@djangocfg/api 2.1.455 → 2.1.456
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.cjs +2654 -2920
- package/dist/auth.cjs.map +1 -1
- package/dist/auth.d.cts +18 -82
- package/dist/auth.d.ts +18 -82
- package/dist/auth.mjs +385 -2861
- package/dist/auth.mjs.map +1 -1
- package/dist/chunk-2G67QRNU.mjs +2096 -0
- package/dist/chunk-2G67QRNU.mjs.map +1 -0
- package/dist/chunk-32SRQGAC.mjs +2109 -0
- package/dist/chunk-32SRQGAC.mjs.map +1 -0
- package/dist/chunk-4BPRCONN.mjs +2098 -0
- package/dist/chunk-4BPRCONN.mjs.map +1 -0
- package/dist/chunk-5UZ2Z323.mjs +2021 -0
- package/dist/chunk-5UZ2Z323.mjs.map +1 -0
- package/dist/chunk-7KFTJXNM.mjs +2097 -0
- package/dist/chunk-7KFTJXNM.mjs.map +1 -0
- package/dist/chunk-BK4K5CVT.mjs +2019 -0
- package/dist/chunk-BK4K5CVT.mjs.map +1 -0
- package/dist/chunk-JLPJZ6WB.mjs +2020 -0
- package/dist/chunk-JLPJZ6WB.mjs.map +1 -0
- package/dist/chunk-TVU6PYJH.mjs +2032 -0
- package/dist/chunk-TVU6PYJH.mjs.map +1 -0
- package/dist/clients.cjs +2210 -1847
- package/dist/clients.cjs.map +1 -1
- package/dist/clients.d.cts +23 -0
- package/dist/clients.d.ts +23 -0
- package/dist/clients.mjs +14 -1845
- package/dist/clients.mjs.map +1 -1
- package/dist/hooks.cjs +1776 -962
- package/dist/hooks.cjs.map +1 -1
- package/dist/hooks.mjs +4 -1375
- package/dist/hooks.mjs.map +1 -1
- package/dist/index.cjs +2245 -1877
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +81 -4
- package/dist/index.d.ts +81 -4
- package/dist/index.mjs +20 -1860
- package/dist/index.mjs.map +1 -1
- package/dist/sdk.gen-2SQOPTWJ.mjs +26 -0
- package/dist/sdk.gen-2SQOPTWJ.mjs.map +1 -0
- package/dist/sdk.gen-HSGK4C5S.mjs +26 -0
- package/dist/sdk.gen-HSGK4C5S.mjs.map +1 -0
- package/dist/sdk.gen-NUK2VGHO.mjs +25 -0
- package/dist/sdk.gen-NUK2VGHO.mjs.map +1 -0
- package/dist/sdk.gen-O4KAQUZB.mjs +26 -0
- package/dist/sdk.gen-O4KAQUZB.mjs.map +1 -0
- package/dist/sdk.gen-PPAVSBNT.mjs +26 -0
- package/dist/sdk.gen-PPAVSBNT.mjs.map +1 -0
- package/dist/sdk.gen-XLHLOCJ2.mjs +25 -0
- package/dist/sdk.gen-XLHLOCJ2.mjs.map +1 -0
- package/dist/sdk.gen-ZOE6NQAL.mjs +26 -0
- package/dist/sdk.gen-ZOE6NQAL.mjs.map +1 -0
- package/dist/sdk.gen-ZT7LGJVO.mjs +26 -0
- package/dist/sdk.gen-ZT7LGJVO.mjs.map +1 -0
- package/package.json +2 -2
- package/src/_api/generated/_cfg_accounts/hooks/index.ts +1 -0
- package/src/_api/generated/_cfg_accounts/hooks/useCfgAccountsTokenBlacklistCreate.ts +28 -0
- package/src/_api/generated/_cfg_accounts/openapi.json +99 -0
- package/src/_api/generated/_cfg_accounts/schemas/TokenBlacklistRequest.ts +11 -0
- package/src/_api/generated/_cfg_accounts/schemas/index.ts +1 -0
- package/src/_api/generated/_cfg_centrifugo/openapi.json +9 -0
- package/src/_api/generated/_cfg_totp/openapi.json +33 -0
- package/src/_api/generated/helpers/auth.ts +276 -31
- package/src/_api/generated/openapi.json +129 -0
- package/src/_api/generated/sdk.gen.ts +94 -16
- package/src/_api/generated/types.gen.ts +18 -0
- package/src/auth/__tests__/guard.test.ts +0 -31
- package/src/auth/constants.ts +6 -0
- package/src/auth/context/AccountsContext.tsx +14 -24
- package/src/auth/context/AuthContext.tsx +226 -609
- package/src/auth/hooks/index.ts +3 -4
- package/src/auth/hooks/useGithubAuth.ts +3 -3
- package/src/auth/hooks/useSession.ts +22 -0
- package/src/auth/hooks/useTwoFactor.ts +4 -4
- package/src/auth/middlewares/index.ts +5 -6
- package/src/auth/utils/guard.ts +0 -22
- package/src/auth/utils/index.ts +0 -2
- package/src/_api/generated/_cfg_accounts/events.ts +0 -198
- package/src/_api/generated/_cfg_centrifugo/events.ts +0 -198
- package/src/_api/generated/_cfg_totp/events.ts +0 -198
- package/src/auth/__tests__/jwt.test.ts +0 -119
- package/src/auth/__tests__/sessionBootstrap.test.ts +0 -111
- package/src/auth/__tests__/useTokenRefresh.dom.test.tsx +0 -167
- package/src/auth/hooks/useAuthGuard.ts +0 -35
- package/src/auth/hooks/useTokenRefresh.ts +0 -131
