@djangocfg/api 2.1.427 → 2.1.428

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +56 -0
  2. package/dist/auth-server.cjs +248 -32
  3. package/dist/auth-server.cjs.map +1 -1
  4. package/dist/auth-server.mjs +248 -32
  5. package/dist/auth-server.mjs.map +1 -1
  6. package/dist/auth.cjs +271 -29
  7. package/dist/auth.cjs.map +1 -1
  8. package/dist/auth.mjs +271 -29
  9. package/dist/auth.mjs.map +1 -1
  10. package/dist/clients.cjs +222 -25
  11. package/dist/clients.cjs.map +1 -1
  12. package/dist/clients.d.cts +35 -28
  13. package/dist/clients.d.ts +35 -28
  14. package/dist/clients.mjs +222 -25
  15. package/dist/clients.mjs.map +1 -1
  16. package/dist/hooks.cjs +117 -4
  17. package/dist/hooks.cjs.map +1 -1
  18. package/dist/hooks.mjs +117 -4
  19. package/dist/hooks.mjs.map +1 -1
  20. package/dist/index.cjs +277 -26
  21. package/dist/index.cjs.map +1 -1
  22. package/dist/index.d.cts +98 -29
  23. package/dist/index.d.ts +98 -29
  24. package/dist/index.mjs +277 -26
  25. package/dist/index.mjs.map +1 -1
  26. package/package.json +2 -2
  27. package/src/_api/generated/client/index.ts +1 -0
  28. package/src/_api/generated/client/utils.gen.ts +2 -2
  29. package/src/_api/generated/client.gen.ts +2 -2
  30. package/src/_api/generated/core/auth.gen.ts +7 -0
  31. package/src/_api/generated/core/params.gen.ts +10 -8
  32. package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
  33. package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
  34. package/src/_api/generated/core/utils.gen.ts +4 -4
  35. package/src/_api/generated/helpers/auth.ts +127 -1
  36. package/src/_api/generated/sdk.gen.ts +149 -53
  37. package/src/auth/context/AuthContext.tsx +8 -0
  38. package/src/auth/utils/env.ts +18 -0
  39. package/src/auth/utils/logger.ts +11 -4
  40. package/src/index.ts +12 -0
  41. package/src/log-control.ts +81 -0
package/dist/hooks.cjs CHANGED
@@ -1124,6 +1124,99 @@ async function tryRefresh() {
1124
1124
  return _refreshInflight;
1125
1125
  }
1126
1126
  __name(tryRefresh, "tryRefresh");
1127
+ function dpopEnabled() {
1128
+ try {
1129
+ return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
1130
+ } catch {
1131
+ return false;
1132
+ }
1133
+ }
1134
+ __name(dpopEnabled, "dpopEnabled");
1135
+ var _DPOP_DB = "cfg-auth";
1136
+ var _DPOP_STORE = "keys";
1137
+ var _DPOP_KEY_ID = "dpop-ec-p256";
1138
+ function _idbOpen() {
1139
+ return new Promise((resolve, reject) => {
1140
+ const req = indexedDB.open(_DPOP_DB, 1);
1141
+ req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
1142
+ req.onsuccess = () => resolve(req.result);
1143
+ req.onerror = () => reject(req.error);
1144
+ });
1145
+ }
1146
+ __name(_idbOpen, "_idbOpen");
1147
+ function _idbGet(key) {
1148
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
1149
+ const tx = db.transaction(_DPOP_STORE, "readonly");
1150
+ const req = tx.objectStore(_DPOP_STORE).get(key);
1151
+ req.onsuccess = () => resolve(req.result);
1152
+ req.onerror = () => reject(req.error);
1153
+ }));
1154
+ }
1155
+ __name(_idbGet, "_idbGet");
1156
+ function _idbPut(key, value) {
1157
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
1158
+ const tx = db.transaction(_DPOP_STORE, "readwrite");
1159
+ tx.objectStore(_DPOP_STORE).put(value, key);
1160
+ tx.oncomplete = () => resolve();
1161
+ tx.onerror = () => reject(tx.error);
1162
+ }));
1163
+ }
1164
+ __name(_idbPut, "_idbPut");
1165
+ var _dpopKeyPromise = null;
1166
+ function _getDpopKeyPair() {
1167
+ if (_dpopKeyPromise) return _dpopKeyPromise;
1168
+ _dpopKeyPromise = (async () => {
1169
+ const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
1170
+ if (existing) return existing;
1171
+ const pair = await crypto.subtle.generateKey(
1172
+ { name: "ECDSA", namedCurve: "P-256" },
1173
+ false,
1174
+ // extractable:false — JS can sign but never export the private key
1175
+ ["sign"]
1176
+ );
1177
+ await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
1178
+ });
1179
+ return pair;
1180
+ })();
1181
+ return _dpopKeyPromise;
1182
+ }
1183
+ __name(_getDpopKeyPair, "_getDpopKeyPair");
1184
+ function _b64urlFromBytes(bytes) {
1185
+ const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
