@djangocfg/api 2.1.427 → 2.1.428

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/README.md +56 -0
  2. package/dist/auth-server.cjs +248 -32
  3. package/dist/auth-server.cjs.map +1 -1
  4. package/dist/auth-server.mjs +248 -32
  5. package/dist/auth-server.mjs.map +1 -1
  6. package/dist/auth.cjs +271 -29
  7. package/dist/auth.cjs.map +1 -1
  8. package/dist/auth.mjs +271 -29
  9. package/dist/auth.mjs.map +1 -1
  10. package/dist/clients.cjs +222 -25
  11. package/dist/clients.cjs.map +1 -1
  12. package/dist/clients.d.cts +35 -28
  13. package/dist/clients.d.ts +35 -28
  14. package/dist/clients.mjs +222 -25
  15. package/dist/clients.mjs.map +1 -1
  16. package/dist/hooks.cjs +117 -4
  17. package/dist/hooks.cjs.map +1 -1
  18. package/dist/hooks.mjs +117 -4
  19. package/dist/hooks.mjs.map +1 -1
  20. package/dist/index.cjs +277 -26
  21. package/dist/index.cjs.map +1 -1
  22. package/dist/index.d.cts +98 -29
  23. package/dist/index.d.ts +98 -29
  24. package/dist/index.mjs +277 -26
  25. package/dist/index.mjs.map +1 -1
  26. package/package.json +2 -2
  27. package/src/_api/generated/client/index.ts +1 -0
  28. package/src/_api/generated/client/utils.gen.ts +2 -2
  29. package/src/_api/generated/client.gen.ts +2 -2
  30. package/src/_api/generated/core/auth.gen.ts +7 -0
  31. package/src/_api/generated/core/params.gen.ts +10 -8
  32. package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
  33. package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
  34. package/src/_api/generated/core/utils.gen.ts +4 -4
  35. package/src/_api/generated/helpers/auth.ts +127 -1
  36. package/src/_api/generated/sdk.gen.ts +149 -53
  37. package/src/auth/context/AuthContext.tsx +8 -0
  38. package/src/auth/utils/env.ts +18 -0
  39. package/src/auth/utils/logger.ts +11 -4
  40. package/src/index.ts +12 -0
  41. package/src/log-control.ts +81 -0
package/dist/index.cjs CHANGED
@@ -43,11 +43,20 @@ __export(index_exports, {
43
43
  MemoryStorageAdapter: () => MemoryStorageAdapter,
44
44
  NetworkError: () => NetworkError,
45
45
  api: () => CfgAccountsApi,
46
+ applyRoleLogPolicy: () => applyRoleLogPolicy,
46
47
  auth: () => auth,
47
48
  defaultLogger: () => defaultLogger,
48
49
  dispatchValidationError: () => dispatchValidationError,
50
+ dpopEnabled: () => dpopEnabled2,
49
51
  formatZodError: () => formatZodError,
50
- onValidationError: () => onValidationError
52
+ getLogLevel: () => getLogLevel,
53
+ isBrowser: () => isBrowser2,
54
+ isDev: () => isDev,
55
+ isProd: () => isProd,
56
+ isStaticBuild: () => isStaticBuild,
57
+ onLogLevelChange: () => onLogLevelChange,
58
+ onValidationError: () => onValidationError,
59
+ setLogLevel: () => setLogLevel
51
60
  });
52
61
  module.exports = __toCommonJS(index_exports);
53
62
 
@@ -354,6 +363,99 @@ async function tryRefresh() {
354
363
  return _refreshInflight;
355
364
  }
356
365
  __name(tryRefresh, "tryRefresh");
366
+ function dpopEnabled() {
367
+ try {
368
+ return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
369
+ } catch {
370
+ return false;
371
+ }
372
+ }
373
+ __name(dpopEnabled, "dpopEnabled");
374
+ var _DPOP_DB = "cfg-auth";
375
+ var _DPOP_STORE = "keys";
376
+ var _DPOP_KEY_ID = "dpop-ec-p256";
377
+ function _idbOpen() {
378
+ return new Promise((resolve, reject) => {
379
+ const req = indexedDB.open(_DPOP_DB, 1);
380
+ req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
