astro-tokenkit 1.0.16 → 1.0.17

package/dist/auth/manager.js

@@ -12,6 +12,8 @@ import { AuthError } from '../types';
 import { autoDetectFields, parseJWTPayload } from './detector';
 import { storeTokens, retrieveTokens, clearTokens } from './storage';
 import { shouldRefresh, isExpired } from './policy';
+import { safeFetch } from '../utils/fetch';
+import { logger } from '../utils/logger';
 /**
  * Single-flight refresh manager
  */
@@ -67,14 +69,14 @@ export class TokenManager {
             }
             let response;
             try {
-                response = yield fetch(url, {
+                response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
-                });
+                }, this.config);
             }
             catch (error) {
-                const authError = new AuthError(`Login request failed: ${error.message}`);
+                const authError = new AuthError(`Login request failed: ${error.message}`, undefined, undefined, undefined, error);
                 if (options === null || options === void 0 ? void 0 : options.onError)
                     yield options.onError(authError, ctx);
                 throw authError;
@@ -148,14 +150,14 @@ export class TokenManager {
             }
             let response;
             try {
-                response = yield fetch(url, {
+                response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
-                });
+                }, this.config);
             }
             catch (error) {
-                throw new AuthError(`Refresh request failed: ${error.message}`);
+                throw new AuthError(`Refresh request failed: ${error.message}`, undefined, undefined, undefined, error);
             }
             if (!response.ok) {
                 // 401/403 = invalid refresh token
@@ -253,11 +255,11 @@ export class TokenManager {
                         const injectFn = (_a = this.config.injectToken) !== null && _a !== void 0 ? _a : ((token, type) => `${type !== null && type !== void 0 ? type : 'Bearer'} ${token}`);
                         headers['Authorization'] = injectFn(session.accessToken, session.tokenType);
                     }
-                    yield fetch(url, { method: 'POST', headers });
+                    yield safeFetch(url, { method: 'POST', headers }, this.config);
                 }
                 catch (error) {
                     // Ignore logout endpoint errors
-                    console.warn('[TokenKit] Logout endpoint failed:', error);
+                    logger.debug('[TokenKit] Logout endpoint failed:', error);
                 }
             }
             clearTokens(ctx, this.config.cookies);

package/dist/client/client.js

@@ -14,6 +14,7 @@ import { getContextStore } from './context';
 import { calculateDelay, shouldRetry, sleep } from '../utils/retry';
 import { getConfig, getTokenManager } from '../config';
 import { createMiddleware } from '../middleware';
+import { safeFetch } from '../utils/fetch';
 /**
  * API Client
  */
@@ -37,6 +38,7 @@ export class APIClient {
      * Get token manager
      */
     get tokenManager() {
+        var _a, _b;
         const config = this.config;
         if (!config.auth)
             return undefined;
@@ -52,7 +54,9 @@ export class APIClient {
         if (!this._localTokenManager ||
             this._lastUsedAuth !== config.auth ||
             this._lastUsedBaseURL !== config.baseURL) {
-            this._localTokenManager = new TokenManager(config.auth, config.baseURL);
+            // Merge client-level fetch and SSL settings into auth config
+            const authConfig = Object.assign(Object.assign({}, config.auth), { fetch: (_a = config.auth.fetch) !== null && _a !== void 0 ? _a : config.fetch, dangerouslyIgnoreCertificateErrors: (_b = config.auth.dangerouslyIgnoreCertificateErrors) !== null && _b !== void 0 ? _b : config.dangerouslyIgnoreCertificateErrors });
+            this._localTokenManager = new TokenManager(authConfig, config.baseURL);
             this._lastUsedAuth = config.auth;
             this._lastUsedBaseURL = config.baseURL;
         }
@@ -169,7 +173,7 @@ export class APIClient {
             const controller = new AbortController();
             const timeoutId = setTimeout(() => controller.abort(), timeout);
             try {
-                const response = yield fetch(fullURL, Object.assign(Object.assign({}, init), { signal: controller.signal }));
+                const response = yield safeFetch(fullURL, Object.assign(Object.assign({}, init), { signal: controller.signal }), this.config);
                 clearTimeout(timeoutId);
                 // Handle 401 (try refresh and retry once)
                 if (response.status === 401 && this.tokenManager && !config.skipAuth && attempt === 1) {
@@ -202,12 +206,12 @@ export class APIClient {
                 }
                 // Transform errors
                 if (error instanceof Error && error.name === 'AbortError') {
-                    throw new TimeoutError(`Request timeout after ${timeout}ms`, requestConfig);
+                    throw new TimeoutError(`Request timeout after ${timeout}ms`, requestConfig, error);
                 }
                 if (error instanceof APIError) {
                     throw error;
                 }
-                throw new NetworkError(error.message, requestConfig);
+                throw new NetworkError(error.message, requestConfig, error);
             }
         });
     }

