@cabin-id/nextjs 0.1.7 → 0.2.0

package/dist/esm/server/middleware.js

@@ -1,28 +1,38 @@
 import { NextResponse } from "next/server";
 import {
   constants,
-  CUSTOM_AFTER_SIGN_IN_URL,
-  CUSTOM_SIGN_IN_URL,
-  frontendApi,
   PUBLISHABLE_KEY,
-  SECRET_KEY
+  SECRET_KEY,
+  SIGN_IN_URL,
+  SIGN_UP_URL
 } from "../constants";
-import { createRouteMatcher } from "./routeMatcher";
-import {
-  apiEndpointUnauthorizedNextResponse,
-  assertKey,
-  redirectAdapter
-} from "./utils";
+import { assertKey, decorateRequest, redirectAdapter } from "./utils";
+import { cabinIdClient } from "./client";
+import { createCabinIdRequest } from "../tokens/cabinIdRequest";
+import { createProtect } from "./protect";
 import { createRedirect } from "./createRedirect";
-const DEFAULT_CONFIG_MATCHER = [
-  "/((?!.+\\.[\\w]+$|_next).*)",
-  "/",
-  "/(api|trpc)(.*)"
-];
-const DEFAULT_IGNORED_ROUTES = [`/((?!api|trpc))(_next.*|.+\\.[\\w]+$)`];
-const DEFAULT_API_ROUTES = ["/api/(.*)", "/trpc/(.*)"];
+import { isRedirect, setHeader } from "../utils/response";
+import { serverRedirectWithAuth } from "./serverRedirectWithAuth";
+const CONTROL_FLOW_ERROR = {
+  FORCE_NOT_FOUND: "CABIN_ID_PROTECT_REWRITE",
+  REDIRECT_TO_URL: "CABIN_ID_PROTECT_REDIRECT_TO_URL",
+  REDIRECT_TO_SIGN_IN: "CABIN_ID_PROTECT_REDIRECT_TO_SIGN_IN"
+};
+const parseRequestAndEvent = (args) => {
+  return [
+    args[0] instanceof Request ? args[0] : void 0,
+    args[0] instanceof Request ? args[1] : void 0
+  ];
+};
+const parseHandlerAndOptions = (args) => {
+  return [
+    typeof args[0] === "function" ? args[0] : void 0,
+    (args.length === 2 ? args[1] : typeof args[0] === "function" ? {} : args[0]) || {}
+  ];
+};
 const authMiddleware = (...args) => {
-  const [params = {}] = args;
+  const [request, event] = parseRequestAndEvent(args);
+  const [handler, params] = parseHandlerAndOptions(args);
   const publishableKey = assertKey(
     params.publishableKey || PUBLISHABLE_KEY,
     () => {
@@ -32,8 +42,8 @@ const authMiddleware = (...args) => {
   const secretKey = assertKey(params.secretKey || SECRET_KEY, () => {
     throw new Error("Secret Key is not valid");
   });
-  const signInUrl = params.signInUrl || CUSTOM_SIGN_IN_URL;
-  const signUpUrl = params.signUpUrl || CUSTOM_SIGN_IN_URL;
+  const signInUrl = params.signInUrl || SIGN_IN_URL;
+  const signUpUrl = params.signUpUrl || SIGN_UP_URL;
   const options = {
     ...params,
     publishableKey,
@@ -41,108 +51,117 @@ const authMiddleware = (...args) => {
     signInUrl,
     signUpUrl
   };
-  const isIgnoredRoute = createRouteMatcher(
-    options.ignoredRoutes || DEFAULT_IGNORED_ROUTES
-  );
-  const isPublicRoute = createRouteMatcher(
-    withDefaultPublicRoutes(options.publicRoutes)
-  );
-  return async (_req) => {
-    const url = _req.nextUrl;
-    const accessToken = url.searchParams.get(constants.QueryParams.Token);
-    const userId = url.searchParams.get(constants.QueryParams.UserId);
+  const nextMiddleware = async (_request, _event) => {
+    const accessToken = _request.nextUrl.searchParams.get(
+      constants.QueryParams.Token
+    );
+    const userId = _request.nextUrl.searchParams.get(
+      constants.QueryParams.UserId
+    );
     if (accessToken && userId) {
+      const url = _request.nextUrl;
       const path = url.pathname;
-      const response = NextResponse.redirect(new URL(path || "/", _req.url));
+      const response = NextResponse.redirect(
+        new URL(path || "/", _request.url)
+      );
       response.cookies.set(constants.Cookies.Client, accessToken);
       response.cookies.set(constants.Cookies.User, userId);
       return response;
     }
-    if (isIgnoredRoute(_req) || isPublicRoute(_req)) {
-      return;
+    const cabinIdRequest = createCabinIdRequest(_request);
+    const requestState = await cabinIdClient.authenticateRequest(
+      cabinIdRequest,
+      options
+    );
+    const authObject = requestState.toAuth();
+    const redirectToSignIn = createMiddlewareRedirectToSignIn(cabinIdRequest);
+    const protect = createMiddlewareProtect(
+      cabinIdRequest,
+      authObject,
+      redirectToSignIn
+    );
+    const authObjWithMethods = Object.assign(
+      authObject,
+      { protect, redirectToSignIn }
+    );
+    let handlerResult = NextResponse.next();
+    try {
+      handlerResult = await (handler == null ? void 0 : handler(() => authObjWithMethods, _request, _event)) || handlerResult;
+    } catch (e) {
+      handlerResult = handleControlFlowErrors(e, cabinIdRequest, requestState);
+    }
+    if (isRedirect(handlerResult)) {
+      return serverRedirectWithAuth(cabinIdRequest, handlerResult);
     }
-    const result = checkAuth(_req);
-    return result;
+    decorateRequest(
+      cabinIdRequest,
+      handlerResult,
+      requestState,
+      options.secretKey
+    );
+    if (requestState.headers) {
+      requestState.headers.forEach((value, key) => {
+        handlerResult.headers.append(key, value);
+      });
+    }
+    return handlerResult;
   };
-};
-const withDefaultPublicRoutes = (publicRoutes) => {
-  if (typeof publicRoutes === "function") {
-    return publicRoutes;
+  if (request && event) {
+    return nextMiddleware(request, event);
   }
-  const routes = [publicRoutes || ""].flat().filter(Boolean);
-  const signInUrl = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || "";
-  if (signInUrl) {
-    routes.push(matchRoutesStartingWith(signInUrl));
-  }
-  const signUpUrl = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || "";
-  if (signUpUrl) {
-    routes.push(matchRoutesStartingWith(signUpUrl));
-  }
-  return routes;
-};
-const matchRoutesStartingWith = (path) => {
-  path = path.replace(/\/$/, "");
-  return new RegExp(`^${path}(/.*)?$`);
-};
-const isRequestMethodIndicatingApiRoute = (req) => {
-  const requestMethod = req.method.toLowerCase();
-  return !["get", "head", "options"].includes(requestMethod);
+  return nextMiddleware;
 };
-const isRequestContentTypeJson = (req) => {
-  const requestContentType = req.headers.get(constants.Headers.ContentType);
-  return requestContentType === constants.ContentTypes.Json;
-};
-const createApiRoutes = (apiRoutes) => {
-  if (apiRoutes) {
-    return createRouteMatcher(apiRoutes);
-  }
-  const isDefaultApiRoute = createRouteMatcher(DEFAULT_API_ROUTES);
-  return (req) => isDefaultApiRoute(req) || isRequestMethodIndicatingApiRoute(req) || isRequestContentTypeJson(req);
+const createMiddlewareRedirectToSignIn = (cabinIdRequest) => {
+  return (opts = {}) => {
+    const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN);
+    err.returnBackUrl = opts.returnBackUrl === null ? "" : opts.returnBackUrl || cabinIdRequest.cabinIdUrl.toString();
+    throw err;
+  };
 };
-const createDefaultAfterAuth = (isPublicRoute, isApiRoute, options) => {
-  return (auth, req) => {
-    if (!auth.userId && !isPublicRoute(req)) {
-      if (isApiRoute(req)) {
-        return apiEndpointUnauthorizedNextResponse();
-      }
-      return createRedirect({
-        redirectAdapter,
-        signInUrl: options.signInUrl,
-        signUpUrl: options.signUpUrl,
-        publishableKey: options.publishableKey,
-        // We're setting baseUrl to '' here as we want to keep the legacy behavior of
-        // the redirectToSignIn, redirectToSignUp helpers in the backend package.
-        baseUrl: ""
-      }).redirectToSignIn({ returnBackUrl: req.nextUrl.href });
-    }
-    return NextResponse.next();
+const createMiddlewareProtect = (cabinIdRequest, authObject, redirectToSignIn) => {
+  return (_, options) => {
+    const notFound = () => {
+      throw new Error(CONTROL_FLOW_ERROR.FORCE_NOT_FOUND);
+    };
+    const redirect = (url) => {
+      const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_URL);
+      err.redirectUrl = url;
+      throw err;
+    };
+    return createProtect({
+      request: cabinIdRequest,
+      redirect,
+      notFound,
+      authObject,
+      redirectToSignIn
+    })(options);
   };
 };
-const checkAuth = (req) => {
-  const accessToken = req.cookies.get(constants.Cookies.Client);
-  if (!accessToken && req.nextUrl.href !== CUSTOM_SIGN_IN_URL) {
-    if (CUSTOM_SIGN_IN_URL) {
-      return NextResponse.redirect(new URL(CUSTOM_SIGN_IN_URL));
-    }
-    if (frontendApi) {
-      const params = new URLSearchParams({
-        redirect_url: CUSTOM_AFTER_SIGN_IN_URL || "/"
-      });
-      return NextResponse.redirect(
-        new URL(`${frontendApi}/sign-in?${params.toString()}`)
+const handleControlFlowErrors = (e, cabinIdRequest, requestState) => {
+  switch (e.message) {
+    case CONTROL_FLOW_ERROR.FORCE_NOT_FOUND:
+      return setHeader(
+        NextResponse.rewrite(
+          `${cabinIdRequest.cabinIdUrl.origin}/cabin_${Date.now()}`
+        ),
+        constants.Headers.AuthReason,
+        "protect-rewrite"
       );
-    }
-    throw new Error(
-      "You are not authentication. Please provide CABIN ID PUBLISH KEY to redirect to authentication page"
-    );
+    case CONTROL_FLOW_ERROR.REDIRECT_TO_URL:
+      return redirectAdapter(e.redirectUrl);
+    case CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN:
+      return createRedirect({
+        redirectAdapter,
+        baseUrl: cabinIdRequest.cabinIdUrl,
+        signInUrl: requestState.signInUrl,
+        signUpUrl: requestState.signUpUrl,
+        publishableKey: requestState.publishableKey
+      }).redirectToSignIn({ returnBackUrl: e.returnBackUrl });
+    default:
+      throw e;
   }
-  return NextResponse.next();
 };
 export {
-  DEFAULT_API_ROUTES,
-  DEFAULT_CONFIG_MATCHER,
-  DEFAULT_IGNORED_ROUTES,
-  authMiddleware,
-  createDefaultAfterAuth
+  authMiddleware
 };
 //# sourceMappingURL=middleware.js.map