381
+ req.onsuccess = () => resolve(req.result);
382
+ req.onerror = () => reject(req.error);
383
+ });
384
+ }
385
+ __name(_idbOpen, "_idbOpen");
386
+ function _idbGet(key) {
387
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
388
+ const tx = db.transaction(_DPOP_STORE, "readonly");
389
+ const req = tx.objectStore(_DPOP_STORE).get(key);
390
+ req.onsuccess = () => resolve(req.result);
391
+ req.onerror = () => reject(req.error);
392
+ }));
393
+ }
394
+ __name(_idbGet, "_idbGet");
395
+ function _idbPut(key, value) {
396
+ return _idbOpen().then((db) => new Promise((resolve, reject) => {
397
+ const tx = db.transaction(_DPOP_STORE, "readwrite");
398
+ tx.objectStore(_DPOP_STORE).put(value, key);
399
+ tx.oncomplete = () => resolve();
400
+ tx.onerror = () => reject(tx.error);
401
+ }));
402
+ }
403
+ __name(_idbPut, "_idbPut");
404
+ var _dpopKeyPromise = null;
405
+ function _getDpopKeyPair() {
406
+ if (_dpopKeyPromise) return _dpopKeyPromise;
407
+ _dpopKeyPromise = (async () => {
408
+ const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
409
+ if (existing) return existing;
410
+ const pair = await crypto.subtle.generateKey(
411
+ { name: "ECDSA", namedCurve: "P-256" },
412
+ false,
413
+ // extractable:false — JS can sign but never export the private key
414
+ ["sign"]
415
+ );
416
+ await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
417
+ });
418
+ return pair;
419
+ })();
420
+ return _dpopKeyPromise;
421
+ }
422
+ __name(_getDpopKeyPair, "_getDpopKeyPair");
423
+ function _b64urlFromBytes(bytes) {
424
+ const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
425
+ let s = "";
426
+ for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
427
+ return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
428
+ }
429
+ __name(_b64urlFromBytes, "_b64urlFromBytes");
430
+ function _b64urlFromString(str) {
431
+ return _b64urlFromBytes(new TextEncoder().encode(str));
432
+ }
433
+ __name(_b64urlFromString, "_b64urlFromString");
434
+ async function _publicJwk(pub) {
435
+ const jwk = await crypto.subtle.exportKey("jwk", pub);
436
+ return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
437
+ }
438
+ __name(_publicJwk, "_publicJwk");
439
+ async function _makeDpopProof(method, url) {
440
+ try {
441
+ const pair = await _getDpopKeyPair();
442
+ const jwk = await _publicJwk(pair.publicKey);
443
+ const header = { typ: "dpop+jwt", alg: "ES256", jwk };
444
+ const htu = url.split("#")[0].split("?")[0];
445
+ const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
446
+ const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
447
+ const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
448
+ const sig = await crypto.subtle.sign(
449
+ { name: "ECDSA", hash: "SHA-256" },
450
+ pair.privateKey,
451
+ new TextEncoder().encode(signingInput)
452
+ );
453
+ return `${signingInput}.${_b64urlFromBytes(sig)}`;
454
+ } catch {
455
+ return null;
456
+ }
457
+ }
458
+ __name(_makeDpopProof, "_makeDpopProof");
357
459
  function installAuthOnClient(client2) {
358
460
  if (_client) return;
359
461
  _client = client2;
@@ -361,7 +463,7 @@ function installAuthOnClient(client2) {
361
463
  baseUrl: auth.getBaseUrl(),
362
464
  credentials: _withCredentials ? "include" : "same-origin"
363
465
  });
364
- client2.interceptors.request.use((request) => {
466
+ client2.interceptors.request.use(async (request) => {
365
467
