@aifabrix/miso-client 3.1.1 → 3.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/README.md +1 -1
  2. package/dist/services/auth.service.js +2 -2
  3. package/dist/types/data-client.types.d.ts +1 -0
  4. package/dist/types/data-client.types.d.ts.map +1 -1
  5. package/dist/types/data-client.types.js.map +1 -1
  6. package/dist/utils/auth-strategy.js +2 -2
  7. package/dist/utils/data-client-audit.d.ts +24 -0
  8. package/dist/utils/data-client-audit.d.ts.map +1 -0
  9. package/dist/utils/data-client-audit.js +127 -0
  10. package/dist/utils/data-client-audit.js.map +1 -0
  11. package/dist/utils/data-client-auth.d.ts +60 -0
  12. package/dist/utils/data-client-auth.d.ts.map +1 -0
  13. package/dist/utils/data-client-auth.js +386 -0
  14. package/dist/utils/data-client-auth.js.map +1 -0
  15. package/dist/utils/data-client-cache.d.ts +36 -0
  16. package/dist/utils/data-client-cache.d.ts.map +1 -0
  17. package/dist/utils/data-client-cache.js +55 -0
  18. package/dist/utils/data-client-cache.js.map +1 -0
  19. package/dist/utils/data-client-request.d.ts +32 -0
  20. package/dist/utils/data-client-request.d.ts.map +1 -0
  21. package/dist/utils/data-client-request.js +306 -0
  22. package/dist/utils/data-client-request.js.map +1 -0
  23. package/dist/utils/data-client-utils.d.ts +49 -0
  24. package/dist/utils/data-client-utils.d.ts.map +1 -0
  25. package/dist/utils/data-client-utils.js +139 -0
  26. package/dist/utils/data-client-utils.js.map +1 -0
  27. package/dist/utils/data-client.d.ts +0 -29
  28. package/dist/utils/data-client.d.ts.map +1 -1
  29. package/dist/utils/data-client.js +51 -773
  30. package/dist/utils/data-client.js.map +1 -1
  31. package/dist/utils/internal-http-client.d.ts.map +1 -1
  32. package/dist/utils/internal-http-client.js +7 -3
  33. package/dist/utils/internal-http-client.js.map +1 -1
  34. package/package.json +1 -1
package/dist/utils/data-client.js CHANGED
@@ -3,135 +3,15 @@
3
3
  * DataClient - Browser-compatible HTTP client wrapper around MisoClient
4
4
  * Provides enhanced HTTP capabilities with ISO 27001 compliance, caching, retry, and more
5
5
  */
6
- var __importDefault = (this && this.__importDefault) || function (mod) {
7
- return (mod && mod.__esModule) ? mod : { "default": mod };
8
- };
9
6
  Object.defineProperty(exports, "__esModule", { value: true });
10
7
  exports.DataClient = void 0;
11
8
  exports.dataClient = dataClient;
12
9
  const index_1 = require("../index");
13
- const data_client_types_1 = require("../types/data-client.types");
14
10
  const data_masker_1 = require("./data-masker");
15
- const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
16
- const token_utils_1 = require("./token-utils");
17
- /**
18
- * Check if running in browser environment
19
- */
20
- function isBrowser() {
21
- return (typeof globalThis.window !== "undefined" &&
22
- typeof globalThis.localStorage !== "undefined" &&
23
- typeof globalThis.fetch !== "undefined");
24
- }
25
- /**
26
- * Get value from localStorage (browser only)
27
- */
28
- function getLocalStorage(key) {
29
- if (!isBrowser())
30
- return null;
31
- try {
32
- return globalThis.localStorage.getItem(key);
33
- }
34
- catch {
35
- return null;
36
- }
37
- }
38
- /**
39
- * Set value in localStorage (browser only)
40
- */
41
- function setLocalStorage(key, value) {
42
- if (!isBrowser())
43
- return;
44
- try {
45
- globalThis.localStorage.setItem(key, value);
46
- }
47
- catch {
48
- // Ignore localStorage errors (SSR, private browsing, etc.)
49
- }
50
- }
51
- /**
52
- * Remove value from localStorage (browser only)
53
- */
54
- function removeLocalStorage(key) {
55
- if (!isBrowser())
56
- return;
57
- try {
58
- globalThis.localStorage.removeItem(key);
59
- }
60
- catch {
61
- // Ignore localStorage errors (SSR, private browsing, etc.)
