@civic/auth 0.0.1-beta.13 → 0.0.1-beta.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/{chunk-JDAC5G7D.mjs → chunk-3Q3CWGPG.mjs} +2 -2
  2. package/dist/{chunk-UAG3M4QY.mjs → chunk-EDLPS3AK.mjs} +1 -1
  3. package/dist/chunk-EDLPS3AK.mjs.map +1 -0
  4. package/dist/{chunk-FX7N4B7D.js → chunk-F2CKPLXX.js} +1 -1
  5. package/dist/chunk-F2CKPLXX.js.map +1 -0
  6. package/dist/{chunk-3U45EDU3.js → chunk-F55XKBNM.js} +7 -7
  7. package/dist/{chunk-3U45EDU3.js.map → chunk-F55XKBNM.js.map} +1 -1
  8. package/dist/nextjs.js +25 -25
  9. package/dist/nextjs.js.map +1 -1
  10. package/dist/nextjs.mjs +5 -5
  11. package/dist/nextjs.mjs.map +1 -1
  12. package/dist/react.js +33 -30
  13. package/dist/react.js.map +1 -1
  14. package/dist/react.mjs +9 -6
  15. package/dist/react.mjs.map +1 -1
  16. package/dist/server.js +2 -2
  17. package/dist/server.mjs +1 -1
  18. package/package.json +1 -1
  19. package/dist/chunk-FX7N4B7D.js.map +0 -1
  20. package/dist/chunk-UAG3M4QY.mjs.map +0 -1
  21. /package/dist/{chunk-JDAC5G7D.mjs.map → chunk-3Q3CWGPG.mjs.map} +0 -0
package/dist/nextjs.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["/Users/kevincolgan/code/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"names":["getUser","NextResponse","response"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACfO,IAAMA,SAAAA,EAAU,CAAA,EAAA,GAAmB;AAR1C,EAAA,IAAA,EAAA;AASE,EAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,MAAM,OAAA,EAAS,6CAAA,aAA4B,CAAA;AAC3C,EAAA,MAAM,KAAA,EAAO,WAAA,CAAY,GAAA,CAAI,CAAA;AAC7B,EAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,MAAA,EAAQ,OAAO,IAAA;AAE7B,EAAA,OAAO,4CAAA,6CAAA,CAAA,CAAA,EACF,IAAA,CAAA,EADE;AAAA,IAEL,OAAA,EAAS,MAAA,CAAO,QAAA;AAAA,IAChB,WAAA,EAAa,MAAA,CAAO,YAAA;AAAA,IACpB,YAAA,EAAA,CAAc,GAAA,EAAA,MAAA,CAAO,aAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAwB;AAAA,EACxC,CAAA,CAAA;AACF,CAAA;ADgBA;AACA;AEjBA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAG3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,QAAA,EAAU;AAChE,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AF3DA;AACA;AGnGA;AACA,wCAA+B;AAc/B,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CAAA,EAAyC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtD,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,aAAa,CAAA;AAEtE,IAAA,MAAM,UAAA,EAAY,MAAM,YAAA,CAAa,gBAAA,CAAiB,CAAA;AAEtD,IAAA,OAAOC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,EAC3D,CAAA,CAAA;AAAA;AAEA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACvB,IAAA,MAAM,cAAA,EAAgB,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,eAAe,CAAA;AAGtE,IAAA,GAAA,CAAI,CAAC,aAAA,EAAe;AAClB,MAAA,MAAMC,UAAAA,EAAW,IAAID,2BAAAA,CAAa,CAAA,aAAA,CAAe,CAAA;AACjD,MAAAC,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAC/D,MAAA,OAAOA,SAAAA;AAAA,IACT;AACA,IAAA,MAAM,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACpD,IAAA,MAAM,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AACtD,IAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,KAAA,EAAO,MAAM,IAAI,SAAA,CAAU,gBAAA,EAAkB,GAAG,CAAA;AAE9D,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAE9C,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,YAAA,EAAc,iDAAA,eAAmB,EAAiB,OAAA,CAAQ,GAAG,CAAA;AAEnE,IAAA,IAAI;AACF,MAAA,MAAM,qDAAA,IAAuB,EAAM,KAAA,EAAO,aAAA,EAAe,4CAAA,6CAAA,CAAA,CAAA,EACpD,eAAA,CAAA,EADoD;AAAA,QAEvD,WAAA,EAAa;AAAA,MACf,CAAA,CAAC,CAAA;AAAA,IACH,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,KAAA,CAAM,wBAAA,EAA0B,KAAK,CAAA;AAC5C,MAAA,MAAM,IAAI,SAAA,CAAU,6BAAA,EAA+B,GAAG,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,KAAA,EAAO,MAAM,sCAAA,aAAqB,CAAA;AACxC,IAAA,GAAA,CAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA,CAAU,yBAAA,EAA2B,GAAG,CAAA;AAAA,IACpD;AAEA,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,IAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAKpB,IAAA,MAAM,SAAA,EAAW,IAAID,2BAAAA,CAAa,CAAA,aAAA,CAAe,CAAA;AACjD,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAC/D,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAQA,IAAM,wBAAA,EAA0B,CAC9B,YAAA,EACA,eAAA,EAAA,GACG;AAEH,EAAA,GAAA,CAAI,yBAAA,CAA0B,IAAA,CAAK,YAAY,CAAA,EAAG;AAChD,IAAA,OAAO,YAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,eAAe,CAAA,CAAE,IAAA;AAChD,CAAA;AAEA,SAAe,YAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AA7GzB,IAAA,IAAA,EAAA;AA8GE,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,oBAAA,EAAA,CAAsB,GAAA,EAAA,eAAA,CAAgB,QAAA,EAAA,GAAhB,KAAA,EAAA,GAAA,EAA4B,GAAA;AACxD,IAAA,MAAM,eAAA,EACJ,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,YAAA,CAAa,GAAA,CAAI,UAAU,EAAA,GAAK,mBAAA;AACvD,IAAA,MAAM,mBAAA,EAAqB,yBAAA,CAA0B,IAAA,CAAK,cAAc,CAAA;AACxE,IAAA,MAAM,iBAAA,EAAmB,uBAAA;AAAA,MACvB,