package/dist/esm/server/middleware.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/server/middleware.ts"],"sourcesContent":["import { NextFetchEvent, NextMiddleware, NextResponse } from 'next/server';\nimport { NextRequest } from 'next/server';\nimport {\n  constants,\n  CUSTOM_AFTER_SIGN_IN_URL,\n  CUSTOM_SIGN_IN_URL,\n  frontendApi,\n  PUBLISHABLE_KEY,\n  SECRET_KEY,\n} from '../constants';\nimport { createRouteMatcher, RouteMatcherParam } from './routeMatcher';\nimport {\n  apiEndpointUnauthorizedNextResponse,\n  assertKey,\n  // decorateRequest,\n  redirectAdapter,\n} from './utils';\nimport { NextMiddlewareReturn } from './type';\n// import { isRedirect, setHeader } from '../utils/response';\nimport { createRedirect } from './createRedirect';\n// import { serverRedirectWithAuth } from './serverRedirectWithAuth';\n\ntype BeforeAuthHandler = (\n  req: NextRequest,\n  evt: NextFetchEvent\n) => NextMiddlewareReturn | false | Promise<false>;\n\ntype AfterAuthHandler = (\n  auth: { isPublicRoute: boolean; isApiRoute: boolean },\n  req: NextRequest,\n  evt: NextFetchEvent\n) => NextMiddlewareReturn;\n\nexport type AuthenticateRequestOptions = {\n  publishableKey?: string;\n  secretKey?: string;\n  domain?: string;\n  isSatellite?: boolean;\n  proxyUrl?: string;\n  signInUrl?: string;\n  signUpUrl?: string;\n  afterSignInUrl?: string;\n  afterSignUpUrl?: string;\n};\n\ntype AuthMiddlewareParams = AuthenticateRequestOptions & {\n  /**\n   * A function that is called before the authentication middleware is executed.\n   * If a redirect response is returned, the middleware will respect it and redirect the user.\n   * If false is returned, the auth middleware will not execute and the request will be handled as if the auth middleware was not present.\n   */\n  beforeAuth?: BeforeAuthHandler;\n  /**\n   * A function that is called after the authentication middleware is executed.\n   * This function has access to the auth object and can be used to execute logic based on the auth state.\n   */\n  afterAuth?: AfterAuthHandler;\n  /**\n   * A list of routes that should be accessible without authentication.\n   * You can use glob patterns to match multiple routes or a function to match against the request object.\n   * Path patterns and regular expressions are supported, for example: `['/foo', '/bar(.*)'] or `[/^\\/foo\\/.*$/]`\n   * The sign in and sign up URLs are included by default, unless a function is provided.\n   * For more information, see: https://clerk.com/docs\n   */\n  publicRoutes?: RouteMatcherParam;\n  /**\n   * A list of routes that should be ignored by the middleware.\n   * This list typically includes routes for static files or Next.js internals.\n   * For improved performance, these routes should be skipped using the default config.matcher instead.\n   */\n  ignoredRoutes?: IgnoredRoutesParam;\n  /**\n   * A list of routes that should be treated as API endpoints.\n   * When user is signed out, the middleware will return a 401 response for these routes, instead of redirecting the user.\n   *\n   * If omitted, the following heuristics will be used to determine an API endpoint:\n   * - The route path is ['/api/(.*)', '/trpc/(.*)'],\n   * - or the request has `Content-Type` set to `application/json`,\n   * - or the request method is not one of: `GET`, `OPTIONS` ,` HEAD`\n   *\n   * @default undefined\n   */\n  apiRoutes?: ApiRoutesParam;\n};\n\nexport interface AuthMiddleware {\n  (params?: AuthMiddlewareParams): NextMiddleware;\n}\n\n/**\n * The default ideal matcher that excludes the _next directory (internals) and all static files,\n * but it will match the root route (/) and any routes that start with /api or /trpc.\n */\nexport const DEFAULT_CONFIG_MATCHER = [\n  '/((?!.+\\\\.[\\\\w]+$|_next).*)',\n  '/',\n  '/(api|trpc)(.*)',\n];\n\n/**\n * Any routes matching this path will be ignored by the middleware.\n * This is the inverted version of DEFAULT_CONFIG_MATCHER.\n */\nexport const DEFAULT_IGNORED_ROUTES = [`/((?!api|trpc))(_next.*|.+\\\\.[\\\\w]+$)`];\n/**\n * Any routes matching this path will be treated as API endpoints by the middleware.\n */\nexport const DEFAULT_API_ROUTES = ['/api/(.*)', '/trpc/(.*)'];\n\ntype IgnoredRoutesParam =\n  | Array<RegExp | string>\n  | RegExp\n  | string\n  | ((req: NextRequest) => boolean);\n\ntype ApiRoutesParam = IgnoredRoutesParam;\n\nconst authMiddleware: AuthMiddleware = (...args: unknown[]) => {\n  const [params = {}] = args as [AuthMiddlewareParams?];\n\n  const publishableKey = assertKey(\n    params.publishableKey || PUBLISHABLE_KEY,\n    () => {\n      throw new Error('Publish Key is not exist');\n    }\n  );\n  const secretKey = assertKey(params.secretKey || SECRET_KEY, () => {\n    throw new Error('Secret Key is not valid');\n  });\n\n  const signInUrl = params.signInUrl || CUSTOM_SIGN_IN_URL;\n  const signUpUrl = params.signUpUrl || CUSTOM_SIGN_IN_URL;\n\n  const options = {\n    ...params,\n    publishableKey,\n    secretKey,\n    signInUrl,\n    signUpUrl,\n  };\n\n  const isIgnoredRoute = createRouteMatcher(\n    options.ignoredRoutes || DEFAULT_IGNORED_ROUTES\n  );\n  const isPublicRoute = createRouteMatcher(\n    withDefaultPublicRoutes(options.publicRoutes)\n  );\n  // const isApiRoute = createApiRoutes(options.apiRoutes);\n  // const defaultAfterAuth = createDefaultAfterAuth(\n  //   isPublicRoute,\n  //   isApiRoute,\n  //   options\n  // );\n\n  return async (_req: NextRequest) => {\n    const url = _req.nextUrl;\n\n    const accessToken = url.searchParams.get(constants.QueryParams.Token);\n    const userId = url.searchParams.get(constants.QueryParams.UserId);\n\n    if (accessToken && userId) {\n      const path = url.pathname;\n      const response = NextResponse.redirect(new URL(path || '/', _req.url));\n      response.cookies.set(constants.Cookies.Client, accessToken);\n      response.cookies.set(constants.Cookies.User, userId);\n      return response;\n    }\n\n    if (isIgnoredRoute(_req) || isPublicRoute(_req)) {\n      return;\n    }\n    // const nextRequest = _req;\n\n    // const beforeAuthRes = await (options.beforeAuth &&\n    //   options.beforeAuth(nextRequest, evt));\n\n    // if (beforeAuthRes === false) {\n    //   return setHeader(\n    //     NextResponse.next(),\n    //     constants.Headers.AuthReason,\n    //     'skip'\n    //   );\n    // } else if (beforeAuthRes && isRedirect(beforeAuthRes)) {\n    //   return setHeader(\n    //     beforeAuthRes,\n    //     constants.Headers.AuthReason,\n    //     'before-auth-redirect'\n    //   );\n    // }\n\n    // const requestState = {\n    //   token: accessToken,\n    //   userId,\n    // };\n\n    // const auth = {\n    //   ...requestState,\n    //   isPublicRoute: isPublicRoute(nextRequest),\n    //   isApiRoute: isApiRoute(nextRequest),\n    // };\n\n    // const afterAuthRes = await (options.afterAuth || defaultAfterAuth)(\n    //   auth,\n    //   nextRequest,\n    //   evt\n    // );\n\n    // const finalRes =\n    //   mergeResponses(beforeAuthRes, afterAuthRes) || NextResponse.next();\n\n    // console.log(finalRes);\n\n    // if (isRedirect(finalRes)) {\n    //   const res = serverRedirectWithAuth(finalRes);\n    //   return res;\n    // }\n\n    const result = checkAuth(_req);\n\n    return result;\n  };\n};\n\nconst withDefaultPublicRoutes = (\n  publicRoutes: RouteMatcherParam | undefined\n) => {\n  if (typeof publicRoutes === 'function') {\n    return publicRoutes;\n  }\n\n  const routes = [publicRoutes || ''].flat().filter(Boolean);\n  // TODO: refactor it to use common config file eg SIGN_IN_URL from ./clerkClient\n  // we use process.env for now to support testing\n  const signInUrl = process.env.NEXT_PUBLIC_CLERK_SIGN_IN_URL || '';\n  if (signInUrl) {\n    routes.push(matchRoutesStartingWith(signInUrl));\n  }\n  // TODO: refactor it to use common config file eg SIGN_UP_URL from ./clerkClient\n  // we use process.env for now to support testing\n  const signUpUrl = process.env.NEXT_PUBLIC_CLERK_SIGN_UP_URL || '';\n  if (signUpUrl) {\n    routes.push(matchRoutesStartingWith(signUpUrl));\n  }\n  return routes;\n};\n\nconst matchRoutesStartingWith = (path: string) => {\n  path = path.replace(/\\/$/, '');\n  return new RegExp(`^${path}(/.*)?$`);\n};\n\nconst isRequestMethodIndicatingApiRoute = (req: NextRequest): boolean => {\n  const requestMethod = req.method.toLowerCase();\n  return !['get', 'head', 'options'].includes(requestMethod);\n};\n\nconst isRequestContentTypeJson = (req: NextRequest): boolean => {\n  const requestContentType = req.headers.get(constants.Headers.ContentType);\n  return requestContentType === constants.ContentTypes.Json;\n};\n\n// - Default behavior:\n//    If the route path is `['/api/(.