@tiquo/dom-package 1.3.2 → 1.4.0

package/dist/index.d.mts

@@ -231,6 +231,9 @@ declare global {
             accessToken: string;
             refreshToken?: string;
         };
+        __tiquo_get_iframe_token?: () => Promise<{
+            token: string;
+        }>;
     }
 }
 interface TiquoUser {
@@ -322,6 +325,12 @@ interface TiquoOrderItem {
     total: number;
     type: 'product' | 'booking' | 'custom';
 }
+/**
+ * An order belonging to the authenticated customer.
+ *
+ * Note: abandoned `lost_cart` orders are never returned — they're internal
+ * marketing-recovery state, not part of the customer's purchase history.
+ */
 interface TiquoOrder {
     id: string;
     orderNumber: string;
@@ -334,7 +343,7 @@ interface TiquoOrder {
     items: TiquoOrderItem[];
     createdAt: number;
     completedAt?: number;
-    customerRole: 'primary' | 'attendee' | 'recipient' | 'billing' | 'guest' | 'other';
+    customerRole: 'primary' | 'attendee' | 'billing' | 'referrer' | 'other';
 }
 interface GetOrdersOptions {
     limit?: number;
@@ -346,6 +355,74 @@ interface GetOrdersResult {
     hasMore: boolean;
     nextCursor?: string;
 }
+interface TiquoReceiptItem {
+    id: string;
+    name: string;
+    quantity: number;
+    unitPrice: number;
+    subtotal: number;
+    tax: number;
+    discount: number;
+    total: number;
+    type: 'product' | 'booking' | 'custom' | 'membership';
+    specialInstructions?: string;
+}
+interface TiquoReceiptBusiness {
+    name?: string;
+    logo?: string;
+    brandName?: string;
+    primaryColor?: string;
+    vatNumber?: string;
+    address?: string;
+    city?: string;
+    postalCode?: string;
+    country?: string;
+    email?: string;
+    phone?: string;
+    sublocationName?: string;
+    locationName?: string;
+}
+interface TiquoReceiptCustomer {
+    id: string;
+    customerNumber: string;
+    displayName?: string;
+    email?: string;
+}
+interface TiquoReceiptOrder {
+    id: string;
+    orderNumber: string;
+    status: TiquoOrder['status'];
+    paymentStatus: TiquoOrder['paymentStatus'];
+    currency: string;
+    subtotal: number;
+    taxTotal: number;
+    /** "Tax Inclusive" or "Tax Exclusive" — controls how the receipt should render tax lines. */
+    taxSetting?: string;
+    discountTotal: number;
+    discountName?: string;
+    serviceChargeAmount?: number;
+    tipAmount?: number;
+    total: number;
+    refundAmount?: number;
+    refundedAt?: number;
+    paymentMethod?: string;
+    cardBrand?: string;
+    cardLast4?: string;
+    items: TiquoReceiptItem[];
+    createdAt: number;
+    completedAt?: number;
+}
+/**
+ * A printable receipt for a single paid/completed order owned by the
+ * authenticated customer. Combines order totals, line items, business
+ * branding (logo, VAT, address), and the customer's own details so the
+ * consumer can render or print the receipt without further API calls.
+ */
+interface TiquoReceipt {
+    order: TiquoReceiptOrder;
+    business: TiquoReceiptBusiness;
+    customer: TiquoReceiptCustomer;
+}
 interface TiquoBooking {
     id: string;
     bookingNumber: string;
@@ -391,7 +468,7 @@ interface TiquoEnquiry {
     updatedAt: string;
     firstResponseAt?: string;
     resolvedAt?: string;
-    customerRole: 'primary' | 'interested' | 'decision_maker' | 'influencer' | 'referrer' | 'other';
+    customerRole: 'primary' | 'attendee' | 'billing' | 'referrer' | 'other';
 }
 interface GetEnquiriesOptions {
     limit?: number;
@@ -418,6 +495,8 @@ declare class TiquoAuth {
     private refreshTimer;
     private isRefreshing;
     private visibilityHandler;
+    private iframeObserver;
+    private injectedIframes;
     private broadcastChannel;
     private tabId;
     private isProcessingTabSync;
@@ -459,15 +538,48 @@ declare class TiquoAuth {
      */
     onAuthStateChange(callback: AuthStateChangeCallback): () => void;
     /**
-     * Get the authenticated customer's order history
-     * Only returns orders for the logged-in customer
+     * Get the authenticated customer's order history.
