@djangocfg/api 2.1.426 → 2.1.428
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/auth-server.cjs +248 -32
- package/dist/auth-server.cjs.map +1 -1
- package/dist/auth-server.mjs +248 -32
- package/dist/auth-server.mjs.map +1 -1
- package/dist/auth.cjs +271 -29
- package/dist/auth.cjs.map +1 -1
- package/dist/auth.mjs +271 -29
- package/dist/auth.mjs.map +1 -1
- package/dist/clients.cjs +222 -25
- package/dist/clients.cjs.map +1 -1
- package/dist/clients.d.cts +35 -28
- package/dist/clients.d.ts +35 -28
- package/dist/clients.mjs +222 -25
- package/dist/clients.mjs.map +1 -1
- package/dist/hooks.cjs +117 -4
- package/dist/hooks.cjs.map +1 -1
- package/dist/hooks.mjs +117 -4
- package/dist/hooks.mjs.map +1 -1
- package/dist/index.cjs +277 -26
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +98 -29
- package/dist/index.d.ts +98 -29
- package/dist/index.mjs +277 -26
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
- package/src/_api/generated/client/index.ts +1 -0
- package/src/_api/generated/client/utils.gen.ts +2 -2
- package/src/_api/generated/client.gen.ts +2 -2
- package/src/_api/generated/core/auth.gen.ts +7 -0
- package/src/_api/generated/core/params.gen.ts +10 -8
- package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
- package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
- package/src/_api/generated/core/utils.gen.ts +4 -4
- package/src/_api/generated/helpers/auth.ts +127 -1
- package/src/_api/generated/sdk.gen.ts +149 -53
- package/src/auth/context/AuthContext.tsx +8 -0
- package/src/auth/utils/env.ts +18 -0
- package/src/auth/utils/logger.ts +11 -4
- package/src/index.ts +12 -0
- package/src/log-control.ts +81 -0
package/dist/hooks.mjs
CHANGED
|
@@ -1091,6 +1091,99 @@ async function tryRefresh() {
|
|
|
1091
1091
|
return _refreshInflight;
|
|
1092
1092
|
}
|
|
1093
1093
|
__name(tryRefresh, "tryRefresh");
|
|
1094
|
+
function dpopEnabled() {
|
|
1095
|
+
try {
|
|
1096
|
+
return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
|
|
1097
|
+
} catch {
|
|
1098
|
+
return false;
|
|
1099
|
+
}
|
|
1100
|
+
}
|
|
1101
|
+
__name(dpopEnabled, "dpopEnabled");
|
|
1102
|
+
var _DPOP_DB = "cfg-auth";
|
|
1103
|
+
var _DPOP_STORE = "keys";
|
|
1104
|
+
var _DPOP_KEY_ID = "dpop-ec-p256";
|
|
1105
|
+
function _idbOpen() {
|
|
1106
|
+
return new Promise((resolve, reject) => {
|
|
1107
|
+
const req = indexedDB.open(_DPOP_DB, 1);
|
|
1108
|
+
req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
|
|
1109
|
+
req.onsuccess = () => resolve(req.result);
|
|
1110
|
+
req.onerror = () => reject(req.error);
|
|
1111
|
+
});
|
|
1112
|
+
}
|
|
1113
|
+
__name(_idbOpen, "_idbOpen");
|
|
1114
|
+
function _idbGet(key) {
|
|
1115
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
1116
|
+
const tx = db.transaction(_DPOP_STORE, "readonly");
|
|
1117
|
+
const req = tx.objectStore(_DPOP_STORE).get(key);
|
|
1118
|
+
req.onsuccess = () => resolve(req.result);
|
|
1119
|
+
req.onerror = () => reject(req.error);
|
|
1120
|
