@wix/sdk 1.5.9 → 1.6.0

package/build/esm/ambassador-modules.js

@@ -0,0 +1,89 @@
+const parseMethod = (method) => {
+    switch (method) {
+        case 'get':
+        case 'GET':
+            return 'GET';
+        case 'post':
+        case 'POST':
+            return 'POST';
+        case 'put':
+        case 'PUT':
+            return 'PUT';
+        case 'delete':
+        case 'DELETE':
+            return 'DELETE';
+        case 'patch':
+        case 'PATCH':
+            return 'PATCH';
+        case 'head':
+        case 'HEAD':
+            return 'HEAD';
+        case 'options':
+        case 'OPTIONS':
+            return 'OPTIONS';
+        default:
+            throw new Error(`Unknown method: ${method}`);
+    }
+};
+export const toHTTPModule = (factory) => (httpClient) => async (payload) => {
+    let requestOptions;
+    const HTTPFactory = (context) => {
+        requestOptions = factory(payload)(context);
+        if (requestOptions.url === undefined) {
+            throw new Error('Url was not successfully created for this request, please reach out to support channels for assistance.');
+        }
+        const { method, url, params } = requestOptions;
+        return {
+            ...requestOptions,
+            method: parseMethod(method),
+            url,
+            data: requestOptions.data,
+            params,
+        };
+    };
+    try {
+        const response = await httpClient.request(HTTPFactory);
+        if (requestOptions === undefined) {
+            throw new Error('Request options were not created for this request, please reach out to support channels for assistance.');
+        }
+        const transformations = Array.isArray(requestOptions.transformResponse)
+            ? requestOptions.transformResponse
+            : [requestOptions.transformResponse];
+        /**
+         * Based on Axios implementation:
+         * https://github.com/axios/axios/blob/3f53eb6960f05a1f88409c4b731a40de595cb825/lib/core/transformData.js#L22
+         */
+        let data = response.data;
+        transformations.forEach((transform) => {
+            if (transform) {
+                data = transform(response.data, response.headers);
+            }
+        });
+        return data;
+    }
+    catch (e) {
+        if (typeof e === 'object' &&
+            e !== null &&
+            'response' in e &&
+            typeof e.response === 'object' &&
+            e.response !== null &&
+            'data' in e.response) {
+            throw e.response.data;
+        }
+        throw e;
+    }
+};
+export const ambassadorModuleOptions = () => ({
+    HTTPHost: self.location.host,
+});
+/*
+ * Because of issues with tree-shaking, we cant really put static parameter on module.
+ * We still have check for __isAmbassador for backward compatibility
+ */
+export const isAmbassadorModule = (module) => {
+    if (module.__isAmbassador) {
+        return true;
+    }
+    const fn = module();
+    return Boolean(fn.__isAmbassador);
+};

package/build/esm/auth/ApiKeyAuthStrategy.d.ts

@@ -0,0 +1,16 @@
+import { AuthenticationStrategy } from '@wix/sdk-types';
+export interface IApiKeyStrategy extends AuthenticationStrategy {
+    setSiteId(siteId?: string): void;
+    setAccountId(accountId?: string): void;
+}
+type Context = {
+    siteId: string;
+    accountId?: string;
+} | {
+    siteId?: string;
+    accountId: string;
+};
+export declare function ApiKeyStrategy({ siteId, accountId, apiKey, }: {
+    apiKey: string;
+} & Context): IApiKeyStrategy;
+export {};

package/build/esm/auth/ApiKeyAuthStrategy.js

@@ -0,0 +1,22 @@
+export function ApiKeyStrategy({ siteId, accountId, apiKey, }) {
+    const headers = { Authorization: apiKey };
+    if (siteId) {
+        headers['wix-site-id'] = siteId;
+    }
+    if (accountId) {
+        headers['wix-account-id'] = accountId;
+    }
+    return {
+        setSiteId(_siteId) {
+            headers['wix-site-id'] = _siteId;
+        },
+        setAccountId(_accountId) {
+            headers['wix-account-id'] = _accountId;
+        },
+        async getAuthHeaders() {
+            return {
+                headers,
+            };
+        },
+    };
+}

