unshared-clientjs-sdk 1.0.14 → 2.0.0-rc.11

package/README.md

@@ -1,109 +1,177 @@
-# Unshared Labs SDK
+# unshared-clientjs-sdk
 
-A lightweight, drop-in SDK for sending secure session and event data to the **Unshared Labs** platform.
-This package is designed for server environments (e.g., Express, Fastify, Next.js API routes) that need to track account sharing activity, session behavior, or suspicious usage patterns.
+Server-side Node.js SDK for [Unshared Labs](https://unsharedlabs.com) — detect account sharing, analyze user events for fraud, and run email verification flows.
 
 ---
 
-## Installation
+## Install
 
 ```bash
 npm install unshared-clientjs-sdk
-# or
-yarn add unshared-clientjs-sdk
 ```
 
+**Requires Node.js 18+**
+
 ---
 
-## Quick Example
+## Quick Start
 
-```ts
-import UnsharedLabsClient from "unshared-clientjs-sdk";
+```typescript
+import { UnsharedLabsClient } from 'unshared-clientjs-sdk';
 
 const client = new UnsharedLabsClient({
-  apiKey: process.env.UNSHARED_LABS_API_KEY!,
+  apiKey: process.env.UNSHARED_API_KEY, // usk_…
 });
 ```
 
 ---
 
-## API
-
-### `submitEvent(...)`
-
-```ts
-submitEvent(
-  eventType: string,
-  userId: string,
-  ipAddress: string,
-  deviceId: string,
-  sessionHash: string,
-  userAgent: string,
-  clientTimestamp: string,
-  eventDetails?: map<String,any> | null
-): Promise<any>
+## Methods
+
+### `processUserEvent(params)`
+
+Record a user event and get a fraud signal back. Call this on login, signup, or any high-value action.
+
+```typescript
+const result = await client.processUserEvent({
+  eventType:    'login',
+  userId:       'user_123',
+  emailAddress: 'user@example.com',
+  deviceId:     'device_abc',
+  sessionHash:  'session_xyz',
+  ipAddress:    '1.2.3.4',         // plaintext — not encrypted
+  userAgent:    req.headers['user-agent'],
+});
+
+if (result.success && result.data?.analysis.is_user_flagged) {
+  // Block or challenge the user
+}
 ```
 
-**Parameters**
+**Fields encrypted before sending:** `emailAddress`, `deviceId`
 
-* `eventType` — string, e.g. `"login"`, `"heartbeat"`, `"logout"`
-* `userId` — string, unique user identifier (encrypted before sending)
-* `ipAddress` — string, client IP (encrypted)
-* `deviceId` — string, device identifier (encrypted)
-* `sessionHash` — string, session identifier or fingerprint (encrypted)
-* `userAgent` — string
-* `clientTimestamp` — ISO timestamp string (e.g. `new Date().toISOString()`).
-* `eventDetails` — optional map of objects (String,any) of additional details
+---
+
+### `checkUser(emailAddress, deviceId)`
+
+Quick check to see if a user is flagged. Useful in middleware or route guards.
+
+```typescript
+const result = await client.checkUser('user@example.com', 'device_abc');
+
+if (result.data?.is_user_flagged) {
+  // Deny access
+}
+```
 
-**Returns**: A promise resolving Unshared Lab's DB insert result or rejecting with an error.
+> **Safe default:** Returns `{ is_user_flagged: false }` on any failure (network error, outage). A backend outage will never accidentally block a legitimate user.
 
 ---
 
-## Example (Express)
+### `triggerEmailVerification(emailAddress, deviceId)`
 
-```ts
-import express from "express";
-import UnsharedLabsClient from "unshared-clientjs-sdk";
+Send a 6-digit verification code to the user's email.
 
