@ticketboothapp/booking 0.1.0

package/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "@ticketboothapp/booking",
+  "version": "0.1.0",
+  "private": false,
+  "sideEffects": false,
+  "publishConfig": {
+    "access": "restricted"
+  },
+  "exports": {
+    ".": "./src/index.ts"
+  },
+  "peerDependencies": {
+    "next": "^15.0.0",
+    "react": "^18.0.0",
+    "react-dom": "^18.0.0"
+  }
+}

package/src/correlation-id.ts

@@ -0,0 +1,45 @@
+/**
+ * Keep in sync with `src/lib/booking/correlation-id.ts` (main site).
+ * Same storage key so partner portal catalog calls share one id with `booking-api` on this origin.
+ */
+
+export const BOOKING_CORRELATION_HEADER = 'X-Correlation-Id';
+
+const STORAGE_KEY = 'tb_booking_correlation_id';
+
+function newCorrelationId(): string {
+  try {
+    if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+      return crypto.randomUUID();
+    }
+  } catch {
+    /* fall through */
+  }
+  return `${Date.now()}-${Math.random().toString(36).slice(2, 12)}`;
+}
+
+export function getOrCreateBookingCorrelationId(): string {
+  if (typeof window === 'undefined') return '';
+  try {
+    let id = sessionStorage.getItem(STORAGE_KEY);
+    if (!id) {
+      id = newCorrelationId();
+      sessionStorage.setItem(STORAGE_KEY, id);
+    }
+    return id;
+  } catch {
+    return newCorrelationId();
+  }
+}
+
+export function withBookingCorrelationId(
+  headers: Record<string, string>
+): Record<string, string> {
+  if (typeof window === 'undefined') return headers;
+  const id = getOrCreateBookingCorrelationId();
+  if (!id) return headers;
+  return {
+    ...headers,
+    [BOOKING_CORRELATION_HEADER]: id,
+  };
+}

package/src/index.ts

@@ -0,0 +1,12 @@
+export {
+  getPublicPartners,
+  getPublicPartnerAgents,
+  getPartnerPortalDirectoryPartners,
+  getPartnerPortalDirectoryAgents,
+  getPublicPartnerPortalSignInEmails,
+  getPublicStaffPortalSignInOptions,
+  getPublicStaffPortalSignInEmails,
+  type PublicPartner,
+  type PublicPartnerAgent,
+  type PublicStaffPortalSignInOption,
+} from './public-partners';

