@civic/auth 0.1.3 → 0.1.4-beta.1

package/src/nextjs/cookies.ts

@@ -1,162 +0,0 @@
-import type { SessionData, UnknownObject, User } from "@/types.js";
-import type { AuthConfig } from "@/nextjs/config.js";
-import { cookies } from "next/headers.js";
-import { GenericUserSession } from "@/shared/lib/UserSession.js";
-import { clearTokens } from "@/shared/lib/util.js";
-import type {
-  CodeVerifier,
-  CookieConfig,
-  OAuthTokens,
-  TokensCookieConfig,
-} from "@/shared/lib/types.js";
-import {
-  CookieStorage,
-  type CookieStorageSettings,
-} from "@/shared/lib/storage.js";
-
-/**
- * Creates HTTP-only cookies for authentication tokens
- */
-const createTokenCookies = (
-  response: Response,
-  sessionData: SessionData,
-  config: AuthConfig,
-) => {
-  const maxAge = sessionData.expiresIn ?? 3600;
-  const cookieOptions = {
-    ...config.cookies?.tokens,
-    maxAge,
-  };
-
-  if (sessionData.accessToken) {
-    setCookie(response, "access_token", sessionData.accessToken, {
-      ...cookieOptions,
-      httpOnly: true,
-    });
-  }
-
-  if (sessionData.idToken) {
-    setCookie(response, "id_token", sessionData.idToken, {
-      ...cookieOptions,
-      httpOnly: true,
-    });
-  }
-
-  if (sessionData.refreshToken) {
-    setCookie(response, "refresh_token", sessionData.refreshToken, {
-      ...cookieOptions,
-      httpOnly: true,
-    });
-  }
-};
-
-const setCookie = (
-  response: Response,
-  key: string,
-  value: string,
-  cookieData: CookieConfig,
-) => {
-  response.headers.set(
-    "Set-Cookie",
-    `${key}=${value}; Path=${cookieData.path}; Domain=${cookieData.domain}; Max-Age=${cookieData.maxAge}; Secure; HttpOnly; SameSite=${cookieData.sameSite}`,
-  );
-};
-
-/**
- * Creates a client-readable cookie with user info
- */
-const createUserInfoCookie = (
-  response: Response,
-  user: User<UnknownObject> | null,
-  sessionData: SessionData,
-  config: AuthConfig,
-) => {
-  if (!user) {
-    // unset the "user" cookie
-    setCookie(response, "user", "", {
-      ...config.cookies?.user,
-      maxAge: 0,
-    });
-    return;
-  }
-  const maxAge = sessionData.expiresIn ?? 3600;
-
-  // TODO select fields to include in the user cookie
-  const frontendUser = {
-    ...user,
-  };
-
-  // TODO make call to get user info from the
-  // auth server /userinfo endpoint when it's available
-  // then add to the default claims above
-
-  setCookie(response, "user", JSON.stringify(frontendUser), {
-    ...config.cookies?.user,
-    maxAge,
-  });
-};
-
-/**
- * Clears all authentication cookies
- */
-const clearAuthCookies = async (config: AuthConfig) => {
-  // clear session, and tokens
-  const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens);
-  await clearTokens(cookieStorage);
-
-  // clear user
-  const clientStorage = new NextjsClientStorage();
-  const userSession = new GenericUserSession(clientStorage);
-  await userSession.set(null);
-};
-
-type KeySetter = OAuthTokens | CodeVerifier;
-class NextjsCookieStorage extends CookieStorage {
-  constructor(readonly config: Partial<TokensCookieConfig> = {}) {
-    super({
-      secure: true,
-      httpOnly: true,
-    });
-  }
-
-  async get(key: string): Promise<string | null> {
-    const cookieStore = await cookies();
-    return cookieStore.get(key)?.value || null;
-  }
-
-  async set(key: KeySetter, value: string): Promise<void> {
-    const cookieStore = await cookies();
-    const cookieSettings = this.config?.[key as KeySetter] || {
-      ...this.settings,
-    };
-    cookieStore.set(key, value, cookieSettings);
-  }
-}
-
-class NextjsClientStorage extends CookieStorage {
-  constructor(config: Partial<CookieStorageSettings> = {}) {
-    super({
-      ...config,
-      secure: false,
-      httpOnly: false,
-    });
-  }
-
-  async get(key: string): Promise<string | null> {
-    const cookieStore = await cookies();
-    return cookieStore.get(key)?.value || null;
-  }
-
-  async set(key: string, value: string): Promise<void> {
-    const cookieStore = await cookies();
-    cookieStore.set(key, value, this.settings);
-  }
-}
-
-export {
-  createTokenCookies,
-  createUserInfoCookie,
-  clearAuthCookies,
-  NextjsCookieStorage,
-  NextjsClientStorage,
-};