package/build/esm/auth/WixAppOAuthStrategy.d.ts

@@ -0,0 +1,54 @@
+import { AuthenticationStrategy } from '@wix/sdk-types';
+export type WixAppOAuthStrategy = AuthenticationStrategy & {
+    getInstallUrl({ redirectUrl }: {
+        redirectUrl: string;
+    }): string;
+    handleOAuthCallback(url: string, opts?: {
+        state: string;
+    }): Promise<{
+        instanceId: string;
+        accessToken: string;
+        refreshToken: string;
+    }>;
+};
+/**
+ * Creates an authentication strategy for Wix Apps OAuth installation process.
+ * Use this authentication strategy when making requests to Wix APIs from your Wix App backend.
+ * @param opts Options for initializing the authentication strategy
+ * @param opts.appId The Wix App ID
+ * @param opts.appSecret The Wix App Secret
+ * @param opts.refreshToken An optional refresh token previously retrieved from Wix OAuth API
+ * @returns An authentication strategy that can be used with WixClient
+ * @example
+ * ```ts
+ * import { WixAppOAuthStrategy, createClient } from '@wix/sdk';
+ * import { products } from '@wix/stores';
+ *
+ * const client = createClient({
+ *  auth: WixAppOAuthStrategy({
+ *   appId: 'appId',
+ *   appSecret: 'appSecret',
+ *  }),
+ *  modules: { products },
+ * });
+ *
+ * const installUrl = client.auth.getInstallUrl({ redirectUrl: 'https://example.com' });
+ * // Redirect the user to the installUrl
+ *
+ * ...
+ *
+ * // in the callback handler of your http server
+ * // req.url is the url of the callback request
+ * const { instanceId, refreshToken } = await client.auth.handleOAuthCallback(req.url);
+ *
+ * // store the instanceId and refreshToken in your database
+ * // use the authorized client
+ * const products = await client.products.queryProducts().find();
+ *
+ * ```
+ */
+export declare function WixAppOAuthStrategy(opts: {
+    appId: string;
+    appSecret: string;
+    refreshToken?: string;
+}): WixAppOAuthStrategy;

package/build/esm/auth/WixAppOAuthStrategy.js

@@ -0,0 +1,106 @@
+/**
+ * Creates an authentication strategy for Wix Apps OAuth installation process.
+ * Use this authentication strategy when making requests to Wix APIs from your Wix App backend.
+ * @param opts Options for initializing the authentication strategy
+ * @param opts.appId The Wix App ID
+ * @param opts.appSecret The Wix App Secret
+ * @param opts.refreshToken An optional refresh token previously retrieved from Wix OAuth API
+ * @returns An authentication strategy that can be used with WixClient
+ * @example
+ * ```ts
+ * import { WixAppOAuthStrategy, createClient } from '@wix/sdk';
+ * import { products } from '@wix/stores';
+ *
+ * const client = createClient({
+ *  auth: WixAppOAuthStrategy({
+ *   appId: 'appId',
+ *   appSecret: 'appSecret',
+ *  }),
+ *  modules: { products },
+ * });
+ *
+ * const installUrl = client.auth.getInstallUrl({ redirectUrl: 'https://example.com' });
+ * // Redirect the user to the installUrl
+ *
+ * ...
+ *
+ * // in the callback handler of your http server
+ * // req.url is the url of the callback request
+ * const { instanceId, refreshToken } = await client.auth.handleOAuthCallback(req.url);
+ *
+ * // store the instanceId and refreshToken in your database
+ * // use the authorized client
+ * const products = await client.products.queryProducts().find();
+ *
+ * ```
+ */
+// eslint-disable-next-line @typescript-eslint/no-redeclare
+export function WixAppOAuthStrategy(opts) {
+    let refreshToken = opts.refreshToken;
+    return {
+        getInstallUrl({ redirectUrl }) {
+            return `https://www.wix.com/installer/install?appId=${opts.appId}&redirectUrl=${redirectUrl}`;
+        },
+        async handleOAuthCallback(url, oauthOpts) {
+            const params = new URLSearchParams(new URL(url).search);
+            const state = params.get('state');
+            if (state && oauthOpts?.state && state !== oauthOpts.state) {
+                throw new Error(`Invalid OAuth callback URL. Expected state to be "${oauthOpts.state}" but got "${state}"`);
+            }
+            const code = params.get('code');
+            const instanceId = params.get('instanceId');
+            if (!code || !instanceId) {
+                throw new Error('Invalid OAuth callback URL. Make sure you pass the url including the code and instanceId query params.');
+            }
+            const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    code,
+                    client_id: opts.appId,
+                    client_secret: opts.appSecret,
+                    grant_type: 'authorization_code',
+                }),
+            });
+            if (tokensRes.status !== 200) {
+                throw new Error(`Failed to exchange authorization code for refresh token. Unexpected status code from Wix OAuth API: ${tokensRes.status}`);
+            }
+            const tokens = await tokensRes.json();
+            refreshToken = tokens.refresh_token;
+            return {
+                instanceId,
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token,
+            };
+        },
+        async getAuthHeaders() {
+            if (!refreshToken) {
+                throw new Error('Missing refresh token. Either pass it to the WixAppOAuthStrategy or use the handleOAuthCallback method to retrieve it.');
+            }
+            const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    refresh_token: refreshToken,
+                    client_id: opts.appId,
+                    client_secret: opts.appSecret,
+                    grant_type: 'refresh_token',
+                }),
+            });
+            if (tokensRes.status !== 200) {
+                throw new Error(`Failed to exchange refresh token for access token. Unexpected status code from Wix OAuth API: ${tokensRes.status}`);
+            }
+            const tokens = (await tokensRes.json());
+            refreshToken = tokens.refresh_token;
+            return {
+                headers: {
+                    Authorization: tokens.access_token,
+                },
+            };
+        },
+    };
+}

