@serialsubscriptions/platform-integration 0.0.83 → 0.0.85

package/lib/SubscribedPlanManager.d.ts

@@ -36,9 +36,16 @@ import { type JsonApiResource } from './SSISubscribedPlanApi';
  * Attributes for a subscribed_plan--subscribed_plan resource.
  * Based on your JSON sample; extra fields will still be present in the raw JSON:API resource.
  */
+/**
+ * Known values for subscribed plan `status` (and for project `subscription_status`
+ * when synced from the platform). Document the full list in SUBSCRIBEDPLAN_MANAGER.md.
+ */
+export declare const SUBSCRIPTION_STATUS: {};
+export type SubscriptionStatusValue = (typeof SUBSCRIPTION_STATUS)[keyof typeof SUBSCRIPTION_STATUS] | string;
 export interface SubscribedPlanAttributes {
     drupal_internal__id: number;
     name: string;
+    /** Plan status from the platform. See SUBSCRIBEDPLAN_MANAGER.md for possible values. */
     status: string;
     subscription_period: string;
     name_subscript: string | null;

package/lib/SubscribedPlanManager.js

@@ -33,11 +33,26 @@
  * ```
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SubscribedPlanManager = void 0;
+exports.SubscribedPlanManager = exports.SUBSCRIPTION_STATUS = void 0;
 const SSISubscribedPlanApi_1 = require("./SSISubscribedPlanApi");
 const SSISubscribedFeatureApi_1 = require("./SSISubscribedFeatureApi");
 const SSISubscribedLimitApi_1 = require("./SSISubscribedLimitApi");
 const SSICache_1 = require("./cache/SSICache");
+/**
+ * Attributes for a subscribed_plan--subscribed_plan resource.
+ * Based on your JSON sample; extra fields will still be present in the raw JSON:API resource.
+ */
+/**
+ * Known values for subscribed plan `status` (and for project `subscription_status`
+ * when synced from the platform). Document the full list in SUBSCRIBEDPLAN_MANAGER.md.
+ */
+exports.SUBSCRIPTION_STATUS = {
+// Add values as the platform defines them, e.g.:
+// ACTIVE: 'active',
+// CANCELLED: 'cancelled',
+// TRIALING: 'trialing',
+// PAST_DUE: 'past_due',
+};
 /**
  * SubscribedPlanManager
  *

package/lib/auth.server.d.ts

@@ -1,4 +1,5 @@
 import { SSIStorage } from "./storage/SSIStorage";
+import type { AuthConfigInput } from "./requestConfig";
 export declare const scopes: {
     readonly defaultScopes: "openid profile email view_project create_project delete_project update_project view_subscribed_plan view_subscribed_feature view_subscribed_limit access_subscription_usage";
 };
@@ -67,7 +68,8 @@ export declare class AuthServer {
     private stateStorage;
     private jwksCache;
     private lastTokens?;
-    constructor(config?: AuthConfig);
+    /** Accepts AuthConfig or SSIRequestConfig (e.g. from getRequestConfig(req)). */
+    constructor(config?: AuthConfigInput);
     /**
      * Build the authorization URL and persist a CSRF state for the callback.
      * Returns: { url, stateKey, stateValue }

package/lib/auth.server.js

@@ -43,6 +43,7 @@ const jose_1 = require("jose");
 const stateStore_1 = require("./stateStore");
 const SSICache_1 = require("./cache/SSICache");
 const constants_1 = require("./cache/constants");
+const requestConfig_1 = require("./requestConfig");
 exports.scopes = {
     defaultScopes: "openid profile email view_project create_project delete_project update_project view_subscribed_plan view_subscribed_feature view_subscribed_limit access_subscription_usage"
 };
@@ -93,9 +94,9 @@ function getJwtExpirySeconds(jwt) {
     }
 }
 class AuthServer {
+    /** Accepts AuthConfig or SSIRequestConfig (e.g. from getRequestConfig(req)). */
     constructor(config) {
-        // Use empty object as default if config is not provided
-        const cfg = config ?? {};
+        const cfg = (0, requestConfig_1.normalizeAuthConfig)(config) ?? {};
         let scopesString;
         if (cfg.scopes === undefined || cfg.scopes === null) {
             scopesString = exports.scopes.defaultScopes;

package/lib/clientConfig.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Config shape that host apps use in the browser (e.g. from getClientConfig()).
