npm - @dloizides/bff-web-client - Versions diffs - 1.0.1 - Mend

@dloizides/bff-web-client 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,19 @@
+# Changelog
+All notable changes to `@dloizides/bff-web-client` are documented here.
+## [1.0.0] - 2026-06-14
+### Added
+- Initial release. Extracted from the byte-identical BFF HTTP layer shared by
+  `erevna-web` and `katalogos-web`.
+- `createBffAxiosClient(opts)` — credentialed axios instance factory with the
+  shared BFF defaults (JSON, `X-Requested-With`, `withCredentials`).
+- `registerInterceptors(instance, ports)` — wires the BFF interceptor chain:
+  logging, success-toast normalizer, error classifier (package-owned), plus the
+  app-supplied `csrf` and `onSessionExpiry` ports.
+- Individual interceptor registrars: `registerLoggingInterceptor`,
+  `registerResponseNormalizer`, `registerErrorClassifier`,
+  `registerDefaultCsrfInterceptor`.
+- Ports/types: `BffLogger`, `EmitToast`, `InterceptorRegistrar`,
+  `BffAxiosClientOptions`, `RegisterInterceptorsPorts`.

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2024 dloizides
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,80 @@
+# @dloizides/bff-web-client
+Product-agnostic RN-web **BFF HTTP layer** for the dloizides.com portfolio.
+It owns the axios instance factory and the interceptor chain (logging, success
+toast normalizer, error classifier) that `erevna-web` and `katalogos-web` shared
+byte-for-byte. Every app-specific concern is a **port** the consuming app
+supplies — its logger, its toast emitter, its CSRF strategy, and its
+session-expiry handler. The package never imports a product, realm, or hardcoded
+URL, and pairs with `@dloizides/api-client-base` by composition.
+## Install
+```bash
+npm install @dloizides/bff-web-client
+```
+Peer deps: `axios`, `@dloizides/api-client-base`, `@dloizides/utils`.
+## Usage
+```ts
+import {
+  createBffAxiosClient,
+  registerInterceptors,
+} from '@dloizides/bff-web-client';
+import { apiEventBus } from '@dloizides/api-client-base';
+import { logger } from './my-logger';
+import { registerCsrfInterceptor } from './csrfInterceptor'; // app-owned
+import { registerSessionExpiryInterceptor } from './sessionExpiry'; // app-owned
+export const apiClient = createBffAxiosClient({ timeoutMs: 30_000 });
+registerInterceptors(apiClient, {
+  logger,
+  emitToast: (message, severity) =>
+    apiEventBus.emit({ type: 'toast', severity, message }),
+  csrf: registerCsrfInterceptor,
+  onSessionExpiry: registerSessionExpiryInterceptor,
+});
+```
+## API
+### `createBffAxiosClient(options)`
+| option      | type                       | description                                          |
+| ----------- | -------------------------- | ---------------------------------------------------- |
+| `timeoutMs` | `number`                   | Request timeout in milliseconds.                     |
+| `baseURL`   | `string` (optional)        | Omit for same-origin (relative) BFF requests.        |
+| `headers`   | `Record<string,string>`    | Extra default headers merged over the BFF defaults.  |
+Returns a credentialed `AxiosInstance` with **no** interceptors registered.
+### `registerInterceptors(instance, ports)`
+| port             | type                                   | required | description                                                          |
+| ---------------- | -------------------------------------- | -------- | -------------------------------------------------------------------- |
+| `logger`         | `BffLogger`                            | yes      | Structured logger the package logs through.                          |
+| `emitToast`      | `(message, severity) => void`          | yes      | Called when a mutating request succeeds.                            |
+| `csrf`           | `(instance) => void`                   | no       | App CSRF registrar. Defaults to `X-BFF-Csrf: 1` on mutations.        |
+| `onSessionExpiry`| `(instance) => void`                   | no       | App session-expiry registrar (app owns its session store).          |
+Chain order (matches the pre-extraction behaviour):
+- **Request** (reverse execution): logging is registered first (runs last),
+  CSRF registered second (runs first).
+- **Response** (execution order): logging → normalizer → session expiry →
+  error classifier.
+### Individual registrars
+`registerLoggingInterceptor`, `registerResponseNormalizer`,
+`registerErrorClassifier`, `registerDefaultCsrfInterceptor` — exported for
+custom chains.
+## License
+MIT

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,194 @@
+import { ErrorSeverity, ClassifiedError } from '@dloizides/api-client-base';
+import { AxiosInstance, AxiosError, InternalAxiosRequestConfig } from 'axios';
+/**
+ * Shared types for `@dloizides/bff-web-client`.
+ *
+ * The package owns the BFF HTTP *logic* (the axios factory + the interceptor
+ * chain). Every app-specific concern is a **port** the consuming app supplies:
+ * its logger, its toast/UI bus, its CSRF strategy, and its session-expiry
+ * handler. The package never imports a product, realm, or hardcoded URL.
+ */
+/**
+ * Minimal structured logger contract. The consuming app supplies an adapter
+ * over its own logging service so the package emits no `console` calls.
+ */
+interface BffLogger {
+    debug: (context: string, message: string, data?: unknown) => void;
+    info: (context: string, message: string, data?: unknown) => void;
+    warn: (context: string, message: string, data?: unknown) => void;
+    error: (context: string, message: string, error?: unknown) => void;
+}
+/**
+ * Emits a UI toast. The app owns its UI event bus; the package only calls
+ * this port when a mutating request succeeds (the response normalizer).
+ */
+type EmitToast = (message: string, severity: ErrorSeverity) => void;
+/**
+ * Registers an interceptor on the given axios instance. Both the CSRF port and
+ * the session-expiry port have this shape: the app supplies a function that
+ * wires its own interceptor onto the instance. The package calls it during
+ * {@link registerInterceptors} in the correct chain position.
+ */
+type InterceptorRegistrar = (instance: AxiosInstance) => void;
+/**
+ * Options for {@link createBffAxiosClient}.
+ */
+interface BffAxiosClientOptions {
+    /** Request timeout in milliseconds. */
+    timeoutMs: number;
+    /** Optional base URL; omit to use relative paths (the BFF same-origin case). */
+    baseURL?: string;
+    /** Extra default headers merged over the BFF defaults. */
+    headers?: Record<string, string>;
+}
+/**
+ * Ports for {@link registerInterceptors}. The 4 package-owned interceptors
+ * (logging, response normalizer, error classifier) run with the supplied
+ * {@link BffLogger} and {@link EmitToast}; `csrf` and `onSessionExpiry` are
+ * app-supplied registrars wired into the chain at the right position.
+ */
+interface RegisterInterceptorsPorts {
+    /** Structured logger the package logs through. */
+    logger: BffLogger;
+    /** Toast emitter the response normalizer calls on a successful mutation. */
+    emitToast: EmitToast;
+    /**
+     * App-supplied CSRF request-interceptor registrar (the one body that
+     * diverges per app). If omitted, {@link registerDefaultCsrfInterceptor} is
+     * used, which attaches `X-BFF-Csrf: 1` to every state-changing request.
+     */
+    csrf?: InterceptorRegistrar;
+    /**
+     * App-supplied session-expiry response-interceptor registrar (the app owns
+     * its session store + its `/bff/me` probe). Optional: omit when an app does
+     * not handle 401 session death in the HTTP layer.
+     */
+    onSessionExpiry?: InterceptorRegistrar;
+}
+/**
+ * Clean axios instance factory for the BFF era.
+ *
+ * Produces an axios instance with the BFF defaults (JSON, XHR marker,
+ * credentialed) and no interceptors. Interceptors are wired separately via
+ * {@link registerInterceptors} so the app controls the chain composition.
+ */
+/**
+ * Creates a credentialed axios instance with the shared BFF defaults. No
+ * interceptors are registered here — call {@link registerInterceptors} once at
+ * bootstrap to install the chain.
+ */
+declare function createBffAxiosClient(options: BffAxiosClientOptions): AxiosInstance;
+/**
+ * Interceptor registration — BFF era.
+ *
+ * Wires the interceptor chain onto an axios instance in the correct order.
+ *
+ * Request interceptors run in REVERSE order of registration, so:
+ *   1. logging (registered first, runs last = logs the FINAL config)
+ *   2. csrf    (registered second, runs first = attaches the CSRF header)
+ *
+ * Response interceptors run in ORDER of registration, so:
+ *   1. logging          (logs response/error first)
+ *   2. normalizer       (emits success toast)
+ *   3. session expiry   (handles 401 -> clear session, app-supplied port)
+ *   4. error classifier (classifies remaining errors)
+ *
+ * The package owns the logging, normalizer, and error-classifier bodies. The
+ * `csrf` and `onSessionExpiry` registrars are app-supplied ports (the app owns
+ * its CSRF strategy and its session store); `csrf` falls back to the package
+ * default when omitted.
+ */
+/**
+ * Registers the full BFF interceptor chain on the provided axios instance.
+ * Call this once during application bootstrap after creating the instance.
+ */
+declare function registerInterceptors(instance: AxiosInstance, ports: RegisterInterceptorsPorts): void;
+/**
+ * Request and response logging interceptor.
+ *
+ * Logs HTTP method, URL, status, and duration through the app-supplied
+ * {@link BffLogger}. Only active in non-production environments. Request
+ * bodies are NOT logged for security reasons.
+ */
+/**
+ * Registers request and response logging interceptors on an axios instance.
+ * No-ops in production.
+ * @returns An object with both interceptor IDs for potential ejection.
+ */
+declare function registerLoggingInterceptor(instance: AxiosInstance, logger: BffLogger): {
+    request: number;
+    response: number;
+};
+/**
+ * Response interceptor: normalizes successful API responses.
+ *
+ * For successful mutation requests (POST/PUT/PATCH/DELETE), emits a toast via
+ * the app-supplied {@link EmitToast} port so the UI can display a success
+ * notification without coupling the package to a specific UI bus.
+ */
+/**
+ * Registers the response normalizer interceptor on an axios instance.
+ * @returns The interceptor ID for potential ejection.
+ */
+declare function registerResponseNormalizer(instance: AxiosInstance, emitToast: EmitToast, logger: BffLogger): number;
+/**
+ * Response error interceptor: classifies axios errors.
+ *
+ * Converts raw AxiosError objects into {@link ClassifiedError} instances with
+ * full context (status, url, method, errorCode, message, etc), logs them
+ * through the app-supplied {@link BffLogger}, and re-rejects so callers and
+ * downstream interceptors can react.
+ */
+/**
+ * Converts an AxiosError into a {@link ClassifiedError} with full context.
+ */
+declare function classifyError(error: AxiosError): ClassifiedError;
+/**
+ * Handles response errors by classifying them and logging.
+ */
+declare function handleResponseError(error: unknown, logger: BffLogger): Promise<never>;
+/**
+ * Registers the error classifier interceptor on an axios instance.
+ * @returns The interceptor ID for potential ejection.
+ */
+declare function registerErrorClassifier(instance: AxiosInstance, logger: BffLogger): number;
+/**
+ * Default CSRF request interceptor.
+ *
+ * After a BFF cutover, an SPA authenticates via a cookie. Cookie auth
+ * reintroduces CSRF risk, so the BFF's `Bff.AspNetCore` anti-forgery
+ * middleware requires a custom header on every state-changing request — a
+ * request a cross-site form POST cannot forge. This default attaches
+ * `X-BFF-Csrf: 1` to all mutating methods.
+ *
+ * This is the **default implementation of the `csrf` port**. Apps that need a
+ * different CSRF strategy supply their own registrar to
+ * {@link registerInterceptors}; this body is what diverged per app and is kept
+ * overridable on purpose.
+ */
+/**
+ * Adds `X-BFF-Csrf` to every state-changing request. Safe (GET/HEAD) requests
+ * are left untouched — the BFF only enforces the header on mutations.
+ */
+declare function attachCsrfHeader(config: InternalAxiosRequestConfig): InternalAxiosRequestConfig;
+/**
+ * Registers the default CSRF request interceptor on an axios instance.
+ * @returns The interceptor ID for potential ejection.
+ */
+declare function registerDefaultCsrfInterceptor(instance: AxiosInstance): number;
+export { type BffAxiosClientOptions, type BffLogger, type EmitToast, type InterceptorRegistrar, type RegisterInterceptorsPorts, attachCsrfHeader, classifyError, createBffAxiosClient, handleResponseError, registerDefaultCsrfInterceptor, registerErrorClassifier, registerInterceptors, registerLoggingInterceptor, registerResponseNormalizer };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,194 @@
+import { ErrorSeverity, ClassifiedError } from '@dloizides/api-client-base';
+import { AxiosInstance, AxiosError, InternalAxiosRequestConfig } from 'axios';
+/**
+ * Shared types for `@dloizides/bff-web-client`.
+ *
+ * The package owns the BFF HTTP *logic* (the axios factory + the interceptor
+ * chain). Every app-specific concern is a **port** the consuming app supplies:
+ * its logger, its toast/UI bus, its CSRF strategy, and its session-expiry
+ * handler. The package never imports a product, realm, or hardcoded URL.
+ */
+/**
+ * Minimal structured logger contract. The consuming app supplies an adapter
+ * over its own logging service so the package emits no `console` calls.
+ */
+interface BffLogger {
+    debug: (context: string, message: string, data?: unknown) => void;
+    info: (context: string, message: string, data?: unknown) => void;
+    warn: (context: string, message: string, data?: unknown) => void;
+    error: (context: string, message: string, error?: unknown) => void;
+}
+/**
+ * Emits a UI toast. The app owns its UI event bus; the package only calls
+ * this port when a mutating request succeeds (the response normalizer).
+ */
+type EmitToast = (message: string, severity: ErrorSeverity) => void;
+/**
+ * Registers an interceptor on the given axios instance. Both the CSRF port and
+ * the session-expiry port have this shape: the app supplies a function that
+ * wires its own interceptor onto the instance. The package calls it during
+ * {@link registerInterceptors} in the correct chain position.
