@timbenniks/contentstack-platform-sdk 0.1.0

package/dist/server/middleware/index.cjs

@@ -0,0 +1,614 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/server/middleware/index.ts
+var middleware_exports = {};
+__export(middleware_exports, {
+  createContentstackAuth: () => createContentstackAuth,
+  getAccessToken: () => getAccessToken,
+  getSession: () => getSession,
+  requireSession: () => requireSession
+});
+module.exports = __toCommonJS(middleware_exports);
+
+// src/http/errors.ts
+var ContentstackError = class extends Error {
+  name = "ContentstackError";
+  status;
+  errorCode;
+  errors;
+  requestPath;
+  constructor(message, options) {
+    super(message, options?.cause ? { cause: options.cause } : void 0);
+    this.status = options?.status;
+    this.errorCode = options?.errorCode;
+    this.errors = options?.errors;
+    this.requestPath = options?.requestPath;
+  }
+};
+var ContentstackAuthError = class extends ContentstackError {
+  name = "ContentstackAuthError";
+  status = 401;
+};
+var ContentstackForbiddenError = class extends ContentstackError {
+  name = "ContentstackForbiddenError";
+  status = 403;
+};
+var ContentstackNotFoundError = class extends ContentstackError {
+  name = "ContentstackNotFoundError";
+  status = 404;
+};
+var ContentstackValidationError = class extends ContentstackError {
+  name = "ContentstackValidationError";
+  status;
+  constructor(message, options) {
+    super(message, options);
+    this.status = options?.status ?? 400;
+  }
+};
+var ContentstackInvalidApiKeyError = class extends ContentstackError {
+  name = "ContentstackInvalidApiKeyError";
+  status = 412;
+};
+var ContentstackRateLimitError = class extends ContentstackError {
+  name = "ContentstackRateLimitError";
+  status = 429;
+  retryAfter;
+  constructor(message, options) {
+    super(message, { ...options, status: 429 });
+    this.retryAfter = options?.retryAfter;
+  }
+};
+var ContentstackServerError = class extends ContentstackError {
+  name = "ContentstackServerError";
+};
+var ContentstackConfigError = class extends ContentstackError {
+  name = "ContentstackConfigError";
+};
+
+// src/regions/endpoints.ts
+var import_contentstack_endpoints = require("@timbenniks/contentstack-endpoints");
+var BRAND_KIT_URLS = {
+  us: {
+    brandKit: "https://brand-kits-api.contentstack.com",
+    brandKitAI: "https://ai.contentstack.com/brand-kits"
+  },
+  eu: {
+    brandKit: "https://eu-brand-kits-api.contentstack.com",
+    brandKitAI: "https://eu-ai.contentstack.com/brand-kits"
+  },
+  au: {
+    brandKit: "https://au-brand-kits-api.contentstack.com",
+    brandKitAI: "https://au-ai.contentstack.com/brand-kits"
+  },
+  "azure-na": {
+    brandKit: "https://azure-na-brand-kits-api.contentstack.com",
+    brandKitAI: "https://azure-na-ai.contentstack.com/brand-kits"
+  },
+  "azure-eu": {
+    brandKit: "https://azure-eu-brand-kits-api.contentstack.com",
+    brandKitAI: "https://azure-eu-ai.contentstack.com/brand-kits"
+  },
+  "gcp-na": {
+    brandKit: "https://gcp-na-brand-kits-api.contentstack.com",
+    brandKitAI: "https://gcp-na-ai.contentstack.com/brand-kits"
+  },
+  "gcp-eu": {
+    brandKit: "https://gcp-eu-brand-kits-api.contentstack.com",
+    brandKitAI: "https://gcp-eu-ai.contentstack.com/brand-kits"
+  }
+};
+function mapEndpoints(upstream, region, hostsOnly) {
+  const bk = BRAND_KIT_URLS[region];
+  const stripProtocol = (url) => url.replace(/^https?:\/\//, "");
+  return Object.freeze({
+    cma: upstream.contentManagement ?? "",
+    cda: upstream.contentDelivery ?? "",
+    graphql: upstream.graphqlDelivery ?? "",
+    images: upstream.images ?? "",
+    app: upstream.application ?? "",
+    preview: upstream.preview ?? "",
+    graphqlPreview: upstream.graphqlPreview ?? "",
+    launch: upstream.launch ?? "",
+    personalizeEdge: upstream.personalizeEdge ?? "",
+    brandKit: hostsOnly ? stripProtocol(bk.brandKit) : bk.brandKit,
+    brandKitAI: hostsOnly ? stripProtocol(bk.brandKitAI) : bk.brandKitAI
+  });
+}
+var ALL_REGIONS = [
+  "us",
+  "eu",
+  "au",
+  "azure-na",
+  "azure-eu",
+  "gcp-na",
+  "gcp-eu"
+];
+function buildEndpointMap() {
+  const map = {};
+  for (const region of ALL_REGIONS) {
+    map[region] = mapEndpoints((0, import_contentstack_endpoints.getContentstackEndpoints)(region), region, false);
+  }
+  return Object.freeze(map);
+}
+function buildHostMap() {
+  const map = {};
+  for (const region of ALL_REGIONS) {
+    map[region] = mapEndpoints((0, import_contentstack_endpoints.getContentstackEndpoints)(region, true), region, true);
+  }
+  return Object.freeze(map);
+}
