@civic/auth 0.2.4-beta.0 → 0.2.4

package/dist/src/nextjs/config.d.ts

@@ -0,0 +1,181 @@
+import type { NextConfig } from "next";
+import { type CookieConfig, type TokensCookieConfig } from "@/shared/lib/types.js";
+export type CookiesConfigObject = {
+    tokens: TokensCookieConfig;
+    user: CookieConfig;
+};
+export type AuthConfigWithDefaults = {
+    clientId: string;
+    oauthServer: string;
+    callbackUrl: string;
+    loginUrl: string;
+    logoutUrl: string;
+    logoutCallbackUrl: string;
+    challengeUrl: string;
+    include: string[];
+    exclude: string[];
+    cookies: CookiesConfigObject;
+};
+export type AuthConfig = Partial<AuthConfigWithDefaults>;
+export type DefinedAuthConfig = AuthConfigWithDefaults;
+/**
+ * Default configuration values that will be used if not overridden
+ */
+export declare const defaultAuthConfig: Omit<AuthConfigWithDefaults, "clientId">;
+/**
+ * Resolves the authentication configuration by combining:
+ * 1. Default values
+ * 2. Environment variables (set internally by the plugin)
+ * 3. Explicitly passed configuration
+ *
+ * Note: Developers should not set _civic_auth_* environment variables directly.
+ * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   callbackUrl: '/custom/callback',
+ * })
+ * ```
+ */
+export declare const resolveAuthConfig: (config?: AuthConfig) => AuthConfigWithDefaults;
+/**
+ * Creates a Next.js plugin that handles auth configuration.
+ *
+ * This is the main configuration point for the auth system.
+ * Do not set _civic_auth_* environment variables directly - instead,
+ * pass your configuration here:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   clientId: 'my-client-id',
+ *   callbackUrl: '/custom/callback',
+ *   loginUrl: '/custom/login',
+ *   logoutUrl: '/custom/logout',
+ *   logoutCallbackUrl: '/custom/logoutcallback',
+ *   include: ['/protected/*'],
+ *   exclude: ['/public/*']
+ * })
+ * ```
+ *
+ * The plugin sets internal environment variables that are used by
+ * the auth system. These variables should not be set manually.
+ */
+export declare const createCivicAuthPlugin: (authConfig: AuthConfig & Pick<Required<AuthConfig>, "clientId">) => (nextConfig?: NextConfig) => {
+    env: {
+        _civic_auth_client_id: string;
+        _civic_oauth_server: string;
+        _civic_auth_callback_url: string;
+        _civic_auth_challenge_url: string;
+        _civic_auth_login_url: string;
+        _civic_auth_logout_url: string;
+        _civic_auth_logout_callback_url: string;
+        _civic_auth_includes: string;
+        _civic_auth_excludes: string;
+        _civic_auth_cookie_config: string;
+    };
+    exportPathMap?: (defaultMap: import("next/dist/server/config-shared.js").ExportPathMap, ctx: {
+        dev: boolean;
+        dir: string;
+        outDir: string | null;
+        distDir: string;
+        buildId: string;
+    }) => Promise<import("next/dist/server/config-shared.js").ExportPathMap> | import("next/dist/server/config-shared.js").ExportPathMap;
+    i18n?: import("next/dist/server/config-shared.js").I18NConfig | null;
+    eslint?: import("next/dist/server/config-shared.js").ESLintConfig;
+    typescript?: import("next/dist/server/config-shared.js").TypeScriptConfig;
+    headers?: () => Promise<import("next/dist/lib/load-custom-routes.js").Header[]>;
+    rewrites?: () => Promise<import("next/dist/lib/load-custom-routes.js").Rewrite[] | {
+        beforeFiles: import("next/dist/lib/load-custom-routes.js").Rewrite[];
+        afterFiles: import("next/dist/lib/load-custom-routes.js").Rewrite[];
+        fallback: import("next/dist/lib/load-custom-routes.js").Rewrite[];
+    }>;
+    redirects?: () => Promise<import("next/dist/lib/load-custom-routes.js").Redirect[]>;
+    excludeDefaultMomentLocales?: boolean;
+    webpack?: import("next/dist/server/config-shared.js").NextJsWebpackConfig | null;
+    trailingSlash?: boolean;
+    distDir?: string;
+    cleanDistDir?: boolean;
+    assetPrefix?: string;
+    cacheHandler?: string | undefined;
+    cacheMaxMemorySize?: number;
+    useFileSystemPublicRoutes?: boolean;
+    generateBuildId?: () => string | null | Promise<string | null>;
+    generateEtags?: boolean;
+    pageExtensions?: string[];
+    compress?: boolean;
+    analyticsId?: string;
+    poweredByHeader?: boolean;
+    images?: import("next/dist/shared/lib/image-config.js").ImageConfig;
+    devIndicators?: {
+        buildActivity?: boolean;
+        buildActivityPosition?: "bottom-right" | "bottom-left" | "top-right" | "top-left";
+    };
+    onDemandEntries?: {
+        maxInactiveAge?: number;
+        pagesBufferLength?: number;
+    };
+    amp?: {
+        canonicalBase?: string;
+    };
+    deploymentId?: string;
+    basePath?: string;
+    sassOptions?: {
+        [key: string]: any;
+    };
+    productionBrowserSourceMaps?: boolean;
+    optimizeFonts?: boolean;
+    reactProductionProfiling?: boolean;
+    reactStrictMode?: boolean | null;
+    publicRuntimeConfig?: {
+        [key: string]: any;
+    };
+    serverRuntimeConfig?: {
+        [key: string]: any;
+    };
+    httpAgentOptions?: {
+        keepAlive?: boolean;
+    };
+    outputFileTracing?: boolean;
+    staticPageGenerationTimeout?: number;
+    crossOrigin?: "anonymous" | "use-credentials";
+    swcMinify?: boolean;
+    compiler?: {
+        reactRemoveProperties?: boolean | {
+            properties?: string[];
+        };
+        relay?: {
+            src: string;
+            artifactDirectory?: string;
+            language?: "typescript" | "javascript" | "flow";
+            eagerEsModules?: boolean;
+        };
+        removeConsole?: boolean | {
+            exclude?: string[];
+        };
+        styledComponents?: boolean | import("next/dist/server/config-shared.js").StyledComponentsConfig;
+        emotion?: boolean | import("next/dist/server/config-shared.js").EmotionConfig;
+        styledJsx?: boolean | {
+            useLightningcss?: boolean;
+        };
+    };
+    output?: "standalone" | "export";
+    transpilePackages?: string[];
+    skipMiddlewareUrlNormalize?: boolean;
+    skipTrailingSlashRedirect?: boolean;
+    modularizeImports?: Record<string, {
+        transform: string | Record<string, string>;
+        preventFullImport?: boolean;
+        skipDefaultConversion?: boolean;
+    }>;
+    logging?: {
+        fetches?: {
+            fullUrl?: boolean;
+        };
+    };
+    experimental?: import("next/dist/server/config-shared.js").ExperimentalConfig;
+};
+//# sourceMappingURL=config.d.ts.map

