@bounc.ing/next 0.1.0

package/dist/client/provider.d.ts

@@ -0,0 +1,14 @@
+import { type ReactNode } from 'react';
+import type { User } from '../types.js';
+interface BouncingContextValue {
+    user: User | null;
+    isLoading: boolean;
+    domain: string;
+}
+export declare function useBouncingContext(): BouncingContextValue;
+interface BouncingProviderProps {
+    domain: string;
+    children: ReactNode;
+}
+export declare function BouncingProvider({ domain, children }: BouncingProviderProps): import("react/jsx-runtime").JSX.Element;
+export {};

package/dist/client/provider.js

@@ -0,0 +1,35 @@
+'use client';
+import { jsx as _jsx } from "react/jsx-runtime";
+import { createContext, useContext, useState, useEffect } from 'react';
+const BouncingContext = createContext({
+    user: null, isLoading: true, domain: '',
+});
+export function useBouncingContext() {
+    return useContext(BouncingContext);
+}
+export function BouncingProvider({ domain, children }) {
+    const [user, setUser] = useState(null);
+    const [isLoading, setIsLoading] = useState(true);
+    useEffect(() => {
+        // Try hydration from server-rendered script tag
+        const script = document.getElementById('__bouncing');
+        if (script) {
+            try {
+                const data = JSON.parse(script.textContent ?? '');
+                if (data.user) {
+                    setUser(data.user);
+                    setIsLoading(false);
+                    return;
+                }
+            }
+            catch { /* fall through to fetch */ }
+        }
+        // Fetch from /auth/me
+        fetch(`https://${domain}/auth/me`, { credentials: 'include' })
+            .then((res) => res.ok ? res.json() : null)
+            .then((data) => setUser(data))
+            .catch(() => setUser(null))
+            .finally(() => setIsLoading(false));
+    }, [domain]);
+    return (_jsx(BouncingContext, { value: { user, isLoading, domain }, children: children }));
+}

package/dist/client/sign-in.d.ts

@@ -0,0 +1,5 @@
+interface SignInProps {
+    className?: string;
+}
+export declare function SignIn({ className }: SignInProps): import("react/jsx-runtime").JSX.Element | null;
+export {};

package/dist/client/sign-in.js

@@ -0,0 +1,17 @@
+'use client';
+import { jsxs as _jsxs, jsx as _jsx } from "react/jsx-runtime";
+import { useState, useEffect } from 'react';
+import { useBouncingContext } from './provider.js';
+export function SignIn({ className }) {
+    const { domain } = useBouncingContext();
+    const [providers, setProviders] = useState([]);
+    useEffect(() => {
+        fetch(`https://${domain}/auth/providers`)
+            .then((res) => res.json())
+            .then((data) => setProviders(data.providers))
+            .catch(() => { });
+    }, [domain]);
+    if (providers.length === 0)
+        return null;
+    return (_jsx("div", { className: className, children: providers.map((provider) => (_jsxs("a", { href: `https://${domain}/auth/oauth/${provider}`, style: { display: 'inline-block', margin: '0.25rem' }, children: ["Sign in with ", provider.charAt(0).toUpperCase() + provider.slice(1)] }, provider))) }));
+}

package/dist/client/use-user.d.ts

@@ -0,0 +1,5 @@
+import type { User } from '../types.js';
+export declare function useUser(): {
+    user: User | null;
+    isLoading: boolean;
+};

package/dist/client/use-user.js

@@ -0,0 +1,6 @@
+'use client';
+import { useBouncingContext } from './provider.js';
+export function useUser() {
+    const { user, isLoading } = useBouncingContext();
+    return { user, isLoading };
+}

package/dist/client/user-button.d.ts

@@ -0,0 +1,5 @@
+interface UserButtonProps {
+    className?: string;
+}
+export declare function UserButton({ className }: UserButtonProps): import("react/jsx-runtime").JSX.Element | null;
+export {};