- package/src/auth/refreshHandler.ts +0 -79
- package/src/auth/utils/jwt.ts +0 -66
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
import { type Client, type ClientMeta, formDataBodySerializer, type Options as Options2, type RequestResult, type TDataShape } from './client';
|
|
4
4
|
import { client } from './client.gen';
|
|
5
|
-
import type { CfgAccountsApiKeyRegenerateCreateData, CfgAccountsApiKeyRegenerateCreateErrors, CfgAccountsApiKeyRegenerateCreateResponses, CfgAccountsApiKeyRetrieveData, CfgAccountsApiKeyRetrieveErrors, CfgAccountsApiKeyRetrieveResponses, CfgAccountsApiKeyRevealCreateData, CfgAccountsApiKeyRevealCreateErrors, CfgAccountsApiKeyRevealCreateResponses, CfgAccountsApiKeyTestCreateData, CfgAccountsApiKeyTestCreateResponses, CfgAccountsOauthConnectionsListData, CfgAccountsOauthConnectionsListResponses, CfgAccountsOauthDisconnectCreateData, CfgAccountsOauthDisconnectCreateErrors, CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthGithubAuthorizeCreateData, CfgAccountsOauthGithubAuthorizeCreateErrors, CfgAccountsOauthGithubAuthorizeCreateResponses, CfgAccountsOauthGithubCallbackCreateData, CfgAccountsOauthGithubCallbackCreateErrors, CfgAccountsOauthGithubCallbackCreateResponses, CfgAccountsOauthProvidersRetrieveData, CfgAccountsOauthProvidersRetrieveResponses, CfgAccountsOtpRequestCreateData, CfgAccountsOtpRequestCreateErrors, CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpVerifyCreateData, CfgAccountsOtpVerifyCreateErrors, CfgAccountsOtpVerifyCreateResponses, CfgAccountsProfileAvatarCreateData, CfgAccountsProfileAvatarCreateErrors, CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileDeleteCreateData, CfgAccountsProfileDeleteCreateErrors, CfgAccountsProfileDeleteCreateResponses, CfgAccountsProfilePartialPartialUpdateData, CfgAccountsProfilePartialPartialUpdateErrors, CfgAccountsProfilePartialPartialUpdateResponses, CfgAccountsProfilePartialUpdateData, CfgAccountsProfilePartialUpdateErrors, CfgAccountsProfilePartialUpdateResponses, CfgAccountsProfileRetrieveData, CfgAccountsProfileRetrieveErrors, CfgAccountsProfileRetrieveResponses, CfgAccountsProfileUpdatePartialUpdateData, CfgAccountsProfileUpdatePartialUpdateErrors, CfgAccountsProfileUpdatePartialUpdateResponses, CfgAccountsProfileUpdateUpdateData, CfgAccountsProfileUpdateUpdateErrors, CfgAccountsProfileUpdateUpdateResponses, CfgAccountsTokenRefreshCreateData, CfgAccountsTokenRefreshCreateResponses, CfgCentrifugoAuthTokenRetrieveData, CfgCentrifugoAuthTokenRetrieveErrors, CfgCentrifugoAuthTokenRetrieveResponses, CfgTotpBackupCodesRegenerateCreateData, CfgTotpBackupCodesRegenerateCreateErrors, CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRetrieveData, CfgTotpBackupCodesRetrieveResponses, CfgTotpDevicesDestroyData, CfgTotpDevicesDestroyResponses, CfgTotpDevicesRetrieveData, CfgTotpDevicesRetrieveResponses, CfgTotpDisableCreateData, CfgTotpDisableCreateErrors, CfgTotpDisableCreateResponses, CfgTotpSetupConfirmCreateData, CfgTotpSetupConfirmCreateErrors, CfgTotpSetupConfirmCreateResponses, CfgTotpSetupCreateData, CfgTotpSetupCreateErrors, CfgTotpSetupCreateResponses, CfgTotpVerifyBackupCreateData, CfgTotpVerifyBackupCreateErrors, CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyCreateData, CfgTotpVerifyCreateErrors, CfgTotpVerifyCreateResponses } from './types.gen';
|
|
5
|
+