cAAA;AAAA,MACA,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE;AAAA,IACvB,CAAA;AAEA,IAAA,MAAM,SAAA,EAAWA,sBAAAA,CAAa,QAAA,CAAS,gBAAgB,CAAA;AAEvD,IAAA,+CAAA,CAAiB;AAEjB,IAAA,IAAI;AACF,MAAA,qCAAA,mBAAe,EAAqB,iBAAA,EAAmB,cAAc,CAAA;AAAA,IACvE,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,IAAA,CAAK,yCAAA,EAA2C,KAAK,CAAA;AAAA,IAC9D;AAEA,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAcO,IAAM,QAAA,EACX,CAAC,WAAA,EAAa,CAAC,CAAA,EAAA,GACf,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,OAAA,EAAS,gDAAA,UAA4B,CAAA;AAE3C,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,QAAA;AACjC,IAAA,MAAM,aAAA,EAAe,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AACvC,IAAA,MAAM,YAAA,EAAc,YAAA,CAAa,YAAA,CAAa,OAAA,EAAS,CAAC,CAAA;AAExD,IAAA,OAAA,CAAQ,WAAA,EAAa;AAAA,MACnB,KAAK,WAAA;AACH,QAAA,OAAO,MAAM,eAAA,CAAgB,CAAA;AAAA,MAC/B,KAAK,UAAA;AACH,QAAA,OAAO,MAAM,cAAA,CAAe,OAAA,EAAS,MAAM,CAAA;AAAA,MAC7C,KAAK,QAAA;AACH,QAAA,OAAO,MAAM,YAAA,CAAa,OAAA,EAAS,MAAM,CAAA;AAAA,MAC3C,OAAA;AACE,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,oBAAA,EAAuB,QAAQ,CAAA,CAAA;AACvD,IAAA;AACc,EAAA;AAC2B,IAAA;AAES,IAAA;AAEjB,IAAA;AAEsB,IAAA;AAEtC,IAAA;AACV,IAAA;AACT,EAAA;AACF;AH2B0D;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/kevincolgan/code/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { retrieveTokens } from \"@/shared/util\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n const tokens = retrieveTokens(clientStorage);\n const user = userSession.get();\n if (!user || !tokens) return null;\n\n return {\n ...user!,\n idToken: tokens.id_token,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? \"\",\n } as User;\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const tokenExchange = request.nextUrl.searchParams.get(\"tokenExchange\");\n // if the client hasn't request token exchange, return an empty HTML response\n // the next call should include the tokenExchange query parameter from the same-domain\n if (!tokenExchange) {\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n }\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const cookieStorage = new NextjsCookieStorage();\n\n const resolvedConfigs = resolveAuthConfig(config);\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"]}
1
+ {"version":3,"sources":["/Users/kevincolgan/code/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"names":["getUser","NextResponse","response"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACfO,IAAMA,SAAAA,EAAU,CAAA,EAAA,GAAmB;AAR1C,EAAA,IAAA,EAAA;AASE,EAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,MAAM,OAAA,EAAS,6CAAA,aAA4B,CAAA;AAC3C,EAAA,MAAM,KAAA,EAAO,WAAA,CAAY,GAAA,CAAI,CAAA;AAC7B,EAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,MAAA,EAAQ,OAAO,IAAA;AAE7B,EAAA,OAAO,4CAAA,6CAAA,CAAA,CAAA,EACF,IAAA,CAAA,EADE;AAAA,IAEL,OAAA,EAAS,MAAA,CAAO,QAAA;AAAA,IAChB,WAAA,EAAa,MAAA,CAAO,YAAA;AAAA,IACpB,YAAA,EAAA,CAAc,GAAA,EAAA,MAAA,CAAO,aAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAwB;AAAA,EACxC,CAAA,CAAA;AACF,CAAA;ADgBA;AACA;AEjBA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAG3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,QAAA,EAAU;AAChE,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AF3DA;AACA;AGnGA;AACA,wCAA+B;AAc/B,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CAAA,EAAyC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtD,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,aAAa,CAAA;AAEtE,IAAA,MAAM,UAAA,EAAY,MAAM,YAAA,CAAa,gBAAA,CAAiB,CAAA;AAEtD,IAAA,OAAOC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,EAC3D,CAAA,CAAA;AAAA;AAEA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAMvB,IAAA,GAAA,CAAI,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA,EAAG;AACzC,MAAA,MAAMC,UAAAA,EAAW,IAAID,2BAAAA,CAAa,CAAA,0FAAA,CAA4F,CAAA;AAC9H,MAAAC,SAAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAC/D,MAAA,OAAA,CAAQ,GAAA,CAAI,uFAAuF,CAAA;AACnG,MAAA,OAAOA,SAAAA;AAAA,IACT;AACA,IAAA,MAAM,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACpD,IAAA,MAAM,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AACtD,IAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,KAAA,EAAO,MAAM,IAAI,SAAA,CAAU,gBAAA,EAAkB,GAAG,CAAA;AAE9D,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAE9C,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAEhD,IAAA,MAAM,YAAA,EAAc,iDAAA,eAAmB,EAAiB,OAAA,CAAQ,GAAG,CAAA;AACnE,IAAA,IAAI;AACF,MAAA,MAAM,qDAAA,IAAuB,EAAM,KAAA,EAAO,aAAA,EAAe,4CAAA,6CAAA,CAAA,CAAA,EACpD,eAAA,CAAA,EADoD;AAAA,QAEvD,WAAA,EAAa;AAAA,MACf,CAAA,CAAC,CAAA;AAAA,IACH,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,KAAA,CAAM,wBAAA,EAA0B,KAAK,CAAA;AAC5C,MAAA,MAAM,IAAI,SAAA,CAAU,6BAAA,EAA+B,GAAG,