@mints-cloud/cxf-codegen 1.0.3 → 1.0.5

package/dist/lib/cxf-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cxf-auth.d.ts","sourceRoot":"","sources":["../../src/lib/cxf-auth.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,gBAAgB;;;CAGnB,CAAC;AAEX,eAAO,MAAM,gBAAgB;;;;;CAKnB,CAAC;AAEX,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAiBD,wBAAgB,oBAAoB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAS5E;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,SAAS,EACjB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,EACtB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWxB;AAED,MAAM,WAAW,2BAA2B;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;CACtB,CAAC,CA0DD;AAMD,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAAE,CAUpE;AAED,wBAAgB,0BAA0B,CACxC,gBAAgB,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,SAAS,GAC5C,SAAS,CAmBX;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,MAAM,CAS3D;AAED,wBAAgB,aAAa,IAAI,MAAM,CAMtC;AAED,wBAAgB,YAAY,CAAC,IAAI,GAAE,QAAQ,GAAG,KAAK,GAAG,MAAiB,GAAG,MAAM,GAAG,IAAI,CAYtF;AAMD,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;IACP,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACf,GACL,MAAM,CAaR;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAuB1D;AAED,wBAAgB,gBAAgB,IAAI,IAAI,CAQvC"}
+{"version":3,"file":"cxf-auth.d.ts","sourceRoot":"","sources":["../../src/lib/cxf-auth.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,gBAAgB;;;CAGnB,CAAC;AAEX,eAAO,MAAM,gBAAgB;;;;;CAKnB,CAAC;AAEX,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACpC;AAiBD,wBAAgB,oBAAoB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,CAS5E;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,SAAS,EACjB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,EACtB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,GACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWxB;AAED,MAAM,WAAW,2BAA2B;IAC1C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACxC,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAClD,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC;IACT,QAAQ,EAAE,QAAQ,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;CACtB,CAAC,CAgED;AAMD,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,EAAE,CAUpE;AAED,wBAAgB,0BAA0B,CACxC,gBAAgB,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,SAAS,GAC5C,SAAS,CAuBX;AAED,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,MAAM,CAS3D;AAED,wBAAgB,aAAa,IAAI,MAAM,CAMtC;AAED,wBAAgB,YAAY,CAAC,IAAI,GAAE,QAAQ,GAAG,KAAK,GAAG,MAAiB,GAAG,MAAM,GAAG,IAAI,CAYtF;AAMD,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;IACP,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;CACf,GACL,MAAM,CAaR;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAuB1D;AAED,wBAAgB,gBAAgB,IAAI,IAAI,CAQvC"}

package/dist/lib/cxf-auth.js

@@ -59,10 +59,16 @@ function buildAuthHeaders(tokens, apiKey, userToken) {
     return headers;
 }
 async function makeAuthenticatedRequest(url, options = {}) {
-    const { method = "GET", body, rawBody, contentType, tokens: providedTokens, apiKey, userToken, cookieHeader, retryOnAuthError = true, } = options;
+    const { method = "GET", body, rawBody, contentType, extraHeaders, tokens: providedTokens, apiKey, userToken, cookieHeader, retryOnAuthError = true, } = options;
     const tokens = providedTokens || getTokensFromCookies(cookieHeader);
     const buildRequestOptions = (reqTokens, cookieStr) => {
         const headers = buildAuthHeaders(reqTokens, apiKey, userToken);
+        if (extraHeaders) {
+            for (const [key, value] of Object.entries(extraHeaders)) {
+                if (value)
+                    headers[key] = value;
+            }
+        }
         if (cookieStr) {
             headers.Cookie = cookieStr;
         }
@@ -120,11 +126,15 @@ function extractTokensFromSetCookie(setCookieHeaders) {
             continue;
         const name = match[1].trim();
         const value = match[2].trim();
+        const maxAgeMatch = header.match(/Max-Age=(\d+)/i);
+        const maxAge = maxAgeMatch ? parseInt(maxAgeMatch[1], 10) : null;
         if (name === exports.CXF_COOKIE_NAMES.ACCESS_TOKEN) {
             tokens.accessToken = value;
+            tokens.accessTokenMaxAge = maxAge;
         }
         else if (name === exports.CXF_COOKIE_NAMES.REFRESH_TOKEN) {
             tokens.refreshToken = value;
+            tokens.refreshTokenMaxAge = maxAge;
         }
     }
     return tokens;

