dragonflight/services/premiere-plugin-uxp/src/api.js

// Dragonflight API client. Wraps UXP's fetch() with the Bearer header and
// handles the cross-origin-redirect quirk (UXP strips Authorization across
// hosts as a security fix — we follow such redirects manually).
//
// Persists serverUrl + apiToken in localStorage so the panel reconnects on
// reopen.

(function () {
  const API = {};
  const LS_URL   = 'df.uxp.serverUrl';
  const LS_TOKEN = 'df.uxp.apiToken';

  API.state = {
    serverUrl: localStorage.getItem(LS_URL)   || '',
    apiToken:  localStorage.getItem(LS_TOKEN) || '',
    connected: false,
  };

  API.save = function () {
    localStorage.setItem(LS_URL,   API.state.serverUrl);
    localStorage.setItem(LS_TOKEN, API.state.apiToken);
  };

  API.clear = function () {
    API.state.serverUrl = '';
    API.state.apiToken  = '';
    API.state.connected = false;
    localStorage.removeItem(LS_URL);
    localStorage.removeItem(LS_TOKEN);
  };

  function trimUrl(u) { return String(u || '').replace(/\/+$/, ''); }

  // Core request. `url` may be a path (joined to serverUrl) or absolute.
  // Auth header is added only for requests to our own serverUrl.
  API.request = async function (urlOrPath, opts) {
    opts = opts || {};
    const isAbs = /^https?:\/\//i.test(urlOrPath);
    const base  = trimUrl(API.state.serverUrl);
    const url   = isAbs ? urlOrPath : (base + urlOrPath);
    const headers = Object.assign({}, opts.headers || {});
    if (!isAbs || url.indexOf(base) === 0) {
      if (API.state.apiToken) headers['Authorization'] = 'Bearer ' + API.state.apiToken;
    }
    // UXP fetch supports standard options. Don't pass `credentials` — UXP
    // doesn't ship a cookie jar and warns about unsupported values.
    return fetch(url, Object.assign({}, opts, { headers }));
  };

  API.json = async function (path, opts) {
    const r = await API.request(path, opts);
    if (!r.ok) {
      const text = await r.text().catch(() => '');
      throw new Error('HTTP ' + r.status + (text ? ' — ' + text.slice(0, 200) : ''));
    }
    return r.json();
  };

  // GET /api/v1/auth/me — used as the connect probe. Returns 200 on a valid
  // bearer, 401 otherwise.
  API.connect = async function (serverUrl, apiToken) {
    API.state.serverUrl = trimUrl(serverUrl);
    API.state.apiToken  = String(apiToken || '').trim();
    if (!API.state.serverUrl || !API.state.apiToken) {
      throw new Error('Server URL and API token are required');
    }
    const me = await API.json('/api/v1/auth/me');
    API.state.connected = true;
    API.save();
    return me;
  };

  API.disconnect = function () {
    API.clear();
  };

  // Asset list. The web UI calls /api/v1/assets?... — we mirror that.
  API.listAssets = async function (query) {
    const params = new URLSearchParams();
    if (query) params.set('q', query);
    params.set('limit', '60');
    return API.json('/api/v1/assets?' + params.toString());
  };

  // Resolve a proxy stream URL → returns an absolute URL we can fetch.
  // /stream returns { url: '/api/v1/assets/<id>/video', type: 'mp4', source }.
  API.getProxyUrl = async function (assetId) {
    const data = await API.json('/api/v1/assets/' + assetId + '/stream');
    if (!data || !data.url) throw new Error('Asset has no proxy');
    const u = data.url;
    const abs = /^https?:\/\//i.test(u) ? u : trimUrl(API.state.serverUrl) + u;
    return { url: abs, source: data.source || 'proxy' };
  };

  // Resolve a hi-res URL → returns a presigned S3 URL (off-host).
  // /hires returns { url, filename, ext, file_size, type: 'hires' }.
  API.getHiresInfo = async function (assetId) {
    const data = await API.json('/api/v1/assets/' + assetId + '/hires');
    if (!data || !data.url) throw new Error('Asset has no hi-res source');
    return data;
  };

  window.API = API;
})();
feat(premiere-plugin-uxp): v2.0.0 — UXP port replacing CEP for import CEP `csInterface.evalScript` callback is broken in Premiere Pro 26.0.x — nothing called from the panel ever returns, so importFiles deadlocks. Adobe's path forward is UXP. This is the minimum viable port that restores the Import Proxy / Import Hi-Res workflow. Scope (v2.0.0): - Connect to a Dragonflight server (URL + Bearer token; persisted) - Asset library (search, refresh, grid with thumbnails) - Import Proxy via streamed download → Project.importFiles - Import Hi-Res via presigned S3 URL → Project.importFiles Layout: manifest.json UXP v5, host=premierepro, minVersion=26.0.0 index.html Panel shell styles.css Mirrors web UI dark tokens src/ui.js DOM helpers, toast, progress, formatting src/api.js HTTP client (Bearer; manual redirect-follow drops auth when hopping to a different host per UXP security policy) src/library.js Asset grid render + selection src/import-flow.js Streaming download (fs.createWriteStream) + premierepro.Project.importFiles into rootBin src/main.js Bootstrap, event wiring build/pack.mjs Packs into .ccx; installs via UnifiedPluginInstallerAgent Coexists with services/premiere-plugin/ (CEP) — keeps the CEP panel for any features that still work there while running v2.0.0 for import. Future v2.x will add live preview, conform, timeline export, settings. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> 2026-05-28 00:19:28 -04:00			`// Dragonflight API client. Wraps UXP's fetch() with the Bearer header and`
			`// handles the cross-origin-redirect quirk (UXP strips Authorization across`
			`// hosts as a security fix — we follow such redirects manually).`
			`//`
			`// Persists serverUrl + apiToken in localStorage so the panel reconnects on`
			`// reopen.`

