@tiquo/dom-package 1.5.0 → 1.5.1

package/README.md

@@ -137,12 +137,24 @@ const result = await auth.updateProfile({
 console.log(result.customer.firstName); // 'John'
 ```
 
+Profile photos can be passed as a URL, a browser `File`/`Blob`, or a `data:image/...`/`blob:...` URI:
+
+```typescript
+const file = fileInput.files?.[0];
+if (file) {
+  await auth.updateProfile({ profilePhoto: file });
+}
+
+// Or upload just the photo:
+await auth.uploadProfilePhoto(file);
+```
+
 **Available fields:**
 - `firstName` - Customer's first name
 - `lastName` - Customer's last name
 - `displayName` - Display name (nickname)
 - `phone` - Primary phone number (E.164 format recommended: `+[country code][number]`)
-- `profilePhoto` - URL to profile photo
+- `profilePhoto` - URL, File/Blob, or `data:image/...`/`blob:...` URI for profile photo
 - `phones` - Full phone list (array of `{ number, isPrimary, order }`)
 
 > **Important:** Phone numbers should include a country code (e.g., `+1` for US, `+44` for UK). Use `TiquoPhone.buildPhone()` to construct properly formatted numbers from a country selector + national number input. See [Phone Number Utilities](#phone-number-utilities) below.

package/dist/index.d.mts

@@ -209,6 +209,18 @@ declare function buildPhone(countryCode: string, nationalNumber: string): string
  * ```
  */
 
+declare class TiquoCMS {
+    private config;
+    constructor(config: TiquoCMSConfig);
+    /**
+     * Fetch a published CMS page for the website attached to this public key.
+     *
+     * This intentionally goes through the Tiquo edge API rather than exposing
+     * Convex connection details to the consuming website.
+     */
+    getPage(request: TiquoCMSPageRequest): Promise<TiquoCMSPage | null>;
+    private log;
+}
 interface TiquoAuthConfig {
     /** Public key from your Tiquo Auth DOM settings */
     publicKey: string;
@@ -225,6 +237,53 @@ interface TiquoAuthConfig {
     /** Pre-authenticated refresh token (for WebView injection from native apps) */
     refreshToken?: string;
 }
+interface TiquoCMSConfig {
+    /** Public key from your Tiquo Auth DOM settings */
+    publicKey: string;
+    /** API endpoint (defaults to production) */
+    apiEndpoint?: string;
+    /** Enable debug logging */
+    debug?: boolean;
+}
+interface TiquoCMSPageRequest {
+    /** CMS website slug */
+    siteSlug: string;
+    /** CMS page slug, defaults to "home" */
+    pageSlug?: string;
+    /** Optional template contract guard */
+    templateId?: string;
+}
+interface TiquoCMSBlock {
+    id: string;
+    type: string;
+    props: Record<string, unknown>;
+    locked?: boolean;
+    lockedBy?: string;
+    required?: boolean;
+}
+interface TiquoCMSPage {
+    id: string;
+    site: {
+        id: string;
+        name: string;
+        slug?: string;
+        templateId?: string;
+        templateVersion?: number;
+        globalConfig?: unknown;
+    };
+    page: {
+        id: string;
+        title: string;
+        slug: string;
+        path: string;
+        blocks: TiquoCMSBlock[];
+        settings?: unknown;
+        metaTitle?: string;
+        metaDescription?: string;
+        publishedAt?: number;
+        updatedAt: number;
+    };
+}
 declare global {
     interface Window {
         __TIQUO_INIT_TOKEN__?: {
@@ -305,7 +364,13 @@ interface ProfileUpdateData {
      * for country+national input, or TiquoPhone.validate() to pre-check.
      */
     phone?: string;
-    profilePhoto?: string;
+    /**
+     * URL to a profile photo, a data/blob URI, or a browser File/Blob.
+     *
+     * File/Blob and data/blob URI values are uploaded to Tiquo storage before the
+     * profile is updated. Remote URLs are stored as-is.
+     */
+    profilePhoto?: string | Blob;
     emails?: TiquoCustomerEmail[];
     /**
      * Full phone list. Each number should be in E.164 format: +[country code][number].
