npm - @uniformdev/mesh-sdk - Versions diffs - 20.50.2-alpha.9 → 20.50.2-alpha.96 - Mend

@uniformdev/mesh-sdk 20.50.2-alpha.9 → 20.50.2-alpha.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/index.esm.js CHANGED Viewed

@@ -4,10 +4,112 @@ var __typeError = (msg) => {
 var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
 var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
 var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+// src/clients/DelegationTokenClient.ts
+var DelegationTokenError = class extends Error {
+  constructor(status, kind, publicMessage) {
+    super(publicMessage);
+    this.name = "DelegationTokenError";
+    this.status = status;
+    this.kind = kind;
+  }
+};
+var PUBLIC_MESSAGES = {
+  bad_request: "Token exchange request was rejected as invalid",
+  unauthenticated: "Token exchange authentication failed",
+  forbidden: "Token exchange forbidden by server",
+  not_found: "Token exchange target was not found",
+  rate_limited: "Token exchange rate limit exceeded",
+  server_error: "Token exchange server error",
+  unknown: "Token exchange failed"
+};
+function classifyDelegationTokenStatus(status) {
+  if (status === 400) {
+    return "bad_request";
+  }
+  if (status === 401) {
+    return "unauthenticated";
+  }
+  if (status === 403) {
+    return "forbidden";
+  }
+  if (status === 404) {
+    return "not_found";
+  }
+  if (status === 429) {
+    return "rate_limited";
+  }
+  if (status >= 500) {
+    return "server_error";
+  }
+  return "unknown";
+}
+function buildDelegationTokenError(status) {
+  const kind = classifyDelegationTokenStatus(status);
+  return new DelegationTokenError(status, kind, PUBLIC_MESSAGES[kind]);
+}
+var _options, _DelegationTokenClient_instances, post_fn;
+var DelegationTokenClient = class {
+  constructor(options) {
+    __privateAdd(this, _DelegationTokenClient_instances);
+    __privateAdd(this, _options);
+    __privateSet(this, _options, options);
+  }
+  /**
+   * Exchanges a short-lived session token for a delegation token and refresh token.
+   * The session token is obtained by the integration's frontend via `sdk.getSessionToken()`.
+   *
+   * @deprecated This beta identity delegation API may change with breaking changes.
+   */
+  async exchangeSessionToken(sessionToken) {
+    return __privateMethod(this, _DelegationTokenClient_instances, post_fn).call(this, {
+      grant_type: "delegation_token",
+      sessionToken,
+      integrationId: __privateGet(this, _options).integrationId,
+      integrationSecret: __privateGet(this, _options).integrationSecret
+    });
+  }
+  /**
+   * Exchanges a refresh token for a new delegation token and a new refresh token.
+   *
+   * Replay posture: refresh tokens are bearer credentials that are valid until
+   * their server-side expiry. They are NOT single-use — a captured refresh token can be
+   * replayed by an attacker that also has the integration secret until it expires.
+   * Single-use enforcement (refresh-token storage, family/jti tracking, replay revocation)
+   * is tracked in `UNI-9279`.
+   *
+   * @deprecated This beta identity delegation API may change with breaking changes.
+   */
+  async refreshDelegationToken(refreshToken) {
+    return __privateMethod(this, _DelegationTokenClient_instances, post_fn).call(this, {
+      grant_type: "refresh_token",
+      refreshToken,
+      integrationId: __privateGet(this, _options).integrationId,
+      integrationSecret: __privateGet(this, _options).integrationSecret
+    });
+  }
+};
+_options = new WeakMap();
+_DelegationTokenClient_instances = new WeakSet();
+post_fn = async function(body) {
+  const url = `${__privateGet(this, _options).apiHost}/api/v1/token`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (!response.ok) {
+    await response.text().catch(() => "");
+    throw buildDelegationTokenError(response.status);
+  }
+  return await response.json();
+};
 // src/clients/IntegrationDefinitionClient.ts
 import { ApiClient } from "@uniformdev/context/api";
-var _url;
+var _url, _credentialsUrl;
 var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends ApiClient {
   constructor(options) {
     super(options);
@@ -18,7 +120,7 @@ var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends Ap
     const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _url), { ...options, teamId });
     return await this.apiClient(fetchUri);
   }
-  /** Creates or updates a mesh app definition on a team */
+  /** Creates or updates a mesh app definition on a team. Identity-delegation credentials must be minted separately via {@link rotateCredential}. */
   async upsert(body) {
     const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _url));
     return await this.apiClient(fetchUri, {
@@ -35,9 +137,37 @@ var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends Ap
       expectNoContent: true
     });
   }
+  /**
+   * Mints or rotates an identity-delegation credential for an integration definition. The plaintext
+   * `appSecret` is returned exactly once and is not retrievable afterwards — Uniform stores only
+   * the hash. A successful response invalidates any previously-issued secret of the same kind.
