@wix/sdk 1.5.9 → 1.6.1

package/cjs/build/auth/WixAppOAuthStrategy.d.ts

@@ -0,0 +1,54 @@
+import { AuthenticationStrategy } from '@wix/sdk-types';
+export type WixAppOAuthStrategy = AuthenticationStrategy & {
+    getInstallUrl({ redirectUrl }: {
+        redirectUrl: string;
+    }): string;
+    handleOAuthCallback(url: string, opts?: {
+        state: string;
+    }): Promise<{
+        instanceId: string;
+        accessToken: string;
+        refreshToken: string;
+    }>;
+};
+/**
+ * Creates an authentication strategy for Wix Apps OAuth installation process.
+ * Use this authentication strategy when making requests to Wix APIs from your Wix App backend.
+ * @param opts Options for initializing the authentication strategy
+ * @param opts.appId The Wix App ID
+ * @param opts.appSecret The Wix App Secret
+ * @param opts.refreshToken An optional refresh token previously retrieved from Wix OAuth API
+ * @returns An authentication strategy that can be used with WixClient
+ * @example
+ * ```ts
+ * import { WixAppOAuthStrategy, createClient } from '@wix/sdk';
+ * import { products } from '@wix/stores';
+ *
+ * const client = createClient({
+ *  auth: WixAppOAuthStrategy({
+ *   appId: 'appId',
+ *   appSecret: 'appSecret',
+ *  }),
+ *  modules: { products },
+ * });
+ *
+ * const installUrl = client.auth.getInstallUrl({ redirectUrl: 'https://example.com' });
+ * // Redirect the user to the installUrl
+ *
+ * ...
+ *
+ * // in the callback handler of your http server
+ * // req.url is the url of the callback request
+ * const { instanceId, refreshToken } = await client.auth.handleOAuthCallback(req.url);
+ *
+ * // store the instanceId and refreshToken in your database
+ * // use the authorized client
+ * const products = await client.products.queryProducts().find();
+ *
+ * ```
+ */
+export declare function WixAppOAuthStrategy(opts: {
+    appId: string;
+    appSecret: string;
+    refreshToken?: string;
+}): WixAppOAuthStrategy;

