npm - squarefi-bff-api-module - Versions diffs - 1.30.10 → 1.31.0 - Mend

squarefi-bff-api-module 1.30.10 → 1.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/CHANGELOG.md +296 -1
package/FIXED_RLS_ERROR.md +146 -0
package/QUICK_TEST.md +127 -0
package/README.md +87 -10
package/STORAGE_MODULE_SUMMARY.md +228 -0
package/TEST_INSTRUCTIONS.md +122 -0
package/dist/hooks/index.d.ts +1 -0
package/dist/hooks/index.js +1 -0
package/dist/hooks/useFileUpload.d.ts +18 -3
package/dist/hooks/useFileUpload.js +19 -4
package/dist/index.d.ts +1 -0
package/dist/index.js +1 -0
package/dist/utils/fileStorage.d.ts +8 -4
package/dist/utils/fileStorage.js +8 -4
package/docs/AUTH_TOKEN_USAGE.md +290 -0
package/docs/BACKEND_SERVICE_URL.md +334 -0
package/docs/FRONTEND_STORAGE_GUIDE.md +529 -0
package/docs/READY_TO_USE_COMPONENT.tsx +395 -0
package/docs/STORAGE_MODULE.md +490 -0
package/docs/STORAGE_QUICK_START.md +76 -0
package/package.json +1 -1
package/scripts/supabase-storage-setup.sql +223 -0
package/src/hooks/index.ts +1 -0
package/src/hooks/useFileUpload.ts +129 -0
package/src/index.ts +1 -0
package/src/utils/fileStorage.ts +367 -0

package/CHANGELOG.md CHANGED Viewed

@@ -4,7 +4,302 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-ƒ
+## [1.31] - 2025-11-19
+### Changed
+- Updated useFileUpload hook to require bucket and support folder structure for file uploads
+- Removed useUserFiles hook
+## [1.30.10] - 2025-11-19
+### Added
+- Added balance and total_balance fields to wallet API response
+## [1.30.9] - 2025-11-17
+### Changed
+- Updated wallets API to accept query parameters and renamed type generation script in package.json
+## [1.30.8] - 2025-11-14
+### Changed
+- Removed outdated HIFI transaction types and added new L2F transaction types for deposits and withdrawals
+- Updated OrderType enum to include new deposit and withdrawal types for HIFI and L2F
+## [1.30.7] - 2025-11-14
+### Added
+- Added HIFI_ACH_WITHDRAWAL and HIFI_ACH_DEPOSIT to OrderType enum
+- Added check-types script to package.json
+## [1.30.6] - 2025-11-14
+### Changed
+- Removed DepositInstruction interface and updated deposit_instructions type in VirtualAccountAccountDetails
+## [1.30.5] - 2025-11-14
+### Added
+- Added from_crypto_address field to order request parameters in API types
+## [1.30.4] - 2025-11-14
+### Added
+- Added OrderTypeKycRail type and updated OrderInfo interface to include order_types_kyc_rails and is_trusted fields
+## [1.30.3] - 2025-11-14
+### Added
+- Added OrderPaymentMethod enum and updated OrderInfo interface to use it
+## [1.30.2] - 2025-11-12
+### Changed
+- Removed unused OrderMetaExtended type and simplified OrderDetails type definition
+## [1.30.1] - 2025-11-12
+### Added
+- Introduced new interfaces for simplified currency and wallet, renamed payment originator types, and extended order meta with additional fields
+## [1.30.0] - 2025-11-10
+### Added
+- Added new endpoints for listing orders by wallet and retrieving order details by ID, along with corresponding request/response types
+## [1.29.3] - 2025-11-07
+### Added
+- Extended DepositInstruction with CHAPS and FPS instruction types and added sort_code field
+## [1.29.2] - 2025-11-07
+### Added
+- Added iban field to ACH interface in API types
+## [1.29.1] - 2025-11-07
+### Added
+- Added SEPA_CT instruction type and corresponding SEPA interface to DepositInstruction
+## [1.29.0] - 2025-10-29
+### Added
+- Introduced EXCHANGE_OMNI order type and updated related API request/response types
+- Added Supabase Storage integration with user-level security and file management features
+## [1.28.0] - 2025-10-27
+### Added
+- Added new order types for card withdrawals and updated API types accordingly
+## [1.27.8] - 2025-10-24
+### Fixed
