@zapier/zapier-sdk 0.3.0 → 0.4.0

package/package.json

@@ -1,9 +1,22 @@
 {
   "name": "@zapier/zapier-sdk",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Complete Zapier SDK - combines all Zapier SDK packages",
-  "main": "dist/index.js",
+  "main": "dist/index.cjs",
+  "module": "dist/index.mjs",
   "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.cjs"
+      },
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      }
+    }
+  },
   "keywords": [
     "zapier",
     "sdk",
@@ -18,18 +31,17 @@
     "access": "restricted"
   },
   "dependencies": {
-    "conf": "^14.0.0",
     "esbuild": "^0.25.5",
-    "jsonwebtoken": "^9.0.2",
     "zod": "^3.25.67"
   },
   "devDependencies": {
-    "@types/jsonwebtoken": "^9.0.10",
     "@types/node": "^24.0.1",
-    "typescript": "^5.8.3"
+    "tsup": "^8.5.0",
+    "typescript": "^5.8.3",
+    "@zapier/zapier-sdk-cli-login": "0.3.1"
   },
   "scripts": {
-    "build": "rm -rf dist && tsc --project tsconfig.build.json",
+    "build": "tsup",
     "clean": "rm -rf dist",
     "rebuild": "pnpm clean && pnpm build",
     "dev": "tsc --watch",

package/src/api/client.ts

@@ -14,7 +14,10 @@ import type {
 import { getAuthorizationHeader } from "./auth";
 import { createDebugLogger, createDebugFetch } from "./debug";
 import { pollUntilComplete } from "./polling";
-import { getTokenFromEnv } from "../auth";
+import { getTokenFromEnvOrConfig } from "../auth";
+
+// Set of path prefixes that should be treated as subdomains
+const SUBDOMAIN_PREFIXES = new Set(["relay"]);
 
 export function createZapierApi(options: ApiClientOptions): ApiClient {
   const {
@@ -23,6 +26,7 @@ export function createZapierApi(options: ApiClientOptions): ApiClient {
     getToken,
     debug = false,
     fetch: originalFetch = globalThis.fetch,
+    onEvent,
   } = options;
 
   const debugLog = createDebugLogger(debug);
@@ -33,7 +37,23 @@ export function createZapierApi(options: ApiClientOptions): ApiClient {
     path: string,
     searchParams?: Record<string, string>,
   ): string {
-    const url = new URL(path, baseUrl);
+    // Check if this is a path that needs subdomain routing
+    const pathSegments = path.split("/").filter(Boolean);
+    let finalBaseUrl = baseUrl;
+
+    if (pathSegments.length > 0 && SUBDOMAIN_PREFIXES.has(pathSegments[0])) {
+      // Transform paths to use subdomain routing
+      // /prefix/domain/path -> prefix.zapier.com/domain/path
+      const subdomain = pathSegments[0];
+      const baseUrlObj = new URL(baseUrl);
+      baseUrlObj.hostname = `${subdomain}.${baseUrlObj.hostname}`;
+      finalBaseUrl = baseUrlObj.toString();
+
+      // Remove the subdomain prefix from the path
+      path = "/" + pathSegments.slice(1).join("/");
+    }
+
+    const url = new URL(path, finalBaseUrl);
     if (searchParams) {
       Object.entries(searchParams).forEach(([key, value]) => {
         url.searchParams.set(key, value);
@@ -54,13 +74,16 @@ export function createZapierApi(options: ApiClientOptions): ApiClient {
     if (options.authRequired !== false) {
       let resolvedToken = token;
 
-      // Token resolution precedence: explicit token > getToken() > env var
+      // Token resolution precedence: explicit token > getToken() > env/config fallback
       if (!resolvedToken && getToken) {
         resolvedToken = await getToken();
       }
 
       if (!resolvedToken) {
-        resolvedToken = getTokenFromEnv();
+        resolvedToken = await getTokenFromEnvOrConfig({
+          onEvent,
+          fetch: originalFetch,
+        });
       }
 
       if (resolvedToken) {
@@ -75,6 +98,7 @@ export function createZapierApi(options: ApiClientOptions): ApiClient {
   async function handleResponse(
     response: Response,
     customErrorHandler?: (response: Response) => Error | undefined,
+    hadAuthToken?: boolean,
   ): Promise<any> {
     if (!response.ok) {
       // Check for custom error handling first
@@ -85,6 +109,13 @@ export function createZapierApi(options: ApiClientOptions): ApiClient {
         }
       }
 
+      // If we get a 4xx error and no auth token was provided, give helpful message
+      if (response.status >= 400 && response.status < 500 && !hadAuthToken) {
+        throw new Error(
+          `Authentication required (HTTP ${response.status}). Please provide a token in options or set ZAPIER_TOKEN environment variable.`,
+        );
+      }
+
       throw new Error(`HTTP ${response.status}: ${response.statusText}`);
     }
 
