npm - @oway/sdk - Versions diffs - 0.1.2 → 0.2.0 - Mend

@oway/sdk 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.js CHANGED Viewed

@@ -29,278 +29,230 @@ module.exports = __toCommonJS(index_exports);
 // src/client.ts
 var OwayError = class extends Error {
-  constructor(message, code, statusCode, requestId) {
-    super(message);
-    this.code = code;
-    this.statusCode = statusCode;
-    this.requestId = requestId;
+  constructor(opts) {
+    super(opts.message);
     this.name = "OwayError";
+    this.statusCode = opts.statusCode;
+    this.code = opts.code;
+    this.requestId = opts.requestId;
+    this.violations = opts.violations ?? [];
+    this.rawBody = opts.rawBody;
   }
-  /**
-   * Determines if this error represents a transient failure that should be retried
-   */
+  /** True for well-known transient HTTP status codes (408/429/500/502/503/504). */
   isRetryable() {
     if (!this.statusCode) return false;
-    if (this.statusCode === 429) return true;
-    if (this.statusCode === 503) return true;
-    if (this.statusCode === 500) return true;
-    if (this.statusCode === 501) return false;
-    if (this.statusCode === 502) return true;
-    if (this.statusCode === 504) return true;
-    if (this.statusCode >= 500) return true;
-    return false;
+    return [408, 429, 500, 502, 503, 504].includes(this.statusCode);
+  }
+  /** 4xx response. */
+  isClientError() {
+    return !!this.statusCode && this.statusCode >= 400 && this.statusCode < 500;
+  }
+  /** 5xx response. */
+  isServerError() {
+    return !!this.statusCode && this.statusCode >= 500 && this.statusCode < 600;
   }
 };
+function parseHttpError(status, requestId, rawBody) {
+  let problem;
+  try {
+    problem = rawBody ? JSON.parse(rawBody) : void 0;
+  } catch {
+  }
+  const message = problem?.detail || problem?.title || `Request failed with status ${status}`;
+  return new OwayError({
+    message,
+    statusCode: status,
+    code: problem?.reason,
+    requestId,
+    violations: problem?.violations,
+    rawBody
+  });
+}
+function randomRequestId() {
+  if (typeof globalThis !== "undefined" && globalThis.crypto?.randomUUID) {
+    return globalThis.crypto.randomUUID();
+  }
+  const buf = new Uint8Array(16);
+  for (let i = 0; i < 16; i++) buf[i] = Math.floor(Math.random() * 256);
+  return Array.from(buf, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+function backoffDelayMs(attempt) {
+  const base = Math.min(Math.pow(2, attempt) * 1e3, 3e4);
+  return Math.floor(Math.random() * (base + 1));
+}
 var HttpClient = class {
   constructor(config) {
     this.accessToken = null;
     this.tokenExpiry = 0;
     this.tokenRefreshPromise = null;
     if (!config.clientId || !config.clientSecret) {
-      throw new OwayError("clientId and clientSecret are required. Contact Oway Sales Engineering to obtain M2M credentials.");
+      throw new OwayError({
+        message: "clientId and clientSecret are required",
+        code: "CONFIG_MISSING_CREDENTIALS"
+      });
     }
+    const baseUrl = config.baseUrl || (typeof process !== "undefined" ? process.env?.OWAY_BASE_URL : void 0) || "https://api.sandbox.oway.io";
     this.config = {
-      baseUrl: config.baseUrl || process.env.OWAY_BASE_URL || "https://api.sandbox.oway.io",
-      tokenUrl: config.tokenUrl || (config.baseUrl || process.env.OWAY_BASE_URL || "https://api.sandbox.oway.io") + "/v1/auth/token",
+      baseUrl,
+      tokenUrl: config.tokenUrl || `${baseUrl}/v1/auth/token`,
       maxRetries: config.maxRetries ?? 3,
       timeout: config.timeout ?? 3e4,
       debug: config.debug ?? false,
       clientId: config.clientId,
       clientSecret: config.clientSecret,
       apiKey: config.apiKey,
-      // Optional default company API key
       logger: config.logger
     };
-    this.log("debug", "Oway SDK initialized", {
+    this.log("debug", "sdk initialized", {
       baseUrl: this.config.baseUrl,
-      authMode: "M2M",
       hasDefaultApiKey: !!this.config.apiKey
     });
   }
-  /**
-   * Internal logging with sanitization
-   */
   log(level, message, meta) {
+    if (!this.config.logger) return;
     if (!this.config.debug && level === "debug") return;
-    const sanitized = meta ? this.sanitizeForLogging(meta) : void 0;
-    if (this.config.logger) {
-      this.config.logger[level](message, sanitized);
-    } else if (this.config.debug && level !== "debug") {
-      console[level === "error" ? "error" : "log"](`[Oway ${level}]`, message, sanitized);
-    }
+    const safe = meta ? this.sanitize(meta) : void 0;
+    this.config.logger[level](message, safe);
   }
-  /**
-   * Sanitize objects for logging - remove sensitive fields
-   */
-  sanitizeForLogging(obj) {
+  sanitize(obj) {
     if (!obj || typeof obj !== "object") return obj;
-    const sensitive = ["apiKey", "token", "authorization", "password", "secret"];
-    const sanitized = Array.isArray(obj) ? [] : {};
-    for (const [key, value] of Object.entries(obj)) {
-      const lowerKey = key.toLowerCase();
