@neetru/sdk 3.1.11 → 3.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/dist/ai.cjs.map +1 -1
- package/dist/ai.d.cts +1 -1
- package/dist/ai.d.ts +1 -1
- package/dist/ai.mjs.map +1 -1
- package/dist/auth.cjs +154 -65
- package/dist/auth.cjs.map +1 -1
- package/dist/auth.d.cts +1 -1
- package/dist/auth.d.ts +1 -1
- package/dist/auth.mjs +154 -65
- package/dist/auth.mjs.map +1 -1
- package/dist/catalog.cjs.map +1 -1
- package/dist/catalog.d.cts +1 -1
- package/dist/catalog.d.ts +1 -1
- package/dist/catalog.mjs.map +1 -1
- package/dist/checkout.cjs.map +1 -1
- package/dist/checkout.d.cts +1 -1
- package/dist/checkout.d.ts +1 -1
- package/dist/checkout.mjs.map +1 -1
- package/dist/db-react.d.cts +1 -1
- package/dist/db-react.d.ts +1 -1
- package/dist/db.cjs.map +1 -1
- package/dist/db.d.cts +1 -1
- package/dist/db.d.ts +1 -1
- package/dist/db.mjs.map +1 -1
- package/dist/entitlements.cjs.map +1 -1
- package/dist/entitlements.d.cts +1 -1
- package/dist/entitlements.d.ts +1 -1
- package/dist/entitlements.mjs.map +1 -1
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.cts +12 -0
- package/dist/errors.d.ts +12 -0
- package/dist/errors.mjs.map +1 -1
- package/dist/firestore-compat.d.cts +1 -1
- package/dist/firestore-compat.d.ts +1 -1
- package/dist/index.cjs +155 -66
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.mjs +155 -66
- package/dist/index.mjs.map +1 -1
- package/dist/mocks.cjs +9 -0
- package/dist/mocks.cjs.map +1 -1
- package/dist/mocks.d.cts +8 -1
- package/dist/mocks.d.ts +8 -1
- package/dist/mocks.mjs +9 -0
- package/dist/mocks.mjs.map +1 -1
- package/dist/notifications.cjs.map +1 -1
- package/dist/notifications.d.cts +1 -1
- package/dist/notifications.d.ts +1 -1
- package/dist/notifications.mjs.map +1 -1
- package/dist/react.d.cts +1 -1
- package/dist/react.d.ts +1 -1
- package/dist/support.cjs.map +1 -1
- package/dist/support.d.cts +1 -1
- package/dist/support.d.ts +1 -1
- package/dist/support.mjs.map +1 -1
- package/dist/telemetry.cjs.map +1 -1
- package/dist/telemetry.d.cts +1 -1
- package/dist/telemetry.d.ts +1 -1
- package/dist/telemetry.mjs.map +1 -1
- package/dist/{types-dagUxKYz.d.ts → types-BtQv-s0m.d.ts} +40 -3
- package/dist/{types-Cog9S-tC.d.cts → types-DJAGWjf0.d.cts} +40 -3
- package/dist/usage.cjs.map +1 -1
- package/dist/usage.d.cts +1 -1
- package/dist/usage.d.ts +1 -1
- package/dist/usage.mjs.map +1 -1
- package/dist/webhooks.cjs.map +1 -1
- package/dist/webhooks.d.cts +1 -1
- package/dist/webhooks.d.ts +1 -1
- package/dist/webhooks.mjs.map +1 -1
- package/package.json +1 -1
package/dist/auth.d.cts
CHANGED
package/dist/auth.d.ts
CHANGED
package/dist/auth.mjs
CHANGED
|
@@ -5833,6 +5833,15 @@ var MockAuth = class {
|
|
|
5833
5833
|
async handleRedirectCallback(_currentUrl) {
|
|
5834
5834
|
return this._pendingCallback;
|
|
5835
5835
|
}
|
|
5836
|
+
/**
|
|
5837
|
+
* Mock de `completeSignIn` (3.1.12) — em dev não há redirect real pro IdP,
|
|
5838
|
+
* então não existe callback a completar: retorna `null` sempre (mesmo
|
|
5839
|
+
* contrato "no-op seguro em todo page load" da implementação real). O login
|
|
5840
|
+
* mock acontece direto via `signIn()`.
|
|
5841
|
+
*/
|
|
5842
|
+
async completeSignIn(_currentUrl) {
|
|
5843
|
+
return null;
|
|
5844
|
+
}
|
|
5836
5845
|
/**
|
|
5837
5846
|
* Mock de `getIdToken` (Bug 2 / 3.1.3). Retorna `null` por default; use
|
|
5838
5847
|
* `__setIdToken(token)` pra injetar um token cru em testes.
