@aigne/afs-omada 1.11.0-beta.12

package/LICENSE.md

@@ -0,0 +1,26 @@
+# Proprietary License
+
+Copyright (c) 2024-2025 ArcBlock, Inc. All Rights Reserved.
+
+This software and associated documentation files (the "Software") are proprietary
+and confidential. Unauthorized copying, modification, distribution, or use of
+this Software, via any medium, is strictly prohibited.
+
+The Software is provided for internal use only within ArcBlock, Inc. and its
+authorized affiliates.
+
+## No License Granted
+
+No license, express or implied, is granted to any party for any purpose.
+All rights are reserved by ArcBlock, Inc.
+
+## Public Artifact Distribution
+
+Portions of this Software may be released publicly under separate open-source
+licenses (such as MIT License) through designated public repositories. Such
+public releases are governed by their respective licenses and do not affect
+the proprietary nature of this repository.
+
+## Contact
+
+For licensing inquiries, contact: legal@arcblock.io

package/dist/_virtual/_@oxc-project_runtime@0.108.0/helpers/decorate.cjs

@@ -0,0 +1,11 @@
+
+//#region \0@oxc-project+runtime@0.108.0/helpers/decorate.js
+function __decorate(decorators, target, key, desc) {
+	var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+	if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+	else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+	return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+
+//#endregion
+exports.__decorate = __decorate;

package/dist/_virtual/_@oxc-project_runtime@0.108.0/helpers/decorate.mjs

@@ -0,0 +1,10 @@
+//#region \0@oxc-project+runtime@0.108.0/helpers/decorate.js
+function __decorate(decorators, target, key, desc) {
+	var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+	if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+	else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+	return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+
+//#endregion
+export { __decorate };

package/dist/cache.cjs

@@ -0,0 +1,59 @@
+
+//#region src/cache.ts
+var OmadaCache = class {
+	store = /* @__PURE__ */ new Map();
+	ttlMs;
+	constructor(ttlSeconds) {
+		this.ttlMs = ttlSeconds * 1e3;
+	}
+	/**
+	* Get a cached value, or undefined if expired/missing.
+	*/
+	get(key) {
+		if (this.ttlMs <= 0) return void 0;
+		const entry = this.store.get(key);
+		if (!entry) return void 0;
+		if (Date.now() >= entry.expiresAt) {
+			this.store.delete(key);
+			return;
+		}
+		return entry.data;
+	}
+	/**
+	* Set a cached value with TTL.
+	*/
+	set(key, data) {
+		if (this.ttlMs <= 0) return;
+		this.store.set(key, {
+			data,
+			expiresAt: Date.now() + this.ttlMs
+		});
+	}
+	/**
+	* Invalidate a specific cache key.
+	*/
+	invalidate(key) {
+		this.store.delete(key);
+	}
+	/**
+	* Invalidate all cache keys matching a prefix.
+	*/
+	invalidatePrefix(prefix) {
+		for (const key of this.store.keys()) if (key.startsWith(prefix)) this.store.delete(key);
+	}
+	/**
+	* Clear the entire cache.
+	*/
+	clear() {
+		this.store.clear();
+	}
+	/**
+	* Get the number of cached entries (for testing).
+	*/
+	get size() {
+		return this.store.size;
+	}
+};
+
+//#endregion
+exports.OmadaCache = OmadaCache;

package/dist/cache.d.cts

@@ -0,0 +1,39 @@
+//#region src/cache.d.ts
+/**
+ * TTL cache for Omada API responses.
+ *
+ * Provides per-key caching with configurable TTL and manual invalidation.
+ * Cache keys include siteId to prevent cross-site data mixing.
+ */
+declare class OmadaCache {
+  private store;
+  private ttlMs;
+  constructor(ttlSeconds: number);
+  /**
+   * Get a cached value, or undefined if expired/missing.
+   */
+  get<T>(key: string): T | undefined;
+  /**
+   * Set a cached value with TTL.
+   */
+  set<T>(key: string, data: T): void;
+  /**
+   * Invalidate a specific cache key.
+   */
+  invalidate(key: string): void;
+  /**
+   * Invalidate all cache keys matching a prefix.
+   */
+  invalidatePrefix(prefix: string): void;
+  /**
+   * Clear the entire cache.
+   */
+  clear(): void;
+  /**
+   * Get the number of cached entries (for testing).
+   */
+  get size(): number;
+}
+//#endregion
+export { OmadaCache };
+//# sourceMappingURL=cache.d.cts.map