package/build/esm/auth/oauth2/OAuthStrategy.d.ts

@@ -0,0 +1,12 @@
+import { IOAuthStrategy, Tokens } from './types.js';
+export declare function OAuthStrategy(config: {
+    clientId: string;
+    tokens?: Tokens;
+}): IOAuthStrategy;
+export interface TokenResponse {
+    access_token: string;
+    expires_in: number;
+    refresh_token: string | null;
+    token_type: string;
+    scope?: string | null;
+}

package/build/esm/auth/oauth2/OAuthStrategy.js

@@ -0,0 +1,357 @@
+import { createClient } from '../../wixClient.js';
+import { redirects } from '@wix/redirects';
+import { createAccessToken, isTokenExpired } from '../../tokenHelpers.js';
+import { authentication, recovery, verification } from '@wix/identity';
+import { API_URL } from '../../common.js';
+import { LoginState, TokenRole, } from './types.js';
+import { addPostMessageListener, loadFrame } from '../../iframeUtils.js';
+import { EMAIL_EXISTS, INVALID_CAPTCHA, INVALID_PASSWORD, MISSING_CAPTCHA, RESET_PASSWORD, } from './constants.js';
+import { biHeaderGenerator } from '../../bi/biHeaderGenerator.js';
+import { pkceChallenge } from './pkce-challenge.js';
+const moduleWithTokens = { redirects, authentication, recovery, verification };
+export function OAuthStrategy(config) {
+    const _tokens = config.tokens || {
+        accessToken: { value: '', expiresAt: 0 },
+        refreshToken: { value: '', role: TokenRole.NONE },
+    };
+    const setTokens = (tokens) => {
+        _tokens.accessToken = tokens.accessToken;
+        _tokens.refreshToken = tokens.refreshToken;
+    };
+    let _state = {
+        loginState: LoginState.INITIAL,
+    };
+    const getAuthHeaders = async () => {
+        if (!_tokens.accessToken?.value || isTokenExpired(_tokens.accessToken)) {
+            const tokens = await generateVisitorTokens({
+                refreshToken: _tokens.refreshToken,
+            });
+            setTokens(tokens);
+        }
+        return Promise.resolve({
+            headers: { Authorization: _tokens.accessToken.value },
+        });
+    };
+    const wixClientWithTokens = createClient({
+        modules: moduleWithTokens,
+        auth: { getAuthHeaders },
+    });
+    const generateVisitorTokens = async (tokens) => {
+        if (tokens?.accessToken?.value &&
+            tokens?.refreshToken?.value &&
+            !isTokenExpired(tokens.accessToken)) {
+            return tokens;
+        }
+        if (tokens?.refreshToken?.value) {
+            try {
+                const newTokens = await renewToken(tokens.refreshToken);
+                return newTokens;
+            }
+            catch (e) {
+                // just continue and create a visitor one
+            }
+        }
+        const tokensResponse = await fetchTokens({
+            clientId: config.clientId,
+            grantType: 'anonymous',
+        });
+        return {
+            accessToken: createAccessToken(tokensResponse.access_token, tokensResponse.expires_in),
+            refreshToken: {
+                value: tokensResponse.refresh_token,
+                role: TokenRole.VISITOR,
+            },
+        };
+    };
+    const renewToken = async (refreshToken) => {
+        const tokensResponse = await fetchTokens({
+            refreshToken: refreshToken.value,
+            grantType: 'refresh_token',
+        });
+        const accessToken = createAccessToken(tokensResponse.access_token, tokensResponse.expires_in);
+        return {
+            accessToken,
+            refreshToken,
+        };
+    };
+    const generatePKCE = () => {
+        const pkceState = pkceChallenge();
+        return {
+            codeChallenge: pkceState.code_challenge,
+            codeVerifier: pkceState.code_verifier,
+            state: pkceChallenge().code_challenge,
+        };
+    };
+    const generateOAuthData = (redirectUri, originalUri) => {
