@wix/sdk 1.6.4 → 1.7.0

package/build/auth/WixAppOAuthStrategy.d.ts

@@ -18,6 +18,7 @@ export type WixAppOAuthStrategy = AuthenticationStrategy & {
  * @param opts.appId The Wix App ID
  * @param opts.appSecret The Wix App Secret
  * @param opts.refreshToken An optional refresh token previously retrieved from Wix OAuth API
+ * @param opts.publicKey An optional public key for validating webhook requests
  * @returns An authentication strategy that can be used with WixClient
  * @example
  * ```ts
@@ -49,6 +50,7 @@ export type WixAppOAuthStrategy = AuthenticationStrategy & {
  */
 export declare function WixAppOAuthStrategy(opts: {
     appId: string;
-    appSecret: string;
+    appSecret?: string;
+    publicKey?: string;
     refreshToken?: string;
 }): WixAppOAuthStrategy;

package/build/auth/WixAppOAuthStrategy.js

@@ -1,3 +1,4 @@
+import { verify } from 'jsonwebtoken';
 /**
  * Creates an authentication strategy for Wix Apps OAuth installation process.
  * Use this authentication strategy when making requests to Wix APIs from your Wix App backend.
@@ -5,6 +6,7 @@
  * @param opts.appId The Wix App ID
  * @param opts.appSecret The Wix App Secret
  * @param opts.refreshToken An optional refresh token previously retrieved from Wix OAuth API
+ * @param opts.publicKey An optional public key for validating webhook requests
  * @returns An authentication strategy that can be used with WixClient
  * @example
  * ```ts
@@ -42,6 +44,9 @@ export function WixAppOAuthStrategy(opts) {
             return `https://www.wix.com/installer/install?appId=${opts.appId}&redirectUrl=${redirectUrl}`;
         },
         async handleOAuthCallback(url, oauthOpts) {
+            if (!opts.appSecret) {
+                throw new Error('App secret is required for handling OAuth callback. Make sure to pass it to the WixAppOAuthStrategy');
+            }
             const params = new URLSearchParams(new URL(url).search);
             const state = params.get('state');
             if (state && oauthOpts?.state && state !== oauthOpts.state) {
@@ -79,6 +84,9 @@ export function WixAppOAuthStrategy(opts) {
             if (!refreshToken) {
                 throw new Error('Missing refresh token. Either pass it to the WixAppOAuthStrategy or use the handleOAuthCallback method to retrieve it.');
             }
+            if (!opts.appSecret) {
+                throw new Error('App secret is required for refreshing access tokens. Make sure to pass it to the WixAppOAuthStrategy');
+            }
             const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
                 method: 'POST',
                 headers: {
@@ -102,5 +110,15 @@ export function WixAppOAuthStrategy(opts) {
                 },
             };
         },
+        decodeJWT(token) {
+            if (!opts.publicKey) {
+                throw new Error('Missing public key. Make sure to pass it to the WixAppOAuthStrategy');
+            }
+            const decoded = verify(token, opts.publicKey);
+            return {
+                decoded,
+                valid: true,
+            };
+        },
     };
 }

package/build/auth/oauth2/OAuthStrategy.d.ts

@@ -1,6 +1,7 @@
 import { IOAuthStrategy, Tokens } from './types.js';
 export declare function OAuthStrategy(config: {
     clientId: string;
+    publicKey?: string;
     tokens?: Tokens;
 }): IOAuthStrategy;
 export interface TokenResponse {

package/build/auth/oauth2/OAuthStrategy.js

@@ -6,6 +6,7 @@ import { API_URL } from '../../common.js';
 import { LoginState, TokenRole, } from './types.js';
 import { addPostMessageListener, loadFrame } from '../../iframeUtils.js';
 import { EMAIL_EXISTS, INVALID_CAPTCHA, INVALID_PASSWORD, MISSING_CAPTCHA, RESET_PASSWORD, } from './constants.js';
+import { verify } from 'jsonwebtoken';
 import { biHeaderGenerator } from '../../bi/biHeaderGenerator.js';
 import { pkceChallenge } from './pkce-challenge.js';
 const moduleWithTokens = { redirects, authentication, recovery, verification };
@@ -334,6 +335,16 @@ export function OAuthStrategy(config) {
         sendPasswordResetEmail,
         captchaInvisibleSiteKey: '6LdoPaUfAAAAAJphvHoUoOob7mx0KDlXyXlgrx5v',
         captchaVisibleSiteKey: '6Ld0J8IcAAAAANyrnxzrRlX1xrrdXsOmsepUYosy',
+        decodeJWT(token) {
+            if (!config.publicKey) {
+                throw new Error('Missing public key. Make sure to pass it to the OAuthStrategy');
+            }
+            const decoded = verify(token, config.publicKey);
+            return {
+                decoded,
+                valid: true,
+            };
+        },
     };
 }
 const fetchTokens = async (payload) => {