62
- }
63
- }
64
- /**
65
- * Extract userId from JWT token
66
- */
67
- function extractUserIdFromToken(token) {
68
- try {
69
- const decoded = jsonwebtoken_1.default.decode(token);
70
- if (!decoded)
71
- return null;
72
- return (decoded.sub || decoded.userId || decoded.user_id || decoded.id);
73
- }
74
- catch {
75
- return null;
76
- }
77
- }
78
- /**
79
- * Calculate cache key from endpoint and options
80
- */
81
- function generateCacheKey(endpoint, options) {
82
- const method = options?.method || "GET";
83
- const body = options?.body ? JSON.stringify(options.body) : "";
84
- return `data-client:${method}:${endpoint}:${body}`;
85
- }
86
- /**
87
- * Truncate large payloads before masking (performance optimization)
88
- */
89
- function truncatePayload(data, maxSize) {
90
- const json = JSON.stringify(data);
91
- if (json.length <= maxSize) {
92
- return { data, truncated: false };
93
- }
94
- return {
95
- data: { _message: "Payload truncated for performance", _size: json.length },
96
- truncated: true,
97
- };
98
- }
99
- /**
100
- * Calculate request/response sizes
101
- */
102
- function calculateSize(data) {
103
- try {
104
- return JSON.stringify(data).length;
105
- }
106
- catch {
107
- return 0;
108
- }
109
- }
110
- /**
111
- * Check if error is retryable
112
- */
113
- function isRetryableError(statusCode, _error) {
114
- if (!statusCode)
115
- return true; // Network errors are retryable
116
- if (statusCode >= 500)
117
- return true; // Server errors
118
- if (statusCode === 408)
119
- return true; // Timeout
120
- if (statusCode === 429)
121
- return true; // Rate limit
122
- if (statusCode === 401 || statusCode === 403)
123
- return false; // Auth errors
124
- if (statusCode >= 400 && statusCode < 500)
125
- return false; // Client errors
126
- return false;
127
- }
128
- /**
129
- * Calculate exponential backoff delay
130
- */
131
- function calculateBackoffDelay(attempt, baseDelay, maxDelay) {
132
- const delay = Math.min(baseDelay * Math.pow(2, attempt), maxDelay);
133
- return delay + Math.random() * 1000; // Add jitter
134
- }
11
+ const data_client_utils_1 = require("./data-client-utils");
12
+ const data_client_cache_1 = require("./data-client-cache");
13
+ const data_client_request_1 = require("./data-client-request");
14
+ const data_client_auth_1 = require("./data-client-auth");
135
15
  class DataClient {
136
16
  constructor(config) {
137
17
  this.misoClient = null;
@@ -172,7 +52,7 @@ class DataClient {
172
52
  };
173
53
  // Security: Warn if clientSecret is provided in browser environment
174
54
  // This is a security risk as clientSecret should never be exposed in client-side code
175
- if (isBrowser() && this.config.misoConfig?.clientSecret) {
55
+ if ((0, data_client_utils_1.isBrowser)() && this.config.misoConfig?.clientSecret) {
176
56
  console.warn("⚠️ SECURITY WARNING: clientSecret detected in browser environment. " +
177
57
  "Client secrets should NEVER be exposed in client-side code. " +
178
58
  "Use the client token pattern instead (clientToken + onClientTokenRefresh). " +
@@ -180,7 +60,36 @@ class DataClient {
180
60
  }
181
61
  // Initialize MisoClient if config provided
182
62
  if (this.config.misoConfig) {
183
- this.misoClient = new index_1.MisoClient(this.config.misoConfig);
63
+ // Automatically bridge DataClient.getEnvironmentToken() to MisoClient
64
+ // This allows MisoClient's logger service to get client tokens automatically
65
+ // Users don't need to manually provide onClientTokenRefresh!
66
+ const misoConfigWithRefresh = {
67
+ ...this.config.misoConfig,
68
+ // Only auto-bridge if:
69
+ // 1. User hasn't provided onClientTokenRefresh (allow override)
70
+ // 2. We're in browser (server-side uses clientSecret)
71
+ // 3. No clientSecret provided (would use that instead)
72
+ onClientTokenRefresh: this.config.misoConfig.onClientTokenRefresh ||
73
+ ((0, data_client_utils_1.isBrowser)() && !this.config.misoConfig.clientSecret
74
+ ? async () => {
75
+ const token = await this.getEnvironmentToken();
76
+ if (!token) {
77
+ throw new Error("Failed to get client token");
78
+ }
79
+ // Get expiration from localStorage (set by getEnvironmentToken)
80
+ const expiresAtStr = (0, data_client_utils_1.getLocalStorage)("miso:client-token-expires-at");
81
+ const expiresAt = expiresAtStr
82
+ ? parseInt(expiresAtStr, 10)
83
+ : Date.now() + 3600000; // Default 1 hour
84
+ const expiresIn = Math.floor((expiresAt - Date.now()) / 1000);
85
+ return {
86
+ token,
87
+ expiresIn: expiresIn > 0 ? expiresIn : 3600, // Default 1 hour if invalid
88
+ };
89
+ }
90
+ : undefined),
91
+ };
92
+ this.misoClient = new index_1.MisoClient(misoConfigWithRefresh);
184
93
  }
