@sylphx/sdk 0.3.2 → 0.3.3

package/dist/nextjs/index.mjs

@@ -2,7 +2,7 @@
 import { NextResponse } from "next/server";
 
 // src/constants.ts
-var DEFAULT_PLATFORM_URL = "https://sylphx.com";
+var DEFAULT_SDK_API_HOST = "api.sylphx.com";
 var SDK_PLATFORM = typeof window !== "undefined" ? "browser" : typeof process !== "undefined" && process.versions?.node ? "node" : "unknown";
 var TOKEN_EXPIRY_BUFFER_MS = 3e4;
 var SESSION_TOKEN_LIFETIME_SECONDS = 5 * 60;
@@ -347,7 +347,7 @@ async function handleCallback(request, ctx) {
     return NextResponse.redirect(url);
   }
   try {
-    const res = await fetch(`${ctx.platformUrl}/api/v1/auth/token`, {
+    const res = await fetch(`${ctx.platformUrl}/v1/auth/token`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -385,7 +385,7 @@ async function handleSignOut(request, ctx) {
   const refreshToken = request.cookies.get(ctx.cookieNames.REFRESH)?.value;
   if (refreshToken) {
     try {
-      await fetch(`${ctx.platformUrl}/api/v1/auth/revoke`, {
+      await fetch(`${ctx.platformUrl}/v1/auth/revoke`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
@@ -419,7 +419,7 @@ function handleToken(request, ctx) {
 async function refreshTokens(refreshToken, ctx) {
   ctx.log("Refreshing tokens");
   try {
-    const res = await fetch(`${ctx.platformUrl}/api/v1/auth/token`, {
+    const res = await fetch(`${ctx.platformUrl}/v1/auth/token`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -452,7 +452,7 @@ function createSylphxMiddleware(userConfig = {}) {
     );
   }
   const secretKey = validateAndSanitizeSecretKey(rawSecretKey);
-  const platformUrl = (userConfig.platformUrl || process.env.SYLPHX_PLATFORM_URL || DEFAULT_PLATFORM_URL).trim();
+  const platformUrl = (userConfig.platformUrl || `https://${DEFAULT_SDK_API_HOST}`).trim();
   const namespace = getCookieNamespace(secretKey);
   const cookieNames = getCookieNames(namespace);
   const config = {
@@ -548,7 +548,7 @@ function getNamespace(secretKey) {
 // src/nextjs/server.ts
 import { cache as cache2 } from "react";
 
-// ../../node_modules/jose/dist/webapi/lib/buffer_utils.js
+// node_modules/jose/dist/webapi/lib/buffer_utils.js
 var encoder = new TextEncoder();
 var decoder = new TextDecoder();
 var MAX_INT32 = 2 ** 32;
@@ -574,7 +574,7 @@ function encode(string) {
   return bytes;
 }
 
-// ../../node_modules/jose/dist/webapi/lib/base64.js
+// node_modules/jose/dist/webapi/lib/base64.js
 function decodeBase64(encoded) {
   if (Uint8Array.fromBase64) {
     return Uint8Array.fromBase64(encoded);
@@ -587,7 +587,7 @@ function decodeBase64(encoded) {
   return bytes;
 }
 
-// ../../node_modules/jose/dist/webapi/util/base64url.js
+// node_modules/jose/dist/webapi/util/base64url.js
 function decode(input) {
   if (Uint8Array.fromBase64) {
     return Uint8Array.fromBase64(typeof input === "string" ? input : decoder.decode(input), {
@@ -606,7 +606,7 @@ function decode(input) {
   }
 }
 
-// ../../node_modules/jose/dist/webapi/util/errors.js
+// node_modules/jose/dist/webapi/util/errors.js
 var JOSEError = class extends Error {
   static code = "ERR_JOSE_GENERIC";
   code = "ERR_JOSE_GENERIC";
@@ -666,7 +666,7 @@ var JWSSignatureVerificationFailed = class extends JOSEError {
   }
 };
 
-// ../../node_modules/jose/dist/webapi/lib/crypto_key.js
+// node_modules/jose/dist/webapi/lib/crypto_key.js
 var unusable = (name, prop = "algorithm.name") => new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);
 var isAlgorithm = (algorithm, name) => algorithm.name === name;
 function getHashLength(hash) {
@@ -754,7 +754,7 @@ function checkSigCryptoKey(key, alg, usage) {
   checkUsage(key, usage);
 }
 