package/build/wixClient.d.ts

@@ -1,4 +1,4 @@
-import { AuthenticationStrategy, BoundAuthenticationStrategy, BuildRESTFunction, Host, HostModule, HostModuleAPI, RESTFunctionDescriptor } from '@wix/sdk-types';
+import { AuthenticationStrategy, BoundAuthenticationStrategy, BuildRESTFunction, Host, HostModule, HostModuleAPI, RESTFunctionDescriptor, EventDefinition } from '@wix/sdk-types';
 import { ConditionalExcept, EmptyObject } from 'type-fest';
 import { AmbassadorFunctionDescriptor, BuildAmbassadorFunction } from './ambassador-modules.js';
 import { PublicMetadata } from './common.js';
@@ -60,7 +60,27 @@ export type WixClient<H extends Host<any> | undefined = undefined, Z extends Aut
         data: Result;
         errors?: GraphQLFormattedError[];
     }>;
+    webhooks: {
+        process<ExpectedEvents extends EventDefinition[] = []>(jwt: string, opts?: {
+            expectedEvents: ExpectedEvents;
+        }): ProcessedEvent<ExpectedEvents>;
+        processRequest<ExpectedEvents extends EventDefinition[] = []>(request: Request, opts?: {
+            expectedEvents: ExpectedEvents;
+        }): Promise<ProcessedEvent<ExpectedEvents>>;
+    };
 } & BuildDescriptors<T, H>;
+type ResolvePossibleEvents<T extends EventDefinition[]> = {
+    [K in keyof T]: T[K] extends EventDefinition ? {
+        eventType: T[K]['type'];
+        payload: T[K]['__payload'];
+    } : never;
+} extends (infer U)[] ? U : never;
+export type ProcessedEvent<T extends EventDefinition[] = []> = {
+    instanceId: string;
+} & (T['length'] extends 0 ? {
+    eventType: string;
+    payload: unknown;
+} : ResolvePossibleEvents<T>);
 export declare function createClient<H extends Host<any> | undefined = undefined, Z extends AuthenticationStrategy<H> = AuthenticationStrategy<H>, T extends Descriptors = EmptyObject>(config: {
     modules?: H extends Host<any> ? AssertHostMatches<T, H> : T;
     auth?: Z;

package/build/wixClient.js

@@ -6,9 +6,10 @@ import { buildRESTDescriptor } from './rest-modules.js';
 import { FetchErrorResponse } from './fetch-error.js';
 export function createClient(config) {
     const _headers = config.headers || { Authorization: '' };
-    const authStrategy = config.auth || {
-        getAuthHeaders: () => Promise.resolve({ headers: {} }),
-    };
+    const authStrategy = config.auth ||
+        {
+            getAuthHeaders: (_) => Promise.resolve({ headers: {} }),
+        };
     const boundGetAuthHeaders = authStrategy.getAuthHeaders.bind(undefined, config.host);
     authStrategy.getAuthHeaders = boundGetAuthHeaders;
     const boundFetch = async (url, options) => {
@@ -54,7 +55,9 @@ export function createClient(config) {
             _headers[k] = headers[k];
         }
     };
-    const wrappedModules = config.modules ? use(config.modules) : {};
+    const wrappedModules = config.modules
+        ? use(config.modules)
+        : {};
     return {
         ...wrappedModules,
         auth: authStrategy,
@@ -82,5 +85,37 @@ export function createClient(config) {
             const { data, errors } = await res.json();
             return { data: data ?? {}, errors };
         },
+        webhooks: {
+            process: (jwt, opts = {
+                expectedEvents: [],
+            }) => {
+                if (!authStrategy.decodeJWT) {
+                    throw new Error('decodeJWT is not supported by the authentication strategy');
+                }
+                const { decoded, valid } = authStrategy.decodeJWT(jwt);
+                if (!valid) {
+                    throw new Error('JWT is not valid');
+                }
+                const parsedDecoded = JSON.parse(decoded.data);
+                const eventType = parsedDecoded.eventType;
+                const instanceId = parsedDecoded.instanceId;
+                const payload = JSON.parse(parsedDecoded.data);
+                if (opts.expectedEvents.length > 0 &&
+                    !opts.expectedEvents.some(({ type }) => type === eventType)) {
+                    throw new Error(`Unexpected event type: ${eventType}. Expected one of: ${opts.expectedEvents
+                        .map((x) => x.type)
+                        .join(', ')}`);
+                }
+                return {
+                    instanceId,
+                    eventType,
+                    payload,
+                };
+            },
+            async processRequest(request, opts) {
+                const body = await request.text();
+                return this.process(body, opts);
+            },
+        },
     };
 }

