@oxyhq/core 3.8.0 → 3.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/.tsbuildinfo +1 -1
- package/dist/cjs/mixins/OxyServices.user.js +12 -1
- package/dist/esm/.tsbuildinfo +1 -1
- package/dist/esm/mixins/OxyServices.user.js +12 -1
- package/dist/types/.tsbuildinfo +1 -1
- package/dist/types/mixins/OxyServices.user.d.ts +20 -0
- package/package.json +1 -1
- package/src/mixins/OxyServices.user.ts +28 -1
|
@@ -39,6 +39,15 @@ export interface BulkUnfollowResult {
|
|
|
39
39
|
}
|
|
40
40
|
export declare function OxyServicesUserMixin<T extends typeof OxyServicesBase>(Base: T): {
|
|
41
41
|
new (...args: any[]): {
|
|
42
|
+
/**
|
|
43
|
+
* Service-token request, implemented by the auth mixin earlier in the
|
|
44
|
+
* composition pipeline (see `mixins/index.ts`). The user mixin is typed
|
|
45
|
+
* against `OxyServicesBase`, which does not carry the auth mixin's methods,
|
|
46
|
+
* so this `declare` surfaces the inherited runtime method to TypeScript
|
|
47
|
+
* without re-implementing it. Used by `getUsersByIds` to authenticate the
|
|
48
|
+
* server-to-server `/users/by-ids` bulk fetch with a bearer service token.
|
|
49
|
+
*/
|
|
50
|
+
makeServiceRequest: <R = unknown>(method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE", url: string, data?: unknown, userId?: string) => Promise<R>;
|
|
42
51
|
/**
|
|
43
52
|
* Get profile by username
|
|
44
53
|
*/
|
|
@@ -129,6 +138,17 @@ export declare function OxyServicesUserMixin<T extends typeof OxyServicesBase>(B
|
|
|
129
138
|
* by `id`); each is run through `normalizeUserIdentity`, matching
|
|
130
139
|
* `getUserById`.
|
|
131
140
|
*
|
|
141
|
+
* **Service-token auth (required).** `/users/by-ids` is a server-to-server
|
|
142
|
+
* bulk fetch of PUBLIC user data and is called via `makeServiceRequest`,
|
|
143
|
+
* which attaches `Authorization: Bearer <serviceToken>`. oxy-api's CSRF
|
|
144
|
+
* middleware skips bearer-authenticated requests, so the calling client
|
|
145
|
+
* MUST be service-configured (`configureServiceAuth(apiKey, apiSecret)`)
|
|
146
|
+
* before invoking this method; otherwise `getServiceToken()` throws because
|
|
147
|
+
* no credentials are available. (A plain user-session request fails here:
|
|
148
|
+
* server-to-server there is no cookie jar, so the auto-attached
|
|
149
|
+
* `X-CSRF-Token` has no matching cookie and oxy-api rejects the POST with
|
|
150
|
+
* 403 "CSRF token missing".)
|
|
151
|
+
*
|
|
132
152
|
* Resilience: chunks are independent. A failed chunk is logged and skipped
|
|
133
153
|
* — the method returns every user that resolved successfully rather than
|
|
134
154
|
* discarding the whole call on one chunk's failure. An empty/whitespace-only
|
package/package.json
CHANGED
|
@@ -72,6 +72,22 @@ export function OxyServicesUserMixin<T extends typeof OxyServicesBase>(Base: T)
|
|
|
72
72
|
constructor(...args: any[]) {
|
|
73
73
|
super(...(args as [any]));
|
|
74
74
|
}
|
|
75
|
+
|
|
76
|
+
/**
|
|
77
|
+
* Service-token request, implemented by the auth mixin earlier in the
|
|
78
|
+
* composition pipeline (see `mixins/index.ts`). The user mixin is typed
|
|
79
|
+
* against `OxyServicesBase`, which does not carry the auth mixin's methods,
|
|
80
|
+
* so this `declare` surfaces the inherited runtime method to TypeScript
|
|
81
|
+
* without re-implementing it. Used by `getUsersByIds` to authenticate the
|
|
82
|
+
* server-to-server `/users/by-ids` bulk fetch with a bearer service token.
|
|
83
|
+
*/
|
|
84
|
+
declare makeServiceRequest: <R = unknown>(
|
|
85
|
+
method: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE',
|
|
86
|
+
url: string,
|
|
87
|
+
data?: unknown,
|
|
88
|
+
userId?: string,
|
|
89
|
+
) => Promise<R>;
|
|
90
|
+
|
|
75
91
|
/**
|
|
76
92
|
* Get profile by username
|
|
77
93
|
*/
|
|
@@ -333,6 +349,17 @@ export function OxyServicesUserMixin<T extends typeof OxyServicesBase>(Base: T)
|
|
|
333
349
|
* by `id`); each is run through `normalizeUserIdentity`, matching
|
|
334
350
|
* `getUserById`.
|
|
335
351
|
*
|
|
352
|
+
* **Service-token auth (required).** `/users/by-ids` is a server-to-server
|
|
353
|
+
* bulk fetch of PUBLIC user data and is called via `makeServiceRequest`,
|
|
354
|
+
* which attaches `Authorization: Bearer <serviceToken>`. oxy-api's CSRF
|
|
355
|
+
* middleware skips bearer-authenticated requests, so the calling client
|
|
356
|
+
* MUST be service-configured (`configureServiceAuth(apiKey, apiSecret)`)
|
|
357
|
+
* before invoking this method; otherwise `getServiceToken()` throws because
|
|
358
|
+
* no credentials are available. (A plain user-session request fails here:
|
|
359
|
+
* server-to-server there is no cookie jar, so the auto-attached
|
|
360
|
+
* `X-CSRF-Token` has no matching cookie and oxy-api rejects the POST with
|
|
361
|
+
* 403 "CSRF token missing".)
|
|
362
|
+
*
|
|
336
363
|
* Resilience: chunks are independent. A failed chunk is logged and skipped
|
|
337
364
|
* — the method returns every user that resolved successfully rather than
|
|
338
365
|
* discarding the whole call on one chunk's failure. An empty/whitespace-only
|
|
@@ -358,7 +385,7 @@ export function OxyServicesUserMixin<T extends typeof OxyServicesBase>(Base: T)
|
|
|
358
385
|
const settled = await Promise.all(
|
|
359
386
|
chunks.map(async (chunk): Promise<User[]> => {
|
|
360
387
|
try {
|
|
361
|
-
const users = await this.
|
|
388
|
+
const users = await this.makeServiceRequest<User[]>('POST', '/users/by-ids', { ids: chunk });
|
|
362
389
|
return Array.isArray(users) ? users.map((user) => normalizeUserIdentity(user)) : [];
|
|
363
390
|
} catch (error: unknown) {
|
|
364
391
|
logger.warn('getUsersByIds: chunk failed, continuing with remaining chunks', {
|