squarefi-bff-api-module 1.36.20 → 1.36.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -24,6 +24,7 @@ export declare const auth: {
24
24
  password: (email: string, password: string, captcha: string) => Promise<API.Auth.Tokens>;
25
25
  telegram: (data: API.Auth.Telegram.Signup.Request) => Promise<API.Auth.Telegram.Signup.Response>;
26
26
  };
27
+ register: (data?: API.Auth.Register.Request) => Promise<API.Auth.Register.Response>;
27
28
  refresh: {
28
29
  refresh_token: (data: API.Auth.RefreshToken.Request) => Promise<API.Auth.RefreshToken.Response>;
29
30
  };
package/dist/api/auth.js CHANGED
@@ -42,7 +42,10 @@ export const auth = {
42
42
  headers: { captcha },
43
43
  context: { bypassUnauthorizedHandler: true },
44
44
  }),
45
- telegram: (data) => apiClientV2.postRequest(telegramSignInPath, { data, context: { bypassUnauthorizedHandler: true } }),
45
+ telegram: (data) => apiClientV2.postRequest(telegramSignInPath, {
46
+ data,
47
+ context: { bypassUnauthorizedHandler: true },
48
+ }),
46
49
  password: (email, password, captcha) => apiClientV2.postRequest('/auth/sign-in/password/email', {
47
50
  data: { email, password },
48
51
  headers: { captcha },
@@ -60,8 +63,12 @@ export const auth = {
60
63
  headers: { captcha },
61
64
  context: { bypassUnauthorizedHandler: true },
62
65
  }),
63
- telegram: (data) => apiClientV2.postRequest(telegramSignUpPath, { data, context: { bypassUnauthorizedHandler: true } }),
66
+ telegram: (data) => apiClientV2.postRequest(telegramSignUpPath, {
67
+ data,
68
+ context: { bypassUnauthorizedHandler: true },
69
+ }),
64
70
  },
71
+ register: (data = {}) => apiClientV2.postRequest('/auth/register', { data }),
65
72
  refresh: {
66
73
  refresh_token: (data) => apiClientV2.postRequest(refreshTokenPath, { data }),
67
74
  },
@@ -69,6 +69,10 @@ export declare namespace API {
69
69
  }
70
70
  }
71
71
  }
72
+ namespace Register {
73
+ type Request = operations['AuthController_register']['requestBody']['content']['application/json'];
74
+ type Response = operations['AuthController_register']['responses']['200']['content']['application/json'];
75
+ }
72
76
  namespace VerifyOtp {
73
77
  type Response = {
74
78
  access_token: string;
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  export { squarefi_bff_api_client } from './api';
2
2
  export * from './utils/apiClientFactory';
3
- export { setAccessTokenProvider, setOnUnauthorized, type AccessTokenProvider, type ResolveTokenOptions, type UnauthorizedHandler, } from './utils/accessTokenProvider';
3
+ export { setAccessTokenProvider, setOnReverificationRequired, setOnUnauthorized, type AccessTokenProvider, type ResolveTokenOptions, type ReverificationHandler, type ReverificationMeta, type UnauthorizedHandler, } from './utils/accessTokenProvider';
4
4
  export * from './utils/tokensFactory';
5
5
  export * from './utils/fileStorage';
6
6
  export * from './constants';
package/dist/index.js CHANGED
@@ -1,6 +1,6 @@
1
1
  export { squarefi_bff_api_client } from './api';
2
2
  export * from './utils/apiClientFactory';
3
- export { setAccessTokenProvider, setOnUnauthorized, } from './utils/accessTokenProvider';
3
+ export { setAccessTokenProvider, setOnReverificationRequired, setOnUnauthorized, } from './utils/accessTokenProvider';
4
4
  export * from './utils/tokensFactory';
5
5
  export * from './utils/fileStorage';
6
6
  export * from './constants';
@@ -4,6 +4,14 @@ export type ResolveTokenOptions = {
4
4
  };
5
5
  export type AccessTokenProvider = (options?: ResolveTokenOptions) => Promise<string | null | undefined>;
6
6
  export type UnauthorizedHandler = () => void;
7
+ /** Details the backend attaches to a step-up (2FA reverification) rejection. */
8
+ export type ReverificationMeta = Record<string, unknown>;
9
+ /**
10
+ * Handler that performs a step-up reverification (e.g. re-entering an already-enrolled second
11
+ * factor). Resolves `true` once the user has re-verified so the original request can be retried,
12
+ * or `false` if the reverification was cancelled or failed.
13
+ */
14
+ export type ReverificationHandler = (meta: ReverificationMeta) => Promise<boolean>;
7
15
  /**
8
16
  * Register an external source of the access token (e.g. Clerk `getToken`).
9
17
  * When set, the API clients stop reading tokens from localStorage and delegate
@@ -16,7 +24,16 @@ export declare const setAccessTokenProvider: (provider: AccessTokenProvider | nu
16
24
  * recovered by refreshing the token (e.g. to trigger a Clerk sign-out).
17
25
  */
18
26
  export declare const setOnUnauthorized: (handler: UnauthorizedHandler | null) => void;
27
+ /**
28
+ * Register a handler invoked when the backend rejects a request because a step-up 2FA
29
+ * reverification is required (HTTP `403` with a `two_factor_reverification_required` code). The
30
+ * handler drives the provider-specific re-verification (e.g. Clerk) and resolves `true` on success
31
+ * so the API client retries the original request once. Pass `null` to unregister.
