@sparkvault/sdk 1.24.2 → 1.24.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/config.d.ts +4 -3
  2. package/dist/index.d.ts +4 -3
  3. package/dist/sparkvault.cjs.js +49 -12
  4. package/dist/sparkvault.cjs.js.map +1 -1
  5. package/dist/sparkvault.esm.js +49 -12
  6. package/dist/sparkvault.esm.js.map +1 -1
  7. package/dist/sparkvault.js +1 -1
  8. package/dist/sparkvault.js.map +1 -1
  9. package/package.json +1 -1
package/dist/config.d.ts CHANGED
@@ -26,8 +26,9 @@ export interface SparkVaultConfig {
26
26
  /** Enable backdrop blur on dialogs (default: true) */
27
27
  backdropBlur?: boolean;
28
28
  /**
29
- * Optional host allowlist for backend-issued ingot download URLs.
30
- * When omitted, the SDK preserves the existing HTTPS-only validation behavior.
29
+ * Host allowlist for backend-issued ingot download URLs. Defaults to the
30
+ * canonical SparkVault Forge / S3 / CloudFront hosts. Override only when
31
+ * pointing at a custom deployment.
31
32
  */
32
33
  allowedDownloadHostPatterns?: RegExp[];
33
34
  }
@@ -41,7 +42,7 @@ export interface ResolvedConfig {
41
42
  apiKey?: string;
42
43
  preloadConfig: boolean;
43
44
  backdropBlur: boolean;
44
- allowedDownloadHostPatterns?: RegExp[];
45
+ allowedDownloadHostPatterns: RegExp[];
45
46
  }
46
47
  export declare function resolveConfig(config: SparkVaultConfig): ResolvedConfig;
47
48
  export declare function validateConfig(config: SparkVaultConfig): void;
package/dist/index.d.ts CHANGED
@@ -26,8 +26,9 @@ interface SparkVaultConfig {
26
26
  /** Enable backdrop blur on dialogs (default: true) */
27
27
  backdropBlur?: boolean;
28
28
  /**
29
- * Optional host allowlist for backend-issued ingot download URLs.
30
- * When omitted, the SDK preserves the existing HTTPS-only validation behavior.
29
+ * Host allowlist for backend-issued ingot download URLs. Defaults to the
30
+ * canonical SparkVault Forge / S3 / CloudFront hosts. Override only when
31
+ * pointing at a custom deployment.
31
32
  */
32
33
  allowedDownloadHostPatterns?: RegExp[];
33
34
  }
@@ -41,7 +42,7 @@ interface ResolvedConfig {
41
42
  apiKey?: string;
42
43
  preloadConfig: boolean;
43
44
  backdropBlur: boolean;
44
- allowedDownloadHostPatterns?: RegExp[];
45
+ allowedDownloadHostPatterns: RegExp[];
45
46
  }
46
47
 
47
48
  interface HealthCheckOptions {
package/dist/sparkvault.cjs.js CHANGED
@@ -68,6 +68,14 @@ class PopupBlockedError extends SparkVaultError {
68
68
  /**
69
69
  * SparkVault SDK Configuration
70
70
  */
71
+ // Hosts that are allowed to serve backend-issued ingot download URLs.
72
+ // Keep in sync with the sdk-mobile default in packages/sdk-mobile/src/config.ts.
