sunuid-sdk 1.0.58 → 1.0.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/README.md +1 -1
  2. package/dist/sunuid-sdk.esm.js +114 -37
  3. package/dist/sunuid-sdk.esm.js.map +1 -1
  4. package/dist/sunuid-sdk.js +114 -37
  5. package/dist/sunuid-sdk.js.map +1 -1
  6. package/dist/sunuid-sdk.min.js +1 -1
  7. package/dist/sunuid-sdk.min.js.map +1 -1
  8. package/docs/SECURITY_GUIDE.md +3 -3
  9. package/examples/callback-example.html +1 -1
  10. package/examples/demo.html +3 -3
  11. package/examples/env.example +1 -1
  12. package/examples/no-loop-example.html +1 -1
  13. package/examples/partner-name-config.js +4 -4
  14. package/examples/production-config.js +2 -2
  15. package/examples/secure-init.php +1 -1
  16. package/examples/test-partner-name.html +1 -1
  17. package/examples/test-production.html +1 -1
  18. package/package.json +1 -1
package/README.md CHANGED
@@ -194,7 +194,7 @@ Le SDK supporte l'initialisation sécurisée via un endpoint PHP qui génère de
194
194
  $SUNUID_CONFIG = [
195
195
  'client_id' => $_ENV['SUNUID_CLIENT_ID'],
196
196
  'secret_id' => $_ENV['SUNUID_SECRET_ID'],
197
- 'api_url' => 'https://api.sunuid.fayma.sn',
197
+ 'api_url' => 'https://api.sunuid.com',
198
198
  'token_expiry' => 3600,
199
199
  'max_requests_per_token' => 100
200
200
  ];
package/dist/sunuid-sdk.esm.js CHANGED
@@ -272,7 +272,7 @@ function _unsupportedIterableToArray(r, a) {
272
272
 
273
273
  // Configuration par défaut
274
274
  var DEFAULT_CONFIG = {
275
- apiUrl: ((_window$SunuIDConfig = window.SunuIDConfig) === null || _window$SunuIDConfig === void 0 ? void 0 : _window$SunuIDConfig.apiUrl) || 'https://api.sunuid.fayma.sn',
275
+ apiUrl: ((_window$SunuIDConfig = window.SunuIDConfig) === null || _window$SunuIDConfig === void 0 ? void 0 : _window$SunuIDConfig.apiUrl) || 'https://api.sunuid.com',
276
276
  clientId: null,
277
277
  secretId: null,
278
278
  type: 2,
@@ -300,10 +300,10 @@ function _unsupportedIterableToArray(r, a) {
300
300
  // Options d'initialisation sécurisée
301
301
  secureInit: false,
302
302
  secureInitUrl: function (_window$SunuIDConfig2, _window$SunuIDConfig3) {
303
- if ((_window$SunuIDConfig2 = window.SunuIDConfig) !== null && _window$SunuIDConfig2 !== void 0 && (_window$SunuIDConfig2 = _window$SunuIDConfig2.apiUrl) !== null && _window$SunuIDConfig2 !== void 0 && _window$SunuIDConfig2.includes('api.sunuid.fayma.sn')) {
304
- return 'https://api.sunuid.fayma.sn/secure-init';
303
+ if ((_window$SunuIDConfig2 = window.SunuIDConfig) !== null && _window$SunuIDConfig2 !== void 0 && (_window$SunuIDConfig2 = _window$SunuIDConfig2.apiUrl) !== null && _window$SunuIDConfig2 !== void 0 && _window$SunuIDConfig2.includes('api.sunuid.com')) {
304
+ return 'https://api.sunuid.com/secure-init';
305
305
  }
306
- return ((_window$SunuIDConfig3 = window.SunuIDConfig) === null || _window$SunuIDConfig3 === void 0 || (_window$SunuIDConfig3 = _window$SunuIDConfig3.apiUrl) === null || _window$SunuIDConfig3 === void 0 ? void 0 : _window$SunuIDConfig3.replace('/api', '')) + '/secure-init' || 'https://api.sunuid.fayma.sn/secure-init';
306
+ return ((_window$SunuIDConfig3 = window.SunuIDConfig) === null || _window$SunuIDConfig3 === void 0 || (_window$SunuIDConfig3 = _window$SunuIDConfig3.apiUrl) === null || _window$SunuIDConfig3 === void 0 ? void 0 : _window$SunuIDConfig3.replace('/api', '')) + '/secure-init' || 'https://api.sunuid.com/secure-init';
307
307
  }(),
308
308
  token: null,
309
309