-const app = express();
-app.use(express.json());
+```typescript
+await client.triggerEmailVerification('user@example.com', 'device_abc');
+```
 
-const client = new UnsharedLabsClient({
-  apiKey: process.env.UNSHARED_LABS_API_KEY!,
-});
+---
+
+### `verify(emailAddress, deviceId, code)`
 
-app.post("/login", async (req, res) => {
-  const { userId } = req.body;
-
-  try {
-    await client.submitEvent(
-      "login",
-      userId,
-      req.ip,
-      req.headers["x-device-id"]?.toString() || "unknown-device",
-      req.headers["x-session-hash"]?.toString() || "unknown-session",
-      req.headers["user-agent"] || "",
-      new Date().toISOString(),
-      new Map(Object.entries({"example": true, "source": 'test-server' }))
-    );
-
-    res.status(200).json({ message: "Login tracked" });
-  } catch (err) {
-    res.status(500).json({ error: err instanceof Error ? err.message : err });
+Validate the code the user submitted.
+
+```typescript
+const result = await client.verify('user@example.com', 'device_abc', '123456');
+
+if (!result.success) {
+  if (result.error?.code === 'VERIFICATION_FAILED') {
+    // Wrong or expired code — ask user to retry
+  } else {
+    // Transport error (DELIVERY_FAILED) — retry or show generic error
   }
+} else {
+  // Verified — success: true means the code was correct
+}
+```
+
+---
+
+### `submitFingerprintEvent(fingerprint, opts?)`
+
+Submit a browser fingerprint collected by `unshared-frontend-sdk`. Typically called by the middleware — you usually won't call this directly.
+
+```typescript
+await client.submitFingerprintEvent(fingerprint, {
+  userId:      'user_123',
+  sessionHash: 'session_xyz',
+  eventType:   'page_view',
 });
+```
+
+---
+
+## Express Middleware
+
+The middleware adds a proxy route (`POST /unshared/submit-fingerprint-event`) that the browser SDK calls. It handles forwarding fingerprints to Unshared Labs and attaching your API key.
+
+```typescript
+import { createUnsharedMiddleware } from 'unshared-clientjs-sdk/middleware';
+
+// express.json() must come before this middleware
+app.use(express.json());
 
