@djangocfg/monitor 2.1.427 → 2.1.428
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/client.cjs +103 -2
- package/dist/client.cjs.map +1 -1
- package/dist/client.mjs +103 -2
- package/dist/client.mjs.map +1 -1
- package/dist/index.cjs +102 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.mjs +102 -1
- package/dist/index.mjs.map +1 -1
- package/dist/server.cjs +102 -1
- package/dist/server.cjs.map +1 -1
- package/dist/server.mjs +102 -1
- package/dist/server.mjs.map +1 -1
- package/package.json +2 -2
- package/src/_api/generated/client/index.ts +1 -0
- package/src/_api/generated/client/utils.gen.ts +2 -2
- package/src/_api/generated/client.gen.ts +2 -2
- package/src/_api/generated/core/auth.gen.ts +7 -0
- package/src/_api/generated/core/params.gen.ts +10 -8
- package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
- package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
- package/src/_api/generated/core/utils.gen.ts +4 -4
- package/src/_api/generated/helpers/auth.ts +127 -1
- package/src/_api/generated/sdk.gen.ts +2 -2
package/dist/index.cjs
CHANGED
|
@@ -318,6 +318,99 @@ async function tryRefresh() {
|
|
|
318
318
|
return _refreshInflight;
|
|
319
319
|
}
|
|
320
320
|
__name(tryRefresh, "tryRefresh");
|
|
321
|
+
function dpopEnabled() {
|
|
322
|
+
try {
|
|
323
|
+
return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
|
|
324
|
+
} catch {
|
|
325
|
+
return false;
|
|
326
|
+
}
|
|
327
|
+
}
|
|
328
|
+
__name(dpopEnabled, "dpopEnabled");
|
|
329
|
+
var _DPOP_DB = "cfg-auth";
|
|
330
|
+
var _DPOP_STORE = "keys";
|
|
331
|
+
var _DPOP_KEY_ID = "dpop-ec-p256";
|
|
332
|
+
function _idbOpen() {
|
|
333
|
+
return new Promise((resolve, reject) => {
|
|
334
|
+
const req = indexedDB.open(_DPOP_DB, 1);
|
|
335
|
+
req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
|
|
336
|
+
req.onsuccess = () => resolve(req.result);
|
|
337
|
+
req.onerror = () => reject(req.error);
|
|
338
|
+
});
|
|
339
|
+
}
|
|
340
|
+
__name(_idbOpen, "_idbOpen");
|
|
341
|
+
function _idbGet(key) {
|
|
342
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
343
|
+
const tx = db.transaction(_DPOP_STORE, "readonly");
|
|
344
|
+
const req = tx.objectStore(_DPOP_STORE).get(key);
|
|
345
|
+
req.onsuccess = () => resolve(req.result);
|
|
346
|
+
req.onerror = () => reject(req.error);
|
|
347
|
+
}));
|
|
348
|
+
}
|
|
349
|
+
__name(_idbGet, "_idbGet");
|
|
350
|
+
function _idbPut(key, value) {
|
|
351
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
352
|
+
const tx = db.transaction(_DPOP_STORE, "readwrite");
|
|
353
|
+
tx.objectStore(_DPOP_STORE).put(value, key);
|
|
354
|
+
tx.oncomplete = () => resolve();
|
|
355
|
+
tx.onerror = () => reject(tx.error);
|
|
356
|
+
}));
|
|
357
|
+
}
|
|
358
|
+
__name(_idbPut, "_idbPut");
|
|
359
|
+
var _dpopKeyPromise = null;
|
|
360
|
+
function _getDpopKeyPair() {
|
|
361
|
+
if (_dpopKeyPromise) return _dpopKeyPromise;
|
|
362
|
+
_dpopKeyPromise = (async () => {
|
|
363
|
+
const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
|
|
364
|
+
if (existing) return existing;
|
|
365
|
+
const pair = await crypto.subtle.generateKey(
|
|
366
|
+
{ name: "ECDSA", namedCurve: "P-256" },
|
|
367
|
+
false,
|
|
368
|
+
// extractable:false — JS can sign but never export the private key
|
|
369
|
+
["sign"]
|
|
370
|
+
);
|
|
371
|
+
await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
|
|
372
|
+
});
|
|
373
|
+
return pair;
|
|
374
|
+
})();
|
|
375
|