package/src/public-partners.ts

@@ -0,0 +1,258 @@
+/**
+ * Public partner/agent list for anonymous partner booking (no JWT).
+ * Uses NEXT_PUBLIC_* env from the consuming Next app at build time.
+ */
+
+function apiBase(): string {
+  const u = process.env.NEXT_PUBLIC_API_URL;
+  if (!u) {
+    throw new Error('NEXT_PUBLIC_API_URL is not set');
+  }
+  return u.replace(/\/$/, '');
+}
+
+function parsePickupLocationIds(row: Record<string, unknown>): string[] | undefined {
+  const multi =
+    row.pickupLocationIds ??
+    row.pickup_location_ids ??
+    row.preferredPickupLocationIds ??
+    row.preferred_pickup_location_ids;
+  if (Array.isArray(multi)) {
+    const ids = multi
+      .filter((x): x is string => typeof x === 'string' && x.trim().length > 0)
+      .map((x) => x.trim());
+    if (ids.length > 0) return ids;
+  }
+  const single =
+    row.pickupLocationId ??
+    row.pickup_location_id ??
+    row.defaultPickupLocationId ??
+    row.default_pickup_location_id;
+  if (typeof single === 'string' && single.trim()) return [single.trim()];
+  const nested = row.pickupLocation ?? row.pickup_location;
+  if (nested && typeof nested === 'object' && nested !== null && 'id' in nested) {
+    const id = (nested as { id?: unknown }).id;
+    if (typeof id === 'string' && id.trim()) return [id.trim()];
+  }
+  return undefined;
+}
+
+export interface PublicPartner {
+  id: string;
+  displayName: string;
+  /**
+   * Optional pickup location id(s) from the API — must match `Product.pickupLocations[].id`
+   * for highlight / portal auto-select.
+   */
+  pickupLocationIds?: string[];
+  /**
+   * From `directory=1` responses. When false, anonymous users must sign in before the embedded book flow.
+   */
+  anonymousBookAllowed?: boolean;
+  /** B2B / partner pricing profile id when the API exposes it (optional). */
+  pricingProfileId?: string;
+  /** Partner cancellation-policy profile id when the API exposes it (optional). */
+  cancellationPolicyProfileId?: string;
+}
+
+export interface PublicPartnerAgent {
+  id: string;
+  displayName: string;
+  pickupLocationIds?: string[];
+}
+
+export interface PublicStaffPortalSignInOption {
+  staffId?: string;
+  email: string;
+  displayName: string;
+}
+
+function mapPartnerApiRow(
+  r: Record<string, unknown> & { partnerId: string; name: string },
+): PublicPartner {
+  const pickupLocationIds = parsePickupLocationIds(r);
+  const anonymousBookAllowed = r.anonymousBookAllowed !== false;
+  const cap =
+    r.capabilities && typeof r.capabilities === 'object' && !Array.isArray(r.capabilities)
+      ? (r.capabilities as Record<string, unknown>)
+      : null;
+  const rawProfile =
+    typeof r.pricingProfileId === 'string'
+      ? r.pricingProfileId
+      : cap && typeof cap.pricingProfileId === 'string'
+        ? cap.pricingProfileId
+        : '';
+  const pricingProfileId = rawProfile.trim() || undefined;
+  const rawCancellationProfile =
+    typeof r.cancellationPolicyProfileId === 'string'
+      ? r.cancellationPolicyProfileId
+      : cap && typeof cap.cancellationPolicyProfileId === 'string'
+        ? cap.cancellationPolicyProfileId
+        : '';
+  const cancellationPolicyProfileId = rawCancellationProfile.trim() || undefined;
+  return {
+    id: r.partnerId,
+    displayName: r.name,
+    anonymousBookAllowed,
+    ...(pickupLocationIds?.length ? { pickupLocationIds } : {}),
+    ...(pricingProfileId ? { pricingProfileId } : {}),
+    ...(cancellationPolicyProfileId ? { cancellationPolicyProfileId } : {}),
+  };
+}
+
+/** Partners that allow anonymous embedded booking (marketing / public widgets). */
+export async function getPublicPartners(companyId: string): Promise<PublicPartner[]> {
+  const url = new URL(
+    `${apiBase()}/1/companies/${encodeURIComponent(companyId)}/partners/public`,
+  );
+  const res = await fetch(url.toString());
+  if (!res.ok) {
+    const text = await res.text().catch(() => '');
+    throw new Error(`getPublicPartners failed: ${res.status} ${text}`);
+  }
+  const json = (await res.json()) as {
+    data?: { partners?: Array<Record<string, unknown> & { partnerId: string; name: string }> };
+  };
+  const rows = json.data?.partners ?? [];
+  return rows.map((r) => mapPartnerApiRow(r));
+}
+
+/**
+ * All enabled partner orgs for the partner portal (sign-in org picker, etc.), including auth-only orgs.
+ * Use {@link getPublicPartners} when you only want anonymous-book-eligible partners.
+ */
+export async function getPartnerPortalDirectoryPartners(companyId: string): Promise<PublicPartner[]> {
+  const url = new URL(
+    `${apiBase()}/1/companies/${encodeURIComponent(companyId)}/partners/public`,
+  );
+  url.searchParams.set('directory', '1');
+  const res = await fetch(url.toString());
+  if (!res.ok) {
+    const text = await res.text().catch(() => '');
+    throw new Error(`getPartnerPortalDirectoryPartners failed: ${res.status} ${text}`);
+  }
+  const json = (await res.json()) as {
