zubbl-sdk 1.1.7 → 1.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/zubbl-sdk.cjs.js +56 -2
  2. package/dist/zubbl-sdk.esm.js +56 -3
  3. package/dist/zubbl-sdk.umd.js +56 -2
  4. package/package.json +1 -1
package/dist/zubbl-sdk.cjs.js CHANGED
@@ -37,6 +37,7 @@ function init({
37
37
 
38
38
  /**
39
39
  * Identify a user by email (and optional name).
40
+ * Backend will return or generate a valid UUID for external_user_id.
40
41
  */
41
42
  async function identifyUser({ email, name }) {
42
43
  if (!config.apiKey || !config.tenantId || !config.appId) {
@@ -60,15 +61,37 @@ async function identifyUser({ email, name }) {
60
61
  { email, name },
61
62
  { headers }
62
63
  );
64
+
65
+ const { external_user_id } = response.data;
66
+ if (!external_user_id) {
67
+ throw new Error("Backend did not return external_user_id");
68
+ }
69
+
70
+ // ✅ Ensure UUID format
71
+ const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
72
+ if (!uuidRegex.test(external_user_id)) {
73
+ throw new Error(`Invalid external_user_id received: ${external_user_id}`);
74
+ }
75
+
63
76
  return response.data;
64
77
  }
65
78
 
79
+ /**
80
+ * Fetch effective tiles for a given user.
81
+ * Requires valid external_user_id (UUID).
82
+ */
66
83
  async function getTiles({ external_user_id, app_id = null }) {
67
84
  if (!config.apiKey || !config.tenantId || !config.appId) {
68
85
  throw new Error("Zubbl SDK not initialized");
69
86
  }
70
87
  if (!external_user_id) throw new Error("external_user_id is required");
71
88
 
89
+ // ✅ Validate UUID format
90
+ const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
91
+ if (!uuidRegex.test(external_user_id)) {
92
+ throw new Error(`Invalid external_user_id: ${external_user_id}. Must be UUID.`);
93
+ }
94
+
72
95
  const headers = {
73
96
  Authorization: `Bearer ${config.apiKey}`,
74
97
  "X-Tenant-Id": config.tenantId,
@@ -80,9 +103,7 @@ async function getTiles({ external_user_id, app_id = null }) {
80
103
  headers["X-Zubbl-Internal-Call"] = "true";
81
104
  }
82
105
 
83
- // Use API endpoint for "effective" tile rules!
84
106
  const params = new URLSearchParams({ external_user_id });
85
- // Use explicit app_id if passed (or config default)
86
107
  params.set("app_id", app_id || config.appId);
87
108
 
88
109
  const response = await axios.get(
@@ -91,7 +112,40 @@ async function getTiles({ external_user_id, app_id = null }) {
91
112
  );
92
113
  return response.data;
93
114
  }
115
+ async function enforce({ external_user_id, app_id = null }) {
116
+ if (!config.apiKey || !config.tenantId || !config.appId) {
117
+ throw new Error("Zubbl SDK not initialized");
118
+ }
119
+ if (!external_user_id) throw new Error("external_user_id is required");
120
+
121
+ const headers = {
122
+ Authorization: `Bearer ${config.apiKey}`,
123
+ "X-Tenant-Id": config.tenantId,
124
+ "X-App-Id": app_id || config.appId,
125
+ "X-External-User-Id": external_user_id,
126
+ "Content-Type": "application/json",
127
+ };
128
+ if (config.injectWorkerHeaders && config.workerSecret) {
129
+ headers["X-Zubbl-Worker-Secret"] = config.workerSecret;
130
+ headers["X-Zubbl-Internal-Call"] = "true";
131
+ }
132
+
133
+ try {
134
+ const resp = await axios.post(
135
+ `${config.baseUrl.replace(/\/$/, "")}/sdk/test-enforcement`,
136
+ {},
137
+ { headers }
138
+ );
139
+ return { decision: "allow", status: resp.status, data: resp.data };
140
+ } catch (e) {
141
+ if (e.response && e.response.status === 429) {
142
+ return { decision: "block", status: 429, data: e.response.data };
143
+ }
144
+ throw e;
145
+ }
146
+ }
94
147
 
