@timbenniks/contentstack-platform-sdk 0.1.0

package/dist/auth/index.cjs

@@ -0,0 +1,607 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/auth/index.ts
+var auth_exports = {};
+__export(auth_exports, {
+  buildAuthorizationUrl: () => buildAuthorizationUrl,
+  contentstackAuthCallbacks: () => contentstackAuthCallbacks,
+  createAuthProvider: () => createAuthProvider,
+  exchangeCode: () => exchangeCode,
+  generateCodeChallenge: () => generateCodeChallenge,
+  generateCodeVerifier: () => generateCodeVerifier,
+  getUser: () => getUser,
+  refreshToken: () => refreshToken
+});
+module.exports = __toCommonJS(auth_exports);
+
+// src/http/errors.ts
+var ContentstackError = class extends Error {
+  name = "ContentstackError";
+  status;
+  errorCode;
+  errors;
+  requestPath;
+  constructor(message, options) {
+    super(message, options?.cause ? { cause: options.cause } : void 0);
+    this.status = options?.status;
+    this.errorCode = options?.errorCode;
+    this.errors = options?.errors;
+    this.requestPath = options?.requestPath;
+  }
+};
+var ContentstackAuthError = class extends ContentstackError {
+  name = "ContentstackAuthError";
+  status = 401;
+};
+var ContentstackForbiddenError = class extends ContentstackError {
+  name = "ContentstackForbiddenError";
+  status = 403;
+};
+var ContentstackNotFoundError = class extends ContentstackError {
+  name = "ContentstackNotFoundError";
+  status = 404;
+};
+var ContentstackValidationError = class extends ContentstackError {
+  name = "ContentstackValidationError";
+  status;
+  constructor(message, options) {
+    super(message, options);
+    this.status = options?.status ?? 400;
+  }
+};
+var ContentstackInvalidApiKeyError = class extends ContentstackError {
+  name = "ContentstackInvalidApiKeyError";
+  status = 412;
+};
+var ContentstackRateLimitError = class extends ContentstackError {
+  name = "ContentstackRateLimitError";
+  status = 429;
+  retryAfter;
+  constructor(message, options) {
+    super(message, { ...options, status: 429 });
+    this.retryAfter = options?.retryAfter;
+  }
+};
+var ContentstackServerError = class extends ContentstackError {
+  name = "ContentstackServerError";
+};
+var ContentstackConfigError = class extends ContentstackError {
+  name = "ContentstackConfigError";
+};
+
+// src/http/client.ts
+var DEFAULT_TIMEOUT = 3e4;
+var DEFAULT_RETRY_LIMIT = 5;
+var DEFAULT_RETRY_DELAY = 300;
+var MAX_JITTER = 100;
+var ContentstackHttpClient = class _ContentstackHttpClient {
+  config;
+  constructor(config) {
+    this.config = {
+      baseUrl: config.baseUrl,
+      headers: config.headers ?? {},
+      timeout: config.timeout ?? DEFAULT_TIMEOUT,
+      retryOnError: config.retryOnError ?? true,
+      retryLimit: config.retryLimit ?? DEFAULT_RETRY_LIMIT,
+      retryDelay: config.retryDelay ?? DEFAULT_RETRY_DELAY,
+      fetch: config.fetch ?? globalThis.fetch.bind(globalThis)
+    };
+  }
+  async get(path, params) {
+    let url = `${this.config.baseUrl}${path}`;
+    if (params) {
+      const searchParams = new URLSearchParams(params);
+      url += `?${searchParams.toString()}`;
+    }
+    return this.request(url, { method: "GET" }, path);
+  }
+  async post(path, body) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(
+      url,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: body !== void 0 ? JSON.stringify(body) : void 0
+      },
+      path
+    );
+  }
+  async put(path, body) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(
+      url,
+      {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: body !== void 0 ? JSON.stringify(body) : void 0
+      },
+      path
+    );
+  }
+  async patch(path, body) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(
+      url,
+      {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json" },
+        body: body !== void 0 ? JSON.stringify(body) : void 0
+      },
+      path
+    );
+  }
+  async delete(path) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(url, { method: "DELETE" }, path);
+  }
+  async postForm(path, params) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(
+      url,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: params.toString()
+      },
+      path
+    );
+  }
+  async upload(path, form) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(url, { method: "POST", body: form }, path);
+  }
+  /** Return a new client with additional headers merged */
+  withHeaders(headers) {
+    return new _ContentstackHttpClient({
+      ...this.config,
+      headers: { ...this.config.headers, ...headers }
+    });
+  }
+  /** Return a new client with a different base URL */