|
|
@@ -6261,22 +6270,155 @@ function createOidcAuthNamespace(config) {
|
|
|
6261
6270
|
loadCachedUser();
|
|
6262
6271
|
}, msUntilExpiry + 1);
|
|
6263
6272
|
}
|
|
6273
|
+
function resolveClientId() {
|
|
6274
|
+
let clientId = config.oidcClientId;
|
|
6275
|
+
if (!clientId && config.apiKey) {
|
|
6276
|
+
clientId = parseApiKey(config.apiKey).keyId;
|
|
6277
|
+
}
|
|
6278
|
+
if (!clientId) {
|
|
6279
|
+
throw new NeetruError(
|
|
6280
|
+
"invalid_config",
|
|
6281
|
+
"auth OIDC requer `oidcClientId` (ou `apiKey`) configurado para montar o client_id."
|
|
6282
|
+
);
|
|
6283
|
+
}
|
|
6284
|
+
return clientId;
|
|
6285
|
+
}
|
|
6286
|
+
async function handleRedirectCallback(currentUrl) {
|
|
6287
|
+
const href = currentUrl ?? (typeof globalThis.location !== "undefined" ? globalThis.location.href : void 0);
|
|
6288
|
+
if (!href) return null;
|
|
6289
|
+
let parsed;
|
|
6290
|
+
try {
|
|
6291
|
+
parsed = new URL(href);
|
|
6292
|
+
} catch {
|
|
6293
|
+
return null;
|
|
6294
|
+
}
|
|
6295
|
+
const params = parsed.searchParams;
|
|
6296
|
+
const idpError = params.get("error");
|
|
6297
|
+
if (idpError) {
|
|
6298
|
+
const desc = params.get("error_description") ?? idpError;
|
|
6299
|
+
getSessionStorage()?.removeItem(OIDC_TX_KEY);
|
|
6300
|
+
cleanCallbackUrl(parsed);
|
|
6301
|
+
throw new NeetruError(idpError, `OIDC authorize falhou: ${desc}`);
|
|
6302
|
+
}
|
|
6303
|
+
const code = params.get("code");
|
|
6304
|
+
if (!code) return null;
|
|
6305
|
+
const returnedState = params.get("state");
|
|
6306
|
+
const session = getSessionStorage();
|
|
6307
|
+
const txRaw = session?.getItem(OIDC_TX_KEY) ?? null;
|
|
6308
|
+
let tx = null;
|
|
6309
|
+
if (txRaw) {
|
|
6310
|
+
try {
|
|
6311
|
+
tx = JSON.parse(txRaw);
|
|
6312
|
+
} catch {
|
|
6313
|
+
tx = null;
|
|
6314
|
+
}
|
|
6315
|
+
}
|
|
6316
|
+
if (!tx) {
|
|
6317
|
+
throw new NeetruError(
|
|
6318
|
+
"oidc_state_mismatch",
|
|
6319
|
+
"Callback OIDC sem transa\xE7\xE3o pendente \u2014 `signIn` n\xE3o foi iniciado nesta sess\xE3o (ou j\xE1 consumido)."
|
|
6320
|
+
);
|
|
6321
|
+
}
|
|
6322
|
+
if (!returnedState || returnedState !== tx.state) {
|
|
6323
|
+
session?.removeItem(OIDC_TX_KEY);
|
|
6324
|
+
cleanCallbackUrl(parsed);
|
|
6325
|
+
throw new NeetruError(
|
|
6326
|
+
"oidc_state_mismatch",
|
|
6327
|
+
"state do callback OIDC n\xE3o confere com o da transa\xE7\xE3o (poss\xEDvel CSRF)."
