@neetru/sdk 3.1.4 → 3.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -0
- package/README.md +8 -4
- package/dist/auth.cjs +35 -9
- package/dist/auth.cjs.map +1 -1
- package/dist/auth.d.cts +1 -1
- package/dist/auth.d.ts +1 -1
- package/dist/auth.mjs +35 -9
- package/dist/auth.mjs.map +1 -1
- package/dist/catalog.cjs.map +1 -1
- package/dist/catalog.d.cts +1 -1
- package/dist/catalog.d.ts +1 -1
- package/dist/catalog.mjs.map +1 -1
- package/dist/checkout.cjs.map +1 -1
- package/dist/checkout.d.cts +1 -1
- package/dist/checkout.d.ts +1 -1
- package/dist/checkout.mjs.map +1 -1
- package/dist/db-react.d.cts +1 -1
- package/dist/db-react.d.ts +1 -1
- package/dist/db.cjs.map +1 -1
- package/dist/db.d.cts +1 -1
- package/dist/db.d.ts +1 -1
- package/dist/db.mjs.map +1 -1
- package/dist/entitlements.cjs.map +1 -1
- package/dist/entitlements.d.cts +1 -1
- package/dist/entitlements.d.ts +1 -1
- package/dist/entitlements.mjs.map +1 -1
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.cts +8 -8
- package/dist/errors.d.ts +8 -8
- package/dist/errors.mjs.map +1 -1
- package/dist/firestore-compat.d.cts +1 -1
- package/dist/firestore-compat.d.ts +1 -1
- package/dist/index.cjs +36 -10
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +3 -3
- package/dist/index.d.ts +3 -3
- package/dist/index.mjs +36 -10
- package/dist/index.mjs.map +1 -1
- package/dist/mocks.cjs +26 -7
- package/dist/mocks.cjs.map +1 -1
- package/dist/mocks.d.cts +24 -7
- package/dist/mocks.d.ts +24 -7
- package/dist/mocks.mjs +26 -7
- package/dist/mocks.mjs.map +1 -1
- package/dist/notifications.cjs.map +1 -1
- package/dist/notifications.d.cts +1 -1
- package/dist/notifications.d.ts +1 -1
- package/dist/notifications.mjs.map +1 -1
- package/dist/react.d.cts +1 -1
- package/dist/react.d.ts +1 -1
- package/dist/support.cjs.map +1 -1
- package/dist/support.d.cts +1 -1
- package/dist/support.d.ts +1 -1
- package/dist/support.mjs.map +1 -1
- package/dist/telemetry.cjs.map +1 -1
- package/dist/telemetry.d.cts +1 -1
- package/dist/telemetry.d.ts +1 -1
- package/dist/telemetry.mjs.map +1 -1
- package/dist/{types-DvMdYbfV.d.cts → types-BXvGHppn.d.cts} +8 -0
- package/dist/{types-CRIIjqzC.d.ts → types-CQVak2a3.d.ts} +8 -0
- package/dist/usage.cjs.map +1 -1
- package/dist/usage.d.cts +1 -1
- package/dist/usage.d.ts +1 -1
- package/dist/usage.mjs.map +1 -1
- package/dist/webhooks.cjs.map +1 -1
- package/dist/webhooks.d.cts +1 -1
- package/dist/webhooks.d.ts +1 -1
- package/dist/webhooks.mjs.map +1 -1
- package/package.json +156 -156
package/dist/auth.d.cts
CHANGED
package/dist/auth.d.ts
CHANGED
package/dist/auth.mjs
CHANGED
|
@@ -5467,9 +5467,19 @@ var DEV_FIXTURE_USER = Object.freeze({
|
|
|
5467
5467
|
var MockAuth = class {
|
|
5468
5468
|
_user;
|
|
5469
5469
|
_listeners;
|
|
5470
|
-
|
|
5470
|
+
_allowUnsignedDecode;
|
|
5471
|
+
constructor(initialUser = null, options) {
|
|
5471
5472
|
this._user = initialUser;
|
|
5472
5473
|
this._listeners = /* @__PURE__ */ new Set();
|
|
5474
|
+
this._allowUnsignedDecode = options?.allowUnsignedDecode ?? false;
|
|
5475
|
+
if (this._allowUnsignedDecode) {
|
|
5476
|
+
const isTestEnv = typeof process !== "undefined" && (process.env?.NODE_ENV === "test" || process.env?.VITEST === "true" || process.env?.VITEST != null);
|
|
5477
|
+
if (!isTestEnv && typeof console !== "undefined") {
|
|
5478
|
+
console.warn(
|
|
5479
|
+
"[neetru-sdk] MockAuth.verifyToken est\xE1 em modo allowUnsignedDecode=true: tokens N\xC3O t\xEAm assinatura verificada. Este modo \xE9 exclusivo para testes \u2014 NUNCA use como security boundary em c\xF3digo deployado."
