@civic/auth 0.0.1-beta.3 → 0.0.1-beta.30

package/dist/cjs/src/nextjs/middleware.js

@@ -0,0 +1,116 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authMiddleware = void 0;
+exports.withAuth = withAuth;
+exports.auth = auth;
+const server_js_1 = require("next/server.js");
+const picomatch_1 = __importDefault(require("picomatch"));
+const config_js_1 = require("../nextjs/config.js");
+// Matches globs:
+// Examples:
+// /user
+// /user/*
+// /user/**/info
+const matchGlob = (pathname, globPattern) => {
+    const matches = (0, picomatch_1.default)(globPattern);
+    return matches(pathname);
+};
+// Matches globs:
+// Examples:
+// /user
+// /user/*
+// /user/**/info
+const matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
+    if (!pattern)
+        return false;
+    console.log("matching", {
+        pattern,
+        pathname,
+        match: matchGlob(pathname, pattern),
+    });
+    return matchGlob(pathname, pattern);
+});
+// internal - used by all exported functions
+const applyAuth = async (authConfig, request) => {
+    const authConfigWithDefaults = (0, config_js_1.resolveAuthConfig)(authConfig);
+    // Check for any valid auth token
+    const isAuthenticated = !!request.cookies.get("id_token");
+    // skip auth check for redirect to login url
+    if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&
+        request.method === "GET") {
+        console.log("→ Skipping auth check - this is the login URL");
+        return undefined;
+    }
+    if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {
+        console.log("→ Skipping auth check - path not in include patterns");
+        return undefined;
+    }
+    if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {
+        console.log("→ Skipping auth check - path in exclude patterns");
+        return undefined;
+    }
+    // Check for either token type
+    if (!isAuthenticated) {
+        const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);
+        console.log("→ No valid token found - redirecting to login", loginUrl);
+        return server_js_1.NextResponse.redirect(loginUrl);
+    }
+    console.log("→ Auth check passed");
+    return undefined;
+};
+/**
+ *
+ * Use this when auth is the only middleware you need.
+ * Usage:
+ *
+ * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();
+ *
+ */
+const authMiddleware = (authConfig = {}) => async (request) => {
+    const response = await applyAuth(authConfig, request);
+    if (response)
+        return response;
+    // NextJS doesn't do middleware chaining yet, so this does not mean
+    // "call the next middleware" - it means "continue to the route handler"
+    return server_js_1.NextResponse.next();
+};
+exports.authMiddleware = authMiddleware;
+/**
+ * Usage:
+ *
+ * export default withAuth(async (request) => {
+ *    console.log('my middleware');
+ *    return NextResponse.next();
+ *  })
+ */
+// use this when you have your own middleware to chain
+function withAuth(middleware) {
+    return auth()(middleware);
+}
+/**
+ * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)
+ *
+ * Usage:
+ *
+ * const withAuth = auth({ loginUrl = '/login' }); // or just auth();
+ *
+ * export default withAuth(async (request) => {
+ *    console.log('my middleware');
+ *    return NextResponse.next();
+ *  })
+ *
+ */
+function auth(authConfig = {}) {
+    return (middleware) => {
+        return async (request) => {
+            const response = await applyAuth(authConfig, request);
+            if (response)
+                return response;
+            return middleware(request);
+        };
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/cjs/src/nextjs/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../../src/nextjs/middleware.ts"],"names":[],"mappings":";;;;;;AA4HA,4BAIC;AAeD,oBAWC;AApID,8CAA8C;AAC9C,0DAAkC;AAElC,kDAAuD;AAMvD,iBAAiB;AACjB,YAAY;AACZ,QAAQ;AACR,UAAU;AACV,gBAAgB;AAChB,MAAM,SAAS,GAAG,CAAC,QAAgB,EAAE,WAAmB,EAAE,EAAE;IAC1D,MAAM,OAAO,GAAG,IAAA,mBAAS,EAAC,WAAW,CAAC,CAAC;IACvC,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;AAC3B,CAAC,CAAC;AAEF,iBAAiB;AACjB,YAAY;AACZ,QAAQ;AACR,UAAU;AACV,gBAAgB;AAChB,MAAM,YAAY,GAAG,CAAC,QAAgB,EAAE,QAAkB,EAAE,EAAE,CAC5D,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAC3B,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE;QACtB,OAAO;QACP,QAAQ;QACR,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC;KACpC,CAAC,CAAC;IACH,OAAO,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AACtC,CAAC,CAAC,CAAC;AAEL,4CAA4C;AAC5C,MAAM,SAAS,GAAG,KAAK,EACrB,UAAsB,EACtB,OAAoB,EACe,EAAE;IACrC,MAAM,sBAAsB,GAAG,IAAA,6BAAiB,EAAC,UAAU,CAAC,CAAC;IAC7D,iCAAiC;IACjC,MAAM,eAAe,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE1D,4CAA4C;IAC5C,IACE,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,sBAAsB,CAAC,QAAQ;QAC5D,OAAO,CAAC,MAAM,KAAK,KAAK,EACxB,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;QAC7D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,sBAAsB,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,sBAAsB,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,QAAQ,CAAC,CAAC;QACvE,OAAO,wBAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AAEF;;;;;;;GAOG;AACI,MAAM,cAAc,GACzB,CAAC,aAAkC,EAAE,EAAE,EAAE,CACzC,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACtD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,mEAAmE;IACnE,wEAAwE;IACxE,OAAO,wBAAY,CAAC,IAAI,EAAE,CAAC;AAC7B,CAAC,CAAC;AATS,QAAA,cAAc,kBASvB;AAEJ;;;;;;;GAOG;AACH,sDAAsD;AACtD,SAAgB,QAAQ,CACtB,UAAsB;IAEtB,OAAO,IAAI,EAAE,CAAC,UAAU,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAgB,IAAI,CAAC,aAAyB,EAAE;IAC9C,OAAO,CACL,UAAsB,EAC6B,EAAE;QACrD,OAAO,KAAK,EAAE,OAAoB,EAAyB,EAAE;YAC3D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACtD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YAE9B,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC","sourcesContent":["/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n *    console.log('in custom middleware', request.nextUrl.pathname);\n *    return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n *   console.log('in custom middleware', request.url);\n *   return NextResponse.next();\n * })\n *\n */\nimport type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport type { AuthConfig } from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\n\ntype Middleware = (\n  request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n  const matches = picomatch(globPattern);\n  return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n  patterns.some((pattern) => {\n    if (!pattern) return false;\n    console.log(\"matching\", {\n      pattern,\n      pathname,\n      match: matchGlob(pathname, pattern),\n    });\n    return matchGlob(pathname, pattern);\n  });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n  authConfig: AuthConfig,\n  request: NextRequest,\n): Promise<NextResponse | undefined> => {\n  const authConfigWithDefaults = resolveAuthConfig(authConfig);\n  // Check for any valid auth token\n  const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n  // skip auth check for redirect to login url\n  if (\n    request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&\n    request.method === \"GET\"\n  ) {\n    console.log(\"→ Skipping auth check - this is the login URL\");\n    return undefined;\n  }\n\n  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n    console.log(\"→ Skipping auth check - path not in include patterns\");\n    return undefined;\n  }\n\n  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n    console.log(\"→ Skipping auth check - path in exclude patterns\");\n    return undefined;\n  }\n\n  // Check for either token type\n  if (!isAuthenticated) {\n    const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n    console.log(\"→ No valid token found - redirecting to login\", loginUrl);\n    return NextResponse.redirect(loginUrl);\n  }\n\n  console.log(\"→ Auth check passed\");\n  return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n  (authConfig: Partial<AuthConfig> = {}) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const response = await applyAuth(authConfig, request);\n    if (response) return response;\n\n    // NextJS doesn't do middleware chaining yet, so this does not mean\n    // \"call the next middleware\" - it means \"continue to the route handler\"\n    return NextResponse.next();\n  };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n  middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n  return auth()(middleware);\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n *    console.log('my middleware');\n *    return NextResponse.next();\n *  })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n  return (\n    middleware: Middleware,\n  ): ((request: NextRequest) => Promise<NextResponse>) => {\n    return async (request: NextRequest): Promise<NextResponse> => {\n      const response = await applyAuth(authConfig, request);\n      if (response) return response;\n\n      return middleware(request);\n    };\n  };\n}\n"]}