|
|
6328
|
+
);
|
|
6329
|
+
}
|
|
6330
|
+
session?.removeItem(OIDC_TX_KEY);
|
|
6331
|
+
cleanCallbackUrl(parsed);
|
|
6332
|
+
return {
|
|
6333
|
+
code,
|
|
6334
|
+
codeVerifier: tx.codeVerifier,
|
|
6335
|
+
redirectUri: tx.redirectUri,
|
|
6336
|
+
nonce: tx.nonce,
|
|
6337
|
+
state: tx.state,
|
|
6338
|
+
postLoginRedirect: tx.postLoginRedirect
|
|
6339
|
+
};
|
|
6340
|
+
}
|
|
6341
|
+
async function completeSignIn(currentUrl) {
|
|
6342
|
+
const tx = await handleRedirectCallback(currentUrl);
|
|
6343
|
+
if (!tx) return null;
|
|
6344
|
+
const clientId = resolveClientId();
|
|
6345
|
+
const idpOrigin = resolveIdpOrigin(config.baseUrl);
|
|
6346
|
+
const tokenUrl = `${idpOrigin}/api/v1/oauth/token`;
|
|
6347
|
+
const form = new URLSearchParams({
|
|
6348
|
+
grant_type: "authorization_code",
|
|
6349
|
+
code: tx.code,
|
|
6350
|
+
redirect_uri: tx.redirectUri,
|
|
6351
|
+
client_id: clientId,
|
|
6352
|
+
code_verifier: tx.codeVerifier
|
|
6353
|
+
});
|
|
6354
|
+
let res;
|
|
6355
|
+
try {
|
|
6356
|
+
res = await config.fetch(tokenUrl, {
|
|
6357
|
+
method: "POST",
|
|
6358
|
+
headers: { "content-type": "application/x-www-form-urlencoded" },
|
|
6359
|
+
body: form.toString()
|
|
6360
|
+
});
|
|
6361
|
+
} catch (err) {
|
|
6362
|
+
throw new NeetruError(
|
|
6363
|
+
"network_error",
|
|
6364
|
+
`POST ${tokenUrl} falhou (network): ${err?.message ?? String(err)}`
|
|
6365
|
+
);
|
|
6366
|
+
}
|
|
6367
|
+
let payload = null;
|
|
6368
|
+
try {
|
|
6369
|
+
payload = await res.json();
|
|
6370
|
+
} catch {
|
|
6371
|
+
payload = null;
|
|
6372
|
+
}
|
|
6373
|
+
if (!res.ok || typeof payload?.error === "string") {
|
|
6374
|
+
const desc = typeof payload?.error_description === "string" && payload.error_description || typeof payload?.error === "string" && payload.error || `HTTP ${res.status}`;
|
|
6375
|
+
throw new NeetruError(
|
|
6376
|
+
"token_exchange_failed",
|
|
6377
|
+
`Troca do authorization_code por tokens falhou no /token: ${desc}`,
|
|
6378
|
+
res.status
|
|
6379
|
+
);
|
|
6380
|
+
}
|
|
6381
|
+
const idToken = payload?.id_token;
|
|
6382
|
+
if (typeof idToken !== "string" || idToken.length === 0) {
|
|
6383
|
+
throw new NeetruError(
|
|
6384
|
+
"token_exchange_failed",
|
|
6385
|
+
"Resposta do /token sem `id_token` \u2014 o login n\xE3o pode ser completado.",
|
|
6386
|
+
res.status
|
|
6387
|
+
);
|
|
6388
|
+
}
|
|
6389
|
+
const claims = decodeJwtPayload(idToken);
|
|
6390
|
+
if (!claims) {
|
|
6391
|
+
throw new NeetruError(
|
|
6392
|
+
"token_exchange_failed",
|
|
6393
|
+
"id_token retornado pelo /token \xE9 malformado (payload indecodific\xE1vel)."
|
|
6394
|
+
);
|
|
6395
|
+
}
|
|
6396
|
+
if (claims.nonce !== tx.nonce) {
|
|
6397
|
+
throw new NeetruError(
|
|
6398
|
+
"oidc_nonce_mismatch",
|
|
6399
|
+
"nonce do id_token n\xE3o confere com o da transa\xE7\xE3o OIDC (poss\xEDvel replay). Token descartado."
|
|
6400
|
+
);
|
|
6401
|
+
}
|
|
6402
|
+
const user = tokenToUser(idToken);
|
|
6403
|
+
if (!user) {
|
|
6404
|
+
throw new NeetruError(
|
|
6405
|
+
"token_exchange_failed",
|
|
6406
|
+
"id_token retornado pelo /token n\xE3o tem `sub` ou j\xE1 est\xE1 expirado."
|
|
6407
|
+
);
|
|
6408
|
+
}
|
|
6409
|
+
getStorage()?.setItem(STORAGE_KEY, idToken);
|
|
6410
|
+
cachedUser = user;
|
|
6411
|
+
scheduleExpiryTimer(user);
|
|
6412
|
+
notify();
|
|
6413
|
+
return { user, postLoginRedirect: tx.postLoginRedirect };
|
|
6414
|
+
}
|
|
6264
6415
|
return {
|
|
6265
6416
|
async signIn(options) {
|
|
6266
6417
|
if (typeof globalThis.location !== "undefined" && typeof globalThis.location.assign === "function") {
|
|
6267
6418
|
const crypto2 = getWebCrypto();
|
|
6268
6419
|
const redirectUri = options?.redirectUri ?? globalThis.location.origin;
|
|
6269
6420
|
const scope = options?.scope ?? "openid profile email";
|
|
6270
|
-
|
|
6271
|
-
if (!clientId && config.apiKey) {
|
|
6272
|
-
clientId = parseApiKey(config.apiKey).keyId;
|
|
6273
|
-
}
|
|
6274
|
-
if (!clientId) {
|
|
6275
|
-
throw new NeetruError(
|
|
6276
|
-
"invalid_config",
|
|
6277
|
-
"auth.signIn requer `oidcClientId` (ou `apiKey`) configurado para montar o client_id."