package/cjs/build/auth/WixAppOAuthStrategy.js

@@ -0,0 +1,110 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WixAppOAuthStrategy = void 0;
+/**
+ * Creates an authentication strategy for Wix Apps OAuth installation process.
+ * Use this authentication strategy when making requests to Wix APIs from your Wix App backend.
+ * @param opts Options for initializing the authentication strategy
+ * @param opts.appId The Wix App ID
+ * @param opts.appSecret The Wix App Secret
+ * @param opts.refreshToken An optional refresh token previously retrieved from Wix OAuth API
+ * @returns An authentication strategy that can be used with WixClient
+ * @example
+ * ```ts
+ * import { WixAppOAuthStrategy, createClient } from '@wix/sdk';
+ * import { products } from '@wix/stores';
+ *
+ * const client = createClient({
+ *  auth: WixAppOAuthStrategy({
+ *   appId: 'appId',
+ *   appSecret: 'appSecret',
+ *  }),
+ *  modules: { products },
+ * });
+ *
+ * const installUrl = client.auth.getInstallUrl({ redirectUrl: 'https://example.com' });
+ * // Redirect the user to the installUrl
+ *
+ * ...
+ *
+ * // in the callback handler of your http server
+ * // req.url is the url of the callback request
+ * const { instanceId, refreshToken } = await client.auth.handleOAuthCallback(req.url);
+ *
+ * // store the instanceId and refreshToken in your database
+ * // use the authorized client
+ * const products = await client.products.queryProducts().find();
+ *
+ * ```
+ */
+// eslint-disable-next-line @typescript-eslint/no-redeclare
+function WixAppOAuthStrategy(opts) {
+    let refreshToken = opts.refreshToken;
+    return {
+        getInstallUrl({ redirectUrl }) {
+            return `https://www.wix.com/installer/install?appId=${opts.appId}&redirectUrl=${redirectUrl}`;
+        },
+        async handleOAuthCallback(url, oauthOpts) {
+            const params = new URLSearchParams(new URL(url).search);
+            const state = params.get('state');
+            if (state && oauthOpts?.state && state !== oauthOpts.state) {
+                throw new Error(`Invalid OAuth callback URL. Expected state to be "${oauthOpts.state}" but got "${state}"`);
+            }
+            const code = params.get('code');
+            const instanceId = params.get('instanceId');
+            if (!code || !instanceId) {
+                throw new Error('Invalid OAuth callback URL. Make sure you pass the url including the code and instanceId query params.');
+            }
+            const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    code,
+                    client_id: opts.appId,
+                    client_secret: opts.appSecret,
+                    grant_type: 'authorization_code',
+                }),
+            });
+            if (tokensRes.status !== 200) {
+                throw new Error(`Failed to exchange authorization code for refresh token. Unexpected status code from Wix OAuth API: ${tokensRes.status}`);
+            }
+            const tokens = await tokensRes.json();
+            refreshToken = tokens.refresh_token;
+            return {
+                instanceId,
+                accessToken: tokens.access_token,
+                refreshToken: tokens.refresh_token,
+            };
+        },
+        async getAuthHeaders() {
+            if (!refreshToken) {
+                throw new Error('Missing refresh token. Either pass it to the WixAppOAuthStrategy or use the handleOAuthCallback method to retrieve it.');
+            }
+            const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    refresh_token: refreshToken,
+                    client_id: opts.appId,
+                    client_secret: opts.appSecret,
+                    grant_type: 'refresh_token',
+                }),
+            });
+            if (tokensRes.status !== 200) {
+                throw new Error(`Failed to exchange refresh token for access token. Unexpected status code from Wix OAuth API: ${tokensRes.status}`);
+            }
+            const tokens = (await tokensRes.json());
+            refreshToken = tokens.refresh_token;
+            return {
+                headers: {
+                    Authorization: tokens.access_token,
+                },
+            };
+        },
+    };
+}
+exports.WixAppOAuthStrategy = WixAppOAuthStrategy;

package/cjs/build/auth/oauth2/OAuthStrategy.d.ts

@@ -0,0 +1,12 @@
+import { IOAuthStrategy, Tokens } from './types.js';
+export declare function OAuthStrategy(config: {
+    clientId: string;
+    tokens?: Tokens;
+}): IOAuthStrategy;
+export interface TokenResponse {
+    access_token: string;
+    expires_in: number;
+    refresh_token: string | null;
+    token_type: string;
+    scope?: string | null;
+}