+   * Caller must be a team admin.
+   */
+  async rotateCredential(body) {
+    const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _credentialsUrl));
+    return await this.apiClient(fetchUri, {
+      method: "POST",
+      body: JSON.stringify({ ...body, teamId: this.options.teamId })
+    });
+  }
+  /**
+   * Revokes an identity-delegation credential. Future delegation grants and refreshes will fail
+   * until a new credential is minted; in-flight delegation tokens remain valid until natural
+   * expiry (up to ~15 minutes). Caller must be a team admin.
+   */
+  async revokeCredential(body) {
+    const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _credentialsUrl));
+    await this.apiClient(fetchUri, {
+      method: "DELETE",
+      body: JSON.stringify({ ...body, teamId: this.options.teamId }),
+      expectNoContent: true
+    });
+  }
 };
 _url = new WeakMap();
+_credentialsUrl = new WeakMap();
 __privateAdd(_IntegrationDefinitionClient, _url, "/api/v1/integration-definitions");
+__privateAdd(_IntegrationDefinitionClient, _credentialsUrl, "/api/v1/integration-credentials");
 var IntegrationDefinitionClient = _IntegrationDefinitionClient;
 // src/clients/IntegrationInstallationClient.ts
@@ -131,7 +261,7 @@ var getLogger = (prefix, debug) => {
 };
 // src/temp/version.ts
-var UNIFORM_MESH_SDK_VERSION = "20.50.1";
+var UNIFORM_MESH_SDK_VERSION = "20.63.0";
 // src/framepost/constants.ts
 var DEFAULT_REQUEST_TIMEOUT = 5e3;
@@ -488,159 +618,63 @@ async function connectToParent({
   });
   client.onRequest("metadata-value", onMetadataUpdated);
   client.onRequest("external-value-update", onValueExternallyUpdated);
-  return {
-    initData,
-    parent: {
-      resize: async ({ height }) => {
-        await client.request("resize", { height });
-      },
-      setValue: async (value) => {
-        await client.request("setValue", value);
-      },
-      openDialog: async (message) => {
-        const res = await client.request(
-          "openDialog",
-          message
-        );
-        const dialogId = res == null ? void 0 : res.dialogId;
-        if (!dialogId) {
-          return;
-        }
-        return new Promise((resolve, reject) => {
-          dialogResponseHandlers[dialogId] = { resolve, reject };
-        });
-      },
-      closeDialog: async (message) => {
-        await client.request("closeDialog", message);
-      },
-      getDataResource: async (message) => {
-        return await client.request("getDataResource", message, {
-          timeout: 3e4
-        });
-      },
-      navigate: async (message) => {
-        await client.request("navigate", message);
-      },
-      reloadLocation: async () => {
-        await client.request("reload");
-      },
-      editConnectedData: async (message) => {
-        return await client.request(
-          "editConnectedData",
-          message,
-          {
-            timeout: (
-              // 24 hours in ms
-              864e5
-            )
-          }
-        );
-      },
-      editorState: createEditorStateApi(client)
-    }
-  };
-}
-function createEditorStateApi(client) {
-  let cachedRootNodeId;
-  return {
-    async getRootNodeId() {
-      if (cachedRootNodeId) {
-        return cachedRootNodeId;
-      }
-      const result = await client.request("editorState.getRootNodeId");
-      cachedRootNodeId = result;
-      return result;
-    },
-    // Read operations
-    async exportTree(params) {
-      const result = await client.request("editorState.exportTree", params);
-      cachedRootNodeId != null ? cachedRootNodeId : cachedRootNodeId = result == null ? void 0 : result._id;
-      return result;
-    },
-    async exportSubtree(params) {
-      return await client.request("editorState.exportSubtree", params);
-    },
-    async exportMetadata() {
-      return await client.request("editorState.exportMetadata");
-    },
-    async exportRootNodeMetadata() {
-      return await client.request("editorState.exportRootNodeMetadata");
-    },
-    async getNodeById(params) {
-      return await client.request("editorState.getNodeById", params);
-    },
-    async getNodeChildren(params) {
-      return await client.request("editorState.getNodeChildren", params);
-    },
-    async getNodeProperty(params) {
-      return await client.request("editorState.getNodeProperty", params);
-    },
-    async getNodeProperties(params) {
-      return await client.request("editorState.getNodeProperties", params);
-    },
-    async getParentInfo(params) {
-      return await client.request("editorState.getParentInfo", params);
+  const parent = {
+    resize: async ({ height }) => {
