@schibsted/account-sdk-browser 6.0.0-alpha.1 → 6.0.0-alpha.2

package/{index.js → src/index.ts}

@@ -2,8 +2,6 @@
  * See LICENSE.md in the project root.
  */
 
-'use strict';
-
 export * from './identity.js';
 export * from './monetization.js';
-export * from './payment.js';
+export { default as SDKError } from './SDKError.js';

package/src/{monetization.js → monetization.ts}

@@ -2,38 +2,71 @@
  * See LICENSE.md in the project root.
  */
 
-'use strict';
-
-import { assert, isStr, isNonEmptyString, isUrl } from './validate.js';
-import { urlMapper } from './url.js';
+import { TinyEmitter } from 'tiny-emitter';
+import Cache from './cache.js';
 import { ENDPOINTS, NAMESPACE } from './config.js';
-import EventEmitter from 'tiny-emitter';
+import { registerAndDispatchInGlobal } from './global-registry.js';
 import RESTClient from './RESTClient.js';
-import Cache from './cache.js';
-import * as spidTalk from './spidTalk.js';
 import SDKError from './SDKError.js';
+import * as spidTalk from './spidTalk.js';
+import { urlMapper } from './url.js';
+import { assert, isNonEmptyString, isStr, isUrl } from './validate.js';
 import version from './version.js';
-import { registerGlobal } from './global-registry.js';
 
 const globalWindow = () => window;
 
+/**
+ * Result returned by the Session Service `/hasAccess` endpoint, describing whether the user
+ * is entitled to a requested set of products/features.
+ * @internal
+ */
+export interface HasAccessResult {
+    /** Whether the user is entitled to at least one of the requested products/features. */
+    entitled: boolean;
+    /** How long this result stays valid, in seconds, before the cache entry expires. */
+    ttl: number;
+    allowedFeatures: string[];
+    userId: number;
+    uuid: string;
+    sig: string;
+}
+
 /**
  * Provides features related to monetization
  */
-export class Monetization extends EventEmitter {
+export class Monetization extends TinyEmitter {
+    cache: Cache;
+    clientId: string;
+    env: string;
+    redirectUri: string;
+    _spid!: RESTClient;
+    _sessionService?: RESTClient;
+    private pendingHasAccessRequests: Record<string, Promise<HasAccessResult>>;
+
     /**
-     * @param {object} options
-     * @param {string} options.clientId - Mandatory client id
-     * @param {string} [options.redirectUri] - Redirect uri
-     * @param {string} options.sessionDomain - Example: "https://id.site.com"
-     * @param {string} [options.env=PRE] - Schibsted account environment: `PRE`, `PRO` or `PRO_NO`
-     * @param {object} [options.window]
+     * @param options - Monetization configuration
      * @throws {SDKError} - If any of options are invalid
      */
-    constructor({ clientId, redirectUri, env = 'PRE', sessionDomain, window = globalWindow() }) {
+    constructor({
+        clientId,
+        redirectUri,
+        env = 'PRE',
+        sessionDomain,
+        window = globalWindow(),
+    }: {
+        /** Mandatory client id */
+        clientId: string;
+        /** Redirect uri */
+        redirectUri: string;
+        /** Example: `"https://id.site.com"` */
+        sessionDomain: string;
+        /** Schibsted account environment: `PRE` (default), `PRO`, `PRO_NO` */
+        env?: string;
+        /** Window object to use (defaults to the global `window`). */
+        window?: Window;
+    }) {
         super();
         spidTalk.emulate(window);
-        // validate options
         assert(isNonEmptyString(clientId), 'clientId parameter is required');
 
         this.cache = new Cache(() => window && window.sessionStorage);
@@ -47,16 +80,15 @@ export class Monetization extends EventEmitter {
             assert(isUrl(sessionDomain), 'sessionDomain parameter is not a valid URL');
             this._setSessionServiceUrl(sessionDomain);
         }
-        registerGlobal(window, 'Monetization', this);
+        registerAndDispatchInGlobal(window, 'schMonetization', this);
     }
 
