    }
+  });
+  it("should generate RFC 7636 compliant random code verifier when not provided", async () => {
+    const result = await oAuthCreateSHA256CodeChallenge();
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.value.codeVerifier).toBeTruthy();
+      expect(result.value.codeChallenge).toBeTruthy();
+      expect(typeof result.value.codeVerifier).toBe("string");
+      // RFC 7636: verifier should be exactly 43 characters (32 bytes base64url encoded)
+      expect(result.value.codeVerifier.length).toBe(43);
+      // Should only contain base64url characters
+      expect(result.value.codeVerifier).toMatch(/^[A-Za-z0-9_-]+$/);
+    }
+  });
+  it("should generate different code verifiers on successive calls", async () => {
+    const result1 = await oAuthCreateSHA256CodeChallenge();
+    const result2 = await oAuthCreateSHA256CodeChallenge();
+    expect(result1.ok).toBe(true);
+    expect(result2.ok).toBe(true);
+    if (result1.ok && result2.ok) {
+      expect(result1.value.codeVerifier).not.toBe(result2.value.codeVerifier);
+      expect(result1.value.codeChallenge).not.toBe(result2.value.codeChallenge);
+    }
+  });
+  it("should generate base64url encoded challenge (RFC 7636)", async () => {
+    const codeVerifier = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
+    const result = await oAuthCreateSHA256CodeChallenge({ codeVerifier });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      // Should be base64url encoded (no standard base64 chars)
+      expect(result.value.codeChallenge).not.toMatch(/\+/);
+      expect(result.value.codeChallenge).not.toMatch(/\//);
+      expect(result.value.codeChallenge).not.toMatch(/=/);
+      // Should only contain base64url characters
+      expect(result.value.codeChallenge).toMatch(/^[A-Za-z0-9_-]+$/);
+    }
+  });
+  it("should handle invalid input type", async () => {
+    const result = await oAuthCreateSHA256CodeChallenge({
+      codeVerifier: 123 as any,
+    });
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBeDefined();
+    }
+  });
+  it("should produce SHA-256 hash of correct length", async () => {
+    const codeVerifier = "a".repeat(43); // RFC compliant length
+    const result = await oAuthCreateSHA256CodeChallenge({ codeVerifier });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      // SHA-256 produces 256 bits = 32 bytes
+      // Base64url encoding of 32 bytes should be 43 characters (no padding)
+      expect(result.value.codeChallenge.length).toBe(43);
+    }
+  });
+  it("should reject empty string code verifier (RFC 7636 violation)", async () => {
+    const result = await oAuthCreateSHA256CodeChallenge({ codeVerifier: "" });
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBeDefined();
+      expect((result.error as Error).message).toContain("at least 43 characters");
+    }
+  });
+  it("should reject code verifier shorter than 43 characters", async () => {
+    const result = await oAuthCreateSHA256CodeChallenge({
+      codeVerifier: "too-short",
+    });
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBeDefined();
+      expect((result.error as Error).message).toContain("at least 43 characters");
+    }
+  });
+  it("should reject code verifier longer than 128 characters (RFC 7636)", async () => {
+    const longVerifier = "a".repeat(129);
+    const result = await oAuthCreateSHA256CodeChallenge({
+      codeVerifier: longVerifier,
+    });
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBeDefined();
+      expect((result.error as Error).message).toContain("at most 128 characters");
+    }
+  });
+  it("should accept code verifier at maximum length (128 characters)", async () => {
+    const maxVerifier = "a".repeat(128);
+    const result = await oAuthCreateSHA256CodeChallenge({
+      codeVerifier: maxVerifier,
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.value.codeVerifier).toBe(maxVerifier);
+      expect(result.value.codeChallenge).toBeTruthy();
+      // SHA-256 always produces same length output regardless of input length
+      expect(result.value.codeChallenge.length).toBe(43);
+    }
+  });
+  it("should accept RFC 7636 unreserved characters in code verifier", async () => {
+    // RFC 7636 allows: [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
+    const validVerifier = "aZ09-._~" + "a".repeat(35); // 43 chars total
+    const result = await oAuthCreateSHA256CodeChallenge({
+      codeVerifier: validVerifier,
+    });
+    expect(result.ok).toBe(true);
+    if (result.ok) {
+      expect(result.value.codeVerifier).toBe(validVerifier);
+      expect(result.value.codeChallenge).toBeTruthy();
+      expect(result.value.codeChallenge.length).toBe(43);
+    }
+  });
+  it("should reject code verifier with invalid characters", async () => {
+    // Contains invalid characters like ! @ # $ etc.
+    const invalidVerifier = "test!@#$%^&*()+=[]{}|;:',.<>?/`" + "a".repeat(13);
+    const result = await oAuthCreateSHA256CodeChallenge({
+      codeVerifier: invalidVerifier,
+    });
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBeDefined();
+      expect((result.error as Error).message).toContain("unreserved characters");
+    }
+  });
+  it("should reject code verifier with spaces", async () => {
+    const verifierWithSpaces = "test verifier with spaces" + "a".repeat(18);
+    const result = await oAuthCreateSHA256CodeChallenge({
+      codeVerifier: verifierWithSpaces,
+    });
+    expect(result.ok).toBe(false);
+    if (!result.ok) {
+      expect(result.error).toBeDefined();
+      expect((result.error as Error).message).toContain("unreserved characters");
+    }
+  });
+});

