@oway/sdk 0.1.2 → 0.2.0

package/dist/index.mjs

@@ -1,277 +1,229 @@
 // src/client.ts
 var OwayError = class extends Error {
-  constructor(message, code, statusCode, requestId) {
-    super(message);
-    this.code = code;
-    this.statusCode = statusCode;
-    this.requestId = requestId;
+  constructor(opts) {
+    super(opts.message);
     this.name = "OwayError";
+    this.statusCode = opts.statusCode;
+    this.code = opts.code;
+    this.requestId = opts.requestId;
+    this.violations = opts.violations ?? [];
+    this.rawBody = opts.rawBody;
   }
-  /**
-   * Determines if this error represents a transient failure that should be retried
-   */
+  /** True for well-known transient HTTP status codes (408/429/500/502/503/504). */
   isRetryable() {
     if (!this.statusCode) return false;
-    if (this.statusCode === 429) return true;
-    if (this.statusCode === 503) return true;
-    if (this.statusCode === 500) return true;
-    if (this.statusCode === 501) return false;
-    if (this.statusCode === 502) return true;
-    if (this.statusCode === 504) return true;
-    if (this.statusCode >= 500) return true;
-    return false;
+    return [408, 429, 500, 502, 503, 504].includes(this.statusCode);
+  }
+  /** 4xx response. */
+  isClientError() {
+    return !!this.statusCode && this.statusCode >= 400 && this.statusCode < 500;
+  }
+  /** 5xx response. */
+  isServerError() {
+    return !!this.statusCode && this.statusCode >= 500 && this.statusCode < 600;
   }
 };
+function parseHttpError(status, requestId, rawBody) {
+  let problem;
+  try {
+    problem = rawBody ? JSON.parse(rawBody) : void 0;
+  } catch {
+  }
+  const message = problem?.detail || problem?.title || `Request failed with status ${status}`;
+  return new OwayError({
+    message,
+    statusCode: status,
+    code: problem?.reason,
+    requestId,
+    violations: problem?.violations,
+    rawBody
+  });
+}
+function randomRequestId() {
+  if (typeof globalThis !== "undefined" && globalThis.crypto?.randomUUID) {
+    return globalThis.crypto.randomUUID();
+  }
+  const buf = new Uint8Array(16);
+  for (let i = 0; i < 16; i++) buf[i] = Math.floor(Math.random() * 256);
+  return Array.from(buf, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+function backoffDelayMs(attempt) {
+  const base = Math.min(Math.pow(2, attempt) * 1e3, 3e4);
+  return Math.floor(Math.random() * (base + 1));
+}
 var HttpClient = class {
   constructor(config) {
     this.accessToken = null;
     this.tokenExpiry = 0;
     this.tokenRefreshPromise = null;
     if (!config.clientId || !config.clientSecret) {
-      throw new OwayError("clientId and clientSecret are required. Contact Oway Sales Engineering to obtain M2M credentials.");
+      throw new OwayError({
+        message: "clientId and clientSecret are required",
+        code: "CONFIG_MISSING_CREDENTIALS"
+      });
     }
+    const baseUrl = config.baseUrl || (typeof process !== "undefined" ? process.env?.OWAY_BASE_URL : void 0) || "https://api.sandbox.oway.io";
     this.config = {
-      baseUrl: config.baseUrl || process.env.OWAY_BASE_URL || "https://api.sandbox.oway.io",
-      tokenUrl: config.tokenUrl || (config.baseUrl || process.env.OWAY_BASE_URL || "https://api.sandbox.oway.io") + "/v1/auth/token",
+      baseUrl,
+      tokenUrl: config.tokenUrl || `${baseUrl}/v1/auth/token`,
       maxRetries: config.maxRetries ?? 3,
       timeout: config.timeout ?? 3e4,
       debug: config.debug ?? false,
       clientId: config.clientId,
       clientSecret: config.clientSecret,
       apiKey: config.apiKey,
-      // Optional default company API key
       logger: config.logger
     };
-    this.log("debug", "Oway SDK initialized", {
+    this.log("debug", "sdk initialized", {
       baseUrl: this.config.baseUrl,
-      authMode: "M2M",
       hasDefaultApiKey: !!this.config.apiKey
     });
   }
-  /**
-   * Internal logging with sanitization