     /**
      * Set SPiD server URL
      * @private
-     * @param {string} url
-     * @returns {void}
+     * @param url
      */
-    _setSpidServerUrl(url) {
+    private _setSpidServerUrl(url: string): void {
         assert(isStr(url), `url parameter is invalid: ${url}`);
         this._spid = new RESTClient({
             serverUrl: urlMapper(url, ENDPOINTS.SPiD),
@@ -67,29 +99,27 @@ export class Monetization extends EventEmitter {
     /**
      * Set session-service domain
      * @private
-     * @param {string} domain - real URL — (**not** 'PRE' style env key)
-     * @returns {void}
+     * @param domain - real URL — (**not** 'PRE' style env key)
      */
-    _setSessionServiceUrl(domain) {
+    private _setSessionServiceUrl(domain: string): void {
         assert(isStr(domain), `domain parameter is invalid: ${domain}`);
-        const client_sdrn = `sdrn:${NAMESPACE[this.env]}:client:${this.clientId}`;
+        const client_sdrn = `sdrn:${NAMESPACE[this.env as keyof typeof NAMESPACE]}:client:${this.clientId}`;
         this._sessionService = new RESTClient({
             serverUrl: domain,
-            log: this.log,
-            defaultParams: { client_sdrn, redirect_uri: this.redirectUri, sdk_version: version  },
+            defaultParams: { client_sdrn, redirect_uri: this.redirectUri, sdk_version: version },
         });
     }
 
     /**
      * Checks if the user has access to a set of products or features.
-     * @param {array} productIds - which products/features to check
-     * @param {number} userId - id of currently logged in user
+     * @param productIds - which products/features to check
+     * @param userId - id of currently logged in user
      * @throws {SDKError} - If the input is incorrect, or a network call fails in any way
      * (this will happen if, say, the user is not logged in)
-     * @returns {Object|null} The data object returned from Schibsted account (or `null` if the user
+     * @returns The data object returned from Schibsted account (or `null` if the user
      * doesn't have access to any of the given products/features)
      */
-    async hasAccess(productIds, userId) {
+    async hasAccess(productIds: string[], userId: number): Promise<HasAccessResult | null> {
         if (!this._sessionService) {
             throw new SDKError(`hasAccess can only be called if 'sessionDomain' is configured`);
         }
@@ -102,10 +132,12 @@ export class Monetization extends EventEmitter {
 
         const sortedIds = [...productIds].sort();
         const cacheKey = this._accessCacheKey(sortedIds, userId);
-        let data = this.cache.get(cacheKey);
+        let data = this.cache.get(cacheKey) as HasAccessResult | null;
         if (!data) {
             if (!this.pendingHasAccessRequests[cacheKey]) {
-                this.pendingHasAccessRequests[cacheKey] = this._sessionService.get(`/hasAccess/${sortedIds.join(',')}`);
+                this.pendingHasAccessRequests[cacheKey] = this._sessionService.get(
+                    `/hasAccess/${sortedIds.join(',')}`,
+                );
             }
             const promise = this.pendingHasAccessRequests[cacheKey];
             try {
@@ -113,7 +145,6 @@ export class Monetization extends EventEmitter {
                 const expiresSeconds = data.ttl;
                 this.cache.set(cacheKey, data, expiresSeconds * 1000);
             } finally {
-                // If it rejects, we still want to clear the pending request
                 if (this.pendingHasAccessRequests[cacheKey] === promise) {
                     delete this.pendingHasAccessRequests[cacheKey];
                 }
@@ -129,41 +160,39 @@ export class Monetization extends EventEmitter {
 
     /**
      * Removes the cached access result.
-     * @param {array} productIds - which products/features to check
-     * @param {number} userId - id of currently logged in user
-     * @returns {void}
+     * @param productIds - which products/features to check
+     * @param userId - id of currently logged in user
      */
-    clearCachedAccessResult(productIds, userId) {
+    clearCachedAccessResult(productIds: string[], userId: number): void {
         this.cache.delete(this._accessCacheKey(productIds, userId));
     }
 