+ */
+type InterceptorRegistrar = (instance: AxiosInstance) => void;
+/**
+ * Options for {@link createBffAxiosClient}.
+ */
+interface BffAxiosClientOptions {
+    /** Request timeout in milliseconds. */
+    timeoutMs: number;
+    /** Optional base URL; omit to use relative paths (the BFF same-origin case). */
+    baseURL?: string;
+    /** Extra default headers merged over the BFF defaults. */
+    headers?: Record<string, string>;
+}
+/**
+ * Ports for {@link registerInterceptors}. The 4 package-owned interceptors
+ * (logging, response normalizer, error classifier) run with the supplied
+ * {@link BffLogger} and {@link EmitToast}; `csrf` and `onSessionExpiry` are
+ * app-supplied registrars wired into the chain at the right position.
+ */
+interface RegisterInterceptorsPorts {
+    /** Structured logger the package logs through. */
+    logger: BffLogger;
+    /** Toast emitter the response normalizer calls on a successful mutation. */
+    emitToast: EmitToast;
+    /**
+     * App-supplied CSRF request-interceptor registrar (the one body that
+     * diverges per app). If omitted, {@link registerDefaultCsrfInterceptor} is
+     * used, which attaches `X-BFF-Csrf: 1` to every state-changing request.
+     */
+    csrf?: InterceptorRegistrar;
+    /**
+     * App-supplied session-expiry response-interceptor registrar (the app owns
+     * its session store + its `/bff/me` probe). Optional: omit when an app does
+     * not handle 401 session death in the HTTP layer.
+     */
+    onSessionExpiry?: InterceptorRegistrar;
+}
+/**
+ * Clean axios instance factory for the BFF era.
+ *
+ * Produces an axios instance with the BFF defaults (JSON, XHR marker,
+ * credentialed) and no interceptors. Interceptors are wired separately via
+ * {@link registerInterceptors} so the app controls the chain composition.
+ */
+/**
+ * Creates a credentialed axios instance with the shared BFF defaults. No
+ * interceptors are registered here — call {@link registerInterceptors} once at
+ * bootstrap to install the chain.
+ */
+declare function createBffAxiosClient(options: BffAxiosClientOptions): AxiosInstance;
+/**
+ * Interceptor registration — BFF era.
+ *
+ * Wires the interceptor chain onto an axios instance in the correct order.
+ *
+ * Request interceptors run in REVERSE order of registration, so:
+ *   1. logging (registered first, runs last = logs the FINAL config)
+ *   2. csrf    (registered second, runs first = attaches the CSRF header)
+ *
+ * Response interceptors run in ORDER of registration, so:
+ *   1. logging          (logs response/error first)
+ *   2. normalizer       (emits success toast)
+ *   3. session expiry   (handles 401 -> clear session, app-supplied port)
+ *   4. error classifier (classifies remaining errors)
+ *
+ * The package owns the logging, normalizer, and error-classifier bodies. The
+ * `csrf` and `onSessionExpiry` registrars are app-supplied ports (the app owns
+ * its CSRF strategy and its session store); `csrf` falls back to the package
+ * default when omitted.
+ */
+/**
+ * Registers the full BFF interceptor chain on the provided axios instance.
+ * Call this once during application bootstrap after creating the instance.
+ */
+declare function registerInterceptors(instance: AxiosInstance, ports: RegisterInterceptorsPorts): void;
+/**
+ * Request and response logging interceptor.
+ *
+ * Logs HTTP method, URL, status, and duration through the app-supplied
+ * {@link BffLogger}. Only active in non-production environments. Request
+ * bodies are NOT logged for security reasons.
+ */
+/**
+ * Registers request and response logging interceptors on an axios instance.
+ * No-ops in production.
+ * @returns An object with both interceptor IDs for potential ejection.
+ */
+declare function registerLoggingInterceptor(instance: AxiosInstance, logger: BffLogger): {
+    request: number;
+    response: number;
+};
+/**
+ * Response interceptor: normalizes successful API responses.
+ *
+ * For successful mutation requests (POST/PUT/PATCH/DELETE), emits a toast via
+ * the app-supplied {@link EmitToast} port so the UI can display a success
+ * notification without coupling the package to a specific UI bus.
+ */
+/**
+ * Registers the response normalizer interceptor on an axios instance.
+ * @returns The interceptor ID for potential ejection.
+ */
+declare function registerResponseNormalizer(instance: AxiosInstance, emitToast: EmitToast, logger: BffLogger): number;
+/**
+ * Response error interceptor: classifies axios errors.
+ *
+ * Converts raw AxiosError objects into {@link ClassifiedError} instances with
+ * full context (status, url, method, errorCode, message, etc), logs them
+ * through the app-supplied {@link BffLogger}, and re-rejects so callers and
+ * downstream interceptors can react.
+ */
+/**
+ * Converts an AxiosError into a {@link ClassifiedError} with full context.
+ */
+declare function classifyError(error: AxiosError): ClassifiedError;
+/**
+ * Handles response errors by classifying them and logging.
+ */
+declare function handleResponseError(error: unknown, logger: BffLogger): Promise<never>;
+/**
+ * Registers the error classifier interceptor on an axios instance.
+ * @returns The interceptor ID for potential ejection.
+ */
+declare function registerErrorClassifier(instance: AxiosInstance, logger: BffLogger): number;
+/**
+ * Default CSRF request interceptor.
+ *
+ * After a BFF cutover, an SPA authenticates via a cookie. Cookie auth
+ * reintroduces CSRF risk, so the BFF's `Bff.AspNetCore` anti-forgery
+ * middleware requires a custom header on every state-changing request — a
+ * request a cross-site form POST cannot forge. This default attaches
+ * `X-BFF-Csrf: 1` to all mutating methods.
+ *
+ * This is the **default implementation of the `csrf` port**. Apps that need a
+ * different CSRF strategy supply their own registrar to
+ * {@link registerInterceptors}; this body is what diverged per app and is kept
+ * overridable on purpose.
+ */
+/**
+ * Adds `X-BFF-Csrf` to every state-changing request. Safe (GET/HEAD) requests
+ * are left untouched — the BFF only enforces the header on mutations.
+ */
+declare function attachCsrfHeader(config: InternalAxiosRequestConfig): InternalAxiosRequestConfig;
+/**
+ * Registers the default CSRF request interceptor on an axios instance.
+ * @returns The interceptor ID for potential ejection.
+ */
+declare function registerDefaultCsrfInterceptor(instance: AxiosInstance): number;
+export { type BffAxiosClientOptions, type BffLogger, type EmitToast, type InterceptorRegistrar, type RegisterInterceptorsPorts, attachCsrfHeader, classifyError, createBffAxiosClient, handleResponseError, registerDefaultCsrfInterceptor, registerErrorClassifier, registerInterceptors, registerLoggingInterceptor, registerResponseNormalizer };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,293 @@
+'use strict';
+var axios = require('axios');
+var apiClientBase = require('@dloizides/api-client-base');
+var utils = require('@dloizides/utils');
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+var axios__default = /*#__PURE__*/_interopDefault(axios);
+// src/createBffAxiosClient.ts
+var BFF_DEFAULT_HEADERS = {
+  "Content-Type": "application/json",
+  "Accept": "application/json",
+  "X-Requested-With": "XMLHttpRequest"
+};
+function createBffAxiosClient(options) {
+  return axios__default.default.create({
+    timeout: options.timeoutMs,
+    baseURL: options.baseURL,
+    headers: { ...BFF_DEFAULT_HEADERS, ...options.headers ?? {} },
+    withCredentials: true
+  });
+}
+// src/interceptors/defaultCsrfInterceptor.ts
+var CSRF_HEADER = "X-BFF-Csrf";
+var CSRF_HEADER_VALUE = "1";
+var STATE_CHANGING_METHODS = ["POST", "PUT", "PATCH", "DELETE"];
+function isStateChanging(method) {
+  if (typeof method !== "string") {
+    return false;
+  }
+  return STATE_CHANGING_METHODS.includes(method.toUpperCase());
+}
+function attachCsrfHeader(config) {
+  if (isStateChanging(config.method)) {
+    config.headers.set(CSRF_HEADER, CSRF_HEADER_VALUE);
+  }
+  return config;
+}
+function registerDefaultCsrfInterceptor(instance) {
+  return instance.interceptors.request.use(attachCsrfHeader);
+}
+var LOG_CONTEXT = "errorClassifier";
+var TIMEOUT_ERROR_CODE = "ECONNABORTED";
+var NETWORK_ERROR_STATUS = 0;
+function isRecord(value) {
+  return utils.isValueDefined(value) && typeof value === "object";
+}
+function isAxiosError(value) {
+  if (typeof value !== "object") {
+    return false;
+  }
+  if (!utils.isValueDefined(value)) {
+    return false;
+  }
+  return "isAxiosError" in value;
+}
+function extractErrorCode(data) {
+  if (!isRecord(data)) {
+    return void 0;
+  }
+  const code = data.errorCode ?? data.code ?? data.error;
+  if (typeof code === "string" && code.length > 0) {
+    return code;
+  }
+  return void 0;
+}
+function extractErrorMessage(data, fallback) {
+  if (!isRecord(data)) {
+    return fallback;
+  }
+  const message = data.message ?? data.detail ?? data.error ?? data.title;
+  if (typeof message === "string" && message.length > 0) {
+    return message;
+  }
+  return fallback;
+}
+function extractStringHeader(headers, key) {
+  const value = headers[key];
+  if (typeof value === "string" && value.length > 0) {
+    return value;
+  }
+  return void 0;
+}
+function extractRequestId(response) {
+  if (!utils.isValueDefined(response)) {
+    return void 0;
+  }
+  const headers = response.headers;
+  if (!isRecord(headers)) {
+    return void 0;
+  }
+  return extractStringHeader(headers, "x-request-id") ?? extractStringHeader(headers, "x-correlation-id");
+}
+function resolveHttpMethod(method) {
+  if (typeof method !== "string") {
+    return apiClientBase.HttpMethod.Get;
+  }
+  const upper = method.toUpperCase();
+  const methodMap = {
+    GET: apiClientBase.HttpMethod.Get,
+    POST: apiClientBase.HttpMethod.Post,
+    PUT: apiClientBase.HttpMethod.Put,
+    PATCH: apiClientBase.HttpMethod.Patch,
+    DELETE: apiClientBase.HttpMethod.Delete
+  };
+  return methodMap[upper] ?? apiClientBase.HttpMethod.Get;
+}
+function classifyError(error) {
+  const response = error.response;
+  const hasResponse = utils.isValueDefined(response);
+  const status = hasResponse ? response.status : NETWORK_ERROR_STATUS;
+  const url = error.config?.url ?? "unknown";
+  const method = resolveHttpMethod(error.config?.method);
+  const body = hasResponse ? response.data : void 0;
+  const isTimeout = error.code === TIMEOUT_ERROR_CODE;
+  const defaultMessage = isTimeout ? "Request timed out" : "Network error";
+  const errorCode = extractErrorCode(body) ?? (isTimeout ? TIMEOUT_ERROR_CODE : void 0);
+  const message = hasResponse ? extractErrorMessage(body, error.message) : defaultMessage;
+  return {
+    status,
+    url,
+    method,
+    errorCode,
+    message,
+    body,
+    originalError: error,
+    timestamp: Date.now(),
+    requestId: extractRequestId(response)
+  };
+}
+async function handleResponseError(error, logger) {
+  if (!isAxiosError(error)) {
+    return Promise.reject(error);
+  }
+  const classified = classifyError(error);
+  logger.warn(LOG_CONTEXT, `HTTP ${classified.method} ${classified.url} failed`, {
+    status: classified.status,
+    errorCode: classified.errorCode,
+    message: classified.message
+  });
+  return Promise.reject(error);
+}
+function registerErrorClassifier(instance, logger) {
