@djangocfg/monitor 2.1.427 → 2.1.428
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/client.cjs +103 -2
- package/dist/client.cjs.map +1 -1
- package/dist/client.mjs +103 -2
- package/dist/client.mjs.map +1 -1
- package/dist/index.cjs +102 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.mjs +102 -1
- package/dist/index.mjs.map +1 -1
- package/dist/server.cjs +102 -1
- package/dist/server.cjs.map +1 -1
- package/dist/server.mjs +102 -1
- package/dist/server.mjs.map +1 -1
- package/package.json +2 -2
- package/src/_api/generated/client/index.ts +1 -0
- package/src/_api/generated/client/utils.gen.ts +2 -2
- package/src/_api/generated/client.gen.ts +2 -2
- package/src/_api/generated/core/auth.gen.ts +7 -0
- package/src/_api/generated/core/params.gen.ts +10 -8
- package/src/_api/generated/core/pathSerializer.gen.ts +6 -6
- package/src/_api/generated/core/queryKeySerializer.gen.ts +1 -1
- package/src/_api/generated/core/utils.gen.ts +4 -4
- package/src/_api/generated/helpers/auth.ts +127 -1
- package/src/_api/generated/sdk.gen.ts +2 -2
package/dist/server.cjs
CHANGED
|
@@ -317,6 +317,99 @@ async function tryRefresh() {
|
|
|
317
317
|
return _refreshInflight;
|
|
318
318
|
}
|
|
319
319
|
__name(tryRefresh, "tryRefresh");
|
|
320
|
+
function dpopEnabled() {
|
|
321
|
+
try {
|
|
322
|
+
return typeof process !== "undefined" && process.env?.NEXT_PUBLIC_DPOP_ENABLED === "true";
|
|
323
|
+
} catch {
|
|
324
|
+
return false;
|
|
325
|
+
}
|
|
326
|
+
}
|
|
327
|
+
__name(dpopEnabled, "dpopEnabled");
|
|
328
|
+
var _DPOP_DB = "cfg-auth";
|
|
329
|
+
var _DPOP_STORE = "keys";
|
|
330
|
+
var _DPOP_KEY_ID = "dpop-ec-p256";
|
|
331
|
+
function _idbOpen() {
|
|
332
|
+
return new Promise((resolve, reject) => {
|
|
333
|
+
const req = indexedDB.open(_DPOP_DB, 1);
|
|
334
|
+
req.onupgradeneeded = () => req.result.createObjectStore(_DPOP_STORE);
|
|
335
|
+
req.onsuccess = () => resolve(req.result);
|
|
336
|
+
req.onerror = () => reject(req.error);
|
|
337
|
+
});
|
|
338
|
+
}
|
|
339
|
+
__name(_idbOpen, "_idbOpen");
|
|
340
|
+
function _idbGet(key) {
|
|
341
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
342
|
+
const tx = db.transaction(_DPOP_STORE, "readonly");
|
|
343
|
+
const req = tx.objectStore(_DPOP_STORE).get(key);
|
|
344
|
+
req.onsuccess = () => resolve(req.result);
|
|
345
|
+
req.onerror = () => reject(req.error);
|
|
346
|
+
}));
|
|
347
|
+
}
|
|
348
|
+
__name(_idbGet, "_idbGet");
|
|
349
|
+
function _idbPut(key, value) {
|
|
350
|
+
return _idbOpen().then((db) => new Promise((resolve, reject) => {
|
|
351
|
+
const tx = db.transaction(_DPOP_STORE, "readwrite");
|
|
352
|
+
tx.objectStore(_DPOP_STORE).put(value, key);
|
|
353
|
+
tx.oncomplete = () => resolve();
|
|
354
|
+
tx.onerror = () => reject(tx.error);
|
|
355
|
+
}));
|
|
356
|
+
}
|
|
357
|
+
__name(_idbPut, "_idbPut");
|
|
358
|
+
var _dpopKeyPromise = null;
|
|
359
|
+
function _getDpopKeyPair() {
|
|
360
|
+
if (_dpopKeyPromise) return _dpopKeyPromise;
|
|
361
|
+
_dpopKeyPromise = (async () => {
|
|
362
|
+
const existing = await _idbGet(_DPOP_KEY_ID).catch(() => void 0);
|
|
363
|
+
if (existing) return existing;
|
|
364
|
+
const pair = await crypto.subtle.generateKey(
|
|
365
|
+
{ name: "ECDSA", namedCurve: "P-256" },
|
|
366
|
+
false,
|
|
367
|
+
// extractable:false — JS can sign but never export the private key
|
|
368
|
+
["sign"]
|
|
369
|
+
);
|
|
370
|
+
await _idbPut(_DPOP_KEY_ID, pair).catch(() => {
|
|
371
|
+
});
|
|
372
|
+
return pair;
|
|
373
|
+
})();
|
|
374
|
+
return _dpopKeyPromise;
|
|
375
|
+
}
|
|
376
|
+
__name(_getDpopKeyPair, "_getDpopKeyPair");
|