  const token = auth.getToken();
366
468
  if (token) request.headers.set("Authorization", `Bearer ${token}`);
367
469
  const locale = auth.getLocale();
@@ -374,6 +476,10 @@ function installAuthOnClient(client2) {
374
476
  } catch {
375
477
  }
376
478
  request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
479
+ if (dpopEnabled() && typeof window !== "undefined") {
480
+ const proof = await _makeDpopProof(request.method, request.url);
481
+ if (proof) request.headers.set("DPoP", proof);
482
+ }
377
483
  return request;
378
484
  });
379
485
  client2.interceptors.error.use((err, res, req) => {
@@ -407,6 +513,10 @@ function installAuthOnClient(client2) {
407
513
  const retry = request.clone();
408
514
  retry.headers.set("Authorization", `Bearer ${newToken}`);
409
515
  retry.headers.set(RETRY_MARKER, "1");
516
+ if (dpopEnabled() && typeof window !== "undefined") {
517
+ const proof = await _makeDpopProof(retry.method, retry.url);
518
+ if (proof) retry.headers.set("DPoP", proof);
519
+ }
410
520
  try {
411
521
  const retried = await fetch(retry);
412
522
  if (retried.status === 401 && _onUnauthorized) {
@@ -1356,7 +1466,11 @@ var CfgAccountsApiKey = class {
1356
1466
  static cfgAccountsApiKeyRetrieve(options) {
1357
1467
  return (options?.client ?? client).get({
1358
1468
  security: [
1359
- { scheme: "bearer", type: "http" },
1469
+ {
1470
+ key: "jwtAuth",
1471
+ scheme: "bearer",
1472
+ type: "http"
1473
+ },
1360
1474
  {
1361
1475
  in: "cookie",
1362
1476
  name: "sessionid",
@@ -1376,7 +1490,11 @@ var CfgAccountsApiKey = class {
1376
1490
  static cfgAccountsApiKeyRegenerateCreate(options) {
1377
1491
  return (options.client ?? client).post({
1378
1492
  security: [
1379
- { scheme: "bearer", type: "http" },
1493
+ {
1494
+ key: "jwtAuth",
1495
+ scheme: "bearer",
1496
+ type: "http"
1497
+ },
1380
1498
  {
1381
1499
  in: "cookie",
1382
1500
  name: "sessionid",
@@ -1400,7 +1518,11 @@ var CfgAccountsApiKey = class {
1400
1518
  static cfgAccountsApiKeyTestCreate(options) {
1401
1519
  return (options.client ?? client).post({
1402
1520
  security: [
1403
- { scheme: "bearer", type: "http" },
1521
+ {
1522
+ key: "jwtAuth",
1523
+ scheme: "bearer",
1524
+ type: "http"
1525
+ },
1404
1526
  {
1405
1527
  in: "cookie",
1406
1528
  name: "sessionid",
@@ -1428,7 +1550,11 @@ var CfgAccountsOauth = class {
1428
1550
  */
1429
1551
  static cfgAccountsOauthConnectionsList(options) {
1430
1552
  return (options?.client ?? client).get({
1431
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1553
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1554
+ key: "jwtAuthWithLastLogin",
1555
+ scheme: "bearer",
1556
+ type: "http"
1557
+ }],
1432
1558
  url: "/cfg/accounts/oauth/connections/",
1433
1559
  ...options
1434
1560
  });
@@ -1440,7 +1566,11 @@ var CfgAccountsOauth = class {
1440
1566
  */
1441
1567
  static cfgAccountsOauthDisconnectCreate(options) {
1442
1568
  return (options.client ?? client).post({
1443
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1569
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1570
+ key: "jwtAuthWithLastLogin",
1571
+ scheme: "bearer",
1572
+ type: "http"
1573
+ }],
1444
1574
  url: "/cfg/accounts/oauth/disconnect/",
1445
1575
  ...options,
1446
1576
  headers: {
@@ -1497,7 +1627,11 @@ var CfgAccounts = class {
1497
1627
  */
1498
1628
  static cfgAccountsOtpRequestCreate(options) {
1499