+var ENDPOINT_MAP = buildEndpointMap();
+var HOST_MAP = buildHostMap();
+
+// src/regions/resolver.ts
+var VALID_REGIONS = new Set(Object.keys(ENDPOINT_MAP));
+function resolveEndpoints(region) {
+  return ENDPOINT_MAP[region];
+}
+
+// src/http/client.ts
+var DEFAULT_TIMEOUT = 3e4;
+var DEFAULT_RETRY_LIMIT = 5;
+var DEFAULT_RETRY_DELAY = 300;
+var MAX_JITTER = 100;
+var ContentstackHttpClient = class _ContentstackHttpClient {
+  config;
+  constructor(config) {
+    this.config = {
+      baseUrl: config.baseUrl,
+      headers: config.headers ?? {},
+      timeout: config.timeout ?? DEFAULT_TIMEOUT,
+      retryOnError: config.retryOnError ?? true,
+      retryLimit: config.retryLimit ?? DEFAULT_RETRY_LIMIT,
+      retryDelay: config.retryDelay ?? DEFAULT_RETRY_DELAY,
+      fetch: config.fetch ?? globalThis.fetch.bind(globalThis)
+    };
+  }
+  async get(path, params) {
+    let url = `${this.config.baseUrl}${path}`;
+    if (params) {
+      const searchParams = new URLSearchParams(params);
+      url += `?${searchParams.toString()}`;
+    }
+    return this.request(url, { method: "GET" }, path);
+  }
+  async post(path, body) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(
+      url,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: body !== void 0 ? JSON.stringify(body) : void 0
+      },
+      path
+    );
+  }
+  async put(path, body) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(
+      url,
+      {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: body !== void 0 ? JSON.stringify(body) : void 0
+      },
+      path
+    );
+  }
+  async patch(path, body) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(
+      url,
+      {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json" },
+        body: body !== void 0 ? JSON.stringify(body) : void 0
+      },
+      path
+    );
+  }
+  async delete(path) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(url, { method: "DELETE" }, path);
+  }
+  async postForm(path, params) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(
+      url,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: params.toString()
+      },
+      path
+    );
+  }
+  async upload(path, form) {
+    const url = `${this.config.baseUrl}${path}`;
+    return this.request(url, { method: "POST", body: form }, path);
+  }
+  /** Return a new client with additional headers merged */
+  withHeaders(headers) {
+    return new _ContentstackHttpClient({
+      ...this.config,
+      headers: { ...this.config.headers, ...headers }
+    });
+  }
+  /** Return a new client with a different base URL */
+  withBaseUrl(baseUrl) {
+    return new _ContentstackHttpClient({
+      ...this.config,
+      baseUrl
+    });
+  }
+  async request(url, init, path) {
+    const headers = new Headers(this.config.headers);
+    if (init.headers) {
+      const initHeaders = init.headers instanceof Headers ? init.headers : new Headers(init.headers);
+      initHeaders.forEach((value, key) => headers.set(key, value));
+    }
+    let lastError;
+    const maxAttempts = this.config.retryOnError ? this.config.retryLimit + 1 : 1;
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+      try {
+        const response = await this.config.fetch(url, {
+          ...init,
+          headers,
+          signal: controller.signal
+        });
+        if (response.ok) {
+          const data = await response.json().catch(() => ({}));
+          return { data, status: response.status, headers: response.headers };
+        }
+        const isRetryable = response.status === 429 || response.status >= 500;
+        if (isRetryable && this.config.retryOnError && attempt < maxAttempts - 1) {
+          const delay = this.calculateDelay(response, attempt);
+          await sleep(delay);
+          lastError = await this.createError(response, path);
+          continue;
+        }
+        throw await this.createError(response, path);
+      } catch (error) {
+        if (error instanceof ContentstackError) {
+          throw error;
+        }
+        if (error instanceof DOMException && error.name === "AbortError") {
+          throw new ContentstackError(`Request timed out after ${this.config.timeout}ms`, {
+            requestPath: path,
+            cause: error
+          });
+        }
+        throw new ContentstackError("Network request failed", {
+          requestPath: path,
+          cause: error instanceof Error ? error : new Error(String(error))
+        });
+      } finally {
+        clearTimeout(timeoutId);
+      }
+    }
+    throw lastError ?? new ContentstackError("Request failed after retries", { requestPath: path });
