npm - @rool-dev/extension - Versions diffs - 0.4.1-dev.4b63014 → 0.4.1-dev.5b1d180 - Mend

@rool-dev/extension 0.4.1-dev.4b63014 → 0.4.1-dev.5b1d180

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/dev/host-shell.js +56 -22
package/dist/dev/host-shell.js.map +1 -1
package/dist/host.d.ts.map +1 -1
package/dist/host.js +10 -0
package/dist/reactive.svelte.d.ts +9 -0
package/dist/reactive.svelte.d.ts.map +1 -1
package/dist/reactive.svelte.js +15 -0
package/package.json +2 -2

package/dist/dev/host-shell.js CHANGED Viewed

@@ -7200,19 +7200,10 @@ var MediaClient = class {
 	}
 	/**
 	* Fetch an external URL via the server proxy (bypasses CORS).
+	* Uses POST /fetch/:spaceId with cache-control hint for media.
 	*/
 	async fetchViaProxy(spaceId, url) {
-		const tokens = await this.config.authManager.getTokens();
-		if (!tokens) throw new Error("Not authenticated");
-		const headers = {
-			Authorization: `Bearer ${tokens.accessToken}`,
-			"X-Rool-Token": tokens.roolToken
-		};
-		const proxyUrl = `${this.baseUrl(spaceId)}/proxy?url=${encodeURIComponent(url)}`;
-		const response = await fetch(proxyUrl, {
-			method: "GET",
-			headers
-		});
+		const response = await this.proxyFetch(spaceId, url, { headers: { "Cache-Control": "private, max-age=3600" } });
 		if (!response.ok) throw new Error(`Failed to fetch media via proxy: ${response.status} ${response.statusText}`);
 		return response;
 	}
@@ -7234,6 +7225,29 @@ var MediaClient = class {
 		if (!response.ok && response.status !== 204) throw new Error(`Failed to delete media: ${response.status} ${response.statusText}`);
 	}
 	/**
+	* Proxied fetch — execute an HTTP request via the server, bypassing CORS.
+	* Uses POST /fetch/:spaceId on the backend.
+	*/
+	async proxyFetch(spaceId, url, init) {
+		const tokens = await this.config.authManager.getTokens();
+		if (!tokens) throw new Error("Not authenticated");
+		const fetchUrl = `${this.config.backendOrigin}/fetch/${encodeURIComponent(spaceId)}`;
+		return await fetch(fetchUrl, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				Authorization: `Bearer ${tokens.accessToken}`,
+				"X-Rool-Token": tokens.roolToken
+			},
+			body: JSON.stringify({
+				url,
+				method: init?.method,
+				headers: init?.headers,
+				body: init?.body
+			})
+		});
+	}
+	/**
 	* Export a space as a zip archive containing data and media.
 	* The archive includes data.json with objects, relations, metadata, and channels,
 	* plus a media/ folder with all media files.
@@ -8115,6 +8129,17 @@ var RoolChannel = class extends EventEmitter {
 		return this.mediaClient.delete(this._id, url);
 	}
 	/**
+	* Fetch an external URL via the server proxy, bypassing CORS restrictions.
+	* Requires editor role or above. Blocked for private/internal IP ranges (SSRF protection).
+	*
+	* @param url - The URL to fetch
+	* @param init - Optional method, headers, and body
+	* @returns The proxied Response
+	*/
+	async fetch(url, init) {
+		return this.mediaClient.proxyFetch(this._id, url, init);
+	}
+	/**
 	* Register a collector that resolves when the object arrives via SSE.
 	* If the object is already in the buffer (arrived before collector), resolves immediately.
 	* @internal
@@ -8677,12 +8702,12 @@ var RoolClient = class extends EventEmitter {
 	}
 	/**
 	* Make an authenticated fetch request to the Rool API.
-	* Use this escape hatch for app-specific endpoints not covered by the typed API.
+	* @internal Not part of the public API — use typed methods instead.
 	*
 	* @param path - Path relative to the base URL (e.g., '/billing/usage')
 	* @param init - Standard fetch RequestInit options. Authorization header is added automatically.
 	*/
-	async fetch(path, init) {
+	async _api(path, init) {
 		const tokens = await this.authManager.getTokens();
 		if (!tokens) throw new Error("Not authenticated");
 		const headers = new Headers(init?.headers);
@@ -8978,15 +9003,9 @@ var RoolClient = class extends EventEmitter {
 	}
 	/**
 	* Execute an arbitrary GraphQL query or mutation.
-	* Use this escape hatch for app-specific operations not covered by the typed API.
-	*
-	* @example
-	* const result = await client.graphql<{ lastMessages: Message[] }>(
-	*   `query trace($spaceId: String!) { trace(spaceId: $spaceId) }`,
-	*   { spaceId: 'abc123' }
-	* );
+	* @internal Not part of the public API — use typed methods instead.
 	*/
-	async graphql(query, variables) {
+	async _graphql(query, variables) {
 		return this.graphqlClient.query(query, variables);
 	}
 	registerChannel(spaceId, channel) {
@@ -9140,7 +9159,8 @@ var ALLOWED_METHODS = new Set([
 	"canRedo",
 	"undo",
 	"redo",
-	"clearHistory"
+	"clearHistory",
+	"fetch"
 ]);
 var CONVERSATION_METHODS = new Set([
 	"getInteractions",
@@ -9241,6 +9261,20 @@ var BridgeHost = class {
 				result = fn.apply(target, args);
 				if (result instanceof Promise) result = await result;
 			} else result = fn;
+			if (method === "fetch" && result instanceof Response) {
+				const response = result;
+				const headers = {};
+				response.headers.forEach((v, k) => {
+					headers[k] = v;
+				});
+				const body = await response.arrayBuffer();
+				result = {
+					status: response.status,
+					statusText: response.statusText,
+					headers,
+					body
+				};
+			}
 			this._postToApp({
 				type: "rool:response",
 				id,