+- Corrected typo in WITHDRAWAL_CRYPTO request type by changing 'is_substract' to 'is_subsctract'
+## [1.27.7] - 2025-10-24
+### Fixed
+- Corrected typo in WITHDRAWAL_CRYPTO request type by changing 'is_subtract' to 'is_substract'
+## [1.27.6] - 2025-10-24
+### Changed
+- Enhanced tenant config type definition and removed deprecated endpoints for improved clarity and type safety
+## [1.27.5] - 2025-10-23
+### Fixed
+- Made virtual_account_id optional in OrderWithVirtualAccountParams for improved flexibility
+## [1.27.4] - 2025-10-23
+### Changed
+- Version bump for latest changes
+## [1.27.3] - 2025-10-23
+### Fixed
+- Simplified SEGREGATED_CRYPTO_TRANSFER request type by using Omit to exclude to_currency_id for better type safety
+## [1.27.2] - 2025-10-23
+### Fixed
+- Updated SEGREGATED_CRYPTO_TRANSFER request type to disallow to_currency_id for improved type safety
+## [1.27.1] - 2025-10-23
+### Added
+- Added is_reverse flag to transfer order parameters and refined order type definitions for improved clarity
+## [1.27.0] - 2025-10-23
+### Changed
+- Removed HIFI_CRYPTO_TRANSFER order type and consolidated order request/response structures for improved maintainability
+### Added
+- Added new off-ramp order types and corresponding request/response structures for ACH, Wire, SWIFT, and SEPA transactions
+- Added Prettier for code formatting and enhanced OrderType enum with new onramp/offramp types
+## [1.26.14] - 2025-10-22
+### Fixed
+- Made deposit_instructions optional in VirtualAccount and VirtualAccountDetailItem interfaces
+## [1.26.13] - 2025-10-22
+### Changed
+- Enhanced DepositInstruction types with ACH, FEDWIRE, and SWIFT interfaces and restructured related account information
+## [1.26.12] - 2025-10-03
+### Changed
+- Version bump for latest changes
+## [1.26.11] - 2025-10-03
+### Changed
+- Version bump for latest changes
+## [1.26.10] - 2025-10-03
+### Changed
+- Updated VirtualAccount types to include VirtualAccountDetailItem and renamed VirtualAccountListItem
+## [1.26.9] - 2025-10-03
+### Added
+- Added VirtualAccountDetailItem type
+### Changed
+- Formatted type definitions for clarity and added is_enabled field to APIKey interface
+## [1.26.8] - 2025-09-19
+### Fixed
+- Corrected type definition for bank data response and updated request field name for consistency
+## [1.26.7] - 2025-09-18
+### Changed
+- Version bump for latest changes
+## [1.26.6] - 2025-09-18
+### Changed
+- Updated bank data retrieval method to use GET with params for improved clarity and consistency
+## [1.26.5] - 2025-09-18
+### Fixed
+- Changed bank data retrieval method from GET to POST for improved data handling
+## [1.26.4] - 2025-09-18
+### Added
+- Integrated bank data module and defined TypeScript types for bank data retrieval
+## [1.26.3] - 2025-09-16
+### Added
+- Added resume inquiry endpoint and corresponding TypeScript types for enhanced inquiry management
+## [1.26.2] - 2025-09-16
+### Changed
+- Deprecated card_limit in favor of max_cards for improved clarity in card management
+## [1.26.1] - 2025-09-11
+### Fixed
+- Enhanced unauthorized error handling by adding context check to bypass handler
+## [1.26.0] - 2025-09-11
+### Fixed
+- Added context to authentication requests and updated TypeScript configuration to include type definitions
+## [1.25.6] - 2025-09-10
+### Added
+- Added new sign-in and sign-up endpoints
+## [1.25.5] - 2025-09-05
+### Added
+- Added TOTP status endpoint and response type for improved status tracking
+## [1.25.4] - 2025-08-22
+### Changed
+- Updated wallet transaction filter types to use Partial for improved flexibility
+## [1.25.3] - 2025-08-22
+### Changed
+- Streamlined wallet transaction filter types by utilizing shared schema for consistency