+  return instance.interceptors.response.use(
+    (response) => response,
+    (error) => handleResponseError(error, logger)
+  );
+}
+var LOG_CONTEXT2 = "http";
+var REQUEST_START_HEADER = "x-request-start-time";
+function isProduction() {
+  return process.env.NODE_ENV === "production";
+}
+function logRequest(config, logger) {
+  if (isProduction()) {
+    return config;
+  }
+  const method = (config.method ?? "GET").toUpperCase();
+  const url = config.url ?? "unknown";
+  logger.debug(LOG_CONTEXT2, `-> ${method} ${url}`);
+  config.headers.set(REQUEST_START_HEADER, String(Date.now()));
+  return config;
+}
+function calculateDurationMs(config) {
+  const startRaw = config.headers.get(REQUEST_START_HEADER);
+  if (typeof startRaw !== "string" || startRaw.length === 0) {
+    return void 0;
+  }
+  const start = Number(startRaw);
+  if (Number.isNaN(start)) {
+    return void 0;
+  }
+  return Date.now() - start;
+}
+function logResponse(response, logger) {
+  if (isProduction()) {
+    return response;
+  }
+  const method = (response.config.method ?? "GET").toUpperCase();
+  const url = response.config.url ?? "unknown";
+  const status = response.status;
+  const duration = calculateDurationMs(response.config);
+  const durationSuffix = utils.isValueDefined(duration) ? ` (${duration}ms)` : "";
+  logger.debug(LOG_CONTEXT2, `<- ${method} ${url} ${status}${durationSuffix}`);
+  return response;
+}
+function isAxiosLikeError(value) {
+  if (typeof value !== "object") {
+    return false;
+  }
+  if (!utils.isValueDefined(value)) {
+    return false;
+  }
+  return "config" in value;
+}
+async function logErrorResponse(error, logger) {
+  if (isProduction()) {
+    return Promise.reject(error);
+  }
+  if (!isAxiosLikeError(error)) {
+    return Promise.reject(error);
+  }
+  const method = (error.config.method ?? "GET").toUpperCase();
+  const url = error.config.url ?? "unknown";
+  const status = error.response?.status ?? 0;
+  const duration = calculateDurationMs(error.config);
+  const durationSuffix = utils.isValueDefined(duration) ? ` (${duration}ms)` : "";
+  logger.warn(LOG_CONTEXT2, `<- ${method} ${url} ${status}${durationSuffix}`);
+  return Promise.reject(error);
+}
+function registerLoggingInterceptor(instance, logger) {
+  const requestId = instance.interceptors.request.use((config) => logRequest(config, logger));
+  const responseId = instance.interceptors.response.use(
+    (response) => logResponse(response, logger),
+    (error) => logErrorResponse(error, logger)
+  );
+  return { request: requestId, response: responseId };
+}
+var MUTATING_METHODS = ["POST", "PUT", "PATCH", "DELETE"];
+var DEFAULT_SUCCESS_MESSAGE = "Saved successfully.";
+var LOG_CONTEXT3 = "responseNormalizer";
+function isRecord2(value) {
+  return utils.isValueDefined(value) && typeof value === "object";
+}
+function extractMessageFromBody(data) {
+  if (!isRecord2(data)) {
+    return void 0;
+  }
+  const message = data.message;
+  if (typeof message === "string" && message.length > 0) {
+    return message;
+  }
+  const detail = data.detail;
+  if (typeof detail === "string" && detail.length > 0) {
+    return detail;
+  }
+  return void 0;
+}
+function isMutatingMethod(method) {
+  if (typeof method !== "string") {
+    return false;
+  }
+  return MUTATING_METHODS.includes(method.toUpperCase());
+}
+function handleSuccessResponse(response, emitToast, logger) {
+  try {
+    const method = response.config.method;
+    if (!isMutatingMethod(method)) {
+      return response;
+    }
+    const message = extractMessageFromBody(response.data) ?? DEFAULT_SUCCESS_MESSAGE;
+    emitToast(String(message), apiClientBase.ErrorSeverity.Info);
+  } catch (emitError) {
+    logger.warn(LOG_CONTEXT3, "Failed to emit success notification", emitError);
+  }
+  return response;
+}
+function registerResponseNormalizer(instance, emitToast, logger) {
+  return instance.interceptors.response.use(
+    (response) => handleSuccessResponse(response, emitToast, logger)
+  );
+}
+// src/registerInterceptors.ts
+function registerInterceptors(instance, ports) {
+  const { logger, emitToast, csrf, onSessionExpiry } = ports;
+  registerLoggingInterceptor(instance, logger);
+  if (csrf) {
+    csrf(instance);
+  } else {
+    registerDefaultCsrfInterceptor(instance);
+  }
+  registerResponseNormalizer(instance, emitToast, logger);
+  if (onSessionExpiry) {
+    onSessionExpiry(instance);
+  }
+  registerErrorClassifier(instance, logger);
+}
+exports.attachCsrfHeader = attachCsrfHeader;
+exports.classifyError = classifyError;
+exports.createBffAxiosClient = createBffAxiosClient;
+exports.handleResponseError = handleResponseError;
+exports.registerDefaultCsrfInterceptor = registerDefaultCsrfInterceptor;
+exports.registerErrorClassifier = registerErrorClassifier;
+exports.registerInterceptors = registerInterceptors;
+exports.registerLoggingInterceptor = registerLoggingInterceptor;
+exports.registerResponseNormalizer = registerResponseNormalizer;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/createBffAxiosClient.ts","../src/interceptors/defaultCsrfInterceptor.ts","../src/interceptors/errorClassifierInterceptor.ts","../src/interceptors/loggingInterceptor.ts","../src/interceptors/responseNormalizer.ts","../src/registerInterceptors.ts"],"names":["axios","isValueDefined","HttpMethod","LOG_CONTEXT","isRecord","ErrorSeverity"],"mappings":";;;;;;;;;;;AAaA,IAAM,mBAAA,GAA8C;AAAA,EAClD,cAAA,EAAgB,kBAAA;AAAA,EAChB,QAAA,EAAU,kBAAA;AAAA,EACV,kBAAA,EAAoB;AACtB,CAAA;AAOA,SAAS,qBAAqB,OAAA,EAA+C;AAC3E,EAAA,OAAOA,uBAAM,MAAA,CAAO;AAAA,IAClB,SAAS,OAAA,CAAQ,SAAA;AAAA,IACjB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,OAAA,EAAS,EAAE,GAAG,mBAAA,EAAqB,GAAI,OAAA,CAAQ,OAAA,IAAW,EAAC,EAAG;AAAA,IAC9D,eAAA,EAAiB;AAAA,GAClB,CAAA;AACH;;;ACbA,IAAM,WAAA,GAAc,YAAA;AACpB,IAAM,iBAAA,GAAoB,GAAA;AAG1B,IAAM,sBAAA,GAAyB,CAAC,MAAA,EAAQ,KAAA,EAAO,SAAS,QAAQ,CAAA;AAEhE,SAAS,gBAAgB,MAAA,EAAqC;AAC5D,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,sBAAA,CAAuB,QAAA,CAAS,MAAA,CAAO,WAAA,EAAa,CAAA;AAC7D;AAMA,SAAS,iBAAiB,MAAA,EAAgE;AACxF,EAAA,IAAI,eAAA,CAAgB,MAAA,CAAO,MAAM,CAAA,EAAG;AAClC,IAAA,MAAA,CAAO,OAAA,CAAQ,GAAA,CAAI,WAAA,EAAa,iBAAiB,CAAA;AAAA,EACnD;AACA,EAAA,OAAO,MAAA;AACT;AAMA,SAAS,+BAA+B,QAAA,EAAiC;AACvE,EAAA,OAAO,QAAA,CAAS,YAAA,CAAa,OAAA,CAAQ,GAAA,CAAI,gBAAgB,CAAA;AAC3D;AChCA,IAAM,WAAA,GAAc,iBAAA;AACpB,IAAM,kBAAA,GAAqB,cAAA;AAC3B,IAAM,oBAAA,GAAuB,CAAA;AAE7B,SAAS,SAAS,KAAA,EAAkD;AAClE,EAAA,OAAOC,oBAAA,CAAe,KAAK,CAAA,IAAK,OAAO,KAAA,KAAU,QAAA;AACnD;AAEA,SAAS,aAAa,KAAA,EAAqC;AACzD,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,CAACA,oBAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,cAAA,IAAkB,KAAA;AAC3B;AAEA,SAAS,iBAAiB,IAAA,EAAmC;AAC3D,EAAA,IAAI,CAAC,QAAA,CAAS,IAAI,CAAA,EAAG;AACnB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA;AACjD,EAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,CAAK,SAAS,CAAA,EAAG;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,mBAAA,CAAoB,MAAe,QAAA,EAA0B;AACpE,EAAA,IAAI,CAAC,QAAA,CAAS,IAAI,CAAA,EAAG;AACnB,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAU,IAAA,CAAK,OAAA,IAAW,KAAK,MAAA,IAAU,IAAA,CAAK,SAAS,IAAA,CAAK,KAAA;AAClE,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAY,OAAA,CAAQ,SAAS,CAAA,EAAG;AACrD,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,OAAO,QAAA;AACT;AAEA,SAAS,mBAAA,CAAoB,SAAkC,GAAA,EAAiC;AAC9F,EAAA,MAAM,KAAA,GAAiB,QAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,SAAS,CAAA,EAAG;AACjD,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAiB,QAAA,EAAyD;AACjF,EAAA,IAAI,CAACA,oBAAA,CAAe,QAAQ,CAAA,EAAG;AAC7B,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAU,QAAA,CAAS,OAAA;AACzB,EAAA,IAAI,CAAC,QAAA,CAAS,OAAO,CAAA,EAAG;AACtB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,oBAAoB,OAAA,EAAS,cAAc,CAAA,IAAK,mBAAA,CAAoB,SAAS,kBAAkB,CAAA;AACxG;AAEA,SAAS,kBAAkB,MAAA,EAAwC;AACjE,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAOC,wBAAA,CAAW,GAAA;AAAA,EACpB;AACA,EAAA,MAAM,KAAA,GAAQ,OAAO,WAAA,EAAY;AACjC,EAAA,MAAM,SAAA,GAAoD;AAAA,IACxD,KAAKA,wBAAA,CAAW,GAAA;AAAA,IAChB,MAAMA,wBAAA,CAAW,IAAA;AAAA,IACjB,KAAKA,wBAAA,CAAW,GAAA;AAAA,IAChB,OAAOA,wBAAA,CAAW,KAAA;AAAA,IAClB,QAAQA,wBAAA,CAAW;AAAA,GACrB;AACA,EAAA,OAAO,SAAA,CAAU,KAAK,CAAA,IAAKA,wBAAA,CAAW,GAAA;AACxC;AAKA,SAAS,cAAc,KAAA,EAAoC;AACzD,EAAA,MAAM,WAAW,KAAA,CAAM,QAAA;AACvB,EAAA,MAAM,WAAA,GAAcD,qBAAe,QAAQ,CAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,WAAA,GAAc,QAAA,CAAS,MAAA,GAAS,oBAAA;AAC/C,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,MAAA,EAAQ,GAAA,IAAO,SAAA;AACjC,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,KAAA,CAAM,MAAA,EAAQ,MAAM,CAAA;AACrD,EAAA,MAAM,IAAA,GAAO,WAAA,GAAc,QAAA,CAAS,IAAA,GAAO,MAAA;AAE3C,EAAA,MAAM,SAAA,GAAY,MAAM,IAAA,KAAS,kBAAA;AACjC,EAAA,MAAM,cAAA,GAAiB,YAAY,mBAAA,GAAsB,eAAA;AACzD,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,IAAI,CAAA,KAAM,YAAY,kBAAA,GAAqB,MAAA,CAAA;AAC9E,EAAA,MAAM,UAAU,WAAA,GAAc,mBAAA,CAAoB,IAAA,EAAM,KAAA,CAAM,OAAO,CAAA,GAAI,cAAA;AAEzE,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,GAAA;AAAA,IACA,MAAA;AAAA,IACA,SAAA;AAAA,IACA,OAAA;AAAA,IACA,IAAA;AAAA,IACA,aAAA,EAAe,KAAA;AAAA,IACf,SAAA,EAAW,KAAK,GAAA,EAAI;AAAA,IACpB,SAAA,EAAW,iBAAiB,QAAQ;AAAA,GACtC;AACF;AAKA,eAAe,mBAAA,CAAoB,OAAgB,MAAA,EAAmC;AACpF,EAAA,IAAI,CAAC,YAAA,CAAa,KAAK,CAAA,EAAG;AACxB,IAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,UAAA,GAAa,cAAc,KAAK,CAAA;AAEtC,EAAA,MAAA,CAAO,IAAA,CAAK,aAAa,CAAA,KAAA,EAAQ,UAAA,CAAW,MAAM,CAAA,CAAA,EAAI,UAAA,CAAW,GAAG,CAAA,OAAA,CAAA,EAAW;AAAA,IAC7E,QAAQ,UAAA,CAAW,MAAA;AAAA,IACnB,WAAW,UAAA,CAAW,SAAA;AAAA,IACtB,SAAS,UAAA,CAAW;AAAA,GACrB,CAAA;AAED,EAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAC7B;AAMA,SAAS,uBAAA,CAAwB,UAAyB,MAAA,EAA2B;AACnF,EAAA,OAAO,QAAA,CAAS,aAAa,QAAA,CAAS,GAAA;AAAA,IACpC,CAAC,QAAA,KAAa,QAAA;AAAA,IACd,CAAC,KAAA,KAAmB,mBAAA,CAAoB,KAAA,EAAO,MAAM;AAAA,GACvD;AACF;AC7IA,IAAME,YAAAA,GAAc,MAAA;AACpB,IAAM,oBAAA,GAAuB,sBAAA;AAE7B,SAAS,YAAA,GAAwB;AAC/B,EAAA,OAAO,OAAA,CAAQ,IAAI,QAAA,KAAa,YAAA;AAClC;AAKA,SAAS,UAAA,CACP,QACA,MAAA,EAC4B;AAC5B,EAAA,IAAI,cAAa,EAAG;AAClB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAA,CAAU,MAAA,CAAO,MAAA,IAAU,KAAA,EAAO,WAAA,EAAY;AACpD,EAAA,MAAM,GAAA,GAAM,OAAO,GAAA,IAAO,SAAA;AAE1B,EAAA,MAAA,CAAO,MAAMA,YAAAA,EAAa,CAAA,GAAA,EAAM,MAAM,CAAA,CAAA,EAAI,GAAG,CAAA,CAAE,CAAA;AAE/C,EAAA,MAAA,CAAO,QAAQ,GAAA,CAAI,oBAAA,EAAsB,OAAO,IAAA,CAAK,GAAA,EAAK,CAAC,CAAA;AAE3D,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,oBAAoB,MAAA,EAAwD;AACnF,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,OAAA,CAAQ,GAAA,CAAI,oBAAoB,CAAA;AACxD,EAAA,IAAI,OAAO,QAAA,KAAa,QAAA,IAAY,QAAA,CAAS,WAAW,CAAA,EAAG;AACzD,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAQ,CAAA;AAC7B,EAAA,IAAI,MAAA,CAAO,KAAA,CAAM,KAAK,CAAA,EAAG;AACvB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA,CAAK,KAAI,GAAI,KAAA;AACtB;AAKA,SAAS,WAAA,CAAY,UAAyB,MAAA,EAAkC;AAC9E,EAAA,IAAI,cAAa,EAAG;AAClB,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAA,CAAU,QAAA,CAAS,MAAA,CAAO,MAAA,IAAU,OAAO,WAAA,EAAY;AAC7D,EAAA,MAAM,GAAA,GAAM,QAAA,CAAS,MAAA,CAAO,GAAA,IAAO,SAAA;AACnC,EAAA,MAAM,SAAS,QAAA,CAAS,MAAA;AACxB,EAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,QAAA,CAAS,MAAM,CAAA;AAEpD,EAAA,MAAM,iBAAiBF,oBAAAA,CAAe,QAAQ,CAAA,GAAI,CAAA,EAAA,EAAK,QAAQ,CAAA,GAAA,CAAA,GAAQ,EAAA;AACvE,EAAA,MAAA,CAAO,KAAA,CAAME,YAAAA,EAAa,CAAA,GAAA,EAAM,MAAM,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,EAAI,MAAM,CAAA,EAAG,cAAc,CAAA,CAAE,CAAA;AAE1