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,KAAA,EAAO,MAAM,sCAAA,aAAqB,CAAA;AACxC,IAAA,GAAA,CAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA,CAAU,yBAAA,EAA2B,GAAG,CAAA;AAAA,IACpD;AAEA,IAAA,MAAM,cAAA,EAAgB,IAAI,yCAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,IAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAKpB,IAAA,MAAM,SAAA,EAAW,IAAID,2BAAAA,CAAa,CAAA,aAAA,CAAe,CAAA;AACjD,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAC/D,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAQA,IAAM,wBAAA,EAA0B,CAC9B,YAAA,EACA,eAAA,EAAA,GACG;AAEH,EAAA,GAAA,CAAI,yBAAA,CAA0B,IAAA,CAAK,YAAY,CAAA,EAAG;AAChD,IAAA,OAAO,YAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,eAAe,CAAA,CAAE,IAAA;AAChD,CAAA;AAEA,SAAe,YAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAhHzB,IAAA,IAAA,EAAA;AAiHE,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,oBAAA,EAAA,CAAsB,GAAA,EAAA,eAAA,CAAgB,QAAA,EAAA,GAAhB,KAAA,EAAA,GAAA,EAA4B,GAAA;AACxD,IAAA,MAAM,eAAA,EACJ,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,YAAA,CAAa,GAAA,CAAI,UAAU,EAAA,GAAK,mBAAA;AACvD,IAAA,MAAM,mBAAA,EAAqB,yBAAA,CAA0B,IAAA,CAAK,cAAc,CAAA;AACxE,IAAA,MAAM,iBAAA,EAAmB,uBAAA;AAAA,MACvB,cAAA;AAAA,MACA,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE;AAAA,IACvB,CAAA;AAEA,IAAA,MAAM,SAAA,EAAWA,sBAAAA,CAAa,QAAA,CAAS,gBAAgB,CAAA;AAEvD,IAAA,+CAAA,CAAiB;AAEjB,IAAA,IAAI;AACF,MAAA,qCAAA,mBAAe,EAAqB,iBAAA,EAAmB,cAAc,CAAA;AAAA,IACvE,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,IAAA,CAAK,yCAAA,EAA2C,KAAK,CAAA;AAAA,IAC9D;AAEA,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAcO,IAAM,QAAA,EACX,CAAC,WAAA,EAAa,CAAC,CAAA,EAAA,GACf,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,OAAA,EAAS,gDAAA,UAA4B,CAAA;AAE3C,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,QAAA;AACjC,IAAA,MAAM,aAAA,EAAe,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AACvC,IAAA,MAAM,YAAA,EAAc,YAAA,CAAa,YAAA,CAAa,OAAA,EAAS,CAAC,CAAA;AAExD,IAAA,OAAA,CAAQ,WAAA,EAAa;AAAA,MACnB,KAAK,WAAA;AACH,QAAA,OAAO,MAAM,eAAA,CAAgB,CAAA;AAAA,MAC/B,KAAK,UAAA;AACH,QAAA,OAAO,MAAM,cAAA,CAAe,OAAA,EAAS,MAAM,CAAA;AAAA,MAC7C,KAAK,QAAA;AACH,QAAA,OAAO,MAAM,YAAA,CAAa,OAAA,EAAS,MAAM,CAAA;AAAA,MAC3C,OAAA;AACE,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,oBAAA,EAAuB,QAAQ,CAAA,CAAA;AACvD,IAAA;AACc,EAAA;AAC2B,IAAA;AAES,IAAA;AAEjB,IAAA;AAEsB,IAAA;AAEtC,IAAA;AACV,IAAA;AACT,EAAA;AACF;AHwB0D;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/kevincolgan/code/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { retrieveTokens } from \"@/shared/util\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n const tokens = retrieveTokens(clientStorage);\n const user = userSession.get();\n if (!user || !tokens) return null;\n\n return {\n ...user!,\n idToken: tokens.id_token,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? \"\",\n } as User;\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n\n // If we have a code_verifier cookie, we can do a token exchange.\n // Otherwise, just render an empty page.\n // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n if (!request.cookies.get(\"code_verifier\")) {\n const response = new NextResponse(`<html><body><span style=\"display:none\">sameDomainCodeExchangeRequired</span></body></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n console.log('handleCallback no code_verifier found, returning sameDomainCodeExchangeRequired: true');\n return response;\n }\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const cookieStorage = new NextjsCookieStorage();\n\n const resolvedConfigs = resolveAuthConfig(config);\n\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"]}
package/dist/nextjs.mjs CHANGED
@@ -7,14 +7,14 @@ import {
7
7
  loggers,
8
8
  resolveAuthConfig,
9
9
  resolveCallbackUrl
10
- } from "./chunk-JDAC5G7D.mjs";
10
+ } from "./chunk-3Q3CWGPG.mjs";
11
11
  import {
12
12
  GenericPublicClientPKCEProducer,
13
13
  GenericUserSession,
14
14
  getUser,
15
15
  resolveOAuthAccessCode,
16
16
  retrieveTokens
17
- } from "./chunk-UAG3M4QY.mjs";
17
+ } from "./chunk-EDLPS3AK.mjs";
18
18
  import {
19
19
  __async,
20
20
  __spreadProps,
@@ -118,10 +118,10 @@ function handleChallenge() {
118
118
  }
119
119
  function handleCallback(request, config) {
120
120
  return __async(this, null, function* () {
121
- const tokenExchange = request.nextUrl.searchParams.get("tokenExchange");
122
- if (!tokenExchange) {
123
- const response2 = new NextResponse2(`<html></html>`);
121
+ if (!request.cookies.get("code_verifier")) {
122
+ const response2 = new NextResponse2(`<html><body><span style="display:none">sameDomainCodeExchangeRequired</span></body></html>`);
124
123
  response2.headers.set("Content-Type", "text/html; charset=utf-8");