@@ -317,6 +382,10 @@ interface ProfileUpdateResult {
     success: boolean;
     customer: TiquoCustomer;
 }
+interface ProfilePhotoUploadResult extends ProfileUpdateResult {
+    profilePhoto: string;
+    storageId: string;
+}
 interface TiquoOrderItem {
     id: string;
     name: string;
@@ -615,6 +684,14 @@ declare class TiquoAuth {
      * to construct from a country selector and national number.
      */
     updateProfile(updates: ProfileUpdateData): Promise<ProfileUpdateResult>;
+    /**
+     * Upload and save the authenticated customer's profile photo.
+     *
+     * Accepts a browser File/Blob, `data:image/...` URI, or `blob:...` URI. The
+     * image is uploaded to Tiquo storage first, and the customer profile is
+     * updated with the URL.
+     */
+    uploadProfilePhoto(photo: Blob | string): Promise<ProfilePhotoUploadResult>;
     /**
      * Log out the current user
      */
@@ -747,6 +824,9 @@ declare class TiquoAuth {
      * Check for tokens injected by native apps (WebView integration)
      */
     private checkForInjectedTokens;
+    private extractUploadableProfilePhoto;
+    private isProfilePhotoBlobUrl;
+    private profilePhotoToBlob;
     private request;
     /**
      * Ensure we have a valid access token, refreshing if necessary
@@ -791,6 +871,7 @@ declare function useTiquoAuth(auth: TiquoAuth): {
     verifyOTP: (email: string, otp: string) => Promise<VerifyOTPResult>;
     logout: () => Promise<void>;
     updateProfile: (updates: ProfileUpdateData) => Promise<ProfileUpdateResult>;
+    uploadProfilePhoto: (photo: Blob | string) => Promise<ProfilePhotoUploadResult>;
     getOrders: (options?: GetOrdersOptions) => Promise<GetOrdersResult>;
     getBookings: (options?: GetBookingsOptions) => Promise<GetBookingsResult>;
     getUpcomingBookings: (options?: Omit<GetBookingsOptions, "upcoming">) => Promise<GetBookingsResult>;
@@ -860,4 +941,4 @@ declare class TiquoPhone {
     static buildPhone: typeof buildPhone;
 }
 
-export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetCompaniesResult, type GetCompanyColleaguesResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, type TiquoCompany, type TiquoCompanyColleague, type TiquoCompanyMembership, type TiquoCompanyRelationship, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };
+export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetCompaniesResult, type GetCompanyColleaguesResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfilePhotoUploadResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, TiquoCMS, type TiquoCMSBlock, type TiquoCMSConfig, type TiquoCMSPage, type TiquoCMSPageRequest, type TiquoCompany, type TiquoCompanyColleague, type TiquoCompanyMembership, type TiquoCompanyRelationship, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };

package/dist/index.d.ts

@@ -209,6 +209,18 @@ declare function buildPhone(countryCode: string, nationalNumber: string): string
  * ```
  */
 
+declare class TiquoCMS {
+    private config;
+    constructor(config: TiquoCMSConfig);
+    /**
+     * Fetch a published CMS page for the website attached to this public key.
+     *
+     * This intentionally goes through the Tiquo edge API rather than exposing
+     * Convex connection details to the consuming website.