package/dist/cjs/src/nextjs/providers/NextAuthProvider.d.ts

@@ -0,0 +1,9 @@
+/**
+ * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.
+ */
+import React from "react";
+import type { AuthProviderProps } from "../../shared/providers/AuthProvider.js";
+type NextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId">;
+declare const CivicNextAuthProvider: ({ children, ...props }: NextCivicAuthProviderProps) => React.JSX.Element;
+export { CivicNextAuthProvider, type NextCivicAuthProviderProps };
+//# sourceMappingURL=NextAuthProvider.d.ts.map

package/dist/cjs/src/nextjs/providers/NextAuthProvider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NextAuthProvider.d.ts","sourceRoot":"","sources":["../../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":"AACA;;GAEG;AACH,OAAO,KAA8B,MAAM,OAAO,CAAC;AACnD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAe5E,KAAK,0BAA0B,GAAG,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;AAqDtE,QAAA,MAAM,qBAAqB,2BAGxB,0BAA0B,sBAQ5B,CAAC;AAEF,OAAO,EAAE,qBAAqB,EAAE,KAAK,0BAA0B,EAAE,CAAC"}

package/dist/cjs/src/nextjs/providers/NextAuthProvider.js

@@ -0,0 +1,76 @@
+"use strict";
+"use client";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CivicNextAuthProvider = void 0;
+/**
+ * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.
+ */
+const react_1 = __importStar(require("react"));
+const AuthProvider_js_1 = require("../../shared/providers/AuthProvider.js");
+const react_query_1 = require("@tanstack/react-query");
+const config_js_1 = require("../../nextjs/config.js");
+const utils_js_1 = require("../../nextjs/utils.js");
+const PKCE_js_1 = require("../../services/PKCE.js");
+const cookies_js_1 = require("../../nextjs/cookies.js");
+const UserProvider_js_1 = require("../../shared/providers/UserProvider.js");
+const types_js_1 = require("../../shared/lib/types.js");
+const useUserCookie_js_1 = require("../../nextjs/hooks/useUserCookie.js");
+const index_js_1 = require("../../nextjs/hooks/index.js");
+const queryClient = new react_query_1.QueryClient();
+const CivicNextAuthProviderInternal = ({ children, ...props }) => {
+    const [redirectUrl, setRedirectUrl] = (0, react_1.useState)("");
+    const resolvedConfig = (0, config_js_1.resolveAuthConfig)();
+    const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } = resolvedConfig;
+    (0, react_1.useEffect)(() => {
+        if (typeof globalThis.window !== "undefined") {
+            const appUrl = globalThis.window.location.origin;
+            setRedirectUrl((0, utils_js_1.resolveCallbackUrl)(resolvedConfig, appUrl));
+        }
+    }, [callbackUrl, resolvedConfig]);
+    const user = (0, useUserCookie_js_1.useUserCookie)();
+    const idToken = (0, index_js_1.useTokenCookie)(types_js_1.OAuthTokens.ID_TOKEN);
+    const combinedUser = user ? { ...(user || {}), idToken } : null;
+    const sessionData = {
+        authenticated: !!user,
+        ...(idToken ? { idToken } : {}),
+    };
+    const signOut = async () => {
+        if (props.onSignOut) {
+            await props.onSignOut();
+        }
+        const appUrl = globalThis.window.location.origin;
+        window.location.href = `${logoutUrl}?appUrl=${appUrl}`;
+        return;
+    };
+    return (react_1.default.createElement(AuthProvider_js_1.AuthProvider, { ...props, redirectUrl: redirectUrl, config: { oauthServer }, clientId: clientId, pkceConsumer: new PKCE_js_1.ConfidentialClientPKCEConsumer(challengeUrl), sessionData: sessionData },
+        react_1.default.createElement(UserProvider_js_1.UserProvider, { storage: new cookies_js_1.NextjsClientStorage(), user: combinedUser, signOut: signOut }, children)));
+};
+const CivicNextAuthProvider = ({ children, ...props }) => {
+    return (react_1.default.createElement(react_query_1.QueryClientProvider, { client: queryClient },
+        react_1.default.createElement(CivicNextAuthProviderInternal, { ...props }, children)));
+};
+exports.CivicNextAuthProvider = CivicNextAuthProvider;
+//# sourceMappingURL=NextAuthProvider.js.map