package/dist/cache.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.d.cts","names":[],"sources":["../src/cache.ts"],"mappings":";;AAYA;;;;;cAAa,UAAA;EAAA,QACH,KAAA;EAAA,QACA,KAAA;cAEI,UAAA;EAOR;;;EAAJ,GAAA,GAAA,CAAO,GAAA,WAAc,CAAA;EAiBjB;;;EAAJ,GAAA,GAAA,CAAO,GAAA,UAAa,IAAA,EAAM,CAAA;EAY1B;;;EAAA,UAAA,CAAW,GAAA;EAkBX;;;EAXA,gBAAA,CAAiB,MAAA;;;;EAWjB,KAAA,CAAA;;;;MAOI,IAAA,CAAA;AAAA"}

package/dist/cache.d.mts

@@ -0,0 +1,39 @@
+//#region src/cache.d.ts
+/**
+ * TTL cache for Omada API responses.
+ *
+ * Provides per-key caching with configurable TTL and manual invalidation.
+ * Cache keys include siteId to prevent cross-site data mixing.
+ */
+declare class OmadaCache {
+  private store;
+  private ttlMs;
+  constructor(ttlSeconds: number);
+  /**
+   * Get a cached value, or undefined if expired/missing.
+   */
+  get<T>(key: string): T | undefined;
+  /**
+   * Set a cached value with TTL.
+   */
+  set<T>(key: string, data: T): void;
+  /**
+   * Invalidate a specific cache key.
+   */
+  invalidate(key: string): void;
+  /**
+   * Invalidate all cache keys matching a prefix.
+   */
+  invalidatePrefix(prefix: string): void;
+  /**
+   * Clear the entire cache.
+   */
+  clear(): void;
+  /**
+   * Get the number of cached entries (for testing).
+   */
+  get size(): number;
+}
+//#endregion
+export { OmadaCache };
+//# sourceMappingURL=cache.d.mts.map

package/dist/cache.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.d.mts","names":[],"sources":["../src/cache.ts"],"mappings":";;AAYA;;;;;cAAa,UAAA;EAAA,QACH,KAAA;EAAA,QACA,KAAA;cAEI,UAAA;EAOR;;;EAAJ,GAAA,GAAA,CAAO,GAAA,WAAc,CAAA;EAiBjB;;;EAAJ,GAAA,GAAA,CAAO,GAAA,UAAa,IAAA,EAAM,CAAA;EAY1B;;;EAAA,UAAA,CAAW,GAAA;EAkBX;;;EAXA,gBAAA,CAAiB,MAAA;;;;EAWjB,KAAA,CAAA;;;;MAOI,IAAA,CAAA;AAAA"}

package/dist/cache.mjs

@@ -0,0 +1,59 @@
+//#region src/cache.ts
+var OmadaCache = class {
+	store = /* @__PURE__ */ new Map();
+	ttlMs;
+	constructor(ttlSeconds) {
+		this.ttlMs = ttlSeconds * 1e3;
+	}
+	/**
+	* Get a cached value, or undefined if expired/missing.
+	*/
+	get(key) {
+		if (this.ttlMs <= 0) return void 0;
+		const entry = this.store.get(key);
+		if (!entry) return void 0;
+		if (Date.now() >= entry.expiresAt) {
+			this.store.delete(key);
+			return;
+		}
+		return entry.data;
+	}
+	/**
+	* Set a cached value with TTL.
+	*/
+	set(key, data) {
+		if (this.ttlMs <= 0) return;
+		this.store.set(key, {
+			data,
+			expiresAt: Date.now() + this.ttlMs
+		});
+	}
+	/**
+	* Invalidate a specific cache key.
+	*/
+	invalidate(key) {
+		this.store.delete(key);
+	}
+	/**
+	* Invalidate all cache keys matching a prefix.
+	*/
+	invalidatePrefix(prefix) {
+		for (const key of this.store.keys()) if (key.startsWith(prefix)) this.store.delete(key);
+	}
+	/**
+	* Clear the entire cache.
+	*/
+	clear() {
+		this.store.clear();
+	}
+	/**
+	* Get the number of cached entries (for testing).
+	*/
+	get size() {
+		return this.store.size;
+	}
+};
+
+//#endregion
+export { OmadaCache };
+//# sourceMappingURL=cache.mjs.map

