@docbrasil/api-systemmanager 1.1.84 → 1.1.85

package/api/dispatch.js

@@ -199,38 +199,18 @@ class Dispatch {
     return this._client;
   }
 
-  /**
-   * @description Decode the payload of a JWT token (base64url → JSON).
-   * Does NOT verify the signature — used only to extract claims for header building.
-   * @param {string} token JWT token string
-   * @return {object|null} Decoded payload or null on failure
-   * @private
-   */
-  _decodeJwtPayload(token) {
-    try {
-      const parts = token.split('.');
-      if (parts.length !== 3) return null;
-      const base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
-      const json = decodeURIComponent(
-        atob(base64).split('').map(c => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)).join('')
-      );
-      return JSON.parse(json);
-    } catch (e) {
-      return null;
-    }
-  }
-
   /**
    * @description Create a dedicated Axios client for Akamai routes.
    * In DEV there is no NGiNX to translate the Authorization JWT into the
    * x-api-key / x-user-id / x-organization-id headers that Akamai expects.
-   * When an apiKey is supplied the client adds a request interceptor that
-   * decodes the JWT and sets those headers automatically.
+   * When a headerBuilder function is supplied, the client adds a request
+   * interceptor that replaces the Authorization header with the x-* headers
+   * returned by the function.
    * @param {string} url The Akamai base URL (e.g., http://localhost:9008 in DEV).
    * @param {object} [options] Optional configuration
-   * @param {string} [options.apiKey] API key for Akamai authentication.
-   *   When provided, the client will transform the Authorization JWT into
-   *   x-api-key, x-user-id and x-organization-id headers on every request.
+   * @param {function} [options.headerBuilder] A function that returns an object
+   *   with the Akamai headers (x-api-key, x-user-id, x-organization-id, x-country).
+   *   Called at request time so it can read live application state (e.g., auth store).
    * @public
    */
   setAkamaiBaseUrl(url, options = {}) {
@@ -243,25 +223,15 @@ class Dispatch {
       withCredentials: true
     });
 
-    // When an API key is provided, add interceptor to build Akamai headers from the JWT
-    if (options.apiKey) {
-      const apiKey = options.apiKey;
-
+    // When a headerBuilder is provided, add interceptor to replace Authorization with Akamai headers
+    if (typeof options.headerBuilder === 'function') {
       self._akamaiClient.interceptors.request.use((config) => {
-        const auth = config.headers && (config.headers.Authorization || config.headers.authorization);
-        if (auth) {
-          const payload = self._decodeJwtPayload(auth);
-          if (payload) {
-            config.headers['x-api-key'] = apiKey;
-            config.headers['x-user-id'] = payload._id || payload.userId;
-            config.headers['x-organization-id'] = payload.orgId || payload.organizationId;
-            if (payload.language) {
-              config.headers['x-country'] = payload.language;
-            }
-            // Remove the Authorization header — Akamai doesn't use it
-            delete config.headers.Authorization;
-            delete config.headers.authorization;
-          }
+        const headers = options.headerBuilder();
+        if (headers) {
+          Object.assign(config.headers, headers);
+          // Remove the Authorization header — Akamai doesn't use it
+          delete config.headers.Authorization;
+          delete config.headers.authorization;
         }
         return config;
       });

package/dist/bundle.cjs

@@ -211,38 +211,18 @@ class Dispatch {
     return this._client;
   }
 
-  /**
-   * @description Decode the payload of a JWT token (base64url → JSON).
-   * Does NOT verify the signature — used only to extract claims for header building.
-   * @param {string} token JWT token string
-   * @return {object|null} Decoded payload or null on failure
-   * @private
-   */
-  _decodeJwtPayload(token) {
-    try {
-      const parts = token.split('.');
-      if (parts.length !== 3) return null;
-      const base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
-      const json = decodeURIComponent(
-        atob(base64).split('').map(c => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)).join('')
-      );
-      return JSON.parse(json);
-    } catch (e) {
-      return null;
-    }
-  }
-
   /**
    * @description Create a dedicated Axios client for Akamai routes.
    * In DEV there is no NGiNX to translate the Authorization JWT into the
    * x-api-key / x-user-id / x-organization-id headers that Akamai expects.
-   * When an apiKey is supplied the client adds a request interceptor that
-   * decodes the JWT and sets those headers automatically.
+   * When a headerBuilder function is supplied, the client adds a request
+   * interceptor that replaces the Authorization header with the x-* headers
+   * returned by the function.
    * @param {string} url The Akamai base URL (e.g., http://localhost:9008 in DEV).
    * @param {object} [options] Optional configuration
-   * @param {string} [options.apiKey] API key for Akamai authentication.
-   *   When provided, the client will transform the Authorization JWT into
-   *   x-api-key, x-user-id and x-organization-id headers on every request.
+   * @param {function} [options.headerBuilder] A function that returns an object
+   *   with the Akamai headers (x-api-key, x-user-id, x-organization-id, x-country).
+   *   Called at request time so it can read live application state (e.g., auth store).
    * @public
    */
   setAkamaiBaseUrl(url, options = {}) {
@@ -255,25 +235,15 @@ class Dispatch {
       withCredentials: true
     });
 
-    // When an API key is provided, add interceptor to build Akamai headers from the JWT
-    if (options.apiKey) {
-      const apiKey = options.apiKey;
-
+    // When a headerBuilder is provided, add interceptor to replace Authorization with Akamai headers
+    if (typeof options.headerBuilder === 'function') {
       self._akamaiClient.interceptors.request.use((config) => {
-        const auth = config.headers && (config.headers.Authorization || config.headers.authorization);
-        if (auth) {
-          const payload = self._decodeJwtPayload(auth);
-          if (payload) {
-            config.headers['x-api-key'] = apiKey;
-            config.headers['x-user-id'] = payload._id || payload.userId;
-            config.headers['x-organization-id'] = payload.orgId || payload.organizationId;
-            if (payload.language) {
-              config.headers['x-country'] = payload.language;
-            }
-            // Remove the Authorization header — Akamai doesn't use it
-            delete config.headers.Authorization;
-            delete config.headers.authorization;
-          }
+        const headers = options.headerBuilder();
+        if (headers) {
+          Object.assign(config.headers, headers);
+          // Remove the Authorization header — Akamai doesn't use it
+          delete config.headers.Authorization;
+          delete config.headers.authorization;
         }
         return config;
       });
@@ -16612,7 +16582,7 @@ class API {
 
     // If akamaiUri was provided in options, configure the Akamai client
     if (self.options.akamaiUri) {
-      self.dispatch.setAkamaiBaseUrl(self.options.akamaiUri, { apiKey: self.options.akamaiApiKey });
+      self.dispatch.setAkamaiBaseUrl(self.options.akamaiUri, { headerBuilder: self.options.akamaiHeaderBuilder });
     }
   }
 
@@ -16620,8 +16590,8 @@ class API {
    * @description Set the Akamai base URL for agent/AI routes.
    * @param {string} url The Akamai base URL.
    * @param {object} [options] Optional configuration
-   * @param {string} [options.apiKey] API key for Akamai authentication (required in DEV,
-   *   where there is no NGiNX to translate Authorization JWT into x-* headers).
+   * @param {function} [options.headerBuilder] Function returning Akamai headers.
+   *   Called at request time — can read live app state (e.g., auth store).
    * @public
    */
   setAkamaiBaseUrl(url, options = {}) {