@wix/sdk 1.14.4 → 1.15.1

package/build/auth/AppStrategy.d.ts

@@ -17,7 +17,7 @@ export type AppStrategy = AuthenticationStrategy<undefined> & {
      */
     elevated(): Promise<AppStrategy>;
     /**
-     * Returns infromation about the active token
+     * Returns information about the active token
      */
     getTokenInfo(): Promise<{
         active: boolean;
@@ -73,7 +73,6 @@ export declare function AppStrategy(opts: {
     appId: string;
     appSecret?: string;
     publicKey?: string;
-    authServerBaseUrl?: string;
 } & ({
     refreshToken?: string;
 } | {
@@ -81,3 +80,13 @@ export declare function AppStrategy(opts: {
 } | {
     accessToken?: string;
 })): AppStrategy;
+export declare function getTokenInfo(token: string): Promise<{
+    active: boolean;
+    subjectType: 'APP' | 'USER' | 'MEMBER' | 'VISITOR' | 'UNKNOWN';
+    subjectId: string;
+    exp: number;
+    iat: number;
+    clientId?: string;
+    siteId: string;
+    instanceId?: string;
+}>;

package/build/auth/AppStrategy.js

@@ -40,7 +40,6 @@ import { parsePublicKeyIfEncoded } from '../helpers.js';
  */
 // eslint-disable-next-line @typescript-eslint/no-redeclare
 export function AppStrategy(opts) {
-    const authServerBaseUrl = opts.authServerBaseUrl ?? 'https://www.wixapis.com';
     let refreshToken = 'refreshToken' in opts ? opts.refreshToken : undefined;
     let cachedToken;
     return {
@@ -70,8 +69,7 @@ export function AppStrategy(opts) {
             if (!code || !instanceId) {
                 throw new Error('Invalid OAuth callback URL. Make sure you pass the url including the code and instanceId query params.');
             }
-            const tokenUrl = new URL('/oauth/access', authServerBaseUrl);
-            const tokensRes = await fetch(tokenUrl.href, {
+            const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
@@ -104,10 +102,9 @@ export function AppStrategy(opts) {
             }
             if ('refreshToken' in opts || refreshToken) {
                 if (!opts.appSecret) {
-                    throw new Error('App secret is required for retrieveing app-level access tokens. Make sure to pass it to the AppStrategy');
+                    throw new Error('App secret is required for retrieving app-level access tokens. Make sure to pass it to the AppStrategy');
                 }
-                const tokenUrl = new URL('/oauth/access', authServerBaseUrl);
-                const tokensRes = await fetch(tokenUrl.href, {
+                const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
                     method: 'POST',
                     headers: {
                         'Content-Type': 'application/json',
@@ -132,10 +129,9 @@ export function AppStrategy(opts) {
             }
             else if ('instanceId' in opts) {
                 if (!opts.appSecret) {
-                    throw new Error('App secret is required for retrieveing app-level access tokens. Make sure to pass it to the AppStrategy');
+                    throw new Error('App secret is required for retrieving app-level access tokens. Make sure to pass it to the AppStrategy');
                 }
-                const tokenUrl = new URL('/oauth2/token', authServerBaseUrl);
-                const tokensRes = await fetch(tokenUrl.href, {
+                const tokensRes = await fetch('https://www.wixapis.com/oauth2/token', {
                     method: 'POST',
                     headers: {
                         'Content-Type': 'application/json',
@@ -162,7 +158,7 @@ export function AppStrategy(opts) {
                 };
             }
             else if ('accessToken' in opts && opts.accessToken) {
-                const tokenRes = await fetch(new URL('/oauth2/token', authServerBaseUrl), {
+                const tokenRes = await fetch('https://www.wixapis.com/oauth2/token', {
                     method: 'POST',
                     headers: {
                         'Content-Type': 'application/json',
@@ -193,7 +189,7 @@ export function AppStrategy(opts) {
         },
         async elevated() {
             if ('accessToken' in opts && opts.accessToken) {
-                const tokenInfo = await getTokenInfo(opts.accessToken, authServerBaseUrl);
+                const tokenInfo = await getTokenInfo(opts.accessToken);
                 if (tokenInfo.clientId !== opts.appId) {
                     throw new Error(`Invalid access token. The token is not issued for the app with ID "${opts.appId}"`);
                 }
@@ -205,7 +201,6 @@ export function AppStrategy(opts) {
                     appSecret: opts.appSecret,
                     publicKey: opts.publicKey,
                     instanceId: tokenInfo.instanceId,
-                    authServerBaseUrl: opts.authServerBaseUrl,
                 });
             }
             else {
@@ -236,16 +231,15 @@ export function AppStrategy(opts) {
             if (!tokenToCheck) {
                 throw new Error('Missing token to get info for. Either pass the token as an argument or provide it when initializing the AppStrategy');
             }
-            return getTokenInfo(tokenToCheck, authServerBaseUrl);
+            return getTokenInfo(tokenToCheck);
         },
         getActiveToken() {
             return 'accessToken' in opts ? opts.accessToken : refreshToken;
         },
     };
 }
-async function getTokenInfo(token, authServerBaseUrl) {
-    const tokenInfoUrl = new URL('/oauth2/token-info', authServerBaseUrl);
-    const tokenInfoRes = await fetch(tokenInfoUrl.href, {
+export async function getTokenInfo(token) {
+    const tokenInfoRes = await fetch('https://www.wixapis.com/oauth2/token-info', {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',