|
|
6278
|
-
);
|
|
6279
|
-
}
|
|
6421
|
+
const clientId = resolveClientId();
|
|
6280
6422
|
const state = randomUrlSafe(crypto2, 16);
|
|
6281
6423
|
const nonce = randomUrlSafe(crypto2, 16);
|
|
6282
6424
|
const codeVerifier = randomUrlSafe(crypto2, 32);
|
|
@@ -6314,61 +6456,8 @@ function createOidcAuthNamespace(config) {
|
|
|
6314
6456
|
"auth.signIn requires a browser context or mocks. Use NEETRU_ENV=dev or pass mocks.auth."
|
|
6315
6457
|
);
|
|
6316
6458
|
},
|
|
6317
|
-
|
|
6318
|
-
|
|
6319
|
-
if (!href) return null;
|
|
6320
|
-
let parsed;
|
|
6321
|
-
try {
|
|
6322
|
-
parsed = new URL(href);
|
|
6323
|
-
} catch {
|
|
6324
|
-
return null;
|
|
6325
|
-
}
|
|
6326
|
-
const params = parsed.searchParams;
|
|
6327
|
-
const idpError = params.get("error");
|
|
6328
|
-
if (idpError) {
|
|
6329
|
-
const desc = params.get("error_description") ?? idpError;
|
|
6330
|
-
getSessionStorage()?.removeItem(OIDC_TX_KEY);
|
|
6331
|
-
cleanCallbackUrl(parsed);
|
|
6332
|
-
throw new NeetruError(idpError, `OIDC authorize falhou: ${desc}`);
|
|
6333
|
-
}
|
|
6334
|
-
const code = params.get("code");
|
|
6335
|
-
if (!code) return null;
|
|
6336
|
-
const returnedState = params.get("state");
|
|
6337
|
-
const session = getSessionStorage();
|
|
6338
|
-
const txRaw = session?.getItem(OIDC_TX_KEY) ?? null;
|
|
6339
|
-
let tx = null;
|
|
6340
|
-
if (txRaw) {
|
|
6341
|
-
try {
|
|
6342
|
-
tx = JSON.parse(txRaw);
|
|
6343
|
-
} catch {
|
|
6344
|
-
tx = null;
|
|
6345
|
-
}
|
|
6346
|
-
}
|
|
6347
|
-
if (!tx) {
|
|
6348
|
-
throw new NeetruError(
|
|
6349
|
-
"oidc_state_mismatch",
|
|
6350
|
-
"Callback OIDC sem transa\xE7\xE3o pendente \u2014 `signIn` n\xE3o foi iniciado nesta sess\xE3o (ou j\xE1 consumido)."
|
|
6351
|
-
);
|
|
6352
|
-
}
|
|
6353
|
-
if (!returnedState || returnedState !== tx.state) {
|
|
6354
|
-
session?.removeItem(OIDC_TX_KEY);
|
|
6355
|
-
cleanCallbackUrl(parsed);
|
|
6356
|
-
throw new NeetruError(
|
|
6357
|
-
"oidc_state_mismatch",
|
|
6358
|
-
"state do callback OIDC n\xE3o confere com o da transa\xE7\xE3o (poss\xEDvel CSRF)."
|
|
6359
|
-
);
|
|
6360
|
-
}
|
|
6361
|
-
session?.removeItem(OIDC_TX_KEY);
|
|
6362
|
-
cleanCallbackUrl(parsed);
|
|
6363
|
-
return {
|
|
6364
|
-
code,
|
|
6365
|
-
codeVerifier: tx.codeVerifier,
|
|
6366
|
-
redirectUri: tx.redirectUri,
|
|
6367
|
-
nonce: tx.nonce,
|
|
6368
|
-
state: tx.state,
|
|
6369
|
-
postLoginRedirect: tx.postLoginRedirect
|
|
6370
|
-
};
|
|
6371
|
-
},
|
|
6459
|
+
handleRedirectCallback,
|
|
6460
|
+
completeSignIn,
|
|
6372
6461
|
getIdToken() {
|
|
6373
6462
|
const storage = getStorage();
|
|
6374
6463
|
const token = storage?.getItem(STORAGE_KEY) ?? null;
|