@auth-gate/nextjs 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.cjs +639 -0
  2. package/dist/index.d.cts +224 -0
  3. package/dist/index.d.ts +224 -0
  4. package/dist/index.mjs +608 -0
  5. package/package.json +36 -0
package/dist/index.cjs ADDED
@@ -0,0 +1,639 @@
1
+ "use strict";
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+
20
+ // src/index.ts
21
+ var index_exports = {};
22
+ __export(index_exports, {
23
+ SUPPORTED_PROVIDERS: () => import_core3.SUPPORTED_PROVIDERS,
24
+ createAuthGate: () => createAuthGate,
25
+ createAuthGateClient: () => import_core3.createAuthGateClient,
26
+ createAuthGateMiddleware: () => createAuthGateMiddleware,
27
+ createCatchAllHandler: () => createCatchAllHandler,
28
+ createHandlers: () => createHandlers,
29
+ createSessionHelpers: () => createSessionHelpers
30
+ });
31
+ module.exports = __toCommonJS(index_exports);
32
+ var import_core2 = require("@auth-gate/core");
33
+
34
+ // src/session.ts
35
+ var import_headers = require("next/headers");
36
+ function createSessionHelpers(client) {
37
+ async function getSession() {
38
+ const cookieStore = await (0, import_headers.cookies)();
39
+ const cookie = cookieStore.get(client.cookieName);
40
+ if (!cookie) return null;
41
+ return client.decryptSession(cookie.value);
42
+ }
43
+ async function setSession(user) {
44
+ const cookieStore = await (0, import_headers.cookies)();
45
+ const encrypted = await client.encryptSession(user);
46
+ const options = client.getSessionCookieOptions();
47
+ cookieStore.set(client.cookieName, encrypted, options);
48
+ }
49
+ async function clearSession() {
50
+ const cookieStore = await (0, import_headers.cookies)();
51
+ cookieStore.set(client.cookieName, "", {
52
+ httpOnly: true,
53
+ secure: process.env.NODE_ENV === "production",
54
+ sameSite: "lax",
55
+ maxAge: 0,
56
+ path: "/"
57
+ });
58
+ cookieStore.set(client.refreshTokenCookieName, "", {
59
+ httpOnly: true,
60
+ secure: process.env.NODE_ENV === "production",
61
+ sameSite: "lax",
62
+ maxAge: 0,
63
+ path: "/"
64
+ });
65
+ }
66
+ return { getSession, setSession, clearSession };
67
+ }
68
+
69
+ // src/handlers.ts
70
+ var import_headers2 = require("next/headers");
71
+ var import_server = require("next/server");
72
+ var import_core = require("@auth-gate/core");
73
+ function createHandlers(client, appUrl) {
74
+ const { getSession, setSession, clearSession } = createSessionHelpers(client);
75
+ async function providerLogin(_request, { params }) {
76
+ const { provider } = await params;
77
+ if (!import_core.SUPPORTED_PROVIDERS.includes(provider)) {
78
+ return import_server.NextResponse.json(
79
+ { error: "Unsupported provider" },
80
+ { status: 400 }
81
+ );
82
+ }
83
+ const { state, nonce } = await client.createState();
84
+ const cookieStore = await (0, import_headers2.cookies)();
85
+ cookieStore.set(client.nonceCookieName, nonce, client.getNonceCookieOptions());
86
+ const callbackUrl = `${appUrl}${client.callbackPath}`;
87
+ const authUrl = client.getOAuthUrl(provider, callbackUrl);
88
+ const url = new URL(authUrl);
89
+ url.searchParams.set("state", state);
90
+ return import_server.NextResponse.redirect(url);
91
+ }
92
+ async function callback(request) {
93
+ var _a;
94
+ const token = request.nextUrl.searchParams.get("token");
95
+ const state = request.nextUrl.searchParams.get("state");
96
+ const mfaChallenge = request.nextUrl.searchParams.get("mfa_challenge");
97
+ const mfaMethods = request.nextUrl.searchParams.get("mfa_methods");
98
+ const mfaSetupRequired = request.nextUrl.searchParams.get("mfa_setup_required");
99
+ const refreshToken = request.nextUrl.searchParams.get("refresh_token");
100
+ if (mfaChallenge) {
101
+ const mfaUrl = new URL("/mfa-verify", request.url);
102
+ mfaUrl.searchParams.set("mfa_challenge", mfaChallenge);
103