+     *
+     * Returns orders across every status (draft, pending, processing, completed,
+     * cancelled, refunded, open_tab) — except `lost_cart`, which is internal
+     * marketing-recovery state and is never exposed to customers.
+     *
+     * Pass `status` to filter to a single status; pass `cursor` (an order id
+     * from a previous `nextCursor`) to paginate. Sorted most recent first.
      */
     getOrders(options?: GetOrdersOptions): Promise<GetOrdersResult>;
     /**
-     * Get the authenticated customer's booking history
-     * Only returns bookings for the logged-in customer
+     * Get the authenticated customer's booking history.
+     *
+     * Pass `upcoming: true` to limit to future bookings sorted soonest-first —
+     * the common case for rendering "Your upcoming bookings" on a logged-in
+     * customer dashboard. Without it, returns all bookings sorted most recent
+     * first.
      */
     getBookings(options?: GetBookingsOptions): Promise<GetBookingsResult>;
+    /**
+     * Convenience wrapper around `getBookings({ upcoming: true })` for the
+     * common "show me my upcoming bookings" case. Results are sorted
+     * soonest-first.
+     */
+    getUpcomingBookings(options?: Omit<GetBookingsOptions, 'upcoming'>): Promise<GetBookingsResult>;
+    /**
+     * Get a printable receipt for a single order owned by the authenticated
+     * customer. Only resolves for orders that are paid (full or partial),
+     * refunded, or completed — drafts and pending orders don't have a receipt
+     * yet and will throw `RECEIPT_NOT_AVAILABLE`.
+     *
+     * The returned payload bundles the order totals & items, the business's
+     * receipt branding (logo, VAT number, address), and the customer's own
+     * details so the consumer can render or print the receipt without further
+     * API calls.
+     *
+     * Throws `TiquoAuthError` with code:
+     *   - `RECEIPT_NOT_AVAILABLE` — order doesn't exist for this customer, or
+     *     it isn't paid/completed yet.
+     *   - `NOT_AUTHENTICATED` — no valid session.
+     */
+    getReceipt(orderId: string): Promise<TiquoReceipt>;
     /**
      * Get the authenticated customer's enquiry history
      * Only returns enquiries for the logged-in customer
@@ -490,6 +602,17 @@ declare class TiquoAuth {
         onLoad?: () => void;
         onError?: (error: Error) => void;
     }): Promise<HTMLIFrameElement>;
+    /**
+     * Automatically find and inject auth tokens into existing Tiquo booking
+     * iframes on the page. Also watches for iframes added later via
+     * MutationObserver. This enables token injection even when the site uses
+     * a static <iframe> embed snippet rather than embedCustomerFlow().
+     */
+    private autoInjectIframeTokens;
+    private scanAndInjectIframes;
+    private injectTokenIntoIframe;
+    private isTiquoEmbedUrl;
+    private observeNewIframes;
     /**
      * Get the current access token (for advanced use cases)
      */
@@ -552,6 +675,8 @@ declare function useTiquoAuth(auth: TiquoAuth): {
     updateProfile: (updates: ProfileUpdateData) => Promise<ProfileUpdateResult>;
     getOrders: (options?: GetOrdersOptions) => Promise<GetOrdersResult>;
     getBookings: (options?: GetBookingsOptions) => Promise<GetBookingsResult>;
+    getUpcomingBookings: (options?: Omit<GetBookingsOptions, "upcoming">) => Promise<GetBookingsResult>;
+    getReceipt: (orderId: string) => Promise<TiquoReceipt>;
     getEnquiries: (options?: GetEnquiriesOptions) => Promise<GetEnquiriesResult>;
     getIframeToken: (flowId?: string) => Promise<IframeTokenResult>;
     embedCustomerFlow: (flowUrl: string, container: HTMLElement | string, options?: {
@@ -615,4 +740,4 @@ declare class TiquoPhone {
     static buildPhone: typeof buildPhone;
 }
 
-export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };
+export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };

package/dist/index.d.ts

@@ -231,6 +231,9 @@ declare global {
             accessToken: string;
             refreshToken?: string;
         };
+        __tiquo_get_iframe_token?: () => Promise<{
+            token: string;
+        }>;
     }
 }
 interface TiquoUser {
@@ -322,6 +325,12 @@ interface TiquoOrderItem {
     total: number;
     type: 'product' | 'booking' | 'custom';
 }
+/**
+ * An order belonging to the authenticated customer.
