@squadbase/vite-server 0.1.12-dev.93b8799 → 0.1.17-dev.24af54e

package/dist/connectors/google-analytics.js

@@ -1,51 +1,63 @@
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+
 // ../connectors/src/parameter-definition.ts
-var ParameterDefinition = class {
-  slug;
-  name;
-  description;
-  envVarBaseKey;
-  type;
-  secret;
-  required;
-  constructor(config) {
-    this.slug = config.slug;
-    this.name = config.name;
-    this.description = config.description;
-    this.envVarBaseKey = config.envVarBaseKey;
-    this.type = config.type;
-    this.secret = config.secret;
-    this.required = config.required;
-  }
-  /**
-   * Get the parameter value from a ConnectorConnectionObject.
-   */
-  getValue(connection2) {
-    const param = connection2.parameters.find(
-      (p) => p.parameterSlug === this.slug
-    );
-    if (!param || param.value == null) {
-      throw new Error(
-        `Parameter "${this.slug}" not found or has no value in connection "${connection2.id}"`
-      );
-    }
-    return param.value;
-  }
-  /**
-   * Try to get the parameter value. Returns undefined if not found (for optional params).
-   */
-  tryGetValue(connection2) {
-    const param = connection2.parameters.find(
-      (p) => p.parameterSlug === this.slug
-    );
-    if (!param || param.value == null) return void 0;
-    return param.value;
+var ParameterDefinition;
+var init_parameter_definition = __esm({
+  "../connectors/src/parameter-definition.ts"() {
+    "use strict";
+    ParameterDefinition = class {
+      slug;
+      name;
+      description;
+      envVarBaseKey;
+      type;
+      secret;
+      required;
+      constructor(config) {
+        this.slug = config.slug;
+        this.name = config.name;
+        this.description = config.description;
+        this.envVarBaseKey = config.envVarBaseKey;
+        this.type = config.type;
+        this.secret = config.secret;
+        this.required = config.required;
+      }
+      /**
+       * Get the parameter value from a ConnectorConnectionObject.
+       */
+      getValue(connection2) {
+        const param = connection2.parameters.find(
+          (p) => p.parameterSlug === this.slug
+        );
+        if (!param || param.value == null) {
+          throw new Error(
+            `Parameter "${this.slug}" not found or has no value in connection "${connection2.id}"`
+          );
+        }
+        return param.value;
+      }
+      /**
+       * Try to get the parameter value. Returns undefined if not found (for optional params).
+       */
+      tryGetValue(connection2) {
+        const param = connection2.parameters.find(
+          (p) => p.parameterSlug === this.slug
+        );
+        if (!param || param.value == null) return void 0;
+        return param.value;
+      }
+    };
   }
-};
+});
 
 // ../connectors/src/connectors/google-analytics/sdk/index.ts
 import * as crypto from "crypto";
 
 // ../connectors/src/connectors/google-analytics/parameters.ts
+init_parameter_definition();
 var parameters = {
   serviceAccountKeyJsonBase64: new ParameterDefinition({
     slug: "service-account-key-json-base64",
@@ -125,7 +137,7 @@ function createClient(params) {
   }
   let cachedToken = null;
   let tokenExpiresAt = 0;
-  async function getAccessToken() {
+  async function getAccessToken2() {
     const nowSec = Math.floor(Date.now() / 1e3);
     if (cachedToken && nowSec < tokenExpiresAt - 60) {
       return cachedToken;
@@ -156,7 +168,7 @@ function createClient(params) {
   }
   return {
     async request(path2, init) {
-      const accessToken = await getAccessToken();
+      const accessToken = await getAccessToken2();
       const resolvedPath = path2.replace(/\{propertyId\}/g, propertyId);
       const url = `${BASE_URL.replace(/\/+$/, "")}/${resolvedPath.replace(/^\/+/, "")}`;
       const headers = new Headers(init?.headers);
@@ -288,6 +300,20 @@ var ConnectorPlugin = class _ConnectorPlugin {
    * `runSetupFlow` from `setup-flow.ts`.
