@civic/auth 0.0.1-beta.4 → 0.0.1-beta.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -0
- package/dist/{chunk-NQPMNXBL.mjs → chunk-EAANLFR5.mjs} +4 -10
- package/dist/chunk-EAANLFR5.mjs.map +1 -0
- package/dist/{chunk-3UIVD6NR.mjs → chunk-EGFTMH5S.mjs} +11 -65
- package/dist/chunk-EGFTMH5S.mjs.map +1 -0
- package/dist/{chunk-T47HULF6.js → chunk-KCSGIIPA.js} +21 -75
- package/dist/chunk-KCSGIIPA.js.map +1 -0
- package/dist/{chunk-WPISYQG3.js → chunk-MVO4UZ2A.js} +5 -11
- package/dist/chunk-MVO4UZ2A.js.map +1 -0
- package/dist/chunk-PMDIR5XE.mjs +502 -0
- package/dist/chunk-PMDIR5XE.mjs.map +1 -0
- package/dist/chunk-YNLXRD5L.js +502 -0
- package/dist/chunk-YNLXRD5L.js.map +1 -0
- package/dist/{index-DoDoIY_K.d.mts → index-Bfi0hVMZ.d.mts} +5 -26
- package/dist/{index-DoDoIY_K.d.ts → index-Bfi0hVMZ.d.ts} +5 -26
- package/dist/index.d.mts +1 -2
- package/dist/index.d.ts +1 -2
- package/dist/nextjs.d.mts +2 -3
- package/dist/nextjs.d.ts +2 -3
- package/dist/nextjs.js +22 -36
- package/dist/nextjs.js.map +1 -1
- package/dist/nextjs.mjs +8 -22
- package/dist/nextjs.mjs.map +1 -1
- package/dist/react.d.mts +29 -47
- package/dist/react.d.ts +29 -47
- package/dist/react.js +278 -487
- package/dist/react.js.map +1 -1
- package/dist/react.mjs +300 -509
- package/dist/react.mjs.map +1 -1
- package/dist/server.d.mts +2 -7
- package/dist/server.d.ts +2 -7
- package/dist/server.js +4 -3
- package/dist/server.js.map +1 -1
- package/dist/server.mjs +4 -3
- package/package.json +1 -1
- package/dist/chunk-3UIVD6NR.mjs.map +0 -1
- package/dist/chunk-KBDRDCE5.mjs +0 -239
- package/dist/chunk-KBDRDCE5.mjs.map +0 -1
- package/dist/chunk-NQPMNXBL.mjs.map +0 -1
- package/dist/chunk-OLT5HB3G.js +0 -239
- package/dist/chunk-OLT5HB3G.js.map +0 -1
- package/dist/chunk-T47HULF6.js.map +0 -1
- package/dist/chunk-WPISYQG3.js.map +0 -1
package/dist/index.d.mts
CHANGED
|
@@ -1,3 +1,2 @@
|
|
|
1
|
-
export { C as Config, D as DisplayMode, E as Endpoints, F as ForwardedTokens, T as Tokens, U as User } from './index-
|
|
1
|
+
export { A as AuthStorage, C as Config, D as DisplayMode, E as Endpoints, F as ForwardedTokens, T as Tokens, U as User } from './index-Bfi0hVMZ.mjs';
|
|
2
2
|
import 'oslo/oauth2';
|
|
3
|
-
import 'oslo/jwt';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,3 +1,2 @@
|
|
|
1
|
-
export { C as Config, D as DisplayMode, E as Endpoints, F as ForwardedTokens, T as Tokens, U as User } from './index-
|
|
1
|
+
export { A as AuthStorage, C as Config, D as DisplayMode, E as Endpoints, F as ForwardedTokens, T as Tokens, U as User } from './index-Bfi0hVMZ.js';
|
|
2
2
|
import 'oslo/oauth2';
|
|
3
|
-
import 'oslo/jwt';
|
package/dist/nextjs.d.mts
CHANGED
|
@@ -2,10 +2,9 @@ import * as next_dist_shared_lib_image_config from 'next/dist/shared/lib/image-c
|
|
|
2
2
|
import * as next_dist_lib_load_custom_routes from 'next/dist/lib/load-custom-routes';
|
|
3
3
|
import * as next_dist_server_config_shared from 'next/dist/server/config-shared';
|
|
4
4
|
import { NextConfig } from 'next';
|
|
5
|
-
import { U as User } from './index-
|
|
5
|
+
import { U as User } from './index-Bfi0hVMZ.mjs';
|
|
6
6
|
import { NextRequest, NextResponse } from 'next/server.js';
|
|
7
7
|
import 'oslo/oauth2';
|
|
8
|
-
import 'oslo/jwt';
|
|
9
8
|
|
|
10
9
|
interface CookieConfig {
|
|
11
10
|
secure?: boolean;
|
|
@@ -40,7 +39,7 @@ type AuthConfig = Partial<AuthConfigWithDefaults>;
|
|
|
40
39
|
* @example
|
|
41
40
|
* ```js
|
|
42
41
|
* // next.config.js
|
|
43
|
-
* export
|
|
42
|
+
* export default createCivicAuthPlugin({
|
|
44
43
|
* clientId: 'my-client-id',
|
|
45
44
|
* callbackUrl: '/custom/callback',
|
|
46
45
|
* loginUrl: '/custom/login',
|
package/dist/nextjs.d.ts
CHANGED
|
@@ -2,10 +2,9 @@ import * as next_dist_shared_lib_image_config from 'next/dist/shared/lib/image-c
|
|
|
2
2
|
import * as next_dist_lib_load_custom_routes from 'next/dist/lib/load-custom-routes';
|
|
3
3
|
import * as next_dist_server_config_shared from 'next/dist/server/config-shared';
|
|
4
4
|
import { NextConfig } from 'next';
|
|
5
|
-
import { U as User } from './index-
|
|
5
|
+
import { U as User } from './index-Bfi0hVMZ.js';
|
|
6
6
|
import { NextRequest, NextResponse } from 'next/server.js';
|
|
7
7
|
import 'oslo/oauth2';
|
|
8
|
-
import 'oslo/jwt';
|
|
9
8
|
|
|
10
9
|
interface CookieConfig {
|
|
11
10
|
secure?: boolean;
|
|
@@ -40,7 +39,7 @@ type AuthConfig = Partial<AuthConfigWithDefaults>;
|
|
|
40
39
|
* @example
|
|
41
40
|
* ```js
|
|
42
41
|
* // next.config.js
|
|
43
|
-
* export
|
|
42
|
+
* export default createCivicAuthPlugin({
|
|
44
43
|
* clientId: 'my-client-id',
|
|
45
44
|
* callbackUrl: '/custom/callback',
|
|
46
45
|
* loginUrl: '/custom/login',
|
package/dist/nextjs.js
CHANGED
|
@@ -4,50 +4,36 @@
|
|
|
4
4
|
|
|
5
5
|
|
|
6
6
|
|
|
7
|
-
var
|
|
7
|
+
var _chunkMVO4UZ2Ajs = require('./chunk-MVO4UZ2A.js');
|
|
8
8
|
|
|
9
9
|
|
|
10
10
|
|
|
11
|
+
var _chunkKCSGIIPAjs = require('./chunk-KCSGIIPA.js');
|
|
11
12
|
|
|
12
13
|
|
|
13
|
-
var _chunkT47HULF6js = require('./chunk-T47HULF6.js');
|
|
14
14
|
|
|
15
15
|
|
|
16
|
-
var _chunkOLT5HB3Gjs = require('./chunk-OLT5HB3G.js');
|
|
17
16
|
|
|
17
|
+
var _chunkYNLXRD5Ljs = require('./chunk-YNLXRD5L.js');
|
|
18
18
|
|
|
19
19
|
|
|
20
20
|
|
|
21
|
-
var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
|
|
22
21
|
|
|
23
|
-
|
|
24
|
-
var GenericUserSession = class {
|
|
25
|
-
constructor(storage) {
|
|
26
|
-
this.storage = storage;
|
|
27
|
-
}
|
|
28
|
-
get() {
|
|
29
|
-
const user = this.storage.get("user" /* USER */);
|
|
30
|
-
return user ? JSON.parse(user) : null;
|
|
31
|
-
}
|
|
32
|
-
set(user) {
|
|
33
|
-
const value = user ? JSON.stringify(user) : "";
|
|
34
|
-
this.storage.set("user" /* USER */, value);
|
|
35
|
-
}
|
|
36
|
-
};
|
|
22
|
+
var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
|
|
37
23
|
|
|
38
24
|
// src/nextjs/cookies.ts
|
|
39
25
|
var _headersjs = require('next/headers.js');
|
|
40
26
|
var clearAuthCookies = () => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
41
27
|
const cookieStorage = new NextjsCookieStorage();
|
|
42
|
-
|
|
28
|
+
_chunkYNLXRD5Ljs.clearTokens.call(void 0, cookieStorage);
|
|
43
29
|
const clientStorage = new NextjsClientStorage();
|
|
44
|
-
const userSession = new GenericUserSession(clientStorage);
|
|
30
|
+
const userSession = new (0, _chunkYNLXRD5Ljs.GenericUserSession)(clientStorage);
|
|
45
31
|
userSession.set(null);
|
|
46
32
|
});
|
|
47
|
-
var NextjsCookieStorage = class extends
|
|
33
|
+
var NextjsCookieStorage = class extends _chunkKCSGIIPAjs.CookieStorage {
|
|
48
34
|
constructor(config = {}) {
|
|
49
35
|
super(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
|
|
50
|
-
secure:
|
|
36
|
+
secure: false,
|
|
51
37
|
httpOnly: true
|
|
52
38
|
}));
|
|
53
39
|
}
|
|
@@ -59,7 +45,7 @@ var NextjsCookieStorage = class extends _chunkT47HULF6js.CookieStorage {
|
|
|
59
45
|
_headersjs.cookies.call(void 0, ).set(key, value, this.settings);
|
|
60
46
|
}
|
|
61
47
|
};
|
|
62
|
-
var NextjsClientStorage = class extends
|
|
48
|
+
var NextjsClientStorage = class extends _chunkKCSGIIPAjs.CookieStorage {
|
|
63
49
|
constructor(config = {}) {
|
|
64
50
|
super(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
|
|
65
51
|
secure: false,
|
|
@@ -78,7 +64,7 @@ var NextjsClientStorage = class extends _chunkT47HULF6js.CookieStorage {
|
|
|
78
64
|
// src/nextjs/GetUser.ts
|
|
79
65
|
var getUser2 = () => {
|
|
80
66
|
const clientStorage = new NextjsClientStorage();
|
|
81
|
-
const userSession = new GenericUserSession(clientStorage);
|
|
67
|
+
const userSession = new (0, _chunkYNLXRD5Ljs.GenericUserSession)(clientStorage);
|
|
82
68
|
return userSession.get();
|
|
83
69
|
};
|
|
84
70
|
|
|
@@ -99,7 +85,7 @@ var matchesGlobs = (pathname, patterns) => patterns.some((pattern) => {
|
|
|
99
85
|
return matchGlob(pathname, pattern);
|
|
100
86
|
});
|
|
101
87
|
var applyAuth = (authConfig, request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
102
|
-
const authConfigWithDefaults =
|
|
88
|
+
const authConfigWithDefaults = _chunkMVO4UZ2Ajs.resolveAuthConfig.call(void 0, authConfig);
|
|
103
89
|
const isAuthenticated = !!request.cookies.get("id_token");
|
|
104
90
|
