@civic/auth 0.0.1-beta.29 → 0.0.1-beta.3

package/dist/src/lib/windowUtil.js

@@ -1,30 +0,0 @@
-const isWindowInIframe = (window) => {
-    if (typeof window !== "undefined") {
-        // use the window width to determine if we're in an iframe or not
-        try {
-            if (window?.frameElement?.id === "civic-auth-iframe") {
-                return true;
-            }
-            // eslint-disable-next-line @typescript-eslint/no-unused-vars
-        }
-        catch (_e) {
-            // If we get an error, we're not in an iframe
-            return false;
-        }
-    }
-    return false;
-};
-const removeParamsWithoutReload = (paramsToRemove) => {
-    const url = new URL(window.location.href);
-    paramsToRemove.forEach((param) => {
-        url.searchParams.delete(param);
-    });
-    try {
-        window.history.replaceState({}, "", url);
-    }
-    catch (error) {
-        console.warn("window.history.replaceState failed", error);
-    }
-};
-export { isWindowInIframe, removeParamsWithoutReload };
-//# sourceMappingURL=windowUtil.js.map

package/dist/src/lib/windowUtil.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"windowUtil.js","sourceRoot":"","sources":["../../../src/lib/windowUtil.ts"],"names":[],"mappings":"AAAA,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAW,EAAE;IACnD,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,iEAAiE;QACjE,IAAI,CAAC;YACH,IAAI,MAAM,EAAE,YAAY,EAAE,EAAE,KAAK,mBAAmB,EAAE,CAAC;gBACrD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,6DAA6D;QAC/D,CAAC;QAAC,OAAO,EAAE,EAAE,CAAC;YACZ,6CAA6C;YAC7C,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAG,CAAC,cAAwB,EAAE,EAAE;IAC7D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC1C,cAAc,CAAC,OAAO,CAAC,CAAC,KAAa,EAAE,EAAE;QACvC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC,CAAC;AAEF,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,CAAC","sourcesContent":["const isWindowInIframe = (window: Window): boolean => {\n  if (typeof window !== \"undefined\") {\n    // use the window width to determine if we're in an iframe or not\n    try {\n      if (window?.frameElement?.id === \"civic-auth-iframe\") {\n        return true;\n      }\n      // eslint-disable-next-line @typescript-eslint/no-unused-vars\n    } catch (_e) {\n      // If we get an error, we're not in an iframe\n      return false;\n    }\n  }\n  return false;\n};\n\nconst removeParamsWithoutReload = (paramsToRemove: string[]) => {\n  const url = new URL(window.location.href);\n  paramsToRemove.forEach((param: string) => {\n    url.searchParams.delete(param);\n  });\n  try {\n    window.history.replaceState({}, \"\", url);\n  } catch (error) {\n    console.warn(\"window.history.replaceState failed\", error);\n  }\n};\n\nexport { isWindowInIframe, removeParamsWithoutReload };\n"]}

package/dist/src/nextjs/GetUser.d.ts

@@ -1,6 +0,0 @@
-/**
- * Used on the server-side to get the user object from the cookie
- */
-import type { User } from "@/types.js";
-export declare const getUser: () => User | null;
-//# sourceMappingURL=GetUser.d.ts.map

package/dist/src/nextjs/GetUser.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"GetUser.d.ts","sourceRoot":"","sources":["../../../src/nextjs/GetUser.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAKvC,eAAO,MAAM,OAAO,QAAO,IAAI,GAAG,IAajC,CAAC"}

package/dist/src/nextjs/GetUser.js

@@ -1,18 +0,0 @@
-import { GenericUserSession } from "@/shared/lib/UserSession.js";
-import { NextjsClientStorage } from "@/nextjs/cookies.js";
-import { retrieveTokens } from "@/shared/lib/util.js";
-export const getUser = () => {
-    const clientStorage = new NextjsClientStorage();
-    const userSession = new GenericUserSession(clientStorage);
-    const tokens = retrieveTokens(clientStorage);
-    const user = userSession.get();
-    if (!user || !tokens)
-        return null;
-    return {
-        ...user,
-        idToken: tokens.id_token,
-        accessToken: tokens.access_token,
-        refreshToken: tokens.refresh_token ?? "",
-    };
-};
-//# sourceMappingURL=GetUser.js.map