    */
   setup;
+  /**
+   * Opt-out of the default "verify before save" behavior on connection
+   * creation. The backend invokes `checkConnection` synchronously while
+   * creating the connection and aborts (no row inserted) if it fails — this
+   * flag disables that for connectors where the check cannot succeed pre-save:
+   *
+   *   - `squadbase-db` populates `connection-url` only after Neon provisioning
+   *   - OAuth connectors require an OAuth-aware proxyFetch keyed by the
+   *     connectionId, which doesn't exist until the row is saved
+   *
+   * Exceptions are the explicit position; new credential-input connectors get
+   * the default verify-on-create behavior without opt-in.
+   */
+  skipConnectionCheckOnCreate;
   constructor(config) {
     this.slug = config.slug;
     this.authType = config.authType;
@@ -305,6 +331,7 @@ var ConnectorPlugin = class _ConnectorPlugin {
     this.query = config.query;
     this.checkConnection = config.checkConnection;
     this.setup = config.setup;
+    this.skipConnectionCheckOnCreate = config.skipConnectionCheckOnCreate;
   }
   get connectorKey() {
     return _ConnectorPlugin.deriveKey(this.slug, this.authType);
@@ -369,6 +396,51 @@ var ConnectorPlugin = class _ConnectorPlugin {
   }
 };
 
+// ../connectors/src/setup-flow.ts
+async function runSetupFlow(flow, params, ctx, config) {
+  const runtime = {
+    params,
+    language: ctx.language,
+    config
+  };
+  let state = flow.initialState();
+  let answerIdx = 0;
+  for (const step of flow.steps) {
+    const ans = ctx.answers[answerIdx];
+    if (ans && ans.questionSlug === step.slug) {
+      state = step.applyAnswer(state, ans.answer);
+      answerIdx += 1;
+      continue;
+    }
+    if (step.type === "text") {
+      return {
+        type: "nextQuestion",
+        questionSlug: step.slug,
+        question: step.question[ctx.language],
+        questionType: "text"
+      };
+    }
+    const options = step.fetchOptions ? await step.fetchOptions(state, runtime) : [];
+    if (options.length === 0) {
+      continue;
+    }
+    return {
+      type: "nextQuestion",
+      questionSlug: step.slug,
+      question: step.question[ctx.language],
+      questionType: step.type,
+      options
+    };
+  }
+  const dataInvestigationResult = await flow.finalize(state, runtime);
+  return { type: "fulfilled", dataInvestigationResult };
+}
+async function resolveSetupSelection(params) {
+  const { selected, allSentinel, fetchAll, limit } = params;
+  const resolved = selected.includes(allSentinel) ? await fetchAll() : selected.filter((v) => v !== allSentinel);
+  return resolved.slice(0, limit);
+}
+
 // ../connectors/src/auth-types.ts
 var AUTH_TYPES = {
   OAUTH: "oauth",
@@ -389,6 +461,219 @@ var googleAnalyticsOnboarding = new ConnectorOnboarding({
   }
 });
 
+// ../connectors/src/connectors/google-analytics/utils.ts
+import * as crypto2 from "crypto";
+var TOKEN_URL2 = "https://oauth2.googleapis.com/token";
+var ADMIN_BASE_URL = "https://analyticsadmin.googleapis.com/v1beta";
+var SCOPE2 = "https://www.googleapis.com/auth/analytics.readonly";
+function base64url2(input) {
+  const buf = typeof input === "string" ? Buffer.from(input) : input;
+  return buf.toString("base64url");
+}
+function buildJwt2(clientEmail, privateKey, nowSec) {
+  const header = base64url2(JSON.stringify({ alg: "RS256", typ: "JWT" }));
+  const payload = base64url2(
+    JSON.stringify({
+      iss: clientEmail,
+      scope: SCOPE2,
+      aud: TOKEN_URL2,
+      iat: nowSec,
+      exp: nowSec + 3600
+    })
+  );
+  const signingInput = `${header}.${payload}`;
+  const sign = crypto2.createSign("RSA-SHA256");
+  sign.update(signingInput);