     /**
      * Compute "has access" cache key for the given product ids and user id.
-     * @param {array} productIds - which products/features to check
-     * @param {number} userId - id of currently logged in user
-     * @returns {string}
      * @private
+     * @param productIds - which products/features to check
+     * @param userId - id of currently logged in user
      */
-    _accessCacheKey(productIds, userId) {
+    private _accessCacheKey(productIds: string[], userId: number): string {
         return `prd_${[...productIds].sort()}_${userId}`;
     }
 
     /**
      * Get the url for the end user to review the subscriptions
-     * @param {string} [redirectUri=this.redirectUri]
-     * @return {string} - The url to the subscriptions review page
+     * @param redirectUri
+     * @returns - The url to the subscriptions review page
      */
-    subscriptionsUrl(redirectUri = this.redirectUri) {
+    subscriptionsUrl(redirectUri: string = this.redirectUri): string {
         assert(isUrl(redirectUri), `subscriptionsUrl(): redirectUri is invalid`);
         return this._spid.makeUrl('account/subscriptions', { redirect_uri: redirectUri });
     }
 
     /**
      * Get the url for the end user to review the products
-     * @param {string} [redirectUri=this.redirectUri]
-     * @return {string} - The url to the products review page
+     * @param redirectUri
+     * @returns - The url to the products review page
      */
-    productsUrl(redirectUri = this.redirectUri) {
+    productsUrl(redirectUri: string = this.redirectUri): string {
         assert(isUrl(redirectUri), `productsUrl(): redirectUri is invalid`);
         return this._spid.makeUrl('account/products', { redirect_uri: redirectUri });
     }

package/src/{object.js → object.ts}

@@ -2,41 +2,36 @@
  * See LICENSE.md in the project root.
  */
 
-'use strict';
-
 /**
  * @summary Some routines that work on javascript objects
  * @private
  */
 
-import { assert, isObject, isNonEmptyObj } from './validate.js';
 import SDKError from './SDKError.js';
+import { assert, isNonEmptyObj, isObject } from './validate.js';
 
 /**
  * Similar to Object.assign({}, src) but only clones the keys of an object that have non-undefined
  * values.
  * Please note that the values in the rightmost parameters can overwrite the values of the earlier
  * parameters so the order of the parameters matters.
- * @memberof core
  * @example
  * cloneDefined({foo: 1, bar: 2}, {foo: 2}) // returns {foo: 2, bar: 2}
  *
- * @param {object} sources - one or more sources. Their defined properties will override the ones
+ * @param sources - one or more sources. Their defined properties will override the ones
  *        that came before it. For example if `source1.foo = 'bar'` and `source2.foo = 'baz'`, the
  *        result will include `{ foo: 'baz' }`
- * @return {object} a new object that is similar to src with all the key/values where the
- *         keys for undefined values are removed.
  */
-export function cloneDefined(...sources) {
-    const result = {};
+export function cloneDefined(...sources: object[]): Record<string, unknown> {
+    const result: Record<string, unknown> = {};
     if (!(sources && sources.length)) {
         throw new SDKError('No objects to clone');
     }
-    sources.forEach(source => {
+    sources.forEach((source) => {
         assert(isObject(source));
         if (isNonEmptyObj(source)) {
             Object.entries(source).forEach(([key, value]) => {
-                if (typeof value !== 'undefined' ) {
+                if (typeof value !== 'undefined') {
                     result[key] = isObject(value) ? cloneDeep(value) : value;
                 }
             });
@@ -47,13 +42,11 @@ export function cloneDefined(...sources) {
 