+     */
+    getPage(request: TiquoCMSPageRequest): Promise<TiquoCMSPage | null>;
+    private log;
+}
 interface TiquoAuthConfig {
     /** Public key from your Tiquo Auth DOM settings */
     publicKey: string;
@@ -225,6 +237,53 @@ interface TiquoAuthConfig {
     /** Pre-authenticated refresh token (for WebView injection from native apps) */
     refreshToken?: string;
 }
+interface TiquoCMSConfig {
+    /** Public key from your Tiquo Auth DOM settings */
+    publicKey: string;
+    /** API endpoint (defaults to production) */
+    apiEndpoint?: string;
+    /** Enable debug logging */
+    debug?: boolean;
+}
+interface TiquoCMSPageRequest {
+    /** CMS website slug */
+    siteSlug: string;
+    /** CMS page slug, defaults to "home" */
+    pageSlug?: string;
+    /** Optional template contract guard */
+    templateId?: string;
+}
+interface TiquoCMSBlock {
+    id: string;
+    type: string;
+    props: Record<string, unknown>;
+    locked?: boolean;
+    lockedBy?: string;
+    required?: boolean;
+}
+interface TiquoCMSPage {
+    id: string;
+    site: {
+        id: string;
+        name: string;
+        slug?: string;
+        templateId?: string;
+        templateVersion?: number;
+        globalConfig?: unknown;
+    };
+    page: {
+        id: string;
+        title: string;
+        slug: string;
+        path: string;
+        blocks: TiquoCMSBlock[];
+        settings?: unknown;
+        metaTitle?: string;
+        metaDescription?: string;
+        publishedAt?: number;
+        updatedAt: number;
+    };
+}
 declare global {
     interface Window {
         __TIQUO_INIT_TOKEN__?: {
@@ -305,7 +364,13 @@ interface ProfileUpdateData {
      * for country+national input, or TiquoPhone.validate() to pre-check.
      */
     phone?: string;
-    profilePhoto?: string;
+    /**
+     * URL to a profile photo, a data/blob URI, or a browser File/Blob.
+     *
+     * File/Blob and data/blob URI values are uploaded to Tiquo storage before the
+     * profile is updated. Remote URLs are stored as-is.
+     */
+    profilePhoto?: string | Blob;
     emails?: TiquoCustomerEmail[];
     /**
      * Full phone list. Each number should be in E.164 format: +[country code][number].
@@ -317,6 +382,10 @@ interface ProfileUpdateResult {
     success: boolean;
     customer: TiquoCustomer;
 }
+interface ProfilePhotoUploadResult extends ProfileUpdateResult {
+    profilePhoto: string;
+    storageId: string;
+}
 interface TiquoOrderItem {
     id: string;
     name: string;
@@ -615,6 +684,14 @@ declare class TiquoAuth {
      * to construct from a country selector and national number.
      */
     updateProfile(updates: ProfileUpdateData): Promise<ProfileUpdateResult>;
+    /**
+     * Upload and save the authenticated customer's profile photo.
+     *
+     * Accepts a browser File/Blob, `data:image/...` URI, or `blob:...` URI. The
+     * image is uploaded to Tiquo storage first, and the customer profile is
+     * updated with the URL.
+     */
+    uploadProfilePhoto(photo: Blob | string): Promise<ProfilePhotoUploadResult>;
     /**
      * Log out the current user
      */
@@ -747,6 +824,9 @@ declare class TiquoAuth {
      * Check for tokens injected by native apps (WebView integration)
      */
     private checkForInjectedTokens;
+    private extractUploadableProfilePhoto;
+    private isProfilePhotoBlobUrl;
+    private profilePhotoToBlob;
     private request;
     /**
      * Ensure we have a valid access token, refreshing if necessary
@@ -791,6 +871,7 @@ declare function useTiquoAuth(auth: TiquoAuth): {
     verifyOTP: (email: string, otp: string) => Promise<VerifyOTPResult>;
     logout: () => Promise<void>;
     updateProfile: (updates: ProfileUpdateData) => Promise<ProfileUpdateResult>;
+    uploadProfilePhoto: (photo: Blob | string) => Promise<ProfilePhotoUploadResult>;
     getOrders: (options?: GetOrdersOptions) => Promise<GetOrdersResult>;
     getBookings: (options?: GetBookingsOptions) => Promise<GetBookingsResult>;
     getUpcomingBookings: (options?: Omit<GetBookingsOptions, "upcoming">) => Promise<GetBookingsResult>;
@@ -860,4 +941,4 @@ declare class TiquoPhone {
     static buildPhone: typeof buildPhone;
 }
 
-export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetCompaniesResult, type GetCompanyColleaguesResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, type TiquoCompany, type TiquoCompanyColleague, type TiquoCompanyMembership, type TiquoCompanyRelationship, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };
+export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetCompaniesResult, type GetCompanyColleaguesResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfilePhotoUploadResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, TiquoCMS, type TiquoCMSBlock, type TiquoCMSConfig, type TiquoCMSPage, type TiquoCMSPageRequest, type TiquoCompany, type TiquoCompanyColleague, type TiquoCompanyMembership, type TiquoCompanyRelationship, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };

package/dist/index.js

@@ -22,6 +22,7 @@ var index_exports = {};
 __export(index_exports, {
   TiquoAuth: () => TiquoAuth,
   TiquoAuthError: () => TiquoAuthError,
+  TiquoCMS: () => TiquoCMS,
   TiquoPhone: () => TiquoPhone,
   addCustomerUserId: () => addCustomerUserId,
   clearCachedEmail: () => clearCachedEmail,
@@ -677,6 +678,68 @@ function printTiquoBranding() {
   }
 }
 printTiquoBranding();
+var TiquoCMS = class {
+  constructor(config) {
+    if (!config.publicKey) {
+      throw new TiquoAuthError("publicKey is required", "MISSING_PUBLIC_KEY");
+    }
+    if (!config.publicKey.startsWith("pk_dom_")) {
+      throw new TiquoAuthError(
+        "Invalid public key format. Expected pk_dom_xxx",
+        "INVALID_PUBLIC_KEY"
+      );
+    }
+    this.config = {
+      publicKey: config.publicKey,
+      apiEndpoint: config.apiEndpoint || "https://edge.tiquo.app",
+      debug: config.debug || false
+    };
+  }
+  /**
+   * Fetch a published CMS page for the website attached to this public key.
+   *
+   * This intentionally goes through the Tiquo edge API rather than exposing
+   * Convex connection details to the consuming website.
+   */
+  async getPage(request) {
+    const response = await fetch(`${this.config.apiEndpoint}/api/dom-cms/page`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "text/plain;charset=UTF-8"
+      },
+      credentials: "include",
+      body: JSON.stringify({
+        publicKey: this.config.publicKey,
+        siteSlug: request.siteSlug,
+        pageSlug: request.pageSlug || "home",
+        templateId: request.templateId
+      })
+    });
+    if (response.status === 404) {
+      return null;
+    }
+    if (!response.ok) {
+      let message = "Failed to fetch CMS page";
+      try {
+        const error = await response.json();
+        if (typeof error?.error === "string") message = error.error;
+      } catch {
+      }
+      throw new TiquoAuthError(message, "CMS_PAGE_FETCH_FAILED", response.status);
+    }
+    const result = await response.json();
+    if (!result?.success || !result?.data) {
+      return null;
+    }
+    this.log("Fetched CMS page", request.siteSlug, request.pageSlug || "home");
+    return result.data;
+  }
+  log(...args) {
+    if (this.config.debug) {
+      console.log("[TiquoCMS]", ...args);
+    }
+  }
+};
 var TiquoAuthError = class extends Error {
   constructor(message, code, statusCode) {
     super(message);
@@ -843,6 +906,10 @@ var TiquoAuth = class {
   async updateProfile(updates) {
     await this.ensureValidToken();
     const normalizedUpdates = { ...updates };
+    const profilePhotoUpload = this.extractUploadableProfilePhoto(normalizedUpdates.profilePhoto);
+    if (profilePhotoUpload) {
+      delete normalizedUpdates.profilePhoto;
+    }
     if (normalizedUpdates.phone !== void 0 && normalizedUpdates.phone !== "") {
       const normalized = normalizePhone(normalizedUpdates.phone);
       const validation = validatePhone(normalizedUpdates.phone);
@@ -865,26 +932,109 @@ var TiquoAuth = class {
       });
     }
     this.log("Updating customer profile:", normalizedUpdates);
-    const response = await this.request("/api/client/v1/profile", {
-      method: "PATCH",
-      body: JSON.stringify(normalizedUpdates)
+    let customer = this.session?.customer || void 0;
+    if (Object.keys(normalizedUpdates).length > 0) {
+      const response = await this.request("/api/client/v1/profile", {
+        method: "PATCH",
+        body: JSON.stringify(normalizedUpdates)
+      });
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({ error: "Failed to update profile" }));
+        throw new TiquoAuthError(error.error || "Failed to update profile", "PROFILE_UPDATE_FAILED", response.status);
+      }
+      const result = await response.json();
+      if (this.session && result.data?.customer) {
+        this.session = {
+          ...this.session,
+          customer: result.data.customer
+        };
+        this.notifyListeners();
+        this.broadcastTabSync("SESSION_UPDATE");
+      }
+      customer = result.data?.customer;
+    }
+    if (profilePhotoUpload) {
+      return this.uploadProfilePhoto(profilePhotoUpload);
+    }
+    return {
+      success: true,
+      customer
+    };
+  }
+  /**
+   * Upload and save the authenticated customer's profile photo.