package/build/web-method-modules.d.ts

@@ -0,0 +1,35 @@
+export declare const isWebMethodModules: (val: any) => val is WebMethodModules;
+export type WebMethodClient = {
+    processRequest(request: Request, devMode?: boolean): Promise<Response>;
+    callWebMethod(options: {
+        filename: string;
+        method: string;
+        args: unknown[];
+        baseURL: string;
+    }): Promise<unknown>;
+};
+declare enum Permissions {
+    Anyone = "anyone",
+    Admin = "admin",
+    SiteMember = "site-member"
+}
+type WebMethod<T extends unknown[], R> = {
+    handler: (...args: T) => R;
+    permission: Permissions;
+    __type: 'web-method-module';
+};
+type WebMethodModule = Record<string, WebMethod<unknown[], unknown>>;
+export type WebMethodModules = Record<string, () => Promise<WebMethodModule>>;
+export declare function webMethodModules(fetchWithAuth: (urlOrRequest: string | URL | Request, requestInit?: RequestInit) => Promise<Response>): {
+    initModule(webMethodModule: WebMethodModules): void;
+    client: {
+        processRequest(request: Request, devMode?: boolean | undefined): Promise<Response>;
+        callWebMethod({ baseURL, filename, method, args }: {
+            filename: string;
+            method: string;
+            args: unknown[];
+            baseURL: string;
+        }): Promise<any>;
+    };
+};
+export {};