package/dist/config.js

@@ -10,12 +10,14 @@ if (!globalStorage[CONFIG_KEY]) {
         getContextStore: undefined,
         setContextStore: undefined,
         baseURL: "",
+        debug: false,
     };
 }
 /**
  * Set configuration
  */
 export function setConfig(userConfig) {
+    var _a, _b;
     const currentConfig = globalStorage[CONFIG_KEY];
     const finalConfig = Object.assign(Object.assign({}, currentConfig), userConfig);
     // Validate that getter and setter are defined together
@@ -26,7 +28,8 @@ export function setConfig(userConfig) {
     globalStorage[CONFIG_KEY] = finalConfig;
     // Re-initialize global token manager if auth changed
     if (finalConfig.auth) {
-        globalStorage[MANAGER_KEY] = new TokenManager(finalConfig.auth, finalConfig.baseURL);
+        const authConfig = Object.assign(Object.assign({}, finalConfig.auth), { fetch: (_a = finalConfig.auth.fetch) !== null && _a !== void 0 ? _a : finalConfig.fetch, dangerouslyIgnoreCertificateErrors: (_b = finalConfig.auth.dangerouslyIgnoreCertificateErrors) !== null && _b !== void 0 ? _b : finalConfig.dangerouslyIgnoreCertificateErrors });
+        globalStorage[MANAGER_KEY] = new TokenManager(authConfig, finalConfig.baseURL);
     }
     else {
         globalStorage[MANAGER_KEY] = undefined;

package/dist/index.cjs

@@ -39,20 +39,23 @@ typeof SuppressedError === "function" ? SuppressedError : function (error, suppr
  * API Error
  */
 class APIError extends Error {
-    constructor(message, status, response, request) {
+    constructor(message, status, response, request, cause) {
         super(message);
         this.status = status;
         this.response = response;
         this.request = request;
+        this.cause = cause;
         this.name = 'APIError';
+        if (cause && !this.cause)
+            this.cause = cause;
     }
 }
 /**
  * Authentication Error
  */
 class AuthError extends APIError {
-    constructor(message, status, response, request) {
-        super(message, status, response, request);
+    constructor(message, status, response, request, cause) {
+        super(message, status, response, request, cause);
         this.name = 'AuthError';
     }
 }
@@ -60,8 +63,8 @@ class AuthError extends APIError {
  * Network Error
  */
 class NetworkError extends APIError {
-    constructor(message, request) {
-        super(message, undefined, undefined, request);
+    constructor(message, request, cause) {
+        super(message, undefined, undefined, request, cause);
         this.name = 'NetworkError';
     }
 }
@@ -69,8 +72,8 @@ class NetworkError extends APIError {
  * Timeout Error
  */
 class TimeoutError extends APIError {
-    constructor(message, request) {
-        super(message, undefined, undefined, request);
+    constructor(message, request, cause) {
+        super(message, undefined, undefined, request, cause);
         this.name = 'TimeoutError';
     }
 }
@@ -396,6 +399,122 @@ function isExpired(expiresAt, now, policy = {}) {
     return now + clockSkew > expiresAt;
 }
 