package/dist/cjs/src/nextjs/providers/NextAuthProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NextAuthProvider.js","sourceRoot":"","sources":["../../../../../src/nextjs/providers/NextAuthProvider.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;AACb;;GAEG;AACH,+CAAmD;AAEnD,wEAAkE;AAClE,uDAAyE;AAEzE,kDAAuD;AACvD,gDAAuD;AACvD,gDAAoE;AACpE,oDAA0D;AAC1D,wEAAkE;AAClE,oDAAoD;AACpD,sEAAgE;AAChE,sDAAyD;AAEzD,MAAM,WAAW,GAAG,IAAI,yBAAW,EAAE,CAAC;AAItC,MAAM,6BAA6B,GAAG,CAAC,EACrC,QAAQ,EACR,GAAG,KAAK,EACmB,EAAE,EAAE;IAC/B,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,IAAA,gBAAQ,EAAS,EAAE,CAAC,CAAC;IAC3D,MAAM,cAAc,GAAG,IAAA,6BAAiB,GAAE,CAAC;IAC3C,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,SAAS,EAAE,GACnE,cAAc,CAAC;IAEjB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;YACjD,cAAc,CAAC,IAAA,6BAAkB,EAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;IAElC,MAAM,IAAI,GAAG,IAAA,gCAAa,GAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,IAAA,yBAAc,EAAC,sBAAW,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,CAAE,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,OAAO,EAAW,CAAC,CAAC,CAAC,IAAI,CAAC;IAC1E,MAAM,WAAW,GAAG;QAClB,aAAa,EAAE,CAAC,CAAC,IAAI;QACrB,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAChC,CAAC;IACF,MAAM,OAAO,GAAG,KAAK,IAAmB,EAAE;QACxC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,KAAK,CAAC,SAAS,EAAE,CAAC;QAC1B,CAAC;QACD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;QACjD,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,SAAS,WAAW,MAAM,EAAE,CAAC;QACvD,OAAO;IACT,CAAC,CAAC;IACF,OAAO,CACL,8BAAC,8BAAY,OACP,KAAK,EACT,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,EAAE,WAAW,EAAE,EACvB,QAAQ,EAAE,QAAQ,EAClB,YAAY,EAAE,IAAI,wCAA8B,CAAC,YAAY,CAAC,EAC9D,WAAW,EAAE,WAAW;QAExB,8BAAC,8BAAY,IACX,OAAO,EAAE,IAAI,gCAAmB,EAAE,EAClC,IAAI,EAAE,YAAY,EAClB,OAAO,EAAE,OAAO,IAEf,QAAQ,CACI,CACF,CAChB,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,qBAAqB,GAAG,CAAC,EAC7B,QAAQ,EACR,GAAG,KAAK,EACmB,EAAE,EAAE;IAC/B,OAAO,CACL,8BAAC,iCAAmB,IAAC,MAAM,EAAE,WAAW;QACtC,8BAAC,6BAA6B,OAAK,KAAK,IACrC,QAAQ,CACqB,CACZ,CACvB,CAAC;AACJ,CAAC,CAAC;AAEO,sDAAqB","sourcesContent":["\"use client\";\n/**\n * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.\n */\nimport React, { useEffect, useState } from \"react\";\nimport type { AuthProviderProps } from \"@/shared/providers/AuthProvider.js\";\nimport { AuthProvider } from \"@/shared/providers/AuthProvider.js\";\nimport { QueryClient, QueryClientProvider } from \"@tanstack/react-query\";\nimport type { User } from \"@/types.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { ConfidentialClientPKCEConsumer } from \"@/services/PKCE.js\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies.js\";\nimport { UserProvider } from \"@/shared/providers/UserProvider.js\";\nimport { OAuthTokens } from \"@/shared/lib/types.js\";\nimport { useUserCookie } from \"@/nextjs/hooks/useUserCookie.js\";\nimport { useTokenCookie } from \"@/nextjs/hooks/index.js\";\n\nconst queryClient = new QueryClient();\n\ntype NextCivicAuthProviderProps = Omit<AuthProviderProps, \"clientId\">;\n\nconst CivicNextAuthProviderInternal = ({\n  children,\n  ...props\n}: NextCivicAuthProviderProps) => {\n  const [redirectUrl, setRedirectUrl] = useState<string>(\"\");\n  const resolvedConfig = resolveAuthConfig();\n  const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } =\n    resolvedConfig;\n\n  useEffect(() => {\n    if (typeof globalThis.window !== \"undefined\") {\n      const appUrl = globalThis.window.location.origin;\n      setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));\n    }\n  }, [callbackUrl, resolvedConfig]);\n\n  const user = useUserCookie();\n  const idToken = useTokenCookie(OAuthTokens.ID_TOKEN);\n  const combinedUser = user ? ({ ...(user || {}), idToken } as User) : null;\n  const sessionData = {\n    authenticated: !!user,\n    ...(idToken ? { idToken } : {}),\n  };\n  const signOut = async (): Promise<void> => {\n    if (props.onSignOut) {\n      await props.onSignOut();\n    }\n    const appUrl = globalThis.window.location.origin;\n    window.location.href = `${logoutUrl}?appUrl=${appUrl}`;\n    return;\n  };\n  return (\n    <AuthProvider\n      {...props}\n      redirectUrl={redirectUrl}\n      config={{ oauthServer }}\n      clientId={clientId}\n      pkceConsumer={new ConfidentialClientPKCEConsumer(challengeUrl)}\n      sessionData={sessionData}\n    >\n      <UserProvider\n        storage={new NextjsClientStorage()}\n        user={combinedUser}\n        signOut={signOut}\n      >\n        {children}\n      </UserProvider>\n    </AuthProvider>\n  );\n};\n\nconst CivicNextAuthProvider = ({\n  children,\n  ...props\n}: NextCivicAuthProviderProps) => {\n  return (\n    <QueryClientProvider client={queryClient}>\n      <CivicNextAuthProviderInternal {...props}>\n        {children}\n      </CivicNextAuthProviderInternal>\n    </QueryClientProvider>\n  );\n};\n\nexport { CivicNextAuthProvider, type NextCivicAuthProviderProps };\n"]}

package/dist/cjs/src/nextjs/routeHandler.d.ts

@@ -0,0 +1,18 @@
+import type { NextRequest } from "next/server.js";
+import { NextResponse } from "next/server.js";
+import type { AuthConfig } from "../nextjs/config.js";
+export declare function handleLogout(request: NextRequest, config: AuthConfig): Promise<NextResponse>;
+/**
+ * Creates an authentication handler for Next.js API routes
+ *
+ * Usage:
+ * ```ts
+ * // app/api/auth/[...civicauth]/route.ts
+ * import { handler } from '@civic/auth/nextjs'
+ * export const GET = handler({
+ *   // optional config overrides
+ * })
+ * ```
+ */
+export declare const handler: (authConfig?: {}) => (request: NextRequest) => Promise<NextResponse>;
+//# sourceMappingURL=routeHandler.d.ts.map

package/dist/cjs/src/nextjs/routeHandler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routeHandler.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAwNrD,wBAAsB,YAAY,CAChC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,YAAY,CAAC,CA4BvB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,OAAO,iCAEF,WAAW,KAAG,OAAO,CAAC,YAAY,CA8BjD,CAAC"}