package/dist/lib/seo-utils.d.ts

@@ -0,0 +1,22 @@
+export type MaybeString = string | null | undefined;
+export type MaybeStringList = string[] | string | null | undefined;
+type ParseJsonFn = (value: string) => unknown;
+interface ParseOptions {
+    parseJson?: ParseJsonFn;
+}
+export declare function cleanString(value: unknown): string | undefined;
+export declare function pickFirstString(...values: unknown[]): string | undefined;
+export declare function parseObject<T extends object>(value: T | string | null | undefined, options?: ParseOptions): T | undefined;
+export declare function parseObjectArray<T extends object>(value: T[] | string | null | undefined, options?: ParseOptions): T[];
+export declare function parseStringList(value: unknown): string[];
+export declare function toOriginUrl(url: MaybeString): string | undefined;
+export declare function resolveUrlBase(...candidates: MaybeString[]): string | undefined;
+export declare function getCurrentOrigin(): string | undefined;
+export declare function buildOrganizationId(baseUrl: MaybeString): string | undefined;
+export declare function toAbsoluteUrl(pathOrUrl: MaybeString, baseUrl: MaybeString): string | undefined;
+export declare function safeJsonForInlineScript(value: unknown): string;
+export declare function toDomId(value: string): string;
+export declare function removeDuplicateJsonLdScripts(scriptId: string, scriptKey: string, json: string): void;
+export declare function tryParseLooseJson(value: string): unknown;
+export {};
+//# sourceMappingURL=seo-utils.d.ts.map

package/dist/lib/seo-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seo-utils.d.ts","sourceRoot":"","sources":["../../src/lib/seo-utils.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;AACpD,MAAM,MAAM,eAAe,GAAG,MAAM,EAAE,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;AAEnE,KAAK,WAAW,GAAG,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;AAE9C,UAAU,YAAY;IACpB,SAAS,CAAC,EAAE,WAAW,CAAC;CACzB;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAI9D;AAED,wBAAgB,eAAe,CAAC,GAAG,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,GAAG,SAAS,CAMxE;AAED,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAC1C,KAAK,EAAE,CAAC,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,EACpC,OAAO,CAAC,EAAE,YAAY,GACrB,CAAC,GAAG,SAAS,CAuBf;AAED,wBAAgB,gBAAgB,CAAC,CAAC,SAAS,MAAM,EAC/C,KAAK,EAAE,CAAC,EAAE,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,EACtC,OAAO,CAAC,EAAE,YAAY,GACrB,CAAC,EAAE,CAkBL;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,EAAE,CAyBxD;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,WAAW,GAAG,MAAM,GAAG,SAAS,CAUhE;AAED,wBAAgB,cAAc,CAAC,GAAG,UAAU,EAAE,WAAW,EAAE,GAAG,MAAM,GAAG,SAAS,CAM/E;AAED,wBAAgB,gBAAgB,IAAI,MAAM,GAAG,SAAS,CAGrD;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,GAAG,SAAS,CAI5E;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW,GAAG,MAAM,GAAG,SAAS,CAiB9F;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAE9D;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE7C;AAED,wBAAgB,4BAA4B,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,QAoB7F;AA0DD,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAUxD"}