package/dist/src/nextjs/GetUser.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"GetUser.js","sourceRoot":"","sources":["../../../src/nextjs/GetUser.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,MAAM,CAAC,MAAM,OAAO,GAAG,GAAgB,EAAE;IACvC,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAC1D,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAC/B,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAElC,OAAO;QACL,GAAG,IAAK;QACR,OAAO,EAAE,MAAM,CAAC,QAAQ;QACxB,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,EAAE;KACjC,CAAC;AACZ,CAAC,CAAC","sourcesContent":["/**\n * Used on the server-side to get the user object from the cookie\n */\nimport type { User } from \"@/types.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies.js\";\nimport { retrieveTokens } from \"@/shared/lib/util.js\";\n\nexport const getUser = (): User | null => {\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  const tokens = retrieveTokens(clientStorage);\n  const user = userSession.get();\n  if (!user || !tokens) return null;\n\n  return {\n    ...user!,\n    idToken: tokens.id_token,\n    accessToken: tokens.access_token,\n    refreshToken: tokens.refresh_token ?? \"\",\n  } as User;\n};\n"]}

package/dist/src/nextjs/config.d.ts

@@ -1,178 +0,0 @@
-import type { NextConfig } from "next";
-import { type CookieConfig, type TokensCookieConfig } from "@/shared/lib/types.js";
-export type CookiesConfigObject = {
-    tokens: TokensCookieConfig;
-    user: CookieConfig;
-};
-export type AuthConfigWithDefaults = {
-    clientId: string;
-    oauthServer: string;
-    callbackUrl: string;
-    loginUrl: string;
-    logoutUrl: string;
-    challengeUrl: string;
-    include: string[];
-    exclude: string[];
-    cookies: CookiesConfigObject;
-};
-export type AuthConfig = Partial<AuthConfigWithDefaults>;
-export type DefinedAuthConfig = AuthConfigWithDefaults;
-/**
- * Default configuration values that will be used if not overridden
- */
-export declare const defaultAuthConfig: Omit<AuthConfigWithDefaults, "clientId">;
-/**
- * Resolves the authentication configuration by combining:
- * 1. Default values
- * 2. Environment variables (set internally by the plugin)
- * 3. Explicitly passed configuration
- *
- * Note: Developers should not set _civic_auth_* environment variables directly.
- * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:
- *
- * @example
- * ```js
- * // next.config.js
- * export default createCivicAuthPlugin({
- *   callbackUrl: '/custom/callback',
- * })
- * ```
- */
-export declare const resolveAuthConfig: (config?: AuthConfig) => AuthConfigWithDefaults;
-/**
- * Creates a Next.js plugin that handles auth configuration.
- *
- * This is the main configuration point for the auth system.
- * Do not set _civic_auth_* environment variables directly - instead,
- * pass your configuration here:
- *
- * @example
- * ```js
- * // next.config.js
- * export default createCivicAuthPlugin({
- *   clientId: 'my-client-id',
- *   callbackUrl: '/custom/callback',
- *   loginUrl: '/custom/login',
- *   logoutUrl: '/custom/logout',
- *   include: ['/protected/*'],
- *   exclude: ['/public/*']
- * })
- * ```
- *
- * The plugin sets internal environment variables that are used by
- * the auth system. These variables should not be set manually.
- */
-export declare const createCivicAuthPlugin: (authConfig: AuthConfig & Pick<Required<AuthConfig>, "clientId">) => (nextConfig?: NextConfig) => {
-    env: {
-        _civic_auth_client_id: string;
-        _civic_oauth_server: string;
-        _civic_auth_callback_url: string;
-        _civic_auth_challenge_url: string;
-        _civic_auth_login_url: string;
-        _civic_auth_logout_url: string;
-        _civic_auth_includes: string;
-        _civic_auth_excludes: string;
-        _civic_auth_cookie_config: string;
-    };