package/dist/cache.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache.mjs","names":[],"sources":["../src/cache.ts"],"sourcesContent":["/**\n * TTL cache for Omada API responses.\n *\n * Provides per-key caching with configurable TTL and manual invalidation.\n * Cache keys include siteId to prevent cross-site data mixing.\n */\n\ninterface CacheEntry<T> {\n  data: T;\n  expiresAt: number;\n}\n\nexport class OmadaCache {\n  private store = new Map<string, CacheEntry<unknown>>();\n  private ttlMs: number;\n\n  constructor(ttlSeconds: number) {\n    this.ttlMs = ttlSeconds * 1000;\n  }\n\n  /**\n   * Get a cached value, or undefined if expired/missing.\n   */\n  get<T>(key: string): T | undefined {\n    if (this.ttlMs <= 0) return undefined;\n\n    const entry = this.store.get(key);\n    if (!entry) return undefined;\n\n    if (Date.now() >= entry.expiresAt) {\n      this.store.delete(key);\n      return undefined;\n    }\n\n    return entry.data as T;\n  }\n\n  /**\n   * Set a cached value with TTL.\n   */\n  set<T>(key: string, data: T): void {\n    if (this.ttlMs <= 0) return;\n\n    this.store.set(key, {\n      data,\n      expiresAt: Date.now() + this.ttlMs,\n    });\n  }\n\n  /**\n   * Invalidate a specific cache key.\n   */\n  invalidate(key: string): void {\n    this.store.delete(key);\n  }\n\n  /**\n   * Invalidate all cache keys matching a prefix.\n   */\n  invalidatePrefix(prefix: string): void {\n    for (const key of this.store.keys()) {\n      if (key.startsWith(prefix)) {\n        this.store.delete(key);\n      }\n    }\n  }\n\n  /**\n   * Clear the entire cache.\n   */\n  clear(): void {\n    this.store.clear();\n  }\n\n  /**\n   * Get the number of cached entries (for testing).\n   */\n  get size(): number {\n    return this.store.size;\n  }\n}\n"],"mappings":";AAYA,IAAa,aAAb,MAAwB;CACtB,AAAQ,wBAAQ,IAAI,KAAkC;CACtD,AAAQ;CAER,YAAY,YAAoB;AAC9B,OAAK,QAAQ,aAAa;;;;;CAM5B,IAAO,KAA4B;AACjC,MAAI,KAAK,SAAS,EAAG,QAAO;EAE5B,MAAM,QAAQ,KAAK,MAAM,IAAI,IAAI;AACjC,MAAI,CAAC,MAAO,QAAO;AAEnB,MAAI,KAAK,KAAK,IAAI,MAAM,WAAW;AACjC,QAAK,MAAM,OAAO,IAAI;AACtB;;AAGF,SAAO,MAAM;;;;;CAMf,IAAO,KAAa,MAAe;AACjC,MAAI,KAAK,SAAS,EAAG;AAErB,OAAK,MAAM,IAAI,KAAK;GAClB;GACA,WAAW,KAAK,KAAK,GAAG,KAAK;GAC9B,CAAC;;;;;CAMJ,WAAW,KAAmB;AAC5B,OAAK,MAAM,OAAO,IAAI;;;;;CAMxB,iBAAiB,QAAsB;AACrC,OAAK,MAAM,OAAO,KAAK,MAAM,MAAM,CACjC,KAAI,IAAI,WAAW,OAAO,CACxB,MAAK,MAAM,OAAO,IAAI;;;;;CAQ5B,QAAc;AACZ,OAAK,MAAM,OAAO;;;;;CAMpB,IAAI,OAAe;AACjB,SAAO,KAAK,MAAM"}