-   */
   log(level, message, meta) {
+    if (!this.config.logger) return;
     if (!this.config.debug && level === "debug") return;
-    const sanitized = meta ? this.sanitizeForLogging(meta) : void 0;
-    if (this.config.logger) {
-      this.config.logger[level](message, sanitized);
-    } else if (this.config.debug && level !== "debug") {
-      console[level === "error" ? "error" : "log"](`[Oway ${level}]`, message, sanitized);
-    }
+    const safe = meta ? this.sanitize(meta) : void 0;
+    this.config.logger[level](message, safe);
   }
-  /**
-   * Sanitize objects for logging - remove sensitive fields
-   */
-  sanitizeForLogging(obj) {
+  sanitize(obj) {
     if (!obj || typeof obj !== "object") return obj;
-    const sensitive = ["apiKey", "token", "authorization", "password", "secret"];
-    const sanitized = Array.isArray(obj) ? [] : {};
-    for (const [key, value] of Object.entries(obj)) {
-      const lowerKey = key.toLowerCase();
-      if (sensitive.some((s) => lowerKey.includes(s))) {
-        sanitized[key] = "[REDACTED]";
-      } else if (value && typeof value === "object") {
-        sanitized[key] = this.sanitizeForLogging(value);
+    const sensitive = ["apikey", "token", "authorization", "password", "secret", "clientsecret"];
+    const out = Array.isArray(obj) ? [] : {};
+    for (const [k, v] of Object.entries(obj)) {
+      const lower = k.toLowerCase();
+      if (sensitive.some((s) => lower.includes(s))) {
+        out[k] = "[REDACTED]";
+      } else if (v && typeof v === "object") {
+        out[k] = this.sanitize(v);
       } else {
-        sanitized[key] = value;
+        out[k] = v;
       }
     }
-    return sanitized;
+    return out;
   }
-  /**
-   * Get or refresh the access token using the API key
-   * Handles concurrent requests by queuing them behind a single refresh
-   */
   async getAccessToken() {
-    if (this.tokenRefreshPromise) {
-      this.log("debug", "Waiting for token refresh in progress");
-      return this.tokenRefreshPromise;
-    }
+    if (this.tokenRefreshPromise) return this.tokenRefreshPromise;
     if (this.accessToken && Date.now() < this.tokenExpiry - 5 * 60 * 1e3) {
       return this.accessToken;
     }
-    this.log("debug", "Refreshing access token");
     this.tokenRefreshPromise = this.refreshToken();
     try {
       this.accessToken = await this.tokenRefreshPromise;
-      this.log("info", "Access token refreshed", {
-        expiresAt: new Date(this.tokenExpiry).toISOString()
-      });
       return this.accessToken;
     } finally {
       this.tokenRefreshPromise = null;
     }
   }
-  /**
-   * Perform the actual token refresh using M2M credentials
-   */
   async refreshToken() {
+    this.log("debug", "refreshing access token");
+    const resp = await fetch(this.config.tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        clientId: this.config.clientId,
+        clientSecret: this.config.clientSecret
+      })
+    });
+    const text = await resp.text();
+    if (!resp.ok) {
+      throw parseHttpError(resp.status, resp.headers.get("x-request-id") ?? void 0, text);
+    }
+    let parsed;
     try {
-      this.log("debug", "Refreshing M2M access token");
-      const response = await fetch(this.config.tokenUrl, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({
-          clientId: this.config.clientId,
-          clientSecret: this.config.clientSecret
-        })
+      parsed = JSON.parse(text);
+    } catch {
+      throw new OwayError({
+        message: "token response was not valid JSON",
+        code: "AUTH_INVALID_RESPONSE",
+        statusCode: resp.status
       });
-      if (!response.ok) {
-        throw new OwayError(
-          "Failed to obtain access token",
-          "AUTH_FAILED",
-          response.status
-        );
-      }
-      const data = await response.json();
-      if (!data.accessToken || !data.expiresIn) {