+    data?: { partners?: Array<Record<string, unknown> & { partnerId: string; name: string }> };
+  };
+  const rows = json.data?.partners ?? [];
+  return rows.map((r) => mapPartnerApiRow(r));
+}
+
+export async function getPublicPartnerAgents(
+  companyId: string,
+  partnerId: string,
+): Promise<PublicPartnerAgent[]> {
+  const url = new URL(
+    `${apiBase()}/1/companies/${encodeURIComponent(companyId)}/partners/${encodeURIComponent(partnerId)}/agents/public`,
+  );
+  const res = await fetch(url.toString());
+  if (!res.ok) {
+    const text = await res.text().catch(() => '');
+    throw new Error(`getPublicPartnerAgents failed: ${res.status} ${text}`);
+  }
+  const json = (await res.json()) as {
+    data?: { agents?: Array<Record<string, unknown> & { agentId: string; name: string }> };
+  };
+  const rows = json.data?.agents ?? [];
+  return rows.map((r) => {
+    const pickupLocationIds = parsePickupLocationIds(r);
+    return {
+      id: r.agentId,
+      displayName: r.name,
+      ...(pickupLocationIds?.length ? { pickupLocationIds } : {}),
+    };
+  });
+}
+
+/** Agents for portal UI (includes orgs that require partner sign-in for booking). */
+export async function getPartnerPortalDirectoryAgents(
+  companyId: string,
+  partnerId: string,
+): Promise<PublicPartnerAgent[]> {
+  const url = new URL(
+    `${apiBase()}/1/companies/${encodeURIComponent(companyId)}/partners/${encodeURIComponent(partnerId)}/agents/public`,
+  );
+  url.searchParams.set('directory', '1');
+  const res = await fetch(url.toString());
+  if (!res.ok) {
+    const text = await res.text().catch(() => '');
+    throw new Error(`getPartnerPortalDirectoryAgents failed: ${res.status} ${text}`);
+  }
+  const json = (await res.json()) as {
+    data?: { agents?: Array<Record<string, unknown> & { agentId: string; name: string }> };
+  };
+  const rows = json.data?.agents ?? [];
+  return rows.map((r) => {
+    const pickupLocationIds = parsePickupLocationIds(r);
+    return {
+      id: r.agentId,
+      displayName: r.name,
+      ...(pickupLocationIds?.length ? { pickupLocationIds } : {}),
+    };
+  });
+}
+
+/** Emails eligible for partner-portal emailed sign-in code (org + account + enabled agents' payout). */
+export async function getPublicPartnerPortalSignInEmails(
+  companyId: string,
+  partnerId: string,
+): Promise<string[]> {
+  const url = new URL(
+    `${apiBase()}/1/companies/${encodeURIComponent(companyId)}/partners/${encodeURIComponent(partnerId)}/portal-signin-emails/public`,
+  );
+  const res = await fetch(url.toString());
+  if (!res.ok) {
+    const text = await res.text().catch(() => '');
+    throw new Error(`getPublicPartnerPortalSignInEmails failed: ${res.status} ${text}`);
+  }
+  const json = (await res.json()) as { data?: { emails?: string[] } };
+  const emails = json.data?.emails;
+  if (!Array.isArray(emails)) return [];
+  return emails.filter((e): e is string => typeof e === 'string' && e.trim().length > 0);
+}
+
+/** Staff portal sign-in options (displayName label + normalized email value). */
+export async function getPublicStaffPortalSignInOptions(
+  companyId: string,
+): Promise<PublicStaffPortalSignInOption[]> {
+  const url = new URL(
+    `${apiBase()}/1/companies/${encodeURIComponent(companyId)}/staff-portal-signin-emails/public`,
+  );
+  // Keep this request "simple" (no custom headers) to avoid CORS preflight latency.
+  const res = await fetch(url.toString());
+  if (!res.ok) {
+    const text = await res.text().catch(() => '');
+    throw new Error(`getPublicStaffPortalSignInEmails failed: ${res.status} ${text}`);
+  }
+  const json = (await res.json()) as {
+    data?: { options?: Array<Record<string, unknown>>; emails?: string[] };
+  };
+  const optionsRaw = json.data?.options;
+  if (Array.isArray(optionsRaw) && optionsRaw.length > 0) {
+    return optionsRaw
+      .map((row) => {
+        const staffId = typeof row.staffId === 'string' ? row.staffId.trim() : '';
+        const email = typeof row.email === 'string' ? row.email.trim() : '';
+        const displayName = typeof row.displayName === 'string' ? row.displayName.trim() : '';
+        if (!email) return null;
+        return {
+          ...(staffId ? { staffId } : {}),
+          email,
+          displayName: displayName || email,
+        };
+      })
+      .filter((row): row is PublicStaffPortalSignInOption => row != null);
+  }
+  // Backward compatibility with older backend shape.
+  const emails = json.data?.emails;
+  if (!Array.isArray(emails)) return [];
+  return emails
+    .filter((e): e is string => typeof e === 'string' && e.trim().length > 0)
+    .map((email) => ({ email: email.trim(), displayName: email.trim() }));
+}
+
+/** Legacy helper retained for callers that still only need email values. */
+export async function getPublicStaffPortalSignInEmails(companyId: string): Promise<string[]> {
+  const options = await getPublicStaffPortalSignInOptions(companyId);
+  return options.map((o) => o.email);
+}