package/dist/src/nextjs/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,EAEL,KAAK,YAAY,EAEjB,KAAK,kBAAkB,EACxB,MAAM,uBAAuB,CAAC;AAK/B,MAAM,MAAM,mBAAmB,GAAG;IAChC,MAAM,EAAE,kBAAkB,CAAC;IAC3B,IAAI,EAAE,YAAY,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,mBAAmB,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAC;AAEzD,MAAM,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AAGvD;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,IAAI,CAAC,sBAAsB,EAAE,UAAU,CA8DtE,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,iBAAiB,YACpB,UAAU,KACjB,sBA2CF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,qBAAqB,eACpB,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,mBAE1C,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAyBk9a,CAAC;6BAAsG,CAAC;;;sBAAke,CAAC;yBAA4H,CAAC;;;qBAA+H,CAAC;;;;;;;;;;;;;;;;;;iBAA8pE,CAAC;;;;;;;6BAAg6C,CAAC;sBAAoC,CAAC;;aAAoC,CAAC;;6BAA0D,CAAC;oBAA8B,CAAC;0BAAkE,CAAC;;qBAA2C,CAAC;mBAAiC,CAAC;;wBAA+C,CAAC;eAAmD,CAAC;iBAA4C,CAAC;2BAAyC,CAAC;;;;;;;;;yBAA4zC,CAAC;6BAAwC,CAAC;;;eAAkD,CAAC;mBAAuB,CAAC;;;;CAD3xnB,CAAC"}

