@djangocfg/api 2.1.426 → 2.1.428

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +56 -0
  2. package/dist/auth-server.cjs +248 -32
  3. package/dist/auth-server.cjs.map +1 -1
  4. package/dist/auth-server.mjs +248 -32
  5. package/dist/auth-server.mjs.map +1 -1
  6. package/dist/auth.cjs +271 -29
  7. package/dist/auth.cjs.map +1 -1
  8. package/dist/auth.mjs +271 -29
  9. package/dist/auth.mjs.map +1 -1
  10. package/dist/clients.cjs +222 -25
  11. package/dist/clients.cjs.map +1 -1
  12. package/dist/clients.d.cts +35 -28
  13. package/dist/clients.d.ts +35 -28
  14. package/dist/clients.mjs +222 -25
  15. package/dist/clients.mjs.map +1 -1
  16. package/dist/hooks.cjs +117 -4
  17. package/dist/hooks.cjs.map +1 -1
  18. package/dist/hooks.mjs +117 -4
  19. package/dist/hooks.mjs.map +1 -1
  20. package/dist/index.cjs +277 -26
  21. package/dist/index.cjs.map +1 -1
  22. package/dist/index.d.cts +98 -29
  23. package/dist/index.d.ts +98 -29
  24. package/dist/index.mjs +277 -26
  25. package/dist/index.mjs.map +1 -1
  26. package/package.json +2 -2
  27. package/src/_api/generated/client/index.ts +1 -0
  28. package/src/_api/generated/client/utils.gen.ts +2 -2
  29. package/src/_api/generated/client.gen.ts +2 -2
  30. package/src/_api/generated/core/auth.gen.ts +7 -0
  31. package/src/_api/generated/core/params.gen.ts +10 -8
  32. package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
  33. package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
  34. package/src/_api/generated/core/utils.gen.ts +4 -4
  35. package/src/_api/generated/helpers/auth.ts +127 -1
  36. package/src/_api/generated/sdk.gen.ts +149 -53
  37. package/src/auth/context/AuthContext.tsx +8 -0
  38. package/src/auth/utils/env.ts +18 -0
  39. package/src/auth/utils/logger.ts +11 -4
  40. package/src/index.ts +12 -0
  41. package/src/log-control.ts +81 -0
package/dist/clients.mjs CHANGED
@@ -294,6 +294,99 @@ async function tryRefresh() {
294
294
  return _refreshInflight;
295
295
  }
296
296
  __name(tryRefresh, "tryRefresh");
297
+ function dpopEnabled() {
298
+ try {
299
+ return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
300
+ } catch {
301
+ return false;
302
+ }
303
+ }
304
+ __name(dpopEnabled, "dpopEnabled");
305
+ var _DPOP_DB = "cfg-auth";
306
+ var _DPOP_STORE = "keys";
307
+ var _DPOP_KEY_ID = "dpop-ec-p256";
308
+ function _idbOpen() {
309
+ return new Promise((resolve, reject) => {
310
+ const req = indexedDB.open(_DPOP_DB, 1);
311
+ req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
312
+ req.onsuccess = () => resolve(req.result);
313
+ req.onerror = () => reject(req.error);
314
+ });
315
+ }
316
+ __name(_idbOpen, "_idbOpen");
317
+ function _idbGet(key) {
318
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
319
+ const tx = db.transaction(_DPOP_STORE, "readonly");
320
+ const req = tx.objectStore(_DPOP_STORE).get(key);
321
+ req.onsuccess = () => resolve(req.result);
322
+ req.onerror = () => reject(req.error);
323
+ }));
324
+ }
325
+ __name(_idbGet, "_idbGet");
326
+ function _idbPut(key, value) {
327
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
328
+ const tx = db.transaction(_DPOP_STORE, "readwrite");
329
+ tx.objectStore(_DPOP_STORE).put(value, key);
330
+ tx.oncomplete = () => resolve();
331
+ tx.onerror = () => reject(tx.error);
332
+ }));
333
+ }
334
+ __name(_idbPut, "_idbPut");
335
+ var _dpopKeyPromise = null;
336
+ function _getDpopKeyPair() {
337
+ if (_dpopKeyPromise) return _dpopKeyPromise;
338
+ _dpopKeyPromise = (async () => {
339
+ const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