 /**
  * Deep copies an object. This is handy for immutability.
- * @memberof core
- * @param {object} obj - An object, array or null.
- * @return {object} - an exact copy of the object but deep copied
+ * @param obj - An object, array or null.
  * @throws {SDKError} - if the obj is not an accepted type or is not
  *         stringifiable by JSON for example if it has loops
  */
-export function cloneDeep(obj) {
+export function cloneDeep<T extends object | null>(obj: T): T {
     assert(typeof obj === 'object', `obj should be an object (even null) but it is ${obj}`);
     return JSON.parse(JSON.stringify(obj)) || obj;
 }

package/src/popup.ts

@@ -0,0 +1,74 @@
+/* Copyright 2024 Schibsted Products & Technology AS. Licensed under the terms of the MIT license.
+ * See LICENSE.md in the project root.
+ */
+
+import { cloneDefined } from './object.js';
+import { assert, isFunction, isObject, isUrl } from './validate.js';
+
+/**
+ * Serializes an object to string.
+ * @private
+ * @param obj - for example {a: 'b', c: 1}
+ */
+function serialize(obj: Record<string, unknown>): string {
+    assert(isObject(obj), `Object must be an object but it is '${obj}'`);
+    return Object.keys(obj)
+        .map((key) => `${key}=${obj[key]}`)
+        .join(',');
+}
+
+const defaultWindowFeatures = {
+    scrollbars: 'yes',
+    location: 'yes',
+    status: 'no',
+    menubar: 'no',
+    toolbar: 'no',
+    resizable: 'yes',
+};
+
+/**
+ * Opens a popup
+ * @param parentWindow - A reference to the window that will open the popup
+ * @param url - The URL that the popup will open
+ * @param windowName - A name for the window
+ * @param windowFeatures - Window features for the popup (default ones are usually ok)
+ * @private
+ */
+export function open(
+    parentWindow: Window,
+    url: string,
+    windowName = '',
+    windowFeatures: Record<string, string | number> = {},
+): Window | null {
+    assert(isObject(parentWindow), `window was supposed to be an object but it is ${parentWindow}`);
+    assert(
+        isObject(parentWindow.screen),
+        `window should be a valid Window object but it lacks a 'screen' property`,
+    );
+    assert(
+        isFunction(parentWindow.open),
+        `window should be a valid Window object but it lacks an 'open' function`,
+    );
+    assert(isUrl(url), 'Invalid URL for popup');
+
+    const { height, width } = parentWindow.screen;
+
+    const mergedFeatures = cloneDefined(defaultWindowFeatures, windowFeatures);
+    const { width: featureWidth, height: featureHeight } = mergedFeatures;
+    if (
+        typeof featureWidth === 'number' &&
+        Number.isFinite(featureWidth) &&
+        Number.isFinite(width)
+    ) {
+        mergedFeatures.left = (width - featureWidth) / 2;
+    }
+    if (
+        typeof featureHeight === 'number' &&
+        Number.isFinite(featureHeight) &&
+        Number.isFinite(height)
+    ) {
+        mergedFeatures.top = (height - featureHeight) / 2;
+    }
+    const features = serialize(mergedFeatures);
+    return parentWindow.open(url, windowName, features);
+}

package/src/{spidTalk.js → spidTalk.ts}

@@ -2,13 +2,12 @@
  * See LICENSE.md in the project root.
  */
 
-'use strict';
-
 /**
  * A workaround for how Schibsted account handles JSONP calls in the browser
  * @private
  */
 
+import './globals.js';
 import { isFunction } from './validate.js';
 
 /**
@@ -20,20 +19,19 @@ import { isFunction } from './validate.js';
  * The old SPiD JSONP APIs relied on SPiD.Talk.response(callbackName, data) but fetch-jsonp merely
  * calls window[callbackName](data) which is more common practice. This module simply acts as an
  * adapter to modernize the old mechanism until we support CORS. To see how the SPiD solution works,
- * try to run a simple JSONP request or debug it in netowrk tab. This module will be removed when
- * CORS is supported.
- * @memberof core
- * @param {object} global - a reference to the global object
- * @return {void}
+ * try to run a simple JSONP request or debug it in the network tab. This module will be removed
+ * when CORS is supported.
+ * @param global - A reference to the global object, typically the `Window`.
  */
-export function emulate(global) {
-    if (global.SPiD === null || typeof global.SPiD !== 'object') {
+export function emulate(global: Window): void {
+    if (!global.SPiD || typeof global.SPiD !== 'object') {
         global.SPiD = {};
     }
-    if (global.SPiD.Talk === null || typeof global.SPiD.Talk !== 'object') {
-        global.SPiD.Talk = {}
+    if (!global.SPiD.Talk || typeof global.SPiD.Talk !== 'object') {
+        global.SPiD.Talk = {};
     }
     if (!isFunction(global.SPiD.Talk.response)) {
-        global.SPiD.Talk.response = (callbackName, data) => global[callbackName](data);
+        global.SPiD.Talk.response = (callbackName: string, data: unknown) =>
+            (global as any)[callbackName](data);
     }
 }

