@artatol-acp/auth-nextjs 0.5.5 → 0.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/proxy.d.ts +16 -0
- package/dist/proxy.d.ts.map +1 -0
- package/dist/proxy.js +122 -0
- package/dist/proxy.js.map +1 -0
- package/package.json +5 -1
package/dist/proxy.d.ts
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { NextRequest, NextResponse } from 'next/server';
|
|
2
|
+
export type ACPAuthMiddlewareOptions = {
|
|
3
|
+
baseUrl: string;
|
|
4
|
+
apiKey?: string;
|
|
5
|
+
jwtPublicKey: string;
|
|
6
|
+
publicPaths?: string[];
|
|
7
|
+
loginPath?: string;
|
|
8
|
+
cookies?: {
|
|
9
|
+
domain?: string;
|
|
10
|
+
path?: string;
|
|
11
|
+
secure?: boolean;
|
|
12
|
+
sameSite?: 'strict' | 'lax' | 'none';
|
|
13
|
+
};
|
|
14
|
+
};
|
|
15
|
+
export declare function createACPAuthMiddleware(options: ACPAuthMiddlewareOptions): (request: NextRequest) => Promise<NextResponse<unknown>>;
|
|
16
|
+
//# sourceMappingURL=proxy.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;AAIF,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,wBAAwB,IAiB/B,SAAS,WAAW,oCAmG7D"}
|
package/dist/proxy.js
ADDED
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
import { NextResponse } from 'next/server';
|
|
2
|
+
import { jwtVerify, importSPKI } from 'jose';
|
|
3
|
+
let publicKey = null;
|
|
4
|
+
export function createACPAuthMiddleware(options) {
|
|
5
|
+
const { baseUrl, apiKey, jwtPublicKey, publicPaths = ['/login', '/register', '/forgot-password', '/reset-password', '/verify-email', '/verify-2fa'], loginPath = '/login', cookies: cookieConfig = {}, } = options;
|
|
6
|
+
const { domain: cookieDomain, path: cookiePath = '/', secure = process.env.NODE_ENV === 'production', sameSite = 'lax', } = cookieConfig;
|
|
7
|
+
return async function acpAuthMiddleware(request) {
|
|
8
|
+
const { pathname } = request.nextUrl;
|
|
9
|
+
console.log(`[ACP Auth Proxy] ${request.method} ${pathname}`);
|
|
10
|
+
// Allow public paths
|
|
11
|
+
if (publicPaths.some((path) => pathname.startsWith(path))) {
|
|
12
|
+
console.log(`[ACP Auth Proxy] Public path, allowing`);
|
|
13
|
+
return NextResponse.next();
|
|
14
|
+
}
|
|
15
|
+
// Allow API routes (they handle their own auth)
|
|
16
|
+
if (pathname.startsWith('/api/')) {
|
|
17
|
+
console.log(`[ACP Auth Proxy] API route, allowing`);
|
|
18
|
+
return NextResponse.next();
|
|
19
|
+
}
|
|
20
|
+
// Check for access token
|
|
21
|
+
const accessToken = request.cookies.get('access_token')?.value;
|
|
22
|
+
const refreshToken = request.cookies.get('refresh_token')?.value;
|
|
23
|
+
console.log(`[ACP Auth Proxy] access_token: ${accessToken ? 'present' : 'missing'}, refresh_token: ${refreshToken ? 'present' : 'missing'}`);
|
|
24
|
+
// If no access token, try to refresh
|
|
25
|
+
if (!accessToken) {
|
|
26
|
+
if (!refreshToken) {
|
|
27
|
+
// No tokens at all, redirect to login
|
|
28
|
+
console.log(`[ACP Auth Proxy] No tokens, redirecting to login`);
|
|
29
|
+
const url = request.nextUrl.clone();
|
|
30
|
+
url.pathname = loginPath;
|
|
31
|
+
url.searchParams.set('from', pathname);
|
|
32
|
+
return NextResponse.redirect(url);
|
|
33
|
+
}
|
|
34
|
+
// Try to refresh
|
|
35
|
+
const newAccessToken = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
36
|
+
if (!newAccessToken) {
|
|
37
|
+
// Refresh failed, redirect to login
|
|
38
|
+
const url = request.nextUrl.clone();
|
|
39
|
+
url.pathname = loginPath;
|
|
40
|
+
url.searchParams.set('from', pathname);
|
|
41
|
+
return NextResponse.redirect(url);
|
|
42
|
+
}
|
|
43
|
+
// Set new access token cookie and continue
|
|
44
|
+
const response = NextResponse.next();
|
|
45
|
+
response.cookies.set('access_token', newAccessToken, {
|
|
46
|
+
httpOnly: true,
|
|
47
|
+
secure,
|
|
48
|
+
sameSite,
|
|
49
|
+
maxAge: 60 * 5, // 5 minutes
|
|
50
|
+
path: cookiePath,
|
|
51
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
52
|
+
});
|
|
53
|
+
return response;
|
|
54
|
+
}
|
|
55
|
+
// Verify access token
|
|
56
|
+
try {
|
|
57
|
+
if (!publicKey) {
|
|
58
|
+
publicKey = await importSPKI(jwtPublicKey, 'EdDSA');
|
|
59
|
+
}
|
|
60
|
+
await jwtVerify(accessToken, publicKey, {
|
|
61
|
+
algorithms: ['EdDSA'],
|
|
62
|
+
});
|
|
63
|
+
return NextResponse.next();
|
|
64
|
+
}
|
|
65
|
+
catch {
|
|
66
|
+
// Token invalid or expired, try to refresh
|
|
67
|
+
if (!refreshToken) {
|
|
68
|
+
const url = request.nextUrl.clone();
|
|
69
|
+
url.pathname = loginPath;
|
|
70
|
+
url.searchParams.set('from', pathname);
|
|
71
|
+
return NextResponse.redirect(url);
|
|
72
|
+
}
|
|
73
|
+
const newAccessToken = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
74
|
+
if (!newAccessToken) {
|
|
75
|
+
// Refresh failed, redirect to login
|
|
76
|