+        const state = { redirectUri };
+        const pkceState = generatePKCE();
+        return {
+            ...state,
+            originalUri: originalUri ?? '',
+            codeChallenge: pkceState.codeChallenge,
+            codeVerifier: pkceState.codeVerifier,
+            state: pkceChallenge().code_challenge,
+        };
+    };
+    const getAuthorizationUrlWithOptions = async (oauthData, responseMode, prompt, sessionToken) => {
+        const { redirectSession } = await wixClientWithTokens.redirects.createRedirectSession({
+            auth: {
+                authRequest: {
+                    redirectUri: oauthData.redirectUri,
+                    ...(oauthData.redirectUri && {
+                        redirectUri: oauthData.redirectUri,
+                    }),
+                    clientId: config.clientId,
+                    codeChallenge: oauthData.codeChallenge,
+                    codeChallengeMethod: 'S256',
+                    responseMode,
+                    responseType: 'code',
+                    scope: 'offline_access',
+                    state: oauthData.state,
+                    ...(sessionToken && { sessionToken }),
+                },
+                prompt: redirects.Prompt[prompt],
+            },
+        });
+        return { authUrl: redirectSession.fullUrl };
+    };
+    const getAuthUrl = async (oauthData, opts = {
+        prompt: 'login',
+    }) => {
+        return getAuthorizationUrlWithOptions(oauthData, opts.responseMode ?? 'fragment', opts.prompt ?? 'login');
+    };
+    const parseFromUrl = (url, responseMode = 'fragment') => {
+        const parsedUrl = new URL(url ?? window.location.href);
+        const params = responseMode === 'query'
+            ? parsedUrl.searchParams
+            : new URLSearchParams(parsedUrl.hash.substring(1));
+        const code = params.get('code');
+        const state = params.get('state');
+        const error = params.get('error');
+        const errorDescription = params.get('error_description');
+        return { code, state, ...(error && { error, errorDescription }) };
+    };
+    const getMemberTokens = async (code, state, oauthData) => {
+        if (!code || !state) {
+            throw new Error('Missing code or _state');
+        }
+        else if (state !== oauthData.state) {
+            throw new Error('Invalid _state');
+        }
+        try {
+            const tokensResponse = await fetchTokens({
+                clientId: config.clientId,
+                grantType: 'authorization_code',
+                ...(oauthData.redirectUri && { redirectUri: oauthData.redirectUri }),
+                code,
+                codeVerifier: oauthData.codeVerifier,
+            });
+            return {
+                accessToken: createAccessToken(tokensResponse.access_token, tokensResponse.expires_in),
+                refreshToken: {
+                    value: tokensResponse.refresh_token,
+                    role: TokenRole.MEMBER,
+                },
+            };
+        }
+        catch (e) {
+            throw new Error('Failed to get member tokens');
+        }
+    };
+    const logout = async (originalUrl) => {
+        const { redirectSession } = await wixClientWithTokens.redirects.createRedirectSession({
+            logout: { clientId: config.clientId },
+            callbacks: {
+                postFlowUrl: originalUrl,
+            },
+        });
+        _tokens.accessToken = { value: '', expiresAt: 0 };
+        _tokens.refreshToken = { value: '', role: TokenRole.NONE };
+        return { logoutUrl: redirectSession.fullUrl };
+    };
+    const handleState = (response) => {
+        if (response.state === authentication.StateType.SUCCESS) {
+            return {
+                loginState: LoginState.SUCCESS,
+                data: { sessionToken: response.sessionToken },