package/build/web-method-modules.js

@@ -0,0 +1,112 @@
+import { serializeError } from 'serialize-error';
+import { getTokenInfo } from './auth/AppStrategy.js';
+export const isWebMethodModules = (val) => val.__type === 'web-method-module';
+var Permissions;
+(function (Permissions) {
+    Permissions["Anyone"] = "anyone";
+    Permissions["Admin"] = "admin";
+    Permissions["SiteMember"] = "site-member";
+})(Permissions || (Permissions = {}));
+async function checkPermission(request, permission) {
+    const accessToken = request.headers.get('Authorization');
+    if (!accessToken) {
+        throw new Error('Request is missing authentication data');
+    }
+    const { subjectType } = await getTokenInfo(accessToken);
+    switch (permission) {
+        case Permissions.Anyone: {
+            if (subjectType !== 'VISITOR' &&
+                subjectType !== 'MEMBER' &&
+                subjectType !== 'USER') {
+                throw new Error('Insufficient permissions');
+            }
+            break;
+        }
+        case Permissions.SiteMember: {
+            if (subjectType !== 'MEMBER' && subjectType !== 'USER') {
+                throw new Error('Insufficient permissions');
+            }
+            break;
+        }
+        case Permissions.Admin: {
+            if (subjectType !== 'USER') {
+                throw new Error('Insufficient permissions');
+            }
+            break;
+        }
+    }
+}
+const urlRegex = /\/_webMethods\/(.+\..+)\/(.+\..+)/;
+// /_webMethods/backend/my-module.web.js/multiply.ajax
+function extractUrlParts(url) {
+    const parts = url.match(urlRegex);
+    if (parts) {
+        return [parts[1], parts[2].replace('.ajax', '')];
+    }
+}
+function isRequestBodyValid(body) {
+    return !!body && typeof body === 'object' && Array.isArray(body);
+}
+const productionErrorMessage = 'Error: Unable to handle the request. Contact the site administrator or view site monitoring logs for more information.';
+export function webMethodModules(fetchWithAuth) {
+    const webMethods = {};
+    const client = {
+        async processRequest(request, devMode = false) {
+            const urlParts = extractUrlParts(request.url);
+            if (!urlParts) {
+                return new Response('invalid request', { status: 400 });
+            }
+            const [file, method] = urlParts;
+            const body = (await request.json());
+            if (!isRequestBodyValid(body)) {
+                return new Response('invalid request', { status: 400 });
+            }
+            const loadWebMethodFile = webMethods[`/${file}`];
+            try {
+                if (!loadWebMethodFile) {
+                    throw new Error(`Error loading web module ${file}: Cannot find module '${file}'`);
+                }
+                const webMethodFile = await loadWebMethodFile();
+                const webMethod = webMethodFile[method];
+                if (!webMethod) {
+                    throw new Error(`Error loading function from web module ${file}: function '${method}' not found`);
+                }
+                await checkPermission(request, webMethod.permission);
+                return Response.json({
+                    result: await webMethod.handler(...body),
+                });
+            }
+            catch (error) {
+                const serializedError = serializeError(error, { maxDepth: 1 });
+                return Response.json({
+                    result: devMode || !(error instanceof Error)
+                        ? serializedError
+                        : {
+                            ...serializedError,
+                            message: productionErrorMessage,
+                            stack: productionErrorMessage,
+                        },
+                    exception: true,
+                });
+            }
+        },
+        async callWebMethod({ baseURL, filename, method, args }) {
+            const response = await fetchWithAuth(`${baseURL}/_webMethods/${filename}/${method}.ajax`, {
+                body: JSON.stringify(args),
+                method: 'POST',
+            });
+            const json = await response.json();
+            // request failed
+            if (json.exception === true) {
+                throw json.result;
+            }
+            return json.result;
+        },
+    };
+    return {
+        initModule(webMethodModule) {
+            Object.assign(webMethods, webMethodModule);
+        },
+        client,
+    };
+}

package/build/wixClient.d.ts

@@ -3,6 +3,7 @@ import { EmptyObject } from 'type-fest/source/empty-object.js';
 import type { GraphQLFormattedError } from 'graphql';
 import { EventHandlersClient } from './event-handlers-modules.js';
 import { ServicePluginsClient } from './service-plugin-modules.js';
+import { WebMethodClient, WebMethodModules } from './web-method-modules.js';
 export type ContextType = 'global' | 'module';
 type Headers = Record<string, string>;
 /**
@@ -46,11 +47,13 @@ export type WixClient<H extends Host<any> | undefined = undefined, Z extends Aut
     }>;
     webhooks: EventHandlersClient;
     servicePlugins: ServicePluginsClient;
+    webMethods: WebMethodClient;
 } & BuildDescriptors<T, H>;
 export declare function createClient<H extends Host<any> | undefined = undefined, Z extends AuthenticationStrategy<H> = AuthenticationStrategy<H>, T extends Descriptors = EmptyObject>(config: {
     modules?: H extends Host<any> ? AssertHostMatches<T, H> : T;
     auth?: Z;
     headers?: Headers;
     host?: H;
+    webMethods?: WebMethodModules;
 }): WixClient<H, Z, T>;
 export {};