  // Configuration pour forcer l'utilisation du serveur distant
@@ -1490,7 +1490,7 @@ function _unsupportedIterableToArray(r, a) {
1490
1490
  options = _args10.length > 3 && _args10[3] !== undefined ? _args10[3] : {};
1491
1491
  _context10.p = 1;
1492
1492
  _context10.n = 2;
1493
- return fetch('https://api.sunuid.fayma.sn/qr-generate', {
1493
+ return fetch('https://api.sunuid.com/qr-generate', {
1494
1494
  method: 'POST',
1495
1495
  headers: {
1496
1496
  'Content-Type': 'application/json'
@@ -1725,9 +1725,9 @@ function _unsupportedIterableToArray(r, a) {
1725
1725
  // Construire l'URL - Utiliser l'API principale qui fonctionne
1726
1726
 
1727
1727
  if (this.config.forceRemoteServer) {
1728
- qrGeneratorUrl = 'https://api.sunuid.fayma.sn/qr-generate';
1729
- } else if (this.config.apiUrl.includes('api.sunuid.fayma.sn')) {
1730
- qrGeneratorUrl = 'https://api.sunuid.fayma.sn/qr-generate';
1728
+ qrGeneratorUrl = 'https://api.sunuid.com/qr-generate';
1729
+ } else if (this.config.apiUrl.includes('api.sunuid.com')) {
1730
+ qrGeneratorUrl = 'https://api.sunuid.com/qr-generate';
1731
1731
  } else if (this.config.apiUrl.includes('localhost') || this.config.apiUrl.includes('127.0.0.1')) {
1732
1732
  qrGeneratorUrl = 'http://localhost:8000/api/generate/text';
1733
1733
  } else {
@@ -2108,7 +2108,7 @@ function _unsupportedIterableToArray(r, a) {
2108
2108
  retryCount = 0;
2109
2109
  maxRetries = this.config.maxRetries;
2110
2110
  _loop = /*#__PURE__*/_regenerator().m(function _loop() {
2111
- var controller, timeoutId, headers, response, errorText, errorData, result, _t11;
2111
+ var controller, timeoutId, headers, response, errorText, errorData, responseText, contentType, result, _t11, _t12;
2112
2112
  return _regenerator().w(function (_context17) {
2113
2113
  while (1) switch (_context17.p = _context17.n) {
2114
2114
  case 0:
@@ -2145,9 +2145,17 @@ function _unsupportedIterableToArray(r, a) {
2145
2145
  try {
2146
2146
  errorData = JSON.parse(errorText);
2147
2147
  } catch (e) {
2148
- errorData = {
2149
- message: errorText
2150
- };
2148
+ // Si ce n'est pas du JSON, c'est probablement du HTML/PHP
2149
+ if (errorText.trim().startsWith('<?') || errorText.trim().startsWith('<!')) {
2150
+ console.error('❌ Le serveur a retourné du HTML/PHP au lieu de JSON');
2151
+ errorData = {
2152
+ message: 'Le serveur a retourné une réponse invalide (HTML/PHP au lieu de JSON)'
2153
+ };
2154
+ } else {
2155
+ errorData = {
2156
+ message: errorText
2157
+ };
2158
+ }
2151
2159
  }
2152
2160
  _this4.logSecurityEvent('API_REQUEST_ERROR', {
2153
2161
  status: response.status,
@@ -2157,9 +2165,52 @@ function _unsupportedIterableToArray(r, a) {
2157
2165
  throw new Error(errorData.message || "Erreur HTTP: ".concat(response.status));
2158
2166
  case 3:
2159
2167
  _context17.n = 4;
2160
- return response.json();
2168
+ return response.text();
2161
2169
  case 4:
2162
- result = _context17.v;
2170
+ responseText = _context17.v;
2171
+ // Vérifier le Content-Type
2172
+ contentType = response.headers.get('content-type');
2173
+ if (!(contentType && !contentType.includes('application/json'))) {
2174
+ _context17.n = 6;
2175
+ break;
2176
+ }
2177
+ console.error('❌ Réponse non-JSON reçue:', contentType);
2178
+ console.error('❌ Contenu reçu:', responseText.substring(0, 200));
2179
+
2180
+ // Détecter si c'est du PHP
2181
+ if (!responseText.trim().startsWith('<?')) {
2182
+ _context17.n = 5;
2183
+ break;
2184
+ }
2185