124
+ console.log("handleCallback no code_verifier found, returning sameDomainCodeExchangeRequired: true");
125
125
  return response2;
126
126
  }
127
127
  const code = request.nextUrl.searchParams.get("code");
package/dist/nextjs.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"sourcesContent":["/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { retrieveTokens } from \"@/shared/util\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n const tokens = retrieveTokens(clientStorage);\n const user = userSession.get();\n if (!user || !tokens) return null;\n\n return {\n ...user!,\n idToken: tokens.id_token,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? \"\",\n } as User;\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const tokenExchange = request.nextUrl.searchParams.get(\"tokenExchange\");\n // if the client hasn't request token exchange, return an empty HTML response\n // the next call should include the tokenExchange query parameter from the same-domain\n if (!tokenExchange) {\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n }\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const cookieStorage = new NextjsCookieStorage();\n\n const resolvedConfigs = resolveAuthConfig(config);\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAQO,IAAMA,WAAU,MAAmB;AAR1C;AASE,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,QAAM,SAAS,eAAe,aAAa;AAC3C,QAAM,OAAO,YAAY,IAAI;AAC7B,MAAI,CAAC,QAAQ,CAAC,OAAQ,QAAO;AAE7B,SAAO,iCACF,OADE;AAAA,IAEL,SAAS,OAAO;AAAA,IAChB,aAAa,OAAO;AAAA,IACpB,eAAc,YAAO,kBAAP,YAAwB;AAAA,EACxC;AACF;;;ACAA,SAAsB,oBAAoB;AAC1C,OAAO,eAAe;AAgBtB,IAAM,YAAY,CAAC,UAAkB,gBAAwB;AAC3D,QAAM,UAAU,UAAU,WAAW;AACrC,SAAO,QAAQ,QAAQ;AACzB;AAOA,IAAM,eAAe,CAAC,UAAkB,aACtC,SAAS,KAAK,CAAC,YAAY;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,UAAQ,IAAI,YAAY;AAAA,IACtB;AAAA,IACA;AAAA,IACA,OAAO,UAAU,UAAU,OAAO;AAAA,EACpC,CAAC;AACD,SAAO,UAAU,UAAU,OAAO;AACpC,CAAC;AAGH,IAAM,YAAY,CAChB,YACA,YACsC;AACtC,QAAM,yBAAyB,kBAAkB,UAAU;AAG3D,QAAM,kBAAkB,CAAC,CAAC,QAAQ,QAAQ,IAAI,UAAU;AAGxD,MAAI,QAAQ,QAAQ,aAAa,uBAAuB,UAAU;AAChE,YAAQ,IAAI,oDAA+C;AAC3D,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC3E,YAAQ,IAAI,2DAAsD;AAClE,WAAO;AAAA,EACT;AAEA,MAAI,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC1E,YAAQ,IAAI,uDAAkD;AAC9D,WAAO;AAAA,EACT;AAGA,MAAI,CAAC,iBAAiB;AACpB,YAAQ,IAAI,oDAA+C;AAC3D,UAAM,WAAW,IAAI,IAAI,uBAAuB,UAAU,QAAQ,GAAG;AACrE,WAAO,aAAa,SAAS,QAAQ;AAAA,EACvC;AAEA,UAAQ,IAAI,0BAAqB;AACjC,SAAO;AACT;AAUO,IAAM,iBACX,CAAC,aAAa,sBACd,CAAO,YAAgD;AACrD,QAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,MAAI,SAAU,QAAO;AAIrB,SAAO,aAAa,KAAK;AAC3B;AAWK,SAAS,SACd,YACiD;AACjD,SAAO,CAAO,YAAgD;AAC5D,UAAM,WAAW,MAAM,UAAU,CAAC,GAAG,OAAO;AAC5C,QAAI,SAAU,QAAO;AACrB,WAAO,WAAW,OAAO;AAAA,EAC3B;AACF;AAeO,SAAS,KAAK,aAAyB,CAAC,GAAG;AAChD,SAAO,CACL,eACsD;AACtD,WAAO,CAAO,YAAgD;AAC5D,YAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,UAAI,SAAU,QAAO;AACrB,aAAO,WAAW,OAAO;AAAA,IAC3B;AAAA,EACF;AACF;;;AC7JA,SAAsB,gBAAAC,qBAAoB;AAC1C,SAAS,sBAAsB;AAc/B,IAAM,SAAS,QAAQ,OAAO,SAAS;AAEvC,IAAM,YAAN,cAAwB,MAAM;AAAA,EAC5B,YACE,SACgB,SAAiB,KACjC;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOA,SAAe,kBAAyC;AAAA;AACtD,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,eAAe,IAAI,gCAAgC,aAAa;AAEtE,UAAM,YAAY,MAAM,aAAa,iBAAiB;AAEtD,WAAOC,cAAa,KAAK,EAAE,QAAQ,WAAW,UAAU,CAAC;AAAA,EAC3D;AAAA;AAEA,SAAe,eACb,SACA,QACuB;AAAA;AACvB,UAAM,gBAAgB,QAAQ,QAAQ,aAAa,IAAI,eAAe;AAGtE,QAAI,CAAC,eAAe;AAClB,YAAMC,YAAW,IAAID,cAAa,eAAe;AACjD,MAAAC,UAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,aAAOA;AAAA,IACT;AACA,UAAM,OAAO,QAAQ,QAAQ,aAAa,IAAI,MAAM;AACpD,UAAM,QAAQ,QAAQ,QAAQ,aAAa,IAAI,OAAO;AACtD,QAAI,CAAC,QAAQ,CAAC,MAAO,OAAM,IAAI,UAAU,kBAAkB,GAAG;AAE9D,UAAM,gBAAgB,IAAI,oBAAoB;AAE9C,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,cAAc,mBAAmB,iBAAiB,QAAQ,GAAG;AAEnE,QAAI;AACF,YAAM,uBAAuB,MAAM,OAAO,eAAe,iCACpD,kBADoD;AAAA,QAEvD,aAAa;AAAA,MACf,EAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,MAAM,0BAA0B,KAAK;AAC5C,YAAM,IAAI,UAAU,+BAA+B,GAAG;AAAA,IACxD;AAEA,UAAM,OAAO,MAAM,QAAQ,aAAa;AACxC,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,UAAU,2BAA2B,GAAG;AAAA,IACpD;AAEA,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,gBAAY,IAAI,IAAI;AAKpB,UAAM,WAAW,IAAID,cAAa,eAAe;AACjD,aAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,WAAO;AAAA,EACT;AAAA;AAQA,IAAM,0BAA0B,CAC9B,cACA,oBACG;AAEH,MAAI,0BAA0B,KAAK,YAAY,GAAG;AAChD,WAAO;AAAA,EACT;AACA,SAAO,IAAI,IAAI,cAAc,eAAe,EAAE;AAChD;AAEA,SAAe,aACb,SACA,QACuB;AAAA;AA7GzB;AA8GE,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,uBAAsB,qBAAgB,aAAhB,YAA4B;AACxD,UAAM,iBACJ,IAAI,IAAI,QAAQ,GAAG,EAAE,aAAa,IAAI,UAAU,KAAK;AACvD,UAAM,qBAAqB,0BAA0B,KAAK,cAAc;AACxE,UAAM,mBAAmB;AAAA,MACvB;AAAA,MACA,IAAI,IAAI,QAAQ,GAAG,EAAE;AAAA,IACvB;AAEA,UAAM,WAAWA,cAAa,SAAS,gBAAgB;AAEvD,qBAAiB;AAEjB,QAAI;AACF,qBAAe,qBAAqB,mBAAmB,cAAc;AAAA,IACvE,SAAS,OAAO;AACd,aAAO,KAAK,2CAA2C,KAAK;AAAA,IAC9D;AAEA,WAAO;AAAA,EACT;AAAA;AAcO,IAAM,UACX,CAAC,aAAa,CAAC,MACf,CAAO,YAAgD;AACrD,QAAM,SAAS,kBAAkB,UAAU;AAE3C,MAAI;AACF,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,eAAe,SAAS,MAAM,GAAG;AACvC,UAAM,cAAc,aAAa,aAAa,SAAS,CAAC;AAExD,YAAQ,aAAa;AAAA,MACnB,KAAK;AACH,eAAO,MAAM,gBAAgB;AAAA,MAC/B,KAAK;AACH,eAAO,MAAM,eAAe,SAAS,MAAM;AAAA,MAC7C,KAAK;AACH,eAAO,MAAM,aAAa,SAAS,MAAM;AAAA,MAC3C;AACE,cAAM,IAAI,UAAU,uBAAuB,QAAQ,IAAI,GAAG;AAAA,IAC9D;AAAA,EACF,SAAS,OAAO;AACd,WAAO,MAAM,uBAAuB,KAAK;AAEzC,UAAM,SAAS,iBAAiB,YAAY,MAAM,SAAS;AAC3D,UAAM,UACJ,iBAAiB,QAAQ,MAAM,UAAU;AAE3C,UAAM,WAAWA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,OAAO,CAAC;AAEjE,qBAAiB;AACjB,WAAO;AAAA,EACT;AACF;","names":["getUser","NextResponse","NextResponse","response"]}
1
+ {"version":3,"sources":["../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"sourcesContent":["/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\nimport { retrieveTokens } from \"@/shared/util\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n const tokens = retrieveTokens(clientStorage);\n const user = userSession.get();\n if (!user || !tokens) return null;\n\n return {\n ...user!,\n idToken: tokens.id_token,\n accessToken: tokens.access_token,\n refreshToken: tokens.refresh_token ?? \"\",\n } as User;\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n\n // If we have a code_verifier cookie, we can do a token exchange.\n // Otherwise, just render an empty page.\n // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n if (!request.cookies.get(\"code_verifier\")) {\n const response = new NextResponse(`<html><body><span style=\"display:none\">sameDomainCodeExchangeRequired</span></body></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n console.log('handleCallback no code_verifier found, returning sameDomainCodeExchangeRequired: true');\n return response;\n }\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const cookieStorage = new NextjsCookieStorage();\n\n const resolvedConfigs = resolveAuthConfig(config);\n\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAQO,IAAMA,WAAU,MAAmB;AAR1C;AASE,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,QAAM,SAAS,eAAe,aAAa;AAC3C,QAAM,OAAO,YAAY,IAAI;AAC7B,MAAI,CAAC,QAAQ,CAAC,OAAQ,QAAO;AAE7B,SAAO,iCACF,OADE;AAAA,IAEL,SAAS,OAAO;AAAA,IAChB,aAAa,OAAO;AAAA,IACpB,eAAc,YAAO,kBAAP,YAAwB;AAAA,EACxC;AACF;;;ACAA,SAAsB,oBAAoB;AAC1C,OAAO,eAAe;AAgBtB,IAAM,YAAY,CAAC,UAAkB,gBAAwB;AAC3D,QAAM,UAAU,UAAU,WAAW;AACrC,SAAO,QAAQ,QAAQ;AACzB;AAOA,IAAM,eAAe,CAAC,UAAkB,aACtC,SAAS,KAAK,CAAC,YAAY;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,UAAQ,IAAI,YAAY;AAAA,IACtB;AAAA,IACA;AAAA,IACA,OAAO,UAAU,UAAU,OAAO;AAAA,EACpC,CAAC;AACD,SAAO,UAAU,UAAU,OAAO;AACpC,CAAC;AAGH,IAAM,YAAY,CAChB,YACA,YACsC;AACtC,QAAM,yBAAyB,kBAAkB,UAAU;AAG3D,QAAM,kBAAkB,CAAC,CAAC,QAAQ,QAAQ,IAAI,UAAU;AAGxD,MAAI,QAAQ,QAAQ,aAAa,uBAAuB,UAAU;AAChE,YAAQ,IAAI,oDAA+C;AAC3D,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC3E,YAAQ,IAAI,2DAAsD;AAClE,WAAO;AAAA,EACT;AAEA,MAAI,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC1E,YAAQ,IAAI,uDAAkD;AAC9D,WAAO;AAAA,EACT;AAGA,MAAI,CAAC,iBAAiB;AACpB,YAAQ,IAAI,oDAA+C;AAC3D,UAAM,WAAW,IAAI,IAAI,uBAAuB,UAAU,QAAQ,GAAG;AACrE,WAAO,aAAa,SAAS,QAAQ;AAAA,EACvC;AAEA,UAAQ,IAAI,0BAAqB;AACjC,SAAO;AACT;AAUO,IAAM,iBACX,CAAC,aAAa,sBACd,CAAO,YAAgD;AACrD,QAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,MAAI,SAAU,QAAO;AAIrB,SAAO,aAAa,KAAK;AAC3B;AAWK,SAAS,SACd,YACiD;AACjD,SAAO,CAAO,YAAgD;AAC5D,UAAM,WAAW,MAAM,UAAU,CAAC,GAAG,OAAO;AAC5C,QAAI,SAAU,QAAO;AACrB,WAAO,WAAW,OAAO;AAAA,EAC3B;AACF;AAeO,SAAS,KAAK,aAAyB,CAAC,GAAG;AAChD,SAAO,CACL,eACsD;AACtD,WAAO,CAAO,YAAgD;AAC5D,YAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,UAAI,SAAU,QAAO;AACrB,aAAO,WAAW,OAAO;AAAA,IAC3B;AAAA,EACF;AACF;;;AC7JA,SAAsB,gBAAAC,qBAAoB;AAC1C,SAAS,sBAAsB;AAc/B,IAAM,SAAS,QAAQ,OAAO,SAAS;AAEvC,IAAM,YAAN,cAAwB,MAAM;AAAA,EAC5B,YACE,SACgB,SAAiB,KACjC;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOA,SAAe,kBAAyC;AAAA;AACtD,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,eAAe,IAAI,gCAAgC,aAAa;AAEtE,UAAM,YAAY,MAAM,aAAa,iBAAiB;AAEtD,WAAOC,cAAa,KAAK,EAAE,QAAQ,WAAW,UAAU,CAAC;AAAA,EAC3D;AAAA;AAEA,SAAe,eACb,SACA,QACuB;AAAA;AAMvB,QAAI,CAAC,QAAQ,QAAQ,IAAI,eAAe,GAAG;AACzC,YAAMC,YAAW,IAAID,cAAa,4FAA4F;AAC9H,MAAAC,UAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,cAAQ,IAAI,uFAAuF;AACnG,aAAOA;AAAA,IACT;AACA,UAAM,OAAO,QAAQ,QAAQ,aAAa,IAAI,MAAM;AACpD,UAAM,QAAQ,QAAQ,QAAQ,aAAa,IAAI