zapier-platform-core 17.1.0 → 17.3.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "zapier-platform-core",
-  "version": "17.1.0",
+  "version": "17.3.0",
   "description": "The core SDK for CLI apps in the Zapier Developer Platform.",
   "repository": "zapier/zapier-platform",
   "homepage": "https://platform.zapier.com/",
@@ -55,6 +55,7 @@
     "@zapier/secret-scrubber": "^1.1.2",
     "content-disposition": "0.5.4",
     "dotenv": "16.5.0",
+    "fernet": "^0.3.3",
     "form-data": "4.0.1",
     "lodash": "4.17.21",
     "mime-types": "2.1.35",
@@ -62,7 +63,7 @@
     "node-fetch": "2.7.0",
     "oauth-sign": "0.9.0",
     "semver": "7.7.1",
-    "zapier-platform-schema": "17.1.0"
+    "zapier-platform-schema": "17.3.0"
   },
   "devDependencies": {
     "@types/node-fetch": "^2.6.11",

package/src/app-middlewares/before/fetch-stashed-bundle.js

@@ -0,0 +1,43 @@
+'use strict';
+
+const _ = require('lodash');
+const fetch = require('../../tools/fetch');
+const { StashedBundleError } = require('../../errors');
+const { withRetry } = require('../../tools/retry-utils');
+const { decryptBundleWithSecret } = require('../../tools/bundle-encryption');
+
+const fetchStashedBundle = async (input) => {
+  const stashedBundleKey = _.get(
+    input,
+    '_zapier.event.stashedBundleKey',
+    undefined,
+  );
+  const rpc = _.get(input, '_zapier.rpc');
+  const secret = process.env._ZAPIER_ONE_TIME_SECRET;
+  if (stashedBundleKey && secret) {
+    // Use the RPC to get a presigned URL for downloading the data
+    const rpcResponse = await rpc(
+      'get_presigned_download_url',
+      stashedBundleKey,
+    );
+    const response = await withRetry(() => fetch(rpcResponse.url));
+    if (!response.ok) {
+      const errorMessage = `Failed to read stashed bundle. Status: ${response.status} ${response.statusText}`;
+      throw new StashedBundleError(errorMessage);
+    }
+
+    try {
+      const responseText = await response.text();
+      // Decrypt the bundle
+      const stashedBundle = decryptBundleWithSecret(responseText, secret);
+
+      // Set the bundle to the stashedBundle value
+      _.set(input, '_zapier.event.bundle', stashedBundle);
+    } catch (error) {
+      throw new StashedBundleError(error.message);
+    }
+  }
+  return input;
+};
+
+module.exports = fetchStashedBundle;

package/src/create-app.js

@@ -7,6 +7,7 @@ const schemaTools = require('./tools/schema');
 // before middles
 const injectZObject = require('./app-middlewares/before/z-object');
 const addAppContext = require('./app-middlewares/before/add-app-context');
+const fetchStashedBundle = require('./app-middlewares/before/fetch-stashed-bundle');
 
 // after middles
 const checkOutput = require('./app-middlewares/after/checks');
@@ -27,6 +28,7 @@ const createApp = (appRaw) => {
 
   // standard before middlewares
   const befores = [
+    fetchStashedBundle,
     addAppContext,
     injectZObject,
     ...ensureArray(frozenCompiledApp.beforeApp),

package/src/errors.js

@@ -79,6 +79,7 @@ const names = [
   'NotImplementedError',
   'RefreshAuthError',
   'RequireModuleError',
+  'StashedBundleError',
   'StopRequestError',
 ];
 