package/src/nextjs/hooks/index.ts

@@ -1 +0,0 @@
-export { useTokenCookie } from "@/nextjs/hooks/useTokenCookie.js";

package/src/nextjs/hooks/useTokenCookie.ts

@@ -1,41 +0,0 @@
-"use client";
-import { useEffect, useRef } from "react";
-import { useRouter } from "next/navigation.js";
-import { useQuery } from "@tanstack/react-query";
-import { getWindowCookieValue } from "@/lib/cookies.js";
-import type { OAuthTokens } from "@/shared/lib/types.js";
-
-const getTokenFromCookie = (tokenName: OAuthTokens): string => {
-  return getWindowCookieValue({
-    key: tokenName,
-    window: globalThis.window,
-    parseJson: false,
-  });
-};
-
-export const useTokenCookie = (tokenName: OAuthTokens): string | null => {
-  const hasRunRef = useRef(false);
-  const router = useRouter();
-
-  const { data: token } = useQuery({
-    queryKey: ["token", tokenName],
-    queryFn: () => getTokenFromCookie(tokenName) || null,
-    refetchInterval: 2000,
-    refetchIntervalInBackground: true,
-    enabled: !hasRunRef.current,
-    refetchOnWindowFocus: true,
-  });
-
-  useEffect(() => {
-    if (token) {
-      if (!hasRunRef.current) {
-        hasRunRef.current = true;
-        router.refresh();
-      }
-    } else {
-      hasRunRef.current = false;
-    }
-  }, [token, router]);
-
-  return token ?? null;
-};

package/src/nextjs/hooks/useUserCookie.ts

@@ -1,41 +0,0 @@
-"use client";
-import { useEffect, useRef } from "react";
-import { useRouter } from "next/navigation.js";
-import { useQuery } from "@tanstack/react-query";
-import { getWindowCookieValue } from "@/lib/cookies.js";
-import type { EmptyObject, User } from "@/types.js";
-import { UserStorage } from "@/shared/lib/types.js";
-
-const getUserFromCookie = () =>
-  getWindowCookieValue({
-    key: UserStorage.USER,
-    window: globalThis.window,
-    parseJson: true,
-  });
-
-export const useUserCookie = <T extends EmptyObject>() => {
-  const hasRunRef = useRef(false);
-  const router = useRouter();
-
-  const { data: user } = useQuery({
-    queryKey: ["user"],
-    queryFn: () => getUserFromCookie() as User<T> | null,
-    refetchInterval: 2000,
-    refetchIntervalInBackground: true,
-    enabled: !hasRunRef.current,
-    refetchOnWindowFocus: true,
-  });
-
-  useEffect(() => {
-    if (user) {
-      if (!hasRunRef.current) {
-        hasRunRef.current = true;
-        router.refresh();
-      }
-    } else {
-      hasRunRef.current = false;
-    }
-  }, [user, router]);
-
-  return user ?? null;
-};

package/src/nextjs/index.ts

@@ -1,20 +0,0 @@
-export { createCivicAuthPlugin } from "@/nextjs/config.js";
-export { getUser } from "@/nextjs/GetUser.js";
-export { handler } from "@/nextjs/routeHandler.js";
-export {
-  createTokenCookies,
-  createUserInfoCookie,
-  clearAuthCookies,
-  NextjsCookieStorage,
-  NextjsClientStorage,
-} from "@/nextjs/cookies.js";
-export type {
-  AuthConfig,
-  CookiesConfigObject,
-  AuthConfigWithDefaults,
-  DefinedAuthConfig,
-} from "@/nextjs/config.js";
-export {
-  CivicNextAuthProvider as CivicAuthProvider,
-  type NextCivicAuthProviderProps as AuthProviderProps,
-} from "@/nextjs/providers/NextAuthProvider.js";