package/dist/client/user-button.js

@@ -0,0 +1,16 @@
+'use client';
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { useBouncingContext } from './provider.js';
+export function UserButton({ className }) {
+    const { user, isLoading, domain } = useBouncingContext();
+    if (isLoading || !user)
+        return null;
+    const handleSignOut = async () => {
+        await fetch(`https://${domain}/auth/logout`, {
+            method: 'POST',
+            credentials: 'include',
+        });
+        window.location.reload();
+    };
+    return (_jsxs("div", { className: className, children: [_jsx("span", { children: user.name ?? user.email }), _jsx("button", { onClick: handleSignOut, type: "button", children: "Sign out" })] }));
+}

package/dist/client.d.ts

@@ -0,0 +1,4 @@
+export { BouncingProvider } from './client/provider.js';
+export { useUser } from './client/use-user.js';
+export { SignIn } from './client/sign-in.js';
+export { UserButton } from './client/user-button.js';

package/dist/client.js

@@ -0,0 +1,4 @@
+export { BouncingProvider } from './client/provider.js';
+export { useUser } from './client/use-user.js';
+export { SignIn } from './client/sign-in.js';
+export { UserButton } from './client/user-button.js';

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { createBouncing } from './server/config.js';
+export type { BouncingConfig, BouncingInstance, Session, User } from './server/config.js';
+export { createAdminClient } from './server/admin.js';
+export type { BouncingAdminClient } from './server/admin.js';

package/dist/index.js

@@ -0,0 +1,2 @@
+export { createBouncing } from './server/config.js';
+export { createAdminClient } from './server/admin.js';

package/dist/middleware/auth.d.ts

@@ -0,0 +1,19 @@
+import { type NextRequest, NextResponse } from 'next/server';
+export interface WithAuthConfig {
+    /** The domain of your bouncing app */
+    domain: string;
+    /** URL to redirect to when not authenticated (default: /auth/oauth/{firstProvider} on the bouncing domain) */
+    loginURL?: string;
+}
+/**
+ * Next.js middleware that protects routes with bouncing auth.
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { withAuth } from '@bounc.ing/next/middleware'
+ * export default withAuth({ domain: 'myapp.bounc.ing' })
+ * export const config = { matcher: ['/dashboard/:path*'] }
+ * ```
+ */
+export declare function withAuth(config: WithAuthConfig): (request: NextRequest) => Promise<NextResponse<unknown>>;

package/dist/middleware/auth.js

@@ -0,0 +1,47 @@
+import { NextResponse } from 'next/server';
+import { verifyAccessToken, refreshTokens } from '../server/auth.js';
+/**
+ * Next.js middleware that protects routes with bouncing auth.
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { withAuth } from '@bounc.ing/next/middleware'
+ * export default withAuth({ domain: 'myapp.bounc.ing' })
+ * export const config = { matcher: ['/dashboard/:path*'] }
+ * ```
+ */
+export function withAuth(config) {
+    const baseURL = `https://${config.domain}`;
+    return async function middleware(request) {
+        const accessToken = request.cookies.get('bouncing_access')?.value;
+        if (accessToken) {
+            const session = await verifyAccessToken(accessToken, baseURL);
+            if (session && session.expiresAt > Date.now()) {
+                return NextResponse.next();
+            }
+        }
+        // Try refresh
+        const rt = request.cookies.get('bouncing_refresh')?.value;
+        if (rt) {
+            const tokens = await refreshTokens(baseURL, rt);
+            if (tokens) {
+                const session = await verifyAccessToken(tokens.accessToken, baseURL);
+                if (session) {
+                    const response = NextResponse.next();
+                    response.cookies.set('bouncing_access', tokens.accessToken, {
+                        httpOnly: true, secure: true, sameSite: 'lax', path: '/', maxAge: 900,
+                    });
+                    response.cookies.set('bouncing_refresh', tokens.refreshToken, {
+                        httpOnly: true, secure: true, sameSite: 'lax', path: '/auth/refresh', maxAge: 604800,
+                    });
+                    return response;
+                }
+            }
+        }
+        // Not authenticated — redirect to login
+        const loginURL = config.loginURL ?? `${baseURL}/auth/oauth/github`;
+        const redirectURL = new URL(loginURL);
+        return NextResponse.redirect(redirectURL);
+    };
+}