package/src/tools/bundle-encryption.js

@@ -0,0 +1,57 @@
+'use strict';
+
+const crypto = require('crypto');
+const fernet = require('fernet');
+
+/**
+ * Decrypt a bundle using secret key
+ *
+ * This matches the backend:
+ * 1. Hash the secret with SHA256 to get 32 bytes
+ * 2. Base64url encode those bytes to make Fernet-compatible key
+ * 3. Use Fernet library to decrypt (handles all token parsing internally)
+ *
+ * @param {string} bundle - The bundle represented as an encrypted token
+ * @param {string} secret - The secret key for decryption
+ * @returns {Object} The decrypted bundle object
+ */
+const decryptBundleWithSecret = (bundle, secret) => {
+  try {
+    // Validate input
+    if (!bundle || typeof bundle !== 'string') {
+      throw new Error('Invalid object from s3 - must be a non-empty string');
+    }
+
+    if (!secret || typeof secret !== 'string') {
+      throw new Error('Invalid secret - must be a non-empty string');
+    }
+
+    // Create the same key as backend
+    // Hash the secret and take first 32 bytes, then base64url encode for Fernet
+    const keyHash = crypto.createHash('sha256').update(secret).digest();
+    const keyBytes = keyHash.subarray(0, 32); // Take first 32 bytes
+    const fernetKey = keyBytes.toString('base64url'); // Use built-in base64url encoding
+
+    // Use Fernet library to decrypt (handles all the token parsing)
+    const token = new fernet.Token({
+      secret: new fernet.Secret(fernetKey),
+      token: bundle,
+      ttl: 0,
+    });
+
+    const decrypted = token.decode();
+
+    // Parse JSON
+    try {
+      return JSON.parse(decrypted);
+    } catch (error) {
+      throw new Error('Invalid JSON in decrypted bundle');
+    }
+  } catch (error) {
+    throw new Error(`Bundle decryption failed: ${error.message}`);
+  }
+};
+
+module.exports = {
+  decryptBundleWithSecret,
+};

package/src/tools/create-response-stasher.js

@@ -3,19 +3,7 @@
 const _ = require('lodash');
 const uploader = require('./uploader');
 const crypto = require('crypto');
-
-const withRetry = async (fn, retries = 3, delay = 100, attempt = 0) => {
-  try {
-    return await fn();
-  } catch (error) {
-    if (attempt >= retries) {
-      throw error;
-    }
-
-    await new Promise((resolve) => setTimeout(resolve, delay));
-    return withRetry(fn, retries, delay, attempt + 1);
-  }
-};
+const { withRetry } = require('./retry-utils');
 
 // responseStasher uploads the data and returns the URL that points to that data.
 const stashResponse = async (input, response) => {

package/src/tools/fetch-logger.js

@@ -56,11 +56,16 @@ const isZapierUserAgent = (headers) =>
   _.get(headers, 'user-agent', []).indexOf('Zapier') !== -1;
 
 const shouldIncludeResponseContent = (contentType) => {
+  if (!contentType) {
+    return false;
+  }
+
   for (const ctype of ALLOWED_HTTP_DATA_CONTENT_TYPES) {
     if (contentType.includes(ctype)) {
       return true;
     }
   }
+
   return false;
 };
 

package/src/tools/http.js

@@ -9,7 +9,8 @@ const HTML_TYPE = 'text/html';
 const TEXT_TYPE = 'text/plain';
 const TEXT_TYPE_UTF8 = 'text/plain; charset=utf-8';
 const YAML_TYPE = 'application/yaml';
-const XML_TYPE = 'application/xml';
+const XML_TEXT_TYPE = 'text/xml';
+const XML_APPLICATION_TYPE = 'application/xml';
 const JSONAPI_TYPE = 'application/vnd.api+json';
 
 const ALLOWED_HTTP_DATA_CONTENT_TYPES = new Set([
@@ -20,7 +21,8 @@ const ALLOWED_HTTP_DATA_CONTENT_TYPES = new Set([
   TEXT_TYPE,
   TEXT_TYPE_UTF8,
   YAML_TYPE,
-  XML_TYPE,
+  XML_TEXT_TYPE,
+  XML_APPLICATION_TYPE,
   JSONAPI_TYPE,
 ]);
 