*)*', '*/trpc/(.*)']`\n//    or Request has `Content-Type: application/json`\n//    or Request method is not-GET,OPTIONS,HEAD,\n//    then this is considered an API route.\n//\n// - If the user has provided a specific `apiRoutes` prop in `authMiddleware` then all the above are discarded,\n//   and only routes that match the user’s provided paths are considered API routes.\nconst createApiRoutes = (\n  apiRoutes: RouteMatcherParam | undefined\n): ((req: NextRequest) => boolean) => {\n  if (apiRoutes) {\n    return createRouteMatcher(apiRoutes);\n  }\n  const isDefaultApiRoute = createRouteMatcher(DEFAULT_API_ROUTES);\n  return (req: NextRequest) =>\n    isDefaultApiRoute(req) ||\n    isRequestMethodIndicatingApiRoute(req) ||\n    isRequestContentTypeJson(req);\n};\n\nexport const createDefaultAfterAuth = (\n  isPublicRoute: ReturnType<typeof createRouteMatcher>,\n  isApiRoute: ReturnType<typeof createApiRoutes>,\n  options: {\n    signInUrl: string;\n    signUpUrl: string;\n    publishableKey: string;\n    secretKey: string;\n  }\n) => {\n  return (auth: any, req: NextRequest) => {\n    if (!auth.userId && !isPublicRoute(req)) {\n      if (isApiRoute(req)) {\n        return apiEndpointUnauthorizedNextResponse();\n      }\n      return createRedirect({\n        redirectAdapter,\n        signInUrl: options.signInUrl,\n        signUpUrl: options.signUpUrl,\n        publishableKey: options.publishableKey,\n        // We're setting baseUrl to '' here as we want to keep the legacy behavior of\n        // the redirectToSignIn, redirectToSignUp helpers in the backend package.\n        baseUrl: '',\n      }).redirectToSignIn({ returnBackUrl: req.nextUrl.href });\n    }\n    return NextResponse.next();\n  };\n};\n\nconst checkAuth = (req: NextRequest): any => {\n  const accessToken = req.cookies.get(constants.Cookies.Client);\n\n  if (!accessToken && req.nextUrl.href !== CUSTOM_SIGN_IN_URL) {\n    if (CUSTOM_SIGN_IN_URL) {\n      return NextResponse.redirect(new URL(CUSTOM_SIGN_IN_URL));\n    }\n\n    if (frontendApi) {\n      const params = new URLSearchParams({\n        redirect_url: CUSTOM_AFTER_SIGN_IN_URL || '/',\n      });\n      return NextResponse.redirect(\n        new URL(`${frontendApi}/sign-in?${params.toString()}`)\n      );\n    }\n    throw new Error(\n      'You are not authentication. Please provide CABIN ID PUBLISH KEY to redirect to authentication page'\n    );\n  }\n  return NextResponse.next();\n};\n\nexport { authMiddleware };\n"],"mappings":"AAAA,SAAyC,oBAAoB;AAE7D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,0BAA6C;AACtD;AAAA,EACE;AAAA,EACA;AAAA,EAEA;AAAA,OACK;AAGP,SAAS,sBAAsB;AA0ExB,MAAM,yBAAyB;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AACF;AAMO,MAAM,yBAAyB,CAAC,uCAAuC;AAIvE,MAAM,qBAAqB,CAAC,aAAa,YAAY;AAU5D,MAAM,iBAAiC,IAAI,SAAoB;AAC7D,QAAM,CAAC,SAAS,CAAC,CAAC,IAAI;AAEtB,QAAM,iBAAiB;AAAA,IACrB,OAAO,kBAAkB;AAAA,IACzB,MAAM;AACJ,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAAA,EACF;AACA,QAAM,YAAY,UAAU,OAAO,aAAa,YAAY,MAAM;AAChE,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C,CAAC;AAED,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,YAAY,OAAO,aAAa;AAEtC,QAAM,UAAU;AAAA,IACd,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,iBAAiB;AAAA,IACrB,QAAQ,iBAAiB;AAAA,EAC3B;AACA,QAAM,gBAAgB;AAAA,IACpB,wBAAwB,QAAQ,YAAY;AAAA,EAC9C;AAQA,SAAO,OAAO,SAAsB;AAClC,UAAM,MAAM,KAAK;AAEjB,UAAM,cAAc,IAAI,aAAa,IAAI,UAAU,YAAY,KAAK;AACpE,UAAM,SAAS,IAAI,aAAa,IAAI,UAAU,YAAY,MAAM;AAEhE,QAAI,eAAe,QAAQ;AACzB,YAAM,OAAO,IAAI;AACjB,YAAM,WAAW,aAAa,SAAS,IAAI,IAAI,QAAQ,KAAK,KAAK,GAAG,CAAC;AACrE,eAAS,QAAQ,IAAI,UAAU,QAAQ,QAAQ,WAAW;AAC1D,eAAS,QAAQ,IAAI,UAAU,QAAQ,MAAM,MAAM;AACnD,aAAO;AAAA,IACT;AAEA,QAAI,eAAe,IAAI,KAAK,cAAc,IAAI,GAAG;AAC/C;AAAA,IACF;AA+CA,UAAM,SAAS,UAAU,IAAI;AAE7B,WAAO;AAAA,EACT;AACF;AAEA,MAAM,0BAA0B,CAC9B,iBACG;AACH,MAAI,OAAO,iBAAiB,YAAY;AACtC,WAAO;AAAA,EACT;AAEA,QAAM,SAAS,CAAC,gBAAgB,EAAE,EAAE,KAAK,EAAE,OAAO,OAAO;AAGzD,QAAM,YAAY,QAAQ,IAAI,iCAAiC;AAC/D,MAAI,WAAW;AACb,WAAO,KAAK,wBAAwB,SAAS,CAAC;AAAA,EAChD;AAGA,QAAM,YAAY,QAAQ,IAAI,iCAAiC;AAC/D,MAAI,WAAW;AACb,WAAO,KAAK,wBAAwB,SAAS,CAAC;AAAA,EAChD;AACA,SAAO;AACT;AAEA,MAAM,0BAA0B,CAAC,SAAiB;AAChD,SAAO,KAAK,QAAQ,OAAO,EAAE;AAC7B,SAAO,IAAI,OAAO,IAAI,IAAI,SAAS;AACrC;AAEA,MAAM,oCAAoC,CAAC,QAA8B;AACvE,QAAM,gBAAgB,IAAI,OAAO,YAAY;AAC7C,SAAO,CAAC,CAAC,OAAO,QAAQ,SAAS,EAAE,SAAS,aAAa;AAC3D;AAEA,MAAM,2BAA2B,CAAC,QAA8B;AAC9D,QAAM,qBAAqB,IAAI,QAAQ,IAAI,UAAU,QAAQ,WAAW;AACxE,SAAO,uBAAuB,UAAU,aAAa;AACvD;AAUA,MAAM,kBAAkB,CACtB,cACoC;AACpC,MAAI,WAAW;AACb,WAAO,mBAAmB,SAAS;AAAA,EACrC;AACA,QAAM,oBAAoB,mBAAmB,kBAAkB;AAC/D,SAAO,CAAC,QACN,kBAAkB,GAAG,KACrB,kCAAkC,GAAG,KACrC,yBAAyB,GAAG;AAChC;AAEO,MAAM,yBAAyB,CACpC,eACA,YACA,YAMG;AACH,SAAO,CAAC,MAAW,QAAqB;AACtC,QAAI,CAAC,KAAK,UAAU,CAAC,cAAc,GAAG,GAAG;AACvC,UAAI,WAAW,GAAG,GAAG;AACnB,eAAO,oCAAoC;AAAA,MAC7C;AACA,aAAO,eAAe;AAAA,QACpB;AAAA,QACA,WAAW,QAAQ;AAAA,QACnB,WAAW,QAAQ;AAAA,QACnB,gBAAgB,QAAQ;AAAA;AAAA;AAAA,QAGxB,SAAS;AAAA,MACX,CAAC,EAAE,iBAAiB,EAAE,eAAe,IAAI,QAAQ,KAAK,CAAC;AAAA,IACzD;AACA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAEA,MAAM,YAAY,CAAC,QAA0B;AAC3C,QAAM,cAAc,IAAI,QAAQ,IAAI,UAAU,QAAQ,MAAM;AAE5D,MAAI,CAAC,eAAe,IAAI,QAAQ,SAAS,oBAAoB;AAC3D,QAAI,oBAAoB;AACtB,aAAO,aAAa,SAAS,IAAI,IAAI,kBAAkB,CAAC;AAAA,IAC1D;AAEA,QAAI,aAAa;AACf,YAAM,SAAS,IAAI,gBAAgB;AAAA,QACjC,cAAc,4BAA4B;AAAA,MAC5C,CAAC;AACD,aAAO,aAAa;AAAA,QAClB,IAAI,IAAI,GAAG,WAAW,YAAY,OAAO,SAAS,CAAC,EAAE;AAAA,MACvD;AAAA,IACF;AACA,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO,aAAa,KAAK;AAC3B;","names":[]}
+{"version":3,"sources":["../../../src/server/middleware.ts"],"sourcesContent":["import { NextMiddleware, NextResponse } from 'next/server';\nimport {\n  constants,\n  PUBLISHABLE_KEY,\n  SECRET_KEY,\n  SIGN_IN_URL,\n  SIGN_UP_URL,\n} from '../constants';\nimport { assertKey, decorateRequest, redirectAdapter } from './utils';\nimport {\n  NextMiddlewareEvtParam,\n  NextMiddlewareRequestParam,\n  NextMiddlewareReturn,\n} from './type';\nimport { cabinIdClient } from './client';\nimport { CabinIdRequest, createCabinIdRequest } from '../tokens/cabinIdRequest';\nimport { AuthProtect, createProtect } from './protect';\nimport { createRedirect, RedirectFun } from './createRedirect';\nimport { isRedirect, setHeader } from '../utils/response';\nimport { RequestState } from '../tokens/authStatus';\nimport { AuthObject } from '../tokens/authObjects';\nimport { serverRedirectWithAuth } from './serverRedirectWithAuth';\nimport { AuthenticateRequestOptions } from '../api/factory';\n\nconst CONTROL_FLOW_ERROR = {\n  FORCE_NOT_FOUND: 'CABIN_ID_PROTECT_REWRITE',\n  REDIRECT_TO_URL: 'CABIN_ID_PROTECT_REDIRECT_TO_URL',\n  REDIRECT_TO_SIGN_IN: 'CABIN_ID_PROTECT_REDIRECT_TO_SIGN_IN',\n};\n\nexport type CabinIdMiddlewareAuthObject = AuthObject & {\n  protect: AuthProtect;\n  redirectToSignIn: RedirectFun<Response>;\n};\n\nexport type CabinIdMiddlewareAuth = () => CabinIdMiddlewareAuthObject;\n\nexport interface AuthMiddleware {\n  /**\n   * @example\n   * export default clerkMiddleware((auth, request, event) => { ... }, options);\n   */\n  (\n    handler: CabinIdMiddlewareHandler,\n    options?: CabinIdMiddlewareOptions\n  ): NextMiddleware;\n  /**\n   * @example\n   * export default clerkMiddleware(options);\n   */\n  (options?: CabinIdMiddlewareOptions): NextMiddleware;\n  /**\n   * @example\n   * export default clerkMiddleware;\n   */\n  (\n    request: NextMiddlewareRequestParam,\n    event: NextMiddlewareEvtParam\n  ): NextMiddlewareReturn;\n}\n\ntype CabinIdMiddlewareHandler = (\n  auth: CabinIdMiddlewareAuth,\n  request: NextMiddlewareRequestParam,\n  event: NextMiddlewareEvtParam\n) => NextMiddlewareReturn;\n\nexport type CabinIdMiddlewareOptions = AuthenticateRequestOptions;\n\nconst parseRequestAndEvent = (args: unknown[]) => {\n  return [\n    args[0] instanceof Request ? args[0] : undefined,\n    args[0] instanceof Request ? args[1] : undefined,\n  ] as [\n    NextMiddlewareRequestParam | undefined,\n    NextMiddlewareEvtParam | undefined,\n  ];\n};\n\nconst parseHandlerAndOptions = (args: unknown[]) => {\n  return [\n    typeof args[0] === 'function' ? args[0] : undefined,\n    (args.length === 2\n      ? args[1]\n      : typeof args[0] === 'function'\n        ? {}\n        : args[0]) || {},\n  ] as [CabinIdMiddlewareHandler | undefined, CabinIdMiddlewareOptions];\n};\n\nconst authMiddleware: AuthMiddleware = (...args: unknown[]): any => {\n  const [request, event] = parseRequestAndEvent(args);\n  const [handler, params] = parseHandlerAndOptions(args);\n\n  const publishableKey = assertKey(\n    params.publishableKey || PUBLISHABLE_KEY,\n    () => {\n      throw new Error('Publish Key is not exist');\n    }\n  );\n  const secretKey = assertKey(params.secretKey || SECRET_KEY, () => {\n    throw new Error('Secret Key is not valid');\n  });\n\n  const signInUrl = params.signInUrl || SIGN_IN_URL;\n  const signUpUrl = params.signUpUrl || SIGN_UP_URL;\n\n  const options = {\n    ...params,\n    publishableKey,\n    secretKey,\n    signInUrl,\n    signUpUrl,\n  };\n\n  const nextMiddleware: NextMiddleware = async (_request, _event) => {\n    const accessToken = _request.nextUrl.searchParams.get(\n      constants.QueryParams.Token\n    );\n    const userId = _request.nextUrl.searchParams.get(\n      constants.QueryParams.UserId\n    );\n\n    if (accessToken && userId) {\n      const url = _request.nextUrl;\n      const path = url.pathname;\n      const response = NextResponse.redirect(\n        new URL(path || '/', _request.url)\n      );\n      response.cookies.set(constants.Cookies.Client, accessToken);\n      response.cookies.set(constants.Cookies.User, userId);\n      return response;\n    }\n\n    const cabinIdRequest = createCabinIdRequest(_request);\n\n    const requestState = await cabinIdClient.authenticateRequest(\n      cabinIdRequest,\n      options\n    );\n\n    const authObject = requestState.toAuth();\n\n    const redirectToSignIn = createMiddlewareRedirectToSignIn(cabinIdRequest);\n\n    const protect = createMiddlewareProtect(\n      cabinIdRequest,\n      authObject,\n      redirectToSignIn\n    );\n\n    const authObjWithMethods: CabinIdMiddlewareAuthObject = Object.assign(\n      authObject,\n      { protect, redirectToSignIn }\n    );\n\n    let handlerResult: Response = NextResponse.next();\n\n    try {\n      handlerResult =\n        (await handler?.(() => authObjWithMethods, _request, _event)) ||\n        handlerResult;\n    } catch (e: any) {\n      handlerResult = handleControlFlowErrors(e, cabinIdRequest, requestState);\n    }\n\n    if (isRedirect(handlerResult)) {\n      return serverRedirectWithAuth(cabinIdRequest, handlerResult);\n    }\n\n    decorateRequest(\n      cabinIdRequest,\n      handlerResult,\n      requestState,\n      options.secretKey\n    );\n\n    // TODO @nikos: we need to make this more generic\n    // and move the logic in clerk/backend\n    if (requestState.headers) {\n      requestState.headers.forEach((value, key) => {\n        handlerResult.headers.append(key, value);\n      });\n    }\n\n    return handlerResult;\n  };\n\n  // If we have a request and event, we're being called as a middleware directly\n  // eg, export default clerkMiddleware;\n  if (request && event) {\n    return nextMiddleware(request, event);\n  }\n\n  // Otherwise, return a middleware that can be called with a request and event\n  // eg, export default clerkMiddleware(auth => { ... });\n  return nextMiddleware;\n};\n\nexport { authMiddleware };\n\nconst createMiddlewareRedirectToSignIn = (\n  cabinIdRequest: CabinIdRequest\n): CabinIdMiddlewareAuthObject['redirectToSignIn'] => {\n  return (opts = {}) => {\n    const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN) as any;\n    err.returnBackUrl =\n      opts.returnBackUrl === null\n        ? ''\n        : opts.returnBackUrl || cabinIdRequest.cabinIdUrl.toString();\n    throw err;\n  };\n};\n\nconst createMiddlewareProtect = (\n  cabinIdRequest: CabinIdRequest,\n  authObject: AuthObject,\n  redirectToSignIn: RedirectFun<Response>\n): CabinIdMiddlewareAuthObject['protect'] => {\n  return ((_: any, options: any) => {\n    const notFound = () => {\n      throw new Error(CONTROL_FLOW_ERROR.FORCE_NOT_FOUND) as any;\n    };\n\n    const redirect = (url: string) => {\n      const err = new Error(CONTROL_FLOW_ERROR.REDIRECT_TO_URL) as any;\n      err.redirectUrl = url;\n      throw err;\n    };\n\n    return createProtect({\n      request: cabinIdRequest,\n      redirect,\n      notFound,\n      authObject,\n      redirectToSignIn,\n    })(options);\n  }) as AuthProtect;\n};\n\n// Handle errors thrown by protect() and redirectToSignIn() calls,\n// as we want to align the APIs between middleware, pages and route handlers\n// Normally, middleware requires to explicitly return a response, but we want to\n// avoid discrepancies between the APIs as it's easy to miss the `return` statement\n// especially when copy-pasting code from one place to another.\n// This function handles the known errors thrown by the APIs described above,\n// and returns the appropriate response.\nconst handleControlFlowErrors = (\n  e: any,\n  cabinIdRequest: CabinIdRequest,\n  requestState: RequestState\n): Response => {\n  switch (e.message) {\n    case CONTROL_FLOW_ERROR.FORCE_NOT_FOUND:\n      // Rewrite to a bogus URL to force not found error\n      return setHeader(\n        NextResponse.rewrite(\n          `${cabinIdRequest.cabinIdUrl.origin}/cabin_${Date.now()}`\n        ),\n        constants.Headers.AuthReason,\n        'protect-rewrite'\n      );\n    case CONTROL_FLOW_ERROR.REDIRECT_TO_URL:\n      return redirectAdapter(e.redirectUrl);\n    case CONTROL_FLOW_ERROR.REDIRECT_TO_SIGN_IN:\n      return createRedirect({\n        redirectAdapter,\n        baseUrl: cabinIdRequest.cabinIdUrl,\n        signInUrl: requestState.signInUrl,\n        signUpUrl: requestState.signUpUrl,\n        publishableKey: requestState.publishableKey,\n      }).redirectToSignIn({ returnBackUrl: e.returnBackUrl });\n    default:\n      throw e;\n  }\n};\n"],"mappings":"AAAA,SAAyB,oBAAoB;AAC7C;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,WAAW,iBAAiB,uBAAuB;AAM5D,SAAS,qBAAqB;AAC9B,SAAyB,4BAA4B;AACrD,SAAsB,qBAAqB;AAC3C,SAAS,sBAAmC;AAC5C,SAAS,YAAY,iBAAiB;AAGtC,SAAS,8BAA8B;AAGvC,MAAM,qBAAqB;AAAA,EACzB,iBAAiB;AAAA,EACjB,iBAAiB;AAAA,EACjB,qBAAqB;AACvB;AAyCA,MAAM,uBAAuB,CAAC,SAAoB;AAChD,SAAO;AAAA,IACL,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,IACvC,KAAK,CAAC,aAAa,UAAU,KAAK,CAAC,IAAI;AAAA,EACzC;AAIF;AAEA,MAAM,yBAAyB,CAAC,SAAoB;AAClD,SAAO;AAAA,IACL,OAAO,KAAK,CAAC,MAAM,aAAa,KAAK,CAAC,IAAI;AAAA,KACzC,KAAK,WAAW,IACb,KAAK,CAAC,IACN,OAAO,KAAK,CAAC,MAAM,aACjB,CAAC,IACD,KAAK,CAAC,MAAM,CAAC;AAAA,EACrB;AACF;AAEA,MAAM,iBAAiC,IAAI,SAAyB;AAClE,QAAM,CAAC,SAAS,KAAK,IAAI,qBAAqB,IAAI;AAClD,QAAM,CAAC,SAAS,MAAM,IAAI,uBAAuB,IAAI;AAErD,QAAM,iBAAiB;AAAA,IACrB,OAAO,kBAAkB;AAAA,IACzB,MAAM;AACJ,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAAA,EACF;AACA,QAAM,YAAY,UAAU,OAAO,aAAa,YAAY,MAAM;AAChE,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC3C,CAAC;AAED,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,YAAY,OAAO,aAAa;AAEtC,QAAM,UAAU;AAAA,IACd,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,iBAAiC,OAAO,UAAU,WAAW;AACjE,UAAM,cAAc,SAAS,QAAQ,aAAa;AAAA,MAChD,UAAU,YAAY;AAAA,IACxB;AACA,UAAM,SAAS,SAAS,QAAQ,aAAa;AAAA,MAC3C,UAAU,YAAY;AAAA,IACxB;AAEA,QAAI,eAAe,QAAQ;AACzB,YAAM,MAAM,SAAS;AACrB,YAAM,OAAO,IAAI;AACjB,YAAM,WAAW,aAAa;AAAA,QAC5B,IAAI,IAAI,QAAQ,KAAK,SAAS,GAAG;AAAA,MACnC;AACA,eAAS,QAAQ,IAAI,UAAU,QAAQ,QAAQ,WAAW;AAC1D,eAAS,QAAQ,IAAI,UAAU,QAAQ,MAAM,MAAM;AACnD,aAAO;AAAA,IACT;AAEA,UAAM,iBAAiB,qBAAqB,QAAQ;AAEpD,UAAM,eAAe,MAAM,cAAc;AAAA,MACvC;AAAA,MACA;AAAA,IACF;AAEA,UAAM,aAAa,aAAa,OAAO;AAEvC,UAAM,mBAAmB,iCAAiC,cAAc;AAExE,UAAM,UAAU;AAAA,MACd;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,UAAM,qBAAkD,OAAO;AAAA,MAC7D;AAAA,MACA,EAAE,SAAS,iBAAiB;AAAA,IAC9B;AAEA,QAAI,gBAA0B,aAAa,KAAK;AAEhD,QAAI;AACF,sBACG,OAAM,mCAAU,MAAM,oBAAoB,UAAU,YACrD;AAAA,IACJ,SAAS,GAAQ;AACf,sBAAgB,wBAAwB,GAAG,gBAAgB,YAAY;AAAA,IACzE;AAEA,QAAI,WAAW,aAAa,GAAG;AAC7B,aAAO,uBAAuB,gBAAgB,aAAa;AAAA,IAC7D;AAEA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV;AAIA,QAAI,aAAa,SAAS;AACxB,mBAAa,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AAC3C,sBAAc,QAAQ,OAAO,KAAK,KAAK;AAAA,MACzC,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AAIA,MAAI,WAAW,OAAO;AACpB,WAAO,eAAe,SAAS,KAAK;AAAA,EACtC;AAIA,SAAO;AACT;AAIA,MAAM,mCAAmC,CACvC,mBACoD;AACpD,SAAO,CAAC,OAAO,CAAC,MAAM;AACpB,UAAM,MAAM,IAAI,MAAM,mBAAmB,mBAAmB;AAC5D,QAAI,gBACF,KAAK,kBAAkB,OACnB,KACA,KAAK,iBAAiB,eAAe,WAAW,SAAS;AAC/D,UAAM;AAAA,EACR;AACF;AAEA,MAAM,0BAA0B,CAC9B,gBACA,YACA,qBAC2C;AAC3C,SAAQ,CAAC,GAAQ,YAAiB;AAChC,UAAM,WAAW,MAAM;AACrB,YAAM,IAAI,MAAM,mBAAmB,eAAe;AAAA,IACpD;AAEA,UAAM,WAAW,CAAC,QAAgB;AAChC,YAAM,MAAM,IAAI,MAAM,mBAAmB,eAAe;AACxD,UAAI,cAAc;AAClB,YAAM;AAAA,IACR;AAEA,WAAO,cAAc;AAAA,MACnB,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC,EAAE,OAAO;AAAA,EACZ;AACF;AASA,MAAM,0BAA0B,CAC9B,GACA,gBACA,iBACa;AACb,UAAQ,EAAE,SAAS;AAAA,IACjB,KAAK,mBAAmB;AAEtB,aAAO;AAAA,QACL,aAAa;AAAA,UACX,GAAG,eAAe,WAAW,MAAM,UAAU,KAAK,IAAI,CAAC;AAAA,QACzD;AAAA,QACA,UAAU,QAAQ;AAAA,QAClB;AAAA,MACF;AAAA,IACF,KAAK,mBAAmB;AACtB,aAAO,gBAAgB,EAAE,WAAW;AAAA,IACtC,KAAK,mBAAmB;AACtB,aAAO,eAAe;AAAA,QACpB;AAAA,QACA,SAAS,eAAe;AAAA,QACxB,WAAW,aAAa;AAAA,QACxB,WAAW,aAAa;AAAA,QACxB,gBAAgB,aAAa;AAAA,MAC/B,CAAC,EAAE,iBAAiB,EAAE,eAAe,EAAE,cAAc,CAAC;AAAA,IACxD;AACE,YAAM;AAAA,EACV;AACF;","names":[]}

