@betterportal/auth-authress-io 0.0.1 → 10.0.1

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/route.impl.d.ts

@@ -0,0 +1,92 @@
+import * as av from "anyvali";
+import type { Infer } from "anyvali";
+import { type ApiAuthRequirement, type CacheHints, type BetterPortalRouteChrome } from "@betterportal/framework";
+export declare const QuerySchema: av.ObjectSchema<{
+    action: av.OptionalSchema<av.StringSchema>;
+    next: av.OptionalSchema<av.StringSchema>;
+    redirect: av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const HeadersSchema: av.ObjectSchema<{}>;
+export declare const RequestSchema: av.ObjectSchema<{
+    accessToken: av.StringSchema;
+    next: av.OptionalSchema<av.StringSchema>;
+    userId: av.OptionalSchema<av.StringSchema>;
+    name: av.OptionalSchema<av.StringSchema>;
+    email: av.OptionalSchema<av.StringSchema>;
+    picture: av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const ResponseSchema: av.ObjectSchema<{
+    status: av.EnumSchema<readonly ["ok", "error"]>;
+    message: av.OptionalSchema<av.StringSchema>;
+    authressApiUrl: av.OptionalSchema<av.StringSchema>;
+    authressApplicationId: av.OptionalSchema<av.StringSchema>;
+    scopes: av.ArraySchema<av.StringSchema>;
+    alreadyLoggedIn: av.OptionalSchema<av.BoolSchema>;
+    loggedOut: av.OptionalSchema<av.BoolSchema>;
+    nextUrl: av.OptionalSchema<av.StringSchema>;
+    expiresInSeconds: av.OptionalSchema<av.IntSchema>;
+    user: av.OptionalSchema<av.ObjectSchema<{
+        id: av.OptionalSchema<av.StringSchema>;
+        name: av.OptionalSchema<av.StringSchema>;
+        email: av.OptionalSchema<av.StringSchema>;
+        picture: av.OptionalSchema<av.StringSchema>;
+    }>>;
+}>;
+export type ResponseData = Infer<typeof ResponseSchema>;
+export declare const title = "Authress Login";
+export declare const description = "Authenticate with Authress and store the Authress bearer token.";
+export declare const role = "auth.login";
+export declare const dependencies: string[];
+export declare const chrome: BetterPortalRouteChrome;
+export declare const auth: ApiAuthRequirement;
+export declare const cacheHints: CacheHints;
+export declare const handleGet: import("@betterportal/framework").RouteHandler<Record<string, string>, {
+    action?: string | undefined;
+    next?: string | undefined;
+    redirect?: string | undefined;
+}, {}, Record<string, unknown>, {
+    status: "ok" | "error";
+    scopes: string[];
+    message?: string | undefined;
+    authressApiUrl?: string | undefined;
+    authressApplicationId?: string | undefined;
+    alreadyLoggedIn?: boolean | undefined;
+    loggedOut?: boolean | undefined;
+    nextUrl?: string | undefined;
+    expiresInSeconds?: number | undefined;
+    user?: {
+        id?: string | undefined;
+        name?: string | undefined;
+        email?: string | undefined;
+        picture?: string | undefined;
+    } | undefined;
+}, unknown, Record<string, unknown>>;
+export declare const handlePost: import("@betterportal/framework").RouteHandler<Record<string, string>, {
+    action?: string | undefined;
+    next?: string | undefined;
+    redirect?: string | undefined;
+}, Record<string, string>, {
+    accessToken: string;
+    next?: string | undefined;
+    userId?: string | undefined;
+    name?: string | undefined;
+    email?: string | undefined;
+    picture?: string | undefined;
+}, {
+    status: "ok" | "error";
+    scopes: string[];
+    message?: string | undefined;
+    authressApiUrl?: string | undefined;
+    authressApplicationId?: string | undefined;
+    alreadyLoggedIn?: boolean | undefined;
+    loggedOut?: boolean | undefined;
+    nextUrl?: string | undefined;
+    expiresInSeconds?: number | undefined;
+    user?: {
+        id?: string | undefined;
+        name?: string | undefined;
+        email?: string | undefined;
+        picture?: string | undefined;
+    } | undefined;
+}, unknown, Record<string, unknown>>;
+//# sourceMappingURL=route.impl.d.ts.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/route.impl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.impl.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/login/route.impl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,UAAU,EACf,KAAK,uBAAuB,EAC7B,MAAM,yBAAyB,CAAC;AAKjC,eAAO,MAAM,WAAW;;;;EAII,CAAC;AAE7B,eAAO,MAAM,aAAa,qBAA0C,CAAC;AAErE,eAAO,MAAM,aAAa;;;;;;;EAOE,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;EAgBC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,mBAAmB,CAAC;AACtC,eAAO,MAAM,WAAW,oEAAoE,CAAC;AAC7F,eAAO,MAAM,IAAI,eAAe,CAAC;AACjC,eAAO,MAAM,YAAY,UAAoC,CAAC;AAC9D,eAAO,MAAM,MAAM,EAAE,uBAA8C,CAAC;AACpE,eAAO,MAAM,IAAI,EAAE,kBAAyD,CAAC;AAC7E,eAAO,MAAM,UAAU,EAAE,UAA0C,CAAC;AAsCpE,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;oCAqDrB,CAAC;AAEF,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;oCA8DtB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/route.impl.js

@@ -0,0 +1,187 @@
+import * as av from "anyvali";
+import { createHandler } from "@betterportal/framework";
+import { resolveAuthressAppConfig, resolveAuthressBrowserConfig } from "../../index.js";