package/build/wixClient.js

@@ -9,6 +9,7 @@ import { buildRESTDescriptor } from './rest-modules.js';
 import { eventHandlersModules, isEventHandlerModule, } from './event-handlers-modules.js';
 import { isServicePluginModule, servicePluginsModules, } from './service-plugin-modules.js';
 import { runWithoutContext } from '@wix/sdk-runtime/context';
+import { isWebMethodModules, webMethodModules, } from './web-method-modules.js';
 export function createClient(config) {
     const _headers = config.headers || { Authorization: '' };
     const authStrategy = config.auth ||
@@ -17,8 +18,26 @@ export function createClient(config) {
         };
     const boundGetAuthHeaders = authStrategy.getAuthHeaders.bind(undefined, config.host);
     authStrategy.getAuthHeaders = boundGetAuthHeaders;
+    const fetchWithAuth = async (urlOrRequest, requestInit) => {
+        if (typeof urlOrRequest === 'string' || urlOrRequest instanceof URL) {
+            return fetch(urlOrRequest, {
+                ...requestInit,
+                headers: {
+                    ...requestInit?.headers,
+                    ...(await boundGetAuthHeaders()).headers,
+                },
+            });
+        }
+        else {
+            for (const [k, v] of Object.entries((await boundGetAuthHeaders()).headers)) {
+                urlOrRequest.headers.set(k, v);
+            }
+            return fetch(urlOrRequest, requestInit);
+        }
+    };
     const { client: servicePluginsClient, initModule: initServicePluginModule } = servicePluginsModules(authStrategy);
     const { client: eventHandlersClient, initModule: initEventHandlerModule } = eventHandlersModules(authStrategy);
+    const { client: webMethodClient, initModule } = webMethodModules(fetchWithAuth);
     const boundFetch = async (url, options) => {
         const authHeaders = await boundGetAuthHeaders();
         const defaultContentTypeHeader = getDefaultContentHeader(options);
@@ -46,6 +65,9 @@ export function createClient(config) {
         else if (isHostModule(modules) && config.host) {
             return buildHostModule(modules, config.host);
         }
+        else if (isWebMethodModules(modules)) {
+            return initModule(modules);
+        }
         else if (typeof modules === 'function') {
             // The generated namespaces all have the error classes on them and
             // a class is also a function, so we need to explicitly ignore these
@@ -126,23 +148,7 @@ export function createClient(config) {
             finalUrl.protocol = 'https';
             return boundFetch(finalUrl.toString(), options);
         },
-        fetchWithAuth: async (urlOrRequest, requestInit) => {
-            if (typeof urlOrRequest === 'string' || urlOrRequest instanceof URL) {
-                return fetch(urlOrRequest, {
-                    ...requestInit,
-                    headers: {
-                        ...requestInit?.headers,
-                        ...(await boundGetAuthHeaders()).headers,
-                    },
-                });
-            }
-            else {
-                for (const [k, v] of Object.entries((await boundGetAuthHeaders()).headers)) {
-                    urlOrRequest.headers.set(k, v);
-                }
-                return fetch(urlOrRequest, requestInit);
-            }
-        },
+        fetchWithAuth,
         async graphql(query, variables, opts = {
             apiVersion: 'alpha',
         }) {
@@ -161,6 +167,7 @@ export function createClient(config) {
             return { data: data ?? {}, errors };
         },
         webhooks: eventHandlersClient,
+        webMethods: webMethodClient,
         servicePlugins: servicePluginsClient,
     };
 }

package/cjs/build/auth/AppStrategy.d.ts

@@ -17,7 +17,7 @@ export type AppStrategy = AuthenticationStrategy<undefined> & {
      */
     elevated(): Promise<AppStrategy>;
     /**
-     * Returns infromation about the active token
+     * Returns information about the active token
      */
     getTokenInfo(): Promise<{
         active: boolean;
@@ -73,7 +73,6 @@ export declare function AppStrategy(opts: {
     appId: string;
     appSecret?: string;
     publicKey?: string;
-    authServerBaseUrl?: string;
 } & ({
     refreshToken?: string;
 } | {
@@ -81,3 +80,13 @@ export declare function AppStrategy(opts: {
 } | {
     accessToken?: string;
 })): AppStrategy;
+export declare function getTokenInfo(token: string): Promise<{
+    active: boolean;
+    subjectType: 'APP' | 'USER' | 'MEMBER' | 'VISITOR' | 'UNKNOWN';
+    subjectId: string;
+    exp: number;
+    iat: number;
+    clientId?: string;
+    siteId: string;
+    instanceId?: string;
+}>;

