@cabin-id/nextjs 0.1.7 → 0.2.0

package/dist/cjs/server/errors.js

@@ -0,0 +1,110 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var errors_exports = {};
+__export(errors_exports, {
+  authAuthHeaderMissing: () => authAuthHeaderMissing,
+  authSignatureInvalid: () => authSignatureInvalid,
+  clockSkewDetected: () => clockSkewDetected,
+  getAuthAuthHeaderMissing: () => getAuthAuthHeaderMissing,
+  infiniteRedirectLoopDetected: () => infiniteRedirectLoopDetected,
+  informAboutProtectedRouteInfo: () => informAboutProtectedRouteInfo,
+  missingDomainAndProxy: () => missingDomainAndProxy,
+  missingSignInUrlInDev: () => missingSignInUrlInDev,
+  receivedRequestForIgnoredRoute: () => receivedRequestForIgnoredRoute
+});
+module.exports = __toCommonJS(errors_exports);
+const missingDomainAndProxy = `
+Missing domain and proxyUrl. A satellite application needs to specify a domain or a proxyUrl.
+
+1) With middleware
+   e.g. export default clerkMiddleware({domain:'YOUR_DOMAIN',isSatellite:true}); // or the deprecated authMiddleware()
+2) With environment variables e.g.
+   NEXT_PUBLIC_CLERK_DOMAIN='YOUR_DOMAIN'
+   NEXT_PUBLIC_CLERK_IS_SATELLITE='true'
+   `;
+const missingSignInUrlInDev = `
+Invalid signInUrl. A satellite application requires a signInUrl for development instances.
+Check if signInUrl is missing from your configuration or if it is not an absolute URL
+
+1) With middleware
+   e.g. export default clerkMiddleware({signInUrl:'SOME_URL', isSatellite:true}); // or the deprecated authMiddleware()
+2) With environment variables e.g.
+   NEXT_PUBLIC_CLERK_SIGN_IN_URL='SOME_URL'
+   NEXT_PUBLIC_CLERK_IS_SATELLITE='true'`;
+const receivedRequestForIgnoredRoute = (url, matcher) => `Clerk: The middleware was skipped for this request URL: ${url}. For performance reasons, it's recommended to your middleware matcher to:
+export const config = {
+  matcher: ${matcher},
+};
+
+Alternatively, you can set your own ignoredRoutes. See https://clerk.com/docs/nextjs/middleware
+(This log only appears in development mode)
+`;
+const getAuthAuthHeaderMissing = () => authAuthHeaderMissing("getAuth");
+const authAuthHeaderMissing = (helperName = "auth") => `CabinID: ${helperName}() was called but CabinID can't detect usage of authMiddleware(). Please ensure the following:
+-  clerkMiddleware() authMiddleware is used in your Next.js Middleware.
+- Your Middleware matcher is configured to match this route or page.
+- If you are using the src directory, make sure the Middleware file is inside of it.
+`;
+const clockSkewDetected = (verifyMessage) => `Clerk: Clock skew detected. This usually means that your system clock is inaccurate. Clerk will continuously try to issue new tokens, as the existing ones will be treated as "expired" due to clock skew.
+
+To resolve this issue, make sure your system's clock is set to the correct time (e.g. turn off and on automatic time synchronization).
+
+---
+
+${verifyMessage}`;
+const infiniteRedirectLoopDetected = () => `Clerk: Infinite redirect loop detected. That usually means that we were not able to determine the auth state for this request. A list of common causes and solutions follows.
+
+Reason 1:
+Your Clerk instance keys are incorrect, or you recently changed keys (Publishable Key, Secret Key).
+How to resolve:
+-> Make sure you're using the correct keys from the Clerk Dashboard. If you changed keys recently, make sure to clear your browser application data and cookies.
+
+Reason 2:
+A bug that may have already been fixed in the latest version of Clerk NextJS package.
+How to resolve:
+-> Make sure you are using the latest version of '@clerk/nextjs' and 'next'.
+`;
+const informAboutProtectedRouteInfo = (path, hasPublicRoutes, hasIgnoredRoutes, isApiRoute, defaultIgnoredRoutes) => {
+  const infoText = isApiRoute ? `INFO: Clerk: The request to ${path} is being protected (401) because there is no signed-in user, and the path is included in \`apiRoutes\`. To prevent this behavior, choose one of:` : `INFO: Clerk: The request to ${path} is being redirected because there is no signed-in user, and the path is not included in \`ignoredRoutes\` or \`publicRoutes\`. To prevent this behavior, choose one of:`;
+  const apiRoutesText = isApiRoute ? `To prevent Clerk authentication from protecting (401) the api route, remove the rule matching "${path}" from the \`apiRoutes\` array passed to authMiddleware` : void 0;
+  const publicRoutesText = hasPublicRoutes ? `To make the route accessible to both signed in and signed out users, add "${path}" to the \`publicRoutes\` array passed to authMiddleware` : `To make the route accessible to both signed in and signed out users, pass \`publicRoutes: ["${path}"]\` to authMiddleware`;
+  const ignoredRoutes = [...defaultIgnoredRoutes, path].map((r) => `"${r}"`).join(", ");
+  const ignoredRoutesText = hasIgnoredRoutes ? `To prevent Clerk authentication from running at all, add "${path}" to the \`ignoredRoutes\` array passed to authMiddleware` : `To prevent Clerk authentication from running at all, pass \`ignoredRoutes: [${ignoredRoutes}]\` to authMiddleware`;
+  const afterAuthText = "Pass a custom `afterAuth` to authMiddleware, and replace Clerk's default behavior of redirecting unless a route is included in publicRoutes";
+  return `${infoText}
+
+${[apiRoutesText, publicRoutesText, ignoredRoutesText, afterAuthText].filter(Boolean).map((text, index) => `${index + 1}. ${text}`).join("\n")}
+
+For additional information about middleware, please visit https://clerk.com/docs/nextjs/middleware
+(This log only appears in development mode, or if \`debug: true\` is passed to authMiddleware)`;
+};
+const authSignatureInvalid = `Clerk: Unable to verify request, this usually means the Clerk middleware did not run. Ensure Clerk's middleware is properly integrated and matches the current route. For more information, see: https://clerk.com/docs/nextjs/middleware. (code=auth_signature_invalid)`;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  authAuthHeaderMissing,
+  authSignatureInvalid,
+  clockSkewDetected,
+  getAuthAuthHeaderMissing,
+  infiniteRedirectLoopDetected,
+  informAboutProtectedRouteInfo,
+  missingDomainAndProxy,
+  missingSignInUrlInDev,
+  receivedRequestForIgnoredRoute
+});
+//# sourceMappingURL=errors.js.map