-app.listen(3000, () => console.log("Server running on port 3000"));
+app.use(createUnsharedMiddleware(client, {
+  userIdExtractor: (req) => req.user?.id, // attach logged-in user
+}));
 ```
 
+**Prerequisites:**
+- Mount `express.json()` before the middleware
+- `user_id` is automatically removed from `req.body` after being read — downstream logging won't capture it
+
+**Options:**
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `userIdExtractor` | `(req) => string \| undefined` | — | Pull user ID from your auth session |
+| `eventTypeExtractor` | `(req) => string \| undefined` | — | Override event type |
+| `sessionIdExtractor` | `(req) => string \| undefined` | — | Override session ID |
+| `defaultEventType` | `string` | `"browser_event"` | Fallback event type |
+| `routePrefix` | `string` | `"/unshared"` | Route mount prefix |
+| `corsOrigins` | `string \| string[]` | — | Allowed CORS origins; handles OPTIONS preflight automatically |
+
 ---
 
-## License
+## Configuration
+
+```typescript
+new UnsharedLabsClient({
+  apiKey:     'usk_…',                               // required
+  baseUrl:    'https://api-ingress.unsharedlabs.com', // optional
+  timeout:    10_000,                                 // optional, ms
+  maxRetries: 3,                                      // optional
+});
+```
 
-MIT © Unshared Labs
+---
+
+## Response shape
+
+All methods return `ApiResult<T>`:
+
+```typescript
+{
+  success: boolean;
+  data?:   T;
+  error?:  { code: string; message: string; retryAfter?: number };
+  status:  number; // HTTP status code
+}
+```
 
 ---
 
-## Support
+## Security
 
-For issues or onboarding help, contact Unshared Labs support.
+All PII is encrypted with **AES-256-GCM** before leaving your server. The encryption key is derived from your API key with SHA-256. Your API key is sent as the `X-API-Key` header — never in a URL or browser context.

package/dist/client.d.ts

@@ -1,207 +1,199 @@
-/**
- * Configuration object for initializing the UnsharedLabsClient.
- *
- * @interface UnsharedLabsClientConfig
- * @property {string} apiKey - Your API key for authenticating with UnsharedLabs services
- * @property {string} clientId - Encrypted client ID for authentication
- * @property {string} [baseUrl] - Optional custom base URL for the API service
- * @property {string} [emailServiceUrl] - Optional custom URL for the email service
- */
+import type { FingerprintWireFormat } from '@unshared-labs/shared-types';
 export interface UnsharedLabsClientConfig {
+    /**
+     * Secret API key. Must be kept server-side.
+     * Format: usk_…
+     */
     apiKey: string;
-    clientId: string;
+    /**
+     * Base URL of the Unshared Labs V2 ingress.
+     * @default "https://api-ingress.unsharedlabs.com"
+     */
     baseUrl?: string;
-    emailServiceUrl?: string;
+    /**
+     * Per-request timeout in milliseconds.
+     * @default 10_000
+     */
+    timeout?: number;
+    /**
+     * Max retries for 5xx / network failures after the first attempt.
+     * @default 3
+     */
+    maxRetries?: number;
 }
-/**
- * Client for interacting with UnsharedLabs API services.
- *
- * This client provides methods to:
- * - Process user events for fraud detection and analysis
- * - Check if a user is flagged as an account sharer
- * - Trigger email verification
- * - Verify email verification codes
- *
- * All sensitive data (user IDs, IP addresses, etc.) is automatically encrypted
- * before being sent to the API using the provided API key.
- *
- * @class UnsharedLabsClient
- * @example
- * ```typescript
- * const client = new UnsharedLabsClient({
- *   apiKey: 'your-api-key',
- *   clientId: 'base64-encoded-client-id'
- * });
- * ```
- */
-export default class UnsharedLabsClient {
-    private _apiKey;
-    private _clientId;
-    private _apiBaseUrl;
-    private _emailServiceUrl;
+export interface UnsharedLabsError {
+    code: string;
+    message: string;
+    details?: Record<string, unknown>;
     /**
-     * Creates a new instance of UnsharedLabsClient.
-     *
-     * @param {UnsharedLabsClientConfig} config - Configuration object containing API credentials and optional service URLs
-     * @constructor
+     * Seconds to wait before retrying. Populated on 429 RATE_LIMIT_EXCEEDED
+     * responses by reading the `Retry-After` HTTP response header.
+     * Falls back to `details.retry_after_seconds` if the header is absent.
      */
+    retryAfter?: number;
+}
+export interface ApiResult<T = unknown> {