package/cjs/build/auth/WixAppOAuthStrategy.d.ts

@@ -18,6 +18,7 @@ export type WixAppOAuthStrategy = AuthenticationStrategy & {
  * @param opts.appId The Wix App ID
  * @param opts.appSecret The Wix App Secret
  * @param opts.refreshToken An optional refresh token previously retrieved from Wix OAuth API
+ * @param opts.publicKey An optional public key for validating webhook requests
  * @returns An authentication strategy that can be used with WixClient
  * @example
  * ```ts
@@ -49,6 +50,7 @@ export type WixAppOAuthStrategy = AuthenticationStrategy & {
  */
 export declare function WixAppOAuthStrategy(opts: {
     appId: string;
-    appSecret: string;
+    appSecret?: string;
+    publicKey?: string;
     refreshToken?: string;
 }): WixAppOAuthStrategy;

package/cjs/build/auth/WixAppOAuthStrategy.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.WixAppOAuthStrategy = void 0;
+const jsonwebtoken_1 = require("jsonwebtoken");
 /**
  * Creates an authentication strategy for Wix Apps OAuth installation process.
  * Use this authentication strategy when making requests to Wix APIs from your Wix App backend.
@@ -8,6 +9,7 @@ exports.WixAppOAuthStrategy = void 0;
  * @param opts.appId The Wix App ID
  * @param opts.appSecret The Wix App Secret
  * @param opts.refreshToken An optional refresh token previously retrieved from Wix OAuth API
+ * @param opts.publicKey An optional public key for validating webhook requests
  * @returns An authentication strategy that can be used with WixClient
  * @example
  * ```ts
@@ -45,6 +47,9 @@ function WixAppOAuthStrategy(opts) {
             return `https://www.wix.com/installer/install?appId=${opts.appId}&redirectUrl=${redirectUrl}`;
         },
         async handleOAuthCallback(url, oauthOpts) {
+            if (!opts.appSecret) {
+                throw new Error('App secret is required for handling OAuth callback. Make sure to pass it to the WixAppOAuthStrategy');
+            }
             const params = new URLSearchParams(new URL(url).search);
             const state = params.get('state');
             if (state && oauthOpts?.state && state !== oauthOpts.state) {
@@ -82,6 +87,9 @@ function WixAppOAuthStrategy(opts) {
             if (!refreshToken) {
                 throw new Error('Missing refresh token. Either pass it to the WixAppOAuthStrategy or use the handleOAuthCallback method to retrieve it.');
             }
+            if (!opts.appSecret) {
+                throw new Error('App secret is required for refreshing access tokens. Make sure to pass it to the WixAppOAuthStrategy');
+            }
             const tokensRes = await fetch('https://www.wixapis.com/oauth/access', {
                 method: 'POST',
                 headers: {
@@ -105,6 +113,16 @@ function WixAppOAuthStrategy(opts) {
                 },
             };
         },
+        decodeJWT(token) {
+            if (!opts.publicKey) {
+                throw new Error('Missing public key. Make sure to pass it to the WixAppOAuthStrategy');
+            }
+            const decoded = (0, jsonwebtoken_1.verify)(token, opts.publicKey);
+            return {
+                decoded,
+                valid: true,
+            };
+        },
     };
 }
 exports.WixAppOAuthStrategy = WixAppOAuthStrategy;

package/cjs/build/auth/oauth2/OAuthStrategy.d.ts

@@ -1,6 +1,7 @@
 import { IOAuthStrategy, Tokens } from './types.js';
 export declare function OAuthStrategy(config: {
     clientId: string;
+    publicKey?: string;
     tokens?: Tokens;
 }): IOAuthStrategy;
 export interface TokenResponse {

