@zapier/zapier-sdk 0.13.6 → 0.13.8

package/src/api/auth.ts

@@ -1,28 +0,0 @@
-/**
- * Authentication Utilities
- *
- * This module provides utilities for handling authentication tokens,
- * including JWT detection and authorization header generation.
- */
-
-export function isJwt(token: string): boolean {
-  // JWT tokens have exactly 3 parts separated by dots
-  const parts = token.split(".");
-  if (parts.length !== 3) {
-    return false;
-  }
-
-  // Each part should be base64url encoded (no padding)
-  // Basic validation - each part should be non-empty and contain valid base64url characters
-  const base64UrlPattern = /^[A-Za-z0-9_-]+$/;
-  return parts.every((part) => part.length > 0 && base64UrlPattern.test(part));
-}
-
-export function getAuthorizationHeader(token: string): string {
-  // Check if token is a JWT (has 3 parts separated by dots)
-  if (isJwt(token)) {
-    return `JWT ${token}`;
-  }
-  // Default to Bearer for other token types
-  return `Bearer ${token}`;
-}

package/src/api/client.ts

@@ -1,491 +0,0 @@
-/**
- * API Client Implementation
- *
- * This module contains the core API client implementation, including
- * HTTP method handlers, response processing, and client factory functions.
- */
-
-import type {
-  ApiClient,
-  ApiClientOptions,
-  RequestOptions,
-  PollOptions,
-} from "./types";
-import { getAuthorizationHeader } from "./auth";
-import { createDebugLogger, createDebugFetch } from "./debug";
-import { pollUntilComplete } from "./polling";
-import { getTokenFromEnvOrConfig } from "../auth";
-import {
-  ZapierApiError,
-  ZapierAuthenticationError,
-  ZapierValidationError,
-  ZapierNotFoundError,
-  type ApiError,
-} from "../types/errors";
-
-// Configuration for path prefixes that should be treated as subdomains
-type SubdomainConfigMap = typeof SubdomainConfigMap;
-type SubdomainConfig = SubdomainConfigMap[keyof SubdomainConfigMap];
-const SubdomainConfigMap = {
-  // e.g. https://relay.zapier.com
-  relay: {
-    authHeader: "X-Relay-Authorization",
-  },
-} as const;
-
-class ZapierApiClient implements ApiClient {
-  constructor(
-    private readonly options: ApiClientOptions &
-      Required<Pick<ApiClientOptions, "fetch">>,
-  ) {}
-
-  // Helper to parse response data
-  private async parseResult<TOutput = unknown>(
-    response: Response,
-  ): Promise<{ type: "json"; data: TOutput } | { type: "text"; data: string }> {
-    try {
-      return { type: "json", data: await response.json() };
-    } catch {
-      return { type: "text", data: await response.text() };
-    }
-  }
-
-  // Helper to get a token from the different places it could be gotten
-  private async getAuthToken(): Promise<string | undefined> {
-    if (this.options.token) {
-      return this.options.token;
-    }
-    if (this.options.getToken) {
-      const token = await this.options.getToken();
-      if (token) {
-        return token;
-      }
-    }
-    return getTokenFromEnvOrConfig({
-      onEvent: this.options.onEvent,
-      fetch: this.options.fetch,
-    });
-  }
-
-  // Helper to handle responses
-  private async handleResponse<TOutput = unknown>(params: {
-    response: Response;
-    customErrorHandler?: RequestOptions["customErrorHandler"];
-    wasMissingAuthToken?: boolean;
-  }): Promise<string | TOutput> {
-    const { response, customErrorHandler, wasMissingAuthToken } = params;
-    const { data: responseData } = await this.parseResult<TOutput>(response);
-    if (response.ok) {
-      return responseData;
-    }
-
-    const errorInfo = {
-      status: response.status,
-      statusText: response.statusText,
-      data: responseData,
-    };
-
-    // Check for custom error handling first
-    if (customErrorHandler) {
-      const customError = customErrorHandler(errorInfo);
-      if (customError) {
-        // javascript may not respect customErrorHandler return type, so we need to throw a proper error if it's not an Error
-        if (customError instanceof Error) {
-          throw customError;
-        } else {
-          throw new Error(
-            `customErrorHandler returned a non-Error: ${JSON.stringify(customError)}`,
-          );
-        }
-      }
-    }
-
-    // Parse the error response
-    const { message, errors } = this.parseErrorResponse(errorInfo);
-
-    const errorOptions = {
-      statusCode: response.status,
-      errors,
-    };
-
-    // Use appropriate error type based on status code
-    if (response.status === 404) {
-      throw new ZapierNotFoundError(message, errorOptions);
-    }
-
-    if (response.status === 401 || response.status === 403) {
-      // If we get a 401/403 error and no auth token was provided, give helpful message
-      if (wasMissingAuthToken) {
-        throw new ZapierAuthenticationError(
-          `Authentication required (HTTP ${response.status}). Please provide a token in options or set ZAPIER_TOKEN environment variable.`,
-          errorOptions,
-        );
-      }
-      throw new ZapierAuthenticationError(message, errorOptions);
-    }
-
-    if (response.status === 400) {
-      throw new ZapierValidationError(message, errorOptions);
-    }
-
-    // Generic API error for other status codes
-    throw new ZapierApiError(message, errorOptions);
-  }
-
-  private hasErrorArray<TOutput = unknown>(
-    data: TOutput | string,
-  ): data is { errors: unknown[] } & Exclude<TOutput, string> {
-    return (
-      typeof data === "object" &&
-      data !== null &&
