@pikku/fetch 0.12.0 → 0.12.2

package/CHANGELOG.md

@@ -1,5 +1,18 @@
+## 0.12.2
+
+### Patch Changes
+
+- 9060165: New realtime events system: `pikku realtime` generates a typed `PikkuRealtime` client that pairs with `PikkuRPC`. A `/events` channel can be scaffolded to fan out server events to subscribers over SSE. `pikku dev` wires `LocalEventHubService` automatically so realtime works out of the box locally. The React provider exposes `PikkuRealtime` alongside `PikkuRPC`.
+- 9060165: Fix `@pikku/addon-graph` package exports so generated bootstrap files can be imported correctly. The Node.js HTTP server adapter is unified across dev, standalone, and container deployments. Next.js gains a worker-RPC transport. Date values in fetch responses now deserialise correctly.
+
 ## 0.12.0
 
+## 0.12.1
+
+### Patch Changes
+
+- 3fbd05c: Encode URI path parameters with encodeURIComponent to prevent path injection via user-supplied data values.
+
 ### New Features
 
 - Auto-remove `Content-Type` header for bodyless requests (GET/DELETE)

package/dist/cjs/core-pikku-fetch.d.ts

@@ -45,6 +45,11 @@ export declare class CorePikkuFetch {
      * @param {string} serverUrl - The server URL to be set.
      */
     setServerUrl(serverUrl: string): void;
+    /**
+     * Returns the configured base server URL (without trailing slash), or
+     * undefined if it hasn't been set yet.
+     */
+    getServerUrl(): string | undefined;
     /**
      * Sets the JWT for authorization.
      *
@@ -61,6 +66,27 @@ export declare class CorePikkuFetch {
     get(uri: string, data: any, options?: RequestInit): Promise<any>;
     patch(uri: string, data: any, options?: RequestInit): Promise<any>;
     head(uri: string, data: any, options?: RequestInit): Promise<any>;
+    /**
+     * Uploads a file to a URL obtained from `getUploadURL`.
+     * Handles both presigned URLs (e.g. S3) and header-based auth (e.g. B2).
+     *
+     * @param {Object} uploadInfo - The result from the backend's `getUploadURL` call.
+     * @param {string} uploadInfo.uploadUrl - The URL to upload to.
+     * @param {string} uploadInfo.assetKey - The finalized asset key.
+     * @param {Record<string, string>} [uploadInfo.uploadHeaders] - Optional headers required by the storage backend.
+     * @param {Blob | File | Buffer | ReadableStream} body - The file content to upload.
+     * @param {string} [contentType] - The MIME type (used as fallback if not in uploadHeaders).
+     * @returns {Promise<{ assetKey: string; response: Response }>} - The asset key and raw response.
+     */
+    uploadFile(uploadInfo: {
+        uploadUrl: string;
+        assetKey: string;
+        uploadHeaders?: Record<string, string>;
+        uploadMethod?: 'PUT' | 'POST';
+    }, body: Blob | File | BufferSource | ReadableStream, contentType?: string): Promise<{
+        assetKey: string;
+        response: Response;
+    }>;
     /**
      * Makes an API request with the specified URI, method, and data, and optionally transforms dates in the response.
      *