import type { CfgAccountsApiKeyRegenerateCreateData, CfgAccountsApiKeyRegenerateCreateErrors, CfgAccountsApiKeyRegenerateCreateResponses, CfgAccountsApiKeyRetrieveData, CfgAccountsApiKeyRetrieveErrors, CfgAccountsApiKeyRetrieveResponses, CfgAccountsApiKeyRevealCreateData, CfgAccountsApiKeyRevealCreateErrors, CfgAccountsApiKeyRevealCreateResponses, CfgAccountsApiKeyTestCreateData, CfgAccountsApiKeyTestCreateResponses, CfgAccountsOauthConnectionsListData, CfgAccountsOauthConnectionsListResponses, CfgAccountsOauthDisconnectCreateData, CfgAccountsOauthDisconnectCreateErrors, CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthGithubAuthorizeCreateData, CfgAccountsOauthGithubAuthorizeCreateErrors, CfgAccountsOauthGithubAuthorizeCreateResponses, CfgAccountsOauthGithubCallbackCreateData, CfgAccountsOauthGithubCallbackCreateErrors, CfgAccountsOauthGithubCallbackCreateResponses, CfgAccountsOauthProvidersRetrieveData, CfgAccountsOauthProvidersRetrieveResponses, CfgAccountsOtpRequestCreateData, CfgAccountsOtpRequestCreateErrors, CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpVerifyCreateData, CfgAccountsOtpVerifyCreateErrors, CfgAccountsOtpVerifyCreateResponses, CfgAccountsProfileAvatarCreateData, CfgAccountsProfileAvatarCreateErrors, CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileDeleteCreateData, CfgAccountsProfileDeleteCreateErrors, CfgAccountsProfileDeleteCreateResponses, CfgAccountsProfilePartialPartialUpdateData, CfgAccountsProfilePartialPartialUpdateErrors, CfgAccountsProfilePartialPartialUpdateResponses, CfgAccountsProfilePartialUpdateData, CfgAccountsProfilePartialUpdateErrors, CfgAccountsProfilePartialUpdateResponses, CfgAccountsProfileRetrieveData, CfgAccountsProfileRetrieveErrors, CfgAccountsProfileRetrieveResponses, CfgAccountsProfileUpdatePartialUpdateData, CfgAccountsProfileUpdatePartialUpdateErrors, CfgAccountsProfileUpdatePartialUpdateResponses, CfgAccountsProfileUpdateUpdateData, CfgAccountsProfileUpdateUpdateErrors, CfgAccountsProfileUpdateUpdateResponses, CfgAccountsTokenBlacklistCreateData, CfgAccountsTokenBlacklistCreateResponses, CfgAccountsTokenRefreshCreateData, CfgAccountsTokenRefreshCreateResponses, CfgCentrifugoAuthTokenRetrieveData, CfgCentrifugoAuthTokenRetrieveErrors, CfgCentrifugoAuthTokenRetrieveResponses, CfgTotpBackupCodesRegenerateCreateData, CfgTotpBackupCodesRegenerateCreateErrors, CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRetrieveData, CfgTotpBackupCodesRetrieveResponses, CfgTotpDevicesDestroyData, CfgTotpDevicesDestroyResponses, CfgTotpDevicesRetrieveData, CfgTotpDevicesRetrieveResponses, CfgTotpDisableCreateData, CfgTotpDisableCreateErrors, CfgTotpDisableCreateResponses, CfgTotpSetupConfirmCreateData, CfgTotpSetupConfirmCreateErrors, CfgTotpSetupConfirmCreateResponses, CfgTotpSetupCreateData, CfgTotpSetupCreateErrors, CfgTotpSetupCreateResponses, CfgTotpVerifyBackupCreateData, CfgTotpVerifyBackupCreateErrors, CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyCreateData, CfgTotpVerifyCreateErrors, CfgTotpVerifyCreateResponses } from './types.gen';
|
|
6
6
|
|
|
7
7
|
export type Options<TData extends TDataShape = TDataShape, ThrowOnError extends boolean = boolean, TResponse = unknown> = Options2<TData, ThrowOnError, TResponse> & {
|
|
8
8
|
/**
|
|
@@ -124,7 +124,11 @@ export class CfgAccountsOauth {
|
|
|
124
124
|
*/
|
|
125
125
|
public static cfgAccountsOauthConnectionsList<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsOauthConnectionsListData, ThrowOnError>): RequestResult<CfgAccountsOauthConnectionsListResponses, unknown, ThrowOnError> {
|
|
126
126
|
return (options?.client ?? client).get<CfgAccountsOauthConnectionsListResponses, unknown, ThrowOnError>({
|
|
127
|
-
security: [
|
|
127
|
+
security: [
|
|
128
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
129
|
+
{ scheme: 'bearer', type: 'http' },
|
|
130
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
131
|
+
],
|
|
128
132
|
url: '/cfg/accounts/oauth/connections/',
|
|
129
133
|
...options
|
|
130
134
|
});
|
|
@@ -137,7 +141,11 @@ export class CfgAccountsOauth {
|
|
|
137
141
|
*/
|
|
138
142
|
public static cfgAccountsOauthDisconnectCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOauthDisconnectCreateData, ThrowOnError>): RequestResult<CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthDisconnectCreateErrors, ThrowOnError> {
|
|
139
143
|
return (options.client ?? client).post<CfgAccountsOauthDisconnectCreateResponses, CfgAccountsOauthDisconnectCreateErrors, ThrowOnError>({