32
+ */
33
+ export declare const setOnReverificationRequired: (handler: ReverificationHandler | null) => void;
19
34
  /** Whether an external token provider is active (Clerk mode). */
20
35
  export declare const isExternalAuthMode: () => boolean;
21
36
  export declare const resolveAccessToken: (options?: ResolveTokenOptions) => Promise<string | null>;
22
37
  export declare const triggerUnauthorized: () => void;
38
+ /** Invokes the registered reverification handler; resolves `false` when none is registered. */
39
+ export declare const triggerReverification: (meta: ReverificationMeta) => Promise<boolean>;
@@ -1,6 +1,7 @@
1
1
  import { getFromLocalStorage } from './storage';
2
2
  let accessTokenProvider = null;
3
3
  let unauthorizedHandler = null;
4
+ let reverificationHandler = null;
4
5
  let inFlightRefresh = null;
5
6
  /**
6
7
  * Register an external source of the access token (e.g. Clerk `getToken`).
@@ -18,6 +19,15 @@ export const setAccessTokenProvider = (provider) => {
18
19
  export const setOnUnauthorized = (handler) => {
19
20
  unauthorizedHandler = handler;
20
21
  };
22
+ /**
23
+ * Register a handler invoked when the backend rejects a request because a step-up 2FA
24
+ * reverification is required (HTTP `403` with a `two_factor_reverification_required` code). The
25
+ * handler drives the provider-specific re-verification (e.g. Clerk) and resolves `true` on success
26
+ * so the API client retries the original request once. Pass `null` to unregister.
27
+ */
28
+ export const setOnReverificationRequired = (handler) => {
29
+ reverificationHandler = handler;
30
+ };
21
31
  /** Whether an external token provider is active (Clerk mode). */
22
32
  export const isExternalAuthMode = () => accessTokenProvider !== null;
23
33
  export const resolveAccessToken = async (options) => {
@@ -48,3 +58,5 @@ export const resolveAccessToken = async (options) => {
48
58
  export const triggerUnauthorized = () => {
49
59
  unauthorizedHandler?.();
50
60
  };
61
+ /** Invokes the registered reverification handler; resolves `false` when none is registered. */
62
+ export const triggerReverification = (meta) => reverificationHandler ? reverificationHandler(meta) : Promise.resolve(false);
@@ -3,9 +3,11 @@ import { isTMA } from '@telegram-apps/sdk-react';
3
3
  import axios from 'axios';
4
4
  import { telegramSignUpPath, telegramSignInPath, refreshTokenPath } from '../api/auth';
5
5
  import { AppEnviroment, ResponseStatus } from '../constants';
6
- import { isExternalAuthMode, resolveAccessToken, triggerUnauthorized } from './accessTokenProvider';
6
+ import { isExternalAuthMode, resolveAccessToken, triggerReverification, triggerUnauthorized, } from './accessTokenProvider';
7
7
  import { deleteTokens, getTokens, refreshTokens } from './tokensFactory';
8
8
  // eslint-disable-next-line no-constant-condition
9
+ // Backend signals that a sensitive request needs a fresh second-factor verification with this code.
10
+ const TWO_FACTOR_REVERIFICATION_CODE = 'two_factor_reverification_required';
9
11
  const apiV1BaseURL = process.env.API_URL ?? 'ENV variable API_URL is not defined';
10
12
  const apiV2BaseURL = process.env.API_V2_URL ?? 'ENV variable API_V2_URL is not defined';
11
13
  const apiTOTPBaseURL = process.env.API_TOTP_URL ?? 'ENV variable API_TOTP_URL is not defined';
@@ -41,6 +43,23 @@ export const createApiClient = ({ baseURL, isBearerToken, tenantId }) => {
41
43
  if (typeof window === 'undefined') {
42
44
  return Promise.reject(error);
43
45
  }
46
+ // Step-up 2FA: the backend rejects a sensitive request until the user re-verifies their
47
+ // second factor. Hand off to the consumer's reverification handler and retry once on success.
48
+ if (error?.response?.status === ResponseStatus.FORBIDDEN &&
49
+ error?.response?.data?.code === TWO_FACTOR_REVERIFICATION_CODE &&
50
+ !error?.response?.config.context?.isRetryRequest) {
51
+ const { response, config: failedRequestConfig } = error;
52
+ return triggerReverification(response.data).then((didReverify) => {
53
+ if (!didReverify) {
54
+ return Promise.reject(error);
55
+ }
56
+ failedRequestConfig.context = {
57
+ ...failedRequestConfig.context,
58
+ isRetryRequest: true,
59
+ };
60
+ return instance(failedRequestConfig);
61
+ });
62
+ }
44
63
  if (error?.response?.status === ResponseStatus.UNAUTHORIZED &&
45
64
  !error?.response?.config.context?.bypassUnauthorizedHandler) {
46
65
  const { response, config: failedRequestConfig } = error;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "squarefi-bff-api-module",
3
- "version": "1.36.20",
3
+ "version": "1.36.22",
4
4
  "description": "Squarefi BFF API client module",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",