-      if (sensitive.some((s) => lowerKey.includes(s))) {
-        sanitized[key] = "[REDACTED]";
-      } else if (value && typeof value === "object") {
-        sanitized[key] = this.sanitizeForLogging(value);
+    const sensitive = ["apikey", "token", "authorization", "password", "secret", "clientsecret"];
+    const out = Array.isArray(obj) ? [] : {};
+    for (const [k, v] of Object.entries(obj)) {
+      const lower = k.toLowerCase();
+      if (sensitive.some((s) => lower.includes(s))) {
+        out[k] = "[REDACTED]";
+      } else if (v && typeof v === "object") {
+        out[k] = this.sanitize(v);
       } else {
-        sanitized[key] = value;
+        out[k] = v;
       }
     }
-    return sanitized;
+    return out;
   }
-  /**
-   * Get or refresh the access token using the API key
-   * Handles concurrent requests by queuing them behind a single refresh
-   */
   async getAccessToken() {
-    if (this.tokenRefreshPromise) {
-      this.log("debug", "Waiting for token refresh in progress");
-      return this.tokenRefreshPromise;
-    }
+    if (this.tokenRefreshPromise) return this.tokenRefreshPromise;
     if (this.accessToken && Date.now() < this.tokenExpiry - 5 * 60 * 1e3) {
       return this.accessToken;
     }
-    this.log("debug", "Refreshing access token");
     this.tokenRefreshPromise = this.refreshToken();
     try {
       this.accessToken = await this.tokenRefreshPromise;
-      this.log("info", "Access token refreshed", {
-        expiresAt: new Date(this.tokenExpiry).toISOString()
-      });
       return this.accessToken;
     } finally {
       this.tokenRefreshPromise = null;
     }
   }
-  /**
-   * Perform the actual token refresh using M2M credentials
-   */
   async refreshToken() {
+    this.log("debug", "refreshing access token");
+    const resp = await fetch(this.config.tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        clientId: this.config.clientId,
+        clientSecret: this.config.clientSecret
+      })
+    });
+    const text = await resp.text();
+    if (!resp.ok) {
+      throw parseHttpError(resp.status, resp.headers.get("x-request-id") ?? void 0, text);
+    }
+    let parsed;
     try {
-      this.log("debug", "Refreshing M2M access token");
-      const response = await fetch(this.config.tokenUrl, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({
-          clientId: this.config.clientId,
-          clientSecret: this.config.clientSecret
-        })
+      parsed = JSON.parse(text);
+    } catch {
+      throw new OwayError({
+        message: "token response was not valid JSON",
+        code: "AUTH_INVALID_RESPONSE",
+        statusCode: resp.status
       });
-      if (!response.ok) {
-        throw new OwayError(
-          "Failed to obtain access token",
-          "AUTH_FAILED",
-          response.status
-        );
-      }
-      const data = await response.json();
-      if (!data.accessToken || !data.expiresIn) {
-        throw new OwayError(
-          "Invalid token response: missing accessToken or expiresIn",
-          "AUTH_INVALID_RESPONSE"
-        );
-      }
-      this.tokenExpiry = Date.now() + data.expiresIn * 1e3;
-      return data.accessToken;
-    } catch (error) {
-      this.log("error", "Token refresh failed", {
-        error: error instanceof Error ? error.message : "Unknown error"
+    }
+    if (!parsed.accessToken || !parsed.expiresIn) {
+      throw new OwayError({
+        message: "token response missing accessToken or expiresIn",
+        code: "AUTH_INVALID_RESPONSE",
+        statusCode: resp.status
       });
-      if (error instanceof OwayError) throw error;
-      throw new OwayError(
-        `Authentication failed: ${error instanceof Error ? error.message : "Unknown error"}`,
-        "AUTH_ERROR"
-      );
     }
+    this.tokenExpiry = Date.now() + parsed.expiresIn * 1e3;
+    return parsed.accessToken;
   }
-  /**
-   * Generate a unique request ID
-   */
-  generateRequestId() {
-    return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
-      const r = Math.random() * 16 | 0;
-      const v = c === "x" ? r : r & 3 | 8;
-      return v.toString(16);
-    });
-  }
-  /**
-   * Make an authenticated request to the Oway API
-   */
   async request(method, path, options = {}) {
     const token = await this.getAccessToken();
     const url = new URL(path, this.config.baseUrl);
-    const requestId = options.requestId || this.generateRequestId();
     if (options.query) {
-      Object.entries(options.query).forEach(([key, value]) => {
-        url.searchParams.append(key, String(value));
-      });
+      for (const [k, v] of Object.entries(options.query)) url.searchParams.append(k, String(v));
     }
-    const apiKey = options.companyApiKey || this.config.companyApiKey || this.config.apiKey;
+    const requestId = options.requestId || randomRequestId();
+    const apiKey = options.companyApiKey ?? this.config.apiKey;
     const headers = {
       "Content-Type": "application/json",
-      "Authorization": `Bearer ${token}`,
+      Authorization: `Bearer ${token}`,