package/cjs/build/auth/AppStrategy.js

@@ -15,15 +15,26 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AppStrategy = AppStrategy;
+exports.getTokenInfo = getTokenInfo;
 const helpers_js_1 = require("../helpers.js");
 /**
  * Creates an authentication strategy for Wix Apps OAuth installation process.
@@ -66,7 +77,6 @@ const helpers_js_1 = require("../helpers.js");
  */
 // eslint-disable-next-line @typescript-eslint/no-redeclare
 function AppStrategy(opts) {
-    const authServerBaseUrl = opts.authServerBaseUrl ?? 'https://www.wixapis.com';
     let refreshToken = 'refreshToken' in opts ? opts.refreshToken : undefined;
     let cachedToken;
     return {
@@ -96,8 +106,7 @@ function AppStrategy(opts) {
             if (!code || !instanceId) {
                 throw new Error('Invalid OAuth callback URL. Make sure you pass the url including the code and instanceId query params.');
             }
-            const tokenUrl = new URL('/oauth/access', authServerBaseUrl);
-            const tokensRes = await fetch(tokenUrl.href, {
+            const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
@@ -130,10 +139,9 @@ function AppStrategy(opts) {
             }
             if ('refreshToken' in opts || refreshToken) {
                 if (!opts.appSecret) {
-                    throw new Error('App secret is required for retrieveing app-level access tokens. Make sure to pass it to the AppStrategy');
+                    throw new Error('App secret is required for retrieving app-level access tokens. Make sure to pass it to the AppStrategy');
                 }
-                const tokenUrl = new URL('/oauth/access', authServerBaseUrl);
-                const tokensRes = await fetch(tokenUrl.href, {
+                const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
                     method: 'POST',
                     headers: {
                         'Content-Type': 'application/json',
@@ -158,10 +166,9 @@ function AppStrategy(opts) {
             }
             else if ('instanceId' in opts) {
                 if (!opts.appSecret) {
-                    throw new Error('App secret is required for retrieveing app-level access tokens. Make sure to pass it to the AppStrategy');
+                    throw new Error('App secret is required for retrieving app-level access tokens. Make sure to pass it to the AppStrategy');
                 }
-                const tokenUrl = new URL('/oauth2/token', authServerBaseUrl);
-                const tokensRes = await fetch(tokenUrl.href, {
+                const tokensRes = await fetch('https://www.wixapis.com/oauth2/token', {
                     method: 'POST',
                     headers: {
                         'Content-Type': 'application/json',
@@ -188,7 +195,7 @@ function AppStrategy(opts) {
                 };
             }
             else if ('accessToken' in opts && opts.accessToken) {
-                const tokenRes = await fetch(new URL('/oauth2/token', authServerBaseUrl), {
+                const tokenRes = await fetch('https://www.wixapis.com/oauth2/token', {
                     method: 'POST',
                     headers: {
                         'Content-Type': 'application/json',
@@ -219,7 +226,7 @@ function AppStrategy(opts) {
         },
         async elevated() {
             if ('accessToken' in opts && opts.accessToken) {
-                const tokenInfo = await getTokenInfo(opts.accessToken, authServerBaseUrl);
+                const tokenInfo = await getTokenInfo(opts.accessToken);
                 if (tokenInfo.clientId !== opts.appId) {
                     throw new Error(`Invalid access token. The token is not issued for the app with ID "${opts.appId}"`);
                 }
@@ -231,7 +238,6 @@ function AppStrategy(opts) {
                     appSecret: opts.appSecret,
                     publicKey: opts.publicKey,
                     instanceId: tokenInfo.instanceId,
-                    authServerBaseUrl: opts.authServerBaseUrl,
                 });
             }
             else {
@@ -262,16 +268,15 @@ function AppStrategy(opts) {
             if (!tokenToCheck) {
                 throw new Error('Missing token to get info for. Either pass the token as an argument or provide it when initializing the AppStrategy');
             }
-            return getTokenInfo(tokenToCheck, authServerBaseUrl);
+            return getTokenInfo(tokenToCheck);
         },
         getActiveToken() {
             return 'accessToken' in opts ? opts.accessToken : refreshToken;
         },
     };
 }
-async function getTokenInfo(token, authServerBaseUrl) {
-    const tokenInfoUrl = new URL('/oauth2/token-info', authServerBaseUrl);
-    const tokenInfoRes = await fetch(tokenInfoUrl.href, {
+async function getTokenInfo(token) {
+    const tokenInfoRes = await fetch('https://www.wixapis.com/oauth2/token-info', {
         method: 'POST',
         headers: {
             'Content-Type': 'application/json',

