@spacelr/sdk 0.1.9 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -744,9 +744,15 @@ interface FunctionInvokeOptions {
744
744
  /** Webhook secret — used for `webhook` and `hybrid` invokeMode. */
745
745
  secret?: string;
746
746
  /**
747
- * If true, the SDK attaches the currently signed-in user's bearer token
748
- * via `Authorization` (managed by the SDK's TokenManager). Use for
749
- * `authenticated`, `hybrid`, or `public` invokeMode.
747
+ * Whether to attach the signed-in user's bearer token via `Authorization`
748
+ * (managed by the SDK's TokenManager).
749
+ *
750
+ * Default: `true` when no `secret` is provided, `false` when `secret` is
751
+ * set. Override explicitly for the hybrid case (provide both) or to
752
+ * suppress the header even when logged in.
753
+ *
754
+ * If `true` but the user is not signed in, the header is simply omitted —
755
+ * safe for `public` invokeMode.
750
756
  */
751
757
  authenticated?: boolean;
752
758
  payload?: Record<string, unknown>;
@@ -761,12 +767,17 @@ declare class FunctionsModule {
761
767
  constructor(http: HttpClient);
762
768
  /**
763
769
  * Invoke a function.
764
- * Calls POST /api/v1/functions/:projectId/:functionId/invoke
770
+ * Calls POST `/functions/:projectId/:functionId/invoke`, resolved against
771
+ * `config.apiUrl` (which already carries the `/api/v1` prefix).
772
+ *
773
+ * Auth defaults, based on `invokeMode` semantics:
774
+ * - webhook: pass `secret` → Authorization is NOT attached
775
+ * - authenticated: pass nothing → Authorization IS attached (from token manager)
776
+ * - public: pass nothing → Authorization is attached if logged in, else omitted
777
+ * - hybrid: pass both `secret` and `authenticated: true`
765
778
  *
766
- * Provide `secret` for webhook/hybrid functions, `authenticated: true` for
767
- * JWT-based invocation, or both for hybrid (JWT wins). Public mode needs
768
- * neither, though `authenticated: true` still populates `event.auth` inside
769
- * the function.
779
+ * To force a specific behaviour, set `authenticated` explicitly — it wins
780
+ * over the `secret`-based default.
770
781
  */
771
782
  invoke(projectId: string, functionId: string, options?: FunctionInvokeOptions): Promise<FunctionInvokeResult>;
772
783
  }
package/dist/index.d.ts CHANGED
@@ -744,9 +744,15 @@ interface FunctionInvokeOptions {
744
744
  /** Webhook secret — used for `webhook` and `hybrid` invokeMode. */
745
745
  secret?: string;
746
746
  /**
747
- * If true, the SDK attaches the currently signed-in user's bearer token
748
- * via `Authorization` (managed by the SDK's TokenManager). Use for
749
- * `authenticated`, `hybrid`, or `public` invokeMode.
747
+ * Whether to attach the signed-in user's bearer token via `Authorization`
748
+ * (managed by the SDK's TokenManager).
749
+ *
750
+ * Default: `true` when no `secret` is provided, `false` when `secret` is
751
+ * set. Override explicitly for the hybrid case (provide both) or to
752
+ * suppress the header even when logged in.
753
+ *
754
+ * If `true` but the user is not signed in, the header is simply omitted —
755
+ * safe for `public` invokeMode.
750
756
  */
751
757
  authenticated?: boolean;
752
758
  payload?: Record<string, unknown>;
@@ -761,12 +767,17 @@ declare class FunctionsModule {
761
767
  constructor(http: HttpClient);
762
768
  /**
763
769
  * Invoke a function.
764
- * Calls POST /api/v1/functions/:projectId/:functionId/invoke
770
+ * Calls POST `/functions/:projectId/:functionId/invoke`, resolved against
771
+ * `config.apiUrl` (which already carries the `/api/v1` prefix).
772
+ *
773
+ * Auth defaults, based on `invokeMode` semantics:
774
+ * - webhook: pass `secret` → Authorization is NOT attached
775
+ * - authenticated: pass nothing → Authorization IS attached (from token manager)
776
+ * - public: pass nothing → Authorization is attached if logged in, else omitted
777
+ * - hybrid: pass both `secret` and `authenticated: true`
765
778
  *
766
- * Provide `secret` for webhook/hybrid functions, `authenticated: true` for
767
- * JWT-based invocation, or both for hybrid (JWT wins). Public mode needs
768
- * neither, though `authenticated: true` still populates `event.auth` inside
769
- * the function.
779
+ * To force a specific behaviour, set `authenticated` explicitly — it wins
780
+ * over the `secret`-based default.
770
781
  */
771
782
  invoke(projectId: string, functionId: string, options?: FunctionInvokeOptions): Promise<FunctionInvokeResult>;
772
783
  }
package/dist/index.js CHANGED
@@ -1773,24 +1773,31 @@ var FunctionsModule = class {
1773
1773
  }
1774
1774
  /**
1775
1775
  * Invoke a function.
1776
- * Calls POST /api/v1/functions/:projectId/:functionId/invoke
1776
+ * Calls POST `/functions/:projectId/:functionId/invoke`, resolved against
1777
+ * `config.apiUrl` (which already carries the `/api/v1` prefix).
1777
1778
  *
1778
- * Provide `secret` for webhook/hybrid functions, `authenticated: true` for
1779
- * JWT-based invocation, or both for hybrid (JWT wins). Public mode needs
1780
- * neither, though `authenticated: true` still populates `event.auth` inside
1781
- * the function.
1779
+ * Auth defaults, based on `invokeMode` semantics:
1780
+ * - webhook: pass `secret` Authorization is NOT attached
1781
+ * - authenticated: pass nothing → Authorization IS attached (from token manager)
1782
+ * - public: pass nothing → Authorization is attached if logged in, else omitted
1783
+ * - hybrid: pass both `secret` and `authenticated: true`
1784
+ *
1785
+ * To force a specific behaviour, set `authenticated` explicitly — it wins
1786
+ * over the `secret`-based default.
1782
1787
  */
1783
1788
  async invoke(projectId, functionId, options = {}) {
1789
+ const hasSecret = (options.secret?.length ?? 0) > 0;
1784
1790
  const headers = {};
1785
- if (options.secret) {
1791
+ if (hasSecret) {
1786
1792
  headers["X-Webhook-Secret"] = options.secret;
1787
1793
  }
1794
+ const authenticated = options.authenticated ?? !hasSecret;
1788
1795
  return this.http.request({
1789
1796
  method: "POST",
1790
- path: `/api/v1/functions/${encodeURIComponent(projectId)}/${encodeURIComponent(functionId)}/invoke`,
1797
+ path: `/functions/${encodeURIComponent(projectId)}/${encodeURIComponent(functionId)}/invoke`,
1791
1798
  headers,
1792
1799
  body: options.payload ?? {},
1793
- authenticated: options.authenticated ?? false
1800
+ authenticated
1794
1801
  });
1795
1802
  }
1796
1803
  };