package/dist/client.cjs

@@ -0,0 +1,168 @@
+let ufo = require("ufo");
+
+//#region src/client.ts
+/** Validate that an ID-like string is safe for URL path construction. */
+function validateIdParam(value, name) {
+	if (!/^[\w-]+$/.test(value)) throw new Error(`Invalid ${name}: must be alphanumeric with hyphens/underscores`);
+}
+/**
+* OmadaApiClient manages authentication and API calls to the Omada SDN Controller.
+*
+* Handles:
+* - OAuth2 client credentials token acquisition
+* - Non-standard Omada auth headers (Cookie + Csrf-Token)
+* - Token refresh before expiration
+* - Concurrent refresh prevention
+* - omadacId auto-discovery from /api/info
+*/
+var OmadaApiClient = class {
+	tokenState = null;
+	refreshPromise = null;
+	omadacId;
+	/** Base URL for Omada controller (read-only, validated at construction) */
+	baseUrl;
+	/** Whether to skip TLS certificate verification (for self-signed certs) */
+	tlsRejectUnauthorized;
+	#clientId;
+	#clientSecret;
+	constructor(baseUrl, clientId, clientSecret, omadacId, strictSsl) {
+		this.baseUrl = baseUrl;
+		this.#clientId = clientId;
+		this.#clientSecret = clientSecret;
+		this.omadacId = omadacId;
+		this.tlsRejectUnauthorized = strictSsl;
+	}
+	/**
+	* Ensure omadacId is available, discovering it if not provided.
+	*/
+	async ensureOmadacId() {
+		if (this.omadacId) return this.omadacId;
+		this.omadacId = await this.discoverOmadacId();
+		return this.omadacId;
+	}
+	/**
+	* Discover omadacId from GET /api/info endpoint (no auth required).
+	*/
+	async discoverOmadacId() {
+		const url = (0, ufo.joinURL)(this.baseUrl, "/api/info");
+		const resp = await this.rawFetch(url);
+		if (!resp.ok) throw new Error(`Failed to discover omadacId: HTTP ${resp.status}`);
+		const data = await resp.json();
+		if (data.errorCode !== 0) throw new Error(`Omada API error discovering omadacId: errorCode=${data.errorCode}`);
+		if (!data.result?.omadacId) throw new Error("Omada API /api/info response missing result.omadacId field");
+		validateIdParam(data.result.omadacId, "omadacId (discovered)");
+		return data.result.omadacId;
+	}
+	/**
+	* Acquire or refresh OAuth2 token.
+	* Prevents concurrent refreshes using a shared promise.
+	*/
+	async authorize() {
+		if (this.refreshPromise) {
+			await this.refreshPromise;
+			return;
+		}
+		this.refreshPromise = this._doAuthorize();
+		try {
+			await this.refreshPromise;
+		} finally {
+			this.refreshPromise = null;
+		}
+	}
+	async _doAuthorize() {
+		const omadacId = await this.ensureOmadacId();
+		const url = (0, ufo.joinURL)(this.baseUrl, `/${omadacId}/openapi/authorize/token`);
+		const body = {
+			omadacId,
+			client_id: this.#clientId,
+			client_secret: this.#clientSecret,
+			grant_type: "client_credentials"
+		};
+		if (this.tokenState?.refreshToken) {
+			body.grant_type = "refresh_token";
+			body.refresh_token = this.tokenState.refreshToken;
+		}
+		const resp = await this.rawFetch(url, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(body)
+		});
+		if (!resp.ok) throw new Error(`Omada authorization failed: HTTP ${resp.status}`);
+		const data = await resp.json();
+		if (data.errorCode !== 0 || !data.result?.accessToken) throw new Error(`Omada authorization failed: errorCode=${data.errorCode}`);
+		this.tokenState = {
+			accessToken: data.result.accessToken,
+			refreshToken: data.result.refreshToken,
+			expiresAt: Date.now() + (data.result.expiresIn - 60) * 1e3
+		};
+	}
+	/**
+	* Ensure we have a valid token, refreshing if needed.
+	*/
+	async ensureToken() {
+		if (!this.tokenState || Date.now() >= this.tokenState.expiresAt) await this.authorize();
+		return this.tokenState.accessToken;
+	}
+	/**
+	* Make an authenticated GET API call to the Omada controller.
+	* Automatically handles token acquisition and the non-standard auth headers.
+	*/
+	async request(path, options = {}) {
+		const token = await this.ensureToken();
+		const omadacId = await this.ensureOmadacId();
+		let url = (0, ufo.joinURL)(this.baseUrl, `/${omadacId}/openapi/v1`, path);
+		if (options.params) {
+			const searchParams = new URLSearchParams();
+			for (const [key, value] of Object.entries(options.params)) searchParams.set(key, String(value));
+			url = `${url}?${searchParams.toString()}`;
+		}
+		const headers = {
+			"Content-Type": "application/json",
+			Cookie: `TPLINK_OMADA_SESSIONID=${token}`,
+			"Csrf-Token": token
+		};
+		const fetchOptions = {
+			method: options.method || "GET",
+			headers
+		};
+		if (options.body) fetchOptions.body = JSON.stringify(options.body);
+		const resp = await this.rawFetch(url, fetchOptions);
+		if (!resp.ok) throw new Error(`Omada API error: HTTP ${resp.status} for ${options.method || "GET"} ${path}`);
+		const data = await resp.json();
+		if (data.errorCode !== 0) throw new Error(`Omada API error: errorCode=${data.errorCode}${data.msg ? ` msg=${data.msg}` : ""} for ${path}`);
+		return data.result;
+	}
+	/**
+	* Convenience wrapper for POST requests.
+	*/
+	async post(path, body) {
+		return this.request(path, {
+			method: "POST",
+			body
+		});
+	}
+	/**
+	* Convenience wrapper for PATCH requests.
+	*/
+	async patch(path, body) {
+		return this.request(path, {
+			method: "PATCH",
+			body
+		});
+	}
+	/**
+	* Raw fetch wrapper that handles TLS certificate verification.
+	* When tlsRejectUnauthorized=false, skips certificate validation
+	* (common for self-signed certs on Omada controllers).
+	*/
+	rawFetch(url, options) {
+		if (!this.tlsRejectUnauthorized) return fetch(url, {
+			...options,
+			tls: { rejectUnauthorized: false }
+		});
+		return fetch(url, options);
+	}
+};
+
+//#endregion
+exports.OmadaApiClient = OmadaApiClient;