package/src/trace-context.ts

@@ -0,0 +1,53 @@
+/**
+ * Keep in sync with `src/lib/booking/trace-context.ts` (main site).
+ * Same storage keys so portal catalog calls share W3C trace id with booking-api on this origin.
+ */
+
+import {
+  BOOKING_CORRELATION_HEADER,
+  getOrCreateBookingCorrelationId,
+} from './correlation-id';
+
+/** Lowercase header name per W3C Trace Context. */
+export const BOOKING_TRACEPARENT_HEADER = 'traceparent';
+
+const STORAGE_W3C_TRACE_ID = 'tb_booking_w3c_trace_id';
+
+function randomHex(byteLength: number): string {
+  const buf = new Uint8Array(byteLength);
+  crypto.getRandomValues(buf);
+  return Array.from(buf, (b) => b.toString(16).padStart(2, '0')).join('');
+}
+
+function getOrCreateW3CTraceId(): string {
+  if (typeof window === 'undefined') {
+    return randomHex(16);
+  }
+  try {
+    let tid = sessionStorage.getItem(STORAGE_W3C_TRACE_ID);
+    if (!tid || !/^[0-9a-f]{32}$/i.test(tid)) {
+      tid = randomHex(16);
+      sessionStorage.setItem(STORAGE_W3C_TRACE_ID, tid);
+    }
+    return tid.toLowerCase();
+  } catch {
+    return randomHex(16);
+  }
+}
+
+export function buildTraceparent(): string {
+  const traceId = getOrCreateW3CTraceId();
+  const spanId = randomHex(8);
+  return `00-${traceId}-${spanId}-01`;
+}
+
+export function withBookingOutboundHeaders(
+  headers: Record<string, string>,
+): Record<string, string> {
+  if (typeof window === 'undefined') return headers;
+  const cid = getOrCreateBookingCorrelationId();
+  const next = { ...headers };
+  if (cid) next[BOOKING_CORRELATION_HEADER] = cid;
+  next[BOOKING_TRACEPARENT_HEADER] = buildTraceparent();
+  return next;
+}

package/tsconfig.json

@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "target": "ES2017",
+    "lib": ["dom", "dom.iterable", "esnext"],
+    "strict": true,
+    "noEmit": true,
+    "module": "esnext",
+    "moduleResolution": "bundler",
+    "jsx": "react-jsx",
+    "isolatedModules": true,
+    "skipLibCheck": true
+  },
+  "include": ["src/**/*.ts", "src/**/*.tsx"]
+}