@neetru/sdk 3.1.10 → 3.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. package/CHANGELOG.md +23 -0
  2. package/dist/ai.cjs.map +1 -1
  3. package/dist/ai.d.cts +1 -1
  4. package/dist/ai.d.ts +1 -1
  5. package/dist/ai.mjs.map +1 -1
  6. package/dist/auth.cjs +154 -65
  7. package/dist/auth.cjs.map +1 -1
  8. package/dist/auth.d.cts +1 -1
  9. package/dist/auth.d.ts +1 -1
  10. package/dist/auth.mjs +154 -65
  11. package/dist/auth.mjs.map +1 -1
  12. package/dist/catalog.cjs.map +1 -1
  13. package/dist/catalog.d.cts +1 -1
  14. package/dist/catalog.d.ts +1 -1
  15. package/dist/catalog.mjs.map +1 -1
  16. package/dist/checkout.cjs.map +1 -1
  17. package/dist/checkout.d.cts +1 -1
  18. package/dist/checkout.d.ts +1 -1
  19. package/dist/checkout.mjs.map +1 -1
  20. package/dist/db-react.d.cts +1 -1
  21. package/dist/db-react.d.ts +1 -1
  22. package/dist/db.cjs.map +1 -1
  23. package/dist/db.d.cts +1 -1
  24. package/dist/db.d.ts +1 -1
  25. package/dist/db.mjs.map +1 -1
  26. package/dist/entitlements.cjs.map +1 -1
  27. package/dist/entitlements.d.cts +1 -1
  28. package/dist/entitlements.d.ts +1 -1
  29. package/dist/entitlements.mjs.map +1 -1
  30. package/dist/errors.cjs.map +1 -1
  31. package/dist/errors.d.cts +12 -0
  32. package/dist/errors.d.ts +12 -0
  33. package/dist/errors.mjs.map +1 -1
  34. package/dist/firestore-compat.d.cts +1 -1
  35. package/dist/firestore-compat.d.ts +1 -1
  36. package/dist/index.cjs +155 -66
  37. package/dist/index.cjs.map +1 -1
  38. package/dist/index.d.cts +2 -2
  39. package/dist/index.d.ts +2 -2
  40. package/dist/index.mjs +155 -66
  41. package/dist/index.mjs.map +1 -1
  42. package/dist/mocks.cjs +9 -0
  43. package/dist/mocks.cjs.map +1 -1
  44. package/dist/mocks.d.cts +8 -1
  45. package/dist/mocks.d.ts +8 -1
  46. package/dist/mocks.mjs +9 -0
  47. package/dist/mocks.mjs.map +1 -1
  48. package/dist/notifications.cjs.map +1 -1
  49. package/dist/notifications.d.cts +1 -1
  50. package/dist/notifications.d.ts +1 -1
  51. package/dist/notifications.mjs.map +1 -1
  52. package/dist/react.d.cts +1 -1
  53. package/dist/react.d.ts +1 -1
  54. package/dist/support.cjs.map +1 -1
  55. package/dist/support.d.cts +1 -1
  56. package/dist/support.d.ts +1 -1
  57. package/dist/support.mjs.map +1 -1
  58. package/dist/telemetry.cjs.map +1 -1
  59. package/dist/telemetry.d.cts +1 -1
  60. package/dist/telemetry.d.ts +1 -1
  61. package/dist/telemetry.mjs.map +1 -1
  62. package/dist/{types-dagUxKYz.d.ts → types-BtQv-s0m.d.ts} +40 -3
  63. package/dist/{types-Cog9S-tC.d.cts → types-DJAGWjf0.d.cts} +40 -3
  64. package/dist/usage.cjs.map +1 -1
  65. package/dist/usage.d.cts +1 -1
  66. package/dist/usage.d.ts +1 -1
  67. package/dist/usage.mjs.map +1 -1
  68. package/dist/webhooks.cjs.map +1 -1
  69. package/dist/webhooks.d.cts +1 -1
  70. package/dist/webhooks.d.ts +1 -1
  71. package/dist/webhooks.mjs.map +1 -1
  72. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -5933,6 +5933,15 @@ var MockAuth = class {
5933
5933
  async handleRedirectCallback(_currentUrl) {
5934
5934
  return this._pendingCallback;
5935
5935
  }
5936
+ /**
5937
+ * Mock de `completeSignIn` (3.1.12) — em dev não há redirect real pro IdP,
5938
+ * então não existe callback a completar: retorna `null` sempre (mesmo
5939
+ * contrato "no-op seguro em todo page load" da implementação real). O login
5940
+ * mock acontece direto via `signIn()`.
