@neetru/sdk 3.1.11 → 3.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. package/CHANGELOG.md +23 -0
  2. package/dist/ai.cjs.map +1 -1
  3. package/dist/ai.d.cts +1 -1
  4. package/dist/ai.d.ts +1 -1
  5. package/dist/ai.mjs.map +1 -1
  6. package/dist/auth.cjs +154 -65
  7. package/dist/auth.cjs.map +1 -1
  8. package/dist/auth.d.cts +1 -1
  9. package/dist/auth.d.ts +1 -1
  10. package/dist/auth.mjs +154 -65
  11. package/dist/auth.mjs.map +1 -1
  12. package/dist/catalog.cjs.map +1 -1
  13. package/dist/catalog.d.cts +1 -1
  14. package/dist/catalog.d.ts +1 -1
  15. package/dist/catalog.mjs.map +1 -1
  16. package/dist/checkout.cjs.map +1 -1
  17. package/dist/checkout.d.cts +1 -1
  18. package/dist/checkout.d.ts +1 -1
  19. package/dist/checkout.mjs.map +1 -1
  20. package/dist/db-react.d.cts +1 -1
  21. package/dist/db-react.d.ts +1 -1
  22. package/dist/db.cjs.map +1 -1
  23. package/dist/db.d.cts +1 -1
  24. package/dist/db.d.ts +1 -1
  25. package/dist/db.mjs.map +1 -1
  26. package/dist/entitlements.cjs.map +1 -1
  27. package/dist/entitlements.d.cts +1 -1
  28. package/dist/entitlements.d.ts +1 -1
  29. package/dist/entitlements.mjs.map +1 -1
  30. package/dist/errors.cjs.map +1 -1
  31. package/dist/errors.d.cts +12 -0
  32. package/dist/errors.d.ts +12 -0
  33. package/dist/errors.mjs.map +1 -1
  34. package/dist/firestore-compat.d.cts +1 -1
  35. package/dist/firestore-compat.d.ts +1 -1
  36. package/dist/index.cjs +155 -66
  37. package/dist/index.cjs.map +1 -1
  38. package/dist/index.d.cts +2 -2
  39. package/dist/index.d.ts +2 -2
  40. package/dist/index.mjs +155 -66
  41. package/dist/index.mjs.map +1 -1
  42. package/dist/mocks.cjs +9 -0
  43. package/dist/mocks.cjs.map +1 -1
  44. package/dist/mocks.d.cts +8 -1
  45. package/dist/mocks.d.ts +8 -1
  46. package/dist/mocks.mjs +9 -0
  47. package/dist/mocks.mjs.map +1 -1
  48. package/dist/notifications.cjs.map +1 -1
  49. package/dist/notifications.d.cts +1 -1
  50. package/dist/notifications.d.ts +1 -1
  51. package/dist/notifications.mjs.map +1 -1
  52. package/dist/react.d.cts +1 -1
  53. package/dist/react.d.ts +1 -1
  54. package/dist/support.cjs.map +1 -1
  55. package/dist/support.d.cts +1 -1
  56. package/dist/support.d.ts +1 -1
  57. package/dist/support.mjs.map +1 -1
  58. package/dist/telemetry.cjs.map +1 -1
  59. package/dist/telemetry.d.cts +1 -1
  60. package/dist/telemetry.d.ts +1 -1
  61. package/dist/telemetry.mjs.map +1 -1
  62. package/dist/{types-dagUxKYz.d.ts → types-BtQv-s0m.d.ts} +40 -3
  63. package/dist/{types-Cog9S-tC.d.cts → types-DJAGWjf0.d.cts} +40 -3
  64. package/dist/usage.cjs.map +1 -1
  65. package/dist/usage.d.cts +1 -1
  66. package/dist/usage.d.ts +1 -1
  67. package/dist/usage.mjs.map +1 -1
  68. package/dist/webhooks.cjs.map +1 -1
  69. package/dist/webhooks.d.cts +1 -1
  70. package/dist/webhooks.d.ts +1 -1
  71. package/dist/webhooks.mjs.map +1 -1
  72. package/package.json +1 -1
package/dist/auth.d.cts CHANGED
@@ -1,4 +1,4 @@
1