package/dist/lib/seo-utils.js

@@ -0,0 +1,228 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cleanString = cleanString;
+exports.pickFirstString = pickFirstString;
+exports.parseObject = parseObject;
+exports.parseObjectArray = parseObjectArray;
+exports.parseStringList = parseStringList;
+exports.toOriginUrl = toOriginUrl;
+exports.resolveUrlBase = resolveUrlBase;
+exports.getCurrentOrigin = getCurrentOrigin;
+exports.buildOrganizationId = buildOrganizationId;
+exports.toAbsoluteUrl = toAbsoluteUrl;
+exports.safeJsonForInlineScript = safeJsonForInlineScript;
+exports.toDomId = toDomId;
+exports.removeDuplicateJsonLdScripts = removeDuplicateJsonLdScripts;
+exports.tryParseLooseJson = tryParseLooseJson;
+function cleanString(value) {
+    if (typeof value !== "string")
+        return undefined;
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+}
+function pickFirstString(...values) {
+    for (const value of values) {
+        const cleaned = cleanString(value);
+        if (cleaned)
+            return cleaned;
+    }
+    return undefined;
+}
+function parseObject(value, options) {
+    if (value == null)
+        return undefined;
+    if (typeof value === "object" && !Array.isArray(value)) {
+        return value;
+    }
+    if (typeof value !== "string")
+        return undefined;
+    const maybeJson = value.trim();
+    if (!maybeJson)
+        return undefined;
+    const parseJson = options?.parseJson ?? JSON.parse;
+    try {
+        const parsed = parseJson(maybeJson);
+        if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+            return parsed;
+        }
+    }
+    catch {
+        return undefined;
+    }
+    return undefined;
+}
+function parseObjectArray(value, options) {
+    if (Array.isArray(value))
+        return value;
+    if (typeof value !== "string")
+        return [];
+    const maybeJson = value.trim();
+    if (!maybeJson)
+        return [];
+    const parseJson = options?.parseJson ?? JSON.parse;
+    try {
+        const parsed = parseJson(maybeJson);
+        if (Array.isArray(parsed)) {
+            return parsed.filter((item) => item && typeof item === "object");
+        }
+    }
+    catch {
+        return [];
+    }
+    return [];
+}
+function parseStringList(value) {
+    if (Array.isArray(value)) {
+        return value
+            .map((item) => cleanString(item))
+            .filter((item) => Boolean(item));
+    }
+    const raw = cleanString(value);
+    if (!raw)
+        return [];
+    try {
+        const parsed = JSON.parse(raw);
+        if (Array.isArray(parsed)) {
+            return parsed
+                .map((item) => cleanString(item))
+                .filter((item) => Boolean(item));
+        }
+    }
+    catch {
+        // Fall back to comma-separated values.
+    }
+    return raw
+        .split(",")
+        .map((item) => item.trim())
+        .filter(Boolean);
+}
+function toOriginUrl(url) {
+    const cleaned = cleanString(url);
+    if (!cleaned)
+        return undefined;
+    const withProtocol = cleaned.startsWith("//") ? `https:${cleaned}` : cleaned;
+    try {
+        return new URL(withProtocol).origin;
+    }
+    catch {
+        return undefined;
+    }
+}
+function resolveUrlBase(...candidates) {
+    for (const candidate of candidates) {
+        const origin = toOriginUrl(candidate);
+        if (origin)
+            return origin;
+    }
+    return undefined;
+}
+function getCurrentOrigin() {
+    if (typeof window === "undefined")
+        return undefined;
+    return toOriginUrl(window.location.origin);
+}
+function buildOrganizationId(baseUrl) {
+    const origin = toOriginUrl(baseUrl);
+    if (!origin)
+        return undefined;
+    return `${origin}/#organization`;
+}
+function toAbsoluteUrl(pathOrUrl, baseUrl) {
+    const value = cleanString(pathOrUrl);
+    if (!value)
+        return undefined;
+    if (/^https?:\/\//i.test(value))
+        return value;
+    if (value.startsWith("//"))
+        return `https:${value}`;
+    const normalizedBase = resolveUrlBase(baseUrl);
+    const relativePath = value.startsWith("/") ? value : `/${value}`;
+    if (!normalizedBase)
+        return relativePath;
+    try {
+        return new URL(relativePath, `${normalizedBase}/`).href;
+    }
+    catch {
+        return relativePath;
+    }
+}
+function safeJsonForInlineScript(value) {
+    return JSON.stringify(value).replace(/</g, "\\u003c");
+}
+function toDomId(value) {
+    return value.replace(/[^a-zA-Z0-9\-_:.]/g, "-");
+}
+function removeDuplicateJsonLdScripts(scriptId, scriptKey, json) {
+    if (typeof document === "undefined")
+        return;
+    const canonical = document.getElementById(scriptId);
+    const allJsonLdScripts = Array.from(document.querySelectorAll("script[type='application/ld+json']"));
+    allJsonLdScripts.forEach((script) => {
+        if (script === canonical)
+            return;
+        const sameId = script.id === scriptId;
+        const sameKey = script.getAttribute("data-jsonld-key") === scriptKey;
+        const samePayloadOutsideHead = script.parentElement !== document.head && (script.textContent ?? "") === json;
+        if (sameId || sameKey || samePayloadOutsideHead) {
+            script.remove();
+        }
+    });
+}
+function isEscaped(input, index) {
+    let slashCount = 0;
+    for (let i = index - 1; i >= 0 && input[i] === "\\"; i -= 1) {
+        slashCount += 1;
+    }
+    return slashCount % 2 === 1;
+}
+function repairJsonInnerQuotes(input) {
+    let repaired = "";
+    let inString = false;
+    for (let i = 0; i < input.length; i += 1) {
+        const ch = input[i];
+        if (ch !== "\"") {
+            repaired += ch;
+            continue;
+        }
+        if (isEscaped(input, i)) {
+            repaired += ch;
+            continue;
+        }
+        if (!inString) {
+            inString = true;
+            repaired += ch;
+            continue;
+        }
+        let nextNonSpace = i + 1;
+        while (nextNonSpace < input.length && /\s/.test(input[nextNonSpace])) {
+            nextNonSpace += 1;
+        }
+        const next = input[nextNonSpace];
+        const closesString = nextNonSpace >= input.length ||
+            next === "," ||
+            next === "}" ||
+            next === "]" ||
+            next === ":";
+        if (closesString) {
+            inString = false;
+            repaired += ch;
+        }
+        else {
+            // Heuristic: treat inner raw quotes (commonly from HTML attributes) as escaped.
+            repaired += "\\\"";
+        }
+    }
+    return repaired;
+}
+function tryParseLooseJson(value) {
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        const repaired = repairJsonInnerQuotes(value);
+        if (repaired !== value) {
+            return JSON.parse(repaired);
+        }
+        throw new Error("Invalid JSON");
+    }
+}

