npm - @proveanything/smartlinks - Versions diffs - 1.13.3 → 1.13.5 - Mend

@proveanything/smartlinks 1.13.3 → 1.13.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/openapi.yaml CHANGED Viewed

@@ -16825,6 +16825,31 @@ components:
       required:
         - collectionId
         - assetIds
+    UploadPolicyConfig:
+      type: object
+      properties:
+        enabled:
+          type: boolean
+        requireLevel:
+          type: string
+          enum:
+            - anonymous
+            - contact
+            - owner
+        allowedMimeTypes:
+          type: array
+          items:
+            type: string
+        maxFileSizeBytes:
+          type: number
+        reviewRequired:
+          type: boolean
+        tokenTtlSeconds:
+          type: number
+        maxUsesPerToken:
+          type: number
+      required:
+        - enabled
     RequestUploadTokenOptions:
       type: object
       properties:

package/dist/types/asset.d.ts CHANGED Viewed

@@ -253,8 +253,27 @@ export interface BulkDeleteAssetsOptions {
     assetIds: string[];
     graceDays?: number;
 }
+/**
+ * Collection-scoped app config policy used by `requestUploadToken`.
+ *
+ * Important: this policy is read from `sites/{collectionId}/apps/{appId}`
+ * (collection app config), not from global `apps/{appId}` config.
+ */
+export interface UploadPolicyConfig {
+    enabled: boolean;
+    requireLevel?: 'anonymous' | 'contact' | 'owner';
+    allowedMimeTypes?: string[];
+    maxFileSizeBytes?: number;
+    reviewRequired?: boolean;
+    tokenTtlSeconds?: number;
+    maxUsesPerToken?: number;
+}
 export interface RequestUploadTokenOptions {
     collectionId: string;
+    /**
+     * App ID whose collection-scoped config provides `uploadPolicy`.
+     * Resolved from `sites/{collectionId}/apps/{appId}`.
+     */
     appId: string;
     /** Required when the app policy requireLevel is 'contact' */
     contactId?: string;

package/docs/API_SUMMARY.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
-Version: 1.13.3  |  Generated: 2026-05-08T10:30:25.776Z
+Version: 1.13.5  |  Generated: 2026-05-09T11:54:02.443Z
 This is a concise summary of all available API functions and types.
@@ -2472,10 +2472,25 @@ interface BulkDeleteAssetsOptions {
 }
 ```
+**UploadPolicyConfig** (interface)
+```typescript
+interface UploadPolicyConfig {
+  enabled: boolean
+  requireLevel?: 'anonymous' | 'contact' | 'owner'
+  allowedMimeTypes?: string[]
+  maxFileSizeBytes?: number
+  reviewRequired?: boolean
+  tokenTtlSeconds?: number
+  maxUsesPerToken?: number
+}
+```
 **RequestUploadTokenOptions** (interface)
 ```typescript
 interface RequestUploadTokenOptions {
   collectionId: string
+  * App ID whose collection-scoped config provides `uploadPolicy`.
+  * Resolved from `sites/{collectionId}/apps/{appId}`.
   appId: string
   contactId?: string
   productId?: string
@@ -7797,7 +7812,7 @@ Restore a soft-deleted asset (clears `deletedAt`).
 Soft-delete multiple assets in one request.
 **requestUploadToken**(options: RequestUploadTokenOptions) → `Promise<UploadTokenResponse>`
-Request a single-use upload token for a public (unauthenticated) upload. The token encodes the upload policy (allowed types, max size, review requirement). ```typescript const { tokenId, policy } = await asset.requestUploadToken({ collectionId: 'my-collection', appId: 'user-gallery', contactId: contact.id, }) const uploaded = await asset.publicUploadWithToken({ collectionId: 'my-collection', tokenId, file: selectedFile, }) ```
+Request a single-use upload token for a public (unauthenticated) upload. The token encodes the upload policy (allowed types, max size, review requirement). Policy source: collection-scoped app config at `sites/{collectionId}/apps/{appId}` (`uploadPolicy` key). Global `apps/{appId}` config is not used for this endpoint. ```typescript const { tokenId, policy } = await asset.requestUploadToken({ collectionId: 'my-collection', appId: 'user-gallery', contactId: contact.id, }) const uploaded = await asset.publicUploadWithToken({ collectionId: 'my-collection', tokenId, file: selectedFile, }) ```
 **publicUploadWithToken**(options: PublicTokenUploadOptions) → `Promise<Asset>`
 Upload a file using a single-use upload token (no admin auth required). Assets are created with `status: 'pending_review'` when the token policy has `reviewRequired: true`.

package/docs/assets.md CHANGED Viewed

@@ -249,6 +249,32 @@ For anonymous or contact-initiated uploads from the portal — no admin auth req
 ### 1. Request an upload token
+```
+POST /api/public/collection/:collectionId/asset/token
+```
+Policy source (important):
+- Public upload policy is resolved from the collection-scoped app config at `sites/{collectionId}/apps/{appId}`.
+- Global app config (`apps/{appId}`) is not used for this endpoint.
+- SDKs/clients that provision app config should save `uploadPolicy` on the collection app document.
+Expected app config shape:
+```typescript
+{
+  uploadPolicy: {
+    enabled: boolean
+    requireLevel?: 'anonymous' | 'contact' | 'owner'
+    allowedMimeTypes?: string[]
+    maxFileSizeBytes?: number
+    reviewRequired?: boolean
+    tokenTtlSeconds?: number
+    maxUsesPerToken?: number
+  }
+}
+```
 ```typescript
 const { tokenId, expiresAt, policy } = await Api.asset.requestUploadToken({
   collectionId: 'my-collection',