+ if (mfaMethods) mfaUrl.searchParams.set("mfa_methods", mfaMethods);
104
+ return import_server.NextResponse.redirect(mfaUrl);
105
+ }
106
+ if (!token) {
107
+ return import_server.NextResponse.redirect(
108
+ new URL("/login?error=missing_token", request.url)
109
+ );
110
+ }
111
+ if (state) {
112
+ const cookieStore = await (0, import_headers2.cookies)();
113
+ const nonce = (_a = cookieStore.get(client.nonceCookieName)) == null ? void 0 : _a.value;
114
+ cookieStore.set(client.nonceCookieName, "", {
115
+ httpOnly: true,
116
+ secure: process.env.NODE_ENV === "production",
117
+ sameSite: "lax",
118
+ maxAge: 0,
119
+ path: "/"
120
+ });
121
+ if (!nonce || !await client.verifyState(state, nonce)) {
122
+ return import_server.NextResponse.redirect(
123
+ new URL("/login?error=invalid_state", request.url)
124
+ );
125
+ }
126
+ }
127
+ const result = await client.verifyToken(token);
128
+ if (!result.valid || !result.user) {
129
+ return import_server.NextResponse.redirect(
130
+ new URL("/login?error=invalid_token", request.url)
131
+ );
132
+ }
133
+ await setSession(result.user);
134
+ if (refreshToken) {
135
+ const cookieStore = await (0, import_headers2.cookies)();
136
+ cookieStore.set(client.refreshTokenCookieName, refreshToken, {
137
+ httpOnly: true,
138
+ secure: process.env.NODE_ENV === "production",
139
+ sameSite: "lax",
140
+ maxAge: client.sessionMaxAge,
141
+ path: "/"
142
+ });
143
+ }
144
+ if (mfaSetupRequired) {
145
+ return import_server.NextResponse.redirect(new URL("/mfa-setup", request.url));
146
+ }
147
+ return import_server.NextResponse.redirect(new URL("/dashboard", request.url));
148
+ }
149
+ async function emailSignup(request) {
150
+ const body = await request.json();
151
+ const { email, password, name } = body;
152
+ if (!email || !password) {
153
+ return import_server.NextResponse.json(
154
+ { error: "Missing email or password" },
155
+ { status: 400 }
156
+ );
157
+ }
158
+ const response = await client.emailSignup({
159
+ email,
160
+ password,
161
+ name,
162
+ callbackUrl: `${appUrl}${client.callbackPath}`
163
+ });
164
+ if (!response.ok) {
165
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
166
+ return import_server.NextResponse.json(error, { status: response.status });
167
+ }
168
+ const data = await response.json().catch(() => ({ error: "Request failed" }));
169
+ const verified = await client.verifyToken(data.token);
170
+ if (!verified.valid || !verified.user) {
171
+ return import_server.NextResponse.json(
172
+ { error: "Token verification failed" },
173
+ { status: 401 }
174
+ );
175
+ }
176
+ await setSession(verified.user);
177
+ if (data.refresh_token) {
178
+ const cookieStore = await (0, import_headers2.cookies)();
179
+ cookieStore.set(client.refreshTokenCookieName, data.refresh_token, {
180
+ httpOnly: true,
181
+ secure: process.env.NODE_ENV === "production",
182
+ sameSite: "lax",
183
+ maxAge: client.sessionMaxAge,
184
+ path: "/"
185
+ });
186
+ }
187
+ return import_server.NextResponse.json({ success: true, redirect: "/dashboard" });
188
+ }
189
+ async function emailSignin(request) {
190
+ const body = await request.json();
191
+ const { email, password } = body;
192
+ if (!email || !password) {
193
+ return import_server.NextResponse.json(
194
+ { error: "Missing email or password" },
195
+ { status: 400 }
196
+ );
197
+ }
198
+ const response = await client.emailSignin({
199
+ email,
200
+ password,
201
+ callbackUrl: `${appUrl}${client.callbackPath}`
202
+ });
203
+ if (!response.ok) {
204
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
205
+ return import_server.NextResponse.json(error, { status: response.status });
206
+ }
207
+ const data = await response.json().catch(() => ({ error: "Request failed" }));
208
+ if (data.mfa_required) {
209
+ return import_server.NextResponse.json({
210