			`(function () {`
			`const API = {};`
			`const LS_URL = 'df.uxp.serverUrl';`
			`const LS_TOKEN = 'df.uxp.apiToken';`

			`API.state = {`
			`serverUrl: localStorage.getItem(LS_URL) \|\| '',`
			`apiToken: localStorage.getItem(LS_TOKEN) \|\| '',`
			`connected: false,`
			`};`

			`API.save = function () {`
			`localStorage.setItem(LS_URL, API.state.serverUrl);`
			`localStorage.setItem(LS_TOKEN, API.state.apiToken);`
			`};`

			`API.clear = function () {`
			`API.state.serverUrl = '';`
			`API.state.apiToken = '';`
			`API.state.connected = false;`
			`localStorage.removeItem(LS_URL);`
			`localStorage.removeItem(LS_TOKEN);`
			`};`

			`function trimUrl(u) { return String(u \|\| '').replace(/\/+$/, ''); }`

			// Core request. `url` may be a path (joined to serverUrl) or absolute.
			`// Auth header is added only for requests to our own serverUrl.`
			`API.request = async function (urlOrPath, opts) {`
			`opts = opts \|\| {};`
			`const isAbs = /^https?:\/\//i.test(urlOrPath);`
			`const base = trimUrl(API.state.serverUrl);`
			`const url = isAbs ? urlOrPath : (base + urlOrPath);`
			`const headers = Object.assign({}, opts.headers \|\| {});`
			`if (!isAbs \|\| url.indexOf(base) === 0) {`
			`if (API.state.apiToken) headers['Authorization'] = 'Bearer ' + API.state.apiToken;`
			`}`
			// UXP fetch supports standard options. Don't pass `credentials` — UXP
			`// doesn't ship a cookie jar and warns about unsupported values.`
			`return fetch(url, Object.assign({}, opts, { headers }));`
			`};`

			`API.json = async function (path, opts) {`
			`const r = await API.request(path, opts);`
			`if (!r.ok) {`
			`const text = await r.text().catch(() => '');`
			`throw new Error('HTTP ' + r.status + (text ? ' — ' + text.slice(0, 200) : ''));`
			`}`
			`return r.json();`
			`};`

			`// GET /api/v1/auth/me — used as the connect probe. Returns 200 on a valid`
			`// bearer, 401 otherwise.`
			`API.connect = async function (serverUrl, apiToken) {`
			`API.state.serverUrl = trimUrl(serverUrl);`
			`API.state.apiToken = String(apiToken \|\| '').trim();`
			`if (!API.state.serverUrl \|\| !API.state.apiToken) {`
			`throw new Error('Server URL and API token are required');`
			`}`
			`const me = await API.json('/api/v1/auth/me');`
			`API.state.connected = true;`
			`API.save();`
			`return me;`
			`};`

			`API.disconnect = function () {`
			`API.clear();`
			`};`

			`// Asset list. The web UI calls /api/v1/assets?... — we mirror that.`
			`API.listAssets = async function (query) {`
			`const params = new URLSearchParams();`
			`if (query) params.set('q', query);`
			`params.set('limit', '60');`
			`return API.json('/api/v1/assets?' + params.toString());`
			`};`

			`// Resolve a proxy stream URL → returns an absolute URL we can fetch.`
			`// /stream returns { url: '/api/v1/assets/<id>/video', type: 'mp4', source }.`
			`API.getProxyUrl = async function (assetId) {`
			`const data = await API.json('/api/v1/assets/' + assetId + '/stream');`
			`if (!data \|\| !data.url) throw new Error('Asset has no proxy');`
			`const u = data.url;`
			`const abs = /^https?:\/\//i.test(u) ? u : trimUrl(API.state.serverUrl) + u;`
			`return { url: abs, source: data.source \|\| 'proxy' };`
			`};`

			`// Resolve a hi-res URL → returns a presigned S3 URL (off-host).`
			`// /hires returns { url, filename, ext, file_size, type: 'hires' }.`
			`API.getHiresInfo = async function (assetId) {`
			`const data = await API.json('/api/v1/assets/' + assetId + '/hires');`
			`if (!data \|\| !data.url) throw new Error('Asset has no hi-res source');`
			`return data;`
			`};`

			`window.API = API;`
			`})();`