make http client aware of the csrf token

Author: alexzarbn

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@tailflow/laravel-orion",
-	"version": "2.1.2",
+	"version": "3.0.0",
 	"description": "Typescript SDK for Laravel Orion",
 	"keywords": [
 		"laravel orion",

src/drivers/default/builders/queryBuilder.ts

@@ -52,7 +52,7 @@ export class QueryBuilder<
 	}
 
 	public async get(limit: number = 15, page: number = 1): Promise<Array<M>> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: Array<AllAttributes & Relations>}>(
 			'',
 			HttpMethod.GET,
 			this.prepareQueryParams({ limit, page })
@@ -64,7 +64,7 @@ export class QueryBuilder<
 	}
 
 	public async search(limit: number = 15, page: number = 1): Promise<Array<M>> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: Array<AllAttributes & Relations>}>(
 			'/search',
 			HttpMethod.POST,
 			this.prepareQueryParams({ limit, page }),
@@ -82,7 +82,7 @@ export class QueryBuilder<
 	}
 
 	public async find(key: Key): Promise<M> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: AllAttributes & Relations}>(
 			`/${key}`,
 			HttpMethod.GET,
 			this.prepareQueryParams()
@@ -92,29 +92,29 @@ export class QueryBuilder<
 	}
 
 	public async store(attributes: Attributes): Promise<M> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: AllAttributes & Relations}>(
 			'',
 			HttpMethod.POST,
 			this.prepareQueryParams(),
-			attributes
+			attributes as Record<string, unknown>
 		);
 
 		return this.hydrate(response.data.data, response);
 	}
 
 	public async update(key: Key, attributes: Attributes): Promise<M> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: AllAttributes & Relations}>(
 			`/${key}`,
 			HttpMethod.PATCH,
 			this.prepareQueryParams(),
-			attributes
+			attributes as Record<string, unknown>
 		);
 
 		return this.hydrate(response.data.data, response);
 	}
 
 	public async destroy(key: Key, force: boolean = false): Promise<M> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: AllAttributes & Relations}>(
 			`/${key}`,
 			HttpMethod.DELETE,
 			this.prepareQueryParams({ force })
@@ -124,7 +124,7 @@ export class QueryBuilder<
 	}
 
 	public async restore(key: Key): Promise<M> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: AllAttributes & Relations}>(
 			`/${key}/restore`,
 			HttpMethod.POST,
 			this.prepareQueryParams()

src/drivers/default/builders/relationQueryBuilder.ts

@@ -23,7 +23,7 @@ export class RelationQueryBuilder<
 			Relations,
 			Key
 		>,
-		parent: Model<any>
+		parent: Model
 	) {
 		super(relationConstructor);
 

src/drivers/default/relations/belongsToMany.ts

@@ -1,14 +1,16 @@
-import { Model } from '../../../model';
-import { RelationQueryBuilder } from '../builders/relationQueryBuilder';
-import { HttpMethod } from '../enums/httpMethod';
-import { AttachResult } from '../results/attachResult';
-import { ExtractModelAttributesType } from '../../../types/extractModelAttributesType';
-import { DetachResult } from '../results/detachResult';
-import { SyncResult } from '../results/syncResult';
-import { ToggleResult } from '../results/toggleResult';
-import { UpdatePivotResult } from '../results/updatePivotResult';
-import { ExtractModelPersistedAttributesType } from '../../../types/extractModelPersistedAttributesType';
-import { ExtractModelRelationsType } from '../../../types/extractModelRelationsType';
+import {Model} from '../../../model';
+import {RelationQueryBuilder} from '../builders/relationQueryBuilder';
+import {HttpMethod} from '../enums/httpMethod';
+import {AttachResult} from '../results/attachResult';
+import {ExtractModelAttributesType} from '../../../types/extractModelAttributesType';
+import {DetachResult} from '../results/detachResult';
+import {SyncResult} from '../results/syncResult';
+import {ToggleResult} from '../results/toggleResult';
+import {UpdatePivotResult} from '../results/updatePivotResult';
+import {
+	ExtractModelPersistedAttributesType
+} from '../../../types/extractModelPersistedAttributesType';
+import {ExtractModelRelationsType} from '../../../types/extractModelRelationsType';
 
