@djangocfg/api 2.1.426 → 2.1.428

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +56 -0
  2. package/dist/auth-server.cjs +248 -32
  3. package/dist/auth-server.cjs.map +1 -1
  4. package/dist/auth-server.mjs +248 -32
  5. package/dist/auth-server.mjs.map +1 -1
  6. package/dist/auth.cjs +271 -29
  7. package/dist/auth.cjs.map +1 -1
  8. package/dist/auth.mjs +271 -29
  9. package/dist/auth.mjs.map +1 -1
  10. package/dist/clients.cjs +222 -25
  11. package/dist/clients.cjs.map +1 -1
  12. package/dist/clients.d.cts +35 -28
  13. package/dist/clients.d.ts +35 -28
  14. package/dist/clients.mjs +222 -25
  15. package/dist/clients.mjs.map +1 -1
  16. package/dist/hooks.cjs +117 -4
  17. package/dist/hooks.cjs.map +1 -1
  18. package/dist/hooks.mjs +117 -4
  19. package/dist/hooks.mjs.map +1 -1
  20. package/dist/index.cjs +277 -26
  21. package/dist/index.cjs.map +1 -1
  22. package/dist/index.d.cts +98 -29
  23. package/dist/index.d.ts +98 -29
  24. package/dist/index.mjs +277 -26
  25. package/dist/index.mjs.map +1 -1
  26. package/package.json +2 -2
  27. package/src/_api/generated/client/index.ts +1 -0
  28. package/src/_api/generated/client/utils.gen.ts +2 -2
  29. package/src/_api/generated/client.gen.ts +2 -2
  30. package/src/_api/generated/core/auth.gen.ts +7 -0
  31. package/src/_api/generated/core/params.gen.ts +10 -8
  32. package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
  33. package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
  34. package/src/_api/generated/core/utils.gen.ts +4 -4
  35. package/src/_api/generated/helpers/auth.ts +127 -1
  36. package/src/_api/generated/sdk.gen.ts +149 -53
  37. package/src/auth/context/AuthContext.tsx +8 -0
  38. package/src/auth/utils/env.ts +18 -0
  39. package/src/auth/utils/logger.ts +11 -4
  40. package/src/index.ts +12 -0
  41. package/src/log-control.ts +81 -0
package/dist/auth.cjs CHANGED
@@ -86,6 +86,8 @@ var AUTH_CONSTANTS = {
86
86
  // src/auth/utils/env.ts
87
87
  var isDev = process.env.NODE_ENV === "development";
88
88
  var isBrowser = typeof window !== "undefined";
89
+ var isStaticBuild = process.env.NEXT_PUBLIC_STATIC_BUILD === "true";
90
+ var dpopEnabled = process.env.NEXT_PUBLIC_DPOP_ENABLED === "true";
89
91
 
90
92
  // src/auth/context/AuthContext.tsx
91
93
  var import_navigation4 = require("next/navigation");
@@ -280,12 +282,52 @@ var import_react7 = require("react");
280
282
 
281
283
  // src/auth/utils/logger.ts
282
284
  var import_consola = require("consola");
283
- var isStaticBuild = process.env.NEXT_PUBLIC_STATIC_BUILD === "true";
284
- var showLogs = isDev || isStaticBuild;
285
+
286
+ // src/log-control.ts
287
+ var verboseByDefault = isDev || isStaticBuild;
288
+ var DEFAULT_LEVEL = verboseByDefault ? 4 : 1;
289
+ var _level = DEFAULT_LEVEL;
290
+ var _subscribers = /* @__PURE__ */ new Set();
291
+ function getLogLevel() {
292
+ return _level;
293
+ }
294
+ __name(getLogLevel, "getLogLevel");
295
+ function setLogLevel(level) {
296
+ _level = level;
297
+ for (const fn of _subscribers) {
298
+ try {
299
+ fn(level);
300
+ } catch {
301
+ }
302
+ }
303
+ }
304
+ __name(setLogLevel, "setLogLevel");
305
+ function onLogLevelChange(fn) {
306
+ _subscribers.add(fn);
307
+ try {
308
+ fn(_level);
309
+ } catch {
310
+ }
311
+ return () => _subscribers.delete(fn);
312
+ }
313
+ __name(onLogLevelChange, "onLogLevelChange");
314
+ function applyRoleLogPolicy(opts) {
315