package/cjs/build/auth/oauth2/OAuthStrategy.js

@@ -9,6 +9,7 @@ const common_js_1 = require("../../common.js");
 const types_js_1 = require("./types.js");
 const iframeUtils_js_1 = require("../../iframeUtils.js");
 const constants_js_1 = require("./constants.js");
+const jsonwebtoken_1 = require("jsonwebtoken");
 const biHeaderGenerator_js_1 = require("../../bi/biHeaderGenerator.js");
 const pkce_challenge_js_1 = require("./pkce-challenge.js");
 const moduleWithTokens = { redirects: redirects_1.redirects, authentication: identity_1.authentication, recovery: identity_1.recovery, verification: identity_1.verification };
@@ -337,6 +338,16 @@ function OAuthStrategy(config) {
         sendPasswordResetEmail,
         captchaInvisibleSiteKey: '6LdoPaUfAAAAAJphvHoUoOob7mx0KDlXyXlgrx5v',
         captchaVisibleSiteKey: '6Ld0J8IcAAAAANyrnxzrRlX1xrrdXsOmsepUYosy',
+        decodeJWT(token) {
+            if (!config.publicKey) {
+                throw new Error('Missing public key. Make sure to pass it to the OAuthStrategy');
+            }
+            const decoded = (0, jsonwebtoken_1.verify)(token, config.publicKey);
+            return {
+                decoded,
+                valid: true,
+            };
+        },
     };
 }
 exports.OAuthStrategy = OAuthStrategy;

package/cjs/build/wixClient.d.ts

@@ -1,4 +1,4 @@
-import { AuthenticationStrategy, BoundAuthenticationStrategy, BuildRESTFunction, Host, HostModule, HostModuleAPI, RESTFunctionDescriptor } from '@wix/sdk-types';
+import { AuthenticationStrategy, BoundAuthenticationStrategy, BuildRESTFunction, Host, HostModule, HostModuleAPI, RESTFunctionDescriptor, EventDefinition } from '@wix/sdk-types';
 import { ConditionalExcept, EmptyObject } from 'type-fest';
 import { AmbassadorFunctionDescriptor, BuildAmbassadorFunction } from './ambassador-modules.js';
 import { PublicMetadata } from './common.js';
@@ -60,7 +60,27 @@ export type WixClient<H extends Host<any> | undefined = undefined, Z extends Aut
         data: Result;
         errors?: GraphQLFormattedError[];
     }>;
+    webhooks: {
+        process<ExpectedEvents extends EventDefinition[] = []>(jwt: string, opts?: {
+            expectedEvents: ExpectedEvents;
+        }): ProcessedEvent<ExpectedEvents>;
+        processRequest<ExpectedEvents extends EventDefinition[] = []>(request: Request, opts?: {
+            expectedEvents: ExpectedEvents;
+        }): Promise<ProcessedEvent<ExpectedEvents>>;
+    };
 } & BuildDescriptors<T, H>;
+type ResolvePossibleEvents<T extends EventDefinition[]> = {
+    [K in keyof T]: T[K] extends EventDefinition ? {
+        eventType: T[K]['type'];
+        payload: T[K]['__payload'];
+    } : never;
+} extends (infer U)[] ? U : never;
+export type ProcessedEvent<T extends EventDefinition[] = []> = {
+    instanceId: string;
+} & (T['length'] extends 0 ? {
+    eventType: string;
+    payload: unknown;
+} : ResolvePossibleEvents<T>);
 export declare function createClient<H extends Host<any> | undefined = undefined, Z extends AuthenticationStrategy<H> = AuthenticationStrategy<H>, T extends Descriptors = EmptyObject>(config: {
     modules?: H extends Host<any> ? AssertHostMatches<T, H> : T;
     auth?: Z;

