@djangocfg/monitor 2.1.427 → 2.1.428
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/client.cjs +103 -2
- package/dist/client.cjs.map +1 -1
- package/dist/client.mjs +103 -2
- package/dist/client.mjs.map +1 -1
- package/dist/index.cjs +102 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.mjs +102 -1
- package/dist/index.mjs.map +1 -1
- package/dist/server.cjs +102 -1
- package/dist/server.cjs.map +1 -1
- package/dist/server.mjs +102 -1
- package/dist/server.mjs.map +1 -1
- package/package.json +2 -2
- package/src/_api/generated/client/index.ts +1 -0
- package/src/_api/generated/client/utils.gen.ts +2 -2
- package/src/_api/generated/client.gen.ts +2 -2
- package/src/_api/generated/core/auth.gen.ts +7 -0
- package/src/_api/generated/core/params.gen.ts +10 -8
- package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
- package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
- package/src/_api/generated/core/utils.gen.ts +4 -4
- package/src/_api/generated/helpers/auth.ts +127 -1
- package/src/_api/generated/sdk.gen.ts +2 -2
package/dist/client.mjs
CHANGED
|
@@ -357,6 +357,99 @@ async function tryRefresh() {
|
|
|
357
357
|
return _refreshInflight;
|
|
358
358
|
}
|
|
359
359
|
__name(tryRefresh, "tryRefresh");
|
|
360
|
+
function dpopEnabled() {
|
|
361
|
+
try {
|
|
362
|
+
return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
|
|
363
|
+
} catch {
|
|
364
|
+
return false;
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
__name(dpopEnabled, "dpopEnabled");
|
|
368
|
+
var _DPOP_DB = "cfg-auth";
|
|
369
|
+
var _DPOP_STORE = "keys";
|
|
370
|
+
var _DPOP_KEY_ID = "dpop-ec-p256";
|
|
371
|
+
function _idbOpen() {
|
|
372
|
+
return new Promise((resolve, reject) => {
|
|
373
|
+
const req = indexedDB.open(_DPOP_DB, 1);
|
|
374
|
+
req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
|
|
375
|
+
req.onsuccess = () => resolve(req.result);
|
|
376
|
+
req.onerror = () => reject(req.error);
|
|
377
|
+
});
|
|
378
|
+
}
|
|
379
|
+
__name(_idbOpen, "_idbOpen");
|
|
380
|
+
function _idbGet(key) {
|
|
381
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
382
|
+
const tx = db.transaction(_DPOP_STORE, "readonly");
|
|
383
|
+
const req = tx.objectStore(_DPOP_STORE).get(key);
|
|
384
|
+
req.onsuccess = () => resolve(req.result);
|
|
385
|
+
req.onerror = () => reject(req.error);
|
|
386
|
+
}));
|
|
387
|
+
}
|
|
388
|
+
__name(_idbGet, "_idbGet");
|
|
389
|
+
function _idbPut(key, value) {
|
|
390
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
391
|
+
const tx = db.transaction(_DPOP_STORE, "readwrite");
|
|
392
|
+
tx.objectStore(_DPOP_STORE).put(value, key);
|
|
393
|
+
tx.oncomplete = () => resolve();
|
|
394
|
+
tx.onerror = () => reject(tx.error);
|
|
395
|
+
}));
|
|
396
|
+
}
|
|
397
|
+
__name(_idbPut, "_idbPut");
|
|
398
|
+
var _dpopKeyPromise = null;
|
|
399
|
+
function _getDpopKeyPair() {
|
|
400
|
+
if (_dpopKeyPromise) return _dpopKeyPromise;
|
|
401
|
+
_dpopKeyPromise = (async () => {
|
|
402
|
+
const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
|
|
403
|
+
if (existing) return existing;
|
|
404
|
+
const pair = await crypto.subtle.generateKey(
|
|
405
|
+
{ name: "ECDSA", namedCurve: "P-256" },
|
|
406
|
+
false,
|
|
407
|
+
// extractable:false — JS can sign but never export the private key
|
|
408
|
+
["sign"]
|
|
409
|
+
);
|
|
410
|
+
await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
|
|
411
|
+
});
|
|
412
|
+
return pair;
|
|
413
|
+
})();
|
|
414
|
+
return _dpopKeyPromise;
|
|
415
|
+
}
|
|
416
|
+
__name(_getDpopKeyPair, "_getDpopKeyPair");
|
|
417
|
+
function _b64urlFromBytes(bytes) {
|
|
418
|
+
const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