73
+ const DEFAULT_ALLOWED_DOWNLOAD_HOST_PATTERNS = [
74
+ /(^|\.)sparkvault\.com$/i,
75
+ /(^|\.)(x|files|file|send|spark|by|at|db|auth)\.sv$/i,
76
+ /\.amazonaws\.com$/i,
77
+ /\.cloudfront\.net$/i,
78
+ ];
71
79
  const API_URL = 'https://api.sparkvault.com';
72
80
  const IDENTITY_URL = 'https://api.sparkvault.com/v1/apps/identity';
73
81
  function normalizeApiBaseUrl(url) {
@@ -88,7 +96,7 @@ function resolveConfig(config) {
88
96
  apiKey: config.apiKey,
89
97
  preloadConfig: config.preloadConfig !== false, // Default: true
90
98
  backdropBlur: config.backdropBlur !== false, // Default: true
91
- allowedDownloadHostPatterns: config.allowedDownloadHostPatterns,
99
+ allowedDownloadHostPatterns: config.allowedDownloadHostPatterns ?? DEFAULT_ALLOWED_DOWNLOAD_HOST_PATTERNS,
92
100
  };
93
101
  }
94
102
  function validateConfig(config) {
@@ -9790,14 +9798,27 @@ class VaultsModule {
9790
9798
  */
9791
9799
  async downloadIngot(vault, ingotId) {
9792
9800
  const cleanId = ingotId.startsWith('ing_') ? ingotId : `ing_${ingotId}`;
9793
- const response = await this.http.post(`/v1/vaults/${vault.id}/ingots/${cleanId}/download`, undefined, {
9794
- headers: { 'X-Vault-Access-Token': vault.vatToken },
9795
- });
9796
- if (!response.data.download_url) {
9797
- throw new ValidationError('Download endpoint did not return a download URL');
9801
+ let lastError = null;
9802
+ for (let attempt = 1; attempt <= DOWNLOAD_MAX_ATTEMPTS; attempt++) {
9803
+ try {
9804
+ const response = await this.http.post(`/v1/vaults/${vault.id}/ingots/${cleanId}/download`, undefined, {
9805
+ headers: { 'X-Vault-Access-Token': vault.vatToken },
9806
+ });
9807
+ if (!response.data.download_url) {
9808
+ throw new ValidationError('Download endpoint did not return a download URL');
9809
+ }
9810
+ this.validateDownloadUrl(response.data.download_url);
9811
+ return await fetchBlobWithTimeout(response.data.download_url);
9812
+ }
9813
+ catch (err) {
9814
+ lastError = err instanceof Error ? err : new Error(String(err));
9815
+ if (!isRetryableDownloadError(lastError) || attempt === DOWNLOAD_MAX_ATTEMPTS) {
9816
+ throw lastError;
9817
+ }
9818
+ await delayExponential(attempt);
9819
+ }
9798
9820
  }
9799
- this.validateDownloadUrl(response.data.download_url);
9800
- return fetchBlobWithTimeout(response.data.download_url);
9821
+ throw lastError ?? new Error('Download failed');
9801
9822
  }
9802
9823
  /**
9803
9824
  * List all ingots in an unsealed vault.
@@ -9858,9 +9879,6 @@ class VaultsModule {
9858
9879
  throw new ValidationError('Download URL must use HTTPS');
9859
9880
  }
9860
9881
  const allowedHosts = this.config.allowedDownloadHostPatterns;
9861
- if (!allowedHosts?.length) {
9862
- return;
9863
- }
9864
9882
  if (!allowedHosts.some(pattern => pattern.test(parsed.hostname))) {
9865
9883
  throw new ValidationError('Invalid download URL from server');
9866
9884
  }
@@ -9944,13 +9962,32 @@ function uploadChunkWithProgress(uploadUrl, chunk, chunkStart, totalSize, tusVer
9944
9962
  xhr.send(chunk);
9945
9963
  });
9946
9964
  }
9965
+ const DOWNLOAD_MAX_ATTEMPTS = 3;
9966
+ const DOWNLOAD_RETRY_BASE_MS = 500;
9967
+ function delayExponential(attempt) {
9968
+ return new Promise(resolve => setTimeout(resolve, DOWNLOAD_RETRY_BASE_MS * 2 ** (attempt - 1)));
9969
+ }
9970
+ function isRetryableDownloadError(err) {
9971
+ // Server contract / client-side validation errors aren't fixed by retrying.
9972
+ if (err instanceof ValidationError)
9973
+ return false;
9974
+ // Network errors carry a status code only when the SDK HTTP client attached
9975
+ // one; treat any explicitly-4xx response as a permanent failure.
9976
+ const status = err.statusCode;
9977
+ if (typeof status === 'number' && status >= 400 && status < 500 && status !== 408 && status !== 429) {
9978
+ return false;
9979
+ }
9980
+ return true;
9981
+ }
9947
9982
  async function fetchBlobWithTimeout(url, timeout = 300000) {
9948
9983
  const controller = new AbortController();
9949
9984
  const timeoutId = setTimeout(() => controller.abort(), timeout);
9950
9985
  try {
9951
9986
  const response = await fetch(url, { signal: controller.signal });
9952
9987
  if (!response.ok) {
9953
- throw new Error(`Download failed with status ${response.status}`);
9988
+ const error = new Error(`Download failed with status ${response.status}`);
9989
+ error.statusCode = response.status;
9990
+ throw error;
9954
9991
  }
9955
9992
  return response.blob();
9956
9993
  }