-// ../../node_modules/jose/dist/webapi/lib/invalid_key_input.js
+// node_modules/jose/dist/webapi/lib/invalid_key_input.js
 function message(msg, actual, ...types) {
   types = types.filter(Boolean);
   if (types.length > 2) {
@@ -779,7 +779,7 @@ function message(msg, actual, ...types) {
 var invalidKeyInput = (actual, ...types) => message("Key must be ", actual, ...types);
 var withAlg = (alg, actual, ...types) => message(`Key for the ${alg} algorithm must be `, actual, ...types);
 
-// ../../node_modules/jose/dist/webapi/lib/is_key_like.js
+// node_modules/jose/dist/webapi/lib/is_key_like.js
 var isCryptoKey = (key) => {
   if (key?.[Symbol.toStringTag] === "CryptoKey")
     return true;
@@ -792,7 +792,7 @@ var isCryptoKey = (key) => {
 var isKeyObject = (key) => key?.[Symbol.toStringTag] === "KeyObject";
 var isKeyLike = (key) => isCryptoKey(key) || isKeyObject(key);
 
-// ../../node_modules/jose/dist/webapi/lib/is_disjoint.js
+// node_modules/jose/dist/webapi/lib/is_disjoint.js
 function isDisjoint(...headers) {
   const sources = headers.filter(Boolean);
   if (sources.length === 0 || sources.length === 1) {
@@ -815,7 +815,7 @@ function isDisjoint(...headers) {
   return true;
 }
 
-// ../../node_modules/jose/dist/webapi/lib/is_object.js
+// node_modules/jose/dist/webapi/lib/is_object.js
 var isObjectLike = (value) => typeof value === "object" && value !== null;
 function isObject(input) {
   if (!isObjectLike(input) || Object.prototype.toString.call(input) !== "[object Object]") {
@@ -831,7 +831,7 @@ function isObject(input) {
   return Object.getPrototypeOf(input) === proto;
 }
 
-// ../../node_modules/jose/dist/webapi/lib/check_key_length.js
+// node_modules/jose/dist/webapi/lib/check_key_length.js
 function checkKeyLength(alg, key) {
   if (alg.startsWith("RS") || alg.startsWith("PS")) {
     const { modulusLength } = key.algorithm;
@@ -841,7 +841,7 @@ function checkKeyLength(alg, key) {
   }
 }
 
-// ../../node_modules/jose/dist/webapi/lib/jwk_to_key.js
+// node_modules/jose/dist/webapi/lib/jwk_to_key.js
 function subtleMapping(jwk) {
   let algorithm;
   let keyUsages;
@@ -951,7 +951,7 @@ async function jwkToKey(jwk) {
   return crypto.subtle.importKey("jwk", keyData, algorithm, jwk.ext ?? (jwk.d || jwk.priv ? false : true), jwk.key_ops ?? keyUsages);
 }
 
-// ../../node_modules/jose/dist/webapi/key/import.js
+// node_modules/jose/dist/webapi/key/import.js
 async function importJWK(jwk, alg, options) {
   if (!isObject(jwk)) {
     throw new TypeError("JWK must be an object");
@@ -987,7 +987,7 @@ async function importJWK(jwk, alg, options) {
   }
 }
 
-// ../../node_modules/jose/dist/webapi/lib/validate_crit.js
+// node_modules/jose/dist/webapi/lib/validate_crit.js
 function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
   if (joseHeader.crit !== void 0 && protectedHeader?.crit === void 0) {
     throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
@@ -1018,7 +1018,7 @@ function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader,
   return new Set(protectedHeader.crit);
 }
 
-// ../../node_modules/jose/dist/webapi/lib/validate_algorithms.js
+// node_modules/jose/dist/webapi/lib/validate_algorithms.js
 function validateAlgorithms(option, algorithms) {
   if (algorithms !== void 0 && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) {
     throw new TypeError(`"${option}" option must be an array of strings`);
@@ -1029,13 +1029,13 @@ function validateAlgorithms(option, algorithms) {
   return new Set(algorithms);
 }
 
-// ../../node_modules/jose/dist/webapi/lib/is_jwk.js
+// node_modules/jose/dist/webapi/lib/is_jwk.js
 var isJWK = (key) => isObject(key) && typeof key.kty === "string";
 var isPrivateJWK = (key) => key.kty !== "oct" && (key.kty === "AKP" && typeof key.priv === "string" || typeof key.d === "string");
 var isPublicJWK = (key) => key.kty !== "oct" && key.d === void 0 && key.priv === void 0;
 var isSecretJWK = (key) => key.kty === "oct" && typeof key.k === "string";
 