E,EAAA,OAAO,QAAA;AACT;AAQA,SAAS,iBAAiB,KAAA,EAAyC;AACjE,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,CAACF,oBAAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,QAAA,IAAY,KAAA;AACrB;AAKA,eAAe,gBAAA,CAAiB,OAAgB,MAAA,EAAmC;AACjF,EAAA,IAAI,cAAa,EAAG;AAClB,IAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAAA,EAC7B;AACA,EAAA,IAAI,CAAC,gBAAA,CAAiB,KAAK,CAAA,EAAG;AAC5B,IAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,MAAA,GAAA,CAAU,KAAA,CAAM,MAAA,CAAO,MAAA,IAAU,OAAO,WAAA,EAAY;AAC1D,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,MAAA,CAAO,GAAA,IAAO,SAAA;AAChC,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,QAAA,EAAU,MAAA,IAAU,CAAA;AACzC,EAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,KAAA,CAAM,MAAM,CAAA;AAEjD,EAAA,MAAM,iBAAiBA,oBAAAA,CAAe,QAAQ,CAAA,GAAI,CAAA,EAAA,EAAK,QAAQ,CAAA,GAAA,CAAA,GAAQ,EAAA;AACvE,EAAA,MAAA,CAAO,IAAA,CAAKE,YAAAA,EAAa,CAAA,GAAA,EAAM,MAAM,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,EAAI,MAAM,CAAA,EAAG,cAAc,CAAA,CAAE,CAAA;AAEzE,EAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAC7B;AAOA,SAAS,0BAAA,CACP,UACA,MAAA,EACuC;AACvC,EAAA,MAAM,SAAA,GAAY,QAAA,CAAS,YAAA,CAAa,OAAA,CAAQ,GAAA,CAAI,CAAC,MAAA,KAAW,UAAA,CAAW,MAAA,EAAQ,MAAM,CAAC,CAAA;AAC1F,EAAA,MAAM,UAAA,GAAa,QAAA,CAAS,YAAA,CAAa,QAAA,CAAS,GAAA;AAAA,IAChD,CAAC,QAAA,KAAa,WAAA,CAAY,QAAA,EAAU,MAAM,CAAA;AAAA,IAC1C,CAAC,KAAA,KAAmB,gBAAA,CAAiB,KAAA,EAAO,MAAM;AAAA,GACpD;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,SAAA,EAAW,QAAA,EAAU,UAAA,EAAW;AACpD;ACjHA,IAAM,gBAAA,GAAmB,CAAC,MAAA,EAAQ,KAAA,EAAO,SAAS,QAAQ,CAAA;AAC1D,IAAM,uBAAA,GAA0B,qBAAA;AAChC,IAAMA,YAAAA,GAAc,oBAAA;AAEpB,SAASC,UAAS,KAAA,EAAkD;AAClE,EAAA,OAAOH,oBAAAA,CAAe,KAAK,CAAA,IAAK,OAAO,KAAA,KAAU,QAAA;AACnD;AAEA,SAAS,uBAAuB,IAAA,EAAmC;AACjE,EAAA,IAAI,CAACG,SAAAA,CAAS,IAAI,CAAA,EAAG;AACnB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAU,IAAA,CAAK,OAAA;AACrB,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAY,OAAA,CAAQ,SAAS,CAAA,EAAG;AACrD,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAS,IAAA,CAAK,MAAA;AACpB,EAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,CAAO,SAAS,CAAA,EAAG;AACnD,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAiB,MAAA,EAAqC;AAC7D,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,gBAAA,CAAiB,QAAA,CAAS,MAAA,CAAO,WAAA,EAAa,CAAA;AACvD;AAUA,SAAS,qBAAA,CACP,QAAA,EACA,SAAA,EACA,MAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,SAAS,MAAA,CAAO,MAAA;AAC/B,IAAA,IAAI,CAAC,gBAAA,CAAiB,MAAM,CAAA,EAAG;AAC7B,MAAA,OAAO,QAAA;AAAA,IACT;AAEA,IAAA,MAAM,OAAA,GAAU,sBAAA,CAAuB,QAAA,CAAS,IAAI,CAAA,IAAK,uBAAA;AACzD,IAAA,SAAA,CAAU,MAAA,CAAO,OAAO,CAAA,EAAGC,2BAAA,CAAc,IAAI,CAAA;AAAA,EAC/C,SAAS,SAAA,EAAW;AAClB,IAAA,MAAA,CAAO,IAAA,CAAKF,YAAAA,EAAa,qCAAA,EAAuC,SAAS,CAAA;AAAA,EAC3E;AAEA,EAAA,OAAO,QAAA;AACT;AAMA,SAAS,0BAAA,CACP,QAAA,EACA,SAAA,EACA,MAAA,EACQ;AACR,EAAA,OAAO,QAAA,CAAS,aAAa,QAAA,CAAS,GAAA;AAAA,IAAI,CAAC,QAAA,KACzC,qBAAA,CAAsB,QAAA,EAAU,WAAW,MAAM;AAAA,GACnD;AACF;;;ACtDA,SAAS,oBAAA,CAAqB,UAAyB,KAAA,EAAwC;AAC7F,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAW,IAAA,EAAM,iBAAgB,GAAI,KAAA;AAGrD,EAAA,0BAAA,CAA2B,UAAU,MAAM,CAAA;AAC3C,EAAA,IAAI,IAAA,EAAM;AACR,IAAA,IAAA,CAAK,QAAQ,CAAA;AAAA,EACf,CAAA,MAAO;AACL,IAAA,8BAAA,CAA+B,QAAQ,CAAA;AAAA,EACzC;AAGA,EAAA,0BAAA,CAA2B,QAAA,EAAU,WAAW,MAAM,CAAA;AACtD,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,eAAA,CAAgB,QAAQ,CAAA;AAAA,EAC1B;AACA,EAAA,uBAAA,CAAwB,UAAU,MAAM,CAAA;AAC1C","file":"index.js","sourcesContent":["/**\n * Clean axios instance factory for the BFF era.\n *\n * Produces an axios instance with the BFF defaults (JSON, XHR marker,\n * credentialed) and no interceptors. Interceptors are wired separately via\n * {@link registerInterceptors} so the app controls the chain composition.\n */\n\nimport axios from 'axios';\n\nimport type { BffAxiosClientOptions } from './types';\nimport type { AxiosInstance } from 'axios';\n\nconst BFF_DEFAULT_HEADERS: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'Accept': 'application/json',\n 'X-Requested-With': 'XMLHttpRequest',\n};\n\n/**\n * Creates a credentialed axios instance with the shared BFF defaults. No\n * interceptors are registered here — call {@link registerInterceptors} once at\n * bootstrap to install the chain.\n */\nfunction createBffAxiosClient(options: BffAxiosClientOptions): AxiosInstance {\n return axios.create({\n timeout: options.timeoutMs,\n baseURL: options.baseURL,\n headers: { ...BFF_DEFAULT_HEADERS, ...(options.headers ?? {}) },\n withCredentials: true,\n });\n}\n\nexport { createBffAxiosClient };\n","/**\n * Default CSRF request interceptor.\n *\n * After a BFF cutover, an SPA authenticates via a cookie. Cookie auth\n * reintroduces CSRF risk, so the BFF's `Bff.AspNetCore` anti-forgery\n * middleware requires a custom header on every state-changing request — a\n * request a cross-site form POST cannot forge. This default attaches\n * `X-BFF-Csrf: 1` to all mutating methods.\n *\n * This is the **default implementation of the `csrf` port**. Apps that need a\n * different CSRF strategy supply their own registrar to\n * {@link registerInterceptors}; this body is what diverged per app and is kept\n * overridable on purpose.\n */\n\nimport type { AxiosInstance, InternalAxiosRequestConfig } from 'axios';\n\n/** Header name + value the `Bff.AspNetCore` anti-forgery middleware checks. */\nconst CSRF_HEADER = 'X-BFF-Csrf';\nconst CSRF_HEADER_VALUE = '1';\n\n/** Methods the BFF anti-forgery middleware treats as state-changing. */\nconst STATE_CHANGING_METHODS = ['POST', 'PUT', 'PATCH', 'DELETE'];\n\nfunction isStateChanging(method: string | undefined): boolean {\n if (typeof method !== 'string') {\n return false;\n }\n return STATE_CHANGING_METHODS.includes(method.toUpperCase());\n}\n\n/**\n * Adds `X-BFF-Csrf` to every state-changing request. Safe (GET/HEAD) requests\n * are left untouched — the BFF only enforces the header on mutations.\n */\nfunction attachCsrfHeader(config: InternalAxiosRequestConfig): InternalAxiosRequestConfig {\n if (isStateChanging(config.method)) {\n config.headers.set(CSRF_HEADER, CSRF_HEADER_VALUE);\n }\n return config;\n}\n\n/**\n * Registers the default CSRF request interceptor on an axios instance.\n * @returns The interceptor ID for potential ejection.\n */\nfunction registerDefaultCsrfInterceptor(instance: AxiosInstance): number {\n return instance.interceptors.request.use(attachCsrfHeader);\n}\n\nexport { registerDefaultCsrfInterceptor, attachCsrfHeader };\n","/**\n * Response error interceptor: classifies axios errors.\n *\n * Converts raw AxiosError objects into {@link ClassifiedError} instances with\n * full context (status, url, method, errorCode, message, etc), logs them\n * through the app-supplied {@link BffLogger}, and re-rejects so callers and\n * downstream interceptors can react.\n */\n\nimport { HttpMethod } from '@dloizides/api-client-base';\nimport { isValueDefined } from '@dloizides/utils';\n\nimport type { BffLogger } from '../types';\nimport type { ClassifiedError } from '@dloizides/api-client-base';\nimport type { AxiosError, AxiosInstance, AxiosResponse } from 'axios';\n\nconst LOG_CONTEXT = 'errorClassifier';\nconst TIMEOUT_ERROR_CODE = 'ECONNABORTED';\nconst NETWORK_ERROR_STATUS = 0;\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return isValueDefined(value) && typeof value === 'object';\n}\n\nfunction isAxiosError(value: unknown): value is AxiosError {\n if (typeof value !== 'object') {\n return false;\n }\n if (!isValueDefined(value)) {\n return false;\n }\n return 'isAxiosError' in value;\n}\n\nfunction extractErrorCode(data: unknown): string | undefined {\n if (!isRecord(data)) {\n return undefined;\n }\n\n const code = data.errorCode ?? data.code ?? data.error;\n if (typeof code === 'string' && code.length > 0) {\n return code;\n }\n\n return undefined;\n}\n\nfunction extractErrorMessage(data: unknown, fallback: string): string {\n if (!isRecord(data)) {\n return fallback;\n }\n\n const message = data.message ?? data.detail ?? data.error ?? data.title;\n if (typeof message === 'string' && message.length > 0) {\n return message;\n }\n\n return fallback;\n}\n\nfunction extractStringHeader(headers: Record<string, unknown>, key: string): string | undefined {\n const value: unknown = headers[key];\n if (typeof value === 'string' && value.length > 0) {\n return value;\n }\n return undefined;\n}\n\nfunction extractRequestId(response: AxiosResponse | undefined): string | undefined {\n if (!isValueDefined(response)) {\n return undefined;\n }\n\n const headers = response.headers;\n if (!isRecord(headers)) {\n return undefined;\n }\n\n return extractStringHeader(headers, 'x-request-id') ?? extractStringHeader(headers, 'x-correlation-id');\n}\n\nfunction resolveHttpMethod(method: string | undefined): HttpMethod {\n if (typeof method !== 'string') {\n return HttpMethod.Get;\n }\n const upper = method.toUpperCase();\n const methodMap: Record<string, HttpMethod | undefined> = {\n GET: HttpMethod.Get,\n POST: HttpMethod.Post,\n PUT: HttpMethod.Put,\n PATCH: HttpMethod.Patch,\n DELETE: HttpMethod.Delete,\n };\n return methodMap[upper] ?? HttpMethod.Get;\n}\n\n/**\n * Converts an AxiosError into a {@link ClassifiedError} with full context.\n */\nfunction classifyError(error: AxiosError): ClassifiedError {\n const response = error.response;\n const hasResponse = isValueDefined(response);\n\n const status = hasResponse ? response.status : NETWORK_ERROR_STATUS;\n const url = error.config?.url ?? 'unknown';\n const method = resolveHttpMethod(error.config?.method);\n const body = hasResponse ? response.data : undefined;\n\n const isTimeout = error.code === TIMEOUT_ERROR_CODE;\n const defaultMessage = isTimeout ? 'Request timed out' : 'Network error';\n const errorCode = extractErrorCode(body) ?? (isTimeout ? TIMEOUT_ERROR_CODE : undefined);\n const message = hasResponse ? extractErrorMessage(body, error.message) : defaultMessage;\n\n return {\n status,\n url,\n method,\n errorCode,\n message,\n body,\n originalError: error,\n timestamp: Date.now(),\n requestId: extractRequestId(response),\n };\n}\n\n/**\n * Handles response errors by classifying them and logging.\n */\nasync function handleResponseError(error: unknown, logger: BffLogger): Promise<never> {\n if (!isAxiosError(error)) {\n return Promise.reject(error);\n }\n\n const classified = classifyError(error);\n\n logger.warn(LOG_CONTEXT, `HTTP ${classified.method} ${classified.url} failed`, {\n status: classified.status,\n errorCode: classified.errorCode,\n message: classified.message,\n });\n\n return Promise.reject(error);\n}\n\n/**\n * Registers the error classifier interceptor on an axios instance.\n * @returns The interceptor ID for potential ejection.\n */\nfunction registerErrorClassifier(instance: AxiosInstance, logger: BffLogger): number {\n return instance.interceptors.response.use(\n (response) => response,\n (error: unknown) => handleResponseError(error, logger),\n );\n}\n\nexport { registerErrorClassifier, classifyError, handleResponseError };\n","/**\n * Request and response logging interceptor.\n *\n * Logs HTTP method, URL, status, and duration through the app-supplied\n * {@link BffLogger}. Only active in non-production environments. Request\n * bodies are NOT logged for security reasons.