@djangocfg/api 2.1.308 → 2.1.310

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@djangocfg/api",
-  "version": "2.1.308",
+  "version": "2.1.310",
   "description": "Auto-generated TypeScript API client with React hooks, SWR integration, and Zod validation for Django REST Framework backends",
   "keywords": [
     "django",
@@ -84,7 +84,7 @@
   "devDependencies": {
     "@types/node": "^24.7.2",
     "@types/react": "^19.1.0",
-    "@djangocfg/typescript-config": "^2.1.308",
+    "@djangocfg/typescript-config": "^2.1.310",
     "next": "^16.2.2",
     "react": "^19.1.0",
     "tsup": "^8.5.0",

package/src/_api/generated/cfg_accounts/accounts/models.ts

@@ -1,18 +1,5 @@
 // @ts-nocheck
 // Auto-generated by DjangoCFG - see CLAUDE.md
-/**
- * Serializer for OTP verification.
- * 
- * Request model (no read-only fields).
- */
-export interface OTPVerifyRequest {
-  /** Email address used for OTP request */
-  identifier: string;
-  otp: string;
-  /** Source URL for tracking login (e.g., https://my.djangocfg.com) */
-  source_url?: string;
-}
-
 /**
  * OTP verification response. When 2FA is required: - requires_2fa: True -
  * session_id: UUID of 2FA verification session - refresh/access/user: null
@@ -35,18 +22,6 @@ export interface OTPVerifyResponse {
   should_prompt_2fa?: boolean;
 }
 
-/**
- * Serializer for OTP request.
- * 
- * Request model (no read-only fields).
- */
-export interface OTPRequestRequest {
-  /** Email address for OTP delivery */
-  identifier: string;
-  /** Source URL for tracking registration (e.g., https://my.djangocfg.com) */
-  source_url?: string;
-}
-
 /**
  * OTP request response.
  * 
@@ -78,6 +53,31 @@ export interface OTPErrorResponse {
   retry_after?: number | null;
 }
 
+/**
+ * Serializer for OTP verification.
+ * 
+ * Request model (no read-only fields).
+ */
+export interface OTPVerifyRequest {
+  /** Email address used for OTP request */
+  identifier: string;
+  otp: string;
+  /** Source URL for tracking login (e.g., https://my.djangocfg.com) */
+  source_url?: string;
+}
+
+/**
+ * Serializer for OTP request.
+ * 
+ * Request model (no read-only fields).
+ */
+export interface OTPRequestRequest {
+  /** Email address for OTP delivery */
+  identifier: string;
+  /** Source URL for tracking registration (e.g., https://my.djangocfg.com) */
+  source_url?: string;
+}
+
 /**
  * Serializer for user details.
  * 

package/src/_api/generated/cfg_accounts/accounts__oauth/models.ts

@@ -3,37 +3,15 @@
 import * as Enums from "../enums";
 
 /**
- * Error response for OAuth endpoints.
- * 
- * Response model (includes read-only fields).
- */
-export interface OAuthError {
-  /** Error code */
-  error: string;
-  /** Human-readable error description */
-  error_description?: string;
-}
-
-/**
- * Response with available OAuth providers.
- * 
- * Response model (includes read-only fields).
- */
-export interface OAuthProvidersResponse {
-  /** List of available OAuth providers */
-  providers: Array<Record<string, any>>;
-}
-
-/**
- * Response with OAuth authorization URL.
+ * Request to start OAuth flow.
  * 
- * Response model (includes read-only fields).
+ * Request model (no read-only fields).
  */
-export interface OAuthAuthorizeResponse {
-  /** Full URL to redirect user to OAuth provider */
-  authorization_url: string;
-  /** State token for CSRF protection. Store this and verify on callback. */
-  state: string;
+export interface OAuthAuthorizeRequestRequest {
+  /** URL to redirect after OAuth authorization. If not provided, uses config's site_url + callback_path */
+  redirect_uri?: string;
+  /** Optional source URL for registration tracking */
+  source_url?: string;
 }
 
 /**
@@ -50,6 +28,33 @@ export interface OAuthCallbackRequestRequest {
   redirect_uri?: string;
 }
 