-// ../../node_modules/jose/dist/webapi/lib/normalize_key.js
+// node_modules/jose/dist/webapi/lib/normalize_key.js
 var cache;
 var handleJWK = async (key, jwk, alg, freeze = false) => {
   cache ||= /* @__PURE__ */ new WeakMap();
@@ -1206,7 +1206,7 @@ async function normalizeKey(key, alg) {
   throw new Error("unreachable");
 }
 
-// ../../node_modules/jose/dist/webapi/lib/check_key_type.js
+// node_modules/jose/dist/webapi/lib/check_key_type.js
 var tag = (key) => key?.[Symbol.toStringTag];
 var jwkMatchesOp = (alg, key, usage) => {
   if (key.use !== void 0) {
@@ -1326,7 +1326,7 @@ function checkKeyType(alg, key, usage) {
   }
 }
 
-// ../../node_modules/jose/dist/webapi/lib/subtle_dsa.js
+// node_modules/jose/dist/webapi/lib/subtle_dsa.js
 function subtleAlgorithm(alg, algorithm) {
   const hash = `SHA-${alg.slice(-3)}`;
   switch (alg) {
@@ -1358,7 +1358,7 @@ function subtleAlgorithm(alg, algorithm) {
   }
 }
 
-// ../../node_modules/jose/dist/webapi/lib/get_sign_verify_key.js
+// node_modules/jose/dist/webapi/lib/get_sign_verify_key.js
 async function getSigKey(alg, key, usage) {
   if (key instanceof Uint8Array) {
     if (!alg.startsWith("HS")) {
@@ -1370,7 +1370,7 @@ async function getSigKey(alg, key, usage) {
   return key;
 }
 
-// ../../node_modules/jose/dist/webapi/lib/verify.js
+// node_modules/jose/dist/webapi/lib/verify.js
 async function verify(alg, key, signature, data) {
   const cryptoKey = await getSigKey(alg, key, "verify");
   checkKeyLength(alg, cryptoKey);
@@ -1382,7 +1382,7 @@ async function verify(alg, key, signature, data) {
   }
 }
 
-// ../../node_modules/jose/dist/webapi/jws/flattened/verify.js
+// node_modules/jose/dist/webapi/jws/flattened/verify.js
 async function flattenedVerify(jws, key, options) {
   if (!isObject(jws)) {
     throw new JWSInvalid("Flattened JWS must be an object");
@@ -1484,7 +1484,7 @@ async function flattenedVerify(jws, key, options) {
   return result;
 }
 
-// ../../node_modules/jose/dist/webapi/jws/compact/verify.js
+// node_modules/jose/dist/webapi/jws/compact/verify.js
 async function compactVerify(jws, key, options) {
   if (jws instanceof Uint8Array) {
     jws = decoder.decode(jws);
@@ -1504,7 +1504,7 @@ async function compactVerify(jws, key, options) {
   return result;
 }
 
-// ../../node_modules/jose/dist/webapi/lib/jwt_claims_set.js
+// node_modules/jose/dist/webapi/lib/jwt_claims_set.js
 var epoch = (date) => Math.floor(date.getTime() / 1e3);
 var minute = 60;
 var hour = minute * 60;
@@ -1661,7 +1661,7 @@ function validateClaimsSet(protectedHeader, encodedPayload, options = {}) {
   return payload;
 }
 
-// ../../node_modules/jose/dist/webapi/jwt/verify.js
+// node_modules/jose/dist/webapi/jwt/verify.js
 async function jwtVerify(jwt, key, options) {
   const verified = await compactVerify(jwt, key, options);
   if (verified.protectedHeader.crit?.includes("b64") && verified.protectedHeader.b64 === false) {
@@ -1675,6 +1675,41 @@ async function jwtVerify(jwt, key, options) {
   return result;
 }
 