185
94
  // Initialize DataMasker with config path if provided
186
95
  if (this.config.misoConfig?.sensitiveFieldsConfig) {
@@ -191,57 +100,19 @@ class DataClient {
191
100
  * Get authentication token from localStorage
192
101
  */
193
102
  getToken() {
194
- if (!isBrowser())
195
- return null;
196
- const keys = this.config.tokenKeys || ["token", "accessToken", "authToken"];
197
- for (const key of keys) {
198
- const token = getLocalStorage(key);
199
- if (token)
200
- return token;
201
- }
202
- return null;
103
+ return (0, data_client_auth_1.getToken)(this.config.tokenKeys);
203
104
  }
204
105
  /**
205
106
  * Check if client token is available (from localStorage cache or config)
206
107
  */
207
108
  hasClientToken() {
208
- if (!isBrowser()) {
209
- // Server-side: check if misoClient config has clientSecret
210
- if (this.misoClient && this.config.misoConfig?.clientSecret) {
211
- return true;
212
- }
213
- return false;
214
- }
215
- // Browser-side: check localStorage cache
216
- const cachedToken = getLocalStorage("miso:client-token");
217
- if (cachedToken) {
218
- const expiresAtStr = getLocalStorage("miso:client-token-expires-at");
219
- if (expiresAtStr) {
220
- const expiresAt = parseInt(expiresAtStr, 10);
221
- if (expiresAt > Date.now()) {
222
- return true; // Valid cached token
223
- }
224
- }
225
- }
226
- // Check config token
227
- if (this.config.misoConfig?.clientToken) {
228
- return true;
229
- }
230
- // Check if misoClient config has onClientTokenRefresh callback (browser pattern)
231
- if (this.config.misoConfig?.onClientTokenRefresh) {
232
- return true; // Has means to get client token
233
- }
234
- // Check if misoClient config has clientSecret (server-side fallback)
235
- if (this.config.misoConfig?.clientSecret) {
236
- return true;
237
- }
238
- return false;
109
+ return (0, data_client_auth_1.hasClientToken)(this.misoClient, this.config.misoConfig);
239
110
  }
240
111
  /**
241
112
  * Check if any authentication token is available (user token OR client token)
242
113
  */
243
114
  hasAnyToken() {
244
- return this.getToken() !== null || this.hasClientToken();
115
+ return (0, data_client_auth_1.hasAnyToken)(this.config.tokenKeys, this.misoClient, this.config.misoConfig);
245
116
  }
246
117
  /**
247
118
  * Get client token for requests
@@ -249,31 +120,7 @@ class DataClient {
249
120
  * @returns Client token string or null if unavailable
250
121
  */
251
122
  async getClientToken() {
252
- if (!isBrowser()) {
253
- // Server-side: return null (client token handled by MisoClient)
254
- return null;
255
- }
256
- // Check localStorage cache first
257
- const cachedToken = getLocalStorage("miso:client-token");
258
- const expiresAtStr = getLocalStorage("miso:client-token-expires-at");
259
- if (cachedToken && expiresAtStr) {
260
- const expiresAt = parseInt(expiresAtStr, 10);
261
- if (expiresAt > Date.now()) {
262
- return cachedToken; // Valid cached token
263
- }
264
- }
265
- // Check config token
266
- if (this.config.misoConfig?.clientToken) {
267
- return this.config.misoConfig.clientToken;
268
- }
269
- // Try to get via getEnvironmentToken() (may throw if unavailable)
270
- try {
271
- return await this.getEnvironmentToken();
272
- }
273
- catch (error) {
274
- console.warn("Failed to get client token:", error);
275
- return null;
276
- }
123
+ return (0, data_client_auth_1.getClientToken)(this.config.misoConfig, this.config.baseUrl, () => this.getEnvironmentToken());
277
124
  }
278
125
  /**
279
126
  * Build controller URL from configuration
@@ -281,19 +128,7 @@ class DataClient {
281
128
  * @returns Controller base URL or null if not configured
282
129
  */
283
130
  getControllerUrl() {
284
- if (!this.config.misoConfig) {
285
- return null;
286
- }
287
- // Browser: prefer controllerPublicUrl, fallback to controllerUrl
288
- if (isBrowser()) {
289
- return this.config.misoConfig.controllerPublicUrl ||
290
- this.config.misoConfig.controllerUrl ||
291
- null;
292
- }
293
- // Server: prefer controllerPrivateUrl, fallback to controllerUrl
294
- return this.config.misoConfig.controllerPrivateUrl ||
295
- this.config.misoConfig.controllerUrl ||
296
- null;
131
+ return (0, data_client_auth_1.getControllerUrl)(this.config.misoConfig);
297
132
  }
298
133
  /**
299
134
  * Check if user is authenticated
@@ -307,71 +142,7 @@ class DataClient {
307
142
  * @param redirectUrl - Optional redirect URL to return to after login (defaults to current page URL)
308
143
  */
309
144
  async redirectToLogin(redirectUrl) {
310
- if (!isBrowser())
311
- return;
312
- // Get redirect URL - use provided URL or current page URL
313
- const currentUrl = globalThis.window.location.href;