|
|
140
|
-
security: [
|
|
144
|
+
security: [
|
|
145
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
146
|
+
{ scheme: 'bearer', type: 'http' },
|
|
147
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
148
|
+
],
|
|
141
149
|
url: '/cfg/accounts/oauth/disconnect/',
|
|
142
150
|
...options,
|
|
143
151
|
headers: {
|
|
@@ -195,7 +203,11 @@ export class CfgAccounts {
|
|
|
195
203
|
*/
|
|
196
204
|
public static cfgAccountsOtpRequestCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOtpRequestCreateData, ThrowOnError>): RequestResult<CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpRequestCreateErrors, ThrowOnError> {
|
|
197
205
|
return (options.client ?? client).post<CfgAccountsOtpRequestCreateResponses, CfgAccountsOtpRequestCreateErrors, ThrowOnError>({
|
|
198
|
-
security: [
|
|
206
|
+
security: [
|
|
207
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
208
|
+
{ scheme: 'bearer', type: 'http' },
|
|
209
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
210
|
+
],
|
|
199
211
|
url: '/cfg/accounts/otp/request/',
|
|
200
212
|
...options,
|
|
201
213
|
headers: {
|
|
@@ -217,7 +229,11 @@ export class CfgAccounts {
|
|
|
217
229
|
*/
|
|
218
230
|
public static cfgAccountsOtpVerifyCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsOtpVerifyCreateData, ThrowOnError>): RequestResult<CfgAccountsOtpVerifyCreateResponses, CfgAccountsOtpVerifyCreateErrors, ThrowOnError> {
|
|
219
231
|
return (options.client ?? client).post<CfgAccountsOtpVerifyCreateResponses, CfgAccountsOtpVerifyCreateErrors, ThrowOnError>({
|
|
220
|
-
security: [
|
|
232
|
+
security: [
|
|
233
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
234
|
+
{ scheme: 'bearer', type: 'http' },
|
|
235
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
236
|
+
],
|
|
221
237
|
url: '/cfg/accounts/otp/verify/',
|
|
222
238
|
...options,
|
|
223
239
|
headers: {
|
|
@@ -254,7 +270,11 @@ export class CfgAccountsProfile {
|
|
|
254
270
|
public static cfgAccountsProfileAvatarCreate<ThrowOnError extends boolean = false>(options?: Options<CfgAccountsProfileAvatarCreateData, ThrowOnError>): RequestResult<CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileAvatarCreateErrors, ThrowOnError> {
|
|
255
271
|
return (options?.client ?? client).post<CfgAccountsProfileAvatarCreateResponses, CfgAccountsProfileAvatarCreateErrors, ThrowOnError>({
|
|
256
272
|
...formDataBodySerializer,
|
|
257
|
-
security: [
|
|
273
|
+
security: [
|
|
274
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
275
|
+
{ scheme: 'bearer', type: 'http' },
|
|
276
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
277
|
+
],
|
|
258
278
|
url: '/cfg/accounts/profile/avatar/',
|
|
259
279
|
...options,
|
|
260
280
|
headers: {
|
|
@@ -377,6 +397,24 @@ export class CfgAccountsProfile {
|
|
|
377
397
|
}
|
|
378
398
|
|
|
379
399
|
export class CfgAccountsAuth {
|
|
400
|
+
/**
|
|
401
|
+
* Revoke a refresh token (logout).
|
|
402
|
+
*
|
|
403
|
+
* Blacklists the posted refresh token so it can never mint another access
|
|
404
|
+
* token. Called best-effort by the client's logout — without it, "logout"
|
|
405
|
+
* is purely client-side and a stolen refresh token survives until expiry.
|
|
406
|
+
*/
|
|
407
|
+
public static cfgAccountsTokenBlacklistCreate<ThrowOnError extends boolean = false>(options: Options<CfgAccountsTokenBlacklistCreateData, ThrowOnError>): RequestResult<CfgAccountsTokenBlacklistCreateResponses, unknown, ThrowOnError> {
|
|
408
|
+
return (options.client ?? client).post<CfgAccountsTokenBlacklistCreateResponses, unknown, ThrowOnError>({
|
|
409
|
+
url: '/cfg/accounts/token/blacklist/',
|
|
410
|
+
...options,
|
|
411
|
+
headers: {
|
|
412
|
+
'Content-Type': 'application/json',
|
|
413
|
+
...options.headers
|
|
414
|
+
}
|
|
415
|
+
});
|
|
416
|
+
}
|
|
417
|
+
|
|
380
418
|
/**
|
|
381
419
|
* Refresh JWT token.