-      "errors" in data &&
-      Array.isArray(data.errors)
-    );
-  }
-
-  // Helper to check if data has API errors
-  private isApiErrorArray(dataArray: unknown[]): dataArray is ApiError[] {
-    const data = dataArray[0];
-    return (
-      typeof data === "object" &&
-      data !== null &&
-      "message" in data &&
-      "code" in data &&
-      "title" in data &&
-      "detail" in data
-    );
-  }
-
-  // Do our best to extract an error message from the response data
-  private extractErrorMessage<TOutput = unknown>(
-    data: TOutput | string,
-  ): string | undefined {
-    if (typeof data === "string") {
-      return data;
-    }
-    if (typeof data === "object" && data !== null) {
-      if ("message" in data && typeof data.message === "string") {
-        return data.message;
-      }
-      if ("error" in data) {
-        if (typeof data.error === "string") {
-          return data.error;
-        }
-        if (typeof data.error === "object" && data.error !== null) {
-          if (
-            "message" in data.error &&
-            typeof data.error.message === "string"
-          ) {
-            return data.error.message;
-          }
-        }
-        try {
-          return JSON.stringify(data.error);
-        } catch {
-          /* defend against circular objects, even though they shouldn't be coming back from the wire */
-        }
-      }
-      if ("errors" in data && Array.isArray(data.errors)) {
-        if (this.isApiErrorArray(data.errors)) {
-          return data.errors[0].detail || data.errors[0].title;
-        } else if (data.errors.length > 0) {
-          // Handle simple string errors array
-          const firstError = data.errors[0];
-          if (typeof firstError === "string") {
-            return firstError;
-          }
-          // For non-string errors, stringify them
-          try {
-            return JSON.stringify(firstError);
-          } catch {
-            return String(firstError);
-          }
-        }
-      }
-    }
-    return undefined;
-  }
-
-  // Helper to parse API error response
-  private parseErrorResponse<TOutput = unknown>(errorInfo: {
-    status: number;
-    statusText: string;
-    data: TOutput | string;
-  }): { message: string; errors?: ApiError[] } {
-    // If we can't parse data, use status text
-    const fallbackMessage = `HTTP ${errorInfo.status}: ${errorInfo.statusText}`;
-    try {
-      // Check if the response has the standard error format
-      if (typeof errorInfo.data === "string") {
-        return { message: `${fallbackMessage}: ${errorInfo.data}` };
-      }
-
-      const errorMessage =
-        this.extractErrorMessage(errorInfo.data) || fallbackMessage;
-
-      if (this.hasErrorArray(errorInfo.data)) {
-        if (this.isApiErrorArray(errorInfo.data.errors)) {
-          return {
-            message: errorMessage,
-            errors: errorInfo.data.errors,
-          };
-        } else {
-          return {
-            message: errorMessage,
-            errors: errorInfo.data.errors.map((e) => ({
-              status: errorInfo.status,
-              code: String(errorInfo.status),
-              title: errorInfo.statusText,
-              detail: JSON.stringify(e),
-            })),
-          };
-        }
-      }
-
-      return { message: errorMessage };
-    } catch {
-      return { message: fallbackMessage };
-    }
-  }
-
-  // Check if this is a path that needs subdomain routing
-  // e.g. /relay/workflows -> relay.zapier.com/workflows
-  private applySubdomainBehavior(path: string): {
-    url: URL;
-    subdomainConfig?: SubdomainConfig;
-  } {
-    const pathSegments = path.split("/").filter(Boolean);
-
-    if (pathSegments.length > 0 && pathSegments[0] in SubdomainConfigMap) {
-      // Transform paths to use subdomain routing
-      // /prefix/domain/path -> prefix.zapier.com/domain/path
-      const domainPrefix = pathSegments[0] as keyof typeof SubdomainConfigMap;
-      const subdomainConfig = SubdomainConfigMap[domainPrefix];
-      const originalBaseUrl = new URL(this.options.baseUrl);
-      const finalBaseUrl = `https://${domainPrefix}.${originalBaseUrl.hostname}`;
-      const pathWithoutPrefix = "/" + pathSegments.slice(1).join("/");
-      return { url: new URL(pathWithoutPrefix, finalBaseUrl), subdomainConfig };
-    }
-
-    return {
-      url: new URL(path, this.options.baseUrl),
-      subdomainConfig: undefined,
-    };
-  }
-
-  // Helper to build full URLs and return routing info
-  private buildUrl(
-    path: string,
-    searchParams?: Record<string, string>,
-  ): {
-    url: string;
-    subdomainConfig?: SubdomainConfig;
-  } {
-    const { url, subdomainConfig } = this.applySubdomainBehavior(path);
-    if (searchParams) {
-      Object.entries(searchParams).forEach(([key, value]) => {
-        url.searchParams.set(key, value);
-      });
-    }
-    return { url: url.toString(), subdomainConfig };
-  }
-
-  // Helper to build headers
-  private async buildHeaders(
-    options: RequestOptions = {},
-    subdomainConfig?: (typeof SubdomainConfigMap)[keyof typeof SubdomainConfigMap],
-  ): Promise<Headers> {
-    const headers = new Headers(options.headers ?? {});
-
-    // Even if auth is not required, we still want to add it in case it adds
-    // useful context to the API. The session is a good example of this. Auth
-    // is not required, but if we don't add auth, then we won't get the user's
-    // session!
