npm - @sylphx/sdk - Versions diffs - 0.15.2 → 0.15.3 - Mend

@sylphx/sdk 0.15.2 → 0.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.d.ts +7 -0
package/dist/index.mjs.map +1 -1
package/dist/nextjs/index.d.ts +277 -276
package/dist/nextjs/index.mjs +198 -194
package/dist/nextjs/index.mjs.map +1 -1
package/dist/react/index.d.ts +11 -5
package/dist/react/index.mjs.map +1 -1
package/dist/server/index.d.ts +12 -0
package/dist/server/index.mjs.map +1 -1
package/package.json +2 -2

package/dist/nextjs/index.mjs CHANGED Viewed

@@ -1,45 +1,6 @@
 // src/nextjs/middleware.ts
 import { NextResponse } from "next/server";
-// src/constants.ts
-var ENV_URL = "SYLPHX_URL";
-var ENV_PUBLIC_URL = "NEXT_PUBLIC_SYLPHX_URL";
-var ENV_SECRET_URL = "SYLPHX_SECRET_URL";
-var SDK_API_PATH = `/v1`;
-var DEFAULT_SDK_API_HOST = "api.sylphx.com";
-function detectSdkPlatform() {
-  if (typeof window !== "undefined") return "browser";
-  const runtimeGlobal = globalThis;
-  if (typeof runtimeGlobal.EdgeRuntime !== "undefined") return "edge";
-  return "node";
-}
-var SDK_PLATFORM = detectSdkPlatform();
-var TOKEN_EXPIRY_BUFFER_MS = 3e4;
-var SESSION_TOKEN_LIFETIME_SECONDS = 5 * 60;
-var SESSION_TOKEN_LIFETIME_MS = SESSION_TOKEN_LIFETIME_SECONDS * 1e3;
-var REFRESH_TOKEN_LIFETIME_SECONDS = 30 * 24 * 60 * 60;
-var FLAGS_CACHE_TTL_MS = 5 * 60 * 1e3;
-var FLAGS_STALE_WHILE_REVALIDATE_MS = 60 * 1e3;
-var ANALYTICS_SESSION_TIMEOUT_MS = 30 * 60 * 1e3;
-var WEBHOOK_MAX_AGE_MS = 5 * 60 * 1e3;
-var WEBHOOK_CLOCK_SKEW_MS = 30 * 1e3;
-var PKCE_CODE_TTL_MS = 10 * 60 * 1e3;
-var JOBS_DLQ_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1e3;
-var SESSION_REPLAY_MAX_DURATION_MS = 60 * 60 * 1e3;
-var FLAGS_EXPOSURE_DEDUPE_WINDOW_MS = 60 * 60 * 1e3;
-var CLICK_ID_EXPIRY_MS = 90 * 24 * 60 * 60 * 1e3;
-var STALE_TIME_FREQUENT_MS = 60 * 1e3;
-var STALE_TIME_MODERATE_MS = 2 * 60 * 1e3;
-var STALE_TIME_STABLE_MS = 5 * 60 * 1e3;
-var STALE_TIME_STATS_MS = 30 * 1e3;
-var NEW_USER_THRESHOLD_MS = 60 * 1e3;
-var STORAGE_MULTIPART_THRESHOLD_BYTES = 5 * 1024 * 1024;
-var STORAGE_DEFAULT_MAX_SIZE_BYTES = 5 * 1024 * 1024;
-var STORAGE_AVATAR_MAX_SIZE_BYTES = 2 * 1024 * 1024;
-var STORAGE_LARGE_MAX_SIZE_BYTES = 10 * 1024 * 1024;
-var JWK_CACHE_TTL_MS = 60 * 60 * 1e3;
-var ETAG_CACHE_TTL_MS = 5 * 60 * 1e3;
 // src/key-validation.ts
 var PUBLIC_KEY_PATTERN = /^pk_(dev|stg|prod|prev)(?:_[a-z0-9]{12})?_[a-f0-9]{32}$/;
 var APP_ID_PATTERN = /^(app|pk)_(dev|stg|prod|prev)_[a-z0-9_-]+$/;
@@ -196,6 +157,47 @@ function getCookieNamespace(secretKey) {
 // src/nextjs/cookies.ts
 import { cookies } from "next/headers";
+// src/constants.ts
+var ENV_URL = "SYLPHX_URL";
+var ENV_PUBLIC_URL = "NEXT_PUBLIC_SYLPHX_URL";
+var ENV_SECRET_URL = "SYLPHX_SECRET_URL";
+var SDK_API_PATH = `/v1`;
+var DEFAULT_SDK_API_HOST = "api.sylphx.com";
+function detectSdkPlatform() {
+  if (typeof window !== "undefined") return "browser";
+  const runtimeGlobal = globalThis;
+  if (typeof runtimeGlobal.EdgeRuntime !== "undefined") return "edge";
+  return "node";
+}
+var SDK_PLATFORM = detectSdkPlatform();
+var TOKEN_EXPIRY_BUFFER_MS = 3e4;
+var SESSION_TOKEN_LIFETIME_SECONDS = 5 * 60;