-    exportPathMap?: (defaultMap: import("next/dist/server/config-shared.js").ExportPathMap, ctx: {
-        dev: boolean;
-        dir: string;
-        outDir: string | null;
-        distDir: string;
-        buildId: string;
-    }) => Promise<import("next/dist/server/config-shared.js").ExportPathMap> | import("next/dist/server/config-shared.js").ExportPathMap;
-    i18n?: import("next/dist/server/config-shared.js").I18NConfig | null;
-    eslint?: import("next/dist/server/config-shared.js").ESLintConfig;
-    typescript?: import("next/dist/server/config-shared.js").TypeScriptConfig;
-    headers?: () => Promise<import("next/dist/lib/load-custom-routes.js").Header[]>;
-    rewrites?: () => Promise<import("next/dist/lib/load-custom-routes.js").Rewrite[] | {
-        beforeFiles: import("next/dist/lib/load-custom-routes.js").Rewrite[];
-        afterFiles: import("next/dist/lib/load-custom-routes.js").Rewrite[];
-        fallback: import("next/dist/lib/load-custom-routes.js").Rewrite[];
-    }>;
-    redirects?: () => Promise<import("next/dist/lib/load-custom-routes.js").Redirect[]>;
-    excludeDefaultMomentLocales?: boolean;
-    webpack?: import("next/dist/server/config-shared.js").NextJsWebpackConfig | null;
-    trailingSlash?: boolean;
-    distDir?: string;
-    cleanDistDir?: boolean;
-    assetPrefix?: string;
-    cacheHandler?: string | undefined;
-    cacheMaxMemorySize?: number;
-    useFileSystemPublicRoutes?: boolean;
-    generateBuildId?: () => string | null | Promise<string | null>;
-    generateEtags?: boolean;
-    pageExtensions?: string[];
-    compress?: boolean;
-    analyticsId?: string;
-    poweredByHeader?: boolean;
-    images?: import("next/dist/shared/lib/image-config.js").ImageConfig;
-    devIndicators?: {
-        buildActivity?: boolean;
-        buildActivityPosition?: "bottom-right" | "bottom-left" | "top-right" | "top-left";
-    };
-    onDemandEntries?: {
-        maxInactiveAge?: number;
-        pagesBufferLength?: number;
-    };
-    amp?: {
-        canonicalBase?: string;
-    };
-    deploymentId?: string;
-    basePath?: string;
-    sassOptions?: {
-        [key: string]: any;
-    };
-    productionBrowserSourceMaps?: boolean;
-    optimizeFonts?: boolean;
-    reactProductionProfiling?: boolean;
-    reactStrictMode?: boolean | null;
-    publicRuntimeConfig?: {
-        [key: string]: any;
-    };
-    serverRuntimeConfig?: {
-        [key: string]: any;
-    };
-    httpAgentOptions?: {
-        keepAlive?: boolean;
-    };
-    outputFileTracing?: boolean;
-    staticPageGenerationTimeout?: number;
-    crossOrigin?: "anonymous" | "use-credentials";
-    swcMinify?: boolean;
-    compiler?: {
-        reactRemoveProperties?: boolean | {
-            properties?: string[];
-        };
-        relay?: {
-            src: string;
-            artifactDirectory?: string;
-            language?: "typescript" | "javascript" | "flow";
-            eagerEsModules?: boolean;
-        };
-        removeConsole?: boolean | {
-            exclude?: string[];
-        };
-        styledComponents?: boolean | import("next/dist/server/config-shared.js").StyledComponentsConfig;
-        emotion?: boolean | import("next/dist/server/config-shared.js").EmotionConfig;
-        styledJsx?: boolean | {
-            useLightningcss?: boolean;
-        };
-    };
-    output?: "standalone" | "export";
-    transpilePackages?: string[];
-    skipMiddlewareUrlNormalize?: boolean;
-    skipTrailingSlashRedirect?: boolean;
-    modularizeImports?: Record<string, {
-        transform: string | Record<string, string>;
-        preventFullImport?: boolean;
-        skipDefaultConversion?: boolean;
-    }>;
-    logging?: {
-        fetches?: {
-            fullUrl?: boolean;
-        };
-    };
-    experimental?: import("next/dist/server/config-shared.js").ExperimentalConfig;
-};
-//# sourceMappingURL=config.d.ts.map