|
|
382
420
|
*
|
|
@@ -406,7 +444,11 @@ export class CfgCentrifugo {
|
|
|
406
444
|
*/
|
|
407
445
|
public static cfgCentrifugoAuthTokenRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgCentrifugoAuthTokenRetrieveData, ThrowOnError>): RequestResult<CfgCentrifugoAuthTokenRetrieveResponses, CfgCentrifugoAuthTokenRetrieveErrors, ThrowOnError> {
|
|
408
446
|
return (options?.client ?? client).get<CfgCentrifugoAuthTokenRetrieveResponses, CfgCentrifugoAuthTokenRetrieveErrors, ThrowOnError>({
|
|
409
|
-
security: [
|
|
447
|
+
security: [
|
|
448
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
449
|
+
{ scheme: 'bearer', type: 'http' },
|
|
450
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
451
|
+
],
|
|
410
452
|
url: '/cfg/centrifugo/auth/token/',
|
|
411
453
|
...options
|
|
412
454
|
});
|
|
@@ -419,7 +461,11 @@ export class CfgTotpBackupCodes {
|
|
|
419
461
|
*/
|
|
420
462
|
public static cfgTotpBackupCodesRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgTotpBackupCodesRetrieveData, ThrowOnError>): RequestResult<CfgTotpBackupCodesRetrieveResponses, unknown, ThrowOnError> {
|
|
421
463
|
return (options?.client ?? client).get<CfgTotpBackupCodesRetrieveResponses, unknown, ThrowOnError>({
|
|
422
|
-
security: [
|
|
464
|
+
security: [
|
|
465
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
466
|
+
{ scheme: 'bearer', type: 'http' },
|
|
467
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
468
|
+
],
|
|
423
469
|
url: '/cfg/totp/backup-codes/',
|
|
424
470
|
...options
|
|
425
471
|
});
|
|
@@ -433,7 +479,11 @@ export class CfgTotpBackupCodes {
|
|
|
433
479
|
*/
|
|
434
480
|
public static cfgTotpBackupCodesRegenerateCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpBackupCodesRegenerateCreateData, ThrowOnError>): RequestResult<CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRegenerateCreateErrors, ThrowOnError> {
|
|
435
481
|
return (options.client ?? client).post<CfgTotpBackupCodesRegenerateCreateResponses, CfgTotpBackupCodesRegenerateCreateErrors, ThrowOnError>({
|
|
436
|
-
security: [
|
|
482
|
+
security: [
|
|
483
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
484
|
+
{ scheme: 'bearer', type: 'http' },
|
|
485
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
486
|
+
],
|
|
437
487
|
url: '/cfg/totp/backup-codes/regenerate/',
|
|
438
488
|
...options,
|
|
439
489
|
headers: {
|
|
@@ -450,7 +500,11 @@ export class CfgTotp {
|
|
|
450
500
|
*/
|
|
451
501
|
public static cfgTotpDevicesRetrieve<ThrowOnError extends boolean = false>(options?: Options<CfgTotpDevicesRetrieveData, ThrowOnError>): RequestResult<CfgTotpDevicesRetrieveResponses, unknown, ThrowOnError> {
|
|
452
502
|
return (options?.client ?? client).get<CfgTotpDevicesRetrieveResponses, unknown, ThrowOnError>({
|
|
453
|
-
security: [
|
|
503
|
+
security: [
|
|
504
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
505
|
+
{ scheme: 'bearer', type: 'http' },
|
|
506
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
507
|
+
],
|
|
454
508
|
url: '/cfg/totp/devices/',
|
|
455
509
|
...options
|
|
456
510
|
});
|
|
@@ -463,7 +517,11 @@ export class CfgTotp {
|
|
|
463
517
|
*/
|
|
464
518
|
public static cfgTotpDevicesDestroy<ThrowOnError extends boolean = false>(options: Options<CfgTotpDevicesDestroyData, ThrowOnError>): RequestResult<CfgTotpDevicesDestroyResponses, unknown, ThrowOnError> {
|
|
465
519
|
return (options.client ?? client).delete<CfgTotpDevicesDestroyResponses, unknown, ThrowOnError>({
|
|
466
|
-
security: [
|
|
520
|
+
security: [
|
|
521
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
522
|
+
{ scheme: 'bearer', type: 'http' },
|
|
523
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
524
|
+
],
|
|
467
525
|
url: '/cfg/totp/devices/{id}/',
|
|
468
526
|
...options
|
|
469
527
|
});
|
|
@@ -476,7 +534,11 @@ export class CfgTotp {
|
|
|
476
534
|
*/
|
|
477
535
|