package/dist/cjs/src/nextjs/routeHandler.js

@@ -0,0 +1,217 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handler = void 0;
+exports.handleLogout = handleLogout;
+const server_js_1 = require("next/server.js");
+const cache_js_1 = require("next/cache.js");
+const config_js_1 = require("../nextjs/config.js");
+const logger_js_1 = require("../lib/logger.js");
+const cookies_js_1 = require("../nextjs/cookies.js");
+const PKCE_js_1 = require("../services/PKCE.js");
+const login_js_1 = require("../server/login.js");
+const session_js_1 = require("../shared/lib/session.js");
+const utils_js_1 = require("../nextjs/utils.js");
+const UserSession_js_1 = require("../shared/lib/UserSession.js");
+const constants_js_1 = require("../constants.js");
+const oauth_js_1 = require("../lib/oauth.js");
+const types_js_1 = require("../shared/lib/types.js");
+const logger = logger_js_1.loggers.nextjs.handlers.auth;
+class AuthError extends Error {
+    status;
+    constructor(message, status = 401) {
+        super(message);
+        this.status = status;
+        this.name = "AuthError";
+    }
+}
+/**
+ * create a code verifier and challenge for PKCE
+ * saving the verifier in a cookie for later use
+ * @returns {Promise<NextResponse>}
+ */
+async function handleChallenge(request, config) {
+    const cookieStorage = new cookies_js_1.NextjsCookieStorage(config.cookies?.tokens ?? {});
+    const pkceProducer = new PKCE_js_1.GenericPublicClientPKCEProducer(cookieStorage);
+    const challenge = await pkceProducer.getCodeChallenge();
+    const appUrl = request.nextUrl.searchParams.get("appUrl");
+    if (appUrl) {
+        cookieStorage.set(types_js_1.CodeVerifier.APP_URL, appUrl);
+    }
+    return server_js_1.NextResponse.json({ status: "success", challenge });
+}
+async function performTokenExchangeAndSetCookies(request, config, code, state, appUrl) {
+    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
+    const cookieStorage = new cookies_js_1.NextjsCookieStorage(resolvedConfigs.cookies.tokens);
+    const callbackUrl = (0, utils_js_1.resolveCallbackUrl)(resolvedConfigs, appUrl);
+    try {
+        await (0, login_js_1.resolveOAuthAccessCode)(code, state, cookieStorage, {
+            ...resolvedConfigs,
+            redirectUrl: callbackUrl,
+        });
+    }
+    catch (error) {
+        logger.error("Token exchange failed:", error);
+        throw new AuthError("Failed to authenticate user", 401);
+    }
+    const user = await (0, session_js_1.getUser)(cookieStorage);
+    if (!user) {
+        throw new AuthError("Failed to get user info", 401);
+    }
+    const clientStorage = new cookies_js_1.NextjsClientStorage();
+    const userSession = new UserSession_js_1.GenericUserSession(clientStorage);
+    userSession.set(user);
+}
+async function handleCallback(request, config) {
+    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
+    console.log("handleCallback", { request, resolvedConfigs });
+    const code = request.nextUrl.searchParams.get("code");
+    const state = request.nextUrl.searchParams.get("state") || "";
+    if (!code || !state)
+        throw new AuthError("Bad parameters", 400);
+    // appUrl is passed from the client to the server in the query string
+    // this is necessary because the server does not have access to the client's window.location.origin
+    // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)
+    const appUrl = request.cookies.get(types_js_1.CodeVerifier.APP_URL)?.value ||
+        request.nextUrl.searchParams.get("appUrl");
+    // If we have a code_verifier cookie and the appUrl, we can do a token exchange.
+    // Otherwise, just render an empty page.
+    // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.
+    // The client will make an additional call to this route with cookies included, at which point we do the token exchange.
+    console.log("handleCallback", {
+        code,
+        state,
+        appUrl,
+    });
+    const codeVerifier = request.cookies.get(types_js_1.CodeVerifier.COOKIE_NAME);
+    if (!codeVerifier || !appUrl) {
+        console.log("handleCallback no code_verifier found", {
+            state,
+            serverTokenExchange: (0, oauth_js_1.serverTokenExchangeFromState)(`${state}`),
+        });
+        let response = new server_js_1.NextResponse(`<html><body><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`);
+        // in server-side token exchange mode we need to launch a page that will trigger the token exchange
+        // from the same domain, allowing it access to the code_verifier cookie
+        // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange
+        // if no code-verifier cookie is found
+        if (state && (0, oauth_js_1.serverTokenExchangeFromState)(state)) {
+            console.log("handleCallback serverTokenExchangeFromState, launching redirect page...", {
+                requestUrl: request.url,
+                configCallbackUrl: resolvedConfigs.callbackUrl,
+            });
+            // we need to replace the URL with resolved config in case the server is hosted
+            // behind a reverse proxy or load balancer
+            const requestUrl = new URL(request.url);
+            const fetchUrl = `${resolvedConfigs.callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainServerTokenExchange=true`;
+            response = new server_js_1.NextResponse(`<html>
+            <body>
+                <span style="display:none">
+                    <script>
+                        window.onload = function () {
+                            const appUrl = globalThis.window?.location?.origin;
+                            fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {
+                                response.json().then((jsonResponse) => {
+                                    if (jsonResponse.redirectUrl) {
+                                        window.location.href = jsonResponse.redirectUrl;
+                                    }
+                                });
+                            });
+                        };
+                    </script>
+                </span>
+            </body>
+        </html>
+        `);
+        }
+        response.headers.set("Content-Type", "text/html; charset=utf-8");
+        console.log(`handleCallback no code_verifier found, returning ${constants_js_1.TOKEN_EXCHANGE_TRIGGER_TEXT}`);
+        return response;
+    }
+    await performTokenExchangeAndSetCookies(request, resolvedConfigs, code, state, appUrl);
+    if (request.url.includes("sameDomainServerTokenExchange=true")) {
+        console.log("handleCallback sameDomainServerTokenExchange = true, returnining redirectUrl", appUrl);
+        return server_js_1.NextResponse.json({
+            status: "success",
+            redirectUrl: appUrl,
+        });
+    }
+    // this is the case where a 'normal' redirect is happening
+    if ((0, oauth_js_1.serverTokenExchangeFromState)(state)) {
+        console.log("handleCallback serverTokenExchangeFromState, redirect to appUrl", appUrl);
+        if (!appUrl) {
+            throw new Error("appUrl undefined. Cannot redirect.");
+        }
+        return server_js_1.NextResponse.redirect(`${appUrl}`);
+    }
+    // return an empty HTML response so the iframe doesn't show any response
+    // in the short moment between the redirect and the parent window
+    // acknowledging the redirect and closing the iframe
+    const response = new server_js_1.NextResponse(`<html><span style="display:none">${constants_js_1.TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`);
+    response.headers.set("Content-Type", "text/html; charset=utf-8");
+    return response;
+}
+/**
+ * If redirectPath is an absolute path, return it as-is.
+ * Otherwise for relative paths, append it to the current domain.
+ * @param redirectPath
+ * @returns
+ */
+const getAbsoluteRedirectPath = (redirectPath, currentBasePath) => new URL(redirectPath, currentBasePath).href;
+async function handleLogout(request, config) {
+    const resolvedConfigs = (0, config_js_1.resolveAuthConfig)(config);
+    const defaultRedirectPath = resolvedConfigs.loginUrl ?? "/";
+    const redirectTarget = new URL(request.url).searchParams.get("redirect") || defaultRedirectPath;
+    const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
+    const appUrl = request.nextUrl.searchParams.get("appUrl");
+    const finalRedirectUrl = isAbsoluteRedirect
+        ? redirectTarget
+        : getAbsoluteRedirectPath(redirectTarget, new URL(appUrl ?? request.url).origin);
+    const response = server_js_1.NextResponse.redirect(finalRedirectUrl);
+    await (0, cookies_js_1.clearAuthCookies)(config);
+    try {
+        (0, cache_js_1.revalidatePath)(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);
+    }
+    catch (error) {
+        logger.warn("Failed to revalidate path after logout:", error);
+    }
+    return response;
+}
+/**
+ * Creates an authentication handler for Next.js API routes
+ *
+ * Usage:
+ * ```ts
+ * // app/api/auth/[...civicauth]/route.ts
+ * import { handler } from '@civic/auth/nextjs'
+ * export const GET = handler({
+ *   // optional config overrides
+ * })
+ * ```
+ */
+const handler = (authConfig = {}) => async (request) => {
+    const config = (0, config_js_1.resolveAuthConfig)(authConfig);
+    try {
+        const pathname = request.nextUrl.pathname;
+        const pathSegments = pathname.split("/");
+        const lastSegment = pathSegments[pathSegments.length - 1];
+        switch (lastSegment) {
+            case "challenge":
+                return await handleChallenge(request, config);
+            case "callback":
+                return await handleCallback(request, config);
+            case "logout":
+                return await handleLogout(request, config);
+            default:
+                throw new AuthError(`Invalid auth route: ${pathname}`, 404);
+        }
+    }
+    catch (error) {
+        logger.error("Auth handler error:", error);
+        const status = error instanceof AuthError ? error.status : 500;
+        const message = error instanceof Error ? error.message : "Authentication failed";
+        const response = server_js_1.NextResponse.json({ error: message }, { status });
+        (0, cookies_js_1.clearAuthCookies)(config);
+        return response;
+    }
+};
+exports.handler = handler;
+//# sourceMappingURL=routeHandler.js.map