package/dist/cjs/server/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/errors.ts"],"sourcesContent":["export const missingDomainAndProxy = `\nMissing domain and proxyUrl. A satellite application needs to specify a domain or a proxyUrl.\n\n1) With middleware\n   e.g. export default clerkMiddleware({domain:'YOUR_DOMAIN',isSatellite:true}); // or the deprecated authMiddleware()\n2) With environment variables e.g.\n   NEXT_PUBLIC_CLERK_DOMAIN='YOUR_DOMAIN'\n   NEXT_PUBLIC_CLERK_IS_SATELLITE='true'\n   `;\n\nexport const missingSignInUrlInDev = `\nInvalid signInUrl. A satellite application requires a signInUrl for development instances.\nCheck if signInUrl is missing from your configuration or if it is not an absolute URL\n\n1) With middleware\n   e.g. export default clerkMiddleware({signInUrl:'SOME_URL', isSatellite:true}); // or the deprecated authMiddleware()\n2) With environment variables e.g.\n   NEXT_PUBLIC_CLERK_SIGN_IN_URL='SOME_URL'\n   NEXT_PUBLIC_CLERK_IS_SATELLITE='true'`;\n\nexport const receivedRequestForIgnoredRoute = (url: string, matcher: string) =>\n  `Clerk: The middleware was skipped for this request URL: ${url}. For performance reasons, it's recommended to your middleware matcher to:\nexport const config = {\n  matcher: ${matcher},\n};\n\nAlternatively, you can set your own ignoredRoutes. See https://clerk.com/docs/nextjs/middleware\n(This log only appears in development mode)\n`;\n\nexport const getAuthAuthHeaderMissing = () => authAuthHeaderMissing('getAuth');\n\nexport const authAuthHeaderMissing = (helperName = 'auth') =>\n  `CabinID: ${helperName}() was called but CabinID can't detect usage of authMiddleware(). Please ensure the following:\n-  clerkMiddleware() authMiddleware is used in your Next.js Middleware.\n- Your Middleware matcher is configured to match this route or page.\n- If you are using the src directory, make sure the Middleware file is inside of it.\n`;\n\nexport const clockSkewDetected = (verifyMessage: string) =>\n  `Clerk: Clock skew detected. This usually means that your system clock is inaccurate. Clerk will continuously try to issue new tokens, as the existing ones will be treated as \"expired\" due to clock skew.\n\nTo resolve this issue, make sure your system's clock is set to the correct time (e.g. turn off and on automatic time synchronization).\n\n---\n\n${verifyMessage}`;\n\nexport const infiniteRedirectLoopDetected = () =>\n  `Clerk: Infinite redirect loop detected. That usually means that we were not able to determine the auth state for this request. A list of common causes and solutions follows.\n\nReason 1:\nYour Clerk instance keys are incorrect, or you recently changed keys (Publishable Key, Secret Key).\nHow to resolve:\n-> Make sure you're using the correct keys from the Clerk Dashboard. If you changed keys recently, make sure to clear your browser application data and cookies.\n\nReason 2:\nA bug that may have already been fixed in the latest version of Clerk NextJS package.\nHow to resolve:\n-> Make sure you are using the latest version of '@clerk/nextjs' and 'next'.\n`;\n\nexport const informAboutProtectedRouteInfo = (\n  path: string,\n  hasPublicRoutes: boolean,\n  hasIgnoredRoutes: boolean,\n  isApiRoute: boolean,\n  defaultIgnoredRoutes: string[]\n) => {\n  const infoText = isApiRoute\n    ? `INFO: Clerk: The request to ${path} is being protected (401) because there is no signed-in user, and the path is included in \\`apiRoutes\\`. To prevent this behavior, choose one of:`\n    : `INFO: Clerk: The request to ${path} is being redirected because there is no signed-in user, and the path is not included in \\`ignoredRoutes\\` or \\`publicRoutes\\`. To prevent this behavior, choose one of:`;\n  const apiRoutesText = isApiRoute\n    ? `To prevent Clerk authentication from protecting (401) the api route, remove the rule matching \"${path}\" from the \\`apiRoutes\\` array passed to authMiddleware`\n    : undefined;\n  const publicRoutesText = hasPublicRoutes\n    ? `To make the route accessible to both signed in and signed out users, add \"${path}\" to the \\`publicRoutes\\` array passed to authMiddleware`\n    : `To make the route accessible to both signed in and signed out users, pass \\`publicRoutes: [\"${path}\"]\\` to authMiddleware`;\n  const ignoredRoutes = [...defaultIgnoredRoutes, path]\n    .map((r) => `\"${r}\"`)\n    .join(', ');\n  const ignoredRoutesText = hasIgnoredRoutes\n    ? `To prevent Clerk authentication from running at all, add \"${path}\" to the \\`ignoredRoutes\\` array passed to authMiddleware`\n    : `To prevent Clerk authentication from running at all, pass \\`ignoredRoutes: [${ignoredRoutes}]\\` to authMiddleware`;\n  const afterAuthText =\n    \"Pass a custom `afterAuth` to authMiddleware, and replace Clerk's default behavior of redirecting unless a route is included in publicRoutes\";\n\n  return `${infoText}\n\n${[apiRoutesText, publicRoutesText, ignoredRoutesText, afterAuthText]\n  .filter(Boolean)\n  .map((text, index) => `${index + 1}. ${text}`)\n  .join('\\n')}\n\nFor additional information about middleware, please visit https://clerk.com/docs/nextjs/middleware\n(This log only appears in development mode, or if \\`debug: true\\` is passed to authMiddleware)`;\n};\n\nexport const authSignatureInvalid = `Clerk: Unable to verify request, this usually means the Clerk middleware did not run. Ensure Clerk's middleware is properly integrated and matches the current route. For more information, see: https://clerk.com/docs/nextjs/middleware. (code=auth_signature_invalid)`;\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAU9B,MAAM,iCAAiC,CAAC,KAAa,YAC1D,2DAA2D,GAAG;AAAA;AAAA,aAEnD,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAOb,MAAM,2BAA2B,MAAM,sBAAsB,SAAS;AAEtE,MAAM,wBAAwB,CAAC,aAAa,WACjD,YAAY,UAAU;AAAA;AAAA;AAAA;AAAA;AAMjB,MAAM,oBAAoB,CAAC,kBAChC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,aAAa;AAER,MAAM,+BAA+B,MAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAaK,MAAM,gCAAgC,CAC3C,MACA,iBACA,kBACA,YACA,yBACG;AACH,QAAM,WAAW,aACb,+BAA+B,IAAI,sJACnC,+BAA+B,IAAI;AACvC,QAAM,gBAAgB,aAClB,kGAAkG,IAAI,4DACtG;AACJ,QAAM,mBAAmB,kBACrB,6EAA6E,IAAI,6DACjF,+FAA+F,IAAI;AACvG,QAAM,gBAAgB,CAAC,GAAG,sBAAsB,IAAI,EACjD,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,EACnB,KAAK,IAAI;AACZ,QAAM,oBAAoB,mBACtB,6DAA6D,IAAI,8DACjE,+EAA+E,aAAa;AAChG,QAAM,gBACJ;AAEF,SAAO,GAAG,QAAQ;AAAA;AAAA,EAElB,CAAC,eAAe,kBAAkB,mBAAmB,aAAa,EACjE,OAAO,OAAO,EACd,IAAI,CAAC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,IAAI,EAAE,EAC5C,KAAK,IAAI,CAAC;AAAA;AAAA;AAAA;AAIb;AAEO,MAAM,uBAAuB;","names":[]}

package/dist/cjs/server/getCurrentUser.js

@@ -21,20 +21,13 @@ __export(getCurrentUser_exports, {
   currentUser: () => currentUser
 });
 module.exports = __toCommonJS(getCurrentUser_exports);
-var import_constants = require("../constants");
 var import_auth = require("./auth");
+var import_http = require("../utils/http");
 async function currentUser() {
-  const { userId } = await (0, import_auth.auth)();
+  const { userId } = (0, import_auth.auth)();
   if (!userId)
     return null;
-  const response = await fetch(`${import_constants.baseApiUrl}/user/${userId}`, {
-    method: "GET",
-    headers: {
-      Authorization: `Bearer ${import_constants.SECRET_KEY}`
-    }
-  });
-  const data = await response.json();
-  return data;
+  return import_http.client.users.getUser(userId);
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/cjs/server/getCurrentUser.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/server/getCurrentUser.ts"],"sourcesContent":["import { User } from '../types';\nimport { baseApiUrl, SECRET_KEY } from '../constants';\n\nimport { auth } from './auth';\n\nexport async function currentUser(): Promise<User | null> {\n  const { userId } = await auth();\n  if (!userId) return null;\n\n  const response = await fetch(`${baseApiUrl}/user/${userId}`, {\n    method: 'GET',\n    headers: {\n      Authorization: `Bearer ${SECRET_KEY}`,\n    },\n  });\n\n  const data: User = await response.json();\n  return data;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAAuC;AAEvC,kBAAqB;AAErB,eAAsB,cAAoC;AACxD,QAAM,EAAE,OAAO,IAAI,UAAM,kBAAK;AAC9B,MAAI,CAAC;AAAQ,WAAO;AAEpB,QAAM,WAAW,MAAM,MAAM,GAAG,2BAAU,SAAS,MAAM,IAAI;AAAA,IAC3D,QAAQ;AAAA,IACR,SAAS;AAAA,MACP,eAAe,UAAU,2BAAU;AAAA,IACrC;AAAA,EACF,CAAC;AAED,QAAM,OAAa,MAAM,SAAS,KAAK;AACvC,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../../../src/server/getCurrentUser.ts"],"sourcesContent":["import { User } from '../types';\nimport { auth } from './auth';\nimport { client } from '../utils/http';\n\nexport async function currentUser(): Promise<User | null> {\n  const { userId } = auth();\n  if (!userId) return null;\n  return client.users.getUser(userId);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,kBAAqB;AACrB,kBAAuB;AAEvB,eAAsB,cAAoC;AACxD,QAAM,EAAE,OAAO,QAAI,kBAAK;AACxB,MAAI,CAAC;AAAQ,WAAO;AACpB,SAAO,mBAAO,MAAM,QAAQ,MAAM;AACpC;","names":[]}

package/dist/cjs/server/index.js

@@ -0,0 +1,32 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var server_exports = {};
+__export(server_exports, {
+  auth: () => import_auth.auth,
+  createRouteMatcher: () => import_routeMatcher.createRouteMatcher
+});
+module.exports = __toCommonJS(server_exports);
+var import_auth = require("./auth");
+var import_routeMatcher = require("./routeMatcher");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  auth,
+  createRouteMatcher
+});
+//# sourceMappingURL=index.js.map

package/dist/cjs/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export { auth } from './auth';\nexport { createRouteMatcher } from './routeMatcher';\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAAqB;AACrB,0BAAmC;","names":[]}