+ *
+ * Note: abandoned `lost_cart` orders are never returned — they're internal
+ * marketing-recovery state, not part of the customer's purchase history.
+ */
 interface TiquoOrder {
     id: string;
     orderNumber: string;
@@ -334,7 +343,7 @@ interface TiquoOrder {
     items: TiquoOrderItem[];
     createdAt: number;
     completedAt?: number;
-    customerRole: 'primary' | 'attendee' | 'recipient' | 'billing' | 'guest' | 'other';
+    customerRole: 'primary' | 'attendee' | 'billing' | 'referrer' | 'other';
 }
 interface GetOrdersOptions {
     limit?: number;
@@ -346,6 +355,74 @@ interface GetOrdersResult {
     hasMore: boolean;
     nextCursor?: string;
 }
+interface TiquoReceiptItem {
+    id: string;
+    name: string;
+    quantity: number;
+    unitPrice: number;
+    subtotal: number;
+    tax: number;
+    discount: number;
+    total: number;
+    type: 'product' | 'booking' | 'custom' | 'membership';
+    specialInstructions?: string;
+}
+interface TiquoReceiptBusiness {
+    name?: string;
+    logo?: string;
+    brandName?: string;
+    primaryColor?: string;
+    vatNumber?: string;
+    address?: string;
+    city?: string;
+    postalCode?: string;
+    country?: string;
+    email?: string;
+    phone?: string;
+    sublocationName?: string;
+    locationName?: string;
+}
+interface TiquoReceiptCustomer {
+    id: string;
+    customerNumber: string;
+    displayName?: string;
+    email?: string;
+}
+interface TiquoReceiptOrder {
+    id: string;
+    orderNumber: string;
+    status: TiquoOrder['status'];
+    paymentStatus: TiquoOrder['paymentStatus'];
+    currency: string;
+    subtotal: number;
+    taxTotal: number;
+    /** "Tax Inclusive" or "Tax Exclusive" — controls how the receipt should render tax lines. */
+    taxSetting?: string;
+    discountTotal: number;
+    discountName?: string;
+    serviceChargeAmount?: number;
+    tipAmount?: number;
+    total: number;
+    refundAmount?: number;
+    refundedAt?: number;
+    paymentMethod?: string;
+    cardBrand?: string;
+    cardLast4?: string;
+    items: TiquoReceiptItem[];
+    createdAt: number;
+    completedAt?: number;
+}
+/**
+ * A printable receipt for a single paid/completed order owned by the
+ * authenticated customer. Combines order totals, line items, business
+ * branding (logo, VAT, address), and the customer's own details so the
+ * consumer can render or print the receipt without further API calls.
+ */
+interface TiquoReceipt {
+    order: TiquoReceiptOrder;
+    business: TiquoReceiptBusiness;
+    customer: TiquoReceiptCustomer;
+}
 interface TiquoBooking {
     id: string;
     bookingNumber: string;
@@ -391,7 +468,7 @@ interface TiquoEnquiry {
     updatedAt: string;
     firstResponseAt?: string;
     resolvedAt?: string;
-    customerRole: 'primary' | 'interested' | 'decision_maker' | 'influencer' | 'referrer' | 'other';
+    customerRole: 'primary' | 'attendee' | 'billing' | 'referrer' | 'other';
 }
 interface GetEnquiriesOptions {
     limit?: number;
@@ -418,6 +495,8 @@ declare class TiquoAuth {
     private refreshTimer;
     private isRefreshing;
     private visibilityHandler;
+    private iframeObserver;
+    private injectedIframes;
     private broadcastChannel;
     private tabId;
     private isProcessingTabSync;
@@ -459,15 +538,48 @@ declare class TiquoAuth {
      */
     onAuthStateChange(callback: AuthStateChangeCallback): () => void;
     /**
-     * Get the authenticated customer's order history
-     * Only returns orders for the logged-in customer
+     * Get the authenticated customer's order history.