package/dist/cjs/src/nextjs/routeHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"routeHandler.js","sourceRoot":"","sources":["../../../../src/nextjs/routeHandler.ts"],"names":[],"mappings":";;;AA2NA,oCA+BC;AAzPD,8CAA8C;AAC9C,4CAA+C;AAE/C,kDAAuD;AACvD,+CAA0C;AAC1C,oDAI6B;AAC7B,gDAAqE;AACrE,gDAA2D;AAC3D,wDAAkD;AAClD,gDAAuD;AACvD,gEAAiE;AACjE,iDAGwB;AACxB,6CAA8D;AAC9D,oDAAqD;AAErD,MAAM,MAAM,GAAG,mBAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAE5C,MAAM,SAAU,SAAQ,KAAK;IAGT;IAFlB,YACE,OAAe,EACC,SAAiB,GAAG;QAEpC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,WAAM,GAAN,MAAM,CAAc;QAGpC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AAED;;;;GAIG;AACH,KAAK,UAAU,eAAe,CAC5B,OAAoB,EACpB,MAAkB;IAElB,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,IAAI,yCAA+B,CAAC,aAAa,CAAC,CAAC;IAExE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,gBAAgB,EAAE,CAAC;IACxD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,MAAM,EAAE,CAAC;QACX,aAAa,CAAC,GAAG,CAAC,uBAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,wBAAY,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,KAAK,UAAU,iCAAiC,CAC9C,OAAoB,EACpB,MAAkB,EAClB,IAAY,EACZ,KAAa,EACb,MAAc;IAEd,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,aAAa,GAAG,IAAI,gCAAmB,CAAC,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAE9E,MAAM,WAAW,GAAG,IAAA,6BAAkB,EAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,IAAA,iCAAsB,EAAC,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE;YACvD,GAAG,eAAe;YAClB,WAAW,EAAE,WAAW;SACzB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QAC9C,MAAM,IAAI,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,IAAA,oBAAO,EAAC,aAAa,CAAC,CAAC;IAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,SAAS,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,gCAAmB,EAAE,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,mCAAkB,CAAC,aAAa,CAAC,CAAC;IAC1D,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AACD,KAAK,UAAU,cAAc,CAC3B,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAEhE,qEAAqE;IACrE,mGAAmG;IACnG,+FAA+F;IAC/F,MAAM,MAAM,GACV,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAY,CAAC,OAAO,CAAC,EAAE,KAAK;QAChD,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAE7C,gFAAgF;IAChF,wCAAwC;IACxC,yHAAyH;IACzH,wHAAwH;IACxH,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE;QAC5B,IAAI;QACJ,KAAK;QACL,MAAM;KACP,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAY,CAAC,WAAW,CAAC,CAAC;IAEnE,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE;YACnD,KAAK;YACL,mBAAmB,EAAE,IAAA,uCAA4B,EAAC,GAAG,KAAK,EAAE,CAAC;SAC9D,CAAC,CAAC;QACH,IAAI,QAAQ,GAAG,IAAI,wBAAY,CAC7B,0CAA0C,0CAA2B,uBAAuB,CAC7F,CAAC;QAEF,mGAAmG;QACnG,uEAAuE;QACvE,wGAAwG;QACxG,sCAAsC;QACtC,IAAI,KAAK,IAAI,IAAA,uCAA4B,EAAC,KAAK,CAAC,EAAE,CAAC;YACjD,OAAO,CAAC,GAAG,CACT,yEAAyE,EACzE;gBACE,UAAU,EAAE,OAAO,CAAC,GAAG;gBACvB,iBAAiB,EAAE,eAAe,CAAC,WAAW;aAC/C,CACF,CAAC;YACF,+EAA+E;YAC/E,0CAA0C;YAC1C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,QAAQ,GAAG,GAAG,eAAe,CAAC,WAAW,IAAI,UAAU,CAAC,YAAY,CAAC,QAAQ,EAAE,qCAAqC,CAAC;YAC3H,QAAQ,GAAG,IAAI,wBAAY,CACzB;;;;;;qCAM6B,QAAQ;;;;;;;;;;;;SAYpC,CACF,CAAC;QACJ,CAAC;QACD,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CACT,oDAAoD,0CAA2B,EAAE,CAClF,CAAC;QACF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,iCAAiC,CACrC,OAAO,EACP,eAAe,EACf,IAAI,EACJ,KAAK,EACL,MAAM,CACP,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,oCAAoC,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,GAAG,CACT,8EAA8E,EAC9E,MAAM,CACP,CAAC;QACF,OAAO,wBAAY,CAAC,IAAI,CAAC;YACvB,MAAM,EAAE,SAAS;YACjB,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,IAAI,IAAA,uCAA4B,EAAC,KAAK,CAAC,EAAE,CAAC;QACxC,OAAO,CAAC,GAAG,CACT,iEAAiE,EACjE,MAAM,CACP,CAAC;QACF,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,wBAAY,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,wEAAwE;IACxE,iEAAiE;IACjE,oDAAoD;IACpD,MAAM,QAAQ,GAAG,IAAI,wBAAY,CAC/B,oCAAoC,0CAA2B,gBAAgB,CAChF,CAAC;IACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;IACjE,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,MAAM,uBAAuB,GAAG,CAC9B,YAAoB,EACpB,eAAuB,EACvB,EAAE,CAAC,IAAI,GAAG,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC,IAAI,CAAC;AAE1C,KAAK,UAAU,YAAY,CAChC,OAAoB,EACpB,MAAkB;IAElB,MAAM,eAAe,GAAG,IAAA,6BAAiB,EAAC,MAAM,CAAC,CAAC;IAClD,MAAM,mBAAmB,GAAG,eAAe,CAAC,QAAQ,IAAI,GAAG,CAAC;IAC5D,MAAM,cAAc,GAClB,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,mBAAmB,CAAC;IAE3E,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE1E,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAE1D,MAAM,gBAAgB,GAAG,kBAAkB;QACzC,CAAC,CAAC,cAAc;QAChB,CAAC,CAAC,uBAAuB,CACrB,cAAc,EACd,IAAI,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CACtC,CAAC;IAEN,MAAM,QAAQ,GAAG,wBAAY,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IAEzD,MAAM,IAAA,6BAAgB,EAAC,MAAM,CAAC,CAAC;IAE/B,IAAI,CAAC;QACH,IAAA,yBAAc,EAAC,kBAAkB,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;IACzE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;;;;;;;GAWG;AACI,MAAM,OAAO,GAClB,CAAC,UAAU,GAAG,EAAE,EAAE,EAAE,CACpB,KAAK,EAAE,OAAoB,EAAyB,EAAE;IACpD,MAAM,MAAM,GAAG,IAAA,6BAAiB,EAAC,UAAU,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAC1C,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,MAAM,WAAW,GAAG,YAAY,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAE1D,QAAQ,WAAW,EAAE,CAAC;YACpB,KAAK,WAAW;gBACd,OAAO,MAAM,eAAe,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAChD,KAAK,UAAU;gBACb,OAAO,MAAM,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC/C,KAAK,QAAQ;gBACX,OAAO,MAAM,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC7C;gBACE,MAAM,IAAI,SAAS,CAAC,uBAAuB,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAE3C,MAAM,MAAM,GAAG,KAAK,YAAY,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC;QAC/D,MAAM,OAAO,GACX,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;QAEnE,MAAM,QAAQ,GAAG,wBAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QAEnE,IAAA,6BAAgB,EAAC,MAAM,CAAC,CAAC;QACzB,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC,CAAC;AAhCS,QAAA,OAAO,WAgChB","sourcesContent":["import type { NextRequest } from \"next/server.js\";\nimport { NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport type { AuthConfig } from \"@/nextjs/config.js\";\nimport { resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n  clearAuthCookies,\n  NextjsClientStorage,\n  NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport {\n  TOKEN_EXCHANGE_SUCCESS_TEXT,\n  TOKEN_EXCHANGE_TRIGGER_TEXT,\n} from \"@/constants.js\";\nimport { serverTokenExchangeFromState } from \"@/lib/oauth.js\";\nimport { CodeVerifier } from \"@/shared/lib/types.