package/dist/src/nextjs/config.js

@@ -0,0 +1,177 @@
+import { loggers } from "@/lib/logger.js";
+import { withoutUndefined } from "@/utils.js";
+import { CodeVerifier, OAuthTokens, } from "@/shared/lib/types.js";
+import { DEFAULT_AUTH_SERVER } from "@/constants.js";
+const logger = loggers.nextjs.handlers.auth;
+const defaultServerSecure = !(process.env.NODE_ENV === "development");
+/**
+ * Default configuration values that will be used if not overridden
+ */
+export const defaultAuthConfig = {
+    oauthServer: DEFAULT_AUTH_SERVER,
+    callbackUrl: "/api/auth/callback",
+    challengeUrl: "/api/auth/challenge",
+    logoutUrl: "/api/auth/logout",
+    logoutCallbackUrl: "/api/auth/logoutcallback",
+    loginUrl: "/",
+    include: ["/*"],
+    exclude: [],
+    cookies: {
+        tokens: {
+            [OAuthTokens.ID_TOKEN]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [OAuthTokens.ACCESS_TOKEN]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [OAuthTokens.REFRESH_TOKEN]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [OAuthTokens.EXPIRES_IN]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [OAuthTokens.TIMESTAMP]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [CodeVerifier.COOKIE_NAME]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+            [CodeVerifier.APP_URL]: {
+                secure: defaultServerSecure,
+                httpOnly: true,
+                sameSite: "strict",
+                path: "/",
+            },
+        },
+        user: {
+            secure: defaultServerSecure,
+            httpOnly: false,
+            sameSite: "strict",
+            path: "/",
+            maxAge: 60 * 60, // 1 hour
+        },
+    },
+};
+/**
+ * Resolves the authentication configuration by combining:
+ * 1. Default values
+ * 2. Environment variables (set internally by the plugin)
+ * 3. Explicitly passed configuration
+ *
+ * Note: Developers should not set _civic_auth_* environment variables directly.
+ * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   callbackUrl: '/custom/callback',
+ * })
+ * ```
+ */
+export const resolveAuthConfig = (config = {}) => {
+    // Read configuration that was set by the plugin via environment variables
+    const configFromEnv = withoutUndefined({
+        clientId: process.env._civic_auth_client_id,
+        oauthServer: process.env._civic_oauth_server,
+        callbackUrl: process.env._civic_auth_callback_url,
+        challengeUrl: process.env._civic_auth_challenge_url,
+        loginUrl: process.env._civic_auth_login_url,
+        logoutUrl: process.env._civic_auth_logout_url,
+        logoutCallbackUrl: process.env._civic_auth_logout_callback_url,
+        include: process.env._civic_auth_includes?.split(","),
+        exclude: process.env._civic_auth_excludes?.split(","),
+        cookies: process.env._civic_auth_cookie_config
+            ? JSON.parse(process.env._civic_auth_cookie_config)
+            : undefined,
+    });
+    const mergedConfig = {
+        ...defaultAuthConfig,
+        ...configFromEnv, // Apply plugin-set config
+        ...config, // Override with directly passed config
+        cookies: {
+            tokens: {
+                ...defaultAuthConfig.cookies.tokens,
+                ...(configFromEnv?.cookies?.tokens || {}),
+                ...(config.cookies?.tokens || {}),
+            },
+            user: {
+                ...defaultAuthConfig.cookies.user,
+                ...(configFromEnv?.cookies?.user || {}),
+                ...(config.cookies?.user || {}),
+            },
+        },
+    };
+    logger.debug("Config from environment:", JSON.stringify(configFromEnv, null, 2));
+    logger.debug("Resolved config:", JSON.stringify(mergedConfig, null, 2));
+    if (mergedConfig.clientId === undefined) {
+        throw new Error("Civic Auth client ID is required");
+    }
+    return mergedConfig;
+};
+/**
+ * Creates a Next.js plugin that handles auth configuration.
+ *
+ * This is the main configuration point for the auth system.
+ * Do not set _civic_auth_* environment variables directly - instead,
+ * pass your configuration here:
+ *
+ * @example
+ * ```js
+ * // next.config.js
+ * export default createCivicAuthPlugin({
+ *   clientId: 'my-client-id',
+ *   callbackUrl: '/custom/callback',
+ *   loginUrl: '/custom/login',
+ *   logoutUrl: '/custom/logout',
+ *   logoutCallbackUrl: '/custom/logoutcallback',
+ *   include: ['/protected/*'],
+ *   exclude: ['/public/*']
+ * })
+ * ```
+ *
+ * The plugin sets internal environment variables that are used by
+ * the auth system. These variables should not be set manually.
+ */
+export const createCivicAuthPlugin = (authConfig) => {
+    return (nextConfig) => {
+        logger.debug("createCivicAuthPlugin nextConfig", JSON.stringify(nextConfig, null, 2));
+        const resolvedConfig = resolveAuthConfig({ ...authConfig });
+        return {
+            ...nextConfig,
+            env: {
+                ...nextConfig?.env,
+                // Internal environment variables - do not set these manually
+                _civic_auth_client_id: resolvedConfig.clientId,
+                _civic_oauth_server: resolvedConfig.oauthServer,
+                _civic_auth_callback_url: resolvedConfig.callbackUrl,
+                _civic_auth_challenge_url: resolvedConfig.challengeUrl,
+                _civic_auth_login_url: resolvedConfig.loginUrl,
+                _civic_auth_logout_url: resolvedConfig.logoutUrl,
+                _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,
+                _civic_auth_includes: resolvedConfig.include.join(","),
+                _civic_auth_excludes: resolvedConfig.exclude.join(","),
+                _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),
+            },
+        };
+    };
+};
+//# sourceMappingURL=config.js.map