-        throw new OwayError(
-          "Invalid token response: missing accessToken or expiresIn",
-          "AUTH_INVALID_RESPONSE"
-        );
-      }
-      this.tokenExpiry = Date.now() + data.expiresIn * 1e3;
-      return data.accessToken;
-    } catch (error) {
-      this.log("error", "Token refresh failed", {
-        error: error instanceof Error ? error.message : "Unknown error"
+    }
+    if (!parsed.accessToken || !parsed.expiresIn) {
+      throw new OwayError({
+        message: "token response missing accessToken or expiresIn",
+        code: "AUTH_INVALID_RESPONSE",
+        statusCode: resp.status
       });
-      if (error instanceof OwayError) throw error;
-      throw new OwayError(
-        `Authentication failed: ${error instanceof Error ? error.message : "Unknown error"}`,
-        "AUTH_ERROR"
-      );
     }
+    this.tokenExpiry = Date.now() + parsed.expiresIn * 1e3;
+    return parsed.accessToken;
   }
-  /**
-   * Generate a unique request ID
-   */
-  generateRequestId() {
-    return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
-      const r = Math.random() * 16 | 0;
-      const v = c === "x" ? r : r & 3 | 8;
-      return v.toString(16);
-    });
-  }
-  /**
-   * Make an authenticated request to the Oway API
-   */
   async request(method, path, options = {}) {
     const token = await this.getAccessToken();
     const url = new URL(path, this.config.baseUrl);
-    const requestId = options.requestId || this.generateRequestId();
     if (options.query) {
-      Object.entries(options.query).forEach(([key, value]) => {
-        url.searchParams.append(key, String(value));
-      });
+      for (const [k, v] of Object.entries(options.query)) url.searchParams.append(k, String(v));
     }
-    const apiKey = options.companyApiKey || this.config.companyApiKey || this.config.apiKey;
+    const requestId = options.requestId || randomRequestId();
+    const apiKey = options.companyApiKey ?? this.config.apiKey;
     const headers = {
       "Content-Type": "application/json",
-      "Authorization": `Bearer ${token}`,
+      Authorization: `Bearer ${token}`,
       "x-request-id": requestId,
       ...options.headers
     };
-    if (apiKey) {
-      headers["x-oway-api-key"] = apiKey;
-    }
-    this.log("debug", `${method} ${path}`, {
-      requestId,
-      hasBody: !!options.body,
-      query: options.query
-    });
-    let lastError = null;
+    if (apiKey) headers["x-oway-api-key"] = apiKey;
+    let lastErr = null;
     for (let attempt = 0; attempt <= this.config.maxRetries; attempt++) {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
       try {
-        const controller = new AbortController();
-        const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
-        const response = await fetch(url.toString(), {
+        const resp = await fetch(url.toString(), {
           method,
           headers,
-          body: options.body ? JSON.stringify(options.body) : void 0,
+          body: options.body !== void 0 ? JSON.stringify(options.body) : void 0,
           signal: controller.signal
         });
         clearTimeout(timeoutId);
-        const serverRequestId = response.headers.get("x-request-id") || requestId;
-        if (!response.ok) {
-          let errorData;
-          try {
-            errorData = await response.json();
-          } catch {
-            errorData = { message: response.statusText };
-          }
-          const error = new OwayError(
-            errorData.message || `Request failed with status ${response.status}`,
-            errorData.code || "API_ERROR",
-            response.status,
-            serverRequestId
-          );
-          this.log("warn", "Request failed", {
+        const serverRequestId = resp.headers.get("x-request-id") ?? requestId;
+        if (!resp.ok) {
+          const rawBody = await resp.text();
+          const err = parseHttpError(resp.status, serverRequestId, rawBody);