+     *
+     * Returns orders across every status (draft, pending, processing, completed,
+     * cancelled, refunded, open_tab) — except `lost_cart`, which is internal
+     * marketing-recovery state and is never exposed to customers.
+     *
+     * Pass `status` to filter to a single status; pass `cursor` (an order id
+     * from a previous `nextCursor`) to paginate. Sorted most recent first.
      */
     getOrders(options?: GetOrdersOptions): Promise<GetOrdersResult>;
     /**
-     * Get the authenticated customer's booking history
-     * Only returns bookings for the logged-in customer
+     * Get the authenticated customer's booking history.
+     *
+     * Pass `upcoming: true` to limit to future bookings sorted soonest-first —
+     * the common case for rendering "Your upcoming bookings" on a logged-in
+     * customer dashboard. Without it, returns all bookings sorted most recent
+     * first.
      */
     getBookings(options?: GetBookingsOptions): Promise<GetBookingsResult>;
+    /**
+     * Convenience wrapper around `getBookings({ upcoming: true })` for the
+     * common "show me my upcoming bookings" case. Results are sorted
+     * soonest-first.
+     */
+    getUpcomingBookings(options?: Omit<GetBookingsOptions, 'upcoming'>): Promise<GetBookingsResult>;
+    /**
+     * Get a printable receipt for a single order owned by the authenticated
+     * customer. Only resolves for orders that are paid (full or partial),
+     * refunded, or completed — drafts and pending orders don't have a receipt
+     * yet and will throw `RECEIPT_NOT_AVAILABLE`.
+     *
+     * The returned payload bundles the order totals & items, the business's
+     * receipt branding (logo, VAT number, address), and the customer's own
+     * details so the consumer can render or print the receipt without further
+     * API calls.
+     *
+     * Throws `TiquoAuthError` with code:
+     *   - `RECEIPT_NOT_AVAILABLE` — order doesn't exist for this customer, or
+     *     it isn't paid/completed yet.
+     *   - `NOT_AUTHENTICATED` — no valid session.
+     */
+    getReceipt(orderId: string): Promise<TiquoReceipt>;
     /**
      * Get the authenticated customer's enquiry history
      * Only returns enquiries for the logged-in customer
@@ -490,6 +602,17 @@ declare class TiquoAuth {
         onLoad?: () => void;
         onError?: (error: Error) => void;
     }): Promise<HTMLIFrameElement>;
+    /**
+     * Automatically find and inject auth tokens into existing Tiquo booking
+     * iframes on the page. Also watches for iframes added later via
+     * MutationObserver. This enables token injection even when the site uses
+     * a static <iframe> embed snippet rather than embedCustomerFlow().