+var SESSION_TOKEN_LIFETIME_MS = SESSION_TOKEN_LIFETIME_SECONDS * 1e3;
+var REFRESH_TOKEN_LIFETIME_SECONDS = 30 * 24 * 60 * 60;
+var FLAGS_CACHE_TTL_MS = 5 * 60 * 1e3;
+var FLAGS_STALE_WHILE_REVALIDATE_MS = 60 * 1e3;
+var ANALYTICS_SESSION_TIMEOUT_MS = 30 * 60 * 1e3;
+var WEBHOOK_MAX_AGE_MS = 5 * 60 * 1e3;
+var WEBHOOK_CLOCK_SKEW_MS = 30 * 1e3;
+var PKCE_CODE_TTL_MS = 10 * 60 * 1e3;
+var JOBS_DLQ_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1e3;
+var SESSION_REPLAY_MAX_DURATION_MS = 60 * 60 * 1e3;
+var FLAGS_EXPOSURE_DEDUPE_WINDOW_MS = 60 * 60 * 1e3;
+var CLICK_ID_EXPIRY_MS = 90 * 24 * 60 * 60 * 1e3;
+var STALE_TIME_FREQUENT_MS = 60 * 1e3;
+var STALE_TIME_MODERATE_MS = 2 * 60 * 1e3;
+var STALE_TIME_STABLE_MS = 5 * 60 * 1e3;
+var STALE_TIME_STATS_MS = 30 * 1e3;
+var NEW_USER_THRESHOLD_MS = 60 * 1e3;
+var STORAGE_MULTIPART_THRESHOLD_BYTES = 5 * 1024 * 1024;
+var STORAGE_DEFAULT_MAX_SIZE_BYTES = 5 * 1024 * 1024;
+var STORAGE_AVATAR_MAX_SIZE_BYTES = 2 * 1024 * 1024;
+var STORAGE_LARGE_MAX_SIZE_BYTES = 10 * 1024 * 1024;
+var JWK_CACHE_TTL_MS = 60 * 60 * 1e3;
+var ETAG_CACHE_TTL_MS = 5 * 60 * 1e3;
+// src/nextjs/cookies.ts
 function getCookieNames(namespace) {
   return {
     /** HttpOnly JWT access token (5 min) */
@@ -346,6 +348,163 @@ function parseUserCookie(value) {
   }
 }
+// src/nextjs/middleware-helpers.ts
+var OAUTH_PKCE_TTL_SECONDS = 10 * 60;
+var OAUTH_PKCE_TTL_MS = OAUTH_PKCE_TTL_SECONDS * 1e3;
+var DEFAULT_BAAS_PREFIX = "/sylphx";
+var BAAS_PROXY_AUTH_REQUIRED_PATHS = ["/challenge/", "/security/"];
+var BAAS_PROXY_PUBLIC_PATHS = ["/app"];
+var BODYLESS_METHODS = /* @__PURE__ */ new Set(["GET", "HEAD"]);
+var RESPONSE_HEADER_ALLOWLIST = [
+  "cache-control",
+  "content-language",
+  "content-type",
+  "etag",
+  "expires",
+  "last-modified",
+  "retry-after"
+];
+function isTokenResponse(data) {
+  return typeof data === "object" && data !== null && "accessToken" in data && "refreshToken" in data && "user" in data && typeof data.accessToken === "string" && typeof data.refreshToken === "string";
+}
+function decodeJwtPayload(token) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) return null;
+    const payload = parts[1];
+    const base64 = payload.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = base64.padEnd(base64.length + (4 - base64.length % 4) % 4, "=");
+    const jsonPayload = atob(padded);
+    return JSON.parse(jsonPayload);
+  } catch {
+    return null;
+  }
+}
+function isTokenExpired(token) {
+  const payload = decodeJwtPayload(token);
+  if (!payload?.exp) return true;
+  return payload.exp * 1e3 < Date.now() + TOKEN_EXPIRY_BUFFER_MS;
+}
+function matchesPattern(pathname, pattern) {
+  if (pattern === pathname) return true;
+  if (pattern.endsWith("/*")) {
+    const base = pattern.slice(0, -2);
+    return pathname === base || pathname.startsWith(`${base}/`);
+  }
+  if (pattern.endsWith("/**")) {
+    const base = pattern.slice(0, -3);
+    return pathname === base || pathname.startsWith(`${base}/`);
+  }
+  return false;
+}
+function matchesAny(pathname, patterns) {
+  return patterns.some((p) => matchesPattern(pathname, p));
+}