+
}));
|
|
1121
|
+
}
|
|
1122
|
+
__name(_idbGet, "_idbGet");
|
|
1123
|
+
function _idbPut(key, value) {
|
|
1124
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
1125
|
+
const tx = db.transaction(_DPOP_STORE, "readwrite");
|
|
1126
|
+
tx.objectStore(_DPOP_STORE).put(value, key);
|
|
1127
|
+
tx.oncomplete = () => resolve();
|
|
1128
|
+
tx.onerror = () => reject(tx.error);
|
|
1129
|
+
}));
|
|
1130
|
+
}
|
|
1131
|
+
__name(_idbPut, "_idbPut");
|
|
1132
|
+
var _dpopKeyPromise = null;
|
|
1133
|
+
function _getDpopKeyPair() {
|
|
1134
|
+
if (_dpopKeyPromise) return _dpopKeyPromise;
|
|
1135
|
+
_dpopKeyPromise = (async () => {
|
|
1136
|
+
const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
|
|
1137
|
+
if (existing) return existing;
|
|
1138
|
+
const pair = await crypto.subtle.generateKey(
|
|
1139
|
+
{ name: "ECDSA", namedCurve: "P-256" },
|
|
1140
|
+
false,
|
|
1141
|
+
// extractable:false — JS can sign but never export the private key
|
|
1142
|
+
["sign"]
|
|
1143
|
+
);
|
|
1144
|
+
await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
|
|
1145
|
+
});
|
|
1146
|
+
return pair;
|
|
1147
|
+
})();
|
|
1148
|
+
return _dpopKeyPromise;
|
|
1149
|
+
}
|
|
1150
|
+
__name(_getDpopKeyPair, "_getDpopKeyPair");
|
|
1151
|
+
function _b64urlFromBytes(bytes) {
|
|
1152
|
+
const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
|
|
1153
|
+
let s = "";
|
|
1154
|
+
for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
|
|
1155
|
+
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
1156
|
+
}
|
|
1157
|
+
__name(_b64urlFromBytes, "_b64urlFromBytes");
|
|
1158
|
+
function _b64urlFromString(str) {
|
|
1159
|
+
return _b64urlFromBytes(new TextEncoder().encode(str));
|
|
1160
|
+
}
|
|
1161
|
+
__name(_b64urlFromString, "_b64urlFromString");
|
|
1162
|
+
async function _publicJwk(pub) {
|
|
1163
|
+
const jwk = await crypto.subtle.exportKey("jwk", pub);
|
|
1164
|
+
return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
|
|
1165
|
+
}
|
|
1166
|
+
__name(_publicJwk, "_publicJwk");
|
|
1167
|
+
async function _makeDpopProof(method, url) {
|
|
1168
|
+
try {
|
|
1169
|
+
const pair = await _getDpopKeyPair();
|
|
1170
|
+
const jwk = await _publicJwk(pair.publicKey);
|
|
1171
|
+
const header = { typ: "dpop+jwt", alg: "ES256", jwk };
|
|
1172
|
+
const htu = url.split("#")[0].split("?")[0];
|
|
1173
|
+
const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
|
|
1174
|
+
const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
|
|
1175
|
+
const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
|
|
1176
|
+
const sig = await crypto.subtle.sign(
|
|
1177
|
+
{ name: "ECDSA", hash: "SHA-256" },
|
|
1178
|
+
pair.privateKey,
|
|
1179
|
+
new TextEncoder().encode(signingInput)
|
|
1180
|
+
);
|
|
1181
|
+
return `${signingInput}.${_b64urlFromBytes(sig)}`;
|
|
1182
|
+
} catch {
|
|
1183
|
+
return null;
|
|
1184
|
+
}
|
|
1185
|
+
}
|
|
1186
|
+
__name(_makeDpopProof, "_makeDpopProof");
|
|
1094
1187
|