+  sign.end();
+  const signature = base64url2(sign.sign(privateKey));
+  return `${signingInput}.${signature}`;
+}
+function decodeServiceAccount(serviceAccountKeyJsonBase64) {
+  let serviceAccountKey;
+  try {
+    const decoded = Buffer.from(
+      serviceAccountKeyJsonBase64,
+      "base64"
+    ).toString("utf-8");
+    serviceAccountKey = JSON.parse(decoded);
+  } catch {
+    throw new Error(
+      "google-analytics: failed to decode service account key JSON from base64"
+    );
+  }
+  if (!serviceAccountKey.client_email || !serviceAccountKey.private_key) {
+    throw new Error(
+      "google-analytics: service account key JSON must contain client_email and private_key"
+    );
+  }
+  return serviceAccountKey;
+}
+async function getAccessToken(serviceAccountKey) {
+  const nowSec = Math.floor(Date.now() / 1e3);
+  const jwt = buildJwt2(
+    serviceAccountKey.client_email,
+    serviceAccountKey.private_key,
+    nowSec
+  );
+  const response = await fetch(TOKEN_URL2, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "urn:ietf:params:oauth:grant-type:jwt-bearer",
+      assertion: jwt
+    })
+  });
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(
+      `google-analytics: token exchange failed (${response.status}): ${text}`
+    );
+  }
+  const data = await response.json();
+  return data.access_token;
+}
+async function adminFetch(params, path2, init) {
+  const keyJsonBase64 = params[parameters.serviceAccountKeyJsonBase64.slug];
+  if (!keyJsonBase64) {
+    throw new Error(
+      "google-analytics: missing required parameter: service-account-key-json-base64"
+    );
+  }
+  const serviceAccountKey = decodeServiceAccount(keyJsonBase64);
+  const accessToken = await getAccessToken(serviceAccountKey);
+  const url = `${ADMIN_BASE_URL}${path2.startsWith("/") ? "" : "/"}${path2}`;
+  const headers = new Headers(init?.headers);
+  headers.set("Authorization", `Bearer ${accessToken}`);
+  return fetch(url, { ...init, headers });
+}
+
+// ../connectors/src/connectors/google-analytics/setup-flow.ts
+var ALL_PROPERTIES = "__ALL_PROPERTIES__";
+var GOOGLE_ANALYTICS_SETUP_MAX_PROPERTIES = 20;
+async function listAccountSummaries(params) {
+  const summaries = [];
+  let pageToken;
+  do {
+    const path2 = pageToken ? `/accountSummaries?pageToken=${encodeURIComponent(pageToken)}` : `/accountSummaries`;
+    const res = await adminFetch(params, path2);
+    if (!res.ok) {
+      const body = await res.text().catch(() => res.statusText);
+      throw new Error(
+        `google-analytics: accountSummaries failed (${res.status}): ${body}`
+      );
+    }
+    const data = await res.json();
+    summaries.push(...data.accountSummaries ?? []);
+    pageToken = data.nextPageToken;
+  } while (pageToken);
+  return summaries;
+}
+function propertyIdFromResource(resource) {
+  return (resource ?? "").replace(/^properties\//, "");
+}
+async function getProperty(params, propertyId) {
+  const res = await adminFetch(params, `/properties/${propertyId}`);
+  if (!res.ok) return null;
+  return await res.json();
+}
+var googleAnalyticsSetupFlow = {
+  initialState: () => ({}),
+  steps: [
+    {
+      slug: "account",
+      type: "select",
+      question: {
+        ja: "Google Analytics \u30A2\u30AB\u30A6\u30F3\u30C8\u3092\u9078\u3093\u3067\u304F\u3060\u3055\u3044",
+        en: "Select a Google Analytics account"
+      },
+      async fetchOptions(_state, rt) {
+        const summaries = await listAccountSummaries(rt.params);
+        return summaries.map((s) => {
+          const accountResource = s.account ?? s.name ?? "";
+          if (!accountResource) return null;
+          return {
+            value: accountResource,
