npm - @civic/auth - Versions diffs - 0.0.1-beta.1 → 0.0.1-beta.11 - Mend

@civic/auth 0.0.1-beta.1 → 0.0.1-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/README.md +26 -0
package/dist/chunk-CRTRMMJ7.js +59 -0
package/dist/chunk-CRTRMMJ7.js.map +1 -0
package/dist/chunk-EAANLFR5.mjs +148 -0
package/dist/chunk-EAANLFR5.mjs.map +1 -0
package/dist/chunk-EGFTMH5S.mjs +214 -0
package/dist/chunk-EGFTMH5S.mjs.map +1 -0
package/dist/chunk-KCSGIIPA.js +214 -0
package/dist/chunk-KCSGIIPA.js.map +1 -0
package/dist/chunk-MVO4UZ2A.js +148 -0
package/dist/chunk-MVO4UZ2A.js.map +1 -0
package/dist/chunk-PMDIR5XE.mjs +502 -0
package/dist/chunk-PMDIR5XE.mjs.map +1 -0
package/dist/chunk-RGHW4PYM.mjs +59 -0
package/dist/chunk-RGHW4PYM.mjs.map +1 -0
package/dist/chunk-YNLXRD5L.js +502 -0
package/dist/chunk-YNLXRD5L.js.map +1 -0
package/dist/{index-DFVNodC9.d.mts → index-Bfi0hVMZ.d.mts} +5 -13
package/dist/{index-DFVNodC9.d.ts → index-Bfi0hVMZ.d.ts} +5 -13
package/dist/index.css +63 -63
package/dist/index.css.map +1 -1
package/dist/index.d.mts +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +1 -19
package/dist/index.js.map +1 -1
package/dist/index.mjs +1 -1
package/dist/nextjs.d.mts +22 -37
package/dist/nextjs.d.ts +22 -37
package/dist/nextjs.js +166 -848
package/dist/nextjs.js.map +1 -1
package/dist/nextjs.mjs +162 -805
package/dist/nextjs.mjs.map +1 -1
package/dist/react.d.mts +42 -58
package/dist/react.d.ts +42 -58
package/dist/react.js +668 -1103
package/dist/react.js.map +1 -1
package/dist/react.mjs +608 -1005
package/dist/react.mjs.map +1 -1
package/dist/server.d.mts +56 -0
package/dist/server.d.ts +56 -0
package/dist/server.js +20 -0
package/dist/server.js.map +1 -0
package/dist/server.mjs +20 -0
package/dist/server.mjs.map +1 -0
package/package.json +28 -18

package/dist/chunk-KCSGIIPA.js ADDED Viewed

@@ -0,0 +1,214 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+var _chunkYNLXRD5Ljs = require('./chunk-YNLXRD5L.js');
+var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
+// src/shared/storage.ts
+var DEFAULT_COOKIE_DURATION = 60 * 15;
+var CookieStorage = class {
+  constructor(settings = {}) {
+    var _a, _b, _c, _d, _e;
+    this.settings = {
+      httpOnly: (_a = settings.httpOnly) != null ? _a : true,
+      secure: (_b = settings.secure) != null ? _b : true,
+      // the callback request comes the auth server
+      // 'lax' ensures the code_verifier cookie is sent with the request
+      sameSite: (_c = settings.sameSite) != null ? _c : "lax",
+      expires: (_d = settings.expires) != null ? _d : new Date(Date.now() + 1e3 * DEFAULT_COOKIE_DURATION),
+      path: (_e = settings.path) != null ? _e : "/"
+    };
+  }
+};
+// src/server/ServerAuthenticationResolver.ts
+var _oauth2 = require('oslo/oauth2');
+var ServerAuthenticationResolver = class _ServerAuthenticationResolver {
+  constructor(authConfig, storage, endpointOverrides) {
+    this.authConfig = authConfig;
+    this.storage = storage;
+    this.endpointOverrides = endpointOverrides;
+    this.pkceProducer = new (0, _chunkYNLXRD5Ljs.GenericPublicClientPKCEProducer)(storage);
+  }
+  validateExistingSession() {
+    throw new Error("Method not implemented.");
+  }
+  init() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      this.endpoints = yield _chunkYNLXRD5Ljs.getEndpointsWithOverrides.call(void 0,
+        this.authConfig.oauthServer,
+        this.endpointOverrides
+      );
+      this.oauth2client = new (0, _oauth2.OAuth2Client)(
+        this.authConfig.clientId,
+        this.endpoints.auth,
+        this.endpoints.token,
+        {
+          redirectURI: this.authConfig.redirectUrl
+        }
+      );
+      return this;
+    });
+  }
+  tokenExchange(code, state) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      if (!this.oauth2client) yield this.init();
+      const codeVerifier = yield this.pkceProducer.getCodeVerifier();
+      if (!codeVerifier) throw new Error("Code verifier not found in storage");
+      const tokens = yield _chunkYNLXRD5Ljs.exchangeTokens.call(void 0,
+        code,
+        state,
+        this.pkceProducer,
+        this.oauth2client,
+        // clean up types here to avoid the ! operator
+        this.authConfig.oauthServer,
+        this.endpoints
+        // clean up types here to avoid the ! operator
+      );
+      _chunkYNLXRD5Ljs.storeTokens.call(void 0, this.storage, tokens);
+      return tokens;
+    });
+  }