148
+ exports.enforce = enforce;
95
149
  exports.getTiles = getTiles;
96
150
  exports.identifyUser = identifyUser;
97
151
  exports.init = init;
package/dist/zubbl-sdk.esm.js CHANGED
@@ -35,6 +35,7 @@ function init({
35
35
 
36
36
  /**
37
37
  * Identify a user by email (and optional name).
38
+ * Backend will return or generate a valid UUID for external_user_id.
38
39
  */
39
40
  async function identifyUser({ email, name }) {
40
41
  if (!config.apiKey || !config.tenantId || !config.appId) {
@@ -58,15 +59,37 @@ async function identifyUser({ email, name }) {
58
59
  { email, name },
59
60
  { headers }
60
61
  );
62
+
63
+ const { external_user_id } = response.data;
64
+ if (!external_user_id) {
65
+ throw new Error("Backend did not return external_user_id");
66
+ }
67
+
68
+ // ✅ Ensure UUID format
69
+ const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
70
+ if (!uuidRegex.test(external_user_id)) {
71
+ throw new Error(`Invalid external_user_id received: ${external_user_id}`);
72
+ }
73
+
61
74
  return response.data;
62
75
  }
63
76
 
77
+ /**
78
+ * Fetch effective tiles for a given user.
79
+ * Requires valid external_user_id (UUID).
80
+ */
64
81
  async function getTiles({ external_user_id, app_id = null }) {
65
82
  if (!config.apiKey || !config.tenantId || !config.appId) {
66
83
  throw new Error("Zubbl SDK not initialized");
67
84
  }
68
85
  if (!external_user_id) throw new Error("external_user_id is required");
69
86
 
87
+ // ✅ Validate UUID format
88
+ const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
89
+ if (!uuidRegex.test(external_user_id)) {
90
+ throw new Error(`Invalid external_user_id: ${external_user_id}. Must be UUID.`);
91
+ }
92
+
70
93
  const headers = {
71
94
  Authorization: `Bearer ${config.apiKey}`,
72
95
  "X-Tenant-Id": config.tenantId,
@@ -78,9 +101,7 @@ async function getTiles({ external_user_id, app_id = null }) {
78
101
  headers["X-Zubbl-Internal-Call"] = "true";
79
102
  }
80
103
 
81
- // Use API endpoint for "effective" tile rules!
82
104
  const params = new URLSearchParams({ external_user_id });
83
- // Use explicit app_id if passed (or config default)
84
105
  params.set("app_id", app_id || config.appId);
85
106
 
86
107
  const response = await axios.get(
@@ -89,5 +110,37 @@ async function getTiles({ external_user_id, app_id = null }) {
89
110
  );
90
111
  return response.data;
91
112
  }
113
+ async function enforce({ external_user_id, app_id = null }) {
114
+ if (!config.apiKey || !config.tenantId || !config.appId) {
115
+ throw new Error("Zubbl SDK not initialized");
116
+ }
117
+ if (!external_user_id) throw new Error("external_user_id is required");
118
+
119
+ const headers = {
120
+ Authorization: `Bearer ${config.apiKey}`,
121
+ "X-Tenant-Id": config.tenantId,
122
+ "X-App-Id": app_id || config.appId,
123
+ "X-External-User-Id": external_user_id,
124
+ "Content-Type": "application/json",
125
+ };
126
+ if (config.injectWorkerHeaders && config.workerSecret) {
127
+ headers["X-Zubbl-Worker-Secret"] = config.workerSecret;
128
+ headers["X-Zubbl-Internal-Call"] = "true";
129
+ }
130
+
131
+ try {
132
+ const resp = await axios.post(
133
+ `${config.baseUrl.replace(/\/$/, "")}/sdk/test-enforcement`,
134
+ {},
135
+ { headers }
136
+ );
137
+ return { decision: "allow", status: resp.status, data: resp.data };
138
+ } catch (e) {
139
+ if (e.response && e.response.status === 429) {
140
+ return { decision: "block", status: 429, data: e.response.data };
141
+ }
142
+ throw e;
143
+ }
144
+ }
92
145
 
93
- export { getTiles, identifyUser, init };
146
+ export { enforce, getTiles, identifyUser, init };
package/dist/zubbl-sdk.umd.js CHANGED
@@ -39,6 +39,7 @@
39
39
 