public static cfgTotpDisableCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpDisableCreateData, ThrowOnError>): RequestResult<CfgTotpDisableCreateResponses, CfgTotpDisableCreateErrors, ThrowOnError> {
|
|
478
536
|
return (options.client ?? client).post<CfgTotpDisableCreateResponses, CfgTotpDisableCreateErrors, ThrowOnError>({
|
|
479
|
-
security: [
|
|
537
|
+
security: [
|
|
538
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
539
|
+
{ scheme: 'bearer', type: 'http' },
|
|
540
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
541
|
+
],
|
|
480
542
|
url: '/cfg/totp/disable/',
|
|
481
543
|
...options,
|
|
482
544
|
headers: {
|
|
@@ -495,7 +557,11 @@ export class CfgTotpSetup {
|
|
|
495
557
|
*/
|
|
496
558
|
public static cfgTotpSetupCreate<ThrowOnError extends boolean = false>(options?: Options<CfgTotpSetupCreateData, ThrowOnError>): RequestResult<CfgTotpSetupCreateResponses, CfgTotpSetupCreateErrors, ThrowOnError> {
|
|
497
559
|
return (options?.client ?? client).post<CfgTotpSetupCreateResponses, CfgTotpSetupCreateErrors, ThrowOnError>({
|
|
498
|
-
security: [
|
|
560
|
+
security: [
|
|
561
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
562
|
+
{ scheme: 'bearer', type: 'http' },
|
|
563
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
564
|
+
],
|
|
499
565
|
url: '/cfg/totp/setup/',
|
|
500
566
|
...options,
|
|
501
567
|
headers: {
|
|
@@ -512,7 +578,11 @@ export class CfgTotpSetup {
|
|
|
512
578
|
*/
|
|
513
579
|
public static cfgTotpSetupConfirmCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpSetupConfirmCreateData, ThrowOnError>): RequestResult<CfgTotpSetupConfirmCreateResponses, CfgTotpSetupConfirmCreateErrors, ThrowOnError> {
|
|
514
580
|
return (options.client ?? client).post<CfgTotpSetupConfirmCreateResponses, CfgTotpSetupConfirmCreateErrors, ThrowOnError>({
|
|
515
|
-
security: [
|
|
581
|
+
security: [
|
|
582
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
583
|
+
{ scheme: 'bearer', type: 'http' },
|
|
584
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
585
|
+
],
|
|
516
586
|
url: '/cfg/totp/setup/confirm/',
|
|
517
587
|
...options,
|
|
518
588
|
headers: {
|
|
@@ -531,7 +601,11 @@ export class CfgTotpVerify {
|
|
|
531
601
|
*/
|
|
532
602
|
public static cfgTotpVerifyCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpVerifyCreateData, ThrowOnError>): RequestResult<CfgTotpVerifyCreateResponses, CfgTotpVerifyCreateErrors, ThrowOnError> {
|
|
533
603
|
return (options.client ?? client).post<CfgTotpVerifyCreateResponses, CfgTotpVerifyCreateErrors, ThrowOnError>({
|
|
534
|
-
security: [
|
|
604
|
+
security: [
|
|
605
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
606
|
+
{ scheme: 'bearer', type: 'http' },
|
|
607
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
608
|
+
],
|
|
535
609
|
url: '/cfg/totp/verify/',
|
|
536
610
|
...options,
|
|
537
611
|
headers: {
|
|
@@ -548,7 +622,11 @@ export class CfgTotpVerify {
|
|
|
548
622
|
*/
|
|
549
623
|
public static cfgTotpVerifyBackupCreate<ThrowOnError extends boolean = false>(options: Options<CfgTotpVerifyBackupCreateData, ThrowOnError>): RequestResult<CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyBackupCreateErrors, ThrowOnError> {
|
|
550
624
|
return (options.client ?? client).post<CfgTotpVerifyBackupCreateResponses, CfgTotpVerifyBackupCreateErrors, ThrowOnError>({
|
|
551
|
-
security: [
|
|
625
|
+
security: [
|
|
626
|
+
{ name: 'X-API-Key', type: 'apiKey' },
|
|
627
|
+
{ scheme: 'bearer', type: 'http' },
|
|
628
|
+
{ name: 'Authorization', type: 'apiKey' }
|
|
629
|
+
],
|
|
552
630
|
url: '/cfg/totp/verify/backup/',
|
|
553
631
|
...options,
|
|
554
632
|
headers: {
|
|
@@ -643,6 +643,10 @@ export type SetupResponse = {
|
|
|
643
643
|
expires_in: number;
|
|
644
644
|
};
|
|
645
645
|
|
|
646
|
+
export type TokenBlacklistRequest = {
|
|
647
|
+
refresh: string;
|
|
648
|
+
};
|
|
649
|
+
|
|
646
650
|
export type TokenRefresh = {
|
|
647
651
|
readonly access: string;
|
|
648
652
|