- import { S as NeetruClientConfig, R as NeetruClient } from './types-Cog9S-tC.cjs';
1
+ import { T as NeetruClientConfig, S as NeetruClient } from './types-DJAGWjf0.cjs';
2
2
  import 'drizzle-orm/node-postgres';
3
3
  import './errors.cjs';
4
4
 
package/dist/auth.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { S as NeetruClientConfig, R as NeetruClient } from './types-dagUxKYz.js';
1
+ import { T as NeetruClientConfig, S as NeetruClient } from './types-BtQv-s0m.js';
2
2
  import 'drizzle-orm/node-postgres';
3
3
  import './errors.js';
4
4
 
package/dist/auth.mjs CHANGED
@@ -5833,6 +5833,15 @@ var MockAuth = class {
5833
5833
  async handleRedirectCallback(_currentUrl) {
5834
5834
  return this._pendingCallback;
5835
5835
  }
5836
+ /**
5837
+ * Mock de `completeSignIn` (3.1.12) — em dev não há redirect real pro IdP,
5838
+ * então não existe callback a completar: retorna `null` sempre (mesmo
5839
+ * contrato "no-op seguro em todo page load" da implementação real). O login
5840
+ * mock acontece direto via `signIn()`.
5841
+ */
5842
+ async completeSignIn(_currentUrl) {
5843
+ return null;
5844
+ }
5836
5845
  /**
5837
5846
  * Mock de `getIdToken` (Bug 2 / 3.1.3). Retorna `null` por default; use
5838
5847
  * `__setIdToken(token)` pra injetar um token cru em testes.
@@ -6261,22 +6270,155 @@ function createOidcAuthNamespace(config) {
6261
6270
  loadCachedUser();
6262
6271
  }, msUntilExpiry + 1);
6263
6272
  }
6273
+ function resolveClientId() {
6274
+ let clientId = config.oidcClientId;
6275
+ if (!clientId && config.apiKey) {
6276
+ clientId = parseApiKey(config.apiKey).keyId;
6277
+ }
6278
+ if (!clientId) {
6279
+ throw new NeetruError(
6280
+ "invalid_config",
6281
+ "auth OIDC requer `oidcClientId` (ou `apiKey`) configurado para montar o client_id."
6282
+ );
6283
+ }
6284
+ return clientId;
6285
+ }
6286
+ async function handleRedirectCallback(currentUrl) {
6287
+ const href = currentUrl ?? (typeof globalThis.location !== "undefined" ? globalThis.location.href : void 0);
6288
+ if (!href) return null;
6289
+ let parsed;
6290
+ try {
6291
+ parsed = new URL(href);
6292
+ } catch {
6293
+ return null;
6294
+ }
6295
+ const params = parsed.searchParams;
6296
+ const idpError = params.get("error");
6297
+ if (idpError) {
6298
+ const desc = params.get("error_description") ?? idpError;
6299
+ getSessionStorage()?.removeItem(OIDC_TX_KEY);
6300
+ cleanCallbackUrl(parsed);
6301
+ throw new NeetruError(idpError, `OIDC authorize falhou: ${desc}`);
6302
+ }
6303
+ const code = params.get("code");
6304
+ if (!code) return null;
6305
+ const returnedState = params.get("state");
6306
+ const session = getSessionStorage();
6307
+ const txRaw = session?.getItem(OIDC_TX_KEY) ?? null;
6308
+ let tx = null;
6309
+ if (txRaw) {
6310
+ try {
6311
+ tx = JSON.parse(txRaw);
6312
+ } catch {
6313
+ tx = null;
6314
+ }
6315
+ }
6316
+ if (!tx) {
6317
+ throw new NeetruError(
6318
+ "oidc_state_mismatch",
6319
+ "Callback OIDC sem transa\xE7\xE3o pendente \u2014 `signIn` n\xE3o foi iniciado nesta sess\xE3o (ou j\xE1 consumido)."
