@djangocfg/api 2.1.427 → 2.1.428

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +56 -0
  2. package/dist/auth-server.cjs +248 -32
  3. package/dist/auth-server.cjs.map +1 -1
  4. package/dist/auth-server.mjs +248 -32
  5. package/dist/auth-server.mjs.map +1 -1
  6. package/dist/auth.cjs +271 -29
  7. package/dist/auth.cjs.map +1 -1
  8. package/dist/auth.mjs +271 -29
  9. package/dist/auth.mjs.map +1 -1
  10. package/dist/clients.cjs +222 -25
  11. package/dist/clients.cjs.map +1 -1
  12. package/dist/clients.d.cts +35 -28
  13. package/dist/clients.d.ts +35 -28
  14. package/dist/clients.mjs +222 -25
  15. package/dist/clients.mjs.map +1 -1
  16. package/dist/hooks.cjs +117 -4
  17. package/dist/hooks.cjs.map +1 -1
  18. package/dist/hooks.mjs +117 -4
  19. package/dist/hooks.mjs.map +1 -1
  20. package/dist/index.cjs +277 -26
  21. package/dist/index.cjs.map +1 -1
  22. package/dist/index.d.cts +98 -29
  23. package/dist/index.d.ts +98 -29
  24. package/dist/index.mjs +277 -26
  25. package/dist/index.mjs.map +1 -1
  26. package/package.json +2 -2
  27. package/src/_api/generated/client/index.ts +1 -0
  28. package/src/_api/generated/client/utils.gen.ts +2 -2
  29. package/src/_api/generated/client.gen.ts +2 -2
  30. package/src/_api/generated/core/auth.gen.ts +7 -0
  31. package/src/_api/generated/core/params.gen.ts +10 -8
  32. package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
  33. package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
  34. package/src/_api/generated/core/utils.gen.ts +4 -4
  35. package/src/_api/generated/helpers/auth.ts +127 -1
  36. package/src/_api/generated/sdk.gen.ts +149 -53
  37. package/src/auth/context/AuthContext.tsx +8 -0
  38. package/src/auth/utils/env.ts +18 -0
  39. package/src/auth/utils/logger.ts +11 -4
  40. package/src/index.ts +12 -0
  41. package/src/log-control.ts +81 -0
package/dist/hooks.mjs CHANGED
@@ -1091,6 +1091,99 @@ async function tryRefresh() {
1091
1091
  return _refreshInflight;
1092
1092
  }
1093
1093
  __name(tryRefresh, "tryRefresh");
1094
+ function dpopEnabled() {
1095
+ try {
1096
+ return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
1097
+ } catch {
1098
+ return false;
1099
+ }
1100
+ }
1101
+ __name(dpopEnabled, "dpopEnabled");
1102
+ var _DPOP_DB = "cfg-auth";
1103
+ var _DPOP_STORE = "keys";
1104
+ var _DPOP_KEY_ID = "dpop-ec-p256";
1105
+ function _idbOpen() {
1106
+ return new Promise((resolve, reject) => {
1107
+ const req = indexedDB.open(_DPOP_DB, 1);
1108
+ req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
1109
+ req.onsuccess = () => resolve(req.result);
1110
+ req.onerror = () => reject(req.error);
1111
+ });
1112
+ }
1113
+ __name(_idbOpen, "_idbOpen");
1114
+ function _idbGet(key) {
1115
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
1116
+ const tx = db.transaction(_DPOP_STORE, "readonly");
1117
+ const req = tx.objectStore(_DPOP_STORE).get(key);
1118
+ req.onsuccess = () => resolve(req.result);
1119
+ req.onerror = () => reject(req.error);
1120
+ }));
1121
+ }
1122
+ __name(_idbGet, "_idbGet");
1123
+ function _idbPut(key, value) {
1124
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
1125
+ const tx = db.transaction(_DPOP_STORE, "readwrite");
1126
+ tx.objectStore(_DPOP_STORE).put(value, key);
1127
+ tx.oncomplete = () => resolve();
1128
+ tx.onerror = () => reject(tx.error);
1129
+ }));
1130
+ }
1131
+ __name(_idbPut, "_idbPut");
1132
+ var _dpopKeyPromise = null;
1133
+ function _getDpopKeyPair() {
1134
+ if (_dpopKeyPromise) return _dpopKeyPromise;
1135
+ _dpopKeyPromise = (async () => {
1136
+ const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
1137
+ if (existing) return existing;
1138
+ const pair = await crypto.subtle.generateKey(
1139
+ { name: "ECDSA", namedCurve: "P-256" },
1140
+ false,
1141
+ // extractable:false — JS can sign but never export the private key
1142
+ ["sign"]
1143
+ );
1144
+ await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
1145
+ });
1146
+ return pair;
1147
+ })();
1148
+ return _dpopKeyPromise;
1149
+ }
1150
+ __name(_getDpopKeyPair, "_getDpopKeyPair");
1151
+ function _b64urlFromBytes(bytes) {
1152
+ const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
