@auth-gate/nextjs 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +221 -0
  2. package/package.json +2 -2
package/README.md ADDED
@@ -0,0 +1,221 @@
1
+ # @auth-gate/nextjs
2
+
3
+ Next.js SDK for [AuthGate](https://authgate.dev) — drop-in authentication with OAuth, email, SMS, and MFA for Next.js App Router.
4
+
5
+ ## Installation
6
+
7
+ ```bash
8
+ npm install @auth-gate/nextjs
9
+ ```
10
+
11
+ ## Quick Start
12
+
13
+ ### 1. Environment Variables
14
+
15
+ ```env
16
+ AUTHGATE_API_KEY=your_api_key
17
+ AUTHGATE_PROJECT_ID=your_project_id
18
+ SESSION_SECRET=your-secret-at-least-32-characters-long
19
+ NEXT_PUBLIC_APP_URL=http://localhost:3000
20
+ ```
21
+
22
+ ### 2. Initialize the SDK
23
+
24
+ ```ts
25
+ // lib/auth.ts
26
+ import { createAuthGate } from "@auth-gate/nextjs";
27
+
28
+ export const { client, handlers, session } = createAuthGate({
29
+ apiKey: process.env.AUTHGATE_API_KEY!,
30
+ projectId: process.env.AUTHGATE_PROJECT_ID!,
31
+ baseUrl: "https://authgate.dev",
32
+ sessionSecret: process.env.SESSION_SECRET!,
33
+ appUrl: process.env.NEXT_PUBLIC_APP_URL!,
34
+ });
35
+ ```
36
+
37
+ ### 3. Create the Catch-All Route
38
+
39
+ ```ts
40
+ // app/api/auth/[...authgate]/route.ts
41
+ import { handlers } from "@/lib/auth";
42
+
43
+ export const { GET, POST } = handlers;
44
+ ```
45
+
46
+ That's it — all auth routes are now available.
47
+
48
+ ### 4. Read the Session
49
+
50
+ ```tsx
51
+ // app/dashboard/page.tsx
52
+ import { session } from "@/lib/auth";
53
+ import { redirect } from "next/navigation";
54
+
55
+ export default async function DashboardPage() {
56
+ const user = await session.getSession();
57
+ if (!user) redirect("/login");
58
+
59
+ return <p>Hello, {user.name}</p>;
60
+ }
61
+ ```
62
+
63
+ ## Route Map
64
+
65
+ The catch-all handler registers these routes under `/api/auth/`:
66
+
67
+ | Method | Route | Description |
68
+ |--------|-------|-------------|
69
+ | GET | `/api/auth/[provider]/login` | Start OAuth flow (google, github, discord, azure, apple) |
70
+ | GET | `/api/auth/callback` | OAuth / magic link callback |
71
+ | POST | `/api/auth/email/signup` | Email registration |
72
+ | POST | `/api/auth/email/signin` | Email sign-in |
73
+ | POST | `/api/auth/email/forgot-password` | Request password reset |
74
+ | POST | `/api/auth/email/reset-password` | Confirm password reset |
75
+ | POST | `/api/auth/email/verify-code` | Verify email with OTP |
76
+ | POST | `/api/auth/magic-link/send` | Send magic link |
77
+ | POST | `/api/auth/sms/send-code` | Send SMS code |
78
+ | POST | `/api/auth/sms/verify-code` | Verify SMS code |
79
+ | POST | `/api/auth/mfa/verify` | Complete MFA challenge |
80
+ | POST | `/api/auth/refresh` | Refresh session token |
81
+ | POST | `/api/auth/logout` | Sign out and revoke session |
82
+ | GET | `/api/auth/me` | Get current user |
83
+
84
+ ## Route Protection
85
+
86
+ ### Layout-Level (Recommended)
87
+
88
+ ```tsx
89
+ // app/dashboard/layout.tsx
90
+ import { session } from "@/lib/auth";
91
+ import { redirect } from "next/navigation";
92
+
93
+ export default async function DashboardLayout({ children }) {
94
+ const user = await session.getSession();
95
+ if (!user) redirect("/login");
96
+
97
+ return <>{children}</>;
98
+ }
99
+ ```
100
+
101
+ ### Middleware (Optional)
102
+
103
+ For protecting multiple route groups at the edge:
104
+
105
+ ```ts
106
+ // middleware.ts
107
+ import { createAuthGateMiddleware } from "@auth-gate/nextjs";
108
+ import { client } from "@/lib/auth";
109
+
110
+ const authMiddleware = createAuthGateMiddleware(client, {
111
+ loginPath: "/login",
112
+ matcher: ["/dashboard/:path*", "/settings/:path*"],
113
+ });
114
+
115
+ export async function middleware(request) {
116
+ const response = await authMiddleware(request);
117
+ if (response) return response;
118
+ // ...other middleware
119
+ }
120
+
121
+ export const config = {
122
+ matcher: ["/dashboard/:path*", "/settings/:path*"],
123
+ };
124
+ ```
125
+
126
+ The middleware decrypts the session cookie at the edge and redirects unauthenticated users. It also periodically revalidates sessions (every 5 minutes) using the refresh token.