+    success: boolean;
+    data?: T;
+    error?: UnsharedLabsError;
+    status: number;
+}
+export interface SubmitFingerprintOptions {
+    userId?: string;
+    sessionHash?: string;
+    eventType?: string;
+    /** SDK encrypts before sending. */
+    ipAddress?: string;
+}
+export interface SubmitFingerprintResult {
+    hash: string;
+    stable_hash: string;
+    collected_at: string;
+    /** Always present; set to "unknown" by the server if not provided. */
+    version: string;
+}
+export interface ProcessUserEventParams {
+    eventType: string;
+    /** SDK encrypts before sending. */
+    userId: string;
+    /** SDK encrypts before sending. */
+    ipAddress: string;
+    /** SDK encrypts before sending. */
+    deviceId: string;
+    sessionHash: string;
+    /** SDK encrypts before sending. */
+    userAgent: string;
+    /** SDK encrypts before sending. */
+    emailAddress: string;
+    /** SDK encrypts before sending. */
+    fingerprintId?: string;
+    subscriptionStatus?: string | null;
+    eventDetails?: Record<string, unknown> | null;
+}
+export interface ProcessUserEventResult {
+    event: {
+        event_type: string;
+        user_id: string;
+        email_address: string;
+        ip_address: string;
+        device_id: string;
+        session_hash: string;
+        user_agent: string;
+        event_details?: string;
+        subscription_status?: string;
+    };
+    analysis: {
+        status: 'success' | 'error';
+        is_user_flagged: boolean;
+        status_details?: string;
+    };
+}
+export interface CheckUserResult {
+    is_user_flagged: boolean;
+}
+export interface TriggerEmailVerificationResult {
+    message: string;
+}
+export interface VerifyResult {
+    verified: boolean;
+    reason?: 'not_found' | 'code_mismatch' | 'code_expired';
+}
+export interface VerificationFlowStep {
+    type: 'message' | 'email_input' | 'otp_input' | 'support_link';
+    title: string;
+    body: string;
+    buttonText?: string;
+    url?: string;
+}
+export interface VerificationFlowConfigResult {
+    steps: VerificationFlowStep[];
+    branding?: {
+        companyName?: string;
+        logoUrl?: string;
+        primaryColor?: string;
+        supportEmail?: string;
+    };
+}
+export declare class UnsharedLabsClient {
+    private readonly _apiKey;
+    private readonly _baseUrl;
+    private readonly _timeout;
+    private readonly _maxRetries;
+    private readonly _encryptionKey;
     constructor(config: UnsharedLabsClientConfig);
-    private _getBasicAuthHeader;
+    private _encrypt;
     /**
-     * Submits a user event to the UnsharedLabs API for processing.
-     *
-     * @deprecated This method is deprecated and will be removed in a future version. Use `processUserEvent` instead.
-     *
-     * @param {string} eventType - Type of event being submitted (e.g., 'signup', 'login', 'purchase')
-     * @param {string} userId - Unique identifier for the user. Use email address if available.
-     * @param {string} ipAddress - IP address of the user
-     * @param {string} deviceId - Unique identifier for the device
-     * @param {string} sessionHash - Hash of the user's session
-     * @param {string} userAgent - User agent string from the browser/client
-     * @param {string} clientTimestamp - ISO 8601 timestamp when the event occurred on the client
-     * @param {Map<string, any> | null} [eventDetails] - Optional map of additional event details to include
-     *
-     * @returns {Promise<{status: number, statusText: string, data: any}>} Response object containing HTTP status, status text, and response data
-     *
-     * @throws {Error} Throws an error if the API request fails or returns a non-OK status
-     *
-     * @example
-     * ```typescript
-     * const result = await client.submitEvent(
-     *   'signup',
-     *   'user@example.com',
-     *   '192.168.1.1',
-     *   'device456',
-     *   'session789',
-     *   'Mozilla/5.0...',
-     *   '2024-01-01T00:00:00Z',
-     *   new Map([['source', 'web']])
-     * );
-     * ```
+     * Core HTTP method with retry logic.
+     * - 2xx → success result
+     * - 4xx → non-retryable, error result returned immediately
+     * - 5xx → retried up to maxRetries, last error result returned
+     * - Network/timeout → retried, NETWORK_ERROR result returned
      */
-    submitEvent(eventType: string, userId: string, ipAddress: string, deviceId: string, sessionHash: string, userAgent: string, clientTimestamp: string, eventDetails?: Map<string, any> | null): Promise<any>;