+ mfa_required: true,
211
+ mfa_challenge: data.mfa_challenge,
212
+ mfa_methods: data.mfa_methods
213
+ });
214
+ }
215
+ const verified = await client.verifyToken(data.token);
216
+ if (!verified.valid || !verified.user) {
217
+ return import_server.NextResponse.json(
218
+ { error: "Token verification failed" },
219
+ { status: 401 }
220
+ );
221
+ }
222
+ await setSession(verified.user);
223
+ if (data.refresh_token) {
224
+ const cookieStore = await (0, import_headers2.cookies)();
225
+ cookieStore.set(client.refreshTokenCookieName, data.refresh_token, {
226
+ httpOnly: true,
227
+ secure: process.env.NODE_ENV === "production",
228
+ sameSite: "lax",
229
+ maxAge: client.sessionMaxAge,
230
+ path: "/"
231
+ });
232
+ }
233
+ return import_server.NextResponse.json({
234
+ success: true,
235
+ redirect: data.mfa_setup_required ? "/mfa-setup" : "/dashboard"
236
+ });
237
+ }
238
+ async function emailForgotPassword(request) {
239
+ const body = await request.json();
240
+ const { email } = body;
241
+ if (!email) {
242
+ return import_server.NextResponse.json(
243
+ { error: "Missing email" },
244
+ { status: 400 }
245
+ );
246
+ }
247
+ const response = await client.emailForgotPassword({
248
+ email,
249
+ callbackUrl: `${appUrl}/reset-password`
250
+ });
251
+ if (!response.ok) {
252
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
253
+ return import_server.NextResponse.json(error, { status: response.status });
254
+ }
255
+ return import_server.NextResponse.json({ success: true });
256
+ }
257
+ async function emailResetPassword(request) {
258
+ const body = await request.json();
259
+ const { token, password } = body;
260
+ if (!token || !password) {
261
+ return import_server.NextResponse.json(
262
+ { error: "Missing token or password" },
263
+ { status: 400 }
264
+ );
265
+ }
266
+ const response = await client.emailResetPassword({ token, password });
267
+ if (!response.ok) {
268
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
269
+ return import_server.NextResponse.json(error, { status: response.status });
270
+ }
271
+ const data = await response.json().catch(() => ({ error: "Request failed" }));
272
+ if (data.token) {
273
+ const verified = await client.verifyToken(data.token);
274
+ if (verified.valid && verified.user) {
275
+ await setSession(verified.user);
276
+ return import_server.NextResponse.json({
277
+ success: true,
278
+ redirect: "/dashboard"
279
+ });
280
+ }
281
+ }
282
+ return import_server.NextResponse.json({ success: true, redirect: "/login" });
283
+ }
284
+ async function magicLinkSend(request) {
285
+ const body = await request.json();
286
+ const { email } = body;
287
+ if (!email) {
288
+ return import_server.NextResponse.json(
289
+ { error: "Missing email" },
290
+ { status: 400 }
291
+ );
292
+ }
293
+ const response = await client.magicLinkSend({
294
+ email,
295
+ callbackUrl: `${appUrl}${client.callbackPath}`
296
+ });
297
+ if (!response.ok) {
298
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
299
+ return import_server.NextResponse.json(error, { status: response.status });
300
+ }
301
+ return import_server.NextResponse.json({ success: true });
302
+ }
303
+ async function emailVerifyCode(request) {
304
+ const body = await request.json();
305
+ const { email, code } = body;
306
+ if (!email || !code) {
307
+ return import_server.NextResponse.json(
308
+ { error: "Missing email or code" },
309
+ { status: 400 }
310
+ );
311
+ }
312
+ const response = await client.emailVerifyCode({ email, code });
313
+ if (!response.ok) {
314
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
315
+ return import_server.NextResponse.json(error, { status: response.status });
316
+ }
317
+ return import_server.NextResponse.json({ success: true, email_verified: true });
318
+ }
319
+ async function smsSendCode(request) {