127
+
128
+ ## Session Helpers
129
+
130
+ ```ts
131
+ import { session } from "@/lib/auth";
132
+
133
+ // Read the current user (server components, actions, route handlers)
134
+ const user = await session.getSession();
135
+
136
+ // Set a session (used internally by handlers)
137
+ await session.setSession(user);
138
+
139
+ // Clear the session
140
+ await session.clearSession();
141
+ ```
142
+
143
+ Sessions are AES-256-GCM encrypted cookies with a 7-day default TTL.
144
+
145
+ ## Authentication Examples
146
+
147
+ ### OAuth Sign-In
148
+
149
+ ```html
150
+ <a href="/api/auth/google/login">Sign in with Google</a>
151
+ <a href="/api/auth/github/login">Sign in with GitHub</a>
152
+ ```
153
+
154
+ ### Email Sign-In
155
+
156
+ ```ts
157
+ const res = await fetch("/api/auth/email/signin", {
158
+ method: "POST",
159
+ headers: { "Content-Type": "application/json" },
160
+ body: JSON.stringify({ email, password }),
161
+ });
162
+
163
+ const data = await res.json();
164
+
165
+ if (data.mfa_required) {
166
+ // Handle MFA challenge
167
+ const mfaRes = await fetch("/api/auth/mfa/verify", {
168
+ method: "POST",
169
+ headers: { "Content-Type": "application/json" },
170
+ body: JSON.stringify({
171
+ mfa_challenge: data.mfa_challenge,
172
+ code: totpCode,
173
+ method: "totp",
174
+ }),
175
+ });
176
+ }
177
+ ```
178
+
179
+ ### SMS Sign-In
180
+
181
+ ```ts
182
+ await fetch("/api/auth/sms/send-code", {
183
+ method: "POST",
184
+ headers: { "Content-Type": "application/json" },
185
+ body: JSON.stringify({ phone: "+15551234567" }),
186
+ });
187
+
188
+ await fetch("/api/auth/sms/verify-code", {
189
+ method: "POST",
190
+ headers: { "Content-Type": "application/json" },
191
+ body: JSON.stringify({ phone: "+15551234567", code: "123456" }),
192
+ });
193
+ ```
194
+
195
+ ## API Reference
196
+
197
+ ### `createAuthGate(config)`
198
+
199
+ Creates the SDK instance. Returns `{ client, handlers, session }`.
200
+
201
+ | Option | Type | Required | Description |
202
+ |--------|------|----------|-------------|
203
+ | `apiKey` | `string` | Yes | AuthGate API key |
204
+ | `projectId` | `string` | Yes | AuthGate project ID |
205
+ | `baseUrl` | `string` | Yes | AuthGate instance URL |
206
+ | `sessionSecret` | `string` | Yes | Encryption secret (min 32 chars) |
207
+ | `appUrl` | `string` | Yes | Your app's URL |
208
+ | `cookieName` | `string` | No | Cookie name (default: `__authgate`) |
209
+ | `sessionMaxAge` | `number` | No | Session TTL in seconds (default: `604800`) |
210
+ | `callbackPath` | `string` | No | Callback path (default: `/api/auth/callback`) |
211
+
212
+ ### `createAuthGateMiddleware(client, options?)`
213
+
214
+ | Option | Type | Default | Description |
215
+ |--------|------|---------|-------------|
216
+ | `loginPath` | `string` | `"/login"` | Redirect path for unauthenticated users |
217
+ | `matcher` | `string[]` | `["/dashboard/:path*"]` | Route patterns to protect |
218
+
219
+ ## License
220
+
221
+ MIT
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@auth-gate/nextjs",
3
- "version": "0.1.0",
3
+ "version": "0.2.0",
4
4
  "type": "module",
5
5
  "exports": {
6
6
  ".": {
@@ -16,7 +16,7 @@
16
16
  "dist"
17
17
  ],
18
18
  "dependencies": {
19
- "@auth-gate/core": "0.1.0"
19
+ "@auth-gate/core": "0.2.0"
20
20
  },
21
21
  "peerDependencies": {
22
22
  "next": ">=14"