+            };
+        }
+        else if (response.state === authentication.StateType.REQUIRE_OWNER_APPROVAL) {
+            return {
+                loginState: LoginState.OWNER_APPROVAL_REQUIRED,
+            };
+        }
+        else if (response.state === authentication.StateType.REQUIRE_EMAIL_VERIFICATION) {
+            _state = {
+                loginState: LoginState.EMAIL_VERIFICATION_REQUIRED,
+                data: { stateToken: response.stateToken },
+            };
+            return _state;
+        }
+        return {
+            loginState: LoginState.FAILURE,
+            error: 'Unknown _state',
+        };
+    };
+    const register = async (params) => {
+        try {
+            const res = await wixClientWithTokens.authentication.registerV2({
+                email: params.email,
+            }, {
+                password: params.password,
+                profile: params.profile,
+                ...(params.captchaTokens && {
+                    captchaTokens: [
+                        {
+                            Recaptcha: params.captchaTokens?.recaptchaToken,
+                            InvisibleRecaptcha: params.captchaTokens?.invisibleRecaptchaToken,
+                        },
+                    ],
+                }),
+            });
+            return handleState(res);
+        }
+        catch (e) {
+            const emailValidation = e.details.validationError?.fieldViolations?.find((v) => v.data.type === 'EMAIL');
+            if (emailValidation) {
+                return {
+                    loginState: LoginState.FAILURE,
+                    error: emailValidation.description,
+                    errorCode: 'invalidEmail',
+                };
+            }
+            if (e.details.applicationError?.code === MISSING_CAPTCHA) {
+                return {
+                    loginState: LoginState.FAILURE,
+                    error: e.message,
+                    errorCode: 'missingCaptchaToken',
+                };
+            }
+            if (e.details.applicationError?.code === EMAIL_EXISTS) {
+                return {
+                    loginState: LoginState.FAILURE,
+                    error: e.message,
+                    errorCode: 'emailAlreadyExists',
+                };
+            }
+            if (e.details.applicationError?.code === INVALID_CAPTCHA) {
+                return {
+                    loginState: LoginState.FAILURE,
+                    error: e.message,
+                    errorCode: 'invalidCaptchaToken',
+                };
+            }
+            return {
+                loginState: LoginState.FAILURE,
+                error: e.message,
+            };
+        }
+    };
+    const login = async (params) => {
+        try {
+            const res = await wixClientWithTokens.authentication.loginV2({
+                email: params.email,
+            }, {
+                password: params.password,
+                ...(params.captchaTokens && {
+                    captchaTokens: [
+                        {
+                            Recaptcha: params.captchaTokens?.recaptchaToken,
+                            InvisibleRecaptcha: params.captchaTokens?.invisibleRecaptchaToken,
+                        },
+                    ],
+                }),
+            });
+            return handleState(res);
+        }
+        catch (e) {
+            return {
+                loginState: LoginState.FAILURE,
+                error: e.message,
+                errorCode: e.details.applicationError?.code === MISSING_CAPTCHA
+                    ? 'missingCaptchaToken'
+                    : e.details.applicationError?.code === INVALID_CAPTCHA
+                        ? 'invalidCaptchaToken'
+                        : e.details.applicationError.code === INVALID_PASSWORD
+                            ? 'invalidPassword'