refresh: string;
|
|
@@ -1404,6 +1408,20 @@ export type CfgAccountsProfileUpdateUpdateResponses = {
|
|
|
1404
1408
|
|
|
1405
1409
|
export type CfgAccountsProfileUpdateUpdateResponse = CfgAccountsProfileUpdateUpdateResponses[keyof CfgAccountsProfileUpdateUpdateResponses];
|
|
1406
1410
|
|
|
1411
|
+
export type CfgAccountsTokenBlacklistCreateData = {
|
|
1412
|
+
body: TokenBlacklistRequest;
|
|
1413
|
+
path?: never;
|
|
1414
|
+
query?: never;
|
|
1415
|
+
url: '/cfg/accounts/token/blacklist/';
|
|
1416
|
+
};
|
|
1417
|
+
|
|
1418
|
+
export type CfgAccountsTokenBlacklistCreateResponses = {
|
|
1419
|
+
/**
|
|
1420
|
+
* No response body
|
|
1421
|
+
*/
|
|
1422
|
+
200: unknown;
|
|
1423
|
+
};
|
|
1424
|
+
|
|
1407
1425
|
export type CfgAccountsTokenRefreshCreateData = {
|
|
1408
1426
|
body: TokenRefreshRequest;
|
|
1409
1427
|
path?: never;
|
|
@@ -15,7 +15,6 @@ import {
|
|
|
15
15
|
resolveGuardIsLoading,
|
|
16
16
|
resolveGuardIsAuthenticated,
|
|
17
17
|
shouldRedirectToAuth,
|
|
18
|
-
nextAuthEvaluationDelay,
|
|
19
18
|
type GuardInput,
|
|
20
19
|
} from '../utils/guard';
|
|
21
20
|
|
|
@@ -112,33 +111,3 @@ describe('resolveGuardIsAuthenticated', () => {
|
|
|
112
111
|
});
|
|
113
112
|
});
|
|
114
113
|
|
|
115
|
-
describe('nextAuthEvaluationDelay (time-driven re-check scheduling)', () => {
|
|
116
|
-
const NOW = 1_800_000_000_000;
|
|
117
|
-
|
|
118
|
-
it('schedules on the SOONEST future expiry + 1s cushion', () => {
|
|
119
|
-
const access = NOW + 5 * 60_000; // 5 min
|
|
120
|
-
const refresh = NOW + 60 * 60_000; // 60 min
|
|
121
|
-
expect(nextAuthEvaluationDelay(access, refresh, NOW)).toBe(5 * 60_000 + 1000);
|
|
122
|
-
});
|
|
123
|
-
|
|
124
|
-
it('uses refresh expiry when access is already past', () => {
|
|
125
|
-
const access = NOW - 1000; // already expired → ignored
|
|
126
|
-
const refresh = NOW + 10 * 60_000;
|
|
127
|
-
expect(nextAuthEvaluationDelay(access, refresh, NOW)).toBe(10 * 60_000 + 1000);
|
|
128
|
-
});
|
|
129
|
-
|
|
130
|
-
it('returns null when nothing live remains (no timer to arm)', () => {
|
|
131
|
-
expect(nextAuthEvaluationDelay(NOW - 1, NOW - 2, NOW)).toBeNull();
|
|
132
|
-
expect(nextAuthEvaluationDelay(null, null, NOW)).toBeNull();
|
|
133
|
-
});
|
|
134
|
-
|
|
135
|
-
it('handles a single live token (other absent)', () => {
|
|
136
|
-
expect(nextAuthEvaluationDelay(NOW + 30_000, null, NOW)).toBe(31_000);
|
|
137
|
-
expect(nextAuthEvaluationDelay(null, NOW + 30_000, NOW)).toBe(31_000);
|
|
138
|
-
});
|
|
139
|
-
|
|
140
|
-
it('never returns a negative delay', () => {
|
|
141
|
-
const d = nextAuthEvaluationDelay(NOW + 1, NOW + 1, NOW);
|
|
142
|
-
expect(d).toBeGreaterThan(0);
|
|
143
|
-
});
|
|
144
|
-
});
|
package/src/auth/constants.ts
CHANGED
|
@@ -11,3 +11,9 @@ export const AUTH_CONSTANTS = {
|
|
|
11
11
|
/** Backup code max length. */
|
|
12
12
|
BACKUP_CODE_MAX_LENGTH: 12,
|
|
13
13
|
} as const;
|
|
14
|
+
|
|
15
|
+
/** Default route for the sign-in page. Override per app via AuthConfig.routes. */
|
|
16
|
+
export const DEFAULT_AUTH_PATH = '/auth';
|
|
17
|
+
|
|
18
|
+
/** Default post-login destination. Override per app via AuthConfig.routes. */
|
|
19
|
+
export const DEFAULT_CALLBACK_PATH = '/dashboard';
|
|
@@ -17,15 +17,14 @@ import {
|
|
|
17
17
|
createContext, memo, ReactNode, useCallback, useContext, useEffect, useMemo, useRef, useState
|
|
18
18
|
} from 'react';
|
|
19
19
|
|
|
20
|
-
import {
|
|
21
|
-
import { CfgAccountsProfile } from '../../_api/generated/_cfg_accounts/sdk.gen';
|
|
20
|
+
import { auth } from '../../_api/generated/helpers/auth';
|
|
21
|
+
import { CfgAccountsAuth, CfgAccountsProfile } from '../../_api/generated/_cfg_accounts/sdk.gen';
|
|
22
22
|
import {
|
|
23
23
|
useCfgAccountsOtpRequestCreate,
|
|
24
24
|
useCfgAccountsOtpVerifyCreate,
|
|
25
25
|
useCfgAccountsProfileAvatarCreate,
|
|
26
26
|
useCfgAccountsProfilePartialUpdate,
|
|
27
27
|
useCfgAccountsProfileUpdateUpdate,