+export const QuerySchema = av.object({
+    action: av.optional(av.string()),
+    next: av.optional(av.string()),
+    redirect: av.optional(av.string())
+}, { unknownKeys: "strip" });
+export const HeadersSchema = av.object({}, { unknownKeys: "strip" });
+export const RequestSchema = av.object({
+    accessToken: av.string().minLength(1),
+    next: av.optional(av.string()),
+    userId: av.optional(av.string()),
+    name: av.optional(av.string()),
+    email: av.optional(av.string()),
+    picture: av.optional(av.string())
+}, { unknownKeys: "strip" });
+export const ResponseSchema = av.object({
+    status: av.enum_(["ok", "error"]),
+    message: av.optional(av.string()),
+    authressApiUrl: av.optional(av.string()),
+    authressApplicationId: av.optional(av.string()),
+    scopes: av.array(av.string()).default([]),
+    alreadyLoggedIn: av.optional(av.bool()),
+    loggedOut: av.optional(av.bool()),
+    nextUrl: av.optional(av.string()),
+    expiresInSeconds: av.optional(av.int().min(1)),
+    user: av.optional(av.object({
+        id: av.optional(av.string()),
+        name: av.optional(av.string()),
+        email: av.optional(av.string()),
+        picture: av.optional(av.string())
+    }, { unknownKeys: "strip" }))
+}, { unknownKeys: "strip" });
+export const title = "Authress Login";
+export const description = "Authenticate with Authress and store the Authress bearer token.";
+export const role = "auth.login";
+export const dependencies = ["logout.index", "refresh.index"];
+export const chrome = { fullScreen: true };
+export const auth = { required: false, permissions: [] };
+export const cacheHints = { ttlSeconds: 0, varyBy: [] };
+function normalizeRedirect(raw) {
+    const redirect = raw?.trim();
+    if (!redirect)
+        return "/";
+    if (redirect.startsWith("http://") || redirect.startsWith("https://"))
+        return redirect;
+    return redirect.startsWith("/") ? redirect : `/${redirect}`;
+}
+function secondsUntilJwtExpiry(token) {
+    const [, payload] = token.split(".");
+    if (!payload)
+        return undefined;
+    try {
+        const parsed = JSON.parse(Buffer.from(payload, "base64url").toString("utf8"));
+        if (typeof parsed.exp !== "number")
+            return undefined;
+        return Math.max(1, Math.floor(parsed.exp - Date.now() / 1000));
+    }
+    catch {
+        return undefined;
+    }
+}
+function splitScopes(value) {
+    return (value ?? "openid profile email")
+        .split(/\s+/)
+        .map((entry) => entry.trim())
+        .filter((entry) => entry.length > 0);
+}
+function pluginFrom(ctx) {
+    const plugin = ctx.plugin;
+    if (!plugin)
+        throw new Error("Authress plugin not available on handler context");
+    return plugin;
+}
+function profileValue(value) {
+    return typeof value === "string" && value.trim().length > 0 ? value.trim() : undefined;
+}
+export const handleGet = createHandler({ response: ResponseSchema, query: QuerySchema, headers: HeadersSchema }, async (ctx) => {
+    const appConfig = resolveAuthressAppConfig(ctx.config);
+    const nextUrl = normalizeRedirect(ctx.query.next ?? ctx.query.redirect ?? appConfig?.loginRedirectPath);
+    const browserConfig = resolveAuthressBrowserConfig(ctx.config);
+    if (ctx.query.action === "logout") {
+        const loggedOutUrl = normalizeRedirect(appConfig?.logoutRedirectPath);
+        ctx.bpHeaders?.remove("Authorization");
+        ctx.bpHeaders?.remove("X-BP-Refresh");
+        if (ctx.serviceId)
+            ctx.responseHeaders?.set("HX-Trigger", `bp:fragments:${ctx.serviceId}`);
+        return {
+            status: "ok",
+            message: "Signed out.",
+            authressApiUrl: browserConfig?.authressApiUrl,
+            authressApplicationId: browserConfig?.applicationId,
+            loggedOut: true,
+            scopes: [],
+            nextUrl: loggedOutUrl
+        };
+    }
+    if (ctx.user) {
+        return {
+            status: "ok",
+            message: "Already signed in.",
+            authressApiUrl: browserConfig?.authressApiUrl,
+            authressApplicationId: browserConfig?.applicationId,
+            alreadyLoggedIn: true,
+            scopes: [],
+            nextUrl,
+            user: {
+                id: ctx.user.sub,
+                name: ctx.user.name,
+                email: ctx.user.email,
+                picture: ctx.user.picture
+            }
+        };
+    }
+    const config = browserConfig;
+    if (!config) {
+        return { status: "error", message: "Authress browser config is missing authressApiUrl or applicationId.", scopes: [], nextUrl };
+    }
+    return {
+        status: "ok",
+        message: "Start Authress sign in.",
+        authressApiUrl: config.authressApiUrl,
+        authressApplicationId: config.applicationId,
+        scopes: splitScopes(config.scopes),
+        nextUrl
+    };
+});
+export const handlePost = createHandler({ response: ResponseSchema, query: QuerySchema, request: RequestSchema }, async (ctx) => {
+    const request = ctx.request;
+    const config = resolveAuthressAppConfig(ctx.config);