package/dist/cjs/server/middleware.js

@@ -18,27 +18,38 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var middleware_exports = {};
 __export(middleware_exports, {
-  DEFAULT_API_ROUTES: () => DEFAULT_API_ROUTES,
-  DEFAULT_CONFIG_MATCHER: () => DEFAULT_CONFIG_MATCHER,
-  DEFAULT_IGNORED_ROUTES: () => DEFAULT_IGNORED_ROUTES,
-  authMiddleware: () => authMiddleware,
-  createDefaultAfterAuth: () => createDefaultAfterAuth
+  authMiddleware: () => authMiddleware
 });
 module.exports = __toCommonJS(middleware_exports);
 var import_server = require("next/server");
 var import_constants = require("../constants");
-var import_routeMatcher = require("./routeMatcher");
 var import_utils = require("./utils");
+var import_client = require("./client");
+var import_cabinIdRequest = require("../tokens/cabinIdRequest");
+var import_protect = require("./protect");
 var import_createRedirect = require("./createRedirect");
-const DEFAULT_CONFIG_MATCHER = [
-  "/((?!.+\\.[\\w]+$|_next).*)",
-  "/",
-  "/(api|trpc)(.*)"
-];
-const DEFAULT_IGNORED_ROUTES = [`/((?!api|trpc))(_next.*|.+\\.[\\w]+$)`];
-const DEFAULT_API_ROUTES = ["/api/(.*)", "/trpc/(.*)"];
+var import_response = require("../utils/response");
+var import_serverRedirectWithAuth = require("./serverRedirectWithAuth");
+const CONTROL_FLOW_ERROR = {
+  FORCE_NOT_FOUND: "CABIN_ID_PROTECT_REWRITE",
+  REDIRECT_TO_URL: "CABIN_ID_PROTECT_REDIRECT_TO_URL",
+  REDIRECT_TO_SIGN_IN: "CABIN_ID_PROTECT_REDIRECT_TO_SIGN_IN"
+};
+const parseRequestAndEvent = (args) => {
+  return [
+    args[0] instanceof Request ? args[0] : void 0,
+    args[0] instanceof Request ? args[1] : void 0
+  ];
+};
+const parseHandlerAndOptions = (args) => {
+  return [
+    typeof args[0] === "function" ? args[0] : void 0,
+    (args.length === 2 ? args[1] : typeof args[0] === "function" ? {} : args[0]) || {}
+  ];
+};
 const authMiddleware = (...args) => {
-  const [params = {}] = args;
+  const [request, event] = parseRequestAndEvent(args);
+  const [handler, params] = parseHandlerAndOptions(args);
   const publishableKey = (0, import_utils.assertKey)(
     params.publishableKey || import_constants.PUBLISHABLE_KEY,
     () => {
@@ -48,8 +59,8 @@ const authMiddleware = (...args) => {
   const secretKey = (0, import_utils.assertKey)(params.secretKey || import_constants.SECRET_KEY, () => {
     throw new Error("Secret Key is not valid");
   });
-  const signInUrl = params.signInUrl || import_constants.CUSTOM_SIGN_IN_URL;
-  const signUpUrl = params.signUpUrl || import_constants.CUSTOM_SIGN_IN_URL;
+  const signInUrl = params.signInUrl || import_constants.SIGN_IN_URL;
+  const signUpUrl = params.signUpUrl || import_constants.SIGN_UP_URL;
   const options = {
     ...params,
     publishableKey,
@@ -57,109 +68,118 @@ const authMiddleware = (...args) => {
     signInUrl,
     signUpUrl
   };
-  const isIgnoredRoute = (0, import_routeMatcher.createRouteMatcher)(
-    options.ignoredRoutes || DEFAULT_IGNORED_ROUTES
-  );
-  const isPublicRoute = (0, import_routeMatcher.createRouteMatcher)(
-    withDefaultPublicRoutes(options.publicRoutes)
-  );
-  return async (_req) => {
-    const url = _req.nextUrl;
-    const accessToken = url.searchParams.get(import_constants.constants.QueryParams.Token);
-    const userId = url.searchParams.get(import_constants.constants.QueryParams.UserId);
+  const nextMiddleware = async (_request, _event) => {
+    const accessToken = _request.nextUrl.searchParams.get(
+      import_constants.constants.QueryParams.Token
+    );
+    const userId = _request.nextUrl.searchParams.get(
+      import_constants.constants.QueryParams.UserId
+    );
     if (accessToken && userId) {
+      const url = _request.nextUrl;
       const path = url.pathname;
-      const response = import_server.NextResponse.redirect(new URL(path || "/", _req.url));
+      const response = import_server.NextResponse.redirect(
+        new URL(path || "/", _request.url)
+      );
       response.cookies.set(import_constants.constants.Cookies.Client, accessToken);
       response.cookies.set(import_constants.constants.Cookies.User, userId);
       return response;
     }
-    if (isIgnoredRoute(_req) || isPublicRoute(_req)) {
-      return;
+    const cabinIdRequest = (0, import_cabinIdRequest.createCabinIdRequest)(_request);
+    const requestState = await import_client.cabinIdClient.authenticateRequest(
+      cabinIdRequest,
+      options
+    );
+    const authObject = requestState.toAuth();
+    const redirectToSignIn = createMiddlewareRedirectToSignIn(cabinIdRequest);
+    const protect = createMiddlewareProtect(
+      cabinIdRequest,
+      authObject,
+      redirectToSignIn
+    );
+    const authObjWithMethods = Object.assign(
+      authObject,
+      { protect, redirectToSignIn }
+    );
+    let handlerResult = import_server.NextResponse.next();
+    try {
+      handlerResult = await (handler == null ? void 0 : handler(() => authObjWithMethods, _request, _event)) || handlerResult;
+    } catch (e) {
+      handlerResult = handleControlFlowErrors(e, cabinIdRequest, requestState);
+    }
+    if ((0, import_response.isRedirect)(handlerResult)) {
+      return (0, import_serverRedirectWithAuth.serverRedirectWithAuth)(cabinIdRequest, handlerResult);
     }
-    const result = checkAuth(_req);
-    return result;
+    (0, import_utils.decorateRequest)(
+      cabinIdRequest,
+      handlerResult,
+      requestState,
+      options.secretKey
+    );
+    if (requestState.headers) {
+      requestState.headers.forEach((value, key) => {
+        handlerResult.headers.append(key, value);
+      });
+    }
+    return handlerResult;
   };
-};
-const withDefaultPublicRoutes = (publicRoutes) => {
-  if (typeof publicRoutes === "function") {
-    return publicRoutes;
+  if (request && event) {
+    return nextMiddleware(request, event);
   }
-  const routes = [publicRoutes || ""].flat().filter(Boolean);
-  const signInUrl = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || "";
-  if (signInUrl) {
-    routes.push(matchRoutesStartingWith(signInUrl));
-  }
-  const signUpUrl = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || "";
-  if (signUpUrl) {
-    routes.push(matchRoutesStartingWith(signUpUrl));
-  }
-  return routes;
-};
-const matchRoutesStartingWith = (path) => {
-  path = path.replace(/\/$/, "");
-  return new RegExp(`^${path}(/.*)?$`);
-};
-const isRequestMethodIndicatingApiRoute = (req) => {
-  const requestMethod = req.method.toLowerCase();
-  return !["get", "head", "options"].includes(requestMethod);
+  return nextMiddleware;
 };
-const isRequestContentTypeJson = (req) => {
-  const requestContentType = req.headers.get(import_constants.constants.Headers.ContentType);
-  return requestContentType === import_constants.constants.ContentTypes.Json;
-};
-const createApiRoutes = (apiRoutes) => {
-  if (apiRoutes) {
-    return (0, import_routeMatcher.createRouteMatcher)(apiRoutes);
-  }
-  const isDefaultApiRoute = (0, import_routeMatcher.createRouteMatcher)(DEFAULT_API_ROUTES);
-  return (req) => isDefaultApiRoute(req) || isRequestMethodIndicatingApiRoute(req) || isRequestContentTypeJson(req);
+const createMiddlewareRedirectToSignIn = (cabinIdRequest) => {
+  return (opts = {}) => {
+    const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN);
+    err.returnBackUrl = opts.returnBackUrl === null ? "" : opts.returnBackUrl || cabinIdRequest.cabinIdUrl.toString();
+    throw err;
+  };
 };
-const createDefaultAfterAuth = (isPublicRoute, isApiRoute, options) => {
-  return (auth, req) => {
-    if (!auth.userId && !isPublicRoute(req)) {
-      if (isApiRoute(req)) {
-        return (0, import_utils.apiEndpointUnauthorizedNextResponse)();
-      }
-      return (0, import_createRedirect.createRedirect)({
-        redirectAdapter: import_utils.redirectAdapter,
-        signInUrl: options.signInUrl,
-        signUpUrl: options.signUpUrl,
-        publishableKey: options.publishableKey,
-        // We're setting baseUrl to '' here as we want to keep the legacy behavior of
-        // the redirectToSignIn, redirectToSignUp helpers in the backend package.
-        baseUrl: ""
-      }).redirectToSignIn({ returnBackUrl: req.nextUrl.href });
-    }
-    return import_server.NextResponse.next();
+const createMiddlewareProtect = (cabinIdRequest, authObject, redirectToSignIn) => {
+  return (_, options) => {
+    const notFound = () => {
+      throw new Error(CONTROL_FLOW_ERROR.FORCE_NOT_FOUND);
+    };
+    const redirect = (url) => {
+      const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_URL);
+      err.redirectUrl = url;
+      throw err;
+    };
+    return (0, import_protect.createProtect)({
+      request: cabinIdRequest,
+      redirect,
+      notFound,
+      authObject,
+      redirectToSignIn
+    })(options);
   };
 };
-const checkAuth = (req) => {
-  const accessToken = req.cookies.get(import_constants.constants.Cookies.Client);
-  if (!accessToken && req.nextUrl.href !== import_constants.CUSTOM_SIGN_IN_URL) {
-    if (import_constants.CUSTOM_SIGN_IN_URL) {
-      return import_server.NextResponse.redirect(new URL(import_constants.CUSTOM_SIGN_IN_URL));
-    }
-    if (import_constants.frontendApi) {
-      const params = new URLSearchParams({
-        redirect_url: import_constants.CUSTOM_AFTER_SIGN_IN_URL || "/"
-      });
-      return import_server.NextResponse.redirect(
-        new URL(`${import_constants.frontendApi}/sign-in?${params.toString()}`)
+const handleControlFlowErrors = (e, cabinIdRequest, requestState) => {
+  switch (e.message) {
+    case CONTROL_FLOW_ERROR.FORCE_NOT_FOUND:
+      return (0, import_response.setHeader)(
+        import_server.NextResponse.rewrite(
+          `${cabinIdRequest.cabinIdUrl.origin}/cabin_${Date.now()}`
+        ),
+        import_constants.constants.Headers.AuthReason,
+        "protect-rewrite"
       );
-    }
-    throw new Error(
-      "You are not authentication. Please provide CABIN ID PUBLISH KEY to redirect to authentication page"
-    );
+    case CONTROL_FLOW_ERROR.REDIRECT_TO_URL:
+      return (0, import_utils.redirectAdapter)(e.redirectUrl);
+    case CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN:
+      return (0, import_createRedirect.createRedirect)({
+        redirectAdapter: import_utils.redirectAdapter,
+        baseUrl: cabinIdRequest.cabinIdUrl,
+        signInUrl: requestState.signInUrl,
+        signUpUrl: requestState.signUpUrl,
+        publishableKey: requestState.publishableKey
+      }).redirectToSignIn({ returnBackUrl: e.returnBackUrl });
+    default:
+      throw e;
   }
-  return import_server.NextResponse.next();
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  DEFAULT_API_ROUTES,
-  DEFAULT_CONFIG_MATCHER,
-  DEFAULT_IGNORED_ROUTES,
-  authMiddleware,
-  createDefaultAfterAuth
+  authMiddleware
 });
 //# sourceMappingURL=middleware.js.map