340
+ if (existing) return existing;
341
+ const pair = await crypto.subtle.generateKey(
342
+ { name: "ECDSA", namedCurve: "P-256" },
343
+ false,
344
+ // extractable:false — JS can sign but never export the private key
345
+ ["sign"]
346
+ );
347
+ await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
348
+ });
349
+ return pair;
350
+ })();
351
+ return _dpopKeyPromise;
352
+ }
353
+ __name(_getDpopKeyPair, "_getDpopKeyPair");
354
+ function _b64urlFromBytes(bytes) {
355
+ const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
356
+ let s = "";
357
+ for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
358
+ return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
359
+ }
360
+ __name(_b64urlFromBytes, "_b64urlFromBytes");
361
+ function _b64urlFromString(str) {
362
+ return _b64urlFromBytes(new TextEncoder().encode(str));
363
+ }
364
+ __name(_b64urlFromString, "_b64urlFromString");
365
+ async function _publicJwk(pub) {
366
+ const jwk = await crypto.subtle.exportKey("jwk", pub);
367
+ return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
368
+ }
369
+ __name(_publicJwk, "_publicJwk");
370
+ async function _makeDpopProof(method, url) {
371
+ try {
372
+ const pair = await _getDpopKeyPair();
373
+ const jwk = await _publicJwk(pair.publicKey);
374
+ const header = { typ: "dpop+jwt", alg: "ES256", jwk };
375
+ const htu = url.split("#")[0].split("?")[0];
376
+ const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
377
+ const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
378
+ const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
379
+ const sig = await crypto.subtle.sign(
380
+ { name: "ECDSA", hash: "SHA-256" },
381
+ pair.privateKey,
382
+ new TextEncoder().encode(signingInput)
383
+ );
384
+ return `${signingInput}.${_b64urlFromBytes(sig)}`;
385
+ } catch {
386
+ return null;
387
+ }
388
+ }
389
+ __name(_makeDpopProof, "_makeDpopProof");
297
390
  function installAuthOnClient(client2) {
298
391
  if (_client) return;
299
392
  _client = client2;
@@ -301,7 +394,7 @@ function installAuthOnClient(client2) {
301
394
  baseUrl: auth.getBaseUrl(),
302
395
  credentials: _withCredentials ? "include" : "same-origin"
303
396
  });
304
- client2.interceptors.request.use((request) => {
397
+ client2.interceptors.request.use(async (request) => {
305
398
  const token = auth.getToken();
306
399
  if (token) request.headers.set("Authorization", `Bearer ${token}`);
307
400
  const locale = auth.getLocale();
@@ -314,6 +407,10 @@ function installAuthOnClient(client2) {
314
407
  } catch {
315
408
  }
316
409
  request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
410
+ if (dpopEnabled() && typeof window !== "undefined") {
411
+ const proof = await _makeDpopProof(request.method, request.url);
412
+ if (proof) request.headers.set("DPoP", proof);
413
+ }
317
414
  return request;
318
415
  });
319
416
  client2.interceptors.error.use((err, res, req) => {
@@ -347,6 +444,10 @@ function installAuthOnClient(client2) {
347
444
  const retry = request.clone();
348
445
  retry.headers.set("Authorization", `Bearer ${newToken}`);
349
446
  retry.headers.set(RETRY_MARKER, "1");
447
+ if (dpopEnabled() && typeof window !== "undefined") {
448
+ const proof = await _makeDpopProof(retry.method, retry.url);
449
+ if (proof) retry.headers.set("DPoP", proof);
450
+ }
350
451
  try {
351
452
  const retried = await fetch(retry);
352
453
  if (retried.status === 401 && _onUnauthorized) {
@@ -1296,7 +1397,11 @@ var CfgAccountsApiKey = class {
1296
1397
  static cfgAccountsApiKeyRetrieve(options) {