+  }
+  calculateDelay(response, attempt) {
+    const retryAfter = response.headers.get("Retry-After");
+    if (retryAfter) {
+      const seconds = Number.parseFloat(retryAfter);
+      if (!Number.isNaN(seconds)) {
+        return seconds * 1e3;
+      }
+    }
+    const jitter = Math.random() * MAX_JITTER;
+    return this.config.retryDelay * 2 ** attempt + jitter;
+  }
+  async createError(response, path) {
+    let body = {};
+    try {
+      body = await response.json();
+    } catch {
+    }
+    const message = body.error_message ?? body.error_description ?? body.message ?? `HTTP ${response.status} error`;
+    const errorCode = body.error_code;
+    const errors = body.errors;
+    const retryAfter = response.headers.get("Retry-After");
+    const opts = { status: response.status, errorCode, errors, requestPath: path };
+    switch (response.status) {
+      case 400:
+        return new ContentstackValidationError(message, { ...opts, status: 400 });
+      case 401:
+        return new ContentstackAuthError(message, opts);
+      case 403:
+        return new ContentstackForbiddenError(message, opts);
+      case 404:
+        return new ContentstackNotFoundError(message, opts);
+      case 412:
+        return new ContentstackInvalidApiKeyError(message, opts);
+      case 422:
+        return new ContentstackValidationError(message, { ...opts, status: 422 });
+      case 429:
+        return new ContentstackRateLimitError(message, {
+          ...opts,
+          retryAfter: retryAfter ? Number.parseFloat(retryAfter) : void 0
+        });
+      default:
+        if (response.status >= 500) {
+          return new ContentstackServerError(message, opts);
+        }
+        return new ContentstackError(message, opts);
+    }
+  }
+};
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/auth/oauth-client.ts
+function validateConfig(config) {
+  if (!config.appId) {
+    throw new ContentstackConfigError(
+      "appId is required for OAuth. This is your Contentstack app's UID, not the client ID."
+    );
+  }
+  if (config.appId === config.clientId) {
+    throw new ContentstackConfigError(
+      "appId and clientId must be different. appId is your Contentstack app UID; clientId is the OAuth client identifier."
+    );
+  }
+}
+function mapTokenResponse(data) {
+  return {
+    accessToken: data.access_token,
+    refreshToken: data.refresh_token,
+    expiresIn: data.expires_in,
+    tokenType: data.token_type
+  };
+}
+async function makeTokenRequest(appBaseUrl, body, errorMessage) {
+  const client = new ContentstackHttpClient({ baseUrl: appBaseUrl });
+  try {
+    const { data } = await client.postForm("/apps-api/token", body);
+    return mapTokenResponse(data);
+  } catch (err) {
+    if (err instanceof ContentstackError) {
+      throw new ContentstackAuthError(err.message || errorMessage, {
+        status: err.status,
+        requestPath: "/apps-api/token",
+        cause: err
+      });
+    }
+    throw new ContentstackAuthError(errorMessage, {
+      requestPath: "/apps-api/token",
+      cause: err instanceof Error ? err : void 0
+    });
+  }
+}
+async function refreshToken(config, token) {
+  const endpoints = resolveEndpoints(config.region);
+  const body = new URLSearchParams({
+    grant_type: "refresh_token",
+    refresh_token: token,
+    client_id: config.clientId,
+    client_secret: config.clientSecret
+  });
+  return makeTokenRequest(endpoints.app, body, "Failed to refresh token");
+}
+function mapUser(user) {
+  return {
+    uid: user.uid,
+    email: user.email,
+    firstName: user.first_name ?? void 0,
+    lastName: user.last_name ?? void 0,
+    username: user.username ?? void 0,
+    profileImage: user.profile_image ?? void 0
+  };
+}
+async function getUser(region, accessToken) {
+  const endpoints = resolveEndpoints(region);
+  const client = new ContentstackHttpClient({
+    baseUrl: `${endpoints.cma}/v3`,
+    headers: { Authorization: `Bearer ${accessToken}` }
+  });
+  try {
+    const { data } = await client.get("/user");
+    return mapUser(data.user);
+  } catch (err) {
+    if (err instanceof ContentstackError) {
+      throw new ContentstackAuthError(err.message || "Failed to fetch user profile", {
+        status: err.status,
+        requestPath: "/v3/user",
+        cause: err
+      });
+    }
+    throw new ContentstackAuthError("Failed to fetch user profile", {
+      requestPath: "/v3/user",
+      cause: err instanceof Error ? err : void 0
+    });
+  }
+}
+function createAuthProvider(config) {
+  validateConfig(config);
+  const endpoints = resolveEndpoints(config.region);