+ const devMode = opts.isDev ?? verboseByDefault;
316
+ if (opts.isAdmin || devMode) {
317
+ setLogLevel(4);
318
+ } else {
319
+ setLogLevel(1);
320
+ }
321
+ }
322
+ __name(applyRoleLogPolicy, "applyRoleLogPolicy");
323
+
324
+ // src/auth/utils/logger.ts
285
325
  var logger = (0, import_consola.createConsola)({
286
- level: showLogs ? 4 : 1
287
- // dev: debug, production: errors only
326
+ level: getLogLevel()
288
327
  }).withTag("api");
328
+ onLogLevelChange((level) => {
329
+ logger.level = level;
330
+ });
289
331
  var authLogger = logger.withTag("auth");
290
332
 
291
333
  // src/auth/hooks/useAutoAuth.ts
@@ -627,6 +669,99 @@ async function tryRefresh() {
627
669
  return _refreshInflight;
628
670
  }
629
671
  __name(tryRefresh, "tryRefresh");
672
+ function dpopEnabled2() {
673
+ try {
674
+ return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
675
+ } catch {
676
+ return false;
677
+ }
678
+ }
679
+ __name(dpopEnabled2, "dpopEnabled");
680
+ var _DPOP_DB = "cfg-auth";
681
+ var _DPOP_STORE = "keys";
682
+ var _DPOP_KEY_ID = "dpop-ec-p256";
683
+ function _idbOpen() {
684
+ return new Promise((resolve, reject) => {
685
+ const req = indexedDB.open(_DPOP_DB, 1);
686
+ req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
687
+ req.onsuccess = () => resolve(req.result);
688
+ req.onerror = () => reject(req.error);
689
+ });
690
+ }
691
+ __name(_idbOpen, "_idbOpen");
692
+ function _idbGet(key) {
693
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
694
+ const tx = db.transaction(_DPOP_STORE, "readonly");
695
+ const req = tx.objectStore(_DPOP_STORE).get(key);
696
+ req.onsuccess = () => resolve(req.result);
697
+ req.onerror = () => reject(req.error);
698
+ }));
699
+ }
700
+ __name(_idbGet, "_idbGet");
701
+ function _idbPut(key, value) {
702
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
703
+ const tx = db.transaction(_DPOP_STORE, "readwrite");
704
+ tx.objectStore(_DPOP_STORE).put(value, key);
705
+ tx.oncomplete = () => resolve();
706
+ tx.onerror = () => reject(tx.error);
707
+ }));
708
+ }
709
+ __name(_idbPut, "_idbPut");
710
+ var _dpopKeyPromise = null;
711
+ function _getDpopKeyPair() {
712
+ if (_dpopKeyPromise) return _dpopKeyPromise;
713
+ _dpopKeyPromise = (async () => {
714
+ const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
715
+ if (existing) return existing;
716
+ const pair = await crypto.subtle.generateKey(
717
+ { name: "ECDSA", namedCurve: "P-256" },
718
+ false,
719
+ // extractable:false — JS can sign but never export the private key
720
+ ["sign"]
721
+ );
722
+ await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
723
+ });
724
+ return pair;
725
+ })();
726
+ return _dpopKeyPromise;
727
+ }
728
+ __name(_getDpopKeyPair, "_getDpopKeyPair");
729
+ function _b64urlFromBytes(bytes) {
730
+ const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
731
+ let s = "";
732
+ for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
733
+ return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
734
+ }
735
+ __name(_b64urlFromBytes, "_b64urlFromBytes");
736
+ function _b64urlFromString(str) {
737
+ return _b64urlFromBytes(new TextEncoder().encode(str));
738
+ }
739
+ __name(_b64urlFromString, "_b64urlFromString");
740
+ async function _publicJwk(pub) {
741
+ const jwk = await crypto.subtle.exportKey("jwk", pub);
742
+ return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
743
+ }
744
+ __name(_publicJwk, "_publicJwk");