+    const nextUrl = normalizeRedirect(request.next ?? ctx.query.next ?? config?.loginRedirectPath);
+    if (!config) {
+        return { status: "error", message: "Authress config is missing authressApiUrl or applicationId.", scopes: [], nextUrl };
+    }
+    let user;
+    try {
+        user = await pluginFrom(ctx).verifyAuthressToken(request.accessToken, config, { tenantId: ctx.tenant.id, appId: ctx.app.id });
+    }
+    catch (error) {
+        ctx.obs?.error(error);
+        return { status: "error", message: `Authress token verification failed: ${error.message}`, scopes: [], nextUrl };
+    }
+    if (request.userId && request.userId !== user.sub) {
+        return { status: "error", message: "Authress profile subject does not match token subject.", scopes: [], nextUrl };
+    }
+    const issued = pluginFrom(ctx).issueTokenPair({
+        sub: user.sub,
+        tenantId: ctx.tenant.id,
+        appId: ctx.app.id,
+        roles: user.roles,
+        authProvider: "authress.io",
+        providerSubject: user.sub,
+        provider: user.provider,
+        name: profileValue(request.name) || user.name,
+        email: profileValue(request.email) || user.email,
+        picture: profileValue(request.picture) || user.picture
+    }, { includeRefreshToken: false });
+    ctx.bpHeaders?.set("Authorization", `Bearer ${issued.accessToken}`, {
+        locked: true,
+        expiresInSeconds: issued.accessTokenExpiresInSeconds,
+        refreshPath: "/refresh",
+        refreshBeforeSeconds: 60
+    });
+    ctx.bpHeaders?.set("X-BP-Refresh", request.accessToken, {
+        locked: true,
+        scopeToOwner: true,
+        expiresInSeconds: secondsUntilJwtExpiry(request.accessToken)
+    });
+    ctx.responseHeaders?.set("HX-Redirect", nextUrl);
+    if (ctx.serviceId)
+        ctx.responseHeaders?.set("HX-Trigger", `bp:fragments:${ctx.serviceId}`);
+    return {
+        status: "ok",
+        message: "Signed in.",
+        scopes: [],
+        nextUrl,
+        expiresInSeconds: issued.accessTokenExpiresInSeconds,
+        user: {
+            id: user.sub,
+            name: profileValue(request.name) ?? user.name,
+            email: profileValue(request.email) ?? user.email,
+            picture: profileValue(request.picture) ?? user.picture
+        }
+    };
+});
+//# sourceMappingURL=route.impl.js.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/login/route.impl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.impl.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/login/route.impl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EACL,aAAa,EAId,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,wBAAwB,EAAE,4BAA4B,EAAE,MAAM,gBAAgB,CAAC;AAExF,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC;IACnC,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAChC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CACnC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAErE,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,WAAW,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;IACrC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,MAAM,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAChC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC/B,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CAClC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,OAAO,CAAU,CAAC;IAC1C,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACjC,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACxC,qBAAqB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC/C,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACzC,eAAe,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACvC,SAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC;IACjC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACjC,gBAAgB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC9C,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC;QAC1B,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;QAC5B,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;QAC9B,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;QAC/B,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;KAClC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;CAC9B,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,gBAAgB,CAAC;AACtC,MAAM,CAAC,MAAM,WAAW,GAAG,iEAAiE,CAAC;AAC7F,MAAM,CAAC,MAAM,IAAI,GAAG,YAAY,CAAC;AACjC,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,cAAc,EAAE,eAAe,CAAC,CAAC;AAC9D,MAAM,CAAC,MAAM,MAAM,GAA4B,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AACpE,MAAM,CAAC,MAAM,IAAI,GAAuB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7E,MAAM,CAAC,MAAM,UAAU,GAAe,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEpE,SAAS,iBAAiB,CAAC,GAAuB;IAChD,MAAM,QAAQ,GAAG,GAAG,EAAE,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC1B,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvF,OAAO,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAa;IAC1C,MAAM,CAAC,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsB,CAAC;QACnG,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,OAAO,CAAC,KAAK,IAAI,sBAAsB,CAAC;SACrC,KAAK,CAAC,KAAK,CAAC;SACZ,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,UAAU,CAAC,GAAyB;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,MAA4B,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACjF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACzF,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,aAAa,CACpC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,EACxE,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,SAAS,GAAG,wBAAwB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,iBAAiB,CAAE,GAAG,CAAC,KAAmC,CAAC,IAAI,IAAK,GAAG,CAAC,KAAmC,CAAC,QAAQ,IAAI,SAAS,EAAE,iBAAiB,CAAC,CAAC;IACtK,MAAM,aAAa,GAAG,4BAA4B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/D,IAAK,GAAG,CAAC,KAAmC,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QACjE,MAAM,YAAY,GAAG,iBAAiB,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QACtE,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;QACvC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;QACtC,IAAI,GAAG,CAAC,SAAS;YAAE,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,YAAY,EAAE,gBAAgB,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3F,OAAO;YACL,MAAM,EAAE,IAAa;YACrB,OAAO,EAAE,aAAa;YACtB,cAAc,EAAE,aAAa,EAAE,cAAc;YAC7C,qBAAqB,EAAE,aAAa,EAAE,aAAa;YACnD,SAAS,EAAE,IAAI;YACf,MAAM,EAAE,EAAE;YACV,OAAO,EAAE,YAAY;SACtB,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,IAAa;YACrB,OAAO,EAAE,oBAAoB;YAC7B,cAAc,EAAE,aAAa,EAAE,cAAc;YAC7C,qBAAqB,EAAE,aAAa,EAAE,aAAa;YACnD,eAAe,EAAE,IAAI;YACrB,MAAM,EAAE,EAAE;YACV,OAAO;YACP,IAAI,EAAE;gBACJ,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG;gBAChB,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI;gBACnB,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK;gBACrB,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO;aAC1B;SACF,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC;IAC7B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,qEAAqE,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IAC3I,CAAC;IAED,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,OAAO,EAAE,yBAAyB;QAClC,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,qBAAqB,EAAE,MAAM,CAAC,aAAa;QAC3C,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC;QAClC,OAAO;KACR,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAG,aAAa,CACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,aAAa,EAAE,EACxE,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,OAAO,GAAG,GAAG,CAAC,OAAsC,CAAC;IAC3D,MAAM,MAAM,GAAG,wBAAwB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI,IAAK,GAAG,CAAC,KAAmC,CAAC,IAAI,IAAI,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC9H,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,6DAA6D,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IACnI,CAAC;IAED,IAAI,IAAe,CAAC;IACpB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IAChI,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACtB,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,uCAAwC,KAAe,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IACvI,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;QAClD,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,wDAAwD,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC;IAC9H,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC;QAC5C,GAAG,EAAE,IAAI,CAAC,GAAG;QACb,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE;QACvB,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE;QACjB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,YAAY,EAAE,aAAa;QAC3B,eAAe,EAAE,IAAI,CAAC,GAAG;QACzB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;QAC7C,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK;QAChD,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO;KACvD,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC,CAAC;IACnC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,eAAe,EAAE,UAAU,MAAM,CAAC,WAAW,EAAE,EAAE;QAClE,MAAM,EAAE,IAAI;QACZ,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;QACpD,WAAW,EAAE,UAAU;QACvB,oBAAoB,EAAE,EAAE;KACzB,CAAC,CAAC;IACH,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,WAAW,EAAE;QACtD,MAAM,EAAE,IAAI;QACZ,YAAY,EAAE,IAAI;QAClB,gBAAgB,EAAE,qBAAqB,CAAC,OAAO,CAAC,WAAW,CAAC;KAC7D,CAAC,CAAC;IACH,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,SAAS;QAAE,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,YAAY,EAAE,gBAAgB,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IAE3F,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,OAAO,EAAE,YAAY;QACrB,MAAM,EAAE,EAAE;QACV,OAAO;QACP,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;QACpD,IAAI,EAAE;YACJ,EAAE,EAAE,IAAI,CAAC,GAAG;YACZ,IAAI,EAAE,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI;YAC7C,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK;YAChD,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO;SACvD;KACF,CAAC;AACJ,CAAC,CACF,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/GET.d.ts

@@ -0,0 +1,3 @@
+export { ResponseSchema, QuerySchema } from "./route.impl.js";
+export { handleGet as default } from "./route.impl.js";
+//# sourceMappingURL=GET.d.ts.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/GET.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GET.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/GET.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,SAAS,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/GET.js