|
377
|
+
function _b64urlFromBytes(bytes) {
|
|
378
|
+
const arr = bytes instanceof Uint8Array ? bytes : new Uint8Array(bytes);
|
|
379
|
+
let s = "";
|
|
380
|
+
for (let i = 0; i < arr.length; i++) s += String.fromCharCode(arr[i]);
|
|
381
|
+
return btoa(s).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
|
|
382
|
+
}
|
|
383
|
+
__name(_b64urlFromBytes, "_b64urlFromBytes");
|
|
384
|
+
function _b64urlFromString(str) {
|
|
385
|
+
return _b64urlFromBytes(new TextEncoder().encode(str));
|
|
386
|
+
}
|
|
387
|
+
__name(_b64urlFromString, "_b64urlFromString");
|
|
388
|
+
async function _publicJwk(pub) {
|
|
389
|
+
const jwk = await crypto.subtle.exportKey("jwk", pub);
|
|
390
|
+
return { kty: "EC", crv: "P-256", x: jwk.x, y: jwk.y };
|
|
391
|
+
}
|
|
392
|
+
__name(_publicJwk, "_publicJwk");
|
|
393
|
+
async function _makeDpopProof(method, url) {
|
|
394
|
+
try {
|
|
395
|
+
const pair = await _getDpopKeyPair();
|
|
396
|
+
const jwk = await _publicJwk(pair.publicKey);
|
|
397
|
+
const header = { typ: "dpop+jwt", alg: "ES256", jwk };
|
|
398
|
+
const htu = url.split("#")[0].split("?")[0];
|
|
399
|
+
const jti = crypto.randomUUID && crypto.randomUUID() || _b64urlFromBytes(crypto.getRandomValues(new Uint8Array(16)));
|
|
400
|
+
const payload = { htm: method.toUpperCase(), htu, iat: Math.floor(Date.now() / 1e3), jti };
|
|
401
|
+
const signingInput = `${_b64urlFromString(JSON.stringify(header))}.${_b64urlFromString(JSON.stringify(payload))}`;
|
|
402
|
+
const sig = await crypto.subtle.sign(
|
|
403
|
+
{ name: "ECDSA", hash: "SHA-256" },
|
|
404
|
+
pair.privateKey,
|
|
405
|
+
new TextEncoder().encode(signingInput)
|
|
406
|
+
);
|
|
407
|
+
return `${signingInput}.${_b64urlFromBytes(sig)}`;
|
|
408
|
+
} catch {
|
|
409
|
+
return null;
|
|
410
|
+
}
|
|
411
|
+
}
|
|
412
|
+
__name(_makeDpopProof, "_makeDpopProof");
|
|
320
413
|
function installAuthOnClient(client2) {
|
|
321
414
|
if (_client) return;
|
|
322
415
|
_client = client2;
|
|
@@ -324,7 +417,7 @@ function installAuthOnClient(client2) {
|
|
|
324
417
|
baseUrl: auth.getBaseUrl(),
|
|
325
418
|
credentials: _withCredentials ? "include" : "same-origin"
|
|
326
419
|
});
|
|
327
|
-
client2.interceptors.request.use((request) => {
|
|
420
|
+
client2.interceptors.request.use(async (request) => {
|
|
328
421
|
const token = auth.getToken();
|
|
329
422
|
if (token) request.headers.set("Authorization", `Bearer ${token}`);
|
|
330
423
|
const locale = auth.getLocale();
|
|
@@ -337,6 +430,10 @@ function installAuthOnClient(client2) {
|
|
|
337
430
|
} catch {
|
|
338
431
|
}
|
|
339
432
|
request.headers.set("X-Client-Time", (/* @__PURE__ */ new Date()).toISOString());
|
|
433
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
434
|
+
const proof = await _makeDpopProof(request.method, request.url);
|
|
435
|
+
if (proof) request.headers.set("DPoP", proof);
|
|
436
|
+
}
|
|
340
437
|
return request;
|
|
341
438
|
});
|
|
342
439
|
client2.interceptors.error.use((err, res, req) => {
|
|
@@ -370,6 +467,10 @@ function installAuthOnClient(client2) {
|
|
|
370
467
|
const retry = request.clone();
|
|
371
468
|
retry.headers.set("Authorization", `Bearer ${newToken}`);
|
|
372
469
|
retry.headers.set(RETRY_MARKER, "1");
|
|
470
|
+
if (dpopEnabled() && typeof window !== "undefined") {
|
|
471
|
+
const proof = await _makeDpopProof(retry.method, retry.url);
|
|
472
|
+
if (proof) retry.headers.set("DPoP", proof);
|
|
473
|
+
}
|
|
373
474
|
try {
|
|
374
475
|
const retried = await fetch(retry);
|
|
375
476
|
if (retried.status === 401 && _onUnauthorized) {
|