6320
+ );
6321
+ }
6322
+ if (!returnedState || returnedState !== tx.state) {
6323
+ session?.removeItem(OIDC_TX_KEY);
6324
+ cleanCallbackUrl(parsed);
6325
+ throw new NeetruError(
6326
+ "oidc_state_mismatch",
6327
+ "state do callback OIDC n\xE3o confere com o da transa\xE7\xE3o (poss\xEDvel CSRF)."
6328
+ );
6329
+ }
6330
+ session?.removeItem(OIDC_TX_KEY);
6331
+ cleanCallbackUrl(parsed);
6332
+ return {
6333
+ code,
6334
+ codeVerifier: tx.codeVerifier,
6335
+ redirectUri: tx.redirectUri,
6336
+ nonce: tx.nonce,
6337
+ state: tx.state,
6338
+ postLoginRedirect: tx.postLoginRedirect
6339
+ };
6340
+ }
6341
+ async function completeSignIn(currentUrl) {
6342
+ const tx = await handleRedirectCallback(currentUrl);
6343
+ if (!tx) return null;
6344
+ const clientId = resolveClientId();
6345
+ const idpOrigin = resolveIdpOrigin(config.baseUrl);
6346
+ const tokenUrl = `${idpOrigin}/api/v1/oauth/token`;
6347
+ const form = new URLSearchParams({
6348
+ grant_type: "authorization_code",
6349
+ code: tx.code,
6350
+ redirect_uri: tx.redirectUri,
6351
+ client_id: clientId,
6352
+ code_verifier: tx.codeVerifier
6353
+ });
6354
+ let res;
6355
+ try {
6356
+ res = await config.fetch(tokenUrl, {
6357
+ method: "POST",
6358
+ headers: { "content-type": "application/x-www-form-urlencoded" },
6359
+ body: form.toString()
6360
+ });
6361
+ } catch (err) {
6362
+ throw new NeetruError(
6363
+ "network_error",
6364
+ `POST ${tokenUrl} falhou (network): ${err?.message ?? String(err)}`
6365
+ );
6366
+ }
6367
+ let payload = null;
6368
+ try {
6369
+ payload = await res.json();
6370
+ } catch {
6371
+ payload = null;
6372
+ }
6373
+ if (!res.ok || typeof payload?.error === "string") {
6374
+ const desc = typeof payload?.error_description === "string" && payload.error_description || typeof payload?.error === "string" && payload.error || `HTTP ${res.status}`;
6375
+ throw new NeetruError(
6376
+ "token_exchange_failed",
6377
+ `Troca do authorization_code por tokens falhou no /token: ${desc}`,
6378
+ res.status
6379
+ );
6380
+ }
6381
+ const idToken = payload?.id_token;
6382
+ if (typeof idToken !== "string" || idToken.length === 0) {
6383
+ throw new NeetruError(
6384
+ "token_exchange_failed",
6385
+ "Resposta do /token sem `id_token` \u2014 o login n\xE3o pode ser completado.",
6386
+ res.status
6387
+ );
6388
+ }
6389
+ const claims = decodeJwtPayload(idToken);
6390
+ if (!claims) {
6391
+ throw new NeetruError(
6392
+ "token_exchange_failed",
6393
+ "id_token retornado pelo /token \xE9 malformado (payload indecodific\xE1vel)."
6394
+ );
6395
+ }
6396
+ if (claims.nonce !== tx.nonce) {
6397
+ throw new NeetruError(
6398
+ "oidc_nonce_mismatch",
6399
+ "nonce do id_token n\xE3o confere com o da transa\xE7\xE3o OIDC (poss\xEDvel replay). Token descartado."
6400
+ );
6401
+ }
6402
+ const user = tokenToUser(idToken);
6403
+ if (!user) {
6404
+ throw new NeetruError(
6405
+ "token_exchange_failed",
6406
+ "id_token retornado pelo /token n\xE3o tem `sub` ou j\xE1 est\xE1 expirado."