745
+ async function _makeDpopProof(method, url) {
746
+ try {
747
+ const pair = await _getDpopKeyPair();
748
+ const jwk = await _publicJwk(pair.publicKey);
749
+ const header = { typ: "dpop+jwt", alg: "ES256", jwk };
750
+ const htu = url.split("#")[0].split("?")[0];
751
+ const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
752
+ const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
753
+ const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
754
+ const sig = await crypto.subtle.sign(
755
+ { name: "ECDSA", hash: "SHA-256" },
756
+ pair.privateKey,
757
+ new TextEncoder().encode(signingInput)
758
+ );
759
+ return `${signingInput}.${_b64urlFromBytes(sig)}`;
760
+ } catch {
761
+ return null;
762
+ }
763
+ }
764
+ __name(_makeDpopProof, "_makeDpopProof");
630
765
  function installAuthOnClient(client2) {
631
766
  if (_client) return;
632
767
  _client = client2;
@@ -634,7 +769,7 @@ function installAuthOnClient(client2) {
634
769
  baseUrl: auth.getBaseUrl(),
635
770
  credentials: _withCredentials ? "include" : "same-origin"
636
771
  });
637
- client2.interceptors.request.use((request) => {
772
+ client2.interceptors.request.use(async (request) => {
638
773
  const token = auth.getToken();
639
774
  if (token) request.headers.set("Authorization", `Bearer ${token}`);
640
775
  const locale = auth.getLocale();
@@ -647,6 +782,10 @@ function installAuthOnClient(client2) {
647
782
  } catch {
648
783
  }
649
784
  request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
785
+ if (dpopEnabled2() && typeof window !== "undefined") {
786
+ const proof = await _makeDpopProof(request.method, request.url);
787
+ if (proof) request.headers.set("DPoP", proof);
788
+ }
650
789
  return request;
651
790
  });
652
791
  client2.interceptors.error.use((err, res, req) => {
@@ -680,6 +819,10 @@ function installAuthOnClient(client2) {
680
819
  const retry = request.clone();
681
820
  retry.headers.set("Authorization", `Bearer ${newToken}`);
682
821
  retry.headers.set(RETRY_MARKER, "1");
822
+ if (dpopEnabled2() && typeof window !== "undefined") {
823
+ const proof = await _makeDpopProof(retry.method, retry.url);
824
+ if (proof) retry.headers.set("DPoP", proof);
825
+ }
683
826
  try {
684
827
  const retried = await fetch(retry);
685
828
  if (retried.status === 401 && _onUnauthorized) {
@@ -1629,7 +1772,11 @@ var CfgAccountsApiKey = class {
1629
1772
  static cfgAccountsApiKeyRetrieve(options) {
1630
1773
  return (options?.client ?? client).get({
1631
1774
  security: [
1632
- { scheme: "bearer", type: "http" },
1775
+ {
1776
+ key: "jwtAuth",
1777
+ scheme: "bearer",
1778
+ type: "http"
1779
+ },
1633
1780
  {
1634
1781
  in: "cookie",
1635
1782
  name: "sessionid",
@@ -1649,7 +1796,11 @@ var CfgAccountsApiKey = class {
1649
1796
  static cfgAccountsApiKeyRegenerateCreate(options) {
1650
1797
  return (options.client ?? client).post({
1651
1798
  security: [
1652
- { scheme: "bearer", type: "http" },
1799
+ {
1800
+ key: "jwtAuth",
1801
+ scheme: "bearer",
1802
+ type: "http"
1803
+ },
1653
1804
  {
1654
1805
  in: "cookie",
1655
1806
  name: "sessionid",
@@ -1673,7 +1824,11 @@ var CfgAccountsApiKey = class {
1673
1824
  static cfgAccountsApiKeyTestCreate(options) {
1674
1825
  return (options.client ?? client).post({
1675
1826
  security: [
1676
- { scheme: "bearer", type: "http" },
1827
+ {
1828
+ key: "jwtAuth",
1829
+ scheme: "bearer",
1830
+ type: "http"