if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {
|
|
105
91
|
console.log("\u2192 Skipping auth check - this is the login URL");
|
|
@@ -121,7 +107,7 @@ var applyAuth = (authConfig, request) => _chunkCRTRMMJ7js.__async.call(void 0, v
|
|
|
121
107
|
console.log("\u2192 Auth check passed");
|
|
122
108
|
return void 0;
|
|
123
109
|
});
|
|
124
|
-
var authMiddleware = (authConfig =
|
|
110
|
+
var authMiddleware = (authConfig = _chunkMVO4UZ2Ajs.defaultAuthConfig) => (request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
125
111
|
const response = yield applyAuth(authConfig, request);
|
|
126
112
|
if (response) return response;
|
|
127
113
|
return _serverjs.NextResponse.next();
|
|
@@ -146,7 +132,7 @@ function auth(authConfig = {}) {
|
|
|
146
132
|
// src/nextjs/routeHandler.ts
|
|
147
133
|
|
|
148
134
|
var _cachejs = require('next/cache.js');
|
|
149
|
-
var logger =
|
|
135
|
+
var logger = _chunkMVO4UZ2Ajs.loggers.nextjs.handlers.auth;
|
|
150
136
|
var AuthError = class extends Error {
|
|
151
137
|
constructor(message, status = 401) {
|
|
152
138
|
super(message);
|
|
@@ -157,7 +143,7 @@ var AuthError = class extends Error {
|
|
|
157
143
|
function handleChallenge() {
|
|
158
144
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
159
145
|
const cookieStorage = new NextjsCookieStorage();
|
|
160
|
-
const pkceProducer = new (0,
|
|
146
|
+
const pkceProducer = new (0, _chunkYNLXRD5Ljs.GenericPublicClientPKCEProducer)(cookieStorage);
|
|
161
147
|
const challenge = yield pkceProducer.getCodeChallenge();
|
|
162
148
|
return _serverjs.NextResponse.json({ status: "success", challenge });
|
|
163
149
|
});
|
|
@@ -168,22 +154,22 @@ function handleCallback(request, config) {
|
|
|
168
154
|
const state = request.nextUrl.searchParams.get("state");
|
|
169
155
|
if (!code || !state) throw new AuthError("Bad parameters", 400);
|
|
170
156
|
const cookieStorage = new NextjsCookieStorage();
|
|
171
|
-
const resolvedConfigs =
|
|
172
|
-
const callbackUrl =
|
|
157
|
+
const resolvedConfigs = _chunkMVO4UZ2Ajs.resolveAuthConfig.call(void 0, config);
|
|
158
|
+
const callbackUrl = _chunkMVO4UZ2Ajs.resolveCallbackUrl.call(void 0, resolvedConfigs, request.url);
|
|
173
159
|
try {
|
|
174
|
-
yield
|
|
160
|
+
yield _chunkKCSGIIPAjs.resolveOAuthAccessCode.call(void 0, code, state, cookieStorage, _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, resolvedConfigs), {
|
|
175
161
|
redirectUrl: callbackUrl
|
|
176
162
|
}));
|
|
177
163
|
} catch (error) {
|
|
178
164
|
logger.error("Token exchange failed:", error);
|
|
179
165
|
throw new AuthError("Failed to authenticate user", 401);
|
|
180
166
|
}
|
|
181
|
-
const user = yield
|
|
167
|
+
const user = yield _chunkYNLXRD5Ljs.getUser.call(void 0, cookieStorage);
|
|
182
168
|
if (!user) {
|
|
183
169
|
throw new AuthError("Failed to get user info", 401);
|
|
184
170
|
}
|
|
185
171
|
const clientStorage = new NextjsClientStorage();
|
|
186
|
-
const userSession = new GenericUserSession(clientStorage);
|
|
172
|
+
const userSession = new (0, _chunkYNLXRD5Ljs.GenericUserSession)(clientStorage);
|
|
187
173
|
userSession.set(user);
|
|
188
174
|
const response = new (0, _serverjs.NextResponse)(`<html></html>`);
|
|
189
175
|
response.headers.set("Content-Type", "text/html; charset=utf-8");
|
|
@@ -199,7 +185,7 @@ var getAbsoluteRedirectPath = (redirectPath, currentBasePath) => {
|
|
|
199
185
|
function handleLogout(request, config) {
|
|
200
186
|
return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
|
|
201
187
|
var _a;
|
|
202
|
-
const resolvedConfigs =
|
|
188
|
+
const resolvedConfigs = _chunkMVO4UZ2Ajs.resolveAuthConfig.call(void 0, config);
|
|
203
189
|
const defaultRedirectPath = (_a = resolvedConfigs.loginUrl) != null ? _a : "/";
|
|
204
190
|
const redirectTarget = new URL(request.url).searchParams.get("redirect") || defaultRedirectPath;
|
|
205
191
|
const isAbsoluteRedirect = /^(https?:\/\/|www\.).+/i.test(redirectTarget);
|
|
@@ -218,7 +204,7 @@ function handleLogout(request, config) {
|
|
|
218
204
|
});
|
|
219
205
|
}
|
|
220
206
|
var handler = (authConfig = {}) => (request) => _chunkCRTRMMJ7js.__async.call(void 0, void 0, null, function* () {
|
|
221
|
-
const config =
|
|
207
|
+
const config = _chunkMVO4UZ2Ajs.resolveAuthConfig.call(void 0, authConfig);
|
|
222
208
|
try {
|
|
223
209
|
const pathname = request.nextUrl.pathname;
|
|
224
210
|
const pathSegments = pathname.split("/");
|
|
@@ -249,5 +235,5 @@ var handler = (authConfig = {}) => (request) => _chunkCRTRMMJ7js.__async.call(vo
|
|
|
249
235
|
|
|
250
236
|
|
|
251
237
|
|
|
252
|
-
exports.auth = auth; exports.authMiddleware = authMiddleware; exports.createCivicAuthPlugin =
|
|
238
|
+
exports.auth = auth; exports.authMiddleware = authMiddleware; exports.createCivicAuthPlugin = _chunkMVO4UZ2Ajs.createCivicAuthPlugin; exports.getUser = getUser2; exports.handler = handler; exports.withAuth = withAuth;
|
|
253
239
|
//# sourceMappingURL=nextjs.js.map
|
package/dist/nextjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/shared/UserSession.ts","../src/nextjs/cookies.ts","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"names":["getUser","NextResponse"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACbO,IAAM,mBAAA,EAAN,MAAgD;AAAA,EACrD,WAAA,CAAqB,OAAA,EAAsB;AAAtB,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AAAA,EAAuB;AAAA,EAE5C,GAAA,CAAA,EAAmB;AACjB,IAAA,MAAM,KAAA,EAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAA,iBAA4B,CAAA;AACtD,IAAA,OAAO,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,IAAI,EAAA,EAAI,IAAA;AAAA,EACnC;AAAA,EAEA,GAAA,CAAI,IAAA,EAAyB;AAC3B,IAAA,MAAM,MAAA,EAAQ,KAAA,EAAO,IAAA,CAAK,SAAA,CAAU,IAAI,EAAA,EAAI,EAAA;AAC5C,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAA,iBAAA,EAA8B,KAAK,CAAA;AAAA,EAClD;AACF,CAAA;ADeA;AACA;AEjCA,4CAAwB;AA4ExB,IAAM,iBAAA,EAAmB,CAAA,EAAA,GAAY,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAEnC,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,0CAAA,aAAyB,CAAA;AAGzB,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,kBAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AACtB,CAAA,CAAA;AAEA,IAAM,oBAAA,EAAN,MAAA,QAAkC,+BAAc;AAAA,EAC9C,WAAA,CAAY,OAAA,EAAyC,CAAC,CAAA,EAAG;AACvD,IAAA,KAAA,CAAM,4CAAA,6CAAA,CAAA,CAAA,EACD,MAAA,CAAA,EADC;AAAA,MAEJ,MAAA,EAAQ,IAAA;AAAA,MACR,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,GAAA,CAAI,GAAA,EAA4B;AApGlC,IAAA,IAAA,EAAA;AAqGI,IAAA,OAAA,CAAA,CAAO,GAAA,EAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAG,CAAA,EAAA,GAAjB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAoB,KAAA,EAAA,GAAS,IAAA;AAAA,EACtC;AAAA,EAEA,GAAA,CAAI,GAAA,EAAa,KAAA,EAAqB;AACpC,IAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAA,EAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AAAA,EACzC;AACF,CAAA;AAEA,IAAM,oBAAA,EAAN,MAAA,QAAkC,+BAAc;AAAA,EAC9C,WAAA,CAAY,OAAA,EAAyC,CAAC,CAAA,EAAG;AACvD,IAAA,KAAA,CAAM,4CAAA,6CAAA,CAAA,CAAA,EACD,MAAA,CAAA,EADC;AAAA,MAEJ,MAAA,EAAQ,KAAA;AAAA,MACR,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,GAAA,CAAI,GAAA,EAA4B;AAtHlC,IAAA,IAAA,EAAA;AAuHI,IAAA,OAAA,CAAA,CAAO,GAAA,EAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAG,CAAA,EAAA,GAAjB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAoB,KAAA,EAAA,GAAS,IAAA;AAAA,EACtC;AAAA,EAEA,GAAA,CAAI,GAAA,EAAa,KAAA,EAAqB;AACpC,IAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAA,EAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AAAA,EACzC;AACF,CAAA;AFjDA;AACA;AGtEO,IAAMA,SAAAA,EAAU,CAAA,EAAA,GAAmB;AACxC,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,kBAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,OAAO,WAAA,CAAY,GAAA,CAAI,CAAA;AACzB,CAAA;AHwEA;AACA;AI/DA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAI3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,QAAA,EAAU;AAChE,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AJdA;AACA;AKjJA;AACA,wCAA+B;AAc/B,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CAAA,EAAyC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtD,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,aAAa,CAAA;AAEtE,IAAA,MAAM,UAAA,EAAY,MAAM,YAAA,CAAa,gBAAA,CAAiB,CAAA;AAEtD,IAAA,OAAOC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,EAC3D,CAAA,CAAA;AAAA;AAEA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACvB,IAAA,MAAM,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACpD,IAAA,MAAM,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AACtD,IAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,KAAA,EAAO,MAAM,IAAI,SAAA,CAAU,gBAAA,EAAkB,GAAG,CAAA;AAE9D,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAE9C,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,YAAA,EAAc,iDAAA,eAAmB,EAAiB,OAAA,CAAQ,GAAG,CAAA;AAEnE,IAAA,IAAI;AACF,MAAA,MAAM,qDAAA,IAAuB,EAAM,KAAA,EAAO,aAAA,EAAe,4CAAA,6CAAA,CAAA,CAAA,EACpD,eAAA,CAAA,EADoD;AAAA,QAEvD,WAAA,EAAa;AAAA,MACf,CAAA,CAAC,CAAA;AAAA,IACH,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,KAAA,CAAM,wBAAA,EAA0B,KAAK,CAAA;AAC5C,MAAA,MAAM,IAAI,SAAA,CAAU,6BAAA,EAA+B,GAAG,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,KAAA,EAAO,MAAM,sCAAA,aAAqB,CAAA;AACxC,IAAA,GAAA,CAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA,CAAU,yBAAA,EAA2B,GAAG,CAAA;AAAA,IACpD;AAEA,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,YAAA,EAAc,IAAI,kBAAA,CAAmB,aAAa,CAAA;AAExD,IAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAKpB,IAAA,MAAM,SAAA,EAAW,IAAIA,2BAAAA,CAAa,CAAA,aAAA,CAAe,CAAA;AACjD,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAC/D,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAQA,IAAM,wBAAA,EAA0B,CAC9B,YAAA,EACA,eAAA,EAAA,GACG;AAEH,EAAA,GAAA,CAAI,yBAAA,CAA0B,IAAA,CAAK,YAAY,CAAA,EAAG;AAChD,IAAA,OAAO,YAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,eAAe,CAAA,CAAE,IAAA;AAChD,CAAA;AAEA,SAAe,YAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAtGzB,IAAA,IAAA,EAAA;AAuGE,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,oBAAA,EAAA,CAAsB,GAAA,EAAA,eAAA,CAAgB,QAAA,EAAA,GAAhB,KAAA,EAAA,GAAA,EAA4B,GAAA;AACxD,IAAA,MAAM,eAAA,EACJ,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,YAAA,CAAa,GAAA,CAAI,UAAU,EAAA,GAAK,mBAAA;AACvD,IAAA,MAAM,mBAAA,EAAqB,yBAAA,CAA0B,IAAA,CAAK,cAAc,CAAA;AACxE,IAAA,MAAM,iBAAA,EAAmB,uBAAA;AAAA,MACvB,cAAA;AAAA,MACA,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE;AAAA,IACvB,CAAA;AAEA,IAAA,MAAM,SAAA,EAAWA,sBAAAA,CAAa,QAAA,CAAS,gBAAgB,CAAA;AAEvD,IAAA,gBAAA,CAAiB,CAAA;AAEjB,IAAA,IAAI;AACF,MAAA,qCAAA,mBAAe,EAAqB,iBAAA,EAAmB,cAAc,CAAA;AAAA,IACvE,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,IAAA,CAAK,yCAAA,EAA2C,KAAK,CAAA;AAAA,IAC9D;AAEA,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAcO,IAAM,QAAA,EACX,CAAC,WAAA,EAAa,CAAC,CAAA,EAAA,GACf,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,OAAA,EAAS,gDAAA,UAA4B,CAAA;AAE3C,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,QAAA;AACjC,IAAA,MAAM,aAAA,EAAe,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AACvC,IAAA,MAAM,YAAA,EAAc,YAAA,CAAa,YAAA,CAAa,OAAA,EAAS,CAAC,CAAA;AAExD,IAAA,OAAA,CAAQ,WAAA,EAAa;AAAA,MACnB,KAAK,WAAA;AACH,QAAA,OAAO,MAAM,eAAA,CAAgB,CAAA;AAAA,MAC/B,KAAK,UAAA;AACH,QAAA,OAAO,MAAM,cAAA,CAAe,OAAA,EAAS,MAAM,CAAA;AAAA,MAC7C,KAAK,QAAA;AACH,QAAA,OAAO,MAAM,YAAA,CAAa,OAAA,EAAS,MAAM,CAAA;AAAA,MAC3C,OAAA;AACE,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,oBAAA,EAAuB,QAAQ,CAAA,CAAA;AACvD,IAAA;AACc,EAAA;AAC2B,IAAA;AAES,IAAA;AAEjB,IAAA;AAEsB,IAAA;AAEtC,IAAA;AACV,IAAA;AACT,EAAA;AACF;AL0E0D;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"import { AuthStorage } from \"@/server\";\nimport { User } from \"@/types\";\nimport { NextjsClientCookies } from \"./types\";\n\nexport interface UserSession {\n get(): User | null;\n set(user: User): void;\n}\n\nexport class GenericUserSession implements UserSession {\n constructor(readonly storage: AuthStorage) {}\n\n get(): User | null {\n const user = this.storage.get(NextjsClientCookies.USER);\n return user ? JSON.parse(user) : null;\n }\n\n set(user: User | null): void {\n const value = user ? JSON.stringify(user) : \"\";\n this.storage.set(NextjsClientCookies.USER, value);\n }\n}\n","import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"./config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n response: NextResponse,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n const maxAge = sessionData.expiresIn ?? 3600;\n const cookieOptions = {\n ...config.cookies?.tokens,\n maxAge,\n };\n\n if (sessionData.accessToken) {\n response.cookies.set(\"access_token\", sessionData.accessToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.idToken) {\n response.cookies.set(\"id_token\", sessionData.idToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.refreshToken) {\n response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n response: NextResponse,\n user: User<UnknownObject> | null,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n if (!user) {\n response.cookies.set(\"user\", \"\", {\n ...config.cookies?.user,\n maxAge: 0,\n });\n return;\n }\n const maxAge = sessionData.expiresIn ?? 3600;\n\n // TODO select fields to include in the user cookie\n const frontendUser = {\n ...user,\n };\n\n // TODO make call to get user info from the\n // auth server /userinfo endpoint when it's available\n // then add to the default claims above\n\n response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n ...config.cookies?.user,\n maxAge,\n });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async () => {\n // clear session, and tokens\n const cookieStorage = new NextjsCookieStorage();\n clearTokens(cookieStorage);\n\n // clear user\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(null);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: true,\n httpOnly: true,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: false,\n httpOnly: false,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nexport {\n createTokenCookies,\n createUserInfoCookie,\n clearAuthCookies,\n NextjsCookieStorage,\n NextjsClientStorage,\n};\n","/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"./cookies\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n return userSession.get();\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n // TODO check if token is not expired\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"./cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/server/session.js\";\nimport { resolveCallbackUrl } from \"./utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const cookieStorage = new NextjsCookieStorage();\n\n const resolvedConfigs = resolveAuthConfig(config);\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"]}
|
|
1
|
+
{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","../src/nextjs/cookies.ts","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"names":["getUser","NextResponse"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACnBA,4CAAwB;AA4ExB,IAAM,iBAAA,EAAmB,CAAA,EAAA,GAAY,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAEnC,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,0CAAA,aAAyB,CAAA;AAGzB,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AACtB,CAAA,CAAA;AAEA,IAAM,oBAAA,EAAN,MAAA,QAAkC,+BAAc;AAAA,EAC9C,WAAA,CAAY,OAAA,EAAyC,CAAC,CAAA,EAAG;AACvD,IAAA,KAAA,CAAM,4CAAA,6CAAA,CAAA,CAAA,EACD,MAAA,CAAA,EADC;AAAA,MAEJ,MAAA,EAAQ,KAAA;AAAA,MACR,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,GAAA,CAAI,GAAA,EAA4B;AApGlC,IAAA,IAAA,EAAA;AAqGI,IAAA,OAAA,CAAA,CAAO,GAAA,EAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAG,CAAA,EAAA,GAAjB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAoB,KAAA,EAAA,GAAS,IAAA;AAAA,EACtC;AAAA,EAEA,GAAA,CAAI,GAAA,EAAa,KAAA,EAAqB;AACpC,IAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAA,EAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AAAA,EACzC;AACF,CAAA;AAEA,IAAM,oBAAA,EAAN,MAAA,QAAkC,+BAAc;AAAA,EAC9C,WAAA,CAAY,OAAA,EAAyC,CAAC,CAAA,EAAG;AACvD,IAAA,KAAA,CAAM,4CAAA,6CAAA,CAAA,CAAA,EACD,MAAA,CAAA,EADC;AAAA,MAEJ,MAAA,EAAQ,KAAA;AAAA,MACR,QAAA,EAAU;AAAA,IACZ,CAAA,CAAC,CAAA;AAAA,EACH;AAAA,EAEA,GAAA,CAAI,GAAA,EAA4B;AAtHlC,IAAA,IAAA,EAAA;AAuHI,IAAA,OAAA,CAAA,CAAO,GAAA,EAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAG,CAAA,EAAA,GAAjB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAAoB,KAAA,EAAA,GAAS,IAAA;AAAA,EACtC;AAAA,EAEA,GAAA,CAAI,GAAA,EAAa,KAAA,EAAqB;AACpC,IAAA,gCAAA,CAAQ,CAAE,GAAA,CAAI,GAAA,EAAK,KAAA,EAAO,IAAA,CAAK,QAAQ,CAAA;AAAA,EACzC;AACF,CAAA;AD/DA;AACA;AExDO,IAAMA,SAAAA,EAAU,CAAA,EAAA,GAAmB;AACxC,EAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,EAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AACxD,EAAA,OAAO,WAAA,CAAY,GAAA,CAAI,CAAA;AACzB,CAAA;AF0DA;AACA;AGjDA,0CAA0C;