+    private _fetch;
     /**
-     * Processes a user event through the UnsharedLabs API, including fraud detection and analysis.
-     *
-     * This method encrypts all sensitive user data (user ID, IP address, device ID, etc.) before
-     * sending it to the API. The response includes both event processing results and analysis
-     * results that indicate if the user has been flagged for suspicious activity.
-     *
-     * @param {string} eventType - Type of event being processed (e.g., 'signup', 'login', 'purchase')
-     * @param {string} userId - Unique identifier for the user. Use email address if available.
-     * @param {string} ipAddress - IP address of the user
-     * @param {string} deviceId - Unique identifier for the device
-     * @param {string} sessionHash - Hash of the user's session
-     * @param {string} userAgent - User agent string from the browser/client
-     * @param {string} emailAddress - Email address of the user
-     * @param {string | null} [subscriptionStatus] - Optional subscription status string, (e.g. 'paid', 'free', 'trial', 'discounted')
-     * @param {Map<string, any> | null} [eventDetails] - Optional map of additional event details to include
-     *
-     * @returns {Promise<any>} Response object containing:
-     *   - success: Boolean indicating if the API call was successful
-     *   - event: Event processing result with status and event data (on success)
-     *   - analysis: Analysis result with flagging information (on success)
-     *   - error: Error message (on failure)
-     *
-     * @example
-     * ```typescript
-     * const response = await client.processUserEvent(
-     *   'signup',
-     *   'user@example.com',
-     *   '192.168.1.1',
-     *   'device456',
-     *   'session789',
-     *   'Mozilla/5.0...',
-     *   'user@example.com',
-     *   'paid',
-     *   new Map([['source', 'web']])
-     * );
-     *
-     * if (!response.success) {
-     *   console.error('Error:', response.error);
-     * } else if (response.analysis?.is_user_flagged) {
-     *   console.log('User flagged for suspicious activity');
-     * }
-     * ```
+     * Submit a browser fingerprint event. Publishes asynchronously via Pub/Sub.
+     * Maps to: POST /v2/submit-fingerprint-event
      */
-    processUserEvent(eventType: string, userId: string, ipAddress: string, deviceId: string, sessionHash: string, userAgent: string, emailAddress: string, subscriptionStatus?: string | null, eventDetails?: Map<string, any> | null): Promise<any>;
+    submitFingerprintEvent(fingerprint: FingerprintWireFormat, opts?: SubmitFingerprintOptions): Promise<ApiResult<SubmitFingerprintResult>>;
     /**
-     * Checks if a user is flagged as an account sharer based on their email address and device ID.
-     *
-     * This method encrypts the email address and device ID before sending them to the API.
-     * The response indicates whether the user has been flagged for suspicious activity.
-     *
-     * @param {string} emailAddress - Email address of the user to check
-     * @param {string} deviceId - Unique identifier for the device
-     *
-     * @returns {Promise<any>} Response object containing:
-     *   - success: Boolean indicating if the API call was successful
-     *   - status: String indicating the status ("success" or "error")
-     *   - is_user_flagged: Boolean indicating if the user was flagged as an account sharer
-     *   - status_details: String with error details (only present on error)
-     *   - error: Error message (only present on failure)
-     *
-     * @example
-     * ```typescript
-     * const response = await client.checkUser(
-     *   'user@example.com',
-     *   'device456'
-     * );
-     *
-     * if (!response.success) {
-     *   console.error('Error:', response.error || response.status_details);
-     * } else if (response.is_user_flagged) {
-     *   console.log('User is flagged for suspicious activity');
-     * }
-     * ```
+     * Record a user event and receive naughty-list analysis.
+     * Maps to: POST /v2/process-user-event
      */
-    checkUser(emailAddress: string, deviceId: string): Promise<any>;
+    processUserEvent(params: ProcessUserEventParams): Promise<ApiResult<ProcessUserEventResult>>;
     /**
-     * Triggers an email verification to be sent to the user.
-     *
-     * This method sends a verification email to the specified email address.