1831
+ },
1677
1832
  {
1678
1833
  in: "cookie",
1679
1834
  name: "sessionid",
@@ -1701,7 +1856,11 @@ var CfgAccountsOauth = class {
1701
1856
  */
1702
1857
  static cfgAccountsOauthConnectionsList(options) {
1703
1858
  return (options?.client ?? client).get({
1704
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1859
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1860
+ key: "jwtAuthWithLastLogin",
1861
+ scheme: "bearer",
1862
+ type: "http"
1863
+ }],
1705
1864
  url: "/cfg/accounts/oauth/connections/",
1706
1865
  ...options
1707
1866
  });
@@ -1713,7 +1872,11 @@ var CfgAccountsOauth = class {
1713
1872
  */
1714
1873
  static cfgAccountsOauthDisconnectCreate(options) {
1715
1874
  return (options.client ?? client).post({
1716
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1875
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1876
+ key: "jwtAuthWithLastLogin",
1877
+ scheme: "bearer",
1878
+ type: "http"
1879
+ }],
1717
1880
  url: "/cfg/accounts/oauth/disconnect/",
1718
1881
  ...options,
1719
1882
  headers: {
@@ -1770,7 +1933,11 @@ var CfgAccounts = class {
1770
1933
  */
1771
1934
  static cfgAccountsOtpRequestCreate(options) {
1772
1935
  return (options.client ?? client).post({
1773
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1936
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1937
+ key: "jwtAuthWithLastLogin",
1938
+ scheme: "bearer",
1939
+ type: "http"
1940
+ }],
1774
1941
  url: "/cfg/accounts/otp/request/",
1775
1942
  ...options,
1776
1943
  headers: {
@@ -1791,7 +1958,11 @@ var CfgAccounts = class {
1791
1958
  */
1792
1959
  static cfgAccountsOtpVerifyCreate(options) {
1793
1960
  return (options.client ?? client).post({
1794
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1961
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1962
+ key: "jwtAuthWithLastLogin",
1963
+ scheme: "bearer",
1964
+ type: "http"
1965
+ }],
1795
1966
  url: "/cfg/accounts/otp/verify/",
1796
1967
  ...options,
1797
1968
  headers: {
@@ -1812,7 +1983,11 @@ var CfgAccountsProfile = class {
1812
1983
  */
1813
1984
  static cfgAccountsProfileRetrieve(options) {
1814
1985
  return (options?.client ?? client).get({
1815
- security: [{ scheme: "bearer", type: "http" }, {
1986
+ security: [{
1987
+ key: "jwtAuth",
1988
+ scheme: "bearer",
1989
+ type: "http"
1990
+ }, {
1816
1991
  in: "cookie",
1817
1992
  name: "sessionid",
1818
1993
  type: "apiKey"
@@ -1829,7 +2004,11 @@ var CfgAccountsProfile = class {
1829
2004
  static cfgAccountsProfileAvatarCreate(options) {
1830
2005
  return (options?.client ?? client).post({
1831
2006
  ...formDataBodySerializer,
1832
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2007
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2008
+ key: "jwtAuthWithLastLogin",
2009
+ scheme: "bearer",
2010
+ type: "http"
2011
+ }],
1833
2012
  url: "/cfg/accounts/profile/avatar/",
1834
2013
  ...options,
1835
2014
  headers: {
@@ -1855,7 +2034,11 @@ var CfgAccountsProfile = class {
1855
2034
  */
1856
2035
  static cfgAccountsProfileDeleteCreate(options) {
1857
2036
  return (options?.client ?? client).post({
1858
- security: [{ scheme: "bearer", type: "http" }, {
2037
+ security: [{
2038
+ key: "jwtAuth",
2039
+ scheme: "bearer",
2040
+ type: "http"
2041
+ }, {
1859
2042
  in: "cookie",
1860
2043
  name: "sessionid",
1861
2044
  type: "apiKey"
@@ -1871,7 +2054,11 @@ var CfgAccountsProfile = class {
1871
2054
  */