+            label: s.displayName ?? accountResource
+          };
+        }).filter((v) => v != null);
+      },
+      applyAnswer: (state, answer) => ({ ...state, account: answer[0] })
+    },
+    {
+      slug: "properties",
+      type: "multiSelect",
+      question: {
+        ja: "\u5BFE\u8C61\u306E GA4 \u30D7\u30ED\u30D1\u30C6\u30A3\u3092\u9078\u3093\u3067\u304F\u3060\u3055\u3044\uFF08\u8907\u6570\u9078\u629E\u53EF\uFF09",
+        en: "Select target GA4 properties (multi-select allowed)"
+      },
+      async fetchOptions(state, rt) {
+        if (!state.account) return [];
+        const summaries = await listAccountSummaries(rt.params);
+        const account = summaries.find(
+          (s) => (s.account ?? s.name) === state.account
+        );
+        const props = (account?.propertySummaries ?? []).map((p) => {
+          const id = propertyIdFromResource(p.property);
+          if (!id) return null;
+          return {
+            value: id,
+            label: p.displayName ? `${p.displayName} (${id})` : id
+          };
+        }).filter((v) => v != null);
+        if (props.length === 0) return [];
+        return [
+          {
+            value: ALL_PROPERTIES,
+            label: rt.language === "ja" ? "\u3059\u3079\u3066\u306E\u30D7\u30ED\u30D1\u30C6\u30A3" : "All properties"
+          },
+          ...props
+        ];
+      },
+      applyAnswer: (state, answer) => ({ ...state, properties: answer })
+    }
+  ],
+  async finalize(state, rt) {
+    if (!state.account || !state.properties) {
+      throw new Error("Google Analytics setup: incomplete state on finalize");
+    }
+    const summaries = await listAccountSummaries(rt.params);
+    const account = summaries.find(
+      (s) => (s.account ?? s.name) === state.account
+    );
+    const accountLabel = account?.displayName ?? state.account.replace(/^accounts\//, "");
+    const targetPropertyIds = await resolveSetupSelection({
+      selected: state.properties,
+      allSentinel: ALL_PROPERTIES,
+      fetchAll: async () => (account?.propertySummaries ?? []).map((p) => propertyIdFromResource(p.property)).filter((v) => v),
+      limit: GOOGLE_ANALYTICS_SETUP_MAX_PROPERTIES
+    });
+    const sections = [
+      "## Google Analytics",
+      "",
+      `### Account: ${accountLabel}`,
+      ""
+    ];
+    if (targetPropertyIds.length === 0) {
+      sections.push("_No properties selected._", "");
+      return sections.join("\n");
+    }
+    sections.push("| Property ID | Display Name | Time Zone | Currency | Industry |");
+    sections.push("|-------------|--------------|-----------|----------|----------|");
+    for (const propertyId of targetPropertyIds) {
+      const prop = await getProperty(rt.params, propertyId);
+      const displayName = (prop?.displayName ?? "-").replace(/\|/g, "\\|");
+      const timeZone = prop?.timeZone ?? "-";
+      const currency = prop?.currencyCode ?? "-";
+      const industry = (prop?.industryCategory ?? "-").replace(/\|/g, "\\|");
+      sections.push(
+        `| ${propertyId} | ${displayName} | ${timeZone} | ${currency} | ${industry} |`
+      );
+    }
+    sections.push("");
+    return sections.join("\n");
+  }
+};
+
 // ../connectors/src/connectors/google-analytics/tools/request.ts
 import { z } from "zod";
 var BASE_URL2 = "https://analyticsdata.googleapis.com/v1beta/";
@@ -622,7 +907,31 @@ activeUsers, sessions, screenPageViews, bounceRate, averageSessionDuration, conv
 - \u7D76\u5BFE\u5024: \`"2024-01-01"\`
 - \u76F8\u5BFE\u5024: \`"today"\`, \`"yesterday"\`, \`"7daysAgo"\`, \`"30daysAgo"\``
   },
-  tools
+  tools,
+  setup: (params, ctx, config) => runSetupFlow(googleAnalyticsSetupFlow, params, ctx, config),
