@neetru/sdk 3.1.10 → 3.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/dist/ai.cjs.map +1 -1
- package/dist/ai.d.cts +1 -1
- package/dist/ai.d.ts +1 -1
- package/dist/ai.mjs.map +1 -1
- package/dist/auth.cjs +154 -65
- package/dist/auth.cjs.map +1 -1
- package/dist/auth.d.cts +1 -1
- package/dist/auth.d.ts +1 -1
- package/dist/auth.mjs +154 -65
- package/dist/auth.mjs.map +1 -1
- package/dist/catalog.cjs.map +1 -1
- package/dist/catalog.d.cts +1 -1
- package/dist/catalog.d.ts +1 -1
- package/dist/catalog.mjs.map +1 -1
- package/dist/checkout.cjs.map +1 -1
- package/dist/checkout.d.cts +1 -1
- package/dist/checkout.d.ts +1 -1
- package/dist/checkout.mjs.map +1 -1
- package/dist/db-react.d.cts +1 -1
- package/dist/db-react.d.ts +1 -1
- package/dist/db.cjs.map +1 -1
- package/dist/db.d.cts +1 -1
- package/dist/db.d.ts +1 -1
- package/dist/db.mjs.map +1 -1
- package/dist/entitlements.cjs.map +1 -1
- package/dist/entitlements.d.cts +1 -1
- package/dist/entitlements.d.ts +1 -1
- package/dist/entitlements.mjs.map +1 -1
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.cts +12 -0
- package/dist/errors.d.ts +12 -0
- package/dist/errors.mjs.map +1 -1
- package/dist/firestore-compat.d.cts +1 -1
- package/dist/firestore-compat.d.ts +1 -1
- package/dist/index.cjs +155 -66
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.mjs +155 -66
- package/dist/index.mjs.map +1 -1
- package/dist/mocks.cjs +9 -0
- package/dist/mocks.cjs.map +1 -1
- package/dist/mocks.d.cts +8 -1
- package/dist/mocks.d.ts +8 -1
- package/dist/mocks.mjs +9 -0
- package/dist/mocks.mjs.map +1 -1
- package/dist/notifications.cjs.map +1 -1
- package/dist/notifications.d.cts +1 -1
- package/dist/notifications.d.ts +1 -1
- package/dist/notifications.mjs.map +1 -1
- package/dist/react.d.cts +1 -1
- package/dist/react.d.ts +1 -1
- package/dist/support.cjs.map +1 -1
- package/dist/support.d.cts +1 -1
- package/dist/support.d.ts +1 -1
- package/dist/support.mjs.map +1 -1
- package/dist/telemetry.cjs.map +1 -1
- package/dist/telemetry.d.cts +1 -1
- package/dist/telemetry.d.ts +1 -1
- package/dist/telemetry.mjs.map +1 -1
- package/dist/{types-dagUxKYz.d.ts → types-BtQv-s0m.d.ts} +40 -3
- package/dist/{types-Cog9S-tC.d.cts → types-DJAGWjf0.d.cts} +40 -3
- package/dist/usage.cjs.map +1 -1
- package/dist/usage.d.cts +1 -1
- package/dist/usage.d.ts +1 -1
- package/dist/usage.mjs.map +1 -1
- package/dist/webhooks.cjs.map +1 -1
- package/dist/webhooks.d.cts +1 -1
- package/dist/webhooks.d.ts +1 -1
- package/dist/webhooks.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -5933,6 +5933,15 @@ var MockAuth = class {
|
|
|
5933
5933
|
async handleRedirectCallback(_currentUrl) {
|
|
5934
5934
|
return this._pendingCallback;
|
|
5935
5935
|
}
|
|
5936
|
+
/**
|
|
5937
|
+
* Mock de `completeSignIn` (3.1.12) — em dev não há redirect real pro IdP,
|
|
5938
|
+
* então não existe callback a completar: retorna `null` sempre (mesmo
|
|
5939
|
+
* contrato "no-op seguro em todo page load" da implementação real). O login
|
|
5940
|
+
* mock acontece direto via `signIn()`.
|
|
5941
|
+
*/
|
|
5942
|
+
async completeSignIn(_currentUrl) {
|
|
5943
|
+
return null;
|
|
5944
|
+
}
|
|
5936
5945
|
/**
|
|
5937
5946
|
* Mock de `getIdToken` (Bug 2 / 3.1.3). Retorna `null` por default; use
|
|
5938
5947
|
* `__setIdToken(token)` pra injetar um token cru em testes.