package/cjs/build/auth/oauth2/OAuthStrategy.js

@@ -0,0 +1,361 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthStrategy = void 0;
+const wixClient_js_1 = require("../../wixClient.js");
+const redirects_1 = require("@wix/redirects");
+const tokenHelpers_js_1 = require("../../tokenHelpers.js");
+const identity_1 = require("@wix/identity");
+const common_js_1 = require("../../common.js");
+const types_js_1 = require("./types.js");
+const iframeUtils_js_1 = require("../../iframeUtils.js");
+const constants_js_1 = require("./constants.js");
+const biHeaderGenerator_js_1 = require("../../bi/biHeaderGenerator.js");
+const pkce_challenge_js_1 = require("./pkce-challenge.js");
+const moduleWithTokens = { redirects: redirects_1.redirects, authentication: identity_1.authentication, recovery: identity_1.recovery, verification: identity_1.verification };
+function OAuthStrategy(config) {
+    const _tokens = config.tokens || {
+        accessToken: { value: '', expiresAt: 0 },
+        refreshToken: { value: '', role: types_js_1.TokenRole.NONE },
+    };
+    const setTokens = (tokens) => {
+        _tokens.accessToken = tokens.accessToken;
+        _tokens.refreshToken = tokens.refreshToken;
+    };
+    let _state = {
+        loginState: types_js_1.LoginState.INITIAL,
+    };
+    const getAuthHeaders = async () => {
+        if (!_tokens.accessToken?.value || (0, tokenHelpers_js_1.isTokenExpired)(_tokens.accessToken)) {
+            const tokens = await generateVisitorTokens({
+                refreshToken: _tokens.refreshToken,
+            });
+            setTokens(tokens);
+        }
+        return Promise.resolve({
+            headers: { Authorization: _tokens.accessToken.value },
+        });
+    };
+    const wixClientWithTokens = (0, wixClient_js_1.createClient)({
+        modules: moduleWithTokens,
+        auth: { getAuthHeaders },
+    });
+    const generateVisitorTokens = async (tokens) => {
+        if (tokens?.accessToken?.value &&
+            tokens?.refreshToken?.value &&
+            !(0, tokenHelpers_js_1.isTokenExpired)(tokens.accessToken)) {
+            return tokens;
+        }
+        if (tokens?.refreshToken?.value) {
+            try {
+                const newTokens = await renewToken(tokens.refreshToken);
+                return newTokens;
+            }
+            catch (e) {
+                // just continue and create a visitor one
+            }
+        }
+        const tokensResponse = await fetchTokens({
+            clientId: config.clientId,
+            grantType: 'anonymous',
+        });
+        return {
+            accessToken: (0, tokenHelpers_js_1.createAccessToken)(tokensResponse.access_token, tokensResponse.expires_in),
+            refreshToken: {
+                value: tokensResponse.refresh_token,
+                role: types_js_1.TokenRole.VISITOR,
+            },
+        };
+    };
+    const renewToken = async (refreshToken) => {
+        const tokensResponse = await fetchTokens({
+            refreshToken: refreshToken.value,
+            grantType: 'refresh_token',
+        });
+        const accessToken = (0, tokenHelpers_js_1.createAccessToken)(tokensResponse.access_token, tokensResponse.expires_in);
+        return {
+            accessToken,
+            refreshToken,
+        };
+    };
+    const generatePKCE = () => {
+        const pkceState = (0, pkce_challenge_js_1.pkceChallenge)();
+        return {
+            codeChallenge: pkceState.code_challenge,
+            codeVerifier: pkceState.code_verifier,
+            state: (0, pkce_challenge_js_1.pkceChallenge)().code_challenge,
+        };
+    };
+    const generateOAuthData = (redirectUri, originalUri) => {
+        const state = { redirectUri };
+        const pkceState = generatePKCE();
+        return {
+            ...state,
+            originalUri: originalUri ?? '',
+            codeChallenge: pkceState.codeChallenge,
+            codeVerifier: pkceState.codeVerifier,
+            state: (0, pkce_challenge_js_1.pkceChallenge)().code_challenge,
+        };
+    };
+    const getAuthorizationUrlWithOptions = async (oauthData, responseMode, prompt, sessionToken) => {
+        const { redirectSession } = await wixClientWithTokens.redirects.createRedirectSession({
+            auth: {
+                authRequest: {
+                    redirectUri: oauthData.redirectUri,
+                    ...(oauthData.redirectUri && {
+                        redirectUri: oauthData.redirectUri,
+                    }),
+                    clientId: config.clientId,
+                    codeChallenge: oauthData.codeChallenge,
+                    codeChallengeMethod: 'S256',
+                    responseMode,
+                    responseType: 'code',
+                    scope: 'offline_access',
+                    state: oauthData.state,
+                    ...(sessionToken && { sessionToken }),
+                },
+                prompt: redirects_1.redirects.Prompt[prompt],