+     */
+    private autoInjectIframeTokens;
+    private scanAndInjectIframes;
+    private injectTokenIntoIframe;
+    private isTiquoEmbedUrl;
+    private observeNewIframes;
     /**
      * Get the current access token (for advanced use cases)
      */
@@ -552,6 +675,8 @@ declare function useTiquoAuth(auth: TiquoAuth): {
     updateProfile: (updates: ProfileUpdateData) => Promise<ProfileUpdateResult>;
     getOrders: (options?: GetOrdersOptions) => Promise<GetOrdersResult>;
     getBookings: (options?: GetBookingsOptions) => Promise<GetBookingsResult>;
+    getUpcomingBookings: (options?: Omit<GetBookingsOptions, "upcoming">) => Promise<GetBookingsResult>;
+    getReceipt: (orderId: string) => Promise<TiquoReceipt>;
     getEnquiries: (options?: GetEnquiriesOptions) => Promise<GetEnquiriesResult>;
     getIframeToken: (flowId?: string) => Promise<IframeTokenResult>;
     embedCustomerFlow: (flowUrl: string, container: HTMLElement | string, options?: {
@@ -615,4 +740,4 @@ declare class TiquoPhone {
     static buildPhone: typeof buildPhone;
 }
 
-export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };
+export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };

package/dist/index.js

@@ -712,6 +712,8 @@ var TiquoAuth = class {
     this.refreshTimer = null;
     this.isRefreshing = false;
     this.visibilityHandler = null;
+    this.iframeObserver = null;
+    this.injectedIframes = /* @__PURE__ */ new WeakSet();
     // Multi-tab sync
     this.broadcastChannel = null;
     this.isProcessingTabSync = false;
@@ -742,6 +744,7 @@ var TiquoAuth = class {
     this.checkForInjectedTokens();
     this.restoreTokens();
     this.initVisibilityHandler();
+    this.autoInjectIframeTokens();
   }
   // ============================================
   // PUBLIC METHODS
@@ -916,8 +919,14 @@ var TiquoAuth = class {
     };
   }
   /**
-   * Get the authenticated customer's order history
-   * Only returns orders for the logged-in customer
+   * Get the authenticated customer's order history.
+   *
+   * Returns orders across every status (draft, pending, processing, completed,
+   * cancelled, refunded, open_tab) — except `lost_cart`, which is internal
+   * marketing-recovery state and is never exposed to customers.
+   *
+   * Pass `status` to filter to a single status; pass `cursor` (an order id
+   * from a previous `nextCursor`) to paginate. Sorted most recent first.
    */
   async getOrders(options) {
     await this.ensureValidToken();
@@ -947,8 +956,12 @@ var TiquoAuth = class {
     return result.data || { orders: [], hasMore: false };
   }
   /**
-   * Get the authenticated customer's booking history
-   * Only returns bookings for the logged-in customer
+   * Get the authenticated customer's booking history.
+   *
+   * Pass `upcoming: true` to limit to future bookings sorted soonest-first —
+   * the common case for rendering "Your upcoming bookings" on a logged-in
+   * customer dashboard. Without it, returns all bookings sorted most recent
+   * first.
    */
   async getBookings(options) {
     await this.ensureValidToken();
@@ -980,6 +993,50 @@ var TiquoAuth = class {
     const result = await response.json();
     return result.data || { bookings: [], hasMore: false };
   }
+  /**
+   * Convenience wrapper around `getBookings({ upcoming: true })` for the
+   * common "show me my upcoming bookings" case. Results are sorted
+   * soonest-first.
+   */
+  async getUpcomingBookings(options) {
+    return this.getBookings({ ...options, upcoming: true });
+  }
+  /**
+   * Get a printable receipt for a single order owned by the authenticated
+   * customer. Only resolves for orders that are paid (full or partial),
+   * refunded, or completed — drafts and pending orders don't have a receipt
+   * yet and will throw `RECEIPT_NOT_AVAILABLE`.
+   *
+   * The returned payload bundles the order totals & items, the business's
+   * receipt branding (logo, VAT number, address), and the customer's own
+   * details so the consumer can render or print the receipt without further
+   * API calls.
+   *
+   * Throws `TiquoAuthError` with code:
+   *   - `RECEIPT_NOT_AVAILABLE` — order doesn't exist for this customer, or
+   *     it isn't paid/completed yet.
+   *   - `NOT_AUTHENTICATED` — no valid session.
+   */
+  async getReceipt(orderId) {
+    await this.ensureValidToken();
+    this.log("Fetching receipt for order:", orderId);
+    const url = new URL(`${this.config.apiEndpoint}/api/client/v1/receipt`);
+    url.searchParams.set("orderId", orderId);
+    const response = await fetch(url.toString(), {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${this.accessToken}`
+      },
+      credentials: "include"
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: "Failed to get receipt" }));
+      const code = response.status === 404 ? "RECEIPT_NOT_AVAILABLE" : "GET_RECEIPT_FAILED";
+      throw new TiquoAuthError(error.error || "Failed to get receipt", code, response.status);
+    }
+    const result = await response.json();
+    return result.data;
+  }
   /**
    * Get the authenticated customer's enquiry history
    * Only returns enquiries for the logged-in customer
@@ -1073,6 +1130,77 @@ var TiquoAuth = class {
     containerEl.appendChild(iframe);
     return iframe;
   }
+  /**
+   * Automatically find and inject auth tokens into existing Tiquo booking
+   * iframes on the page. Also watches for iframes added later via
+   * MutationObserver. This enables token injection even when the site uses
+   * a static <iframe> embed snippet rather than embedCustomerFlow().