1629
  return (options.client ?? client).post({
1500
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1630
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1631
+ key: "jwtAuthWithLastLogin",
1632
+ scheme: "bearer",
1633
+ type: "http"
1634
+ }],
1501
1635
  url: "/cfg/accounts/otp/request/",
1502
1636
  ...options,
1503
1637
  headers: {
@@ -1518,7 +1652,11 @@ var CfgAccounts = class {
1518
1652
  */
1519
1653
  static cfgAccountsOtpVerifyCreate(options) {
1520
1654
  return (options.client ?? client).post({
1521
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1655
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1656
+ key: "jwtAuthWithLastLogin",
1657
+ scheme: "bearer",
1658
+ type: "http"
1659
+ }],
1522
1660
  url: "/cfg/accounts/otp/verify/",
1523
1661
  ...options,
1524
1662
  headers: {
@@ -1539,7 +1677,11 @@ var CfgAccountsProfile = class {
1539
1677
  */
1540
1678
  static cfgAccountsProfileRetrieve(options) {
1541
1679
  return (options?.client ?? client).get({
1542
- security: [{ scheme: "bearer", type: "http" }, {
1680
+ security: [{
1681
+ key: "jwtAuth",
1682
+ scheme: "bearer",
1683
+ type: "http"
1684
+ }, {
1543
1685
  in: "cookie",
1544
1686
  name: "sessionid",
1545
1687
  type: "apiKey"
@@ -1556,7 +1698,11 @@ var CfgAccountsProfile = class {
1556
1698
  static cfgAccountsProfileAvatarCreate(options) {
1557
1699
  return (options?.client ?? client).post({
1558
1700
  ...formDataBodySerializer,
1559
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1701
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1702
+ key: "jwtAuthWithLastLogin",
1703
+ scheme: "bearer",
1704
+ type: "http"
1705
+ }],
1560
1706
  url: "/cfg/accounts/profile/avatar/",
1561
1707
  ...options,
1562
1708
  headers: {
@@ -1582,7 +1728,11 @@ var CfgAccountsProfile = class {
1582
1728
  */
1583
1729
  static cfgAccountsProfileDeleteCreate(options) {
1584
1730
  return (options?.client ?? client).post({
1585
- security: [{ scheme: "bearer", type: "http" }, {
1731
+ security: [{
1732
+ key: "jwtAuth",
1733
+ scheme: "bearer",
1734
+ type: "http"
1735
+ }, {
1586
1736
  in: "cookie",
1587
1737
  name: "sessionid",
1588
1738
  type: "apiKey"
@@ -1598,7 +1748,11 @@ var CfgAccountsProfile = class {
1598
1748
  */
1599
1749
  static cfgAccountsProfilePartialPartialUpdate(options) {
1600
1750
  return (options?.client ?? client).patch({
1601
- security: [{ scheme: "bearer", type: "http" }, {
1751
+ security: [{
1752
+ key: "jwtAuth",
1753
+ scheme: "bearer",
1754
+ type: "http"
1755
+ }, {
1602
1756
  in: "cookie",
1603
1757
  name: "sessionid",
1604
1758
  type: "apiKey"
@@ -1618,7 +1772,11 @@ var CfgAccountsProfile = class {
1618
1772
  */
1619
1773
  static cfgAccountsProfilePartialUpdate(options) {
1620
1774
  return (options?.client ?? client).put({
1621
- security: [{ scheme: "bearer", type: "http" }, {
1775
+ security: [{
1776
+ key: "jwtAuth",
1777
+ scheme: "bearer",
1778
+ type: "http"
1779
+ }, {
1622
1780
  in: "cookie",
1623
1781
  name: "sessionid",
1624
1782
  type: "apiKey"
@@ -1638,7 +1796,11 @@ var CfgAccountsProfile = class {
1638
1796
  */
1639
1797
  static cfgAccountsProfileUpdatePartialUpdate(options) {
1640
1798
  return (options?.client ?? client).patch({
1641
- security: [{ scheme: "bearer", type: "http" }, {
1799
+ security: [{
1800
+ key: "jwtAuth",
1801
+ scheme: "bearer",
1802
+ type: "http"
1803
+ }, {
1642
1804
  in: "cookie",