AAC1C,4FAAsB;AAgBtB,IAAM,UAAA,EAAY,CAAC,QAAA,EAAkB,WAAA,EAAA,GAAwB;AAC3D,EAAA,MAAM,QAAA,EAAU,iCAAA,WAAqB,CAAA;AACrC,EAAA,OAAO,OAAA,CAAQ,QAAQ,CAAA;AACzB,CAAA;AAOA,IAAM,aAAA,EAAe,CAAC,QAAA,EAAkB,QAAA,EAAA,GACtC,QAAA,CAAS,IAAA,CAAK,CAAC,OAAA,EAAA,GAAY;AACzB,EAAA,GAAA,CAAI,CAAC,OAAA,EAAS,OAAO,KAAA;AACrB,EAAA,OAAA,CAAQ,GAAA,CAAI,UAAA,EAAY;AAAA,IACtB,OAAA;AAAA,IACA,QAAA;AAAA,IACA,KAAA,EAAO,SAAA,CAAU,QAAA,EAAU,OAAO;AAAA,EACpC,CAAC,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,QAAA,EAAU,OAAO,CAAA;AACpC,CAAC,CAAA;AAGH,IAAM,UAAA,EAAY,CAChB,UAAA,EACA,OAAA,EAAA,GACsC,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtC,EAAA,MAAM,uBAAA,EAAyB,gDAAA,UAA4B,CAAA;AAG3D,EAAA,MAAM,gBAAA,EAAkB,CAAC,CAAC,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AAGxD,EAAA,GAAA,CAAI,OAAA,CAAQ,OAAA,CAAQ,SAAA,IAAa,sBAAA,CAAuB,QAAA,EAAU;AAChE,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC3E,IAAA,OAAA,CAAQ,GAAA,CAAI,2DAAsD,CAAA;AAClE,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAEA,EAAA,GAAA,CAAI,YAAA,CAAa,OAAA,CAAQ,OAAA,CAAQ,QAAA,EAAU,sBAAA,CAAuB,OAAO,CAAA,EAAG;AAC1E,IAAA,OAAA,CAAQ,GAAA,CAAI,uDAAkD,CAAA;AAC9D,IAAA,OAAO,KAAA,CAAA;AAAA,EACT;AAGA,EAAA,GAAA,CAAI,CAAC,eAAA,EAAiB;AACpB,IAAA,OAAA,CAAQ,GAAA,CAAI,oDAA+C,CAAA;AAC3D,IAAA,MAAM,SAAA,EAAW,IAAI,GAAA,CAAI,sBAAA,CAAuB,QAAA,EAAU,OAAA,CAAQ,GAAG,CAAA;AACrE,IAAA,OAAO,sBAAA,CAAa,QAAA,CAAS,QAAQ,CAAA;AAAA,EACvC;AAEA,EAAA,OAAA,CAAQ,GAAA,CAAI,0BAAqB,CAAA;AACjC,EAAA,OAAO,KAAA,CAAA;AACT,CAAA,CAAA;AAUO,IAAM,eAAA,EACX,CAAC,WAAA,EAAa,kCAAA,EAAA,GACd,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,EAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AAIrB,EAAA,OAAO,sBAAA,CAAa,IAAA,CAAK,CAAA;AAC3B,CAAA,CAAA;AAWK,SAAS,QAAA,CACd,UAAA,EACiD;AACjD,EAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,IAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,CAAC,CAAA,EAAG,OAAO,CAAA;AAC5C,IAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,IAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,EAC3B,CAAA,CAAA;AACF;AAeO,SAAS,IAAA,CAAK,WAAA,EAAyB,CAAC,CAAA,EAAG;AAChD,EAAA,OAAO,CACL,UAAA,EAAA,GACsD;AACtD,IAAA,OAAO,CAAO,OAAA,EAAA,GAAgD,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5D,MAAA,MAAM,SAAA,EAAW,MAAM,SAAA,CAAU,UAAA,EAAY,OAAO,CAAA;AACpD,MAAA,GAAA,CAAI,QAAA,EAAU,OAAO,QAAA;AACrB,MAAA,OAAO,UAAA,CAAW,OAAO,CAAA;AAAA,IAC3B,CAAA,CAAA;AAAA,EACF,CAAA;AACF;AH3BA;AACA;AInIA;AACA,wCAA+B;AAc/B,IAAM,OAAA,EAAS,wBAAA,CAAQ,MAAA,CAAO,QAAA,CAAS,IAAA;AAEvC,IAAM,UAAA,EAAN,MAAA,QAAwB,MAAM;AAAA,EAC5B,WAAA,CACE,OAAA,EACgB,OAAA,EAAiB,GAAA,EACjC;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,WAAA;AAAA,EACd;AACF,CAAA;AAOA,SAAe,eAAA,CAAA,EAAyC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACtD,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,aAAA,EAAe,IAAI,qDAAA,CAAgC,aAAa,CAAA;AAEtE,IAAA,MAAM,UAAA,EAAY,MAAM,YAAA,CAAa,gBAAA,CAAiB,CAAA;AAEtD,IAAA,OAAOC,sBAAAA,CAAa,IAAA,CAAK,EAAE,MAAA,EAAQ,SAAA,EAAW,UAAU,CAAC,CAAA;AAAA,EAC3D,CAAA,CAAA;AAAA;AAEA,SAAe,cAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACvB,IAAA,MAAM,KAAA,EAAO,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACpD,IAAA,MAAM,MAAA,EAAQ,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,GAAA,CAAI,OAAO,CAAA;AACtD,IAAA,GAAA,CAAI,CAAC,KAAA,GAAQ,CAAC,KAAA,EAAO,MAAM,IAAI,SAAA,CAAU,gBAAA,EAAkB,GAAG,CAAA;AAE9D,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAE9C,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,YAAA,EAAc,iDAAA,eAAmB,EAAiB,OAAA,CAAQ,GAAG,CAAA;AAEnE,IAAA,IAAI;AACF,MAAA,MAAM,qDAAA,IAAuB,EAAM,KAAA,EAAO,aAAA,EAAe,4CAAA,6CAAA,CAAA,CAAA,EACpD,eAAA,CAAA,EADoD;AAAA,QAEvD,WAAA,EAAa;AAAA,MACf,CAAA,CAAC,CAAA;AAAA,IACH,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,KAAA,CAAM,wBAAA,EAA0B,KAAK,CAAA;AAC5C,MAAA,MAAM,IAAI,SAAA,CAAU,6BAAA,EAA+B,GAAG,CAAA;AAAA,IACxD;AAEA,IAAA,MAAM,KAAA,EAAO,MAAM,sCAAA,aAAqB,CAAA;AACxC,IAAA,GAAA,CAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,SAAA,CAAU,yBAAA,EAA2B,GAAG,CAAA;AAAA,IACpD;AAEA,IAAA,MAAM,cAAA,EAAgB,IAAI,mBAAA,CAAoB,CAAA;AAC9C,IAAA,MAAM,YAAA,EAAc,IAAI,wCAAA,CAAmB,aAAa,CAAA;AAExD,IAAA,WAAA,CAAY,GAAA,CAAI,IAAI,CAAA;AAKpB,IAAA,MAAM,SAAA,EAAW,IAAIA,2BAAAA,CAAa,CAAA,aAAA,CAAe,CAAA;AACjD,IAAA,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,cAAA,EAAgB,0BAA0B,CAAA;AAC/D,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAQA,IAAM,wBAAA,EAA0B,CAC9B,YAAA,EACA,eAAA,EAAA,GACG;AAEH,EAAA,GAAA,CAAI,yBAAA,CAA0B,IAAA,CAAK,YAAY,CAAA,EAAG;AAChD,IAAA,OAAO,YAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,YAAA,EAAc,eAAe,CAAA,CAAE,IAAA;AAChD,CAAA;AAEA,SAAe,YAAA,CACb,OAAA,EACA,MAAA,EACuB;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAtGzB,IAAA,IAAA,EAAA;AAuGE,IAAA,MAAM,gBAAA,EAAkB,gDAAA,MAAwB,CAAA;AAChD,IAAA,MAAM,oBAAA,EAAA,CAAsB,GAAA,EAAA,eAAA,CAAgB,QAAA,EAAA,GAAhB,KAAA,EAAA,GAAA,EAA4B,GAAA;AACxD,IAAA,MAAM,eAAA,EACJ,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,YAAA,CAAa,GAAA,CAAI,UAAU,EAAA,GAAK,mBAAA;AACvD,IAAA,MAAM,mBAAA,EAAqB,yBAAA,CAA0B,IAAA,CAAK,cAAc,CAAA;AACxE,IAAA,MAAM,iBAAA,EAAmB,uBAAA;AAAA,MACvB,cAAA;AAAA,MACA,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE;AAAA,IACvB,CAAA;AAEA,IAAA,MAAM,SAAA,EAAWA,sBAAAA,CAAa,QAAA,CAAS,gBAAgB,CAAA;AAEvD,IAAA,gBAAA,CAAiB,CAAA;AAEjB,IAAA,IAAI;AACF,MAAA,qCAAA,mBAAe,EAAqB,iBAAA,EAAmB,cAAc,CAAA;AAAA,IACvE,EAAA,MAAA,CAAS,KAAA,EAAO;AACd,MAAA,MAAA,CAAO,IAAA,CAAK,yCAAA,EAA2C,KAAK,CAAA;AAAA,IAC9D;AAEA,IAAA,OAAO,QAAA;AAAA,EACT,CAAA,CAAA;AAAA;AAcO,IAAM,QAAA,EACX,CAAC,WAAA,EAAa,CAAC,CAAA,EAAA,GACf,CAAO,OAAA,EAAA,GAAgD,sCAAA,KAAA,CAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACrD,EAAA,MAAM,OAAA,EAAS,gDAAA,UAA4B,CAAA;AAE3C,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,EAAW,OAAA,CAAQ,OAAA,CAAQ,QAAA;AACjC,IAAA,MAAM,aAAA,EAAe,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AACvC,IAAA,MAAM,YAAA,EAAc,YAAA,CAAa,YAAA,CAAa,OAAA,EAAS,CAAC,CAAA;AAExD,IAAA,OAAA,CAAQ,WAAA,EAAa;AAAA,MACnB,KAAK,WAAA;AACH,QAAA,OAAO,MAAM,eAAA,CAAgB,CAAA;AAAA,MAC/B,KAAK,UAAA;AACH,QAAA,OAAO,MAAM,cAAA,CAAe,OAAA,EAAS,MAAM,CAAA;AAAA,MAC7C,KAAK,QAAA;AACH,QAAA,OAAO,MAAM,YAAA,CAAa,OAAA,EAAS,MAAM,CAAA;AAAA,MAC3C,OAAA;AACE,QAAA,MAAM,IAAI,SAAA,CAAU,CAAA,oBAAA,EAAuB,QAAQ,CAAA,CAAA;AACvD,IAAA;AACc,EAAA;AAC2B,IAAA;AAES,IAAA;AAEjB,IAAA;AAEsB,IAAA;AAEtC,IAAA;AACV,IAAA;AACT,EAAA;AACF;AJ4D0D;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/nextjs.js","sourcesContent":[null,"import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"@/nextjs/config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n response: NextResponse,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n const maxAge = sessionData.expiresIn ?? 3600;\n const cookieOptions = {\n ...config.cookies?.tokens,\n maxAge,\n };\n\n if (sessionData.accessToken) {\n response.cookies.set(\"access_token\", sessionData.accessToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.idToken) {\n response.cookies.set(\"id_token\", sessionData.idToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.refreshToken) {\n response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n response: NextResponse,\n user: User<UnknownObject> | null,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n if (!user) {\n response.cookies.set(\"user\", \"\", {\n ...config.cookies?.user,\n maxAge: 0,\n });\n return;\n }\n const maxAge = sessionData.expiresIn ?? 3600;\n\n // TODO select fields to include in the user cookie\n const frontendUser = {\n ...user,\n };\n\n // TODO make call to get user info from the\n // auth server /userinfo endpoint when it's available\n // then add to the default claims above\n\n response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n ...config.cookies?.user,\n maxAge,\n });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async () => {\n // clear session, and tokens\n const cookieStorage = new NextjsCookieStorage();\n clearTokens(cookieStorage);\n\n // clear user\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(null);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: false,\n httpOnly: true,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: false,\n httpOnly: false,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nexport {\n createTokenCookies,\n createUserInfoCookie,\n clearAuthCookies,\n NextjsCookieStorage,\n NextjsClientStorage,\n};\n","/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n return userSession.get();\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const cookieStorage = new NextjsCookieStorage();\n\n const resolvedConfigs = resolveAuthConfig(config);\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"]}
