@aifabrix/miso-client 3.1.2 → 3.2.0

package/dist/utils/data-client-auto-init.d.ts

@@ -0,0 +1,66 @@
+/**
+ * DataClient Auto-Initialization Helper
+ * Automatically fetches configuration from server and initializes DataClient
+ *
+ * Provides zero-config client-side setup for DataClient initialization
+ */
+import { DataClient } from "./data-client";
+import { DataClientConfigResponse } from "../express/client-token-endpoint";
+/**
+ * Options for autoInitializeDataClient
+ */
+export interface AutoInitOptions {
+    /** Client token endpoint URI (default: '/api/v1/auth/client-token') */
+    clientTokenUri?: string;
+    /** Override baseUrl detection (auto-detected from window.location if not provided) */
+    baseUrl?: string;
+    /** Error callback */
+    onError?: (error: Error) => void;
+    /** Whether to cache config in localStorage (default: true) */
+    cacheConfig?: boolean;
+}
+/**
+ * Get cached DataClient configuration from localStorage
+ *
+ * Returns the cached configuration that was stored by autoInitializeDataClient.
+ * Useful for reading configuration without re-initializing DataClient.
+ *
+ * @returns Cached config or null if not found or expired
+ *
+ * @example
+ * ```typescript
+ * import { getCachedDataClientConfig } from '@aifabrix/miso-client';
+ *
+ * const cachedConfig = getCachedDataClientConfig();
+ * if (cachedConfig) {
+ *   console.log('Base URL:', cachedConfig.baseUrl);
+ *   console.log('Controller URL:', cachedConfig.controllerUrl);
+ *   console.log('Client ID:', cachedConfig.clientId);
+ * }
+ * ```
+ */
+export declare function getCachedDataClientConfig(): DataClientConfigResponse | null;
+/**
+ * Auto-initialize DataClient with server-provided configuration
+ *
+ * Automatically:
+ * 1. Detects if running in browser
+ * 2. Checks localStorage cache first
+ * 3. Fetches config from server endpoint if needed
+ * 4. Initializes DataClient with server-provided config
+ * 5. Caches config for future use
+ *
+ * @param options - Optional configuration
+ * @returns Initialized DataClient instance
+ * @throws Error if initialization fails
+ *
+ * @example
+ * ```typescript
+ * import { autoInitializeDataClient } from '@aifabrix/miso-client';
+ *
+ * // One line - everything is automatic
+ * const dataClient = await autoInitializeDataClient();
+ * ```
+ */
+export declare function autoInitializeDataClient(options?: AutoInitOptions): Promise<DataClient>;
+//# sourceMappingURL=data-client-auto-init.d.ts.map

package/dist/utils/data-client-auto-init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-client-auto-init.d.ts","sourceRoot":"","sources":["../../src/utils/data-client-auto-init.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAG3C,OAAO,EAAE,wBAAwB,EAAkC,MAAM,kCAAkC,CAAC;AAE5G;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,uEAAuE;IACvE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,sFAAsF;IACtF,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,qBAAqB;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC,8DAA8D;IAC9D,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AA0CD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,yBAAyB,IAAI,wBAAwB,GAAG,IAAI,CAG3E;AAoFD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,UAAU,CAAC,CAyErB"}

package/dist/utils/data-client-auto-init.js

@@ -0,0 +1,215 @@
+"use strict";
+/**
+ * DataClient Auto-Initialization Helper
+ * Automatically fetches configuration from server and initializes DataClient
+ *
+ * Provides zero-config client-side setup for DataClient initialization
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCachedDataClientConfig = getCachedDataClientConfig;
+exports.autoInitializeDataClient = autoInitializeDataClient;
+const data_client_1 = require("./data-client");
+const data_client_utils_1 = require("./data-client-utils");
+const client_token_endpoint_1 = require("../express/client-token-endpoint");
+/**
+ * Get cached config from localStorage
+ *
+ * @returns Cached config or null if not found or expired
+ */
+function getCachedConfig() {
+    if (!(0, data_client_utils_1.isBrowser)()) {
+        return null;
+    }
+    try {
+        const cachedStr = (0, data_client_utils_1.getLocalStorage)("miso:dataclient-config");
+        if (!cachedStr) {
+            return null;
+        }
+        const cached = JSON.parse(cachedStr);
+        // Check if expired
+        if (cached.expiresAt && cached.expiresAt < Date.now()) {
+            (0, data_client_utils_1.removeLocalStorage)("miso:dataclient-config");
+            return null;
+        }
+        return cached;
+    }
+    catch {
+        // Invalid cache, remove it
+        (0, data_client_utils_1.removeLocalStorage)("miso:dataclient-config");
+        return null;
+    }
+}
+/**
+ * Get cached DataClient configuration from localStorage
+ *
+ * Returns the cached configuration that was stored by autoInitializeDataClient.