,OAAO;AACtD,QAAI,CAAC,QAAQ,CAAC,MAAO,OAAM,IAAI,UAAU,kBAAkB,GAAG;AAE9D,UAAM,gBAAgB,IAAI,oBAAoB;AAE9C,UAAM,kBAAkB,kBAAkB,MAAM;AAEhD,UAAM,cAAc,mBAAmB,iBAAiB,QAAQ,GAAG;AACnE,QAAI;AACF,YAAM,uBAAuB,MAAM,OAAO,eAAe,iCACpD,kBADoD;AAAA,QAEvD,aAAa;AAAA,MACf,EAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,MAAM,0BAA0B,KAAK;AAC5C,YAAM,IAAI,UAAU,+BAA+B,GAAG;AAAA,IACxD;AAEA,UAAM,OAAO,MAAM,QAAQ,aAAa;AACxC,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,UAAU,2BAA2B,GAAG;AAAA,IACpD;AAEA,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,gBAAY,IAAI,IAAI;AAKpB,UAAM,WAAW,IAAID,cAAa,eAAe;AACjD,aAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,WAAO;AAAA,EACT;AAAA;AAQA,IAAM,0BAA0B,CAC9B,cACA,oBACG;AAEH,MAAI,0BAA0B,KAAK,YAAY,GAAG;AAChD,WAAO;AAAA,EACT;AACA,SAAO,IAAI,IAAI,cAAc,eAAe,EAAE;AAChD;AAEA,SAAe,aACb,SACA,QACuB;AAAA;AAhHzB;AAiHE,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,uBAAsB,qBAAgB,aAAhB,YAA4B;AACxD,UAAM,iBACJ,IAAI,IAAI,QAAQ,GAAG,EAAE,aAAa,IAAI,UAAU,KAAK;AACvD,UAAM,qBAAqB,0BAA0B,KAAK,cAAc;AACxE,UAAM,mBAAmB;AAAA,MACvB;AAAA,MACA,IAAI,IAAI,QAAQ,GAAG,EAAE;AAAA,IACvB;AAEA,UAAM,WAAWA,cAAa,SAAS,gBAAgB;AAEvD,qBAAiB;AAEjB,QAAI;AACF,qBAAe,qBAAqB,mBAAmB,cAAc;AAAA,IACvE,SAAS,OAAO;AACd,aAAO,KAAK,2CAA2C,KAAK;AAAA,IAC9D;AAEA,WAAO;AAAA,EACT;AAAA;AAcO,IAAM,UACX,CAAC,aAAa,CAAC,MACf,CAAO,YAAgD;AACrD,QAAM,SAAS,kBAAkB,UAAU;AAE3C,MAAI;AACF,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,eAAe,SAAS,MAAM,GAAG;AACvC,UAAM,cAAc,aAAa,aAAa,SAAS,CAAC;AAExD,YAAQ,aAAa;AAAA,MACnB,KAAK;AACH,eAAO,MAAM,gBAAgB;AAAA,MAC/B,KAAK;AACH,eAAO,MAAM,eAAe,SAAS,MAAM;AAAA,MAC7C,KAAK;AACH,eAAO,MAAM,aAAa,SAAS,MAAM;AAAA,MAC3C;AACE,cAAM,IAAI,UAAU,uBAAuB,QAAQ,IAAI,GAAG;AAAA,IAC9D;AAAA,EACF,SAAS,OAAO;AACd,WAAO,MAAM,uBAAuB,KAAK;AAEzC,UAAM,SAAS,iBAAiB,YAAY,MAAM,SAAS;AAC3D,UAAM,UACJ,iBAAiB,QAAQ,MAAM,UAAU;AAE3C,UAAM,WAAWA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,OAAO,CAAC;AAEjE,qBAAiB;AACjB,WAAO;AAAA,EACT;AACF;","names":["getUser","NextResponse","NextResponse","response"]}
package/dist/react.js CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
 
4
4
 
5
- var _chunk3U45EDU3js = require('./chunk-3U45EDU3.js');
5
+ var _chunkF55XKBNMjs = require('./chunk-F55XKBNM.js');
6
6
 
7
7
 
8
8
 
@@ -17,7 +17,7 @@ var _chunk3U45EDU3js = require('./chunk-3U45EDU3.js');
17
17
 
18
18
 
19
19
 
20
- var _chunkFX7N4B7Djs = require('./chunk-FX7N4B7D.js');
20
+ var _chunkF2CKPLXXjs = require('./chunk-F2CKPLXX.js');
21
21
 
22
22
 
23
23
 
@@ -116,7 +116,7 @@ var TokenProvider = ({ children }) => {
116
116
  const parsedJWT = _jwt.parseJWT.call(void 0, session.idToken);
117
117
  if (!parsedJWT) return null;
118
118
  const { forwardedTokens } = parsedJWT.payload;
119
- return forwardedTokens ? _chunkFX7N4B7Djs.convertForwardedTokenFormat.call(void 0, forwardedTokens) : null;
119
+ return forwardedTokens ? _chunkF2CKPLXXjs.convertForwardedTokenFormat.call(void 0, forwardedTokens) : null;
120
120
  }, [session == null ? void 0 : session.idToken]);
121
121
  const value = _react.useMemo.call(void 0,
122
122
  () => ({
@@ -167,7 +167,7 @@ var UserProvider = ({
167
167
  if (!accessToken) {
168
168
  return null;
169
169
  }
170
- const userSession = new (0, _chunkFX7N4B7Djs.GenericUserSession)(storage);
170
+ const userSession = new (0, _chunkF2CKPLXXjs.GenericUserSession)(storage);
171
171
  return userSession.get();
172
172
  });
173
173
  const {
@@ -272,7 +272,7 @@ var CivicAuthIframe = _react.forwardRef.call(void 0,
272
272
  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0,
273
273
  "iframe",
274
274
  {
275
- id: _chunkFX7N4B7Djs.IFRAME_ID,
275
+ id: _chunkF2CKPLXXjs.IFRAME_ID,
276
276
  ref,
277
277
  className: "cac-h-96 cac-w-80 cac-border-none",
278
278
  onLoad
@@ -327,16 +327,19 @@ var CivicAuthIframeContainer = ({
327
327
  const [isLoading, setIsLoading] = _react.useState.call(void 0, true);
328
328
  const { isLoading: isAuthLoading } = useAuth();
329
329
  const config = useConfig();
330
- const { serverTokenExchange } = config;
331
330
  const { setAuthResponseUrl, iframeRef } = useSession();
332
331
  const processIframeUrl = _react.useCallback.call(void 0, () => {
333
332
  if (iframeRef && iframeRef.current && iframeRef.current.contentWindow) {
334
333
  try {
335
334
  const iframeUrl = iframeRef.current.contentWindow.location.href;
336
335
  if (iframeUrl.startsWith(config.redirectUrl)) {
337
- if (serverTokenExchange) {
336
+ setIsLoading(true);
337
+ const iframeBody = iframeRef.current.contentWindow.document.body.innerHTML;
338
+ if (iframeBody.includes("sameDomainCodeExchangeRequired")) {
339
+ console.log(
340
+ "sameDomainCodeExchangeRequired, calling callback URL again..."