5941
+ */
5942
+ async completeSignIn(_currentUrl) {
5943
+ return null;
5944
+ }
5936
5945
  /**
5937
5946
  * Mock de `getIdToken` (Bug 2 / 3.1.3). Retorna `null` por default; use
5938
5947
  * `__setIdToken(token)` pra injetar um token cru em testes.
@@ -6672,22 +6681,155 @@ function createOidcAuthNamespace(config) {
6672
6681
  loadCachedUser();
6673
6682
  }, msUntilExpiry + 1);
6674
6683
  }
6684
+ function resolveClientId() {
6685
+ let clientId = config.oidcClientId;
6686
+ if (!clientId && config.apiKey) {
6687
+ clientId = parseApiKey(config.apiKey).keyId;
6688
+ }
6689
+ if (!clientId) {
6690
+ throw new exports.NeetruError(
6691
+ "invalid_config",
6692
+ "auth OIDC requer `oidcClientId` (ou `apiKey`) configurado para montar o client_id."
6693
+ );
6694
+ }
6695
+ return clientId;
6696
+ }
6697
+ async function handleRedirectCallback(currentUrl) {
6698
+ const href = currentUrl ?? (typeof globalThis.location !== "undefined" ? globalThis.location.href : void 0);
6699
+ if (!href) return null;
6700
+ let parsed;
6701
+ try {
6702
+ parsed = new URL(href);
6703
+ } catch {
6704
+ return null;
6705
+ }
6706
+ const params = parsed.searchParams;
6707
+ const idpError = params.get("error");
6708
+ if (idpError) {
6709
+ const desc = params.get("error_description") ?? idpError;
6710
+ getSessionStorage()?.removeItem(OIDC_TX_KEY);
6711
+ cleanCallbackUrl(parsed);
6712
+ throw new exports.NeetruError(idpError, `OIDC authorize falhou: ${desc}`);
6713
+ }
6714
+ const code = params.get("code");
6715
+ if (!code) return null;
6716
+ const returnedState = params.get("state");
6717
+ const session = getSessionStorage();
6718
+ const txRaw = session?.getItem(OIDC_TX_KEY) ?? null;
6719
+ let tx = null;
6720
+ if (txRaw) {
6721
+ try {
6722
+ tx = JSON.parse(txRaw);
6723
+ } catch {
6724
+ tx = null;
6725
+ }
6726
+ }
6727
+ if (!tx) {
6728
+ throw new exports.NeetruError(
6729
+ "oidc_state_mismatch",
6730
+ "Callback OIDC sem transa\xE7\xE3o pendente \u2014 `signIn` n\xE3o foi iniciado nesta sess\xE3o (ou j\xE1 consumido)."
6731
+ );
6732
+ }
6733
+ if (!returnedState || returnedState !== tx.state) {
6734
+ session?.removeItem(OIDC_TX_KEY);
6735
+ cleanCallbackUrl(parsed);
6736
+ throw new exports.NeetruError(
6737
+ "oidc_state_mismatch",
6738
+ "state do callback OIDC n\xE3o confere com o da transa\xE7\xE3o (poss\xEDvel CSRF)."