+ * Useful for reading configuration without re-initializing DataClient.
+ *
+ * @returns Cached config or null if not found or expired
+ *
+ * @example
+ * ```typescript
+ * import { getCachedDataClientConfig } from '@aifabrix/miso-client';
+ *
+ * const cachedConfig = getCachedDataClientConfig();
+ * if (cachedConfig) {
+ *   console.log('Base URL:', cachedConfig.baseUrl);
+ *   console.log('Controller URL:', cachedConfig.controllerUrl);
+ *   console.log('Client ID:', cachedConfig.clientId);
+ * }
+ * ```
+ */
+function getCachedDataClientConfig() {
+    const cached = getCachedConfig();
+    return cached?.config || null;
+}
+/**
+ * Cache config in localStorage
+ *
+ * @param config - Config to cache
+ * @param expiresIn - Expiration time in seconds
+ */
+function cacheConfig(config, expiresIn) {
+    if (!(0, data_client_utils_1.isBrowser)()) {
+        return;
+    }
+    try {
+        const cached = {
+            config,
+            expiresAt: Date.now() + expiresIn * 1000,
+        };
+        (0, data_client_utils_1.setLocalStorage)("miso:dataclient-config", JSON.stringify(cached));
+    }
+    catch {
+        // Ignore localStorage errors (SSR, private browsing, etc.)
+    }
+}
+/**
+ * Fetch config from server endpoint
+ *
+ * @param baseUrl - Base URL for the API
+ * @param clientTokenUri - Client token endpoint URI
+ * @returns Config response
+ */
+async function fetchConfig(baseUrl, clientTokenUri) {
+    // Build full URL
+    const fullUrl = /^https?:\/\//i.test(clientTokenUri)
+        ? clientTokenUri
+        : `${baseUrl}${clientTokenUri}`;
+    try {
+        // Try POST first (standard), fallback to GET
+        let response = await fetch(fullUrl, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            credentials: "include",
+        });
+        // If POST fails with 405, try GET
+        if (response.status === 405) {
+            response = await fetch(fullUrl, {
+                method: "GET",
+                credentials: "include",
+            });
+        }
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Failed to fetch config: ${response.status} ${response.statusText}. ${errorText}`);
+        }
+        const data = (await response.json());
+        // Check if response has config
+        if (!(0, client_token_endpoint_1.hasConfig)(data)) {
+            throw new Error("Invalid response format: config not found in response. " +
+                "Make sure your server endpoint uses createClientTokenEndpoint() helper.");
+        }
+        return data.config;
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            throw error;
+        }
+        throw new Error(`Network error: ${String(error)}`);
+    }
+}
+/**
+ * Auto-initialize DataClient with server-provided configuration
+ *
+ * Automatically:
+ * 1. Detects if running in browser
+ * 2. Checks localStorage cache first
+ * 3. Fetches config from server endpoint if needed
+ * 4. Initializes DataClient with server-provided config
+ * 5. Caches config for future use
+ *
+ * @param options - Optional configuration
+ * @returns Initialized DataClient instance
+ * @throws Error if initialization fails
+ *
+ * @example
+ * ```typescript
+ * import { autoInitializeDataClient } from '@aifabrix/miso-client';
+ *
+ * // One line - everything is automatic
+ * const dataClient = await autoInitializeDataClient();
+ * ```
+ */
+async function autoInitializeDataClient(options) {
+    // Check if running in browser
+    if (!(0, data_client_utils_1.isBrowser)()) {
+        throw new Error("autoInitializeDataClient() is only available in browser environment");
+    }
+    const opts = {
+        clientTokenUri: options?.clientTokenUri || "/api/v1/auth/client-token",
+        cacheConfig: options?.cacheConfig ?? true,
+        baseUrl: options?.baseUrl,
+        onError: options?.onError,
+    };
+    try {
+        // Auto-detect baseUrl from window.location if not provided
+        const baseUrl = opts.baseUrl ||
+            ((0, data_client_utils_1.isBrowser)()
+                ? globalThis.window.location.origin
+                : "");
+        if (!baseUrl) {
+            throw new Error("Unable to detect baseUrl. Please provide baseUrl option.");
+        }
+        let config = null;