package/dist/src/nextjs/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/nextjs/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,YAAY,EAEZ,WAAW,GAEZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;AAwB5C,MAAM,mBAAmB,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC;AACtE;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA6C;IACzE,WAAW,EAAE,mBAAmB;IAChC,WAAW,EAAE,oBAAoB;IACjC,YAAY,EAAE,qBAAqB;IACnC,SAAS,EAAE,kBAAkB;IAC7B,iBAAiB,EAAE,0BAA0B;IAC7C,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,CAAC,IAAI,CAAC;IACf,OAAO,EAAE,EAAE;IACX,OAAO,EAAE;QACP,MAAM,EAAE;YACN,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,YAAY,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE;gBAC3B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE;gBACxB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE;gBACvB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE;gBAC1B,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;YACD,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE;gBACtB,MAAM,EAAE,mBAAmB;gBAC3B,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;aACV;SACF;QACD,IAAI,EAAE;YACJ,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,EAAE,GAAG,EAAE,EAAE,SAAS;SAC3B;KACF;CACF,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAC/B,SAAqB,EAAE,EACC,EAAE;IAC1B,0EAA0E;IAC1E,MAAM,aAAa,GAAG,gBAAgB,CAAC;QACrC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC5C,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACjD,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;QACnD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB;QAC3C,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;QAC7C,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,+BAA+B;QAC9D,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,GAAG,CAAC;QACrD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,yBAAyB;YAC5C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;YACnD,CAAC,CAAC,SAAS;KACd,CAAe,CAAC;IACjB,MAAM,YAAY,GAAG;QACnB,GAAG,iBAAiB;QACpB,GAAG,aAAa,EAAE,0BAA0B;QAC5C,GAAG,MAAM,EAAE,uCAAuC;QAClD,OAAO,EAAE;YACP,MAAM,EAAE;gBACN,GAAG,iBAAiB,CAAC,OAAO,CAAC,MAAM;gBACnC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;gBACzC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;aAClC;YACD,IAAI,EAAE;gBACJ,GAAG,iBAAiB,CAAC,OAAO,CAAC,IAAI;gBACjC,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;aAChC;SACF;KACF,CAAC;IAEF,MAAM,CAAC,KAAK,CACV,0BAA0B,EAC1B,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,CACvC,CAAC;IACF,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACxE,IAAI,YAAY,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,YAA6D,CAAC;AACvE,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CACnC,UAA+D,EAC/D,EAAE;IACF,OAAO,CAAC,UAAuB,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CACV,kCAAkC,EAClC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CACpC,CAAC;QACF,MAAM,cAAc,GAAG,iBAAiB,CAAC,EAAE,GAAG,UAAU,EAAE,CAAC,CAAC;QAC5D,OAAO;YACL,GAAG,UAAU;YACb,GAAG,EAAE;gBACH,GAAG,UAAU,EAAE,GAAG;gBAClB,6DAA6D;gBAC7D,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,mBAAmB,EAAE,cAAc,CAAC,WAAW;gBAC/C,wBAAwB,EAAE,cAAc,CAAC,WAAW;gBACpD,yBAAyB,EAAE,cAAc,CAAC,YAAY;gBACtD,qBAAqB,EAAE,cAAc,CAAC,QAAQ;gBAC9C,sBAAsB,EAAE,cAAc,CAAC,SAAS;gBAChD,+BAA+B,EAAE,cAAc,CAAC,iBAAiB;gBACjE,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,oBAAoB,EAAE,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtD,yBAAyB,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,OAAO,CAAC;aAClE;SACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["/* eslint-disable turbo/no-undeclared-env-vars */\nimport type { NextConfig } from \"next\";\nimport { loggers } from \"@/lib/logger.js\";\nimport { withoutUndefined } from \"@/utils.js\";\nimport {\n  CodeVerifier,\n  type CookieConfig,\n  OAuthTokens,\n  type TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\n\nconst logger = loggers.nextjs.handlers.auth;\n\nexport type CookiesConfigObject = {\n  tokens: TokensCookieConfig;\n  user: CookieConfig;\n};\n\nexport type AuthConfigWithDefaults = {\n  clientId: string;\n  oauthServer: string;\n  callbackUrl: string;\n  loginUrl: string;\n  logoutUrl: string;\n  logoutCallbackUrl: string;\n  challengeUrl: string;\n  include: string[];\n  exclude: string[];\n  cookies: CookiesConfigObject;\n};\n\nexport type AuthConfig = Partial<AuthConfigWithDefaults>;\n\nexport type DefinedAuthConfig = AuthConfigWithDefaults;\n\nconst defaultServerSecure = !(process.env.NODE_ENV === \"development\");\n/**\n * Default configuration values that will be used if not overridden\n */\nexport const defaultAuthConfig: Omit<AuthConfigWithDefaults, \"clientId\"> = {\n  oauthServer: DEFAULT_AUTH_SERVER,\n  callbackUrl: \"/api/auth/callback\",\n  challengeUrl: \"/api/auth/challenge\",\n  logoutUrl: \"/api/auth/logout\",\n  logoutCallbackUrl: \"/api/auth/logoutcallback\",\n  loginUrl: \"/\",\n  include: [\"/*\"],\n  exclude: [],\n  cookies: {\n    tokens: {\n      [OAuthTokens.ID_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.ACCESS_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.REFRESH_TOKEN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.EXPIRES_IN]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [OAuthTokens.TIMESTAMP]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [CodeVerifier.COOKIE_NAME]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n      [CodeVerifier.APP_URL]: {\n        secure: defaultServerSecure,\n        httpOnly: true,\n        sameSite: \"strict\",\n        path: \"/\",\n      },\n    },\n    user: {\n      secure: defaultServerSecure,\n      httpOnly: false,\n      sameSite: \"strict\",\n      path: \"/\",\n      maxAge: 60 * 60, // 1 hour\n    },\n  },\n};\n\n/**\n * Resolves the authentication configuration by combining:\n * 1. Default values\n * 2. Environment variables (set internally by the plugin)\n * 3. Explicitly passed configuration\n *\n * Note: Developers should not set _civic_auth_* environment variables directly.\n * Instead, pass configuration to the createCivicAuthPlugin in next.config.js:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   callbackUrl: '/custom/callback',\n * })\n * ```\n */\nexport const resolveAuthConfig = (\n  config: AuthConfig = {},\n): AuthConfigWithDefaults => {\n  // Read configuration that was set by the plugin via environment variables\n  const configFromEnv = withoutUndefined({\n    clientId: process.env._civic_auth_client_id,\n    oauthServer: process.env._civic_oauth_server,\n    callbackUrl: process.env._civic_auth_callback_url,\n    challengeUrl: process.env._civic_auth_challenge_url,\n    loginUrl: process.env._civic_auth_login_url,\n    logoutUrl: process.env._civic_auth_logout_url,\n    logoutCallbackUrl: process.env._civic_auth_logout_callback_url,\n    include: process.env._civic_auth_includes?.split(\",\"),\n    exclude: process.env._civic_auth_excludes?.split(\",\"),\n    cookies: process.env._civic_auth_cookie_config\n      ? JSON.parse(process.env._civic_auth_cookie_config)\n      : undefined,\n  }) as AuthConfig;\n  const mergedConfig = {\n    ...defaultAuthConfig,\n    ...configFromEnv, // Apply plugin-set config\n    ...config, // Override with directly passed config\n    cookies: {\n      tokens: {\n        ...defaultAuthConfig.cookies.tokens,\n        ...(configFromEnv?.cookies?.tokens || {}),\n        ...(config.cookies?.tokens || {}),\n      },\n      user: {\n        ...defaultAuthConfig.cookies.user,\n        ...(configFromEnv?.cookies?.user || {}),\n        ...(config.cookies?.user || {}),\n      },\n    },\n  };\n\n  logger.debug(\n    \"Config from environment:\",\n    JSON.stringify(configFromEnv, null, 2),\n  );\n  logger.debug(\"Resolved config:\", JSON.stringify(mergedConfig, null, 2));\n  if (mergedConfig.clientId === undefined) {\n    throw new Error(\"Civic Auth client ID is required\");\n  }\n  return mergedConfig as AuthConfigWithDefaults & { clientId: string };\n};\n\n/**\n * Creates a Next.js plugin that handles auth configuration.\n *\n * This is the main configuration point for the auth system.\n * Do not set _civic_auth_* environment variables directly - instead,\n * pass your configuration here:\n *\n * @example\n * ```js\n * // next.config.js\n * export default createCivicAuthPlugin({\n *   clientId: 'my-client-id',\n *   callbackUrl: '/custom/callback',\n *   loginUrl: '/custom/login',\n *   logoutUrl: '/custom/logout',\n *   logoutCallbackUrl: '/custom/logoutcallback',\n *   include: ['/protected/*'],\n *   exclude: ['/public/*']\n * })\n * ```\n *\n * The plugin sets internal environment variables that are used by\n * the auth system. These variables should not be set manually.\n */\nexport const createCivicAuthPlugin = (\n  authConfig: AuthConfig & Pick<Required<AuthConfig>, \"clientId\">,\n) => {\n  return (nextConfig?: NextConfig) => {\n    logger.debug(\n      \"createCivicAuthPlugin nextConfig\",\n      JSON.stringify(nextConfig, null, 2),\n    );\n    const resolvedConfig = resolveAuthConfig({ ...authConfig });\n    return {\n      ...nextConfig,\n      env: {\n        ...nextConfig?.env,\n        // Internal environment variables - do not set these manually\n        _civic_auth_client_id: resolvedConfig.clientId,\n        _civic_oauth_server: resolvedConfig.oauthServer,\n        _civic_auth_callback_url: resolvedConfig.callbackUrl,\n        _civic_auth_challenge_url: resolvedConfig.challengeUrl,\n        _civic_auth_login_url: resolvedConfig.loginUrl,\n        _civic_auth_logout_url: resolvedConfig.logoutUrl,\n        _civic_auth_logout_callback_url: resolvedConfig.logoutCallbackUrl,\n        _civic_auth_includes: resolvedConfig.include.join(\",\"),\n        _civic_auth_excludes: resolvedConfig.exclude.join(\",\"),\n        _civic_auth_cookie_config: JSON.stringify(resolvedConfig.cookies),\n      },\n    };\n  };\n};\n"]}

