@djangocfg/api 2.1.426 → 2.1.428
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/auth-server.cjs +248 -32
- package/dist/auth-server.cjs.map +1 -1
- package/dist/auth-server.mjs +248 -32
- package/dist/auth-server.mjs.map +1 -1
- package/dist/auth.cjs +271 -29
- package/dist/auth.cjs.map +1 -1
- package/dist/auth.mjs +271 -29
- package/dist/auth.mjs.map +1 -1
- package/dist/clients.cjs +222 -25
- package/dist/clients.cjs.map +1 -1
- package/dist/clients.d.cts +35 -28
- package/dist/clients.d.ts +35 -28
- package/dist/clients.mjs +222 -25
- package/dist/clients.mjs.map +1 -1
- package/dist/hooks.cjs +117 -4
- package/dist/hooks.cjs.map +1 -1
- package/dist/hooks.mjs +117 -4
- package/dist/hooks.mjs.map +1 -1
- package/dist/index.cjs +277 -26
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +98 -29
- package/dist/index.d.ts +98 -29
- package/dist/index.mjs +277 -26
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
- package/src/_api/generated/client/index.ts +1 -0
- package/src/_api/generated/client/utils.gen.ts +2 -2
- package/src/_api/generated/client.gen.ts +2 -2
- package/src/_api/generated/core/auth.gen.ts +7 -0
- package/src/_api/generated/core/params.gen.ts +10 -8
- package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
- package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
- package/src/_api/generated/core/utils.gen.ts +4 -4
- package/src/_api/generated/helpers/auth.ts +127 -1
- package/src/_api/generated/sdk.gen.ts +149 -53
- package/src/auth/context/AuthContext.tsx +8 -0
- package/src/auth/utils/env.ts +18 -0
- package/src/auth/utils/logger.ts +11 -4
- package/src/index.ts +12 -0
- package/src/log-control.ts +81 -0
package/dist/hooks.cjs
CHANGED
|
@@ -1124,6 +1124,99 @@ async function tryRefresh() {
|
|
|
1124
1124
|
return _refreshInflight;
|
|
1125
1125
|
}
|
|
1126
1126
|
__name(tryRefresh, "tryRefresh");
|
|
1127
|
+
function dpopEnabled() {
|
|
1128
|
+
try {
|
|
1129
|
+
return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
|
|
1130
|
+
} catch {
|
|
1131
|
+
return false;
|
|
1132
|
+
}
|
|
1133
|
+
}
|
|
1134
|
+
__name(dpopEnabled, "dpopEnabled");
|
|
1135
|
+
var _DPOP_DB = "cfg-auth";
|
|
1136
|
+
var _DPOP_STORE = "keys";
|
|
1137
|
+
var _DPOP_KEY_ID = "dpop-ec-p256";
|
|
1138
|
+
function _idbOpen() {
|
|
1139
|
+
return new Promise((resolve, reject) => {
|
|
1140
|
+
const req = indexedDB.open(_DPOP_DB, 1);
|
|
1141
|
+
req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
|
|
1142
|
+
req.onsuccess = () => resolve(req.result);
|
|
1143
|
+
req.onerror = () => reject(req.error);
|
|
1144
|
+
});
|
|
1145
|
+
}
|
|
1146
|
+
__name(_idbOpen, "_idbOpen");
|
|
1147
|
+
function _idbGet(key) {
|
|
1148
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
1149
|
+
const tx = db.transaction(_DPOP_STORE, "readonly");
|
|
1150
|
+
const req = tx.objectStore(_DPOP_STORE).get(key);
|
|
1151
|
+
req.onsuccess = () => resolve(req.result);
|
|
1152
|
+
req.onerror = () => reject(req.error);
|
|
1153
|