+  getSessionData() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const storageData = _chunkYNLXRD5Ljs.retrieveTokens.call(void 0, this.storage);
+      if (!storageData) return null;
+      return {
+        authenticated: !!storageData.id_token,
+        idToken: storageData.id_token,
+        accessToken: storageData.access_token,
+        refreshToken: storageData.refresh_token
+      };
+    });
+  }
+  static build(authConfig, storage, endpointOverrides) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const resolver = new _ServerAuthenticationResolver(
+        authConfig,
+        storage,
+        endpointOverrides
+      );
+      yield resolver.init();
+      return resolver;
+    });
+  }
+};
+// src/server/login.ts
+function resolveOAuthAccessCode(code, state, storage, config) {
+  return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+    var _a;
+    const authSessionService = yield ServerAuthenticationResolver.build(
+      _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
+        oauthServer: (_a = config.oauthServer) != null ? _a : _chunkYNLXRD5Ljs.AUTH_SERVER
+      }),
+      storage,
+      config.endpointOverrides
+    );
+    return authSessionService.tokenExchange(code, state);
+  });
+}
+function isLoggedIn(storage) {
+  return !!storage.get("id_token");
+}
+function buildLoginUrl(config, storage) {
+  return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+    var _a, _b, _c;
+    const state = (_a = config.state) != null ? _a : Math.random().toString(36).substring(2);
+    const scopes = (_b = config.scopes) != null ? _b : _chunkYNLXRD5Ljs.DEFAULT_SCOPES;
+    const pkceProducer = new (0, _chunkYNLXRD5Ljs.GenericPublicClientPKCEProducer)(storage);
+    const authInitiator = new (0, _chunkYNLXRD5Ljs.GenericAuthenticationInitiator)(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
+      state,
+      scopes,
+      oauthServer: (_c = config.oauthServer) != null ? _c : _chunkYNLXRD5Ljs.AUTH_SERVER,
+      // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session
+      pkceConsumer: pkceProducer
+    }));
+    return authInitiator.signIn();
+  });
+}
+// src/shared/GenericAuthenticationRefresher.ts
+var GenericAuthenticationRefresher = class _GenericAuthenticationRefresher {
+  constructor(authConfig, storage, endpointOverrides) {
+    this.authConfig = authConfig;
+    this.storage = storage;
+    this.endpointOverrides = endpointOverrides;
+  }
+  init() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      this.endpoints = yield _chunkYNLXRD5Ljs.getEndpointsWithOverrides.call(void 0,
+        this.authConfig.oauthServer,
+        this.endpointOverrides
+      );
+      this.oauth2client = new (0, _oauth2.OAuth2Client)(
+        this.authConfig.clientId,
+        this.endpoints.auth,
+        this.endpoints.token,
+        {
+          redirectURI: this.authConfig.redirectUrl
+        }
+      );
+      return this;
+    });
+  }
+  static build(authConfig, storage, endpointOverrides) {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      const refresher = new _GenericAuthenticationRefresher(
+        authConfig,
+        storage,
+        endpointOverrides
+      );
+      yield refresher.init();
+      return refresher;
+    });
+  }
+  refreshTokens() {
+    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+      if (!this.oauth2client) yield this.init();
+      const tokens = _chunkYNLXRD5Ljs.retrieveTokens.call(void 0, this.storage);
+      if (!(tokens == null ? void 0 : tokens.refresh_token)) throw new Error("No refresh token available");
+      const oauth2Client = this.oauth2client;
+      const refreshedTokens = yield oauth2Client.refreshAccessToken(
+        tokens.refresh_token
+      );
+      _chunkYNLXRD5Ljs.storeTokens.call(void 0, this.storage, refreshedTokens);
+      return tokens;
+    });
+  }
+};
+// src/server/refresh.ts
+function refreshTokens(storage, config) {
+  return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
+    var _a;
+    const refresher = yield GenericAuthenticationRefresher.build(
+      _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
+        oauthServer: (_a = config.oauthServer) != null ? _a : _chunkYNLXRD5Ljs.AUTH_SERVER
+      }),
+      storage,
+      config.endpointOverrides
+    );
+    return refresher.refreshTokens();
+  });
+}