package/dist/src/nextjs/cookies.d.ts

@@ -0,0 +1,30 @@
+import type { SessionData, UnknownObject, User } from "@/types.js";
+import type { AuthConfig } from "@/nextjs/config.js";
+import type { CodeVerifier, OAuthTokens, TokensCookieConfig } from "@/shared/lib/types.js";
+import { CookieStorage, type CookieStorageSettings } from "@/shared/lib/storage.js";
+/**
+ * Creates HTTP-only cookies for authentication tokens
+ */
+declare const createTokenCookies: (response: Response, sessionData: SessionData, config: AuthConfig) => void;
+/**
+ * Creates a client-readable cookie with user info
+ */
+declare const createUserInfoCookie: (response: Response, user: User<UnknownObject> | null, sessionData: SessionData, config: AuthConfig) => void;
+/**
+ * Clears all authentication cookies
+ */
+declare const clearAuthCookies: (config: AuthConfig) => Promise<void>;
+type KeySetter = OAuthTokens | CodeVerifier;
+declare class NextjsCookieStorage extends CookieStorage {
+    readonly config: Partial<TokensCookieConfig>;
+    constructor(config?: Partial<TokensCookieConfig>);
+    get(key: string): Promise<string | null>;
+    set(key: KeySetter, value: string): Promise<void>;
+}
+declare class NextjsClientStorage extends CookieStorage {
+    constructor(config?: Partial<CookieStorageSettings>);
+    get(key: string): Promise<string | null>;
+    set(key: string, value: string): Promise<void>;
+}
+export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, NextjsClientStorage, };
+//# sourceMappingURL=cookies.d.ts.map