+
}));
|
|
1154
|
+
}
|
|
1155
|
+
__name(_idbGet, "_idbGet");
|
|
1156
|
+
function _idbPut(key, value) {
|
|
1157
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
1158
|
+
const tx = db.transaction(_DPOP_STORE, "readwrite");
|
|
1159
|
+
tx.objectStore(_DPOP_STORE).put(value, key);
|
|
1160
|
+
tx.oncomplete = () => resolve();
|
|
1161
|
+
tx.onerror = () => reject(tx.error);
|
|
1162
|
+
}));
|
|
1163
|
+
}
|
|
1164
|
+
__name(_idbPut, "_idbPut");
|
|
1165
|
+
var _dpopKeyPromise = null;
|
|
1166
|
+
function _getDpopKeyPair() {
|
|
1167
|
+
if (_dpopKeyPromise) return _dpopKeyPromise;
|
|
1168
|
+
_dpopKeyPromise = (async () => {
|
|
1169
|
+
const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
|
|
1170
|
+
if (existing) return existing;
|
|
1171
|
+
const pair = await crypto.subtle.generateKey(
|
|
1172
|
+
{ name: "ECDSA", namedCurve: "P-256" },
|
|
1173
|
+
false,
|
|
1174
|
+
// extractable:false — JS can sign but never export the private key
|
|
1175
|
+
["sign"]
|
|
1176
|
+
);
|
|
1177
|
+
await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
|
|
1178
|
+
});
|
|
1179
|
+
return pair;
|
|
1180
|
+
})();
|
|
1181
|
+
return _dpopKeyPromise;
|
|
1182
|
+
}
|
|
1183
|
+
__name(_getDpopKeyPair, "_getDpopKeyPair");
|
|
1184
|
+
function _b64urlFromBytes(bytes) {
|
|
1185
|
+
const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
|
|
1186
|
+
let s = "";
|
|
1187
|
+
for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
|
|
1188
|
+
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
1189
|
+
}
|
|
1190
|
+
__name(_b64urlFromBytes, "_b64urlFromBytes");
|
|
1191
|
+
function _b64urlFromString(str) {
|
|
1192
|
+
return _b64urlFromBytes(new TextEncoder().encode(str));
|
|
1193
|
+
}
|
|
1194
|
+
__name(_b64urlFromString, "_b64urlFromString");
|
|
1195
|
+
async function _publicJwk(pub) {
|
|
1196
|
+
const jwk = await crypto.subtle.exportKey("jwk", pub);
|
|
1197
|
+
return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
|
|
1198
|
+
}
|
|
1199
|
+
__name(_publicJwk, "_publicJwk");
|
|
1200
|
+
async function _makeDpopProof(method, url) {
|
|
1201
|
+
try {
|
|
1202
|
+
const pair = await _getDpopKeyPair();
|
|
1203
|
+
const jwk = await _publicJwk(pair.publicKey);
|
|
1204
|
+
const header = { typ: "dpop+jwt", alg: "ES256", jwk };
|
|
1205
|
+
const htu = url.split("#")[0].split("?")[0];
|
|
1206
|
+
const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
|
|
1207
|
+
const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
|
|
1208
|
+
const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
|
|
1209
|
+
const sig = await crypto.subtle.sign(
|
|
1210
|
+
{ name: "ECDSA", hash: "SHA-256" },
|
|
1211
|
+
pair.privateKey,
|
|
1212
|
+
new TextEncoder().encode(signingInput)
|
|
1213
|
+
);
|
|
1214
|
+
return `${signingInput}.${_b64urlFromBytes(sig)}`;
|
|
1215
|
+
} catch {
|
|
1216
|
+
return null;
|
|
1217
|
+
}
|
|
1218
|
+
}
|
|
1219
|
+
__name(_makeDpopProof, "_makeDpopProof");
|
|
1127
1220
|
