@djangocfg/api 2.1.426 → 2.1.428

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +56 -0
  2. package/dist/auth-server.cjs +248 -32
  3. package/dist/auth-server.cjs.map +1 -1
  4. package/dist/auth-server.mjs +248 -32
  5. package/dist/auth-server.mjs.map +1 -1
  6. package/dist/auth.cjs +271 -29
  7. package/dist/auth.cjs.map +1 -1
  8. package/dist/auth.mjs +271 -29
  9. package/dist/auth.mjs.map +1 -1
  10. package/dist/clients.cjs +222 -25
  11. package/dist/clients.cjs.map +1 -1
  12. package/dist/clients.d.cts +35 -28
  13. package/dist/clients.d.ts +35 -28
  14. package/dist/clients.mjs +222 -25
  15. package/dist/clients.mjs.map +1 -1
  16. package/dist/hooks.cjs +117 -4
  17. package/dist/hooks.cjs.map +1 -1
  18. package/dist/hooks.mjs +117 -4
  19. package/dist/hooks.mjs.map +1 -1
  20. package/dist/index.cjs +277 -26
  21. package/dist/index.cjs.map +1 -1
  22. package/dist/index.d.cts +98 -29
  23. package/dist/index.d.ts +98 -29
  24. package/dist/index.mjs +277 -26
  25. package/dist/index.mjs.map +1 -1
  26. package/package.json +2 -2
  27. package/src/_api/generated/client/index.ts +1 -0
  28. package/src/_api/generated/client/utils.gen.ts +2 -2
  29. package/src/_api/generated/client.gen.ts +2 -2
  30. package/src/_api/generated/core/auth.gen.ts +7 -0
  31. package/src/_api/generated/core/params.gen.ts +10 -8
  32. package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
  33. package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
  34. package/src/_api/generated/core/utils.gen.ts +4 -4
  35. package/src/_api/generated/helpers/auth.ts +127 -1
  36. package/src/_api/generated/sdk.gen.ts +149 -53
  37. package/src/auth/context/AuthContext.tsx +8 -0
  38. package/src/auth/utils/env.ts +18 -0
  39. package/src/auth/utils/logger.ts +11 -4
  40. package/src/index.ts +12 -0
  41. package/src/log-control.ts +81 -0
package/dist/clients.cjs CHANGED
@@ -322,6 +322,99 @@ async function tryRefresh() {
322
322
  return _refreshInflight;
323
323
  }
324
324
  __name(tryRefresh, "tryRefresh");
325
+ function dpopEnabled() {
326
+ try {
327
+ return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
328
+ } catch {
329
+ return false;
330
+ }
331
+ }
332
+ __name(dpopEnabled, "dpopEnabled");
333
+ var _DPOP_DB = "cfg-auth";
334
+ var _DPOP_STORE = "keys";
335
+ var _DPOP_KEY_ID = "dpop-ec-p256";
336
+ function _idbOpen() {
337
+ return new Promise((resolve, reject) => {
338
+ const req = indexedDB.open(_DPOP_DB, 1);
339
+ req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
340
+ req.onsuccess = () => resolve(req.result);
341
+ req.onerror = () => reject(req.error);
342
+ });
343
+ }
344
+ __name(_idbOpen, "_idbOpen");
345
+ function _idbGet(key) {
346
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
347
+ const tx = db.transaction(_DPOP_STORE, "readonly");
348
+ const req = tx.objectStore(_DPOP_STORE).get(key);
349
+ req.onsuccess = () => resolve(req.result);
350
+ req.onerror = () => reject(req.error);
351
+ }));
352
+ }
353
+ __name(_idbGet, "_idbGet");
354
+ function _idbPut(key, value) {
355
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
356
+ const tx = db.transaction(_DPOP_STORE, "readwrite");
357
+ tx.objectStore(_DPOP_STORE).put(value, key);
358
+ tx.oncomplete = () => resolve();
359
+ tx.onerror = () => reject(tx.error);
360
+ }));
361
+ }
362
+ __name(_idbPut, "_idbPut");
363
+ var _dpopKeyPromise = null;
364
+ function _getDpopKeyPair() {
365
+ if (_dpopKeyPromise) return _dpopKeyPromise;
366
+ _dpopKeyPromise = (async () => {
367
+ const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