1153
+ let s = "";
1154
+ for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
1155
+ return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
1156
+ }
1157
+ __name(_b64urlFromBytes, "_b64urlFromBytes");
1158
+ function _b64urlFromString(str) {
1159
+ return _b64urlFromBytes(new TextEncoder().encode(str));
1160
+ }
1161
+ __name(_b64urlFromString, "_b64urlFromString");
1162
+ async function _publicJwk(pub) {
1163
+ const jwk = await crypto.subtle.exportKey("jwk", pub);
1164
+ return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
1165
+ }
1166
+ __name(_publicJwk, "_publicJwk");
1167
+ async function _makeDpopProof(method, url) {
1168
+ try {
1169
+ const pair = await _getDpopKeyPair();
1170
+ const jwk = await _publicJwk(pair.publicKey);
1171
+ const header = { typ: "dpop+jwt", alg: "ES256", jwk };
1172
+ const htu = url.split("#")[0].split("?")[0];
1173
+ const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
1174
+ const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
1175
+ const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
1176
+ const sig = await crypto.subtle.sign(
1177
+ { name: "ECDSA", hash: "SHA-256" },
1178
+ pair.privateKey,
1179
+ new TextEncoder().encode(signingInput)
1180
+ );
1181
+ return `${signingInput}.${_b64urlFromBytes(sig)}`;
1182
+ } catch {
1183
+ return null;
1184
+ }
1185
+ }
1186
+ __name(_makeDpopProof, "_makeDpopProof");
1094
1187
  function installAuthOnClient(client2) {
1095
1188
  if (_client) return;
1096
1189
  _client = client2;
@@ -1098,7 +1191,7 @@ function installAuthOnClient(client2) {
1098
1191
  baseUrl: auth.getBaseUrl(),
1099
1192
  credentials: _withCredentials ? "include" : "same-origin"
1100
1193
  });
1101
- client2.interceptors.request.use((request) => {
1194
+ client2.interceptors.request.use(async (request) => {
1102
1195
  const token = auth.getToken();
1103
1196
  if (token) request.headers.set("Authorization", `Bearer ${token}`);
1104
1197
  const locale = auth.getLocale();
@@ -1111,6 +1204,10 @@ function installAuthOnClient(client2) {
1111
1204
  } catch {
1112
1205
  }
1113
1206
  request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
1207
+ if (dpopEnabled() && typeof window !== "undefined") {
1208
+ const proof = await _makeDpopProof(request.method, request.url);
1209
+ if (proof) request.headers.set("DPoP", proof);
1210
+ }
1114
1211
  return request;
1115
1212
  });
1116
1213
  client2.interceptors.error.use((err, res, req) => {
@@ -1144,6 +1241,10 @@ function installAuthOnClient(client2) {
1144
1241
  const retry = request.clone();
1145
1242
  retry.headers.set("Authorization", `Bearer ${newToken}`);
1146
1243
  retry.headers.set(RETRY_MARKER, "1");
1244
+ if (dpopEnabled() && typeof window !== "undefined") {
1245
+ const proof = await _makeDpopProof(retry.method, retry.url);
1246
+ if (proof) retry.headers.set("DPoP", proof);
1247
+ }
1147
1248
  try {
1148
1249
  const retried = await fetch(retry);
1149
1250
  if (retried.status === 401 && _onUnauthorized) {
@@ -1183,7 +1284,11 @@ var CfgAccountsApiKey = class {
1183
1284
  static cfgAccountsApiKeyRetrieve(options) {
1184
1285
  return (options?.client ?? client).get({
1185
1286
  security: [
1186
- { scheme: "bearer", type: "http" },
1287
+ {
1288
+ key: "jwtAuth",
1289
+ scheme: "bearer",
1290
+ type: "http"
1291
+ },
1187
1292
  {
1188
1293
  in: "cookie",
1189
1294
  name: "sessionid",
@@ -1203,7 +1308,11 @@ var CfgAccountsApiKey = class {
1203
1308
  static cfgAccountsApiKeyRegenerateCreate(options) {
1204
1309
  return (options.client ?? client).post({
1205
1310
  security: [
1206
- { scheme: "bearer", type: "http" },
1311
+ {
1312
+ key: "jwtAuth",
1313
+ scheme: "bearer",
1314
+ type: "http"
1315
+ },
1207
1316
  {
1208
1317
  in: "cookie",
1209
1318
  name: "sessionid",
@@ -1227,7 +1336,11 @@ var CfgAccountsApiKey = class {
1227
1336
  static cfgAccountsApiKeyTestCreate(options) {
1228
1337
  return (options.client ?? client).post({
1229
1338
  security: [
1230
- { scheme: "bearer", type: "http" },
1339
+ {
1340
+ key: "jwtAuth",
1341
+ scheme: "bearer",
1342
+ type: "http"
1343
+ },
1231
1344
  {
1232
1345
  in: "cookie",
1233
1346
  name: "sessionid",