@@ -122,7 +124,8 @@ module.exports = {
   HTML_TYPE,
   TEXT_TYPE,
   YAML_TYPE,
-  XML_TYPE,
+  XML_TEXT_TYPE,
+  XML_APPLICATION_TYPE,
   JSONAPI_TYPE,
   ALLOWED_HTTP_DATA_CONTENT_TYPES,
   getContentType,

package/src/tools/retry-utils.js

@@ -0,0 +1,32 @@
+'use strict';
+
+/**
+ * Retry a function with exponential backoff
+ * @param {Function} fn - The function to retry
+ * @param {number} retries - Maximum number of retries (default: 3)
+ * @param {number} delay - Initial delay in milliseconds (default: 100)
+ * @param {number} attempt - Current attempt number (internal use)
+ * @returns {Promise} The result of the function call
+ */
+const withRetry = async (fn, retries = 3, delay = 100, attempt = 0) => {
+  try {
+    return await fn();
+  } catch (error) {
+    if (attempt >= retries) {
+      // Create an enhanced error with retry information
+      const retryError = new Error(
+        `Request failed after ${retries + 1} attempts. ` +
+          `Last error: ${error.message}.`,
+      );
+
+      throw retryError;
+    }
+
+    await new Promise((resolve) => setTimeout(resolve, delay));
+    return withRetry(fn, retries, delay, attempt + 1);
+  }
+};
+
+module.exports = {
+  withRetry,
+};

package/types/custom.d.ts

@@ -18,10 +18,15 @@ export const createAppTester: (
   options?: { customStoreKey?: string },
 ) => <T, B extends Bundle>(
   func: (z: ZObject, bundle: B) => T | Promise<T>,
-  bundle?: Partial<B>, // partial so we don't have to make a full bundle in tests
+  bundle?: DeepPartial<B>, // partial so we don't have to make a full bundle in tests
   clearZcacheBeforeUse?: boolean,
 ) => Promise<T>; // appTester always returns a promise
 
+/** Recursively make all properties of an object optional. */
+type DeepPartial<T> = T extends object
+  ? { [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P] }
+  : T;
+
 type HttpMethod =
   | 'GET'
   | 'POST'

package/types/functions.d.ts

@@ -2,9 +2,16 @@ import type { Bundle, ZObject } from './custom';
 
 type DefaultInputData = Record<string, unknown>;
 
+/**
+ * Wraps a `perform` function that is used to poll for data from an API.
+ * By default must return an array of objects with an `id` field, but
+ * when one or more output fields have `primary:true` set on them, this
+ * can be overridden by setting the second type parameter to a type with
+ * those keys.
+ */
 export type PollingTriggerPerform<
   $InputData extends DefaultInputData = DefaultInputData,
-  $Return extends { id: string } = { id: string }, // Primary key stuff later?
+  $Return extends {} = { id: string },
 > = (z: ZObject, bundle: Bundle<$InputData>) => $Return[] | Promise<$Return[]>;
 
 /**

package/types/functions.test-d.ts

@@ -0,0 +1,18 @@
+import { expectAssignable } from 'tsd';
+import type { PollingTriggerPerform } from './functions';
+
+const simplePerform = (async (z, bundle) => {
+  return [{ id: '1', name: 'test' }];
+}) satisfies PollingTriggerPerform;
+
+expectAssignable<PollingTriggerPerform<{}, { id: string; name: string }>>(
+  simplePerform,
+);
+
+const primaryKeyOverridePerform = (async (z, bundle) => {
+  return [{ itemId: 123, name: 'test' }];
+}) satisfies PollingTriggerPerform<{}, { itemId: number; name: string }>;
+
+expectAssignable<PollingTriggerPerform<{}, { itemId: number; name: string }>>(
+  primaryKeyOverridePerform,
+);

package/types/schemas.generated.d.ts

@@ -4,7 +4,7 @@
  * files, and/or the schema-to-ts tool and run its CLI to regenerate
  * these typings.
  *
- * zapier-platform-schema version: 17.1.0
+ * zapier-platform-schema version: 17.2.0
  *  schema-to-ts compiler version: 0.1.0
  */
 import type {
@@ -906,6 +906,12 @@ export interface BasicPollingOperation<
   /** What should the form a user sees and configures look like? */
   inputFields?: $InputFields;
 