+/**
+ * Response with JWT tokens after OAuth authentication. When 2FA is required: -
+ * requires_2fa: True - session_id: UUID of 2FA verification session -
+ * access/refresh/user: null When 2FA is not required: - requires_2fa: False -
+ * session_id: null - access/refresh/user: populated
+ * 
+ * Response model (includes read-only fields).
+ */
+export interface OAuthTokenResponse {
+  /** True if 2FA verification is required */
+  requires_2fa?: boolean;
+  /** 2FA session ID (only when requires_2fa=True) */
+  session_id?: string | null;
+  /** JWT access token (null when requires_2fa=True) */
+  access?: string | null;
+  /** JWT refresh token (null when requires_2fa=True) */
+  refresh?: string | null;
+  /** Authenticated user info (null when requires_2fa=True) */
+  user?: Record<string, any> | null;
+  /** True if a new user was created during this OAuth flow */
+  is_new_user: boolean;
+  /** True if a new OAuth connection was created */
+  is_new_connection: boolean;
+  /** True if user should be prompted to enable 2FA */
+  should_prompt_2fa?: boolean;
+}
+
 /**
  * Serializer for OAuth connection info (user-facing).
  * 
@@ -75,42 +80,15 @@ export interface OAuthConnection {
 }
 
 /**
- * Request to start OAuth flow.
- * 
- * Request model (no read-only fields).
- */
-export interface OAuthAuthorizeRequestRequest {
-  /** URL to redirect after OAuth authorization. If not provided, uses config's site_url + callback_path */
-  redirect_uri?: string;
-  /** Optional source URL for registration tracking */
-  source_url?: string;
-}
-
-/**
- * Response with JWT tokens after OAuth authentication. When 2FA is required: -
- * requires_2fa: True - session_id: UUID of 2FA verification session -
- * access/refresh/user: null When 2FA is not required: - requires_2fa: False -
- * session_id: null - access/refresh/user: populated
+ * Response with OAuth authorization URL.
  * 
  * Response model (includes read-only fields).
  */
-export interface OAuthTokenResponse {
-  /** True if 2FA verification is required */
-  requires_2fa?: boolean;
-  /** 2FA session ID (only when requires_2fa=True) */
-  session_id?: string | null;
-  /** JWT access token (null when requires_2fa=True) */
-  access?: string | null;
-  /** JWT refresh token (null when requires_2fa=True) */
-  refresh?: string | null;
-  /** Authenticated user info (null when requires_2fa=True) */
-  user?: Record<string, any> | null;
-  /** True if a new user was created during this OAuth flow */
-  is_new_user: boolean;
-  /** True if a new OAuth connection was created */
-  is_new_connection: boolean;
-  /** True if user should be prompted to enable 2FA */
-  should_prompt_2fa?: boolean;
+export interface OAuthAuthorizeResponse {
+  /** Full URL to redirect user to OAuth provider */
+  authorization_url: string;
+  /** State token for CSRF protection. Store this and verify on callback. */
+  state: string;
 }
 
 /**
@@ -125,3 +103,25 @@ export interface OAuthDisconnectRequestRequest {
   provider: Enums.OAuthConnectionProvider;
 }
 
+/**
+ * Response with available OAuth providers.
+ * 
+ * Response model (includes read-only fields).
+ */
+export interface OAuthProvidersResponse {
+  /** List of available OAuth providers */
+  providers: Array<Record<string, any>>;
+}
+
+/**
+ * Error response for OAuth endpoints.
+ * 
+ * Response model (includes read-only fields).
+ */
+export interface OAuthError {
+  /** Error code */
+  error: string;
+  /** Human-readable error description */
+  error_description?: string;
+}
+

package/src/_api/generated/cfg_accounts/accounts__user_profile/models.ts

@@ -5,7 +5,7 @@
  * 
  * Request model (no read-only fields).
  */
-export interface UserProfileUpdateRequest {
+export interface PatchedUserProfileUpdateRequest {
   first_name?: string;
   last_name?: string;
   company?: string;
@@ -15,17 +15,24 @@ export interface UserProfileUpdateRequest {
 }
 
 /**
- * Serializer for updating user profile.
  * 
  * Request model (no read-only fields).
  */
-export interface PatchedUserProfileUpdateRequest {
-  first_name?: string;
-  last_name?: string;
-  company?: string;
-  phone?: string;
-  position?: string;
-  language?: string;
+export interface CfgAccountsProfileAvatarCreateRequest {
+  /** Avatar image file (JPEG, PNG, GIF, WebP, max 5MB) */
+  avatar: File | Blob;
+}
+
+/**
+ * Response serializer for account deletion.
+ * 
+ * Response model (includes read-only fields).
+ */
+export interface AccountDeleteResponse {
+  /** Whether the account was successfully deleted */
+  success: boolean;
+  /** Human-readable message about the deletion */
+  message: string;
 }
 
