@rool-dev/extension 0.4.1 → 0.4.2-dev.e292e1c

package/dist/dev/host-shell.js

@@ -4556,21 +4556,22 @@ var BrowserAuthProvider = class {
 	* Initiate login by redirecting to auth page.
 	* @param appName - The name of the application requesting login (displayed on auth page)
 	*/
-	login(appName) {
-		this.redirectToAuth("login", appName);
+	login(appName, params) {
+		this.redirectToAuth("login", appName, params);
 	}
 	/**
 	* Initiate signup by redirecting to auth page.
 	* @param appName - The name of the application requesting signup (displayed on auth page)
 	*/
-	signup(appName) {
-		this.redirectToAuth("signup", appName);
+	signup(appName, params) {
+		this.redirectToAuth("signup", appName, params);
 	}
-	redirectToAuth(flow, appName) {
+	redirectToAuth(flow, appName, params) {
 		const url = new URL(`${this.authBaseUrl}/${flow}`);
 		const redirectTarget = window.location.origin + window.location.pathname + window.location.search;
 		url.searchParams.set("redirect_uri", redirectTarget);
 		url.searchParams.set("app_name", appName);
+		if (params) for (const [key, value] of Object.entries(params)) url.searchParams.set(key, value);
 		const state = this.generateState();
 		this.storeState(state);
 		url.searchParams.set("state", state);
@@ -4843,15 +4844,15 @@ var AuthManager = class {
 	* Initiate login.
 	* @param appName - The name of the application requesting login (displayed on auth page)
 	*/
-	login(appName) {
-		return this.provider.login(appName);
+	login(appName, params) {
+		return this.provider.login(appName, params);
 	}
 	/**
 	* Initiate signup.
 	* @param appName - The name of the application requesting signup (displayed on auth page)
 	*/
-	signup(appName) {
-		return this.provider.signup(appName);
+	signup(appName, params) {
+		return this.provider.signup(appName, params);
 	}
 	/**
 	* Logout - clear all tokens and state.
@@ -7200,19 +7201,10 @@ var MediaClient = class {
 	}
 	/**
 	* Fetch an external URL via the server proxy (bypasses CORS).
+	* Uses POST /fetch/:spaceId with cache-control hint for media.
 	*/
 	async fetchViaProxy(spaceId, url) {
-		const tokens = await this.config.authManager.getTokens();
-		if (!tokens) throw new Error("Not authenticated");
-		const headers = {
-			Authorization: `Bearer ${tokens.accessToken}`,
-			"X-Rool-Token": tokens.roolToken
-		};
-		const proxyUrl = `${this.baseUrl(spaceId)}/proxy?url=${encodeURIComponent(url)}`;
-		const response = await fetch(proxyUrl, {
-			method: "GET",
-			headers
-		});
+		const response = await this.proxyFetch(spaceId, url, { headers: { "Cache-Control": "private, max-age=3600" } });
 		if (!response.ok) throw new Error(`Failed to fetch media via proxy: ${response.status} ${response.statusText}`);
 		return response;
 	}
@@ -7234,6 +7226,29 @@ var MediaClient = class {
 		if (!response.ok && response.status !== 204) throw new Error(`Failed to delete media: ${response.status} ${response.statusText}`);
 	}
 	/**
+	* Proxied fetch — execute an HTTP request via the server, bypassing CORS.
+	* Uses POST /fetch/:spaceId on the backend.
+	*/
+	async proxyFetch(spaceId, url, init) {
+		const tokens = await this.config.authManager.getTokens();
+		if (!tokens) throw new Error("Not authenticated");
+		const fetchUrl = `${this.config.backendOrigin}/fetch/${encodeURIComponent(spaceId)}`;
+		return await fetch(fetchUrl, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				Authorization: `Bearer ${tokens.accessToken}`,
+				"X-Rool-Token": tokens.roolToken
+			},
+			body: JSON.stringify({
+				url,
+				method: init?.method,
+				headers: init?.headers,
+				body: init?.body
+			})
+		});
+	}
+	/**
 	* Export a space as a zip archive containing data and media.