package/src/funcs/custom/oAuthCreateSHA256CodeChallenge.ts ADDED Viewed

@@ -0,0 +1,90 @@
+import z from "zod/v3";
+import { Result } from "../../types/fp.js";
+const CreateSHA256CodeChallengeRequestSchema = z.object({
+  /**
+   * If not provided, a random code verifier will be generated.
+   * If provided, must be 43-128 characters and contain only unreserved
+   * characters [A-Za-z0-9-._~] per RFC 7636.
+   */
+  codeVerifier: z
+    .string()
+    .min(43, "Code verifier must be at least 43 characters")
+    .max(128, "Code verifier must be at most 128 characters")
+    .regex(
+      /^[A-Za-z0-9\-._~]+$/,
+      "Code verifier must only contain unreserved characters: [A-Za-z0-9-._~]",
+    )
+    .optional(),
+});
+export type CreateSHA256CodeChallengeRequest = z.infer<
+  typeof CreateSHA256CodeChallengeRequestSchema
+>;
+export type CreateSHA256CodeChallengeResponse = {
+  codeChallenge: string;
+  codeVerifier: string;
+};
+/**
+ * Convert a Uint8Array to base64url encoding (RFC 4648)
+ */
+function arrayBufferToBase64Url(buffer: Uint8Array): string {
+  let binary = "";
+  for (let i = 0; i < buffer.length; i++) {
+    binary += String.fromCharCode(buffer[i]!);
+  }
+  return btoa(binary)
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=+$/, "");
+}
+/**
+ * Generate a cryptographically random code verifier per RFC 7636
+ */
+function generateCodeVerifier(): string {
+  // RFC 7636 recommends 32 octets of random data, base64url encoded = 43 chars
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  return arrayBufferToBase64Url(randomBytes);
+}
+/**
+ * Generate a SHA-256 code challenge for PKCE
+ *
+ * @remarks
+ * Generates a SHA-256 code challenge and corresponding code verifier for use
+ * in the PKCE extension to OAuth2. If no code verifier is provided, a random
+ * one will be generated according to RFC 7636 (32 random bytes, base64url
+ * encoded). If a code verifier is provided, it must be 43-128 characters and
+ * contain only unreserved characters [A-Za-z0-9-._~].
+ *
+ * @see {@link https://openrouter.ai/docs/use-cases/oauth-pkce}
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7636}
+ */
+export async function oAuthCreateSHA256CodeChallenge(
+  params: CreateSHA256CodeChallengeRequest = {},
+): Promise<Result<CreateSHA256CodeChallengeResponse>> {
+  const parsedParams = CreateSHA256CodeChallengeRequestSchema.safeParse(params);
+  if (!parsedParams.success) return { ok: false, error: parsedParams.error };
+  const { codeVerifier = generateCodeVerifier() } = parsedParams.data;
+  // Generate SHA-256 hash
+  const encoder = new TextEncoder();
+  const data = encoder.encode(codeVerifier);
+  const hash = await crypto.subtle.digest("SHA-256", data);
+  // Convert hash to base64url
+  const hashArray = new Uint8Array(hash);
+  const codeChallenge = arrayBufferToBase64Url(hashArray);
+  return {
+    ok: true,
+    value: {
+      codeChallenge,
+      codeVerifier,
+    },
+  };
+}

package/src/funcs/modelsList.ts CHANGED Viewed

@@ -96,7 +96,7 @@ async function $do(
   });
   const headers = new Headers(compactMap({
-    Accept: "application/json;q=1",
+    Accept: "application/json;q=1, application/rss+xml;q=0",
   }));
   const secConfig = await extractSecurity(client._options.apiKey);

package/src/lib/config.ts CHANGED Viewed

@@ -59,8 +59,8 @@ export function serverURLFromOptions(options: SDKOptions): URL | null {
 export const SDK_METADATA = {
   language: "typescript",
   openapiDocVersion: "1.0.0",
-  sdkVersion: "0.0.0-beta.37",
-  genVersion: "2.723.2",
+  sdkVersion: "0.0.0-beta.39",
+  genVersion: "2.723.11",
   userAgent:
-    "speakeasy-sdk/typescript 0.0.0-beta.37 2.723.2 1.0.0 @openrouter/sdk",
+    "speakeasy-sdk/typescript 0.0.0-beta.39 2.723.11 1.0.0 @openrouter/sdk",
 } as const;