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n  constructor(\n    message: string,\n    public readonly status: number = 401,\n  ) {\n    super(message);\n    this.name = \"AuthError\";\n  }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens ?? {});\n  const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n  const challenge = await pkceProducer.getCodeChallenge();\n  const appUrl = request.nextUrl.searchParams.get(\"appUrl\");\n  if (appUrl) {\n    cookieStorage.set(CodeVerifier.APP_URL, appUrl);\n  }\n  return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function performTokenExchangeAndSetCookies(\n  request: NextRequest,\n  config: AuthConfig,\n  code: string,\n  state: string,\n  appUrl: string,\n) {\n  const resolvedConfigs = resolveAuthConfig(config);\n  const cookieStorage = new NextjsCookieStorage(resolvedConfigs.cookies.tokens);\n\n  const callbackUrl = resolveCallbackUrl(resolvedConfigs, appUrl);\n  try {\n    await resolveOAuthAccessCode(code, state, cookieStorage, {\n      ...resolvedConfigs,\n      redirectUrl: callbackUrl,\n    });\n  } catch (error) {\n    logger.error(\"Token exchange failed:\", error);\n    throw new AuthError(\"Failed to authenticate user\", 401);\n  }\n\n  const user = await getUser(cookieStorage);\n  if (!user) {\n    throw new AuthError(\"Failed to get user info\", 401);\n  }\n\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  userSession.set(user);\n}\nasync function handleCallback(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n  console.log(\"handleCallback\", { request, resolvedConfigs });\n  const code = request.nextUrl.searchParams.get(\"code\");\n  const state = request.nextUrl.searchParams.get(\"state\") || \"\";\n  if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n  // appUrl is passed from the client to the server in the query string\n  // this is necessary because the server does not have access to the client's window.location.origin\n  // and can not accurately determine the appUrl (specially if the app is behind a reverse proxy)\n  const appUrl =\n    request.cookies.get(CodeVerifier.APP_URL)?.value ||\n    request.nextUrl.searchParams.get(\"appUrl\");\n\n  // If we have a code_verifier cookie and the appUrl, we can do a token exchange.\n  // Otherwise, just render an empty page.\n  // The initial redirect back from the auth server does not send cookies, because the redirect is from a 3rd-party domain.\n  // The client will make an additional call to this route with cookies included, at which point we do the token exchange.\n  console.log(\"handleCallback\", {\n    code,\n    state,\n    appUrl,\n  });\n\n  const codeVerifier = request.cookies.get(CodeVerifier.COOKIE_NAME);\n\n  if (!codeVerifier || !appUrl) {\n    console.log(\"handleCallback no code_verifier found\", {\n      state,\n      serverTokenExchange: serverTokenExchangeFromState(`${state}`),\n    });\n    let response = new NextResponse(\n      `<html><body><span style=\"display:none\">${TOKEN_EXCHANGE_TRIGGER_TEXT}</span></body></html>`,\n    );\n\n    // in server-side token exchange mode we need to launch a page that will trigger the token exchange\n    // from the same domain, allowing it access to the code_verifier cookie\n    // we only need to do this in redirect mode, as the iframe already triggers a client-side token exchange\n    // if no code-verifier cookie is found\n    if (state && serverTokenExchangeFromState(state)) {\n      console.log(\n        \"handleCallback serverTokenExchangeFromState, launching redirect page...\",\n        {\n          requestUrl: request.url,\n          configCallbackUrl: resolvedConfigs.callbackUrl,\n        },\n      );\n      // we need to replace the URL with resolved config in case the server is hosted\n      // behind a reverse proxy or load balancer\n      const requestUrl = new URL(request.url);\n      const fetchUrl = `${resolvedConfigs.callbackUrl}?${requestUrl.searchParams.toString()}&sameDomainServerTokenExchange=true`;\n      response = new NextResponse(\n        `<html>\n            <body>\n                <span style=\"display:none\">\n                    <script>\n                        window.onload = function () {\n                            const appUrl = globalThis.window?.location?.origin;\n                            fetch('${fetchUrl}&appUrl=' + appUrl).then((response) => {\n                                response.json().then((jsonResponse) => {\n                                    if (jsonResponse.redirectUrl) {\n                                        window.location.href = jsonResponse.redirectUrl;\n                                    }\n                                });\n                            });\n                        };\n                    </script>\n                </span>\n            </body>\n        </html>\n        `,\n      );\n    }\n    response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n    console.log(\n      `handleCallback no code_verifier found, returning ${TOKEN_EXCHANGE_TRIGGER_TEXT}`,\n    );\n    return response;\n  }\n\n  await performTokenExchangeAndSetCookies(\n    request,\n    resolvedConfigs,\n    code,\n    state,\n    appUrl,\n  );\n\n  if (request.url.includes(\"sameDomainServerTokenExchange=true\")) {\n    console.log(\n      \"handleCallback sameDomainServerTokenExchange = true, returnining redirectUrl\",\n      appUrl,\n    );\n    return NextResponse.json({\n      status: \"success\",\n      redirectUrl: appUrl,\n    });\n  }\n\n  // this is the case where a 'normal' redirect is happening\n  if (serverTokenExchangeFromState(state)) {\n    console.log(\n      \"handleCallback serverTokenExchangeFromState, redirect to appUrl\",\n      appUrl,\n    );\n    if (!appUrl) {\n      throw new Error(\"appUrl undefined. Cannot redirect.\");\n    }\n    return NextResponse.redirect(`${appUrl}`);\n  }\n  // return an empty HTML response so the iframe doesn't show any response\n  // in the short moment between the redirect and the parent window\n  // acknowledging the redirect and closing the iframe\n  const response = new NextResponse(\n    `<html><span style=\"display:none\">${TOKEN_EXCHANGE_SUCCESS_TEXT}</span></html>`,\n  );\n  response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n  return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n  redirectPath: string,\n  currentBasePath: string,\n) => new URL(redirectPath, currentBasePath).href;\n\nexport async function handleLogout(\n  request: NextRequest,\n  config: AuthConfig,\n): Promise<NextResponse> {\n  const resolvedConfigs = resolveAuthConfig(config);\n  const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n  const redirectTarget =\n    new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n\n  const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n\n  const appUrl = request.nextUrl.searchParams.get(\"appUrl\");\n\n  const finalRedirectUrl = isAbsoluteRedirect\n    ? redirectTarget\n    : getAbsoluteRedirectPath(\n        redirectTarget,\n        new URL(appUrl ?? request.url).origin,\n      );\n\n  const response = NextResponse.redirect(finalRedirectUrl);\n\n  await clearAuthCookies(config);\n\n  try {\n    revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n  } catch (error) {\n    logger.warn(\"Failed to revalidate path after logout:\", error);\n  }\n\n  return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n *   // optional config overrides\n * })\n * ```\n */\nexport const handler =\n  (authConfig = {}) =>\n  async (request: NextRequest): Promise<NextResponse> => {\n    const config = resolveAuthConfig(authConfig);\n\n    try {\n      const pathname = request.nextUrl.pathname;\n      const pathSegments = pathname.split(\"/\");\n      const lastSegment = pathSegments[pathSegments.length - 1];\n\n      switch (lastSegment) {\n        case \"challenge\":\n          return await handleChallenge(request, config);\n        case \"callback\":\n          return await handleCallback(request, config);\n        case \"logout\":\n          return await handleLogout(request, config);\n        default:\n          throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n      }\n    } catch (error) {\n      logger.error(\"Auth handler error:\", error);\n\n      const status = error instanceof AuthError ? error.status : 500;\n      const message =\n        error instanceof Error ? error.message : \"Authentication failed\";\n\n      const response = NextResponse.json({ error: message }, { status });\n\n      clearAuthCookies(config);\n      return response;\n    }\n  };\n"]}