package/src/nextjs/middleware/index.ts

@@ -1 +0,0 @@
-export { authMiddleware, auth, withAuth } from "@/nextjs/middleware.js";

package/src/nextjs/middleware.ts

@@ -1,155 +0,0 @@
-/**
- * Authenticates the user on all requests by checking the token cookie
- *
- * Usage:
- * Option 1: use if no other middleware (e.g. no next-intl etc)
- * export default authMiddleware();
- *
- * Option 2: use if other middleware is needed - default auth config
- * export default withAuth((request) => {
- *    console.log('in custom middleware', request.nextUrl.pathname);
- *    return NextResponse.next();
- * })
- *
- * Option 3: use if other middleware is needed - specifying auth config
- * const withCivicAuth = auth({ loginUrl: '/login', include: ['/[.*]/user'] })
- * export default withCivicAuth((request) => {
- *   console.log('in custom middleware', request.url);
- *   return NextResponse.next();
- * })
- *
- */
-import type { NextRequest } from "next/server.js";
-import { NextResponse } from "next/server.js";
-import picomatch from "picomatch";
-import type { AuthConfig } from "@/nextjs/config.js";
-import { resolveAuthConfig } from "@/nextjs/config.js";
-
-type Middleware = (
-  request: NextRequest,
-) => Promise<NextResponse> | NextResponse;
-
-// Matches globs:
-// Examples:
-// /user
-// /user/*
-// /user/**/info
-const matchGlob = (pathname: string, globPattern: string) => {
-  const matches = picomatch(globPattern);
-  return matches(pathname);
-};
-
-// Matches globs:
-// Examples:
-// /user
-// /user/*
-// /user/**/info
-const matchesGlobs = (pathname: string, patterns: string[]) =>
-  patterns.some((pattern) => {
-    if (!pattern) return false;
-    console.log("matching", {
-      pattern,
-      pathname,
-      match: matchGlob(pathname, pattern),
-    });
-    return matchGlob(pathname, pattern);
-  });
-
-// internal - used by all exported functions
-const applyAuth = async (
-  authConfig: AuthConfig,
-  request: NextRequest,
-): Promise<NextResponse | undefined> => {
-  const authConfigWithDefaults = resolveAuthConfig(authConfig);
-  // Check for any valid auth token
-  const isAuthenticated = !!request.cookies.get("id_token");
-
-  // skip auth check for redirect to login url
-  if (
-    request.nextUrl.pathname === authConfigWithDefaults.loginUrl &&
-    request.method === "GET"
-  ) {
-    console.log("→ Skipping auth check - this is the login URL");
-    return undefined;
-  }
-
-  if (!matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.include)) {
-    console.log("→ Skipping auth check - path not in include patterns");
-    return undefined;
-  }
-
-  if (matchesGlobs(request.nextUrl.pathname, authConfigWithDefaults.exclude)) {
-    console.log("→ Skipping auth check - path in exclude patterns");
-    return undefined;
-  }
-
-  // Check for either token type
-  if (!isAuthenticated) {
-    const loginUrl = new URL(authConfigWithDefaults.loginUrl, request.url);
-    console.log("→ No valid token found - redirecting to login", loginUrl);
-    return NextResponse.redirect(loginUrl);
-  }
-
-  console.log("→ Auth check passed");
-  return undefined;
-};
-
-/**
- *
- * Use this when auth is the only middleware you need.
- * Usage:
- *
- * export default authMiddleware({ loginUrl = '/login' }); // or just authMiddleware();
- *
- */
-export const authMiddleware =
-  (authConfig: Partial<AuthConfig> = {}) =>
-  async (request: NextRequest): Promise<NextResponse> => {
-    const response = await applyAuth(authConfig, request);
-    if (response) return response;
-
-    // NextJS doesn't do middleware chaining yet, so this does not mean
-    // "call the next middleware" - it means "continue to the route handler"
-    return NextResponse.next();
-  };
-
-/**
- * Usage:
- *
- * export default withAuth(async (request) => {
- *    console.log('my middleware');
- *    return NextResponse.next();
- *  })
- */
-// use this when you have your own middleware to chain
-export function withAuth(
-  middleware: Middleware,
-): (request: NextRequest) => Promise<NextResponse> {
-  return auth()(middleware);
-}
-
-/**
- * Use this when you want to configure the middleware here (an alternative is to do it in the next.config file)
- *
- * Usage:
- *
- * const withAuth = auth({ loginUrl = '/login' }); // or just auth();
- *
- * export default withAuth(async (request) => {
- *    console.log('my middleware');
- *    return NextResponse.next();
- *  })
- *
- */
-export function auth(authConfig: AuthConfig = {}) {
-  return (
-    middleware: Middleware,
-  ): ((request: NextRequest) => Promise<NextResponse>) => {
-    return async (request: NextRequest): Promise<NextResponse> => {
-      const response = await applyAuth(authConfig, request);
-      if (response) return response;
-
-      return middleware(request);
-    };
-  };
-}