1643
1805
  name: "sessionid",
1644
1806
  type: "apiKey"
@@ -1658,7 +1820,11 @@ var CfgAccountsProfile = class {
1658
1820
  */
1659
1821
  static cfgAccountsProfileUpdateUpdate(options) {
1660
1822
  return (options?.client ?? client).put({
1661
- security: [{ scheme: "bearer", type: "http" }, {
1823
+ security: [{
1824
+ key: "jwtAuth",
1825
+ scheme: "bearer",
1826
+ type: "http"
1827
+ }, {
1662
1828
  in: "cookie",
1663
1829
  name: "sessionid",
1664
1830
  type: "apiKey"
@@ -1701,7 +1867,11 @@ var CfgCentrifugo = class {
1701
1867
  */
1702
1868
  static cfgCentrifugoAuthTokenRetrieve(options) {
1703
1869
  return (options?.client ?? client).get({
1704
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1870
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1871
+ key: "jwtAuthWithLastLogin",
1872
+ scheme: "bearer",
1873
+ type: "http"
1874
+ }],
1705
1875
  url: "/cfg/centrifugo/auth/token/",
1706
1876
  ...options
1707
1877
  });
@@ -1716,7 +1886,11 @@ var CfgTotpBackupCodes = class {
1716
1886
  */
1717
1887
  static cfgTotpBackupCodesRetrieve(options) {
1718
1888
  return (options?.client ?? client).get({
1719
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1889
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1890
+ key: "jwtAuthWithLastLogin",
1891
+ scheme: "bearer",
1892
+ type: "http"
1893
+ }],
1720
1894
  url: "/cfg/totp/backup-codes/",
1721
1895
  ...options
1722
1896
  });
@@ -1729,7 +1903,11 @@ var CfgTotpBackupCodes = class {
1729
1903
  */
1730
1904
  static cfgTotpBackupCodesRegenerateCreate(options) {
1731
1905
  return (options.client ?? client).post({
1732
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1906
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1907
+ key: "jwtAuthWithLastLogin",
1908
+ scheme: "bearer",
1909
+ type: "http"
1910
+ }],
1733
1911
  url: "/cfg/totp/backup-codes/regenerate/",
1734
1912
  ...options,
1735
1913
  headers: {
@@ -1748,7 +1926,11 @@ var CfgTotp = class {
1748
1926
  */
1749
1927
  static cfgTotpDevicesRetrieve(options) {
1750
1928
  return (options?.client ?? client).get({
1751
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1929
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1930
+ key: "jwtAuthWithLastLogin",
1931
+ scheme: "bearer",
1932
+ type: "http"
1933
+ }],
1752
1934
  url: "/cfg/totp/devices/",
1753
1935
  ...options
1754
1936
  });
@@ -1760,7 +1942,11 @@ var CfgTotp = class {
1760
1942
  */
1761
1943
  static cfgTotpDevicesDestroy(options) {
1762
1944
  return (options.client ?? client).delete({
1763
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1945
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1946
+ key: "jwtAuthWithLastLogin",
1947
+ scheme: "bearer",
1948
+ type: "http"
1949
+ }],
1764
1950
  url: "/cfg/totp/devices/{id}/",
1765
1951
  ...options
1766
1952
  });
@@ -1772,7 +1958,11 @@ var CfgTotp = class {
1772
1958
  */
1773
1959
  static cfgTotpDisableCreate(options) {
1774
1960
  return (options.client ?? client).post({
1775
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1961
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1962
+ key: "jwtAuthWithLastLogin",
1963
+ scheme: "bearer",
1964
+ type: "http"
1965
+ }],
1776
1966
  url: "/cfg/totp/disable/",
1777
1967
  ...options,
1778
1968
  headers: {
@@ -1793,7 +1983,11 @@ var CfgTotpSetup = class {
1793
1983
  */
1794
1984
  static cfgTotpSetupCreate(options) {
