@startsimpli/api 0.5.8 → 0.5.11

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@startsimpli/api",
-  "version": "0.5.8",
+  "version": "0.5.11",
   "description": "Type-safe Django REST API client for StartSimpli apps",
   "main": "./src/index.ts",
   "types": "./src/index.ts",
@@ -23,14 +23,13 @@
     "clean": "rm -rf dist"
   },
   "dependencies": {
-    "@types/dompurify": "^3.0.5",
-    "isomorphic-dompurify": "^2.36.0",
-    "zod": "^3.22.4"
+    "isomorphic-dompurify": "^3.10.0",
+    "zod": "^4.3.6"
   },
   "peerDependencies": {
+    "@tanstack/react-query": ">=5.0.0",
     "next": ">=14.0.0",
-    "react": ">=18.0.0",
-    "@tanstack/react-query": ">=5.0.0"
+    "react": ">=18.0.0"
   },
   "peerDependenciesMeta": {
     "next": {
@@ -44,13 +43,13 @@
     }
   },
   "devDependencies": {
-    "@tanstack/react-query": "^5.0.0",
-    "@types/node": "^20.11.0",
-    "@types/react": "^18.2.0",
-    "next": "^15.5.12",
-    "react": "^18.2.0",
+    "@tanstack/react-query": "^5.99.2",
+    "@types/node": "^20.19.39",
+    "@types/react": "^19.2.14",
+    "next": "^15.5.15",
+    "react": "^19.2.5",
     "tsup": "^8.5.1",
-    "typescript": "^5.3.3",
-    "vitest": "^1.2.0"
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.5"
   }
 }

package/src/__tests__/funnels-api.test.ts

@@ -72,7 +72,7 @@ describe('FunnelsApi', () => {
     it('calls GET funnels with no params when no filters given', async () => {
       vi.mocked(client.get).mockResolvedValue(mockPaginated([mockFunnel]));
       await api.list();
-      expect(client.get).toHaveBeenCalledWith('funnels');
+      expect(client.get).toHaveBeenCalledWith('api/v1/funnels');
     });
 
     it('passes status filter as query param', async () => {
@@ -102,7 +102,7 @@ describe('FunnelsApi', () => {
     it('calls GET funnels/:id', async () => {
       vi.mocked(client.get).mockResolvedValue(mockFunnel);
       const result = await api.get('funnel-1');
-      expect(client.get).toHaveBeenCalledWith('funnels/funnel-1');
+      expect(client.get).toHaveBeenCalledWith('api/v1/funnels/funnel-1');
       expect(result).toEqual(mockFunnel);
     });
   });
@@ -112,7 +112,7 @@ describe('FunnelsApi', () => {
       vi.mocked(client.post).mockResolvedValue(mockFunnel);
       const input = { name: 'New Funnel', entityType: 'contact' as const, tags: ['campaign:abc'] };
       await api.create(input);
-      expect(client.post).toHaveBeenCalledWith('funnels', input);
+      expect(client.post).toHaveBeenCalledWith('api/v1/funnels', input);
     });
   });
 
@@ -120,7 +120,7 @@ describe('FunnelsApi', () => {
     it('calls PATCH funnels/:id with data', async () => {
       vi.mocked(client.patch).mockResolvedValue(mockFunnel);
       await api.update('funnel-1', { name: 'Renamed' });
-      expect(client.patch).toHaveBeenCalledWith('funnels/funnel-1', { name: 'Renamed' });
+      expect(client.patch).toHaveBeenCalledWith('api/v1/funnels/funnel-1', { name: 'Renamed' });
     });
   });
 
@@ -128,7 +128,7 @@ describe('FunnelsApi', () => {
     it('calls DELETE funnels/:id', async () => {
       vi.mocked(client.delete).mockResolvedValue(undefined);
       await api.delete('funnel-1');
-      expect(client.delete).toHaveBeenCalledWith('funnels/funnel-1');
+      expect(client.delete).toHaveBeenCalledWith('api/v1/funnels/funnel-1');
     });
   });
 