|
package/dist/nextjs.mjs
CHANGED
|
@@ -4,37 +4,23 @@ import {
|
|
|
4
4
|
loggers,
|
|
5
5
|
resolveAuthConfig,
|
|
6
6
|
resolveCallbackUrl
|
|
7
|
-
} from "./chunk-
|
|
7
|
+
} from "./chunk-EAANLFR5.mjs";
|
|
8
8
|
import {
|
|
9
9
|
CookieStorage,
|
|
10
|
-
GenericPublicClientPKCEProducer,
|
|
11
|
-
getUser,
|
|
12
10
|
resolveOAuthAccessCode
|
|
13
|
-
} from "./chunk-
|
|
11
|
+
} from "./chunk-EGFTMH5S.mjs";
|
|
14
12
|
import {
|
|
15
|
-
|
|
16
|
-
|
|
13
|
+
GenericPublicClientPKCEProducer,
|
|
14
|
+
GenericUserSession,
|
|
15
|
+
clearTokens,
|
|
16
|
+
getUser
|
|
17
|
+
} from "./chunk-PMDIR5XE.mjs";
|
|
17
18
|
import {
|
|
18
19
|
__async,
|
|
19
20
|
__spreadProps,
|
|
20
21
|
__spreadValues
|
|
21
22
|
} from "./chunk-RGHW4PYM.mjs";
|
|
22
23
|
|
|
23
|
-
// src/shared/UserSession.ts
|
|
24
|
-
var GenericUserSession = class {
|
|
25
|
-
constructor(storage) {
|
|
26
|
-
this.storage = storage;
|
|
27
|
-
}
|
|
28
|
-
get() {
|
|
29
|
-
const user = this.storage.get("user" /* USER */);
|
|
30
|
-
return user ? JSON.parse(user) : null;
|
|
31
|
-
}
|
|
32
|
-
set(user) {
|
|
33
|
-
const value = user ? JSON.stringify(user) : "";
|
|
34
|
-
this.storage.set("user" /* USER */, value);
|
|
35
|
-
}
|
|
36
|
-
};
|
|
37
|
-
|
|
38
24
|
// src/nextjs/cookies.ts
|
|
39
25
|
import { cookies } from "next/headers.js";
|
|
40
26
|
var clearAuthCookies = () => __async(void 0, null, function* () {
|
|
@@ -47,7 +33,7 @@ var clearAuthCookies = () => __async(void 0, null, function* () {
|
|
|
47
33
|
var NextjsCookieStorage = class extends CookieStorage {
|
|
48
34
|
constructor(config = {}) {
|
|
49
35
|
super(__spreadProps(__spreadValues({}, config), {
|
|
50
|
-
secure:
|
|
36
|
+
secure: false,
|
|
51
37
|
httpOnly: true
|
|
52
38
|
}));
|
|
53
39
|
}
|
package/dist/nextjs.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/shared/UserSession.ts","../src/nextjs/cookies.ts","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"sourcesContent":["import { AuthStorage } from \"@/server\";\nimport { User } from \"@/types\";\nimport { NextjsClientCookies } from \"./types\";\n\nexport interface UserSession {\n get(): User | null;\n set(user: User): void;\n}\n\nexport class GenericUserSession implements UserSession {\n constructor(readonly storage: AuthStorage) {}\n\n get(): User | null {\n const user = this.storage.get(NextjsClientCookies.USER);\n return user ? JSON.parse(user) : null;\n }\n\n set(user: User | null): void {\n const value = user ? JSON.stringify(user) : \"\";\n this.storage.set(NextjsClientCookies.USER, value);\n }\n}\n","import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"./config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n response: NextResponse,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n const maxAge = sessionData.expiresIn ?? 3600;\n const cookieOptions = {\n ...config.cookies?.tokens,\n maxAge,\n };\n\n if (sessionData.accessToken) {\n response.cookies.set(\"access_token\", sessionData.accessToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.idToken) {\n response.cookies.set(\"id_token\", sessionData.idToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.refreshToken) {\n response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n response: NextResponse,\n user: User<UnknownObject> | null,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n if (!user) {\n response.cookies.set(\"user\", \"\", {\n ...config.cookies?.user,\n maxAge: 0,\n });\n return;\n }\n const maxAge = sessionData.expiresIn ?? 3600;\n\n // TODO select fields to include in the user cookie\n const frontendUser = {\n ...user,\n };\n\n // TODO make call to get user info from the\n // auth server /userinfo endpoint when it's available\n // then add to the default claims above\n\n response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n ...config.cookies?.user,\n maxAge,\n });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async () => {\n // clear session, and tokens\n const cookieStorage = new NextjsCookieStorage();\n clearTokens(cookieStorage);\n\n // clear user\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(null);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: true,\n httpOnly: true,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: false,\n httpOnly: false,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nexport {\n createTokenCookies,\n createUserInfoCookie,\n clearAuthCookies,\n NextjsCookieStorage,\n NextjsClientStorage,\n};\n","/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"./cookies\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n return userSession.get();\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n // TODO check if token is not expired\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"./cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/server/session.js\";\nimport { resolveCallbackUrl } from \"./utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const cookieStorage = new NextjsCookieStorage();\n\n const resolvedConfigs = resolveAuthConfig(config);\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AASO,IAAM,qBAAN,MAAgD;AAAA,EACrD,YAAqB,SAAsB;AAAtB;AAAA,EAAuB;AAAA,EAE5C,MAAmB;AACjB,UAAM,OAAO,KAAK,QAAQ,qBAA4B;AACtD,WAAO,OAAO,KAAK,MAAM,IAAI,IAAI;AAAA,EACnC;AAAA,EAEA,IAAI,MAAyB;AAC3B,UAAM,QAAQ,OAAO,KAAK,UAAU,IAAI,IAAI;AAC5C,SAAK,QAAQ,uBAA8B,KAAK;AAAA,EAClD;AACF;;;ACjBA,SAAS,eAAe;AA4ExB,IAAM,mBAAmB,MAAY;AAEnC,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,cAAY,aAAa;AAGzB,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,cAAY,IAAI,IAAI;AACtB;AAEA,IAAM,sBAAN,cAAkC,cAAc;AAAA,EAC9C,YAAY,SAAyC,CAAC,GAAG;AACvD,UAAM,iCACD,SADC;AAAA,MAEJ,QAAQ;AAAA,MACR,UAAU;AAAA,IACZ,EAAC;AAAA,EACH;AAAA,EAEA,IAAI,KAA4B;AApGlC;AAqGI,aAAO,aAAQ,EAAE,IAAI,GAAG,MAAjB,mBAAoB,UAAS;AAAA,EACtC;AAAA,EAEA,IAAI,KAAa,OAAqB;AACpC,YAAQ,EAAE,IAAI,KAAK,OAAO,KAAK,QAAQ;AAAA,EACzC;AACF;AAEA,IAAM,sBAAN,cAAkC,cAAc;AAAA,EAC9C,YAAY,SAAyC,CAAC,GAAG;AACvD,UAAM,iCACD,SADC;AAAA,MAEJ,QAAQ;AAAA,MACR,UAAU;AAAA,IACZ,EAAC;AAAA,EACH;AAAA,EAEA,IAAI,KAA4B;AAtHlC;AAuHI,aAAO,aAAQ,EAAE,IAAI,GAAG,MAAjB,mBAAoB,UAAS;AAAA,EACtC;AAAA,EAEA,IAAI,KAAa,OAAqB;AACpC,YAAQ,EAAE,IAAI,KAAK,OAAO,KAAK,QAAQ;AAAA,EACzC;AACF;;;ACtHO,IAAMA,WAAU,MAAmB;AACxC,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,SAAO,YAAY,IAAI;AACzB;;;ACUA,SAAsB,oBAAoB;AAC1C,OAAO,eAAe;AAgBtB,IAAM,YAAY,CAAC,UAAkB,gBAAwB;AAC3D,QAAM,UAAU,UAAU,WAAW;AACrC,SAAO,QAAQ,QAAQ;AACzB;AAOA,IAAM,eAAe,CAAC,UAAkB,aACtC,SAAS,KAAK,CAAC,YAAY;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,UAAQ,IAAI,YAAY;AAAA,IACtB;AAAA,IACA;AAAA,IACA,OAAO,UAAU,UAAU,OAAO;AAAA,EACpC,CAAC;AACD,SAAO,UAAU,UAAU,OAAO;AACpC,CAAC;AAGH,IAAM,YAAY,CAChB,YACA,YACsC;AACtC,QAAM,yBAAyB,kBAAkB,UAAU;AAI3D,QAAM,kBAAkB,CAAC,CAAC,QAAQ,QAAQ,IAAI,UAAU;AAGxD,MAAI,QAAQ,QAAQ,aAAa,uBAAuB,UAAU;AAChE,YAAQ,IAAI,oDAA+C;AAC3D,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC3E,YAAQ,IAAI,2DAAsD;AAClE,WAAO;AAAA,EACT;AAEA,MAAI,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC1E,YAAQ,IAAI,uDAAkD;AAC9D,WAAO;AAAA,EACT;AAGA,MAAI,CAAC,iBAAiB;AACpB,YAAQ,IAAI,oDAA+C;AAC3D,UAAM,WAAW,IAAI,IAAI,uBAAuB,UAAU,QAAQ,GAAG;AACrE,WAAO,aAAa,SAAS,QAAQ;AAAA,EACvC;AAEA,UAAQ,IAAI,0BAAqB;AACjC,SAAO;AACT;AAUO,IAAM,iBACX,CAAC,aAAa,sBACd,CAAO,YAAgD;AACrD,QAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,MAAI,SAAU,QAAO;AAIrB,SAAO,aAAa,KAAK;AAC3B;AAWK,SAAS,SACd,YACiD;AACjD,SAAO,CAAO,YAAgD;AAC5D,UAAM,WAAW,MAAM,UAAU,CAAC,GAAG,OAAO;AAC5C,QAAI,SAAU,QAAO;AACrB,WAAO,WAAW,OAAO;AAAA,EAC3B;AACF;AAeO,SAAS,KAAK,aAAyB,CAAC,GAAG;AAChD,SAAO,CACL,eACsD;AACtD,WAAO,CAAO,YAAgD;AAC5D,YAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,UAAI,SAAU,QAAO;AACrB,aAAO,WAAW,OAAO;AAAA,IAC3B;AAAA,EACF;AACF;;;AC9JA,SAAsB,gBAAAC,qBAAoB;AAC1C,SAAS,sBAAsB;AAc/B,IAAM,SAAS,QAAQ,OAAO,SAAS;AAEvC,IAAM,YAAN,cAAwB,MAAM;AAAA,EAC5B,YACE,SACgB,SAAiB,KACjC;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOA,SAAe,kBAAyC;AAAA;AACtD,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,eAAe,IAAI,gCAAgC,aAAa;AAEtE,UAAM,YAAY,MAAM,aAAa,iBAAiB;AAEtD,WAAOC,cAAa,KAAK,EAAE,QAAQ,WAAW,UAAU,CAAC;AAAA,EAC3D;AAAA;AAEA,SAAe,eACb,SACA,QACuB;AAAA;AACvB,UAAM,OAAO,QAAQ,QAAQ,aAAa,IAAI,MAAM;AACpD,UAAM,QAAQ,QAAQ,QAAQ,aAAa,IAAI,OAAO;AACtD,QAAI,CAAC,QAAQ,CAAC,MAAO,OAAM,IAAI,UAAU,kBAAkB,GAAG;AAE9D,UAAM,gBAAgB,IAAI,oBAAoB;AAE9C,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,cAAc,mBAAmB,iBAAiB,QAAQ,GAAG;AAEnE,QAAI;AACF,YAAM,uBAAuB,MAAM,OAAO,eAAe,iCACpD,kBADoD;AAAA,QAEvD,aAAa;AAAA,MACf,EAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,MAAM,0BAA0B,KAAK;AAC5C,YAAM,IAAI,UAAU,+BAA+B,GAAG;AAAA,IACxD;AAEA,UAAM,OAAO,MAAM,QAAQ,aAAa;AACxC,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,UAAU,2BAA2B,GAAG;AAAA,IACpD;AAEA,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,cAAc,IAAI,mBAAmB,aAAa;AAExD,gBAAY,IAAI,IAAI;AAKpB,UAAM,WAAW,IAAIA,cAAa,eAAe;AACjD,aAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,WAAO;AAAA,EACT;AAAA;AAQA,IAAM,0BAA0B,CAC9B,cACA,oBACG;AAEH,MAAI,0BAA0B,KAAK,YAAY,GAAG;AAChD,WAAO;AAAA,EACT;AACA,SAAO,IAAI,IAAI,cAAc,eAAe,EAAE;AAChD;AAEA,SAAe,aACb,SACA,QACuB;AAAA;AAtGzB;AAuGE,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,uBAAsB,qBAAgB,aAAhB,YAA4B;AACxD,UAAM,iBACJ,IAAI,IAAI,QAAQ,GAAG,EAAE,aAAa,IAAI,UAAU,KAAK;AACvD,UAAM,qBAAqB,0BAA0B,KAAK,cAAc;AACxE,UAAM,mBAAmB;AAAA,MACvB;AAAA,MACA,IAAI,IAAI,QAAQ,GAAG,EAAE;AAAA,IACvB;AAEA,UAAM,WAAWA,cAAa,SAAS,gBAAgB;AAEvD,qBAAiB;AAEjB,QAAI;AACF,qBAAe,qBAAqB,mBAAmB,cAAc;AAAA,IACvE,SAAS,OAAO;AACd,aAAO,KAAK,2CAA2C,KAAK;AAAA,IAC9D;AAEA,WAAO;AAAA,EACT;AAAA;AAcO,IAAM,UACX,CAAC,aAAa,CAAC,MACf,CAAO,YAAgD;AACrD,QAAM,SAAS,kBAAkB,UAAU;AAE3C,MAAI;AACF,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,eAAe,SAAS,MAAM,GAAG;AACvC,UAAM,cAAc,aAAa,aAAa,SAAS,CAAC;AAExD,YAAQ,aAAa;AAAA,MACnB,KAAK;AACH,eAAO,MAAM,gBAAgB;AAAA,MAC/B,KAAK;AACH,eAAO,MAAM,eAAe,SAAS,MAAM;AAAA,MAC7C,KAAK;AACH,eAAO,MAAM,aAAa,SAAS,MAAM;AAAA,MAC3C;AACE,cAAM,IAAI,UAAU,uBAAuB,QAAQ,IAAI,GAAG;AAAA,IAC9D;AAAA,EACF,SAAS,OAAO;AACd,WAAO,MAAM,uBAAuB,KAAK;AAEzC,UAAM,SAAS,iBAAiB,YAAY,MAAM,SAAS;AAC3D,UAAM,UACJ,iBAAiB,QAAQ,MAAM,UAAU;AAE3C,UAAM,WAAWA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,OAAO,CAAC;AAEjE,qBAAiB;AACjB,WAAO;AAAA,EACT;AACF;","names":["getUser","NextResponse","NextResponse"]}
|
|
1
|
+
{"version":3,"sources":["../src/nextjs/cookies.ts","../src/nextjs/GetUser.ts","../src/nextjs/middleware.ts","../src/nextjs/routeHandler.ts"],"sourcesContent":["import { SessionData, UnknownObject, User } from \"@/types\";\nimport { NextResponse } from \"next/server\";\nimport { AuthConfig } from \"@/nextjs/config\";\nimport { CookieStorage, CookieStorageSettings } from \"@/server\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { clearTokens } from \"@/shared/util\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n response: NextResponse,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n const maxAge = sessionData.expiresIn ?? 3600;\n const cookieOptions = {\n ...config.cookies?.tokens,\n maxAge,\n };\n\n if (sessionData.accessToken) {\n response.cookies.set(\"access_token\", sessionData.accessToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.idToken) {\n response.cookies.set(\"id_token\", sessionData.idToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n\n if (sessionData.refreshToken) {\n response.cookies.set(\"refresh_token\", sessionData.refreshToken, {\n ...cookieOptions,\n httpOnly: true,\n });\n }\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n response: NextResponse,\n user: User<UnknownObject> | null,\n sessionData: SessionData,\n config: AuthConfig,\n) => {\n if (!user) {\n response.cookies.set(\"user\", \"\", {\n ...config.cookies?.user,\n maxAge: 0,\n });\n return;\n }\n const maxAge = sessionData.expiresIn ?? 3600;\n\n // TODO select fields to include in the user cookie\n const frontendUser = {\n ...user,\n };\n\n // TODO make call to get user info from the\n // auth server /userinfo endpoint when it's available\n // then add to the default claims above\n\n response.cookies.set(\"user\", JSON.stringify(frontendUser), {\n ...config.cookies?.user,\n maxAge,\n });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async () => {\n // clear session, and tokens\n const cookieStorage = new NextjsCookieStorage();\n clearTokens(cookieStorage);\n\n // clear user\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n userSession.set(null);\n};\n\nclass NextjsCookieStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: false,\n httpOnly: true,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n constructor(config: Partial<CookieStorageSettings> = {}) {\n super({\n ...config,\n secure: false,\n httpOnly: false,\n });\n }\n\n get(key: string): string | null {\n return cookies().get(key)?.value || null;\n }\n\n set(key: string, value: string): void {\n cookies().set(key, value, this.settings);\n }\n}\n\nexport {\n createTokenCookies,\n createUserInfoCookie,\n clearAuthCookies,\n NextjsCookieStorage,\n NextjsClientStorage,\n};\n","/**\n * Used on the server-side to get the user object from the cookie\n */\nimport { User } from \"@/types\";\nimport { GenericUserSession } from \"@/shared/UserSession\";\nimport { NextjsClientStorage } from \"@/nextjs/cookies\";\n\nexport const getUser = (): User | null => {\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n return userSession.get();\n};\n","/**\n * Authenticates the user on all requests by checking the token cookie\n *\n * Usage:\n * Option 1: use if no other middleware (e.g. no next-intl etc)\n * export default authMiddleware();\n *\n * Option 2: use if other middleware is needed - default auth config\n * export default withAuth((request) => {\n * console.log('in custom middleware', request.nextUrl.pathname);\n * return NextResponse.next();\n * })\n *\n * Option 3: use if other middleware is needed - specifying auth config\n * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })\n * export default withCivicAuth((request) => {\n * console.log('in custom middleware', request.url);\n * return NextResponse.next();\n * })\n *\n */\nimport { NextRequest, NextResponse } from \"next/server.js\";\nimport picomatch from \"picomatch\";\nimport {\n AuthConfig,\n defaultAuthConfig,\n resolveAuthConfig,\n} from \"@/nextjs/config.js\";\n\ntype Middleware = (\n request: NextRequest,\n) => Promise<NextResponse> | NextResponse;\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchGlob = (pathname: string, globPattern: string) => {\n const matches = picomatch(globPattern);\n return matches(pathname);\n};\n\n// Matches globs:\n// Examples:\n// /user\n// /user/*\n// /user/**/info\nconst matchesGlobs = (pathname: string, patterns: string[]) =>\n patterns.some((pattern) => {\n if (!pattern) return false;\n console.log(\"matching\", {\n pattern,\n pathname,\n match: matchGlob(pathname, pattern),\n });\n return matchGlob(pathname, pattern);\n });\n\n// internal - used by all exported functions\nconst applyAuth = async (\n authConfig: AuthConfig,\n request: NextRequest,\n): Promise<NextResponse | undefined> => {\n const authConfigWithDefaults = resolveAuthConfig(authConfig);\n\n // Check for any valid auth token\n const isAuthenticated = !!request.cookies.get(\"id_token\");\n\n // skip auth check for login url\n if (request.nextUrl.pathname === authConfigWithDefaults.loginUrl) {\n console.log(\"→ Skipping auth check - this is the login URL\");\n return undefined;\n }\n\n if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {\n console.log(\"→ Skipping auth check - path not in include patterns\");\n return undefined;\n }\n\n if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {\n console.log(\"→ Skipping auth check - path in exclude patterns\");\n return undefined;\n }\n\n // Check for either token type\n if (!isAuthenticated) {\n console.log(\"→ No valid token found - redirecting to login\");\n const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);\n return NextResponse.redirect(loginUrl);\n }\n\n console.log(\"→ Auth check passed\");\n return undefined;\n};\n\n/**\n *\n * Use this when auth is the only middleware you need.