package/dist/src/nextjs/cookies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAIrD,OAAO,KAAK,EACV,YAAY,EAEZ,WAAW,EACX,kBAAkB,EACnB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,aAAa,EACb,KAAK,qBAAqB,EAC3B,MAAM,yBAAyB,CAAC;AAEjC;;GAEG;AACH,QAAA,MAAM,kBAAkB,aACZ,QAAQ,eACL,WAAW,UAChB,UAAU,SA4BnB,CAAC;AAcF;;GAEG;AACH,QAAA,MAAM,oBAAoB,aACd,QAAQ,QACZ,IAAI,CAAC,aAAa,CAAC,GAAG,IAAI,eACnB,WAAW,UAChB,UAAU,SAyBnB,CAAC;AAEF;;GAEG;AACH,QAAA,MAAM,gBAAgB,WAAkB,UAAU,kBASjD,CAAC;AAEF,KAAK,SAAS,GAAG,WAAW,GAAG,YAAY,CAAC;AAC5C,cAAM,mBAAoB,SAAQ,aAAa;IACjC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,kBAAkB,CAAC;gBAAnC,MAAM,GAAE,OAAO,CAAC,kBAAkB,CAAM;IAOvD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKxC,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAOxD;AAED,cAAM,mBAAoB,SAAQ,aAAa;gBACjC,MAAM,GAAE,OAAO,CAAC,qBAAqB,CAAM;IAQjD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKxC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAIrD;AAED,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,GACpB,CAAC"}

package/dist/src/nextjs/cookies.js

@@ -0,0 +1,112 @@
+import { cookies } from "next/headers.js";
+import { GenericUserSession } from "@/shared/lib/UserSession.js";
+import { clearTokens } from "@/shared/lib/util.js";
+import { CookieStorage, } from "@/shared/lib/storage.js";
+/**
+ * Creates HTTP-only cookies for authentication tokens
+ */
+const createTokenCookies = (response, sessionData, config) => {
+    const maxAge = sessionData.expiresIn ?? 3600;
+    const cookieOptions = {
+        ...config.cookies?.tokens,
+        maxAge,
+    };
+    if (sessionData.accessToken) {
+        setCookie(response, "access_token", sessionData.accessToken, {
+            ...cookieOptions,
+            httpOnly: true,
+        });
+    }
+    if (sessionData.idToken) {
+        setCookie(response, "id_token", sessionData.idToken, {
+            ...cookieOptions,
+            httpOnly: true,
+        });
+    }
+    if (sessionData.refreshToken) {
+        setCookie(response, "refresh_token", sessionData.refreshToken, {
+            ...cookieOptions,
+            httpOnly: true,
+        });
+    }
+};
+const setCookie = (response, key, value, cookieData) => {
+    response.headers.set("Set-Cookie", `${key}=${value}; Path=${cookieData.path}; Domain=${cookieData.domain}; Max-Age=${cookieData.maxAge}; Secure; HttpOnly; SameSite=${cookieData.sameSite}`);
+};
+/**
+ * Creates a client-readable cookie with user info
+ */
+const createUserInfoCookie = (response, user, sessionData, config) => {
+    if (!user) {
+        // unset the "user" cookie
+        setCookie(response, "user", "", {
+            ...config.cookies?.user,
+            maxAge: 0,
+        });
+        return;
+    }
+    const maxAge = sessionData.expiresIn ?? 3600;
+    // TODO select fields to include in the user cookie
+    const frontendUser = {
+        ...user,
+    };
+    // TODO make call to get user info from the
+    // auth server /userinfo endpoint when it's available
+    // then add to the default claims above
+    setCookie(response, "user", JSON.stringify(frontendUser), {
+        ...config.cookies?.user,
+        maxAge,
+    });
+};
+/**
+ * Clears all authentication cookies
+ */
+const clearAuthCookies = async (config) => {
+    // clear session, and tokens
+    const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens);
+    await clearTokens(cookieStorage);
+    // clear user
+    const clientStorage = new NextjsClientStorage();
+    const userSession = new GenericUserSession(clientStorage);
+    await userSession.set(null);
+};
+class NextjsCookieStorage extends CookieStorage {
+    config;
+    constructor(config = {}) {
+        super({
+            secure: true,
+            httpOnly: true,
+        });
+        this.config = config;
+    }
+    async get(key) {
+        const cookieStore = await cookies();
+        return cookieStore.get(key)?.value || null;
+    }
+    async set(key, value) {
+        const cookieStore = await cookies();
+        const cookieSettings = this.config?.[key] || {
+            ...this.settings,
+        };
+        cookieStore.set(key, value, cookieSettings);
+    }
+}
+class NextjsClientStorage extends CookieStorage {
+    constructor(config = {}) {
+        super({
+            ...config,
+            secure: false,
+            httpOnly: false,
+        });
+    }
+    async get(key) {
+        const cookieStore = await cookies();
+        return cookieStore.get(key)?.value || null;
+    }
+    async set(key, value) {
+        const cookieStore = await cookies();
+        cookieStore.set(key, value, this.settings);
+    }
+}
+export { createTokenCookies, createUserInfoCookie, clearAuthCookies, NextjsCookieStorage, NextjsClientStorage, };
+//# sourceMappingURL=cookies.js.map