+
return _dpopKeyPromise;
|
|
376
|
+
}
|
|
377
|
+
__name(_getDpopKeyPair, "_getDpopKeyPair");
|
|
378
|
+
function _b64urlFromBytes(bytes) {
|
|
379
|
+
const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
|
|
380
|
+
let s = "";
|
|
381
|
+
for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
|
|
382
|
+
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
383
|
+
}
|
|
384
|
+
__name(_b64urlFromBytes, "_b64urlFromBytes");
|
|
385
|
+
function _b64urlFromString(str) {
|
|
386
|
+
return _b64urlFromBytes(new TextEncoder().encode(str));
|
|
387
|
+
}
|
|
388
|
+
__name(_b64urlFromString, "_b64urlFromString");
|
|
389
|
+
async function _publicJwk(pub) {
|
|
390
|
+
const jwk = await crypto.subtle.exportKey("jwk", pub);
|
|
391
|
+
return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
|
|
392
|
+
}
|
|
393
|
+
__name(_publicJwk, "_publicJwk");
|
|
394
|
+
async function _makeDpopProof(method, url) {
|
|
395
|
+
try {
|
|
396
|
+
const pair = await _getDpopKeyPair();
|
|
397
|
+
const jwk = await _publicJwk(pair.publicKey);
|
|
398
|
+
const header = { typ: "dpop+jwt", alg: "ES256", jwk };
|
|
399
|
+
const htu = url.split("#")[0].split("?")[0];
|
|
400
|
+
const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
|
|
401
|
+
const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
|
|
402
|
+
const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
|
|
403
|
+
const sig = await crypto.subtle.sign(
|
|
404
|
+
{ name: "ECDSA", hash: "SHA-256" },
|
|
405
|
+
pair.privateKey,
|
|
406
|
+
new TextEncoder().encode(signingInput)
|
|
407
|
+
);
|
|
408
|
+
return `${signingInput}.${_b64urlFromBytes(sig)}`;
|
|
409
|
+
} catch {
|
|
410
|
+
return null;
|
|
411
|
+
}
|
|
412
|
+
}
|
|
413
|
+
__name(_makeDpopProof, "_makeDpopProof");
|
|
321
414
|
function installAuthOnClient(client2) {
|
|
322
415
|
if (_client) return;
|
|
323
416
|
_client = client2;
|
|
@@ -325,7 +418,7 @@ function installAuthOnClient(client2) {
|
|
|
325
418
|
baseUrl: auth.getBaseUrl(),
|
|
326
419
|
credentials: _withCredentials ? "include" : "same-origin"
|
|
327
420
|
});
|
|
328
|
-
client2.interceptors.request.use((request) => {
|
|
421
|
+
client2.interceptors.request.use(async (request) => {
|
|
329
422
|
const token = auth.getToken();
|
|
330
423
|
if (token) request.headers.set("Authorization", `Bearer ${token}`);
|
|
331
424
|
const locale = auth.getLocale();
|
|
@@ -338,6 +431,10 @@ function installAuthOnClient(client2) {
|
|
|
338
431
|
} catch {
|
|
339
432
|
}
|
|
340
433
|
request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
|
|
434
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
435
|
+
const proof = await _makeDpopProof(request.method, request.url);
|
|
436
|
+
if (proof) request.headers.set("DPoP", proof);
|
|
437
|
+
}
|
|
341
438
|
return request;
|
|
342
439
|
});
|
|
343
440
|
client2.interceptors.error.use((err, res, req) => {
|
|
@@ -371,6 +468,10 @@ function installAuthOnClient(client2) {
|
|
|
371
468
|
const retry = request.clone();
|
|
372
469
|
retry.headers.set("Authorization", `Bearer ${newToken}`);
|
|
373
470
|
retry.headers.set(RETRY_MARKER, "1");
|
|
471
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
472
|
+
const proof = await _makeDpopProof(retry.method, retry.url);
|
|
473
|
+
if (proof) retry.headers.set("DPoP", proof);
|
|
474
|
+
}
|
|
374
475
|
try {
|
|
375
476
|
const retried = await fetch(retry);
|
|
376
477
|
if (retried.status === 401 && _onUnauthorized) {
|