314
- const finalRedirectUrl = redirectUrl || currentUrl;
315
- // Build controller URL
316
- const controllerUrl = this.getControllerUrl();
317
- if (!controllerUrl) {
318
- // Fallback to static loginUrl if controller URL not configured
319
- const loginUrl = this.config.loginUrl || "/login";
320
- const fullUrl = /^https?:\/\//i.test(loginUrl)
321
- ? loginUrl
322
- : `${globalThis.window.location.origin}${loginUrl.startsWith("/") ? loginUrl : `/${loginUrl}`}`;
323
- globalThis.window.location.href = fullUrl;
324
- return;
325
- }
326
- try {
327
- // Get client token
328
- const clientToken = await this.getClientToken();
329
- // Build login endpoint URL with query parameters
330
- const loginEndpoint = `${controllerUrl}/api/v1/auth/login`;
331
- const url = new URL(loginEndpoint);
332
- url.searchParams.set("redirect", finalRedirectUrl);
333
- // Build headers
334
- const headers = {
335
- "Content-Type": "application/json",
336
- };
337
- // Add x-client-token header if available
338
- if (clientToken) {
339
- headers["x-client-token"] = clientToken;
340
- }
341
- // Make fetch request
342
- const response = await fetch(url.toString(), {
343
- method: "GET",
344
- headers,
345
- credentials: "include", // Include cookies for CORS
346
- });
347
- if (!response.ok) {
348
- throw new Error(`Login request failed: ${response.status} ${response.statusText}`);
349
- }
350
- const data = (await response.json());
351
- // Extract loginUrl (support both nested and flat formats)
352
- const loginUrl = data.data?.loginUrl || data.loginUrl;
353
- if (loginUrl) {
354
- // Redirect to the login URL returned by controller
355
- globalThis.window.location.href = loginUrl;
356
- }
357
- else {
358
- // Fallback if loginUrl not in response
359
- const fallbackLoginUrl = this.config.loginUrl || "/login";
360
- const fullUrl = /^https?:\/\//i.test(fallbackLoginUrl)
361
- ? fallbackLoginUrl
362
- : `${globalThis.window.location.origin}${fallbackLoginUrl.startsWith("/") ? fallbackLoginUrl : `/${fallbackLoginUrl}`}`;
363
- globalThis.window.location.href = fullUrl;
364
- }
365
- }
366
- catch (error) {
367
- // On error, fallback to static loginUrl
368
- console.error("Failed to get login URL from controller:", error);
369
- const loginUrl = this.config.loginUrl || "/login";
370
- const fullUrl = /^https?:\/\//i.test(loginUrl)
371
- ? loginUrl
372
- : `${globalThis.window.location.origin}${loginUrl.startsWith("/") ? loginUrl : `/${loginUrl}`}`;
373
- globalThis.window.location.href = fullUrl;
374
- }
145
+ return (0, data_client_auth_1.redirectToLogin)(this.config, () => this.getClientToken(), redirectUrl);
375
146
  }
376
147
  /**
377
148
  * Logout user and redirect
@@ -379,70 +150,7 @@ class DataClient {
379
150
  * @param redirectUrl - Optional redirect URL after logout (defaults to logoutUrl or loginUrl)
380
151
  */
381
152
  async logout(redirectUrl) {
382
- if (!isBrowser())
383
- return;
384
- const token = this.getToken();
385
- // Build controller URL
386
- const controllerUrl = this.getControllerUrl();
387
- // Call logout API if controller URL available and token exists
388
- if (controllerUrl && token) {
389
- try {
390
- // Get client token
391
- const clientToken = await this.getClientToken();
392
- // Build logout endpoint URL
393
- const logoutEndpoint = `${controllerUrl}/api/v1/auth/logout`;
394
- // Build headers
395
- const headers = {
396
- "Content-Type": "application/json",
397
- };
398
- // Add x-client-token header if available
399
- if (clientToken) {
400
- headers["x-client-token"] = clientToken;
401
- }
402
- // Make fetch request
403
- const response = await fetch(logoutEndpoint, {
404
- method: "POST",
405
- headers,
406
- body: JSON.stringify({ token }),
407
- credentials: "include", // Include cookies for CORS
408
- });
409
- if (!response.ok) {
410
- // Log error but continue with cleanup (logout should always clear local state)
411
- const errorText = await response.text().catch(() => "Unknown error");
412
- console.error(`Logout API call failed: ${response.status} ${response.statusText}. ${errorText}`);
413
- }
414
- }
415
- catch (error) {
416
- // Log error but continue with cleanup (logout should always clear local state)
417
- console.error("Logout API call failed:", error);
418
- }
419
- }
420
- // Clear tokens from localStorage (always, even if API call failed)
421
- const keys = this.config.tokenKeys || ["token", "accessToken", "authToken"];
422
- keys.forEach(key => {
423
- try {
424
- const storage = globalThis.localStorage;
425
- if (storage) {
426
- storage.removeItem(key);
427
- }
428
- }
429
- catch (e) {
430
- // Ignore localStorage errors (SSR, private browsing, etc.)