package/dist/client.d.cts

@@ -0,0 +1,66 @@
+//#region src/client.d.ts
+/**
+ * OmadaApiClient manages authentication and API calls to the Omada SDN Controller.
+ *
+ * Handles:
+ * - OAuth2 client credentials token acquisition
+ * - Non-standard Omada auth headers (Cookie + Csrf-Token)
+ * - Token refresh before expiration
+ * - Concurrent refresh prevention
+ * - omadacId auto-discovery from /api/info
+ */
+declare class OmadaApiClient {
+  #private;
+  private tokenState;
+  private refreshPromise;
+  private omadacId;
+  /** Base URL for Omada controller (read-only, validated at construction) */
+  readonly baseUrl: string;
+  /** Whether to skip TLS certificate verification (for self-signed certs) */
+  readonly tlsRejectUnauthorized: boolean;
+  constructor(baseUrl: string, clientId: string, clientSecret: string, omadacId: string | undefined, strictSsl: boolean);
+  /**
+   * Ensure omadacId is available, discovering it if not provided.
+   */
+  ensureOmadacId(): Promise<string>;
+  /**
+   * Discover omadacId from GET /api/info endpoint (no auth required).
+   */
+  discoverOmadacId(): Promise<string>;
+  /**
+   * Acquire or refresh OAuth2 token.
+   * Prevents concurrent refreshes using a shared promise.
+   */
+  authorize(): Promise<void>;
+  private _doAuthorize;
+  /**
+   * Ensure we have a valid token, refreshing if needed.
+   */
+  private ensureToken;
+  /**
+   * Make an authenticated GET API call to the Omada controller.
+   * Automatically handles token acquisition and the non-standard auth headers.
+   */
+  request<T = unknown>(path: string, options?: {
+    method?: string;
+    body?: unknown;
+    params?: Record<string, string | number>;
+  }): Promise<T>;
+  /**
+   * Convenience wrapper for POST requests.
+   */
+  post<T = unknown>(path: string, body?: unknown): Promise<T>;
+  /**
+   * Convenience wrapper for PATCH requests.
+   */
+  patch<T = unknown>(path: string, body?: unknown): Promise<T>;
+  /**
+   * Raw fetch wrapper that handles TLS certificate verification.
+   * When tlsRejectUnauthorized=false, skips certificate validation
+   * (common for self-signed certs on Omada controllers).
+   */
+  private rawFetch;
+}
+//#endregion
+export { OmadaApiClient };
+//# sourceMappingURL=client.d.cts.map

package/dist/client.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.cts","names":[],"sources":["../src/client.ts"],"mappings":";;AA4BA;;;;;;;;;cAAa,cAAA;EAAA;UACH,UAAA;EAAA,QACA,cAAA;EAAA,QACA,QAAA;EAmNuD;EAAA,SAhNtD,OAAA;EALD;EAAA,SAQC,qBAAA;cAOP,OAAA,UACA,QAAA,UACA,YAAA,UACA,QAAA,sBACA,SAAA;EAdO;;;EA0BH,cAAA,CAAA,GAAkB,OAAA;EAftB;;;EAwBI,gBAAA,CAAA,GAAoB,OAAA;EATpB;;;;EAsCA,SAAA,CAAA,GAAa,OAAA;EAAA,QAeL,YAAA;EAAA;;;EAAA,QAoDA,WAAA;EAYZ;;;;EADI,OAAA,aAAA,CACJ,IAAA,UACA,OAAA;IACE,MAAA;IACA,IAAA;IACA,MAAA,GAAS,MAAA;EAAA,IAEV,OAAA,CAAQ,CAAA;EAoDA;;;EAAL,IAAA,aAAA,CAAkB,IAAA,UAAc,IAAA,aAAiB,OAAA,CAAQ,CAAA;EAAA;;;EAOzD,KAAA,aAAA,CAAmB,IAAA,UAAc,IAAA,aAAiB,OAAA,CAAQ,CAAA;EAAzB;;;;;EAAA,QAS/B,QAAA;AAAA"}