package/dist/esm/server/protect.js

@@ -0,0 +1,45 @@
+import { constants } from "../constants";
+const createProtect = (opts) => {
+  const { redirectToSignIn, authObject, redirect, notFound, request } = opts;
+  return (...args) => {
+    var _a, _b, _c, _d, _e, _f;
+    const optionValuesAsParam = ((_a = args[0]) == null ? void 0 : _a.unauthenticatedUrl) || ((_b = args[0]) == null ? void 0 : _b.unauthorizedUrl);
+    const paramsOrFunction = optionValuesAsParam ? void 0 : args[0];
+    const unauthenticatedUrl = ((_c = args[0]) == null ? void 0 : _c.unauthenticatedUrl) || ((_d = args[1]) == null ? void 0 : _d.unauthenticatedUrl);
+    const unauthorizedUrl = ((_e = args[0]) == null ? void 0 : _e.unauthorizedUrl) || ((_f = args[1]) == null ? void 0 : _f.unauthorizedUrl);
+    const handleUnauthenticated = () => {
+      if (unauthenticatedUrl) {
+        return redirect(unauthenticatedUrl);
+      }
+      if (isPageRequest(request)) {
+        return redirectToSignIn();
+      }
+      return notFound();
+    };
+    const handleUnauthorized = () => {
+      if (unauthorizedUrl) {
+        return redirect(unauthorizedUrl);
+      }
+      return notFound();
+    };
+    if (!authObject.userId) {
+      return handleUnauthenticated();
+    }
+    if (!paramsOrFunction) {
+      return authObject;
+    }
+    return handleUnauthorized();
+  };
+};
+const isServerActionRequest = (req) => {
+  var _a, _b;
+  return !!req.headers.get(constants.NextHeaders.NextUrl) && (((_a = req.headers.get(constants.Headers.Accept)) == null ? void 0 : _a.includes("text/x-component")) || ((_b = req.headers.get(constants.Headers.ContentType)) == null ? void 0 : _b.includes("multipart/form-data")) || !!req.headers.get(constants.NextHeaders.NextAction));
+};
+const isPageRequest = (req) => {
+  var _a;
+  return req.headers.get(constants.Headers.SecFetchDest) === "document" || ((_a = req.headers.get(constants.Headers.Accept)) == null ? void 0 : _a.includes("text/html")) || !!req.headers.get(constants.NextHeaders.NextUrl) && !isServerActionRequest(req) || !!req.headers.get(constants.NextHeaders.NextjsData);
+};
+export {
+  createProtect
+};
+//# sourceMappingURL=protect.js.map

package/dist/esm/server/protect.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/protect.ts"],"sourcesContent":["import { AuthObject, SignedInAuthObject } from '../tokens/authObjects';\nimport { constants } from '../constants';\nimport { RedirectFun } from './createRedirect';\n\ntype AuthProtectOptions = {\n  unauthorizedUrl?: string;\n  unauthenticatedUrl?: string;\n};\n\n/**\n * Throws a Nextjs notFound error if user is not authenticated or authorized.\n */\nexport interface AuthProtect {\n  // (\n  //   params?: CheckAuthorizationParamsWithCustomPermissions,\n  //   options?: AuthProtectOptions\n  // ): SignedInAuthObject;\n\n  // (\n  //   params?: (has: CheckAuthorizationWithCustomPermissions) => boolean,\n  //   options?: AuthProtectOptions\n  // ): SignedInAuthObject;\n\n  (options?: AuthProtectOptions): SignedInAuthObject;\n}\n\nexport const createProtect = (opts: {\n  request: Request;\n  authObject: AuthObject;\n  /**\n   * middleware and pages throw a notFound error if signed out\n   * but the middleware needs to throw an error it can catch\n   * use this callback to customise the behavior\n   */\n  notFound: () => never;\n  /**\n   * see {@link notFound} above\n   */\n  redirect: (url: string) => void;\n  /**\n   * protect() in middleware redirects to signInUrl if signed out\n   * protect() in pages throws a notFound error if signed out\n   * use this callback to customise the behavior\n   */\n  redirectToSignIn: RedirectFun<unknown>;\n}): AuthProtect => {\n  const { redirectToSignIn, authObject, redirect, notFound, request } = opts;\n\n  return ((...args: any[]) => {\n    const optionValuesAsParam =\n      args[0]?.unauthenticatedUrl || args[0]?.unauthorizedUrl;\n    const paramsOrFunction = optionValuesAsParam ? undefined : args[0];\n    const unauthenticatedUrl = (args[0]?.unauthenticatedUrl ||\n      args[1]?.unauthenticatedUrl) as string | undefined;\n    const unauthorizedUrl = (args[0]?.unauthorizedUrl ||\n      args[1]?.unauthorizedUrl) as string | undefined;\n\n    const handleUnauthenticated = () => {\n      if (unauthenticatedUrl) {\n        return redirect(unauthenticatedUrl);\n      }\n      if (isPageRequest(request)) {\n        // TODO: Handle runtime values. What happens if runtime values are set in middleware and in ClerkProvider as well?\n        return redirectToSignIn();\n      }\n      return notFound();\n    };\n\n    const handleUnauthorized = () => {\n      if (unauthorizedUrl) {\n        return redirect(unauthorizedUrl);\n      }\n      return notFound();\n    };\n\n    /**\n     * User is not authenticated\n     */\n    if (!authObject.userId) {\n      return handleUnauthenticated();\n    }\n\n    /**\n     * User is authenticated\n     */\n    if (!paramsOrFunction) {\n      return authObject;\n    }\n\n    /**\n     * if a function is passed and returns false then throw not found\n     */\n    // if (typeof paramsOrFunction === 'function') {\n    //   if (paramsOrFunction(authObject.has)) {\n    //     return authObject;\n    //   }\n    //   return handleUnauthorized();\n    // }\n\n    /**\n     * Checking if user is authorized when permission or role is passed\n     */\n    // if (authObject.has(paramsOrFunction)) {\n    //   return authObject;\n    // }\n\n    return handleUnauthorized();\n  }) as AuthProtect;\n};\n\nconst isServerActionRequest = (req: Request) => {\n  return (\n    !!req.headers.get(constants.NextHeaders.NextUrl) &&\n    (req.headers.get(constants.Headers.Accept)?.includes('text/x-component') ||\n      req.headers\n        .get(constants.Headers.ContentType)\n        ?.includes('multipart/form-data') ||\n      !!req.headers.get(constants.NextHeaders.NextAction))\n  );\n};\n\nconst isPageRequest = (req: Request): boolean => {\n  return (\n    req.headers.get(constants.Headers.SecFetchDest) === 'document' ||\n    req.headers.get(constants.Headers.Accept)?.includes('text/html') ||\n    (!!req.headers.get(constants.NextHeaders.NextUrl) &&\n      !isServerActionRequest(req)) ||\n    !!req.headers.get(constants.NextHeaders.NextjsData)\n  );\n};\n\n// In case we want to handle router handlers and server actions differently in the future\n// const isRouteHandler = (req: Request) => {\n//   return !isPageRequest(req) && !isServerAction(req);\n// };\n"],"mappings":"AACA,SAAS,iBAAiB;AAyBnB,MAAM,gBAAgB,CAAC,SAmBX;AACjB,QAAM,EAAE,kBAAkB,YAAY,UAAU,UAAU,QAAQ,IAAI;AAEtE,SAAQ,IAAI,SAAgB;AAhD9B;AAiDI,UAAM,wBACJ,UAAK,CAAC,MAAN,mBAAS,yBAAsB,UAAK,CAAC,MAAN,mBAAS;AAC1C,UAAM,mBAAmB,sBAAsB,SAAY,KAAK,CAAC;AACjE,UAAM,uBAAsB,UAAK,CAAC,MAAN,mBAAS,yBACnC,UAAK,CAAC,MAAN,mBAAS;AACX,UAAM,oBAAmB,UAAK,CAAC,MAAN,mBAAS,sBAChC,UAAK,CAAC,MAAN,mBAAS;AAEX,UAAM,wBAAwB,MAAM;AAClC,UAAI,oBAAoB;AACtB,eAAO,SAAS,kBAAkB;AAAA,MACpC;AACA,UAAI,cAAc,OAAO,GAAG;AAE1B,eAAO,iBAAiB;AAAA,MAC1B;AACA,aAAO,SAAS;AAAA,IAClB;AAEA,UAAM,qBAAqB,MAAM;AAC/B,UAAI,iBAAiB;AACnB,eAAO,SAAS,eAAe;AAAA,MACjC;AACA,aAAO,SAAS;AAAA,IAClB;AAKA,QAAI,CAAC,WAAW,QAAQ;AACtB,aAAO,sBAAsB;AAAA,IAC/B;AAKA,QAAI,CAAC,kBAAkB;AACrB,aAAO;AAAA,IACT;AAmBA,WAAO,mBAAmB;AAAA,EAC5B;AACF;AAEA,MAAM,wBAAwB,CAAC,QAAiB;AA9GhD;AA+GE,SACE,CAAC,CAAC,IAAI,QAAQ,IAAI,UAAU,YAAY,OAAO,QAC9C,SAAI,QAAQ,IAAI,UAAU,QAAQ,MAAM,MAAxC,mBAA2C,SAAS,0BACnD,SAAI,QACD,IAAI,UAAU,QAAQ,WAAW,MADpC,mBAEI,SAAS,2BACb,CAAC,CAAC,IAAI,QAAQ,IAAI,UAAU,YAAY,UAAU;AAExD;AAEA,MAAM,gBAAgB,CAAC,QAA0B;AAzHjD;AA0HE,SACE,IAAI,QAAQ,IAAI,UAAU,QAAQ,YAAY,MAAM,gBACpD,SAAI,QAAQ,IAAI,UAAU,QAAQ,MAAM,MAAxC,mBAA2C,SAAS,iBACnD,CAAC,CAAC,IAAI,QAAQ,IAAI,UAAU,YAAY,OAAO,KAC9C,CAAC,sBAAsB,GAAG,KAC5B,CAAC,CAAC,IAAI,QAAQ,IAAI,UAAU,YAAY,UAAU;AAEtD;","names":[]}