+  withBaseUrl(baseUrl) {
+    return new _ContentstackHttpClient({
+      ...this.config,
+      baseUrl
+    });
+  }
+  async request(url, init, path) {
+    const headers = new Headers(this.config.headers);
+    if (init.headers) {
+      const initHeaders = init.headers instanceof Headers ? init.headers : new Headers(init.headers);
+      initHeaders.forEach((value, key) => headers.set(key, value));
+    }
+    let lastError;
+    const maxAttempts = this.config.retryOnError ? this.config.retryLimit + 1 : 1;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+      try {
+        const response = await this.config.fetch(url, {
+          ...init,
+          headers,
+          signal: controller.signal
+        });
+        if (response.ok) {
+          const data = await response.json().catch(() => ({}));
+          return { data, status: response.status, headers: response.headers };
+        }
+        const isRetryable = response.status === 429 || response.status >= 500;
+        if (isRetryable && this.config.retryOnError && attempt < maxAttempts - 1) {
+          const delay = this.calculateDelay(response, attempt);
+          await sleep(delay);
+          lastError = await this.createError(response, path);
+          continue;
+        }
+        throw await this.createError(response, path);
+      } catch (error) {
+        if (error instanceof ContentstackError) {
+          throw error;
+        }
+        if (error instanceof DOMException && error.name === "AbortError") {
+          throw new ContentstackError(`Request timed out after ${this.config.timeout}ms`, {
+            requestPath: path,
+            cause: error
+          });
+        }
+        throw new ContentstackError("Network request failed", {
+          requestPath: path,
+          cause: error instanceof Error ? error : new Error(String(error))
+        });
+      } finally {
+        clearTimeout(timeoutId);
+      }
+    }
+    throw lastError ?? new ContentstackError("Request failed after retries", { requestPath: path });
+  }
+  calculateDelay(response, attempt) {
+    const retryAfter = response.headers.get("Retry-After");
+    if (retryAfter) {
+      const seconds = Number.parseFloat(retryAfter);
+      if (!Number.isNaN(seconds)) {
+        return seconds * 1e3;
+      }
+    }
+    const jitter = Math.random() * MAX_JITTER;
+    return this.config.retryDelay * 2 ** attempt + jitter;
+  }
+  async createError(response, path) {
+    let body = {};
+    try {
+      body = await response.json();
+    } catch {
+    }
+    const message = body.error_message ?? body.error_description ?? body.message ?? `HTTP ${response.status} error`;
+    const errorCode = body.error_code;
+    const errors = body.errors;
+    const retryAfter = response.headers.get("Retry-After");
+    const opts = { status: response.status, errorCode, errors, requestPath: path };
+    switch (response.status) {
+      case 400:
+        return new ContentstackValidationError(message, { ...opts, status: 400 });
+      case 401:
+        return new ContentstackAuthError(message, opts);
+      case 403:
+        return new ContentstackForbiddenError(message, opts);
+      case 404:
+        return new ContentstackNotFoundError(message, opts);
+      case 412:
+        return new ContentstackInvalidApiKeyError(message, opts);
+      case 422:
+        return new ContentstackValidationError(message, { ...opts, status: 422 });
+      case 429:
+        return new ContentstackRateLimitError(message, {
+          ...opts,
+          retryAfter: retryAfter ? Number.parseFloat(retryAfter) : void 0
+        });
+      default:
+        if (response.status >= 500) {
+          return new ContentstackServerError(message, opts);
+        }
+        return new ContentstackError(message, opts);
+    }
+  }
+};
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/regions/endpoints.ts
+var import_contentstack_endpoints = require("@timbenniks/contentstack-endpoints");
+var BRAND_KIT_URLS = {
+  us: {
+    brandKit: "https://brand-kits-api.contentstack.com",
+    brandKitAI: "https://ai.contentstack.com/brand-kits"
+  },
+  eu: {
+    brandKit: "https://eu-brand-kits-api.contentstack.com",
+    brandKitAI: "https://eu-ai.contentstack.com/brand-kits"
+  },
+  au: {
+    brandKit: "https://au-brand-kits-api.contentstack.com",
+    brandKitAI: "https://au-ai.contentstack.com/brand-kits"
+  },
+  "azure-na": {
+    brandKit: "https://azure-na-brand-kits-api.contentstack.com",
+    brandKitAI: "https://azure-na-ai.contentstack.com/brand-kits"
+  },
+  "azure-eu": {
+    brandKit: "https://azure-eu-brand-kits-api.contentstack.com",