|
|
@@ -6672,22 +6681,155 @@ function createOidcAuthNamespace(config) {
|
|
|
6672
6681
|
loadCachedUser();
|
|
6673
6682
|
}, msUntilExpiry + 1);
|
|
6674
6683
|
}
|
|
6684
|
+
function resolveClientId() {
|
|
6685
|
+
let clientId = config.oidcClientId;
|
|
6686
|
+
if (!clientId && config.apiKey) {
|
|
6687
|
+
clientId = parseApiKey(config.apiKey).keyId;
|
|
6688
|
+
}
|
|
6689
|
+
if (!clientId) {
|
|
6690
|
+
throw new exports.NeetruError(
|
|
6691
|
+
"invalid_config",
|
|
6692
|
+
"auth OIDC requer `oidcClientId` (ou `apiKey`) configurado para montar o client_id."
|
|
6693
|
+
);
|
|
6694
|
+
}
|
|
6695
|
+
return clientId;
|
|
6696
|
+
}
|
|
6697
|
+
async function handleRedirectCallback(currentUrl) {
|
|
6698
|
+
const href = currentUrl ?? (typeof globalThis.location !== "undefined" ? globalThis.location.href : void 0);
|
|
6699
|
+
if (!href) return null;
|
|
6700
|
+
let parsed;
|
|
6701
|
+
try {
|
|
6702
|
+
parsed = new URL(href);
|
|
6703
|
+
} catch {
|
|
6704
|
+
return null;
|
|
6705
|
+
}
|
|
6706
|
+
const params = parsed.searchParams;
|
|
6707
|
+
const idpError = params.get("error");
|
|
6708
|
+
if (idpError) {
|
|
6709
|
+
const desc = params.get("error_description") ?? idpError;
|
|
6710
|
+
getSessionStorage()?.removeItem(OIDC_TX_KEY);
|
|
6711
|
+
cleanCallbackUrl(parsed);
|
|
6712
|
+
throw new exports.NeetruError(idpError, `OIDC authorize falhou: ${desc}`);
|
|
6713
|
+
}
|
|
6714
|
+
const code = params.get("code");
|
|
6715
|
+
if (!code) return null;
|
|
6716
|
+
const returnedState = params.get("state");
|
|
6717
|
+
const session = getSessionStorage();
|
|
6718
|
+
const txRaw = session?.getItem(OIDC_TX_KEY) ?? null;
|
|
6719
|
+
let tx = null;
|
|
6720
|
+
if (txRaw) {
|
|
6721
|
+
try {
|
|
6722
|
+
tx = JSON.parse(txRaw);
|
|
6723
|
+
} catch {
|
|
6724
|
+
tx = null;
|
|
6725
|
+
}
|
|
6726
|
+
}
|
|
6727
|
+
if (!tx) {
|
|
6728
|
+
throw new exports.NeetruError(
|
|
6729
|
+
"oidc_state_mismatch",
|
|
6730
|
+
"Callback OIDC sem transa\xE7\xE3o pendente \u2014 `signIn` n\xE3o foi iniciado nesta sess\xE3o (ou j\xE1 consumido)."
|
|
6731
|
+
);
|
|
6732
|
+
}
|
|
6733
|
+
if (!returnedState || returnedState !== tx.state) {
|
|
6734
|
+
session?.removeItem(OIDC_TX_KEY);
|
|
6735
|
+
cleanCallbackUrl(parsed);
|
|
6736
|
+
throw new exports.NeetruError(
|
|
6737
|
+
"oidc_state_mismatch",
|
|
6738
|
+
"state do callback OIDC n\xE3o confere com o da transa\xE7\xE3o (poss\xEDvel CSRF)."