 /**
@@ -60,24 +67,17 @@ export interface User {
 }
 
 /**
- * Response serializer for account deletion.
- * 
- * Response model (includes read-only fields).
- */
-export interface AccountDeleteResponse {
-  /** Whether the account was successfully deleted */
-  success: boolean;
-  /** Human-readable message about the deletion */
-  message: string;
-}
-
-/**
+ * Serializer for updating user profile.
  * 
  * Request model (no read-only fields).
  */
-export interface CfgAccountsProfileAvatarCreateRequest {
-  /** Avatar image file (JPEG, PNG, GIF, WebP, max 5MB) */
-  avatar: File | Blob;
+export interface UserProfileUpdateRequest {
+  first_name?: string;
+  last_name?: string;
+  company?: string;
+  phone?: string;
+  position?: string;
+  language?: string;
 }
 
 /**

package/src/_api/generated/cfg_accounts/client.ts

@@ -109,6 +109,7 @@ export class APIClient {
       formData?: FormData;
       binaryBody?: Blob | ArrayBuffer;
       headers?: Record<string, string>;
+      responseType?: 'json' | 'text' | 'blob';
     }
   ): Promise<T> {
     // Wrap request in retry logic if configured
@@ -146,6 +147,7 @@ export class APIClient {
       formData?: FormData;
       binaryBody?: Blob | ArrayBuffer;
       headers?: Record<string, string>;
+      responseType?: 'json' | 'text' | 'blob';
     }
   ): Promise<T> {
     // Build URL - handle both absolute and relative paths
@@ -195,6 +197,7 @@ export class APIClient {
         body: options?.body,
         formData: options?.formData,
         binaryBody: options?.binaryBody,
+        responseType: options?.responseType,
       });
 
       const duration = Date.now() - startTime;

package/src/_api/generated/cfg_accounts/http.ts

@@ -17,6 +17,11 @@ export interface HttpRequest {
   formData?: FormData;
   /** Binary data for octet-stream uploads */
   binaryBody?: Blob | ArrayBuffer;
+  /**
+   * Force a specific response parser. When set, overrides Content-Type sniffing.
+   * Generated for endpoints whose primary response is binary (file downloads).
+   */
+  responseType?: 'json' | 'text' | 'blob';
 }
 
 export interface HttpResponse<T = any> {
@@ -40,7 +45,7 @@ export interface HttpClientAdapter {
  */
 export class FetchAdapter implements HttpClientAdapter {
   async request<T = any>(request: HttpRequest): Promise<HttpResponse<T>> {
-    const { method, url, headers, body, params, formData, binaryBody } = request;
+    const { method, url, headers, body, params, formData, binaryBody, responseType } = request;
 
     // Build URL with query params
     let finalUrl = url;
@@ -85,14 +90,32 @@ export class FetchAdapter implements HttpClientAdapter {
       credentials: 'include',  // Include Django session cookies
     });
 
-    // Parse response
+    // Parse response. Explicit `responseType` (set by the generator for binary
+    // endpoints) wins over Content-Type sniffing — backends often serve CSV/JSON
+    // file downloads with `text/csv` or `application/json`, which would otherwise
+    // be parsed as string/object instead of the Blob the caller expects.
+    //
+    //   responseType set        → use it directly
+    //   application/json        → JSON
+    //   text/*                  → string
+    //   anything else           → Blob (file downloads, octet-stream, …)
     let data: any = null;
-    const contentType = response.headers.get('content-type');
+    const contentType = response.headers.get('content-type') ?? '';
 
-    if (response.status !== 204 && contentType?.includes('application/json')) {
-      data = await response.json();
-    } else if (response.status !== 204) {
-      data = await response.text();
+    if (response.status !== 204) {
+      if (responseType === 'blob') {
+        data = await response.blob();
+      } else if (responseType === 'text') {
+        data = await response.text();
+      } else if (responseType === 'json') {
+        data = await response.json();
+      } else if (contentType.includes('application/json')) {
+        data = await response.json();
+      } else if (contentType.startsWith('text/')) {
+        data = await response.text();
+      } else {
+        data = await response.blob();
+      }
     }
 
     // Convert Headers to plain object

package/src/_api/generated/cfg_centrifugo/client.ts

@@ -100,6 +100,7 @@ export class APIClient {
       formData?: FormData;
       binaryBody?: Blob | ArrayBuffer;
       headers?: Record<string, string>;
+      responseType?: 'json' | 'text' | 'blob';
     }
   ): Promise<T> {
     // Wrap request in retry logic if configured
@@ -137,6 +138,7 @@ export class APIClient {
       formData?: FormData;
       binaryBody?: Blob | ArrayBuffer;
       headers?: Record<string, string>;
+      responseType?: 'json' | 'text' | 'blob';
     }
   ): Promise<T> {
     // Build URL - handle both absolute and relative paths
@@ -186,6 +188,7 @@ export class APIClient {
         body: options?.body,
         formData: options?.formData,
         binaryBody: options?.binaryBody,
+        responseType: options?.responseType,
       });
 