\n * Usage:\n *\n * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();\n *\n */\nexport const authMiddleware =\n (authConfig = defaultAuthConfig) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n\n // NextJS doesn't do middleware chaining yet, so this does not mean\n // \"call the next middleware\" - it means \"continue to the route handler\"\n return NextResponse.next();\n };\n\n/**\n * Usage:\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n */\n// use this when you have your own middleware to chain\nexport function withAuth(\n middleware: Middleware,\n): (request: NextRequest) => Promise<NextResponse> {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth({}, request);\n if (response) return response;\n return middleware(request);\n };\n}\n\n/**\n * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)\n *\n * Usage:\n *\n * const withAuth = auth({ loginUrl = '/login' }); // or just auth();\n *\n * export default withAuth(async (request) => {\n * console.log('my middleware');\n * return NextResponse.next();\n * })\n *\n */\nexport function auth(authConfig: AuthConfig = {}) {\n return (\n middleware: Middleware,\n ): ((request: NextRequest) => Promise<NextResponse>) => {\n return async (request: NextRequest): Promise<NextResponse> => {\n const response = await applyAuth(authConfig, request);\n if (response) return response;\n return middleware(request);\n };\n };\n}\n","import { NextRequest, NextResponse } from \"next/server.js\";\nimport { revalidatePath } from \"next/cache.js\";\nimport { AuthConfig, resolveAuthConfig } from \"@/nextjs/config.js\";\nimport { loggers } from \"@/lib/logger.js\";\nimport {\n clearAuthCookies,\n NextjsClientStorage,\n NextjsCookieStorage,\n} from \"@/nextjs/cookies.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { resolveOAuthAccessCode } from \"@/server/login.js\";\nimport { getUser } from \"@/shared/session.js\";\nimport { resolveCallbackUrl } from \"@/nextjs/utils.js\";\nimport { GenericUserSession } from \"@/shared/UserSession.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nclass AuthError extends Error {\n constructor(\n message: string,\n public readonly status: number = 401,\n ) {\n super(message);\n this.name = \"AuthError\";\n }\n}\n\n/**\n * create a code verifier and challenge for PKCE\n * saving the verifier in a cookie for later use\n * @returns {Promise<NextResponse>}\n */\nasync function handleChallenge(): Promise<NextResponse> {\n const cookieStorage = new NextjsCookieStorage();\n const pkceProducer = new GenericPublicClientPKCEProducer(cookieStorage);\n\n const challenge = await pkceProducer.getCodeChallenge();\n\n return NextResponse.json({ status: \"success\", challenge });\n}\n\nasync function handleCallback(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const code = request.nextUrl.searchParams.get(\"code\");\n const state = request.nextUrl.searchParams.get(\"state\");\n if (!code || !state) throw new AuthError(\"Bad parameters\", 400);\n\n const cookieStorage = new NextjsCookieStorage();\n\n const resolvedConfigs = resolveAuthConfig(config);\n const callbackUrl = resolveCallbackUrl(resolvedConfigs, request.url);\n\n try {\n await resolveOAuthAccessCode(code, state, cookieStorage, {\n ...resolvedConfigs,\n redirectUrl: callbackUrl,\n });\n } catch (error) {\n logger.error(\"Token exchange failed:\", error);\n throw new AuthError(\"Failed to authenticate user\", 401);\n }\n\n const user = await getUser(cookieStorage);\n if (!user) {\n throw new AuthError(\"Failed to get user info\", 401);\n }\n\n const clientStorage = new NextjsClientStorage();\n const userSession = new GenericUserSession(clientStorage);\n\n userSession.set(user);\n\n // return an empty HTML response so the iframe doesn't show any response\n // in the short moment between the redirect and the parent window\n // acknowledging the redirect and closing the iframe\n const response = new NextResponse(`<html></html>`);\n response.headers.set(\"Content-Type\", \"text/html; charset=utf-8\");\n return response;\n}\n\n/**\n * If redirectPath is an absolute path, return it as-is.\n * Otherwise for relative paths, append it to the current domain.\n * @param redirectPath\n * @returns\n */\nconst getAbsoluteRedirectPath = (\n redirectPath: string,\n currentBasePath: string,\n) => {\n // Check if the redirectPath is an absolute URL\n if (/^(https?:\\/\\/|www\\.).+/i.test(redirectPath)) {\n return redirectPath; // Return as-is if it's an absolute URL\n }\n return new URL(redirectPath, currentBasePath).href;\n};\n\nasync function handleLogout(\n request: NextRequest,\n config: AuthConfig,\n): Promise<NextResponse> {\n const resolvedConfigs = resolveAuthConfig(config);\n const defaultRedirectPath = resolvedConfigs.loginUrl ?? \"/\";\n const redirectTarget =\n new URL(request.url).searchParams.get(\"redirect\") || defaultRedirectPath;\n const isAbsoluteRedirect = /^(https?:\\/\\/|www\\.).+/i.test(redirectTarget);\n const finalRedirectUrl = getAbsoluteRedirectPath(\n redirectTarget,\n new URL(request.url).origin,\n );\n\n const response = NextResponse.redirect(finalRedirectUrl);\n\n clearAuthCookies();\n\n try {\n revalidatePath(isAbsoluteRedirect ? finalRedirectUrl : redirectTarget);\n } catch (error) {\n logger.warn(\"Failed to revalidate path after logout:\", error);\n }\n\n return response;\n}\n\n/**\n * Creates an authentication handler for Next.js API routes\n *\n * Usage:\n * ```ts\n * // app/api/auth/[...civicauth]/route.ts\n * import { handler } from '@civic/auth/nextjs'\n * export const GET = handler({\n * // optional config overrides\n * })\n * ```\n */\nexport const handler =\n (authConfig = {}) =>\n async (request: NextRequest): Promise<NextResponse> => {\n const config = resolveAuthConfig(authConfig);\n\n try {\n const pathname = request.nextUrl.pathname;\n const pathSegments = pathname.split(\"/\");\n const lastSegment = pathSegments[pathSegments.length - 1];\n\n switch (lastSegment) {\n case \"challenge\":\n return await handleChallenge();\n case \"callback\":\n return await handleCallback(request, config);\n case \"logout\":\n return await handleLogout(request, config);\n default:\n throw new AuthError(`Invalid auth route: ${pathname}`, 404);\n }\n } catch (error) {\n logger.error(\"Auth handler error:\", error);\n\n const status = error instanceof AuthError ? error.status : 500;\n const message =\n error instanceof Error ? error.message : \"Authentication failed\";\n\n const response = NextResponse.json({ error: message }, { status });\n\n clearAuthCookies();\n return response;\n }\n };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAIA,SAAS,eAAe;AA4ExB,IAAM,mBAAmB,MAAY;AAEnC,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,cAAY,aAAa;AAGzB,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,cAAY,IAAI,IAAI;AACtB;AAEA,IAAM,sBAAN,cAAkC,cAAc;AAAA,EAC9C,YAAY,SAAyC,CAAC,GAAG;AACvD,UAAM,iCACD,SADC;AAAA,MAEJ,QAAQ;AAAA,MACR,UAAU;AAAA,IACZ,EAAC;AAAA,EACH;AAAA,EAEA,IAAI,KAA4B;AApGlC;AAqGI,aAAO,aAAQ,EAAE,IAAI,GAAG,MAAjB,mBAAoB,UAAS;AAAA,EACtC;AAAA,EAEA,IAAI,KAAa,OAAqB;AACpC,YAAQ,EAAE,IAAI,KAAK,OAAO,KAAK,QAAQ;AAAA,EACzC;AACF;AAEA,IAAM,sBAAN,cAAkC,cAAc;AAAA,EAC9C,YAAY,SAAyC,CAAC,GAAG;AACvD,UAAM,iCACD,SADC;AAAA,MAEJ,QAAQ;AAAA,MACR,UAAU;AAAA,IACZ,EAAC;AAAA,EACH;AAAA,EAEA,IAAI,KAA4B;AAtHlC;AAuHI,aAAO,aAAQ,EAAE,IAAI,GAAG,MAAjB,mBAAoB,UAAS;AAAA,EACtC;AAAA,EAEA,IAAI,KAAa,OAAqB;AACpC,YAAQ,EAAE,IAAI,KAAK,OAAO,KAAK,QAAQ;AAAA,EACzC;AACF;;;ACtHO,IAAMA,WAAU,MAAmB;AACxC,QAAM,gBAAgB,IAAI,oBAAoB;AAC9C,QAAM,cAAc,IAAI,mBAAmB,aAAa;AACxD,SAAO,YAAY,IAAI;AACzB;;;ACUA,SAAsB,oBAAoB;AAC1C,OAAO,eAAe;AAgBtB,IAAM,YAAY,CAAC,UAAkB,gBAAwB;AAC3D,QAAM,UAAU,UAAU,WAAW;AACrC,SAAO,QAAQ,QAAQ;AACzB;AAOA,IAAM,eAAe,CAAC,UAAkB,aACtC,SAAS,KAAK,CAAC,YAAY;AACzB,MAAI,CAAC,QAAS,QAAO;AACrB,UAAQ,IAAI,YAAY;AAAA,IACtB;AAAA,IACA;AAAA,IACA,OAAO,UAAU,UAAU,OAAO;AAAA,EACpC,CAAC;AACD,SAAO,UAAU,UAAU,OAAO;AACpC,CAAC;AAGH,IAAM,YAAY,CAChB,YACA,YACsC;AACtC,QAAM,yBAAyB,kBAAkB,UAAU;AAG3D,QAAM,kBAAkB,CAAC,CAAC,QAAQ,QAAQ,IAAI,UAAU;AAGxD,MAAI,QAAQ,QAAQ,aAAa,uBAAuB,UAAU;AAChE,YAAQ,IAAI,oDAA+C;AAC3D,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC3E,YAAQ,IAAI,2DAAsD;AAClE,WAAO;AAAA,EACT;AAEA,MAAI,aAAa,QAAQ,QAAQ,UAAU,uBAAuB,OAAO,GAAG;AAC1E,YAAQ,IAAI,uDAAkD;AAC9D,WAAO;AAAA,EACT;AAGA,MAAI,CAAC,iBAAiB;AACpB,YAAQ,IAAI,oDAA+C;AAC3D,UAAM,WAAW,IAAI,IAAI,uBAAuB,UAAU,QAAQ,GAAG;AACrE,WAAO,aAAa,SAAS,QAAQ;AAAA,EACvC;AAEA,UAAQ,IAAI,0BAAqB;AACjC,SAAO;AACT;AAUO,IAAM,iBACX,CAAC,aAAa,sBACd,CAAO,YAAgD;AACrD,QAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,MAAI,SAAU,QAAO;AAIrB,SAAO,aAAa,KAAK;AAC3B;AAWK,SAAS,SACd,YACiD;AACjD,SAAO,CAAO,YAAgD;AAC5D,UAAM,WAAW,MAAM,UAAU,CAAC,GAAG,OAAO;AAC5C,QAAI,SAAU,QAAO;AACrB,WAAO,WAAW,OAAO;AAAA,EAC3B;AACF;AAeO,SAAS,KAAK,aAAyB,CAAC,GAAG;AAChD,SAAO,CACL,eACsD;AACtD,WAAO,CAAO,YAAgD;AAC5D,YAAM,WAAW,MAAM,UAAU,YAAY,OAAO;AACpD,UAAI,SAAU,QAAO;AACrB,aAAO,WAAW,OAAO;AAAA,IAC3B;AAAA,EACF;AACF;;;AC7JA,SAAsB,gBAAAC,qBAAoB;AAC1C,SAAS,sBAAsB;AAc/B,IAAM,SAAS,QAAQ,OAAO,SAAS;AAEvC,IAAM,YAAN,cAAwB,MAAM;AAAA,EAC5B,YACE,SACgB,SAAiB,KACjC;AACA,UAAM,OAAO;AAFG;AAGhB,SAAK,OAAO;AAAA,EACd;AACF;AAOA,SAAe,kBAAyC;AAAA;AACtD,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,eAAe,IAAI,gCAAgC,aAAa;AAEtE,UAAM,YAAY,MAAM,aAAa,iBAAiB;AAEtD,WAAOC,cAAa,KAAK,EAAE,QAAQ,WAAW,UAAU,CAAC;AAAA,EAC3D;AAAA;AAEA,SAAe,eACb,SACA,QACuB;AAAA;AACvB,UAAM,OAAO,QAAQ,QAAQ,aAAa,IAAI,MAAM;AACpD,UAAM,QAAQ,QAAQ,QAAQ,aAAa,IAAI,OAAO;AACtD,QAAI,CAAC,QAAQ,CAAC,MAAO,OAAM,IAAI,UAAU,kBAAkB,GAAG;AAE9D,UAAM,gBAAgB,IAAI,oBAAoB;AAE9C,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,cAAc,mBAAmB,iBAAiB,QAAQ,GAAG;AAEnE,QAAI;AACF,YAAM,uBAAuB,MAAM,OAAO,eAAe,iCACpD,kBADoD;AAAA,QAEvD,aAAa;AAAA,MACf,EAAC;AAAA,IACH,SAAS,OAAO;AACd,aAAO,MAAM,0BAA0B,KAAK;AAC5C,YAAM,IAAI,UAAU,+BAA+B,GAAG;AAAA,IACxD;AAEA,UAAM,OAAO,MAAM,QAAQ,aAAa;AACxC,QAAI,CAAC,MAAM;AACT,YAAM,IAAI,UAAU,2BAA2B,GAAG;AAAA,IACpD;AAEA,UAAM,gBAAgB,IAAI,oBAAoB;AAC9C,UAAM,cAAc,IAAI,mBAAmB,aAAa;AAExD,gBAAY,IAAI,IAAI;AAKpB,UAAM,WAAW,IAAIA,cAAa,eAAe;AACjD,aAAS,QAAQ,IAAI,gBAAgB,0BAA0B;AAC/D,WAAO;AAAA,EACT;AAAA;AAQA,IAAM,0BAA0B,CAC9B,cACA,oBACG;AAEH,MAAI,0BAA0B,KAAK,YAAY,GAAG;AAChD,WAAO;AAAA,EACT;AACA,SAAO,IAAI,IAAI,cAAc,eAAe,EAAE;AAChD;AAEA,SAAe,aACb,SACA,QACuB;AAAA;AAtGzB;AAuGE,UAAM,kBAAkB,kBAAkB,MAAM;AAChD,UAAM,uBAAsB,qBAAgB,aAAhB,YAA4B;AACxD,UAAM,iBACJ,IAAI,IAAI,QAAQ,GAAG,EAAE,aAAa,IAAI,UAAU,KAAK;AACvD,UAAM,qBAAqB,0BAA0B,KAAK,cAAc;AACxE,UAAM,mBAAmB;AAAA,MACvB;AAAA,MACA,IAAI,IAAI,QAAQ,GAAG,EAAE;AAAA,IACvB;AAEA,UAAM,WAAWA,cAAa,SAAS,gBAAgB;AAEvD,qBAAiB;AAEjB,QAAI;AACF,qBAAe,qBAAqB,mBAAmB,cAAc;AAAA,IACvE,SAAS,OAAO;AACd,aAAO,KAAK,2CAA2C,KAAK;AAAA,IAC9D;AAEA,WAAO;AAAA,EACT;AAAA;AAcO,IAAM,UACX,CAAC,aAAa,CAAC,MACf,CAAO,YAAgD;AACrD,QAAM,SAAS,kBAAkB,UAAU;AAE3C,MAAI;AACF,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,eAAe,SAAS,MAAM,GAAG;AACvC,UAAM,cAAc,aAAa,aAAa,SAAS,CAAC;AAExD,YAAQ,aAAa;AAAA,MACnB,KAAK;AACH,eAAO,MAAM,gBAAgB;AAAA,MAC/B,KAAK;AACH,eAAO,MAAM,eAAe,SAAS,MAAM;AAAA,MAC7C,KAAK;AACH,eAAO,MAAM,aAAa,SAAS,MAAM;AAAA,MAC3C;AACE,cAAM,IAAI,UAAU,uBAAuB,QAAQ,IAAI,GAAG;AAAA,IAC9D;AAAA,EACF,SAAS,OAAO;AACd,WAAO,MAAM,uBAAuB,KAAK;AAEzC,UAAM,SAAS,iBAAiB,YAAY,MAAM,SAAS;AAC3D,UAAM,UACJ,iBAAiB,QAAQ,MAAM,UAAU;AAE3C,UAAM,WAAWA,cAAa,KAAK,EAAE,OAAO,QAAQ,GAAG,EAAE,OAAO,CAAC;AAEjE,qBAAiB;AACjB,WAAO;AAAA,EACT;AACF;","names":["getUser","NextResponse","NextResponse"]}
|
package/dist/react.d.mts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { JWT } from 'oslo/jwt';
|
|
2
|
-
import { D as DisplayMode, U as User, F as ForwardedTokens,
|
|
2
|
+
import { D as DisplayMode, U as User, F as ForwardedTokens, C as Config, S as SessionData, a as UnknownObject } from './index-Bfi0hVMZ.mjs';
|
|
3
|
+
import { ReactNode, RefObject, Dispatch, SetStateAction } from 'react';
|
|
3
4
|
import * as react_jsx_runtime from 'react/jsx-runtime';
|
|
4
|
-
import
|
|
5
|
-
import { OAuth2Client } from 'oslo/oauth2';
|
|
5
|
+
import 'oslo/oauth2';
|
|
6
6
|
|
|
7
7
|
type AuthContextType = {
|
|
8
8
|
signIn: (displayMode?: DisplayMode) => Promise<void>;
|
|
@@ -25,45 +25,8 @@ type TokenContextType = {
|
|
|
25
25
|
error: Error | null;
|
|
26
26
|
};
|
|
27
27
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
readonly redirectUrl: string;
|
|
31
|
-
readonly oauthServer: string;
|
|
32
|
-
readonly inputEndpoints?: Partial<Endpoints> | undefined;
|
|
33
|
-
private endpoints;
|
|
34
|
-
private oauth2Client;
|
|
35
|
-
private userInfoService;
|
|
36
|
-
private codeVerifier;
|
|
37
|
-
private refreshTokenTimeout;
|
|
38
|
-
constructor(clientId: string, redirectUrl: string, oauthServer: string, inputEndpoints?: Partial<Endpoints> | undefined);
|
|
39
|
-
protected getCodeVerifier(): string;
|
|
40
|
-
getUserInfoService(): Promise<UserInfoService>;
|
|
41
|
-
protected getEndpoints(): Promise<Endpoints>;
|
|
42
|
-
protected getOauth2Client(): Promise<OAuth2Client>;
|
|
43
|
-
getSessionData(): SessionData;
|
|
44
|
-
updateSessionData(data: Partial<SessionData>): void;
|
|
45
|
-
getUser(): User<UnknownObject> | null;
|
|
46
|
-
setUser(data: User<UnknownObject> | null): void;
|
|
47
|
-
clearSessionData(): void;
|
|
48
|
-
getAuthorizationUrlWithChallenge(state: string, scopes: string[]): Promise<URL>;
|
|
49
|
-
getAuthorizationUrl(scopes: string[], displayMode: DisplayMode, nonce?: string): Promise<string>;
|
|
50
|
-
loadAuthorizationUrl(authorizationURL: string, displayMode: DisplayMode): void;
|
|
51
|
-
init(): Promise<this>;
|
|
52
|
-
logout(): Promise<void>;
|
|
53
|
-
determineDisplayMode(displayMode: DisplayMode): DisplayMode;
|
|
54
|
-
signIn(displayMode: DisplayMode, scopes: string[], nonce: string): Promise<void>;
|
|
55
|
-
tokenExchange(responseUrl: string): Promise<SessionData>;
|
|
56
|
-
private setupTokenRefresh;
|
|
57
|
-
refreshToken(): Promise<SessionData>;
|
|
58
|
-
getUserInfo<T extends UnknownObject>(): Promise<User<T> | null>;
|
|
59
|
-
/**
|
|
60
|
-
* Uses the jose library to validate a JWT token using the OAuth JWKS endpoint
|
|
61
|
-
* @returns {Promise<jose.JWTPayload>}
|
|
62
|
-
* @throws {Error} if the token is invalid
|
|
63
|
-
* @param tokens
|
|
64
|
-
*/
|
|
65
|
-
validateTokens(tokens: OIDCTokenResponseBody): Promise<ParsedTokens>;
|
|
66
|
-
validateExistingSession(): Promise<SessionData>;
|
|
28
|
+
interface PKCEConsumer {
|
|
29
|
+
getCodeChallenge(): Promise<string>;
|
|
67
30
|
}
|
|
68
31
|
|
|
69
32
|
type AuthProviderProps = {
|
|
@@ -74,11 +37,16 @@ type AuthProviderProps = {
|
|
|
74
37
|
config?: Config;
|
|
75
38
|
onSignIn?: (error?: Error) => void;
|
|
76
39
|
onSignOut?: () => void;
|
|
77
|
-
|
|
78
|
-
|
|
40
|
+
pkceConsumer?: PKCEConsumer;
|
|
41
|
+
modalIframe?: boolean;
|
|
79
42
|
};
|
|
80
43
|
|
|
81
|
-
type
|
|
44
|
+
type SessionProviderOutput = SessionData & {
|
|
45
|
+
iframeRef: RefObject<HTMLIFrameElement> | null;
|
|
46
|
+
setAuthResponseUrl: Dispatch<SetStateAction<string | null>>;
|
|
47
|
+
};
|
|
48
|
+
|
|
49
|
+
type CivicAuthProviderProps = Omit<AuthProviderProps, "pkceConsumer">;
|
|
82
50
|
declare const CivicAuthProvider: ({ children, ...props }: CivicAuthProviderProps) => react_jsx_runtime.JSX.Element;
|
|
83
51
|
|
|
84
52
|
type UserContextType = {
|
|
@@ -96,7 +64,21 @@ declare const useToken: () => TokenContextType;
|
|
|
96
64
|
|
|
97
65
|
declare const useAuth: () => AuthContextType;
|
|
98
66
|
|
|
99
|
-
declare const useSession: () =>
|
|
67
|
+
declare const useSession: () => SessionProviderOutput;
|
|
68
|
+
|
|
69
|
+
type ConfigProviderOutput = {
|
|
70
|
+
config: Config;
|
|
71
|
+
redirectUrl: string;
|
|
72
|
+
modalIframe: boolean;
|
|
73
|
+
};
|
|
74
|
+
|
|
75
|
+
declare const useConfig: () => ConfigProviderOutput;
|
|
76
|
+
|
|
77
|
+
type CivicAuthIframeContainerProps = {
|
|
78
|
+
onClose?: () => void;
|
|
79
|
+
closeOnRedirect?: boolean;
|
|
80
|
+
};
|
|
81
|
+
declare const CivicAuthIframeContainer: ({ onClose, closeOnRedirect, }: CivicAuthIframeContainerProps) => react_jsx_runtime.JSX.Element;
|
|
100
82
|
|
|
101
83
|
declare const UserButton: ({ displayMode, className, }: {
|
|
102
84
|
displayMode?: DisplayMode;
|
|
@@ -116,4 +98,4 @@ declare const NextLogOut: ({ children }: {
|
|
|
116
98
|
children: ReactNode;
|
|
117
99
|
}) => react_jsx_runtime.JSX.Element;
|
|
118
100
|
|
|
119
|
-
export { type AuthContextType, CivicAuthProvider, type CivicAuthProviderProps, CivicNextAuthProvider, type NextCivicAuthProviderProps, NextLogOut, SignInButton, SignOutButton, type TokenContextType, UserButton, type UserContextType$1 as UserContextType, useAuth, useNextUser, useSession, useToken, useUser, useUserCookie };
|
|
101
|
+
export { type AuthContextType, CivicAuthIframeContainer, CivicAuthProvider, type CivicAuthProviderProps, CivicNextAuthProvider, type NextCivicAuthProviderProps, NextLogOut, SignInButton, SignOutButton, type TokenContextType, UserButton, type UserContextType$1 as UserContextType, useAuth, useConfig, useNextUser, useSession, useToken, useUser, useUserCookie };
|