@insforge/sdk 1.0.1-refresh.8 → 1.0.1-refresh.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.js +40 -1
  2. package/dist/index.js.map +1 -1
  3. package/dist/index.mjs +40 -1
  4. package/dist/index.mjs.map +1 -1
  5. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -177,6 +177,7 @@ var HttpClient = class {
177
177
  var TOKEN_KEY = "insforge-auth-token";
178
178
  var USER_KEY = "insforge-auth-user";
179
179
  var AUTH_FLAG_COOKIE = "isAuthenticated";
180
+ var CSRF_TOKEN_COOKIE = "insforge_csrf_token";
180
181
  function hasAuthCookie() {
181
182
  if (typeof document === "undefined") return false;
182
183
  return document.cookie.split(";").some(
@@ -192,6 +193,21 @@ function clearAuthCookie() {
192
193
  if (typeof document === "undefined") return;
193
194
  document.cookie = `${AUTH_FLAG_COOKIE}=; path=/; max-age=0; SameSite=Lax`;
194
195
  }
196
+ function getCsrfToken() {
197
+ if (typeof document === "undefined") return null;
198
+ const match = document.cookie.split(";").find((c) => c.trim().startsWith(`${CSRF_TOKEN_COOKIE}=`));
199
+ if (!match) return null;
200
+ return match.split("=")[1] || null;
201
+ }
202
+ function setCsrfToken(token) {
203
+ if (typeof document === "undefined") return;
204
+ const maxAge = 7 * 24 * 60 * 60;
205
+ document.cookie = `${CSRF_TOKEN_COOKIE}=${token}; path=/; max-age=${maxAge}; SameSite=Lax`;
206
+ }
207
+ function clearCsrfToken() {
208
+ if (typeof document === "undefined") return;
209
+ document.cookie = `${CSRF_TOKEN_COOKIE}=; path=/; max-age=0; SameSite=Lax`;
210
+ }
195
211
  var TokenManager = class {
196
212
  constructor(storage) {
197
213
  // In-memory storage
@@ -460,8 +476,12 @@ var Auth = class {
460
476
  }
461
477
  if (hasAuthCookie()) {
462
478
  try {
479
+ const csrfToken = getCsrfToken();
463
480
  const response = await this.http.post(
464
- "/api/auth/refresh"
481
+ "/api/auth/refresh",
482
+ {
483
+ headers: csrfToken ? { "X-CSRF-Token": csrfToken } : {}
484
+ }
465
485
  );
466
486
  if (response.accessToken) {
467
487
  this.tokenManager.setMemoryMode();
@@ -470,6 +490,9 @@ var Auth = class {
470
490
  if (response.user) {
471
491
  this.tokenManager.setUser(response.user);
472
492
  }
493
+ if (response.csrfToken) {
494
+ setCsrfToken(response.csrfToken);
495
+ }
473
496
  return { isLoggedIn: true };
474
497
  }
475
498
  } catch (error) {
@@ -485,6 +508,7 @@ var Auth = class {
485
508
  }
486
509
  if (error.statusCode === 401 || error.statusCode === 403) {
487
510
  clearAuthCookie();
511
+ clearCsrfToken();
488
512
  return { isLoggedIn: false };
489
513
  }
490
514
  }
@@ -514,6 +538,7 @@ var Auth = class {
514
538
  const userId = params.get("user_id");
515
539
  const email = params.get("email");
516
540
  const name = params.get("name");
541
+ const csrfToken = params.get("csrf_token");
517
542
  if (accessToken && userId && email) {
518
543
  const session = {
519
544
  accessToken,
@@ -531,11 +556,15 @@ var Auth = class {
531
556
  this.http.setAuthToken(accessToken);
532
557
  this.tokenManager.saveSession(session);
533
558
  setAuthCookie();
559
+ if (csrfToken) {
560
+ setCsrfToken(csrfToken);
561
+ }
534
562
  const url = new URL(window.location.href);
535
563
  url.searchParams.delete("access_token");
536
564
  url.searchParams.delete("user_id");
537
565
  url.searchParams.delete("email");
538
566
  url.searchParams.delete("name");
567
+ url.searchParams.delete("csrf_token");
539
568
  if (params.has("error")) {
540
569
  url.searchParams.delete("error");
541
570
  }
@@ -559,6 +588,9 @@ var Auth = class {
559
588
  this.tokenManager.saveSession(session);
560
589
  setAuthCookie();
561
590
  this.http.setAuthToken(response.accessToken);
591
+ if (response.csrfToken) {
592
+ setCsrfToken(response.csrfToken);
593
+ }
562
594
  }
563
595
  return {
564
596
  data: response,
@@ -592,6 +624,9 @@ var Auth = class {
592
624
  this.tokenManager.saveSession(session);
593
625
  setAuthCookie();
594
626
  this.http.setAuthToken(response.accessToken);
627
+ if (response.csrfToken) {
628
+ setCsrfToken(response.csrfToken);
629
+ }
595
630
  }
596
631
  return {
597
632
  data: response,
@@ -657,6 +692,7 @@ var Auth = class {
657
692
  this.tokenManager.clearSession();
658
693
  this.http.setAuthToken(null);
659
694
  clearAuthCookie();
695
+ clearCsrfToken();
660
696
  return { error: null };
661
697
  } catch (error) {
662
698
  return {
@@ -986,6 +1022,9 @@ var Auth = class {
986
1022
  this.tokenManager.saveSession(session);
987
1023
  this.http.setAuthToken(response.accessToken);
988
1024
  setAuthCookie();
1025
+ if (response.csrfToken) {
1026
+ setCsrfToken(response.csrfToken);
1027
+ }
989
1028
  }
990
1029
  return {
991
1030
  data: response,