package/dist/src/nextjs/config.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EAEL,KAAK,YAAY,EAEjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAK/B,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,kBAAkB,CAAC;IAC3B,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAC;AAEzD,MAAM,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AAOvD;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CAiDtE,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,iBAAiB,YACpB,UAAU,KACjB,sBA0CF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,qBAAqB,eACpB,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,mBAE1C,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAwBk2b,CAAC;6BAAsG,CAAC;;;sBAAke,CAAC;yBAA4H,CAAC;;;qBAA+H,CAAC;;;;;;;;;;;;;;;;;;iBAA8pE,CAAC;;;;;;;6BAAg6C,CAAC;sBAAoC,CAAC;;aAAoC,CAAC;;6BAA0D,CAAC;oBAA8B,CAAC;0BAAkE,CAAC;;qBAA2C,CAAC;mBAAiC,CAAC;;wBAA+C,CAAC;eAAmD,CAAC;iBAA4C,CAAC;2BAAyC,CAAC;;;;;;;;;yBAA4zC,CAAC;6BAAwC,CAAC;;;eAAkD,CAAC;mBAAuB,CAAC;;;;CAD3qoB,CAAC"}

package/dist/src/nextjs/config.js

@@ -1,164 +0,0 @@
-import { loggers } from "@/lib/logger.js";
-import { withoutUndefined } from "@/utils.js";
-import { CodeVerifier, OAuthTokens, } from "@/shared/lib/types.js";
-import { DEFAULT_AUTH_SERVER } from "@/constants.js";
-const logger = loggers.nextjs.handlers.auth;
-console.log(`process.env.NODE_ENV: ${process.env.NODE_ENV}`);
-const isDevelopment = process.env.NODE_ENV === "development";
-const defaultServerSecure = isDevelopment ? false : true;
-console.log(`defaultServerSecure: ${defaultServerSecure}`);
-/**
- * Default configuration values that will be used if not overridden
- */
-export const defaultAuthConfig = {
-    oauthServer: DEFAULT_AUTH_SERVER,
-    callbackUrl: "/api/auth/callback",
-    challengeUrl: "/api/auth/challenge",
-    logoutUrl: "/api/auth/logout",
-    loginUrl: "/",
-    include: ["/*"],
-    exclude: [],
-    cookies: {
-        tokens: {
-            [OAuthTokens.ID_TOKEN]: {
-                secure: defaultServerSecure,
-                httpOnly: true,
-                sameSite: "strict",
-                path: "/",
-            },
-            [OAuthTokens.ACCESS_TOKEN]: {
-                secure: defaultServerSecure,
-                httpOnly: true,
-                sameSite: "strict",
-                path: "/",
-            },
-            [OAuthTokens.REFRESH_TOKEN]: {
-                secure: defaultServerSecure,
-                httpOnly: true,
-                sameSite: "strict",
-                path: "/",
-            },
-            [CodeVerifier.COOKIE_NAME]: {
-                secure: defaultServerSecure,
-                httpOnly: true,
-                sameSite: "strict",
-                path: "/",
-            },
-            [CodeVerifier.APP_URL]: {
-                secure: defaultServerSecure,
-                httpOnly: true,
-                sameSite: "strict",
-                path: "/",
-            },
-        },
-        user: {
-            secure: defaultServerSecure,
-            httpOnly: false,
-            sameSite: "strict",
-            path: "/",
-            maxAge: 60 * 60, // 1 hour
-        },
-    },
-};
-/**
- * Resolves the authentication configuration by combining:
- * 1. Default values
- * 2. Environment variables (set internally by the plugin)
- * 3. Explicitly passed configuration
- *
- * Note: Developers should not set _civic_auth_* environment variables directly.
- * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:
- *
- * @example
- * ```js
- * // next.config.js
- * export default createCivicAuthPlugin({
- *   callbackUrl: '/custom/callback',
- * })
- * ```
- */
-export const resolveAuthConfig = (config = {}) => {
-    // Read configuration that was set by the plugin via environment variables
-    const configFromEnv = withoutUndefined({
-        clientId: process.env._civic_auth_client_id,
-        oauthServer: process.env._civic_oauth_server,
-        callbackUrl: process.env._civic_auth_callback_url,
-        challengeUrl: process.env._civic_auth_challenge_url,
-        loginUrl: process.env._civic_auth_login_url,
-        logoutUrl: process.env._civic_auth_logout_url,
-        include: process.env._civic_auth_includes?.split(","),
-        exclude: process.env._civic_auth_excludes?.split(","),
-        cookies: process.env._civic_auth_cookie_config
-            ? JSON.parse(process.env._civic_auth_cookie_config)
-            : undefined,
-    });
-    const mergedConfig = {
-        ...defaultAuthConfig,
-        ...configFromEnv, // Apply plugin-set config
-        ...config, // Override with directly passed config
-        cookies: {
-            tokens: {
-                ...defaultAuthConfig.cookies.tokens,
-                ...(configFromEnv?.cookies?.tokens || {}),
-                ...(config.cookies?.tokens || {}),
-            },
-            user: {
-                ...defaultAuthConfig.cookies.user,
-                ...(configFromEnv?.cookies?.user || {}),
-                ...(config.cookies?.user || {}),
-            },
-        },
-    };
-    logger.debug("Config from environment:", JSON.stringify(configFromEnv, null, 2));
-    logger.debug("Resolved config:", JSON.stringify(mergedConfig, null, 2));
-    if (mergedConfig.clientId === undefined) {
-        throw new Error("Civic Auth client ID is required");
-    }
-    return mergedConfig;
-};
-/**
- * Creates a Next.js plugin that handles auth configuration.
- *
- * This is the main configuration point for the auth system.
- * Do not set _civic_auth_* environment variables directly - instead,
- * pass your configuration here:
- *
- * @example
- * ```js
- * // next.config.js
- * export default createCivicAuthPlugin({
- *   clientId: 'my-client-id',
- *   callbackUrl: '/custom/callback',
- *   loginUrl: '/custom/login',
- *   logoutUrl: '/custom/logout',
- *   include: ['/protected/*'],
- *   exclude: ['/public/*']
- * })
- * ```
- *
- * The plugin sets internal environment variables that are used by
- * the auth system. These variables should not be set manually.
- */
-export const createCivicAuthPlugin = (authConfig) => {
-    return (nextConfig) => {
-        logger.debug("createCivicAuthPlugin nextConfig", JSON.stringify(nextConfig, null, 2));
-        const resolvedConfig = resolveAuthConfig({ ...authConfig });
-        return {
-            ...nextConfig,
-            env: {
-                ...nextConfig?.env,
-                // Internal environment variables - do not set these manually
-                _civic_auth_client_id: resolvedConfig.clientId,
-                _civic_oauth_server: resolvedConfig.oauthServer,
-                _civic_auth_callback_url: resolvedConfig.callbackUrl,
-                _civic_auth_challenge_url: resolvedConfig.challengeUrl,
-                _civic_auth_login_url: resolvedConfig.loginUrl,
-                _civic_auth_logout_url: resolvedConfig.logoutUrl,
-                _civic_auth_includes: resolvedConfig.include.join(","),
-                _civic_auth_excludes: resolvedConfig.exclude.join(","),
-                _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),
-            },
-        };
-    };
-};
-//# sourceMappingURL=config.js.map