+   */
+  autoInjectIframeTokens() {
+    if (typeof document === "undefined") return;
+    if (!this.accessToken) return;
+    if (typeof window !== "undefined") {
+      window.__tiquo_get_iframe_token = () => this.getIframeToken();
+    }
+    Promise.resolve().then(() => this.scanAndInjectIframes());
+    this.observeNewIframes();
+  }
+  async scanAndInjectIframes() {
+    if (!this.accessToken) return;
+    const iframes = document.querySelectorAll("iframe");
+    for (const iframe of iframes) {
+      await this.injectTokenIntoIframe(iframe);
+    }
+  }
+  async injectTokenIntoIframe(iframe) {
+    if (this.injectedIframes.has(iframe)) return;
+    const src = iframe.src || iframe.getAttribute("src") || "";
+    if (!src) return;
+    try {
+      const url = new URL(src, window.location.origin);
+      if (!this.isTiquoEmbedUrl(url)) return;
+      if (url.searchParams.has("_auth_token")) {
+        this.injectedIframes.add(iframe);
+        return;
+      }
+      const { token } = await this.getIframeToken();
+      url.searchParams.set("_auth_token", token);
+      this.injectedIframes.add(iframe);
+      iframe.src = url.toString();
+      this.log("Injected auth token into existing iframe:", url.pathname);
+    } catch (error) {
+      this.log("Failed to inject token into iframe:", error);
+    }
+  }
+  isTiquoEmbedUrl(url) {
+    const hostname = url.hostname;
+    const isTiquoHost = hostname === "book.tiquo.app" || hostname.endsWith(".tiquo.app") || hostname === "localhost";
+    return isTiquoHost && url.pathname.startsWith("/embed/");
+  }
+  observeNewIframes() {
+    if (typeof MutationObserver === "undefined") return;
+    if (this.iframeObserver) return;
+    this.iframeObserver = new MutationObserver((mutations) => {
+      if (!this.accessToken) return;
+      for (const mutation of mutations) {
+        for (const node of mutation.addedNodes) {
+          if (node instanceof HTMLIFrameElement) {
+            this.injectTokenIntoIframe(node);
+          }
+          if (node instanceof HTMLElement) {
+            const nested = node.querySelectorAll("iframe");
+            for (const iframe of nested) {
+              this.injectTokenIntoIframe(iframe);
+            }
+          }
+        }
+      }
+    });
+    this.iframeObserver.observe(document.body || document.documentElement, {
+      childList: true,
+      subtree: true
+    });
+  }
   /**
    * Get the current access token (for advanced use cases)
    */
@@ -1469,6 +1597,13 @@ var TiquoAuth = class {
       this.broadcastChannel.close();
       this.broadcastChannel = null;
     }
+    if (this.iframeObserver) {
+      this.iframeObserver.disconnect();
+      this.iframeObserver = null;
+    }
+    if (typeof window !== "undefined") {
+      delete window.__tiquo_get_iframe_token;
+    }
     this.listeners.clear();
   }
 };
@@ -1501,6 +1636,8 @@ function useTiquoAuth(auth) {
     updateProfile: (updates) => auth.updateProfile(updates),
     getOrders: (options) => auth.getOrders(options),
     getBookings: (options) => auth.getBookings(options),
+    getUpcomingBookings: (options) => auth.getUpcomingBookings(options),
+    getReceipt: (orderId) => auth.getReceipt(orderId),
     getEnquiries: (options) => auth.getEnquiries(options),
     getIframeToken: (flowId) => auth.getIframeToken(flowId),
     embedCustomerFlow: auth.embedCustomerFlow.bind(auth),

package/dist/index.mjs

@@ -676,6 +676,8 @@ var TiquoAuth = class {
     this.refreshTimer = null;
     this.isRefreshing = false;
     this.visibilityHandler = null;
+    this.iframeObserver = null;
+    this.injectedIframes = /* @__PURE__ */ new WeakSet();
     // Multi-tab sync
     this.broadcastChannel = null;
     this.isProcessingTabSync = false;
@@ -706,6 +708,7 @@ var TiquoAuth = class {
     this.checkForInjectedTokens();
     this.restoreTokens();
     this.initVisibilityHandler();
+    this.autoInjectIframeTokens();
   }
   // ============================================
   // PUBLIC METHODS
@@ -880,8 +883,14 @@ var TiquoAuth = class {
     };
   }
   /**
-   * Get the authenticated customer's order history
-   * Only returns orders for the logged-in customer
+   * Get the authenticated customer's order history.