368
+ if (existing) return existing;
369
+ const pair = await crypto.subtle.generateKey(
370
+ { name: "ECDSA", namedCurve: "P-256" },
371
+ false,
372
+ // extractable:false — JS can sign but never export the private key
373
+ ["sign"]
374
+ );
375
+ await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
376
+ });
377
+ return pair;
378
+ })();
379
+ return _dpopKeyPromise;
380
+ }
381
+ __name(_getDpopKeyPair, "_getDpopKeyPair");
382
+ function _b64urlFromBytes(bytes) {
383
+ const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
384
+ let s = "";
385
+ for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
386
+ return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
387
+ }
388
+ __name(_b64urlFromBytes, "_b64urlFromBytes");
389
+ function _b64urlFromString(str) {
390
+ return _b64urlFromBytes(new TextEncoder().encode(str));
391
+ }
392
+ __name(_b64urlFromString, "_b64urlFromString");
393
+ async function _publicJwk(pub) {
394
+ const jwk = await crypto.subtle.exportKey("jwk", pub);
395
+ return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
396
+ }
397
+ __name(_publicJwk, "_publicJwk");
398
+ async function _makeDpopProof(method, url) {
399
+ try {
400
+ const pair = await _getDpopKeyPair();
401
+ const jwk = await _publicJwk(pair.publicKey);
402
+ const header = { typ: "dpop+jwt", alg: "ES256", jwk };
403
+ const htu = url.split("#")[0].split("?")[0];
404
+ const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
405
+ const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
406
+ const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
407
+ const sig = await crypto.subtle.sign(
408
+ { name: "ECDSA", hash: "SHA-256" },
409
+ pair.privateKey,
410
+ new TextEncoder().encode(signingInput)
411
+ );
412
+ return `${signingInput}.${_b64urlFromBytes(sig)}`;
413
+ } catch {
414
+ return null;
415
+ }
416
+ }
417
+ __name(_makeDpopProof, "_makeDpopProof");
325
418
  function installAuthOnClient(client2) {
326
419
  if (_client) return;
327
420
  _client = client2;
@@ -329,7 +422,7 @@ function installAuthOnClient(client2) {
329
422
  baseUrl: auth.getBaseUrl(),
330
423
  credentials: _withCredentials ? "include" : "same-origin"
331
424
  });
332
- client2.interceptors.request.use((request) => {
425
+ client2.interceptors.request.use(async (request) => {
333
426
  const token = auth.getToken();
334
427
  if (token) request.headers.set("Authorization", `Bearer ${token}`);
335
428
  const locale = auth.getLocale();
@@ -342,6 +435,10 @@ function installAuthOnClient(client2) {
342
435
  } catch {
343
436
  }
344
437
  request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
438
+ if (dpopEnabled() && typeof window !== "undefined") {
439
+ const proof = await _makeDpopProof(request.method, request.url);
440
+ if (proof) request.headers.set("DPoP", proof);
441
+ }
345
442
  return request;
346
443
  });
347
444
  client2.interceptors.error.use((err, res, req) => {
@@ -375,6 +472,10 @@ function installAuthOnClient(client2) {
375
472
  const retry = request.clone();
376
473
  retry.headers.set("Authorization", `Bearer ${newToken}`);
377
474
  retry.headers.set(RETRY_MARKER, "1");
475
+ if (dpopEnabled() && typeof window !== "undefined") {
476
+ const proof = await _makeDpopProof(retry.method, retry.url);
477
+ if (proof) retry.headers.set("DPoP", proof);
478
+ }
378
479
  try {
379
480
  const retried = await fetch(retry);
380
481
  if (retried.status === 401 && _onUnauthorized) {
@@ -1324,7 +1425,11 @@ var CfgAccountsApiKey = class {
1324
1425
  static cfgAccountsApiKeyRetrieve(options) {