+- Enhanced ExportCsv request type to include comprehensive filter options for wallet transactions
+## [1.25.2] - 2025-08-20
+### Fixed
+- Updated channel initialization to use key prop if provided in subscription hooks
+## [1.25.1] - 2025-08-20
+### Changed
+- Simplified useWalletTransactionsSubscription and enhanced useSupabaseSubscription with key prop
 ## [1.25.0] - 2025-08-19

package/FIXED_RLS_ERROR.md ADDED Viewed

@@ -0,0 +1,146 @@
+# ✅ Fixed: RLS Policy Error
+## ❌ Problem
+```
+new row violates row-level security policy
+```
+## ✅ Solution
+All functions now accept `authToken` parameter!
+## 🚀 Quick Fix
+### Before (Error):
+```typescript
+const result = await uploadFile({
+  file: myFile,
+  fileName: 'test.pdf',
+  userId: 'user-123',
+});
+// ❌ Error: RLS policy violation
+```
+### After (Works):
+```typescript
+const authToken = 'your-jwt-token'; // From Supabase Auth
+const result = await uploadFile({
+  file: myFile,
+  fileName: 'test.pdf',
+  userId: 'user-123',
+  authToken, // ← Add this!
+});
+// ✅ Success!
+```
+## 📱 React Hook Usage
+```typescript
+import { useFileUpload } from 'squarefi-bff-api-module';
+function MyComponent() {
+  const authToken = 'your-jwt-token'; // Get from your auth
+  const { upload } = useFileUpload({
+    userId: 'user-123',
+    authToken, // ← Add this!
+  });
+  return <input type="file" onChange={(e) => upload(e.target.files[0])} />;
+}
+```
+## 🔑 How to Get Auth Token
+### Option 1: From Supabase
+```typescript
+import { supabaseClient } from 'squarefi-bff-api-module';
+const { data: { session } } = await supabaseClient.auth.getSession();
+const authToken = session?.access_token;
+```
+### Option 2: From Browser (for testing)
+1. Login to your app
+2. Open Console (F12)
+3. Run:
+```javascript
+const session = await supabaseClient.auth.getSession();
+console.log(session.data.session.access_token);
+```
+4. Copy the token
+### Option 3: From Your Auth System
+```typescript
+// From localStorage
+const authToken = localStorage.getItem('access_token');
+// From auth context
+const { accessToken } = useAuth();
+```
+## 📝 Updated API
+All these functions now accept `authToken`:
+| Function | Signature |
+|----------|-----------|
+| `uploadFile` | `uploadFile({..., authToken})` |
+| `getSignedUrl` | `getSignedUrl({..., authToken})` |
+| `deleteFile` | `deleteFile(path, bucket, authToken)` |
+| `deleteFiles` | `deleteFiles(paths, bucket, authToken)` |
+| `listUserFiles` | `listUserFiles(userId, bucket, authToken)` |
+| `downloadFile` | `downloadFile(path, bucket, authToken)` |
+## 🧪 Test Example
+```typescript
+// 1. Get auth token
+const authToken = 'eyJhbGci...'; // Your JWT token
+// 2. Upload with token
+const result = await uploadFile({
+  file: myFile,
+  fileName: 'test.pdf',
+  userId: 'user-123',
+  authToken,
+});
+console.log(result.success); // true
+console.log(result.path); // user-123/test.pdf
+```
+## 🔒 Why This Works
+RLS policies check `auth.uid()` from JWT token:
+```sql
+-- Policy requires authenticated user
+WITH CHECK (
+  (storage.foldername(name))[1] = auth.uid()::text
+)
+```
+- ❌ **Without token**: `auth.uid()` = NULL → Policy fails
+- ✅ **With token**: `auth.uid()` = user ID → Policy passes
+## 📚 Full Documentation
+- **AUTH_TOKEN_USAGE.md** - Complete guide with examples
+- **FRONTEND_STORAGE_GUIDE.md** - React usage
+- **STORAGE_MODULE.md** - Full API reference
+## ✅ Changes Summary
+- ✅ Added `authToken` parameter to all storage functions
+- ✅ Updated hooks (`useFileUpload`, `useUserFiles`)
+- ✅ Backward compatible (token is optional)
+- ✅ Creates authenticated client when token provided
+- ✅ Project builds successfully
+Now you can upload files from authenticated users! 🎉

package/QUICK_TEST.md ADDED Viewed

@@ -0,0 +1,127 @@
+# Quick Test Guide ⚡
+## ✅ Исправлено!