package/dist/src/nextjs/config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,YAAY,EAEZ,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAuB5C,OAAO,CAAC,GAAG,CAAC,yBAAyB,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;AAC7D,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC;AAE7D,MAAM,mBAAmB,GAAG,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AACzD,OAAO,CAAC,GAAG,CAAC,wBAAwB,mBAAmB,EAAE,CAAC,CAAC;AAC3D;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,YAAY,EAAE,qBAAqB;IACnC,SAAS,EAAE,kBAAkB;IAC7B,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,EAAE;IACX,OAAO,EAAE;QACP,MAAM,EAAE;YACN,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE;gBAC3B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;SACF;QACD,IAAI,EAAE;YACJ,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,SAAS;SAC3B;KACF;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAAqB,EAAE,EACC,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;KACd,CAAe,CAAC;IACjB,MAAM,YAAY,GAAG;QACnB,GAAG,iBAAiB;QACpB,GAAG,aAAa,EAAE,0BAA0B;QAC5C,GAAG,MAAM,EAAE,uCAAuC;QAClD,OAAO,EAAE;YACP,MAAM,EAAE;gBACN,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM;gBACnC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;aAClC;YACD,IAAI,EAAE;gBACJ,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI;gBACjC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;aAChC;SACF;KACF,CAAC;IAEF,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CACvC,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAA+D,EAC/D,EAAE;IACF,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QACF,MAAM,cAAc,GAAG,iBAAiB,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;QAC5D,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars */\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n  CodeVerifier,\n  type CookieConfig,\n  OAuthTokens,\n  type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n  tokens: TokensCookieConfig;\n  user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string;\n  loginUrl: string;\n  logoutUrl: string;\n  challengeUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: CookiesConfigObject;\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\nconsole.log(`process.env.NODE_ENV: ${process.env.NODE_ENV}`);\nconst isDevelopment = process.env.NODE_ENV === \"development\";\n\nconst defaultServerSecure = isDevelopment ? false : true;\nconsole.log(`defaultServerSecure: ${defaultServerSecure}`);\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: DEFAULT_AUTH_SERVER,\n  callbackUrl: \"/api/auth/callback\",\n  challengeUrl: \"/api/auth/challenge\",\n  logoutUrl: \"/api/auth/logout\",\n  loginUrl: \"/\",\n  include: [\"/*\"],\n  exclude: [],\n  cookies: {\n    tokens: {\n      [OAuthTokens.ID_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.ACCESS_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.REFRESH_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [CodeVerifier.COOKIE_NAME]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [CodeVerifier.APP_URL]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n    },\n    user: {\n      secure: defaultServerSecure,\n      httpOnly: false,\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n  },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: AuthConfig = {},\n): AuthConfigWithDefaults => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n  }) as AuthConfig;\n  const mergedConfig = {\n    ...defaultAuthConfig,\n    ...configFromEnv, // Apply plugin-set config\n    ...config, // Override with directly passed config\n    cookies: {\n      tokens: {\n        ...defaultAuthConfig.cookies.tokens,\n        ...(configFromEnv?.cookies?.tokens || {}),\n        ...(config.cookies?.tokens || {}),\n      },\n      user: {\n        ...defaultAuthConfig.cookies.user,\n        ...(configFromEnv?.cookies?.user || {}),\n        ...(config.cookies?.user || {}),\n      },\n    },\n  };\n\n  logger.debug(\n    \"Config from environment:\",\n    JSON.stringify(configFromEnv, null, 2),\n  );\n  logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n  authConfig: AuthConfig & Pick<Required<AuthConfig>, \"clientId\">,\n) => {\n  return (nextConfig?: NextConfig) => {\n    logger.debug(\n      \"createCivicAuthPlugin nextConfig\",\n      JSON.stringify(nextConfig, null, 2),\n    );\n    const resolvedConfig = resolveAuthConfig({ ...authConfig });\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: resolvedConfig.clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n      },\n    };\n  };\n};\n"]}