+// packages/astro-tokenkit/src/utils/fetch.ts
+/**
+ * Perform a fetch request with optional certificate validation bypass
+ */
+function safeFetch(url, init, config) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const fetchFn = config.fetch || fetch;
+        const fetchOptions = Object.assign({}, init);
+        if (config.dangerouslyIgnoreCertificateErrors && typeof process !== 'undefined') {
+            // In Node.js environment
+            try {
+                // Try to use undici Agent if available (it is built-in in Node 18+)
+                // However, we might need to import it if we want to create an Agent.
+                // Since we don't want to depend on undici in package.json, we use dynamic import.
+                // But wait, undici's Agent is what we need.
+                // As a fallback and most reliable way for self-signed certs in Node without extra deps:
+                process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+                // NOTE: This affects the whole process. We should ideally only do this if it's not already 0.
+                // But for a dev tool / specialized library, it's often what's needed.
+            }
+            catch (e) {
+                // Ignore
+            }
+        }
+        return fetchFn(url, fetchOptions);
+    });
+}
+
+// packages/astro-tokenkit/src/config.ts
+const CONFIG_KEY = Symbol.for('astro-tokenkit.config');
+const MANAGER_KEY = Symbol.for('astro-tokenkit.manager');
+const globalStorage = globalThis;
+// Initialize global storage if not present
+if (!globalStorage[CONFIG_KEY]) {
+    globalStorage[CONFIG_KEY] = {
+        runWithContext: undefined,
+        getContextStore: undefined,
+        setContextStore: undefined,
+        baseURL: "",
+        debug: false,
+    };
+}
+/**
+ * Set configuration
+ */
+function setConfig(userConfig) {
+    var _a, _b;
+    const currentConfig = globalStorage[CONFIG_KEY];
+    const finalConfig = Object.assign(Object.assign({}, currentConfig), userConfig);
+    // Validate that getter and setter are defined together
+    if ((finalConfig.getContextStore && !finalConfig.setContextStore) ||
+        (!finalConfig.getContextStore && finalConfig.setContextStore)) {
+        throw new Error("[TokenKit] getContextStore and setContextStore must be defined together.");
+    }
+    globalStorage[CONFIG_KEY] = finalConfig;
+    // Re-initialize global token manager if auth changed
+    if (finalConfig.auth) {
+        const authConfig = Object.assign(Object.assign({}, finalConfig.auth), { fetch: (_a = finalConfig.auth.fetch) !== null && _a !== void 0 ? _a : finalConfig.fetch, dangerouslyIgnoreCertificateErrors: (_b = finalConfig.auth.dangerouslyIgnoreCertificateErrors) !== null && _b !== void 0 ? _b : finalConfig.dangerouslyIgnoreCertificateErrors });
+        globalStorage[MANAGER_KEY] = new TokenManager(authConfig, finalConfig.baseURL);
+    }
+    else {
+        globalStorage[MANAGER_KEY] = undefined;
+    }
+}
+/**
+ * Get current configuration
+ */
+function getConfig() {
+    return globalStorage[CONFIG_KEY];
+}
+/**
+ * Get global token manager
+ */
+function getTokenManager() {
+    return globalStorage[MANAGER_KEY];
+}
+/**
+ * Set global token manager (mainly for testing)
+ */
+function setTokenManager(manager) {
+    globalStorage[MANAGER_KEY] = manager;