+            },
+        });
+        return { authUrl: redirectSession.fullUrl };
+    };
+    const getAuthUrl = async (oauthData, opts = {
+        prompt: 'login',
+    }) => {
+        return getAuthorizationUrlWithOptions(oauthData, opts.responseMode ?? 'fragment', opts.prompt ?? 'login');
+    };
+    const parseFromUrl = (url, responseMode = 'fragment') => {
+        const parsedUrl = new URL(url ?? window.location.href);
+        const params = responseMode === 'query'
+            ? parsedUrl.searchParams
+            : new URLSearchParams(parsedUrl.hash.substring(1));
+        const code = params.get('code');
+        const state = params.get('state');
+        const error = params.get('error');
+        const errorDescription = params.get('error_description');
+        return { code, state, ...(error && { error, errorDescription }) };
+    };
+    const getMemberTokens = async (code, state, oauthData) => {
+        if (!code || !state) {
+            throw new Error('Missing code or _state');
+        }
+        else if (state !== oauthData.state) {
+            throw new Error('Invalid _state');
+        }
+        try {
+            const tokensResponse = await fetchTokens({
+                clientId: config.clientId,
+                grantType: 'authorization_code',
+                ...(oauthData.redirectUri && { redirectUri: oauthData.redirectUri }),
+                code,
+                codeVerifier: oauthData.codeVerifier,
+            });
+            return {
+                accessToken: (0, tokenHelpers_js_1.createAccessToken)(tokensResponse.access_token, tokensResponse.expires_in),
+                refreshToken: {
+                    value: tokensResponse.refresh_token,
+                    role: types_js_1.TokenRole.MEMBER,
+                },
+            };
+        }
+        catch (e) {
+            throw new Error('Failed to get member tokens');
+        }
+    };
+    const logout = async (originalUrl) => {
+        const { redirectSession } = await wixClientWithTokens.redirects.createRedirectSession({
+            logout: { clientId: config.clientId },
+            callbacks: {
+                postFlowUrl: originalUrl,
+            },
+        });
+        _tokens.accessToken = { value: '', expiresAt: 0 };
+        _tokens.refreshToken = { value: '', role: types_js_1.TokenRole.NONE };
+        return { logoutUrl: redirectSession.fullUrl };
+    };
+    const handleState = (response) => {
+        if (response.state === identity_1.authentication.StateType.SUCCESS) {
+            return {
+                loginState: types_js_1.LoginState.SUCCESS,
+                data: { sessionToken: response.sessionToken },
+            };
+        }
+        else if (response.state === identity_1.authentication.StateType.REQUIRE_OWNER_APPROVAL) {
+            return {
+                loginState: types_js_1.LoginState.OWNER_APPROVAL_REQUIRED,
+            };
+        }
+        else if (response.state === identity_1.authentication.StateType.REQUIRE_EMAIL_VERIFICATION) {
+            _state = {
+                loginState: types_js_1.LoginState.EMAIL_VERIFICATION_REQUIRED,
+                data: { stateToken: response.stateToken },
+            };
+            return _state;
+        }
+        return {
+            loginState: types_js_1.LoginState.FAILURE,
+            error: 'Unknown _state',
+        };
+    };
+    const register = async (params) => {
+        try {
+            const res = await wixClientWithTokens.authentication.registerV2({
+                email: params.email,
+            }, {
+                password: params.password,
+                profile: params.profile,
+                ...(params.captchaTokens && {
+                    captchaTokens: [
+                        {
+                            Recaptcha: params.captchaTokens?.recaptchaToken,
+                            InvisibleRecaptcha: params.captchaTokens?.invisibleRecaptchaToken,
+                        },
+                    ],
+                }),
+            });
+            return handleState(res);
+        }
+        catch (e) {
+            const emailValidation = e.details.validationError?.fieldViolations?.find((v) => v.data.type === 'EMAIL');
+            if (emailValidation) {
+                return {
+                    loginState: types_js_1.LoginState.FAILURE,
+                    error: emailValidation.description,
+                    errorCode: 'invalidEmail',
+                };
+            }
+            if (e.details.applicationError?.code === constants_js_1.MISSING_CAPTCHA) {
+                return {
+                    loginState: types_js_1.LoginState.FAILURE,
+                    error: e.message,
+                    errorCode: 'missingCaptchaToken',
+                };
+            }
+            if (e.details.applicationError?.code === constants_js_1.EMAIL_EXISTS) {
+                return {
+                    loginState: types_js_1.LoginState.FAILURE,