       const duration = Date.now() - startTime;

package/src/_api/generated/cfg_centrifugo/http.ts

@@ -17,6 +17,11 @@ export interface HttpRequest {
   formData?: FormData;
   /** Binary data for octet-stream uploads */
   binaryBody?: Blob | ArrayBuffer;
+  /**
+   * Force a specific response parser. When set, overrides Content-Type sniffing.
+   * Generated for endpoints whose primary response is binary (file downloads).
+   */
+  responseType?: 'json' | 'text' | 'blob';
 }
 
 export interface HttpResponse<T = any> {
@@ -40,7 +45,7 @@ export interface HttpClientAdapter {
  */
 export class FetchAdapter implements HttpClientAdapter {
   async request<T = any>(request: HttpRequest): Promise<HttpResponse<T>> {
-    const { method, url, headers, body, params, formData, binaryBody } = request;
+    const { method, url, headers, body, params, formData, binaryBody, responseType } = request;
 
     // Build URL with query params
     let finalUrl = url;
@@ -85,14 +90,32 @@ export class FetchAdapter implements HttpClientAdapter {
       credentials: 'include',  // Include Django session cookies
     });
 
-    // Parse response
+    // Parse response. Explicit `responseType` (set by the generator for binary
+    // endpoints) wins over Content-Type sniffing — backends often serve CSV/JSON
+    // file downloads with `text/csv` or `application/json`, which would otherwise
+    // be parsed as string/object instead of the Blob the caller expects.
+    //
+    //   responseType set        → use it directly
+    //   application/json        → JSON
+    //   text/*                  → string
+    //   anything else           → Blob (file downloads, octet-stream, …)
     let data: any = null;
-    const contentType = response.headers.get('content-type');
+    const contentType = response.headers.get('content-type') ?? '';
 
-    if (response.status !== 204 && contentType?.includes('application/json')) {
-      data = await response.json();
-    } else if (response.status !== 204) {
-      data = await response.text();
+    if (response.status !== 204) {
+      if (responseType === 'blob') {
+        data = await response.blob();
+      } else if (responseType === 'text') {
+        data = await response.text();
+      } else if (responseType === 'json') {
+        data = await response.json();
+      } else if (contentType.includes('application/json')) {
+        data = await response.json();
+      } else if (contentType.startsWith('text/')) {
+        data = await response.text();
+      } else {
+        data = await response.blob();
+      }
     }
 
     // Convert Headers to plain object

package/src/_api/generated/cfg_totp/client.ts

@@ -112,6 +112,7 @@ export class APIClient {
       formData?: FormData;
       binaryBody?: Blob | ArrayBuffer;
       headers?: Record<string, string>;
+      responseType?: 'json' | 'text' | 'blob';
     }
   ): Promise<T> {
     // Wrap request in retry logic if configured
@@ -149,6 +150,7 @@ export class APIClient {
       formData?: FormData;
       binaryBody?: Blob | ArrayBuffer;
       headers?: Record<string, string>;
+      responseType?: 'json' | 'text' | 'blob';
     }
   ): Promise<T> {
     // Build URL - handle both absolute and relative paths
@@ -198,6 +200,7 @@ export class APIClient {
         body: options?.body,
         formData: options?.formData,
         binaryBody: options?.binaryBody,
+        responseType: options?.responseType,
       });
 
       const duration = Date.now() - startTime;

package/src/_api/generated/cfg_totp/http.ts

@@ -17,6 +17,11 @@ export interface HttpRequest {
   formData?: FormData;
   /** Binary data for octet-stream uploads */
   binaryBody?: Blob | ArrayBuffer;
+  /**
+   * Force a specific response parser. When set, overrides Content-Type sniffing.
+   * Generated for endpoints whose primary response is binary (file downloads).
+   */
+  responseType?: 'json' | 'text' | 'blob';
 }
 
 export interface HttpResponse<T = any> {
@@ -40,7 +45,7 @@ export interface HttpClientAdapter {
  */
 export class FetchAdapter implements HttpClientAdapter {
   async request<T = any>(request: HttpRequest): Promise<HttpResponse<T>> {
-    const { method, url, headers, body, params, formData, binaryBody } = request;
+    const { method, url, headers, body, params, formData, binaryBody, responseType } = request;
 
     // Build URL with query params
     let finalUrl = url;
@@ -85,14 +90,32 @@ export class FetchAdapter implements HttpClientAdapter {
       credentials: 'include',  // Include Django session cookies
     });
 