@@ -0,0 +1,3 @@
+export { ResponseSchema, QuerySchema } from "./route.impl.js";
+export { handleGet as default } from "./route.impl.js";
+//# sourceMappingURL=GET.js.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/GET.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GET.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/GET.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,SAAS,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.d.ts

@@ -1,27 +1,2 @@
-import * as av from "anyvali";
-import type { Infer } from "anyvali";
-import { type ApiAuthRequirement, type CacheHints } from "@betterportal/framework";
-export declare const QuerySchema: av.ObjectSchema<{
-    next: av.OptionalSchema<av.StringSchema>;
-    redirect: av.OptionalSchema<av.StringSchema>;
-}>;
-export declare const ResponseSchema: av.ObjectSchema<{
-    status: av.EnumSchema<readonly ["ok"]>;
-    message: av.StringSchema;
-    nextUrl: av.StringSchema;
-}>;
-export type ResponseData = Infer<typeof ResponseSchema>;
-export declare const title = "Authress Logout";
-export declare const description = "Clear the stored Authress bearer token.";
-export declare const role = "auth.logout";
-export declare const auth: ApiAuthRequirement;
-export declare const cacheHints: CacheHints;
-export declare const handleGet: import("@betterportal/framework").RouteHandler<Record<string, string>, {
-    next?: string | undefined;
-    redirect?: string | undefined;
-}, Record<string, string>, Record<string, unknown>, {
-    status: "ok";
-    message: string;
-    nextUrl: string;
-}, unknown, Record<string, unknown>>;
+export { title, description, auth, role, cacheHints } from "./route.impl.js";
 //# sourceMappingURL=index.d.ts.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAElG,eAAO,MAAM,WAAW;;;EAGI,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;EAIC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,oBAAoB,CAAC;AACvC,eAAO,MAAM,WAAW,4CAA4C,CAAC;AACrE,eAAO,MAAM,IAAI,gBAAgB,CAAC;AAClC,eAAO,MAAM,IAAI,EAAE,kBAAyD,CAAC;AAC7E,eAAO,MAAM,UAAU,EAAE,UAA0C,CAAC;AASpE,eAAO,MAAM,SAAS;;;;;;;oCAWrB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.js

@@ -1,35 +1,2 @@
-import * as av from "anyvali";
-import { createHandler } from "@betterportal/framework";
-export const QuerySchema = av.object({
-    next: av.optional(av.string()),
-    redirect: av.optional(av.string())
-}, { unknownKeys: "strip" });
-export const ResponseSchema = av.object({
-    status: av.enum_(["ok"]),
-    message: av.string(),
-    nextUrl: av.string()
-}, { unknownKeys: "strip" });
-export const title = "Authress Logout";
-export const description = "Clear the stored Authress bearer token.";
-export const role = "auth.logout";
-export const auth = { required: false, permissions: [] };
-export const cacheHints = { ttlSeconds: 0, varyBy: [] };
-function normalizeRedirect(raw) {
-    const redirect = raw?.trim();
-    if (!redirect)
-        return "/";
-    if (redirect.startsWith("http://") || redirect.startsWith("https://"))
-        return redirect;
-    return redirect.startsWith("/") ? redirect : `/${redirect}`;
-}
-export const handleGet = createHandler({ response: ResponseSchema, query: QuerySchema }, (ctx) => {
-    const query = ctx.query;
-    const nextUrl = normalizeRedirect(query.next ?? query.redirect);
-    ctx.bpHeaders?.remove("Authorization");
-    ctx.bpHeaders?.remove("X-BP-Refresh");
-    ctx.responseHeaders?.set("HX-Location", "/login?action=logout");
-    if (ctx.serviceId)
-        ctx.responseHeaders?.set("HX-Trigger", `bp:fragments:${ctx.serviceId}`);
-    return { status: "ok", message: "Signed out.", nextUrl };
-});
+export { title, description, auth, role, cacheHints } from "./route.impl.js";
 //# sourceMappingURL=index.js.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,aAAa,EAA4C,MAAM,yBAAyB,CAAC;AAElG,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC;IACnC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CACnC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAU,CAAC;IACjC,OAAO,EAAE,EAAE,CAAC,MAAM,EAAE;IACpB,OAAO,EAAE,EAAE,CAAC,MAAM,EAAE;CACrB,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,iBAAiB,CAAC;AACvC,MAAM,CAAC,MAAM,WAAW,GAAG,yCAAyC,CAAC;AACrE,MAAM,CAAC,MAAM,IAAI,GAAG,aAAa,CAAC;AAClC,MAAM,CAAC,MAAM,IAAI,GAAuB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7E,MAAM,CAAC,MAAM,UAAU,GAAe,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEpE,SAAS,iBAAiB,CAAC,GAAuB;IAChD,MAAM,QAAQ,GAAG,GAAG,EAAE,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC1B,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvF,OAAO,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,aAAa,CACpC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,EAChD,CAAC,GAAG,EAAE,EAAE;IACN,MAAM,KAAK,GAAG,GAAG,CAAC,KAAkC,CAAC;IACrD,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChE,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACvC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IACtC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;IAChE,IAAI,GAAG,CAAC,SAAS;QAAE,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,YAAY,EAAE,gBAAgB,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3F,OAAO,EAAE,MAAM,EAAE,IAAa,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;AACpE,CAAC,CACF,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/route.impl.d.ts