\n */\n\nimport { isValueDefined } from '@dloizides/utils';\n\nimport type { BffLogger } from '../types';\nimport type { AxiosInstance, AxiosResponse, InternalAxiosRequestConfig } from 'axios';\n\nconst LOG_CONTEXT = 'http';\nconst REQUEST_START_HEADER = 'x-request-start-time';\n\nfunction isProduction(): boolean {\n return process.env.NODE_ENV === 'production';\n}\n\n/**\n * Logs the outgoing request and stamps the start time for duration tracking.\n */\nfunction logRequest(\n config: InternalAxiosRequestConfig,\n logger: BffLogger,\n): InternalAxiosRequestConfig {\n if (isProduction()) {\n return config;\n }\n\n const method = (config.method ?? 'GET').toUpperCase();\n const url = config.url ?? 'unknown';\n\n logger.debug(LOG_CONTEXT, `-> ${method} ${url}`);\n\n config.headers.set(REQUEST_START_HEADER, String(Date.now()));\n\n return config;\n}\n\nfunction calculateDurationMs(config: InternalAxiosRequestConfig): number | undefined {\n const startRaw = config.headers.get(REQUEST_START_HEADER);\n if (typeof startRaw !== 'string' || startRaw.length === 0) {\n return undefined;\n }\n\n const start = Number(startRaw);\n if (Number.isNaN(start)) {\n return undefined;\n }\n\n return Date.now() - start;\n}\n\n/**\n * Logs successful responses with status and duration.\n */\nfunction logResponse(response: AxiosResponse, logger: BffLogger): AxiosResponse {\n if (isProduction()) {\n return response;\n }\n\n const method = (response.config.method ?? 'GET').toUpperCase();\n const url = response.config.url ?? 'unknown';\n const status = response.status;\n const duration = calculateDurationMs(response.config);\n\n const durationSuffix = isValueDefined(duration) ? ` (${duration}ms)` : '';\n logger.debug(LOG_CONTEXT, `<- ${method} ${url} ${status}${durationSuffix}`);\n\n return response;\n}\n\ninterface AxiosLikeError {\n config: InternalAxiosRequestConfig;\n response?: AxiosResponse;\n message?: string;\n}\n\nfunction isAxiosLikeError(value: unknown): value is AxiosLikeError {\n if (typeof value !== 'object') {\n return false;\n }\n if (!isValueDefined(value)) {\n return false;\n }\n return 'config' in value;\n}\n\n/**\n * Logs error responses with status and duration.\n */\nasync function logErrorResponse(error: unknown, logger: BffLogger): Promise<never> {\n if (isProduction()) {\n return Promise.reject(error);\n }\n if (!isAxiosLikeError(error)) {\n return Promise.reject(error);\n }\n\n const method = (error.config.method ?? 'GET').toUpperCase();\n const url = error.config.url ?? 'unknown';\n const status = error.response?.status ?? 0;\n const duration = calculateDurationMs(error.config);\n\n const durationSuffix = isValueDefined(duration) ? ` (${duration}ms)` : '';\n logger.warn(LOG_CONTEXT, `<- ${method} ${url} ${status}${durationSuffix}`);\n\n return Promise.reject(error);\n}\n\n/**\n * Registers request and response logging interceptors on an axios instance.\n * No-ops in production.\n * @returns An object with both interceptor IDs for potential ejection.\n */\nfunction registerLoggingInterceptor(\n instance: AxiosInstance,\n logger: BffLogger,\n): { request: number; response: number } {\n const requestId = instance.interceptors.request.use((config) => logRequest(config, logger));\n const responseId = instance.interceptors.response.use(\n (response) => logResponse(response, logger),\n (error: unknown) => logErrorResponse(error, logger),\n );\n return { request: requestId, response: responseId };\n}\n\nexport { registerLoggingInterceptor };\n","/**\n * Response interceptor: normalizes successful API responses.\n *\n * For successful mutation requests (POST/PUT/PATCH/DELETE), emits a toast via\n * the app-supplied {@link EmitToast} port so the UI can display a success\n * notification without coupling the package to a specific UI bus.\n */\n\nimport { ErrorSeverity } from '@dloizides/api-client-base';\nimport { isValueDefined } from '@dloizides/utils';\n\nimport type { BffLogger, EmitToast } from '../types';\nimport type { AxiosInstance, AxiosResponse } from 'axios';\n\nconst MUTATING_METHODS = ['POST', 'PUT', 'PATCH', 'DELETE'];\nconst DEFAULT_SUCCESS_MESSAGE = 'Saved successfully.';\nconst LOG_CONTEXT = 'responseNormalizer';\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return isValueDefined(value) && typeof value === 'object';\n}\n\nfunction extractMessageFromBody(data: unknown): string | undefined {\n if (!isRecord(data)) {\n return undefined;\n }\n\n const message = data.message;\n if (typeof message === 'string' && message.length > 0) {\n return message;\n }\n\n const detail = data.detail;\n if (typeof detail === 'string' && detail.length > 0) {\n return detail;\n }\n\n return undefined;\n}\n\nfunction isMutatingMethod(method: string | undefined): boolean {\n if (typeof method !== 'string') {\n return false;\n }\n return MUTATING_METHODS.includes(method.toUpperCase());\n}\n\n/**\n * Handles a successful response by emitting a toast for mutations.\n *\n * Always returns the original `response` unchanged — an axios response\n * interceptor must pass the response through. The invariant return is the\n * required contract, not a code smell.\n */\n// eslint-disable-next-line sonarjs/no-invariant-returns\nfunction handleSuccessResponse(\n response: AxiosResponse,\n emitToast: EmitToast,\n logger: BffLogger,\n): AxiosResponse {\n try {\n const method = response.config.method;\n if (!isMutatingMethod(method)) {\n return response;\n }\n\n const message = extractMessageFromBody(response.data) ?? DEFAULT_SUCCESS_MESSAGE;\n emitToast(String(message), ErrorSeverity.Info);\n } catch (emitError) {\n logger.warn(LOG_CONTEXT, 'Failed to emit success notification', emitError);\n }\n\n return response;\n}\n\n/**\n * Registers the response normalizer interceptor on an axios instance.\n * @returns The interceptor ID for potential ejection.\n */\nfunction registerResponseNormalizer(\n instance: AxiosInstance,\n emitToast: EmitToast,\n logger: BffLogger,\n): number {\n return instance.interceptors.response.use((response) =>\n handleSuccessResponse(response, emitToast, logger),\n );\n}\n\nexport { registerResponseNormalizer };\n","/**\n * Interceptor registration — BFF era.\n *\n * Wires the interceptor chain onto an axios instance in the correct order.\n *\n * Request interceptors run in REVERSE order of registration, so:\n * 1. logging (registered first, runs last = logs the FINAL config)\n * 2. csrf (registered second, runs first = attaches the CSRF header)\n *\n * Response interceptors run in ORDER of registration, so:\n * 1. logging (logs response/error first)\n * 2. normalizer (emits success toast)\n * 3. session expiry (handles 401 -> clear session, app-supplied port)\n * 4. error classifier (classifies remaining errors)\n *\n * The package owns the logging, normalizer, and error-classifier bodies. The\n * `csrf` and `onSessionExpiry` registrars are app-supplied ports (the app owns\n * its CSRF strategy and its session store); `csrf` falls back to the package\n * default when omitted.\n */\n\nimport { registerDefaultCsrfInterceptor } from './interceptors/defaultCsrfInterceptor';\nimport { registerErrorClassifier } from './interceptors/errorClassifierInterceptor';\nimport { registerLoggingInterceptor } from './interceptors/loggingInterceptor';\nimport { registerResponseNormalizer } from './interceptors/responseNormalizer';\n\nimport type { RegisterInterceptorsPorts } from './types';\nimport type { AxiosInstance } from 'axios';\n\n/**\n * Registers the full BFF interceptor chain on the provided axios instance.\n * Call this once during application bootstrap after creating the instance.\n */\nfunction registerInterceptors(instance: AxiosInstance, ports: RegisterInterceptorsPorts): void {\n const { logger, emitToast, csrf, onSessionExpiry } = ports;\n\n // Request interceptors (registered order = reverse execution order)\n registerLoggingInterceptor(instance, logger);\n if (csrf) {\n csrf(instance);\n } else {\n registerDefaultCsrfInterceptor(instance);\n }\n\n // Response interceptors (registered order = execution order)\n registerResponseNormalizer(instance, emitToast, logger);\n if (onSessionExpiry) {\n onSessionExpiry(instance);\n }\n registerErrorClassifier(instance, logger);\n}\n\nexport { registerInterceptors };\n"]}

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,279 @@
+import axios from 'axios';
+import { HttpMethod, ErrorSeverity } from '@dloizides/api-client-base';
+import { isValueDefined } from '@dloizides/utils';
+// src/createBffAxiosClient.ts
+var BFF_DEFAULT_HEADERS = {
+  "Content-Type": "application/json",
+  "Accept": "application/json",
+  "X-Requested-With": "XMLHttpRequest"
+};
+function createBffAxiosClient(options) {
+  return axios.create({
+    timeout: options.timeoutMs,
+    baseURL: options.baseURL,
+    headers: { ...BFF_DEFAULT_HEADERS, ...options.headers ?? {} },
+    withCredentials: true
+  });
+}
+// src/interceptors/defaultCsrfInterceptor.ts
+var CSRF_HEADER = "X-BFF-Csrf";
+var CSRF_HEADER_VALUE = "1";
+var STATE_CHANGING_METHODS = ["POST", "PUT", "PATCH", "DELETE"];
+function isStateChanging(method) {
+  if (typeof method !== "string") {
+    return false;
+  }
+  return STATE_CHANGING_METHODS.includes(method.toUpperCase());
+}
+function attachCsrfHeader(config) {
+  if (isStateChanging(config.method)) {
+    config.headers.set(CSRF_HEADER, CSRF_HEADER_VALUE);
+  }
+  return config;
+}
+function registerDefaultCsrfInterceptor(instance) {
+  return instance.interceptors.request.use(attachCsrfHeader);
+}
+var LOG_CONTEXT = "errorClassifier";
+var TIMEOUT_ERROR_CODE = "ECONNABORTED";
+var NETWORK_ERROR_STATUS = 0;
+function isRecord(value) {
+  return isValueDefined(value) && typeof value === "object";
+}
+function isAxiosError(value) {
+  if (typeof value !== "object") {
+    return false;
+  }
+  if (!isValueDefined(value)) {
+    return false;
+  }
+  return "isAxiosError" in value;
+}
+function extractErrorCode(data) {
+  if (!isRecord(data)) {
+    return void 0;
+  }
+  const code = data.errorCode ?? data.code ?? data.error;
+  if (typeof code === "string" && code.length > 0) {
+    return code;
+  }
+  return void 0;
+}
+function extractErrorMessage(data, fallback) {
+  if (!isRecord(data)) {
+    return fallback;
+  }
+  const message = data.message ?? data.detail ?? data.error ?? data.title;
+  if (typeof message === "string" && message.length > 0) {
+    return message;
+  }
+  return fallback;
+}
+function extractStringHeader(headers, key) {
+  const value = headers[key];
+  if (typeof value === "string" && value.length > 0) {
+    return value;
+  }
+  return void 0;
+}
+function extractRequestId(response) {
+  if (!isValueDefined(response)) {
+    return void 0;
+  }
+  const headers = response.headers;
+  if (!isRecord(headers)) {
+    return void 0;
+  }
+  return extractStringHeader(headers, "x-request-id") ?? extractStringHeader(headers, "x-correlation-id");
+}
+function resolveHttpMethod(method) {
+  if (typeof method !== "string") {
+    return HttpMethod.Get;
+  }
+  const upper = method.toUpperCase();
+  const methodMap = {
+    GET: HttpMethod.Get,
+    POST: HttpMethod.Post,
+    PUT: HttpMethod.Put,
+    PATCH: HttpMethod.Patch,
+    DELETE: HttpMethod.Delete
+  };
+  return methodMap[upper] ?? HttpMethod.Get;
+}
+function classifyError(error) {
+  const response = error.response;
+  const hasResponse = isValueDefined(response);
+  const status = hasResponse ? response.status : NETWORK_ERROR_STATUS;
+  const url = error.config?.url ?? "unknown";