@@ -96,6 +127,38 @@ export function createZapierApi(options: ApiClientOptions): ApiClient {
     }
   }
 
+  // Plain fetch method that matches the standard fetch signature
+  async function plainFetch(
+    input: string | URL,
+    init?: RequestInit & {
+      searchParams?: Record<string, string>;
+      authRequired?: boolean;
+      customErrorHandler?: (response: Response) => Error | undefined;
+    },
+  ): Promise<Response> {
+    const url =
+      typeof input === "string" && !input.startsWith("http")
+        ? buildUrl(input, init?.searchParams)
+        : input.toString();
+
+    const headers = await buildHeaders(init as RequestOptions);
+
+    // Merge headers from init with our built headers
+    const finalHeaders = {
+      ...headers,
+      ...(init?.headers
+        ? init.headers instanceof Headers
+          ? Object.fromEntries(init.headers.entries())
+          : (init.headers as Record<string, string>)
+        : {}),
+    };
+
+    return await fetch(url, {
+      ...init,
+      headers: finalHeaders,
+    });
+  }
+
   // Helper to perform HTTP requests with JSON handling
   async function fetchJson(
     method: string,
@@ -103,21 +166,24 @@ export function createZapierApi(options: ApiClientOptions): ApiClient {
     data?: any,
     options: RequestOptions = {},
   ): Promise<any> {
-    const url = buildUrl(path, options.searchParams);
-    const headers = await buildHeaders(options);
+    const headers = { ...options.headers };
 
     // Add Content-Type for JSON requests with body data
     if (data && typeof data === "object") {
       headers["Content-Type"] = "application/json";
     }
 
-    const response = await fetch(url, {
+    const response = await plainFetch(path, {
       method,
-      headers,
       body: data ? JSON.stringify(data) : undefined,
+      headers,
+      searchParams: options.searchParams,
+      authRequired: options.authRequired,
+      customErrorHandler: options.customErrorHandler,
     });
 
-    return handleResponse(response, options.customErrorHandler);
+    const hadAuthToken = !!(await buildHeaders(options)).Authorization;
+    return handleResponse(response, options.customErrorHandler, hadAuthToken);
   }
 
   return {
@@ -162,13 +228,15 @@ export function createZapierApi(options: ApiClientOptions): ApiClient {
       });
     },
 
-    requireAuthTo(operation: string): void {
-      // Check if any authentication method is available
-      if (!token && !getToken && !getTokenFromEnv()) {
-        throw new Error(
-          `Authentication token is required to ${operation}. Please provide token in options or set ZAPIER_TOKEN environment variable.`,
-        );
-      }
+    async fetch(
+      input: string | URL,
+      init?: RequestInit & {
+        searchParams?: Record<string, string>;
+        authRequired?: boolean;
+        customErrorHandler?: (response: Response) => Error | undefined;
+      },
+    ): Promise<Response> {
+      return plainFetch(input, init);
     },
   };
 }

package/src/api/types.ts

@@ -16,6 +16,7 @@ export interface ApiClientOptions {
   getToken?: () => Promise<string | undefined>;
   debug?: boolean;
   fetch?: typeof globalThis.fetch;
+  onEvent?: (event: any) => void;
 }
 
 export interface ApiClient {
@@ -24,7 +25,14 @@ export interface ApiClient {
   put: (path: string, data?: any, options?: RequestOptions) => Promise<any>;
   delete: (path: string, options?: RequestOptions) => Promise<any>;
   poll: (path: string, options?: PollOptions) => Promise<any>;
-  requireAuthTo: (operation: string) => void;
+  fetch: (
+    input: string | URL,
+    init?: RequestInit & {
+      searchParams?: Record<string, string>;
+      authRequired?: boolean;
+      customErrorHandler?: (response: Response) => Error | undefined;
+    },
+  ) => Promise<Response>;
 }
 
 export interface RequestOptions {

package/src/auth.ts

@@ -1,14 +1,11 @@
 /**
  * SDK Authentication Utilities
  *
- * This module provides SDK-level authentication utilities, including
- * token acquisition, refresh, and user information extraction.
+ * This module provides SDK-level authentication utilities focused
+ * solely on token acquisition. CLI-specific functionality like login/logout
+ * is handled by the @zapier/zapier-sdk-cli-login package.
  */
 
-// Import type { RequestOptions } from "./api/types"; // Commented out - not used yet
-
-let config: any;
-
 // Import event types from common location
 import type { EventCallback } from "./types/events";
 
@@ -27,194 +24,37 @@ export interface AuthOptions {
   fetch?: typeof globalThis.fetch;
 }
 