6739
+ );
6740
+ }
6741
+ session?.removeItem(OIDC_TX_KEY);
6742
+ cleanCallbackUrl(parsed);
6743
+ return {
6744
+ code,
6745
+ codeVerifier: tx.codeVerifier,
6746
+ redirectUri: tx.redirectUri,
6747
+ nonce: tx.nonce,
6748
+ state: tx.state,
6749
+ postLoginRedirect: tx.postLoginRedirect
6750
+ };
6751
+ }
6752
+ async function completeSignIn(currentUrl) {
6753
+ const tx = await handleRedirectCallback(currentUrl);
6754
+ if (!tx) return null;
6755
+ const clientId = resolveClientId();
6756
+ const idpOrigin = resolveIdpOrigin(config.baseUrl);
6757
+ const tokenUrl = `${idpOrigin}/api/v1/oauth/token`;
6758
+ const form = new URLSearchParams({
6759
+ grant_type: "authorization_code",
6760
+ code: tx.code,
6761
+ redirect_uri: tx.redirectUri,
6762
+ client_id: clientId,
6763
+ code_verifier: tx.codeVerifier
6764
+ });
6765
+ let res;
6766
+ try {
6767
+ res = await config.fetch(tokenUrl, {
6768
+ method: "POST",
6769
+ headers: { "content-type": "application/x-www-form-urlencoded" },
6770
+ body: form.toString()
6771
+ });
6772
+ } catch (err) {
6773
+ throw new exports.NeetruError(
6774
+ "network_error",
6775
+ `POST ${tokenUrl} falhou (network): ${err?.message ?? String(err)}`
6776
+ );
6777
+ }
6778
+ let payload = null;
6779
+ try {
6780
+ payload = await res.json();
6781
+ } catch {
6782
+ payload = null;
6783
+ }
6784
+ if (!res.ok || typeof payload?.error === "string") {
6785
+ const desc = typeof payload?.error_description === "string" && payload.error_description || typeof payload?.error === "string" && payload.error || `HTTP ${res.status}`;
6786
+ throw new exports.NeetruError(
6787
+ "token_exchange_failed",
6788
+ `Troca do authorization_code por tokens falhou no /token: ${desc}`,
6789
+ res.status
6790
+ );
6791
+ }
6792
+ const idToken = payload?.id_token;
6793
+ if (typeof idToken !== "string" || idToken.length === 0) {
6794
+ throw new exports.NeetruError(
6795
+ "token_exchange_failed",
6796
+ "Resposta do /token sem `id_token` \u2014 o login n\xE3o pode ser completado.",
6797
+ res.status
6798
+ );
6799
+ }
6800
+ const claims = decodeJwtPayload(idToken);
6801
+ if (!claims) {
6802
+ throw new exports.NeetruError(
6803
+ "token_exchange_failed",
6804
+ "id_token retornado pelo /token \xE9 malformado (payload indecodific\xE1vel)."
6805
+ );
6806
+ }
6807
+ if (claims.nonce !== tx.nonce) {
6808
+ throw new exports.NeetruError(
6809
+ "oidc_nonce_mismatch",
6810
+ "nonce do id_token n\xE3o confere com o da transa\xE7\xE3o OIDC (poss\xEDvel replay). Token descartado."
6811
+ );
6812
+ }
6813
+ const user = tokenToUser(idToken);
6814
+ if (!user) {
6815
+ throw new exports.NeetruError(
6816
+ "token_exchange_failed",
6817
+ "id_token retornado pelo /token n\xE3o tem `sub` ou j\xE1 est\xE1 expirado."
6818
+ );
6819
+ }
6820
+ getStorage()?.setItem(STORAGE_KEY, idToken);
6821
+ cachedUser = user;
6822
+ scheduleExpiryTimer(user);
6823
+ notify();
6824
+ return { user, postLoginRedirect: tx.postLoginRedirect };
6825
+ }
6675
6826
  return {
6676
6827
  async signIn(options) {
6677
6828
  if (typeof globalThis.location !== "undefined" && typeof globalThis.location.assign === "function") {
6678
6829
  const crypto2 = getWebCrypto();
6679
6830
  const redirectUri = options?.redirectUri ?? globalThis.location.origin;
6680
6831
  const scope = options?.scope ?? "openid profile email";
6681
- let clientId = config.oidcClientId;
6682
- if (!clientId && config.apiKey) {
6683
- clientId = parseApiKey(config.apiKey).keyId;
6684
- }
6685
- if (!clientId) {
6686
- throw new exports.NeetruError(
6687
- "invalid_config",
6688
- "auth.signIn requer `oidcClientId` (ou `apiKey`) configurado para montar o client_id."