1297
1398
  return (options?.client ?? client).get({
1298
1399
  security: [
1299
- { scheme: "bearer", type: "http" },
1400
+ {
1401
+ key: "jwtAuth",
1402
+ scheme: "bearer",
1403
+ type: "http"
1404
+ },
1300
1405
  {
1301
1406
  in: "cookie",
1302
1407
  name: "sessionid",
@@ -1316,7 +1421,11 @@ var CfgAccountsApiKey = class {
1316
1421
  static cfgAccountsApiKeyRegenerateCreate(options) {
1317
1422
  return (options.client ?? client).post({
1318
1423
  security: [
1319
- { scheme: "bearer", type: "http" },
1424
+ {
1425
+ key: "jwtAuth",
1426
+ scheme: "bearer",
1427
+ type: "http"
1428
+ },
1320
1429
  {
1321
1430
  in: "cookie",
1322
1431
  name: "sessionid",
@@ -1340,7 +1449,11 @@ var CfgAccountsApiKey = class {
1340
1449
  static cfgAccountsApiKeyTestCreate(options) {
1341
1450
  return (options.client ?? client).post({
1342
1451
  security: [
1343
- { scheme: "bearer", type: "http" },
1452
+ {
1453
+ key: "jwtAuth",
1454
+ scheme: "bearer",
1455
+ type: "http"
1456
+ },
1344
1457
  {
1345
1458
  in: "cookie",
1346
1459
  name: "sessionid",
@@ -1368,7 +1481,11 @@ var CfgAccountsOauth = class {
1368
1481
  */
1369
1482
  static cfgAccountsOauthConnectionsList(options) {
1370
1483
  return (options?.client ?? client).get({
1371
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1484
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1485
+ key: "jwtAuthWithLastLogin",
1486
+ scheme: "bearer",
1487
+ type: "http"
1488
+ }],
1372
1489
  url: "/cfg/accounts/oauth/connections/",
1373
1490
  ...options
1374
1491
  });
@@ -1380,7 +1497,11 @@ var CfgAccountsOauth = class {
1380
1497
  */
1381
1498
  static cfgAccountsOauthDisconnectCreate(options) {
1382
1499
  return (options.client ?? client).post({
1383
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1500
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1501
+ key: "jwtAuthWithLastLogin",
1502
+ scheme: "bearer",
1503
+ type: "http"
1504
+ }],
1384
1505
  url: "/cfg/accounts/oauth/disconnect/",
1385
1506
  ...options,
1386
1507
  headers: {
@@ -1437,7 +1558,11 @@ var CfgAccounts = class {
1437
1558
  */
1438
1559
  static cfgAccountsOtpRequestCreate(options) {
1439
1560
  return (options.client ?? client).post({
1440
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1561
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1562
+ key: "jwtAuthWithLastLogin",
1563
+ scheme: "bearer",
1564
+ type: "http"
1565
+ }],
1441
1566
  url: "/cfg/accounts/otp/request/",
1442
1567
  ...options,
1443
1568
  headers: {
@@ -1458,7 +1583,11 @@ var CfgAccounts = class {
1458
1583
  */
1459
1584
  static cfgAccountsOtpVerifyCreate(options) {
1460
1585
  return (options.client ?? client).post({
1461
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1586
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1587
+ key: "jwtAuthWithLastLogin",
1588
+ scheme: "bearer",
1589
+ type: "http"
1590
+ }],
1462
1591
  url: "/cfg/accounts/otp/verify/",
1463
1592
  ...options,
1464
1593
  headers: {
@@ -1479,7 +1608,11 @@ var CfgAccountsProfile = class {
1479
1608
  */
1480
1609
  static cfgAccountsProfileRetrieve(options) {
1481
1610
  return (options?.client ?? client).get({
1482
- security: [{ scheme: "bearer", type: "http" }, {
1611
+ security: [{
1612
+ key: "jwtAuth",
1613
+ scheme: "bearer",
1614
+ type: "http"
1615
+ }, {
1483
1616
  in: "cookie",
1484
1617
  name: "sessionid",
1485
1618
  type: "apiKey"
@@ -1496,7 +1629,11 @@ var CfgAccountsProfile = class {
1496
1629
  static cfgAccountsProfileAvatarCreate(options) {
1497
1630
  return (options?.client ?? client).post({