package/src/{url.js → url.ts}

@@ -2,20 +2,16 @@
  * See LICENSE.md in the project root.
  */
 
-'use strict'
-
-import { assert, isNonEmptyString, isUrl, isNonEmptyObj } from './validate.js';
+import { assert, isNonEmptyObj, isNonEmptyString, isUrl } from './validate.js';
 
 /**
  * A simple utility function that allows looking up URLs from a dictionary
- * @memberof core
- * @param {string} url - A url like http://example.com, or a key used for lookup
- * @param {object<string,string>} urlMap - A map of URLs like
- * `{ DEV: 'http://dev.example.com' }`
- * @throws {SDKError} - If the url is not an string or is an empty string
- * @return {string} The url that points to the server
+ * @param url - A url like http://example.com, or a key used for lookup
+ * @param urlMap - A map of URLs like `{ DEV: 'http://dev.example.com' }`
+ * @returns The resolved URL: the mapped value when `url` is a known key, otherwise `url` itself
+ * @throws {SDKError} - If the url is not a string or is an empty string
  */
-export function urlMapper(url, urlMap) {
+export function urlMapper(url: string, urlMap: Record<string, string>): string {
     assert(isNonEmptyString(url), `"url" param must be a non empty string: ${typeof url}`);
     if (isNonEmptyObj(urlMap) && isUrl(urlMap[url])) {
         return urlMap[url];

package/src/{validate.js → validate.ts}

@@ -2,8 +2,6 @@
  * See LICENSE.md in the project root.
  */
 
-'use strict';
-
 import SDKError from './SDKError.js';
 
 /*
@@ -16,13 +14,13 @@ import SDKError from './SDKError.js';
 /**
  * A utility function that throws an SDKError if an assertion fails. It's mostly useful for
  * validating function inputs.
- * @memberof core
- * @param {boolean} condition - The condition that we're asserting
- * @param {string} [message = Assertion failed] - The error message
+ *
+ * Narrows `condition` for the rest of the enclosing scope (TypeScript assertion signature).
+ * @param condition - The condition that we're asserting
+ * @param message - The error message
  * @throws {SDKError} - If the condition is falsy it throws the appropriate error
- * @return {void}
  */
-export function assert(condition, message = 'Assertion failed') {
+export function assert(condition: boolean, message = 'Assertion failed'): asserts condition {
     if (!condition) {
         throw new SDKError(message);
     }
@@ -30,82 +28,68 @@ export function assert(condition, message = 'Assertion failed') {
 
 /**
  * Checks if a value is a string or not
- * @memberof core
- * @param {*} value - The value to check
- * @return {boolean}
+ * @param value - The value to check
  */
-export function isStr(value) {
+export function isStr(value: unknown): value is string {
     return typeof value === 'string';
 }
 
 /**
  * Checks if a value is a non-empty string
- * @memberof core
- * @param {*} value - The value to check
- * @return {boolean}
+ * @param value - The value to check
  */
-export function isNonEmptyString(value) {
+export function isNonEmptyString(value: unknown): value is string {
     return typeof value === 'string' && value.length > 0;
 }
 
 /**
  * checks if a given value is an object (but not null)
- * @memberof core
- * @param {*} value - The value to check
- * @return {boolean}
+ * @param value - The value to check
  */
-export function isObject(value) {
+export function isObject(value: unknown): value is Record<string, unknown> {
     return typeof value === 'object' && value !== null;
 }
 