package/dist/esm/server/routeMatcher.js

@@ -5,6 +5,7 @@ const createRouteMatcher = (routes) => {
   }
   const routePatterns = [routes || ""].flat().filter(Boolean);
   const matchers = precomputePathRegex(routePatterns);
+  console.log(matchers);
   return (req) => matchers.some((matcher) => matcher.test(req.nextUrl.pathname));
 };
 const precomputePathRegex = (patterns) => {

package/dist/esm/server/routeMatcher.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/server/routeMatcher.ts"],"sourcesContent":["import type Link from \"next/link\";\nimport type { NextRequest } from \"next/server\";\nimport type { Autocomplete } from \"../types\";\nimport { paths } from \"../utils\";\n\ntype WithPathPatternWildcard<T> = `${T & string}(.*)`;\ntype NextTypedRoute<T = Parameters<typeof Link>[\"0\"][\"href\"]> = T extends string\n  ? T\n  : never;\n\ntype RouteMatcherWithNextTypedRoutes = Autocomplete<\n  WithPathPatternWildcard<NextTypedRoute> | NextTypedRoute\n>;\n\nexport type RouteMatcherParam =\n  | Array<RegExp | RouteMatcherWithNextTypedRoutes>\n  | RegExp\n  | RouteMatcherWithNextTypedRoutes\n  | ((req: NextRequest) => boolean);\n\nexport const createRouteMatcher = (routes: RouteMatcherParam) => {\n  if (typeof routes === \"function\") {\n    return (req: NextRequest) => routes(req);\n  }\n\n  const routePatterns = [routes || \"\"].flat().filter(Boolean);\n  const matchers = precomputePathRegex(routePatterns);\n  return (req: NextRequest) =>\n    matchers.some((matcher) => matcher.test(req.nextUrl.pathname));\n};\n\nconst precomputePathRegex = (patterns: Array<string | RegExp>) => {\n  return patterns.map((pattern) =>\n    pattern instanceof RegExp ? pattern : paths.toRegexp(pattern),\n  );\n};\n"],"mappings":"AAGA,SAAS,aAAa;AAiBf,MAAM,qBAAqB,CAAC,WAA8B;AAC/D,MAAI,OAAO,WAAW,YAAY;AAChC,WAAO,CAAC,QAAqB,OAAO,GAAG;AAAA,EACzC;AAEA,QAAM,gBAAgB,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,OAAO,OAAO;AAC1D,QAAM,WAAW,oBAAoB,aAAa;AAClD,SAAO,CAAC,QACN,SAAS,KAAK,CAAC,YAAY,QAAQ,KAAK,IAAI,QAAQ,QAAQ,CAAC;AACjE;AAEA,MAAM,sBAAsB,CAAC,aAAqC;AAChE,SAAO,SAAS;AAAA,IAAI,CAAC,YACnB,mBAAmB,SAAS,UAAU,MAAM,SAAS,OAAO;AAAA,EAC9D;AACF;","names":[]}
+{"version":3,"sources":["../../../src/server/routeMatcher.ts"],"sourcesContent":["import type Link from 'next/link';\nimport type { NextRequest } from 'next/server';\nimport type { Autocomplete } from '../types';\nimport { paths } from '../utils';\n\ntype WithPathPatternWildcard<T> = `${T & string}(.*)`;\ntype NextTypedRoute<T = Parameters<typeof Link>['0']['href']> = T extends string\n  ? T\n  : never;\n\ntype RouteMatcherWithNextTypedRoutes = Autocomplete<\n  WithPathPatternWildcard<NextTypedRoute> | NextTypedRoute\n>;\n\nexport type RouteMatcherParam =\n  | Array<RegExp | RouteMatcherWithNextTypedRoutes>\n  | RegExp\n  | RouteMatcherWithNextTypedRoutes\n  | ((req: NextRequest) => boolean);\n\nexport const createRouteMatcher = (routes: RouteMatcherParam) => {\n  if (typeof routes === 'function') {\n    return (req: NextRequest) => routes(req);\n  }\n  const routePatterns = [routes || ''].flat().filter(Boolean);\n  const matchers = precomputePathRegex(routePatterns);\n  console.log(matchers);\n  return (req: NextRequest) =>\n    matchers.some((matcher) => matcher.test(req.nextUrl.pathname));\n};\n\nconst precomputePathRegex = (patterns: Array<string | RegExp>) => {\n  return patterns.map((pattern) =>\n    pattern instanceof RegExp ? pattern : paths.toRegexp(pattern)\n  );\n};\n"],"mappings":"AAGA,SAAS,aAAa;AAiBf,MAAM,qBAAqB,CAAC,WAA8B;AAC/D,MAAI,OAAO,WAAW,YAAY;AAChC,WAAO,CAAC,QAAqB,OAAO,GAAG;AAAA,EACzC;AACA,QAAM,gBAAgB,CAAC,UAAU,EAAE,EAAE,KAAK,EAAE,OAAO,OAAO;AAC1D,QAAM,WAAW,oBAAoB,aAAa;AAClD,UAAQ,IAAI,QAAQ;AACpB,SAAO,CAAC,QACN,SAAS,KAAK,CAAC,YAAY,QAAQ,KAAK,IAAI,QAAQ,QAAQ,CAAC;AACjE;AAEA,MAAM,sBAAsB,CAAC,aAAqC;AAChE,SAAO,SAAS;AAAA,IAAI,CAAC,YACnB,mBAAmB,SAAS,UAAU,MAAM,SAAS,OAAO;AAAA,EAC9D;AACF;","names":[]}

package/dist/esm/server/serverRedirectWithAuth.js

@@ -1,9 +1,9 @@
 import { NextResponse } from "next/server";
 import { constants } from "../constants";
-const serverRedirectWithAuth = (res) => {
+const serverRedirectWithAuth = (cabinIdRequest, res) => {
   const location = res.headers.get("location");
   const shouldAppendDevBrowser = res.headers.get(constants.Headers.CabinIdRedirectTo) === "true";
-  if (shouldAppendDevBrowser && !!location) {
+  if (shouldAppendDevBrowser && !!location && cabinIdRequest.cabinIdUrl.isCrossOrigin(location)) {
     const url = new URL(location);
     return NextResponse.redirect(url.href, res);
   }

package/dist/esm/server/serverRedirectWithAuth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/server/serverRedirectWithAuth.ts"],"sourcesContent":["import { NextResponse } from 'next/server';\nimport { constants } from '../constants';\n\nexport const serverRedirectWithAuth = (res: Response) => {\n  const location = res.headers.get('location');\n  const shouldAppendDevBrowser =\n    res.headers.get(constants.Headers.CabinIdRedirectTo) === 'true';\n  if (shouldAppendDevBrowser && !!location) {\n    // Next.js 12.1+ allows redirects only to absolute URLs\n    const url = new URL(location);\n    return NextResponse.redirect(url.href, res);\n  }\n  return res;\n};\n"],"mappings":"AAAA,SAAS,oBAAoB;AAC7B,SAAS,iBAAiB;AAEnB,MAAM,yBAAyB,CAAC,QAAkB;AACvD,QAAM,WAAW,IAAI,QAAQ,IAAI,UAAU;AAC3C,QAAM,yBACJ,IAAI,QAAQ,IAAI,UAAU,QAAQ,iBAAiB,MAAM;AAC3D,MAAI,0BAA0B,CAAC,CAAC,UAAU;AAExC,UAAM,MAAM,IAAI,IAAI,QAAQ;AAC5B,WAAO,aAAa,SAAS,IAAI,MAAM,GAAG;AAAA,EAC5C;AACA,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../../../src/server/serverRedirectWithAuth.ts"],"sourcesContent":["import { NextResponse } from 'next/server';\nimport { constants } from '../constants';\nimport { CabinIdRequest } from 'src/tokens/cabinIdRequest';\n\nexport const serverRedirectWithAuth = (\n  cabinIdRequest: CabinIdRequest,\n  res: Response\n) => {\n  const location = res.headers.get('location');\n  const shouldAppendDevBrowser =\n    res.headers.get(constants.Headers.CabinIdRedirectTo) === 'true';\n\n  if (\n    shouldAppendDevBrowser &&\n    !!location &&\n    cabinIdRequest.cabinIdUrl.isCrossOrigin(location)\n  ) {\n    const url = new URL(location);\n    return NextResponse.redirect(url.href, res);\n  }\n  return res;\n};\n"],"mappings":"AAAA,SAAS,oBAAoB;AAC7B,SAAS,iBAAiB;AAGnB,MAAM,yBAAyB,CACpC,gBACA,QACG;AACH,QAAM,WAAW,IAAI,QAAQ,IAAI,UAAU;AAC3C,QAAM,yBACJ,IAAI,QAAQ,IAAI,UAAU,QAAQ,iBAAiB,MAAM;AAE3D,MACE,0BACA,CAAC,CAAC,YACF,eAAe,WAAW,cAAc,QAAQ,GAChD;AACA,UAAM,MAAM,IAAI,IAAI,QAAQ;AAC5B,WAAO,aAAa,SAAS,IAAI,MAAM,GAAG;AAAA,EAC5C;AACA,SAAO;AACT;","names":[]}

package/dist/esm/server/utils.js

@@ -1,4 +1,4 @@
-import { NextResponse } from "next/server";
+import { NextResponse, NextRequest } from "next/server";
 import { constants } from "../constants";
 function assertKey(key, onError) {
   if (!key) {
@@ -69,10 +69,63 @@ function decorateRequest(req, res, requestState, secretKey) {
   }
   return res;
 }
+const buildRequestLike = () => {
+  try {
+    const { headers } = require("next/headers");
+    return new NextRequest("https://placeholder.com", { headers: headers() });
+  } catch (e) {
+    if (e && "message" in e && typeof e.message === "string" && (e.message.toLowerCase().includes("Dynamic server usage".toLowerCase()) || e.message.toLowerCase().includes(
+      "This page needs to bail out of prerendering".toLowerCase()
+    ))) {
+      throw e;
+    }
+    throw new Error(
+      `CabinID: auth() and currentUser() are only supported in App Router (/app directory).
+If you're using /pages, try getAuth() instead.
+Original error: ${e}`
+    );
+  }
+};
+function getCustomAttributeFromRequest(req, key) {
+  return key in req ? req[key] : void 0;
+}
+function getAuthKeyFromRequest(req, key) {
+  return getCustomAttributeFromRequest(req, constants.Attributes[key]) || getHeader(req, constants.Headers[key]);
+}
+function getHeader(req, name) {
+  var _a, _b;
+  if (isNextRequest(req)) {
+    return req.headers.get(name);
+  }
+  return req.headers[name] || req.headers[name.toLowerCase()] || ((_b = (_a = req.socket) == null ? void 0 : _a._httpMessage) == null ? void 0 : _b.getHeader(name));
+}
+function isNextRequest(val) {
+  try {
+    const { headers, nextUrl, cookies } = val || {};
+    return typeof (headers == null ? void 0 : headers.get) === "function" && typeof (nextUrl == null ? void 0 : nextUrl.searchParams.get) === "function" && typeof (cookies == null ? void 0 : cookies.get) === "function";
+  } catch (e) {
+    return false;
+  }
+}
+function getCookie(req, name) {
+  if (isNextRequest(req)) {
+    const reqCookieOrString = req.cookies.get(name);
+    if (!reqCookieOrString) {
+      return void 0;
+    }
+    return typeof reqCookieOrString === "string" ? reqCookieOrString : reqCookieOrString.value;
+  }
+  return req.cookies[name];
+}
 export {
   apiEndpointUnauthorizedNextResponse,
   assertKey,
+  buildRequestLike,
   decorateRequest,
+  getAuthKeyFromRequest,
+  getCookie,
+  getCustomAttributeFromRequest,
+  getHeader,
   redirectAdapter,
   setRequestHeadersOnNextResponse
 };