|
|
6739
|
+
);
|
|
6740
|
+
}
|
|
6741
|
+
session?.removeItem(OIDC_TX_KEY);
|
|
6742
|
+
cleanCallbackUrl(parsed);
|
|
6743
|
+
return {
|
|
6744
|
+
code,
|
|
6745
|
+
codeVerifier: tx.codeVerifier,
|
|
6746
|
+
redirectUri: tx.redirectUri,
|
|
6747
|
+
nonce: tx.nonce,
|
|
6748
|
+
state: tx.state,
|
|
6749
|
+
postLoginRedirect: tx.postLoginRedirect
|
|
6750
|
+
};
|
|
6751
|
+
}
|
|
6752
|
+
async function completeSignIn(currentUrl) {
|
|
6753
|
+
const tx = await handleRedirectCallback(currentUrl);
|
|
6754
|
+
if (!tx) return null;
|
|
6755
|
+
const clientId = resolveClientId();
|
|
6756
|
+
const idpOrigin = resolveIdpOrigin(config.baseUrl);
|
|
6757
|
+
const tokenUrl = `${idpOrigin}/api/v1/oauth/token`;
|
|
6758
|
+
const form = new URLSearchParams({
|
|
6759
|
+
grant_type: "authorization_code",
|
|
6760
|
+
code: tx.code,
|
|
6761
|
+
redirect_uri: tx.redirectUri,
|
|
6762
|
+
client_id: clientId,
|
|
6763
|
+
code_verifier: tx.codeVerifier
|
|
6764
|
+
});
|
|
6765
|
+
let res;
|
|
6766
|
+
try {
|
|
6767
|
+
res = await config.fetch(tokenUrl, {
|
|
6768
|
+
method: "POST",
|
|
6769
|
+
headers: { "content-type": "application/x-www-form-urlencoded" },
|
|
6770
|
+
body: form.toString()
|
|
6771
|
+
});
|
|
6772
|
+
} catch (err) {
|
|
6773
|
+
throw new exports.NeetruError(
|
|
6774
|
+
"network_error",
|
|
6775
|
+
`POST ${tokenUrl} falhou (network): ${err?.message ?? String(err)}`
|
|
6776
|
+
);
|
|
6777
|
+
}
|
|
6778
|
+
let payload = null;
|
|
6779
|
+
try {
|
|
6780
|
+
payload = await res.json();
|
|
6781
|
+
} catch {
|
|
6782
|
+
payload = null;
|
|
6783
|
+
}
|
|
6784
|
+
if (!res.ok || typeof payload?.error === "string") {
|
|
6785
|
+
const desc = typeof payload?.error_description === "string" && payload.error_description || typeof payload?.error === "string" && payload.error || `HTTP ${res.status}`;
|
|
6786
|
+
throw new exports.NeetruError(
|
|
6787
|
+
"token_exchange_failed",
|
|
6788
|
+
`Troca do authorization_code por tokens falhou no /token: ${desc}`,
|
|
6789
|
+
res.status
|
|
6790
|
+
);
|
|
6791
|
+
}
|
|
6792
|
+
const idToken = payload?.id_token;
|
|
6793
|
+
if (typeof idToken !== "string" || idToken.length === 0) {
|
|
6794
|
+
throw new exports.NeetruError(
|
|
6795
|
+
"token_exchange_failed",
|
|
6796
|
+
"Resposta do /token sem `id_token` \u2014 o login n\xE3o pode ser completado.",
|
|
6797
|
+
res.status
|
|
6798
|
+
);
|
|
6799
|
+
}
|
|
6800
|
+
const claims = decodeJwtPayload(idToken);
|
|
6801
|
+
if (!claims) {
|
|
6802
|
+
throw new exports.NeetruError(
|
|
6803
|
+
"token_exchange_failed",
|
|
6804
|
+
"id_token retornado pelo /token \xE9 malformado (payload indecodific\xE1vel)."
|
|
6805
|
+
);
|
|
6806
|
+
}
|
|
6807
|
+
if (claims.nonce !== tx.nonce) {
|
|
6808
|
+
throw new exports.NeetruError(
|
|
6809
|
+
"oidc_nonce_mismatch",
|
|
6810
|
+
"nonce do id_token n\xE3o confere com o da transa\xE7\xE3o OIDC (poss\xEDvel replay). Token descartado."
|
|
6811
|
+
);
|
|
6812
|
+
}
|
|
6813
|
+
const user = tokenToUser(idToken);
|
|
6814
|
+
if (!user) {
|
|
6815
|
+
throw new exports.NeetruError(
|
|
6816
|
+
"token_exchange_failed",
|
|
6817
|
+
"id_token retornado pelo /token n\xE3o tem `sub` ou j\xE1 est\xE1 expirado."
|
|
6818
|
+
);
|
|
6819
|
+
}
|
|
6820
|
+
getStorage()?.setItem(STORAGE_KEY, idToken);
|
|
6821
|
+
cachedUser = user;
|
|
6822
|
+
scheduleExpiryTimer(user);
|
|
6823
|
+
notify();
|
|
6824
|
+
return { user, postLoginRedirect: tx.postLoginRedirect };
|
|
6825
|
+
}
|
|
6675
6826
|
return {
|
|
6676
6827
|
async signIn(options) {
|
|
6677
6828
|
if (typeof globalThis.location !== "undefined" && typeof globalThis.location.assign === "function") {
|
|
6678
6829
|
const crypto2 = getWebCrypto();
|
|
6679
6830
|
const redirectUri = options?.redirectUri ?? globalThis.location.origin;
|
|
6680
6831
|
const scope = options?.scope ?? "openid profile email";
|
|
6681
|
-
|
|
6682
|
-
if (!clientId && config.apiKey) {
|
|
6683
|
-
clientId = parseApiKey(config.apiKey).keyId;
|
|
6684
|
-
}
|
|
6685
|
-
if (!clientId) {
|
|
6686
|
-
throw new exports.NeetruError(
|
|
6687
|
-
"invalid_config",
|
|
6688
|
-
"auth.signIn requer `oidcClientId` (ou `apiKey`) configurado para montar o client_id."