-     *
-     * @param {string} emailAddress - Email address to send the verification to
-     * @param {string} deviceId - device id for whom the code is being verified.
-     * @returns {Promise<any>} Response object from the email service containing verification details
+     * Check if a user is flagged in the naughty list.
+     * Maps to: GET /v2/check-user
+     *
+     * **Defensive default:** On any failure (network error, 4xx, 5xx, timeout) this
+     * method returns `{ success: true, data: { is_user_flagged: false } }` rather
+     * than surfacing the error. This ensures a backend outage never incorrectly
+     * blocks a legitimate user. As a consequence, a complete API outage is
+     * **invisible** to the caller — you cannot distinguish "user is clean" from
+     * "request failed" by inspecting the return value. Monitor API availability
+     * through your infrastructure metrics, not through this method's return value.
+     */
+    checkUser(emailAddress: string, deviceId: string): Promise<ApiResult<CheckUserResult>>;
+    checkUser(emailAddress: string, opts: {
+        deviceId?: string;
+        fingerprintId?: string;
+    }): Promise<ApiResult<CheckUserResult>>;
+    /**
+     * Send a 6-digit verification code to the user's email address.
+     * Maps to: POST /v2/trigger-email-verification
+     */
+    triggerEmailVerification(emailAddress: string, deviceId: string, opts?: {
+        fingerprintId?: string;
+    }): Promise<ApiResult<TriggerEmailVerificationResult>>;
+    /**
+     * Verify a 6-digit code submitted by the user.
+     * Maps to: POST /v2/verify
      *
-     * @throws {Error} Throws an error if:
-     *   - The emailAddress is not a valid email address
-     *   - The email service request fails or returns a non-OK status
+     * `result.success` reliably indicates whether verification succeeded:
+     * - `success: true`  → code was correct, user is verified
+     * - `success: false, error.code: "VERIFICATION_FAILED"` → wrong or expired code
+     * - `success: false, error.code: "DELIVERY_FAILED"` → network/server error
      *
-     * @example
      * ```typescript
-     * await client.triggerEmailVerification('user@example.com');
+     * const result = await client.verify(email, deviceId, code);
+     * if (!result.success) {
+     *   if (result.error?.code === 'VERIFICATION_FAILED') { /* bad code *\/ }
+     *   else { /* transport error *\/ }
+     * } else { /* verified *\/ }
      * ```
      */
-    triggerEmailVerification(emailAddress: string, deviceId: string): Promise<any>;
+    verify(emailAddress: string, deviceId: string, code: string, opts?: {
+        fingerprintId?: string;
+    }): Promise<ApiResult<VerifyResult>>;
     /**
-     * Verifies an email verification code for a user.
-     *
-     * This method validates a verification code that was sent to the user via email.
-     * The code is typically obtained from the user after they receive the verification email.
-     *
-     * @param {string} emailAddress - Email address for whom the code is being verified.
-     * @param {string} deviceId - device id for whom the code is being verified.
-     * @param {string} code - Verification code that was sent to the user's email
+     * Fetch the verification flow configuration for this company.
+     * Maps to: GET /v2/verification-flow-config
      *
-     * @returns {Promise<any>} Response object from the verification service containing:
-     *   - Verification status (success/failure)
-     *   - Additional verification details
+     * Returns the flow steps and branding configured by the Unshared Labs
+     * team for this company. The middleware uses this to render the
+     * verification overlay.
      *
-     * @throws {Error} Throws an error if:
-     *   - The verification service request fails
-     *   - The service returns a non-OK status (e.g., invalid code, expired code)
-     *
-     * @example
-     * ```typescript
-     * try {
-     *   const result = await client.verify('user@example.com', '123456');
-     *   console.log('Verification successful:', result);
-     * } catch (error) {
-     *   console.error('Verification failed:', error.message);
-     * }
-     * ```
+     * Returns `null` on any failure (network error, 4xx, 5xx) so the
+     * middleware can fall back to the default flow.
      */
-    verify(emailAddress: string, deviceId: string, code: string): Promise<any>;
+    getVerificationFlowConfig(): Promise<VerificationFlowConfigResult | null>;