+ throw new Error('Le serveur a retourné du PHP au lieu de JSON. Vérifiez que l\'endpoint API est correct.');
2186
+ case 5:
2187
+ throw new Error("Le serveur a retourn\xE9 ".concat(contentType, " au lieu de JSON"));
2188
+ case 6:
2189
+ _context17.p = 6;
2190
+ result = JSON.parse(responseText);
2191
+ _context17.n = 10;
2192
+ break;
2193
+ case 7:
2194
+ _context17.p = 7;
2195
+ _t11 = _context17.v;
2196
+ console.error('❌ Erreur lors du parsing JSON:', _t11);
2197
+ console.error('❌ Réponse reçue:', responseText.substring(0, 200));
2198
+
2199
+ // Détecter si c'est du PHP
2200
+ if (!responseText.trim().startsWith('<?')) {
2201
+ _context17.n = 8;
2202
+ break;
2203
+ }
2204
+ throw new Error('Le serveur a retourné du PHP au lieu de JSON. Vérifiez que l\'endpoint API est correct.');
2205
+ case 8:
2206
+ if (!responseText.trim().startsWith('<!')) {
2207
+ _context17.n = 9;
2208
+ break;
2209
+ }
2210
+ throw new Error('Le serveur a retourné du HTML au lieu de JSON. Vérifiez que l\'endpoint API est correct.');
2211
+ case 9:
2212
+ throw new Error('Réponse invalide du serveur (pas du JSON valide)');
2213
+ case 10:
2163
2214
  _this4.logSecurityEvent('API_REQUEST_SUCCESS', {
2164
2215
  endpoint: endpointPath,
2165
2216
  responseKeys: Object.keys(result)
@@ -2167,43 +2218,43 @@ function _unsupportedIterableToArray(r, a) {
2167
2218
  return _context17.a(2, {
2168
2219
  v: result
2169
2220
  });
2170
- case 5:
2171
- _context17.p = 5;
2172
- _t11 = _context17.v;
2221
+ case 11:
2222
+ _context17.p = 11;
2223
+ _t12 = _context17.v;
2173
2224
  retryCount++;
2174
- if (!(_t11.name === 'AbortError')) {
2175
- _context17.n = 7;
2225
+ if (!(_t12.name === 'AbortError')) {
2226
+ _context17.n = 13;
2176
2227
  break;
2177
2228
  }
2178
2229
  _this4.logSecurityEvent('API_REQUEST_TIMEOUT', {
2179
2230
  retryCount: retryCount
2180
2231
  });
2181
2232
  if (!(retryCount > maxRetries)) {
2182
- _context17.n = 6;
2233
+ _context17.n = 12;
2183
2234
  break;
2184
2235
  }
2185
2236
  throw new Error('Timeout de la requête API');
2186
- case 6:
2237
+ case 12:
2187
2238
  return _context17.a(2, 0);
2188
- case 7:
2239
+ case 13:
2189
2240
  if (!(retryCount > maxRetries)) {
2190
- _context17.n = 8;
2241
+ _context17.n = 14;
2191
2242
  break;
2192
2243
  }
2193
2244
  _this4.logSecurityEvent('API_REQUEST_MAX_RETRIES', {
2194
2245
  retryCount: retryCount,
2195
- error: _t11.message
2246
+ error: _t12.message
2196
2247
  });
2197
- throw _t11;
2198
- case 8:
2199
- _context17.n = 9;
2248
+ throw _t12;
2249
+ case 14:
2250
+ _context17.n = 15;
2200
2251
  return new Promise(function (resolve) {
2201
2252
  return setTimeout(resolve, 1000 * retryCount);
2202
2253
  });
2203
- case 9:
2254
+ case 15:
2204
2255
  return _context17.a(2);
2205
2256
  }
2206
- }, _loop, null, [[0, 5]]);
2257
+ }, _loop, null, [[6, 7], [0, 11]]);
2207
2258
  });
2208
2259
  case 3:
2209
2260
  if (!(retryCount <= maxRetries)) {
@@ -2302,7 +2353,7 @@ function _unsupportedIterableToArray(r, a) {
2302
2353
  key: "fetchPartnerInfo",
2303
2354
  value: (function () {
2304
2355
  var _fetchPartnerInfo = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee18() {
2305
- var response, data, partnerId, _t12;
2356
+ var response, data, partnerId, _t13;
2306
2357
  return _regenerator().w(function (_context19) {
2307
2358
  while (1) switch (_context19.p = _context19.n) {
2308
2359
  case 0:
@@ -2362,8 +2413,8 @@ function _unsupportedIterableToArray(r, a) {