40
40
  /**
41
41
  * Identify a user by email (and optional name).
42
+ * Backend will return or generate a valid UUID for external_user_id.
42
43
  */
43
44
  async function identifyUser({ email, name }) {
44
45
  if (!config.apiKey || !config.tenantId || !config.appId) {
@@ -62,15 +63,37 @@
62
63
  { email, name },
63
64
  { headers }
64
65
  );
66
+
67
+ const { external_user_id } = response.data;
68
+ if (!external_user_id) {
69
+ throw new Error("Backend did not return external_user_id");
70
+ }
71
+
72
+ // ✅ Ensure UUID format
73
+ const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
74
+ if (!uuidRegex.test(external_user_id)) {
75
+ throw new Error(`Invalid external_user_id received: ${external_user_id}`);
76
+ }
77
+
65
78
  return response.data;
66
79
  }
67
80
 
81
+ /**
82
+ * Fetch effective tiles for a given user.
83
+ * Requires valid external_user_id (UUID).
84
+ */
68
85
  async function getTiles({ external_user_id, app_id = null }) {
69
86
  if (!config.apiKey || !config.tenantId || !config.appId) {
70
87
  throw new Error("Zubbl SDK not initialized");
71
88
  }
72
89
  if (!external_user_id) throw new Error("external_user_id is required");
73
90
 
91
+ // ✅ Validate UUID format
92
+ const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
93
+ if (!uuidRegex.test(external_user_id)) {
94
+ throw new Error(`Invalid external_user_id: ${external_user_id}. Must be UUID.`);
95
+ }
96
+
74
97
  const headers = {
75
98
  Authorization: `Bearer ${config.apiKey}`,
76
99
  "X-Tenant-Id": config.tenantId,
@@ -82,9 +105,7 @@
82
105
  headers["X-Zubbl-Internal-Call"] = "true";
83
106
  }
84
107
 
85
- // Use API endpoint for "effective" tile rules!
86
108
  const params = new URLSearchParams({ external_user_id });
87
- // Use explicit app_id if passed (or config default)
88
109
  params.set("app_id", app_id || config.appId);
89
110
 
90
111
  const response = await axios.get(
@@ -93,7 +114,40 @@
93
114
  );
94
115
  return response.data;
95
116
  }
117
+ async function enforce({ external_user_id, app_id = null }) {
118
+ if (!config.apiKey || !config.tenantId || !config.appId) {
119
+ throw new Error("Zubbl SDK not initialized");
120
+ }
121
+ if (!external_user_id) throw new Error("external_user_id is required");
122
+
123
+ const headers = {
124
+ Authorization: `Bearer ${config.apiKey}`,
125
+ "X-Tenant-Id": config.tenantId,
126
+ "X-App-Id": app_id || config.appId,
127
+ "X-External-User-Id": external_user_id,
128
+ "Content-Type": "application/json",
129
+ };
130
+ if (config.injectWorkerHeaders && config.workerSecret) {
131
+ headers["X-Zubbl-Worker-Secret"] = config.workerSecret;
132
+ headers["X-Zubbl-Internal-Call"] = "true";
133
+ }
134
+
135
+ try {
136
+ const resp = await axios.post(
137
+ `${config.baseUrl.replace(/\/$/, "")}/sdk/test-enforcement`,
138
+ {},
139
+ { headers }
140
+ );
141
+ return { decision: "allow", status: resp.status, data: resp.data };
142
+ } catch (e) {
143
+ if (e.response && e.response.status === 429) {
144
+ return { decision: "block", status: 429, data: e.response.data };
145
+ }
146
+ throw e;
147
+ }
148
+ }
96
149
 
150
+ exports.enforce = enforce;
97
151
  exports.getTiles = getTiles;
98
152
  exports.identifyUser = identifyUser;
99
153
  exports.init = init;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "zubbl-sdk",
3
- "version": "1.1.7",
3
+ "version": "1.1.9",
4
4
  "description": "Zubbl SDK for secure policy enforcement (browser, Node, universal)",
5
5
  "main": "dist/zubbl-sdk.cjs.js",
6
6
  "module": "dist/zubbl-sdk.esm.js",