+   *
+   * Returns orders across every status (draft, pending, processing, completed,
+   * cancelled, refunded, open_tab) — except `lost_cart`, which is internal
+   * marketing-recovery state and is never exposed to customers.
+   *
+   * Pass `status` to filter to a single status; pass `cursor` (an order id
+   * from a previous `nextCursor`) to paginate. Sorted most recent first.
    */
   async getOrders(options) {
     await this.ensureValidToken();
@@ -911,8 +920,12 @@ var TiquoAuth = class {
     return result.data || { orders: [], hasMore: false };
   }
   /**
-   * Get the authenticated customer's booking history
-   * Only returns bookings for the logged-in customer
+   * Get the authenticated customer's booking history.
+   *
+   * Pass `upcoming: true` to limit to future bookings sorted soonest-first —
+   * the common case for rendering "Your upcoming bookings" on a logged-in
+   * customer dashboard. Without it, returns all bookings sorted most recent
+   * first.
    */
   async getBookings(options) {
     await this.ensureValidToken();
@@ -944,6 +957,50 @@ var TiquoAuth = class {
     const result = await response.json();
     return result.data || { bookings: [], hasMore: false };
   }
+  /**
+   * Convenience wrapper around `getBookings({ upcoming: true })` for the
+   * common "show me my upcoming bookings" case. Results are sorted
+   * soonest-first.
+   */
+  async getUpcomingBookings(options) {
+    return this.getBookings({ ...options, upcoming: true });
+  }
+  /**
+   * Get a printable receipt for a single order owned by the authenticated
+   * customer. Only resolves for orders that are paid (full or partial),
+   * refunded, or completed — drafts and pending orders don't have a receipt
+   * yet and will throw `RECEIPT_NOT_AVAILABLE`.
+   *
+   * The returned payload bundles the order totals & items, the business's
+   * receipt branding (logo, VAT number, address), and the customer's own
+   * details so the consumer can render or print the receipt without further
+   * API calls.
+   *
+   * Throws `TiquoAuthError` with code:
+   *   - `RECEIPT_NOT_AVAILABLE` — order doesn't exist for this customer, or
+   *     it isn't paid/completed yet.
+   *   - `NOT_AUTHENTICATED` — no valid session.
+   */
+  async getReceipt(orderId) {
+    await this.ensureValidToken();
+    this.log("Fetching receipt for order:", orderId);
+    const url = new URL(`${this.config.apiEndpoint}/api/client/v1/receipt`);
+    url.searchParams.set("orderId", orderId);
+    const response = await fetch(url.toString(), {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${this.accessToken}`
+      },
+      credentials: "include"
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: "Failed to get receipt" }));
+      const code = response.status === 404 ? "RECEIPT_NOT_AVAILABLE" : "GET_RECEIPT_FAILED";
+      throw new TiquoAuthError(error.error || "Failed to get receipt", code, response.status);
+    }
+    const result = await response.json();
+    return result.data;
+  }
   /**
    * Get the authenticated customer's enquiry history
    * Only returns enquiries for the logged-in customer
@@ -1037,6 +1094,77 @@ var TiquoAuth = class {
     containerEl.appendChild(iframe);
     return iframe;
   }
+  /**
+   * Automatically find and inject auth tokens into existing Tiquo booking
+   * iframes on the page. Also watches for iframes added later via
+   * MutationObserver. This enables token injection even when the site uses
+   * a static <iframe> embed snippet rather than embedCustomerFlow().
