@oxyhq/core 2.4.1 → 3.0.0

package/dist/cjs/OxyServices.js

@@ -25,7 +25,7 @@ const mixins_1 = require("./mixins");
  * - **Payment**: Payment processing
  * - **Karma**: Karma system
  * - **Assets**: File upload and asset management
- * - **Developer**: Developer API management
+ * - **Applications**: Application, membership, and credential management
  * - **Location**: Location-based features
  * - **Analytics**: Analytics tracking
  * - **Devices**: Device management

package/dist/cjs/mixins/OxyServices.applications.js

@@ -0,0 +1,212 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OxyServicesApplicationsMixin = OxyServicesApplicationsMixin;
+const mixinHelpers_1 = require("./mixinHelpers");
+function OxyServicesApplicationsMixin(Base) {
+    return class extends Base {
+        constructor(...args) {
+            super(...args);
+        }
+        /**
+         * List applications the current user is an active member of.
+         */
+        async getApplications() {
+            try {
+                const res = await this.makeRequest('GET', '/applications', undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.MEDIUM });
+                return res.applications ?? [];
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Create a new application. The caller becomes its `owner`.
+         * @param data - Application configuration. Staff-only fields are ignored.
+         */
+        async createApplication(data) {
+            try {
+                const res = await this.makeRequest('POST', '/applications', data, { cache: false });
+                return res.application;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Fetch a single application by id.
+         * @param applicationId - The application's Mongo `_id`.
+         */
+        async getApplication(applicationId) {
+            try {
+                const res = await this.makeRequest('GET', `/applications/${applicationId}`, undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.LONG });
+                return res.application;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Update an application's mutable fields.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param data - Subset of updatable fields. Staff-only fields are ignored.
+         */
+        async updateApplication(applicationId, data) {
+            try {
+                const res = await this.makeRequest('PATCH', `/applications/${applicationId}`, data, { cache: false });
+                return res.application;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Soft-delete an application (owner only).
+         * @param applicationId - The application's Mongo `_id`.
+         */
+        async deleteApplication(applicationId) {
+            try {
+                return await this.makeRequest('DELETE', `/applications/${applicationId}`, undefined, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * List members of an application.
+         * @param applicationId - The application's Mongo `_id`.
+         */
+        async getApplicationMembers(applicationId) {
+            try {
+                const res = await this.makeRequest('GET', `/applications/${applicationId}/members`, undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.MEDIUM });
+                return res.members ?? [];
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Add a member to an application.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param data - Target user id and role (never `owner`).
+         */
+        async inviteApplicationMember(applicationId, data) {
+            try {
+                const res = await this.makeRequest('POST', `/applications/${applicationId}/members`, data, { cache: false });
+                return res.member;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Change a member's role.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param memberId - The member's Mongo `_id`.
+         * @param data - New role.
+         */
+        async updateApplicationMember(applicationId, memberId, data) {
+            try {
+                const res = await this.makeRequest('PATCH', `/applications/${applicationId}/members/${memberId}`, data, { cache: false });
+                return res.member;
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Remove a member from an application.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param memberId - The member's Mongo `_id`.
+         */
+        async removeApplicationMember(applicationId, memberId) {
+            try {
+                return await this.makeRequest('DELETE', `/applications/${applicationId}/members/${memberId}`, undefined, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Transfer ownership of an application to another member (owner only).
+         * Demotes the current owner to `admin` and promotes the target to `owner`.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param data - Target user id.
+         */
+        async transferApplicationOwnership(applicationId, data) {
+            try {
+                return await this.makeRequest('POST', `/applications/${applicationId}/transfer-ownership`, data, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * List an application's credentials. The response NEVER includes secrets.
+         * @param applicationId - The application's Mongo `_id`.
+         */
+        async getApplicationCredentials(applicationId) {
+            try {
+                const res = await this.makeRequest('GET', `/applications/${applicationId}/credentials`, undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.MEDIUM });
+                return res.credentials ?? [];
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Create a credential. The plaintext `secret` is returned exactly ONCE;
+         * the server stores only a hash and will never return it again.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param data - Credential configuration.
+         */
+        async createApplicationCredential(applicationId, data) {
+            try {
+                return await this.makeRequest('POST', `/applications/${applicationId}/credentials`, data, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Rotate a credential's secret. The new plaintext `secret` is returned
+         * exactly ONCE.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param credentialId - The credential's Mongo `_id`.
+         */
+        async rotateApplicationCredential(applicationId, credentialId) {
+            try {
+                return await this.makeRequest('POST', `/applications/${applicationId}/credentials/${credentialId}/rotate`, undefined, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Revoke a credential (`status='revoked'`). Revoked credentials can no
+         * longer authenticate.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param credentialId - The credential's Mongo `_id`.
+         */
+        async revokeApplicationCredential(applicationId, credentialId) {
+            try {
+                return await this.makeRequest('DELETE', `/applications/${applicationId}/credentials/${credentialId}`, undefined, { cache: false });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+        /**
+         * Fetch usage statistics for an application.
+         * @param applicationId - The application's Mongo `_id`.
+         * @param period - Time window (defaults to the server default).
+         */
+        async getApplicationUsage(applicationId, period) {
+            try {
+                return await this.makeRequest('GET', `/applications/${applicationId}/usage`, period ? { period } : undefined, { cache: true, cacheTTL: mixinHelpers_1.CACHE_TIMES.SHORT });
+            }
+            catch (error) {
+                throw this.handleError(error);
+            }
+        }
+    };
+}