+        // Check cache first if enabled
+        if (opts.cacheConfig) {
+            const cached = getCachedConfig();
+            if (cached) {
+                config = cached.config;
+            }
+        }
+        // Fetch from server if not cached
+        if (!config) {
+            config = await fetchConfig(baseUrl, opts.clientTokenUri);
+            // Cache config if enabled (use expiresIn from token response if available)
+            // Default to 30 minutes (1800 seconds) if not available
+            if (opts.cacheConfig) {
+                cacheConfig(config, 1800);
+            }
+        }
+        // Build DataClient config
+        const dataClientConfig = {
+            baseUrl: config.baseUrl,
+            misoConfig: {
+                clientId: config.clientId,
+                controllerUrl: config.controllerUrl,
+                controllerPublicUrl: config.controllerPublicUrl,
+                clientTokenUri: config.clientTokenUri,
+            },
+        };
+        // Initialize and return DataClient
+        return new data_client_1.DataClient(dataClientConfig);
+    }
+    catch (error) {
+        const err = error instanceof Error ? error : new Error(String(error));
+        // Call error callback if provided
+        if (opts.onError) {
+            opts.onError(err);
+        }
+        throw err;
+    }
+}
+//# sourceMappingURL=data-client-auto-init.js.map

package/dist/utils/data-client-auto-init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-client-auto-init.js","sourceRoot":"","sources":["../../src/utils/data-client-auto-init.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAoFH,8DAGC;AA0GD,4DA2EC;AA1QD,+CAA2C;AAE3C,2DAAsG;AACtG,4EAA4G;AA2B5G;;;;GAIG;AACH,SAAS,eAAe;IACtB,IAAI,CAAC,IAAA,6BAAS,GAAE,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAA,mCAAe,EAAC,wBAAwB,CAAC,CAAC;QAC5D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAiB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEnD,mBAAmB;QACnB,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACtD,IAAA,sCAAkB,EAAC,wBAAwB,CAAC,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,2BAA2B;QAC3B,IAAA,sCAAkB,EAAC,wBAAwB,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,SAAgB,yBAAyB;IACvC,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,OAAO,MAAM,EAAE,MAAM,IAAI,IAAI,CAAC;AAChC,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,MAAgC,EAAE,SAAiB;IACtE,IAAI,CAAC,IAAA,6BAAS,GAAE,EAAE,CAAC;QACjB,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAiB;YAC3B,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI;SACzC,CAAC;QACF,IAAA,mCAAe,EAAC,wBAAwB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,2DAA2D;IAC7D,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,WAAW,CACxB,OAAe,EACf,cAAsB;IAEtB,iBAAiB;IACjB,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC;QAClD,CAAC,CAAC,cAAc;QAChB,CAAC,CAAC,GAAG,OAAO,GAAG,cAAc,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,6CAA6C;QAC7C,IAAI,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YAClC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,WAAW,EAAE,SAAS;SACvB,CAAC,CAAC;QAEH,kCAAkC;QAClC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;gBAC9B,MAAM,EAAE,KAAK;gBACb,WAAW,EAAE,SAAS;aACvB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,2BAA2B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CAClF,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAwB,CAAC;QAE5D,+BAA+B;QAC/B,IAAI,CAAC,IAAA,iCAAS,EAAC,IAAI,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CACb,yDAAyD;gBACzD,yEAAyE,CAC1E,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,kBAAkB,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACI,KAAK,UAAU,wBAAwB,CAC5C,OAAyB;IAEzB,8BAA8B;IAC9B,IAAI,CAAC,IAAA,6BAAS,GAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG;QACX,cAAc,EAAE,OAAO,EAAE,cAAc,IAAI,2BAA2B;QACtE,WAAW,EAAE,OAAO,EAAE,WAAW,IAAI,IAAI;QACzC,OAAO,EAAE,OAAO,EAAE,OAAO;QACzB,OAAO,EAAE,OAAO,EAAE,OAAO;KAC1B,CAAC;IAEF,IAAI,CAAC;QACH,2DAA2D;QAC3D,MAAM,OAAO,GACX,IAAI,CAAC,OAAO;YACZ,CAAC,IAAA,6BAAS,GAAE;gBACV,CAAC,CAAE,UAAsE,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;gBAChG,CAAC,CAAC,EAAE,CAAC,CAAC;QAEV,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,GAAoC,IAAI,CAAC;QAEnD,+BAA+B;QAC/B,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;YACjC