@djangocfg/api 2.1.47 → 2.1.49

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@djangocfg/api",
-  "version": "2.1.47",
+  "version": "2.1.49",
   "description": "Auto-generated TypeScript API client with React hooks, SWR integration, and Zod validation for Django REST Framework backends",
   "keywords": [
     "django",
@@ -74,7 +74,7 @@
     "check": "tsc --noEmit"
   },
   "peerDependencies": {
-    "@djangocfg/ui-nextjs": "^2.1.47",
+    "@djangocfg/ui-nextjs": "^2.1.49",
     "consola": "^3.4.2",
     "next": "^14 || ^15",
     "p-retry": "^7.0.0",
@@ -85,7 +85,7 @@
   "devDependencies": {
     "@types/node": "^24.7.2",
     "@types/react": "^19.0.0",
-    "@djangocfg/typescript-config": "^2.1.47",
+    "@djangocfg/typescript-config": "^2.1.49",
     "next": "^15.0.0",
     "react": "^19.0.0",
     "tsup": "^8.5.0",

package/src/auth/hooks/useAuthForm.ts

@@ -43,10 +43,12 @@ export interface UseAuthFormOptions {
   redirectUrl?: string;
   /** If true, user must accept terms before submitting. Default: false */
   requireTermsAcceptance?: boolean;
+  /** Path to auth page for auto-OTP detection. Default: '/auth' */
+  authPath?: string;
 }
 
 export const useAuthForm = (options: UseAuthFormOptions): AuthFormState & AuthFormHandlers => {
-  const { onIdentifierSuccess, onOTPSuccess, onError, sourceUrl, redirectUrl, requireTermsAcceptance = false } = options;
+  const { onIdentifierSuccess, onOTPSuccess, onError, sourceUrl, redirectUrl, requireTermsAcceptance = false, authPath = '/auth' } = options;
   
   // Form state
   const [identifier, setIdentifier] = useState('');
@@ -273,15 +275,16 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormState & AuthFo
     setSavedTermsAccepted(checked);
   }, [setSavedTermsAccepted]);
 
-  // Auto-detect OTP from URL query parameters
+  // Auto-detect OTP from URL query parameters (only on auth page)
   useAutoAuth({
+    allowedPaths: [authPath],
     onOTPDetected: (otp: string) => {
       authLogger.info('OTP detected, auto-submitting');
-      
+
       // Get saved identifier from auth context
       const savedEmail = getSavedEmail();
       const savedPhone = getSavedPhone();
-      
+
       // Prioritize phone over email if both exist
       if (savedPhone) {
         setIdentifier(savedPhone);
@@ -290,11 +293,11 @@ export const useAuthForm = (options: UseAuthFormOptions): AuthFormState & AuthFo
         setIdentifier(savedEmail);
         setChannel('email');
       }
-      
+
       // Set OTP and force OTP step
       setOtp(otp);
       setStep('otp');
-      
+
       // Auto-submit after a short delay to ensure state is updated
       setTimeout(() => {
         const fakeEvent = { preventDefault: () => {} } as React.FormEvent;

package/src/auth/hooks/useAutoAuth.ts

@@ -10,6 +10,8 @@ import { authLogger } from '../utils/logger';
 export interface UseAutoAuthOptions {
   onOTPDetected?: (otp: string) => void;
   cleanupUrl?: boolean;
+  /** Paths where auto-auth should be active. Default: ['/auth'] */
+  allowedPaths?: string[];
 }
 
 /**
@@ -17,22 +19,26 @@ export interface UseAutoAuthOptions {
  * Detects OTP from URL and triggers callback
  */
 export const useAutoAuth = (options: UseAutoAuthOptions = {}) => {
-  const { onOTPDetected, cleanupUrl = true } = options;
+  const { onOTPDetected, cleanupUrl = true, allowedPaths = ['/auth'] } = options;
   const queryParams = useQueryParams();
   const pathname = usePathname();
   const router = useCfgRouter();
 
-  const isReady = !!pathname && !!queryParams.get('otp');
+  // Check if current path is in allowed paths
+  const isAllowedPath = allowedPaths.some(path => pathname === path || pathname?.startsWith(path + '/'));
+
   const hasOTP = !!(queryParams.get('otp'));
+  const isReady = !!pathname && hasOTP && isAllowedPath;
 
   useEffect(() => {
     if (!isReady) return;
 
     const queryOtp = queryParams.get('otp') as string;
 
-    // Handle OTP detection
+    // Handle OTP detection - only on allowed paths to avoid conflicts with other pages
+    // (e.g., /dashboard/device uses ?otp= for device authorization, not user auth)
     if (queryOtp && typeof queryOtp === 'string' && queryOtp.length === 6) {
-      authLogger.info('OTP detected in URL:', queryOtp);
+      authLogger.info('OTP detected in URL on auth page:', queryOtp);
       onOTPDetected?.(queryOtp);
     }
 
@@ -40,12 +46,14 @@ export const useAutoAuth = (options: UseAutoAuthOptions = {}) => {
     if (cleanupUrl && queryOtp) {
       const cleanQuery = Object.fromEntries(queryParams.entries());
       delete cleanQuery.otp;
-      router.push(`${pathname}?${new URLSearchParams(cleanQuery).toString()}`);
+      const queryString = new URLSearchParams(cleanQuery).toString();
+      router.push(queryString ? `${pathname}?${queryString}` : pathname);
     }
-  }, [pathname, queryParams, onOTPDetected, cleanupUrl, router]);
+  }, [pathname, queryParams, onOTPDetected, cleanupUrl, router, isReady]);
 
   return {
     isReady,
     hasOTP,
+    isAllowedPath,
   };
 };