package/dist/pages/api/assets.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"assets.d.ts","sourceRoot":"","sources":["../../../src/pages/api/assets.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAI5D,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,eAAe,iBA0B/E;AAED,eAAe,gBAAgB,CAAC"}
+{"version":3,"file":"assets.d.ts","sourceRoot":"","sources":["../../../src/pages/api/assets.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAoB5D,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,eAAe,iBAwC/E;AAED,eAAe,gBAAgB,CAAC"}

package/dist/pages/api/assets.js

@@ -3,6 +3,21 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.assetsApiHandler = assetsApiHandler;
 const cxf_auth_1 = require("../../lib/cxf-auth");
 const api_route_helpers_1 = require("../../lib/api-route-helpers");
+const assets_query_params_1 = require("../../lib/assets-query-params");
+const CONDITIONAL_REQUEST_HEADERS = ["if-none-match", "if-modified-since"];
+const CACHE_RESPONSE_HEADERS = ["cache-control", "etag", "last-modified", "expires", "vary"];
+function getHeaderValue(header) {
+    if (Array.isArray(header))
+        return header.join(", ");
+    return header;
+}
+function forwardResponseHeaders(res, response) {
+    for (const headerName of CACHE_RESPONSE_HEADERS) {
+        const value = response.headers.get(headerName);
+        if (value)
+            res.setHeader(headerName, value);
+    }
+}
 async function assetsApiHandler(req, res) {
     if (req.method !== "GET") {
         res.setHeader("Allow", "GET");
@@ -11,15 +26,26 @@ async function assetsApiHandler(req, res) {
     try {
         const baseUrl = (0, cxf_auth_1.getCxfBaseUrl)();
         const normalizedPath = (0, api_route_helpers_1.normalizePath)(req.query.path);
-        const targetUrl = `${baseUrl}/assets/${normalizedPath}${(0, api_route_helpers_1.buildQueryString)(req.query)}`;
+        const paramsFromCookie = (0, assets_query_params_1.extractAssetQueryParamsFromCookie)(req.headers.cookie || null);
+        const mergedQuery = {
+            ...paramsFromCookie,
+            ...req.query,
+        };
+        const targetUrl = `${baseUrl}/assets/${normalizedPath}${(0, api_route_helpers_1.buildQueryString)(mergedQuery)}`;
+        const extraHeaders = CONDITIONAL_REQUEST_HEADERS.reduce((acc, headerName) => {
+            acc[headerName] = getHeaderValue(req.headers[headerName]);
+            return acc;
+        }, {});
         const { response, newTokens } = await (0, cxf_auth_1.makeAuthenticatedRequest)(targetUrl, {
             method: "GET",
             cookieHeader: req.headers.cookie || null,
             retryOnAuthError: false,
+            extraHeaders,
         });
         const setCookieHeaders = (0, cxf_auth_1.extractSetCookieHeaders)(response);
         const tokens = (0, cxf_auth_1.extractTokensFromSetCookie)(setCookieHeaders);
         const finalTokens = tokens.accessToken || tokens.refreshToken ? tokens : newTokens;
+        forwardResponseHeaders(res, response);
         (0, api_route_helpers_1.setAuthCookies)(res, finalTokens);
         return (0, api_route_helpers_1.sendResponse)(res, response);
     }