+}
+// Handle injected configuration from Astro integration
+try {
+    // @ts-ignore
+    const injectedConfig = typeof __TOKENKIT_CONFIG__ !== 'undefined' ? __TOKENKIT_CONFIG__ : undefined;
+    if (injectedConfig) {
+        setConfig(injectedConfig);
+    }
+}
+catch (e) {
+    // Ignore errors in environments where __TOKENKIT_CONFIG__ might be restricted
+}
+
+/**
+ * Logger utility that respects the debug flag in the configuration
+ */
+const logger = {
+    debug: (message, ...args) => {
+        if (getConfig().debug) {
+            console.debug(message, ...args);
+        }
+    },
+    info: (message, ...args) => {
+        if (getConfig().debug) {
+            console.log(message, ...args);
+        }
+    },
+    warn: (message, ...args) => {
+        console.warn(message, ...args);
+    },
+    error: (message, ...args) => {
+        console.error(message, ...args);
+    }
+};
+
 // packages/astro-tokenkit/src/auth/manager.ts
 /**
  * Single-flight refresh manager
@@ -452,14 +571,14 @@ class TokenManager {
             }
             let response;
             try {
-                response = yield fetch(url, {
+                response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
-                });
+                }, this.config);
             }
             catch (error) {
-                const authError = new AuthError(`Login request failed: ${error.message}`);
+                const authError = new AuthError(`Login request failed: ${error.message}`, undefined, undefined, undefined, error);
                 if (options === null || options === void 0 ? void 0 : options.onError)
                     yield options.onError(authError, ctx);
                 throw authError;
@@ -533,14 +652,14 @@ class TokenManager {
             }
             let response;
             try {
-                response = yield fetch(url, {
+                response = yield safeFetch(url, {
                     method: 'POST',
                     headers,
                     body: requestBody,
-                });
+                }, this.config);
             }
             catch (error) {
-                throw new AuthError(`Refresh request failed: ${error.message}`);
+                throw new AuthError(`Refresh request failed: ${error.message}`, undefined, undefined, undefined, error);
             }
             if (!response.ok) {
                 // 401/403 = invalid refresh token
@@ -638,11 +757,11 @@ class TokenManager {
                         const injectFn = (_a = this.config.injectToken) !== null && _a !== void 0 ? _a : ((token, type) => `${type !== null && type !== void 0 ? type : 'Bearer'} ${token}`);
                         headers['Authorization'] = injectFn(session.accessToken, session.tokenType);
                     }
-                    yield fetch(url, { method: 'POST', headers });
+                    yield safeFetch(url, { method: 'POST', headers }, this.config);
                 }
                 catch (error) {
                     // Ignore logout endpoint errors
-                    console.warn('[TokenKit] Logout endpoint failed:', error);
+                    logger.debug('[TokenKit] Logout endpoint failed:', error);
                 }
             }
             clearTokens(ctx, this.config.cookies);
@@ -688,69 +807,6 @@ class TokenManager {
     }
 }
 