2362
2413
  break;
2363
2414
  case 2:
2364
2415
  _context19.p = 2;
2365
- _t12 = _context19.v;
2366
- console.warn('⚠️ Erreur lors de la récupération des informations du partenaire:', _t12.message);
2416
+ _t13 = _context19.v;
2417
+ console.warn('⚠️ Erreur lors de la récupération des informations du partenaire:', _t13.message);
2367
2418
  this.config.partnerName = 'Partner_unknown';
2368
2419
  case 3:
2369
2420
  return _context19.a(2);
@@ -2407,7 +2458,7 @@ function _unsupportedIterableToArray(r, a) {
2407
2458
  key: "checkConnections",
2408
2459
  value: (function () {
2409
2460
  var _checkConnections = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee19() {
2410
- var status, testResponse, debugData, _t13;
2461
+ var status, testResponse, debugData, _t14;
2411
2462
  return _regenerator().w(function (_context20) {
2412
2463
  while (1) switch (_context20.p = _context20.n) {
2413
2464
  case 0:
@@ -2452,8 +2503,8 @@ function _unsupportedIterableToArray(r, a) {
2452
2503
  break;
2453
2504
  case 6:
2454
2505
  _context20.p = 6;
2455
- _t13 = _context20.v;
2456
- console.log('🔍 Test API échoué:', _t13.message);
2506
+ _t14 = _context20.v;
2507
+ console.log('🔍 Test API échoué:', _t14.message);
2457
2508
  status.api = false;
2458
2509
  case 7:
2459
2510
  // Vérifier le WebSocket
@@ -2823,6 +2874,12 @@ function _unsupportedIterableToArray(r, a) {
2823
2874
  value: function processAuthentication(data) {
2824
2875
  console.log('🔐 Traitement de l\'authentification...');
2825
2876
  try {
2877
+ // Vérifier que le token existe
2878
+ if (!data || !data.token) {
2879
+ console.error('❌ Token manquant dans les données:', data);
2880
+ throw new Error('Token manquant dans les données d\'authentification');
2881
+ }
2882
+
2826
2883
  // Décoder le JWT token
2827
2884
  var decodedToken = this.decodeJWT(data.token);
2828
2885
 
@@ -2872,17 +2929,37 @@ function _unsupportedIterableToArray(r, a) {
2872
2929
  key: "decodeJWT",
2873
2930
  value: function decodeJWT(token) {
2874
2931
  try {
2932
+ // Vérifier que le token existe et est une chaîne
2933
+ if (!token || typeof token !== 'string') {
2934
+ console.error('❌ Token JWT manquant ou invalide:', token);
2935
+ throw new Error('Token JWT manquant ou invalide');
2936
+ }
2937
+
2875
2938
  // Décodage simple du JWT (sans vérification de signature)
2876
2939
  var parts = token.split('.');
2877
2940
  if (parts.length !== 3) {
2941
+ console.error('❌ Format JWT invalide - nombre de parties incorrect:', parts.length);
2878
2942
  throw new Error('Format JWT invalide');
2879
2943
  }
2944
+
2945
+ // Vérifier que la partie payload existe
2946
+ if (!parts[1]) {
2947
+ console.error('❌ Payload JWT manquant');
2948
+ throw new Error('Payload JWT manquant');
2949
+ }
2880
2950
  var payload = parts[1];
2881
- var decoded = JSON.parse(atob(payload));
2951
+ var decoded;
2952
+ try {
2953
+ decoded = JSON.parse(atob(payload));
2954
+ } catch (parseError) {
2955
+ console.error('❌ Erreur lors du parsing du payload JWT:', parseError);
2956
+ throw new Error('Impossible de décoder le payload JWT');
2957
+ }
2882
2958
  return decoded;
2883
2959
  } catch (error) {
2884
2960
  console.error('❌ Erreur décodage JWT:', error);
2885
- throw new Error('Token JWT invalide');
2961
+ console.error('❌ Token reçu:', token ? token.substring(0, 50) + '...' : 'undefined');
2962
+ throw new Error('Token JWT invalide: ' + error.message);
2886
2963
  }
2887
2964
  }
2888
2965