|
|
28
|
-
useCfgAccountsTokenRefreshCreate,
|
|
29
28
|
} from '../../_api/generated/_cfg_accounts/hooks';
|
|
30
29
|
import { PatchedCfgUserUpdateRequestSchema } from '../../_api/generated/_cfg_accounts/schemas';
|
|
31
30
|
import { clearProfileCache, getCachedProfile, setCachedProfile } from '../hooks/useProfileCache';
|
|
@@ -39,8 +38,6 @@ import type {
|
|
|
39
38
|
OtpVerifyRequest,
|
|
40
39
|
OtpRequestResponse,
|
|
41
40
|
OtpVerifyResponse,
|
|
42
|
-
TokenRefresh,
|
|
43
|
-
TokenRefreshRequest,
|
|
44
41
|
} from '../../_api/generated/_cfg_accounts/types.gen';
|
|
45
42
|
|
|
46
43
|
export { PatchedCfgUserUpdateRequestSchema };
|
|
@@ -62,7 +59,6 @@ export interface AccountsContextValue {
|
|
|
62
59
|
|
|
63
60
|
requestOTP: (data: OtpRequestRequest) => Promise<OtpRequestResponse>;
|
|
64
61
|
verifyOTP: (data: OtpVerifyRequest) => Promise<OtpVerifyResponse>;
|
|
65
|
-
refreshToken: (refresh: string) => Promise<TokenRefresh>;
|
|
66
62
|
logout: () => void;
|
|
67
63
|
}
|
|
68
64
|
|
|
@@ -96,7 +92,6 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
|
|
|
96
92
|
const { trigger: triggerAvatar } = useCfgAccountsProfileAvatarCreate();
|
|
97
93
|
const { trigger: triggerOtpRequest } = useCfgAccountsOtpRequestCreate();
|
|
98
94
|
const { trigger: triggerOtpVerify } = useCfgAccountsOtpVerifyCreate();
|
|
99
|
-
const { trigger: triggerTokenRefresh } = useCfgAccountsTokenRefreshCreate();
|
|
100
95
|
|
|
101
96
|
const refreshProfile = useCallback(async (options?: { callerId?: string; force?: boolean }): Promise<User | undefined> => {
|
|
102
97
|
const { callerId, force } = options || {};
|
|
@@ -159,8 +154,8 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
|
|
|
159
154
|
}
|
|
160
155
|
|
|
161
156
|
if (result.access && result.refresh) {
|
|
162
|
-
|
|
163
|
-
|
|
157
|
+
// The ONE write path — atomic pair, notifies every session subscriber.
|
|
158
|
+
auth.setSession({ access: result.access, refresh: result.refresh });
|
|
164
159
|
try {
|
|
165
160
|
await refreshProfile({ callerId: 'verifyOTP', force: true });
|
|
166
161
|
} catch (profileError) {
|
|
@@ -171,20 +166,17 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
|
|
|
171
166
|
return result;
|
|
172
167
|
};
|
|
173
168
|
|
|
174
|
-
const refreshToken = async (refresh: string): Promise<TokenRefresh> => {
|
|
175
|
-
const body: TokenRefreshRequest = { refresh };
|
|
176
|
-
const result = (await triggerTokenRefresh({ body })) as TokenRefresh;
|
|
177
|
-
|
|
178
|
-
if (result.access) {
|
|
179
|
-
CfgAccountsApi.setToken(result.access);
|
|
180
|
-
CfgAccountsApi.setRefreshToken(refresh);
|
|
181
|
-
}
|
|
182
|
-
|
|
183
|
-
return result;
|
|
184
|
-
};
|
|
185
|
-
|
|
186
169
|
const logout = useCallback(() => {
|
|
187
|
-
|
|
170
|
+
// Best-effort server-side revocation: without blacklisting, a stolen
|
|
171
|
+
// refresh token survives "logout" until it expires. Fire-and-forget —
|
|
172
|
+
// local logout must never block on the network.
|
|
173
|
+
const refresh = auth.getRefreshToken();
|
|
174
|
+
if (refresh) {
|
|
175
|
+
CfgAccountsAuth.cfgAccountsTokenBlacklistCreate({ body: { refresh } }).catch(() => {
|
|
176
|
+
authLogger.warn('Refresh-token blacklist failed (logged out locally anyway)');
|
|
177
|
+
});
|
|
178
|
+
}
|
|
179
|
+
auth.clearSession();
|
|
188
180
|
setProfile(undefined);
|
|
189
181
|
setProfileError(null);
|
|
190
182
|
clearProfileCache();
|
|
@@ -200,7 +192,6 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
|
|
|
200
192
|
refreshProfile,
|
|
201
193
|
requestOTP,
|
|
202
194
|
verifyOTP,
|
|
203
|
-
refreshToken,
|
|
204
195
|
logout,
|
|
205
196
|
}), [
|
|
206
197
|
profile,
|
|
@@ -212,7 +203,6 @@ export function AccountsProvider({ children }: AccountsProviderProps) {
|
|
|
212
203
|
refreshProfile,
|
|
213
204
|
requestOTP,
|
|
214
205
|
verifyOTP,
|
|
215
|
-
refreshToken,
|
|
216
206
|
logout,
|
|
217
207
|
]);
|
|
218
208
|
|