+exports.CookieStorage = CookieStorage; exports.resolveOAuthAccessCode = resolveOAuthAccessCode; exports.isLoggedIn = isLoggedIn; exports.buildLoginUrl = buildLoginUrl; exports.refreshTokens = refreshTokens;
+//# sourceMappingURL=chunk-KCSGIIPA.js.map

package/dist/chunk-KCSGIIPA.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["/Users/patrick/Code/civic-auth/packages/civic-auth-client/dist/chunk-KCSGIIPA.js","../src/shared/storage.ts","../src/server/ServerAuthenticationResolver.ts","../src/server/login.ts","../src/shared/GenericAuthenticationRefresher.ts","../src/server/refresh.ts"],"names":["OAuth2Client"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACIO,IAAM,wBAAA,EAA0B,GAAA,EAAK,EAAA;AAErC,IAAe,cAAA,EAAf,MAAoD;AAAA,EAE/C,WAAA,CAAY,SAAA,EAA2C,CAAC,CAAA,EAAG;AAxBvE,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAyBI,IAAA,IAAA,CAAK,SAAA,EAAW;AAAA,MACd,QAAA,EAAA,CAAU,GAAA,EAAA,QAAA,CAAS,QAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAqB,IAAA;AAAA,MAC/B,MAAA,EAAA,CAAQ,GAAA,EAAA,QAAA,CAAS,MAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAmB,IAAA;AAAA;AAAA;AAAA,MAG3B,QAAA,EAAA,CAAU,GAAA,EAAA,QAAA,CAAS,QAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAqB,KAAA;AAAA,MAC/B,OAAA,EAAA,CACE,GAAA,EAAA,QAAA,CAAS,OAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EACA,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,EAAA,EAAI,IAAA,EAAO,uBAAuB,CAAA;AAAA,MACtD,IAAA,EAAA,CAAM,GAAA,EAAA,QAAA,CAAS,IAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAiB;AAAA,IACzB,CAAA;AAAA,EACF;AAGF,CAAA;ADPA;AACA;AEhCA,qCAA6B;AAgBtB,IAAM,6BAAA,EAAN,MAAM,8BAA+D;AAAA,EAKlE,WAAA,CACG,UAAA,EACA,OAAA,EACA,iBAAA,EACT;AAHS,IAAA,IAAA,CAAA,WAAA,EAAA,UAAA;AACA,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AACA,IAAA,IAAA,CAAA,kBAAA,EAAA,iBAAA;AAET,IAAA,IAAA,CAAK,aAAA,EAAe,IAAI,qDAAA,CAAgC,OAAO,CAAA;AAAA,EACjE;AAAA,EACA,uBAAA,CAAA,EAAgD;AAC9C,IAAA,MAAM,IAAI,KAAA,CAAM,yBAAyB,CAAA;AAAA,EAC3C;AAAA,EAEM,IAAA,CAAA,EAAsB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAE1B,MAAA,IAAA,CAAK,UAAA,EAAY,MAAM,wDAAA;AAAA,QACrB,IAAA,CAAK,UAAA,CAAW,WAAA;AAAA,QAChB,IAAA,CAAK;AAAA,MACP,CAAA;AACA,MAAA,IAAA,CAAK,aAAA,EAAe,IAAI,yBAAA;AAAA,QACtB,IAAA,CAAK,UAAA,CAAW,QAAA;AAAA,QAChB,IAAA,CAAK,SAAA,CAAU,IAAA;AAAA,QACf,IAAA,CAAK,SAAA,CAAU,KAAA;AAAA,QACf;AAAA,UACE,WAAA,EAAa,IAAA,CAAK,UAAA,CAAW;AAAA,QAC/B;AAAA,MACF,CAAA;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,aAAA,CACJ,IAAA,EACA,KAAA,EACgC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAChC,MAAA,GAAA,CAAI,CAAC,IAAA,CAAK,YAAA,EAAc,MAAM,IAAA,CAAK,IAAA,CAAK,CAAA;AACxC,MAAA,MAAM,aAAA,EAAe,MAAM,IAAA,CAAK,YAAA,CAAa,eAAA,CAAgB,CAAA;AAC7D,MAAA,GAAA,CAAI,CAAC,YAAA,EAAc,MAAM,IAAI,KAAA,CAAM,oCAAoC,CAAA;AAGvE,MAAA,MAAM,OAAA,EAAS,MAAM,6CAAA;AAAA,QACnB,IAAA;AAAA,QACA,KAAA;AAAA,QACA,IAAA,CAAK,YAAA;AAAA,QACL,IAAA,CAAK,YAAA;AAAA;AAAA,QACL,IAAA,CAAK,UAAA,CAAW,WAAA;AAAA,QAChB,IAAA,CAAK;AAAA;AAAA,MACP,CAAA;AAEA,MAAA,0CAAA,IAAY,CAAK,OAAA,EAAS,MAAM,CAAA;AAEhC,MAAA,OAAO,MAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,cAAA,CAAA,EAA8C;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAClD,MAAA,MAAM,YAAA,EAAc,6CAAA,IAAe,CAAK,OAAO,CAAA;AAE/C,MAAA,GAAA,CAAI,CAAC,WAAA,EAAa,OAAO,IAAA;AAEzB,MAAA,OAAO;AAAA,QACL,aAAA,EAAe,CAAC,CAAC,WAAA,CAAY,QAAA;AAAA,QAC7B,OAAA,EAAS,WAAA,CAAY,QAAA;AAAA,QACrB,WAAA,EAAa,WAAA,CAAY,YAAA;AAAA,QACzB,YAAA,EAAc,WAAA,CAAY;AAAA,MAC5B,CAAA;AAAA,IACF,CAAA,CAAA;AAAA,EAAA;AAAA,EAEA,OAAa,KAAA,CACX,UAAA,EACA,OAAA,EACA,iBAAA,EACiC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACjC,MAAA,MAAM,SAAA,EAAW,IAAI,6BAAA;AAAA,QACnB,UAAA;AAAA,QACA,OAAA;AAAA,QACA;AAAA,MACF,CAAA;AACA,MAAA,MAAM,QAAA,CAAS,IAAA,CAAK,CAAA;AAEpB,MAAA,OAAO,QAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AFIA;AACA;AG7FA,SAAsB,sBAAA,CACpB,IAAA,EACA,KAAA,EACA,OAAA,EACA,MAAA,EACgC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAlBlC,IAAA,IAAA,EAAA;AAmBE,IAAA,MAAM,mBAAA,EAAqB,MAAM,4BAAA,CAA6B,KAAA;AAAA,MAC5D,4CAAA,6CAAA,CAAA,CAAA,EACK,MAAA,CAAA,EADL;AAAA,QAEE,WAAA,EAAA,CAAa,GAAA,EAAA,MAAA,CAAO,WAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAsB;AAAA,MACrC,CAAA,CAAA;AAAA,MACA,OAAA;AAAA,MACA,MAAA,CAAO;AAAA,IACT,CAAA;AAEA,IAAA,OAAO,kBAAA,CAAmB,aAAA,CAAc,IAAA,EAAM,KAAK,CAAA;AAAA,EACrD,CAAA,CAAA;AAAA;AAEO,SAAS,UAAA,CAAW,OAAA,EAA+B;AACxD,EAAA,OAAO,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AACjC;AAEA,SAAsB,aAAA,CACpB,MAAA,EAKA,OAAA,EACc;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AA1ChB,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA4CE,IAAA,MAAM,MAAA,EAAA,CAAQ,GAAA,EAAA,MAAA,CAAO,KAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAgB,IAAA,CAAK,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAA,CAAU,CAAC,CAAA;AACpE,IAAA,MAAM,OAAA,EAAA,CAAS,GAAA,EAAA,MAAA,CAAO,MAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAiB,+BAAA;AAChC,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,OAAO,CAAA;AAChE,IAAA,MAAM,cAAA,EAAgB,IAAI,oDAAA,CAA+B,4CAAA,6CAAA,CAAA,CAAA,EACpD,MAAA,CAAA,EADoD;AAAA,MAEvD,KAAA;AAAA,MACA,MAAA;AAAA,MACA,WAAA,EAAA,CAAa,GAAA,EAAA,MAAA,CAAO,WAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAsB,4BAAA;AAAA;AAAA,MAEnC,YAAA,EAAc;AAAA,IAChB,CAAA,CAAC,CAAA;AAED,IAAA,OAAO,aAAA,CAAc,MAAA,CAAO,CAAA;AAAA,EAC9B,CAAA,CAAA;AAAA;AHkFA;AACA;AIpIA;AAEO,IAAM,+BAAA,EAAN,MAAM,gCAAkE;AAAA,EAIrE,WAAA,CACE,UAAA,EACA,OAAA,EACA,iBAAA,EACR;AAHQ,IAAA,IAAA,CAAA,WAAA,EAAA,UAAA;AACA,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AACA,IAAA,IAAA,CAAA,kBAAA,EAAA,iBAAA;AAAA,EACP;AAAA,EAEG,IAAA,CAAA,EAAsB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAE1B,MAAA,IAAA,CAAK,UAAA,EAAY,MAAM,wDAAA;AAAA,QACrB,IAAA,CAAK,UAAA,CAAW,WAAA;AAAA,QAChB,IAAA,CAAK;AAAA,MACP,CAAA;AACA,MAAA,IAAA,CAAK,aAAA,EAAe,IAAIA,yBAAAA;AAAA,QACtB,IAAA,CAAK,UAAA,CAAW,QAAA;AAAA,QAChB,IAAA,CAAK,SAAA,CAAU,IAAA;AAAA,QACf,IAAA,CAAK,SAAA,CAAU,KAAA;AAAA,QACf;AAAA,UACE,WAAA,EAAa,IAAA,CAAK,UAAA,CAAW;AAAA,QAC/B;AAAA,MACF,CAAA;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AAAA,EAEA,OAAa,KAAA,CACX,UAAA,EACA,OAAA,EACA,iBAAA,EACyC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACzC,MAAA,MAAM,UAAA,EAAY,IAAI,+BAAA;AAAA,QACpB,UAAA;AAAA,QACA,OAAA;AAAA,QACA;AAAA,MACF,CAAA;AACA,MAAA,MAAM,SAAA,CAAU,IAAA,CAAK,CAAA;AAErB,MAAA,OAAO,SAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,aAAA,CAAA,EAAgB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACpB,MAAA,GAAA,CAAI,CAAC,IAAA,CAAK,YAAA,EAAc,MAAM,IAAA,CAAK,IAAA,CAAK,CAAA;AAExC,MAAA,MAAM,OAAA,EAAS,6CAAA,IAAe,CAAK,OAAO,CAAA;AAC1C,MAAA,GAAA,CAAI,CAAA,CAAC,OAAA,GAAA,KAAA,EAAA,KAAA,EAAA,EAAA,MAAA,CAAQ,aAAA,CAAA,EAAe,MAAM,IAAI,KAAA,CAAM,4BAA4B,CAAA;AAExE,MAAA,MAAM,aAAA,EAAe,IAAA,CAAK,YAAA;AAC1B,MAAA,MAAM,gBAAA,EACJ,MAAM,YAAA,CAAa,kBAAA;AAAA,QACjB,MAAA,CAAO;AAAA,MACT,CAAA;AAEF,MAAA,0CAAA,IAAY,CAAK,OAAA,EAAS,eAAe,CAAA;AAEzC,MAAA,OAAO,MAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AJyHA;AACA;AKvLA,SAAsB,aAAA,CACpB,OAAA,EACA,MAAA,EACgC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAXlC,IAAA,IAAA,EAAA;AAYE,IAAA,MAAM,UAAA,EAAY,MAAM,8BAAA,CAA+B,KAAA;AAAA,MACrD,4CAAA,6CAAA,CAAA,CAAA,EACK,MAAA,CAAA,EADL;AAAA,QAEE,WAAA,EAAA,CAAa,GAAA,EAAA,MAAA,CAAO,WAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAsB;AAAA,MACrC,CAAA,CAAA;AAAA,MACA,OAAA;AAAA,MACA,MAAA,CAAO;AAAA,IACT,CAAA;AAEA,IAAA,OAAO,SAAA,CAAU,aAAA,CAAc,CAAA;AAAA,EACjC,CAAA,CAAA;AAAA;ALuLA;AACA;AACE;AACA;AACA;AACA;AACA;AACF,8MAAC","file":"/Users/patrick/Code/civic-auth/packages/civic-auth-client/dist/chunk-KCSGIIPA.js","sourcesContent":[null,"import { AuthStorage, SessionData, UnknownObject, User } from \"@/types.js\";\n\ntype SameSiteOption = \"strict\" | \"lax\" | \"none\";\n\nexport interface SessionStorage {\n get(): SessionData;\n getUser(): User<UnknownObject> | null;\n set(data: Partial<SessionData>): void;\n setUser(data: User<UnknownObject> | null): void;\n clear(): void;\n}\n\nexport type CookieStorageSettings = {\n httpOnly: boolean;\n secure: boolean;\n sameSite: SameSiteOption;\n expires: Date;\n path: string;\n};\n\nexport const DEFAULT_COOKIE_DURATION = 60 * 15; // 15 minutes\n\nexport abstract class CookieStorage implements AuthStorage {\n protected settings: CookieStorageSettings;\n protected constructor(settings: Partial<CookieStorageSettings> = {}) {\n this.settings = {\n httpOnly: settings.httpOnly ?? true,\n secure: settings.secure ?? true,\n // the callback request comes the auth server\n // 'lax' ensures the code_verifier cookie is sent with the request\n sameSite: settings.sameSite ?? \"lax\",\n expires:\n settings.expires ??\n new Date(Date.now() + 1000 * DEFAULT_COOKIE_DURATION),\n path: settings.path ?? \"/\",\n };\n }\n abstract get(key: string): string | null;\n abstract set(key: string, value: string): void;\n}\n","import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport {\n AuthStorage,\n Endpoints,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport { AuthConfig } from \"@/server/config.js\";\nimport {\n exchangeTokens,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n} from \"@/shared/util.js\";\nimport { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n private pkceProducer: PKCEProducer;\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n private constructor(\n readonly authConfig: AuthConfig,\n readonly storage: AuthStorage,\n readonly endpointOverrides?: Partial<Endpoints>,\n ) {\n this.pkceProducer = new GenericPublicClientPKCEProducer(storage);\n }\n validateExistingSession(): Promise<SessionData> {\n throw new Error(\"Method not implemented.