npm - apinow-sdk - Versions diffs - 0.28.1 → 0.28.3 - Mend

apinow-sdk 0.28.1 → 0.28.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
+export declare const APINOW_SDK_VERSION = "0.28.3";
 export interface CallOptions {
     method?: 'GET' | 'POST' | 'PUT' | 'DELETE';
     body?: Record<string, any>;

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,22 @@
 import { x402Client, wrapFetchWithPayment } from '@x402/fetch';
 import { registerExactEvmScheme } from '@x402/evm/exact/client';
 import { privateKeyToAccount } from 'viem/accounts';
-const APINOW_BASE = 'https://apinow.fun';
+const APINOW_BASE = 'https://www.apinow.fun';
+export const APINOW_SDK_VERSION = '0.28.3';
+/**
+ * Default base URL. In a browser we prefer the current origin so that
+ * signed-auth writes stay same-origin and don't hit a CORS preflight
+ * (which then explodes on any apex↔www redirect the host performs).
+ * In Node we fall back to the canonical www host.
+ */
+function resolveDefaultBaseUrl() {
+    if (typeof globalThis !== 'undefined') {
+        const w = globalThis.window;
+        if (w?.location?.origin)
+            return w.location.origin;
+    }
+    return APINOW_BASE;
+}
 function isServerConfig(c) {
     return 'privateKey' in c && typeof c.privateKey === 'string';
 }
@@ -48,7 +63,7 @@ async function followRedirects(res) {
 }
 export function createClient(config) {
     const server = isServerConfig(config);
-    const baseUrl = config.baseUrl ?? APINOW_BASE;
+    const baseUrl = config.baseUrl ?? resolveDefaultBaseUrl();
     const customFetch = config.fetch;
     // Resolve address + signer from whichever config shape the caller passed.
     const account = server ? privateKeyToAccount(config.privateKey) : null;
@@ -90,9 +105,27 @@ export function createClient(config) {
         // raw newlines ("Failed to execute 'fetch' on 'Window': Invalid value").
         // Server parses via regex so space-separated works identically.
         const message = `APINow auth | address: ${address} | issuedAt: ${issuedAt} | nonce: ${nonce}`;
-        const signature = await signMessage(message);
+        const signature = String(await signMessage(message));
+        const authorization = `Bearer ${message}||${signature}||${address}`;
+        // Guard against any character that Chrome's fetch() rejects in header
+        // values — pre-throw with a readable message rather than letting the
+        // browser fail with the opaque "Invalid value" error.
+        const bad = /[\r\n\0]/;
+        if (bad.test(authorization)) {
+            const offender = bad.exec(authorization)?.[0];
+            // eslint-disable-next-line no-console
+            console.error('[apinow-sdk] bad char in Authorization header', {
+                messageLen: message.length,
+                sigLen: signature.length,
+                offenderCode: offender?.charCodeAt(0),
+                messagePreview: message.slice(0, 80),
+            });
+            throw new Error(`apinow-sdk: signed Authorization header contains a control char (code ${offender?.charCodeAt(0)}). ` +
+                `This usually means the wallet signer returned a malformed signature. ` +
+                `sigLen=${signature.length} messageLen=${message.length}`);
+        }
         return {
-            Authorization: `Bearer ${message}||${signature}||${address}`,
+            Authorization: authorization,
             'x-wallet-address': address,
         };
     }
@@ -102,15 +135,26 @@ export function createClient(config) {
      */
     async function authedFetch(url, init = {}) {
         const authHeaders = await signAuthHeader();
-        const res = await fetch(url, {
-            ...init,
-            headers: {
-                ...(init.body ? { 'Content-Type': 'application/json' } : {}),
-                ...authHeaders,
-                ...init.headers,
-            },
-        });
-        return res;
+        const headers = {
+            ...(init.body ? { 'Content-Type': 'application/json' } : {}),
+            ...authHeaders,
+            ...init.headers,
+        };
+        try {
+            return await fetch(url, { ...init, headers });
+        }
+        catch (err) {
+            // eslint-disable-next-line no-console
+            console.error('[apinow-sdk] authedFetch failed', {
+                sdkVersion: APINOW_SDK_VERSION,
+                url,
+                method: init.method || 'GET',
+                headerKeys: Object.keys(headers),
+                headerLens: Object.fromEntries(Object.entries(headers).map(([k, v]) => [k, String(v).length])),
+                err: err?.message,
+            });
+            throw err;
+        }
     }
     async function authedJson(url, init = {}) {
         const res = await authedFetch(url, init);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "apinow-sdk",
-  "version": "0.28.1",
+  "version": "0.28.3",
   "description": "Pay-per-call API SDK & CLI for APINow.fun — endpoints + workflows, wraps x402 so you don't have to",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",