package/dist/esm/server/utils.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\nimport { constants } from '../constants';\n\nexport function assertKey(key: string, onError: () => never): string {\n  if (!key) {\n    onError();\n  }\n\n  return key;\n}\n\nexport const apiEndpointUnauthorizedNextResponse = () => {\n  return NextResponse.json(null, { status: 401, statusText: 'Unauthorized' });\n};\n\nexport const redirectAdapter = (url: string | URL) => {\n  return NextResponse.redirect(url, {\n    headers: { [constants.Headers.CabinIdRedirectTo]: 'true' },\n  });\n};\n\nconst OVERRIDE_HEADERS = 'x-middleware-override-headers';\nconst MIDDLEWARE_HEADER_PREFIX = 'x-middleware-request' as string;\n\nexport const setRequestHeadersOnNextResponse = (\n  res: NextResponse | Response,\n  req: Request,\n  newHeaders: Record<string, string>\n) => {\n  if (!res.headers.get(OVERRIDE_HEADERS)) {\n    // Emulate a user setting overrides by explicitly adding the required nextjs headers\n    // https://github.com/vercel/next.js/pull/41380\n    // @ts-expect-error\n    res.headers.set(OVERRIDE_HEADERS, [...req.headers.keys()]);\n    req.headers.forEach((val, key) => {\n      res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n    });\n  }\n\n  // Now that we have normalised res to include overrides, just append the new header\n  Object.entries(newHeaders).forEach(([key, val]) => {\n    res.headers.set(\n      OVERRIDE_HEADERS,\n      `${res.headers.get(OVERRIDE_HEADERS)},${key}`\n    );\n    res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n  });\n};\n\n/**\n * Compute a cryptographic signature from a session token and provided secret key. Used to validate that the token has not been modified when transferring between middleware and the Next.js origin.\n */\nfunction createTokenSignature(token: string, key: string): string {\n  return `${token}${key}`;\n}\n\ntype RequestState = any;\n\n// Auth result will be set as both a query param & header when applicable\nexport function decorateRequest(\n  req: NextRequest,\n  res: Response,\n  requestState: RequestState,\n  secretKey: string\n): Response {\n  const { token } = requestState;\n  // pass-through case, convert to next()\n  if (!res) {\n    res = NextResponse.next();\n  }\n\n  // redirect() case, return early\n  if (res.headers.get(constants.NextHeaders.NextRedirect)) {\n    return res;\n  }\n\n  let rewriteURL;\n\n  // next() case, convert to a rewrite\n  if (res.headers.get(constants.NextHeaders.NextResume) === '1') {\n    res.headers.delete(constants.NextHeaders.NextResume);\n    rewriteURL = new URL(req.url);\n  }\n\n  // rewrite() case, set auth result only if origin remains the same\n  const rewriteURLHeader = res.headers.get(constants.NextHeaders.NextRewrite);\n\n  if (rewriteURLHeader) {\n    const reqURL = new URL(req.url);\n    rewriteURL = new URL(rewriteURLHeader);\n\n    // if the origin has changed, return early\n    if (rewriteURL.origin !== reqURL.origin) {\n      return res;\n    }\n  }\n\n  if (rewriteURL) {\n    setRequestHeadersOnNextResponse(res, req, {\n      [constants.Headers.AuthToken]: token || '',\n      [constants.Headers.AuthSignature]: token\n        ? createTokenSignature(token, secretKey)\n        : '',\n    });\n    const origin = rewriteURL?.origin;\n    const pathName = rewriteURL?.pathname;\n\n    res.headers.set(\n      constants.NextHeaders.NextRewrite,\n      `${origin}${pathName || ''}`\n    );\n  }\n  return res;\n}\n"],"mappings":"AAAA,SAAS,oBAAoB;AAE7B,SAAS,iBAAiB;AAEnB,SAAS,UAAU,KAAa,SAA8B;AACnE,MAAI,CAAC,KAAK;AACR,YAAQ;AAAA,EACV;AAEA,SAAO;AACT;AAEO,MAAM,sCAAsC,MAAM;AACvD,SAAO,aAAa,KAAK,MAAM,EAAE,QAAQ,KAAK,YAAY,eAAe,CAAC;AAC5E;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,aAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,UAAU,QAAQ,iBAAiB,GAAG,OAAO;AAAA,EAC3D,CAAC;AACH;AAEA,MAAM,mBAAmB;AACzB,MAAM,2BAA2B;AAE1B,MAAM,kCAAkC,CAC7C,KACA,KACA,eACG;AACH,MAAI,CAAC,IAAI,QAAQ,IAAI,gBAAgB,GAAG;AAItC,QAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAC;AACzD,QAAI,QAAQ,QAAQ,CAAC,KAAK,QAAQ;AAChC,UAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,IAC3D,CAAC;AAAA,EACH;AAGA,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,GAAG,MAAM;AACjD,QAAI,QAAQ;AAAA,MACV;AAAA,MACA,GAAG,IAAI,QAAQ,IAAI,gBAAgB,CAAC,IAAI,GAAG;AAAA,IAC7C;AACA,QAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,EAC3D,CAAC;AACH;AAKA,SAAS,qBAAqB,OAAe,KAAqB;AAChE,SAAO,GAAG,KAAK,GAAG,GAAG;AACvB;AAKO,SAAS,gBACd,KACA,KACA,cACA,WACU;AACV,QAAM,EAAE,MAAM,IAAI;AAElB,MAAI,CAAC,KAAK;AACR,UAAM,aAAa,KAAK;AAAA,EAC1B;AAGA,MAAI,IAAI,QAAQ,IAAI,UAAU,YAAY,YAAY,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI;AAGJ,MAAI,IAAI,QAAQ,IAAI,UAAU,YAAY,UAAU,MAAM,KAAK;AAC7D,QAAI,QAAQ,OAAO,UAAU,YAAY,UAAU;AACnD,iBAAa,IAAI,IAAI,IAAI,GAAG;AAAA,EAC9B;AAGA,QAAM,mBAAmB,IAAI,QAAQ,IAAI,UAAU,YAAY,WAAW;AAE1E,MAAI,kBAAkB;AACpB,UAAM,SAAS,IAAI,IAAI,IAAI,GAAG;AAC9B,iBAAa,IAAI,IAAI,gBAAgB;AAGrC,QAAI,WAAW,WAAW,OAAO,QAAQ;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,YAAY;AACd,oCAAgC,KAAK,KAAK;AAAA,MACxC,CAAC,UAAU,QAAQ,SAAS,GAAG,SAAS;AAAA,MACxC,CAAC,UAAU,QAAQ,aAAa,GAAG,QAC/B,qBAAqB,OAAO,SAAS,IACrC;AAAA,IACN,CAAC;AACD,UAAM,SAAS,yCAAY;AAC3B,UAAM,WAAW,yCAAY;AAE7B,QAAI,QAAQ;AAAA,MACV,UAAU,YAAY;AAAA,MACtB,GAAG,MAAM,GAAG,YAAY,EAAE;AAAA,IAC5B;AAAA,EACF;AACA,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../../../src/server/utils.ts"],"sourcesContent":["import { NextResponse, NextRequest } from 'next/server';\nimport { constants } from '../constants';\nimport { CabinIdRequest } from '../tokens/cabinIdRequest';\nimport { RequestLike } from './type';\n\nexport function assertKey(key: string, onError: () => never): string {\n  if (!key) {\n    onError();\n  }\n\n  return key;\n}\n\nexport const apiEndpointUnauthorizedNextResponse = () => {\n  return NextResponse.json(null, { status: 401, statusText: 'Unauthorized' });\n};\n\nexport const redirectAdapter = (url: string | URL) => {\n  return NextResponse.redirect(url, {\n    headers: { [constants.Headers.CabinIdRedirectTo]: 'true' },\n  });\n};\n\nconst OVERRIDE_HEADERS = 'x-middleware-override-headers';\nconst MIDDLEWARE_HEADER_PREFIX = 'x-middleware-request' as string;\n\nexport const setRequestHeadersOnNextResponse = (\n  res: NextResponse | Response,\n  req: Request,\n  newHeaders: Record<string, string>\n) => {\n  if (!res.headers.get(OVERRIDE_HEADERS)) {\n    // Emulate a user setting overrides by explicitly adding the required nextjs headers\n    // https://github.com/vercel/next.js/pull/41380\n    // @ts-expect-error\n    res.headers.set(OVERRIDE_HEADERS, [...req.headers.keys()]);\n    req.headers.forEach((val, key) => {\n      res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n    });\n  }\n\n  // Now that we have normalised res to include overrides, just append the new header\n  Object.entries(newHeaders).forEach(([key, val]) => {\n    res.headers.set(\n      OVERRIDE_HEADERS,\n      `${res.headers.get(OVERRIDE_HEADERS)},${key}`\n    );\n    res.headers.set(`${MIDDLEWARE_HEADER_PREFIX}-${key}`, val);\n  });\n};\n\n/**\n * Compute a cryptographic signature from a session token and provided secret key. Used to validate that the token has not been modified when transferring between middleware and the Next.js origin.\n */\nfunction createTokenSignature(token: string, key: string): string {\n  return `${token}${key}`;\n}\n\ntype RequestState = any;\n\n// Auth result will be set as both a query param & header when applicable\nexport function decorateRequest(\n  req: CabinIdRequest,\n  res: Response,\n  requestState: RequestState,\n  secretKey: string\n): Response {\n  const { token } = requestState;\n\n  // pass-through case, convert to next()\n  if (!res) {\n    res = NextResponse.next();\n  }\n\n  // redirect() case, return early\n  if (res.headers.get(constants.NextHeaders.NextRedirect)) {\n    return res;\n  }\n\n  let rewriteURL;\n\n  // next() case, convert to a rewrite\n  if (res.headers.get(constants.NextHeaders.NextResume) === '1') {\n    res.headers.delete(constants.NextHeaders.NextResume);\n    rewriteURL = new URL(req.url);\n  }\n\n  // rewrite() case, set auth result only if origin remains the same\n  const rewriteURLHeader = res.headers.get(constants.NextHeaders.NextRewrite);\n\n  if (rewriteURLHeader) {\n    const reqURL = new URL(req.url);\n    rewriteURL = new URL(rewriteURLHeader);\n\n    // if the origin has changed, return early\n    if (rewriteURL.origin !