package/dist/src/nextjs/cookies.d.ts

@@ -1,30 +0,0 @@
-import type { SessionData, UnknownObject, User } from "@/types.js";
-import type { AuthConfig } from "@/nextjs/config.js";
-import type { CodeVerifier, OAuthTokens, TokensCookieConfig } from "@/shared/lib/types.js";
-import { CookieStorage, type CookieStorageSettings } from "@/shared/lib/storage.js";
-/**
- * Creates HTTP-only cookies for authentication tokens
- */
-declare const createTokenCookies: (response: Response, sessionData: SessionData, config: AuthConfig) => void;
-/**
- * Creates a client-readable cookie with user info
- */
-declare const createUserInfoCookie: (response: Response, user: User<UnknownObject> | null, sessionData: SessionData, config: AuthConfig) => void;
-/**
- * Clears all authentication cookies
- */
-declare const clearAuthCookies: (config: AuthConfig) => Promise<void>;
-type KeySetter = OAuthTokens | CodeVerifier;
-declare class NextjsCookieStorage extends CookieStorage {
-    readonly config: Partial<TokensCookieConfig>;
-    constructor(config?: Partial<TokensCookieConfig>);
-    get(key: string): string | null;
-    set(key: KeySetter, value: string): void;
-}
-declare class NextjsClientStorage extends CookieStorage {
-    constructor(config?: Partial<CookieStorageSettings>);
-    get(key: string): string | null;
-    set(key: string, value: string): void;
-}
-export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, NextjsClientStorage, };
-//# sourceMappingURL=cookies.d.ts.map

package/dist/src/nextjs/cookies.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAIrD,OAAO,KAAK,EACV,YAAY,EAEZ,WAAW,EACX,kBAAkB,EACnB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC3B,MAAM,yBAAyB,CAAC;AAEjC;;GAEG;AACH,QAAA,MAAM,kBAAkB,aACZ,QAAQ,eACL,WAAW,UAChB,UAAU,SA4BnB,CAAC;AAcF;;GAEG;AACH,QAAA,MAAM,oBAAoB,aACd,QAAQ,QACZ,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,eACnB,WAAW,UAChB,UAAU,SAyBnB,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,gBAAgB,WAAkB,UAAU,kBASjD,CAAC;AAEF,KAAK,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAC5C,cAAM,mBAAoB,SAAQ,aAAa;IACjC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,kBAAkB,CAAC;gBAAnC,MAAM,GAAE,OAAO,CAAC,kBAAkB,CAAM;IAO7D,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAI/B,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;CAczC;AAED,cAAM,mBAAoB,SAAQ,aAAa;gBACjC,MAAM,GAAE,OAAO,CAAC,qBAAqB,CAAM;IAQvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAI/B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;CAGtC;AAED,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,GACpB,CAAC"}

package/dist/src/nextjs/cookies.js

@@ -1,109 +0,0 @@
-import { cookies } from "next/headers.js";
-import { GenericUserSession } from "@/shared/lib/UserSession.js";
-import { clearTokens } from "@/shared/lib/util.js";
-import { CookieStorage, } from "@/shared/lib/storage.js";
-/**
- * Creates HTTP-only cookies for authentication tokens
- */
-const createTokenCookies = (response, sessionData, config) => {
-    const maxAge = sessionData.expiresIn ?? 3600;
-    const cookieOptions = {
-        ...config.cookies?.tokens,
-        maxAge,
-    };
-    if (sessionData.accessToken) {
-        setCookie(response, "access_token", sessionData.accessToken, {
-            ...cookieOptions,
-            httpOnly: true,
-        });
-    }
-    if (sessionData.idToken) {
-        setCookie(response, "id_token", sessionData.idToken, {
-            ...cookieOptions,
-            httpOnly: true,
-        });
-    }
-    if (sessionData.refreshToken) {
-        setCookie(response, "refresh_token", sessionData.refreshToken, {
-            ...cookieOptions,
-            httpOnly: true,
-        });
-    }
-};
-const setCookie = (response, key, value, cookieData) => {
-    response.headers.set("Set-Cookie", `${key}=${value}; Path=${cookieData.path}; Domain=${cookieData.domain}; Max-Age=${cookieData.maxAge}; Secure; HttpOnly; SameSite=${cookieData.sameSite}`);
-};
-/**
- * Creates a client-readable cookie with user info
- */
-const createUserInfoCookie = (response, user, sessionData, config) => {
-    if (!user) {
-        // unset the "user" cookie
-        setCookie(response, "user", "", {
-            ...config.cookies?.user,
-            maxAge: 0,
-        });
-        return;
-    }
-    const maxAge = sessionData.expiresIn ?? 3600;
-    // TODO select fields to include in the user cookie
-    const frontendUser = {
-        ...user,
-    };
-    // TODO make call to get user info from the
-    // auth server /userinfo endpoint when it's available
-    // then add to the default claims above
-    setCookie(response, "user", JSON.stringify(frontendUser), {
-        ...config.cookies?.user,
-        maxAge,
-    });
-};
-/**
- * Clears all authentication cookies
- */
-const clearAuthCookies = async (config) => {
-    // clear session, and tokens
-    const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens);
-    clearTokens(cookieStorage);
-    // clear user
-    const clientStorage = new NextjsClientStorage();
-    const userSession = new GenericUserSession(clientStorage);
-    userSession.set(null);
-};
-class NextjsCookieStorage extends CookieStorage {
-    config;
-    constructor(config = {}) {
-        super({
-            secure: true,
-            httpOnly: true,
-        });
-        this.config = config;
-    }
-    get(key) {
-        return cookies().get(key)?.value || null;
-    }
-    set(key, value) {
-        const cookieSettings = this.config?.[key] || {
-            ...this.settings,
-        };
-        console.log("NextjsCookieStorage.set", JSON.stringify({ key, value, config: this.config, cookieSettings }, null, 2));
-        cookies().set(key, value, cookieSettings);
-    }
-}
-class NextjsClientStorage extends CookieStorage {
-    constructor(config = {}) {
-        super({
-            ...config,
-            secure: false,
-            httpOnly: false,
-        });
-    }
-    get(key) {
-        return cookies().get(key)?.value || null;
-    }
-    set(key, value) {
-        cookies().set(key, value, this.settings);
-    }
-}
-export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, NextjsClientStorage, };
-//# sourceMappingURL=cookies.js.map