package/dist/src/nextjs/cookies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../../../src/nextjs/cookies.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAOnD,OAAO,EACL,aAAa,GAEd,MAAM,yBAAyB,CAAC;AAEjC;;GAEG;AACH,MAAM,kBAAkB,GAAG,CACzB,QAAkB,EAClB,WAAwB,EACxB,MAAkB,EAClB,EAAE;IACF,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC;IAC7C,MAAM,aAAa,GAAG;QACpB,GAAG,MAAM,CAAC,OAAO,EAAE,MAAM;QACzB,MAAM;KACP,CAAC;IAEF,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;QAC5B,SAAS,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,CAAC,WAAW,EAAE;YAC3D,GAAG,aAAa;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IAED,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,SAAS,CAAC,QAAQ,EAAE,UAAU,EAAE,WAAW,CAAC,OAAO,EAAE;YACnD,GAAG,aAAa;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;IAED,IAAI,WAAW,CAAC,YAAY,EAAE,CAAC;QAC7B,SAAS,CAAC,QAAQ,EAAE,eAAe,EAAE,WAAW,CAAC,YAAY,EAAE;YAC7D,GAAG,aAAa;YAChB,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,SAAS,GAAG,CAChB,QAAkB,EAClB,GAAW,EACX,KAAa,EACb,UAAwB,EACxB,EAAE;IACF,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,YAAY,EACZ,GAAG,GAAG,IAAI,KAAK,UAAU,UAAU,CAAC,IAAI,YAAY,UAAU,CAAC,MAAM,aAAa,UAAU,CAAC,MAAM,gCAAgC,UAAU,CAAC,QAAQ,EAAE,CACzJ,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,oBAAoB,GAAG,CAC3B,QAAkB,EAClB,IAAgC,EAChC,WAAwB,EACxB,MAAkB,EAClB,EAAE;IACF,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,0BAA0B;QAC1B,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE;YAC9B,GAAG,MAAM,CAAC,OAAO,EAAE,IAAI;YACvB,MAAM,EAAE,CAAC;SACV,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IACD,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC;IAE7C,mDAAmD;IACnD,MAAM,YAAY,GAAG;QACnB,GAAG,IAAI;KACR,CAAC;IAEF,2CAA2C;IAC3C,qDAAqD;IACrD,uCAAuC;IAEvC,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE;QACxD,GAAG,MAAM,CAAC,OAAO,EAAE,IAAI;QACvB,MAAM;KACP,CAAC,CAAC;AACL,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG,KAAK,EAAE,MAAkB,EAAE,EAAE;IACpD,4BAA4B;IAC5B,MAAM,aAAa,GAAG,IAAI,mBAAmB,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,MAAM,WAAW,CAAC,aAAa,CAAC,CAAC;IAEjC,aAAa;IACb,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;IAChD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC,CAAC;AAGF,MAAM,mBAAoB,SAAQ,aAAa;IACxB;IAArB,YAAqB,SAAsC,EAAE;QAC3D,KAAK,CAAC;YACJ,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,IAAI;SACf,CAAC,CAAC;QAJgB,WAAM,GAAN,MAAM,CAAkC;IAK7D,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAc,EAAE,KAAa;QACrC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,GAAgB,CAAC,IAAI;YACxD,GAAG,IAAI,CAAC,QAAQ;SACjB,CAAC;QACF,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;IAC9C,CAAC;CACF;AAED,MAAM,mBAAoB,SAAQ,aAAa;IAC7C,YAAY,SAAyC,EAAE;QACrD,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,MAAM,EAAE,KAAK;YACb,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW;QACnB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAClC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF;AAED,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,mBAAmB,EACnB,mBAAmB,GACpB,CAAC","sourcesContent":["import type { SessionData, UnknownObject, User } from \"@/types.js\";\nimport type { AuthConfig } from \"@/nextjs/config.js\";\nimport { cookies } from \"next/headers.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { clearTokens } from \"@/shared/lib/util.js\";\nimport type {\n  CodeVerifier,\n  CookieConfig,\n  OAuthTokens,\n  TokensCookieConfig,\n} from \"@/shared/lib/types.js\";\nimport {\n  CookieStorage,\n  type CookieStorageSettings,\n} from \"@/shared/lib/storage.js\";\n\n/**\n * Creates HTTP-only cookies for authentication tokens\n */\nconst createTokenCookies = (\n  response: Response,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  const maxAge = sessionData.expiresIn ?? 3600;\n  const cookieOptions = {\n    ...config.cookies?.tokens,\n    maxAge,\n  };\n\n  if (sessionData.accessToken) {\n    setCookie(response, \"access_token\", sessionData.accessToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.idToken) {\n    setCookie(response, \"id_token\", sessionData.idToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n\n  if (sessionData.refreshToken) {\n    setCookie(response, \"refresh_token\", sessionData.refreshToken, {\n      ...cookieOptions,\n      httpOnly: true,\n    });\n  }\n};\n\nconst setCookie = (\n  response: Response,\n  key: string,\n  value: string,\n  cookieData: CookieConfig,\n) => {\n  response.headers.set(\n    \"Set-Cookie\",\n    `${key}=${value}; Path=${cookieData.path}; Domain=${cookieData.domain}; Max-Age=${cookieData.maxAge}; Secure; HttpOnly; SameSite=${cookieData.sameSite}`,\n  );\n};\n\n/**\n * Creates a client-readable cookie with user info\n */\nconst createUserInfoCookie = (\n  response: Response,\n  user: User<UnknownObject> | null,\n  sessionData: SessionData,\n  config: AuthConfig,\n) => {\n  if (!user) {\n    // unset the \"user\" cookie\n    setCookie(response, \"user\", \"\", {\n      ...config.cookies?.user,\n      maxAge: 0,\n    });\n    return;\n  }\n  const maxAge = sessionData.expiresIn ?? 3600;\n\n  // TODO select fields to include in the user cookie\n  const frontendUser = {\n    ...user,\n  };\n\n  // TODO make call to get user info from the\n  // auth server /userinfo endpoint when it's available\n  // then add to the default claims above\n\n  setCookie(response, \"user\", JSON.stringify(frontendUser), {\n    ...config.cookies?.user,\n    maxAge,\n  });\n};\n\n/**\n * Clears all authentication cookies\n */\nconst clearAuthCookies = async (config: AuthConfig) => {\n  // clear session, and tokens\n  const cookieStorage = new NextjsCookieStorage(config.cookies?.tokens);\n  await clearTokens(cookieStorage);\n\n  // clear user\n  const clientStorage = new NextjsClientStorage();\n  const userSession = new GenericUserSession(clientStorage);\n  await userSession.set(null);\n};\n\ntype KeySetter = OAuthTokens | CodeVerifier;\nclass NextjsCookieStorage extends CookieStorage {\n  constructor(readonly config: Partial<TokensCookieConfig> = {}) {\n    super({\n      secure: true,\n      httpOnly: true,\n    });\n  }\n\n  async get(key: string): Promise<string | null> {\n    const cookieStore = await cookies();\n    return cookieStore.get(key)?.value || null;\n  }\n\n  async set(key: KeySetter, value: string): Promise<void> {\n    const cookieStore = await cookies();\n    const cookieSettings = this.config?.[key as KeySetter] || {\n      ...this.settings,\n    };\n    cookieStore.set(key, value, cookieSettings);\n  }\n}\n\nclass NextjsClientStorage extends CookieStorage {\n  constructor(config: Partial<CookieStorageSettings> = {}) {\n    super({\n      ...config,\n      secure: false,\n      httpOnly: false,\n    });\n  }\n\n  async get(key: string): Promise<string | null> {\n    const cookieStore = await cookies();\n    return cookieStore.get(key)?.value || null;\n  }\n\n  async set(key: string, value: string): Promise<void> {\n    const cookieStore = await cookies();\n    cookieStore.set(key, value, this.settings);\n  }\n}\n\nexport {\n  createTokenCookies,\n  createUserInfoCookie,\n  clearAuthCookies,\n  NextjsCookieStorage,\n  NextjsClientStorage,\n};\n"]}