package/dist/cjs/mixins/OxyServices.auth.js

@@ -65,8 +65,8 @@ function OxyServicesAuthMixin(Base) {
          * legitimate multi-tenant hosts that need to switch credentials cannot leak
          * one tenant's token to another tenant on the same instance.
          *
-         * @param apiKey - DeveloperApp API key (oxy_dk_*)
-         * @param apiSecret - DeveloperApp API secret
+         * @param apiKey - Application credential public key (oxy_dk_*)
+         * @param apiSecret - Application credential secret
          */
         configureServiceAuth(apiKey, apiSecret) {
             this._serviceApiKey = apiKey;
@@ -88,8 +88,8 @@ function OxyServicesAuthMixin(Base) {
          * This prevents an attacker who learned a peer's apiKey from extracting
          * their service token by polling with a wrong secret.
          *
-         * @param apiKey - DeveloperApp API key (optional if configureServiceAuth was called)
-         * @param apiSecret - DeveloperApp API secret (optional if configureServiceAuth was called)
+         * @param apiKey - Application credential public key (optional if configureServiceAuth was called)
+         * @param apiSecret - Application credential secret (optional if configureServiceAuth was called)
          */
         async getServiceToken(apiKey, apiSecret) {
             const key = apiKey || this._serviceApiKey;

package/dist/cjs/mixins/index.js

@@ -20,7 +20,7 @@ const OxyServices_language_1 = require("./OxyServices.language");
 const OxyServices_payment_1 = require("./OxyServices.payment");
 const OxyServices_karma_1 = require("./OxyServices.karma");
 const OxyServices_assets_1 = require("./OxyServices.assets");
-const OxyServices_developer_1 = require("./OxyServices.developer");
+const OxyServices_applications_1 = require("./OxyServices.applications");
 const OxyServices_location_1 = require("./OxyServices.location");
 const OxyServices_analytics_1 = require("./OxyServices.analytics");
 const OxyServices_devices_1 = require("./OxyServices.devices");
@@ -64,7 +64,7 @@ const MIXIN_PIPELINE = [
     OxyServices_payment_1.OxyServicesPaymentMixin,
     OxyServices_karma_1.OxyServicesKarmaMixin,
     OxyServices_assets_1.OxyServicesAssetsMixin,
-    OxyServices_developer_1.OxyServicesDeveloperMixin,
+    OxyServices_applications_1.OxyServicesApplicationsMixin,
     OxyServices_location_1.OxyServicesLocationMixin,
     OxyServices_analytics_1.OxyServicesAnalyticsMixin,
     OxyServices_devices_1.OxyServicesDevicesMixin,