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;YACzB,CAAC;QACH,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;YAEzD,2EAA2E;YAC3E,wDAAwD;YACxD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,MAAM,gBAAgB,GAAqB;YACzC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,UAAU,EAAE;gBACV,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;gBAC/C,cAAc,EAAE,MAAM,CAAC,cAAc;aACtC;SACF,CAAC;QAEF,mCAAmC;QACnC,OAAO,IAAI,wBAAU,CAAC,gBAAgB,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAEtE,kCAAkC;QAClC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;QAED,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/utils/data-client-redirect.d.ts

@@ -0,0 +1,22 @@
+/**
+ * DataClient redirect to login utilities
+ * Handles redirect to login flow with proper error handling
+ */
+import { DataClientConfig } from "../types/data-client.types";
+/**
+ * Synchronously get and validate redirect URL
+ * Validates the URL before returning it
+ * @param url - URL to validate and return
+ * @param fallbackUrl - Optional fallback URL if primary is invalid
+ * @returns Validated URL string or null if both are invalid
+ */
+export declare function getValidatedRedirectUrl(url: string | null, fallbackUrl?: string | null): string | null;
+/**
+ * Redirect to login page via controller
+ * Calls the controller login endpoint with redirect parameter and x-client-token header
+ * @param config - DataClient configuration
+ * @param getClientTokenFn - Function to get client token
+ * @param redirectUrl - Optional redirect URL to return to after login (defaults to current page URL)
+ */
+export declare function redirectToLogin(config: DataClientConfig, getClientTokenFn: () => Promise<string | null>, redirectUrl?: string): Promise<void>;
+//# sourceMappingURL=data-client-redirect.d.ts.map

package/dist/utils/data-client-redirect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data-client-redirect.d.ts","sourceRoot":"","sources":["../../src/utils/data-client-redirect.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AA0P9D;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI,CAiBtG;AAoGD;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,gBAAgB,EACxB,gBAAgB,EAAE,MAAM,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,EAC9C,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,IAAI,CAAC,CA+Bf"}

package/dist/utils/data-client-redirect.js

@@ -0,0 +1,345 @@
+"use strict";
+/**
+ * DataClient redirect to login utilities
+ * Handles redirect to login flow with proper error handling
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getValidatedRedirectUrl = getValidatedRedirectUrl;
+exports.redirectToLogin = redirectToLogin;
+const data_client_auth_1 = require("./data-client-auth");
+const data_client_utils_1 = require("./data-client-utils");
+/**
+ * Build login request headers with client token
+ */
+function buildLoginHeaders(clientToken) {
+    const headers = {
+        "Content-Type": "application/json",
+    };
+    if (clientToken) {
+        headers["x-client-token"] = clientToken;
+    }
+    return headers;
+}
+/**
+ * Build login endpoint URL with redirect parameter
+ */
+function buildLoginEndpointUrl(controllerUrl, redirectUrl) {
+    const loginEndpoint = `${controllerUrl}/api/v1/auth/login`;
+    const url = new URL(loginEndpoint);
+    url.searchParams.set("redirect", redirectUrl);
+    return url.toString();
+}
+/**
+ * Handle non-OK response from controller login endpoint
+ */
+function handleLoginErrorResponse(response, controllerUrl, clientToken) {
+    const errorTextPromise = response.text().catch(() => 'Unable to read error response');
+    // Create user-friendly error message based on status code
+    let userFriendlyMessage = `Login request failed: ${response.status} ${response.statusText}`;
+    if (response.status === 401 || response.status === 403) {
+        userFriendlyMessage = "Authentication failed: Invalid client credentials. Please check your configuration.";
+    }
+    else if (response.status === 404) {
+        userFriendlyMessage = `Authentication endpoint not found at ${controllerUrl}/api/v1/auth/login. Please verify your controller URL configuration.`;
+    }
+    else if (response.status >= 500) {
+        userFriendlyMessage = "Authentication server error. Please try again later or contact support.";