431
- }
432
- });
433
- // Clear HTTP cache
434
- this.clearCache();
435
- // Determine redirect URL: redirectUrl param > logoutUrl config > loginUrl config > '/login'
436
- const finalRedirectUrl = redirectUrl ||
437
- this.config.logoutUrl ||
438
- this.config.loginUrl ||
439
- "/login";
440
- // Construct full URL
441
- const fullUrl = /^https?:\/\//i.test(finalRedirectUrl)
442
- ? finalRedirectUrl
443
- : `${globalThis.window.location.origin}${finalRedirectUrl.startsWith("/") ? finalRedirectUrl : `/${finalRedirectUrl}`}`;
444
- // Redirect
445
- globalThis.window.location.href = fullUrl;
153
+ return (0, data_client_auth_1.logout)(this.config, () => this.getToken(), () => this.getClientToken(), () => this.clearCache(), redirectUrl);
446
154
  }
447
155
  /**
448
156
  * Set interceptors
@@ -512,141 +220,21 @@ class DataClient {
512
220
  : 0,
513
221
  };
514
222
  }
515
- /**
516
- * Check if endpoint should skip audit logging
517
- */
518
- shouldSkipAudit(endpoint) {
519
- if (!this.config.audit?.enabled)
520
- return true;
521
- const skipEndpoints = this.config.audit.skipEndpoints || [];
522
- return skipEndpoints.some((skip) => endpoint.includes(skip));
523
- }
524
- /**
525
- * Log audit event (ISO 27001 compliance)
526
- * Skips audit logging if no authentication token is available (user token OR client token)
527
- */
528
- async logAuditEvent(method, url, statusCode, duration, requestSize, responseSize, error, requestHeaders, responseHeaders, requestBody, responseBody) {
529
- if (this.shouldSkipAudit(url) || !this.misoClient)
530
- return;
531
- // Skip audit logging if no authentication token is available
532
- // This prevents 401 errors when attempting to audit log unauthenticated requests
533
- if (!this.hasAnyToken()) {
534
- // Silently skip audit logging for unauthenticated requests
535
- // This is expected behavior and prevents 401 errors
536
- return;
537
- }
538
- try {
539
- const token = this.getToken();
540
- const userId = token ? extractUserIdFromToken(token) : undefined;
541
- const auditLevel = this.config.audit?.level || "standard";
542
- // Build audit context based on level
543
- const auditContext = {
544
- method,
545
- url,
546
- statusCode,
547
- duration,
548
- };
549
- if (userId) {
550
- auditContext.userId = userId;
551
- }
552
- // Minimal level: only basic info
553
- if (auditLevel === "minimal") {
554
- await this.misoClient.log.audit(`http.request.${method.toLowerCase()}`, url, auditContext, { token: token || undefined });
555
- return;
556
- }
557
- // Standard/Detailed/Full levels: include headers and bodies (masked)
558
- const maxResponseSize = this.config.audit?.maxResponseSize || 10000;
559
- const maxMaskingSize = this.config.audit?.maxMaskingSize || 50000;
560
- // Truncate and mask request body
561
- let maskedRequestBody = undefined;
562
- if (requestBody !== undefined) {
563
- const truncated = truncatePayload(requestBody, maxMaskingSize);
564
- if (!truncated.truncated) {
565
- maskedRequestBody = data_masker_1.DataMasker.maskSensitiveData(truncated.data);
566
- }
567
- else {
568
- maskedRequestBody = truncated.data;
569
- }
570
- }
571
- // Truncate and mask response body (for standard, detailed, full levels)
572
- let maskedResponseBody = undefined;
573
- if (responseBody !== undefined) {
574
- const truncated = truncatePayload(responseBody, maxResponseSize);
575
- if (!truncated.truncated) {
576
- maskedResponseBody = data_masker_1.DataMasker.maskSensitiveData(truncated.data);
577
- }
578
- else {
579
- maskedResponseBody = truncated.data;
580
- }
581
- }
582
- // Mask headers
583
- const maskedRequestHeaders = requestHeaders
584
- ? data_masker_1.DataMasker.maskSensitiveData(requestHeaders)
585
- : undefined;
586
- const maskedResponseHeaders = responseHeaders
587
- ? data_masker_1.DataMasker.maskSensitiveData(responseHeaders)
588
- : undefined;
589
- // Add to context based on level (standard, detailed, full all include headers/bodies)
590
- if (maskedRequestHeaders)
591
- auditContext.requestHeaders = maskedRequestHeaders;
592
- if (maskedResponseHeaders)
593
- auditContext.responseHeaders = maskedResponseHeaders;
594
- if (maskedRequestBody !== undefined)
595
- auditContext.requestBody = maskedRequestBody;
596
- if (maskedResponseBody !== undefined)
597
- auditContext.responseBody = maskedResponseBody;
598
- // Add sizes for detailed/full levels
599
- if (auditLevel === "detailed" || auditLevel === "full") {
600
- if (requestSize !== undefined)
601
- auditContext.requestSize = requestSize;
602
- if (responseSize !== undefined)
603
- auditContext.responseSize = responseSize;
604
- }
605
- if (error) {
606
- const maskedError = data_masker_1.DataMasker.maskSensitiveData({
607
- message: error.message,
608
- name: error.name,
609
- stack: error.stack,
610
- });
611
- auditContext.error = maskedError;
612
- }
613
- await this.misoClient.log.audit(`http.request.${method.toLowerCase()}`, url, auditContext, { token: token || undefined });
614
- }
615
- catch (auditError) {
616
- // Handle audit logging errors gracefully