 export class BelongsToMany<
 	Relation extends Model,
@@ -21,10 +23,10 @@ export class BelongsToMany<
 		keys: Array<number | string>,
 		duplicates: boolean = false
 	): Promise<AttachResult> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{ attached: Array<number | string> }>(
 			`/attach`,
 			HttpMethod.POST,
-			{ duplicates: duplicates ? 1 : 0 },
+			{duplicates: duplicates ? 1 : 0},
 			{
 				resources: keys,
 			}
@@ -37,37 +39,39 @@ export class BelongsToMany<
 		resources: Record<string, Pivot>,
 		duplicates: boolean = false
 	): Promise<AttachResult> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{ attached: Array<number | string> }>(
 			`/attach`,
 			HttpMethod.POST,
-			{ duplicates: duplicates ? 1 : 0 },
-			{ resources }
+			{duplicates: duplicates ? 1 : 0},
+			{resources}
 		);
 
 		return new AttachResult(response.data.attached);
 	}
 
 	public async detach(keys: Array<number | string>): Promise<DetachResult> {
-		const response = await this.httpClient.request(`/detach`, HttpMethod.DELETE, null, {
+		const response = await this.httpClient.request<{ detached: Array<number | string> }>(`/detach`, HttpMethod.DELETE, null, {
 			resources: keys,
 		});
 
 		return new DetachResult(response.data.detached);
 	}
 
 	public async detachWithFields(resources: Record<string, Pivot>): Promise<DetachResult> {
-		const response = await this.httpClient.request(`/detach`, HttpMethod.DELETE, null, {
+		const response = await this.httpClient.request<{ detached: Array<number | string> }>(`/detach`, HttpMethod.DELETE, null, {
 			resources,
 		});
 
 		return new DetachResult(response.data.detached);
 	}
 
 	public async sync(keys: Array<number | string>, detaching: boolean = true): Promise<SyncResult> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<
+			{ attached: Array<number | string>, updated: Array<number | string>, detached: Array<number | string> }
+		>(
 			`/sync`,
 			HttpMethod.PATCH,
-			{ detaching: detaching ? 1 : 0 },
+			{detaching: detaching ? 1 : 0},
 			{
 				resources: keys,
 			}
@@ -80,34 +84,40 @@ export class BelongsToMany<
 		resources: Record<string, Pivot>,
 		detaching: boolean = true
 	): Promise<SyncResult> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<
+			{ attached: Array<number | string>, updated: Array<number | string>, detached: Array<number | string> }
+		>(
 			`/sync`,
 			HttpMethod.PATCH,
-			{ detaching: detaching ? 1 : 0 },
-			{ resources }
+			{detaching: detaching ? 1 : 0},
+			{resources}
 		);
 
 		return new SyncResult(response.data.attached, response.data.updated, response.data.detached);
 	}
 
 	public async toggle(keys: Array<number | string>): Promise<ToggleResult> {
-		const response = await this.httpClient.request(`/toggle`, HttpMethod.PATCH, null, {
+		const response = await this.httpClient.request<
+			{ attached: Array<number | string>, detached: Array<number | string> }
+		>(`/toggle`, HttpMethod.PATCH, null, {
 			resources: keys,
 		});
 
 		return new ToggleResult(response.data.attached, response.data.detached);
 	}
 
 	public async toggleWithFields(resources: Record<string, Pivot>): Promise<ToggleResult> {
-		const response = await this.httpClient.request(`/toggle`, HttpMethod.PATCH, null, {
+		const response = await this.httpClient.request<
+			{ attached: Array<number | string>, detached: Array<number | string> }
+		>(`/toggle`, HttpMethod.PATCH, null, {
 			resources,
 		});
 
 		return new ToggleResult(response.data.attached, response.data.detached);
 	}
 
 	public async updatePivot(key: number | string, pivot: Pivot): Promise<UpdatePivotResult> {
-		const response = await this.httpClient.request(`/${key}/pivot`, HttpMethod.PATCH, null, {
+		const response = await this.httpClient.request<{ updated: Array<string | number> }>(`/${key}/pivot`, HttpMethod.PATCH, null, {
 			pivot,
 		});
 

src/drivers/default/relations/hasMany.ts

@@ -12,7 +12,7 @@ export class HasMany<
 	Relations = ExtractModelRelationsType<Relation>
 > extends RelationQueryBuilder<Relation, Attributes, PersistedAttributes, Relations> {
 	public async associate(key: string | number): Promise<Relation> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: Attributes & PersistedAttributes & Relations}>(
 			`/associate`,
 			HttpMethod.POST,
 			this.prepareQueryParams(),
@@ -25,7 +25,7 @@ export class HasMany<
 	}
 
 	public async dissociate(key: string | number): Promise<Relation> {
-		const response = await this.httpClient.request(
+		const response = await this.httpClient.request<{data: Attributes & PersistedAttributes & Relations}>(
 			`/${key}/dissociate`,
 			HttpMethod.DELETE,
 			this.prepareQueryParams()