1325
1426
  return (options?.client ?? client).get({
1326
1427
  security: [
1327
- { scheme: "bearer", type: "http" },
1428
+ {
1429
+ key: "jwtAuth",
1430
+ scheme: "bearer",
1431
+ type: "http"
1432
+ },
1328
1433
  {
1329
1434
  in: "cookie",
1330
1435
  name: "sessionid",
@@ -1344,7 +1449,11 @@ var CfgAccountsApiKey = class {
1344
1449
  static cfgAccountsApiKeyRegenerateCreate(options) {
1345
1450
  return (options.client ?? client).post({
1346
1451
  security: [
1347
- { scheme: "bearer", type: "http" },
1452
+ {
1453
+ key: "jwtAuth",
1454
+ scheme: "bearer",
1455
+ type: "http"
1456
+ },
1348
1457
  {
1349
1458
  in: "cookie",
1350
1459
  name: "sessionid",
@@ -1368,7 +1477,11 @@ var CfgAccountsApiKey = class {
1368
1477
  static cfgAccountsApiKeyTestCreate(options) {
1369
1478
  return (options.client ?? client).post({
1370
1479
  security: [
1371
- { scheme: "bearer", type: "http" },
1480
+ {
1481
+ key: "jwtAuth",
1482
+ scheme: "bearer",
1483
+ type: "http"
1484
+ },
1372
1485
  {
1373
1486
  in: "cookie",
1374
1487
  name: "sessionid",
@@ -1396,7 +1509,11 @@ var CfgAccountsOauth = class {
1396
1509
  */
1397
1510
  static cfgAccountsOauthConnectionsList(options) {
1398
1511
  return (options?.client ?? client).get({
1399
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1512
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1513
+ key: "jwtAuthWithLastLogin",
1514
+ scheme: "bearer",
1515
+ type: "http"
1516
+ }],
1400
1517
  url: "/cfg/accounts/oauth/connections/",
1401
1518
  ...options
1402
1519
  });
@@ -1408,7 +1525,11 @@ var CfgAccountsOauth = class {
1408
1525
  */
1409
1526
  static cfgAccountsOauthDisconnectCreate(options) {
1410
1527
  return (options.client ?? client).post({
1411
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1528
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1529
+ key: "jwtAuthWithLastLogin",
1530
+ scheme: "bearer",
1531
+ type: "http"
1532
+ }],
1412
1533
  url: "/cfg/accounts/oauth/disconnect/",
1413
1534
  ...options,
1414
1535
  headers: {
@@ -1465,7 +1586,11 @@ var CfgAccounts = class {
1465
1586
  */
1466
1587
  static cfgAccountsOtpRequestCreate(options) {
1467
1588
  return (options.client ?? client).post({
1468
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1589
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1590
+ key: "jwtAuthWithLastLogin",
1591
+ scheme: "bearer",
1592
+ type: "http"
1593
+ }],
1469
1594
  url: "/cfg/accounts/otp/request/",
1470
1595
  ...options,
1471
1596
  headers: {
@@ -1486,7 +1611,11 @@ var CfgAccounts = class {
1486
1611
  */
1487
1612
  static cfgAccountsOtpVerifyCreate(options) {
1488
1613
  return (options.client ?? client).post({
1489
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1614
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1615
+ key: "jwtAuthWithLastLogin",
1616
+ scheme: "bearer",
1617
+ type: "http"
1618
+ }],
1490
1619
  url: "/cfg/accounts/otp/verify/",
1491
1620
  ...options,
1492
1621
  headers: {
@@ -1507,7 +1636,11 @@ var CfgAccountsProfile = class {
1507
1636
  */
1508
1637
  static cfgAccountsProfileRetrieve(options) {
1509
1638
  return (options?.client ?? client).get({
1510
- security: [{ scheme: "bearer", type: "http" }, {
1639
+ security: [{
1640
+ key: "jwtAuth",
1641
+ scheme: "bearer",
1642
+ type: "http"
1643
+ }, {
1511
1644
  in: "cookie",
1512
1645
  name: "sessionid",
1513
1646
  type: "apiKey"
@@ -1524,7 +1657,11 @@ var CfgAccountsProfile = class {
1524
1657
  static cfgAccountsProfileAvatarCreate(options) {
1525
1658
  return (options?.client ?? client).post({
