roboto-js 1.7.1 → 1.7.5

package/src/index.js

@@ -3,11 +3,13 @@ import RbtApi from './rbt_api.js';
 import RbtObject from './rbt_object.js';
 import RbtFile from './rbt_file.js';
 import RbtMetricsApi from './rbt_metrics_api.js';
+import CookieStorageAdaptor from './cookie_storage_adaptor.js';
 
 export {
     RbtApi,
     RbtObject,
-    RbtFile
+    RbtFile,
+    CookieStorageAdaptor
     //User,
     //Site
 };
@@ -15,10 +17,10 @@ export {
 export default class Roboto{
 
   getVersion(){
-    return '1.7.0';
+    return '1.7.3';
   }
 
-  constructor({ host, accessKey, localStorageAdaptor, disableWebSocket = false, metricsHost }, proxyReq = null) {
+  constructor({ host, accessKey, localStorageAdaptor, disableWebSocket = false, metricsHost, useCookies = true }, proxyReq = null) {
 
     if (Roboto.instance && !proxyReq) {
       // if on client, there can only be one instance
@@ -28,10 +30,30 @@ export default class Roboto{
 
     const isBrowser = typeof window !== "undefined";
     this.data = {};
+    
+    // Auto-configure storage adaptor
+    let storageAdaptor = localStorageAdaptor;
+    if (!storageAdaptor && isBrowser && useCookies) {
+      // Use cookies by default in browser for better server-side compatibility
+      storageAdaptor = new CookieStorageAdaptor({
+        secure: window.location.protocol === 'https:',
+        sameSite: 'Lax',
+        maxAge: 24 * 60 * 60 // 24 hours
+      });
+      console.log('[Roboto] Using CookieStorageAdaptor for authentication tokens');
+      
+      // Set accessKey for server-side authentication (handled automatically by adapter)
+      if (accessKey) {
+        storageAdaptor.setItem('accessKey', accessKey).catch(e => 
+          console.warn('[Roboto] Failed to set accessKey cookie:', e)
+        );
+      }
+    }
+    
     this.config = {
       accessKey: accessKey, // Use passed accessKey
       baseUrl: `https://${host}`, // Use passed host
-      localStorageAdaptor: localStorageAdaptor
+      localStorageAdaptor: storageAdaptor
     };
 
     // DEVELOPMENT
@@ -58,6 +80,12 @@ export default class Roboto{
     this.api = new RbtApi(this.config);
     if (isBrowser) {
       this.api.initLocalDb();
+      
+      // Add global debug method for cookie storage adapter
+      if (this.config.localStorageAdaptor && this.config.localStorageAdaptor.debugState) {
+        window.debugRobotoCookies = () => this.config.localStorageAdaptor.debugState();
+        console.log('[Roboto] Added global debug method: window.debugRobotoCookies()');
+      }
     }
 
     // METRICS API instance (separate host or same)
@@ -155,7 +183,15 @@ export default class Roboto{
     return this.api.loginWithOauth(params);
   }
   async logout(){
-    return this.api.logout();
+    const result = await this.api.logout();
+    
+    // Clear accessKey and authtoken using standard localStorage interface
+    if (this.config.localStorageAdaptor) {
+      await this.config.localStorageAdaptor.removeItem('accessKey');
+      await this.config.localStorageAdaptor.removeItem('authtoken');
+    }
+    
+    return result;
   }
   async refreshAuthToken(){
     return this.api.refreshAuthToken(this.config.authtoken);

package/src/rbt_api.js

@@ -43,26 +43,9 @@ export default class RbtApi {
       };
     }
 
-    // Synchronous browser hydration: set auth header and in-memory user immediately
-    if (typeof localStorage !== 'undefined') {
-      try {
-        const token = localStorage.getItem('authtoken');
-        if (token) {
-          this.authtoken = token;
-          this.axios.defaults.headers.common['authtoken'] = token;
-        }
-      } catch {}
-      try {
-        const cachedUser = localStorage.getItem('rbtUser');
-        if (cachedUser) {
-          const parsed = JSON.parse(cachedUser);
-          if (parsed && parsed.id) {
-            this.currentUser = new RbtUser({ id: parsed.id }, this.axios);
-            this.currentUser.setData(parsed);
-          }
-        }
-      } catch {}
-    }
+    // Asynchronous browser hydration: set auth header and in-memory user
+    // Use storage adaptor if available, otherwise fallback to localStorage
+    this._initializeFromStorage().catch(e => console.warn('[RbtApi] Storage initialization failed:', e));
     this.localDb = null;
     this.iac_session = null;
     this.appServiceHost = baseUrl;
@@ -77,6 +60,52 @@ export default class RbtApi {
     