@@ -0,0 +1,27 @@
+import * as av from "anyvali";
+import type { Infer } from "anyvali";
+import { type ApiAuthRequirement, type CacheHints } from "@betterportal/framework";
+export declare const QuerySchema: av.ObjectSchema<{
+    next: av.OptionalSchema<av.StringSchema>;
+    redirect: av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const ResponseSchema: av.ObjectSchema<{
+    status: av.EnumSchema<readonly ["ok"]>;
+    message: av.StringSchema;
+    nextUrl: av.StringSchema;
+}>;
+export type ResponseData = Infer<typeof ResponseSchema>;
+export declare const title = "Authress Logout";
+export declare const description = "Clear the stored Authress bearer token.";
+export declare const role = "auth.logout";
+export declare const auth: ApiAuthRequirement;
+export declare const cacheHints: CacheHints;
+export declare const handleGet: import("@betterportal/framework").RouteHandler<Record<string, string>, {
+    next?: string | undefined;
+    redirect?: string | undefined;
+}, Record<string, string>, Record<string, unknown>, {
+    status: "ok";
+    message: string;
+    nextUrl: string;
+}, unknown, Record<string, unknown>>;
+//# sourceMappingURL=route.impl.d.ts.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/route.impl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.impl.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/route.impl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAiB,KAAK,kBAAkB,EAAE,KAAK,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAElG,eAAO,MAAM,WAAW;;;EAGI,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;EAIC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,oBAAoB,CAAC;AACvC,eAAO,MAAM,WAAW,4CAA4C,CAAC;AACrE,eAAO,MAAM,IAAI,gBAAgB,CAAC;AAClC,eAAO,MAAM,IAAI,EAAE,kBAAyD,CAAC;AAC7E,eAAO,MAAM,UAAU,EAAE,UAA0C,CAAC;AASpE,eAAO,MAAM,SAAS;;;;;;;oCAWrB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/route.impl.js

@@ -0,0 +1,35 @@
+import * as av from "anyvali";
+import { createHandler } from "@betterportal/framework";
+export const QuerySchema = av.object({
+    next: av.optional(av.string()),
+    redirect: av.optional(av.string())
+}, { unknownKeys: "strip" });
+export const ResponseSchema = av.object({
+    status: av.enum_(["ok"]),
+    message: av.string(),
+    nextUrl: av.string()
+}, { unknownKeys: "strip" });
+export const title = "Authress Logout";
+export const description = "Clear the stored Authress bearer token.";
+export const role = "auth.logout";
+export const auth = { required: false, permissions: [] };
+export const cacheHints = { ttlSeconds: 0, varyBy: [] };
+function normalizeRedirect(raw) {
+    const redirect = raw?.trim();
+    if (!redirect)
+        return "/";
+    if (redirect.startsWith("http://") || redirect.startsWith("https://"))
+        return redirect;
+    return redirect.startsWith("/") ? redirect : `/${redirect}`;
+}
+export const handleGet = createHandler({ response: ResponseSchema, query: QuerySchema }, (ctx) => {
+    const query = ctx.query;
+    const nextUrl = normalizeRedirect(query.next ?? query.redirect);
+    ctx.bpHeaders?.remove("Authorization");
+    ctx.bpHeaders?.remove("X-BP-Refresh");
+    ctx.responseHeaders?.set("HX-Location", "/login?action=logout");
+    if (ctx.serviceId)
+        ctx.responseHeaders?.set("HX-Trigger", `bp:fragments:${ctx.serviceId}`);
+    return { status: "ok", message: "Signed out.", nextUrl };
+});
+//# sourceMappingURL=route.impl.js.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/logout/route.impl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.impl.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/logout/route.impl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,aAAa,EAA4C,MAAM,yBAAyB,CAAC;AAElG,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC;IACnC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IAC9B,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CACnC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAU,CAAC;IACjC,OAAO,EAAE,EAAE,CAAC,MAAM,EAAE;IACpB,OAAO,EAAE,EAAE,CAAC,MAAM,EAAE;CACrB,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,iBAAiB,CAAC;AACvC,MAAM,CAAC,MAAM,WAAW,GAAG,yCAAyC,CAAC;AACrE,MAAM,CAAC,MAAM,IAAI,GAAG,aAAa,CAAC;AAClC,MAAM,CAAC,MAAM,IAAI,GAAuB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7E,MAAM,CAAC,MAAM,UAAU,GAAe,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEpE,SAAS,iBAAiB,CAAC,GAAuB;IAChD,MAAM,QAAQ,GAAG,GAAG,EAAE,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC1B,IAAI,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,QAAQ,CAAC;IACvF,OAAO,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,aAAa,CACpC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,EAChD,CAAC,GAAG,EAAE,EAAE;IACN,MAAM,KAAK,GAAG,GAAG,CAAC,KAAkC,CAAC;IACrD,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChE,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IACvC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,cAAc,CAAC,CAAC;IACtC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;IAChE,IAAI,GAAG,CAAC,SAAS;QAAE,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,YAAY,EAAE,gBAAgB,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3F,OAAO,EAAE,MAAM,EAAE,IAAa,EAAE,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;AACpE,CAAC,CACF,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/POST.d.ts