 }

package/dist/client.js

@@ -1 +1 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0});const util_1=require("./util");class UnsharedLabsClient{constructor(t){this._apiBaseUrl="https://api.unsharedlabs.com",this._emailServiceUrl="https://emailservice.unsharedlabs.com",this._apiKey=t.apiKey,this._clientId=atob(t.clientId).trim(),t.baseUrl&&(this._apiBaseUrl=t.baseUrl),t.emailServiceUrl&&(this._emailServiceUrl=t.emailServiceUrl)}_getBasicAuthHeader(){const t=`${this._clientId}:${this._apiKey}`;return`Basic ${Buffer.from(t).toString("base64")}`}async submitEvent(t,e,i,a,r,s,n,c){try{const o=(0,util_1.encryptData)(e,this._apiKey),h=(0,util_1.encryptData)(i,this._apiKey),_=(0,util_1.encryptData)(a,this._apiKey),l=(0,util_1.encryptData)(r,this._apiKey),p=(0,util_1.encryptData)(s,this._apiKey),y={user_id:o,event_type:t,ip_address:h,device_id:_,session_hash:l,user_agent:p,client_timestamp:n,event_details:(0,util_1.encryptData)(c?JSON.stringify([...c.entries()]):null,this._apiKey)},u=await fetch(`${this._apiBaseUrl}/api/v1/submitEvent`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:this._getBasicAuthHeader()},body:JSON.stringify(y)});if(!u.ok){const t=await u.json().catch(()=>({error:u.statusText}));throw new Error(`API returned error: ${JSON.stringify(t)}`)}const d=await u.json();return{status:u.status,statusText:u.statusText,data:d}}catch(t){throw new Error(`Failed to call UnsharedLabs API: ${t instanceof Error?t.message:JSON.stringify(t)}`)}}async processUserEvent(t,e,i,a,r,s,n,c,o){try{const h=(0,util_1.encryptData)(e,this._apiKey),_=(0,util_1.encryptData)(i,this._apiKey),l=(0,util_1.encryptData)(a,this._apiKey),p=(0,util_1.encryptData)(r,this._apiKey),y=(0,util_1.encryptData)(s,this._apiKey),u=(0,util_1.encryptData)(n,this._apiKey),d={user_id:h,event_type:t,ip_address:_,device_id:l,session_hash:p,user_agent:y,email_address:u,event_details:(0,util_1.encryptData)(o?JSON.stringify([...o.entries()]):null,this._apiKey)};null!=c&&"string"==typeof c&&(d.subscription_status=c.trim());const f=await fetch(`${this._apiBaseUrl}/api/v1/processUserEvent`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:this._getBasicAuthHeader()},body:JSON.stringify(d)});return await f.json()}catch(t){return{success:!1,error:`Failed to process user event: ${t instanceof Error?t.message:JSON.stringify(t)}`}}}async checkUser(t,e){try{const i=(0,util_1.encryptData)(t,this._apiKey),a=(0,util_1.encryptData)(e,this._apiKey),r=new URLSearchParams({email_address:i||"",device_id:a||""}),s=await fetch(`${this._apiBaseUrl}/api/v1/checkUser?${r.toString()}`,{method:"GET",headers:{Authorization:this._getBasicAuthHeader()}});return await s.json()}catch(t){return{success:!1,error:`Failed to check user: ${t instanceof Error?t.message:JSON.stringify(t)}`}}}async triggerEmailVerification(t,e){try{if(!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(t))throw new Error("Invalid email address provided");const i=(0,util_1.encryptData)(t,this._apiKey),a=(0,util_1.encryptData)(e,this._apiKey),r=await fetch(`${this._emailServiceUrl}/api/trigger-email-verification`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:this._getBasicAuthHeader()},body:JSON.stringify({email_address:i,device_id:a})});if(!r.ok){const t=await r.json().catch(()=>({error:r.statusText}));throw new Error(`Email service returned error: ${JSON.stringify(t)}`)}return await r.json()}catch(t){throw new Error(`Failed to trigger email verification: ${t instanceof Error?t.message:JSON.stringify(t)}`)}}async verify(t,e,i){try{const a=(0,util_1.encryptData)(t,this._apiKey),r=(0,util_1.encryptData)(e,this._apiKey),s=(0,util_1.encryptData)(i,this._apiKey),n=await fetch(`${this._emailServiceUrl}/api/verify`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:this._getBasicAuthHeader()},body:JSON.stringify({email_address:a,device_id:r,code:s})});if(!n.ok){const t=await n.json().catch(()=>({error:n.statusText}));throw new Error(`Verification service returned error: ${JSON.stringify(t)}`)}return await n.json()}catch(t){throw new Error(`Failed to verify code: ${t instanceof Error?t.message:JSON.stringify(t)}`)}}}exports.default=UnsharedLabsClient;