6407
+ );
6408
+ }
6409
+ getStorage()?.setItem(STORAGE_KEY, idToken);
6410
+ cachedUser = user;
6411
+ scheduleExpiryTimer(user);
6412
+ notify();
6413
+ return { user, postLoginRedirect: tx.postLoginRedirect };
6414
+ }
6264
6415
  return {
6265
6416
  async signIn(options) {
6266
6417
  if (typeof globalThis.location !== "undefined" && typeof globalThis.location.assign === "function") {
6267
6418
  const crypto2 = getWebCrypto();
6268
6419
  const redirectUri = options?.redirectUri ?? globalThis.location.origin;
6269
6420
  const scope = options?.scope ?? "openid profile email";
6270
- let clientId = config.oidcClientId;
6271
- if (!clientId && config.apiKey) {
6272
- clientId = parseApiKey(config.apiKey).keyId;
6273
- }
6274
- if (!clientId) {
6275
- throw new NeetruError(
6276
- "invalid_config",
6277
- "auth.signIn requer `oidcClientId` (ou `apiKey`) configurado para montar o client_id."
6278
- );
6279
- }
6421
+ const clientId = resolveClientId();
6280
6422
  const state = randomUrlSafe(crypto2, 16);
6281
6423
  const nonce = randomUrlSafe(crypto2, 16);
6282
6424
  const codeVerifier = randomUrlSafe(crypto2, 32);
@@ -6314,61 +6456,8 @@ function createOidcAuthNamespace(config) {
6314
6456
  "auth.signIn requires a browser context or mocks. Use NEETRU_ENV=dev or pass mocks.auth."
6315
6457
  );
6316
6458
  },
6317
- async handleRedirectCallback(currentUrl) {
6318
- const href = currentUrl ?? (typeof globalThis.location !== "undefined" ? globalThis.location.href : void 0);
6319
- if (!href) return null;
6320
- let parsed;
6321
- try {
6322
- parsed = new URL(href);
6323
- } catch {
6324
- return null;
6325
- }
6326
- const params = parsed.searchParams;
6327
- const idpError = params.get("error");
6328
- if (idpError) {
6329
- const desc = params.get("error_description") ?? idpError;
6330
- getSessionStorage()?.removeItem(OIDC_TX_KEY);
6331
- cleanCallbackUrl(parsed);
6332
- throw new NeetruError(idpError, `OIDC authorize falhou: ${desc}`);
6333
- }
6334
- const code = params.get("code");
6335
- if (!code) return null;
6336
- const returnedState = params.get("state");
6337
- const session = getSessionStorage();
6338
- const txRaw = session?.getItem(OIDC_TX_KEY) ?? null;
6339
- let tx = null;
6340
- if (txRaw) {
6341
- try {
6342
- tx = JSON.parse(txRaw);
6343
- } catch {
6344
- tx = null;
6345
- }
6346
- }
6347
- if (!tx) {
6348
- throw new NeetruError(
6349
- "oidc_state_mismatch",
6350
- "Callback OIDC sem transa\xE7\xE3o pendente \u2014 `signIn` n\xE3o foi iniciado nesta sess\xE3o (ou j\xE1 consumido)."
6351
- );
6352
- }
6353
- if (!returnedState || returnedState !== tx.state) {
6354
- session?.removeItem(OIDC_TX_KEY);
6355
- cleanCallbackUrl(parsed);
6356
- throw new NeetruError(
6357
- "oidc_state_mismatch",
6358
- "state do callback OIDC n\xE3o confere com o da transa\xE7\xE3o (poss\xEDvel CSRF)."
6359
- );
6360
- }
6361
- session?.removeItem(OIDC_TX_KEY);
6362
- cleanCallbackUrl(parsed);
6363
- return {
6364
- code,
6365
- codeVerifier: tx.codeVerifier,
6366
- redirectUri: tx.redirectUri,
6367
- nonce: tx.nonce,
6368
- state: tx.state,
6369
- postLoginRedirect: tx.postLoginRedirect
6370
- };
6371
- },
6459
+ handleRedirectCallback,
6460
+ completeSignIn,
6372
6461
  getIdToken() {
6373
6462
  const storage = getStorage();
6374
6463
  const token = storage?.getItem(STORAGE_KEY) ?? null;