+          this.log("warn", "request failed", {
             method,
             path,
-            status: response.status,
-            requestId: serverRequestId,
+            status: err.statusCode,
+            code: err.code,
+            requestId: err.requestId,
             attempt: attempt + 1,
-            isRetryable: error.isRetryable()
-          });
-          throw error;
-        }
-        this.log("debug", "Request successful", {
-          method,
-          path,
-          status: response.status,
-          requestId: serverRequestId
-        });
-        if (response.status === 204) {
-          return {};
-        }
-        return await response.json();
-      } catch (error) {
-        lastError = error;
-        if (error instanceof OwayError && !error.isRetryable()) {
-          this.log("error", "Non-retryable error", {
-            requestId,
-            code: error.code,
-            statusCode: error.statusCode
+            retryable: err.isRetryable()
           });
-          throw error;
+          if (!err.isRetryable() || attempt === this.config.maxRetries) throw err;
+          lastErr = err;
+        } else {
+          if (resp.status === 204) return {};
+          return await resp.json();
         }
-        if (attempt === this.config.maxRetries) {
-          this.log("error", "Max retries exceeded", {
-            requestId,
-            attempts: attempt + 1
-          });
-          break;
+      } catch (e) {
+        clearTimeout(timeoutId);
+        if (e instanceof OwayError) {
+          if (!e.isRetryable() || attempt === this.config.maxRetries) throw e;
+          lastErr = e;
+        } else {
+          lastErr = e;
+          if (attempt === this.config.maxRetries) throw lastErr;
         }
-        const delay = Math.pow(2, attempt) * 1e3;
-        this.log("warn", "Retrying request", {
-          requestId,
-          attempt: attempt + 1,
-          maxRetries: this.config.maxRetries,
-          delayMs: delay
-        });
-        await new Promise((resolve) => setTimeout(resolve, delay));
       }
+      const delay = backoffDelayMs(attempt);
+      this.log("warn", "retrying", { attempt: attempt + 1, delay });
+      await new Promise((r) => setTimeout(r, delay));
     }
-    this.log("error", "Request failed", {
-      requestId,
-      error: lastError instanceof Error ? lastError.message : "Unknown error"
+    throw lastErr || new OwayError({
+      message: "request failed after retries",
+      code: "MAX_RETRIES_EXCEEDED",
+      requestId
     });
-    throw lastError || new OwayError("Request failed after retries", "MAX_RETRIES_EXCEEDED", void 0, requestId);
   }
-  async get(path, query, companyApiKey) {
+  get(path, query, companyApiKey) {
     return this.request("GET", path, { query, companyApiKey });
   }
-  async post(path, body, companyApiKey) {
+  post(path, body, companyApiKey) {
     return this.request("POST", path, { body, companyApiKey });
   }
-  async put(path, body, companyApiKey) {
+  put(path, body, companyApiKey) {
     return this.request("PUT", path, { body, companyApiKey });
   }
-  async delete(path, companyApiKey) {
+  delete(path, companyApiKey) {
     return this.request("DELETE", path, { companyApiKey });
   }
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oway/sdk",
-  "version": "0.1.2",
+  "version": "0.2.0",
   "description": "Official Oway JavaScript/TypeScript SDK",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -46,10 +46,14 @@
   },
   "devDependencies": {
     "@types/node": "^20.11.0",
+    "@typescript-eslint/eslint-plugin": "^8.59.3",
+    "@typescript-eslint/parser": "^8.59.3",
     "@vitest/coverage-v8": "^1.6.1",
+    "eslint": "^10.3.0",
     "openapi-typescript": "^7.0.0",
     "tsup": "^8.0.1",
     "typescript": "^5.3.3",
+    "typescript-eslint": "^8.59.3",
     "vitest": "^1.2.0"
   },
   "engines": {