+// src/lib/ids.ts
+var B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+var B58_MAP = Object.fromEntries([...B58].map((c, i) => [c, i]));
+function encodeUserId(uuid) {
+  const hex = uuid.replace(/-/g, "");
+  if (hex.length !== 32)
+    throw new Error("Invalid UUID: expected 32 hex chars after stripping dashes");
+  let n = BigInt("0x" + hex);
+  let r = "";
+  while (n > 0n) {
+    r = B58[Number(n % 58n)] + r;
+    n /= 58n;
+  }
+  return `user_${r}`;
+}
+function decodeUserId(prefixedId) {
+  if (!prefixedId.startsWith("user_")) return null;
+  const enc = prefixedId.slice(5);
+  if (!enc) return null;
+  let n = 0n;
+  for (const c of enc) {
+    const i = B58_MAP[c] ?? -1;
+    if (i === -1) return null;
+    n = n * 58n + BigInt(i);
+  }
+  const hex = n.toString(16).padStart(32, "0");
+  return [
+    hex.slice(0, 8),
+    hex.slice(8, 12),
+    hex.slice(12, 16),
+    hex.slice(16, 20),
+    hex.slice(20)
+  ].join("-");
+}
+
 // src/server/index.ts
 function isJwksResponse(data) {
   return typeof data === "object" && data !== null && "keys" in data && Array.isArray(data.keys);
@@ -1683,7 +1718,7 @@ function isAccessTokenPayload(payload) {
   return typeof payload.sub === "string" && typeof payload.email === "string" && typeof payload.app_id === "string" && typeof payload.iat === "number" && typeof payload.exp === "number";
 }
 var jwksCache = null;
-async function getJwks(platformUrl = DEFAULT_PLATFORM_URL) {
+async function getJwks(platformUrl = `https://${DEFAULT_SDK_API_HOST}`) {
   const now = Date.now();
   if (jwksCache && jwksCache.expiresAt > now) {
     return jwksCache.keys;
@@ -1704,7 +1739,7 @@ async function getJwks(platformUrl = DEFAULT_PLATFORM_URL) {
   return data.keys;
 }
 async function verifyAccessToken(token, options) {
-  const platformUrl = options.platformUrl || DEFAULT_PLATFORM_URL;
+  const platformUrl = options.platformUrl || `https://${DEFAULT_SDK_API_HOST}`;
   const keys = await getJwks(platformUrl);
   if (!keys.length) {
     throw new Error("No keys in JWKS");
@@ -1721,6 +1756,7 @@ async function verifyAccessToken(token, options) {
       }
       return {
         sub: payload.sub,
+        pid: payload.pid,
         email: payload.email,
         name: payload.name,
         picture: payload.picture,
@@ -1746,7 +1782,7 @@ function configureServer(config) {
   const secretKey = validateAndSanitizeSecretKey(config.secretKey);
   serverConfig = {
     secretKey,
-    platformUrl: (config.platformUrl || DEFAULT_PLATFORM_URL).trim()
+    platformUrl: `https://${DEFAULT_SDK_API_HOST}`.trim()
   };
 }
 function getConfig() {
@@ -1759,7 +1795,7 @@ function getConfig() {
   }
   try {
     const secretKey = validateAndSanitizeSecretKey(rawSecretKey);
-    const platformUrl = (process.env.SYLPHX_PLATFORM_URL || DEFAULT_PLATFORM_URL).trim();
+    const platformUrl = `https://${DEFAULT_SDK_API_HOST}`.trim();
     serverConfig = { secretKey, platformUrl };
     return serverConfig;
   } catch (error) {
@@ -1785,10 +1821,11 @@ var auth = cache2(async () => {
   if (sessionToken && expiresAt && expiresAt > Date.now() + TOKEN_EXPIRY_BUFFER_MS) {
     try {
       const payload = await verifyAccessToken(sessionToken, config);
+      const resolvedUserId = payload.pid ?? payload.sub;
       return {
-        userId: payload.sub,
+        userId: resolvedUserId,
         user: user || {
-          id: payload.sub,
+          id: resolvedUserId,
           email: payload.email,
           name: payload.name || null,
           image: payload.picture || null,
@@ -1824,7 +1861,7 @@ async function handleCallback2(code) {
   if (!config) {
     throw new Error("Sylphx SDK not configured. Set SYLPHX_SECRET_KEY environment variable.");
   }
-  const response = await fetch(`${config.platformUrl}/api/v1/auth/token`, {
+  const response = await fetch(`${config.platformUrl}/v1/auth/token`, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
     body: JSON.stringify({
@@ -1854,7 +1891,7 @@ async function signOut() {
   const { refreshToken } = await getAuthCookies(namespace);
   if (refreshToken) {
     try {
-      await fetch(`${config.platformUrl}/api/v1/auth/revoke`, {
+      await fetch(`${config.platformUrl}/v1/auth/revoke`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({
@@ -1914,6 +1951,8 @@ export {
   createSylphxMiddleware,
   currentUser,
   currentUserId,
+  decodeUserId,
+  encodeUserId,
   getAuthCookies,
   getAuthorizationUrl,
   getCookieNames,