package/dist/src/nextjs/cookies.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAOnD,OAAO,EACL,aAAa,GAEd,MAAM,yBAAyB,CAAC;AAEjC;;GAEG;AACH,MAAM,kBAAkB,GAAG,CACzB,QAAkB,EAClB,WAAwB,EACxB,MAAkB,EAClB,EAAE;IACF,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC;IAC7C,MAAM,aAAa,GAAG;QACpB,GAAG,MAAM,CAAC,OAAO,EAAE,MAAM;QACzB,MAAM;KACP,CAAC;IAEF,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;QAC5B,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,CAAC,WAAW,EAAE;YAC3D,GAAG,aAAa;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IAED,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,SAAS,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,CAAC,OAAO,EAAE;YACnD,GAAG,aAAa;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IAED,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;QAC7B,SAAS,CAAC,QAAQ,EAAE,eAAe,EAAE,WAAW,CAAC,YAAY,EAAE;YAC7D,GAAG,aAAa;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAChB,QAAkB,EAClB,GAAW,EACX,KAAa,EACb,UAAwB,EACxB,EAAE;IACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,YAAY,EACZ,GAAG,GAAG,IAAI,KAAK,UAAU,UAAU,CAAC,IAAI,YAAY,UAAU,CAAC,MAAM,aAAa,UAAU,CAAC,MAAM,gCAAgC,UAAU,CAAC,QAAQ,EAAE,CACzJ,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,oBAAoB,GAAG,CAC3B,QAAkB,EAClB,IAAgC,EAChC,WAAwB,EACxB,MAAkB,EAClB,EAAE;IACF,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,0BAA0B;QAC1B,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE;YAC9B,GAAG,MAAM,CAAC,OAAO,EAAE,IAAI;YACvB,MAAM,EAAE,CAAC;SACV,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IACD,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC;IAE7C,mDAAmD;IACnD,MAAM,YAAY,GAAG;QACnB,GAAG,IAAI;KACR,CAAC;IAEF,2CAA2C;IAC3C,qDAAqD;IACrD,uCAAuC;IAEvC,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;QACxD,GAAG,MAAM,CAAC,OAAO,EAAE,IAAI;QACvB,MAAM;KACP,CAAC,CAAC;AACL,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG,KAAK,EAAE,MAAkB,EAAE,EAAE;IACpD,4BAA4B;IAC5B,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,WAAW,CAAC,aAAa,CAAC,CAAC;IAE3B,aAAa;IACb,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAC1D,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC,CAAC;AAGF,MAAM,mBAAoB,SAAQ,aAAa;IACxB;IAArB,YAAqB,SAAsC,EAAE;QAC3D,KAAK,CAAC;YACJ,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAJgB,WAAM,GAAN,MAAM,CAAkC;IAK7D,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,GAAG,CAAC,GAAc,EAAE,KAAa;QAC/B,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI;YACxD,GAAG,IAAI,CAAC,QAAQ;SACjB,CAAC;QACF,OAAO,CAAC,GAAG,CACT,yBAAyB,EACzB,IAAI,CAAC,SAAS,CACZ,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,cAAc,EAAE,EACnD,IAAI,EACJ,CAAC,CACF,CACF,CAAC;QACF,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;IAC5C,CAAC;CACF;AAED,MAAM,mBAAoB,SAAQ,aAAa;IAC7C,YAAY,SAAyC,EAAE;QACrD,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;IACL,CAAC;IAED,GAAG,CAAC,GAAW;QACb,OAAO,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAa;QAC5B,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;CACF;AAED,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,GACpB,CAAC","sourcesContent":["import type { SessionData, UnknownObject, User } from \"@/types.js\";\nimport type { AuthConfig } from \"@/nextjs/config.js\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { clearTokens } from \"@/shared/lib/util.js\";\nimport type {\n  CodeVerifier,\n  CookieConfig,\n  OAuthTokens,\n  TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport {\n  CookieStorage,\n  type CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n  response: Response,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  const maxAge = sessionData.expiresIn ?? 