src/httpClient.ts

@@ -1,22 +1,23 @@
-import { HttpMethod } from './drivers/default/enums/httpMethod';
-import { Orion } from './orion';
-import { AxiosInstance, AxiosRequestConfig, AxiosResponse } from 'axios';
+import {HttpMethod} from './drivers/default/enums/httpMethod';
+import {Orion} from './orion';
+import {AxiosInstance, AxiosRequestConfig, AxiosResponse} from 'axios';
+import {AuthDriver} from "./drivers/default/enums/authDriver";
 
 export class HttpClient {
-	protected baseUrl: string;
-	protected client: AxiosInstance;
+	protected static csrfTokenFetched = false;
 
-	constructor(baseUrl: string, client: AxiosInstance) {
+	constructor(protected baseUrl: string, protected client: AxiosInstance, protected authDriver: AuthDriver) {
 		this.baseUrl = baseUrl;
 		this.client = client;
+		this.authDriver = authDriver;
 	}
 
-	public async request(
+	public async request<Response extends Record<string, unknown>>(
 		url: string,
 		method: HttpMethod,
-		params: any = {},
-		data: any = {}
-	): Promise<AxiosResponse> {
+		params: Record<string, unknown> | null = {},
+		data: Record<string, unknown> = {}
+	): Promise<AxiosResponse<Response>> {
 		const config: AxiosRequestConfig = Object.assign(Orion.getHttpClientConfig(), {
 			baseURL: this.baseUrl,
 			url,
@@ -26,9 +27,75 @@ export class HttpClient {
 
 		if (method !== HttpMethod.GET) {
 			config.data = data;
+
+			if (!HttpClient.csrfTokenFetched && this.authDriver === AuthDriver.Sanctum) {
+				await this.fetchCsrfToken();
+			}
 		}
 
-		return this.client.request(config);
+		return this.client.request<Response>(config);
+	}
+
+	public async get<Response extends Record<string, unknown>>(url: string, params: Record<string, unknown>): Promise<AxiosResponse<Response>> {
+		return this.request<Response>(
+			url, HttpMethod.GET, params
+		)
+	}
+
+	public async post<Response extends Record<string, unknown>>(url: string, params: Record<string, unknown>, data: Record<string, unknown>): Promise<AxiosResponse<Response>> {
+		return this.request<Response>(
+			url, HttpMethod.POST, params, data
+		)
+	}
+
+	public async patch<Response extends Record<string, unknown>>(url: string, params: Record<string, unknown>, data: Record<string, unknown>): Promise<AxiosResponse<Response>> {
+		return this.request<Response>(
+			url, HttpMethod.PATCH, params, data
+		)
+	}
+
+	public async delete<Response extends Record<string, unknown>>(url: string, params: Record<string, unknown>): Promise<AxiosResponse<Response>> {
+		return this.request<Response>(
+			url, HttpMethod.DELETE, params
+		)
+	}
+
+	public async fetchCsrfToken(): Promise<void> {
+		if (this.authDriver !== AuthDriver.Sanctum) {
+			throw new Error(
+				`Current auth driver is set to "${this.authDriver}". Fetching CSRF cookie can only be used with "sanctum" driver.`
+			);
+		}
+
+		let response = null;
+
+		try {
+			response = await this
+				.getAxios()
+				.get(`sanctum/csrf-cookie`, {baseURL: Orion.getHost()});
+		} catch (error) {
+			throw new Error(
+				`Unable to retrieve XSRF token cookie due to network error. Please ensure that SANCTUM_STATEFUL_DOMAINS and SESSION_DOMAIN environment variables are configured correctly on the API side.`
+			);
+		}
+
+		const xsrfTokenPresent =
+			document.cookie
+				.split(';')
+				.filter((cookie: string) =>
+					cookie.includes(this.getAxios().defaults.xsrfCookieName || 'XSRF-TOKEN')
+				).length > 0;
+
+		if (!xsrfTokenPresent) {
+			console.log(`Response status: ${response.status}`);
+			console.log(`Response headers:`);
+			console.log(response.headers);
+			console.log(`Cookies: ${document.cookie}`);
+
+			throw new Error(
+				`XSRF token cookie is missing in the response. Please ensure that SANCTUM_STATEFUL_DOMAINS and SESSION_DOMAIN environment variables are configured correctly on the API side.`
+			);
+		}
 	}
 
 	public getAxios(): AxiosInstance {