|
|
5480
|
+
);
|
|
5481
|
+
}
|
|
5482
|
+
}
|
|
5473
5483
|
}
|
|
5474
5484
|
async signIn(_options) {
|
|
5475
5485
|
if (!this._user) this._user = { ...DEV_FIXTURE_USER };
|
|
@@ -5494,18 +5504,27 @@ var MockAuth = class {
|
|
|
5494
5504
|
};
|
|
5495
5505
|
}
|
|
5496
5506
|
/**
|
|
5497
|
-
* Mock de `verifyToken` —
|
|
5498
|
-
*
|
|
5499
|
-
*
|
|
5507
|
+
* Mock de `verifyToken` — por default lança `unauthorized` pra prevenir uso
|
|
5508
|
+
* acidental como security boundary em código deployado.
|
|
5509
|
+
*
|
|
5510
|
+
* Para decodificar JWTs sem verificar assinatura em testes, crie a instância
|
|
5511
|
+
* com `new MockAuth(user, { allowUnsignedDecode: true })`. Isso é um opt-in
|
|
5512
|
+
* explícito — nunca acontece silenciosamente.
|
|
5500
5513
|
*
|
|
5501
|
-
* Para simular falhas
|
|
5514
|
+
* Para simular falhas ou resultados customizados, use `__mockVerifyToken(fn)`.
|
|
5502
5515
|
*/
|
|
5503
5516
|
async verifyToken(token) {
|
|
5504
5517
|
if (this._verifyTokenOverride) {
|
|
5505
5518
|
return this._verifyTokenOverride(token);
|
|
5506
5519
|
}
|
|
5507
5520
|
if (!token) {
|
|
5508
|
-
throw
|
|
5521
|
+
throw new NeetruError("token_invalid_signature", "Token inv\xE1lido: string vazia");
|
|
5522
|
+
}
|
|
5523
|
+
if (!this._allowUnsignedDecode) {
|
|
5524
|
+
throw new NeetruError(
|
|
5525
|
+
"unauthorized",
|
|
5526
|
+
"MockAuth.verifyToken n\xE3o verifica assinaturas JWT e N\xC3O deve ser usado como security boundary em c\xF3digo deployado. Em testes, use new MockAuth(user, { allowUnsignedDecode: true }) para habilitar decodifica\xE7\xE3o sem assinatura, ou __mockVerifyToken(fn) para injetar resultado customizado."
|
|
5527
|
+
);
|
|
5509
5528
|
}
|
|
5510
5529
|
try {
|
|
5511
5530
|
const parts = token.split(".");
|
|
@@ -5532,7 +5551,7 @@ var MockAuth = class {
|
|
|
5532
5551
|
} catch {
|
|
5533
5552
|
}
|
|
5534
5553
|
if (this._user) return this._user;
|
|
5535
|
-
throw
|
|
5554
|
+
throw new NeetruError("token_invalid_signature", "Nenhum user mock dispon\xEDvel e JWT sem sub v\xE1lido");
|
|
5536
5555
|
}
|
|
5537
5556
|
/**
|
|
5538
5557
|
* Mock de `handleRedirectCallback` (Bug 2 / 3.1.3) — não há redirect real no
|
|
@@ -6092,13 +6111,20 @@ function createOidcAuthNamespace(config) {
|
|
|
6092
6111
|
const issuer = idpOrigin;
|
|
6093
6112
|
const jwksUrl = `${idpOrigin}/api/v1/oauth/.well-known/jwks.json`;
|
|
6094
6113
|
const cacheTtlMs = options?.jwksCacheTtlMs ?? DEFAULT_JWKS_TTL_MS;
|
|
6114
|
+
const audienceFromOptions = options?.audience;
|
|
6095
6115
|
const parsedKey = tryParseApiKey(config.apiKey);
|
|
6096
|
-
const audience = parsedKey?.keyId;
|
|
6116
|
+
const audience = audienceFromOptions ?? parsedKey?.keyId;
|
|
6117
|
+
if (!audience) {
|
|
6118
|
+
throw new NeetruError(
|
|
6119
|
+
"invalid_config",
|
|
6120
|
+
"verifyToken requires an audience: provide apiKey on the client or pass options.audience. Calling jwtVerify without an audience allows tokens issued for other OIDC clients to pass."
|
|
6121
|
+
);
|
|
6122
|
+
}
|
|
6097
6123
|
const jwks = _getJwks(jwksUrl, cacheTtlMs);
|
|
6098
6124
|
try {
|
|
6099
6125
|
const { payload } = await jwtVerify(token, jwks, {
|
|
6100
6126
|
issuer,
|
|
6101
|
-
|
|
6127
|
+
audience,
|
|
6102
6128
|
algorithms: ["RS256"]
|
|
6103
6129
|
});
|
|
6104
6130
|
return _jwtPayloadToUser(payload);
|