+  const method = resolveHttpMethod(error.config?.method);
+  const body = hasResponse ? response.data : void 0;
+  const isTimeout = error.code === TIMEOUT_ERROR_CODE;
+  const defaultMessage = isTimeout ? "Request timed out" : "Network error";
+  const errorCode = extractErrorCode(body) ?? (isTimeout ? TIMEOUT_ERROR_CODE : void 0);
+  const message = hasResponse ? extractErrorMessage(body, error.message) : defaultMessage;
+  return {
+    status,
+    url,
+    method,
+    errorCode,
+    message,
+    body,
+    originalError: error,
+    timestamp: Date.now(),
+    requestId: extractRequestId(response)
+  };
+}
+async function handleResponseError(error, logger) {
+  if (!isAxiosError(error)) {
+    return Promise.reject(error);
+  }
+  const classified = classifyError(error);
+  logger.warn(LOG_CONTEXT, `HTTP ${classified.method} ${classified.url} failed`, {
+    status: classified.status,
+    errorCode: classified.errorCode,
+    message: classified.message
+  });
+  return Promise.reject(error);
+}
+function registerErrorClassifier(instance, logger) {
+  return instance.interceptors.response.use(
+    (response) => response,
+    (error) => handleResponseError(error, logger)
+  );
+}
+var LOG_CONTEXT2 = "http";
+var REQUEST_START_HEADER = "x-request-start-time";
+function isProduction() {
+  return process.env.NODE_ENV === "production";
+}
+function logRequest(config, logger) {
+  if (isProduction()) {
+    return config;
+  }
+  const method = (config.method ?? "GET").toUpperCase();
+  const url = config.url ?? "unknown";
+  logger.debug(LOG_CONTEXT2, `-> ${method} ${url}`);
+  config.headers.set(REQUEST_START_HEADER, String(Date.now()));
+  return config;
+}
+function calculateDurationMs(config) {
+  const startRaw = config.headers.get(REQUEST_START_HEADER);
+  if (typeof startRaw !== "string" || startRaw.length === 0) {
+    return void 0;
+  }
+  const start = Number(startRaw);
+  if (Number.isNaN(start)) {
+    return void 0;
+  }
+  return Date.now() - start;
+}
+function logResponse(response, logger) {
+  if (isProduction()) {
+    return response;
+  }
+  const method = (response.config.method ?? "GET").toUpperCase();
+  const url = response.config.url ?? "unknown";
+  const status = response.status;
+  const duration = calculateDurationMs(response.config);
+  const durationSuffix = isValueDefined(duration) ? ` (${duration}ms)` : "";
+  logger.debug(LOG_CONTEXT2, `<- ${method} ${url} ${status}${durationSuffix}`);
+  return response;
+}
+function isAxiosLikeError(value) {
+  if (typeof value !== "object") {
+    return false;
+  }
+  if (!isValueDefined(value)) {
+    return false;
+  }
+  return "config" in value;
+}
+async function logErrorResponse(error, logger) {
+  if (isProduction()) {
+    return Promise.reject(error);
+  }
+  if (!isAxiosLikeError(error)) {
+    return Promise.reject(error);
+  }
+  const method = (error.config.method ?? "GET").toUpperCase();
+  const url = error.config.url ?? "unknown";
+  const status = error.response?.status ?? 0;
+  const duration = calculateDurationMs(error.config);
+  const durationSuffix = isValueDefined(duration) ? ` (${duration}ms)` : "";
+  logger.warn(LOG_CONTEXT2, `<- ${method} ${url} ${status}${durationSuffix}`);
+  return Promise.reject(error);
+}
+function registerLoggingInterceptor(instance, logger) {
+  const requestId = instance.interceptors.request.use((config) => logRequest(config, logger));
+  const responseId = instance.interceptors.response.use(
+    (response) => logResponse(response, logger),
+    (error) => logErrorResponse(error, logger)
+  );
+  return { request: requestId, response: responseId };
+}
+var MUTATING_METHODS = ["POST", "PUT", "PATCH", "DELETE"];
+var DEFAULT_SUCCESS_MESSAGE = "Saved successfully.";
+var LOG_CONTEXT3 = "responseNormalizer";
+function isRecord2(value) {
+  return isValueDefined(value) && typeof value === "object";
+}
+function extractMessageFromBody(data) {
+  if (!isRecord2(data)) {
+    return void 0;
+  }
+  const message = data.message;
+  if (typeof message === "string" && message.length > 0) {
+    return message;
+  }
+  const detail = data.detail;
+  if (typeof detail === "string" && detail.length > 0) {
+    return detail;
+  }
+  return void 0;
+}
+function isMutatingMethod(method) {
+  if (typeof method !== "string") {
+    return false;
+  }
+  return MUTATING_METHODS.includes(method.toUpperCase());
+}
+function handleSuccessResponse(response, emitToast, logger) {
+  try {
+    const method = response.config.method;
+    if (!isMutatingMethod(method)) {
+      return response;
+    }
+    const message = extractMessageFromBody(response.data) ?? DEFAULT_SUCCESS_MESSAGE;
+    emitToast(String(message), ErrorSeverity.Info);
+  } catch (emitError) {
+    logger.warn(LOG_CONTEXT3, "Failed to emit success notification", emitError);
+  }
+  return response;
+}
+function registerResponseNormalizer(instance, emitToast, logger) {
+  return instance.interceptors.response.use(
+    (response) => handleSuccessResponse(response, emitToast, logger)
+  );
+}
+// src/registerInterceptors.ts
+function registerInterceptors(instance, ports) {
+  const { logger, emitToast, csrf, onSessionExpiry } = ports;
+  registerLoggingInterceptor(instance, logger);
+  if (csrf) {
+    csrf(instance);
+  } else {
+    registerDefaultCsrfInterceptor(instance);
+  }
+  registerResponseNormalizer(instance, emitToast, logger);
+  if (onSessionExpiry) {
+    onSessionExpiry(instance);
+  }
+  registerErrorClassifier(instance, logger);
+}
+export { attachCsrfHeader, classifyError, createBffAxiosClient, handleResponseError, registerDefaultCsrfInterceptor, registerErrorClassifier, registerInterceptors, registerLoggingInterceptor, registerResponseNormalizer };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/createBffAxiosClient.ts","../src/interceptors/defaultCsrfInterceptor.ts","../src/interceptors/errorClassifierInterceptor.ts","../src/interceptors/loggingInterceptor.ts","../src/interceptors/responseNormalizer.ts","../src/registerInterceptors.ts"],"names":["LOG_CONTEXT","isValueDefined","isRecord"],"mappings":";;;;;AAaA,IAAM,mBAAA,GAA8C;AAAA,EAClD,cAAA,EAAgB,kBAAA;AAAA,EAChB,QAAA,EAAU,kBAAA;AAAA,EACV,kBAAA,EAAoB;AACtB,CAAA;AAOA,SAAS,qBAAqB,OAAA,EAA+C;AAC3E,EAAA,OAAO,MAAM,MAAA,CAAO;AAAA,IAClB,SAAS,OAAA,CAAQ,SAAA;AAAA,IACjB,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,OAAA,EAAS,EAAE,GAAG,mBAAA,EAAqB,GAAI,OAAA,CAAQ,OAAA,IAAW,EAAC,EAAG;AAAA,IAC9D,eAAA,EAAiB;AAAA,GAClB,CAAA;AACH;;;ACbA,IAAM,WAAA,GAAc,YAAA;AACpB,IAAM,iBAAA,GAAoB,GAAA;AAG1B,IAAM,sBAAA,GAAyB,CAAC,MAAA,EAAQ,KAAA,EAAO,SAAS,QAAQ,CAAA;AAEhE,SAAS,gBAAgB,MAAA,EAAqC;AAC5D,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,sBAAA,CAAuB,QAAA,CAAS,MAAA,CAAO,WAAA,EAAa,CAAA;AAC7D;AAMA,SAAS,iBAAiB,MAAA,EAAgE;AACxF,EAAA,IAAI,eAAA,CAAgB,MAAA,CAAO,MAAM,CAAA,EAAG;AAClC,IAAA,MAAA,CAAO,OAAA,CAAQ,GAAA,CAAI,WAAA,EAAa,iBAAiB,CAAA;AAAA,EACnD;AACA,EAAA,OAAO,MAAA;AACT;AAMA,SAAS,+BAA+B,QAAA,EAAiC;AACvE,EAAA,OAAO,QAAA,CAAS,YAAA,CAAa,OAAA,CAAQ,GAAA,CAAI,gBAAgB,CAAA;AAC3D;AChCA,IAAM,WAAA,GAAc,iBAAA;AACpB,IAAM,kBAAA,GAAqB,cAAA;AAC3B,IAAM,oBAAA,GAAuB,CAAA;AAE7B,SAAS,SAAS,KAAA,EAAkD;AAClE,EAAA,OAAO,cAAA,CAAe,KAAK,CAAA,IAAK,OAAO,KAAA,KAAU,QAAA;AACnD;AAEA,SAAS,aAAa,KAAA,EAAqC;AACzD,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,CAAC,cAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,cAAA,IAAkB,KAAA;AAC3B;AAEA,SAAS,iBAAiB,IAAA,EAAmC;AAC3D,EAAA,IAAI,CAAC,QAAA,CAAS,IAAI,CAAA,EAAG;AACnB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,IAAA,CAAK,SAAA,IAAa,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA;AACjD,EAAA,IAAI,OAAO,IAAA,KAAS,QAAA,IAAY,IAAA,CAAK,SAAS,CAAA,EAAG;AAC/C,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,mBAAA,CAAoB,MAAe,QAAA,EAA0B;AACpE,EAAA,IAAI,CAAC,QAAA,CAAS,IAAI,CAAA,EAAG;AACnB,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAU,IAAA,CAAK,OAAA,IAAW,KAAK,MAAA,IAAU,IAAA,CAAK,SAAS,IAAA,CAAK,KAAA;AAClE,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAY,OAAA,CAAQ,SAAS,CAAA,EAAG;AACrD,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,OAAO,QAAA;AACT;AAEA,SAAS,mBAAA,CAAoB,SAAkC,GAAA,EAAiC;AAC9F,EAAA,MAAM,KAAA,GAAiB,QAAQ,GAAG,CAAA;AAClC,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,CAAM,SAAS,CAAA,EAAG;AACjD,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAiB,QAAA,EAAyD;AACjF,EAAA,IAAI,CAAC,cAAA,CAAe,QAAQ,CAAA,EAAG;AAC7B,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAU,QAAA,CAAS,OAAA;AACzB,EAAA,IAAI,CAAC,QAAA,CAAS,OAAO,CAAA,EAAG;AACtB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,oBAAoB,OAAA,EAAS,cAAc,CAAA,IAAK,mBAAA,CAAoB,SAAS,kBAAkB,CAAA;AACxG;AAEA,SAAS,kBAAkB,MAAA,EAAwC;AACjE,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,UAAA,CAAW,GAAA;AAAA,EACpB;AACA,EAAA,MAAM,KAAA,GAAQ,OAAO,WAAA,EAAY;AACjC,EAAA,MAAM,SAAA,GAAoD;AAAA,IACxD,KAAK,UAAA,CAAW,GAAA;AAAA,IAChB,MAAM,UAAA,CAAW,IAAA;AAAA,IACjB,KAAK,UAAA,CAAW,GAAA;AAAA,IAChB,OAAO,UAAA,CAAW,KAAA;AAAA,IAClB,QAAQ,UAAA,CAAW;AAAA,GACrB;AACA,EAAA,OAAO,SAAA,CAAU,KAAK,CAAA,IAAK,UAAA,CAAW,GAAA;AACxC;AAKA,SAAS,cAAc,KAAA,EAAoC;AACzD,EAAA,MAAM,WAAW,KAAA,CAAM,QAAA;AACvB,EAAA,MAAM,WAAA,GAAc,eAAe,QAAQ,CAAA;AAE3C,EAAA,MAAM,MAAA,GAAS,WAAA,GAAc,QAAA,CAAS,MAAA,GAAS,oBAAA;AAC/C,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,MAAA,EAAQ,GAAA,IAAO,SAAA;AACjC,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,KAAA,CAAM,MAAA,EAAQ,MAAM,CAAA;AACrD,EAAA,MAAM,IAAA,GAAO,WAAA,GAAc,QAAA,CAAS,IAAA,GAAO,MAAA;AAE3C,EAAA,MAAM,SAAA,GAAY,MAAM,IAAA,KAAS,kBAAA;AACjC,EAAA,MAAM,cAAA,GAAiB,YAAY,mBAAA,GAAsB,eAAA;AACzD,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,IAAI,CAAA,KAAM,YAAY,kBAAA,GAAqB,MAAA,CAAA;AAC9E,EAAA,MAAM,UAAU,WAAA,GAAc,mBAAA,CAAoB,IAAA,EAAM,KAAA,CAAM,OAAO,CAAA,GAAI,cAAA;AAEzE,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,GAAA;AAAA,IACA,MAAA;AAAA,IACA,SAAA;AAAA,IACA,OAAA;AAAA,IACA,IAAA;AAAA,IACA,aAAA,EAAe,KAAA;AAAA,IACf,SAAA,EAAW,KAAK,GAAA,EAAI;AAAA,IACpB,SAAA,EAAW,iBAAiB,QAAQ;AAAA,GACtC;AACF;AAKA,eAAe,mBAAA,CAAoB,OAAgB,MAAA,EAAmC;AACpF,EAAA,IAAI,CAAC,YAAA,CAAa,KAAK,CAAA,EAAG;AACxB,IAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,UAAA,GAAa,cAAc,KAAK,CAAA;AAEtC,EAAA,MAAA,CAAO,IAAA,CAAK,aAAa,CAAA,KAAA,EAAQ,UAAA,CAAW,MAAM,CAAA,CAAA,EAAI,UAAA,CAAW,GAAG,CAAA,OAAA,CAAA,EAAW;AAAA,IAC7E,QAAQ,UAAA,CAAW,MAAA;AAAA,IACnB,WAAW,UAAA,CAAW,SAAA;AAAA,IACtB,SAAS,UAAA,CAAW;AAAA,GACrB,CAAA;AAED,EAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAC7B;AAMA,SAAS,uBAAA,CAAwB,UAAyB,MAAA,EAA2B;AACnF,EAAA,OAAO,QAAA,CAAS,aAAa,QAAA,CAAS,GAAA;AAAA,IACpC,CAAC,QAAA,KAAa,QAAA;AAAA,IACd,CAAC,KAAA,KAAmB,mBAAA,CAAoB,KAAA,EAAO,MAAM;AAAA,GACvD;AACF;AC7IA,IAAMA,YAAAA,GAAc,MAAA;AACpB,IAAM,oBAAA,GAAuB,sBAAA;AAE7B,SAAS,YAAA,GAAwB;AAC/B,EAAA,OAAO,OAAA,CAAQ,IAAI,QAAA,KAAa,YAAA;AAClC;AAKA,SAAS,UAAA,CACP,QACA,MAAA,EAC4B;AAC5B,EAAA,IAAI,cAAa,EAAG;AAClB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAA,CAAU,MAAA,CAAO,MAAA,IAAU,KAAA,EAAO,WAAA,EAAY;AACpD,EAAA,MAAM,GAAA,GAAM,OAAO,GAAA,IAAO,SAAA;AAE1B,EAAA,MAAA,CAAO,MAAMA,YAAAA,EAAa,CAAA,GAAA,EAAM,MAAM,CAAA,CAAA,EAAI,GAAG,CAAA,CAAE,CAAA;AAE/C,EAAA,MAAA,CAAO,QAAQ,GAAA,CAAI,oBAAA,EAAsB,OAAO,IAAA,CAAK,GAAA,EAAK,CAAC,CAAA;AAE3D,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,oBAAoB,MAAA,EAAwD;AACnF,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,OAAA,CAAQ,GAAA,CAAI,oBAAoB,CAAA;AACxD,EAAA,IAAI,OAAO,QAAA,KAAa,QAAA,IAAY,QAAA,CAAS,WAAW,CAAA,EAAG;AACzD,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAQ,CAAA;AAC7B,EAAA,IAAI,MAAA,CAAO