package/dist/pages/app.d.ts

@@ -1,9 +1,11 @@
 import type { AppProps } from "next/app";
 import * as React from "react";
+import { type AssetQueryParams } from "../lib/assets-query-params";
 type CxfAppProps = AppProps & {
     tokenClass?: string;
     appRootId?: string;
+    assetsQueryParams?: AssetQueryParams;
 };
-export declare function CxfApp({ Component, pageProps, tokenClass, appRootId }: CxfAppProps): string | number | bigint | boolean | Iterable<React.ReactNode> | Promise<React.AwaitedReactNode> | import("react/jsx-runtime").JSX.Element | null | undefined;
+export declare function CxfApp({ Component, pageProps, tokenClass, appRootId, assetsQueryParams, }: CxfAppProps): string | number | bigint | boolean | Iterable<React.ReactNode> | Promise<React.AwaitedReactNode> | import("react/jsx-runtime").JSX.Element | null | undefined;
 export default CxfApp;
 //# sourceMappingURL=app.d.ts.map

package/dist/pages/app.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../src/pages/app.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAGzC,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAG/B,KAAK,WAAW,GAAG,QAAQ,GAAG;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAYF,wBAAgB,MAAM,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,SAAyB,EAAE,EAAE,WAAW,iKAkLlG;AAED,eAAe,MAAM,CAAC"}
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../src/pages/app.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAGzC,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,EAAE,KAAK,gBAAgB,EAA2B,MAAM,4BAA4B,CAAC;AAE5F,KAAK,WAAW,GAAG,QAAQ,GAAG;IAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,gBAAgB,CAAC;CACtC,CAAC;AAYF,wBAAgB,MAAM,CAAC,EACrB,SAAS,EACT,SAAS,EACT,UAAU,EACV,SAAyB,EACzB,iBAAiB,GAClB,EAAE,WAAW,iKAoLb;AAED,eAAe,MAAM,CAAC"}

package/dist/pages/app.js

@@ -43,15 +43,17 @@ const query_1 = require("@plasmicapp/react-web/lib/query");
 const head_1 = __importDefault(require("next/head"));
 const link_1 = __importDefault(require("next/link"));
 const React = __importStar(require("react"));
+const assets_query_params_1 = require("../lib/assets-query-params");
 function isNonEmptyObject(value) {
     return !!value && typeof value === "object" && !Array.isArray(value) && Object.keys(value).length > 0;
 }
-function CxfApp({ Component, pageProps, tokenClass, appRootId = "plasmic-app" }) {
+function CxfApp({ Component, pageProps, tokenClass, appRootId = "plasmic-app", assetsQueryParams, }) {
     const storeRef = React.useRef({
         endpointData: {},
         queryCache: {},
         meta: {},
     });
+    (0, assets_query_params_1.useSyncAssetQueryParams)(assetsQueryParams);
     // Merge page props from hard loads / direct SSR navigation.
     const incoming = pageProps;
     if (isNonEmptyObject(incoming.endpointData)) {

package/dist/pages/plasmic-host.d.ts

@@ -1,3 +1,4 @@
+import type { GetServerSideProps } from 'next';
 export interface PlasmicHostProps {
     /**
      * The Plasmic token class to apply to document elements.
@@ -12,6 +13,20 @@ export interface PlasmicHostProps {
      */
     appRootId?: string;
 }
-export declare function PlasmicHost({ tokenClass, appRootId }: PlasmicHostProps): import("react/jsx-runtime").JSX.Element;
+export declare const PLASMIC_HOST_ENABLED_ENV_VAR = "NEXT_PUBLIC_ENABLE_PLASMIC_HOST";
+/**
+ * Determines if the Plasmic host page should be exposed.
+ *
+ * - Defaults to enabled in non-production
+ * - Defaults to disabled in production
+ * - Can be explicitly overridden with NEXT_PUBLIC_ENABLE_PLASMIC_HOST
+ */
+export declare function isPlasmicHostEnabled(): boolean;
+/**
+ * Optional helper for Next.js pages router:
+ * `export { getPlasmicHostServerSideProps as getServerSideProps } from '@mints-cloud/cxf-codegen/pages/plasmic-host';`
+ */
+export declare const getPlasmicHostServerSideProps: GetServerSideProps;
+export declare function PlasmicHost({ tokenClass, appRootId }: PlasmicHostProps): import("react/jsx-runtime").JSX.Element | null;
 export default PlasmicHost;
 //# sourceMappingURL=plasmic-host.d.ts.map