+ *
+ * Derived from public env (NEXT_PUBLIC_*) and optionally window.location.
+ * Use this type for the return value of your client config helper so SessionClient
+ * and other client code stay typed.
+ *
+ * - **baseUrl**: App origin (e.g. window.location.origin or NEXT_PUBLIC_APP_URL).
+ * - **apiUrl**: App API base; where your app’s routes live (e.g. /api/v1/auth/session).
+ *   Pass to SessionClient.getSessionClient(config.apiUrl ?? config.baseUrl).
+ * - **ssiApiUrl**: SSI Platform API base (for links, account portal, etc.).
+ * - **ssiIssuerBaseUrl**: SSI issuer URL (often same as ssiApiUrl; e.g. for /pricing links).
+ */
+export type SSIClientConfig = {
+    baseUrl: string | null;
+    apiUrl?: string | null;
+    ssiApiUrl?: string | null;
+    ssiIssuerBaseUrl?: string | null;
+};
+/**
+ * Returns the URL to pass to SessionClient (app base so it can call the app’s session endpoint).
+ * Prefers apiUrl so the session route is resolved correctly when app and API differ.
+ */
+export declare function getSessionClientBaseUrl(config: SSIClientConfig | undefined | null): string | undefined;

package/lib/clientConfig.js

@@ -0,0 +1,15 @@
+"use strict";
+// clientConfig.ts
+// Client-side config types and helpers. No server/auth dependencies so safe for frontend bundle.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getSessionClientBaseUrl = getSessionClientBaseUrl;
+/**
+ * Returns the URL to pass to SessionClient (app base so it can call the app’s session endpoint).
+ * Prefers apiUrl so the session route is resolved correctly when app and API differ.
+ */
+function getSessionClientBaseUrl(config) {
+    if (config == null)
+        return undefined;
+    const url = config.apiUrl ?? config.baseUrl;
+    return url != null && url !== "" ? url : undefined;
+}

package/lib/frontend/index.d.ts

@@ -1 +1,3 @@
 export { SessionClient } from './session/SessionClient';
+export type { SSIClientConfig } from '../clientConfig';
+export { getSessionClientBaseUrl } from '../clientConfig';

package/lib/frontend/index.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SessionClient = void 0;
-// Browser/middleware-safe exports only
+exports.getSessionClientBaseUrl = exports.SessionClient = void 0;
+// Browser/middleware-safe exports only (no auth.server / requestConfig)
 var SessionClient_1 = require("./session/SessionClient");
 Object.defineProperty(exports, "SessionClient", { enumerable: true, get: function () { return SessionClient_1.SessionClient; } });
+var clientConfig_1 = require("../clientConfig");
+Object.defineProperty(exports, "getSessionClientBaseUrl", { enumerable: true, get: function () { return clientConfig_1.getSessionClientBaseUrl; } });

package/lib/frontend/session/SessionClient.d.ts

@@ -1,13 +1,25 @@
+import { type SSIClientConfig } from '../../clientConfig';
 export declare class SessionClient {
     private readonly cookieHeader?;
-    private static readonly instances;
     private readonly baseUrl;
     private claims;
     private ttl;
     private initPromise;
     private static normalizeBaseUrl;
     constructor(baseUrl?: string, cookieHeader?: string | null | undefined);
-    static getSessionClient(baseUrl?: string): SessionClient;
+    /**
+     * Returns a new SessionClient for this request. Call once per request (or per user
+     * context) so session is not shared across requests.