341
+ );
338
342
  const params = new URL(iframeUrl).searchParams;
339
- params.set("tokenExchange", "true");
340
343
  fetch(`${config.redirectUrl}?${params.toString()}`);
341
344
  } else {
342
345
  setAuthResponseUrl(iframeUrl);
@@ -354,7 +357,6 @@ var CivicAuthIframeContainer = ({
354
357
  config.redirectUrl,
355
358
  iframeRef,
356
359
  onClose,
357
- serverTokenExchange,
358
360
  setAuthResponseUrl
359
361
  ]);
360
362
  const intervalId = _react.useRef.call(void 0, );
@@ -379,6 +381,7 @@ var CivicAuthIframeContainer = ({
379
381
  };
380
382
  const showLoadingIcon = isLoading || isAuthLoading || !((_a = iframeRef == null ? void 0 : iframeRef.current) == null ? void 0 : _a.getAttribute("src"));
381
383
  const WrapperComponent = config.modalIframe ? IframeChrome : NoChrome;
384
+ console.log("CivicAuthIframeContainer showLoadingIcon", showLoadingIcon);
382
385
  return /* @__PURE__ */ _jsxruntime.jsxs.call(void 0, WrapperComponent, { onClose, children: [
383
386
  showLoadingIcon && /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "div", { className: "cac-absolute cac-inset-0 cac-flex cac-items-center cac-justify-center cac-rounded-3xl cac-bg-neutral-100", children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, LoadingIcon, {}) }),
384
387
  /* @__PURE__ */ _jsxruntime.jsx.call(void 0, CivicAuthIframe, { ref: iframeRef, onLoad: handleIframeLoad })
@@ -456,11 +459,11 @@ var AuthProvider = ({
456
459
  const [isRedirecting, setIsRedirecting] = _react.useState.call(void 0, false);
457
460
  const queryClient3 = _reactquery.useQueryClient.call(void 0, );
458
461
  const iframeRef = _react.useRef.call(void 0, null);
459
- const serverTokenExchange = pkceConsumer instanceof _chunkFX7N4B7Djs.ConfidentialClientPKCEConsumer;
462
+ const serverTokenExchange = pkceConsumer instanceof _chunkF2CKPLXXjs.ConfidentialClientPKCEConsumer;
460
463
  _react.useEffect.call(void 0, () => {
461
464
  if (typeof globalThis.window !== "undefined") {
462
465
  setCurrentUrl(globalThis.window.location.href);
463
- const isInIframeVal = _chunkFX7N4B7Djs.isWindowInIframe.call(void 0, globalThis.window);
466
+ const isInIframeVal = _chunkF2CKPLXXjs.isWindowInIframe.call(void 0, globalThis.window);
464
467
  setIsInIframe(isInIframeVal);
465
468
  }
466
469
  }, []);
@@ -471,11 +474,11 @@ var AuthProvider = ({
471
474
  const [authService, setAuthService] = _react.useState.call(void 0, );
472
475
  _react.useEffect.call(void 0, () => {
473
476
  if (!currentUrl) return;
474
- _chunkFX7N4B7Djs.BrowserAuthenticationService.build({
477
+ _chunkF2CKPLXXjs.BrowserAuthenticationService.build({
475
478
  clientId,
476
479
  redirectUrl,
477
480
  oauthServer: config.oauthServer,
478
- scopes: _chunkFX7N4B7Djs.DEFAULT_SCOPES,
481
+ scopes: _chunkF2CKPLXXjs.DEFAULT_SCOPES,
479
482
  displayMode
480
483
  }).then(setAuthService);
481
484
  }, [currentUrl, clientId, redirectUrl, config, displayMode]);
@@ -509,12 +512,12 @@ var AuthProvider = ({
509
512
  state
510
513
  });
511
514
  yield authService.tokenExchange(code, state);
512
- const clientStorage = new (0, _chunkFX7N4B7Djs.LocalStorageAdapter)();
513
- const user = yield _chunkFX7N4B7Djs.getUser.call(void 0, clientStorage);
515
+ const clientStorage = new (0, _chunkF2CKPLXXjs.LocalStorageAdapter)();
516
+ const user = yield _chunkF2CKPLXXjs.getUser.call(void 0, clientStorage);
514
517
  if (!user) {
515
518
  throw new Error("Failed to get user info");
516
519
  }
517
- const userSession = new (0, _chunkFX7N4B7Djs.GenericUserSession)(clientStorage);
520
+ const userSession = new (0, _chunkF2CKPLXXjs.GenericUserSession)(clientStorage);
518
521
  userSession.set(user);
519
522
  onSignIn == null ? void 0 : onSignIn();
520
523
  return authService.getSessionData();
@@ -562,13 +565,13 @@ var AuthProvider = ({
562
565
  if (!pkceConsumer) {
563
566
  return null;
564
567
  }
565
- return browserAuthenticationInitiator || new (0, _chunkFX7N4B7Djs.BrowserAuthenticationInitiator)({
568
+ return browserAuthenticationInitiator || new (0, _chunkF2CKPLXXjs.BrowserAuthenticationInitiator)({
566
569
  pkceConsumer,
567
570
  // generate and retrieve the challenge client-side
568
571
  clientId,
569
572
  redirectUrl,
570
- state: _chunkFX7N4B7Djs.generateState.call(void 0, useDisplayMode),
571
- scopes: _chunkFX7N4B7Djs.DEFAULT_SCOPES,
573
+ state: _chunkF2CKPLXXjs.generateState.call(void 0, useDisplayMode),
574
+ scopes: _chunkF2CKPLXXjs.DEFAULT_SCOPES,
572
575
  displayMode: useDisplayMode,