+      await client.request("resize", { height });
     },
-    // Selection
-    async getSelectedNodeId() {
-      return await client.request("editorState.getSelectedNodeId");
+    setValue: async (value) => {
+      await client.request("setValue", value);
     },
-    async setSelectedNodeId(params) {
-      await client.request("editorState.setSelectedNodeId", params);
-    },
-    async getSelectedParameterId() {
-      return await client.request("editorState.getSelectedParameterId");
-    },
-    async setSelectedParameterId(params) {
-      await client.request("editorState.setSelectedParameterId", params);
-    },
-    async getPristine() {
-      return await client.request("editorState.getPristine");
-    },
-    // Write operations
-    async insertNode(params) {
-      return await client.request("editorState.insertNode", params);
-    },
-    async deleteNode(params) {
-      await client.request("editorState.deleteNode", params);
-    },
-    async moveNode(params) {
-      await client.request("editorState.moveNode", params);
-    },
-    async updateNodeProperty(params) {
-      await client.request("editorState.updateNodeProperty", params);
-    },
-    async updateRootMetadata(params) {
-      await client.request("editorState.updateRootMetadata", params);
-    },
-    async updateRootNode(params) {
-      await client.request("editorState.updateRootNode", params);
-    },
-    // Pattern operations
-    async insertPattern(params) {
-      return await client.request("editorState.insertPattern", params);
+    openDialog: async (message) => {
+      const res = await client.request(
+        "openDialog",
+        message
+      );
+      const dialogId = res == null ? void 0 : res.dialogId;
+      if (!dialogId) {
+        return;
+      }
+      return new Promise((resolve, reject) => {
+        dialogResponseHandlers[dialogId] = { resolve, reject };
+      });
     },
-    async isPatternPropertyOverridden(params) {
-      return await client.request("editorState.isPatternPropertyOverridden", params);
+    closeDialog: async (message) => {
+      await client.request("closeDialog", message);
     },
-    async resetPatternPropertyOverride(params) {
-      await client.request("editorState.resetPatternPropertyOverride", params);
+    getDataResource: async (message) => {
+      return await client.request("getDataResource", message, {
+        timeout: 3e4
+      });
     },
-    // Locale operations
-    async enableLocale(params) {
-      await client.request("editorState.enableLocale", params);
+    navigate: async (message) => {
+      await client.request("navigate", message);
     },
-    async disableLocale(params) {
-      await client.request("editorState.disableLocale", params);
+    reloadLocation: async () => {
+      await client.request("reload");
     },
-    async setCurrentLocale(params) {
-      await client.request("editorState.setCurrentLocale", params);
+    editConnectedData: async (message) => {
+      return await client.request(
+        "editConnectedData",
+        message,
+        {
+          timeout: (
+            // 24 hours in ms
+            864e5
+          )
+        }
+      );
     },
-    // Dynamic input operations
-    async setDynamicInputPreviewValue(params) {
-      await client.request("editorState.setDynamicInputPreviewValue", params);
+    getSessionToken: async () => {
+      return await client.request("getSessionToken", void 0, {
+        // Delegation may wait on consent UI + token API; default framepost timeout (5s) is too short.
+        timeout: 12e4
+      });
     }
   };
+  return {
+    initData,
+    parent
+  };
 }
 // src/sdkWindow.ts
@@ -836,8 +870,7 @@ async function initializeUniformMeshSDK({
               sdk.events.emit("onValueChanged", { newValue: value });
               await parent.setValue({ uniformMeshLocationValue: value, closeDialog: true });
             }
-          } : void 0,
-          editorState: parent.editorState
+          } : void 0
         };
         return location;
       },
@@ -920,7 +953,8 @@ async function initializeUniformMeshSDK({
       },
       closeCurrentLocationDialog: async () => {
         await parent.closeDialog({ dialogId: void 0, dialogType: "currentLocation" });
-      }
+      },
+      getSessionToken: () => parent.getSessionToken()
     };
     window.UniformMeshSDK = sdk;
     initializing = false;
@@ -942,6 +976,8 @@ var hasRole = (role, user) => {
   return user.roles.some((userRole) => userRole.name === role || userRole.id === role);
 };
 export {
+  DelegationTokenClient,
+  DelegationTokenError,
   IntegrationDefinitionClient,
   IntegrationInstallationClient,
   functionCallSystemParameters,