package/dist/cjs/src/nextjs/utils.d.ts

@@ -0,0 +1,3 @@
+import type { AuthConfigWithDefaults } from "../nextjs/config.js";
+export declare const resolveCallbackUrl: (config: AuthConfigWithDefaults, baseUrl?: string) => string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/cjs/src/nextjs/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAEjE,eAAO,MAAM,kBAAkB,WACrB,sBAAsB,YACpB,MAAM,KACf,MAGF,CAAC"}

package/dist/cjs/src/nextjs/utils.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveCallbackUrl = void 0;
+const resolveCallbackUrl = (config, baseUrl) => {
+    const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();
+    return callbackUrl.toString();
+};
+exports.resolveCallbackUrl = resolveCallbackUrl;
+//# sourceMappingURL=utils.js.map

package/dist/cjs/src/nextjs/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../../src/nextjs/utils.ts"],"names":[],"mappings":";;;AAEO,MAAM,kBAAkB,GAAG,CAChC,MAA8B,EAC9B,OAAgB,EACR,EAAE;IACV,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;IACrE,OAAO,WAAW,CAAC,QAAQ,EAAE,CAAC;AAChC,CAAC,CAAC;AANW,QAAA,kBAAkB,sBAM7B","sourcesContent":["import type { AuthConfigWithDefaults } from \"@/nextjs/config.js\";\n\nexport const resolveCallbackUrl = (\n  config: AuthConfigWithDefaults,\n  baseUrl?: string,\n): string => {\n  const callbackUrl = new URL(config?.callbackUrl, baseUrl).toString();\n  return callbackUrl.toString();\n};\n"]}