1872
2055
  static cfgAccountsProfilePartialPartialUpdate(options) {
1873
2056
  return (options?.client ?? client).patch({
1874
- security: [{ scheme: "bearer", type: "http" }, {
2057
+ security: [{
2058
+ key: "jwtAuth",
2059
+ scheme: "bearer",
2060
+ type: "http"
2061
+ }, {
1875
2062
  in: "cookie",
1876
2063
  name: "sessionid",
1877
2064
  type: "apiKey"
@@ -1891,7 +2078,11 @@ var CfgAccountsProfile = class {
1891
2078
  */
1892
2079
  static cfgAccountsProfilePartialUpdate(options) {
1893
2080
  return (options?.client ?? client).put({
1894
- security: [{ scheme: "bearer", type: "http" }, {
2081
+ security: [{
2082
+ key: "jwtAuth",
2083
+ scheme: "bearer",
2084
+ type: "http"
2085
+ }, {
1895
2086
  in: "cookie",
1896
2087
  name: "sessionid",
1897
2088
  type: "apiKey"
@@ -1911,7 +2102,11 @@ var CfgAccountsProfile = class {
1911
2102
  */
1912
2103
  static cfgAccountsProfileUpdatePartialUpdate(options) {
1913
2104
  return (options?.client ?? client).patch({
1914
- security: [{ scheme: "bearer", type: "http" }, {
2105
+ security: [{
2106
+ key: "jwtAuth",
2107
+ scheme: "bearer",
2108
+ type: "http"
2109
+ }, {
1915
2110
  in: "cookie",
1916
2111
  name: "sessionid",
1917
2112
  type: "apiKey"
@@ -1931,7 +2126,11 @@ var CfgAccountsProfile = class {
1931
2126
  */
1932
2127
  static cfgAccountsProfileUpdateUpdate(options) {
1933
2128
  return (options?.client ?? client).put({
1934
- security: [{ scheme: "bearer", type: "http" }, {
2129
+ security: [{
2130
+ key: "jwtAuth",
2131
+ scheme: "bearer",
2132
+ type: "http"
2133
+ }, {
1935
2134
  in: "cookie",
1936
2135
  name: "sessionid",
1937
2136
  type: "apiKey"
@@ -1974,7 +2173,11 @@ var CfgCentrifugo = class {
1974
2173
  */
1975
2174
  static cfgCentrifugoAuthTokenRetrieve(options) {
1976
2175
  return (options?.client ?? client).get({
1977
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2176
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2177
+ key: "jwtAuthWithLastLogin",
2178
+ scheme: "bearer",
2179
+ type: "http"
2180
+ }],
1978
2181
  url: "/cfg/centrifugo/auth/token/",
1979
2182
  ...options
1980
2183
  });
@@ -1989,7 +2192,11 @@ var CfgTotpBackupCodes = class {
1989
2192
  */
1990
2193
  static cfgTotpBackupCodesRetrieve(options) {
1991
2194
  return (options?.client ?? client).get({
1992
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2195
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2196
+ key: "jwtAuthWithLastLogin",
2197
+ scheme: "bearer",
2198
+ type: "http"
2199
+ }],
1993
2200
  url: "/cfg/totp/backup-codes/",
1994
2201
  ...options
1995
2202
  });
@@ -2002,7 +2209,11 @@ var CfgTotpBackupCodes = class {
2002
2209
  */
2003
2210
  static cfgTotpBackupCodesRegenerateCreate(options) {
2004
2211
  return (options.client ?? client).post({
2005
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2212
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2213
+ key: "jwtAuthWithLastLogin",
2214
+ scheme: "bearer",
2215
+ type: "http"
2216
+ }],
2006
2217
  url: "/cfg/totp/backup-codes/regenerate/",
2007
2218
  ...options,
2008
2219
  headers: {
@@ -2021,7 +2232,11 @@ var CfgTotp = class {
2021
2232
  */
2022
2233
  static cfgTotpDevicesRetrieve(options) {
2023
2234
  return (options?.client ?? client).get({
2024
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2235
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2236
+ key: "jwtAuthWithLastLogin",
2237
+ scheme: "bearer",
2238