+                    error: e.message,
+                    errorCode: 'emailAlreadyExists',
+                };
+            }
+            if (e.details.applicationError?.code === constants_js_1.INVALID_CAPTCHA) {
+                return {
+                    loginState: types_js_1.LoginState.FAILURE,
+                    error: e.message,
+                    errorCode: 'invalidCaptchaToken',
+                };
+            }
+            return {
+                loginState: types_js_1.LoginState.FAILURE,
+                error: e.message,
+            };
+        }
+    };
+    const login = async (params) => {
+        try {
+            const res = await wixClientWithTokens.authentication.loginV2({
+                email: params.email,
+            }, {
+                password: params.password,
+                ...(params.captchaTokens && {
+                    captchaTokens: [
+                        {
+                            Recaptcha: params.captchaTokens?.recaptchaToken,
+                            InvisibleRecaptcha: params.captchaTokens?.invisibleRecaptchaToken,
+                        },
+                    ],
+                }),
+            });
+            return handleState(res);
+        }
+        catch (e) {
+            return {
+                loginState: types_js_1.LoginState.FAILURE,
+                error: e.message,
+                errorCode: e.details.applicationError?.code === constants_js_1.MISSING_CAPTCHA
+                    ? 'missingCaptchaToken'
+                    : e.details.applicationError?.code === constants_js_1.INVALID_CAPTCHA
+                        ? 'invalidCaptchaToken'
+                        : e.details.applicationError.code === constants_js_1.INVALID_PASSWORD
+                            ? 'invalidPassword'
+                            : e.details.applicationError.code === constants_js_1.RESET_PASSWORD
+                                ? 'resetPassword'
+                                : 'invalidEmail',
+            };
+        }
+    };
+    const processVerification = async (nextInputs, state) => {
+        const stateToUse = state ?? _state;
+        if (stateToUse.loginState === types_js_1.LoginState.EMAIL_VERIFICATION_REQUIRED) {
+            const code = nextInputs.verificationCode ?? nextInputs.code;
+            const res = await wixClientWithTokens.verification.verifyDuringAuthentication(code, { stateToken: stateToUse.data.stateToken });
+            return handleState(res);
+        }
+        return {
+            loginState: types_js_1.LoginState.FAILURE,
+            error: 'Unknown _state',
+        };
+    };
+    const getMemberTokensForDirectLogin = async (sessionToken) => {
+        const oauthPKCE = generatePKCE();
+        const { authUrl } = await getAuthorizationUrlWithOptions(oauthPKCE, 'web_message', 'none', sessionToken);
+        const iframePromise = (0, iframeUtils_js_1.addPostMessageListener)(oauthPKCE.state);
+        const iframeEl = (0, iframeUtils_js_1.loadFrame)(authUrl);
+        return iframePromise
+            .then((res) => {
+            return getMemberTokens(res.code, res.state, oauthPKCE);
+        })
+            .finally(() => {
+            if (document.body.contains(iframeEl)) {
+                iframeEl.parentElement?.removeChild(iframeEl);
+            }
+        });
+    };
+    const sendPasswordResetEmail = async (email, redirectUri) => {
+        await wixClientWithTokens.recovery.sendRecoveryEmail(email, {
+            redirect: { url: redirectUri, clientId: config.clientId },
+        });
+    };
+    const loggedIn = () => {
+        return _tokens.refreshToken.role === types_js_1.TokenRole.MEMBER;
+    };
+    return {
+        generateVisitorTokens,
+        renewToken,
+        parseFromUrl,
+        getAuthUrl,
+        getMemberTokens,
+        generateOAuthData,
+        getAuthHeaders,
+        setTokens,
+        getTokens: () => _tokens,
+        loggedIn,
+        logout,
+        register,
+        processVerification,
+        login,
+        getMemberTokensForDirectLogin,
+        sendPasswordResetEmail,
+        captchaInvisibleSiteKey: '6LdoPaUfAAAAAJphvHoUoOob7mx0KDlXyXlgrx5v',
+        captchaVisibleSiteKey: '6Ld0J8IcAAAAANyrnxzrRlX1xrrdXsOmsepUYosy',
+    };
+}
+exports.OAuthStrategy = OAuthStrategy;
+const fetchTokens = async (payload) => {
+    const res = await fetch(`https://${common_js_1.API_URL}/oauth2/token`, {
+        method: 'POST',
+        body: JSON.stringify(payload),
+        headers: {
+            ...(0, biHeaderGenerator_js_1.biHeaderGenerator)({
+                entityFqdn: 'wix.identity.oauth.v1.refresh_token',
+                methodFqn: 'wix.identity.oauth2.v1.Oauth2Ng.Token',
+                packageName: '@wix/sdk',
+            }),
+            'Content-Type': 'application/json',
+        },
+    });
+    if (res.status !== 200) {
+        throw new Error('something went wrong');
+    }
+    const json = await res.json();
+    return json;
+};