package/dist/cjs/core-pikku-fetch.js

@@ -57,6 +57,13 @@ class CorePikkuFetch {
         }
         this.options.serverUrl = serverUrl;
     }
+    /**
+     * Returns the configured base server URL (without trailing slash), or
+     * undefined if it hasn't been set yet.
+     */
+    getServerUrl() {
+        return this.options.serverUrl;
+    }
     /**
      * Sets the JWT for authorization.
      *
@@ -103,6 +110,36 @@ class CorePikkuFetch {
             return yield this.api(uri, 'HEAD', data, options);
         });
     }
+    /**
+     * Uploads a file to a URL obtained from `getUploadURL`.
+     * Handles both presigned URLs (e.g. S3) and header-based auth (e.g. B2).
+     *
+     * @param {Object} uploadInfo - The result from the backend's `getUploadURL` call.
+     * @param {string} uploadInfo.uploadUrl - The URL to upload to.
+     * @param {string} uploadInfo.assetKey - The finalized asset key.
+     * @param {Record<string, string>} [uploadInfo.uploadHeaders] - Optional headers required by the storage backend.
+     * @param {Blob | File | Buffer | ReadableStream} body - The file content to upload.
+     * @param {string} [contentType] - The MIME type (used as fallback if not in uploadHeaders).
+     * @returns {Promise<{ assetKey: string; response: Response }>} - The asset key and raw response.
+     */
+    uploadFile(uploadInfo, body, contentType) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a;
+            const headers = Object.assign({}, uploadInfo.uploadHeaders);
+            if (!headers['Content-Type'] && contentType) {
+                headers['Content-Type'] = contentType;
+            }
+            const response = yield fetch(uploadInfo.uploadUrl, {
+                method: (_a = uploadInfo.uploadMethod) !== null && _a !== void 0 ? _a : 'PUT',
+                headers,
+                body: body,
+            });
+            if (response.status >= 400) {
+                throw response;
+            }
+            return { assetKey: uploadInfo.assetKey, response };
+        });
+    }
     /**
      * Makes an API request with the specified URI, method, and data, and optionally transforms dates in the response.
      *
@@ -168,7 +205,7 @@ class CorePikkuFetch {
      * @returns {any} - The transformed data.
      */
     transformDates(data) {
-        if (!this.options.transformDate) {
+        if (this.options.transformDate === false) {
             return data;
         }
         return (0, transform_date_js_1.transformDates)(data);

package/dist/cjs/index.d.ts

@@ -6,5 +6,6 @@
  *
  * @module @pikku/fetch
  */
-export { CorePikkuFetch, CorePikkuFetchOptions, HTTPMethod, } from './core-pikku-fetch.js';
+export { CorePikkuFetch } from './core-pikku-fetch.js';
+export type { CorePikkuFetchOptions, HTTPMethod } from './core-pikku-fetch.js';
 export { corePikkuFetch } from './pikku-fetch.js';

package/dist/cjs/pikku-fetch.js

@@ -28,7 +28,7 @@ const corePikkuFetch = (uri, data, options) => __awaiter(void 0, void 0, void 0,
         const keys = Object.keys(data);
         for (const key of keys) {
             if (uri.includes(`:${key}`)) {
-                uri = uri.replace(`:${key}`, data[key]);
+                uri = uri.replace(`:${key}`, encodeURIComponent(String(data[key])));
                 delete data[key];
             }
         }

package/dist/esm/core-pikku-fetch.d.ts

@@ -45,6 +45,11 @@ export declare class CorePikkuFetch {
      * @param {string} serverUrl - The server URL to be set.
      */
     setServerUrl(serverUrl: string): void;
+    /**
+     * Returns the configured base server URL (without trailing slash), or
+     * undefined if it hasn't been set yet.
+     */
+    getServerUrl(): string | undefined;
     /**
      * Sets the JWT for authorization.
      *
@@ -61,6 +66,27 @@ export declare class CorePikkuFetch {
     get(uri: string, data: any, options?: RequestInit): Promise<any>;
     patch(uri: string, data: any, options?: RequestInit): Promise<any>;
     head(uri: string, data: any, options?: RequestInit): Promise<any>;
+    /**
+     * Uploads a file to a URL obtained from `getUploadURL`.
+     * Handles both presigned URLs (e.g. S3) and header-based auth (e.g. B2).
+     *
+     * @param {Object} uploadInfo - The result from the backend's `getUploadURL` call.
+     * @param {string} uploadInfo.uploadUrl - The URL to upload to.
+     * @param {string} uploadInfo.assetKey - The finalized asset key.
+     * @param {Record<string, string>} [uploadInfo.uploadHeaders] - Optional headers required by the storage backend.
+     * @param {Blob | File | Buffer | ReadableStream} body - The file content to upload.
+     * @param {string} [contentType] - The MIME type (used as fallback if not in uploadHeaders).
+     * @returns {Promise<{ assetKey: string; response: Response }>} - The asset key and raw response.
+     */
+    uploadFile(uploadInfo: {
+        uploadUrl: string;
+        assetKey: string;
+        uploadHeaders?: Record<string, string>;
+        uploadMethod?: 'PUT' | 'POST';
+    }, body: Blob | File | BufferSource | ReadableStream, contentType?: string): Promise<{
+        assetKey: string;
+        response: Response;
+    }>;
     /**
      * Makes an API request with the specified URI, method, and data, and optionally transforms dates in the response.
      *