-// JWT payload interfaces
-interface JwtPayload {
-  payload: Record<string, any>;
-}
-
-export interface LoginData {
-  access_token: string;
-  refresh_token: string;
-  expires_in: number;
-}
-
-// Constants needed for token refresh
-const ZAPIER_BASE = "https://zapier.com";
-const LOGIN_CLIENT_ID = "K5eEnRE9TTmSFATdkkWhKF8NOKwoiOnYAyIqJjae";
-const AUTH_MODE_HEADER = "X-Auth";
-
-// Utility functions for config management
-function getConfig() {
-  if (!config) {
-    const ConfModule = require("conf");
-    const Conf = ConfModule.default || ConfModule;
-    config = new Conf({ projectName: "zapier-sdk-cli" });
-  }
-  return config;
-}
-
-export function updateLogin(loginData: LoginData): void {
-  const cfg = getConfig();
-  cfg.set("login_jwt", loginData.access_token);
-  cfg.set("login_refresh_token", loginData.refresh_token);
-  cfg.set("login_expires_at", Date.now() + loginData.expires_in * 1000);
-}
-
-function clearLogin(): void {
-  const cfg = getConfig();
-  cfg.delete("login_jwt");
-  cfg.delete("login_refresh_token");
-  cfg.delete("login_expires_at");
-}
-
-// JWT utility functions
-function decodeJwtOrThrow(jwt: unknown): JwtPayload {
-  if (typeof jwt !== "string") {
-    throw new Error("Expected JWT to be a string");
-  }
-
-  let jsonwebtoken: any;
-  try {
-    jsonwebtoken = require("jsonwebtoken");
-  } catch {
-    throw new Error(
-      "jsonwebtoken not available - this function requires CLI dependencies",
-    );
-  }
-
-  const decodedJwt = jsonwebtoken.decode(jwt, { complete: true });
-
-  if (!decodedJwt) {
-    throw new Error("Could not decode JWT");
-  }
-
-  if (typeof decodedJwt.payload === "string") {
-    throw new Error("Did not expect JWT payload to be a string");
-  }
-
-  return decodedJwt;
-}
-
 /**
- * Refreshes an expired JWT token using the refresh token.
- * Returns the new access token or throws an error.
+ * Gets the ZAPIER_TOKEN from environment variables.
+ * Returns undefined if not set.
  */
-async function refreshJwt(
-  refreshToken: string,
-  options: AuthOptions = {},
-): Promise<string> {
-  const { onEvent, fetch = globalThis.fetch } = options;
-
-  try {
-    onEvent?.({
-      type: "auth_refreshing",
-      payload: {
-        message: "Refreshing your token...",
-        operation: "token_refresh",
-      },
-      timestamp: Date.now(),
-    });
-
-    const response = await fetch(`${ZAPIER_BASE}/oauth/token/`, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/x-www-form-urlencoded",
-        [AUTH_MODE_HEADER]: "no",
-      },
-      body: new URLSearchParams({
-        client_id: LOGIN_CLIENT_ID,
-        refresh_token: refreshToken,
-        grant_type: "refresh_token",
-      }),
-    });
-
-    if (!response.ok) {
-      throw new Error(
-        `Token refresh failed: ${response.status} ${response.statusText}`,
-      );
-    }
-
-    const data: LoginData = await response.json();
-
-    // Update stored login data
-    updateLogin(data);
-
-    onEvent?.({
-      type: "auth_success",
-      payload: {
-        message: "Token refreshed successfully",
-        operation: "token_refresh",
-      },
-      timestamp: Date.now(),
-    });
-    return data.access_token;
-  } catch (error) {
-    // If refresh fails, clear stored login
-    clearLogin();
-    const errorMessage = `Token refresh failed: ${error instanceof Error ? error.message : "Unknown error"}`;
-    onEvent?.({
-      type: "auth_error",
-      payload: {
-        message: errorMessage,
-        error: errorMessage,
-        operation: "token_refresh",
-      },
-      timestamp: Date.now(),
-    });
-    throw error;
-  }
+export function getTokenFromEnv(): string | undefined {
+  return process.env.ZAPIER_TOKEN;
 }
 