package/src/nextjs/providers/NextAuthProvider.tsx

@@ -1,87 +0,0 @@
-"use client";
-/**
- * A very small context provider for the user object - it takes the user object from the cookie and provides it to the app.
- */
-import React, { useEffect, useState } from "react";
-import type { AuthProviderProps } from "@/shared/providers/AuthProvider.js";
-import { AuthProvider } from "@/shared/providers/AuthProvider.js";
-import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
-import type { User } from "@/types.js";
-import { resolveAuthConfig } from "@/nextjs/config.js";
-import { resolveCallbackUrl } from "@/nextjs/utils.js";
-import { ConfidentialClientPKCEConsumer } from "@/services/PKCE.js";
-import { NextjsClientStorage } from "@/nextjs/cookies.js";
-import { UserProvider } from "@/shared/providers/UserProvider.js";
-import { OAuthTokens } from "@/shared/lib/types.js";
-import { useUserCookie } from "@/nextjs/hooks/useUserCookie.js";
-import { useTokenCookie } from "@/nextjs/hooks/index.js";
-
-const queryClient = new QueryClient();
-
-type NextCivicAuthProviderProps = Omit<AuthProviderProps, "clientId">;
-
-const CivicNextAuthProviderInternal = ({
-  children,
-  ...props
-}: NextCivicAuthProviderProps) => {
-  const [redirectUrl, setRedirectUrl] = useState<string>("");
-  const resolvedConfig = resolveAuthConfig();
-  const { clientId, oauthServer, callbackUrl, challengeUrl, logoutUrl } =
-    resolvedConfig;
-
-  useEffect(() => {
-    if (typeof globalThis.window !== "undefined") {
-      const appUrl = globalThis.window.location.origin;
-      setRedirectUrl(resolveCallbackUrl(resolvedConfig, appUrl));
-    }
-  }, [callbackUrl, resolvedConfig]);
-
-  const user = useUserCookie();
-  const idToken = useTokenCookie(OAuthTokens.ID_TOKEN);
-  const combinedUser = user ? ({ ...(user || {}), idToken } as User) : null;
-  const sessionData = {
-    authenticated: !!user,
-    ...(idToken ? { idToken } : {}),
-  };
-  const signOut = async (): Promise<void> => {
-    if (props.onSignOut) {
-      await props.onSignOut();
-    }
-    const appUrl = globalThis.window.location.origin;
-    window.location.href = `${logoutUrl}?appUrl=${appUrl}`;
-    return;
-  };
-  return (
-    <AuthProvider
-      {...props}
-      redirectUrl={redirectUrl}
-      config={{ oauthServer }}
-      clientId={clientId}
-      pkceConsumer={new ConfidentialClientPKCEConsumer(challengeUrl)}
-      sessionData={sessionData}
-    >
-      <UserProvider
-        storage={new NextjsClientStorage()}
-        user={combinedUser}
-        signOut={signOut}
-      >
-        {children}
-      </UserProvider>
-    </AuthProvider>
-  );
-};
-
-const CivicNextAuthProvider = ({
-  children,
-  ...props
-}: NextCivicAuthProviderProps) => {
-  return (
-    <QueryClientProvider client={queryClient}>
-      <CivicNextAuthProviderInternal {...props}>
-        {children}
-      </CivicNextAuthProviderInternal>
-    </QueryClientProvider>
-  );
-};
-
-export { CivicNextAuthProvider, type NextCivicAuthProviderProps };