package/dist/esm/core-pikku-fetch.js

@@ -46,6 +46,13 @@ export class CorePikkuFetch {
         }
         this.options.serverUrl = serverUrl;
     }
+    /**
+     * Returns the configured base server URL (without trailing slash), or
+     * undefined if it hasn't been set yet.
+     */
+    getServerUrl() {
+        return this.options.serverUrl;
+    }
     /**
      * Sets the JWT for authorization.
      *
@@ -84,6 +91,35 @@ export class CorePikkuFetch {
     async head(uri, data, options) {
         return await this.api(uri, 'HEAD', data, options);
     }
+    /**
+     * Uploads a file to a URL obtained from `getUploadURL`.
+     * Handles both presigned URLs (e.g. S3) and header-based auth (e.g. B2).
+     *
+     * @param {Object} uploadInfo - The result from the backend's `getUploadURL` call.
+     * @param {string} uploadInfo.uploadUrl - The URL to upload to.
+     * @param {string} uploadInfo.assetKey - The finalized asset key.
+     * @param {Record<string, string>} [uploadInfo.uploadHeaders] - Optional headers required by the storage backend.
+     * @param {Blob | File | Buffer | ReadableStream} body - The file content to upload.
+     * @param {string} [contentType] - The MIME type (used as fallback if not in uploadHeaders).
+     * @returns {Promise<{ assetKey: string; response: Response }>} - The asset key and raw response.
+     */
+    async uploadFile(uploadInfo, body, contentType) {
+        const headers = {
+            ...uploadInfo.uploadHeaders,
+        };
+        if (!headers['Content-Type'] && contentType) {
+            headers['Content-Type'] = contentType;
+        }
+        const response = await fetch(uploadInfo.uploadUrl, {
+            method: uploadInfo.uploadMethod ?? 'PUT',
+            headers,
+            body: body,
+        });
+        if (response.status >= 400) {
+            throw response;
+        }
+        return { assetKey: uploadInfo.assetKey, response };
+    }
     /**
      * Makes an API request with the specified URI, method, and data, and optionally transforms dates in the response.
      *
@@ -151,7 +187,7 @@ export class CorePikkuFetch {
      * @returns {any} - The transformed data.
      */
     transformDates(data) {
-        if (!this.options.transformDate) {
+        if (this.options.transformDate === false) {
             return data;
         }
         return transformDates(data);

package/dist/esm/index.d.ts

@@ -6,5 +6,6 @@
  *
  * @module @pikku/fetch
  */
-export { CorePikkuFetch, CorePikkuFetchOptions, HTTPMethod, } from './core-pikku-fetch.js';
+export { CorePikkuFetch } from './core-pikku-fetch.js';
+export type { CorePikkuFetchOptions, HTTPMethod } from './core-pikku-fetch.js';
 export { corePikkuFetch } from './pikku-fetch.js';

package/dist/esm/index.js

@@ -6,5 +6,5 @@
  *
  * @module @pikku/fetch
  */
-export { CorePikkuFetch, } from './core-pikku-fetch.js';
+export { CorePikkuFetch } from './core-pikku-fetch.js';
 export { corePikkuFetch } from './pikku-fetch.js';

package/dist/esm/pikku-fetch.js

@@ -15,7 +15,7 @@ export const corePikkuFetch = async (uri, data, options) => {
         const keys = Object.keys(data);
         for (const key of keys) {
             if (uri.includes(`:${key}`)) {
-                uri = uri.replace(`:${key}`, data[key]);
+                uri = uri.replace(`:${key}`, encodeURIComponent(String(data[key])));
                 delete data[key];
             }
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pikku/fetch",
-  "version": "0.12.0",
+  "version": "0.12.2",
   "author": "yasser.fadl@gmail.com",
   "license": "MIT",
   "type": "module",
@@ -21,7 +21,8 @@
     "release": "yarn build && npm test",
     "test": "bash run-tests.sh",
     "test:watch": "bash run-tests.sh --watch",
-    "test:coverage": "bash run-tests.sh --coverage"
+    "test:coverage": "bash run-tests.sh --coverage",
+    "prepublishOnly": "yarn build"
   },
   "devDependencies": {
     "typescript": "^5.9"

package/src/core-pikku-fetch.ts

@@ -72,6 +72,14 @@ export class CorePikkuFetch {
     this.options.serverUrl = serverUrl
   }
 