package/dist/cjs/server/middleware.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/server/middleware.ts"],"sourcesContent":["import { NextFetchEvent, NextMiddleware, NextResponse } from 'next/server';\nimport { NextRequest } from 'next/server';\nimport {\n  constants,\n  CUSTOM_AFTER_SIGN_IN_URL,\n  CUSTOM_SIGN_IN_URL,\n  frontendApi,\n  PUBLISHABLE_KEY,\n  SECRET_KEY,\n} from '../constants';\nimport { createRouteMatcher, RouteMatcherParam } from './routeMatcher';\nimport {\n  apiEndpointUnauthorizedNextResponse,\n  assertKey,\n  // decorateRequest,\n  redirectAdapter,\n} from './utils';\nimport { NextMiddlewareReturn } from './type';\n// import { isRedirect, setHeader } from '../utils/response';\nimport { createRedirect } from './createRedirect';\n// import { serverRedirectWithAuth } from './serverRedirectWithAuth';\n\ntype BeforeAuthHandler = (\n  req: NextRequest,\n  evt: NextFetchEvent\n) => NextMiddlewareReturn | false | Promise<false>;\n\ntype AfterAuthHandler = (\n  auth: { isPublicRoute: boolean; isApiRoute: boolean },\n  req: NextRequest,\n  evt: NextFetchEvent\n) => NextMiddlewareReturn;\n\nexport type AuthenticateRequestOptions = {\n  publishableKey?: string;\n  secretKey?: string;\n  domain?: string;\n  isSatellite?: boolean;\n  proxyUrl?: string;\n  signInUrl?: string;\n  signUpUrl?: string;\n  afterSignInUrl?: string;\n  afterSignUpUrl?: string;\n};\n\ntype AuthMiddlewareParams = AuthenticateRequestOptions & {\n  /**\n   * A function that is called before the authentication middleware is executed.\n   * If a redirect response is returned, the middleware will respect it and redirect the user.\n   * If false is returned, the auth middleware will not execute and the request will be handled as if the auth middleware was not present.\n   */\n  beforeAuth?: BeforeAuthHandler;\n  /**\n   * A function that is called after the authentication middleware is executed.\n   * This function has access to the auth object and can be used to execute logic based on the auth state.\n   */\n  afterAuth?: AfterAuthHandler;\n  /**\n   * A list of routes that should be accessible without authentication.\n   * You can use glob patterns to match multiple routes or a function to match against the request object.\n   * Path patterns and regular expressions are supported, for example: `['/foo', '/bar(.*)'] or `[/^\\/foo\\/.*$/]`\n   * The sign in and sign up URLs are included by default, unless a function is provided.\n   * For more information, see: https://clerk.com/docs\n   */\n  publicRoutes?: RouteMatcherParam;\n  /**\n   * A list of routes that should be ignored by the middleware.\n   * This list typically includes routes for static files or Next.js internals.\n   * For improved performance, these routes should be skipped using the default config.matcher instead.\n   */\n  ignoredRoutes?: IgnoredRoutesParam;\n  /**\n   * A list of routes that should be treated as API endpoints.\n   * When user is signed out, the middleware will return a 401 response for these routes, instead of redirecting the user.\n   *\n   * If omitted, the following heuristics will be used to determine an API endpoint:\n   * - The route path is ['/api/(.*)', '/trpc/(.*)'],\n   * - or the request has `Content-Type` set to `application/json`,\n   * - or the request method is not one of: `GET`, `OPTIONS` ,` HEAD`\n   *\n   * @default undefined\n   */\n  apiRoutes?: ApiRoutesParam;\n};\n\nexport interface AuthMiddleware {\n  (params?: AuthMiddlewareParams): NextMiddleware;\n}\n\n/**\n * The default ideal matcher that excludes the _next directory (internals) and all static files,\n * but it will match the root route (/) and any routes that start with /api or /trpc.\n */\nexport const DEFAULT_CONFIG_MATCHER = [\n  '/((?!.+\\\\.[\\\\w]+$|_next).*)',\n  '/',\n  '/(api|trpc)(.*)',\n];\n\n/**\n * Any routes matching this path will be ignored by the middleware.\n * This is the inverted version of DEFAULT_CONFIG_MATCHER.\n */\nexport const DEFAULT_IGNORED_ROUTES = [`/((?!api|trpc))(_next.*|.+\\\\.[\\\\w]+$)`];\n/**\n * Any routes matching this path will be treated as API endpoints by the middleware.\n */\nexport const DEFAULT_API_ROUTES = ['/api/(.*)', '/trpc/(.*)'];\n\ntype IgnoredRoutesParam =\n  | Array<RegExp | string>\n  | RegExp\n  | string\n  | ((req: NextRequest) => boolean);\n\ntype ApiRoutesParam = IgnoredRoutesParam;\n\nconst authMiddleware: AuthMiddleware = (...args: unknown[]) => {\n  const [params = {}] = args as [AuthMiddlewareParams?];\n\n  const publishableKey = assertKey(\n    params.publishableKey || PUBLISHABLE_KEY,\n    () => {\n      throw new Error('Publish Key is not exist');\n    }\n  );\n  const secretKey = assertKey(params.secretKey || SECRET_KEY, () => {\n    throw new Error('Secret Key is not valid');\n  });\n\n  const signInUrl = params.signInUrl || CUSTOM_SIGN_IN_URL;\n  const signUpUrl = params.signUpUrl || CUSTOM_SIGN_IN_URL;\n\n  const options = {\n    ...params,\n    publishableKey,\n    secretKey,\n    signInUrl,\n    signUpUrl,\n  };\n\n  const isIgnoredRoute = createRouteMatcher(\n    options.ignoredRoutes || DEFAULT_IGNORED_ROUTES\n  );\n  const isPublicRoute = createRouteMatcher(\n    withDefaultPublicRoutes(options.publicRoutes)\n  );\n  // const isApiRoute = createApiRoutes(options.apiRoutes);\n  // const defaultAfterAuth = createDefaultAfterAuth(\n  //   isPublicRoute,\n  //   isApiRoute,\n  //   options\n  // );\n\n  return async (_req: NextRequest) => {\n    const url = _req.nextUrl;\n\n    const accessToken = url.searchParams.get(constants.QueryParams.Token);\n    const userId = url.searchParams.get(constants.QueryParams.UserId);\n\n    if (accessToken && userId) {\n      const path = url.pathname;\n      const response = NextResponse.redirect(new URL(path || '/', _req.url));\n      response.cookies.set(constants.Cookies.Client, accessToken);\n      response.cookies.set(constants.Cookies.User, userId);\n      return response;\n    }\n\n    if (isIgnoredRoute(_req) || isPublicRoute(_req)) {\n      return;\n    }\n    // const nextRequest = _req;\n\n    // const beforeAuthRes = await (options.beforeAuth &&\n    //   options.beforeAuth(nextRequest, evt));\n\n    // if (beforeAuthRes === false) {\n    //   return setHeader(\n    //     NextResponse.next(),\n    //     constants.Headers.AuthReason,\n    //     'skip'\n    //   );\n    // } else if (beforeAuthRes && isRedirect(beforeAuthRes)) {\n    //   return setHeader(\n    //     beforeAuthRes,\n    //     constants.Headers.AuthReason,\n    //     'before-auth-redirect'\n    //   );\n    // }\n\n    // const requestState = {\n    //   token: accessToken,\n    //   userId,\n    // };\n\n    // const auth = {\n    //   ...requestState,\n    //   isPublicRoute: isPublicRoute(nextRequest),\n    //   isApiRoute: isApiRoute(nextRequest),\n    // };\n\n    // const afterAuthRes = await (options.afterAuth || defaultAfterAuth)(\n    //   auth,\n    //   nextRequest,\n    //   evt\n    // );\n\n    // const finalRes =\n    //   mergeResponses(beforeAuthRes, afterAuthRes) || NextResponse.next();\n\n    // console.log(finalRes);\n\n    // if (isRedirect(finalRes)) {\n    //   const res = serverRedirectWithAuth(finalRes);\n    //   return res;\n    // }\n\n    const result = checkAuth(_req);\n\n    return result;\n  };\n};\n\nconst withDefaultPublicRoutes = (\n  publicRoutes: RouteMatcherParam | undefined\n) => {\n  if (typeof publicRoutes === 'function') {\n    return publicRoutes;\n  }\n\n  const routes = [publicRoutes || ''].flat().filter(Boolean);\n  // TODO: refactor it to use common config file eg SIGN_IN_URL from ./clerkClient\n  // we use process.env for now to support testing\n  const signInUrl = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || '';\n  if (signInUrl) {\n    routes.push(matchRoutesStartingWith(signInUrl));\n  }\n  // TODO: refactor it to use common config file eg SIGN_UP_URL from ./clerkClient\n  // we use process.env for now to support testing\n  const signUpUrl = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || '';\n  if (signUpUrl) {\n    routes.push(matchRoutesStartingWith(signUpUrl));\n  }\n  return routes;\n};\n\nconst matchRoutesStartingWith = (path: string) => {\n  path = path.replace(/\\/$/, '');\n  return new RegExp(`^${path}(/.*)?$`);\n};\n\nconst isRequestMethodIndicatingApiRoute = (req: NextRequest): boolean => {\n  const requestMethod = req.method.toLowerCase();\n  return !['get', 'head', 'options'].includes(requestMethod);\n};\n\nconst isRequestContentTypeJson = (req: NextRequest): boolean => {\n  const requestContentType = req.headers.get(constants.Headers.ContentType);\n  return requestContentType === constants.ContentTypes.Json;\n};\n\n// - Default behavior:\n//    If the route path is `['/api/(.