npm - scorezilla - Versions diffs - 0.3.0-next.1 → 0.3.0-next.2 - Mend

scorezilla 0.3.0-next.1 → 0.3.0-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/API.md +77 -7
package/CHANGELOG.md +58 -0
package/README.md +77 -0
package/RECIPES.md +186 -0
package/dist/{errors-B7hyC-C5.d.cts → errors-CtXMAHtJ.d.cts} +1 -1
package/dist/{errors-B7hyC-C5.d.ts → errors-CtXMAHtJ.d.ts} +1 -1
package/dist/index.cjs +2 -2
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.js +2 -2
package/dist/server.cjs +215 -1
package/dist/server.cjs.map +1 -1
package/dist/server.d.cts +249 -3
package/dist/server.d.ts +249 -3
package/dist/server.js +210 -2
package/dist/server.js.map +1 -1
package/package.json +11 -1

package/dist/server.cjs CHANGED Viewed

@@ -624,13 +624,97 @@ function defaultUserAgent(version, runtime = detectRuntime()) {
   return `scorezilla-js/${version} (${runtime})`;
 }
+// src/verifiers.ts
+async function loadJose() {
+  try {
+    return await import('jose');
+  } catch (cause) {
+    throw new Error(
+      "scorezilla/server: the optional peer dependency 'jose' is required for verifyJwt() / verifySupabaseJwt(). Install it with `npm i jose` (or your package manager).",
+      { cause }
+    );
+  }
+}
+function extractBearerToken(req) {
+  const header = req.headers.get("authorization");
+  if (!header) return null;
+  const trimmed = header.trim();
+  if (!/^bearer\s+/i.test(trimmed)) return null;
+  return trimmed.replace(/^bearer\s+/i, "").trim() || null;
+}
+function verifyJwt(options) {
+  const claim = options.claim ?? "sub";
+  let keySet = null;
+  return async (req) => {
+    const token = extractBearerToken(req);
+    if (token === null) return null;
+    const jose = await loadJose();
+    if (keySet === null) {
+      keySet = jose.createRemoteJWKSet(
+        new URL(options.jwksUrl),
+        options.fetch ? { [jose.customFetch]: options.fetch } : void 0
+      );
+    }
+    try {
+      const { payload } = await jose.jwtVerify(token, keySet, {
+        ...options.issuer !== void 0 ? { issuer: options.issuer } : {},
+        ...options.audience !== void 0 ? { audience: options.audience } : {}
+      });
+      const id = payload[claim];
+      return typeof id === "string" && id.length > 0 ? { playerId: id } : null;
+    } catch {
+      return null;
+    }
+  };
+}
+function verifySupabaseJwt(options) {
+  const base = options.supabaseUrl.replace(/\/+$/, "");
+  return verifyJwt({
+    jwksUrl: `${base}/auth/v1/.well-known/jwks.json`,
+    issuer: `${base}/auth/v1`,
+    audience: "authenticated",
+    ...options.claim !== void 0 ? { claim: options.claim } : {},
+    ...options.fetch !== void 0 ? { fetch: options.fetch } : {}
+  });
+}
+function verifyClerkJwt(options) {
+  const issuer = options.issuer.replace(/\/+$/, "");
+  return verifyJwt({
+    jwksUrl: `${issuer}/.well-known/jwks.json`,
+    issuer,
+    ...options.audience !== void 0 ? { audience: options.audience } : {},
+    ...options.claim !== void 0 ? { claim: options.claim } : {},
+    ...options.fetch !== void 0 ? { fetch: options.fetch } : {}
+  });
+}
+function verifyAuth0Jwt(options) {
+  const host = options.domain.replace(/^https?:\/\//, "").replace(/\/+$/, "");
+  return verifyJwt({
+    jwksUrl: `https://${host}/.well-known/jwks.json`,
+    issuer: `https://${host}/`,
+    audience: options.audience,
+    ...options.claim !== void 0 ? { claim: options.claim } : {},
+    ...options.fetch !== void 0 ? { fetch: options.fetch } : {}
+  });
+}
+var FIREBASE_JWKS_URL = "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com";
+function verifyFirebaseIdToken(options) {
+  return verifyJwt({
+    jwksUrl: FIREBASE_JWKS_URL,
+    issuer: `https://securetoken.google.com/${options.projectId}`,
+    audience: options.projectId,
+    ...options.claim !== void 0 ? { claim: options.claim } : {},
+    ...options.fetch !== void 0 ? { fetch: options.fetch } : {}
+  });
+}
 // src/server.ts
 var Scorezilla = class _Scorezilla {
   /** The package version, injected at build time from `package.json`.
    *  Mirrors the static on the public-key client so consumers can log
    *  the running SDK build the same way regardless of which surface
    *  they imported. */
-  static version = "0.3.0-next.1";
+  static version = "0.3.0-next.2";
   #keyId;
   #secret;
   #baseUrl;
@@ -772,8 +856,138 @@ function isRealBrowserEnvironment() {
   const hasNodeLikeHost = Boolean(g.process?.versions?.node) || typeof g.Deno !== "undefined" || typeof g.Bun !== "undefined";
   return !hasNodeLikeHost;
 }
+function createScoreSubmitHandler(config) {
+  const sz = new Scorezilla({
+    secretKey: config.secretKey,
+    ...config.baseUrl !== void 0 ? { baseUrl: config.baseUrl } : {},
+    ...config.fetch !== void 0 ? { fetch: config.fetch } : {},