+                            : e.details.applicationError.code === RESET_PASSWORD
+                                ? 'resetPassword'
+                                : 'invalidEmail',
+            };
+        }
+    };
+    const processVerification = async (nextInputs, state) => {
+        const stateToUse = state ?? _state;
+        if (stateToUse.loginState === LoginState.EMAIL_VERIFICATION_REQUIRED) {
+            const code = nextInputs.verificationCode ?? nextInputs.code;
+            const res = await wixClientWithTokens.verification.verifyDuringAuthentication(code, { stateToken: stateToUse.data.stateToken });
+            return handleState(res);
+        }
+        return {
+            loginState: LoginState.FAILURE,
+            error: 'Unknown _state',
+        };
+    };
+    const getMemberTokensForDirectLogin = async (sessionToken) => {
+        const oauthPKCE = generatePKCE();
+        const { authUrl } = await getAuthorizationUrlWithOptions(oauthPKCE, 'web_message', 'none', sessionToken);
+        const iframePromise = addPostMessageListener(oauthPKCE.state);
+        const iframeEl = loadFrame(authUrl);
+        return iframePromise
+            .then((res) => {
+            return getMemberTokens(res.code, res.state, oauthPKCE);
+        })
+            .finally(() => {
+            if (document.body.contains(iframeEl)) {
+                iframeEl.parentElement?.removeChild(iframeEl);
+            }
+        });
+    };
+    const sendPasswordResetEmail = async (email, redirectUri) => {
+        await wixClientWithTokens.recovery.sendRecoveryEmail(email, {
+            redirect: { url: redirectUri, clientId: config.clientId },
+        });
+    };
+    const loggedIn = () => {
+        return _tokens.refreshToken.role === TokenRole.MEMBER;
+    };
+    return {
+        generateVisitorTokens,
+        renewToken,
+        parseFromUrl,
+        getAuthUrl,
+        getMemberTokens,
+        generateOAuthData,
+        getAuthHeaders,
+        setTokens,
+        getTokens: () => _tokens,
+        loggedIn,
+        logout,
+        register,
+        processVerification,
+        login,
+        getMemberTokensForDirectLogin,
+        sendPasswordResetEmail,
+        captchaInvisibleSiteKey: '6LdoPaUfAAAAAJphvHoUoOob7mx0KDlXyXlgrx5v',
+        captchaVisibleSiteKey: '6Ld0J8IcAAAAANyrnxzrRlX1xrrdXsOmsepUYosy',
+    };
+}
+const fetchTokens = async (payload) => {
+    const res = await fetch(`https://${API_URL}/oauth2/token`, {
+        method: 'POST',
+        body: JSON.stringify(payload),
+        headers: {
+            ...biHeaderGenerator({
+                entityFqdn: 'wix.identity.oauth.v1.refresh_token',
+                methodFqn: 'wix.identity.oauth2.v1.Oauth2Ng.Token',
+                packageName: '@wix/sdk',
+            }),
+            'Content-Type': 'application/json',
+        },
+    });
+    if (res.status !== 200) {
+        throw new Error('something went wrong');
+    }
+    const json = await res.json();
+    return json;
+};

package/build/esm/auth/oauth2/constants.d.ts

@@ -0,0 +1,5 @@
+export declare const MISSING_CAPTCHA = "-19971";
+export declare const INVALID_CAPTCHA = "-19970";
+export declare const EMAIL_EXISTS = "-19995";
+export declare const INVALID_PASSWORD = "-19976";
+export declare const RESET_PASSWORD = "-19973";

package/build/esm/auth/oauth2/constants.js

@@ -0,0 +1,5 @@
+export const MISSING_CAPTCHA = '-19971';
+export const INVALID_CAPTCHA = '-19970';
+export const EMAIL_EXISTS = '-19995';
+export const INVALID_PASSWORD = '-19976';
+export const RESET_PASSWORD = '-19973';

package/build/esm/auth/oauth2/pkce-challenge.d.ts

@@ -0,0 +1,5 @@
+export declare function pkceChallenge(length?: number): {
+    code_verifier: string;
+    code_challenge: string;
+};
+export declare function generateChallenge(code_verifier: string): string;