320
+ const body = await request.json();
321
+ const { phone } = body;
322
+ if (!phone) {
323
+ return import_server.NextResponse.json(
324
+ { error: "Missing phone number" },
325
+ { status: 400 }
326
+ );
327
+ }
328
+ const response = await client.smsSendCode({
329
+ phone,
330
+ callbackUrl: `${appUrl}${client.callbackPath}`
331
+ });
332
+ if (!response.ok) {
333
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
334
+ return import_server.NextResponse.json(error, { status: response.status });
335
+ }
336
+ return import_server.NextResponse.json({ success: true });
337
+ }
338
+ async function smsVerifyCode(request) {
339
+ const body = await request.json();
340
+ const { phone, code } = body;
341
+ if (!phone || !code) {
342
+ return import_server.NextResponse.json(
343
+ { error: "Missing phone or code" },
344
+ { status: 400 }
345
+ );
346
+ }
347
+ const response = await client.smsVerifyCode({
348
+ phone,
349
+ code,
350
+ callbackUrl: `${appUrl}${client.callbackPath}`
351
+ });
352
+ if (!response.ok) {
353
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
354
+ return import_server.NextResponse.json(error, { status: response.status });
355
+ }
356
+ const data = await response.json().catch(() => ({ error: "Request failed" }));
357
+ const verified = await client.verifyToken(data.token);
358
+ if (!verified.valid || !verified.user) {
359
+ return import_server.NextResponse.json(
360
+ { error: "Token verification failed" },
361
+ { status: 401 }
362
+ );
363
+ }
364
+ await setSession(verified.user);
365
+ return import_server.NextResponse.json({ success: true, redirect: "/dashboard" });
366
+ }
367
+ async function mfaVerify(request) {
368
+ const body = await request.json();
369
+ const { challenge, code, method } = body;
370
+ if (!challenge || !code || !method) {
371
+ return import_server.NextResponse.json(
372
+ { error: "Missing challenge, code, or method" },
373
+ { status: 400 }
374
+ );
375
+ }
376
+ const response = await client.mfaVerify({ challenge, code, method });
377
+ if (!response.ok) {
378
+ const error = await response.json().catch(() => ({ error: "Request failed" }));
379
+ return import_server.NextResponse.json(error, { status: response.status });
380
+ }
381
+ const data = await response.json();
382
+ const verified = await client.verifyToken(data.token);
383
+ if (!verified.valid || !verified.user) {
384
+ return import_server.NextResponse.json(
385
+ { error: "Token verification failed" },
386
+ { status: 401 }
387
+ );
388
+ }
389
+ await setSession(verified.user);
390
+ if (data.refresh_token) {
391
+ const cookieStore = await (0, import_headers2.cookies)();
392
+ cookieStore.set(client.refreshTokenCookieName, data.refresh_token, {
393
+ httpOnly: true,
394
+ secure: process.env.NODE_ENV === "production",
395
+ sameSite: "lax",
396
+ maxAge: client.sessionMaxAge,
397
+ path: "/"
398
+ });
399
+ }
400
+ return import_server.NextResponse.json({ success: true, redirect: "/dashboard" });
401
+ }
402
+ async function mfaTotpSetup() {
403
+ const cookieStore = await (0, import_headers2.cookies)();
404
+ const sessionCookie = cookieStore.get(client.cookieName);
405
+ if (!sessionCookie) {
406
+ return import_server.NextResponse.json({ error: "Unauthorized" }, { status: 401 });
407
+ }
408
+ return import_server.NextResponse.json(
409
+ { error: "Call /api/proxy/mfa/totp/setup directly with Bearer JWT" },
410
+ { status: 400 }
411
+ );
412
+ }
413
+ async function refresh() {
414
+ const cookieStore = await (0, import_headers2.cookies)();
415
+ const refreshCookie = cookieStore.get(client.refreshTokenCookieName);
416
+ if (!(refreshCookie == null ? void 0 : refreshCookie.value)) {
417
+ return import_server.NextResponse.json(
418
+ { error: "No refresh token" },
419
+ { status: 401 }
420
+ );
421
+ }
422
