@docbrasil/api-systemmanager 1.1.84 → 1.1.85

package/doc/api.md

@@ -5440,8 +5440,9 @@ Get the Axios client.
 Create a dedicated Axios client for Akamai routes.
 In DEV there is no NGiNX to translate the Authorization JWT into the
 x-api-key / x-user-id / x-organization-id headers that Akamai expects.
-When an apiKey is supplied the client adds a request interceptor that
-decodes the JWT and sets those headers automatically.
+When a headerBuilder function is supplied, the client adds a request
+interceptor that replaces the Authorization header with the x-* headers
+returned by the function.
 
 **Kind**: instance method of [<code>Dispatch</code>](#Dispatch)  
 **Access**: public  
@@ -5450,7 +5451,7 @@ decodes the JWT and sets those headers automatically.
 | --- | --- | --- |
 | url | <code>string</code> | The Akamai base URL (e.g., http://localhost:9008 in DEV). |
 | [options] | <code>object</code> | Optional configuration |
-| [options.apiKey] | <code>string</code> | API key for Akamai authentication.   When provided, the client will transform the Authorization JWT into   x-api-key, x-user-id and x-organization-id headers on every request. |
+| [options.headerBuilder] | <code>function</code> | A function that returns an object   with the Akamai headers (x-api-key, x-user-id, x-organization-id, x-country).   Called at request time so it can read live application state (e.g., auth store). |
 
 <a name="Dispatch+getAkamaiClient"></a>
 

package/docs/Dispatch.html

@@ -387,7 +387,7 @@ for backward compatibility (e.g., PROD where NGiNX proxies all routes).
         <p class="tag-source">
             <a href="dispatch.js.html" class="button">View Source</a>
             <span>
-                <a href="dispatch.js.html">dispatch.js</a>, <a href="dispatch.js.html#line277">line 277</a>
+                <a href="dispatch.js.html">dispatch.js</a>, <a href="dispatch.js.html#line247">line 247</a>
             </span>
         </p>
     
@@ -820,8 +820,9 @@ for backward compatibility (e.g., PROD where NGiNX proxies all routes).
         Create a dedicated Axios client for Akamai routes.
 In DEV there is no NGiNX to translate the Authorization JWT into the
 x-api-key / x-user-id / x-organization-id headers that Akamai expects.
-When an apiKey is supplied the client adds a request interceptor that
-decodes the JWT and sets those headers automatically.
+When a headerBuilder function is supplied, the client adds a request
+interceptor that replaces the Authorization header with the x-* headers
+returned by the function.
     </div>
     
 
@@ -928,13 +929,13 @@ decodes the JWT and sets those headers automatically.
     
 <tr class="deep-level-1">
   
-      <td class="name"><code>apiKey</code></td>
+      <td class="name"><code>headerBuilder</code></td>
   
 
   <td class="type">
   
       
-<code class="param-type">string</code>
+<code class="param-type">function</code>
 
 
   
@@ -954,9 +955,9 @@ decodes the JWT and sets those headers automatically.
 
   
 
-  <td class="description last">API key for Akamai authentication.
-  When provided, the client will transform the Authorization JWT into
-  x-api-key, x-user-id and x-organization-id headers on every request.</td>
+  <td class="description last">A function that returns an object
+  with the Akamai headers (x-api-key, x-user-id, x-organization-id, x-country).
+  Called at request time so it can read live application state (e.g., auth store).</td>
 </tr>
 
   
@@ -1006,7 +1007,7 @@ decodes the JWT and sets those headers automatically.
         <p class="tag-source">
             <a href="dispatch.js.html" class="button">View Source</a>
             <span>
-                <a href="dispatch.js.html">dispatch.js</a>, <a href="dispatch.js.html#line236">line 236</a>
+                <a href="dispatch.js.html">dispatch.js</a>, <a href="dispatch.js.html#line216">line 216</a>
             </span>
         </p>
     