@@ -0,0 +1,3 @@
+export { ResponseSchema, RequestSchema } from "./route.impl.js";
+export { handlePost as default } from "./route.impl.js";
+//# sourceMappingURL=POST.d.ts.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/POST.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"POST.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/POST.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,UAAU,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/POST.js

@@ -0,0 +1,3 @@
+export { ResponseSchema, RequestSchema } from "./route.impl.js";
+export { handlePost as default } from "./route.impl.js";
+//# sourceMappingURL=POST.js.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/POST.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"POST.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/POST.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,UAAU,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.d.ts

@@ -1,29 +1,2 @@
-import * as av from "anyvali";
-import type { Infer } from "anyvali";
-import { type ApiAuthRequirement, type CacheHints } from "@betterportal/framework";
-export declare const RequestSchema: av.ObjectSchema<{
-    refreshToken: av.OptionalSchema<av.StringSchema>;
-    accessToken: av.OptionalSchema<av.StringSchema>;
-}>;
-export declare const ResponseSchema: av.ObjectSchema<{
-    status: av.EnumSchema<readonly ["ok", "error"]>;
-    message: av.OptionalSchema<av.StringSchema>;
-    accessToken: av.OptionalSchema<av.StringSchema>;
-    expiresInSeconds: av.OptionalSchema<av.IntSchema>;
-}>;
-export type ResponseData = Infer<typeof ResponseSchema>;
-export declare const title = "Authress Refresh";
-export declare const description = "Refresh BetterPortal tokens after Authress session renewal.";
-export declare const role = "auth.refresh";
-export declare const auth: ApiAuthRequirement;
-export declare const cacheHints: CacheHints;
-export declare const handlePost: import("@betterportal/framework").RouteHandler<Record<string, string>, Record<string, unknown>, Record<string, string>, {
-    refreshToken?: string | undefined;
-    accessToken?: string | undefined;
-}, {
-    status: "ok" | "error";
-    message?: string | undefined;
-    accessToken?: string | undefined;
-    expiresInSeconds?: number | undefined;
-}, unknown, Record<string, unknown>>;
+export { title, description, auth, role, cacheHints } from "./route.impl.js";
 //# sourceMappingURL=index.d.ts.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,UAAU,EAChB,MAAM,yBAAyB,CAAC;AAIjC,eAAO,MAAM,aAAa;;;EAGE,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;;EAKC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,qBAAqB,CAAC;AACxC,eAAO,MAAM,WAAW,gEAAgE,CAAC;AACzF,eAAO,MAAM,IAAI,iBAAiB,CAAC;AACnC,eAAO,MAAM,IAAI,EAAE,kBAAyD,CAAC;AAC7E,eAAO,MAAM,UAAU,EAAE,UAA0C,CAAC;AAQpE,eAAO,MAAM,UAAU;;;;;;;;oCAqDtB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.js

@@ -1,87 +1,2 @@
-import * as av from "anyvali";
-import { createHandler } from "@betterportal/framework";
-import { resolveAuthressAppConfig } from "../../index.js";
-export const RequestSchema = av.object({
-    refreshToken: av.optional(av.string().minLength(1)),
-    accessToken: av.optional(av.string())
-}, { unknownKeys: "strip" });
-export const ResponseSchema = av.object({
-    status: av.enum_(["ok", "error"]),
-    message: av.optional(av.string()),
-    accessToken: av.optional(av.string()),
-    expiresInSeconds: av.optional(av.int().min(1))
-}, { unknownKeys: "strip" });
-export const title = "Authress Refresh";
-export const description = "Refresh BetterPortal tokens after Authress session renewal.";
-export const role = "auth.refresh";
-export const auth = { required: false, permissions: [] };
-export const cacheHints = { ttlSeconds: 0, varyBy: [] };
-function pluginFrom(ctx) {
-    const plugin = ctx.plugin;
-    if (!plugin)
-        throw new Error("Authress plugin not available on handler context");
-    return plugin;
-}
-export const handlePost = createHandler({ response: ResponseSchema, request: RequestSchema }, async (ctx) => {
-    const config = resolveAuthressAppConfig(ctx.config);
-    if (!config) {
-        return { status: "error", message: "Authress config is missing authressApiUrl or applicationId." };
-    }
-    const body = ctx.request;
-    const headers = ctx.headers;
-    const authressToken = body.accessToken ?? headers["x-bp-refresh"];
-    if (!authressToken?.trim()) {
-        return { status: "error", message: "Authress access token is required to refresh BetterPortal tokens." };
-    }
-    const plugin = pluginFrom(ctx);