package/cjs/build/web-method-modules.d.ts

@@ -0,0 +1,35 @@
+export declare const isWebMethodModules: (val: any) => val is WebMethodModules;
+export type WebMethodClient = {
+    processRequest(request: Request, devMode?: boolean): Promise<Response>;
+    callWebMethod(options: {
+        filename: string;
+        method: string;
+        args: unknown[];
+        baseURL: string;
+    }): Promise<unknown>;
+};
+declare enum Permissions {
+    Anyone = "anyone",
+    Admin = "admin",
+    SiteMember = "site-member"
+}
+type WebMethod<T extends unknown[], R> = {
+    handler: (...args: T) => R;
+    permission: Permissions;
+    __type: 'web-method-module';
+};
+type WebMethodModule = Record<string, WebMethod<unknown[], unknown>>;
+export type WebMethodModules = Record<string, () => Promise<WebMethodModule>>;
+export declare function webMethodModules(fetchWithAuth: (urlOrRequest: string | URL | Request, requestInit?: RequestInit) => Promise<Response>): {
+    initModule(webMethodModule: WebMethodModules): void;
+    client: {
+        processRequest(request: Request, devMode?: boolean | undefined): Promise<Response>;
+        callWebMethod({ baseURL, filename, method, args }: {
+            filename: string;
+            method: string;
+            args: unknown[];
+            baseURL: string;
+        }): Promise<any>;
+    };
+};
+export {};

package/cjs/build/web-method-modules.js

@@ -0,0 +1,117 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isWebMethodModules = void 0;
+exports.webMethodModules = webMethodModules;
+const serialize_error_1 = require("serialize-error");
+const AppStrategy_js_1 = require("./auth/AppStrategy.js");
+const isWebMethodModules = (val) => val.__type === 'web-method-module';
+exports.isWebMethodModules = isWebMethodModules;
+var Permissions;
+(function (Permissions) {
+    Permissions["Anyone"] = "anyone";
+    Permissions["Admin"] = "admin";
+    Permissions["SiteMember"] = "site-member";
+})(Permissions || (Permissions = {}));
+async function checkPermission(request, permission) {
+    const accessToken = request.headers.get('Authorization');
+    if (!accessToken) {
+        throw new Error('Request is missing authentication data');
+    }
+    const { subjectType } = await (0, AppStrategy_js_1.getTokenInfo)(accessToken);
+    switch (permission) {
+        case Permissions.Anyone: {
+            if (subjectType !== 'VISITOR' &&
+                subjectType !== 'MEMBER' &&
+                subjectType !== 'USER') {
+                throw new Error('Insufficient permissions');
+            }
+            break;
+        }
+        case Permissions.SiteMember: {
+            if (subjectType !== 'MEMBER' && subjectType !== 'USER') {
+                throw new Error('Insufficient permissions');
+            }
+            break;
+        }
+        case Permissions.Admin: {
+            if (subjectType !== 'USER') {
+                throw new Error('Insufficient permissions');
+            }
+            break;
+        }
+    }
+}
+const urlRegex = /\/_webMethods\/(.+\..+)\/(.+\..+)/;
+// /_webMethods/backend/my-module.web.js/multiply.ajax
+function extractUrlParts(url) {
+    const parts = url.match(urlRegex);
+    if (parts) {
+        return [parts[1], parts[2].replace('.ajax', '')];
+    }
+}
+function isRequestBodyValid(body) {
+    return !!body && typeof body === 'object' && Array.isArray(body);
+}
+const productionErrorMessage = 'Error: Unable to handle the request. Contact the site administrator or view site monitoring logs for more information.';
+function webMethodModules(fetchWithAuth) {
+    const webMethods = {};
+    const client = {
+        async processRequest(request, devMode = false) {
+            const urlParts = extractUrlParts(request.url);
+            if (!urlParts) {
+                return new Response('invalid request', { status: 400 });
+            }
+            const [file, method] = urlParts;
+            const body = (await request.json());
+            if (!isRequestBodyValid(body)) {
+                return new Response('invalid request', { status: 400 });
+            }
+            const loadWebMethodFile = webMethods[`/${file}`];
+            try {
+                if (!loadWebMethodFile) {
+                    throw new Error(`Error loading web module ${file}: Cannot find module '${file}'`);
+                }
+                const webMethodFile = await loadWebMethodFile();
+                const webMethod = webMethodFile[method];
+                if (!webMethod) {
+                    throw new Error(`Error loading function from web module ${file}: function '${method}' not found`);
+                }
+                await checkPermission(request, webMethod.permission);
+                return Response.json({
+                    result: await webMethod.handler(...body),
+                });
+            }
+            catch (error) {
+                const serializedError = (0, serialize_error_1.serializeError)(error, { maxDepth: 1 });
+                return Response.json({
+                    result: devMode || !(error instanceof Error)
+                        ? serializedError
+                        : {
+                            ...serializedError,
+                            message: productionErrorMessage,
+                            stack: productionErrorMessage,
+                        },
+                    exception: true,
+                });
+            }
+        },
+        async callWebMethod({ baseURL, filename, method, args }) {
+            const response = await fetchWithAuth(`${baseURL}/_webMethods/${filename}/${method}.ajax`, {
+                body: JSON.stringify(args),
+                method: 'POST',
+            });
+            const json = await response.json();
+            // request failed
+            if (json.exception === true) {
+                throw json.result;
+            }
+            return json.result;
+        },
+    };
+    return {
+        initModule(webMethodModule) {
+            Object.assign(webMethods, webMethodModule);
+        },
+        client,
+    };
+}