+function normalizeRoutePrefix(prefix) {
+  const normalized = prefix.trim().replace(/\/+$/u, "");
+  return normalized.startsWith("/") ? normalized : `/${normalized}`;
+}
+function stripRoutePrefix(pathname, prefix) {
+  if (pathname === prefix) return "/";
+  if (!pathname.startsWith(`${prefix}/`)) return null;
+  return pathname.slice(prefix.length);
+}
+function isPublicBaasProxyPath(pathname) {
+  return BAAS_PROXY_PUBLIC_PATHS.some((path) => pathname === path);
+}
+function isAuthenticatedBaasProxyPath(pathname) {
+  return BAAS_PROXY_AUTH_REQUIRED_PATHS.some((prefix) => pathname.startsWith(prefix));
+}
+function isAllowedBaasProxyPath(pathname) {
+  return isPublicBaasProxyPath(pathname) || isAuthenticatedBaasProxyPath(pathname);
+}
+function copyRequestHeader(source, target, name) {
+  const value = source.get(name);
+  if (value) target.set(name, value);
+}
+function buildUpstreamProxyHeaders(request, ctx, sessionToken) {
+  const headers = new Headers();
+  copyRequestHeader(request.headers, headers, "accept");
+  copyRequestHeader(request.headers, headers, "content-type");
+  copyRequestHeader(request.headers, headers, "user-agent");
+  copyRequestHeader(request.headers, headers, "x-correlation-id");
+  headers.set("x-app-secret", ctx.secretKey);
+  if (sessionToken) headers.set("authorization", `Bearer ${sessionToken}`);
+  return headers;
+}
+function copyResponseHeaders(source) {
+  const headers = new Headers();
+  for (const name of RESPONSE_HEADER_ALLOWLIST) {
+    const value = source.get(name);
+    if (value) headers.set(name, value);
+  }
+  return headers;
+}
+function requestPathWithSearch(request) {
+  const { pathname, search } = request.nextUrl;
+  return `${pathname}${search}`;
+}
+function isSafeRelativeRedirectPath(value) {
+  return typeof value === "string" && value.startsWith("/") && !value.startsWith("//");
+}
+function resolveSafeRelativeRedirectPath(value, fallback) {
+  if (isSafeRelativeRedirectPath(value)) return value;
+  if (isSafeRelativeRedirectPath(fallback)) return fallback;
+  return "/";
+}
+function resolveSameOriginUrl(request, value, fallbackPath) {
+  if (!value) return new URL(fallbackPath, request.url).toString();
+  if (isSafeRelativeRedirectPath(value)) {
+    const url = new URL(value, request.url);
+    if (url.hash) return null;
+    return url.toString();
+  }
+  try {
+    const url = new URL(value);
+    if (url.origin !== new URL(request.url).origin) return null;
+    if (url.hash) return null;
+    return url.toString();
+  } catch {
+    return null;
+  }
+}
+function normalizeAppUrl(value) {
+  if (!value?.trim()) return null;
+  try {
+    const url = new URL(value);
+    return url.origin;
+  } catch {
+    return null;
+  }
+}
+function resolveOAuthCallbackUrl(request, ctx) {
+  const origin = ctx.config.appUrl ?? new URL(request.url).origin;
+  return new URL(`${ctx.config.authPrefix}/callback`, origin);
+}
+function bytesToBase64Url(bytes) {
+  let binary = "";
+  for (const byte of bytes) binary += String.fromCharCode(byte);
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/u, "");
+}
+function randomBase64Url(byteLength) {