function installAuthOnClient(client2) {
|
|
1095
1188
|
if (_client) return;
|
|
1096
1189
|
_client = client2;
|
|
@@ -1098,7 +1191,7 @@ function installAuthOnClient(client2) {
|
|
|
1098
1191
|
baseUrl: auth.getBaseUrl(),
|
|
1099
1192
|
credentials: _withCredentials ? "include" : "same-origin"
|
|
1100
1193
|
});
|
|
1101
|
-
client2.interceptors.request.use((request) => {
|
|
1194
|
+
client2.interceptors.request.use(async (request) => {
|
|
1102
1195
|
const token = auth.getToken();
|
|
1103
1196
|
if (token) request.headers.set("Authorization", `Bearer ${token}`);
|
|
1104
1197
|
const locale = auth.getLocale();
|
|
@@ -1111,6 +1204,10 @@ function installAuthOnClient(client2) {
|
|
|
1111
1204
|
} catch {
|
|
1112
1205
|
}
|
|
1113
1206
|
request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
|
|
1207
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
1208
|
+
const proof = await _makeDpopProof(request.method, request.url);
|
|
1209
|
+
if (proof) request.headers.set("DPoP", proof);
|
|
1210
|
+
}
|
|
1114
1211
|
return request;
|
|
1115
1212
|
});
|
|
1116
1213
|
client2.interceptors.error.use((err, res, req) => {
|
|
@@ -1144,6 +1241,10 @@ function installAuthOnClient(client2) {
|
|
|
1144
1241
|
const retry = request.clone();
|
|
1145
1242
|
retry.headers.set("Authorization", `Bearer ${newToken}`);
|
|
1146
1243
|
retry.headers.set(RETRY_MARKER, "1");
|
|
1244
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
1245
|
+
const proof = await _makeDpopProof(retry.method, retry.url);
|
|
1246
|
+
if (proof) retry.headers.set("DPoP", proof);
|
|
1247
|
+
}
|
|
1147
1248
|
try {
|
|
1148
1249
|
const retried = await fetch(retry);
|
|
1149
1250
|
if (retried.status === 401 && _onUnauthorized) {
|
|
@@ -1183,7 +1284,11 @@ var CfgAccountsApiKey = class {
|
|
|
1183
1284
|
static cfgAccountsApiKeyRetrieve(options) {
|
|
1184
1285
|
return (options?.client ?? client).get({
|
|
1185
1286
|
security: [
|
|
1186
|
-
{
|
|
1287
|
+
{
|
|
1288
|
+
key: "jwtAuth",
|
|
1289
|
+
scheme: "bearer",
|
|
1290
|
+
type: "http"
|
|
1291
|
+
},
|
|
1187
1292
|
{
|
|
1188
1293
|
in: "cookie",
|
|
1189
1294
|
name: "sessionid",
|
|
@@ -1203,7 +1308,11 @@ var CfgAccountsApiKey = class {
|
|
|
1203
1308
|
static cfgAccountsApiKeyRegenerateCreate(options) {
|
|
1204
1309
|
return (options.client ?? client).post({
|
|
1205
1310
|
security: [
|
|
1206
|
-
{
|
|
1311
|
+
{
|
|
1312
|
+
key: "jwtAuth",
|
|
1313
|
+
scheme: "bearer",
|
|
1314
|
+
type: "http"
|
|
1315
|
+
},
|
|
1207
1316
|
{
|
|
1208
1317
|
in: "cookie",
|
|
1209
1318
|
name: "sessionid",
|
|
@@ -1227,7 +1336,11 @@ var CfgAccountsApiKey = class {
|
|
|
1227
1336
|
static cfgAccountsApiKeyTestCreate(options) {
|
|
1228
1337
|
return (options.client ?? client).post({
|
|
1229
1338
|
security: [
|
|
1230
|
-
{
|
|
1339
|
+
{
|
|
1340
|
+
key: "jwtAuth",
|
|
1341
|
+
scheme: "bearer",
|
|
1342
|
+
type: "http"
|
|
1343
|
+
},
|
|
1231
1344
|
{
|
|
1232
1345
|
in: "cookie",
|
|
1233
1346
|
name: "sessionid",
|