|
|
419
|
+
let s = "";
|
|
420
|
+
for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
|
|
421
|
+
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
422
|
+
}
|
|
423
|
+
__name(_b64urlFromBytes, "_b64urlFromBytes");
|
|
424
|
+
function _b64urlFromString(str) {
|
|
425
|
+
return _b64urlFromBytes(new TextEncoder().encode(str));
|
|
426
|
+
}
|
|
427
|
+
__name(_b64urlFromString, "_b64urlFromString");
|
|
428
|
+
async function _publicJwk(pub) {
|
|
429
|
+
const jwk = await crypto.subtle.exportKey("jwk", pub);
|
|
430
|
+
return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
|
|
431
|
+
}
|
|
432
|
+
__name(_publicJwk, "_publicJwk");
|
|
433
|
+
async function _makeDpopProof(method, url) {
|
|
434
|
+
try {
|
|
435
|
+
const pair = await _getDpopKeyPair();
|
|
436
|
+
const jwk = await _publicJwk(pair.publicKey);
|
|
437
|
+
const header = { typ: "dpop+jwt", alg: "ES256", jwk };
|
|
438
|
+
const htu = url.split("#")[0].split("?")[0];
|
|
439
|
+
const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
|
|
440
|
+
const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
|
|
441
|
+
const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
|
|
442
|
+
const sig = await crypto.subtle.sign(
|
|
443
|
+
{ name: "ECDSA", hash: "SHA-256" },
|
|
444
|
+
pair.privateKey,
|
|
445
|
+
new TextEncoder().encode(signingInput)
|
|
446
|
+
);
|
|
447
|
+
return `${signingInput}.${_b64urlFromBytes(sig)}`;
|
|
448
|
+
} catch {
|
|
449
|
+
return null;
|
|
450
|
+
}
|
|
451
|
+
}
|
|
452
|
+
__name(_makeDpopProof, "_makeDpopProof");
|
|
360
453
|
function installAuthOnClient(client2) {
|
|
361
454
|
if (_client) return;
|
|
362
455
|
_client = client2;
|
|
@@ -364,7 +457,7 @@ function installAuthOnClient(client2) {
|
|
|
364
457
|
baseUrl: auth.getBaseUrl(),
|
|
365
458
|
credentials: _withCredentials ? "include" : "same-origin"
|
|
366
459
|
});
|
|
367
|
-
client2.interceptors.request.use((request) => {
|
|
460
|
+
client2.interceptors.request.use(async (request) => {
|
|
368
461
|
const token = auth.getToken();
|
|
369
462
|
if (token) request.headers.set("Authorization", `Bearer ${token}`);
|
|
370
463
|
const locale = auth.getLocale();
|
|
@@ -377,6 +470,10 @@ function installAuthOnClient(client2) {
|
|
|
377
470
|
} catch {
|
|
378
471
|
}
|
|
379
472
|
request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
|
|
473
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
474
|
+
const proof = await _makeDpopProof(request.method, request.url);
|
|
475
|
+
if (proof) request.headers.set("DPoP", proof);
|
|
476
|
+
}
|
|
380
477
|
return request;
|
|
381
478
|
});
|
|
382
479
|
client2.interceptors.error.use((err, res, req) => {
|
|
@@ -410,6 +507,10 @@ function installAuthOnClient(client2) {
|
|
|
410
507
|
const retry = request.clone();
|
|
411
508
|
retry.headers.set("Authorization", `Bearer ${newToken}`);
|
|
412
509
|
retry.headers.set(RETRY_MARKER, "1");
|
|
510
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
511
|
+
const proof = await _makeDpopProof(retry.method, retry.url);
|
|
512
|
+
if (proof) retry.headers.set("DPoP", proof);
|
|
513
|
+
}
|
|
413
514
|
try {
|
|
414
515
|
const retried = await fetch(retry);
|
|
415
516
|
if (retried.status === 401 && _onUnauthorized) {
|
|
@@ -1455,7 +1556,7 @@ __name(sendBatch, "sendBatch");
|
|
|
1455
1556
|
// src/client/utils/env.ts
|
|
1456
1557
|
var isDevelopment = process.env.NODE_ENV === "development";
|
|
1457
1558
|
var isProduction = !isDevelopment;
|
|
1458
|
-
var MONITOR_VERSION = "2.1.
|
|
1559
|
+
var MONITOR_VERSION = "2.1.428";
|
|
1459
1560
|
|
|
1460
1561
|
// src/client/constants.ts
|
|
1461
1562
|
var MONITOR_INGEST_PATTERN = /cfg\/monitor\/ingest/;
|