*)*', '*/trpc/(.*)']`\n//    or Request has `Content-Type: application/json`\n//    or Request method is not-GET,OPTIONS,HEAD,\n//    then this is considered an API route.\n//\n// - If the user has provided a specific `apiRoutes` prop in `authMiddleware` then all the above are discarded,\n//   and only routes that match the user’s provided paths are considered API routes.\nconst createApiRoutes = (\n  apiRoutes: RouteMatcherParam | undefined\n): ((req: NextRequest) => boolean) => {\n  if (apiRoutes) {\n    return createRouteMatcher(apiRoutes);\n  }\n  const isDefaultApiRoute = createRouteMatcher(DEFAULT_API_ROUTES);\n  return (req: NextRequest) =>\n    isDefaultApiRoute(req) ||\n    isRequestMethodIndicatingApiRoute(req) ||\n    isRequestContentTypeJson(req);\n};\n\nexport const createDefaultAfterAuth = (\n  isPublicRoute: ReturnType<typeof createRouteMatcher>,\n  isApiRoute: ReturnType<typeof createApiRoutes>,\n  options: {\n    signInUrl: string;\n    signUpUrl: string;\n    publishableKey: string;\n    secretKey: string;\n  }\n) => {\n  return (auth: any, req: NextRequest) => {\n    if (!auth.userId && !isPublicRoute(req)) {\n      if (isApiRoute(req)) {\n        return apiEndpointUnauthorizedNextResponse();\n      }\n      return createRedirect({\n        redirectAdapter,\n        signInUrl: options.signInUrl,\n        signUpUrl: options.signUpUrl,\n        publishableKey: options.publishableKey,\n        // We're setting baseUrl to '' here as we want to keep the legacy behavior of\n        // the redirectToSignIn, redirectToSignUp helpers in the backend package.\n        baseUrl: '',\n      }).redirectToSignIn({ returnBackUrl: req.nextUrl.href });\n    }\n    return NextResponse.next();\n  };\n};\n\nconst checkAuth = (req: NextRequest): any => {\n  const accessToken = req.cookies.get(constants.Cookies.Client);\n\n  if (!accessToken && req.nextUrl.href !== CUSTOM_SIGN_IN_URL) {\n    if (CUSTOM_SIGN_IN_URL) {\n      return NextResponse.redirect(new URL(CUSTOM_SIGN_IN_URL));\n    }\n\n    if (frontendApi) {\n      const params = new URLSearchParams({\n        redirect_url: CUSTOM_AFTER_SIGN_IN_URL || '/',\n      });\n      return NextResponse.redirect(\n        new URL(`${frontendApi}/sign-in?${params.toString()}`)\n      );\n    }\n    throw new Error(\n      'You are not authentication. Please provide CABIN ID PUBLISH KEY to redirect to authentication page'\n    );\n  }\n  return NextResponse.next();\n};\n\nexport { authMiddleware };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA6D;AAE7D,uBAOO;AACP,0BAAsD;AACtD,mBAKO;AAGP,4BAA+B;AA0ExB,MAAM,yBAAyB;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AACF;AAMO,MAAM,yBAAyB,CAAC,uCAAuC;AAIvE,MAAM,qBAAqB,CAAC,aAAa,YAAY;AAU5D,MAAM,iBAAiC,IAAI,SAAoB;AAC7D,QAAM,CAAC,SAAS,CAAC,CAAC,IAAI;AAEtB,QAAM,qBAAiB;AAAA,IACrB,OAAO,kBAAkB;AAAA,IACzB,MAAM;AACJ,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAAA,EACF;AACA,QAAM,gBAAY,wBAAU,OAAO,aAAa,6BAAY,MAAM;AAChE,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C,CAAC;AAED,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,YAAY,OAAO,aAAa;AAEtC,QAAM,UAAU;AAAA,IACd,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,qBAAiB;AAAA,IACrB,QAAQ,iBAAiB;AAAA,EAC3B;AACA,QAAM,oBAAgB;AAAA,IACpB,wBAAwB,QAAQ,YAAY;AAAA,EAC9C;AAQA,SAAO,OAAO,SAAsB;AAClC,UAAM,MAAM,KAAK;AAEjB,UAAM,cAAc,IAAI,aAAa,IAAI,2BAAU,YAAY,KAAK;AACpE,UAAM,SAAS,IAAI,aAAa,IAAI,2BAAU,YAAY,MAAM;AAEhE,QAAI,eAAe,QAAQ;AACzB,YAAM,OAAO,IAAI;AACjB,YAAM,WAAW,2BAAa,SAAS,IAAI,IAAI,QAAQ,KAAK,KAAK,GAAG,CAAC;AACrE,eAAS,QAAQ,IAAI,2BAAU,QAAQ,QAAQ,WAAW;AAC1D,eAAS,QAAQ,IAAI,2BAAU,QAAQ,MAAM,MAAM;AACnD,aAAO;AAAA,IACT;AAEA,QAAI,eAAe,IAAI,KAAK,cAAc,IAAI,GAAG;AAC/C;AAAA,IACF;AA+CA,UAAM,SAAS,UAAU,IAAI;AAE7B,WAAO;AAAA,EACT;AACF;AAEA,MAAM,0BAA0B,CAC9B,iBACG;AACH,MAAI,OAAO,iBAAiB,YAAY;AACtC,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,OAAO,OAAO;AAGzD,QAAM,YAAY,QAAQ,IAAI,iCAAiC;AAC/D,MAAI,WAAW;AACb,WAAO,KAAK,wBAAwB,SAAS,CAAC;AAAA,EAChD;AAGA,QAAM,YAAY,QAAQ,IAAI,iCAAiC;AAC/D,MAAI,WAAW;AACb,WAAO,KAAK,wBAAwB,SAAS,CAAC;AAAA,EAChD;AACA,SAAO;AACT;AAEA,MAAM,0BAA0B,CAAC,SAAiB;AAChD,SAAO,KAAK,QAAQ,OAAO,EAAE;AAC7B,SAAO,IAAI,OAAO,IAAI,IAAI,SAAS;AACrC;AAEA,MAAM,oCAAoC,CAAC,QAA8B;AACvE,QAAM,gBAAgB,IAAI,OAAO,YAAY;AAC7C,SAAO,CAAC,CAAC,OAAO,QAAQ,SAAS,EAAE,SAAS,aAAa;AAC3D;AAEA,MAAM,2BAA2B,CAAC,QAA8B;AAC9D,QAAM,qBAAqB,IAAI,QAAQ,IAAI,2BAAU,QAAQ,WAAW;AACxE,SAAO,uBAAuB,2BAAU,aAAa;AACvD;AAUA,MAAM,kBAAkB,CACtB,cACoC;AACpC,MAAI,WAAW;AACb,eAAO,wCAAmB,SAAS;AAAA,EACrC;AACA,QAAM,wBAAoB,wCAAmB,kBAAkB;AAC/D,SAAO,CAAC,QACN,kBAAkB,GAAG,KACrB,kCAAkC,GAAG,KACrC,yBAAyB,GAAG;AAChC;AAEO,MAAM,yBAAyB,CACpC,eACA,YACA,YAMG;AACH,SAAO,CAAC,MAAW,QAAqB;AACtC,QAAI,CAAC,KAAK,UAAU,CAAC,cAAc,GAAG,GAAG;AACvC,UAAI,WAAW,GAAG,GAAG;AACnB,mBAAO,kDAAoC;AAAA,MAC7C;AACA,iBAAO,sCAAe;AAAA,QACpB;AAAA,QACA,WAAW,QAAQ;AAAA,QACnB,WAAW,QAAQ;AAAA,QACnB,gBAAgB,QAAQ;AAAA;AAAA;AAAA,QAGxB,SAAS;AAAA,MACX,CAAC,EAAE,iBAAiB,EAAE,eAAe,IAAI,QAAQ,KAAK,CAAC;AAAA,IACzD;AACA,WAAO,2BAAa,KAAK;AAAA,EAC3B;AACF;AAEA,MAAM,YAAY,CAAC,QAA0B;AAC3C,QAAM,cAAc,IAAI,QAAQ,IAAI,2BAAU,QAAQ,MAAM;AAE5D,MAAI,CAAC,eAAe,IAAI,QAAQ,SAAS,qCAAoB;AAC3D,QAAI,qCAAoB;AACtB,aAAO,2BAAa,SAAS,IAAI,IAAI,mCAAkB,CAAC;AAAA,IAC1D;AAEA,QAAI,8BAAa;AACf,YAAM,SAAS,IAAI,gBAAgB;AAAA,QACjC,cAAc,6CAA4B;AAAA,MAC5C,CAAC;AACD,aAAO,2BAAa;AAAA,QAClB,IAAI,IAAI,GAAG,4BAAW,YAAY,OAAO,SAAS,CAAC,EAAE;AAAA,MACvD;AAAA,IACF;AACA,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO,2BAAa,KAAK;AAC3B;","names":[]}
+{"version":3,"sources":["../../../src/server/middleware.ts"],"sourcesContent":["import { NextMiddleware, NextResponse } from 'next/server';\nimport {\n  constants,\n  PUBLISHABLE_KEY,\n  SECRET_KEY,\n  SIGN_IN_URL,\n  SIGN_UP_URL,\n} from '../constants';\nimport { assertKey, decorateRequest, redirectAdapter } from './utils';\nimport {\n  NextMiddlewareEvtParam,\n  NextMiddlewareRequestParam,\n  NextMiddlewareReturn,\n} from './type';\nimport { cabinIdClient } from './client';\nimport { CabinIdRequest, createCabinIdRequest } from '../tokens/cabinIdRequest';\nimport { AuthProtect, createProtect } from './protect';\nimport { createRedirect, RedirectFun } from './createRedirect';\nimport { isRedirect, setHeader } from '../utils/response';\nimport { RequestState } from '../tokens/authStatus';\nimport { AuthObject } from '../tokens/authObjects';\nimport { serverRedirectWithAuth } from './serverRedirectWithAuth';\nimport { AuthenticateRequestOptions } from '../api/factory';\n\nconst CONTROL_FLOW_ERROR = {\n  FORCE_NOT_FOUND: 'CABIN_ID_PROTECT_REWRITE',\n  REDIRECT_TO_URL: 'CABIN_ID_PROTECT_REDIRECT_TO_URL',\n  REDIRECT_TO_SIGN_IN: 'CABIN_ID_PROTECT_REDIRECT_TO_SIGN_IN',\n};\n\nexport type CabinIdMiddlewareAuthObject = AuthObject & {\n  protect: AuthProtect;\n  redirectToSignIn: RedirectFun<Response>;\n};\n\nexport type CabinIdMiddlewareAuth = () => CabinIdMiddlewareAuthObject;\n\nexport interface AuthMiddleware {\n  /**\n   * @example\n   * export default clerkMiddleware((auth, request, event) => { ... }, options);\n   */\n  (\n    handler: CabinIdMiddlewareHandler,\n    options?: CabinIdMiddlewareOptions\n  ): NextMiddleware;\n  /**\n   * @example\n   * export default clerkMiddleware(options);\n   */\n  (options?: CabinIdMiddlewareOptions): NextMiddleware;\n  /**\n   * @example\n   * export default clerkMiddleware;\n   */\n  (\n    request: NextMiddlewareRequestParam,\n    event: NextMiddlewareEvtParam\n  ): NextMiddlewareReturn;\n}\n\ntype CabinIdMiddlewareHandler = (\n  auth: CabinIdMiddlewareAuth,\n  request: NextMiddlewareRequestParam,\n  event: NextMiddlewareEvtParam\n) => NextMiddlewareReturn;\n\nexport type CabinIdMiddlewareOptions = AuthenticateRequestOptions;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n  return [\n    args[0] instanceof Request ? args[0] : undefined,\n    args[0] instanceof Request ? args[1] : undefined,\n  ] as [\n    NextMiddlewareRequestParam | undefined,\n    NextMiddlewareEvtParam | undefined,\n  ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n  return [\n    typeof args[0] === 'function' ? args[0] : undefined,\n    (args.length === 2\n      ? args[1]\n      : typeof args[0] === 'function'\n        ? {}\n        : args[0]) || {},\n  ] as [CabinIdMiddlewareHandler | undefined, CabinIdMiddlewareOptions];\n};\n\nconst authMiddleware: AuthMiddleware = (...args: unknown[]): any => {\n  const [request, event] = parseRequestAndEvent(args);\n  const [handler, params] = parseHandlerAndOptions(args);\n\n  const publishableKey = assertKey(\n    params.publishableKey || PUBLISHABLE_KEY,\n    () => {\n      