+   */
+  autoInjectIframeTokens() {
+    if (typeof document === "undefined") return;
+    if (!this.accessToken) return;
+    if (typeof window !== "undefined") {
+      window.__tiquo_get_iframe_token = () => this.getIframeToken();
+    }
+    Promise.resolve().then(() => this.scanAndInjectIframes());
+    this.observeNewIframes();
+  }
+  async scanAndInjectIframes() {
+    if (!this.accessToken) return;
+    const iframes = document.querySelectorAll("iframe");
+    for (const iframe of iframes) {
+      await this.injectTokenIntoIframe(iframe);
+    }
+  }
+  async injectTokenIntoIframe(iframe) {
+    if (this.injectedIframes.has(iframe)) return;
+    const src = iframe.src || iframe.getAttribute("src") || "";
+    if (!src) return;
+    try {
+      const url = new URL(src, window.location.origin);
+      if (!this.isTiquoEmbedUrl(url)) return;
+      if (url.searchParams.has("_auth_token")) {
+        this.injectedIframes.add(iframe);
+        return;
+      }
+      const { token } = await this.getIframeToken();
+      url.searchParams.set("_auth_token", token);
+      this.injectedIframes.add(iframe);
+      iframe.src = url.toString();
+      this.log("Injected auth token into existing iframe:", url.pathname);
+    } catch (error) {
+      this.log("Failed to inject token into iframe:", error);
+    }
+  }
+  isTiquoEmbedUrl(url) {
+    const hostname = url.hostname;
+    const isTiquoHost = hostname === "book.tiquo.app" || hostname.endsWith(".tiquo.app") || hostname === "localhost";
+    return isTiquoHost && url.pathname.startsWith("/embed/");
+  }
+  observeNewIframes() {
+    if (typeof MutationObserver === "undefined") return;
+    if (this.iframeObserver) return;
+    this.iframeObserver = new MutationObserver((mutations) => {
+      if (!this.accessToken) return;
+      for (const mutation of mutations) {
+        for (const node of mutation.addedNodes) {
+          if (node instanceof HTMLIFrameElement) {
+            this.injectTokenIntoIframe(node);
+          }
+          if (node instanceof HTMLElement) {
+            const nested = node.querySelectorAll("iframe");
+            for (const iframe of nested) {
+              this.injectTokenIntoIframe(iframe);
+            }
+          }
+        }
+      }
+    });
+    this.iframeObserver.observe(document.body || document.documentElement, {
+      childList: true,
+      subtree: true
+    });
+  }
   /**
    * Get the current access token (for advanced use cases)
    */
@@ -1433,6 +1561,13 @@ var TiquoAuth = class {
       this.broadcastChannel.close();
       this.broadcastChannel = null;
     }
+    if (this.iframeObserver) {
+      this.iframeObserver.disconnect();
+      this.iframeObserver = null;
+    }
+    if (typeof window !== "undefined") {
+      delete window.__tiquo_get_iframe_token;
+    }
     this.listeners.clear();
   }
 };
@@ -1465,6 +1600,8 @@ function useTiquoAuth(auth) {
     updateProfile: (updates) => auth.updateProfile(updates),
     getOrders: (options) => auth.getOrders(options),
     getBookings: (options) => auth.getBookings(options),
+    getUpcomingBookings: (options) => auth.getUpcomingBookings(options),
+    getReceipt: (orderId) => auth.getReceipt(orderId),
     getEnquiries: (options) => auth.getEnquiries(options),
     getIframeToken: (flowId) => auth.getIframeToken(flowId),
     embedCustomerFlow: auth.embedCustomerFlow.bind(auth),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tiquo/dom-package",
-  "version": "1.3.2",
+  "version": "1.4.0",
   "description": "Tiquo SDK for third-party websites - authentication, customer profiles, orders, bookings, and enquiries",
   "sideEffects": true,
   "publishConfig": {