1526
1659
  ...formDataBodySerializer,
1527
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1660
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1661
+ key: "jwtAuthWithLastLogin",
1662
+ scheme: "bearer",
1663
+ type: "http"
1664
+ }],
1528
1665
  url: "/cfg/accounts/profile/avatar/",
1529
1666
  ...options,
1530
1667
  headers: {
@@ -1550,7 +1687,11 @@ var CfgAccountsProfile = class {
1550
1687
  */
1551
1688
  static cfgAccountsProfileDeleteCreate(options) {
1552
1689
  return (options?.client ?? client).post({
1553
- security: [{ scheme: "bearer", type: "http" }, {
1690
+ security: [{
1691
+ key: "jwtAuth",
1692
+ scheme: "bearer",
1693
+ type: "http"
1694
+ }, {
1554
1695
  in: "cookie",
1555
1696
  name: "sessionid",
1556
1697
  type: "apiKey"
@@ -1566,7 +1707,11 @@ var CfgAccountsProfile = class {
1566
1707
  */
1567
1708
  static cfgAccountsProfilePartialPartialUpdate(options) {
1568
1709
  return (options?.client ?? client).patch({
1569
- security: [{ scheme: "bearer", type: "http" }, {
1710
+ security: [{
1711
+ key: "jwtAuth",
1712
+ scheme: "bearer",
1713
+ type: "http"
1714
+ }, {
1570
1715
  in: "cookie",
1571
1716
  name: "sessionid",
1572
1717
  type: "apiKey"
@@ -1586,7 +1731,11 @@ var CfgAccountsProfile = class {
1586
1731
  */
1587
1732
  static cfgAccountsProfilePartialUpdate(options) {
1588
1733
  return (options?.client ?? client).put({
1589
- security: [{ scheme: "bearer", type: "http" }, {
1734
+ security: [{
1735
+ key: "jwtAuth",
1736
+ scheme: "bearer",
1737
+ type: "http"
1738
+ }, {
1590
1739
  in: "cookie",
1591
1740
  name: "sessionid",
1592
1741
  type: "apiKey"
@@ -1606,7 +1755,11 @@ var CfgAccountsProfile = class {
1606
1755
  */
1607
1756
  static cfgAccountsProfileUpdatePartialUpdate(options) {
1608
1757
  return (options?.client ?? client).patch({
1609
- security: [{ scheme: "bearer", type: "http" }, {
1758
+ security: [{
1759
+ key: "jwtAuth",
1760
+ scheme: "bearer",
1761
+ type: "http"
1762
+ }, {
1610
1763
  in: "cookie",
1611
1764
  name: "sessionid",
1612
1765
  type: "apiKey"
@@ -1626,7 +1779,11 @@ var CfgAccountsProfile = class {
1626
1779
  */
1627
1780
  static cfgAccountsProfileUpdateUpdate(options) {
1628
1781
  return (options?.client ?? client).put({
1629
- security: [{ scheme: "bearer", type: "http" }, {
1782
+ security: [{
1783
+ key: "jwtAuth",
1784
+ scheme: "bearer",
1785
+ type: "http"
1786
+ }, {
1630
1787
  in: "cookie",
1631
1788
  name: "sessionid",
1632
1789
  type: "apiKey"
@@ -1669,7 +1826,11 @@ var CfgCentrifugo = class {
1669
1826
  */
1670
1827
  static cfgCentrifugoAuthTokenRetrieve(options) {
1671
1828
  return (options?.client ?? client).get({
1672
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1829
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1830
+ key: "jwtAuthWithLastLogin",
1831
+ scheme: "bearer",
1832
+ type: "http"
1833
+ }],
1673
1834
  url: "/cfg/centrifugo/auth/token/",
1674
1835
  ...options
1675
1836
  });
@@ -1684,7 +1845,11 @@ var CfgTotpBackupCodes = class {
1684
1845
  */
1685
1846
  static cfgTotpBackupCodesRetrieve(options) {
1686
1847
  return (options?.client ?? client).get({
1687
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1848
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1849
+ key: "jwtAuthWithLastLogin",
1850
+ scheme: "bearer",
1851
+ type: "http"
1852
+ }],
1688
1853
  url: "/cfg/totp/backup-codes/",
1689
1854
  ...options
1690
1855
  });
@@ -1697,7 +1862,11 @@ var CfgTotpBackupCodes = class {
1697
1862
  */
1698
1863
  static cfgTotpBackupCodesRegenerateCreate(options) {
1699
1864