1498
1631
  ...formDataBodySerializer,
1499
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1632
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1633
+ key: "jwtAuthWithLastLogin",
1634
+ scheme: "bearer",
1635
+ type: "http"
1636
+ }],
1500
1637
  url: "/cfg/accounts/profile/avatar/",
1501
1638
  ...options,
1502
1639
  headers: {
@@ -1522,7 +1659,11 @@ var CfgAccountsProfile = class {
1522
1659
  */
1523
1660
  static cfgAccountsProfileDeleteCreate(options) {
1524
1661
  return (options?.client ?? client).post({
1525
- security: [{ scheme: "bearer", type: "http" }, {
1662
+ security: [{
1663
+ key: "jwtAuth",
1664
+ scheme: "bearer",
1665
+ type: "http"
1666
+ }, {
1526
1667
  in: "cookie",
1527
1668
  name: "sessionid",
1528
1669
  type: "apiKey"
@@ -1538,7 +1679,11 @@ var CfgAccountsProfile = class {
1538
1679
  */
1539
1680
  static cfgAccountsProfilePartialPartialUpdate(options) {
1540
1681
  return (options?.client ?? client).patch({
1541
- security: [{ scheme: "bearer", type: "http" }, {
1682
+ security: [{
1683
+ key: "jwtAuth",
1684
+ scheme: "bearer",
1685
+ type: "http"
1686
+ }, {
1542
1687
  in: "cookie",
1543
1688
  name: "sessionid",
1544
1689
  type: "apiKey"
@@ -1558,7 +1703,11 @@ var CfgAccountsProfile = class {
1558
1703
  */
1559
1704
  static cfgAccountsProfilePartialUpdate(options) {
1560
1705
  return (options?.client ?? client).put({
1561
- security: [{ scheme: "bearer", type: "http" }, {
1706
+ security: [{
1707
+ key: "jwtAuth",
1708
+ scheme: "bearer",
1709
+ type: "http"
1710
+ }, {
1562
1711
  in: "cookie",
1563
1712
  name: "sessionid",
1564
1713
  type: "apiKey"
@@ -1578,7 +1727,11 @@ var CfgAccountsProfile = class {
1578
1727
  */
1579
1728
  static cfgAccountsProfileUpdatePartialUpdate(options) {
1580
1729
  return (options?.client ?? client).patch({
1581
- security: [{ scheme: "bearer", type: "http" }, {
1730
+ security: [{
1731
+ key: "jwtAuth",
1732
+ scheme: "bearer",
1733
+ type: "http"
1734
+ }, {
1582
1735
  in: "cookie",
1583
1736
  name: "sessionid",
1584
1737
  type: "apiKey"
@@ -1598,7 +1751,11 @@ var CfgAccountsProfile = class {
1598
1751
  */
1599
1752
  static cfgAccountsProfileUpdateUpdate(options) {
1600
1753
  return (options?.client ?? client).put({
1601
- security: [{ scheme: "bearer", type: "http" }, {
1754
+ security: [{
1755
+ key: "jwtAuth",
1756
+ scheme: "bearer",
1757
+ type: "http"
1758
+ }, {
1602
1759
  in: "cookie",
1603
1760
  name: "sessionid",
1604
1761
  type: "apiKey"
@@ -1641,7 +1798,11 @@ var CfgCentrifugo = class {
1641
1798
  */
1642
1799
  static cfgCentrifugoAuthTokenRetrieve(options) {
1643
1800
  return (options?.client ?? client).get({
1644
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1801
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1802
+ key: "jwtAuthWithLastLogin",
1803
+ scheme: "bearer",
1804
+ type: "http"
1805
+ }],
1645
1806
  url: "/cfg/centrifugo/auth/token/",
1646
1807
  ...options
1647
1808
  });
@@ -1656,7 +1817,11 @@ var CfgTotpBackupCodes = class {
1656
1817
  */
1657
1818
  static cfgTotpBackupCodesRetrieve(options) {
1658
1819
  return (options?.client ?? client).get({
1659
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1820
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1821
+ key: "jwtAuthWithLastLogin",
1822
+ scheme: "bearer",
1823
+ type: "http"
1824
+ }],
1660
1825
  url: "/cfg/totp/backup-codes/",
1661
1826
  ...options
1662
1827
  });
@@ -1669,7 +1834,11 @@ var CfgTotpBackupCodes = class {
1669
1834
  */
1670
1835
  static cfgTotpBackupCodesRegenerateCreate(options) {
1671
1836