573
576
  oauthServer: config.oauthServer,
574
577
  // the endpoints to use for the login (if not obtained from the auth server
@@ -680,8 +683,8 @@ var CivicAuthProvider = (_a) => {
680
683
  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, _reactquery.QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0,
681
684
  AuthProvider,
682
685
  _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, props), {
683
- pkceConsumer: new (0, _chunkFX7N4B7Djs.BrowserPublicClientPKCEProducer)(),
684
- children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, UserProvider, { storage: new (0, _chunkFX7N4B7Djs.LocalStorageAdapter)(), children })
686
+ pkceConsumer: new (0, _chunkF2CKPLXXjs.BrowserPublicClientPKCEProducer)(),
687
+ children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0, UserProvider, { storage: new (0, _chunkF2CKPLXXjs.LocalStorageAdapter)(), children })
685
688
  })
686
689
  ) });
687
690
  };
@@ -699,11 +702,11 @@ var CivicNextAuthProvider = (_a) => {
699
702
  "children"
700
703
  ]);
701
704
  const [redirectUrl, setRedirectUrl] = _react.useState.call(void 0, "");
702
- const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } = _chunk3U45EDU3js.resolveAuthConfig.call(void 0, );
705
+ const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } = _chunkF55XKBNMjs.resolveAuthConfig.call(void 0, );
703
706
  _react.useEffect.call(void 0, () => {
704
707
  if (typeof globalThis.window !== "undefined") {
705
708
  const currentUrl = globalThis.window.location.href;
706
- setRedirectUrl(_chunk3U45EDU3js.resolveCallbackUrl.call(void 0, _chunk3U45EDU3js.resolveAuthConfig.call(void 0, ), currentUrl));
709
+ setRedirectUrl(_chunkF55XKBNMjs.resolveCallbackUrl.call(void 0, _chunkF55XKBNMjs.resolveAuthConfig.call(void 0, ), currentUrl));
707
710
  }
708
711
  }, [callbackUrl]);
709
712
  const user = useUserCookie();
@@ -717,11 +720,11 @@ var CivicNextAuthProvider = (_a) => {
717
720
  redirectUrl,
718
721
  config: { oauthServer },
719
722
  clientId,
720
- pkceConsumer: new (0, _chunkFX7N4B7Djs.ConfidentialClientPKCEConsumer)(challengeUrl),
723
+ pkceConsumer: new (0, _chunkF2CKPLXXjs.ConfidentialClientPKCEConsumer)(challengeUrl),
721
724
  children: /* @__PURE__ */ _jsxruntime.jsx.call(void 0,
722
725
  UserProvider,
723
726
  {
724
- storage: new (0, _chunk3U45EDU3js.NextjsClientStorage)(),
727
+ storage: new (0, _chunkF55XKBNMjs.NextjsClientStorage)(),
725
728
  user,
726
729
  signOut,
727
730
  children
@@ -878,7 +881,7 @@ var UserButton = ({
878
881
  /* @__PURE__ */ _jsxruntime.jsxs.call(void 0,
879
882
  "button",
880
883
  {
881
- className: _chunkFX7N4B7Djs.cn.call(void 0,
884
+ className: _chunkF2CKPLXXjs.cn.call(void 0,
882
885
  "cac-flex cac-w-full cac-items-center cac-justify-between cac-gap-2 cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-text-neutral-500 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
883
886
  className
884
887
  ),
@@ -917,7 +920,7 @@ var UserButton = ({
917
920
  "button",
918
921
  {
919
922
  "data-testid": "sign-in-button",
920
- className: _chunkFX7N4B7Djs.cn.call(void 0,
923
+ className: _chunkF2CKPLXXjs.cn.call(void 0,
921
924
  "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
922
925
  className
923
926
  ),
@@ -938,7 +941,7 @@ var SignInButton = ({
938
941
  "button",
939
942
  {
940
943
  "data-testid": "sign-in-button",
941
- className: _chunkFX7N4B7Djs.cn.call(void 0,
944
+ className: _chunkF2CKPLXXjs.cn.call(void 0,
942
945
  "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
943
946
  className
944
947
  ),
@@ -955,7 +958,7 @@ var SignOutButton = ({ className }) => {
955
958
  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0,
956
959
  "button",
957
960
  {
958
- className: _chunkFX7N4B7Djs.cn.call(void 0,
961
+ className: _chunkF2CKPLXXjs.cn.call(void 0,
959
962
  "cac-rounded-full cac-border cac-border-neutral-500 cac-px-3 cac-py-2 cac-transition-colors hover:cac-bg-neutral-200 hover:cac-bg-opacity-50",
960
963
  className
961
964
  ),
@@ -968,7 +971,7 @@ var SignOutButton = ({ className }) => {
968
971
  // src/react/components/NextLogOut.tsx
969
972
 
970
973
  var NextLogOut = ({ children }) => {
971
- const config = _chunk3U45EDU3js.resolveAuthConfig.call(void 0, );
974
+ const config = _chunkF55XKBNMjs.resolveAuthConfig.call(void 0, );
972
975
  const logoutUrl = `${config.logoutUrl}`;
973
976
  return /* @__PURE__ */ _jsxruntime.jsx.call(void 0, "a", { href: logoutUrl, children });
974
977
  };