@blackcode_sa/metaestetics-api 1.12.56 → 1.12.57

package/dist/index.js

@@ -3846,6 +3846,11 @@ var AUTH_ERRORS = {
     "AUTH/INVALID_ROLE",
     400
   ),
+  UNAUTHORIZED_ROLE: new AuthError(
+    "You do not have permission to access the clinic application. This account is registered as a patient. Please use the mobile app to access your patient account.",
+    "AUTH/UNAUTHORIZED_ROLE",
+    403
+  ),
   // Authentication errors
   NOT_AUTHENTICATED: new AuthError(
     "User is not authenticated",
@@ -11596,7 +11601,8 @@ var AuthService = class extends BaseService {
       const user = await this.userService.getOrCreateUser(firebaseUser);
       if (!((_a = user.roles) == null ? void 0 : _a.includes("clinic_admin" /* CLINIC_ADMIN */))) {
         console.error("[AUTH] User is not a clinic admin:", user.uid);
-        throw AUTH_ERRORS.INVALID_ROLE;
+        await this.auth.signOut();
+        throw AUTH_ERRORS.UNAUTHORIZED_ROLE;
       }
       if (!user.adminProfile) {
         console.error("[AUTH] User has no admin profile:", user.uid);

package/dist/index.mjs

@@ -3764,6 +3764,11 @@ var AUTH_ERRORS = {
     "AUTH/INVALID_ROLE",
     400
   ),
+  UNAUTHORIZED_ROLE: new AuthError(
+    "You do not have permission to access the clinic application. This account is registered as a patient. Please use the mobile app to access your patient account.",
+    "AUTH/UNAUTHORIZED_ROLE",
+    403
+  ),
   // Authentication errors
   NOT_AUTHENTICATED: new AuthError(
     "User is not authenticated",
@@ -11695,7 +11700,8 @@ var AuthService = class extends BaseService {
       const user = await this.userService.getOrCreateUser(firebaseUser);
       if (!((_a = user.roles) == null ? void 0 : _a.includes("clinic_admin" /* CLINIC_ADMIN */))) {
         console.error("[AUTH] User is not a clinic admin:", user.uid);
-        throw AUTH_ERRORS.INVALID_ROLE;
+        await this.auth.signOut();
+        throw AUTH_ERRORS.UNAUTHORIZED_ROLE;
       }
       if (!user.adminProfile) {
         console.error("[AUTH] User has no admin profile:", user.uid);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@blackcode_sa/metaestetics-api",
   "private": false,
-  "version": "1.12.56",
+  "version": "1.12.57",
   "description": "Firebase authentication service with anonymous upgrade support",
   "main": "dist/index.js",
   "module": "dist/index.mjs",

package/src/errors/auth.errors.ts

@@ -26,6 +26,11 @@ export const AUTH_ERRORS = {
     "AUTH/INVALID_ROLE",
     400
   ),
+  UNAUTHORIZED_ROLE: new AuthError(
+    "You do not have permission to access the clinic application. This account is registered as a patient. Please use the mobile app to access your patient account.",
+    "AUTH/UNAUTHORIZED_ROLE",
+    403
+  ),
 
   // Authentication errors
   NOT_AUTHENTICATED: new AuthError(

package/src/services/auth/auth.service.ts

@@ -480,7 +480,9 @@ export class AuthService extends BaseService {
       // Check if user has clinic_admin role
       if (!user.roles?.includes(UserRole.CLINIC_ADMIN)) {
         console.error('[AUTH] User is not a clinic admin:', user.uid);
-        throw AUTH_ERRORS.INVALID_ROLE;
+        // Sign out the user immediately for security
+        await this.auth.signOut();
+        throw AUTH_ERRORS.UNAUTHORIZED_ROLE;
       }
 
       // Check and get admin profile

package/src/services/auth/auth.v2.service.ts

@@ -314,7 +314,9 @@ export class AuthServiceV2 extends BaseService {
       // Check if user has clinic_admin role
       if (!user.roles?.includes(UserRole.CLINIC_ADMIN)) {
         console.error("[AUTH] User is not a clinic admin:", user.uid);
-        throw AUTH_ERRORS.INVALID_ROLE;
+        // Sign out the user immediately for security
+        await this.auth.signOut();
+        throw AUTH_ERRORS.UNAUTHORIZED_ROLE;
       }
 
       // Check and get admin profile