+   *
+   * Accepts a browser File/Blob, `data:image/...` URI, or `blob:...` URI. The
+   * image is uploaded to Tiquo storage first, and the customer profile is
+   * updated with the URL.
+   */
+  async uploadProfilePhoto(photo) {
+    await this.ensureValidToken();
+    const blob = await this.profilePhotoToBlob(photo);
+    if (!blob.type.startsWith("image/")) {
+      throw new TiquoAuthError("Profile photo must be an image", "INVALID_PROFILE_PHOTO");
+    }
+    const uploadUrlResponse = await this.request("/api/client/v1/profile/photo-upload-url", {
+      method: "POST",
+      body: JSON.stringify({})
     });
-    if (!response.ok) {
-      const error = await response.json().catch(() => ({ error: "Failed to update profile" }));
-      throw new TiquoAuthError(error.error || "Failed to update profile", "PROFILE_UPDATE_FAILED", response.status);
+    if (!uploadUrlResponse.ok) {
+      const error = await uploadUrlResponse.json().catch(() => ({ error: "Failed to create profile photo upload URL" }));
+      throw new TiquoAuthError(
+        error.error || "Failed to create profile photo upload URL",
+        "PROFILE_PHOTO_UPLOAD_URL_FAILED",
+        uploadUrlResponse.status
+      );
     }
-    const result = await response.json();
-    if (this.session && result.data?.customer) {
+    const uploadUrlResult = await uploadUrlResponse.json();
+    const uploadUrl = uploadUrlResult.data?.uploadUrl;
+    if (!uploadUrl) {
+      throw new TiquoAuthError("Profile photo upload URL was missing", "PROFILE_PHOTO_UPLOAD_URL_FAILED");
+    }
+    const uploadResponse = await fetch(uploadUrl, {
+      method: "POST",
+      headers: { "Content-Type": blob.type },
+      body: blob
+    });
+    if (!uploadResponse.ok) {
+      throw new TiquoAuthError("Failed to upload profile photo", "PROFILE_PHOTO_UPLOAD_FAILED", uploadResponse.status);
+    }
+    const uploadResult = await uploadResponse.json();
+    const storageId = uploadResult.storageId;
+    if (!storageId) {
+      throw new TiquoAuthError("Profile photo storage ID was missing", "PROFILE_PHOTO_UPLOAD_FAILED");
+    }
+    const finalizeResponse = await this.request("/api/client/v1/profile/photo", {
+      method: "POST",
+      body: JSON.stringify({ storageId })
+    });
+    if (!finalizeResponse.ok) {
+      const error = await finalizeResponse.json().catch(() => ({ error: "Failed to update profile photo" }));
+      throw new TiquoAuthError(
+        error.error || "Failed to update profile photo",
+        "PROFILE_PHOTO_UPDATE_FAILED",
+        finalizeResponse.status
+      );
+    }
+    const finalizeResult = await finalizeResponse.json();
+    const customer = finalizeResult.data?.customer;
+    const profilePhoto = finalizeResult.data?.profilePhoto;
+    if (!customer || !profilePhoto) {
+      throw new TiquoAuthError("Profile photo update response was incomplete", "PROFILE_PHOTO_UPDATE_FAILED");
+    }
+    if (this.session && customer) {
       this.session = {
         ...this.session,
-        customer: result.data.customer
+        customer