+HTML тест был исправлен. Основные проблемы:
+- Неправильная инициализация Supabase клиента
+- Незакрытый тег script
+- Неправильные ссылки на клиент
+## 🧪 Как протестировать СЕЙЧАС
+### 1. Откройте test-storage.html в браузере
+Просто двойной клик на файл или:
+```bash
+open test-storage.html  # macOS
+```
+### 2. Что вы должны увидеть
+✅ **Зеленый статус** вверху: "✅ Connected to Supabase"
+❌ Если видите **красный статус** - проверьте консоль браузера (F12)
+### 3. Нажмите "Test Connection"
+Должно показать:
+```
+✅ Connection successful!
+Available buckets:
+[...список бакетов...]
+```
+### 4. Попробуйте загрузить файл
+❌ **Если получите ошибку** типа:
+- "Bucket not found" → Нужно создать бакет (см. ниже)
+- "Permission denied" → Нужно настроить RLS (см. ниже)
+## ⚠️ Перед загрузкой файлов
+Нужно выполнить SQL скрипт в Supabase:
+1. Откройте: https://dpwavvgrlklpuoddutdp.supabase.co
+2. Перейдите в **SQL Editor**
+3. Скопируйте весь файл `scripts/supabase-storage-setup.sql`
+4. Вставьте и нажмите **RUN**
+Это создаст:
+- ✅ Бакеты: user-files, documents, images
+- ✅ RLS политики для безопасности
+- ✅ Функцию is_super_admin()
+## 🔍 Ожидаемые результаты
+### ✅ Если SQL выполнен:
+- "Test Connection" → Показывает 3 бакета
+- "Upload File" → Файл загружается успешно
+- "List Files" → Показывает загруженные файлы
+- "Get Signed URL" → Генерирует рабочую ссылку
+### ❌ Если SQL НЕ выполнен:
+- "Test Connection" → Может показать пустой список бакетов
+- "Upload File" → Ошибка "Bucket not found"
+- "List Files" → Ошибка
+## 🚀 Node.js тест (альтернатива)
+```bash
+node test-storage.js
+```
+Покажет:
+```
+🔍 Testing Supabase Storage Module...
+1. Testing Supabase client initialization...
+   ✅ Supabase client initialized successfully
+2. Testing getPublicUrl function...
+   ✅ getPublicUrl works
+✨ Basic tests completed!
+```
+## 🐛 Troubleshooting
+### Консоль показывает "supabase is not defined"
+- Проблема с CDN загрузкой
+- Попробуйте обновить страницу (F5)
+- Проверьте интернет-соединение
+### "Failed to fetch"
+- Проверьте URL и ключ в test-storage.html
+- Убедитесь, что Supabase проект активен
+### "Bucket not found"
+- Выполните SQL скрипт
+- Проверьте название бакета (должно быть 'user-files')
+### Files не загружаются
+- SQL скрипт не выполнен
+- RLS политики не настроены
+- Неправильный формат user ID
+## 📊 Что дальше?