3600;\n  const cookieOptions = {\n    ...config.cookies?.tokens,\n    maxAge,\n  };\n\n  if (sessionData.accessToken) {\n    setCookie(response, \"access_token\", sessionData.accessToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.idToken) {\n    setCookie(response, \"id_token\", sessionData.idToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.refreshToken) {\n    setCookie(response, \"refresh_token\", sessionData.refreshToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n};\n\nconst setCookie = (\n  response: Response,\n  key: string,\n  value: string,\n  cookieData: CookieConfig,\n) => {\n  response.headers.set(\n    \"Set-Cookie\",\n    `${key}=${value}; Path=${cookieData.path}; Domain=${cookieData.domain}; Max-Age=${cookieData.maxAge}; Secure; HttpOnly; SameSite=${cookieData.sameSite}`,\n  );\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n  response: Response,\n  user: User<UnknownObject> | null,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  if (!user) {\n    // unset the \"user\" cookie\n    setCookie(response, \"user\", \"\", {\n      ...config.cookies?.user,\n      maxAge: 0,\n    });\n    return;\n  }\n  const maxAge = sessionData.expiresIn ?? 3600;\n\n  // TODO select fields to include in the user cookie\n  const frontendUser = {\n    ...user,\n  };\n\n  // TODO make call to get user info from the\n  // auth server /userinfo endpoint when it's available\n  // then add to the default claims above\n\n  setCookie(response, \"user\", JSON.stringify(frontendUser), {\n    ...config.cookies?.user,\n    maxAge,\n  });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async (config: AuthConfig) => {\n  // clear session, and tokens\n  const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens);\n  clearTokens(cookieStorage);\n\n  // clear user\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  userSession.set(null);\n};\n\ntype KeySetter = OAuthTokens | CodeVerifier;\nclass NextjsCookieStorage extends CookieStorage {\n  constructor(readonly config: Partial<TokensCookieConfig> = {}) {\n    super({\n      secure: true,\n      httpOnly: true,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: KeySetter, value: string): void {\n    const cookieSettings = this.config?.[key as KeySetter] || {\n      ...this.settings,\n    };\n    console.log(\n      \"NextjsCookieStorage.set\",\n      JSON.stringify(\n        { key, value, config: this.config, cookieSettings },\n        null,\n        2,\n      ),\n    );\n    cookies().set(key, value, cookieSettings);\n  }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: false,\n      httpOnly: false,\n    });\n  }\n\n  get(key: string): string | null {\n    return cookies().get(key)?.value || null;\n  }\n\n  set(key: string, value: string): void {\n    cookies().set(key, value, this.settings);\n  }\n}\n\nexport {\n  createTokenCookies,\n  createUserInfoCookie,\n  clearAuthCookies,\n  NextjsCookieStorage,\n  NextjsClientStorage,\n};\n"]}

package/dist/src/nextjs/hooks/index.d.ts

@@ -1,2 +0,0 @@
-export { useTokenCookie } from "@/nextjs/hooks/useTokenCookie.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/src/nextjs/hooks/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC"}

package/dist/src/nextjs/hooks/index.js

@@ -1,2 +0,0 @@
-export { useTokenCookie } from "@/nextjs/hooks/useTokenCookie.js";
-//# sourceMappingURL=index.js.map

package/dist/src/nextjs/hooks/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/nextjs/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kCAAkC,CAAC","sourcesContent":["export { useTokenCookie } from \"@/nextjs/hooks/useTokenCookie.js\";\n"]}

package/dist/src/nextjs/hooks/useTokenCookie.d.ts

@@ -1,3 +0,0 @@
-import type { OAuthTokens } from "@/shared/lib/types.js";
-export declare const useTokenCookie: (tokenName: OAuthTokens) => string | null;
-//# sourceMappingURL=useTokenCookie.d.ts.map

package/dist/src/nextjs/hooks/useTokenCookie.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"useTokenCookie.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useTokenCookie.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAUzD,eAAO,MAAM,cAAc,cAAe,WAAW,KAAG,MAAM,GAAG,IAyBhE,CAAC"}