throw new Error('Publish Key is not exist');\n    }\n  );\n  const secretKey = assertKey(params.secretKey || SECRET_KEY, () => {\n    throw new Error('Secret Key is not valid');\n  });\n\n  const signInUrl = params.signInUrl || SIGN_IN_URL;\n  const signUpUrl = params.signUpUrl || SIGN_UP_URL;\n\n  const options = {\n    ...params,\n    publishableKey,\n    secretKey,\n    signInUrl,\n    signUpUrl,\n  };\n\n  const nextMiddleware: NextMiddleware = async (_request, _event) => {\n    const accessToken = _request.nextUrl.searchParams.get(\n      constants.QueryParams.Token\n    );\n    const userId = _request.nextUrl.searchParams.get(\n      constants.QueryParams.UserId\n    );\n\n    if (accessToken && userId) {\n      const url = _request.nextUrl;\n      const path = url.pathname;\n      const response = NextResponse.redirect(\n        new URL(path || '/', _request.url)\n      );\n      response.cookies.set(constants.Cookies.Client, accessToken);\n      response.cookies.set(constants.Cookies.User, userId);\n      return response;\n    }\n\n    const cabinIdRequest = createCabinIdRequest(_request);\n\n    const requestState = await cabinIdClient.authenticateRequest(\n      cabinIdRequest,\n      options\n    );\n\n    const authObject = requestState.toAuth();\n\n    const redirectToSignIn = createMiddlewareRedirectToSignIn(cabinIdRequest);\n\n    const protect = createMiddlewareProtect(\n      cabinIdRequest,\n      authObject,\n      redirectToSignIn\n    );\n\n    const authObjWithMethods: CabinIdMiddlewareAuthObject = Object.assign(\n      authObject,\n      { protect, redirectToSignIn }\n    );\n\n    let handlerResult: Response = NextResponse.next();\n\n    try {\n      handlerResult =\n        (await handler?.(() => authObjWithMethods, _request, _event)) ||\n        handlerResult;\n    } catch (e: any) {\n      handlerResult = handleControlFlowErrors(e, cabinIdRequest, requestState);\n    }\n\n    if (isRedirect(handlerResult)) {\n      return serverRedirectWithAuth(cabinIdRequest, handlerResult);\n    }\n\n    decorateRequest(\n      cabinIdRequest,\n      handlerResult,\n      requestState,\n      options.secretKey\n    );\n\n    // TODO @nikos: we need to make this more generic\n    // and move the logic in clerk/backend\n    if (requestState.headers) {\n      requestState.headers.forEach((value, key) => {\n        handlerResult.headers.append(key, value);\n      });\n    }\n\n    return handlerResult;\n  };\n\n  // If we have a request and event, we're being called as a middleware directly\n  // eg, export default clerkMiddleware;\n  if (request && event) {\n    return nextMiddleware(request, event);\n  }\n\n  // Otherwise, return a middleware that can be called with a request and event\n  // eg, export default clerkMiddleware(auth => { ... });\n  return nextMiddleware;\n};\n\nexport { authMiddleware };\n\nconst createMiddlewareRedirectToSignIn = (\n  cabinIdRequest: CabinIdRequest\n): CabinIdMiddlewareAuthObject['redirectToSignIn'] => {\n  return (opts = {}) => {\n    const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN) as any;\n    err.returnBackUrl =\n      opts.returnBackUrl === null\n        ? ''\n        : opts.returnBackUrl || cabinIdRequest.cabinIdUrl.toString();\n    throw err;\n  };\n};\n\nconst createMiddlewareProtect = (\n  cabinIdRequest: CabinIdRequest,\n  authObject: AuthObject,\n  redirectToSignIn: RedirectFun<Response>\n): CabinIdMiddlewareAuthObject['protect'] => {\n  return ((_: any, options: any) => {\n    const notFound = () => {\n      throw new Error(CONTROL_FLOW_ERROR.FORCE_NOT_FOUND) as any;\n    };\n\n    const redirect = (url: string) => {\n      const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_URL) as any;\n      err.redirectUrl = url;\n      throw err;\n    };\n\n    return createProtect({\n      request: cabinIdRequest,\n      redirect,\n      notFound,\n      authObject,\n      redirectToSignIn,\n    })(options);\n  }) as AuthProtect;\n};\n\n// Handle errors thrown by protect() and redirectToSignIn() calls,\n// as we want to align the APIs between middleware, pages and route handlers\n// Normally, middleware requires to explicitly return a response, but we want to\n// avoid discrepancies between the APIs as it's easy to miss the `return` statement\n// especially when copy-pasting code from one place to another.\n// This function handles the known errors thrown by the APIs described above,\n// and returns the appropriate response.\nconst handleControlFlowErrors = (\n  e: any,\n  cabinIdRequest: CabinIdRequest,\n  requestState: RequestState\n): Response => {\n  switch (e.message) {\n    case CONTROL_FLOW_ERROR.FORCE_NOT_FOUND:\n      // Rewrite to a bogus URL to force not found error\n      return setHeader(\n        NextResponse.rewrite(\n          `${cabinIdRequest.cabinIdUrl.origin}/cabin_${Date.now()}`\n        ),\n        constants.Headers.AuthReason,\n        'protect-rewrite'\n      );\n    case CONTROL_FLOW_ERROR.REDIRECT_TO_URL:\n      return redirectAdapter(e.redirectUrl);\n    case CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN:\n      return createRedirect({\n        redirectAdapter,\n        baseUrl: cabinIdRequest.cabinIdUrl,\n        signInUrl: requestState.signInUrl,\n        signUpUrl: requestState.signUpUrl,\n        publishableKey: requestState.publishableKey,\n      }).redirectToSignIn({ returnBackUrl: e.returnBackUrl });\n    default:\n      throw e;\n  }\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAA6C;AAC7C,uBAMO;AACP,mBAA4D;AAM5D,oBAA8B;AAC9B,4BAAqD;AACrD,qBAA2C;AAC3C,4BAA4C;AAC5C,sBAAsC;AAGtC,oCAAuC;AAGvC,MAAM,qBAAqB;AAAA,EACzB,iBAAiB;AAAA,EACjB,iBAAiB;AAAA,EACjB,qBAAqB;AACvB;AAyCA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AAIF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IACb,KAAK,CAAC,IACN,OAAO,KAAK,CAAC,MAAM,aACjB,CAAC,IACD,KAAK,CAAC,MAAM,CAAC;AAAA,EACrB;AACF;AAEA,MAAM,iBAAiC,IAAI,SAAyB;AAClE,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,qBAAiB;AAAA,IACrB,OAAO,kBAAkB;AAAA,IACzB,MAAM;AACJ,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAAA,EACF;AACA,QAAM,gBAAY,wBAAU,OAAO,aAAa,6BAAY,MAAM;AAChE,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C,CAAC;AAED,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,YAAY,OAAO,aAAa;AAEtC,QAAM,UAAU;AAAA,IACd,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,iBAAiC,OAAO,UAAU,WAAW;AACjE,UAAM,cAAc,SAAS,QAAQ,aAAa;AAAA,MAChD,2BAAU,YAAY;AAAA,IACxB;AACA,UAAM,SAAS,SAAS,QAAQ,aAAa;AAAA,MAC3C,2BAAU,YAAY;AAAA,IACxB;AAEA,QAAI,eAAe,QAAQ;AACzB,YAAM,MAAM,SAAS;AACrB,YAAM,OAAO,IAAI;AACjB,YAAM,WAAW,2BAAa;AAAA,QAC5B,IAAI,IAAI,QAAQ,KAAK,SAAS,GAAG;AAAA,MACnC;AACA,eAAS,QAAQ,IAAI,2BAAU,QAAQ,QAAQ,WAAW;AAC1D,eAAS,QAAQ,IAAI,2BAAU,QAAQ,MAAM,MAAM;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,qBAAiB,4CAAqB,QAAQ;AAEpD,UAAM,eAAe,MAAM,4BAAc;AAAA,MACvC;AAAA,MACA;AAAA,IACF;AAEA,UAAM,aAAa,aAAa,OAAO;AAEvC,UAAM,mBAAmB,iCAAiC,cAAc;AAExE,UAAM,UAAU;AAAA,MACd;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,UAAM,qBAAkD,OAAO;AAAA,MAC7D;AAAA,MACA,EAAE,SAAS,iBAAiB;AAAA,IAC9B;AAEA,QAAI,gBAA0B,2BAAa,KAAK;AAEhD,QAAI;AACF,sBACG,OAAM,mCAAU,MAAM,oBAAoB,UAAU,YACrD;AAAA,IACJ,SAAS,GAAQ;AACf,sBAAgB,wBAAwB,GAAG,gBAAgB,YAAY;AAAA,IACzE;AAEA,YAAI,4BAAW,aAAa,GAAG;AAC7B,iBAAO,sDAAuB,gBAAgB,aAAa;AAAA,IAC7D;AAEA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAIA,QAAI,aAAa,SAAS;AACxB,mBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,sBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,MACzC,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAIA,MAAI,WAAW,OAAO;AACpB,WAAO,eAAe,SAAS,KAAK;AAAA,EACtC;AAIA,SAAO;AACT;AAIA,MAAM,mCAAmC,CACvC,mBACoD;AACpD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,IAAI,MAAM,mBAAmB,mBAAmB;AAC5D,QAAI,gBACF,KAAK,kBAAkB,OACnB,KACA,KAAK,iBAAiB,eAAe,WAAW,SAAS;AAC/D,UAAM;AAAA,EACR;AACF;AAEA,MAAM,0BAA0B,CAC9B,gBACA,YACA,qBAC2C;AAC3C,SAAQ,CAAC,GAAQ,YAAiB;AAChC,UAAM,WAAW,MAAM;AACrB,YAAM,IAAI,MAAM,mBAAmB,eAAe;AAAA,IACpD;AAEA,UAAM,WAAW,CAAC,QAAgB;AAChC,YAAM,MAAM,IAAI,MAAM,mBAAmB,eAAe;AACxD,UAAI,cAAc;AAClB,YAAM;AAAA,IACR;AAEA,eAAO,8BAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,OAAO;AAAA,EACZ;AACF;AASA,MAAM,0BAA0B,CAC9B,GACA,gBACA,iBACa;AACb,UAAQ,EAAE,SAAS;AAAA,IACjB,KAAK,mBAAmB;AAEtB,iBAAO;AAAA,QACL,2BAAa;AAAA,UACX,GAAG,eAAe,WAAW,MAAM,UAAU,KAAK,IAAI,CAAC;AAAA,QACzD;AAAA,QACA,2BAAU,QAAQ;AAAA,QAClB;AAAA,MACF;AAAA,IACF,KAAK,mBAAmB;AACtB,iBAAO,8BAAgB,EAAE,WAAW;AAAA,IACtC,KAAK,mBAAmB;AACtB,iBAAO,sCAAe;AAAA,QACpB;AAAA,QACA,SAAS,eAAe;AAAA,QACxB,WAAW,aAAa;AAAA,QACxB,WAAW,aAAa;AAAA,QACxB,gBAAgB,aAAa;AAAA,MAC/B,CAAC,EAAE,iBAAiB,EAAE,eAAe,EAAE,cAAc,CAAC;AAAA,IACxD;AACE,YAAM;AAAA,EACV;AACF;","names":[]}