+ const result = await client.refreshToken(refreshCookie.value);
423
+ if (!result) {
424
+ return import_server.NextResponse.json(
425
+ { error: "Invalid refresh token" },
426
+ { status: 401 }
427
+ );
428
+ }
429
+ const verified = await client.verifyToken(result.token);
430
+ if (verified.valid && verified.user) {
431
+ await setSession(verified.user);
432
+ }
433
+ return import_server.NextResponse.json({ success: true, token: result.token });
434
+ }
435
+ async function logout() {
436
+ const cookieStore = await (0, import_headers2.cookies)();
437
+ const refreshCookie = cookieStore.get(client.refreshTokenCookieName);
438
+ if (refreshCookie == null ? void 0 : refreshCookie.value) {
439
+ await client.revokeSession(refreshCookie.value);
440
+ cookieStore.set(client.refreshTokenCookieName, "", {
441
+ httpOnly: true,
442
+ secure: process.env.NODE_ENV === "production",
443
+ sameSite: "lax",
444
+ maxAge: 0,
445
+ path: "/"
446
+ });
447
+ }
448
+ await clearSession();
449
+ return import_server.NextResponse.redirect(new URL("/", appUrl));
450
+ }
451
+ async function me() {
452
+ const user = await getSession();
453
+ if (!user) {
454
+ return import_server.NextResponse.json({ user: null });
455
+ }
456
+ const cookieStore = await (0, import_headers2.cookies)();
457
+ const refreshCookie = cookieStore.get(client.refreshTokenCookieName);
458
+ if (refreshCookie == null ? void 0 : refreshCookie.value) {
459
+ const result = await client.refreshToken(refreshCookie.value);
460
+ if (!result) {
461
+ await clearSession();
462
+ return import_server.NextResponse.json({ user: null });
463
+ }
464
+ const verified = await client.verifyToken(result.token);
465
+ if (verified.valid && verified.user) {
466
+ await setSession(verified.user);
467
+ return import_server.NextResponse.json({ user: verified.user });
468
+ }
469
+ }
470
+ return import_server.NextResponse.json({ user });
471
+ }
472
+ return {
473
+ providerLogin,
474
+ callback,
475
+ emailSignup,
476
+ emailSignin,
477
+ emailForgotPassword,
478
+ emailResetPassword,
479
+ emailVerifyCode,
480
+ magicLinkSend,
481
+ smsSendCode,
482
+ smsVerifyCode,
483
+ mfaVerify,
484
+ mfaTotpSetup,
485
+ refresh,
486
+ logout,
487
+ me
488
+ };
489
+ }
490
+ function createCatchAllHandler(client, appUrl) {
491
+ const handlers = createHandlers(client, appUrl);
492
+ async function GET(request, context) {
493
+ const { authgate: segments } = await context.params;
494
+ const path = segments.join("/");
495
+ if (segments.length === 2 && segments[1] === "login") {
496
+ return handlers.providerLogin(request, {
497
+ params: Promise.resolve({ provider: segments[0] })
498
+ });
499
+ }
500
+ if (path === "callback") {
501
+ return handlers.callback(request);
502
+ }
503
+ if (path === "me") {
504
+ return handlers.me();
505
+ }
506
+ return import_server.NextResponse.json({ error: "Not found" }, { status: 404 });
507
+ }
508
+ async function POST(request, context) {
509
+ const { authgate: segments } = await context.params;
510
+ const path = segments.join("/");
511
+ switch (path) {
512
+ case "email/signup":
513
+ return handlers.emailSignup(request);
514
+ case "email/signin":
515
+ return handlers.emailSignin(request);
516
+ case "email/forgot-password":
517
+ return handlers.emailForgotPassword(request);
518
+ case "email/reset-password":
519
+ return handlers.emailResetPassword(request);
520
+ case "email/verify-code":
521
+ return handlers.emailVerifyCode(request);
522
+ case "magic-link/send":
523
+ return handlers.magicLinkSend(request);
524
+ case "sms/send-code":
525
+ return handlers.smsSendCode(request);
526
+ case "sms/verify-code":
527
+ return handlers.smsVerifyCode(request);
528
+ case "mfa/verify":
529
+ return handlers.mfaVerify(request);
530
+ case "refresh":
531
+ return handlers.refresh();
532
+ case "logout":
533
+ return handlers.logout();