package/cjs/build/wixClient.d.ts

@@ -3,6 +3,7 @@ import { EmptyObject } from 'type-fest/source/empty-object.js';
 import type { GraphQLFormattedError } from 'graphql';
 import { EventHandlersClient } from './event-handlers-modules.js';
 import { ServicePluginsClient } from './service-plugin-modules.js';
+import { WebMethodClient, WebMethodModules } from './web-method-modules.js';
 export type ContextType = 'global' | 'module';
 type Headers = Record<string, string>;
 /**
@@ -46,11 +47,13 @@ export type WixClient<H extends Host<any> | undefined = undefined, Z extends Aut
     }>;
     webhooks: EventHandlersClient;
     servicePlugins: ServicePluginsClient;
+    webMethods: WebMethodClient;
 } & BuildDescriptors<T, H>;
 export declare function createClient<H extends Host<any> | undefined = undefined, Z extends AuthenticationStrategy<H> = AuthenticationStrategy<H>, T extends Descriptors = EmptyObject>(config: {
     modules?: H extends Host<any> ? AssertHostMatches<T, H> : T;
     auth?: Z;
     headers?: Headers;
     host?: H;
+    webMethods?: WebMethodModules;
 }): WixClient<H, Z, T>;
 export {};

package/cjs/build/wixClient.js

@@ -12,6 +12,7 @@ const rest_modules_js_1 = require("./rest-modules.js");
 const event_handlers_modules_js_1 = require("./event-handlers-modules.js");
 const service_plugin_modules_js_1 = require("./service-plugin-modules.js");
 const context_1 = require("@wix/sdk-runtime/context");
+const web_method_modules_js_1 = require("./web-method-modules.js");
 function createClient(config) {
     const _headers = config.headers || { Authorization: '' };
     const authStrategy = config.auth ||
@@ -20,8 +21,26 @@ function createClient(config) {
         };
     const boundGetAuthHeaders = authStrategy.getAuthHeaders.bind(undefined, config.host);
     authStrategy.getAuthHeaders = boundGetAuthHeaders;
+    const fetchWithAuth = async (urlOrRequest, requestInit) => {
+        if (typeof urlOrRequest === 'string' || urlOrRequest instanceof URL) {
+            return fetch(urlOrRequest, {
+                ...requestInit,
+                headers: {
+                    ...requestInit?.headers,
+                    ...(await boundGetAuthHeaders()).headers,
+                },
+            });
+        }
+        else {
+            for (const [k, v] of Object.entries((await boundGetAuthHeaders()).headers)) {
+                urlOrRequest.headers.set(k, v);
+            }
+            return fetch(urlOrRequest, requestInit);
+        }
+    };
     const { client: servicePluginsClient, initModule: initServicePluginModule } = (0, service_plugin_modules_js_1.servicePluginsModules)(authStrategy);
     const { client: eventHandlersClient, initModule: initEventHandlerModule } = (0, event_handlers_modules_js_1.eventHandlersModules)(authStrategy);
+    const { client: webMethodClient, initModule } = (0, web_method_modules_js_1.webMethodModules)(fetchWithAuth);
     const boundFetch = async (url, options) => {
         const authHeaders = await boundGetAuthHeaders();
         const defaultContentTypeHeader = (0, helpers_js_1.getDefaultContentHeader)(options);
@@ -49,6 +68,9 @@ function createClient(config) {
         else if ((0, host_modules_js_1.isHostModule)(modules) && config.host) {
             return (0, host_modules_js_1.buildHostModule)(modules, config.host);
         }
+        else if ((0, web_method_modules_js_1.isWebMethodModules)(modules)) {
+            return initModule(modules);