@@ -136,13 +136,13 @@ describe('FunnelsApi', () => {
     it('calls POST funnels/:id/run with empty body by default', async () => {
       vi.mocked(client.post).mockResolvedValue(mockRun);
       await api.run('funnel-1');
-      expect(client.post).toHaveBeenCalledWith('funnels/funnel-1/run', {});
+      expect(client.post).toHaveBeenCalledWith('api/v1/funnels/funnel-1/run', {});
     });
 
     it('passes entityIds in body when provided', async () => {
       vi.mocked(client.post).mockResolvedValue(mockRun);
       await api.run('funnel-1', { entityIds: ['e1', 'e2'] });
-      expect(client.post).toHaveBeenCalledWith('funnels/funnel-1/run', { entityIds: ['e1', 'e2'] });
+      expect(client.post).toHaveBeenCalledWith('api/v1/funnels/funnel-1/run', { entityIds: ['e1', 'e2'] });
     });
   });
 
@@ -150,7 +150,7 @@ describe('FunnelsApi', () => {
     it('calls GET funnels/:id/runs', async () => {
       vi.mocked(client.get).mockResolvedValue(mockPaginated([mockRun]));
       await api.getRuns('funnel-1');
-      expect(client.get).toHaveBeenCalledWith('funnels/funnel-1/runs');
+      expect(client.get).toHaveBeenCalledWith('api/v1/funnels/funnel-1/runs');
     });
 
     it('passes page and pageSize filters', async () => {
@@ -166,14 +166,15 @@ describe('FunnelsApi', () => {
     it('calls GET funnel-runs/:runId (global endpoint, funnelId ignored)', async () => {
       vi.mocked(client.get).mockResolvedValue(mockRun);
       await api.getRun('funnel-1', 'run-1');
-      expect(client.get).toHaveBeenCalledWith('funnel-runs/run-1');
+      expect(client.get).toHaveBeenCalledWith('api/v1/funnel-runs/run-1');
     });
   });
 
   describe('preview', () => {
-    it('throws Not implemented (endpoint missing in Django)', async () => {
-      // BEAD: fund-your-startup-rgi4 - funnels/{id}/preview does not exist in Django
-      await expect(api.preview('funnel-1', [])).rejects.toThrow('Not implemented');
+    it('calls POST funnels/:id/preview with stages', async () => {
+      vi.mocked(client.post).mockResolvedValue({} as never);
+      await api.preview('funnel-1', []);
+      expect(client.post).toHaveBeenCalledWith('api/v1/funnels/funnel-1/preview', { stages: [] });
     });
   });
 
@@ -181,7 +182,7 @@ describe('FunnelsApi', () => {
     it('calls POST funnel-runs/:runId/cancel', async () => {
       vi.mocked(client.post).mockResolvedValue(mockRun);
       await api.cancelRun('run-1');
-      expect(client.post).toHaveBeenCalledWith('funnel-runs/run-1/cancel', {});
+      expect(client.post).toHaveBeenCalledWith('api/v1/funnel-runs/run-1/cancel', {});
     });
   });
 
@@ -189,7 +190,7 @@ describe('FunnelsApi', () => {
     it('calls GET funnel-runs with no params when no filters given', async () => {
       vi.mocked(client.get).mockResolvedValue(mockPaginated([mockRun]));
       await api.listRunsGlobal();
-      expect(client.get).toHaveBeenCalledWith('funnel-runs');
+      expect(client.get).toHaveBeenCalledWith('api/v1/funnel-runs');
     });
 
     it('passes funnel filter as query param', async () => {
@@ -203,7 +204,7 @@ describe('FunnelsApi', () => {
     it('calls GET funnels/templates', async () => {
       vi.mocked(client.get).mockResolvedValue(mockPaginated([]));
       await api.listTemplates();
-      expect(client.get).toHaveBeenCalledWith('funnels/templates');
+      expect(client.get).toHaveBeenCalledWith('api/v1/funnels/templates');
     });
 
     it('passes category filter', async () => {

package/src/__tests__/jwt-refresh.test.ts

@@ -123,6 +123,33 @@ describe('JWT Refresh Flow', () => {
     expect(refreshCallback).toHaveBeenCalledTimes(1);
   });
 