-// packages/astro-tokenkit/src/config.ts
-const CONFIG_KEY = Symbol.for('astro-tokenkit.config');
-const MANAGER_KEY = Symbol.for('astro-tokenkit.manager');
-const globalStorage = globalThis;
-// Initialize global storage if not present
-if (!globalStorage[CONFIG_KEY]) {
-    globalStorage[CONFIG_KEY] = {
-        runWithContext: undefined,
-        getContextStore: undefined,
-        setContextStore: undefined,
-        baseURL: "",
-    };
-}
-/**
- * Set configuration
- */
-function setConfig(userConfig) {
-    const currentConfig = globalStorage[CONFIG_KEY];
-    const finalConfig = Object.assign(Object.assign({}, currentConfig), userConfig);
-    // Validate that getter and setter are defined together
-    if ((finalConfig.getContextStore && !finalConfig.setContextStore) ||
-        (!finalConfig.getContextStore && finalConfig.setContextStore)) {
-        throw new Error("[TokenKit] getContextStore and setContextStore must be defined together.");
-    }
-    globalStorage[CONFIG_KEY] = finalConfig;
-    // Re-initialize global token manager if auth changed
-    if (finalConfig.auth) {
-        globalStorage[MANAGER_KEY] = new TokenManager(finalConfig.auth, finalConfig.baseURL);
-    }
-    else {
-        globalStorage[MANAGER_KEY] = undefined;
-    }
-}
-/**
- * Get current configuration
- */
-function getConfig() {
-    return globalStorage[CONFIG_KEY];
-}
-/**
- * Get global token manager
- */
-function getTokenManager() {
-    return globalStorage[MANAGER_KEY];
-}
-/**
- * Set global token manager (mainly for testing)
- */
-function setTokenManager(manager) {
-    globalStorage[MANAGER_KEY] = manager;
-}
-// Handle injected configuration from Astro integration
-try {
-    // @ts-ignore
-    const injectedConfig = typeof __TOKENKIT_CONFIG__ !== 'undefined' ? __TOKENKIT_CONFIG__ : undefined;
-    if (injectedConfig) {
-        setConfig(injectedConfig);
-    }
-}
-catch (e) {
-    // Ignore errors in environments where __TOKENKIT_CONFIG__ might be restricted
-}
-
 // packages/astro-tokenkit/src/client/context.ts
 /**
  * Async local storage for Astro context
@@ -847,7 +903,7 @@ function createMiddleware() {
             else if (config.context) {
                 contextStrategy = 'custom (external AsyncLocalStorage)';
             }
-            console.log(`[TokenKit] Middleware initialized (auth: ${authStatus}, context: ${contextStrategy})`);
+            logger.debug(`[TokenKit] Middleware initialized (auth: ${authStatus}, context: ${contextStrategy})`);
             globalStorage[LOGGED_KEY] = true;
         }
         const runLogic = () => __awaiter(this, void 0, void 0, function* () {
@@ -859,7 +915,7 @@ function createMiddleware() {
                 }
                 catch (error) {
                     // Log only the message to avoid leaking sensitive data in the error object
-                    console.error('[TokenKit] Automatic token rotation failed:', error.message || error);
+                    logger.debug('[TokenKit] Automatic token rotation failed:', error.message || error);
                 }
             }
             return next();
@@ -904,6 +960,7 @@ class APIClient {
      * Get token manager
      */
     get tokenManager() {
+        var _a, _b;
         const config = this.config;
         if (!config.auth)
             return undefined;
@@ -919,7 +976,9 @@ class APIClient {
         if (!this._localTokenManager ||
             this._lastUsedAuth !== config.auth ||
             this._lastUsedBaseURL !== config.baseURL) {
-            this._localTokenManager = new TokenManager(config.auth, config.baseURL);
+            // Merge client-level fetch and SSL settings into auth config
+            const authConfig = Object.assign(Object.assign({}, config.auth), { fetch: (_a = config.auth.fetch) !== null && _a !== void 0 ? _a : config.fetch, dangerouslyIgnoreCertificateErrors: (_b = config.auth.dangerouslyIgnoreCertificateErrors) !== null && _b !== void 0 ? _b : config.dangerouslyIgnoreCertificateErrors });
+            this._localTokenManager = new TokenManager(authConfig, config.baseURL);
             this._lastUsedAuth = config.auth;
             this._lastUsedBaseURL = config.baseURL;
         }
@@ -1036,7 +1095,7 @@ class APIClient {
             const controller = new AbortController();
             const timeoutId = setTimeout(() => controller.abort(), timeout);
             try {
-                const response = yield fetch(fullURL, Object.assign(Object.assign({}, init), { signal: controller.signal }));
+                const response = yield safeFetch(fullURL, Object.assign(Object.assign({}, init), { signal: controller.signal }), this.config);
                 clearTimeout(timeoutId);
                 // Handle 401 (try refresh and retry once)
                 if (response.status === 401 && this.tokenManager && !config.skipAuth && attempt === 1) {
@@ -1069,12 +1128,12 @@ class APIClient {
                 }
                 // Transform errors
                 if (error instanceof Error && error.name === 'AbortError') {
-                    throw new TimeoutError(`Request timeout after ${timeout}ms`, requestConfig);
+                    throw new TimeoutError(`Request timeout after ${timeout}ms`, requestConfig, error);
                 }
                 if (error instanceof APIError) {
                     throw error;
                 }
-                throw new NetworkError(error.message, requestConfig);
+                throw new NetworkError(error.message, requestConfig, error);
             }
         });
     }
@@ -1270,7 +1329,7 @@ function tokenKit(config) {
                         order: 'pre'
                     });
                 }
-                console.log('[TokenKit] Integration initialized');
+                logger.debug('[TokenKit] Integration initialized');
             },
         },
     };