617
- // Don't fail main request if audit logging fails
618
- const error = auditError;
619
- const statusCode = error.statusCode || error.response?.status;
620
- if (statusCode === 401) {
621
- // User not authenticated - this is expected for unauthenticated requests
622
- // Silently skip to avoid noise (we already check hasAnyToken() before attempting)
623
- // This catch block handles edge cases where token becomes unavailable between check and audit call
624
- }
625
- else {
626
- // Other errors - log warning but don't fail request
627
- console.warn("Failed to log audit event:", auditError);
628
- }
629
- }
630
- }
631
223
  /**
632
224
  * Make HTTP request with all features (caching, retry, deduplication, audit)
633
225
  */
634
226
  async request(method, endpoint, options) {
635
227
  const startTime = Date.now();
636
228
  const fullUrl = `${this.config.baseUrl}${endpoint}`;
637
- const cacheKey = generateCacheKey(endpoint, options);
229
+ const cacheKey = (0, data_client_cache_1.getCacheKeyForRequest)(endpoint, options);
638
230
  const isGetRequest = method.toUpperCase() === "GET";
639
- const cacheEnabled = (this.config.cache?.enabled !== false) &&
640
- isGetRequest &&
641
- (options?.cache?.enabled !== false);
231
+ const cacheEnabled = (0, data_client_cache_1.isCacheEnabled)(method, this.config.cache, options);
642
232
  // Check cache for GET requests
643
233
  if (cacheEnabled) {
644
- const cached = this.cache.get(cacheKey);
645
- if (cached && cached.expiresAt > Date.now()) {
646
- this.metrics.cacheHits++;
647
- return cached.data;
234
+ const cached = (0, data_client_cache_1.getCachedEntry)(this.cache, cacheKey, this.metrics);
235
+ if (cached !== null) {
236
+ return cached;
648
237
  }
649
- this.metrics.cacheMisses++;
650
238
  }
651
239
  // Check for duplicate concurrent requests (only for GET requests)
652
240
  if (isGetRequest) {
@@ -656,7 +244,7 @@ class DataClient {
656
244
  }
657
245
  }
658
246
  // Create request promise
659
- const requestPromise = this.executeRequest(method, fullUrl, endpoint, options, cacheKey, cacheEnabled, startTime);
247
+ const requestPromise = (0, data_client_request_1.executeHttpRequest)(method, fullUrl, endpoint, this.config, this.cache, cacheKey, cacheEnabled, startTime, this.misoClient, () => this.hasAnyToken(), () => this.getToken(), () => this.handleAuthError(), this.interceptors, this.metrics, options);
660
248
  // Store pending request (only for GET requests)
661
249
  if (isGetRequest) {
662
250
  this.pendingRequests.set(cacheKey, requestPromise);
@@ -672,221 +260,11 @@ class DataClient {
672
260
  }
673
261
  }
674
262
  }
675
- /**
676
- * Execute HTTP request with retry logic
677
- */
678
- async executeRequest(method, fullUrl, endpoint, options, cacheKey, cacheEnabled, startTime) {
679
- const maxRetries = options?.retries !== undefined
680
- ? options.retries
681
- : this.config.retry?.maxRetries || 3;
682
- const retryEnabled = this.config.retry?.enabled !== false;
683
- let lastError;
684
- for (let attempt = 0; attempt <= maxRetries; attempt++) {
685
- try {
686
- const response = await this.makeFetchRequest(method, fullUrl, options);
687
- const duration = Date.now() - startTime;
688
- // Update metrics
689
- this.metrics.totalRequests++;
690
- this.metrics.responseTimes.push(duration);
691
- // Parse response
692
- const data = await this.parseResponse(response);
693
- // Cache successful GET responses
694
- if (cacheEnabled && response.ok) {
695
- const ttl = options?.cache?.ttl || this.config.cache?.defaultTTL || 300;
696
- this.cache.set(cacheKey, {
697
- data,
698
- expiresAt: Date.now() + ttl * 1000,
699
- key: cacheKey,
700
- });
701
- // Enforce max cache size
702
- if (this.cache.size > (this.config.cache?.maxSize || 100)) {
703
- const firstKey = this.cache.keys().next().value;
704
- if (firstKey)
705
- this.cache.delete(firstKey);
706
- }
707
- }
708
- // Apply response interceptor
709
- if (this.interceptors.onResponse) {
710
- return await this.interceptors.onResponse(response, data);
711
- }
712
- // Audit logging
713
- if (!options?.skipAudit) {
714
- const requestSize = options?.body
715
- ? calculateSize(options.body)
716
- : undefined;
717
- const responseSize = calculateSize(data);
718
- await this.logAuditEvent(method, endpoint, response.status, duration, requestSize, responseSize, undefined, this.extractHeaders(options?.headers), this.extractHeaders(response.headers), options?.body, data);
719
- }
720
- // Handle error responses
721
- if (!response.ok) {
722
- if (response.status === 401) {
723
- this.handleAuthError();
724
- throw new data_client_types_1.AuthenticationError("Authentication required", response);
725
- }
726
- throw new data_client_types_1.ApiError(`Request failed with status ${response.status}`, response.status, response);
727
- }
728
- return data;
729
- }
730
- catch (error) {
731
- lastError = error;
732
- const duration = Date.now() - startTime;
733
- // Extract statusCode from error (handle AuthenticationError and ApiError)
734
- const errorObj = error;