   }
 
+  // Initialize authtoken and user from storage (cookies or localStorage)
+  async _initializeFromStorage() {
+    if (!this.localStorageAdaptor) return;
+    
+    try {
+      // Try to get authtoken from storage adaptor (prefixed: rbt_authtoken)
+      let token = await this.localStorageAdaptor.getItem('authtoken');
+      
+      // If not found in prefixed storage, try raw cookie (like accessKey)
+      if (!token && typeof document !== 'undefined') {
+        // Try to get from raw cookie
+        const cookies = document.cookie.split(';');
+        for (let cookie of cookies) {
+          const [name, value] = cookie.trim().split('=');
+          if (name === 'authtoken') {
+            token = decodeURIComponent(value);
+            break;
+          }
+        }
+      }
+      
+      if (token) {
+        this.authtoken = token;
+        this.axios.defaults.headers.common['authtoken'] = token;
+        console.log('[RbtApi] Loaded authtoken from storage adaptor');
+      }
+    } catch (e) {
+      console.warn('[RbtApi] Failed to load authtoken from storage adaptor:', e);
+    }
+    
+    try {
+      // Try to get user from storage adaptor
+      const cachedUser = await this.localStorageAdaptor.getItem('rbtUser');
+      if (cachedUser) {
+        const parsed = typeof cachedUser === 'string' ? JSON.parse(cachedUser) : cachedUser;
+        if (parsed && parsed.id) {
+          this.currentUser = new RbtUser({ id: parsed.id }, this.axios);
+          this.currentUser.setData(parsed);
+          console.log('[RbtApi] Loaded user from storage adaptor');
+        }
+      }
+    } catch (e) {
+      console.warn('[RbtApi] Failed to load user from storage adaptor:', e);
+    }
+  }
+
   getWebSocketClient() {
     // Reuse existing WebSocket if it's OPEN or CONNECTING (to prevent race condition)
     if (this.websocketClient && 
@@ -277,6 +306,8 @@ export default class RbtApi {
         if (this.iac_session?.user) {
           await this.localStorageAdaptor.setItem('rbtUser', JSON.stringify(this.iac_session.user));
         }
+        
+        // authtoken is automatically stored for server-side access by the adapter
       }
 
       return response.data;
@@ -662,6 +693,10 @@ export default class RbtApi {
    * - limit: An object to control the pagination of results. It includes:
    *    - offset: The starting point from where to fetch the results.
    *    - results: The maximum number of results to return.
+   * - requestAttrs: An array of attribute paths to include in the response (e.g., ['id', 'configs.title', 'configs.description']).
+   *                 If not provided, all attributes are returned.
+   * - excludeAttrs: An array of attribute paths to exclude from the response (e.g., ['details.log', 'internalData']).
+   *                 Excludes the specified paths and all their subpaths.
    * - resolveReferences: An array of attribute names whose references should be resolved in the returned objects.
    * - timeout: A numerical value in milliseconds to set a maximum time limit for the query execution.
    *
@@ -670,6 +705,8 @@ export default class RbtApi {
    *     where: 'email="tom@pospa.com"',
    *     orderBy: { column: 'timeCreated', direction: 'DESC' },
    *     limit: { offset: 0, results: 50 },
+   *     requestAttrs: ['id', 'configs.title'],
+   *     excludeAttrs: ['details.log'],
    *     resolveReferences: ['translatableContent']
    *   });
    *
@@ -681,6 +718,19 @@ export default class RbtApi {
     let paramsKey;
     try {
       //console.log('RBTAPI.query INIT', type, params);
+      
+      // Validate parameters - reject invalid parameter names
+      const validParams = ['type', 'where', 'orderBy', 'limit', 'resolveReferences', 'requestAttrs', 'excludeAttrs', 'timeout', 'enableRealtime'];
+      const invalidParams = Object.keys(params).filter(key => !validParams.includes(key));
+      if (invalidParams.length > 0) {
+        throw new Error(`Invalid query parameter(s): ${invalidParams.join(', ')}. Valid parameters are: ${validParams.join(', ')}`);
+      }
+      
+      // Warn if enableRealtime is passed to query() - it should only be used by load()
+      if (params.enableRealtime) {
+        console.warn('[roboto-js] enableRealtime should not be passed to query(), only to load(). This parameter will be ignored.');
+      }
+      
       params.type = type;
 
       // Default ordering and pagination
@@ -812,7 +862,9 @@ export default class RbtApi {
             this._loggedCacheEvents.add(bulkMissLogKey);
           }
           
-          mergedParams = { ...params, where: `id IN ("${missingIds.join(`","`)}")` };
+          // Remove load-specific params that shouldn't be passed to query
+          const { enableRealtime, ...queryParams } = params;
+          mergedParams = { ...queryParams, where: `id IN ("${missingIds.join(`","`)}")` };
           loadedObjects = await this.query(type, mergedParams);
           
           // Cache the newly loaded objects
@@ -882,7 +934,9 @@ export default class RbtApi {
         // Create the loading promise and store it to prevent duplicate requests
         const loadPromise = (async () => {
           try {
-            mergedParams = { ...params, where: `id="${ids}"` };
+            // Remove load-specific params that shouldn't be passed to query
+            const { enableRealtime, ...queryParams } = params;
+            mergedParams = { ...queryParams, where: `id="${ids}"` };
             let res = await this.query(type, mergedParams);
             const obj = res[0];