1795
1985
  return (options?.client ?? client).post({
1796
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
1986
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
1987
+ key: "jwtAuthWithLastLogin",
1988
+ scheme: "bearer",
1989
+ type: "http"
1990
+ }],
1797
1991
  url: "/cfg/totp/setup/",
1798
1992
  ...options,
1799
1993
  headers: {
@@ -1809,7 +2003,11 @@ var CfgTotpSetup = class {
1809
2003
  */
1810
2004
  static cfgTotpSetupConfirmCreate(options) {
1811
2005
  return (options.client ?? client).post({
1812
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2006
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2007
+ key: "jwtAuthWithLastLogin",
2008
+ scheme: "bearer",
2009
+ type: "http"
2010
+ }],
1813
2011
  url: "/cfg/totp/setup/confirm/",
1814
2012
  ...options,
1815
2013
  headers: {
@@ -1830,7 +2028,11 @@ var CfgTotpVerify = class {
1830
2028
  */
1831
2029
  static cfgTotpVerifyCreate(options) {
1832
2030
  return (options.client ?? client).post({
1833
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2031
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2032
+ key: "jwtAuthWithLastLogin",
2033
+ scheme: "bearer",
2034
+ type: "http"
2035
+ }],
1834
2036
  url: "/cfg/totp/verify/",
1835
2037
  ...options,
1836
2038
  headers: {
@@ -1846,7 +2048,11 @@ var CfgTotpVerify = class {
1846
2048
  */
1847
2049
  static cfgTotpVerifyBackupCreate(options) {
1848
2050
  return (options.client ?? client).post({
1849
- security: [{ name: "X-API-Key", type: "apiKey" }, { scheme: "bearer", type: "http" }],
2051
+ security: [{ name: "X-API-Key", type: "apiKey" }, {
2052
+ key: "jwtAuthWithLastLogin",
2053
+ scheme: "bearer",
2054
+ type: "http"
2055
+ }],
1850
2056
  url: "/cfg/totp/verify/backup/",
1851
2057
  ...options,
1852
2058
  headers: {
@@ -2187,4 +2393,49 @@ var API3 = class {
2187
2393
  var CfgAccountsApi = new API();
2188
2394
  var CfgCentrifugoApi = new API2();
2189
2395
  var CfgTotpApi = new API3();
2396
+
2397
+ // src/auth/utils/env.ts
2398
+ var isDev = process.env.NODE_ENV === "development";
2399
+ var isProd = !isDev;
2400
+ var isBrowser2 = typeof window !== "undefined";
2401
+ var isStaticBuild = process.env.NEXT_PUBLIC_STATIC_BUILD === "true";
2402
+ var dpopEnabled2 = process.env.NEXT_PUBLIC_DPOP_ENABLED === "true";
2403
+
2404
+ // src/log-control.ts
2405
+ var verboseByDefault = isDev || isStaticBuild;
2406
+ var DEFAULT_LEVEL = verboseByDefault ? 4 : 1;
2407
+ var _level = DEFAULT_LEVEL;
2408
+ var _subscribers = /* @__PURE__ */ new Set();
2409
+ function getLogLevel() {
2410
+ return _level;
2411
+ }
2412
+ __name(getLogLevel, "getLogLevel");
2413
+ function setLogLevel(level) {
2414
+ _level = level;
2415
+ for (const fn of _subscribers) {
2416
+ try {
2417
+ fn(level);
2418
+ } catch {
2419
+ }
2420
+ }
2421
+ }
2422
+ __name(setLogLevel, "setLogLevel");
2423
+ function onLogLevelChange(fn) {
2424
+ _subscribers.add(fn);
2425
+ try {
2426
+ fn(_level);
2427
+ } catch {
2428
+ }
2429
+ return () => _subscribers.delete(fn);
2430
+ }
2431
+ __name(onLogLevelChange, "onLogLevelChange");
2432
+ function applyRoleLogPolicy(opts) {
2433
+ const devMode = opts.isDev ?? verboseByDefault;
2434
+ if (opts.isAdmin || devMode) {
2435
+ setLogLevel(4);
2436
+ } else {
2437
+ setLogLevel(1);
2438
+ }
2439
+ }
2440
+ __name(applyRoleLogPolicy, "applyRoleLogPolicy");
2190
2441
  //# sourceMappingURL=index.cjs.map