+     *
+     * Accepts a base URL string or an SSIClientConfig (e.g. from getClientConfig());
+     * when given config, uses config.apiUrl ?? config.baseUrl.
+     *
+     * In Next.js server components/route handlers you can omit cookieHeader: the client
+     * will automatically use the current request's session cookie (via next/headers).
+     * In other server contexts (e.g. middleware, non-Next), pass the request's Cookie
+     * header so this client is bound to that request's session.
+     */
+    static getSessionClient(baseUrlOrConfig?: string | SSIClientConfig, cookieHeader?: string | null): SessionClient;
     isLoggedIn(): Promise<boolean>;
     warmup(): void;
     getTtl(): Promise<number | null>;

package/lib/frontend/session/SessionClient.js

@@ -1,6 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SessionClient = void 0;
+const clientConfig_1 = require("../../clientConfig");
+/** Session cookie name; must match SessionManager (SSI_COOKIE_NAME env or default). */
+const SESSION_COOKIE_NAME = process.env.SSI_COOKIE_NAME ?? "ssi_session";
 class SessionClient {
     static normalizeBaseUrl(baseUrl) {
         if (!baseUrl) {
@@ -30,16 +33,21 @@ class SessionClient {
         }
         this.initPromise = this.loadClaims();
     }
-    static getSessionClient(baseUrl) {
-        const resolvedBaseUrl = baseUrl ?? process.env.NEXT_PUBLIC_BASE_URL ?? "";
-        const normalizedBaseUrl = SessionClient.normalizeBaseUrl(resolvedBaseUrl);
-        if (!normalizedBaseUrl || !normalizedBaseUrl.startsWith("http://") && !normalizedBaseUrl.startsWith("https://")) {
-            console.error(`You must set baseUrl to SessionClient or you must set env variable NEXT_PUBLIC_BASE_URL. Incorrect value \`${resolvedBaseUrl}\``);
-        }
-        if (!SessionClient.instances.has(normalizedBaseUrl)) {
-            SessionClient.instances.set(normalizedBaseUrl, new SessionClient(baseUrl));
-        }
-        return SessionClient.instances.get(normalizedBaseUrl);
+    /**
+     * Returns a new SessionClient for this request. Call once per request (or per user
+     * context) so session is not shared across requests.
+     *
+     * Accepts a base URL string or an SSIClientConfig (e.g. from getClientConfig());
+     * when given config, uses config.apiUrl ?? config.baseUrl.
+     *
+     * In Next.js server components/route handlers you can omit cookieHeader: the client
+     * will automatically use the current request's session cookie (via next/headers).
+     * In other server contexts (e.g. middleware, non-Next), pass the request's Cookie
+     * header so this client is bound to that request's session.
+     */
+    static getSessionClient(baseUrlOrConfig, cookieHeader) {
+        const baseUrl = typeof baseUrlOrConfig === 'string' ? baseUrlOrConfig : (0, clientConfig_1.getSessionClientBaseUrl)(baseUrlOrConfig);
+        return new SessionClient(baseUrl, cookieHeader);
     }
     async isLoggedIn() {
         await this.initPromise;
@@ -87,14 +95,13 @@ class SessionClient {
             return init;
         }
         try {
-            // Dynamic import of next/headers - only available in Next.js server context
-            // @ts-expect-error - next/headers types are available at runtime but TypeScript can't resolve them during package build
+            // Dynamic import of next/headers - only available in Next.js server context (request-scoped)
             const { cookies } = await import("next/headers");
             const cookieStore = await cookies();
-            const serializedCookies = cookieStore
-                .getAll()
-                .map((cookie) => `${cookie.name}=${cookie.value}`)
-                .join("; ");
+            const sessionCookie = cookieStore.get(SESSION_COOKIE_NAME);
+            const serializedCookies = sessionCookie
+                ? `${sessionCookie.name}=${sessionCookie.value}`
+                : "";
             if (!serializedCookies) {
                 return init;
             }
@@ -141,5 +148,4 @@ class SessionClient {
     }
 }
 exports.SessionClient = SessionClient;
-SessionClient.instances = new Map();
 exports.default = SessionClient;

package/lib/index.d.ts

@@ -1,4 +1,6 @@
 export * from './auth.server';
+export * from './requestConfig';
+export * from './clientConfig';
 export * from './stateStore';
 export * from './storage/SSIStorage';
 export * from './storage/types';

package/lib/index.js

@@ -16,6 +16,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SSISubscribedPlanApi = exports.SSISubscribedLimitApi = exports.SSISubscribedFeatureApi = exports.SessionClient = void 0;
 __exportStar(require("./auth.server"), exports);
+__exportStar(require("./requestConfig"), exports);
+__exportStar(require("./clientConfig"), exports);
 __exportStar(require("./stateStore"), exports);
 __exportStar(require("./storage/SSIStorage"), exports);
 __exportStar(require("./storage/types"), exports);

package/lib/requestConfig.d.ts

@@ -0,0 +1,38 @@
+import type { AuthConfig } from './auth.server';
+/**
+ * SSI-related config that host apps typically derive from the current request
+ * (e.g. via getRequestConfig(req)) and pass to the library.