+  const userClient = new ContentstackHttpClient({ baseUrl: `${endpoints.cma}/v3` });
+  return {
+    id: "contentstack",
+    name: "Contentstack",
+    type: "oauth",
+    checks: ["state"],
+    authorization: {
+      url: `${endpoints.app}/apps/${config.appId}/authorize`,
+      params: {
+        response_type: "code",
+        scope: config.scopes.join(" ")
+      }
+    },
+    token: `${endpoints.app}/apps-api/token`,
+    userinfo: {
+      url: `${endpoints.cma}/v3/user`,
+      async request({ tokens }) {
+        const authedClient = userClient.withHeaders({
+          Authorization: `Bearer ${tokens.access_token}`
+        });
+        const { data } = await authedClient.get("/user");
+        return data;
+      }
+    },
+    profile(profile) {
+      const user = profile.user;
+      return {
+        id: user.uid,
+        name: [user.first_name, user.last_name].filter(Boolean).join(" ") || user.username,
+        email: user.email,
+        image: user.profile_image ?? null
+      };
+    },
+    clientId: config.clientId,
+    clientSecret: config.clientSecret
+  };
+}
+function contentstackAuthCallbacks(config) {
+  return {
+    async jwt({
+      token,
+      account
+    }) {
+      if (account) {
+        token.accessToken = account.access_token;
+        token.refreshToken = account.refresh_token;
+        token.accessTokenExpiresAt = Date.now() + (account.expires_in ?? 3600) * 1e3;
+        return token;
+      }
+      const expiresAt = token.accessTokenExpiresAt;
+      if (expiresAt && Date.now() < expiresAt - 6e4) {
+        return token;
+      }
+      const currentRefreshToken = token.refreshToken;
+      if (!currentRefreshToken) {
+        token.error = "RefreshAccessTokenError";
+        return token;
+      }
+      try {
+        const tokens = await refreshToken(config, currentRefreshToken);
+        token.accessToken = tokens.accessToken;
+        token.refreshToken = tokens.refreshToken;
+        token.accessTokenExpiresAt = Date.now() + tokens.expiresIn * 1e3;
+        token.error = void 0;
+      } catch {
+        token.error = "RefreshAccessTokenError";
+      }
+      return token;
+    },
+    async session({
+      session,
+      token
+    }) {
+      session.accessToken = token.accessToken;
+      if (token.error) {
+        session.error = token.error;
+      }
+      return session;
+    }
+  };
+}
+
+// src/server/middleware/auth.ts
+async function createContentstackAuth(config) {
+  const { default: NextAuth } = await import("next-auth");
+  const oauthConfig = {
+    region: config.region,
+    appId: config.appId,
+    clientId: config.clientId,
+    clientSecret: config.clientSecret,
+    scopes: config.scopes,
+    redirectUri: "auto"
+  };
+  const provider = createAuthProvider(oauthConfig);
+  const baseCallbacks = contentstackAuthCallbacks(oauthConfig);
+  const callbacks = {
+    async jwt(params) {
+      const token = await baseCallbacks.jwt(params);
+      if (params.account && config.onSignIn) {
+        try {
+          const user = await getUser(config.region, token.accessToken);
+          const tokens = {
+            accessToken: token.accessToken,
+            refreshToken: token.refreshToken,
+            expiresIn: Math.floor((token.accessTokenExpiresAt - Date.now()) / 1e3),
+            tokenType: "Bearer"
+          };
+          await config.onSignIn(user, tokens);
+        } catch {
+        }
+      }
+      return token;
+    },
+    session: baseCallbacks.session
+  };
+  return NextAuth({
+    providers: [provider],
+    callbacks,
+    secret: config.secret,
+    trustHost: config.trustHost ?? true,
+    session: { strategy: "jwt" },
+    pages: {
+      signIn: config.signInPage ?? "/login",
+      error: config.errorPage ?? "/login"
+    }
+  });
+}
+
+// src/server/middleware/session.ts
+async function getSession(authFn) {
+  const session = await authFn();
+  if (!session?.accessToken) return null;
+  return { accessToken: session.accessToken, user: session.user };
+}
+async function requireSession(authFn, redirectTo) {
+  const session = await getSession(authFn);
+  if (!session) {
+    throw new ContentstackAuthError(
+      redirectTo ? `Authentication required. Redirect to: ${redirectTo}` : "Authentication required",
+      { status: 401 }
+    );
+  }
+  return session;
+}
+async function getAccessToken(authFn) {
+  const session = await authFn();
+  return session?.accessToken ?? null;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createContentstackAuth,
+  getAccessToken,
+  getSession,
+  requireSession
+});
+//# sourceMappingURL=index.cjs.map