+  const bytes = new Uint8Array(byteLength);
+  crypto.getRandomValues(bytes);
+  return bytesToBase64Url(bytes);
+}
+async function sha256Base64Url(value) {
+  const digest = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(value));
+  return bytesToBase64Url(new Uint8Array(digest));
+}
+async function parseJsonObject(request) {
+  try {
+    const body = await request.json();
+    if (typeof body === "object" && body !== null && !Array.isArray(body)) return body;
+    return null;
+  } catch {
+    return null;
+  }
+}
 // src/connection-url.ts
 var SYLPHX_PROTOCOL = "sylphx:";
 var DEFAULT_VERSION = "v1";
@@ -502,161 +661,6 @@ function resolveNextjsPublishableKey(options) {
 }
 // src/nextjs/middleware.ts
-var OAUTH_PKCE_TTL_SECONDS = 10 * 60;
-var OAUTH_PKCE_TTL_MS = OAUTH_PKCE_TTL_SECONDS * 1e3;
-var DEFAULT_BAAS_PREFIX = "/sylphx";
-var BAAS_PROXY_AUTH_REQUIRED_PATHS = ["/challenge/", "/security/"];
-var BAAS_PROXY_PUBLIC_PATHS = ["/app"];
-var BODYLESS_METHODS = /* @__PURE__ */ new Set(["GET", "HEAD"]);
-var RESPONSE_HEADER_ALLOWLIST = [
-  "cache-control",
-  "content-language",
-  "content-type",
-  "etag",
-  "expires",
-  "last-modified",
-  "retry-after"
-];
-function isTokenResponse(data) {
-  return typeof data === "object" && data !== null && "accessToken" in data && "refreshToken" in data && "user" in data && typeof data.accessToken === "string" && typeof data.refreshToken === "string";
-}
-function decodeJwtPayload(token) {
-  try {
-    const parts = token.split(".");
-    if (parts.length !== 3) return null;
-    const payload = parts[1];
-    const base64 = payload.replace(/-/g, "+").replace(/_/g, "/");
-    const padded = base64.padEnd(base64.length + (4 - base64.length % 4) % 4, "=");
-    const jsonPayload = atob(padded);
-    return JSON.parse(jsonPayload);
-  } catch {
-    return null;
-  }
-}
-function isTokenExpired(token) {
-  const payload = decodeJwtPayload(token);
-  if (!payload?.exp) return true;
-  return payload.exp * 1e3 < Date.now() + TOKEN_EXPIRY_BUFFER_MS;
-}
-function matchesPattern(pathname, pattern) {
-  if (pattern === pathname) return true;
-  if (pattern.endsWith("/*")) {
-    const base = pattern.slice(0, -2);
-    return pathname === base || pathname.startsWith(`${base}/`);
-  }
-  if (pattern.endsWith("/**")) {
-    const base = pattern.slice(0, -3);
-    return pathname === base || pathname.startsWith(`${base}/`);
-  }
-  return false;
-}
-function matchesAny(pathname, patterns) {
-  return patterns.some((p) => matchesPattern(pathname, p));
-}
-function normalizeRoutePrefix(prefix) {
-  const normalized = prefix.trim().replace(/\/+$/u, "");
-  return normalized.startsWith("/") ? normalized : `/${normalized}`;
-}
-function stripRoutePrefix(pathname, prefix) {
-  if (pathname === prefix) return "/";
-  if (!pathname.startsWith(`${prefix}/`)) return null;
-  return pathname.slice(prefix.length);
-}
-function isPublicBaasProxyPath(pathname) {
-  return BAAS_PROXY_PUBLIC_PATHS.some((path) => pathname === path);
-}
-function isAuthenticatedBaasProxyPath(pathname) {
-  return BAAS_PROXY_AUTH_REQUIRED_PATHS.some((prefix) => pathname.startsWith(prefix));
-}