function installAuthOnClient(client2) {
|
|
1128
1221
|
if (_client) return;
|
|
1129
1222
|
_client = client2;
|
|
@@ -1131,7 +1224,7 @@ function installAuthOnClient(client2) {
|
|
|
1131
1224
|
baseUrl: auth.getBaseUrl(),
|
|
1132
1225
|
credentials: _withCredentials ? "include" : "same-origin"
|
|
1133
1226
|
});
|
|
1134
|
-
client2.interceptors.request.use((request) => {
|
|
1227
|
+
client2.interceptors.request.use(async (request) => {
|
|
1135
1228
|
const token = auth.getToken();
|
|
1136
1229
|
if (token) request.headers.set("Authorization", `Bearer ${token}`);
|
|
1137
1230
|
const locale = auth.getLocale();
|
|
@@ -1144,6 +1237,10 @@ function installAuthOnClient(client2) {
|
|
|
1144
1237
|
} catch {
|
|
1145
1238
|
}
|
|
1146
1239
|
request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
|
|
1240
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
1241
|
+
const proof = await _makeDpopProof(request.method, request.url);
|
|
1242
|
+
if (proof) request.headers.set("DPoP", proof);
|
|
1243
|
+
}
|
|
1147
1244
|
return request;
|
|
1148
1245
|
});
|
|
1149
1246
|
client2.interceptors.error.use((err, res, req) => {
|
|
@@ -1177,6 +1274,10 @@ function installAuthOnClient(client2) {
|
|
|
1177
1274
|
const retry = request.clone();
|
|
1178
1275
|
retry.headers.set("Authorization", `Bearer ${newToken}`);
|
|
1179
1276
|
retry.headers.set(RETRY_MARKER, "1");
|
|
1277
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
1278
|
+
const proof = await _makeDpopProof(retry.method, retry.url);
|
|
1279
|
+
if (proof) retry.headers.set("DPoP", proof);
|
|
1280
|
+
}
|
|
1180
1281
|
try {
|
|
1181
1282
|
const retried = await fetch(retry);
|
|
1182
1283
|
if (retried.status === 401 && _onUnauthorized) {
|
|
@@ -1216,7 +1317,11 @@ var CfgAccountsApiKey = class {
|
|
|
1216
1317
|
static cfgAccountsApiKeyRetrieve(options) {
|
|
1217
1318
|
return (options?.client ?? client).get({
|
|
1218
1319
|
security: [
|
|
1219
|
-
{
|
|
1320
|
+
{
|
|
1321
|
+
key: "jwtAuth",
|
|
1322
|
+
scheme: "bearer",
|
|
1323
|
+
type: "http"
|
|
1324
|
+
},
|
|
1220
1325
|
{
|
|
1221
1326
|
in: "cookie",
|
|
1222
1327
|
name: "sessionid",
|
|
@@ -1236,7 +1341,11 @@ var CfgAccountsApiKey = class {
|
|
|
1236
1341
|
static cfgAccountsApiKeyRegenerateCreate(options) {
|
|
1237
1342
|
return (options.client ?? client).post({
|
|
1238
1343
|
security: [
|
|
1239
|
-
{
|
|
1344
|
+
{
|
|
1345
|
+
key: "jwtAuth",
|
|
1346
|
+
scheme: "bearer",
|
|
1347
|
+
type: "http"
|
|
1348
|
+
},
|
|
1240
1349
|
{
|
|
1241
1350
|
in: "cookie",
|
|
1242
1351
|
name: "sessionid",
|
|
@@ -1260,7 +1369,11 @@ var CfgAccountsApiKey = class {
|
|
|
1260
1369
|
static cfgAccountsApiKeyTestCreate(options) {
|
|
1261
1370
|
return (options.client ?? client).post({
|
|
1262
1371
|
security: [
|
|
1263
|
-
{
|
|
1372
|
+
{
|
|
1373
|
+
key: "jwtAuth",
|
|
1374
|
+
scheme: "bearer",
|
|
1375
|
+
type: "http"
|
|
1376
|
+
},
|
|
1264
1377
|
{
|
|
1265
1378
|
in: "cookie",
|
|
1266
1379
|
name: "sessionid",
|