 	* The archive includes data.json with objects, relations, metadata, and channels,
 	* plus a media/ folder with all media files.
@@ -8115,6 +8130,17 @@ var RoolChannel = class extends EventEmitter {
 		return this.mediaClient.delete(this._id, url);
 	}
 	/**
+	* Fetch an external URL via the server proxy, bypassing CORS restrictions.
+	* Requires editor role or above. Blocked for private/internal IP ranges (SSRF protection).
+	*
+	* @param url - The URL to fetch
+	* @param init - Optional method, headers, and body
+	* @returns The proxied Response
+	*/
+	async fetch(url, init) {
+		return this.mediaClient.proxyFetch(this._id, url, init);
+	}
+	/**
 	* Register a collector that resolves when the object arrives via SSE.
 	* If the object is already in the buffer (arrived before collector), resolves immediately.
 	* @internal
@@ -8643,15 +8669,16 @@ var RoolClient = class extends EventEmitter {
 	* Initiate login by redirecting to auth page.
 	* @param appName - The name of the application requesting login (displayed on auth page)
 	*/
-	async login(appName) {
-		return this.authManager.login(appName);
+	async login(appName, params) {
+		return this.authManager.login(appName, params);
 	}
 	/**
 	* Initiate signup by redirecting to auth page.
 	* @param appName - The name of the application requesting signup (displayed on auth page)
+	* @param params - Optional additional query parameters to pass to the auth server
 	*/
-	async signup(appName) {
-		return this.authManager.signup(appName);
+	async signup(appName, params) {
+		return this.authManager.signup(appName, params);
 	}
 	/**
 	* Logout - clear all tokens and state.
@@ -8677,12 +8704,12 @@ var RoolClient = class extends EventEmitter {
 	}
 	/**
 	* Make an authenticated fetch request to the Rool API.
-	* Use this escape hatch for app-specific endpoints not covered by the typed API.
+	* @internal Not part of the public API — use typed methods instead.
 	*
 	* @param path - Path relative to the base URL (e.g., '/billing/usage')
 	* @param init - Standard fetch RequestInit options. Authorization header is added automatically.
 	*/
-	async fetch(path, init) {
+	async _api(path, init) {
 		const tokens = await this.authManager.getTokens();
 		if (!tokens) throw new Error("Not authenticated");
 		const headers = new Headers(init?.headers);
@@ -8978,15 +9005,9 @@ var RoolClient = class extends EventEmitter {
 	}
 	/**
 	* Execute an arbitrary GraphQL query or mutation.
-	* Use this escape hatch for app-specific operations not covered by the typed API.
-	* 
-	* @example
-	* const result = await client.graphql<{ lastMessages: Message[] }>(
-	*   `query trace($spaceId: String!) { trace(spaceId: $spaceId) }`,
-	*   { spaceId: 'abc123' }
-	* );
+	* @internal Not part of the public API — use typed methods instead.
 	*/
-	async graphql(query, variables) {
+	async _graphql(query, variables) {
 		return this.graphqlClient.query(query, variables);
 	}
 	registerChannel(spaceId, channel) {
@@ -9140,7 +9161,8 @@ var ALLOWED_METHODS = new Set([
 	"canRedo",
 	"undo",
 	"redo",
-	"clearHistory"
+	"clearHistory",
+	"fetch"
 ]);
 var CONVERSATION_METHODS = new Set([
 	"getInteractions",
@@ -9241,6 +9263,20 @@ var BridgeHost = class {
 				result = fn.apply(target, args);
 				if (result instanceof Promise) result = await result;
 			} else result = fn;
+			if (method === "fetch" && result instanceof Response) {
+				const response = result;
+				const headers = {};
+				response.headers.forEach((v, k) => {
+					headers[k] = v;
+				});
+				const body = await response.arrayBuffer();
+				result = {
+					status: response.status,
+					statusText: response.statusText,
+					headers,
+					body
+				};
+			}
 			this._postToApp({
 				type: "rool:response",
 				id,