package/dist/client.d.mts

@@ -0,0 +1,66 @@
+//#region src/client.d.ts
+/**
+ * OmadaApiClient manages authentication and API calls to the Omada SDN Controller.
+ *
+ * Handles:
+ * - OAuth2 client credentials token acquisition
+ * - Non-standard Omada auth headers (Cookie + Csrf-Token)
+ * - Token refresh before expiration
+ * - Concurrent refresh prevention
+ * - omadacId auto-discovery from /api/info
+ */
+declare class OmadaApiClient {
+  #private;
+  private tokenState;
+  private refreshPromise;
+  private omadacId;
+  /** Base URL for Omada controller (read-only, validated at construction) */
+  readonly baseUrl: string;
+  /** Whether to skip TLS certificate verification (for self-signed certs) */
+  readonly tlsRejectUnauthorized: boolean;
+  constructor(baseUrl: string, clientId: string, clientSecret: string, omadacId: string | undefined, strictSsl: boolean);
+  /**
+   * Ensure omadacId is available, discovering it if not provided.
+   */
+  ensureOmadacId(): Promise<string>;
+  /**
+   * Discover omadacId from GET /api/info endpoint (no auth required).
+   */
+  discoverOmadacId(): Promise<string>;
+  /**
+   * Acquire or refresh OAuth2 token.
+   * Prevents concurrent refreshes using a shared promise.
+   */
+  authorize(): Promise<void>;
+  private _doAuthorize;
+  /**
+   * Ensure we have a valid token, refreshing if needed.
+   */
+  private ensureToken;
+  /**
+   * Make an authenticated GET API call to the Omada controller.
+   * Automatically handles token acquisition and the non-standard auth headers.
+   */
+  request<T = unknown>(path: string, options?: {
+    method?: string;
+    body?: unknown;
+    params?: Record<string, string | number>;
+  }): Promise<T>;
+  /**
+   * Convenience wrapper for POST requests.
+   */
+  post<T = unknown>(path: string, body?: unknown): Promise<T>;
+  /**
+   * Convenience wrapper for PATCH requests.
+   */
+  patch<T = unknown>(path: string, body?: unknown): Promise<T>;
+  /**
+   * Raw fetch wrapper that handles TLS certificate verification.
+   * When tlsRejectUnauthorized=false, skips certificate validation
+   * (common for self-signed certs on Omada controllers).
+   */
+  private rawFetch;
+}
+//#endregion
+export { OmadaApiClient };
+//# sourceMappingURL=client.d.mts.map

package/dist/client.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.mts","names":[],"sources":["../src/client.ts"],"mappings":";;AA4BA;;;;;;;;;cAAa,cAAA;EAAA;UACH,UAAA;EAAA,QACA,cAAA;EAAA,QACA,QAAA;EAmNuD;EAAA,SAhNtD,OAAA;EALD;EAAA,SAQC,qBAAA;cAOP,OAAA,UACA,QAAA,UACA,YAAA,UACA,QAAA,sBACA,SAAA;EAdO;;;EA0BH,cAAA,CAAA,GAAkB,OAAA;EAftB;;;EAwBI,gBAAA,CAAA,GAAoB,OAAA;EATpB;;;;EAsCA,SAAA,CAAA,GAAa,OAAA;EAAA,QAeL,YAAA;EAAA;;;EAAA,QAoDA,WAAA;EAYZ;;;;EADI,OAAA,aAAA,CACJ,IAAA,UACA,OAAA;IACE,MAAA;IACA,IAAA;IACA,MAAA,GAAS,MAAA;EAAA,IAEV,OAAA,CAAQ,CAAA;EAoDA;;;EAAL,IAAA,aAAA,CAAkB,IAAA,UAAc,IAAA,aAAiB,OAAA,CAAQ,CAAA;EAAA;;;EAOzD,KAAA,aAAA,CAAmB,IAAA,UAAc,IAAA,aAAiB,OAAA,CAAQ,CAAA;EAAzB;;;;;EAAA,QAS/B,QAAA;AAAA"}