package/cjs/build/wixClient.js

@@ -9,9 +9,10 @@ const rest_modules_js_1 = require("./rest-modules.js");
 const fetch_error_js_1 = require("./fetch-error.js");
 function createClient(config) {
     const _headers = config.headers || { Authorization: '' };
-    const authStrategy = config.auth || {
-        getAuthHeaders: () => Promise.resolve({ headers: {} }),
-    };
+    const authStrategy = config.auth ||
+        {
+            getAuthHeaders: (_) => Promise.resolve({ headers: {} }),
+        };
     const boundGetAuthHeaders = authStrategy.getAuthHeaders.bind(undefined, config.host);
     authStrategy.getAuthHeaders = boundGetAuthHeaders;
     const boundFetch = async (url, options) => {
@@ -57,7 +58,9 @@ function createClient(config) {
             _headers[k] = headers[k];
         }
     };
-    const wrappedModules = config.modules ? use(config.modules) : {};
+    const wrappedModules = config.modules
+        ? use(config.modules)
+        : {};
     return {
         ...wrappedModules,
         auth: authStrategy,
@@ -85,6 +88,38 @@ function createClient(config) {
             const { data, errors } = await res.json();
             return { data: data ?? {}, errors };
         },
+        webhooks: {
+            process: (jwt, opts = {
+                expectedEvents: [],
+            }) => {
+                if (!authStrategy.decodeJWT) {
+                    throw new Error('decodeJWT is not supported by the authentication strategy');
+                }
+                const { decoded, valid } = authStrategy.decodeJWT(jwt);
+                if (!valid) {
+                    throw new Error('JWT is not valid');
+                }
+                const parsedDecoded = JSON.parse(decoded.data);
+                const eventType = parsedDecoded.eventType;
+                const instanceId = parsedDecoded.instanceId;
+                const payload = JSON.parse(parsedDecoded.data);
+                if (opts.expectedEvents.length > 0 &&
+                    !opts.expectedEvents.some(({ type }) => type === eventType)) {
+                    throw new Error(`Unexpected event type: ${eventType}. Expected one of: ${opts.expectedEvents
+                        .map((x) => x.type)
+                        .join(', ')}`);
+                }
+                return {
+                    instanceId,
+                    eventType,
+                    payload,
+                };
+            },
+            async processRequest(request, opts) {
+                const body = await request.text();
+                return this.process(body, opts);
+            },
+        },
     };
 }
 exports.createClient = createClient;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wix/sdk",
-  "version": "1.6.4",
+  "version": "1.7.0",
   "license": "UNLICENSED",
   "author": {
     "name": "Ronny Ringel",
@@ -58,11 +58,15 @@
     "*.{js,ts}": "yarn lint"
   },
   "dependencies": {
+    "@babel/runtime": "^7.23.2",
     "@wix/identity": "^1.0.71",
-    "@wix/image-kit": "^1.46.0",
+    "@wix/image-kit": "^1.49.0",
     "@wix/redirects": "^1.0.31",
-    "@wix/sdk-types": "^1.5.3",
+    "@wix/sdk-types": "^1.5.4",
     "crypto-js": "^4.2.0",
+    "jsonwebtoken": "^9.0.2",
+    "pkce-challenge": "^3.1.0",
+    "querystring": "^0.2.1",
     "type-fest": "^4.9.0"
   },
   "optionalDependencies": {
@@ -71,19 +75,21 @@
   "devDependencies": {
     "@types/crypto-js": "^4.2.1",
     "@types/is-ci": "^3.0.4",
+    "@types/jsonwebtoken": "^9.0.5",
     "@types/node": "^20.10.6",
-    "@wix/ecom": "^1.0.440",
-    "@wix/events": "^1.0.134",
+    "@vitest/ui": "^1.1.3",
+    "@wix/ecom": "^1.0.468",
+    "@wix/events": "^1.0.141",
     "@wix/metro": "^1.0.73",
-    "@wix/metro-runtime": "^1.1587.0",
+    "@wix/metro-runtime": "^1.1611.0",
     "eslint": "^8.56.0",
     "eslint-config-sdk": "0.0.0",
     "graphql": "^16.8.0",
     "is-ci": "^3.0.1",
     "jsdom": "^22.1.0",
-    "msw": "^2.0.11",
+    "msw": "^2.0.12",
     "typescript": "^5.3.3",
-    "vitest": "^0.34.6",
+    "vitest": "^1.1.3",
     "vitest-teamcity-reporter": "^0.2.2"
   },
   "yoshiFlowLibrary": {
@@ -109,5 +115,5 @@
   "wallaby": {
     "autoDetect": true
   },
-  "falconPackageHash": "16fe89900be2a97b0197aa9ae070fa9735a543d8affe31f1c1473037"
+  "falconPackageHash": "d7def5d521cd246af737cbbae2bf6712ccfa33ace5a4aaacee8af1b5"
 }