 /**
- * Attempts to read a valid JWT token from the CLI configuration.
- * Automatically refreshes expired tokens when possible.
- * Returns undefined if no valid token is found or refresh fails.
+ * Attempts to get a token by optionally importing from CLI login package.
+ * This provides a graceful fallback when the CLI login package is not available.
+ *
+ * Returns undefined if no valid token is found or CLI package is not available.
  */
-export async function getTokenFromConfig(
+export async function getTokenFromCliLogin(
   options: AuthOptions = {},
 ): Promise<string | undefined> {
   try {
-    const cfg = getConfig();
-
-    const jwt = cfg.get("login_jwt") as string | undefined;
-    const refreshToken = cfg.get("login_refresh_token") as string | undefined;
-    const expiresAt = cfg.get("login_expires_at") as number | undefined;
-
-    // Check if we have all required fields
-    if (!jwt || !refreshToken || !expiresAt) {
-      return undefined;
-    }
-
-    // Check if token is still valid (with 30 second buffer)
-    if (expiresAt > Date.now() + 30 * 1000) {
-      return jwt;
-    }
-
-    // Token is expired - attempt to refresh
-    try {
-      return await refreshJwt(refreshToken, options);
-    } catch {
-      // If refresh fails, return undefined
-      return undefined;
-    }
+    // Dynamically import the CLI login package if available
+    const { getToken } = await import("@zapier/zapier-sdk-cli-login");
+    return await getToken(options);
   } catch {
-    // If conf is not available or any other error occurs, return undefined
+    // CLI login package is not available, return undefined
     return undefined;
   }
 }
 
-/**
- * Gets the ZAPIER_TOKEN from environment variables.
- * Returns undefined if not set.
- */
-export function getTokenFromEnv(): string | undefined {
-  return process.env.ZAPIER_TOKEN;
-}
-
 /**
  * Attempts to get a token with the following precedence:
  * 1. ZAPIER_TOKEN environment variable
- * 2. Valid JWT from CLI configuration (with auto-refresh)
+ * 2. CLI login package (if available) with auto-refresh
  *
  * Returns undefined if no valid token is found.
  */
@@ -227,114 +67,6 @@ export async function getTokenFromEnvOrConfig(
     return envToken;
   }
 
-  // Second priority: CLI configuration (with auto-refresh)
-  return getTokenFromConfig(options);
-}
-
-/**
- * Gets the current JWT token, refreshing if necessary.
- * Returns undefined if no valid token is available.
- */
-export async function getValidJwt(
-  options: AuthOptions = {},
-): Promise<string | undefined> {
-  try {
-    const cfg = getConfig();
-
-    const jwt = cfg.get("login_jwt") as string | undefined;
-    const refreshToken = cfg.get("login_refresh_token") as string | undefined;
-    const expiresAt = cfg.get("login_expires_at") as number | undefined;
-
-    // Check if we have all required fields
-    if (!jwt || !refreshToken || !expiresAt) {
-      return undefined;
-    }
-
-    // Check if token is still valid (with 30 second buffer)
-    if (expiresAt > Date.now() + 30 * 1000) {
-      return jwt;
-    }
-
-    // Token is expired - attempt to refresh
-    return await refreshJwt(refreshToken, options);
-  } catch {
-    return undefined;
-  }
-}
-
-/**
- * Gets the logged-in user information from JWT token.
- * Automatically refreshes token if expired.
- */
-export async function getLoggedInUser(options: AuthOptions = {}): Promise<{
-  accountId: number;
-  customUserId: number;
-  email: string;
-}> {
-  const jwt = await getValidJwt(options);
-
-  if (!jwt) {
-    throw new Error(
-      "No valid authentication token available. Please login first.",
-    );
-  }
-
-  let decodedJwt = decodeJwtOrThrow(jwt);
-
-  if (decodedJwt.payload["sub_type"] == "service") {
-    decodedJwt = decodeJwtOrThrow(decodedJwt.payload["njwt"]);
-  }
-
-  if (typeof decodedJwt.payload["zap:acc"] !== "string") {
-    throw new Error("JWT payload does not contain accountId");
-  }
-
-  const accountId = parseInt(decodedJwt.payload["zap:acc"], 10);
-  if (isNaN(accountId)) {
-    throw new Error("JWT accountId is not a number");
-  }
-
-  if (
-    decodedJwt.payload["sub_type"] !== "customuser" ||
-    typeof decodedJwt.payload["sub"] !== "string"
-  ) {
-    throw new Error("JWT payload does not contain customUserId");
-  }
-
-  const customUserId = parseInt(decodedJwt.payload["sub"], 10);
-  if (isNaN(customUserId)) {
-    throw new Error("JWT customUserId is not a number");
-  }
-
-  const email = decodedJwt.payload["zap:uname"];
-  if (typeof email !== "string") {
-    throw new Error("JWT payload does not contain email");
-  }
-
-  return {
-    accountId,
-    customUserId,
-    email,
-  };
-}
-
-/**
- * Clears stored login information.
- */
-export function logout(options: Pick<AuthOptions, "onEvent"> = {}): void {
-  const { onEvent } = options;
-  clearLogin();
-  onEvent?.({
-    type: "auth_logout",
-    payload: { message: "Logged out successfully", operation: "logout" },
-    timestamp: Date.now(),
-  });
-}
-
-/**
- * Gets the path to the configuration file.
- */
-export function getConfigPath(): string {
-  const cfg = getConfig();
-  return cfg.path;
+  // Second priority: CLI login package (if available)
+  return getTokenFromCliLogin(options);
 }