package/dist/src/nextjs/hooks/index.d.ts

@@ -0,0 +1,2 @@
+export { useUserCookie } from "@/nextjs/hooks/useUserCookie.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/nextjs/hooks/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC"}

package/dist/src/nextjs/hooks/index.js

@@ -0,0 +1,2 @@
+export { useUserCookie } from "@/nextjs/hooks/useUserCookie.js";
+//# sourceMappingURL=index.js.map

package/dist/src/nextjs/hooks/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/nextjs/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC","sourcesContent":["export { useUserCookie } from \"@/nextjs/hooks/useUserCookie.js\";\n"]}

package/dist/src/nextjs/hooks/usePrevious.d.ts

@@ -0,0 +1,2 @@
+export declare function usePrevious<T>(value: T): T | undefined;
+//# sourceMappingURL=usePrevious.d.ts.map

package/dist/src/nextjs/hooks/usePrevious.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"usePrevious.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/usePrevious.ts"],"names":[],"mappings":"AAEA,wBAAgB,WAAW,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,iBAMtC"}

package/dist/src/nextjs/hooks/usePrevious.js

@@ -0,0 +1,9 @@
+import { useEffect, useRef } from "react";
+export function usePrevious(value) {
+    const ref = useRef();
+    useEffect(() => {
+        ref.current = value;
+    }, [value]);
+    return ref.current;
+}
+//# sourceMappingURL=usePrevious.js.map

package/dist/src/nextjs/hooks/usePrevious.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"usePrevious.js","sourceRoot":"","sources":["../../../../src/nextjs/hooks/usePrevious.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAE1C,MAAM,UAAU,WAAW,CAAI,KAAQ;IACrC,MAAM,GAAG,GAAG,MAAM,EAAK,CAAC;IACxB,SAAS,CAAC,GAAG,EAAE;QACb,GAAG,CAAC,OAAO,GAAG,KAAK,CAAC;IACtB,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;IACZ,OAAO,GAAG,CAAC,OAAO,CAAC;AACrB,CAAC","sourcesContent":["import { useEffect, useRef } from \"react\";\n\nexport function usePrevious<T>(value: T) {\n  const ref = useRef<T>();\n  useEffect(() => {\n    ref.current = value;\n  }, [value]);\n  return ref.current;\n}\n"]}

package/dist/src/nextjs/hooks/useUserCookie.d.ts

@@ -0,0 +1,8 @@
+import type { EmptyObject, User } from "@/types.js";
+export declare const useUserCookie: <T extends EmptyObject>() => {
+    user: User<T> | null;
+    idToken: string | undefined;
+    fetchUser: (abortController?: AbortController) => Promise<void>;
+    isPending: boolean;
+};
+//# sourceMappingURL=useUserCookie.d.ts.map

package/dist/src/nextjs/hooks/useUserCookie.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"useUserCookie.d.ts","sourceRoot":"","sources":["../../../../src/nextjs/hooks/useUserCookie.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAwBpD,eAAO,MAAM,aAAa,GAAI,CAAC,SAAS,WAAW;;;kCAatB,eAAe,KAAG,OAAO,CAAC,IAAI,CAAC;;CAoE3D,CAAC"}