,KAAA,CAAM,KAAK,CAAA,EAAG;AACvB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA,CAAK,KAAI,GAAI,KAAA;AACtB;AAKA,SAAS,WAAA,CAAY,UAAyB,MAAA,EAAkC;AAC9E,EAAA,IAAI,cAAa,EAAG;AAClB,IAAA,OAAO,QAAA;AAAA,EACT;AAEA,EAAA,MAAM,MAAA,GAAA,CAAU,QAAA,CAAS,MAAA,CAAO,MAAA,IAAU,OAAO,WAAA,EAAY;AAC7D,EAAA,MAAM,GAAA,GAAM,QAAA,CAAS,MAAA,CAAO,GAAA,IAAO,SAAA;AACnC,EAAA,MAAM,SAAS,QAAA,CAAS,MAAA;AACxB,EAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,QAAA,CAAS,MAAM,CAAA;AAEpD,EAAA,MAAM,iBAAiBC,cAAAA,CAAe,QAAQ,CAAA,GAAI,CAAA,EAAA,EAAK,QAAQ,CAAA,GAAA,CAAA,GAAQ,EAAA;AACvE,EAAA,MAAA,CAAO,KAAA,CAAMD,YAAAA,EAAa,CAAA,GAAA,EAAM,MAAM,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,EAAI,MAAM,CAAA,EAAG,cAAc,CAAA,CAAE,CAAA;AAE1E,EAAA,OAAO,QAAA;AACT;AAQA,SAAS,iBAAiB,KAAA,EAAyC;AACjE,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,IAAI,CAACC,cAAAA,CAAe,KAAK,CAAA,EAAG;AAC1B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,QAAA,IAAY,KAAA;AACrB;AAKA,eAAe,gBAAA,CAAiB,OAAgB,MAAA,EAAmC;AACjF,EAAA,IAAI,cAAa,EAAG;AAClB,IAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAAA,EAC7B;AACA,EAAA,IAAI,CAAC,gBAAA,CAAiB,KAAK,CAAA,EAAG;AAC5B,IAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAAA,EAC7B;AAEA,EAAA,MAAM,MAAA,GAAA,CAAU,KAAA,CAAM,MAAA,CAAO,MAAA,IAAU,OAAO,WAAA,EAAY;AAC1D,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,MAAA,CAAO,GAAA,IAAO,SAAA;AAChC,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,QAAA,EAAU,MAAA,IAAU,CAAA;AACzC,EAAA,MAAM,QAAA,GAAW,mBAAA,CAAoB,KAAA,CAAM,MAAM,CAAA;AAEjD,EAAA,MAAM,iBAAiBA,cAAAA,CAAe,QAAQ,CAAA,GAAI,CAAA,EAAA,EAAK,QAAQ,CAAA,GAAA,CAAA,GAAQ,EAAA;AACvE,EAAA,MAAA,CAAO,IAAA,CAAKD,YAAAA,EAAa,CAAA,GAAA,EAAM,MAAM,CAAA,CAAA,EAAI,GAAG,CAAA,CAAA,EAAI,MAAM,CAAA,EAAG,cAAc,CAAA,CAAE,CAAA;AAEzE,EAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAC7B;AAOA,SAAS,0BAAA,CACP,UACA,MAAA,EACuC;AACvC,EAAA,MAAM,SAAA,GAAY,QAAA,CAAS,YAAA,CAAa,OAAA,CAAQ,GAAA,CAAI,CAAC,MAAA,KAAW,UAAA,CAAW,MAAA,EAAQ,MAAM,CAAC,CAAA;AAC1F,EAAA,MAAM,UAAA,GAAa,QAAA,CAAS,YAAA,CAAa,QAAA,CAAS,GAAA;AAAA,IAChD,CAAC,QAAA,KAAa,WAAA,CAAY,QAAA,EAAU,MAAM,CAAA;AAAA,IAC1C,CAAC,KAAA,KAAmB,gBAAA,CAAiB,KAAA,EAAO,MAAM;AAAA,GACpD;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,SAAA,EAAW,QAAA,EAAU,UAAA,EAAW;AACpD;ACjHA,IAAM,gBAAA,GAAmB,CAAC,MAAA,EAAQ,KAAA,EAAO,SAAS,QAAQ,CAAA;AAC1D,IAAM,uBAAA,GAA0B,qBAAA;AAChC,IAAMA,YAAAA,GAAc,oBAAA;AAEpB,SAASE,UAAS,KAAA,EAAkD;AAClE,EAAA,OAAOD,cAAAA,CAAe,KAAK,CAAA,IAAK,OAAO,KAAA,KAAU,QAAA;AACnD;AAEA,SAAS,uBAAuB,IAAA,EAAmC;AACjE,EAAA,IAAI,CAACC,SAAAA,CAAS,IAAI,CAAA,EAAG;AACnB,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,MAAM,UAAU,IAAA,CAAK,OAAA;AACrB,EAAA,IAAI,OAAO,OAAA,KAAY,QAAA,IAAY,OAAA,CAAQ,SAAS,CAAA,EAAG;AACrD,IAAA,OAAO,OAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAS,IAAA,CAAK,MAAA;AACpB,EAAA,IAAI,OAAO,MAAA,KAAW,QAAA,IAAY,MAAA,CAAO,SAAS,CAAA,EAAG;AACnD,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,SAAS,iBAAiB,MAAA,EAAqC;AAC7D,EAAA,IAAI,OAAO,WAAW,QAAA,EAAU;AAC9B,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,gBAAA,CAAiB,QAAA,CAAS,MAAA,CAAO,WAAA,EAAa,CAAA;AACvD;AAUA,SAAS,qBAAA,CACP,QAAA,EACA,SAAA,EACA,MAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,SAAS,MAAA,CAAO,MAAA;AAC/B,IAAA,IAAI,CAAC,gBAAA,CAAiB,MAAM,CAAA,EAAG;AAC7B,MAAA,OAAO,QAAA;AAAA,IACT;AAEA,IAAA,MAAM,OAAA,GAAU,sBAAA,CAAuB,QAAA,CAAS,IAAI,CAAA,IAAK,uBAAA;AACzD,IAAA,SAAA,CAAU,MAAA,CAAO,OAAO,CAAA,EAAG,aAAA,CAAc,IAAI,CAAA;AAAA,EAC/C,SAAS,SAAA,EAAW;AAClB,IAAA,MAAA,CAAO,IAAA,CAAKF,YAAAA,EAAa,qCAAA,EAAuC,SAAS,CAAA;AAAA,EAC3E;AAEA,EAAA,OAAO,QAAA;AACT;AAMA,SAAS,0BAAA,CACP,QAAA,EACA,SAAA,EACA,MAAA,EACQ;AACR,EAAA,OAAO,QAAA,CAAS,aAAa,QAAA,CAAS,GAAA;AAAA,IAAI,CAAC,QAAA,KACzC,qBAAA,CAAsB,QAAA,EAAU,WAAW,MAAM;AAAA,GACnD;AACF;;;ACtDA,SAAS,oBAAA,CAAqB,UAAyB,KAAA,EAAwC;AAC7F,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAW,IAAA,EAAM,iBAAgB,GAAI,KAAA;AAGrD,EAAA,0BAAA,CAA2B,UAAU,MAAM,CAAA;AAC3C,EAAA,IAAI,IAAA,EAAM;AACR,IAAA,IAAA,CAAK,QAAQ,CAAA;AAAA,EACf,CAAA,MAAO;AACL,IAAA,8BAAA,CAA+B,QAAQ,CAAA;AAAA,EACzC;AAGA,EAAA,0BAAA,CAA2B,QAAA,EAAU,WAAW,MAAM,CAAA;AACtD,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,eAAA,CAAgB,QAAQ,CAAA;AAAA,EAC1B;AACA,EAAA,uBAAA,CAAwB,UAAU,MAAM,CAAA;AAC1C","file":"index.mjs","sourcesContent":["/**\n * Clean axios instance factory for the BFF era.\n *\n * Produces an axios instance with the BFF defaults (JSON, XHR marker,\n * credentialed) and no interceptors. Interceptors are wired separately via\n * {@link registerInterceptors} so the app controls the chain composition.\n */\n\nimport axios from 'axios';\n\nimport type { BffAxiosClientOptions } from './types';\nimport type { AxiosInstance } from 'axios';\n\nconst BFF_DEFAULT_HEADERS: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'Accept': 'application/json',\n 'X-Requested-With': 'XMLHttpRequest',\n};\n\n/**\n * Creates a credentialed axios instance with the shared BFF defaults. No\n * interceptors are registered here — call {@link registerInterceptors} once at\n * bootstrap to install the chain.\n */\nfunction createBffAxiosClient(options: BffAxiosClientOptions): AxiosInstance {\n return axios.create({\n timeout: options.timeoutMs,\n baseURL: options.baseURL,\n headers: { ...BFF_DEFAULT_HEADERS, ...(options.headers ?? {}) },\n withCredentials: true,\n });\n}\n\nexport { createBffAxiosClient };\n","/**\n * Default CSRF request interceptor.\n *\n * After a BFF cutover, an SPA authenticates via a cookie. Cookie auth\n * reintroduces CSRF risk, so the BFF's `Bff.AspNetCore` anti-forgery\n * middleware requires a custom header on every state-changing request — a\n * request a cross-site form POST cannot forge. This default attaches\n * `X-BFF-Csrf: 1` to all mutating methods.\n *\n * This is the **default implementation of the `csrf` port**. Apps that need a\n * different CSRF strategy supply their own registrar to\n * {@link registerInterceptors}; this body is what diverged per app and is kept\n * overridable on purpose.\n */\n\nimport type { AxiosInstance, InternalAxiosRequestConfig } from 'axios';\n\n/** Header name + value the `Bff.AspNetCore` anti-forgery middleware checks. */\nconst CSRF_HEADER = 'X-BFF-Csrf';\nconst CSRF_HEADER_VALUE = '1';\n\n/** Methods the BFF anti-forgery middleware treats as state-changing. */\nconst STATE_CHANGING_METHODS = ['POST', 'PUT', 'PATCH', 'DELETE'];\n\nfunction isStateChanging(method: string | undefined): boolean {\n if (typeof method !== 'string') {\n return false;\n }\n return STATE_CHANGING_METHODS.includes(method.toUpperCase());\n}\n\n/**\n * Adds `X-BFF-Csrf` to every state-changing request. Safe (GET/HEAD) requests\n * are left untouched — the BFF only enforces the header on mutations.\n */\nfunction attachCsrfHeader(config: InternalAxiosRequestConfig): InternalAxiosRequestConfig {\n if (isStateChanging(config.method)) {\n config.headers.set(CSRF_HEADER, CSRF_HEADER_VALUE);\n }\n return config;\n}\n\n/**\n * Registers the default CSRF request interceptor on an axios instance.\n * @returns The interceptor ID for potential ejection.\n */\nfunction registerDefaultCsrfInterceptor(instance: AxiosInstance): number {\n return instance.interceptors.request.use(attachCsrfHeader);\n}\n\nexport { registerDefaultCsrfInterceptor, attachCsrfHeader };\n","/**\n * Response error interceptor: classifies axios errors.\n *\n * Converts raw AxiosError objects into {@link ClassifiedError} instances with\n * full context (status, url, method, errorCode, message, etc), logs them\n * through the app-supplied {@link BffLogger}, and re-rejects so callers and\n * downstream interceptors can react.\n */\n\nimport { HttpMethod } from '@dloizides/api-client-base';\nimport { isValueDefined } from '@dloizides/utils';\n\nimport type { BffLogger } from '../types';\nimport type { ClassifiedError } from '@dloizides/api-client-base';\nimport type { AxiosError, AxiosInstance, AxiosResponse } from 'axios';\n\nconst LOG_CONTEXT = 'errorClassifier';\nconst TIMEOUT_ERROR_CODE = 'ECONNABORTED';\nconst NETWORK_ERROR_STATUS = 0;\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return isValueDefined(value) && typeof value === 'object';\n}\n\nfunction isAxiosError(value: unknown): value is AxiosError {\n if (typeof value !== 'object') {\n return false;\n }\n if (!isValueDefined(value)) {\n return false;\n }\n return 'isAxiosError' in value;\n}\n\nfunction extractErrorCode(data: unknown): string | undefined {\n if (!isRecord(data)) {\n return undefined;\n }\n\n const code = data.errorCode ?? data.code ?? data.error;\n if (typeof code === 'string' && code.length > 0) {\n return code;\n }\n\n return undefined;\n}\n\nfunction extractErrorMessage(data: unknown, fallback: string): string {\n if (!isRecord(data)) {\n return fallback;\n }\n\n const message = data.message ?? data.detail ?? data.error ?? data.title;\n if (typeof message === 'string' && message.length > 0) {\n return message;\n }\n\n return fallback;\n}\n\nfunction extractStringHeader(headers: Record<string, unknown>, key: string): string | undefined {\n const value: unknown = headers[key];\n if (typeof value === 'string' && value.length > 0) {\n return value;\n }\n return undefined;\n}\n\nfunction extractRequestId(response: AxiosResponse | undefined): string | undefined {\n if (!isValueDefined(response)) {\n return undefined;\n }\n\n const headers = response.headers;\n if (!isRecord(headers)) {\n return undefined;\n }\n\n return extractStringHeader(headers, 'x-request-id') ?? extractStringHeader(headers, 'x-correlation-id');\n}\n\nfunction resolveHttpMethod(method: string | undefined): HttpMethod {\n if (typeof method !== 'string') {\n return HttpMethod.Get;\n }\n const upper = method.toUpperCase();\n const methodMap: Record<string, HttpMethod | undefined> = {\n GET: HttpMethod.Get,\n POST: HttpMethod.Post,\n PUT: HttpMethod.Put,\n PATCH: HttpMethod.Patch,\n DELETE: HttpMethod.Delete,\n };\n return methodMap[upper] ?? HttpMethod.Get;\n}\n\n/**\n * Converts an AxiosError into a {@link ClassifiedError} with full context.\n */\nfunction classifyError(error: AxiosError): ClassifiedError {\n const response = error.response;\n const hasResponse = isValueDefined(response);\n\n const status = hasResponse ? response.status : NETWORK_ERROR_STATUS;\n const url = error.config?.url ?? 'unknown';\n const method = resolveHttpMethod(error.config?.method);\n const body = hasResponse ? response.data : undefined;\n\n const isTimeout = error.code === TIMEOUT_ERROR_CODE;\n const defaultMessage = isTimeout ? 'Request timed out' : 'Network error';\n const errorCode = extractErrorCode(body) ?? (isTimeout ? TIMEOUT_ERROR_CODE : undefined);\n const message = hasResponse ? extractErrorMessage(body, error.message) : defaultMessage;\n\n return {\n status,\n url,\n method,\n errorCode,\n message,\n body,\n originalError: error,\n timestamp: Date.now(),\n requestId: extractRequestId(response),\n };\n}\n\n/**\n * Handles response errors by classifying them and logging.\n */\nasync function handleResponseError(error: unknown, logger: BffLogger): Promise<never> {\n if (!isAxiosError(error)) {\n return Promise.reject(error);\n }\n\n const classified = classifyError(error);\n\n logger.warn(LOG_CONTEXT, `HTTP ${classified.method} ${classified.url} failed`, {\n status: classified.status,\n errorCode: classified.errorCode,\n message: classified.message,\n });\n\n return Promise.reject(error);\n}\n\n/**\n * Registers the error classifier interceptor on an axios instance.