       };
       this.notifyListeners();
       this.broadcastTabSync("SESSION_UPDATE");
     }
     return {
       success: true,
-      customer: result.data?.customer
+      customer,
+      profilePhoto,
+      storageId
     };
   }
   /**
@@ -1326,6 +1476,37 @@ var TiquoAuth = class {
       }
     }
   }
+  extractUploadableProfilePhoto(profilePhoto) {
+    if (typeof Blob !== "undefined" && profilePhoto instanceof Blob) {
+      return profilePhoto;
+    }
+    if (typeof profilePhoto === "string") {
+      const trimmed = profilePhoto.trim();
+      if (trimmed.startsWith("data:") || trimmed.startsWith("blob:")) {
+        return trimmed;
+      }
+    }
+    return null;
+  }
+  isProfilePhotoBlobUrl(photo) {
+    return photo.trim().startsWith("data:") || photo.trim().startsWith("blob:");
+  }
+  async profilePhotoToBlob(photo) {
+    if (typeof Blob !== "undefined" && photo instanceof Blob) {
+      return photo;
+    }
+    if (typeof photo === "string" && this.isProfilePhotoBlobUrl(photo)) {
+      const response = await fetch(photo);
+      if (!response.ok) {
+        throw new TiquoAuthError("Failed to read profile photo URI", "INVALID_PROFILE_PHOTO");
+      }
+      return response.blob();
+    }
+    throw new TiquoAuthError(
+      "uploadProfilePhoto expects a File, Blob, data URI, or blob URI. Use updateProfile({ profilePhoto: url }) for remote URLs.",
+      "INVALID_PROFILE_PHOTO"
+    );
+  }
   async request(path, options) {
     const url = `${this.config.apiEndpoint}${path}`;
     const headers = {
@@ -1701,6 +1882,7 @@ function useTiquoAuth(auth) {
     verifyOTP: (email, otp) => auth.verifyOTP(email, otp),
     logout: () => auth.logout(),
     updateProfile: (updates) => auth.updateProfile(updates),
+    uploadProfilePhoto: (photo) => auth.uploadProfilePhoto(photo),
     getOrders: (options) => auth.getOrders(options),
     getBookings: (options) => auth.getBookings(options),
     getUpcomingBookings: (options) => auth.getUpcomingBookings(options),
@@ -1734,6 +1916,7 @@ var index_default = TiquoAuth;
 0 && (module.exports = {
   TiquoAuth,
   TiquoAuthError,
+  TiquoCMS,
   TiquoPhone,
   addCustomerUserId,
   clearCachedEmail,

package/dist/index.mjs

@@ -641,6 +641,68 @@ function printTiquoBranding() {
   }
 }
 printTiquoBranding();
+var TiquoCMS = class {
+  constructor(config) {
+    if (!config.publicKey) {
+      throw new TiquoAuthError("publicKey is required", "MISSING_PUBLIC_KEY");
+    }
+    if (!config.publicKey.startsWith("pk_dom_")) {
+      throw new TiquoAuthError(
+        "Invalid public key format. Expected pk_dom_xxx",
+        "INVALID_PUBLIC_KEY"
+      );
+    }
+    this.config = {
+      publicKey: config.publicKey,
+      apiEndpoint: config.apiEndpoint || "https://edge.tiquo.app",
+      debug: config.debug || false
+    };
+  }
+  /**
+   * Fetch a published CMS page for the website attached to this public key.
+   *
+   * This intentionally goes through the Tiquo edge API rather than exposing
+   * Convex connection details to the consuming website.
