@sparkvault/sdk 1.24.2 → 1.24.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts +4 -3
- package/dist/index.d.ts +4 -3
- package/dist/sparkvault.cjs.js +49 -12
- package/dist/sparkvault.cjs.js.map +1 -1
- package/dist/sparkvault.esm.js +49 -12
- package/dist/sparkvault.esm.js.map +1 -1
- package/dist/sparkvault.js +1 -1
- package/dist/sparkvault.js.map +1 -1
- package/package.json +1 -1
package/dist/sparkvault.esm.js
CHANGED
|
@@ -64,6 +64,14 @@ class PopupBlockedError extends SparkVaultError {
|
|
|
64
64
|
/**
|
|
65
65
|
* SparkVault SDK Configuration
|
|
66
66
|
*/
|
|
67
|
+
// Hosts that are allowed to serve backend-issued ingot download URLs.
|
|
68
|
+
// Keep in sync with the sdk-mobile default in packages/sdk-mobile/src/config.ts.
|
|
69
|
+
const DEFAULT_ALLOWED_DOWNLOAD_HOST_PATTERNS = [
|
|
70
|
+
/(^|\.)sparkvault\.com$/i,
|
|
71
|
+
/(^|\.)(x|files|file|send|spark|by|at|db|auth)\.sv$/i,
|
|
72
|
+
/\.amazonaws\.com$/i,
|
|
73
|
+
/\.cloudfront\.net$/i,
|
|
74
|
+
];
|
|
67
75
|
const API_URL = 'https://api.sparkvault.com';
|
|
68
76
|
const IDENTITY_URL = 'https://api.sparkvault.com/v1/apps/identity';
|
|
69
77
|
function normalizeApiBaseUrl(url) {
|
|
@@ -84,7 +92,7 @@ function resolveConfig(config) {
|
|
|
84
92
|
apiKey: config.apiKey,
|
|
85
93
|
preloadConfig: config.preloadConfig !== false, // Default: true
|
|
86
94
|
backdropBlur: config.backdropBlur !== false, // Default: true
|
|
87
|
-
allowedDownloadHostPatterns: config.allowedDownloadHostPatterns,
|
|
95
|
+
allowedDownloadHostPatterns: config.allowedDownloadHostPatterns ?? DEFAULT_ALLOWED_DOWNLOAD_HOST_PATTERNS,
|
|
88
96
|
};
|
|
89
97
|
}
|
|
90
98
|
function validateConfig(config) {
|
|
@@ -9786,14 +9794,27 @@ class VaultsModule {
|
|
|
9786
9794
|
*/
|
|
9787
9795
|
async downloadIngot(vault, ingotId) {
|
|
9788
9796
|
const cleanId = ingotId.startsWith('ing_') ? ingotId : `ing_${ingotId}`;
|
|
9789
|
-
|
|
9790
|
-
|
|
9791
|
-
|
|
9792
|
-
|
|
9793
|
-
|
|
9797
|
+
let lastError = null;
|
|
9798
|
+
for (let attempt = 1; attempt <= DOWNLOAD_MAX_ATTEMPTS; attempt++) {
|
|
9799
|
+
try {
|
|
9800
|
+
const response = await this.http.post(`/v1/vaults/${vault.id}/ingots/${cleanId}/download`, undefined, {
|
|
9801
|
+
headers: { 'X-Vault-Access-Token': vault.vatToken },
|
|
9802
|
+
});
|
|
9803
|
+
if (!response.data.download_url) {
|
|
9804
|
+
throw new ValidationError('Download endpoint did not return a download URL');
|
|
9805
|
+
}
|
|
9806
|
+
this.validateDownloadUrl(response.data.download_url);
|
|
9807
|
+
return await fetchBlobWithTimeout(response.data.download_url);
|
|
9808
|
+
}
|
|
9809
|
+
catch (err) {
|
|
9810
|
+
lastError = err instanceof Error ? err : new Error(String(err));
|
|
9811
|
+
if (!isRetryableDownloadError(lastError) || attempt === DOWNLOAD_MAX_ATTEMPTS) {
|
|
9812
|
+
throw lastError;
|
|
9813
|
+
}
|
|
9814
|
+
await delayExponential(attempt);
|
|
9815
|
+
}
|
|
9794
9816
|
}
|
|
9795
|
-
|
|
9796
|
-
return fetchBlobWithTimeout(response.data.download_url);
|
|
9817
|
+
throw lastError ?? new Error('Download failed');
|
|
9797
9818
|
}
|
|
9798
9819
|
/**
|
|
9799
9820
|
* List all ingots in an unsealed vault.
|
|
@@ -9854,9 +9875,6 @@ class VaultsModule {
|
|
|
9854
9875
|
throw new ValidationError('Download URL must use HTTPS');
|
|
9855
9876
|
}
|
|
9856
9877
|
const allowedHosts = this.config.allowedDownloadHostPatterns;
|
|
9857
|
-
if (!allowedHosts?.length) {
|
|
9858
|
-
return;
|
|
9859
|
-
}
|
|
9860
9878
|
if (!allowedHosts.some(pattern => pattern.test(parsed.hostname))) {
|
|
9861
9879
|
throw new ValidationError('Invalid download URL from server');
|
|
9862
9880
|
}
|
|
@@ -9940,13 +9958,32 @@ function uploadChunkWithProgress(uploadUrl, chunk, chunkStart, totalSize, tusVer
|
|
|
9940
9958
|
xhr.send(chunk);
|
|
9941
9959
|
});
|
|
9942
9960
|
}
|
|
9961
|
+
const DOWNLOAD_MAX_ATTEMPTS = 3;
|
|
9962
|
+
const DOWNLOAD_RETRY_BASE_MS = 500;
|
|
9963
|
+
function delayExponential(attempt) {
|
|
9964
|
+
return new Promise(resolve => setTimeout(resolve, DOWNLOAD_RETRY_BASE_MS * 2 ** (attempt - 1)));
|
|
9965
|
+
}
|
|
9966
|
+
function isRetryableDownloadError(err) {
|
|
9967
|
+
// Server contract / client-side validation errors aren't fixed by retrying.
|
|
9968
|
+
if (err instanceof ValidationError)
|
|
9969
|
+
return false;
|
|
9970
|
+
// Network errors carry a status code only when the SDK HTTP client attached
|
|
9971
|
+
// one; treat any explicitly-4xx response as a permanent failure.
|
|
9972
|
+
const status = err.statusCode;
|
|
9973
|
+
if (typeof status === 'number' && status >= 400 && status < 500 && status !== 408 && status !== 429) {
|
|
9974
|
+
return false;
|
|
9975
|
+
}
|
|
9976
|
+
return true;
|
|
9977
|
+
}
|
|
9943
9978
|
async function fetchBlobWithTimeout(url, timeout = 300000) {
|
|
9944
9979
|
const controller = new AbortController();
|
|
9945
9980
|
const timeoutId = setTimeout(() => controller.abort(), timeout);
|
|
9946
9981
|
try {
|
|
9947
9982
|
const response = await fetch(url, { signal: controller.signal });
|
|
9948
9983
|
if (!response.ok) {
|
|
9949
|
-
|
|
9984
|
+
const error = new Error(`Download failed with status ${response.status}`);
|
|
9985
|
+
error.statusCode = response.status;
|
|
9986
|
+
throw error;
|
|
9950
9987
|
}
|
|
9951
9988
|
return response.blob();
|
|
9952
9989
|
}
|