       "x-request-id": requestId,
       ...options.headers
     };
-    if (apiKey) {
-      headers["x-oway-api-key"] = apiKey;
-    }
-    this.log("debug", `${method} ${path}`, {
-      requestId,
-      hasBody: !!options.body,
-      query: options.query
-    });
-    let lastError = null;
+    if (apiKey) headers["x-oway-api-key"] = apiKey;
+    let lastErr = null;
     for (let attempt = 0; attempt <= this.config.maxRetries; attempt++) {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
       try {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
-        const response = await fetch(url.toString(), {
+        const resp = await fetch(url.toString(), {
           method,
           headers,
-          body: options.body ? JSON.stringify(options.body) : void 0,
+          body: options.body !== void 0 ? JSON.stringify(options.body) : void 0,
           signal: controller.signal
         });
         clearTimeout(timeoutId);
-        const serverRequestId = response.headers.get("x-request-id") || requestId;
-        if (!response.ok) {
-          let errorData;
-          try {
-            errorData = await response.json();
-          } catch {
-            errorData = { message: response.statusText };
-          }
-          const error = new OwayError(
-            errorData.message || `Request failed with status ${response.status}`,
-            errorData.code || "API_ERROR",
-            response.status,
-            serverRequestId
-          );
-          this.log("warn", "Request failed", {
+        const serverRequestId = resp.headers.get("x-request-id") ?? requestId;
+        if (!resp.ok) {
+          const rawBody = await resp.text();
+          const err = parseHttpError(resp.status, serverRequestId, rawBody);
+          this.log("warn", "request failed", {
             method,
             path,
-            status: response.status,
-            requestId: serverRequestId,
+            status: err.statusCode,
+            code: err.code,
+            requestId: err.requestId,
             attempt: attempt + 1,
-            isRetryable: error.isRetryable()
-          });
-          throw error;
-        }
-        this.log("debug", "Request successful", {
-          method,
-          path,
-          status: response.status,
-          requestId: serverRequestId
-        });
-        if (response.status === 204) {
-          return {};
-        }
-        return await response.json();
-      } catch (error) {
-        lastError = error;
-        if (error instanceof OwayError && !error.isRetryable()) {
-          this.log("error", "Non-retryable error", {
-            requestId,
-            code: error.code,
-            statusCode: error.statusCode
+            retryable: err.isRetryable()
           });
-          throw error;
+          if (!err.isRetryable() || attempt === this.config.maxRetries) throw err;
+          lastErr = err;
+        } else {
+          if (resp.status === 204) return {};
+          return await resp.json();
         }
-        if (attempt === this.config.maxRetries) {
-          this.log("error", "Max retries exceeded", {
-            requestId,
-            attempts: attempt + 1
-          });
-          break;
+      } catch (e) {
+        clearTimeout(timeoutId);
+        if (e instanceof OwayError) {
+          if (!e.isRetryable() || attempt === this.config.maxRetries) throw e;
+          lastErr = e;
+        } else {
+          lastErr = e;
+          if (attempt === this.config.maxRetries) throw lastErr;
         }
-        const delay = Math.pow(2, attempt) * 1e3;
-        this.log("warn", "Retrying request", {
-          requestId,
-          attempt: attempt + 1,
-          maxRetries: this.config.maxRetries,
-          delayMs: delay
-        });
-        await new Promise((resolve) => setTimeout(resolve, delay));
       }
+      const delay = backoffDelayMs(attempt);
+      this.log("warn", "retrying", { attempt: attempt + 1, delay });
+      await new Promise((r) => setTimeout(r, delay));
     }
-    this.log("error", "Request failed", {
-      requestId,
-      error: lastError instanceof Error ? lastError.message : "Unknown error"
+    throw lastErr || new OwayError({
+      message: "request failed after retries",
+      code: "MAX_RETRIES_EXCEEDED",
+      requestId
     });
-    throw lastError || new OwayError("Request failed after retries", "MAX_RETRIES_EXCEEDED", void 0, requestId);
   }
-  async get(path, query, companyApiKey) {
+  get(path, query, companyApiKey) {
     return this.request("GET", path, { query, companyApiKey });
   }
-  async post(path, body, companyApiKey) {
+  post(path, body, companyApiKey) {
     return this.request("POST", path, { body, companyApiKey });
   }
-  async put(path, body, companyApiKey) {
+  put(path, body, companyApiKey) {
     return this.request("PUT", path, { body, companyApiKey });
   }
-  async delete(path, companyApiKey) {
+  delete(path, companyApiKey) {
     return this.request("DELETE", path, { companyApiKey });
   }
 };