+    }
+    return errorTextPromise.then((errorText) => {
+        const error = new Error(userFriendlyMessage);
+        error.details = {
+            status: response.status,
+            statusText: response.statusText,
+            errorText,
+            controllerUrl,
+            hasClientToken: !!clientToken,
+        };
+        throw error;
+    });
+}
+/**
+ * Extract login URL from controller response
+ */
+function extractLoginUrl(data) {
+    return data.data?.loginUrl || data.loginUrl || null;
+}
+/**
+ * Create user-friendly error message for network errors
+ */
+function createNetworkErrorMessage(errorMessage, controllerUrl, clientToken) {
+    if (errorMessage.includes("Failed to fetch") || errorMessage.includes("NetworkError") || errorMessage.includes("ERR_CONNECTION_REFUSED")) {
+        return `Cannot connect to authentication server at ${controllerUrl || 'unknown'}. Please check your network connection and server configuration.`;
+    }
+    if (!clientToken) {
+        return "Client token is missing. Please initialize DataClient with proper credentials.";
+    }
+    return `Login failed: ${errorMessage}`;
+}
+/**
+ * Validate controller URL configuration
+ */
+function validateControllerUrl(config) {
+    const controllerUrl = (0, data_client_auth_1.getControllerUrl)(config.misoConfig);
+    if (!controllerUrl) {
+        const error = new Error("Controller URL is not configured. Please configure controllerUrl or controllerPublicUrl in your DataClient configuration.");
+        error.details = {
+            hasMisoConfig: !!config.misoConfig,
+            controllerUrl: config.misoConfig?.controllerUrl,
+            controllerPublicUrl: config.misoConfig?.controllerPublicUrl,
+            loginUrl: config.loginUrl,
+        };
+        throw error;
+    }
+    return controllerUrl;
+}
+/**
+ * Call controller login endpoint
+ */
+async function callControllerLoginEndpoint(endpointUrl, headers, controllerUrl, clientToken) {
+    let response;
+    // Add timeout to prevent hanging (30 seconds)
+    const timeout = 30000;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => {
+        controller.abort();
+    }, timeout);
+    try {
+        response = await fetch(endpointUrl, {
+            method: "GET",
+            headers,
+            credentials: "include",
+            signal: controller.signal,
+            redirect: "manual", // Don't follow redirects automatically - we'll handle them explicitly
+        });
+        clearTimeout(timeoutId);
+    }
+    catch (fetchError) {
+        clearTimeout(timeoutId);
+        const errorMessage = fetchError instanceof Error ? fetchError.message : String(fetchError);
+        const errorName = fetchError instanceof Error ? fetchError.name : "Unknown";
+        const isAbortError = errorName === "AbortError" || errorMessage.includes("aborted");
+        const isNetworkError = errorName === "TypeError" || errorMessage.includes("Failed to fetch");
+        // Create user-friendly error message
+        let userFriendlyMessage = `Failed to fetch login endpoint: ${errorMessage}`;
+        if (isAbortError) {
+            userFriendlyMessage = `Request timeout: The login endpoint did not respond within ${timeout}ms. Please check your network connection and server status.`;
+        }
+        else if (isNetworkError) {
+            if (errorMessage.includes("CORS") || errorMessage.includes("cross-origin")) {
+                userFriendlyMessage = `CORS error: Cannot connect to ${controllerUrl}. The server may not allow cross-origin requests. Please check CORS configuration.`;
+            }
+            else {
+                userFriendlyMessage = `Network error: Cannot connect to ${controllerUrl}. Please check your network connection and ensure the server is running.`;
+            }
+        }
+        // Re-throw with more context
+        const networkError = new Error(userFriendlyMessage);
+        networkError.details = {
+            endpointUrl,
+            hasClientToken: !!clientToken,
+            originalError: errorMessage,
+            errorName,
+            isTimeout: isAbortError,
+            isCorsError: isNetworkError && (errorMessage.includes("CORS") || errorMessage.includes("cross-origin")),