6689
- );
6690
- }
6832
+ const clientId = resolveClientId();
6691
6833
  const state = randomUrlSafe(crypto2, 16);
6692
6834
  const nonce = randomUrlSafe(crypto2, 16);
6693
6835
  const codeVerifier = randomUrlSafe(crypto2, 32);
@@ -6725,61 +6867,8 @@ function createOidcAuthNamespace(config) {
6725
6867
  "auth.signIn requires a browser context or mocks. Use NEETRU_ENV=dev or pass mocks.auth."
6726
6868
  );
6727
6869
  },
6728
- async handleRedirectCallback(currentUrl) {
6729
- const href = currentUrl ?? (typeof globalThis.location !== "undefined" ? globalThis.location.href : void 0);
6730
- if (!href) return null;
6731
- let parsed;
6732
- try {
6733
- parsed = new URL(href);
6734
- } catch {
6735
- return null;
6736
- }
6737
- const params = parsed.searchParams;
6738
- const idpError = params.get("error");
6739
- if (idpError) {
6740
- const desc = params.get("error_description") ?? idpError;
6741
- getSessionStorage()?.removeItem(OIDC_TX_KEY);
6742
- cleanCallbackUrl(parsed);
6743
- throw new exports.NeetruError(idpError, `OIDC authorize falhou: ${desc}`);
6744
- }
6745
- const code = params.get("code");
6746
- if (!code) return null;
6747
- const returnedState = params.get("state");
6748
- const session = getSessionStorage();
6749
- const txRaw = session?.getItem(OIDC_TX_KEY) ?? null;
6750
- let tx = null;
6751
- if (txRaw) {
6752
- try {
6753
- tx = JSON.parse(txRaw);
6754
- } catch {
6755
- tx = null;
6756
- }
6757
- }
6758
- if (!tx) {
6759
- throw new exports.NeetruError(
6760
- "oidc_state_mismatch",
6761
- "Callback OIDC sem transa\xE7\xE3o pendente \u2014 `signIn` n\xE3o foi iniciado nesta sess\xE3o (ou j\xE1 consumido)."
6762
- );
6763
- }
6764
- if (!returnedState || returnedState !== tx.state) {
6765
- session?.removeItem(OIDC_TX_KEY);
6766
- cleanCallbackUrl(parsed);
6767
- throw new exports.NeetruError(
6768
- "oidc_state_mismatch",
6769
- "state do callback OIDC n\xE3o confere com o da transa\xE7\xE3o (poss\xEDvel CSRF)."
6770
- );
6771
- }
6772
- session?.removeItem(OIDC_TX_KEY);
6773
- cleanCallbackUrl(parsed);
6774
- return {
6775
- code,
6776
- codeVerifier: tx.codeVerifier,
6777
- redirectUri: tx.redirectUri,
6778
- nonce: tx.nonce,
6779
- state: tx.state,
6780
- postLoginRedirect: tx.postLoginRedirect
6781
- };
6782
- },
6870
+ handleRedirectCallback,
6871
+ completeSignIn,
6783
6872
  getIdToken() {
6784
6873
  const storage = getStorage();
6785
6874
  const token = storage?.getItem(STORAGE_KEY) ?? null;
@@ -6936,7 +7025,7 @@ function createNeetruClient(config = {}) {
6936
7025
  init_errors();
6937
7026
  init_db_errors();
6938
7027
  init_http();
6939
- var VERSION = "3.1.10";
7028
+ var VERSION = "3.1.12";
6940
7029
 
6941
7030
  exports.DEFAULT_BASE_URL = DEFAULT_BASE_URL;
6942
7031
  exports.DEV_FIXTURE_USER = DEV_FIXTURE_USER;