\");\n }\n\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.authConfig.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.authConfig.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n\n storeTokens(this.storage, tokens);\n\n return tokens;\n }\n\n async getSessionData(): Promise<SessionData | null> {\n const storageData = retrieveTokens(this.storage);\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n };\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationResolver> {\n const resolver = new ServerAuthenticationResolver(\n authConfig,\n storage,\n endpointOverrides,\n );\n await resolver.init();\n\n return resolver;\n }\n}\n","import { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\nimport { AuthConfig } from \"@/server/config.ts\";\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n code: string,\n state: string,\n storage: AuthStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const authSessionService = await ServerAuthenticationResolver.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return authSessionService.tokenExchange(code, state);\n}\n\nexport function isLoggedIn(storage: AuthStorage): boolean {\n return !!storage.get(\"id_token\");\n}\n\nexport async function buildLoginUrl(\n config: Pick<AuthConfig, \"oauthServer\" | \"clientId\" | \"redirectUrl\"> & {\n scopes?: string[];\n state?: string;\n nonce?: string;\n },\n storage: AuthStorage,\n): Promise<URL> {\n // generate a random state if not provided\n const state = config.state ?? Math.random().toString(36).substring(2);\n const scopes = config.scopes ?? DEFAULT_SCOPES;\n const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n const authInitiator = new GenericAuthenticationInitiator({\n ...config,\n state,\n scopes,\n oauthServer: config.oauthServer ?? AUTH_SERVER,\n // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n pkceConsumer: pkceProducer,\n });\n\n return authInitiator.signIn();\n}\n","import { AuthenticationRefresher } from \"@/services/types.ts\";\nimport { AuthStorage, Endpoints, OIDCTokenResponseBody } from \"@/types\";\nimport {\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n} from \"@/shared/util.ts\";\nimport { AuthConfig } from \"@/server/config.ts\";\nimport { OAuth2Client } from \"oslo/oauth2\";\n\nexport class GenericAuthenticationRefresher implements AuthenticationRefresher {\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n private constructor(\n private authConfig: AuthConfig,\n private storage: AuthStorage,\n private endpointOverrides?: Partial<Endpoints>,\n ) {}\n\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.authConfig.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<GenericAuthenticationRefresher> {\n const refresher = new GenericAuthenticationRefresher(\n authConfig,\n storage,\n endpointOverrides,\n );\n await refresher.init();\n\n return refresher;\n }\n\n async refreshTokens() {\n if (!this.oauth2client) await this.init();\n\n const tokens = retrieveTokens(this.storage);\n if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n\n const oauth2Client = this.oauth2client!;\n const refreshedTokens =\n await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n tokens.refresh_token,\n );\n\n storeTokens(this.storage, refreshedTokens);\n\n return tokens;\n }\n}\n","import { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\nimport { AUTH_SERVER } from \"@/constants.js\";\nimport { GenericAuthenticationRefresher } from \"@/shared/GenericAuthenticationRefresher.ts\";\nimport { AuthConfig } from \"@/server/config.ts\";\n\n/**\n * Refresh the current set of OIDC tokens\n */\nexport async function refreshTokens(\n storage: AuthStorage,\n config: AuthConfig,\n): Promise<OIDCTokenResponseBody> {\n const refresher = await GenericAuthenticationRefresher.build(\n {\n ...config,\n oauthServer: config.oauthServer ?? AUTH_SERVER,\n },\n storage,\n config.endpointOverrides,\n );\n\n return refresher.refreshTokens();\n}\n"]}

package/dist/chunk-MVO4UZ2A.js ADDED Viewed