+    ...config.maxRetries !== void 0 ? { maxRetries: config.maxRetries } : {},
+    ...config.timeoutMs !== void 0 ? { timeoutMs: config.timeoutMs } : {}
+  });
+  const parse = config.parseSubmission ?? defaultParseSubmission;
+  return async (req) => {
+    const cors = config.cors ? buildCorsHeaders(config.cors, req.headers.get("Origin")) : {};
+    if (req.method === "OPTIONS" && config.cors) {
+      return new Response(null, { status: 204, headers: cors });
+    }
+    if (req.method !== "POST") {
+      return jsonResponse({ ok: false, error: "method_not_allowed" }, 405, cors);
+    }
+    if (config.rateLimit) {
+      const decision = await config.rateLimit(req);
+      if (!decision.ok) {
+        const headers = { ...cors };
+        if (decision.retryAfterSeconds !== void 0) {
+          headers["Retry-After"] = String(decision.retryAfterSeconds);
+        }
+        return jsonResponse({ ok: false, error: "rate_limited" }, 429, headers);
+      }
+    }
+    let identity;
+    try {
+      identity = await config.verify(req);
+    } catch {
+      identity = null;
+    }
+    if (!identity || typeof identity.playerId !== "string" || identity.playerId.length === 0) {
+      return jsonResponse({ ok: false, error: "unauthorized" }, 401, cors);
+    }
+    let submission;
+    try {
+      submission = await parse(req);
+    } catch {
+      submission = null;
+    }
+    if (!submission || typeof submission.score !== "number" || !Number.isFinite(submission.score)) {
+      return jsonResponse(
+        { ok: false, error: "bad_request", message: "invalid score submission" },
+        400,
+        cors
+      );
+    }
+    const metadata = mergeMetadata(submission.metadata, identity.metadata);
+    try {
+      const result = await sz.submitScore({
+        boardId: config.boardId,
+        playerId: identity.playerId,
+        score: submission.score,
+        ...metadata !== void 0 ? { metadata } : {}
+      });
+      return jsonResponse(
+        {
+          ok: true,
+          rank: result.rank,
+          totalEntries: result.totalEntries,
+          isPersonalBest: result.isPersonalBest
+        },
+        200,
+        cors
+      );
+    } catch (err) {
+      return mapSubmitError(err, cors);
+    }
+  };
+}
+async function defaultParseSubmission(req) {
+  const raw = await req.json().catch(() => null);
+  if (!isPlainObject(raw)) return null;
+  const score = raw.score;
+  if (typeof score !== "number" || !Number.isFinite(score)) return null;
+  return { score, metadata: isPlainObject(raw.metadata) ? raw.metadata : void 0 };
+}
+function isPlainObject(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function mergeMetadata(client, verified) {
+  if (!client && !verified) return void 0;
+  return { ...client ?? {}, ...verified ?? {} };
+}
+function jsonResponse(body, status, extra) {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { "Content-Type": "application/json; charset=utf-8", ...extra }
+  });
+}
+function mapSubmitError(err, cors) {
+  if (err instanceof ScorezillaError) {
+    if (err.isRateLimited()) {
+      const headers = { ...cors };
+      if (err.retryAfter !== void 0) headers["Retry-After"] = String(err.retryAfter);
+      return jsonResponse({ ok: false, error: "rate_limited" }, 429, headers);
+    }
+    if (err.status >= 400 && err.status < 500) {
+      return jsonResponse({ ok: false, error: err.code, message: err.message }, err.status, cors);
+    }
+    return jsonResponse({ ok: false, error: "upstream_error" }, 502, cors);
+  }
+  return jsonResponse({ ok: false, error: "server_error" }, 500, cors);
+}
+function buildCorsHeaders(cors, origin) {
+  const headers = {
+    "Access-Control-Allow-Methods": (cors.methods ?? ["POST", "OPTIONS"]).join(", "),
+    "Access-Control-Allow-Headers": (cors.headers ?? ["content-type", "authorization"]).join(", "),
+    "Access-Control-Max-Age": String(cors.maxAgeSeconds ?? 600),
+    Vary: "Origin"
+  };
+  if (origin !== null && isCorsOriginAllowed(cors.origin, origin)) {
+    headers["Access-Control-Allow-Origin"] = origin;
+  }
+  return headers;
+}
+function isCorsOriginAllowed(rule, origin) {
+  if (typeof rule === "boolean") return rule;
+  if (typeof rule === "string") return rule === origin;
+  if (typeof rule === "function") return rule(origin);
+  return rule.includes(origin);
+}
 exports.Scorezilla = Scorezilla;
 exports.ScorezillaError = ScorezillaError;
+exports.createScoreSubmitHandler = createScoreSubmitHandler;
+exports.verifyAuth0Jwt = verifyAuth0Jwt;
+exports.verifyClerkJwt = verifyClerkJwt;
+exports.verifyFirebaseIdToken = verifyFirebaseIdToken;
+exports.verifyJwt = verifyJwt;
+exports.verifySupabaseJwt = verifySupabaseJwt;
 //# sourceMappingURL=server.cjs.map
 //# sourceMappingURL=server.cjs.map