@djangocfg/api 2.1.359 → 2.1.361

package/src/_api/generated/_cfg_totp/schemas/TotpVerifyUser.ts

@@ -7,16 +7,16 @@ import { z } from "zod";
 export const TotpVerifyUserSchema = z.object({
   id: z.number().int(),
   email: z.email(),
-  first_name: z.string().max(50).optional(),
-  last_name: z.string().max(50).optional(),
+  first_name: z.string().max(50).nullable().optional(),
+  last_name: z.string().max(50).nullable().optional(),
   full_name: z.string(),
   initials: z.string(),
   display_username: z.string(),
-  company: z.string().max(100).optional(),
-  phone: z.string().max(20).optional(),
-  position: z.string().max(100).optional(),
-  language: z.string().max(10).optional(),
-  timezone: z.string().max(64).optional(),
+  company: z.string().max(100).nullable().optional(),
+  phone: z.string().max(20).nullable().optional(),
+  position: z.string().max(100).nullable().optional(),
+  language: z.string().max(10).nullable().optional(),
+  timezone: z.string().max(64).nullable().optional(),
   avatar: z.string().nullable(),
   is_staff: z.boolean(),
   is_superuser: z.boolean(),

package/src/_api/generated/helpers/auth.ts

@@ -4,6 +4,8 @@
 // post-processed bottom of client.gen.ts. No circular import here.
 // DO NOT EDIT — re-run `make gen`.
 
+import { APIError } from './errors';
+
 const ACCESS_KEY = 'cfg.access_token';
 const REFRESH_KEY = 'cfg.refresh_token';
 const API_KEY_KEY = 'cfg.api_key';
@@ -77,7 +79,11 @@ function detectLocale(): string | null {
   return null;
 }
 
-/** Default baseUrl from `NEXT_PUBLIC_API_URL` (empty for static builds). */
+/** Default baseUrl from `NEXT_PUBLIC_API_URL`.
+ *
+ * Both browser and server use NEXT_PUBLIC_API_URL — requests go
+ * directly to Django without Next.js proxy.
+ */
 function defaultBaseUrl(): string {
   try {
     if (typeof process !== 'undefined' && process.env) {
@@ -88,8 +94,15 @@ function defaultBaseUrl(): string {
   return '';
 }
 
-/** Default API key fallback from `NEXT_PUBLIC_API_KEY`. */
+/** Default API key fallback from `NEXT_PUBLIC_API_KEY`.
+ *
+ * In the browser: returns null — requests go through the Next.js rewrite
+ * and the key is injected server-side (never exposed in the bundle).
+ * On the server: reads NEXT_PUBLIC_API_KEY as a fallback for SSR calls
+ * that bypass the rewrite (e.g. server components calling Django directly).
+ */
 function defaultApiKey(): string | null {
+  if (isBrowser) return null;
   try {
     if (typeof process !== 'undefined' && process.env?.NEXT_PUBLIC_API_KEY) {
       return process.env.NEXT_PUBLIC_API_KEY;
@@ -132,6 +145,7 @@ type HeyClient = {
   interceptors: {
     request: { use(fn: (req: Request) => Request | Promise<Request>): void };
     response: { use(fn: (res: Response, req: Request) => Response | Promise<Response>): void };
+    error: { use(fn: (err: unknown, res: Response | undefined, req: Request | undefined, opts: unknown) => unknown): void };
   };
 };
 let _client: HeyClient | null = null;
@@ -301,6 +315,17 @@ export function installAuthOnClient(client: HeyClient): void {
     return request;
   });
 
+  // Wrap raw JSON error objects (thrown by hey-api on non-2xx responses) into
+  // APIError so callers can do `error instanceof APIError` and read
+  // `error.statusCode` / `error.response` consistently.
+  client.interceptors.error.use((err, res, req) => {
+    if (err instanceof APIError) return err;
+    const url = (req as Request | undefined)?.url ?? '';
+    const status = (res as Response | undefined)?.status ?? 0;
+    const statusText = (res as Response | undefined)?.statusText ?? '';
+    return new APIError(status, statusText, err, url);
+  });
+
   client.interceptors.response.use(async (response, request) => {
     if (response.status !== 401) return response;