@@ -0,0 +1,148 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
+var _chunkYNLXRD5Ljs = require('./chunk-YNLXRD5L.js');
+var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
+// src/lib/logger.ts
+var _debug = require('debug'); var _debug2 = _interopRequireDefault(_debug);
+var PACKAGE_NAME = "@civic/auth";
+var DebugLogger = class {
+  constructor(namespace) {
+    this.debugLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:debug`);
+    this.infoLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:info`);
+    this.warnLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:warn`);
+    this.errorLogger = _debug2.default.call(void 0, `${PACKAGE_NAME}:${namespace}:error`);
+    this.debugLogger.color = "4";
+    this.infoLogger.color = "2";
+    this.warnLogger.color = "3";
+    this.errorLogger.color = "1";
+  }
+  debug(message, ...args) {
+    this.debugLogger(message, ...args);
+  }
+  info(message, ...args) {
+    this.infoLogger(message, ...args);
+  }
+  warn(message, ...args) {
+    this.warnLogger(message, ...args);
+  }
+  error(message, ...args) {
+    this.errorLogger(message, ...args);
+  }
+};
+var createLogger = (namespace) => new DebugLogger(namespace);
+var loggers = {
+  // Next.js specific loggers
+  nextjs: {
+    routes: createLogger("api:routes"),
+    middleware: createLogger("api:middleware"),
+    handlers: {
+      auth: createLogger("api:handlers:auth")
+    }
+  },
+  // React specific loggers
+  react: {
+    components: createLogger("react:components"),
+    hooks: createLogger("react:hooks"),
+    context: createLogger("react:context")
+  },
+  // Shared utilities loggers
+  services: {
+    validation: createLogger("utils:validation"),
+    network: createLogger("utils:network")
+  }
+};
+// src/nextjs/config.ts
+var logger = loggers.nextjs.handlers.auth;
+var defaultAuthConfig = {
+  oauthServer: "https://auth-dev.civic.com/oauth",
+  callbackUrl: "/api/auth/callback",
+  challengeUrl: "/api/auth/challenge",
+  logoutUrl: "/api/auth/logout",
+  loginUrl: "/",
+  include: ["/*"],
+  exclude: [],
+  cookies: {
+    tokens: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    },
+    user: {
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60
+      // 1 hour
+    }
+  }
+};
+var resolveAuthConfig = (config = {}) => {
+  var _a, _b, _c, _d;
+  const configFromEnv = _chunkYNLXRD5Ljs.withoutUndefined.call(void 0, {
+    clientId: process.env._civic_auth_client_id,
+    oauthServer: process.env._civic_oauth_server,
+    callbackUrl: process.env._civic_auth_callback_url,
+    challengeUrl: process.env._civic_auth_challenge_url,
+    loginUrl: process.env._civic_auth_login_url,
+    appUrl: process.env._civic_auth_app_url,
+    logoutUrl: process.env._civic_auth_logout_url,
+    include: (_a = process.env._civic_auth_includes) == null ? void 0 : _a.split(","),
+    exclude: (_b = process.env._civic_auth_excludes) == null ? void 0 : _b.split(","),
+    cookies: process.env._civic_auth_cookie_config ? JSON.parse(process.env._civic_auth_cookie_config) : void 0
+  });
+  const mergedConfig = _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig), configFromEnv), config), {
+    // Override with directly passed config
+    cookies: {
+      tokens: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.tokens), ((_c = config.cookies) == null ? void 0 : _c.tokens) || {}),
+      user: _chunkCRTRMMJ7js.__spreadValues.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, defaultAuthConfig.cookies.user), ((_d = config.cookies) == null ? void 0 : _d.user) || {})
+    }
+  });
+  logger.debug("Config from environment:", configFromEnv);
+  logger.debug("Resolved config:", mergedConfig);
+  if (mergedConfig.clientId === void 0) {
+    throw new Error("Civic Auth client ID is required");
+  }
+  return mergedConfig;
+};
+var createCivicAuthPlugin = (clientId, authConfig = {}) => {
+  return (nextConfig) => {
+    const resolvedConfig = resolveAuthConfig(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, authConfig), { clientId }));
+    return _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, nextConfig), {
+      env: _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, nextConfig == null ? void 0 : nextConfig.env), {
+        // Internal environment variables - do not set these manually
+        _civic_auth_client_id: clientId,
+        _civic_oauth_server: resolvedConfig.oauthServer,
+        _civic_auth_callback_url: resolvedConfig.callbackUrl,