 /**
  * Checks if a given value is an object with at least one own key
- * @memberof core
- * @param {*} value - The value to check
- * @return {boolean}
+ * @param value - The value to check
  */
-export function isNonEmptyObj(value) {
+export function isNonEmptyObj(value: unknown): value is Record<string, unknown> {
     return isObject(value) && Object.keys(value).length > 0;
 }
 
 /**
  * Checks if a given string is a valid URL
- * @memberof core
- * @param {string} value - The string to be tested
- * @param {...string} mandatoryFields - A list of mandatory fields that should exist in the parsed
- * URL object
- * @return {boolean}
+ * @param value - The string to be tested
+ * @param mandatoryFields - A list of mandatory fields that should exist in the parsed
+ * `URL` object
  */
-export function isUrl(value, ...mandatoryFields) {
+export function isUrl(value: string, ...mandatoryFields: (keyof URL)[]): boolean {
     try {
         const parsedUrl = new URL(value);
-        return mandatoryFields.every(f => parsedUrl[f]);
-    } catch (urlParsingError) {
+        return mandatoryFields.every((f) => parsedUrl[f]);
+    } catch {
         return false;
     }
 }
 
 /**
  * Checks if a given value is a function
- * @memberof core
- * @param {*} value - The value to check
- * @return {boolean}
+ * @param value - The value to check
  */
-export function isFunction(value) {
+export function isFunction(value: unknown): value is (...args: unknown[]) => unknown {
     return typeof value === 'function';
 }
 
 /**
  * Checks if a string matches any of the strings in a set of possibilities
- * @memberof core
- * @param {string} value
- * @param {string[]} possibilities - An array of strings that'll be used to check the string
+ * @param value
+ * @param possibilities - An array of strings that'll be used to check the string
  * inclusion. Note that for performance reasons, we don't validate this parameter.
- * @param {boolean} [caseSensitive=false] - Should the check be case sensitive
- * @return {boolean}
+ * @param caseSensitive - Should the check be case sensitive
  */
-export function isStrIn(value, possibilities, caseSensitive = false) {
-    const _isSameStrCaseInsensitive = str =>
+export function isStrIn(value: string, possibilities: string[], caseSensitive = false): boolean {
+    const _isSameStrCaseInsensitive = (str: string) =>
         isStr(str) && value.toUpperCase() === str.toUpperCase();
     if (!(isStr(value) && Array.isArray(possibilities))) {
         return false;

package/src/{version.js → version.ts}

@@ -1,5 +1,4 @@
 // Version is bumped automatically by release-please. See release-please-config.json.
 
-'use strict'
-const version = '6.0.0-alpha.1'; // x-release-please-version
+const version = '6.0.0-alpha.2'; // x-release-please-version
 export default version;

package/identity.d.ts

@@ -1 +0,0 @@
-export * from "./src/identity.js";

package/identity.js

@@ -1,5 +0,0 @@
-/* Copyright 2026 Schibsted Products & Technology AS. Licensed under the terms of the MIT license.
- * See LICENSE.md in the project root.
- */
-
-export { default, Identity } from './src/identity.js';

package/index.d.ts

@@ -1,4 +0,0 @@
-export * from "./identity.js";
-export * from "./monetization.js";
-export * from "./payment.js";
-export { default as SDKError } from "./src/SDKError.js";

package/monetization.d.ts

@@ -1 +0,0 @@
-export * from "./src/monetization.js";

package/monetization.js

@@ -1,5 +0,0 @@
-/* Copyright 2026 Schibsted Products & Technology AS. Licensed under the terms of the MIT license.
- * See LICENSE.md in the project root.
- */
-
-export { default, Monetization } from './src/monetization.js';

package/payment.d.ts

@@ -1 +0,0 @@
-export * from "./src/payment.js";

package/payment.js

@@ -1,5 +0,0 @@
-/* Copyright 2026 Schibsted Products & Technology AS. Licensed under the terms of the MIT license.
- * See LICENSE.md in the project root.
- */
-
-export { default, Payment } from './src/payment.js';