+ *
+ * Use this type when building a "request config" in your app so SessionManager,
+ * AuthServer, UsageApi, and SubscribedPlanManager get a consistent, typed shape.
+ *
+ * - **ssiIssuerBaseUrl**, **ssiRedirectUri**, **ssiClientId**: passed to
+ *   AuthServer and SessionManager.fromEnv(cookieHeader, config).
+ * - **ssiApiUrl**: base URL for SSI Platform API (UsageApi, SubscribedPlanManager,
+ *   SSIProjectApi, etc.).
+ * - **baseUrl** / **apiUrl**: optional; for app use (e.g. redirect after login).
+ *   The library does not use these; they are included so apps can use this type
+ *   as the SSI subset of a larger RequestConfig.
+ */
+export type SSIRequestConfig = {
+    baseUrl?: string | null;
+    apiUrl?: string | null;
+    ssiApiUrl: string | null;
+    ssiIssuerBaseUrl: string | null;
+    ssiRedirectUri: string | null;
+    ssiClientId: string | null;
+};
+/**
+ * Union type accepted anywhere AuthConfig is accepted (AuthServer, SessionManager).
+ */
+export type AuthConfigInput = AuthConfig | SSIRequestConfig;
+/**
+ * Converts SSIRequestConfig to AuthConfig for use with AuthServer and SessionManager.
+ * Drops null/undefined so the library can fall back to env vars where appropriate.
+ */
+export declare function toAuthConfig(rc: SSIRequestConfig): AuthConfig;
+/**
+ * Normalizes AuthConfigInput to AuthConfig. Use internally so AuthServer and SessionManager
+ * accept both AuthConfig and SSIRequestConfig.
+ */
+export declare function normalizeAuthConfig(input: AuthConfigInput | undefined): AuthConfig | undefined;

package/lib/requestConfig.js

@@ -0,0 +1,34 @@
+"use strict";
+// requestConfig.ts
+// Types for config that host apps derive per-request and pass into AuthServer, SessionManager, and SSI API clients.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toAuthConfig = toAuthConfig;
+exports.normalizeAuthConfig = normalizeAuthConfig;
+function isSSIRequestConfig(x) {
+    return x != null && typeof x === 'object' && 'ssiIssuerBaseUrl' in x;
+}
+/**
+ * Converts SSIRequestConfig to AuthConfig for use with AuthServer and SessionManager.
+ * Drops null/undefined so the library can fall back to env vars where appropriate.