+  /**
+   * Returns the configured base server URL (without trailing slash), or
+   * undefined if it hasn't been set yet.
+   */
+  public getServerUrl(): string | undefined {
+    return this.options.serverUrl
+  }
+
   /**
    * Sets the JWT for authorization.
    *
@@ -114,6 +122,48 @@ export class CorePikkuFetch {
     return await this.api(uri, 'HEAD', data, options)
   }
 
+  /**
+   * Uploads a file to a URL obtained from `getUploadURL`.
+   * Handles both presigned URLs (e.g. S3) and header-based auth (e.g. B2).
+   *
+   * @param {Object} uploadInfo - The result from the backend's `getUploadURL` call.
+   * @param {string} uploadInfo.uploadUrl - The URL to upload to.
+   * @param {string} uploadInfo.assetKey - The finalized asset key.
+   * @param {Record<string, string>} [uploadInfo.uploadHeaders] - Optional headers required by the storage backend.
+   * @param {Blob | File | Buffer | ReadableStream} body - The file content to upload.
+   * @param {string} [contentType] - The MIME type (used as fallback if not in uploadHeaders).
+   * @returns {Promise<{ assetKey: string; response: Response }>} - The asset key and raw response.
+   */
+  public async uploadFile(
+    uploadInfo: {
+      uploadUrl: string
+      assetKey: string
+      uploadHeaders?: Record<string, string>
+      uploadMethod?: 'PUT' | 'POST'
+    },
+    body: Blob | File | BufferSource | ReadableStream,
+    contentType?: string
+  ): Promise<{ assetKey: string; response: Response }> {
+    const headers: Record<string, string> = {
+      ...uploadInfo.uploadHeaders,
+    }
+    if (!headers['Content-Type'] && contentType) {
+      headers['Content-Type'] = contentType
+    }
+
+    const response = await fetch(uploadInfo.uploadUrl, {
+      method: uploadInfo.uploadMethod ?? 'PUT',
+      headers,
+      body: body as any,
+    })
+
+    if (response.status >= 400) {
+      throw response
+    }
+
+    return { assetKey: uploadInfo.assetKey, response }
+  }
+
   /**
    * Makes an API request with the specified URI, method, and data, and optionally transforms dates in the response.
    *
@@ -192,7 +242,7 @@ export class CorePikkuFetch {
    * @returns {any} - The transformed data.
    */
   private transformDates(data: any): any {
-    if (!this.options.transformDate) {
+    if (this.options.transformDate === false) {
       return data
     }
     return transformDates(data)

package/src/index.test.ts

@@ -0,0 +1,11 @@
+import assert from 'node:assert/strict'
+import { describe, test } from 'node:test'
+
+import { CorePikkuFetch, corePikkuFetch } from './index.js'
+
+describe('@pikku/fetch', () => {
+  test('exports the public fetch client API', () => {
+    assert.equal(typeof CorePikkuFetch, 'function')
+    assert.equal(typeof corePikkuFetch, 'function')
+  })
+})

package/src/index.ts

@@ -7,9 +7,6 @@
  * @module @pikku/fetch
  */
 
-export {
-  CorePikkuFetch,
-  CorePikkuFetchOptions,
-  HTTPMethod,
-} from './core-pikku-fetch.js'
+export { CorePikkuFetch } from './core-pikku-fetch.js'
+export type { CorePikkuFetchOptions, HTTPMethod } from './core-pikku-fetch.js'
 export { corePikkuFetch } from './pikku-fetch.js'

package/src/pikku-fetch.ts

@@ -21,7 +21,7 @@ export const corePikkuFetch = async (
     const keys = Object.keys(data)
     for (const key of keys) {
       if (uri.includes(`:${key}`)) {
-        uri = uri.replace(`:${key}`, data[key])
+        uri = uri.replace(`:${key}`, encodeURIComponent(String(data[key])))
         delete data[key]
       }
     }