+ type: "http"
2239
+ }],
2025
2240
  url: "/cfg/totp/devices/",
2026
2241
  ...options
2027
2242
  });
@@ -2033,7 +2248,11 @@ var CfgTotp = class {
2033
2248
  */
2034
2249
  static cfgTotpDevicesDestroy(options) {
2035
2250
  return (options.client ?? client).delete({
2036
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2251
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2252
+ key: "jwtAuthWithLastLogin",
2253
+ scheme: "bearer",
2254
+ type: "http"
2255
+ }],
2037
2256
  url: "/cfg/totp/devices/{id}/",
2038
2257
  ...options
2039
2258
  });
@@ -2045,7 +2264,11 @@ var CfgTotp = class {
2045
2264
  */
2046
2265
  static cfgTotpDisableCreate(options) {
2047
2266
  return (options.client ?? client).post({
2048
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2267
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2268
+ key: "jwtAuthWithLastLogin",
2269
+ scheme: "bearer",
2270
+ type: "http"
2271
+ }],
2049
2272
  url: "/cfg/totp/disable/",
2050
2273
  ...options,
2051
2274
  headers: {
@@ -2066,7 +2289,11 @@ var CfgTotpSetup = class {
2066
2289
  */
2067
2290
  static cfgTotpSetupCreate(options) {
2068
2291
  return (options?.client ?? client).post({
2069
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2292
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2293
+ key: "jwtAuthWithLastLogin",
2294
+ scheme: "bearer",
2295
+ type: "http"
2296
+ }],
2070
2297
  url: "/cfg/totp/setup/",
2071
2298
  ...options,
2072
2299
  headers: {
@@ -2082,7 +2309,11 @@ var CfgTotpSetup = class {
2082
2309
  */
2083
2310
  static cfgTotpSetupConfirmCreate(options) {
2084
2311
  return (options.client ?? client).post({
2085
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2312
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2313
+ key: "jwtAuthWithLastLogin",
2314
+ scheme: "bearer",
2315
+ type: "http"
2316
+ }],
2086
2317
  url: "/cfg/totp/setup/confirm/",
2087
2318
  ...options,
2088
2319
  headers: {
@@ -2103,7 +2334,11 @@ var CfgTotpVerify = class {
2103
2334
  */
2104
2335
  static cfgTotpVerifyCreate(options) {
2105
2336
  return (options.client ?? client).post({
2106
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2337
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2338
+ key: "jwtAuthWithLastLogin",
2339
+ scheme: "bearer",
2340
+ type: "http"
2341
+ }],
2107
2342
  url: "/cfg/totp/verify/",
2108
2343
  ...options,
2109
2344
  headers: {
@@ -2119,7 +2354,11 @@ var CfgTotpVerify = class {
2119
2354
  */
2120
2355
  static cfgTotpVerifyBackupCreate(options) {
2121
2356
  return (options.client ?? client).post({
2122
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2357
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2358
+ key: "jwtAuthWithLastLogin",
2359
+ scheme: "bearer",
2360
+ type: "http"
2361
+ }],
2123
2362
  url: "/cfg/totp/verify/backup/",
2124
2363
  ...options,
2125
2364
  headers: {
@@ -4812,6 +5051,9 @@ var AuthProviderInternal = /* @__PURE__ */ __name(({ children, config }) => {
4812
5051
  const isAdminUser = (0, import_react17.useMemo)(() => {
4813
5052
  return Boolean(user?.is_staff || user?.is_superuser);
4814
5053
  }, [user]);
5054
+ (0, import_react17.useEffect)(() => {
5055
+ applyRoleLogPolicy({ isAdmin: isAdminUser });
5056
+ }, [isAdminUser]);
4815
5057
  const updateProfile = (0, import_react17.useCallback)(
4816
5058
  async (data) => {
4817
5059
  const result = await accounts.partialUpdateProfile(data);