1186
+ let s = "";
1187
+ for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
1188
+ return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
1189
+ }
1190
+ __name(_b64urlFromBytes, "_b64urlFromBytes");
1191
+ function _b64urlFromString(str) {
1192
+ return _b64urlFromBytes(new TextEncoder().encode(str));
1193
+ }
1194
+ __name(_b64urlFromString, "_b64urlFromString");
1195
+ async function _publicJwk(pub) {
1196
+ const jwk = await crypto.subtle.exportKey("jwk", pub);
1197
+ return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
1198
+ }
1199
+ __name(_publicJwk, "_publicJwk");
1200
+ async function _makeDpopProof(method, url) {
1201
+ try {
1202
+ const pair = await _getDpopKeyPair();
1203
+ const jwk = await _publicJwk(pair.publicKey);
1204
+ const header = { typ: "dpop+jwt", alg: "ES256", jwk };
1205
+ const htu = url.split("#")[0].split("?")[0];
1206
+ const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
1207
+ const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
1208
+ const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
1209
+ const sig = await crypto.subtle.sign(
1210
+ { name: "ECDSA", hash: "SHA-256" },
1211
+ pair.privateKey,
1212
+ new TextEncoder().encode(signingInput)
1213
+ );
1214
+ return `${signingInput}.${_b64urlFromBytes(sig)}`;
1215
+ } catch {
1216
+ return null;
1217
+ }
1218
+ }
1219
+ __name(_makeDpopProof, "_makeDpopProof");
1127
1220
  function installAuthOnClient(client2) {
1128
1221
  if (_client) return;
1129
1222
  _client = client2;
@@ -1131,7 +1224,7 @@ function installAuthOnClient(client2) {
1131
1224
  baseUrl: auth.getBaseUrl(),
1132
1225
  credentials: _withCredentials ? "include" : "same-origin"
1133
1226
  });
1134
- client2.interceptors.request.use((request) => {
1227
+ client2.interceptors.request.use(async (request) => {
1135
1228
  const token = auth.getToken();
1136
1229
  if (token) request.headers.set("Authorization", `Bearer ${token}`);
1137
1230
  const locale = auth.getLocale();
@@ -1144,6 +1237,10 @@ function installAuthOnClient(client2) {
1144
1237
  } catch {
1145
1238
  }
1146
1239
  request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
1240
+ if (dpopEnabled() && typeof window !== "undefined") {
1241
+ const proof = await _makeDpopProof(request.method, request.url);
1242
+ if (proof) request.headers.set("DPoP", proof);
1243
+ }
1147
1244
  return request;
1148
1245
  });
1149
1246
  client2.interceptors.error.use((err, res, req) => {
@@ -1177,6 +1274,10 @@ function installAuthOnClient(client2) {
1177
1274
  const retry = request.clone();
1178
1275
  retry.headers.set("Authorization", `Bearer ${newToken}`);
1179
1276
  retry.headers.set(RETRY_MARKER, "1");
1277
+ if (dpopEnabled() && typeof window !== "undefined") {
1278
+ const proof = await _makeDpopProof(retry.method, retry.url);
1279
+ if (proof) retry.headers.set("DPoP", proof);
1280
+ }
1180
1281
  try {
1181
1282
  const retried = await fetch(retry);
1182
1283
  if (retried.status === 401 && _onUnauthorized) {
@@ -1216,7 +1317,11 @@ var CfgAccountsApiKey = class {
1216
1317
  static cfgAccountsApiKeyRetrieve(options) {
1217
1318
  return (options?.client ?? client).get({
1218
1319
  security: [
1219
- { scheme: "bearer", type: "http" },
1320
+ {
1321
+ key: "jwtAuth",
1322
+ scheme: "bearer",
1323
+ type: "http"
1324
+ },
1220
1325
  {
1221
1326
  in: "cookie",
1222
1327
  name: "sessionid",
@@ -1236,7 +1341,11 @@ var CfgAccountsApiKey = class {
1236
1341
  static cfgAccountsApiKeyRegenerateCreate(options) {
1237
1342
  return (options.client ?? client).post({
1238
1343
  security: [
1239
- { scheme: "bearer", type: "http" },
1344
+ {
1345
+ key: "jwtAuth",
1346
+ scheme: "bearer",
1347
+ type: "http"
1348
+ },
1240
1349
  {
1241
1350
  in: "cookie",
1242
1351
  name: "sessionid",
@@ -1260,7 +1369,11 @@ var CfgAccountsApiKey = class {
1260
1369
  static cfgAccountsApiKeyTestCreate(options) {
1261
1370
  return (options.client ?? client).post({
1262
1371
  security: [
1263
- { scheme: "bearer", type: "http" },
1372
+ {
1373
+ key: "jwtAuth",
1374
+ scheme: "bearer",
1375
+ type: "http"
1376
+ },
1264
1377
  {
1265
1378
  in: "cookie",
1266
1379
  name: "sessionid",