+        };
+        throw networkError;
+    }
+    // Handle case where response is undefined (shouldn't happen, but be safe)
+    if (!response) {
+        throw new Error("Failed to fetch login endpoint: response is undefined");
+    }
+    // Check for redirect status codes - these should be handled, not followed automatically
+    if (response.status >= 300 && response.status < 400) {
+        // Don't follow redirect automatically - treat as error
+        throw new Error(`Server returned redirect status ${response.status}. This should not happen for login endpoint.`);
+    }
+    if (!response.ok) {
+        throw await handleLoginErrorResponse(response, controllerUrl, clientToken);
+    }
+    let data;
+    try {
+        data = (await response.json());
+    }
+    catch (jsonError) {
+        const errorMessage = jsonError instanceof Error ? jsonError.message : String(jsonError);
+        throw new Error(`Failed to parse login response: ${errorMessage}. Status: ${response.status} ${response.statusText}`);
+    }
+    return data;
+}
+/**
+ * Validate redirect URL for safety and format
+ * Checks for valid URL format and safe protocols (http, https)
+ * @param url - URL to validate
+ * @returns Validated URL string or null if invalid
+ */
+function validateRedirectUrl(url) {
+    if (!url || typeof url !== 'string' || url.trim() === '') {
+        return null;
+    }
+    const trimmedUrl = url.trim();
+    // Check for dangerous protocols (javascript:, data:, etc.)
+    const dangerousProtocols = ['javascript:', 'data:', 'vbscript:', 'file:', 'about:'];
+    const lowerUrl = trimmedUrl.toLowerCase();
+    for (const protocol of dangerousProtocols) {
+        if (lowerUrl.startsWith(protocol)) {
+            return null;
+        }
+    }
+    // Try to parse as URL
+    let parsedUrl;
+    try {
+        // If it's a relative URL, create a full URL using current origin
+        if (trimmedUrl.startsWith('/') || !trimmedUrl.includes('://')) {
+            const origin = globalThis.window.location.origin;
+            parsedUrl = new URL(trimmedUrl, origin);
+        }
+        else {
+            parsedUrl = new URL(trimmedUrl);
+        }
+    }
+    catch (error) {
+        return null;
+    }
+    // Only allow http and https protocols
+    if (parsedUrl.protocol !== 'http:' && parsedUrl.protocol !== 'https:') {
+        return null;
+    }
+    // Return the validated URL (use href to get full URL)
+    const validatedUrl = parsedUrl.href;
+    return validatedUrl;
+}
+/**
+ * Synchronously get and validate redirect URL
+ * Validates the URL before returning it
+ * @param url - URL to validate and return
+ * @param fallbackUrl - Optional fallback URL if primary is invalid
+ * @returns Validated URL string or null if both are invalid
+ */
+function getValidatedRedirectUrl(url, fallbackUrl) {
+    // Try primary URL first
+    const validatedUrl = validateRedirectUrl(url);
+    if (validatedUrl) {
+        return validatedUrl;
+    }
+    // Try fallback URL if provided
+    if (fallbackUrl) {
+        const validatedFallback = validateRedirectUrl(fallbackUrl);
+        if (validatedFallback) {
+            return validatedFallback;
+        }
+    }
+    // Both URLs invalid
+    return null;
+}
+/**
+ * Handle successful login response
+ * IMPORTANT: Only redirects if controller returns valid loginUrl - NO fallback redirects
+ */
+function handleSuccessfulLoginResponse(loginUrl, controllerUrl, data, clientToken, _config) {
+    // CRITICAL: Only use loginUrl from controller - do NOT use fallback URL
+    // If controller doesn't return a valid URL, throw error instead of redirecting
+    const validatedUrl = getValidatedRedirectUrl(loginUrl);
+    if (validatedUrl) {
+        try {
+            globalThis.window.location.href = validatedUrl;
+            return;
+        }
+        catch (redirectError) {
+            const error = new Error("Failed to redirect to login URL. The URL may be blocked by browser security policies.");
+            error.details = {
+                validatedUrl,
+                originalLoginUrl: loginUrl,
+                redirectError: redirectError instanceof Error ? redirectError.message : String(redirectError),
+            };