534
+ default:
535
+ return import_server.NextResponse.json({ error: "Not found" }, { status: 404 });
536
+ }
537
+ }
538
+ return { GET, POST };
539
+ }
540
+
541
+ // src/index.ts
542
+ var import_core3 = require("@auth-gate/core");
543
+
544
+ // src/middleware.ts
545
+ var import_server2 = require("next/server");
546
+ var REVALIDATION_INTERVAL = 300;
547
+ function patternToRegex(pattern) {
548
+ const regexStr = pattern.replace(/\/:(\w+)\*/g, "(?:/.*)?").replace(/\/:(\w+)/g, "/[^/]+");
549
+ return new RegExp(`^${regexStr}$`);
550
+ }
551
+ function matchesPath(pathname, patterns) {
552
+ return patterns.some((p) => patternToRegex(p).test(pathname));
553
+ }
554
+ function redirectToLogin(request, loginPath, client) {
555
+ const loginUrl = new URL(loginPath, request.url);
556
+ loginUrl.searchParams.set("redirect", request.nextUrl.pathname);
557
+ const response = import_server2.NextResponse.redirect(loginUrl);
558
+ response.cookies.set(client.cookieName, "", {
559
+ httpOnly: true,
560
+ secure: process.env.NODE_ENV === "production",
561
+ sameSite: "lax",
562
+ maxAge: 0,
563
+ path: "/"
564
+ });
565
+ response.cookies.set(client.refreshTokenCookieName, "", {
566
+ httpOnly: true,
567
+ secure: process.env.NODE_ENV === "production",
568
+ sameSite: "lax",
569
+ maxAge: 0,
570
+ path: "/"
571
+ });
572
+ return response;
573
+ }
574
+ function createAuthGateMiddleware(clientOrGetter, options) {
575
+ var _a, _b;
576
+ const loginPath = (_a = options == null ? void 0 : options.loginPath) != null ? _a : "/login";
577
+ const matcher = (_b = options == null ? void 0 : options.matcher) != null ? _b : ["/dashboard/:path*"];
578
+ const getClient = () => typeof clientOrGetter === "function" ? clientOrGetter() : clientOrGetter;
579
+ return async function authMiddleware(request) {
580
+ if (!matchesPath(request.nextUrl.pathname, matcher)) {
581
+ return null;
582
+ }
583
+ const client = getClient();
584
+ const cookie = request.cookies.get(client.cookieName);
585
+ if (!cookie) {
586
+ return redirectToLogin(request, loginPath, client);
587
+ }
588
+ const payload = await client.decryptSessionPayload(cookie.value);
589
+ if (!payload) {
590
+ return redirectToLogin(request, loginPath, client);
591
+ }
592
+ const refreshCookie = request.cookies.get(client.refreshTokenCookieName);
593
+ if (refreshCookie == null ? void 0 : refreshCookie.value) {
594
+ const now = Math.floor(Date.now() / 1e3);
595
+ const sessionAge = now - payload.iat;
596
+ if (sessionAge >= REVALIDATION_INTERVAL) {
597
+ const result = await client.refreshToken(refreshCookie.value);
598
+ if (!result) {
599
+ return redirectToLogin(request, loginPath, client);
600
+ }
601
+ const verified = await client.verifyToken(result.token);
602
+ if (!verified.valid || !verified.user) {
603
+ return redirectToLogin(request, loginPath, client);
604
+ }
605
+ const newCookieValue = await client.encryptSession(verified.user);
606
+ const response = import_server2.NextResponse.next();
607
+ response.cookies.set(
608
+ client.cookieName,
609
+ newCookieValue,
610
+ client.getSessionCookieOptions()
611
+ );
612
+ return response;
613
+ }
614
+ }
615
+ return null;
616
+ };
617
+ }
618
+
619
+ // src/index.ts
620
+ function createAuthGate(config) {
621
+ const client = (0, import_core2.createAuthGateClient)(config);
622
+ const session = createSessionHelpers(client);
623
+ const handlers = createCatchAllHandler(client, config.appUrl);
624
+ return {
625
+ client,
626
+ handlers,
627
+ session
628
+ };
629
+ }
630
+ // Annotate the CommonJS export names for ESM import in node:
631
+ 0 && (module.exports = {
632
+ SUPPORTED_PROVIDERS,
633
+ createAuthGate,
634
+ createAuthGateClient,
635
+ createAuthGateMiddleware,
636
+ createCatchAllHandler,
637
+ createHandlers,
638
+ createSessionHelpers
639
+ });