+ */
+function toAuthConfig(rc) {
+    const auth = {};
+    if (rc.ssiIssuerBaseUrl != null && rc.ssiIssuerBaseUrl !== '')
+        auth.issuerBaseUrl = rc.ssiIssuerBaseUrl;
+    if (rc.ssiRedirectUri != null && rc.ssiRedirectUri !== '')
+        auth.redirectUri = rc.ssiRedirectUri;
+    if (rc.ssiClientId != null && rc.ssiClientId !== '')
+        auth.clientId = rc.ssiClientId;
+    return auth;
+}
+/**
+ * Normalizes AuthConfigInput to AuthConfig. Use internally so AuthServer and SessionManager
+ * accept both AuthConfig and SSIRequestConfig.
+ */
+function normalizeAuthConfig(input) {
+    if (input == null)
+        return undefined;
+    if (isSSIRequestConfig(input))
+        return toAuthConfig(input);
+    return input;
+}

package/lib/session/SessionManager.d.ts

@@ -1,6 +1,7 @@
 import { SSIStorage } from '../storage/SSIStorage';
 import type { KVValue } from '../storage/types';
-import { AuthServer, type TokenResponse, type AuthConfig } from '../auth.server';
+import { AuthServer, type TokenResponse } from '../auth.server';
+import { type AuthConfigInput } from '../requestConfig';
 export declare const sessionRoles: {
     allRoles: string[];
     adminRoles: string[];
@@ -43,11 +44,12 @@ export declare class SessionManager {
     private authConfig?;
     private static inFlightRefresh;
     private freshnessOnce;
-    constructor(storage: SSIStorage, authConfig?: AuthConfig);
+    /** Accepts AuthConfig or SSIRequestConfig (e.g. from getRequestConfig(req)). */
+    constructor(storage: SSIStorage, authConfig?: AuthConfigInput);
     static fromEnv(): SessionManager;
-    static fromEnv(cookieHeader: string | null, authConfig?: AuthConfig): SessionManager;
-    static fromEnv(request: Request, authConfig?: AuthConfig): SessionManager;
-    static fromEnv(authConfig: AuthConfig): SessionManager;
+    static fromEnv(cookieHeader: string | null, authConfig?: AuthConfigInput): SessionManager;
+    static fromEnv(request: Request, authConfig?: AuthConfigInput): SessionManager;
+    static fromEnv(authConfig: AuthConfigInput): SessionManager;
     /**
      * Async version that attempts to auto-detect the cookie header from Next.js context
      * when called with no arguments. Falls back gracefully if not in a Next.js context.
@@ -65,9 +67,9 @@ export declare class SessionManager {
      * const session = await SessionManager.fromEnvAsync(request, { clientId: 'my-client-id' });
      */
     static fromEnvAsync(): Promise<SessionManager>;
-    static fromEnvAsync(cookieHeader: string | null, authConfig?: AuthConfig): Promise<SessionManager>;
-    static fromEnvAsync(request: Request, authConfig?: AuthConfig): Promise<SessionManager>;
-    static fromEnvAsync(authConfig: AuthConfig): Promise<SessionManager>;
+    static fromEnvAsync(cookieHeader: string | null, authConfig?: AuthConfigInput): Promise<SessionManager>;
+    static fromEnvAsync(request: Request, authConfig?: AuthConfigInput): Promise<SessionManager>;
+    static fromEnvAsync(authConfig: AuthConfigInput): Promise<SessionManager>;
     private parseCookies;
     get sessionId(): string | undefined;
     /** Cryptographically strong, URL-safe session id */

package/lib/session/SessionManager.js

@@ -4,6 +4,7 @@ exports.SessionManager = exports.sessionRoles = void 0;
 const SSIStorage_1 = require("../storage/SSIStorage");
 const crypto_1 = require("crypto");
 const auth_server_1 = require("../auth.server");
+const requestConfig_1 = require("../requestConfig");
 exports.sessionRoles = {
     allRoles: ['platform_admin', 'member', 'owner', 'admin', 'billing', 'readonly'],
     adminRoles: ['platform_admin', 'owner', 'admin'],
@@ -35,25 +36,22 @@ function resolveCookieDomain() {
     }
 }
 class SessionManager {
+    /** Accepts AuthConfig or SSIRequestConfig (e.g. from getRequestConfig(req)). */