+            throw error;
+        }
+    }
+    // Controller did not return a valid login URL - throw error (do NOT use fallback)
+    const error = new Error("Controller did not return a valid login URL. Please check your controller configuration and ensure the login endpoint is working correctly.");
+    error.details = {
+        controllerUrl,
+        responseData: data,
+        hasClientToken: !!clientToken,
+        originalLoginUrl: loginUrl,
+        validationFailed: true,
+    };
+    throw error;
+}
+/**
+ * Handle login errors
+ * IMPORTANT: Does NOT redirect on error - throws error instead
+ * Redirects should only happen on successful responses
+ * @param error - The error that occurred
+ * @param controllerUrl - Controller URL
+ * @param clientToken - Client token if available
+ * @param config - DataClient configuration
+ * @param skipLogging - If true, skip logging (error already logged)
+ */
+function handleLoginError(error, controllerUrl, clientToken, config, skipLogging = false) {
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    const errorName = error instanceof Error ? error.name : "Unknown";
+    const _errorStack = error instanceof Error ? error.stack : undefined;
+    const errorDetails = error?.details;
+    // Log error - test expects Error object as second parameter
+    if (!skipLogging) {
+        const logError = error instanceof Error ? error : new Error(String(error));
+        console.error("[redirectToLogin] Failed to get login URL from controller:", logError);
+    }
+    // DO NOT redirect on error - throw error instead
+    // Redirects should only happen when fetch succeeds and returns valid URL
+    // For non-network errors, throw immediately
+    if (error instanceof Error && error.message && !error.message.includes("Failed to fetch")) {
+        throw error;
+    }
+    const fullErrorDetails = {
+        message: errorMessage,
+        name: errorName,
+        originalDetails: errorDetails,
+        controllerUrl,
+        hasClientToken: !!clientToken,
+        config: {
+            loginUrl: config.loginUrl,
+            hasMisoConfig: !!config.misoConfig,
+            controllerUrl: config.misoConfig?.controllerUrl,
+            controllerPublicUrl: config.misoConfig?.controllerPublicUrl,
+        },
+    };
+    const userFriendlyMessage = createNetworkErrorMessage(errorMessage, controllerUrl, clientToken);
+    const loginError = new Error(userFriendlyMessage);
+    loginError.details = fullErrorDetails;
+    throw loginError;
+}
+/**
+ * Redirect to login page via controller
+ * Calls the controller login endpoint with redirect parameter and x-client-token header
+ * @param config - DataClient configuration
+ * @param getClientTokenFn - Function to get client token
+ * @param redirectUrl - Optional redirect URL to return to after login (defaults to current page URL)
+ */
+async function redirectToLogin(config, getClientTokenFn, redirectUrl) {
+    if (!(0, data_client_utils_1.isBrowser)()) {
+        return;
+    }
+    const currentUrl = globalThis.window.location.href;
+    const finalRedirectUrl = redirectUrl || currentUrl;
+    const controllerUrl = validateControllerUrl(config);
+    let clientToken = null;
+    try {
+        clientToken = await getClientTokenFn();
+        const endpointUrl = buildLoginEndpointUrl(controllerUrl, finalRedirectUrl);
+        const headers = buildLoginHeaders(clientToken);
+        // Fetch login URL from controller - this MUST succeed for redirect to happen
+        const data = await callControllerLoginEndpoint(endpointUrl, headers, controllerUrl, clientToken);
+        const loginUrl = extractLoginUrl(data);
+        // Only redirect if we got a valid response - handleSuccessfulLoginResponse will validate URL
+        handleSuccessfulLoginResponse(loginUrl, controllerUrl, data, clientToken, config);
+    }
+    catch (error) {
+        // CRITICAL: Do NOT redirect on error - throw error instead
+        // Redirects should ONLY happen when fetch succeeds and returns valid URL
+        handleLoginError(error, controllerUrl, clientToken, config);
+        // This line should never be reached since handleLoginError always throws
+        throw error;
+    }
+}
+//# sourceMappingURL=data-client-redirect.js.map