+        }
         else if (typeof modules === 'function') {
             // The generated namespaces all have the error classes on them and
             // a class is also a function, so we need to explicitly ignore these
@@ -129,23 +151,7 @@ function createClient(config) {
             finalUrl.protocol = 'https';
             return boundFetch(finalUrl.toString(), options);
         },
-        fetchWithAuth: async (urlOrRequest, requestInit) => {
-            if (typeof urlOrRequest === 'string' || urlOrRequest instanceof URL) {
-                return fetch(urlOrRequest, {
-                    ...requestInit,
-                    headers: {
-                        ...requestInit?.headers,
-                        ...(await boundGetAuthHeaders()).headers,
-                    },
-                });
-            }
-            else {
-                for (const [k, v] of Object.entries((await boundGetAuthHeaders()).headers)) {
-                    urlOrRequest.headers.set(k, v);
-                }
-                return fetch(urlOrRequest, requestInit);
-            }
-        },
+        fetchWithAuth,
         async graphql(query, variables, opts = {
             apiVersion: 'alpha',
         }) {
@@ -164,6 +170,7 @@ function createClient(config) {
             return { data: data ?? {}, errors };
         },
         webhooks: eventHandlersClient,
+        webMethods: webMethodClient,
         servicePlugins: servicePluginsClient,
     };
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wix/sdk",
-  "version": "1.14.4",
+  "version": "1.15.1",
   "license": "UNLICENSED",
   "author": {
     "name": "Ronny Ringel",
@@ -63,34 +63,35 @@
     "*.{js,ts}": "yarn lint"
   },
   "dependencies": {
-    "@wix/identity": "^1.0.86",
-    "@wix/image-kit": "^1.93.0",
-    "@wix/redirects": "^1.0.61",
+    "@wix/identity": "^1.0.89",
+    "@wix/image-kit": "^1.96.0",
+    "@wix/redirects": "^1.0.64",
     "@wix/sdk-context": "^0.0.1",
-    "@wix/sdk-runtime": "0.3.23",
-    "@wix/sdk-types": "^1.12.4",
+    "@wix/sdk-runtime": "0.3.25",
+    "@wix/sdk-types": "^1.12.5",
     "jose": "^5.9.6",
-    "type-fest": "^4.27.0"
+    "serialize-error": "^8.1.0",
+    "type-fest": "^4.29.0"
   },
   "optionalDependencies": {
     "graphql": "^0.8.0 || ^0.9.0 || ^0.10.0 || ^0.11.0 || ^0.12.0 || ^0.13.0 || ^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
   },
   "devDependencies": {
     "@types/is-ci": "^3.0.4",
-    "@types/node": "^20.17.6",
+    "@types/node": "^20.17.9",
     "@vitest/ui": "^1.6.0",
-    "@wix/ecom": "^1.0.829",
-    "@wix/events": "^1.0.338",
-    "@wix/metro": "^1.0.89",
-    "@wix/metro-runtime": "^1.1854.0",
-    "@wix/sdk-runtime": "0.3.23",
+    "@wix/ecom": "^1.0.845",
+    "@wix/events": "^1.0.347",
+    "@wix/metro": "^1.0.90",
+    "@wix/metro-runtime": "^1.1864.0",
+    "@wix/sdk-runtime": "0.3.25",
     "eslint": "^8.57.1",
     "eslint-config-sdk": "0.0.0",
     "graphql": "^16.8.0",
     "is-ci": "^3.0.1",
     "jsdom": "^22.1.0",
-    "msw": "^2.6.5",
-    "typescript": "^5.6.3",
+    "msw": "^2.6.6",
+    "typescript": "^5.7.2",
     "vitest": "^1.6.0",
     "vitest-teamcity-reporter": "^0.3.1"
   },
@@ -117,5 +118,5 @@
   "wallaby": {
     "autoDetect": true
   },
-  "falconPackageHash": "94303cb167edda6e2a316a0d1cbbc1262c00a356ac99dd3f186349ed"
+  "falconPackageHash": "3ea83646bf7d33d3735730b3593ad9567e0c166c2a4c76515505bf41"
 }