package/cjs/build/auth/oauth2/constants.d.ts

@@ -0,0 +1,5 @@
+export declare const MISSING_CAPTCHA = "-19971";
+export declare const INVALID_CAPTCHA = "-19970";
+export declare const EMAIL_EXISTS = "-19995";
+export declare const INVALID_PASSWORD = "-19976";
+export declare const RESET_PASSWORD = "-19973";

package/cjs/build/auth/oauth2/constants.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RESET_PASSWORD = exports.INVALID_PASSWORD = exports.EMAIL_EXISTS = exports.INVALID_CAPTCHA = exports.MISSING_CAPTCHA = void 0;
+exports.MISSING_CAPTCHA = '-19971';
+exports.INVALID_CAPTCHA = '-19970';
+exports.EMAIL_EXISTS = '-19995';
+exports.INVALID_PASSWORD = '-19976';
+exports.RESET_PASSWORD = '-19973';

package/cjs/build/auth/oauth2/pkce-challenge.d.ts

@@ -0,0 +1,5 @@
+export declare function pkceChallenge(length?: number): {
+    code_verifier: string;
+    code_challenge: string;
+};
+export declare function generateChallenge(code_verifier: string): string;

package/cjs/build/auth/oauth2/pkce-challenge.js

@@ -0,0 +1,41 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateChallenge = exports.pkceChallenge = void 0;
+const sha256_js_1 = __importDefault(require("crypto-js/sha256.js"));
+const enc_base64url_js_1 = __importDefault(require("crypto-js/enc-base64url.js"));
+function pkceChallenge(length) {
+    if (!length) {
+        length = 43;
+    }
+    if (length < 43 || length > 128) {
+        throw new Error(`Expected a length between 43 and 128. Received ${length}.`);
+    }
+    const verifier = generateVerifier(length);
+    const challenge = generateChallenge(verifier);
+    return {
+        code_verifier: verifier,
+        code_challenge: challenge,
+    };
+}
+exports.pkceChallenge = pkceChallenge;
+function generateVerifier(length) {
+    return random(length);
+}
+function generateChallenge(code_verifier) {
+    return (0, sha256_js_1.default)(code_verifier).toString(enc_base64url_js_1.default);
+}
+exports.generateChallenge = generateChallenge;
+function random(size) {
+    const mask = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~';
+    let result = '';
+    const randomUints = crypto.getRandomValues(new Uint8Array(size));
+    for (let i = 0; i < size; i++) {
+        // cap the value of the randomIndex to mask.length - 1
+        const randomIndex = randomUints[i] % mask.length;
+        result += mask[randomIndex];
+    }
+    return result;
+}