+   */
+  async getPage(request) {
+    const response = await fetch(`${this.config.apiEndpoint}/api/dom-cms/page`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "text/plain;charset=UTF-8"
+      },
+      credentials: "include",
+      body: JSON.stringify({
+        publicKey: this.config.publicKey,
+        siteSlug: request.siteSlug,
+        pageSlug: request.pageSlug || "home",
+        templateId: request.templateId
+      })
+    });
+    if (response.status === 404) {
+      return null;
+    }
+    if (!response.ok) {
+      let message = "Failed to fetch CMS page";
+      try {
+        const error = await response.json();
+        if (typeof error?.error === "string") message = error.error;
+      } catch {
+      }
+      throw new TiquoAuthError(message, "CMS_PAGE_FETCH_FAILED", response.status);
+    }
+    const result = await response.json();
+    if (!result?.success || !result?.data) {
+      return null;
+    }
+    this.log("Fetched CMS page", request.siteSlug, request.pageSlug || "home");
+    return result.data;
+  }
+  log(...args) {
+    if (this.config.debug) {
+      console.log("[TiquoCMS]", ...args);
+    }
+  }
+};
 var TiquoAuthError = class extends Error {
   constructor(message, code, statusCode) {
     super(message);
@@ -807,6 +869,10 @@ var TiquoAuth = class {
   async updateProfile(updates) {
     await this.ensureValidToken();
     const normalizedUpdates = { ...updates };
+    const profilePhotoUpload = this.extractUploadableProfilePhoto(normalizedUpdates.profilePhoto);
+    if (profilePhotoUpload) {
+      delete normalizedUpdates.profilePhoto;
+    }
     if (normalizedUpdates.phone !== void 0 && normalizedUpdates.phone !== "") {
       const normalized = normalizePhone(normalizedUpdates.phone);
       const validation = validatePhone(normalizedUpdates.phone);
@@ -829,26 +895,109 @@ var TiquoAuth = class {
       });
     }
     this.log("Updating customer profile:", normalizedUpdates);
-    const response = await this.request("/api/client/v1/profile", {
-      method: "PATCH",
-      body: JSON.stringify(normalizedUpdates)
+    let customer = this.session?.customer || void 0;
+    if (Object.keys(normalizedUpdates).length > 0) {
+      const response = await this.request("/api/client/v1/profile", {
+        method: "PATCH",
+        body: JSON.stringify(normalizedUpdates)
+      });
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({ error: "Failed to update profile" }));
+        throw new TiquoAuthError(error.error || "Failed to update profile", "PROFILE_UPDATE_FAILED", response.status);
+      }
+      const result = await response.json();
+      if (this.session && result.data?.customer) {
+        this.session = {
+          ...this.session,
+          customer: result.data.customer
+        };
+        this.notifyListeners();
+        this.broadcastTabSync("SESSION_UPDATE");
+      }
+      customer = result.data?.customer;
+    }
+    if (profilePhotoUpload) {
+      return this.uploadProfilePhoto(profilePhotoUpload);
+    }
+    return {
+      success: true,
+      customer
+    };
+  }
+  /**
+   * Upload and save the authenticated customer's profile photo.
+   *
+   * Accepts a browser File/Blob, `data:image/...` URI, or `blob:...` URI. The
+   * image is uploaded to Tiquo storage first, and the customer profile is
+   * updated with the URL.
+   */
+  async uploadProfilePhoto(photo) {
+    await this.ensureValidToken();
+    const blob = await this.profilePhotoToBlob(photo);
+    if (!blob.type.startsWith("image/")) {
+      throw new TiquoAuthError("Profile photo must be an image", "INVALID_PROFILE_PHOTO");
+    }
+    const uploadUrlResponse = await this.request("/api/client/v1/profile/photo-upload-url", {
+      method: "POST",
+      body: JSON.stringify({})
     });
-    if (!response.ok) {
-      const error = await response.json().catch(() => ({ error: "Failed to update profile" }));
-      throw new TiquoAuthError(error.error || "Failed to update profile", "PROFILE_UPDATE_FAILED", response.status);
+    if (!uploadUrlResponse.ok) {
+      const error = await uploadUrlResponse.json().catch(() => ({ error: "Failed to create profile photo upload URL" }));
+      throw new TiquoAuthError(
+        error.error || "Failed to create profile photo upload URL",
+        "PROFILE_PHOTO_UPLOAD_URL_FAILED",
+        uploadUrlResponse.status