\n * @returns The interceptor ID for potential ejection.\n */\nfunction registerErrorClassifier(instance: AxiosInstance, logger: BffLogger): number {\n return instance.interceptors.response.use(\n (response) => response,\n (error: unknown) => handleResponseError(error, logger),\n );\n}\n\nexport { registerErrorClassifier, classifyError, handleResponseError };\n","/**\n * Request and response logging interceptor.\n *\n * Logs HTTP method, URL, status, and duration through the app-supplied\n * {@link BffLogger}. Only active in non-production environments. Request\n * bodies are NOT logged for security reasons.\n */\n\nimport { isValueDefined } from '@dloizides/utils';\n\nimport type { BffLogger } from '../types';\nimport type { AxiosInstance, AxiosResponse, InternalAxiosRequestConfig } from 'axios';\n\nconst LOG_CONTEXT = 'http';\nconst REQUEST_START_HEADER = 'x-request-start-time';\n\nfunction isProduction(): boolean {\n return process.env.NODE_ENV === 'production';\n}\n\n/**\n * Logs the outgoing request and stamps the start time for duration tracking.\n */\nfunction logRequest(\n config: InternalAxiosRequestConfig,\n logger: BffLogger,\n): InternalAxiosRequestConfig {\n if (isProduction()) {\n return config;\n }\n\n const method = (config.method ?? 'GET').toUpperCase();\n const url = config.url ?? 'unknown';\n\n logger.debug(LOG_CONTEXT, `-> ${method} ${url}`);\n\n config.headers.set(REQUEST_START_HEADER, String(Date.now()));\n\n return config;\n}\n\nfunction calculateDurationMs(config: InternalAxiosRequestConfig): number | undefined {\n const startRaw = config.headers.get(REQUEST_START_HEADER);\n if (typeof startRaw !== 'string' || startRaw.length === 0) {\n return undefined;\n }\n\n const start = Number(startRaw);\n if (Number.isNaN(start)) {\n return undefined;\n }\n\n return Date.now() - start;\n}\n\n/**\n * Logs successful responses with status and duration.\n */\nfunction logResponse(response: AxiosResponse, logger: BffLogger): AxiosResponse {\n if (isProduction()) {\n return response;\n }\n\n const method = (response.config.method ?? 'GET').toUpperCase();\n const url = response.config.url ?? 'unknown';\n const status = response.status;\n const duration = calculateDurationMs(response.config);\n\n const durationSuffix = isValueDefined(duration) ? ` (${duration}ms)` : '';\n logger.debug(LOG_CONTEXT, `<- ${method} ${url} ${status}${durationSuffix}`);\n\n return response;\n}\n\ninterface AxiosLikeError {\n config: InternalAxiosRequestConfig;\n response?: AxiosResponse;\n message?: string;\n}\n\nfunction isAxiosLikeError(value: unknown): value is AxiosLikeError {\n if (typeof value !== 'object') {\n return false;\n }\n if (!isValueDefined(value)) {\n return false;\n }\n return 'config' in value;\n}\n\n/**\n * Logs error responses with status and duration.\n */\nasync function logErrorResponse(error: unknown, logger: BffLogger): Promise<never> {\n if (isProduction()) {\n return Promise.reject(error);\n }\n if (!isAxiosLikeError(error)) {\n return Promise.reject(error);\n }\n\n const method = (error.config.method ?? 'GET').toUpperCase();\n const url = error.config.url ?? 'unknown';\n const status = error.response?.status ?? 0;\n const duration = calculateDurationMs(error.config);\n\n const durationSuffix = isValueDefined(duration) ? ` (${duration}ms)` : '';\n logger.warn(LOG_CONTEXT, `<- ${method} ${url} ${status}${durationSuffix}`);\n\n return Promise.reject(error);\n}\n\n/**\n * Registers request and response logging interceptors on an axios instance.\n * No-ops in production.\n * @returns An object with both interceptor IDs for potential ejection.\n */\nfunction registerLoggingInterceptor(\n instance: AxiosInstance,\n logger: BffLogger,\n): { request: number; response: number } {\n const requestId = instance.interceptors.request.use((config) => logRequest(config, logger));\n const responseId = instance.interceptors.response.use(\n (response) => logResponse(response, logger),\n (error: unknown) => logErrorResponse(error, logger),\n );\n return { request: requestId, response: responseId };\n}\n\nexport { registerLoggingInterceptor };\n","/**\n * Response interceptor: normalizes successful API responses.\n *\n * For successful mutation requests (POST/PUT/PATCH/DELETE), emits a toast via\n * the app-supplied {@link EmitToast} port so the UI can display a success\n * notification without coupling the package to a specific UI bus.\n */\n\nimport { ErrorSeverity } from '@dloizides/api-client-base';\nimport { isValueDefined } from '@dloizides/utils';\n\nimport type { BffLogger, EmitToast } from '../types';\nimport type { AxiosInstance, AxiosResponse } from 'axios';\n\nconst MUTATING_METHODS = ['POST', 'PUT', 'PATCH', 'DELETE'];\nconst DEFAULT_SUCCESS_MESSAGE = 'Saved successfully.';\nconst LOG_CONTEXT = 'responseNormalizer';\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return isValueDefined(value) && typeof value === 'object';\n}\n\nfunction extractMessageFromBody(data: unknown): string | undefined {\n if (!isRecord(data)) {\n return undefined;\n }\n\n const message = data.message;\n if (typeof message === 'string' && message.length > 0) {\n return message;\n }\n\n const detail = data.detail;\n if (typeof detail === 'string' && detail.length > 0) {\n return detail;\n }\n\n return undefined;\n}\n\nfunction isMutatingMethod(method: string | undefined): boolean {\n if (typeof method !== 'string') {\n return false;\n }\n return MUTATING_METHODS.includes(method.toUpperCase());\n}\n\n/**\n * Handles a successful response by emitting a toast for mutations.\n *\n * Always returns the original `response` unchanged — an axios response\n * interceptor must pass the response through. The invariant return is the\n * required contract, not a code smell.\n */\n// eslint-disable-next-line sonarjs/no-invariant-returns\nfunction handleSuccessResponse(\n response: AxiosResponse,\n emitToast: EmitToast,\n logger: BffLogger,\n): AxiosResponse {\n try {\n const method = response.config.method;\n if (!isMutatingMethod(method)) {\n return response;\n }\n\n const message = extractMessageFromBody(response.data) ?? DEFAULT_SUCCESS_MESSAGE;\n emitToast(String(message), ErrorSeverity.Info);\n } catch (emitError) {\n logger.warn(LOG_CONTEXT, 'Failed to emit success notification', emitError);\n }\n\n return response;\n}\n\n/**\n * Registers the response normalizer interceptor on an axios instance.\n * @returns The interceptor ID for potential ejection.\n */\nfunction registerResponseNormalizer(\n instance: AxiosInstance,\n emitToast: EmitToast,\n logger: BffLogger,\n): number {\n return instance.interceptors.response.use((response) =>\n handleSuccessResponse(response, emitToast, logger),\n );\n}\n\nexport { registerResponseNormalizer };\n","/**\n * Interceptor registration — BFF era.\n *\n * Wires the interceptor chain onto an axios instance in the correct order.\n *\n * Request interceptors run in REVERSE order of registration, so:\n * 1. logging (registered first, runs last = logs the FINAL config)\n * 2. csrf (registered second, runs first = attaches the CSRF header)\n *\n * Response interceptors run in ORDER of registration, so:\n * 1. logging (logs response/error first)\n * 2. normalizer (emits success toast)\n * 3. session expiry (handles 401 -> clear session, app-supplied port)\n * 4. error classifier (classifies remaining errors)\n *\n * The package owns the logging, normalizer, and error-classifier bodies. The\n * `csrf` and `onSessionExpiry` registrars are app-supplied ports (the app owns\n * its CSRF strategy and its session store); `csrf` falls back to the package\n * default when omitted.\n */\n\nimport { registerDefaultCsrfInterceptor } from './interceptors/defaultCsrfInterceptor';\nimport { registerErrorClassifier } from './interceptors/errorClassifierInterceptor';\nimport { registerLoggingInterceptor } from './interceptors/loggingInterceptor';\nimport { registerResponseNormalizer } from './interceptors/responseNormalizer';\n\nimport type { RegisterInterceptorsPorts } from './types';\nimport type { AxiosInstance } from 'axios';\n\n/**\n * Registers the full BFF interceptor chain on the provided axios instance.\n * Call this once during application bootstrap after creating the instance.\n */\nfunction registerInterceptors(instance: AxiosInstance, ports: RegisterInterceptorsPorts): void {\n const { logger, emitToast, csrf, onSessionExpiry } = ports;\n\n // Request interceptors (registered order = reverse execution order)\n registerLoggingInterceptor(instance, logger);\n if (csrf) {\n csrf(instance);\n } else {\n registerDefaultCsrfInterceptor(instance);\n }\n\n // Response interceptors (registered order = execution order)\n registerResponseNormalizer(instance, emitToast, logger);\n if (onSessionExpiry) {\n onSessionExpiry(instance);\n }\n registerErrorClassifier(instance, logger);\n}\n\nexport { registerInterceptors };\n"]}

package/package.json ADDED Viewed

@@ -0,0 +1,86 @@
+{
+  "name": "@dloizides/bff-web-client",
+  "version": "1.0.1",
+  "description": "Product-agnostic RN-web BFF HTTP layer for the dloizides.com portfolio: an axios instance factory plus an interceptor chain (logging, success-toast normalizer, error classifier) with app-supplied ports for the CSRF strategy, session-expiry handling, toast emitter, and logger. Pairs with @dloizides/api-client-base by composition, never imports a product.",
+  "keywords": [
+    "axios",
+    "bff",
+    "interceptors",
+    "http",
+    "csrf",
+    "dloizides"
+  ],
+  "author": "dloizides",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/openmindednewby/bff-web-client.git"
+  },
+  "homepage": "https://github.com/openmindednewby/bff-web-client#readme",
+  "bugs": {
+    "url": "https://github.com/openmindednewby/bff-web-client/issues"
+  },
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      }
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "CHANGELOG.md"
+  ],
+  "sideEffects": false,
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "rimraf dist && tsup",
+    "build:watch": "tsup --watch",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:coverage": "jest --coverage",
+    "lint": "eslint src --ext .ts",
+    "lint:fix": "eslint src --ext .ts --fix",
+    "typecheck": "tsc --noEmit",
+    "clean": "rimraf dist",
+    "security:audit": "npm audit --audit-level=high",
+    "deps:outdated": "npm outdated || exit 0",
+    "deps:unused": "npx depcheck --ignores \"@types/jest,@types/node,rimraf\"",
+    "deps:licenses": "npx license-checker --onlyAllow \"MIT;Apache-2.0;ISC;BSD-2-Clause;BSD-3-Clause;0BSD;Unlicense;CC0-1.0\"",
+    "deps:health": "npm run deps:outdated && npm run deps:unused",
+    "prepublishOnly": "npm run clean && npm run build && npm run test"
+  },
+  "peerDependencies": {
+    "@dloizides/api-client-base": "^1.0.0",
+    "@dloizides/utils": "^1.0.0",
+    "axios": ">=1.0.0"
+  },
+  "devDependencies": {
+    "@dloizides/api-client-base": "^1.0.0",
+    "@dloizides/utils": "^1.0.2",
+    "@types/jest": "^29.5.0",
+    "@types/node": "^20.19.32",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
+    "@typescript-eslint/parser": "^7.0.0",
+    "axios": "^1.13.4",
+    "eslint": "^8.57.0",
+    "eslint-plugin-sonarjs": "^4.0.3",
+    "jest": "^29.7.0",
+    "jest-environment-jsdom": "^29.7.0",
+    "rimraf": "^5.0.0",
+    "ts-jest": "^29.1.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.4.0"
+  }
+}