     constructor(storage, authConfig) {
         // Per-request-instance guard so TTL/refresh is evaluated at most once per session
         this.freshnessOnce = new Map();
         this.storage = storage.withClass('session'); // pin class="session"
-        this.authConfig = authConfig;
+        this.authConfig = (0, requestConfig_1.normalizeAuthConfig)(authConfig);
     }
     static fromEnv(cookieHeaderOrRequestOrConfig, authConfig) {
-        // Handle case where first arg is AuthConfig (no cookie header/request)
         let actualAuthConfig;
         let cookieHeaderOrRequest;
-        if (cookieHeaderOrRequestOrConfig &&
-            typeof cookieHeaderOrRequestOrConfig === 'object' &&
-            !(cookieHeaderOrRequestOrConfig instanceof Request) &&
-            ('clientId' in cookieHeaderOrRequestOrConfig || 'issuerBaseUrl' in cookieHeaderOrRequestOrConfig)) {
-            // First arg is AuthConfig
+        const isConfigLike = (x) => x != null && typeof x === 'object' && !(x instanceof Request) &&
+            ('clientId' in x || 'issuerBaseUrl' in x || 'ssiClientId' in x || 'ssiIssuerBaseUrl' in x);
+        if (cookieHeaderOrRequestOrConfig && isConfigLike(cookieHeaderOrRequestOrConfig)) {
             actualAuthConfig = cookieHeaderOrRequestOrConfig;
         }
         else {
-            // First arg is cookie header/request, second is optional AuthConfig
             cookieHeaderOrRequest = cookieHeaderOrRequestOrConfig;
             actualAuthConfig = authConfig;
         }
@@ -73,18 +71,14 @@ class SessionManager {
         return session;
     }
     static async fromEnvAsync(cookieHeaderOrRequestOrConfig, authConfig) {
-        // Handle case where first arg is AuthConfig (no cookie header/request)
         let actualAuthConfig;
         let cookieHeaderOrRequest;
-        if (cookieHeaderOrRequestOrConfig &&
-            typeof cookieHeaderOrRequestOrConfig === 'object' &&
-            !(cookieHeaderOrRequestOrConfig instanceof Request) &&
-            ('clientId' in cookieHeaderOrRequestOrConfig || 'issuerBaseUrl' in cookieHeaderOrRequestOrConfig)) {
-            // First arg is AuthConfig
+        const isConfigLike = (x) => x != null && typeof x === 'object' && !(x instanceof Request) &&
+            ('clientId' in x || 'issuerBaseUrl' in x || 'ssiClientId' in x || 'ssiIssuerBaseUrl' in x);
+        if (cookieHeaderOrRequestOrConfig && isConfigLike(cookieHeaderOrRequestOrConfig)) {
             actualAuthConfig = cookieHeaderOrRequestOrConfig;
         }
         else {
-            // First arg is cookie header/request, second is optional AuthConfig
             cookieHeaderOrRequest = cookieHeaderOrRequestOrConfig;
             actualAuthConfig = authConfig;
         }
@@ -102,7 +96,6 @@ class SessionManager {
             // When called with no arguments, try to auto-detect cookie header from Next.js context
             try {
                 // Dynamic import of next/headers - only available in Next.js server context
-                // @ts-expect-error - next/headers types are available at runtime but TypeScript can't resolve them during package build
                 const { headers } = await import('next/headers');
                 const headersList = await headers();
                 if (headersList && typeof headersList.get === 'function') {

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@serialsubscriptions/platform-integration",
-    "version": "0.0.83",
+    "version": "0.0.85",
     "description": "Serial Subscriptions Libraries",
     "main": "lib/index.js",
     "types": "lib/index.d.ts",
@@ -67,5 +67,8 @@
     "peerDependencies": {
         "next": "^15.0.0"
     },
+    "optionalDependencies": {
+        "next": "^15.0.0"
+    },
     "license": "MIT"
 }