+После успешного теста:
+1. ✅ Используйте модуль в React:
+```tsx
+import { useFileUpload } from 'squarefi-bff-api-module';
+```
+2. ✅ Прочитайте документацию:
+- `docs/FRONTEND_STORAGE_GUIDE.md` - Для React
+- `docs/STORAGE_MODULE.md` - Полное API
+- `docs/STORAGE_QUICK_START.md` - Быстрый старт
+3. ✅ Настройте `is_super_admin()` под вашу схему пользователей
+## ✨ Готово!
+Модуль протестирован и готов к использованию!

package/README.md CHANGED Viewed

@@ -10,6 +10,7 @@ A fully-typed TypeScript / JavaScript SDK for effortless interaction with the Sq
 • Strict TypeScript types generated from the OpenAPI contract.
 • Axios-powered HTTP client with automatic tenant & environment headers.
 • First-class support for **Telegram Mini-Apps** as well as Web.
+• **Supabase Storage integration** with automatic user-level security policies.
 • Batteries included: constants, helpers & cryptography utilities.
 • Zero-config – just provide your API URLs and tenant id.
@@ -69,18 +70,22 @@ const { isConnected } = useSupabaseSubscription({
 The SDK reads connection details from process-level variables. When bundling for the browser, tools like **Vite**, **Webpack DefinePlugin**, or **Next.js** can safely inline those values at build time.
-| Name                       | Description                                                          | Required                       | Example                       |
-| -------------------------- | -------------------------------------------------------------------- | ------------------------------ | ----------------------------- |
-| `API_URL`                  | Base URL of the BFF **v1** service                                   | ✅                             | `https://api-v1.squarefi.com` |
-| `API_V2_URL`               | Base URL of the BFF **v2** service                                   | ✅                             | `https://api-v2.squarefi.com` |
-| `API_TOTP_URL`             | Base URL of the **TOTP / OTP** micro-service                         | ⚠️ _If you use TOTP features_  | `https://totp.squarefi.com`   |
-| `TENANT_ID`                | Your tenant / organisation identifier                                | ✅                             | `tenant_12345`                |
-| `LOGOUT_URL`               | Frontend route where the user is redirected when refresh token fails | ❌                             | `/auth/logout`                |
-| `SERVER_PUBLIC_KEY_BASE64` | PEM encoded key (base64) used for request signing                    | ✅                             | `MIIBIjANBgkqh…`              |
-| `SUPABASE_URL`             | Supabase project URL for real-time subscriptions                     | ⚠️ _If you use Supabase hooks_ | `https://xyz.supabase.co`     |
-| `SUPABASE_PUBLIC_KEY`      | Supabase public anon key for client authentication                   | ⚠️ _If you use Supabase hooks_ | `eyJhbGciOiJIUzI1NiIs…`       |
+| Name                       | Description                                                                                  | Required                                  | Example                       |
+| -------------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------- | ----------------------------- |
+| `API_URL`                  | Base URL of the BFF **v1** service                                                           | ✅                                        | `https://api-v1.squarefi.com` |
+| `API_V2_URL`               | Base URL of the BFF **v2** service                                                           | ✅                                        | `https://api-v2.squarefi.com` |
+| `API_TOTP_URL`             | Base URL of the **TOTP / OTP** micro-service                                                 | ⚠️ _If you use TOTP features_             | `https://totp.squarefi.com`   |
+| `TENANT_ID`                | Your tenant / organisation identifier                                                        | ✅                                        | `tenant_12345`                |
+| `LOGOUT_URL`               | Frontend route where the user is redirected when refresh token fails                         | ❌                                        | `/auth/logout`                |
+| `SERVER_PUBLIC_KEY_BASE64` | PEM encoded key (base64) used for encrypted sensitive data requests (e.g., card secret keys) | ✅                                        | `MIIBIjANBgkqh…`              |
+| `SUPABASE_URL`             | Supabase project URL for real-time subscriptions and file storage                            | ⚠️ _If you use Supabase hooks or Storage_ | `https://xyz.supabase.co`     |
+| `SUPABASE_PUBLIC_KEY`      | Supabase public anon key for client authentication                                           | ⚠️ _If you use Supabase hooks or Storage_ | `eyJhbGciOiJIUzI1NiIs…`       |
+> ⚠️ **Backend Only**: `SUPABASE_SERVICE_ROLE_KEY` is used for backend file access (see [Backend Service URL Guide](./docs/BACKEND_SERVICE_URL.md)). **Never expose this key on frontend/client-side code.**
 > ℹ️ When running in Node.js you can place these variables in a `.env` file and load them with [dotenv](https://npmjs.com/package/dotenv).