+        _civic_auth_challenge_url: resolvedConfig.challengeUrl,
+        _civic_auth_login_url: resolvedConfig.loginUrl,
+        _civic_auth_logout_url: resolvedConfig.logoutUrl,
+        _civic_auth_app_url: resolvedConfig.appUrl,
+        _civic_auth_includes: resolvedConfig.include.join(","),
+        _civic_auth_excludes: resolvedConfig.exclude.join(","),
+        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies)
+      })
+    });
+  };
+};
+// src/nextjs/utils.ts
+var resolveCallbackUrl = (config, alternativeUrl) => {
+  var _a;
+  const baseUrl = (_a = config.appUrl) != null ? _a : alternativeUrl;
+  const callbackUrl = new URL(config == null ? void 0 : config.callbackUrl, baseUrl).toString();
+  return callbackUrl.toString();
+};
+exports.loggers = loggers; exports.defaultAuthConfig = defaultAuthConfig; exports.resolveAuthConfig = resolveAuthConfig; exports.createCivicAuthPlugin = createCivicAuthPlugin; exports.resolveCallbackUrl = resolveCallbackUrl;
+//# sourceMappingURL=chunk-MVO4UZ2A.js.map

package/dist/chunk-MVO4UZ2A.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["/Users/patrick/Code/civic-auth/packages/civic-auth-client/dist/chunk-MVO4UZ2A.js","../src/lib/logger.ts","../src/nextjs/config.ts","../src/nextjs/utils.ts"],"names":[],"mappings":"AAAA;AACE;AACF,sDAA4B;AAC5B;AACE;AACA;AACF,sDAA4B;AAC5B;AACA;ACRA,4EAAkB;AAElB,IAAM,aAAA,EAAe,aAAA;AASrB,IAAM,YAAA,EAAN,MAAoC;AAAA,EAMlC,WAAA,CAAY,SAAA,EAAmB;AAE7B,IAAA,IAAA,CAAK,YAAA,EAAc,6BAAA,CAAM,EAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAEA,IAAA;AACD,IAAA;AACA,IAAA;AACC,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEgD,EAAA;AACrB,IAAA;AAC3B,EAAA;AAEiD,EAAA;AACrB,IAAA;AAC5B,EAAA;AACF;AAE6B;AAIN;AAAA;AAEb,EAAA;AACe,IAAA;AACI,IAAA;AACf,IAAA;AACW,MAAA;AACrB,IAAA;AACF,EAAA;AAAA;AAEO,EAAA;AACoB,IAAA;AACL,IAAA;AACE,IAAA;AACxB,EAAA;AAAA;AAEU,EAAA;AACiB,IAAA;AACH,IAAA;AACxB,EAAA;AACF;ADd8B;AACA;AErDA;AAiC6C;AAC5D,EAAA;AACA,EAAA;AACC,EAAA;AACH,EAAA;AACD,EAAA;AACI,EAAA;AACJ,EAAA;AACD,EAAA;AACC,IAAA;AACI,MAAA;AACJ,MAAA;AACO,MAAA;AAAA;AACf,IAAA;AACM,IAAA;AACM,MAAA;AACJ,MAAA;AACO,MAAA;AAAA;AACf,IAAA;AACF,EAAA;AACF;AAoBE;AA9EF,EAAA;AAiFwB,EAAA;AACE,IAAA;AACG,IAAA;AACA,IAAA;AACC,IAAA;AACJ,IAAA;AACF,IAAA;AACG,IAAA;AACN,IAAA;AACA,IAAA;AACI,IAAA;AAGtB,EAAA;AAEoB,EAAA;AAAA;AAIV,IAAA;AACC,MAAA;AAIF,MAAA;AAIR,IAAA;AACF,EAAA;AAEa,EAAA;AACA,EAAA;AACI,EAAA;AACC,IAAA;AAClB,EAAA;AACO,EAAA;AACT;AA0BE;AAGoC,EAAA;AACX,IAAA;AAChB,IAAA;AAEA,MAAA;AAAA;AAGH,QAAA;AACqB,QAAA;AACrB,QAAA;AACA,QAAA;AACA,QAAA;AACA,QAAA;AACqB,QAAA;AACC,QAAA;AACA,QAAA;AACtB,QAAA;AACF,MAAA;AACF,IAAA;AACF,EAAA;AACF;AFpC8B;AACA;AGjI5B;AAHF,EAAA;AAMkB,EAAA;AACY,EAAA;AACA,EAAA;AAC9B;AHkI8B;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/patrick/Code/civic-auth/packages/civic-auth-client/dist/chunk-MVO4UZ2A.js","sourcesContent":[null,"import debug from \"debug\";\n\nconst PACKAGE_NAME = \"@civic/auth\";\n\nexport interface Logger {\n debug(message: string, ...args: unknown[]): void;\n info(message: string, ...args: unknown[]): void;\n warn(message: string, ...args: unknown[]): void;\n error(message: string, ...args: unknown[]): void;\n}\n\nclass DebugLogger implements Logger {\n private debugLogger: debug.Debugger;\n private infoLogger: debug.Debugger;\n private warnLogger: debug.Debugger;\n private errorLogger: debug.Debugger;\n\n constructor(namespace: string) {\n // Format: @org/package:library:component:level\n this.debugLogger = debug(`${PACKAGE_NAME}:${namespace}:debug`);\n this.infoLogger = debug(`${PACKAGE_NAME}:${namespace}:info`);\n this.warnLogger = debug(`${PACKAGE_NAME}:${namespace}:warn`);\n this.errorLogger = debug(`${PACKAGE_NAME}:${namespace}:error`);\n\n this.debugLogger.color = \"4\";\n this.infoLogger.color = \"2\";\n this.warnLogger.color = \"3\";\n this.errorLogger.color = \"1\";\n }\n\n debug(message: string, ...args: unknown[]): void {\n this.debugLogger(message, ...args);\n }\n\n info(message: string, ...args: unknown[]): void {\n this.infoLogger(message, ...args);\n }\n\n warn(message: string, ...args: unknown[]): void {\n this.warnLogger(message, ...args);\n }\n\n error(message: string, ...args: unknown[]): void {\n this.errorLogger(message, ...args);\n }\n}\n\nexport const createLogger = (namespace: string): Logger =>\n new DebugLogger(namespace);\n\n// Pre-configured loggers for different parts of your package\nexport const loggers = {\n // Next.js specific loggers\n nextjs: {\n routes: createLogger(\"api:routes\"),\n middleware: createLogger(\"api:middleware\"),\n handlers: {\n auth: createLogger(\"api:handlers:auth\"),\n },\n },\n // React specific loggers\n react: {\n components: createLogger(\"react:components\"),\n hooks: createLogger(\"react:hooks\"),\n context: createLogger(\"react:context\"),\n },\n // Shared utilities loggers\n services: {\n validation: createLogger(\"utils:validation\"),\n network: createLogger(\"utils:network\"),\n },\n} as const;\n","/* eslint-disable turbo/no-undeclared-env-vars */\nimport { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger\";\nimport { withoutUndefined } from \"@/utils\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport interface CookieConfig {\n secure?: boolean;\n sameSite?: \"strict\" | \"lax\" | \"none\";\n domain?: string;\n path?: string;\n maxAge?: number;\n}\n\nexport type AuthConfigWithDefaults = {\n clientId: string;\n oauthServer: string;\n callbackUrl: string;\n loginUrl: string;\n logoutUrl: string;\n appUrl?: string;\n challengeUrl: string;\n include: string[];\n exclude: string[];\n cookies: {\n tokens: CookieConfig;\n user: CookieConfig;\n };\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n oauthServer: \"https://auth-dev.civic.com/oauth\",\n callbackUrl: \"/api/auth/callback\",\n challengeUrl: \"/api/auth/challenge\",\n logoutUrl: \"/api/auth/logout\",\n loginUrl: \"/\",\n include: [\"/*\"],\n exclude: [],\n cookies: {\n tokens: {\n sameSite: \"strict\",\n path: \"/\",\n maxAge: 60 * 60, // 1 hour\n },\n user: {\n sameSite: \"strict\",\n path: \"/\",\n maxAge: 60 * 60, // 1 hour\n },\n },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n config: AuthConfig = {},\n): AuthConfigWithDefaults & { clientId: string } => {\n // Read configuration that was set by the plugin via environment variables\n const configFromEnv = withoutUndefined({\n clientId: process.env._civic_auth_client_id,\n oauthServer: process.env._civic_oauth_server,\n callbackUrl: process.env._civic_auth_callback_url,\n challengeUrl: process.env._civic_auth_challenge_url,\n loginUrl: process.env._civic_auth_login_url,\n appUrl: process.env._civic_auth_app_url,\n logoutUrl: process.env._civic_auth_logout_url,\n include: process.env._civic_auth_includes?.split(\",\"),\n exclude: process.env._civic_auth_excludes?.split(\",\"),\n cookies: process.env._civic_auth_cookie_config\n ? JSON.parse(process.env._civic_auth_cookie_config)\n : undefined,\n });\n\n const mergedConfig = {\n ...defaultAuthConfig,\n ...configFromEnv, // Apply plugin-set config\n ...config, // Override with directly passed config\n cookies: {\n tokens: {\n ...defaultAuthConfig.cookies.tokens,\n ...(config.cookies?.tokens || {}),\n },\n user: {\n ...defaultAuthConfig.cookies.user,\n ...(config.cookies?.user || {}),\n },\n },\n };\n\n logger.debug(\"Config from environment:\", configFromEnv);\n logger.debug(\"Resolved config:\", mergedConfig);\n if (mergedConfig.clientId === undefined) {\n throw new Error(\"Civic Auth client ID is required\");\n }\n return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n * clientId: 'my-client-id',\n * callbackUrl: '/custom/callback',\n * loginUrl: '/custom/login',\n * logoutUrl: '/custom/logout',\n * include: ['/protected/*'],\n * exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n clientId: string,\n authConfig: AuthConfig = {},\n) => {\n return (nextConfig?: NextConfig) => {\n const resolvedConfig = resolveAuthConfig({ ...authConfig, clientId });\n return {\n ...nextConfig,\n env: {\n ...nextConfig?.env,\n // Internal environment variables - do not set these manually\n _civic_auth_client_id: clientId,\n _civic_oauth_server: resolvedConfig.oauthServer,\n _civic_auth_callback_url: resolvedConfig.callbackUrl,\n _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n _civic_auth_login_url: resolvedConfig.loginUrl,\n _civic_auth_logout_url: resolvedConfig.logoutUrl,\n _civic_auth_app_url: resolvedConfig.appUrl,\n _civic_auth_includes: resolvedConfig.include.join(\",\"),\n _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n },\n };\n };\n};\n","import { AuthConfigWithDefaults } from \"@/nextjs/config\";\n\nexport const resolveCallbackUrl = (\n config: AuthConfigWithDefaults,\n alternativeUrl?: string,\n): string => {\n const baseUrl = config.appUrl ?? alternativeUrl;\n const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();\n return callbackUrl.toString();\n};\n"]}