-function isAllowedBaasProxyPath(pathname) {
-  return isPublicBaasProxyPath(pathname) || isAuthenticatedBaasProxyPath(pathname);
-}
-function copyRequestHeader(source, target, name) {
-  const value = source.get(name);
-  if (value) target.set(name, value);
-}
-function buildUpstreamProxyHeaders(request, ctx, sessionToken) {
-  const headers = new Headers();
-  copyRequestHeader(request.headers, headers, "accept");
-  copyRequestHeader(request.headers, headers, "content-type");
-  copyRequestHeader(request.headers, headers, "user-agent");
-  copyRequestHeader(request.headers, headers, "x-correlation-id");
-  headers.set("x-app-secret", ctx.secretKey);
-  if (sessionToken) headers.set("authorization", `Bearer ${sessionToken}`);
-  return headers;
-}
-function copyResponseHeaders(source) {
-  const headers = new Headers();
-  for (const name of RESPONSE_HEADER_ALLOWLIST) {
-    const value = source.get(name);
-    if (value) headers.set(name, value);
-  }
-  return headers;
-}
-function requestPathWithSearch(request) {
-  const { pathname, search } = request.nextUrl;
-  return `${pathname}${search}`;
-}
-function isSafeRelativeRedirectPath(value) {
-  return typeof value === "string" && value.startsWith("/") && !value.startsWith("//");
-}
-function resolveSafeRelativeRedirectPath(value, fallback) {
-  if (isSafeRelativeRedirectPath(value)) return value;
-  if (isSafeRelativeRedirectPath(fallback)) return fallback;
-  return "/";
-}
-function resolveSameOriginUrl(request, value, fallbackPath) {
-  if (!value) return new URL(fallbackPath, request.url).toString();
-  if (isSafeRelativeRedirectPath(value)) {
-    const url = new URL(value, request.url);
-    if (url.hash) return null;
-    return url.toString();
-  }
-  try {
-    const url = new URL(value);
-    if (url.origin !== new URL(request.url).origin) return null;
-    if (url.hash) return null;
-    return url.toString();
-  } catch {
-    return null;
-  }
-}
-function normalizeAppUrl(value) {
-  if (!value?.trim()) return null;
-  try {
-    const url = new URL(value);
-    return url.origin;
-  } catch {
-    return null;
-  }
-}
-function resolveOAuthCallbackUrl(request, ctx) {
-  const origin = ctx.config.appUrl ?? new URL(request.url).origin;
-  return new URL(`${ctx.config.authPrefix}/callback`, origin);
-}
-function bytesToBase64Url(bytes) {
-  let binary = "";
-  for (const byte of bytes) binary += String.fromCharCode(byte);
-  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/u, "");
-}
-function randomBase64Url(byteLength) {
-  const bytes = new Uint8Array(byteLength);
-  crypto.getRandomValues(bytes);
-  return bytesToBase64Url(bytes);
-}
-async function sha256Base64Url(value) {
-  const digest = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(value));
-  return bytesToBase64Url(new Uint8Array(digest));
-}
-async function parseJsonObject(request) {
-  try {
-    const body = await request.json();
-    if (typeof body === "object" && body !== null && !Array.isArray(body)) return body;
-    return null;
-  } catch {
-    return null;
-  }
-}
 function getOAuthPkceCookieName(ctx) {
   return `__${ctx.namespace}_oauth_pkce`;
 }