-    // Parse response
+    // Parse response. Explicit `responseType` (set by the generator for binary
+    // endpoints) wins over Content-Type sniffing — backends often serve CSV/JSON
+    // file downloads with `text/csv` or `application/json`, which would otherwise
+    // be parsed as string/object instead of the Blob the caller expects.
+    //
+    //   responseType set        → use it directly
+    //   application/json        → JSON
+    //   text/*                  → string
+    //   anything else           → Blob (file downloads, octet-stream, …)
     let data: any = null;
-    const contentType = response.headers.get('content-type');
+    const contentType = response.headers.get('content-type') ?? '';
 
-    if (response.status !== 204 && contentType?.includes('application/json')) {
-      data = await response.json();
-    } else if (response.status !== 204) {
-      data = await response.text();
+    if (response.status !== 204) {
+      if (responseType === 'blob') {
+        data = await response.blob();
+      } else if (responseType === 'text') {
+        data = await response.text();
+      } else if (responseType === 'json') {
+        data = await response.json();
+      } else if (contentType.includes('application/json')) {
+        data = await response.json();
+      } else if (contentType.startsWith('text/')) {
+        data = await response.text();
+      } else {
+        data = await response.blob();
+      }
     }
 
     // Convert Headers to plain object

package/src/_api/generated/cfg_totp/totp__backup_codes/models.ts

@@ -1,15 +1,5 @@
 // @ts-nocheck
 // Auto-generated by DjangoCFG - see CLAUDE.md
-/**
- * Serializer for regenerating backup codes.
- * 
- * Request model (no read-only fields).
- */
-export interface BackupCodesRegenerateRequest {
-  /** TOTP code for verification */
-  code: string;
-}
-
 /**
  * Response serializer for backup codes regeneration.
  * 
@@ -36,3 +26,13 @@ export interface BackupCodesStatus {
   warning?: string | null;
 }
 
+/**
+ * Serializer for regenerating backup codes.
+ * 
+ * Request model (no read-only fields).
+ */
+export interface BackupCodesRegenerateRequest {
+  /** TOTP code for verification */
+  code: string;
+}
+

package/src/_api/generated/cfg_totp/totp__totp_management/models.ts

@@ -2,16 +2,6 @@
 // Auto-generated by DjangoCFG - see CLAUDE.md
 import * as Enums from "../enums";
 
-/**
- * Response serializer for device list endpoint.
- * 
- * Response model (includes read-only fields).
- */
-export interface DeviceListResponse {
-  devices: Array<DeviceList>;
-  has_2fa_enabled: boolean;
-}
-
 /**
  * Serializer for completely disabling 2FA.
  * 
@@ -22,6 +12,16 @@ export interface DisableRequest {
   code: string;
 }
 
+/**
+ * Response serializer for device list endpoint.
+ * 
+ * Response model (includes read-only fields).
+ */
+export interface DeviceListResponse {
+  devices: Array<DeviceList>;
+  has_2fa_enabled: boolean;
+}
+
 /**
  * Serializer for listing TOTP devices.
  * 

package/src/_api/generated/cfg_totp/totp__totp_setup/models.ts

@@ -12,24 +12,6 @@ export interface ConfirmSetupRequest {
   code: string;
 }
 
-/**
- * Response serializer for setup initiation.
- * 
- * Response model (includes read-only fields).
- */
-export interface SetupResponse {
-  /** Device ID to use for confirmation */
-  device_id: string;
-  /** Base32-encoded TOTP secret (for manual entry) */
-  secret: string;
-  /** otpauth:// URI for QR code generation */
-  provisioning_uri: string;
-  /** Base64-encoded QR code image (data URI) */
-  qr_code_base64: string;
-  /** Seconds until setup expires (typically 600 = 10 minutes) */
-  expires_in: number;
-}
-
 /**
  * Serializer for starting 2FA setup.
  * 
@@ -53,3 +35,21 @@ export interface ConfirmSetupResponse {
   backup_codes_warning: string;
 }
 
+/**
+ * Response serializer for setup initiation.
+ * 
+ * Response model (includes read-only fields).
+ */
+export interface SetupResponse {
+  /** Device ID to use for confirmation */
+  device_id: string;
+  /** Base32-encoded TOTP secret (for manual entry) */
+  secret: string;
+  /** otpauth:// URI for QR code generation */
+  provisioning_uri: string;
+  /** Base64-encoded QR code image (data URI) */
+  qr_code_base64: string;
+  /** Seconds until setup expires (typically 600 = 10 minutes) */
+  expires_in: number;
+}
+