+  it('does NOT fire onUnauthorized when onTokenRefresh THROWS (transient 5xx / network)', async () => {
+    // This is the "backend is down, not session expired" case. If refresh
+    // throws (TransientRefreshError), we must surface the original 401 as an
+    // API error WITHOUT logging the user out.
+    const wrapper = new FetchWrapper({
+      baseUrl: 'http://localhost:8000',
+      getToken: () => 'stale-token',
+      onTokenRefresh: refreshCallback,
+      onUnauthorized: unauthorizedCallback,
+    });
+
+    mockFetch.mockResolvedValueOnce({
+      status: 401,
+      ok: false,
+      headers: new Headers(),
+      text: async () => '',
+    });
+    refreshCallback.mockRejectedValueOnce(new Error('transient 5xx'));
+
+    await expect(wrapper.get('/api/v1/messages/')).rejects.toBeTruthy();
+
+    expect(refreshCallback).toHaveBeenCalledTimes(1);
+    // CRITICAL: a transient refresh failure must NOT call onUnauthorized.
+    // Backend being down should not log users out.
+    expect(unauthorizedCallback).not.toHaveBeenCalled();
+  });
+
   it('should fire onUnauthorized at most once when many parallel 401s fail refresh', async () => {
     const wrapper = new FetchWrapper({
       baseUrl: 'http://localhost:8000',

package/src/lib/fetch-wrapper.ts

@@ -113,25 +113,39 @@ export class FetchWrapper {
             });
           }
 
-          const newToken = await this.refreshPromise;
-
-          if (newToken) {
-            // Retry original request with new token
-            const retryHeaders = new Headers(headers);
-            retryHeaders.set('Authorization', `Bearer ${newToken}`);
-
-            response = await fetch(url, {
-              method,
-              headers: retryHeaders,
-              credentials: 'include',
-              ...fetchOptions,
-            });
+          // A throw from onTokenRefresh means transient (5xx/network) — surface
+          // the original 401 as a normal API error rather than treating it as
+          // session-dead. Callers (components doing a fetch) will see an
+          // ApiException they can retry; the user stays logged in.
+          let newToken: string | null = null;
+          let refreshThrew = false;
+          try {
+            newToken = await this.refreshPromise;
+          } catch {
+            refreshThrew = true;
+          }
 
-            if (response.status === 401) {
+          if (!refreshThrew) {
+            if (newToken) {
+              // Retry original request with new token
+              const retryHeaders = new Headers(headers);
+              retryHeaders.set('Authorization', `Bearer ${newToken}`);
+
+              response = await fetch(url, {
+                method,
+                headers: retryHeaders,
+                credentials: 'include',
+                ...fetchOptions,
+              });
+
+              if (response.status === 401) {
+                this.fireUnauthorizedOnce();
+              }
+            } else {
+              // newToken=null is the "session is dead" signal from the refresh
+              // implementation. Only this path should log the user out.
               this.fireUnauthorizedOnce();
             }
-          } else {
-            this.fireUnauthorizedOnce();
           }
         } else {
           this.fireUnauthorizedOnce();

package/src/types/error.ts

@@ -55,7 +55,7 @@ export const StandardErrorResponseSchema = z.object({
   code: z.string(),
   statusCode: z.number().int().min(400).max(599),
   fieldErrors: z.array(FieldErrorSchema).optional(),
-  details: z.record(z.unknown()).optional(),
+  details: z.record(z.string(), z.unknown()).optional(),
   requestId: z.string().optional(),
   timestamp: z.string().datetime().optional(),
 });