+>
+> 📝 See `env.example` file in the repository root for a complete template with all available environment variables.
 ---
@@ -122,6 +127,78 @@ function MyComponent() {
 ---
+## 📦 Supabase Storage Module
+The SDK includes a complete file storage solution powered by Supabase Storage with automatic user-level security policies. Files are automatically organized by user ID and protected with Row Level Security (RLS).
+### Quick Start
+```ts
+import { uploadFile, getSignedUrl, DEFAULT_BUCKET } from 'squarefi-bff-api-module';
+// Upload a file
+const result = await uploadFile({
+  file: myFile, // File or Blob
+  fileName: 'document.pdf',
+  userId: 'user-uuid',
+  bucket: DEFAULT_BUCKET,
+});
+if (result.success) {
+  console.log('File uploaded:', result.path);
+  console.log('Signed URL:', result.signedUrl); // Use this for secure access
+}
+// Get a signed URL for accessing the file
+const signedUrl = await getSignedUrl({
+  path: result.path,
+  expiresIn: 3600, // 1 hour
+});
+```
+### Features
+- ✅ Automatic file organization by user ID (`{userId}/{fileName}`)
+- ✅ Row Level Security (RLS) - users can only access their own files
+- ✅ Superadmin access to all files (configurable)
+- ✅ Multiple storage buckets: `user-files`, `documents`, `images`
+- ✅ Signed URLs for temporary secure access
+- ✅ Service URLs for permanent backend access (with service role key)
+- ✅ File listing, deletion, and download support
+### URL Types
+| Type           | Expires                 | Use Case                    | Authentication                 |
+| -------------- | ----------------------- | --------------------------- | ------------------------------ |
+| **Signed URL** | ✅ Yes (1 hour default) | End users, temporary access | ❌ Not required                |
+| **Public URL** | ❌ Never                | Backend/Superadmin access   | ✅ Required (service role key) |
+```typescript
+// For end users (temporary, no auth needed)
+const signedUrl = await getSignedUrl({ path, expiresIn: 3600 });
+// For superadmin backend (permanent, requires service key)
+const publicUrl = getPublicUrl(path);
+// On backend: fetch(publicUrl, { headers: { 'Authorization': 'Bearer SERVICE_KEY' } })
+```
+### Setup
+1. Set required environment variables (see table above)
+2. Run the SQL setup script in your Supabase project:
+   ```bash
+   # Execute scripts/supabase-storage-setup.sql in Supabase SQL Editor
+   ```
+3. Customize the `is_super_admin()` function according to your user schema
+📖 **Documentation**:
+- **Frontend Guide** (React): [docs/FRONTEND_STORAGE_GUIDE.md](./docs/FRONTEND_STORAGE_GUIDE.md) - Quick start with ready-to-use components
+- **Full Documentation**: [docs/STORAGE_MODULE.md](./docs/STORAGE_MODULE.md) - Detailed API description
+- **Quick Start**: [docs/STORAGE_QUICK_START.md](./docs/STORAGE_QUICK_START.md) - Get started in 5 minutes
+---
 ## 🗺️ API surface
 `squarefi_bff_api_client` is a plain object where every property is a namespaced group of operations. The list below reflects the current SDK version (v1.18.13).