package/dist/cjs/server/protect.js

@@ -0,0 +1,69 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var protect_exports = {};
+__export(protect_exports, {
+  createProtect: () => createProtect
+});
+module.exports = __toCommonJS(protect_exports);
+var import_constants = require("../constants");
+const createProtect = (opts) => {
+  const { redirectToSignIn, authObject, redirect, notFound, request } = opts;
+  return (...args) => {
+    var _a, _b, _c, _d, _e, _f;
+    const optionValuesAsParam = ((_a = args[0]) == null ? void 0 : _a.unauthenticatedUrl) || ((_b = args[0]) == null ? void 0 : _b.unauthorizedUrl);
+    const paramsOrFunction = optionValuesAsParam ? void 0 : args[0];
+    const unauthenticatedUrl = ((_c = args[0]) == null ? void 0 : _c.unauthenticatedUrl) || ((_d = args[1]) == null ? void 0 : _d.unauthenticatedUrl);
+    const unauthorizedUrl = ((_e = args[0]) == null ? void 0 : _e.unauthorizedUrl) || ((_f = args[1]) == null ? void 0 : _f.unauthorizedUrl);
+    const handleUnauthenticated = () => {
+      if (unauthenticatedUrl) {
+        return redirect(unauthenticatedUrl);
+      }
+      if (isPageRequest(request)) {
+        return redirectToSignIn();
+      }
+      return notFound();
+    };
+    const handleUnauthorized = () => {
+      if (unauthorizedUrl) {
+        return redirect(unauthorizedUrl);
+      }
+      return notFound();
+    };
+    if (!authObject.userId) {
+      return handleUnauthenticated();
+    }
+    if (!paramsOrFunction) {
+      return authObject;
+    }
+    return handleUnauthorized();
+  };
+};
+const isServerActionRequest = (req) => {
+  var _a, _b;
+  return !!req.headers.get(import_constants.constants.NextHeaders.NextUrl) && (((_a = req.headers.get(import_constants.constants.Headers.Accept)) == null ? void 0 : _a.includes("text/x-component")) || ((_b = req.headers.get(import_constants.constants.Headers.ContentType)) == null ? void 0 : _b.includes("multipart/form-data")) || !!req.headers.get(import_constants.constants.NextHeaders.NextAction));
+};
+const isPageRequest = (req) => {
+  var _a;
+  return req.headers.get(import_constants.constants.Headers.SecFetchDest) === "document" || ((_a = req.headers.get(import_constants.constants.Headers.Accept)) == null ? void 0 : _a.includes("text/html")) || !!req.headers.get(import_constants.constants.NextHeaders.NextUrl) && !isServerActionRequest(req) || !!req.headers.get(import_constants.constants.NextHeaders.NextjsData);
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createProtect
+});
+//# sourceMappingURL=protect.js.map