+"use strict";Object.defineProperty(exports,"t",{value:!0}),exports.UnsharedLabsClient=void 0;const crypto_1=require("crypto"),util_1=require("./util"),DEFAULT_BASE_URL="https://api-ingress.unsharedlabs.com",DEFAULT_TIMEOUT_MS=1e4,DEFAULT_MAX_RETRIES=3,MAX_DELAY_MS=3e4,BASE_DELAY_MS=1e3;function sleep(e){return new Promise(s=>setTimeout(s,e))}function retryDelay(e){const s=Math.min(1e3*Math.pow(2,e-1),3e4),t=s*(.5*Math.random()-.25);return Math.max(0,s+t)}async function parseErrorBody(e){const s=await e.text().catch(()=>"");try{const t=JSON.parse(s);return t?.error?.code?{code:t.error.code,message:t.error.message??"Unknown error",details:t.error.details}:{code:"UNKNOWN_ERROR",message:s||e.statusText}}catch{return{code:"UNKNOWN_ERROR",message:s||e.statusText}}}class UnsharedLabsClient{constructor(e){if(!e.apiKey||""===e.apiKey.trim())throw new Error("apiKey is required");this.i=e.apiKey,this.o=e.baseUrl?e.baseUrl.replace(/\/$/,""):DEFAULT_BASE_URL,this.h=e.timeout??1e4,this.u=e.maxRetries??3,this.l=(0,crypto_1.createHash)("sha256").update(e.apiKey).digest()}_(e){return(0,util_1.encryptData)(e,this.l)}async p(e,s){const t=this.u+1;let r={success:!1,status:0,error:{code:"NETWORK_ERROR",message:"Request failed"}};for(let i=1;i<=t;i++){i>1&&await sleep(retryDelay(i-1));const t=new AbortController,n=setTimeout(()=>t.abort(),this.h);try{const i=await fetch(e,{method:s.method,headers:{"X-API-Key":this.i,...s.headers},body:s.body,signal:t.signal});if(clearTimeout(n),i.ok){const e=await i.text().catch(()=>"{}");let s;try{s=JSON.parse(e)}catch{s={}}const t="data"in s?s.data:s;return{success:!0,status:i.status,data:t}}const a=await parseErrorBody(i);if(i.status>=400&&i.status<500){if(429===i.status){const e=i.headers.get("Retry-After");if(null!=e){const s=parseInt(e,10);isNaN(s)||(a.retryAfter=s)}}return{success:!1,status:i.status,error:a}}r={success:!1,status:i.status,error:a}}catch(e){clearTimeout(n),r={success:!1,status:0,error:{code:"NETWORK_ERROR",message:e instanceof Error?e.message:String(e)}}}}return r}async submitFingerprintEvent(e,s){const t={hash:e.full_hash,stable_hash:e.fingerprint_id,collected_at:e.timestamp,is_incognito:e.isIncognito,components:e.components,version:e.version};return null!=s?.userId&&(t.user_id=this._(s.userId)),null!=s?.sessionHash&&(t.session_hash=s.sessionHash),null!=s?.eventType&&(t.event_type=s.eventType),null!=s?.ipAddress&&(t.ip_address=this._(s.ipAddress)),this.p(`${this.o}/v2/submit-fingerprint-event`,{method:"POST",headers:{"Content-Type":"application/json","X-Idempotency-Key":(0,crypto_1.randomUUID)()},body:JSON.stringify(t)})}async processUserEvent(e){const s={event_type:e.eventType,user_id:this._(e.userId),ip_address:this._(e.ipAddress),device_id:this._(e.deviceId),session_hash:e.sessionHash,user_agent:this._(e.userAgent),email_address:this._(e.emailAddress)};return null!=e.fingerprintId&&(s.fingerprint_id=this._(e.fingerprintId)),null!=e.subscriptionStatus&&(s.subscription_status=e.subscriptionStatus),null!=e.eventDetails&&(s.event_details=e.eventDetails),this.p(`${this.o}/v2/process-user-event`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(s)})}async checkUser(e,s){const t="string"==typeof s?{deviceId:s}:s;if(!t.deviceId&&!t.fingerprintId)return{success:!0,status:200,data:{is_user_flagged:!1}};const r=new URLSearchParams;r.set("email_address",this._(e)),t.deviceId&&r.set("device_id",this._(t.deviceId)),t.fingerprintId&&r.set("fingerprint_id",this._(t.fingerprintId));const i=await this.p(`${this.o}/v2/check-user?${r}`,{method:"GET"});return i.success?i:{success:!0,status:200,data:{is_user_flagged:!1}}}async triggerEmailVerification(e,s,t){const r={email_address:this._(e),device_id:this._(s)};t?.fingerprintId&&(r.fingerprint_id=this._(t.fingerprintId));const i=await this.p(`${this.o}/v2/trigger-email-verification`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(r)});return!i.success&&(0===i.status||i.status>=500)?{success:!1,status:i.status,error:{code:"DELIVERY_FAILED",message:i.error?.message??"Delivery failed"}}:i}async verify(e,s,t,r){const i={email_address:this._(e),device_id:this._(s),code:this._(t)};r?.fingerprintId&&(i.fingerprint_id=this._(r.fingerprintId));const n=await this.p(`${this.o}/v2/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(i)});return!n.success&&(0===n.status||n.status>=500)?{success:!1,status:n.status,error:{code:"DELIVERY_FAILED",message:n.error?.message??"Delivery failed"}}:n.success&&!1===n.data?.verified?{success:!1,status:n.status,error:{code:"VERIFICATION_FAILED",message:"Code is incorrect or expired",details:n.data.reason?{reason:n.data.reason}:void 0}}:n}async getVerificationFlowConfig(){const e=await this.p(`${this.o}/v2/verification-flow-config`,{method:"GET"});return e.success&&e.data?e.data:null}}exports.UnsharedLabsClient=UnsharedLabsClient;