package/docs/dispatch.js.html

@@ -286,38 +286,18 @@ class Dispatch {
     return this._client;
   }
 
-  /**
-   * @description Decode the payload of a JWT token (base64url → JSON).
-   * Does NOT verify the signature — used only to extract claims for header building.
-   * @param {string} token JWT token string
-   * @return {object|null} Decoded payload or null on failure
-   * @private
-   */
-  _decodeJwtPayload(token) {
-    try {
-      const parts = token.split('.');
-      if (parts.length !== 3) return null;
-      const base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
-      const json = decodeURIComponent(
-        atob(base64).split('').map(c => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2)).join('')
-      );
-      return JSON.parse(json);
-    } catch (e) {
-      return null;
-    }
-  }
-
   /**
    * @description Create a dedicated Axios client for Akamai routes.
    * In DEV there is no NGiNX to translate the Authorization JWT into the
    * x-api-key / x-user-id / x-organization-id headers that Akamai expects.
-   * When an apiKey is supplied the client adds a request interceptor that
-   * decodes the JWT and sets those headers automatically.
+   * When a headerBuilder function is supplied, the client adds a request
+   * interceptor that replaces the Authorization header with the x-* headers
+   * returned by the function.
    * @param {string} url The Akamai base URL (e.g., http://localhost:9008 in DEV).
    * @param {object} [options] Optional configuration
-   * @param {string} [options.apiKey] API key for Akamai authentication.
-   *   When provided, the client will transform the Authorization JWT into
-   *   x-api-key, x-user-id and x-organization-id headers on every request.
+   * @param {function} [options.headerBuilder] A function that returns an object
+   *   with the Akamai headers (x-api-key, x-user-id, x-organization-id, x-country).
+   *   Called at request time so it can read live application state (e.g., auth store).
    * @public
    */
   setAkamaiBaseUrl(url, options = {}) {
@@ -330,25 +310,15 @@ class Dispatch {
       withCredentials: true
     });
 
-    // When an API key is provided, add interceptor to build Akamai headers from the JWT
-    if (options.apiKey) {
-      const apiKey = options.apiKey;
-
+    // When a headerBuilder is provided, add interceptor to replace Authorization with Akamai headers
+    if (typeof options.headerBuilder === 'function') {
       self._akamaiClient.interceptors.request.use((config) => {
-        const auth = config.headers && (config.headers.Authorization || config.headers.authorization);
-        if (auth) {
-          const payload = self._decodeJwtPayload(auth);
-          if (payload) {
-            config.headers['x-api-key'] = apiKey;
-            config.headers['x-user-id'] = payload._id || payload.userId;
-            config.headers['x-organization-id'] = payload.orgId || payload.organizationId;
-            if (payload.language) {
-              config.headers['x-country'] = payload.language;
-            }
-            // Remove the Authorization header — Akamai doesn't use it
-            delete config.headers.Authorization;
-            delete config.headers.authorization;
-          }
+        const headers = options.headerBuilder();
+        if (headers) {
+          Object.assign(config.headers, headers);
+          // Remove the Authorization header — Akamai doesn't use it
+          delete config.headers.Authorization;
+          delete config.headers.authorization;
         }
         return config;
       });

package/index.js

@@ -87,7 +87,7 @@ class API {
 
     // If akamaiUri was provided in options, configure the Akamai client
     if (self.options.akamaiUri) {
-      self.dispatch.setAkamaiBaseUrl(self.options.akamaiUri, { apiKey: self.options.akamaiApiKey });
+      self.dispatch.setAkamaiBaseUrl(self.options.akamaiUri, { headerBuilder: self.options.akamaiHeaderBuilder });
     }
   }
 
@@ -95,8 +95,8 @@ class API {
    * @description Set the Akamai base URL for agent/AI routes.
    * @param {string} url The Akamai base URL.
    * @param {object} [options] Optional configuration
-   * @param {string} [options.apiKey] API key for Akamai authentication (required in DEV,
-   *   where there is no NGiNX to translate Authorization JWT into x-* headers).
+   * @param {function} [options.headerBuilder] Function returning Akamai headers.
+   *   Called at request time — can read live app state (e.g., auth store).
    * @public
    */
   setAkamaiBaseUrl(url, options = {}) {

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@docbrasil/api-systemmanager",
   "description": "Module API System Manager",
-  "version": "1.1.84",
+  "version": "1.1.85",
   "scripts": {
     "htmldoc": "rm -rf docs && jsdoc api/** -d docs -t ./node_modules/better-docs",
     "doc": "rm -rf doc && mkdir doc && jsdoc2md api/**/* api/* > doc/api.md",