+    brandKitAI: "https://azure-eu-ai.contentstack.com/brand-kits"
+  },
+  "gcp-na": {
+    brandKit: "https://gcp-na-brand-kits-api.contentstack.com",
+    brandKitAI: "https://gcp-na-ai.contentstack.com/brand-kits"
+  },
+  "gcp-eu": {
+    brandKit: "https://gcp-eu-brand-kits-api.contentstack.com",
+    brandKitAI: "https://gcp-eu-ai.contentstack.com/brand-kits"
+  }
+};
+function mapEndpoints(upstream, region, hostsOnly) {
+  const bk = BRAND_KIT_URLS[region];
+  const stripProtocol = (url) => url.replace(/^https?:\/\//, "");
+  return Object.freeze({
+    cma: upstream.contentManagement ?? "",
+    cda: upstream.contentDelivery ?? "",
+    graphql: upstream.graphqlDelivery ?? "",
+    images: upstream.images ?? "",
+    app: upstream.application ?? "",
+    preview: upstream.preview ?? "",
+    graphqlPreview: upstream.graphqlPreview ?? "",
+    launch: upstream.launch ?? "",
+    personalizeEdge: upstream.personalizeEdge ?? "",
+    brandKit: hostsOnly ? stripProtocol(bk.brandKit) : bk.brandKit,
+    brandKitAI: hostsOnly ? stripProtocol(bk.brandKitAI) : bk.brandKitAI
+  });
+}
+var ALL_REGIONS = [
+  "us",
+  "eu",
+  "au",
+  "azure-na",
+  "azure-eu",
+  "gcp-na",
+  "gcp-eu"
+];
+function buildEndpointMap() {
+  const map = {};
+  for (const region of ALL_REGIONS) {
+    map[region] = mapEndpoints((0, import_contentstack_endpoints.getContentstackEndpoints)(region), region, false);
+  }
+  return Object.freeze(map);
+}
+function buildHostMap() {
+  const map = {};
+  for (const region of ALL_REGIONS) {
+    map[region] = mapEndpoints((0, import_contentstack_endpoints.getContentstackEndpoints)(region, true), region, true);
+  }
+  return Object.freeze(map);
+}
+var ENDPOINT_MAP = buildEndpointMap();
+var HOST_MAP = buildHostMap();
+
+// src/regions/resolver.ts
+var VALID_REGIONS = new Set(Object.keys(ENDPOINT_MAP));
+function resolveEndpoints(region) {
+  return ENDPOINT_MAP[region];
+}
+
+// src/auth/pkce.ts
+var CHARSET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+function generateCodeVerifier() {
+  const bytes = new Uint8Array(43);
+  globalThis.crypto.getRandomValues(bytes);
+  let result = "";
+  for (const byte of bytes) {
+    result += CHARSET[byte % CHARSET.length];
+  }
+  return result;
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await globalThis.crypto.subtle.digest("SHA-256", data);
+  const bytes = new Uint8Array(digest);
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+
+// src/auth/oauth-client.ts
+function validateConfig(config) {
+  if (!config.appId) {
+    throw new ContentstackConfigError(
+      "appId is required for OAuth. This is your Contentstack app's UID, not the client ID."
+    );
+  }
+  if (config.appId === config.clientId) {
+    throw new ContentstackConfigError(
+      "appId and clientId must be different. appId is your Contentstack app UID; clientId is the OAuth client identifier."
+    );
+  }
+}
+async function buildAuthorizationUrl(config, options) {
+  validateConfig(config);
+  const endpoints = resolveEndpoints(config.region);
+  const authorizationUrl = `${endpoints.app}/apps/${config.appId}/authorize`;
+  const state = options?.state ?? generateCodeVerifier();
+  const params = new URLSearchParams({
+    response_type: "code",
+    client_id: config.clientId,
+    redirect_uri: config.redirectUri,
+    scope: config.scopes.join(" "),
+    state
+  });
+  let codeVerifier;
+  if (options?.usePKCE) {
+    codeVerifier = generateCodeVerifier();
+    const codeChallenge = await generateCodeChallenge(codeVerifier);
+    params.set("code_challenge", codeChallenge);
+    params.set("code_challenge_method", "S256");
+  }
+  return {
+    url: `${authorizationUrl}?${params.toString()}`,
+    state,
+    codeVerifier
+  };
+}
+function mapTokenResponse(data) {
+  return {
+    accessToken: data.access_token,
+    refreshToken: data.refresh_token,
+    expiresIn: data.expires_in,
+    tokenType: data.token_type
+  };
+}
+async function makeTokenRequest(appBaseUrl, body, errorMessage) {
+  const client = new ContentstackHttpClient({ baseUrl: appBaseUrl });
+  try {
+    const { data } = await client.postForm("/apps-api/token", body);
+    return mapTokenResponse(data);
+  } catch (err) {
+    if (err instanceof ContentstackError) {
+      throw new ContentstackAuthError(err.message || errorMessage, {
+        status: err.status,
+        requestPath: "/apps-api/token",
+        cause: err
+      });
+    }
+    throw new ContentstackAuthError(errorMessage, {
+      requestPath: "/apps-api/token",
+      cause: err instanceof Error ? err : void 0
+    });
+  }
+}