package/dist/middleware.d.ts

@@ -0,0 +1,2 @@
+export { withAuth } from './middleware/auth.js';
+export type { WithAuthConfig } from './middleware/auth.js';

package/dist/middleware.js

@@ -0,0 +1 @@
+export { withAuth } from './middleware/auth.js';

package/dist/server/admin.d.ts

@@ -0,0 +1,8 @@
+import type { BouncingConfig } from '../types.js';
+export interface BouncingAdminClient {
+    listApps(): Promise<unknown[]>;
+    getApp(slug: string): Promise<unknown>;
+    listUsers(slug: string): Promise<unknown[]>;
+    deleteUser(slug: string, userId: string): Promise<void>;
+}
+export declare function createAdminClient(config: BouncingConfig): BouncingAdminClient;

package/dist/server/admin.js

@@ -0,0 +1,22 @@
+export function createAdminClient(config) {
+    const controlBase = 'https://dev.bounc.ing';
+    const headers = {
+        'Content-Type': 'application/json',
+    };
+    if (config.apiKey) {
+        headers['Authorization'] = `Bearer ${config.apiKey}`;
+    }
+    async function api(path, options) {
+        const res = await fetch(`${controlBase}${path}`, { ...options, headers: { ...headers, ...options?.headers } });
+        const body = await res.json();
+        if (!res.ok)
+            throw new Error(body.error?.message ?? `API error ${res.status}`);
+        return body.data;
+    }
+    return {
+        async listApps() { return api('/api/apps'); },
+        async getApp(slug) { return api(`/api/apps/${slug}`); },
+        async listUsers(slug) { return api(`/api/apps/${slug}/users`); },
+        async deleteUser(slug, userId) { await api(`/api/apps/${slug}/users/${userId}`, { method: 'DELETE' }); },
+    };
+}

package/dist/server/auth.d.ts

@@ -0,0 +1,8 @@
+import type { Session } from '../types.js';
+/** Verify a JWT access token against the JWKS endpoint. Returns Session or null. */
+export declare function verifyAccessToken(token: string, baseURL: string): Promise<Session | null>;
+/** Exchange a refresh token for new tokens. Returns null on failure. */
+export declare function refreshTokens(baseURL: string, refreshToken: string): Promise<{
+    accessToken: string;
+    refreshToken: string;
+} | null>;

package/dist/server/auth.js

@@ -0,0 +1,50 @@
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+const jwksCache = new Map();
+function getJWKS(baseURL) {
+    let jwks = jwksCache.get(baseURL);
+    if (!jwks) {
+        jwks = createRemoteJWKSet(new URL('/.well-known/jwks.json', baseURL));
+        jwksCache.set(baseURL, jwks);
+    }
+    return jwks;
+}
+/** Verify a JWT access token against the JWKS endpoint. Returns Session or null. */
+export async function verifyAccessToken(token, baseURL) {
+    try {
+        const jwks = getJWKS(baseURL);
+        const { payload } = await jwtVerify(token, jwks, {
+            algorithms: ['EdDSA'],
+        });
+        return {
+            user: {
+                id: payload.sub ?? '',
+                email: payload.email ?? '',
+                name: payload.name ?? null,
+                roles: payload.roles ?? [],
+                permissions: payload.permissions ?? [],
+            },
+            accessToken: token,
+            expiresAt: (payload.exp ?? 0) * 1000,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/** Exchange a refresh token for new tokens. Returns null on failure. */
+export async function refreshTokens(baseURL, refreshToken) {
+    try {
+        const res = await fetch(new URL('/auth/refresh', baseURL), {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ refresh_token: refreshToken }),
+        });
+        if (!res.ok)
+            return null;
+        const data = await res.json();
+        return { accessToken: data.access_token, refreshToken: data.refresh_token };
+    }
+    catch {
+        return null;
+    }
+}