package/dist/cjs/server/protect.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/protect.ts"],"sourcesContent":["import { AuthObject, SignedInAuthObject } from '../tokens/authObjects';\nimport { constants } from '../constants';\nimport { RedirectFun } from './createRedirect';\n\ntype AuthProtectOptions = {\n  unauthorizedUrl?: string;\n  unauthenticatedUrl?: string;\n};\n\n/**\n * Throws a Nextjs notFound error if user is not authenticated or authorized.\n */\nexport interface AuthProtect {\n  // (\n  //   params?: CheckAuthorizationParamsWithCustomPermissions,\n  //   options?: AuthProtectOptions\n  // ): SignedInAuthObject;\n\n  // (\n  //   params?: (has: CheckAuthorizationWithCustomPermissions) => boolean,\n  //   options?: AuthProtectOptions\n  // ): SignedInAuthObject;\n\n  (options?: AuthProtectOptions): SignedInAuthObject;\n}\n\nexport const createProtect = (opts: {\n  request: Request;\n  authObject: AuthObject;\n  /**\n   * middleware and pages throw a notFound error if signed out\n   * but the middleware needs to throw an error it can catch\n   * use this callback to customise the behavior\n   */\n  notFound: () => never;\n  /**\n   * see {@link notFound} above\n   */\n  redirect: (url: string) => void;\n  /**\n   * protect() in middleware redirects to signInUrl if signed out\n   * protect() in pages throws a notFound error if signed out\n   * use this callback to customise the behavior\n   */\n  redirectToSignIn: RedirectFun<unknown>;\n}): AuthProtect => {\n  const { redirectToSignIn, authObject, redirect, notFound, request } = opts;\n\n  return ((...args: any[]) => {\n    const optionValuesAsParam =\n      args[0]?.unauthenticatedUrl || args[0]?.unauthorizedUrl;\n    const paramsOrFunction = optionValuesAsParam ? undefined : args[0];\n    const unauthenticatedUrl = (args[0]?.unauthenticatedUrl ||\n      args[1]?.unauthenticatedUrl) as string | undefined;\n    const unauthorizedUrl = (args[0]?.unauthorizedUrl ||\n      args[1]?.unauthorizedUrl) as string | undefined;\n\n    const handleUnauthenticated = () => {\n      if (unauthenticatedUrl) {\n        return redirect(unauthenticatedUrl);\n      }\n      if (isPageRequest(request)) {\n        // TODO: Handle runtime values. What happens if runtime values are set in middleware and in ClerkProvider as well?\n        return redirectToSignIn();\n      }\n      return notFound();\n    };\n\n    const handleUnauthorized = () => {\n      if (unauthorizedUrl) {\n        return redirect(unauthorizedUrl);\n      }\n      return notFound();\n    };\n\n    /**\n     * User is not authenticated\n     */\n    if (!authObject.userId) {\n      return handleUnauthenticated();\n    }\n\n    /**\n     * User is authenticated\n     */\n    if (!paramsOrFunction) {\n      return authObject;\n    }\n\n    /**\n     * if a function is passed and returns false then throw not found\n     */\n    // if (typeof paramsOrFunction === 'function') {\n    //   if (paramsOrFunction(authObject.has)) {\n    //     return authObject;\n    //   }\n    //   return handleUnauthorized();\n    // }\n\n    /**\n     * Checking if user is authorized when permission or role is passed\n     */\n    // if (authObject.has(paramsOrFunction)) {\n    //   return authObject;\n    // }\n\n    return handleUnauthorized();\n  }) as AuthProtect;\n};\n\nconst isServerActionRequest = (req: Request) => {\n  return (\n    !!req.headers.get(constants.NextHeaders.NextUrl) &&\n    (req.headers.get(constants.Headers.Accept)?.includes('text/x-component') ||\n      req.headers\n        .get(constants.Headers.ContentType)\n        ?.includes('multipart/form-data') ||\n      !!req.headers.get(constants.NextHeaders.NextAction))\n  );\n};\n\nconst isPageRequest = (req: Request): boolean => {\n  return (\n    req.headers.get(constants.Headers.SecFetchDest) === 'document' ||\n    req.headers.get(constants.Headers.Accept)?.includes('text/html') ||\n    (!!req.headers.get(constants.NextHeaders.NextUrl) &&\n      !isServerActionRequest(req)) ||\n    !!req.headers.get(constants.NextHeaders.NextjsData)\n  );\n};\n\n// In case we want to handle router handlers and server actions differently in the future\n// const isRouteHandler = (req: Request) => {\n//   return !isPageRequest(req) && !isServerAction(req);\n// };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,uBAA0B;AAyBnB,MAAM,gBAAgB,CAAC,SAmBX;AACjB,QAAM,EAAE,kBAAkB,YAAY,UAAU,UAAU,QAAQ,IAAI;AAEtE,SAAQ,IAAI,SAAgB;AAhD9B;AAiDI,UAAM,wBACJ,UAAK,CAAC,MAAN,mBAAS,yBAAsB,UAAK,CAAC,MAAN,mBAAS;AAC1C,UAAM,mBAAmB,sBAAsB,SAAY,KAAK,CAAC;AACjE,UAAM,uBAAsB,UAAK,CAAC,MAAN,mBAAS,yBACnC,UAAK,CAAC,MAAN,mBAAS;AACX,UAAM,oBAAmB,UAAK,CAAC,MAAN,mBAAS,sBAChC,UAAK,CAAC,MAAN,mBAAS;AAEX,UAAM,wBAAwB,MAAM;AAClC,UAAI,oBAAoB;AACtB,eAAO,SAAS,kBAAkB;AAAA,MACpC;AACA,UAAI,cAAc,OAAO,GAAG;AAE1B,eAAO,iBAAiB;AAAA,MAC1B;AACA,aAAO,SAAS;AAAA,IAClB;AAEA,UAAM,qBAAqB,MAAM;AAC/B,UAAI,iBAAiB;AACnB,eAAO,SAAS,eAAe;AAAA,MACjC;AACA,aAAO,SAAS;AAAA,IAClB;AAKA,QAAI,CAAC,WAAW,QAAQ;AACtB,aAAO,sBAAsB;AAAA,IAC/B;AAKA,QAAI,CAAC,kBAAkB;AACrB,aAAO;AAAA,IACT;AAmBA,WAAO,mBAAmB;AAAA,EAC5B;AACF;AAEA,MAAM,wBAAwB,CAAC,QAAiB;AA9GhD;AA+GE,SACE,CAAC,CAAC,IAAI,QAAQ,IAAI,2BAAU,YAAY,OAAO,QAC9C,SAAI,QAAQ,IAAI,2BAAU,QAAQ,MAAM,MAAxC,mBAA2C,SAAS,0BACnD,SAAI,QACD,IAAI,2BAAU,QAAQ,WAAW,MADpC,mBAEI,SAAS,2BACb,CAAC,CAAC,IAAI,QAAQ,IAAI,2BAAU,YAAY,UAAU;AAExD;AAEA,MAAM,gBAAgB,CAAC,QAA0B;AAzHjD;AA0HE,SACE,IAAI,QAAQ,IAAI,2BAAU,QAAQ,YAAY,MAAM,gBACpD,SAAI,QAAQ,IAAI,2BAAU,QAAQ,MAAM,MAAxC,mBAA2C,SAAS,iBACnD,CAAC,CAAC,IAAI,QAAQ,IAAI,2BAAU,YAAY,OAAO,KAC9C,CAAC,sBAAsB,GAAG,KAC5B,CAAC,CAAC,IAAI,QAAQ,IAAI,2BAAU,YAAY,UAAU;AAEtD;","names":[]}

package/dist/cjs/server/routeMatcher.js

@@ -28,6 +28,7 @@ const createRouteMatcher = (routes) => {
   }
   const routePatterns = [routes || ""].flat().filter(Boolean);
   const matchers = precomputePathRegex(routePatterns);
+  console.log(matchers);
   return (req) => matchers.some((matcher) => matcher.test(req.nextUrl.pathname));
 };
 const precomputePathRegex = (patterns) => {