|
|
6689
|
-
);
|
|
6690
|
-
}
|
|
6832
|
+
const clientId = resolveClientId();
|
|
6691
6833
|
const state = randomUrlSafe(crypto2, 16);
|
|
6692
6834
|
const nonce = randomUrlSafe(crypto2, 16);
|
|
6693
6835
|
const codeVerifier = randomUrlSafe(crypto2, 32);
|
|
@@ -6725,61 +6867,8 @@ function createOidcAuthNamespace(config) {
|
|
|
6725
6867
|
"auth.signIn requires a browser context or mocks. Use NEETRU_ENV=dev or pass mocks.auth."
|
|
6726
6868
|
);
|
|
6727
6869
|
},
|
|
6728
|
-
|
|
6729
|
-
|
|
6730
|
-
if (!href) return null;
|
|
6731
|
-
let parsed;
|
|
6732
|
-
try {
|
|
6733
|
-
parsed = new URL(href);
|
|
6734
|
-
} catch {
|
|
6735
|
-
return null;
|
|
6736
|
-
}
|
|
6737
|
-
const params = parsed.searchParams;
|
|
6738
|
-
const idpError = params.get("error");
|
|
6739
|
-
if (idpError) {
|
|
6740
|
-
const desc = params.get("error_description") ?? idpError;
|
|
6741
|
-
getSessionStorage()?.removeItem(OIDC_TX_KEY);
|
|
6742
|
-
cleanCallbackUrl(parsed);
|
|
6743
|
-
throw new exports.NeetruError(idpError, `OIDC authorize falhou: ${desc}`);
|
|
6744
|
-
}
|
|
6745
|
-
const code = params.get("code");
|
|
6746
|
-
if (!code) return null;
|
|
6747
|
-
const returnedState = params.get("state");
|
|
6748
|
-
const session = getSessionStorage();
|
|
6749
|
-
const txRaw = session?.getItem(OIDC_TX_KEY) ?? null;
|
|
6750
|
-
let tx = null;
|
|
6751
|
-
if (txRaw) {
|
|
6752
|
-
try {
|
|
6753
|
-
tx = JSON.parse(txRaw);
|
|
6754
|
-
} catch {
|
|
6755
|
-
tx = null;
|
|
6756
|
-
}
|
|
6757
|
-
}
|
|
6758
|
-
if (!tx) {
|
|
6759
|
-
throw new exports.NeetruError(
|
|
6760
|
-
"oidc_state_mismatch",
|
|
6761
|
-
"Callback OIDC sem transa\xE7\xE3o pendente \u2014 `signIn` n\xE3o foi iniciado nesta sess\xE3o (ou j\xE1 consumido)."
|
|
6762
|
-
);
|
|
6763
|
-
}
|
|
6764
|
-
if (!returnedState || returnedState !== tx.state) {
|
|
6765
|
-
session?.removeItem(OIDC_TX_KEY);
|
|
6766
|
-
cleanCallbackUrl(parsed);
|
|
6767
|
-
throw new exports.NeetruError(
|
|
6768
|
-
"oidc_state_mismatch",
|
|
6769
|
-
"state do callback OIDC n\xE3o confere com o da transa\xE7\xE3o (poss\xEDvel CSRF)."
|
|
6770
|
-
);
|
|
6771
|
-
}
|
|
6772
|
-
session?.removeItem(OIDC_TX_KEY);
|
|
6773
|
-
cleanCallbackUrl(parsed);
|
|
6774
|
-
return {
|
|
6775
|
-
code,
|
|
6776
|
-
codeVerifier: tx.codeVerifier,
|
|
6777
|
-
redirectUri: tx.redirectUri,
|
|
6778
|
-
nonce: tx.nonce,
|
|
6779
|
-
state: tx.state,
|
|
6780
|
-
postLoginRedirect: tx.postLoginRedirect
|
|
6781
|
-
};
|
|
6782
|
-
},
|
|
6870
|
+
handleRedirectCallback,
|
|
6871
|
+
completeSignIn,
|
|
6783
6872
|
getIdToken() {
|
|
6784
6873
|
const storage = getStorage();
|
|
6785
6874
|
const token = storage?.getItem(STORAGE_KEY) ?? null;
|
|
@@ -6936,7 +7025,7 @@ function createNeetruClient(config = {}) {
|
|
|
6936
7025
|
init_errors();
|
|
6937
7026
|
init_db_errors();
|
|
6938
7027
|
init_http();
|
|
6939
|
-
var VERSION = "3.1.
|
|
7028
|
+
var VERSION = "3.1.12";
|
|
6940
7029
|
|
|
6941
7030
|
exports.DEFAULT_BASE_URL = DEFAULT_BASE_URL;
|
|
6942
7031
|
exports.DEV_FIXTURE_USER = DEV_FIXTURE_USER;
|