+  /**
+   * Defines groups for organizing input fields in the UI. Each group
+   * can have a key, label, and emphasis styling.
+   */
+  inputFieldGroups?: InputFieldGroups;
+
   /**
    * What fields of data will this return? Will use resource
    * outputFields if missing, will also use sample if available.
@@ -995,6 +1001,12 @@ export interface BasicHookOperation<
   /** What should the form a user sees and configures look like? */
   inputFields?: $InputFields;
 
+  /**
+   * Defines groups for organizing input fields in the UI. Each group
+   * can have a key, label, and emphasis styling.
+   */
+  inputFieldGroups?: InputFieldGroups;
+
   /**
    * What fields of data will this return? Will use resource
    * outputFields if missing, will also use sample if available.
@@ -1049,6 +1061,12 @@ export interface BasicHookToPollOperation<
   /** What should the form a user sees and configures look like? */
   inputFields?: $InputFields;
 
+  /**
+   * Defines groups for organizing input fields in the UI. Each group
+   * can have a key, label, and emphasis styling.
+   */
+  inputFieldGroups?: InputFieldGroups;
+
   /**
    * What fields of data will this return? Will use resource
    * outputFields if missing, will also use sample if available.
@@ -1103,6 +1121,12 @@ export interface BasicActionOperation {
   /** What should the form a user sees and configures look like? */
   inputFields?: InputFields;
 
+  /**
+   * Defines groups for organizing input fields in the UI. Each group
+   * can have a key, label, and emphasis styling.
+   */
+  inputFieldGroups?: InputFieldGroups;
+
   /**
    * What fields of data will this return? Will use resource
    * outputFields if missing, will also use sample if available.
@@ -1164,6 +1188,12 @@ export interface BasicSearchOperation<
   /** What should the form a user sees and configures look like? */
   inputFields?: $InputFields;
 
+  /**
+   * Defines groups for organizing input fields in the UI. Each group
+   * can have a key, label, and emphasis styling.
+   */
+  inputFieldGroups?: InputFieldGroups;
+
   /**
    * What fields of data will this return? Will use resource
    * outputFields if missing, will also use sample if available.
@@ -1227,6 +1257,12 @@ export interface BasicCreateOperation<
   /** What should the form a user sees and configures look like? */
   inputFields?: $InputFields;
 
+  /**
+   * Defines groups for organizing input fields in the UI. Each group
+   * can have a key, label, and emphasis styling.
+   */
+  inputFieldGroups?: InputFieldGroups;
+
   /**
    * What fields of data will this return? Will use resource
    * outputFields if missing, will also use sample if available.
@@ -1305,6 +1341,12 @@ export interface BasicOperation {
   /** What should the form a user sees and configures look like? */
   inputFields?: InputFields;
 
+  /**
+   * Defines groups for organizing input fields in the UI. Each group
+   * can have a key, label, and emphasis styling.
+   */
+  inputFieldGroups?: InputFieldGroups;
+
   /**
    * What fields of data will this return? Will use resource
    * outputFields if missing, will also use sample if available.
@@ -1412,6 +1454,13 @@ export interface PlainOutputField {
   steadyState?: boolean;
 }
 
+/** An array or collection of input field groups. */
+export type InputFieldGroups = {
+  key: Key;
+  label: string;
+  emphasize: boolean;
+}[];
+
 /**
  * Zapier uses this configuration to ensure this action is performed
  * one at a time per scope (avoid concurrency).
@@ -1613,6 +1662,12 @@ export interface PlainInputField {
    * Supports simple key-values only (no sub-objects or arrays).
    */
   meta?: FieldMeta;
+
+  /**
+   * References a group key from the operation's inputFieldGroups to
+   * organize this field with others.
+   */
+  group?: Key;
 }
 
 /**