+  async checkConnection(params, _config) {
+    const keyJsonBase64 = params[parameters.serviceAccountKeyJsonBase64.slug];
+    if (!keyJsonBase64) {
+      return {
+        success: false,
+        error: "google-analytics: missing service account key"
+      };
+    }
+    try {
+      const res = await adminFetch(params, "/accountSummaries?pageSize=1");
+      if (!res.ok) {
+        const body = await res.text().catch(() => res.statusText);
+        return {
+          success: false,
+          error: `google-analytics: accountSummaries failed (${res.status}): ${body}`
+        };
+      }
+      return { success: true };
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return { success: false, error: msg };
+    }
+  }
 });
 
 // src/connectors/create-connector-sdk.ts
@@ -651,6 +960,7 @@ function resolveEnvVarOptional(entry, key) {
 import { getContext } from "hono/context-storage";
 import { getCookie } from "hono/cookie";
 var APP_SESSION_COOKIE_NAME = "__Host-squadbase-session";
+var TABLEAU_SESSION_SENTINEL_URL = "squadbase://tableau-session/";
 function normalizeHeaders(input) {
   const out = {};
   if (!input) return out;
@@ -659,6 +969,11 @@ function normalizeHeaders(input) {
   });
   return out;
 }
+function extractInputUrl(input) {
+  if (typeof input === "string") return input;
+  if (input instanceof URL) return input.href;
+  return input.url;
+}
 function createSandboxProxyFetch(connectionId) {
   return async (input, init) => {
     const token = process.env.INTERNAL_SQUADBASE_OAUTH_MACHINE_CREDENTIAL;
@@ -668,10 +983,17 @@ function createSandboxProxyFetch(connectionId) {
         "Connection proxy is not configured. Please check your deployment settings."
       );
     }
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
+    const originalUrl = extractInputUrl(input);
+    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      const sessionUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${token}` }
+      });
+    }
     const originalMethod = init?.method ?? "GET";
     const originalBody = init?.body ? JSON.parse(init.body) : void 0;
-    const baseDomain = process.env["SQUADBASE_PREVIEW_BASE_DOMAIN"] ?? "preview.app.squadbase.dev";
     const proxyUrl = `https://${sandboxId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
     return fetch(proxyUrl, {
       method: "POST",
@@ -697,10 +1019,9 @@ function createDeployedAppProxyFetch(connectionId) {
   }
   const baseDomain = process.env["SQUADBASE_APP_BASE_DOMAIN"] ?? "squadbase.app";
   const proxyUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/request`;
+  const sessionUrl = `https://${projectId}.${baseDomain}/_sqcore/connections/${connectionId}/tableau-session`;
   return async (input, init) => {
-    const originalUrl = typeof input === "string" ? input : input instanceof URL ? input.href : input.url;
-    const originalMethod = init?.method ?? "GET";
-    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
+    const originalUrl = extractInputUrl(input);
     const c = getContext();
     const appSession = getCookie(c, APP_SESSION_COOKIE_NAME);
     if (!appSession) {
@@ -708,6 +1029,14 @@ function createDeployedAppProxyFetch(connectionId) {
         "No authentication method available for connection proxy."
       );
     }
+    if (originalUrl === TABLEAU_SESSION_SENTINEL_URL) {
+      return fetch(sessionUrl, {
+        method: "POST",
+        headers: { Authorization: `Bearer ${appSession}` }
+      });
+    }
+    const originalMethod = init?.method ?? "GET";
+    const originalBody = init?.body ? JSON.parse(init.body) : void 0;
     return fetch(proxyUrl, {
       method: "POST",
       headers: {