package/dist/cjs/src/reactjs/components/SignInButton.d.ts

@@ -0,0 +1,8 @@
+import React from "react";
+import type { DisplayMode } from "../../types.js";
+declare const SignInButton: ({ displayMode, className, }: {
+    displayMode?: DisplayMode;
+    className?: string;
+}) => React.JSX.Element;
+export { SignInButton };
+//# sourceMappingURL=SignInButton.d.ts.map

package/dist/cjs/src/reactjs/components/SignInButton.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SignInButton.d.ts","sourceRoot":"","sources":["../../../../../src/reactjs/components/SignInButton.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG9C,QAAA,MAAM,YAAY,gCAGf;IACD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,sBAkBA,CAAC;AAEF,OAAO,EAAE,YAAY,EAAE,CAAC"}

package/dist/cjs/src/reactjs/components/SignInButton.js

@@ -0,0 +1,20 @@
+"use strict";
+"use client";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SignInButton = void 0;
+const react_1 = __importDefault(require("react"));
+const useUser_js_1 = require("../../reactjs/hooks/useUser.js");
+const SignInButton = ({ displayMode, className, }) => {
+    const { signIn } = (0, useUser_js_1.useUser)();
+    return (react_1.default.createElement("button", { "data-testid": "sign-in-button", style: {
+            borderRadius: "9999px",
+            border: "1px solid #6b7280",
+            padding: "0.75rem 1rem",
+            transition: "background-color 0.2s",
+        }, className: className, onClick: () => signIn(displayMode) }, "Sign In"));
+};
+exports.SignInButton = SignInButton;
+//# sourceMappingURL=SignInButton.js.map

package/dist/cjs/src/reactjs/components/SignInButton.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SignInButton.js","sourceRoot":"","sources":["../../../../../src/reactjs/components/SignInButton.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;AACb,kDAA0B;AAE1B,2DAAqD;AAErD,MAAM,YAAY,GAAG,CAAC,EACpB,WAAW,EACX,SAAS,GAIV,EAAE,EAAE;IACH,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,oBAAO,GAAE,CAAC;IAE7B,OAAO,CACL,yDACc,gBAAgB,EAC5B,KAAK,EAAE;YACL,YAAY,EAAE,QAAQ;YACtB,MAAM,EAAE,mBAAmB;YAC3B,OAAO,EAAE,cAAc;YACvB,UAAU,EAAE,uBAAuB;SACpC,EACD,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,cAG3B,CACV,CAAC;AACJ,CAAC,CAAC;AAEO,oCAAY","sourcesContent":["\"use client\";\nimport React from \"react\";\nimport type { DisplayMode } from \"@/types.js\";\nimport { useUser } from \"@/reactjs/hooks/useUser.js\";\n\nconst SignInButton = ({\n  displayMode,\n  className,\n}: {\n  displayMode?: DisplayMode;\n  className?: string;\n}) => {\n  const { signIn } = useUser();\n\n  return (\n    <button\n      data-testid=\"sign-in-button\"\n      style={{\n        borderRadius: \"9999px\",\n        border: \"1px solid #6b7280\",\n        padding: \"0.75rem 1rem\",\n        transition: \"background-color 0.2s\",\n      }}\n      className={className}\n      onClick={() => signIn(displayMode)}\n    >\n      Sign In\n    </button>\n  );\n};\n\nexport { SignInButton };\n"]}

package/dist/cjs/src/reactjs/components/SignOutButton.d.ts

@@ -0,0 +1,6 @@
+import React from "react";
+declare const SignOutButton: ({ className }: {
+    className?: string;
+}) => React.JSX.Element;
+export { SignOutButton };
+//# sourceMappingURL=SignOutButton.d.ts.map

package/dist/cjs/src/reactjs/components/SignOutButton.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SignOutButton.d.ts","sourceRoot":"","sources":["../../../../../src/reactjs/components/SignOutButton.tsx"],"names":[],"mappings":"AACA,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,QAAA,MAAM,aAAa,kBAAmB;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,sBAiB3D,CAAC;AAEF,OAAO,EAAE,aAAa,EAAE,CAAC"}

package/dist/cjs/src/reactjs/components/SignOutButton.js

@@ -0,0 +1,20 @@
+"use strict";
+"use client";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SignOutButton = void 0;
+const react_1 = __importDefault(require("react"));
+const useUser_js_1 = require("../../reactjs/hooks/useUser.js");
+const SignOutButton = ({ className }) => {
+    const { signOut } = (0, useUser_js_1.useUser)();
+    return (react_1.default.createElement("button", { style: {
+            borderRadius: "9999px",
+            border: "1px solid #6b7280",
+            padding: "0.75rem 1rem",
+            transition: "background-color 0.2s",
+        }, className: className, onClick: () => signOut() }, "Sign Out"));
+};
+exports.SignOutButton = SignOutButton;
+//# sourceMappingURL=SignOutButton.js.map

package/dist/cjs/src/reactjs/components/SignOutButton.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SignOutButton.js","sourceRoot":"","sources":["../../../../../src/reactjs/components/SignOutButton.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAC;;;;;;AACb,kDAA0B;AAC1B,2DAAqD;AAErD,MAAM,aAAa,GAAG,CAAC,EAAE,SAAS,EAA0B,EAAE,EAAE;IAC9D,MAAM,EAAE,OAAO,EAAE,GAAG,IAAA,oBAAO,GAAE,CAAC;IAE9B,OAAO,CACL,0CACE,KAAK,EAAE;YACL,YAAY,EAAE,QAAQ;YACtB,MAAM,EAAE,mBAAmB;YAC3B,OAAO,EAAE,cAAc;YACvB,UAAU,EAAE,uBAAuB;SACpC,EACD,SAAS,EAAE,SAAS,EACpB,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,eAGjB,CACV,CAAC;AACJ,CAAC,CAAC;AAEO,sCAAa","sourcesContent":["\"use client\";\nimport React from \"react\";\nimport { useUser } from \"@/reactjs/hooks/useUser.js\";\n\nconst SignOutButton = ({ className }: { className?: string }) => {\n  const { signOut } = useUser();\n\n  return (\n    <button\n      style={{\n        borderRadius: \"9999px\",\n        border: \"1px solid #6b7280\",\n        padding: \"0.75rem 1rem\",\n        transition: \"background-color 0.2s\",\n      }}\n      className={className}\n      onClick={() => signOut()}\n    >\n      Sign Out\n    </button>\n  );\n};\n\nexport { SignOutButton };\n"]}

package/dist/cjs/src/reactjs/components/UserButton.d.ts

@@ -0,0 +1,8 @@
+import type { DisplayMode } from "../../types.js";
+import React from "react";
+declare const UserButton: ({ displayMode, className, }: {
+    displayMode?: DisplayMode;
+    className?: string;
+}) => React.JSX.Element;
+export { UserButton };
+//# sourceMappingURL=UserButton.d.ts.map