-    let authressClaims;
-    try {
-        authressClaims = await plugin.verifyAuthressToken(authressToken, config, { tenantId: ctx.tenant.id, appId: ctx.app.id });
-    }
-    catch {
-        return { status: "error", message: "Authress token invalid or expired." };
-    }
-    const issued = plugin.issueTokenPair({
-        sub: authressClaims.sub,
-        tenantId: ctx.tenant.id,
-        appId: ctx.app.id,
-        roles: authressClaims.roles,
-        authProvider: "authress.io",
-        providerSubject: authressClaims.sub,
-        provider: authressClaims.provider,
-        name: authressClaims.name,
-        email: authressClaims.email,
-        picture: authressClaims.picture
-    }, { includeRefreshToken: false });
-    ctx.bpHeaders?.set("Authorization", `Bearer ${issued.accessToken}`, {
-        locked: true,
-        expiresInSeconds: issued.accessTokenExpiresInSeconds,
-        refreshPath: "/refresh",
-        refreshBeforeSeconds: 60
-    });
-    ctx.bpHeaders?.set("X-BP-Refresh", authressToken, {
-        locked: true,
-        scopeToOwner: true,
-        expiresInSeconds: secondsUntilJwtExpiry(authressToken)
-    });
-    return {
-        status: "ok",
-        accessToken: issued.accessToken,
-        expiresInSeconds: issued.accessTokenExpiresInSeconds
-    };
-});
-function secondsUntilJwtExpiry(token) {
-    const payload = token.split(".")[1];
-    if (!payload)
-        return 60 * 15;
-    try {
-        const parsed = JSON.parse(Buffer.from(payload, "base64url").toString("utf8"));
-        if (typeof parsed.exp !== "number")
-            return 60 * 15;
-        return Math.max(1, parsed.exp - Math.floor(Date.now() / 1000));
-    }
-    catch {
-        return 60 * 15;
-    }
-}
+export { title, description, auth, role, cacheHints } from "./route.impl.js";
 //# sourceMappingURL=index.js.map

package/lib/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EACL,aAAa,EAGd,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAE1D,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,YAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACnD,WAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;CACtC,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,OAAO,CAAU,CAAC;IAC1C,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACjC,WAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;IACrC,gBAAgB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;CAC/C,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,kBAAkB,CAAC;AACxC,MAAM,CAAC,MAAM,WAAW,GAAG,6DAA6D,CAAC;AACzF,MAAM,CAAC,MAAM,IAAI,GAAG,cAAc,CAAC;AACnC,MAAM,CAAC,MAAM,IAAI,GAAuB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;AAC7E,MAAM,CAAC,MAAM,UAAU,GAAe,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEpE,SAAS,UAAU,CAAC,GAAyB;IAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,MAA4B,CAAC;IAChD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACjF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,aAAa,CACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa,EAAE,EACpD,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,MAAM,GAAG,wBAAwB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,6DAA6D,EAAE,CAAC;IAC9G,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,OAAsC,CAAC;IACxD,MAAM,OAAO,GAAG,GAAG,CAAC,OAA6C,CAAC;IAClE,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,cAAc,CAAC,CAAC;IAClE,IAAI,CAAC,aAAa,EAAE,IAAI,EAAE,EAAE,CAAC;QAC3B,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,mEAAmE,EAAE,CAAC;IACpH,CAAC;IACD,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,cAAc,CAAC;IACnB,IAAI,CAAC;QACH,cAAc,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IAC3H,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,MAAM,EAAE,OAAgB,EAAE,OAAO,EAAE,oCAAoC,EAAE,CAAC;IACrF,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC;QACnC,GAAG,EAAE,cAAc,CAAC,GAAG;QACvB,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE;QACvB,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE;QACjB,KAAK,EAAE,cAAc,CAAC,KAAK;QAC3B,YAAY,EAAE,aAAa;QAC3B,eAAe,EAAE,cAAc,CAAC,GAAG;QACnC,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,IAAI,EAAE,cAAc,CAAC,IAAI;QACzB,KAAK,EAAE,cAAc,CAAC,KAAK;QAC3B,OAAO,EAAE,cAAc,CAAC,OAAO;KAChC,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC,CAAC;IAEnC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,eAAe,EAAE,UAAU,MAAM,CAAC,WAAW,EAAE,EAAE;QAClE,MAAM,EAAE,IAAI;QACZ,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;QACpD,WAAW,EAAE,UAAU;QACvB,oBAAoB,EAAE,EAAE;KACzB,CAAC,CAAC;IACH,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,cAAc,EAAE,aAAa,EAAE;QAChD,MAAM,EAAE,IAAI;QACZ,YAAY,EAAE,IAAI;QAClB,gBAAgB,EAAE,qBAAqB,CAAC,aAAa,CAAC;KACvD,CAAC,CAAC;IAEH,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;KACrD,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,SAAS,qBAAqB,CAAC,KAAa;IAC1C,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsB,CAAC;QACnG,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,GAAG,EAAE,CAAC;IACjB,CAAC;AACH,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-authress-io/bp-routes/refresh/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}