735
- let statusCode = errorObj.statusCode;
736
- // Explicitly check for AuthenticationError (401) - don't retry auth errors
737
- if (errorObj.name === "AuthenticationError" || statusCode === 401) {
738
- statusCode = 401;
739
- }
740
- // Check if retryable - 401/403 errors should never retry
741
- const isRetryable = statusCode !== 401 &&
742
- statusCode !== 403 &&
743
- retryEnabled &&
744
- attempt < maxRetries &&
745
- isRetryableError(statusCode, error);
746
- if (!isRetryable) {
747
- this.metrics.totalFailures++;
748
- // Audit log error
749
- if (!options?.skipAudit) {
750
- await this.logAuditEvent(method, endpoint, error.statusCode || 0, duration, options?.body ? calculateSize(options.body) : undefined, undefined, error, this.extractHeaders(options?.headers), undefined, options?.body, undefined);
751
- }
752
- // Apply error interceptor
753
- if (this.interceptors.onError) {
754
- throw await this.interceptors.onError(error);
755
- }
756
- throw error;
757
- }
758
- // Calculate backoff delay
759
- const baseDelay = this.config.retry?.baseDelay || 1000;
760
- const maxDelay = this.config.retry?.maxDelay || 10000;
761
- const delay = calculateBackoffDelay(attempt, baseDelay, maxDelay);
762
- // Wait before retry
763
- await new Promise((resolve) => setTimeout(resolve, delay));
764
- }
765
- }
766
- // All retries exhausted
767
- this.metrics.totalFailures++;
768
- if (lastError) {
769
- if (this.interceptors.onError) {
770
- throw await this.interceptors.onError(lastError);
771
- }
772
- throw lastError;
773
- }
774
- throw new Error("Request failed after retries");
775
- }
776
- /**
777
- * Make fetch request with timeout and authentication
778
- */
779
- async makeFetchRequest(method, url, options) {
780
- // Build headers
781
- const headers = new Headers(this.config.defaultHeaders);
782
- if (options?.headers) {
783
- if (options.headers instanceof Headers) {
784
- options.headers.forEach((value, key) => headers.set(key, value));
785
- }
786
- else {
787
- Object.entries(options.headers).forEach(([key, value]) => {
788
- headers.set(key, String(value));
789
- });
790
- }
791
- }
792
- // Add authentication
793
- if (!options?.skipAuth) {
794
- const token = this.getToken();
795
- if (token) {
796
- headers.set("Authorization", `Bearer ${token}`);
797
- }
798
- // Note: MisoClient client-token is handled server-side, not in browser
799
- }
800
- // Create abort controller for timeout
801
- const timeout = options?.timeout || this.config.timeout || 30000;
802
- const controller = new AbortController();
803
- const timeoutId = setTimeout(() => controller.abort(), timeout);
804
- // Merge signals
805
- const signal = options?.signal
806
- ? this.mergeSignals(controller.signal, options.signal)
807
- : controller.signal;
808
- try {
809
- const response = await fetch(url, {
810
- method,
811
- headers,
812
- body: options?.body,
813
- signal,
814
- ...options,
815
- });
816
- clearTimeout(timeoutId);
817
- return response;
818
- }
819
- catch (error) {
820
- clearTimeout(timeoutId);
821
- if (error instanceof Error && error.name === "AbortError") {
822
- throw new data_client_types_1.TimeoutError(`Request timeout after ${timeout}ms`, timeout);
823
- }
824
- throw new data_client_types_1.NetworkError(`Network error: ${error instanceof Error ? error.message : "Unknown error"}`, error instanceof Error ? error : undefined);
825
- }
826
- }
827
- /**
828
- * Merge AbortSignals
829
- */
830
- mergeSignals(signal1, signal2) {
831
- const controller = new AbortController();
832
- const abort = () => {
833
- controller.abort();
834
- signal1.removeEventListener("abort", abort);
835
- signal2.removeEventListener("abort", abort);
836
- };
837
- if (signal1.aborted || signal2.aborted) {
838
- controller.abort();
839
- return controller.signal;
840
- }
841
- signal1.addEventListener("abort", abort);
842
- signal2.addEventListener("abort", abort);
843
- return controller.signal;
844
- }
845
- /**
846
- * Parse response based on content type
847
- */
848
- async parseResponse(response) {
849
- const contentType = response.headers.get("content-type") || "";
850
- if (contentType.includes("application/json")) {
851
- return (await response.json());
852
- }
853
- if (contentType.includes("text/")) {
854
- return (await response.text());
855
- }
856
- return (await response.blob());
857
- }
858
- /**
859
- * Extract headers from Headers object or Record
860
- */
861
- extractHeaders(headers) {
862
- if (!headers)
863
- return undefined;
864
- if (headers instanceof Headers) {
865
- const result = {};
866
- headers.forEach((value, key) => {
867
- result[key] = value;
868
- });
869
- return result;
870
- }
871
- if (Array.isArray(headers)) {
872
- const result = {};
873
- headers.forEach(([key, value]) => {
874
- result[key] = String(value);
875
- });
876
- return result;
877
- }
878
- // Convert Record<string, string | readonly string[]> to Record<string, string>
879
- const result = {};
880
- Object.entries(headers).forEach(([key, value]) => {
881
- result[key] = Array.isArray(value) ? value.join(", ") : String(value);