+
const url = request.nextUrl.clone();
|
|
77
|
+
url.pathname = loginPath;
|
|
78
|
+
url.searchParams.set('from', pathname);
|
|
79
|
+
return NextResponse.redirect(url);
|
|
80
|
+
}
|
|
81
|
+
// Set new access token cookie and continue
|
|
82
|
+
const response = NextResponse.next();
|
|
83
|
+
response.cookies.set('access_token', newAccessToken, {
|
|
84
|
+
httpOnly: true,
|
|
85
|
+
secure,
|
|
86
|
+
sameSite,
|
|
87
|
+
maxAge: 60 * 5, // 5 minutes
|
|
88
|
+
path: cookiePath,
|
|
89
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
90
|
+
});
|
|
91
|
+
return response;
|
|
92
|
+
}
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
96
|
+
try {
|
|
97
|
+
const response = await fetch(`${baseUrl}/refresh`, {
|
|
98
|
+
method: 'POST',
|
|
99
|
+
headers: {
|
|
100
|
+
'Content-Type': 'application/json',
|
|
101
|
+
...(apiKey ? { 'X-API-Key': apiKey } : {}),
|
|
102
|
+
Cookie: `refresh_token=${refreshToken}`,
|
|
103
|
+
},
|
|
104
|
+
});
|
|
105
|
+
if (!response.ok) {
|
|
106
|
+
console.error('[ACP Auth Middleware] Refresh failed:', response.status);
|
|
107
|
+
return null;
|
|
108
|
+
}
|
|
109
|
+
const data = await response.json();
|
|
110
|
+
if (!data.success || !data.data?.accessToken) {
|
|
111
|
+
console.error('[ACP Auth Middleware] Invalid refresh response');
|
|
112
|
+
return null;
|
|
113
|
+
}
|
|
114
|
+
console.log('[ACP Auth Middleware] Token refreshed successfully');
|
|
115
|
+
return data.data.accessToken;
|
|
116
|
+
}
|
|
117
|
+
catch (error) {
|
|
118
|
+
console.error('[ACP Auth Middleware] Refresh error:', error);
|
|
119
|
+
return null;
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
//# sourceMappingURL=proxy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;AAgB3D,IAAI,SAAS,GAAmB,IAAI,CAAC;AAErC,MAAM,UAAU,uBAAuB,CAAC,OAAiC;IACvE,MAAM,EACJ,OAAO,EACP,MAAM,EACN,YAAY,EACZ,WAAW,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,aAAa,CAAC,EAC5G,SAAS,GAAG,QAAQ,EACpB,OAAO,EAAE,YAAY,GAAG,EAAE,GAC3B,GAAG,OAAO,CAAC;IAEZ,MAAM,EACJ,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,UAAU,GAAG,GAAG,EACtB,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAC9C,QAAQ,GAAG,KAAK,GACjB,GAAG,YAAY,CAAC;IAEjB,OAAO,KAAK,UAAU,iBAAiB,CAAC,OAAoB;QAC1D,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;QAErC,OAAO,CAAC,GAAG,CAAC,oBAAoB,OAAO,CAAC,MAAM,IAAI,QAAQ,EAAE,CAAC,CAAC;QAE9D,qBAAqB;QACrB,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,gDAAgD;QAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;YACpD,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,yBAAyB;QACzB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC;QAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;QAEjE,OAAO,CAAC,GAAG,CAAC,kCAAkC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,oBAAoB,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QAE7I,qCAAqC;QACrC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,sCAAsC;gBACtC,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;gBAChE,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,iBAAiB;YACjB,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YACvE,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,2CAA2C;YAC3C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,EAAE;gBACnD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC;YACH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,SAAS,CAAC,WAAW,EAAE,SAAS,EAAE;gBACtC,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;YAC3C,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,MAAM,cAAc,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YACvE,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,2CAA2C;YAC3C,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,EAAE;gBACnD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,MAA0B,EAC1B,YAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,UAAU,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1C,MAAM,EAAE,iBAAiB,YAAY,EAAE;aACxC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YACxE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;YAC7C,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;IAC/B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@artatol-acp/auth-nextjs",
|
|
3
|
-
"version": "0.5.
|
|
3
|
+
"version": "0.5.7",
|
|
4
4
|
"description": "Next.js SDK for Artatol Cloud Platform Authentication with support for App Router, Server Actions, and Middleware",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -25,6 +25,10 @@
|
|
|
25
25
|
"./middleware": {
|
|
26
26
|
"import": "./dist/middleware.js",
|
|
27
27
|
"types": "./dist/middleware.d.ts"
|
|
28
|
+
},
|
|
29
|
+
"./proxy": {
|
|
30
|
+
"import": "./dist/proxy.js",
|
|
31
|
+
"types": "./dist/proxy.d.ts"
|
|
28
32
|
}
|
|
29
33
|
},
|
|
30
34
|
"files": [
|