package/dist/pages/plasmic-host.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"plasmic-host.d.ts","sourceRoot":"","sources":["../../src/pages/plasmic-host.tsx"],"names":[],"mappings":"AAUA,MAAM,WAAW,gBAAgB;IAC/B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,wBAAgB,WAAW,CAAC,EAAE,UAAU,EAAE,SAAyB,EAAE,EAAE,gBAAgB,2CA2BtF;AAED,eAAe,WAAW,CAAC"}
+{"version":3,"file":"plasmic-host.d.ts","sourceRoot":"","sources":["../../src/pages/plasmic-host.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,MAAM,CAAC;AAS/C,MAAM,WAAW,gBAAgB;IAC/B;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,eAAO,MAAM,4BAA4B,oCAAoC,CAAC;AAqB9E;;;;;;GAMG;AACH,wBAAgB,oBAAoB,IAAI,OAAO,CAI9C;AAED;;;GAGG;AACH,eAAO,MAAM,6BAA6B,EAAE,kBAG3C,CAAC;AAEF,wBAAgB,WAAW,CAAC,EAAE,UAAU,EAAE,SAAyB,EAAE,EAAE,gBAAgB,kDA6BtF;AAED,eAAe,WAAW,CAAC"}

package/dist/pages/plasmic-host.js

@@ -33,11 +33,57 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPlasmicHostServerSideProps = exports.PLASMIC_HOST_ENABLED_ENV_VAR = void 0;
+exports.isPlasmicHostEnabled = isPlasmicHostEnabled;
 exports.PlasmicHost = PlasmicHost;
 const jsx_runtime_1 = require("react/jsx-runtime");
 const React = __importStar(require("react"));
 const host_1 = require("@plasmicapp/host");
+exports.PLASMIC_HOST_ENABLED_ENV_VAR = 'NEXT_PUBLIC_ENABLE_PLASMIC_HOST';
+function parseOptionalBoolean(value) {
+    if (!value)
+        return undefined;
+    switch (value.trim().toLowerCase()) {
+        case '1':
+        case 'true':
+        case 'yes':
+        case 'on':
+            return true;
+        case '0':
+        case 'false':
+        case 'no':
+        case 'off':
+            return false;
+        default:
+            return undefined;
+    }
+}
+/**
+ * Determines if the Plasmic host page should be exposed.
+ *
+ * - Defaults to enabled in non-production
+ * - Defaults to disabled in production
+ * - Can be explicitly overridden with NEXT_PUBLIC_ENABLE_PLASMIC_HOST
+ */
+function isPlasmicHostEnabled() {
+    const envValue = parseOptionalBoolean(process.env[exports.PLASMIC_HOST_ENABLED_ENV_VAR]);
+    if (envValue != null)
+        return envValue;
+    return process.env.NODE_ENV !== 'production';
+}
+/**
+ * Optional helper for Next.js pages router:
+ * `export { getPlasmicHostServerSideProps as getServerSideProps } from '@mints-cloud/cxf-codegen/pages/plasmic-host';`
+ */
+const getPlasmicHostServerSideProps = async () => {
+    if (!isPlasmicHostEnabled())
+        return { notFound: true };
+    return { props: {} };
+};
+exports.getPlasmicHostServerSideProps = getPlasmicHostServerSideProps;
 function PlasmicHost({ tokenClass, appRootId = 'plasmic-app' }) {
+    if (!isPlasmicHostEnabled())
+        return null;
     React.useEffect(() => {
         if (!tokenClass)
             return;

package/dist/register.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../src/register.ts"],"names":[],"mappings":"AAGA,wBAAgB,sBAAsB,SA4GrC"}
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../src/register.ts"],"names":[],"mappings":"AAKA,wBAAgB,sBAAsB,SA6RrC"}