+async function exchangeCode(config, code, options) {
+  const endpoints = resolveEndpoints(config.region);
+  const body = new URLSearchParams({
+    grant_type: "authorization_code",
+    code,
+    redirect_uri: config.redirectUri,
+    client_id: config.clientId,
+    client_secret: config.clientSecret
+  });
+  if (options?.codeVerifier) {
+    body.set("code_verifier", options.codeVerifier);
+  }
+  return makeTokenRequest(endpoints.app, body, "Failed to exchange authorization code");
+}
+async function refreshToken(config, token) {
+  const endpoints = resolveEndpoints(config.region);
+  const body = new URLSearchParams({
+    grant_type: "refresh_token",
+    refresh_token: token,
+    client_id: config.clientId,
+    client_secret: config.clientSecret
+  });
+  return makeTokenRequest(endpoints.app, body, "Failed to refresh token");
+}
+function mapUser(user) {
+  return {
+    uid: user.uid,
+    email: user.email,
+    firstName: user.first_name ?? void 0,
+    lastName: user.last_name ?? void 0,
+    username: user.username ?? void 0,
+    profileImage: user.profile_image ?? void 0
+  };
+}
+async function getUser(region, accessToken) {
+  const endpoints = resolveEndpoints(region);
+  const client = new ContentstackHttpClient({
+    baseUrl: `${endpoints.cma}/v3`,
+    headers: { Authorization: `Bearer ${accessToken}` }
+  });
+  try {
+    const { data } = await client.get("/user");
+    return mapUser(data.user);
+  } catch (err) {
+    if (err instanceof ContentstackError) {
+      throw new ContentstackAuthError(err.message || "Failed to fetch user profile", {
+        status: err.status,
+        requestPath: "/v3/user",
+        cause: err
+      });
+    }
+    throw new ContentstackAuthError("Failed to fetch user profile", {
+      requestPath: "/v3/user",
+      cause: err instanceof Error ? err : void 0
+    });
+  }
+}
+function createAuthProvider(config) {
+  validateConfig(config);
+  const endpoints = resolveEndpoints(config.region);
+  const userClient = new ContentstackHttpClient({ baseUrl: `${endpoints.cma}/v3` });
+  return {
+    id: "contentstack",
+    name: "Contentstack",
+    type: "oauth",
+    checks: ["state"],
+    authorization: {
+      url: `${endpoints.app}/apps/${config.appId}/authorize`,
+      params: {
+        response_type: "code",
+        scope: config.scopes.join(" ")
+      }
+    },
+    token: `${endpoints.app}/apps-api/token`,
+    userinfo: {
+      url: `${endpoints.cma}/v3/user`,
+      async request({ tokens }) {
+        const authedClient = userClient.withHeaders({
+          Authorization: `Bearer ${tokens.access_token}`
+        });
+        const { data } = await authedClient.get("/user");
+        return data;
+      }
+    },
+    profile(profile) {
+      const user = profile.user;
+      return {
+        id: user.uid,
+        name: [user.first_name, user.last_name].filter(Boolean).join(" ") || user.username,
+        email: user.email,
+        image: user.profile_image ?? null
+      };
+    },
+    clientId: config.clientId,
+    clientSecret: config.clientSecret
+  };
+}
+function contentstackAuthCallbacks(config) {
+  return {
+    async jwt({
+      token,
+      account
+    }) {
+      if (account) {
+        token.accessToken = account.access_token;
+        token.refreshToken = account.refresh_token;
+        token.accessTokenExpiresAt = Date.now() + (account.expires_in ?? 3600) * 1e3;
+        return token;
+      }
+      const expiresAt = token.accessTokenExpiresAt;
+      if (expiresAt && Date.now() < expiresAt - 6e4) {
+        return token;
+      }
+      const currentRefreshToken = token.refreshToken;
+      if (!currentRefreshToken) {
+        token.error = "RefreshAccessTokenError";
+        return token;
+      }
+      try {
+        const tokens = await refreshToken(config, currentRefreshToken);
+        token.accessToken = tokens.accessToken;
+        token.refreshToken = tokens.refreshToken;
+        token.accessTokenExpiresAt = Date.now() + tokens.expiresIn * 1e3;
+        token.error = void 0;
+      } catch {
+        token.error = "RefreshAccessTokenError";
+      }
+      return token;
+    },
+    async session({
+      session,
+      token
+    }) {
+      session.accessToken = token.accessToken;
+      if (token.error) {
+        session.error = token.error;
+      }
+      return session;
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  buildAuthorizationUrl,
+  contentstackAuthCallbacks,
+  createAuthProvider,
+  exchangeCode,
+  generateCodeChallenge,
+  generateCodeVerifier,
+  getUser,
+  refreshToken
+});
+//# sourceMappingURL=index.cjs.map