-    const authToken = await this.getAuthToken();
-
-    if (authToken) {
-      const authHeaderName = subdomainConfig?.authHeader || "Authorization";
-      headers.set(authHeaderName, getAuthorizationHeader(authToken));
-    }
-
-    // If we know auth is required, and we don't have a token, throw an error
-    // before we even make a request.
-    if (options.authRequired) {
-      if (headers.get("Authorization") == null && authToken == null) {
-        throw new ZapierAuthenticationError(
-          `Authentication required but no token available. Please set ZAPIER_TOKEN, or run the 'login' command with the CLI.`,
-        );
-      }
-    }
-
-    return headers;
-  }
-
-  // Helper to perform HTTP requests with JSON handling
-  private async fetchJson<TOutput = unknown>(
-    method: string,
-    path: string,
-    data?: unknown,
-    options: RequestOptions = {},
-  ): Promise<TOutput> {
-    const headers = { ...options.headers };
-
-    // Add Content-Type for JSON requests with body data
-    if (data && typeof data === "object") {
-      headers["Content-Type"] = "application/json";
-    }
-
-    // Check if we have an auth token available
-    const wasMissingAuthToken =
-      options.authRequired && (await this.getAuthToken()) == null;
-
-    const response = await this.plainFetch(path, {
-      ...options,
-      method,
-      body: data != null ? JSON.stringify(data) : undefined,
-      headers,
-    });
-
-    // plainFetch already handled all auth and headers
-    const result = await this.handleResponse<TOutput>({
-      response,
-      customErrorHandler: options.customErrorHandler,
-      wasMissingAuthToken,
-    });
-
-    if (typeof result === "string") {
-      throw new ZapierValidationError(
-        `Response could not be parsed as JSON: ${result}`,
-      );
-    }
-
-    return result;
-  }
-
-  // Plain fetch method for API paths (must start with /)
-  private async plainFetch(
-    path: string,
-    fetchOptions?: RequestInit & {
-      searchParams?: Record<string, string>;
-      authRequired?: boolean;
-    },
-  ): Promise<Response> {
-    if (!path.startsWith("/")) {
-      throw new ZapierValidationError(
-        `plainFetch expects a path starting with '/', got: ${path}`,
-      );
-    }
-
-    if (fetchOptions?.body && typeof fetchOptions.body === "object") {
-      fetchOptions.body = JSON.stringify(fetchOptions.body);
-    }
-
-    const { url, subdomainConfig } = this.buildUrl(
-      path,
-      fetchOptions?.searchParams,
-    );
-
-    const builtHeaders = await this.buildHeaders(
-      fetchOptions as RequestOptions,
-      subdomainConfig,
-    );
-    const inputHeaders = new Headers(fetchOptions?.headers ?? {});
-
-    const mergedHeaders = new Headers();
-    builtHeaders.forEach((value, key) => {
-      mergedHeaders.set(key, value);
-    });
-    inputHeaders.forEach((value, key) => {
-      mergedHeaders.set(key, value);
-    });
-
-    return await this.options.fetch(url, {
-      ...fetchOptions,
-      headers: mergedHeaders,
-    });
-  }
-
-  public fetch = async (
-    path: string,
-    init?: RequestInit & {
-      searchParams?: Record<string, string>;
-      authRequired?: boolean;
-    },
-  ): Promise<Response> => {
-    return this.plainFetch(path, init);
-  };
-
-  public get = async <TOutput = unknown>(
-    path: string,
-    options: RequestOptions = {},
-  ): Promise<TOutput> => {
-    return this.fetchJson<TOutput>("GET", path, undefined, options);
-  };
-
-  public post = async <TOutput = unknown>(
-    path: string,
-    data?: unknown,
-    options: RequestOptions = {},
-  ): Promise<TOutput> => {
-    return this.fetchJson<TOutput>("POST", path, data, options);
-  };
-
-  public put = async <TOutput = unknown>(
-    path: string,
-    data?: unknown,
-    options: RequestOptions = {},
-  ): Promise<TOutput> => {
-    return this.fetchJson<TOutput>("PUT", path, data, options);
-  };
-
-  public delete = async <TOutput = unknown>(