package/dist/server/config.d.ts

@@ -0,0 +1,21 @@
+import type { BouncingConfig, Session, User } from '../types.js';
+export type { BouncingConfig, Session, User };
+export interface BouncingInstance {
+    /** Returns the current session or null. Reads cookies via next/headers. */
+    auth(): Promise<Session | null>;
+    /** Returns the current user or throws if not authenticated. */
+    currentUser(): Promise<User>;
+}
+/**
+ * Creates a Bouncing auth instance.
+ *
+ * @example
+ * ```ts
+ * // bouncing.ts
+ * import { createBouncing } from '@bounc.ing/next'
+ * export const { auth, currentUser } = createBouncing({
+ *   domain: 'myapp.bounc.ing',
+ * })
+ * ```
+ */
+export declare function createBouncing(config: BouncingConfig): BouncingInstance;

package/dist/server/config.js

@@ -0,0 +1,42 @@
+import { verifyAccessToken, refreshTokens } from './auth.js';
+/**
+ * Creates a Bouncing auth instance.
+ *
+ * @example
+ * ```ts
+ * // bouncing.ts
+ * import { createBouncing } from '@bounc.ing/next'
+ * export const { auth, currentUser } = createBouncing({
+ *   domain: 'myapp.bounc.ing',
+ * })
+ * ```
+ */
+export function createBouncing(config) {
+    const baseURL = `https://${config.domain}`;
+    async function auth() {
+        const { cookies } = await import('next/headers');
+        const cookieStore = await cookies();
+        const accessToken = cookieStore.get('bouncing_access')?.value;
+        if (accessToken) {
+            const session = await verifyAccessToken(accessToken, baseURL);
+            if (session && session.expiresAt > Date.now()) {
+                return session;
+            }
+        }
+        // Access token missing or expired — try refresh
+        const rt = cookieStore.get('bouncing_refresh')?.value;
+        if (!rt)
+            return null;
+        const tokens = await refreshTokens(baseURL, rt);
+        if (!tokens)
+            return null;
+        return verifyAccessToken(tokens.accessToken, baseURL);
+    }
+    async function currentUser() {
+        const session = await auth();
+        if (!session)
+            throw new Error('Not authenticated');
+        return session.user;
+    }
+    return { auth, currentUser };
+}

package/dist/types.d.ts

@@ -0,0 +1,23 @@
+export interface BouncingConfig {
+    /** The domain of your bouncing app (e.g. "myapp.bounc.ing" or "auth.myapp.com") */
+    domain: string;
+    /** API key for management operations (optional, server-side only) */
+    apiKey?: string;
+}
+export interface User {
+    id: string;
+    email: string;
+    name: string | null;
+    roles: string[];
+    permissions: string[];
+}
+export interface Session {
+    user: User;
+    accessToken: string;
+    expiresAt: number;
+}
+export interface TokenResponse {
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+}

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@bounc.ing/next",
+  "version": "0.1.0",
+  "description": "Bouncing auth SDK for Next.js — auth for your app in 3 minutes",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./client": {
+      "types": "./dist/client.d.ts",
+      "import": "./dist/client.js"
+    },
+    "./middleware": {
+      "types": "./dist/middleware.d.ts",
+      "import": "./dist/middleware.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit"
+  },
+  "peerDependencies": {
+    "next": ">=15.0.0",
+    "react": ">=19.0.0",
+    "react-dom": ">=19.0.0"
+  },
+  "dependencies": {
+    "jose": "^6.0.0"
+  },
+  "devDependencies": {
+    "@types/react": "^19.0.0",
+    "react": "^19.0.0",
+    "next": "^15.0.0",
+    "typescript": "^6.0.0",
+    "vitest": "^4.1.0"
+  },
+  "files": ["dist"],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/scttfrdmn/bouncing-managed",
+    "directory": "sdk/next"
+  }
+}