== reqURL.origin) {\n      return res;\n    }\n  }\n\n  if (rewriteURL) {\n    setRequestHeadersOnNextResponse(res, req, {\n      [constants.Headers.AuthToken]: token || '',\n      [constants.Headers.AuthSignature]: token\n        ? createTokenSignature(token, secretKey)\n        : '',\n    });\n    const origin = rewriteURL?.origin;\n    const pathName = rewriteURL?.pathname;\n\n    res.headers.set(\n      constants.NextHeaders.NextRewrite,\n      `${origin}${pathName || ''}`\n    );\n  }\n  return res;\n}\n\nexport const buildRequestLike = () => {\n  try {\n    // Dynamically import next/headers, otherwise Next12 apps will break\n    // because next/headers was introduced in next@13\n    // eslint-disable-next-line @typescript-eslint/no-var-requires\n    const { headers } = require('next/headers');\n    return new NextRequest('https://placeholder.com', { headers: headers() });\n  } catch (e: any) {\n    if (\n      e &&\n      'message' in e &&\n      typeof e.message === 'string' &&\n      (e.message.toLowerCase().includes('Dynamic server usage'.toLowerCase()) ||\n        e.message\n          .toLowerCase()\n          .includes(\n            'This page needs to bail out of prerendering'.toLowerCase()\n          ))\n    ) {\n      throw e;\n    }\n\n    throw new Error(\n      `CabinID: auth() and currentUser() are only supported in App Router (/app directory).\\nIf you're using /pages, try getAuth() instead.\\nOriginal error: ${e}`\n    );\n  }\n};\n\nexport function getCustomAttributeFromRequest(\n  req: RequestLike,\n  key: string\n): string | null | undefined {\n  // @ts-expect-error - TS doesn't like indexing into RequestLike\n  return key in req ? req[key] : undefined;\n}\n\nexport function getAuthKeyFromRequest(\n  req: RequestLike,\n  key: keyof typeof constants.Attributes\n): string | null | undefined {\n  return (\n    getCustomAttributeFromRequest(req, constants.Attributes[key]) ||\n    getHeader(req, constants.Headers[key])\n  );\n}\n\nexport function getHeader(\n  req: RequestLike,\n  name: string\n): string | null | undefined {\n  if (isNextRequest(req)) {\n    return req.headers.get(name);\n  }\n\n  // If no header has been determined for IncomingMessage case, check if available within private `socket` headers\n  // When deployed to vercel, req.headers for API routes is a `IncomingHttpHeaders` key-val object which does not follow\n  // the Headers spec so the name is no longer case-insensitive.\n  return (\n    req.headers[name] ||\n    req.headers[name.toLowerCase()] ||\n    (req.socket as any)?._httpMessage?.getHeader(name)\n  );\n}\n\nfunction isNextRequest(val: unknown): val is NextRequest {\n  try {\n    const { headers, nextUrl, cookies } = (val || {}) as NextRequest;\n    return (\n      typeof headers?.get === 'function' &&\n      typeof nextUrl?.searchParams.get === 'function' &&\n      typeof cookies?.get === 'function'\n    );\n  } catch (e) {\n    return false;\n  }\n}\n\nexport function getCookie(req: RequestLike, name: string): string | undefined {\n  if (isNextRequest(req)) {\n    // Nextjs broke semver in the 13.0.0 -> 13.0.1 release, so even though\n    // this should be RequestCookie in all updated apps. In order to support apps\n    // using v13.0.0 still, we explicitly add the string type\n    // https://github.com/vercel/next.js/pull/41526\n    const reqCookieOrString = req.cookies.get(name) as\n      | ReturnType<NextRequest['cookies']['get']>\n      | string\n      | undefined;\n    if (!reqCookieOrString) {\n      return undefined;\n    }\n    return typeof reqCookieOrString === 'string'\n      ? reqCookieOrString\n      : reqCookieOrString.value;\n  }\n  return req.cookies[name];\n}\n"],"mappings":"AAAA,SAAS,cAAc,mBAAmB;AAC1C,SAAS,iBAAiB;AAInB,SAAS,UAAU,KAAa,SAA8B;AACnE,MAAI,CAAC,KAAK;AACR,YAAQ;AAAA,EACV;AAEA,SAAO;AACT;AAEO,MAAM,sCAAsC,MAAM;AACvD,SAAO,aAAa,KAAK,MAAM,EAAE,QAAQ,KAAK,YAAY,eAAe,CAAC;AAC5E;AAEO,MAAM,kBAAkB,CAAC,QAAsB;AACpD,SAAO,aAAa,SAAS,KAAK;AAAA,IAChC,SAAS,EAAE,CAAC,UAAU,QAAQ,iBAAiB,GAAG,OAAO;AAAA,EAC3D,CAAC;AACH;AAEA,MAAM,mBAAmB;AACzB,MAAM,2BAA2B;AAE1B,MAAM,kCAAkC,CAC7C,KACA,KACA,eACG;AACH,MAAI,CAAC,IAAI,QAAQ,IAAI,gBAAgB,GAAG;AAItC,QAAI,QAAQ,IAAI,kBAAkB,CAAC,GAAG,IAAI,QAAQ,KAAK,CAAC,CAAC;AACzD,QAAI,QAAQ,QAAQ,CAAC,KAAK,QAAQ;AAChC,UAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,IAC3D,CAAC;AAAA,EACH;AAGA,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,GAAG,MAAM;AACjD,QAAI,QAAQ;AAAA,MACV;AAAA,MACA,GAAG,IAAI,QAAQ,IAAI,gBAAgB,CAAC,IAAI,GAAG;AAAA,IAC7C;AACA,QAAI,QAAQ,IAAI,GAAG,wBAAwB,IAAI,GAAG,IAAI,GAAG;AAAA,EAC3D,CAAC;AACH;AAKA,SAAS,qBAAqB,OAAe,KAAqB;AAChE,SAAO,GAAG,KAAK,GAAG,GAAG;AACvB;AAKO,SAAS,gBACd,KACA,KACA,cACA,WACU;AACV,QAAM,EAAE,MAAM,IAAI;AAGlB,MAAI,CAAC,KAAK;AACR,UAAM,aAAa,KAAK;AAAA,EAC1B;AAGA,MAAI,IAAI,QAAQ,IAAI,UAAU,YAAY,YAAY,GAAG;AACvD,WAAO;AAAA,EACT;AAEA,MAAI;AAGJ,MAAI,IAAI,QAAQ,IAAI,UAAU,YAAY,UAAU,MAAM,KAAK;AAC7D,QAAI,QAAQ,OAAO,UAAU,YAAY,UAAU;AACnD,iBAAa,IAAI,IAAI,IAAI,GAAG;AAAA,EAC9B;AAGA,QAAM,mBAAmB,IAAI,QAAQ,IAAI,UAAU,YAAY,WAAW;AAE1E,MAAI,kBAAkB;AACpB,UAAM,SAAS,IAAI,IAAI,IAAI,GAAG;AAC9B,iBAAa,IAAI,IAAI,gBAAgB;AAGrC,QAAI,WAAW,WAAW,OAAO,QAAQ;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI,YAAY;AACd,oCAAgC,KAAK,KAAK;AAAA,MACxC,CAAC,UAAU,QAAQ,SAAS,GAAG,SAAS;AAAA,MACxC,CAAC,UAAU,QAAQ,aAAa,GAAG,QAC/B,qBAAqB,OAAO,SAAS,IACrC;AAAA,IACN,CAAC;AACD,UAAM,SAAS,yCAAY;AAC3B,UAAM,WAAW,yCAAY;AAE7B,QAAI,QAAQ;AAAA,MACV,UAAU,YAAY;AAAA,MACtB,GAAG,MAAM,GAAG,YAAY,EAAE;AAAA,IAC5B;AAAA,EACF;AACA,SAAO;AACT;AAEO,MAAM,mBAAmB,MAAM;AACpC,MAAI;AAIF,UAAM,EAAE,QAAQ,IAAI,QAAQ,cAAc;AAC1C,WAAO,IAAI,YAAY,2BAA2B,EAAE,SAAS,QAAQ,EAAE,CAAC;AAAA,EAC1E,SAAS,GAAQ;AACf,QACE,KACA,aAAa,KACb,OAAO,EAAE,YAAY,aACpB,EAAE,QAAQ,YAAY,EAAE,SAAS,uBAAuB,YAAY,CAAC,KACpE,EAAE,QACC,YAAY,EACZ;AAAA,MACC,8CAA8C,YAAY;AAAA,IAC5D,IACJ;AACA,YAAM;AAAA,IACR;AAEA,UAAM,IAAI;AAAA,MACR;AAAA;AAAA,kBAAyJ,CAAC;AAAA,IAC5J;AAAA,EACF;AACF;AAEO,SAAS,8BACd,KACA,KAC2B;AAE3B,SAAO,OAAO,MAAM,IAAI,GAAG,IAAI;AACjC;AAEO,SAAS,sBACd,KACA,KAC2B;AAC3B,SACE,8BAA8B,KAAK,UAAU,WAAW,GAAG,CAAC,KAC5D,UAAU,KAAK,UAAU,QAAQ,GAAG,CAAC;AAEzC;AAEO,SAAS,UACd,KACA,MAC2B;AAvK7B;AAwKE,MAAI,cAAc,GAAG,GAAG;AACtB,WAAO,IAAI,QAAQ,IAAI,IAAI;AAAA,EAC7B;AAKA,SACE,IAAI,QAAQ,IAAI,KAChB,IAAI,QAAQ,KAAK,YAAY,CAAC,OAC7B,eAAI,WAAJ,mBAAoB,iBAApB,mBAAkC,UAAU;AAEjD;AAEA,SAAS,cAAc,KAAkC;AACvD,MAAI;AACF,UAAM,EAAE,SAAS,SAAS,QAAQ,IAAK,OAAO,CAAC;AAC/C,WACE,QAAO,mCAAS,SAAQ,cACxB,QAAO,mCAAS,aAAa,SAAQ,cACrC,QAAO,mCAAS,SAAQ;AAAA,EAE5B,SAAS,GAAG;AACV,WAAO;AAAA,EACT;AACF;AAEO,SAAS,UAAU,KAAkB,MAAkC;AAC5E,MAAI,cAAc,GAAG,GAAG;AAKtB,UAAM,oBAAoB,IAAI,QAAQ,IAAI,IAAI;AAI9C,QAAI,CAAC,mBAAmB;AACtB,aAAO;AAAA,IACT;AACA,WAAO,OAAO,sBAAsB,WAChC,oBACA,kBAAkB;AAAA,EACxB;AACA,SAAO,IAAI,QAAQ,IAAI;AACzB;","names":[]}

package/dist/esm/styles/global.css

@@ -331,8 +331,36 @@ video {
   --tw-contain-paint: ;
   --tw-contain-style: ;
 }
-.static {
-  position: static;
+.container {
+  width: 100%;
+}
+@media (min-width: 640px) {
+  .container {
+    max-width: 640px;
+  }
+}
+@media (min-width: 768px) {
+  .container {
+    max-width: 768px;
+  }
+}
+@media (min-width: 1024px) {
+  .container {
+    max-width: 1024px;
+  }
+}
+@media (min-width: 1280px) {
+  .container {
+    max-width: 1280px;
+  }
+}
+@media (min-width: 1536px) {
+  .container {
+    max-width: 1536px;
+  }
+}
+.fixed {
+  position: fixed;
 }
 .absolute {
   position: absolute;