-    path: string,
-    options: RequestOptions = {},
-  ): Promise<TOutput> => {
-    return this.fetchJson<TOutput>("DELETE", path, undefined, options);
-  };
-
-  public poll = async <TOutput = unknown>(
-    path: string,
-    options: PollOptions = {},
-  ): Promise<TOutput> => {
-    return pollUntilComplete<TOutput>({
-      fetchPoll: () =>
-        this.plainFetch(path, {
-          method: "GET",
-          searchParams: options.searchParams,
-          authRequired: options.authRequired,
-        }),
-      initialDelay: options.initialDelay,
-      timeoutMs: options.timeoutMs,
-      successStatus: options.successStatus,
-      pendingStatus: options.pendingStatus,
-      resultExtractor: options.resultExtractor as
-        | ((response: unknown) => TOutput)
-        | undefined,
-    });
-  };
-}
-
-export const createZapierApi = (options: ApiClientOptions): ApiClient => {
-  const {
-    baseUrl,
-    token,
-    getToken,
-    debug = false,
-    fetch: originalFetch = globalThis.fetch,
-    onEvent,
-  } = options;
-
-  const debugLog = createDebugLogger(debug);
-  const debugFetch = createDebugFetch({ originalFetch, debugLog });
-
-  return new ZapierApiClient({
-    baseUrl,
-    token,
-    getToken,
-    debug,
-    fetch: debugFetch,
-    onEvent,
-  });
-};

package/src/api/debug.test.ts

@@ -1,76 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { censorHeaders } from "./debug";
-
-describe("censorHeaders", () => {
-  it("should return undefined for undefined headers", () => {
-    expect(censorHeaders(undefined)).toBeUndefined();
-  });
-
-  it("should return headers unchanged for non-auth headers", () => {
-    const headers = {
-      "Content-Type": "application/json",
-      "User-Agent": "test",
-    };
-    const result = censorHeaders(headers);
-    // Headers API normalizes header names to lowercase
-    expect(result!["content-type"]).toBe("application/json");
-    expect(result!["user-agent"]).toBe("test");
-  });
-
-  it("should censor authorization header with Bearer prefix - long token", () => {
-    const headers = { authorization: "Bearer abcdef1234567890xyz" };
-    const result = censorHeaders(headers);
-
-    expect(result!.authorization).toBe("Bearer abcd...0xyz");
-  });
-
-  it("should censor authorization header with Bearer prefix - short token", () => {
-    const headers = { authorization: "Bearer short123" };
-    const result = censorHeaders(headers);
-
-    expect(result!.authorization).toBe("Bearer s...");
-  });
-
-  it("should censor x-api-key header - long token", () => {
-    const headers = { "x-api-key": "sk-1234567890abcdefghij" };
-    const result = censorHeaders(headers);
-
-    expect(result!["x-api-key"]).toBe("sk-1...ghij");
-  });
-
-  it("should censor x-api-key header - short token", () => {
-    const headers = { "x-api-key": "short" };
-    const result = censorHeaders(headers);
-
-    expect(result!["x-api-key"]).toBe("s...");
-  });
-
-  it("should handle Headers object input", () => {
-    const headers = new Headers();
-    headers.set("authorization", "Bearer verylongtoken123456789");
-
-    const result = censorHeaders(headers);
-    expect(result!.authorization).toBe("Bearer very...6789");
-  });
-
-  it("should handle mixed case authorization headers", () => {
-    const headers = { Authorization: "Bearer mixedcasetoken123" };
-    const result = censorHeaders(headers);
-
-    expect(result!.authorization).toBe("Bearer mixe...n123");
-  });
-
-  it("should preserve non-auth headers while censoring auth headers", () => {
-    const headers = {
-      "Content-Type": "application/json",
-      authorization: "Bearer shouldbecensored123456789",
-      "User-Agent": "test-agent",
-    };
-
-    const result = censorHeaders(headers);
-
-    expect(result!["content-type"]).toBe("application/json");
-    expect(result!["user-agent"]).toBe("test-agent");
-    expect(result!.authorization).toBe("Bearer shou...6789");
-  });
-});