  return (options.client ?? client).post({
1700
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1865
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1866
+ key: "jwtAuthWithLastLogin",
1867
+ scheme: "bearer",
1868
+ type: "http"
1869
+ }],
1701
1870
  url: "/cfg/totp/backup-codes/regenerate/",
1702
1871
  ...options,
1703
1872
  headers: {
@@ -1716,7 +1885,11 @@ var CfgTotp = class {
1716
1885
  */
1717
1886
  static cfgTotpDevicesRetrieve(options) {
1718
1887
  return (options?.client ?? client).get({
1719
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1888
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1889
+ key: "jwtAuthWithLastLogin",
1890
+ scheme: "bearer",
1891
+ type: "http"
1892
+ }],
1720
1893
  url: "/cfg/totp/devices/",
1721
1894
  ...options
1722
1895
  });
@@ -1728,7 +1901,11 @@ var CfgTotp = class {
1728
1901
  */
1729
1902
  static cfgTotpDevicesDestroy(options) {
1730
1903
  return (options.client ?? client).delete({
1731
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1904
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1905
+ key: "jwtAuthWithLastLogin",
1906
+ scheme: "bearer",
1907
+ type: "http"
1908
+ }],
1732
1909
  url: "/cfg/totp/devices/{id}/",
1733
1910
  ...options
1734
1911
  });
@@ -1740,7 +1917,11 @@ var CfgTotp = class {
1740
1917
  */
1741
1918
  static cfgTotpDisableCreate(options) {
1742
1919
  return (options.client ?? client).post({
1743
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1920
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1921
+ key: "jwtAuthWithLastLogin",
1922
+ scheme: "bearer",
1923
+ type: "http"
1924
+ }],
1744
1925
  url: "/cfg/totp/disable/",
1745
1926
  ...options,
1746
1927
  headers: {
@@ -1761,7 +1942,11 @@ var CfgTotpSetup = class {
1761
1942
  */
1762
1943
  static cfgTotpSetupCreate(options) {
1763
1944
  return (options?.client ?? client).post({
1764
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1945
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1946
+ key: "jwtAuthWithLastLogin",
1947
+ scheme: "bearer",
1948
+ type: "http"
1949
+ }],
1765
1950
  url: "/cfg/totp/setup/",
1766
1951
  ...options,
1767
1952
  headers: {
@@ -1777,7 +1962,11 @@ var CfgTotpSetup = class {
1777
1962
  */
1778
1963
  static cfgTotpSetupConfirmCreate(options) {
1779
1964
  return (options.client ?? client).post({
1780
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1965
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1966
+ key: "jwtAuthWithLastLogin",
1967
+ scheme: "bearer",
1968
+ type: "http"
1969
+ }],
1781
1970
  url: "/cfg/totp/setup/confirm/",
1782
1971
  ...options,
1783
1972
  headers: {
@@ -1798,7 +1987,11 @@ var CfgTotpVerify = class {
1798
1987
  */
1799
1988
  static cfgTotpVerifyCreate(options) {
1800
1989
  return (options.client ?? client).post({
1801
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1990
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1991
+ key: "jwtAuthWithLastLogin",
1992
+ scheme: "bearer",
1993
+ type: "http"
1994
+ }],
1802
1995
  url: "/cfg/totp/verify/",
1803
1996
  ...options,
1804
1997
  headers: {
@@ -1814,7 +2007,11 @@ var CfgTotpVerify = class {
1814
2007
  */
1815
2008
  static cfgTotpVerifyBackupCreate(options) {
1816
2009
  return (options.client ?? client).post({
1817
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2010
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2011
+ key: "jwtAuthWithLastLogin",
2012
+ scheme: "bearer",
2013
+ type: "http"
2014
+ }],
1818
2015
  url: "/cfg/totp/verify/backup/",
1819
2016
  ...options,
1820
2017
  headers: {