+      );
     }
-    const result = await response.json();
-    if (this.session && result.data?.customer) {
+    const uploadUrlResult = await uploadUrlResponse.json();
+    const uploadUrl = uploadUrlResult.data?.uploadUrl;
+    if (!uploadUrl) {
+      throw new TiquoAuthError("Profile photo upload URL was missing", "PROFILE_PHOTO_UPLOAD_URL_FAILED");
+    }
+    const uploadResponse = await fetch(uploadUrl, {
+      method: "POST",
+      headers: { "Content-Type": blob.type },
+      body: blob
+    });
+    if (!uploadResponse.ok) {
+      throw new TiquoAuthError("Failed to upload profile photo", "PROFILE_PHOTO_UPLOAD_FAILED", uploadResponse.status);
+    }
+    const uploadResult = await uploadResponse.json();
+    const storageId = uploadResult.storageId;
+    if (!storageId) {
+      throw new TiquoAuthError("Profile photo storage ID was missing", "PROFILE_PHOTO_UPLOAD_FAILED");
+    }
+    const finalizeResponse = await this.request("/api/client/v1/profile/photo", {
+      method: "POST",
+      body: JSON.stringify({ storageId })
+    });
+    if (!finalizeResponse.ok) {
+      const error = await finalizeResponse.json().catch(() => ({ error: "Failed to update profile photo" }));
+      throw new TiquoAuthError(
+        error.error || "Failed to update profile photo",
+        "PROFILE_PHOTO_UPDATE_FAILED",
+        finalizeResponse.status
+      );
+    }
+    const finalizeResult = await finalizeResponse.json();
+    const customer = finalizeResult.data?.customer;
+    const profilePhoto = finalizeResult.data?.profilePhoto;
+    if (!customer || !profilePhoto) {
+      throw new TiquoAuthError("Profile photo update response was incomplete", "PROFILE_PHOTO_UPDATE_FAILED");
+    }
+    if (this.session && customer) {
       this.session = {
         ...this.session,
-        customer: result.data.customer
+        customer
       };
       this.notifyListeners();
       this.broadcastTabSync("SESSION_UPDATE");
     }
     return {
       success: true,
-      customer: result.data?.customer
+      customer,
+      profilePhoto,
+      storageId
     };
   }
   /**
@@ -1290,6 +1439,37 @@ var TiquoAuth = class {
       }
     }
   }
+  extractUploadableProfilePhoto(profilePhoto) {
+    if (typeof Blob !== "undefined" && profilePhoto instanceof Blob) {
+      return profilePhoto;
+    }
+    if (typeof profilePhoto === "string") {
+      const trimmed = profilePhoto.trim();
+      if (trimmed.startsWith("data:") || trimmed.startsWith("blob:")) {
+        return trimmed;
+      }
+    }
+    return null;
+  }
+  isProfilePhotoBlobUrl(photo) {
+    return photo.trim().startsWith("data:") || photo.trim().startsWith("blob:");
+  }
+  async profilePhotoToBlob(photo) {
+    if (typeof Blob !== "undefined" && photo instanceof Blob) {
+      return photo;
+    }
+    if (typeof photo === "string" && this.isProfilePhotoBlobUrl(photo)) {
+      const response = await fetch(photo);
+      if (!response.ok) {
+        throw new TiquoAuthError("Failed to read profile photo URI", "INVALID_PROFILE_PHOTO");
+      }
+      return response.blob();
+    }
+    throw new TiquoAuthError(
+      "uploadProfilePhoto expects a File, Blob, data URI, or blob URI. Use updateProfile({ profilePhoto: url }) for remote URLs.",
+      "INVALID_PROFILE_PHOTO"
+    );
+  }
   async request(path, options) {
     const url = `${this.config.apiEndpoint}${path}`;
     const headers = {
@@ -1665,6 +1845,7 @@ function useTiquoAuth(auth) {
     verifyOTP: (email, otp) => auth.verifyOTP(email, otp),
     logout: () => auth.logout(),
     updateProfile: (updates) => auth.updateProfile(updates),
+    uploadProfilePhoto: (photo) => auth.uploadProfilePhoto(photo),
     getOrders: (options) => auth.getOrders(options),
     getBookings: (options) => auth.getBookings(options),
     getUpcomingBookings: (options) => auth.getUpcomingBookings(options),
@@ -1697,6 +1878,7 @@ var index_default = TiquoAuth;
 export {
   TiquoAuth,
   TiquoAuthError,
+  TiquoCMS,
   TiquoPhone,
   addCustomerUserId,
   clearCachedEmail,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tiquo/dom-package",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "Tiquo SDK for third-party websites - authentication, customer profiles, orders, bookings, enquiries, receipts, and companies",
   "sideEffects": true,
   "publishConfig": {