  return (options.client ?? client).post({
1672
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1837
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1838
+ key: "jwtAuthWithLastLogin",
1839
+ scheme: "bearer",
1840
+ type: "http"
1841
+ }],
1673
1842
  url: "/cfg/totp/backup-codes/regenerate/",
1674
1843
  ...options,
1675
1844
  headers: {
@@ -1688,7 +1857,11 @@ var CfgTotp = class {
1688
1857
  */
1689
1858
  static cfgTotpDevicesRetrieve(options) {
1690
1859
  return (options?.client ?? client).get({
1691
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1860
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1861
+ key: "jwtAuthWithLastLogin",
1862
+ scheme: "bearer",
1863
+ type: "http"
1864
+ }],
1692
1865
  url: "/cfg/totp/devices/",
1693
1866
  ...options
1694
1867
  });
@@ -1700,7 +1873,11 @@ var CfgTotp = class {
1700
1873
  */
1701
1874
  static cfgTotpDevicesDestroy(options) {
1702
1875
  return (options.client ?? client).delete({
1703
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1876
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1877
+ key: "jwtAuthWithLastLogin",
1878
+ scheme: "bearer",
1879
+ type: "http"
1880
+ }],
1704
1881
  url: "/cfg/totp/devices/{id}/",
1705
1882
  ...options
1706
1883
  });
@@ -1712,7 +1889,11 @@ var CfgTotp = class {
1712
1889
  */
1713
1890
  static cfgTotpDisableCreate(options) {
1714
1891
  return (options.client ?? client).post({
1715
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1892
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1893
+ key: "jwtAuthWithLastLogin",
1894
+ scheme: "bearer",
1895
+ type: "http"
1896
+ }],
1716
1897
  url: "/cfg/totp/disable/",
1717
1898
  ...options,
1718
1899
  headers: {
@@ -1733,7 +1914,11 @@ var CfgTotpSetup = class {
1733
1914
  */
1734
1915
  static cfgTotpSetupCreate(options) {
1735
1916
  return (options?.client ?? client).post({
1736
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1917
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1918
+ key: "jwtAuthWithLastLogin",
1919
+ scheme: "bearer",
1920
+ type: "http"
1921
+ }],
1737
1922
  url: "/cfg/totp/setup/",
1738
1923
  ...options,
1739
1924
  headers: {
@@ -1749,7 +1934,11 @@ var CfgTotpSetup = class {
1749
1934
  */
1750
1935
  static cfgTotpSetupConfirmCreate(options) {
1751
1936
  return (options.client ?? client).post({
1752
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1937
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1938
+ key: "jwtAuthWithLastLogin",
1939
+ scheme: "bearer",
1940
+ type: "http"
1941
+ }],
1753
1942
  url: "/cfg/totp/setup/confirm/",
1754
1943
  ...options,
1755
1944
  headers: {
@@ -1770,7 +1959,11 @@ var CfgTotpVerify = class {
1770
1959
  */
1771
1960
  static cfgTotpVerifyCreate(options) {
1772
1961
  return (options.client ?? client).post({
1773
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1962
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1963
+ key: "jwtAuthWithLastLogin",
1964
+ scheme: "bearer",
1965
+ type: "http"
1966
+ }],
1774
1967
  url: "/cfg/totp/verify/",
1775
1968
  ...options,
1776
1969
  headers: {
@@ -1786,7 +1979,11 @@ var CfgTotpVerify = class {
1786
1979
  */
1787
1980
  static cfgTotpVerifyBackupCreate(options) {
1788
1981
  return (options.client ?? client).post({
1789
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1982
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1983
+ key: "jwtAuthWithLastLogin",
1984
+ scheme: "bearer",
1985
+ type: "http"
1986
+ }],
1790
1987
  url: "/cfg/totp/verify/backup/",
1791
1988
  ...options,
1792
1989
  headers: {