882
- });
883
- return result;
884
- }
885
263
  /**
886
264
  * Handle authentication error
887
265
  */
888
266
  handleAuthError() {
889
- if (isBrowser()) {
267
+ if ((0, data_client_utils_1.isBrowser)()) {
890
268
  // Fire and forget - redirect doesn't need to complete before throwing error
891
269
  this.redirectToLogin().catch((error) => {
892
270
  console.error("Failed to redirect to login:", error);
@@ -977,93 +355,7 @@ class DataClient {
977
355
  * @throws Error if token fetch fails
978
356
  */
979
357
  async getEnvironmentToken() {
980
- if (!isBrowser()) {
981
- throw new Error("getEnvironmentToken() is only available in browser environment");
982
- }
983
- const cacheKey = "miso:client-token";
984
- const expiresAtKey = "miso:client-token-expires-at";
985
- // Check cache first
986
- const cachedToken = getLocalStorage(cacheKey);
987
- const expiresAtStr = getLocalStorage(expiresAtKey);
988
- if (cachedToken && expiresAtStr) {
989
- const expiresAt = parseInt(expiresAtStr, 10);
990
- const now = Date.now();
991
- // If token is still valid, return cached token
992
- if (expiresAt > now) {
993
- return cachedToken;
994
- }
995
- // Token expired, remove from cache
996
- removeLocalStorage(cacheKey);
997
- removeLocalStorage(expiresAtKey);
998
- }
999
- // Cache miss or expired - fetch from backend
1000
- const clientTokenUri = this.config.misoConfig?.clientTokenUri || "/api/v1/auth/client-token";
1001
- // Build full URL
1002
- const fullUrl = /^https?:\/\//i.test(clientTokenUri)
1003
- ? clientTokenUri
1004
- : `${this.config.baseUrl}${clientTokenUri}`;
1005
- try {
1006
- // Make request to backend endpoint
1007
- const response = await fetch(fullUrl, {
1008
- method: "POST",
1009
- headers: {
1010
- "Content-Type": "application/json",
1011
- },
1012
- credentials: "include", // Include cookies for CORS
1013
- });
1014
- if (!response.ok) {
1015
- const errorText = await response.text();
1016
- throw new Error(`Failed to get environment token: ${response.status} ${response.statusText}. ${errorText}`);
1017
- }
1018
- const data = (await response.json());
1019
- // Extract token from response (support both nested and flat formats)
1020
- const token = data.data?.token || data.token || data.accessToken || data.access_token;
1021
- if (!token || typeof token !== "string") {
1022
- throw new Error("Invalid response format: token not found in response");
1023
- }
1024
- // Calculate expiration time (default to 1 hour if not provided)
1025
- const expiresIn = data.data?.expiresIn || data.expiresIn || data.expires_in || 3600;
1026
- const expiresAt = Date.now() + expiresIn * 1000;
1027
- // Cache token
1028
- setLocalStorage(cacheKey, token);
1029
- setLocalStorage(expiresAtKey, expiresAt.toString());
1030
- // Log audit event if misoClient available
1031
- if (this.misoClient && !this.shouldSkipAudit(clientTokenUri)) {
1032
- try {
1033
- await this.misoClient.log.audit("client.token.request.success", clientTokenUri, {
1034
- method: "POST",
1035
- url: clientTokenUri,
1036
- statusCode: response.status,
1037
- cached: false,
1038
- }, {});
1039
- }
1040
- catch (auditError) {
1041
- // Silently fail audit logging to avoid breaking requests
1042
- console.warn("Failed to log audit event:", auditError);
1043
- }
1044
- }
1045
- return token;
1046
- }
1047
- catch (error) {
1048
- // Log audit event for error if misoClient available
1049
- if (this.misoClient && !this.shouldSkipAudit(clientTokenUri)) {
1050
- try {
1051
- const errorMessage = error instanceof Error ? error.message : "Unknown error";
1052
- await this.misoClient.log.audit("client.token.request.failed", clientTokenUri, {
1053
- method: "POST",
1054
- url: clientTokenUri,
1055
- statusCode: 0,
1056
- error: errorMessage,
1057
- cached: false,
1058
- }, {});
1059
- }
1060
- catch (auditError) {
1061
- // Silently fail audit logging to avoid breaking requests
1062
- console.warn("Failed to log audit event:", auditError);
1063
- }
1064
- }
1065
- throw error;
1066
- }
358
+ return (0, data_client_auth_1.getEnvironmentToken)(this.config, this.misoClient);
1067
359
  }
1068
360
  /**
1069
361
  * Get client token information (browser-side)
@@ -1072,21 +364,7 @@ class DataClient {
1072
364
  * @returns Client token info or null if token not available
1073
365
  */
1074
366
  getClientTokenInfo() {
1075
- if (!isBrowser()) {
1076
- return null;
1077
- }
1078
- // Try to get token from cache first
1079
- const cachedToken = getLocalStorage("miso:client-token");
1080
- if (cachedToken) {
1081
- return (0, token_utils_1.extractClientTokenInfo)(cachedToken);
1082
- }
1083
- // Try to get token from config (if provided)
1084
- const configToken = this.config.misoConfig?.clientToken;
1085
- if (configToken) {
1086
- return (0, token_utils_1.extractClientTokenInfo)(configToken);
1087
- }
1088
- // No token available
1089
- return null;
367
+ return (0, data_client_auth_1.getClientTokenInfo)(this.config.misoConfig);
1090
368
  }
1091
369
  }
1092
370
  exports.DataClient = DataClient;